Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Apr 28, 2021

40

OP

Level 1

Comparing user submitted data, then sending a response back.

Hey all, newbie here

I apologize for the cryptic title, I'm new to Laravel and PHP.

I'm building a CTF application using Laravel Jetstream with LiveWire as part of a university project.

Users will submit flags they've found, and I want that data to be compared with a database entry. If they flag is correct, I want this to be shown:

<span
    class="inline-flex px-2 text-xs font-semibold leading-5 text-green-800 bg-green-100 rounded-full">
    Flag Correct!
</span>

If they got it wrong, I want this to be displayed:

<span
    class="inline-flex px-2 text-xs font-semibold leading-5 text-red-800 bg-red-100 rounded-full">
    Flag Incorrect
</span>

I have most of this code in place, but I'm not sure how to get the logic or routes to work with LiveWire. I have a controller, FlagVerification that has some of the logic, but I'm mainly stuck on how to move this information between the controller and the view, and how to use LiveWire to update what the user sees

Here's my controller so far:

<?php

namespace App\Http\Controllers;

use App\Models\Flag;

class FlagVerification extends Controller
{
	function VerifyFlags()
	{
		// Get first flag from db
		$flag1 = Flag::where('id', 1)->value('flags');

		// Compare User input with $flag1
		// TODO: Pass whatever user entered from table to controller?
		if ($flag1 == 'OBR{1FA528F41E8945C}') {
			return $flag1;
		// If User entered wrong flag, update view.
		} else {
			// Manipulate table to show "incorrect flag"
			return 'Incorrect Flag';
		}
	}
}

This is what the frontend looks like, it might help give a better idea of the goal imgur[.]com/a/U8ItJuT

I realise this is a lot to ask, so any pointers or tips would be really appreciated

Thank you!

OP

Level 1

I've been told I should use Flag::find($id); rather than Flag::where('id', 1)->value('flags');

My controller looks like this now:

<?php

namespace App\Http\Controllers;

use App\Models\Flag;
use Illuminate\Http\Request;

class FlagVerification extends Controller
{
	public function VerifyFlags(Illuminate\Http\Request $request)
	{
		$FlagOne = Flag::find(1);

		if ($FlagOne->name === $request->flag) {
			return view('studentsflagsindex', ['flag' => $FlagOne]);
		} else {
			// Return the same view, with the updated table.
			return view('studentsflagsindex', ['flag' => false]);
		}
	}
}

It should be noted some dots have been ommited from the view name, as they count as links for some reason

Level 54

you can reduce your method to this:

    public function VerifyFlags(Illuminate\Http\Request $request)
    {
        $flag = Flag::find(1);
        
        return view('studentsflagsindex', ['flag' => ($flag->name === $request->flag) ? $flag : false]);
    }

1 like

OP

Level 1

Thanks for that, what's the best way for me to pass this information back into the blade? Here's what I have so far:

<tbody class="bg-white divide-y divide-gray-200">
    <tr>
        <td class="px-6 py-4 text-sm text-gray-900 whitespace-nowrap">
            IPAddress
        </td>
        <td class="px-6 py-4 text-sm text-gray-900 whitespace-nowrap">
            Investigate Apache AJP
        </td>
        <td class="px-6 py-4 text-sm text-gray-900 whitespace-nowrap">
            <div class="mb-4 md:w-1/2">
                <x-jet-input id="flag1" type="text" placeholder="OBR{6342599be08384d}"
                    name="flag" required autofocus />
            </div>
        </td>
        <td class="px-6 py-4 text-sm text-gray-900 whitespace-nowrap">
            <span
                class="inline-flex px-2 text-xs font-semibold leading-5 text-red-800 bg-red-100 rounded-full">
                Flag Incorrect
            </span>
            <span
                class="inline-flex px-2 text-xs font-semibold leading-5 text-green-800 bg-green-100 rounded-full">
                Flag Correct!
            </span>
        </td>
        <td class="px-6 py-4 text-sm font-medium whitespace-nowrap">
            <a href={{ Route('TempRoute') }}>
                <x-jet-button class="ml-4">
                    {{ __('Submit Flag') }}
                </x-jet-button>
            </a>
        </td>
    </tr>
</tbody>

