shell bypass 403
<?php
namespace Modules\SystemSetting\Http\Controllers;
use App\Traits\ImageStore;
use Carbon\Carbon;
use Illuminate\Support\Facades\App;
use Illuminate\Support\Str;
use Image;
use App\User;
use App\Subscription;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
use DrewM\MailChimp\MailChimp;
use App\Http\Controllers\Controller;
use Brian2694\Toastr\Facades\Toastr;
use Illuminate\Support\Facades\Config;
use Illuminate\Support\Facades\Schema;
use Illuminate\Support\Facades\Session;
use Modules\Appointment\Repositories\Interfaces\AppointmentRepositoryInterface;
use Yajra\DataTables\Facades\DataTables;
use Modules\Newsletter\Entities\NewsletterSetting;
use Modules\Newsletter\Http\Controllers\AcelleController;
class InstructorSettingController extends Controller
{
use ImageStore;
public function index()
{
try {
$instructors = [];
return view('systemsetting::instructor', compact('instructors'));
} catch (\Exception $e) {
Toastr::error(trans('common.Operation failed'), trans('common.Failed'));
return redirect()->back();
}
}
public function store(Request $request)
{
if (saasPlanCheck('instructor')) {
Toastr::error('You have reached instructor limit', trans('common.Failed'));
return redirect()->back();
}
Session::flash('type', 'store');
if (demoCheck()) {
return redirect()->back();
}
$rules = [
'name' => 'required',
'phone' => 'nullable|string|regex:/^([0-9\s\-\+\(\)]*)$/|min:5|unique:users,phone',
'email' => 'required|email|unique:users,email',
'password' => 'required|min:8|confirmed',
];
$this->validate($request, $rules, validationMessage($rules));
if (isModuleActive('Appointment')) {
$slug = Str::slug($request->name);
$exitUser = User::where('slug', $slug)->first();
if ($exitUser) {
$title = $request->name . '-' . substr(str_shuffle("qwertyuiopasdfghjklzxcvbnm"), 0, 4);
$slug = Str::slug($title);
}
}
try {
$user = new User;
$user->name = $request->name;
$user->email = $request->email;
$user->username = null;
$user->password = bcrypt($request->password);
$user->about = $request->about;
$user->dob = getPhpDateFormat($request->dob);
if (empty($request->phone)) {
$user->phone = null;
} else {
$user->phone = $request->phone;
}
$user->language_id = Settings('language_id');
$user->language_code = Settings('language_code');
$user->language_name = Settings('language_name');
$user->language_rtl = Settings('language_rtl');
$user->country = Settings('country_id');
$user->username = null;
$user->facebook = $request->facebook;
$user->twitter = $request->twitter;
$user->linkedin = $request->linkedin;
$user->instagram = $request->instagram;
$user->added_by = 1;
$user->email_verify = 1;
$user->email_verified_at = now();
if (isModuleActive('LmsSaas')) {
$user->lms_id = app('institute')->id;
} else {
$user->lms_id = 1;
}
if ($request->file('image') != "") {
$file = $request->file('image');
$user->image = $this->saveImage($file);
}
if (isModuleActive('Appointment')) {
$age = $request->dob
? Carbon::parse($request->dob)->diff(Carbon::now())->y : 0;
$user->slug = $slug;
$user->age = $age;
$user->gender = $request->gender;
$user->hour_rate = $request->hour_rate;
$user->types = json_encode($request->type);
$user->is_available = $request->available ? 1 : 0;
$user->headline = $request->headline;
$user->short_video_link = $request->video_link;
$user->available_msg = $request->available_message;
}
$user->role_id = 2;
$user->save();
if (isModuleActive('Appointment')) {
$interface = App::make(AppointmentRepositoryInterface::class);
$storeInstructorData = $interface->instructorStoreData($request->all(), $user->id);
}
applyDefaultRoleToUser($user);
assignStaffToUser($user);
if (Schema::hasTable('users') && Schema::hasTable('chat_statuses')) {
if (isModuleActive('Chat')) {
