if (in_array($groupid_i, $array_groupid_in_row)) { $ch = ' checked="checked"'; } $image = ''; if (!empty($data_group['image']) and file_exists(NV_BASE_SITEURL . NV_UPLOADS_DIR . '/' . $module_upload . '/' . $data_group['image'])) { $image = NV_BASE_SITEURL . NV_UPLOADS_DIR . '/' . $module_upload . '/' . $data_group['image']; $image = '<img src="' . $image . '" style="margin-top: -3px; max-width: 16px; max-height: 16px" alt="' . $groupinfo_i['title'] . '" />'; } $contents_temp .= '<label class="col-xs-24 col-sm-4"><input type="checkbox" name="groupids[]" value="' . $groupid_i . '"' . $ch . ' />' . $image . $data_group['title'] . '</label>'; } } return $contents_temp; } $cid = $nv_Request->get_int('cid', 'get', 0); $inrow = $nv_Request->get_string('inrow', 'get', ''); $inrow = nv_base64_decode($inrow); $array_groupid_in_row = unserialize($inrow); $contents_temp_cate = ''; if ($cid > 0) { $cid = GetParentCatFilter($cid); $arr_groupid = array(); $result = $db->query('SELECT t1.groupid FROM ' . $db_config['prefix'] . '_' . $module_data . '_group t1 INNER JOIN ' . $db_config['prefix'] . '_' . $module_data . '_group_cateid t2 ON t1.groupid = t2.groupid WHERE t2.cateid = ' . $cid); while (list($groupid) = $result->fetch(3)) { $arr_groupid[$groupid] = GetGroupidInParent($groupid, 0, 1); } foreach ($arr_groupid as $groupid_i => $subgroupid_i) { $data_group = $global_array_group[$groupid_i]; $require = ''; if ($data_group['is_require']) { $require = ' <span class="require">(*)</span>'; }
<?php /** * @Project NUKEVIET 3.x * @Author VINADES., JSC (contact@vinades.vn) * @Copyright (C) 2010 VINADES ., JSC. All rights reserved * @Createdate Dec 29, 2010 10:42:00 PM */ if (!defined('NV_IS_MOD_SHOPS')) { die('Stop!!!'); } die('dsf'); foreach ($array_order as $order_code => $order_data) { $payment_data = unserialize(nv_base64_decode($order_data['payment_data'])); $vpc_MerchTxnRef = $payment_data['vpc_MerchTxnRef']; $url = $payment_config['QueryDR_url'] . "?vpc_Version=" . $payment_config['vpc_Version'] . "&vpc_Command=queryDR&vpc_Merchant=" . $payment_config['vpc_Merchant'] . "&vpc_AccessCode=" . $payment_config['vpc_AccessCode'] . "&vpc_MerchTxnRef=" . $vpc_MerchTxnRef . "&vpc_User="******"&vpc_Password="******"&", urldecode($return)); $array = array(); foreach ($data as $data_i) { $data_i = array_map("trim", explode("=", $data_i)); $array[$data_i[0]] = $data_i[1]; } if ($array['vpc_DRExists'] == "Y") { if ($array['vpc_TxnResponseCode'] == '0') { $nv_transaction_status = 4; // Giao dich thanh cong } else { $nv_transaction_status = 3; // Giao dich bi huy }
/** * @Project NUKEVIET 4.x * @Author VINADES.,JSC (contact@vinades.vn) * @Copyright (C) 2014 VINADES., JSC. All rights reserved * @License GNU/GPL version 2 or any later version * @Createdate 3-6-2010 0:14 */ if (!defined('NV_IS_MOD_SHOPS')) { die('Stop!!!'); } $contents = ""; $payment = $nv_Request->get_string('payment', 'get', ''); // Kiem tra su ton tai cua cong thanh toan. if (file_exists(NV_ROOTDIR . "/modules/" . $module_file . "/payment/" . $payment . ".complete.php")) { // Lay thong tin config neu cong thanh toan duoc kich hoat. $stmt = $db->prepare("SELECT * FROM " . $db_config['prefix'] . "_" . $module_data . "_payment WHERE active=1 and payment= :payment"); $stmt->bindParam(':payment', $payment, PDO::PARAM_STR); $stmt->execute(); if ($stmt->rowCount()) { $row = $stmt->fetch(); $payment_config = unserialize(nv_base64_decode($row['config'])); $payment_config['paymentname'] = $row['paymentname']; $payment_config['domain'] = $row['domain']; // Xu ly thong tin require_once NV_ROOTDIR . "/modules/" . $module_file . "/payment/" . $payment . ".complete.php"; } } include NV_ROOTDIR . '/includes/header.php'; echo nv_site_theme($contents); include NV_ROOTDIR . '/includes/footer.php';
$xtpl->parse('main.unpay'); $action_pay = '&action=unpay'; } $xtpl->assign('LINK_PRINT', NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=print&order_id=' . $data_content['order_id'] . '&checkss=' . md5($data_content['order_id'] . $global_config['sitekey'] . session_id())); $xtpl->assign('URL_ACTIVE_PAY', NV_BASE_ADMINURL . 'index.php?' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=active_pay&order_id=' . $order_id . $action_pay); $xtpl->assign('URL_BACK', NV_BASE_ADMINURL . 'index.php?' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=or_view&order_id=' . $order_id); $array_data_payment = array(); $sql = 'SELECT * FROM ' . $db_config['prefix'] . '_' . $module_data . '_payment ORDER BY weight ASC'; $result = $db->query($sql); while ($row = $result->fetch()) { $payment = $row['payment']; $array_data_payment[$payment] = array('config' => array(), 'orders_id' => array(), 'data' => array()); $array_data_payment[$payment]['domain'] = $row['domain']; $array_data_payment[$payment]['paymentname'] = $row['paymentname']; if (file_exists(NV_ROOTDIR . '/modules/' . $module_file . '/payment/' . $payment . '.config.ini')) { $array_data_payment[$payment]['config'] = unserialize(nv_base64_decode($row['config'])); } } // Check lai cac don hang $checkpayment = $nv_Request->get_string('checkpayment', 'post,get', ''); if (!empty($checkpayment) and $checkpayment == md5($order_id . session_id() . $global_config['sitekey'])) { $order_code = $data_content['order_code']; require_once NV_ROOTDIR . '/modules/' . $module_file . '/payment/nganluong.class.php'; $payment_config = $array_data_payment['nganluong']['config']; $nl = new NL_Checkout($payment_config['checkout_url'], $payment_config['merchant_site'], $payment_config['secure_pass']); $transaction_i = $nl->checkOrder($payment_config['public_api_url'], $order_code, 0); if ($transaction_i !== false) { print_r($transaction_i); die; } }
$data_insert['last_name'] = $row['last_name']; $data_insert['question'] = $row['question']; $data_insert['answer'] = $row['answer']; $userid = $db->insert_id($sql, 'userid', $data_insert); if ($userid) { // Luu vao bang OpenID if (!empty($row['openid_info'])) { $reg_attribs = unserialize(nv_base64_decode($row['openid_info'])); $stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . $userid . ', :server, :opid , :email)'); $stmt->bindParam(':server', $reg_attribs['server'], PDO::PARAM_STR); $stmt->bindParam(':opid', $reg_attribs['opid'], PDO::PARAM_STR); $stmt->bindParam(':email', $reg_attribs['email'], PDO::PARAM_STR); $stmt->execute(); } $db->query('UPDATE ' . NV_GROUPS_GLOBALTABLE . ' SET numbers = numbers+1 WHERE group_id=4'); $users_info = unserialize(nv_base64_decode($row['users_info'])); $query_field = array(); $query_field['userid'] = $userid; $result_field = $db->query('SELECT * FROM ' . NV_USERS_GLOBALTABLE . '_field ORDER BY fid ASC'); while ($row_f = $result_field->fetch()) { $query_field[$row_f['field']] = isset($users_info[$row_f['field']]) ? $users_info[$row_f['field']] : $db->quote($row_f['default_value']); } if ($db->exec('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_info (' . implode(', ', array_keys($query_field)) . ') VALUES (' . implode(', ', array_values($query_field)) . ')')) { $db->query('DELETE FROM ' . NV_USERS_GLOBALTABLE . '_reg WHERE userid=' . $row['userid']); nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['active_users'], 'userid: ' . $userid . ' - username: '******'username'], $admin_info['userid']); $first_name = !empty($row['first_name']) ? $row['first_name'] : $row['username']; $subject = $lang_module['adduser_register']; $message = sprintf($lang_module['adduser_register_info'], $first_name, $global_config['site_name'], NV_MY_DOMAIN . nv_url_rewrite(NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name, true), $row['username']); @nv_sendmail($global_config['site_email'], $row['email'], $subject, $message); } else { $db->query('DELETE FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid=' . $row['userid']);
$subject = sprintf($lang_module['lostpass_email_subject'], $global_config['site_name']); $link_lostpass_content_email = NV_MY_DOMAIN . NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=' . $op . '&u=' . $row['userid'] . '&k=' . $k; $row['full_name'] = nv_show_name_user($row['first_name'], $row['last_name'], $row['username']); $message = sprintf($lang_module['lostpass_email_content'], $row['full_name'], $global_config['site_name'], $link_lostpass_content_email, $row['username']); $ok = nv_sendmail($global_config['site_email'], $row['email'], $subject, $message); if ($ok) { $sql = "UPDATE " . NV_USERS_GLOBALTABLE . " SET passlostkey='" . $passlostkey . "' WHERE userid=" . $row['userid']; $db->query($sql); if (!empty($check_email)) { $row['email'] = substr($row['email'], 0, 3) . '***' . substr($row['email'], -6); } $info = sprintf($lang_module['lostpass_content_mess'], $row['email']); } else { $info = $lang_global['error_sendmail']; } $nv_redirect = !empty($data['nv_redirect']) ? nv_base64_decode($data['nv_redirect']) : nv_url_rewrite(NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name, true); $contents = user_info_exit($info); $contents .= '<meta http-equiv="refresh" content="10;url=' . $nv_redirect . '" />'; include NV_ROOTDIR . '/includes/header.php'; echo nv_site_theme($contents); include NV_ROOTDIR . '/includes/footer.php'; } else { $step = 2; $error = $lang_module['answer_failed']; } } } else { $step = 1; $nv_Request->unset_request('lostpass_seccode', 'session'); $error = $lang_module['lostpass_no_info2']; }
