All geek questions in one place

Laravel 5: Apache php HTTP authentication

I need help and advice on the following topic.

My boos has a simple Apache server setup and a simple php auth setup . Once the user is verified with a panel like this.

enter image description here

He / she has access to all the applications that are behind him. Thus, in other words, this panel serves as a β€œgate”, if you are outside the gate, then you have access (of course, there is a permissions table on the web server).

Problem

The application that I create using Laravel 5 needs to be run behind the gate, so this means that the application must know who the user is.

Using $_SERVER['PHP_AUTH_USER']; , I can get the username that is currently registered.

But what if I want to track user's actions in my application? I need something like $this->user_id right?

So, I thought, as soon as the user passes the "gate", I deduce his username and create the user from it, storing it in my database, which works for Laravel, doing this.

  if(isset($_SERVER)) { if ( array_key_exists( 'PHP_AUTH_USER', $_SERVER ) ) { $agent = $_SERVER['PHP_AUTH_USER']; //Request::server('PHP_AUTH_USER') } $user = User::create([ 'username' => $agent, ]); }

But this makes the user every time the user refreshes the page! But without going further, what is the best way to do this?

  • Do I need a separate provider (I tested the code above in AppServiceProvider )?

  • How can I do something like this $this->user_id after saving username ?

Note I know that Laravel has basic auth out of the box, but this will not work because the user is not yet in my database. I need to create them first as above.

+5
source share
2 answers

First you need to check if the user with the specified username exists in your database. This way you are not creating a new user every time you upgrade. Then you can use Auth::login($user); for a user login that allows you to use the auth middleware provided by Laravel (not auth.basic !). Thus, you can access the user throughout your application using the Auth facade and save additional information about the user:

 if(isset($_SERVER)) { if ( array_key_exists( 'PHP_AUTH_USER', $_SERVER ) ) { $agent = $_SERVER['PHP_AUTH_USER']; //Request::server('PHP_AUTH_USER') // Try to find an existing user, or create a new one if the user does not exist $user = User::firstOrCreate([ 'username' => $agent, ]); // Authenticate the user \Auth::loginUsingId($user->id); } }
+1
source

I know this is not what you want to hear, but I would really use Laravel authentication. Apache basic auth should prevent unauthorized users from accessing your page and possibly prevent bots from scanning the page - not serve as a form of entry into your application.

Create one credential set for Apache auth so that all people who have this can access the page. But then create a standard login form with a username and password that will be specific to each user. Thus, even someone who manages to go through Apache, they still will not log into the system.

For safety, this will be the way to go. In addition, doing so in this way opens up new possibilities: you can store more information about your users, for example, their preferred language or permission area.

Think about it:)

+1
source

Source: https://habr.com/ru/post/1238123/

More articles:


All Articles