Prevent HTTP Parameter Pollution in Laravel with Secure Coding

Understanding HTTP Parameter Pollution in Laravel

HTTP Parameter Pollution (HPP) is a web security vulnerability that occurs when an attacker manipulates multiple HTTP parameters with the same name to bypass security controls, exploit application logic, or perform malicious actions. Laravel, like many PHP frameworks, processes input parameters in a way that can be exploited if not handled correctly.

In this blog, we’ll explore how HPP works, how it affects Laravel applications, and how to secure your web application with practical examples.

How HTTP Parameter Pollution Works

HPP occurs when an application receives multiple parameters with the same name in an HTTP request. Depending on how the backend processes them, unexpected behavior can occur.

Example of HTTP Request with HPP:

GET /search?category=electronics&category=books HTTP/1.1 Host: example.com

Different frameworks handle duplicate parameters differently:

PHP (Laravel): Takes the last occurrence (category=books) unless explicitly handled as an array.

Express.js (Node.js): Stores multiple values as an array.

ASP.NET: Might take the first occurrence (category=electronics).

If the application isn’t designed to handle duplicate parameters, attackers can manipulate input data, bypass security checks, or exploit business logic flaws.

Impact of HTTP Parameter Pollution on Laravel Apps

HPP vulnerabilities can lead to:

✅ Security Bypasses: Attackers can override security parameters, such as authentication tokens or access controls. ✅ Business Logic Manipulation: Altering shopping cart data, search filters, or API inputs. ✅ WAF Evasion: Some Web Application Firewalls (WAFs) may fail to detect malicious input when parameters are duplicated.

How Laravel Handles HTTP Parameters

Laravel processes query string parameters using the request() helper or Input facade. Consider this example:

use Illuminate\Http\Request; Route::get('/search', function (Request $request) { return $request->input('category'); });

If accessed via:

GET /search?category=electronics&category=books

Laravel would return only the last parameter, category=books, unless explicitly handled as an array.

Exploiting HPP in Laravel (Vulnerable Example)

Imagine a Laravel-based authentication system that verifies user roles via query parameters:

Route::get('/dashboard', function (Request $request) { if ($request->input('role') === 'admin') { return "Welcome, Admin!"; } else { return "Access Denied!"; } });

An attacker could manipulate the request like this:

GET /dashboard?role=user&role=admin

If Laravel processes only the last parameter, the attacker gains admin access.

Mitigating HTTP Parameter Pollution in Laravel

1. Validate Incoming Requests Properly

Laravel provides request validation that can enforce strict input handling:

use Illuminate\Http\Request; use Illuminate\Support\Facades\Validator; Route::get('/dashboard', function (Request $request) { $validator = Validator::make($request->all(), [ 'role' => 'required|string|in:user,admin' ]); if ($validator->fails()) { return "Invalid Role!"; } return $request->input('role') === 'admin' ? "Welcome, Admin!" : "Access Denied!"; });

2. Use Laravel’s Input Array Handling

Explicitly retrieve parameters as an array using:

$categories = request()->input('category', []);

Then process them safely:

Route::get('/search', function (Request $request) { $categories = $request->input('category', []); if (is_array($categories)) { return "Selected categories: " . implode(', ', $categories); } return "Invalid input!"; });

3. Encode Query Parameters Properly

Use Laravel’s built-in security functions such as:

e($request->input('category'));

or

htmlspecialchars($request->input('category'), ENT_QUOTES, 'UTF-8');

4. Use Middleware to Filter Requests

Create middleware to sanitize HTTP parameters:

namespace App\Http\Middleware; use Closure; use Illuminate\Http\Request; class SanitizeInputMiddleware { public function handle(Request $request, Closure $next) { $input = $request->all(); foreach ($input as $key => $value) { if (is_array($value)) { $input[$key] = array_unique($value); } } $request->replace($input); return $next($request); } }

Then, register it in Kernel.php:

protected $middleware = [ \App\Http\Middleware\SanitizeInputMiddleware::class, ];

Testing Your Laravel Application for HPP Vulnerabilities

To ensure your Laravel app is protected, scan your website using our free Website Security Scanner.

Screenshot of the free tools webpage where you can access security assessment tools.

You can also check the website vulnerability assessment report generated by our tool to check Website Vulnerability:

An Example of a vulnerability assessment report generated with our free tool, providing insights into possible vulnerabilities.

Conclusion

HTTP Parameter Pollution can be a critical vulnerability if left unchecked in Laravel applications. By implementing proper validation, input handling, middleware sanitation, and secure encoding, you can safeguard your web applications from potential exploits.

🔍 Protect your website now! Use our free tool for a quick website security test and ensure your site is safe from security threats.

For more cybersecurity updates, stay tuned to Pentest Testing Corp. Blog! 🚀

Crafting Clean and Maintainable Code with Laravel's Design Patterns

In today's fast-paced world, building robust and scalable web applications is crucial for businesses of all sizes. Laravel, a popular PHP framework, empowers developers to achieve this goal by providing a well-structured foundation and a rich ecosystem of tools. However, crafting clean and maintainable code remains paramount for long-term success. One powerful approach to achieve this is by leveraging Laravel's built-in design patterns.

