}
$fphone = filter_text_input('fphone', 'post', '', 1, 100);
$fcon = filter_text_textarea('fcon', '', NV_ALLOWED_HTML_TAGS);
$fcode = filter_text_input('fcode', 'post', '');
$check_valid_email = nv_check_valid_email($femail);
if (empty($fname)) {
$error = $lang_module['error_fullname'];
} elseif (!empty($check_valid_email)) {
$error = $check_valid_email;
} elseif (empty($ftitle)) {
$error = $lang_module['error_title'];
} elseif (empty($fcon)) {
$error = $lang_module['error_content'];
} elseif (!isset($array_rows[$fpart])) {
$error = $lang_module['error_part'];
} elseif (!nv_capcha_txt($fcode)) {
$error = $lang_module['error_captcha'];
} else {
$fcon = nv_nl2br($fcon);
$sender_id = intval(defined('NV_IS_USER') ? $user_info['userid'] : 0);
$sql = "INSERT INTO `" . NV_PREFIXLANG . "_" . $module_data . "_send` VALUES \n (NULL , " . $fpart . ", " . $db->dbescape($ftitle) . ", " . $db->dbescape($fcon) . ", \n " . NV_CURRENTTIME . ", " . $sender_id . ", " . $db->dbescape($fname) . ", " . $db->dbescape($femail) . ", \n " . $db->dbescape($fphone) . ", " . $db->dbescape($client_info['ip']) . ", 0, 0, '', 0, 0);";
$db->sql_query($sql);
$website = "<a href=\"" . $global_config['site_url'] . "\">" . $global_config['site_name'] . "</a>";
$fcon .= "<br /><br />----------------------------------------<br /><br />";
if (empty($fphone)) {
$fcon .= sprintf($lang_module['sendinfo'], $website, $fname, $femail, $client_info['ip'], $array_rows[$fpart]['full_name']);
} else {
$fcon .= sprintf($lang_module['sendinfo2'], $website, $fname, $femail, $fphone, $client_info['ip'], $array_rows[$fpart]['full_name']);
}
nv_SendMail2User($fpart, $fcon, $ftitle, $femail, $fname);
$url = NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA;
$array_register['first_name'] = nv_substr($nv_Request->get_title('first_name', 'post', '', 1), 0, 255);
$array_register['last_name'] = nv_substr($nv_Request->get_title('last_name', 'post', '', 1), 0, 255);
$array_register['username'] = $nv_Request->get_title('username', 'post', '', 1);
$array_register['password'] = $nv_Request->get_title('password', 'post', '');
$array_register['re_password'] = $nv_Request->get_title('re_password', 'post', '');
$array_register['email'] = nv_strtolower(nv_substr($nv_Request->get_title('email', 'post', '', 1), 0, 100));
$array_register['question'] = $nv_Request->get_int('question', 'post', 0);
if (!isset($data_questions[$array_register['question']])) {
$array_register['question'] = 0;
}
$data_questions[$array_register['question']]['selected'] = ' selected="selected"';
$array_register['your_question'] = $nv_Request->get_title('your_question', 'post', '', 1);
$array_register['answer'] = nv_substr($nv_Request->get_title('answer', 'post', '', 1), 0, 255);
$array_register['agreecheck'] = $nv_Request->get_int('agreecheck', 'post', 0);
$nv_seccode = $nv_Request->get_title('nv_seccode', 'post', '');
$check_seccode = !$gfx_chk ? true : (nv_capcha_txt($nv_seccode) ? true : false);
$complete = '';
if (!$check_seccode) {
die(reg_result(array('status' => 'error', 'input' => 'nv_seccode', 'mess' => $lang_global['securitycodeincorrect'])));
}
if (($check_login = nv_check_username_reg($array_register['username'])) != '') {
die(reg_result(array('status' => 'error', 'input' => 'username', 'mess' => $check_login)));
}
if (($check_email = nv_check_email_reg($array_register['email'])) != '') {
die(reg_result(array('status' => 'error', 'input' => 'email', 'mess' => $check_email)));
}
if (($check_pass = nv_check_valid_pass($array_register['password'], NV_UPASSMAX, NV_UPASSMIN)) != '') {
die(reg_result(array('status' => 'error', 'input' => 'password', 'mess' => $check_pass)));
}
if ($array_register['password'] != $array_register['re_password']) {
die(reg_result(array('status' => 'error', 'input' => 're_password', 'mess' => $lang_global['passwordsincorrect'])));
/**
* openidLogin_Res1()
* Function thuc hien khi OpenID duoc nhan dien
*
* @param mixed $attribs
* @return
*/
function openidLogin_Res1($attribs)
{
global $page_title, $key_words, $mod_title, $db, $crypt, $nv_Request, $lang_module, $lang_global, $module_name, $module_info, $global_config, $gfx_chk, $nv_redirect, $op, $db_config;
$email = (isset($attribs['contact/email']) and nv_check_valid_email($attribs['contact/email']) == '') ? $attribs['contact/email'] : '';
if (empty($email)) {
$nv_Request->unset_request('openid_attribs', 'session');
openidLogin_Res0($lang_module['logged_in_failed']);
die;
}
$opid = $crypt->hash($attribs['id']);
$current_mode = isset($attribs['current_mode']) ? $attribs['current_mode'] : 1;
$stmt = $db->prepare('SELECT a.userid AS uid, a.email AS uemail, b.active AS uactive FROM ' . NV_USERS_GLOBALTABLE . '_openid a, ' . NV_USERS_GLOBALTABLE . ' b
WHERE a.opid= :opid
AND a.email= :email
AND a.userid=b.userid');
$stmt->bindParam(':opid', $opid, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
list($user_id, $op_email, $user_active) = $stmt->fetch(3);
if ($user_id) {
$nv_Request->unset_request('openid_attribs', 'session');
if ($op_email != $email) {
