2016-07-21 22:01:57 +08:00
|
|
|
|
<?php
|
|
|
|
|
|
2016-08-28 10:05:21 +08:00
|
|
|
|
namespace App\Http\Middleware;
|
2016-07-21 22:01:57 +08:00
|
|
|
|
|
|
|
|
|
use App\Models\User;
|
2016-08-19 23:09:32 +08:00
|
|
|
|
use App\Models\UserModel;
|
2016-07-23 14:23:11 +08:00
|
|
|
|
use App\Exceptions\E;
|
2016-08-19 23:09:32 +08:00
|
|
|
|
use View;
|
|
|
|
|
use Http;
|
2016-08-28 10:05:21 +08:00
|
|
|
|
use Session;
|
2016-07-21 22:01:57 +08:00
|
|
|
|
|
2016-08-28 10:05:21 +08:00
|
|
|
|
class CheckAuthenticated
|
2016-07-21 22:01:57 +08:00
|
|
|
|
{
|
2016-08-28 10:05:21 +08:00
|
|
|
|
public function handle($request, \Closure $next, $return_user = false)
|
2016-07-21 22:01:57 +08:00
|
|
|
|
{
|
2016-08-16 22:52:00 +08:00
|
|
|
|
if (isset($_COOKIE['uid']) && isset($_COOKIE['token'])) {
|
2016-08-28 10:05:21 +08:00
|
|
|
|
Session::put('uid' , $_COOKIE['uid']);
|
|
|
|
|
Session::put('token', $_COOKIE['token']);
|
2016-07-21 22:01:57 +08:00
|
|
|
|
}
|
|
|
|
|
|
2016-08-28 10:05:21 +08:00
|
|
|
|
if (session()->has('uid')) {
|
|
|
|
|
$user = new User(session('uid'));
|
2016-07-23 14:23:11 +08:00
|
|
|
|
|
2016-08-28 10:05:21 +08:00
|
|
|
|
if (session('token') != $user->getToken())
|
2016-08-19 23:09:32 +08:00
|
|
|
|
Http::redirect('../auth/login', '无效的 token,请重新登录~');
|
2016-07-22 19:36:24 +08:00
|
|
|
|
|
2016-07-23 14:23:11 +08:00
|
|
|
|
if ($user->getPermission() == "-1") {
|
|
|
|
|
// delete cookies
|
2016-08-19 23:09:32 +08:00
|
|
|
|
setcookie('uid', '', time() - 3600, '/');
|
|
|
|
|
setcookie('token', '', time() - 3600, '/');
|
2016-08-28 10:05:21 +08:00
|
|
|
|
Session::flush();
|
|
|
|
|
Session::save();
|
2016-07-23 14:23:11 +08:00
|
|
|
|
|
2016-08-16 22:52:00 +08:00
|
|
|
|
throw new E('你已经被本站封禁啦,请联系管理员解决', 5, true);
|
2016-07-23 14:23:11 +08:00
|
|
|
|
}
|
|
|
|
|
|
2016-08-19 23:09:32 +08:00
|
|
|
|
// ask for filling email
|
|
|
|
|
if ($user->email == "") {
|
|
|
|
|
if (isset($_POST['email'])) {
|
|
|
|
|
if (\Validate::email($_POST['email'])) {
|
|
|
|
|
if (UserModel::where('email', $_POST['email'])->get()->isEmpty()) {
|
|
|
|
|
$user->setEmail($_POST['email']);
|
|
|
|
|
// refresh token
|
2016-08-28 10:05:21 +08:00
|
|
|
|
Session::put('token', $user->getToken(true));
|
|
|
|
|
setcookie('token', session('token'), time() + 3600, '/');
|
2016-08-19 23:09:32 +08:00
|
|
|
|
return $user;
|
|
|
|
|
} else {
|
2016-08-28 10:05:21 +08:00
|
|
|
|
return View::make('auth.bind')->with('msg', '该邮箱已被占用');
|
2016-08-19 23:09:32 +08:00
|
|
|
|
}
|
|
|
|
|
} else {
|
2016-08-28 10:05:21 +08:00
|
|
|
|
return View::make('auth.bind')->with('msg', '邮箱格式错误');
|
2016-08-19 23:09:32 +08:00
|
|
|
|
}
|
|
|
|
|
exit;
|
|
|
|
|
}
|
2016-08-28 10:05:21 +08:00
|
|
|
|
return view('auth.bind');
|
2016-08-19 23:09:32 +08:00
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-28 10:05:21 +08:00
|
|
|
|
if ($return_user)
|
|
|
|
|
return $user;
|
|
|
|
|
|
|
|
|
|
return $next($request);
|
2016-07-21 22:01:57 +08:00
|
|
|
|
} else {
|
2016-08-19 23:09:32 +08:00
|
|
|
|
Http::redirect('../auth/login', '非法访问,请先登录');
|
2016-07-21 22:01:57 +08:00
|
|
|
|
}
|
2016-08-28 10:05:21 +08:00
|
|
|
|
|
|
|
|
|
return $next($request);
|
2016-07-21 22:01:57 +08:00
|
|
|
|
}
|
|
|
|
|
}
|