kevinowino869/mitrobill
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

case sensitive voucher check

Browse Source
This commit is contained in:
Ibnu Maksum 2024-08-11 19:54:33 +07:00
parent 4d7c2bd373
commit 3f7c17d9b1
No known key found for this signature in database
GPG Key ID: 7FC82848810579E5
4 changed files with 20 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
radius.php
View File

@ -64,7 +64,8 @@ try {
} }
} }
if ($username == $password) { if ($username == $password) {
$d = ORM::for_table('tbl_voucher')->where('code', $username)->find_one(); $username = Text::alphanumeric($username, "-_.,");
$d = ORM::for_table('tbl_voucher')->whereRaw("BINARY `code` = '$username'")->find_one();
} else { } else {
$d = ORM::for_table('tbl_customers')->where('username', $username)->find_one(); $d = ORM::for_table('tbl_customers')->where('username', $username)->find_one();
if ($d['password'] != $password) { if ($d['password'] != $password) {
@ -127,7 +128,8 @@ try {
process_radiust_rest($tur, $code); process_radiust_rest($tur, $code);
} else { } else {
if ($isVoucher) { if ($isVoucher) {
$v = ORM::for_table('tbl_voucher')->where('code', $username)->where('routers', 'radius')->find_one(); $username = Text::alphanumeric($username, "-_.,");
$v = ORM::for_table('tbl_voucher')->whereRaw("BINARY `code` = '$username'")->where('routers', 'radius')->find_one();
if ($v) { if ($v) {
if ($v['status'] == 0) { if ($v['status'] == 0) {
if (Package::rechargeUser(0, $v['routers'], $v['id_plan'], "Voucher", $username)) { if (Package::rechargeUser(0, $v['routers'], $v['id_plan'], "Voucher", $username)) {

8
system/controllers/login.php
View File

@ -57,7 +57,7 @@ switch ($do) {
case 'activation': case 'activation':
if (!empty(_post('voucher_only'))) { if (!empty(_post('voucher_only'))) {
$voucher = _post('voucher_only'); $voucher = Text::alphanumeric(_post('voucher_only'), "-_.,");
$tur = ORM::for_table('tbl_user_recharges') $tur = ORM::for_table('tbl_user_recharges')
->where('username', $voucher) ->where('username', $voucher)
->where('customer_id', '0') // Voucher Only will make customer ID as 0 ->where('customer_id', '0') // Voucher Only will make customer ID as 0
@ -101,7 +101,7 @@ switch ($do) {
_alert(Lang::T('Internet Plan Expired'), 'danger', "login"); _alert(Lang::T('Internet Plan Expired'), 'danger', "login");
} }
} else { } else {
$v = ORM::for_table('tbl_voucher')->where('code', $voucher)->find_one(); $v = ORM::for_table('tbl_voucher')->whereRaw("BINARY `code` = '$voucher'")->find_one();
if (!$v) { if (!$v) {
_alert(Lang::T('Voucher invalid'), 'danger', "login"); _alert(Lang::T('Voucher invalid'), 'danger', "login");
} }
@ -156,9 +156,9 @@ switch ($do) {
} }
} }
} else { } else {
$voucher = _post('voucher'); $voucher = Text::alphanumeric(_post('voucher'), "-_.,");
$username = _post('username'); $username = _post('username');
$v1 = ORM::for_table('tbl_voucher')->where('code', $voucher)->find_one(); $v1 = ORM::for_table('tbl_voucher')->whereRaw("BINARY `code` = '$voucher'")->find_one();
if ($v1) { if ($v1) {
// voucher exists, check customer exists or not // voucher exists, check customer exists or not
$user = ORM::for_table('tbl_customers')->where('username', $username)->find_one(); $user = ORM::for_table('tbl_customers')->where('username', $username)->find_one();

