2017-03-11 02:51:06 +07:00
< ? php
2023-10-24 12:27:30 +07:00
2017-03-11 02:51:06 +07:00
/**
2023-10-12 15:55:42 +07:00
* PHP Mikrotik Billing ( https :// github . com / hotspotbilling / phpnuxbill / )
* by https :// t . me / ibnux
2021-11-08 19:56:30 +07:00
**/
2017-03-11 02:51:06 +07:00
_admin ();
2024-02-13 13:54:01 +07:00
$ui -> assign ( '_title' , Lang :: T ( 'Settings' ));
2017-03-11 02:51:06 +07:00
$ui -> assign ( '_system_menu' , 'settings' );
$action = $routes [ '1' ];
$ui -> assign ( '_admin' , $admin );
switch ( $action ) {
2024-07-15 14:11:19 +07:00
case 'docs' :
$d = ORM :: for_table ( 'tbl_appconfig' ) -> where ( 'setting' , 'docs_clicked' ) -> find_one ();
if ( $d ) {
$d -> value = 'yes' ;
$d -> save ();
} else {
$d = ORM :: for_table ( 'tbl_appconfig' ) -> create ();
$d -> setting = 'docs_clicked' ;
$d -> value = 'yes' ;
$d -> save ();
}
r2 ( './docs' );
break ;
2024-07-05 21:31:23 +07:00
case 'devices' :
$files = scandir ( $DEVICE_PATH );
$devices = [];
foreach ( $files as $file ) {
$ext = pathinfo ( $file , PATHINFO_EXTENSION );
if ( $ext == 'php' ) {
$dev = pathinfo ( $file , PATHINFO_FILENAME );
require_once $DEVICE_PATH . DIRECTORY_SEPARATOR . $file ;
$dvc = new $dev ;
2024-10-11 16:11:03 +01:00
if ( method_exists ( $dvc , 'description' )) {
2024-07-05 21:31:23 +07:00
$arr = $dvc -> description ();
$arr [ 'file' ] = $dev ;
$devices [] = $arr ;
2024-10-11 16:11:03 +01:00
} else {
2024-07-05 21:31:23 +07:00
$devices [] = [
'title' => $dev ,
'description' => '' ,
'author' => 'unknown' ,
'url' => [],
'file' => $dev
];
}
}
}
$ui -> assign ( 'devices' , $devices );
$ui -> display ( 'app-devices.tpl' );
break ;
2017-03-11 02:51:06 +07:00
case 'app' :
2024-02-12 17:02:43 +07:00
if ( ! in_array ( $admin [ 'user_type' ], [ 'SuperAdmin' , 'Admin' ])) {
2024-02-26 14:38:04 +07:00
_alert ( Lang :: T ( 'You do not have permission to access this page' ), 'danger' , " dashboard " );
2021-11-08 19:56:30 +07:00
}
2024-01-24 14:02:58 +07:00
if ( ! empty ( _get ( 'testWa' ))) {
$result = Message :: sendWhatsapp ( _get ( 'testWa' ), 'PHPNuxBill Test Whatsapp' );
r2 ( U . " settings/app " , 's' , 'Test Whatsapp has been send<br>Result: ' . $result );
}
if ( ! empty ( _get ( 'testSms' ))) {
$result = Message :: sendSMS ( _get ( 'testSms' ), 'PHPNuxBill Test SMS' );
r2 ( U . " settings/app " , 's' , 'Test SMS has been send<br>Result: ' . $result );
}
2024-03-27 14:32:55 +07:00
if ( ! empty ( _get ( 'testEmail' ))) {
Message :: sendEmail ( _get ( 'testEmail' ), 'PHPNuxBill Test Email' , 'PHPNuxBill Test Email Body' );
r2 ( U . " settings/app " , 's' , 'Test Email has been send' );
}
2024-01-24 14:02:58 +07:00
if ( ! empty ( _get ( 'testTg' ))) {
$result = Message :: sendTelegram ( 'PHPNuxBill Test Telegram' );
r2 ( U . " settings/app " , 's' , 'Test Telegram has been send<br>Result: ' . $result );
}
2024-03-26 14:39:28 +07:00
$UPLOAD_URL_PATH = str_replace ( $root_path , '' , $UPLOAD_PATH );
2024-02-26 14:38:04 +07:00
if ( file_exists ( $UPLOAD_PATH . DIRECTORY_SEPARATOR . 'logo.png' )) {
2024-03-01 09:37:13 +07:00
$logo = $UPLOAD_URL_PATH . DIRECTORY_SEPARATOR . 'logo.png?' . time ();
2023-08-30 09:55:39 +07:00
} else {
2024-03-01 09:37:13 +07:00
$logo = $UPLOAD_URL_PATH . DIRECTORY_SEPARATOR . 'logo.default.png' ;
2023-08-30 09:55:39 +07:00
}
$ui -> assign ( 'logo' , $logo );
2024-11-11 17:42:57 +01:00
2024-11-16 16:59:42 +01:00
$login_logo = ( file_exists ( $UPLOAD_URL_PATH . DIRECTORY_SEPARATOR . 'login-logo.png' )) ? $UPLOAD_URL_PATH . DIRECTORY_SEPARATOR . 'login-logo.png' : $UPLOAD_URL_PATH . DIRECTORY_SEPARATOR . 'login-logo.default.png' ;
2024-11-11 17:42:57 +01:00
$ui -> assign ( 'login_logo' , $login_logo );
2024-11-11 19:54:44 +01:00
$wallpaper = ( file_exists ( $UPLOAD_URL_PATH . DIRECTORY_SEPARATOR . 'wallpaper.png' )) ? $UPLOAD_URL_PATH . DIRECTORY_SEPARATOR . 'wallpaper.png' : $UPLOAD_URL_PATH . DIRECTORY_SEPARATOR . 'wallpaper.default.png' ;
2024-11-11 17:42:57 +01:00
$ui -> assign ( 'wallpaper' , $wallpaper );
2024-11-11 19:54:44 +01:00
$favicon = ( file_exists ( $UPLOAD_PATH . DIRECTORY_SEPARATOR . 'favicon.png' )) ? $UPLOAD_URL_PATH . DIRECTORY_SEPARATOR . 'favicon.png' : $UPLOAD_URL_PATH . DIRECTORY_SEPARATOR . 'favicon.default.png' ;
2024-11-11 17:42:57 +01:00
$ui -> assign ( 'favicon' , $favicon );
2023-10-12 16:15:50 +07:00
$themes = [];
$files = scandir ( 'ui/themes/' );
foreach ( $files as $file ) {
if ( is_dir ( 'ui/themes/' . $file ) && ! in_array ( $file , [ '.' , '..' ])) {
$themes [] = $file ;
}
}
2024-11-11 17:42:57 +01:00
$template_files = glob ( 'ui/ui/customer/login-custom-*.tpl' );
$templates = [];
foreach ( $template_files as $file ) {
$parts = explode ( '-' , basename ( $file , '.tpl' ));
$template_identifier = $parts [ 2 ] ? ? 'unknown' ;
$templates [] = [
'filename' => basename ( $file ),
'value' => $template_identifier ,
'name' => str_replace ( '_' , ' ' , ucfirst ( $template_identifier ))
];
}
2023-12-11 14:12:12 +07:00
$r = ORM :: for_table ( 'tbl_routers' ) -> find_many ();
$ui -> assign ( 'r' , $r );
if ( function_exists ( " shell_exec " )) {
$php = trim ( shell_exec ( 'which php' ));
if ( empty ( $php )) {
$php = 'php' ;
}
} else {
2023-10-17 16:51:53 +07:00
$php = 'php' ;
}
2024-02-19 16:28:55 +07:00
if ( empty ( $config [ 'api_key' ])) {
$config [ 'api_key' ] = sha1 ( uniqid ( rand (), true ));
$d = ORM :: for_table ( 'tbl_appconfig' ) -> where ( 'setting' , 'api_key' ) -> find_one ();
if ( $d ) {
$d -> value = $config [ 'api_key' ];
$d -> save ();
} else {
$d = ORM :: for_table ( 'tbl_appconfig' ) -> create ();
$d -> setting = 'api_key' ;
$d -> value = $config [ 'api_key' ];
$d -> save ();
}
}
2024-11-21 18:08:51 +07:00
if ( empty ( $config [ 'mikrotik_sms_command' ])){
$config [ 'mikrotik_sms_command' ] = " /tool sms send " ;
}
2024-11-11 17:42:57 +01:00
$ui -> assign ( 'template_files' , $templates );
2024-02-19 16:28:55 +07:00
$ui -> assign ( '_c' , $config );
2023-10-17 16:51:53 +07:00
$ui -> assign ( 'php' , $php );
2023-10-24 12:27:30 +07:00
$ui -> assign ( 'dir' , str_replace ( 'controllers' , '' , __DIR__ ));
2023-10-12 16:15:50 +07:00
$ui -> assign ( 'themes' , $themes );
2022-09-18 00:00:40 +07:00
run_hook ( 'view_app_settings' ); #HOOK
2024-10-11 16:11:03 +01:00
$csrf_token = Csrf :: generateAndStoreToken ();
$ui -> assign ( 'csrf_token' , $csrf_token );
2017-03-11 02:51:06 +07:00
$ui -> display ( 'app-settings.tpl' );
break ;
2021-11-08 19:56:30 +07:00
2024-02-19 16:28:55 +07:00
case 'app-post' :
