public function postLogin()
{
if (Auth::attempt(array('email' => Input::get('email'), 'password' => Input::get('password')))) {
return Redirect::intended(route('admin.home'));
} else {
return Redirect::guest('login')->withInput()->with('login_errors', true);
}
}
function intend()
{
if (Auth::check()) {
return Redirect::to(Input::get('vataware_callback'));
} else {
return Redirect::guest(URL::route('user.login'));
}
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($this->auth->check()) {
if ($this->auth->user()->type == 'admin') {
return $next($request);
}
abort(403, 'Unauthorized action.');
}
return \Redirect::guest('auth/login');
}
/**
* Main filter function triggered by laravel
* Here we will trigger our role/route check also do the
* standard auth check here so that we dont need to add
* more filter parameters to our routes
* @todo find where we should go when we dont have access
* @return Response
*/
public function filter()
{
// Heres the implementation of the default auth filter
// All routes using the Role Manager needs the auth object instance
// to look up rights for the users
// In the redirect page we can do a Auth::guest() check to see if the user
// are logged in or not. If the user are logged in we can show a warning that he/she
// does not have the rights required to view the page / take the action
if (!\Role::hasAccess()) {
return \Redirect::guest('login');
}
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($this->auth->guest()) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
//return redirect()->guest('auth/login');
return \Redirect::guest(\URL::route('account-sign-in'));
}
}
return $next($request);
}
public function postLogin()
{
$cred = array('username' => \Input::get('username'), 'password' => \Input::get('password'));
if (\Auth::attempt($cred)) {
return \Redirect::intended('/');
} else {
return \Redirect::guest('login');
}
//$creds = array('username' => 'hasan' , 'password' => 'abc');
//\Auth::attempt($creds);
//Redirect::to('users');
}
public static function checkPermission($controller_type, $controller_id = null, $message = "You do not have permission to do that.")
{
$perm = self::getPermission($controller_type, $controller_id);
if ($perm->result === false) {
//we can redirect!
if ($message) {
return Redirect::guest(config('bootlegcms.cms_route') . 'login')->with('danger', $message);
} else {
return Redirect::guest(config('bootlegcms.cms_route') . 'login');
}
} else {
return true;
}
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string $role
* @return mixed
* @throws AuthenticationException
*/
public function handle($request, Closure $next, $role = 'guest')
{
if (\Auth::guest()) {
//Guests should be redirected to the login page as we make some links visible
if (\Request::ajax()) {
return \Response::make('Unauthorized', 401);
} else {
return \Redirect::guest('login');
}
} elseif ($role !== 'member' && !\Auth::user()->hasRole($role)) {
throw new AuthenticationException();
} elseif (\Auth::user()->isBanned()) {
throw new AuthenticationException();
}
return $next($request);
}
/**
* Executed when this component is bound to a page or layout.
*/
public function onRun()
{
$this->setProperty('security', self::ALLOW_USER);
if ($redirect = parent::onRun()) {
return $redirect;
}
/** @var $user User */
$user = $this->page['user'];
$redirectUrl = $this->controller->pageUrl($this->property('redirect'));
$allowedGroup = $this->property('group', null);
$group = UserGroup::where('id', $allowedGroup);
if (!$group || !$user->inGroup($group)) {
return Redirect::guest($redirectUrl);
}
$this->page['group'] = $group;
}
protected function sendCurlRequestToURL($url, $data, $custom_request = "POST")
{
if (date(time()) >= Session::get('oauth_token_expiry')) {
$this->refreshAccessToken();
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $custom_request);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Authorization: Bearer ' . Session::get('access_token'), 'Content-Type: application/json', 'Content-Length: ' . strlen($data)]);
curl_setopt($ch, CURLOPT_URL, $url);
$result = json_decode(curl_exec($ch), true);
curl_close($ch);
if (isset($result['error'])) {
return Redirect::guest('login');
}
return $result;
}
<?php
Route::filter('admin.auth', function () {
if (AdminAuth::guest()) {
if (Request::ajax()) {
return Response::make('Unauthorized', 401);
} else {
return Redirect::guest(Admin::instance()->router->routeToAuth('login'));
}
}
});
Route::filter('auth.basic', function () {
return Auth::basic();
});
/*
|--------------------------------------------------------------------------
| Guest Filter
|--------------------------------------------------------------------------
|
| The "guest" filter is the counterpart of the authentication filters as
| it simply checks that the current user is not logged in. A redirect
| response will be issued if they are, which you may freely change.
