From a7502aa8fbb944cba499b78879a85b281b8a7a19 Mon Sep 17 00:00:00 2001 From: Ibnu Maksum Date: Mon, 26 Feb 2024 11:01:54 +0700 Subject: [PATCH] Admin Permisions --- init.php | 34 +++++++++++---- system/api.php | 5 +++ system/autoload/Hookers.php | 6 ++- system/boot.php | 18 -------- system/controllers/bandwidth.php | 15 +++++++ system/controllers/codecanyon.php | 2 +- system/controllers/customers.php | 15 +++++-- system/controllers/logs.php | 2 +- system/controllers/pages.php | 9 ++++ system/controllers/pluginmanager.php | 2 +- system/controllers/pool.php | 2 +- system/controllers/prepaid.php | 65 ++++++++++++++++++++-------- system/controllers/radius.php | 2 +- system/controllers/routers.php | 2 +- system/controllers/services.php | 2 +- system/controllers/settings.php | 38 ++++++++++------ 16 files changed, 150 insertions(+), 69 deletions(-) diff --git a/init.php b/init.php index 17ba79cd..29fa80a6 100644 --- a/init.php +++ b/init.php @@ -41,7 +41,7 @@ spl_autoload_register('_autoloader'); if (!file_exists($root_path . 'config.php')) { $root_path .= '..' . DIRECTORY_SEPARATOR; if (!file_exists($root_path . 'config.php')) { - die("config.php file not found"); + r2('install'); } } @@ -54,6 +54,10 @@ if (!file_exists($root_path . File::pathFixer('system/uploads/notifications.defa die($root_path . File::pathFixer("system/uploads/notifications.default.json file not found")); } +$UPLOAD_PATH = $root_path . File::pathFixer('system/uploads'); +$CACHE_PATH = $root_path . File::pathFixer('system/cache'); +$PAGES_PATH = $root_path . File::pathFixer('pages'); + require_once $root_path . 'config.php'; require_once $root_path . File::pathFixer('system/orm.php'); require_once $root_path . File::pathFixer('system/autoload/PEAR2/Autoload.php'); @@ -110,7 +114,7 @@ if ((!empty($radius_user) && $config['radius_enable']) || _post('radius_enable') if (empty($config['language'])) { $config['language'] = 'english'; } -$lan_file = $root_path .File::pathFixer('system/lan/' . $config['language'] . '.json'); +$lan_file = $root_path . File::pathFixer('system/lan/' . $config['language'] . '.json'); if (file_exists($lan_file)) { $_L = json_decode(file_get_contents($lan_file), true); $_SESSION['Lang'] = $_L; @@ -219,16 +223,28 @@ function sendWhatsapp($phone, $txt) Message::sendWhatsapp($phone, $txt); } +function r2($to, $ntype = 'e', $msg = '') +{ + if ($msg == '') { + header("location: $to"); + exit; + } + $_SESSION['ntype'] = $ntype; + $_SESSION['notify'] = $msg; + header("location: $to"); + exit; +} + function _alert($text, $type = 'success', $url = "home") { global $ui; - if(!isset($ui)) return; - if(strlen($url)>4){ - if(substr($url,0,4)!="http"){ - $url = U.$url; + if (!isset($ui)) return; + if (strlen($url) > 4) { + if (substr($url, 0, 4) != "http") { + $url = U . $url; } - }else{ - $url = U.$url; + } else { + $url = U . $url; } $ui->assign('text', $text); $ui->assign('type', $type); @@ -237,6 +253,6 @@ function _alert($text, $type = 'success', $url = "home") } -if(!isset($api_secret)){ +if (!isset($api_secret)) { $api_secret = $db_password; } diff --git a/system/api.php b/system/api.php index a33ea427..d923e73d 100644 --- a/system/api.php +++ b/system/api.php @@ -83,6 +83,11 @@ if($token == $config['api_key']){ } } +if(!isset($handler) || empty($handler)){ + showResult(true, Lang::T("Token is valid")); +} + + if($handler == 'isValid'){ showResult(true, Lang::T("Token is valid")); } diff --git a/system/autoload/Hookers.php b/system/autoload/Hookers.php index 86ab2975..d2e80ddf 100644 --- a/system/autoload/Hookers.php +++ b/system/autoload/Hookers.php @@ -18,8 +18,9 @@ $menu_registered = array(); * @param string icon from ion icon, ion-person, only for AFTER_ * @param string label for showing label or number of notification or update * @param string color Label color + * @param string auth ['SuperAdmin', 'Admin', 'Report', 'Agent', 'Sales'] will only show in this user, empty array for all users */ -function register_menu($name, $admin, $function, $position, $icon = '', $label = '', $color = 'success') +function register_menu($name, $admin, $function, $position, $icon = '', $label = '', $color = 'success', $auth = []) { global $menu_registered; $menu_registered[] = [ @@ -29,7 +30,8 @@ function