userStatusChange($user->id, 0);
}
}
$mailchimpStatus = saasEnv('MailChimp_Status') ?? false;
$getResponseStatus = saasEnv('GET_RESPONSE_STATUS') ?? false;
$acelleStatus = saasEnv('ACELLE_STATUS') ?? false;
if (hasTable('newsletter_settings')) {
$setting = NewsletterSetting::getData();
if ($setting->instructor_status == 1) {
$list = $setting->instructor_list_id;
if ($setting->instructor_service == "Mailchimp") {
if ($mailchimpStatus) {
try {
$MailChimp = new MailChimp(saasEnv('MailChimp_API'));
$MailChimp->post("lists/$list/members", [
'email_address' => $user->email,
'status' => 'subscribed',
]);
} catch (\Exception $e) {
}
}
} elseif ($setting->instructor_service == "GetResponse") {
if ($getResponseStatus) {
try {
$getResponse = new \GetResponse(saasEnv('GET_RESPONSE_API'));
$getResponse->addContact(array(
'email' => $user->email,
'campaign' => array('campaignId' => $list),
));
} catch (\Exception $e) {
}
}
} elseif ($setting->instructor_service == "Acelle") {
if ($acelleStatus) {
try {
$email = $user->email;
$make_action_url = '/subscribers?list_uid=' . $list . '&EMAIL=' . $email;
$acelleController = new AcelleController();
$response = $acelleController->curlPostRequest($make_action_url);
} catch (\Exception $e) {
}
}
} elseif ($setting->instructor_service == "Local") {
try {
$check = Subscription::where('email', '=', $user->email)->first();
if (empty($check)) {
$subscribe = new Subscription();
$subscribe->email = $user->email;
$subscribe->type = 'Instructor';
$subscribe->save();
} else {
$check->type = "Instructor";
$check->save();
}
} catch (\Exception $e) {
}
}
}
}
Toastr::success(trans('common.Operation successful'), trans('common.Success'));
return redirect()->back();
} catch (\Exception $e) {
GettingError($e->getMessage(), url()->current(), request()->ip(), request()->userAgent());
}
}
public function update(Request $request)
{
Session::flash('type', 'update');
if (demoCheck()) {
return redirect()->back();
}
$rules = [
'name' => 'required',
'phone' => 'nullable|string|regex:/^([0-9\s\-\+\(\)]*)$/|min:1|unique:users,phone,' . $request->id,
'email' => 'required|email|unique:users,email,' . $request->id,
'password' => 'bail|nullable|min:8|confirmed',
];
$this->validate($request, $rules, validationMessage($rules));
try {
if (Config::get('app.app_sync')) {
Toastr::error('For demo version you can not change this !', 'Failed');
return back();
} else {
$user = User::find($request->id);
$user->name = $request->name;
$user->email = $request->email;
$user->username = null;
$user->facebook = $request->facebook;
$user->twitter = $request->twitter;
$user->linkedin = $request->linkedin;
$user->instagram = $request->instagram;
$user->about = $request->about;
$user->dob = getPhpDateFormat($request->dob);
if (empty($request->phone)) {
$user->phone = null;
} else {
$user->phone = $request->phone;
}
if ($request->password)
$user->password = bcrypt($request->password);
$fileName = "";
if ($request->file('image') != "") {
$file = $request->file('image');
$user->image = $this->saveImage($file);
}
if (isModuleActive('Appointment')) {
if (!$user->slug && ($request->name != $user->name)) {
$user->slug = Str::slug($request->name, '-');
}
$user->hour_rate = $request->hour_rate;
$user->types = json_encode($request->type);
$user->is_available = $request->available=='on' ? 1 : 0;
$user->headline = $request->headline;
$user->short_video_link = $request->video_link;
$user->available_msg = $request->available_message;
}
$user->role_id = 2;
$user->save();
}
if (isModuleActive('Appointment')) {
$interface = App::make(AppointmentRepositoryInterface::class);
$storeInstructorData = $interface->instructorStoreData($request->all(), $user->id);
}
Toastr::success(trans('common.Operation successful'), trans('common.Success'));