|
*/
Route::filter('guest', function () {
if (!Sentry::check()) {
return Redirect::guest('login')->with('errorMessage', 'Silahkan login terlebih dulu');
}
});
/*
|--------------------------------------------------------------------------
| CSRF Protection Filter
|--------------------------------------------------------------------------
|
| The CSRF filter is responsible for protecting your application against
| cross-site request forgery attacks. If this special token in a user
| session does not match the one given in this request, we'll bail.
|
*/
Route::filter('csrf', function () {
if (Session::token() != Input::get('_token')) {
throw new Illuminate\Session\TokenMismatchException();
}
list($class, $permission) = explode('_', $value);
try {
$user = Sentry::getUser();
// todo add more generic check in here to lookup access based on resource ID
if ($user->hasAccess($value) || $user->hasAccess(Permissions::name($class, 'admin'))) {
return;
}
Session::flash('error', trans('users.noaccess'));
return Redirect::route('home');
} catch (Cartalyst\Sentry\Users\UserNotFoundException $e) {
Session::flash('error', trans('users.notfound'));
return Redirect::guest('login');
} catch (Cartalyst\Sentry\Groups\GroupNotFoundException $e) {
Session::flash('error', trans('groups.notfound'));
return Redirect::guest('login');
}
});
/*
|--------------------------------------------------------------------------
| Guest Filter
|--------------------------------------------------------------------------
|
| The "guest" filter is the counterpart of the authentication filters as
| it simply checks that the current user is not logged in. A redirect
| response will be issued if they are, which you may freely change.
|
*/
Route::filter('guest', function () {
if (Auth::check()) {
return Redirect::to('/');
<?php
Route::filter('auth', function () {
if (Auth::guest()) {
if (Request::ajax()) {
return Response::make('Unauthorized', 401);
}
return Redirect::guest('/');
}
$return = 0;
foreach (Auth::user()->groups as $group) {
foreach ($group->resources as $resource) {
if ($resource->pattern == "/" . Route::getCurrentRoute()->getPath()) {
$return = 1;
}
}
}
if ($return == 0) {
return Redirect::to('/profile');
} else {
return;
}
});
Route::filter("guest", function () {
if (Auth::check()) {
if (Route::getCurrentRoute()->getPath() == "login") {
return Redirect::route("user/profile");
}
//
}
});
/*
|--------------------------------------------------------------------------
| Authentication Filters
|--------------------------------------------------------------------------
|
| The following filters are used to verify that the user of the current
| session is logged into this application. The "basic" filter easily
| integrates HTTP Basic authentication for quick, simple checking.
|
*/
Route::filter('auth', function () {
if (Auth::guest()) {
if (Request::ajax()) {
return Response::make('Unauthorized', 401);
} else {
return Redirect::guest(URL::route('account-login'));
}
}
});
Route::filter('auth.basic', function () {
return Auth::basic();
});
/*
|--------------------------------------------------------------------------
| Guest Filter
|--------------------------------------------------------------------------
|
| The "guest" filter is the counterpart of the authentication filters as
| it simply checks that the current user is not logged in. A redirect
| response will be issued if they are, which you may freely change.
|
/*
|--------------------------------------------------------------------------
| Authentication Filters
|--------------------------------------------------------------------------
|
| The following filters are used to verify that the user of the current
| session is logged into this application. The "basic" filter easily
| integrates HTTP Basic authentication for quick, simple checking.
|
*/
Route::filter('auth', function () {
if (Auth::guest()) {
if (Request::ajax()) {
return Response::make('Unauthorized', 401);
} else {
return Redirect::guest(route('sessions.create'));
}
}
});
Route::filter('auth.basic', function () {
return Auth::basic();
});
/*
|--------------------------------------------------------------------------
| Guest Filter
|--------------------------------------------------------------------------
|
| The "guest" filter is the counterpart of the authentication filters as
| it simply checks that the current user is not logged in. A redirect
| response will be issued if they are, which you may freely change.
|
App::after(function ($request, $response) {
//
});
/*
|--------------------------------------------------------------------------
| Authentication Filters
|--------------------------------------------------------------------------
|
| The following filters are used to verify that the user of the current
| session is logged into this application. The "basic" filter easily
| integrates HTTP Basic authentication for quick, simple checking.
