GhazaliTajuddin.com

Another Kuantan Blogger

sentinel

Sentinel::Register() Vs Sentinel::RegisterAndActivate()

by Leave a Comment

Sentinel::RegisterAndActivate()

       //Register the $request user and activate
	if(Sentinel::registerAndActivate($request->All())){

			//Search the new registered user
			$user = User::whereEmail($request->get('email'))->firstOrFail();

			//Bind the user to Activation Table
			$activation=Activation::create($userSentinel);

			//Assign A Profile To The New Registered User 
			$userProfile = new Profile();
			$userProfile->user_id = $user->id;
			$userProfile->smoked = $request->smoked;
			$userProfile->lat = 0.0;
			$userProfile->lng = 0.0;

			$user->profile()->save($userProfile);
			
			//Find role
			$role=Sentinel::findRoleBySlug('member')->firstOrFail();

			//Attach the user to the Role
			$role->users()->attach($user);


			return redirect()->back()->with('status','Registration Successful !');
		}else{
			return redirect()->back()->with('error','Registration Failed !');
			//return back()->withErrors($validator);
		}

Sentinel::Register()

                if($userSentinel = Sentinel::register($request->All())){

			//Search the new registered user
			$user = User::whereEmail($request->get('email'))->firstOrFail();

			//Bind the user to Activation Table
			$activation=Activation::create($userSentinel);

			//Assign A Profile To The New Registered User 
			$userProfile = new Profile();
			$userProfile->user_id = $user->id;
			$userProfile->smoked = $request->smoked;
			$userProfile->lat = 0.0;
			$userProfile->lng = 0.0;

			$user->profile()->save($userProfile);
			
			//Find role
			$role=Sentinel::findRoleBySlug('member')->firstOrFail();

			//Attach the user to the Role
			$role->users()->attach($user);

			return redirect()->back()->with('status','Registration Successful !');
		}else{
			return redirect()->back()->with('error','Registration Failed !');
			//return back()->withErrors($validator);
		}

 

Laravel Middleware

by Leave a Comment

Middleware is a class that have special function in Laravel.

Middleware placed in between the User and  Apps. 

Before you can access the Apps, Middleware will do his job first.

We can use Middleware to do several thing

  • Do you authenticated?
  • What is your role?
  • Do you authorized?
  • Can you perform this action?
  • etc
class MemberMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {

        //1. User must be authenticated
        //2. User must should be a "member"
        

        if(Sentinel::check() && Sentinel::getUser()->roles()->first()->slug == 'member')

            return $next($request);

        else

            return redirect('/login')->withErrors('Please login to access this area.');
        

        
    }
}

Another example

class ProfileMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {

        1. Get Profile Id
        2. Get Profile User Id
        3. User must own the Profile

        //$ProfileId = $request->segments()[1]; //boleh pakai
        //$profileId= Profile::find($this->route()->parameter('profileShow'));
        
        $ProfileId = $request->route()->parameter('id'); //boleh pakai
        $profile = Profile::findOrFail($ProfileId);

        if ($profile->user_id !== Sentinel::getUser()->id) {
            
           // dd($request->user()->id);
           // abort(403, 'Unauthorized action.');
              // return redirect('/profile')->withError('Permission Denied');
            return redirect()->back()->withErrors('Permission Denied!');
            }

        return $next($request);
        
    }
}

Another finest!

class ProfileMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        //get User Id
        $UserId=$request->id;

        //get User Profile
        $profile=Profile::whereUserId($UserId)->first();

        if ($profile->user_id !== Sentinel::getUser()->id) {         
            return redirect()->back()->withErrors('Permission Denied!');
            }

        return $next($request);
        
    }
}

 

Laravel Handling Exceptions

by Leave a Comment

This is examples how Laravels handle exceptions.

try{
..
.. Business Logic ..
..
}
catch(ThrottlingException $e){
$delay = $e->getDelay();
return redirect()->response->withErrors("You are banned for $delay seconds.");
}
catch(NotActivatedException $e){
return redirect()->response->withErrors("You account is not activated.");
}

Not to forget at the top of the class

use Cartalyst\Sentinel\Checkpoints\ThrottlingException;
use Cartalyst\Sentinel\Checkpoints\NotActivatedException;

Laravel Logout Using Post Method

by Leave a Comment

In terms of security, it is not wise to use GET method to logout from your applications.

To make more secure, use POST method.

<li> 
<a href="{{ url('/logout') }}" 
onclick="event.preventDefault(); 
document.getElementById('logout-form').submit();"> 

Logout 

</a> 

<form id="logout-form" action="{{ url('/logout') }}" 
method="POST" style="display: none;"> 

{{ csrf_field() }} 
</form> 

</li>

In your controller

public function logout()
{
if(Sentinel::logout()){
return redirect('/');
}
}