8
system/controllers/plan.php
View File

@ -482,8 +482,8 @@ switch ($action) {
} }
$time3months = strtotime('-3 months'); $time3months = strtotime('-3 months');
$d = ORM::for_table('tbl_voucher')->where_equal('status', '1') $d = ORM::for_table('tbl_voucher')->where_equal('status', '1')
->where_raw("UNIX_TIMESTAMP(used_date) < $time3months") ->where_raw("UNIX_TIMESTAMP(used_date) < $time3months")
->findMany(); ->findMany();
if ($d) { if ($d) {
$jml = 0; $jml = 0;
foreach ($d as $v) { foreach ($d as $v) {
@ -756,9 +756,9 @@ switch ($action) {
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) {
_alert(Lang::T('You do not have permission to access this page'), 'danger', "dashboard"); _alert(Lang::T('You do not have permission to access this page'), 'danger', "dashboard");
} }
$code = _post('code'); $code = Text::alphanumeric(_post('code'), "-_.,");
$user = ORM::for_table('tbl_customers')->where('id', _post('id_customer'))->find_one(); $user = ORM::for_table('tbl_customers')->where('id', _post('id_customer'))->find_one();
$v1 = ORM::for_table('tbl_voucher')->where('code', $code)->where('status', 0)->find_one(); $v1 = ORM::for_table('tbl_voucher')->whereRaw("BINARY `code` = '?'", [$code])->where('status', 0)->find_one();
run_hook('refill_customer'); #HOOK run_hook('refill_customer'); #HOOK
if ($v1) { if ($v1) {

17
system/controllers/voucher.php
View File

@ -1,4 +1,5 @@
<?php <?php
/** /**
* PHP Mikrotik Billing (https://github.com/hotspotbilling/phpnuxbill/) * PHP Mikrotik Billing (https://github.com/hotspotbilling/phpnuxbill/)
* by https://t.me/ibnux * by https://t.me/ibnux
@ -11,19 +12,17 @@ $action = $routes['1'];
$user = User::_info(); $user = User::_info();
$ui->assign('_user', $user); $ui->assign('_user', $user);
require_once 'system/autoload/PEAR2/Autoload.php';
switch ($action) { switch ($action) {
case 'activation': case 'activation':
run_hook('view_activate_voucher'); #HOOK run_hook('view_activate_voucher'); #HOOK
$ui->assign('code', alphanumeric(_get('code'),"-")); $ui->assign('code', alphanumeric(_get('code'), "-_.,"));
$ui->display('user-activation.tpl'); $ui->display('user-activation.tpl');
break; break;
case 'activation-post': case 'activation-post':
$code = _post('code'); $code = alphanumeric(_post('code'), "-_.,");
$v1 = ORM::for_table('tbl_voucher')->where('code', $code)->where('status', 0)->find_one(); $v1 = ORM::for_table('tbl_voucher')->whereRaw("BINARY `code` = '$code'")->where('status', 0)->find_one();
run_hook('customer_activate_voucher'); #HOOK run_hook('customer_activate_voucher'); #HOOK
if ($v1) { if ($v1) {
if (Package::rechargeUser($user['id'], $v1['routers'], $v1['id_plan'], "Voucher", $code)) { if (Package::rechargeUser($user['id'], $v1['routers'], $v1['id_plan'], "Voucher", $code)) {
@ -52,15 +51,15 @@ switch ($action) {
break; break;
case 'invoice': case 'invoice':
$id = $routes[2]; $id = $routes[2];
if(empty($id)){ if (empty($id)) {
$in = ORM::for_table('tbl_transactions')->where('username', $user['username'])->order_by_desc('id')->find_one(); $in = ORM::for_table('tbl_transactions')->where('username', $user['username'])->order_by_desc('id')->find_one();
}else{ } else {
$in = ORM::for_table('tbl_transactions')->where('username', $user['username'])->where('id', $id)->find_one(); $in = ORM::for_table('tbl_transactions')->where('username', $user['username'])->where('id', $id)->find_one();
} }
if($in){ if ($in) {
Package::createInvoice($in); Package::createInvoice($in);
$ui->display('invoice-customer.tpl'); $ui->display('invoice-customer.tpl');
}else{ } else {
r2(U . 'voucher/list-activated', 'e', Lang::T('Not Found')); r2(U . 'voucher/list-activated', 'e', Lang::T('Not Found'));
} }
break; break;