From 71437b9a0e235a71a308068375648d82b09af419 Mon Sep 17 00:00:00 2001 From: Ibnu Maksum Date: Thu, 4 Apr 2024 15:27:13 +0700 Subject: [PATCH] Prevent double submit for recharge and renew --- CHANGELOG.md | 1 + system/autoload/App.php | 16 ++++++++++++++ system/controllers/home.php | 8 +++++-- system/controllers/order.php | 41 ++++++++++++++++++++---------------- system/controllers/plan.php | 10 +++++++++ system/lan/indonesia.json | 12 ++++++++++- ui/ui/recharge-confirm.tpl | 1 + ui/ui/user-dashboard.tpl | 2 +- 8 files changed, 69 insertions(+), 22 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bd1a06c4..73993a94 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ - Data Tables for Customers List by @Focuslinkstech - Add Bills to Reminder +- Prevent double submit for recharge and renew ## 2024.4.3 diff --git a/system/autoload/App.php b/system/autoload/App.php index 8a5d7a3b..71f1614f 100644 --- a/system/autoload/App.php +++ b/system/autoload/App.php @@ -10,4 +10,20 @@ class App{ return true; } + public static function getToken(){ + return md5(microtime()); + } + + public static function setToken($token, $value){ + $_SESSION[$token] = $value; + } + + public static function getTokenValue($key){ + if(isset($_SESSION[$key])){ + return $_SESSION[$key]; + }else{ + return ""; + } + } + } \ No newline at end of file diff --git a/system/controllers/home.php b/system/controllers/home.php index da7cb2e9..624ec876 100644 --- a/system/controllers/home.php +++ b/system/controllers/home.php @@ -91,6 +91,10 @@ if (_post('send') == 'balance') { $ui->assign('_bills', User::_billing()); if (isset($_GET['recharge']) && !empty($_GET['recharge'])) { + if(!empty(App::getTokenValue($_GET['stoken']))){ + r2(U . "voucher/invoice/"); + die(); + } $bill = ORM::for_table('tbl_user_recharges')->where('id', $_GET['recharge'])->where('username', $user['username'])->findOne(); if ($bill) { $router = ORM::for_table('tbl_routers')->where('name', $bill['routers'])->find_one(); @@ -100,9 +104,9 @@ if (isset($_GET['recharge']) && !empty($_GET['recharge'])) { r2(U . "home", 'e', 'Plan is not exists'); } if ($user['balance'] > $plan['price']) { - r2(U . "order/pay/$router[id]/$bill[plan_id]", 'e', 'Order Plan'); + r2(U . "order/pay/$router[id]/$bill[plan_id]&stoken=".$_GET['stoken']); } else { - r2(U . "order/buy/$router[id]/$bill[plan_id]", 'e', 'Order Plan'); + r2(U . "order/buy/$router[id]/$bill[plan_id]"); } } else { r2(U . "order/buy/$router[id]/$bill[plan_id]", 'e', 'Order Plan'); diff --git a/system/controllers/order.php b/system/controllers/order.php index 7a6d199c..c8ca1fcd 100644 --- a/system/controllers/order.php +++ b/system/controllers/order.php @@ -43,10 +43,10 @@ switch ($action) { $ui->assign('_title', 'Order Plan'); $ui->assign('_system_menu', 'package'); $account_type = $user['account_type']; - if(empty($account_type)){ + if (empty($account_type)) { $account_type = 'Personal'; } - if (!empty ($_SESSION['nux-router'])) { + if (!empty($_SESSION['nux-router'])) { if ($_SESSION['nux-router'] == 'radius') { $radius_pppoe = ORM::for_table('tbl_plans')->where('plan_type', $account_type)->where('enabled', '1')->where('is_radius', 1)->where('type', 'PPPOE')->where('prepaid', 'yes')->find_many(); $radius_hotspot = ORM::for_table('tbl_plans')->where('plan_type', $account_type)->where('enabled', '1')->where('is_radius', 1)->where('type', 'Hotspot')->where('prepaid', 'yes')->find_many(); @@ -83,7 +83,7 @@ switch ($action) { run_hook('custome r_find_unpaid'); #HOOK if ($d) { - if (empty ($d['pg_url_payment'])) { + if (empty($d['pg_url_payment'])) { r2(U . "order/buy/" . $trx['routers_id'] . '/' . $trx['plan_id'], 'w', Lang::T("Checking payment")); } else { r2(U . "order/view/" . $d['id'] . '/check/', 's', Lang::T("You have unpaid transaction")); @@ -99,11 +99,11 @@ switch ($action) { ->find_one($trxid); run_hook('customer_view_payment'); #HOOK // jika tidak ditemukan, berarti punya orang lain - if (empty ($trx)) { + if (empty($trx)) { r2(U . "order/package", 'w', Lang::T("Payment not found")); } // jika url kosong, balikin ke buy, kecuali cancel - if (empty ($trx['pg_url_payment']) && $routes['3'] != 'cancel') { + if (empty($trx['pg_url_payment']) && $routes['3'] != 'cancel') { r2(U . "order/buy/" . (($trx['routers_id'] == 0) ? $trx['routers'] : $trx['routers_id']) . '/' . $trx['plan_id'], 'w', Lang::T("Checking payment")); } if ($routes['3'] == 'check') { @@ -124,7 +124,7 @@ switch ($action) { ->where('username', $user['username']) ->find_one($trxid); } - if (empty ($trx)) { + if (empty($trx)) { r2(U . "order/package", 'e', Lang::T("Transaction Not found")); } $router = Mikrotik::info($trx['routers']); @@ -144,8 +144,12 @@ switch ($action) { if ($config['enable_balance'] != 'yes') { r2(U . "order/package", 'e', Lang::T("Balance not enabled")); } + if (!empty(App::getTokenValue($_GET['stoken']))) { + r2(U . "voucher/invoice/"); + die(); + } $plan = ORM::for_table('tbl_plans')->where('enabled', '1')->find_one($routes['3']); - if (empty ($plan)) { + if (empty($plan)) { r2(U . "order/package", 'e', Lang::T("Plan Not found")); } if (!$plan['enabled']) { @@ -161,6 +165,7 @@ switch ($action) { if (Package::rechargeUser($user['id'], $router_name, $plan['id'], 'Customer', 'Balance')) { // if success, then get the balance Balance::min($user['id'], $plan['price'] + $add_cost); + App::setToken($_GET['stoken'], "success"); r2(U . "voucher/invoice/", 's', Lang::T("Success to buy package")); } else { r2(U . "order/package", 'e', Lang::T("Failed to buy package")); @@ -179,7 +184,7 @@ switch ($action) { $ui->assign('_title', Lang::T('Buy for friend')); $ui->assign('_system_menu', 'package'); $plan = ORM::for_table('tbl_plans')->find_one($routes['3']); - if (empty ($plan)) { + if (empty($plan)) { r2(U . "order/package", 'e', Lang::T("Plan Not found")); } if (!$plan['enabled']) { @@ -190,10 +195,10 @@ switch ($action) { } else { $router_name = $plan['routers']; } - if (isset ($_POST['send']) && $_POST['send'] == 'plan') { + if (isset($_POST['send']) && $_POST['send'] == 'plan') { $target = ORM::for_table('tbl_customers')->where('username', _post('username'))->find_one(); list($bills, $add_cost) = User::getBills($target['id']); - if (!empty ($add_cost)) { + if (!empty($add_cost)) { $ui->assign('bills', $bills); $ui->assign('add_cost', $add_cost); $plan['price'] += $add_cost; @@ -288,7 +293,7 @@ switch ($action) { $ui->display('user-selectGateway.tpl'); break; } else { - if (empty ($pgs[0])) { + if (empty($pgs[0])) { sendTelegram("Payment Gateway not set, please set it in Settings"); _log(Lang::T("Payment Gateway not set, please set it in Settings")); r2(U . "home", 'e', Lang::T("Failed to create Transaction..")); @@ -298,12 +303,12 @@ switch ($action) { } case 'buy': $gateway = _post('gateway'); - if (empty ($gateway) && !empty ($_SESSION['gateway'])) { + if (empty($gateway) && !empty($_SESSION['gateway'])) { $gateway = $_SESSION['gateway']; - } else if (!empty ($gateway)) { + } else if (!empty($gateway)) { $_SESSION['gateway'] = $gateway; } - if (empty ($gateway)) { + if (empty($gateway)) { r2(U . 