From 7ecc29487e82d076e6cc1658d9e778970471133e Mon Sep 17 00:00:00 2001 From: Ferks-FK Date: Sat, 16 Sep 2023 13:20:31 -0400 Subject: [PATCH 01/44] fix: :bug: Fix infinite credit exploit when checking email several times. --- .../Controllers/Auth/RegisterController.php | 9 ++-- app/Models/User.php | 6 ++- app/Providers/EventServiceProvider.php | 7 ++-- config/view.php | 2 +- themes/default/views/profile/index.blade.php | 42 +++++++++---------- 5 files changed, 33 insertions(+), 33 deletions(-) diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php index 566d86fd..b315f8d7 100644 --- a/app/Http/Controllers/Auth/RegisterController.php +++ b/app/Http/Controllers/Auth/RegisterController.php @@ -22,6 +22,7 @@ use Illuminate\Support\Facades\Log; use Illuminate\Support\Facades\Validator; use Illuminate\Support\Str; use Illuminate\Validation\ValidationException; +use Spatie\Permission\Models\Role; class RegisterController extends Controller { @@ -139,7 +140,7 @@ class RegisterController extends Controller ]); - $user->syncRoles(4); + $user->syncRoles(Role::findByName('User')); $response = $this->pterodactyl->application->post('/application/users', [ 'external_id' => null, @@ -151,15 +152,11 @@ class RegisterController extends Controller 'root_admin' => false, 'language' => 'en', ]); - + $user->update([ 'pterodactyl_id' => $response->json()['attributes']['id'], ]); - - - - if ($response->failed()) { $user->delete(); Log::error('Pterodactyl Registration Error: ' . $response->json()['errors'][0]['detail']); diff --git a/app/Models/User.php b/app/Models/User.php index 7c04a65b..584da015 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -66,6 +66,7 @@ class User extends Authenticatable implements MustVerifyEmail 'avatar', 'suspended', 'referral_code', + 'email_verified_reward', ]; /** @@ -88,6 +89,7 @@ class User extends Authenticatable implements MustVerifyEmail 'last_seen' => 'datetime', 'credits' => 'float', 'server_limit' => 'float', + 'email_verified_reward' => 'boolean' ]; public function __construct() @@ -280,9 +282,8 @@ class User extends Authenticatable implements MustVerifyEmail public function verifyEmail() { - $this->forceFill([ - 'email_verified_at' => now(), + 'email_verified_at' => now() ])->save(); } @@ -290,6 +291,7 @@ class User extends Authenticatable implements MustVerifyEmail { $this->forceFill([ 'email_verified_at' => null, + 'email_verified_reward' => true ])->save(); } diff --git a/app/Providers/EventServiceProvider.php b/app/Providers/EventServiceProvider.php index 2ac9182d..cc535566 100644 --- a/app/Providers/EventServiceProvider.php +++ b/app/Providers/EventServiceProvider.php @@ -9,9 +9,10 @@ use App\Listeners\CouponUsed; use App\Listeners\CreateInvoice; use App\Listeners\UnsuspendServers; use App\Listeners\UserPayment; -use App\Listeners\Verified; +use App\Listeners\Verified as ListenerVerified; use Illuminate\Auth\Events\Registered; use Illuminate\Auth\Listeners\SendEmailVerificationNotification; +use Illuminate\Auth\Events\Verified; use Illuminate\Foundation\Support\Providers\EventServiceProvider as ServiceProvider; use SocialiteProviders\Manager\SocialiteWasCalled; @@ -40,8 +41,8 @@ class EventServiceProvider extends ServiceProvider // ... other providers 'SocialiteProviders\\Discord\\DiscordExtendSocialite@handle', ], - 'Illuminate\Auth\Events\Verified' => [ - Verified::class, + Verified::class => [ + ListenerVerified::class, ], ]; diff --git a/config/view.php b/config/view.php index 22b8a18d..b9b20d53 100644 --- a/config/view.php +++ b/config/view.php @@ -14,7 +14,7 @@ return [ */ 'paths' => [ - resource_path('views'), + base_path('themes'), ], /* diff --git a/themes/default/views/profile/index.blade.php b/themes/default/views/profile/index.blade.php index ba95bca4..14117343 100644 --- a/themes/default/views/profile/index.blade.php +++ b/themes/default/views/profile/index.blade.php @@ -4,7 +4,7 @@
-
+

{{ __('Profile') }}

@@ -26,9 +26,9 @@
-
- @if (!Auth::user()->hasVerifiedEmail() && strtolower($force_email_verification) == 'true') -
+
+ @if (!Auth::user()->hasVerifiedEmail() && $force_email_verification) +
{{ __('Required Email verification!') }}
{{ __('You have not yet verified your email address') }} @@ -40,9 +40,9 @@
@endif - @if (is_null(Auth::user()->discordUser) && strtolower($force_discord_verification) == 'true') + @if (is_null(Auth::user()->discordUser) && $force_discord_verification) @if (!empty($discord_client_id) && !empty($discord_client_secret)) -
+
{{ __('Required Discord verification!') }}
@@ -52,7 +52,7 @@ {{ __('Please contact support If you face any issues.') }}
@else -
+
{{ __('Required Discord verification!') }}
@@ -72,8 +72,8 @@
-
-
+
-
-
-

{{ $user->name }}

+
+
+

{{ $user->name }}

{{ $user->email }} @if ($user->hasVerifiedEmail())

