kevinowino869/mitrobill
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add Security settings

Browse Source
This commit is contained in:
iBNu Maksum 2024-11-04 12:05:17 +07:00
parent 8908f4bdc3
commit 27bd2590f2
No known key found for this signature in database
GPG Key ID: 7FC82848810579E5
3 changed files with 246 additions and 196 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
system/lan/indonesia.json
View File

@ -827,5 +827,21 @@
"Information": "Informasi",
"Export_and_Print_will_show_all_data_without_pagination": "Ekspor dan Cetak akan menampilkan semua data tanpa pagination",
"First_Name": "Nama depan",
"Last_Name": "Nama Belakang"
"Last_Name": "Nama Belakang",
"General": "Umum",
"Registration": "Pendaftaran",
"Allow_Registration": "Izinkan Registrasi",
"Voucher_Only": "Hanya Voucher",
"No_Registration": "Tidak Ada Registrasi",
"Registration_Username": "Nama Pengguna Registrasi",
"Customer_Registration_need_to_validate_using_OTP": "Registrasi Pelanggan perlu divalidasi menggunakan OTP",
"SMS_Notification": "Pemberitahuan SMS",
"Tax_Rates_by_percentage": "Tarif Pajak Berdasarkan Persentase",
"Settings_For_Mikrotik": "Pengaturan Untuk Mikrotik",
"Settings_For_Cron_Expired": "Pengaturan Untuk Cron Kedaluwarsa",
"Choose_one__above_or_below": "Pilih salah satu, di atas atau di bawah",
"Settings_For_Cron_Reminder": "Pengaturan Untuk Pengingat Cron",
"Security": "Keamanan",
"Enable_CSRF_Validation": "Aktifkan Validasi CSRF",
"Cross_site_request_forgery": "Pemalsuan permintaan lintas situs"
}

348
ui/ui/app-miscellaneous.tpl
View File

@ -12,209 +12,167 @@
</div>
{Lang::T('Miscellaneous')}
</div>
<div class="panel-body">
<div class="form-group">
<label class="col-md-3 control-label">{Lang::T('Enable Session Timeout')}</label>
<div class="col-md-5">
<label class="switch">
<input type="checkbox" id="enable_session_timeout" value="1"
name="enable_session_timeout" {if $_c['enable_session_timeout']==1}checked{/if}>
<span class="slider"></span>
</label>
</div>
<p class="help-block col-md-4">
{Lang::T('Logout Admin if not Available/Online a period of time')}</p>
</div>
<div class="form-group" id="timeout_duration_input" style="display: none;">
<label class="col-md-3 control-label">{Lang::T('Timeout Duration')}</label>
<div class="col-md-5">
<input type="number" value="{$_c['session_timeout_duration']}" class="form-control"
name="session_timeout_duration" id="session_timeout_duration"
placeholder="{Lang::T('Enter the session timeout duration (minutes)')}" min="1">
</div>
<p class="help-block col-md-4">{Lang::T('Idle Timeout, Logout Admin if Idle for xx
minutes')}
</p>
</div>
<div class="form-group">
<label class="col-md-3 control-label">{Lang::T('Single session Admin')}</label>
<div class="col-md-5">
<select name="single_session" id="single_session" class="form-control">
<option value="no">
{Lang::T('No')}</option>
<option value="yes" {if $_c['single_session']=='yes' }selected="selected" {/if}>
{Lang::T('Yes')}
</option>
</select>
</div>
<p class="help-block col-md-4">
{Lang::T('Admin can only have single session login, it will logout another session')}
</p>
</div>
<div class="form-group">
<label class="col-md-3 control-label">{Lang::T('New Version Notification')}</label>
<div class="col-md-5">
<select name="new_version_notify" id="new_version_notify" class="form-control">
<option value="enable" {if $_c['new_version_notify']=='enable' }selected="selected"
{/if}>{Lang::T('Enabled')}
</option>
<option value="disable" {if $_c['new_version_notify']=='disable'
<div class="form-group">
<label class="col-md-3 control-label">{Lang::T('New Version Notification')}</label>
