Coding

Laravel 5.2 PHP – Build a Shopping Cart – #14 Forcing User Login

  • 00:00:00 so time to continue with this
  • 00:00:02 application and time to work on do you
  • 00:00:06 fact that currently every user is able
  • 00:00:08 to check out but I want to restrict that
  • 00:00:11 to locked in users only so that
  • 00:00:15 certainly as something I'll work on next
  • 00:00:17 a quick and easy way a level to make
  • 00:00:20 sure that only locked end users can
  • 00:00:22 reach the checkout page of course is to
  • 00:00:25 go to the routes file then here which
  • 00:00:28 you have this check out route and then
  • 00:00:30 add a middleware to it add D off
  • 00:00:33 middleware remember we're already using
  • 00:00:35 the off malware it the user routes here
  • 00:00:38 for example here where we want to
  • 00:00:40 protect the profile and the logout route
  • 00:00:43 so here I'm balls of protecting slash
  • 00:00:46 check out and I'll also protect the post
  • 00:00:49 route so that no user is able to somehow
  • 00:00:52 issue a post check out requests through
  • 00:00:55 the terminal or something like that
  • 00:00:57 however if I do it like this and while I
  • 00:01:01 reload this page
  • 00:01:02 I'm redirected so I can go through a
  • 00:01:04 shopping cart click checkout and I
  • 00:01:06 redirect it to the sign-in page which is
  • 00:01:08 great which is what I want but if I do
  • 00:01:11 is sign in here I'm taken to the user
  • 00:01:14 profile that and again I have to click
  • 00:01:16 on shopping cart before I can actually
  • 00:01:17 go to the checkout page if I click log
  • 00:01:20 out while I'm redirected but it would be
  • 00:01:23 nice if after signing in I would
  • 00:01:26 automatically be sent to the checkout
  • 00:01:28 page if that is where I wanted to go so
  • 00:01:31 that this sign in it's not actually
  • 00:01:33 redirecting me somewhere else thereafter
  • 00:01:35 it would also be nice if I had some kind
  • 00:01:38 of don't have an account yet sign up
  • 00:01:42 link at the bottom and then again be
  • 00:01:44 redirected to the check out page after
  • 00:01:46 signing up so a bit of a more user
  • 00:01:49 friendly process in this place here so
  • 00:01:53 I'll first add a link here which is
  • 00:01:55 pretty easy I'll go to my sign-in page
  • 00:01:59 here this one and below the form I'm
  • 00:02:02 adding text I just said don't have an
  • 00:02:05 account
  • 00:02:07 and then simply a link which says sign
  • 00:02:12 up instead or something like that and
  • 00:02:14 here of course this link should point to
  • 00:02:17 my sign up route which is user I'll have
  • 00:02:22 to look it up to be honest user user dot
  • 00:02:27 sign up well that was easy
  • 00:02:28 so here who's here I'll just link to
  • 00:02:33 that page so now I at least have the
  • 00:02:35 possibility of going to design up page
  • 00:02:38 instead but still I don't have the
  • 00:02:40 chance of or I don't get redirected to
  • 00:02:43 the checkout page after doing so so in
  • 00:02:46 order to implement that I'll need to go
  • 00:02:50 to my middle aware file which I can full
  • 00:02:53 find an email aware folder and here the
  • 00:02:55 authenticate middleware is Tamila we're
  • 00:02:57 responsible for protecting my routes
  • 00:02:59 here and redirecting me and here I'm
  • 00:03:02 setting up that I want to get redirected
  • 00:03:03 to a user or sign in and that is of
  • 00:03:06 course the correct behavior because I
  • 00:03:08 want to redirect to this sign-in page if
  • 00:03:10 the user is not logged in but I also
  • 00:03:13 want to store the URL the user tried to
  • 00:03:16 access previously to signing in so here
  • 00:03:21 I will store this in my session put and
  • 00:03:24 I'll just name it old URL of course you
  • 00:03:27 name it whatever you want and then I'm
  • 00:03:29 going to retrieve the old URL on my
  • 00:03:32 request where a half does URL method
  • 00:03:35 which just gives me the URL the user
  • 00:03:37 wanted to access so with that I making
  • 00:03:40 sure that I will actually not redirect
  • 00:03:44 the user instantly but before doing so I
  • 00:03:47 will at least store which URL he wanted
  • 00:03:50 to access and I can also do it and here
  • 00:03:52 because it's not relevant for dhx case
  • 00:03:54 so with that I'm making sure that I at
  • 00:03:57 least have that URL the next of course
  • 00:04:00 is to use that and the place to
  • 00:04:02 implement this is the user controller
  • 00:04:04 here in the post sign-in method for
  • 00:04:08 example I'm handling the case that the
  • 00:04:10 user well is successfully logged in and
  • 00:04:13 here is the place where I always
  • 00:04:15 redirect to the user profile which is OK
  • 00:04:19 normal sign-in process but if I wanted
  • 00:04:22 to go to the checkout page then I don't
  • 00:04:25 want to redirect there instead I want to
  • 00:04:27 redirect to the old URL right therefore
  • 00:04:29 in this off attempt check here where I
