From fdf618b2bebb7f724cd67d03797e1d27a886e8f5 Mon Sep 17 00:00:00 2001 From: Pig Fang Date: Fri, 20 Jul 2018 14:42:43 +0800 Subject: [PATCH] Use Laravel's auth system and use another captcha generator --- app/Http/Controllers/AdminController.php | 20 +- app/Http/Controllers/AuthController.php | 97 +++---- app/Http/Controllers/ClosetController.php | 13 +- app/Http/Controllers/HomeController.php | 7 +- app/Http/Controllers/PlayerController.php | 33 +-- app/Http/Controllers/SetupController.php | 32 +-- app/Http/Controllers/SkinlibController.php | 59 ++-- app/Http/Controllers/UserController.php | 76 +++--- app/Http/Middleware/CheckAdministrator.php | 8 +- app/Http/Middleware/CheckAuthenticated.php | 32 +-- app/Http/Middleware/CheckPlayerOwner.php | 2 +- app/Http/Middleware/CheckSessionUserValid.php | 39 --- .../Middleware/RedirectIfAuthenticated.php | 12 +- app/Models/User.php | 60 +---- app/Providers/RouteServiceProvider.php | 3 +- app/Services/Repositories/UserRepository.php | 2 +- app/helpers.php | 20 -- composer.json | 4 +- composer.lock | 255 ++++++++++++++++-- config/app.php | 1 + config/auth.php | 102 +++++++ config/captcha.php | 45 ++++ config/debugbar.php | 8 +- database/factories/UserModelFactory.php | 16 +- .../2016_11_18_133939_create_all_tables.php | 11 +- .../update_scripts/update-3.4.0-to-4.0.0.php | 8 + resources/lang/en/auth.yml | 1 - resources/lang/en/validation.yml | 1 + resources/lang/zh_CN/auth.yml | 1 - resources/lang/zh_CN/validation.yml | 1 + resources/views/admin/master.tpl | 4 +- resources/views/index.tpl | 8 +- resources/views/user/index.tpl | 8 +- routes/web.php | 4 +- tests/AuthControllerTest.php | 137 ++++------ tests/BrowserKitTestCase.php | 2 +- tests/MiddlewareTest.php | 44 +-- tests/PlayerControllerTest.php | 11 +- tests/TestCase.php | 2 +- tests/UpdateControllerTest.php | 1 - tests/UserControllerTest.php | 13 +- 41 files changed, 655 insertions(+), 548 deletions(-) delete mode 100644 app/Http/Middleware/CheckSessionUserValid.php create mode 100644 config/auth.php create mode 100644 config/captcha.php create mode 100644 database/update_scripts/update-3.4.0-to-4.0.0.php diff --git a/app/Http/Controllers/AdminController.php b/app/Http/Controllers/AdminController.php index eb73b1cb..3b41fe92 100644 --- a/app/Http/Controllers/AdminController.php +++ b/app/Http/Controllers/AdminController.php @@ -11,6 +11,7 @@ use App\Models\Player; use App\Models\Texture; use Illuminate\Http\Request; use App\Services\OptionForm; +use Illuminate\Support\Facades\Auth; use App\Services\Repositories\UserRepository; class AdminController extends Controller @@ -247,7 +248,7 @@ class AdminController extends Controller return $user->email ?: 'EMPTY'; }) ->setRowId('uid') - ->addColumn('operations', app('user.current')->getPermission()) + ->addColumn('operations', Auth::user()->permission) ->addColumn('players_count', function ($user) { return $user->players->count(); }) @@ -271,19 +272,20 @@ class AdminController extends Controller * Handle ajax request from /admin/users * * @param Request $request - * @return Illuminate\Http\JsonResponse + * @return \Illuminate\Http\JsonResponse */ public function userAjaxHandler(Request $request, UserRepository $users) { $action = $request->input('action'); - $user = $users->get($request->input('uid')); + $user = $users->get($request->input('uid')); + $currentUser = Auth::user(); if (! $user) { return json(trans('admin.users.operations.non-existent'), 1); } - if ($user->uid !== app('user.current')->uid) { - if ($user->permission >= app('user.current')->permission) { + if ($user->uid !== $currentUser->uid) { + if ($user->permission >= $currentUser->permission) { return json(trans('admin.users.operations.no-permission'), 1); } } @@ -367,15 +369,15 @@ class AdminController extends Controller public function playerAjaxHandler(Request $request, UserRepository $users) { $action = $request->input('action'); - + $currentUser = Auth::user(); $player = Player::find($request->input('pid')); if (! $player) { return json(trans('general.unexistent-player'), 1); } - if ($player->user()->first()->uid !== app('user.current')->uid) { - if ($player->user->permission >= app('user.current')->permission) { + if ($player->user()->first()->uid !== $currentUser->uid) { + if ($player->user->permission >= $currentUser->permission) { return json(trans('admin.players.no-permission'), 1); } } @@ -445,7 +447,7 @@ class AdminController extends Controller $user = $users->get(intval($uid)); if ($user) { return json('success', 0, ['user' => $user->makeHidden([ - 'password', 'ip', 'last_sign_at', 'register_at' + 'password', 'ip', 'last_sign_at', 'register_at', 'remember_token' ])->toArray()]); } else { return json('No such user.', 1); diff --git a/app/Http/Controllers/AuthController.php b/app/Http/Controllers/AuthController.php index a726b9f8..24d6f99a 100644 --- a/app/Http/Controllers/AuthController.php +++ b/app/Http/Controllers/AuthController.php @@ -14,16 +14,12 @@ use App\Events; use App\Models\User; use App\Mail\ForgotPassword; use Illuminate\Http\Request; +use Illuminate\Support\Facades\Auth; use App\Exceptions\PrettyPageException; use App\Services\Repositories\UserRepository; class AuthController extends Controller { - public function login() - { - return view('auth.login'); - } - public function handleLogin(Request $request, UserRepository $users) { $this->validate($request, [ @@ -54,21 +50,13 @@ class AuthController extends Controller if ($user->verifyPassword($request->input('password'))) { Session::forget('login_fails'); - Session::put('uid' , $user->uid); - Session::put('token', $user->getToken()); - - // Time in minutes - $time = $request->input('keep') == true ? 10080 : 60; + Auth::login($user, $request->input('keep') == 'true'); event(new Events\UserLoggedIn($user)); session()->forget('last_requested_path'); - return json(trans('auth.login.success'), 0, [ - 'token' => $user->getToken() - ]) // Set cookies - ->withCookie('uid', $user->uid, $time) - ->withCookie('token', $user->getToken(), $time); + return json(trans('auth.login.success'), 0); } else { Session::put('login_fails', session('login_fails', 0) + 1); @@ -79,16 +67,11 @@ class AuthController extends Controller } } - public function logout(Request $request) + public function logout() { - if (Session::has('uid') && Session::has('token')) { - // Flush sessions - Session::flush(); - - // Delete cookies - return json(trans('auth.logout.success'), 0) - ->withCookie(Cookie::forget('uid')) - ->withCookie(Cookie::forget('token')); + if (Auth::check()) { + Auth::logout(); + return json(trans('auth.logout.success'), 0); } else { return json(trans('auth.logout.fail'), 1); } @@ -103,15 +86,13 @@ class AuthController extends Controller } } - public function handleRegister(Request $request, UserRepository $users) + public function handleRegister(Request $request) { - if (! $this->checkCaptcha($request)) - return json(trans('auth.validation.captcha'), 1); - - $this->validate($request, [ - 'email' => 'required|email', + $data = $this->validate($request, [ + 'email' => 'required|email|unique:users', 'password' => 'required|min:8|max:32', - 'nickname' => 'required|no_special_chars|max:255' + 'nickname' => 'required|no_special_chars|max:255', + 'captcha' => 'required'.