Owner/Senior Programmer/Project Manager at Venom Interactive

Wausau, WI

Hire Me

Member Since 1 Year Ago

Experience Points 47,300
Lessons Completed 211
Best Reply Awards 34
Best Answer
  • Start Your Engines Achievement

    Start Your Engines

    Earned once you have completed your first Laracasts lesson.

  • First Thousand Achievement

    First Thousand

    Earned once you have earned your first 1000 experience points.

  • One Year Member Achievement

    One Year Member

    Earned when you have been with Laracasts for 1 year.

  • Two Year Member Achievement

    Two Year Member

    Earned when you have been with Laracasts for 2 years.

  • Three Year Member Achievement

    Three Year Member

    Earned when you have been with Laracasts for 3 years.

  • Four Year Member Achievement

    Four Year Member

    Earned when you have been with Laracasts for 4 years.

  • Five Year Member Achievement

    Five Year Member

    Earned when you have been with Laracasts for 5 years.

  • School In Session Achievement

    School In Session

    Earned when at least one Laracasts series has been fully completed.

  • Welcome To The Community Achievement

    Welcome To The Community

    Earned after your first post on the Laracasts forum.

  • Full Time Learner Achievement

    Full Time Learner

    Earned once 100 Laracasts lessons have been completed.

  • Pay It Forward Achievement

    Pay It Forward

    Earned once you receive your first "Best Reply" award on the Laracasts forum.

  • Subscriber Achievement


    Earned if you are a paying Laracasts subscriber.

  • Lifer Achievement


    Earned if you have a lifetime subscription to Laracasts.

  • Laracasts Evangelist Achievement

    Laracasts Evangelist

    Earned if you share a link to Laracasts on social media. Please email [email protected] with your username and post URL to be awarded this badge.

  • Chatty Cathy Achievement

    Chatty Cathy

    Earned once you have achieved 500 forum replies.

  • Laracasts Veteran Achievement

    Laracasts Veteran

    Earned once your experience points passes 100,000.

  • Ten Thousand Strong Achievement

    Ten Thousand Strong

    Earned once your experience points hits 10,000.

  • Laracasts Master Achievement

    Laracasts Master

    Earned once 1000 Laracasts lessons have been completed.

  • Laracasts Tutor Achievement

    Laracasts Tutor

    Earned once your "Best Reply" award count is 100 or more.

  • Laracasts Sensei Achievement

    Laracasts Sensei

    Earned once your experience points passes 1 million.

  • Top 50 Achievement

    Top 50

    Earned once your experience points ranks in the top 50 of all Laracasts users.

13 Nov
15 hours ago

cmdobueno left a reply on Notify On New Connection From New Device


I agree, the additional/trusted device concept is fantastic. I really like it, as it is a one time annoyance (per device), which users are totally okay with, from my experience. I do believe it is a rather elegant solution.

I would use a table as has been suggested, keeping track of the device features, it issue with using IP, is that cell phones are annoying when it comes to this, I am not well versed on if each browser has its own finger-print (they really need to give the web something like this), so we know the specific browser, but again... not my area so I am not 100% certain. Worst case, you have to use IP and user agent, but that is not horrific... just sometimes sucks on mobile phones and their mobile networks... not idea how often they switch IP addresses.

cmdobueno left a reply on Notify On New Connection From New Device

If you are worried about a hacker pretending to be a certain device and such, you are barking up the wrong tree. Everything, and I mean EVERYTHING is hackable.

Remember, they need the following to properly 'hack' you in your trusted_device land:

  1. Email/username of the site
  2. Site Password
  3. Exact device
  4. Exact IP
  5. Exact user agent signature.

The only thing this user is missing, that would make it easier is direct access to your email, and to be honest, if they have all this data, they most likely have access to your email.

So to be 100% honest, I do not see where you need to worry past this point. This is plenty of security. The saying: more security is always better, is only a half truth. You could require a pin as well as a password, you could require two factor auth, you could require login confirmation via email on every attempt... but sooner or later, you have so much security that the usablity of your site suffers. No one wants hacked, but additionally users HATE security parameters. Its the story of our lives haha. I think you have a good solid idea with trusted devices, and possibly even two factor auth... but I think you are 'safe'

cmdobueno left a reply on Found FilesMan Backdoor On My Laravel Website

Well, as is the case when a site is hacked, all you have to do is miss a single file, and it appears you have probably missed a file. No real help can be given on how to find the file... you are just kinda boned.

I would suggest, gathering up your site, and all of its files, and taking them local and going through every single file, it will be lots of fun!!!

Additionally I would suggest removing the vendor folder, and making that fresh again, (saves you a lot of crap with tones of files).

