Merge pull request #318 from Focuslinkstech/Development

move miscellaneous to settings sub-menu for quick access

system/autoload/Admin.php

@@ -73,6 +73,7 @@ class Admin
 
         return 0;
     }
+    
     public static function setCookie($aid)
     {
         global $db_pass, $config;

system/controllers/settings.php

@@ -34,11 +34,11 @@ switch ($action) {
                 $dev = pathinfo($file, PATHINFO_FILENAME);
                 require_once $DEVICE_PATH . DIRECTORY_SEPARATOR . $file;
                 $dvc = new $dev;
-                if(method_exists($dvc, 'description')){
+                if (method_exists($dvc, 'description')) {
                     $arr = $dvc->description();
                     $arr['file'] = $dev;
                     $devices[] = $arr;
-                }else{
+                } else {
                     $devices[] = [
                         'title' => $dev,
                         'description' => '',
@@ -116,6 +116,8 @@ switch ($action) {
         $ui->assign('dir', str_replace('controllers', '', __DIR__));
         $ui->assign('themes', $themes);
         run_hook('view_app_settings'); #HOOK
+        $csrf_token = Csrf::generateAndStoreToken();
+        $ui->assign('csrf_token', $csrf_token);
         $ui->display('app-settings.tpl');
         break;
 
@@ -123,6 +125,10 @@ switch ($action) {
         if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
             _alert(Lang::T('You do not have permission to access this page'), 'danger', "dashboard");
         }
+        $csrf_token = _post('csrf_token');
+        if (!Csrf::check($csrf_token)) {
+            r2(U . 'settings/app', 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
+        }
         $company = _post('CompanyName');
         $custom_tax_rate = filter_var(_post('custom_tax_rate'), FILTER_SANITIZE_SPECIAL_CHARS);
         if (preg_match('/[^0-9.]/', $custom_tax_rate)) {
@@ -217,6 +223,8 @@ switch ($action) {
         $ui->assign('tlist', $timezonelist);
         $ui->assign('xjq', ' $("#tzone").select2(); ');
         run_hook('view_localisation'); #HOOK
+        $csrf_token = Csrf::generateAndStoreToken();
+        $ui->assign('csrf_token', $csrf_token);
         $ui->display('app-localisation.tpl');
         break;
 
@@ -224,6 +232,10 @@ switch ($action) {
         if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
             _alert(Lang::T('You do not have permission to access this page'), 'danger', "dashboard");
         }
+        $csrf_token = _post('csrf_token');
+        if (!Csrf::check($csrf_token)) {
+            r2(U . 'settings/app', 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
+        }
         $tzone = _post('tzone');
         $date_format = _post('date_format');
         $country_code_phone = _post('country_code_phone');
@@ -386,6 +398,8 @@ switch ($action) {
         $ui->assign('d', $d);
         $ui->assign('search', $search);
         run_hook('view_list_admin'); #HOOK
+        $csrf_token = Csrf::generateAndStoreToken();
+        $ui->assign('csrf_token', $csrf_token);
         $ui->display('admin.tpl');
         break;
 
@@ -393,6 +407,8 @@ switch ($action) {
         if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent'])) {
             _alert(Lang::T('You do not have permission to access this page'), 'danger', "dashboard");
         }
+        $csrf_token = Csrf::generateAndStoreToken();
+        $ui->assign('csrf_token', $csrf_token);
         $ui->assign('_title', Lang::T('Add User'));
         $ui->assign('agents', ORM::for_table('tbl_users')->where('user_type', 'Agent')->find_many());
         $ui->display('admin-add.tpl');
@@ -422,6 +438,8 @@ switch ($action) {
             }
             $ui->assign('d', $d);
             $ui->assign('_title', $d['username']);
+            $csrf_token = Csrf::generateAndStoreToken();
+            $ui->assign('csrf_token', $csrf_token);
             $ui->display('admin-view.tpl');
         } else {
             r2(U . 'settings/users', 'e', Lang::T('Account Not Found'));
@@ -459,6 +477,8 @@ switch ($action) {
             $ui->assign('id', $id);
             $ui->assign('d', $d);
             run_hook('view_edit_admin'); #HOOK
+            $csrf_token = Csrf::generateAndStoreToken();
+            $ui->assign('csrf_token', $csrf_token);
             $ui->display('admin-edit.tpl');
         } else {
             r2(U . 'settings/users', 'e', Lang::T('Account Not Found'));
@@ -488,6 +508,10 @@ switch ($action) {
         if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent'])) {
             _alert(Lang::T('You do not have permission to access this page'), 'danger', "dashboard");
         }
+        $csrf_token = _post('csrf_token');
+        if (!Csrf::check($csrf_token)) {
+            r2(U . 'settings/users-add', 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
+        }
         $username = _post('username');
         $fullname = _post('fullname');
         $password = _post('password');
@@ -552,6 +576,10 @@ switch ($action) {
         break;
 
