Low priority fixes: debug comments, Fortify cleanup, badge cost setting, profile query merge, User model fixes, VPN constructor cleanup, PayPal POST, PII removal, Dutch→English translations, duplicate rank check, CHANGELOG

app/Actions/Fortify/CreateNewUser.php

@@ -171,13 +171,11 @@ class CreateNewUser implements CreatesNewUsers
         try {
             Http::asJson()->post(is_string($discordWebhookUrl) ? $discordWebhookUrl : '', [
                 'username' => sprintf('%s Bot', is_string($hotelNameSetting) ? $hotelNameSetting : 'Hotel'),
-                'content' => "User: {$username} has just registered, with the IP: {$ip} and E-mail: {$email}",
+                'content' => "User: {$username} has just registered.",
             ]);
         } catch (\Exception $e) {
             Log::error('Failed to send Discord webhook notification', [
                 'username' => $username,
-                'ip' => $ip,
-                'email' => $email,
                 'error' => $e->getMessage(),
             ]);
         }

app/Http/Controllers/Api/HotelApiController.php

@@ -317,6 +317,10 @@ class HotelApiController extends Controller
 
         $user = $request->user();
 
+        if ($package->give_rank && $user->rank >= $package->give_rank) {
+            return response()->json(['error' => 'You already have this or a higher rank'], 400);
+        }
+
         $cost = $package->costs;
 
         if ($user->credits < $cost) {

app/Http/Controllers/Badge/BadgeController.php

@@ -12,7 +12,7 @@ class BadgeController extends Controller
 {
     public function show(): View
     {
-        $cost = 150;
+        $cost = (int) setting('badge_cost', 150);
         $currencyType = 'credits';
         $folderError = false;
         $errorMessage = '';
@@ -60,7 +60,7 @@ class BadgeController extends Controller
             return redirect()->route('login')->with('error', 'You must be logged in to purchase badges.');
         }
 
-        $cost = 150;
+        $cost = (int) setting('badge_cost', 150);
 
         if (property_exists($user, 'credits') && $user->credits !== null && $user->credits < $cost) {
             return redirect()->back()->with('error', 'You don\'t have enough credits to purchase a badge.');

app/Http/Controllers/User/ProfileController.php

@@ -20,8 +20,10 @@ class ProfileController extends Controller
             'badges',
         ]);
 
-        $showStats = (bool) (WebsiteSetting::where('key', 'profile_show_stats')->first()?->value ?? '1');
-        $showOnline = (bool) (WebsiteSetting::where('key', 'profile_show_online_status')->first()?->value ?? '1');
+        $settings = WebsiteSetting::whereIn('key', ['profile_show_stats', 'profile_show_online_status'])
+            ->pluck('value', 'key');
+        $showStats = (bool) ($settings['profile_show_stats'] ?? '1');
+        $showOnline = (bool) ($settings['profile_show_online_status'] ?? '1');
 
         return view('user.profile', [
             'user' => $user,

app/Http/Middleware/RadioApiKey.php

@@ -17,7 +17,7 @@ class RadioApiKey
 
         if (empty($key)) {
             return response()->json([
-                'error' => 'API key is verplicht. Gebruik Authorization: Bearer <key> of ?api_key=<key>',
+                'error' => 'API key is required. Use Authorization: Bearer <key> or ?api_key=<key>',
             ], 401);
         }
 
@@ -25,19 +25,19 @@ class RadioApiKey
 
         if (! $apiKey) {
             return response()->json([
-                'error' => 'API key is ongeldig of verlopen',
+                'error' => 'API key is invalid or expired',
             ], 401);
         }
 
         if (! $apiKey->isAllowedIp($request->ip())) {
             return response()->json([
-                'error' => 'IP-adres niet toegestaan voor deze API key',
+                'error' => 'IP address not allowed for this API key',
             ], 403);
         }
 
         if (! $apiKey->hasPermission($permission)) {
             return response()->json([
-                'error' => 'Geen toestemming voor deze actie',
+                'error' => 'No permission for this action',
             ], 403);
         }
 

app/Http/Middleware/VPNCheckerMiddleware.php

@@ -34,7 +34,7 @@ class VPNCheckerMiddleware
             return $this->denyAccess($request);
         }
 
-        $ipService = new IpLookupService('');
+        $ipService = new IpLookupService;
 
         $countryInfo = $ipService->getCountryInfo($userIp);
 

app/Models/User.php

@@ -128,7 +128,7 @@ class User extends Authenticatable implements FilamentUser, HasName
     protected $fillable = ['username', 'mail', 'password', 'account_created', 'last_login', 'motto', 'look', 'credits', 'last_username_change', 'auth_ticket', 'home_room', 'ip_register', 'ip_current', 'referral_code', 'preferences', 'team_id', 'avatar_background', 'home_background', 'pincode', 'secret_key', 'extra_rank', 'is_hidden', 'background_id', 'background_stand_id', 'background_overlay_id', 'radio_points', 'pixels', 'points', 'online', 'gender', 'rank', 'mail_verified', 'two_factor_secret', 'two_factor_recovery_codes', 'two_factor_confirmed_at'];
 
     #[\Override]
-    protected $hidden = ['id', 'password', 'remember_token'];
+    protected $hidden = ['password', 'remember_token'];
 
     /**
      * @return array<string, string>
@@ -394,19 +394,6 @@ class User extends Authenticatable implements FilamentUser, HasName
             ->logOnlyDirty();
     }
 
-    /**
-     * @param  array<string, mixed>  $options
-     */
-    #[\Override]
-    public function save(array $options = []): bool
-    {
-        if (! $this->isDirty()) {
-            return false;
-        }
-
-        return parent::save($options);
-    }
-
     public function hasAppliedForTeam(int $teamId): bool
     {
         if ($teamId === 0) {