Compare your composer.json file to your back up (saying you have a clean backup). As well as your package.json if you use such a thing.

Otherwise, it will be a long, painful task. This is why being 200% certain that files such as .env can not be accessed is so vitally important. But, count it as a learning experience.

cmdobueno left a reply on Issue With Vue's Dinamic Component

first off, for fun lets imagine you spelled it dynamic. (I get it, its a stupidly spelled word)

Next lets solve this issue:

Vue.component('post-panel', require('./components/admin/PostPanel.vue'));

You are naming this computer (well creating the imaginary html tag) as <post-panel></post-panel>

and you are attempting to use it as


I would first try that and see if it might solve your issue.

12 Nov
1 day ago

cmdobueno left a reply on Tighter Coupling Between Laravel (PHP) And Vue (JS)

Or if it is a collection, without json. Yay for collections!

Additionally, this seems like too much, at least to me.

I want my PHP BACKEND to be decoupled from VueJS frontend. I have at times gone as far as creating two totally different frontends for this. Reason being? I want to know that, in the end, my 'api' is totally stand alone. I want to be able to upgrade my UI/UX at ANY time, with 0 impact on the system.

I can keep the system running no matter how frontend technology is improved. For when the next cool thing comes out (you know like vuejs, angular, react... who knows whats really next).

I know that PHP will grow as will laravel, but I am not using ground breaking things. Honestly my API has been following as simple of a base as possible. I do not want overly complicated things running this thing.

If, (big if), I do this correctly, this app should survive with me having to do very little to the php code (future optimization, and additional features). While I can re-write the frontend every 1-2 years depending on need.

09 Nov
4 days ago

cmdobueno left a reply on Still Have Time Issues.

is an example for it. I noticed that this thread I just created say 57mins ago (it was like 3 minutes ago I actually made it.

cmdobueno started a new conversation Still Have Time Issues.

I am still noticing times being strange. Last thread I looked at, has my response being 5 minutes ago, (it was really ~45 minutes ago), and the next response being something to the tune of 40 minutes ago.

cmdobueno left a reply on Broadcast Just Added Model Data

Depending on your version of laravel:

I mostly use this:

broadcast( new EventName(...$data);

cmdobueno left a reply on What Are The Best Practices For Use Of Laravel Commands Vs Jobs

There is no 'correct' answer specifically here.

To me, I would call this a job. But a job can call a command haha... so...

Basically the way I build my logical process (this is my way, and others will vary).

I view jobs as things my code calls.

I am okay with a job being called by a cron job.

I view commands as something I call from command line to do a 'one time' task. (Like create a controller or a migration)

Now, this is of course far harder in real life. There are times, my command will call a job, or my job calls a command, but, we can not live in a perfect world.

The real question is, 'WHAT or WHO' is called this action to deal with the data?

That may help you figure out your logic. Additionally when you say job, I am assuming you mean a queued job,.

cmdobueno left a reply on SPA Apps + Authorisation

I personally have found that JWT is my favorite, and seing a header with the bearer token is easy to globally add to axios within VueJs

cmdobueno left a reply on Blade In Vue

Well, yes you should send all the data you need to the vue component.

A few notes as you progress

My Component Call:

 :messages='{{ $messages }}' //SAME NOTE AS BELOW
 :routes='{{ $routes }}' //NOTE: if this is a collection, you do not need to json encode it

I generally send my data in, separately. This way it is more clear. I nearly always use named routes. As if I have to update a structure, I do not need to search for them.

I additionally always pass my routes to the blade via controller (keeps things cleaner)

Super Simple Controller

class MyController extends Controller{

    public function index(){
        $messages = Message::get();

        return view('my-view')
                        'delete' => routes('messages.delete),
                        'show' => routes(''),

My Component:

    import Event from '../event.js';

    export default {
        props: ['message'],
        data() {
            return {
            required: true,
            type: Array
            required: true,
            type: Object
        mounted() {
        //Now you do not need it! (its faster and more SEO friendly... if that matters
            axios.get( => {
                this.messages =;
            Event.$on('added_message', (message) => {
                if(message.selfMessage) {
                    this.$refs.message.scrollTop = 0;

cmdobueno left a reply on Blade In Vue

A .vue file is not a blade. It can NOT render PHP code.

You need to pass that as prop to your vue component.