     case 'users-edit-post':
+        $csrf_token = _post('csrf_token');
+        if (!Csrf::check($csrf_token)) {
+            r2(U . 'settings/users-edit/', 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
+        }
         $username = _post('username');
         $fullname = _post('fullname');
         $password = _post('password');
@@ -646,11 +674,17 @@ switch ($action) {
 
     case 'change-password':
         run_hook('view_change_password'); #HOOK
+        $csrf_token = Csrf::generateAndStoreToken();
+        $ui->assign('csrf_token', $csrf_token);
         $ui->display('change-password.tpl');
         break;
 
     case 'change-password-post':
         $password = _post('password');
+        $csrf_token = _post('csrf_token');
+        if (!Csrf::check($csrf_token)) {
+            r2(U . 'settings/change-password', 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
+        }
         if ($password != '') {
             $d = ORM::for_table('tbl_users')->where('username', $admin['username'])->find_one();
             run_hook('change_password'); #HOOK
@@ -695,6 +729,9 @@ switch ($action) {
         } else {
             $ui->assign('_json', json_decode(file_get_contents($UPLOAD_PATH . DIRECTORY_SEPARATOR . 'notifications.default.json'), true));
         }
+
+        $csrf_token = Csrf::generateAndStoreToken();
+        $ui->assign('csrf_token', $csrf_token);
         $ui->assign('_default', json_decode(file_get_contents($UPLOAD_PATH . DIRECTORY_SEPARATOR . 'notifications.default.json'), true));
         $ui->display('app-notifications.tpl');
         break;
@@ -702,6 +739,10 @@ switch ($action) {
         if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
             _alert(Lang::T('You do not have permission to access this page'), 'danger', "dashboard");
         }
+        $csrf_token = _post('csrf_token');
+        if (!Csrf::check($csrf_token)) {
+            r2(U . 'settings/notifications', 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
+        }
         file_put_contents($UPLOAD_PATH . "/notifications.json", json_encode($_POST));
         r2(U . 'settings/notifications', 's', Lang::T('Settings Saved Successfully'));
         break;
@@ -807,10 +848,16 @@ switch ($action) {
         } else {
             $ui->assign('langs', []);
         }
+        $csrf_token = Csrf::generateAndStoreToken();
+        $ui->assign('csrf_token', $csrf_token);
         $ui->display('language-add.tpl');
         break;
 
     case 'lang-post':
+        $csrf_token = _post('csrf_token');
+        if (!Csrf::check($csrf_token)) {
+            r2(U . 'settings/language', 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
+        }
         file_put_contents($lan_file, json_encode($_POST, JSON_PRETTY_PRINT));
         r2(U . 'settings/language', 's', Lang::T('Translation saved Successfully'));
         break;
@@ -820,7 +867,12 @@ switch ($action) {
             _alert(Lang::T('You do not have permission to access this page'), 'danger', "dashboard");
             exit;
         }
+
         if (_post('save') == 'save') {
+            $csrf_token = _post('csrf_token');
+            if (!Csrf::check($csrf_token)) {
+                r2(U . 'settings/maintenance', 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
+            }
             $status = isset($_POST['maintenance_mode']) ? 1 : 0; // Checkbox returns 1 if checked, otherwise 0
             $force_logout = isset($_POST['maintenance_mode_logout']) ? 1 : 0; // Checkbox returns 1 if checked, otherwise 0
             $date = isset($_POST['maintenance_date']) ? $_POST['maintenance_date'] : null;
@@ -846,11 +898,45 @@ switch ($action) {
 
             r2(U . "settings/maintenance", 's', Lang::T('Settings Saved Successfully'));
         }
+        $csrf_token = Csrf::generateAndStoreToken();
+        $ui->assign('csrf_token', $csrf_token);
         $ui->assign('_c', $config);
         $ui->assign('_title', Lang::T('Maintenance Mode Settings'));
         $ui->display('maintenance-mode.tpl');
         break;
 
