AuthController.php 30 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766
  1. <?php
  2. namespace App\Http\Controllers;
  3. use App\Components\Helpers;
  4. use App\Components\IPIP;
  5. use App\Components\QQWry;
  6. use App\Components\CaptchaVerify;
  7. use App\Http\Models\Invite;
  8. use App\Http\Models\User;
  9. use App\Http\Models\UserLabel;
  10. use App\Http\Models\UserLoginLog;
  11. use App\Http\Models\UserSubscribe;
  12. use App\Http\Models\Verify;
  13. use App\Http\Models\VerifyCode;
  14. use App\Mail\activeUser;
  15. use App\Mail\resetPassword;
  16. use App\Mail\sendVerifyCode;
  17. use Auth;
  18. use Cache;
  19. use Captcha;
  20. use Hash;
  21. use Illuminate\Http\Request;
  22. use Log;
  23. use Mail;
  24. use Redirect;
  25. use Response;
  26. use Session;
  27. use Validator;
  28. /**
  29. * 认证控制器
  30. *
  31. * Class AuthController
  32. *
  33. * @package App\Http\Controllers
  34. */
  35. class AuthController extends Controller
  36. {
  37. protected static $systemConfig;
  38. function __construct()
  39. {
  40. self::$systemConfig = Helpers::systemConfig();
  41. }
  42. // 登录
  43. public function login(Request $request)
  44. {
  45. if ($request->isMethod('POST')) {
  46. $this->validate($request, [
  47. 'username' => 'required',
  48. 'password' => 'required'
  49. ], [
  50. 'username.required' => trans('auth.email_null'),
  51. 'password.required' => trans('auth.password_null')
  52. ]);
  53. // 是否校验验证码
  54. switch (self::$systemConfig['is_captcha']) {
  55. case 1: // 默认图形验证码
  56. if (!Captcha::check($request->captcha)) {
  57. return Redirect::back()->withInput()->withErrors(trans('auth.captcha_error'));
  58. }
  59. break;
  60. case 2: // Geetest
  61. $result = $this->validate($request, [
  62. 'geetest_challenge' => 'required|geetest'
  63. ], [
  64. 'geetest' => trans('auth.captcha_fail')
  65. ]);
  66. if (!$result) {
  67. return Redirect::back()->withInput()->withErrors(trans('auth.fail_captcha'));
  68. }
  69. break;
  70. case 3: // Google reCAPTCHA
  71. $result = $this->validate($request, [
  72. 'g-recaptcha-response' => 'required|NoCaptcha'
  73. ]);
  74. if (!$result) {
  75. return Redirect::back()->withInput()->withErrors(trans('auth.fail_captcha'));
  76. }
  77. break;
  78. default: // 不启用验证码
  79. break;
  80. }
  81. // 验证账号并创建会话
  82. if (!Auth::attempt(['username' => $request->username, 'password' => $request->password], $request->remember)) {
  83. return Redirect::back()->withInput()->withErrors(trans('auth.login_error'));
  84. }
  85. // 校验普通用户账号状态
  86. if (!Auth::user()->is_admin) {
  87. if (Auth::user()->status < 0) {
  88. Auth::logout(); // 强制销毁会话,因为Auth::attempt的时候会产生会话
  89. return Redirect::back()->withInput()->withErrors(trans('auth.login_ban', ['email' => self::$systemConfig['admin_email']]));
  90. }
  91. if (Auth::user()->status == 0 && self::$systemConfig['is_active_register']) {
  92. Auth::logout(); // 强制销毁会话,因为Auth::attempt的时候会产生会话
  93. return Redirect::back()->withInput()->withErrors(trans('auth.active_tip') . '<a href="/activeUser?username=' . $request->username . '" target="_blank"><span style="color:#000">【' . trans('auth.active_account') . '】</span></a>');
  94. }
  95. }
  96. // 写入登录日志
  97. $this->addUserLoginLog(Auth::user()->id, getClientIp());
  98. // 更新登录信息
  99. User::uid()->update(['last_login' => time()]);
  100. // 根据权限跳转
  101. if (Auth::user()->is_admin) {
  102. return Redirect::to('admin');
  103. }
  104. return Redirect::to('/');
  105. } else {
  106. if (Auth::check()) {
  107. if (Auth::user()->is_admin) {
  108. return Redirect::to('admin');
