suwako
/
076server
アーカイブ
1
0
フォーク 0
コード イシュー プルリクエスト プロジェクト リリース Wiki アクティビティ
このリポジトリは2023-09-09にアーカイブされています。 ファイルの閲覧とクローンは可能ですが、プッシュ、イシューの作成、プルリクエストはできません。
076server/app/Http/Controllers/AuthController.php

414 行
13 KiB
PHP
Raw Blame 履歴

<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Contracts\Routing\ResponseFactory;
use App\User;
use Validator;
use DB, Hash, Mail, Illuminate\Support\Facades\Password;
use App\Http\Controllers\PermissionController;
use Illuminate\Support\Facades\Log;
class AuthController extends Controller {
private $objPermission;
public function __construct() {
$this->objPermission = new PermissionController();
}
public function checkLegit($u, $p) {
if (!isset($u) || !isset($p)) {
return 0;
}
$check = DB::table('users')
->select('id')
->where('username', $u)
->where('password', $p)
->first(
'id'
);
return $check->id;
}
public function getPermissions($user, $pass) {
$check = $this->checkLegit($user, $pass);
$perm = DB::table('usr_perm_id')
->select('perm_id')
->where('user_id', $check)
->first(
'perm_id'
);
$perm = json_decode(json_encode($perm), true);
// Does the user ID exist? Grand the appropriate rights. Otherwise, use guest.
if ($check != 0) {
// Page permissions.
$grouppermblg = $this->objPermission->getPermissionGroup('blg', $perm['perm_id']);
$userpermblg = $this->objPermission->getPermissionUser('blg', $check);
// Board permissions.
$grouppermfor = $this->objPermission->getPermissionGroup('for', $perm['perm_id']);
$userpermfor = $this->objPermission->getPermissionUser('for', $check);
// Store permissions.
$grouppermstr = $this->objPermission->getPermissionGroup('str', $perm['perm_id']);
$userpermstr = $this->objPermission->getPermissionUser('str', $check);
// User permissions.
$grouppermusr = $this->objPermission->getPermissionGroup('usr', $perm['perm_id']);
$userpermusr = $this->objPermission->getPermissionUser('usr', $check);
// Image permissions.
// $grouppermimg = $this->objPermission->getPermissionGroup('img', $perm['perm_id']);
// $userpermimg = $this->objPermission->getPermissionUser('img', $check);
// Now provide an array of user overwritten permissions if it exists. Otherwise, give its group permissions.
$blgarr = array();
$forarr = array();
$strarr = array();
$usrarr = array();
// $imgarr = array();
if (!empty($userpermblg[0])) {
$blgarr = (array)$userpermblg[0];
}
else {
$blgarr = (array)$grouppermblg[0];
}
$blgarr = array_combine(
array_map(function($k){ return 'blg_'.$k; }, array_keys($blgarr)),
$blgarr
);
if (!empty($userpermfor[0])) {
$forarr = (array)$userpermfor[0];
}
else {
$forarr = (array)$grouppermfor[0];
}
$forarr = array_combine(
array_map(function($k){ return 'for_'.$k; }, array_keys($forarr)),
$forarr
);
if (!empty($userpermstr[0])) {
$strarr = (array)$userpermstr[0];
}
else {
$strarr = (array)$grouppermstr[0];
}
$strarr = array_combine(
array_map(function($k){ return 'str_'.$k; }, array_keys($strarr)),
$strarr
);
if (!empty($userpermusr[0])) {
$usrarr = (array)$userpermusr[0];
}
else {
$usrarr = (array)$grouppermusr[0];
}
$usrarr = array_combine(
array_map(function($k){ return 'usr_'.$k; }, array_keys($usrarr)),
$usrarr
);
/* if (!empty($userpermimg[0])) {
$imgarr = (array)$userpermimg[0];
}
else {
$imgarr = (array)$grouppermimg[0];
} */
$merge = array();
$merge1 = array();
$merge2 = array();
$merge1 = array_merge($blgarr, $forarr);
$merge2 = array_merge($strarr, $usrarr);
$merge = array_merge($merge1, $merge2);
return $merge;
}
else {
// Page permissions.
$grouppermblg = $this->objPermission->getPermissionGroup('blg', 6);
// Forum permissions.
$grouppermfor = $this->objPermission->getPermissionGroup('for', 6);
// Store permissions.
$grouppermstr = $this->objPermission->getPermissionGroup('str', 6);
// User permissions.
$grouppermusr = $this->objPermission->getPermissionGroup('usr', 6);
// Image permissions.
// $grouppermimg = $this->objPermission->getPermissionGroup('img', 6);
// Since guests don't have user overwritten permissions, simply return the group permissions.
(array)$grouppermblg[0] = array_combine(
array_map(function($k){ return 'blg_'.$k; }, array_keys((array)$grouppermblg[0])),
(array)$grouppermblg[0]
);
(array)$grouppermfor[0] = array_combine(
array_map(function($k){ return 'for_'.$k; }, array_keys((array)$grouppermfor[0])),
(array)$grouppermfor[0]
);
(array)$grouppermstr[0] = array_combine(
array_map(function($k){ return 'str_'.$k; }, array_keys((array)$grouppermstr[0])),
(array)$grouppermstr[0]
);
(array)$grouppermusr[0] = array_combine(
array_map(function($k){ return 'usr_'.$k; }, array_keys((array)$grouppermusr[0])),
(array)$grouppermusr[0]
);
/* (array)$grouppermimg[0] = array_combine(
array_map(function($k){ return 'img_'.$k; }, array_keys((array)$grouppermimg[0])),
(array)$grouppermimg[0]
); */
$merge = array();
$merge1 = array();
$merge2 = array();
$merge1 = array_merge((array)$grouppermblg[0], (array)$grouppermfor[0]);
$merge2 = array_merge((array)$grouppermstr[0], (array)$grouppermusr[0]);
$merge = array_merge($merge1, $merge2);
return $merge;
}
}
public function register(Request $request) {
$ip = $_SERVER['REMOTE_ADDR'];
// Anti-spam here.
if (!empty($request)) {
// Check username.
//// Exists?
$existUser = DB::table('users')
->select('id')
->where('username', $request->username)
->first();
if ($existUser != 0) {
return array('Username already exists.');
}
//// Empty?
if (empty($request->username)) {
return array('Username is empty.');
}
//// Valid?
if (preg_match("/^[a-zA-Z0-9]+$/", $request->username) == 0) {
return array('Please use English characters only.');
}
// Check password.
//// Empty?
if (empty($request->password)) {
return array('Password is empty.');
}
// Check email.
//// Exists?
$existEmail = DB::table('users')
->select('id')
->where('email', $request->email)
->first();
if ($existEmail != 0) {
return array('Email already exists');
}
//// Empty?
if (empty($request->email)) {
return array('Email is empty.');
}
//// Valid?
if (!filter_var($request->email, FILTER_VALIDATE_EMAIL)) {
return array('Email is invalid.');
}
$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
$passwd = hash('sha256', $request->password . $salt);
for ($round = 0; $round < 65536; $round++) {
$passwd = hash('sha256', $passwd . $salt);
}
$addUser = DB::table('users')
->insertGetId([
'username' => $request->username,
'email' => $request->email,
'password' => $passwd,
'salt' => $salt,
'remember_token' => ''
]);
DB::table('usr_details')
->insert([
'user_id' => $addUser,
'total_posts' => 0,
'total_threads' => 0,
'reg_date' => time(),
'last_post_date' => 0,
'last_post_location' => 0,
'ontime' => 0,
'strikes' => 0
]);
DB::table('usr_contacts')
->insert([
'user_id' => $addUser,
'website_link' => '',
'website_name' => '',
'youtube_link' => '',
'youtube_name' => '',
'niconico' => '',
'pixiv' => '',
'discord' => '',
'mastodon' => '',
'twitter' => ''
]);
DB::table('usr_profile')
->insert([
'user_id' => $addUser,
'gender' => $request->gender,
'member_title' => '',
'website_address' => '',
'website_name' => '',
'location' => '',
'birthday' => 0,
'bio' => '',
'ip_address' => $ip,
'avatar' => '',
'ostatus' => 0,
'header' => '',
'footer' => '',
'post_style' => '',
'signature' => '',
'name_style' => '',
'display_name' => '',
'yt_channel' => '',
'country' => $request->country,
'date_format' => '',
'isClock24' => 0,
'isShowSeconds' => 0,
'isShowTimezone' => 0
]);
DB::table('usr_perm_id')
->insert([
'user_id' => $addUser,
'perm_id' => 4,
'usr_per_id' => 4,
'blg_per_id' => 4,
'for_per_id' => 4,
'sbx_per_id' => 4,
'str_per_id' => 4,
'doc_per_id' => 4,
'odb_per_id' => 4
]);
return array('1');
}
return array();
}
public function login(Request $request) {
if (!empty($request)) {
$checkName = DB::table('users')
->select('*')
->where('username', $request['username'])
->first(
'id',
'username',
'password',
'salt'
);
$checkName = json_decode(json_encode($checkName), true);
$login_ok = false;
$checkPass = hash('sha256', $request->password . $checkName['salt']);
for ($round = 0; $round < 65536; $round++) {
$checkPass = hash('sha256', $checkPass . $checkName['salt']);
}
if ($checkPass === $checkName['password']) {
$login_ok = true;
}
}
if ($login_ok) {
return array(
'uid' => $checkName['id'],
'username' => $checkName['username'],
'rawPassword' => $request->password,
'password' => $checkPass
);
}
return array();
}
public function recover(Request $request) {
$user = User::where('email', $request->email)->first();
if (!$user) {
$error_message = "Your email address was not found.";
return response()->json(['success' => false, 'error' => ['email'=> $error_message]], 401);
}
try {
Password::sendResetLink($request->only('email'), function (Message $message) {
$message->subject('Your Password Reset Link');
});
} catch (\Exception $e) {
$error_message = $e->getMessage();
return response()->json(['success' => false, 'error' => $error_message], 401);
}
return response()->json([
'success' => true, 'data'=> ['message'=> 'A reset email has been sent! Please check your email.']
]);
}
public function checkAuth(Request $request) {
$get = DB::table('users')
->select('id', 'username', 'password')
->where('username', $request->username)
->where('password', $request->password)
->first(
'id'
);
$get = json_decode(json_encode($get), true);
return $get;
}
}
新しいイシューから参照 Git Blameを表示 パーマリンクをコピー