/** * nv_check_username_reg() * Ham kiem tra ten dang nhap kha dung * * @param mixed $login * @return */ function nv_check_username_reg($login) { global $db, $db_config, $lang_module; $error = nv_check_valid_login($login, NV_UNICKMAX, NV_UNICKMIN); if ($error != '') { return preg_replace('/\\&(l|r)dquo\\;/', '', strip_tags($error)); } if ("'" . $login . "'" != $db->quote($login)) { return sprintf($lang_module['account_deny_name'], $login); } $sql = "SELECT content FROM " . NV_USERS_GLOBALTABLE . "_config WHERE config='deny_name'"; $result = $db->query($sql); $deny_name = $result->fetchColumn(); $result->closeCursor(); if (!empty($deny_name) and preg_match('/' . $deny_name . '/i', $login)) { return sprintf($lang_module['account_deny_name'], $login); } $stmt = $db->prepare('SELECT userid FROM ' . NV_USERS_GLOBALTABLE . ' WHERE md5username= :md5username'); $stmt->bindValue(':md5username', nv_md5safe($login), PDO::PARAM_STR); $stmt->execute(); if ($stmt->fetchColumn()) { return sprintf($lang_module['account_registered_name'], $login); } $stmt = $db->prepare('SELECT userid FROM ' . NV_USERS_GLOBALTABLE . '_reg WHERE md5username= :md5username'); $stmt->bindValue(':md5username', nv_md5safe($login), PDO::PARAM_STR); $stmt->execute(); if ($stmt->fetchColumn()) { return sprintf($lang_module['account_registered_name'], $login); } return ''; }
/** * nv_check_username_change() * * @param mixed $login * @return */ function nv_check_username_change($login) { global $db, $lang_module, $user_info, $db_config; $error = nv_check_valid_login($login, NV_UNICKMAX, NV_UNICKMIN); if ($error != '') { return preg_replace('/\\&(l|r)dquo\\;/', '', strip_tags($error)); } if ("'" . $login . "'" != $db->quote($login)) { return sprintf($lang_module['account_deny_name'], $login); } $sql = "SELECT content FROM " . NV_USERS_GLOBALTABLE . "_config WHERE config='deny_name'"; $result = $db->query($sql); $deny_name = $result->fetchColumn(); $result->closeCursor(); if (!empty($deny_name) and preg_match('/' . $deny_name . '/i', $login)) { return sprintf($lang_module['account_deny_name'], $login); } $sql = "SELECT userid FROM " . NV_USERS_GLOBALTABLE . " WHERE userid!=" . $user_info['userid'] . " AND md5username='******'"; if ($db->query($sql)->fetchColumn()) { return sprintf($lang_module['account_registered_name'], $login); } $sql = "SELECT userid FROM " . NV_USERS_GLOBALTABLE . "_reg WHERE userid!=" . $user_info['userid'] . " AND md5username='******'"; if ($db->query($sql)->fetchColumn()) { return sprintf($lang_module['account_registered_name'], $login); } return ''; }
function nv_check_username_change($login) { global $db, $lang_module, $user_info; $error = nv_check_valid_login($login, NV_UNICKMAX, NV_UNICKMIN); if ($login != $db->fixdb($login)) { return sprintf($lang_module['account_deny_name'], '<strong>' . $login . '</strong>'); } if ($error != "") { return $error; } $sql = "SELECT `content` FROM `" . NV_USERS_GLOBALTABLE . "_config` WHERE `config`='deny_name'"; $result = $db->sql_query($sql); list($deny_name) = $db->sql_fetchrow($result); $db->sql_freeresult(); if (!empty($deny_name) and preg_match("/" . $deny_name . "/i", $login)) { return sprintf($lang_module['account_deny_name'], '<strong>' . $login . '</strong>'); } $sql = "SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`!=" . $user_info['userid'] . " AND `username`=" . $db->dbescape($login); if ($db->sql_numrows($db->sql_query($sql)) != 0) { return sprintf($lang_module['account_registered_name'], '<strong>' . $login . '</strong>'); } $sql = "SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "_reg` WHERE `userid`!=" . $user_info['userid'] . " AND `username`=" . $db->dbescape($login); if ($db->sql_numrows($db->sql_query($sql)) != 0) { return sprintf($lang_module['account_registered_name'], '<strong>' . $login . '</strong>'); } return ""; }
