Laravel add additional information for user - php

I'm using Laravel for a little app. In this app I added the auth things of Laravel (verison 5.3), so I automatically got a possibility to register and log in.
So what I got now are a few controllers, 2 vies and a table users, with name, email and password and a unique auto incrementing primary key. What I want now, is to make the logged in user able to add additional information, like City, Street, Telephone, etc..
I don't want to make the user able to add this directly at register. What I want instead, is, that if the user is logged in, he can navigate to a view (lets say its reachable through the route /changeUserData. There, he can find a form. In this form, initally there is no data, he can enter everything (as I said, like City, Street, etc.) and save information. I'd like to save this information in another table in the db, called user_infos, with several columns containing City, Street, Telephone, etc. I'd like to be able to have this second table without a primary key, but with a foreign key - the primary key of the users table.
So the process would be, navigates to the view with the form /changeUserData. Then there is a lookup in the table user_infos, if the logged in user already saved information there. Therefore, I'd need to look up the primary key of the user via the email-adress (unique as well), which is stored in {{auth::user()->email}}. If he didn't save any information there yet, then he gets a blank form, where he can enter everything. Clicking on save, makes a new entry in the user_infos table, containing all information entered, as well as the foreign key got from the users table. If there is already an entry for the user, the information should be already shown in the form inputs, and the user should also be able to edit the information and save the updated information.
I know this was much text. Basically what I need to know is how to really do the database things. So how can I lookup the primary key (respectively the column with the name id) with the email-adress. How can I then create a new row in the other table, containing this id and the information entered? And how can I get the information from the database then to add in to the form inputs? Basically what I found is Eloquent ORM, but I doesn't seem to understand it. Can anybody give me an example of how I can do this?
Please note, that I'm completely new to Laravel, as well as this hole Object - Model thing, this might be the reason, why I'm confused about it.

Have a look at this series https://laracasts.com/series/laravel-5-fundamentals
The Eloquent tutorial: https://laracasts.com/series/laravel-5-fundamentals/episodes/8
The directory structure will probably be a little bit different as it is a slightly older version of Laravel but it will get you started.
Hope this helps!

Related

login page check user from 2 different tables

I have a site which has two types of users that are stored in two different tables one is saved as a user and the other one as a business in the user table its columns are as follow:
first_name, last_name, user_email,user_pws
And the business columns is as follow:
business_name, business_email,business_pws
I want to make a PHP coded login page that if the user enters email and password the login system will check which one the user is. how can I do this? my current code is a simple login form.
MAY LEAD TO SECURITY RISKS
this was just for what the user here was asking
It's a little weird because you have to make sure that emails are unique keys however making them a unique key in each table would still mean someone could make one in each table. I'm not sure if that's what you're getting at and I guess to counteract that you could have a table of used emails....
But to get to your question, IF the emails do not overlap between tables I imagine some SQL statement such as:
select users.user_email, business.business_email from users,business where users.user_email='foo' or business.business_email='foo';. I'm not too great with SQL yet either but you can mess around with something like this and I'm sure it'll get you on the right track.

Register a user with anonymous User ID

I create an application that will show users registered in the system on a map. But I need to adhere to some kind of security:
I want to store the user information (name, address etc)
I create a UUID for each user
This UUID is the only reference being
displayed on the map, so the user of the map cannot see the clear
names
the UUID is connected with a user directly and only with
this user.
I dont'see at the moment how to solve the issue, that a user registers in my database and gets a UUID assigned, but it should not be traceable at the end, which UUID is connected with which user. I hope my problem came across.
In terms of privacy issues, I should not be able to see clear names in a database for each user so data privacy is ensured and only UUIDs are a reference. How can I solve this?
I'm not a 100% sure of why and what you'd want to achieve but it seems like you have 2 options:
Encryption - if you're afraid someone will get sensitive data from your database, consider encryption. When it comes to UUID you are always going to be needing some sort of way to identify a user so the only way to protect your data is encryption.
If you're afraid someone else from your team (who has direct access to the database) may take advantage of the sensitive information (like get the address of a user) you could create a separate pivot table which correlates between the user data and the uuid i.e user_uuid and this table will contain user_id,user_uuid (the first one is numeric index, the second one is the uuid). Then you could create access control rules on the database itself and only you will be able to access the main user table, everyone else won't.
Hope this helps.