What are Design Patterns?

Design patterns are well-defined, reusable solutions to recurring software development problems. They provide a proven approach to structuring code, enhancing its readability, maintainability, and flexibility. By adopting these patterns, developers can avoid reinventing the wheel and focus on the unique aspects of their application.

Laravel's Design Patterns:

Laravel incorporates several design patterns that simplify common development tasks. Here are some notable examples:

Repository Pattern: This pattern separates data access logic from the business logic, promoting loose coupling and easier testing. Laravel's Eloquent ORM is a practical implementation of this pattern.

Facade Pattern: This pattern provides a simplified interface to complex functionalities. Laravel facades, like Auth and Cache, offer an easy-to-use entry point for various application functionalities.

Service Pattern: This pattern encapsulates business logic within distinct classes, promoting modularity and reusability. Services can be easily replaced with alternative implementations, enhancing flexibility.

Observer Pattern: This pattern enables loosely coupled communication between objects. Laravel's events and listeners implement this pattern, allowing components to react to specific events without tight dependencies.

Benefits of Using Design Patterns:

Improved Code Readability: Consistent use of design patterns leads to cleaner and more predictable code structure, making it easier for any developer to understand and modify the codebase.

Enhanced Maintainability: By separating concerns and promoting modularity, design patterns make code easier to maintain and update over time. New features can be added or bugs fixed without impacting other parts of the application.

Increased Reusability: Design patterns offer pre-defined solutions that can be reused across different components, saving development time and effort.

Reduced Complexity: By providing structured approaches to common problems, design patterns help developers manage complexity and write more efficient code.

Implementing Design Patterns with Laravel:

Laravel doesn't enforce the use of specific design patterns, but it empowers developers to leverage them effectively. The framework's built-in libraries and functionalities often serve as implementations of these patterns, making adoption seamless. Additionally, the vast Laravel community provides numerous resources and examples to guide developers in using design patterns effectively within their projects.

Conclusion:

By understanding and applying Laravel's design patterns, developers can significantly improve the quality, maintainability, and scalability of their web applications. Clean and well-structured code not only benefits the development team but also creates a valuable asset for future maintenance and potential growth. If you're looking for expert guidance in leveraging Laravel's capabilities to build best-in-class applications, consider hiring a Laravel developer.

These professionals possess the necessary expertise and experience to implement design patterns effectively, ensuring your application is built with long-term success in mind.

FAQs

1. What are the different types of design patterns available in Laravel?

Laravel doesn't explicitly enforce specific design patterns, but it provides functionalities that serve as implementations of common patterns like Repository, Facade, Service, and Observer. Additionally, the framework's structure and libraries encourage the use of various other patterns like Strategy, Singleton, and Factory.

2. When should I use design patterns in my Laravel project?

Design patterns are particularly beneficial when your application is complex, involves multiple developers, or is expected to grow significantly in the future. By adopting patterns early on, you can establish a well-structured and maintainable codebase from the outset.

3. Are design patterns difficult to learn and implement?

Understanding the core concepts of design patterns is essential, but Laravel simplifies their implementation. The framework's built-in libraries and functionalities often serve as practical examples of these patterns, making it easier to integrate them into your project.

4. Where can I find more resources to learn about design patterns in Laravel?

The official Laravel documentation provides a good starting point https://codesource.io/brief-overview-of-design-pattern-used-in-laravel/. Additionally, the vast Laravel community offers numerous online resources, tutorials, and code examples that delve deeper into specific design patterns and their implementation within the framework.

5. Should I hire a Laravel developer to leverage design patterns effectively?

Hiring a Laravel developer or collaborating with a laravel development company can be advantageous if you lack the in-house expertise or require assistance in architecting a complex application. Experienced developers can guide you in selecting appropriate design patterns, ensure their proper implementation, and contribute to building a robust and maintainable codebase.

Route file example in Laravel

Route file example in Laravel 10 <?php use App\Http\Controllers\UserController; use Illuminate\Http\Request; use Illuminate\Support\Facades\Route; /* |-------------------------------------------------------------------------- | Web Routes |-------------------------------------------------------------------------- | | Here is where you can register web routes for your application. These |…

View On WordPress

How to Download Files in Laravel

To download a file from the server in Laravel 8, you can use the response()->download() method. Here’s an example of how to download a file: use Illuminate\Support\Facades\Storage; use Illuminate\Http\Response; public function downloadFile() { $filePath = 'path/to/file.txt'; // Replace with the actual file path if (Storage::exists($filePath)) { $fileName = basename($filePath); return…

