/**
* Register action.
*
* @return $this|\Illuminate\Http\RedirectResponse
*/
public function register()
{
$validator = $this->getRegistrationValidator();
if ($validator->passes()) {
//only allow users to register who actually have a valid ldap account
if ($this->isLdap) {
$creds = $this->getLoginCredentials();
$creds['isRegister'] = true;
if (!Auth::validate($creds)) {
return Redirect::back()->withInput()->withErrors(["password" => [Lang::get('messages.invalid_credentials')]]);
}
}
//if we are using ldap and auto registration, the user will have been created in the Auth::attemp call above
//thus, we need to just load the user using eloquent and not create a new one.
if ($this->isLdap && Config::get('ldap.autoRegister')) {
$user = User::query()->where('username', Input::get('username'))->first();
} else {
$user = $this->userRegistrator->registerUser(Input::except('_token', 'password_confirmation', 'ui_language'), Input::get('ui_language'));
}
if ($user) {
Auth::login($user);
Session::put('ui_language', Input::get('ui_language'));
return Redirect::route("/");
}
return Redirect::back()->withErrors(["password" => [Lang::get('messages.account_creation_failed')]]);
} else {
return Redirect::back()->withInput()->withErrors($validator);
}
}
public function doLogin()
{
$rules = array('username' => 'required', 'password' => 'required');
$validator = Validator::make(Input::all(), $rules);
if ($validator->passes()) {
$userdata = array('username' => Input::get('username'), 'password' => Input::get('password'));
// attempt to do the login
if (Auth::validate($userdata)) {
if (Auth::attempt($userdata)) {
// validation successful!
// redirect them to the secure section or whatever
// return Redirect::to('secure');
// for now we'll just echo success (even though echoing in a controller is bad)
return Redirect::to('admin');
} else {
echo "gagal login";
// validation not successful, send back to form
//return Redirect::to('login');
}
} else {
echo "gagal validasi";
}
} else {
//echo 'gagal validasi';
return Redirect::to('login')->withErrors($validator)->withInput();
}
}
public function changepwd()
{
$error = '';
if (Request::isMethod('post')) {
$oldpwd = trim(Input::get('oldpwd'));
$newpwd = trim(Input::get('newpwd'));
$repwd = trim(Input::get('repwd'));
$project_ids = Input::get('project', array());
if (!$oldpwd || !$newpwd) {
$error = '信息填写不完整';
} else {
if (!Auth::validate(array('username' => Auth::user()->username, 'password' => $oldpwd))) {
$error = '旧密码不正确';
} else {
if ($newpwd != $repwd) {
$error = '2次输入的新密码不一致!';
}
}
}
if (!$error) {
Auth::user()->password = Hash::make($newpwd);
Auth::user()->save();
return Redirect::action('ProjectsController@allProjects');
}
}
return View::make('users/pwd', array('error' => $error));
}
public function postLogin()
{
$input = Input::all();
$attempt = Auth::attempt(array('email' => $input['email'], 'password' => $input['password'], 'confirmed' => 1));
if ($attempt) {
if (Request::ajax()) {
return Response::json(array('user' => Auth::user()));
} else {
return Redirect::intended('home');
}
} else {
//Attempt again without checking 'confirmed'
$attempt = Auth::validate(array('email' => $input['email'], 'password' => $input['password']));
if ($attempt) {
//Credentials are correct. but email not verified
$error = __('emailNotConfirmedYet');
$emailNotConfirmed = true;
} else {
$error = __('emailOrPasswordIncorrect');
}
if (Request::ajax()) {
return Response::json(array('error' => $error, 'emailNotConfirmed' => !empty($emailNotConfirmed) ? true : false), 400);
} else {
return Redirect::to(route('login'))->with('login:errors', [$error])->withInput();
}
}
}
/**
* Store a newly created resource in storage.