2024-02-26 11:01:54 +07:00
if ( ! in_array ( $admin [ 'user_type' ], [ 'SuperAdmin' , 'Admin' ])) {
2024-02-26 14:38:04 +07:00
_alert ( Lang :: T ( 'You do not have permission to access this page' ), 'danger' , " dashboard " );
2024-02-26 11:01:54 +07:00
}
2024-10-11 16:11:03 +01:00
$csrf_token = _post ( 'csrf_token' );
if ( ! Csrf :: check ( $csrf_token )) {
r2 ( U . 'settings/app' , 'e' , Lang :: T ( 'Invalid or Expired CSRF Token' ) . " . " );
}
2024-02-19 16:28:55 +07:00
$company = _post ( 'CompanyName' );
2024-07-14 09:55:25 +01:00
$custom_tax_rate = filter_var ( _post ( 'custom_tax_rate' ), FILTER_SANITIZE_SPECIAL_CHARS );
if ( preg_match ( '/[^0-9.]/' , $custom_tax_rate )) {
r2 ( U . 'settings/app' , 'e' , 'Special characters are not allowed in tax rate' );
2024-07-14 09:59:10 +01:00
die ();
2024-07-14 09:55:25 +01:00
}
2024-02-19 16:28:55 +07:00
run_hook ( 'save_settings' ); #HOOK
if ( ! empty ( $_FILES [ 'logo' ][ 'name' ])) {
if ( function_exists ( 'imagecreatetruecolor' )) {
2024-02-26 14:38:04 +07:00
if ( file_exists ( $UPLOAD_PATH . DIRECTORY_SEPARATOR . 'logo.png' )) unlink ( $UPLOAD_PATH . DIRECTORY_SEPARATOR . 'logo.png' );
File :: resizeCropImage ( $_FILES [ 'logo' ][ 'tmp_name' ], $UPLOAD_PATH . DIRECTORY_SEPARATOR . 'logo.png' , 1078 , 200 , 100 );
2024-02-19 16:28:55 +07:00
if ( file_exists ( $_FILES [ 'logo' ][ 'tmp_name' ])) unlink ( $_FILES [ 'logo' ][ 'tmp_name' ]);
} else {
r2 ( U . 'settings/app' , 'e' , 'PHP GD is not installed' );
}
}
2024-10-23 08:28:00 +01:00
if ( $_POST [ 'general' ] && $company == '' ) {
2024-02-19 16:28:55 +07:00
r2 ( U . 'settings/app' , 'e' , Lang :: T ( 'All field is required' ));
} else {
if ( $radius_enable ) {
try {
2024-06-07 17:21:29 +07:00
require_once $DEVICE_PATH . DIRECTORY_SEPARATOR . " Radius.php " ;
( new Radius ()) -> getTableNas () -> find_many ();
2024-02-19 16:28:55 +07:00
} catch ( Exception $e ) {
$ui -> assign ( " error_title " , " RADIUS Error " );
$ui -> assign ( " error_message " , " Radius table not found.<br><br> " .
$e -> getMessage () .
" <br><br>Download <a href= \" https://raw.githubusercontent.com/hotspotbilling/phpnuxbill/Development/install/radius.sql \" >here</a> or <a href= \" https://raw.githubusercontent.com/hotspotbilling/phpnuxbill/master/install/radius.sql \" >here</a> and import it to database.<br><br>Check config.php for radius connection details " );
2024-08-30 11:44:57 +07:00
$ui -> display ( 'error.tpl' );
2024-02-19 16:28:55 +07:00
die ();
}
}
2024-10-11 16:11:03 +01:00
// Save all settings including tax system
2024-07-27 00:56:48 +01:00
$enable_session_timeout = isset ( $_POST [ 'enable_session_timeout' ]) ? 1 : 0 ;
$_POST [ 'enable_session_timeout' ] = $enable_session_timeout ;
2024-02-19 16:28:55 +07:00
foreach ( $_POST as $key => $value ) {
$d = ORM :: for_table ( 'tbl_appconfig' ) -> where ( 'setting' , $key ) -> find_one ();
if ( $d ) {
$d -> value = $value ;
$d -> save ();
} else {
$d = ORM :: for_table ( 'tbl_appconfig' ) -> create ();
$d -> setting = $key ;
$d -> value = $value ;
$d -> save ();
}
}
_log ( '[' . $admin [ 'username' ] . ']: ' . Lang :: T ( 'Settings Saved Successfully' ), $admin [ 'user_type' ], $admin [ 'id' ]);
r2 ( U . 'settings/app' , 's' , Lang :: T ( 'Settings Saved Successfully' ));
}
break ;
2024-11-11 17:42:57 +01:00
case 'login-page-post' :
// Login page post
$login_page_title = _post ( 'login_page_head' );
$login_page_description = _post ( 'login_page_description' );
$login_Page_template = _post ( 'login_Page_template' );
$login_page_type = _post ( 'login_page_type' );
$csrf_token = _post ( 'csrf_token' );
if ( ! Csrf :: check ( $csrf_token )) {
r2 ( U . 'settings/app' , 'e' , Lang :: T ( 'Invalid or Expired CSRF Token' ) . " . " );
}
$image_paths = [];
if ( $login_page_type == 'custom' && ( empty ( $login_Page_template ) || empty ( $login_page_title ) || empty ( $login_page_description ))) {
r2 ( U . 'settings/app' , 'e' , 'Please fill all required fields' );
return ;
}
if ( strlen ( $login_page_title ) > 25 ) {
r2 ( U . 'settings/app' , 'e' , 'Login page title must not exceed 25 characters' );
return ;
}
2024-11-11 19:54:44 +01:00
if ( strlen ( $login_page_description ) > 50 ) {
r2 ( U . 'settings/app' , 'e' , 'Login page description must not exceed 50 characters' );
2024-11-11 17:42:57 +01:00
return ;
}
$settings = [
'login_page_head' => $login_page_title ,
'login_page_description' => $login_page_description ,
'login_Page_template' => $login_Page_template ,
'login_page_type' => $login_page_type ,
];
if ( $_FILES [ 'login_page_favicon' ][ 'name' ] != '' ) {
$favicon_type = $_FILES [ 'login_page_favicon' ][ 'type' ];
if ( in_array ( $favicon_type , [ 'image/jpeg' , 'image/png' ]) && preg_match ( '/\.(jpg|jpeg|png)$/i' , $_FILES [ 'login_page_favicon' ][ 'name' ])) {
$favicon_path = $UPLOAD_PATH . DIRECTORY_SEPARATOR . 'favicon.png' ;
2024-11-11 19:54:44 +01:00
File :: resizeCropImage ( $_FILES [ 'login_page_favicon' ][ 'tmp_name' ], $favicon_path , 16 , 16 , 100 );
2024-11-11 17:42:57 +01:00
$image_paths [ 'favicon' ] = $favicon_path ;
if ( file_exists ( $_FILES [ 'login_page_favicon' ][ 'tmp_name' ])) unlink ( $_FILES [ 'login_page_favicon' ][ 'tmp_name' ]);
} else {
r2 ( U . 'settings/app' , 'e' , 'Favicon must be a JPG, JPEG, or PNG image.' );
}
}
if ( $_FILES [ 'login_page_wallpaper' ][ 'name' ] != '' ) {
$wallpaper_type = $_FILES [ 'login_page_wallpaper' ][ 'type' ];
if ( in_array ( $wallpaper_type , [ 'image/jpeg' , 'image/png' ]) && preg_match ( '/\.(jpg|jpeg|png)$/i' , $_FILES [ 'login_page_wallpaper' ][ 'name' ])) {
$wallpaper_path = $UPLOAD_PATH . DIRECTORY_SEPARATOR . 'wallpaper.png' ;
File :: resizeCropImage ( $_FILES [ 'login_page_wallpaper' ][ 'tmp_name' ], $wallpaper_path , 1920 , 1080 , 100 );
$image_paths [ 'wallpaper' ] = $wallpaper_path ;
if ( file_exists ( $_FILES [ 'login_page_wallpaper' ][ 'tmp_name' ])) unlink ( $_FILES [ 'login_page_wallpaper' ][ 'tmp_name' ]);
} else {
r2 ( U . 'settings/app' , 'e' , 'Wallpaper must be a JPG, JPEG, or PNG image.' );
}
}
if ( $_FILES [ 'login_page_logo' ][ 'name' ] != '' ) {
$logo_type = $_FILES [ 'login_page_logo' ][ 'type' ];
if ( in_array ( $logo_type , [ 'image/jpeg' , 'image/png' ]) && preg_match ( '/\.(jpg|jpeg|png)$/i' , $_FILES [ 'login_page_logo' ][ 'name' ])) {
$logo_path = $UPLOAD_PATH . DIRECTORY_SEPARATOR . 'login-logo.png' ;
File :: resizeCropImage ( $_FILES [ 'login_page_logo' ][ 'tmp_name' ], $logo_path , 300 , 60 , 100 );
$image_paths [ 'logo' ] = $logo_path ;