<div class="col-md-5">
<select name="new_version_notify" id="new_version_notify" class="form-control">
<option value="enable" {if $_c['new_version_notify']=='enable' }selected="selected" {/if}>
{Lang::T('Enabled')}
</option>
<option value="disable" {if $_c['new_version_notify']=='disable'
}selected="selected" {/if}>{Lang::T('Disabled')}
</option>
</select>
</div>
<p class="help-block col-md-4">{Lang::T('This is to notify you when new updates is
</option>
</select>
</div>
<p class="help-block col-md-4">{Lang::T('This is to notify you when new updates is
available')}
</p>
</div>
<div class="form-group">
<label class="col-md-3 control-label">{Lang::T('Router Check')}</label>
<div class="col-md-5">
<select name="router_check" id="router_check" class="form-control">
<option value="0" {if $_c['router_check']=='0' }selected="selected" {/if}>
{Lang::T('Disabled')}
</option>
<option value="1" {if $_c['router_check']=='1' }selected="selected" {/if}>
{Lang::T('Enabled')}
</option>
</select>
</div>
<p class="help-block col-md-4">
{Lang::T('If enabled, the system will notify Admin when router goes Offline, If admin
have 10 or more router and many customers, it will get overlapping, you can disabled')}
</p>
</div>
<div class="form-group">
<label class="col-md-3 control-label">{Lang::T('Phone OTP Required')}</label>
<div class="col-md-5">
<select name="allow_phone_otp" id="allow_phone_otp" class="form-control">
<option value="no" {if $_c['allow_phone_otp']=='no' }selected="selected" {/if}>
{Lang::T('No')}</option>
<option value="yes" {if $_c['allow_phone_otp']=='yes' }selected="selected" {/if}>
{Lang::T('Yes')}
</option>
</select>
</div>
<p class="help-block col-md-4">
{Lang::T('OTP is required when user want to change phone number and registration')}
</p>
</div>
<div class="form-group">
<label class="col-md-3 control-label">{Lang::T('OTP Method')}</label>
<div class="col-md-5">
<select name="phone_otp_type" id="phone_otp_type" class="form-control">
<option value="sms" {if $_c['phone_otp_type']=='sms' }selected="selected" {/if}>
{Lang::T('By SMS')}
<option value="whatsapp" {if $_c['phone_otp_type']=='whatsapp' }selected="selected"
{/if}> {Lang::T('by WhatsApp')}
<option value="both" {if $_c['phone_otp_type']=='both' }selected="selected" {/if}>
{Lang::T('By WhatsApp and SMS')}
</option>
</select>
</div>
<p class="help-block col-md-4">{Lang::T('The method which OTP will be sent to user')}<br>
{Lang::T('For Registration and Update Phone Number')}</p>
</div>
<div class="form-group">
<label class="col-md-3 control-label">{Lang::T('Email OTP Required')}</label>
<div class="col-md-5">
<select name="allow_email_otp" id="allow_email_otp" class="form-control">
<option value="no" {if $_c['allow_email_otp']=='no' }selected="selected" {/if}>
{Lang::T('No')}</option>
<option value="yes" {if $_c['allow_email_otp']=='yes' }selected="selected" {/if}>
{Lang::T('Yes')}
</option>
</select>
</div>
<p class="help-block col-md-4">
{Lang::T('OTP is required when user want to change Email Address')}
</p>
</div>
<div class="form-group">
<label class="col-md-3 control-label">{Lang::T('Show Bandwidth Plan')}</label>
<div class="col-md-5">
<select name="show_bandwidth_plan" id="show_bandwidth_plan" class="form-control">
<option value="no" {if $_c['show_bandwidth_plan']=='no' }selected="selected" {/if}>
{Lang::T('No')}</option>
<option value="yes" {if $_c['show_bandwidth_plan']=='yes' }selected="selected"
{/if}>
{Lang::T('Yes')}</option>
</select>
</div>
<p class="help-block col-md-4">
{Lang::T(' for Customer')}</p>
</div>
<div class="form-group">
