kevinowino869/mitrobill
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhancement

Browse Source 
Add coupon unlimited usage 0 is unlimited
Add more logic to coupon brute force attack
This commit is contained in:
Focuslinkstech 2024-12-17 19:59:04 +01:00
parent 8a36746a0f
commit 67a097fddf
3 changed files with 24 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
system/controllers/order.php
View File

@ -413,14 +413,23 @@ switch ($action) {
if (!isset($_SESSION['coupon_attempts'])) { if (!isset($_SESSION['coupon_attempts'])) {
$_SESSION['coupon_attempts'] = 0; $_SESSION['coupon_attempts'] = 0;
$_SESSION['last_attempt_time'] = time();
} }
if ($_SESSION['coupon_attempts'] >= 5) { if ($_SESSION['coupon_attempts'] >= 5) {
r2($_SERVER['HTTP_REFERER'], 'e', Lang::T("Too many invalid attempts. Please try again later.")); $timeout = 10 * 60; // 10 minutes in seconds
$time_diff = time() - $_SESSION['last_attempt_time'];
if ($time_diff >= $timeout) {
$_SESSION['coupon_attempts'] = 0;
$_SESSION['last_attempt_time'] = time();
} else {
$remaining_time = ceil(($timeout - $time_diff) / 60);
r2($_SERVER['HTTP_REFERER'], 'e', Lang::T("Too many invalid attempts. Please try again after $remaining_time minutes."));
}
} }
if (_post('coupon')) { if (_post('coupon')) {
if ($plan['routers'] === 'balance') { if ($plan['routers'] === 'balance') {
r2($_SERVER['HTTP_REFERER'], 'e', Lang::T("Coupon not available for Balance")); r2($_SERVER['HTTP_REFERER'], 'e', Lang::T("Coupon not available for Balance"));
} }
@ -429,32 +438,36 @@ switch ($action) {
if (!$coupon) { if (!$coupon) {
$_SESSION['coupon_attempts']++; $_SESSION['coupon_attempts']++;
$_SESSION['last_attempt_time'] = time();
r2($_SERVER['HTTP_REFERER'], 'e', Lang::T("Coupon not found")); r2($_SERVER['HTTP_REFERER'], 'e', Lang::T("Coupon not found"));
} }
if ($coupon['status'] != 'active') { if ($coupon['status'] != 'active') {
$_SESSION['coupon_attempts']++; $_SESSION['coupon_attempts']++;
$_SESSION['last_attempt_time'] = time();
r2($_SERVER['HTTP_REFERER'], 'e', Lang::T("Coupon is not active")); r2($_SERVER['HTTP_REFERER'], 'e', Lang::T("Coupon is not active"));
} }
// Reset attempts after a successful coupon validation
$_SESSION['coupon_attempts'] = 0;
$_SESSION['last_attempt_time'] = time();
$today = date('Y-m-d'); $today = date('Y-m-d');
if ($today < $coupon['start_date'] || $today > $coupon['end_date']) { if ($today < $coupon['start_date'] || $today > $coupon['end_date']) {
$_SESSION['coupon_attempts']++; $_SESSION['coupon_attempts']++;
r2($_SERVER['HTTP_REFERER'], 'e', Lang::T("Coupon is not valid for today")); r2($_SERVER['HTTP_REFERER'], 'e', Lang::T("Coupon is not valid for today"));
} }
if ($coupon['usage_count'] >= $coupon['max_usage']) { if ($coupon['max_usage'] > 0 && $coupon['usage_count'] >= $coupon['max_usage']) {
$_SESSION['coupon_attempts']++; $_SESSION['coupon_attempts']++;
r2($_SERVER['HTTP_REFERER'], 'e', Lang::T("Coupon usage limit reached")); r2($_SERVER['HTTP_REFERER'], 'e', Lang::T("Coupon usage limit reached"));
} }
if ($plan['price'] < $coupon['min_order_amount']) { if ($plan['price'] < $coupon['min_order_amount']) {
$_SESSION['coupon_attempts']++; $_SESSION['coupon_attempts']++;
r2($_SERVER['HTTP_REFERER'], 'e', Lang::T("The order amount does not meet the minimum requirement for this coupon")); r2($_SERVER['HTTP_REFERER'], 'e', Lang::T("The order amount does not meet the minimum requirement for this coupon"));
} }
$_SESSION['coupon_attempts'] = 0;
// Calculate discount value // Calculate discount value
$discount = 0; $discount = 0;
switch ($coupon['type']) { switch ($coupon['type']) {
@ -477,6 +490,7 @@ switch ($action) {
$plan['price'] -= $discount; $plan['price'] -= $discount;
$coupon->usage_count = $coupon['usage_count'] + 1; $coupon->usage_count = $coupon['usage_count'] + 1;
$coupon->save(); $coupon->save();
$ui->assign('discount', $discount); $ui->assign('discount', $discount);
$ui->assign('notify', Lang::T("Coupon applied successfully. You saved " . Lang::moneyFormat($discount))); $ui->assign('notify', Lang::T("Coupon applied successfully. You saved " . Lang::moneyFormat($discount)));
$ui->assign('notify_t', 's'); $ui->assign('notify_t', 's');

4
ui/ui/coupons-add.tpl
View File

@ -56,8 +56,8 @@
<div class="form-group"> <div class="form-group">
<label class="col-md-2 control-label">{Lang::T('Max Usage')}</label> <label class="col-md-2 control-label">{Lang::T('Max Usage')}</label>
<div class="col-md-6"> <div class="col-md-6">
<input type="number" class="form-control" name="max_usage" min="1" required> <input type="number" class="form-control" name="max_usage" value="0" required>
<p class="help-block"><small>{Lang::T('Maximum number of times this coupon can be used')}</small></p> <p class="help-block"><small>{Lang::T('Maximum number of times this coupon can be used 0 is Unlimited')}</small></p>
</div> </div>
</div> </div>

5
ui/ui/coupons-edit.tpl
View File

@ -56,9 +56,8 @@
<div class="form-group"> <div class="form-group">
<label class="col-md-2 control-label">{Lang::T('Max Usage')}</label> <label class="col-md-2 control-label">{Lang::T('Max Usage')}</label>
<div class="col-md-6"> <div class="col-md-6">
<input type="number" class="form-control" name="max_usage" min="1" required value="{$coupon['max_usage']}"> <input type="number" class="form-control" name="max_usage" required value="{$coupon['max_usage']}">
<p class="help-block"><small>{Lang::T('Maximum number of times this coupon can be <p class="help-block"><small>{Lang::T('Maximum number of times this coupon can be used 0 is Unlimited')}</small></p>
used')}</small></p>
</div> </div>
</div> </div>