Hamza/nabeh
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Deploy: 2026-05-23 03:23:22

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-23 03:23:22 +03:00
parent 30301151c3
commit d686f8928b
10 changed files with 463 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
backend/app/Controllers/WhatsAppController.php
View File

@@ -442,7 +442,27 @@ class WhatsAppController extends BaseController
} elseif ($body['state'] === 'connected') {
$updateData['qr_code'] = null; // Clear QR when connected
if (!empty($body['phone'])) {
$updateData['phone'] = $body['phone'];
// Anti-Abuse: Prevent Duplicate Phone Numbers Across Companies
$existingPhoneSession = \App\Models\WhatsAppSession::findByPhone($body['phone']);
if ($existingPhoneSession && (int)$existingPhoneSession['company_id'] !== (int)$session['company_id']) {
// This phone is already linked to another company! We must disconnect this malicious session.
$nodeUrl = 'http://127.0.0.1:3722/api/sessions/delete';
$payload = json_encode(['session_key' => $session['session_key']]);
$ch = curl_init($nodeUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);
curl_exec($ch);
curl_close($ch);
error_log("Anti-Abuse Block: Company ID {$session['company_id']} tried to link phone {$body['phone']} which is already linked to Company ID {$existingPhoneSession['company_id']}. Session disconnected.");
$updateData['status'] = 'disconnected';
$updateData['qr_code'] = null;
} else {
$updateData['phone'] = $body['phone'];
}
}
} elseif ($body['state'] === 'disconnected') {
$updateData['qr_code'] = null;