add password protection

UrbanAnalog · Sep 17, 2018 · ed7fc17 · ed7fc17
1 parent 9c5cf68
commit ed7fc17
Show file tree

Hide file tree

Showing 7 changed files with 85 additions and 10 deletions.
diff --git a/resources/views/password.blade.php b/resources/views/password.blade.php
@@ -0,0 +1,24 @@
+@extends('spark::layouts.app')
+
+@section('content')
+<div class="container">
+    <p class="h3">Password protected</p>
+    <div class="row">
+        <div class="col-12 col-md-6 offset-md-3">
+            @if(isset($error))
+            <p class="alert alert-danger">{{ $error }}</p>
+            @endif
+            <div class="card">
+                <form action="" class="card-body" method="post">
+                    <div class="form-group">
+                        <label for="password">Password</label>
+                        <input type="password" name="password" class="form-control">
+                    </div>
+                    <button type="submit" class="btn btn-primary">Access</button>
+                    {{ csrf_field() }}
+                </form>
+            </div>
+        </div>
+    </div>
+</div>
+@endsection
diff --git a/src/Http/Controllers/BlogController.php b/src/Http/Controllers/BlogController.php
@@ -2,6 +2,7 @@
 
 namespace UrbanAnalog\Gazette\Http\Controllers;
 
+use Illuminate\Http\Request;
 use App\Http\Controllers\Controller;
 use UrbanAnalog\Gazette\Models\Post;
 
@@ -27,7 +28,7 @@ public function index()
      *
      * @return Response
      */
-    public function show(Post $post)
+    public function show(Request $request, Post $post)
     {
         $next = Post::query()
             ->where('id', '>', $post->id)
@@ -41,6 +42,18 @@ public function show(Post $post)
             ->latest()
             ->first();
 
+        if (!isset($request->password) && $post->password && !$request->session()->get("post-pw-{$post->id}")) {
+            return view('gazette::password');
+        }
+
+        if (!$request->session()->get("post-pw-{$post->id}") && isset($request->password) && !password_verify($request->password, $post->password)) {
+            $error = 'Password incorrect';
+
+            return view('gazette::password', compact('error'));
+        }
+
+        $request->session()->put("post-pw-{$post->id}", true);
+
         return view(config('gazette.posts.views.single'), compact(['post', 'next', 'previous']));
     }
 }
diff --git a/src/Http/Controllers/Kiosk/PostsController.php b/src/Http/Controllers/Kiosk/PostsController.php
@@ -71,12 +71,13 @@ public function store(Request $request)
 
         $post = new Post;
 
-        $post->title    = $request->title;
-        $post->slug     = $request->slug;
-        $post->content  = $request->content;
-        $post->type     = $request->type;
-        $post->user_id  = $request->user()->id;
-        $post->media_id = $request->media_id;
+        $post->title          = $request->title;
+        $post->slug           = $request->slug;
+        $post->content        = $request->content;
+        $post->type           = $request->type;
+        $post->user_id        = $request->user()->id;
+        $post->media_id       = $request->media_id;
+        $post->featured_photo = $request->featured_photo;
 
         $post->save();
 
@@ -111,6 +112,8 @@ public function update(Request $request, $id)
         $post->meta_title       = $request->meta_title ?: null;
         $post->meta_description = $request->meta_description ?: null;
         $post->robots           = $request->robots ?: null;
+        $post->featured_photo   = $request->featured_photo ?: null;
+        $post->password         = $request->password ?: null;
 
         if (isset($request->media_id)) {
             $media = Media::find($request->media_id);

diff --git a/src/Http/Controllers/PagesController.php b/src/Http/Controllers/PagesController.php
@@ -2,6 +2,7 @@
 
 namespace UrbanAnalog\Gazette\Http\Controllers;
 
+use Illuminate\Http\Request;
 use App\Http\Controllers\Controller;
 use UrbanAnalog\Gazette\Models\Post;
 
@@ -12,10 +13,22 @@ class PagesController extends Controller
      *
      * @return Response
      */
-    public function show($slug)
+    public function show(Request $request, $slug)
     {
         $page = Post::where('slug', $slug)->where('type', 'page')->firstOrFail();
 
+        if (!isset($request->password) && $page->password && !$request->session()->get("page-pw-{$page->id}")) {
+            return view('gazette::password');
+        }
+
+        if (!$request->session()->get("page-pw-{$page->id}") && isset($request->password) && !password_verify($request->password, $page->password)) {
+            $error = 'Password incorrect';
+
+            return view('gazette::password', compact('error'));
+        }
+
+        $request->session()->put("page-pw-{$page->id}", true);
+
         return view(config('gazette.pages.views.single'), compact('page'));
     }
 }
diff --git a/src/Http/Controllers/PostsController.php b/src/Http/Controllers/PostsController.php
@@ -7,15 +7,34 @@
 
 class PostsController extends Controller
 {
+    public function checkPassword($request, $post)
+    {
+
+    }
+
     /**
      * Get a post's data form a slug.
      *
      * @return Response
      */
-    public function show($slug)
+    public function show(Request $request, $slug)
     {
         $post = Post::where('slug', $slug)->where('type', 'post')->firstOrFail();
 
+        dd($post->password);
+
+        if (!$request->password && $post->password && !$request->session()->get("post-pw-{$post->id}")) {
+            return view('gazette::password');
+        }
+
+        if ($request->password && !password_verify($request->password, $post->password) && !$request->session()->get("post-pw-{$post->id}")) {
+            $error = 'Password incorrect';
+
+            return view('gazette::password', compact('error'));
+        }
+
+        $request->session()->set("post-pw-{$post->id}", true);
+
         return view(config('gazette.posts.views.single'), compact('post'));
     }
 }
diff --git a/src/Models/Post.php b/src/Models/Post.php
@@ -15,7 +15,8 @@ class Post extends Model
         'meta_description',
         'robots',
         'media_id',
-        'user_id'
+        'user_id',
+        'password',
     ];
 
     protected $appends = [

diff --git a/src/routes.php b/src/routes.php
@@ -17,9 +17,11 @@
     ->middleware(['web', 'bindings'])
     ->group(function () {
         //* Pages
+        Route::post(config('gazette.pages.prefix') . '/{slug}', 'PagesController@show');
         Route::get(config('gazette.pages.prefix') . '/{slug}', 'PagesController@show');
 
         //* Blog
         Route::get(config('gazette.posts.archive'), 'BlogController@index');
+        Route::post(config('gazette.posts.prefix') . '/{post}', 'BlogController@show');
         Route::get(config('gazette.posts.prefix') . '/{post}', 'BlogController@show');
     });