openidLogin_Res0($lang_module['not_logged_in']);
die;
}
if (!$user_active) {
openidLogin_Res0($lang_module['login_no_active']);
die;
}
if (defined('NV_IS_USER_FORUM') and file_exists(NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/set_user_login.php')) {
require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/set_user_login.php';
if (defined('NV_IS_USER_LOGIN_FORUM_OK')) {
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
} else {
$nv_redirect = NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
}
} else {
$query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid=' . $user_id;
$row = $db->query($query)->fetch();
if (!empty($row)) {
validUserLog($row, 1, $opid, $current_mode);
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
} else {
$nv_redirect = NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
}
}
Header('Location: ' . nv_url_rewrite($nv_redirect, true));
die;
}
$stmt = $db->prepare('SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE email= :email');
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
$nv_row = $stmt->fetch();
if (!empty($nv_row)) {
$login_allowed = false;
if (empty($nv_row['password'])) {
$nv_Request->unset_request('openid_attribs', 'session');
$login_allowed = true;
}
if ($nv_Request->isset_request('openid_account_confirm', 'post')) {
$password = $nv_Request->get_string('password', 'post', '');
$nv_seccode = $nv_Request->get_title('nv_seccode', 'post', '');
$nv_seccode = !$gfx_chk ? 1 : (nv_capcha_txt($nv_seccode) ? 1 : 0);
$nv_Request->unset_request('openid_attribs', 'session');
if (defined('NV_IS_USER_FORUM') and file_exists(NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php')) {
$nv_username = $nv_row['username'];
$nv_password = $password;
require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php';
if (empty($error)) {
$login_allowed = true;
} else {
openidLogin_Res0($lang_module['openid_confirm_failed']);
die;
}
} else {
if ($crypt->validate_password($password, $nv_row['password']) and $nv_seccode) {
$login_allowed = true;
} else {
openidLogin_Res0($lang_module['openid_confirm_failed']);
die;
}
}
}
if ($login_allowed) {
$stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . intval($nv_row['userid']) . ', :server, :opid, :email )');
$stmt->bindParam(':server', $attribs['server'], PDO::PARAM_STR);
$stmt->bindParam(':opid', $opid, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
if (intval($nv_row['active']) != 1) {
openidLogin_Res0($lang_module['login_no_active']);
} else {
validUserLog($nv_row, 1, $opid, $current_mode);
Header('Location: ' . nv_url_rewrite(NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name, true));
}
die;
}
$page_title = $lang_module['openid_login'];
$key_words = $module_info['keywords'];
$mod_title = $lang_module['openid_login'];
$lang_module['login_info'] = sprintf($lang_module['openid_confirm_info'], $email);
$contents = openid_account_confirm($gfx_chk, $attribs);
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
exit;
}
if ($global_config['allowuserreg'] == 2 or $global_config['allowuserreg'] == 3) {
$query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . '_reg WHERE email= :email';
if ($global_config['allowuserreg'] == 2) {
$query .= ' AND regdate>' . (NV_CURRENTTIME - 86400);
}
$stmt = $db->prepare($query);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
$row = $stmt->fetch();
if (!empty($row)) {
if ($global_config['allowuserreg'] == 2) {
if ($nv_Request->isset_request('openid_active_confirm', 'post')) {
$nv_Request->unset_request('openid_attribs', 'session');
$password = $nv_Request->get_string('password', 'post', '');
$nv_seccode = $nv_Request->get_title('nv_seccode', 'post', '');
$nv_seccode = !$gfx_chk ? 1 : (nv_capcha_txt($nv_seccode) ? 1 : 0);
if ($crypt->validate_password($password, $row['password']) and $nv_seccode) {
$reg_attribs = set_reg_attribs($attribs);
$sql = "INSERT INTO " . NV_USERS_GLOBALTABLE . " (\n\t\t\t\t\t\t\tusername, md5username, password, email, first_name, last_name, gender, photo, birthday, regdate,\n\t\t\t\t\t\t\tquestion, answer, passlostkey, view_mail, remember, in_groups,\n\t\t\t\t\t\t\tactive, checknum, last_login, last_ip, last_agent, last_openid, idsite) VALUES (\n\t\t\t\t\t\t\t:username,\n\t\t\t\t\t\t\t:md5username,\n\t\t\t\t\t\t\t:password,\n\t\t\t\t\t\t\t:email,\n\t\t\t\t\t\t\t:first_name,\n\t\t\t\t\t\t\t:last_name,\n\t\t\t\t\t\t\t:gender,\n\t\t\t\t\t\t\t'', 0,\n\t\t\t\t\t\t\t:regdate,\n\t\t\t\t\t\t\t:question,\n\t\t\t\t\t\t\t:answer,\n\t\t\t\t\t\t\t'', 1, 1, '', 1, '', 0, '', '', '', " . $global_config['idsite'] . ")";
$data_insert = array();
$data_insert['username'] = $row['username'];
$data_insert['md5username'] = nv_md5safe($row['username']);
$data_insert['password'] = $row['password'];
$data_insert['email'] = $row['email'];
$data_insert['first_name'] = $row['first_name'];
$data_insert['last_name'] = $row['last_name'];
$data_insert['gender'] = $reg_attribs['gender'];
$data_insert['regdate'] = $row['regdate'];
$data_insert['question'] = $row['question'];
$data_insert['answer'] = $row['answer'];