{{ $user->Credits() }} + class="mr-2 fa fa-coins">{{ $user->Credits() }}
@if($referral_enabled) @can("user.referral")
+ class="mr-2 fa fa-user-check"> {{__("Referral URL")}} : {{route("register")}}?ref={{$user->referral_code}} @else + class="mr-2 fa fa-user-check"> {{__("You can not see your Referral Code")}} @endcan
@@ -138,7 +138,7 @@ class="active nav-link">{{ __('Settings') }} -
+
@@ -189,7 +189,7 @@
-
+
{{ __('Change Password') }}
@@ -242,7 +242,7 @@
@if (!empty($discord_client_id) && !empty($discord_client_secret)) -
+
@if (is_null(Auth::user()->discordUser)) {{ __('Link your discord account!') }}
@@ -255,7 +255,7 @@
- {{ __('Login with Discord') }} + {{ __('Login with Discord') }} @else
@@ -263,7 +263,7 @@

{{ __('You are verified!') }}

-
+
@@ -282,7 +282,7 @@
{{ __('Re-Sync Discord') }} + class="mr-1 fab fa-discord">{{ __('Re-Sync Discord') }}
From a471cb4021d9a9c919651c96333bd343bb7421f0 Mon Sep 17 00:00:00 2001 From: Ferks-FK Date: Sun, 17 Sep 2023 13:01:37 -0400 Subject: [PATCH 02/44] fix: :bug: fix #901 --- app/Http/Controllers/Admin/PaymentController.php | 11 ++++++++--- app/Listeners/UserPayment.php | 2 +- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/app/Http/Controllers/Admin/PaymentController.php b/app/Http/Controllers/Admin/PaymentController.php index 850f5a93..66292bd5 100644 --- a/app/Http/Controllers/Admin/PaymentController.php +++ b/app/Http/Controllers/Admin/PaymentController.php @@ -143,14 +143,19 @@ class PaymentController extends Controller $subtotal = $shopProduct->price; // Apply Coupon - $isCouponValid = $this->isCouponValid($couponCode, $user, $shopProduct->id); - if ($isCouponValid) { - $subtotal = $this->applyCoupon($couponCode, $subtotal); + if ($couponCode) { + if ($this->isCouponValid($couponCode, $user, $shopProduct->id)) { + $subtotal = $this->applyCoupon($couponCode, $subtotal); + } } // Apply Partner Discount $subtotal = $subtotal - ($subtotal * $discount / 100); if ($subtotal <= 0) { + if ($couponCode) { + event(new CouponUsedEvent($couponCode)); + } + return $this->handleFreeProduct($shopProduct); } diff --git a/app/Listeners/UserPayment.php b/app/Listeners/UserPayment.php index 9e1066ef..476573e1 100644 --- a/app/Listeners/UserPayment.php +++ b/app/Listeners/UserPayment.php @@ -49,7 +49,7 @@ class UserPayment $shopProduct = $event->shopProduct; // only update user if payment is paid - if ($event->payment->status != PaymentStatus::PAID) { + if ($event->payment->status != PaymentStatus::PAID->value) { return; } From 04940f040b43cee6f9137a025fc4fa8812e577be Mon Sep 17 00:00:00 2001 From: Ferks-FK Date: Sun, 17 Sep 2023 14:31:14 -0400 Subject: [PATCH 03/44] Aways check if has coupon code in the request. --- app/Http/Controllers/Admin/PaymentController.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/app/Http/Controllers/Admin/PaymentController.php b/app/Http/Controllers/Admin/PaymentController.php index 66292bd5..0b11597e 100644 --- a/app/Http/Controllers/Admin/PaymentController.php +++ b/app/Http/Controllers/Admin/PaymentController.php @@ -180,7 +180,10 @@ class PaymentController extends Controller $paymentGatewayExtension = ExtensionHelper::getExtensionClass($paymentGateway); $redirectUrl = $paymentGatewayExtension::getRedirectUrl($payment, $shopProduct, $totalPriceString); - event(new CouponUsedEvent($couponCode)); + + if ($couponCode) { + event(new CouponUsedEvent($couponCode)); + } } catch (Exception $e) { Log::error($e->getMessage()); return redirect()->route('store.index')->with('error', __('Oops, something went wrong! Please try again later.')); From 22413c3b30e53e390edab63f4fb684801698dc51 Mon Sep 17 00:00:00 2001 From: Ferks-FK Date: Sun, 17 Sep 2023 14:33:21 -0400 Subject: [PATCH 04/44] Remove unneeded function --- app/Traits/Coupon.php | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/app/Traits/Coupon.php b/app/Traits/Coupon.php index 5dd0e7e9..f1d06d27 100644 --- a/app/Traits/Coupon.php +++ b/app/Traits/Coupon.php @@ -95,27 +95,6 @@ trait Coupon return true; } - public function calcDiscount($productPrice, stdClass $data) - { - - if ($data->isValid) { - if ($data->couponType === 'percentage') { - return $productPrice - ($productPrice * $data->couponValue / 100); - } - - if ($data->couponType === 'amount') { - // There is no discount if the value of the coupon is greater than or equal to the value of the product. - if ($data->couponValue >= $productPrice) { - return $productPrice; - } - } - - return $productPrice - $data->couponValue; - } - - return $productPrice; - } - public function applyCoupon(string $couponCode, float $price) { $coupon = CouponModel::where('code', $couponCode)->first(); From ee5b99ce7153f25a007274e50cf73cb7c892a3f1 Mon Sep 17 00:00:00 2001 From: Ferks-FK Date: Sun, 1 Oct 2023 09:59:32 -0400 Subject: [PATCH 05/44] fix: :bug: Fix the infinite credits exploit in development. --- app/Listeners/Verified.php | 4 ++-- app/Models/User.php | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/app/Listeners/Verified.php b/app/Listeners/Verified.php index 9ed9bf37..c6e75912 100644 --- a/app/Listeners/Verified.php +++ b/app/Listeners/Verified.php @@ -7,7 +7,6 @@ use App\Settings\UserSettings; class Verified { private $server_limit_after_verify_email; - private $credits_reward_after_verify_email; /** @@ -29,9 +28,10 @@ class Verified */ public function handle($event) { - if (! $event->user->email_verified_reward) { + if (!