<?php
return [
/*
|--------------------------------------------------------------------------
| Authentication Defaults
|--------------------------------------------------------------------------
|
| This option controls the default authentication "guard" and password
| reset options for your application. You may change these defaults
| as required, but they're a perfect start for most applications.
|
*/
'defaults' => [
'guard' => 'users',
'passwords' => 'users',
],
/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| here which uses session storage and the Eloquent user provider.
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| Supported: "session", "token"
|
*/
'guards' => [
'users' => [
'driver' => 'session',
'provider' => 'users',
],
'admins' => [
'driver' => 'session',
'provider' => 'admins',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
],
],
/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| If you have multiple user tables or models you may configure multiple
| sources which represent each model / table. These sources may then
| be assigned to any extra authentication guards you have defined.
|
| Supported: "database", "eloquent"
|
*/
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'admins' => [
'driver' => 'eloquent',
'model' => App\Administrator::class,
],
// 'users' => [
// 'driver' => 'database',
// 'table' => 'users',
// ],
],
/*
|--------------------------------------------------------------------------
| Resetting Passwords
|--------------------------------------------------------------------------
|
| Here you may set the options for resetting passwords including the view
| that is your password reset e-mail. You may also set the name of the
| table that maintains all of the reset tokens for your application.
|
| You may specify multiple password reset configurations if you have more
| than one user table or model in the application and you want to have
| separate password reset settings based on the specific user types.
|
| The expire time is the number of minutes that the reset token should be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
*/
'passwords' => [
'users' => [
'provider' => 'users',
'email' => 'website.emails.reset',
'table' => 'password_resets',
'expire' => 60,
],
],
];
app\Http\Controllers\Admin\AuthController.php
<?php
namespace App\Http\Controllers\Admin;
use Illuminate\Http\Request;
use App\Admin;
use Statistic;
use Auth;
use Validator;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ThrottlesLogins;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
class AuthController extends Controller
{
/*
|--------------------------------------------------------------------------
| Registration & Login Controller
|--------------------------------------------------------------------------
|
| This controller handles the registration of new users, as well as the
| authentication of existing users. By default, this controller uses
| a simple trait to add these behaviors. Why don't you explore it?
|
*/
use AuthenticatesAndRegistersUsers, ThrottlesLogins;
/**
* Where to redirect administartors after login / registration.
*
* @var string
*/
protected $redirectTo = '/';
/**
* Only administartor authorize to access this section.
*
* @var string
*/
protected $guard = 'admins';
/**
* Create a new authentication controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware($this->guestMiddleware(), ['except' => 'getLogout']);
}
/**
* Assign view for login form.
*
* @var string
*/
protected $loginView = 'admin.auth.login';
/**
* Handle an authentication attempt.
*
* @return Response
*/
public function postLogin(Request $request) {
// grab credentials from the request
$credentials = $request->only('email', 'password');
$remember = $request->has('remember') ? true : false;
$rules = [
'email' => 'required|email|exists:administrators,email,deleted_at,NULL',
'password' => 'required|min:6'
];
$validator = Validator::make($credentials, $rules);
if ($validator->fails()) {
return redirect()->back()
->withErrors($validator)
->withInput($request->except('password'));
}
else {
if (Auth::guard($this->guard)->attempt($credentials, $remember)) {
Statistic::administartor(Auth::guard($this->guard)->id());
return redirect()->route('admin.index');
}
else {
return redirect()->back()
->withErrors(trans('auth.failed'))
->withInput($request->except('password'));
}
}
}
}
app\Http\Controllers\Website\AuthController.php
<?php
namespace App\Http\Controllers\Website;
use Illuminate\Http\Request;
use App\User;
use App\Member;
use Statistic;
use Auth;
use DB;
use Mail;
use Validator;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ThrottlesLogins;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
class AuthController extends Controller
{
/*
|--------------------------------------------------------------------------
| Registration & Login Controller
|--------------------------------------------------------------------------
|
| This controller handles the registration of new users, as well as the
| authentication of existing users. By default, this controller uses
| a simple trait to add these behaviors. Why don't you explore it?
|
*/
use AuthenticatesAndRegistersUsers, ThrottlesLogins;
/**
* Where to redirect users after login / registration.
*
* @var string
*/
protected $redirectTo = '/member';
/**
* Where to redirect users after logout.
*
* @var string
*/
protected $redirectAfterLogout = '/auth/login';
/**
* Only user authorize to access this section.
