kevinowino869/mitrobill
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Admin Permisions

Browse Source
This commit is contained in:
Ibnu Maksum 2024-02-26 11:01:54 +07:00
parent 375403135e
commit a7502aa8fb
No known key found for this signature in database
GPG Key ID: 7FC82848810579E5
16 changed files with 150 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
init.php
View File

@ -41,7 +41,7 @@ spl_autoload_register('_autoloader');
if (!file_exists($root_path . 'config.php')) {
$root_path .= '..' . DIRECTORY_SEPARATOR;
if (!file_exists($root_path . 'config.php')) {
die("config.php file not found");
r2('install');
}
}
@ -54,6 +54,10 @@ if (!file_exists($root_path . File::pathFixer('system/uploads/notifications.defa
die($root_path . File::pathFixer("system/uploads/notifications.default.json file not found"));
}
$UPLOAD_PATH = $root_path . File::pathFixer('system/uploads');
$CACHE_PATH = $root_path . File::pathFixer('system/cache');
$PAGES_PATH = $root_path . File::pathFixer('pages');
require_once $root_path . 'config.php';
require_once $root_path . File::pathFixer('system/orm.php');
require_once $root_path . File::pathFixer('system/autoload/PEAR2/Autoload.php');
@ -110,7 +114,7 @@ if ((!empty($radius_user) && $config['radius_enable']) || _post('radius_enable')
if (empty($config['language'])) {
$config['language'] = 'english';
}
$lan_file = $root_path .File::pathFixer('system/lan/' . $config['language'] . '.json');
$lan_file = $root_path . File::pathFixer('system/lan/' . $config['language'] . '.json');
if (file_exists($lan_file)) {
$_L = json_decode(file_get_contents($lan_file), true);
$_SESSION['Lang'] = $_L;
@ -219,16 +223,28 @@ function sendWhatsapp($phone, $txt)
Message::sendWhatsapp($phone, $txt);
}
function r2($to, $ntype = 'e', $msg = '')
{
if ($msg == '') {
header("location: $to");
exit;
}
$_SESSION['ntype'] = $ntype;
$_SESSION['notify'] = $msg;
header("location: $to");
exit;
}
function _alert($text, $type = 'success', $url = "home")
{
global $ui;
if(!isset($ui)) return;
if(strlen($url)>4){
if(substr($url,0,4)!="http"){
$url = U.$url;
if (!isset($ui)) return;
if (strlen($url) > 4) {
if (substr($url, 0, 4) != "http") {
$url = U . $url;
}
}else{
$url = U.$url;
} else {
$url = U . $url;
}
$ui->assign('text', $text);
$ui->assign('type', $type);
@ -237,6 +253,6 @@ function _alert($text, $type = 'success', $url = "home")
}
if(!isset($api_secret)){
if (!isset($api_secret)) {
$api_secret = $db_password;
}

5
system/api.php
View File

@ -83,6 +83,11 @@ if($token == $config['api_key']){
}
}
if(!isset($handler) || empty($handler)){
showResult(true, Lang::T("Token is valid"));
}
if($handler == 'isValid'){
showResult(true, Lang::T("Token is valid"));
}

6
system/autoload/Hookers.php
View File

@ -18,8 +18,9 @@ $menu_registered = array();
* @param string icon from ion icon, ion-person, only for AFTER_
* @param string label for showing label or number of notification or update
* @param string color Label color
* @param string auth ['SuperAdmin', 'Admin', 'Report', 'Agent', 'Sales'] will only show in this user, empty array for all users
*/
function register_menu($name, $admin, $function, $position, $icon = '', $label = '', $color = 'success')
function register_menu($name, $admin, $function, $position, $icon = '', $label = '', $color = 'success', $auth = [])
{
global $menu_registered;
$menu_registered[] = [
@ -29,7 +30,8 @@ function register_menu($name, $admin, $function, $position, $icon = '', $label =
"icon" => $icon,
"function" => $function,
"label" => $label,
"color" => $color
"color" => $color,
"auth" => $auth
];
}

18
system/boot.php
View File

@ -5,24 +5,6 @@
**/
function r2($to, $ntype = 'e', $msg = '')
{
if ($msg == '') {
header("location: $to");
exit;
}
$_SESSION['ntype'] = $ntype;
$_SESSION['notify'] = $msg;
header("location: $to");
exit;
}
if (file_exists('config.php')) {
require('config.php');
} else {
r2('install');
}
try {
require_once 'init.php';
} catch (Throwable $e) {

15
system/controllers/bandwidth.php
View File

@ -35,11 +35,17 @@ switch ($action) {
break;
case 'add':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
run_hook('view_add_bandwidth'); #HOOK
$ui->display('bandwidth-add.tpl');
break;
case 'edit':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$id = $routes['2'];
run_hook('view_edit_bandwith'); #HOOK
$d = ORM::for_table('tbl_bandwidth')->find_one($id);
@ -53,6 +59,9 @@ switch ($action) {
break;
case 'delete':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$id = $routes['2'];
run_hook('delete_bandwidth'); #HOOK
$d = ORM::for_table('tbl_bandwidth')->find_one($id);
@ -63,6 +72,9 @@ switch ($action) {
break;
case 'add-post':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$name = _post('name');
$rate_down = _post('rate_down');
$rate_down_unit = _post('rate_down_unit');
@ -111,6 +123,9 @@ switch ($action) {
break;
case 'edit-post':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$name = _post('name');
$rate_down = _post('rate_down');
$rate_down_unit = _post('rate_down_unit');

2
system/controllers/codecanyon.php
View File

@ -16,7 +16,7 @@ $ui->assign('_admin', $admin);
$cache = File::pathFixer('system/cache/codecanyon.json');
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
if (empty($config['envato_token'])) {
r2(U . 'settings/app', 'w', '<a href="' . U . 'settings/app#envato' . '">Envato Personal Access Token</a> is not set');

15
system/controllers/customers.php
View File

@ -46,7 +46,7 @@ switch ($action) {
case 'csv':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$cs = ORM::for_table('tbl_customers')
->select('tbl_customers.id', 'id')
@ -84,10 +84,16 @@ switch ($action) {
}
break;
case 'add':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
run_hook('view_add_customer'); #HOOK
$ui->display('customers-add.tpl');
break;
case 'recharge':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$id_customer = $routes['2'];
$b = ORM::for_table('tbl_user_recharges')->where('customer_id', $id_customer)->find_one();
if ($b) {
@ -100,7 +106,7 @@ switch ($action) {
r2(U . 'customers/view/' . $id_customer, 'e', 'Cannot find active plan');
case 'deactivate':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$id_customer = $routes['2'];
$b = ORM::for_table('tbl_user_recharges')->where('customer_id', $id_customer)->find_one();
@ -207,6 +213,9 @@ switch ($action) {
}
break;
case 'edit':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$id = $routes['2'];
run_hook('edit_customer'); #HOOK
$d = ORM::for_table('tbl_customers')->find_one($id);
@ -225,7 +234,7 @@ switch ($action) {
case 'delete':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$id = $routes['2'];
run_hook('delete_customer'); #HOOK

2
system/controllers/logs.php
View File

@ -14,7 +14,7 @@ $admin = Admin::_info();
$ui->assign('_admin', $admin);
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}

9
system/controllers/pages.php
View File

@ -13,6 +13,9 @@ $admin = Admin::_info();
$ui->assign('_admin', $admin);
if(strpos($action,"-reset")!==false){
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$action = str_replace("-reset","",$action);
$path = "pages/".str_replace(".","",$action).".html";
$temp = "pages_template/".str_replace(".","",$action).".html";
@ -25,6 +28,9 @@ if(strpos($action,"-reset")!==false){
}
r2(U . 'pages/'.$action);
}else if(strpos($action,"-post")===false){
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$path = "pages/".str_replace(".","",$action).".html";
//echo $path;
run_hook('view_edit_pages'); #HOOK
@ -48,6 +54,9 @@ if(strpos($action,"-reset")!==false){
}else
$ui->display('a404.tpl');
}else{
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$action = str_replace("-post","",$action);
$path = "pages/".str_replace(".","",$action).".html";
if(file_exists($path)){

2
system/controllers/pluginmanager.php
View File

@ -16,7 +16,7 @@ $ui->assign('_admin', $admin);
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$cache = File::pathFixer('system/cache/plugin_repository.json');

2
system/controllers/pool.php
View File

@ -14,7 +14,7 @@ $admin = Admin::_info();
$ui->assign('_admin', $admin);
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}

