Merge pull request #191 from slims/develop

Merge Develop 9.6.0 to Master
slims · Jun 1, 2023 · be363e3 · be363e3
2 parents 228926c + 08cc7e9
commit be363e3
Show file tree

Hide file tree

Showing 966 changed files with 134,820 additions and 5,709 deletions.
diff --git a/.gitignore b/.gitignore
@@ -49,5 +49,7 @@ $RECYCLE.BIN/
 
 /vendor/
 composer.lock
-config/sysconfig.env.inc.php
-config/database.php
+config/database.php
+config/captcha.php
+config/env.php
+tarsius
diff --git a/README.md b/README.md
@@ -11,8 +11,8 @@ SLiMS is licensed under GNU GPL version 3. Please read "GPL-3.0 License.txt"
 to learn more about GPL.
 
 ### System Requirements
-- PHP version 7.4;
+- PHP version >= 8.1;
 - MySQL version 5.7 and or MariaDB version 10.3;
 - PHP GD enabled
 - PHP gettext enabled
-- PHP mbstring enabled
+- PHP mbstring enabled
diff --git a/admin/admin_template/akasia-dz/index_template.inc.php b/admin/admin_template/akasia-dz/index_template.inc.php
@@ -63,7 +63,7 @@
   <link href="<?php echo JWB; ?>colorbox/colorbox.css" rel="stylesheet" type="text/css" />
   <link href="<?php echo JWB; ?>chosen/chosen.css" rel="stylesheet" type="text/css" />
   <link href="<?php echo JWB; ?>jquery.imgareaselect/css/imgareaselect-default.css" rel="stylesheet" type="text/css" />
-  <link href="<?php echo $sysconf['admin_template']['css']; ?>" rel="stylesheet" type="text/css" />
+  <link href="<?php echo $sysconf['admin_template']['css'] . '?v=' . date('this'); ?>" rel="stylesheet" type="text/css" />
   <link href="<?php echo JWB; ?>datepicker/css/datepicker-bs4.min.css" rel="stylesheet" />
   <link href="<?php echo JWB; ?>toastr/toastr.min.css?<?php echo date('this') ?>" rel="stylesheet" type="text/css" />
 

diff --git a/admin/admin_template/akasia-dz/style.css b/admin/admin_template/akasia-dz/style.css
@@ -1 +1,5 @@
-@import "assets/css/style.css";
+@import "assets/css/style.css";
+
+pre.sf-dump, pre.sf-dump .sf-dump-default {
+    z-index: 0 !important;
+}
diff --git a/admin/admin_template/akasia/index_template.inc.php b/admin/admin_template/akasia/index_template.inc.php
@@ -61,7 +61,7 @@
   <link href="<?php echo JWB; ?>colorbox/colorbox.css" rel="stylesheet" type="text/css" />
   <link href="<?php echo JWB; ?>chosen/chosen.css" rel="stylesheet" type="text/css" />
   <link href="<?php echo JWB; ?>jquery.imgareaselect/css/imgareaselect-default.css" rel="stylesheet" type="text/css" />
-  <link href="<?php echo $sysconf['admin_template']['css']; ?>?<?php echo date('this') ?>" rel="stylesheet" type="text/css" />
+  <link href="<?php echo $sysconf['admin_template']['css']; ?>?v=<?php echo date('this') ?>" rel="stylesheet" type="text/css" />
   <link href="<?php echo JWB; ?>datepicker/css/datepicker-bs4.min.css" rel="stylesheet" />
   <link href="<?php echo JWB; ?>toastr/toastr.min.css?<?php echo date('this') ?>" rel="stylesheet" type="text/css" />
 

diff --git a/admin/admin_template/akasia/style.css b/admin/admin_template/akasia/style.css
@@ -1787,3 +1787,7 @@ button.prev-btn {
   border: none;
   font-weight: bold;
 }
+
+pre.sf-dump, pre.sf-dump .sf-dump-default {
+  z-index: 0 !important;
+}
diff --git a/admin/admin_template/default/index_template.inc.php b/admin/admin_template/default/index_template.inc.php
@@ -9,6 +9,7 @@
     <meta http-equiv="Pragma" content="no-cache" />
     <meta http-equiv="Cache-Control" content="no-store, no-cache, must-revalidate, post-check=0, pre-check=0" />
     <meta http-equiv="Expires" content="Sat, 26 Jul 1997 05:00:00 GMT" />
+    <meta name="env" content="<?= isDev() ? 'dev' : 'prod' ?>"/>
 
