Hi I am having some problem with authentication in laravel. I have to use two middleware 1. is web and 2. auth . I am using web middleware so that I can use session to show flash messages. and want to use auth middleware to do authentication of users/admin. but I am facing some problems.
below is my function to check authorization and to redirect to their respective routes
public function postLoginForm(){
$email=Input::get('email');
$password=Input::get('password');
$data=[
'email'=>$email,
'password'=>$password
];
$rules=[
'email'=>'required',
'password'=>'required'
];
$validator=Validator::make($data,$rules);
if($validator->fails()){
Session::flash('fail', 'Oops Something went wrong!!');
return redirect()->back()->withErrors($validator);
}
else{
if(Auth::attempt($data)){
$checkStatus=User::select('*')->where('email',$email)->first();
Session::put('email',$checkStatus->email);
Session::put('user_type',$checkStatus->user_type);
if($checkStatus['user_type']=='4'){
if($checkStatus['status']=='0'){
Session::flash('wait', 'Registration is not approved!!');
return "student";
return redirect()->back();
}
else{
return "student else";
return Redirect::route('get.student.dashBoard');
}
}
else if($checkStatus['user_type']=='1'){
return Redirect::route('get.admin.dashBoard');
}
else if($checkStatus['user_type']=='2'){
return 'admin sir view';
return Redirect::route('get.admin.dashBoard');
}
else if($checkStatus['user_type']=='3'){
return 'admin other view';
return Redirect::route('get.admin.dashBoard');
}
else{
Session::flash('fail', 'Oops Something went wrong!!');
return redirect()->back();
}
}
else{
Session::flash('fail', 'Login details not matched!!');
return redirect()->back();
}
}
return 'nothing works';
}
below is my routes for admin
Route::group(['middleware' => ['web']], function () {
Route::get('/login',
['as' => 'get.login.page',
'uses' => 'LoginController#getLoginPage']);
Route::post('/login-done',
['as' => 'post.login.page',
'uses' => 'LoginController#postLoginForm']);
Route::get('/register',
['as' => 'get.register.page',
'uses' => 'LoginController#getRegisterPage']);
Route::post('/register',
['as' => 'post.register.form',
'uses' => 'LoginController#postRegisterForm']);
Route::get('/forgot-password',
['as' => 'get.forgotPassword.form',
'uses' => 'LoginController#getForgotPasswordForm']);
Route::group(['middleware' => ['auth']], function () {
Route::get('/admin-dashboard',
['as' => 'get.admin.dashBoard',
'uses' => 'admin\PageController#getAdminDashboard']);
Route::get('/all-achievements',
['as' => 'get.achievements',
'uses' => 'admin\AchievementsController#getAchievementsList']);
Route::get('/new-achievement',
['as' => 'get.add.achievement',
'uses' => 'admin\AchievementsController#getAddAchievement']);
Route::post('/add-achievement',
['as' => 'post.achievementsForm',
'uses' => 'admin\AchievementsController#postAchievements']);
Route::get('remove-achievement/{achie_slug}',
['as' => 'post.delete.achievements',
'uses' => 'admin\AchievementsController#postDeleteAchievement']);
Route::get('edit-achievement/{achie_slug}',
['as' => 'get.edit.achievements',
'uses' => 'admin\AchievementsController#getEditAchievement']);
Route::post('update-achievement/{ach_id}',
['as' => 'post.edited.achievement',
'uses' => 'admin\AchievementsController#postEditedAchievement']);
Route::get('/all-news',
['as' => 'get.news.list',
'uses' => 'admin\NewsController#getNewsList']);
Route::get('/add-news',
['as' => 'get.add.news',
'uses' => 'admin\NewsController#getAddNews']);
Route::post('/add-news',
['as' => 'post.add.news',
'uses' => 'admin\NewsController#postAddNews']);
Route::get('/delete-news/{news_slug}',
['as' => 'get.delete.news',
'uses' => 'admin\NewsController#postDeleteNews']);
Route::get('/edit-news/{news_slug}',
['as' => 'get.edit.news',
'uses' => 'admin\NewsController#getEditNews']);
Route::post('/edit-news/{news_slug}',
['as' => 'post.edited.news',
'uses' => 'admin\NewsController#postEditedNews']);
Route::get('/all-admins',
['as' => 'get.admin.list',
'uses' => 'admin\AdminController#getAllAdminList']);
Route::get('/add-admin',
['as' => 'add.new.admin',
'uses' => 'admin\AdminController#getAddNewAdmin']);