$db->query('DELETE FROM ' . NV_BLOCKS_TABLE . '_weight WHERE bid=' . $row['bid'] . ' AND func_id in (' . implode(',', $array_funcid_old) . ')'); } foreach ($array_funcid as $func_id) { if (!in_array($func_id, $func_list)) { $sth = $db->prepare('SELECT MAX(t1.weight) FROM ' . NV_BLOCKS_TABLE . '_weight t1 INNER JOIN ' . NV_BLOCKS_TABLE . '_groups t2 ON t1.bid = t2.bid WHERE t1.func_id=' . $func_id . ' AND t2.theme= :theme AND t2.position= :position'); $sth->bindParam(':theme', $selectthemes, PDO::PARAM_STR); $sth->bindParam(':position', $row['position'], PDO::PARAM_STR); $sth->execute(); $weight = $sth->fetchColumn(); $weight = intval($weight) + 1; $db->query('INSERT INTO ' . NV_BLOCKS_TABLE . '_weight (bid, func_id, weight) VALUES (' . $row['bid'] . ', ' . $func_id . ', ' . $weight . ')'); } } nv_del_moduleCache('themes'); // Chuyen huong $xtpl->assign('BLOCKREDIRECT', nv_base64_decode($blockredirect)); $xtpl->parse('blockredirect'); $contents = $xtpl->text('blockredirect'); include NV_ROOTDIR . '/includes/header.php'; echo $contents; include NV_ROOTDIR . '/includes/footer.php'; die; } } elseif (!empty($row['bid'])) { $db->query('DELETE FROM ' . NV_BLOCKS_TABLE . '_groups WHERE bid=' . $row['bid']); $db->query('DELETE FROM ' . NV_BLOCKS_TABLE . '_weight WHERE bid=' . $row['bid']); nv_del_moduleCache('themes'); } } } $groups_view = explode(',', $row['groups_view']);
$array_where[] = '( regdate >= ' . $array['regdatefrom1'] . ' )'; } if (!empty($array['regdateto1'])) { $base_url .= '&regdateto=' . rawurlencode(nv_date('d/m/Y', $array['regdateto1'])); $array_where[] = '( regdate <= ' . $array['regdateto1'] . ' )'; } if (!empty($array['last_loginfrom1'])) { $base_url .= '&last_loginfrom=' . rawurlencode(nv_date('d/m/Y', $array['last_loginfrom1'])); $array_where[] = '( last_login >= ' . $array['last_loginfrom1'] . ' )'; } if (!empty($array['last_loginto1'])) { $base_url .= '&last_loginto=' . rawurlencode(nv_date('d/m/Y', $array['last_loginto1'])); $array_where[] = '( last_login <= ' . $array['last_loginto1'] . ' )'; } if (!empty($filtersql)) { $data_str = $crypt->aes_decrypt(nv_base64_decode($filtersql), md5($global_config['sitekey'] . $client_info['session_id'])); if (!empty($data_str)) { $array_where[] = $data_str; } } // Order data $orderida = array('url' => $orderid == 'ASC' ? $base_url . '&orderid=DESC' : $base_url . '&orderid=ASC', 'class' => $orderid == '' ? 'nooder' : strtolower($orderid)); $orderusernamea = array('url' => $orderusername == 'ASC' ? $base_url . '&orderusername=DESC' : $base_url . '&orderusername=ASC', 'class' => $orderusername == '' ? 'nooder' : strtolower($orderusername)); $orderemaila = array('url' => $orderemail == 'ASC' ? $base_url . '&orderemail=DESC' : $base_url . '&orderemail=ASC', 'class' => $orderemail == '' ? 'nooder' : strtolower($orderemail)); $orderregdatea = array('url' => $orderregdate == 'ASC' ? $base_url . '&orderregdate=DESC' : $base_url . '&orderregdate=ASC', 'class' => $orderregdate == '' ? 'nooder' : strtolower($orderregdate)); // SQL data $order_by = ''; if (!empty($orderid)) { $base_url .= '&orderid=' . $orderid; $order_by = 'userid ' . $orderid; } elseif (!empty($orderusername)) {
/** * nv_filter_product() * * @return */ function nv_filter_product($block_config) { global $nv_Request, $module_name, $lang_module, $module_info, $module_file, $module_upload, $db, $module_data, $db_config, $id, $catid, $pro_config, $global_config, $global_array_group, $global_array_shops_cat, $pro_config, $catid; $module = $block_config['module']; $array_id = $group_price = array(); $filter = $nv_Request->get_string('filter', 'get', ''); if (!empty($filter)) { $array_id = nv_base64_decode($filter); $array_id = unserialize($array_id); $array_id = array_map('intval', $array_id); } if ($block_config['display_group_price']) { $groupprice = $nv_Request->get_string('group_price', 'get', ''); if (!empty($groupprice)) { $group_price = nv_base64_decode($groupprice); $group_price = unserialize($group_price); } } $xtpl = new XTemplate('block.filter_product.tpl', NV_ROOTDIR . '/themes/' . $module_info['template'] . '/modules/' . $module_file); $xtpl->assign('LANG', $lang_module); $xtpl->assign('MONEY_UNIT', $pro_config['money_unit']); foreach ($global_array_group as $arr_group) { $space = ''; if (!empty($arr_group['image'])) { $arr_group['image'] = NV_BASE_SITEURL . NV_UPLOADS_DIR . '/' . $module_upload . '/' . $arr_group['image']; } if ($arr_group['lev'] > 0) { if ($global_array_group[$arr_group['parentid']]['inhome'] and $arr_group['inhome']) { for ($i = 1; $i <= $arr_group['lev']; $i++) { $space .= ' '; } $xtpl->assign('DATA', array('id' => $arr_group['groupid'], 'title' => $arr_group['title'], 'numpro' => $arr_group['numpro'], 'space' => $space, 'image' => $arr_group['image'], 'checked' => in_array($arr_group['groupid'], $array_id) ? 'checked="checked"' : '')); $xtpl->parse('main.loop.sub_group.checkbox'); if (!empty($arr_group['image'])) { $xtpl->parse('main.loop.sub_group.image'); } $xtpl->parse('main.loop.sub_group'); } else { $global_array_group[$arr_group['groupid']]['inhome'] = 0; } } elseif ($arr_group['inhome']) { $xtpl->assign('DATA', array('title' => $arr_group['title'], 'image' => $arr_group['image'])); if (!empty($arr_group['image'])) { $xtpl->parse('main.loop.main_group.image'); } $xtpl->parse('main.loop.main_group'); } $xtpl->parse('main.loop'); } if (!empty($pro_config['group_price']) and $block_config['display_group_price']) { if (!empty($catid) and isset($global_array_shops_cat[$catid]) and !empty($global_array_shops_cat[$catid]['group_price'])) { $price_value = explode(PHP_EOL, $global_array_shops_cat[$catid]['group_price']); } else { $price_value = explode(PHP_EOL, $pro_config['group_price']); } $price_value = array_map('floatval', $price_value); if (!empty($price_value)) { $price1 = $price2 = 0; $i = 0; foreach ($price_value as $value) { $price1 = $value; if (isset($price_value[$i + 1])) { $price2 = $price_value[$i + 1]; $price_key = $price1 . '-' . $price2; $price = array('price_key' => $price_key, 'price_value' => nv_number_format($price1) . ' - ' . nv_number_format($price2), 'checked' => in_array($price_key, $group_price) ? 'checked="checked"' : ''); } else { $price2 = 0; $price_key = $price1 . '-' . $price2; $price = array('price_key' => $price_key, 'price_value' => sprintf($lang_module['filter_price_from'], nv_number_format($price1)), 'checked' => in_array($price_key, $group_price) ? 'checked="checked"' : ''); } $xtpl->assign('PRICE', $price); $xtpl->parse('main.group_price.loop'); $i++; } $xtpl->parse('main.group_price'); } } if ($nv_Request->isset_request('filter', 'post')) { $array_id = $nv_Request->get_array('group_id', 'post', array()); $ext = ''; if (!empty($array_id)) { $array_id = nv_base64_encode(serialize($array_id)); $ext .= '&filter=' . $array_id; } if ($block_config['display_group_price']) { $array_price = $nv_Request->get_array('group_price', 'post', array()); if (!empty($array_price)) { $array_price = nv_base64_encode(serialize($array_price)); $ext .= '&group_price=' . $array_price; } } Header('Location: ' . NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=search_result' . $ext); } $xtpl->parse('main'); return $xtpl->text('main'); }
/** * nv_redirect_decrypt() * * @param tring $string * @param boolean $insite * @return string * */ function nv_redirect_decrypt($string, $insite = true) { global $global_config, $crypt, $client_info; if (empty($string)) { return ''; } if (preg_match('/[^a-z0-9\\-\\_\\,]/i', $string)) { return ''; } $string = nv_base64_decode($string); if (!$string) { return ''; } $url = $crypt->aes_decrypt($string, md5($global_config['sitekey'] . $client_info['session_id'])); if (empty($url)) { return ''; } if (preg_match('/^(http|https|ftp|gopher)\\:\\/\\//i', $url)) { if ($insite and !preg_match('/^' . nv_preg_quote(NV_MY_DOMAIN) . '/', $url)) { return ''; } if (!nv_is_url($url)) { return ''; } } elseif (!nv_is_url(NV_MY_DOMAIN . $url)) { return ''; } return $url; }
$page_title = sprintf($lang_module['seller_list'], $pro_info['title']); $db->sqlreset()->select('COUNT(*)')->from($db_config['prefix'] . '_' . $module_data . '_orders_id t1')->join(' INNER JOIN ' . $db_config['prefix'] . '_' . $module_data . '_orders t2 ON t1.order_id = t2.order_id')->where('t1.proid = ' . $pro_id); $num_items = $db->query($db->sql())->fetchColumn(); if (!$num_items) { Header('Location: ' . NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=items'); exit; } $xtpl = new XTemplate('seller.tpl', NV_ROOTDIR . '/themes/' . $global_config['module_theme'] . '/modules/' . $module_file); $xtpl->assign('LANG', $lang_module); $xtpl->assign('GLANG', $lang_global); $xtpl->assign('NV_BASE_ADMINURL', NV_BASE_ADMINURL); $xtpl->assign('NV_NAME_VARIABLE', NV_NAME_VARIABLE); $xtpl->assign('NV_OP_VARIABLE', NV_OP_VARIABLE); $xtpl->assign('MODULE_NAME', $module_name); $xtpl->assign('OP', $op); $xtpl->assign('C_LIST', nv_base64_decode($nv_redirect)); $db->select('t2.order_name, t2.order_email, t2.order_phone, t2.order_address, t2.unit_total, t2.order_time, t1.num, t1.price')->order('t1.order_id DESC')->limit($per_page)->offset(($page - 1) * $per_page); $sth = $db->prepare($db->sql()); $sth->execute(); $i = $page == 1 ? 0 : $page; $array_total = array('price' => 0, 'num' => 0, 'pro_unit' => $pro_config['money_unit'], 'product_unit' => $pro_info['product_unit']); while (list($order_name, $order_email, $order_phone, $order_address, $unit_total, $order_time, $num, $price) = $sth->fetch(3)) { $i++; $price = $price * $num; $array_total['price'] += $price; $array_total['num'] += $num; $xtpl->assign('ROW', array('no' => $i, 'order_name' => $order_name, 'order_email' => $order_email, 'order_phone' => $order_phone, 'order_address' => $order_address, 'num' => $num, 'price' => nv_number_format($price, nv_get_decimals($unit_total)), 'price_unit' => $unit_total, 'order_time' => nv_date('H:i d/m/Y', $order_time))); $xtpl->parse('main.loop'); } $generate_page = nv_generate_page($base_url, $num_items, $per_page, $page); if (!empty($generate_page)) {
