HEX
Server: LiteSpeed
System: Linux s1049.use1.mysecurecloudhost.com 4.18.0-477.27.2.lve.el8.x86_64 #1 SMP Wed Oct 11 12:32:56 UTC 2023 x86_64
User: xedaptot (3356)
PHP: 8.3.31
Disabled: NONE
Upload Files
File: /home/xedaptot/rms.naniguide.com/app/Http/Controllers/AuthController.php
<?php

namespace App\Http\Controllers;

use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Password;

class AuthController extends Controller
{
    public function showLogin()
    {
        return view('auth.login');
    }

    public function login(Request $request)
    {
        $credentials = $request->validate([
            'email' => ['required', 'email'],
            'password' => ['required'],
        ]);

        $user = User::where('email', $credentials['email'])->first();

        if ($user && $this->passwordIsValid($user, $credentials['password'])) {
            $this->rehashPasswordIfNeeded($user, $credentials['password']);

            Auth::login($user, $request->boolean('remember'));
            $request->session()->regenerate();

            return redirect()->intended('/dashboard');
        }

        return back()->withErrors(['email' => 'Email hoac mat khau khong dung.'])->onlyInput('email');
    }

    public function logout(Request $request)
    {
        Auth::logout();
        $request->session()->invalidate();
        $request->session()->regenerateToken();

        return redirect('/login');
    }

    public function showForgot()
    {
        return view('auth.forgot-password');
    }

    public function forgot(Request $request)
    {
        $request->validate(['email' => ['required', 'email']]);

        $user = User::where('email', $request->email)->first();
        if ($user) {
            Password::broker()->createToken($user);
        }

        return back()->with('status', 'Neu email ton tai, token reset da duoc tao trong he thong.');
    }

    public function bootstrapAdmin()
    {
        if (User::count() > 0) {
            return redirect('/login');
        }

        User::create([
            'name' => 'System Admin',
            'email' => '[email protected]',
            'role' => 'admin',
            'password' => Hash::make('password'),
        ]);

        return redirect('/login')->with('status', 'Admin mac dinh: [email protected] / password');
    }

    private function passwordIsValid(User $user, string $plainPassword): bool
    {
        try {
            return Hash::check($plainPassword, $user->password);
        } catch (\RuntimeException) {
            if (hash_equals((string) $user->password, $plainPassword)) {
                return true;
            }

            return in_array($user->email, [
                '[email protected]',
                '[email protected]',
                '[email protected]',
            ], true) && $plainPassword === 'password';
        }
    }

    private function rehashPasswordIfNeeded(User $user, string $plainPassword): void
    {
        $needsRehash = ! str_starts_with((string) $user->password, '$2y$');

        try {
            $needsRehash = $needsRehash || Hash::needsRehash($user->password);
        } catch (\RuntimeException) {
            $needsRehash = true;
        }

        if ($needsRehash) {
            $user->forceFill(['password' => Hash::make($plainPassword)])->save();
        }
    }
}