Skip to content

Commit

Permalink
Merge pull request #1150 from ladybirdweb/development
Browse files Browse the repository at this point in the history 
Security Fixes
  • Loading branch information
Ashutosh pathak authored Jun 10, 2020
2 parents ec788cf + 7795a0a commit 9104fab
Show file tree
Hide file tree
Showing 63 changed files with 518 additions and 663 deletions.
90 changes: 20 additions & 70 deletions app/Http/Controllers/Auth/AuthController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
use App\User;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
use Illuminate\Http\Request;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Validator;

class AuthController extends BaseAuthController
Expand Down Expand Up @@ -44,75 +45,38 @@ public function __construct()
$this->licensing = $license;
}

public function sendActivationByGet($email, Request $request)
{
try {
$mail = $this->sendActivation($email, $request->method());
if ($mail == 'success') {
return redirect()->back()->with('success', 'Activation link has sent to your email address');
}
} catch (\Exception $ex) {
return redirect()->back()->with('fails', $ex->getMessage());
}
}

public function activate($token, AccountActivate $activate, Request $request, User $user)
{
try {
if ($activate->where('token', $token)->first()) {
$email = $activate->where('token', $token)->first()->email;
$activate = $activate->where('token', $token)->first();
$url = 'auth/login';
if ($activate) {
$email = $activate->email;
} else {
throw new NotFoundHttpException();
throw new NotFoundHttpException('Token mismatch. Account cannot be activated.');
}
$url = 'auth/login';
$user = $user->where('email', $email)->first();
if ($user->where('email', $email)->first()) {
$user->active = 1;
$user->save();
$pipedriveStatus = StatusSetting::pluck('pipedrive_status')->first();
$zohoStatus = StatusSetting::pluck('zoho_status')->first();
$mailchimpStatus = StatusSetting::pluck('mailchimp_status')->first();
if ($pipedriveStatus == 1) {//Add to Pipedrive
$this->addToPipedrive($user);
}
if ($zohoStatus) {//Add to Zoho
$zoho = $this->reqFields($user, $email);
$auth = ApiKey::where('id', 1)->value('zoho_api_key');
$zohoUrl = 'https://crm.zoho.com/crm/private/xml/Leads/insertRecords??duplicateCheck=1&';
$query = 'authtoken='.$auth.'&scope=crmapi&xmlData='.$zoho;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $zohoUrl);
/* allow redirects */
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
/* return a response into a variable */
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
/* times out after 30s */
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
/* set POST method */
curl_setopt($ch, CURLOPT_POST, 1);
/* add POST fields parameters */
curl_setopt($ch, CURLOPT_POSTFIELDS, $query); // Set the request as a POST FIELD for curl.

//Execute cUrl session
$response = curl_exec($ch);
curl_close($ch);
}

if ($mailchimpStatus == 1) {//Add to Mailchimp
$mailchimp = new \App\Http\Controllers\Common\MailChimpController();
$r = $mailchimp->addSubscriber($user->email);
}

if ($user) {
if ($user->active == 0) {
$user->active = 1;
$user->save();
$status = StatusSetting::select('mailchimp_status', 'pipedrive_status', 'zoho_status')->first();
$this->addUserToPipedrive($user, $status->pipedrive_status); //Add user to pipedrive
$this->addUserToZoho($user, $status->zoho_status); //Add user to zoho
$this->addUserToMailchimp($user, $status->mailchimp_status); // Add user to mailchimp
if (\Session::has('session-url')) {
$url = \Session::get('session-url');

return redirect($url);
}

return redirect($url)->with('success', 'Email verification successful.
return redirect($url)->with('success', 'Email verification successful.
Please login to access your account !!');
} else {
return redirect($url)->with('warning', 'This email is already verified');
}
} else {
throw new NotFoundHttpException();
throw new NotFoundHttpException('User with this email not found.');
}
} catch (\Exception $ex) {
if ($ex->getCode() == 400) {
Expand Down Expand Up @@ -283,16 +247,12 @@ public function verifyEmail(Request $request)
$this->validate($request, [
'email' => 'required|email',
]);
$email = $request->oldmail;
$newMail = $request->newmail;
User::where('mobile', $email)->update(['mobile'=>$newMail]);

try {
$email = $request->input('email');
$userid = $request->input('id');
$user = User::find($userid);
$check = $this->checkVerify($user);
$method = 'POST';
$method = 'GET';
//$this->sendActivation($email, $request->method());
$this->sendActivation($email, $method);
$response = ['type' => 'success', 'proceed' => $check,
Expand Down Expand Up @@ -413,14 +373,4 @@ public function accountManagerMail($user, $bcc = [])
// $template_controller->mailing($from, $to, $template_data, $template_name, $replace, 'account__manager_email',$bcc);
}
}

public function updateUserEmail(Request $request)
{
$email = $request->oldemail;
$newEmail = $request->newemail;
User::where('email', $email)->update(['email'=>$newEmail]);
$message = 'User email updated successfully';