foreach ($array_funcid as $func_id) { if (!in_array($func_id, $func_list)) { #insert if not exist in list list($maxweight) = $db->sql_fetchrow($db->sql_query("SELECT MAX(weight) FROM `" . NV_BLOCKS_TABLE . "` WHERE position='" . $position . "' AND func_id='" . $func_id . "'")); $sql = "INSERT INTO `" . NV_BLOCKS_TABLE . "` (`bid`, `groupbl`, `title` ,`link` ,`type` ,`file_path` ,`theme`, `template` ,`position` ,`exp_time` ,`active` , `groups_view`,`module`,`all_func`, `func_id` ,`weight`) VALUES (NULL, " . $db->dbescape($groupbl) . ", " . $db->dbescape($title) . ", " . $db->dbescape($link) . ", " . $db->dbescape($typeblock) . ", " . $db->dbescape_string($file_path) . ", " . $db->dbescape($selectthemes) . ", " . $db->dbescape($template) . "," . $db->dbescape($position) . ", " . $db->dbescape($exp_time) . "," . $active . ", " . $db->dbescape_string($groups_view) . ", " . $db->dbescape($xmodule) . ", " . $all_func . ", " . $db->dbescape($func_id) . "," . ($maxweight + 1) . ")"; $db->sql_query($sql); } } } } nv_del_moduleCache('themes'); if (empty($blockredirect)) { $blockredirect = 'index.php?' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=blocks'; } echo '<script type="text/javascript"> parent.location="' . nv_base64_decode($blockredirect) . '"; </script>'; die; } } if ($bid > 0 and $submit == 0) { $result = $db->sql_query("SELECT * FROM `" . NV_BLOCKS_TABLE . "` WHERE bid=" . $bid . ""); if ($db->sql_numrows($result) > 0) { $row = $db->sql_fetchrow($result); $row['xfile'] = $row['type'] == 'file' ? $row['file_path'] : ""; $row['xbanner'] = $row['type'] == 'banner' ? $row['file_path'] : ""; $row['xhtml'] = $row['type'] == 'html' ? $row['file_path'] : ""; if ($row['type'] == 'rss') { $array_rrs = explode("#@#", $row['file_path']); $row['xrss'] = $array_rrs[0]; $row['rss_setting_number'] = intval($array_rrs[1]);
/** * openidLogin_Res1() * Function thuc hien khi OpenID duoc nhan dien * * @param mixed $attribs * @return */ function openidLogin_Res1($attribs) { global $page_title, $key_words, $mod_title, $db, $crypt, $nv_Request, $lang_module, $lang_global, $module_name, $module_info, $global_config, $gfx_chk, $nv_redirect; $email = (isset($attribs['contact/email']) and nv_check_valid_email($attribs['contact/email']) == "") ? $attribs['contact/email'] : ""; if (empty($email)) { $nv_Request->unset_request('openid_attribs', 'session'); openidLogin_Res0($lang_module['logged_in_failed']); die; } $opid = $crypt->hash($attribs['id']); $query = "SELECT a.userid AS uid, a.email AS uemail, b.active AS uactive FROM `" . NV_USERS_GLOBALTABLE . "_openid` a, `" . NV_USERS_GLOBALTABLE . "` b \r\n WHERE a.opid=" . $db->dbescape($opid) . " \r\n AND a.email=" . $db->dbescape($email) . " \r\n AND a.userid=b.userid"; $result = $db->sql_query($query); $numrows = $db->sql_numrows($result); if ($numrows) { list($user_id, $op_email, $user_active) = $db->sql_fetchrow($result); $db->sql_freeresult($result); $nv_Request->unset_request('openid_attribs', 'session'); if ($op_email != $email) { openidLogin_Res0($lang_module['not_logged_in']); die; } if (!$user_active) { openidLogin_Res0($lang_module['login_no_active']); die; } $query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`=" . $db->dbescape($user_id); $result = $db->sql_query($query); $row = $db->sql_fetchrow($result); validUserLog($row, 1, $opid); $nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name; Header("Location: " . $nv_redirect); die; } $query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `email`=" . $db->dbescape($email); $result = $db->sql_query($query); $numrows = $db->sql_numrows($result); if ($numrows) { $nv_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); $login_allowed = false; if (empty($nv_row['password'])) { $nv_Request->unset_request('openid_attribs', 'session'); $login_allowed = true; } if ($nv_Request->isset_request('openid_account_confirm', 'post')) { $nv_Request->unset_request('openid_attribs', 'session'); if (defined('NV_IS_USER_FORUM') and file_exists(NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php')) { $nv_username = $nv_row['username']; $nv_password = $password; require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php'; if (empty($error)) { $login_allowed = true; } else { openidLogin_Res0($lang_module['openid_confirm_failed']); die; } } else { $password = $nv_Request->get_string('password', 'post', ''); $nv_seccode = filter_text_input('nv_seccode', 'post', ''); $nv_seccode = !$gfx_chk ? 1 : (nv_capcha_txt($nv_seccode) ? 1 : 0); if ($crypt->validate($password, $nv_row['password']) and $nv_seccode) { $login_allowed = true; } else { openidLogin_Res0($lang_module['openid_confirm_failed']); die; } } } if ($login_allowed) { $sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . intval($nv_row['userid']) . ", " . $db->dbescape($attribs['id']) . ", " . $db->dbescape($opid) . ", " . $db->dbescape($email) . ")"; $db->sql_query($sql); if (intval($nv_row['active']) != 1) { openidLogin_Res0($lang_module['login_no_active']); } else { validUserLog($nv_row, 1, $opid); Header("Location: " . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name); } die; } $page_title = $lang_module['openid_login']; $key_words = $module_info['keywords']; $mod_title = $lang_module['openid_login']; $lang_module['login_info'] = sprintf($lang_module['openid_confirm_info'], $email); $contents = openid_account_confirm($gfx_chk, $attribs); include NV_ROOTDIR . "/includes/header.php"; echo nv_site_theme($contents); include NV_ROOTDIR . "/includes/footer.php"; exit; } if ($global_config['allowuserreg'] == 2 or $global_config['allowuserreg'] == 3) { $query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "_reg` WHERE `email`=" . $db->dbescape($email); if ($global_config['allowuserreg'] == 2) { $query .= " AND `regdate`>" . (NV_CURRENTTIME - 86400); } $result = $db->sql_query($query); $numrows = $db->sql_numrows($result); if ($numrows) { if ($global_config['allowuserreg'] == 2) { $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($nv_Request->isset_request('openid_active_confirm', 'post')) { $nv_Request->unset_request('openid_attribs', 'session'); $password = $nv_Request->get_string('password', 'post', ''); $nv_seccode = filter_text_input('nv_seccode', 'post', ''); $nv_seccode = !$gfx_chk ? 1 : (nv_capcha_txt($nv_seccode) ? 1 : 0); if ($crypt->validate($password, $row['password']) and $nv_seccode) { $reg_attribs = set_reg_attribs($attribs); $sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "` (\r\n `userid`, `username`, `password`, `email`, `full_name`, `gender`, `photo`, `birthday`, `regdate`, `website`, \r\n `location`, `yim`, `telephone`, `fax`, `mobile`, `question`, `answer`, `passlostkey`, `view_mail`, `remember`, `in_groups`, \r\n `active`, `checknum`, `last_login`, `last_ip`, `last_agent`, `last_openid`) VALUES (\r\n NULL, \r\n " . $db->dbescape($row['username']) . ", \r\n " . $db->dbescape($row['password']) . ", \r\n " . $db->dbescape($row['email']) . ", \r\n " . $db->dbescape(!empty($row['full_name']) ? $row['full_name'] : $reg_attribs['full_name']) . ", \r\n " . $db->dbescape($reg_attribs['gender']) . ", \r\n '', 0, \r\n " . $db->dbescape($row['regdate']) . ", \r\n '', '', \r\n " . $db->dbescape($reg_attribs['yim']) . ", \r\n '', '', '', \r\n " . $db->dbescape($row['question']) . ", \r\n " . $db->dbescape($row['answer']) . ", \r\n '', 1, 1, '', 1, '', 0, '', '', '')"; $userid = $db->sql_query_insert_id($sql); if (!$userid) { openidLogin_Res0($lang_module['account_active_error']); die; } $sql = "DELETE FROM `" . NV_USERS_GLOBALTABLE . "_reg` WHERE `userid`=" . $db->dbescape($row['userid']); $db->sql_query($sql); $sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . $userid . ", " . $db->dbescape($attribs['id']) . ", " . $db->dbescape($opid) . ", " . $db->dbescape($email) . ")"; $db->sql_query($sql); $query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`=" . $db->dbescape($userid); $result = $db->sql_query($query); $row = $db->sql_fetchrow($result); validUserLog($row, 1, $opid); $info = $lang_module['account_active_ok'] . "<br /><br />\n"; $info .= "<img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n"; $info .= "[<a href=\"" . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "\">" . $lang_module['redirect_to_home'] . "</a>]"; $contents .= user_info_exit($info); $contents .= "<meta http-equiv=\"refresh\" content=\"2;url=" . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "\" />"; include NV_ROOTDIR . "/includes/header.php"; echo nv_site_theme($contents); include NV_ROOTDIR . "/includes/footer.php"; exit; } else { openidLogin_Res0($lang_module['openid_confirm_failed']); die; } } $page_title = $mod_title = $lang_module['openid_active_title']; $key_words = $module_info['keywords']; $lang_module['login_info'] = sprintf($lang_module['openid_active_confirm_info'], $email); $contents = openid_active_confirm($gfx_chk, $attribs); include NV_ROOTDIR . "/includes/header.php"; echo nv_site_theme($contents); include NV_ROOTDIR . "/includes/footer.php"; exit; } else { $nv_Request->unset_request('openid_attribs', 'session'); openidLogin_Res0($lang_module['account_register_to_admin']); die; } } } $option = $nv_Request->get_int('option', 'get', 0); if (!$global_config['allowuserreg']) { $option = 3; } $contents = ""; if ($option == 3) { $error = ""; if ($nv_Request->isset_request('nv_login', 'post')) { $nv_username = filter_text_input('nv_login', 'post', ''); $nv_password = filter_text_input('nv_password', 'post', ''); $nv_seccode = filter_text_input('nv_seccode', 'post', ''); $check_login = nv_check_valid_login($nv_username, NV_UNICKMAX, NV_UNICKMIN); $check_pass = nv_check_valid_pass($nv_password, NV_UPASSMAX, NV_UPASSMIN); $check_seccode = !$gfx_chk ? true : (nv_capcha_txt($nv_seccode) ? true : false); if (!$check_seccode) { $error = $lang_global['securitycodeincorrect']; } elseif (!empty($check_login)) { $error = $check_login; } elseif (!empty($check_pass)) { $error = $check_pass; } else { $sql = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `username`=" . $db->dbescape($nv_username); $result = $db->sql_query($sql); $numrows = $db->sql_numrows($result); if ($numrows != 1) { $error = $lang_global['loginincorrect']; } else { $row = $db->sql_fetchrow($result); if (empty($row['password']) or !$crypt->validate($nv_password, $row['password'])) { $error = $lang_global['loginincorrect']; } else { if (!$row['active']) { $error = $lang_module['login_no_active']; } else { $nv_Request->unset_request('openid_attribs', 'session'); $sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . intval($row['userid']) . ", " . $db->dbescape($attribs['id']) . ", " . $db->dbescape($opid) . ", " . $db->dbescape($email) . ")"; $db->sql_query($sql); validUserLog($row, 1, $opid); } } } } if (empty($error)) { $nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name; $info = $lang_module['login_ok'] . "<br /><br />\n"; $info .= "<img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n"; $info .= "[<a href=\"" . $nv_redirect . "\">" . $lang_module['redirect_to_back'] . "</a>]"; $contents .= user_info_exit($info); $contents .= "<meta http-equiv=\"refresh\" content=\"2;url=" . $nv_redirect . "\" />"; include NV_ROOTDIR . "/includes/header.php"; echo nv_site_theme($contents); include NV_ROOTDIR . "/includes/footer.php"; exit; } $array_login = array("nv_login" => $nv_username, "nv_password" => $nv_password, "nv_redirect" => $nv_redirect, 'login_info' => "<span style=\"color:#fb490b;\">" . $error . "</span>"); } else { $array_login = array("nv_login" => '', "nv_password" => '', 'login_info' => $lang_module['openid_note1'], "nv_redirect" => $nv_redirect); } $contents .= user_openid_login($gfx_chk, $array_login, $attribs); include NV_ROOTDIR . "/includes/header.php"; echo nv_site_theme($contents); include NV_ROOTDIR . "/includes/footer.php"; exit; } elseif ($option == 1 or $option == 2) { $nv_Request->unset_request('openid_attribs', 'session'); $reg_attribs = set_reg_attribs($attribs); if (empty($reg_attribs['username'])) { openidLogin_Res0($lang_module['logged_in_failed']); die; } if ($option == 2) { $sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "` \r\n (`userid`, `username`, `password`, `email`, `full_name`, `gender`, `photo`, `birthday`, \r\n `regdate`, `website`, `location`, `yim`, `telephone`, `fax`, `mobile`, `question`, `answer`, `passlostkey`, \r\n `view_mail`, `remember`, `in_groups`, `active`, `checknum`, `last_login`, `last_ip`, `last_agent`, `last_openid`) VALUES \r\n (\r\n NULL, \r\n " . $db->dbescape($reg_attribs['username']) . ", \r\n '', \r\n " . $db->dbescape($reg_attribs['email']) . ", \r\n " . $db->dbescape($reg_attribs['full_name']) . ", \r\n " . $db->dbescape(ucfirst($reg_attribs['gender'])) . ", \r\n '', 0, " . NV_CURRENTTIME . ", '', '', \r\n " . $db->dbescape($reg_attribs['yim']) . ", \r\n '', '', '', '', '', '', 0, 0, '', 1, '', 0, '', '', ''\r\n )"; $userid = $db->sql_query_insert_id($sql); if (!$userid) { openidLogin_Res0($lang_module['err_no_save_account']); die; } $query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`=" . $userid . " AND `active`=1"; $result = $db->sql_query($query); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); $sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . intval($row['userid']) . ", " . $db->dbescape($reg_attribs['openid']) . ", " . $db->dbescape($reg_attribs['opid']) . ", " . $db->dbescape($reg_attribs['email']) . ")"; $db->sql_query($sql); validUserLog($row, 1, $reg_attribs['opid']); $nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name; Header("Location: " . $nv_redirect); exit; } else { $reg_attribs = serialize($reg_attribs); $nv_Request->set_Session('reg_attribs', $reg_attribs); Header("Location: " . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=register&openid=1&nv_redirect=" . $nv_redirect); exit; } } $array_user_login = array(); if (!defined('NV_IS_USER_FORUM')) { $array_user_login[] = array("title" => $lang_module['openid_note3'], "link" => NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=login&server=" . $attribs['server'] . "&result=1&option=1&nv_redirect=" . $nv_redirect); $array_user_login[] = array("title" => $lang_module['openid_note4'], "link" => NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=login&server=" . $attribs['server'] . "&result=1&option=2&nv_redirect=" . $nv_redirect); } else { $array_user_login[] = array("title" => $lang_module['openid_note6'], "link" => NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=register&nv_redirect=" . $nv_redirect); } $array_user_login[] = array("title" => $lang_module['openid_note5'], "link" => NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=login&server=" . $attribs['server'] . "&result=1&option=3&nv_redirect=" . $nv_redirect); $contents .= user_openid_login2($attribs, $array_user_login); include NV_ROOTDIR . "/includes/header.php"; echo nv_site_theme($contents); include NV_ROOTDIR . "/includes/footer.php"; exit; }
/** * * @param string $module * @param integer $area * @param integer $id * @param int $allowed_comm * @param string $checkss * @param string $comment * @param int $sortcomm * @param string $base_url * @param boolean $form_login * @param int $status_comment * @return string */ function nv_theme_comment_module($module, $area, $id, $allowed_comm, $checkss, $comment, $sortcomm, $base_url, $form_login, $status_comment = '') { global $global_config, $module_file, $module_data, $module_config, $admin_info, $user_info, $lang_global, $client_info, $lang_module_comment, $module_name; $template = file_exists(NV_ROOTDIR . '/themes/' . $global_config['module_theme'] . '/modules/comment/main.tpl') ? $global_config['module_theme'] : 'default'; $templateCSS = file_exists(NV_ROOTDIR . '/themes/' . $global_config['module_theme'] . '/css/comment.css') ? $global_config['module_theme'] : 'default'; $templateJS = file_exists(NV_ROOTDIR . '/themes/' . $global_config['module_theme'] . '/js/comment.js') ? $global_config['module_theme'] : 'default'; $xtpl = new XTemplate('main.tpl', NV_ROOTDIR . '/themes/' . $template . '/modules/comment'); $xtpl->assign('LANG', $lang_module_comment); $xtpl->assign('GLANG', $lang_global); $xtpl->assign('TEMPLATE', $template); $xtpl->assign('TEMPLATE_CSS', $templateCSS); $xtpl->assign('TEMPLATE_JS', $templateJS); $xtpl->assign('CHECKSS_COMM', $checkss); $xtpl->assign('MODULE_COMM', $module); $xtpl->assign('MODULE_DATA', $module_data); $xtpl->assign('AREA_COMM', $area); $xtpl->assign('ID_COMM', $id); $xtpl->assign('ALLOWED_COMM', $allowed_comm); $xtpl->assign('BASE_URL_COMM', $base_url); if (defined('NV_COMM_ID')) { $xtpl->parse('main.header'); } // Order by comm for ($i = 0; $i <= 2; ++$i) { $xtpl->assign('OPTION', array('key' => $i, 'title' => $lang_module_comment['sortcomm_' . $i], 'selected' => $i == $sortcomm ? ' selected="selected"' : '')); $xtpl->parse('main.sortcomm'); } if (!empty($comment)) { $xtpl->assign('COMMENTCONTENT', $comment); $xtpl->parse('main.showContent'); } $allowed_comm = nv_user_in_groups($allowed_comm); if ($allowed_comm) { if (defined('NV_IS_USER')) { $xtpl->assign('NAME', $user_info['full_name']); $xtpl->assign('EMAIL', $user_info['email']); $xtpl->assign('DISABLED', ' disabled="disabled"'); } else { $xtpl->assign('NAME', ''); $xtpl->assign('EMAIL', ''); $xtpl->assign('DISABLED', ''); } $captcha = intval($module_config[$module]['captcha']); $show_captcha = true; if ($captcha == 0) { $show_captcha = false; } elseif ($captcha == 1 and defined('NV_IS_USER')) { $show_captcha = false; } elseif ($captcha == 2 and defined('NV_IS_MODADMIN')) { if (defined('NV_IS_SPADMIN')) { $show_captcha = false; } else { $adminscomm = explode(',', $module_config[$module]['adminscomm']); if (in_array($admin_info['admin_id'], $adminscomm)) { $show_captcha = false; } } } if ($show_captcha) { $xtpl->assign('N_CAPTCHA', $lang_global['securitycode']); $xtpl->assign('CAPTCHA_REFRESH', $lang_global['captcharefresh']); $xtpl->assign('GFX_NUM', NV_GFX_NUM); $xtpl->assign('GFX_WIDTH', NV_GFX_WIDTH); $xtpl->assign('GFX_WIDTH', NV_GFX_WIDTH); $xtpl->assign('GFX_HEIGHT', NV_GFX_HEIGHT); $xtpl->assign('CAPTCHA_REFR_SRC', NV_BASE_SITEURL . NV_ASSETS_DIR . '/images/refresh.png'); $xtpl->assign('SRC_CAPTCHA', NV_BASE_SITEURL . 'index.php?scaptcha=captcha&t=' . NV_CURRENTTIME); $xtpl->parse('main.allowed_comm.captcha'); } else { $xtpl->assign('GFX_NUM', 0); } if (!empty($status_comment)) { $status_comment = nv_base64_decode($status_comment); $xtpl->assign('STATUS_COMMENT', $status_comment); $xtpl->parse('main.allowed_comm.comment_result'); } $xtpl->parse('main.allowed_comm'); } elseif ($form_login['display']) { // Ajax login if ($form_login['list_groups'] == 4) { $xtpl->parse('main.form_login.message_login'); } else { $list_groups_name = ''; $list_groups = nv_groups_list_pub(); $form_login['list_groups'] = explode(',', $form_login['list_groups']); $i = 0; foreach ($form_login['list_groups'] as $group_id) { if (isset($list_groups[$group_id])) { if ($i == 0) { $list_groups_name .= $list_groups[$group_id]; } else { $list_groups_name .= ', ' . $list_groups[$group_id]; } $i++; } } $url_groups = NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=users&' . NV_OP_VARIABLE . '=editinfo'; $xtpl->assign('LANG_REG_GROUPS', sprintf($lang_module_comment['comment_register_groups'], $list_groups_name, $url_groups)); $xtpl->parse('main.form_login.message_register_group'); } $xtpl->parse('main.form_login'); } $xtpl->parse('main'); return $xtpl->text('main'); }
