feat: add 24 model factories for Help, Shop, Community, Game, User domains
- Translate mixed Dutch/English strings in README.md and AlertSettings.php
- Add HasFactory trait to 23 models
- Create factories for Help (6), Shop (4), Community (5), Game (2), User (7)
- Replace closures in web.php and auth.php with dedicated controllers
(LoginRedirectController, LogoutController, TwoFactorChallengeController,
EmailVerificationController) to fix route caching issues
- Add migration to increase password column to VARCHAR(255) for Argon2id support
- Fix 500 error caused by route cache incompatibility with closures
- SystemFixService: removed ALL shell_exec/sudo calls (30+ instances), replaced with
safe PHP alternatives (mkdir, chmod, disk_total_space, Artisan calls)
- InstallationController: added ALLOWED_SETTINGS whitelist to prevent arbitrary
settings manipulation via request data
- ExceptionHandler: removed dangerous npm run build execution and hardcoded
chown/chmod paths from auto-recovery
- AuthController: fixed user enumeration timing attack by running Hash::make()
even when user doesn't exist (constant-time comparison)
- DDoSDetectionCommand: added IP validation (FILTER_VALIDATE_IP) before blocking
to prevent iptables manipulation with spoofed/malicious IPs
- trackRequest: now validates IP before storing in cache
root