objPermission = new PermissionController(); } public function checkLegit($u, $p) { if (!isset($u) || !isset($p)) { return 0; } $check = DB::table('users') ->select('id') ->where('username', $u) ->where('password', $p) ->first( 'id' ); return $check->id; } public function getPermissions($user, $pass) { $check = $this->checkLegit($user, $pass); $perm = DB::table('usr_perm_id') ->select('perm_id') ->where('user_id', $check) ->first( 'perm_id' ); $perm = json_decode(json_encode($perm), true); // Does the user ID exist? Grand the appropriate rights. Otherwise, use guest. if ($check != 0) { // Page permissions. $grouppermblg = $this->objPermission->getPermissionGroup('blg', $perm['perm_id']); $userpermblg = $this->objPermission->getPermissionUser('blg', $check); // Board permissions. $grouppermfor = $this->objPermission->getPermissionGroup('for', $perm['perm_id']); $userpermfor = $this->objPermission->getPermissionUser('for', $check); // Store permissions. $grouppermstr = $this->objPermission->getPermissionGroup('str', $perm['perm_id']); $userpermstr = $this->objPermission->getPermissionUser('str', $check); // User permissions. $grouppermusr = $this->objPermission->getPermissionGroup('usr', $perm['perm_id']); $userpermusr = $this->objPermission->getPermissionUser('usr', $check); // Image permissions. // $grouppermimg = $this->objPermission->getPermissionGroup('img', $perm['perm_id']); // $userpermimg = $this->objPermission->getPermissionUser('img', $check); // Now provide an array of user overwritten permissions if it exists. Otherwise, give its group permissions. $blgarr = array(); $forarr = array(); $strarr = array(); $usrarr = array(); // $imgarr = array(); if (!empty($userpermblg[0])) { $blgarr = (array)$userpermblg[0]; } else { $blgarr = (array)$grouppermblg[0]; } $blgarr = array_combine( array_map(function($k){ return 'blg_'.$k; }, array_keys($blgarr)), $blgarr ); if (!empty($userpermfor[0])) { $forarr = (array)$userpermfor[0]; } else { $forarr = (array)$grouppermfor[0]; } $forarr = array_combine( array_map(function($k){ return 'for_'.$k; }, array_keys($forarr)), $forarr ); if (!empty($userpermstr[0])) { $strarr = (array)$userpermstr[0]; } else { $strarr = (array)$grouppermstr[0]; } $strarr = array_combine( array_map(function($k){ return 'str_'.$k; }, array_keys($strarr)), $strarr ); if (!empty($userpermusr[0])) { $usrarr = (array)$userpermusr[0]; } else { $usrarr = (array)$grouppermusr[0]; } $usrarr = array_combine( array_map(function($k){ return 'usr_'.$k; }, array_keys($usrarr)), $usrarr ); /* if (!empty($userpermimg[0])) { $imgarr = (array)$userpermimg[0]; } else { $imgarr = (array)$grouppermimg[0]; } */ $merge = array(); $merge1 = array(); $merge2 = array(); $merge1 = array_merge($blgarr, $forarr); $merge2 = array_merge($strarr, $usrarr); $merge = array_merge($merge1, $merge2); return $merge; } else { // Page permissions. $grouppermblg = $this->objPermission->getPermissionGroup('blg', 6); // Forum permissions. $grouppermfor = $this->objPermission->getPermissionGroup('for', 6); // Store permissions. $grouppermstr = $this->objPermission->getPermissionGroup('str', 6); // User permissions. $grouppermusr = $this->objPermission->getPermissionGroup('usr', 6); // Image permissions. // $grouppermimg = $this->objPermission->getPermissionGroup('img', 6); // Since guests don't have user overwritten permissions, simply return the group permissions. (array)$grouppermblg[0] = array_combine( array_map(function($k){ return 'blg_'.$k; }, array_keys((array)$grouppermblg[0])), (array)$grouppermblg[0] ); (array)$grouppermfor[0] = array_combine( array_map(function($k){ return 'for_'.$k; }, array_keys((array)$grouppermfor[0])), (array)$grouppermfor[0] ); (array)$grouppermstr[0] = array_combine( array_map(function($k){ return 'str_'.$k; }, array_keys((array)$grouppermstr[0])), (array)$grouppermstr[0] ); (array)$grouppermusr[0] = array_combine( array_map(function($k){ return 'usr_'.$k; }, array_keys((array)$grouppermusr[0])), (array)$grouppermusr[0] ); /* (array)$grouppermimg[0] = array_combine( array_map(function($k){ return 'img_'.