Merge branch 'master' into Development
This commit is contained in:
iBNu Maksum
commit
7614422bd8
@ -25,6 +25,10 @@ switch ($action) {
|
|||||||
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
|
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
|
||||||
_alert(Lang::T('You do not have permission to access this page'), 'danger', "dashboard");
|
_alert(Lang::T('You do not have permission to access this page'), 'danger', "dashboard");
|
||||||
}
|
}
|
||||||
|
$csrf_token = _req('token');
|
||||||
|
if (!Csrf::check($csrf_token)) {
|
||||||
|
r2(U . 'customers', 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
|
||||||
|
}
|
||||||
|
|
||||||
$cs = ORM::for_table('tbl_customers')
|
$cs = ORM::for_table('tbl_customers')
|
||||||
->select('tbl_customers.id', 'id')
|
->select('tbl_customers.id', 'id')
|
||||||
@ -153,6 +157,7 @@ switch ($action) {
|
|||||||
}
|
}
|
||||||
$ui->assign('xheader', $leafletpickerHeader);
|
$ui->assign('xheader', $leafletpickerHeader);
|
||||||
run_hook('view_add_customer'); #HOOK
|
run_hook('view_add_customer'); #HOOK
|
||||||
|
$ui->assign('csrf_token', Csrf::generateAndStoreToken());
|
||||||
$ui->display('customers-add.tpl');
|
$ui->display('customers-add.tpl');
|
||||||
break;
|
break;
|
||||||
case 'recharge':
|
case 'recharge':
|
||||||
@ -161,6 +166,10 @@ switch ($action) {
|
|||||||
}
|
}
|
||||||
$id_customer = $routes['2'];
|
$id_customer = $routes['2'];
|
||||||
$plan_id = $routes['3'];
|
$plan_id = $routes['3'];
|
||||||
|
$csrf_token = _req('token');
|
||||||
|
if (!Csrf::check($csrf_token)) {
|
||||||
|
r2(U . 'customers/view/' . $id_customer, 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
|
||||||
|
}
|
||||||
$b = ORM::for_table('tbl_user_recharges')->where('customer_id', $id_customer)->where('plan_id', $plan_id)->find_one();
|
$b = ORM::for_table('tbl_user_recharges')->where('customer_id', $id_customer)->where('plan_id', $plan_id)->find_one();
|
||||||
if ($b) {
|
if ($b) {
|
||||||
$gateway = 'Recharge';
|
$gateway = 'Recharge';
|
||||||
@ -199,6 +208,7 @@ switch ($action) {
|
|||||||
$ui->assign('channel', $channel);
|
$ui->assign('channel', $channel);
|
||||||
$ui->assign('server', $b['routers']);
|
$ui->assign('server', $b['routers']);
|
||||||
$ui->assign('plan', $plan);
|
$ui->assign('plan', $plan);
|
||||||
|
$ui->assign('csrf_token', Csrf::generateAndStoreToken());
|
||||||
$ui->display('recharge-confirm.tpl');
|
$ui->display('recharge-confirm.tpl');
|
||||||
} else {
|
} else {
|
||||||
r2(U . 'customers/view/' . $id_customer, 'e', 'Cannot find active plan');
|
r2(U . 'customers/view/' . $id_customer, 'e', 'Cannot find active plan');
|
||||||
@ -210,6 +220,10 @@ switch ($action) {
|
|||||||
}
|
}
|
||||||
$id_customer = $routes['2'];
|
$id_customer = $routes['2'];
|
||||||
$plan_id = $routes['3'];
|
$plan_id = $routes['3'];
|
||||||
|
$csrf_token = _req('token');
|
||||||
|
if (!Csrf::check($csrf_token)) {
|
||||||
|
r2(U . 'customers/view/' . $id_customer, 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
|
||||||
|
}
|
||||||
$b = ORM::for_table('tbl_user_recharges')->where('customer_id', $id_customer)->where('plan_id', $plan_id)->find_one();
|
$b = ORM::for_table('tbl_user_recharges')->where('customer_id', $id_customer)->where('plan_id', $plan_id)->find_one();
|
||||||
if ($b) {
|
if ($b) {
|
||||||
$p = ORM::for_table('tbl_plans')->where('id', $b['plan_id'])->find_one();
|
$p = ORM::for_table('tbl_plans')->where('id', $b['plan_id'])->find_one();
|
||||||
@ -238,6 +252,10 @@ switch ($action) {
|
|||||||
break;
|
break;
|
||||||
case 'sync':
|
case 'sync':
|
||||||
$id_customer = $routes['2'];
|
$id_customer = $routes['2'];
|
||||||
|
$csrf_token = _req('token');
|
||||||
|
if (!Csrf::check($csrf_token)) {
|
||||||
|
r2(U . 'customers/view/' . $id_customer, 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
|
||||||
|
}
|
||||||
$bs = ORM::for_table('tbl_user_recharges')->where('customer_id', $id_customer)->where('status', 'on')->findMany();
|
$bs = ORM::for_table('tbl_user_recharges')->where('customer_id', $id_customer)->where('status', 'on')->findMany();
|
||||||
if ($bs) {
|
if ($bs) {
|
||||||
$routers = [];
|
$routers = [];
|
||||||
@ -266,6 +284,10 @@ switch ($action) {
|
|||||||
_alert(Lang::T('You do not have permission to access this page'), 'danger', "dashboard");
|
_alert(Lang::T('You do not have permission to access this page'), 'danger', "dashboard");
|
||||||
}
|
}
|
||||||
$id = $routes['2'];
|
$id = $routes['2'];
|
||||||
|
$csrf_token = _req('token');
|
||||||
|
if (!Csrf::check($csrf_token)) {
|
||||||
|
r2(U . 'customers/view/' . $id, 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
|
||||||
|
}
|
||||||
$customer = ORM::for_table('tbl_customers')->find_one($id);
|
$customer = ORM::for_table('tbl_customers')->find_one($id);
|
||||||
if ($customer) {
|
if ($customer) {
|
||||||
$_SESSION['uid'] = $id;
|
$_SESSION['uid'] = $id;
|
||||||
@ -308,6 +330,7 @@ switch ($action) {
|
|||||||
$ui->assign('d', $customer);
|
$ui->assign('d', $customer);
|
||||||
$ui->assign('customFields', $customFields);
|
$ui->assign('customFields', $customFields);
|
||||||
$ui->assign('xheader', $leafletpickerHeader);
|
$ui->assign('xheader', $leafletpickerHeader);
|
||||||
|
$ui->assign('csrf_token', Csrf::generateAndStoreToken());
|
||||||
$ui->display('customers-view.tpl');
|
$ui->display('customers-view.tpl');
|
||||||
} else {
|
} else {
|
||||||
r2(U . 'customers/list', 'e', Lang::T('Account Not Found'));
|
r2(U . 'customers/list', 'e', Lang::T('Account Not Found'));
|
||||||
@ -318,6 +341,10 @@ switch ($action) {
|
|||||||
_alert(Lang::T('You do not have permission to access this page'), 'danger', "dashboard");
|
_alert(Lang::T('You do not have permission to access this page'), 'danger', "dashboard");
|
||||||
}
|
}
|
||||||
$id = $routes['2'];
|
$id = $routes['2'];
|
||||||
|
$csrf_token = _req('token');
|
||||||
|
if (!Csrf::check($csrf_token)) {
|
||||||
|
r2(U . 'customers/view/' . $id, 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
|
||||||
|
}
|
||||||
run_hook('edit_customer'); #HOOK
|
run_hook('edit_customer'); #HOOK
|
||||||
$d = ORM::for_table('tbl_customers')->find_one($id);
|
$d = ORM::for_table('tbl_customers')->find_one($id);
|
||||||
// Fetch the Customers Attributes values from the tbl_customers_fields table
|
// Fetch the Customers Attributes values from the tbl_customers_fields table
|
||||||
@ -329,6 +356,7 @@ switch ($action) {
|
|||||||
$ui->assign('statuses', ORM::for_table('tbl_customers')->getEnum("status"));
|
$ui->assign('statuses', ORM::for_table('tbl_customers')->getEnum("status"));
|
||||||
$ui->assign('customFields', $customFields);
|
$ui->assign('customFields', $customFields);
|
||||||
$ui->assign('xheader', $leafletpickerHeader);
|
$ui->assign('xheader', $leafletpickerHeader);
|
||||||
|
$ui->assign('csrf_token', Csrf::generateAndStoreToken());
|
||||||
$ui->display('customers-edit.tpl');
|
$ui->display('customers-edit.tpl');
|
||||||
} else {
|
} else {
|
||||||
r2(U . 'customers/list', 'e', Lang::T('Account Not Found'));
|
r2(U . 'customers/list', 'e', Lang::T('Account Not Found'));
|
||||||
@ -340,6 +368,10 @@ switch ($action) {
|
|||||||
_alert(Lang::T('You do not have permission to access this page'), 'danger', "dashboard");
|
_alert(Lang::T('You do not have permission to access this page'), 'danger', "dashboard");
|
||||||
}
|
}
|
||||||
$id = $routes['2'];
|
$id = $routes['2'];
|
||||||
|
$csrf_token = _req('token');
|
||||||
|
if (!Csrf::check($csrf_token)) {
|
||||||
|
r2(U . 'customers/view/' . $id, 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
|
||||||
|
}
|
||||||
run_hook('delete_customer'); #HOOK
|
run_hook('delete_customer'); #HOOK
|
||||||
$c = ORM::for_table('tbl_customers')->find_one($id);
|
$c = ORM::for_table('tbl_customers')->find_one($id);
|
||||||
if ($c) {
|
if ($c) {
|
||||||
@ -375,6 +407,11 @@ switch ($action) {
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case 'add-post':
|
case 'add-post':
|
||||||
|
|
||||||
|
$csrf_token = _post('csrf_token');
|
||||||
|
if (!Csrf::check($csrf_token)) {
|
||||||
|
r2(U . 'customers/add', 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
|
||||||
|
}
|
||||||
$username = alphanumeric(_post('username'), ":+_.@-");
|
$username = alphanumeric(_post('username'), ":+_.@-");
|
||||||
$fullname = _post('fullname');
|
$fullname = _post('fullname');
|
||||||
$password = trim(_post('password'));
|
$password = trim(_post('password'));
|
||||||
@ -499,6 +536,11 @@ switch ($action) {
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case 'edit-post':
|
case 'edit-post':
|
||||||
|
$id = _post('id');
|
||||||
|
$csrf_token = _post('csrf_token');
|
||||||
|
if (!Csrf::check($csrf_token)) {
|
||||||
|
r2(U . 'customers/edit/' . $id, 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
|
||||||
|
}
|
||||||
$username = alphanumeric(_post('username'), ":+_.@-");
|
$username = alphanumeric(_post('username'), ":+_.@-");
|
||||||
$fullname = _post('fullname');
|
$fullname = _post('fullname');
|
||||||
$account_type = _post('account_type');
|
$account_type = _post('account_type');
|
||||||
@ -526,7 +568,6 @@ switch ($action) {
|
|||||||
$msg .= 'Full Name should be between 2 to 25 characters' . '<br>';
|
$msg .= 'Full Name should be between 2 to 25 characters' . '<br>';
|
||||||
}
|
}
|
||||||
|
|
||||||
$id = _post('id');
|
|
||||||
$c = ORM::for_table('tbl_customers')->find_one($id);
|
$c = ORM::for_table('tbl_customers')->find_one($id);
|
||||||
|
|
||||||
if (!$c) {
|
if (!$c) {
|
||||||
@ -715,6 +756,10 @@ switch ($action) {
|
|||||||
$query->order_by_desc($order);
|
$query->order_by_desc($order);
|
||||||
}
|
}
|
||||||
if (_post('export', '') == 'csv') {
|
if (_post('export', '') == 'csv') {
|
||||||
|
$csrf_token = _post('csrf_token');
|
||||||
|
if (!Csrf::check($csrf_token)) {
|
||||||
|
r2(U . 'customers', 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
|
||||||
|
}
|
||||||
$d = $query->findMany();
|
$d = $query->findMany();
|
||||||
$h = false;
|
$h = false;
|
||||||
set_time_limit(-1);
|
set_time_limit(-1);
|
||||||
@ -764,6 +809,7 @@ switch ($action) {
|
|||||||
$ui->assign('order', $order);
|
$ui->assign('order', $order);
|
||||||
$ui->assign('order_pos', $order_pos[$order]);
|
$ui->assign('order_pos', $order_pos[$order]);
|
||||||
$ui->assign('orderby', $orderby);
|
$ui->assign('orderby', $orderby);
|
||||||
|
$ui->assign('csrf_token', Csrf::generateAndStoreToken());
|
||||||
$ui->display('customers.tpl');
|
$ui->display('customers.tpl');
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,6 +1,7 @@
|
|||||||
{include file="sections/header.tpl"}
|
{include file="sections/header.tpl"}
|
||||||
|
|
||||||
<form class="form-horizontal" method="post" role="form" action="{$_url}customers/add-post">
|
<form class="form-horizontal" method="post" role="form" action="{$_url}customers/add-post">
|
||||||
|
<input type="hidden" name="csrf_token" value="{$csrf_token}">
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-md-6">
|
<div class="col-md-6">
|
||||||
<div class="panel panel-primary panel-hovered panel-stacked mb30">
|
<div class="panel panel-primary panel-hovered panel-stacked mb30">
|
||||||
|
|||||||
@ -1,6 +1,7 @@
|
|||||||
{include file="sections/header.tpl"}
|
{include file="sections/header.tpl"}
|
||||||
|
|
||||||
<form class="form-horizontal" method="post" role="form" action="{$_url}customers/edit-post">
|
<form class="form-horizontal" method="post" role="form" action="{$_url}customers/edit-post">
|
||||||
|
<input type="hidden" name="csrf_token" value="{$csrf_token}">
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-md-6">
|
<div class="col-md-6">
|
||||||
<div
|
<div
|
||||||
|
|||||||
@ -111,12 +111,12 @@
|
|||||||
</ul>
|
</ul>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-xs-4">
|
<div class="col-xs-4">
|
||||||
<a href="{$_url}customers/delete/{$d['id']}" id="{$d['id']}"
|
<a href="{$_url}customers/delete/{$d['id']}&token={$csrf_token}" id="{$d['id']}"
|
||||||
class="btn btn-danger btn-block btn-sm"
|
class="btn btn-danger btn-block btn-sm"
|
||||||
onclick="return confirm('{Lang::T('Delete')}?')"><span class="fa fa-trash"></span></a>
|
onclick="return confirm('{Lang::T('Delete')}?')"><span class="fa fa-trash"></span></a>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-xs-8">
|
<div class="col-xs-8">
|
||||||
<a href="{$_url}customers/edit/{$d['id']}"
|
<a href="{$_url}customers/edit/{$d['id']}&token={$csrf_token}"
|
||||||
class="btn btn-warning btn-sm btn-block">{Lang::T('Edit')}</a>
|
class="btn btn-warning btn-sm btn-block">{Lang::T('Edit')}</a>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@ -239,12 +239,12 @@
|
|||||||
</ul>
|
</ul>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-xs-4">
|
<div class="col-xs-4">
|
||||||
<a href="{$_url}customers/deactivate/{$d['id']}/{$package['plan_id']}" id="{$d['id']}"
|
<a href="{$_url}customers/deactivate/{$d['id']}/{$package['plan_id']}&token={$csrf_token}" id="{$d['id']}"
|
||||||
class="btn btn-danger btn-block btn-sm"
|
class="btn btn-danger btn-block btn-sm"
|
||||||
onclick="return confirm('This will deactivate Customer Plan, and make it expired')">{Lang::T('Deactivate')}</a>
|
onclick="return confirm('This will deactivate Customer Plan, and make it expired')">{Lang::T('Deactivate')}</a>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-xs-8">
|
<div class="col-xs-8">
|
||||||
<a href="{$_url}customers/recharge/{$d['id']}/{$package['plan_id']}"
|
<a href="{$_url}customers/recharge/{$d['id']}/{$package['plan_id']}&token={$csrf_token}"
|
||||||
class="btn btn-success btn-sm btn-block">{Lang::T('Recharge')}</a>
|
class="btn btn-success btn-sm btn-block">{Lang::T('Recharge')}</a>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@ -261,16 +261,16 @@
|
|||||||
<a href="{$_url}customers/list" class="btn btn-primary btn-sm btn-block">{Lang::T('Back')}</a>
|
<a href="{$_url}customers/list" class="btn btn-primary btn-sm btn-block">{Lang::T('Back')}</a>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-xs-6 col-md-3">
|
<div class="col-xs-6 col-md-3">
|
||||||
<a href="{$_url}customers/sync/{$d['id']}" onclick="return confirm('This will sync Customer to Mikrotik?')"
|
<a href="{$_url}customers/sync/{$d['id']}&token={$csrf_token}" onclick="return confirm('This will sync Customer to Mikrotik?')"