View On WordPress

Laravel is a popular PHP framework that provides a robust routing system for building web applications. The routing system in Laravel allows you to define how incoming HTTPrequests should be handled and mapped to specific controllers and actions within your application. To get started with the routing system in Laravel, follow these steps: Routes File: Open the routes/web.php file in your Laravel application. This file contains the route definitions for handling web requests. You can define your routes here using the Route facade. Basic Route: A basic route definition consists of an HTTP verb (e.g., GET, POST) and a URL pattern. For example, to handle a GET request to the root of your application, you can define a route like this: phpCopy code Route::get('/', function () return 'Hello, World!'; ); Route Parameters: You can define route parameters by wrapping them in curly braces within the URL pattern. For example, to capture a user ID in the URL, you can define a route like this: phpCopy code Route::get('/user/id', function ($id) return 'User ID: ' . $id; ); Named Routes: You can assign names to your routes using the name method. Named routes are useful when generating URLs or redirecting to a specific route. For example: phpCopy code Route::get('/user/id', function ($id) return 'User ID: ' . $id; )->name('user.profile'); Route Groups: You can group related routes together using the prefix and middleware methods. The prefix method allows you to add a common prefix to a group of routes, while the middleware method allows you to apply middleware to the routes within the group. For example: phpCopy code Route::prefix('admin')->middleware('auth')->group(function () Route::get('/dashboard', function () return 'Admin Dashboard'; ); // Other admin routes... ); Route Controllers: Instead of using anonymous functions as route callbacks, you can also route to controller actions. First, create a controller using the php artisan make:controller command. Then, you can define a route that points to a specific controller and action. For example: phpCopy code Route::get('/user/id', 'UserController@show'); In the above example, the show method of the UserController will be called when a GET request is made to the specified URL. Route Model Binding: Laravel's routing system also supports route model binding, which automatically injects model instances into your controller actions. For example, if you have a User model, you can define a route like this: phpCopy code Route::get('/user/user', function (User $user) return $user; ); In this case, Laravel will automatically fetch the user with the corresponding ID from the database and pass it to the route callback. These are some of the key concepts of Laravel routing system. By using these techniques, you can define flexible and powerful routes to handle various HTTP requests in your Laravel application. Remember to refer to the official Laravel documentation for more details and advanced routing features: https://laravel.com/docs/routing

How to create facade in laravel

How to create facade in laravel

Hello buddy, in this article we will learn about how to create a facade in laravel or you can say a custom facade in laravel. But before creating a facade, do you know what is facade in laravel ? In simple language, I must say In a Laravel application, a facade is a class that provides access to an object from the container. Follow the below steps to create facade in laravel Create Class…

View On WordPress

Json and Laravel Eloquent with example

JSON is short form of JavaScript Object Notation, which is used to store data and since it is very lightweight hence majorly used for transporting data to and from a web server. In earlier days, XML was used for this very purpose but writing and reading XML data was very tedious while JSON on the other hand, is self describing.

In today’s topic I am going to show you how to store JSON data into MySQL and access those data using laravel eloquent query builders.

Storing JSON data in MySQL using Laravel

First let’s create a dummy table using migration command.

Schema::create(json_examples, function (Blueprint $table) {             $table->bigIncrements('id');             $table->string('name');             $table->text('json_details'); //using text datatype to store json             $table->timestamps();         });

As you can see I used text datatype for storing json.

Next, let’s create a corresponding Model for the same

php artisan make:model JsonExample

JsonExample.php

public static function create($data) {     $new = new self();     $new->name = $data['name'];     $new->json_details = $data['json_details''];     $new->save(); }

So in controller we can do something like this:

public function storeEmpData(Request $request) {     ...     $name = $request->name';     $details = ['emp_code' => '001', 'date_of_joining' => Carbon::parse($request->doj), 'salary' => '50000'];         $dataToStore = [         'name' => $name,         'Json_details' => json_encode($details)       ];       //saving data       JsonExample::create($dataToStore); }

Processing Json data in Laravel eloquent.

Json data in where()

We can easily apply conditions on json data in laravel using -> (arrow notation), for example, fetch records where salary is more than 50000.

JsonExample.php

public static function getSalaryMoreThan($salary) {     return self::where('json_details->salary','>',$salary)->get(); }

Access json data using json_extract()

Another example, we need records of employees who joined the company before a date for instance 9th November 2018.

JsonExample.php

public static function getEmployeesBeforeDate($date) {     return self::whereDate("json_extract('json_details', '$.doj')", '<', $date)->get() }

As you can see above, I used json_extract() method which is MySQL’s function to extract a field from JSON column since I can not simply instruct eloquent using arrow operator like

return self::whereDate('json_details->doj', '<', $date)->get()

Rather I have to explicitly tell eloquent to extract json field and then proceed.

JSON data in DB::raw()

Many times we need to use MySQL’s aggregate functions like SUM() as per the requirement, in that case we use DB facade. For example,

select(DB::raw('sum(...)'))

How to access json field in MySQL’s aggregate function ?

It is very simple, let’s take an example, we need to sum total salary of employees.

public static function findTotalSalary() {     return self::select(DB:raw('sum("json_extract('json_details', '$.salary')") as total_salary'))->get(); }

Conclusion

That’s all about this topic friends, I hope you learned something new which you haven’t thought about. I thought I should share this knowledge as I encountered such problem while working on a project today where I do save additional data in json format. Do comment your reviews and experiences below.