<label class="col-md-3 control-label">{Lang::T('Hotspot Auth Method')}</label>
<div class="col-md-5">
<select name="hs_auth_method" id="auth_method" class="form-control">
<option value="api" {if $_c['hs_auth_method']=='api' }selected="selected" {/if}>
{Lang::T('Api')}
</option>
<option value="hchap" {if $_c['hs_auth_method']=='hchap' }selected="selected" {/if}>
{Lang::T('Http-Chap')}
</option>
</select>
</div>
<p class="help-block col-md-4">
{Lang::T('Hotspot Authentication Method. Make sure you have changed your hotspot login
page.')}<br><a href="https://github.com/agstrxyz/phpnuxbill-login-hotspot"
target="_blank">Download
phpnuxbill-login-hotspot</a>
</p>
</div>
<div class="form-group">
<label class="col-md-3 control-label">{Lang::T('Check if Customer Online')}</label>
<div class="col-md-5">
<select name="check_customer_online" id="check_customer_online" class="form-control">
<option value="no">
{Lang::T('No')}
</option>
<option value="yes" {if $_c['check_customer_online']=='yes' }selected="selected"
{/if}>
{Lang::T('Yes')}
</option>
</select>
</div>
<p class="help-block col-md-4">
{Lang::T('This will show is Customer currently is online or not')}
</p>
</div>
<div class="form-group has-error">
<label class="col-md-3 control-label">{Lang::T('Allow Balance custom amount')}</label>
<div class="col-md-5">
<select name="allow_balance_custom" id="allow_balance_custom" class="form-control">
<option value="no">
{Lang::T('No')}
</option>
<option value="yes" {if $_c['allow_balance_custom']=='yes' }selected="selected"
{/if}>
{Lang::T('Yes')}
</option>
</select>
</div>
<p class="help-block col-md-4">
{Lang::T('Allow Customer buy balance with any amount')}
<br>*Maybe still have bug
</p>
</div>
</div>
</p>
</div>
<div class="panel-body">
<div class="form-group">
<button class="btn btn-success btn-block" name="save" value="save" type="submit">
{Lang::T('Save Changes')}
</button>
<div class="form-group">
<label class="col-md-3 control-label">{Lang::T('Router Check')}</label>
<div class="col-md-5">
<select name="router_check" id="router_check" class="form-control">
<option value="0" {if $_c['router_check']=='0' }selected="selected" {/if}>
{Lang::T('Disabled')}
</option>
<option value="1" {if $_c['router_check']=='1' }selected="selected" {/if}>
{Lang::T('Enabled')}
</option>
</select>
</div>
<p class="help-block col-md-4">
{Lang::T('If enabled, the system will notify Admin when router goes Offline, If admin
have 10 or more router and many customers, it will get overlapping, you can disabled')}
</p>
</div>
<div class="form-group">
<label class="col-md-3 control-label">{Lang::T('Phone OTP Required')}</label>
<div class="col-md-5">
<select name="allow_phone_otp" id="allow_phone_otp" class="form-control">
<option value="no" {if $_c['allow_phone_otp']=='no' }selected="selected" {/if}>
{Lang::T('No')}</option>
<option value="yes" {if $_c['allow_phone_otp']=='yes' }selected="selected" {/if}>
{Lang::T('Yes')}
</option>
</select>
</div>
<p class="help-block col-md-4">
{Lang::T('OTP is required when user want to change phone number and registration')}
</p>
</div>
<div class="form-group">
<label class="col-md-3 control-label">{Lang::T('OTP Method')}</label>
<div class="col-md-5">
<select name="phone_otp_type" id="phone_otp_type" class="form-control">
<option value="sms" {if $_c['phone_otp_type']=='sms' }selected="selected" {/if}>
{Lang::T('By SMS')}
<option value="whatsapp" {if $_c['phone_otp_type']=='whatsapp' }selected="selected" {/if}>
{Lang::T('by WhatsApp')}
<option value="both" {if $_c['phone_otp_type']=='both' }selected="selected" {/if}>
{Lang::T('By WhatsApp and SMS')}
</option>
</select>
</div>