(app()->environment('testing') ? '' : '|captcha') ]); if (! option('user_can_register')) { @@ -119,37 +100,30 @@ class AuthController extends Controller } // If amount of registered accounts of IP is more than allowed amounts, - // then reject the register. - if (User::where('ip', Utils::getClientIp())->count() < option('regs_per_ip')) - { - // Register a new user. - // If the email is already registered, - // it will return a false value. - $user = User::register( - $request->input('email'), - $request->input('password'), function($user) use ($request) - { - $user->ip = Utils::getClientIp(); - $user->score = option('user_initial_score'); - $user->register_at = Utils::getTimeFormatted(); - $user->last_sign_at = Utils::getTimeFormatted(time() - 86400); - $user->permission = User::NORMAL; - $user->nickname = $request->input('nickname'); - }); + // reject the registration. + if (User::where('ip', Utils::getClientIp())->count() < option('regs_per_ip')) { + $user = new User; + $user->email = $data['email']; + $user->nickname = $data['nickname']; + $user->score = option('user_initial_score'); + $user->avatar = 0; + $user->password = User::getEncryptedPwdFromEvent($data['password'], $user) + ?: app('cipher')->hash($data['password'], config('secure.salt')); + $user->ip = Utils::getClientIp(); + $user->permission = User::NORMAL; + $user->register_at = Utils::getTimeFormatted(); + $user->last_sign_at = Utils::getTimeFormatted(time() - 86400); - if (! $user) { - return json(trans('auth.register.registered'), 5); - } + $user->save(); event(new Events\UserRegistered($user)); + Auth::login($user); + return json([ 'errno' => 0, - 'msg' => trans('auth.register.success'), - 'token' => $user->getToken(), - ]) // Set cookies - ->withCookie('uid', $user->uid, 60) - ->withCookie('token', $user->getToken(), 60); + 'msg' => trans('auth.register.success') + ]); } else { return json(trans('auth.register.max', ['regs' => option('regs_per_ip')]), 7); @@ -216,16 +190,7 @@ class AuthController extends Controller public function captcha() { - $builder = new \Gregwar\Captcha\CaptchaBuilder; - $builder->build($width = 100, $height = 34); - Session::put('phrase', $builder->getPhrase()); - - ob_start(); - $builder->output(); - $captcha = ob_get_contents(); - ob_end_clean(); - - return \Response::png($captcha); + return captcha(); } protected function checkCaptcha($request) diff --git a/app/Http/Controllers/ClosetController.php b/app/Http/Controllers/ClosetController.php index 11c24c47..e64d3155 100644 --- a/app/Http/Controllers/ClosetController.php +++ b/app/Http/Controllers/ClosetController.php @@ -9,6 +9,7 @@ use App\Models\Closet; use App\Models\Texture; use App\Models\ClosetModel; use Illuminate\Http\Request; +use Illuminate\Support\Facades\Auth; use App\Exceptions\PrettyPageException; class ClosetController extends Controller @@ -23,14 +24,14 @@ class ClosetController extends Controller public function __construct() { $this->middleware(function ($request, $next) { - $this->closet = new Closet($request->session()->get('uid')); + $this->closet = new Closet(Auth::id()); return $next($request); }); } public function index() { - return view('user.closet')->with('user', app('user.current')); + return view('user.closet')->with('user', Auth::user()); } public function getClosetData(Request $request) @@ -70,7 +71,9 @@ class ClosetController extends Controller 'name' => 'required|no_special_chars' ]); - if (app('user.current')->getScore() < option('score_per_closet_item')) { + $currentUser = Auth::user(); + + if ($currentUser->getScore() < option('score_per_closet_item')) { return json(trans('user.closet.add.lack-score'), 7); } @@ -86,7 +89,7 @@ class ClosetController extends Controller $this->closet->save(); - app('user.current')->setScore(option('score_per_closet_item'), 'minus'); + $currentUser->setScore(option('score_per_closet_item'), 'minus'); return json(trans('user.closet.add.success', ['name' => $request->input('name')]), 0); } else { @@ -123,7 +126,7 @@ class ClosetController extends Controller $this->closet->save(); if (option('return_score')) - app('user.current')->setScore(option('score_per_closet_item'), 'plus'); + Auth::user()->setScore(option('score_per_closet_item'), 'plus'); return json(trans('user.closet.remove.success'), 0); } else { diff --git a/app/Http/Controllers/HomeController.php b/app/Http/Controllers/HomeController.php index 64ada861..2db4ef43 100644 --- a/app/Http/Controllers/HomeController.php +++ b/app/Http/Controllers/HomeController.php @@ -2,14 +2,11 @@ namespace App\Http\Controllers; -use Illuminate\Http\Request; -use App\Services\Repositories\UserRepository; - class HomeController extends Controller { - public function index(UserRepository $users, Request $request) + public function index() { - return view('index')->with('user', $users->getCurrentUser()) + return view('index')->with('user', auth()->user()) ->with('home_pic_url', option('home_pic_url') ?: config('options.home_pic_url')); } } diff --git a/app/Http/Controllers/PlayerController.php b/app/Http/Controllers/PlayerController.php index b367c6e2..fdcad560 100644 --- a/app/Http/Controllers/PlayerController.php +++ b/app/Http/Controllers/PlayerController.php @@ -15,6 +15,7 @@ use App\Events\PlayerWasDeleted; use App\Events\CheckPlayerExists; use App\Events\PlayerWillBeAdded; use App\Events\PlayerWillBeDeleted; +use Illuminate\Support\Facades\Auth; use App\Exceptions\PrettyPageException; use App\Http\Middleware\CheckPlayerExist; use App\Http\Middleware\CheckPlayerOwner; @@ -22,13 +23,6 @@ use App\Services\Repositories\UserRepository; class PlayerController extends Controller { - /** - * User Instance. - * - * @var \App\Models\User - */ - private $user; - /** * Player Instance. * @@ -36,13 +30,9 @@ class PlayerController extends Controller */ private $player; - public function __construct(UserRepository $users) + public function __construct() { - $this->middleware(function ($request, $next) use ($users) { - $uid = $request->session()->get('uid'); - - $this->user = $users->get($uid); - + $this->middleware(function ($request, $next) { if ($request->has('pid')) { if ($this->player = Player::find($request->pid)) { $this->player->checkForInvalidTextures(); @@ -59,11 +49,16 @@ class PlayerController extends Controller public function index() { - return view('user.player')->with('players', $this->user->players->toArray())->with('user', $this->user); + $user = Auth::user(); + return view('user.player') + ->with('players', $user->players->toArray()) + ->with('user', $user); } public function add(Request $request) { + $user = Auth::user(); + $this->validate($request, [ 'player_name' => 'required|player_name|min:'.option('player_name_length_min').'