$module_upload = $module_info['module_upload']; $include_file = NV_ROOTDIR . '/modules/' . $module_file . '/funcs/main.php'; if (file_exists($include_file)) { // Tuy chon kieu giao dien if ($nv_Request->isset_request('nv' . NV_LANG_DATA . 'themever', 'get')) { $theme_type = $nv_Request->get_title('nv' . NV_LANG_DATA . 'themever', 'get', '', 1); $nv_redirect = $nv_Request->get_title('nv_redirect', 'get', ''); if (empty($global_config['switch_mobi_des'])) { $array_theme_type = array_diff($global_config['array_theme_type'], array('m')); } else { $array_theme_type = $global_config['array_theme_type']; } if (in_array($theme_type, $array_theme_type)) { $nv_Request->set_Cookie('nv' . NV_LANG_DATA . 'themever', $theme_type, NV_LIVE_COOKIE_TIME); } $nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA; Header('Location: ' . nv_url_rewrite($nv_redirect)); die; } // Xac dinh cac $op, $array_op $array_op = array(); if (!preg_match('/^[a-z0-9\\-\\_\\/\\+]+$/i', $op)) { Header('Location: ' . nv_url_rewrite(NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name, true)); die; } if ($op != 'main' and !isset($module_info['funcs'][$op])) { $array_op = explode('/', $op); $op = isset($module_info['funcs'][$array_op[0]]) ? $array_op[0] : 'main'; } $op_file = $op; // Xac dinh quyen dieu hanh module
/** * nv_redirect_decrypt() * * @param tring $string * @param boolean $insite * @return string * */ function nv_redirect_decrypt($string, $insite = true) { if (empty($string)) { return ''; } if (preg_match('/[^a-z0-9\\-\\_\\,]/i', $string)) { return ''; } $string = nv_base64_decode($string); if (!$string) { return ''; } global $crypt; $url = $crypt->aes_decrypt($string, NV_CHECK_SESSION); if (empty($url)) { return ''; } if (preg_match('/^(http|https|ftp|gopher)\\:\\/\\//i', $url)) { if ($insite and !preg_match('/^' . nv_preg_quote(NV_MY_DOMAIN) . '/', $url)) { return ''; } if (!nv_is_url($url)) { return ''; } } elseif (!nv_is_url(NV_MY_DOMAIN . $url)) { return ''; } return $url; }
$user_info['current_ip'] = $row['last_ip']; $user_info['last_openid'] = $row['last_openid']; //$user_info['last_ip'] = $user['last_ip']; $user_info['st_login'] = !empty($row['password']) ? true : false; //$user_info['current_mode'] = $user['current_mode']; $user_info['current_mode'] = 1; $user_info['valid_question'] = true; } else { $user_info = array(); } } } else { if ($nv_Request->get_bool('nvloginhash', 'cookie', false)) { $_user = $nv_Request->get_string('nvloginhash', 'cookie', ''); if (!empty($_user) and $global_config['allowuserlogin']) { $user = unserialize(nv_base64_decode($_user)); $strlen = NV_CRYPT_SHA1 == 1 ? 40 : 32; if (isset($user['userid']) and is_numeric($user['userid']) and $user['userid'] > 0) { if (isset($user['checknum']) and preg_match("/^[a-z0-9]{" . $strlen . "}\$/", $user['checknum'])) { $query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid` = " . $user['userid'] . " AND `active`=1"; $result = $db->sql_query($query); $numrows = $db->sql_numrows($result); if ($numrows == 1) { $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (strcasecmp($user['checknum'], $row['checknum']) == 0 and isset($user['current_agent']) and !empty($user['current_agent']) and strcasecmp($user['current_agent'], $row['last_agent']) == 0 and isset($user['current_ip']) and !empty($user['current_ip']) and strcasecmp($user['current_ip'], $row['last_ip']) == 0 and isset($user['current_login']) and !empty($user['current_login']) and strcasecmp($user['current_login'], intval($row['last_login'])) == 0) { $user_info['userid'] = intval($row['userid']); $user_info['username'] = $row['username']; $user_info['email'] = $row['email']; $user_info['full_name'] = $row['full_name']; $user_info['gender'] = $row['gender'];
include NV_ROOTDIR . "/includes/footer.php"; exit; } $subject = $lang_module['account_register']; $message = sprintf($lang_module['openid_register_info'], $reg_attribs['full_name'], $global_config['site_name'], NV_MY_DOMAIN . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name, $array_register['username'], $array_register['password'], $reg_attribs['openid']); $message .= "<br /><br />------------------------------------------------<br /><br />"; $message .= nv_EncString($message); @nv_sendmail($global_config['site_email'], $reg_attribs['email'], $subject, $message); $sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . $userid . ", " . $db->dbescape($reg_attribs['openid']) . ", " . $db->dbescape($reg_attribs['opid']) . ", " . $db->dbescape($reg_attribs['email']) . ")"; $db->sql_query($sql); $query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`=" . $userid . " AND `active`=1"; $result = $db->sql_query($query); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); validUserLog($row, 1, $reg_attribs['opid']); $nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name; Header("Location: " . $nv_redirect); exit; } $array_register['info'] = "<span style=\"color:#fb490b;\">" . $error . "</span>"; } else { $array_register['username'] = $reg_attribs['username']; $array_register['password'] = $array_register['re_password'] = $array_register['your_question'] = $array_register['answer'] = ""; $array_register['question'] = $array_register['agreecheck'] = 0; $array_register['info'] = $lang_module['openid_register']; } $array_register['agreecheck'] = $array_register['agreecheck'] ? " checked=\"checked\"" : ""; $sql = "SELECT `content` FROM `" . NV_USERS_GLOBALTABLE . "_config` WHERE `config`='siteterms_" . NV_LANG_DATA . "'"; $result = $db->sql_query($sql); list($siteterms) = $db->sql_fetchrow($result); $db->sql_freeresult();
<?php /** * @Project NUKEVIET 4.x * @Author VINADES.,JSC (contact@vinades.vn) * @Copyright (C) 2014 VINADES.,JSC. All rights reserved * @License GNU/GPL version 2 or any later version * @Createdate 2-10-2010 18:49 */ if (!defined('NV_IS_FILE_ADMIN')) { die('Stop!!!'); } $pid = $nv_Request->get_int('pid', 'get', 0); if ($pid == 0) { $cateid = $nv_Request->get_string('cid', 'get', ''); $cateid = nv_base64_decode($cateid); $cateid = unserialize($cateid); $cateid = $cateid ? $cateid : array(); $table = $db_config['prefix'] . "_" . $module_data . "_catalogs"; $sql = "SELECT catid, parentid, " . NV_LANG_DATA . "_title, lev, numsubcat FROM " . $table . " ORDER BY sort ASC"; $result_cat = $db->query($sql); $contents .= '<select class="form-control" style="width: 500px; min-height: 150px" name="cateid[]" multiple="multiple">'; while (list($catid_i, $parentid_i, $title_i, $lev_i, $numsubcat_i) = $result_cat->fetch(3)) { if ($numsubcat_i > 0 or $parentid_i == 0) { $xtitle_i = ""; if ($lev_i > 0) { for ($i = 1; $i <= $lev_i; $i++) { $xtitle_i .= " "; } } $select = in_array($catid_i, $cateid) ? " selected=\"selected\"" : "";
<?php /** * @Project NUKEVIET 4.x * @Author VINADES.,JSC (contact@vinades.vn) * @Copyright (C) 2014 VINADES.,JSC. All rights reserved * @License GNU/GPL version 2 or any later version * @Createdate 2-1-2010 22:5 */ if (!defined('NV_IS_FILE_EXTENSIONS')) { die('Stop!!!'); } $contents = ''; $array = $nv_Request->get_string('data', 'post', ''); $array = $array ? nv_base64_decode($array) : ''; if ($array and is_serialized_string($array)) { $array = @unserialize($array); } else { $array = array(); } $request = array(); $request['id'] = isset($array['id']) ? intval($array['id']) : 0; $request['fid'] = isset($array['compatible']['id']) ? intval($array['compatible']['id']) : 0; // Fixed request $request['lang'] = NV_LANG_INTERFACE; $request['basever'] = $global_config['version']; $request['mode'] = 'download'; if (empty($request['id']) or empty($request['fid']) or !isset($array['tid'])) { $contents = "ERR|" . $lang_module['download_error_preparam']; } else { $filename = NV_TEMPNAM_PREFIX . 'auto_' . md5($global_config['sitekey'] . session_id()) . '.zip';
