From 01c2808e43e5cc005173795012e7bfb3a7274c8e Mon Sep 17 00:00:00 2001
From: Taukir Ahmed <73280535+taukir007@users.noreply.github.com>
Date: Fri, 25 Oct 2024 14:51:01 +0600
Subject: [PATCH 1/6] Enhance registration process with OTP verification

- Separate username and phone number handling
- Improve Phone Number validation and handling
- Stop changes to the registration form when the wrong password is entered
- Enhance error messages for better user experience
---
 system/controllers/register.php | 62 ++++++++++++++++++++-------------
 1 file changed, 38 insertions(+), 24 deletions(-)

diff --git a/system/controllers/register.php b/system/controllers/register.php
index 01f09584..9d5bce14 100644
--- a/system/controllers/register.php
+++ b/system/controllers/register.php
@@ -22,12 +22,14 @@ switch ($do) {
         $password = _post('password');
         $cpassword = _post('cpassword');
         $address = _post('address');
+        
+        // Separate phone number input if OTP is required
         if (!empty($config['sms_url']) && $_c['sms_otp_registration'] == 'yes') {
-            $phonenumber = Lang::phoneFormat($username);
-            $username = $phonenumber;
-        } else if (strlen($username) < 21) {
-            $phonenumber = $username;
+            $phone_number = alphanumeric(_post('phone_number'), "+_.@-");
+        } else {
+            $phone_number = $username; // When OTP is not required, treat username as phone number
         }
+
         $msg = '';
         if (Validator::Length($username, 35, 2) == false) {
             $msg .= 'Username should be between 3 to 55 characters' . '<br>';
@@ -45,10 +47,11 @@ switch ($do) {
             $msg .= Lang::T('Passwords does not match') . '<br>';
         }
 
+        // OTP verification if OTP is enabled
         if (!empty($config['sms_url']) && $_c['sms_otp_registration'] == 'yes') {
-            $otpPath .= sha1($username . $db_pass) . ".txt";
+            $otpPath .= sha1($phone_number . $db_pass) . ".txt";
             run_hook('validate_otp'); #HOOK
-            //expired 10 minutes
+            // Expire after 10 minutes
             if (file_exists($otpPath) && time() - filemtime($otpPath) > 1200) {
                 unlink($otpPath);
                 r2(U . 'register', 's', 'Verification code expired');
@@ -59,7 +62,7 @@ switch ($do) {
                     $ui->assign('fullname', $fullname);
                     $ui->assign('address', $address);
                     $ui->assign('email', $email);
-                    $ui->assign('phonenumber', $phonenumber);
+                    $ui->assign('phone_number', $phone_number);
                     $ui->assign('notify', 'Wrong Verification code');
                     $ui->assign('notify_t', 'd');
                     $ui->assign('_title', Lang::T('Register'));
@@ -72,10 +75,13 @@ switch ($do) {
                 r2(U . 'register', 's', 'No Verification code');
             }
         }
+
+        // Check if username already exists
         $d = ORM::for_table('tbl_customers')->where('username', $username)->find_one();
         if ($d) {
-            $msg .= Lang::T('Account already axist') . '<br>';
+            $msg .= Lang::T('Account already exists') . '<br>';
         }
+        
         if ($msg == '') {
             run_hook('register_user'); #HOOK
             $d = ORM::for_table('tbl_customers')->create();
@@ -84,7 +90,7 @@ switch ($do) {
             $d->fullname = $fullname;
             $d->address = $address;
             $d->email = $email;
-            $d->phonenumber = $phonenumber;
+            $d->phonenumber = $phone_number;
             if ($d->save()) {
                 $user = $d->id();
                 r2(U . 'login', 's', Lang::T('Register Success! You can login now'));
@@ -93,7 +99,7 @@ switch ($do) {
                 $ui->assign('fullname', $fullname);
                 $ui->assign('address', $address);
                 $ui->assign('email', $email);
-                $ui->assign('phonenumber', $phonenumber);
+                $ui->assign('phone_number', $phone_number);
                 $ui->assign('notify', 'Failed to register');
                 $ui->assign('notify_t', 'd');
                 $ui->assign('_title', Lang::T('Register'));
@@ -105,30 +111,36 @@ switch ($do) {
             $ui->assign('fullname', $fullname);
             $ui->assign('address', $address);
             $ui->assign('email', $email);
-            $ui->assign('phonenumber', $phonenumber);
+            $ui->assign('phone_number', $phone_number);
             $ui->assign('notify', $msg);
             $ui->assign('notify_t', 'd');
             $ui->assign('_title', Lang::T('Register'));
-            $ui->display('customer/register.tpl');
+            // Check if OTP is enabled
+            if (!empty($config['sms_url']) && $_c['sms_otp_registration'] == 'yes') {
+                // Display register-otp.tpl if OTP is enabled
+                $ui->display('customer/register-otp.tpl');
+            } else {
+                // Display register.tpl if OTP is not enabled
+                $ui->display('customer/register.tpl');
+            }
         }
         break;
 