*
* @var string
*/
protected $guard = 'users';
/**
* Create a new authentication controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware($this->guestMiddleware(), ['except' => 'getLogout']);
}
/**
* Assign view for login form.
*
* @var string
*/
protected $loginView = 'website.auth.login';
/**
* Handle an authentication attempt.
*
* @return Response
*/
public function postLogin(Request $request) {
// grab credentials from the request
$credentials = $request->only('email', 'password');
$rules = [
'email' => 'required|email|exists:users,email,deleted_at,NULL',
'password' => 'required|min:6'
];
$attributeNames = [
'email' => 'อีเมล',
'password' => 'รหัสผ่าน',
];
$validator = Validator::make($credentials, $rules);
$validator->setAttributeNames($attributeNames);
$validator->after(function($validator) use ($request) {
$user = User::where('email', $request->input('email'))->first();
if (!is_null($user)) {
if (!$user->confirmed) {
$validator->errors()->add('verify', 'ยังไม่ได้ทำการยืนยันข้อมูลสมาชิกนี้ โปรดตรวจสอบอีเมลที่ได้รับจากระบบ');
}
}
});
if ($validator->fails()) {
return redirect()->back()
->withErrors($validator)
->withInput($request->except('password'));
}
else {
if (Auth::guard($this->guard)->attempt($credentials, $request->has('remember'))) {
Statistic::user(Auth::guard($this->guard)->id());
return redirect()->route('website.member.index');
}
else {
return redirect()->back()
->withErrors(trans('auth.failed'))
->withInput($request->except('password'));
}
}
}
/**
* Assign view for register form.
*
* @var string
*/
protected $registerView = 'website.auth.register';
/**
* Handle an user registation.
*
* @return Response
*/
public function postRegister(Request $request) {
// grab inputs from the request
$register = $request->except('terms');
$rules = [
'email' => 'required|email|max:255|unique:users,email',
'password' => 'required|min:6|confirmed',
'citizen_code' => 'required|min:13|exists:profiles,citizen_code,deleted_at,NULL',
'member_id' => 'required|exists:members,id,leave_date,NULL,deleted_at,NULL|unique:users,member_id',
];
$attributeNames = [
'email' => 'อีเมล',
'password' => 'รหัสผ่าน',
'citizen_code' => 'เลขประจำตัวประชาชน',
'member_id' => 'รหัสสมาชิก',
];
$validator = Validator::make($register, $rules);
$validator->setAttributeNames($attributeNames);
$validator->after(function($validator) use ($request) {
$member = Member::find($request->input('member_id'));
if (!is_null($member)) {
if ($member->profile->citizen_code != $request->input('citizen_code')) {
$validator->errors()->add('citizen_code_notmatch', 'ข้อมูล เลขประจำตัวประชาชน ไม่ตรงกับข้อมูลสมาชิก');
}
}
});
if ($validator->fails()) {
return redirect()->back()
->withErrors($validator)
->withInput($request->except(['password', 'member_id', 'terms']));
}
else {
DB::transaction(function() use ($request) {
$user = new User($request->only('email', 'password'));
$member = Member::find($request->input('member_id'));
$member->user()->save($user);
$token = hash_hmac('sha256', str_random(40), config('app.key'));
$confirm = DB::table('user_confirmations')->insert([
'email' => $request->input('email'),
'token' => $token
]);
Mail::send('website.emails.verify', ['token' => $token], function($message) use ($user) {
$message->to($user->email, $user->member->profile->name . " " . $user->member->profile->lastname)
->subject('Please Verify Your Email Address.');
});
});
return redirect()->back()
->with('registed', 'ลงทะเบียนเรียบร้อยแล้ว คุณต้องเข้ายืนยันการใช้งานจากลิงก์ที่ส่งไปยังอีเมล ' . $request->input('email'));
}
}
/**
* Responds to requests to GET /auth/verify/SeMXnmSNLPzcQvWFnoTGdmj4OucAfe2UpbbrBu28HdY=
*/
public function getVerify($token) {
if(!$token) {
return redirect()->route('website.index');
}
$confirm = DB::table('user_confirmations')
->where('token', $token)
->first();
if (!$confirm) {
return redirect()->route('website.index');
}
DB::transaction(function() use ($confirm) {
$user = User::where('email', $confirm->email)->first();
$user->forceFill(['confirmed' => true])->save();
DB::table('user_confirmations')
->where('token', $confirm->token)
->delete();
});
return redirect()->route('website.auth.login')
->with('verified', 'คุณทำการยืนยันอีเมลเรียบร้อยแล้ว')
->withInput($confirm->email);
}
}