CODEWITHSUNDEEP
laravelapilaravel-8csrfcsrf-token
user19704437
user19704437

Reputation: 43

How to hide data shown in the url - laravel

I have created a login page in which user login in with their credentials i.e patientId and contactNumber but after being logged in, the CSRF token is also displaying login credentials along with the token.Also I am using APIs for login and other stuff. This is the output I am getting: http://127.0.0.1:8000/login1?_token=BugYniw96HnJ6C8gjjcpzSruW0CwDdq8JW7kD7Oz&patientId=33488&contactNumber=08732837489

This is my login blade file:

   <form method="GET" action="{{route('login1')}}" name="myForm"  class="login100-form validate-form" >
    <input type="hidden" name="_token" value="{{ csrf_token()}}">
   
<span class="login100-form-title">
User Login
</span>
<div class="wrap-input100 validate-input" data-validate="Mr.No is required">
<input class="input100" name="patientId" id="patientId" placeholder="Enter MR Number" >
<span class="focus-input100"></span>
<span class="symbol-input100">
<i class="fa fa-user" aria-hidden="true"></i>
</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Contact Number is required">
<input class="input100" name="contactNumber" id="contactNumber" placeholder="Enter Contact Number">
<span class="focus-input100"></span>
<span class="symbol-input100">
<i class="fa fa-lock" aria-hidden="true"></i>
</span>
</div>
<div  class="container-login100-form-btn">
<button  class="login100-form-btn" type="submit">
Login
</button>
</div>
<div class="text-center p-t-136">
<a class="txt2" href="#">

</a>
</div>
</form>

This is a web route file:

<?php

use Illuminate\Support\Facades\Route;
use App\Http\Controllers\MainController;
use App\Http\Middleware\VerifyCsrfToken;


Route::get('/', function () {
    return view('login1');
});

Route::get('/login1', [MainController::class, 'successlogin'])->name('login1');

This is my controller file:

<?php

namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Http\Controllers\SessionClass;
use Illuminate\Support\Facades\Http;
use App\Http\Controllers\HostClass;
use Illuminate\Support\Facades\Session;



class MainController extends Controller
{
 

public function successlogin(Request $req)
{

  
  $host = new HostClass();
  $obj = new SessionClass();
  $obj->sethalfpatientId($req->patientId);
  $response = Http::post($host->getserverIp().'/patientInformation',[
    "patientId"=> $req->patientId,
    "contactNumber"=> $req->contactNumber,
    "orgId"=>"332",
    "sessionId"=> "3"
        ]);
      
  $data = json_decode($response, true);

  if($data == null){
    echo "error";

    $notification = array(
            'message' => 'User Does not Exists!',
            'alert-type' => 'error'
        );
        return back()->with($notification);
  
  
  }
  else{

  $obj->setpatientId($data['patientId']);
  $obj->setcontactNumber($data['contactNumber']);
 
  $response2 = Http::post($host->getserverIp().'/searchPatientReports',[
    "patientId"=> $obj->getpatientId(),
    "departmentId"=> "128"

        ]);
  $data2 = json_decode($response2, true);


  $response3 = Http::post($host->getserverIp().'/patientVisits',[
    "patientId"=> $obj->getpatientId()
        ]);
  $data3 = json_decode($response3, true);
    
    Session::put('user', $data);
   
$listappointment = ($data['listAppointments']);

 
return view('dashboard', compact(['data','data2','data3','listappointment']));
  }

}

Upvotes: 0

Views: 634

Answers (1)

N69S
N69S

Reputation: 17206

use POST method so the data dont show in the url

 <form method="POST" action="{{route('login1')}}" name="myForm"  class="login100-form validate-form" >

And change the route to accept post method

Route::post('/login1', [MainController::class, 'successlogin'])->name('login1');

Upvotes: 2

Related Questions