if ( file_exists ( $_FILES [ 'login_page_logo' ][ 'tmp_name' ])) unlink ( $_FILES [ 'login_page_logo' ][ 'tmp_name' ]);
} else {
r2 ( U . 'settings/app' , 'e' , 'Logo must be a JPG, JPEG, or PNG image.' );
}
}
foreach ( $settings as $key => $value ) {
$d = ORM :: for_table ( 'tbl_appconfig' ) -> where ( 'setting' , $key ) -> find_one ();
if ( $d ) {
$d -> value = $value ;
$d -> save ();
} else {
$d = ORM :: for_table ( 'tbl_appconfig' ) -> create ();
$d -> setting = $key ;
$d -> value = $value ;
$d -> save ();
}
}
_log ( '[' . $admin [ 'username' ] . ']: ' . Lang :: T ( 'Login Page Settings Saved Successfully' ), $admin [ 'user_type' ], $admin [ 'id' ]);
r2 ( U . 'settings/app' , 's' , Lang :: T ( 'Login Page Settings Saved Successfully' ));
break ;
2017-03-11 02:51:06 +07:00
case 'localisation' :
2024-02-12 17:02:43 +07:00
if ( ! in_array ( $admin [ 'user_type' ], [ 'SuperAdmin' , 'Admin' ])) {
2024-02-26 14:38:04 +07:00
_alert ( Lang :: T ( 'You do not have permission to access this page' ), 'danger' , " dashboard " );
2024-02-13 13:54:01 +07:00
}
2024-02-13 17:41:55 +07:00
$folders = [];
$files = scandir ( 'system/lan/' );
foreach ( $files as $file ) {
2024-02-15 16:13:55 +07:00
if ( is_file ( 'system/lan/' . $file ) && ! in_array ( $file , [ 'index.html' , 'country.json' , '.DS_Store' ])) {
2024-02-13 17:41:55 +07:00
$file = str_replace ( " .json " , " " , $file );
$folders [ $file ] = '' ;
}
}
$ui -> assign ( 'lani' , $folders );
$lans = Lang :: getIsoLang ();
foreach ( $lans as $lan => $val ) {
2024-02-15 16:13:55 +07:00
if ( isset ( $folders [ $lan ])) {
2024-02-13 17:41:55 +07:00
unset ( $lans [ $lan ]);
}
}
$ui -> assign ( 'lan' , $lans );
2017-03-11 02:51:06 +07:00
$timezonelist = Timezone :: timezoneList ();
2021-11-08 19:56:30 +07:00
$ui -> assign ( 'tlist' , $timezonelist );
2017-03-11 02:51:06 +07:00
$ui -> assign ( 'xjq' , ' $("#tzone").select2(); ' );
2022-09-18 00:00:40 +07:00
run_hook ( 'view_localisation' ); #HOOK
2024-10-11 16:11:03 +01:00
$csrf_token = Csrf :: generateAndStoreToken ();
$ui -> assign ( 'csrf_token' , $csrf_token );
2017-03-11 02:51:06 +07:00
$ui -> display ( 'app-localisation.tpl' );
break ;
2021-11-08 19:56:30 +07:00
2024-02-19 16:28:55 +07:00
case 'localisation-post' :
2024-02-26 11:01:54 +07:00
if ( ! in_array ( $admin [ 'user_type' ], [ 'SuperAdmin' , 'Admin' ])) {
2024-02-26 14:38:04 +07:00
_alert ( Lang :: T ( 'You do not have permission to access this page' ), 'danger' , " dashboard " );
2024-02-26 11:01:54 +07:00
}
2024-10-11 16:11:03 +01:00
$csrf_token = _post ( 'csrf_token' );
if ( ! Csrf :: check ( $csrf_token )) {
r2 ( U . 'settings/app' , 'e' , Lang :: T ( 'Invalid or Expired CSRF Token' ) . " . " );
}
2024-02-19 16:28:55 +07:00
$tzone = _post ( 'tzone' );
$date_format = _post ( 'date_format' );
$country_code_phone = _post ( 'country_code_phone' );
$lan = _post ( 'lan' );
run_hook ( 'save_localisation' ); #HOOK
if ( $tzone == '' or $date_format == '' or $lan == '' ) {
r2 ( U . 'settings/app' , 'e' , Lang :: T ( 'All field is required' ));
} else {
$d = ORM :: for_table ( 'tbl_appconfig' ) -> where ( 'setting' , 'timezone' ) -> find_one ();
$d -> value = $tzone ;
$d -> save ();
$d = ORM :: for_table ( 'tbl_appconfig' ) -> where ( 'setting' , 'date_format' ) -> find_one ();
$d -> value = $date_format ;
$d -> save ();
$dec_point = $_POST [ 'dec_point' ];
if ( strlen ( $dec_point ) == '1' ) {
$d = ORM :: for_table ( 'tbl_appconfig' ) -> where ( 'setting' , 'dec_point' ) -> find_one ();
$d -> value = $dec_point ;
$d -> save ();
}
$thousands_sep = $_POST [ 'thousands_sep' ];
if ( strlen ( $thousands_sep ) == '1' ) {
$d = ORM :: for_table ( 'tbl_appconfig' ) -> where ( 'setting' , 'thousands_sep' ) -> find_one ();
$d -> value = $thousands_sep ;
$d -> save ();
}
$d = ORM :: for_table ( 'tbl_appconfig' ) -> where ( 'setting' , 'country_code_phone' ) -> find_one ();
if ( $d ) {
$d -> value = $country_code_phone ;
$d -> save ();
} else {
$d = ORM :: for_table ( 'tbl_appconfig' ) -> create ();
$d -> setting = 'country_code_phone' ;
$d -> value = $country_code_phone ;
$d -> save ();
}
$d = ORM :: for_table ( 'tbl_appconfig' ) -> where ( 'setting' , 'radius_plan' ) -> find_one ();
if ( $d ) {
$d -> value = _post ( 'radius_plan' );
$d -> save ();
} else {
$d = ORM :: for_table ( 'tbl_appconfig' ) -> create ();
$d -> setting = 'radius_plan' ;
$d -> value = _post ( 'radius_plan' );
$d -> save ();
}
$d = ORM :: for_table ( 'tbl_appconfig' ) -> where ( 'setting' , 'hotspot_plan' ) -> find_one ();
if ( $d ) {
$d -> value = _post ( 'hotspot_plan' );
$d -> save ();
} else {
$d = ORM :: for_table ( 'tbl_appconfig' ) -> create ();
$d -> setting = 'hotspot_plan' ;
$d -> value = _post ( 'hotspot_plan' );
$d -> save ();
}
$d = ORM :: for_table ( 'tbl_appconfig' ) -> where ( 'setting' , 'pppoe_plan' ) -> find_one ();
if ( $d ) {
$d -> value = _post ( 'pppoe_plan' );
$d -> save ();
} else {
$d = ORM :: for_table ( 'tbl_appconfig' ) -> create ();
$d -> setting = 'pppoe_plan' ;
$d -> value = _post ( 'pppoe_plan' );
$d -> save ();
}
2024-10-11 16:11:03 +01:00
$d = ORM :: for_table ( 'tbl_appconfig' ) -> where ( 'setting' , 'vpn_plan' ) -> find_one ();
2024-09-13 00:43:46 +07:00
if ( $d ) {
$d -> value = _post ( 'vpn_plan' );
$d -> save ();
} else {
$d = ORM :: for_table ( 'tbl_appconfig' ) -> create ();
$d -> setting = 'vpn_plan' ;
$d -> value = _post ( 'vpn_plan' );
$d -> save ();
}
2024-02-19 16:28:55 +07:00
$currency_code = $_POST [ 'currency_code' ];
$d = ORM :: for_table ( 'tbl_appconfig' ) -> where ( 'setting' , 'currency_code' ) -> find_one ();
$d -> value = $currency_code ;
$d -> save ();
$d = ORM :: for_table ( 'tbl_appconfig' ) -> where ( 'setting' , 'language' ) -> find_one ();
$d -> value = $lan ;
$d -> save ();
2024-06-21 16:51:38 +07:00
_log ( '[' . $admin [ 'username' ] . ']: ' . 'Settings Saved Successfully' , $admin [ 'user_type' ], $admin [ 'id' ]);
r2 ( U . 'settings/localisation' , 's' , 'Settings Saved Successfully' );
2024-02-19 16:28:55 +07:00
}
break ;
2017-03-11 02:51:06 +07:00
case 'users' :
2024-02-15 16:13:55 +07:00
if ( ! in_array ( $admin [ 'user_type' ], [ 'SuperAdmin' , 'Admin' , 'Agent' ])) {
2024-02-26 14:38:04 +07:00
_alert ( Lang :: T ( 'You do not have permission to access this page' ), 'danger' , " dashboard " );
2021-11-08 19:56:30 +07:00
}
2024-02-16 17:25:54 +07:00
$search = _req ( 'search' );
if ( $search != '' ) {
2024-02-15 16:13:55 +07:00
if ( $admin [ 'user_type' ] == 'SuperAdmin' ) {
2024-03-26 14:39:28 +07:00