  109. }
  110. return Redirect::to('/');
  111. }
  112. return Response::view('auth.login');
  113. }
  114. }
  115. // 退出
  116. public function logout(Request $request)
  117. {
  118. Auth::logout();
  119. return Redirect::to('login');
  120. }
  121. // 注册
  122. public function register(Request $request)
  123. {
  124. $cacheKey = 'register_times_' . md5(getClientIp()); // 注册限制缓存key
  125. if ($request->isMethod('POST')) {
  126. $this->validate($request, [
  127. 'username' => 'required|email|unique:user',
  128. 'password' => 'required|min:6',
  129. 'repassword' => 'required|same:password',
  130. ], [
  131. 'username.required' => trans('auth.email_null'),
  132. 'username.email' => trans('auth.email_legitimate'),
  133. 'username.unique' => trans('auth.email_exist'),
  134. 'password.required' => trans('auth.password_null'),
  135. 'password.min' => trans('auth.password_limit'),
  136. 'repassword.required' => trans('auth.retype_password'),
  137. 'repassword.same' => trans('auth.password_same')
  138. ]);
  139. // 防止重复提交
  140. if ($request->register_token != Session::get('register_token')) {
  141. return Redirect::back()->withInput()->withErrors(trans('auth.repeat_request'));
  142. } else {
  143. Session::forget('register_token');
  144. }
  145. // 是否开启注册
  146. if (!self::$systemConfig['is_register']) {
  147. return Redirect::back()->withErrors(trans('auth.register_close'));
  148. }
  149. // 校验域名邮箱是否在敏感词中
  150. $sensitiveWords = $this->sensitiveWords();
  151. $usernameSuffix = explode('@', $request->username); // 提取邮箱后缀
  152. if (in_array(strtolower($usernameSuffix[1]), $sensitiveWords)) {
  153. return Redirect::back()->withInput()->withErrors(trans('auth.email_banned'));
  154. }
  155. // 如果需要邀请注册
  156. if (self::$systemConfig['is_invite_register']) {
  157. // 必须使用邀请码
  158. if (self::$systemConfig['is_invite_register'] == 2 && !$request->code) {
  159. return Redirect::back()->withInput()->withErrors(trans('auth.code_null'));
  160. }
  161. // 校验邀请码合法性
  162. if ($request->code) {
  163. $codeEnable = Invite::query()->where('code', $request->code)->where('status', 0)->first();
  164. if (!$codeEnable) {
  165. return Redirect::back()->withInput($request->except(['code']))->withErrors(trans('auth.code_error'));
  166. }
  167. }
  168. }
  169. // 如果开启注册发送验证码
  170. if (self::$systemConfig['is_verify_register']) {
  171. if (!$request->verify_code) {
  172. return Redirect::back()->withInput($request->except(['verify_code']))->withErrors(trans('auth.captcha_null'));
  173. } else {
  174. $verifyCode = VerifyCode::query()->where('username', $request->username)->where('code', $request->verify_code)->where('status', 0)->first();
  175. if (!$verifyCode) {
  176. return Redirect::back()->withInput($request->except(['verify_code']))->withErrors(trans('auth.captcha_overtime'));
  177. }
  178. $verifyCode->status = 1;
  179. $verifyCode->save();
  180. }
  181. } elseif (self::$systemConfig['is_captcha']) { // 是否校验验证码
  182. switch (self::$systemConfig['is_captcha']) {
  183. case 1: // 默认图形验证码
  184. if (!Captcha::check($request->captcha)) {
  185. return Redirect::back()->withInput()->withErrors(trans('auth.captcha_error'));
  186. }
  187. break;
  188. case 2: // Geetest
  189. $result = $this->validate($request, [
  190. 'geetest_challenge' => 'required|geetest'
  191. ], [
  192. 'geetest' => trans('auth.captcha_fail')
  193. ]);
  194. if (!$result) {
  195. return Redirect::back()->withInput()->withErrors(trans('auth.captcha_fail'));
  196. }
  197. break;
  198. case 3: // Google reCAPTCHA
  199. $result = $this->validate($request, [
