fix: 🐛 Fix infinite credit exploit when checking email several times.
This commit is contained in:
parent
f9a102509b
commit
7ecc29487e
|
@ -22,6 +22,7 @@ use Illuminate\Support\Facades\Log;
|
||||||
use Illuminate\Support\Facades\Validator;
|
use Illuminate\Support\Facades\Validator;
|
||||||
use Illuminate\Support\Str;
|
use Illuminate\Support\Str;
|
||||||
use Illuminate\Validation\ValidationException;
|
use Illuminate\Validation\ValidationException;
|
||||||
|
use Spatie\Permission\Models\Role;
|
||||||
|
|
||||||
class RegisterController extends Controller
|
class RegisterController extends Controller
|
||||||
{
|
{
|
||||||
|
@ -139,7 +140,7 @@ class RegisterController extends Controller
|
||||||
|
|
||||||
]);
|
]);
|
||||||
|
|
||||||
$user->syncRoles(4);
|
$user->syncRoles(Role::findByName('User'));
|
||||||
|
|
||||||
$response = $this->pterodactyl->application->post('/application/users', [
|
$response = $this->pterodactyl->application->post('/application/users', [
|
||||||
'external_id' => null,
|
'external_id' => null,
|
||||||
|
@ -156,10 +157,6 @@ class RegisterController extends Controller
|
||||||
'pterodactyl_id' => $response->json()['attributes']['id'],
|
'pterodactyl_id' => $response->json()['attributes']['id'],
|
||||||
]);
|
]);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
if ($response->failed()) {
|
if ($response->failed()) {
|
||||||
$user->delete();
|
$user->delete();
|
||||||
Log::error('Pterodactyl Registration Error: ' . $response->json()['errors'][0]['detail']);
|
Log::error('Pterodactyl Registration Error: ' . $response->json()['errors'][0]['detail']);
|
||||||
|
|
|
@ -66,6 +66,7 @@ class User extends Authenticatable implements MustVerifyEmail
|
||||||
'avatar',
|
'avatar',
|
||||||
'suspended',
|
'suspended',
|
||||||
'referral_code',
|
'referral_code',
|
||||||
|
'email_verified_reward',
|
||||||
];
|
];
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -88,6 +89,7 @@ class User extends Authenticatable implements MustVerifyEmail
|
||||||
'last_seen' => 'datetime',
|
'last_seen' => 'datetime',
|
||||||
'credits' => 'float',
|
'credits' => 'float',
|
||||||
'server_limit' => 'float',
|
'server_limit' => 'float',
|
||||||
|
'email_verified_reward' => 'boolean'
|
||||||
];
|
];
|
||||||
|
|
||||||
public function __construct()
|
public function __construct()
|
||||||
|
@ -280,9 +282,8 @@ class User extends Authenticatable implements MustVerifyEmail
|
||||||
|
|
||||||
public function verifyEmail()
|
public function verifyEmail()
|
||||||
{
|
{
|
||||||
|
|
||||||
$this->forceFill([
|
$this->forceFill([
|
||||||
'email_verified_at' => now(),
|
'email_verified_at' => now()
|
||||||
])->save();
|
])->save();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -290,6 +291,7 @@ class User extends Authenticatable implements MustVerifyEmail
|
||||||
{
|
{
|
||||||
$this->forceFill([
|
$this->forceFill([
|
||||||
'email_verified_at' => null,
|
'email_verified_at' => null,
|
||||||
|
'email_verified_reward' => true
|
||||||
])->save();
|
])->save();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -9,9 +9,10 @@ use App\Listeners\CouponUsed;
|
||||||
use App\Listeners\CreateInvoice;
|
use App\Listeners\CreateInvoice;
|
||||||
use App\Listeners\UnsuspendServers;
|
use App\Listeners\UnsuspendServers;
|
||||||
use App\Listeners\UserPayment;
|
use App\Listeners\UserPayment;
|
||||||
use App\Listeners\Verified;
|
use App\Listeners\Verified as ListenerVerified;
|
||||||
use Illuminate\Auth\Events\Registered;
|
use Illuminate\Auth\Events\Registered;
|
||||||
use Illuminate\Auth\Listeners\SendEmailVerificationNotification;
|
use Illuminate\Auth\Listeners\SendEmailVerificationNotification;
|
||||||
|
use Illuminate\Auth\Events\Verified;
|
||||||
use Illuminate\Foundation\Support\Providers\EventServiceProvider as ServiceProvider;
|
use Illuminate\Foundation\Support\Providers\EventServiceProvider as ServiceProvider;
|
||||||
use SocialiteProviders\Manager\SocialiteWasCalled;
|
use SocialiteProviders\Manager\SocialiteWasCalled;
|
||||||
|
|
||||||
|
@ -40,8 +41,8 @@ class EventServiceProvider extends ServiceProvider
|
||||||
// ... other providers
|
// ... other providers
|
||||||
'SocialiteProviders\\Discord\\DiscordExtendSocialite@handle',
|
'SocialiteProviders\\Discord\\DiscordExtendSocialite@handle',
