beenull/ctrlpanel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: 🐛 Fix infinite credit exploit when checking email several times.

Browse source
This commit is contained in:
Ferks-FK 2023-09-16 13:20:31 -04:00
parent f9a102509b
commit 7ecc29487e
5 changed files with 33 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
app/Http/Controllers/Auth/RegisterController.php
View file

@ -22,6 +22,7 @@ use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Validator;
use Illuminate\Support\Str;
use Illuminate\Validation\ValidationException;
use Spatie\Permission\Models\Role;
class RegisterController extends Controller
{
@ -139,7 +140,7 @@ class RegisterController extends Controller
]);
$user->syncRoles(4);
$user->syncRoles(Role::findByName('User'));
$response = $this->pterodactyl->application->post('/application/users', [
'external_id' => null,
@ -151,15 +152,11 @@ class RegisterController extends Controller
'root_admin' => false,
'language' => 'en',
]);
$user->update([
'pterodactyl_id' => $response->json()['attributes']['id'],
]);
if ($response->failed()) {
$user->delete();
Log::error('Pterodactyl Registration Error: ' . $response->json()['errors'][0]['detail']);

6
app/Models/User.php
View file

@ -66,6 +66,7 @@ class User extends Authenticatable implements MustVerifyEmail
'avatar',
'suspended',
'referral_code',
'email_verified_reward',
];
/**
@ -88,6 +89,7 @@ class User extends Authenticatable implements MustVerifyEmail
'last_seen' => 'datetime',
'credits' => 'float',
'server_limit' => 'float',
'email_verified_reward' => 'boolean'
];
public function __construct()
@ -280,9 +282,8 @@ class User extends Authenticatable implements MustVerifyEmail
public function verifyEmail()
{
$this->forceFill([
'email_verified_at' => now(),
'email_verified_at' => now()
])->save();
}
@ -290,6 +291,7 @@ class User extends Authenticatable implements MustVerifyEmail
{
$this->forceFill([
'email_verified_at' => null,
'email_verified_reward' => true
])->save();
}

7
app/Providers/EventServiceProvider.php
View file

@ -9,9 +9,10 @@ use App\Listeners\CouponUsed;
use App\Listeners\CreateInvoice;
use App\Listeners\UnsuspendServers;
use App\Listeners\UserPayment;
use App\Listeners\Verified;
use App\Listeners\Verified as ListenerVerified;
use Illuminate\Auth\Events\Registered;
use Illuminate\Auth\Listeners\SendEmailVerificationNotification;
use Illuminate\Auth\Events\Verified;
use Illuminate\Foundation\Support\Providers\EventServiceProvider as ServiceProvider;
use SocialiteProviders\Manager\SocialiteWasCalled;
@ -40,8 +41,8 @@ class EventServiceProvider extends ServiceProvider
// ... other providers
'SocialiteProviders\\Discord\\DiscordExtendSocialite@handle',
],
'Illuminate\Auth\Events\Verified' => [
Verified::class,
Verified::class => [
ListenerVerified::class,
],
];

2
config/view.php
View file

@ -14,7 +14,7 @@ return [
*/
'paths' => [
resource_path('views'),
base_path('themes'),
],
/*

