if (in_array($groupid_i, $array_groupid_in_row)) {
$ch = ' checked="checked"';
}
$image = '';
if (!empty($data_group['image']) and file_exists(NV_BASE_SITEURL . NV_UPLOADS_DIR . '/' . $module_upload . '/' . $data_group['image'])) {
$image = NV_BASE_SITEURL . NV_UPLOADS_DIR . '/' . $module_upload . '/' . $data_group['image'];
$image = '<img src="' . $image . '" style="margin-top: -3px; max-width: 16px; max-height: 16px" alt="' . $groupinfo_i['title'] . '" />';
}
$contents_temp .= '<label class="col-xs-24 col-sm-4"><input type="checkbox" name="groupids[]" value="' . $groupid_i . '"' . $ch . ' />' . $image . $data_group['title'] . '</label>';
}
}
return $contents_temp;
}
$cid = $nv_Request->get_int('cid', 'get', 0);
$inrow = $nv_Request->get_string('inrow', 'get', '');
$inrow = nv_base64_decode($inrow);
$array_groupid_in_row = unserialize($inrow);
$contents_temp_cate = '';
if ($cid > 0) {
$cid = GetParentCatFilter($cid);
$arr_groupid = array();
$result = $db->query('SELECT t1.groupid FROM ' . $db_config['prefix'] . '_' . $module_data . '_group t1 INNER JOIN ' . $db_config['prefix'] . '_' . $module_data . '_group_cateid t2 ON t1.groupid = t2.groupid WHERE t2.cateid = ' . $cid);
while (list($groupid) = $result->fetch(3)) {
$arr_groupid[$groupid] = GetGroupidInParent($groupid, 0, 1);
}
foreach ($arr_groupid as $groupid_i => $subgroupid_i) {
$data_group = $global_array_group[$groupid_i];
$require = '';
if ($data_group['is_require']) {
$require = ' <span class="require">(*)</span>';
}
<?php
/**
* @Project NUKEVIET 3.x
* @Author VINADES., JSC (contact@vinades.vn)
* @Copyright (C) 2010 VINADES ., JSC. All rights reserved
* @Createdate Dec 29, 2010 10:42:00 PM
*/
if (!defined('NV_IS_MOD_SHOPS')) {
die('Stop!!!');
}
die('dsf');
foreach ($array_order as $order_code => $order_data) {
$payment_data = unserialize(nv_base64_decode($order_data['payment_data']));
$vpc_MerchTxnRef = $payment_data['vpc_MerchTxnRef'];
$url = $payment_config['QueryDR_url'] . "?vpc_Version=" . $payment_config['vpc_Version'] . "&vpc_Command=queryDR&vpc_Merchant=" . $payment_config['vpc_Merchant'] . "&vpc_AccessCode=" . $payment_config['vpc_AccessCode'] . "&vpc_MerchTxnRef=" . $vpc_MerchTxnRef . "&vpc_User="******"&vpc_Password="******"&", urldecode($return));
$array = array();
foreach ($data as $data_i) {
$data_i = array_map("trim", explode("=", $data_i));
$array[$data_i[0]] = $data_i[1];
}
if ($array['vpc_DRExists'] == "Y") {
if ($array['vpc_TxnResponseCode'] == '0') {
$nv_transaction_status = 4;
// Giao dich thanh cong
} else {
$nv_transaction_status = 3;
// Giao dich bi huy
}
/**
* @Project NUKEVIET 4.x
* @Author VINADES.,JSC (contact@vinades.vn)
* @Copyright (C) 2014 VINADES., JSC. All rights reserved
* @License GNU/GPL version 2 or any later version
* @Createdate 3-6-2010 0:14
*/
if (!defined('NV_IS_MOD_SHOPS')) {
die('Stop!!!');
}
$contents = "";
$payment = $nv_Request->get_string('payment', 'get', '');
// Kiem tra su ton tai cua cong thanh toan.
if (file_exists(NV_ROOTDIR . "/modules/" . $module_file . "/payment/" . $payment . ".complete.php")) {
// Lay thong tin config neu cong thanh toan duoc kich hoat.
$stmt = $db->prepare("SELECT * FROM " . $db_config['prefix'] . "_" . $module_data . "_payment WHERE active=1 and payment= :payment");
$stmt->bindParam(':payment', $payment, PDO::PARAM_STR);
$stmt->execute();
if ($stmt->rowCount()) {
$row = $stmt->fetch();
$payment_config = unserialize(nv_base64_decode($row['config']));
$payment_config['paymentname'] = $row['paymentname'];
$payment_config['domain'] = $row['domain'];
// Xu ly thong tin
require_once NV_ROOTDIR . "/modules/" . $module_file . "/payment/" . $payment . ".complete.php";
}
}
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
$xtpl->parse('main.unpay');
$action_pay = '&action=unpay';
}
$xtpl->assign('LINK_PRINT', NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=print&order_id=' . $data_content['order_id'] . '&checkss=' . md5($data_content['order_id'] . $global_config['sitekey'] . session_id()));
$xtpl->assign('URL_ACTIVE_PAY', NV_BASE_ADMINURL . 'index.php?' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=active_pay&order_id=' . $order_id . $action_pay);
$xtpl->assign('URL_BACK', NV_BASE_ADMINURL . 'index.php?' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=or_view&order_id=' . $order_id);
$array_data_payment = array();
$sql = 'SELECT * FROM ' . $db_config['prefix'] . '_' . $module_data . '_payment ORDER BY weight ASC';
$result = $db->query($sql);
while ($row = $result->fetch()) {
$payment = $row['payment'];
$array_data_payment[$payment] = array('config' => array(), 'orders_id' => array(), 'data' => array());
$array_data_payment[$payment]['domain'] = $row['domain'];
$array_data_payment[$payment]['paymentname'] = $row['paymentname'];
if (file_exists(NV_ROOTDIR . '/modules/' . $module_file . '/payment/' . $payment . '.config.ini')) {
$array_data_payment[$payment]['config'] = unserialize(nv_base64_decode($row['config']));
}
}
// Check lai cac don hang
$checkpayment = $nv_Request->get_string('checkpayment', 'post,get', '');
if (!empty($checkpayment) and $checkpayment == md5($order_id . session_id() . $global_config['sitekey'])) {
$order_code = $data_content['order_code'];
require_once NV_ROOTDIR . '/modules/' . $module_file . '/payment/nganluong.class.php';
$payment_config = $array_data_payment['nganluong']['config'];
$nl = new NL_Checkout($payment_config['checkout_url'], $payment_config['merchant_site'], $payment_config['secure_pass']);
$transaction_i = $nl->checkOrder($payment_config['public_api_url'], $order_code, 0);
if ($transaction_i !== false) {
print_r($transaction_i);
die;
}
}
$data_insert['last_name'] = $row['last_name'];
$data_insert['question'] = $row['question'];
$data_insert['answer'] = $row['answer'];
$userid = $db->insert_id($sql, 'userid', $data_insert);
if ($userid) {
// Luu vao bang OpenID
if (!empty($row['openid_info'])) {
$reg_attribs = unserialize(nv_base64_decode($row['openid_info']));
$stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . $userid . ', :server, :opid , :email)');
$stmt->bindParam(':server', $reg_attribs['server'], PDO::PARAM_STR);
$stmt->bindParam(':opid', $reg_attribs['opid'], PDO::PARAM_STR);
$stmt->bindParam(':email', $reg_attribs['email'], PDO::PARAM_STR);
$stmt->execute();
}
$db->query('UPDATE ' . NV_GROUPS_GLOBALTABLE . ' SET numbers = numbers+1 WHERE group_id=4');
$users_info = unserialize(nv_base64_decode($row['users_info']));
$query_field = array();
$query_field['userid'] = $userid;
$result_field = $db->query('SELECT * FROM ' . NV_USERS_GLOBALTABLE . '_field ORDER BY fid ASC');
while ($row_f = $result_field->fetch()) {
$query_field[$row_f['field']] = isset($users_info[$row_f['field']]) ? $users_info[$row_f['field']] : $db->quote($row_f['default_value']);
}
if ($db->exec('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_info (' . implode(', ', array_keys($query_field)) . ') VALUES (' . implode(', ', array_values($query_field)) . ')')) {
$db->query('DELETE FROM ' . NV_USERS_GLOBALTABLE . '_reg WHERE userid=' . $row['userid']);
nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['active_users'], 'userid: ' . $userid . ' - username: '******'username'], $admin_info['userid']);
$first_name = !empty($row['first_name']) ? $row['first_name'] : $row['username'];
$subject = $lang_module['adduser_register'];
$message = sprintf($lang_module['adduser_register_info'], $first_name, $global_config['site_name'], NV_MY_DOMAIN . nv_url_rewrite(NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name, true), $row['username']);
@nv_sendmail($global_config['site_email'], $row['email'], $subject, $message);
} else {
$db->query('DELETE FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid=' . $row['userid']);
$subject = sprintf($lang_module['lostpass_email_subject'], $global_config['site_name']);
$link_lostpass_content_email = NV_MY_DOMAIN . NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=' . $op . '&u=' . $row['userid'] . '&k=' . $k;
$row['full_name'] = nv_show_name_user($row['first_name'], $row['last_name'], $row['username']);
$message = sprintf($lang_module['lostpass_email_content'], $row['full_name'], $global_config['site_name'], $link_lostpass_content_email, $row['username']);
$ok = nv_sendmail($global_config['site_email'], $row['email'], $subject, $message);
if ($ok) {
$sql = "UPDATE " . NV_USERS_GLOBALTABLE . " SET passlostkey='" . $passlostkey . "' WHERE userid=" . $row['userid'];
$db->query($sql);
if (!empty($check_email)) {
$row['email'] = substr($row['email'], 0, 3) . '***' . substr($row['email'], -6);
}
$info = sprintf($lang_module['lostpass_content_mess'], $row['email']);
} else {
$info = $lang_global['error_sendmail'];
}
$nv_redirect = !empty($data['nv_redirect']) ? nv_base64_decode($data['nv_redirect']) : nv_url_rewrite(NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name, true);
$contents = user_info_exit($info);
$contents .= '<meta http-equiv="refresh" content="10;url=' . $nv_redirect . '" />';
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
} else {
$step = 2;
$error = $lang_module['answer_failed'];
}
}
} else {
$step = 1;
$nv_Request->unset_request('lostpass_seccode', 'session');
$error = $lang_module['lostpass_no_info2'];
}
