Basics Of Laravel Security

Laravel Security

  • Security is most important part of the website.
  • Laravel provides different mechanisms to secure website.
  • Its give surety to the users of the website that their data is secured.


  • Laravel implements authentication it’s very simple.
  • The authentication configuration file in app/config/auth.php directory.
  • Laravel give default model as User model which is located in app/models.

Storing Passwords

  • Laravel service provides Hash class for secure Bcrypt hashing
  • make() function will take the value as an argument and will return the hashed value

Verifying A Password Against A Hash:

Checking If A Password Needs To Be Rehashed

Authenticating Users:

  • Another main security feature is authenticating the user and perform some action.
  • When log a user into your application, you may use the Auth::attempt method.
  • When the attempt method is called, the Auth::attempt event will be fired. If the authentication attempt is successful and the user is logged in, the Auth::login event will be fired as well.
  • The Auth::attempt method will take credentials as argument and will verify those credentials against the credentials stored in database and will return true if it is matched or false otherwise.

Determining If A User Is Authenticated

  • If the user is already logged into your application, you may use the Check method:

Authenticating A User With “Remembering”

  • If you like to provide “remember me” functionality into your application then you just pass true as the second argument in the Auth:: attempt method :

Determining If User Authed Via Remember

If you are “remembering” user logins, you may use the viaRemember method to determine if the user was authenticated using the “remember me” for the cookie:

Accessing The Logged In User

When a user is authenticated, you may access the User model/ record:

When authenticated user retrieve user’s ID, you may use the id method:

Validate User Credentials for Without Login

The validate method allows you to validate a user’s credentials without logging into the application:

Logout Logged In User

Manually Logging Users

If you need manually logged in in the application, you may just call the login method:

This is equivalent to logging in a user via credentials using the attempt method.

Protecting Routes

Route filter allows for only authenticated users to access routes. Laravel provides auth

Filter by default:

CSRF Protection

Laravel provides method for protecting your application from cross-site request forgeries :

CSRF Token used Into Form

Validate The Submitted CSRF Token

Avoiding SQL Injection

  • SQL injection vulnerability exists when an application inserts unfiltered user input in the SQL query.
  • By default Laravel protect your query builder and Eloquent with use PHP Data Objects (PDO) class.
  • PDO allows you to safely pass any parameters.


  • In Laravel, it very easy to create, read, and expire cookies with its Cookie class and cookies is automatically signed and encrypted.

Forcing HTTPS when exchanging sensitive data

  • HTTPS prevents attackers on the same network to intercept private information such as session variables, and log in as the victim.

Hope this helps you well, feel free to add your comments/feedbacks and need more assistance regarding Laravel services or OctoberCMS development services, be in touch


OctoberCMS – How Component Works?

OctoberCMS - How Component works?
What is Component?
A component is a part or identifiable of larger program or construction of web application. A component is a nontrivial, nearly independent, and replaceable part of a system that fulfills a clear function in the context of a well-defined architecture.
Usually, a component provides a particular function or group of related functions. Components are configurable building elements that can be attached to any page, partial or layout. Components are key features of October. Each component implements some functionality that extends your website.
Why Use?
Components can output HTML markup on a page, but it is not necessary – other important features of components are handling AJAX requests, handling form postbacks and handling the page execution cycle, that allows to inject variables into pages or implement the website security in OctoberCMS Builder.
How to Defines and Use?
If you use the back-end user interface you can add components to your pages, partials, and layouts by clicking the component in the Components panel. If you use a text editor you can attach a component to a page or layout by adding its name to the Configuration section of the template file. The next example demonstrates how to add a demo To-do component to a page:
    title = "Components demonstration"
    url = "/components"

    maxItems = 20
Here, the [demoTodo] defines the component alias with demoTodo name defines when registering the components into registerComponents() method of plugins.php file.
Also, we can initialize component with properties that’s defines a component as per we have gives maxItems property. Many components have properties, but it is not a requirement. Some properties are required, and some properties have default values.
Components that provide HTML markup can be rendered on a page with the {% component %} tag, like this:
    {% component 'demoTodo' %}

If you define two components with the same name are assigned to page and layout together, the page components override any properties of the layout components.
Components Alias:
If there are two plugins that register components with the same name, you can attach a component by using its fully qualified class name and assigning it an alias:
[October\Demo\Components\Todo demoTodoAlias]
maxItems = 20
The first parameter in the section is the class name, the second is the component alias name that will be used when attached to the page.
If you specified a component alias you should use it everywhere in the page code when you refer to the component. Like this:
    {% component 'demoTodoAlias' %}
The aliases also allow you to define multiple components of the same class on the same page by using the short name first and an alias second.
    [demoTodo todoA]
    maxItems = 10
    [demoTodo todoB]
    maxItems = 20
Passing variable to Component:
Components can be designed to use variables at the time they are rendered, similar to Partial variables, they can be specified after the component name in the {% component %} tag.
Like this : {% component 'demoTodoAlias' maxItems='7' %}
Hope this helped you to know how components work in OctoberCMS. Here’s an informative blog regarding OctoberCMS Plugin Development.

