looks the same to me ?

another option is a trait, used in both places

GPS is not going to work indoors.

Consider reading something that is physically at the location, and is hard to copy, such as an NFC tag or a dynamic QR code that is displayed on a browser and changes every minute.

This is your script from Forge. Are you hosted on Forge? If so, ask them...

It depends ENTIRELY on your deployment method.

There are ways to avoid any downtime.

what are you on about?

looks like Ai slop

Hey everyone,

I got tired of debugging Laravel database queues blind — no visibility, just raw SQL queries and crossed fingers.

Horizon is great but requires Redis, which isn't always an option on shared hosting or smaller projects. So I built a lightweight alternative.

What it does

Lightweight Queue Inspector gives you a debugging dashboard for Laravel apps using the database queue driver:

• Pending jobs viewer with collapsible payload inspection
• Failed jobs with full exception messages, stack traces, retry and delete
• Successful jobs with execution time (colour coded) and memory usage
• Dashboard stats — pending count, failed count, avg execution time, top failing job
• Filters by queue name and job class
• Security warnings in the terminal if auth middleware is missing
• Laravel 10, 11 and 12 compatible

Install

composer require abinashbhatta/lightweight-queue-inspector
php artisan migrate

Then visit /queue-inspector. Done — no Redis, no extra config.

Would love feedback from the community — what features would make this more useful for your projects?

Since all client side code is untrusted, how can this code introduce ADDITIONAL sevurity concerns?

It can't.

The question was about syncing DATA not STRUCTURE

Is your app_url matching the install?

what is the link exactly?

I think of it like

• Gate = can you do something

• Policy = can you do something with a specific object

Policy can use gates to simplify the policy.

Fortify generates a unique code for the user, and this is stored in the users table under two_factor_secret. This is then used to create the QR code to initialise the Time based One Time Password generator (TOTP).

As long as the secret stays secret (on the server) then if should not be possible to generate another TOTP.

unlikely to be the issue. Assuming the link is identical, whether you click on it or paste it, then its down to whether the app recognises you are the same session, which is done via cookies in the client.

because when you click the link in the email you are using a different browser?

Or your registration session is in private browsing mode?

One reason not to use Migrations for one-time data transforms. Use a command for this and run it manually.

Make sure such data transform commands are idempotent - that is, you can run them many times and the result will be the same.

Get used to looking at the migrations table. Sometimes you can only get out of a hole by altering the table (adding or removing a row).

But you can always revert to the backup... ? You have backups? Especially the one you took before transforming data?

You had the site in maintenance mode when you did this so that the data was not being changed whilst you worked?

Fortify generates a unique code for the user, and this is stored in the users table under two_factor_secret. This is then used to create the QR code to initialise the Time based One Time Password generator (TOTP).

As long as the secret stays secret (on the server) then if should not be possible to generate another TOTP.

You must be logged in to verify the email address.

This also means that the browser that opens when you click the link, must be the same one that has your logged in session.

If you are thinking about the Google authenticator type device, then yes, two devices initialised from the same account will give the same pattern. Its nothing to do with the device itself.

The account provides the seed to the sequence.

if you cant run artisan, or ssh into the server, find a more competent host

password only can be captured and replayed in attacks at a later date. Most 2FA solutions are time sensitive, so even if someone is watching you type, they cant know what the code might be in the future.

People have their favourite passwords, so a compromise on one system can lead to other break-ins.

Password only is vulnerable to password reset tactics. If a bad guy can intercept or eavesdrop on your email, they can attempt password reset. Not so with 2fa

I used Claude to build a project from scratch.

When it created the migrations, it created them in batches, problem was, each batch got the same timestamp. As these tables were related, and had constraints, after I cloned the project and tried to migrate the database, it fell over a couple of times because of table dependencies in constraints.

Anyone encountered this and found a way to tell the agent to wait a second between file creation?

