From 5682aeb0b11518bde2ee7fcc62639dc0bd4cef45 Mon Sep 17 00:00:00 2001 From: Ibnu Maksum Date: Mon, 8 Nov 2021 19:56:30 +0700 Subject: [PATCH] sha1 --- system/autoload/Password.php | 31 ++- system/controllers/settings.php | 439 ++++++++++++++++---------------- 2 files changed, 237 insertions(+), 233 deletions(-) diff --git a/system/autoload/Password.php b/system/autoload/Password.php index 98492114..3d7a8c2b 100644 --- a/system/autoload/Password.php +++ b/system/autoload/Password.php @@ -1,34 +1,39 @@ assign('_title', $_L['Settings'].'- '. $config['CompanyName']); +$ui->assign('_title', $_L['Settings'] . '- ' . $config['CompanyName']); $ui->assign('_system_menu', 'settings'); $action = $routes['1']; @@ -17,84 +18,84 @@ $ui->assign('_admin', $admin); switch ($action) { case 'app': - if($admin['user_type'] != 'Admin'){ - r2(U."dashboard",'e',$_L['Do_Not_Access']); - } - + if ($admin['user_type'] != 'Admin') { + r2(U . "dashboard", 'e', $_L['Do_Not_Access']); + } + $ui->display('app-settings.tpl'); break; - + case 'localisation': - if($admin['user_type'] != 'Admin'){ - r2(U."dashboard",'e',$_L['Do_Not_Access']); - } - $lan = ORM::for_table('tbl_language')->find_many(); - $ui->assign('lan',$lan); - + if ($admin['user_type'] != 'Admin') { + r2(U . "dashboard", 'e', $_L['Do_Not_Access']); + } + $lan = ORM::for_table('tbl_language')->find_many(); + $ui->assign('lan', $lan); + $timezonelist = Timezone::timezoneList(); - $ui->assign('tlist',$timezonelist); + $ui->assign('tlist', $timezonelist); $ui->assign('xjq', ' $("#tzone").select2(); '); $ui->display('app-localisation.tpl'); break; - + case 'users': - if($admin['user_type'] != 'Admin'){ - r2(U."dashboard",'e',$_L['Do_Not_Access']); - } - + if ($admin['user_type'] != 'Admin') { + r2(U . "dashboard", 'e', $_L['Do_Not_Access']); + } + $ui->assign('xfooter', ''); - - $username = _post('username'); - if ($username != ''){ - $paginator = Paginator::bootstrap('tbl_users','username','%'.$username.'%'); - $d = ORM::for_table('tbl_users')->where_like('username','%'.$username.'%')->offset($paginator['startpoint'])->limit($paginator['limit'])->order_by_asc('id')->find_many(); - }else{ - $paginator = Paginator::bootstrap('tbl_users'); - $d = ORM::for_table('tbl_users')->offset($paginator['startpoint'])->limit($paginator['limit'])->order_by_asc('id')->find_many(); - } - - $ui->assign('d',$d); - $ui->assign('paginator',$paginator); + + $username = _post('username'); + if ($username != '') { + $paginator = Paginator::bootstrap('tbl_users', 'username', '%' . $username . '%'); + $d = ORM::for_table('tbl_users')->where_like('username', '%' . $username . '%')->offset($paginator['startpoint'])->limit($paginator['limit'])->order_by_asc('id')->find_many(); + } else { + $paginator = Paginator::bootstrap('tbl_users'); + $d = ORM::for_table('tbl_users')->offset($paginator['startpoint'])->limit($paginator['limit'])->order_by_asc('id')->find_many(); + } + + $ui->assign('d', $d); + $ui->assign('paginator', $paginator); $ui->display('users.tpl'); break; case 'users-add': - if($admin['user_type'] != 'Admin'){ - r2(U."dashboard",'e',$_L['Do_Not_Access']); - } - + if ($admin['user_type'] != 'Admin') { + r2(U . "dashboard", 'e', $_L['Do_Not_Access']); + } + $ui->display('users-add.tpl'); break; case 'users-edit': - if($admin['user_type'] != 'Admin'){ - r2(U."dashboard",'e',$_L['Do_Not_Access']); - } - + if ($admin['user_type'] != 'Admin') { + r2(U . "dashboard", 'e', $_L['Do_Not_Access']); + } + $id = $routes['2']; $d = ORM::for_table('tbl_users')->find_one($id); - if($d){ - $ui->assign('d',$d); + if ($d) { + $ui->assign('d', $d); $ui->display('users-edit.tpl'); - }else{ + } else { r2(U . 