Deploy: 2026-05-21 01:58:32

2026-05-21 01:58:32 +03:00
parent 16d494b4e1
commit aae860486a
11 changed files with 263 additions and 38 deletions
--- a/backend/app/Controllers/AuthController.php
+++ b/backend/app/Controllers/AuthController.php
@@ -39,13 +39,13 @@ class AuthController extends BaseController
        try {
            // Create Company
            $companyId = Company::create([
-                'name' => htmlspecialchars(strip_tags($data['company_name']))
+                'name' => $data['company_name']
            ]);

            // Create Admin User for this Company
            $userId = User::createSecure([
                'company_id' => $companyId,
-                'name'       => htmlspecialchars(strip_tags($data['user_name'])),
+                'name'       => $data['user_name'],
                'email'      => strtolower(trim($data['email'])),
                'password'   => $data['password'],
                'role'       => 'admin'
@@ -127,7 +127,7 @@ class AuthController extends BaseController
    {
        $user = User::find($request->user_id);
        
-        if (!$user) {
+        if (!$user || (int)$user['company_id'] !== (int)$request->company_id) {
            $response->json(['error' => 'User not found'], 404);
            return;
        }