AuthController.php 32 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930
  1. <?php
  2. namespace App\Http\Controllers;
  3. use App\Components\Helpers;
  4. use App\Components\IP;
  5. use App\Http\Requests\Auth\RegisterRequest;
  6. use App\Models\EmailFilter;
  7. use App\Models\Invite;
  8. use App\Models\User;
  9. use App\Models\UserLoginLog;
  10. use App\Models\Verify;
  11. use App\Models\VerifyCode;
  12. use App\Notifications\AccountActivation;
  13. use App\Notifications\PasswordReset;
  14. use App\Notifications\Verification;
  15. use Auth;
  16. use Cache;
  17. use Captcha;
  18. use Cookie;
  19. use Hash;
  20. use Illuminate\Http\RedirectResponse;
  21. use Illuminate\Http\Request;
  22. use Log;
  23. use Notification;
  24. use Redirect;
  25. use Response;
  26. use Session;
  27. use Str;
  28. use Validator;
  29. class AuthController extends Controller
  30. {
  31. // 登录
  32. public function showLoginForm()
  33. {
  34. // 根据权限跳转
  35. if (Auth::check()) {
  36. if (Auth::getUser()->can('admin.index')) {
  37. return Redirect::route('admin.index');
  38. }
  39. return Redirect::route('home');
  40. //return Redirect::route('down');
  41. }
  42. return view('auth.login');
  43. }
  44. public function login(Request $request)
  45. {
  46. $validator = Validator::make($request->all(), ['email' => 'required|email', 'password' => 'required']);
  47. if ($validator->fails()) {
  48. return Redirect::back()->withInput()->withErrors($validator->errors());
  49. }
  50. // 是否校验验证码
  51. $captcha = $this->check_captcha($request);
  52. if ($captcha !== false) {
  53. return $captcha;
  54. }
  55. // 验证账号并创建会话
  56. if (! Auth::attempt($validator->validated(), $request->input('remember'))) {
  57. return Redirect::back()->withInput()->withErrors(trans('auth.error.login_failed'));
  58. }
  59. $user = Auth::getUser();
  60. if (! $user) {
  61. return Redirect::back()->withInput()->withErrors(trans('auth.error.login_error'));
  62. }
  63. if ($request->routeIs('admin.login.post') && $user->cannot('admin.index')) {
  64. // 管理页面登录
  65. // 非权限者清场
  66. Auth::logout();
  67. return Redirect::route('login');
  68. }
  69. // 校验普通用户账号状态
  70. if ($user->status === -1) {
  71. Auth::logout(); // 强制销毁会话,因为Auth::attempt的时候会产生会话
  72. return Redirect::back()->withInput()->withErrors(trans('auth.error.account_baned'));
  73. }
  74. if ($user->status === 0 && sysConfig('is_activate_account')) {
  75. Auth::logout(); // 强制销毁会话,因为Auth::attempt的时候会产生会话
  76. return Redirect::back()->withInput()->withErrors(trans('auth.active.promotion.0').'<a href="'.route('active').'?email='.$user->email.
  77. '" target="_blank">👉【'.trans('common.active_item', ['attribute' => trans('common.account')]).'】👈</span></a><br>'.trans('auth.active.promotion.1'));
  78. }
  79. // 写入登录日志
  80. $this->addUserLoginLog($user->id, IP::getClientIp());
  81. // 更新登录信息
  82. $user->update(['last_login' => time()]);
  83. return redirect()->back();
  84. }
  85. public function logina(Request $request)
  86. {
  87. $validator = Validator::make($request->all(), ['email' => 'required|email', 'password' => 'required']);
  88. if ($validator->fails()) {
  89. return Redirect::back()->withInput()->withErrors($validator->errors());
  90. }
  91. // 是否校验验证码
  92. $captcha = $this->check_captcha($request);
  93. if ($captcha !== false) {
  94. return $captcha;
  95. }
  96. // 验证账号并创建会话
  97. if (! Auth::attempt($validator->validated(), $request->input('remember'))) {
  98. return Redirect::back()->withInput()->withErrors(trans('auth.error.login_failed'));
  99. }
  100. $user = Auth::getUser();
  101. if (! $user) {
  102. return Redirect::back()->withInput()->withErrors(trans('auth.error.login_error'));
  103. }
  104. if ($request->routeIs('admin.login.post') && $user->cannot('admin.index')) {
  105. // 管理页面登录
  106. // 非权限者清场
  107. Auth::logout();
  108. return Redirect::route('login');
  109. }
  110. // 校验普通用户账号状态
  111. if ($user->status === -1) {
  112. Auth::logout(); // 强制销毁会话,因为Auth::attempt的时候会产生会话
  113. return Redirect::back()->withInput()->withErrors(trans('auth.error.account_baned'));
  114. }
  115. if ($user->status === 0 && sysConfig('is_activate_account')) {
  116. Auth::logout(); // 强制销毁会话,因为Auth::attempt的时候会产生会话
  117. return Redirect::back()->withInput()->withErrors(trans('auth.active.promotion.0').'<a href="'.route('active').'?email='.$user->email.