Level 29

Use flashed Session Data instead

https://laravel.com/docs/8.x/responses#redirecting-with-flashed-session-data

Example: extend from @automica

   public function VerifyFlags(Illuminate\Http\Request $request)
    {
        $flag = Flag::find(1);
        
        return view('studentsflagsindex')->with('status' , ($flag->name === $request->flag) ? $flag : false);
    }

1 like

OP

Level 1

Thanks for this, it seems like flashed session data doesn't persist across reloads and such, and I kinda want to use the existing table I already made. Is there no way to extend what I've already done?

Level 29

Use session https://laravel.com/docs/8.x/session#the-global-session-helper

or the example provided by @automica

1 like

OP

Level 1

Okay, I think I'm getting somewhere now. If I enter the incorrect value into the table, nothing happens, which is fine. But if I enter the correct value, also nothing happens. Maybe it's something to do with my route?

Route::post('VerifyFlags', 'Flags@VerifyFlags');

The related button:

<td class="px-6 py-4 text-sm font-medium whitespace-nowrap">
    <a href={{ Route('studentflagsindex') }}>
        <x-jet-button class="ml-4">
            {{ __('Check Flag') }}
        </x-jet-button>
    </a>
</td>

Cheers

Level 29

Check whether your controller is working perfectly by using dd().

Then, in your blade file

@if(Session::has('message'))
  <td class="px-6 py-4 text-sm text-gray-900 whitespace-nowrap" >
            <span
                class="inline-flex px-2 text-xs font-semibold leading-5 text-red-800 bg-red-100 rounded-full">
                {{session('message')}}
            </span>
</td>
@endif

1 like

OP

Level 1

Hmm It seems like my button just straight up isn't working now, it might be some Jetstream thing I don't know about. Using dd() it seems like the controller is working as it should, but the data just isn't getting there.

New post route for the table:

Route::middleware(['auth:sanctum', 'verified'])
	->post('submit', [FlagVerification::class, 'VerifyFlags'])
	->name('VerifyFlags');

New td with both the submit button and input in one div (I thought that might help)

<td class="px-6 py-4 text-sm text-gray-900 whitespace-nowrap">
    <div class="mb-4 md:w-1/2">
        <x-jet-input action="VerifyFlags" method="POST" type="text"
            placeholder="OBR{6342599be08384d}" required autofocus />
        <x-jet-button type="submit" class="ml-4">
            {{ __('Check Flag') }}
        </x-jet-button>
    </div>
</td>

Sorry for all the dumb questions, I appreciate everyones time and patience :p

Cheers

Edit: If it helps anyone, my code is fully open source on Github: https://github[.]com/UpperCenter/Oberon/

Level 29

Is the form embedded by the table, TD or tr tag?

If so, the form will not work.

1 like

OP

Level 1

Ah of course, I've fixed that now.

My button seems to be working now, but I'm getting a 419 error when I submit any data. Normally I'd assume that I'd need to add @csrf but I'm not sure why I'd need a token for this?

OP

Level 1

Okay, so adding @csrf to the form fixes the 419 error, and the post request goes through just fine, but I'm back to nothing happening again.

Here's my Controller again, where's the best place to dd() to see what's going on?

class FlagVerification extends Controller
{
	public function VerifyFlags(Request $request)
	{
		$flag = Flag::find(1);
		return view('studentsflagsindex', [
			'flag' => $flag->name === $request->flag ? $flag : false,
		]);
	}
}

OP

Level 1

After further debugging, it looks like my input from the form isn't reaching the controller. I added

Log::debug($flag);
Log::debug($request);

To my controller to see what might be going on, and I get in laravel dot log

[2021-04-28 20:47:11] local DEBUG: {"id":1,"flags":"OBR{1FA528F41E8945C}","created_at":"2021-04-28T11:13:21 000000Z","updated_at":"2021-04-28T11:13:21 000000Z"} 

[2021-04-28 20:47:11] local DEBUG: array (
  '_token' => '7V6LqvlPzqEEy88dtCjn7WUyeDTeFMmFGgZyFAWk',
)

when I input any data into the form.

