admin/sides
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): resolve F-03 — fix inverted is_blocked checkbox logic, rename to unblock_account for semantic clarity

Browse Source
This commit is contained in:
root
2026-06-02 01:07:28 +08:00
parent 725ccbbeb6
commit 4c1eb49e95
2 changed files with 8 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/app/Http/Controllers/AdminController.php
View File

@@ -189,22 +189,13 @@ class AdminController extends Controller
]); ]);
DB::transaction(function () use ($request, $validated, $userid) { DB::transaction(function () use ($request, $validated, $userid) {
if ($request->has('is_blocked')) $isBlocked = !$request->has('unblock_account');
{ DB::table('users')->where('id',$userid)
DB::table('users')->where('id',$userid) ->update([
->update([ 'is_blocked' => $isBlocked ? 1 : 0,
'is_blocked' => 0, 'login_attempts' => $isBlocked ? DB::raw('login_attempts') : 0,
'login_attempts' => 0, 'updated_at' => now(),
'updated_at' => now(), ]);
]);
}else{
DB::table('users')->where('id',$userid)
->update([
'is_blocked' => 1,
'updated_at' => now(),
]);
}
DB::table('users')->where('id',$userid) DB::table('users')->where('id',$userid)
->update([ ->update([

2
src/resources/views/layout/admin/usermgmt.blade.php
View File

@@ -129,7 +129,7 @@
<div class="col-md-6 mb-3 "> <div class="col-md-6 mb-3 ">
<label class="form-label mb-0">@lang('messages.accstatus'):</label> <label class="form-label mb-0">@lang('messages.accstatus'):</label>
<div class="form-check form-switch ms-2"> <div class="form-check form-switch ms-2">
<input type="checkbox" class="form-check-input" id="unblock{{ $row->id }}" name="is_blocked" value="0" {{ $row->is_blocked ? '' : 'checked' }}> <input type="checkbox" class="form-check-input" id="unblock{{ $row->id }}" name="unblock_account" value="1" {{ $row->is_blocked ? '' : 'checked' }}>
<label class="form-check-label" for="unblock{{ $row->id }}"> <label class="form-check-label" for="unblock{{ $row->id }}">
{{ $row->is_blocked ? __('messages.block') : __('messages.active') }} {{ $row->is_blocked ? __('messages.block') : __('messages.active') }}
</label> </label>