<p class="help-block col-md-4">{Lang::T('The method which OTP will be sent to user')}<br>
{Lang::T('For Registration and Update Phone Number')}</p>
</div>
<div class="form-group">
<label class="col-md-3 control-label">{Lang::T('Email OTP Required')}</label>
<div class="col-md-5">
<select name="allow_email_otp" id="allow_email_otp" class="form-control">
<option value="no" {if $_c['allow_email_otp']=='no' }selected="selected" {/if}>
{Lang::T('No')}</option>
<option value="yes" {if $_c['allow_email_otp']=='yes' }selected="selected" {/if}>
{Lang::T('Yes')}
</option>
</select>
</div>
<p class="help-block col-md-4">
{Lang::T('OTP is required when user want to change Email Address')}
</p>
</div>
<div class="form-group">
<label class="col-md-3 control-label">{Lang::T('Show Bandwidth Plan')}</label>
<div class="col-md-5">
<select name="show_bandwidth_plan" id="show_bandwidth_plan" class="form-control">
<option value="no" {if $_c['show_bandwidth_plan']=='no' }selected="selected" {/if}>
{Lang::T('No')}</option>
<option value="yes" {if $_c['show_bandwidth_plan']=='yes' }selected="selected" {/if}>
{Lang::T('Yes')}</option>
</select>
</div>
<p class="help-block col-md-4">
{Lang::T(' for Customer')}</p>
</div>
<div class="form-group">
<label class="col-md-3 control-label">{Lang::T('Hotspot Auth Method')}</label>
<div class="col-md-5">
<select name="hs_auth_method" id="auth_method" class="form-control">
<option value="api" {if $_c['hs_auth_method']=='api' }selected="selected" {/if}>
{Lang::T('Api')}
</option>
<option value="hchap" {if $_c['hs_auth_method']=='hchap' }selected="selected" {/if}>
{Lang::T('Http-Chap')}
</option>
</select>
</div>
<p class="help-block col-md-4">
{Lang::T('Hotspot Authentication Method. Make sure you have changed your hotspot login
page.')}<br><a href="https://github.com/agstrxyz/phpnuxbill-login-hotspot"
target="_blank">Download
phpnuxbill-login-hotspot</a>
</p>
</div>
<div class="form-group">
<label class="col-md-3 control-label">{Lang::T('Check if Customer Online')}</label>
<div class="col-md-5">
<select name="check_customer_online" id="check_customer_online" class="form-control">
<option value="no">
{Lang::T('No')}
</option>
<option value="yes" {if $_c['check_customer_online']=='yes' }selected="selected" {/if}>
{Lang::T('Yes')}
</option>
</select>
</div>
<p class="help-block col-md-4">
{Lang::T('This will show is Customer currently is online or not')}
</p>
</div>
<div class="form-group has-error">
<label class="col-md-3 control-label">{Lang::T('Allow Balance custom amount')}</label>
<div class="col-md-5">
<select name="allow_balance_custom" id="allow_balance_custom" class="form-control">
<option value="no">
{Lang::T('No')}
</option>
<option value="yes" {if $_c['allow_balance_custom']=='yes' }selected="selected" {/if}>
{Lang::T('Yes')}
</option>
</select>
</div>
<p class="help-block col-md-4">
{Lang::T('Allow Customer buy balance with any amount')}
<br>*Maybe still have bug
</p>
</div>
</div>
</div>
<div class="panel-body">
<div class="form-group">
<button class="btn btn-success btn-block" name="save" value="save" type="submit">
{Lang::T('Save Changes')}
</button>
</div>
</div>
</div>
</div>
</form>
<script>
document.addEventListener('DOMContentLoaded', function () {
document.addEventListener('DOMContentLoaded', function() {
var sectionTimeoutCheckbox = document.getElementById('enable_session_timeout');
var timeoutDurationInput = document.getElementById('timeout_duration_input');
var timeoutDurationField = document.getElementById('session_timeout_duration');
@ -224,7 +182,7 @@
timeoutDurationField.required = true;
}