Thank you :)

Ebooks available now

You can download this article’s PDF eBooks for offline reading from below:

Issuu

Slide Share

Edocr

AuthorStream

Scribd

Social Media Share Buttons Integration Tutorial in Laravel 9

In this short tutorial, we'll show you how to use the insanely helpful jorenvanhocht/laravel-share package to add social media share buttons to every page of a Laravel application. The quality of your site's material is widely spread via social share icons, which are incredibly beneficial in spreading your information to a bigger audience. The social sharing option increases the likelihood that your material will receive free advertising. These buttons, which are put to every page of your website, offer a powerful way to let site visitors know about the most helpful content on your website. You better know how to incorporate the social media share button in the Laravel project if you're a Laravel developer. We will use the jorenvanhocht/laravel-share package to make this process tutorial simple, and you can obtain this package using the Composer tool so that you won't have to create it from scratch. The jorenvanhocht/laravel-share package is absolutely necessary for this Laravel8 social media share button example. It is a library built on PHP that enables you to create different social share links. You can build social share links for Facebook, Twitter, Linkedin, WhatsApp, Reddit, and Telegram after adding this package into your project.

Table of Contents

- Download Laravel App - Add Laravel Share Package - Register Laravel Share - Set Up New Controller - Create Route - Add Social Media Share Buttons in View - Start Application

Download Laravel App

Create a new Laravel app to get started; use the given command; you may alter the project name if you'd like. composer create-project --prefer-dist laravel/laravel laravel-demo cd laravel-demo

Add Laravel Share Package

To begin installing the Laravel sharing library, open the console window in your view, type the suggested command, and then press Enter. composer require jorenvanhocht/laravel-share

Register Laravel Share

Make sure to register the ServiceProvider and the facade, respectively, in the config/app.php file to fully utilize the package. Read the full article

How to Protect Your Laravel App from JWT Attacks: A Complete Guide

Introduction: Understanding JWT Attacks in Laravel

JSON Web Tokens (JWT) have become a popular method for securely transmitting information between parties. However, like any other security feature, they are vulnerable to specific attacks if not properly implemented. Laravel, a powerful PHP framework, is widely used for building secure applications, but developers must ensure their JWT implementation is robust to avoid security breaches.

In this blog post, we will explore common JWT attacks in Laravel and how to protect your application from these vulnerabilities. We'll also demonstrate how you can use our Website Vulnerability Scanner to assess your application for potential vulnerabilities.

Common JWT Attacks in Laravel

JWT is widely used for authentication purposes, but several attacks can compromise its integrity. Some of the most common JWT attacks include:

JWT Signature Forgery: Attackers can forge JWT tokens by modifying the payload and signing them with weak or compromised secret keys.

JWT Token Brute-Force: Attackers can attempt to brute-force the secret key used to sign the JWT tokens.

JWT Token Replay: Attackers can capture and replay JWT tokens to gain unauthorized access to protected resources.

JWT Weak Algorithms: Using weak signing algorithms, such as HS256, can make it easier for attackers to manipulate the tokens.

Mitigating JWT Attacks in Laravel

1. Use Strong Signing Algorithms

Ensure that you use strong signing algorithms like RS256 or ES256 instead of weak algorithms like HS256. Laravel's jwt-auth package allows you to configure the algorithm used to sign JWT tokens.

Example:

// config/jwt.php 'algorithms' => [ 'RS256' => \Tymon\JWTAuth\Providers\JWT\Provider::class, ],

This configuration will ensure that the JWT is signed using the RSA algorithm, which is more secure than the default HS256 algorithm.

2. Implement Token Expiry and Refresh

A common issue with JWT tokens is that they often lack expiration. Ensure that your JWT tokens have an expiry time to reduce the impact of token theft.

Example:

// config/jwt.php 'ttl' => 3600, // Set token expiry time to 1 hour

In addition to setting expiry times, implement a refresh token mechanism to allow users to obtain a new JWT when their current token expires.

3. Validate Tokens Properly

Proper token validation is essential to ensure that JWT tokens are authentic and have not been tampered with. Use Laravel’s built-in functions to validate the JWT and ensure it is not expired.

Example:

use Tymon\JWTAuth\Facades\JWTAuth; public function authenticate(Request $request) { try { // Validate JWT token JWTAuth::parseToken()->authenticate(); } catch (\Tymon\JWTAuth\Exceptions\JWTException $e) { return response()->json(['error' => 'Token is invalid or expired'], 401); } }

This code will catch any JWT exceptions and return an appropriate error message to the user if the token is invalid or expired.

4. Secure JWT Storage

Always store JWT tokens in secure locations, such as in HTTP-only cookies or secure local storage. This minimizes the risk of token theft via XSS attacks.

Example (using HTTP-only cookies):

// Setting JWT token in HTTP-only cookie $response->cookie('token', $token, $expirationTime, '/', null, true, true);

Testing Your JWT Security with Our Free Website Security Checker

Ensuring that your Laravel application is free from vulnerabilities requires ongoing testing. Our free Website Security Scanner helps identify common vulnerabilities, including JWT-related issues, in your website or application.

To check your site for JWT-related vulnerabilities, simply visit our tool and input your URL. The tool will scan for issues like weak algorithms, insecure token storage, and expired tokens.

