HEX
Server: LiteSpeed
System: Linux s1049.use1.mysecurecloudhost.com 4.18.0-477.27.2.lve.el8.x86_64 #1 SMP Wed Oct 11 12:32:56 UTC 2023 x86_64
User: xedaptot (3356)
PHP: 8.3.31
Disabled: NONE
Upload Files
File: /home/xedaptot/hi.naniguide.com/app/Http/Controllers/AuthController.php
<?php

namespace App\Http\Controllers;

use App\Models\Customer;
use App\Models\CustomerGroup;
use App\Models\Plan;
use App\Models\Setting;
use App\Models\Subscription;
use App\Models\User;
use App\Services\AffiliateService;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Str;
use Illuminate\Validation\Rules\Password;
use Illuminate\Validation\ValidationException;

class AuthController extends Controller
{
    /**
     * Show the login form.
     */
    public function showLoginForm()
    {
        return view('auth.login');
    }

    /**
     * Show the registration form.
     */
    public function showRegisterForm()
    {
        if (!(bool) Setting::get('registration_enabled', true)) {
            return redirect()
                ->route('login')
                ->with('error', __('Registration is disabled.'));
        }

        return view('auth.register');
    }

    /**
     * Handle a login request.
     */
    public function login(Request $request)
    {
        $request->validate([
            'email' => ['required', 'email'],
            'password' => ['required'],
        ]);

        $intendedPath = $this->intendedPath($request);

        // Try admin login first
        if (Auth::guard('admin')->attempt($request->only('email', 'password'), $request->boolean('remember'))) {
            $request->session()->regenerate();
            /** @var User|null $user */
            $user = Auth::guard('admin')->user();
            $fallback = $this->defaultAdminRedirect($user);

            if ($this->pathIsCustomerArea($intendedPath)) {
                $request->session()->forget('url.intended');
                return redirect()->to($fallback);
            }

            return redirect()->intended($fallback);
        }

        // Try customer login
        if (Auth::guard('customer')->attempt($request->only('email', 'password'), $request->boolean('remember'))) {
            $request->session()->regenerate();

            if ($this->pathIsAdminArea($intendedPath)) {
                $request->session()->forget('url.intended');
                return redirect()->to(route('customer.dashboard'));
            }
            return redirect()->intended(route('customer.dashboard'));
        }

        throw ValidationException::withMessages([
            'email' => __('The provided credentials do not match our records.'),
        ]);
    }

    /**
     * Handle a registration request.
     */
    public function register(Request $request)
    {
        if (!(bool) Setting::get('registration_enabled', true)) {
            return redirect()
                ->route('login')
                ->with('error', __('Registration is disabled.'));
        }

        $validated = $request->validate([
            'email' => ['required', 'email', 'max:255', 'unique:customers,email'],
            'password' => ['required', 'confirmed', Password::defaults()],
        ]);

        $customer = Customer::create([
            'first_name' => 'Customer',
            'last_name' => 'User',
            'email' => $validated['email'],
            'password' => Hash::make($validated['password']),
            'status' => 'active',
        ]);

        app(AffiliateService::class)->attributeCustomerFromRequest($customer, $request);

        $newRegisteredGroupId = Setting::get('new_registered_customer_group_id');
        $fallbackGroupId = Setting::get('default_customer_group_id');
        $groupId = $newRegisteredGroupId ?: $fallbackGroupId;

        if (!$groupId) {
            $fallbackRoleGroup = CustomerGroup::query()
                ->orderByRaw('LOWER(name) = ? DESC', ['customer'])
                ->orderBy('id')
                ->first();
            $groupId = $fallbackRoleGroup?->id;
        }

        if ($groupId && CustomerGroup::query()->whereKey((int) $groupId)->exists()) {
            $customer->customerGroups()->syncWithoutDetaching([(int) $groupId]);
        }