Any ideas?

OP

Level 1

Well. the only thing I can think of is that it's something to do with the @csrf token, but if I don't use that, It doesn't work at all.

Level 29

@csrf token is used to enhance security. https://laravel.com/docs/8.x/csrf#csrf-introduction

Can you show your form?

I didn't see any input field is embedded inside the form.

Example

<form>
<x-jet-input type="text" name="flag"/> //the name is important, it is used at $request->input_name <--
</form>

1 like

OP

Level 1

Thanks, here's what I have:

<form action="SubmitFlag" method="POST">
    @csrf
    <td class="px-6 py-4 text-sm text-gray-900 whitespace-nowrap">
        <div class="mb-4 md:w-1/2">
            <x-jet-input type="text" placeholder="OBR{6342599be08384d}" required
                autofocus />
            <x-jet-button type="submit" class="ml-4">
                {{ __('Check Flag') }}
            </x-jet-button>
        </div>
    </td>
</form>

Level 29

Assign a name to the input. Like name="flag", then dd($request->all());

1 like

OP

Level 1

Here's what I get from dd:

array:2 [▼
  "_token" => "rfdAYZnvmml1o7lShvzvOqpouhyIdQBIUZJWX0R3"
  "CheckFlag1" => "Test"
]

Level 29

Which mean the data is passed. Then you can start your comparison.

OP

Level 1

Thank you, but even with

return view('studentsflagsindex', [
'flag' => $flag->name === $request->flag ? $flag : false,
]);

In my controller, it seems nothing is changing on the page?

You mentioned above that I should put

@if(Session::has('message'))

in my blade file, but what does this do?

Level 29

First, have you renamed the CheckFlag1 to flag?

Here's what I get from dd: array:2 [▼ "_token" => "rfdAYZnvmml1o7lShvzvOqpouhyIdQBIUZJWX0R3" "CheckFlag1" => "Test" ]

Second, read this doc, https://laravel.com/docs/8.x/session#introduction to know more about the session.

Since you want to keep the status Flag Incorrect/Correct after refreshing the page or what. So I recommend you to use the session.

Store session: https://laravel.com/docs/8.x/session#storing-data

@if(Session::has('message'))

It just an if-else loop to detect if you have stored a session named message.

1 like

OP

Level 1

Thanks, I have not renamed CheckFlag1 as there will be multiple flags, and I need to distinguish them.

If we ignore session for now, (i just want it to get working first)

Could I use something like this to display the right content?

@if (count($CheckFlag1) === 1)
    Flag Correct
@elseif (count($CheckFlag1) != 1)
   Flag Incorrect
@else
    No flag submitted.
@endif

I assume

return view('studentsflagsindex', [
			'flag' => $flag->name === $request->flag ? $flag : false,
		]);

in my controller will return true or false, but I do not know how to check this

Thank you again for all your help so far

Level 29

return view('studentsflagsindex', [ 'flag' => $flag->name === $request->flag ? $flag : false, ]);

You are returning the variable name as flag, so it should be

@if (($flag)
    Flag Correct
@elseif ($flag===false)
   Flag Incorrect
@else
    No flag submitted.
@endif

1 like

OP

Level 1

Thank you again, but this gives me an error with the variable:

Undefined variable $flag (View: /resources/views/students/flags/index dot blade dot php)

Here is the blade dot php file

<td class="px-6 py-4 text-sm text-gray-900 whitespace-nowrap">
    @if ($flag)
        <span
            class="inline-flex px-2 text-xs font-semibold leading-5 text-green-800 bg-green-100 rounded-full">
            Flag Correct!
        </span>
    @elseif ($flag === false)
        <span
            class="inline-flex px-2 text-xs font-semibold leading-5 text-red-800 bg-red-100 rounded-full">
            Flag Incorrect
        </span>
    @else
        <span
            class="inline-flex px-2 text-xs font-semibold leading-5 text-blue-500 bg-gray-100 rounded-full">
            No flag submitted
        </span>
    @endif
</td>

Am I missing something in my Controller?

