blessing-skin-server/app/Http/Middleware/CheckAuthenticated.php

65 lines
2.1 KiB
PHP
Raw Normal View History

2016-07-21 22:01:57 +08:00
<?php
2016-08-28 10:05:21 +08:00
namespace App\Http\Middleware;
2016-07-21 22:01:57 +08:00
use App\Models\User;
2016-08-19 23:09:32 +08:00
use App\Models\UserModel;
use App\Exceptions\PrettyPageException;
2016-08-19 23:09:32 +08:00
use View;
use Http;
2016-08-28 10:05:21 +08:00
use Session;
2016-07-21 22:01:57 +08:00
2016-08-28 10:05:21 +08:00
class CheckAuthenticated
2016-07-21 22:01:57 +08:00
{
2016-08-28 10:05:21 +08:00
public function handle($request, \Closure $next, $return_user = false)
2016-07-21 22:01:57 +08:00
{
2016-08-28 20:33:35 +08:00
if (Session::has('uid')) {
2016-08-28 10:05:21 +08:00
$user = new User(session('uid'));
2016-07-23 14:23:11 +08:00
2016-08-28 10:05:21 +08:00
if (session('token') != $user->getToken())
2016-08-29 23:08:09 +08:00
return redirect('auth/login')->with('msg', '无效的 token请重新登录');
2016-07-22 19:36:24 +08:00
2016-07-23 14:23:11 +08:00
if ($user->getPermission() == "-1") {
// delete cookies
2016-08-19 23:09:32 +08:00
setcookie('uid', '', time() - 3600, '/');
setcookie('token', '', time() - 3600, '/');
2016-08-29 23:08:09 +08:00
2016-08-28 10:05:21 +08:00
Session::flush();
Session::save();
2016-07-23 14:23:11 +08:00
throw new PrettyPageException('你已经被本站封禁啦,请联系管理员解决', 5);
2016-07-23 14:23:11 +08:00
}
2016-08-19 23:09:32 +08:00
// ask for filling email
if ($user->email == "") {
if (isset($request->email)) {
if (filter_var($request->email, FILTER_VALIDATE_EMAIL)) {
if (UserModel::where('email', $request->email)->get()->isEmpty()) {
$user->setEmail($request->email);
2016-08-19 23:09:32 +08:00
// refresh token
2016-08-28 10:05:21 +08:00
Session::put('token', $user->getToken(true));
setcookie('token', session('token'), time() + 3600, '/');
2016-08-29 23:08:09 +08:00
2016-08-19 23:09:32 +08:00
return $user;
} else {
2016-08-28 10:05:21 +08:00
return View::make('auth.bind')->with('msg', '该邮箱已被占用');
2016-08-19 23:09:32 +08:00
}
} else {
2016-08-28 10:05:21 +08:00
return View::make('auth.bind')->with('msg', '邮箱格式错误');
2016-08-19 23:09:32 +08:00
}
}
2016-08-28 10:05:21 +08:00
return view('auth.bind');
2016-08-19 23:09:32 +08:00
}
2016-08-28 10:05:21 +08:00
if ($return_user)
return $user;
return $next($request);
2016-07-21 22:01:57 +08:00
} else {
2016-08-29 23:08:09 +08:00
return redirect('auth/login')->with('msg', '非法访问,请先登录');
2016-07-21 22:01:57 +08:00
}
2016-08-28 10:05:21 +08:00
return $next($request);
2016-07-21 22:01:57 +08:00
}
}