1. <?php

  2. 

  3. if (!defined("WHMCS"))

  4. 	die("This file cannot be accessed directly");

  5. 

  6. use WHMCS\Database\Capsule;

  7. use WHMCS\View\Menu\Item as MenuItem;

  8. 

  9. function restrict_access_to_add_funds($vars) {

  10. 

  11.   if (filter_var($_GET['action'], FILTER_SANITIZE_STRING) == 'addfunds') {

  12. 

  13.     // Get PDO for the database queries

  14.     $pdo = Capsule::connection()->getPdo();

  15. 

  16.     if ($vars['clientsdetails']['customfields']) {

  17.       $customfields = $vars['clientsdetails']['customfields'];

  18.       foreach ($customfields as $key => $customfield) {

  19.         ##### Start Database Query #####

  20.         try {

  21.           $customfieldsquery = $pdo->query("SELECT fieldname FROM tblcustomfields WHERE id = " . $pdo->quote($customfield['id']));

  22. 

  23.           while($row = $customfieldsquery->fetch(PDO::FETCH_ASSOC)) {

  24.             if ($row['fieldname'] == 'Enable Add Funds') {

  25.               $addfunds = $customfield['value'];

  26.             }

  27.           }

  28.         } catch(PDOException $e) {

  29.           echo 'ERROR: ' . $e->getMessage();

  30.         }

  31.       }

  32. 

  33.       if ($addfunds !== 'on') {

  34.         header("Location: clientarea.php");

  35.         exit();

  36.       }

  37.     }

  38. 

  39.   }

  40. 

  41. }

  42. 

  43. function restrict_add_funds_link(MenuItem $primaryNavbar) {

  44. 

  45.   $client = Menu::context('client');

  46. 

  47.   // Get PDO for the database queries

  48.   $pdo = Capsule::connection()->getPdo();

  49. 

  50.   try {

  51.     $clientquery = $pdo->query("SELECT tblcustomfields.fieldname AS customfieldname, tblcustomfieldsvalues.value AS customfieldvalue FROM tblcustomfields INNER JOIN tblcustomfieldsvalues ON tblcustomfields.id = tblcustomfieldsvalues.fieldid WHERE tblcustomfieldsvalues.relid = " . $pdo->quote($client->id));

  52. 

  53.     while($row = $clientquery->fetch(PDO::FETCH_ASSOC)) {

  54.       if (trim($row['customfieldname']) == "Enable Add Funds") {

  55.         $addfunds = $row['customfieldvalue'];

  56.       }

  57.     }

  58.   } catch(PDOException $e) {

  59.     echo 'ERROR: ' . $e->getMessage();

  60.   }

  61. 

  62.   

  63.   if ($addfunds !== 'on') {

  64.     if (!is_null($primaryNavbar->getChild('Billing'))) {

  65.       $primaryNavbar->getChild('Billing')->removeChild('Add Funds');

  66.     }

  67.   }

  68. 

  69. }

  70. 

  71. function add_funds_sidebar(MenuItem $primarySidebar) {

  72. 

  73.   $filename = APP::getCurrentFileName();

  74.   $client = Menu::context("client");

  75.   $clientid = intval( $client->id );

  76.   $action = $_GET['action'];

  77.   $allowed = array('invoices', 'quotes', 'masspay', 'addfunds');

  78. 

  79.   /* prevents balance display to unauth'd users */

  80.   if ($filename!=='clientarea' || $clientid===0 || strpos($_SERVER['REQUEST_URI'], 'verificationId') !== false || is_null($client)) {

  81.     return;

  82.   }

  83. 

  84.   // Get PDO for the database queries

  85.   $pdo = Capsule::connection()->getPdo();

  86. 

  87.   try {

  88.     $clientquery = $pdo->query("SELECT tblcustomfields.fieldname AS customfieldname, tblcustomfieldsvalues.value AS customfieldvalue FROM tblcustomfields INNER JOIN tblcustomfieldsvalues ON tblcustomfields.id = tblcustomfieldsvalues.fieldid WHERE tblcustomfieldsvalues.relid = " . $pdo->quote($client->id));

  89. 

  90.     while($row = $clientquery->fetch(PDO::FETCH_ASSOC)) {

  91.       if (trim($row['customfieldname']) == "Enable Add Funds") {

  92.         $addfunds = $row['customfieldvalue'];

  93.       }

  94.     }

  95.   } catch(PDOException $e) {

  96.     echo 'ERROR: ' . $e->getMessage();

  97.   }

  98. 

  99.   /* uncomment this to hide the sidebar if the client has no balance */

  100.   if ($client->credit <= 0.00 && $addfunds !== 'on' && filter_var($_GET['action'], FILTER_SANITIZE_STRING) !== 'addfunds') { return; }

  101. 

  102.   $primarySidebar->addChild('Client-Balance', array(

  103.       'label' => Lang::trans('availcreditbal'),

  104.       'uri' => '#',

  105.       'order' => '1',

  106.       'icon' => 'fa fa-credit-card'

  107.   ));

  108. 

  109.   # Get Currency

  110.   $getCurrency = getCurrency($clientid);

  111.   $balanceDisplay = formatCurrency($client->credit, $getCurrency);

  112. 

  113.   # Retrieve the panel we just created.

  114.   $balancePanel = $primarySidebar->getChild('Client-Balance');

  115. 

  116.   // Move the panel to the end of the sorting order so it's always displayed

  117.   // as the last panel in the sidebar.

  118.   $balancePanel->moveToBack();

  119.   $balancePanel->setOrder(0);

  120. 

  121.   # Add Balance.

  122.   if ($addfunds == 'on' && filter_var($_GET['action'], FILTER_SANITIZE_STRING) !== 'addfunds') {

  123.     $balancePanel->addChild('balance-amount', array(

  124.         'uri' => 'clientarea.php?action=addfunds',

  125.         'label' => '<h4 style="text-align:center;">'.$balanceDisplay.'</h4>',

  126.         'order' => 1

  127.     ));

  128.   

  129.     $balancePanel->setFooterHtml(

  130.         '<a href="clientarea.php?action=addfunds" class="btn btn-success btn-sm btn-block">

  131.             <i class="fa fa-plus"></i> Add Funds </a>'

  132.     );

  133.   }else{

  134.     $balancePanel->addChild('balance-amount', array(

  135.         'label' => '<h4 style="text-align:center;">'.$balanceDisplay.'</h4>',

  136.         'order' => 1

  137.     ));

  138.   }

  139. 

  140. }

  141. 

  142. add_hook("ClientAreaPageAddFunds", 0, "restrict_access_to_add_funds");

  143. add_hook("ClientAreaPrimaryNavbar", 0, "restrict_add_funds_link");

  144. add_hook("ClientAreaSecondarySidebar", 0, "add_funds_sidebar");

  145. 

  146. ?>