Here is the way I did it. I passed in json in my mysql database and defaulted a regular user to 0. In the json I had a boolean, basically if 0 =false and 1=true. If admin first level I would change the role to 1.
This is reflected in my filters.php
/* Admin Filter */
Route::filter('admin', function()
{
if (!Auth::user() || Auth::user()->admin != 1) return Redirect::to('/');
});
thanks swgj19...
your approach might work, but is it secure to use?
And is my approach secure to use for Authentication? if not please can you tell my why it is not secure...
Please keep in mind I am inexperienced programmer...
From what I understand it does seem secure.
This is what I simply do
<li><a href="{{ URL::route('home') }}">Home</a></li>
@if(Auth::check())
@else
<li><a href="{{ URL::route('account-create') }}">Create an account</a></li>
@endif
These are the filters I put in place to ensure security for the user and csrf, etc.
<?php
/*
|--------------------------------------------------------------------------
| Application & Route Filters
|--------------------------------------------------------------------------
|
| Below you will find the "before" and "after" events for the application
| which may be used to do any work before or after a request into your
| application. Here you may also register your custom route filters.
|
*/
App::before(function($request)
{
//
});
App::after(function($request, $response)
{
//
});
/*
|--------------------------------------------------------------------------
| Authentication Filters
|--------------------------------------------------------------------------
|
| The following filters are used to verify that the user of the current
| session is logged into this application. The "basic" filter easily
| integrates HTTP Basic authentication for quick, simple checking.
|
*/
Route::filter('auth', function()
{
if (Auth::guest())
{
if (Request::ajax())
{
return Response::make('Unauthorized', 401);
}
else
{
return Redirect::guest('login');
}
}
});
Route::filter('auth.basic', function()
{
return Auth::basic();
});
/*
|--------------------------------------------------------------------------
| Guest Filter
|--------------------------------------------------------------------------
|
| The "guest" filter is the counterpart of the authentication filters as
| it simply checks that the current user is not logged in. A redirect
| response will be issued if they are, which you may freely change.
|
*/
Route::filter('guest', function()
{
if (Auth::check()) return Redirect::to('/');
});
/*
|--------------------------------------------------------------------------
| CSRF Protection Filter
|--------------------------------------------------------------------------
|
| The CSRF filter is responsible for protecting your application against
| cross-site request forgery attacks. If this special token in a user
| session does not match the one given in this request, we'll bail.
|
*/
Route::filter('csrf', function()
{
if (Session::token() != Input::get('_token'))
{
throw new Illuminate\Session\TokenMismatchException;
}
});
I am also not an expert but am aspiring everyday to learn what I can. Knowing the question is half way to the answer.
Take a look at these free videos on authentication by phpacademy. The guy really explains everything step by step, plus you will get to build an entire secure auth system with register, login, retrieve, confirm, etc. This will be a beginning start to any application with a profile.
Here is the link.
When all is said and done, just look at the docs Here
Thanks Sikandhar,
I am quite far with my application. It is time consuming if try it with sentry. I am just wondering whether my approach is secure...
Swgj19 thanks a lot. I do use filters and csrf for security purposes.
I forgot to include view part as you can see it will check user-role
@extends('layouts.default')
@section('content')
@if(Auth::check())
@if(Auth::user()->role==1)
<h2>welcome {{ Auth::user()->email }}, you are logged in as an administrator </h2>
@else
<p> you are not signed in</p>
@endif
@else
<p><?php return Redirect::route('login')->with('global', 'your not allowed here') ?></p>
@endif
@stop
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast