bobbybouwmann

For example the CanResetPasswordContract makes sure some methods needs to be there right? So an interface makes sure you need to have a set of methods in that class. The traits below that, for example CanResetPassword has the methods that the CanResetPasswordContract wants to have.

Also the interfaces are used to check if the user can perform a certain action. If we continue with the password reset, if the user model does not have the CanResetPasswordContract interface it can't reset the password because the correct methods are not available.

Does this make it clearer for you?

I have a huge list of security things, but let me list a few things down here for you!

Of course you need to use the CSRF functionality that comes by default in Laravel, so never ever disable that middleware for the web requests.

Your api requests should always be behind some security. Either a token or authorization header.

Make sure that you only have up-to-date assets in your public directory. Sometimes an old javascript library has some exploit and if that is still in the public directory everyone can still use that. So it's important to keep the public directory clean with only the useful data. This may lead to Cross Site Scripting.

By default the session cookie of Laravel is prefixed with laravel, so people already know you use Laravel and if there is a known exploit they can use that against you

// config/session.php

'cookie' => env(
    'SESSION_COOKIE',
    Str::slug(env('APP_NAME', 'laravel'), '_').'_session'
),

You can also enable session encryption in that same file, which should be saver ;)

// config/session.php

'encrypt' => false,

Always show a success message when resetting a password or requesting a password reset. Sometimes you get messages like "We don't have this username in our database". But if there is always a success message you never know if the username exists in the system or not.

Since I've been using Laravel, I never had any troubles application wise. However server security is a whole other thing. It happens sometimes that you get a DDOS and that kind of stuff, but that is never on application level.

You should never publish a vulnerability unless the party involved isn't doing anything about it. You should always directory contact the owner of the application to let them know about the flaw to fix it. Providing as much context as possible is helping most of the time.

Let me know if this helps you in anyway ;)

An ATM application is cool to build, but indeed you can't really put that into real life

Start with a blog, that is the easiest way to get started. You will need to learn the fundamentals of the MVC pattern. Also you can build an admin panel to manage the content of your site.

If you get the hang of the blog you can for example create a small shop where you can order items. You don't even have to build in the payment stuff. When building a webshop you have to think about relations between objects and so on.

Another option would be to automate something in your life. For example a todo list or a schedule for your local sport club and so on.

@cDo you have a github link for me?

Do you use the same database? The same database engine? You should probably looking into that direction!

@arthvrian @mvpop Both Auth::user()->id and $post->user_id should by default return an integer so the !== shouldn't be a problem as well!

This is really weird behaviour...

You need to add this depending on the data that is showing on that page. So your code is working perfectly, except you don't have to loop over all images. You already have this data available!

filename is not an extra key in the array. It belongs to the Content-Disposition key. If you look carefully to my example you can see that there as well!

return new Response($output, 200, [
    'Content-Type' => 'application/pdf',
    'Content-Disposition' =>  'inline; filename="'invoice.pdf"',
]);

Well what are you actually testing here? If you use the preg_match in both your code and in the test you're not testing anything. If you you made a mistake in the regular expression you still end up with the wrong.

What you really want to test is something like this

public function a_user_can_create_a_video()
{
    $this->withoutExceptionHandling();
    $this->actingAs(factory('App\User')->create());

    $attributes = [
        'url' => 'https://www.youtube.com/watch?v=wlsdMpnDBn8'
    ];
    
    $this->post('/videos', $attributes);

        $this->assertDatabaseHas('videos', ['url' => 'wlsdMpnDBn8']);
}

Now you're actually testing two methods here. First of all you test the post action to see if you can store the data. FInally you also test the regular expression.

Let me know if this works for you!

composer dump-autoload
php artisan optimize:clear
php artisan clear-compiled

@dalay Did it work for you?

You can't indeed access them from there. So you should either use an endpoint for that to get to those images. Just like my previous reply you can use that same url to access that file in your views or components.

Let me know if you need an example!

Did you try composer dump-autoload -o?

Also this error only happens whenever you create a new class with the same name, this shouldn't happen if you don't create another class with the same name.

Also clearing all caches might help ;)

Well this happens because of your redirect

if (auth()->user()->id !== $post->user_id) {
    return redirect('/articles')->with('error', 'Unauthorized Page');
}

It seems that the edit page is redirecting you to /articles in my browser. I can also see that in the developers console

Request URL: http://mvpop.co.uk/articles/41/edit
Request Method: GET
Status Code: 302 Found
Location: http://mvpop.co.uk/articles

So I think the user is not the created of that post. Maybe something goes wrong there?

Also it seems that you do send a session value in the form of error to the view, but you never display anything!

Let me know if this helps you out!

You already have a migration with that same class name. So if your search in your project for CreateRolesTableyou should find multiple classes, you can only have one of them ;)

The reason that you get this error is because the migration classes don't have a namespace and there need to be unique!

The folder should already have the correct permissions when downloading a file. You can't change that during a request ;) That would make the internet really unsafe!

@bestmomo You don't have to use route:list, but maybe the same format to see what kind of routes you have created ;)

Well it depends on your style of programming. In general I find sprintf more readable then doing everything in one string. It's up to you ;)

You can use sprintf to clean this up a little bit ;)

public function imageUrl($region, $bucket, $directory, $file) 
{ 
    return sprintf(
        'https://s3.%s.amazonaws.com/%s/%s/%s',
        $region,
        $bucket,
        $directory,
        $file
    );
}

Does this help you?

This tutorial should help you out: https://laracasts.com/series/learn-vue-2-step-by-step/episodes/16

Looking fancy! I think it still needs some love on UX, but the idea is pretty cool!

Some thoughts I have while using it:

• Would be cool if it would generate the Controllers as well with the methods (if they are configured)
• It now generates the laravel output, but maybe the php artisan route:list output would give a good overview as well
• Maybe some extra templates or helpers would be nice. Maybe some common examples that you can view or reuse

Anyway! Keep up the good work :D

You can use an array instead as well

return [
    'email' => ['required', 'email', Rule::exists('email')],
]

Let me know if that works for you ;)

So this doesn't really work that way. A page can only have one og:image object. So if you want an image on the homepage of your app you either need to pick a product or use the logo of your site.

On the single product page you can use the og:image for a specific product. That's the only way that works.

Let me know if that helps you!

Mmh, not sure if this path works because it's a path to some other directory. Normally you would bind the full url to the image to the component. The component can be run on any page and right now you have a fixed path which will not work if you have more items in your url like example.com/users/ etc.

Als if you find it like this you need to set a property and not a data attribute, but I guess you already know that.

This might help as well: https://stackoverflow.com/questions/45880956/how-to-use-img-src-in-vue-js

Well the problem here is that $username can be nullable, but the callback doesn't know that! So instead you need to do this

Route::get('/username/{username?}', function ($username = null) {
    return 'Hello ' . $username;
});

That should fix it ;)

Hi,

Well this normally happens when you run php artisan down. It basically means you put your application in maintenance mode. The app\Http\Middleware\CheckForMaintenanceMode.php class is taking care of this for you.

You can fix this by simply running php artisan up.

Let me know if that fixes it for you ;)

Well Laravel actually uses a facade to get to the local behind it. So in your routes/conosle.php you have this

Artisan::command('inspire', function () {
$this->comment(Inspiring::quote());
})->describe('Display an inspiring quote');

Which is effectively calling this class in Laravel: https://github.com/laravel/framework/blob/5.7/src/Illuminate/Foundation/Inspiring.php

So just a random item is returned from this collection, that's it ;)

Are you sure both have exact the same content? Normally you get this exception when you wait for an element which never appears. So either a button click is not doing anything or some popup is not showing when you expect one to show up!

This is what you're after: https://laraveldaily.com/laravel-upload-file-and-hide-real-url-for-secure-download-under-uuid/

This tutorial is focused on downloading files, but instead of downloading the file you can also just return the file in the browser using a different response.

This way the url doesn't say anything about the path and your files are save!

Also remember that whenever you use the symlink folder for public you should know that everyone can access those files by guessing the url. So ideally you don't want to use that directory for files that shouldn't be public!

Did you try one of the following work arounds?

npm cache clean --force

npm rebuild -g 

rm -rf node_modules &&  npm install

Did you look at these tutorials?

• https://alligator.io/vuejs/vue-modal-component/
• https://adamwathan.me/2016/01/04/composing-reusable-modal-dialogs-with-vuejs/
• https://laracasts.com/series/whatcha-working-on/episodes/26

The MustVerifyEmail trait is sending the email for you in the User model. You can override the sendEmailVerificationNotification method. By default the $user object will be passed to this notification class.

