kevinowino869/mitrobill
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Prevent double submit for recharge and renew

Browse Source
This commit is contained in:
Ibnu Maksum 2024-04-04 15:27:13 +07:00
parent eba6048abf
commit 71437b9a0e
No known key found for this signature in database
GPG Key ID: 7FC82848810579E5
8 changed files with 69 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -6,6 +6,7 @@
- Data Tables for Customers List by @Focuslinkstech - Data Tables for Customers List by @Focuslinkstech
- Add Bills to Reminder - Add Bills to Reminder
- Prevent double submit for recharge and renew
## 2024.4.3 ## 2024.4.3

16
system/autoload/App.php
View File

@ -10,4 +10,20 @@ class App{
return true; return true;
} }
public static function getToken(){
return md5(microtime());
}
public static function setToken($token, $value){
$_SESSION[$token] = $value;
}
public static function getTokenValue($key){
if(isset($_SESSION[$key])){
return $_SESSION[$key];
}else{
return "";
}
}
} }

8
system/controllers/home.php
View File

@ -91,6 +91,10 @@ if (_post('send') == 'balance') {
$ui->assign('_bills', User::_billing()); $ui->assign('_bills', User::_billing());
if (isset($_GET['recharge']) && !empty($_GET['recharge'])) { if (isset($_GET['recharge']) && !empty($_GET['recharge'])) {
if(!empty(App::getTokenValue($_GET['stoken']))){
r2(U . "voucher/invoice/");
die();
}
$bill = ORM::for_table('tbl_user_recharges')->where('id', $_GET['recharge'])->where('username', $user['username'])->findOne(); $bill = ORM::for_table('tbl_user_recharges')->where('id', $_GET['recharge'])->where('username', $user['username'])->findOne();
if ($bill) { if ($bill) {
$router = ORM::for_table('tbl_routers')->where('name', $bill['routers'])->find_one(); $router = ORM::for_table('tbl_routers')->where('name', $bill['routers'])->find_one();
@ -100,9 +104,9 @@ if (isset($_GET['recharge']) && !empty($_GET['recharge'])) {
r2(U . "home", 'e', 'Plan is not exists'); r2(U . "home", 'e', 'Plan is not exists');
} }
if ($user['balance'] > $plan['price']) { if ($user['balance'] > $plan['price']) {
r2(U . "order/pay/$router[id]/$bill[plan_id]", 'e', 'Order Plan'); r2(U . "order/pay/$router[id]/$bill[plan_id]&stoken=".$_GET['stoken']);
} else { } else {
r2(U . "order/buy/$router[id]/$bill[plan_id]", 'e', 'Order Plan'); r2(U . "order/buy/$router[id]/$bill[plan_id]");
} }
} else { } else {
r2(U . "order/buy/$router[id]/$bill[plan_id]", 'e', 'Order Plan'); r2(U . "order/buy/$router[id]/$bill[plan_id]", 'e', 'Order Plan');

5
system/controllers/order.php
View File

@ -144,6 +144,10 @@ switch ($action) {
if ($config['enable_balance'] != 'yes') { if ($config['enable_balance'] != 'yes') {
r2(U . "order/package", 'e', Lang::T("Balance not enabled")); r2(U . "order/package", 'e', Lang::T("Balance not enabled"));
} }
if (!empty(App::getTokenValue($_GET['stoken']))) {
r2(U . "voucher/invoice/");
die();
}
$plan = ORM::for_table('tbl_plans')->where('enabled', '1')->find_one($routes['3']); $plan = ORM::for_table('tbl_plans')->where('enabled', '1')->find_one($routes['3']);
if (empty($plan)) { if (empty($plan)) {
r2(U . "order/package", 'e', Lang::T("Plan Not found")); r2(U . "order/package", 'e', Lang::T("Plan Not found"));
@ -161,6 +165,7 @@ switch ($action) {
if (Package::rechargeUser($user['id'], $router_name, $plan['id'], 'Customer', 'Balance')) { if (Package::rechargeUser($user['id'], $router_name, $plan['id'], 'Customer', 'Balance')) {
// if success, then get the balance // if success, then get the balance
Balance::min($user['id'], $plan['price'] + $add_cost); Balance::min($user['id'], $plan['price'] + $add_cost);
App::setToken($_GET['stoken'], "success");
r2(U . "voucher/invoice/", 's', Lang::T("Success to buy package")); r2(U . "voucher/invoice/", 's', Lang::T("Success to buy package"));
} else { } else {
r2(U . "order/package", 'e', Lang::T("Failed to buy package")); r2(U . "order/package", 'e', Lang::T("Failed to buy package"));