Route::post('/add-new-admin',
['as' => 'post.add.new.admin',
'uses' => 'admin\AdminController#postAddNewAdmin']);
Route::get('/all-schedule',
['as' => 'get.timeTable.list',
'uses' => 'admin\TimeTableController#getTimeTableList']);
Route::get('/add-schedule/{id}',
['as' => 'add.timeTable',
'uses' => 'admin\TimeTableController#getAddNewBatch']);
Route::post('/add-new-batch',
['as' => 'add.newBatch',
'uses' => 'admin\TimeTableController#postAddNewBatch']);
Route::post('/save-year-batch',
['as' => 'save.year.batch',
'uses' => 'admin\TimeTableController#postSaveYearBatch']);
Route::get('/schedule-table/{year}',
['as' => 'view.schedule.table',
'uses' => 'admin\TimeTableController#getScheduleTable']);
Route::get('/delete-schedule/{slug}',
['as' => 'delete.schedule.one',
'uses' => 'admin\TimeTableController#postDeleteOneSchedule']);
Route::get('/edit-schedule/{slug}',
['as' => 'edit.schedule.one',
'uses' => 'admin\TimeTableController#getEditScheduleForm']);
Route::post('/save-edited-schedule/{id}',
['as' => 'save.edited.schedule',
'uses' => 'admin\TimeTableController#postEditScheduleForm']);
Route::get('/all-results',
['as' => 'get.all.results',
'uses' => 'admin\ResultsController#getAllResults']);
Route::get('/add-result',
['as' => 'get.add.results',
'uses' => 'admin\ResultsController#getAddResult']);
Route::post('/add-new-result',
['as' => 'post.add.result',
'uses' => 'admin\ResultsController#postAddResult']);
Route::get('/delete-result/{id}',
['as' => 'get.delete.student.result',
'uses' => 'admin\ResultsController#getDeleteResult']);
Route::get('/edit-result/{id}',
['as' => 'get.edit.student.result',
'uses' => 'admin\ResultsController#getEditResult']);
Route::post('/save-edited-result/{id}',
['as' => 'post.edited.result',
'uses' => 'admin\ResultsController#postEditedResult']);
Route::get('/contact-messages',
['as' => 'get.contact.message',
'uses' => 'admin\ContactMessageController#getAllContactMessages']);
Route::get('/contact-messages/{id}',
['as' => 'get.delete.contact.message',
'uses' => 'admin\ContactMessageController#getDeleteContactMessages']);
});
});
every time i try to login it redirects me to the same login page. please guide me whats wrong with this.
You should remove web middleware from middleware group to make it work. It applies to all routes inside web.php (5.3) and routes.php (5.2.27 and higher) automatically and if you'll add it manually, it will break session related functionality.
Related
I have the following route definition in Laravel 5. When I group the routes in the following way, it seems the route admin.proposals.home will not work if I provide "/" as the get path, and will work if something trailing (like home) is provided:
/**
* Routes for system administrators.
*/
Route::group(['prefix' => 'admin', 'middleware' => 'admin'], function()
{
Route::group(['prefix' => 'people'], function()
{
Route::get('/', ['as' => 'admin.people.home', 'uses' => 'PersonController#index']);
Route::get('/profile/{userName}', ['as' => 'admin.person.profile', 'uses' => 'PersonController#view']);
Route::get('/organization/{id}', ['as' => 'admin.people.organization', 'uses' => 'PersonController#indexByOrganization']);
});
Route::group(['prefix' => 'projects'], function()
{
Route::get('/', ['as' => 'admin.projects.home', 'uses' => 'ProjectController#index']);
Route::get('/{projectId}', ['as' => 'admin.project.view', 'uses' => 'ProjectController#view']);
Route::group(['prefix' => 'proposals'], function()
{
//problematic line below
Route::get('/home', ['as' => 'admin.proposals.home', 'uses' => 'ProposalController#index']);
Route::get('/{proposalId}', ['as' => 'admin.proposal.view', 'uses' => 'ProposalController#view']);
});
});
});
Specifically, if I change the line:
Route::get('/home', ['as' => 'admin.proposals.home',
'uses' => 'ProposalController#index'
]);
To:
Route::get('/', ['as' => 'admin.proposals.home',
'uses' => 'ProposalController#index'
]);
I got an error saying:
Trying to get property of non-object (View: ... \views\admin\projects\view.blade.php)
But, the admin.proposals.home route points to the controllers index() method and has nothing to do with the view.blad.php.
