Reputation: 299
Laravel how to block or secure id in route
i have custom password reset in my project where user can change his password, now how can i secure the route where the user cannot manipulate the id..does laravel has it in the middleware?
Example:http://localhost:8000/changepassword/1/edit if user attempt to changes the id parameter it will redirect to access denied page.. is this possible?
Upvotes: 0
Views: 537
Answers (1)
Reputation: 2328
Yes it is possible
In your controller function, you can check the current/login user id and that id which you are going to get from the URL
Also for admin user you can add one condition that
if(ADMINUSER || LOGIN_USER_ID == URL_ID){
}
But I recommend that add an extra column with the random and unique string use that column instead of Id, In that case your URL will be like this
/changepassword/wcdftgHYuj346DERFD/edit
then you need to get the user on the base of random_string 'wcdftgHYuj346DERFD'
Upvotes: 1
Related Questions
- how to hide id from URL laravel 7?
- Laravel: How to throw 403 if the user enter the ID manually in the route?
- Laravel - prevent access to controller throug route in url
- Encrypt ID in routers URL?
- Protecting Routes in Laravel 5.3
- Laravel 5 route protection
- laravel 5.2 how to protect route only for authenticated user
- Protect routes in Laravel 5.1
- Protecting routes in laravel with filters
- Laravel 4: protecting routes provided by a controller