From c72902141fb026a6aea6a11283916eaf23ddcbb2 Mon Sep 17 00:00:00 2001
From: baghizadizn <baghizadizn@unesa.ac.id>
Date: Tue, 2 Dec 2025 14:12:57 +0700
Subject: [PATCH] update password logic

---
 .../Controllers/Auth/GoogleAuthController.php |  2 +-
 .../instructor/MyProfileController.php        | 61 ++++++++++++++++---
 .../student/MyProfileController.php           | 21 ++++++-
 .../student/my_profile/index.blade.php        | 31 +++++++---
 .../views/instructor/profile/index.blade.php  | 18 ++++--
 5 files changed, 107 insertions(+), 26 deletions(-)

diff --git a/app/Http/Controllers/Auth/GoogleAuthController.php b/app/Http/Controllers/Auth/GoogleAuthController.php
index 11dcfd8..e390c52 100644
--- a/app/Http/Controllers/Auth/GoogleAuthController.php
+++ b/app/Http/Controllers/Auth/GoogleAuthController.php
@@ -49,7 +49,7 @@ class GoogleAuthController extends Controller
                 if (!$existingUser->google_id) {
                     $existingUser->update([
                         'google_id' => $googleUser->getId(),
-                        'avatar' => $googleUser->getAvatar() ?? $existingUser->avatar,
+                        'photo' => $googleUser->getAvatar() ?? $existingUser->avatar,
                     ]);
                 }
 
diff --git a/app/Http/Controllers/instructor/MyProfileController.php b/app/Http/Controllers/instructor/MyProfileController.php
index 4e7d18f..80a40cc 100644
--- a/app/Http/Controllers/instructor/MyProfileController.php
+++ b/app/Http/Controllers/instructor/MyProfileController.php
@@ -57,20 +57,63 @@ class MyProfileController extends Controller
             }
             User::where('id', auth()->user()->id)->update($profile);
         } else {
-            $old_pass_check = Auth::attempt(['email' => auth()->user()->email, 'password' => $request->current_password]);
+            $user = auth()->user();
 
-            if (! $old_pass_check) {
-                Session::flash('error', get_phrase('Current password wrong.'));
-                return redirect()->back();
+            $rules = [];
+
+            if (is_null($user->password)) {
+                // For setting initial password
+                $rules = [
+                    'new_password' => 'required|min:8',
+                    'confirm_password' => 'required|same:new_password',
+                ];
+            } else {
+                // For changing existing password
+                $rules = [
+                    'current_password' => 'required',
+                    'new_password' => 'required|min:8',
+                    'confirm_password' => 'required|same:new_password',
+                ];
             }
 
-            if ($request->new_password != $request->confirm_password) {
-                Session::flash('error', get_phrase('Confirm password not same'));
-                return redirect()->back();
+            $validator = Validator::make($request->all(), $rules);
+
+            // Set custom messages
+            $validator->setCustomMessages([
+                'same' => get_phrase('Confirm password does not match'),
+                'required' => get_phrase(':attribute is required'),
+                'min' => get_phrase(':attribute must be at least :min characters'),
+            ]);
+
+            // Set custom attribute names
+            $validator->setAttributeNames([
+                'current_password' => get_phrase('Current password'),
+                'new_password' => get_phrase('New password'),
+                'confirm_password' => get_phrase('Confirm password'),
+            ]);
+
+            if ($validator->fails()) {
+                return redirect()->back()
+                    ->withErrors($validator)
+                    ->withInput();
             }
 
-            $password = Hash::make($request->new_password);
-            User::where('id', auth()->user()->id)->update(['password' => $password]);
+            // Additional check for current password if it exists
+            if (!is_null($user->password)) {
+                if (!Hash::check($request->current_password, $user->password)) {
+                    Session::flash('error', get_phrase('Current password is incorrect'));
+                    return redirect()->back();
+                }
+            }
+
+            $user->update(['password' => Hash::make($request->new_password)]);
+
+            $message = is_null($user->password)
+                ? get_phrase('Password has been set successfully.')
+                : get_phrase('Password has been updated successfully.');
+
+            Session::flash('success', $message);
+            return redirect()->back();
         }
         Session::flash('success', get_phrase('Your changes has been saved.'));
         return redirect()->back();
diff --git a/app/Http/Controllers/student/MyProfileController.php b/app/Http/Controllers/student/MyProfileController.php
index c788a3f..75f2d98 100644
--- a/app/Http/Controllers/student/MyProfileController.php
+++ b/app/Http/Controllers/student/MyProfileController.php
@@ -84,6 +84,23 @@ class MyProfileController extends Controller
 
     public function changePassword(Request $request)
     {
+        $user = auth()->user();
+
+        // If password is null, only validate new password and confirm password
+        if (is_null($user->password)) {
+            $request->validate([
+                'new_password' => 'required|min:4',
+                'confirm_password' => 'required|same:new_password',
+            ]);
+
+            // Update password
+            $user->update(['password' => Hash::make($request->new_password)]);
+
+            Session::flash('success', 'Password set successfully.');
+            return redirect()->back();
+        }
+
+        // If password exists, use the original validation
         $request->validate([
             'current_password' => 'required',
             'new_password' => 'required|min:4',
@@ -91,13 +108,13 @@ class MyProfileController extends Controller
         ]);
 