+    case 'miscellaneous':
+        if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
+            _alert(Lang::T('You do not have permission to access this page'), 'danger', "dashboard");
+            exit;
+        }
+        if (_post('save') == 'save') {
+            $csrf_token = _post('csrf_token');
+            if (!Csrf::check($csrf_token)) {
+                r2(U . 'settings/miscellaneous', 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
+            }
+            foreach ($_POST as $key => $value) {
+                $d = ORM::for_table('tbl_appconfig')->where('setting', $key)->find_one();
+                if ($d) {
+                    $d->value = $value;
+                    $d->save();
+                } else {
+                    $d = ORM::for_table('tbl_appconfig')->create();
+                    $d->setting = $key;
+                    $d->value = $value;
+                    $d->save();
+                }
+            }
+
+            r2(U . "settings/miscellaneous", 's', Lang::T('Settings Saved Successfully'));
+        }
+        $csrf_token = Csrf::generateAndStoreToken();
+        $ui->assign('csrf_token', $csrf_token);
+        $ui->assign('_c', $config);
+        $ui->assign('_title', Lang::T('Miscellaneous Settings'));
+        $ui->display('miscellaneous.tpl');
+        break;
+
     default:
         $ui->display('a404.tpl');
 }

ui/ui/admin-add.tpl

@@ -2,6 +2,7 @@
 <!-- user-edit -->
 
 <form class="form-horizontal" method="post" role="form" action="{$_url}settings/users-post">
+    <input type="hidden" name="csrf_token" value="{$csrf_token}">
     <div class="row">
         <div class="col-sm-6 col-md-6">
             <div class="panel panel-primary panel-hovered panel-stacked mb30">

ui/ui/admin-edit.tpl

@@ -2,6 +2,7 @@
 <!-- user-edit -->
 
 <form class="form-horizontal" method="post" role="form" action="{$_url}settings/users-edit-post">
+    <input type="hidden" name="csrf_token" value="{$csrf_token}">
     <div class="row">
         <div class="col-sm-6 col-md-6">
             <div

ui/ui/admin.tpl

@@ -9,6 +9,7 @@
                 <div class="md-whiteframe-z1 mb20 text-center" style="padding: 15px">
                     <div class="col-md-8">
                         <form id="site-search" method="post" action="{$_url}settings/users/">
+                            <input type="hidden" name="csrf_token" value="{$csrf_token}">
                             <div class="input-group">
                                 <div class="input-group-addon">
                                     <span class="fa fa-search"></span>

ui/ui/app-localisation.tpl

@@ -13,6 +13,7 @@
             
             <div class="panel-body">
                 <form class="form-horizontal" method="post" role="form" action="{$_url}settings/localisation-post">
+                    <input type="hidden" name="csrf_token" value="{$csrf_token}">
                     <div class="form-group">
                         <label class="col-md-2 control-label">{Lang::T('Timezone')}</label>
                         <div class="col-md-6">

ui/ui/app-notifications.tpl

@@ -1,6 +1,7 @@
 {include file="sections/header.tpl"}
 
 <form class="form-horizontal" method="post" role="form" action="{$_url}settings/notifications-post">
+    <input type="hidden" name="csrf_token" value="{$csrf_token}">
     <div class="row">
         <div class="col-sm-12 col-md-12">
             <div class="panel panel-primary panel-hovered panel-stacked mb30">