All You Need To Know About Blade Templates In Laravel

Blade Templates In Laravel
Let’s start with the introduction of Blade and how Laravel supports it strongly. Laravel provides a simple and powerful templating engine like as blade. You can also use PHP code in blade template views.
In fact, all blade views are compiled into plain PHP code. Blade view files use the “.blade.php “  extension and it stored in “ resources/views “

Template Inheritance:

When defining a view you use the Blade @extends directive to extend the blade layout and blade all section using
@section directives.
@section('title', 'Page sidebar')
<p>This is sidebar demo.</p>
<p>This is body content.</p>
Here, we are extending blade view so we use all section @section directives @parent directive is an append
directive to the layout’s sidebar.
Blade view may be returned from routes.
Route::get(blade/name, function () {
    return view('');
Displaying Data:-
You may Display data in blade bypass the variable in curly braces like:
 Route::get('bladeDemo', function () {
        return view('welcome', ['name' => 'Addweb']);
Here, we add the ‘Data’ in name variable so, we display the name like,
 Hello {{ $name }}.
It has not limited to displaying content, in fact, you can also put any PHP code and result of any PHP functions inside of blade echo statement.
{{ isset($name) ? $name : Test }}
Here, we use the ternary operator to check the name is exist or not. if a name exists and set so it displays name and not set name so it can display Default.

Control Structures:-

The blade provides the displaying data but in additionally blade also provides the convenient shortcut of PHP control

structure such as conditional statement and loops.
If statement:-
You may use the @if, @elseif, @else, @endif directives for the if construct.These directives function identically to their PHP counterparts.
@if (count($records) === 1)
    I have one record!
@elseif (count($records) > 1)
    I have multiple records!
    I don't have any records!

Blade provides simple directive parts for a looping and it is identical to their PHP counterparts

@for ($i = 0; $i < 10; $i++)
        The current value is {{ $i }}
@foreach ($demos as $demo)
    <p>This is demo{{ $demo->id }}</p>
@forelse ($demos as $demo)
    <li>{{ $demo->name }}</li>
    <p>No users</p>
@while (true)
    <p>I'm looping forever.</p>
The Loop variables:-

When a loop is working a $loop is available inside of a loop. This variable provides some variable to use bits of information such as the current loop of an index and first or last iteration of a loop.

Hope this helped you to get most out of the system. Feel free to share your reviews or need assistance for Hire Laravel Developer then get in touch with us. Pick the best answer for your requirements.

Understand The Implementation of REST API In Laravel 5

In this blog, we are going to demonstrate the understanding to implement REST API in Laravel 5. Starting with some quick introduction part;
  • Rest API is backend implementing also it is a simple basic HTTP authentication to store data for different users of the application.
  • We will use the middleware to provide the authentication for the rest call.
  • The middleware will authorize the user at every request without storing in session or using token.
Implement REST API:
composer create-project restAPP –prefer-dist
  • This terminal command to we create the new application and that name is restAPP.
  • Then after we create the model for basic authentication and we are using the email for login parameter.
  • Complete the project creation after we have created the controller and model, using artisan command.
    php artisan make:model Todo
namespace App;
use Illuminate\Database\Eloquent\Model;
use App\User;
class Todo extends Model {
 protected $fillable = ['title','isDone'];
    public function user(){
        return $this->belongsTo('App\User');
In the model we have to add the reference to the user model and method to retrieve it.
    php artisan make:controller TodoController
namespace App\Http\Controllers;
use App\Http\Controllers\Controller;
use App\Todo;
use Auth;
use Request;
class TodoController extends Controller {
    * Display a listing of the resource.
    * @return Response
   public function index() {
         $todos = Todo::where('user_id','=',Auth::user()->id)->get();
     return $todos;
    * Store a newly created resource in storage.
    * @return Response
   public function store() {
      $todo = new Todo(Request::all());
      $todo->user_id = Auth::user()->id;
      return $todo;
In controller, we have to add a basic method to create and retrieve data from the logged users.
It’s all complete then we have to create a middleware to for authentication for possible to access data only if the user passes in the HTTP request his email and password. Let’s create middleware.
    php artisan make:middleware simpleAuthMiddleware
<?php namespace App\Http\Middleware;
use Closure;
class SimpleAuthMiddleware
    * Handle an incoming request.
    * @param  \Illuminate\Http\Request $request
    * @param  \Closure $next
    * @return mixed
   public function handle($request, Closure $next)
      return Auth::onceBasic('username') ?: $next($request);
After creating middleware we have to register in “ kernel.php “ file and give the key for easily use this middleware.
‘simpleauth’ => ‘App\Http\Middleware\SimpleAuthMiddleware’, After register this middleware we have to create the route path for Todo Controller and middleware
Route::get('api/todo', ['uses' => 'TodoController@index','middleware'=>'simpleauth']);
Route::post('api/todo', ['uses' => 'TodoController@store','middleware'=>'simpleauth']);
If you try with the postman on every request of email and password will be prompted. You will also pass this info on URL or HTTP header.

Hope this helped you to get most out of the system. Feel free to share your reviews or need assistance for Hire Laravel Developer then get in touch with us. Pick the best answer for your requirements.