foreach ($array_payment_other as $pay => $value) { if (!in_array($pay, $array_setting_payment_key)) { $value['link_edit'] = NV_BASE_ADMINURL . "index.php?" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=" . $op . "&payment=" . $value['payment']; $value['STT'] = $a; $xtpl->assign('ODATA_PM', $value); $xtpl->parse('main.olistpay.opaymentloop'); ++$a; } } if ($a > 1) { $xtpl->parse('main.olistpay'); } } if (!empty($data_pay)) { $xtpl->assign('EDITPAYMENT', sprintf($lang_module['editpayment'], $data_pay['payment'])); $array_config = unserialize(nv_base64_decode($data_pay['config'])); $arkey_title = array(); if (!empty($array_payment_other[$data_pay['payment']]['titlekey'])) { $arkey_title = $array_payment_other[$data_pay['payment']]['titlekey']; } foreach ($array_config as $key => $value) { if (isset($arkey_title[$key])) { $lang = (string) $arkey_title[$key]; } else { $lang = $key; } $value = $array_config[$key]; $xtpl->assign('CONFIG_LANG', $lang); $xtpl->assign('CONFIG_NAME', $key); $xtpl->assign('CONFIG_VALUE', $value); $xtpl->parse('main.paymentedit.config');
define('NV_REFSTAT_TABLE', NV_PREFIXLANG . '_referer_stats'); $sql = "SELECT lang, module, config_name, config_value FROM " . NV_CONFIG_GLOBALTABLE . " WHERE lang='" . NV_LANG_DATA . "' or (lang='sys' AND module='site') ORDER BY module ASC"; $list = $nv_Cache->db($sql, '', 'settings'); foreach ($list as $row) { if ($row['lang'] == NV_LANG_DATA and $row['module'] == 'global' or $row['lang'] == 'sys' and $row['module'] == 'site') { $global_config[$row['config_name']] = $row['config_value']; } else { $module_config[$row['module']][$row['config_name']] = $row['config_value']; } } if (empty($global_config['site_logo'])) { $global_config['site_logo'] = NV_ASSETS_DIR . '/images/logo.png'; } $global_config['ssl_https_modules'] = empty($global_config['ssl_https_modules']) ? array() : array_map("trim", explode(',', $global_config['ssl_https_modules'])); define('NV_MAIN_DOMAIN', in_array($global_config['site_domain'], $global_config['my_domains']) ? str_replace(NV_SERVER_NAME, $global_config['site_domain'], NV_MY_DOMAIN) : NV_MY_DOMAIN); $global_config['smtp_password'] = $crypt->aes_decrypt(nv_base64_decode($global_config['smtp_password'])); if ($sys_info['ini_set_support']) { ini_set('sendmail_from', $global_config['site_email']); } if (!isset($global_config['upload_checking_mode']) or !in_array($global_config['upload_checking_mode'], array('mild', 'lite', 'none'))) { $global_config['upload_checking_mode'] = 'strong'; } define('UPLOAD_CHECKING_MODE', $global_config['upload_checking_mode']); if (defined('NV_ADMIN')) { if (!file_exists(NV_ROOTDIR . '/includes/language/' . NV_LANG_DATA . '/global.php')) { if ($global_config['lang_multi']) { $nv_Request->set_Cookie('data_lang', $global_config['site_lang'], NV_LIVE_COOKIE_TIME); } Header('Location: ' . NV_BASE_ADMINURL); exit; }
/** * @param string $module * @param integer $area * @param integer $id * @param int $allowed_comm * @param string $checkss * @param string $comment * @param int $sortcomm * @param string $base_url * @param boolean $form_login * @param int $status_comment * @return string */ function nv_theme_comment_module($module, $area, $id, $allowed_comm, $checkss, $comment, $sortcomm, $base_url, $form_login, $status_comment = '') { global $global_config, $module_file, $module_data, $module_config, $admin_info, $user_info, $lang_global, $client_info, $lang_module_comment, $module_name; $template = file_exists(NV_ROOTDIR . '/themes/' . $global_config['module_theme'] . '/modules/comment/main.tpl') ? $global_config['module_theme'] : 'default'; $xtpl = new XTemplate('main.tpl', NV_ROOTDIR . '/themes/' . $template . '/modules/comment'); $xtpl->assign('LANG', $lang_module_comment); $xtpl->assign('GLANG', $lang_global); $xtpl->assign('TEMPLATE', $template); $xtpl->assign('CHECKSS_COMM', $checkss); $xtpl->assign('MODULE_COMM', $module); $xtpl->assign('MODULE_DATA', $module_data); $xtpl->assign('AREA_COMM', $area); $xtpl->assign('ID_COMM', $id); $xtpl->assign('ALLOWED_COMM', $allowed_comm); $xtpl->assign('BASE_URL_COMM', $base_url); if (defined('NV_COMM_ID')) { // Check call module js file if (file_exists(NV_ROOTDIR . '/themes/' . $template . '/js/comment.js')) { $xtpl->parse('main.header.jsfile'); } // Check call module css file if (file_exists(NV_ROOTDIR . '/themes/' . $template . '/css/comment.css')) { $xtpl->parse('main.header.cssfile'); } $xtpl->parse('main.header'); } // Order by comm for ($i = 0; $i <= 2; ++$i) { $xtpl->assign('OPTION', array('key' => $i, 'title' => $lang_module_comment['sortcomm_' . $i], 'selected' => $i == $sortcomm ? ' selected="selected"' : '')); $xtpl->parse('main.sortcomm'); } if (!empty($comment)) { $xtpl->assign('COMMENTCONTENT', $comment); $xtpl->parse('main.showContent'); } $allowed_comm = nv_user_in_groups($allowed_comm); if ($allowed_comm) { if (defined('NV_IS_USER')) { $xtpl->assign('NAME', $user_info['full_name']); $xtpl->assign('EMAIL', $user_info['email']); $xtpl->assign('DISABLED', ' disabled="disabled"'); } else { $xtpl->assign('NAME', ''); $xtpl->assign('EMAIL', ''); $xtpl->assign('DISABLED', ''); } $captcha = intval($module_config[$module]['captcha']); $show_captcha = true; if ($captcha == 0) { $show_captcha = false; } elseif ($captcha == 1 and defined('NV_IS_USER')) { $show_captcha = false; } elseif ($captcha == 2 and defined('NV_IS_MODADMIN')) { if (defined('NV_IS_SPADMIN')) { $show_captcha = false; } else { $adminscomm = explode(',', $module_config[$module]['adminscomm']); if (in_array($admin_info['admin_id'], $adminscomm)) { $show_captcha = false; } } } if ($show_captcha) { $xtpl->assign('N_CAPTCHA', $lang_global['securitycode']); $xtpl->assign('CAPTCHA_REFRESH', $lang_global['captcharefresh']); $xtpl->assign('GFX_NUM', NV_GFX_NUM); $xtpl->assign('GFX_WIDTH', NV_GFX_WIDTH); $xtpl->assign('GFX_WIDTH', NV_GFX_WIDTH); $xtpl->assign('GFX_HEIGHT', NV_GFX_HEIGHT); $xtpl->assign('CAPTCHA_REFR_SRC', NV_BASE_SITEURL . NV_FILES_DIR . '/images/refresh.png'); $xtpl->assign('SRC_CAPTCHA', NV_BASE_SITEURL . 'index.php?scaptcha=captcha&t=' . NV_CURRENTTIME); $xtpl->parse('main.allowed_comm.captcha'); } else { $xtpl->assign('GFX_NUM', 0); } if (!empty($status_comment)) { $status_comment = nv_base64_decode($status_comment); $xtpl->assign('STATUS_COMMENT', $status_comment); $xtpl->parse('main.allowed_comm.comment_result'); } $xtpl->parse('main.allowed_comm'); } elseif ($form_login) { $link_login = NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=users&' . NV_OP_VARIABLE . '=login&nv_redirect=' . nv_base64_encode($client_info['selfurl'] . '#formcomment'); $xtpl->assign('COMMENT_LOGIN', '<a title="' . $lang_global['loginsubmit'] . '" href="' . $link_login . '">' . $lang_module_comment['comment_login'] . '</a>'); $xtpl->parse('main.form_login'); } $xtpl->parse('main'); return $xtpl->text('main'); }
$price1_temp = ""; } if ($price2 == -1) { $price2_temp = ""; } $xtpl->assign('value_keyword', $keyword); $xtpl->assign('value_price1', $price1_temp); $xtpl->assign('value_price2', $price2_temp); if ($pro_config['active_price']) { $xtpl->parse('form.price'); } $xtpl->parse('form'); $contents = $xtpl->text('form'); if (!empty($groupid)) { $url .= '&filter=' . $groupid; $groupid = nv_base64_decode($groupid); $groupid = unserialize($groupid); $arr_id = array(); foreach ($groupid as $id_group) { $group = $global_array_group[$id_group]; $arr_id[$group['parentid']][] = $id_group; } $_sql = 'SELECT DISTINCT pro_id FROM ' . $db_config['prefix'] . '_' . $module_data . '_group_items WHERE '; $j = 1; foreach ($arr_id as $listid) { $a = sizeof($listid); if ($a > 0) { $arr_sql = array(); for ($i = 0; $i < $a; $i++) { $arr_sql[] = ' pro_id IN (SELECT pro_id FROM ' . $db_config['prefix'] . '_' . $module_data . '_group_items WHERE group_id=' . $listid[$i] . ')'; }
$stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . $userid . ', :server, :opid, :email )'); $stmt->bindParam(':server', $reg_attribs['server'], PDO::PARAM_STR); $stmt->bindParam(':opid', $reg_attribs['opid'], PDO::PARAM_STR); $stmt->bindParam(':email', $reg_attribs['email'], PDO::PARAM_STR); $stmt->execute(); $query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid=' . $userid . ' AND active=1'; $result = $db->query($query); $row = $result->fetch(); $result->closeCursor(); $current_mode = isset($reg_attribs['current_mode']) ? $reg_attribs['current_mode'] : 1; validUserLog($row, 1, $reg_attribs['opid'], $current_mode); $subject = $lang_module['account_register']; $message = sprintf($lang_module['openid_register_info'], $reg_attribs['first_name'], $global_config['site_name'], NV_MY_DOMAIN . NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name, $array_register['username'], $reg_attribs['openid']); @nv_sendmail($global_config['site_email'], $reg_attribs['email'], $subject, $message); nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['register'], $array_register['username'] . ' | ' . $client_info['ip'] . ' | OpenID', 0); $nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name; Header('Location: ' . $nv_redirect); exit; } $array_register['info'] = '<span style="color:#fb490b;">' . $error . '</span>'; } else { $array_register['username'] = $reg_attribs['username']; $array_register['password'] = $array_register['re_password'] = $array_register['your_question'] = $array_register['answer'] = ''; $array_register['question'] = $array_register['agreecheck'] = 0; $array_register['info'] = $lang_module['openid_register']; } $array_register['agreecheck'] = $array_register['agreecheck'] ? ' checked="checked"' : ''; $sql = "SELECT content FROM " . NV_USERS_GLOBALTABLE . "_config WHERE config='siteterms_" . NV_LANG_DATA . "'"; $result = $db->query($sql); $siteterms = $result->fetchColumn(); $result->closeCursor();