  118. '" target="_blank">👉【'.trans('common.active_item', ['attribute' => trans('common.account')]).'】👈</span></a><br>'.trans('auth.active.promotion.1'));
  119. }
  120. // 写入登录日志
  121. $this->addUserLoginLog($user->id, IP::getClientIp());
  122. // 更新登录信息
  123. $user->update(['last_login' => time()]);
  124. return Redirect::route('shop');
  125. }
  126. //登陆并到工单
  127. public function logintoticket(Request $request)
  128. {
  129. $validator = Validator::make($request->all(), ['email' => 'required|email', 'password' => 'required']);
  130. if ($validator->fails()) {
  131. return Redirect::back()->withInput()->withErrors($validator->errors());
  132. }
  133. // 是否校验验证码
  134. $captcha = $this->check_captcha($request);
  135. if ($captcha !== false) {
  136. return $captcha;
  137. }
  138. // 验证账号并创建会话
  139. if (! Auth::attempt($validator->validated(), $request->input('remember'))) {
  140. return Redirect::back()->withInput()->withErrors(trans('auth.error.login_failed'));
  141. }
  142. $user = Auth::getUser();
  143. if (! $user) {
  144. return Redirect::back()->withInput()->withErrors(trans('auth.error.login_error'));
  145. }
  146. if ($request->routeIs('admin.login.post') && $user->cannot('admin.index')) {
  147. // 管理页面登录
  148. // 非权限者清场
  149. Auth::logout();
  150. return Redirect::route('login');
  151. }
  152. // 校验普通用户账号状态
  153. if ($user->status === -1) {
  154. Auth::logout(); // 强制销毁会话,因为Auth::attempt的时候会产生会话
  155. return Redirect::back()->withInput()->withErrors(trans('auth.error.account_baned'));
  156. }
  157. if ($user->status === 0 && sysConfig('is_activate_account')) {
  158. Auth::logout(); // 强制销毁会话,因为Auth::attempt的时候会产生会话
  159. return Redirect::back()->withInput()->withErrors(trans('auth.active.promotion.0').'<a href="'.route('active').'?email='.$user->email.
  160. '" target="_blank">👉【'.trans('common.active_item', ['attribute' => trans('common.account')]).'】👈</span></a><br>'.trans('auth.active.promotion.1'));
  161. }
  162. // 写入登录日志
  163. $this->addUserLoginLog($user->id, IP::getClientIp());
  164. // 更新登录信息
  165. $user->update(['last_login' => time()]);
  166. return Redirect::route('ticket');
  167. }
  168. //登陆并到工单
  169. public function Loginprofile(Request $request)
  170. {
  171. $validator = Validator::make($request->all(), ['email' => 'required|email', 'password' => 'required']);
  172. if ($validator->fails()) {
  173. return Redirect::back()->withInput()->withErrors($validator->errors());
  174. }
  175. // 是否校验验证码
  176. $captcha = $this->check_captcha($request);
  177. if ($captcha !== false) {
  178. return $captcha;
  179. }
  180. // 验证账号并创建会话
  181. if (! Auth::attempt($validator->validated(), $request->input('remember'))) {
  182. return Redirect::back()->withInput()->withErrors(trans('auth.error.login_failed'));
  183. }
  184. $user = Auth::getUser();
  185. if (! $user) {
  186. return Redirect::back()->withInput()->withErrors(trans('auth.error.login_error'));
  187. }
  188. if ($request->routeIs('admin.login.post') && $user->cannot('admin.index')) {
  189. // 管理页面登录
  190. // 非权限者清场
  191. Auth::logout();
  192. return Redirect::route('login');
  193. }
  194. // 校验普通用户账号状态
  195. if ($user->status === -1) {
  196. Auth::logout(); // 强制销毁会话,因为Auth::attempt的时候会产生会话
  197. return Redirect::back()->withInput()->withErrors(trans('auth.error.account_baned'));
  198. }
  199. if ($user->status === 0 && sysConfig('is_activate_account')) {
  200. Auth::logout(); // 强制销毁会话,因为Auth::attempt的时候会产生会话
  201. return Redirect::back()->withInput()->withErrors(trans('auth.active.promotion.0').'<a href="'.route('active').'?email='.$user->email.