     <?php
     $icon = SWB . 'webicon.ico';
@@ -27,7 +28,7 @@
     <link href="<?php echo JWB; ?>toastr/toastr.min.css?<?php echo date('this') ?>" rel="stylesheet" type="text/css" />
     <link href="<?php echo JWB; ?>jquery.imgareaselect/css/imgareaselect-default.css" rel="stylesheet" type="text/css" />
     <link href="<?php echo JWB; ?>datepicker/css/datepicker-bs4.min.css" rel="stylesheet" />
-    <link href="<?php echo $sysconf['admin_template']['css'].'?'.date('this'); ?>" rel="stylesheet" type="text/css" />
+    <link href="<?php echo $sysconf['admin_template']['css'].'?v='.date('this'); ?>" rel="stylesheet" type="text/css" />
 
     <script type="text/javascript" src="<?php echo JWB; ?>jquery.js"></script>
     <script type="text/javascript" src="<?php echo AWB; ?>admin_template/<?php echo $sysconf['admin_template']['theme']?>/vendor/slimscroll/jquery.slimscroll.min.js"></script>

diff --git a/admin/admin_template/default/style.css b/admin/admin_template/default/style.css
@@ -1447,3 +1447,7 @@ button.prev-btn {
   border: none;
   font-weight: bold;
 }
+
+pre.sf-dump, pre.sf-dump .sf-dump-default {
+  z-index: 0 !important;
+}
diff --git a/admin/admin_template/duedateMail.php b/admin/admin_template/duedateMail.php
@@ -0,0 +1,116 @@
+<?php
+/**
+ * @author Drajat Hasan
+ * @email [email protected]
+ * @create date 2022-10-08 11:10:32
+ * @modify date 2023-01-07 13:11:28
+ * @license GPLv3
+ * @desc [description]
+ */
+
+use SLiMS\DB;
+use SLiMS\Mail\TemplateContract;
+
+class duedateMail extends TemplateContract
+{
+    private $circulation = null;
+    private $member = [];
+    private $duedateData = [];
+
+    public function __construct($member)
+    {
+        $this->member = $member;
+    }
+
+    /**
+     * SEt circulation instance
+     * to calculate overdue and overdue data
+     *
+     * @param mysqli $db
+     * @param array $overdueLoan
+     * @return void
+     */
+    public function setCirculationData($duedateLoan)
+    {
+        // overude data
+        $this->duedateData = $duedateLoan;
+    }
+
+    /**
+     * Mail content output process
+     *
+     * @return overdueMail
+     */
+    public function render()
+    {
+        // library name
+        $libraryName = config('library_name');
+
+        // Header information
+        $header = __('To <strong><!--MEMBER_NAME--> (<!--MEMBER_ID-->)</strong>&nbsp;
+         This is notification e-mail to inform you that you have <strong>DUE DATE</strong> library loan,
+        the overdued collection(s) are:');
+
+        // Closing
+        $closing = __('Please return all collections immediately to library at or before due date. If you have
+        any complaint regarding to this due date notification,
+        please contact our circulation desk.');
+
+
+        // footer information about library management etc
+        $footer = __('<p>Thank You.</p>
+
+        <strong><!--DATE--></strong>
+        <br />Library Management'); 
+
+        // Institution logo
+        $logo = '';
+
+        $loanData = '';
+        foreach ($this->duedateData as $duedateData) {
+            // Get cover url
+            $bookCover = $this->generateCoverUrl($duedateData->image);
+
+            // count overdue day
+            $overdue = $duedateData->overdue_days . ' ' . __('days');
+
+            // Concating loanData variable
+            $loanData .= <<<HTML
+            <tr>
+                <td>
+                    <img style="width: 100px; margin-right: 1em; border-radius: 5px;" src="{$bookCover}">
+                </td>
+                <td valign="top">
+                    <h2 style="margin: 0; display: block">{$duedateData->title}</h2>
+                    <div style="display: block">
+                        <span style="display: block">Item Code : {$duedateData->item_code}</span>
+                        <span style="display: block">Loan Date : {$duedateData->loan_date}</span>
+                        <span style="display: block">Due Date : {$duedateData->due_date}</span>
+                        <span style="display: block">Overdue : <strong>{$overdue}</strong></span>
+                    </div>
+                </td>
+            </tr>
+            HTML;
+        }
+
+        $formatedTemplate = <<<HTML
+        <div style="font-family:-apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, 'Open Sans', 'Helvetica Neue', sans-serif; padding: 2em;">
+            <div style="display: block;">
+                <div style="display:">
+                    {$logo}
+                    <h2 style="padding-left: 0.3em;">{$libraryName}</h2>
+                </div>
+                <p style="margin: 1em 0 1em 0;">{$header}</p>
+                <table style="display: block">
+                    {$loanData}
+                </table>
+                {$footer}
+            </div>
+        </div>
+        HTML;
+
+        $this->contents = str_ireplace(['<!--MEMBER_ID-->', '<!--MEMBER_NAME-->','<!--DATE-->'], [$this->member->member_id, $this->member->member_name, date('Y-m-d H:i:s')], $formatedTemplate);
+
+        return $this;
+    }
+}
diff --git a/admin/admin_template/nightmode/index_template.inc.php b/admin/admin_template/nightmode/index_template.inc.php
@@ -27,7 +27,7 @@
     <link href="<?php echo JWB; ?>toastr/toastr.min.css?<?php echo date('this') ?>" rel="stylesheet" type="text/css" />
     <link href="<?php echo JWB; ?>jquery.imgareaselect/css/imgareaselect-default.css" rel="stylesheet" type="text/css" />
     <link href="<?php echo JWB; ?>datepicker/css/datepicker-bs4.min.css" rel="stylesheet" />
-    <link href="<?php echo $sysconf['admin_template']['css'].'?'.date('this'); ?>" rel="stylesheet" type="text/css" />
+    <link href="<?php echo $sysconf['admin_template']['css'].'?v='.date('this'); ?>" rel="stylesheet" type="text/css" />
 