*
* @return Response
*/
public function store()
{
$response = new stdClass();
$statusCode = 201;
$in = Input::only('uuidx', 'email');
$rules = array('uuidx' => 'required | alpha_dash', 'email' => 'required | email | unique:users');
$vd = Validator::make($in, $rules);
if ($vd->fails()) {
$errs = $vd->messages();
if ($errs->has('email')) {
$credentials['email'] = $in['email'];
$credentials['password'] = $in['uuidx'];
if (Auth::validate($credentials)) {
$statusCode = 200;
$response = Auth::user();
} else {
$statusCode = 403;
$response = $errs->all();
}
} else {
$statusCode = 400;
$response = $errs->all();
}
} else {
mt_srand(crc32(microtime()));
$in['uuidx'] = Hash::make($in['uuidx']);
$in['seed'] = mt_rand();
$response = User::create($in);
}
return Response::json($response, $statusCode);
}
public function store()
{
// get inputs from the api
$username = Request::get('username');
$password = Request::get('password');
// determine whether username or email
$identifier = filter_var(Input::get('email'), FILTER_VALIDATE_EMAIL) ? 'email' : 'username';
$credentials = array($identifier => $username, 'password' => $password);
// check if creds are valid
if (Auth::validate($credentials)) {
// get the relevant user
$user = \User::where($identifier, '=', $username)->first();
// build the groups array and then loop through the collection to turn it into an array
// unserialising permissions as we go
$user_groups = array();
foreach (\Auth::getUserGroups($user) as $index => $group) {
$group['permissions'] = unserialize($group['permissions']);
array_push($user_groups, $group->toArray());
}
// return user and group info
return Response::json(array('error' => false, 'user' => $user->toArray(), 'groups' => $user_groups), 200);
} else {
// if validation fails, respond
return Response::json(array('error' => true, 'message' => 'user authentication failed'), 401);
}
}
public function postLogin()
{
$input = Input::all();
$rules = array('email' => 'required', 'password' => 'required');
$v = Validator::make($input, $rules);
if ($v->fails()) {
return Redirect::to('login')->withErrors($v);
} else {
$credentials = array('email' => $input['email'], 'password' => $input['password']);
//Check ob Logindaten korrekt
if (Auth::validate($credentials)) {
//Wenn Logindaten korrekt: Check ob Konto aktiviert
$credentials = array('email' => $input['email'], 'password' => $input['password'], 'confirmed' => 1);
if (Auth::validate($credentials)) {
//Falls Logindaten korrekt und Konto aktiviert: User Einloggen
Auth::attempt($credentials);
//Daten aus SAP ziehen
$pispdm = array('ROLLFKT' => 'INST', 'PARTID' => '10000', 'TITLE' => '', 'NAME1' => '', 'NAME2' => '', 'POSTCODE1' => '', 'CITY1' => '', 'CITY2' => '', 'STREET' => '', 'HOUSENUM1' => '', 'TELNUMBER1' => '', 'MOBNUMBER1' => '', 'SMTPADDR' => '', 'ZULNR' => '', 'ZUDATB' => '', 'ZUERNA' => '', 'INSTBART' => '', 'FKTITLE' => '', 'FKNAM' => '', 'FKVNM' => '');
$params = array('PI_ACTVT' => '03', 'PI_ASART' => 'IAB1', 'PI_S_PD_M' => $pispdm);
//$sapresult = App::make('SoapSapController')->callWebserviceRead($params);
//Session::put('sapdata', $sapresult);
return Redirect::to('/');
} else {
//Falls Logindaten korrekt aber Konto nicht aktiviert:
//Redirekt auf Verify Seite mit Option, sich die VerifyMail nochmal schicken zu lassen
$user = User::findByEmailOrFail($input['email']);
$toMail = array('email' => $user->email, 'username' => $user->username, 'confirmation_code' => $user->confirmation_code, 'login' => true);
return View::make('home.verify')->with('toMail', $toMail);
}
} else {
//Falls Logindaten falsch
return Redirect::to('login')->withErrors(['credentials' => 'Benutzername oder Passwort ungültig.']);
}
}
}
public function postIndex()
{
if (Input::has('changepw')) {
$rules = array('oldPass' => 'required', 'newPass1' => 'required|min:8', 'newPass2' => 'required|min:8|same:newPass1');
$input = Input::all();