$event->user->email_verified_reward) { $event->user->increment('server_limit', $this->server_limit_after_verify_email); $event->user->increment('credits', $this->credits_reward_after_verify_email); + $event->user->update(['email_verified_reward' => true]); } } } diff --git a/app/Models/User.php b/app/Models/User.php index 584da015..246cb0c5 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -290,8 +290,7 @@ class User extends Authenticatable implements MustVerifyEmail public function reVerifyEmail() { $this->forceFill([ - 'email_verified_at' => null, - 'email_verified_reward' => true + 'email_verified_at' => null ])->save(); } From 754d4f178fe57799feec6f314935cea61cadec17 Mon Sep 17 00:00:00 2001 From: Ferks-FK Date: Sun, 22 Oct 2023 11:11:49 -0400 Subject: [PATCH 06/44] Add encrypted migrations and closes #897 --- ...23_03_26_215801_create_mollie_settings.php | 2 +- ...3_03_04_135248_create_pay_pal_settings.php | 8 ++-- ...23_03_04_181917_create_stripe_settings.php | 4 +- app/Settings/MailSettings.php | 9 +++- ..._01_181334_create_pterodactyl_settings.php | 4 +- ...2023_02_01_181453_create_mail_settings.php | 2 +- .../views/admin/settings/index.blade.php | 44 +++++++++++-------- 7 files changed, 42 insertions(+), 31 deletions(-) diff --git a/app/Extensions/PaymentGateways/Mollie/migrations/2023_03_26_215801_create_mollie_settings.php b/app/Extensions/PaymentGateways/Mollie/migrations/2023_03_26_215801_create_mollie_settings.php index b32027e3..a3b6bfd0 100644 --- a/app/Extensions/PaymentGateways/Mollie/migrations/2023_03_26_215801_create_mollie_settings.php +++ b/app/Extensions/PaymentGateways/Mollie/migrations/2023_03_26_215801_create_mollie_settings.php @@ -6,7 +6,7 @@ class CreateMollieSettings extends SettingsMigration { public function up(): void { - $this->migrator->add('mollie.api_key', null); + $this->migrator->addEncrypted('mollie.api_key', null); $this->migrator->add('mollie.enabled', false); } diff --git a/app/Extensions/PaymentGateways/PayPal/migrations/2023_03_04_135248_create_pay_pal_settings.php b/app/Extensions/PaymentGateways/PayPal/migrations/2023_03_04_135248_create_pay_pal_settings.php index 3c011057..db7d0bdd 100644 --- a/app/Extensions/PaymentGateways/PayPal/migrations/2023_03_04_135248_create_pay_pal_settings.php +++ b/app/Extensions/PaymentGateways/PayPal/migrations/2023_03_04_135248_create_pay_pal_settings.php @@ -11,10 +11,10 @@ class CreatePayPalSettings extends SettingsMigration $table_exists = DB::table('settings_old')->exists(); - $this->migrator->add('paypal.client_id', $table_exists ? $this->getOldValue('SETTINGS::PAYMENTS:PAYPAL:CLIENT_ID') : null); - $this->migrator->add('paypal.client_secret', $table_exists ? $this->getOldValue('SETTINGS::PAYMENTS:PAYPAL:SECRET') : null); - $this->migrator->add('paypal.sandbox_client_id', $table_exists ? $this->getOldValue('SETTINGS::PAYMENTS:PAYPAL:SANDBOX_CLIENT_ID') : null); - $this->migrator->add('paypal.sandbox_client_secret', $table_exists ? $this->getOldValue('SETTINGS::PAYMENTS:PAYPAL:SANDBOX_SECRET') : null); + $this->migrator->addEncrypted('paypal.client_id', $table_exists ? $this->getOldValue('SETTINGS::PAYMENTS:PAYPAL:CLIENT_ID') : null); + $this->migrator->addEncrypted('paypal.client_secret', $table_exists ? $this->getOldValue('SETTINGS::PAYMENTS:PAYPAL:SECRET') : null); + $this->migrator->addEncrypted('paypal.sandbox_client_id', $table_exists ? $this->getOldValue('SETTINGS::PAYMENTS:PAYPAL:SANDBOX_CLIENT_ID') : null); + $this->migrator->addEncrypted('paypal.sandbox_client_secret', $table_exists ? $this->getOldValue('SETTINGS::PAYMENTS:PAYPAL:SANDBOX_SECRET') : null); $this->migrator->add('paypal.enabled', false); } diff --git a/app/Extensions/PaymentGateways/Stripe/migrations/2023_03_04_181917_create_stripe_settings.php b/app/Extensions/PaymentGateways/Stripe/migrations/2023_03_04_181917_create_stripe_settings.php index 1483732b..c320c80d 100644 --- a/app/Extensions/PaymentGateways/Stripe/migrations/2023_03_04_181917_create_stripe_settings.php +++ b/app/Extensions/PaymentGateways/Stripe/migrations/2023_03_04_181917_create_stripe_settings.php @@ -9,9 +9,9 @@ class CreateStripeSettings extends