     default:
         if (!empty($config['sms_url']) && $_c['sms_otp_registration'] == 'yes') {
-            $username = _post('username');
-            if (!empty($username)) {
-                $d = ORM::for_table('tbl_customers')->where('username', $username)->find_one();
+            $phone_number = _post('phone_number');
+            if (!empty($phone_number)) {
+                $d = ORM::for_table('tbl_customers')->where('username', $phone_number)->find_one();
                 if ($d) {
-                    r2(U . 'register', 's', Lang::T('Account already axist'));
+                    r2(U . 'register', 's', Lang::T('Account already exists'));
                 }
                 if (!file_exists($otpPath)) {
                     mkdir($otpPath);
                     touch($otpPath . 'index.html');
                 }
-                $otpPath .= sha1($username . $db_pass) . ".txt";
-                //expired 10 minutes
+                $otpPath .= sha1($phone_number . $db_pass) . ".txt";
                 if (file_exists($otpPath) && time() - filemtime($otpPath) < 600) {
-                    $ui->assign('username', $username);
+                    $ui->assign('phone_number', $phone_number);
                     $ui->assign('notify', 'Please wait ' . (600 - (time() - filemtime($otpPath))) . ' seconds before sending another SMS');
                     $ui->assign('notify_t', 'd');
                     $ui->assign('_title', Lang::T('Register'));
@@ -137,14 +149,14 @@ switch ($do) {
                     $otp = rand(100000, 999999);
                     file_put_contents($otpPath, $otp);
                     if($config['phone_otp_type'] == 'whatsapp'){
-                        Message::sendWhatsapp($username, $config['CompanyName'] . "\n\n".Lang::T("Registration code")."\n$otp");
+                        Message::sendWhatsapp($phone_number, $config['CompanyName'] . "\n\n".Lang::T("Registration code")."\n$otp");
                     }else if($config['phone_otp_type'] == 'both'){
-                        Message::sendWhatsapp($username, $config['CompanyName'] . "\n\n".Lang::T("Registration code")."\n$otp");
-                        Message::sendSMS($username, $config['CompanyName'] . "\n\n".Lang::T("Registration code")."\n$otp");
+                        Message::sendWhatsapp($phone_number, $config['CompanyName'] . "\n\n".Lang::T("Registration code")."\n$otp");
+                        Message::sendSMS($phone_number, $config['CompanyName'] . "\n\n".Lang::T("Registration code")."\n$otp");
                     }else{
-                        Message::sendSMS($username, $config['CompanyName'] . "\n\n".Lang::T("Registration code")."\n$otp");
+                        Message::sendSMS($phone_number, $config['CompanyName'] . "\n\n".Lang::T("Registration code")."\n$otp");
                     }
-                    $ui->assign('username', $username);
+                    $ui->assign('phone_number', $phone_number);
                     $ui->assign('notify', 'Registration code has been sent to your phone');
                     $ui->assign('notify_t', 's');
                     $ui->assign('_title', Lang::T('Register'));
@@ -167,3 +179,5 @@ switch ($do) {
         }
         break;
 }
+
+?>

