From 67a097fddfd21d56a3226faf4874b8a014556943 Mon Sep 17 00:00:00 2001 From: Focuslinkstech <45756999+Focuslinkstech@users.noreply.github.com> Date: Tue, 17 Dec 2024 19:59:04 +0100 Subject: [PATCH] Enhancement Add coupon unlimited usage 0 is unlimited Add more logic to coupon brute force attack --- system/controllers/order.php | 26 ++++++++++++++++++++------ ui/ui/coupons-add.tpl | 4 ++-- ui/ui/coupons-edit.tpl | 5 ++--- 3 files changed, 24 insertions(+), 11 deletions(-) diff --git a/system/controllers/order.php b/system/controllers/order.php index d1be3771..2b5a83ba 100644 --- a/system/controllers/order.php +++ b/system/controllers/order.php @@ -413,14 +413,23 @@ switch ($action) { if (!isset($_SESSION['coupon_attempts'])) { $_SESSION['coupon_attempts'] = 0; + $_SESSION['last_attempt_time'] = time(); } if ($_SESSION['coupon_attempts'] >= 5) { - r2($_SERVER['HTTP_REFERER'], 'e', Lang::T("Too many invalid attempts. Please try again later.")); + $timeout = 10 * 60; // 10 minutes in seconds + $time_diff = time() - $_SESSION['last_attempt_time']; + + if ($time_diff >= $timeout) { + $_SESSION['coupon_attempts'] = 0; + $_SESSION['last_attempt_time'] = time(); + } else { + $remaining_time = ceil(($timeout - $time_diff) / 60); + r2($_SERVER['HTTP_REFERER'], 'e', Lang::T("Too many invalid attempts. Please try again after $remaining_time minutes.")); + } } if (_post('coupon')) { - if ($plan['routers'] === 'balance') { r2($_SERVER['HTTP_REFERER'], 'e', Lang::T("Coupon not available for Balance")); } @@ -429,32 +438,36 @@ switch ($action) { if (!$coupon) { $_SESSION['coupon_attempts']++; + $_SESSION['last_attempt_time'] = time(); r2($_SERVER['HTTP_REFERER'], 'e', Lang::T("Coupon not found")); } if ($coupon['status'] != 'active') { $_SESSION['coupon_attempts']++; + $_SESSION['last_attempt_time'] = time(); r2($_SERVER['HTTP_REFERER'], 'e', Lang::T("Coupon is not active")); } + // Reset attempts after a successful coupon validation + $_SESSION['coupon_attempts'] = 0; + $_SESSION['last_attempt_time'] = time(); + $today = date('Y-m-d'); if ($today < $coupon['start_date'] || $today > $coupon['end_date']) { $_SESSION['coupon_attempts']++; r2($_SERVER['HTTP_REFERER'], 'e', Lang::T("Coupon is not valid for today")); } - if ($coupon['usage_count'] >= $coupon['max_usage']) { + if ($coupon['max_usage'] > 0 && $coupon['usage_count'] >= $coupon['max_usage']) { $_SESSION['coupon_attempts']++; r2($_SERVER['HTTP_REFERER'], 'e', Lang::T("Coupon usage limit reached")); - } + } if ($plan['price'] < $coupon['min_order_amount']) { $_SESSION['coupon_attempts']++; r2($_SERVER['HTTP_REFERER'], 'e', Lang::T("The order amount does not meet the minimum requirement for this coupon")); } - $_SESSION['coupon_attempts'] = 0; - // Calculate discount value $discount = 0; switch ($coupon['type']) { @@ -477,6 +490,7 @@ switch ($action) { $plan['price'] -= $discount; $coupon->usage_count = $coupon['usage_count'] + 1; $coupon->save(); + $ui->assign('discount', $discount); $ui->assign('notify', Lang::T("Coupon applied successfully. You saved " . Lang::moneyFormat($discount))); $ui->assign('notify_t', 's'); diff --git a/ui/ui/coupons-add.tpl b/ui/ui/coupons-add.tpl index 551a3f93..a838b648 100644 --- a/ui/ui/coupons-add.tpl +++ b/ui/ui/coupons-add.tpl @@ -56,8 +56,8 @@
- -

{Lang::T('Maximum number of times this coupon can be used')}

+ +

{Lang::T('Maximum number of times this coupon can be used 0 is Unlimited')}

diff --git a/ui/ui/coupons-edit.tpl b/ui/ui/coupons-edit.tpl index f6396efb..042bc323 100644 --- a/ui/ui/coupons-edit.tpl +++ b/ui/ui/coupons-edit.tpl @@ -56,9 +56,8 @@
- -

{Lang::T('Maximum number of times this coupon can be - used')}

+ +

{Lang::T('Maximum number of times this coupon can be used 0 is Unlimited')}