Component Call:

<my-compontent :my-route='{{ $my_route }}'></my-component>


    import Event from '../event.js';
    export default {
        props: {
            required: true,
            type: String
        data() {
            return {
                messages: []
        mounted() {
            axios.get(this.myRoute).then((response) => {
                this.messages =;
            Event.$on('added_message', (message) => {
                if(message.selfMessage) {
                    this.$refs.message.scrollTop = 0;

cmdobueno left a reply on Named Routes In Vue

Depending on how the application is built. I send the routes through my controller in my ajax response (if that is required), or to the blade. I like to keep this login in my controller when its more than a single route as it seems more clean to me.

cmdobueno left a reply on Let's Talk PWAs?

I feel that there is a very open path a dev can go down, and it is hard.

We always seem to face a risk vs reward in our programming. Was it worth it to take up this newer framework several years ago called laravel? (I first I thought we made a grave mistake to be honest) but over the years, it has become very noticable that we did infact choose wisely.

PWA, seems like it is something very useful and will continue to grow and thrive, but to be honest, I am still not convinced either way. I take it from a specific project to a specific project.

Example, I have a client that tracks time of employees at events. He needs the system to allow checkin/out when the system looses connection. This is a great home for a PWA & that html database (forgot its name... indexed db i feel like this is the old version). Another project is a pricing system. This effectively NEVER has internet outtages, and if they do, they cant simply cant use the system.

It is all about project scope and required functions. Everything on the web has its place for certain things.

cmdobueno left a reply on Blade In Vue

Where is this script tag? Is it inside of the .blade.php file? Or is it inside of a .vue file?

cmdobueno left a reply on Web VS API On A Project

As a small update, I have been very large amounts of success build this as two systems. An API that my decoupled frontend connects to is working fantastic.

I am using JWT tokens for authentication, and just a very basic vuetify frontend for the 'portal' side of the system as I am calling it.

Dealing with a strictly API is making testing the core functions work perfectly and exactly how I had expected. Additionally it is very very fast to build out a test, and configure the system to simply work. Not having to worry about the display side of a frontend to do end point testing has really helped me in terms of speed an consistency in the code.

It was a bit slow starting out, and getting used too doing things that way, but as I progressed it just 'felt' right.

I want to thank everybody for their help and replied here. I may do another update later as I get into the meat and potatoes of the system. Currently I have just simply built out the authentication and security of the system. (I had coded it all instead of using packages simply to get used to how to follow the flow of this somewhat new process).

Again thanks all.

08 Nov
5 days ago

cmdobueno left a reply on Vuex Always Remove First Widget In My Widget List With Splice Function

REMOVE_WIDGET: (state, index) => {




I have always had more luck doing this. Additionally you need to make sure you are getting the correct index.

07 Nov
6 days ago

cmdobueno started a new conversation New Design Questions

First, I want to express how much I like the look and feel of the new layout/design for laracasts. Very awesome. It will take a bit of getting used too, and all good change comes with a slight discomfort... but overall... I want to say thanks. Now on to my question:

On the previous layout, we knew when the last time a question was replied too, as well as by who. This appears to be missing, or I am blind, both being possible, but me being blind is probably a higher chance. Just wondering if this is by design, and if so, why. I am curious as to the reason, when this is something I view as extremely helpful.


cmdobueno left a reply on What About New Look

it is using tailwind (at least i am about 99.999999% certain)

cmdobueno left a reply on Please Bring Back The Older Laracasts Design

@jeffreyway yes, this is an issue, my times are off by an hour, saying I posted this ~60m ago. If you need any Screen shots or anything let me know.


I dislike it, but I dislike all change. It is going to take me a little while to get used to it. I think it will be good, once I adapt.

06 Nov
1 week ago

cmdobueno left a reply on How To Generate A Secure Random Password?

Meh, you try to explain something to somebody, that is not understanding how hashing works and it becomes i triad of annoyance for all those involved.

The selected answer is wrong. Or at least it is not the best answer. The answer provided by snapey is the best.

cmdobueno left a reply on Error Migration

I appreciate it, sorry if I come across a grumpy jerk... its just my personality haha.

cmdobueno left a reply on Error Migration

No no, I am not saying not to mark them as complete.

I am saying when you have a solution, there have been some in the past trust me, I basically live here... that you save something like Solved it on my own (or a similar thing)

What I am suggesting and asking is simple, just say how you fixed the problem, so that when people do a search, and come across your questions, they can see how to solve their similar problem.

cmdobueno left a reply on How To Generate A Secure Random Password?


You are not understanding are you.


So here is your table row

id: 1
name: Bobby Joe
email: [email protected]
password: null; (or blank string take your pick)

Go a head and show me how you will get that hash to match.

dd( Hash::check('',''); // false
dd( \Hash::check( '', null ) ); //false

You are forgetting that the password in the case I am talking about is NULL or ''. it is not the HASH of null or blank... it just literally does not exist AT ALL.

