diff --git a/app/Http/Controllers/AccountController.php b/app/Http/Controllers/AccountController.php index 0adf061e7..13d5dc030 100644 --- a/app/Http/Controllers/AccountController.php +++ b/app/Http/Controllers/AccountController.php @@ -65,21 +65,18 @@ class AccountController extends Controller public function sendVerifyEmail(Request $request) { - $timeLimit = Carbon::now()->subDays(1)->toDateTimeString(); $recentAttempt = EmailVerification::whereUserId(Auth::id()) - ->where('created_at', '>', $timeLimit)->count(); - $exists = EmailVerification::whereUserId(Auth::id())->count(); + ->whereDate('created_at', '>', now()->subHours(12))->count(); - if ($recentAttempt == 1 && $exists == 1) { + if ($recentAttempt > 0) { return redirect()->back()->with('error', 'A verification email has already been sent recently. Please check your email, or try again later.'); - } elseif ($recentAttempt == 0 && $exists !== 0) { - // Delete old verification and send new one. - EmailVerification::whereUserId(Auth::id())->delete(); - } + } + + EmailVerification::whereUserId(Auth::id())->delete(); $user = User::whereNull('email_verified_at')->find(Auth::id()); - $utoken = hash('sha512', $user->id); - $rtoken = str_random(40); + $utoken = str_random(40); + $rtoken = str_random(128); $verify = new EmailVerification(); $verify->user_id = $user->id; @@ -99,12 +96,16 @@ class AccountController extends Controller ->where('random_token', $randomToken) ->firstOrFail(); - if (Auth::id() === $verify->user_id) { + if (Auth::id() === $verify->user_id && + $verify->user_token === $userToken && + $verify->random_token === $randomToken) { $user = User::find(Auth::id()); $user->email_verified_at = Carbon::now(); $user->save(); return redirect('/'); + } else { + abort(403); } }