At the moment, I'm having second thoughts about whether or not my code is safe from hacks. I am currently creating a settings page where users can change their username, password and email.
Now, I've read somewhere that Middleware would be perfect for restricting access to certain pages, but the problem is what if I don't want to specify the user id in the URL to make my site safer?
Instead of /settings/1 and creating a middleware to run checks
class CheckUser
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$currentUser = (string)$request->user()->user_id;
if ($currentUser === $request->user_id)
{
echo "foo";
} else {
return redirect('/');
}
return $next($request);
}
}
my route:
Route::get('/settings/{user_id}', function(){
return view('settings');
})->name('settings')->middleware('checkUser');
How would be I able to still have access to the current logged in user's metadata with just the URL /settings?
I figured it out and I can't believe how simple the solution was facepalms
@extends('layouts.app')
@section('content')
<p>{{Auth::user()->first_name}}</p>
<p>{{Auth::user()->last_name}}</p>
<p>{{Auth::user()->email}}</p>
<p>{{Auth::user()->password}}</p>
@endsection
it turns out you have global access to the current logged in user's data
just leaving this here in case someone bumps into the same problem
Please or to participate in this conversation.