function nv_check_username_reg($login) { global $db, $lang_module; $error = nv_check_valid_login($login, NV_UNICKMAX, NV_UNICKMIN); if ($error != "") { return preg_replace("/\\&(l|r)dquo\\;/", "", strip_tags($error)); } if ($login != $db->fixdb($login)) { return sprintf($lang_module['account_deny_name'], '<strong>' . $login . '</strong>'); } $sql = "SELECT `content` FROM `" . NV_USERS_GLOBALTABLE . "_config` WHERE `config`='deny_name'"; $result = $db->sql_query($sql); list($deny_name) = $db->sql_fetchrow($result); $db->sql_freeresult(); if (!empty($deny_name) and preg_match("/" . $deny_name . "/i", $login)) { return sprintf($lang_module['account_deny_name'], '<strong>' . $login . '</strong>'); } $sql = "SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `md5username`=" . $db->dbescape(md5($login)); if ($db->sql_numrows($db->sql_query($sql)) != 0) { return sprintf($lang_module['account_registered_name'], '<strong>' . $login . '</strong>'); } $sql = "SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "_reg` WHERE `md5username`=" . $db->dbescape(md5($login)); if ($db->sql_numrows($db->sql_query($sql)) != 0) { return sprintf($lang_module['account_registered_name'], '<strong>' . $login . '</strong>'); } return ""; }
} elseif ($step == 6) { $nextstep = 0; $error = ''; define('NV_USERS_GLOBALTABLE', $db_config['prefix'] . '_users'); // Bat dau phien lam viec cua MySQL $db = new NukeViet\Core\Database($db_config); if (!empty($db->error)) { $error = !empty($db->error['user_message']) ? $db->error['user_message'] : $db->error['message']; } $array_data['site_name'] = $nv_Request->get_title('site_name', 'post', $array_data['site_name'], 1); $array_data['nv_login'] = nv_substr($nv_Request->get_title('nv_login', 'post', $array_data['nv_login'], 1), 0, NV_UNICKMAX); $array_data['nv_email'] = $nv_Request->get_title('nv_email', 'post', $array_data['nv_email']); $array_data['nv_password'] = $nv_Request->get_title('nv_password', 'post', $array_data['nv_password']); $array_data['re_password'] = $nv_Request->get_title('re_password', 'post', $array_data['re_password']); $array_data['lang_multi'] = (int) $nv_Request->get_bool('lang_multi', 'post', $array_data['lang_multi']); $check_login = nv_check_valid_login($array_data['nv_login'], NV_UNICKMAX, NV_UNICKMIN); $check_pass = nv_check_valid_pass($array_data['nv_password'], NV_UPASSMAX, NV_UPASSMIN); $check_email = nv_check_valid_email($array_data['nv_email']); $array_data['question'] = $nv_Request->get_title('question', 'post', $array_data['question'], 1); $array_data['answer_question'] = $nv_Request->get_title('answer_question', 'post', $array_data['answer_question'], 1); $global_config['site_email'] = $array_data['nv_email']; if ($nv_Request->isset_request('nv_login,nv_password', 'post')) { if (empty($array_data['site_name'])) { $error = $lang_module['err_sitename']; } elseif (!empty($check_login)) { $error = $check_login; } elseif ("'" . $array_data['nv_login'] . "'" != $db->quote($array_data['nv_login'])) { $error = sprintf($lang_module['account_deny_name'], '<strong>' . $array_data['nv_login'] . '</strong>'); } elseif (!empty($check_email)) { $error = $check_email; } elseif (!empty($check_pass)) {