65
system/controllers/prepaid.php
View File

@ -35,7 +35,7 @@ EOT;
switch ($action) {
case 'sync':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
set_time_limit(-1);
$plans = ORM::for_table('tbl_user_recharges')->where('status', 'on')->find_many();
@ -86,6 +86,9 @@ switch ($action) {
break;
case 'recharge':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$ui->assign('xfooter', $select2_customer);
$p = ORM::for_table('tbl_plans')->where('enabled', '1')->find_many();
$ui->assign('p', $p);
@ -99,6 +102,9 @@ switch ($action) {
break;
case 'recharge-user':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$id = $routes['2'];
$ui->assign('id', $id);
@ -113,6 +119,9 @@ switch ($action) {
break;
case 'recharge-post':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$id_customer = _post('id_customer');
$type = _post('type');
$server = _post('server');
@ -129,7 +138,8 @@ switch ($action) {
if (Package::rechargeUser($id_customer, $server, $plan, "Recharge", $admin['fullname'])) {
$c = ORM::for_table('tbl_customers')->where('id', $id_customer)->find_one();
$in = ORM::for_table('tbl_transactions')->where('username', $c['username'])->order_by_desc('id')->find_one();
Package::createInvoice($in);
$ui->assign('in', $in);
$ui->assign('date', date("Y-m-d H:i:s"));
$ui->display('invoice.tpl');
_log('[' . $admin['username'] . ']: ' . 'Recharge ' . $c['username'] . ' [' . $in['plan_name'] . '][' . Lang::moneyFormat($in['price']) . ']', $admin['user_type'], $admin['id']);
} else {
@ -142,18 +152,19 @@ switch ($action) {
case 'view':
$id = $routes['2'];
$in = ORM::for_table('tbl_transactions')->where('id', $id)->find_one();
$ui->assign('in', $in);
$d = ORM::for_table('tbl_transactions')->where('id', $id)->find_one();
$ui->assign('in', $d);
if (!empty($routes['3']) && $routes['3'] == 'send') {
$c = ORM::for_table('tbl_customers')->where('username', $in['username'])->find_one();
$c = ORM::for_table('tbl_customers')->where('username', $d['username'])->find_one();
if ($c) {
Message::sendInvoice($c, $in);
Message::sendInvoice($c, $d);
r2(U . 'prepaid/view/' . $id, 's', "Success send to customer");
}
r2(U . 'prepaid/view/' . $id, 'd', "Customer not found");
}
Package::createInvoice($in);
$ui->assign('_title', 'View Invoice');
$ui->assign('date', Lang::dateAndTimeFormat($d['recharged_on'], $d['recharged_time']));
$ui->display('invoice.tpl');
break;
@ -161,9 +172,9 @@ switch ($action) {
case 'print':
$content = $_POST['content'];
if (!empty($content)) {
if ($_POST['nux'] == 'print') {
if($_POST['nux']=='print'){
//header("Location: nux://print?text=".urlencode($content));
$ui->assign('nuxprint', "nux://print?text=" . urlencode($content));
$ui->assign('nuxprint', "nux://print?text=".urlencode($content));
}
$ui->assign('content', $content);
} else {
@ -179,7 +190,7 @@ switch ($action) {
case 'edit':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$id = $routes['2'];
$d = ORM::for_table('tbl_user_recharges')->find_one($id);
@ -197,7 +208,7 @@ switch ($action) {
case 'delete':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$id = $routes['2'];
$d = ORM::for_table('tbl_user_recharges')->find_one($id);
@ -226,7 +237,7 @@ switch ($action) {
case 'edit-post':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$username = _post('username');
$id_plan = _post('id_plan');
@ -356,6 +367,9 @@ switch ($action) {
break;
case 'add-voucher':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$ui->assign('_title', Lang::T('Add Vouchers'));
$c = ORM::for_table('tbl_customers')->find_many();
$ui->assign('c', $c);
@ -369,7 +383,7 @@ switch ($action) {
case 'remove-voucher':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$d = ORM::for_table('tbl_voucher')->where_equal('status', '1')->findMany();
if ($d) {
@ -487,6 +501,9 @@ switch ($action) {
$ui->display('print-voucher.tpl');
break;
case 'voucher-post':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$type = _post('type');
$plan = _post('plan');
$voucher_format = _post('voucher_format');
@ -595,7 +612,7 @@ switch ($action) {
$content .= Lang::pad("", '=') . "\n";
$content .= Lang::pad($config['note'], ' ', 2) . "\n";
$ui->assign('_title', Lang::T('View'));
$ui->assign('whatsapp', urlencode("```$content```"));
$ui->assign('wa', urlencode("```$content```"));
$ui->display('voucher-view.tpl');
} else {
r2(U . 'prepaid/voucher/', 'e', Lang::T('Voucher Not Found'));
@ -603,7 +620,7 @@ switch ($action) {
break;
case 'voucher-delete':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$id = $routes['2'];
run_hook('delete_voucher'); #HOOK
@ -615,6 +632,9 @@ switch ($action) {
break;
case 'refill':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$ui->assign('xfooter', $select2_customer);
$ui->assign('_title', Lang::T('Refill Account'));
run_hook('view_refill'); #HOOK
@ -623,6 +643,9 @@ switch ($action) {
break;
case 'refill-post':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$code = _post('code');
$user = ORM::for_table('tbl_customers')->where('id', _post('id_customer'))->find_one();
$v1 = ORM::for_table('tbl_voucher')->where('code', $code)->where('status', 0)->find_one();
@ -634,7 +657,8 @@ switch ($action) {
$v1->user = $user['username'];
$v1->save();
$in = ORM::for_table('tbl_transactions')->where('username', $user['username'])->order_by_desc('id')->find_one();
Package::createInvoice($in);
$ui->assign('in', $in);
$ui->assign('date', date("Y-m-d H:i:s"));
$ui->display('invoice.tpl');
} else {
r2(U . 'prepaid/refill', 'e', "Failed to refill account");
@ -644,6 +668,9 @@ switch ($action) {
}
break;
case 'deposit':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$ui->assign('_title', Lang::T('Refill Balance'));
$ui->assign('xfooter', $select2_customer);
$ui->assign('p', ORM::for_table('tbl_plans')->where('enabled', '1')->where('type', 'Balance')->find_many());
@ -651,6 +678,9 @@ switch ($action) {
$ui->display('deposit.tpl');
break;
case 'deposit-post':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$user = _post('id_customer');
$plan = _post('id_plan');
@ -659,7 +689,8 @@ switch ($action) {
if (Package::rechargeUser($user, 'balance', $plan, "Deposit", $admin['fullname'])) {
$c = ORM::for_table('tbl_customers')->where('id', $user)->find_one();
$in = ORM::for_table('tbl_transactions')->where('username', $c['username'])->order_by_desc('id')->find_one();
Package::createInvoice($in);
$ui->assign('in', $in);
$ui->assign('date', date("Y-m-d H:i:s"));
$ui->display('invoice.tpl');
} else {
r2(U . 'prepaid/refill', 'e', "Failed to refill account");

