I have created a login page in which user login in with their credentials i.e patientId and contactNumber but after being logged in, the CSRF token is also displaying login credentials along with the token.Also I am using APIs for login and other stuff. This is the output I am getting: http://127.0.0.1:8000/login1?_token=BugYniw96HnJ6C8gjjcpzSruW0CwDdq8JW7kD7Oz&patientId=33488&contactNumber=08732837489
This is my login blade file:
<form method="GET" action="{{route('login1')}}" name="myForm" class="login100-form validate-form" >
<input type="hidden" name="_token" value="{{ csrf_token()}}">
<span class="login100-form-title">
User Login
</span>
<div class="wrap-input100 validate-input" data-validate="Mr.No is required">
<input class="input100" name="patientId" id="patientId" placeholder="Enter MR Number" >
<span class="focus-input100"></span>
<span class="symbol-input100">
<i class="fa fa-user" aria-hidden="true"></i>
</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Contact Number is required">
<input class="input100" name="contactNumber" id="contactNumber" placeholder="Enter Contact Number">
<span class="focus-input100"></span>
<span class="symbol-input100">
<i class="fa fa-lock" aria-hidden="true"></i>
</span>
</div>
<div class="container-login100-form-btn">
<button class="login100-form-btn" type="submit">
Login
</button>
</div>
<div class="text-center p-t-136">
<a class="txt2" href="#">
</a>
</div>
</form>
This is a web route file:
<?php
use Illuminate\Support\Facades\Route;
use App\Http\Controllers\MainController;
use App\Http\Middleware\VerifyCsrfToken;
Route::get('/', function () {
return view('login1');
});
Route::get('/login1', [MainController::class, 'successlogin'])->name('login1');
This is my controller file:
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Http\Controllers\SessionClass;
use Illuminate\Support\Facades\Http;
use App\Http\Controllers\HostClass;
use Illuminate\Support\Facades\Session;
class MainController extends Controller
{
public function successlogin(Request $req)
{
$host = new HostClass();
$obj = new SessionClass();
$obj->sethalfpatientId($req->patientId);
$response = Http::post($host->getserverIp().'/patientInformation',[
"patientId"=> $req->patientId,
"contactNumber"=> $req->contactNumber,
"orgId"=>"332",
"sessionId"=> "3"
]);
$data = json_decode($response, true);
if($data == null){
echo "error";
$notification = array(
'message' => 'User Does not Exists!',
'alert-type' => 'error'
);
return back()->with($notification);
}
else{
$obj->setpatientId($data['patientId']);
$obj->setcontactNumber($data['contactNumber']);
$response2 = Http::post($host->getserverIp().'/searchPatientReports',[
"patientId"=> $obj->getpatientId(),
"departmentId"=> "128"
]);
$data2 = json_decode($response2, true);
$response3 = Http::post($host->getserverIp().'/patientVisits',[
"patientId"=> $obj->getpatientId()
]);
$data3 = json_decode($response3, true);
Session::put('user', $data);
$listappointment = ($data['listAppointments']);
return view('dashboard', compact(['data','data2','data3','listappointment']));
}
}
use POST method so the data dont show in the url
<form method="POST" action="{{route('login1')}}" name="myForm" class="login100-form validate-form" >
And change the route to accept post method
Route::post('/login1', [MainController::class, 'successlogin'])->name('login1');