input('invite_code'))) { abort(500, '必须使用邀请码才可以注册'); } } if ((int)config('v2board.email_verify', 0)) { $redisKey = 'sendEmailVerify:' . $request->input('email'); if (empty($request->input('email_code'))) { abort(500, '邮箱验证码不能为空'); } if (Cache::get($redisKey) !== $request->input('email_code')) { abort(500, '邮箱验证码有误'); } } $email = $request->input('email'); $password = $request->input('password'); $exist = User::where('email', $email)->first(); if ($exist) { abort(500, '邮箱已存在系统中'); } $user = new User(); $user->email = $email; $user->password = password_hash($password, PASSWORD_DEFAULT); $user->v2ray_uuid = Helper::guid(true); $user->token = Helper::guid(); if ($request->input('invite_code')) { $inviteCode = InviteCode::where('code', $request->input('invite_code')) ->where('status', 0) ->first(); if (!$inviteCode) { if ((int)config('v2board.invite_force', 0)) { abort(500, '邀请码无效'); } } else { $user->invite_user_id = $inviteCode->user_id ? $inviteCode->user_id : null; if (!(int)config('v2board.invite_never_expire', env('V2BOARD_INVITE_NEVER_EXPIRE'))) { $inviteCode->status = 1; $inviteCode->save(); } } } // try out if ((int)config('v2board.try_out_enable', 0)) { $plan = Plan::find(config('v2board.try_out_plan_id')); if ($plan) { $user->transfer_enable = $plan->transfer_enable * 1073741824; $user->plan_id = $plan->id; $user->group_id = $plan->group_id; $user->expired_at = time() + (config('v2board.try_out_hour', 1) * 3600); } } if (!$user->save()) { abort(500, '注册失败'); } if ((int)config('v2board.email_verify', 0)) { Cache::forget($redisKey); } return response()->json([ 'data' => true ]); } public function login(AuthLogin $request) { $email = $request->input('email'); $password = $request->input('password'); $user = User::where('email', $email)->first(); if (!$user) { abort(500, '用户名或密码错误'); } if (!$this->multiPasswordVerify( $user->password_algo, $password, $user->password) ) { abort(500, '用户名或密码错误'); } if ($user->banned) { abort(500, '该账户已被停止使用'); } $request->session()->put('email', $user->email); $request->session()->put('id', $user->id); if ($user->is_admin) { $request->session()->put('is_admin', true); } return response([ 'data' => [ 'is_admin' => $user->is_admin ? 2 : 1, 'token' => $user->token ] ]); } public function token2Login(Request $request) { if ($request->input('token')) { $user = User::where('token', $request->input('token'))->first(); if (!$user) { return header('Location:' . config('v2board.app_url')); } $code = Helper::guid(); $key = 'token2Login_' . $code; Cache::put($key, $user->id, 600); $redirect = '/#/login?verify=' . $code . '&redirect=' . ($request->input('redirect') ? $request->input('redirect') : 'dashboard'); if (config('v2board.app_url')) { $location = config('v2board.app_url') . $redirect; } else { $location = url($redirect); } return header('Location:' . $location); } if ($request->input('verify')) { $key = 'token2Login_' . $request->input('verify'); $userId = Cache::get($key); if (!$userId) { abort(500, '令牌有误'); } $user = User::find($userId); if (!$user) { abort(500, '用户不存在'); } if ($user->banned) { abort(500, '该账户已被停止使用'); } $request->session()->put('email', $user->email); $request->session()->put('id', $user->id); if ($user->is_admin) { $request->session()->put('is_admin', true); } Cache::forget($key); return response([ 'data' => true ]); } } public function check(Request $request) { return response([ 'data' => $request->session()->get('id') ? true : false ]); } public function forget(AuthForget $request) { $redisKey = 'sendEmailVerify:' . $request->input('email'); if (Cache::get($redisKey) !== $request->input('email_code')) { abort(500, '邮箱验证码有误'); } $user = User::where('email', $request->input('email'))->first(); $user->password = password_hash($request->input('password'), PASSWORD_DEFAULT); $user->password_algo = NULL; if (!$user->save()) { abort(500, '重置失败'); } Cache::forget($redisKey); return response([ 'data' => true ]); } private function multiPasswordVerify($algo, $password, $hash) { switch($algo) { case 'md5': return md5($password) === $hash; case 'sha256': return hash('sha256', $password) === $hash; default: return password_hash($password, PASSWORD_DEFAULT) === $hash; } } }