$validator = Validator::make($input, $rules);
if ($validator->fails()) {
return Redirect::to('/account')->withErrors($validator);
}
$user = Auth::user();
if (!Auth::validate(array('name' => $user->name, 'password' => $input['oldPass']))) {
return Redirect::to('/account')->withErrors(array('message' => 'You have entered a wrong password.'));
}
$user->password = Hash::make($input['newPass2']);
$user->save();
return Redirect::to('/account');
} elseif (Input::has('removeacc')) {
$rules = array('remPass' => 'required|min:8');
$input = Input::all();
$validator = Validator::make($input, $rules);
if ($validator->fails()) {
return Redirect::to('/account')->withErrors($validator);
}
$user = Auth::user();
if (!Auth::validate(array('name' => $user->name, 'password' => $input['oldPass']))) {
return Redirect::to('/account')->withErrors(array('message' => 'You have entered a wrong password.'));
}
$user->delete();
Auth::logout();
return Redirect::to('/');
}
}
/**
* Validacao: checkpass.
*
* @param $attribute
* @param $value
* @param $parameters
*
* @return int
*/
public function checkpass($attribute, $value, $parameters)
{
if (\Auth::check() != true) {
return false;
}
// Validar
$user = \Auth::user();
$credentials = ['email' => $user->email, 'password' => $value];
return \Auth::validate($credentials);
}
public function updateSettings()
{
$user = Auth::user();
$validation = Validator::make(Input::all(), array('old_password' => 'required', 'password' => 'required|min:6|confirmed', 'password_confirmation' => 'required|min:6'));
if ($validation->fails()) {
return Redirect::route('settings')->withErrors($validation);
}
$authParams = array('email' => $user->email, 'password' => Input::get('old_password'));
if (Auth::validate($authParams)) {
$user->password = Hash::make(Input::get('password'));
return Redirect::route('settings')->with('success', 'Password is successfully changed');
} else {
return Redirect::route('settings')->with('error', 'Current password is incorrect');
}
}
public function postChangePassword()
{
$user = \Auth::User();
$validation = new Validators\SeatUserPasswordValidator();
if ($validation->passes()) {
if (Auth::validate(array('email' => Auth::User()->email, 'password' => Input::get('oldPassword')))) {
$user->password = \Hash::make(Input::get('newPassword_confirmation'));
$user->save();
return Redirect::action('ProfileController@getView')->with('success', 'Your password has successfully been changed.');
} else {
return Redirect::action('ProfileController@getView')->withInput()->withErrors('Your current password did not match.');
}
} else {
return Redirect::action('ProfileController@getView')->withInput()->withErrors($validation->errors);
}
}
public function doChangePassword()
{
$password = Input::get('password');
$newpassword = Input::get('newpassword');
$confirm = Input::get('confirm');
$user = Auth::user();
$credentials = ['username' => Auth::user()->username, 'password' => $password];
if (!Auth::validate($credentials)) {
return Redirect::to('profile/edit')->with('error', 'Invalid password')->with('model', $user);
}
if ($newpassword != $confirm) {
return Redirect::to('profile/edit')->with('error', 'Your new password and confirmation are different')->with('model', $user);
}
$user->password = Hash::make($newpassword);
$user->save();
return Redirect::to('profile/edit')->with('model', $user)->with('message', 'Password updated successfully');
}
public function testUserLogin()
{
$user = new User();
$user->username = '******';
$user->password = Hash::make('admin');
$user->email = '*****@*****.**';
$this->assertTrue($user->save());
print "\nID do usuário criado :::: {$user->id} : {$user->username} : {$user->password} ::";
// assert the user is not loggedin
$this->assertFalse(Auth::check());
$user_find = User::find($user->id);
$this->assertTrue($user_find->id == 1);
// melhorar