  202. '" target="_blank">👉【'.trans('common.active_item', ['attribute' => trans('common.account')]).'】👈</span></a><br>'.trans('auth.active.promotion.1'));
  203. }
  204. // 写入登录日志
  205. $this->addUserLoginLog($user->id, IP::getClientIp());
  206. // 更新登录信息
  207. $user->update(['last_login' => time()]);
  208. return Redirect::route('profile');
  209. }
  210. //登陆并到工单
  211. public function logintoreferral(Request $request)
  212. {
  213. $validator = Validator::make($request->all(), ['email' => 'required|email', 'password' => 'required']);
  214. if ($validator->fails()) {
  215. return Redirect::back()->withInput()->withErrors($validator->errors());
  216. }
  217. // 是否校验验证码
  218. $captcha = $this->check_captcha($request);
  219. if ($captcha !== false) {
  220. return $captcha;
  221. }
  222. // 验证账号并创建会话
  223. if (! Auth::attempt($validator->validated(), $request->input('remember'))) {
  224. return Redirect::back()->withInput()->withErrors(trans('auth.error.login_failed'));
  225. }
  226. $user = Auth::getUser();
  227. if (! $user) {
  228. return Redirect::back()->withInput()->withErrors(trans('auth.error.login_error'));
  229. }
  230. if ($request->routeIs('admin.login.post') && $user->cannot('admin.index')) {
  231. // 管理页面登录
  232. // 非权限者清场
  233. Auth::logout();
  234. return Redirect::route('login');
  235. }
  236. // 校验普通用户账号状态
  237. if ($user->status === -1) {
  238. Auth::logout(); // 强制销毁会话,因为Auth::attempt的时候会产生会话
  239. return Redirect::back()->withInput()->withErrors(trans('auth.error.account_baned'));
  240. }
  241. if ($user->status === 0 && sysConfig('is_activate_account')) {
  242. Auth::logout(); // 强制销毁会话,因为Auth::attempt的时候会产生会话
  243. return Redirect::back()->withInput()->withErrors(trans('auth.active.promotion.0').'<a href="'.route('active').'?email='.$user->email.
  244. '" target="_blank">👉【'.trans('common.active_item', ['attribute' => trans('common.account')]).'】👈</span></a><br>'.trans('auth.active.promotion.1'));
  245. }
  246. // 写入登录日志
  247. $this->addUserLoginLog($user->id, IP::getClientIp());
  248. // 更新登录信息
  249. $user->update(['last_login' => time()]);
  250. return Redirect::route('commission');
  251. }
  252. // 校验验证码
  253. private function check_captcha(Request $request)
  254. {
  255. switch (sysConfig('is_captcha')) {
  256. case 1: // 默认图形验证码
  257. if (! Captcha::check($request->input('captcha'))) {
  258. return Redirect::back()->withInput()->withErrors(trans('auth.captcha.error.failed'));
  259. }
  260. break;
  261. case 2: // Geetest
  262. $validator = Validator::make($request->all(), [
  263. 'geetest_challenge' => 'required|geetest',
  264. ]);
  265. if ($validator->fails()) {
  266. return Redirect::back()->withInput()->withErrors(trans('auth.captcha.error.failed'));
  267. }
  268. break;
  269. case 3: // Google reCAPTCHA
  270. $validator = Validator::make($request->all(), [
  271. 'g-recaptcha-response' => 'required|NoCaptcha',
  272. ]);
  273. if ($validator->fails()) {
  274. return Redirect::back()->withInput()->withErrors(trans('auth.captcha.error.failed'));
  275. }
  276. break;
  277. case 4: // hCaptcha
  278. $validator = Validator::make($request->all(), [
  279. 'h-captcha-response' => 'required|HCaptcha',
  280. ]);
  281. if ($validator->fails()) {
  282. return Redirect::back()->withInput()->withErrors(trans('auth.captcha.error.failed'));
  283. }
  284. break;
  285. default: // 不启用验证码
  286. break;
  287. }
  288. return false;
  289. }
  290. /**
  291. * 添加用户登录日志.