SettingsMigration { $table_exists = DB::table('settings_old')->exists(); - $this->migrator->add('stripe.secret_key', $table_exists ? $this->getOldValue('SETTINGS::PAYMENTS:STRIPE:SECRET') : null); + $this->migrator->addEncrypted('stripe.secret_key', $table_exists ? $this->getOldValue('SETTINGS::PAYMENTS:STRIPE:SECRET') : null); $this->migrator->add('stripe.endpoint_secret', $table_exists ? $this->getOldValue('SETTINGS::PAYMENTS:STRIPE:ENDPOINT_SECRET') : null); - $this->migrator->add('stripe.test_secret_key', $table_exists ? $this->getOldValue('SETTINGS::PAYMENTS:STRIPE:TEST_SECRET') : null); + $this->migrator->addEncrypted('stripe.test_secret_key', $table_exists ? $this->getOldValue('SETTINGS::PAYMENTS:STRIPE:TEST_SECRET') : null); $this->migrator->add('stripe.test_endpoint_secret', $table_exists ? $this->getOldValue('SETTINGS::PAYMENTS:STRIPE:ENDPOINT_TEST_SECRET') : null); $this->migrator->add('stripe.enabled', false); } diff --git a/app/Settings/MailSettings.php b/app/Settings/MailSettings.php index 1ea8309d..90b5a328 100644 --- a/app/Settings/MailSettings.php +++ b/app/Settings/MailSettings.php @@ -80,12 +80,17 @@ class MailSettings extends Settings ], 'mail_password' => [ 'label' => 'Mail Password', - 'type' => 'string', + 'type' => 'password', 'description' => 'The password of your mail server.', ], 'mail_encryption' => [ 'label' => 'Mail Encryption', - 'type' => 'string', + 'type' => 'select', + 'options' => [ + 'null' => 'None', + 'tls' => 'TLS', + 'ssl' => 'SSL' + ], 'description' => 'The encryption of your mail server.', ], 'mail_from_address' => [ diff --git a/database/settings/2023_02_01_181334_create_pterodactyl_settings.php b/database/settings/2023_02_01_181334_create_pterodactyl_settings.php index 3de54175..f3b5b37d 100644 --- a/database/settings/2023_02_01_181334_create_pterodactyl_settings.php +++ b/database/settings/2023_02_01_181334_create_pterodactyl_settings.php @@ -10,8 +10,8 @@ class CreatePterodactylSettings extends SettingsMigration $table_exists = DB::table('settings_old')->exists(); // Get the user-set configuration values from the old table. - $this->migrator->add('pterodactyl.admin_token', $table_exists ? $this->getOldValue('SETTINGS::SYSTEM:PTERODACTYL:TOKEN') : env('PTERODACTYL_TOKEN', '')); - $this->migrator->add('pterodactyl.user_token', $table_exists ? $this->getOldValue('SETTINGS::SYSTEM:PTERODACTYL:ADMIN_USER_TOKEN') : ''); + $this->migrator->addEncrypted('pterodactyl.admin_token', $table_exists ? $this->getOldValue('SETTINGS::SYSTEM:PTERODACTYL:TOKEN') : env('PTERODACTYL_TOKEN', '')); + $this->migrator->addEncrypted('pterodactyl.user_token', $table_exists ? $this->getOldValue('SETTINGS::SYSTEM:PTERODACTYL:ADMIN_USER_TOKEN') : ''); $this->migrator->add('pterodactyl.panel_url', $table_exists ? $this->getOldValue('SETTINGS::SYSTEM:PTERODACTYL:URL') : env('PTERODACTYL_URL', '')); $this->migrator->add('pterodactyl.per_page_limit', $table_exists ? $this->getOldValue('SETTINGS::SYSTEM:PTERODACTYL:PER_PAGE_LIMIT') : 200); } diff --git a/database/settings/2023_02_01_181453_create_mail_settings.php b/database/settings/2023_02_01_181453_create_mail_settings.php index 56953b78..8437a61a 100644 --- a/database/settings/2023_02_01_181453_create_mail_settings.php +++ b/database/settings/2023_02_01_181453_create_mail_settings.php @@ -13,7 +13,7 @@ class CreateMailSettings extends SettingsMigration $this->migrator->add('mail.mail_host', $table_exists ? $this->getOldValue('SETTINGS::MAIL:HOST') : env('MAIL_HOST', 'localhost')); $this->migrator->add('mail.mail_port', $table_exists ? $this->getOldValue('SETTINGS::MAIL:PORT') : env('MAIL_PORT', 25)); $this->migrator->add('mail.mail_username', $table_exists ? $this->getOldValue('SETTINGS::MAIL:USERNAME') : env('MAIL_USERNAME', '')); - $this->migrator->add('mail.mail_password', $table_exists ? $this->getOldValue('SETTINGS::MAIL:PASSWORD') : env('MAIL_PASSWORD', '')); + $this->migrator->addEncrypted('mail.mail_password', $table_exists ? $this->getOldValue('SETTINGS::MAIL:PASSWORD') : env('MAIL_PASSWORD', '')); $this->migrator->add('mail.mail_encryption', $table_exists ? $this->getOldValue('SETTINGS::MAIL:ENCRYPTION') : env('MAIL_ENCRYPTION', 'tls')); $this->migrator->add('mail.mail_from_address', $table_exists ? $this->getOldValue('SETTINGS::MAIL:FROM_ADDRESS') : env('MAIL_FROM_ADDRESS', 'example@example.com')); $this->migrator->add('mail.mail_from_name', $table_exists ? $this->getOldValue('SETTINGS::MAIL:FROM_NAME') : env('APP_NAME', 'CtrlPanel.gg')); diff --git a/themes/default/views/admin/settings/index.blade.php b/themes/default/views/admin/settings/index.blade.php index 78454fd7..799e426d 100644 --- a/themes/default/views/admin/settings/index.blade.php +++ b/themes/default/views/admin/settings/index.blade.php @@ -4,7 +4,7 @@
-
+