|max:'.option('player_name_length_max') ]); @@ -74,7 +69,7 @@ class PlayerController extends Controller return json(trans('user.player.add.repeated'), 6); } - if ($this->user->getScore() < Option::get('score_per_player')) { + if ($user->getScore() < Option::get('score_per_player')) { return json(trans('user.player.add.lack-score'), 7); } @@ -82,7 +77,7 @@ class PlayerController extends Controller $player = new Player; - $player->uid = $this->user->uid; + $player->uid = $user->uid; $player->player_name = $request->input('player_name'); $player->preference = "default"; $player->last_modified = Utils::getTimeFormatted(); @@ -90,12 +85,12 @@ class PlayerController extends Controller event(new PlayerWasAdded($player)); - $this->user->setScore(option('score_per_player'), 'minus'); + $user->setScore(option('score_per_player'), 'minus'); return json(trans('user.player.add.success', ['name' => $request->input('player_name')]), 0); } - public function delete(Request $request) + public function delete() { $playerName = $this->player->player_name; @@ -104,7 +99,7 @@ class PlayerController extends Controller $this->player->delete(); if (option('return_score')) { - $this->user->setScore(Option::get('score_per_player'), 'plus'); + Auth::user()->setScore(Option::get('score_per_player'), 'plus'); } event(new PlayerWasDeleted($playerName)); diff --git a/app/Http/Controllers/SetupController.php b/app/Http/Controllers/SetupController.php index 89933823..b818963a 100644 --- a/app/Http/Controllers/SetupController.php +++ b/app/Http/Controllers/SetupController.php @@ -59,7 +59,7 @@ class SetupController extends Controller public function finish(Request $request) { - $this->validate($request, [ + $data = $this->validate($request, [ 'email' => 'required|email', 'password' => 'required|min:8|max:32|confirmed', 'site_name' => 'required' @@ -70,11 +70,6 @@ class SetupController extends Controller if (is_writable(app()->environmentFile())) { Artisan::call('key:random'); Artisan::call('salt:random'); - - Log::info("[SetupWizard] Random application key & salt set successfully.", [ - 'key' => config('app.key'), - 'salt' => config('secure.salt') - ]); } else { // @codeCoverageIgnoreStart Log::warning("[SetupWizard] Failed to set application key. No write permission."); @@ -97,20 +92,21 @@ class SetupController extends Controller Option::set('site_url', $siteUrl); // Register super admin - $user = User::register( - $request->input('email'), - $request->input('password'), function ($user) - { - $user->ip = Utils::getClientIp(); - $user->score = option('user_initial_score'); - $user->register_at = Utils::getTimeFormatted(); - $user->last_sign_at = Utils::getTimeFormatted(time() - 86400); - $user->permission = User::SUPER_ADMIN; - }); - Log::info("[SetupWizard] Super Admin registered.", ['user' => $user]); + $user = new User; + $user->email = $data['email']; + $user->nickname = ''; + $user->score = option('user_initial_score'); + $user->avatar = 0; + $user->password = User::getEncryptedPwdFromEvent($data['password'], $user) + ?: app('cipher')->hash($data['password'], config('secure.salt')); + $user->ip = Utils::getClientIp(); + $user->permission = User::SUPER_ADMIN; + $user->register_at = Utils::getTimeFormatted(); + $user->last_sign_at = Utils::getTimeFormatted(time() - 86400); + + $user->save(); $this->createDirectories(); - Log::info("[SetupWizard] Installation completed."); return view('setup.wizard.finish')->with([ 'email' => $request->input('email'), diff --git a/app/Http/Controllers/SkinlibController.php b/app/Http/Controllers/SkinlibController.php index 4ee3eb78..e534ca25 100644 --- a/app/Http/Controllers/SkinlibController.php +++ b/app/Http/Controllers/SkinlibController.php @@ -13,24 +13,15 @@ use App\Models\Player; use App\Models\Texture; use Illuminate\Http\Request; use Illuminate\Http\JsonResponse; +use Illuminate\Support\Facades\Auth; use App\Exceptions\PrettyPageException; use App\Services\Repositories\UserRepository; class SkinlibController extends Controller { - protected $user = null; - - public function __construct(UserRepository $users) - { - $this->middleware(function ($request, $next) use ($users) { - $this->user = $users->get($request->session()->get('uid')); - return $next($request); - }); - } - public function index() { - return view('skinlib.index', ['user' => $this->user]); + return view('skinlib.index', ['user' => Auth::user()]); } /** @@ -42,6 +33,7 @@ class SkinlibController extends Controller */ public function getSkinlibFiltered(Request $request) { + $currentUser = Auth::user(); // Available filters: skin, steve, alex, cape $filter = $request->input('filter', 'skin'); @@ -65,7 +57,7 @@ class SkinlibController extends Controller $keyword = $request->input('keyword', ''); // Check if user logged in - $anonymous = is_null($this->user); + $anonymous = !Auth::check(); if ($filter == "skin") { $query = Texture::where(function ($innerQuery) { @@ -89,9 +81,9 @@ class SkinlibController extends Controller $query = $query->where('public', true); } else { // Show private textures when show uploaded textures of current user - if ($uploader != $this->user->uid && !$this->user->isAdmin()) { - $query = $query->where(function ($innerQuery) { - $innerQuery->where('public', true)->orWhere('uploader', '=', $this->user->uid); + if ($uploader != $currentUser->uid && !$currentUser->isAdmin()) { + $query = $query->where(function ($innerQuery) use ($currentUser) { + $innerQuery->where('public', true)->orWhere('uploader', '=', $currentUser->uid); }); } } @@ -104,7 +96,7 @@ class SkinlibController extends Controller ->get(); if (! $anonymous) { - $closet = new Closet($this->user->uid); + $closet = new Closet($currentUser->uid); foreach ($textures as $item) { $item->liked = $closet->has($item->tid); } @@ -120,6 +112,7 @@ class SkinlibController extends Controller public function show($tid) { $texture = Texture::find($tid); + $user = Auth::user(); if (! $texture || $texture && !Storage::disk('textures')->has($texture->hash)) { if (option('auto_del_invalid_texture')) { @@ -133,11 +126,14 @@ class SkinlibController extends Controller } if (!$texture->public) { - if (is_null($this->user) || ($this->user->uid != $texture->uploader && !$this->user->isAdmin())) + if (!Auth::check() || ($user->uid != $texture->uploader && !$user->isAdmin())) abort(403, trans('skinlib.show.private')); } - return view('skinlib.show')->with('texture', $texture)->with('with_out_filter', true)->with('user', $this->user); + return view('skinlib.show') + ->with('texture', $texture) + ->with('with_out_filter', true) + ->with('user', $user); } public function info($tid) @@ -151,15 +147,14 @@ class SkinlibController extends Controller public function upload() { - return view('skinlib.upload')->with('user', $this->user)->with('with_out_filter', true); + return view('skinlib.upload') + ->with('user', Auth::user()) + ->with('with_out_filter', true); } public function handleUpload(Request $request) { - // Hacking for testing - if (config('app.env') == 'testing') { - $this->user = User::find($this->user->uid); - } + $user = Auth::user(); if (($response = $this->checkUpload($request)) instanceof JsonResponse) { return $response; @@ -172,13 +167,13 @@ class SkinlibController extends Controller $t->hash = bs_hash_file($request->file('file')); $t->size = ceil($request->file('file')->getSize() / 1024); $t->public = $request->input('public') == 'true'; - $t->uploader = $this->user->uid; + $t->uploader = $user->uid; $t->upload_at = Utils::getTimeFormatted(); $cost = $t->size * ($t->public ? Option::get('score_per_storage') : Option::get('private_score_per_storage')); $cost += option('score_per_closet_item'); - if ($this->user->getScore() < $cost) + if ($user->getScore() < $cost) return json(trans('skinlib.upload.lack-score'), 7); $results = Texture::where('hash', $t->hash)->get(); @@ -201,9 +196,9 @@ class SkinlibController extends Controller $t->save(); - $this->user->setScore($cost, 'minus'); + $user->setScore($cost, 'minus'); - if ($this->user->getCloset()->add($t->tid, $t->name)) { + if ($user->getCloset()->add($t->tid, $t->name)) { return json(trans('skinlib.upload.success', ['name' => $request->input('name')]), 0, [ 'tid' => $t->tid ]); @@ -213,12 +208,13 @@ class SkinlibController extends Controller public function delete(Request $request, UserRepository $users) { $result = Texture::find($request->tid); + $user = Auth::user(); if (! $result) { return json(trans('skinlib.non-existent'), 1); } - if ($result->uploader != $this->user->uid && !