  292. *
  293. * @param int $userId 用户ID
  294. * @param string $ip IP地址
  295. */
  296. private function addUserLoginLog(int $userId, string $ip): void
  297. {
  298. $ipLocation = IP::getIPInfo($ip);
  299. if (empty($ipLocation) || empty($ipLocation['country'])) {
  300. Log::warning(trans('error.get_ip').':'.$ip);
  301. }
  302. $log = new UserLoginLog();
  303. $log->user_id = $userId;
  304. $log->ip = $ip;
  305. $log->country = $ipLocation['country'] ?? '';
  306. $log->province = $ipLocation['province'] ?? '';
  307. $log->city = $ipLocation['city'] ?? '';
  308. $log->county = $ipLocation['county'] ?? '';
  309. $log->isp = $ipLocation['isp'] ?? ($ipLocation['organization'] ?? '');
  310. $log->area = $ipLocation['area'] ?? '';
  311. $log->save();
  312. }
  313. // 退出
  314. public function logout(): RedirectResponse
  315. {
  316. Auth::logout();
  317. return Redirect::route('login');
  318. }
  319. public function showRegistrationForm()
  320. {
  321. Session::put('register_token', Str::random());
  322. return view('auth.register', ['emailList' => (int) sysConfig('is_email_filtering') !== 2 ? false : EmailFilter::whereType(2)->get()]);
  323. }
  324. // 注册
  325. public function register(RegisterRequest $request)
  326. {
  327. $cacheKey = 'register_times_'.md5(IP::getClientIp()); // 注册限制缓存key
  328. $validator = Validator::make($request->all(), [
  329. 'username' => 'required',
  330. 'email' => 'required|email|unique:user',
  331. 'password' => 'required|min:6|confirmed',
  332. 'term' => 'accepted',
  333. ]);
  334. if ($validator->fails()) {
  335. return Redirect::back()->withInput()->withErrors($validator->errors());
  336. }
  337. $data = $request->validated();
  338. $register_token = $request->input('register_token');
  339. $code = $request->input('code');
  340. $verify_code = $request->input('verify_code');
  341. $aff = (int) $request->input('aff');
  342. // 防止重复提交
  343. if ($register_token !== Session::get('register_token')) {
  344. return Redirect::back()->withInput()->withErrors(trans('auth.error.repeat_request'));
  345. }
  346. Session::forget('register_token');
  347. if ($aff < 0){
  348. var_dump($aff);
  349. die();
  350. }
  351. Session::put("register_aff",strval($aff));
  352. // 是否开启注册
  353. if (! sysConfig('is_register')) {
  354. return Redirect::back()->withErrors(trans('auth.register.error.disable'));
  355. }
  356. // 校验域名邮箱黑白名单
  357. if (sysConfig('is_email_filtering')) {
  358. $result = $this->emailChecker($data['email'], 1);
  359. if ($result !== false) {
  360. return $result;
  361. }
  362. }
  363. // 如果需要邀请注册
  364. if (sysConfig('is_invite_register')) {
  365. // 校验邀请码合法性
  366. if ($code) {
  367. if (Invite::whereCode($code)->whereStatus(0)->doesntExist()) {
  368. return Redirect::back()->withInput($request->except('code'))->withErrors(trans('auth.invite.error.unavailable'));
  369. }
  370. } elseif ((int) sysConfig('is_invite_register') === 2) { // 必须使用邀请码
  371. return Redirect::back()->withInput()->withErrors(trans('validation.required', ['attribute' => trans('auth.invite.attribute')]));
  372. }
  373. }
  374. // 注册前发送激活码
  375. if ((int) sysConfig('is_activate_account') === 1) {
  376. if (! $verify_code) {
  377. return Redirect::back()->withInput($request->except('verify_code'))->withErrors(trans('auth.captcha.required'));
  378. }
  379. $verifyCode = VerifyCode::whereAddress($data['email'])->whereCode($verify_code)->whereStatus(0)->first();