sectionTimeoutCheckbox.addEventListener('change', function () {
sectionTimeoutCheckbox.addEventListener('change', function() {
if (this.checked) {
timeoutDurationInput.style.display = 'block';
timeoutDurationField.required = true;
@ -234,9 +192,9 @@
}
});
document.querySelector('form').addEventListener('submit', function (event) {
document.querySelector('form').addEventListener('submit', function(event) {
if (sectionTimeoutCheckbox.checked && (!timeoutDurationField.value || isNaN(
timeoutDurationField.value))) {
timeoutDurationField.value))) {
event.preventDefault();
alert('Please enter a valid session timeout duration.');
timeoutDurationField.focus();

76
ui/ui/app-settings.tpl
View File

@ -258,6 +258,82 @@
</div>
</form>
<form class="form-horizontal" method="post" role="form" action="{$_url}settings/app-post" enctype="multipart/form-data">
<input type="hidden" name="csrf_token" value="{$csrf_token}">
<div class="panel">
<div class="panel-heading" role="tab" id="Security">
<h4 class="panel-title">
<a class="collapsed" role="button" data-toggle="collapse" data-parent="#accordion"
href="#collapseSecurity" aria-expanded="false" aria-controls="collapseSecurity">
{Lang::T('Security')}
</a>
</h4>
</div>
<div id="collapseSecurity" class="panel-collapse collapse" role="tabpanel">
<div class="panel-body">
<div class="form-group">
<label class="col-md-3 control-label">{Lang::T('Enable Session Timeout')}</label>
<div class="col-md-5">
<label class="switch">
<input type="checkbox" id="enable_session_timeout" value="1"
name="enable_session_timeout" {if $_c['enable_session_timeout']==1}checked{/if}>
<span class="slider"></span>
</label>
</div>
<p class="help-block col-md-4">
{Lang::T('Logout Admin if not Available/Online a period of time')}</p>
</div>
<div class="form-group" id="timeout_duration_input" style="display: none;">
<label class="col-md-3 control-label">{Lang::T('Timeout Duration')}</label>
<div class="col-md-5">
<input type="number" value="{$_c['session_timeout_duration']}" class="form-control"
name="session_timeout_duration" id="session_timeout_duration"
placeholder="{Lang::T('Enter the session timeout duration (minutes)')}" min="1">
</div>
<p class="help-block col-md-4">{Lang::T('Idle Timeout, Logout Admin if Idle for xx
minutes')}
</p>
</div>
<div class="form-group">
<label class="col-md-3 control-label">{Lang::T('Single session Admin')}</label>
<div class="col-md-5">
<select name="single_session" id="single_session" class="form-control">
<option value="no">
{Lang::T('No')}</option>
<option value="yes" {if $_c['single_session']=='yes' }selected="selected" {/if}>
{Lang::T('Yes')}
</option>
</select>
</div>
<p class="help-block col-md-4">
{Lang::T('Admin can only have single session login, it will logout another session')}
</p>
</div>
<div class="form-group">
<label class="col-md-3 control-label">{Lang::T('Enable CSRF Validation')}</label>
<div class="col-md-5">
<select name="csrf_enabled" id="csrf_enabled" class="form-control">
<option value="no">
{Lang::T('No')}</option>
<option value="yes" {if $_c['csrf_enabled']=='yes' }selected="selected" {/if}>
{Lang::T('Yes')}
</option>
</select>
</div>
<p class="help-block col-md-4">
<a href="https://en.wikipedia.org/wiki/Cross-site_request_forgery" target="_blank">{Lang::T('Cross-site request forgery')}</a>
</p>
</div>
<button class="btn btn-success btn-block" type="submit">
{Lang::T('Save Changes')}
</button>
</div>
</div>
</div>
</form>
<form class="form-horizontal" method="post" role="form" action="{$_url}settings/app-post" enctype="multipart/form-data">
<input type="hidden" name="csrf_token" value="{$csrf_token}">
<div class="panel">