How to Pass Authenticated User to the Request - Build Expense Tracker App With PHP 8
Вставка
- Опубліковано 2 жов 2024
- In this video we persist the logged in user object so that we can access the logged in user throughout the request.
SOME OF THE WAYS YOU CAN SUPPORT THE CHANNEL
👍 Smash the like button
🤝 Subscribe to the channel & turn the notifications on
💬 Post comments, any feedback is greatly appreciated
⭐ Become a Patreon: / programwithgio
THANK YOU!
🛠️ TOOLS & SERVICES I USE
Digital Ocean Hosting - Get 100$ credit - m.do.co/c/38b9...
Domains on Namecheap - namecheap.pxf....
Envato Elements - 1.envato.marke...
LESSON P.6
Starting Source Code - github.com/gge...
Ending Source Code - github.com/gge...
Course Outline - github.com/gge...
Course Playlist - • Learn PHP The Right Wa...
** Affiliate Disclaimer: Some of the above links may be affiliate links, which may generate me a sales commission at no additional cost to you.
You're amazing. Your's are the best php tutorial I've been by far in youtube.
Happy to hear that, thank you 💙
A lot of refactoring in this lesson and I had to go slow to understand it al. Not always sure of why, but that is perhaps the difference in experience. You seem very capable and experienced in this way of coding.
And passing credentials when you only need email or password seems to obscure the purpose of some methods perhaps, but that is probably done this way since you know it is not an end-stage of it and will change to a DTO solution or will get more credentials than we use now.
I am getting to understand middle ware a bit now, it seems something like a wrapper function that basically uses the call stack. It's a nice solution.
But all in all a great inside in your way of looking at it and experiencing how you work. If this is the speed you can do it unprepared too, you're much faster in refactoring than I can see myself be. 🙂 Impressive.
I do find in OOP that the more a project grows, the more difficult it seems to keep everything straight (what is where) and the need of a good IDE makes a difference.
I have tried to understand and debug some WordPress plugins in OOP and when they were big, like The events calendar, it wasn't easy for me to get into the structure of it, so I would find where to go. I always felt in oop you need a roadmap to find out where to go. Perhaps now I have learned some design patterns in your course I would recognize more of it. I hope so.
This is a nice project to work on. Thank you for the lessons.
Happy to hear, thank you. Refactoring becomes easy with experience, after you've done it many times across multiple projects. As for the DTO part yes, I will try to convert things to DTOs as we go but I also want you the viewer to try things out your way.
17:42 I think this error happened because of the directory structure. You were in expennies/configs/container/container_bindigs.php path and from there you wanted to create UserProviderService in expennies/app/Services path so IDE thought you were using relative instead of absolute path.
you improve the code structure many times
more effort from your side
but very educational for us
thank you 🌟
Glad you like it 💙
Hello, First of all thanks for your great content which is so helpful
small notice, I think this video is flipped with the next one cause at you say last we talked about session fixation and hijacking but these topics are in the next video
Thank you. Session fixation & hijacking were covered in previous video, you can see the outline here as well as full list of videos in order: github.com/ggelashvili/learnphptherightway-outline
The next video is P.7 and covers session refactoring
You are making a whole framework lol.
Nope, I'm not making a whole framework. In fact, we are using a Slim framework. I'm just implementing the session based authentication myself because there are not that many packages available that provide that.
Awesome work As Always.And of course can not stop apllauding you fo this job. Just one question Gio, do you know what can be the reason that every change I do in the twig templates it just do not work. For example the logout ui is not being displayed in my server. I tried it in my own code, then I tried to take it from your github but it was not helpful. Do you have any idea?
Thank you. Do you get any errors? It might also be cache, try deleting the twig templates cache directory and see if it works. Might want to disable caching for local dev
@@ProgramWithGio no, nothing about errors. I just keep getting the template that was in the first part.I also deleted the view directory and after putted it once again but still doesn’t help.