  380. if (! $verifyCode) {
  381. return Redirect::back()->withInput($request->except('verify_code'))->withErrors(trans('auth.captcha.error.timeout'));
  382. }
  383. $verifyCode->status = 1;
  384. $verifyCode->save();
  385. }
  386. // 是否校验验证码
  387. $captcha = $this->check_captcha($request);
  388. if ($captcha !== false) {
  389. return $captcha;
  390. }
  391. // 24小时内同IP注册限制
  392. if (sysConfig('register_ip_limit') && Cache::has($cacheKey)) {
  393. $registerTimes = Cache::get($cacheKey);
  394. if ($registerTimes >= sysConfig('register_ip_limit')) {
  395. return Redirect::back()->withInput($request->except('code'))->withErrors(trans('auth.register.error.throttle'));
  396. }
  397. }
  398. // 获取可用端口 TODO: 修改判断&提示
  399. $port = Helpers::getPort();
  400. if ($port > sysConfig('max_port')) {
  401. return Redirect::back()->withInput()->withErrors(trans('auth.register.error.disable'));
  402. }
  403. // 获取aff
  404. $affArr = $this->getAff($code, $aff);
  405. $inviter_id = $affArr['inviter_id'];
  406. $transfer_enable = MB * ((int) sysConfig('default_traffic') + ($inviter_id ? (int) sysConfig('referral_traffic') : 0));
  407. // 创建新用户
  408. $user = Helpers::addUser($data['email'], $data['password'], $transfer_enable, sysConfig('default_days'), $inviter_id, $data['username']);
  409. // 注册失败,抛出异常
  410. if (! $user) {
  411. return Redirect::back()->withInput()->withErrors(trans('auth.register.failed'));
  412. }
  413. // 注册次数+1
  414. if (Cache::has($cacheKey)) {
  415. Cache::increment($cacheKey);
  416. } else {
  417. Cache::put($cacheKey, 1, Day); // 24小时
  418. }
  419. // 更新邀请码
  420. if ($affArr['code_id'] && sysConfig('is_invite_register')) {
  421. $invite = Invite::find($affArr['code_id']);
  422. if ($invite) {
  423. $invite->update(['invitee_id' => $user->id, 'status' => 1]);
  424. }
  425. }
  426. // 清除邀请人Cookie
  427. Cookie::unqueue('register_aff');
  428. // 注册后发送激活码
  429. if ((int) sysConfig('is_activate_account') === 2) {
  430. // 生成激活账号的地址
  431. $token = $this->addVerifyUrl($user->id, $user->email);
  432. $activeUserUrl = route('activeAccount', $token);
  433. $user->notifyNow(new AccountActivation($activeUserUrl));
  434. Session::flash('successMsg',
  435. __("Thanks for signing up! Before getting started, could you verify your email address by clicking on the link we just emailed to you? If you didn't receive the email, we will gladly send you another."));
  436. } else {
  437. // 则直接给推荐人加流量
  438. if ($inviter_id) {
  439. $referralUser = User::find($inviter_id);
  440. if ($referralUser && $referralUser->expired_at >= date('Y-m-d')) {
  441. $referralUser->incrementData(sysConfig('referral_traffic') * MB);
  442. }
  443. }
  444. if ((int) sysConfig('is_activate_account') === 1) {
  445. $user->update(['status' => 1]);
  446. }
  447. Session::flash('successMsg', trans('auth.register.success'));
  448. }
  449. return Redirect::route('login')->withInput();
  450. }
  451. //邮箱检查
  452. private function emailChecker($email, $returnType = 0)
  453. {
  454. $emailFilterList = EmailFilter::whereType(sysConfig('is_email_filtering'))->pluck('words')->toArray();
  455. $emailSuffix = explode('@', $email); // 提取邮箱后缀
  456. switch (sysConfig('is_email_filtering')) {
  457. // 黑名单
  458. case 1:
  459. if (in_array(strtolower($emailSuffix[1]), $emailFilterList, true)) {
  460. if ($returnType) {
  461. return Redirect::back()->withErrors(trans('auth.email.error.banned'));
  462. }
