lkddi
ea06328885
- 字体颜色:s_color 改为 varchar,发消息时保存颜色,进入聊天室自动恢复 - 等级体系:maxlevel 15→99,superlevel 16→100,99级经验阶梯(幂次曲线) - 管理权限等级按比例调整:禁言50、踢人60、设公告60、封号80、封IP90 - 钓鱼小游戏:FishingController(抛竿扣金币+收竿随机结果+广播) - 补充6个缺失的 sysparam 参数 + 4个钓鱼参数 - 用户列表点击用户名后自动聚焦输入框 - Pint 格式化
122 lines
3.6 KiB
PHP
122 lines
3.6 KiB
PHP
<?php
|
||
|
||
/**
|
||
* 文件功能:认证控制器 (处理登录即注册等逻辑)
|
||
*
|
||
* @author ChatRoom Laravel
|
||
*
|
||
* @version 1.0.0
|
||
*/
|
||
|
||
namespace App\Http\Controllers;
|
||
|
||
use App\Http\Requests\LoginRequest;
|
||
use App\Models\User;
|
||
use Illuminate\Http\JsonResponse;
|
||
use Illuminate\Http\Request;
|
||
use Illuminate\Support\Facades\Auth;
|
||
use Illuminate\Support\Facades\Hash;
|
||
|
||
class AuthController extends Controller
|
||
{
|
||
/**
|
||
* 处理用户登录/注册尝试。
|
||
* 逻辑:
|
||
* 1. 如果用户已存在,验证密码。为了兼容老数据库,先验证Bcrypt,再退化验证MD5。如果MD5正确则升级为Bcrypt。
|
||
* 2. 如果用户不存在,直接注册新用户并登录。
|
||
*/
|
||
public function login(LoginRequest $request): JsonResponse
|
||
{
|
||
$credentials = $request->validated();
|
||
$username = $credentials['username'];
|
||
$password = $credentials['password'];
|
||
$ip = $request->ip();
|
||
|
||
$user = User::where('username', $username)->first();
|
||
|
||
if ($user) {
|
||
// 用户存在,验证密码
|
||
if (Hash::check($password, $user->password)) {
|
||
// Bcrypt 验证通过
|
||
$this->performLogin($user, $ip);
|
||
|
||
return response()->json(['status' => 'success', 'message' => '登录成功']);
|
||
}
|
||
|
||
// 退化为 MD5 验证(兼容原 ASP 系统的老密码)
|
||
if (md5($password) === $user->password) {
|
||
// MD5 验证通过,升级密码为 Bcrypt
|
||
$user->password = Hash::make($password);
|
||
$user->save();
|
||
|
||
$this->performLogin($user, $ip);
|
||
|
||
return response()->json(['status' => 'success', 'message' => '登录成功,且安全策略已自动升级']);
|
||
}
|
||
|
||
// 密码错误
|
||
return response()->json([
|
||
'status' => 'error',
|
||
'message' => '密码错误,请重试。',
|
||
], 422);
|
||
}
|
||
|
||
// --- 核心:第一次登录即为注册 ---
|
||
|
||
$newUser = User::create([
|
||
'username' => $username,
|
||
'password' => Hash::make($password),
|
||
'first_ip' => $ip,
|
||
'last_ip' => $ip,
|
||
'user_level' => 1, // 默认普通用户等级
|
||
'sex' => 0, // 默认性别: 0保密 1男 2女
|
||
'usersf' => '1.GIF', // 默认头像
|
||
]);
|
||
|
||
$this->performLogin($newUser, $ip);
|
||
|
||
return response()->json(['status' => 'success', 'message' => '注册并登录成功!']);
|
||
}
|
||
|
||
/**
|
||
* 执行实际的登录操作并记录时间、IP 等。
|
||
*/
|
||
private function performLogin(User $user, string $ip): void
|
||
{
|
||
Auth::login($user);
|
||
|
||
// 更新最后登录IP和时间
|
||
$user->update([
|
||
'last_ip' => $ip,
|
||
'log_time' => now(),
|
||
'in_time' => now(),
|
||
]);
|
||
|
||
// 可选:将用户登录状态也同步写入原有的 IpLog 模型,以便数据归档查询
|
||
\App\Models\IpLog::create([
|
||
'ip' => $ip,
|
||
'sdate' => now(),
|
||
'uuname' => $user->username,
|
||
]);
|
||
}
|
||
|
||
/**
|
||
* 退出登录,清除会话后跳转回登录首页
|
||
*/
|
||
public function logout(Request $request): \Illuminate\Http\RedirectResponse
|
||
{
|
||
if (Auth::check()) {
|
||
$user = Auth::user();
|
||
// 记录退出时间
|
||
$user->update(['out_time' => now()]);
|
||
}
|
||
|
||
Auth::logout();
|
||
|
||
$request->session()->invalidate();
|
||
$request->session()->regenerateToken();
|
||
|
||
return redirect('/')->with('success', '您已成功退出聊天室,欢迎下次再来!');
|
||
}
|
||
}
|