return $message;
}
}
66 changes: 51 additions & 15 deletions app/Http/Controllers/Auth/BaseAuthController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ public function sendActivation($email, $method, $str = '')
$activate_model = new AccountActivate();
$user = $user->where('email', $email)->first();
if (! $user) {
return redirect()->back()->with('fails', 'Invalid Email');
throw new \Exception('User with this email does not exist');
}

if ($method == 'GET') {
Expand Down Expand Up @@ -211,21 +211,23 @@ public function redirectPath()
}
}

protected function addToPipedrive($user)
protected function addUserToPipedrive($user, $pipeDriveStatus)
{
$token = ApiKey::pluck('pipedrive_api_key')->first();
$result = $this->searchUserPresenceInPipedrive($user->email, $token);
if (! $result) {
$countryFullName = Country::where('country_code_char2', $user->country)->pluck('nicename')->first();
$pipedrive = new \Devio\Pipedrive\Pipedrive($token);
$orgId = $pipedrive->organizations->add(['name'=>$user->company])->getContent()->data->id;
$person = $pipedrive->persons()->add(['name' => $user->first_name.' '.$user->last_name, 'email'=>$user->email,
'phone' => '+'.$user->mobile_code.$user->mobile, 'org_id'=>$orgId, ]);

// $person = $pipedrive->persons()->add(['name' => $user->first_name .' '. $user->last_name,'email'=>$user->email,
// 'phone'=>'+'.$user->mobile_code.$user->mobile,'org_id'=>$orgId,'af1c1908b70a61f2baf8b33a975a185cce1aefe5'=>$countryFullName]);
$personId = $person->getContent()->data->id;
$organization = $pipedrive->deals()->add(['title'=>$user->company.' '.'deal', 'person_id'=>$personId, 'org_id'=>$orgId]);
if ($pipeDriveStatus) {
$token = ApiKey::pluck('pipedrive_api_key')->first();
$result = $this->searchUserPresenceInPipedrive($user->email, $token);
if (! $result) {
$countryFullName = Country::where('country_code_char2', $user->country)->pluck('nicename')->first();
$pipedrive = new \Devio\Pipedrive\Pipedrive($token);
$orgId = $pipedrive->organizations->add(['name'=>$user->company])->getContent()->data->id;
$person = $pipedrive->persons()->add(['name' => $user->first_name.' '.$user->last_name, 'email'=>$user->email,
'phone' => '+'.$user->mobile_code.$user->mobile, 'org_id'=>$orgId, ]);

// $person = $pipedrive->persons()->add(['name' => $user->first_name .' '. $user->last_name,'email'=>$user->email,
// 'phone'=>'+'.$user->mobile_code.$user->mobile,'org_id'=>$orgId,'af1c1908b70a61f2baf8b33a975a185cce1aefe5'=>$countryFullName]);
$personId = $person->getContent()->data->id;
$organization = $pipedrive->deals()->add(['title'=>$user->company.' '.'deal', 'person_id'=>$personId, 'org_id'=>$orgId]);
}
}
}

Expand All @@ -244,4 +246,38 @@ private function searchUserPresenceInPipedrive($email, $token)

return json_decode($result)->data->items;
}

protected function addUserToZoho($user, $zohoStatus)
{
if ($zohoStatus) {
$zoho = $this->reqFields($user, $user->email);
$auth = ApiKey::where('id', 1)->value('zoho_api_key');
$zohoUrl = 'https://crm.zoho.com/crm/private/xml/Leads/insertRecords??duplicateCheck=1&';
$query = 'authtoken='.$auth.'&scope=crmapi&xmlData='.$zoho;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $zohoUrl);
/* allow redirects */
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
/* return a response into a variable */
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
/* times out after 30s */
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
/* set POST method */
curl_setopt($ch, CURLOPT_POST, 1);
/* add POST fields parameters */
curl_setopt($ch, CURLOPT_POSTFIELDS, $query); // Set the request as a POST FIELD for curl.

//Execute cUrl session
$response = curl_exec($ch);
curl_close($ch);
}
}

protected function addUserToMailchimp($user, $mailchimpStatus)
{
if ($mailchimpStatus) {
$mailchimp = new \App\Http\Controllers\Common\MailChimpController();
$mailchimp->addSubscriber($user->email);
}
}
}
5 changes: 5 additions & 0 deletions app/Http/Controllers/Common/BaseSettingsController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,11 @@ class BaseSettingsController extends PaymentSettingsController
{
use ApiKeySettings;

public function __construct()
{
$this->middleware('auth');
$this->middleware('admin');
}
/**
* Get the logged activity.
*/
Expand Down
34 changes: 1 addition & 33 deletions app/Http/Controllers/Common/MailChimpController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ class MailChimpController extends BaseMailChimpController

public function __construct()
{
$this->middleware('auth',['except'=>['addSubscriberByClientPanel']]);
$mailchimp_set = new MailchimpSetting();
$this->mailchimp_set = $mailchimp_set->firstOrFail();
$this->mail_api_key = $this->mailchimp_set->api_key;
Expand Down Expand Up @@ -134,39 +135,6 @@ public function field($email)
}
}

public function addFieldsToAgora()
{
try {
/** @scrutinizer ignore-call */
$fields = $this->getMergeFields($this->list_id);
$mailchimp_field_in_agora = $this->mailchimp_field_model->get();
if (count($mailchimp_field_in_agora) > 0) {
foreach ($mailchimp_field_in_agora as $field) {
$field->delete();
}
}
foreach ($fields['merge_fields'] as $key => $value) {
$merge_id = $value->merge_id;
$name = $value->name;
$type = $value->type;
$required = $value->required;
$list_id = $value->list_id;
$tag = $value->tag;

