kevinowino869/mitrobill
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Admin Permisions

Browse Source
This commit is contained in:
Ibnu Maksum 2024-02-26 11:01:54 +07:00
parent 375403135e
commit a7502aa8fb
No known key found for this signature in database
GPG Key ID: 7FC82848810579E5
16 changed files with 150 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
init.php
View File

@ -41,7 +41,7 @@ spl_autoload_register('_autoloader');
if (!file_exists($root_path . 'config.php')) { if (!file_exists($root_path . 'config.php')) {
$root_path .= '..' . DIRECTORY_SEPARATOR; $root_path .= '..' . DIRECTORY_SEPARATOR;
if (!file_exists($root_path . 'config.php')) { if (!file_exists($root_path . 'config.php')) {
die("config.php file not found"); r2('install');
} }
} }
@ -54,6 +54,10 @@ if (!file_exists($root_path . File::pathFixer('system/uploads/notifications.defa
die($root_path . File::pathFixer("system/uploads/notifications.default.json file not found")); die($root_path . File::pathFixer("system/uploads/notifications.default.json file not found"));
} }
$UPLOAD_PATH = $root_path . File::pathFixer('system/uploads');
$CACHE_PATH = $root_path . File::pathFixer('system/cache');
$PAGES_PATH = $root_path . File::pathFixer('pages');
require_once $root_path . 'config.php'; require_once $root_path . 'config.php';
require_once $root_path . File::pathFixer('system/orm.php'); require_once $root_path . File::pathFixer('system/orm.php');
require_once $root_path . File::pathFixer('system/autoload/PEAR2/Autoload.php'); require_once $root_path . File::pathFixer('system/autoload/PEAR2/Autoload.php');
@ -110,7 +114,7 @@ if ((!empty($radius_user) && $config['radius_enable']) || _post('radius_enable')
if (empty($config['language'])) { if (empty($config['language'])) {
$config['language'] = 'english'; $config['language'] = 'english';
} }
$lan_file = $root_path .File::pathFixer('system/lan/' . $config['language'] . '.json'); $lan_file = $root_path . File::pathFixer('system/lan/' . $config['language'] . '.json');
if (file_exists($lan_file)) { if (file_exists($lan_file)) {
$_L = json_decode(file_get_contents($lan_file), true); $_L = json_decode(file_get_contents($lan_file), true);
$_SESSION['Lang'] = $_L; $_SESSION['Lang'] = $_L;
@ -219,16 +223,28 @@ function sendWhatsapp($phone, $txt)
Message::sendWhatsapp($phone, $txt); Message::sendWhatsapp($phone, $txt);
} }
function r2($to, $ntype = 'e', $msg = '')
{
if ($msg == '') {
header("location: $to");
exit;
}
$_SESSION['ntype'] = $ntype;
$_SESSION['notify'] = $msg;
header("location: $to");
exit;
}
function _alert($text, $type = 'success', $url = "home") function _alert($text, $type = 'success', $url = "home")
{ {
global $ui; global $ui;
if(!isset($ui)) return; if (!isset($ui)) return;
if(strlen($url)>4){ if (strlen($url) > 4) {
if(substr($url,0,4)!="http"){ if (substr($url, 0, 4) != "http") {
$url = U.$url; $url = U . $url;
} }
}else{ } else {
$url = U.$url; $url = U . $url;
} }
$ui->assign('text', $text); $ui->assign('text', $text);
$ui->assign('type', $type); $ui->assign('type', $type);
@ -237,6 +253,6 @@ function _alert($text, $type = 'success', $url = "home")
} }
if(!isset($api_secret)){ if (!isset($api_secret)) {
$api_secret = $db_password; $api_secret = $db_password;
} }

5
system/api.php
View File

@ -83,6 +83,11 @@ if($token == $config['api_key']){
} }
} }
if(!isset($handler) || empty($handler)){
showResult(true, Lang::T("Token is valid"));
}
if($handler == 'isValid'){ if($handler == 'isValid'){
showResult(true, Lang::T("Token is valid")); showResult(true, Lang::T("Token is valid"));
} }

