Skip to content

Commit f0c2ff9

Browse files
callcenter-magnuscallcenter-magnus
committed
ensure the ID is int vall
1 parent 83e2f61 commit f0c2ff9

File tree

2,039 files changed

+700
-821411
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

2,039 files changed

+700
-821411
lines changed

protected/commands/BDServiceCommand.php

Lines changed: 38 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
<?php
2+
23
/**
34
* =======================================
45
* ###################################
@@ -26,7 +27,7 @@ public function run($args)
2627
define('LOGFILE', 'protected/runtime/BDServicePid.log');
2728
define('DEBUG', 0);
2829

29-
if ( ! defined('PID')) {
30+
if (! defined('PID')) {
3031
define("PID", "/var/run/magnus/BDServicePid.php");
3132
}
3233

@@ -41,7 +42,6 @@ public function run($args)
4142
$this->tanaSend();
4243

4344
$this->ezzeapi();
44-
4545
}
4646

4747
public function tanaSend()
@@ -60,15 +60,17 @@ public function tanaSend()
6060

6161
foreach ($modelSendCreditSummary as $key => $sendCredit) {
6262
$url = "http://takasend.org/ezzeapi/status?id=" . $sendCredit->id . "&user=" . $userBD . "&key=" . $keyBD . "";
63-
if ( ! $result = @file_get_contents($url, false)) {
63+
if (! $result = @file_get_contents($url, false)) {
6464
$result = '';
6565
}
6666
echo $result . " $sendCredit->id \n";
67-
$modelRefill = Refill::model()->find('invoice_number = :key AND id_user = :key1',
67+
$modelRefill = Refill::model()->find(
68+
'invoice_number = :key AND id_user = :key1',
6869
[
6970
':key' => $sendCredit->id,
7071
':key1' => $sendCredit->id_user,
71-
]);
72+
]
73+
);
7274

7375
if (preg_match("/ERROR|CANCELLED/", strtoupper($result))) {
7476

@@ -84,49 +86,43 @@ public function tanaSend()
8486
try {
8587
$modelRefill->save();
8688
} catch (Exception $e) {
87-
8889
}
8990

90-
$modelUser = User::model()->findByPk($sendCredit->id_user);
91+
$modelUser = User::model()->findByPk((int) $sendCredit->id_user);
9192
$modelUser->credit = $modelUser->credit + ($modelRefill->credit * -1);
9293
try {
9394
$modelUser->save();
9495
} catch (Exception $e) {
95-
9696
}
9797

9898
if ($modelUser->id_user > 1) {
9999
echo "is agent \n";
100100
$id_agent = $modelUser->id_user;
101-
$modelRefillAgent = Refill::model()->find('invoice_number = :key AND id_user = :key1',
101+
$modelRefillAgent = Refill::model()->find(
102+
'invoice_number = :key AND id_user = :key1',
102103
[
103104
':key' => $sendCredit->id,
104105
':key1' => $id_agent,
105-
]);
106+
]
107+
);
106108

107109
if (isset($modelRefillAgent->id)) {
108110
$modelRefillAgent->description = $modelRefillAgent->description . '. Status: ' . $result[0] . '. Ref:' . $result[1];
109111
$modelRefillAgent->payment = 0;
110112
try {
111113
$modelRefillAgent->save();
112114
} catch (Exception $e) {
113-
114115
}
115116

116-
$modelUser = User::model()->findByPk($id_agent);
117+
$modelUser = User::model()->findByPk((int) $id_agent);
117118
$modelUser->credit = $modelUser->credit + ($modelRefillAgent->credit * -1);
118119
try {
119120
$modelUser->save();
120121
} catch (Exception $e) {
121-
122122
}
123-
124123
}
125-
126124
}
127-
128125
}
129-
130126
} else if (preg_match("/SUCCESS|COMPLETED|ERROR/", $result)) {
131127