  200. 'g-recaptcha-response' => 'required|NoCaptcha'
  201. ]);
  202. if (!$result) {
  203. return Redirect::back()->withInput()->withErrors(trans('auth.captcha_fail'));
  204. }
  205. break;
  206. default: // 不启用验证码
  207. break;
  208. }
  209. }
  210. // 24小时内同IP注册限制
  211. if (self::$systemConfig['register_ip_limit']) {
  212. if (Cache::has($cacheKey)) {
  213. $registerTimes = Cache::get($cacheKey);
  214. if ($registerTimes >= self::$systemConfig['register_ip_limit']) {
  215. return Redirect::back()->withInput($request->except(['code']))->withErrors(trans('auth.register_anti'));
  216. }
  217. }
  218. }
  219. // 获取可用端口
  220. $port = self::$systemConfig['is_rand_port'] ? Helpers::getRandPort() : Helpers::getOnlyPort();
  221. if ($port > self::$systemConfig['max_port']) {
  222. return Redirect::back()->withInput()->withErrors(trans('auth.register_close'));
  223. }
  224. // 获取aff
  225. $affArr = $this->getAff($request->code, intval($request->aff));
  226. $referral_uid = $affArr['referral_uid'];
  227. $transfer_enable = $referral_uid ? (self::$systemConfig['default_traffic'] + self::$systemConfig['referral_traffic']) * 1048576 : self::$systemConfig['default_traffic'] * 1048576;
  228. // 创建新用户
  229. $user = new User();
  230. $user->username = $request->username;
  231. $user->password = Hash::make($request->password);
  232. $user->port = $port;
  233. $user->passwd = makeRandStr();
  234. $user->vmess_id = createGuid();
  235. $user->transfer_enable = $transfer_enable;
  236. $user->method = Helpers::getDefaultMethod();
  237. $user->protocol = Helpers::getDefaultProtocol();
  238. $user->obfs = Helpers::getDefaultObfs();
  239. $user->enable_time = date('Y-m-d H:i:s');
  240. $user->expire_time = date('Y-m-d H:i:s', strtotime("+" . self::$systemConfig['default_days'] . " days"));
  241. $user->reg_ip = getClientIp();
  242. $user->referral_uid = $referral_uid;
  243. $user->save();
  244. // 注册失败,抛出异常
  245. if (!$user->id) {
  246. return Redirect::back()->withInput()->withErrors(trans('auth.register_fail'));
  247. }
  248. // 生成订阅码
  249. $subscribe = new UserSubscribe();
  250. $subscribe->user_id = $user->id;
  251. $subscribe->code = Helpers::makeSubscribeCode();
  252. $subscribe->times = 0;
  253. $subscribe->save();
  254. // 注册次数+1
  255. if (Cache::has($cacheKey)) {
  256. Cache::increment($cacheKey);
  257. } else {
  258. Cache::put($cacheKey, 1, 1440); // 24小时
  259. }
  260. // 初始化默认标签
  261. if (strlen(self::$systemConfig['initial_labels_for_user'])) {
  262. $labels = explode(',', self::$systemConfig['initial_labels_for_user']);
  263. foreach ($labels as $label) {
  264. $userLabel = new UserLabel();
  265. $userLabel->user_id = $user->id;
  266. $userLabel->label_id = $label;
  267. $userLabel->save();
  268. }
  269. }
  270. // 更新邀请码
  271. if (self::$systemConfig['is_invite_register'] && $affArr['code_id']) {
  272. Invite::query()->where('id', $affArr['code_id'])->update(['fuid' => $user->id, 'status' => 1]);
  273. }
  274. // 清除邀请人Cookie
  275. \Cookie::unqueue('register_aff');
  276. if (self::$systemConfig['is_verify_register']) {
  277. if ($referral_uid) {
  278. $transfer_enable = self::$systemConfig['referral_traffic'] * 1048576;
  279. User::query()->where('id', $referral_uid)->increment('transfer_enable', $transfer_enable);
  280. User::query()->where('id', $referral_uid)->update(['status' => 1, 'enable' => 1]);
  281. }
  282. User::query()->where('id', $user->id)->update(['status' => 1, 'enable' => 1]);
  283. Session::flash('regSuccessMsg', trans('auth.register_success'));
  284. } else {
  285. // 发送激活邮件
  286. if (self::$systemConfig['is_active_register']) {