6
system/autoload/Hookers.php
View File

@ -18,8 +18,9 @@ $menu_registered = array();
* @param string icon from ion icon, ion-person, only for AFTER_ * @param string icon from ion icon, ion-person, only for AFTER_
* @param string label for showing label or number of notification or update * @param string label for showing label or number of notification or update
* @param string color Label color * @param string color Label color
* @param string auth ['SuperAdmin', 'Admin', 'Report', 'Agent', 'Sales'] will only show in this user, empty array for all users
*/ */
function register_menu($name, $admin, $function, $position, $icon = '', $label = '', $color = 'success') function register_menu($name, $admin, $function, $position, $icon = '', $label = '', $color = 'success', $auth = [])
{ {
global $menu_registered; global $menu_registered;
$menu_registered[] = [ $menu_registered[] = [
@ -29,7 +30,8 @@ function register_menu($name, $admin, $function, $position, $icon = '', $label =
"icon" => $icon, "icon" => $icon,
"function" => $function, "function" => $function,
"label" => $label, "label" => $label,
"color" => $color "color" => $color,
"auth" => $auth
]; ];
} }

18
system/boot.php
View File

@ -5,24 +5,6 @@
**/ **/
function r2($to, $ntype = 'e', $msg = '')
{
if ($msg == '') {
header("location: $to");
exit;
}
$_SESSION['ntype'] = $ntype;
$_SESSION['notify'] = $msg;
header("location: $to");
exit;
}
if (file_exists('config.php')) {
require('config.php');
} else {
r2('install');
}
try { try {
require_once 'init.php'; require_once 'init.php';
} catch (Throwable $e) { } catch (Throwable $e) {

15
system/controllers/bandwidth.php
View File

@ -35,11 +35,17 @@ switch ($action) {
break; break;
case 'add': case 'add':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
run_hook('view_add_bandwidth'); #HOOK run_hook('view_add_bandwidth'); #HOOK
$ui->display('bandwidth-add.tpl'); $ui->display('bandwidth-add.tpl');
break; break;
case 'edit': case 'edit':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$id = $routes['2']; $id = $routes['2'];
run_hook('view_edit_bandwith'); #HOOK run_hook('view_edit_bandwith'); #HOOK
$d = ORM::for_table('tbl_bandwidth')->find_one($id); $d = ORM::for_table('tbl_bandwidth')->find_one($id);
@ -53,6 +59,9 @@ switch ($action) {
break; break;
case 'delete': case 'delete':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$id = $routes['2']; $id = $routes['2'];
run_hook('delete_bandwidth'); #HOOK run_hook('delete_bandwidth'); #HOOK
$d = ORM::for_table('tbl_bandwidth')->find_one($id); $d = ORM::for_table('tbl_bandwidth')->find_one($id);
@ -63,6 +72,9 @@ switch ($action) {
break; break;
case 'add-post': case 'add-post':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$name = _post('name'); $name = _post('name');
$rate_down = _post('rate_down'); $rate_down = _post('rate_down');
$rate_down_unit = _post('rate_down_unit'); $rate_down_unit = _post('rate_down_unit');
@ -111,6 +123,9 @@ switch ($action) {
break; break;
case 'edit-post': case 'edit-post':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$name = _post('name'); $name = _post('name');
$rate_down = _post('rate_down'); $rate_down = _post('rate_down');
$rate_down_unit = _post('rate_down_unit'); $rate_down_unit = _post('rate_down_unit');

2
system/controllers/codecanyon.php
View File

@ -16,7 +16,7 @@ $ui->assign('_admin', $admin);
$cache = File::pathFixer('system/cache/codecanyon.json'); $cache = File::pathFixer('system/cache/codecanyon.json');
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }
if (empty($config['envato_token'])) { if (empty($config['envato_token'])) {
r2(U . 'settings/app', 'w', '<a href="' . U . 'settings/app#envato' . '">Envato Personal Access Token</a> is not set'); r2(U . 'settings/app', 'w', '<a href="' . U . 'settings/app#envato' . '">Envato Personal Access Token</a> is not set');