From 00081d40e53889788fabee75ccb7b89111988f89 Mon Sep 17 00:00:00 2001
From: Taukir Ahmed <73280535+taukir007@users.noreply.github.com>
Date: Fri, 25 Oct 2024 14:58:02 +0600
Subject: [PATCH 2/6] Update registration form

- Change input name from 'username' to 'phone_number'
- Add inputmode and pattern attributes for better validation
---
 ui/ui/customer/register-rotp.tpl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ui/ui/customer/register-rotp.tpl b/ui/ui/customer/register-rotp.tpl
index 2f4774f3..c166cc48 100644
--- a/ui/ui/customer/register-rotp.tpl
+++ b/ui/ui/customer/register-rotp.tpl
@@ -25,8 +25,8 @@
                         <div class="input-group">
                             <span class="input-group-addon" id="basic-addon1"><i
                                         class="glyphicon glyphicon-phone-alt"></i></span>
-                            <input type="text" class="form-control" name="username"
-                                placeholder="{if $_c['country_code_phone']!= '' || $_c['registration_username'] == 'phone'}{$_c['country_code_phone']} {Lang::T('Phone Number')}{else}{Lang::T('Phone Number')}{/if}">
+                            <input type="text" class="form-control" name="phone_number"
+                                placeholder="{if $_c['country_code_phone']!= '' || $_c['registration_username'] == 'phone'}{$_c['country_code_phone']} {Lang::T('Phone Number')}{else}{Lang::T('Phone Number')}{/if}"inputmode="numeric" pattern="[0-9]*">
                         </div>
                     </div>
                     <div class="btn-group btn-group-justified mb15">
@@ -49,4 +49,4 @@
     </form>
 </div>
 
-{include file="customer/footer-public.tpl"}
\ No newline at end of file
+{include file="customer/footer-public.tpl"}

From 0df7027851e1947a44944a9dba2c1d5ab011dfb6 Mon Sep 17 00:00:00 2001
From: Taukir Ahmed <73280535+taukir007@users.noreply.github.com>
Date: Fri, 25 Oct 2024 15:01:14 +0600
Subject: [PATCH 3/6] Refactor registration form: Separate username and phone
 number fields

- Changed the phone number input field to be readonly and renamed it to 'phone_number'.
- Introduced a new input field for 'username' in the registration section.
- Adjusted the panel headings and layout for clarity and consistency.
---
 ui/ui/customer/register-otp.tpl | 46 ++++++++-------------------------
 1 file changed, 11 insertions(+), 35 deletions(-)

diff --git a/ui/ui/customer/register-otp.tpl b/ui/ui/customer/register-otp.tpl
index 6aff70ad..649c2010 100644
--- a/ui/ui/customer/register-otp.tpl
+++ b/ui/ui/customer/register-otp.tpl
@@ -16,12 +16,13 @@
                 <div class="panel-heading">1. {Lang::T('Register as Member')}</div>
                 <div class="panel-body">
                     <div class="form-container">
+                        <!-- Phone Number Field -->
                         <div class="form-group">
                             <label>{Lang::T('Phone Number')}</label>
                             <div class="input-group">
                                 <span class="input-group-addon" id="basic-addon1"><i
                                             class="glyphicon glyphicon-phone-alt"></i></span>
-                                <input type="text" class="form-control" name="username" value="{$username}"
+                                <input type="text" class="form-control" name="phone_number" value="{$phone_number}" readonly
                                     placeholder="{if $_c['country_code_phone']!= '' || $_c['registration_username'] == 'phone'}{$_c['country_code_phone']} {Lang::T('Phone Number')}{else}{Lang::T('Phone Number')}{/if}">
                             </div>
                         </div>
@@ -50,9 +51,15 @@
         </div>
         <div class="col-md-4">
             <div class="panel panel-primary">
-                <div class="panel-heading">2. {Lang::T('Password')}</div>
+                <div class="panel-heading">2. {Lang::T('Username & Password')}</div>
                 <div class="panel-body">
                     <div class="form-container">
+                        <!-- Username Field -->
+                        <div class="form-group">
+                            <label>{Lang::T('Username')}</label>
+                            <input type="text" required class="form-control" id="username" name="username" placeholder="{Lang::T('Choose a Username')}">
+                        </div>
+                        <!-- Password Fields -->
                         <div class="form-group">
                             <label>{Lang::T('Password')}</label>
                             <input type="password" required class="form-control" id="password" name="password">
@@ -82,36 +89,5 @@
     </form>
 </div>
 
