/**
* Process the login form.
*
* @param Request $request
*
* @return $this|RedirectResponse
*/
public function postIndex(Request $request)
{
$this->validate($request, ['username' => 'required', 'password' => 'required']);
$credentials = $request->only('username', 'password');
$errors = [];
$ban = null;
/** @var User $user */
$user = User::where('username', $credentials['username'])->first();
if (Auth::validate($credentials)) {
if ($ban = $user->getBan()) {
$errors['username'] = '******';
} elseif ($user->isAdmin()) {
// Create a session to use for API requests
$session = UserSession::getOrCreate($user, $request->getClientIp());
Session::put('token', $session->getToken());
Auth::login($user);
// Successful login - go to admin panel
return new RedirectResponse('/');
} else {
$errors['username'] = '******'re not an admin.';
}
}
if ($user && empty($errors)) {
$errors['password'] = '******';
} elseif (!$user) {
$errors['username'] = '******';
}
return redirect('/login')->withInput($request->only('username', 'remember'))->withErrors($errors);
}
public function getIndex()
{
$pendingSubmissions = Submission::notApproved()->count();
$ordersNeedPrinting = Order::whereNull('printedAt')->count();
$ordersNeedShipping = Order::whereNull('shippedAt')->count();
$newMembers = User::where('createdAt', '>=', date('Y-m-d 00:00:00'))->count();
$newPosts = Post::where('createdAt', '>=', date('Y-m-d 00:00:00'))->count();
$newPosts += Comment::where('createdAt', '>=', date('Y-m-d 00:00:00'))->count();
return $this->view('admin::dashboard', ['pendingSubmissions' => $pendingSubmissions, 'ordersNeedPrinting' => $ordersNeedPrinting, 'ordersNeedShipping' => $ordersNeedShipping, 'newMembers' => $newMembers, 'newPosts' => $newPosts]);
}
/**
* @api {post} /sessions Create A Session (Login)
* @apiGroup User Sessions
* @apiDescription Validates login credentials and returns a new session if valid.
* @apiParam {string} username Username to login as.
* @apiParam {string} password The user's password.
*
* @return \Response
* @throws BannedUserException
*/
public function store()
{
$this->validate($this->request, ['username' => 'required', 'password' => 'required']);
$credentials = $this->request->only('username', 'password');
/** @var User $user */
$user = User::where('username', $credentials['username'])->first();
if (!$user) {
throw new InputException(404, ['username' => ["Couldn't find a user with that username."]]);
}
if (Auth::validate($credentials)) {
if ($ban = $user->getBan()) {
throw new BannedUserException($ban);
}
$session = UserSession::getOrCreate($user, $this->request->getClientIp());
return $this->response(['sessionToken' => $session->getToken(), 'session' => $session]);
} else {
throw new InputException(401, ['password' => ["That password is not correct."]]);
}
}
/**
* @api {post} /users/reset Reset User's Password
* @apiGroup Users
* @apiDescription Change a user's password using the token sent in the email (See "Send Forgotten Password Email")
*
* @param Request $request
*
* @return \Illuminate\Http\JsonResponse
*/
public function reset(Request $request)
{
$this->validate($request, ['token' => 'required', 'password' => $this->getPasswordValidation()]);
$pdo = DB::getPdo();
$query = $pdo->prepare('SELECT * FROM `password_resets` WHERE `token` = ? LIMIT 1');
$query->execute([$request->input('token')]);
$tokenRow = $query->fetch();
if (!$tokenRow) {
throw new HttpException(400, "Invalid token");
}
$email = $tokenRow['email'];
$password = $request->input('password');
/** @var User $user */
$user = User::where('email', $email)->first();
if (!$user) {
throw new NotFoundHttpException("User not found.");
}
$this->resetPassword($user, $password);
return $this->response(['success' => true]);
}
