Tul xxx Tul
User / IP
:
216.73.217.33
Host / Server
:
45.84.207.204 / aircan.me
System
:
Linux lt-bnk-web1726.main-hosting.eu 5.14.0-611.36.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Mar 3 11:23:52 EST 2026 x86_64
Command
|
Upload
|
Create
Mass Deface
|
Jumping
|
Symlink
|
Reverse Shell
Ping
|
Port Scan
|
DNS Lookup
|
Whois
|
Header
|
cURL
:
/
home
/
u931257429
/
domains
/
aircan.me
/
public_html
/
siscaps
/
controllers
/
Viewing: ServiciosController.php
<?php class ServiciosController extends BaseController { private array $systemTypes = ['MABE','MAG','PP/PE']; public function index(): void { $csrf = $this->generateCsrf(); $filters = [ 'q' => trim((string)($_GET['q'] ?? '')), 'status' => in_array(($_GET['status'] ?? ''), ['Activa','Inactiva'], true) ? (string)$_GET['status'] : '', 'system_type' => in_array(($_GET['system_type'] ?? ''), $this->systemTypes, true) ? (string)$_GET['system_type'] : '', ]; $items = Tariff::getAll($filters); $this->renderView('servicios/index', [ 'csrf' => $csrf, 'filters' => $filters, 'items' => $items, 'systemTypes' => $this->systemTypes, ]); } public function create(): void { $csrf = $this->generateCsrf(); $this->renderView('servicios/create', [ 'csrf' => $csrf, 'systemTypes' => $this->systemTypes, ]); } public function store(): void { if (($_SERVER['REQUEST_METHOD'] ?? 'GET') !== 'POST') { redirect('servicios.index'); } $token = $_POST['csrf'] ?? ''; if (!$token || !isset($_SESSION['csrf']) || !hash_equals($_SESSION['csrf'], $token)) { http_response_code(400); echo 'CSRF inválido'; return; } $name = trim((string)($_POST['name'] ?? '')); $system_type = (string)($_POST['system_type'] ?? ''); $effective_from = trim((string)($_POST['effective_from'] ?? '')) ?: date('Y-m-d'); $status = in_array(($_POST['status'] ?? 'Inactiva'), ['Activa','Inactiva'], true) ? (string)$_POST['status'] : 'Inactiva'; $year = (int)($_POST['year'] ?? (int)date('Y')); $errors = []; if ($name === '') { $errors[] = 'El nombre es obligatorio.'; } if (!in_array($system_type, $this->systemTypes, true)) { $errors[] = 'Tipo de sistema inválido.'; } if (!preg_match('/^\d{4}-\d{2}-\d{2}$/', $effective_from)) { $errors[] = 'Fecha de vigencia inválida.'; } if ($year < 2000 || $year > 2100) { $errors[] = 'Año de parámetros inválido.'; } if (!empty($errors)) { setFlashMessage('error', implode(' ', $errors)); redirect('servicios.create'); } try { $newId = Tariff::create([ 'name' => $name, 'system_type' => $system_type, 'effective_from' => $effective_from, 'status' => $status, ]); if ($newId <= 0) { setFlashMessage('error', 'No se pudo crear la tarifa.'); redirect('servicios.create'); } // Tomar parámetros iniciales desde el formulario (opcionales; default 0/ vacío) $paramData = [ 'cost_administration' => (float)($_POST['cost_administration'] ?? 0), 'cost_salaries' => (float)($_POST['cost_salaries'] ?? 0), 'cost_energy' => (float)($_POST['cost_energy'] ?? 0), 'cost_chemicals' => (float)($_POST['cost_chemicals'] ?? 0), 'cost_maintenance' => (float)($_POST['cost_maintenance'] ?? 0), 'raf_replacement' => (float)($_POST['raf_replacement'] ?? 0), 'production_volume_m3' => (float)($_POST['production_volume_m3'] ?? 0), 'total_citizens' => (int)($_POST['total_citizens'] ?? 0), 'unaccounted_water_pct' => (float)($_POST['unaccounted_water_pct'] ?? 0), 'environmental_fee' => (float)($_POST['environmental_fee'] ?? 0), 'notes' => trim((string)($_POST['notes'] ?? '')), ]; // Guardar/actualizar parámetros para el año seleccionado Tariff::upsertParameters($newId, $year, $paramData); setFlashMessage('success', 'Tarifa creada correctamente con parámetros iniciales.'); redirect('servicios.index'); } catch (Throwable $e) { // Limpieza: si ya se creó la tarifa pero falló guardar parámetros if (!empty($newId)) { try { Tariff::deleteById((int)$newId); } catch (Throwable $ignored) {} } setFlashMessage('error', 'Error al crear tarifa: ' . $e->getMessage()); redirect('servicios.create'); } } public function edit(): void { $csrf = $this->generateCsrf(); $id = (int)($_GET['id'] ?? 