  287. // 生成激活账号的地址
  288. $token = md5(self::$systemConfig['website_name'] . $request->username . microtime());
  289. $activeUserUrl = self::$systemConfig['website_url'] . '/active/' . $token;
  290. $this->addVerify($user->id, $token);
  291. $logId = Helpers::addEmailLog($request->username, '注册激活', '请求地址:' . $activeUserUrl);
  292. Mail::to($request->username)->send(new activeUser($logId, $activeUserUrl));
  293. Session::flash('regSuccessMsg', trans('auth.register_success_tip'));
  294. } else {
  295. // 如果不需要激活,则直接给推荐人加流量
  296. if ($referral_uid) {
  297. $transfer_enable = self::$systemConfig['referral_traffic'] * 1048576;
  298. User::query()->where('id', $referral_uid)->increment('transfer_enable', $transfer_enable);
  299. User::query()->where('id', $referral_uid)->update(['status' => 1, 'enable' => 1]);
  300. }
  301. User::query()->where('id', $user->id)->update(['status' => 1, 'enable' => 1]);
  302. Session::flash('regSuccessMsg', trans('auth.register_success'));
  303. }
  304. }
  305. return Redirect::to('login')->withInput();
  306. } else {
  307. Session::put('register_token', makeRandStr(16));
  308. return Response::view('auth.register');
  309. }
  310. }
  311. // 重设密码页
  312. public function resetPassword(Request $request)
  313. {
  314. if ($request->isMethod('POST')) {
  315. // 校验请求
  316. $this->validate($request, [
  317. 'username' => 'required|email'
  318. ], [
  319. 'username.required' => trans('auth.email_null'),
  320. 'username.email' => trans('auth.email_legitimate')
  321. ]);
  322. // 是否开启重设密码
  323. if (!self::$systemConfig['is_reset_password']) {
  324. return Redirect::back()->withErrors(trans('auth.reset_password_close', ['email' => self::$systemConfig['admin_email']]));
  325. }
  326. // 查找账号
  327. $user = User::query()->where('username', $request->username)->first();
  328. if (!$user) {
  329. return Redirect::back()->withErrors(trans('auth.email_notExist'));
  330. }
  331. // 24小时内重设密码次数限制
  332. $resetTimes = 0;
  333. if (Cache::has('resetPassword_' . md5($request->username))) {
  334. $resetTimes = Cache::get('resetPassword_' . md5($request->username));
  335. if ($resetTimes >= self::$systemConfig['reset_password_times']) {
  336. return Redirect::back()->withErrors(trans('auth.reset_password_limit', ['time' => self::$systemConfig['reset_password_times']]));
  337. }
  338. }
  339. // 生成取回密码的地址
  340. $token = md5(self::$systemConfig['website_name'] . $request->username . microtime());
  341. $verify = new Verify();
  342. $verify->type = 1;
  343. $verify->user_id = $user->id;
  344. $verify->token = $token;
  345. $verify->status = 0;
  346. $verify->save();
  347. // 发送邮件
  348. $resetPasswordUrl = self::$systemConfig['website_url'] . '/reset/' . $token;
  349. $logId = Helpers::addEmailLog($request->username, '重置密码', '请求地址:' . $resetPasswordUrl);
  350. Mail::to($request->username)->send(new resetPassword($logId, $resetPasswordUrl));
  351. Cache::put('resetPassword_' . md5($request->username), $resetTimes + 1, 1440);
  352. return Redirect::back()->with('successMsg', trans('auth.reset_password_success_tip'));
  353. } else {
  354. return Response::view('auth.resetPassword');
  355. }
  356. }
  357. // 重设密码
  358. public function reset(Request $request, $token)
  359. {
  360. if (!$token) {
  361. return Redirect::to('login');
  362. }
  363. if ($request->isMethod('POST')) {
  364. $this->validate($request, [
  365. 'password' => 'required|min:6',
  366. 'repassword' => 'required|same:password'
  367. ], [
  368. 'password.required' => trans('auth.password_null'),
  369. 'password.min' => trans('auth.password_limit'),
  370. 'repassword.required' => trans('auth.password_null'),
  371. 'repassword.min' => trans('auth.password_limit'),
  372. 'repassword.same' => trans('auth.password_same'),
  373. ]);
  374. // 校验账号
  375. $verify = Verify::type(1)->with('user')->where('token', $token)->first();
  376. if (!$verify) {
  377. return Redirect::to('login');
  378. } elseif ($verify->status == 1) {
  379. return Redirect::back()->withErrors(trans('auth.overtime'));
  380. } elseif ($verify->user->status < 0) {
  381. return Redirect::back()->withErrors(trans('auth.email_banned'));
  382. } elseif (Hash::check($request->password, $verify->user->password)) {
  383. return Redirect::back()->withErrors(trans('auth.rest_password_same_fail'));
  384. }
  385. // 更新密码
  386. $ret = User::query()->where('id', $verify->user_id)->update(['password' => Hash::make($request->password)]);
  387. if (!$ret) {
  388. return Redirect::back()->withErrors(trans('auth.rest_password_fail'));
  389. }
  390. // 置为已使用
  391. $verify->status = 1;
  392. $verify->save();
  393. return Redirect::back()->with('successMsg', trans('auth.reset_password_new'));
  394. } else {
  395. $verify = Verify::type(1)->where('token', $token)->first();
  396. if (!$verify) {
  397. return Redirect::to('login');
  398. } elseif (time() - strtotime($verify->created_at) >= 1800) {
  399. // 置为已失效
  400. $verify->status = 2;
  401. $verify->save();
  402. }
  403. // 重新获取一遍verify
  404. $view['verify'] = Verify::type(1)->where('token', $token)->first();
  405. return Response::view('auth.reset', $view);
  406. }
  407. }
  408. // 激活账号页
  409. public function activeUser(Request $request)
  410. {
  411. if ($request->isMethod('POST')) {
  412. $this->validate($request, [
  413. 'username' => 'required|email|exists:user,username'
  414. ], [
  415. 'username.required' => trans('auth.email_null'),
  416. 'username.email' => trans('auth.email_legitimate'),
  417. 'username.exists' => trans('auth.email_notExist')
  418. ]);
  419. // 是否开启账号激活
  420. if (!self::$systemConfig['is_active_register']) {
  421. return Redirect::back()->withInput()->withErrors(trans('auth.active_close', ['email' => self::$systemConfig['admin_email']]));
  422. }
  423. // 查找账号
  424. $user = User::query()->where('username', $request->username)->first();
  425. if ($user->status < 0) {
  426. return Redirect::back()->withErrors(trans('auth.login_ban', ['email' => self::$systemConfig['admin_email']]));
  427. } elseif ($user->status > 0) {
  428. return Redirect::back()->withErrors(trans('auth.email_normal'));
  429. }
  430. // 24小时内激活次数限制
  431. $activeTimes = 0;
  432. if (Cache::has('activeUser_' . md5($request->username))) {
  433. $activeTimes = Cache::get('activeUser_' . md5($request->username));
  434. if ($activeTimes >= self::$systemConfig['active_times']) {
  435. return Redirect::back()->withErrors(trans('auth.active_limit', ['time' => self::$systemConfig['admin_email']]));
  436. }
  437. }
  438. // 生成激活账号的地址
  439. $token = md5(self::$systemConfig['website_name'] . $request->username . microtime());
  440. $verify = new Verify();
  441. $verify->type = 1;
  442. $verify->user_id = $user->id;
  443. $verify->token = $token;
  444. $verify->status = 0;
  445. $verify->save();
  446. // 发送邮件
  447. $activeUserUrl = self::$systemConfig['website_url'] . '/active/' . $token;
  448. $logId = Helpers::addEmailLog($request->username, '激活账号', '请求地址:' . $activeUserUrl);
  449. Mail::to($request->username)->send(new activeUser($logId, $activeUserUrl));
  450. Cache::put('activeUser_' . md5($request->username), $activeTimes + 1, 1440);