|
||||||
class="btn btn-info btn-sm btn-block">{Lang::T('Sync')}</a>
|
class="btn btn-info btn-sm btn-block">{Lang::T('Sync')}</a>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-xs-6 col-md-3">
|
<div class="col-xs-6 col-md-3">
|
||||||
<a href="{$_url}message/send/{$d['id']}" class="btn btn-success btn-sm btn-block">
|
<a href="{$_url}message/send/{$d['id']}&token={$csrf_token}" class="btn btn-success btn-sm btn-block">
|
||||||
{Lang::T('Send Message')}
|
{Lang::T('Send Message')}
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-xs-6 col-md-3">
|
<div class="col-xs-6 col-md-3">
|
||||||
<a href="{$_url}customers/login/{$d['id']}" target="_blank" class="btn btn-warning btn-sm btn-block">
|
<a href="{$_url}customers/login/{$d['id']}&token={$csrf_token}" target="_blank" class="btn btn-warning btn-sm btn-block">
|
||||||
{Lang::T('Login as Customer')}
|
{Lang::T('Login as Customer')}
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
@ -17,7 +17,7 @@
|
|||||||
<div class="panel-heading">
|
<div class="panel-heading">
|
||||||
{if in_array($_admin['user_type'],['SuperAdmin','Admin'])}
|
{if in_array($_admin['user_type'],['SuperAdmin','Admin'])}
|
||||||
<div class="btn-group pull-right">
|
<div class="btn-group pull-right">
|
||||||
<a class="btn btn-primary btn-xs" title="save" href="{$_url}customers/csv"
|
<a class="btn btn-primary btn-xs" title="save" href="{$_url}customers/csv&token={$csrf_token}"
|
||||||
onclick="return confirm('This will export to CSV?')"><span class="glyphicon glyphicon-download"
|
onclick="return confirm('This will export to CSV?')"><span class="glyphicon glyphicon-download"
|
||||||
aria-hidden="true"></span> CSV</a>
|
aria-hidden="true"></span> CSV</a>
|
||||||
</div>
|
</div>
|
||||||
@ -26,6 +26,7 @@
|
|||||||
</div>
|
</div>
|
||||||
<div class="panel-body">
|
<div class="panel-body">
|
||||||
<form id="site-search" method="post" action="{$_url}customers">
|
<form id="site-search" method="post" action="{$_url}customers">
|
||||||
|
<input type="hidden" name="csrf_token" value="{$csrf_token}">
|
||||||
<div class="md-whiteframe-z1 mb20 text-center" style="padding: 15px">
|
<div class="md-whiteframe-z1 mb20 text-center" style="padding: 15px">
|
||||||
<div class="col-lg-4">
|
<div class="col-lg-4">
|
||||||
<div class="input-group">
|
<div class="input-group">
|
||||||
@ -147,13 +148,13 @@
|
|||||||
<a href="{$_url}customers/view/{$ds['id']}" id="{$ds['id']}"
|
<a href="{$_url}customers/view/{$ds['id']}" id="{$ds['id']}"
|
||||||
style="margin: 0px; color:black"
|
style="margin: 0px; color:black"
|
||||||
class="btn btn-success btn-xs"> {Lang::T('View')} </a>
|
class="btn btn-success btn-xs"> {Lang::T('View')} </a>
|
||||||
<a href="{$_url}customers/edit/{$ds['id']}" id="{$ds['id']}"
|
<a href="{$_url}customers/edit/{$ds['id']}&token={$csrf_token}" id="{$ds['id']}"
|
||||||
style="margin: 0px; color:black"
|
style="margin: 0px; color:black"
|
||||||
class="btn btn-info btn-xs"> {Lang::T('Edit')} </a>
|
class="btn btn-info btn-xs"> {Lang::T('Edit')} </a>
|
||||||
<a href="{$_url}customers/sync/{$ds['id']}" id="{$ds['id']}"
|
<a href="{$_url}customers/sync/{$ds['id']}&token={$csrf_token}" id="{$ds['id']}"
|
||||||
style="margin: 5px; color:black"
|
style="margin: 5px; color:black"
|
||||||
class="btn btn-success btn-xs"> {Lang::T('Sync')} </a>
|
class="btn btn-success btn-xs"> {Lang::T('Sync')} </a>
|
||||||
<a href="{$_url}plan/recharge/{$ds['id']}" id="{$ds['id']}" style="margin: 0px;"
|
<a href="{$_url}plan/recharge/{$ds['id']}&token={$csrf_token}" id="{$ds['id']}" style="margin: 0px;"
|
||||||
class="btn btn-primary btn-xs">{Lang::T('Recharge')}</a>
|
class="btn btn-primary btn-xs">{Lang::T('Recharge')}</a>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
|||||||
@ -185,8 +185,6 @@
|
|||||||
color: #a94442;
|
color: #a94442;
|
||||||
background-color: #f2dede;
|
background-color: #f2dede;
|
||||||
border-color: #ebccd1;
|
border-color: #ebccd1;
|
||||||
border-bottom-right-radius: 21px;
|
|
||||||
border-bottom-left-radius: 21px;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
.panel-heading {
|
.panel-heading {
|
||||||
@ -278,6 +276,10 @@
|
|||||||
font-weight: bold;
|
font-weight: bold;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
.box.box-solid.box-primary > .box-header .btn {
|
||||||
|
color: inherit;
|
||||||
|
}
|
||||||
|
|
||||||
.box-header>.fa,
|
.box-header>.fa,
|
||||||
.box-header>.glyphicon,
|
.box-header>.glyphicon,
|
||||||
.box-header>.ion,
|
.box-header>.ion,
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user