$this->user->isAdmin()) { + if ($result->uploader != $user->uid && !$user->isAdmin()) { return json(trans('skinlib.no-permission'), 1); } @@ -249,11 +245,12 @@ class SkinlibController extends Controller public function privacy(Request $request, UserRepository $users) { $t = Texture::find($request->input('tid')); + $user = Auth::user(); if (! $t) return json(trans('skinlib.non-existent'), 1); - if ($t->uploader != $this->user->uid && !$this->user->isAdmin()) + if ($t->uploader != $user->uid && !$user->isAdmin()) return json(trans('skinlib.no-permission'), 1); $score_diff = $t->size * (option('private_score_per_storage') - option('score_per_storage')) * ($t->public ? -1 : 1); @@ -285,13 +282,13 @@ class SkinlibController extends Controller 'tid' => 'required|integer', 'new_name' => 'required|no_special_chars' ]); - + $user = Auth::user(); $t = Texture::find($request->input('tid')); if (! $t) return json(trans('skinlib.non-existent'), 1); - if ($t->uploader != $this->user->uid && !$this->user->isAdmin()) + if ($t->uploader != $user->uid && !$user->isAdmin()) return json(trans('skinlib.no-permission'), 1); $t->name = $request->input('new_name'); diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php index f60333b6..74c0a580 100644 --- a/app/Http/Controllers/UserController.php +++ b/app/Http/Controllers/UserController.php @@ -9,33 +9,20 @@ use App\Models\User; use App\Models\Texture; use Illuminate\Http\Request; use App\Events\UserProfileUpdated; +use Illuminate\Support\Facades\Auth; use App\Exceptions\PrettyPageException; use App\Services\Repositories\UserRepository; class UserController extends Controller { - /** - * Current user instance. - * - * @var App\Models\User - */ - private $user = null; - - public function __construct(UserRepository $users) - { - $this->middleware(function ($request, $next) use ($users) { - $this->user = $users->get($request->session()->get('uid')); - return $next($request); - }); - } - public function index() { + $user = Auth::user(); return view('user.index')->with([ - 'user' => $this->user, + 'user' => $user, 'statistics' => [ - 'players' => $this->calculatePercentageUsed($this->user->players->count(), option('score_per_player')), - 'storage' => $this->calculatePercentageUsed($this->user->getStorageUsed(), option('score_per_storage')) + 'players' => $this->calculatePercentageUsed($user->players->count(), option('score_per_player')), + 'storage' => $this->calculatePercentageUsed($user->getStorageUsed(), option('score_per_storage')) ] ]); } @@ -49,13 +36,14 @@ class UserController extends Controller */ protected function calculatePercentageUsed($used, $rate) { + $user = Auth::user(); // Initialize default value to avoid division by zero. $result['used'] = $used; $result['total'] = 'UNLIMITED'; $result['percentage'] = 0; if ($rate != 0) { - $result['total'] = $used + floor($this->user->getScore() / $rate); + $result['total'] = $used + floor($user->getScore() / $rate); $result['percentage'] = $result['total'] ? $used / $result['total'] * 100 : 100; } @@ -69,14 +57,15 @@ class UserController extends Controller */ public function sign() { - if ($this->user->canSign()) { - $acquiredScore = $this->user->sign(); + $user = Auth::user(); + if ($user->canSign()) { + $acquiredScore = $user->sign(); return json([ 'errno' => 0, 'msg' => trans('user.sign-success', ['score' => $acquiredScore]), - 'score' => $this->user->getScore(), - 'storage' => $this->calculatePercentageUsed($this->user->getStorageUsed(), option('score_per_storage')), + 'score' => $user->getScore(), + 'storage' => $this->calculatePercentageUsed($user->getStorageUsed(), option('score_per_storage')), 'remaining_time' => $this->getUserSignRemainingTimeWithPrecision() ]); } else { @@ -92,14 +81,14 @@ class UserController extends Controller public function getUserSignRemainingTimeWithPrecision() { - $hours = $this->user->getSignRemainingTime() / 3600; + $hours = Auth::user()->getSignRemainingTime() / 3600; return $hours > 1 ? round($hours) : $hours; } public function profile() { - return view('user.profile')->with('user', $this->user); + return view('user.profile')->with('user', Auth::user()); } /** @@ -112,6 +101,7 @@ class UserController extends Controller public function handleProfile(Request $request, UserRepository $users) { $action = $request->input('action', ''); + $user = Auth::user(); switch ($action) { case 'nickname': @@ -121,8 +111,8 @@ class UserController extends Controller $nickname = $request->input('new_nickname'); - if ($this->user->setNickName($nickname)) { - event(new UserProfileUpdated($action, $this->user)); + if ($user->setNickName($nickname)) { + event(new UserProfileUpdated($action, $user)); return json(trans('user.profile.nickname.success', ['nickname' => $nickname]), 0); } @@ -134,17 +124,15 @@ class UserController extends Controller 'new_password' => 'required|min:8|max:32' ]); - if (! $this->user->verifyPassword($request->input('current_password'))) + if (! $user->verifyPassword($request->input('current_password'))) return json(trans('user.profile.password.wrong-password'), 1); - if ($this->user->changePassword($request->input('new_password'))) { - event(new UserProfileUpdated($action, $this->user)); + if ($user->changePassword($request->input('new_password'))) { + event(new UserProfileUpdated($action, $user)); - session()->flush(); + Auth::logout(); - return json(trans('user.profile.password.success'), 0) - ->withCookie(cookie()->forget('uid')) - ->withCookie(cookie()->forget('token')); + return json(trans('user.profile.password.success'), 0); } break; // @codeCoverageIgnore @@ -159,15 +147,15 @@ class UserController extends Controller return json(trans('user.profile.email.existed'), 1); } - if (! $this->user->verifyPassword($request->input('password'))) + if (! $user->verifyPassword($request->input('password'))) return json(trans('user.profile.email.wrong-password'), 1); - if ($this->user->setEmail($request->input('new_email'))) { - event(new UserProfileUpdated($action, $this->user)); + if ($user->setEmail($request->input('new_email'))) { + event(new