'order/gateway/' . $routes[2] . '/' . $routes[3], 'w', Lang::T("Please select Payment Gateway")); } run_hook('customer_buy_plan'); #HOOK @@ -320,7 +325,7 @@ switch ($action) { $router['name'] = 'balance'; } $plan = ORM::for_table('tbl_plans')->where('enabled', '1')->find_one($routes['3']); - if (empty ($router) || empty ($plan)) { + if (empty($router) || empty($plan)) { r2(U . "order/package", 'e', Lang::T("Plan Not found")); } $d = ORM::for_table('tbl_payment_gateway') @@ -343,7 +348,7 @@ switch ($action) { if ($router['name'] != 'balance') { list($bills, $add_cost) = User::getBills($id_customer); } - if (empty ($id)) { + if (empty($id)) { $d = ORM::for_table('tbl_payment_gateway')->create(); $d->username = $user['username']; $d->gateway = $gateway; @@ -354,7 +359,7 @@ switch ($action) { if ($plan['validity_unit'] == 'Period') { // Postpaid price from field $add_inv = User::getAttribute("Invoice", $id_customer); - if (empty ($add_inv) or $add_inv == 0) { + if (empty($add_inv) or $add_inv == 0) { $d->price = ($plan['price'] + $add_cost); } else { $d->price = ($add_inv + $add_cost); @@ -377,7 +382,7 @@ switch ($action) { if ($plan['validity_unit'] == 'Period') { // Postpaid price from field $add_inv = User::getAttribute("Invoice", $id_customer); - if (empty ($add_inv) or $add_inv == 0) { + if (empty($add_inv) or $add_inv == 0) { $d->price = ($plan['price'] + $add_cost); } else { $d->price = ($add_inv + $add_cost); diff --git a/system/controllers/plan.php b/system/controllers/plan.php index 042a0698..d5c73fa1 100644 --- a/system/controllers/plan.php +++ b/system/controllers/plan.php @@ -147,6 +147,15 @@ switch ($action) { $server = _post('server'); $planId = _post('plan'); $using = _post('using'); + $stoken = _post('stoken'); + + if(!empty(App::getTokenValue($stoken))){ + $username = App::getTokenValue($stoken); + $in = ORM::for_table('tbl_transactions')->where('username', $username)->order_by_desc('id')->find_one(); + Package::createInvoice($in); + $ui->display('invoice.tpl'); + die(); + } $msg = ''; if ($id_customer == '' or $server == '' or $planId == '' or $using == '') { @@ -182,6 +191,7 @@ switch ($action) { } $in = ORM::for_table('tbl_transactions')->where('username', $cust['username'])->order_by_desc('id')->find_one(); Package::createInvoice($in); + App::setToken($stoken, $cust['username']); $ui->display('invoice.tpl'); _log('[' . $admin['username'] . ']: ' . 'Recharge ' . $cust['username'] . ' [' . $in['plan_name'] . '][' . Lang::moneyFormat($in['price']) . ']', $admin['user_type'], $admin['id']); } else { diff --git a/system/lan/indonesia.json b/system/lan/indonesia.json index 6f5e6d5d..e1dfdb51 100644 --- a/system/lan/indonesia.json +++ b/system/lan/indonesia.json @@ -410,5 +410,15 @@ "Contact": "Kontak", "Paid": "Dibayar", "Personal": "Pribadi", - "Coordinates": "Koordinat" + "Coordinates": "Koordinat", + "Confirm": "Mengonfirmasi", + "Name": "Nama", + "Plan": "Paket", + "Using": "Menggunakan", + "Total": "Total", + "Additional_Cost": "Biaya tambahan", + "Resend": "Kirim ulang", + "Login": "Masuk", + "success": "Sukses", + "Click_Here": "Klik disini" } \ No newline at end of file diff --git a/ui/ui/recharge-confirm.tpl b/ui/ui/recharge-confirm.tpl index c1c5aaf3..e4c987ab 100644 --- a/ui/ui/recharge-confirm.tpl +++ b/ui/ui/recharge-confirm.tpl @@ -81,6 +81,7 @@ +

{Lang::T('Cancel')} diff --git a/ui/ui/user-dashboard.tpl b/ui/ui/user-dashboard.tpl index b6a9a27a..daaa9b99 100644 --- a/ui/ui/user-dashboard.tpl +++ b/ui/ui/user-dashboard.tpl @@ -183,7 +183,7 @@ {/if} - {Lang::T('Recharge')}