$userid = $db->insert_id($sql, 'userid', $data_insert);
if (!$userid) {
openidLogin_Res0($lang_module['account_active_error']);
die;
}
$db->query('UPDATE ' . NV_GROUPS_GLOBALTABLE . ' SET numbers = numbers+1 WHERE group_id=4');
$stmt = $db->prepare('DELETE FROM ' . NV_USERS_GLOBALTABLE . '_reg WHERE userid= :userid');
$stmt->bindParam(':userid', $row['userid'], PDO::PARAM_STR);
$stmt->execute();
$stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . $userid . ', :server, :opid, :email )');
$stmt->bindParam(':server', $attribs['server'], PDO::PARAM_STR);
$stmt->bindParam(':opid', $opid, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
$query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid=' . $userid;
$result = $db->query($query);
$row = $result->fetch();
validUserLog($row, 1, $opid, $current_mode);
$info = $lang_module['account_active_ok'] . "<br /><br />\n";
$info .= "<img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n";
$info .= '[<a href="' . NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '">' . $lang_module['redirect_to_home'] . '</a>]';
$contents = user_info_exit($info);
$contents .= '<meta http-equiv="refresh" content="2;url=' . nv_url_rewrite(NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name, true) . '" />';
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
exit;
} else {
openidLogin_Res0($lang_module['openid_confirm_failed']);
die;
}
}
$page_title = $mod_title = $lang_module['openid_activate_account'];
$key_words = $module_info['keywords'];
$lang_module['login_info'] = sprintf($lang_module['openid_active_confirm_info'], $email);
$contents = openid_active_confirm($gfx_chk, $attribs);
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
exit;
} else {
$nv_Request->unset_request('openid_attribs', 'session');
openidLogin_Res0($lang_module['account_register_to_admin']);
die;
}
}
}
$option = $nv_Request->get_int('option', 'get', 0);
if (!$global_config['allowuserreg']) {
$option = 3;
}
$contents = '';
$page_title = $lang_module['openid_login'];
if ($option == 3) {
$error = '';
if ($nv_Request->isset_request('nv_login', 'post')) {
$nv_username = $nv_Request->get_title('nv_login', 'post', '', 1);
$nv_password = $nv_Request->get_title('nv_password', 'post', '');
$nv_seccode = $nv_Request->get_title('nv_seccode', 'post', '');
$check_seccode = !$gfx_chk ? true : (nv_capcha_txt($nv_seccode) ? true : false);
if (!$check_seccode) {
$error = $lang_global['securitycodeincorrect'];
} elseif (empty($nv_username)) {
$error = $lang_global['username_empty'];
} elseif (empty($nv_password)) {
$error = $lang_global['password_empty'];
} else {
if (defined('NV_IS_USER_FORUM')) {
require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php';
} else {
$error = $lang_global['loginincorrect'];
$sql = "SELECT * FROM " . NV_USERS_GLOBALTABLE . " WHERE md5username ='******'";
$row = $db->query($sql)->fetch();
if (!empty($row)) {
if ($row['username'] == $nv_username and $crypt->validate($nv_password, $row['password'])) {
if (!$row['active']) {
$error = $lang_module['login_no_active'];
} else {
$error = '';
$stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . intval($row['userid']) . ', :server, :opid, :email )');
$stmt->bindParam(':server', $attribs['server'], PDO::PARAM_STR);
$stmt->bindParam(':opid', $opid, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
validUserLog($row, 1, $opid);
}
}
}
}
}
if (empty($error)) {
$nv_Request->unset_request('openid_attribs', 'session');
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
$info = $lang_module['login_ok'] . "<br /><br />\n";
$info .= "<img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n";
$info .= '[<a href="' . $nv_redirect . '">' . $lang_module['redirect_to_back'] . '</a>]';
$contents .= user_info_exit($info);
$contents .= '<meta http-equiv="refresh" content="2;url=' . nv_url_rewrite($nv_redirect, true) . '" />';
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
exit;
}
$array_login = array('nv_login' => $nv_username, 'nv_password' => $nv_password, 'nv_redirect' => $nv_redirect, 'login_info' => '<span style="color:#fb490b;">' . $error . '</span>');
} else {
$array_login = array('nv_login' => '', 'nv_password' => '', 'login_info' => $lang_module['openid_note1'], 'nv_redirect' => $nv_redirect);
}
$contents .= user_openid_login($gfx_chk, $array_login, $attribs);
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
exit;
} elseif ($option == 1 or $option == 2) {
$nv_Request->unset_request('openid_attribs', 'session');
$reg_attribs = set_reg_attribs($attribs);
if (empty($reg_attribs['username'])) {
openidLogin_Res0($lang_module['logged_in_failed']);
die;
}
if ($option == 2) {
// Dang nhap bang mot tai khoan do he thong tao tu dong
$sql = "INSERT INTO " . NV_USERS_GLOBALTABLE . "\n\t\t\t\t(username, md5username, password, email, first_name, last_name, gender, photo, birthday, regdate,\n\t\t\t\tquestion, answer, passlostkey, view_mail, remember, in_groups,\n\t\t\t\tactive, checknum, last_login, last_ip, last_agent, last_openid, idsite) VALUES (\n\t\t\t\t:username,\n\t\t\t\t:md5username,\n\t\t\t\t'',\n\t\t\t\t:email,\n\t\t\t\t:first_name,\n\t\t\t\t:last_name,\n\t\t\t\t:gender,\n\t\t\t\t'', 0,\n\t\t\t\t" . NV_CURRENTTIME . ",\n\t\t\t\t'', '', '', 0, 0, '', 1, '', 0, '', '', '', " . intval($global_config['idsite']) . "\n\t\t\t)";