|
*/
Route::filter('auth', function () {
if (Auth::guest()) {
return Redirect::guest(URL::route('sign-in'));
}
});
Route::filter('auth.basic', function () {
return Auth::basic();
});
/*
|--------------------------------------------------------------------------
| Guest Filter
|--------------------------------------------------------------------------
|
| The "guest" filter is the counterpart of the authentication filters as
| it simply checks that the current user is not logged in. A redirect
| response will be issued if they are, which you may freely change.
|
*/
public function avatarUpload()
{
$this->wrongTokenAjax();
if (!Auth::check()) {
Redirect::guest('ow_login');
}
// $this->wrongTokenAjax();
$file = Input::file('uploadImg');
$input = array('uploadImg' => $file);
$rules = array('image' => 'uploadImg');
$validator = Validator::make($input, $rules);
if ($validator->fails()) {
return Response::json(['success' => false, 'errors' => $validator->getMessageBag()->toArray()]);
}
$destinationPath = 'uploads/avatars/';
$filename = $file->getClientOriginalName();
$filePath_Name = Auth::user()->id . '/' . $filename;
$destinationPath = $destinationPath . Auth::user()->id;
$file->move($destinationPath, $filename);
$Resum = new Resume();
if ($Resum->find(Auth::user()->id)) {
// $Resum->find(Auth::user()->id)->update(['head_img'=>$filename]);
DB::table('Resume')->where('user_id', Auth::user()->id)->update(['head_img' => $filePath_Name]);
DB::table('users')->where('id', Auth::user()->id)->update(['avatar' => $filePath_Name]);
} else {
$Resum->user_id = Auth::user()->id;
$Resum->head_img = $filePath_Name;
$Resum->save();
DB::table('users')->where('id', Auth::user()->id)->update(['avatar' => $filePath_Name]);
}
return Response::json(['success' => true, 'avatar' => asset($destinationPath . '/' . $filename)]);
}
| The following filters are used to verify that the user of the current
| session is logged into this application. The "basic" filter easily
| integrates HTTP Basic authentication for quick, simple checking.
|
*/
Route::filter('guest', function () {
if (Auth::user()) {
return Redirect::route('dashboard');
}
});
Route::filter('auth', function () {
if (Auth::guest()) {
if (Request::ajax()) {
return Response::make('Unauthorized', 401);
} else {
return Redirect::guest('/')->with('error', 'Gelieve eerst in te loggen');
}
}
});
Route::filter('admin', function () {
if (Auth::user()) {
if (!Auth::user()->isAdmin()) {
return Redirect::to('/dashboard')->with('error', 'Je hebt niet de rechten deze pagina te bezoeken');
}
} else {
return Redirect::to('/')->with('error', 'Gelieve eerst in te loggen');
}
});
Route::filter('baseLaptop', function () {
if (!(Cookie::get('baseLaptop') && Cookie::get('baseLaptop') == True)) {
if (Auth::check()) {
/*
|--------------------------------------------------------------------------
| Authentication Filters
|--------------------------------------------------------------------------
|
| The following filters are used to verify that the user of the current
| session is logged into this application. The "basic" filter easily
| integrates HTTP Basic authentication for quick, simple checking.
|
*/
Route::filter('auth', function () {
if (Auth::guest()) {
if (Request::ajax()) {
return Response::make('Unauthorized', 401);
} else {
return Redirect::guest('adminLogin');
}
}
});
Route::filter('auth.basic', function () {
return Auth::basic();
});
/*
|--------------------------------------------------------------------------
| Guest Filter
|--------------------------------------------------------------------------
|
| The "guest" filter is the counterpart of the authentication filters as
| it simply checks that the current user is not logged in. A redirect
| response will be issued if they are, which you may freely change.
|
| Authentication Filters
|--------------------------------------------------------------------------
|
| The following filters are used to verify that the user of the current
| session is logged into this application. The "basic" filter easily
| integrates HTTP Basic authentication for quick, simple checking.