ui/ui/app-settings.tpl

@@ -1,6 +1,7 @@
 {include file="sections/header.tpl"}
 
 <form class="form-horizontal" method="post" role="form" action="{$_url}settings/app-post" enctype="multipart/form-data">
+    <input type="hidden" name="csrf_token" value="{$csrf_token}">
     <div class="row">
         <div class="col-sm-12 col-md-12">
             <div class="panel panel-primary panel-hovered panel-stacked mb30">
@@ -590,174 +591,6 @@
                         </div>
                     </div>
                 </div>
-                <div class="panel-heading" id="miscellaneous">
-                    <div class="btn-group pull-right">
-                        <button class="btn btn-primary btn-xs" title="save" type="submit"><span
-                                class="glyphicon glyphicon-floppy-disk" aria-hidden="true"></span></button>
-                    </div>
-                    {Lang::T('Miscellaneous')}
-                </div>
-                <div class="panel-body">
-                    <div class="form-group">
-                        <label class="col-md-2 control-label">{Lang::T('Enable Session Timeout')}</label>
-                        <div class="col-md-6">
-                            <label class="switch">
-                                <input type="checkbox" id="enable_session_timeout" value="1"
-                                    name="enable_session_timeout" {if $_c['enable_session_timeout']==1}checked{/if}>
-                                <span class="slider"></span>
-                            </label>
-                        </div>
-                        <p class="help-block col-md-4">
-                            {Lang::T('Logout Admin if not Available/Online a period of time')}</p>
-                    </div>
-                    <div class="form-group" id="timeout_duration_input" style="display: none;">
-                        <label class="col-md-2 control-label">{Lang::T('Timeout Duration')}</label>
-                        <div class="col-md-6">
-                            <input type="number" value="{$_c['session_timeout_duration']}" class="form-control"
-                                name="session_timeout_duration" id="session_timeout_duration"
-                                placeholder="{Lang::T('Enter the session timeout duration (minutes)')}" min="1">
-                        </div>
-                        <p class="help-block col-md-4">{Lang::T('Idle Timeout, Logout Admin if Idle for xx minutes')}
-                        </p>
-                    </div>
-                    <div class="form-group">
-                        <label class="col-md-2 control-label">{Lang::T('New Version Notification')}</label>
-                        <div class="col-md-6">
-                            <select name="new_version_notify" id="new_version_notify" class="form-control">
-                                <option value="enable" {if $_c['new_version_notify']=='enable' }selected="selected"
-                                    {/if}>{Lang::T('Enabled')}
-                                </option>
-                                <option value="disable" {if $_c['new_version_notify']=='disable' }selected="selected"
-                                    {/if}>{Lang::T('Disabled')}
-                                </option>
-                            </select>
-                        </div>
-                        <p class="help-block col-md-4">{Lang::T('This is to notify you when new updates is available')}
-                        </p>
-                    </div>
-                    <div class="form-group">
-                        <label class="col-md-2 control-label">{Lang::T('Router Check')}</label>
-                        <div class="col-md-6">
-                            <select name="router_check" id="router_check" class="form-control">
-                                <option value="0" {if $_c['router_check']=='0' }selected="selected" {/if}>
-                                    {Lang::T('Disabled')}
-                                </option>
-                                <option value="1" {if $_c['router_check']=='1' }selected="selected" {/if}>
-                                    {Lang::T('Enabled')}
-                                </option>
-                            </select>
-                        </div>
-                        <p class="help-block col-md-4">
-                            {Lang::T('If enabled, the system will notify Admin when router goes Offline, If admin have 10 or more router and many customers, it will get overlapping, you can disabled')}
-                        </p>
-                    </div>
-                    <div class="form-group">
-                        <label class="col-md-2 control-label">{Lang::T('Phone OTP Required')}</label>
-                        <div class="col-md-6">
-                            <select name="allow_phone_otp" id="allow_phone_otp" class="form-control">
-                                <option value="no" {if $_c['allow_phone_otp']=='no' }selected="selected" {/if}>
-                                    {Lang::T('No')}</option>
-                                <option value="yes" {if $_c['allow_phone_otp']=='yes' }selected="selected" {/if}>
-                                    {Lang::T('Yes')}
-                                </option>
-                            </select>
-                        </div>
-                        <p class="help-block col-md-4">
-                            {Lang::T('OTP is required when user want to change phone number and registration')}
-                        </p>
-                    </div>
-                    <div class="form-group">
-                        <label class="col-md-2 control-label">{Lang::T('OTP Method')}</label>
-                        <div class="col-md-6">
-                            <select name="phone_otp_type" id="phone_otp_type" class="form-control">
