/**
* nv_check_username_change()
*
* @param mixed $login
* @return
*/
function nv_check_username_change($login)
{
global $db, $lang_module, $user_info, $db_config;
$error = nv_check_valid_login($login, NV_UNICKMAX, NV_UNICKMIN);
if ($error != '') {
return preg_replace('/\\&(l|r)dquo\\;/', '', strip_tags($error));
}
if ("'" . $login . "'" != $db->quote($login)) {
return sprintf($lang_module['account_deny_name'], $login);
}
$sql = "SELECT content FROM " . NV_USERS_GLOBALTABLE . "_config WHERE config='deny_name'";
$result = $db->query($sql);
$deny_name = $result->fetchColumn();
$result->closeCursor();
if (!empty($deny_name) and preg_match('/' . $deny_name . '/i', $login)) {
return sprintf($lang_module['account_deny_name'], $login);
}
$sql = "SELECT userid FROM " . NV_USERS_GLOBALTABLE . " WHERE userid!=" . $user_info['userid'] . " AND md5username='******'";
if ($db->query($sql)->fetchColumn()) {
return sprintf($lang_module['account_registered_name'], $login);
}
$sql = "SELECT userid FROM " . NV_USERS_GLOBALTABLE . "_reg WHERE userid!=" . $user_info['userid'] . " AND md5username='******'";
if ($db->query($sql)->fetchColumn()) {
return sprintf($lang_module['account_registered_name'], $login);
}
return '';
}
/**
* nv_check_username_reg()
* Ham kiem tra ten dang nhap kha dung
*
* @param mixed $login
* @return
*/
function nv_check_username_reg($login)
{
global $db, $db_config, $lang_module;
$error = nv_check_valid_login($login, NV_UNICKMAX, NV_UNICKMIN);
if ($error != '') {
return preg_replace('/\\&(l|r)dquo\\;/', '', strip_tags($error));
}
if ("'" . $login . "'" != $db->quote($login)) {
return sprintf($lang_module['account_deny_name'], $login);
}
$sql = "SELECT content FROM " . NV_USERS_GLOBALTABLE . "_config WHERE config='deny_name'";
$result = $db->query($sql);
$deny_name = $result->fetchColumn();
$result->closeCursor();
if (!empty($deny_name) and preg_match('/' . $deny_name . '/i', $login)) {
return sprintf($lang_module['account_deny_name'], $login);
}
$stmt = $db->prepare('SELECT userid FROM ' . NV_USERS_GLOBALTABLE . ' WHERE md5username= :md5username');
$stmt->bindValue(':md5username', nv_md5safe($login), PDO::PARAM_STR);
$stmt->execute();
if ($stmt->fetchColumn()) {
return sprintf($lang_module['account_registered_name'], $login);
}
$stmt = $db->prepare('SELECT userid FROM ' . NV_USERS_GLOBALTABLE . '_reg WHERE md5username= :md5username');
$stmt->bindValue(':md5username', nv_md5safe($login), PDO::PARAM_STR);
$stmt->execute();
if ($stmt->fetchColumn()) {
return sprintf($lang_module['account_registered_name'], $login);
}
return '';
}
/**
* openidLogin_Res1()
* Function thuc hien khi OpenID duoc nhan dien
*
* @param mixed $attribs
* @return
*/
function openidLogin_Res1($attribs)
{
global $page_title, $key_words, $mod_title, $db, $crypt, $nv_Request, $lang_module, $lang_global, $module_name, $module_info, $global_config, $gfx_chk, $nv_redirect, $op, $db_config;
$email = (isset($attribs['contact/email']) and nv_check_valid_email($attribs['contact/email']) == '') ? $attribs['contact/email'] : '';
if (empty($email)) {
$nv_Request->unset_request('openid_attribs', 'session');
openidLogin_Res0($lang_module['logged_in_failed']);
die;
}
$opid = $crypt->hash($attribs['id']);
$current_mode = isset($attribs['current_mode']) ? $attribs['current_mode'] : 1;
$stmt = $db->prepare('SELECT a.userid AS uid, a.email AS uemail, b.active AS uactive FROM ' . NV_USERS_GLOBALTABLE . '_openid a, ' . NV_USERS_GLOBALTABLE . ' b
WHERE a.opid= :opid
AND a.email= :email
AND a.userid=b.userid');
$stmt->bindParam(':opid', $opid, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
list($user_id, $op_email, $user_active) = $stmt->fetch(3);
if ($user_id) {
$nv_Request->unset_request('openid_attribs', 'session');
if ($op_email != $email) {
openidLogin_Res0($lang_module['not_logged_in']);
die;
}
if (!$user_active) {
openidLogin_Res0($lang_module['login_no_active']);
die;
}
if (defined('NV_IS_USER_FORUM') and file_exists(NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/set_user_login.php')) {
require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/set_user_login.php';
if (defined('NV_IS_USER_LOGIN_FORUM_OK')) {
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
} else {
$nv_redirect = NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
}
} else {
$query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid=' . $user_id;
$row = $db->query($query)->fetch();
if (!empty($row)) {
validUserLog($row, 1, $opid, $current_mode);
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
} else {
$nv_redirect = NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
}
}
Header('Location: ' . nv_url_rewrite($nv_redirect, true));
die;
}
$stmt = $db->prepare('SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE email= :email');
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
$nv_row = $stmt->fetch();
if (!empty($nv_row)) {
$login_allowed = false;
if (empty($nv_row['password'])) {
$nv_Request->unset_request('openid_attribs', 'session');
$login_allowed = true;
}
if ($nv_Request->isset_request('openid_account_confirm', 'post')) {
$password = $nv_Request->get_string('password', 'post', '');
$nv_seccode = $nv_Request->get_title('nv_seccode', 'post', '');
$nv_seccode = !$gfx_chk ? 1 : (nv_capcha_txt($nv_seccode) ? 1 : 0);
$nv_Request->unset_request('openid_attribs', 'session');
if (defined('NV_IS_USER_FORUM') and file_exists(NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php')) {
$nv_username = $nv_row['username'];
$nv_password = $password;
require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php';
if (empty($error)) {
$login_allowed = true;
} else {
openidLogin_Res0($lang_module['openid_confirm_failed']);
die;
}
} else {
if ($crypt->validate_password($password, $nv_row['password']) and $nv_seccode) {
$login_allowed = true;
} else {
openidLogin_Res0($lang_module['openid_confirm_failed']);
die;
}
}
}
if ($login_allowed) {
$stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . intval($nv_row['userid']) . ', :server, :opid, :email )');
$stmt->bindParam(':server', $attribs['server'], PDO::PARAM_STR);
$stmt->bindParam(':opid', $opid, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
if (intval($nv_row['active']) != 1) {
openidLogin_Res0($lang_module['login_no_active']);
} else {
validUserLog($nv_row, 1, $opid, $current_mode);
Header('Location: ' . nv_url_rewrite(NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name, true));
}
die;
}
$page_title = $lang_module['openid_login'];
$key_words = $module_info['keywords'];
$mod_title = $lang_module['openid_login'];
$lang_module['login_info'] = sprintf($lang_module['openid_confirm_info'], $email);
$contents = openid_account_confirm($gfx_chk, $attribs);
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
exit;
}
if ($global_config['allowuserreg'] == 2 or $global_config['allowuserreg'] == 3) {
$query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . '_reg WHERE email= :email';
if ($global_config['allowuserreg'] == 2) {
$query .= ' AND regdate>' . (NV_CURRENTTIME - 86400);
}
$stmt = $db->prepare($query);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
$row = $stmt->fetch();
if (!empty($row)) {
if ($global_config['allowuserreg'] == 2) {
if ($nv_Request->isset_request('openid_active_confirm', 'post')) {
$nv_Request->unset_request('openid_attribs', 'session');
$password = $nv_Request->get_string('password', 'post', '');
$nv_seccode = $nv_Request->get_title('nv_seccode', 'post', '');
$nv_seccode = !$gfx_chk ? 1 : (nv_capcha_txt($nv_seccode) ? 1 : 0);
if ($crypt->validate_password($password, $row['password']) and $nv_seccode) {
$reg_attribs = set_reg_attribs($attribs);
$sql = "INSERT INTO " . NV_USERS_GLOBALTABLE . " (\n\t\t\t\t\t\t\tusername, md5username, password, email, first_name, last_name, gender, photo, birthday, regdate,\n\t\t\t\t\t\t\tquestion, answer, passlostkey, view_mail, remember, in_groups,\n\t\t\t\t\t\t\tactive, checknum, last_login, last_ip, last_agent, last_openid, idsite) VALUES (\n\t\t\t\t\t\t\t:username,\n\t\t\t\t\t\t\t:md5username,\n\t\t\t\t\t\t\t:password,\n\t\t\t\t\t\t\t:email,\n\t\t\t\t\t\t\t:first_name,\n\t\t\t\t\t\t\t:last_name,\n\t\t\t\t\t\t\t:gender,\n\t\t\t\t\t\t\t'', 0,\n\t\t\t\t\t\t\t:regdate,\n\t\t\t\t\t\t\t:question,\n\t\t\t\t\t\t\t:answer,\n\t\t\t\t\t\t\t'', 1, 1, '', 1, '', 0, '', '', '', " . $global_config['idsite'] . ")";
$data_insert = array();
$data_insert['username'] = $row['username'];
$data_insert['md5username'] = nv_md5safe($row['username']);
$data_insert['password'] = $row['password'];
$data_insert['email'] = $row['email'];
$data_insert['first_name'] = $row['first_name'];
$data_insert['last_name'] = $row['last_name'];
$data_insert['gender'] = $reg_attribs['gender'];
$data_insert['regdate'] = $row['regdate'];
$data_insert['question'] = $row['question'];
$data_insert['answer'] = $row['answer'];
$userid = $db->insert_id($sql, 'userid', $data_insert);
if (!$userid) {
openidLogin_Res0($lang_module['account_active_error']);
die;
}
$db->query('UPDATE ' . NV_GROUPS_GLOBALTABLE . ' SET numbers = numbers+1 WHERE group_id=4');
$stmt = $db->prepare('DELETE FROM ' . NV_USERS_GLOBALTABLE . '_reg WHERE userid= :userid');
$stmt->bindParam(':userid', $row['userid'], PDO::PARAM_STR);
$stmt->execute();
$stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . $userid . ', :server, :opid, :email )');
$stmt->bindParam(':server', $attribs['server'], PDO::PARAM_STR);
$stmt->bindParam(':opid', $opid, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
$query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid=' . $userid;
$result = $db->query($query);
$row = $result->fetch();
validUserLog($row, 1, $opid, $current_mode);
$info = $lang_module['account_active_ok'] . "<br /><br />\n";
$info .= "<img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n";
$info .= '[<a href="' . NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '">' . $lang_module['redirect_to_home'] . '</a>]';
$contents = user_info_exit($info);
$contents .= '<meta http-equiv="refresh" content="2;url=' . nv_url_rewrite(NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name, true) . '" />';
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
exit;
} else {
openidLogin_Res0($lang_module['openid_confirm_failed']);
die;
}
}
$page_title = $mod_title = $lang_module['openid_activate_account'];
$key_words = $module_info['keywords'];
$lang_module['login_info'] = sprintf($lang_module['openid_active_confirm_info'], $email);
$contents = openid_active_confirm($gfx_chk, $attribs);
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
exit;
} else {
$nv_Request->unset_request('openid_attribs', 'session');
openidLogin_Res0($lang_module['account_register_to_admin']);
die;
}
}
}
$option = $nv_Request->get_int('option', 'get', 0);
if (!$global_config['allowuserreg']) {
$option = 3;
}
$contents = '';
$page_title = $lang_module['openid_login'];
if ($option == 3) {
$error = '';
if ($nv_Request->isset_request('nv_login', 'post')) {
$nv_username = $nv_Request->get_title('nv_login', 'post', '', 1);
$nv_password = $nv_Request->get_title('nv_password', 'post', '');
$nv_seccode = $nv_Request->get_title('nv_seccode', 'post', '');
$check_seccode = !$gfx_chk ? true : (nv_capcha_txt($nv_seccode) ? true : false);
if (!$check_seccode) {
$error = $lang_global['securitycodeincorrect'];
} elseif (empty($nv_username)) {
$error = $lang_global['username_empty'];
} elseif (empty($nv_password)) {
$error = $lang_global['password_empty'];
} else {
if (defined('NV_IS_USER_FORUM')) {
require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php';
} else {
$error = $lang_global['loginincorrect'];
$sql = "SELECT * FROM " . NV_USERS_GLOBALTABLE . " WHERE md5username ='******'";
$row = $db->query($sql)->fetch();
if (!empty($row)) {
if ($row['username'] == $nv_username and $crypt->validate($nv_password, $row['password'])) {
if (!$row['active']) {
$error = $lang_module['login_no_active'];
} else {
$error = '';
$stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . intval($row['userid']) . ', :server, :opid, :email )');
$stmt->bindParam(':server', $attribs['server'], PDO::PARAM_STR);
$stmt->bindParam(':opid', $opid, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
validUserLog($row, 1, $opid);
}
}
}
}
}
if (empty($error)) {
$nv_Request->unset_request('openid_attribs', 'session');
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
$info = $lang_module['login_ok'] . "<br /><br />\n";
$info .= "<img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n";
$info .= '[<a href="' . $nv_redirect . '">' . $lang_module['redirect_to_back'] . '</a>]';
$contents .= user_info_exit($info);
$contents .= '<meta http-equiv="refresh" content="2;url=' . nv_url_rewrite($nv_redirect, true) . '" />';
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
exit;
}
$array_login = array('nv_login' => $nv_username, 'nv_password' => $nv_password, 'nv_redirect' => $nv_redirect, 'login_info' => '<span style="color:#fb490b;">' . $error . '</span>');
} else {
$array_login = array('nv_login' => '', 'nv_password' => '', 'login_info' => $lang_module['openid_note1'], 'nv_redirect' => $nv_redirect);
}
$contents .= user_openid_login($gfx_chk, $array_login, $attribs);
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
exit;
} elseif ($option == 1 or $option == 2) {
$nv_Request->unset_request('openid_attribs', 'session');
$reg_attribs = set_reg_attribs($attribs);
if (empty($reg_attribs['username'])) {
openidLogin_Res0($lang_module['logged_in_failed']);
die;
}
if ($option == 2) {
// Dang nhap bang mot tai khoan do he thong tao tu dong
$sql = "INSERT INTO " . NV_USERS_GLOBALTABLE . "\n\t\t\t\t(username, md5username, password, email, first_name, last_name, gender, photo, birthday, regdate,\n\t\t\t\tquestion, answer, passlostkey, view_mail, remember, in_groups,\n\t\t\t\tactive, checknum, last_login, last_ip, last_agent, last_openid, idsite) VALUES (\n\t\t\t\t:username,\n\t\t\t\t:md5username,\n\t\t\t\t'',\n\t\t\t\t:email,\n\t\t\t\t:first_name,\n\t\t\t\t:last_name,\n\t\t\t\t:gender,\n\t\t\t\t'', 0,\n\t\t\t\t" . NV_CURRENTTIME . ",\n\t\t\t\t'', '', '', 0, 0, '', 1, '', 0, '', '', '', " . intval($global_config['idsite']) . "\n\t\t\t)";
$data_insert = array();
$data_insert['username'] = $reg_attribs['username'];
$data_insert['md5username'] = nv_md5safe($reg_attribs['username']);
$data_insert['email'] = $reg_attribs['email'];
$data_insert['first_name'] = $reg_attribs['first_name'];
$data_insert['last_name'] = $reg_attribs['last_name'];
$data_insert['gender'] = ucfirst($reg_attribs['gender'] ? $reg_attribs['gender'][0] : 'N');
$userid = $db->insert_id($sql, 'userid', $data_insert);
if (!$userid) {
openidLogin_Res0($lang_module['err_no_save_account']);
die;
}
// Cap nhat so thanh vien
$db->query('UPDATE ' . NV_GROUPS_GLOBALTABLE . ' SET numbers = numbers+1 WHERE group_id=4');
$query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid=' . $userid . ' AND active=1';
$result = $db->query($query);
$row = $result->fetch();
$result->closeCursor();
// Luu vao bang thong tin tuy chinh
$query_field = array();
$query_field['userid'] = $userid;
$result_field = $db->query('SELECT * FROM ' . NV_USERS_GLOBALTABLE . '_field ORDER BY fid ASC');
while ($row_f = $result_field->fetch()) {
$query_field[$row_f['field']] = $db->quote($row_f['default_value']);
}
$db->query('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_info (' . implode(', ', array_keys($query_field)) . ') VALUES (' . implode(', ', array_values($query_field)) . ')');
// Luu vao bang OpenID
$stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . intval($row['userid']) . ', :server, :opid , :email)');
$stmt->bindParam(':server', $reg_attribs['server'], PDO::PARAM_STR);
$stmt->bindParam(':opid', $reg_attribs['opid'], PDO::PARAM_STR);
$stmt->bindParam(':email', $reg_attribs['email'], PDO::PARAM_STR);
$stmt->execute();
validUserLog($row, 1, $reg_attribs['opid'], $current_mode);
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
Header('Location: ' . nv_url_rewrite($nv_redirect, true));
exit;
} else {
$reg_attribs = serialize($reg_attribs);
$nv_Request->set_Session('reg_attribs', $reg_attribs);
Header('Location: ' . nv_url_rewrite(NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=register&openid=1&nv_redirect=' . $nv_redirect, true));
exit;
}
}
$array_user_login = array();
if (!defined('NV_IS_USER_FORUM')) {
$array_user_login[] = array('title' => $lang_module['openid_note3'], 'link' => NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=login&server=' . $attribs['server'] . '&result=1&option=1&nv_redirect=' . $nv_redirect);
$array_user_login[] = array('title' => $lang_module['openid_note4'], 'link' => NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=login&server=' . $attribs['server'] . '&result=1&option=2&nv_redirect=' . $nv_redirect);
} else {
$array_user_login[] = array('title' => $lang_module['openid_note6'], 'link' => NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=register&nv_redirect=' . $nv_redirect);
}
$array_user_login[] = array('title' => $lang_module['openid_note5'], 'link' => NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=login&server=' . $attribs['server'] . '&result=1&option=3&nv_redirect=' . $nv_redirect);
$page_title = $lang_module['openid_login'];
$key_words = $module_info['keywords'];
$mod_title = $lang_module['openid_login'];
$contents .= user_openid_login2($attribs, $array_user_login);
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
exit;
}
$error = $check_pass;
} elseif ($array_data['nv_password'] != $array_data['re_password']) {
$error = $lang_global['passwordsincorrect'];
} elseif (empty($array_data['question'])) {
$error = $lang_module['your_question_empty'];
} elseif (empty($array_data['answer_question'])) {
$error = $lang_module['answer_empty'];
} elseif (empty($error)) {
$password = $crypt->hash_password($array_data['nv_password'], $global_config['hashprefix']);
define('NV_CONFIG_GLOBALTABLE', $db_config['prefix'] . '_config');
$userid = 1;
$db->query('TRUNCATE TABLE ' . $db_config['prefix'] . '_users');
$db->query('TRUNCATE TABLE ' . $db_config['prefix'] . '_authors');
$sth = $db->prepare("INSERT INTO " . $db_config['prefix'] . "_users\n\t\t\t\t(userid, username, md5username, password, email, first_name, last_name, gender, photo, birthday, sig,\tregdate, question, answer, passlostkey, view_mail, remember, in_groups, active, checknum, last_login, last_ip, last_agent, last_openid, idsite)\n\t\t\t\tVALUES(" . $userid . ", :username, :md5username, :password, :email, :first_name, '', '', '', 0, '', " . NV_CURRENTTIME . ", :question, :answer_question, '', 0, 1, '', 1, '', " . NV_CURRENTTIME . ", '', '', '', 0)");
$sth->bindParam(':username', $array_data['nv_login'], PDO::PARAM_STR);
$sth->bindValue(':md5username', nv_md5safe($array_data['nv_login']), PDO::PARAM_STR);
$sth->bindParam(':password', $password, PDO::PARAM_STR);
$sth->bindParam(':email', $array_data['nv_email'], PDO::PARAM_STR);
$sth->bindParam(':first_name', $array_data['nv_login'], PDO::PARAM_STR);
$sth->bindParam(':question', $array_data['question'], PDO::PARAM_STR);
$sth->bindParam(':answer_question', $array_data['answer_question'], PDO::PARAM_STR);
$ok1 = $sth->execute();
$ok2 = $db->exec("INSERT INTO " . $db_config['prefix'] . "_authors (admin_id, editor, lev, files_level, position, addtime, edittime, is_suspend, susp_reason, check_num, last_login, last_ip, last_agent) VALUES(" . $userid . ", 'ckeditor', 1, 'adobe,application,archives,audio,documents,flash,images,real,video|1|1|1', 'Administrator', 0, 0, 0, '', '', 0, '', '')");
if ($ok1 and $ok2) {
try {
$db->query('INSERT INTO ' . $db_config['prefix'] . '_users_info (userid) VALUES (' . $userid . ')');
$db->query("INSERT INTO " . $db_config['prefix'] . "_groups_users (group_id, userid, data) VALUES(1, " . $userid . ", '0')");
$db->query("INSERT INTO " . NV_CONFIG_GLOBALTABLE . " (lang, module, config_name, config_value) VALUES ('sys', 'site', 'statistics_timezone', " . $db->quote(NV_SITE_TIMEZONE_NAME) . ")");
$db->query("INSERT INTO " . NV_CONFIG_GLOBALTABLE . " (lang, module, config_name, config_value) VALUES ('sys', 'site', 'site_email', " . $db->quote($global_config['site_email']) . ")");
$db->query("INSERT INTO " . NV_CONFIG_GLOBALTABLE . " (lang, module, config_name, config_value) VALUES ('sys', 'global', 'error_set_logs', " . $db->quote($global_config['error_set_logs']) . ")");
$db->query("INSERT INTO " . NV_CONFIG_GLOBALTABLE . " (lang, module, config_name, config_value) VALUES ('sys', 'global', 'error_send_email', " . $db->quote($global_config['site_email']) . ")");
$in_groups = array_intersect($in_groups, array_keys($groups_list));
$in_groups_hiden = array_diff($array_old_groups, array_keys($groups_list));
$in_groups = array_unique(array_merge($in_groups, $in_groups_hiden));
$in_groups_del = array_diff($array_old_groups, $in_groups);
if (!empty($in_groups_del)) {
foreach ($in_groups_del as $gid) {
nv_groups_del_user($gid, $userid);
}
}
$in_groups_add = array_diff($in_groups, $array_old_groups);
if (!empty($in_groups_add)) {
foreach ($in_groups_add as $gid) {
nv_groups_add_user($gid, $userid);
}
}
$db->query("UPDATE " . NV_USERS_GLOBALTABLE . " SET\n\t\t\t\tusername="******",\n\t\t\t\tmd5username='******'username']) . "',\n\t\t\t\tpassword="******",\n\t\t\t\temail=" . $db->quote($_user['email']) . ",\n\t\t\t\tfirst_name=" . $db->quote($_user['first_name']) . ",\n\t\t\t\tlast_name=" . $db->quote($_user['last_name']) . ",\n\t\t\t\tgender=" . $db->quote($_user['gender']) . ",\n\t\t\t\tphoto=" . $db->quote(nv_unhtmlspecialchars($_user['photo'])) . ",\n\t\t\t\tbirthday=" . $_user['birthday'] . ",\n\t\t\t\tsig=" . $db->quote($_user['sig']) . ",\n\t\t\t\tquestion=" . $db->quote($_user['question']) . ",\n\t\t\t\tanswer=" . $db->quote($_user['answer']) . ",\n\t\t\t\tview_mail=" . $_user['view_mail'] . ",\n\t\t\t\tin_groups='" . implode(',', $in_groups) . "'\n\t\t\t\tWHERE userid=" . $userid);
if (!empty($array_field_config)) {
$db->query('UPDATE ' . NV_USERS_GLOBALTABLE . '_info SET ' . implode(', ', $query_field) . ' WHERE userid=' . $userid);
}
nv_insert_logs(NV_LANG_DATA, $module_name, 'log_edit_user', 'userid ' . $userid, $admin_info['userid']);
Header('Location: ' . NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name);
exit;
}
}
} else {
$_user = $row;
$_user['password1'] = $_user['password2'] = '';
$_user['birthday'] = !empty($_user['birthday']) ? date('d/m/Y', $_user['birthday']) : '';
$_user['in_groups'] = $array_old_groups;
if (!empty($_user['sig'])) {
$_user['sig'] = nv_br2nl($_user['sig']);
}
die('NO');
}
//Kich hoat thanh vien
if ($nv_Request->isset_request('act', 'get')) {
$userid = $nv_Request->get_int('userid', 'get', 0);
$sql = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . '_reg WHERE userid=' . $userid;
$row = $db->query($sql)->fetch();
if (empty($row)) {
Header('Location: ' . NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name);
die;
}
$sql = "INSERT INTO " . NV_USERS_GLOBALTABLE . " (\n\t\tusername, md5username, password, email, first_name, last_name, gender, photo, birthday,\n\t\tregdate, question,\n\t\tanswer, passlostkey, view_mail, remember, in_groups, active, checknum,\n\t\tlast_login, last_ip, last_agent, last_openid, idsite\n\t\t) VALUES (\n\t\t:username,\n\t\t:md5_username,\n\t\t:password,\n\t\t:email,\n\t\t:first_name,\n\t\t:last_name,\n\t\t'', '', 0, " . $row['regdate'] . ",\n\t\t:question,\n\t\t:answer,\n\t\t'', 0, 0, '', 1, '', 0, '', '', '', " . $global_config['idsite'] . ")";
$data_insert = array();
$data_insert['username'] = $row['username'];
$data_insert['md5_username'] = nv_md5safe($row['username']);
$data_insert['password'] = $row['password'];
$data_insert['email'] = nv_strtolower($row['email']);
$data_insert['first_name'] = $row['first_name'];
$data_insert['last_name'] = $row['last_name'];
$data_insert['question'] = $row['question'];
$data_insert['answer'] = $row['answer'];
$userid = $db->insert_id($sql, 'userid', $data_insert);
if ($userid) {
// Luu vao bang OpenID
if (!empty($row['openid_info'])) {
$reg_attribs = unserialize(nv_base64_decode($row['openid_info']));
$stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . $userid . ', :server, :opid , :email)');
$stmt->bindParam(':server', $reg_attribs['server'], PDO::PARAM_STR);
$stmt->bindParam(':opid', $reg_attribs['opid'], PDO::PARAM_STR);
$stmt->bindParam(':email', $reg_attribs['email'], PDO::PARAM_STR);
/**
* set_reg_attribs()
*
* @param mixed $attribs
* @return
*/
function set_reg_attribs($attribs)
{
global $crypt, $db, $db_config, $global_config, $module_upload;
$reg_attribs = array();
$reg_attribs['server'] = $attribs['server'];
$reg_attribs['username'] = '';
$reg_attribs['email'] = $attribs['contact/email'];
$reg_attribs['first_name'] = '';
$reg_attribs['last_name'] = '';
$reg_attribs['gender'] = '';
$reg_attribs['yim'] = '';
$reg_attribs['photo'] = '';
$reg_attribs['openid'] = $attribs['id'];
$reg_attribs['opid'] = $crypt->hash($attribs['id']);
$username = explode('@', $attribs['contact/email']);
$username = array_shift($username);
if ($attribs['server'] == 'yahoo') {
$reg_attribs['yim'] = $username;
}
$username = str_pad($username, NV_UNICKMIN, '0', STR_PAD_RIGHT);
$username = substr($username, 0, NV_UNICKMAX - 2);
$username2 = $username;
for ($i = 0; $i < 100; ++$i) {
if ($i > 0) {
$username2 = $username . str_pad($i, 2, '0', STR_PAD_LEFT);
}
$query = "SELECT userid FROM " . NV_USERS_GLOBALTABLE . " WHERE md5username='******'";
$userid = $db->query($query)->fetchColumn();
if (!$userid) {
$query = "SELECT userid FROM " . NV_USERS_GLOBALTABLE . "_reg WHERE md5username='******'";
$userid = $db->query($query)->fetchColumn();
if (!$userid) {
$reg_attribs['username'] = $username2;
break;
}
}
}
if (isset($attribs['namePerson/first']) and !empty($attribs['namePerson/first'])) {
$reg_attribs['first_name'] = $attribs['namePerson/first'];
} elseif (isset($attribs['namePerson/friendly']) and !empty($attribs['namePerson/friendly'])) {
$reg_attribs['first_name'] = $attribs['namePerson/friendly'];
} elseif (isset($attribs['namePerson']) and !empty($attribs['namePerson'])) {
$reg_attribs['first_name'] = $attribs['namePerson'];
}
if (isset($attribs['namePerson/last']) and !empty($attribs['namePerson/last'])) {
$reg_attribs['last_name'] = $attribs['namePerson/last'];
}
if (isset($attribs['person/gender']) and !empty($attribs['person/gender'])) {
$reg_attribs['gender'] = $attribs['person/gender'];
}
if ($global_config['allowuserreg'] == 1 or $global_config['allowuserreg'] == 2) {
if (!empty($attribs['picture_url']) and empty($attribs['picture_mode'])) {
$upload = new NukeViet\Files\Upload(array('images'), $global_config['forbid_extensions'], $global_config['forbid_mimes'], NV_UPLOAD_MAX_FILESIZE, NV_MAX_WIDTH, NV_MAX_HEIGHT);
$upload_info = $upload->save_urlfile($attribs['picture_url'], NV_UPLOADS_REAL_DIR . '/' . $module_upload, false);
if (empty($upload_info['error'])) {
$basename = change_alias($reg_attribs['username']) . '.' . nv_getextension($upload_info['basename']);
$newname = $basename;
$fullname = $upload_info['name'];
$i = 1;
while (file_exists(NV_UPLOADS_REAL_DIR . '/' . $module_upload . '/' . $newname)) {
$newname = preg_replace('/(.*)(\\.[a-zA-Z0-9]+)$/', '\\1_' . $i . '\\2', $basename);
++$i;
}
$check = nv_renamefile($fullname, NV_UPLOADS_REAL_DIR . '/' . $module_upload . '/' . $newname);
if ($check[0] == 1) {
$reg_attribs['photo'] = NV_UPLOADS_DIR . '/' . $module_upload . '/' . $newname;
}
}
}
}
return $reg_attribs;
}
$data['nv_seccode'] = $nv_Request->get_title('nv_seccode', 'post', '');
$data['nv_redirect'] = $nv_Request->get_title('nv_redirect', 'get, post', '');
$checkss = $nv_Request->get_title('checkss', 'post', '');
$seccode = $nv_Request->get_string('lostpass_seccode', 'session', '');
$step = 1;
$error = $question = '';
if ($checkss == $data['checkss']) {
if (!empty($seccode) and md5($data['nv_seccode']) == $seccode or nv_capcha_txt($data['nv_seccode'])) {
if (!empty($data['userField'])) {
$check_email = nv_check_valid_email($data['userField']);
if (empty($check_email)) {
$sql = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE email= :userField AND active=1';
$userField = $data['userField'];
} else {
$sql = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE md5username=:userField AND active=1';
$userField = nv_md5safe($data['userField']);
}
$stmt = $db->prepare($sql);
$stmt->bindParam(':userField', $userField, PDO::PARAM_STR);
$stmt->execute();
$row = $stmt->fetch();
if (!empty($row)) {
$step = 2;
if (empty($seccode)) {
$nv_Request->set_Session('lostpass_seccode', md5($data['nv_seccode']));
}
$question = $row['question'];
$info = '';
if (!empty($row['opid']) and empty($row['password'])) {
$info = $lang_module['openid_lostpass_info'];
} elseif ($global_config['allowquestion'] and (empty($row['question']) or empty($row['answer']))) {
$_user['email'] = nv_strtolower($nv_Request->get_title('email', 'post', '', 1));
$_user['password1'] = $nv_Request->get_title('password1', 'post', '', 0);
$_user['password2'] = $nv_Request->get_title('password2', 'post', '', 0);
$_user['question'] = nv_substr($nv_Request->get_title('question', 'post', '', 1), 0, 255);
$_user['answer'] = nv_substr($nv_Request->get_title('answer', 'post', '', 1), 0, 255);
$_user['first_name'] = nv_substr($nv_Request->get_title('first_name', 'post', '', 1), 0, 255);
$_user['last_name'] = nv_substr($nv_Request->get_title('last_name', 'post', '', 1), 0, 255);
$_user['gender'] = nv_substr($nv_Request->get_title('gender', 'post', '', 1), 0, 1);
$_user['view_mail'] = $nv_Request->get_int('view_mail', 'post', 0);
$_user['sig'] = $nv_Request->get_textarea('sig', '', NV_ALLOWED_HTML_TAGS);
$_user['birthday'] = $nv_Request->get_title('birthday', 'post');
$_user['in_groups'] = $nv_Request->get_typed_array('group', 'post', 'int');
$_user['in_groups_default'] = $nv_Request->get_int('group_default', 'post', 0);
$_user['photo'] = nv_substr($nv_Request->get_title('photo', 'post', '', 1), 0, 255);
$_user['is_official'] = $nv_Request->get_int('is_official', 'post', 0);
$md5username = nv_md5safe($_user['username']);
if (($error_username = nv_check_valid_login($_user['username'], NV_UNICKMAX, NV_UNICKMIN)) != '') {
die(json_encode(array('status' => 'error', 'input' => 'username', 'mess' => $error_username)));
}
if ("'" . $_user['username'] . "'" != $db->quote($_user['username'])) {
die(json_encode(array('status' => 'error', 'input' => 'username', 'mess' => sprintf($lang_module['account_deny_name'], $_user['username']))));
}
// Thực hiện câu truy vấn để kiểm tra username đã tồn tại chưa.
$stmt = $db->prepare('SELECT userid FROM ' . NV_MOD_TABLE . ' WHERE md5username= :md5username');
$stmt->bindParam(':md5username', $md5username, PDO::PARAM_STR);
$stmt->execute();
$query_error_username = $stmt->fetchColumn();
if ($query_error_username) {
die(json_encode(array('status' => 'error', 'input' => 'username', 'mess' => $lang_module['edit_error_username_exist'])));
}
if (($error_xemail = nv_check_valid_email($_user['email'])) != '') {
<?php
define('NV_SYSTEM', true);
// Xac dinh thu muc goc cua site
define('NV_ROOTDIR', pathinfo(str_replace(DIRECTORY_SEPARATOR, '/', __FILE__), PATHINFO_DIRNAME));
require NV_ROOTDIR . '/includes/mainfile.php';
$username = '******';
// Tên tài khoản cần reset mật khẩu
$newpassword = '******';
// Mật khẩu mới
$client_ip = '113.190.237.5';
// IP của máy tính reset mật khẩu, có thể lấy thông số này qua trang http://checkip.dyndns.org hoặc checkip.org
$sitekey = 'sitekey-sitekey-sitekey-sitekey';
//sitekey của site, lấy từ file config.php
if (NV_CLIENT_IP == $client_ip and $global_config['sitekey'] == $sitekey) {
$newpassword = trim($newpassword);
$password = isset($global_config['hashprefix']) ? $crypt->hash_password($newpassword, $global_config['hashprefix']) : $crypt->hash($newpassword);
if ($db->exec("UPDATE " . NV_USERS_GLOBALTABLE . " SET password="******" WHERE md5username='******'")) {
nv_insert_logs(NV_LANG_DATA, 'users', 'Tool Reset Password: '******'Client IP: ' . $client_ip, 0);
die('Reset password success. Delete this file immediately');
} else {
die('No Reset password');
}
} else {
die('Error sitekey or client_ip: ' . NV_CLIENT_IP);
}
if (defined('NV_IS_USER_FORUM')) {
define('NV_IS_MOD_USER', true);
require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php';
if (empty($nv_username)) {
$nv_username = $nv_Request->get_title('nv_login', 'post', '', 1);
}
if (empty($nv_password)) {
$nv_password = $nv_Request->get_title('nv_password', 'post', '');
}
}
$userid = 0;
if (nv_check_valid_email($nv_username) == '') {
$sql = "SELECT * FROM " . NV_USERS_GLOBALTABLE . " WHERE email =" . $db->quote($nv_username);
$login_email = true;
} else {
$sql = "SELECT * FROM " . NV_USERS_GLOBALTABLE . " WHERE md5username ='******'";
$login_email = false;
}
$row = $db->query($sql)->fetch();
if (empty($row)) {
nv_insert_logs(NV_LANG_DATA, 'login', '[' . $nv_username . '] ' . $lang_global['loginsubmit'] . ' ' . $lang_global['fail'], ' Client IP:' . NV_CLIENT_IP, 0);
} else {
if (($row['username'] == $nv_username and $login_email == false or $row['email'] == $nv_username and $login_email == true) and $crypt->validate_password($nv_password, $row['password'])) {
$userid = $row['userid'];
}
}
$error = $lang_global['loginincorrect'];
if ($userid > 0) {
$row = $db->query('SELECT t1.admin_id as admin_id, t1.lev as admin_lev, t1.last_agent as admin_last_agent, t1.last_ip as admin_last_ip, t1.last_login as admin_last_login, t2.password as admin_pass FROM ' . NV_AUTHORS_GLOBALTABLE . ' t1 INNER JOIN ' . NV_USERS_GLOBALTABLE . ' t2 ON t1.admin_id = t2.userid WHERE t1.admin_id = ' . $userid . ' AND t1.lev!=0 AND t1.is_suspend=0 AND t2.active=1')->fetch();
if (!empty($row)) {
$admin_lev = intval($row['admin_lev']);
exit;
}
if ($nv_Request->get_int('save', 'post', 0)) {
$userid = $nv_Request->get_title('userid', 'post', 0);
$lev = $nv_Request->get_int('lev', 'post', 0);
$editor = $nv_Request->get_title('editor', 'post');
$allow_files_type = $nv_Request->get_array('allow_files_type', 'post', array());
$allow_create_subdirectories = $nv_Request->get_int('allow_create_subdirectories', 'post', 0);
$allow_modify_files = $nv_Request->get_int('allow_modify_files', 'post', 0);
$allow_modify_subdirectories = $nv_Request->get_int('allow_modify_subdirectories', 'post', 0);
$modules = $nv_Request->get_array('modules', 'post', array());
$position = $nv_Request->get_title('position', 'post', '', 1);
if (preg_match('/^([0-9]+)$/', $userid)) {
$sql = 'SELECT userid, username, active FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid=' . intval($userid);
} else {
$md5username = nv_md5safe($userid);
$sql = 'SELECT userid, username, active FROM ' . NV_USERS_GLOBALTABLE . ' WHERE md5username='******'add_error_choose']);
}
$sql = 'SELECT COUNT(*) FROM ' . NV_AUTHORS_GLOBALTABLE . ' WHERE admin_id=' . $userid;
$count = $db->query($sql)->fetchColumn();
if ($count) {
die($lang_module['add_error_exist']);
}
if (empty($userid)) {
die($lang_module['add_error_notexist']);
}
if (empty($position)) {
if (empty($_user['photo'])) {
$_user['photo'] = $row['photo'];
}
if ($row['group_id'] == 7) {
if (!$_user['is_official']) {
$_user['in_groups_default'] = 7;
$in_groups[] = 7;
} else {
$db->query('UPDATE ' . NV_MOD_TABLE . '_groups SET numbers = numbers+1 WHERE group_id=4');
$db->query('UPDATE ' . NV_MOD_TABLE . '_groups SET numbers = numbers-1 WHERE group_id=7');
if ($_user['in_groups_default'] == 7) {
$_user['in_groups_default'] = 4;
}
}
}
$db->query("UPDATE " . NV_MOD_TABLE . " SET\n group_id=" . $_user['in_groups_default'] . ",\n username="******",\n md5username='******'username']) . "',\n password="******",\n email=" . $db->quote($_user['email']) . ",\n first_name=" . $db->quote($_user['first_name']) . ",\n last_name=" . $db->quote($_user['last_name']) . ",\n gender=" . $db->quote($_user['gender']) . ",\n photo=" . $db->quote(nv_unhtmlspecialchars($_user['photo'])) . ",\n birthday=" . $_user['birthday'] . ",\n sig=" . $db->quote($_user['sig']) . ",\n question=" . $db->quote($_user['question']) . ",\n answer=" . $db->quote($_user['answer']) . ",\n view_mail=" . $_user['view_mail'] . ",\n in_groups='" . implode(',', $in_groups) . "'\n WHERE userid=" . $userid);
if (!empty($array_field_config)) {
$db->query('UPDATE ' . NV_MOD_TABLE . '_info SET ' . implode(', ', $query_field) . ' WHERE userid=' . $userid);
}
nv_insert_logs(NV_LANG_DATA, $module_name, 'log_edit_user', 'userid ' . $userid, $admin_info['userid']);
die(json_encode(array('status' => 'ok', 'input' => '', 'admin_add' => 'no', 'mess' => '')));
}
$_user = $row;
$_user['password1'] = $_user['password2'] = '';
$_user['birthday'] = !empty($_user['birthday']) ? date('d/m/Y', $_user['birthday']) : '';
$_user['in_groups'] = $array_old_groups;
if (!empty($_user['sig'])) {
$_user['sig'] = nv_br2nl($_user['sig']);
}
$sql = 'SELECT * FROM ' . NV_MOD_TABLE . '_info WHERE userid=' . $userid;
$result = $db->query($sql);