Changing the path back to get('/home') works perfectly.
What is it that I'm missing?
It's a Route position order problem.
Since you have the route for the URI admin/projects/ as admin.project.home, and after that admin/projects/{projectId} it takes precedence over the route admin/projects/proposals/
Laravel takes proposals as the projectId.
Route::group(['prefix' => 'projects'], function()
{
Route::group(['prefix' => 'proposals'], function()
{
//problematic line below
Route::get('/', ['as' => 'admin.proposals.home', 'uses' => 'ProposalController#index']);
Route::get('/{proposalId}', ['as' => 'admin.proposal.view', 'uses' => 'ProposalController#view']);
});
Route::get('/', ['as' => 'admin.projects.home', 'uses' => 'ProjectController#index']);
Route::get('/{projectId}', ['as' => 'admin.project.view', 'uses' => 'ProjectController#view']);
});
Try this order and let me know what you get. But purely it's a route order problem.
I am using laravel 5.1, after user logged in, the url for login and register still can be access by user.
My current implementation of the route as follow:
<?php
$s = 'public.';
Route::get('/', ['as' => $s . 'home', 'uses' => 'PagesController#getHome']);
$a = 'auth.';
Route::get('/login', [ 'as' => $a . 'login', 'uses' => 'Auth\AuthController#getLogin']);
Route::post('/login', ['as' => $a . 'login-post', 'uses' => 'Auth\AuthController#postLogin']);
Route::get('/register', ['as' => $a . 'register', 'uses' => 'Auth\AuthController#getRegister']);
Route::post('/register', ['as' => $a . 'register-post', 'uses' => 'Auth\AuthController#postRegister']);
Route::get('/password', ['as' => $a . 'password', 'uses' => 'Auth\PasswordResetController#getPasswordReset']);
Route::post('/password', ['as' => $a . 'password-post', 'uses' => 'Auth\PasswordResetController#postPasswordReset']);
Route::get('/password/{token}', ['as' => $a . 'reset', 'uses' => 'Auth\PasswordResetController#getPasswordResetForm']);
Route::post('/password/{token}',['as' => $a . 'reset-post', 'uses' => 'Auth\PasswordResetController#postPasswordResetForm']);
$s = 'social.';
Route::get('/social/redirect/{provider}', ['as' => $s . 'redirect', 'uses' => 'Auth\AuthController#getSocialRedirect']);
Route::get('/social/handle/{provider}', ['as' => $s . 'handle', 'uses' => 'Auth\AuthController#getSocialHandle']);
Route::group(['prefix' => 'admin', 'middleware' => 'auth:administrator'], function()
{
$a = 'admin.';
Route::get('/', ['as' => $a . 'home', 'uses' => 'AdminController#getHome']);
});
Route::group(['prefix' => 'user', 'middleware' => 'auth:user'], function()
{
$a = 'user.';
Route::get('/', ['as' => $a . 'home', 'uses' => 'UserController#getHome']);
});
Route::group(['middleware' => 'auth:all'], function()
{
$a = 'authenticated.';
Route::get('/logout', ['as' => $a . 'logout', 'uses' => 'Auth\AuthController#getLogout']);
});
I tried the following method but it doesn't work out:
Route::get('/login', ['before'=> 'auth', 'as' => $a . 'login', 'uses' => 'Auth\AuthController#getLogin']);
Thanks!!
You need to implement a helper(Middleware) for the login to do the redirect. Check app/Http/Middleware/RedirectIfAuthenticated.php its a good example to start from. No need to create routes for this.