You has check will NEVER pass.

cmdobueno left a reply on Error Migration

Alright @petercontrains

I have watched over the last 2 or 3 weeks, you ask a question, ignore everybody that attempts to help you, and then you magically

solve it yourself

You provide no meaningful feedback on how you solved it, and then you 9 times out of 9.000000000001 times select your own answer as correct.

I am not again selecting your answer as correct but please for the love of the community EXPLAIN HOW IT IS RIGHT. Your solution here provides NO HELP to the community... please just do stuff to grow the community.

cmdobueno left a reply on How To Generate A Secure Random Password?



dd( \Hash::make( null ), \Hash::make( '' ) );

These will both produce a hash. If you could in the database for password is null or a blank string, it is an IMPOSSIBLE hash. You can NEVER NEVER NEVER EVER NEVER, get a blank string or null back from Hash. You can probably get an exception, but yep, cant get null or a blank string that I have ever been able to find. And I have tested special characters and all kinds of fun stuff.

As minimally possible as it to guess a random 10 character string, it is still technically possible. Thus is a minimally less secure. We are talking numbers in security that are so trivial small, they mean very little. But, in the end, it is PERFECTLY fine to allow a blank password, and it in no way harms your security, it in fact increases it... even if it is minimal.

cmdobueno left a reply on How To Generate A Secure Random Password?

@Artak you are wrong. You can leave the password as null. It is literally impossible for it to be verified by laravels authentication system.

As i have stated, even a blank space has a hash. You can not provide no hash from the hash function, so it is not possible for the system to match the email/password combo.

There is literally 0 reason to force a random password, because if we are talking about highest possible security, a random password can be 'guessed' (sure it would take forever... but this is beside the point). A null/blank password CAN NEVER be guess, nor ever work.

cmdobueno left a reply on How To Generate A Secure Random Password?

Okay then lets get into this the real way.

First, you do not need the field nullable, \Hash::make(''); returns a random encrypted string of space, next, you required a password to be entered on login (both js validation & server side validation). So a blank string can never be accepted as a valid password thus this user can never login. No need to generate anything at all.

Next, since you neglect to tell use the version of laravel you are using, I will assume it is 5.7, feel free to let us know. Use signed url to require a password reset, OR, which this is even easier, enable email verification and modify the blade to allow them to set their password.

cmdobueno left a reply on How To Generate A Secure Random Password?

$new_password = str_rand(25)

Why over complicate it? It then gets hashed and the world keeps on spinning.

I see no reason to go outside of laravel's helpers for this... this is also considerably easy to read.

cmdobueno left a reply on Where Would You Move This Code?

And do not forget my favorite method that (in my opinion trumps all... even DRY).

KISS. Keep. It. Simple.

We as dev's always have this big picture mentality, while very viable, sometimes is own downfall. You can not, nor will you ever, think of every single scenario, so why try? Do what is required and nothing more.

I watched an interesting video that talked about doing the min amount of code to make things work, this is a good way to look at things.

You can have a cart, and you can do an insane number of different things to the data. But what value do most provide? Very small amounts, are you really ever going to have to deal with a person coming to your shop and ordering 15,000,000 of your auto-biographies? I doubt it, so why build logic to handle that ridiculous notion?

cmdobueno left a reply on Github Error 500 After Composer Install

Do you have namespace? Ambiguous normally deals with namespace or not changing a class name when coping a file.

cmdobueno left a reply on Issue Installing Cashier

What version of laravel are you using?

What version of PHP?

Basically something is not meshing in requirements (obviously).

05 Nov
1 week ago

cmdobueno left a reply on Route Parameter Contain Slashes And Dot Does Not Recognized In New Server

Imagine you are the server, you would think you want mypic.jpg located in the following location DOCUMENT_ROOT/showImage/300/168/galleries

As was previously suggested query string is most likely your best bet... otherwise, its gonna get messy really quick... you could do a few string subs on the data but really, just use a query string.

cmdobueno left a reply on How To Generate A Unique But Simple Id For Ticket?

I mean generally speak for a easy solution, you can always do this:

public setIDFIELDattribute(){
    $uuid = str_random(10);

    //Just do the query how ever you want, this is totally generic
    while( $this->query()->where('id_field','=',$uuid)->first() ){
        $uuid = str_random(10);

    $this->attributes['id_field'] = $uuid;

Given you could totally do some optimization here to make things more clean, but its the basic concept. You could even convert this to a helper function like this:

public function generateUniqueString($model,$column,$length=10){
    I would consider a check to make sure length works with the total records 
    in the table as a safe-guard. 
    For example, if the
        length = 1
        total_records = 100
        This will loop forever... or you just leave out the ability for them to enter a length
        Again this is just a suggestion/example

    $model = new $model;
    $uuid = str_random($length);

    while($model->where($column,'=',$uuid)->count() > 0 ){
        $uuid = str_random($length);

    return $uuid;

cmdobueno left a reply on Is Possible Use Passport For Connect Laravel To Other Service API Based?