-                                <option value="sms" {if $_c['phone_otp_type']=='sms' }selected="selected" {/if}>
-                                    {Lang::T('By SMS')}
-                                <option value="whatsapp" {if $_c['phone_otp_type']=='whatsapp' }selected="selected"
-                                    {/if}> {Lang::T('by WhatsApp')}
-                                <option value="both" {if $_c['phone_otp_type']=='both' }selected="selected" {/if}>
-                                    {Lang::T('By WhatsApp and SMS')}
-                                </option>
-                            </select>
-                        </div>
-                        <p class="help-block col-md-4">{Lang::T('The method which OTP will be sent to user')}</p>
-                    </div>
-                    <div class="form-group">
-                        <label class="col-md-2 control-label">{Lang::T('Email OTP Required')}</label>
-                        <div class="col-md-6">
-                            <select name="allow_email_otp" id="allow_email_otp" class="form-control">
-                                <option value="no" {if $_c['allow_email_otp']=='no' }selected="selected" {/if}>
-                                    {Lang::T('No')}</option>
-                                <option value="yes" {if $_c['allow_email_otp']=='yes' }selected="selected" {/if}>
-                                    {Lang::T('Yes')}
-                                </option>
-                            </select>
-                        </div>
-                        <p class="help-block col-md-4">
-                            {Lang::T('OTP is required when user want to change Email Address')}
-                        </p>
-                    </div>
-                    <div class="form-group">
-                        <label class="col-md-2 control-label">{Lang::T('Extend Package Expiry')}</label>
-                        <div class="col-md-6">
-                            <select name="extend_expiry" id="extend_expiry" class="form-control">
-                                <option value="yes" {if $_c['extend_expiry']!='no' }selected="selected" {/if}>
-                                    {Lang::T('Yes')}</option>
-                                <option value="no" {if $_c['extend_expiry']=='no' }selected="selected" {/if}>
-                                    {Lang::T('No')}</option>
-                            </select>
-                        </div>
-                        <p class="help-block col-md-4">
-                            {Lang::T('If user buy same internet plan, expiry date will extend')}</p>
-                    </div>
-                    <div class="form-group">
-                        <label class="col-md-2 control-label">{Lang::T('Show Bandwidth Plan')}</label>
-                        <div class="col-md-6">
-                            <select name="show_bandwidth_plan" id="show_bandwidth_plan" class="form-control">
-                                <option value="no" {if $_c['show_bandwidth_plan']=='no' }selected="selected" {/if}>
-                                    {Lang::T('No')}</option>
-                                <option value="yes" {if $_c['show_bandwidth_plan']=='yes' }selected="selected" {/if}>
-                                    {Lang::T('Yes')}</option>
-                            </select>
-                        </div>
-                        <p class="help-block col-md-4">
-                            {Lang::T(' for Customer')}</p>
-                    </div>
-                    <div class="form-group">
-                        <label class="col-md-2 control-label">{Lang::T('Hotspot Auth Method')}</label>
-                        <div class="col-md-6">
-                            <select name="hs_auth_method" id="auth_method" class="form-control">
-                                <option value="api" {if $_c['hs_auth_method']=='api' }selected="selected" {/if}>
-                                    {Lang::T('Api')}
-                                </option>
-                                <option value="hchap" {if $_c['hs_auth_method']=='hchap' }selected="selected" {/if}>
-                                    {Lang::T('Http-Chap')}
-                                </option>
-                            </select>
-                        </div>
-                        <p class="help-block col-md-4">
-                            {Lang::T('Hotspot Authentication Method. Make sure you have changed your hotspot login page.')}<br><a
-                                href="https://github.com/agstrxyz/phpnuxbill-login-hotspot" target="_blank">Download
-                                phpnuxbill-login-hotspot</a>
-                        </p>
-                    </div>
-                    <div class="form-group">
-                        <label class="col-md-2 control-label">{Lang::T('Check if Customer Online')}</label>
-                        <div class="col-md-6">
-                            <select name="check_customer_online" id="check_customer_online" class="form-control">
-                                <option value="no">
-                                    {Lang::T('No')}
-                                </option>
-                            <option value="yes" {if $_c['check_customer_online']=='yes' }selected="selected" {/if}>
-                                {Lang::T('Yes')}
-                            </option>
-                            </select>
-                        </div>
-                        <p class="help-block col-md-4">
-                            {Lang::T('This will show is Customer currently is online or not')}
-                        </p>
-                    </div>
-                </div>
-
                 <div class="panel-heading">
                     <div class="btn-group pull-right">
                         <button class="btn btn-primary btn-xs" title="save" type="submit">
@@ -885,37 +718,7 @@ add dst-host=*.{$_domain}</pre>
 </form>
 