     <script type="text/javascript" src="<?php echo JWB; ?>jquery.js"></script>
     <script type="text/javascript" src="<?php echo AWB; ?>admin_template/<?php echo $sysconf['admin_template']['theme']?>/vendor/slimscroll/jquery.slimscroll.min.js"></script>

diff --git a/admin/admin_template/nightmode/style.css b/admin/admin_template/nightmode/style.css
@@ -1525,4 +1525,8 @@ button.prev-btn {
 }
 .datepicker-grid > .range-end {
   color: white !important;
+}
+
+pre.sf-dump, pre.sf-dump .sf-dump-default {
+  z-index: 0 !important;
 }
diff --git a/admin/default/home.php b/admin/default/home.php
@@ -20,6 +20,8 @@
  * some patches by hendro
  */
 
+use SLiMS\DB;
+
 // key to authenticate
 if (!defined('INDEX_AUTH')) {
     define('INDEX_AUTH', '1');
@@ -36,6 +38,11 @@
         </div>
     </div>
 </div>
+<div id="backupProccess" style="display: none">
+    <div class="alert alert-info">
+        <strong><?= __('Database backup process is running, please wait') ?></strong>
+    </div>
+</div>
 <div class="contentDesc">
     <div class="container-fluid">
 
@@ -131,6 +138,26 @@
             }
         }
 
+        if (utility::havePrivilege('system', 'r') && utility::havePrivilege('system', 'w'))
+        {
+            // info
+            $backupConfigStatus = config('database_backup.reminder') || config('database_backup.auto');
+            $backupIsNoAuto = config('database_backup.reminder') && !config('database_backup.auto');
+            $alreadyBackup = DB::hasBackup(by: DB::BACKUP_BASED_ON_DAY);
+
+
+            if ($alreadyBackup === false && $backupConfigStatus) 
+                $_SESSION['token'] = utility::createRandomString(32);
+
+            if ($alreadyBackup === false && $is_repaired === false && $backupIsNoAuto === true) {
+                echo '<div class="alert alert-info border-0 mt-3">';
+                echo '<span>' . __('It looks like today you haven\'t backup your database.') . 
+                '.&nbsp;&nbsp;<a href="'.MWB.'system/backup_proc.php" id="backupproc" class="notAJAX btn btn-primary">' . __('Backup Now') . '</a>' .
+                '</span>';
+                echo '</div>';
+            }
+        }
+
         // if there any warnings
         if ($warnings) {
             echo '<div class="alert alert-warning border-0 mt-3">';
@@ -257,7 +284,7 @@
 
             async function getTotal(url, selector = null) {
                 if(selector !== null) $(selector).text('...');
-                let res = await (await fetch(url)).json();
+                let res = await (await fetch(url,{headers: {'SLiMS-Http-Cache': 'cache'}})).json();
                 if(selector !== null) $(selector).text(new Intl.NumberFormat('id-ID').format(res.data));
                 return res.data;
             }
@@ -268,7 +295,7 @@
             getTotal('<?= SWB ?>index.php?p=api/item/total/available', '.item_total_available');
 