'settings/users', 'e', $_L['Account_Not_Found']); } break; case 'users-delete': - if($admin['user_type'] != 'Admin'){ - r2(U."dashboard",'e',$_L['Do_Not_Access']); - } - + if ($admin['user_type'] != 'Admin') { + r2(U . "dashboard", 'e', $_L['Do_Not_Access']); + } + $id = $routes['2']; - if(($admin['id']) == $id){ + if (($admin['id']) == $id) { r2(U . 'settings/users', 'e', 'Sorry You can\'t delete yourself'); } $d = ORM::for_table('tbl_users')->find_one($id); - if($d){ + if ($d) { $d->delete(); r2(U . 'settings/users', 's', $_L['User_Delete_Ok']); - }else{ + } else { r2(U . 'settings/users', 'e', $_L['Account_Not_Found']); } break; @@ -106,39 +107,39 @@ switch ($action) { $cpassword = _post('cpassword'); $user_type = _post('user_type'); $msg = ''; - if(Validator::Length($username,16,2) == false){ - $msg .= 'Username should be between 3 to 15 characters'. '
'; + if (Validator::Length($username, 16, 2) == false) { + $msg .= 'Username should be between 3 to 15 characters' . '
'; } - if(Validator::Length($fullname,26,2) == false){ - $msg .= 'Full Name should be between 3 to 25 characters'. '
'; + if (Validator::Length($fullname, 26, 2) == false) { + $msg .= 'Full Name should be between 3 to 25 characters' . '
'; } - if(!Validator::Length($password,15,5)){ - $msg .= 'Password should be between 6 to 15 characters'. '
'; + if (!Validator::Length($password, 15, 5)) { + $msg .= 'Password should be between 6 to 15 characters' . '
'; } - if($password != $cpassword){ - $msg .= 'Passwords does not match'. '
'; + if ($password != $cpassword) { + $msg .= 'Passwords does not match' . '
'; } - $d = ORM::for_table('tbl_users')->where('username',$username)->find_one(); - if($d){ - $msg .= $_L['account_already_exist']. '
'; + $d = ORM::for_table('tbl_users')->where('username', $username)->find_one(); + if ($d) { + $msg .= $_L['account_already_exist'] . '
'; } - $date_now = date("Y-m-d H:i:s"); - if($msg == ''){ + $date_now = date("Y-m-d H:i:s"); + if ($msg == '') { $password = Password::_crypt($password); $d = ORM::for_table('tbl_users')->create(); $d->username = $username; - $d->fullname = $fullname; + $d->fullname = $fullname; $d->password = $password; $d->user_type = $user_type; - $d->status = 'Active'; - $d->creationdate = $date_now; - + $d->status = 'Active'; + $d->creationdate = $date_now; + $d->save(); - - _log('['.$admin['username'].']: '.$_L['account_created_successfully'],'Admin',$admin['id']); + + _log('[' . $admin['username'] . ']: ' . $_L['account_created_successfully'], 'Admin', $admin['id']); r2(U . 'settings/users', 's', $_L['account_created_successfully']); - }else{ + } else { r2(U . 'settings/users-add', 'e', $msg); } break; @@ -150,54 +151,54 @@ switch ($action) { $cpassword = _post('cpassword'); $msg = ''; - if(Validator::Length($username,16,2) == false){ - $msg .= 'Username should be between 3 to 15 characters'. '
'; + if (Validator::Length($username, 16, 2) == false) { + $msg .= 'Username should be between 3 to 15 characters' . '
'; } - if(Validator::Length($fullname,26,2) == false){ - $msg .= 'Full Name should be between 3 to 25 characters'. '
'; + if (Validator::Length($fullname, 26, 2) == false) { + $msg .= 'Full Name should be between 3 to 25 characters' . '
'; } - if($password != ''){ - if(!Validator::Length($password,15,5)){ - $msg .= 'Password should be between 6 to 15 characters'. '
'; + if ($password != '') { + if (!Validator::Length($password, 15, 5)) { + $msg .= 'Password should be between 6 to 15 characters' . '
'; } - if($password != $cpassword){ - $msg .= 'Passwords does not match'. '
'; + if ($password != $cpassword) { + $msg .= 'Passwords does not match' . '
'; } } $id = _post('id'); $d = ORM::for_table('tbl_users')->find_one($id); - if($d){ - }else{ - $msg .= $_L['Data_Not_Found']. '
'; + if ($d) { + } else { + $msg .= $_L['Data_Not_Found'] . '
'; } - if($d['username'] != $username){ - $c = ORM::for_table('tbl_users')->where('username',$username)->find_one(); - if($c){ - $msg .= $_L['account_already_exist']. '
'; + if ($d['username'] != $username) { + $c = ORM::for_table('tbl_users')->where('username', $username)->find_one(); + if ($c) { + $msg .= $_L['account_already_exist'] . '
'; } } - if($msg == ''){ + if ($msg == '') { $d->username = $username; - if($password != ''){ + if ($password != '') { $password = Password::_crypt($password); $d->password = $password; } $d->fullname = $fullname; - if(($admin['id']) != $id){ + if (($admin['id']) != $id) { $user_type = _post('user_type'); $d->user_type = $user_type; } $d->save(); - - _log('['.$admin['username'].']: '.$_L['User_Updated_Successfully'],'Admin',$admin['id']); + + _log('[' . $admin['username'] . ']: ' . $_L['User_Updated_Successfully'], 'Admin', $admin['id']); r2(U . 'settings/users', 's', 'User Updated Successfully'); - }else{ - r2(U . 'settings/users-edit/'.$id, 'e', $msg); + } else { + r2(U . 'settings/users-edit/' . $id, 'e', $msg); } break; @@ -205,156 +206,156 @@ switch ($action) { $company = _post('company'); $theme = _post('theme'); $address = _post('address'); - if($company == '' OR $theme == '' OR $address == ''){ - r2(U.'settings/app','e',$_L['All_field_is_required']); - }else{ - $d = ORM::for_table('tbl_appconfig')->where('setting','CompanyName')->find_one(); + if ($company == '' or $theme == '' or $address == '') { + r2(U . 'settings/app', 'e', $_L['All_field_is_required']); + } else { + $d = ORM::for_table('tbl_appconfig')->where('setting', 'CompanyName')->find_one(); $d->value = $company; $d->save(); - - $d = ORM::for_table('tbl_appconfig')->where('setting','address')->find_one(); + + $d = ORM::for_table('tbl_appconfig')->where('setting', 'address')->find_one(); $d->value = $address; $d->save(); - - $phone = _post('phone'); - $d = ORM::for_table('tbl_appconfig')->where('setting','phone')->find_one(); + + $phone = _post('phone'); + $d = ORM::for_table('tbl_appconfig')->where('setting', 'phone')->find_one(); $d->value = $phone; $d->save(); - - $d = ORM::for_table('tbl_appconfig')->where('setting','theme')->find_one(); + + $d = ORM::for_table('tbl_appconfig')->where('setting', 'theme')->find_one(); $d->value = $theme; $d->save(); - - $note = _post('note'); - $d = ORM::for_table('tbl_appconfig')->where('setting','note')->find_one(); + + $note = _post('note'); + $d = ORM::for_table('tbl_appconfig')->where('setting', 'note')->find_one(); $d->value = $note; $d->save(); - - _log('['.$admin['username'].']: '.$_L['Settings_Saved_Successfully'],'Admin',$admin['id']); - - r2(U.'settings/app','s',$_L['Settings_Saved_Successfully']); + + _log('[' . $admin['username'] . ']: ' . $_L['Settings_Saved_Successfully'], 'Admin', $admin['id']); + + r2(U . 'settings/app', 's', $_L['Settings_Saved_Successfully']); } break; - + case 'localisation-post': $tzone = _post('tzone'); $date_format = _post('date_format'); $lan = _post('lan'); - if($tzone == '' OR $date_format == '' OR $lan == ''){ - r2(U.'settings/app','e',$_L['All_field_is_required']); - }else{ - $d = ORM::for_table('tbl_appconfig')->where('setting','timezone')->find_one(); + if ($tzone == '' or $date_format == '' or $lan == '') { + r2(U . 'settings/app', 'e', $_L['All_field_is_required']); + } else { + $d = ORM::for_table('tbl_appconfig')->where('setting', 'timezone')->find_one(); $d->value = $tzone; $d->save(); - $d = ORM::for_table('tbl_appconfig')->where('setting','date_format')->find_one(); + $d = ORM::for_table('tbl_appconfig')->where('setting', 'date_format')->find_one(); $d->value = $date_format; $d->save(); - + $dec_point = $_POST['dec_point']; - if(strlen($dec_point) == '1'){ - $d = ORM::for_table('tbl_appconfig')->where('setting','dec_point')->find_one(); + if (strlen($dec_point) == '1') { + $d = ORM::for_table('tbl_appconfig')->where('setting', 'dec_point')->find_one(); $d->value = $dec_point; $d->save(); } $thousands_sep = $_POST['thousands_sep']; - if(strlen($thousands_sep) == '1'){ - $d = ORM::for_table('tbl_appconfig')->where('setting','thousands_sep')->find_one(); + if (strlen($thousands_sep) == '1') { + $d = ORM::for_table('tbl_appconfig')->where('setting', 'thousands_sep')->find_one(); $d->value = $thousands_sep; $d->save(); } $currency_code = $_POST['currency_code']; - $d = ORM::for_table('tbl_appconfig')->where('setting','currency_code')->find_one(); + $d = ORM::for_table('tbl_appconfig')->where('setting', 'currency_code')->find_one(); $d->value = $currency_code; $d->save(); - - $d = ORM::for_table('tbl_appconfig')->where('setting','language')->find_one(); + + $d = ORM::for_table('tbl_appconfig')->where('setting', 'language')->find_one(); $d->value = $lan; $d->save(); - - _log('['.$admin['username'].']: '.$_L['Settings_Saved_Successfully'],'Admin',$admin['id']); - r2(U.'settings/localisation','s',$_L['Settings_Saved_Successfully']); + + _log('[' . $admin['username'] . ']: ' . $_L['Settings_Saved_Successfully'], 'Admin', $admin['id']); + r2(U . 'settings/localisation', 's', $_L['Settings_Saved_Successfully']); } break; - + case 'change-password': - if($admin['user_type'] != 'Admin' AND $admin['user_type'] != 'Sales'){ - r2(U."dashboard",'e',$_L['Do_Not_Access']); - } - + if ($admin['user_type'] != 'Admin' and $admin['user_type'] != 'Sales') { + r2(U . "dashboard", 'e', $_L['Do_Not_Access']); + } + $ui->display('change-password.tpl'); break; case 'change-password-post': $password = _post('password'); - if($password != ''){ - $d = ORM::for_table('tbl_users')->where('username',$admin['username'])->find_one(); - if($d){ + if ($password != '') { + $d = ORM::for_table('tbl_users')->where('username', $admin['username'])->find_one(); + if ($d) { $d_pass = $d['password']; - if(Password::_verify($password,$d_pass) == true){ + if (Password::_verify($password, $d_pass) == true) { $npass = _post('npass'); $cnpass = _post('cnpass'); - if(!Validator::Length($npass,15,5)){ - r2(U.'settings/change-password','e','New Password must be 6 to 14 character'); + if (!Validator::Length($npass, 15, 5)) { + r2(U . 'settings/change-password', 'e', 'New Password must be 6 to 14 character'); } - if($npass != $cnpass){ - r2(U.'settings/change-password','e','Both Password should be same'); + if ($npass != $cnpass) { + r2(U . 'settings/change-password', 'e', 'Both Password should be same'); } - + $npass = Password::_crypt($npass); $d->password = $npass; $d->save(); - - _msglog('s',$_L['Password_Changed_Successfully']); - _log('['.$admin['username'].']: Password changed successfully','Admin',$admin['id']); - - r2(U.'admin'); - }else{ - r2(U.'settings/change-password','e',$_L['Incorrect_Current_Password']); + + _msglog('s', $_L['Password_Changed_Successfully']); + _log('[' . $admin['username'] . ']: Password changed successfully', 'Admin', $admin['id']); + + r2(U . 'admin'); + } else { + r2(U . 