  463. return Response::json(['status' => 'fail', 'message' => trans('auth.email.error.banned')]);
  464. }
  465. break;
  466. //白名单
  467. case 2:
  468. if (! in_array(strtolower($emailSuffix[1]), $emailFilterList, true)) {
  469. if ($returnType) {
  470. return Redirect::back()->withErrors(trans('auth.email.error.invalid'));
  471. }
  472. return Response::json(['status' => 'fail', 'message' => trans('auth.email.error.invalid')]);
  473. }
  474. break;
  475. default:
  476. if ($returnType) {
  477. return Redirect::back()->withErrors(trans('auth.email.error.invalid'));
  478. }
  479. return Response::json(['status' => 'fail', 'message' => trans('auth.email.error.invalid')]);
  480. }
  481. return false;
  482. }
  483. /**
  484. * 获取AFF.
  485. *
  486. * @param string|null $code 邀请码
  487. * @param int|null $aff URL中的aff参数
  488. *
  489. * @return array
  490. */
  491. private function getAff($code = null, $aff = null): array
  492. {
  493. $data = ['inviter_id' => null, 'code_id' => 0]; // 邀请人ID 与 邀请码ID
  494. // 有邀请码先用邀请码,用谁的邀请码就给谁返利
  495. if ($code) {
  496. $inviteCode = Invite::whereCode($code)->whereStatus(0)->first();
  497. if ($inviteCode) {
  498. $data['inviter_id'] = $inviteCode->inviter_id;
  499. $data['code_id'] = $inviteCode->id;
  500. }
  501. }
  502. // 没有用邀请码或者邀请码是管理员生成的,则检查cookie或者url链接
  503. if (! $data['inviter_id']) {
  504. // 检查一下cookie里有没有aff
  505. // $cookieAff = \Request::hasCookie('register_aff');
  506. // if ($cookieAff) {
  507. // $data['inviter_id'] = User::find($cookieAff) ? $cookieAff : null;
  508. // } elseif ($aff) { // 如果cookie里没有aff,就再检查一下请求的url里有没有aff,因为有些人的浏览器会禁用了cookie,比如chrome开了隐私模式
  509. // $data['inviter_id'] = User::find($aff) ? $aff : null;
  510. // }
  511. // if ($aff)
  512. // {
  513. // $varr = User::find($aff) ? $aff : null;
  514. // var_dump($aff);
  515. // var_dump($varr);
  516. // die();
  517. // }
  518. $data['inviter_id'] = User::find($aff) ? $aff : null;
  519. }
  520. return $data;
  521. }
  522. // 生成申请的请求地址
  523. private function addVerifyUrl($uid, $email)
  524. {
  525. $token = md5(sysConfig('website_name').$email.microtime());
  526. $verify = new Verify();
  527. $verify->user_id = $uid;
  528. $verify->token = $token;
  529. $verify->save();
  530. return $token;
  531. }
  532. // 重设密码页
  533. public function resetPassword(Request $request)
  534. {
  535. if ($request->isMethod('POST')) {
  536. // 校验请求
  537. $validator = Validator::make($request->all(), [
  538. 'email' => 'required|email|exists:user,email',
  539. ]);
  540. if ($validator->fails()) {
  541. return Redirect::back()->withInput()->withErrors($validator->errors());
  542. }
  543. $email = $request->input('email');
  544. // 是否开启重设密码
  545. if (! sysConfig('password_reset_notification')) {
  546. return Redirect::back()->withErrors(trans('auth.password.reset.error.disabled', ['email' => sysConfig('webmaster_email')]));
  547. }
  548. // 查找账号
  549. $user = User::whereEmail($email)->firstOrFail();
  550. // 24小时内重设密码次数限制
  551. $resetTimes = 0;
  552. if (Cache::has('resetPassword_'.md5($email))) {
  553. $resetTimes = Cache::get('resetPassword_'.md5($email));
  554. if ($resetTimes >= sysConfig('reset_password_times')) {
  555. return Redirect::back()->withErrors(trans('auth.password.reset.error.throttle', ['time' => sysConfig('reset_password_times')]));
  556. }
  557. }
  558. // 生成取回密码的地址
  559. $token = $this->addVerifyUrl($user->id, $email);
