kevinowino869/mitrobill
1
0
Fork 1
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Update home.php

Browse Source 
fix token to prevent double recharge
This commit is contained in:
iBNu Maksum 2024-04-15 09:06:26 +07:00 committed by GitHub
parent 92a2690ec6
commit 419595554b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
system/controllers/home.php
View File

@ -92,6 +92,10 @@ if (_post('send') == 'balance') {
$ui->assign('_bills', User::_billing()); $ui->assign('_bills', User::_billing());
if (isset($_GET['recharge']) && !empty($_GET['recharge'])) { if (isset($_GET['recharge']) && !empty($_GET['recharge'])) {
if(!empty(App::getTokenValue($_GET['stoken']))){
r2(U . "voucher/invoice/");
die();
}
$bill = ORM::for_table('tbl_user_recharges')->where('id', $_GET['recharge'])->where('username', $user['username'])->findOne(); $bill = ORM::for_table('tbl_user_recharges')->where('id', $_GET['recharge'])->where('username', $user['username'])->findOne();
if ($bill) { if ($bill) {
if ($bill['routers'] == 'radius') { if ($bill['routers'] == 'radius') {
@ -106,7 +110,7 @@ if (isset($_GET['recharge']) && !empty($_GET['recharge'])) {
r2(U . "home", 'e', 'Plan is not exists'); r2(U . "home", 'e', 'Plan is not exists');
} }
if ($user['balance'] > $plan['price']) { if ($user['balance'] > $plan['price']) {
r2(U . "order/pay/$router/$bill[plan_id]", 'e', 'Order Plan'); r2(U . "order/pay/$router/$bill[plan_id]&stoken=".$_GET['stoken'], 'e', 'Order Plan');
} else { } else {
r2(U . "order/buy/$router/$bill[plan_id]", 'e', 'Order Plan'); r2(U . "order/buy/$router/$bill[plan_id]", 'e', 'Order Plan');
} }