$query = ORM :: for_table ( 'tbl_users' )
2024-03-27 09:44:48 +07:00
-> where_like ( 'username' , '%' . $search . '%' )
-> order_by_asc ( 'id' );
$d = Paginator :: findMany ( $query , [ 'search' => $search ]);
2024-02-15 16:13:55 +07:00
} else if ( $admin [ 'user_type' ] == 'Admin' ) {
2024-03-26 14:39:28 +07:00
$query = ORM :: for_table ( 'tbl_users' )
-> where_like ( 'username' , '%' . $search . '%' ) -> where_any_is ([
2024-02-15 16:13:55 +07:00
[ 'user_type' => 'Report' ],
[ 'user_type' => 'Agent' ],
2024-02-20 10:58:50 +07:00
[ 'user_type' => 'Sales' ],
[ 'id' => $admin [ 'id' ]]
2024-03-27 09:44:48 +07:00
]) -> order_by_asc ( 'id' );
$d = Paginator :: findMany ( $query , [ 'search' => $search ]);
2024-02-15 16:13:55 +07:00
} else {
2024-03-26 14:39:28 +07:00
$query = ORM :: for_table ( 'tbl_users' )
2024-02-16 17:25:54 +07:00
-> where_like ( 'username' , '%' . $search . '%' )
-> where_any_is ([
[ 'id' => $admin [ 'id' ]],
[ 'root' => $admin [ 'id' ]]
2024-03-27 09:44:48 +07:00
]) -> order_by_asc ( 'id' );
$d = Paginator :: findMany ( $query , [ 'search' => $search ]);
2024-02-15 16:13:55 +07:00
}
2021-11-08 19:56:30 +07:00
} else {
2024-02-15 16:13:55 +07:00
if ( $admin [ 'user_type' ] == 'SuperAdmin' ) {
2024-03-27 09:44:48 +07:00
$query = ORM :: for_table ( 'tbl_users' ) -> order_by_asc ( 'id' );
$d = Paginator :: findMany ( $query );
2024-02-15 16:13:55 +07:00
} else if ( $admin [ 'user_type' ] == 'Admin' ) {
2024-03-26 14:39:28 +07:00
$query = ORM :: for_table ( 'tbl_users' ) -> where_any_is ([
2024-02-15 16:13:55 +07:00
[ 'user_type' => 'Report' ],
[ 'user_type' => 'Agent' ],
2024-02-20 10:58:50 +07:00
[ 'user_type' => 'Sales' ],
[ 'id' => $admin [ 'id' ]]
2024-03-27 09:44:48 +07:00
]) -> order_by_asc ( 'id' );
$d = Paginator :: findMany ( $query );
2024-02-15 16:13:55 +07:00
} else {
2024-03-26 14:39:28 +07:00
$query = ORM :: for_table ( 'tbl_users' )
2024-02-16 16:54:13 +07:00
-> where_any_is ([
[ 'id' => $admin [ 'id' ]],
[ 'root' => $admin [ 'id' ]]
2024-03-27 09:44:48 +07:00
]) -> order_by_asc ( 'id' );
$d = Paginator :: findMany ( $query );
2024-02-15 16:13:55 +07:00
}
2021-11-08 19:56:30 +07:00
}
2024-02-16 17:25:54 +07:00
$admins = [];
foreach ( $d as $k ) {
2024-02-19 14:24:34 +07:00
if ( ! empty ( $k [ 'root' ])) {
2024-02-16 17:25:54 +07:00
$admins [] = $k [ 'root' ];
}
}
2024-02-19 14:24:34 +07:00
if ( count ( $admins ) > 0 ) {
2024-02-19 16:28:55 +07:00
$adms = ORM :: for_table ( 'tbl_users' ) -> where_in ( 'id' , $admins ) -> findArray ();
2024-02-16 17:25:54 +07:00
unset ( $admins );
2024-02-19 14:24:34 +07:00
foreach ( $adms as $adm ) {
2024-02-16 17:25:54 +07:00
$admins [ $adm [ 'id' ]] = $adm [ 'fullname' ];
}
}
$ui -> assign ( 'admins' , $admins );
2021-11-08 19:56:30 +07:00
$ui -> assign ( 'd' , $d );
2024-02-16 17:25:54 +07:00
$ui -> assign ( 'search' , $search );
2022-09-18 00:00:40 +07:00
run_hook ( 'view_list_admin' ); #HOOK
2024-10-11 16:11:03 +01:00
$csrf_token = Csrf :: generateAndStoreToken ();
$ui -> assign ( 'csrf_token' , $csrf_token );
2024-08-21 13:39:06 +07:00
$ui -> display ( 'admin.tpl' );
2017-03-11 02:51:06 +07:00
break ;
case 'users-add' :
2024-02-15 16:13:55 +07:00
if ( ! in_array ( $admin [ 'user_type' ], [ 'SuperAdmin' , 'Admin' , 'Agent' ])) {
2024-02-26 14:38:04 +07:00
_alert ( Lang :: T ( 'You do not have permission to access this page' ), 'danger' , " dashboard " );
2021-11-08 19:56:30 +07:00
}
2024-10-11 16:11:03 +01:00
$csrf_token = Csrf :: generateAndStoreToken ();
$ui -> assign ( 'csrf_token' , $csrf_token );
2024-02-15 16:13:55 +07:00
$ui -> assign ( '_title' , Lang :: T ( 'Add User' ));
2024-02-19 09:10:01 +07:00
$ui -> assign ( 'agents' , ORM :: for_table ( 'tbl_users' ) -> where ( 'user_type' , 'Agent' ) -> find_many ());
2024-08-21 13:39:06 +07:00
$ui -> display ( 'admin-add.tpl' );
2017-03-11 02:51:06 +07:00
break ;
2024-02-19 14:24:34 +07:00
case 'users-view' :
$ui -> assign ( '_title' , Lang :: T ( 'Edit User' ));
$id = $routes [ '2' ];
if ( empty ( $id )) {
$id = $admin [ 'id' ];
}
//allow see himself
if ( $admin [ 'id' ] == $id ) {
2024-02-19 16:28:55 +07:00
$d = ORM :: for_table ( 'tbl_users' ) -> where ( 'id' , $id ) -> find_array ( $id )[ 0 ];
2024-02-19 14:24:34 +07:00
} else {
if ( in_array ( $admin [ 'user_type' ], [ 'SuperAdmin' , 'Admin' ])) {
// Super Admin can see anyone
2024-02-19 16:28:55 +07:00
$d = ORM :: for_table ( 'tbl_users' ) -> where ( 'id' , $id ) -> find_array ()[ 0 ];
2024-02-19 14:24:34 +07:00
} else if ( $admin [ 'user_type' ] == 'Agent' ) {
// Agent can see Sales
2024-02-19 16:28:55 +07:00
$d = ORM :: for_table ( 'tbl_users' ) -> where_any_is ([[ 'root' => $admin [ 'id' ]], [ 'id' => $id ]]) -> find_array ()[ 0 ];
2024-02-19 14:24:34 +07:00
}
}
if ( $d ) {
2024-02-19 16:28:55 +07:00
run_hook ( 'view_edit_admin' ); #HOOK
2024-02-19 14:24:34 +07:00
if ( $d [ 'user_type' ] == 'Sales' ) {
2024-02-19 16:28:55 +07:00
$ui -> assign ( 'agent' , ORM :: for_table ( 'tbl_users' ) -> where ( 'id' , $d [ 'root' ]) -> find_array ()[ 0 ]);
}
2024-02-19 14:24:34 +07:00
$ui -> assign ( 'd' , $d );
$ui -> assign ( '_title' , $d [ 'username' ]);
2024-10-11 16:11:03 +01:00
$csrf_token = Csrf :: generateAndStoreToken ();
$ui -> assign ( 'csrf_token' , $csrf_token );
2024-08-21 13:39:06 +07:00
$ui -> display ( 'admin-view.tpl' );
2024-02-19 14:24:34 +07:00
} else {
2024-03-30 12:02:57 +07:00
r2 ( U . 'settings/users' , 'e' , Lang :: T ( 'Account Not Found' ));
2024-02-19 14:24:34 +07:00
}
break ;
2017-03-11 02:51:06 +07:00
case 'users-edit' :
2024-02-15 16:13:55 +07:00
if ( ! in_array ( $admin [ 'user_type' ], [ 'SuperAdmin' , 'Admin' , 'Agent' ])) {
2024-02-26 14:38:04 +07:00
_alert ( Lang :: T ( 'You do not have permission to access this page' ), 'danger' , " dashboard " );
2021-11-08 19:56:30 +07:00
}
2024-02-15 16:13:55 +07:00
$ui -> assign ( '_title' , Lang :: T ( 'Edit User' ));
2017-03-11 02:51:06 +07:00
$id = $routes [ '2' ];
2024-02-19 14:24:34 +07:00
if ( empty ( $id )) {
$id = $admin [ 'id' ];
}
2024-02-15 16:13:55 +07:00
if ( $admin [ 'id' ] == $id ) {
$d = ORM :: for_table ( 'tbl_users' ) -> find_one ( $id );
} else {
if ( $admin [ 'user_type' ] == 'SuperAdmin' ) {
$d = ORM :: for_table ( 'tbl_users' ) -> find_one ( $id );
2024-02-19 09:10:01 +07:00
$ui -> assign ( 'agents' , ORM :: for_table ( 'tbl_users' ) -> where ( 'user_type' , 'Agent' ) -> find_many ());
2024-02-15 16:13:55 +07:00
} else if ( $admin [ 'user_type' ] == 'Admin' ) {
$d = ORM :: for_table ( 'tbl_users' ) -> where_any_is ([