$data_insert = array();
$data_insert['username'] = $reg_attribs['username'];
$data_insert['md5username'] = nv_md5safe($reg_attribs['username']);
$data_insert['email'] = $reg_attribs['email'];
$data_insert['first_name'] = $reg_attribs['first_name'];
$data_insert['last_name'] = $reg_attribs['last_name'];
$data_insert['gender'] = ucfirst($reg_attribs['gender'] ? $reg_attribs['gender'][0] : 'N');
$userid = $db->insert_id($sql, 'userid', $data_insert);
if (!$userid) {
openidLogin_Res0($lang_module['err_no_save_account']);
die;
}
// Cap nhat so thanh vien
$db->query('UPDATE ' . NV_GROUPS_GLOBALTABLE . ' SET numbers = numbers+1 WHERE group_id=4');
$query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid=' . $userid . ' AND active=1';
$result = $db->query($query);
$row = $result->fetch();
$result->closeCursor();
// Luu vao bang thong tin tuy chinh
$query_field = array();
$query_field['userid'] = $userid;
$result_field = $db->query('SELECT * FROM ' . NV_USERS_GLOBALTABLE . '_field ORDER BY fid ASC');
while ($row_f = $result_field->fetch()) {
$query_field[$row_f['field']] = $db->quote($row_f['default_value']);
}
$db->query('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_info (' . implode(', ', array_keys($query_field)) . ') VALUES (' . implode(', ', array_values($query_field)) . ')');
// Luu vao bang OpenID
$stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . intval($row['userid']) . ', :server, :opid , :email)');
$stmt->bindParam(':server', $reg_attribs['server'], PDO::PARAM_STR);
$stmt->bindParam(':opid', $reg_attribs['opid'], PDO::PARAM_STR);
$stmt->bindParam(':email', $reg_attribs['email'], PDO::PARAM_STR);
$stmt->execute();
validUserLog($row, 1, $reg_attribs['opid'], $current_mode);
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
Header('Location: ' . nv_url_rewrite($nv_redirect, true));
exit;
} else {
$reg_attribs = serialize($reg_attribs);
$nv_Request->set_Session('reg_attribs', $reg_attribs);
Header('Location: ' . nv_url_rewrite(NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=register&openid=1&nv_redirect=' . $nv_redirect, true));
exit;
}
}
$array_user_login = array();
if (!defined('NV_IS_USER_FORUM')) {
$array_user_login[] = array('title' => $lang_module['openid_note3'], 'link' => NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=login&server=' . $attribs['server'] . '&result=1&option=1&nv_redirect=' . $nv_redirect);
$array_user_login[] = array('title' => $lang_module['openid_note4'], 'link' => NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=login&server=' . $attribs['server'] . '&result=1&option=2&nv_redirect=' . $nv_redirect);
} else {
$array_user_login[] = array('title' => $lang_module['openid_note6'], 'link' => NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=register&nv_redirect=' . $nv_redirect);
}
$array_user_login[] = array('title' => $lang_module['openid_note5'], 'link' => NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=login&server=' . $attribs['server'] . '&result=1&option=3&nv_redirect=' . $nv_redirect);
$page_title = $lang_module['openid_login'];
$key_words = $module_info['keywords'];
$mod_title = $lang_module['openid_login'];
$contents .= user_openid_login2($attribs, $array_user_login);
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
exit;
}
}
}
} else {
$data = array();
$data['checkss'] = md5($client_info['session_id'] . $global_config['sitekey']);
$data['userField'] = nv_substr($nv_Request->get_title('userField', 'post', '', 1), 0, 100);
$data['answer'] = nv_substr($nv_Request->get_title('answer', 'post', '', 1), 0, 255);
$data['send'] = $nv_Request->get_bool('send', 'post', false);
$data['nv_seccode'] = $nv_Request->get_title('nv_seccode', 'post', '');
$data['nv_redirect'] = $nv_Request->get_title('nv_redirect', 'get, post', '');
$checkss = $nv_Request->get_title('checkss', 'post', '');
$seccode = $nv_Request->get_string('lostpass_seccode', 'session', '');
$step = 1;
$error = $question = '';
if ($checkss == $data['checkss']) {
if (!empty($seccode) and md5($data['nv_seccode']) == $seccode or nv_capcha_txt($data['nv_seccode'])) {
if (!empty($data['userField'])) {
$check_email = nv_check_valid_email($data['userField']);
if (empty($check_email)) {
$sql = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE email= :userField AND active=1';
$userField = $data['userField'];
} else {
$sql = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE md5username=:userField AND active=1';
$userField = nv_md5safe($data['userField']);
}
$stmt = $db->prepare($sql);
$stmt->bindParam(':userField', $userField, PDO::PARAM_STR);
$stmt->execute();
$row = $stmt->fetch();
if (!empty($row)) {
$step = 2;
if (defined('NV_IS_BANNER_CLIENT')) {
die(' ');
}
if ($nv_Request->get_int('save', 'post') == '1') {