-<!-- Modal -->
-<div class="modal fade" id="HTMLModal" tabindex="-1" role="dialog">
-    <div class="modal-dialog">
-        <div class="modal-content">
-            <div class="modal-header">
-                <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span
-                        aria-hidden="true">&times;</span></button>
-            </div>
-            <div class="modal-body" id="HTMLModal_konten"></div>
-            <div class="modal-footer">
-                <button type="button" class="btn btn-default" data-dismiss="modal">&times;</button>
-            </div>
-        </div>
-    </div>
-</div>
-{if $_c['tawkto'] != ''}
-    <!--Start of Tawk.to Script-->
-    <script type="text/javascript">
-        var Tawk_API = Tawk_API || {},
-            Tawk_LoadStart = new Date();
-        (function() {
-            var s1 = document.createElement("script"),
-                s0 = document.getElementsByTagName("script")[0];
-            s1.async = true;
-            s1.src='https://embed.tawk.to/{$_c['tawkto']}';
-            s1.charset = 'UTF-8';
-            s1.setAttribute('crossorigin', '*');
-            s0.parentNode.insertBefore(s1, s0);
-        })();
-    </script>
-    <!--End of Tawk.to Script-->
-{/if}
-{include file="customer/footer-public.tpl"}
\ No newline at end of file
+<!-- Modal and Footer Code -->
+{include file="customer/footer-public.tpl"}

From d5c2c72a7446cd558b2ad602341c277ee35094e4 Mon Sep 17 00:00:00 2001
From: Taukir Ahmed <73280535+taukir007@users.noreply.github.com>
Date: Fri, 25 Oct 2024 15:03:28 +0600
Subject: [PATCH 4/6] Update register-otp.tpl

---
 ui/ui/customer/register-otp.tpl | 34 ++++++++++++++++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/ui/ui/customer/register-otp.tpl b/ui/ui/customer/register-otp.tpl
index 649c2010..02cb032f 100644
--- a/ui/ui/customer/register-otp.tpl
+++ b/ui/ui/customer/register-otp.tpl
@@ -89,5 +89,37 @@
     </form>
 </div>
 
-<!-- Modal and Footer Code -->
+<!-- Modal -->
+<div class="modal fade" id="HTMLModal" tabindex="-1" role="dialog">
+    <div class="modal-dialog">
+        <div class="modal-content">
+            <div class="modal-header">
+                <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span
+                        aria-hidden="true">&times;</span></button>
+            </div>
+            <div class="modal-body" id="HTMLModal_konten"></div>
+            <div class="modal-footer">
+                <button type="button" class="btn btn-default" data-dismiss="modal">&times;</button>
+            </div>
+        </div>
+    </div>
+</div>
+{if $_c['tawkto'] != ''}
+    <!--Start of Tawk.to Script-->
+    <script type="text/javascript">
+        var Tawk_API = Tawk_API || {},
+            Tawk_LoadStart = new Date();
+        (function() {
+            var s1 = document.createElement("script"),
+                s0 = document.getElementsByTagName("script")[0];
+            s1.async = true;
+            s1.src='https://embed.tawk.to/{$_c['tawkto']}';
+            s1.charset = 'UTF-8';
+            s1.setAttribute('crossorigin', '*');
+            s0.parentNode.insertBefore(s1, s0);
+        })();
+    </script>
+    <!--End of Tawk.to Script-->
+{/if}
+
 {include file="customer/footer-public.tpl"}

