/** * create class * * @param string $id รหัส Antispam ถ้าเป็น null หมายถึงการสร้าง Antispam ใหม่, * ถ้ามีการกำหนดค่ามาจะใช้ในการตวจสอบ Antispam * @param int $len ความยาวของอักขระ Antispam (ค่าเริ่มต้น 4) */ public function __construct($id = null, $len = 4) { if ($id) { $this->antispamchar = (string) $id; } else { $this->antispamchar = Text::rndname(32); $_SESSION[$this->antispamchar] = Text::rndname($len); } }
/** * หน้าสมัครสมาชิก * * @param bool $modal true แสดงแบบ modal, false (default) แสดงหน้าเว็บปกติ * @return object */ public function register($modal = false) { $index = (object) array('canonical' => WEB_URL . 'index.php?module=register', 'topic' => Language::get('Create new account'), 'description' => self::$cfg->web_description); // antispam $antispamchar = Text::rndname(32); $_SESSION[$antispamchar] = Text::rndname(4); $template = Template::create('member', 'member', 'registerfrm'); $template->add(array('/<PHONE>(.*)<\\/PHONE>/isu' => empty(self::$cfg->member_phone) ? '' : '\\1', '/<IDCARD>(.*)<\\/IDCARD>/isu' => empty(self::$cfg->member_idcard) ? '' : '\\1', '/<INVITE>(.*)<\\/INVITE>/isu' => empty(self::$cfg->member_invitation) ? '' : '\\1', '/{TOPIC}/' => $index->topic, '/{LNG_([\\w\\s\\.\\-\'\\(\\),%\\/:&\\#;]+)}/e' => '\\Kotchasan\\Language::get(array(1=>"$1"))', '/{ANTISPAM}/' => $antispamchar, '/{WEBURL}/' => WEB_URL, '/{MODAL}/' => $modal ? 'true' : 'false', '/{INVITE}/' => self::$request->cookie('invite')->topic())); $index->detail = $template->render(); $index->keywords = $index->topic; if (isset(Gcms::$view)) { Gcms::$view->addBreadcrumb($index->canonical, Language::get('Register')); } return $index; }
/** * บันทึก */ public function save(Request $request) { // referer, session if ($request->initSession() && $request->isReferer()) { $ret = array(); // ค่าที่ส่งมา $email = $request->post('forgot_email')->url(); if ($email === '') { $ret['ret_forgot_email'] = Language::get('Please fill out this form'); } else { $search = $this->db()->createQuery()->from('user')->where(array(array('email', $email), array('fb', '0')))->toArray()->first('id', 'email'); if ($search === false) { $ret['ret_forgot_email'] = Language::get('not a registered user'); } } if (empty($ret)) { // รหัสผ่านใหม่ $password = Text::rndname(6); // ข้อมูลอีเมล์ $replace = array('/%PASSWORD%/' => $password, '/%EMAIL%/' => $search['email']); // send mail $err = Email::send(3, 'member', $replace, $search['email']); if (empty($err)) { // อัปเดทรหัสผ่านใหม่ $save = array('password' => md5($password . $search['email'])); $this->db()->createQuery()->update('user')->set($save)->where($search['id'])->execute(); // คืนค่า $ret['alert'] = Language::get('Your message was sent successfully'); $ret['ret_forgot_email'] = ''; $location = $request->post('modal')->url(); $ret['location'] = $location === 'true' ? 'close' : $location; } else { $ret['ret_forgot_email'] = $err; } } else { $ret['input'] = 'forgot_email'; } // คืนค่าเป็น JSON echo json_encode($ret); } }
public function chklogin(Request $request) { $data = $request->post('data')->toString(); if (!empty($data) && $request->initSession() && $request->isSafe()) { // สุ่มรหัสผ่านใหม่ $login_password = Text::rndname(6); // ข้อมูลที่ส่งมา $facebook_data = array(); foreach (explode('&', $data) as $item) { list($k, $v) = explode('=', $item); if ($k === 'gender') { $facebook_data['sex'] = $v === 'male' ? 'm' : 'f'; } elseif ($k === 'link') { $facebook_data['website'] = str_replace(array('http://', 'https://', 'www.'), '', $v); } elseif ($k === 'first_name') { $facebook_data['fname'] = $v; $facebook_data['displayname'] = $v; } elseif ($k === 'last_name') { $facebook_data['lname'] = $v; } elseif ($k === 'email') { $facebook_data['email'] = $v; } elseif ($k === 'id') { $fb_id = $v; } elseif ($k === 'birthday' && preg_match('/^([0-9]+)[\\/\\-]([0-9]+)[\\/\\-]([0-9]+)$/', $v, $match)) { $facebook_data['birthday'] = "{$match['3']}-{$match['1']}-{$match['2']}"; } } // ไม่มีอีเมล์ ใช้ id ของ Facebook if (empty($facebook_data['email'])) { $facebook_data['email'] = $fb_id; } // db $db = $this->db(); // table $user_table = $this->getFullTableName('user'); // ตรวจสอบสมาชิกกับ db $search = $db->createQuery()->from('user')->where(array('email', $facebook_data['email']), array('displayname', $facebook_data['displayname']), 'OR')->toArray()->first('id', 'email', 'visited', 'fb', 'website'); if ($search === false) { // ยังไม่เคยลงทะเบียน, ลงทะเบียนใหม่ $facebook_data['id'] = $db->getNextId($this->getTableName('user')); $facebook_data['fb'] = 1; $facebook_data['subscrib'] = 1; $facebook_data['visited'] = 0; $facebook_data['ip'] = $request->getClientIp(); $facebook_data['password'] = md5($login_password . $facebook_data['email']); $facebook_data['lastvisited'] = time(); $facebook_data['create_date'] = $facebook_data['lastvisited']; $facebook_data['icon'] = $facebook_data['id'] . '.jpg'; $facebook_data['country'] = 'TH'; $db->insert($user_table, $facebook_data); } elseif ($search['fb'] == 1) { // facebook เคยเยี่ยมชมแล้ว อัปเดทการเยี่ยมชม $facebook_data['visited'] = $search['visited'] + 1; $facebook_data['lastvisited'] = time(); $facebook_data['ip'] = $request->getClientIp(); $facebook_data['password'] = md5($login_password . $search['email']); $db->update($user_table, $search['id'], $facebook_data); } else { // ไม่สามารถ login ได้ เนื่องจากมี email อยู่ก่อนแล้ว $facebook_data = false; $ret['alert'] = str_replace(':name', Language::get('User'), Language::get('This :name is already registered')); $ret['isMember'] = 0; } if (is_array($facebook_data)) { // อัปเดท icon สมาชิก $data = @file_get_contents('https://graph.facebook.com/' . $fb_id . '/picture'); if ($data) { $f = @fopen(ROOT_PATH . self::$cfg->usericon_folder . $facebook_data['icon'], 'wb'); if ($f) { fwrite($f, $data); fclose($f); } } // login $facebook_data['password'] = $login_password; $_SESSION['login'] = $facebook_data; // clear $request->removeToken(); // reload $ret['isMember'] = 1; $u = $request->post('u')->toString(); if (preg_match('/module=(do)?login/', $u) || preg_match('/(do)?login\\.html/', $u)) { $ret['location'] = 'back'; } else { $ret['location'] = 'reload'; } } // คืนค่าเป็น json echo json_encode($ret); } }
/** * รับค่าจาก action */ public function action(Request $request) { if ($request->initSession() && $request->isReferer() && ($login = Login::isAdmin())) { if ($login['email'] == 'demo' || !empty($login['fb'])) { echo Language::get('Unable to complete the transaction'); } else { // รับค่าจากการ POST $action = $request->post('action')->toString(); // id ที่ส่งมา if (preg_match_all('/,?([0-9]+),?/', $request->post('id')->toString(), $match)) { // Model $model = new \Kotchasan\Model(); // ตาราง user $user_table = $model->getFullTableName('user'); if ($action === 'delete') { // ลบไอคอนสมาชิก $query = $model->db()->createQuery()->select('icon')->from('user')->where(array(array('id', $match[1]), array('id', '!=', 1), array('icon', '!=', ''))); foreach ($query->toArray()->execute() as $item) { @unlink(ROOT_PATH . self::$cfg->usericon_folder . $item['icon']); } // ลบสมาชิก $model->db()->delete($user_table, array(array('id', $match[1]), array('id', '!=', 1)), 0); } elseif ($action === 'accept') { // ยอมรับสมาชิกที่เลือก $model->db()->update($user_table, array(array('id', $match[1]), array('fb', '0')), array('activatecode' => '')); } elseif ($action === 'ban' || $action === 'unban') { // ระงับ/ยกเลิก การใช้งานสมาชิก $model->db()->update($user_table, array(array('id', $match[1]), array('id', '!=', 1)), array('ban' => $action == 'ban' ? 1 : 0)); } elseif ($action === 'activate' || $action === 'sendpassword') { // ส่งอีเมล์ยืนยันสมาชิก $query = $model->db()->createQuery()->select('id', 'email', 'activatecode')->from('user')->where(array(array('id', $match[1]), array('id', '!