$this->assertTrue(Hash::check('admin', $user_find->password));
$this->assertTrue(Auth::validate(array('username' => $user->username, 'password' => 'admin')));
$this->assertTrue(Auth::attempt());
// if attempt returns true the user is auth
}
public function checkLogin()
{
$username = \Input::get('username');
$password = \Input::get('password');
$validator = new Validate();
$validated = $validator->validateCreds();
$attempt = \Auth::attempt(array('username' => $username, 'password' => $password));
$menu_items = \MenuItem::all();
$categories = \MenuCategory::all();
if ($validated->passes()) {
if (!\Auth::validate(array('username' => $username, 'password' => $password))) {
return \View::make('accounts.login')->withErrors($validated)->withInput(\Input::only('username'))->with('message', '<p class="alert alert-dismissible alert-danger">Invalid username or password</p>');
}
if ($attempt === true) {
return \View::make('admin.dashboard')->with('menu_items', $menu_items)->with('categories', $categories);
}
}
return \View::make('accounts.login')->withErrors($validated)->withInput(\Input::only('username'));
}
public function Login()
{
$data = Input::all();
$rules = array('username' => 'required|username', 'password' => 'required|min:6');
$validator = Validator::make($data, $rules);
if ($validator->fails()) {
return Redirect::to('/login')->withInput(Input::except('password'))->withErrors($validator);
} else {
$userdata = array('email' => Input::get('email'), 'password' => Input::get('password'));
if (Auth::validate($userdata)) {
if (Auth::attempt($userdata)) {
return Redirect::intended('/');
}
} else {
Session::flash('error', 'Something went wrong');
return Redirect::to('login');
}
}
}
/**
* Register action.
*
* @return $this|\Illuminate\Http\RedirectResponse
*/
public function register()
{
$validator = $this->getRegistrationValidator();
if ($validator->passes()) {
//only allow users to register who actually have a valid ldap account
if ($this->isLdap) {
$creds = $this->getLoginCredentials();
$creds['isRegister'] = true;
if (!Auth::validate($creds)) {
return Redirect::back()->withInput()->withErrors(["password" => [Lang::get('messages.invalid_credentials')]]);
}
}
//if we are using ldap and auto registration, the user will have been created in the Auth::attemp call above
//thus, we need to just load the user using eloquent and not create a new one.
if ($this->isLdap && Config::get('ldap.autoRegister')) {
$user = User::query()->where('username', Input::get('username'))->first();
} else {
$user = $this->userRegistrator->registerUser(Input::except('_token', 'password_confirmation', 'ui_language'), Input::get('ui_language'));
}
if ($user && !Request::ajax()) {
Auth::login($user);
Session::put('ui_language', Input::get('ui_language'));
return Redirect::route("/");
} else {
if ($user) {
return PaperworkHelpers::apiResponse(PaperworkHelpers::STATUS_SUCCESS, array());
}
}
if (!Request::ajax()) {
return Redirect::back()->withErrors(["password" => [Lang::get('messages.account_creation_failed')]]);
} else {
return Response::json(array('html' => View::make('partials/registration-form', array('password' => Lang::get('messages.account_creation_failed'))), 'input' => Input::all()), 400);
}
} else {
if (!Request::ajax()) {
return Redirect::back()->withInput()->withErrors($validator);
} else {
return Response::json(array('html' => View::make('partials/registration-form')->withErrors($validator)->render(), 'input' => Input::all()), 400);
}
}
}
public function postChangePassword()
{
$current_password = Input::get('current_password', '');
$password = Input::get('password', '');
$password_confirmation = Input::get('password_confirmation', '');
if ($password == $password_confirmation) {
if (Auth::validate(['email' => Auth::user()->email, 'password' => $current_password])) {
$user = \Cashout\Models\User::find(Auth::user()->id);
$user->password = Hash::make($password);