 
-<script>
-    document.addEventListener('DOMContentLoaded', function() {
-        var sectionTimeoutCheckbox = document.getElementById('enable_session_timeout');
-        var timeoutDurationInput = document.getElementById('timeout_duration_input');
-        var timeoutDurationField = document.getElementById('session_timeout_duration');
 
-        if (sectionTimeoutCheckbox.checked) {
-            timeoutDurationInput.style.display = 'block';
-            timeoutDurationField.required = true;
-        }
-
-        sectionTimeoutCheckbox.addEventListener('change', function() {
-            if (this.checked) {
-                timeoutDurationInput.style.display = 'block';
-                timeoutDurationField.required = true;
-            } else {
-                timeoutDurationInput.style.display = 'none';
-                timeoutDurationField.required = false;
-            }
-        });
-
-        document.querySelector('form').addEventListener('submit', function(event) {
-            if (sectionTimeoutCheckbox.checked && (!timeoutDurationField.value || isNaN(
-                    timeoutDurationField.value))) {
-                event.preventDefault();
-                alert('Please enter a valid session timeout duration.');
-                timeoutDurationField.focus();
-            }
-        });
-    });
-</script>
 <script>
     function testWa() {
         var target = prompt("Phone number\nSave First before Test", "");

ui/ui/change-password.tpl

@@ -6,6 +6,7 @@
 					<div class="panel-heading">{Lang::T('Change Password')}</div>
 						<div class="panel-body">
 						<form class="form-horizontal" method="post" role="form" action="{$_url}settings/change-password-post">
+							<input type="hidden" name="csrf_token" value="{$csrf_token}">
 							<div class="form-group">
 								<label class="col-md-2 control-label">{Lang::T('Current Password')}</label>
 								<div class="col-md-6">

ui/ui/language-add.tpl

@@ -6,6 +6,7 @@
 			<div class="panel-heading">{Lang::T('Translation')}</div>
 			<div class="panel-body">
 				<form class="form-horizontal" method="post" role="form" action="{$_url}settings/lang-post">
+					<input type="hidden" name="csrf_token" value="{$csrf_token}">
 					{foreach $langs as $lang}
 						<div class="form-group">
 							<div class="col-md-12">

ui/ui/maintenance-mode.tpl

@@ -59,6 +59,7 @@
 </style>
 
 <form class="form-horizontal" method="post" autocomplete="off" role="form" action="">
+    <input type="hidden" name="csrf_token" value="{$csrf_token}">
     <div class="row">
         <div class="col-sm-12 col-md-12">
             <div class="panel panel-primary panel-hovered panel-stacked mb30">