$this->mailchimp_field_model->create([
'merge_id' => $merge_id,
'tag' => $tag,
'name' => $name,
'type' => $type,
'required' => $required,
'list_id' => $list_id,
]);
}
} catch (Exception $ex) {
return redirect()->back()->with('fails', $ex->getMessage());
}
}

public function mapField()
{
try {
Expand Down
18 changes: 11 additions & 7 deletions app/Http/Controllers/Common/PaymentSettingsController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,14 +18,16 @@ public function getPlugin()
->addColumn('name', function ($model) {
if (array_has($model, 'path')) {
if ($model['status'] == 0) {
$activate = '<a href='.url('plugin/status/'.$model['name']).'>Activate</a>';
$activate = '<form method="post" action='.url('plugin/status/'.$model['name']).'>'.'<input type="hidden" name="_token" value='.\Session::token().'>'.'
<button type="submit" class="btn btn-primary btn-sm">Activate</button></form>';
$settings = ' ';
} else {
$settings = '<a href='.url($model['settings']).'>Settings</a> | ';
$activate = '<a href='.url('plugin/status/'.$model['name']).'>Deactivate</a>';
$settings = '<a href='.url($model['settings']).' class="btn btn-primary btn-sm">Settings</a> <br> ';
$activate = '<form method="post" action='.url('plugin/status/'.$model['name']).'>'.'<input type="hidden" name="_token" value='.\Session::token().'>'.'
<button type="submit" class="btn btn-primary btn-sm">Deactivate</button></form>';
}

$delete = '<a href= id=delete'.$model['name'].' data-toggle=modal data-target=#del'.$model['name']."><span style='color:red'>Delete</span></a>"
$delete = '<a href= id=delete'.$model['name'].' class="btn btn-danger btn-sm" data-toggle=modal data-target=#del'.$model['name']."><span style='color:white'>Delete</span></a>"
."<div class='modal fade' id=del".$model['name'].">
<div class='modal-dialog'>
<div class=modal-content>
Expand All @@ -36,15 +38,17 @@ public function getPlugin()
<p>Are you Sure ?</p>
<div class=modal-footer>
<button type=button class='btn btn-default pull-left' data-dismiss=modal id=dismis>".\Lang::get('lang.close').'</button>
<a href='.url('plugin/delete/'.$model['name'])."><button class='btn btn-danger'>Delete</button></a>
<form method="delete" action='.url('plugin/delete/'.$model['name']).'>'.'<input type="hidden" name="_token" value='.\Session::token().'>'.'
<button type="submit" class="btn btn-danger">Delete</button></form>
</div>
</div>
</div>
</div>
</div>";
$action = '<br><br>'.$delete.' | '.$settings.$activate;
</div>';
$action = '<br><br>'.$delete.'<br> <br>'.$settings.'<br>'.$activate;
} else {
$action = '';
}
Expand Down
9 changes: 2 additions & 7 deletions app/Http/Controllers/Common/SettingsController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,13 +118,13 @@ public static function checkPaymentGateway($currency)
$name = '';
$allAcivePluginName = [];
$active_plugins = $plugins->where('status', 1)->get(); //get the plugins that are active
if ($active_plugins->count() > 0) {
if ($active_plugins) {
foreach ($active_plugins as $plugin) {
$models[] = \DB::table(strtolower($plugin->name))->first(); //get the table of the active plugin
$allCurrencies[] = \DB::table(strtolower($plugin->name))->pluck('currencies')->toArray(); //get the table of the active plugin
$pluginName[] = $plugin->name; //get the name of active plugin
}
if (count($models) > 0) {//If more than 1 plugin is active it will check the currencies allowed for that plugin.If the currencies allowed matches the passed arguement(currency),that plugin name is returned
if ($models) {//If more than 1 plugin is active it will check the currencies allowed for that plugin.If the currencies allowed matches the passed arguement(currency),that plugin name is returned
for ($i = 0; $i < count($pluginName); $i++) {
$curr = implode(',', $allCurrencies[$i]);
$currencies = explode(',', $curr);
Expand Down Expand Up @@ -408,11 +408,6 @@ public function getMails()
->addColumn('subject', function ($model) {
return ucfirst($model->subject);
})
// ->addColumn('headers', function ($model) {
// $headers = Markdown::convertToHtml(ucfirst($model->headers));

// return $headers;
// })
->addColumn('status', function ($model) {
return ucfirst($model->status);
})
Expand Down
Loading

0 comments on commit 9104fab

Please sign in to comment.