[ 'user_type' => 'Report' ],
[ 'user_type' => 'Agent' ],
[ 'user_type' => 'Sales' ]
]) -> find_one ( $id );
2024-02-19 09:10:01 +07:00
$ui -> assign ( 'agents' , ORM :: for_table ( 'tbl_users' ) -> where ( 'user_type' , 'Agent' ) -> find_many ());
2024-02-15 16:13:55 +07:00
} else {
2024-02-19 09:10:01 +07:00
// Agent cannot move Sales to other Agent
$ui -> assign ( 'agents' , ORM :: for_table ( 'tbl_users' ) -> where ( 'id' , $admin [ 'id' ]) -> find_many ());
2024-02-15 16:13:55 +07:00
$d = ORM :: for_table ( 'tbl_users' ) -> where ( 'root' , $admin [ 'id' ]) -> find_one ( $id );
}
}
2021-11-08 19:56:30 +07:00
if ( $d ) {
2024-11-11 17:42:57 +01:00
if ( isset ( $routes [ '3' ]) && $routes [ '3' ] == 'deletePhoto' ) {
if ( $d [ 'photo' ] != '' && strpos ( $d [ 'photo' ], 'default' ) === false ) {
if ( file_exists ( $UPLOAD_PATH . $d [ 'photo' ]) && strpos ( $d [ 'photo' ], 'default' ) === false ) {
unlink ( $UPLOAD_PATH . $d [ 'photo' ]);
if ( file_exists ( $UPLOAD_PATH . $d [ 'photo' ] . '.thumb.jpg' )) {
unlink ( $UPLOAD_PATH . $d [ 'photo' ] . '.thumb.jpg' );
2024-10-30 17:48:05 +07:00
}
}
$d -> photo = '/admin.default.png' ;
$d -> save ();
$ui -> assign ( 'notify_t' , 's' );
$ui -> assign ( 'notify' , 'You have successfully deleted the photo' );
2024-11-11 17:42:57 +01:00
} else {
2024-10-30 17:48:05 +07:00
$ui -> assign ( 'notify_t' , 'e' );
$ui -> assign ( 'notify' , 'No photo found to delete' );
}
}
2024-02-15 16:13:55 +07:00
$ui -> assign ( 'id' , $id );
2021-11-08 19:56:30 +07:00
$ui -> assign ( 'd' , $d );
2022-09-18 00:00:40 +07:00
run_hook ( 'view_edit_admin' ); #HOOK
2024-10-11 16:11:03 +01:00
$csrf_token = Csrf :: generateAndStoreToken ();
$ui -> assign ( 'csrf_token' , $csrf_token );
2024-08-21 13:39:06 +07:00
$ui -> display ( 'admin-edit.tpl' );
2021-11-08 19:56:30 +07:00
} else {
2024-03-30 12:02:57 +07:00
r2 ( U . 'settings/users' , 'e' , Lang :: T ( 'Account Not Found' ));
2017-03-11 02:51:06 +07:00
}
break ;
case 'users-delete' :
2024-02-12 17:02:43 +07:00
if ( ! in_array ( $admin [ 'user_type' ], [ 'SuperAdmin' , 'Admin' ])) {
2024-02-26 14:38:04 +07:00
_alert ( Lang :: T ( 'You do not have permission to access this page' ), 'danger' , " dashboard " );
2021-11-08 19:56:30 +07:00
}
2017-03-11 02:51:06 +07:00
$id = $routes [ '2' ];
2021-11-08 19:56:30 +07:00
if (( $admin [ 'id' ]) == $id ) {
2017-03-11 02:51:06 +07:00
r2 ( U . 'settings/users' , 'e' , 'Sorry You can\'t delete yourself' );
}
$d = ORM :: for_table ( 'tbl_users' ) -> find_one ( $id );
2021-11-08 19:56:30 +07:00
if ( $d ) {
2022-09-18 00:00:40 +07:00
run_hook ( 'delete_admin' ); #HOOK
2017-03-11 02:51:06 +07:00
$d -> delete ();
2024-02-13 13:54:01 +07:00
r2 ( U . 'settings/users' , 's' , Lang :: T ( 'User deleted Successfully' ));
2021-11-08 19:56:30 +07:00
} else {
2024-03-30 12:02:57 +07:00
r2 ( U . 'settings/users' , 'e' , Lang :: T ( 'Account Not Found' ));
2017-03-11 02:51:06 +07:00
}
break ;
case 'users-post' :
2024-02-26 11:01:54 +07:00
if ( ! in_array ( $admin [ 'user_type' ], [ 'SuperAdmin' , 'Admin' , 'Agent' ])) {
2024-02-26 14:38:04 +07:00
_alert ( Lang :: T ( 'You do not have permission to access this page' ), 'danger' , " dashboard " );
2024-02-26 11:01:54 +07:00
}
2024-10-11 16:11:03 +01:00
$csrf_token = _post ( 'csrf_token' );
if ( ! Csrf :: check ( $csrf_token )) {
r2 ( U . 'settings/users-add' , 'e' , Lang :: T ( 'Invalid or Expired CSRF Token' ) . " . " );
}
2017-03-11 02:51:06 +07:00
$username = _post ( 'username' );
$fullname = _post ( 'fullname' );
$password = _post ( 'password' );
$user_type = _post ( 'user_type' );
2024-02-15 16:13:55 +07:00
$phone = _post ( 'phone' );
$email = _post ( 'email' );
$city = _post ( 'city' );
$subdistrict = _post ( 'subdistrict' );
$ward = _post ( 'ward' );
$send_notif = _post ( 'send_notif' );
2024-02-19 09:10:01 +07:00
$root = _post ( 'root' );
2017-03-11 02:51:06 +07:00
$msg = '' ;
2024-02-15 16:13:55 +07:00
if ( Validator :: Length ( $username , 45 , 2 ) == false ) {
$msg .= Lang :: T ( 'Username should be between 3 to 45 characters' ) . '<br>' ;
2017-03-11 02:51:06 +07:00
}
2024-02-15 16:13:55 +07:00
if ( Validator :: Length ( $fullname , 45 , 2 ) == false ) {
$msg .= Lang :: T ( 'Full Name should be between 3 to 45 characters' ) . '<br>' ;
2017-03-11 02:51:06 +07:00
}
2024-02-15 16:13:55 +07:00
if ( ! Validator :: Length ( $password , 1000 , 5 )) {
$msg .= Lang :: T ( 'Password should be minimum 6 characters' ) . '<br>' ;
2017-03-11 02:51:06 +07:00
}
2021-11-08 19:56:30 +07:00
$d = ORM :: for_table ( 'tbl_users' ) -> where ( 'username' , $username ) -> find_one ();
if ( $d ) {
2024-02-13 13:54:01 +07:00
$msg .= Lang :: T ( 'Account already axist' ) . '<br>' ;
2017-03-11 02:51:06 +07:00
}
2021-11-08 19:56:30 +07:00
$date_now = date ( " Y-m-d H:i:s " );
2022-09-18 00:00:40 +07:00
run_hook ( 'add_admin' ); #HOOK
2021-11-08 19:56:30 +07:00
if ( $msg == '' ) {
2024-03-04 09:57:12 +07:00
$passwordC = Password :: _crypt ( $password );
2017-03-11 02:51:06 +07:00
$d = ORM :: for_table ( 'tbl_users' ) -> create ();
$d -> username = $username ;
2021-11-08 19:56:30 +07:00
$d -> fullname = $fullname ;
2024-03-04 09:57:12 +07:00
$d -> password = $passwordC ;
2017-03-11 02:51:06 +07:00
$d -> user_type = $user_type ;
2024-02-15 16:13:55 +07:00
$d -> phone = $phone ;
$d -> email = $email ;
$d -> city = $city ;
$d -> subdistrict = $subdistrict ;
$d -> ward = $ward ;
2021-11-08 19:56:30 +07:00
$d -> status = 'Active' ;
$d -> creationdate = $date_now ;
2024-02-16 16:54:13 +07:00
if ( $admin [ 'user_type' ] == 'Agent' ) {
2024-02-19 09:10:01 +07:00
// Prevent hacking from form
2024-02-16 14:54:43 +07:00
$d -> root = $admin [ 'id' ];
2024-02-19 14:24:34 +07:00
} else if ( $user_type == 'Sales' ) {
2024-02-19 09:10:01 +07:00
$d -> root = $root ;
2024-02-16 14:54:43 +07:00
}
2017-03-11 02:51:06 +07:00
$d -> save ();
2021-11-08 19:56:30 +07:00
2024-02-15 16:13:55 +07:00
if ( $send_notif == 'wa' ) {
Message :: sendWhatsapp ( Lang :: phoneFormat ( $phone ), Lang :: T ( 'Hello, Your account has been created successfully.' ) . " \n Username: $username\nPassword : $password\n\n " . $config [ 'CompanyName' ]);
} else if ( $send_notif == 'sms' ) {
Message :: sendSMS ( $phone , Lang :: T ( 'Hello, Your account has been created successfully.' ) . " \n Username: $username\nPassword : $password\n\n " . $config [ 'CompanyName' ]);
}
_log ( '[' . $admin [ 'username' ] . ']: ' . " Created $user_type <b> $username </b> " , $admin [ 'user_type' ], $admin [ 'id' ]);