I am creating a project in Laravel . I want to create a url
like http://www.mywebsite.com/username
so i can show the user profile based on username
so far i have this code
Route::group(array('prefix' => 'user', 'before' => 'admin'), function() {
# USer / Individual
Route::get('/', array('as' => 'user', 'uses' => 'Admin\AdminIndividualController#getindex'));
Route::get('create-user', array('as' => 'create-user', 'uses' => 'Admin\AdminIndividualController#create'));
Route::get('edit-user/{id}', array('as' => 'edit-user', 'uses' => 'Admin\AdminIndividualController#edit'))->where(array('id' => '[0-9]+'));
Route::get('delete-user/{id}', array('as' => 'del_user', 'uses' => 'Admin\AdminIndividualController#destroy'))->where(array('id' => '[0-9]+'));
Route::get('deactivate/{id}', array('as' => 'user_deactive', 'uses' => 'Admin\AdminIndividualController#deactive_user'))->where(array('id' => '[0-9]+'));
Route::get('active/{id}', array('as' => 'user_active', 'uses' => 'Admin\AdminIndividualController#active_user'))->where(array('id' => '[0-9]+'));
Route::post('create-user', array('as' => 'post-user', 'uses' => 'Admin\AdminIndividualController#store'));
Route::post('update-user/{id}', array('as' => 'update-user', 'uses' => 'Admin\AdminIndividualController#update'))->where(array('id' => '[0-9]+'));
# USer [Individual] Skills
Route::get('create-skill', array('as' => 'create-user-skill', 'uses' => 'Admin\AdminIndividualController#create_skill'));
Route::get('delete-skill/{id}', array('as' => 'del_skill', 'uses' => 'Admin\AdminIndividualController#destroy_skill'))->where(array('id' => '[0-9]+'));
Route::post('create-skill', array('as' => 'create-user-skill', 'uses' => 'Admin\AdminIndividualController#store_skill'));
#send email to user
Route::get('send-email/{id}', array('as' => 'create-email-user', 'uses' => 'Admin\AdminIndividualController#create_email'))->where(array('id' => '[0-9]+'));
Route::post('send-email', array('as' => 'send-email-user', 'uses' => 'Admin\AdminIndividualController#send_email'));
});
I couldnt find any way to create routing for that if i create just a simple route it disturbs all my other urls like /logout
After Brainstorming here is what i concluded i have to implement it in order to check if this works or not
Route::filter('user.item', function($route, $request)
{
if ($route->parameter('item')->user_id !== Auth::user()->id)
{
App::abort(404);
}
});
What ill be doing is applying filter to routes to check from database if that username exists or not if it does exist ill fetch the view for profile and show the profile otherwise run the url as it is .Is it possible that way >?
A route that has a dynamic segment in the first place should be put after all the other routes so it only runs when the other routes don't match...
Route::get('foo', ...);
Route::get('bar', ...);
Route::get('{user}', ...);
Note that there is still a problem because a user can't have the name create-user because otherwise he won't see his profile but rather the actual create-user route.
That means if you really want to have the profile URL like that you should validate the username and check for reserved words (which are actually your other routes)
Of course the alternative is to just use something like user/{username}
You are right that such routing will overload all other routes and nothing works.
It is much easier to create url like http://www.mywebsite.com/u/username
If you want to have route /{username} then you can either make all other urls to be made of 2 or more url segments or make ineffective manual magic in the routing.
In manual routing you can see if the username matches any user and if not then perform the logout for example. You also need to keep in mind that someones username can be logout.
Bind your username "key" (in your route) and create a Route Bind.
Route::bind('username',function($value){
return User::where('username',$value)->first();
});
Route::group(array('prefix' => '{username}', 'before' => 'admin'), function() {
# USer / Individual
Route::get('/', array('as' => 'user', 'uses' => 'Admin\AdminIndividualController#getindex'));
Route::get('create-user', array('as' => 'create-user', 'uses' => 'Admin\AdminIndividualController#create'));
Route::get('edit-user/{id}', array('as' => 'edit-user', 'uses' => 'Admin\AdminIndividualController#edit'))->where(array('id' => '[0-9]+'));
Route::get('delete-user/{id}', array('as' => 'del_user', 'uses' => 'Admin\AdminIndividualController#destroy'))->where(array('id' => '[0-9]+'));
Route::get('deactivate/{id}', array('as' => 'user_deactive', 'uses' => 'Admin\AdminIndividualController#deactive_user'))->where(array('id' => '[0-9]+'));
Route::get('active/{id}', array('as' => 'user_active', 'uses' => 'Admin\AdminIndividualController#active_user'))->where(array('id' => '[0-9]+'));
Route::post('create-user', array('as' => 'post-user', 'uses' => 'Admin\AdminIndividualController#store'));
Route::post('update-user/{id}', array('as' => 'update-user', 'uses' => 'Admin\AdminIndividualController#update'))->where(array('id' => '[0-9]+'));
# USer [Individual] Skills
Route::get('create-skill', array('as' => 'create-user-skill', 'uses' => 'Admin\AdminIndividualController#create_skill'));
Route::get('delete-skill/{id}', array('as' => 'del_skill', 'uses' => 'Admin\AdminIndividualController#destroy_skill'))->where(array('id' => '[0-9]+'));
Route::post('create-skill', array('as' => 'create-user-skill', 'uses' => 'Admin\AdminIndividualController#store_skill'));
#send email to user
Route::get('send-email/{id}', array('as' => 'create-email-user', 'uses' => 'Admin\AdminIndividualController#create_email'))->where(array('id' => '[0-9]+'));
Route::post('send-email', array('as' => 'send-email-user', 'uses' => 'Admin\AdminIndividualController#send_email'));
});
If its ok for you to display URL of the user's profile page like this: http://website.com/#username then you can show the user's profile based on his username like this:
in routes.php file
Route::get("#{username}", array(
"as" => "users.show",
"uses" => "UsersController#show",
));
in UsersController.php file
public function show($username)
{
$user = User::where("username", "=", $username)->first();
if (is_null($user))
{
return App::abort(404);
}
return View::make("path/to/view/file")->with("user", $user);
}
and you can create links with that URL http://website.com/#username like this:
{{ $user->username }}
this way you don't need to check for reserved words (which are your other routes) unless you already have a route begins with the symbol #.
