Laravel | Run IF every page - php

I want to run the following code to check if the user is logged via social media and if so redirect him to the edit profile page, so he's obligated to update his information, I don't want the user logged via social media to be able to navigate my website without having their Name, username and profile resume set.
public function check_user_info()
{
$user = User::where('access_token', Auth::user()->access_token)->first();
if (empty($user->fname) || empty($user->lname) || is_null($user->username) || empty($user->username))
{
$user = Auth::user();
return view('modify')->with([
'user' => $user,
]);
}
return view('home');
}


You could create a user policy and add the following function :
public function home(User $user)
{
return (empty($user->fname) || empty($user->lname) || is_null($user->username) || empty($user->username));
}
and in you home controller :
public function index(){
try{
$this->authorize('home', User::class);
}catch(AuthorizationException $e){
return view('modify')->with([
'user' => Auth::user(),
]);
}
return view('home');
}

Related

How to restrict authenticated users to only access their on profile

I am stuck with users profile feature, I want only authenticated users to access their own profile only.
User with id: 1 can only access route /applicants/profile/1, otherwise return 404 Not found?
class ApplicantProfileController extends Controller
{
public function show(Applicant $applicant)
{
return view('applicant.show', compact('applicant'));
}
}
route::group(['prefix' => 'applicants', 'middleware' => 'auth:applicant'], function() {
Route::get('/profile/{applicant}', 'Profiles\ApplicantProfileController#show');
});

You can chech whether the logged user and the parameter user are the same by using the Illuminate/Support/Facades/Auth facade like this:
public function show(Applicant $applicant)
{
if (Auth::id() == $applicant->id) {
return view('applicant.show', compact('applicant'));
}
return abort(404);
}

Cant test if a database boolean is true in Laravel

I am trying to query our database to see if users can log in based on whether the organisation they belong to have logins enabled.
LoginController.php
protected function redirectTo()
{
$user = Auth::user()->id;
$userOrg = UserOrganization::where('user_id', $user)->first();
$org = Organization::where('id', $userOrg->org_id)->first();
if ($org->allow_org_login == 0) {
return '/login';
} else {
if(Auth::user()->has_changed_temp_password == false)
{
DB::table('users')->where('id', $user)->update(['last_login' => Carbon::now()]);
DB::table('users')->where('id', $user)->increment('total_logins');
return '/user/password/change';
} else {
DB::table('users')->where('id', $user)->update(['last_login' => Carbon::now()]);
DB::table('users')->where('id', $user)->increment('total_logins');
return '/overview';
}
}
}
trying to log in as a user belonging to an organisation with allow_org_login = 0 should redirect to the '/login' page, but instead it either logs the user in or prompts for a password change for a new user.
What am I doing wrong?
Edit: Debug contents of $org (allow_org_login on the bottom line)

since there is many to many relation between user and organization.
i suppose this relation is defined in User & Organization as in documentation:
https://laravel.com/docs/7.x/eloquent-relationships#many-to-many
considering that:
user may have more than an organization, and if any of the organization allowed log_in the user should login to your system
$user = Auth::user();
$userOranization=$user->organizations()->get();
$allowUserToLogin=false;
if($userOranization->where('allow_org_login',1)->first()!=null)
$allowUserToLogin=true;
and then:
if ($allowUserToLogin == 0) {
return '/login';
} else { ....

for redirectTo() method it will only fire when we using POST method for login.
inside you redirectTo() method your check condition and then you return '/login';
which it will redirectTo login page. but this time you already login then on login it will check if user login then it redirectTo url that we config on LoginController and protected $redirectTo; it will not call redirectTo() method. cuz this time we use redirect using GET method not POST.
if you want to put validate on redirectTo() method you can try below code:
protected function redirectTo()
{
$user = Auth::user()->id;
$userOrg = UserOrganization::where('user_id', $user)->first();
$org = Organization::where('id', $userOrg->org_id)->first();
if ($org->allow_org_login == 0) {
Auth::logout(); // logout user before redirect
return '/login';
} else {
if(Auth::user()->has_changed_temp_password == false)
{
// depend on you choice need to logout or not
DB::table('users')->where('id', $user)->update(['last_login' => Carbon::now()]);
DB::table('users')->where('id', $user)->increment('total_logins');
return '/user/password/change';
} else {
// depend on you choice need to logout or not
DB::table('users')->where('id', $user)->update(['last_login' => Carbon::now()]);
DB::table('users')->where('id', $user)->increment('total_logins');
return '/overview';
}
}
}
but for my option i will create new middleware for handle this.

How to stop Auth user from visiting own page with non auth user privileges in laravel?

My laravel application is a social media site. Here's the route for visiting another laravel user's profile
Route::get('/dashboard/{id}', [
'uses' => 'UserController#getProfile',
'as' => 'profile.index',
'middleware' => 'auth'
]);
It works just fine. However, I've discovered a bug that when I input the Auth user's ID into the route, I get taken to the same page where I can then add myself as a friend, I do not want this to happen. I would rather get taken back to the home screen if I'm visiting my own profile.
Here's the controller:
public function getProfile($id)
{
if(Auth::user() === $id)
redirect('dashboard');
$user = User::where('id', $id)->first();
$posts = Post::where("dash_id", "=", $user->id)->latest()->paginate(3);
$photos = Photo::paginate(6);
return view('profile.index',compact('user','posts', 'photos'));
}
I've tried to get it to redirect to 'dashboard' instead of 'profile.index' if it's the Auth user's page instead of pulling up just like a regular non-auth profile, but can't seem to get it to work. Any ideas on how to fix this small bug?