} else { $_user['password1'] = $_user['password2'] = ''; } $_user['question'] = nv_substr($nv_Request->get_title('question', 'post', '', 1), 0, 255); $_user['answer'] = nv_substr($nv_Request->get_title('answer', 'post', '', 1), 0, 255); $_user['first_name'] = nv_substr($nv_Request->get_title('first_name', 'post', '', 1), 0, 255); $_user['last_name'] = nv_substr($nv_Request->get_title('last_name', 'post', '', 1), 0, 255); $_user['gender'] = nv_substr($nv_Request->get_title('gender', 'post', '', 1), 0, 1); $_user['photo'] = nv_substr($nv_Request->get_title('photo', 'post', '', 1), 0, 255); $_user['view_mail'] = $nv_Request->get_int('view_mail', 'post', 0); $_user['sig'] = $nv_Request->get_textarea('sig', '', NV_ALLOWED_HTML_TAGS); $_user['birthday'] = $nv_Request->get_title('birthday', 'post'); $_user['in_groups'] = $nv_Request->get_typed_array('group', 'post', 'int'); $_user['delpic'] = $nv_Request->get_int('delpic', 'post', 0); $custom_fields = $nv_Request->get_array('custom_fields', 'post'); if ($_user['username'] != $row['username'] and ($error_username = nv_check_valid_login($_user['username'], NV_UNICKMAX, NV_UNICKMIN)) != '') { $error = $error_username; } elseif ("'" . $_user['username'] . "'" != $db->quote($_user['username'])) { $error = sprintf($lang_module['account_deny_name'], '<strong>' . $_user['username'] . '</strong>'); } elseif (($error_xemail = nv_check_valid_email($_user['email'])) != '') { $error = $error_xemail; } elseif ($db->query('SELECT userid FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid!=' . $userid . ' AND md5username='******'username'])))->fetchColumn()) { $error = $lang_module['edit_error_username_exist']; } elseif ($db->query('SELECT userid FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid!=' . $userid . ' AND email=' . $db->quote($_user['email']))->fetchColumn()) { $error = $lang_module['edit_error_email_exist']; } elseif ($db->query('SELECT userid FROM ' . NV_USERS_GLOBALTABLE . '_reg WHERE email=' . $db->quote($_user['email']))->fetchColumn()) { $error = $lang_module['edit_error_email_exist']; } elseif ($db->query('SELECT userid FROM ' . NV_USERS_GLOBALTABLE . '_openid WHERE userid!=' . $userid . ' AND email=' . $db->quote($_user['email']))->fetchColumn()) { $error = $lang_module['edit_error_email_exist']; } elseif (!empty($_user['password1']) and ($check_pass = nv_check_valid_pass($_user['password1'], NV_UPASSMAX, NV_UPASSMIN)) != '') { $error = $check_pass;
$_user['telephone'] = filter_text_input('telephone', 'post', '', 1, 100); $_user['fax'] = filter_text_input('fax', 'post', '', 1, 100); $_user['mobile'] = filter_text_input('mobile', 'post', '', 1, 100); $_user['view_mail'] = $nv_Request->get_int('view_mail', 'post', 0); $_user['sig'] = filter_text_textarea('sig', '', NV_ALLOWED_HTML_TAGS); $_user['birthday'] = filter_text_input('birthday', 'post', '', 1, 10); $_user['in_groups'] = $nv_Request->get_typed_array('group', 'post', 'int'); if (!empty($_user['website'])) { if (!preg_match("#^(http|https|ftp|gopher)\\:\\/\\/#", $_user['website'])) { $_user['website'] = "http://" . $_user['website']; } if (!nv_is_url($_user['website'])) { $_user['website'] = ""; } } if (($error_username = nv_check_valid_login($_user['username'], NV_UNICKMAX, NV_UNICKMIN)) != "") { $error = $error_username; } elseif ($_user['username'] != $db->fixdb($_user['username'])) { $error = sprintf($lang_module['account_deny_name'], '<strong>' . $_user['username'] . '</strong>'); } elseif (($error_xemail = nv_check_valid_email($_user['email'])) != "") { $error = $error_xemail; } elseif ($db->sql_numrows($db->sql_query("SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `md5username`=" . $db->dbescape(md5($_user['username'])))) != 0) { $error = $lang_module['edit_error_username_exist']; } elseif ($db->sql_numrows($db->sql_query("SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `email`=" . $db->dbescape($_user['email']))) != 0) { $error = $lang_module['edit_error_email_exist']; } elseif ($db->sql_numrows($db->sql_query("SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "_reg` WHERE `email`=" . $db->dbescape($_user['email']))) != 0) { $error = $lang_module['edit_error_email_exist']; } elseif ($db->sql_numrows($db->sql_query("SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "_openid` WHERE `email`=" . $db->dbescape($_user['email']))) != 0) { $error = $lang_module['edit_error_email_exist']; } elseif (($check_pass = nv_check_valid_pass($_user['password1'], NV_UPASSMAX, NV_UPASSMIN)) != "") { $error = $check_pass;
* @License GNU/GPL version 2 or any later version * @Createdate 3/24/2010 23:58 */ if (!defined('NV_IS_MOD_BANNERS')) { die('Stop!!!'); } if (defined('NV_IS_BANNER_CLIENT')) { die(' '); } if ($nv_Request->get_int('save', 'post') == '1') { $login = strip_tags($nv_Request->get_string('login', 'post', '')); $password = strip_tags($nv_Request->get_string('password', 'post', '')); if ($global_config['gfx_chk']) { $seccode = strip_tags($nv_Request->get_string('seccode', 'post', '')); } $check_login = nv_check_valid_login($login, NV_UNICKMAX, NV_UNICKMIN); $check_pass = nv_check_valid_pass($password, NV_UPASSMAX, NV_UPASSMIN); if (!empty($check_login)) { die('action'); } elseif (!empty($check_pass)) { die('action'); } elseif ($global_config['gfx_chk'] and !nv_capcha_txt($seccode)) { die('action'); } else { $stmt = $db->prepare('SELECT * FROM ' . NV_BANNERS_GLOBALTABLE . '_clients WHERE login = :login AND act=1'); $stmt->bindParam(':login', $login, PDO::PARAM_STR); $stmt->execute(); $row = $stmt->fetch(); if (empty($row)) { die('action'); } else {
$query = "REPLACE INTO `" . NV_CONFIG_GLOBALTABLE . "` (`lang`, `module`, `config_name`, `config_value`) VALUES('sys', 'global', " . $db->dbescape($config_name) . ", " . $db->dbescape($config_value) . ")"; $db->sql_query($query); } nv_save_file_config_global(); nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['save'] . " " . $lang_module['config'], "config", $admin_info['userid']); Header('Location: ' . NV_BASE_ADMINURL . 'index.php?' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=' . $op . '&rand=' . nv_genpass()); exit; } if ($nv_Request->isset_request('submituser', 'post')) { $uid = $nv_Request->get_int('uid', 'post', 0); $username = filter_text_input('username', 'post', '', 1); $password = filter_text_input('password', 'post', '', 1); $password2 = filter_text_input('password2', 'post', '', 1); $begintime1 = filter_text_input('begintime1', 'post', 0, 1); $endtime1 = filter_text_input('endtime1', 'post', 0, 1); $errorlogin = nv_check_valid_login($username, NV_UNICKMAX, NV_UNICKMIN); if (!empty($errorlogin)) { $error[] = $errorlogin; } elseif (preg_match("/[^a-zA-Z0-9_-]/", $username)) { $error[] = $lang_module['rule_user']; } if (!empty($password) or empty($uid)) { $errorpassword = nv_check_valid_pass($password, NV_UPASSMAX, NV_UPASSMIN); if (!empty($errorpassword)) { $error[] = $errorpassword; } if ($password != $password2) { $error[] = $lang_module['passwordsincorrect']; } elseif (preg_match("/[^a-zA-Z0-9_-]/", $password)) { $error[] = $lang_module['rule_pass']; }
$key_words = $module_info['keywords']; $data = array(); $data['checkss'] = md5($client_info['session_id'] . $global_config['sitekey']); $data['userField'] = nv_substr($nv_Request->get_title('userField', 'post', '', 1), 0, 100); $data['answer'] = nv_substr($nv_Request->get_title('answer', 'post', '', 1), 0, 255); $data['send'] = $nv_Request->get_bool('send', 'post', false); $data['nv_seccode'] = $nv_Request->get_title('nv_seccode', 'post', ''); $checkss = $nv_Request->get_title('checkss', 'post', ''); $seccode = $nv_Request->get_string('lostactivelink_seccode', 'session', ''); $step = 1; $error = $question = ''; if ($checkss == $data['checkss']) { if (!empty($seccode) and md5($data['nv_seccode']) == $seccode or nv_capcha_txt($data['nv_seccode'])) { if (!empty($data['userField'])) { $check_email = nv_check_valid_email($data['userField']); $check_login = nv_check_valid_login($data['userField'], NV_UNICKMAX, NV_UNICKMIN); if (!empty($check_email) and !empty($check_login)) { $step = 1; $nv_Request->unset_request('lostactivelink_seccode', 'session'); $error = $lang_module['lostactivelink_no_info2']; } else { $exp = NV_CURRENTTIME - 86400; if (empty($check_email)) { $sql = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . '_reg WHERE email= :userField AND regdate>' . $exp; } else { $sql = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . '_reg WHERE username= :userField AND regdate>' . $exp; } $stmt = $db->prepare($sql); $stmt->bindParam(':userField', $data['userField'], PDO::PARAM_STR); $stmt->execute(); $row = $stmt->fetch();
/** * openidLogin_Res1() * Function thuc hien khi OpenID duoc nhan dien * * @param mixed $attribs * @return */ function openidLogin_Res1($attribs) { global $page_title, $key_words, $mod_title, $db, $crypt, $nv_Request, $lang_module, $lang_global, $module_name, $module_info, $global_config, $gfx_chk, $nv_redirect; $email = (isset($attribs['contact/email']) and nv_check_valid_email($attribs['contact/email']) == "") ? $attribs['contact/email'] : ""; if (empty($email)) { $nv_Request->unset_request('openid_attribs', 'session'); openidLogin_Res0($lang_module['logged_in_failed']); die; } $opid = $crypt->hash($attribs['id']); $query = "SELECT a.userid AS uid, a.email AS uemail, b.active AS uactive FROM `" . NV_USERS_GLOBALTABLE . "_openid` a, `" . NV_USERS_GLOBALTABLE . "` b \r\n WHERE a.opid=" . $db->dbescape($opid) . " \r\n AND a.email=" . $db->dbescape($email) . " \r\n AND a.userid=b.userid"; $result = $db->sql_query($query); $numrows = $db->sql_numrows($result); if ($numrows) { list($user_id, $op_email, $user_active) = $db->sql_fetchrow($result); $db->sql_freeresult($result); $nv_Request->unset_request('openid_attribs', 'session'); if ($op_email != $email) { openidLogin_Res0($lang_module['not_logged_in']); die; } if (!$user_active) { openidLogin_Res0($lang_module['login_no_active']); die; } $query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`=" . $db->dbescape($user_id); $result = $db->sql_query($query); $row = $db->sql_fetchrow($result); validUserLog($row, 1, $opid); $nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name; Header("Location: " . $nv_redirect); die; } $query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `email`=" . $db->dbescape($email); $result = $db->sql_query($query); $numrows = $db->sql_numrows($result); if ($numrows) { $nv_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); $login_allowed = false; if (empty($nv_row['password'])) { $nv_Request->unset_request('openid_attribs', 'session'); $login_allowed = true; } if ($nv_Request->isset_request('openid_account_confirm', 'post')) { $nv_Request->unset_request('openid_attribs', 'session'); if (defined('NV_IS_USER_FORUM') and file_exists(NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php')) { $nv_username = $nv_row['username']; $nv_password = $password; require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php'; if (empty($error)) { $login_allowed = true; } else { openidLogin_Res0($lang_module['openid_confirm_failed']); die; } } else { $password = $nv_Request->get_string('password', 'post', ''); $nv_seccode = filter_text_input('nv_seccode', 'post', ''); $nv_seccode = !$gfx_chk ? 1 : (nv_capcha_txt($nv_seccode) ? 1 : 0); if ($crypt->validate($password, $nv_row['password']) and $nv_seccode) { $login_allowed = true; } else { openidLogin_Res0($lang_module['openid_confirm_failed']); die; } } } if ($login_allowed) { $sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . intval($nv_row['userid']) . ", " . $db->dbescape($attribs['id']) . ", " . $db->dbescape($opid) . ", " . $db->dbescape($email) . ")"; $db->sql_query($sql); if (intval($nv_row['active']) != 1) { openidLogin_Res0($lang_module['login_no_active']); } else { validUserLog($nv_row, 1, $opid); Header("Location: " . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name); } die; } $page_title = $lang_module['openid_login']; $key_words = $module_info['keywords']; $mod_title = $lang_module['openid_login']; $lang_module['login_info'] = sprintf($lang_module['openid_confirm_info'], $email); $contents = openid_account_confirm($gfx_chk, $attribs); include NV_ROOTDIR . "/includes/header.php"; echo nv_site_theme($contents); include NV_ROOTDIR . "/includes/footer.php"; exit; } if ($global_config['allowuserreg'] == 2 or $global_config['allowuserreg'] == 3) { $query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "_reg` WHERE `email`=" . $db->dbescape($email); if ($global_config['allowuserreg'] == 2) { $query .= " AND `regdate`>" . (NV_CURRENTTIME - 86400); } $result = $db->sql_query($query); $numrows = $db->sql_numrows($result); if ($numrows) { if ($global_config['allowuserreg'] == 2) { $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($nv_Request->isset_request('openid_active_confirm', 'post')) { $nv_Request->unset_request('openid_attribs', 'session'); $password = $nv_Request->get_string('password', 'post', ''); $nv_seccode = filter_text_input('nv_seccode', 'post', ''); $nv_seccode = !$gfx_chk ? 1 : (nv_capcha_txt($nv_seccode) ? 1 : 0); if ($crypt->validate($password, $row['password']) and $nv_seccode) { $reg_attribs = set_reg_attribs($attribs); $sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "` (\r\n `userid`, `username`, `password`, `email`, `full_name`, `gender`, `photo`, `birthday`, `regdate`, `website`, \r\n `location`, `yim`, `telephone`, `fax`, `mobile`, `question`, `answer`, `passlostkey`, `view_mail`, `remember`, `in_groups`, \r\n `active`, `checknum`, `last_login`, `last_ip`, `last_agent`, `last_openid`) VALUES (\r\n NULL, \r\n " . $db->dbescape($row['username']) . ", \r\n " . $db->dbescape($row['password']) . ", \r\n " . $db->dbescape($row['email']) . ", \r\n " . $db->dbescape(!empty($row['full_name']) ? $row['full_name'] : $reg_attribs['full_name']) . ", \r\n " . $db->dbescape($reg_attribs['gender']) . ", \r\n '', 0, \r\n " . $db->dbescape($row['regdate']) . ", \r\n '', '', \r\n " . $db->dbescape($reg_attribs['yim']) . ", \r\n '', '', '', \r\n " . $db->dbescape($row['question']) . ", \r\n " . $db->dbescape($row['answer']) . ", \r\n '', 1, 1, '', 1, '', 0, '', '', '')"; $userid = $db->sql_query_insert_id($sql); if (!