=', 1), array('fb', '0'))); $msgs = array(); foreach ($query->toArray()->execute() as $item) { // รหัสผ่านใหม่ $password = Text::rndname(6); // ข้อมูลอีเมล์ $replace = array('/%PASSWORD%/' => $password, '/%EMAIL%/' => $item['email']); $save = array('password' => md5($password . $item['email'])); if ($action === 'activate' || !empty($item['activatecode'])) { // activate หรือ ยังไม่ได้ activate $save['activatecode'] = empty($item['activatecode']) ? Text::rndname(32) : $item['activatecode']; $replace['/%ID%/'] = $save['activatecode']; // send mail $err = Email::send(1, 'member', $replace, $item['email']); } else { // send mail $err = Email::send(3, 'member', $replace, $item['email']); } $msgs = array(); if (empty($err)) { // อัปเดทรหัสผ่านใหม่ $model->db()->update($user_table, $item['id'], $save); } else { $msgs[] = $err; } if (empty($msgs)) { // ส่งอีเมล์ สำเร็จ echo Language::get('Your message was sent successfully'); } else { // มีข้อผิดพลาด echo implode("\n", $msgs); } } } elseif ($request->post('module')->toString() === 'status') { // เปลี่ยนสถานะสมาชิก $model->db()->update($user_table, array(array('id', $match[1]), array('id', '!=', 1), array('fb', '0')), array('status' => (int) $action)); } } } } }
/** * ฟังก์ชั่นส่งอีเมล์ลืมรหัสผ่าน */ public function forgot(Request $request) { // ค่าที่ส่งมา $email = $request->post('login_username')->url(); if (empty($email)) { if ($request->post('action')->toString() === 'forgot') { self::$login_message = Language::get('Please fill out this form'); } } else { self::$text_username = $email; // ค้นหาอีเมล์หรือโทรศัพท์ $model = new Model(); $user_table = $model->getFullTableName('user'); $search = $model->db()->first($user_table, array(array('email', $email), array('fb', '0'))); if ($search === false) { self::$login_message = Language::get('not a registered user'); } else { // รหัสผ่านใหม่ $password = Text::rndname(6); // ข้อมูลอีเมล์ $replace = array('/%PASSWORD%/' => $password, '/%EMAIL%/' => $search->email); // send mail $err = Email::send(3, 'member', $replace, $search->email); if (empty($err)) { // อัปเดทรหัสผ่านใหม่ $model->db()->update($user_table, (int) $search->id, array('password' => md5($password . $search->email))); // คืนค่า self::$login_message = Language::get('Your message was sent successfully'); self::$request = $request->withParsedBody(array('action' => 'login')); } else { self::$login_message = $err; } } } }
/** * บันทึก */ public function save(Request $request) { $ret = array(); // referer, session if ($request->initSession() && $request->isReferer()) { $antispam = new Antispam($request->post('register_antispamid')->toString()); if (!$antispam->valid($request->post('register_antispam')->toString())) { // Antispam ไม่ถูกต้อง $ret['ret_register_antispam'] = 'this'; $ret['input'] = 'register_antispam'; } else { // รับค่าจากการ POST $save = array(); foreach ($request->getParsedBody() as $key => $value) { $k = str_replace('register_', '', $key); switch ($k) { case 'email': $save['email'] = $request->post($key)->username(); break; case 'phone1': case 'idcard': $save[$k] = $request->post($key)->number(); break; case 'invite': $save[$k] = $request->post($key)->toInt(); break; case 'password': case 'repassword': case 'accept': case 'next': ${$k} = $request->post($key)->toString(); break; } } if ($accept === '1') { // ชื่อตาราง user $user_table = $this->getFullTableName('user'); // database connection $db = $this->db(); // ตรวจสอบค่าที่ส่งมา $input = false; // อีเมล์ if (empty($save['email'])) { $ret['ret_register_email'] = 'this'; $input = !$input ? 'register_email' : $input; } elseif (!Validator::email($save['email'])) { $ret['ret_register_email'] = str_replace(':name', Language::get('Email'), Language::get('Invalid :name')); $input = !$input ? 'register_email' : $input; } else { // ตรวจสอบอีเมล์ซ้ำ $search = $db->first($user_table, array('email', $save['email'])); if ($search !== false) { $ret['ret_register_email'] = str_replace(':name', Language::get('Email'), Language::get('This :name is already registered')); $input = !$input ? 