0); if ($id <= 0) { http_response_code(400); echo 'ID inválido'; return; } $item = Tariff::findById($id); if (!$item) { http_response_code(404); echo 'Tarifa no encontrada'; return; } $this->renderView('servicios/edit', [ 'csrf' => $csrf, 'item' => $item, 'systemTypes' => $this->systemTypes, ]); } public function update(): void { if (($_SERVER['REQUEST_METHOD'] ?? 'GET') !== 'POST') { redirect('servicios.index'); } $token = $_POST['csrf'] ?? ''; if (!$token || !isset($_SESSION['csrf']) || !hash_equals($_SESSION['csrf'], $token)) { http_response_code(400); echo 'CSRF inválido'; return; } $id = (int)($_POST['id'] ?? 0); if ($id <= 0) { setFlashMessage('error', 'ID inválido.'); redirect('servicios.index'); } $name = trim((string)($_POST['name'] ?? '')); $system_type = (string)($_POST['system_type'] ?? ''); $effective_from = trim((string)($_POST['effective_from'] ?? '')) ?: date('Y-m-d'); $status = in_array(($_POST['status'] ?? 'Inactiva'), ['Activa','Inactiva'], true) ? (string)$_POST['status'] : 'Inactiva'; $errors = []; if ($name === '') { $errors[] = 'El nombre es obligatorio.'; } if (!in_array($system_type, $this->systemTypes, true)) { $errors[] = 'Tipo de sistema inválido.'; } if (!preg_match('/^\d{4}-\d{2}-\d{2}$/', $effective_from)) { $errors[] = 'Fecha de vigencia inválida.'; } if (!empty($errors)) { setFlashMessage('error', implode(' ', $errors)); header('Location: ' . BASE_URL . '?route=servicios.edit&id=' . $id); exit; } try { $ok = Tariff::update($id, [ 'name' => $name, 'system_type' => $system_type, 'effective_from' => $effective_from, 'status' => $status, ]); if ($ok) { setFlashMessage('success', 'Tarifa actualizada.'); redirect('servicios.index'); } setFlashMessage('error', 'No se pudo actualizar la tarifa.'); header('Location: ' . BASE_URL . '?route=servicios.edit&id=' . $id); exit; } catch (Throwable $e) { setFlashMessage('error', 'Error al actualizar tarifa: ' . $e->getMessage()); header('Location: ' . BASE_URL . '?route=servicios.edit&id=' . $id); exit; } } public function ranges(): void { $csrf = $this->generateCsrf(); $id = (int)($_GET['id'] ?? 0); if ($id <= 0) { http_response_code(400); echo 'ID inválido'; return; } $tariff = Tariff::findById($id); if (!$tariff) { http_response_code(404); echo 'Tarifa no encontrada'; return; } $ranges = Tariff::getRanges($id); $this->renderView('servicios/ranges', [ 'csrf' => $csrf, 'tariff' => $tariff, 'ranges' => $ranges, ]); } public function rangeStore(): void { if (($_SERVER['REQUEST_METHOD'] ?? 'GET') !== 'POST') { redirect('servicios.index'); } $token = $_POST['csrf'] ?? ''; if (!$token || !isset($_SESSION['csrf']) || !hash_equals($_SESSION['csrf'], $token)) { http_response_code(400); echo 'CSRF inválido'; return; } $tariff_id = (int)($_POST['tariff_id'] ?? 0); $min_m3 = (float)($_POST['min_m3'] ?? 0); $max_m3 = ($_POST['max_m3'] ?? '') !== '' ? (float)$_POST['max_m3'] : null; $price_per_m3 = (float)($_POST['price_per_m3'] ?? 0); if ($tariff_id <= 0) { setFlashMessage('error', 'ID de tarifa inválido.'); redirect('servicios.index'); } try { Tariff::createRange([ 'tariff_id' => $tariff_id, 'min_m3' => $min_m3, 'max_m3' => $max_m3, 'price_per_m3' => $price_per_m3, ]); setFlashMessage('success', 'Rango agregado.'); } catch (Throwable $e) { setFlashMessage('error', 'No se pudo agregar el rango: ' . $e->getMessage()); } header('Location: ' . BASE_URL . '?route=servicios.ranges&id=' . $tariff_id); exit; } public function rangeUpdate(): void { if (($_SERVER['REQUEST_METHOD'] ?? 