I was creating its own login system, but all recommmended sfDoctrineGuardPlugin. unfortunately I dont understand this...
I go to http://localhost/frontend_dev.php/login and i logged in. i am in class sfGuardSecurityUser and method public function signIn($user, $remember = false, $con = null)
where there did variable $user?
there is:
$this->setAttribute('user_id', $user->getId(), 'sfGuardSecurityUser');
but if i use:
$this->getUser()->getAttribute('user_id');
in own module then it is NULL. Works only $this->getUser(); but this is only Name and login. How can i get ID logged user?
I also added in table sf_guard_user_permission user_id 2 permission_id 2 and how can i check this in other module?
Thanks for help!
This is simple, in an action for exemple :
$this->getUser()->getGuardUser()->getId();
Related
I'm trying save user IP adress after login on website. I'm using laravel 5.2 framework. I got user table and login_ip row. My code looks like that:
$user = User::where('login_ip', Request::getClientIp());
$user->save();
But it does not saving. What i'm doing wrong? Sorry for my bad english :)
If you want to save IP for current user, you can do this:
auth()->user()->update(['login_ip' => Request::getClientIp()]);
This will not create additional query as code in shoieb0101, Amit and Ronald answers.
Don't forget to add login_ip to the $fillable array in User model:
protected $fillable = ['login_ip'];
If you want to save IP for only logged in users and ignore guests, you can do a check:
!auth()->check() ? : auth()->user()->update(['login_ip' => Request::getClientIp()]);
Try
$user = User::find(auth()->user()->id);
$user->login_ip = Request::getClientIp();
$user->save();
//assuming $userid is also requested
$user = User::where('id', $userid);
$user->login_ip = Request::getClientIp();
$user->save();
You can try it as:
auth()->user()->login_ip = Request::getClientIp();
auth()->user()->save();
OR
auth()->user()->save(['login_ip' => Request::getClientIp()]);
Note - It will update the user's login_ip in single query.
You dont have to get logged user form db, all info about your user you have in Auth::user() so:
Auth::user()->login_ip = Request::getClientIp();
Auth::user()->save();
or
Auth::user()->login_ip = $request->ip();
Auth::user()->save();
but you need to have Request $request as parameter of your method.
I am probably stating the obvious, but your first line...
$user = User::where('login_ip', Request::getClientIp());
... returns an Eloquent query builder, right?
So, a save() on this will never work?
$user = User::where('login_ip', Request::getClientIp())->first();
... will return an actual User (if in the DB), which makes save() also possible.
Or did you make a typo in your OP?
I am writing the following code to logout particular user from Admin System.
I have session table. I am following this link : https://laravel.com/docs/5.2/session
$User = $this->Get($obj);
$UserSession = SessionModel::where('user_id', $obj->UserID)->first();
if($UserSession != null) {
$UserSession->user_id = null;
$UserSession->payload = null;
$UserSession->save();
}
Is it a correct approach to do so?
You can really clean this up in one line of code:
$deleted = SessionModel::whereUserId($obj->UserID)->delete();
// Returns the number of deleted sessions.
return $deleted;
Deleting all session records that belong to a user will log the user out of all sessions they have.
For example, if a user is logged in on your application on their phone and computer, they will be logged out on both devices.
$User = $this->Get($obj);
$UserSession = SessionModel::where('user_id', $obj->UserID)->first();
if($UserSession != null) {
$UserSession->user_id = null;
$UserSession->payload = null;
$UserSession->save();
}
You must noticed that is user can have more session records if user logs in with many different browser
=> Solution: get all rows with given user_id in sessions table and delete them. Use useful Collection method
$User = $this->Get($obj);
// Get Collection Object
$UserSessions = SessionModel::where('user_id', $obj->UserID)->get();
if($UserSession != null) {
// Use each method on Collection Object
$UserSessions->each(function($UserSession){
$UserSession->delete();
});
}
You might consider that the user_id in your Session table should be nullable and have a default null value, since users that are not logged in have no user id. Then your migration might have this line.
$table->integer('user_id')->unsigned()->nullable()->default(null);
Then deleting the row of a specific user in this table would delete that users session.
I've set up a log in process where a verification code is generated, and when successful, is then removed. However, i want to make sure that if there's multiple verification codes for the same user, upon log in success, delete all records for that user.