  560. // 发送邮件
  561. $resetUrl = route('resettingPasswd', $token);
  562. $user->notifyNow(new PasswordReset($resetUrl));
  563. Cache::put('resetPassword_'.md5($email), $resetTimes + 1, Day);
  564. return Redirect::back()->with('successMsg', trans('auth.password.reset.sent'));
  565. }
  566. return view('auth.resetPassword');
  567. }
  568. // 重设密码
  569. public function reset(Request $request, $token)
  570. {
  571. if (! $token) {
  572. return Redirect::route('login');
  573. }
  574. if ($request->isMethod('POST')) {
  575. $validator = Validator::make($request->all(), [
  576. 'password' => 'required|min:6|confirmed',
  577. ]);
  578. if ($validator->fails()) {
  579. return Redirect::back()->withInput()->withErrors($validator->errors());
  580. }
  581. $password = $request->input('password');
  582. // 校验账号
  583. $verify = Verify::type(1)->whereToken($token)->firstOrFail();
  584. $user = $verify->user;
  585. if (! $verify) {
  586. return Redirect::route('login');
  587. }
  588. if ($user->status === -1) {
  589. return Redirect::back()->withErrors(trans('auth.error.account_baned'));
  590. }
  591. if ($verify->status === 1) {
  592. return Redirect::back()->withErrors(trans('auth.error.url_timeout'));
  593. }
  594. if (Hash::check($password, $verify->user->password)) {
  595. return Redirect::back()->withErrors(trans('auth.password.reset.error.same'));
  596. }
  597. // 更新密码
  598. if (! $user->update(['password' => $password])) {
  599. return Redirect::back()->withErrors(trans('auth.password.reset.error.failed'));
  600. }
  601. // 置为已使用
  602. $verify->status = 1;
  603. $verify->save();
  604. return Redirect::route('login')->with('successMsg', trans('auth.password.reset.success'));
  605. }
  606. $verify = Verify::type(1)->whereToken($token)->first();
  607. if (! $verify) {
  608. return Redirect::route('login');
  609. }
  610. if (time() - strtotime($verify->created_at) >= 1800) {
  611. // 置为已失效
  612. $verify->status = 2;
  613. $verify->save();
  614. }
  615. return view('auth.reset', ['verify' => Verify::type(1)->whereToken($token)->first()]); // 重新获取一遍verify
  616. }
  617. // 激活账号页
  618. public function activeUser(Request $request)
  619. {
  620. if ($request->isMethod('POST')) {
  621. $validator = Validator::make($request->all(), ['email' => 'required|email|exists:user,email']);
  622. if ($validator->fails()) {
  623. return Redirect::back()->withInput()->withErrors($validator->errors());
  624. }
  625. $email = $request->input('email');
  626. // 是否开启账号激活
  627. if (! sysConfig('is_activate_account')) {
  628. return Redirect::back()->withInput()->withErrors(trans('auth.active.error.disable'));
  629. }
  630. // 查找账号
  631. $user = User::whereEmail($email)->firstOrFail();
  632. if ($user->status === -1) {
  633. return Redirect::back()->withErrors(trans('auth.error.account_baned'));
  634. }
  635. if ($user->status === 1) {
  636. return Redirect::back()->withErrors(trans('auth.active.error.activated'));
  637. }
  638. // 24小时内激活次数限制
  639. $activeTimes = 0;
  640. if (Cache::has('activeUser_'.md5($email))) {
  641. $activeTimes = Cache::get('activeUser_'.md5($email));
  642. if ($activeTimes >= sysConfig('active_times')) {
  643. return Redirect::back()->withErrors(trans('auth.active.error.throttle', ['email' => sysConfig('webmaster_email')]));
  644. }
  645. }
  646. // 生成激活账号的地址
  647. $token = $this->addVerifyUrl($user->id, $email);
  648. // 发送邮件
  649. $activeUserUrl = route('activeAccount', $token);
