/** * ===================================================================== * TERROSEAL PMS — PAGE 12 MODULE: ADMIN PANEL * ===================================================================== * HOW TO INSTALL: paste this ENTIRE block at the BOTTOM of your * existing /wp-content/plugins/tpms-auth/tpms-auth.php (same PHP * context — do NOT add another " 'Not logged in' ), 401 ); } if ( tpms_get_user_tpms_role( get_current_user_id() ) !== 'super_admin' ) { wp_send_json_error( array( 'message' => 'Sirf Super Admin is panel ko access kar sakta hai.' ) ); } } // --------------------------------------------------------------------- // 1. ACCOUNT DISABLE ENFORCEMENT // Hooks BEFORE the Page 1 login handlers (priority 5 vs their default // 10) and short-circuits with wp_send_json_error() (which internally // calls wp_die()) if the target account is flagged disabled — this # stops the later-priority login handler from ever running. // --------------------------------------------------------------------- function tpms_block_disabled_login_by_identifier( $identifier ) { global $wpdb; $user = get_user_by( 'login', $identifier ); if ( ! $user ) $user = get_user_by( 'email', $identifier ); if ( ! $user ) { $found = get_users( array( 'meta_key' => 'tpms_mobile', 'meta_value' => $identifier, 'number' => 1 ) ); $user = $found ? $found[0] : false; } if ( $user && get_user_meta( $user->ID, 'tpms_disabled', true ) === '1' ) { wp_send_json_error( array( 'message' => 'Ye account disabled kar diya gaya hai. Admin se contact karein.' ) ); } } add_action( 'wp_ajax_nopriv_tpms_password_login', function() { tpms_block_disabled_login_by_identifier( sanitize_text_field( $_POST['identifier'] ?? '' ) ); }, 5 ); add_action( 'wp_ajax_tpms_password_login', function() { tpms_block_disabled_login_by_identifier( sanitize_text_field( $_POST['identifier'] ?? '' ) ); }, 5 ); add_action( 'wp_ajax_nopriv_tpms_verify_otp', function() { tpms_block_disabled_login_by_identifier( preg_replace( '/[^0-9]/', '', $_POST['mobile'] ?? '' ) ); }, 5 ); add_action( 'wp_ajax_tpms_verify_otp', function() { tpms_block_disabled_login_by_identifier( preg_replace( '/[^0-9]/', '', $_POST['mobile'] ?? '' ) ); }, 5 ); // --------------------------------------------------------------------- // 2. AJAX: LIST USERS (with TPMS role, mobile, disabled state) // --------------------------------------------------------------------- add_action( 'wp_ajax_tpms_admin_get_users', 'tpms_handle_admin_get_users' ); function tpms_handle_admin_get_users() { check_ajax_referer( 'tpms_auth_nonce', 'nonce' ); tpms_require_super_admin(); $tpms_roles = array( 'tpms_super_admin','tpms_management','tpms_technical','tpms_franchise','tpms_warehouse','tpms_accountant','tpms_sales','tpms_customer' ); $users = get_users( array( 'role__in' => $tpms_roles, 'orderby' => 'display_name' ) ); $result = array(); foreach ( $users as $u ) { $result[] = array( 'id' => $u->ID, 'name' => $u->display_name, 'email' => $u->user_email, 'mobile' => get_user_meta( $u->ID, 'tpms_mobile', true ), 'role' => tpms_get_user_tpms_role( $u->ID ), 'disabled' => get_user_meta( $u->ID, 'tpms_disabled', true ) === '1', 'registered' => $u->user_registered, ); } wp_send_json_success( array( 'items' => $result ) ); } // --------------------------------------------------------------------- // 3. AJAX: CREATE USER // --------------------------------------------------------------------- add_action( 'wp_ajax_tpms_admin_create_user', 'tpms_handle_admin_create_user' ); function tpms_handle_admin_create_user() { check_ajax_referer( 'tpms_auth_nonce', 'nonce' ); tpms_require_super_admin(); $name = sanitize_text_field( $_POST['name'] ?? '' ); $email = sanitize_email( $_POST['email'] ?? '' ); $mobile = preg_replace( '/[^0-9]/', '', $_POST['mobile'] ?? '' ); $role = sanitize_text_field( $_POST['role'] ?? '' ); $password = $_POST['password'] ?? ''; $valid_roles = array( 'super_admin','management','technical','franchise','warehouse','accountant','sales','customer' ); if ( empty( $name ) || empty( $email ) || ! in_array( $role, $valid_roles ) || strlen( $password ) < 8 ) { wp_send_json_error( array( 'message' => 'Naam, valid email, role, aur kam se kam 8-character password zaroori hai.' ) ); } if ( email_exists( $email ) ) wp_send_json_error( array( 'message' => 'Ye email pehle se registered hai.' ) ); $username = sanitize_user( strtolower( str_replace( ' ', '.', $name ) ) . '.' . wp_rand( 100, 999 ) ); $user_id = wp_create_user( $username, $password, $email ); if ( is_wp_error( $user_id ) ) wp_send_json_error( array( 'message' => $user_id->get_error_message() ) ); $user = new WP_User( $user_id ); $user->set_role( 'tpms_' . $role ); wp_update_user( array( 'ID' => $user_id, 'display_name' => $name ) ); if ( $mobile ) update_user_meta( $user_id, 'tpms_mobile', $mobile ); wp_send_json_success( array( 'message' => 'User create ho gaya.', 'username' => $username, 'user_id' => $user_id ) ); } // --------------------------------------------------------------------- // 4. AJAX: UPDATE USER ROLE // --------------------------------------------------------------------- add_action( 'wp_ajax_tpms_admin_update_user_role', 'tpms_handle_admin_update_user_role' ); function tpms_handle_admin_update_user_role() { check_ajax_referer( 'tpms_auth_nonce', 'nonce' ); tpms_require_super_admin(); $target_id = intval( $_POST['user_id'] ?? 0 ); $role = sanitize_text_field( $_POST['role'] ?? '' ); $valid_roles = array( 'super_admin','management','technical','franchise','warehouse','accountant','sales','customer' ); if ( ! $target_id || ! in_array( $role, $valid_roles ) ) wp_send_json_error( array( 'message' => 'Invalid input.' ) ); $user = new WP_User( $target_id ); if ( ! $user->exists() ) wp_send_json_error( array( 'message' => 'User not found.' ) ); $user->set_role( 'tpms_' . $role ); wp_send_json_success( array( 'message' => 'Role update ho gaya.' ) ); } // --------------------------------------------------------------------- // 5. AJAX: TOGGLE USER ENABLED/DISABLED // --------------------------------------------------------------------- add_action( 'wp_ajax_tpms_admin_toggle_user', 'tpms_handle_admin_toggle_user' ); function tpms_handle_admin_toggle_user() { check_ajax_referer( 'tpms_auth_nonce', 'nonce' ); tpms_require_super_admin(); $target_id = intval( $_POST['user_id'] ?? 0 ); $disable = ! empty( $_POST['disable'] ) && $_POST['disable'] === '1'; if ( $target_id === get_current_user_id() && $disable ) { wp_send_json_error( array( 'message' => 'Aap khud ka account disable nahi kar sakte.' ) ); } update_user_meta( $target_id, 'tpms_disabled', $disable ? '1' : '0' ); wp_send_json_success( array( 'message' => $disable ? 'User disabled.' : 'User re-enabled.' ) ); } // --------------------------------------------------------------------- // 6. AJAX: MATERIAL FORMULAS — list / save / delete // --------------------------------------------------------------------- add_action( 'wp_ajax_tpms_admin_get_formulas', 'tpms_handle_admin_get_formulas' ); function tpms_handle_admin_get_formulas() { check_ajax_referer( 'tpms_auth_nonce', 'nonce' ); tpms_require_super_admin(); global $wpdb; $rows = $wpdb->get_results( "SELECT * FROM {$wpdb->prefix}tpms_material_formulas ORDER BY therapy, material_name", ARRAY_A ); wp_send_json_success( array( 'items' => $rows ) ); } add_action( 'wp_ajax_tpms_admin_save_formula', 'tpms_handle_admin_save_formula' ); function tpms_handle_admin_save_formula() { check_ajax_referer( 'tpms_auth_nonce', 'nonce' ); tpms_require_super_admin(); global $wpdb; $id = intval( $_POST['id'] ?? 0 ); $data = array( 'therapy' => sanitize_text_field( $_POST['therapy'] ?? '' ), 'material_name' => sanitize_text_field( $_POST['material_name'] ?? '' ), 'unit' => sanitize_text_field( $_POST['unit'] ?? '' ), 'qty_per_sqft' => floatval( $_POST['qty_per_sqft'] ?? 0 ), 'unit_cost' => floatval( $_POST['unit_cost'] ?? 0 ), 'is_active' => ! empty( $_POST['is_active'] ) ? 1 : 0, ); if ( empty( $data['therapy'] ) || empty( $data['material_name'] ) ) { wp_send_json_error( array( 'message' => 'Therapy aur Material name zaroori hai.' ) ); } if ( $id ) { $wpdb->update( "{$wpdb->prefix}tpms_material_formulas", $data, array( 'id' => $id ) ); } else { $wpdb->insert( "{$wpdb->prefix}tpms_material_formulas", $data ); $id = $wpdb->insert_id; } wp_send_json_success( array( 'message' => 'Formula saved.', 'id' => $id ) ); } add_action( 'wp_ajax_tpms_admin_delete_formula', 'tpms_handle_admin_delete_formula' ); function tpms_handle_admin_delete_formula() { check_ajax_referer( 'tpms_auth_nonce', 'nonce' ); tpms_require_super_admin(); global $wpdb; $id = intval( $_POST['id'] ?? 0 ); $wpdb->delete( "{$wpdb->prefix}tpms_material_formulas", array( 'id' => $id ) ); wp_send_json_success( array( 'message' => 'Formula deleted.' ) ); } // --------------------------------------------------------------------- // 7. AJAX: FRANCHISE PROFILES — list / admin-edit any franchise's profile // --------------------------------------------------------------------- add_action( 'wp_ajax_tpms_admin_get_franchise_profiles', 'tpms_handle_admin_get_franchise_profiles' ); function tpms_handle_admin_get_franchise_profiles() { check_ajax_referer( 'tpms_auth_nonce', 'nonce' ); tpms_require_super_admin(); global $wpdb; $franchises = get_users( array( 'role' => 'tpms_franchise' ) ); $result = array(); foreach ( $franchises as $f ) { $profile = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}tpms_franchise_profiles WHERE franchise_id = %d", $f->ID ), ARRAY_A ); $result[] = array( 'user_id' => $f->ID, 'name' => $f->display_name, 'profile' => $profile ?: null ); } wp_send_json_success( array( 'items' => $result ) ); } add_action( 'wp_ajax_tpms_admin_save_franchise_profile', 'tpms_handle_admin_save_franchise_profile' ); function tpms_handle_admin_save_franchise_profile() { check_ajax_referer( 'tpms_auth_nonce', 'nonce' ); tpms_require_super_admin(); global $wpdb; $franchise_id = intval( $_POST['franchise_id'] ?? 0 ); if ( ! $franchise_id ) wp_send_json_error( array( 'message' => 'Invalid franchise.' ) ); $table = "{$wpdb->prefix}tpms_franchise_profiles"; $data = array( 'business_name' => sanitize_text_field( $_POST['business_name'] ?? '' ), 'franchise_code' => sanitize_text_field( $_POST['franchise_code'] ?? '' ), 'office_address' => sanitize_textarea_field( $_POST['office_address'] ?? '' ), 'helpline' => sanitize_text_field( $_POST['helpline'] ?? '' ), 'bank_name' => sanitize_text_field( $_POST['bank_name'] ?? '' ), 'account_number' => sanitize_text_field( $_POST['account_number'] ?? '' ), 'ifsc_code' => sanitize_text_field( $_POST['ifsc_code'] ?? '' ), ); $exists = $wpdb->get_var( $wpdb->prepare( "SELECT id FROM $table WHERE franchise_id = %d", $franchise_id ) ); if ( $exists ) { $wpdb->update( $table, $data, array( 'franchise_id' => $franchise_id ) ); } else { $data['franchise_id'] = $franchise_id; $wpdb->insert( $table, $data ); } wp_send_json_success( array( 'message' => 'Franchise profile saved.' ) ); } https://tms.archmatexpo.com/wp-sitemap-posts-post-1.xmlhttps://tms.archmatexpo.com/wp-sitemap-posts-page-1.xmlhttps://tms.archmatexpo.com/wp-sitemap-taxonomies-category-1.xmlhttps://tms.archmatexpo.com/wp-sitemap-users-1.xml