  451. return Redirect::back()->with('successMsg', trans('auth.register_success_tip'));
  452. } else {
  453. return Response::view('auth.activeUser');
  454. }
  455. }
  456. // 激活账号
  457. public function active(Request $request, $token)
  458. {
  459. if (!$token) {
  460. return Redirect::to('login');
  461. }
  462. $verify = Verify::type(1)->with('user')->where('token', $token)->first();
  463. if (!$verify) {
  464. return Redirect::to('login');
  465. } elseif (empty($verify->user)) {
  466. Session::flash('errorMsg', trans('auth.overtime'));
  467. return Response::view('auth.active');
  468. } elseif ($verify->status > 0) {
  469. Session::flash('errorMsg', trans('auth.overtime'));
  470. return Response::view('auth.active');
  471. } elseif ($verify->user->status != 0) {
  472. Session::flash('errorMsg', trans('auth.email_normal'));
  473. return Response::view('auth.active');
  474. } elseif (time() - strtotime($verify->created_at) >= 1800) {
  475. Session::flash('errorMsg', trans('auth.overtime'));
  476. // 置为已失效
  477. $verify->status = 2;
  478. $verify->save();
  479. return Response::view('auth.active');
  480. }
  481. // 更新账号状态
  482. $ret = User::query()->where('id', $verify->user_id)->update(['status' => 1]);
  483. if (!$ret) {
  484. Session::flash('errorMsg', trans('auth.active_fail'));
  485. return Redirect::back();
  486. }
  487. // 置为已使用
  488. $verify->status = 1;
  489. $verify->save();
  490. // 账号激活后给邀请人送流量
  491. if ($verify->user->referral_uid) {
  492. $transfer_enable = self::$systemConfig['referral_traffic'] * 1048576;
  493. User::query()->where('id', $verify->user->referral_uid)->increment('transfer_enable', $transfer_enable);
  494. User::query()->where('id', $verify->user->referral_uid)->update(['enable' => 1]);
  495. }
  496. Session::flash('successMsg', trans('auth.active_success'));
  497. return Response::view('auth.active');
  498. }
  499. // 发送注册验证码
  500. public function sendCode(Request $request)
  501. {
  502. $validator = Validator::make($request->all(), [
  503. 'username' => 'required|email|unique:user'
  504. ], [
  505. 'username.required' => trans('auth.email_null'),
  506. 'username.email' => trans('auth.email_legitimate'),
  507. 'username.unique' => trans('auth.email_exist')
  508. ]);
  509. if ($validator->fails()) {
  510. return Response::json(['status' => 'fail', 'data' => '', 'message' => $validator->getMessageBag()->first()]);
  511. }
  512. // 校验域名邮箱是否在敏感词中
  513. $sensitiveWords = $this->sensitiveWords();
  514. $usernameSuffix = explode('@', $request->username); // 提取邮箱后缀
  515. if (in_array(strtolower($usernameSuffix[1]), $sensitiveWords)) {
  516. return Response::json(['status' => 'fail', 'data' => '', 'message' => trans('auth.email_banned')]);
  517. }
  518. // 是否开启注册发送验证码
  519. if (!self::$systemConfig['is_verify_register']) {
  520. return Response::json(['status' => 'fail', 'data' => '', 'message' => trans('auth.captcha_close')]);
  521. }
  522. // 防刷机制
  523. if (Cache::has('send_verify_code_' . md5(getClientIP()))) {
  524. return Response::json(['status' => 'fail', 'data' => '', 'message' => trans('auth.register_anti')]);
  525. }
  526. // 发送邮件
  527. $code = makeRandStr(6, true);
  528. $logId = Helpers::addEmailLog($request->username, '发送注册验证码', '验证码:' . $code);
  529. Mail::to($request->username)->send(new sendVerifyCode($logId, $code));
  530. $this->addVerifyCode($request->username, $code);
  531. Cache::put('send_verify_code_' . md5(getClientIP()), getClientIP(), 1);
  532. return Response::json(['status' => 'success', 'data' => '', 'message' => trans('auth.captcha_send')]);
  533. }
  534. // 公开的邀请码列表