$login = strip_tags($nv_Request->get_string('login', 'post', ''));
$password = strip_tags($nv_Request->get_string('password', 'post', ''));
if ($global_config['gfx_chk']) {
$seccode = strip_tags($nv_Request->get_string('seccode', 'post', ''));
}
$check_login = nv_check_valid_login($login, NV_UNICKMAX, NV_UNICKMIN);
$check_pass = nv_check_valid_pass($password, NV_UPASSMAX, NV_UPASSMIN);
if (!empty($check_login)) {
die('action');
} elseif (!empty($check_pass)) {
die('action');
} elseif ($global_config['gfx_chk'] and !nv_capcha_txt($seccode)) {
die('action');
} else {
$stmt = $db->prepare('SELECT * FROM ' . NV_BANNERS_GLOBALTABLE . '_clients WHERE login = :login AND act=1');
$stmt->bindParam(':login', $login, PDO::PARAM_STR);
$stmt->execute();
$row = $stmt->fetch();
if (empty($row)) {
die('action');
} else {
if (!$crypt->validate_password($password, $row['pass'])) {
die('action');
} else {
$checknum = md5(nv_genpass(10));
$current_login = NV_CURRENTTIME;
$id = intval($row['id']);
$name = $user_info['username'];
$email = $user_info['email'];
} elseif (defined('NV_IS_ADMIN')) {
$userid = $admin_info['userid'];
$name = $admin_info['username'];
$email = $admin_info['email'];
$status = 1;
} else {
$userid = 0;
$name = filter_text_input('name', 'post', '', 1);
$email = filter_text_input('email', 'post', '');
}
$contents = "";
if ($module_config[$module_name]['activecomm'] and $id > 0 and $checkss == md5($id . session_id() . $global_config['sitekey']) and $name != "" and nv_check_valid_email($email) == "" and $code != "" and $content != "") {
$timeout = $nv_Request->get_int($module_name . '_' . $op . '_' . $id, 'cookie', 0);
if (!nv_capcha_txt($code)) {
$contents = "ERR_" . $lang_global['securitycodeincorrect'];
} elseif ($timeout == 0 or NV_CURRENTTIME - $timeout > $difftimeout) {
$query = $db->sql_query("SELECT listcatid, allowed_comm FROM `" . NV_PREFIXLANG . "_" . $module_data . "_rows` WHERE `id` = " . $id . " AND `status`=1 AND `publtime` < " . NV_CURRENTTIME . " AND (`exptime`=0 OR `exptime`>" . NV_CURRENTTIME . ")");
$row = $db->sql_fetchrow($query);
if (isset($row['allowed_comm']) and ($row['allowed_comm'] == 1 or $row['allowed_comm'] == 2 and defined('NV_IS_USER'))) {
$array_catid = explode(",", $row['listcatid']);
$sql = "INSERT INTO `" . NV_PREFIXLANG . "_" . $module_data . "_comments` (`cid`, `id`, `content`, `post_time`, `userid`, `post_name`, `post_email`, `post_ip`, `status`) VALUES (NULL, " . $id . "," . $db->dbescape($content) . ", UNIX_TIMESTAMP(), " . $userid . ", " . $db->dbescape($name) . ", " . $db->dbescape($email) . ", " . $db->dbescape(NV_CLIENT_IP) . ", " . $status . ")";
$result = $db->sql_query($sql);
if ($result) {
$page = 0;
list($numf) = $db->sql_fetchrow($db->sql_query("SELECT COUNT(*) FROM `" . NV_PREFIXLANG . "_" . $module_data . "_comments` where `id`= '" . $id . "' AND `status`=1"));
if ($status) {
$query = "UPDATE `" . NV_PREFIXLANG . "_" . $module_data . "_rows` SET `hitscm`=" . $numf . " WHERE `id`=" . $id;
$db->sql_query($query);
foreach ($array_catid as $catid_i) {
}
}
$array['linkdirect'] = !empty($array['linkdirect']) ? implode("\n", $array['linkdirect']) : '';
}
$alias = change_alias($array['title']);
$stmt = $db->prepare('SELECT COUNT(*) FROM ' . NV_PREFIXLANG . '_' . $module_data . ' WHERE alias= :alias');
$stmt->bindParam(':alias', $alias, PDO::PARAM_STR);
$stmt->execute();
$is_exists = $stmt->fetchColumn();
if (!$is_exists) {
$stmt = $db->prepare('SELECT COUNT(*) FROM ' . NV_PREFIXLANG . '_' . $module_data . '_tmp WHERE title= :title');
$stmt->bindParam(':title', $array['title'], PDO::PARAM_STR);
$stmt->execute();
$is_exists = $stmt->fetchColumn();
}
if (!nv_capcha_txt($seccode)) {
$is_error = true;
$error = $lang_module['upload_error1'];
} elseif (empty($array['user_name'])) {
$is_error = true;
$error = $lang_module['upload_error2'];
} elseif (empty($array['title'])) {
$is_error = true;
$error = $lang_module['file_error_title'];
} elseif ($is_exists) {
$is_error = true;
$error = $lang_module['file_title_exists'];
} elseif (!$array['catid'] or !isset($list_cats[$array['catid']])) {
$is_error = true;
$error = $lang_module['file_catid_exists'];
} elseif (!empty($array['author_email']) and ($check_valid_email = nv_check_valid_email($array['author_email'])) != '') {
$name = filter_text_input('name', 'post', '', 1);
$youremail = filter_text_input('youremail', 'post', '');
}
$to_mail = $content = "";
if ($checkss == md5($id . session_id() . $global_config['sitekey']) and $allowed_send == 1) {
$link = NV_MY_DOMAIN . nv_url_rewrite(NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=" . $global_array_cat[$catid]['alias'] . "/" . $alias . "-" . $id, true);
$link = "<a href=\"{$link}\" title=\"{$title}\">{$link}</a>\n";
$nv_seccode = filter_text_input('nv_seccode', 'post', '');
$to_mail = filter_text_input('email', 'post', '');
$content = filter_text_input('content', 'post', '', 1);
$err_email = nv_check_valid_email($to_mail);
$err_youremail = nv_check_valid_email($youremail);
$err_name = "";
$message = "";
$success = "";