'GET') !== 'POST') { redirect('servicios.index'); } $token = $_POST['csrf'] ?? ''; if (!$token || !isset($_SESSION['csrf']) || !hash_equals($_SESSION['csrf'], $token)) { http_response_code(400); echo 'CSRF inválido'; return; } $id = (int)($_POST['id'] ?? 0); $tariff_id = (int)($_POST['tariff_id'] ?? 0); $min_m3 = (float)($_POST['min_m3'] ?? 0); $max_m3 = ($_POST['max_m3'] ?? '') !== '' ? (float)$_POST['max_m3'] : null; $price_per_m3 = (float)($_POST['price_per_m3'] ?? 0); if ($id <= 0 || $tariff_id <= 0) { setFlashMessage('error', 'Datos inválidos.'); redirect('servicios.index'); } try { $ok = Tariff::updateRange($id, [ 'min_m3' => $min_m3, 'max_m3' => $max_m3, 'price_per_m3' => $price_per_m3, ]); if ($ok) { setFlashMessage('success', 'Rango actualizado.'); } else { setFlashMessage('error', 'No se pudo actualizar el rango.'); } } catch (Throwable $e) { setFlashMessage('error', 'Error al actualizar rango: ' . $e->getMessage()); } header('Location: ' . BASE_URL . '?route=servicios.ranges&id=' . $tariff_id); exit; } public function rangeDelete(): void { if (($_SERVER['REQUEST_METHOD'] ?? 'GET') !== 'POST') { redirect('servicios.index'); } $token = $_POST['csrf'] ?? ''; if (!$token || !isset($_SESSION['csrf']) || !hash_equals($_SESSION['csrf'], $token)) { http_response_code(400); echo 'CSRF inválido'; return; } $id = (int)($_POST['id'] ?? 0); $tariff_id = (int)($_POST['tariff_id'] ?? 0); if ($id <= 0 || $tariff_id <= 0) { setFlashMessage('error', 'Datos inválidos.'); redirect('servicios.index'); } try { if (Tariff::deleteRange($id)) { setFlashMessage('success', 'Rango eliminado.'); } else { setFlashMessage('error', 'No se pudo eliminar el rango.'); } } catch (Throwable $e) { setFlashMessage('error', 'Error al eliminar rango: ' . $e->getMessage()); } header('Location: ' . BASE_URL . '?route=servicios.ranges&id=' . $tariff_id); exit; } public function parameters(): void { $csrf = $this->generateCsrf(); $tariff_id = (int)($_GET['id'] ?? 0); if ($tariff_id <= 0) { http_response_code(400); echo 'ID inválido'; return; } $tariff = Tariff::findById($tariff_id); if (!$tariff) { http_response_code(404); echo 'Tarifa no encontrada'; return; } $list = Tariff::getAllParametersByTariff($tariff_id); $selectedYear = isset($_GET['year']) ? (int)$_GET['year'] : null; if ($selectedYear === null) { if (!empty($list)) { $selectedYear = (int)$list[0]['year']; } else { $selectedYear = (int)date('Y'); } } $params = Tariff::getParameters($tariff_id, $selectedYear); $suggested = Tariff::computeSuggestedUnitCost($tariff_id, $selectedYear); $suggestedFixed = Tariff::computeSuggestedFixedFee($tariff_id, $selectedYear); $currentApproval = TariffApproval::latestForTariffYear($tariff_id, $selectedYear); $this->renderView('servicios/parameters', [ 'csrf' => $csrf, 'tariff' => $tariff, 'yearsList' => $list, 'year' => $selectedYear, 'params' => $params, 'suggested' => $suggested, 'suggestedFixed' => $suggestedFixed, 'currentApproval' => $currentApproval, ]); } public function parametersSave(): void { if (($_SERVER['REQUEST_METHOD'] ?? 'GET') !== 'POST') { redirect('servicios.index'); } $token = $_POST['csrf'] ?? ''; if (!$token || !isset($_SESSION['csrf']) || !hash_equals($_SESSION['csrf'], $token)) { http_response_code(400); echo 'CSRF inválido'; return; } $tariff_id = (int)($_POST['tariff_id'] ?? 0); $year = (int)($_POST['year'] ?? 0); if ($tariff_id <= 0 || $year <= 0) { setFlashMessage('error', 'Datos inválidos.'); redirect('servicios.index'); } $data = [ 'cost_administration' => (float)($_POST['cost_administration'] ?? 0), 'cost_salaries' => (float)($_POST['cost_salaries'] ?? 0), 'cost_energy' => (float)($_POST['cost_energy'] ?? 