2024-02-13 13:54:01 +07:00
r2 ( U . 'settings/users' , 's' , Lang :: T ( 'Account Created Successfully' ));
2021-11-08 19:56:30 +07:00
} else {
2017-03-11 02:51:06 +07:00
r2 ( U . 'settings/users-add' , 'e' , $msg );
}
break ;
case 'users-edit-post' :
2024-10-11 16:11:03 +01:00
$csrf_token = _post ( 'csrf_token' );
if ( ! Csrf :: check ( $csrf_token )) {
r2 ( U . 'settings/users-edit/' , 'e' , Lang :: T ( 'Invalid or Expired CSRF Token' ) . " . " );
}
2017-03-11 02:51:06 +07:00
$username = _post ( 'username' );
$fullname = _post ( 'fullname' );
$password = _post ( 'password' );
$cpassword = _post ( 'cpassword' );
2024-02-15 16:13:55 +07:00
$user_type = _post ( 'user_type' );
$phone = _post ( 'phone' );
$email = _post ( 'email' );
$city = _post ( 'city' );
$subdistrict = _post ( 'subdistrict' );
$ward = _post ( 'ward' );
$status = _post ( 'status' );
2024-02-19 09:10:01 +07:00
$root = _post ( 'root' );
2017-03-11 02:51:06 +07:00
$msg = '' ;
2024-02-15 16:13:55 +07:00
if ( Validator :: Length ( $username , 45 , 2 ) == false ) {
$msg .= Lang :: T ( 'Username should be between 3 to 45 characters' ) . '<br>' ;
2017-03-11 02:51:06 +07:00
}
2024-02-15 16:13:55 +07:00
if ( Validator :: Length ( $fullname , 45 , 2 ) == false ) {
$msg .= Lang :: T ( 'Full Name should be between 3 to 45 characters' ) . '<br>' ;
2017-03-11 02:51:06 +07:00
}
2021-11-08 19:56:30 +07:00
if ( $password != '' ) {
2024-02-15 16:13:55 +07:00
if ( ! Validator :: Length ( $password , 1000 , 5 )) {
$msg .= Lang :: T ( 'Password should be minimum 6 characters' ) . '<br>' ;
2017-03-11 02:51:06 +07:00
}
2021-11-08 19:56:30 +07:00
if ( $password != $cpassword ) {
2024-02-15 16:13:55 +07:00
$msg .= Lang :: T ( 'Passwords does not match' ) . '<br>' ;
2017-03-11 02:51:06 +07:00
}
}
$id = _post ( 'id' );
2024-02-15 16:13:55 +07:00
if ( $admin [ 'id' ] == $id ) {
$d = ORM :: for_table ( 'tbl_users' ) -> find_one ( $id );
2021-11-08 19:56:30 +07:00
} else {
2024-02-15 16:13:55 +07:00
if ( $admin [ 'user_type' ] == 'SuperAdmin' ) {
$d = ORM :: for_table ( 'tbl_users' ) -> find_one ( $id );
} else if ( $admin [ 'user_type' ] == 'Admin' ) {
$d = ORM :: for_table ( 'tbl_users' ) -> where_any_is ([
[ 'user_type' => 'Report' ],
[ 'user_type' => 'Agent' ],
[ 'user_type' => 'Sales' ]
]) -> find_one ( $id );
} else {
$d = ORM :: for_table ( 'tbl_users' ) -> where ( 'root' , $admin [ 'id' ]) -> find_one ( $id );
}
}
if ( ! $d ) {
2024-02-13 13:54:01 +07:00
$msg .= Lang :: T ( 'Data Not Found' ) . '<br>' ;
2017-03-11 02:51:06 +07:00
}
2021-11-08 19:56:30 +07:00
if ( $d [ 'username' ] != $username ) {
$c = ORM :: for_table ( 'tbl_users' ) -> where ( 'username' , $username ) -> find_one ();
if ( $c ) {
2024-02-16 16:54:13 +07:00
$msg .= " <b> $username </b> " . Lang :: T ( 'Account already axist' ) . '<br>' ;
2017-03-11 02:51:06 +07:00
}
}
2022-09-18 00:00:40 +07:00
run_hook ( 'edit_admin' ); #HOOK
2021-11-08 19:56:30 +07:00
if ( $msg == '' ) {
2024-10-31 14:46:51 +07:00
if ( ! empty ( $_FILES [ 'photo' ][ 'name' ]) && file_exists ( $_FILES [ 'photo' ][ 'tmp_name' ])) {
2024-10-30 17:48:05 +07:00
if ( function_exists ( 'imagecreatetruecolor' )) {
$hash = md5_file ( $_FILES [ 'photo' ][ 'tmp_name' ]);
$subfolder = substr ( $hash , 0 , 2 );
2024-11-11 17:42:57 +01:00
$folder = $UPLOAD_PATH . DIRECTORY_SEPARATOR . 'photos' . DIRECTORY_SEPARATOR ;
if ( ! file_exists ( $folder )) {
2024-10-30 17:48:05 +07:00
mkdir ( $folder );
}
2024-11-11 17:42:57 +01:00
$folder = $UPLOAD_PATH . DIRECTORY_SEPARATOR . 'photos' . DIRECTORY_SEPARATOR . $subfolder . DIRECTORY_SEPARATOR ;
if ( ! file_exists ( $folder )) {
2024-10-30 17:48:05 +07:00
mkdir ( $folder );
}
$imgPath = $folder . $hash . '.jpg' ;
2024-11-11 17:42:57 +01:00
if ( ! file_exists ( $imgPath )) {
2024-10-30 17:48:05 +07:00
File :: resizeCropImage ( $_FILES [ 'photo' ][ 'tmp_name' ], $imgPath , 1600 , 1600 , 100 );
}
2024-11-11 17:42:57 +01:00
if ( ! file_exists ( $imgPath . '.thumb.jpg' )) {
if ( _post ( 'faceDetect' ) == 'yes' ) {
try {
2024-10-30 17:48:05 +07:00
$detector = new svay\FaceDetector ();
$detector -> setTimeout ( 5000 );
$detector -> faceDetect ( $imgPath );
2024-11-11 17:42:57 +01:00
$detector -> cropFaceToJpeg ( $imgPath . '.thumb.jpg' , false );
} catch ( Exception $e ) {
File :: makeThumb ( $imgPath , $imgPath . '.thumb.jpg' , 200 );
2024-10-30 17:48:05 +07:00
} catch ( Throwable $e ) {
2024-11-11 17:42:57 +01:00
File :: makeThumb ( $imgPath , $imgPath . '.thumb.jpg' , 200 );
2024-10-30 17:48:05 +07:00
}
2024-11-11 17:42:57 +01:00
} else {
File :: makeThumb ( $imgPath , $imgPath . '.thumb.jpg' , 200 );
2024-10-30 17:48:05 +07:00
}
}
2024-11-11 17:42:57 +01:00
if ( file_exists ( $imgPath )) {
if ( $d [ 'photo' ] != '' && strpos ( $d [ 'photo' ], 'default' ) === false ) {
if ( file_exists ( $UPLOAD_PATH . $d [ 'photo' ])) {
unlink ( $UPLOAD_PATH . $d [ 'photo' ]);
if ( file_exists ( $UPLOAD_PATH . $d [ 'photo' ] . '.thumb.jpg' )) {
unlink ( $UPLOAD_PATH . $d [ 'photo' ] . '.thumb.jpg' );
2024-10-30 17:48:05 +07:00
}
}
}
2024-11-11 17:42:57 +01:00
$d -> photo = '/photos/' . $subfolder . '/' . $hash . '.jpg' ;
2024-10-30 17:48:05 +07:00
}
if ( file_exists ( $_FILES [ 'photo' ][ 'tmp_name' ])) unlink ( $_FILES [ 'photo' ][ 'tmp_name' ]);
} else {
r2 ( U . 'settings/app' , 'e' , 'PHP GD is not installed' );
}
}
2017-03-11 02:51:06 +07:00
$d -> username = $username ;
2021-11-08 19:56:30 +07:00
if ( $password != '' ) {
2017-03-11 02:51:06 +07:00
$password = Password :: _crypt ( $password );
$d -> password = $password ;
}
$d -> fullname = $fullname ;
2021-11-08 19:56:30 +07:00
if (( $admin [ 'id' ]) != $id ) {
2017-03-11 02:51:06 +07:00
$user_type = _post ( 'user_type' );
$d -> user_type = $user_type ;
}
2024-02-15 16:13:55 +07:00
$d -> phone = $phone ;
$d -> email = $email ;
$d -> city = $city ;
$d -> subdistrict = $subdistrict ;
$d -> ward = $ward ;
2024-02-26 14:38:04 +07:00
if ( isset ( $_POST [ 'status' ])) {
2024-02-20 10:58:50 +07:00
$d -> status = $status ;
}
2017-03-11 02:51:06 +07:00
2024-02-19 09:10:01 +07:00
if ( $admin [ 'user_type' ] == 'Agent' ) {
// Prevent hacking from form
$d -> root = $admin [ 'id' ];
2024-02-19 14:24:34 +07:00
} else if ( $user_type == 'Sales' ) {
2024-02-19 09:10:01 +07:00
$d -> root = $root ;
}
2017-03-11 02:51:06 +07:00
$d -> save ();
2021-11-08 19:56:30 +07:00
2024-02-15 16:13:55 +07:00
_log ( '[' . $admin [ 'username' ] . ']: $username ' . Lang :: T ( 'User Updated Successfully' ), $admin [ 'user_type' ], $admin [ 'id' ]);