Here's my code
if ($model->validate() && $model->login()) {
//delete this verification code
$verificationCode->delete();
//delete all existing codes for user_id
VerificationCode::model()->deleteAll('user_id',$user->id);
Yii::app()->user->setReturnUrl(array('/system/admin/'));
$this->redirect(Yii::app()->user->returnUrl);
}
However, this seems to just delete all the records, regardless on different user_id's in table. Can anyone see where I'm going wrong?
If you want to delete record with specified attributes, the cleanest way for this is to use deleteAllByAttributes():
VerificationCode::model()->deleteAllByAttributes(['user_id' => $user->id]);
Seems you call the function delete() in wrong way ... try passing value this way
VerificationCode::model()->deleteAll('user_id = :user_id', array(':user_id' => $user->id));
For Yii2, the documented way is to use the function deleteAll().
I normally pass the arguments as an array, like so:
VerificationCode::deleteAll(['user_id' => $user->id]);
Also, you can use the afterDelete method, to make sure that everytime or everywhere someone deletes one verificationCode, your application will also delete every userVerificationCode. Put this in your verificationCode model class:
protected function afterDelete()
{
parent::afterDelete();
VerificationCode::model()->deleteAll('user_id = :user:id',[':user_id' =>$this->user_id]);
//... any other logic here
}
You can use below method for deleting all user_id entry from database:
$criteria = new CDbCriteria;
// secure way for add a new condition
$criteria->condition = "user_id = :user_id ";
$criteria->params[":user_id"] = $user->id;
// remove user related all entry from database
$model = VerificationCode::model()->deleteAll($criteria);
or you can use another method directly in controller action
VerificationCode::model()->deleteAll("user_id= :user_id", [":user_id"
=>$user->id]);
use below method for redirecting a URL
$this->c()->redirect(Yii::app()->createUrl('/system/admin/'));
Apologies if this has been asked before, I've done a search and haven't found anything specific. This is has been helpful http://bakery.cakephp.org/articles/Auzigog/2008/12/29/where-should-my-code-go
I'm trying to fix some code I inherited and I found you can change anyone's password, just change the URL:
/site/user/changepassword/(insert id)
I then placed in the user controller, pardon my pseudocode:
if(session.user_id == id_from_link)
view changepasswordform(id_from_link)
else
warn_and_redirect();
I think that was the right thing to do and in the right place?
Now in the Views I find code like this:
if(user_type is admin)
echo admin options
if(user_type is user)
echo user options
Now shouldn't that ideally be the View just having:
echo options
and then the Controller has:
switch(user_type)
case: admin
options = admin stuff
case: user
options = user stuff
and so on? or should this be in the User Model?
Just remove the id parameter from the url... and at the top of the controller action add this:
function changepassword(){
$id = $this->Auth->user('id');
....
}
Now the password will only be changed on the current user that is logged in. Be sure to do your normal checks of making sure $id is not null.
View should effectively be print statements:
<title><?=$this->data['title']?></title>
...
<h1><?=$this->data['main_menu']?></h1>
Controller should prep the view/handle the request:
if(loggedInUser) {
$this->data['title'] = model->getTitle(userID);
$this->redirect(/somepage);
}
else {
$this->redirect(/loginpage);
}
Model should have:
function getTitle($userID) {
this->doStuff($userID);
$title = this->talkToDB($userID);
return $title;
}
I am trying to get the name of the role of the currently logged in admin. I can get the admin user, but I can't figure out how to query their role name. The Magento docs are weak =/
$usr = Mage::getSingleton('admin/session')->getUser();
Ideas anyone?
Spoke too soon... I got the role name as follows:
$roleId = implode('', Mage::getSingleton('admin/session')->getUser()->getRoles());
$roleName = Mage::getModel('admin/roles')->load($roleId)->getRoleName();
Using this code you will get the role of current user
$admin_user_session = Mage::getSingleton('admin/session');
$adminuserId = $admin_user_session->getUser()->getUserId();
$role_data = Mage::getModel('admin/user')->load($adminuserId)->getRole()->getData();
$role_name = $role_data['role_name'];
Mage::getSingleton('admin/session')->getUser()->getRole()->getRoleName();
M.
Here's another one that may be a little friendlier:
$acl = Mage::getResourceModel('admin/acl')->loadAcl();
$acl->isAllowed($user->getAclRole(), 'admin/foo/bar'));
That will return a boolean. $user is an admin/user object.