@jlrdw I take your point and in general it is very valid, but a 4.1 application isn't likely to be running any packages as composer was only just added at V4

I have a customer, a smart guy, but a physician not a developer. I have had a project for him since Laravel 7. It uses Livewire and mysql. We worked on 5his site for over 6 years.

Recently he sent me a bunch of files and asked If I could add this huge new feature that he had 'built' using claude. Problem is, its nextjs, react, postgres and a whole bunch of libraries for authentication, subscriptions, analytics etc etc. Of course he did this in good faith, with no idea what he was asking. The files also contained information about how many hours I would need to deploy it!

Obviously the answer is no, but this has damaged our relationship, and Im not sure how to handle it. I could ask claude to convert it, but them I am missing all the project requirements. I don't know how it should behave to produce a quality output,

I think of it like

• Gate = can you do something

• Policy = can you do something with a specific object

Policy can use gates to simplify the policy.

The browser probably gives up, and I can't say I blame it.

I expect the solution to be move whatever humungous task you are doing into a job.

Start a Laravel 12 project and replicate all the functionality. Don't even try to do a step by step upgrade.

You will face far fewer problems this way, plus you will actually understand the project.

do the images need to be private for each user? How do you do that now?

Honestly, I would generate the images directly into the public folder. Its likely that you are not in control of permissions anyway, so there is no advantage to host them in the Storage folder..

store the files directly in the public folder would be one solution.

then they are not really notifications. Its just a pool of tasks to be completed.

look in the logfiles for the cause

I have a scenario with a 'warm' standby server located on a VPS in a different datacentre. It does not need to be synced in real time as all data is transient, but it does need to be daily synced.

A console command on the Live system uses Spatie DBDumper to create a dump of certain tables into a file on an S3 bucket. Both systems have access to the same bucket. At a time after the dump was created, the standby system pulls the file from S3 and applies it to its copy.

I've pasted the two commands below. They are pretty simple to understand.

DumpDB.php

<?php

namespace App\Console\Commands;

use Illuminate\Console\Command;
use Illuminate\Support\Facades\Storage;
use League\Flysystem\MountManager;
use Spatie\DbDumper\Databases\MySql;

class DumpDb extends Command
{
    protected $signature = 'app:dumpdb';

    protected $description = 'Creates a copy of the database so that it can be picked up by the standby';

    public function __construct()
    {
        parent::__construct();
    }

    public function handle()
    {

        $filename= 'latest-db.sql';

        MySql::create()
            ->setDbName(config('database.connections.mysql.database'))
            ->setUserName(config('database.connections.mysql.username'))
            ->setPassword(config('database.connections.mysql.password'))
            ->setDumpBinaryPath(config('database.connections.mysql.dump.dump_binary_path'))
            ->includeTables(['system_user','systems','users','lookups','features','consignments', 'postcodes', 'timeanddistance', 'reports', 'sites'])
            ->dumpToFile(storage_path('app/db/' . $filename));

        $mountManager = new MountManager([
            's3' => Storage::disk('s3')->getDriver(),
            'local' => Storage::disk('local')->getDriver(),
        ]);

        Storage::disk('s3')->delete($filename);

        $mountManager->copy('local://db/'.$filename, 's3://'.$filename);

        return 0;
    }
}

PullDb.php

<?php

namespace App\Console\Commands;

use App\System;
use Illuminate\Console\Command;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\File;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Storage;
use League\Flysystem\MountManager;

class PullDb extends Command
{
    protected $signature = 'app:pulldb';

    protected $description = 'fetches database copy from S3 and inserts into local database';

    public function __construct()
    {
        parent::__construct();
    }

    public function handle()
    {
        $this->info('Getting the backup.');

        $filename= 'latest-db.sql';

        //get copy of the database from server
        $mountManager = new MountManager([
            's3' => Storage::disk('s3')->getDriver(),
            'local' => Storage::disk('local')->getDriver(),
        ]);

        if(File::exists(storage_path('app/db/' . $filename))) {
            File::delete(storage_path('app/db/' . $filename));
        }

        $mountManager->copy('s3://' . $filename, 'local://db/' . $filename);

        //insert db into local database
        $this->info('Importing...');

        //run the sql script to import the database tables.
        try {
            DB::beginTransaction();
            DB::unprepared(File::get(storage_path('app/db/' . $filename)));
            DB::commit();
        } catch (\Throwable $th) {
            DB::rollBack();
            Log::error('Importing the production database from the copied file failed');
        }
                
        Log::info('successfully imported partial database from the live system');

        return 0;
    }
}

Your database changes should always be via migrations.

What scenario requires you to take the development database and overwrite production?

If you were inserting 500 rows one by one into a table of 2 million rows with unique constraints then it would slow it considerably.

It would also be slow if for each insert you were also querying other tables to resolve foreign key values.

But as you are providing next to zero information, its hard to guess.

development environment should be just that, not a place to manage data via 'sensitive' routes

I would have two sets of rules, and instigate the validator twice,

I got fed up with deployment issues with browsershot type solutions, so switched to an api from https://www.neutrinoapi.com/

Their HTML render service does it quickly and easily and has been 100% reliable

interesting. I always reach for sprintf()

$title = sprintf('Rent %s from %s.', 
     'Test Video Name',
     'Test Channel Name',
);

Particularly when the string need to contain data from functions, instead of using a temporary variable.

imagine a mid sized business that has a number of roles. Sometimes there are job overlaps. You are a manager but sometimes you need to perform certain functions that normally the accounts team would do such as approving a new supplier. Unless you can give this manager specific individual permissions, you end up needing to give them the whole accounts role as well as their manager role, or you have to create a new role that is all the manager permissions plus the one accounting permission needed.

It is also useful for times of sickness or holiday cover. You can temporarily assign someone additional permissions without also giving it to other managers.

There is nothing you can do with direct permissions that you cannot do by creating a new role and then assigning that role to one person. Its just more clumsy and harder to train for.

imagine a mid sized business that has a number of roles. Sometimes there are job overlaps. You are a manager but sometimes you need to perform certain functions that normally the accounts team would do such as approving a new supplier. Unless you can give this manager specific individual permissions, you end up needing to give them the whole accounts role as well as their manager role, or you have to create a new role that is all the manager permissions plus the one accounting permission needed.

It is also useful for times of sickness or holiday cover. You can temporarily assign someone additional permissions without also giving it to other managers.

There is nothing you can do with direct permissions that you cannot do by creating a new role and then assigning that role to one person. Its just more clumsy and harder to train for.

or use a trait ?

what problem is the client trying to fix?

chatgpt offers these;

Golden rules for using LAST_INSERT_ID().
✅ Read it immediately
✅ On the same connection
✅ Capture it into a variable
❌ Don’t assume ordering, contiguity, or meaning
❌ Don’t rely on it across triggers or pooled connections

The main point being, the framework inserts and gets the id on adjacent lines on the same connection. Your typical application code might call eloquent to insert a row, and then potentially thousands of executed lines later, they try to get the last insert id.

What is dangerous is that with one user testing, this might work perfectly well, but as the app usage grows or gets more complex, you start to get issues. Best avoided, and probably not what the OP needed anyway.

I think about it this way. If you just want to check ABILITY then use a Gate. ie, can this user edit Users, yes or no? Use policies if you need control at the model level, ie can this user edit Users from team X. Your policy can consume permissions directly or via gates.

Gate = general ability.

Policy = ability to do something with specific thing.

I think about it this way. If you just want to check ABILITY then use a Gate. ie, can this user edit Users, yes or no? Use policies if you need control at the model level, ie can this user edit Users from team X. Your policy can consume permissions directly or via gates.

Gate = general ability.

Policy = ability to do something with specific thing.

If you use gate you can add additional conditions like allowing admin to do anything without explicitly granting permission.

But you should point out that this is dangerous, and in practice should NEVER be needed.

have a look at a boolean logic truth table

short answer, because booleans are 0 and 1, not strings of "true" and "false"