UserProfileUpdated($action, $user)); - return json(trans('user.profile.email.success'), 0) - ->withCookie(cookie()->forget('uid')) - ->withCookie(cookie()->forget('token')); + Auth::logout(); + + return json(trans('user.profile.email.success'), 0); } break; // @codeCoverageIgnore @@ -177,10 +165,10 @@ class UserController extends Controller 'password' => 'required|min:6|max:32' ]); - if (! $this->user->verifyPassword($request->input('password'))) + if (! $user->verifyPassword($request->input('password'))) return json(trans('user.profile.delete.wrong-password'), 1); - - if ($this->user->delete()) { + Auth::logout(); + if ($user->delete()) { session()->flush(); return response() @@ -215,7 +203,7 @@ class UserController extends Controller if ($result->type == "cape") return json(trans('user.profile.avatar.wrong-type'), 1); - if ($this->user->setAvatar($request->input('tid'))) { + if (Auth::user()->setAvatar($request->input('tid'))) { return json(trans('user.profile.avatar.success'), 0); } } else { diff --git a/app/Http/Middleware/CheckAdministrator.php b/app/Http/Middleware/CheckAdministrator.php index 04a883e6..ceb79b8a 100644 --- a/app/Http/Middleware/CheckAdministrator.php +++ b/app/Http/Middleware/CheckAdministrator.php @@ -6,13 +6,7 @@ class CheckAdministrator { public function handle($request, \Closure $next) { - $result = (new CheckAuthenticated)->handle($request, $next, true); - - if ($result instanceof \Illuminate\Http\RedirectResponse) { - return $result; - } - - if (! $result->isAdmin()) { + if (! auth()->user()->isAdmin()) { abort(403, trans('auth.check.admin')); } diff --git a/app/Http/Middleware/CheckAuthenticated.php b/app/Http/Middleware/CheckAuthenticated.php index e870ed9a..0cc0e3f3 100644 --- a/app/Http/Middleware/CheckAuthenticated.php +++ b/app/Http/Middleware/CheckAuthenticated.php @@ -10,29 +10,18 @@ use Session; use Closure; use App\Models\User; use App\Events\UserAuthenticated; +use Illuminate\Support\Facades\Auth; class CheckAuthenticated { - public function handle($request, Closure $next, $returnUser = false) + public function handle($request, Closure $next) { - if (Session::has('uid')) { + if (Auth::check()) { - if (! app()->bound('user.current')) { - // Bind current user to container - $user = app('users')->get(session('uid')); - app()->instance('user.current', $user); - } else { - $user = app('user.current'); - } + $user = Auth::user(); - if (session('token') != $user->getToken()) { - $this->flashLastRequestedPath(); - return redirect('auth/login')->with('msg', trans('auth.check.token')); - } - - if ($user->getPermission() == "-1") { - delete_sessions(); - delete_cookies(); + if ($user->permission == User::BANNED) { + Auth::logout(); abort(403, trans('auth.check.banned')); } @@ -44,29 +33,24 @@ class CheckAuthenticated event(new UserAuthenticated($user)); - return $returnUser ? $user : $next($request); + return $next($request); } else { $this->flashLastRequestedPath(); return redirect('auth/login')->with('msg', trans('auth.check.anonymous')); } - - return $next($request); } public function askForFillingEmail($request, Closure $next) { - $user = app('user.current'); + $user = Auth::user(); if (isset($request->email)) { if (filter_var($request->email, FILTER_VALIDATE_EMAIL)) { if (User::where('email', $request->email)->get()->isEmpty()) { $user->setEmail($request->email); - // Refresh token - Session::put('token', $user->getToken(true)); - Cookie::queue('token', $user->getToken(), 60); return $next($request); } else { diff --git a/app/Http/Middleware/CheckPlayerOwner.php b/app/Http/Middleware/CheckPlayerOwner.php index f01a5b9a..4d76ebdd 100644 --- a/app/Http/Middleware/CheckPlayerOwner.php +++ b/app/Http/Middleware/CheckPlayerOwner.php @@ -19,7 +19,7 @@ class CheckPlayerOwner if ($pid = $request->input('pid')) { $player = Player::find($pid); - if ($player->uid != app('user.current')->uid) { + if ($player->uid != auth()->id()) { return response()->json([ 'errno' => 1, 'msg' => trans('admin.players.no-permission') diff --git a/app/Http/Middleware/CheckSessionUserValid.php b/app/Http/Middleware/CheckSessionUserValid.php deleted file mode 100644 index 8d118aba..00000000 --- a/app/Http/Middleware/CheckSessionUserValid.php +++ /dev/null @@ -1,39 +0,0 @@ -cookie('uid') && $request->cookie('token')) { - Session::put('uid' , $request->cookie('uid')); - Session::put('token', $request->cookie('token')); - } - - if (Session::has('uid')) { - $user = User::find(session('uid')); - - if ($user && $user->getToken() == session('token')) { - // Push user instance into repository - app('users')->set($user->uid, $user); - // Bind current user to container - app()->instance('user.current', $user); - } else { - // Remove sessions & cookies - delete_sessions(); - delete_cookies(); - - return redirect('auth/login')->with('msg', trans('auth.check.token')); - } - } - - return $next($request); - } -} diff --git a/app/Http/Middleware/RedirectIfAuthenticated.php b/app/Http/Middleware/RedirectIfAuthenticated.php index 6c0295e8..ec9635c7 100644 --- a/app/Http/Middleware/RedirectIfAuthenticated.php +++ b/app/Http/Middleware/RedirectIfAuthenticated.php @@ -4,20 +4,12 @@ namespace App\Http\Middleware; use App; use Session; -use App\Models\User; +use Illuminate\Support\Facades\Auth; class RedirectIfAuthenticated { public function handle($request, \Closure $next) { - if (session()->has('uid')) { - if (session('token') != app('users')->get(session('uid'))->getToken()) { - Session::put('msg', trans('auth.check.token')); // @codeCoverageIgnore - } else { - return redirect('user'); - } - } - - return $next($request); + return Auth::check() ? redirect('user') : $next($request); } } diff --git a/app/Models/User.php b/app/Models/User.php index a0c6a0cd..2b684434 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -6,9 +6,9 @@ use DB; use Utils; use Carbon\Carbon; use App\Events\EncryptUserPassword; -use Illuminate\Database\Eloquent\Model; +use Illuminate\Foundation\Auth\User as Authenticatable; -class User extends Model +class User extends Authenticatable { /** * Permissions. @@ -18,12 +18,6 @@ class User extends Model const ADMIN = 1; const SUPER_ADMIN = 2; - /** - * User Token. - * @var string - */ - protected $token; - /** * Instance of Closet. * @var \App\Models\Closet @@ -103,41 +97,13 @@ class User extends Model * @param User $user * @return mixed */ - protected static function getEncryptedPwdFromEvent($rawPasswd, User $user) + public static function getEncryptedPwdFromEvent($rawPasswd, User $user) { $responses = event(new EncryptUserPassword($rawPasswd, $user)); return array_get($responses, 0); } - /** - * Register a new user. - * - * @param string $email - * @param string $password - * @param \Closure $callback - * @return User|bool - */ - public static function register($email, $password, \Closure $callback) { - $user = static::firstOrNew(['email' => $email]); - - // If the email is already registered - if ($user->uid) return false; - - // Pass the user instance to the callback - call_user_func($callback, $user); - - // Save once to get uid - $user->password = ''; - $user->save(); - - // Save again with password - $user->password = static::getEncryptedPwdFromEvent($password, $user) ?: app('cipher')->hash($password, config('secure.salt')); - $user->save(); - - return $user; - } - /** * Change password of the user. * @@ -216,21 +182,6 @@ class User extends Model return $this->save(); } - /** - * Get user token or generate one. - * - * @param bool $refresh Refresh token forcely. - * @return string - */ - public function getToken($refresh = false) - { - if (! $this->token || $refresh) { - $this->token = md5($this->email . $this->password . config('secure.salt')); - } - - return $this->token; - } - /** * Get current score of user. * @@ -402,4 +353,9 @@ class User extends Model { return $query->where($field, 'LIKE', "%$value%"); } + + public function getAuthIdentifier() + { + return $this->uid; + } } diff --git a/app/Providers/RouteServiceProvider.php b/app/Providers/RouteServiceProvider.php index 3e94b702..2997026b 100644 --- a/app/Providers/RouteServiceProvider.php +++ b/app/Providers/RouteServiceProvider.php @@ -4,7 +4,6 @@ namespace App\Providers; use Illuminate\Routing\Router; use App\Events\ConfigureRoutes; -use App\Http\Middleware\CheckSessionUserValid; use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider; class RouteServiceProvider extends ServiceProvider @@ -56,7 +55,7 @@ class RouteServiceProvider extends ServiceProvider protected function mapWebRoutes(Router $router) { $router->group([ - 'middleware' => ['web', CheckSessionUserValid::class], + 'middleware' => ['web'], 'namespace' => $this->namespace, ], function ($router) { require base_path('routes/web.php'); diff --git a/app/Services/Repositories/UserRepository.php b/app/Services/Repositories/UserRepository.php index 84689d7b..de537c57 100644 --- a/app/Services/Repositories/UserRepository.php +++ b/app/Services/Repositories/UserRepository.php @@ -74,6 +74,6 @@ class UserRepository extends Repository public function getCurrentUser() { - return $this->get(session('uid')); + return auth()->user(); } } diff --git a/app/helpers.php b/app/helpers.php index adbcdc71..a35a3998 100644 --- a/app/helpers.php +++ b/app/helpers.php @@ -406,26 +406,6 @@ if (! function_exists('validate')) { } } -if (! function_exists('delete_cookies')) { - - function delete_cookies() - { - Cookie::queue(Cookie::forget('uid')); - Cookie::queue(Cookie::forget('token')); - } -} - -if (! function_exists('delete_sessions')) { - - function delete_sessions() - { - Session::forget('uid'); - Session::forget('token'); - - Session::save(); - } -} - if (! function_exists('runtime_check')) { function runtime_check(array $requirements) diff --git a/composer.json b/composer.json index d3a4134a..7809924e 100644 --- a/composer.json +++ b/composer.json @@ -6,7 +6,6 @@ "php": ">=7.1.3", "filp/whoops": "^2.1", "predis/predis": "~1.0", - "gregwar/captcha": "^1.1", "erusev/parsedown": "^1.6", "swiggles/memcache": "^2.0", "doctrine/inflector": "1.1.0", @@ -14,7 +13,8 @@ "nesbot/carbon": "^1.32.0", "devitek/yaml-translation": "^4.1.0", "printempw/laravel-datatables-lite": "^1.0", - "composer/semver": "^1.4" + "composer/semver": "^1.4", + "mews/captcha": "^2.2" }, "require-dev": { "fzaninotto/faker": "~1.4", diff --git a/composer.lock b/composer.lock index 85ab0b94..a579866f 100644 --- a/composer.lock +++ b/composer.lock @@ -1,10 +1,10 @@ { "_readme": [ "This file locks the dependencies of your project to a known state", - "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", + "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "a410c854791711695111f43f6ba32bee", + "content-hash": "03887f717dd02991b300a10cc712bd52", "packages": [ { "name": "composer/semver", @@ -449,32 +449,115 @@ "time": "2018-03-03T17:56:25+00:00" }, { - "name": "gregwar/captcha", - "version": "v1.1.6", + "name": "guzzlehttp/psr7", + "version": "1.4.2", "source": { "type": "git", - "url": "https://github.com/Gregwar/Captcha.git", - "reference": "a96d8dffc80d6213958bd19fbdef1555e8b63ca3" + "url": "https://github.com/guzzle/psr7.git", + "reference": "f5b8a8512e2b58b0071a7280e39f14f72e05d87c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/Gregwar/Captcha/zipball/a96d8dffc80d6213958bd19fbdef1555e8b63ca3", - "reference": "a96d8dffc80d6213958bd19fbdef1555e8b63ca3", + "url": "https://api.github.com/repos/guzzle/psr7/zipball/f5b8a8512e2b58b0071a7280e39f14f72e05d87c", + "reference": "f5b8a8512e2b58b0071a7280e39f14f72e05d87c", "shasum": "" }, "require": { - "ext-gd": "*", - "ext-mbstring": "*", - "php": ">=5.3.0", - "symfony/finder": "~3.0|~4.0" + "php": ">=5.4.0", + "psr/http-message": "~1.0" + }, + "provide": { + "psr/http-message-implementation": "1.0" }, "require-dev": { - "phpunit/phpunit": "^6.4" + "phpunit/phpunit": "~4.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.4-dev" + } }, - "type": "captcha", "autoload": { "psr-4": { - "Gregwar\\": "src/Gregwar" + "GuzzleHttp\\Psr7\\": "src/" + }, + "files": [ + "src/functions_include.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Michael Dowling", + "email": "mtdowling@gmail.com", + "homepage": "https://github.com/mtdowling" + }, + { + "name": "Tobias Schultze", + "homepage": "https://github.com/Tobion" + } + ], + "description": "PSR-7 message implementation that also provides common utility methods", + "keywords": [ + "http", + "message", + "request", + "response", + "stream", + "uri", + "url" + ], + "time": "2017-03-20T17:10:46+00:00" + }, + { + "name": "intervention/image", + "version": "2.4.2", + "source": { + "type": "git", + "url": "https://github.com/Intervention/image.git", + "reference": "e82d274f786e3d4b866a59b173f42e716f0783eb" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/Intervention/image/zipball/e82d274f786e3d4b866a59b173f42e716f0783eb", + "reference": "e82d274f786e3d4b866a59b173f42e716f0783eb", + "shasum": "" + }, + "require": { + "ext-fileinfo": "*", + "guzzlehttp/psr7": "~1.1", + "php": ">=5.4.0" + }, + "require-dev": { + "mockery/mockery": "~0.9.2", + "phpunit/phpunit": "^4.8 || ^5.7" + }, + "suggest": { + "ext-gd": "to use GD library based image processing.", + "ext-imagick": "to use Imagick based image processing.", + "intervention/imagecache": "Caching extension for the Intervention Image library" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "2.4-dev" + }, + "laravel": { + "providers": [ + "Intervention\\Image\\ImageServiceProvider" + ], + "aliases": { + "Image": "Intervention\\Image\\Facades\\Image" + } + } + }, + "autoload": { + "psr-4": { + "Intervention\\Image\\": "src/Intervention/Image" } }, "notification-url": "https://packagist.org/downloads/", @@ -483,23 +566,22 @@ ], "authors": [ { - "name": "Grégoire Passault", - "email": "g.passault@gmail.com", - "homepage": "http://www.gregwar.com/" - }, - { - "name": "Jeremy Livingston", - "email": "jeremy.j.livingston@gmail.com" + "name": "Oliver Vogel", + "email": "oliver@olivervogel.com", + "homepage": "http://olivervogel.com/" } ], - "description": "Captcha generator", - "homepage": "https://github.com/Gregwar/Captcha", + "description": "Image handling and manipulation library with support for Laravel integration", + "homepage": "http://image.intervention.io/", "keywords": [ - "bot", - "captcha", - "spam" + "gd", + "image", + "imagick", + "laravel", + "thumbnail", + "watermark" ], - "time": "2018-04-24T09:20:08+00:00" + "time": "2018-05-29T14:19:03+00:00" }, { "name": "laravel/framework", @@ -788,6 +870,73 @@ ], "time": "2017-06-12T11:04:56+00:00" }, + { + "name": "mews/captcha", + "version": "2.2.0", + "source": { + "type": "git", + "url": "https://github.com/mewebstudio/captcha.git", + "reference": "c9885e31bb2c30fe185c1af6078a53a3bef5db8f" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/mewebstudio/captcha/zipball/c9885e31bb2c30fe185c1af6078a53a3bef5db8f", + "reference": "c9885e31bb2c30fe185c1af6078a53a3bef5db8f", + "shasum": "" + }, + "require": { + "ext-gd": "*", + "illuminate/config": "~5.0", + "illuminate/filesystem": "~5.0", + "illuminate/hashing": "~5.0", + "illuminate/support": "~5.0", + "intervention/image": "~2.2", + "php": ">=5.4" + }, + "require-dev": { + "mockery/mockery": "0.9.