$db->query('DELETE FROM ' . NV_BLOCKS_TABLE . '_weight WHERE bid=' . $row['bid'] . ' AND func_id in (' . implode(',', $array_funcid_old) . ')');
}
foreach ($array_funcid as $func_id) {
if (!in_array($func_id, $func_list)) {
$sth = $db->prepare('SELECT MAX(t1.weight) FROM ' . NV_BLOCKS_TABLE . '_weight t1 INNER JOIN ' . NV_BLOCKS_TABLE . '_groups t2 ON t1.bid = t2.bid WHERE t1.func_id=' . $func_id . ' AND t2.theme= :theme AND t2.position= :position');
$sth->bindParam(':theme', $selectthemes, PDO::PARAM_STR);
$sth->bindParam(':position', $row['position'], PDO::PARAM_STR);
$sth->execute();
$weight = $sth->fetchColumn();
$weight = intval($weight) + 1;
$db->query('INSERT INTO ' . NV_BLOCKS_TABLE . '_weight (bid, func_id, weight) VALUES (' . $row['bid'] . ', ' . $func_id . ', ' . $weight . ')');
}
}
nv_del_moduleCache('themes');
// Chuyen huong
$xtpl->assign('BLOCKREDIRECT', nv_base64_decode($blockredirect));
$xtpl->parse('blockredirect');
$contents = $xtpl->text('blockredirect');
include NV_ROOTDIR . '/includes/header.php';
echo $contents;
include NV_ROOTDIR . '/includes/footer.php';
die;
}
} elseif (!empty($row['bid'])) {
$db->query('DELETE FROM ' . NV_BLOCKS_TABLE . '_groups WHERE bid=' . $row['bid']);
$db->query('DELETE FROM ' . NV_BLOCKS_TABLE . '_weight WHERE bid=' . $row['bid']);
nv_del_moduleCache('themes');
}
}
}
$groups_view = explode(',', $row['groups_view']);
$array_where[] = '( regdate >= ' . $array['regdatefrom1'] . ' )';
}
if (!empty($array['regdateto1'])) {
$base_url .= '&regdateto=' . rawurlencode(nv_date('d/m/Y', $array['regdateto1']));
$array_where[] = '( regdate <= ' . $array['regdateto1'] . ' )';
}
if (!empty($array['last_loginfrom1'])) {
$base_url .= '&last_loginfrom=' . rawurlencode(nv_date('d/m/Y', $array['last_loginfrom1']));
$array_where[] = '( last_login >= ' . $array['last_loginfrom1'] . ' )';
}
if (!empty($array['last_loginto1'])) {
$base_url .= '&last_loginto=' . rawurlencode(nv_date('d/m/Y', $array['last_loginto1']));
$array_where[] = '( last_login <= ' . $array['last_loginto1'] . ' )';
}
if (!empty($filtersql)) {
$data_str = $crypt->aes_decrypt(nv_base64_decode($filtersql), md5($global_config['sitekey'] . $client_info['session_id']));
if (!empty($data_str)) {
$array_where[] = $data_str;
}
}
// Order data
$orderida = array('url' => $orderid == 'ASC' ? $base_url . '&orderid=DESC' : $base_url . '&orderid=ASC', 'class' => $orderid == '' ? 'nooder' : strtolower($orderid));
$orderusernamea = array('url' => $orderusername == 'ASC' ? $base_url . '&orderusername=DESC' : $base_url . '&orderusername=ASC', 'class' => $orderusername == '' ? 'nooder' : strtolower($orderusername));
$orderemaila = array('url' => $orderemail == 'ASC' ? $base_url . '&orderemail=DESC' : $base_url . '&orderemail=ASC', 'class' => $orderemail == '' ? 'nooder' : strtolower($orderemail));
$orderregdatea = array('url' => $orderregdate == 'ASC' ? $base_url . '&orderregdate=DESC' : $base_url . '&orderregdate=ASC', 'class' => $orderregdate == '' ? 'nooder' : strtolower($orderregdate));
// SQL data
$order_by = '';
if (!empty($orderid)) {
$base_url .= '&orderid=' . $orderid;
$order_by = 'userid ' . $orderid;
} elseif (!empty($orderusername)) {
/**
* nv_filter_product()
*
* @return
*/
function nv_filter_product($block_config)
{
global $nv_Request, $module_name, $lang_module, $module_info, $module_file, $module_upload, $db, $module_data, $db_config, $id, $catid, $pro_config, $global_config, $global_array_group, $global_array_shops_cat, $pro_config, $catid;
$module = $block_config['module'];
$array_id = $group_price = array();
$filter = $nv_Request->get_string('filter', 'get', '');
if (!empty($filter)) {
$array_id = nv_base64_decode($filter);
$array_id = unserialize($array_id);
$array_id = array_map('intval', $array_id);
}
if ($block_config['display_group_price']) {
$groupprice = $nv_Request->get_string('group_price', 'get', '');
if (!empty($groupprice)) {
$group_price = nv_base64_decode($groupprice);
$group_price = unserialize($group_price);
}
}
$xtpl = new XTemplate('block.filter_product.tpl', NV_ROOTDIR . '/themes/' . $module_info['template'] . '/modules/' . $module_file);
$xtpl->assign('LANG', $lang_module);
$xtpl->assign('MONEY_UNIT', $pro_config['money_unit']);
foreach ($global_array_group as $arr_group) {
$space = '';
if (!empty($arr_group['image'])) {
$arr_group['image'] = NV_BASE_SITEURL . NV_UPLOADS_DIR . '/' . $module_upload . '/' . $arr_group['image'];
}
if ($arr_group['lev'] > 0) {
if ($global_array_group[$arr_group['parentid']]['inhome'] and $arr_group['inhome']) {
for ($i = 1; $i <= $arr_group['lev']; $i++) {
$space .= ' ';
}
$xtpl->assign('DATA', array('id' => $arr_group['groupid'], 'title' => $arr_group['title'], 'numpro' => $arr_group['numpro'], 'space' => $space, 'image' => $arr_group['image'], 'checked' => in_array($arr_group['groupid'], $array_id) ? 'checked="checked"' : ''));
$xtpl->parse('main.loop.sub_group.checkbox');
if (!empty($arr_group['image'])) {
$xtpl->parse('main.loop.sub_group.image');
}
$xtpl->parse('main.loop.sub_group');
} else {
$global_array_group[$arr_group['groupid']]['inhome'] = 0;
}
} elseif ($arr_group['inhome']) {
$xtpl->assign('DATA', array('title' => $arr_group['title'], 'image' => $arr_group['image']));
if (!empty($arr_group['image'])) {
$xtpl->parse('main.loop.main_group.image');
}
$xtpl->parse('main.loop.main_group');
}
$xtpl->parse('main.loop');
}
if (!empty($pro_config['group_price']) and $block_config['display_group_price']) {
if (!empty($catid) and isset($global_array_shops_cat[$catid]) and !empty($global_array_shops_cat[$catid]['group_price'])) {
$price_value = explode(PHP_EOL, $global_array_shops_cat[$catid]['group_price']);
} else {
$price_value = explode(PHP_EOL, $pro_config['group_price']);
}
$price_value = array_map('floatval', $price_value);
if (!empty($price_value)) {
$price1 = $price2 = 0;
$i = 0;
foreach ($price_value as $value) {
$price1 = $value;
if (isset($price_value[$i + 1])) {
$price2 = $price_value[$i + 1];
$price_key = $price1 . '-' . $price2;
$price = array('price_key' => $price_key, 'price_value' => nv_number_format($price1) . ' - ' . nv_number_format($price2), 'checked' => in_array($price_key, $group_price) ? 'checked="checked"' : '');
} else {
$price2 = 0;
$price_key = $price1 . '-' . $price2;
$price = array('price_key' => $price_key, 'price_value' => sprintf($lang_module['filter_price_from'], nv_number_format($price1)), 'checked' => in_array($price_key, $group_price) ? 'checked="checked"' : '');
}
$xtpl->assign('PRICE', $price);
$xtpl->parse('main.group_price.loop');
$i++;
}
$xtpl->parse('main.group_price');
}
}
if ($nv_Request->isset_request('filter', 'post')) {
$array_id = $nv_Request->get_array('group_id', 'post', array());
$ext = '';
if (!empty($array_id)) {
$array_id = nv_base64_encode(serialize($array_id));
$ext .= '&filter=' . $array_id;
}
if ($block_config['display_group_price']) {
$array_price = $nv_Request->get_array('group_price', 'post', array());
if (!empty($array_price)) {
$array_price = nv_base64_encode(serialize($array_price));
$ext .= '&group_price=' . $array_price;
}
}
Header('Location: ' . NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=search_result' . $ext);
}
$xtpl->parse('main');
return $xtpl->text('main');
}
/**
* nv_redirect_decrypt()
*
* @param tring $string
* @param boolean $insite
* @return string
*
*/
function nv_redirect_decrypt($string, $insite = true)
{
global $global_config, $crypt, $client_info;
if (empty($string)) {
return '';
}
if (preg_match('/[^a-z0-9\\-\\_\\,]/i', $string)) {
return '';
}
$string = nv_base64_decode($string);
if (!$string) {
return '';
}
$url = $crypt->aes_decrypt($string, md5($global_config['sitekey'] . $client_info['session_id']));
if (empty($url)) {
return '';
}
if (preg_match('/^(http|https|ftp|gopher)\\:\\/\\//i', $url)) {
if ($insite and !preg_match('/^' . nv_preg_quote(NV_MY_DOMAIN) . '/', $url)) {
return '';
}
if (!nv_is_url($url)) {
return '';
}
} elseif (!nv_is_url(NV_MY_DOMAIN . $url)) {
return '';
}
return $url;
}
$page_title = sprintf($lang_module['seller_list'], $pro_info['title']);
$db->sqlreset()->select('COUNT(*)')->from($db_config['prefix'] . '_' . $module_data . '_orders_id t1')->join(' INNER JOIN ' . $db_config['prefix'] . '_' . $module_data . '_orders t2 ON t1.order_id = t2.order_id')->where('t1.proid = ' . $pro_id);
$num_items = $db->query($db->sql())->fetchColumn();
if (!$num_items) {
Header('Location: ' . NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=items');
exit;
}
$xtpl = new XTemplate('seller.tpl', NV_ROOTDIR . '/themes/' . $global_config['module_theme'] . '/modules/' . $module_file);
$xtpl->assign('LANG', $lang_module);
$xtpl->assign('GLANG', $lang_global);
$xtpl->assign('NV_BASE_ADMINURL', NV_BASE_ADMINURL);
$xtpl->assign('NV_NAME_VARIABLE', NV_NAME_VARIABLE);
$xtpl->assign('NV_OP_VARIABLE', NV_OP_VARIABLE);
$xtpl->assign('MODULE_NAME', $module_name);
$xtpl->assign('OP', $op);
$xtpl->assign('C_LIST', nv_base64_decode($nv_redirect));
$db->select('t2.order_name, t2.order_email, t2.order_phone, t2.order_address, t2.unit_total, t2.order_time, t1.num, t1.price')->order('t1.order_id DESC')->limit($per_page)->offset(($page - 1) * $per_page);
$sth = $db->prepare($db->sql());
$sth->execute();
$i = $page == 1 ? 0 : $page;
$array_total = array('price' => 0, 'num' => 0, 'pro_unit' => $pro_config['money_unit'], 'product_unit' => $pro_info['product_unit']);