'register_email' : $input; } else { $ret['ret_register_email'] = ''; } } // password if (mb_strlen($password) < 4) { // รหัสผ่านต้องไม่น้อยกว่า 4 ตัวอักษร $ret['ret_register_password'] = '******'; $input = !$input ? 'register_password' : $input; } elseif ($repassword != $password) { // ถ้าต้องการเปลี่ยนรหัสผ่าน กรุณากรอกรหัสผ่านสองช่องให้ตรงกัน $ret['ret_register_repassword'] = '******'; $input = !$input ? 'register_repassword' : $input; } else { $save['password'] = md5($password . $save['email']); $ret['ret_register_password'] = ''; $ret['ret_register_repassword'] = ''; } // phone1 if (!empty($save['phone1'])) { if (!preg_match('/[0-9]{9,10}/', $save['phone1'])) { $ret['ret_register_phone1'] = str_replace(':name', Language::get('phone number'), Language::get('Invalid :name')); $input = !$input ? 'register_phone1' : $input; } else { // ตรวจสอบโทรศัพท์ $search = $db->first($user_table, array('phone1', $save['phone1'])); if ($search !== false) { $ret['ret_register_phone1'] = str_replace(':name', Language::get('phone number'), Language::get('This :name is already registered')); $input = !$input ? 'register_phone1' : $input; } else { $ret['ret_register_phone1'] = ''; } } } elseif (self::$cfg->member_phone == 2) { $ret['ret_register_phone1'] = 'this'; $input = !$input ? 'register_phone1' : $input; } // idcard if (!empty($save['idcard'])) { if (!Validator::idCard($save['idcard'])) { $ret['ret_register_idcard'] = str_replace(':name', Language::get('Identification number'), Language::get('Invalid :name')); $input = !$input ? 'register_idcard' : $input; } else { // ตรวจสอบ idcard ซ้ำ $search = $db->first($user_table, array('idcard', $save['idcard'])); if ($search !== false) { $ret['ret_register_idcard'] = str_replace(':name', Language::get('Identification number'), Language::get('This :name is already registered')); $input = !$input ? 'register_idcard' : $input; } else { $ret['ret_register_idcard'] = ''; } } } elseif (self::$cfg->member_idcard == 2) { $ret['ret_idcard'] = 'this'; $input = !$input ? 'idcard' : $input; } // invite if (isset($save['invite'])) { $ret['ret_invite'] = ''; if (!empty($save['invite'])) { $search = $db->first($user_table, $save['invite']); if ($search === false) { $ret['ret_register_invite'] = str_replace(':name', Language::get('Invitation code'), Language::get('Invalid :name')); $input = !$input ? 'register_invite' : $input; } } } if (!$input) { $save['create_date'] = time(); $save['subscrib'] = 1; $save['status'] = 0; list($displayname, $domain) = explode('@', $save['email']); $save['displayname'] = $displayname; $a = 1; while (true) { if (false === $db->first($user_table, array('displayname', $save['displayname']))) { break; } else { $a++; $save['displayname'] = $displayname . $a; } } // รหัสยืนยัน $save['activatecode'] = empty(self::$cfg->user_activate) ? '' : Text::rndname(32); // บันทึกลงฐานข้อมูล $save['id'] = $db->insert($user_table, $save); // ส่งอีเมล์ $replace = array('/%EMAIL%/' => $save['email'], '/%PASSWORD%/' => $password, '/%ID%/' => $save['activatecode']); Email::send(empty(self::$cfg->user_activate) ? 2 : 1, 'member', $replace, $save['email']); if (empty(self::$cfg->user_activate)) { // login $save['password'] = $password; $_SESSION['login'] = $save; // แสดงข้อความตอบรับการสมัครสมาชิก $ret['alert'] = str_replace(':email', $save['email'], Language::get('Registration information sent to :email complete. We will take you to edit your profile')); // ถ้าไม่มีการกำหนดหน้าถัดไปมา ไปแก้ไขข้อมูลส่วนตัว $ret['location'] = isset($next) ? $next : WEB_URL . 'index.php?module=editprofile'; } else { // แสดงข้อความตอบรับการสมัครสมาชิก $ret['alert'] = str_replace(':email', $save['email'], Language::get('Register successfully, We have sent complete registration information to :email')); // ถ้าไม่มีการกำหนดหน้าถัดไปมา กลับไปหน้าหลักเว็บไซต์ $ret['location'] = isset($next) ? $next : WEB_URL . 'index.php'; } // clear antispam $antispam->delete(); } else { $ret['input'] = $input; } } } } // คืนค่าเป็น JSON if (!empty($ret)) { echo json_encode($ret); } }