*", + "phpunit/phpunit": "~4.1" + }, + "type": "package", + "extra": { + "laravel": { + "providers": [ + "Mews\\Captcha\\CaptchaServiceProvider" + ], + "aliases": { + "Captcha": "Mews\\Captcha\\Facades\\Captcha" + } + } + }, + "autoload": { + "psr-4": { + "Mews\\Captcha\\": "src/" + }, + "files": [ + "src/helpers.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Muharrem ERİN", + "email": "me@mewebstudio.com", + "homepage": "https://github.com/mewebstudio", + "role": "Developer" + } + ], + "description": "Laravel 5 Captcha Package", + "homepage": "https://github.com/mewebstudio/captcha", + "keywords": [ + "captcha", + "laravel5 Captcha", + "laravel5 Security" + ], + "time": "2018-04-25T13:44:49+00:00" + }, { "name": "monolog/monolog", "version": "1.23.0", @@ -1126,6 +1275,56 @@ ], "time": "2017-02-14T16:28:37+00:00" }, + { + "name": "psr/http-message", + "version": "1.0.1", + "source": { + "type": "git", + "url": "https://github.com/php-fig/http-message.git", + "reference": "f6561bf28d520154e4b0ec72be95418abe6d9363" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/php-fig/http-message/zipball/f6561bf28d520154e4b0ec72be95418abe6d9363", + "reference": "f6561bf28d520154e4b0ec72be95418abe6d9363", + "shasum": "" + }, + "require": { + "php": ">=5.3.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.0.x-dev" + } + }, + "autoload": { + "psr-4": { + "Psr\\Http\\Message\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "PHP-FIG", + "homepage": "http://www.php-fig.org/" + } + ], + "description": "Common interface for HTTP messages", + "homepage": "https://github.com/php-fig/http-message", + "keywords": [ + "http", + "http-message", + "psr", + "psr-7", + "request", + "response" + ], + "time": "2016-08-06T14:39:51+00:00" + }, { "name": "psr/log", "version": "1.0.2", diff --git a/config/app.php b/config/app.php index f757ff58..e415d83c 100644 --- a/config/app.php +++ b/config/app.php @@ -162,6 +162,7 @@ return [ Devitek\Core\Translation\TranslationServiceProvider::class, Swiggles\Memcache\MemcacheServiceProvider::class, Yajra\Datatables\DatatablesServiceProvider::class, + Mews\Captcha\CaptchaServiceProvider::class, /** * Application Service Providers... diff --git a/config/auth.php b/config/auth.php new file mode 100644 index 00000000..087bbb3e --- /dev/null +++ b/config/auth.php @@ -0,0 +1,102 @@ + [ + 'guard' => 'web', + 'passwords' => 'users', + ], + + /* + |-------------------------------------------------------------------------- + | Authentication Guards + |-------------------------------------------------------------------------- + | + | Next, you may define every authentication guard for your application. + | Of course, a great default configuration has been defined for you + | here which uses session storage and the Eloquent user provider. + | + | All authentication drivers have a user provider. This defines how the + | users are actually retrieved out of your database or other storage + | mechanisms used by this application to persist your user's data. + | + | Supported: "session", "token" + | + */ + + 'guards' => [ + 'web' => [ + 'driver' => 'session', + 'provider' => 'users', + ], + + 'api' => [ + 'driver' => 'token', + 'provider' => 'users', + ], + ], + + /* + |-------------------------------------------------------------------------- + | User Providers + |-------------------------------------------------------------------------- + | + | All authentication drivers have a user provider. This defines how the + | users are actually retrieved out of your database or other storage + | mechanisms used by this application to persist your user's data. + | + | If you have multiple user tables or models you may configure multiple + | sources which represent each model / table. These sources may then + | be assigned to any extra authentication guards you have defined. + | + | Supported: "database", "eloquent" + | + */ + + 'providers' => [ + 'users' => [ + 'driver' => 'eloquent', + 'model' => App\Models\User::class, + ], + + // 'users' => [ + // 'driver' => 'database', + // 'table' => 'users', + // ], + ], + + /* + |-------------------------------------------------------------------------- + | Resetting Passwords + |-------------------------------------------------------------------------- + | + | You may specify multiple password reset configurations if you have more + | than one user table or model in the application and you want to have + | separate password reset settings based on the specific user types. + | + | The expire time is the number of minutes that the reset token should be + | considered valid. This security feature keeps tokens short-lived so + | they have less time to be guessed. You may change this as needed. + | + */ + + 'passwords' => [ + 'users' => [ + 'provider' => 'users', + 'table' => 'password_resets', + 'expire' => 60, + ], + ], + +]; diff --git a/config/captcha.php b/config/captcha.php new file mode 100644 index 00000000..7e9c4e9b --- /dev/null +++ b/config/captcha.php @@ -0,0 +1,45 @@ + '2346789abcdefghjmnpqrtuxyzABCDEFGHJMNPQRTUXYZ', + + 'default' => [ + 'length' => 5, + 'width' => 100, + 'height' => 34, + 'quality' => 90, + ], + + 'flat' => [ + 'length' => 6, + 'width' => 160, + 'height' => 46, + 'quality' => 90, + 'lines' => 6, + 'bgImage' => false, + 'bgColor' => '#ecf2f4', + 'fontColors'=> ['#2c3e50', '#c0392b', '#16a085', '#c0392b', '#8e44ad', '#303f9f', '#f57c00', '#795548'], + 'contrast' => -5, + ], + + 'mini' => [ + 'length' => 3, + 'width' => 60, + 'height' => 32, + ], + + 'inverse' => [ + 'length' => 5, + 'width' => 120, + 'height' => 36, + 'quality' => 90, + 'sensitive' => true, + 'angle' => 12, + 'sharpen' => 10, + 'blur' => 2, + 'invert' => true, + 'contrast' => -5, + ] + +]; diff --git a/config/debugbar.php b/config/debugbar.php index a8130c68..474cde13 100644 --- a/config/debugbar.php +++ b/config/debugbar.php @@ -110,13 +110,13 @@ return [ 'db' => true, // Show database (PDO) queries and bindings 'views' => true, // Views with their data 'route' => true, // Current route information - 'auth' => false, // Display Laravel authentication status - 'gate' => true, // Display Laravel Gate checks + 'auth' => true, // Display Laravel authentication status + 'gate' => false, // Display Laravel Gate