How to create an adult verification page

create a middleware that validates the age on each request. Ref https://laravel.com/docs/5.8/middleware#defining-middleware

Just make sure that your app captures your users date of birth so that you can calculate their age on the middleware.

You can use the form validation after_or_equal rule: https://laravel.com/docs/5.8/validation#rule-after-or-equal

// what was the date 21 years ago
$ageCutoff = now()->subYears(21)->toDateString(); // 1998-03-20 (as of today)

// validation rule
'formFieldName' => "required|on_or_after:$ageCutoff"

If you need something further, you could store that they are verified in the users session or something and then check that they are verified for all requests in a middleware like suggested above.

@mulugu @cronix I was thinking something more like a message and a "I understand, I'm 18" kinda of button instead, but I wanted this page to appear only once to the user and not on every request.

Ok, so that's just a form with a checkbox with the value set to 1 instead of a date input, and you validate it with the accepted rule. https://laravel.com/docs/5.8/validation#rule-accepted

If they pass validation and you store the value in session, and then check for it in middleware for every request, then they'd only see it once assuming they checked the box. If they didn't, they'd just keep getting redirected to the age verification form no matter what url they visit (via middleware). https://laravel.com/docs/5.8/middleware

I would never.

@cronix How to store the validation in the session and what would be the way to check on the middleware for that session?

To set the session, either inside a controller that is submitted from the button or if you just use a get request for it

// get verified from request
$verified = $request->get('verified', 0); // defaults to zero if not found

// Set session to verified
session()->put('age_verified', $verified);

In the middleware something like this

// Get the session
$verified = session()->get('age_verified', 0); // defaults to zero if not found in session
if($verified == 0){
    // return redirect to age verification page
    return redirect()->route('ageverification') // assuming you have a route named ageverification for that page
}

// continue middleware, meaning we pass verification

In your case you could replace session with a cookie instead. Maybe makes more sense...

Thank you VERY much @grenadecx ♥ - Is it better to store in the session or cookie btw?

A cookie can live longer, since it's physically stored on the client (by the webbrowser), you can still set a date on it if you want... while a php session is controlled by the server and will most likely be cleaned out the next day if not sooner.

I think I'm going to use cookies instead cause I don't see a need to use sessions and store this on the server side as it's a thing that I only need the user to have in his browser anyway.

I just need to know how to apply this middleware to every request to block all the content if the user didn't check he is an adult (not for admin pages tho)

Easiest is probably to just apply it for all nonadmin routes, including the age verification page and post page.

So you create the middleware, then you register it in the kernel.php

// Under protected $routeMiddleware = [

'age_verified' => \App\Http\Middleware\AgeVerified::class,

Using route::group is probably the easiest option in the route file:

// admin routes here

// age verification route here

Route::group(['middleware' => ['age_verified']], function () {
    // all your routes that requires user to be verified goes here
});

Yes, I'm doing exactly like that. Thank you again ♥

Problem with a cookie is it's tied to the browser and not the person actually using it. For instance, if an 18 year old checked the checkbox, and then the next day their 12 year old sister goes to the site using the same computer it will just let her straight in without asking. It's best to make them reverify each time visit otherwise you don't actually know and the whole thing is defeated. Might as well not even have it.

@cronix You are right. I didn't know that using sessions it would ask every time the user access the website.

Session dies when you close the tab/browser. So next time you go to the site, it's a new session.

Just be sure to set

'expire_on_close' => true,

in /config/session.php

Nice, session it is then, it's better that way to avoid issues. Thank you for all your answers guys.

@cronix @grenadecx Everything is working just as it's supposed to:

routes:

Route::get('/age', 'AgeController@showAcceptanceForm')->name('age');
Route::post('/age', 'AgeController@accept');

Route::group(['middleware' => ['age']], function () {
    Route::get('/', function () {
        return view('welcome');
    });

    Auth::routes();

    Route::get('/home', 'HomeController@index')->name('home');
});

middleware:

    public function handle($request, Closure $next)
    {
        $accepted = session()->get('terms', false);

        if (! $accepted) {
            return redirect('/age');
        }

        return $next($request);
    }

controller:

    public function accept(Request $request)
    {
        $request->validate(['terms' => 'accepted']);

        session()->put('terms', true);

        return redirect()->intended('home');
    }

I'm just wondering now how to block /age route to be accessed if it has been accepted before.

You could just check for the session in the AgeControllers and redirect the user to the index page if it has been set.

// AgeController, showAcceptanceForm function

$accepted = session()->get('terms', false);

if ($accepted) {
            return redirect('/');
}

// continue to the view page

Thank you @gren