Screenshot of the free tools webpage where you can access security assessment tools.

Example of a Vulnerability Assessment Report

Once the scan is completed, you will receive a detailed vulnerability assessment report to check Website Vulnerability. Here's an example of what the report might look like after checking for JWT security vulnerabilities.

An Example of a vulnerability assessment report generated with our free tool, providing insights into possible vulnerabilities.

By addressing these vulnerabilities, you can significantly reduce the risk of JWT-related attacks in your Laravel application.

Conclusion: Securing Your Laravel Application from JWT Attacks

Securing JWT tokens in your Laravel application is essential to protect user data and maintain the integrity of your authentication system. By following the steps outlined in this post, including using strong algorithms, implementing token expiry, and validating tokens properly, you can safeguard your app from common JWT attacks.

Additionally, make sure to regularly test your application for vulnerabilities using tools like our Website Security Checker. It’s a proactive approach that ensures your Laravel application remains secure against JWT attacks.

For more security tips and detailed guides, visit our Pentest Testing Corp.

How to Convert Object to Array in Laravel?

How to Convert Object to Array in Laravel?

Today now in this post i will show you How to Convert Object to Array in Laravel? If we need to convert a object data from db into an array then we can do it by using DB facade and also Model Eloquent. Sometimes you must need to give an array data only so you must get an array data from the db. Now here I have two examples so i hope it will helps you. So in the first example, If we are use Model…

View On WordPress

Phpstorm Xdebug Laravel

Phpstorm Xdebug Laravel Tutorial

Phpstorm Xdebug Laravel Artisan Serve

Xdebug Phpstorm Cli

Integrate Xdebug with the PHP interpreter Open the active php.ini file in the editor: In the Settings/Preferences dialog Ctrl+Alt+S, click PHP. On the PHP page that opens, click next to the CLI Interpreter field. I have a AngularJS + Laravel application and not able to setup debugging. On project root folder I have a PHP file and the debugger breaks at this file always. I use PHPStorm and have unchecked the '.

Features

Lots of PHP developers create their applications using Laravel, a free, open source PHP web application framework. It is built on top of several Symfony components, and provides a development framework that makes common tasks such as authentication, routing, sessions and caching much easier to implement.

Last summer, we introduced support for Blade, the template language used by Laravel. Recoverit download mac. Support for artisan, the command line tool for Laravel developers, is baked into PhpStorm as well. Using the Laravel plugin and the Laravel IDE helper, we can further extend PhpStorm’s support for Laravel applications. Let’s see how!

The Laravel IDE Helper

After making sure Composer is available for use in our project, we can install the Laravel IDE helper into our project using the Composer | Add dependency… context menu. We can search for barryvdh/laravel-ide-helper and click Install to download the package and add it to our project.

After registering the ‘BarryvdhLaravelIdeHelperIdeHelperServiceProvider’service provider in our application and running artisan ide-helper:generate, PhpStorm will have code completion support and syntax highlighting for many of Laravel’s facades.

The Laravel Plugin for PhpStorm

To further enhance the Laravel experience, we can also install the Laravel Plugin. Under Settings (Preferences) | Plugins, click the Browse repositories… button and search for Laravel. The Install plugin button will download and install the plugin into our IDE.

Restart the IDE and enable the plugin under Settings (Preferences) | Other Settings | Laravel Plugin | Enable Plugin for this Project. All of a sudden, PhpStorm will know what all Laravel facades do, and provide code completion for controllers, views, routes, configuration, translations and many other things!

There’s not only code completion… We can navigate to these items as well! Using Ctrl+Click (CMD+Click on Mac OS X) or Go To Declaration (Ctrl+B / CMD+B), PhpStorm will navigate us to where, for example, a configuration entry is declared.

Working in Blade templates? The Laravel plugin also enhances that experience, for example with code completion for @section directives.

Anxious to learn more? Check our Laravel tutorial, which covers getting PhpStorm ready for Laravel development, code completion, navigation, automatic code inspections, command line tool support, debugging and unit testing!

Are you a Laravel developer? Give PhpStorm 8 a try! We have an elaborate tutorial on Laravel support in PhpStorm which will help you get the most out of our IDE. Your feedback is very welcome through the issue tracker, by posting in the comments below, or in our forums!

Develop with pleasure! – JetBrains PhpStorm Team

Stef Rouschop

min read

TLDR;

This guide will make you install Xdebug on your Mac without the performance downsides, but still being able to use all the Xdebug goodnesses. Most Xdebug setups only allow you to use it through a web browser plugin. This is not helpful when you’re following a TDD approach. So we’ll get it to work right from your tests in PhpStorm, no browser needed!

Having tests is awesome!

I’m a huge fan of tests in Laravel and try to develop as much as possible using the TDD approach. When a project grows over the years, your tests are becoming like a guard that will tell when you messed up functionality by adding or changing some code later on. This gives a peace of mind and has saved my bacon many times already.