ui/ui/miscellaneous.tpl

@@ -0,0 +1,226 @@
+{include file="sections/header.tpl"}
+
+<form class="form-horizontal" method="post" role="form" action="" enctype="multipart/form-data">
+    <input type="hidden" name="csrf_token" value="{$csrf_token}">
+    <div class="row">
+        <div class="col-sm-12 col-md-12">
+            <div class="panel panel-primary panel-hovered panel-stacked mb30">
+                <div class="panel-heading">
+                    <div class="btn-group pull-right">
+                        <button class="btn btn-primary btn-xs" title="save" name="save" value="save" type="submit"><span
+                                class="glyphicon glyphicon-floppy-disk" aria-hidden="true"></span></button>
+                    </div>
+                    {Lang::T('Miscellaneous')}
+                </div>
+                    <div class="panel-body">
+                        <div class="form-group">
+                            <label class="col-md-2 control-label">{Lang::T('Enable Session Timeout')}</label>
+                            <div class="col-md-6">
+                                <label class="switch">
+                                    <input type="checkbox" id="enable_session_timeout" value="1"
+                                        name="enable_session_timeout" {if $_c['enable_session_timeout']==1}checked{/if}>
+                                    <span class="slider"></span>
+                                </label>
+                            </div>
+                            <p class="help-block col-md-4">
+                                {Lang::T('Logout Admin if not Available/Online a period of time')}</p>
+                        </div>
+                        <div class="form-group" id="timeout_duration_input" style="display: none;">
+                            <label class="col-md-2 control-label">{Lang::T('Timeout Duration')}</label>
+                            <div class="col-md-6">
+                                <input type="number" value="{$_c['session_timeout_duration']}" class="form-control"
+                                    name="session_timeout_duration" id="session_timeout_duration"
+                                    placeholder="{Lang::T('Enter the session timeout duration (minutes)')}" min="1">
+                            </div>
+                            <p class="help-block col-md-4">{Lang::T('Idle Timeout, Logout Admin if Idle for xx
+                                minutes')}
+                            </p>
+                        </div>
+                        <div class="form-group">
+                            <label class="col-md-2 control-label">{Lang::T('New Version Notification')}</label>
+                            <div class="col-md-6">
+                                <select name="new_version_notify" id="new_version_notify" class="form-control">
+                                    <option value="enable" {if $_c['new_version_notify']=='enable' }selected="selected"
+                                        {/if}>{Lang::T('Enabled')}
+                                    </option>
+                                    <option value="disable" {if $_c['new_version_notify']=='disable'
+                                        }selected="selected" {/if}>{Lang::T('Disabled')}
+                                    </option>
+                                </select>
+                            </div>
+                            <p class="help-block col-md-4">{Lang::T('This is to notify you when new updates is
+                                available')}
+                            </p>
+                        </div>
+                        <div class="form-group">
+                            <label class="col-md-2 control-label">{Lang::T('Router Check')}</label>
+                            <div class="col-md-6">
+                                <select name="router_check" id="router_check" class="form-control">
+                                    <option value="0" {if $_c['router_check']=='0' }selected="selected" {/if}>
+                                        {Lang::T('Disabled')}
+                                    </option>
+                                    <option value="1" {if $_c['router_check']=='1' }selected="selected" {/if}>
+                                        {Lang::T('Enabled')}
+                                    </option>
+                                </select>
+                            </div>
+                            <p class="help-block col-md-4">
+                                {Lang::T('If enabled, the system will notify Admin when router goes Offline, If admin
+                                have 10 or more router and many customers, it will get overlapping, you can disabled')}
+                            </p>
+                        </div>
+                        <div class="form-group">
+                            <label class="col-md-2 control-label">{Lang::T('Phone OTP Required')}</label>
+                            <div class="col-md-6">
+                                <select name="allow_phone_otp" id="allow_phone_otp" class="form-control">
+                                    <option value="no" {if $_c['allow_phone_otp']=='no' }selected="selected" {/if}>
+                                        {Lang::T('No')}</option>
+                                    <option value="yes" {if $_c['allow_phone_otp']=='yes' }selected="selected" {/if}>
+                                        {Lang::T('Yes')}
+                                    </option>
+                                </select>
+                            </div>
+                            <p class="help-block col-md-4">
+                                {Lang::T('OTP is required when user want to change phone number and registration')}
+                            </p>
+                        </div>
+                        <div class="form-group">
+                            <label class="col-md-2 control-label">{Lang::T('OTP Method')}</label>
+                            <div class="col-md-6">
+                                <select name="phone_otp_type" id="phone_otp_type" class="form-control">
+                                    <option value="sms" {if $_c['phone_otp_type']=='sms' }selected="selected" {/if}>
+                                        {Lang::T('By SMS')}
+                                    <option value="whatsapp" {if $_c['phone_otp_type']=='whatsapp' }selected="selected"
+                                        {/if}> {Lang::T('by WhatsApp')}
+                                    <option value="both" {if $_c['phone_otp_type']=='both' }selected="selected" {/if}>
+                                        {Lang::T('By WhatsApp and SMS')}
+                                    </option>
+                                </select>
+                            </div>
+                            <p class="help-block col-md-4">{Lang::T('The method which OTP will be sent to user')}</p>
+                        </div>
+                        <div class="form-group">
+                            <label class="col-md-2 control-label">{Lang::T('Email OTP Required')}</label>
+                            <div class="col-md-6">
+                                <select name="allow_email_otp" id="allow_email_otp" class="form-control">
+                                    <option value="no" {if $_c['allow_email_otp']=='no' }selected="selected" {/if}>
+                                        {Lang::T('No')}</option>
