lundi 19 octobre 2020

Where is security bug? [closed]

I'm using laravel 5.1. This is the code of custom function so users can transfer coins.

<?php
public function postCoinTransfer( Request $request )
{
    $user = Auth::user();
    $validator = Validator::make( $request->all(), [
        'recipient' => 'required|min:1|max:20',
        'amount' => 'required|numeric|integer'
    ]);

    if ( $validator->fails() )
    {
        return redirect( 'account/settings#transfer' )
            ->withErrors( $validator )
            ->withInput();
    }

    $username = $request->recipient;
    $amount = $request->amount;

    if ($user->name == $username)
    {
        flash()->error( 'You can\'t transfer coins to yourself.' );
        return redirect()->back();

    }

    if (($amount <= 0) || ($amount > 9999))
    {
        flash()->error( 'Amount should be from 1 to 9999 Coins.' );
        return redirect()->back();
    }
    if ($amount > $user->money)
    {
        flash()->error( 'Sorry, not enough coins to make this transaction.' );
        return redirect()->back();
    }

    $recipient = User::where('name', $username) -> first();
    if (!$recipient)
    {
        flash()->error( 'Can\'t find this user.' );
        return redirect()->back();

    }
    Coin::create([
        'sender_id' => $user->ID,
        'recipient_id' => $recipient->ID,
        'amount' => $amount
    ]);

    $user = Auth::user();
    $user->money = $user->money - $amount;
    $user->save();

    $recipient->money = $recipient->money + $amount;
    $recipient->save();

    flash()->success( 'Coins sent successfully.' );
    return redirect( 'account/settings#transfer' );
}

Recently I saw this one in my database. Logs

User with ID 1456 has transferred the coins to himself. And this actions created unlimited and free coins for him. How to fix this bug please?



via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire