kevinowino869/mitrobill
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

REMOVE CSRF (annoying when refresh page) when open edit customer page, add upload photo when edit Customer

Browse Source
This commit is contained in:
iBNu Maksum 2024-10-31 13:36:43 +07:00
parent db8affce1f
commit 51811bd753
No known key found for this signature in database
GPG Key ID: 7FC82848810579E5
4 changed files with 102 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
system/controllers/customers.php
View File

@ -305,8 +305,6 @@ switch ($action) {
$customer = ORM::for_table('tbl_customers')->find_one($id);
}
if ($customer) {
// Fetch the Customers Attributes values from the tbl_customer_custom_fields table
$customFields = ORM::for_table('tbl_customers_fields')
->where('customer_id', $customer['id'])
@ -341,10 +339,6 @@ switch ($action) {
_alert(Lang::T('You do not have permission to access this page'), 'danger', "dashboard");
}
$id = $routes['2'];
$csrf_token = _req('token');
if (!Csrf::check($csrf_token)) {
r2(U . 'customers/view/' . $id, 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
}
run_hook('edit_customer'); #HOOK
$d = ORM::for_table('tbl_customers')->find_one($id);
// Fetch the Customers Attributes values from the tbl_customers_fields table
@ -352,6 +346,23 @@ switch ($action) {
->where('customer_id', $id)
->find_many();
if ($d) {
if(isset($routes['3']) && $routes['3'] == 'deletePhoto'){
if($d['photo'] != '' && $d['photo'] != '/user.default.jpg'){
if(file_exists($UPLOAD_PATH.$d['photo'])){
unlink($UPLOAD_PATH.$d['photo']);
if(file_exists($UPLOAD_PATH.$d['photo'].'.thumb.jpg')){
unlink($UPLOAD_PATH.$d['photo'].'.thumb.jpg');
}
}
$d->photo = '/user.default.jpg';
$d->save();
$ui->assign('notify_t', 's');
$ui->assign('notify', 'You have successfully deleted the photo');
}else{
$ui->assign('notify_t', 'e');
$ui->assign('notify', 'No photo found to delete');
}
}
$ui->assign('d', $d);
$ui->assign('statuses', ORM::for_table('tbl_customers')->getEnum("status"));
$ui->assign('customFields', $customFields);
@ -617,6 +628,54 @@ switch ($action) {
}
if ($msg == '') {
if (!empty($_FILES['photo']['name'])) {
if (function_exists('imagecreatetruecolor')) {
$hash = md5_file($_FILES['photo']['tmp_name']);
$subfolder = substr($hash, 0, 2);
$folder = $UPLOAD_PATH . DIRECTORY_SEPARATOR . 'photos'. DIRECTORY_SEPARATOR;
if(!file_exists($folder)){
mkdir($folder);
}
$folder = $UPLOAD_PATH . DIRECTORY_SEPARATOR . 'photos'. DIRECTORY_SEPARATOR. $subfolder. DIRECTORY_SEPARATOR;
if(!file_exists($folder)){
mkdir($folder);
}
$imgPath = $folder . $hash . '.jpg';
if (!file_exists($imgPath)){
File::resizeCropImage($_FILES['photo']['tmp_name'], $imgPath, 1600, 1600, 100);
}
if (!file_exists($imgPath.'.thumb.jpg')){
if(_post('faceDetect') == 'yes'){
try{
$detector = new svay\FaceDetector();
$detector->setTimeout(5000);
$detector->faceDetect($imgPath);
$detector->cropFaceToJpeg($imgPath.'.thumb.jpg', false);
}catch (Exception $e) {
File::makeThumb($imgPath, $imgPath.'.thumb.jpg', 200);
} catch (Throwable $e) {
File::makeThumb($imgPath, $imgPath.'.thumb.jpg', 200);
}
}else{
File::makeThumb($imgPath, $imgPath.'.thumb.jpg', 200);
}
}
if(file_exists($imgPath)){
if($c['photo'] != ''){
if(file_exists($UPLOAD_PATH.$d['photo'])){
unlink($UPLOAD_PATH.$d['photo']);
if(file_exists($UPLOAD_PATH.$d['photo'].'.thumb.jpg')){
unlink($UPLOAD_PATH.$d['photo'].'.thumb.jpg');
}
}
}
$c->photo = '/photos/'. $subfolder. '/'. $hash. '.jpg';
}
if (file_exists($_FILES['photo']['tmp_name'])) unlink($_FILES['photo']['tmp_name']);
} else {
r2(U . 'settings/app', 'e', 'PHP GD is not installed');
}
}
if ($userDiff) {
$c->username = $username;
}