while (list($order_name, $order_email, $order_phone, $order_address, $unit_total, $order_time, $num, $price) = $sth->fetch(3)) {
$i++;
$price = $price * $num;
$array_total['price'] += $price;
$array_total['num'] += $num;
$xtpl->assign('ROW', array('no' => $i, 'order_name' => $order_name, 'order_email' => $order_email, 'order_phone' => $order_phone, 'order_address' => $order_address, 'num' => $num, 'price' => nv_number_format($price, nv_get_decimals($unit_total)), 'price_unit' => $unit_total, 'order_time' => nv_date('H:i d/m/Y', $order_time)));
$xtpl->parse('main.loop');
}
$generate_page = nv_generate_page($base_url, $num_items, $per_page, $page);
if (!empty($generate_page)) {
foreach ($array_funcid as $func_id) {
if (!in_array($func_id, $func_list)) {
#insert if not exist in list
list($maxweight) = $db->sql_fetchrow($db->sql_query("SELECT MAX(weight) FROM `" . NV_BLOCKS_TABLE . "` WHERE position='" . $position . "' AND func_id='" . $func_id . "'"));
$sql = "INSERT INTO `" . NV_BLOCKS_TABLE . "` (`bid`, `groupbl`, `title` ,`link` ,`type` ,`file_path` ,`theme`, `template` ,`position` ,`exp_time` ,`active` , `groups_view`,`module`,`all_func`, `func_id` ,`weight`) VALUES (NULL, " . $db->dbescape($groupbl) . ", " . $db->dbescape($title) . ", " . $db->dbescape($link) . ", " . $db->dbescape($typeblock) . ", " . $db->dbescape_string($file_path) . ", " . $db->dbescape($selectthemes) . ", " . $db->dbescape($template) . "," . $db->dbescape($position) . ", " . $db->dbescape($exp_time) . "," . $active . ", " . $db->dbescape_string($groups_view) . ", " . $db->dbescape($xmodule) . ", " . $all_func . ", " . $db->dbescape($func_id) . "," . ($maxweight + 1) . ")";
$db->sql_query($sql);
}
}
}
}
nv_del_moduleCache('themes');
if (empty($blockredirect)) {
$blockredirect = 'index.php?' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=blocks';
}
echo '<script type="text/javascript">
parent.location="' . nv_base64_decode($blockredirect) . '";
</script>';
die;
}
}
if ($bid > 0 and $submit == 0) {
$result = $db->sql_query("SELECT * FROM `" . NV_BLOCKS_TABLE . "` WHERE bid=" . $bid . "");
if ($db->sql_numrows($result) > 0) {
$row = $db->sql_fetchrow($result);
$row['xfile'] = $row['type'] == 'file' ? $row['file_path'] : "";
$row['xbanner'] = $row['type'] == 'banner' ? $row['file_path'] : "";
$row['xhtml'] = $row['type'] == 'html' ? $row['file_path'] : "";
if ($row['type'] == 'rss') {
$array_rrs = explode("#@#", $row['file_path']);
$row['xrss'] = $array_rrs[0];
$row['rss_setting_number'] = intval($array_rrs[1]);
/**
* openidLogin_Res1()
* Function thuc hien khi OpenID duoc nhan dien
*
* @param mixed $attribs
* @return
*/
function openidLogin_Res1($attribs)
{
global $page_title, $key_words, $mod_title, $db, $crypt, $nv_Request, $lang_module, $lang_global, $module_name, $module_info, $global_config, $gfx_chk, $nv_redirect;
$email = (isset($attribs['contact/email']) and nv_check_valid_email($attribs['contact/email']) == "") ? $attribs['contact/email'] : "";
if (empty($email)) {
$nv_Request->unset_request('openid_attribs', 'session');
openidLogin_Res0($lang_module['logged_in_failed']);
die;
}
$opid = $crypt->hash($attribs['id']);
$query = "SELECT a.userid AS uid, a.email AS uemail, b.active AS uactive FROM `" . NV_USERS_GLOBALTABLE . "_openid` a, `" . NV_USERS_GLOBALTABLE . "` b \r\n WHERE a.opid=" . $db->dbescape($opid) . " \r\n AND a.email=" . $db->dbescape($email) . " \r\n AND a.userid=b.userid";
$result = $db->sql_query($query);
$numrows = $db->sql_numrows($result);
if ($numrows) {
list($user_id, $op_email, $user_active) = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$nv_Request->unset_request('openid_attribs', 'session');
if ($op_email != $email) {
openidLogin_Res0($lang_module['not_logged_in']);
die;
}
if (!$user_active) {
openidLogin_Res0($lang_module['login_no_active']);
die;
}
$query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`=" . $db->dbescape($user_id);
$result = $db->sql_query($query);
$row = $db->sql_fetchrow($result);
validUserLog($row, 1, $opid);
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name;
Header("Location: " . $nv_redirect);
die;
}
$query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `email`=" . $db->dbescape($email);
$result = $db->sql_query($query);
$numrows = $db->sql_numrows($result);
if ($numrows) {
$nv_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$login_allowed = false;
if (empty($nv_row['password'])) {
$nv_Request->unset_request('openid_attribs', 'session');
$login_allowed = true;
}
if ($nv_Request->isset_request('openid_account_confirm', 'post')) {
$nv_Request->unset_request('openid_attribs', 'session');
if (defined('NV_IS_USER_FORUM') and file_exists(NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php')) {
$nv_username = $nv_row['username'];
$nv_password = $password;
require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php';
if (empty($error)) {
$login_allowed = true;
} else {
openidLogin_Res0($lang_module['openid_confirm_failed']);
die;
}
} else {
$password = $nv_Request->get_string('password', 'post', '');
$nv_seccode = filter_text_input('nv_seccode', 'post', '');
$nv_seccode = !$gfx_chk ? 1 : (nv_capcha_txt($nv_seccode) ? 1 : 0);
if ($crypt->validate($password, $nv_row['password']) and $nv_seccode) {
$login_allowed = true;
} else {
openidLogin_Res0($lang_module['openid_confirm_failed']);
die;
}
}
}
if ($login_allowed) {
$sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . intval($nv_row['userid']) . ", " . $db->dbescape($attribs['id']) . ", " . $db->dbescape($opid) . ", " . $db->dbescape($email) . ")";
$db->sql_query($sql);
if (intval($nv_row['active']) != 1) {
openidLogin_Res0($lang_module['login_no_active']);
} else {
validUserLog($nv_row, 1, $opid);
Header("Location: " . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name);
}
die;
}
$page_title = $lang_module['openid_login'];
$key_words = $module_info['keywords'];
$mod_title = $lang_module['openid_login'];
$lang_module['login_info'] = sprintf($lang_module['openid_confirm_info'], $email);
$contents = openid_account_confirm($gfx_chk, $attribs);
include NV_ROOTDIR . "/includes/header.php";
echo nv_site_theme($contents);
include NV_ROOTDIR . "/includes/footer.php";
exit;
}
if ($global_config['allowuserreg'] == 2 or $global_config['allowuserreg'] == 3) {
$query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "_reg` WHERE `email`=" . $db->dbescape($email);
if ($global_config['allowuserreg'] == 2) {
$query .= " AND `regdate`>" . (NV_CURRENTTIME - 86400);
}
$result = $db->sql_query($query);
$numrows = $db->sql_numrows($result);
if ($numrows) {
if ($global_config['allowuserreg'] == 2) {
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($nv_Request->isset_request('openid_active_confirm', 'post')) {
$nv_Request->unset_request('openid_attribs', 'session');
$password = $nv_Request->get_string('password', 'post', '');
$nv_seccode = filter_text_input('nv_seccode', 'post', '');
$nv_seccode = !$gfx_chk ? 1 : (nv_capcha_txt($nv_seccode) ? 1 : 0);
if ($crypt->validate($password, $row['password']) and $nv_seccode) {
$reg_attribs = set_reg_attribs($attribs);
$sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "` (\r\n `userid`, `username`, `password`, `email`, `full_name`, `gender`, `photo`, `birthday`, `regdate`, `website`, \r\n `location`, `yim`, `telephone`, `fax`, `mobile`, `question`, `answer`, `passlostkey`, `view_mail`, `remember`, `in_groups`, \r\n `active`, `checknum`, `last_login`, `last_ip`, `last_agent`, `last_openid`) VALUES (\r\n NULL, \r\n " . $db->dbescape($row['username']) . ", \r\n " . $db->dbescape($row['password']) . ", \r\n " . $db->dbescape($row['email']) . ", \r\n " . $db->dbescape(!empty($row['full_name']) ? $row['full_name'] : $reg_attribs['full_name']) . ", \r\n " . $db->dbescape($reg_attribs['gender']) . ", \r\n '', 0, \r\n " . $db->dbescape($row['regdate']) . ", \r\n '', '', \r\n " . $db->dbescape($reg_attribs['yim']) . ", \r\n '', '', '', \r\n " . $db->dbescape($row['question']) . ", \r\n " . $db->dbescape($row['answer']) . ", \r\n '', 1, 1, '', 1, '', 0, '', '', '')";
$userid = $db->sql_query_insert_id($sql);
if (!$userid) {
openidLogin_Res0($lang_module['account_active_error']);
die;
}
$sql = "DELETE FROM `" . NV_USERS_GLOBALTABLE . "_reg` WHERE `userid`=" . $db->dbescape($row['userid']);
$db->sql_query($sql);
$sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . $userid . ", " . $db->dbescape($attribs['id']) . ", " . $db->dbescape($opid) . ", " . $db->dbescape($email) . ")";
$db->sql_query($sql);
$query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`=" . $db->dbescape($userid);
$result = $db->sql_query($query);
$row = $db->sql_fetchrow($result);
validUserLog($row, 1, $opid);
$info = $lang_module['account_active_ok'] . "<br /><br />\n";
$info .= "<img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n";
$info .= "[<a href=\"" . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "\">" . $lang_module['redirect_to_home'] . "</a>]";
$contents .= user_info_exit($info);
$contents .= "<meta http-equiv=\"refresh\" content=\"2;url=" . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "\" />";
include NV_ROOTDIR . "/includes/header.php";
echo nv_site_theme($contents);
include NV_ROOTDIR . "/includes/footer.php";
exit;
} else {
openidLogin_Res0($lang_module['openid_confirm_failed']);
die;
}
}
$page_title = $mod_title = $lang_module['openid_active_title'];
$key_words = $module_info['keywords'];
$lang_module['login_info'] = sprintf($lang_module['openid_active_confirm_info'], $email);
$contents = openid_active_confirm($gfx_chk, $attribs);
include NV_ROOTDIR . "/includes/header.php";
echo nv_site_theme($contents);
include NV_ROOTDIR . "/includes/footer.php";
exit;
} else {
$nv_Request->unset_request('openid_attribs', 'session');
openidLogin_Res0($lang_module['account_register_to_admin']);
die;
}
}
}
$option = $nv_Request->get_int('option', 'get', 0);
if (!$global_config['allowuserreg']) {
$option = 3;
}
$contents = "";
if ($option == 3) {
$error = "";
if ($nv_Request->isset_request('nv_login', 'post')) {
$nv_username = filter_text_input('nv_login', 'post', '');
$nv_password = filter_text_input('nv_password', 'post', '');
$nv_seccode = filter_text_input('nv_seccode', 'post', '');
$check_login = nv_check_valid_login($nv_username, NV_UNICKMAX, NV_UNICKMIN);
$check_pass = nv_check_valid_pass($nv_password, NV_UPASSMAX, NV_UPASSMIN);
$check_seccode = !$gfx_chk ? true : (nv_capcha_txt($nv_seccode) ? true : false);
if (!$check_seccode) {
$error = $lang_global['securitycodeincorrect'];
} elseif (!empty($check_login)) {
$error = $check_login;
} elseif (!empty($check_pass)) {
$error = $check_pass;
} else {
$sql = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `username`=" . $db->dbescape($nv_username);
$result = $db->sql_query($sql);
$numrows = $db->sql_numrows($result);
if ($numrows != 1) {
$error = $lang_global['loginincorrect'];
} else {
$row = $db->sql_fetchrow($result);
if (empty($row['password']) or !$crypt->validate($nv_password, $row['password'])) {
$error = $lang_global['loginincorrect'];
} else {
if (!$row['active']) {
$error = $lang_module['login_no_active'];
} else {
$nv_Request->unset_request('openid_attribs', 'session');
$sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . intval($row['userid']) . ", " . $db->dbescape($attribs['id']) . ", " . $db->dbescape($opid) . ", " . $db->dbescape($email) . ")";
$db->sql_query($sql);
validUserLog($row, 1, $opid);
}
}
}
}
if (empty($error)) {
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name;
$info = $lang_module['login_ok'] . "<br /><br />\n";
$info .= "<img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n";
$info .= "[<a href=\"" . $nv_redirect . "\">" . $lang_module['redirect_to_back'] . "</a>]";
$contents .= user_info_exit($info);
$contents .= "<meta http-equiv=\"refresh\" content=\"2;url=" . $nv_redirect . "\" />";
include NV_ROOTDIR . "/includes/header.php";
echo nv_site_theme($contents);
include NV_ROOTDIR . "/includes/footer.php";
exit;
}
$array_login = array("nv_login" => $nv_username, "nv_password" => $nv_password, "nv_redirect" => $nv_redirect, 'login_info' => "<span style=\"color:#fb490b;\">" . $error . "</span>");
} else {
$array_login = array("nv_login" => '', "nv_password" => '', 'login_info' => $lang_module['openid_note1'], "nv_redirect" => $nv_redirect);
}
$contents .= user_openid_login($gfx_chk, $array_login, $attribs);
include NV_ROOTDIR . "/includes/header.php";
echo nv_site_theme($contents);
include NV_ROOTDIR . "/includes/footer.php";
exit;
} elseif ($option == 1 or $option == 2) {
$nv_Request->unset_request('openid_attribs', 'session');
$reg_attribs = set_reg_attribs($attribs);
if (empty($reg_attribs['username'])) {
openidLogin_Res0($lang_module['logged_in_failed']);
die;
}
if ($option == 2) {
$sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "` \r\n (`userid`, `username`, `password`, `email`, `full_name`, `gender`, `photo`, `birthday`, \r\n `regdate`, `website`, `location`, `yim`, `telephone`, `fax`, `mobile`, `question`, `answer`, `passlostkey`, \r\n `view_mail`, `remember`, `in_groups`, `active`, `checknum`, `last_login`, `last_ip`, `last_agent`, `last_openid`) VALUES \r\n (\r\n NULL, \r\n " . $db->dbescape($reg_attribs['username']) . ", \r\n '', \r\n " . $db->dbescape($reg_attribs['email']) . ", \r\n " . $db->dbescape($reg_attribs['full_name']) . ", \r\n " . $db->dbescape(ucfirst($reg_attribs['gender'])) . ", \r\n '', 0, " . NV_CURRENTTIME . ", '', '', \r\n " . $db->dbescape($reg_attribs['yim']) . ", \r\n '', '', '', '', '', '', 0, 0, '', 1, '', 0, '', '', ''\r\n )";
$userid = $db->sql_query_insert_id($sql);
if (!$userid) {
openidLogin_Res0($lang_module['err_no_save_account']);
die;
}
$query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`=" . $userid . " AND `active`=1";
$result = $db->sql_query($query);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . intval($row['userid']) . ", " . $db->dbescape($reg_attribs['openid']) . ", " . $db->dbescape($reg_attribs['opid']) . ", " . $db->dbescape($reg_attribs['email']) . ")";
$db->sql_query($sql);
validUserLog($row, 1, $reg_attribs['opid']);
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name;
Header("Location: " . $nv_redirect);
exit;
} else {
$reg_attribs = serialize($reg_attribs);
$nv_Request->set_Session('reg_attribs', $reg_attribs);
Header("Location: " . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=register&openid=1&nv_redirect=" . $nv_redirect);
exit;
}
}
$array_user_login = array();
if (!defined('NV_IS_USER_FORUM')) {
$array_user_login[] = array("title" => $lang_module['openid_note3'], "link" => NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=login&server=" . $attribs['server'] . "&result=1&option=1&nv_redirect=" . $nv_redirect);
$array_user_login[] = array("title" => $lang_module['openid_note4'], "link" => NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=login&server=" . $attribs['server'] . "&result=1&option=2&nv_redirect=" . $nv_redirect);
} else {
$array_user_login[] = array("title" => $lang_module['openid_note6'], "link" => NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=register&nv_redirect=" . $nv_redirect);
}
$array_user_login[] = array("title" => $lang_module['openid_note5'], "link" => NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=login&server=" . $attribs['server'] . "&result=1&option=3&nv_redirect=" . $nv_redirect);
$contents .= user_openid_login2($attribs, $array_user_login);
include NV_ROOTDIR . "/includes/header.php";
echo nv_site_theme($contents);
include NV_ROOTDIR . "/includes/footer.php";
exit;
}
/**
*
* @param string $module
* @param integer $area
* @param integer $id
* @param int $allowed_comm
* @param string $checkss
* @param string $comment
* @param int $sortcomm
* @param string $base_url
* @param boolean $form_login
* @param int $status_comment
* @return string
*/
function nv_theme_comment_module($module, $area, $id, $allowed_comm, $checkss, $comment, $sortcomm, $base_url, $form_login, $status_comment = '')
{
global $global_config, $module_file, $module_data, $module_config, $admin_info, $user_info, $lang_global, $client_info, $lang_module_comment, $module_name;
$template = file_exists(NV_ROOTDIR . '/themes/' . $global_config['module_theme'] . '/modules/comment/main.tpl') ? $global_config['module_theme'] : 'default';
$templateCSS = file_exists(NV_ROOTDIR . '/themes/' . $global_config['module_theme'] . '/css/comment.css') ? $global_config['module_theme'] : 'default';
$templateJS = file_exists(NV_ROOTDIR . '/themes/' . $global_config['module_theme'] . '/js/comment.js') ? $global_config['module_theme'] : 'default';
$xtpl = new XTemplate('main.tpl', NV_ROOTDIR . '/themes/' . $template . '/modules/comment');
$xtpl->assign('LANG', $lang_module_comment);
$xtpl->assign('GLANG', $lang_global);
$xtpl->assign('TEMPLATE', $template);
$xtpl->assign('TEMPLATE_CSS', $templateCSS);
$xtpl->assign('TEMPLATE_JS', $templateJS);
$xtpl->assign('CHECKSS_COMM', $checkss);
$xtpl->assign('MODULE_COMM', $module);
$xtpl->assign('MODULE_DATA', $module_data);
$xtpl->assign('AREA_COMM', $area);
$xtpl->assign('ID_COMM', $id);
$xtpl->assign('ALLOWED_COMM', $allowed_comm);
$xtpl->assign('BASE_URL_COMM', $base_url);
if (defined('NV_COMM_ID')) {
$xtpl->parse('main.header');
}
// Order by comm
for ($i = 0; $i <= 2; ++$i) {
$xtpl->assign('OPTION', array('key' => $i, 'title' => $lang_module_comment['sortcomm_' . $i], 'selected' => $i == $sortcomm ? ' selected="selected"' : ''));
$xtpl->parse('main.sortcomm');
}
if (!empty($comment)) {
$xtpl->assign('COMMENTCONTENT', $comment);
$xtpl->parse('main.showContent');
}
$allowed_comm = nv_user_in_groups($allowed_comm);
if ($allowed_comm) {
if (defined('NV_IS_USER')) {
$xtpl->assign('NAME', $user_info['full_name']);
$xtpl->assign('EMAIL', $user_info['email']);
$xtpl->assign('DISABLED', ' disabled="disabled"');
} else {
$xtpl->assign('NAME', '');
$xtpl->assign('EMAIL', '');
$xtpl->assign('DISABLED', '');
}
$captcha = intval($module_config[$module]['captcha']);
$show_captcha = true;
if ($captcha == 0) {
$show_captcha = false;
} elseif ($captcha == 1 and defined('NV_IS_USER')) {
$show_captcha = false;
} elseif ($captcha == 2 and defined('NV_IS_MODADMIN')) {
if (defined('NV_IS_SPADMIN')) {
$show_captcha = false;
} else {
$adminscomm = explode(',', $module_config[$module]['adminscomm']);
if (in_array($admin_info['admin_id'], $adminscomm)) {
$show_captcha = false;
}
}
}
if ($show_captcha) {
$xtpl->assign('N_CAPTCHA', $lang_global['securitycode']);
$xtpl->assign('CAPTCHA_REFRESH', $lang_global['captcharefresh']);
$xtpl->assign('GFX_NUM', NV_GFX_NUM);
$xtpl->assign('GFX_WIDTH', NV_GFX_WIDTH);
$xtpl->assign('GFX_WIDTH', NV_GFX_WIDTH);
$xtpl->assign('GFX_HEIGHT', NV_GFX_HEIGHT);
$xtpl->assign('CAPTCHA_REFR_SRC', NV_BASE_SITEURL . NV_ASSETS_DIR . '/images/refresh.png');
$xtpl->assign('SRC_CAPTCHA', NV_BASE_SITEURL . 'index.php?scaptcha=captcha&t=' . NV_CURRENTTIME);
$xtpl->parse('main.allowed_comm.captcha');
} else {
$xtpl->assign('GFX_NUM', 0);
}
if (!empty($status_comment)) {
$status_comment = nv_base64_decode($status_comment);
$xtpl->assign('STATUS_COMMENT', $status_comment);
$xtpl->parse('main.allowed_comm.comment_result');
}
$xtpl->parse('main.allowed_comm');
} elseif ($form_login['display']) {
// Ajax login
if ($form_login['list_groups'] == 4) {
$xtpl->parse('main.form_login.message_login');
} else {
$list_groups_name = '';
$list_groups = nv_groups_list_pub();
$form_login['list_groups'] = explode(',', $form_login['list_groups']);
$i = 0;
foreach ($form_login['list_groups'] as $group_id) {
if (isset($list_groups[$group_id])) {
if ($i == 0) {
$list_groups_name .= $list_groups[$group_id];
} else {
$list_groups_name .= ', ' . $list_groups[$group_id];
}
$i++;
}
}
$url_groups = NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=users&' . NV_OP_VARIABLE . '=editinfo';
$xtpl->assign('LANG_REG_GROUPS', sprintf($lang_module_comment['comment_register_groups'], $list_groups_name, $url_groups));
$xtpl->parse('main.form_login.message_register_group');
}
$xtpl->parse('main.form_login');
}
$xtpl->parse('main');
return $xtpl->text('main');
}
$module_upload = $module_info['module_upload'];
$include_file = NV_ROOTDIR . '/modules/' . $module_file . '/funcs/main.php';
if (file_exists($include_file)) {
// Tuy chon kieu giao dien
if ($nv_Request->isset_request('nv' . NV_LANG_DATA . 'themever', 'get')) {
$theme_type = $nv_Request->get_title('nv' . NV_LANG_DATA . 'themever', 'get', '', 1);
$nv_redirect = $nv_Request->get_title('nv_redirect', 'get', '');
if (empty($global_config['switch_mobi_des'])) {
$array_theme_type = array_diff($global_config['array_theme_type'], array('m'));
} else {
$array_theme_type = $global_config['array_theme_type'];
}
if (in_array($theme_type, $array_theme_type)) {
$nv_Request->set_Cookie('nv' . NV_LANG_DATA . 'themever', $theme_type, NV_LIVE_COOKIE_TIME);
}
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA;
Header('Location: ' . nv_url_rewrite($nv_redirect));
die;
}
// Xac dinh cac $op, $array_op
$array_op = array();
if (!preg_match('/^[a-z0-9\\-\\_\\/\\+]+$/i', $op)) {
Header('Location: ' . nv_url_rewrite(NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name, true));
die;
}
if ($op != 'main' and !isset($module_info['funcs'][$op])) {
$array_op = explode('/', $op);
$op = isset($module_info['funcs'][$array_op[0]]) ? $array_op[0] : 'main';
}
$op_file = $op;
// Xac dinh quyen dieu hanh module
/**
* nv_redirect_decrypt()
*
* @param tring $string
* @param boolean $insite
* @return string
*
*/
function nv_redirect_decrypt($string, $insite = true)
{
if (empty($string)) {
return '';
}
if (preg_match('/[^a-z0-9\\-\\_\\,]/i', $string)) {
return '';
}
$string = nv_base64_decode($string);
if (!$string) {
return '';
}
global $crypt;
$url = $crypt->aes_decrypt($string, NV_CHECK_SESSION);
if (empty($url)) {
return '';
}
if (preg_match('/^(http|https|ftp|gopher)\\:\\/\\//i', $url)) {
if ($insite and !preg_match('/^' . nv_preg_quote(NV_MY_DOMAIN) . '/', $url)) {
return '';
}
if (!nv_is_url($url)) {
return '';
}
} elseif (!nv_is_url(NV_MY_DOMAIN . $url)) {
return '';
}
return $url;
}
$user_info['current_ip'] = $row['last_ip'];
$user_info['last_openid'] = $row['last_openid'];
//$user_info['last_ip'] = $user['last_ip'];
$user_info['st_login'] = !empty($row['password']) ? true : false;
//$user_info['current_mode'] = $user['current_mode'];
$user_info['current_mode'] = 1;
$user_info['valid_question'] = true;
} else {
$user_info = array();
}
}
} else {
if ($nv_Request->get_bool('nvloginhash', 'cookie', false)) {
$_user = $nv_Request->get_string('nvloginhash', 'cookie', '');
if (!empty($_user) and $global_config['allowuserlogin']) {
$user = unserialize(nv_base64_decode($_user));
$strlen = NV_CRYPT_SHA1 == 1 ? 40 : 32;
if (isset($user['userid']) and is_numeric($user['userid']) and $user['userid'] > 0) {
if (isset($user['checknum']) and preg_match("/^[a-z0-9]{" . $strlen . "}\$/", $user['checknum'])) {
$query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid` = " . $user['userid'] . " AND `active`=1";
$result = $db->sql_query($query);
$numrows = $db->sql_numrows($result);
if ($numrows == 1) {
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (strcasecmp($user['checknum'], $row['checknum']) == 0 and isset($user['current_agent']) and !empty($user['current_agent']) and strcasecmp($user['current_agent'], $row['last_agent']) == 0 and isset($user['current_ip']) and !empty($user['current_ip']) and strcasecmp($user['current_ip'], $row['last_ip']) == 0 and isset($user['current_login']) and !empty($user['current_login']) and strcasecmp($user['current_login'], intval($row['last_login'])) == 0) {
$user_info['userid'] = intval($row['userid']);
$user_info['username'] = $row['username'];
$user_info['email'] = $row['email'];
$user_info['full_name'] = $row['full_name'];
$user_info['gender'] = $row['gender'];
include NV_ROOTDIR . "/includes/footer.php";
exit;
}
$subject = $lang_module['account_register'];
$message = sprintf($lang_module['openid_register_info'], $reg_attribs['full_name'], $global_config['site_name'], NV_MY_DOMAIN . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name, $array_register['username'], $array_register['password'], $reg_attribs['openid']);
$message .= "<br /><br />------------------------------------------------<br /><br />";
$message .= nv_EncString($message);
@nv_sendmail($global_config['site_email'], $reg_attribs['email'], $subject, $message);
$sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . $userid . ", " . $db->dbescape($reg_attribs['openid']) . ", " . $db->dbescape($reg_attribs['opid']) . ", " . $db->dbescape($reg_attribs['email']) . ")";
$db->sql_query($sql);
$query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`=" . $userid . " AND `active`=1";
$result = $db->sql_query($query);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
validUserLog($row, 1, $reg_attribs['opid']);
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name;
Header("Location: " . $nv_redirect);
exit;
}
$array_register['info'] = "<span style=\"color:#fb490b;\">" . $error . "</span>";
} else {
$array_register['username'] = $reg_attribs['username'];
$array_register['password'] = $array_register['re_password'] = $array_register['your_question'] = $array_register['answer'] = "";
$array_register['question'] = $array_register['agreecheck'] = 0;
$array_register['info'] = $lang_module['openid_register'];
}
$array_register['agreecheck'] = $array_register['agreecheck'] ? " checked=\"checked\"" : "";
$sql = "SELECT `content` FROM `" . NV_USERS_GLOBALTABLE . "_config` WHERE `config`='siteterms_" . NV_LANG_DATA . "'";
$result = $db->sql_query($sql);
list($siteterms) = $db->sql_fetchrow($result);
$db->sql_freeresult();
<?php
/**
* @Project NUKEVIET 4.x
* @Author VINADES.,JSC (contact@vinades.vn)
* @Copyright (C) 2014 VINADES.,JSC. All rights reserved
* @License GNU/GPL version 2 or any later version
* @Createdate 2-10-2010 18:49
*/
if (!defined('NV_IS_FILE_ADMIN')) {
die('Stop!!!');
}
$pid = $nv_Request->get_int('pid', 'get', 0);
if ($pid == 0) {
$cateid = $nv_Request->get_string('cid', 'get', '');
$cateid = nv_base64_decode($cateid);
$cateid = unserialize($cateid);
$cateid = $cateid ? $cateid : array();
$table = $db_config['prefix'] . "_" . $module_data . "_catalogs";
$sql = "SELECT catid, parentid, " . NV_LANG_DATA . "_title, lev, numsubcat FROM " . $table . " ORDER BY sort ASC";
$result_cat = $db->query($sql);
$contents .= '<select class="form-control" style="width: 500px; min-height: 150px" name="cateid[]" multiple="multiple">';
while (list($catid_i, $parentid_i, $title_i, $lev_i, $numsubcat_i) = $result_cat->fetch(3)) {
if ($numsubcat_i > 0 or $parentid_i == 0) {
$xtitle_i = "";
if ($lev_i > 0) {
for ($i = 1; $i <= $lev_i; $i++) {
$xtitle_i .= " ";
}
}
$select = in_array($catid_i, $cateid) ? " selected=\"selected\"" : "";
<?php
/**
* @Project NUKEVIET 4.x
* @Author VINADES.,JSC (contact@vinades.vn)
* @Copyright (C) 2014 VINADES.,JSC. All rights reserved
* @License GNU/GPL version 2 or any later version
* @Createdate 2-1-2010 22:5
*/
if (!defined('NV_IS_FILE_EXTENSIONS')) {
die('Stop!!!');
}
$contents = '';
$array = $nv_Request->get_string('data', 'post', '');
$array = $array ? nv_base64_decode($array) : '';
if ($array and is_serialized_string($array)) {
$array = @unserialize($array);
} else {
$array = array();
}
$request = array();
$request['id'] = isset($array['id']) ? intval($array['id']) : 0;
$request['fid'] = isset($array['compatible']['id']) ? intval($array['compatible']['id']) : 0;
// Fixed request
$request['lang'] = NV_LANG_INTERFACE;
$request['basever'] = $global_config['version'];
$request['mode'] = 'download';
if (empty($request['id']) or empty($request['fid']) or !isset($array['tid'])) {
$contents = "ERR|" . $lang_module['download_error_preparam'];
} else {
