smms_law_re/app/Http/Controllers/AuthController.php

<?php

namespace App\Http\Controllers;

use App\Class\LogWriter;
use App\Models\User;
use Carbon\Carbon;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Hash;

class AuthController extends Controller
{
    public function resetPassword()
    {
        return view('auth.resetPassword');
    }

    public function updatePassword(Request $request)
    {
        if ($request->password == "Aa@123456789") {
            return redirect()->back()->with('message', '請勿使用預設密碼');
        }
        if($request->password != $request->password_confirmation){
            return redirect()->back()->with('message', '密碼不一致');
        }
        $pattern = "/^(?![A-Za-z0-9]+$)(?![a-z0-9\W]+$)(?![A-Za-z\W]+$)(?![A-Z0-9\W]+$)[a-zA-Z0-9\W]{12,}$/";
        $pregRs = preg_match($pattern, $request->password);
        if ($pregRs == 0) {
            return redirect()->back()->with('message', '密碼錯誤或強度不足，請混合使用 12 個字元以上的英文字母、數字和符號。');
        }
        DB::beginTransaction();
        try {
            $user = User::find(auth()->user()->id);
            $exists = DB::table('past_passwords')
            ->where('user_id', $user->id)
            ->orderBy('created_at', 'desc')
            // ->where('password', Hash::check($request->password, $user->password))
            ->limit(3)->pluck('password');
            // dd($exists);
            if(isset($exists)){
                foreach ($exists as $exist) {
                    if (Hash::check($request->password, $exist)) {
                        return redirect()->back()->with('message', '密碼不可與過去相同');
                    }
                }
            }
            $user->update([
                'password' => Hash::make($request->password)
            ]);
            DB::table('past_passwords')->insert([
                'user_id'=>$user->id,
                'password'=>$user->password,
                'created_at'=>Carbon::now('Asia/Taipei')
            ]);

            $logData = [
                'action' => 'update',
                'action_detail' => '變更密碼',
                'ip' => request()->ip(),
                'remark' => "使用者:$user->name 變更密碼",
            ];
            LogWriter::writeLog($logData, 'web');
            DB::commit();
            auth()->logout();
            return redirect()->route('login');
        } catch (\Throwable $th) {
            DB::rollback();
            return redirect()->back()->withErrors(['error' => '密碼更新失敗']);
        }
    }
}