42
themes/default/views/profile/index.blade.php
View file

@ -4,7 +4,7 @@
<!-- CONTENT HEADER -->
<section class="content-header">
<div class="container-fluid">
<div class="row mb-2">
<div class="mb-2 row">
<div class="col-sm-6">
<h1>{{ __('Profile') }}</h1>
</div>
@ -26,9 +26,9 @@
<div class="container-fluid">
<div class="row">
<div class="col-lg-12 px-0">
@if (!Auth::user()->hasVerifiedEmail() && strtolower($force_email_verification) == 'true')
<div class="alert alert-warning p-2 m-2">
<div class="px-0 col-lg-12">
@if (!Auth::user()->hasVerifiedEmail() && $force_email_verification)
<div class="p-2 m-2 alert alert-warning">
<h5><i class="icon fas fa-exclamation-circle"></i>{{ __('Required Email verification!') }}
</h5>
{{ __('You have not yet verified your email address') }}
@ -40,9 +40,9 @@
</div>
@endif
@if (is_null(Auth::user()->discordUser) && strtolower($force_discord_verification) == 'true')
@if (is_null(Auth::user()->discordUser) && $force_discord_verification)
@if (!empty($discord_client_id) && !empty($discord_client_secret))
<div class="alert alert-warning p-2 m-2">
<div class="p-2 m-2 alert alert-warning">
<h5>
<i class="icon fas fa-exclamation-circle"></i>{{ __('Required Discord verification!') }}
</h5>
@ -52,7 +52,7 @@
{{ __('Please contact support If you face any issues.') }}
</div>
@else
<div class="alert alert-danger p-2 m-2">
<div class="p-2 m-2 alert alert-danger">
<h5>
<i class="icon fas fa-exclamation-circle"></i>{{ __('Required Discord verification!') }}
</h5>
@ -72,8 +72,8 @@
<div class="card-body">
<div class="e-profile">
<div class="row">
<div class="col-12 col-sm-auto mb-4">
<div class="slim rounded-circle border-secondary border text-gray-dark"
<div class="mb-4 col-12 col-sm-auto">
<div class="border slim rounded-circle border-secondary text-gray-dark"
data-label="Change your avatar" data-max-file-size="3"
data-save-initial-image="true"
style="width: 140px;height:140px; cursor: pointer"
@ -81,9 +81,9 @@
<img src="{{ $user->getAvatar() }}" alt="avatar">
</div>
</div>
<div class="col d-flex flex-column flex-sm-row justify-content-between mb-3">
<div class="text-center text-sm-left mb-2 mb-sm-0">
<h4 class="pt-sm-2 pb-1 mb-0 text-nowrap">{{ $user->name }}</h4>
<div class="mb-3 col d-flex flex-column flex-sm-row justify-content-between">
<div class="mb-2 text-center text-sm-left mb-sm-0">
<h4 class="pb-1 mb-0 pt-sm-2 text-nowrap">{{ $user->name }}</h4>
<p class="mb-0">{{ $user->email }}
@if ($user->hasVerifiedEmail())
<i data-toggle="popover" data-trigger="hover" data-content="Verified"
@ -97,21 +97,21 @@
</p>
<div class="mt-1">
<span class="badge badge-primary"><i
class="fa fa-coins mr-2"></i>{{ $user->Credits() }}</span>
class="mr-2 fa fa-coins"></i>{{ $user->Credits() }}</span>
</div>
@if($referral_enabled)
@can("user.referral")
<div class="mt-1">
<span class="badge badge-success"><i
class="fa fa-user-check mr-2"></i>
class="mr-2 fa fa-user-check"></i>
{{__("Referral URL")}} :
<span onclick="onClickCopy()" id="RefLink" style="cursor: pointer;">
{{route("register")}}?ref={{$user->referral_code}}</span>
</span>
@else
<span class="badge badge-warning"><i
class="fa fa-user-check mr-2"></i>
class="mr-2 fa fa-user-check"></i>
{{__("You can not see your Referral Code")}}</span>
@endcan
</div>
@ -138,7 +138,7 @@
class="active nav-link">{{ __('Settings') }}</a>
</li>
</ul>
<div class="tab-content pt-3">
<div class="pt-3 tab-content">
<div class="tab-pane active">
<div class="row">
<div class="col">
@ -189,7 +189,7 @@
</div>
</div>
<div class="row">
<div class="col-12 col-sm-6 mb-3">
<div class="mb-3 col-12 col-sm-6">
<div class="mb-3"><b>{{ __('Change Password') }}</b></div>
<div class="row">
<div class="col">
@ -242,7 +242,7 @@
</div>
</div>
@if (!empty($discord_client_id) && !empty($discord_client_secret))
<div class="col-12 col-sm-5 offset-sm-1 mb-3">
<div class="mb-3 col-12 col-sm-5 offset-sm-1">
@if (is_null(Auth::user()->discordUser))
<b>{{ __('Link your discord account!') }}</b>
<div class="verify-discord">
@ -255,7 +255,7 @@
</div>
<a class="btn btn-light" href="{{ route('auth.redirect') }}">
<i class="fab fa-discord mr-2"></i>{{ __('Login with Discord') }}
<i class="mr-2 fab fa-discord"></i>{{ __('Login with Discord') }}
</a>
@else
<div class="verified-discord">
@ -263,7 +263,7 @@
<p>{{ __('You are verified!') }}</p>
</div>
</div>
<div class="row pl-2">
<div class="pl-2 row">
<div class="small-box bg-dark">
<div class="d-flex justify-content-between">
<div class="p-3">
@ -282,7 +282,7 @@
<div class="small-box-footer">
<a href="{{ route('auth.redirect') }}">
<i
class="fab fa-discord mr-1"></i>{{ __('Re-Sync Discord') }}
class="mr-1 fab fa-discord"></i>{{ __('Re-Sync Discord') }}
</a>
</div>
</div>