0), 'cost_chemicals' => (float)($_POST['cost_chemicals'] ?? 0), 'cost_maintenance' => (float)($_POST['cost_maintenance'] ?? 0), 'raf_replacement' => (float)($_POST['raf_replacement'] ?? 0), 'production_volume_m3' => (float)($_POST['production_volume_m3'] ?? 0), 'total_citizens' => (int)($_POST['total_citizens'] ?? 0), 'unaccounted_water_pct' => (float)($_POST['unaccounted_water_pct'] ?? 0), 'environmental_fee' => (float)($_POST['environmental_fee'] ?? 0), 'notes' => trim((string)($_POST['notes'] ?? '')), ]; try { Tariff::upsertParameters($tariff_id, $year, $data); setFlashMessage('success', 'Parámetros guardados.'); } catch (Throwable $e) { setFlashMessage('error', 'No se pudieron guardar los parámetros: ' . $e->getMessage()); } header('Location: ' . BASE_URL . '?route=servicios.parameters&id=' . $tariff_id . '&year=' . $year); exit; } public function approvals(): void { $csrf = $this->generateCsrf(); $tariff_id = (int)($_GET['id'] ?? 0); if ($tariff_id <= 0) { http_response_code(400); echo 'ID inválido'; return; } $tariff = Tariff::findById($tariff_id); if (!$tariff) { http_response_code(404); echo 'Tarifa no encontrada'; return; } $list = Tariff::getAllParametersByTariff($tariff_id); $selectedYear = isset($_GET['year']) ? (int)$_GET['year'] : null; if ($selectedYear === null) { if (!empty($list)) { $selectedYear = (int)$list[0]['year']; } else { $selectedYear = (int)date('Y'); } } $params = Tariff::getParameters($tariff_id, $selectedYear); $realRate = Tariff::computeSuggestedUnitCost($tariff_id, $selectedYear); $approvals = TariffApproval::listByTariff($tariff_id); $currentApproval = TariffApproval::latestForTariffYear($tariff_id, $selectedYear); $latestApproval = $approvals[0] ?? null; $editId = isset($_GET['approval_id']) ? (int)$_GET['approval_id'] : 0; $editingApproval = null; if ($editId > 0) { $editingApproval = TariffApproval::find($editId); if (!$editingApproval || (int)$editingApproval['tariff_id'] !== $tariff_id) { $editingApproval = null; } } $this->renderView('servicios/approvals', [ 'csrf' => $csrf, 'tariff' => $tariff, 'yearsList' => $list, 'year' => $selectedYear, 'params' => $params, 'realRate' => $realRate, 'approvals' => $approvals, 'currentApproval' => $currentApproval, 'latestApproval' => $latestApproval, 'editingApproval' => $editingApproval, ]); } public function approvalSave(): void { if (($_SERVER['REQUEST_METHOD'] ?? 'GET') !== 'POST') { redirect('servicios.index'); } $token = $_POST['csrf'] ?? ''; if (!$token || !isset($_SESSION['csrf']) || !hash_equals($_SESSION['csrf'], $token)) { http_response_code(400); echo 'CSRF inválido'; return; } $tariff_id = (int)($_POST['tariff_id'] ?? 0); $year = (int)($_POST['year'] ?? 0); $id = isset($_POST['approval_id']) ? (int)$_POST['approval_id'] : 0; $real_rate = (float)($_POST['real_rate'] ?? 0); $approved_rate = (float)($_POST['approved_rate'] ?? 0); $approval_date = trim((string)($_POST['approval_date'] ?? '')); $valid_until = trim((string)($_POST['valid_until'] ?? '')); $notes = trim((string)($_POST['notes'] ?? '')); $errors = []; $existing = null; if ($id > 0) { $existing = TariffApproval::find($id); if (!$existing || (int)$existing['tariff_id'] !== $tariff_id) { setFlashMessage('error', 'No se encontró la aprobación seleccionada.'); header('Location: ' . BASE_URL . '?route=servicios.approvals&id=' . $tariff_id . '&year=' . $year); exit; } } if ($tariff_id <= 0) { $errors[] = 'Tarifa inválida.'; } if ($year < 2000 || $year > 2100) { $errors[] = 'Año inválido.'; } if ($real_rate <= 0) { $errors[] = 'Debe establecer la Tarifa Real calculada.'; } if ($approved_rate <= 0) { $errors[] = 'Debe ingresar la Tarifa aprobada.'; } if ($approval_date === '' || !preg_match('/^\d{4}-\d{2}-\d{2}$/', $approval_date)) { $errors[] = 'Fecha de aprobación inválida.'; } if ($valid_until !