Fix: Prevent unauthorized role assignment in registration

- Removed client-side 'role_id' input to prevent unauthorized role manipulation.
- Set default 'role_id' to 2 (customer) directly in `AuthController`, ensuring only authorized roles are assigned server-side.

Author: snykk

app/Http/Controllers/AuthController.php

@@ -54,7 +54,6 @@ public function registrationPost(Request $request)
             'phone' => 'required|numeric',
             'gender' => 'required',
             'address' => 'required',
-            'role_id' => 'required|numeric',
         ]);
 
         $validatedData['password'] = Hash::make($validatedData['password']);
@@ -63,6 +62,7 @@ public function registrationPost(Request $request)
             "coupon" => 0,
             "point" => 0,
             'remember_token' => Str::random(30),
+            'role_id' => 2 // value 2 for customer role
         ]);
 
         try {

resources/views/auth/register.blade.php

@@ -93,7 +93,6 @@ class="form-control @error('password_confirmation') is-invalid @enderror"
                                 <div class="text-danger">{{ $message }}</div>
                                 @enderror
                             </div>
-                            <input type="hidden" name="role_id" value="2" /> {{-- role 2 for customer --}}
                             <button type="submit" class="btn btn-info btn-block">
                                 Submit
                             </button>