+                                    <option value="yes" {if $_c['allow_email_otp']=='yes' }selected="selected" {/if}>
+                                        {Lang::T('Yes')}
+                                    </option>
+                                </select>
+                            </div>
+                            <p class="help-block col-md-4">
+                                {Lang::T('OTP is required when user want to change Email Address')}
+                            </p>
+                        </div>
+                        <div class="form-group">
+                            <label class="col-md-2 control-label">{Lang::T('Extend Package Expiry')}</label>
+                            <div class="col-md-6">
+                                <select name="extend_expiry" id="extend_expiry" class="form-control">
+                                    <option value="yes" {if $_c['extend_expiry']!='no' }selected="selected" {/if}>
+                                        {Lang::T('Yes')}</option>
+                                    <option value="no" {if $_c['extend_expiry']=='no' }selected="selected" {/if}>
+                                        {Lang::T('No')}</option>
+                                </select>
+                            </div>
+                            <p class="help-block col-md-4">
+                                {Lang::T('If user buy same internet plan, expiry date will extend')}</p>
+                        </div>
+                        <div class="form-group">
+                            <label class="col-md-2 control-label">{Lang::T('Show Bandwidth Plan')}</label>
+                            <div class="col-md-6">
+                                <select name="show_bandwidth_plan" id="show_bandwidth_plan" class="form-control">
+                                    <option value="no" {if $_c['show_bandwidth_plan']=='no' }selected="selected" {/if}>
+                                        {Lang::T('No')}</option>
+                                    <option value="yes" {if $_c['show_bandwidth_plan']=='yes' }selected="selected"
+                                        {/if}>
+                                        {Lang::T('Yes')}</option>
+                                </select>
+                            </div>
+                            <p class="help-block col-md-4">
+                                {Lang::T(' for Customer')}</p>
+                        </div>
+                        <div class="form-group">
+                            <label class="col-md-2 control-label">{Lang::T('Hotspot Auth Method')}</label>
+                            <div class="col-md-6">
+                                <select name="hs_auth_method" id="auth_method" class="form-control">
+                                    <option value="api" {if $_c['hs_auth_method']=='api' }selected="selected" {/if}>
+                                        {Lang::T('Api')}
+                                    </option>
+                                    <option value="hchap" {if $_c['hs_auth_method']=='hchap' }selected="selected" {/if}>
+                                        {Lang::T('Http-Chap')}
+                                    </option>
+                                </select>
+                            </div>
+                            <p class="help-block col-md-4">
+                                {Lang::T('Hotspot Authentication Method. Make sure you have changed your hotspot login
+                                page.')}<br><a href="https://github.com/agstrxyz/phpnuxbill-login-hotspot"
+                                    target="_blank">Download
+                                    phpnuxbill-login-hotspot</a>
+                            </p>
+                        </div>
+                        <div class="form-group">
+                            <label class="col-md-2 control-label">{Lang::T('Check if Customer Online')}</label>
+                            <div class="col-md-6">
+                                <select name="check_customer_online" id="check_customer_online" class="form-control">
+                                    <option value="no">
+                                        {Lang::T('No')}
+                                    </option>
+                                    <option value="yes" {if $_c['check_customer_online']=='yes' }selected="selected"
+                                        {/if}>
+                                        {Lang::T('Yes')}
+                                    </option>
+                                </select>
+                            </div>
+                            <p class="help-block col-md-4">
+                                {Lang::T('This will show is Customer currently is online or not')}
+                            </p>
+                        </div>
+                    </div>
+                </div>
+
+                <div class="panel-body">
+                    <div class="form-group">
+                        <button class="btn btn-success btn-block" name="save" value="save" type="submit">
+                            {Lang::T('Save Changes')}
+                        </button>
+                    </div>
+                </div>
+            </div>
+        </div>
+</form>
+
+
+<script>
+    document.addEventListener('DOMContentLoaded', function () {
+        var sectionTimeoutCheckbox = document.getElementById('enable_session_timeout');
+        var timeoutDurationInput = document.getElementById('timeout_duration_input');
+        var timeoutDurationField = document.getElementById('session_timeout_duration');
+
+        if (sectionTimeoutCheckbox.checked) {
+            timeoutDurationInput.style.display = 'block';
+            timeoutDurationField.required = true;
+        }
+
+        sectionTimeoutCheckbox.addEventListener('change', function () {
+            if (this.checked) {
+                timeoutDurationInput.style.display = 'block';
+                timeoutDurationField.required = true;
+            } else {
+                timeoutDurationInput.style.display = 'none';
+                timeoutDurationField.required = false;
+            }
+        });
+
+        document.querySelector('form').addEventListener('submit', function (event) {
+            if (sectionTimeoutCheckbox.checked && (!timeoutDurationField.value || isNaN(
+                timeoutDurationField.value))) {
+                event.preventDefault();
+                alert('Please enter a valid session timeout duration.');
+                timeoutDurationField.focus();
+            }
+        });
+    });
+</script>
+{include file="sections/footer.tpl"}

ui/ui/sections/header.tpl

@@ -1414,6 +1414,8 @@
                                         href="{$_url}settings/app">{Lang::T('General Settings')}</a></li>
                                 <li {if $_routes[1] eq 'localisation' }class="active" {/if}><a
                                         href="{$_url}settings/localisation">{Lang::T('Localisation')}</a></li>
+                                <li {if $_routes[1] eq 'miscellaneous' }class="active" {/if}><a
+                                            href="{$_url}settings/miscellaneous">{Lang::T('Miscellaneous')}</a></li>
                                 <li {if $_routes[1] eq 'maintenance' }class="active" {/if}><a
                                         href="{$_url}settings/maintenance">{Lang::T('Maintenance Mode')}</a></li>
                                 <li {if $_routes[1] eq 'notifications' }class="active" {/if}><a