2024-10-30 17:48:05 +07:00
r2 ( U . 'settings/users-view/' . $id , 's' , 'User Updated Successfully' );
2021-11-08 19:56:30 +07:00
} else {
r2 ( U . 'settings/users-edit/' . $id , 'e' , $msg );
2017-03-11 02:51:06 +07:00
}
break ;
case 'change-password' :
2022-09-18 00:00:40 +07:00
run_hook ( 'view_change_password' ); #HOOK
2024-10-11 16:11:03 +01:00
$csrf_token = Csrf :: generateAndStoreToken ();
$ui -> assign ( 'csrf_token' , $csrf_token );
2017-03-11 02:51:06 +07:00
$ui -> display ( 'change-password.tpl' );
break ;
case 'change-password-post' :
$password = _post ( 'password' );
2024-10-11 16:11:03 +01:00
$csrf_token = _post ( 'csrf_token' );
if ( ! Csrf :: check ( $csrf_token )) {
r2 ( U . 'settings/change-password' , 'e' , Lang :: T ( 'Invalid or Expired CSRF Token' ) . " . " );
}
2021-11-08 19:56:30 +07:00
if ( $password != '' ) {
$d = ORM :: for_table ( 'tbl_users' ) -> where ( 'username' , $admin [ 'username' ]) -> find_one ();
2022-09-18 00:00:40 +07:00
run_hook ( 'change_password' ); #HOOK
2021-11-08 19:56:30 +07:00
if ( $d ) {
2017-03-11 02:51:06 +07:00
$d_pass = $d [ 'password' ];
2021-11-08 19:56:30 +07:00
if ( Password :: _verify ( $password , $d_pass ) == true ) {
2017-03-11 02:51:06 +07:00
$npass = _post ( 'npass' );
$cnpass = _post ( 'cnpass' );
2021-11-08 19:56:30 +07:00
if ( ! Validator :: Length ( $npass , 15 , 5 )) {
r2 ( U . 'settings/change-password' , 'e' , 'New Password must be 6 to 14 character' );
2017-03-11 02:51:06 +07:00
}
2021-11-08 19:56:30 +07:00
if ( $npass != $cnpass ) {
r2 ( U . 'settings/change-password' , 'e' , 'Both Password should be same' );
2017-03-11 02:51:06 +07:00
}
2021-11-08 19:56:30 +07:00
2017-03-11 02:51:06 +07:00
$npass = Password :: _crypt ( $npass );
$d -> password = $npass ;
$d -> save ();
2021-11-08 19:56:30 +07:00
2024-02-13 13:54:01 +07:00
_msglog ( 's' , Lang :: T ( 'Password changed successfully, Please login again' ));
2024-02-12 17:02:43 +07:00
_log ( '[' . $admin [ 'username' ] . ']: Password changed successfully' , $admin [ 'user_type' ], $admin [ 'id' ]);
2021-11-08 19:56:30 +07:00
r2 ( U . 'admin' );
} else {
2024-02-13 13:54:01 +07:00
r2 ( U . 'settings/change-password' , 'e' , Lang :: T ( 'Incorrect Current Password' ));
2017-03-11 02:51:06 +07:00
}
2021-11-08 19:56:30 +07:00
} else {
2024-02-13 13:54:01 +07:00
r2 ( U . 'settings/change-password' , 'e' , Lang :: T ( 'Incorrect Current Password' ));
2017-03-11 02:51:06 +07:00
}
2021-11-08 19:56:30 +07:00
} else {
2024-02-13 13:54:01 +07:00
r2 ( U . 'settings/change-password' , 'e' , Lang :: T ( 'Incorrect Current Password' ));
2017-03-11 02:51:06 +07:00
}
break ;
2023-08-14 11:24:27 +07:00
case 'notifications' :
2024-02-12 17:02:43 +07:00
if ( ! in_array ( $admin [ 'user_type' ], [ 'SuperAdmin' , 'Admin' ])) {
2024-02-26 14:38:04 +07:00
_alert ( Lang :: T ( 'You do not have permission to access this page' ), 'danger' , " dashboard " );
2023-08-14 11:24:27 +07:00
}
run_hook ( 'view_notifications' ); #HOOK
2024-02-26 14:38:04 +07:00
if ( file_exists ( $UPLOAD_PATH . DIRECTORY_SEPARATOR . " notifications.json " )) {
$ui -> assign ( '_json' , json_decode ( file_get_contents ( $UPLOAD_PATH . DIRECTORY_SEPARATOR . 'notifications.json' ), true ));
2023-08-30 09:55:39 +07:00
} else {
2024-02-26 14:38:04 +07:00
$ui -> assign ( '_json' , json_decode ( file_get_contents ( $UPLOAD_PATH . DIRECTORY_SEPARATOR . 'notifications.default.json' ), true ));
2023-08-14 11:24:27 +07:00
}
2024-10-11 16:11:03 +01:00
$csrf_token = Csrf :: generateAndStoreToken ();
$ui -> assign ( 'csrf_token' , $csrf_token );
2024-02-26 14:38:04 +07:00
$ui -> assign ( '_default' , json_decode ( file_get_contents ( $UPLOAD_PATH . DIRECTORY_SEPARATOR . 'notifications.default.json' ), true ));
2023-08-14 11:24:27 +07:00
$ui -> display ( 'app-notifications.tpl' );
break ;
case 'notifications-post' :
2024-02-26 11:01:54 +07:00
if ( ! in_array ( $admin [ 'user_type' ], [ 'SuperAdmin' , 'Admin' ])) {
2024-02-26 14:38:04 +07:00
_alert ( Lang :: T ( 'You do not have permission to access this page' ), 'danger' , " dashboard " );
2024-02-26 11:01:54 +07:00
}
2024-10-11 16:11:03 +01:00
$csrf_token = _post ( 'csrf_token' );
if ( ! Csrf :: check ( $csrf_token )) {
r2 ( U . 'settings/notifications' , 'e' , Lang :: T ( 'Invalid or Expired CSRF Token' ) . " . " );
}
2024-02-26 14:38:04 +07:00
file_put_contents ( $UPLOAD_PATH . " /notifications.json " , json_encode ( $_POST ));
2024-02-13 13:54:01 +07:00
r2 ( U . 'settings/notifications' , 's' , Lang :: T ( 'Settings Saved Successfully' ));
2023-08-14 11:24:27 +07:00
break ;
2017-03-11 02:51:06 +07:00
case 'dbstatus' :
2024-02-12 17:02:43 +07:00
if ( ! in_array ( $admin [ 'user_type' ], [ 'SuperAdmin' , 'Admin' ])) {
2024-02-26 14:38:04 +07:00
_alert ( Lang :: T ( 'You do not have permission to access this page' ), 'danger' , " dashboard " );
2021-11-08 19:56:30 +07:00
}
2024-07-29 09:06:27 +07:00
$dbc = new mysqli ( $db_host , $db_user , $db_pass , $db_name );
2017-03-11 02:51:06 +07:00
if ( $result = $dbc -> query ( 'SHOW TABLE STATUS' )) {
$tables = array ();
2021-11-08 19:56:30 +07:00
while ( $row = $result -> fetch_array ()) {
2023-10-27 10:36:10 +07:00
$tables [ $row [ 'Name' ]][ 'rows' ] = ORM :: for_table ( $row [ " Name " ]) -> count ();
2021-11-08 19:56:30 +07:00
$tables [ $row [ 'Name' ]][ 'name' ] = $row [ " Name " ];
2017-03-11 02:51:06 +07:00
}
2021-11-08 19:56:30 +07:00
$ui -> assign ( 'tables' , $tables );
2022-09-18 00:00:40 +07:00
run_hook ( 'view_database' ); #HOOK
2021-11-08 19:56:30 +07:00
$ui -> display ( 'dbstatus.tpl' );
2017-03-11 02:51:06 +07:00
}
break ;
case 'dbbackup' :
2024-02-26 11:01:54 +07:00
if ( ! in_array ( $admin [ 'user_type' ], [ 'SuperAdmin' ])) {
2024-02-26 14:38:04 +07:00
_alert ( Lang :: T ( 'You do not have permission to access this page' ), 'danger' , " dashboard " );
2021-11-08 19:56:30 +07:00
}
2023-10-27 10:36:10 +07:00
$tables = $_POST [ 'tables' ];
set_time_limit ( - 1 );
header ( 'Pragma: public' );
header ( 'Expires: 0' );
header ( 'Cache-Control: must-revalidate, post-check=0, pre-check=0' );
header ( 'Content-Type: application/force-download' );
header ( 'Content-Type: application/octet-stream' );
header ( 'Content-Type: application/download' );
header ( 'Content-Disposition: attachment;filename="phpnuxbill_' . count ( $tables ) . '_tables_' . date ( 'Y-m-d_H_i' ) . '.json"' );
header ( 'Content-Transfer-Encoding: binary' );
$array = [];
foreach ( $tables as $table ) {