15
system/controllers/customers.php
View File

@ -46,7 +46,7 @@ switch ($action) {
case 'csv': case 'csv':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }
$cs = ORM::for_table('tbl_customers') $cs = ORM::for_table('tbl_customers')
->select('tbl_customers.id', 'id') ->select('tbl_customers.id', 'id')
@ -84,10 +84,16 @@ switch ($action) {
} }
break; break;
case 'add': case 'add':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
run_hook('view_add_customer'); #HOOK run_hook('view_add_customer'); #HOOK
$ui->display('customers-add.tpl'); $ui->display('customers-add.tpl');
break; break;
case 'recharge': case 'recharge':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$id_customer = $routes['2']; $id_customer = $routes['2'];
$b = ORM::for_table('tbl_user_recharges')->where('customer_id', $id_customer)->find_one(); $b = ORM::for_table('tbl_user_recharges')->where('customer_id', $id_customer)->find_one();
if ($b) { if ($b) {
@ -100,7 +106,7 @@ switch ($action) {
r2(U . 'customers/view/' . $id_customer, 'e', 'Cannot find active plan'); r2(U . 'customers/view/' . $id_customer, 'e', 'Cannot find active plan');
case 'deactivate': case 'deactivate':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }
$id_customer = $routes['2']; $id_customer = $routes['2'];
$b = ORM::for_table('tbl_user_recharges')->where('customer_id', $id_customer)->find_one(); $b = ORM::for_table('tbl_user_recharges')->where('customer_id', $id_customer)->find_one();
@ -207,6 +213,9 @@ switch ($action) {
} }
break; break;
case 'edit': case 'edit':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$id = $routes['2']; $id = $routes['2'];
run_hook('edit_customer'); #HOOK run_hook('edit_customer'); #HOOK
$d = ORM::for_table('tbl_customers')->find_one($id); $d = ORM::for_table('tbl_customers')->find_one($id);
@ -225,7 +234,7 @@ switch ($action) {
case 'delete': case 'delete':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }
$id = $routes['2']; $id = $routes['2'];
run_hook('delete_customer'); #HOOK run_hook('delete_customer'); #HOOK

2
system/controllers/logs.php
View File

@ -14,7 +14,7 @@ $admin = Admin::_info();
$ui->assign('_admin', $admin); $ui->assign('_admin', $admin);
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }

9
system/controllers/pages.php
View File

@ -13,6 +13,9 @@ $admin = Admin::_info();
$ui->assign('_admin', $admin); $ui->assign('_admin', $admin);
if(strpos($action,"-reset")!==false){ if(strpos($action,"-reset")!==false){
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$action = str_replace("-reset","",$action); $action = str_replace("-reset","",$action);
$path = "pages/".str_replace(".","",$action).".html"; $path = "pages/".str_replace(".","",$action).".html";
$temp = "pages_template/".str_replace(".","",$action).".html"; $temp = "pages_template/".str_replace(".","",$action).".html";
@ -25,6 +28,9 @@ if(strpos($action,"-reset")!==false){
} }
r2(U . 'pages/'.$action); r2(U . 'pages/'.$action);
}else if(strpos($action,"-post")===false){ }else if(strpos($action,"-post")===false){
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$path = "pages/".str_replace(".","",$action).".html"; $path = "pages/".str_replace(".","",$action).".html";
//echo $path; //echo $path;
run_hook('view_edit_pages'); #HOOK run_hook('view_edit_pages'); #HOOK
@ -48,6 +54,9 @@ if(strpos($action,"-reset")!==false){
}else }else
$ui->display('a404.tpl'); $ui->display('a404.tpl');
}else{ }else{
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$action = str_replace("-post","",$action); $action = str_replace("-post","",$action);
$path = "pages/".str_replace(".","",$action).".html"; $path = "pages/".str_replace(".","",$action).".html";
if(file_exists($path)){ if(file_exists($path)){

2
system/controllers/pluginmanager.php
View File

@ -16,7 +16,7 @@ $ui->assign('_admin', $admin);
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }
$cache = File::pathFixer('system/cache/plugin_repository.json'); $cache = File::pathFixer('system/cache/plugin_repository.json');

2
system/controllers/pool.php
View File

@ -14,7 +14,7 @@ $admin = Admin::_info();
$ui->assign('_admin', $admin); $ui->assign('_admin', $admin);
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }

65
system/controllers/prepaid.php
View File

@ -35,7 +35,7 @@ EOT;
switch ($action) { switch ($action) {
case 'sync': case 'sync':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }
set_time_limit(-1); set_time_limit(-1);
$plans = ORM::for_table('tbl_user_recharges')->where('status', 'on')->find_many(); $plans = ORM::for_table('tbl_user_recharges')->where('status', 'on')->find_many();
@ -86,6 +86,9 @@ switch ($action) {
break; break;
case 'recharge': case 'recharge':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$ui->assign('xfooter', $select2_customer); $ui->assign('xfooter', $select2_customer);
$p = ORM::for_table('tbl_plans')->where('enabled', '1')->find_many(); $p = ORM::for_table('tbl_plans')->where('enabled', '1')->find_many();
$ui->assign('p', $p); $ui->assign('p', $p);
@ -99,6 +102,9 @@ switch ($action) {
break; break;
case 'recharge-user': case 'recharge-user':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$id = $routes['2']; $id = $routes['2'];
$ui->assign('id', $id); $ui->assign('id', $id);
@ -113,6 +119,9 @@ switch ($action) {
break; break;
case 'recharge-post': case 'recharge-post':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$id_customer = _post('id_customer'); $id_customer = _post('id_customer');
$type = _post('type'); $type = _post('type');
$server = _post('server'); $server = _post('server');
@ -129,7 +138,8 @@ switch ($action) {
if (Package::rechargeUser($id_customer, $server, $plan, "Recharge", $admin['fullname'])) { if (Package::rechargeUser($id_customer, $server, $plan, "Recharge", $admin['fullname'])) {
$c = ORM::for_table('tbl_customers')->where('id', $id_customer)->find_one(); $c = ORM::for_table('tbl_customers')->where('id', $id_customer)->find_one();
$in = ORM::for_table('tbl_transactions')->where('username', $c['username'])->order_by_desc('id')->find_one(); $in = ORM::for_table('tbl_transactions')->where('username', $c['username'])->order_by_desc('id')->find_one();
Package::createInvoice($in); $ui->assign('in', $in);
$ui->assign('date', date("Y-m-d H:i:s"));
$ui->display('invoice.tpl'); $ui->display('invoice.tpl');
_log('[' . $admin['username'] . ']: ' . 'Recharge ' . $c['username'] . ' [' . $in['plan_name'] . '][' . Lang::moneyFormat($in['price']) . ']', $admin['user_type'], $admin['id']); _log('[' . $admin['username'] . ']: ' . 'Recharge ' . $c['username'] . ' [' . $in['plan_name'] . '][' . Lang::moneyFormat($in['price']) . ']', $admin['user_type'], $admin['id']);
} else { } else {
@ -142,18 +152,19 @@ switch ($action) {
case 'view': case 'view':
$id = $routes['2']; $id = $routes['2'];
$in = ORM::for_table('tbl_transactions')->where('id', $id)->find_one(); $d = ORM::for_table('tbl_transactions')->where('id', $id)->find_one();
$ui->assign('in', $in); $ui->assign('in', $d);
if (!empty($routes['3']) && $routes['3'] == 'send') { if (!empty($routes['3']) && $routes['3'] == 'send') {
$c = ORM::for_table('tbl_customers')->where('username', $in['username'])->find_one(); $c = ORM::for_table('tbl_customers')->where('username', $d['username'])->find_one();
if ($c) { if ($c) {
Message::sendInvoice($c, $in); Message::sendInvoice($c, $d);
r2(U . 'prepaid/view/' . $id, 's', "Success send to customer"); r2(U . 'prepaid/view/' . $id, 's', "Success send to customer");
} }
r2(U . 'prepaid/view/' . $id, 'd', "Customer not found"); r2(U . 'prepaid/view/' . $id, 'd', "Customer not found");
} }
Package::createInvoice($in);