$user->save();
Session::flash('success_msg', 'Password changed successfully');
return Redirect::back();
} else {
Session::flash('error_msg', 'Invalid password entered');
return Redirect::back();
}
} else {
Session::flash('error_msg', 'New Password and Confirm Password should be same');
return Redirect::back();
}
}
/**
* 动作:登录
* @return Response
*/
public function postSignin()
{
// 凭证
$credentials = array('email' => Input::get('email'), 'password' => Input::get('password'));
// 是否记住登录状态
$remember = Input::get('remember-me', 0);
// 验证登录
if (Auth::validate($credentials)) {
// 验证成功,确认是否已经激活
$user = Auth::getLastAttempted();
if (is_null($user->activated_at)) {
// 未激活,跳回
return Redirect::back()->withInput()->withErrors(array('attempt' => '“邮箱”未激活,请打开您邮箱中的激活邮件,完成激活操作。'));
}
// 已激活,手动登录,跳回之前被拦截的页面
Auth::login($user, $remember);
return Redirect::intended();
} else {
// 登录失败,跳回
return Redirect::back()->withInput()->withErrors(array('attempt' => '“邮箱”或“密码”错误,请重新登录。'));
}
}
public function postEditAccount()
{
$data = Input::all();
$rules = array('email' => 'email', 'about' => 'max:1024', 'newpassword' => 'confirmed|min:8', 'password' => 'required');
if (Auth::validate(array('username' => Auth::User()->username, 'password' => Input::get('password')))) {
$messages = array('newpassword.min' => 'Your new password must be at least :min characters', 'newpassword.confirmed' => 'Your new passwords do not match');
$validator = Validator::make($data, $rules, $messages);
if ($validator->passes()) {
$user = Auth::User();
if (Input::has('email')) {
$user->email = Input::get('email');
}
if (Input::has('newpassword')) {
$user->password = Hash::make(Input::get('newpassword'));
}
$user->save();
return Redirect::to('/');
}
} else {
return Redirect::route('user.dashboard.account')->withErrors(array('invalidpassword' => 'Invalid old password'));
}
return Redirect::route('user.dashboard.account')->withErrors($validator);
}
public function validate()
{
$rules = array('username' => 'required|alpha_num|exists:users,username', 'password' => 'required|min:3');
$validator = \Validator::make($this->input(), $rules);
if ($validator->passes()) {
$username = $this->input('username');
$password = $this->input('password');
if (!\Auth::validate(array('username' => $username, 'password' => $password))) {
$this->error(['password' => 'Your password is incorrect.']);
} else {
$user = \User::whereUsername($username)->first(['_id']);
if ($user->banned != null) {
$this->error(['global' => 'Your account has been suspended. If you believe this is a mistake, please contact support.']);
} else {
if ($user->activation != null) {
$this->error(['global' => 'You must click the activation link in the email we sent you.']);
}
}
}
} else {
$this->error($validator);
}
}
function render()
{
$render = new Render($this->db);
// Check our authorization
$auth = new Auth($this->db);
// If we've been posted a password and it's wrong
if (isset($_POST['user']) && isset($_POST['pass']) && !$auth->validate($_POST['user'], $_POST['pass'])) {
// TODO: Use a real error handler instead of this
header('HTTP/1.1 403 Forbidden');
$render->assign('title', 'There was an error');
$render->assign('reason', "I'm sorry, the password you entered is incorrect");
$render->display('auth_fail.tpl');
return;
}
// Otherwise we need to check to see if the user has already logged in or not
if (!$this->auth->check()) {
header('HTTP/1.1 403 Not Found');
$render->assign('title', 'There was an error');
$render->assign('reason', 'You need to login to perform this operation.');
$render->display('auth_fail.tpl');
return;
}
if (empty($_REQUEST['op'])) {
$op = 'main';
} else {
$op = $_REQUEST['op'];
}
if (method_exists($this, $op)) {
$this->{$op}($render);
} else {
header('HTTP/1.1 404 Not Found');
$render->assign('title', 'There was an error');
$render->assign('reason', 'The page you are looking for does not seem to exist.');
