kevinowino869/mitrobill
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Prevent double submit for recharge and renew

Browse Source
This commit is contained in:
Ibnu Maksum 2024-04-04 15:27:13 +07:00
parent eba6048abf
commit 71437b9a0e
No known key found for this signature in database
GPG Key ID: 7FC82848810579E5
8 changed files with 69 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -6,6 +6,7 @@
- Data Tables for Customers List by @Focuslinkstech
- Add Bills to Reminder
- Prevent double submit for recharge and renew
## 2024.4.3

16
system/autoload/App.php
View File

@ -10,4 +10,20 @@ class App{
return true;
}
public static function getToken(){
return md5(microtime());
}
public static function setToken($token, $value){
$_SESSION[$token] = $value;
}
public static function getTokenValue($key){
if(isset($_SESSION[$key])){
return $_SESSION[$key];
}else{
return "";
}
}
}

8
system/controllers/home.php
View File

@ -91,6 +91,10 @@ if (_post('send') == 'balance') {
$ui->assign('_bills', User::_billing());
if (isset($_GET['recharge']) && !empty($_GET['recharge'])) {
if(!empty(App::getTokenValue($_GET['stoken']))){
r2(U . "voucher/invoice/");
die();
}
$bill = ORM::for_table('tbl_user_recharges')->where('id', $_GET['recharge'])->where('username', $user['username'])->findOne();
if ($bill) {
$router = ORM::for_table('tbl_routers')->where('name', $bill['routers'])->find_one();
@ -100,9 +104,9 @@ if (isset($_GET['recharge']) && !empty($_GET['recharge'])) {
r2(U . "home", 'e', 'Plan is not exists');
}
if ($user['balance'] > $plan['price']) {
r2(U . "order/pay/$router[id]/$bill[plan_id]", 'e', 'Order Plan');
r2(U . "order/pay/$router[id]/$bill[plan_id]&stoken=".$_GET['stoken']);
} else {
r2(U . "order/buy/$router[id]/$bill[plan_id]", 'e', 'Order Plan');
r2(U . "order/buy/$router[id]/$bill[plan_id]");
}
} else {
r2(U . "order/buy/$router[id]/$bill[plan_id]", 'e', 'Order Plan');

41
system/controllers/order.php
View File

@ -43,10 +43,10 @@ switch ($action) {
$ui->assign('_title', 'Order Plan');
$ui->assign('_system_menu', 'package');
$account_type = $user['account_type'];
if(empty($account_type)){
if (empty($account_type)) {
$account_type = 'Personal';
}
if (!empty ($_SESSION['nux-router'])) {
if (!empty($_SESSION['nux-router'])) {
if ($_SESSION['nux-router'] == 'radius') {
$radius_pppoe = ORM::for_table('tbl_plans')->where('plan_type', $account_type)->where('enabled', '1')->where('is_radius', 1)->where('type', 'PPPOE')->where('prepaid', 'yes')->find_many();
$radius_hotspot = ORM::for_table('tbl_plans')->where('plan_type', $account_type)->where('enabled', '1')->where('is_radius', 1)->where('type', 'Hotspot')->where('prepaid', 'yes')->find_many();
@ -83,7 +83,7 @@ switch ($action) {
run_hook('custome
r_find_unpaid'); #HOOK
if ($d) {
if (empty ($d['pg_url_payment'])) {
if (empty($d['pg_url_payment'])) {
r2(U . "order/buy/" . $trx['routers_id'] . '/' . $trx['plan_id'], 'w', Lang::T("Checking payment"));
} else {
r2(U . "order/view/" . $d['id'] . '/check/', 's', Lang::T("You have unpaid transaction"));
@ -99,11 +99,11 @@ switch ($action) {
->find_one($trxid);
run_hook('customer_view_payment'); #HOOK
// jika tidak ditemukan, berarti punya orang lain
if (empty ($trx)) {
if (empty($trx)) {
r2(U . "order/package", 'w', Lang::T("Payment not found"));
}
// jika url kosong, balikin ke buy, kecuali cancel
if (empty ($trx['pg_url_payment']) && $routes['3'] != 'cancel') {
if (empty($trx['pg_url_payment']) && $routes['3'] != 'cancel') {
r2(U . "order/buy/" . (($trx['routers_id'] == 0) ? $trx['routers'] : $trx['routers_id']) . '/' . $trx['plan_id'], 'w', Lang::T("Checking payment"));
}
if ($routes['3'] == 'check') {
@ -124,7 +124,7 @@ switch ($action) {
->where('username', $user['username'])
->find_one($trxid);
}
if (empty ($trx)) {
if (empty($trx)) {
r2(U . "order/package", 'e', Lang::T("Transaction Not found"));
}
$router = Mikrotik::info($trx['routers']);
@ -144,8 +144,12 @@ switch ($action) {
if ($config['enable_balance'] != 'yes') {
r2(U . "order/package", 'e', Lang::T("Balance not enabled"));
}
if (!empty(App::getTokenValue($_GET['stoken']))) {
r2(U . "voucher/invoice/");
die();
}
$plan = ORM::for_table('tbl_plans')->where('enabled', '1')->find_one($routes['3']);
if (empty ($plan)) {
if (empty($plan)) {
r2(U . "order/package", 'e', Lang::T("Plan Not found"));
}
if (!$plan['enabled']) {
@ -161,6 +165,7 @@ switch ($action) {
if (Package::rechargeUser($user['id'], $router_name, $plan['id'], 'Customer', 'Balance')) {
// if success, then get the balance
Balance::min($user['id'], $plan['price'] + $add_cost);
App::setToken($_GET['stoken'], "success");
r2(U . "voucher/invoice/", 's', Lang::T("Success to buy package"));
} else {
r2(U . "order/package", 'e', Lang::T("Failed to buy package"));
@ -179,7 +184,7 @@ switch ($action) {
$ui->assign('_title', Lang::T('Buy for friend'));
$ui->assign('_system_menu', 'package');
$plan = ORM::for_table('tbl_plans')->find_one($routes['3']);
if (empty ($plan)) {
if (empty($plan)) {
r2(U . "order/package", 'e', Lang::T("Plan Not found"));
}
if (!$plan['enabled']) {
@ -190,10 +195,10 @@ switch ($action) {
} else {
$router_name = $plan['routers'];
}
if (isset ($_POST['send']) && $_POST['send'] == 'plan') {
if (isset($_POST['send']) && $_POST['send'] == 'plan') {
$target = ORM::for_table('tbl_customers')->where('username', _post('username'))->find_one();
list($bills, $add_cost) = User::getBills($target['id']);
if (!empty ($add_cost)) {
if (!empty($add_cost)) {
$ui->assign('bills', $bills);
$ui->assign('add_cost', $add_cost);
$plan['price'] += $add_cost;
@ -288,7 +293,7 @@ switch ($action) {
$ui->display('user-selectGateway.tpl');
break;
} else {
if (empty ($pgs[0])) {
if (empty($pgs[0])) {
sendTelegram("Payment Gateway not set, please set it in Settings");
_log(Lang::T("Payment Gateway not set, please set it in Settings"));
r2(U . "home", 'e', Lang::T("Failed to create Transaction.."));
@ -298,12 +303,12 @@ switch ($action) {
}
case 'buy':
$gateway = _post('gateway');
if (empty ($gateway) && !empty ($_SESSION['gateway'])) {
if (empty($gateway) && !empty($_SESSION['gateway'])) {
$gateway = $_SESSION['gateway'];
} else if (!empty ($gateway)) {
} else if (!empty($gateway)) {
$_SESSION['gateway'] = $gateway;
}
if (empty ($gateway)) {
if (empty($gateway)) {
r2(U . 'order/gateway/' . $routes[2] . '/' . $routes[3], 'w', Lang::T("Please select Payment Gateway"));
}
run_hook('customer_buy_plan'); #HOOK
@ -320,7 +325,7 @@ switch ($action) {
$router['name'] = 'balance';
}
$plan = ORM::for_table('tbl_plans')->where('enabled', '1')->find_one($routes['3']);
if (empty ($router) || empty ($plan)) {
if (empty($router) || empty($plan)) {
r2(U . "order/package", 'e', Lang::T("Plan Not found"));
}
$d = ORM::for_table('tbl_payment_gateway')
@ -343,7 +348,7 @@ switch ($action) {
if ($router['name'] != 'balance') {
list($bills, $add_cost) = User::getBills($id_customer);
}
if (empty ($id)) {
if (empty($id)) {
$d = ORM::for_table('tbl_payment_gateway')->create();
$d->username = $user['username'];
$d->gateway = $gateway;
@ -354,7 +359,7 @@ switch ($action) {
if ($plan['validity_unit'] == 'Period') {
// Postpaid price from field
$add_inv = User::getAttribute("Invoice", $id_customer);
if (empty ($add_inv) or $add_inv == 0) {
if (empty($add_inv) or $add_inv == 0) {
$d->price = ($plan['price'] + $add_cost);
} else {
$d->price = ($add_inv + $add_cost);
@ -377,7 +382,7 @@ switch ($action) {
if ($plan['validity_unit'] == 'Period') {
// Postpaid price from field
$add_inv = User::getAttribute("Invoice", $id_customer);
if (empty ($add_inv) or $add_inv == 0) {
if (empty($add_inv) or $add_inv == 0) {
$d->price = ($plan['price'] + $add_cost);
} else {
$d->price = ($add_inv + $add_cost);