== '' && !preg_match('/^\d{4}-\d{2}-\d{2}$/', $valid_until)) { $errors[] = 'La fecha \"vigente hasta\" es inválida.'; } if (!empty($errors)) { setFlashMessage('error', implode(' ', $errors)); header('Location: ' . BASE_URL . '?route=servicios.approvals&id=' . $tariff_id . '&year=' . $year); exit; } try { $payload = [ 'id' => $id, 'tariff_id' => $tariff_id, 'year' => $year, 'real_rate' => $real_rate, 'approved_rate' => $approved_rate, 'approval_date' => $approval_date, 'valid_until' => $valid_until ?: null, 'notes' => $notes, 'created_by_user_id' => getCurrentUser()['id'] ?? ($existing['created_by_user_id'] ?? null), ]; TariffApproval::save($payload); setFlashMessage('success', 'Tarifa aprobada registrada correctamente.'); } catch (Throwable $e) { setFlashMessage('error', 'No se pudo guardar la aprobación: ' . $e->getMessage()); } header('Location: ' . BASE_URL . '?route=servicios.approvals&id=' . $tariff_id . '&year=' . $year); exit; } public function approvalDelete(): void { if (($_SERVER['REQUEST_METHOD'] ?? 'GET') !== 'POST') { redirect('servicios.index'); } $token = $_POST['csrf'] ?? ''; if (!$token || !isset($_SESSION['csrf']) || !hash_equals($_SESSION['csrf'], $token)) { http_response_code(400); echo 'CSRF inválido'; return; } $tariff_id = (int)($_POST['tariff_id'] ?? 0); $year = (int)($_POST['year'] ?? 0); $id = (int)($_POST['approval_id'] ?? 0); if ($tariff_id <= 0 || $id <= 0) { setFlashMessage('error', 'Datos inválidos.'); redirect('servicios.index'); } try { $record = TariffApproval::find($id); if (!$record || (int)$record['tariff_id'] !== $tariff_id) { setFlashMessage('error', 'La aprobación no existe.'); } elseif (TariffApproval::delete($id)) { setFlashMessage('success', 'Aprobación eliminada.'); } else { setFlashMessage('error', 'No se pudo eliminar la aprobación.'); } } catch (Throwable $e) { setFlashMessage('error', 'Error al eliminar aprobación: ' . $e->getMessage()); } header('Location: ' . BASE_URL . '?route=servicios.approvals&id=' . $tariff_id . '&year=' . ($year ?: ($record['year'] ?? date('Y')))); exit; } public function activate(): void { if (($_SERVER['REQUEST_METHOD'] ?? 'GET') !== 'POST') { redirect('servicios.index'); } $token = $_POST['csrf'] ?? ''; if (!$token || !isset($_SESSION['csrf']) || !hash_equals($_SESSION['csrf'], $token)) { http_response_code(400); echo 'CSRF inválido'; return; } $id = (int)($_POST['id'] ?? 0); if ($id <= 0) { setFlashMessage('error', 'ID inválido.'); redirect('servicios.index'); } if (!TariffApproval::hasActiveApproval($id)) { setFlashMessage('error', 'Debe registrar una tarifa aprobada vigente antes de activar.'); redirect('servicios.index'); } try { if (Tariff::activate($id)) { setFlashMessage('success', 'Tarifa activada.'); } else { setFlashMessage('error', 'No se pudo activar la tarifa.'); } } catch (Throwable $e) { setFlashMessage('error', 'Error al activar tarifa: ' . $e->getMessage()); } redirect('servicios.index'); } public function delete(): void { if (($_SERVER['REQUEST_METHOD'] ?? 'GET') !== 'POST') { redirect('servicios.index'); } $token = $_POST['csrf'] ?? ''; if (!$token || !isset($_SESSION['csrf']) || !hash_equals($_SESSION['csrf'], $token)) { http_response_code(400); echo 'CSRF inválido'; return; } $id = (int)($_POST['id'] ?? 0); if ($id <= 0) { setFlashMessage('error', 'ID inválido.'); redirect('servicios.index'); } try { if (Tariff::deleteById($id)) { setFlashMessage('success', 'Tarifa eliminada correctamente.'); } else { setFlashMessage('error', 'No se pudo eliminar la tarifa.'); } } catch (Throwable $e) { setFlashMessage('error', 'Error al eliminar tarifa: ' . $e->getMessage()); } redirect('servicios.index'); } }
Coded With 💗 by
0x6ick