        $planId = Setting::get('new_registered_customer_plan_id');
        if ($planId) {
            $plan = Plan::where('is_active', true)->find((int) $planId);
            if ($plan) {
                Subscription::create([
                    'customer_id' => $customer->id,
                    'plan_id' => $plan->id,
                    'plan_name' => $plan->name,
                    'status' => 'active',
                    'billing_cycle' => $plan->billing_cycle ?? 'monthly',
                    'price' => $plan->price ?? 0,
                    'currency' => $plan->currency ?? Setting::get('billing_currency', 'USD'),
                    'starts_at' => now(),
                    'auto_renew' => false,
                    'payment_method' => 'free',
                    'payment_gateway' => 'manual',
                ]);
            }
        }

        Auth::guard('customer')->login($customer);

        $requireVerification = (bool) Setting::get('new_register_requires_email_verification', true);

        if ($requireVerification) {
            try {
                $customer->sendEmailVerificationNotification();
            } catch (\Throwable $e) {
                report($e);

                return redirect()
                    ->intended(route('verification.notice'))
                    ->with('error', __('Your account was created, but we could not send the verification email. Please update your mail settings and click resend verification.'));
            }

            return redirect()->intended(route('verification.notice'));
        }

        $customer->markEmailAsVerified();
        return redirect()->intended(route('customer.dashboard'));
    }

    /**
     * Handle a logout request.
     */
    public function logout(Request $request)
    {
        // Logout from both guards
        Auth::guard('admin')->logout();
        Auth::guard('customer')->logout();

        $request->session()->invalidate();
        $request->session()->regenerateToken();

        return redirect()->route('login');
    }

    private function defaultAdminRedirect(?User $user): string
    {
        if (!$user) {
            return route('admin.login');
        }

        if (method_exists($user, 'isSuperAdmin') && $user->isSuperAdmin()) {
            return route('admin.dashboard');
        }

        if (!method_exists($user, 'hasAdminAbility')) {
            return route('admin.login');
        }

        $candidates = [
            ['ability' => 'admin.dashboard.access', 'route' => 'admin.dashboard'],
            ['ability' => 'admin.customers.access', 'route' => 'admin.customers.index'],
            ['ability' => 'admin.campaigns.access', 'route' => 'admin.campaigns.index'],
            ['ability' => 'admin.delivery_servers.access', 'route' => 'admin.delivery-servers.index'],
            ['ability' => 'admin.bounce_servers.access', 'route' => 'admin.bounce-servers.index'],
            ['ability' => 'admin.reply_servers.access', 'route' => 'admin.reply-servers.index'],
            ['ability' => 'admin.lists.access', 'route' => 'admin.lists.index'],
            ['ability' => 'admin.customer_groups.access', 'route' => 'admin.customer-groups.index'],
            ['ability' => 'admin.users.access', 'route' => 'admin.users.index'],
            ['ability' => 'admin.settings.access', 'route' => 'admin.settings.index'],
            ['ability' => 'admin.activities.access', 'route' => 'admin.activities.index'],
            ['ability' => 'admin.accessibility_control.access', 'route' => 'admin.accessibility-control.index'],
        ];

        foreach ($candidates as $candidate) {
            if ($user->hasAdminAbility($candidate['ability'])) {
                return route($candidate['route']);
            }
        }

        return route('admin.login');
    }

    private function intendedPath(Request $request): string
    {
        $url = $request->session()->get('url.intended');
        if (!is_string($url) || trim($url) === '') {
            return '';
        }

        $path = parse_url($url, PHP_URL_PATH);
        return is_string($path) ? $path : '';
    }

    private function pathIsAdminArea(string $path): bool
    {
        $path = trim($path);
        return $path !== '' && Str::startsWith($path, '/admin');
    }

    private function pathIsCustomerArea(string $path): bool
    {
        $path = trim($path);
        if ($path === '') {
            return false;
        }

        return Str::startsWith($path, '/customer') || Str::startsWith($path, '/account');
    }
}