{{ __('Settings') }}

@@ -37,13 +37,13 @@
-
{{ __('Settings') }}
+
{{ __('Settings') }}
-
+
-
-
-
+
+
+
@csrf @method('POST')
-
- {{ __('FavIcon') }} +
+ {{ __('FavIcon') }} ... @@ -130,8 +130,8 @@ name="favicon" id="favicon">
-
- {{ __('Icon') }} +
+ {{ __('Icon') }} ... @@ -142,8 +142,8 @@ class="form-control" name="icon" id="icon">
-
- {{ __('Login-page Logo') }} +
+ {{ __('Login-page Logo') }} ... @@ -155,7 +155,7 @@
- +
@@ -182,14 +182,14 @@
-
+
@if ($value['description']) - @else - + @endif
@@ -200,6 +200,12 @@ value="{{ $value['value'] }}"> @break + @case($value['type'] == 'password') + + @break + @case($value['type'] == 'boolean')
-
+
{!! htmlScriptTagJsApi() !!} {!! htmlFormSnippet() !!} @error('g-recaptcha-response') @@ -294,10 +300,10 @@
-
From 03f8a7d614853ff350386bf55fadac1970e417f8 Mon Sep 17 00:00:00 2001 From: Ferks-FK Date: Sun, 22 Oct 2023 11:18:50 -0400 Subject: [PATCH 07/44] Closes #911 --- app/Http/Controllers/Admin/UserController.php | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/app/Http/Controllers/Admin/UserController.php b/app/Http/Controllers/Admin/UserController.php index 4956e565..b2c7b075 100644 --- a/app/Http/Controllers/Admin/UserController.php +++ b/app/Http/Controllers/Admin/UserController.php @@ -340,6 +340,10 @@ class UserController extends Controller { $this->checkPermission(self::SUSPEND_PERMISSION); + if (Auth::user()->id === $user->id) { + return redirect()->back()->with('error', __('You can not suspend yourself!')); + } + try { !$user->isSuspended() ? $user->suspend() : $user->unSuspend(); } catch (Exception $exception) { @@ -361,10 +365,10 @@ class UserController extends Controller return datatables($query) ->addColumn('avatar', function (User $user) { - return ''; + return ''; }) ->addColumn('credits', function (User $user) { - return ' ' . $user->credits(); + return ' ' . $user->credits(); }) ->addColumn('verified', function (User $user) { return $user->getVerifiedStatus(); @@ -378,10 +382,10 @@ class UserController extends Controller $suspendText = $user->isSuspended() ? __('Unsuspend') : __('Suspend'); return ' - - - - + + + +
' . csrf_field() . ' @@ -389,7 +393,7 @@ class UserController extends Controller ' . csrf_field() . ' ' . method_field('DELETE') . ' - +
'; }) From a75863909c98772d3a0c18c88da9b7d3902535de Mon Sep 17 00:00:00 2001 From: Ferks-FK Date: Sun, 22 Oct 2023 11:24:19 -0400 Subject: [PATCH 08/44] Closes #905 --- .../views/admin/products/show.blade.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/themes/default/views/admin/products/show.blade.php b/themes/default/views/admin/products/show.blade.php index 217a27bf..922d5d01 100644 --- a/themes/default/views/admin/products/show.blade.php +++ b/themes/default/views/admin/products/show.blade.php @@ -4,7 +4,7 @@
-
+