PhpStorm has a great GUI for running PHPUnit tests where you’re able to click directly on the links to the scripts where a test fails. I love this workflow and I’ve never used phpunit on the command line since. Praat phonetics. However, when your tests fail, it can become somewhat cumbersome to figure out what is going on. The first thing I always do is add ->dump() to the request, that will point me in the right direction most of the time. But there are cases where you really need to dig into the code. This is where I previously placed some dd() in the code and then tried to follow the steps. Raise your hand if you’ve been there 🤚!

Xdebug is a wonderful tool that can help you with that, but I previously used it a long time ago with a browser plugin. Since PHPUnit gets really slow when Xdebug is installed and it also impacts the composer performance, I removed it from my system and never used it since. Until I recently discovered “on-demand Xdebug” in PhpStorm! This will not enable Xdebug by default, and will only use it when you need to.It’s really simple to set up and I love using it! You can also use it directly in your tests, so you don’t have to recreate the situation in your browser. I’ll show you how to install and use it in this article.

Install

In our company we only use Mac’s, I have no idea how to set this up on Windows, so you’ll have to google around if that’s your case. For Linux, it will more or less be the same (except for PHP installation) I think.

I’m assuming you’ve been using Homebrew to install the latest version of PHP. It’s as simple as brew install php.

Extensions as Xdebug have recently been removed from Homebrew and need to be installed using PECL. Luckily that is also really easy!pecl install xdebugThe install will add a reference to Xdebug in your php.ini file so it will be loaded by default. We don’t want that! So we’ll remove this reference. Here’s how to do it:On your command line enter: php --ini this will give you the path of the php.ini file that is used on your system.

Open the file in an editor of your choice, or use the default editor for this filetype. In the case of our example, we can do this with the command open /usr/local/etc/php/7.2/php.ini. This will open the php.ini file. We can see the reference added by the Xdebug installer on line 1: zend_extension=”xdebug.so”. We need to remove this line so Xdebug is not loaded by default anymore. Twitch deere. There, all done 🥳!

PhpStorm setup

I’ll assume you have a setup for your TDD workflow in PhpStorm. The purpose of this guide is only to extend it with Xdebug. If you don’t have it, here is an old but still relevant video from Laracasts.com: Be Awesome in PHPStorm: Testing in PHPStorm.

We will need to tell PhpStorm where Xdebug is located for using it on demand. In the settings navigate to Languages and Frameworks and then PHP. On the CLI Interpreter click on the … button like in the screenshot.

Now we can specify where Xdebug is located on your system. In our example this is in /usr/local/lib/php/pecl/20170718/xdebug.so, but this path depends on the version and can be different on your system. So be sure to click on the folder icon to navigate through your system and find it.

When the path is correct and you hit the refresh button, you will see the Xdebug version that was found by PhpStorm.

Using it

Phpstorm Xdebug Laravel Tutorial

For sake of simplicity, we’ll create a simple test where we assert the content of two routes. The routes we’re about to test will just return some variables, nothing fancy going on here, you’ll get the idea. Laravel makes creating tests really easy with the artisan helper php artisan make:test TwoRoutesTest.

In the image below you can see how the tests are run when you’ll hit the green “play” button, nothing new here. Did you also know about the SHIFT + CTRL + R shortcut? Place your cursor in a test and hit the shortcut and only this single test will run. When you place the cursor outside of a test, all the tests of this test-file will run. I really love this shortcut 😍!

Now, let's use Xdebug!

Phpstorm Xdebug Laravel Artisan Serve

Go to your code and place some breakpoints on the left side of the lines. They will be marked with red circles when you click them. This time, don’t click the green “play” button, but the red bug on the right side of it.

Xdebug Phpstorm Cli

The test will stop on the first breakpoint. You’ll get a nice overview of all (global) variables in the debug screen. When you press the green “play / pause” button on the left side of the screen you’ll go to the next breakpoint. You can really dig in the code now to figure out where your bugs happen. I won’t go into detail about all the PhpStorm/Xdebug functionality. That might be a completely different blog post.

Happy debugging

I hope this will enhance your debugging workflow as much as it did for me!

Laravel 5.5 Facades Tutorial Example From Scratch

[ad_1]

Laravel 5.5 Facades Tutorial is today’s leading topic. Facades provide a “static” interface to classes that are available in the application’s service container. Laravel ships with so many facades which provide access to almost all of the Laravel’s features. Laravel facade serves as “static proxies” to underlying classes in the service container. All of Laravel’s facades are defined in…

View On WordPress

Gates and Policies in Laravel

Today, we're going to discuss the authorization system of the Laravel web framework. The Laravel framework implements authorization in the form of gates and policies. After an introduction to gates and policies, I'll demonstrate the concepts by implementing a custom example.

I assume that you're already aware of the built-in Laravel authentication system as that's something essential in order to understand the concept of authorization. Obviously, the authorization system works in conjunction with the authentication system in order to identify the legitimate user session.

If you're not aware of the Laravel authentication system, I would highly recommend going through the official documentation, which provides you with hands-on insight into the subject.

Laravel's Approach to Authorization

By now, you should already know that the Laravel authorization system comes in two flavors—gates and policies. Although it may sound like a complicated affair, I would say it's pretty easy to implement it once you get the hang of it!