$array [ $table ] = ORM :: for_table ( $table ) -> find_array ();
}
echo json_encode ( $array );
break ;
case 'dbrestore' :
2024-02-26 11:01:54 +07:00
if ( ! in_array ( $admin [ 'user_type' ], [ 'SuperAdmin' ])) {
2024-02-26 14:38:04 +07:00
_alert ( Lang :: T ( 'You do not have permission to access this page' ), 'danger' , " dashboard " );
2023-10-27 10:36:10 +07:00
}
if ( file_exists ( $_FILES [ 'json' ][ 'tmp_name' ])) {
$suc = 0 ;
$fal = 0 ;
$json = json_decode ( file_get_contents ( $_FILES [ 'json' ][ 'tmp_name' ]), true );
2024-05-21 00:22:40 +01:00
try {
2024-05-17 09:52:20 +01:00
ORM :: raw_execute ( " SET FOREIGN_KEY_CHECKS=0; " );
} catch ( Throwable $e ) {
} catch ( Exception $e ) {
}
2024-05-21 00:22:40 +01:00
try {
2024-05-17 09:52:20 +01:00
ORM :: raw_execute ( " SET GLOBAL FOREIGN_KEY_CHECKS=0; " );
} catch ( Throwable $e ) {
} catch ( Exception $e ) {
}
2023-10-27 10:36:10 +07:00
foreach ( $json as $table => $records ) {
ORM :: raw_execute ( " TRUNCATE $table ; " );
foreach ( $records as $rec ) {
2024-05-21 00:22:40 +01:00
try {
2024-05-17 09:52:20 +01:00
$t = ORM :: for_table ( $table ) -> create ();
foreach ( $rec as $k => $v ) {
2024-05-21 13:50:10 +07:00
$t -> set ( $k , $v );
2023-10-27 10:36:10 +07:00
}
2024-05-17 09:52:20 +01:00
if ( $t -> save ()) {
$suc ++ ;
} else {
$fal ++ ;
}
} catch ( Throwable $e ) {
$fal ++ ;
} catch ( Exception $e ) {
2023-10-27 10:36:10 +07:00
$fal ++ ;
2017-03-11 02:51:06 +07:00
}
}
}
2024-05-21 00:22:40 +01:00
try {
2024-05-17 09:52:20 +01:00
ORM :: raw_execute ( " SET FOREIGN_KEY_CHECKS=1; " );
} catch ( Throwable $e ) {
} catch ( Exception $e ) {
}
2024-05-21 00:22:40 +01:00
try {
2024-05-17 09:52:20 +01:00
ORM :: raw_execute ( " SET GLOBAL FOREIGN_KEY_CHECKS=1; " );
} catch ( Throwable $e ) {
} catch ( Exception $e ) {
}
2023-10-27 10:36:10 +07:00
if ( file_exists ( $_FILES [ 'json' ][ 'tmp_name' ])) unlink ( $_FILES [ 'json' ][ 'tmp_name' ]);
r2 ( U . " settings/dbstatus " , 's' , " Restored $suc success $fal failed " );
} else {
r2 ( U . " settings/dbstatus " , 'e' , 'Upload failed' );
2017-03-11 02:51:06 +07:00
}
break ;
case 'language' :
2024-02-12 17:02:43 +07:00
if ( ! in_array ( $admin [ 'user_type' ], [ 'SuperAdmin' , 'Admin' ])) {
2024-02-26 14:38:04 +07:00
_alert ( Lang :: T ( 'You do not have permission to access this page' ), 'danger' , " dashboard " );
2021-11-08 19:56:30 +07:00
}
2022-09-18 00:00:40 +07:00
run_hook ( 'view_add_language' ); #HOOK
2024-02-13 17:41:55 +07:00
if ( file_exists ( $lan_file )) {
$ui -> assign ( 'langs' , json_decode ( file_get_contents ( $lan_file ), true ));
2024-02-15 16:13:55 +07:00
} else {
2024-02-13 17:41:55 +07:00
$ui -> assign ( 'langs' , []);
}
2024-10-11 16:11:03 +01:00
$csrf_token = Csrf :: generateAndStoreToken ();
$ui -> assign ( 'csrf_token' , $csrf_token );
2017-03-11 02:51:06 +07:00
$ui -> display ( 'language-add.tpl' );
break ;
2021-11-08 19:56:30 +07:00
2017-03-11 02:51:06 +07:00
case 'lang-post' :
2024-10-11 16:11:03 +01:00
$csrf_token = _post ( 'csrf_token' );
if ( ! Csrf :: check ( $csrf_token )) {
r2 ( U . 'settings/language' , 'e' , Lang :: T ( 'Invalid or Expired CSRF Token' ) . " . " );
}
2024-02-13 17:41:55 +07:00
file_put_contents ( $lan_file , json_encode ( $_POST , JSON_PRETTY_PRINT ));
r2 ( U . 'settings/language' , 's' , Lang :: T ( 'Translation saved Successfully' ));
2017-03-11 02:51:06 +07:00
break ;
2021-11-08 19:56:30 +07:00
2024-05-21 00:22:40 +01:00
case 'maintenance' :
if ( ! in_array ( $admin [ 'user_type' ], [ 'SuperAdmin' , 'Admin' ])) {
_alert ( Lang :: T ( 'You do not have permission to access this page' ), 'danger' , " dashboard " );
exit ;
}
2024-10-11 16:11:03 +01:00
2024-05-21 00:22:40 +01:00
if ( _post ( 'save' ) == 'save' ) {
2024-10-11 16:11:03 +01:00
$csrf_token = _post ( 'csrf_token' );
if ( ! Csrf :: check ( $csrf_token )) {
r2 ( U . 'settings/maintenance' , 'e' , Lang :: T ( 'Invalid or Expired CSRF Token' ) . " . " );
}
2024-05-21 00:22:40 +01:00
$status = isset ( $_POST [ 'maintenance_mode' ]) ? 1 : 0 ; // Checkbox returns 1 if checked, otherwise 0
2024-05-22 08:49:42 +01:00
$force_logout = isset ( $_POST [ 'maintenance_mode_logout' ]) ? 1 : 0 ; // Checkbox returns 1 if checked, otherwise 0
2024-05-21 00:22:40 +01:00
$date = isset ( $_POST [ 'maintenance_date' ]) ? $_POST [ 'maintenance_date' ] : null ;
$settings = [
'maintenance_mode' => $status ,
2024-05-22 08:49:42 +01:00
'maintenance_mode_logout' => $force_logout ,
2024-05-21 00:22:40 +01:00
'maintenance_date' => $date
];
foreach ( $settings as $key => $value ) {
$d = ORM :: for_table ( 'tbl_appconfig' ) -> where ( 'setting' , $key ) -> find_one ();
if ( $d ) {
$d -> value = $value ;
$d -> save ();
} else {
$d = ORM :: for_table ( 'tbl_appconfig' ) -> create ();
$d -> setting = $key ;
$d -> value = $value ;
$d -> save ();
}
}
r2 ( U . " settings/maintenance " , 's' , Lang :: T ( 'Settings Saved Successfully' ));
}
2024-10-11 16:11:03 +01:00
$csrf_token = Csrf :: generateAndStoreToken ();
$ui -> assign ( 'csrf_token' , $csrf_token );
2024-05-21 00:22:40 +01:00
$ui -> assign ( '_c' , $config );
$ui -> assign ( '_title' , Lang :: T ( 'Maintenance Mode Settings' ));
$ui -> display ( 'maintenance-mode.tpl' );
break ;
2024-10-11 16:11:03 +01:00
case 'miscellaneous' :
if ( ! in_array ( $admin [ 'user_type' ], [ 'SuperAdmin' , 'Admin' ])) {
_alert ( Lang :: T ( 'You do not have permission to access this page' ), 'danger' , " dashboard " );
exit ;
}
if ( _post ( 'save' ) == 'save' ) {
$csrf_token = _post ( 'csrf_token' );
if ( ! Csrf :: check ( $csrf_token )) {
r2 ( U . 'settings/miscellaneous' , 'e' , Lang :: T ( 'Invalid or Expired CSRF Token' ) . " . " );
}
foreach ( $_POST as $key => $value ) {
$d = ORM :: for_table ( 'tbl_appconfig' ) -> where ( 'setting' , $key ) -> find_one ();
if ( $d ) {
$d -> value = $value ;
$d -> save ();
} else {
$d = ORM :: for_table ( 'tbl_appconfig' ) -> create ();
$d -> setting = $key ;
$d -> value = $value ;
$d -> save ();
}
}
r2 ( U . " settings/miscellaneous " , 's' , Lang :: T ( 'Settings Saved Successfully' ));
}
$csrf_token = Csrf :: generateAndStoreToken ();
$ui -> assign ( 'csrf_token' , $csrf_token );
$ui -> assign ( '_c' , $config );
$ui -> assign ( '_title' , Lang :: T ( 'Miscellaneous Settings' ));
2024-10-16 11:36:25 +07:00
$ui -> display ( 'app-miscellaneous.tpl' );
2024-10-11 16:11:03 +01:00
break ;
2017-03-11 02:51:06 +07:00
default :
2023-09-27 15:01:48 +07:00
$ui -> display ( 'a404.tpl' );
2021-11-08 19:56:30 +07:00
}