if ($global_config['gfx_chk'] > 0 and !nv_capcha_txt($nv_seccode)) {
$err_name = $lang_global['securitycodeincorrect'];
} elseif (empty($name)) {
$err_name = $lang_module['sendmail_err_name'];
} elseif (empty($err_email) and empty($err_youremail)) {
$subject = $lang_module['sendmail_subject'] . "{$name}";
$message .= "" . $lang_module['sendmail_welcome'] . " <strong>" . $global_config['site_name'] . "</strong> " . $lang_module['sendmail_welcome1'] . "<br /><br />" . $content . "<br /><br />" . $hometext . " <br/><br /><strong>" . $lang_module['sendmail_welcome2'] . "</strong><br />" . $link;
$from = array($name, $youremail);
$check = nv_sendmail($from, $to_mail, $subject, $message);
if ($check) {
$success = "" . $lang_module['sendmail_success'] . "<strong> " . $to_mail . "</strong>";
} else {
$success = $lang_module['sendmail_success_err'];
}
}
$result = array("err_name" => $err_name, "err_email" => $err_email, "err_yourmail" => $err_youremail, "send_success" => $success, "check" => $check);
}
$nv_redirect = '';
if ($nv_Request->isset_request('nv_redirect', 'post,get')) {
$nv_redirect = nv_get_redirect();
}
$data = array();
$data['checkss'] = NV_CHECK_SESSION;
$checkss = $nv_Request->get_title('checkss', 'post', '');
if ($checkss == $data['checkss']) {
$data['step'] = $nv_Request->get_title('step', 'post', '');
if ($data['step'] != 'step2' and $data['step'] != 'step3' and $data['step'] != 'step4') {
$data['step'] = 'step1';
}
$seccode = $nv_Request->get_string('lostpass_seccode', 'session', '');
$data['nv_seccode'] = $nv_Request->get_title('nv_seccode', 'post', '');
if (empty($data['nv_seccode']) or !empty($data['nv_seccode']) and md5($data['nv_seccode']) != $seccode and !nv_capcha_txt($data['nv_seccode'])) {
$nv_Request->set_Session('lostpass_seccode', '');
die(json_encode(array('status' => 'error', 'input' => 'nv_seccode', 'step' => 'step1', 'mess' => $lang_global['securitycodeincorrect'])));
}
$data['userField'] = nv_substr($nv_Request->get_title('userField', 'post', '', 1), 0, 100);
if (empty($data['userField'])) {
$nv_Request->set_Session('lostpass_seccode', '');
die(json_encode(array('status' => 'error', 'input' => 'userField', 'step' => 'step1', 'mess' => $lang_module['lostpass_no_info1'])));
}
$check_email = nv_check_valid_email($data['userField']);
if (empty($check_email)) {
$sql = 'SELECT * FROM ' . NV_MOD_TABLE . ' WHERE email= :userField AND active=1';
$userField = nv_strtolower($data['userField']);
} else {
$sql = 'SELECT * FROM ' . NV_MOD_TABLE . ' WHERE md5username=:userField AND active=1';
$userField = nv_md5safe($data['userField']);
exit;
}
if (!defined('NV_IS_AJAX')) {
die('Wrong URL');
}
$timeout = $nv_Request->get_int($module_data . '_' . $op . '_' . $id, 'cookie', 0);
if ($timeout == 0 or NV_CURRENTTIME - $timeout > $difftimeout) {
$sender = $nv_Request->get_string('sender', 'get,post', '');
$rating = $nv_Request->get_int('rating', 'get,post', 0);
$comment = $nv_Request->get_textarea('comment', '');
$fcode = $nv_Request->get_string('fcode', 'get,post', '');
if (empty($sender)) {
$contents = "NO_" . $lang_module['rate_empty_sender'];
} elseif (empty($rating)) {
$contents = "NO_" . $lang_module['rate_empty_rating'];
} elseif ($pro_config['review_captcha'] and !nv_capcha_txt($fcode)) {
$contents = "NO_" . $lang_module['rate_empty_captcha'];
} else {
$userid = !empty($user_info) ? $user_info['userid'] : 0;
$status = $pro_config['review_check'] ? 0 : 1;
$sth = $db->prepare('INSERT INTO ' . $db_config['prefix'] . '_' . $module_data . '_review( product_id, userid, sender, content, rating, add_time, edit_time, status) VALUES( :product_id, :userid, :sender, :content, :rating, ' . NV_CURRENTTIME . ', ' . NV_CURRENTTIME . ', ' . $status . ')');
$sth->bindParam(':product_id', $id, PDO::PARAM_STR);
$sth->bindParam(':userid', $userid, PDO::PARAM_INT);
$sth->bindParam(':sender', $sender, PDO::PARAM_STR, strlen($sender));
$sth->bindParam(':content', $comment, PDO::PARAM_STR, strlen($comment));
$sth->bindParam(':rating', $rating, PDO::PARAM_INT);
if ($sth->execute()) {
$content = array('product_id' => $id, 'content' => $comment, 'rating' => $rating, 'status' => $status);
nv_insert_notification($module_name, 'review_new', $content, 0, $userid, 1);
$nv_Cache->delMod($module_name);
$contents = "OK_" . ($pro_config['review_check'] ? $lang_module['rate_success_queue'] : $lang_module['rate_success_ok']);
$show_captcha = true;
if ($captcha == 0) {
$show_captcha = false;
} elseif ($captcha == 1 and defined('NV_IS_USER')) {
$show_captcha = false;
} elseif ($captcha == 2 and defined('NV_IS_MODADMIN')) {
if (defined('NV_IS_SPADMIN')) {
$show_captcha = false;
} else {
$adminscomm = explode(',', $module_config[$module]['adminscomm']);
if (in_array($admin_info['admin_id'], $adminscomm)) {
$show_captcha = false;
}
}
}
if ($show_captcha and !nv_capcha_txt($code)) {
$contents = 'ERR_' . $lang_global['securitycodeincorrect'];
} elseif ($timeout == 0 or NV_CURRENTTIME - $timeout > $difftimeout) {
$pid = $nv_Request->get_int('pid', 'post', 0);
try {