You get user instance by Auth::user() not only the user ID. You are comparing instance with the numeric value. It will not work. You have to use Auth::id() or Auth::user()->id in order to get ID of the logged in user. The following code will work in your case.
public function getProfile($id)
{
if(Auth::id() == $id)
{
redirect('dashboard');
}
else
{
$user = User::where('id', $id)->first();
$posts = Post::where("dash_id", "=", $user->id)->latest()->paginate(3);
$photos = Photo::paginate(6);
return view('profile.index',compact('user','posts', 'photos'));
}
}
Let me know if it helps!

You try to compare the current user object to the request id, try this code:
public function getProfile($id)
{
if(Auth::id() === $id) {
redirect('dashboard');
}
$user = User::where('id', $id)->first();
$posts = Post::where("dash_id", "=", $user->id)->latest()->paginate(3);
$photos = Photo::paginate(6)
return view('profile.index',compact('user','posts', 'photos'));
}

Prevent authenticated user to view other users profile on Laravel 5

I want to use Laravel 5 AuthServiceProvider to prevent logged in user to view other users profile. I'm using route like this user/1. How can I compare if the logged in user ID is match with the ID in the URL. If not then can't proceed.
Here's the following code I'm trying in my AuthServiceProvider:
$gate->define('view-profile', function($user, $id) {
return Auth::user()->id === $id;
});
However, the above code doesn't work as I can't pass the correct ID from the URL. Can anyone please help?
Here's the code I've in my controller:
if (Gate::denies('view-post', [Auth::user()->id, (int) $id])) {
return abort(403);
} else {
return 'success';
}

Just to let all of you know that I've figured it out myself using Gate::forUser() method. Here's the relevant code which I hope anyone may find helpful:
In AuthServiceProvider:
$gate->define('view-post', function($user, $id) {
return $user->id === (int) $id;
});
In your particular Controller:
$user = Auth::user();
if(Gate::forUser($user)->allows('view-post', $id)) {
return 'true';
}
return abort(403, trans('Sorry, not sorry!'));

If you route user controller with user, then user/1 will route the user controller show function, and in show function you can check your authentication user with id:
Function show ($id)
{
if ( Auth::user()->id == $id) {
//your code here
}
}

How to redirect a user to users page and admin to admin page in single login form laravel

I have this in my database
|username|password|type|
------------------------
|foo |12345 |1 |
|asd |adsdsd |0 |
Here 1 means that the user is an admin, 0 a normal user.
How can I redirect the admin to the admin page and the normal user to normal user page??
if($attempt)
{
$id = User::find($attempt);
$user = $id->type;
if($user === 0)
{
return Redirect::action('LoginUsersController#profile');
}
else
{
return Redirect::to('adminpage');
}
}
I created this in my UsersController page I don’t know if this is the proper way to do this, and my code is not working.

Are you using normal Laravel Authentication?
You will get Object Auth::user(), this will return current user Object.
It should look like this.
Controller (SessionsController#store)
public function store() {
$input = Input::all();
$attempt = Auth::attempt([
'username' => $input['username'],
'password' => $input['password']
]);
if($attempt) {
if(Auth::user()->type == 1) {
return Redirect::admin(); // If admin, redirect to admin
} else {
return Redirect::profile(); // Else, redirect to user profile
}
}
}
Route
Route::resource('sessions', 'SessionsController', ['only' => ['create','store','destroy']]);
Route::get('admin', 'AdminController#dashboard')->before('adminAuth');
Route::get('profile/{id}', 'UsersController#showProfile')->before('auth');

First of all you have to add a new field in your users table to check against, for example 'rank'. If rank for a user is '1' so he is an Admin,
else he is a normal user.
Then define all required routes in your routes file like this:
Route::get('login', 'adminController#login');
Route::post('login', 'adminController#checkuser');
Route::group(array('before' => 'auth'), function() {
Route::resource('admin', 'adminController');
Route::resource('normaluser', 'normaluserController');
} );
Then in your controller you have to define all actions:
public function login()
{
return View::make('loginview');
}
public function checkuser()
{
if (Auth::attempt(array('username'=>Input::get('username'), 'password'=>Input::get('password'))))
{
$user_data = Auth::getUser();
if ($user_data->rank == 1) //if true, so this user is an admin
{return Redirect::to('admin');} //go to adminController index action
else //if not, so he is a normal user
{return Redirect::to('normaluser');} // go to normaluserController index action
}
else
{
//return 'wrong user name or password';
Session::flash('mismatch', "Username and Password mismatch");
return Redirect::to('login'); // go again to login form to relogin
}
}
if any thing is not clear, don't hesitate to ask.

in the if statement use:
if($attempt)
{
$id = User::find($attempt);
$user = $id->type;
if($user === 0)
{
return Redirect::action('LoginUsersController#profile');
header('Location: http://www.example.com/userpahe.php');
}
else
{
return Redirect::to('adminpage');
header('Location: http://www.example.com/admin-page.php');
}
}

Categories