return redirect()->back();
} catch (\Exception $e) {
GettingError($e->getMessage(), url()->current(), request()->ip(), request()->userAgent());
}
}
public function destroy(Request $request)
{
if (demoCheck()) {
return redirect()->back();
}
$rules = [
'id' => 'required'
];
$this->validate($request, $rules, validationMessage($rules));
try {
if (Config::get('app.app_sync')) {
Toastr::error('For demo version you can not change this !', 'Failed');
return redirect()->back();
} else {
$success = trans('lang.Instructor') . ' ' . trans('lang.Updated') . ' ' . trans('lang.Successfully');
$user = User::with('courses')->findOrFail($request->id);
if (count($user->courses) > 0) {
Toastr::error($user->name . ' has course. Please remove it first', 'Failed');
return back();
}
$user->delete();
}
Toastr::success(trans('common.Operation successful'), trans('common.Success'));
return redirect()->back();
} catch (\Exception $e) {
GettingError($e->getMessage(), url()->current(), request()->ip(), request()->userAgent());
}
}
public function getAllInstructorData(Request $request)
{
$with = [];
if (isModuleActive('OrgInstructorPolicy')) {
$with[] = 'policy';
}
$query = User::query();
if (isModuleActive('LmsSaas')) {
$query->where('lms_id', app('institute')->id);
} else {
$query->where('lms_id', 1);
}
if (isModuleActive('UserType')) {
$query->whereHas('userRoles', function ($q) {
$q->where('role_id', 2);
});
} else {
$query->where('role_id', 2);
}
$query->with($with);
return Datatables::of($query)
->addIndexColumn()
->addColumn('image', function ($query) {
return " <div class=\"profile_info\"><img src='" . getInstructorImage($query->image) . "' alt='" . $query->name . " image'></div>";
})->editColumn('name', function ($query) {
return $query->name;
})->editColumn('email', function ($query) {
return $query->email;
})->addColumn('group_policy', function ($query) {
$policy = '';
if (isModuleActive('OrgInstructorPolicy')) {
$policy = $query->policy->name;
}
return $policy;
})->addColumn('status', function ($query) {
$checked = $query->status == 1 ? "checked" : "";
$view = '';
if (permissionCheck('instructor.change_status')) {
$view .= '<label class="switch_toggle" for="active_checkbox' . $query->id . '">
<input type="checkbox" class="status_enable_disable"
id="active_checkbox' . $query->id . '" value="' . $query->id . '"
' . $checked . '><i class="slider round"></i></label>';
} else {
$view = $query->status == 1 ? trans('common.Active') : trans('common.Inactive');
}
return $view;
})->addColumn('action', function ($query) {
if (permissionCheck('instructor.edit')) {
if (isModuleActive('Appointment')) {
$instructor_edit = '<a class="dropdown-item" target="_blank" href="' . route('appointment.instructor.edit', [$query->id]) . '">' . trans('common.Edit') . '</a>';
} else {
$instructor_edit = '<button data-item-id =\'' . $query->id . '\'
class="dropdown-item editInstructor"
type="button">' . trans('common.Edit') . '</button>';
}
} else {
$instructor_edit = "";
}
if (permissionCheck('instructor.delete')) {
$instructor_delete = '<button class="dropdown-item deleteInstructor"
data-id="' . $query->id . '"
type="button">' . trans('common.Delete') . '</button>';
} else {
$instructor_delete = "";
}
$actioinView = ' <div class="dropdown CRM_dropdown">
<button class="btn btn-secondary dropdown-toggle" type="button"
id="dropdownMenu2" data-toggle="dropdown"
aria-haspopup="true"
aria-expanded="false">
' . trans('common.Action') . '
</button>
<div class="dropdown-menu dropdown-menu-right"
aria-labelledby="dropdownMenu2">
' . $instructor_edit . '
' . $instructor_delete . '
</div>
</div>';
return $actioinView;
})->rawColumns(['status', 'image', 'action'])->make(true);
}
}