$ui->assign('_title', 'View Invoice'); $ui->assign('_title', 'View Invoice');
$ui->assign('date', Lang::dateAndTimeFormat($d['recharged_on'], $d['recharged_time']));
$ui->display('invoice.tpl'); $ui->display('invoice.tpl');
break; break;
@ -161,9 +172,9 @@ switch ($action) {
case 'print': case 'print':
$content = $_POST['content']; $content = $_POST['content'];
if (!empty($content)) { if (!empty($content)) {
if ($_POST['nux'] == 'print') { if($_POST['nux']=='print'){
//header("Location: nux://print?text=".urlencode($content)); //header("Location: nux://print?text=".urlencode($content));
$ui->assign('nuxprint', "nux://print?text=" . urlencode($content)); $ui->assign('nuxprint', "nux://print?text=".urlencode($content));
} }
$ui->assign('content', $content); $ui->assign('content', $content);
} else { } else {
@ -179,7 +190,7 @@ switch ($action) {
case 'edit': case 'edit':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }
$id = $routes['2']; $id = $routes['2'];
$d = ORM::for_table('tbl_user_recharges')->find_one($id); $d = ORM::for_table('tbl_user_recharges')->find_one($id);
@ -197,7 +208,7 @@ switch ($action) {
case 'delete': case 'delete':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }
$id = $routes['2']; $id = $routes['2'];
$d = ORM::for_table('tbl_user_recharges')->find_one($id); $d = ORM::for_table('tbl_user_recharges')->find_one($id);
@ -226,7 +237,7 @@ switch ($action) {
case 'edit-post': case 'edit-post':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }
$username = _post('username'); $username = _post('username');
$id_plan = _post('id_plan'); $id_plan = _post('id_plan');
@ -356,6 +367,9 @@ switch ($action) {
break; break;
case 'add-voucher': case 'add-voucher':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$ui->assign('_title', Lang::T('Add Vouchers')); $ui->assign('_title', Lang::T('Add Vouchers'));
$c = ORM::for_table('tbl_customers')->find_many(); $c = ORM::for_table('tbl_customers')->find_many();
$ui->assign('c', $c); $ui->assign('c', $c);
@ -369,7 +383,7 @@ switch ($action) {
case 'remove-voucher': case 'remove-voucher':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }
$d = ORM::for_table('tbl_voucher')->where_equal('status', '1')->findMany(); $d = ORM::for_table('tbl_voucher')->where_equal('status', '1')->findMany();
if ($d) { if ($d) {
@ -487,6 +501,9 @@ switch ($action) {
$ui->display('print-voucher.tpl'); $ui->display('print-voucher.tpl');
break; break;
case 'voucher-post': case 'voucher-post':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$type = _post('type'); $type = _post('type');
$plan = _post('plan'); $plan = _post('plan');
$voucher_format = _post('voucher_format'); $voucher_format = _post('voucher_format');
@ -595,7 +612,7 @@ switch ($action) {
$content .= Lang::pad("", '=') . "\n"; $content .= Lang::pad("", '=') . "\n";
$content .= Lang::pad($config['note'], ' ', 2) . "\n"; $content .= Lang::pad($config['note'], ' ', 2) . "\n";
$ui->assign('_title', Lang::T('View')); $ui->assign('_title', Lang::T('View'));
$ui->assign('whatsapp', urlencode("```$content```")); $ui->assign('wa', urlencode("```$content```"));
$ui->display('voucher-view.tpl'); $ui->display('voucher-view.tpl');
} else { } else {
r2(U . 'prepaid/voucher/', 'e', Lang::T('Voucher Not Found')); r2(U . 'prepaid/voucher/', 'e', Lang::T('Voucher Not Found'));
@ -603,7 +620,7 @@ switch ($action) {
break; break;
case 'voucher-delete': case 'voucher-delete':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }
$id = $routes['2']; $id = $routes['2'];
run_hook('delete_voucher'); #HOOK run_hook('delete_voucher'); #HOOK
@ -615,6 +632,9 @@ switch ($action) {
break; break;
case 'refill': case 'refill':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$ui->assign('xfooter', $select2_customer); $ui->assign('xfooter', $select2_customer);
$ui->assign('_title', Lang::T('Refill Account')); $ui->assign('_title', Lang::T('Refill Account'));
run_hook('view_refill'); #HOOK run_hook('view_refill'); #HOOK
@ -623,6 +643,9 @@ switch ($action) {
break; break;
case 'refill-post': case 'refill-post':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$code = _post('code'); $code = _post('code');
$user = ORM::for_table('tbl_customers')->where('id', _post('id_customer'))->find_one(); $user = ORM::for_table('tbl_customers')->where('id', _post('id_customer'))->find_one();
$v1 = ORM::for_table('tbl_voucher')->where('code', $code)->where('status', 0)->find_one(); $v1 = ORM::for_table('tbl_voucher')->where('code', $code)->where('status', 0)->find_one();
@ -634,7 +657,8 @@ switch ($action) {
$v1->user = $user['username']; $v1->user = $user['username'];
$v1->save(); $v1->save();
$in = ORM::for_table('tbl_transactions')->where('username', $user['username'])->order_by_desc('id')->find_one(); $in = ORM::for_table('tbl_transactions')->where('username', $user['username'])->order_by_desc('id')->find_one();
Package::createInvoice($in); $ui->assign('in', $in);
$ui->assign('date', date("Y-m-d H:i:s"));
$ui->display('invoice.tpl'); $ui->display('invoice.tpl');
} else { } else {
r2(U . 'prepaid/refill', 'e', "Failed to refill account"); r2(U . 'prepaid/refill', 'e', "Failed to refill account");
@ -644,6 +668,9 @@ switch ($action) {
} }
break; break;
case 'deposit': case 'deposit':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$ui->assign('_title', Lang::T('Refill Balance')); $ui->assign('_title', Lang::T('Refill Balance'));
$ui->assign('xfooter', $select2_customer); $ui->assign('xfooter', $select2_customer);
$ui->assign('p', ORM::for_table('tbl_plans')->where('enabled', '1')->where('type', 'Balance')->find_many()); $ui->assign('p', ORM::for_table('tbl_plans')->where('enabled', '1')->where('type', 'Balance')->find_many());
@ -651,6 +678,9 @@ switch ($action) {
$ui->display('deposit.tpl'); $ui->display('deposit.tpl');
break; break;
case 'deposit-post': case 'deposit-post':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent', 'Sales'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$user = _post('id_customer'); $user = _post('id_customer');
$plan = _post('id_plan'); $plan = _post('id_plan');
@ -659,7 +689,8 @@ switch ($action) {
if (Package::rechargeUser($user, 'balance', $plan, "Deposit", $admin['fullname'])) { if (Package::rechargeUser($user, 'balance', $plan, "Deposit", $admin['fullname'])) {
$c = ORM::for_table('tbl_customers')->where('id', $user)->find_one(); $c = ORM::for_table('tbl_customers')->where('id', $user)->find_one();
$in = ORM::for_table('tbl_transactions')->where('username', $c['username'])->order_by_desc('id')->find_one(); $in = ORM::for_table('tbl_transactions')->where('username', $c['username'])->order_by_desc('id')->find_one();
Package::createInvoice($in); $ui->assign('in', $in);
$ui->assign('date', date("Y-m-d H:i:s"));
$ui->display('invoice.tpl'); $ui->display('invoice.tpl');
} else { } else {
r2(U . 'prepaid/refill', 'e', "Failed to refill account"); r2(U . 'prepaid/refill', 'e', "Failed to refill account");