$render->display('auth_fail.tpl');
return;
}
}
public function login()
{
$rules = ['email' => 'required|exists:users', 'password' => 'required'];
$input = Input::only('email', 'password');
$validator = Validator::make($input, $rules);
if ($validator->fails()) {
//dd($input);
return Redirect::back()->withInput()->with($validator);
}
$credentials = ['email' => Input::get('email'), 'password' => Input::get('password')];
// check if user is authentic
$valid = Auth::validate($credentials);
if (!$valid) {
//dd($input);
return Redirect::back()->withInput()->with(['message' => 'We were unable to sign you in. Incorrect email/password combination!']);
}
// user is valid, lets check a few things
$user = User::where('email', '=', Input::get('email'))->first();
$user_id = $user->id;
$get_user_id = Userconfirmation::where('user_id', '=', $user_id)->first();
$user_confirm = $get_user_id->confirmed;
// check if user has confirmed their account
if ($user_confirm != 1) {
return Redirect::back()->withInput()->with(['message' => 'You must confirm your account before you can use your dashboard.']);
}
// Store your session variables
Session::put('pb_user_name', $user->name);
Session::put('pb_user_email', Input::get('email'));
// incase you decide to use 'Remember me?' checkbox on login
$remember = Input::get('remember');
// login the user
Auth::login($user, $remember);
// redirect to the page they were trying to view, or redirect to index
return Redirect::intended('dashboard');
// Use this if you want to redirect to a named route instead
// return Redirect::intended(route('home'));
}
public function login()
{
// Getting all post data
$data = Input::all();
// Applying validation rules.
$rules = array('email' => 'required|email', 'password' => 'required|min:6');
$validator = Validator::make($data, $rules);
if ($validator->fails()) {
// If validation falis redirect back to login.
return Redirect::to('login')->withInput(Input::except('password'))->withErrors($validator);
} else {
$userdata = array('email' => Input::get('email'), 'password' => Input::get('password'));
// doing login.
if (Auth::validate($userdata)) {
if (Auth::attempt($userdata)) {
return Redirect::intended('/');
}
} else {
// if any error send back with message.
Session::flash('error', 'Something went wrong');
return Redirect::to('login');
}
}
}
<?php
return ['database' => 'default', 'grant_types' => ['password' => ['class' => '\\League\\OAuth2\\Server\\Grant\\PasswordGrant', 'callback' => function ($username, $password) {
if (Auth::validate(['email' => $username, 'password' => $password])) {
$user = \Caravel\User::where('email', $username)->first();
return $user->id;
} else {
return false;
}
}, 'access_token_ttl' => 3600]], 'token_type' => 'League\\OAuth2\\Server\\TokenType\\Bearer', 'state_param' => false, 'scope_param' => false, 'scope_delimiter' => ',', 'default_scope' => null, 'access_token_ttl' => 3600, 'limit_clients_to_grants' => false, 'limit_clients_to_scopes' => false, 'limit_scopes_to_grants' => false, 'http_headers_only' => false];
function admin_login()
{
// Getting all post data
$data = Input::all();
Auth::logout();
// Applying validation rules.
$rules = array('username' => 'required', 'password' => 'required|min:5');
$validator = Validator::make($data, $rules);
if ($validator->fails()) {
// If validation falis redirect back to login.
return Redirect::to('/admin_login')->withInput(Input::except('password'))->withErrors($validator);
} else {
$userdata = array('username' => Input::get('username'), 'password' => Input::get('password'), 'role' => '0');
// doing login.
if (Auth::validate($userdata)) {
if (Auth::attempt($userdata)) {
$username = Auth::user()->username;
Session::put('username', $username);
Session::put('user', Auth::user()->name);
return Redirect::intended('/get_search');
}
} else {
// if any error send back with message.