Gates allow you to define an authorization rule using a simple closure-based approach. In other words, when you want to authorize an action that's not related to any specific model, the gate is the perfect place to implement that logic.

Let's have a quick look at what gate-based authorization looks like:

... ... Gate::define('update-post', function ($user, $post) { return $user->id == $post->user_id; }); ... ...

The above snippet defines the authorization rule update-post that you could call from anywhere in your application.

On the other hand, you should use policies when you want to group the authorization logic of any model. For example, let's say you have a Post model in your application, and you want to authorize the CRUD actions of that model. In that case, it's the policy that you need to implement.

class PostPolicy { public function view(User $user, Post $post) {} public function create(User $user) {} public function update(User $user, Post $post) {} public function delete(User $user, Post $post) {} }

As you can see, it's a pretty simple policy class that defines the authorization for the CRUD actions of the Post model.

So that was an introduction to gates and policies in Laravel. From the next section onwards, we'll go through a practical demonstration of each element.

Gates

In this section, we'll see a real-world example to understand the concept of gates.

More often than not, you end up looking at the Laravel service provider when you need to register a component or a service. Following that convention, let's go ahead and define our custom gate in the app/Providers/AuthServiceProvider.php as shown in the following snippet.

<?php namespace App\Providers; use Illuminate\Support\Facades\Gate; use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider; use Illuminate\Http\Request; class AuthServiceProvider extends ServiceProvider { /** * The policy mappings for the application. * * @var array */ protected $policies = [ 'App\Model' => 'App\Policies\ModelPolicy', ]; /** * Register any authentication / authorization services. * * @return void */ public function boot() { $this->registerPolicies(); Gate::define('update-post', function ($user, $post) { return $user->id == $post->user_id; }); } }

In the boot method, we've defined our custom gate:

Gate::define('update-post', function ($user, $post) { return $user->id == $post->user_id; });

While defining a gate, it takes a closure that returns either TRUE or FALSE based on the authorization logic that's defined in the gate definition. Apart from the closure function, there are other ways you could define gates.

For example, the following gate definition calls the controller action instead of the closure function.

Gate::define('update-post', 'ControllerName@MethodName');

Now, let's go ahead and add a custom route so that we can go through a demonstration of how gate-based authorization works. In the routes file routes/web.php, let's add the following route.

Route::get('service/post/gate', 'PostController@gate');

Let's create an associated controller file app/Http/Controllers/PostController.php as well.

<?php namespace App\Http\Controllers; use App\Http\Controllers\Controller; use App\Post; use Illuminate\Support\Facades\Gate; class PostController extends Controller { /* Make sure you don't user Gate and Policy altogether for the same Model/Resource */ public function gate() { $post = Post::find(1); if (Gate::allows('update-post', $post)) { echo 'Allowed'; } else { echo 'Not Allowed'; } exit; } }

In most cases, you'll end up using either the allows or denies method of the Gate facade to authorize a certain action. In our example above, we've used the allows method to check if the current user is able to perform the update-post action.

Users with sharp eyes would have noticed that we've only passed the second argument $post to the closure. The first argument, the current logged-in user, is automatically injected by the Gate facade.

So that's how you're supposed to use gates to authorize actions in your Laravel application. The next section is all about how to use policies, should you wish to implement authorization for your models.

Policies

As we discussed earlier, when you want to logically group your authorization actions for any particular model or resource, it's the policy you're looking for.

In this section, we'll create a policy for the Post model that will be used to authorize all the CRUD actions. I assume that you've already implemented the Post model in your application; otherwise, something similar will do.

The Laravel artisan command is your best friend when it comes to creating stubbed code. You can use the following artisan command to create a policy for the Post model.

$php artisan make:policy PostPolicy --model=Post

As you can see, we've supplied the --model=Post argument so that it creates all the CRUD methods. In the absence of that, it'll create a blank Policy class. You can locate the newly created Policy class at app/Policies/PostPolicy.php.

Let's replace it with the following code.

<?php namespace App\Policies; use App\User; use App\Post; use Illuminate\Auth\Access\HandlesAuthorization; class PostPolicy { use HandlesAuthorization; /** * Determine whether the user can view the post. * * @param \App\User $user * @param \App\Post $post * @return mixed */ public function view(User $user, Post $post) { return TRUE; } /** * Determine whether the user can create posts. * * @param \App\User $user * @return mixed */ public function create(User $user) { return $user->id > 0; } /** * Determine whether the user can update the post. * * @param \App\User $user * @param \App\Post $post * @return mixed */ public function update(User $user, Post $post) { return $user->id == $post->user_id; } /** * Determine whether the user can delete the post. * * @param \App\User $user * @param \App\Post $post * @return mixed */ public function delete(User $user, Post $post) { return $user->id == $post->user_id; } }

To be able to use our Policy class, we need to register it using the Laravel service provider as shown in the following snippet.

<?php namespace App\Providers; use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider; use Illuminate\Http\Request; use App\Post; use App\Policies\PostPolicy; class AuthServiceProvider extends ServiceProvider { /** * The policy mappings for the application. * * @var array */ protected $policies = [ 'App\Model' => 'App\Policies\ModelPolicy', Post::class => PostPolicy::class ]; /** * Register any authentication / authorization services. * * @return void */ public function boot() { $this->registerPolicies(); } }

We've added the mapping of our Policy in the $policies property. It tells Laravel to call the corresponding policy method to authorize the CRUD action.