$array = !empty($array['body']) ? is_serialized_string($array['body']) ? unserialize($array['body']) : array() : array(); $error = ''; if (!empty(NV_Http::$error)) { $error = nv_http_get_lang(NV_Http::$error); } elseif (empty($array['status']) or !isset($array['error']) or !isset($array['data']) or !isset($array['pagination']) or !is_array($array['error']) or !is_array($array['data']) or !is_array($array['pagination']) or !empty($array['error']) and (!isset($array['error']['level']) or empty($array['error']['message']))) { $error = $lang_global['error_valid_response']; } elseif (!empty($array['error']['message'])) { $error = $array['error']['message']; } // Show error if (!empty($error)) { $xtpl->assign('ERROR', $error); $xtpl->parse('main.error'); $contents = $xtpl->text('main.error'); } else { // Save cookies nv_store_cookies(nv_object2array($cookies), $stored_cookies); $redirect = $request['redirect'] ? nv_base64_decode($request['redirect']) : NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name; $xtpl->assign('REDIRECT_LINK', $redirect); $xtpl->parse('main.ok'); $contents = $xtpl->text('main.ok'); } include NV_ROOTDIR . '/includes/header.php'; echo $contents; include NV_ROOTDIR . '/includes/footer.php'; } $xtpl->parse('main'); $contents = $xtpl->text('main'); include NV_ROOTDIR . '/includes/header.php'; echo nv_admin_theme($contents); include NV_ROOTDIR . '/includes/footer.php';
/** * openidLogin_Res1() * Function thuc hien khi OpenID duoc nhan dien * * @param mixed $attribs * @return */ function openidLogin_Res1($attribs) { global $page_title, $key_words, $mod_title, $db, $crypt, $nv_Request, $lang_module, $lang_global, $module_name, $module_info, $global_config, $gfx_chk, $nv_redirect, $op, $db_config; $email = (isset($attribs['contact/email']) and nv_check_valid_email($attribs['contact/email']) == '') ? $attribs['contact/email'] : ''; if (empty($email)) { $nv_Request->unset_request('openid_attribs', 'session'); openidLogin_Res0($lang_module['logged_in_failed']); die; } $opid = $crypt->hash($attribs['id']); $current_mode = isset($attribs['current_mode']) ? $attribs['current_mode'] : 1; $stmt = $db->prepare('SELECT a.userid AS uid, a.email AS uemail, b.active AS uactive FROM ' . NV_USERS_GLOBALTABLE . '_openid a, ' . NV_USERS_GLOBALTABLE . ' b WHERE a.opid= :opid AND a.email= :email AND a.userid=b.userid'); $stmt->bindParam(':opid', $opid, PDO::PARAM_STR); $stmt->bindParam(':email', $email, PDO::PARAM_STR); $stmt->execute(); list($user_id, $op_email, $user_active) = $stmt->fetch(3); if ($user_id) { $nv_Request->unset_request('openid_attribs', 'session'); if ($op_email != $email) { openidLogin_Res0($lang_module['not_logged_in']); die; } if (!$user_active) { openidLogin_Res0($lang_module['login_no_active']); die; } if (defined('NV_IS_USER_FORUM') and file_exists(NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/set_user_login.php')) { require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/set_user_login.php'; if (defined('NV_IS_USER_LOGIN_FORUM_OK')) { $nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name; } else { $nv_redirect = NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name; } } else { $query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid=' . $user_id; $row = $db->query($query)->fetch(); if (!empty($row)) { validUserLog($row, 1, $opid, $current_mode); $nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name; } else { $nv_redirect = NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name; } } Header('Location: ' . nv_url_rewrite($nv_redirect, true)); die; } $stmt = $db->prepare('SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE email= :email'); $stmt->bindParam(':email', $email, PDO::PARAM_STR); $stmt->execute(); $nv_row = $stmt->fetch(); if (!empty($nv_row)) { $login_allowed = false; if (empty($nv_row['password'])) { $nv_Request->unset_request('openid_attribs', 'session'); $login_allowed = true; } if ($nv_Request->isset_request('openid_account_confirm', 'post')) { $password = $nv_Request->get_string('password', 'post', ''); $nv_seccode = $nv_Request->get_title('nv_seccode', 'post', ''); $nv_seccode = !$gfx_chk ? 1 : (nv_capcha_txt($nv_seccode) ? 1 : 0); $nv_Request->unset_request('openid_attribs', 'session'); if (defined('NV_IS_USER_FORUM') and file_exists(NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php')) { $nv_username = $nv_row['username']; $nv_password = $password; require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php'; if (empty($error)) { $login_allowed = true; } else { openidLogin_Res0($lang_module['openid_confirm_failed']); die; } } else { if ($crypt->validate_password($password, $nv_row['password']) and $nv_seccode) { $login_allowed = true; } else { openidLogin_Res0($lang_module['openid_confirm_failed']); die; } } } if ($login_allowed) { $stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . intval($nv_row['userid']) . ', :server, :opid, :email )'); $stmt->bindParam(':server', $attribs['server'], PDO::PARAM_STR); $stmt->bindParam(':opid', $opid, PDO::PARAM_STR); $stmt->bindParam(':email', $email, PDO::PARAM_STR); $stmt->execute(); if (intval($nv_row['active']) != 1) { openidLogin_Res0($lang_module['login_no_active']); } else { validUserLog($nv_row, 1, $opid, $current_mode); Header('Location: ' . nv_url_rewrite(NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name, true)); } die; } $page_title = $lang_module['openid_login']; $key_words = $module_info['keywords']; $mod_title = $lang_module['openid_login']; $lang_module['login_info'] = sprintf($lang_module['openid_confirm_info'], $email); $contents = openid_account_confirm($gfx_chk, $attribs); include NV_ROOTDIR . '/includes/header.php'; echo nv_site_theme($contents); include NV_ROOTDIR . '/includes/footer.php'; exit; } if ($global_config['allowuserreg'] == 2 or $global_config['allowuserreg'] == 3) { $query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . '_reg WHERE email= :email'; if ($global_config['allowuserreg'] == 2) { $query .= ' AND regdate>' . (NV_CURRENTTIME - 86400); } $stmt = $db->prepare($query); $stmt->bindParam(':email', $email, PDO::PARAM_STR); $stmt->execute(); $row = $stmt->fetch(); if (!empty($row)) { if ($global_config['allowuserreg'] == 2) { if ($nv_Request->isset_request('openid_active_confirm', 'post')) { $nv_Request->unset_request('openid_attribs', 'session'); $password = $nv_Request->get_string('password', 'post', ''); $nv_seccode = $nv_Request->get_title('nv_seccode', 'post', ''); $nv_seccode = !$gfx_chk ? 1 : (nv_capcha_txt($nv_seccode) ? 1 : 0); if ($crypt->validate_password($password, $row['password']) and $nv_seccode) { $reg_attribs = set_reg_attribs($attribs); $sql = "INSERT INTO " . NV_USERS_GLOBALTABLE . " (\n\t\t\t\t\t\t\tusername, md5username, password, email, first_name, last_name, gender, photo, birthday, regdate,\n\t\t\t\t\t\t\tquestion, answer, passlostkey, view_mail, remember, in_groups,\n\t\t\t\t\t\t\tactive, checknum, last_login, last_ip, last_agent, last_openid, idsite) VALUES (\n\t\t\t\t\t\t\t:username,\n\t\t\t\t\t\t\t:md5username,\n\t\t\t\t\t\t\t:password,\n\t\t\t\t\t\t\t:email,\n\t\t\t\t\t\t\t:first_name,\n\t\t\t\t\t\t\t:last_name,\n\t\t\t\t\t\t\t:gender,\n\t\t\t\t\t\t\t'', 0,\n\t\t\t\t\t\t\t:regdate,\n\t\t\t\t\t\t\t:question,\n\t\t\t\t\t\t\t:answer,\n\t\t\t\t\t\t\t'', 1, 1, '', 1, '', 0, '', '', '', " . $global_config['idsite'] . ")"; $data_insert = array(); $data_insert['username'] = $row['username']; $data_insert['md5username'] = nv_md5safe($row['username']); $data_insert['password'] = $row['password']; $data_insert['email'] = $row['email']; $data_insert['first_name'] = $row['first_name']; $data_insert['last_name'] = $row['last_name']; $data_insert['gender'] = $reg_attribs['gender']; $data_insert['regdate'] = $row['regdate']; $data_insert['question'] = $row['question']; $data_insert['answer'] = $row['answer']; $userid = $db->insert_id($sql, 'userid', $data_insert); if (!$userid) { openidLogin_Res0($lang_module['account_active_error']); die; } $db->query('UPDATE ' . NV_GROUPS_GLOBALTABLE . ' SET numbers = numbers+1 WHERE group_id=4'); $stmt = $db->prepare('DELETE FROM ' . NV_USERS_GLOBALTABLE . '_reg WHERE userid= :userid'); $stmt->bindParam(':userid', $row['userid'], PDO::PARAM_STR); $stmt->execute(); $stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . $userid . ', :server, :opid, :email )'); $stmt->bindParam(':server', $attribs['server'], PDO::PARAM_STR); $stmt->bindParam(':opid', $opid, PDO::PARAM_STR); $stmt->bindParam(':email', $email, PDO::PARAM_STR); $stmt->execute(); $query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid=' . $userid; $result = $db->query($query); $row = $result->fetch(); validUserLog($row, 1, $opid, $current_mode); $info = $lang_module['account_active_ok'] . "<br /><br />\n"; $info .= "<img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n"; $info .= '[<a href="' . NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '">' . $lang_module['redirect_to_home'] . '</a>]'; $contents = user_info_exit($info); $contents .