I have modified Login function in LoginController and this is what I have written
public function login(Request $request)
{
$data = $request->all();
if($this->validateLogin((array)$data))
{
$cred = $request->email;
$cred_p = $request->password;
//if()
$user = User::select('id', 'password')->where('email','=',$cred)->first();
if(count($user) == 1)
{
if(Hash::check($cred_p, $user->password))
{
$user_id = $user->id;
$status = User_status::select('is_active', 'is_completed')->where('user_id','=',$user_id)-> first();
$active = $status->is_active;
//dd($status->is_active);
if($active == 0)
{
return redirect()->to('/login')->withErrors(['status'=>"Your account is blocked. Please contact administrator or visit here <a href='/support/acount-blocked'>Support Center</a>"]);
}
else
{
$this->attemptLogin($request);
$this->sendLoginResponse($request);
}
}
else
{
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
$this->incrementLoginAttempts($request);
return $this->sendFailedLoginResponse($request);
}
}
else
{
return $this->sendFailedLoginResponse($request);
}
}
else
{
return $this->sendFailedLoginResponse($request);
}
}
This seems to work fine and Auth::user() is working but when I add new middleware that is IsCompletedMiddleware and I check dd(Auth::user()); this returns null value.
public function handle($request, Closure $next)
{
/*if(Auth::user()->status->is_completed == 0)
{
return redirect()->to('/profile/management/complete');
}*/
return $next($request);
}
I have also included use Auth; in the header of middleware but it always returns null value. And in other controllers Auth::user() returns proper user. Why is this so? And what is missing. Please help thank you.
In your middleware you have to get the user is doing the request, try to do this:
public function handle($request, Closure $next)
{
$request = $next($request);
if($request->user()->status->is_completed == 0){
return redirect()->to('/profile/management/complete');
}
return $request;
}
Related
class userController extends Controller
{
//
function login(Request $req)
{
$user = User::Where(['email'=>$req->email])->first();
if($user || Hash::check($req->password, $user->$password))
{
return 'Username or password not matched';
}
else {
$req->session('user', $user);
return redirect('/');
}
}
}
for manually authentication, attempt() may be a better practice than Hash::check()
use Auth;
class userController extends Controller
{
function login(Request $req)
{
$credentials = $req->only('email', 'password');
if (Auth::attempt($credentials)) {
$req->session()->regenerate();
return redirect()->intended('/');
}
else {
return 'Username or password not matched';
}
}
}
read Manually Authenticating Users
for more details
I deleted $password and replace it with password and make the code like this:
function login(Request $req)
{
$user= User::where(['email' => $req->email])->first();
if (!$user || !Hash::check($req->password, $user->password)) {
return "Username or password is not matched";
} else {
$req->session()->put('user',$user);
return redirect('/');
}
}
I wanna use authenticated() in my login() return type. I wanna try to when user try to login via their phn_number they can login and it also check middleware / user_role. This part of code i write on autheticated() . so my plan is when i login , the login() will return via the authenticated() also.
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use App\SiteSettings;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use Auth;
use User;
class LoginController extends Controller
{
use AuthenticatesUsers;
protected function authenticated (Request $request, $user)
{
if (Auth::check() && Auth::user()->role->id == 1 ) {
$this->redirectTo = route('admin.dashboard');
} elseif(Auth::check() && Auth::user()->role->id == 2 ) {
$this->redirectTo = route('doctor.dashboard');
} elseif(Auth::check() && Auth::user()->role->id == 3 ) {
$this->redirectTo = route('nurse.dashboard');
} else {
$this->redirectTo = route('search.doctor');
}
}
// protected $redirectTo = $this->authenticated();
public function __construct()
{
$this->middleware('guest')->except('logout');
}
public function field()
{
if (filter_var(request()->phn_number,FILTER_VALIDATE_EMAIL)){
return 'email';
}else{
return 'phn_number';
}
}
public function login()
{
// Check Right Position
// return $this->field();
if (Auth::attempt([$this->field()=>request()->phn_number, 'password'=>request()->password ])){
// Wanna Return Authenticated function
//return redirect()->intended('/');
return redirect()->intended($this->authenticated());
}else{
return redirect()->back()->withInput('phn_number');
}
}
}
So It's returned me Too few arguments to function App\Http\Controllers\Auth\LoginController::authenticated().
I also try to use
return $this->authenticated();
It also give me error.
The authenticated() method that overrides method on Illuminate\Foundation\Auth\AuthenticatesUsers class, has 2 arguments you have to pass to, so change your login() method to this one:
public function login(Request $request)
{
// Check Right Position
// return $this->field();
if (Auth::attempt([$this->field() => $request->phn_number, 'password' => $request->password])) {
// Wanna Return Authenticated function
//return redirect()->intended('/');
return redirect()->intended(authenticated($request, $this->guard()->user()));
} else {
return redirect()->back()->withInput('phn_number');
}
}
As you can see, we're calling authenticated($request, $this->guard()->user()) with 2 arguments instead of authenticated() with no arguments.