@@Armando-px8hi not the view directory, there is cache directory created under storage directory, delete that. It's most likely cache related
@@ProgramWithGio Just tried it , it was from ul, li…Thanks very much Gio👏👏👏
@@ProgramWithGio little late to discussion, but I had similar problem and it's not cache. It's npm run dev what I had to do. This is mentioned in lesson P.2 near beginning.
Valuable. Nice job!
Thank you
Is there anything wrong if we start the sessions and save them immediately before creating a response like this?
$this->session->start();
$this->session->save();
$response = $handler->handle($request);
return $response;
What is the difference if we start the session, then create a response and only then save the sessions and return response?
Yes the session won't be available anymore on the way out for middlewares so some things may not work as expected
surprisingly the order of middleware registration matters. I spent 20 minutes trying to figure out why AuthenticationMiddleware is not working. It was the order of registration of middlewares. how does that affect the program ??
Yes we covered that in section 3 lesson 28 - ua-cam.com/video/wCZUD6LBdRg/v-deo.html at around minute 3
Shoot! UA-cam notification was late! But I'm super glad. Lemme dig in. Thanks Gio
Let's get coding 👨💻
Why we didn't use Repository design pattern instead of UserServiceProvider?
BTW when we should use interfaces and when we shouldn't, what's about abstract classes?
You are free to use any design pattern that you like. Repository pattern could work too but it may complicate things depending on how you implement the repository pattern. There are lessons about interfaces & abstract classes in this course, check the link to the outline repo or the playlist that lists all the videos and you will find ones about interface & abstract classes. Do you have any specific question about abstract classes?
@@ProgramWithGioNah
Thanks for the quick response
Gio, what is your perspective on using JWT tokens for authentication instead of the session cookie approach that you have in these videos? We have a mobile application that will require authentication and we want to use JWT for the mobile app. There is also a web app and we don't want to have two different approaches within the same codebase.
JWT is fine for the most part for cases where session based approach is not possible like mobile apps. Laravel has first party support for authenticating mobile apps using tokens via sanctum
Another video another greatness.
I have a question about login tocken.
We use cookies to add a remember me feature that keeps the user logged in after the browser is closed. we store user id or token reference to user in cookies.
but I can copy cookies form user's browser and paste it in my browser so I have access to user's acount .
what is the method to preventing login by copy login coockies?
I just need refrence or any artical about this topic
sorry for the poor english
If someone has access to your computer who can steal your cookie then yea but they could also steal a lot of things while having access to your computer. There are other ways to steal cookies as well via XSS which we cover in few lessons & how to add proper protection.
@@ProgramWithGio
Yes, that's what I mean in case someone accesses the user's browser and steals the cookie file. They can then paste this value into their device and log in. However, when I try to do this on all websites, it doesn't work, even on Breez in Laravel it doesn't work, and therefore there is a way to prevent this. I'm still delving into this topic and I think I'll find an answer. Thank you, Professor Geo, for everything you provide us. I am very grateful to you.☺
@@mwaas Yea, we cover that in here. You'll get to Session hijacking/fixation, CSRF & XSS videos soon.
I think there is mistake in order videos
because "Session Based Authentication" is the lesson 107 and this lesson is 106
This is the correct order, we add session interface in the next lesson. We basically slowly build up to it.
@@ProgramWithGio Yes, that's true. I'm sorry, things got mixed up for me because of fasting during Ramadan.
@@mwaas No worries
Pls how can I get all this lecture source code, I try to click the link in description am unable to download it
Link to github repo is in the description, so click on it & you should be able to download it from there
😄😎5:20
Looked cool :D
It's sad that we need to wait 1 whole week to get new videos. Awesome job. 👍
Next video is actually scheduled for Thursday. But yea unfortunately I don't have a lot of free time to make videos faster.
How can we restrict a user to only be logged in on one device and logged out from all other devices. Good for financial apps.
You could do it with a bit of session management, on log in check if user already has an active session, destroy active sessions & log the user in from current device. There are multiple ways this can be implemented.
@@ProgramWithGio Thanks, i appreciate your response.
as always your tutorial series is very helpful
Happy to hear that, thank you 🙌
Amazing job
Thank you