$stmt = $db->prepare('INSERT INTO ' . NV_PREFIXLANG . '_' . $module_data . ' (module, area, id, pid, content, post_time, userid, post_name, post_email, post_ip, status) VALUES (:module, ' . $area . ', ' . $id . ', ' . $pid . ', :content, ' . NV_CURRENTTIME . ', ' . $userid . ', :post_name, :post_email, :post_ip, ' . $status . ')');
$stmt->bindParam(':module', $module, PDO::PARAM_STR);
$stmt->bindParam(':content', $content, PDO::PARAM_STR, strlen($content));
$stmt->bindParam(':post_name', $name, PDO::PARAM_STR);
$stmt->bindParam(':post_email', $email, PDO::PARAM_STR);
$stmt->bindValue(':post_ip', NV_CLIENT_IP, PDO::PARAM_STR);
$stmt->execute();
if ($stmt->rowCount()) {
$nv_Request->set_Cookie($module_name . '_timeout', NV_CURRENTTIME);
if ($status) {
$mod_info = $site_mods[$module];
/**
* openidLogin_Res1()
* Function thuc hien khi OpenID duoc nhan dien
*
* @param mixed $attribs
* @return
*/
function openidLogin_Res1($attribs)
{
global $page_title, $key_words, $mod_title, $db, $crypt, $nv_Request, $lang_module, $lang_global, $module_name, $module_info, $global_config, $gfx_chk, $nv_redirect;
$email = (isset($attribs['contact/email']) and nv_check_valid_email($attribs['contact/email']) == "") ? $attribs['contact/email'] : "";
if (empty($email)) {
$nv_Request->unset_request('openid_attribs', 'session');
openidLogin_Res0($lang_module['logged_in_failed']);
die;
}
$opid = $crypt->hash($attribs['id']);
$query = "SELECT a.userid AS uid, a.email AS uemail, b.active AS uactive FROM `" . NV_USERS_GLOBALTABLE . "_openid` a, `" . NV_USERS_GLOBALTABLE . "` b \r\n WHERE a.opid=" . $db->dbescape($opid) . " \r\n AND a.email=" . $db->dbescape($email) . " \r\n AND a.userid=b.userid";
$result = $db->sql_query($query);
$numrows = $db->sql_numrows($result);
if ($numrows) {
list($user_id, $op_email, $user_active) = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$nv_Request->unset_request('openid_attribs', 'session');
if ($op_email != $email) {
openidLogin_Res0($lang_module['not_logged_in']);
die;
}
if (!$user_active) {
openidLogin_Res0($lang_module['login_no_active']);
die;
}
$query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`=" . $db->dbescape($user_id);
$result = $db->sql_query($query);
$row = $db->sql_fetchrow($result);
validUserLog($row, 1, $opid);
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name;
Header("Location: " . $nv_redirect);
die;
}
$query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `email`=" . $db->dbescape($email);
$result = $db->sql_query($query);
$numrows = $db->sql_numrows($result);
if ($numrows) {
$nv_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$login_allowed = false;
if (empty($nv_row['password'])) {
$nv_Request->unset_request('openid_attribs', 'session');
$login_allowed = true;
}
if ($nv_Request->isset_request('openid_account_confirm', 'post')) {
$nv_Request->unset_request('openid_attribs', 'session');
if (defined('NV_IS_USER_FORUM') and file_exists(NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php')) {
$nv_username = $nv_row['username'];
$nv_password = $password;
require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php';
if (empty($error)) {
$login_allowed = true;
} else {
openidLogin_Res0($lang_module['openid_confirm_failed']);
die;
}
} else {
$password = $nv_Request->get_string('password', 'post', '');
$nv_seccode = filter_text_input('nv_seccode', 'post', '');
$nv_seccode = !$gfx_chk ? 1 : (nv_capcha_txt($nv_seccode) ? 1 : 0);
if ($crypt->validate($password, $nv_row['password']) and $nv_seccode) {
$login_allowed = true;
} else {
openidLogin_Res0($lang_module['openid_confirm_failed']);
die;
}
}
}
if ($login_allowed) {
$sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . intval($nv_row['userid']) . ", " . $db->dbescape($attribs['id']) . ", " . $db->dbescape($opid) . ", " . $db->dbescape($email) . ")";
$db->sql_query($sql);
if (intval($nv_row['active']) != 1) {
openidLogin_Res0($lang_module['login_no_active']);
} else {
validUserLog($nv_row, 1, $opid);
Header("Location: " . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name);
}
die;
}
$page_title = $lang_module['openid_login'];
$key_words = $module_info['keywords'];
$mod_title = $lang_module['openid_login'];
$lang_module['login_info'] = sprintf($lang_module['openid_confirm_info'], $email);
$contents = openid_account_confirm($gfx_chk, $attribs);
include NV_ROOTDIR . "/includes/header.php";
echo nv_site_theme($contents);
include NV_ROOTDIR . "/includes/footer.php";
exit;
}
if ($global_config['allowuserreg'] == 2 or $global_config['allowuserreg'] == 3) {
$query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "_reg` WHERE `email`=" . $db->dbescape($email);
if ($global_config['allowuserreg'] == 2) {
$query .= " AND `regdate`>" . (NV_CURRENTTIME - 86400);
}
$result = $db->sql_query($query);
$numrows = $db->sql_numrows($result);
if ($numrows) {
if ($global_config['allowuserreg'] == 2) {
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($nv_Request->isset_request('openid_active_confirm', 'post')) {
$nv_Request->unset_request('openid_attribs', 'session');