register_menu($name, $admin, $function, $position, $icon = '', $label = "icon" => $icon, "function" => $function, "label" => $label, - "color" => $color + "color" => $color, + "auth" => $auth ]; } diff --git a/system/boot.php b/system/boot.php index eb533208..0bd3ec4b 100644 --- a/system/boot.php +++ b/system/boot.php @@ -5,24 +5,6 @@ **/ -function r2($to, $ntype = 'e', $msg = '') -{ - if ($msg == '') { - header("location: $to"); - exit; - } - $_SESSION['ntype'] = $ntype; - $_SESSION['notify'] = $msg; - header("location: $to"); - exit; -} - -if (file_exists('config.php')) { - require('config.php'); -} else { - r2('install'); -} - try { require_once 'init.php'; } catch (Throwable $e) { diff --git a/system/controllers/bandwidth.php b/system/controllers/bandwidth.php index 45d68b21..c36d5716 100644 --- a/system/controllers/bandwidth.php +++ b/system/controllers/bandwidth.php @@ -35,11 +35,17 @@ switch ($action) { break; case 'add': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); + } run_hook('view_add_bandwidth'); #HOOK $ui->display('bandwidth-add.tpl'); break; case 'edit': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); + } $id = $routes['2']; run_hook('view_edit_bandwith'); #HOOK $d = ORM::for_table('tbl_bandwidth')->find_one($id); @@ -53,6 +59,9 @@ switch ($action) { break; case 'delete': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); + } $id = $routes['2']; run_hook('delete_bandwidth'); #HOOK $d = ORM::for_table('tbl_bandwidth')->find_one($id); @@ -63,6 +72,9 @@ switch ($action) { break; case 'add-post': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); + } $name = _post('name'); $rate_down = _post('rate_down'); $rate_down_unit = _post('rate_down_unit'); @@ -111,6 +123,9 @@ switch ($action) { break; case 'edit-post': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); + } $name = _post('name'); $rate_down = _post('rate_down'); $rate_down_unit = _post('rate_down_unit'); diff --git a/system/controllers/codecanyon.php b/system/controllers/codecanyon.php index d1030371..e6612c25 100644 --- a/system/controllers/codecanyon.php +++ b/system/controllers/codecanyon.php @@ -16,7 +16,7 @@ $ui->assign('_admin', $admin); $cache = File::pathFixer('system/cache/codecanyon.json'); if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } if (empty($config['envato_token'])) { r2(U . 'settings/app', 'w', 'Envato Personal Access Token is not set'); diff --git a/system/controllers/customers.php b/system/controllers/customers.php index f33157b0..e30a2c07 100644 --- a/system/controllers/customers.php +++ b/system/controllers/customers.php @@ -46,7 +46,7 @@ switch ($action) { case 'csv': if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } $cs = ORM::for_table('tbl_customers') ->select('tbl_customers.id', 'id') @@ -84,10 +84,16 @@ switch ($action) { } break; case 'add': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); + } run_hook('view_add_customer'); #HOOK $ui->display('customers-add.tpl'); break; case 'recharge': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); + } $id_customer = $routes['2']; $b = ORM::for_table('tbl_user_recharges')->where('customer_id', $id_customer)->find_one(); if ($b) { @@ -100,7 +106,7 @@ switch ($action) { r2(U . 'customers/view/' . $id_customer, 'e', 'Cannot find active plan'); case 'deactivate': if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } $id_customer = $routes['2']; $b = ORM::for_table('tbl_user_recharges')->where('customer_id', $id_customer)->find_one(); @@ -207,6 +213,9 @@ switch ($action) { } break; case 'edit': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); + } $id = $routes['2']; run_hook('edit_customer'); #HOOK $d = ORM::for_table('tbl_customers')->find_one($id); @@ -225,7 +234,7 @@ switch ($action) { case 'delete': if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } $id = $routes['2']; run_hook('delete_customer'); #HOOK diff --git a/system/controllers/logs.php b/system/controllers/logs.php index 99d9d1c3..c6f1be8a 100644 --- a/system/controllers/logs.php +++ b/system/controllers/logs.php @@ -14,7 +14,7 @@ $admin = Admin::_info(); $ui->assign('_admin', $admin); if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } diff --git a/system/controllers/pages.php b/system/controllers/pages.php index 0e2e653e..5437a338 100644 --- a/system/controllers/pages.php +++ b/system/controllers/pages.php @@ -13,6 +13,9 @@ $admin = Admin::_info(); $ui->assign('_admin', $admin); if(strpos($action,"-reset")!