nestict/mitrobill
1
0
Fork 0
forked from kevinowino869/mitrobill
Code Pull Requests Activity

fix critical bug customer can recharge without balance when using balance. and move Balance to select Gateway

Browse Source
This commit is contained in:
iBNu Maksum
2024-11-04 15:10:58 +07:00
parent 32a64d944a
commit 6db2f2bf0d
10 changed files with 266 additions and 317 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
system/autoload/App.php
View File

@ -19,6 +19,9 @@ class App{
}
public static function getTokenValue($key){
if(empty($key)){
return "";
}
if(isset($_SESSION[$key])){
return $_SESSION[$key];
}else{

10
system/autoload/Balance.php
View File

@ -30,13 +30,9 @@ class Balance
public static function min($id_customer, $amount)
{
$c = ORM::for_table('tbl_customers')->where('id', $id_customer)->find_one();
if ($c && $c['balance'] >= $amount) {
$c->balance = $c['balance'] - $amount;
$c->save();
return true;
} else {
return false;
}
$c->balance = $c['balance'] - $amount;
$c->save();
return true;
}
public static function plusByPhone($phone_customer, $amount)

14
system/autoload/Message.php
View File

@ -188,6 +188,20 @@ class Message
} else {
$msg = str_replace('[[expired_date]]', "", $msg);
}
if(strpos($msg, '[[payment_link]]')!== false){
// token only valid for 1 day, for security reason
$token = User::generateToken($customer['id'], 1);
$tur = ORM::for_table('tbl_user_recharges')
->where('customer_id', $customer['id'])
->where('namebp', $package)
->find_one();
if($tur){
$url = APP_URL . '?_route=home&recharge='. $tur.'uid='. $token;
$msg = str_replace('[[payment_link]]', $url, $msg);
}
}
if (
!empty($customer['phonenumber']) && strlen($customer['phonenumber']) > 5
&& !empty($message) && in_array($via, ['sms', 'wa'])

3
system/autoload/User.php
View File

@ -163,7 +163,8 @@ class User
if($validDays>=30){
$time = time();
}else{
$time = strtotime("+ $validDays days");
// for customer, deafult expired is 30 days
$time = strtotime('+ '.(30 - $validDays).' days');
}
return [

3
system/boot.php
View File

@ -79,9 +79,10 @@ $handler = $routes[0];
if ($handler == '') {
$handler = 'default';
}
try {
if(!empty($_GET['uid'])){
$_COOKIE['uid'] = $_GET['token'];
$_COOKIE['uid'] = $_GET['uid'];
}
$admin = Admin::_info();
$sys_render = $root_path . File::pathFixer('system/controllers/' . $handler . '.php');

14
system/controllers/home.php
View File

@ -143,19 +143,7 @@ if (isset($_GET['recharge']) && !empty($_GET['recharge'])) {
$routers = ORM::for_table('tbl_routers')->where('name', $bill['routers'])->find_one();
$router = $routers['id'];
}
if ($config['enable_balance'] == 'yes') {
$plan = ORM::for_table('tbl_plans')->find_one($bill['plan_id']);
if (!$plan['enabled']) {
r2(U . "home", 'e', 'Plan is not exists');
}
if ($user['balance'] > $plan['price']) {
r2(U . "order/pay/$router/$bill[plan_id]&stoken=" . _get('stoken'), 'e', 'Order Plan');
} else {
r2(U . "order/buy/$router/$bill[plan_id]", 'e', 'Order Plan');
}
} else {
r2(U . "order/buy/$router/$bill[plan_id]", 'e', 'Order Plan');
}
r2(U. "order/gateway/$router/$bill[plan_id]");
}
} else if (!empty(_get('extend'))) {
if ($user['status'] != 'Active') {

23
system/controllers/order.php
View File

@ -205,15 +205,13 @@ switch ($action) {
if ($user['status'] != 'Active') {
_alert(Lang::T('This account status') . ' : ' . Lang::T($user['status']), 'danger', "");
}
$plan = ORM::for_table('tbl_plans')->where('enabled', '1')->find_one($routes['3']);
if (empty($plan)) {
$plan = ORM::for_table('tbl_plans')->find_one($routes[3]);
if (!$plan) {
r2(U . "order/package", 'e', Lang::T("Plan Not found"));
}
if (!$plan['enabled']) {
r2(U . "home", 'e', 'Plan is not exists');
}
if ($plan['is_radius'] == '1') {
$router_name = 'radius';
$router = 'radius';
} else {
$router_name = $plan['routers'];
}
@ -237,21 +235,21 @@ switch ($action) {
$tax = 0;
}
// Tax calculation stop
if ($plan && $plan['enabled'] && $user['balance'] >= $plan['price'] + $tax) {
$total_cost = $plan['price'] + $add_cost + $tax;
if ($plan && $plan['enabled'] && $user['balance'] >= $total_cost) {
if (Package::rechargeUser($user['id'], $router_name, $plan['id'], 'Customer', 'Balance')) {
// if success, then get the balance
Balance::min($user['id'], $plan['price'] + $add_cost + $tax);
Balance::min($user['id'], $total_cost);
App::setToken($_GET['stoken'], "success");
r2(U . "voucher/invoice/", 's', Lang::T("Success to buy package"));
} else {
r2(U . "order/package", 'e', Lang::T("Failed to buy package"));
Message::sendTelegram("Buy Package with Balance Failed\n\n#u$c[username] #buy \n" . $plan['name_plan'] .
"\nRouter: " . $router_name .
"\nPrice: " . $plan['price'] + $tax);
"\nPrice: " . $total_cost);
}
} else {
r2(U . "home", 'e', 'Plan is not exists');
r2(U . "order/gateway/$routes[2]/$routes[3]", 'e', Lang::T("Insufficient balance"));
}
break;
@ -440,6 +438,11 @@ switch ($action) {
}
case 'buy':
$gateway = _post('gateway');
print_r($routes);
if($gateway == 'balance') {
unset($_SESSION['gateway']);
r2(U . 'order/pay/' . $routes[2] . '/' . $routes[3]);
}
if (empty($gateway) && !empty($_SESSION['gateway'])) {
$gateway = $_SESSION['gateway'];
} else if (!empty($gateway)) {

9
system/lan/english.json
View File

@ -878,5 +878,12 @@
"Token_has_expired__Please_log_in_again_": "Token has expired. Please log in again.",
"Minute": "Minute",
"Hour": "Hour",
"Failed_to_connect_to_device": "Failed to connect to device"
"Failed_to_connect_to_device": "Failed to connect to device",
"Custom_Balance": "Custom Balance",
"Input_Desired_Amount": "Input Desired Amount",
"Security": "Security",
"Enable_CSRF_Validation": "Enable CSRF Validation",
"Cross_site_request_forgery": "Cross-site request forgery",
"Validity_Periode": "Validity Periode",
"Insufficient_balance": "Insufficient balance"
}