From 8e41749cd4062acd176f1390093af3dd10324704 Mon Sep 17 00:00:00 2001
From: iBNu Maksum <me@ibnux.net>
Date: Sat, 26 Oct 2024 19:15:28 +0700
Subject: [PATCH 5/6] fix error message

---
 system/autoload/Package.php | 2 +-
 system/lan/english.json     | 4 +++-
 ui/ui/app-settings.tpl      | 4 ++--
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/system/autoload/Package.php b/system/autoload/Package.php
index 456dc0b1..3b2547db 100644
--- a/system/autoload/Package.php
+++ b/system/autoload/Package.php
@@ -77,7 +77,7 @@ class Package
                 r2(U . 'home', 'e', Lang::T('Plan Not found'));
             }
             if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
-                r2(U . 'dashboard', 'e', Lang::T('Plan Not found'));
+                r2(U . 'dashboard', 'e', Lang::T('You do not have permission to access this page'));
             }
         }
 
diff --git a/system/lan/english.json b/system/lan/english.json
index 17775281..f84c4a4c 100644
--- a/system/lan/english.json
+++ b/system/lan/english.json
@@ -875,5 +875,7 @@
     "will_be_replaced_with_Customer_password": "will be replaced with Customer password",
     "will_be_replaced_with_Customer_Portal_URL": "will be replaced with Customer Portal URL",
     "will_be_replaced_with_Company_Name": "will be replaced with Company Name",
-    "Token_has_expired__Please_log_in_again_": "Token has expired. Please log in again."
+    "Token_has_expired__Please_log_in_again_": "Token has expired. Please log in again.",
+    "Minute": "Minute",
+    "Hour": "Hour"
 }
\ No newline at end of file
diff --git a/ui/ui/app-settings.tpl b/ui/ui/app-settings.tpl
index dcda7509..a2038d83 100644
--- a/ui/ui/app-settings.tpl
+++ b/ui/ui/app-settings.tpl
@@ -258,8 +258,8 @@
     </div>
 </form>
 
-<form class="form-horizontal" method="post" role="form" action="{$_url}settings/app-post" enctype="multipart/form-data"> 
-    <input type="hidden" name="csrf_token" value="{$csrf_token}">   
+<form class="form-horizontal" method="post" role="form" action="{$_url}settings/app-post" enctype="multipart/form-data">
+    <input type="hidden" name="csrf_token" value="{$csrf_token}">
     <div class="panel">
         <div class="panel-heading" role="tab" id="Voucher">
             <h4 class="panel-title">

From 08b2e16e73c6b1c6a949a1e5e8ad6707a9437d75 Mon Sep 17 00:00:00 2001
From: iBNu Maksum <me@ibnux.net>
Date: Sat, 26 Oct 2024 19:22:35 +0700
Subject: [PATCH 6/6] fix footer set language

---
 system/lan/english.json   |   3 +-
 ui/ui/customer/footer.tpl | 108 +++++++++++++++++++-------------------
 2 files changed, 56 insertions(+), 55 deletions(-)

diff --git a/system/lan/english.json b/system/lan/english.json
index f84c4a4c..c1843a6c 100644
--- a/system/lan/english.json
+++ b/system/lan/english.json
@@ -877,5 +877,6 @@
     "will_be_replaced_with_Company_Name": "will be replaced with Company Name",
     "Token_has_expired__Please_log_in_again_": "Token has expired. Please log in again.",
     "Minute": "Minute",
-    "Hour": "Hour"
+    "Hour": "Hour",
+    "Failed_to_connect_to_device": "Failed to connect to device"
 }
\ No newline at end of file
diff --git a/ui/ui/customer/footer.tpl b/ui/ui/customer/footer.tpl
index 95dacf50..73f62e33 100644
--- a/ui/ui/customer/footer.tpl
+++ b/ui/ui/customer/footer.tpl
@@ -79,7 +79,8 @@
                     }, function(error) {});
                 }
             };
-            var Tawk_LoadStart = new Date();Tawk_API.visitor = {
+            var Tawk_LoadStart = new Date();
+            Tawk_API.visitor = {
                 name : '{$_user['fullname']}',
                 email : '{$_user['email']}',
                 userId: '{$_user['id']}'
@@ -128,70 +129,69 @@
     </script>
 