You can also rewrite your authenticated method and use $user, also no need to use Auth::chcek() because user is already authenticated when reaches this method:
protected function authenticated (Request $request, $user)
{
if ($user->role->id == 1) {
$this->redirectTo = route('admin.dashboard');
} else if($user->role->id == 2) {
$this->redirectTo = route('doctor.dashboard');
} else if($user->role->id == 3) {
$this->redirectTo = route('nurse.dashboard');
} else {
$this->redirectTo = route('search.doctor');
}
}
I'm trying to implement a middleware in Laravel 5.8 which checks if a value is true for a model Customer. I want the app routes to redirect to a route ('login'), for the api routes I want to give a 401 response. I think I'm overseeing something.
This is my Middleware which works for the app routes, but I can't get the middleware to handle the unauthorized requests ($user['dropshipping'] === false) correctly..
public function handle($request, Closure $next)
{
$user = Auth::user();
if($user instanceof Customer) {
if ($user->guard(['web'])['dropshipping']) {
return $next($request);
} elseif($user->guard(['customer-api'])['dropshipping']) {
return $next($request);
} else {
return redirect(route('login'))->with('error', 'Account not activated, please contact TWM BV.');
}
} else {
return $next($request);
}
}
Guards are associated to Auth not to users.
So you can use Auth::guard('guard-name') or auth()->guard('guard')
public function handle($request, Closure $next)
{
$user = Auth::user();
if($user instanceof Customer) {
if (auth()->guard('web')->user()->dropshipping) {
return $next($request);
} elseif(auth()->guard('customer-api')->user()->dropshipping) {
return $next($request);
} else {
return redirect(route('login'))->with('error', 'Account not activated, please contact TWM BV.');
}
} else {
return $next($request);
}
}
I created two Middleware called "MustBeAdmin" and "MustBeUser" to make sure depending on the user login I redirect them to the right page and restrict unauthorized content. Currently everything is working fine and redirects work well too. But the Logic I wrote behind the scene seems wrong to me and its weird it still works. If I write the logic that seems right to me atleast, it does not seem to work as expected.
Users table
id (1,2,3,...)
name
role (1,2,3,...)
Roles table
id (1,2,3,...)
role (Student, Admin,...)
MustBeAdmin middleware
public function handle($request, Closure $next)
{
if($request->user()->role == 2)
{
return $next($request);
}
else
{
return redirect('/admin/users');
}
}
MustBeUser middleware:
public function handle($request, Closure $next)
{
if($request->user()->role == 1)
{
return $next($request);
}
else
{
return redirect('/admin/users');
}
}
kernel.php
'admin' => \App\Http\Middleware\MustBeAdmin::class,
'user' => \App\Http\Middleware\MustBeUser::class,
As you can see I have registered middlewares in kernel.
I am getting results exactly what I need but I doubt if the logic in middleware is correct?
1 = Student
2 = Admin
if you see in MustBeAdmin middleware I am comparing if user role is 2 (admin) then do next($request) and in MustBeUser middleware I am comparing if user role is 1 (Student) then do next($request) and I set else to /Admin directory.
I feel its wrong, what do you think?
You are not checking the authenticated users details in your Middleware. The middleware should be something like:
//for student
public function handle($request, Closure $next)
{
if ( Auth::check() && Auth::user()->role == 1 )
{
return $next($request);
}
return redirect('/admin');
}
//for admin
public function handle($request, Closure $next)
{
if ( Auth::check() && Auth::user()->role == 2 )
{
return $next($request);
}
return redirect('/student');
}
You should check my detailed answer on the same topic here
Yes, It can be handled in one common file.
Here is the code
public function handle($request, Closure $next)
{
$user = User::find(Auth::id());
$roles = [];
foreach ($user->roles as $key => $value) {
array_push($roles, $value->pivot->role_id);
}
$routeName = Route::getFacadeRoot()->current()->uri();
$route = explode('/', $routeName);
if ($route[0] == "teacher") {
if (in_array(2, $roles)) {
return $next($request);
} else {
return response('Unauthorized.', 401);
}
} elseif ($route[0] == "student") {
if (in_array(1, $roles)) {
return $next($request);
} else {
return response('Unauthorized.', 401);
}
} elseif ($route[0] == "admin") {
if (Auth::user()->admin == 1) {
return $next($request);
} else {
return response('Unauthorized.', 401);
}
} else {
if (!Auth::user()) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest('admin-panel/auth/login');
}
}
}
return $next($request);
}
You can alter the logic according to your need.
I am getting this error when I created my own middleware and used it
public function handle($request, Closure $next)
{
$privilege = $request->session()->has('privilege');
if($request->session()->has('privilege'))
{
if($privilege == "Owner" || $privilege == "owner")
{
return $next($request);
}
else
{
return redirect()->back()->withErrors(['privilege_check' => "You are not privileged to go there!."]);
}
}
return '/home';
}
Most probably you haven't set the session('privilege'). If you have already set it up then close down the browser and run the application again from start. It maybe did not set up during the development.
Check this
public function __construct()
{
$this->middleware(function ($request, $next) {
if(Session::get('user_id') == NULL)
{
return Redirect::to('login');
}else{
return $next($request);
}
});
}