{{__('Products')}}

@@ -28,17 +28,17 @@
-
{{__('Product')}}
+
{{__('Product')}}
{{ csrf_field() }} {{ method_field('DELETE') }} + class="mr-1 btn btn-sm btn-danger">
@@ -78,7 +78,7 @@
- {{ $product->price }} + {{ $product->price }}
@@ -92,9 +92,9 @@
@if ($product->minimum_credits == -1) - {{ $minimum_credits }} + {{ $minimum_credits }} @else - {{ $product->minimum_credits }} + {{ $product->minimum_credits }} @endif
@@ -213,7 +213,7 @@
- + {{ $product->description }}
@@ -240,7 +240,7 @@
-
{{__('Servers')}}
+
{{__('Servers')}}
From 654932225a7804e22a3e54176c26392acc892fbf Mon Sep 17 00:00:00 2001 From: Ferks-FK Date: Sun, 22 Oct 2023 13:48:05 -0400 Subject: [PATCH 09/44] Closes #696 --- .../Controllers/Admin/CouponController.php | 26 ++--- .../Controllers/Admin/PartnerController.php | 5 +- .../Controllers/Admin/ProductController.php | 13 +-- app/Http/Controllers/Admin/RoleController.php | 2 + .../Admin/ShopProductController.php | 6 +- .../Controllers/Admin/TicketsController.php | 20 ++-- app/Http/Controllers/Admin/UserController.php | 45 +++++---- .../Controllers/Admin/VoucherController.php | 26 +++-- .../views/admin/coupons/index.blade.php | 6 +- .../views/admin/products/index.blade.php | 6 +- .../views/admin/servers/index.blade.php | 7 +- .../views/admin/ticket/blacklist.blade.php | 8 +- .../views/admin/ticket/index.blade.php | 6 +- .../views/admin/vouchers/index.blade.php | 8 +- transferusers.php | 95 +++++++++++++++++++ 15 files changed, 196 insertions(+), 83 deletions(-) create mode 100644 transferusers.php diff --git a/app/Http/Controllers/Admin/CouponController.php b/app/Http/Controllers/Admin/CouponController.php index 1287a57c..71caaf31 100644 --- a/app/Http/Controllers/Admin/CouponController.php +++ b/app/Http/Controllers/Admin/CouponController.php @@ -185,29 +185,32 @@ class CouponController extends Controller public function dataTable() { - $query = Coupon::query(); + $query = Coupon::selectRaw(' + coupons.*, + CASE + WHEN coupons.uses >= coupons.max_uses THEN "USES_LIMIT_REACHED" + WHEN coupons.expires_at IS NOT NULL AND coupons.expires_at < NOW() THEN "EXPIRED" + ELSE "VALID" + END as derived_status + '); return datatables($query) ->addColumn('actions', function(Coupon $coupon) { return ' - +
'.csrf_field().' '.method_field('DELETE').' - +
'; }) - ->addColumn('status', function(Coupon $coupon) { - $color = 'success'; - $status = $coupon->getStatus(); + ->addColumn('status', function (Coupon $coupon) { + $color = ($coupon->derived_status == 'VALID') ? 'success' : 'danger'; + $status = str_replace('_', ' ', $coupon->derived_status); - if ($status != __('VALID')) { - $color = 'danger'; - } - - return ''.str_replace('_', ' ', $status).''; + return ''.$status.''; }) ->editColumn('uses', function (Coupon $coupon) { return "{$coupon->uses} / {$coupon->max_uses}"; @@ -232,6 +235,7 @@ class CouponController extends Controller ->editColumn('code', function (Coupon $coupon) { return "{$coupon->code}"; }) + ->orderColumn('status', 'derived_status $1') ->rawColumns(['actions', 'code', 'status']) ->make(); } diff --git a/app/Http/Controllers/Admin/PartnerController.php b/app/Http/Controllers/Admin/PartnerController.php index 5c4a6bab..8b65eec3 100644 --- a/app/Http/Controllers/Admin/PartnerController.php +++ b/app/Http/Controllers/Admin/PartnerController.php @@ -122,11 +122,11 @@ class PartnerController extends Controller return datatables($query) ->addColumn('actions', function (PartnerDiscount $partner) { return ' - +
'.csrf_field().' '.method_field('DELETE').' - +
'; }) @@ -145,6 +145,7 @@ class PartnerController extends Controller ->editColumn('referral_system_commission', function (PartnerDiscount $partner, ReferralSettings $referral_settings) { return $partner->referral_system_commission >= 0 ? $partner->referral_system_commission . '%' : __('Default') . ' ('.$referral_settings->percentage . '%)'; }) + ->orderColumn('user', 'user_id $1') ->rawColumns(['user', 'actions']) ->make(); } diff --git a/app/Http/Controllers/Admin/ProductController.php b/app/Http/Controllers/Admin/ProductController.php index ddc91fa8..6ddae3e3 100644 --- a/app/Http/Controllers/Admin/ProductController.php +++ b/app/Http/Controllers/Admin/ProductController.php @@ -223,17 +223,18 @@ class ProductController extends Controller public function dataTable() { $query = Product::with(['servers']); + return datatables($query) ->addColumn('actions', function (Product $product) { return ' - - - + + +
'.csrf_field().' '.method_field('DELETE').' - +
'; }) @@ -247,7 +248,7 @@ class ProductController extends Controller ->addColumn('eggs', function (Product $product) { return $product->eggs()->count(); }) - ->addColumn('disabled', function (Product $product) { + ->editColumn('disabled', function (Product $product) { $checked = $product->disabled == false ? 'checked' : ''; return ' @@ -264,7 +265,7 @@ class ProductController extends Controller ->editColumn('minimum_credits', function (Product $product, UserSettings $user_settings) { return $product->minimum_credits==-1 ? $user_settings->min_credits_to_make_server : $product->minimum_credits; }) - ->editColumn('oom_killer', function (Product $product, UserSettings $user_settings) { + ->editColumn('oom_killer', function (Product $product) { return $product->oom_killer ? __("enabled") : __("disabled"); }) ->editColumn('created_at', function (Product $product) { diff --git a/app/Http/Controllers/Admin/RoleController.php b/app/Http/Controllers/Admin/RoleController.php index b10c1b01..d3553ae2 100644 --- a/app/Http/Controllers/Admin/RoleController.php +++ b/app/Http/Controllers/Admin/RoleController.php @@ -214,6 +214,8 @@ class RoleController extends Controller ->editColumn('power', function (Role $role){ return $role->power; }) + ->orderColumn('usercount', 'users_count $1') + ->orderColumn('permissionscount', 'permissions_count $1') ->rawColumns(['actions', 'name']) ->make(true); } diff --git a/app/Http/Controllers/Admin/ShopProductController.php b/app/Http/Controllers/Admin/ShopProductController.php index 74c32639..db07916a 100644 --- a/app/Http/Controllers/Admin/ShopProductController.php +++ b/app/Http/Controllers/Admin/ShopProductController.php @@ -156,16 +156,16 @@ class ShopProductController extends Controller return datatables($query) ->addColumn('actions', function (ShopProduct $shopProduct) { return ' - +
' . csrf_field() . ' ' . method_field('DELETE') . ' - +