checks 'session' => true, // Display session data 'symfony_request' => true, // Only one can be enabled.. - 'mail' => true, // Catch mail messages + 'mail' => false, // Catch mail messages 'laravel' => false, // Laravel version and environment - 'events' => false, // All events fired + 'events' => true, // All events fired 'default_request' => false, // Regular or special Symfony request logger 'logs' => false, // Add the latest log messages 'files' => false, // Show the included files diff --git a/database/factories/UserModelFactory.php b/database/factories/UserModelFactory.php index 8359104b..7550e542 100644 --- a/database/factories/UserModelFactory.php +++ b/database/factories/UserModelFactory.php @@ -11,8 +11,8 @@ $factory->define(User::class, function (Faker\Generator $faker) { 'password' => app('cipher')->hash(str_random(10), config('secure.salt')), 'ip' => '127.0.0.1', 'permission' => 0, - 'last_sign_at' => $faker->dateTime, - 'register_at' => $faker->dateTime + 'last_sign_at' => $faker->dateTime->format('d-M-Y H:i:s'), + 'register_at' => $faker->dateTime->format('d-M-Y H:i:s') ]; }); @@ -25,8 +25,8 @@ $factory->defineAs(User::class, 'admin', function (Faker\Generator $faker) { 'password' => app('cipher')->hash(str_random(10), config('secure.salt')), 'ip' => '127.0.0.1', 'permission' => 1, - 'last_sign_at' => $faker->dateTime, - 'register_at' => $faker->dateTime + 'last_sign_at' => $faker->dateTime->format('d-M-Y H:i:s'), + 'register_at' => $faker->dateTime->format('d-M-Y H:i:s') ]; }); @@ -39,8 +39,8 @@ $factory->defineAs(User::class, 'superAdmin', function (Faker\Generator $faker) 'password' => app('cipher')->hash(str_random(10), config('secure.salt')), 'ip' => '127.0.0.1', 'permission' => 2, - 'last_sign_at' => $faker->dateTime, - 'register_at' => $faker->dateTime + 'last_sign_at' => $faker->dateTime->format('d-M-Y H:i:s'), + 'register_at' => $faker->dateTime->format('d-M-Y H:i:s') ]; }); @@ -53,7 +53,7 @@ $factory->defineAs(User::class, 'banned', function (Faker\Generator $faker) { 'password' => app('cipher')->hash(str_random(10), config('secure.salt')), 'ip' => '127.0.0.1', 'permission' => -1, - 'last_sign_at' => $faker->dateTime, - 'register_at' => $faker->dateTime + 'last_sign_at' => $faker->dateTime->format('d-M-Y H:i:s'), + 'register_at' => $faker->dateTime->format('d-M-Y H:i:s') ]; }); diff --git a/database/migrations/2016_11_18_133939_create_all_tables.php b/database/migrations/2016_11_18_133939_create_all_tables.php index 673754d3..92898080 100644 --- a/database/migrations/2016_11_18_133939_create_all_tables.php +++ b/database/migrations/2016_11_18_133939_create_all_tables.php @@ -12,7 +12,7 @@ class CreateAllTables extends Migration */ public function up() { - Schema::create('users', function($table) { + Schema::create('users', function (Blueprint $table) { $table->increments('uid'); $table->string('email', 100); $table->string('nickname', 50)->default(''); @@ -23,14 +23,15 @@ class CreateAllTables extends Migration $table->integer('permission')->default('0'); $table->dateTime('last_sign_at'); $table->dateTime('register_at'); + $table->rememberToken(); }); - Schema::create('closets', function($table) { + Schema::create('closets', function (Blueprint $table) { $table->increments('uid'); $table->longText('textures'); }); - Schema::create('players', function($table) { + Schema::create('players', function (Blueprint $table) { $table->increments('pid'); $table->integer('uid'); $table->string('player_name', 50); @@ -41,7 +42,7 @@ class CreateAllTables extends Migration $table->dateTime('last_modified'); }); - Schema::create('textures', function($table) { + Schema::create('textures', function (Blueprint $table) { $table->increments('tid'); $table->string('name', 50); $table->string('type', 10); @@ -53,7 +54,7 @@ class CreateAllTables extends Migration $table->dateTime('upload_at'); }); - Schema::create('options', function($table) { + Schema::create('options', function (Blueprint $table) { $table->increments('id'); $table->string('option_name', 50); $table->longText('option_value'); diff --git a/database/update_scripts/update-3.4.0-to-4.0.0.php b/database/update_scripts/update-3.4.0-to-4.0.0.php new file mode 100644 index 00000000..0deb0546 --- /dev/null +++ b/database/update_scripts/update-3.4.0-to-4.0.0.php @@ -0,0 +1,8 @@ +rememberToken(); +}); diff --git a/resources/lang/en/auth.yml b/resources/lang/en/auth.yml index 9197804b..9592f77c 100644 --- a/resources/lang/en/auth.yml +++ b/resources/lang/en/auth.yml @@ -9,7 +9,6 @@ check: anonymous: Illegal access. Please log in first. admin: Only admins are permitted to access this page. banned: You are banned on this site. Please contact the admin. - token: Invalid token. Please log in. register: title: Register diff --git a/resources/lang/en/validation.yml b/resources/lang/en/validation.yml index 502bf6f8..ce2edd61 100644 --- a/resources/lang/en/validation.yml +++ b/resources/lang/en/validation.yml @@ -19,6 +19,7 @@ between: string: 'The :attribute must be between :min and :max characters.' array: 'The :attribute must have between :min and :max items.' boolean: 'The :attribute field must be true or false.' +captcha: 'Incorrect captcha.' confirmed: 'The :attribute confirmation does not match.' date: 'The :attribute is not a valid date.' date_format: 'The :attribute does not match the format :format.' diff --git a/resources/lang/zh_CN/auth.yml b/resources/lang/zh_CN/auth.yml index edd61186..df298e24 100644 --- a/resources/lang/zh_CN/auth.yml +++ b/resources/lang/zh_CN/auth.yml @@ -9,7 +9,6 @@ check: anonymous: 非法访问,请先登录 admin: 看起来你并不是管理员哦 banned: 你已经被本站封禁啦,请联系管理员解决 - token: 无效的 token,请重新登录 register: title: 注册 diff --git a/resources/lang/zh_CN/validation.yml b/resources/lang/zh_CN/validation.yml index ee1a4b86..df03c4ab 100644 --- a/resources/lang/zh_CN/validation.yml +++ b/resources/lang/zh_CN/validation.yml @@ -19,6 +19,7 @@ between: string: ':attribute 必须介于 :min - :max 个字符之间。' array: ':attribute 必须只有 :min - :max 个单元。' boolean: ':attribute 必须为布尔值。' +captcha: '验证码不正确。' confirmed: ':attribute 两次输入不一致。' date: ':attribute 不是一个有效的日期。' date_format: ':attribute 的格式必须为 :format。' diff --git a/resources/views/admin/master.tpl b/resources/views/admin/master.tpl index ddeecbea..173747c7 100644 --- a/resources/views/admin/master.tpl +++ b/resources/views/admin/master.tpl @@ -13,7 +13,9 @@ @yield('style') -get(session('uid')); ?> +@php + $user = auth()->user(); +@endphp
diff --git a/resources/views/index.tpl b/resources/views/index.tpl index 2379aab9..d04f1d11 100644 --- a/resources/views/index.tpl +++ b/resources/views/index.tpl @@ -37,14 +37,14 @@
@@ -58,7 +58,7 @@ {{ option_localized('site_description') }}

- @if (is_null($user)) + @guest @if (option('user_can_register')) @lang('general.register') @else @@ -66,7 +66,7 @@ @endif @else @lang('general.user-center') - @endif + @endguest

diff --git a/resources/views/user/index.tpl b/resources/views/user/index.tpl index 63be1f7c..d05e3125 100644 --- a/resources/views/user/index.tpl +++ b/resources/views/user/index.tpl @@ -39,10 +39,10 @@
@lang('user.used.storage') - + @endphp @if ($used > 1024) @@ -76,7 +76,9 @@ @else