password == "Aa@123456789") { return redirect()->back()->with('message', '請勿使用預設密碼'); } if($request->password != $request->password_confirmation){ return redirect()->back()->with('message', '密碼不一致'); } $pattern = "/^(?![A-Za-z0-9]+$)(?![a-z0-9\W]+$)(?![A-Za-z\W]+$)(?![A-Z0-9\W]+$)[a-zA-Z0-9\W]{12,}$/"; $pregRs = preg_match($pattern, $request->password); if ($pregRs == 0) { return redirect()->back()->with('message', '密碼錯誤或強度不足，請混合使用 12 個字元以上的英文字母、數字和符號。'); } DB::beginTransaction(); try { $user = User::find(auth()->user()->id); $exists = DB::table('past_passwords') ->where('user_id', $user->id) ->orderBy('created_at', 'desc') // ->where('password', Hash::check($request->password, $user->password)) ->limit(3)->pluck('password'); // dd($exists); if(isset($exists)){ foreach ($exists as $exist) { if (Hash::check($request->password, $exist)) { return redirect()->back()->with('message', '密碼不可與過去相同'); } } } $user->update([ 'password' => Hash::make($request->password) ]); DB::table('past_passwords')->insert([ 'user_id'=>$user->id, 'password'=>$user->password, 'created_at'=>Carbon::now('Asia/Taipei') ]); $logData = [ 'action' => 'update', 'action_detail' => '變更密碼', 'ip' => request()->ip(), 'remark' => "使用者:$user->name 變更密碼", ]; LogWriter::writeLog($logData, 'web'); DB::commit(); auth()->logout(); return redirect()->route('login'); } catch (\Throwable $th) { DB::rollback(); return redirect()->back()->withErrors(['error' => '密碼更新失敗']); } } }