Im creating a survey that is sent by newsletter email, and basically the app records the user data based on the email of the user, if the email isnt present in the route isnt possible to fill in the survey, but im not quite sure if im doing it right way and also for security purpose maybe i should have some kind of validation regarding the email. Can someone suggest me what is the best practise or the way im doing is already alright?!
The url that the users enter is like:
http://domain.com/surveys/23/email#hotmail.com/show
Here is my code:
Route:
Route::get('surveys/{id}/{email}/show/', 'SurveyController#show');
Controller:
public function show($id,$email)
{
$survey = Survey::find($id);
$email = $email;
return view('admin.surveys.show', compact('survey','email'));
}
View:
Html
...
#if(!empty($email))
show the survey form
#else
A message saying is not possibile fill without a email
#endif
Note: The survey is completelly a part from the newsletter system, it cannot have any kind of integration between them.
Definitely you should validate if e-mail was provided. In controller you should do check like this:
$this->validate($request, [
'email' => 'required|email|exists:users,email',
]);
Example above will make sure that e-mail was provided (required), if is actually an email and if it exists in database (table users, column email).
You can read more about this in documentation. On this page you can also check all available rules if I missed any that could be used.
EDIT: Please also remember to add "Request $request" as method parameter, like so:
public function show(Request $request, $id,$email) {...}
Regarding Larans sugegstion to inject the Request as well.. Maybe you don't need it in the show method. If you feel it messes with your code, maybe inject it in the constructor...
private $request;
public function __construct(Request $request)
{
$this->request = $request;
}
And do the validation in your show method,
Related
I have a navbar where I try to display some stuff depending if the user is authenticated or not.
So I have a login form, when I axios.post('/login') with the email / password, and I deal with the potential errors.
I have also a method in my UserController to get the authenticated user (if there is one) via Auth::user() like the docs says, but this methods always returns an empty object ...
public function getUser() {
$user = Auth::user();
Log::info($user);
return $user;
}
This methods always returns me a [2018-06-17 16:29:26] local.INFO:
But the stranger things (like the TV show) is where I try to go on my '/admin' routes, my middleware use also the 'Auth::user()' to determines if the user's role is 'user' or 'admin', that 'Auth::user()' methods returns me well the user ...
I am stuck ...
Please, if someone has experienced the same issue, let me know how to solve it, or if someone want to see more code, let me know as well I'll be glad to show you more proof.
Thanks,
public function getUser() {
$user = Auth::user()->name;
return $user;
}
Use Auth::user()->name; to return your user name on navbar.
You have to provide further info to Log::info(), Something like the name or id of the $user->name, $user->id.
Further more you can use that id, Search with it and get the info of the user.
You should have a proper pattern for the log, By pattern i means proper logging. Passing the whole object $user will not work.
Hello you must use this syntax on laravel version 8 and more
auth('api')->user()->id
api will be used when you have an api if you are on a web version you will use
auth('web')->user()->id
This is a follow up of How to wait for a page reload in Laravel integration testing
What I am doing is to edit a user's profile and then redisplay the view.
My profile action: (UserController)
public function profile(){
return view('user/profile');
}
The view contains code like
{{ Auth::user()->firstname }}
now during my test, the old (unchanged) user data is displayed.
The test:
protected function editUserProfile()
{
$this->visit('/user/profile');
$firstName = $this->faker->firstname;
$lastname = $this->faker->lastname;
$this->within('#userEditForm', function() use ($firstName, $lastname) {
$this->type($firstName, 'firstname');
$this->type($lastname, 'surname');
$this->press('Save')
->seePageIs('/user/profile')
->see($firstName) # here the test fails
->see($lastname);
});
}
When I change the UserController like this:
public function profile(){
Auth::setUser(Auth::user()->fresh());
return view('user/profile');
}
everything works fine.
Now I want to understand, why that is like this.
Why does the integration test behave differently to the browser in that case? Is there a better way to align that behavior so the tests do only fail if there is a "real problem"? Or is my code just bad?
You're probably using update (int $uid) for the request?
The most likely explanation is that Laravel only uses a single application instance during the test. It's taking the input you give it, building a request object, and then sending it to the controller method. From here it can render the view and check that it contains your text.
In the authentication implementation once you call Auth::user() it doest one of two things:
If no user is loaded it attempts to retrieve it from storage.
If a user is already loaded it returns it.
Your update method (I'm guessing) is retrieving a new instance of the user from storage and updating it, not the cached one.
For example:
\Auth::loginUsingId(1234);
\Auth::user()->email; // 'user#example.com'
$user = \App\User::find(1234);
$user->email; // 'user#example.com';
$user->update(['email' => 'user2#example.com']);
$user->email; // 'user2#example.com'
\Auth::user()->email; // 'user#example.com'
I've inherited a website built using Codeigniter (v2.1.4). The client has asked for a change, and I'm not sure of the best way to achieve it.
I have the following method in the Main controller that powers a new vans page.
public function new_vans($slug = null){
$this->load->view('inc/header_view');
if($slug === NULL){
//If no slug is provided, show all new vans
$this->load->view('new_vans_view');
}else{
//If there is a slug, just show the selected van, or redirect if nothing returned
$data['new_van'] = $this->Database->getSingle('new_vans', array('slug' => $slug));
if(!empty($data['new_van'])){
$this->load->view('new_van_details_view',$data);
}else{
redirect('/new-vans');
}
}
$this->load->view('inc/footer_view');
}
The client has asked for a contact form to be added to a couple of pages including this one, and my question is, should I create a new method that just handles the contact form submissions? If so, how would I handle sending validation errors back to the page? The contact forms will all have the same fields, so I would guess creating a new method is the way to go?
Partial Views(forms)
Partial views are good for forms, they can be re-used
like your client has requested.
Returning views as data
There is a third optional parameter lets you change the behavior
of the function so that it returns data as a
string rather than sending it to your browser.
This can be useful if you want to process the data in some way.
If you set the parameter to true (boolean) it will return data.
The default behavior is false, which sends it to your browser.
Remember to assign it to a variable if you want the data returned:
$string = $this->load->view('myfile', '', true);
Master layouts
To create a Master layout so you can wrap your views
create a new file inside your views directory
views/master/layout.php
<body>
<?php $this->load->view($view); ?>
</body>
Controller
class someController extends CI_Controller
{
public function __construct()
{
parent::__construct();
$this->template = 'master/layout';
}
public function index()
{
return $this->load->view($this->template, array(
'view' => 'somecontrollerview',
'contact_form' => $this->load->view('partials/forms/contact', array(), true)
));
}
}
somecontrollerview
Echo out the contact form(string)
<?php echo $contact_form; ?>
Contact Controller
Create a new Controller to handle your form validation
The client has asked for a contact form to be added to a couple of pages including this one, and my question is, should I create a new method that just handles the contact form submissions?
create a new controller and new methods
If so, how would I handle sending validation errors back to the page?
look through the codeigniter documentation for form validation. basically if they have an error you are going to show them a view with the form again. it does not matter which page they came "from".
The contact forms will all have the same fields, so I would guess creating a new method is the way to go?
you need to validate the form fields, hopefully capture the contact info to a database, send an email confirmation to the customer, and send an email to the sales person unless its being done directly from the database, and then show a view with a thank you.
each one of those steps is a separate method.
optionally you can show the email address on the thank you page saying 'we have sent you a copy to the email address: something#gmail.com -- that way if the customer messed up the email address they can go back and correct it.
I'm developing with Codeigniter and working on password reset using a similar model to Amazon: The user clicks on a link that I email and this leads into the controller that launches the appropriate view. However I need to attach some tokens to the end of the uri for security reasons. Where do I intercept the uri within Codeigniter so as to remove the tokens? I would appreciate a code snippet that demonstrates this.
Many thanks in advance.
You can send an URL like www.yousite.com/index.php/password/reset/116wef4wef4325w6e4
In your controller password.php you have:
class Password extends CI_Controller {
function reset($token)
{
if(isset($token) AND $token != '')
{
$retrived_token = $token; //it's automatically passed by CI to this method.
//It would output 116wef4wef4325w6e4
//you may do some validation of it through a model here.
//ex. if($this->mymodel->validate_token($retrieved_token)
//{ do something } else { }
}
}
}
You didnt provide any info on how your app is structured, so I just guessed you might have a controller just for dealing with passwords. If it's not the case, you can have a 'password' method inside the parent controller, which in turn takes 2 parameters, in this case 'reset' and the 'token'. Or you could use a custom route maybe. If you provide this informations I might help updating my code suggestion.
I Currently writing a form for user to create a new record that require user's IP address.
I have this ready: $this->getObject()->setIp(ip2long($sf_request->getRequest()->getHttpHeader ('addr','remote')));
But it is obvious that I do not have the $sf_request object in my Form model. How can I access to this and get the user's IP address?
Thank you
Try this:
Access to the $request parameter of the Action method and extract the ip from the http headers. Then, in the view file, try to send the variable as parameter to the form file. I don't know exactly how, but i know for example you can pass an object as a parameter to the form to fill it
Good luck
After a moment think about this. I move the setIP method to my action and override the default processForm method with this:
public function processForm(sfWebRequest $request, sfForm $form){
$form->getObject()->setIp(ip2long($request->getHttpHeader ('addr','remote')));
return parent::processForm($request, $form);
}
It works just fine.