  535. public function free(Request $request)
  536. {
  537. $view['inviteList'] = Invite::query()->where('uid', 0)->where('status', 0)->paginate();
  538. return Response::view('auth.free', $view);
  539. }
  540. // 切换语言
  541. public function switchLang(Request $request, $locale)
  542. {
  543. Session::put("locale", $locale);
  544. return Redirect::back();
  545. }
  546. /**
  547. * 添加用户登录日志
  548. *
  549. * @param string $userId 用户ID
  550. * @param string $ip IP地址
  551. */
  552. private function addUserLoginLog($userId, $ip)
  553. {
  554. if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
  555. Log::info('识别到IPv6,尝试解析:' . $ip);
  556. $ipInfo = getIPv6($ip);
  557. } else {
  558. $ipInfo = QQWry::ip($ip); // 通过纯真IP库解析IPv4信息
  559. if (isset($ipInfo['error'])) {
  560. Log::info('无法识别IPv4,尝试使用IPIP的IP库解析:' . $ip);
  561. $ipip = IPIP::ip($ip);
  562. $ipInfo = [
  563. 'country' => $ipip['country_name'],
  564. 'province' => $ipip['region_name'],
  565. 'city' => $ipip['city_name']
  566. ];
  567. } else {
  568. // 判断纯真IP库获取的国家信息是否与IPIP的IP库获取的信息一致,不一致则用IPIP的(因为纯真IP库的非大陆IP准确率较低)
  569. $ipip = IPIP::ip($ip);
  570. if ($ipInfo['country'] != $ipip['country_name']) {
  571. $ipInfo['country'] = $ipip['country_name'];
  572. $ipInfo['province'] = $ipip['region_name'];
  573. $ipInfo['city'] = $ipip['city_name'];
  574. }
  575. }
  576. }
  577. if (empty($ipInfo) || empty($ipInfo['country'])) {
  578. Log::warning("获取IP信息异常:" . $ip);
  579. }
  580. $log = new UserLoginLog();
  581. $log->user_id = $userId;
  582. $log->ip = $ip;
  583. $log->country = $ipInfo['country'] ?? '';
  584. $log->province = $ipInfo['province'] ?? '';
  585. $log->city = $ipInfo['city'] ?? '';
  586. $log->county = $ipInfo['county'] ?? '';
  587. $log->isp = $ipInfo['isp'] ?? ($ipInfo['organization'] ?? '');
  588. $log->area = $ipInfo['area'] ?? '';
  589. $log->save();
  590. }
  591. /**
  592. * 获取AFF
  593. *
  594. * @param string $code 邀请码
  595. * @param int $aff URL中的aff参数
  596. *
  597. * @return array
  598. */
  599. private function getAff($code = '', $aff = '')
  600. {
  601. // 邀请人ID
  602. $referral_uid = 0;
  603. // 邀请码ID
  604. $code_id = 0;
  605. // 有邀请码先用邀请码,用谁的邀请码就给谁返利
  606. if ($code) {
  607. $inviteCode = Invite::query()->where('code', $code)->where('status', 0)->first();
  608. if ($inviteCode) {
  609. $referral_uid = $inviteCode->uid;
  610. $code_id = $inviteCode->id;
  611. }
  612. }
  613. // 没有用邀请码或者邀请码是管理员生成的,则检查cookie或者url链接
  614. if (!$referral_uid) {
  615. // 检查一下cookie里有没有aff
  616. $cookieAff = \Request::hasCookie('register_aff') ? \Request::cookie('register_aff') : 0;
  617. if ($cookieAff) {
  618. $affUser = User::query()->where('id', $cookieAff)->exists();
  619. $referral_uid = $affUser ? $cookieAff : 0;
  620. } elseif ($aff) { // 如果cookie里没有aff,就再检查一下请求的url里有没有aff,因为有些人的浏览器会禁用了cookie,比如chrome开了隐私模式
  621. $affUser = User::query()->where('id', $aff)->exists();
  622. $referral_uid = $affUser ? $aff : 0;
  623. }
  624. }
  625. return [
  626. 'referral_uid' => $referral_uid,
  627. 'code_id' => $code_id
  628. ];
  629. }
  630. // 写入生成激活账号验证记录
  631. private function addVerify($userId, $token)
  632. {
  633. $verify = new Verify();
  634. $verify->type = 1;
  635. $verify->user_id = $userId;
  636. $verify->token = $token;
  637. $verify->status = 0;
  638. $verify->save();
  639. }
  640. // 生成注册验证码
  641. private function addVerifyCode($username, $code)
  642. {
  643. $verify = new VerifyCode();
  644. $verify->username = $username;
  645. $verify->code = $code;
  646. $verify->status = 0;
  647. $verify->save();
  648. }
  649. }