Skip to content

Instantly share code, notes, and snippets.

@mwesten
Created February 23, 2012 13:09
Show Gist options
  • Save mwesten/1892727 to your computer and use it in GitHub Desktop.
Save mwesten/1892727 to your computer and use it in GitHub Desktop.
Laravel 3 Auth Controller
<?php
class Auth_Controller extends Base_Controller {
public $restful = true;
public function __construct() {
$this->filter( 'before', 'guest' )->except( array( 'logout', 'validate' ) );
// Note: We may not always require CSRF on login for system based logins so ignore it here.
$this->filter( 'before', 'csrf' )->on( 'post' )->except( array( 'login' ) );
}
/**
* No direct access needed
*
* @return NULL
*/
public function get_index() {
return Redirect::to( 'home' );
}
/**
* Verify login information and authenticate the client
*
* @param array
* @return Redirect
*/
public function post_login( $data = NULL ) {
if( !empty( $data ) ) // Directly set the data so we can use it as normal
Input::$input = $data;
else // If this is a non-system call require CSRF
$this->filter( 'before', 'csrf' );
$rules = array(
'email_address' => 'required|email',
'password' => 'required|min:6',
);
// Validate all input
$validator = Validator::make( Input::all(), $rules );
// Send them back with errors
if( ! $validator->valid() )
return Redirect::to( 'home' )->with( 'errors', $validator->errors ); // Add errors to the view
// Attempt to authenticate
if( Auth::attempt( Input::get( 'email_address' ), Input::get( 'password' ) ) )
{
// Trigger log in event.
Locker::trigger_event( 1, 'logged in', Auth::user()->id );
// Send them to their locker
return Redirect::to( 'locker' );
}
return Redirect::to( 'home' );
}
/**
* Handle logout requests by cleaning up the session
*
* @return Redirect
*/
public function get_logout() {
// Trigger log out event
Locker::trigger_event( 1, 'logged out', Auth::user()->id );
// Destory the session
Auth::logout();
// Send them home
return Redirect::to( 'home' );
}
/**
* Handle redirect from FB and save the users profile data.
*
* @return Redirect
*/
public function get_fb() {
// Re-build object
$facebook = new Facebook\SDK( array(
'appId' => Config::get( 'facebook.app_id' ),
'secret' => Config::get( 'facebook.secret' ),
'cookie' => true
) );
// Auth request params
$params = array(
'scope' => Config::get( 'facebook.scope' ),
'redirect_uri' => Config::get( 'facebook.redirect_uri' ),
);
// Build the FB user
$user = $facebook->getUser();
if( $user ) {
// Request FB profile data
$fb_user = $facebook->api( '/me' );
}
// Something went wrong
if( ! $fb_user )
return Redirect::to( 'home' )->with( 'errors', 'Unable to connect with Facebook.' );
// Restucture FB data to our own
$lk_user['first_name'] = $fb_user['first_name'];
$lk_user['last_name'] = $fb_user['last_name'];
$lk_user['email_address'] = $fb_user['email'];
$lk_user['nickname'] = $fb_user['username'];
if( $fb_user['gender'] === 'male' )
$lk_user['gender'] = 1;
else
$lk_user['gender'] = 0;
// Reverse the encrypted password
$lk_user['password'] = Crypter::decrypt( Session::get( 'password' ) );
// This is for compatability with post_register() validation
$lk_user['password_confirmation'] = $lk_user['password'];
// Flag from_facebook
$lk_user['from_facebook'];
// Remove the session password
Session::forget( 'password' );
// Register the user, do not require email validation
$this->post_register( $lk_user, false );
return Redirect::to( 'home' );
}
/**
* Choose a password to use with FB profile data.
* POST will have the users password in it and redirect to FB for auth request.
*
* @return Redirect
*/
public function post_fb() {
// Give a form to set a password
$rules = array(
'password' => 'required|confirmed|min:6',
);
// Validate all input
$validator = Validator::make( Input::all(), $rules );
// Send them back with errors
if( ! $validator->valid() )
return Redirect::to( 'home' )->with( 'errors', $validator->errors ); // Add errors to the view
// Store the password temporary in our session, use some encryption in case non-SSL
Session::put( 'password', Crypter::encrypt( Input::get( 'password' ) ) );
// Re-build object
$facebook = new Facebook\SDK( array(
'appId' => Config::get( 'facebook.app_id' ),
'secret' => Config::get( 'facebook.secret' ),
'cookie' => true
) );
// Auth request params
$params = array(
'scope' => Config::get( 'facebook.scope' ),
'redirect_uri' => Config::get( 'facebook.redirect_uri' ),
);
return Redirect::to( $facebook->getLoginUrl( $params ) );
}
/**
* Validate registration data for our system
*
* @param array
* @param boolean
* @return Redirect with array
*/
public function post_register( $data = NULL, $email_confirm = true ) {
if( !empty( $data ) )
Input::$input = $data;
$rules = array(
'first_name' => 'required|alpha|max:80',
'last_name' => 'required|alpha|max:120',
'gender' => 'required|in:0,1',
'email_address' => 'required|email|unique:users',
'password' => 'required|confirmed|min:6'
);
// Validate all input
$validator = Validator::make( Input::all(), $rules );
// Send them back with errors
if( ! $validator->valid() )
return Redirect::to( 'home' )
->with( 'errors', $validator->errors )
->with_input( 'except', array( 'password', 'password_confirm' ) ); // Add errors to the view
// Create a new user
$user = new User;
// Fill in the details
$user->fill( Input::all() );
// Filter unused fields.
unset( $user->password_confirmation );
unset( $user->csrf_token );
// Hash the password
$user->password = Hash::make( $user->password );
// Require e-mail confirmation
if( ! $mail_confirm )
{
// Invalidate the account
$user->validated = 0;
// Save the user so we can grab their ID.
$user->save();
// Generate a validate key
$user->validation_code = Str::random( array_get( $arguments, 0, 32 ) );
$mailer = IoC::resolve( 'mailer' );
$message = Swift_Message::newInstance( 'Welcome to Yoursite.com' )
->setFrom( array( Config::get( 'email.from' ) => Config::get( 'email.name' ) ) )
->setTo( array( $user->email_address => $user->first_name . ' ' . $user->last_name ) )
->setBody(
'<html>'.
'<body>'.
'<h2>Welcome to Yoursite.com</h2>'.
'<p>You need to confirm your e-mail in order to participate.</p>'.
'<p>Please <a href="http://www.yoursite.com/auth/validate/' .
$user->id.
'/'.
htmlentities( $user->validation_code ) .
'">click here</a>.</p>'.
'</body>'.
'</html>',
'text/html' // Mark the content-type as HTML
)
;
$result = $mailer->send($message);
}
else
$user->validated = 1;
// Send to the database
$user->save();
$_POST['csrf_token'] = Session::token();
// Try to authenticate by passing the data to the login object.
$this->post_login( Input::all() );
return Redirect::to( 'home' );
}
/**
* Validate email_address
*
* @return redirect
*/
public function get_validate( $id, $code ) {
$key = html_entity_decode( $code );
$validation_code = DB::table( 'users' )->where( 'id', '=', $id )->only( 'validation_code' );
if( $validation_code === $key )
{
$affected = DB::table( 'users' )
->where( 'id', '=', $id )
->update( array(
'validated' => 1,
'validation_code' => NULL, // Clear the validation code so we do waste space
) );
}
else
return Redirect::to( 'home' )->with( 'errors', 'Invalid validation code.' );
// Notify the user it worked
Session::flash( 'notice', 'You have confirmed your e-mail.' );
return Redirect::to( 'home' );
}
}
@pmache
Copy link

pmache commented Jan 28, 2014

in line 211 you sign for validation_code variable $arguments, but when i trying to implement this code, laravel doesn't recognise it, says it's undefined. How to fix that?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment