diff --git a/ajax/venta.php b/ajax/venta.php
index dd98418..8ba5b34 100644
--- a/ajax/venta.php
+++ b/ajax/venta.php
@@ -3,6 +3,36 @@ require_once "../modelos/Venta.php";
if (strlen(session_id())<1)
session_start();
+ // Obtener la IP del dispositivo que ingreso
+ function getIp(): string
+ {
+ if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {
+ $ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
+ } elseif (isset($_SERVER['REMOTE_ADDR']) === true) {
+ $ip = $_SERVER['REMOTE_ADDR'];
+ if (preg_match('/^(?:127|10)\.0\.0\.[12]?\d{1,2}$/', $ip)) {
+ if (isset($_SERVER['HTTP_X_REAL_IP'])) {
+ $ip = $_SERVER['HTTP_X_REAL_IP'];
+ } elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+ $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
+ }
+ }
+ } else {
+ $ip = '127.0.0.1';
+ }
+ if (in_array($ip, ['::1', '0.0.0.0', 'localhost'], true)) {
+ $ip = '127.0.0.1';
+ }
+ $filter = filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4);
+ if ($filter === false) {
+ $ip = '127.0.0.1';
+ }
+
+ return $ip;
+ }
+
+ $ip_autorizada ='127.0.0.1';
+
$venta = new Venta();
$idventa=isset($_POST["idventa"])? limpiarCadena($_POST["idventa"]):"";
@@ -78,6 +108,7 @@ switch ($_GET["op"]) {
$rspta=$venta->listar();
$data=Array();
+if((getIp() == $ip_autorizada) || ($_SESSION['acceso']==1)) {
while ($reg=$rspta->fetch_object()) {
if ($reg->tipo_comprobante=='Ticket') {
$url='../reportes/exTicket.php?id=';
@@ -96,6 +127,26 @@ switch ($_GET["op"]) {
"7"=>($reg->estado=='Aceptado')?'Aceptado':'Devuelto'
);
}
+}else{
+ while ($reg=$rspta->fetch_object()) {
+ if ($reg->tipo_comprobante=='Ticket') {
+ $url='../reportes/exTicket.php?id=';
+ }else{
+ $url='../reportes/exFactura.php?id=';
+ }
+
+ $data[]=array(
+ "0"=>'Sin Acceso',
+ "1"=>$reg->fecha,
+ "2"=>$reg->cliente,
+ "3"=>$reg->usuario,
+ "4"=>$reg->tipo_comprobante,
+ "5"=>$reg->serie_comprobante. '-' .$reg->num_comprobante,
+ "6"=>$reg->total_venta,
+ "7"=>($reg->estado=='Aceptado')?'Aceptado':'Devuelto'
+ );
+}
+}
$results=array(
"sEcho"=>1,//info para datatables
"iTotalRecords"=>count($data),//enviamos el total de registros al datatable
diff --git a/files/articulos/1732288097.jpg b/files/articulos/1732288097.jpg
new file mode 100644
index 0000000..4704ec1
Binary files /dev/null and b/files/articulos/1732288097.jpg differ
diff --git a/vistas/header.php b/vistas/header.php
index 541d57d..0e426e7 100644
--- a/vistas/header.php
+++ b/vistas/header.php
@@ -1,7 +1,6 @@
diff --git a/vistas/venta.php b/vistas/venta.php
index 4a9490a..25f56cf 100644
--- a/vistas/venta.php
+++ b/vistas/venta.php
@@ -2,11 +2,41 @@
//activamos almacenamiento en el buffer
ob_start();
session_start();
+
+// Obtener la IP del dispositivo que ingreso
+function getIp(): string
+{
+ if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {
+ $ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
+ } elseif (isset($_SERVER['REMOTE_ADDR']) === true) {
+ $ip = $_SERVER['REMOTE_ADDR'];
+ if (preg_match('/^(?:127|10)\.0\.0\.[12]?\d{1,2}$/', $ip)) {
+ if (isset($_SERVER['HTTP_X_REAL_IP'])) {
+ $ip = $_SERVER['HTTP_X_REAL_IP'];
+ } elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+ $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
+ }
+ }
+ } else {
+ $ip = '127.0.0.1';
+ }
+ if (in_array($ip, ['::1', '0.0.0.0', 'localhost'], true)) {
+ $ip = '127.0.0.1';
+ }
+ $filter = filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4);
+ if ($filter === false) {
+ $ip = '127.0.0.1';
+ }
+
+ return $ip;
+}
+
+$ip_autorizada ='127.0.0.1';
+
if (!isset($_SESSION['nombre'])) {
header("Location: login.html");
}else{
-
require 'header.php';
if ($_SESSION['ventas']==1) {
@@ -21,10 +51,17 @@ if ($_SESSION['ventas']==1) {