public function verify($username, $password) { $credentials = ['username' => $username, 'password' => $password]; $person = new Person(); $resp = $person->getUsername($credentials['username']); if (!empty($resp)) { if (\Hash::check($credentials['password'], $resp['password'])) { $auth = true; } else { //check for old hashing if (md5($credentials['password']) == $resp['password']) { //convert old pass to new hashing $resp['password'] = bcrypt($credentials['password']); $id = my_encode($resp['id']); $person->update($id, $resp); $auth = true; } else { $auth = false; } } } else { //invalid user $auth = false; } if ($auth) { $result = $person->respondWithItem($resp, new UserTransformer()); session()->put('user', $result); return my_decode($resp['id']); } return false; }
/** * Authenticate user * @param Request $request */ public function attempt(LoginRequest $request) { $params = $request->only('username', 'password'); $person = new Person(); $resp = $person->getUsername($params['username']); if (!empty($resp)) { if (\Hash::check($params['password'], $resp['password'])) { $request->session()->put('user', ['id' => $resp['id'], 'username' => $resp['username'], 'role' => $resp['role'], 'disp_name' => $resp['role'] == 'A' ? 'Administrator' : $resp['first_name'] . ' ' . $resp['last_name']]); $message = 'success'; } else { //check for old hashing if (md5($params['password']) == $resp['password']) { //convert old pass to new hashing $resp['password'] = bcrypt($params['password']); $id = 'person_' . $resp['id']; $person->update($id, $resp); $request->session()->put('user', ['id' => $resp['id'], 'username' => $resp['username'], 'role' => $resp['role'], 'disp_name' => $resp['role'] == 'A' ? 'Administrator' : $resp['first_name'] . ' ' . $resp['last_name']]); $message = 'success'; } else { //invalid password $message = 'invalid'; } } } else { //invalid user $message = 'invalid'; } return response(['login_status' => $message]); }