2
system/controllers/radius.php
View File

@ -13,7 +13,7 @@ $ui->assign('_admin', $admin);
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }
switch ($action) { switch ($action) {

2
system/controllers/routers.php
View File

@ -18,7 +18,7 @@ use PEAR2\Net\RouterOS;
require_once 'system/autoload/PEAR2/Autoload.php'; require_once 'system/autoload/PEAR2/Autoload.php';
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }
switch ($action) { switch ($action) {

2
system/controllers/services.php
View File

@ -13,7 +13,7 @@ $admin = Admin::_info();
$ui->assign('_admin', $admin); $ui->assign('_admin', $admin);
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }
use PEAR2\Net\RouterOS; use PEAR2\Net\RouterOS;

38
system/controllers/settings.php
View File

@ -15,7 +15,7 @@ $ui->assign('_admin', $admin);
switch ($action) { switch ($action) {
case 'app': case 'app':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }
if (!empty(_get('testWa'))) { if (!empty(_get('testWa'))) {
@ -84,6 +84,9 @@ switch ($action) {
break; break;
case 'app-post': case 'app-post':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$company = _post('CompanyName'); $company = _post('CompanyName');
run_hook('save_settings'); #HOOK run_hook('save_settings'); #HOOK
@ -151,7 +154,7 @@ switch ($action) {
case 'localisation': case 'localisation':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }
$folders = []; $folders = [];
$files = scandir('system/lan/'); $files = scandir('system/lan/');
@ -177,6 +180,9 @@ switch ($action) {
break; break;
case 'localisation-post': case 'localisation-post':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$tzone = _post('tzone'); $tzone = _post('tzone');
$date_format = _post('date_format'); $date_format = _post('date_format');
$country_code_phone = _post('country_code_phone'); $country_code_phone = _post('country_code_phone');
@ -265,7 +271,7 @@ switch ($action) {
case 'users': case 'users':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }
$search = _req('search'); $search = _req('search');
if ($search != '') { if ($search != '') {
@ -355,7 +361,7 @@ switch ($action) {
case 'users-add': case 'users-add':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }
$ui->assign('_title', Lang::T('Add User')); $ui->assign('_title', Lang::T('Add User'));
$ui->assign('agents', ORM::for_table('tbl_users')->where('user_type', 'Agent')->find_many()); $ui->assign('agents', ORM::for_table('tbl_users')->where('user_type', 'Agent')->find_many());
@ -402,7 +408,7 @@ switch ($action) {
break; break;
case 'users-edit': case 'users-edit':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }
$ui->assign('_title', Lang::T('Edit User')); $ui->assign('_title', Lang::T('Edit User'));
$id = $routes['2']; $id = $routes['2'];
@ -440,7 +446,7 @@ switch ($action) {
case 'users-delete': case 'users-delete':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }
$id = $routes['2']; $id = $routes['2'];
@ -458,6 +464,9 @@ switch ($action) {
break; break;
case 'users-post': case 'users-post':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
$username = _post('username'); $username = _post('username');
$fullname = _post('fullname'); $fullname = _post('fullname');
$password = _post('password'); $password = _post('password');
@ -657,7 +666,7 @@ switch ($action) {
case 'notifications': case 'notifications':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }
run_hook('view_notifications'); #HOOK run_hook('view_notifications'); #HOOK
if (file_exists("system/uploads/notifications.json")) { if (file_exists("system/uploads/notifications.json")) {
@ -669,12 +678,15 @@ switch ($action) {
$ui->display('app-notifications.tpl'); $ui->display('app-notifications.tpl');
break; break;
case 'notifications-post': case 'notifications-post':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
_alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
}
file_put_contents("system/uploads/notifications.json", json_encode($_POST)); file_put_contents("system/uploads/notifications.json", json_encode($_POST));
r2(U . 'settings/notifications', 's', Lang::T('Settings Saved Successfully')); r2(U . 'settings/notifications', 's', Lang::T('Settings Saved Successfully'));
break; break;
case 'dbstatus': case 'dbstatus':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }
$dbc = new mysqli($db_host, $db_user, $db_password, $db_name); $dbc = new mysqli($db_host, $db_user, $db_password, $db_name);
@ -691,8 +703,8 @@ switch ($action) {
break; break;
case 'dbbackup': case 'dbbackup':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { if (!in_array($admin['user_type'], ['SuperAdmin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }
$tables = $_POST['tables']; $tables = $_POST['tables'];
set_time_limit(-1); set_time_limit(-1);
@ -711,8 +723,8 @@ switch ($action) {
echo json_encode($array); echo json_encode($array);
break; break;
case 'dbrestore': case 'dbrestore':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { if (!in_array($admin['user_type'], ['SuperAdmin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }
if (file_exists($_FILES['json']['tmp_name'])) { if (file_exists($_FILES['json']['tmp_name'])) {
$suc = 0; $suc = 0;
@ -742,7 +754,7 @@ switch ($action) {
break; break;
case 'language': case 'language':
if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); _alert(Lang::T('You do not have permission to access this page'),'danger', "dashboard");
} }
run_hook('view_add_language'); #HOOK run_hook('view_add_language'); #HOOK
if (file_exists($lan_file)) { if (file_exists($lan_file)) {