<?php namespace App\Http\Controllers; use Illuminate\Support\Facades\Auth; use Illuminate\Http\Request; use Illuminate\Support\Facades\Hash; use App\Models\User; use App\Models\Role; use Illuminate\Http\JsonResponse; use Illuminate\Support\Facades\Password; use Illuminate\Validation\ValidationException; class AuthController extends Controller { public function __construct() { $this->middleware('auth:api', ['except' => ['login']]); } public function login(Request $request) { $username = $request->username; $password = $request->password; $remember = $request->remember; $is_mobile = $request->is_mobile; if(empty($username) || empty($password)) return response()->json(['status'=>'error','message'=>'You must fill all the fields'], 400); $usernameCheck = false; $passwordCheck = false; if (User::where('username', $username)->exists()) $usernameCheck = true; if (User::where('password', md5($password))->exists()) $passwordCheck = true; if ($usernameCheck & $passwordCheck){ $user = User::where('username', $username)->where('password', md5($password))->first(); if($is_mobile){ $fcm_token = $request->fcm_token; if(!$fcm_token || $fcm_token=="") return response()->json(['status'=>'error','message'=>'FCM Token is required'], 400); $dataUpdateFcm = array( "fcm_token"=>$fcm_token ); $hr = User::find($user->id); if($hr) $hr->update($dataUpdateFcm); } $dataRole = Role::find($user->role_id); if($dataRole) $user->role = $dataRole; if (! $token =Auth::login($user)) return response()->json(['error' => 'Unauthorized'], 401); $ttl = 60; if($remember) $ttl = 10080; // todo : change existing md5 hashed function to laravel's originally bcrypt /* $token = auth()->setTTL($ttl)->attempt(['username' => $username, 'password' => Hash::make($password)]); */ /* dd(response()->json(['code'=>'200', 'token' => $token, 'ttl' => $ttl])); */ return response()->json([ 'code' => 200, 'data' => array( 'data_user' => $user, 'access_token' => $token, 'token_type' => 'bearer', 'expires_in' => auth()->factory()->getTTL() * $ttl, ), ]); }else { if (!$usernameCheck && !$passwordCheck) return response()->json(['code' => 201, 'message' => "username and password doesn't match"], 201); if (!$passwordCheck) return response()->json(['code' => 201, 'message' => "password doesn't match"], 201); if (!$usernameCheck) return response()->json(['code' => 201, 'message' => "username doesn't match"], 201); } } }