'; }) - ->addColumn('disabled', function (ShopProduct $shopProduct) { + ->editColumn('disabled', function (ShopProduct $shopProduct) { $checked = $shopProduct->disabled == false ? 'checked' : ''; return ' diff --git a/app/Http/Controllers/Admin/TicketsController.php b/app/Http/Controllers/Admin/TicketsController.php index 3622c22a..025c58de 100644 --- a/app/Http/Controllers/Admin/TicketsController.php +++ b/app/Http/Controllers/Admin/TicketsController.php @@ -121,11 +121,12 @@ class TicketsController extends Controller public function dataTable() { - $query = Ticket::query(); + $query = Ticket::leftJoin('ticket_categories', 'tickets.ticketcategory_id', '=', 'ticket_categories.id') + ->select(['tickets.*', 'ticket_categories.name as category_name']); return datatables($query) - ->addColumn('category', function (Ticket $tickets) { - return $tickets->ticketcategory->name; + ->addColumn('category', function (Ticket $ticket) { + return $ticket->category_name; }) ->editColumn('title', function (Ticket $tickets) { return ''.'#'.$tickets->ticket_id.' - '.htmlspecialchars($tickets->title).''; @@ -139,16 +140,16 @@ class TicketsController extends Controller $statusButtonText = ($tickets->status == "Closed") ? __('Reopen') : __('Close'); return ' - +
'.csrf_field().' '.method_field('POST').' - +
'.csrf_field().' '.method_field('POST').' - +
'; }) @@ -178,7 +179,8 @@ class TicketsController extends Controller return ['display' => $tickets->updated_at ? $tickets->updated_at->diffForHumans() : '', 'raw' => $tickets->updated_at ? strtotime($tickets->updated_at) : '']; }) - ->rawColumns(['category', 'title', 'user_id', 'status', 'priority', 'updated_at', 'actions']) + ->orderColumn('category', 'category_name $1') + ->rawColumns(['title', 'user_id', 'status', 'priority', 'updated_at', 'actions']) ->make(true); } @@ -279,12 +281,12 @@ class TicketsController extends Controller
'.csrf_field().' '.method_field('POST').' - +
'.csrf_field().' '.method_field('POST').' - +
'; }) diff --git a/app/Http/Controllers/Admin/UserController.php b/app/Http/Controllers/Admin/UserController.php index b2c7b075..60a1120f 100644 --- a/app/Http/Controllers/Admin/UserController.php +++ b/app/Http/Controllers/Admin/UserController.php @@ -148,7 +148,7 @@ class UserController extends Controller */ public function update(Request $request, User $user) { - $request->validate([ + $data = $request->validate([ 'name' => 'required|string|min:4|max:30', 'pterodactyl_id' => "required|numeric|unique:users,pterodactyl_id,{$user->id}", 'email' => 'required|string|email', @@ -179,23 +179,23 @@ class UserController extends Controller ]); } - if($this->can(self::CHANGE_USERNAME_PERMISSION)){ - $user->name = $request->name; - } - if($this->can(self::CHANGE_CREDITS_PERMISSION)){ - $user->credits = $request->credits; - } - if($this->can(self::CHANGE_PTERO_PERMISSION)){ - $user->pterodactyl_id = $request->pterodactyl_id; - } - if($this->can(self::CHANGE_REFERAL_PERMISSION)){ - $user->referral_code = $request->referral_code; - } - if($this->can(self::CHANGE_EMAIL_PERMISSION)){ - $user->email = $request->email; - } + // if($this->can(self::CHANGE_USERNAME_PERMISSION)){ + // $user->name = $request->name; + // } + // if($this->can(self::CHANGE_CREDITS_PERMISSION)){ + // $user->credits = $request->credits; + // } + // if($this->can(self::CHANGE_PTERO_PERMISSION)){ + // $user->pterodactyl_id = $request->pterodactyl_id; + // } + // if($this->can(self::CHANGE_REFERAL_PERMISSION)){ + // $user->referral_code = $request->referral_code; + // } + // if($this->can(self::CHANGE_EMAIL_PERMISSION)){ + // $user->email = $request->email; + // } - $user->save(); + $user->update($data); event(new UserUpdateCreditsEvent($user)); @@ -358,10 +358,12 @@ class UserController extends Controller */ public function dataTable(Request $request) { - $query = User::with('discordUser')->withCount('servers'); - // manually count referrals in user_referrals table - $query->selectRaw('users.*, (SELECT COUNT(*) FROM user_referrals WHERE user_referrals.referral_id = users.id) as referrals_count'); - + $query = User::query() + ->withCount('servers') + ->leftJoin('model_has_roles', 'users.id', '=', 'model_has_roles.model_id') + ->leftJoin('roles', 'model_has_roles.role_id', '=', 'roles.id') + ->selectRaw('users.*, roles.name as role_name, (SELECT COUNT(*) FROM user_referrals WHERE user_referrals.referral_id = users.id) as referrals_count') + ->where('model_has_roles.model_type', User::class); return datatables($query) ->addColumn('avatar', function (User $user) { @@ -412,6 +414,7 @@ class UserController extends Controller ->editColumn('name', function (User $user, PterodactylSettings $ptero_settings) { return '' . strip_tags($user->name) . ''; }) + ->orderColumn('role', 'role_name $1') ->rawColumns(['avatar', 'name', 'credits', 'role', 'usage', 'actions']) ->make(); } diff --git a/app/Http/Controllers/Admin/VoucherController.php b/app/Http/Controllers/Admin/VoucherController.php index ec6c5232..b42d5094 100644 --- a/app/Http/Controllers/Admin/VoucherController.php +++ b/app/Http/Controllers/Admin/VoucherController.php @@ -203,7 +203,7 @@ class VoucherController extends Controller return ''.$user->name.''; }) ->addColumn('credits', function (User $user) { - return ' '.$user->credits(); + return ' '.$user->credits(); }) ->addColumn('last_seen', function (User $user) { return $user->last_seen ? $user->last_seen->diffForHumans() : ''; @@ -214,28 +214,33 @@ class VoucherController extends Controller public function dataTable() { - $query = Voucher::query(); + $query = Voucher::selectRaw(' + vouchers.*, + CASE + WHEN (SELECT COUNT(*) FROM user_voucher WHERE user_voucher.voucher_id = vouchers.id) >= vouchers.uses THEN "USES_LIMIT_REACHED" + WHEN vouchers.expires_at IS NOT NULL AND vouchers.expires_at < NOW() THEN "EXPIRED" + ELSE "VALID" + END as derived_status + '); return datatables($query) ->addColumn('actions', function (Voucher $voucher) { return ' - - + +
'.csrf_field().' '.method_field('DELETE').' - +
'; }) ->addColumn('status', function (Voucher $voucher) { - $color = 'success'; - if ($voucher->getStatus() != __('VALID')) { - $color = 'danger'; - } + $color = ($voucher->derived_status == 'VALID') ? 'success' : 'danger'; + $status = str_replace('_', ' ', $voucher->derived_status); - return ''.$voucher->getStatus().''; + return ''.$status.''; }) ->editColumn('uses', function (Voucher $voucher) { return "{$voucher->used} / {$voucher->uses}"; @@ -253,6 +258,7 @@ class VoucherController extends Controller ->editColumn('code', function (Voucher $voucher) { return "{$voucher->code}"; }) + ->orderColumn('status', 'derived_status $1') ->rawColumns(['actions', 'code', 'status']) ->make(); } diff --git a/themes/default/views/admin/coupons/index.blade.php b/themes/default/views/admin/coupons/index.blade.php index d89135cf..cad2aa4e 100644 --- a/themes/default/views/admin/coupons/index.blade.php +++ b/themes/default/views/admin/coupons/index.blade.php @@ -4,7 +4,7 @@
-
+