= '<meta http-equiv="refresh" content="2;url=' . nv_url_rewrite(NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name, true) . '" />'; include NV_ROOTDIR . '/includes/header.php'; echo nv_site_theme($contents); include NV_ROOTDIR . '/includes/footer.php'; exit; } else { openidLogin_Res0($lang_module['openid_confirm_failed']); die; } } $page_title = $mod_title = $lang_module['openid_activate_account']; $key_words = $module_info['keywords']; $lang_module['login_info'] = sprintf($lang_module['openid_active_confirm_info'], $email); $contents = openid_active_confirm($gfx_chk, $attribs); include NV_ROOTDIR . '/includes/header.php'; echo nv_site_theme($contents); include NV_ROOTDIR . '/includes/footer.php'; exit; } else { $nv_Request->unset_request('openid_attribs', 'session'); openidLogin_Res0($lang_module['account_register_to_admin']); die; } } } $option = $nv_Request->get_int('option', 'get', 0); if (!$global_config['allowuserreg']) { $option = 3; } $contents = ''; $page_title = $lang_module['openid_login']; if ($option == 3) { $error = ''; if ($nv_Request->isset_request('nv_login', 'post')) { $nv_username = $nv_Request->get_title('nv_login', 'post', '', 1); $nv_password = $nv_Request->get_title('nv_password', 'post', ''); $nv_seccode = $nv_Request->get_title('nv_seccode', 'post', ''); $check_seccode = !$gfx_chk ? true : (nv_capcha_txt($nv_seccode) ? true : false); if (!$check_seccode) { $error = $lang_global['securitycodeincorrect']; } elseif (empty($nv_username)) { $error = $lang_global['username_empty']; } elseif (empty($nv_password)) { $error = $lang_global['password_empty']; } else { if (defined('NV_IS_USER_FORUM')) { require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php'; } else { $error = $lang_global['loginincorrect']; $sql = "SELECT * FROM " . NV_USERS_GLOBALTABLE . " WHERE md5username ='******'"; $row = $db->query($sql)->fetch(); if (!empty($row)) { if ($row['username'] == $nv_username and $crypt->validate($nv_password, $row['password'])) { if (!$row['active']) { $error = $lang_module['login_no_active']; } else { $error = ''; $stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . intval($row['userid']) . ', :server, :opid, :email )'); $stmt->bindParam(':server', $attribs['server'], PDO::PARAM_STR); $stmt->bindParam(':opid', $opid, PDO::PARAM_STR); $stmt->bindParam(':email', $email, PDO::PARAM_STR); $stmt->execute(); validUserLog($row, 1, $opid); } } } } } if (empty($error)) { $nv_Request->unset_request('openid_attribs', 'session'); $nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name; $info = $lang_module['login_ok'] . "<br /><br />\n"; $info .= "<img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n"; $info .= '[<a href="' . $nv_redirect . '">' . $lang_module['redirect_to_back'] . '</a>]'; $contents .= user_info_exit($info); $contents .= '<meta http-equiv="refresh" content="2;url=' . nv_url_rewrite($nv_redirect, true) . '" />'; include NV_ROOTDIR . '/includes/header.php'; echo nv_site_theme($contents); include NV_ROOTDIR . '/includes/footer.php'; exit; } $array_login = array('nv_login' => $nv_username, 'nv_password' => $nv_password, 'nv_redirect' => $nv_redirect, 'login_info' => '<span style="color:#fb490b;">' . $error . '</span>'); } else { $array_login = array('nv_login' => '', 'nv_password' => '', 'login_info' => $lang_module['openid_note1'], 'nv_redirect' => $nv_redirect); } $contents .= user_openid_login($gfx_chk, $array_login, $attribs); include NV_ROOTDIR . '/includes/header.php'; echo nv_site_theme($contents); include NV_ROOTDIR . '/includes/footer.php'; exit; } elseif ($option == 1 or $option == 2) { $nv_Request->unset_request('openid_attribs', 'session'); $reg_attribs = set_reg_attribs($attribs); if (empty($reg_attribs['username'])) { openidLogin_Res0($lang_module['logged_in_failed']); die; } if ($option == 2) { // Dang nhap bang mot tai khoan do he thong tao tu dong $sql = "INSERT INTO " . NV_USERS_GLOBALTABLE . "\n\t\t\t\t(username, md5username, password, email, first_name, last_name, gender, photo, birthday, regdate,\n\t\t\t\tquestion, answer, passlostkey, view_mail, remember, in_groups,\n\t\t\t\tactive, checknum, last_login, last_ip, last_agent, last_openid, idsite) VALUES (\n\t\t\t\t:username,\n\t\t\t\t:md5username,\n\t\t\t\t'',\n\t\t\t\t:email,\n\t\t\t\t:first_name,\n\t\t\t\t:last_name,\n\t\t\t\t:gender,\n\t\t\t\t'', 0,\n\t\t\t\t" . NV_CURRENTTIME . ",\n\t\t\t\t'', '', '', 0, 0, '', 1, '', 0, '', '', '', " . intval($global_config['idsite']) . "\n\t\t\t)"; $data_insert = array(); $data_insert['username'] = $reg_attribs['username']; $data_insert['md5username'] = nv_md5safe($reg_attribs['username']); $data_insert['email'] = $reg_attribs['email']; $data_insert['first_name'] = $reg_attribs['first_name']; $data_insert['last_name'] = $reg_attribs['last_name']; $data_insert['gender'] = ucfirst($reg_attribs['gender'] ? $reg_attribs['gender'][0] : 'N'); $userid = $db->insert_id($sql, 'userid', $data_insert); if (!$userid) { openidLogin_Res0($lang_module['err_no_save_account']); die; } // Cap nhat so thanh vien $db->query('UPDATE ' . NV_GROUPS_GLOBALTABLE . ' SET numbers = numbers+1 WHERE group_id=4'); $query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid=' . $userid . ' AND active=1'; $result = $db->query($query); $row = $result->fetch(); $result->closeCursor(); // Luu vao bang thong tin tuy chinh $query_field = array(); $query_field['userid'] = $userid; $result_field = $db->query('SELECT * FROM ' . NV_USERS_GLOBALTABLE . '_field ORDER BY fid ASC'); while ($row_f = $result_field->fetch()) { $query_field[$row_f['field']] = $db->quote($row_f['default_value']); } $db->query('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_info (' . implode(', ', array_keys($query_field)) . ') VALUES (' . implode(', ', array_values($query_field)) . ')'); // Luu vao bang OpenID $stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . intval($row['userid']) . ', :server, :opid , :email)'); $stmt->bindParam(':server', $reg_attribs['server'], PDO::PARAM_STR); $stmt->bindParam(':opid', $reg_attribs['opid'], PDO::PARAM_STR); $stmt->bindParam(':email', $reg_attribs['email'], PDO::PARAM_STR); $stmt->execute(); validUserLog($row, 1, $reg_attribs['opid'], $current_mode); $nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name; Header('Location: ' . nv_url_rewrite($nv_redirect, true)); exit; } else { $reg_attribs = serialize($reg_attribs); $nv_Request->set_Session('reg_attribs', $reg_attribs); Header('Location: ' . nv_url_rewrite(NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=register&openid=1&nv_redirect=' . $nv_redirect, true)); exit; } } $array_user_login = array(); if (!defined('NV_IS_USER_FORUM')) { $array_user_login[] = array('title' => $lang_module['openid_note3'], 'link' => NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=login&server=' . $attribs['server'] . '&result=1&option=1&nv_redirect=' . $nv_redirect); $array_user_login[] = array('title' => $lang_module['openid_note4'], 'link' => NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=login&server=' . $attribs['server'] . '&result=1&option=2&nv_redirect=' . $nv_redirect); } else { $array_user_login[] = array('title' => $lang_module['openid_note6'], 'link' => NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=register&nv_redirect=' . $nv_redirect); } $array_user_login[] = array('title' => $lang_module['openid_note5'], 'link' => NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=login&server=' . $attribs['server'] . '&result=1&option=3&nv_redirect=' . $nv_redirect); $page_title = $lang_module['openid_login']; $key_words = $module_info['keywords']; $mod_title = $lang_module['openid_login']; $contents .= user_openid_login2($attribs, $array_user_login); include NV_ROOTDIR . '/includes/header.php'; echo nv_site_theme($contents); include NV_ROOTDIR . '/includes/footer.php'; exit; }
$array_where[] = '( regdate >= ' . $array['regdatefrom1'] . ' )'; } if (!empty($array['regdateto1'])) { $base_url .= '&regdateto=' . rawurlencode(nv_date('d/m/Y', $array['regdateto1'])); $array_where[] = '( regdate <= ' . $array['regdateto1'] . ' )'; } if (!empty($array['last_loginfrom1'])) { $base_url .= '&last_loginfrom=' . rawurlencode(nv_date('d/m/Y', $array['last_loginfrom1'])); $array_where[] = '( last_login >= ' . $array['last_loginfrom1'] . ' )'; } if (!empty($array['last_loginto1'])) { $base_url .= '&last_loginto=' . rawurlencode(nv_date('d/m/Y', $array['last_loginto1'])); $array_where[] = '( last_login <= ' . $array['last_loginto1'] . ' )'; } if (!empty($filtersql)) { $data_str = $crypt->aes_decrypt(nv_base64_decode($filtersql), NV_CHECK_SESSION); if (!empty($data_str)) { $array_where[] = $data_str; } } // Order data $orderida = array('url' => $orderid == 'ASC' ? $base_url . '&orderid=DESC' : $base_url . '&orderid=ASC', 'class' => $orderid == '' ? 'nooder' : strtolower($orderid)); $orderusernamea = array('url' => $orderusername == 'ASC' ? $base_url . '&orderusername=DESC' : $base_url . '&orderusername=ASC', 'class' => $orderusername == '' ? 'nooder' : strtolower($orderusername)); $orderemaila = array('url' => $orderemail == 'ASC' ? $base_url . '&orderemail=DESC' : $base_url . '&orderemail=ASC', 'class' => $orderemail == '' ? 'nooder' : strtolower($orderemail)); $orderregdatea = array('url' => $orderregdate == 'ASC' ? $base_url . '&orderregdate=DESC' : $base_url . '&orderregdate=ASC', 'class' => $orderregdate == '' ? 'nooder' : strtolower($orderregdate)); // SQL data $order_by = ''; if (!empty($orderid)) { $base_url .= '&orderid=' . $orderid; $order_by = 'userid ' . $orderid; } elseif (!empty($orderusername)) {