             // get summary
-            fetch('<?= SWB ?>index.php?p=api/loan/summary')
+            fetch('<?= SWB ?>index.php?p=api/loan/summary', {headers: {'SLiMS-Http-Cache': 'cache'}})
                 .then(res => res.json())
                 .then(res => {
 
@@ -329,7 +356,7 @@ function respondCanvas() {
             // bar chart
             // ===================================
 
-            fetch('<?= SWB ?>index.php?p=api/loan/getdate/<?= $start_date ?>')
+            fetch('<?= SWB ?>index.php?p=api/loan/getdate/<?= $start_date ?>', {headers: {'SLiMS-Http-Cache': 'cache'}})
             .then(res => res.json())
             .then(res => {
 
@@ -382,12 +409,58 @@ function respondCanvas() {
             })
         });
 
+        <?php if (utility::havePrivilege('system', 'r') && utility::havePrivilege('system', 'w')): ?>
+            <?php if (config('database_backup.reminder') && !config('database_backup.auto')): ?>
+                // Backup process
+                $('#backupproc').click(function(e) {
+                    e.preventDefault()
+
+                    let currentLabel = $(this).html()
+
+                    $(this).removeClass('btn-primary').addClass('btn-secondary disabled')
+                    $(this).html('<?= __('Please wait') ?>')
+
+                    backupDatabase($(this).attr('href'), function(result) {
+                        if (result.status)  {
+                            window.location.href = '<?= $_SERVER['PHP_SELF'] ?>'
+                        } else {
+                            $(this).html(currentLabel)
+                            console.error(result.message)
+                            window.toastr.error(result.message, '<?= __('Error') ?>')
+                        }
+                    })                    
+                })
+            <?php endif; ?>
+
+            function backupDatabase(href, callback) {
+                $.post(href, {start:true,tkn:'<?= $_SESSION['token']??'' ?>',verbose:'no',response:'json'}, function(result, status, post){
+                        var result = JSON.parse(result)
+                        callback(result)
+                });
+            }
+
+            <?php if (!$is_repaired && !$alreadyBackup && config('database_backup.auto')): ?>
+                $('.contentDesc').slideUp();
+                $('#backupProccess').slideDown();
+
+                backupDatabase('<?= MWB.'system/backup_proc.php' ?>', function(result) {
+                    if (result.status)  {
+                        window.location.href = '<?= $_SERVER['PHP_SELF'] ?>'
+                    } else {
+                        $(this).html(currentLabel)
+                        console.error(result.message)
+                        window.toastr.error(result.message, '<?= __('Error') ?>')
+                    }
+                })
+            <?php endif; ?>
+        <?php endif; ?>
+
         <?php if ($_SESSION['uid'] === '1') : ?>
         // get lastest release
         fetch('https://api.github.com/repos/slims/slims9_bulian/releases/latest')
             .then(res => res.json())
             .then(res => {
-                if (res.tag_name !== '<?= SENAYAN_VERSION_TAG; ?>') {
+                if (res.tag_name > '<?= SENAYAN_VERSION_TAG; ?>') {
                     $('#new_version').text(res.tag_name);
                     $('#alert-new-version').removeClass('hidden');
                     $('#alert-new-version a').attr('href', res.html_url)

diff --git a/admin/default/session.inc.php b/admin/default/session.inc.php
@@ -30,6 +30,9 @@
     die("can not access this file directly");
 }
 
+// Cleanup SQL Injection and Common XSS
+$sanitizer->cleanUp(filter: [false, true, true] /* escape_sql, trim, strip_tag */, exception: ['contentDesc','comment']);
+
 // use session factory to handle session based on default SLiMS or user handler
 SessionFactory::use(config('customSession', Files::class))->start('admin');