Rhino/WebAPP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2e24a40d68483615f6e01363edecf37bd0092085
WebAPP/app/Http/Controllers/Auth/LoginController.php
Rhino 2e24a40d68 Stand: SMTP-Test, Admin-Mail-Tab, Notifiable-Fix, Lazy-Quill 
- Fix: Notifiable-Trait zum User-Model hinzugefuegt (behebt notify()-500er)
- Installer: SMTP-Verbindungstest mit EsmtpTransport + Ueberspringen-Link
- Admin: Neuer E-Mail-Tab mit SMTP-Konfiguration + Verbindungstest
- Admin: Lazy Quill-Initialisierung (nur sichtbare Locale wird geladen)
- Uebersetzungen: 17 neue Mail-Keys in allen 6 Sprachen

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-02 07:30:37 +01:00

85 lines
2.5 KiB
PHP
Executable File
Raw Blame History

<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use App\Models\ActivityLog;
use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
class LoginController extends Controller
{
public function showForm()
{
return view('auth.login');
}
public function login(Request $request)
{
// Honeypot — Bots füllen versteckte Felder aus
if ($request->filled('website')) {
ActivityLog::log('bot_blocked', 'Bot blocked on login (honeypot triggered)');
return back()
->withInput($request->only('email'))
->withErrors(['email' => __('auth_ui.login_failed')]);
}
$credentials = $request->validate([
'email' => ['required', 'email'],
'password' => ['required'],
]);
// Deaktivierte Benutzer dürfen sich nicht einloggen (V01)
$user = User::where('email', $request->email)->first();
if ($user && !$user->is_active) {
return back()
->withInput($request->only('email'))
->withErrors(['email' => __('auth_ui.login_failed')]);
}
if (!Auth::attempt($credentials, $request->boolean('remember'))) {
$maskedEmail = $this->maskEmail($request->email);
ActivityLog::log('login_failed', __('admin.log_login_failed', ['email' => $maskedEmail]));
return back()
->withInput($request->only('email'))
->withErrors(['email' => __('auth_ui.login_failed')]);
}
$request->session()->regenerate();
$request->user()->last_login_at = now();
$request->user()->save();
ActivityLog::log('login', __('admin.log_login', ['name' => $request->user()->name]), 'User', $request->user()->id);
return redirect()->intended(route('dashboard'));
}
public function logout(Request $request)
{
ActivityLog::log('logout', __('admin.log_logout', ['name' => $request->user()->name]), 'User', $request->user()->id);
Auth::logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
return redirect()->route('login');
}
private function maskEmail(string $email): string
{
$parts = explode('@', $email, 2);
if (count($parts) !== 2) {
return '***';
}
$local = $parts[0];
$masked = mb_substr($local, 0, 2) . str_repeat('*', max(mb_strlen($local) - 2, 2));
return $masked . '@' . $parts[1];
}
}
Reference in New Issue View Git Blame Copy Permalink