$userid) { openidLogin_Res0($lang_module['account_active_error']); die; } $sql = "DELETE FROM `" . NV_USERS_GLOBALTABLE . "_reg` WHERE `userid`=" . $db->dbescape($row['userid']); $db->sql_query($sql); $sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . $userid . ", " . $db->dbescape($attribs['id']) . ", " . $db->dbescape($opid) . ", " . $db->dbescape($email) . ")"; $db->sql_query($sql); $query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`=" . $db->dbescape($userid); $result = $db->sql_query($query); $row = $db->sql_fetchrow($result); validUserLog($row, 1, $opid); $info = $lang_module['account_active_ok'] . "<br /><br />\n"; $info .= "<img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n"; $info .= "[<a href=\"" . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "\">" . $lang_module['redirect_to_home'] . "</a>]"; $contents .= user_info_exit($info); $contents .= "<meta http-equiv=\"refresh\" content=\"2;url=" . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "\" />"; include NV_ROOTDIR . "/includes/header.php"; echo nv_site_theme($contents); include NV_ROOTDIR . "/includes/footer.php"; exit; } else { openidLogin_Res0($lang_module['openid_confirm_failed']); die; } } $page_title = $mod_title = $lang_module['openid_active_title']; $key_words = $module_info['keywords']; $lang_module['login_info'] = sprintf($lang_module['openid_active_confirm_info'], $email); $contents = openid_active_confirm($gfx_chk, $attribs); include NV_ROOTDIR . "/includes/header.php"; echo nv_site_theme($contents); include NV_ROOTDIR . "/includes/footer.php"; exit; } else { $nv_Request->unset_request('openid_attribs', 'session'); openidLogin_Res0($lang_module['account_register_to_admin']); die; } } } $option = $nv_Request->get_int('option', 'get', 0); if (!$global_config['allowuserreg']) { $option = 3; } $contents = ""; if ($option == 3) { $error = ""; if ($nv_Request->isset_request('nv_login', 'post')) { $nv_username = filter_text_input('nv_login', 'post', ''); $nv_password = filter_text_input('nv_password', 'post', ''); $nv_seccode = filter_text_input('nv_seccode', 'post', ''); $check_login = nv_check_valid_login($nv_username, NV_UNICKMAX, NV_UNICKMIN); $check_pass = nv_check_valid_pass($nv_password, NV_UPASSMAX, NV_UPASSMIN); $check_seccode = !$gfx_chk ? true : (nv_capcha_txt($nv_seccode) ? true : false); if (!$check_seccode) { $error = $lang_global['securitycodeincorrect']; } elseif (!empty($check_login)) { $error = $check_login; } elseif (!empty($check_pass)) { $error = $check_pass; } else { $sql = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `username`=" . $db->dbescape($nv_username); $result = $db->sql_query($sql); $numrows = $db->sql_numrows($result); if ($numrows != 1) { $error = $lang_global['loginincorrect']; } else { $row = $db->sql_fetchrow($result); if (empty($row['password']) or !$crypt->validate($nv_password, $row['password'])) { $error = $lang_global['loginincorrect']; } else { if (!$row['active']) { $error = $lang_module['login_no_active']; } else { $nv_Request->unset_request('openid_attribs', 'session'); $sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . intval($row['userid']) . ", " . $db->dbescape($attribs['id']) . ", " . $db->dbescape($opid) . ", " . $db->dbescape($email) . ")"; $db->sql_query($sql); validUserLog($row, 1, $opid); } } } } if (empty($error)) { $nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name; $info = $lang_module['login_ok'] . "<br /><br />\n"; $info .= "<img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n"; $info .= "[<a href=\"" . $nv_redirect . "\">" . $lang_module['redirect_to_back'] . "</a>]"; $contents .= user_info_exit($info); $contents .