<?php
namespace App\Controllers;
use Myth\Auth\Entities\User;
use Myth\Auth\Controllers\AuthController as MythAuthController;
class Auth extends MythAuthController
{
/**
* Attempt to register a new user.
*/
public function attemptRegister()
{
// Check if registration is allowed
if (!$this->config->allowRegistration) {
return redirect()->back()->withInput()->with('error', lang('Auth.registerDisabled'));
}
$users = model(UserModel::class);
// Validate basics first since some password rules rely on these fields
$rules = config('Validation')->registrationRules ?? [
'email' => 'required|valid_email|is_unique[users.email]',
];
if (!$this->validate($rules)) {
return redirect()->back()->withInput()->with('errors', $this->validator->getErrors());
}
// Validate passwords since they can only be validated properly here
$rules = [
'password' => 'required',
'pass_confirm' => 'required|matches[password]',
];
if (!$this->validate($rules)) {
return redirect()->back()->withInput()->with('errors', $this->validator->getErrors());
}
// Save the user
$allowedPostFields = array_merge(['password'], $this->config->validFields, $this->config->personalFields);
$user = new User($this->request->getPost($allowedPostFields));
$this->config->requireActivation === null ? $user->activate() : $user->generateActivateHash();
// Ensure default group gets assigned if set
if (!empty($this->config->defaultUserGroup)) {
$users = $users->withGroup($this->config->defaultUserGroup);
}
if (!$users->save($user)) {
return redirect()->back()->withInput()->with('errors', $users->errors());
}
if ($this->config->requireActivation !== null) {
$activator = service('activator');
$sent = $activator->send($user);
if (!$sent) {
return redirect()->back()->withInput()->with('error', $activator->error() ?? lang('Auth.unknownError'));
}
// Success!
return redirect()->route('login')->with('message', lang('Auth.activationSuccess'));
}
// Success!
return redirect()->route('login')->with('message', lang('Auth.registerSuccess'));
}
public function attemptLogin()
{
$rules = [
'login' => 'required',
'password' => 'required',
];
if ($this->config->validFields === ['email']) {
$rules['login'] .= '|valid_email';
}
if (!$this->validate($rules)) {
return redirect()->back()->withInput()->with('errors', $this->validator->getErrors());
}
$login = $this->request->getPost('login');
$password = $this->request->getPost('password');
$remember = (bool) $this->request->getPost('remember');
// Determine credential type
$type = filter_var($login, FILTER_VALIDATE_EMAIL) ? 'email' : 'username';
// Try to log them in...
if (!$this->auth->attempt([$type => $login, 'password' => $password], $remember)) {
return redirect()->back()->withInput()->with('error', $this->auth->error() ?? lang('Auth.badAttempt'));
}
// Is the user being forced to reset their password?
if ($this->auth->user()->force_pass_reset === true) {
return redirect()->to(route_to('reset-password') . '?token=' . $this->auth->user()->reset_hash)->withCookies();
}
$redirectURL = session('redirect_url') ?? site_url('/');
unset($_SESSION['redirect_url']);
helper('auth');
if (user()->in_groups('Admin'))
$redirectURL = site_url('/admin');
return redirect()->to($redirectURL)->withCookies()->with('message', lang('Auth.loginSuccess'));
}
}