Session::flash('error', 'Wrong Username/Password ');
return Redirect::to('admin_login');
}
}
}
public function postAuthMobile()
{
if (Auth::validate(Input::all())) {
return ['status' => true, 'user' => User::where('email', Input::get('email'))->first()];
} else {
return ['status' => false, 'message' => 'Wrong credentials'];
}
}
public function postPassword()
{
$input = Input::all();
$user = array('username' => Auth::user()->username, 'password' => $input['old_password']);
/**
* Validate the user details to check old password
*/
if (!Auth::validate($user)) {
return Redirect::to('/password')->with('message', "Incorrect Password");
}
//Validation Rules
$password_rules = array('password' => 'required|between:7,50|confirmed|case_diff|numbers|letters', 'password_confirmation' => 'required|between:7,50');
$validator = Validator::make($input, $password_rules);
if ($validator->fails()) {
return Redirect::to('/password')->with('message', implode("<br/>", $validator->messages()->get('password')));
}
//Everything Good. Change the password
$password = array('password' => Hash::make($input['password']));
$result = Auth::user()->update($password);
return Redirect::to('/password')->with('message', "Password Changed Successfully");
}
public function passwordChange()
{
$oldPassword = Input::get('old_password');
$newPassword = Input::get('new_password');
if (!empty($oldPassword) && !empty($newPassword)) {
$userId = Authorizer::getResourceOwnerId();
$user = User::find($userId);
if (!empty($user)) {
if (\Auth::validate(['email' => $user->email, 'password' => $oldPassword])) {
$user->password = \Hash::make($newPassword);
$user->save();
return Response::json("OK", 200);
}
}
}
return Response::json("Error", 400);
}
$data = $_POST['data'];
$fileName = $_POST['fileName'];
$serverFile = time() . $fileName;
$fp = fopen('/uploads/' . $serverFile, 'w');
//Prepends timestamp to prevent overwriting
fwrite($fp, $data);
fclose($fp);
$returnData = array("serverFile" => $serverFile);
return View::make('admin');
})->before('auth');
Route::post('/changePw', function () {
$oldPW = Input::get("oldPW");
$newPW1 = Input::get("newPW1");
$newPW2 = Input::get("newPW2");
$name = Auth::user()->username;
if (Auth::validate(array('username' => $name, 'password' => $oldPW))) {
if (strlen($newPW1) < 4) {
return Redirect::intended('profile')->with('status', 'error')->with('message', 'Das Passwort muss mindestens 4 Zeichen lang sein');
}
if (strcmp($newPW1, $newPW2) == 0) {
$user = User::find(Auth::user()->id);
$user->password = Hash::make($newPW1);
$user->save();
return Redirect::intended('profile')->with('status', 'success')->with('message', 'Das Passwort wurde erfolgreich geändert');
} else {
return Redirect::intended('profile')->with('status', 'error')->with('message', 'Die eingegebenen Passwörter stimmen nicht überein');
}
} else {
return Redirect::intended('profile')->with('status', 'error')->with('message', 'Das eingegebene Passwort stimmt nicht');
}
})->before('auth');
public function getFetchUserKey($username, $password, $hmac)
{
// all bancho input should be HMAC'd to be sure it's coming from bancho
$check = hash_hmac('sha512', $username . $password, Config::get('osu.bancho.hmac'));
if ($check !== $hmac) {
// log HMAC failures
sentry_log('HMAC failure for fetch-user-key', 403, Raven_Client::FATAL);
return Response::json(['error' => 400]);
}
if (Auth::check() and Auth::user()->user_id === User::SYSTEM) {
$user = User::where('username', '=', $username)->get();
if ($user) {
if ($key = $user->getBanchoKey()) {
if (Auth::validate(['username' => $username, 'password' => $password])) {
return Response::json(['success' => $key]);
} else {
return Response::json(['error' => 403]);
}
} else {
// If a user doesn;t have a key, they're banned
return Response::json(['error' => 401]);
}
} else {
// use status codes. they're easier for bancho
// to understand and easier to deserialize
return Response::json(['error' => 404]);
}
} else {
// log bancho auth failures
sentry_log('auth failure for fetch-user-key', 403, Raven_Client::FATAL);
}
}