$k; }, array_keys((array)$grouppermimg[0])), (array)$grouppermimg[0] ); */ $merge = array(); $merge1 = array(); $merge2 = array(); $merge1 = array_merge((array)$grouppermblg[0], (array)$grouppermfor[0]); $merge2 = array_merge((array)$grouppermstr[0], (array)$grouppermusr[0]); $merge = array_merge($merge1, $merge2); return $merge; } } public function register(Request $request) { $credentials = $request->only('username', 'email', 'password'); $rules = [ 'username' => 'required|max:255|unique:users', 'email' => 'required|email|max:255|unique:users', ]; $validator = Validator::make($credentials, $rules); if($validator->fails()) { return response()->json(['success'=> false, 'error'=> $validator->messages()]); } $username = $request->username; $email = $request->email; $password = $request->password; $country = $request->country; $gender = $request->gender; User::create([ 'username' => $username, 'email' => $email, 'password' => Hash::make($password), 'country' => $country, 'gender' => $gender ]); try { // attempt to verify the credentials and create a token for the user if (!$token = JWTAuth::attempt($credentials)) { return response()->json(['success' => false, 'error' => 'We cant find an account with this credentials.'], 401); } } catch (JWTException $e) { // something went wrong whilst attempting to encode the token return response()->json(['success' => false, 'error' => 'Failed to login, please try again.'], 500); } // all good so return the token return response()->json(['success' => true, 'data'=> [ 'token' => $token ]]); } /** * API Login, on success return JWT Auth token * * @param Request $request * @return \Illuminate\Http\JsonResponse */ public function login(CookieJar $cookieJar, Request $request) { if (!empty($request)) { $checkName = DB::table('users') ->select('*') ->where('username', $request['username']) ->first( 'id', 'username', 'password', 'salt' ); $checkName = json_decode(json_encode($checkName), true); $login_ok = false; $checkPass = hash('sha256', $request->password . $checkName['salt']); for ($round = 0; $round < 65536; $round++) { $checkPass = hash('sha256', $checkPass . $checkName['salt']); } if ($checkPass === $checkName['password']) { $login_ok = true; } } if ($login_ok) { return array( 'uid' => $checkName['id'], 'username' => $checkName['username'], 'rawPassword' => $request->password, 'password' => $checkPass ); } return array(); } /** * Log out * Invalidate the token, so user cannot use it anymore * They have to relogin to get a new token * * @param Request $request */ public function logout(Request $request) { $this->validate($request, ['token' => 'required']); try { JWTAuth::invalidate($request->input('token')); return response()->json(['success' => true, 'message'=> 'You have successfully logged out.']); } catch (JWTException $e) { // something went wrong whilst attempting to encode the token return response()->json(['success' => false, 'error' => 'Failed to logout, please try again.'], 500); } } /** * API Recover Password * * @param Request $request * @return \Illuminate\Http\JsonResponse */ public function recover(Request $request) { $user = User::where('email', $request->email)->first(); if (!$user) { $error_message = "Your email address was not found."; return response()->json(['success' => false, 'error' => ['email'=> $error_message]], 401); } try { Password::sendResetLink($request->only('email'), function (Message $message) { $message->subject('Your Password Reset Link'); }); } catch (\Exception $e) { $error_message = $e->getMessage(); return response()->json(['success' => false, 'error' => $error_message], 401); } return response()->json([ 'success' => true, 'data'=> ['message'=> 'A reset email has been sent! Please check your email.'] ]); } public function checkAuth(Request $request) { $get = DB::table('users') ->select('id', 'username', 'password') ->where('username', $request->username) ->where('password', $request->password) ->first( 'id' ); $get = json_decode(json_encode($get), true); return $get; } } ?>