// This is the default behaviour
public function sendEmailVerificationNotification()
{
    this->notify(new Notifications\VerifyEmail);
}

You can either create your own notification class or send a normal email. That is up to you ;)

I have no clue of what it could be. Installing a new project from scratch works fine for me!

Try below commands

// Clean your cache
npm cache clean --force

// Rebuild npm
npm rebuild

// Reinstall node_modules
rm -rf node_modules
npm install

Here is a full list of things you can try: https://stackoverflow.com/questions/40566348/maximum-call-stack-size-exceeded-on-npm-install

Normally just cleaning up the cache works! Also deleting your node_modules directory and running npm install again helps most of time.

So basically this is important information for you from that documentation page at the bottom

Lumen does not support sessions out of the box, so the $errors view variable that is available in every view in Laravel is not available in Lumen. Should validation fail, the $this->validate helper will throw Illuminate\Validation\ValidationException with embedded JSON response that includes all relevant error messages. If you are not building a stateless API that solely sends JSON responses, you should use the full Laravel framework.

Does this help?

Documentation: https://lumen.laravel.com/docs/master/validation

@arximughal So during development you should never cache your config because this might give you problems with changing .env values and not seeing any changes ;)

This is not just a simple date method anymore :P

To make it easier I would probably start collecting some information first. You can for example determine first the average age of the given dates. Based on that you can already termine the correct year right.

To get the average date (day + month) I would probably first set the same year for all dates. Then I would start determining the difference between the days of these dates. Based on this you can also determine an average date just like the years.

I don't have any code right now, but I can help you brainstorm this idea ;)

Are you sure your config wasn't cached? Forcing it to go to the database connection is not a best practise when something doesn't work as expected!

well it's basically replacing the implementation in the container to do that. So you can either replace it back with the correct implementation which should work just fine

Code: https://github.com/laravel/framework/blob/892b2cef309ea86cc110f7c153e81474eb1b2a35/src/Illuminate/Foundation/Testing/Concerns/MocksApplicationServices.php#L92

An another alternative would be to use a seperate test class that doesn't have this in the setUp method or moving the withoutEvents to the tests that actually need it!

@tkrajacic Don't make this a huge point man. You're spamming Jeffrey on this, while he is doing his best as he can. If you can do better write a tutorial or make a video and publish it ;)

I'm not into this terminology and you might be right, I simply don't know at this point. But public shaming like this doesn't help anyone! Think before you post these kind of messages!

You need to use loadView here instead of `loadHtml

$pdf = \PDF::loadView('orders.show', $order);

Source: https://github.com/barryvdh/laravel-dompdf#using

What driver are you using? The delay only works with the redis, database, beanstalkd and sqs driver. When you have it set to sync it won't queue the job for you and fire it off right away!

I don't really undestand your question, but you can do this

Job::where('disabled_hub', '=', '0')->with([
    'positions' => function ($queryPositions) {
        $queryPositions->where('queryPositions', '=', '10') );
    }, 
    'locations' => function ($queryLocations) {
        queryLocations->where(''region', 'US');
    }
])->get();

Or in your case a whereHas makes more sense

Job::where('disabled_hub', '=', '0')->with(['positions' => function ($queryPositions) {
    $queryPositions->where('queryPositions', '=', '10') );
}])->whereHas('locations', function ($queryLocations) {
    queryLocations->where(''region', 'US');
})->get();

Oow yeah, that makes perfectly sense! Glad you fixed it :D

The query below should give you all the jobs that have disabled_job set to 0 and also where the options column of positions is set to 10

 $jobs = Job::where('disabled_job', '=', '0')->whereHas(['positions' => function ($query) {
    return $query->where('option', '=', '10');
});

This tutorial might help: https://code.tutsplus.com/tutorials/how-to-create-a-custom-authentication-guard-in-laravel--cms-29667

With webpack basically all your dependencies can be in the devDependencies. The reason for this is that you use webpack to compile everything done to a single file (js/app.js). So your browser only needs that js/app.js file and the rest is not needed. However you do need it to compile everything done to a single file. So just devDependencies should be good enough ;)

MMh that sounds odd. As far as I know it should work out of the box!

To be sure I would try to use a different driver. For example the database driver. You can easy set that up by running the following commands

php artisan queue:table
php artisan queue:failed-table
php artisan migrate

After you've updated the driver to database you should be able to see the jobs in the jobs table. You then need to run php artisan queue:work and all jobs in the jobs should be executed.

Let me know if that works for you! If not there might be a different problem.