 
-                        {literal}
-        <script>
-            var listAtts = document.querySelectorAll(`[api-get-text]`);
-            listAtts.forEach(function(el) {
-                $.get(el.getAttribute('api-get-text'), function(data) {
-                    el.innerHTML = data;
-                });
+{literal}
+    <script>
+        var listAtts = document.querySelectorAll(`[api-get-text]`);
+        listAtts.forEach(function(el) {
+            $.get(el.getAttribute('api-get-text'), function(data) {
+                el.innerHTML = data;
             });
-            $(document).ready(function() {
-                var listAtts = document.querySelectorAll(`button[type="submit"]`);
-                listAtts.forEach(function(el) {
-                    if (el.addEventListener) { // all browsers except IE before version 9
-                        el.addEventListener("click", function() {
+        });
+        $(document).ready(function() {
+            var listAtts = document.querySelectorAll(`button[type="submit"]`);
+            listAtts.forEach(function(el) {
+                if (el.addEventListener) { // all browsers except IE before version 9
+                    el.addEventListener("click", function() {
+                        $(this).html(
+                            `<span class="loading"></span>`
+                        );
+                        setTimeout(() => {
+                            $(this).prop("disabled", true);
+                        }, 100);
+                    }, false);
+                } else {
+                    if (el.attachEvent) { // IE before version 9
+                        el.attachEvent("click", function() {
                             $(this).html(
                                 `<span class="loading"></span>`
                             );
                             setTimeout(() => {
                                 $(this).prop("disabled", true);
                             }, 100);
-                        }, false);
-                    } else {
-                        if (el.attachEvent) { // IE before version 9
-                            el.attachEvent("click", function() {
-                                $(this).html(
-                                    `<span class="loading"></span>`
-                                );
-                                setTimeout(() => {
-                                    $(this).prop("disabled", true);
-                                }, 100);
-                            });
-                        }
+                        });
                     }
-                    $(function() {
-                        $('[data-toggle="tooltip"]').tooltip()
-                    })
-                });
+                }
+                $(function() {
+                    $('[data-toggle="tooltip"]').tooltip()
+                })
             });
+        });
 
-            function setCookie(name, value, days) {
-                var expires = "";
-                if (days) {
-                    var date = new Date();
-                    date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
-                    expires = "; expires=" + date.toUTCString();
-                }
-                document.cookie = name + "=" + (value || "") + expires + "; path=/";
+        function setCookie(name, value, days) {
+            var expires = "";
+            if (days) {
+                var date = new Date();
+                date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
+                expires = "; expires=" + date.toUTCString();
             }
+            document.cookie = name + "=" + (value || "") + expires + "; path=/";
+        }
 
-            function getCookie(name) {
-                var nameEQ = name + "=";
-                var ca = document.cookie.split(';');
-                for (var i = 0; i < ca.length; i++) {
-                    var c = ca[i];
-                    while (c.charAt(0) == ' ') c = c.substring(1, c.length);
-                    if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length, c.length);
-                }
-                return null;
+        function getCookie(name) {
+            var nameEQ = name + "=";
+            var ca = document.cookie.split(';');
+            for (var i = 0; i < ca.length; i++) {
+                var c = ca[i];
+                while (c.charAt(0) == ' ') c = c.substring(1, c.length);
+                if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length, c.length);
             }
-            setCookie('user_language', '
-                        {/literal}{$user_language}
-                        {literal}', 365);
-        </script>
-    {/literal}
+            return null;
+        }
+    </script>
+{/literal}
+<script>
+setCookie('user_language', '{$user_language}', 365);
+</script>
+</body>
 
-    </body>
-
-    </html>
\ No newline at end of file
+</html>
\ No newline at end of file