How to give new approve user access to the register page with token in their mail adress?

Hi everyone, i am new here i am working on a project and have something in mind. I create a new system for registration, only approuve user can login but i would like to hide the /register page to each one of them until they receive a link with a token in their email adress that give them a direct access to the register page with their filling data they provide in the contact form i started something that actually works but i dont know How to implement that second part. I am using sendinblue as mailer for my template email, i call all template via api call and record the token in sendinblue attributes database. Anyhelp ? Thanks

tisuchi

4 years ago

Level 70

@kangahbryan5 @gmail.com An idea-

Every time submit the contact form, it will add a hash in DB (in some table).
Send an email to the requester (the person who contact via the form).
The email link will redirect to `/some-route?access_token=foo'
In your /some-route logic, check whether it contains the access_token or not.
- IF yes, then check whether the access_token value is available in the DB table or not.
- Otherwise, redirect them to 404 / in any other message.

1 like

[email protected]

4 years ago

Level 2

@tisuchi hello Thanks for your answer How do i Check thé valeur of the access_token? Do i Check it with some Logic in my controller or do i make a services /helpers to check that ?

tisuchi

4 years ago

Level 70

@kangahbryan5 @gmail.com It could be simple. I think using service/helper for that is over-engineering.

You can simply create a private/protected method. How about this?


    private function giveAccess()
    {
        $accessToken = request()->access_token;

        if (empty($accessToken)) {
            abort(404);
        }

        // Show 404 if no record token matched
        Model::where('token', $accessToken)->findOrFail();

        // Give access
        return redirect('/some-url');
    }

1 like

[email protected]

3 years ago

Level 2

@tisuchi i get the point, thank you. I actually made a middleware to restrict access to the register page. This register page can't be access unless you get approve by the admin. My problem now is that how can i unlock the register just my new approve user. I did that in my middleware :

class CheckContactApproved
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if (!contact->approved_at) {
            return redirect()->route('/');
        }
        return $next($request);
    }
}

and my routes :

Route::group([
  'namespace'  => '\App\Http\Controllers\Auth',
    'middleware' => ['auth']
], function () {
    Route::middleware(['approved'])->group(function (){

        Route::get('register/{access_token}','AskDemoController@giveAccess')->name('validationpost');
        Route::get('register','AskDemoController@giveAccess')->name('register');
        Route::post('register','RegisterController@showRegistrationForm')->name('register');

    });
    Route::middleware(['admin'])->group(function (){

        Route::get('approve',[\App\Http\Controllers\Admin\UserController::class,'newUserView' ])->name('unlock');
        Route::get('approve/{contact}/approve',[\App\Http\Controllers\Admin\UserController::class,'newUserCreated' ])->name('unlockAccess');

    });

[email protected]

3 years ago

Level 2

of course i forget the instance for my model but you get my point here

Please or to participate in this conversation.