Database design:separeted modell(person+user) how add people to db

I have to build a web app with the following db structure:
I have the structure as in the sketch.I have to separate
the people to person and to user because of there are people who
will never have user account and just simple added by administrator
to the site db.
There is an application form to register to the site.
There must be fill the person fields and the user fields
If the admin adds the person to the db(without user info),and this person wants to register later by him/herself how to deal with this case?
He/She tries to register but filling the Person fields will duplicate the data. In this case Person fields already exist.
Do you have any idea?
Update1:
Thank you for your answers i already known that how to store the data fields in the tables.But don't know how to deal the case when the admin register the person data and that person comes to register him/herself
PS:forgive me but i don't have a modeller tool now.
Is important to notice that meanwhile a Person can be or not a User, a User can be also not a Person. (For example, user roles that will deal with automatic maintenance of the database)
Everything is about how your business model is structured.
Leave User as lightweight as possible by putting all data about persons in Person. (name, dataofbirth, email, etc.)
In User just add a Foreign Key nullable into Person table records and only add data about a user in this table (id, password, lastlogin, etc..).
When the form is filled by the user, first add a record in Person and if data corresponding to User is filled, then grab the id of the Person you just added and use it as the data to fill the Foreign Key in User.
If the Person data is already on db, just notify the user and ask him about using that old data or update it... always taking into account security and privacy issues. (This user may not be who he is claiming to be.. maybe you should ask him to confirm his email as many newsletter do)

Can i use username instead of user id in wordpress, ignoring wp_users table?

I am aware that wordpress maps the data of posts and comments in the database, with the user id.
For example, in wp_posts table, the column post_author corresponds to the user id who has written the post, and in wp_comments table, the column user_id corresponds to the user id who has commented on a post.
But what i am trying to achieve is to have a username value, instead of user id, to identify a user. Because i am developing a functionality such that the users will be authenticated outside of wordpress, so their details are not inserted in the wordpress database (wp_users table). I am using custom sessions to store the user's session inside wordpress, storing the user's username that i receive from a third party site, after successful authentication.
Having said the above, i am considering few options like:
Using hooks to alter the functionality of mapping/identifying a user by username, instead of user id.
Creating a new plugin that achieves this functionality
Create new tables inside wordpress and use them to store usernames along with the posts/comments.
Can anyone guide me in the right path?
Note that:
I just want to forget wp_users table. I don't want to touch it. I will neither fetch anything from it, nor insert anything into it. So i just want to insert user login name into other related tables like wp_posts, and wp_comments, may be by adding new columns to them.
I also don't want to change the core files of wordpress, as i am worried that i cannot update the wordpress later. But i believe that the database can be altered though.
You don't want to. Usernames are modifiable, they are not perfectly unique and come with a host of other related issues.
Split up your application. If you want to have another authentication method then make it authenticate to a user using whatever method you like. Once you know which user it is you can get the user ID from the database and properly generate a Wordpress login.
Your modifications should avoid massive sweeping changes to the internals of a system that you aren't very familiar with. That way lies madness. Instead, focus on building an add-on that does what you need and then hands control back to the primary system as quickly as possible. You avoid duplicating a lot of effort by doing it this way.
I guess you are referring the user login name by saying username, right??
If so then Yes you can achieve that because userlogin is unique like the userid and you can simply query your wp_users table to get the userid .
If not then there's no way to guarantee that you get the correct user's info by username as mentioned by #mrdoombringer in previous answer

Standard procedure for confirming email for a web app

I have created a web app that is almost finished. I need it to confirm new emails. I just want to know if the these are the right procedures for that, because I'm not familiar with this.
I create a new table called "confirmEmails" with only one column with uniqueId. A unique Id is created with PHP: uniqueid() which is created directly after a user hit the submit button. And the php script stores it on the table. An email is sent together with a link www.domain.com/confirmEmail.php?uniqueId=kushfpuhrufhufhfhuhfheriufhehu. I have an another php script called confirmEmail.php that gets the value if uniqueId through the link with $_GET['uniqueId'];(maybe I shall use post instead her). And now it stores the new email in table called user
Is it right procedures? Pls give me some feedback!
Your description says that you have only one column in your unique table. You need to associate the unique Id (token) with the specific user you validate. Otherwise a user could confirm a fake address using another user's unique id.
You could put the unique id in a column of the user table to make sure the right unique id used for activating an account.
Note: Another way would be to create a activation token from the user id and some secret in your configuration, such as sha1($userid . 'yourSecret'). With that you would not need to store additional data, but it is not possible to guess this token without knowing your secret.
That sounds like it would work fine. Seems like the standard now a days.

Categories