$filename = NV_TEMPNAM_PREFIX . 'auto_' . md5($global_config['sitekey'] . session_id()) . '.zip';
foreach ($array_payment_other as $pay => $value) {
if (!in_array($pay, $array_setting_payment_key)) {
$value['link_edit'] = NV_BASE_ADMINURL . "index.php?" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=" . $op . "&payment=" . $value['payment'];
$value['STT'] = $a;
$xtpl->assign('ODATA_PM', $value);
$xtpl->parse('main.olistpay.opaymentloop');
++$a;
}
}
if ($a > 1) {
$xtpl->parse('main.olistpay');
}
}
if (!empty($data_pay)) {
$xtpl->assign('EDITPAYMENT', sprintf($lang_module['editpayment'], $data_pay['payment']));
$array_config = unserialize(nv_base64_decode($data_pay['config']));
$arkey_title = array();
if (!empty($array_payment_other[$data_pay['payment']]['titlekey'])) {
$arkey_title = $array_payment_other[$data_pay['payment']]['titlekey'];
}
foreach ($array_config as $key => $value) {
if (isset($arkey_title[$key])) {
$lang = (string) $arkey_title[$key];
} else {
$lang = $key;
}
$value = $array_config[$key];
$xtpl->assign('CONFIG_LANG', $lang);
$xtpl->assign('CONFIG_NAME', $key);
$xtpl->assign('CONFIG_VALUE', $value);
$xtpl->parse('main.paymentedit.config');
define('NV_REFSTAT_TABLE', NV_PREFIXLANG . '_referer_stats');
$sql = "SELECT lang, module, config_name, config_value FROM " . NV_CONFIG_GLOBALTABLE . " WHERE lang='" . NV_LANG_DATA . "' or (lang='sys' AND module='site') ORDER BY module ASC";
$list = $nv_Cache->db($sql, '', 'settings');
foreach ($list as $row) {
if ($row['lang'] == NV_LANG_DATA and $row['module'] == 'global' or $row['lang'] == 'sys' and $row['module'] == 'site') {
$global_config[$row['config_name']] = $row['config_value'];
} else {
$module_config[$row['module']][$row['config_name']] = $row['config_value'];
}
}
if (empty($global_config['site_logo'])) {
$global_config['site_logo'] = NV_ASSETS_DIR . '/images/logo.png';
}
$global_config['ssl_https_modules'] = empty($global_config['ssl_https_modules']) ? array() : array_map("trim", explode(',', $global_config['ssl_https_modules']));
define('NV_MAIN_DOMAIN', in_array($global_config['site_domain'], $global_config['my_domains']) ? str_replace(NV_SERVER_NAME, $global_config['site_domain'], NV_MY_DOMAIN) : NV_MY_DOMAIN);
$global_config['smtp_password'] = $crypt->aes_decrypt(nv_base64_decode($global_config['smtp_password']));
if ($sys_info['ini_set_support']) {
ini_set('sendmail_from', $global_config['site_email']);
}
if (!isset($global_config['upload_checking_mode']) or !in_array($global_config['upload_checking_mode'], array('mild', 'lite', 'none'))) {
$global_config['upload_checking_mode'] = 'strong';
}
define('UPLOAD_CHECKING_MODE', $global_config['upload_checking_mode']);
if (defined('NV_ADMIN')) {
if (!file_exists(NV_ROOTDIR . '/includes/language/' . NV_LANG_DATA . '/global.php')) {
if ($global_config['lang_multi']) {
$nv_Request->set_Cookie('data_lang', $global_config['site_lang'], NV_LIVE_COOKIE_TIME);
}
Header('Location: ' . NV_BASE_ADMINURL);
exit;
}
/**
* @param string $module
* @param integer $area
* @param integer $id
* @param int $allowed_comm
* @param string $checkss
* @param string $comment
* @param int $sortcomm
* @param string $base_url
* @param boolean $form_login
* @param int $status_comment
* @return string
*/
function nv_theme_comment_module($module, $area, $id, $allowed_comm, $checkss, $comment, $sortcomm, $base_url, $form_login, $status_comment = '')
{
global $global_config, $module_file, $module_data, $module_config, $admin_info, $user_info, $lang_global, $client_info, $lang_module_comment, $module_name;
$template = file_exists(NV_ROOTDIR . '/themes/' . $global_config['module_theme'] . '/modules/comment/main.tpl') ? $global_config['module_theme'] : 'default';
$xtpl = new XTemplate('main.tpl', NV_ROOTDIR . '/themes/' . $template . '/modules/comment');
$xtpl->assign('LANG', $lang_module_comment);
$xtpl->assign('GLANG', $lang_global);
$xtpl->assign('TEMPLATE', $template);
$xtpl->assign('CHECKSS_COMM', $checkss);
$xtpl->assign('MODULE_COMM', $module);
$xtpl->assign('MODULE_DATA', $module_data);
$xtpl->assign('AREA_COMM', $area);
$xtpl->assign('ID_COMM', $id);
$xtpl->assign('ALLOWED_COMM', $allowed_comm);
$xtpl->assign('BASE_URL_COMM', $base_url);
if (defined('NV_COMM_ID')) {
// Check call module js file
if (file_exists(NV_ROOTDIR . '/themes/' . $template . '/js/comment.js')) {
$xtpl->parse('main.header.jsfile');
}
// Check call module css file
if (file_exists(NV_ROOTDIR . '/themes/' . $template . '/css/comment.css')) {
$xtpl->parse('main.header.cssfile');
}
$xtpl->parse('main.header');
}
// Order by comm
for ($i = 0; $i <= 2; ++$i) {
$xtpl->assign('OPTION', array('key' => $i, 'title' => $lang_module_comment['sortcomm_' . $i], 'selected' => $i == $sortcomm ? ' selected="selected"' : ''));
$xtpl->parse('main.sortcomm');
}
if (!empty($comment)) {
$xtpl->assign('COMMENTCONTENT', $comment);
$xtpl->parse('main.showContent');
}
$allowed_comm = nv_user_in_groups($allowed_comm);
if ($allowed_comm) {
if (defined('NV_IS_USER')) {
$xtpl->assign('NAME', $user_info['full_name']);
$xtpl->assign('EMAIL', $user_info['email']);
$xtpl->assign('DISABLED', ' disabled="disabled"');
} else {
$xtpl->assign('NAME', '');
$xtpl->assign('EMAIL', '');
$xtpl->assign('DISABLED', '');
}
$captcha = intval($module_config[$module]['captcha']);
$show_captcha = true;
if ($captcha == 0) {
$show_captcha = false;
} elseif ($captcha == 1 and defined('NV_IS_USER')) {
$show_captcha = false;
} elseif ($captcha == 2 and defined('NV_IS_MODADMIN')) {
if (defined('NV_IS_SPADMIN')) {
$show_captcha = false;
} else {
$adminscomm = explode(',', $module_config[$module]['adminscomm']);
if (in_array($admin_info['admin_id'], $adminscomm)) {
$show_captcha = false;
}
}
}
if ($show_captcha) {
$xtpl->assign('N_CAPTCHA', $lang_global['securitycode']);
$xtpl->assign('CAPTCHA_REFRESH', $lang_global['captcharefresh']);
$xtpl->assign('GFX_NUM', NV_GFX_NUM);
$xtpl->assign('GFX_WIDTH', NV_GFX_WIDTH);
$xtpl->assign('GFX_WIDTH', NV_GFX_WIDTH);
$xtpl->assign('GFX_HEIGHT', NV_GFX_HEIGHT);
$xtpl->assign('CAPTCHA_REFR_SRC', NV_BASE_SITEURL . NV_FILES_DIR . '/images/refresh.png');
$xtpl->assign('SRC_CAPTCHA', NV_BASE_SITEURL . 'index.php?scaptcha=captcha&t=' . NV_CURRENTTIME);
$xtpl->parse('main.allowed_comm.captcha');
} else {
$xtpl->assign('GFX_NUM', 0);
}
if (!empty($status_comment)) {
$status_comment = nv_base64_decode($status_comment);
$xtpl->assign('STATUS_COMMENT', $status_comment);
$xtpl->parse('main.allowed_comm.comment_result');
}
$xtpl->parse('main.allowed_comm');
} elseif ($form_login) {
$link_login = NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=users&' . NV_OP_VARIABLE . '=login&nv_redirect=' . nv_base64_encode($client_info['selfurl'] . '#formcomment');
$xtpl->assign('COMMENT_LOGIN', '<a title="' . $lang_global['loginsubmit'] . '" href="' . $link_login . '">' . $lang_module_comment['comment_login'] . '</a>');
$xtpl->parse('main.form_login');
}
$xtpl->parse('main');
return $xtpl->text('main');
}
$price1_temp = "";
}
if ($price2 == -1) {
$price2_temp = "";
}
$xtpl->assign('value_keyword', $keyword);
$xtpl->assign('value_price1', $price1_temp);
$xtpl->assign('value_price2', $price2_temp);
if ($pro_config['active_price']) {
$xtpl->parse('form.price');
}
$xtpl->parse('form');
$contents = $xtpl->text('form');
if (!empty($groupid)) {
$url .= '&filter=' . $groupid;
$groupid = nv_base64_decode($groupid);
$groupid = unserialize($groupid);
$arr_id = array();
foreach ($groupid as $id_group) {
$group = $global_array_group[$id_group];
$arr_id[$group['parentid']][] = $id_group;
}
$_sql = 'SELECT DISTINCT pro_id FROM ' . $db_config['prefix'] . '_' . $module_data . '_group_items WHERE ';
$j = 1;
foreach ($arr_id as $listid) {
$a = sizeof($listid);
if ($a > 0) {
$arr_sql = array();
for ($i = 0; $i < $a; $i++) {
$arr_sql[] = ' pro_id IN (SELECT pro_id FROM ' . $db_config['prefix'] . '_' . $module_data . '_group_items WHERE group_id=' . $listid[$i] . ')';
}
$stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . $userid . ', :server, :opid, :email )');
$stmt->bindParam(':server', $reg_attribs['server'], PDO::PARAM_STR);
$stmt->bindParam(':opid', $reg_attribs['opid'], PDO::PARAM_STR);
$stmt->bindParam(':email', $reg_attribs['email'], PDO::PARAM_STR);
$stmt->execute();
$query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid=' . $userid . ' AND active=1';
$result = $db->query($query);
$row = $result->fetch();
$result->closeCursor();
$current_mode = isset($reg_attribs['current_mode']) ? $reg_attribs['current_mode'] : 1;
validUserLog($row, 1, $reg_attribs['opid'], $current_mode);
$subject = $lang_module['account_register'];
$message = sprintf($lang_module['openid_register_info'], $reg_attribs['first_name'], $global_config['site_name'], NV_MY_DOMAIN . NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name, $array_register['username'], $reg_attribs['openid']);
@nv_sendmail($global_config['site_email'], $reg_attribs['email'], $subject, $message);
nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['register'], $array_register['username'] . ' | ' . $client_info['ip'] . ' | OpenID', 0);
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
Header('Location: ' . $nv_redirect);
exit;
}
$array_register['info'] = '<span style="color:#fb490b;">' . $error . '</span>';
} else {
$array_register['username'] = $reg_attribs['username'];
$array_register['password'] = $array_register['re_password'] = $array_register['your_question'] = $array_register['answer'] = '';
$array_register['question'] = $array_register['agreecheck'] = 0;
$array_register['info'] = $lang_module['openid_register'];
}
$array_register['agreecheck'] = $array_register['agreecheck'] ? ' checked="checked"' : '';
$sql = "SELECT content FROM " . NV_USERS_GLOBALTABLE . "_config WHERE config='siteterms_" . NV_LANG_DATA . "'";
$result = $db->query($sql);
$siteterms = $result->fetchColumn();
$result->closeCursor();
$array = !empty($array['body']) ? is_serialized_string($array['body']) ? unserialize($array['body']) : array() : array();
$error = '';
if (!empty(NV_Http::$error)) {
$error = nv_http_get_lang(NV_Http::$error);
} elseif (empty($array['status']) or !isset($array['error']) or !isset($array['data']) or !isset($array['pagination']) or !is_array($array['error']) or !is_array($array['data']) or !is_array($array['pagination']) or !empty($array['error']) and (!isset($array['error']['level']) or empty($array['error']['message']))) {
$error = $lang_global['error_valid_response'];
} elseif (!empty($array['error']['message'])) {
$error = $array['error']['message'];
}
// Show error
if (!empty($error)) {
$xtpl->assign('ERROR', $error);
$xtpl->parse('main.error');
$contents = $xtpl->text('main.error');
} else {
// Save cookies
nv_store_cookies(nv_object2array($cookies), $stored_cookies);
$redirect = $request['redirect'] ? nv_base64_decode($request['redirect']) : NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
$xtpl->assign('REDIRECT_LINK', $redirect);
$xtpl->parse('main.ok');
$contents = $xtpl->text('main.ok');
}
include NV_ROOTDIR . '/includes/header.php';
echo $contents;
include NV_ROOTDIR . '/includes/footer.php';
}
$xtpl->parse('main');
$contents = $xtpl->text('main');
include NV_ROOTDIR . '/includes/header.php';
echo nv_admin_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
/**
* openidLogin_Res1()
* Function thuc hien khi OpenID duoc nhan dien
*
* @param mixed $attribs
* @return
*/
function openidLogin_Res1($attribs)
{
global $page_title, $key_words, $mod_title, $db, $crypt, $nv_Request, $lang_module, $lang_global, $module_name, $module_info, $global_config, $gfx_chk, $nv_redirect, $op, $db_config;
$email = (isset($attribs['contact/email']) and nv_check_valid_email($attribs['contact/email']) == '') ? $attribs['contact/email'] : '';
if (empty($email)) {
$nv_Request->unset_request('openid_attribs', 'session');
openidLogin_Res0($lang_module['logged_in_failed']);
die;
}
$opid = $crypt->hash($attribs['id']);
$current_mode = isset($attribs['current_mode']) ? $attribs['current_mode'] : 1;
$stmt = $db->prepare('SELECT a.userid AS uid, a.email AS uemail, b.active AS uactive FROM ' . NV_USERS_GLOBALTABLE . '_openid a, ' . NV_USERS_GLOBALTABLE . ' b
WHERE a.opid= :opid
AND a.email= :email
AND a.userid=b.userid');
$stmt->bindParam(':opid', $opid, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
list($user_id, $op_email, $user_active) = $stmt->fetch(3);
if ($user_id) {
$nv_Request->unset_request('openid_attribs', 'session');
if ($op_email != $email) {
openidLogin_Res0($lang_module['not_logged_in']);
die;
}
if (!$user_active) {
openidLogin_Res0($lang_module['login_no_active']);
die;
}
if (defined('NV_IS_USER_FORUM') and file_exists(NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/set_user_login.php')) {
require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/set_user_login.php';
if (defined('NV_IS_USER_LOGIN_FORUM_OK')) {
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
} else {
$nv_redirect = NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
}
} else {
$query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid=' . $user_id;
$row = $db->query($query)->fetch();
if (!empty($row)) {
validUserLog($row, 1, $opid, $current_mode);
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
} else {
$nv_redirect = NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
}
}
Header('Location: ' . nv_url_rewrite($nv_redirect, true));
die;
}
$stmt = $db->prepare('SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE email= :email');
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
$nv_row = $stmt->fetch();
if (!empty($nv_row)) {
$login_allowed = false;
if (empty($nv_row['password'])) {
$nv_Request->unset_request('openid_attribs', 'session');
$login_allowed = true;
}
if ($nv_Request->isset_request('openid_account_confirm', 'post')) {
$password = $nv_Request->get_string('password', 'post', '');
$nv_seccode = $nv_Request->get_title('nv_seccode', 'post', '');
$nv_seccode = !$gfx_chk ? 1 : (nv_capcha_txt($nv_seccode) ? 1 : 0);
$nv_Request->unset_request('openid_attribs', 'session');
if (defined('NV_IS_USER_FORUM') and file_exists(NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php')) {
$nv_username = $nv_row['username'];
$nv_password = $password;
require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php';
if (empty($error)) {
$login_allowed = true;
} else {
openidLogin_Res0($lang_module['openid_confirm_failed']);
die;
}
} else {
if ($crypt->validate_password($password, $nv_row['password']) and $nv_seccode) {
$login_allowed = true;
} else {
openidLogin_Res0($lang_module['openid_confirm_failed']);
die;
}
}
}
if ($login_allowed) {
$stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . intval($nv_row['userid']) . ', :server, :opid, :email )');
$stmt->bindParam(':server', $attribs['server'], PDO::PARAM_STR);
$stmt->bindParam(':opid', $opid, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
if (intval($nv_row['active']) != 1) {
openidLogin_Res0($lang_module['login_no_active']);
} else {
validUserLog($nv_row, 1, $opid, $current_mode);
Header('Location: ' . nv_url_rewrite(NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name, true));
}
die;
}
$page_title = $lang_module['openid_login'];
$key_words = $module_info['keywords'];
$mod_title = $lang_module['openid_login'];
$lang_module['login_info'] = sprintf($lang_module['openid_confirm_info'], $email);
$contents = openid_account_confirm($gfx_chk, $attribs);
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
exit;
}
if ($global_config['allowuserreg'] == 2 or $global_config['allowuserreg'] == 3) {
$query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . '_reg WHERE email= :email';
if ($global_config['allowuserreg'] == 2) {
$query .= ' AND regdate>' . (NV_CURRENTTIME - 86400);
}
$stmt = $db->prepare($query);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
$row = $stmt->fetch();
if (!empty($row)) {
if ($global_config['allowuserreg'] == 2) {
if ($nv_Request->isset_request('openid_active_confirm', 'post')) {
$nv_Request->unset_request('openid_attribs', 'session');
$password = $nv_Request->get_string('password', 'post', '');
$nv_seccode = $nv_Request->get_title('nv_seccode', 'post', '');
$nv_seccode = !$gfx_chk ? 1 : (nv_capcha_txt($nv_seccode) ? 1 : 0);
if ($crypt->validate_password($password, $row['password']) and $nv_seccode) {
$reg_attribs = set_reg_attribs($attribs);
$sql = "INSERT INTO " . NV_USERS_GLOBALTABLE . " (\n\t\t\t\t\t\t\tusername, md5username, password, email, first_name, last_name, gender, photo, birthday, regdate,\n\t\t\t\t\t\t\tquestion, answer, passlostkey, view_mail, remember, in_groups,\n\t\t\t\t\t\t\tactive, checknum, last_login, last_ip, last_agent, last_openid, idsite) VALUES (\n\t\t\t\t\t\t\t:username,\n\t\t\t\t\t\t\t:md5username,\n\t\t\t\t\t\t\t:password,\n\t\t\t\t\t\t\t:email,\n\t\t\t\t\t\t\t:first_name,\n\t\t\t\t\t\t\t:last_name,\n\t\t\t\t\t\t\t:gender,\n\t\t\t\t\t\t\t'', 0,\n\t\t\t\t\t\t\t:regdate,\n\t\t\t\t\t\t\t:question,\n\t\t\t\t\t\t\t:answer,\n\t\t\t\t\t\t\t'', 1, 1, '', 1, '', 0, '', '', '', " . $global_config['idsite'] . ")";
$data_insert = array();
$data_insert['username'] = $row['username'];
$data_insert['md5username'] = nv_md5safe($row['username']);
$data_insert['password'] = $row['password'];
$data_insert['email'] = $row['email'];
$data_insert['first_name'] = $row['first_name'];
$data_insert['last_name'] = $row['last_name'];
$data_insert['gender'] = $reg_attribs['gender'];
$data_insert['regdate'] = $row['regdate'];
$data_insert['question'] = $row['question'];
$data_insert['answer'] = $row['answer'];
$userid = $db->insert_id($sql, 'userid', $data_insert);
if (!$userid) {
openidLogin_Res0($lang_module['account_active_error']);
die;
}
$db->query('UPDATE ' . NV_GROUPS_GLOBALTABLE . ' SET numbers = numbers+1 WHERE group_id=4');
$stmt = $db->prepare('DELETE FROM ' . NV_USERS_GLOBALTABLE . '_reg WHERE userid= :userid');
$stmt->bindParam(':userid', $row['userid'], PDO::PARAM_STR);
$stmt->execute();
$stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . $userid . ', :server, :opid, :email )');
$stmt->bindParam(':server', $attribs['server'], PDO::PARAM_STR);
$stmt->bindParam(':opid', $opid, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
$query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid=' . $userid;
$result = $db->query($query);
$row = $result->fetch();
validUserLog($row, 1, $opid, $current_mode);
$info = $lang_module['account_active_ok'] . "<br /><br />\n";
$info .= "<img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n";
$info .= '[<a href="' . NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '">' . $lang_module['redirect_to_home'] . '</a>]';
$contents = user_info_exit($info);
$contents .= '<meta http-equiv="refresh" content="2;url=' . nv_url_rewrite(NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name, true) . '" />';
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
exit;
} else {
openidLogin_Res0($lang_module['openid_confirm_failed']);
die;
}
}
$page_title = $mod_title = $lang_module['openid_activate_account'];
$key_words = $module_info['keywords'];
$lang_module['login_info'] = sprintf($lang_module['openid_active_confirm_info'], $email);
$contents = openid_active_confirm($gfx_chk, $attribs);
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
exit;
} else {
$nv_Request->unset_request('openid_attribs', 'session');
openidLogin_Res0($lang_module['account_register_to_admin']);
die;
}
}
}
$option = $nv_Request->get_int('option', 'get', 0);
if (!$global_config['allowuserreg']) {
$option = 3;
}
$contents = '';
$page_title = $lang_module['openid_login'];
if ($option == 3) {
$error = '';
if ($nv_Request->isset_request('nv_login', 'post')) {
$nv_username = $nv_Request->get_title('nv_login', 'post', '', 1);
$nv_password = $nv_Request->get_title('nv_password', 'post', '');
$nv_seccode = $nv_Request->get_title('nv_seccode', 'post', '');
$check_seccode = !$gfx_chk ? true : (nv_capcha_txt($nv_seccode) ? true : false);
if (!$check_seccode) {
$error = $lang_global['securitycodeincorrect'];
} elseif (empty($nv_username)) {
$error = $lang_global['username_empty'];
} elseif (empty($nv_password)) {
$error = $lang_global['password_empty'];
} else {
if (defined('NV_IS_USER_FORUM')) {
require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php';
} else {
$error = $lang_global['loginincorrect'];
$sql = "SELECT * FROM " . NV_USERS_GLOBALTABLE . " WHERE md5username ='******'";
$row = $db->query($sql)->fetch();
if (!empty($row)) {
if ($row['username'] == $nv_username and $crypt->validate($nv_password, $row['password'])) {
if (!$row['active']) {
$error = $lang_module['login_no_active'];
} else {
$error = '';
$stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . intval($row['userid']) . ', :server, :opid, :email )');
$stmt->bindParam(':server', $attribs['server'], PDO::PARAM_STR);
$stmt->bindParam(':opid', $opid, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
validUserLog($row, 1, $opid);
}
}
}
}
}
if (empty($error)) {
$nv_Request->unset_request('openid_attribs', 'session');
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
$info = $lang_module['login_ok'] . "<br /><br />\n";
$info .= "<img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n";
$info .= '[<a href="' . $nv_redirect . '">' . $lang_module['redirect_to_back'] . '</a>]';
$contents .= user_info_exit($info);
$contents .= '<meta http-equiv="refresh" content="2;url=' . nv_url_rewrite($nv_redirect, true) . '" />';
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
exit;
}
$array_login = array('nv_login' => $nv_username, 'nv_password' => $nv_password, 'nv_redirect' => $nv_redirect, 'login_info' => '<span style="color:#fb490b;">' . $error . '</span>');
} else {
$array_login = array('nv_login' => '', 'nv_password' => '', 'login_info' => $lang_module['openid_note1'], 'nv_redirect' => $nv_redirect);
}
$contents .= user_openid_login($gfx_chk, $array_login, $attribs);
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
exit;
} elseif ($option == 1 or $option == 2) {
$nv_Request->unset_request('openid_attribs', 'session');
$reg_attribs = set_reg_attribs($attribs);
if (empty($reg_attribs['username'])) {
openidLogin_Res0($lang_module['logged_in_failed']);
die;
}
if ($option == 2) {
// Dang nhap bang mot tai khoan do he thong tao tu dong
$sql = "INSERT INTO " . NV_USERS_GLOBALTABLE . "\n\t\t\t\t(username, md5username, password, email, first_name, last_name, gender, photo, birthday, regdate,\n\t\t\t\tquestion, answer, passlostkey, view_mail, remember, in_groups,\n\t\t\t\tactive, checknum, last_login, last_ip, last_agent, last_openid, idsite) VALUES (\n\t\t\t\t:username,\n\t\t\t\t:md5username,\n\t\t\t\t'',\n\t\t\t\t:email,\n\t\t\t\t:first_name,\n\t\t\t\t:last_name,\n\t\t\t\t:gender,\n\t\t\t\t'', 0,\n\t\t\t\t" . NV_CURRENTTIME . ",\n\t\t\t\t'', '', '', 0, 0, '', 1, '', 0, '', '', '', " . intval($global_config['idsite']) . "\n\t\t\t)";
$data_insert = array();
$data_insert['username'] = $reg_attribs['username'];
$data_insert['md5username'] = nv_md5safe($reg_attribs['username']);
$data_insert['email'] = $reg_attribs['email'];
$data_insert['first_name'] = $reg_attribs['first_name'];
$data_insert['last_name'] = $reg_attribs['last_name'];
$data_insert['gender'] = ucfirst($reg_attribs['gender'] ? $reg_attribs['gender'][0] : 'N');
$userid = $db->insert_id($sql, 'userid', $data_insert);
if (!$userid) {
openidLogin_Res0($lang_module['err_no_save_account']);
die;
}
// Cap nhat so thanh vien
$db->query('UPDATE ' . NV_GROUPS_GLOBALTABLE . ' SET numbers = numbers+1 WHERE group_id=4');
$query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid=' . $userid . ' AND active=1';
$result = $db->query($query);
$row = $result->fetch();
$result->closeCursor();
// Luu vao bang thong tin tuy chinh
$query_field = array();
$query_field['userid'] = $userid;
$result_field = $db->query('SELECT * FROM ' . NV_USERS_GLOBALTABLE . '_field ORDER BY fid ASC');
while ($row_f = $result_field->fetch()) {
$query_field[$row_f['field']] = $db->quote($row_f['default_value']);
}
$db->query('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_info (' . implode(', ', array_keys($query_field)) . ') VALUES (' . implode(', ', array_values($query_field)) . ')');
// Luu vao bang OpenID
$stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . intval($row['userid']) . ', :server, :opid , :email)');
$stmt->bindParam(':server', $reg_attribs['server'], PDO::PARAM_STR);
$stmt->bindParam(':opid', $reg_attribs['opid'], PDO::PARAM_STR);
$stmt->bindParam(':email', $reg_attribs['email'], PDO::PARAM_STR);
$stmt->execute();
validUserLog($row, 1, $reg_attribs['opid'], $current_mode);
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
Header('Location: ' . nv_url_rewrite($nv_redirect, true));
exit;
} else {
$reg_attribs = serialize($reg_attribs);
$nv_Request->set_Session('reg_attribs', $reg_attribs);
Header('Location: ' . nv_url_rewrite(NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=register&openid=1&nv_redirect=' . $nv_redirect, true));
exit;
}
}
$array_user_login = array();
if (!defined('NV_IS_USER_FORUM')) {
$array_user_login[] = array('title' => $lang_module['openid_note3'], 'link' => NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=login&server=' . $attribs['server'] . '&result=1&option=1&nv_redirect=' . $nv_redirect);
$array_user_login[] = array('title' => $lang_module['openid_note4'], 'link' => NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=login&server=' . $attribs['server'] . '&result=1&option=2&nv_redirect=' . $nv_redirect);
} else {
$array_user_login[] = array('title' => $lang_module['openid_note6'], 'link' => NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=register&nv_redirect=' . $nv_redirect);
}
$array_user_login[] = array('title' => $lang_module['openid_note5'], 'link' => NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=login&server=' . $attribs['server'] . '&result=1&option=3&nv_redirect=' . $nv_redirect);
$page_title = $lang_module['openid_login'];
$key_words = $module_info['keywords'];
$mod_title = $lang_module['openid_login'];
$contents .= user_openid_login2($attribs, $array_user_login);
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
exit;
}
$array_where[] = '( regdate >= ' . $array['regdatefrom1'] . ' )';
}
if (!empty($array['regdateto1'])) {
$base_url .= '&regdateto=' . rawurlencode(nv_date('d/m/Y', $array['regdateto1']));
$array_where[] = '( regdate <= ' . $array['regdateto1'] . ' )';
}
if (!empty($array['last_loginfrom1'])) {
$base_url .= '&last_loginfrom=' . rawurlencode(nv_date('d/m/Y', $array['last_loginfrom1']));
$array_where[] = '( last_login >= ' . $array['last_loginfrom1'] . ' )';
}
if (!empty($array['last_loginto1'])) {
$base_url .= '&last_loginto=' . rawurlencode(nv_date('d/m/Y', $array['last_loginto1']));
$array_where[] = '( last_login <= ' . $array['last_loginto1'] . ' )';
}
if (!empty($filtersql)) {
$data_str = $crypt->aes_decrypt(nv_base64_decode($filtersql), NV_CHECK_SESSION);
if (!empty($data_str)) {
$array_where[] = $data_str;
}
}
// Order data
$orderida = array('url' => $orderid == 'ASC' ? $base_url . '&orderid=DESC' : $base_url . '&orderid=ASC', 'class' => $orderid == '' ? 'nooder' : strtolower($orderid));
$orderusernamea = array('url' => $orderusername == 'ASC' ? $base_url . '&orderusername=DESC' : $base_url . '&orderusername=ASC', 'class' => $orderusername == '' ? 'nooder' : strtolower($orderusername));
$orderemaila = array('url' => $orderemail == 'ASC' ? $base_url . '&orderemail=DESC' : $base_url . '&orderemail=ASC', 'class' => $orderemail == '' ? 'nooder' : strtolower($orderemail));
$orderregdatea = array('url' => $orderregdate == 'ASC' ? $base_url . '&orderregdate=DESC' : $base_url . '&orderregdate=ASC', 'class' => $orderregdate == '' ? 'nooder' : strtolower($orderregdate));
// SQL data
$order_by = '';
if (!empty($orderid)) {
$base_url .= '&orderid=' . $orderid;
$order_by = 'userid ' . $orderid;
} elseif (!empty($orderusername)) {
