php - How to generate a secured query string link using Laravel? -
the html code is:
<a href="room/info/{{$value->id}}">click show details</a> and code generating type of link:
localhost:8000/room/info/2 the router is:
router::get('room/info/{id}', 'roomcontroller@details'); where numeric '2' id of room.
but think it's unsecured. because user can change id browser address bar. want know there secured way in laravel framework use query string? or there other way operation securely using laravel?
you can prevent users entering rooms not allowed using middleware. each request passed registered middlewares route, before controller reached. can check if user authorized view room.
in laravel 5 can create middleware easy:
php artisan make:middleware roommiddleware a new file generated in app/http/middleware. can write logic there:
<?php namespace app\http\middleware; use closure; class roommiddleware { /** * run request filter. * * @param \illuminate\http\request $request * @param \closure $next * @return mixed */ public function handle($request, closure $next) { // can make checks here, if // user logged in , can view // room $roomid = $request->input('id'); if (\auth::guest() || !\auth::user()->isauthorized($roomid)) { return redirect('home'); } return $next($request); } } note example. function isauthorized not exists, have implement logic there.
you need set alias middleware in app/http/kernel.php
protected $routemiddleware = [ 'room' => 'app\http\middleware\roommiddleware', 'auth.basic' => 'illuminate\auth\middleware\authenticatewithbasicauth', 'guest' => 'app\http\middleware\redirectifauthenticated', ]; you can set middleware route, this:
route::get('room/info/{id}', ['middleware' => 'room', 'uses' => 'roomcontroller@details']); in laravel 4.2 have similar thing, called route filters.
Comments
Post a Comment