<?php

namespace App\Http\Controllers;

use App\Models\Flag;
use Illuminate\Http\Request;

class FlagVerification extends Controller
{
	public function VerifyFlags(Request $request)
	{
		$flag = Flag::find(1);
		return view('studentsflagsindex', [
			'flag' => $flag->name === $request->flag ? $flag : false,
		]);
	}
}

Or web dot php file?

Thank you

Level 29


@if(isset($flag)&&$flag)

1 like

OP

Level 1

Thank you. I also got the same error with the elseif statement. I fixed this by:

@elseif (isset($flag)) && ($flag === false)

I don't get anymore syntax issues now, but it seems like $flag is always true now, did I mess up the elseif statement somehow?

Level 29

Try to debug by return a fixed value first.

Return false or any value you want to debug:

	return view('studentsflagsindex', [
			'flag' => false
		]);

1 like

OP

Level 1

Doing this gives:

&& ($flag === false) Flag Incorrect

In the application, perhaps it is better to show the result in an image:

https://imgur dot com/3oA0xP1

Level 29

wrong closing of )

@elseif (isset($flag) && ($flag === false))

1 like

OP

Level 1

This still seems to return all entered values as true

Level 29

add these line before the if-else

@if(isset($flag))
{{dump($flag)}}
@endif

1 like

OP

Level 1

Thanks, I inputted TestFalse

App\Models\Flag {#1387 ▼
  #fillable: array:1 [▼
    0 => "flags"
  ]
  #connection: "pgsql"
  #table: "flags"
  #primaryKey: "id"
  #keyType: "int"
  +incrementing: true
  #with: []
  #withCount: []
  #perPage: 15
  +exists: true
  +wasRecentlyCreated: false
  #attributes: array:4 [▼
    "id" => 1
    "flags" => "OBR{1FA528F41E8945C}"
    "created_at" => "2021-04-29 02:22:28"
    "updated_at" => "2021-04-29 02:22:28"
  ]
  #original: array:4 [▼
    "id" => 1
    "flags" => "OBR{1FA528F41E8945C}"
    "created_at" => "2021-04-29 02:22:28"
    "updated_at" => "2021-04-29 02:22:28"
  ]
  #changes: []
  #casts: []
  #classCastCache: []
  #dates: []
  #dateFormat: null
  #appends: []
  #dispatchesEvents: []
  #observables: []
  #relations: []
  #touches: []
  +timestamps: true
  #hidden: []
  #visible: []
  #guarded: array:1 [▼
    0 => "*"
  ]
}

It seems to be returning the correct flag from the database regardless

Level 29

...

Try to debug by return a fixed value first. return view('studentsflagsindex', [ 'flag' => false ]);

1 like

OP

Level 1

My apologies.

With the view always returning false, there is no output from

@if (isset($flag))
    {{ dump($flag) }}
@endif

and the flag reads as "Flag Incorrect" as intended

Level 29

and the flag reads as "Flag Incorrect" as intended

Which mean your issue solved?

OP

Level 1

No, if I put 'flag' => $flag->name === $request->flag ? $flag : false, back, all results are true again.

Level 29

Which mean $flag->name is always equal to $request->flag?

Debug the two values by dump($flag->name) and dump($request->flag)

1 like

OP

Level 1

To be totally honest I don't fully understand @automica' original answer.

Can you tell me what $flag->name does within 'flag' => $flag->name === $request->flag ? $flag : false,

Thanks

Level 29

You are new to PHP?

The code provided by automica is a Ternary operator, shortcode of the comparison. Check this link https://stitcher.io/blog/shorthand-comparisons-in-php#ternary-operator.

Extend Version:

if($flag->name === $request->flag){
return $flag;
}else{
	return false;
}

Please or to participate in this conversation.