132128
$result = explode(':', $result);
@@ -141,33 +137,29 @@ public function tanaSend()
141137
try {
142138
$modelRefill->save();
143139
} catch (Exception $e) {
144-
145140
}
146-
$modelUser = User::model()->findByPk($sendCredit->id_user);
141+
$modelUser = User::model()->findByPk((int) $sendCredit->id_user);
147142
if ($modelUser->id_user > 1) {
148143
echo "is agent \n";
149144
$id_agent = $modelUser->id_user;
150-
$modelRefillAgent = Refill::model()->find('invoice_number = :key AND id_user = :key1',
145+
$modelRefillAgent = Refill::model()->find(
146+
'invoice_number = :key AND id_user = :key1',
151147
[
152148
':key' => $sendCredit->id,
153149
':key1' => $id_agent,
154-
]);
150+
]
151+
);
155152

156153
$modelRefillAgent->description = @$modelRefillAgent->description . '. Status: ' . $result[0] . '. Ref:' . $result[1];
157154
$modelRefillAgent->payment = 1;
158155
try {
159156
$modelRefillAgent->save();
160157
} catch (Exception $e) {
161-
162158
}
163-
164159
}
165160
}
166-
167161
}
168-
169162
}
170-
171163
}
172164
public function ezzeapi()
173165
{
@@ -184,12 +176,15 @@ public function ezzeapi()
184176
$BDService_url = $config['global']['BDService_url'];
185177

186178
$url = $BDService_url . "/ezzeapi/balance?user=$userBD&key=$keyBD";
187-
if ( ! $result = @file_get_contents($url, false)) {
179+
if (! $result = @file_get_contents($url, false)) {
188180
$result = '';
189181
}
190182

191-
Configuration::model()->updateAll(['config_value' => $result], 'config_key = :key',
192-
[':key' => 'BDService_credit_provider']);
183+
Configuration::model()->updateAll(
184+
['config_value' => $result],
185+
'config_key = :key',
186+
[':key' => 'BDService_credit_provider']
187+
);
193188

194189
$modelSendCreditSummary = SendCreditSummary::model()->findAll('confirmed = 0 AND service != :key AND date > :key1 ', [
195190
':key' => 'international',
@@ -202,25 +197,28 @@ public function ezzeapi()
202197

203198
$url = $BDService_url . "/ezzeapi/status?id=" . $idApi . "&user=" . $userBD . "&key=" . $keyBD;
204199

205-
if ( ! $result = @file_get_contents($url, false)) {
200+
if (! $result = @file_get_contents($url, false)) {
206201
$result = '';
207202
}
208203

209204
print_r($result);
210205

211206
if (preg_match("/SUCCESS/", $result)) {
212207

213-
$modelRefill = Refill::model()->find('invoice_number = :key AND id_user = :key1',
208+
$modelRefill = Refill::model()->find(
209+
'invoice_number = :key AND id_user = :key1',
214210
[
215211
':key' => $sendCredit->id,
216212
':key1' => $sendCredit->id_user,
217-
]);
213+
]
214+
);
218215

219-
if ( ! isset($modelRefill->id)) {
216+
if (! isset($modelRefill->id)) {
220217
continue;
221218
}
222219
$message = explode("SUCCESS: ", $result);
223-
User::model()->updateByPk($sendCredit->id_user,
220+
User::model()->updateByPk(
221+
$sendCredit->id_user,
224222
[
225223
'credit' => new CDbExpression('credit + ' . $modelRefill->credit),
226224
]
@@ -237,13 +235,16 @@ public function ezzeapi()
237235

238236
echo "\n\nIS A USER AGENT" . $sendCredit->idUser->id_user;
239237

240-
$modelRefill = Refill::model()->find('invoice_number = :key AND id_user = :key1',
238+
$modelRefill = Refill::model()->find(
239+
'invoice_number = :key AND id_user = :key1',
241240
[
242241
':key' => $sendCredit->id,
243242
':key1' => $sendCredit->idUser->id_user,
244-
]);
243+
]
244+
);
245245

246-
User::model()->updateByPk($sendCredit->idUser->id_user,
246+
User::model()->updateByPk(
247+
$sendCredit->idUser->id_user,
247248
[
248249
'credit' => new CDbExpression('credit + ' . $modelRefill->credit),
249250
]
@@ -252,7 +253,6 @@ public function ezzeapi()
252253
$modelRefill->payment = 1;
253254
$modelRefill->description = $modelRefill->description . '. Ref: ' . $message[1];
254255
$modelRefill->save();
255-
256256
}
257257
} else if (preg_match("/ERROR|CANCELLED/", $result)) {
258258

@@ -266,6 +266,5 @@ public function ezzeapi()
266266
}
267267
}
268268
}
269-
270269
}
271270
}

protected/commands/DidwwwCommand.php

Lines changed: 16 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
<?php
2+
23
/**
34
* =======================================
45
* ###################################
@@ -31,7 +32,7 @@ public function run($args)
3132
foreach ($modelDid as $key => $did) {
3233

3334
$order_id = explode('=', $did->description);
34-
if ( ! isset($order_id[1])) {
35+
if (! isset($order_id[1])) {
3536
continue;
3637
}
3738

@@ -92,18 +93,26 @@ public function run($args)
9293
if ($priceDid > 0) // se tiver custo
9394
{
9495

95-
$modelUser = User::model()->findByPk($did->id_user);
96+
$modelUser = User::model()->findByPk((int) $did->id_user);
9697

9798
if ($modelUser->id_user == 1) //se for cliente do master
9899
{
99100
//adiciona a recarga e pagamento do custo de ativaçao
100101
if ($did->connection_charge > 0) {
101-
UserCreditManager::releaseUserCredit($model->id_user, $did->connection_charge,
102-
Yii::t('zii', 'Activation DID') . ' ' . $did->did, 0);
102+
UserCreditManager::releaseUserCredit(
103+
$model->id_user,
104+
$did->connection_charge,
105+
Yii::t('zii', 'Activation DID') . ' ' . $did->did,
106+
0
107+
);
103108
}
104109

105-
UserCreditManager::releaseUserCredit($did->id_user, $did->fixrate,
106-
Yii::t('zii', 'Monthly payment DID') . ' ' . $did->did, 0);
110+
UserCreditManager::releaseUserCredit(
111+
$did->id_user,
112+
$did->fixrate,
113+
Yii::t('zii', 'Monthly payment DID') . ' ' . $did->did,
114+
0
115+
);
107116

108117
$mail = new Mail(Mail::$TYPE_DID_CONFIRMATION, $did->id_user);
109118
$mail->replaceInEmail(Mail::$BALANCE_REMAINING_KEY, $modelUser->credit);
@@ -112,7 +121,7 @@ public function run($args)
112121
$mail->send();
113122
} else {
114123
//charge the agent
115-
$modelUser = User::model()->findByPk($modelUser->id_user);
124+
$modelUser = User::model()->findByPk((int) $modelUser->id_user);
116125
$modelUser->credit = $modelUser->credit - $priceDid;
117126
$modelUser->save();
118127
}
@@ -125,8 +134,6 @@ public function run($args)
125134
} else {
126135
echo "order to DID $did->did is not completd yet \n";
127136
}
128-
129137
}
130-
131138
}
132139
}

protected/commands/UpdateMysqlCommand.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2095,7 +2095,7 @@ public function run($args)
20952095
$sql = "ALTER TABLE pkg_firewall ADD UNIQUE KEY ipperserver (ip, id_server);";
20962096
$this->executeDB($sql);
20972097

2098-
exec("echo '\n*/2 * * * * root php /var/www/html/mbilling/cron.php failtwobanip' >> /etc/crontab");
2098+
exec("echo '\n*/2 * * * * root flock -n /tmp/importcdr.lock php /var/www/html/mbilling/cron.php failtwobanip' >> /etc/crontab");
20992099
exec("sed -i 's/ssh-iptables/sshd/g' /etc/fail2ban/jail.local");
21002100
exec("systemctl restart fail2ban");
21012101

