config->allowRegistration) { return redirect()->back()->withInput()->with('error', lang('Auth.registerDisabled')); } $users = model(UserModel::class); // Validate basics first since some password rules rely on these fields $rules = config('Validation')->registrationRules ?? [ 'email' => 'required|valid_email|is_unique[users.email]', ]; if (!$this->validate($rules)) { return redirect()->back()->withInput()->with('errors', $this->validator->getErrors()); } // Validate passwords since they can only be validated properly here $rules = [ 'password' => 'required', 'pass_confirm' => 'required|matches[password]', ]; if (!$this->validate($rules)) { return redirect()->back()->withInput()->with('errors', $this->validator->getErrors()); } // Save the user $allowedPostFields = array_merge(['password'], $this->config->validFields, $this->config->personalFields); $user = new User($this->request->getPost($allowedPostFields)); $this->config->requireActivation === null ? $user->activate() : $user->generateActivateHash(); // Ensure default group gets assigned if set if (!empty($this->config->defaultUserGroup)) { $users = $users->withGroup($this->config->defaultUserGroup); } if (!$users->save($user)) { return redirect()->back()->withInput()->with('errors', $users->errors()); } if ($this->config->requireActivation !== null) { $activator = service('activator'); $sent = $activator->send($user); if (!$sent) { return redirect()->back()->withInput()->with('error', $activator->error() ?? lang('Auth.unknownError')); } // Success! return redirect()->route('login')->with('message', lang('Auth.activationSuccess')); } // Success! return redirect()->route('login')->with('message', lang('Auth.registerSuccess')); } public function attemptLogin() { $rules = [ 'login' => 'required', 'password' => 'required', ]; if ($this->config->validFields === ['email']) { $rules['login'] .= '|valid_email'; } if (!$this->validate($rules)) { return redirect()->back()->withInput()->with('errors', $this->validator->getErrors()); } $login = $this->request->getPost('login'); $password = $this->request->getPost('password'); $remember = (bool) $this->request->getPost('remember'); // Determine credential type $type = filter_var($login, FILTER_VALIDATE_EMAIL) ? 'email' : 'username'; // Try to log them in... if (!$this->auth->attempt([$type => $login, 'password' => $password], $remember)) { return redirect()->back()->withInput()->with('error', $this->auth->error() ?? lang('Auth.badAttempt')); } // Is the user being forced to reset their password? if ($this->auth->user()->force_pass_reset === true) { return redirect()->to(route_to('reset-password') . '?token=' . $this->auth->user()->reset_hash)->withCookies(); } $redirectURL = session('redirect_url') ?? site_url('/'); unset($_SESSION['redirect_url']); helper('auth'); if (user()->in_groups('Admin')) $redirectURL = site_url('/admin'); return redirect()->to($redirectURL)->withCookies()->with('message', lang('Auth.loginSuccess')); } }