|
||||||
],
|
],
|
||||||
'Illuminate\Auth\Events\Verified' => [
|
Verified::class => [
|
||||||
Verified::class,
|
ListenerVerified::class,
|
||||||
],
|
],
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ return [
|
||||||
*/
|
*/
|
||||||
|
|
||||||
'paths' => [
|
'paths' => [
|
||||||
resource_path('views'),
|
base_path('themes'),
|
||||||
],
|
],
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
<!-- CONTENT HEADER -->
|
<!-- CONTENT HEADER -->
|
||||||
<section class="content-header">
|
<section class="content-header">
|
||||||
<div class="container-fluid">
|
<div class="container-fluid">
|
||||||
<div class="row mb-2">
|
<div class="mb-2 row">
|
||||||
<div class="col-sm-6">
|
<div class="col-sm-6">
|
||||||
<h1>{{ __('Profile') }}</h1>
|
<h1>{{ __('Profile') }}</h1>
|
||||||
</div>
|
</div>
|
||||||
|
@ -26,9 +26,9 @@
|
||||||
<div class="container-fluid">
|
<div class="container-fluid">
|
||||||
|
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-lg-12 px-0">
|
<div class="px-0 col-lg-12">
|
||||||
@if (!Auth::user()->hasVerifiedEmail() && strtolower($force_email_verification) == 'true')
|
@if (!Auth::user()->hasVerifiedEmail() && $force_email_verification)
|
||||||
<div class="alert alert-warning p-2 m-2">
|
<div class="p-2 m-2 alert alert-warning">
|
||||||
<h5><i class="icon fas fa-exclamation-circle"></i>{{ __('Required Email verification!') }}
|
<h5><i class="icon fas fa-exclamation-circle"></i>{{ __('Required Email verification!') }}
|
||||||
</h5>
|
</h5>
|
||||||
{{ __('You have not yet verified your email address') }}
|
{{ __('You have not yet verified your email address') }}
|
||||||
|
@ -40,9 +40,9 @@
|
||||||
</div>
|
</div>
|
||||||
@endif
|
@endif
|
||||||
|
|
||||||
@if (is_null(Auth::user()->discordUser) && strtolower($force_discord_verification) == 'true')
|
@if (is_null(Auth::user()->discordUser) && $force_discord_verification)
|
||||||
@if (!empty($discord_client_id) && !empty($discord_client_secret))
|
@if (!empty($discord_client_id) && !empty($discord_client_secret))
|
||||||
<div class="alert alert-warning p-2 m-2">
|
<div class="p-2 m-2 alert alert-warning">
|
||||||
<h5>
|
<h5>
|
||||||
<i class="icon fas fa-exclamation-circle"></i>{{ __('Required Discord verification!') }}
|
<i class="icon fas fa-exclamation-circle"></i>{{ __('Required Discord verification!') }}
|
||||||
</h5>
|
</h5>
|
||||||
|
@ -52,7 +52,7 @@
|
||||||
{{ __('Please contact support If you face any issues.') }}
|
{{ __('Please contact support If you face any issues.') }}
|
||||||
</div>
|
</div>
|
||||||
@else
|
@else
|
||||||
<div class="alert alert-danger p-2 m-2">
|
<div class="p-2 m-2 alert alert-danger">
|
||||||
<h5>
|
<h5>
|
||||||
<i class="icon fas fa-exclamation-circle"></i>{{ __('Required Discord verification!') }}
|
<i class="icon fas fa-exclamation-circle"></i>{{ __('Required Discord verification!') }}
|
||||||
</h5>
|
</h5>
|
||||||
|
@ -72,8 +72,8 @@
|
||||||
<div class="card-body">
|
<div class="card-body">
|
||||||
<div class="e-profile">
|
<div class="e-profile">
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-12 col-sm-auto mb-4">
|
<div class="mb-4 col-12 col-sm-auto">
|
||||||
<div class="slim rounded-circle border-secondary border text-gray-dark"
|
<div class="border slim rounded-circle border-secondary text-gray-dark"
|
||||||
data-label="Change your avatar" data-max-file-size="3"
|
data-label="Change your avatar" data-max-file-size="3"
|
||||||
data-save-initial-image="true"
|
data-save-initial-image="true"
|
||||||
style="width: 140px;height:140px; cursor: pointer"
|
style="width: 140px;height:140px; cursor: pointer"
|
||||||
|
@ -81,9 +81,9 @@
|
||||||
<img src="{{ $user->getAvatar() }}" alt="avatar">
|
<img src="{{ $user->getAvatar() }}" alt="avatar">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="col d-flex flex-column flex-sm-row justify-content-between mb-3">
|
<div class="mb-3 col d-flex flex-column flex-sm-row justify-content-between">
|
||||||
<div class="text-center text-sm-left mb-2 mb-sm-0">
|
<div class="mb-2 text-center text-sm-left mb-sm-0">
|
||||||
<h4 class="pt-sm-2 pb-1 mb-0 text-nowrap">{{ $user->name }}</h4>
|
<h4 class="pb-1 mb-0 pt-sm-2 text-nowrap">{{ $user->name }}</h4>
|
||||||
<p class="mb-0">{{ $user->email }}
|
<p class="mb-0">{{ $user->email }}