= "<meta http-equiv=\"refresh\" content=\"2;url=" . $nv_redirect . "\" />"; include NV_ROOTDIR . "/includes/header.php"; echo nv_site_theme($contents); include NV_ROOTDIR . "/includes/footer.php"; exit; } $array_login = array("nv_login" => $nv_username, "nv_password" => $nv_password, "nv_redirect" => $nv_redirect, 'login_info' => "<span style=\"color:#fb490b;\">" . $error . "</span>"); } else { $array_login = array("nv_login" => '', "nv_password" => '', 'login_info' => $lang_module['openid_note1'], "nv_redirect" => $nv_redirect); } $contents .= user_openid_login($gfx_chk, $array_login, $attribs); include NV_ROOTDIR . "/includes/header.php"; echo nv_site_theme($contents); include NV_ROOTDIR . "/includes/footer.php"; exit; } elseif ($option == 1 or $option == 2) { $nv_Request->unset_request('openid_attribs', 'session'); $reg_attribs = set_reg_attribs($attribs); if (empty($reg_attribs['username'])) { openidLogin_Res0($lang_module['logged_in_failed']); die; } if ($option == 2) { $sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "` \r\n (`userid`, `username`, `password`, `email`, `full_name`, `gender`, `photo`, `birthday`, \r\n `regdate`, `website`, `location`, `yim`, `telephone`, `fax`, `mobile`, `question`, `answer`, `passlostkey`, \r\n `view_mail`, `remember`, `in_groups`, `active`, `checknum`, `last_login`, `last_ip`, `last_agent`, `last_openid`) VALUES \r\n (\r\n NULL, \r\n " . $db->dbescape($reg_attribs['username']) . ", \r\n '', \r\n " . $db->dbescape($reg_attribs['email']) . ", \r\n " . $db->dbescape($reg_attribs['full_name']) . ", \r\n " . $db->dbescape(ucfirst($reg_attribs['gender'])) . ", \r\n '', 0, " . NV_CURRENTTIME . ", '', '', \r\n " . $db->dbescape($reg_attribs['yim']) . ", \r\n '', '', '', '', '', '', 0, 0, '', 1, '', 0, '', '', ''\r\n )"; $userid = $db->sql_query_insert_id($sql); if (!$userid) { openidLogin_Res0($lang_module['err_no_save_account']); die; } $query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`=" . $userid . " AND `active`=1"; $result = $db->sql_query($query); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); $sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . intval($row['userid']) . ", " . $db->dbescape($reg_attribs['openid']) . ", " . $db->dbescape($reg_attribs['opid']) . ", " . $db->dbescape($reg_attribs['email']) . ")"; $db->sql_query($sql); validUserLog($row, 1, $reg_attribs['opid']); $nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name; Header("Location: " . $nv_redirect); exit; } else { $reg_attribs = serialize($reg_attribs); $nv_Request->set_Session('reg_attribs', $reg_attribs); Header("Location: " . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=register&openid=1&nv_redirect=" . $nv_redirect); exit; } } $array_user_login = array(); if (!defined('NV_IS_USER_FORUM')) { $array_user_login[] = array("title" => $lang_module['openid_note3'], "link" => NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=login&server=" . $attribs['server'] . "&result=1&option=1&nv_redirect=" . $nv_redirect); $array_user_login[] = array("title" => $lang_module['openid_note4'], "link" => NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=login&server=" . $attribs['server'] . "&result=1&option=2&nv_redirect=" . $nv_redirect); } else { $array_user_login[] = array("title" => $lang_module['openid_note6'], "link" => NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=register&nv_redirect=" . $nv_redirect); } $array_user_login[] = array("title" => $lang_module['openid_note5'], "link" => NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=login&server=" . $attribs['server'] . "&result=1&option=3&nv_redirect=" . $nv_redirect); $contents .= user_openid_login2($attribs, $array_user_login); include NV_ROOTDIR . "/includes/header.php"; echo nv_site_theme($contents); include NV_ROOTDIR . "/includes/footer.php"; exit; }