I have been using laravel for a while now, but I stumbled across an error which I have never encountered before. It is probably me overlooking it, but with the route file given below, the route group with the prefix account gives a blank page. When going to /account/anunregisteredroute it does give a httpnotfoundexception
My routes.php file:
http://pastebin.com/EnnGSm10
By adding a / before the parameter you can solve this issue:
Route::get('/{username}', ['as' => 'account-profile', 'uses' => 'AccountController#getProfile']);
This piece of code worked for me:
Route::group(['prefix' => 'account'], function () {
Route::get('/{username}', ['as' => 'account-profile', 'uses' => function($username){
echo $username;
}]);
Route::get('profile', ['as' => 'account-edit-profile', 'uses' => 'AccountController#getUpdate', 'before' => 'auth']);
Route::post('profile', ['as' => 'account-edit-profile', 'uses' => 'AccountController#postUpdate', 'before' => 'auth|csrf']);
Route::group(['before' => 'guest'], function () {
Route::get('create', ['as' => 'account-create', 'uses' => 'AccountController#getCreate']);
Route::get('signin', ['as' => 'account-signin', 'uses' => 'AccountController#getSignin']);
Route::group(['before' => 'csrf'], function() {
Route::post('create', ['as' => 'account-create', 'uses' => 'AccountController#postCreate']);
Route::post('signin', ['as' => 'account-signin', 'uses' => 'AccountController#postSignin']);
});
});
});
I got the expected output.
I've noticed a bit of a peculiarity in Laravel 4 when using Routes. I have a Route group that looks like this:
// Employers routes
Route::group(array('prefix' => 'employers'), function(
Route::get('/', array('as' => 'employers.index', 'uses' => 'EmployersController#index'));
Route::get('create', array('as' => 'employers.create', 'uses' => 'EmployersController#create'));
Route::post('/', array('as' => 'employers.store', 'uses' => 'EmployersController#store', 'before' => 'csrf'));
Route::get('search', array('as' => 'employers.search', 'uses' => 'EmployersController#search'));
Route::get('{id}', array('as' => 'employers.show', 'uses' => 'EmployersController#show'));
Route::get('{id}/edit', array('as' => 'employers.edit', 'uses' => 'EmployersController#edit'));
Route::patch('{id}/update', array('as' => 'employers.update', 'uses' => 'EmployersController#update', 'before' => 'csrf'));
Route::delete('{id}/destroy', array('as' => 'employers.destroy', 'uses' => 'EmployersController#destroy', 'before' => 'csrf'));
));
I've noticed, however, that when I try and add in a new route I have to add it before the first route to use the {id} wildcard as the first parameter in it's url, otherwise I get a notfoundhttpexception. Is this normal? So for example, this works (adding in the employers.search route:
// Employers routes
Route::group(array('prefix' => 'employers'), function(
Route::get('/', array('as' => 'employers.index', 'uses' => 'EmployersController#index'));
Route::get('create', array('as' => 'employers.create', 'uses' => 'EmployersController#create'));
Route::post('/', array('as' => 'employers.store', 'uses' => 'EmployersController#store', 'before' => 'csrf'));
Route::get('{id}', array('as' => 'employers.show', 'uses' => 'EmployersController#show'));
Route::get('search', array('as' => 'employers.search', 'uses' => 'EmployersController#search'));
}
Results in the route employers.search not being found?
This is expected behavior. Routes are evaluated in a top-down fashion.
{id} is a "catch all" route.
So the route system sees /search - and thinks search is an {id} - so it loads that route. But then it cannot find an id of search - and so it fails.
So keep your "catch all" route at the bottom of the list - and it will work correctly.