|
*/
Route::filter('loggedin', function () {
if (!Auth::user()) {
return Redirect::to('users/login');
}
});
Route::filter('auth', function () {
if (Auth::guest()) {
return Redirect::guest('users/login');
}
});
Route::filter('auth.basic', function () {
return Auth::basic();
});
/*
|--------------------------------------------------------------------------
| Guest Filter
|--------------------------------------------------------------------------
|
| The "guest" filter is the counterpart of the authentication filters as
| it simply checks that the current user is not logged in. A redirect
| response will be issued if they are, which you may freely change.
|
*/
});
/*
|--------------------------------------------------------------------------
| CSRF Protection Filter
|--------------------------------------------------------------------------
|
| The CSRF filter is responsible for protecting your application against
| cross-site request forgery attacks. If this special token in a user
| session does not match the one given in this request, we'll bail.
|
*/
Route::filter('csrf', function () {
if (Session::token() != Input::get('_token')) {
throw new Illuminate\Session\TokenMismatchException();
}
});
Route::filter('sentry', function ($route, $request) {
View::share('current_route', $route->getName());
View::share('Manager', Sentry::findGroupByName('Manager'));
View::share('StoreManager', Sentry::findGroupByName('Store Manager'));
View::share('SalesPerson', Sentry::findGroupByName('Sales Person'));
if (!Sentry::check()) {
return Redirect::guest(route('users.login'));
} else {
$user = Sentry::getUser();
View::share('logged_user', $user);
if (!$user->hasAccess($route->getName())) {
return Response::view('error.denied', array('route_name' => $route->getName()), 403);
}
}
});
Route::get('home', function () {
return redirect()->route('admin.index');
});
Route::controllers(['auth' => 'Auth\\AuthController', 'password' => 'Auth\\PasswordController']);
Route::model('department', 'App\\Department');
Route::model('staff', 'App\\User');
Route::model('level', 'App\\Level');
Route::model('manager', 'App\\Manager');
Route::model('leader', 'App\\Leader');
Route::model('review', 'App\\Review');
Route::filter('auth', function () {
if (Auth::guest()) {
if (Request::ajax()) {
return Response::make('Unauthorized', 401);
} else {
return Redirect::guest('auth/login');
}
} else {
if (Auth::check() && !Auth::user()->active) {
Auth::logout();
return Redirect::to('auth/login')->with('danger', 'Your account is banned, please contact your administrator to active your account');
}
}
});
Route::group(['prefix' => 'admin', 'before' => 'auth'], function () {
Route::get('index', ['as' => 'admin.index', 'uses' => 'HomeController@index']);
Route::group(['prefix' => 'team'], function () {
Route::resource('manager', 'ManagerController');
Route::get('manager/delete/{id}', 'ManagerController@delete');
Route::get('manager/add/{id}', 'ManagerController@getAdd');
Route::post('manager/add/{id}', 'ManagerController@postAdd');
$npr->user_id = Auth::user()->id;
$npr->email = Input::get('email');
$npr->save();
return Redirect::to('earn/cashout')->with(array('errors' => 'Request has been submitted!'));
} else {
return Redirect::to('earn/cashout')->with(array('errors' => 'Sorry, minimum cash out amount is $10!'));
}
} else {
return Redirect::to('earn/cashout')->with(array('errors' => 'No email address specified!'));
}
}
}
});
Route::get('torrent/{uniid}', function ($uniid) {
if (Auth::guest()) {
return Redirect::guest('signin');
} else {
$user_media = UserMedia::where('uni_id', '=', $uniid)->where('user_id', '=', Auth::user()->id)->first();
if (count($user_media) == 0) {
} else {
$media = Media::where('id', '=', $user_media->media_id)->first();
$pa = Input::get("p");
if (!$media->downloading()) {
include_once '/opt/nginx/html/vendor/secure_link.php';
$zip_link = new secURL($media->id, null, false, null, true);
$zip_link->createlink();
$zip_file_link = $zip_link->getlink();
} else {
$zip_file_link = null;
}
if (Input::has("d")) {
if (!$request->ajax()) {
return Redirect::guest('login');
} else {
return Response::make('Unauthorized Access', 403);
}
}
});
Route::filter('auth.basic', function () {
return Auth::basic();
});
Route::filter('guest', function ($route, $request) {
if (Auth::guest()) {
//
} else {
if (!$request->ajax()) {
return Redirect::guest('admin/dashboard');
} else {
return Response::make('Unauthorized Access', 403);
}
}
});
// Role-based Authorization Filter.