==false){ + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); + } $action = str_replace("-reset","",$action); $path = "pages/".str_replace(".","",$action).".html"; $temp = "pages_template/".str_replace(".","",$action).".html"; @@ -25,6 +28,9 @@ if(strpos($action,"-reset")!==false){ } r2(U . 'pages/'.$action); }else if(strpos($action,"-post")===false){ + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); + } $path = "pages/".str_replace(".","",$action).".html"; //echo $path; run_hook('view_edit_pages'); #HOOK @@ -48,6 +54,9 @@ if(strpos($action,"-reset")!==false){ }else $ui->display('a404.tpl'); }else{ + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); + } $action = str_replace("-post","",$action); $path = "pages/".str_replace(".","",$action).".html"; if(file_exists($path)){ diff --git a/system/controllers/pluginmanager.php b/system/controllers/pluginmanager.php index e8d3cd8d..c1b51356 100644 --- a/system/controllers/pluginmanager.php +++ b/system/controllers/pluginmanager.php @@ -16,7 +16,7 @@ $ui->assign('_admin', $admin); if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } $cache = File::pathFixer('system/cache/plugin_repository.json'); diff --git a/system/controllers/pool.php b/system/controllers/pool.php index fc7b891c..60d2b34e 100644 --- a/system/controllers/pool.php +++ b/system/controllers/pool.php @@ -14,7 +14,7 @@ $admin = Admin::_info(); $ui->assign('_admin', $admin); if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } diff --git a/system/controllers/prepaid.php b/system/controllers/prepaid.php index 07f2bd95..eac533b4 100644 --- a/system/controllers/prepaid.php +++ b/system/controllers/prepaid.php @@ -35,7 +35,7 @@ EOT; switch ($action) { case 'sync': if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } set_time_limit(-1); $plans = ORM::for_table('tbl_user_recharges')->where('status', 'on')->find_many(); @@ -86,6 +86,9 @@ switch ($action) { break; case 'recharge': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); + } $ui->assign('xfooter', $select2_customer); $p = ORM::for_table('tbl_plans')->where('enabled', '1')->find_many(); $ui->assign('p', $p); @@ -99,6 +102,9 @@ switch ($action) { break; case 'recharge-user': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); + } $id = $routes['2']; $ui->assign('id', $id); @@ -113,6 +119,9 @@ switch ($action) { break; case 'recharge-post': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); + } $id_customer = _post('id_customer'); $type = _post('type'); $server = _post('server'); @@ -129,7 +138,8 @@ switch ($action) { if (Package::rechargeUser($id_customer, $server, $plan, "Recharge", $admin['fullname'])) { $c = ORM::for_table('tbl_customers')->where('id', $id_customer)->find_one(); $in = ORM::for_table('tbl_transactions')->where('username', $c['username'])->order_by_desc('id')->find_one(); - Package::createInvoice($in); + $ui->assign('in', $in); + $ui->assign('date', date("Y-m-d H:i:s")); $ui->display('invoice.tpl'); _log('[' . $admin['username'] . ']: ' . 'Recharge ' . $c['username'] . ' [' . $in['plan_name'] . '][' . Lang::moneyFormat($in['price']) . ']', $admin['user_type'], $admin['id']); } else { @@ -142,18 +152,19 @@ switch ($action) { case 'view': $id = $routes['2']; - $in = ORM::for_table('tbl_transactions')->where('id', $id)->find_one(); - $ui->assign('in', $in); + $d = ORM::for_table('tbl_transactions')->where('id', $id)->find_one(); + $ui->assign('in', $d); + if (!empty($routes['3']) && $routes['3'] == 'send') { - $c = ORM::for_table('tbl_customers')->where('username', $in['username'])->find_one(); + $c = ORM::for_table('tbl_customers')->where('username', $d['username'])->find_one(); if ($c) { - Message::sendInvoice($c, $in); + Message::sendInvoice($c, $d); r2(U . 'prepaid/view/' . $id, 's', "Success send to customer"); } r2(U . 'prepaid/view/' . $id, 'd', "Customer not found"); } - Package::createInvoice($in); $ui->assign('_title', 'View Invoice'); + $ui->assign('date', Lang::dateAndTimeFormat($d['recharged_on'], $d['recharged_time'])); $ui->display('invoice.tpl'); break; @@ -161,9 +172,9 @@ switch ($action) { case 'print': $content = $_POST['content']; if (!empty($content)) { - if ($_POST['nux'] == 'print') { + if($_POST['nux']=='print'){ //header("Location: nux://print?text=".urlencode($content)); - $ui->assign('nuxprint', "nux://print?text=" . urlencode($content)); + $ui->assign('nuxprint', "nux://print?text=".urlencode($content)); } $ui->assign('content', $content); } else { @@ -179,7 +190,7 @@ switch ($action) { case 'edit': if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } $id = $routes['2']; $d = ORM::for_table('tbl_user_recharges')->find_one($id); @@ -197,7 +208,7 @@ switch ($action) { case 'delete': if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } $id = $routes['2']; $d = ORM::for_table('tbl_user_recharges')->find_one($id); @@ -226,7 +237,7 @@ switch ($action) { case 'edit-post': if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } $username = _post('username'); $id_plan = _post('id_plan'); @@ -356,6 +367,9 @@ switch ($action) { break; case 'add-voucher': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); + } $ui->assign('_title', Lang::T('Add Vouchers')); $c = ORM::for_table('tbl_customers')->find_many(); $ui->assign('c', $c); @@ -369,7 +383,7 @@ switch ($action) { case 'remove-voucher': if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } $d = ORM::for_table('tbl_voucher')->where_equal('status', '1')->findMany(); if ($d) { @@ -487,6 +501,9 @@ switch ($action) { $ui->display('print-voucher.tpl'); break; case 'voucher-post': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); + } $type = _post('type'); $plan = _post('plan'); $voucher_format = _post('voucher_format'); @@ -595,7 +612,7 @@ switch ($action) { $content .= Lang::pad("", '=') . "\n"; $content .= Lang::pad($config['note'], ' ', 2) . "\n"; $ui->assign('_title', Lang::T('View')); - $ui->assign('whatsapp', urlencode("```$content```")); + $ui->assign('wa', urlencode("```$content```")); $ui->display('voucher-view.tpl'); } else { r2(U . 'prepaid/voucher/', 'e', Lang::T('Voucher Not Found')); @@ -603,7 +620,7 @@ switch ($action) { break; case 'voucher-delete': if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } $id = $routes['2']; run_hook('delete_voucher'); #HOOK @@ -615,6 +632,9 @@ switch ($action) { break; case 'refill': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); + } $ui->assign('xfooter', $select2_customer); $ui->assign('_title', Lang::T('Refill Account')); run_hook('view_refill'); #HOOK @@ -623,6 +643,9 @@ switch ($action) { break; case 'refill-post': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); + } $code = _post('code'); $user = ORM::for_table('tbl_customers')->where('id', _post('id_customer'))->find_one(); $v1 = ORM::for_table('tbl_voucher')->where('code', $code)->where('status', 0)->find_one(); @@ -634,7 +657,8 @@ switch ($action) { $v1->user = $user['username']; $v1->save(); $in = ORM::for_table('tbl_transactions')->where('username', $user['username'])->order_by_desc('id')->find_one(); - Package::createInvoice($in); + $ui->assign('in', $in); + $ui->assign('date', date("Y-m-d H:i:s")); $ui->display('invoice.tpl'); } else { r2(U . 'prepaid/refill', 'e', "Failed to refill account"); @@ -644,6 +668,9 @@ switch ($action) { } break; case 'deposit': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); + } $ui->assign('_title', Lang::T('Refill Balance')); $ui->assign('xfooter', $select2_customer); $ui->assign('p', ORM::for_table('tbl_plans')->where('enabled', '1')->where('type', 'Balance')->find_many()); @@ -651,6 +678,9 @@ switch ($action) { $ui->display('deposit.tpl'); break; case 'deposit-post': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); + } $user = _post('id_customer'); $plan = _post('id_plan'); @@ -659,7 +689,8 @@ switch ($action) { if (Package::rechargeUser($user, 'balance', $plan, "Deposit", $admin['fullname'])) { $c = ORM::for_table('tbl_customers')->where('id', $user)->find_one(); $in = ORM::for_table('tbl_transactions')->where('username', $c['username'])->order_by_desc('id')->find_one(); - Package::createInvoice($in); + $ui->assign('in', $in); + $ui->assign('date', date("Y-m-d H:i:s")); $ui->display('invoice.tpl'); } else { r2(U . 