|
||||||
@if ($user->hasVerifiedEmail())
|
@if ($user->hasVerifiedEmail())
|
||||||
<i data-toggle="popover" data-trigger="hover" data-content="Verified"
|
<i data-toggle="popover" data-trigger="hover" data-content="Verified"
|
||||||
|
@ -97,21 +97,21 @@
|
||||||
</p>
|
</p>
|
||||||
<div class="mt-1">
|
<div class="mt-1">
|
||||||
<span class="badge badge-primary"><i
|
<span class="badge badge-primary"><i
|
||||||
class="fa fa-coins mr-2"></i>{{ $user->Credits() }}</span>
|
class="mr-2 fa fa-coins"></i>{{ $user->Credits() }}</span>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@if($referral_enabled)
|
@if($referral_enabled)
|
||||||
@can("user.referral")
|
@can("user.referral")
|
||||||
<div class="mt-1">
|
<div class="mt-1">
|
||||||
<span class="badge badge-success"><i
|
<span class="badge badge-success"><i
|
||||||
class="fa fa-user-check mr-2"></i>
|
class="mr-2 fa fa-user-check"></i>
|
||||||
{{__("Referral URL")}} :
|
{{__("Referral URL")}} :
|
||||||
<span onclick="onClickCopy()" id="RefLink" style="cursor: pointer;">
|
<span onclick="onClickCopy()" id="RefLink" style="cursor: pointer;">
|
||||||
{{route("register")}}?ref={{$user->referral_code}}</span>
|
{{route("register")}}?ref={{$user->referral_code}}</span>
|
||||||
</span>
|
</span>
|
||||||
@else
|
@else
|
||||||
<span class="badge badge-warning"><i
|
<span class="badge badge-warning"><i
|
||||||
class="fa fa-user-check mr-2"></i>
|
class="mr-2 fa fa-user-check"></i>
|
||||||
{{__("You can not see your Referral Code")}}</span>
|
{{__("You can not see your Referral Code")}}</span>
|
||||||
@endcan
|
@endcan
|
||||||
</div>
|
</div>
|
||||||
|
@ -138,7 +138,7 @@
|
||||||
class="active nav-link">{{ __('Settings') }}</a>
|
class="active nav-link">{{ __('Settings') }}</a>
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
<div class="tab-content pt-3">
|
<div class="pt-3 tab-content">
|
||||||
<div class="tab-pane active">
|
<div class="tab-pane active">
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col">
|
<div class="col">
|
||||||
|
@ -189,7 +189,7 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-12 col-sm-6 mb-3">
|
<div class="mb-3 col-12 col-sm-6">
|
||||||
<div class="mb-3"><b>{{ __('Change Password') }}</b></div>
|
<div class="mb-3"><b>{{ __('Change Password') }}</b></div>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col">
|
<div class="col">
|
||||||
|
@ -242,7 +242,7 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@if (!empty($discord_client_id) && !empty($discord_client_secret))
|
@if (!empty($discord_client_id) && !empty($discord_client_secret))
|
||||||
<div class="col-12 col-sm-5 offset-sm-1 mb-3">
|
<div class="mb-3 col-12 col-sm-5 offset-sm-1">
|
||||||
@if (is_null(Auth::user()->discordUser))
|
@if (is_null(Auth::user()->discordUser))
|
||||||
<b>{{ __('Link your discord account!') }}</b>
|
<b>{{ __('Link your discord account!') }}</b>
|
||||||
<div class="verify-discord">
|
<div class="verify-discord">
|
||||||
|
@ -255,7 +255,7 @@
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<a class="btn btn-light" href="{{ route('auth.redirect') }}">
|
<a class="btn btn-light" href="{{ route('auth.redirect') }}">
|
||||||
<i class="fab fa-discord mr-2"></i>{{ __('Login with Discord') }}
|
<i class="mr-2 fab fa-discord"></i>{{ __('Login with Discord') }}
|
||||||
</a>
|
</a>
|
||||||
@else
|
@else
|
||||||
<div class="verified-discord">
|
<div class="verified-discord">
|
||||||
|
@ -263,7 +263,7 @@
|
||||||
<p>{{ __('You are verified!') }}</p>
|
<p>{{ __('You are verified!') }}</p>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="row pl-2">
|
<div class="pl-2 row">
|
||||||
<div class="small-box bg-dark">
|
<div class="small-box bg-dark">
|
||||||
<div class="d-flex justify-content-between">
|
<div class="d-flex justify-content-between">
|
||||||
<div class="p-3">
|
<div class="p-3">
|
||||||
|
@ -282,7 +282,7 @@
|
||||||
<div class="small-box-footer">
|
<div class="small-box-footer">
|
||||||
<a href="{{ route('auth.redirect') }}">
|
<a href="{{ route('auth.redirect') }}">
|
||||||
<i
|
<i
|
||||||
class="fab fa-discord mr-1"></i>{{ __('Re-Sync Discord') }}
|
class="mr-1 fab fa-discord"></i>{{ __('Re-Sync Discord') }}
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
Loading…
Reference in a new issue