  • 00:04:32 will check if the user was successfully
  • 00:04:35 logged in I'll add another if block
  • 00:04:37 inside of it where I just check if my
  • 00:04:40 session has this old URL field because
  • 00:04:45 if it doesn't have this field well then
  • 00:04:47 I'm coming from somewhere else and well
  • 00:04:49 I don't want to redirect there in this
  • 00:04:53 case that I do have it I want to return
  • 00:04:57 a redirect which then should lead to
  • 00:05:00 well to does URL right so get old URL
  • 00:05:05 like this I could do it like this but
  • 00:05:08 actually all won't make one extra step
  • 00:05:11 I'll extract the old URL here and
  • 00:05:14 thereafter I'm going to forget this key
  • 00:05:19 like so and then of course down here
  • 00:05:23 I'll just use the old URL variable with
  • 00:05:26 that I'm going to clear that old URL so
  • 00:05:28 that upon futures sign-in requests I'm
  • 00:05:31 not always getting redirected to
  • 00:05:32 checkout page with that I set up the
  • 00:05:37 redirection when signing in I'm going to
  • 00:05:39 copy this code and of course I want to
  • 00:05:42 do the same thing after signing up so
  • 00:05:45 here in the post-synaptic out after
  • 00:05:49 logging the user in here I'm also
  • 00:05:51 checking if I have the over URL if I do
  • 00:05:54 so I'll redirect there and if I don't
  • 00:05:56 have it well then this KO here is
  • 00:05:58 skipped and instead I'm just redirecting
  • 00:06:01 to the user profile like that and with
  • 00:06:03 that I'm making sure that I got this
  • 00:06:05 well more convenient sign-in process
  • 00:06:08 when I need to sign in for checking out
  • 00:06:11 so with that change in place if I go
  • 00:06:13 back to the application go to my
  • 00:06:15 shopping cart and click on checkout then
  • 00:06:18 I get this error because well first in
  • 00:06:22 your controller we need to import these
  • 00:06:24 sessions assayed certainly important and
  • 00:06:27 I need to do this
  • 00:06:28 in the authentic eight classier Soyuz
  • 00:06:31 session like this okay with that if I go
  • 00:06:35 back click on checkout again I redirect
  • 00:06:37 it to the sign-in page and here if I
  • 00:06:39 sign in with my dummy account click on
  • 00:06:41 sign in now you see I'm getting to the
  • 00:06:44 checkout page however one thing you'll
  • 00:06:46 notice is if I lock out them I'm going
  • 00:06:49 to the sign in page if I log in again
  • 00:06:52 well I'm back on a checkout page and
  • 00:06:54 that certainly is not to behavior one
  • 00:06:57 right I want to go to the user profile
  • 00:06:59 page now because checkout no longer is
  • 00:07:01 my old old URL so something's going
  • 00:07:05 wrong here and actually that's really
  • 00:07:08 tricky if we have a look at our code we
  • 00:07:11 do forget the old URL here after logging
  • 00:07:15 in and that works I can tell you that so
  • 00:07:18 somehow it seems to get set again at
  • 00:07:22 some other place but the only place
  • 00:07:24 where I do set it is here in my
  • 00:07:26 authenticate Villa where here right so
  • 00:07:29 it looks like we're getting to this
  • 00:07:31 middle aware again and we actually do in
  • 00:07:35 the user controller if I log out I'm
  • 00:07:38 redirecting back now what does back mean
  • 00:07:42 well if I log out here whilst only
  • 00:07:45 checkout page well then back means back
  • 00:07:48 to the checkout and the reason why I see
  • 00:07:50 the sign-in page is just because the
  • 00:07:52 checkout pages protected so here instead
  • 00:07:56 of redirecting back which would lead to
  • 00:07:59 old URL being set again I could simply
  • 00:08:02 redirect to let's say user dot sign-in
  • 00:08:07 directly doing it this way if I sign in
  • 00:08:11 again you see that debugger was talking
  • 00:08:14 about but if I now hit logout I'm taking
  • 00:08:17 to the sign-in form and if I now log in
  • 00:08:20 again we're at the user profile so now
  • 00:08:22 this bug is fixed so that's definitely
  • 00:08:25 an important one to keep in mind since
  • 00:08:28 this is really tricky to find and it
  • 00:08:31 well kind of destroys our whole work for
  • 00:08:34 we set up there with that well out of
  • 00:08:36 the way I can go back to
  • 00:08:38 let's say logging out here then I can go
  • 00:08:41 back to the you shopping cart let's say
  • 00:08:44 I want to create a new user or some
  • 00:08:46 quickly doing this with some dummy data
  • 00:08:47 here and I'm going to be checkout page
  • 00:08:50 as well with that I'm then able to
  • 00:08:53 actually do the checkout I'll use this
  • 00:08:56 dummy credit card number again some date
  • 00:09:00 in the future some dummy CBC code here
  • 00:09:04 don't save this purchase was successful
  • 00:09:07 and if we have a look at the database
  • 00:09:09 the orders table we get a new order now
  • 00:09:12 related to user free which makes sense
  • 00:09:14 because data ste user I just created
  • 00:09:17 with this test free email address here