Passport is (generally) for your System being the API

Socialite is for interactions with OTHER api's

This is extremely generalized, but should help those looking later.

02 Nov
1 week ago

cmdobueno left a reply on What Is The Relationship Between Subscription, User, And Order.

has many returns multiple. Many is > One.

cmdobueno left a reply on Timestamp Unix Millenium Bug Y2K38

IF you laravel application is alive and still thriving on the current version (lets say 5.7), then you have done something... I don't know if what you did is good, or bad... but you did something.

This is like me worry about Yellow Stone's super volcano exploding. Ill be dead if it happens. End of story. Your application WILL be head in 20 years... at least this 'version' of it. As laravel 5.7 will a dead and gone memory.

cmdobueno left a reply on What Is The Relationship Between Subscription, User, And Order.

ITs a has many...

class Order extends Model
    public function subscription() {
        return $this->belongsTo('App\Subscription');




Should 'work'

01 Nov
1 week ago

cmdobueno left a reply on How To Send Request To An External Api

You want Guzzle.

Request does not do what you are looking for... what you are asking, is like asking your car why it doesn't fly. Sure both a car and an airplane allow travel, but their means of accomplishing this are very different.

31 Oct
1 week ago

cmdobueno left a reply on Where Would You Move This Code?

I think this is more of an example provided by @Snapey

I could see instead of doing exactly what he showed, using a repo for this. Maybe in his example there is only database busisness... so adding a repo would just be an added layer of abstraction that has no value. Or I am wrong. That could also be it...

30 Oct
2 weeks ago

cmdobueno left a reply on How Can Show The Encrypted Password In My View Page As Decrypted Value?

You do not need to login, this is why laravel has created signed urls.

This is one of those reasons for their existence. you would send this signed url directly to their email (just like the email verification). They they setup their new password, and life is wonderful.

Another thing I have done, before signed urls, is simple require them to reset their password, just send them a password reset url.

cmdobueno left a reply on How Can Show The Encrypted Password In My View Page As Decrypted Value?

You do not need to do that.

Simply put, all you have to do is create their account, generate a random string and encrypt that for the password:

$password = Hash::make(str_rand(25));

Then when their account is created, you require them to reset their password. You are not granting security, you are making things far less secure. This is a horrific idea, and you will understand that once you get to a certain point.

But in all fairness... you can encrypt and decrypt using those words...

$password = encrypt($some_string);
$some_same_string = decrypt($password);

So you could use encrypt instead to do this... it would 'work' it is just not the right(tm) method...

Fun fact/note for you so you understand

$test1 = encrypt('a_word');
$test2 = encrypt('a_word');

$test != $test2;

These two variables WILL ALWAYS be different... just as a fun fact!

cmdobueno left a reply on How Can Show The Encrypted Password In My View Page As Decrypted Value?

Why? Why on earth would you want to do that? There is no reason for this. None. No excuse. This would be such a massive breach in security that is ridiculous to even think of for ANY reason.

29 Oct
2 weeks ago

cmdobueno left a reply on How Not To Have To Add Every File To Autoload?

I generally will create a helpers.php and include them within there, then I can use directory iterator or glob (no sort)... depending on the situation.

26 Oct
2 weeks ago

cmdobueno left a reply on API Calls From Datatables Not Authorized

What is the version of laravel? Maybe there is something specific with passport version and the laravel version? It could happen maybe...

cmdobueno left a reply on API Calls From Datatables Not Authorized

You are not replacing/changing this request object in your app anywhere (I mean i doubt it... but maybe???).

It seems very strange, are you using telescope on this? It does a pretty fantastic job of showing full requests, headers, and all that... might help debug, as long as you are at 5.7.7+

cmdobueno left a reply on API Calls From Datatables Not Authorized

Basically you 'user' is not authenticating so thus it will fail to provide you a user.

Additionally if the authentication is not properly functioning (by this I mean re-auth via middleware, not login), you will have a null user, and thus fail the auth:api checks.

cmdobueno left a reply on Passing Data From A Blade Template To A Laravel Controller

You are doing so much wrong, I am not sure where to begin.

I suggest you get a better understanding of how a MVC works, and then maybe you can understand your mistakes yourself.