Route::filter('roles', function ($route, $request, $response, $roles = null) {
if (!is_null($roles) && Auth::check()) {
$user = Auth::user();
if (!$user->hasRole($roles)) {
$status = __('You are not authorized to access this resource.');
return Redirect::to('admin/dashboard')->withStatus($status, 'warning');
}
}
});
<?php
/**
* Created by PhpStorm.
* User: kkeiper
* Date: 9/4/14
* Time: 9:14 AM
*/
Route::filter("sentry.auth", function () {
if (!Sentry::check()) {
if (Request::ajax()) {
return Response::make('Unauthorized', 401);
} else {
return Redirect::guest('sentry/login');
}
}
});
Route::filter('sentry.guest', function () {
if (Sentry::check()) {
return Redirect::to('/');
}
});
Route::filter("sentry.is", function ($route, $request) {
$filterArgs = array_slice(func_get_args(), 2);
if (!Sentry::getUser()->hasAccess($filterArgs)) {
Notify::error("You Do Not Have Permission To Access This Area.");
return Redirect::to("/");
}
});
<?php
App::before(function ($request) {
//
});
App::after(function ($request, $response) {
//
});
Route::filter('auth', function () {
if (Auth::guest()) {
if (Request::ajax()) {
return Response::make('Unauthorized', 401);
} else {
return Redirect::guest('auth');
}
}
});
Route::filter('auth.basic', function () {
return Auth::basic();
});
Route::filter('guest', function () {
if (Auth::check()) {
return Redirect::to('/');
}
});
Route::filter('csrf', function () {
if (Session::token() != Input::get('_token')) {
throw new Illuminate\Session\TokenMismatchException();
}
});
|
| The CSRF filter is responsible for protecting your application against
| cross-site request forgery attacks. If this special token in a user
| session does not match the one given in this request, we'll bail.
|
*/
Route::filter('platform.csrf', function ($route, $request) {
if (strtoupper($request->getMethod()) === 'GET' || App::environment() == "local") {
return;
}
$token = $request->ajax() ? $request->header('X-CSRF-Token') : Input::get('_token');
if (Session::token() != $token) {
throw new Illuminate\Session\TokenMismatchException();
}
});
/*
|--------------------------------------------------------------------------
| Authentication Filters For Platform
|--------------------------------------------------------------------------
|
| The following filters are used to verify that the user of the current
| session is logged into this application. The "basic" filter easily
| integrates HTTP Basic authentication for quick, simple checking.
|
*/
Route::filter('platform.auth', function () {
if (Auth::guest()) {
$prefix = Config::get('platform::routing.prefix');
return Redirect::guest("{$prefix}/login");
}
});
/*
|--------------------------------------------------------------------------
| Authentication Filters
|--------------------------------------------------------------------------
|
| The following filters are used to verify that the user of the current
| session is logged into this application. The "basic" filter easily
| integrates HTTP Basic authentication for quick, simple checking.
|
*/
Route::filter('auth', function () {
if (Auth::guest()) {
if (Request::ajax()) {
return Response::make('Unauthorized', 401);
} else {
return Redirect::guest('~fsef141g1/users/login');
}
}
});
Route::filter('auth.basic', function () {
return Auth::basic();
});
/*
|--------------------------------------------------------------------------
| Guest Filter
|--------------------------------------------------------------------------
|
| The "guest" filter is the counterpart of the authentication filters as
| it simply checks that the current user is not logged in. A redirect
| response will be issued if they are, which you may freely change.
|
App::after(function ($request, $response) {
//
});
/*
|--------------------------------------------------------------------------
| Authentication Filters
|--------------------------------------------------------------------------
|
| The following filters are used to verify that the user of the current
| session is logged into this application. The "basic" filter easily
| integrates HTTP Basic authentication for quick, simple checking.
|
*/
Route::filter('auth', function () {
if (Auth::guest()) {
return Redirect::guest('administrador');
}
});
Route::filter('auth.basic', function () {
return Auth::basic();
});
/*
|--------------------------------------------------------------------------
| Guest Filter
|--------------------------------------------------------------------------
|
| The "guest" filter is the counterpart of the authentication filters as
| it simply checks that the current user is not logged in. A redirect
| response will be issued if they are, which you may freely change.
|
*/