2
system/controllers/radius.php
View File

@ -13,7 +13,7 @@ $ui->assign('_admin', $admin);
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
switch ($action) {

2
system/controllers/routers.php
View File

@ -18,7 +18,7 @@ use PEAR2\Net\RouterOS;
require_once 'system/autoload/PEAR2/Autoload.php';
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
switch ($action) {

2
system/controllers/services.php
View File

@ -13,7 +13,7 @@ $admin = Admin::_info();
$ui->assign('_admin', $admin);
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
use PEAR2\Net\RouterOS;

38
system/controllers/settings.php
View File

@ -15,7 +15,7 @@ $ui->assign('_admin', $admin);
switch ($action) {
case 'app':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
if (!empty(_get('testWa'))) {
@ -84,6 +84,9 @@ switch ($action) {
break;
case 'app-post':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$company = _post('CompanyName');
run_hook('save_settings'); #HOOK
@ -151,7 +154,7 @@ switch ($action) {
case 'localisation':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$folders = [];
$files = scandir('system/lan/');
@ -177,6 +180,9 @@ switch ($action) {
break;
case 'localisation-post':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$tzone = _post('tzone');
$date_format = _post('date_format');
$country_code_phone = _post('country_code_phone');
@ -265,7 +271,7 @@ switch ($action) {
case 'users':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$search = _req('search');
if ($search != '') {
@ -355,7 +361,7 @@ switch ($action) {
case 'users-add':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$ui->assign('_title', Lang::T('Add User'));
$ui->assign('agents', ORM::for_table('tbl_users')->where('user_type', 'Agent')->find_many());
@ -402,7 +408,7 @@ switch ($action) {
break;
case 'users-edit':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$ui->assign('_title', Lang::T('Edit User'));
$id = $routes['2'];
@ -440,7 +446,7 @@ switch ($action) {
case 'users-delete':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$id = $routes['2'];
@ -458,6 +464,9 @@ switch ($action) {
break;
case 'users-post':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$username = _post('username');
$fullname = _post('fullname');
$password = _post('password');
@ -657,7 +666,7 @@ switch ($action) {
case 'notifications':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
run_hook('view_notifications'); #HOOK
if (file_exists("system/uploads/notifications.json")) {
@ -669,12 +678,15 @@ switch ($action) {
$ui->display('app-notifications.tpl');
break;
case 'notifications-post':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
file_put_contents("system/uploads/notifications.json", json_encode($_POST));
r2(U . 'settings/notifications', 's', Lang::T('Settings Saved Successfully'));
break;
case 'dbstatus':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$dbc = new mysqli($db_host, $db_user, $db_password, $db_name);
@ -691,8 +703,8 @@ switch ($action) {
break;
case 'dbbackup':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
if (!in_array($admin['user_type'], ['SuperAdmin'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$tables = $_POST['tables'];
set_time_limit(-1);
@ -711,8 +723,8 @@ switch ($action) {
echo json_encode($array);
break;
case 'dbrestore':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
if (!in_array($admin['user_type'], ['SuperAdmin'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
if (file_exists($_FILES['json']['tmp_name'])) {
$suc = 0;
@ -742,7 +754,7 @@ switch ($action) {
break;
case 'language':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page'));
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
run_hook('view_add_language'); #HOOK
if (file_exists($lan_file)) {