'settings/change-password', 'e', $_L['Incorrect_Current_Password']); } - }else{ - r2(U.'settings/change-password','e',$_L['Incorrect_Current_Password']); + } else { + r2(U . 'settings/change-password', 'e', $_L['Incorrect_Current_Password']); } - }else{ - r2(U.'settings/change-password','e',$_L['Incorrect_Current_Password']); + } else { + r2(U . 'settings/change-password', 'e', $_L['Incorrect_Current_Password']); } break; case 'dbstatus': - if($admin['user_type'] != 'Admin'){ - r2(U."dashboard",'e',$_L['Do_Not_Access']); - } - - $dbc = new mysqli($db_host,$db_user ,$db_password,$db_name); + if ($admin['user_type'] != 'Admin') { + r2(U . "dashboard", 'e', $_L['Do_Not_Access']); + } + + $dbc = new mysqli($db_host, $db_user, $db_password, $db_name); if ($result = $dbc->query('SHOW TABLE STATUS')) { $size = 0; $decimals = 2; $tables = array(); - while($row = $result->fetch_array()){ + while ($row = $result->fetch_array()) { $size += $row["Data_length"] + $row["Index_length"]; - $total_size = ($row[ "Data_length" ] + $row[ "Index_length" ]) / 1024; - $tables[$row['Name']]['size'] = number_format($total_size,'0'); - $tables[$row['Name']]['rows'] = $row[ "Rows" ]; - $tables[$row['Name']]['name'] = $row[ "Name" ]; + $total_size = ($row["Data_length"] + $row["Index_length"]) / 1024; + $tables[$row['Name']]['size'] = number_format($total_size, '0'); + $tables[$row['Name']]['rows'] = $row["Rows"]; + $tables[$row['Name']]['name'] = $row["Name"]; } - $mbytes = number_format($size/(1024*1024),$decimals,$config['dec_point'],$config['thousands_sep']); + $mbytes = number_format($size / (1024 * 1024), $decimals, $config['dec_point'], $config['thousands_sep']); - $ui->assign('tables',$tables); - $ui->assign('dbsize',$mbytes); - $ui->display('dbstatus.tpl'); + $ui->assign('tables', $tables); + $ui->assign('dbsize', $mbytes); + $ui->display('dbstatus.tpl'); } break; case 'dbbackup': - if($admin['user_type'] != 'Admin'){ - r2(U."dashboard",'e',$_L['Do_Not_Access']); - } - + if ($admin['user_type'] != 'Admin') { + r2(U . "dashboard", 'e', $_L['Do_Not_Access']); + } + try { - $mysqli = new mysqli($db_host,$db_user ,$db_password,$db_name); + $mysqli = new mysqli($db_host, $db_user, $db_password, $db_name); if ($mysqli->connect_errno) { throw new Exception("Failed to connect to MySQL: " . $mysqli->connect_error); } @@ -365,50 +366,49 @@ switch ($action) { header('Content-Type: application/force-download'); header('Content-Type: application/octet-stream'); header('Content-Type: application/download'); - header('Content-Disposition: attachment;filename="backup_'.date('Y-m-d_h_i_s') . '.sql"'); + header('Content-Disposition: attachment;filename="backup_' . date('Y-m-d_h_i_s') . '.sql"'); header('Content-Transfer-Encoding: binary'); ob_start(); $f_output = fopen("php://output", 'w'); print("-- pjl SQL Dump\n"); - print("-- Server version:".$mysqli->server_info."\n"); - print("-- Generated: ".date('Y-m-d h:i:s')."\n"); - print('-- Current PHP version: '.phpversion()."\n"); - print('-- Host: '.$db_host."\n"); - print('-- Database:'.$db_name."\n"); + print("-- Server version:" . $mysqli->server_info . "\n"); + print("-- Generated: " . date('Y-m-d h:i:s') . "\n"); + print('-- Current PHP version: ' . phpversion() . "\n"); + print('-- Host: ' . $db_host . "\n"); + print('-- Database:' . $db_name . "\n"); $aTables = array(); $strSQL = 'SHOW TABLES'; if (!$res_tables = $mysqli->query($strSQL)) - throw new Exception("MySQL Error: " . $mysqli->error . 'SQL: '.$strSQL); + throw new Exception("MySQL Error: " . $mysqli->error . 