076server/app/Http/Controllers/UserController.php

<?php

namespace App\Http\Controllers;

use App\Models\ForUser;

use Illuminate\Support\Facades\DB;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
use Illuminate\Support\Facades\Log;
use Tymon\JWTAuth\Facades\JWTAuth;
use Tymon\JWTAuth\Exceptions\JWTException;

class UserController extends Controller {
    // User
    public function getUsers() { // /api/rpc/user/user/getusers
        return DB::table('for_users')
            ->select('*')
            ->get();
    }

    public function getUser($id) { // /api/rpc/user/user/getuser/id
        return DB::table('for_users')
            ->select(
                     'id',
                     'username',
                     'perm_id',
                     'member_title',
                     'reg_date',
                     'website_address',
                     'website_name',
                     'gender',
                     'location',
                     'birthday',
                     'bio',
                     'avatar',
                     'timezone',
                     'strikes',
                     'name_colour',
                     'display_name',
                     'yt_channel',
                     'country',
                     'curTZ', 'curDF', 'curTF', // Time and date stuff
                     'usr_per_id', 'str_per_id', // Permission stuff.
                     // TODO: hide the following stuff away from unprivileaged users.
                     'email',
                     'ip_address',
                     'strikes'
                    )
            ->where('id', $id)
            ->get();
    }

    public function getPostStyle($id) { // /api/rpc/user/user/getpoststyle/id
        return DB:: table('for_users')
            ->select('header', 'footer')
            ->where('id', $id)
            ->get();
    }

    public function getGroupColours() { // /api/rpc/user/user/getgroupcolours
        return DB::table('usr_perm_module')
            ->select(
                     'id',
                     'name',
                     'colour_m',
                     'colour_f',
                     'colour_u'
                     // 'badge' (this is a pipeline feature, please don't uncomment for now!)
                    )
            ->get();
    }

    public function isAuth(Request $request) { // /apt/rpc/user/auth/isauth
        return $request->cookie('username');
    }

    public function login(Request $request) { // /api/rpc/user/auth/login
        $getUser = DB::table('for_users')
            ->select('id', 'username', 'password', 'salt')
            ->where('username', $request->username)
            ->get();

        $login_ok = false;

        try {
            $check_password = hash('sha256', $request->password . $getUser[0]->salt);

            for ($round = 0; $round < 65536; $round++) {
                $check_password = hash('sha256', $check_password . $getUser[0]->salt);
            }

            if ($check_password === $getUser[0]->password) {
                $login_ok = true;

                $credentials = $request->only('username', $check_password); // grab credentials from the request

                try {
                    if (!$token = JWTAuth::attempt($credentials)) { // attempt to verify the credentials and create a token for the user
                        return response()->json(['error' => 'invalid_credentials'], 401);
                    }
                }
                catch (JWTException $e) {
                    return response()->json(['error' => 'could_not_create_token'], 500); // something went wrong whilst attempting to encode the token
                }

                return response()->json(['token' => "Bearer $token"]);
//return $_SERVER['HTTP_HOST'];
//                setcookie("username", $_POST['username'], time()+3600*24*30*72, "/", $_SERVER['HTTP_HOST'], false, true);
//                setcookie("password", $check_password, time()+3600*24*30*72, "/", $_SERVER['HTTP_HOST'], false, true);
                    //$cookieU = $request->cookie('username', $request->username, time()+3600*24*30*72);
                    //$cookieP = $request->cookie('password', $check_password, time()+3600*24*30*72);

//dd($cookieP);
//dd($request);
                //dd($cookie->name));
                //return response('')
                    //->cookie('username', $cookieU)
                    //->cookie('password', $cookieP);
            }

            return "bad";
        }
        catch (Exception $e) {
            return $e->getMessage();
        }
    }

    public function register(Request $request) { // /api/rpc/user/auth/register
        return;
    }

    public function logout(Request $request) { // /api/rpc/user/auth/logout
        return;
    }

    // public function passwordReset() {}
    // public function confirmReset() {}

    // Owner
    public function countOwnersOfEntry($file_id) { // /api/rpc/user/owner/countownersofentry/id
        return DB::table('str_owners')
            ->where('file_id', $file_id)
            ->count();
    }

    public function getOwnersOfEntry($file_id) { // /api/rpc/user/owner/getownersofentry/id
        return DB::table('str_owners')
            ->join('str_file', 'str_owners.file_id', '=', 'str_file.id')
            ->join('for_users', 'str_owners.user_id', '=', 'for_users.id')
            ->where('file_id', $file_id)
            ->get(array(
                "user_id",
                "title",
                "version",
                "views",
                "downloads",
                "submit_date",
                "last_date",
                "username",
                "avatar",
                "perm_id",
                "gender",
                "display_name",
                "name_colour",
            ));
    }

    public function countEntriesOfOwner($user_id) { // /api/rpc/user/owner/countentriesofowner/id
        return DB::table('str_owners')
            ->where('user_id', $user_id)
            ->count();
    }


    public function getEntriesOfOwner($user_id) { // /api/rpc/user/owner/getentriesofowner/id
        return DB::table('str_owners')
            ->join('str_file', 'str_owners.file_id', '=', 'str_file.id')
            ->join('for_users', 'str_owners.user_id', '=', 'for_users.id')
            ->where('user_id', $user_id)
            ->get(array(
                "user_id",
                "title",
                "version",
                "views",
                "downloads",
                "submit_date",
                "last_date",
                "username",
                "avatar",
                "perm_id",
                "gender",
                "display_name",
                "name_colour",
            ));
    }
}