  650. Notification::route('mail', $email)->notifyNow(new AccountActivation($activeUserUrl));
  651. Cache::put('activeUser_'.md5($email), $activeTimes + 1, Day);
  652. return Redirect::back()->with('successMsg', trans('auth.active.sent'));
  653. }
  654. return view('auth.activeUser');
  655. }
  656. // 激活账号
  657. public function active($token)
  658. {
  659. if (! $token) {
  660. return Redirect::route('login');
  661. }
  662. $verify = Verify::type(1)->with('user')->whereToken($token)->firstOrFail();
  663. $user = $verify->user;
  664. if (! $verify) {
  665. return Redirect::route('login');
  666. }
  667. if (empty($user) || $verify->status > 0) {
  668. Session::flash('errorMsg', trans('auth.error.url_timeout'));
  669. return view('auth.active');
  670. }
  671. if ($user->status === 1) {
  672. Session::flash('errorMsg', trans('auth.active.error.activated'));
  673. return view('auth.active');
  674. }
  675. if (time() - strtotime($verify->created_at) >= 1800) {
  676. Session::flash('errorMsg', trans('auth.error.url_timeout'));
  677. // 置为已失效
  678. $verify->status = 2;
  679. $verify->save();
  680. return view('auth.active');
  681. }
  682. // 更新账号状态
  683. if (! $user->update(['status' => 1])) {
  684. Session::flash('errorMsg', trans('common.active_item', ['attribute' => trans('common.failed')]));
  685. return Redirect::back();
  686. }
  687. // 置为已使用
  688. $verify->status = 1;
  689. $verify->save();
  690. // 账号激活后给邀请人送流量
  691. $inviter = $user->inviter;
  692. if ($inviter) {
  693. $inviter->incrementData(sysConfig('referral_traffic') * MB);
  694. }
  695. Session::flash('successMsg', trans('common.active_item', ['attribute' => trans('common.success')]));
  696. return view('auth.active');
  697. }
  698. // 发送注册验证码
  699. public function sendCode(Request $request)
  700. {
  701. $validator = Validator::make($request->all(), ['email' => 'required|email|unique:user,email']);
  702. $email = $request->input('email');
  703. if ($validator->fails()) {
  704. return Response::json(['status' => 'fail', 'message' => $validator->getMessageBag()->first()]);
  705. }
  706. $ip = IP::getClientIP();
  707. // 校验域名邮箱黑白名单
  708. if (sysConfig('is_email_filtering')) {
  709. $result = $this->emailChecker($email);
  710. if ($result !== false) {
  711. return $result;
  712. }
  713. }
  714. // 是否开启注册发送验证码
  715. if ((int) sysConfig('is_activate_account') !== 1) {
  716. return Response::json(['status' => 'fail', 'message' => trans('auth.active.error.disable')]);
  717. }
  718. // 防刷机制
  719. if (Cache::has('send_verify_code_'.md5($ip))) {
  720. return Response::json(['status' => 'fail', 'message' => trans('auth.register.error.throttle')]);
  721. }
  722. // 发送邮件
  723. $code = Str::random(6);
  724. if (VerifyCode::create(['address' => $email, 'code' => $code])) { // 生成注册验证码
  725. Notification::route('mail', $email)->notifyNow(new Verification($code));
  726. }
  727. Cache::put('send_verify_code_'.md5($ip), $ip, Minute);
  728. return Response::json(['status' => 'success', 'message' => trans('auth.captcha.sent')]);
  729. }
  730. // 公开的邀请码列表
  731. public function free()
  732. {
  733. return view('auth.free', ['inviteList' => Invite::whereInviterId(null)->whereStatus(0)->paginate()]);
  734. }
  735. // 切换语言
  736. public function switchLang(string $locale): RedirectResponse
  737. {
  738. Session::put('locale', $locale);
  739. return Redirect::back();
  740. }
  741. }