'SQL: ' . $strSQL); - while($row = $res_tables->fetch_array()) { + while ($row = $res_tables->fetch_array()) { $aTables[] = $row[0]; } - + $res_tables->free(); - foreach($aTables as $table) - { + foreach ($aTables as $table) { print("-- --------------------------------------------------------\n"); - print("-- Structure for '". $table."'\n"); + print("-- Structure for '" . $table . "'\n"); print("--\n\n"); - $strSQL = 'SHOW CREATE TABLE '.$table; + $strSQL = 'SHOW CREATE TABLE ' . $table; if (!$res_create = $mysqli->query($strSQL)) - throw new Exception("MySQL Error: " . $mysqli->error . 'SQL: '.$strSQL); + throw new Exception("MySQL Error: " . $mysqli->error . 'SQL: ' . $strSQL); $row_create = $res_create->fetch_assoc(); - print("\n".$row_create['Create Table'].";\n"); + print("\n" . $row_create['Create Table'] . ";\n"); print("-- --------------------------------------------------------\n"); - print('-- Dump Data for `'. $table."`\n"); + print('-- Dump Data for `' . $table . "`\n"); print("--\n\n"); $res_create->free(); - $strSQL = 'SELECT * FROM '.$table; + $strSQL = 'SELECT * FROM ' . $table; if (!$res_select = $mysqli->query($strSQL)) - throw new Exception("MySQL Error: " . $mysqli->error . 'SQL: '.$strSQL); + throw new Exception("MySQL Error: " . $mysqli->error . 'SQL: ' . $strSQL); $fields_info = $res_select->fetch_fields(); @@ -417,18 +417,17 @@ switch ($action) { $strValues = ''; foreach ($fields_info as $field) { if ($strFields != '') $strFields .= ','; - $strFields .= "`".$field->name."`"; + $strFields .= "`" . $field->name . "`"; if ($strValues != '') $strValues .= ','; - $strValues .= '"'.preg_replace('/[^(\x20-\x7F)\x0A]*/','',$values[$field->name].'"'); + $strValues .= '"' . preg_replace('/[^(\x20-\x7F)\x0A]*/', '', $values[$field->name] . '"'); } - print("INSERT INTO ".$table." (".$strFields.") VALUES (".$strValues.");\n"); + print("INSERT INTO " . $table . " (" . $strFields . ") VALUES (" . $strValues . ");\n"); } print("\n\n\n"); $res_select->free(); } - _log('['.$admin['username'].']: '.$_L['Download_Database_Backup'],'Admin',$admin['id']); - + _log('[' . $admin['username'] . ']: ' . $_L['Download_Database_Backup'], 'Admin', $admin['id']); } catch (Exception $e) { print($e->getMessage()); } @@ -438,41 +437,41 @@ switch ($action) { $mysqli->close(); break; - + case 'language': - if($admin['user_type'] != 'Admin'){ - r2(U."dashboard",'e',$_L['Do_Not_Access']); - } - + if ($admin['user_type'] != 'Admin') { + r2(U . "dashboard", 'e', $_L['Do_Not_Access']); + } + $ui->display('language-add.tpl'); break; - + case 'lang-post': $name = _post('name'); $folder = _post('folder'); - $translator = _post('translator'); - - if ($name == '' OR $folder == ''){ - $msg .= $_L['All_field_is_required']. '
'; - } - - $d = ORM::for_table('tbl_language')->where('name',$name)->find_one(); - if($d){ - $msg .= $_L['Lang_already_exist']. '
'; + $translator = _post('translator'); + + if ($name == '' or $folder == '') { + $msg .= $_L['All_field_is_required'] . '
'; } - if($msg == ''){ - $b = ORM::for_table('tbl_language')->create(); + + $d = ORM::for_table('tbl_language')->where('name', $name)->find_one(); + if ($d) { + $msg .= $_L['Lang_already_exist'] . '
'; + } + if ($msg == '') { + $b = ORM::for_table('tbl_language')->create(); $b->name = $name; $b->folder = $folder; - $b->author = $translator; + $b->author = $translator; $b->save(); - - r2(U . 'settings/localisation', 's', $_L['Created_Successfully']); - }else{ + + r2(U . 'settings/localisation', 's', $_L['Created_Successfully']); + } else { r2(U . 'settings/language', 'e', $msg); } break; - + default: echo 'action not defined'; -} \ No newline at end of file +}