10
system/controllers/plan.php
View File

@ -147,6 +147,15 @@ switch ($action) {
$server = _post('server');
$planId = _post('plan');
$using = _post('using');
$stoken = _post('stoken');
if(!empty(App::getTokenValue($stoken))){
$username = App::getTokenValue($stoken);
$in = ORM::for_table('tbl_transactions')->where('username', $username)->order_by_desc('id')->find_one();
Package::createInvoice($in);
$ui->display('invoice.tpl');
die();
}
$msg = '';
if ($id_customer == '' or $server == '' or $planId == '' or $using == '') {
@ -182,6 +191,7 @@ switch ($action) {
}
$in = ORM::for_table('tbl_transactions')->where('username', $cust['username'])->order_by_desc('id')->find_one();
Package::createInvoice($in);
App::setToken($stoken, $cust['username']);
$ui->display('invoice.tpl');
_log('[' . $admin['username'] . ']: ' . 'Recharge ' . $cust['username'] . ' [' . $in['plan_name'] . '][' . Lang::moneyFormat($in['price']) . ']', $admin['user_type'], $admin['id']);
} else {

12
system/lan/indonesia.json
View File

@ -410,5 +410,15 @@
"Contact": "Kontak",
"Paid": "Dibayar",
"Personal": "Pribadi",
"Coordinates": "Koordinat"
"Coordinates": "Koordinat",
"Confirm": "Mengonfirmasi",
"Name": "Nama",
"Plan": "Paket",
"Using": "Menggunakan",
"Total": "Total",
"Additional_Cost": "Biaya tambahan",
"Resend": "Kirim ulang",
"Login": "Masuk",
"success": "Sukses",
"Click_Here": "Klik disini"
}

1
ui/ui/recharge-confirm.tpl
View File

@ -81,6 +81,7 @@
<input type="hidden" name="plan" value="{$plan['id']}">
<input type="hidden" name="server" value="{$server}">
<input type="hidden" name="using" value="{$using}">
<input type="hidden" name="stoken" value="{App::getToken()}">
<center>
<button class="btn btn-success" type="submit">{Lang::T('Recharge')}</button><br>
<a class="btn btn-link" href="{$_url}plan/recharge">{Lang::T('Cancel')}</a>

2
ui/ui/user-dashboard.tpl
View File

@ -183,7 +183,7 @@
{/if}
</td>
<td class="small row">
<a class="btn btn-primary pull-right btn-sm" href="{$_url}home&recharge={$_bill['id']}"
<a class="btn btn-primary pull-right btn-sm" href="{$_url}home&recharge={$_bill['id']}&stoken={App::getToken()}"
onclick="return confirm('{Lang::T('Recharge')}?')">{Lang::T('Recharge')}</a>
</td>
</tr>