lkddi
bfd90ca882
- headface 目录 371 个文件重命名为小写后缀 - 代码中所有 .GIF 引用改为 .gif(User.php/AuthController/channels.php/frame.blade/scripts.blade) - 新增迁移:将 users 表 usersf 列中的 .GIF 批量替换为 .gif - 解决 Linux 大小写敏感导致图片加载失败的问题
128 lines
3.8 KiB
PHP
128 lines
3.8 KiB
PHP
<?php
|
||
|
||
/**
|
||
* 文件功能:认证控制器 (处理登录即注册等逻辑)
|
||
*
|
||
* @author ChatRoom Laravel
|
||
*
|
||
* @version 1.0.0
|
||
*/
|
||
|
||
namespace App\Http\Controllers;
|
||
|
||
use App\Http\Requests\LoginRequest;
|
||
use App\Models\User;
|
||
use Illuminate\Http\JsonResponse;
|
||
use Illuminate\Http\Request;
|
||
use Illuminate\Support\Facades\Auth;
|
||
use Illuminate\Support\Facades\Hash;
|
||
|
||
class AuthController extends Controller
|
||
{
|
||
/**
|
||
* 处理用户登录/注册尝试。
|
||
* 逻辑:
|
||
* 1. 如果用户已存在,验证密码。为了兼容老数据库,先验证Bcrypt,再退化验证MD5。如果MD5正确则升级为Bcrypt。
|
||
* 2. 如果用户不存在,直接注册新用户并登录。
|
||
*/
|
||
public function login(LoginRequest $request): JsonResponse
|
||
{
|
||
$credentials = $request->validated();
|
||
$username = $credentials['username'];
|
||
$password = $credentials['password'];
|
||
$ip = $request->ip();
|
||
|
||
$user = User::where('username', $username)->first();
|
||
|
||
if ($user) {
|
||
// 用户存在,验证密码
|
||
if (Hash::check($password, $user->password)) {
|
||
// Bcrypt 验证通过
|
||
$this->performLogin($user, $ip);
|
||
|
||
return response()->json(['status' => 'success', 'message' => '登录成功']);
|
||
}
|
||
|
||
// 退化为 MD5 验证(兼容原 ASP 系统的老密码)
|
||
if (md5($password) === $user->password) {
|
||
// MD5 验证通过,升级密码为 Bcrypt
|
||
$user->password = Hash::make($password);
|
||
$user->save();
|
||
|
||
$this->performLogin($user, $ip);
|
||
|
||
return response()->json(['status' => 'success', 'message' => '登录成功,且安全策略已自动升级']);
|
||
}
|
||
|
||
// 密码错误
|
||
return response()->json([
|
||
'status' => 'error',
|
||
'message' => '密码错误,请重试。',
|
||
], 422);
|
||
}
|
||
|
||
// --- 核心:第一次登录即为注册 ---
|
||
|
||
// 映射性别:1=男 2=女 0=保密(数据库 sex 列为 int)
|
||
$sex = (int) $request->input('bSex', 0);
|
||
if (! in_array($sex, [1, 2])) {
|
||
$sex = 0;
|
||
}
|
||
|
||
$newUser = User::create([
|
||
'username' => $username,
|
||
'password' => Hash::make($password),
|
||
'first_ip' => $ip,
|
||
'last_ip' => $ip,
|
||
'user_level' => 1, // 默认普通用户等级
|
||
'sex' => $sex,
|
||
'usersf' => '1.gif', // 默认头像
|
||
]);
|
||
|
||
$this->performLogin($newUser, $ip);
|
||
|
||
return response()->json(['status' => 'success', 'message' => '注册并登录成功!']);
|
||
}
|
||
|
||
/**
|
||
* 执行实际的登录操作并记录时间、IP 等。
|
||
*/
|
||
private function performLogin(User $user, string $ip): void
|
||
{
|
||
Auth::login($user);
|
||
|
||
// 更新最后登录IP和时间
|
||
$user->update([
|
||
'last_ip' => $ip,
|
||
'log_time' => now(),
|
||
'in_time' => now(),
|
||
]);
|
||
|
||
// 可选:将用户登录状态也同步写入原有的 IpLog 模型,以便数据归档查询
|
||
\App\Models\IpLog::create([
|
||
'ip' => $ip,
|
||
'sdate' => now(),
|
||
'uuname' => $user->username,
|
||
]);
|
||
}
|
||
|
||
/**
|
||
* 退出登录,清除会话后跳转回登录首页
|
||
*/
|
||
public function logout(Request $request): \Illuminate\Http\RedirectResponse
|
||
{
|
||
if (Auth::check()) {
|
||
$user = Auth::user();
|
||
// 记录退出时间
|
||
$user->update(['out_time' => now()]);
|
||
}
|
||
|
||
Auth::logout();
|
||
|
||
$request->session()->invalidate();
|
||
$request->session()->regenerateToken();
|
||
|
||
return redirect('/')->with('success', '您已成功退出聊天室,欢迎下次再来!');
|
||
}
|
||
}
|