/** * Process the login form. * * @param Request $request * * @return $this|RedirectResponse */ public function postIndex(Request $request) { $this->validate($request, ['username' => 'required', 'password' => 'required']); $credentials = $request->only('username', 'password'); $errors = []; $ban = null; /** @var User $user */ $user = User::where('username', $credentials['username'])->first(); if (Auth::validate($credentials)) { if ($ban = $user->getBan()) { $errors['username'] = '******'; } elseif ($user->isAdmin()) { // Create a session to use for API requests $session = UserSession::getOrCreate($user, $request->getClientIp()); Session::put('token', $session->getToken()); Auth::login($user); // Successful login - go to admin panel return new RedirectResponse('/'); } else { $errors['username'] = '******'re not an admin.'; } } if ($user && empty($errors)) { $errors['password'] = '******'; } elseif (!$user) { $errors['username'] = '******'; } return redirect('/login')->withInput($request->only('username', 'remember'))->withErrors($errors); }
public function getIndex() { $pendingSubmissions = Submission::notApproved()->count(); $ordersNeedPrinting = Order::whereNull('printedAt')->count(); $ordersNeedShipping = Order::whereNull('shippedAt')->count(); $newMembers = User::where('createdAt', '>=', date('Y-m-d 00:00:00'))->count(); $newPosts = Post::where('createdAt', '>=', date('Y-m-d 00:00:00'))->count(); $newPosts += Comment::where('createdAt', '>=', date('Y-m-d 00:00:00'))->count(); return $this->view('admin::dashboard', ['pendingSubmissions' => $pendingSubmissions, 'ordersNeedPrinting' => $ordersNeedPrinting, 'ordersNeedShipping' => $ordersNeedShipping, 'newMembers' => $newMembers, 'newPosts' => $newPosts]); }
/** * @api {post} /sessions Create A Session (Login) * @apiGroup User Sessions * @apiDescription Validates login credentials and returns a new session if valid. * @apiParam {string} username Username to login as. * @apiParam {string} password The user's password. * * @return \Response * @throws BannedUserException */ public function store() { $this->validate($this->request, ['username' => 'required', 'password' => 'required']); $credentials = $this->request->only('username', 'password'); /** @var User $user */ $user = User::where('username', $credentials['username'])->first(); if (!$user) { throw new InputException(404, ['username' => ["Couldn't find a user with that username."]]); } if (Auth::validate($credentials)) { if ($ban = $user->getBan()) { throw new BannedUserException($ban); } $session = UserSession::getOrCreate($user, $this->request->getClientIp()); return $this->response(['sessionToken' => $session->getToken(), 'session' => $session]); } else { throw new InputException(401, ['password' => ["That password is not correct."]]); } }
/** * @api {post} /users/reset Reset User's Password * @apiGroup Users * @apiDescription Change a user's password using the token sent in the email (See "Send Forgotten Password Email") * * @param Request $request * * @return \Illuminate\Http\JsonResponse */ public function reset(Request $request) { $this->validate($request, ['token' => 'required', 'password' => $this->getPasswordValidation()]); $pdo = DB::getPdo(); $query = $pdo->prepare('SELECT * FROM `password_resets` WHERE `token` = ? LIMIT 1'); $query->execute([$request->input('token')]); $tokenRow = $query->fetch(); if (!$tokenRow) { throw new HttpException(400, "Invalid token"); } $email = $tokenRow['email']; $password = $request->input('password'); /** @var User $user */ $user = User::where('email', $email)->first(); if (!$user) { throw new NotFoundHttpException("User not found."); } $this->resetPassword($user, $password); return $this->response(['success' => true]); }