You also need to register the policies using the registerPolicies method, as we've done in the boot method.

Moving further, let's create a couple of custom routes in the routes/web.php file so that we can test our Policy methods there.

Route::get('service/post/view', 'PostController@view'); Route::get('service/post/create', 'PostController@create'); Route::get('service/post/update', 'PostController@update'); Route::get('service/post/delete', 'PostController@delete');

Finally, let's create an associated controller at app/Http/Controllers/PostController.php.

<?php namespace App\Http\Controllers; use App\Http\Controllers\Controller; use App\Post; use Illuminate\Support\Facades\Auth; class PostController extends Controller { public function view() { // get current logged in user $user = Auth::user(); // load post $post = Post::find(1); if ($user->can('view', $post)) { echo "Current logged in user is allowed to update the Post: {$post->id}"; } else { echo 'Not Authorized.'; } } public function create() { // get current logged in user $user = Auth::user(); if ($user->can('create', Post::class)) { echo 'Current logged in user is allowed to create new posts.'; } else { echo 'Not Authorized'; } exit; } public function update() { // get current logged in user $user = Auth::user(); // load post $post = Post::find(1); if ($user->can('update', $post)) { echo "Current logged in user is allowed to update the Post: {$post->id}"; } else { echo 'Not Authorized.'; } } public function delete() { // get current logged in user $user = Auth::user(); // load post $post = Post::find(1); if ($user->can('delete', $post)) { echo "Current logged in user is allowed to delete the Post: {$post->id}"; } else { echo 'Not Authorized.'; } } }

There are different ways you could authorize your actions using Policies. In our example above, we’ve used the User model to authorize our Post model actions.

The User model provides two useful methods for authorization purposes—can and cant. The can method is used to check if the current user is able to execute a certain action. And the counterpart of the can method, the cant method, is used to determine the inability of the action execution.

Let’s grab the snippet of the view method from the controller to see what exactly it does.

public function view() { // get current logged in user $user = Auth::user(); // load post $post = Post::find(1); if ($user->can('view', $post)) { echo "Current logged in user is allowed to update the Post: {$post->id}"; } else { echo 'Not Authorized.'; } }

Firstly, we load the currently logged-in user, which gives us the object of the User model. Next, we load an example post using the Post model.

Moving ahead, we’ve used the can method of the User model to authorize the view action of the Post model. The first argument of the can method is the action name that you want to authorize, and the second argument is the model object that you want to get authorized against.

That was a demonstration of how to use the User model to authorize the actions using policies. Alternatively, you could use the Controller Helper as well, if you’re in the controller while authorizing a certain action.

… $this->authorize('view', $post); …

As you can see, you don’t need to load the User model if you use the Controller Helper.

So that was the concept of policies at your disposal, and it’s really handy while authorizing a model or a resource as it allows you to group the authorization logic in one place.

Just make sure that you don’t use gates and policies altogether for the same actions of the Model, otherwise it’ll create issues. That’s it from my side for today, and I’ll call it a day!

Conclusion

Today, it was Laravel authorization that took the center stage in my article. At the beginning of the article, I introduced the main elements of Laravel authorization, gates and policies.

Following that, we went through creating our custom gate and policy to see how it works in the real world. I hope you’ve enjoyed the article and learned something useful in the context of Laravel.

For those of you who are either just getting started with Laravel or looking to expand your knowledge, site, or application with extensions, we have a variety of things you can study on Envato Market.

As always, I would love to hear from you in the form of comments using the feed below!

by Sajal Soni via Envato Tuts+ Code http://ift.tt/2iWGhkh

How to get all session data in laravel

How to get all session data in laravel

In this article, we will get to know, how to get session data in laravel, in a very easy way. I will show you step by step guide to getting session data in laravel. There are many ways to get session data in laravel, I will show you to get the session data by the helper and by using the facade. Example-1: By using the session helper Now in the below code, we will get all the session() data by…

View On WordPress

laravel create facade,laravel 5 8 create facade,laravel 6 create facade,laravel use facade in blade,laravel 5 create facade example,laravel create custom facade tutorial,How to create facade in laravel 6

Facades in laravel explained

In general terms, a Facade (pronounced as  /fəˈsɑːd/) is the exterior and front facing side of a building or any thing. Importance of facades are they are easy to notice and more prominent, similarly there is a concept of facades in laravel too. No, we are not developing a building through laravel rather we are going to manage our code readability and build easy to remember syntax of functions and classes through it.

As you know, there are two types of functions in any programming language so do in PHP, which are non static functions and static functions.

Table of Contents

What do we mean by non static functions ?

What are static functions, then ?

What are facades in Laravel ?

Why do we use facades ?

How do I create a facade class and use in my application ?

Conclusion

Objective of this example

Step 1. Create a folder with the name “Facades” in app directory

Step 2. Create 2 Files in Facades directory

Step 3. Add the code in web.php