10
system/controllers/plan.php
View File

@ -147,6 +147,15 @@ switch ($action) {
$server = _post('server'); $server = _post('server');
$planId = _post('plan'); $planId = _post('plan');
$using = _post('using'); $using = _post('using');
$stoken = _post('stoken');
if(!empty(App::getTokenValue($stoken))){
$username = App::getTokenValue($stoken);
$in = ORM::for_table('tbl_transactions')->where('username', $username)->order_by_desc('id')->find_one();
Package::createInvoice($in);
$ui->display('invoice.tpl');
die();
}
$msg = ''; $msg = '';
if ($id_customer == '' or $server == '' or $planId == '' or $using == '') { if ($id_customer == '' or $server == '' or $planId == '' or $using == '') {
@ -182,6 +191,7 @@ switch ($action) {
} }
$in = ORM::for_table('tbl_transactions')->where('username', $cust['username'])->order_by_desc('id')->find_one(); $in = ORM::for_table('tbl_transactions')->where('username', $cust['username'])->order_by_desc('id')->find_one();
Package::createInvoice($in); Package::createInvoice($in);
App::setToken($stoken, $cust['username']);
$ui->display('invoice.tpl'); $ui->display('invoice.tpl');
_log('[' . $admin['username'] . ']: ' . 'Recharge ' . $cust['username'] . ' [' . $in['plan_name'] . '][' . Lang::moneyFormat($in['price']) . ']', $admin['user_type'], $admin['id']); _log('[' . $admin['username'] . ']: ' . 'Recharge ' . $cust['username'] . ' [' . $in['plan_name'] . '][' . Lang::moneyFormat($in['price']) . ']', $admin['user_type'], $admin['id']);
} else { } else {

12
system/lan/indonesia.json
View File

@ -410,5 +410,15 @@
"Contact": "Kontak", "Contact": "Kontak",
"Paid": "Dibayar", "Paid": "Dibayar",
"Personal": "Pribadi", "Personal": "Pribadi",
"Coordinates": "Koordinat" "Coordinates": "Koordinat",
"Confirm": "Mengonfirmasi",
"Name": "Nama",
"Plan": "Paket",
"Using": "Menggunakan",
"Total": "Total",
"Additional_Cost": "Biaya tambahan",
"Resend": "Kirim ulang",
"Login": "Masuk",
"success": "Sukses",
"Click_Here": "Klik disini"
} }

1
ui/ui/recharge-confirm.tpl
View File

@ -81,6 +81,7 @@
<input type="hidden" name="plan" value="{$plan['id']}"> <input type="hidden" name="plan" value="{$plan['id']}">
<input type="hidden" name="server" value="{$server}"> <input type="hidden" name="server" value="{$server}">
<input type="hidden" name="using" value="{$using}"> <input type="hidden" name="using" value="{$using}">
<input type="hidden" name="stoken" value="{App::getToken()}">
<center> <center>
<button class="btn btn-success" type="submit">{Lang::T('Recharge')}</button><br> <button class="btn btn-success" type="submit">{Lang::T('Recharge')}</button><br>
<a class="btn btn-link" href="{$_url}plan/recharge">{Lang::T('Cancel')}</a> <a class="btn btn-link" href="{$_url}plan/recharge">{Lang::T('Cancel')}</a>

2
ui/ui/user-dashboard.tpl
View File

@ -183,7 +183,7 @@
{/if} {/if}
</td> </td>
<td class="small row"> <td class="small row">
<a class="btn btn-primary pull-right btn-sm" href="{$_url}home&recharge={$_bill['id']}" <a class="btn btn-primary pull-right btn-sm" href="{$_url}home&recharge={$_bill['id']}&stoken={App::getToken()}"
onclick="return confirm('{Lang::T('Recharge')}?')">{Lang::T('Recharge')}</a> onclick="return confirm('{Lang::T('Recharge')}?')">{Lang::T('Recharge')}</a>
</td> </td>
</tr> </tr>