{{__('Coupons')}}

@@ -31,7 +31,7 @@ {{__('Coupons')}} - + {{__('Create new')}}
@@ -82,7 +82,7 @@ {data: 'status'}, {data: 'code'}, {data: 'value'}, - {data: 'uses'}, + {data: 'uses', sortable: false}, {data: 'expires_at'}, {data: 'created_at'}, {data: 'actions', sortable: false}, diff --git a/themes/default/views/admin/products/index.blade.php b/themes/default/views/admin/products/index.blade.php index a951a46f..22659804 100644 --- a/themes/default/views/admin/products/index.blade.php +++ b/themes/default/views/admin/products/index.blade.php @@ -4,7 +4,7 @@
-
+

{{__('Products')}}

@@ -30,9 +30,9 @@
-
{{__('Products')}}
+
{{__('Products')}}
{{__('Create new')}} + class="mr-1 fas fa-plus">{{__('Create new')}}
diff --git a/themes/default/views/admin/servers/index.blade.php b/themes/default/views/admin/servers/index.blade.php index 3cfec164..2a0f8791 100644 --- a/themes/default/views/admin/servers/index.blade.php +++ b/themes/default/views/admin/servers/index.blade.php @@ -4,7 +4,7 @@
-
+

{{ __('Servers') }}

@@ -28,10 +28,10 @@
- {{ __('Servers') }} + {{ __('Servers') }}
{{ __('Sync') }} + class="mr-2 fas fa-sync">{{ __('Sync') }}
@@ -93,7 +93,6 @@ }, { data: 'product.name', - sortable: false }, { data: 'suspended' diff --git a/themes/default/views/admin/ticket/blacklist.blade.php b/themes/default/views/admin/ticket/blacklist.blade.php index e26304a1..f501d399 100644 --- a/themes/default/views/admin/ticket/blacklist.blade.php +++ b/themes/default/views/admin/ticket/blacklist.blade.php @@ -4,7 +4,7 @@
-
+

{{ __('Ticket Blacklist') }}

@@ -29,7 +29,7 @@
-
{{__('Blacklist List')}}
+
{{__('Blacklist List')}}
@@ -62,7 +62,7 @@
@csrf -
+