         // Check if the current password is correct
-        if (!Auth::attempt(['email' => auth()->user()->email, 'password' => $request->current_password])) {
+        if (!Auth::attempt(['email' => $user->email, 'password' => $request->current_password])) {
             Session::flash('error', 'Current password is incorrect.');
             return redirect()->back();
         }
 
         // Update password
-        auth()->user()->update(['password' => Hash::make($request->new_password)]);
+        $user->update(['password' => Hash::make($request->new_password)]);
 
         Session::flash('success', 'Password changed successfully.');
         return redirect()->back();
diff --git a/resources/views/frontend/default/student/my_profile/index.blade.php b/resources/views/frontend/default/student/my_profile/index.blade.php
index e4296a3..eb18176 100644
--- a/resources/views/frontend/default/student/my_profile/index.blade.php
+++ b/resources/views/frontend/default/student/my_profile/index.blade.php
@@ -104,17 +104,24 @@
                             <button class="eBtn btn gradient mt-10">{{ get_phrase('Save Changes') }}</button>
                         </form>
                     </div>
-
                     <div class="my-panel message-panel edit_profile">
-                        <h4 class="g-title mb-5">{{ get_phrase('Change Password') }}</h4>
-                        <form action="{{ route('password.change') }}" method="POST">@csrf
+                            <h4 class="g-title mb-5">
+                                @if(is_null($user_details->password))
+                                    {{ get_phrase('Set Password') }}
+                                @else
+                                    {{ get_phrase('Change Password') }}
+                                @endif
+                            </h4>
+                            <form action="{{ route('password.change') }}" method="POST">@csrf
                             <div class="row">
-                                <div class="col-lg-12 mb-20">
-                                    <div class="form-group">
-                                        <label class="form-label">{{ get_phrase('Current password') }}</label>
-                                        <input type="password" class="form-control" name="current_password" required>
+                                @if(!is_null($user_details->password))
+                                    <div class="col-lg-12 mb-20">
+                                        <div class="form-group">
+                                            <label class="form-label">{{ get_phrase('Current password') }}</label>
+                                            <input type="password" class="form-control" name="current_password" required>
+                                        </div>
                                     </div>
-                                </div>
+                                @endif
                                 <div class="col-lg-12 mb-20">
                                     <div class="form-group">
                                         <label class="form-label">{{ get_phrase('New password') }}</label>
@@ -128,7 +135,13 @@
                                     </div>
                                 </div>
                             </div>
-                            <button class="eBtn btn gradient mt-10">{{ get_phrase('Update password') }}</button>
+                            <button class="eBtn btn gradient mt-10">
+                                @if(is_null($user_details->password))
+                                    {{ get_phrase('Set Password') }}
+                                @else
+                                    {{ get_phrase('Update password') }}
+                                @endif
+                            </button>
                         </form>
                     </div>
                 </div>
diff --git a/resources/views/instructor/profile/index.blade.php b/resources/views/instructor/profile/index.blade.php
index 76dce25..93f74a8 100644
--- a/resources/views/instructor/profile/index.blade.php
+++ b/resources/views/instructor/profile/index.blade.php
@@ -117,10 +117,12 @@
             <div class="ol-card p-4">
                 <div class="ol-card-body">
                     <form action="{{ route('instructor.manage.profile.update') }}" method="post"> @csrf
-                        <div class="fpb7 mb-2">
-                            <label class="form-label ol-form-label">{{ get_phrase('Current password') }}</label>
-                            <input type="password" class="form-control ol-form-control" name="current_password" required />
-                        </div>
+                        @if(!is_null(auth()->user()->password))
+                            <div class="fpb7 mb-2">
+                                <label class="form-label ol-form-label">{{ get_phrase('Current password') }}</label>
+                                <input type="password" class="form-control ol-form-control" name="current_password" @if(is_null(auth()->user()->password)) disabled @else required @endif />
+                            </div>
+                        @endif
                         <div class="fpb7 mb-2">
                             <label class="form-label ol-form-label">{{ get_phrase('New password') }}</label>
                             <input type="password" class="form-control ol-form-control" name="new_password" required />
@@ -130,7 +132,13 @@
                             <input type="password" class="form-control ol-form-control" name="confirm_password" required />
                         </div>
                         <div class="fpb7 mb-2">
-                            <button type="submit" class="ol-btn-primary">{{ get_phrase('Update password') }}</button>
+                            <button type="submit" class="ol-btn-primary">
+                                @if(is_null(auth()->user()->password))
+                                    {{ get_phrase('Set Password') }}
+                                @else
+                                    {{ get_phrase('Update password') }}
+                                @endif
+                            </button>
                         </div>
                     </form>
                 </div>