4
system/lan/indonesia.json
View File

@ -765,5 +765,7 @@
"Username_should_be_between_3_to_45_characters": "Nama pengguna harus terdiri dari 3 hingga 45 karakter",
"Single_session_Admin": "Sesi Tunggal Admin",
"Admin_can_only_have_single_session_login__it_will_logout_another_session": "Admin hanya dapat memiliki login satu sesi, maka akan keluar dari sesi berikutnya",
"For_Registration_and_Update_Phone_Number": "Untuk Registrasi dan Update Nomor Telepon"
"For_Registration_and_Update_Phone_Number": "Untuk Registrasi dan Update Nomor Telepon",
"Login_as_Customer": "Masuk sebagai Pelanggan",
"Invalid_or_Expired_CSRF_Token": "Token CSRF Tidak Valid atau Kedaluwarsa"
}

37
ui/ui/customers-edit.tpl
View File

@ -1,6 +1,6 @@
{include file="sections/header.tpl"}
<form class="form-horizontal" method="post" role="form" action="{$_url}customers/edit-post">
<form class="form-horizontal" enctype="multipart/form-data" method="post" role="form" action="{$_url}customers/edit-post">
<input type="hidden" name="csrf_token" value="{$csrf_token}">
<div class="row">
<div class="col-md-6">
@ -8,7 +8,21 @@
class="panel panel-{if $d['status']=='Active'}primary{else}danger{/if} panel-hovered panel-stacked mb30">
<div class="panel-heading">{Lang::T('Edit Contact')}</div>
<div class="panel-body">
<center>
<img src="{$UPLOAD_PATH}{$d['photo']}.thumb.jpg" width="200"
onerror="this.src='{$UPLOAD_PATH}/user.default.jpg'" class="img-circle img-responsive"
alt="Foto" onclick="return deletePhoto({$d['id']})">
</center><br>
<input type="hidden" name="id" value="{$d['id']}">
<div class="form-group">
<label class="col-md-3 col-xs-12 control-label">{Lang::T('Photo')}</label>
<div class="col-md-6 col-xs-8">
<input type="file" class="form-control" name="photo">
</div>
<div class="form-group col-md-3 col-xs-4">
<label class=""><input type="checkbox" checked name="faceDetect" value="yes"> Facedetect</label>
</div>
</div>
<div class="form-group">
<label class="col-md-3 control-label">{Lang::T('Username')}</label>
<div class="col-md-9">
@ -121,7 +135,8 @@
<div class="panel-heading">PPPOE</div>
<div class="panel-body">
<div class="form-group">
<label class="col-md-3 control-label">{Lang::T('Username')} <span class="label label-danger" id="warning_username"></span></label>
<label class="col-md-3 control-label">{Lang::T('Username')} <span class="label label-danger"
id="warning_username"></span></label>
<div class="col-md-9">
<input type="username" class="form-control" id="pppoe_username" name="pppoe_username"
onkeyup="checkUsername(this, {$d['id']})" value="{$d['pppoe_username']}">
@ -137,7 +152,8 @@
</div>
</div>
<div class="form-group">
<label class="col-md-3 control-label">Remote IP <span class="label label-danger" id="warning_ip"></span></label>
<label class="col-md-3 control-label">Remote IP <span class="label label-danger"
id="warning_ip"></span></label>
<div class="col-md-9">
<input type="text" class="form-control" id="pppoe_ip" name="pppoe_ip"
onkeyup="checkIP(this, {$d['id']})" value="{$d['pppoe_ip']}">
@ -227,7 +243,8 @@
</div>
</div>
<center>
<button class="btn btn-primary" onclick="return confirm('Continue the Customer Data change process?')" type="submit">
<button class="btn btn-primary" onclick="return confirm('Continue the Customer Data change process?')"
type="submit">
{Lang::T('Save Changes')}
</button>
<br><a href="{$_url}customers/list" class="btn btn-link">{Lang::T('Cancel')}</a>
@ -311,4 +328,14 @@
</script>
{/literal}
{include file="sections/footer.tpl"}
<script>
function deletePhoto(id) {
if (confirm('Delete photo?')) {
if (confirm('Are you sure to delete photo?')) {
window.location.href = '{$_url}customers/edit/'+id+'/deletePhoto'
}
}
}
</script>
{include file="sections/footer.tpl"}

3
ui/ui/customers-view.tpl
View File

@ -5,7 +5,8 @@
<div class="box box-{if $d['status']=='Active'}primary{else}danger{/if}">
<div class="box-body box-profile">
<img class="profile-user-img img-responsive img-circle"
src="https://robohash.org/{$d['id']}?set=set3&size=100x100&bgset=bg1"
onclick="window.location.href = '{$UPLOAD_PATH}{$d['photo']}'"
src="{$UPLOAD_PATH}{$d['photo']}.thumb.jpg"
onerror="this.src='{$UPLOAD_PATH}/user.default.jpg'" alt="avatar">
<h3 class="profile-username text-center">{$d['fullname']}</h3>
<ul class="list-group list-group-unbordered">