protected/commands/update.sh

Lines changed: 43 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -61,29 +61,52 @@ rm -rf /var/www/html/mbilling/doc
6161
rm -rf /var/www/html/mbilling/script
6262
rm -rf /var/www/html/mbilling/assets/*
6363
## set default permissions
64+
65+
chown -R root:root /var/www/html/mbilling
66+
find /var/www/html/mbilling -type d -exec chmod 755 {} \;
67+
find /var/www/html/mbilling -type f -exec chmod 644 {} \;
68+
69+
for d in protected/runtime assets tmp resources/reports resources/images; do
70+
mkdir -p "/var/www/html/mbilling/$d"
71+
chown -R asterisk:asterisk "/var/www/html/mbilling/$d"
72+
find "/var/www/html/mbilling/$d" -type d -exec chmod 750 {} \;
73+
find "/var/www/html/mbilling/$d" -type f -exec chmod 640 {} \;
74+
done
75+
76+
for d in assets tmp protected/runtime resources/reports resources/images; do
77+
cat > "/var/www/html/mbilling/$d/.htaccess" <<'EOF'
78+
<FilesMatch "\.(php|phtml|phar)$">
79+
Require all denied
80+
</FilesMatch>
81+
# Se estiver usando mod_php, isto ajuda extra:
82+
<IfModule mod_php7.c>
83+
php_flag engine off
84+
</IfModule>
85+
<IfModule mod_php8.c>
86+
php_flag engine off
87+
</IfModule>
88+
EOF
89+
done
90+
91+
chmod +x /var/www/html/mbilling/protected/commands/*.sh
92+
chmod +x /var/www/html/mbilling/protected/commands/clear_memory
6493
touch /etc/asterisk/extensions_magnus_did.conf
6594
chown -R asterisk:asterisk /var/lib/php/session*
6695
chown -R asterisk:asterisk /var/spool/asterisk/outgoing/
6796
chown -R asterisk:asterisk /etc/asterisk
68-
chown -R asterisk:asterisk /var/www/html/mbilling
6997
chown -R asterisk:asterisk /var/lib/asterisk/moh/
7098
chown -R asterisk:asterisk /var/lib/asterisk/sounds/
7199
mkdir -p /usr/local/src/magnus
72-
rm -rf /var/www/html/mbilling/tmp
73-
mkdir -p /var/www/html/mbilling/tmp
74-
chown -R asterisk:asterisk /var/www/html/mbilling/tmp
75100
chown -R asterisk:asterisk /var/run/magnus/
76101
chown -R root:root /root
77102
chown -R mysql:mysql /var/lib/mysql
78103
chmod -R 1777 /tmp
79104
chmod -R 755 /usr/local/src/magnus
80-
chmod -R 555 /var/www/html/mbilling/
81-
chmod -R 700 /var/www/html/mbilling/resources/reports
82-
chmod -R 774 /var/www/html/mbilling/protected/runtime/
83-
chmod 774 /var/www/html/mbilling/resources/ip.blacklist
84-
chmod -R 755 /var/www/html/mbilling/tmp
85-
chmod -R 700 /var/www/html/mbilling/assets
86-
chmod -R 700 /var/www/html/mbilling/resources/images
105+
106+
107+
rm -rf /var/www/html/mbilling/tmp
108+
mkdir -p /var/www/html/mbilling/tmp
109+
87110
echo 'Options -Indexes
88111
Order Deny,Allow
89112
Deny from all
@@ -95,6 +118,15 @@ Deny from all
95118
chmod +x /var/www/html/mbilling/resources/asterisk/mbilling.php
96119
sed -i "s/AllowOverride None/AllowOverride All/" ${HTTP_CONFIG}
97120
systemctl reload ${SERVICE}
121+
122+
123+
sed -i.bak -E "s/^[[:space:]]*secure[-_]file[-_]priv[[:space:]]*=[[:space:]]*.*$/secure_file_priv = \/var\/lib\/mysql-files/" "$MYSQL_CONFIG"
124+
125+
mkdir /var/lib/mysql-files
126+
chown root:root /var/lib/mysql-files
127+
chmod 755 /var/lib/mysql-files
128+
129+
98130
/var/www/html/mbilling/protected/commands/clear_memory
99131
if [[ -e /var/www/html/mbilling/resources/images/lock-screen-background.jpg ]]; then
100132
for color in black blue gray orange purple red yellow green

0 commit comments

Comments
 (0)