'prepaid/refill', 'e', "Failed to refill account"); diff --git a/system/controllers/radius.php b/system/controllers/radius.php index dc205fcb..86c840a0 100644 --- a/system/controllers/radius.php +++ b/system/controllers/radius.php @@ -13,7 +13,7 @@ $ui->assign('_admin', $admin); if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } switch ($action) { diff --git a/system/controllers/routers.php b/system/controllers/routers.php index 3dbf56c6..d0bf7765 100644 --- a/system/controllers/routers.php +++ b/system/controllers/routers.php @@ -18,7 +18,7 @@ use PEAR2\Net\RouterOS; require_once 'system/autoload/PEAR2/Autoload.php'; if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } switch ($action) { diff --git a/system/controllers/services.php b/system/controllers/services.php index a46b1754..6dc49598 100644 --- a/system/controllers/services.php +++ b/system/controllers/services.php @@ -13,7 +13,7 @@ $admin = Admin::_info(); $ui->assign('_admin', $admin); if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } use PEAR2\Net\RouterOS; diff --git a/system/controllers/settings.php b/system/controllers/settings.php index 113c1209..47244122 100644 --- a/system/controllers/settings.php +++ b/system/controllers/settings.php @@ -15,7 +15,7 @@ $ui->assign('_admin', $admin); switch ($action) { case 'app': if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } if (!empty(_get('testWa'))) { @@ -84,6 +84,9 @@ switch ($action) { break; case 'app-post': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); + } $company = _post('CompanyName'); run_hook('save_settings'); #HOOK @@ -151,7 +154,7 @@ switch ($action) { case 'localisation': if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } $folders = []; $files = scandir('system/lan/'); @@ -177,6 +180,9 @@ switch ($action) { break; case 'localisation-post': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); + } $tzone = _post('tzone'); $date_format = _post('date_format'); $country_code_phone = _post('country_code_phone'); @@ -265,7 +271,7 @@ switch ($action) { case 'users': if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } $search = _req('search'); if ($search != '') { @@ -355,7 +361,7 @@ switch ($action) { case 'users-add': if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } $ui->assign('_title', Lang::T('Add User')); $ui->assign('agents', ORM::for_table('tbl_users')->where('user_type', 'Agent')->find_many()); @@ -402,7 +408,7 @@ switch ($action) { break; case 'users-edit': if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } $ui->assign('_title', Lang::T('Edit User')); $id = $routes['2']; @@ -440,7 +446,7 @@ switch ($action) { case 'users-delete': if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } $id = $routes['2']; @@ -458,6 +464,9 @@ switch ($action) { break; case 'users-post': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); + } $username = _post('username'); $fullname = _post('fullname'); $password = _post('password'); @@ -657,7 +666,7 @@ switch ($action) { case 'notifications': if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } run_hook('view_notifications'); #HOOK if (file_exists("system/uploads/notifications.json")) { @@ -669,12 +678,15 @@ switch ($action) { $ui->display('app-notifications.tpl'); break; case 'notifications-post': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); + } file_put_contents("system/uploads/notifications.json", json_encode($_POST)); r2(U . 'settings/notifications', 's', Lang::T('Settings Saved Successfully')); break; case 'dbstatus': if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } $dbc = new mysqli($db_host, $db_user, $db_password, $db_name); @@ -691,8 +703,8 @@ switch ($action) { break; case 'dbbackup': - if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + if (!in_array($admin['user_type'], ['SuperAdmin'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } $tables = $_POST['tables']; set_time_limit(-1); @@ -711,8 +723,8 @@ switch ($action) { echo json_encode($array); break; case 'dbrestore': - if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + if (!in_array($admin['user_type'], ['SuperAdmin'])) { + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } if (file_exists($_FILES['json']['tmp_name'])) { $suc = 0; @@ -742,7 +754,7 @@ switch ($action) { break; case 'language': if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard"); } run_hook('view_add_language'); #HOOK if (file_exists($lan_file)) {