$password = $nv_Request->get_string('password', 'post', '');
$nv_seccode = filter_text_input('nv_seccode', 'post', '');
$nv_seccode = !$gfx_chk ? 1 : (nv_capcha_txt($nv_seccode) ? 1 : 0);
if ($crypt->validate($password, $row['password']) and $nv_seccode) {
$reg_attribs = set_reg_attribs($attribs);
$sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "` (\r\n `userid`, `username`, `password`, `email`, `full_name`, `gender`, `photo`, `birthday`, `regdate`, `website`, \r\n `location`, `yim`, `telephone`, `fax`, `mobile`, `question`, `answer`, `passlostkey`, `view_mail`, `remember`, `in_groups`, \r\n `active`, `checknum`, `last_login`, `last_ip`, `last_agent`, `last_openid`) VALUES (\r\n NULL, \r\n " . $db->dbescape($row['username']) . ", \r\n " . $db->dbescape($row['password']) . ", \r\n " . $db->dbescape($row['email']) . ", \r\n " . $db->dbescape(!empty($row['full_name']) ? $row['full_name'] : $reg_attribs['full_name']) . ", \r\n " . $db->dbescape($reg_attribs['gender']) . ", \r\n '', 0, \r\n " . $db->dbescape($row['regdate']) . ", \r\n '', '', \r\n " . $db->dbescape($reg_attribs['yim']) . ", \r\n '', '', '', \r\n " . $db->dbescape($row['question']) . ", \r\n " . $db->dbescape($row['answer']) . ", \r\n '', 1, 1, '', 1, '', 0, '', '', '')";
$userid = $db->sql_query_insert_id($sql);
if (!$userid) {
openidLogin_Res0($lang_module['account_active_error']);
die;
}
$sql = "DELETE FROM `" . NV_USERS_GLOBALTABLE . "_reg` WHERE `userid`=" . $db->dbescape($row['userid']);
$db->sql_query($sql);
$sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . $userid . ", " . $db->dbescape($attribs['id']) . ", " . $db->dbescape($opid) . ", " . $db->dbescape($email) . ")";
$db->sql_query($sql);
$query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`=" . $db->dbescape($userid);
$result = $db->sql_query($query);
$row = $db->sql_fetchrow($result);
validUserLog($row, 1, $opid);
$info = $lang_module['account_active_ok'] . "<br /><br />\n";
$info .= "<img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n";
$info .= "[<a href=\"" . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "\">" . $lang_module['redirect_to_home'] . "</a>]";
$contents .= user_info_exit($info);
$contents .= "<meta http-equiv=\"refresh\" content=\"2;url=" . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "\" />";
include NV_ROOTDIR . "/includes/header.php";
echo nv_site_theme($contents);
include NV_ROOTDIR . "/includes/footer.php";
exit;
} else {
openidLogin_Res0($lang_module['openid_confirm_failed']);
die;
}
}
$page_title = $mod_title = $lang_module['openid_active_title'];
$key_words = $module_info['keywords'];
$lang_module['login_info'] = sprintf($lang_module['openid_active_confirm_info'], $email);
$contents = openid_active_confirm($gfx_chk, $attribs);
include NV_ROOTDIR . "/includes/header.php";
echo nv_site_theme($contents);
include NV_ROOTDIR . "/includes/footer.php";
exit;
} else {
$nv_Request->unset_request('openid_attribs', 'session');
openidLogin_Res0($lang_module['account_register_to_admin']);
die;
}
}
}
$option = $nv_Request->get_int('option', 'get', 0);
if (!$global_config['allowuserreg']) {
$option = 3;
}
$contents = "";
if ($option == 3) {
$error = "";
if ($nv_Request->isset_request('nv_login', 'post')) {
$nv_username = filter_text_input('nv_login', 'post', '');
$nv_password = filter_text_input('nv_password', 'post', '');
$nv_seccode = filter_text_input('nv_seccode', 'post', '');
$check_login = nv_check_valid_login($nv_username, NV_UNICKMAX, NV_UNICKMIN);
$check_pass = nv_check_valid_pass($nv_password, NV_UPASSMAX, NV_UPASSMIN);
$check_seccode = !$gfx_chk ? true : (nv_capcha_txt($nv_seccode) ? true : false);
if (!$check_seccode) {
$error = $lang_global['securitycodeincorrect'];
} elseif (!empty($check_login)) {
$error = $check_login;
} elseif (!empty($check_pass)) {
$error = $check_pass;
} else {
$sql = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `username`=" . $db->dbescape($nv_username);
$result = $db->sql_query($sql);
$numrows = $db->sql_numrows($result);
if ($numrows != 1) {
$error = $lang_global['loginincorrect'];
} else {
$row = $db->sql_fetchrow($result);
if (empty($row['password']) or !$crypt->validate($nv_password, $row['password'])) {
$error = $lang_global['loginincorrect'];
} else {
if (!$row['active']) {
$error = $lang_module['login_no_active'];
} else {
$nv_Request->unset_request('openid_attribs', 'session');
$sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . intval($row['userid']) . ", " . $db->dbescape($attribs['id']) . ", " . $db->dbescape($opid) . ", " . $db->dbescape($email) . ")";
$db->sql_query($sql);
validUserLog($row, 1, $opid);
}
}
}
}
if (empty($error)) {
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name;
$info = $lang_module['login_ok'] . "<br /><br />\n";
$info .= "<img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n";
$info .= "[<a href=\"" . $nv_redirect . "\">" . $lang_module['redirect_to_back'] . "</a>]";
$contents .= user_info_exit($info);
$contents .= "<meta http-equiv=\"refresh\" content=\"2;url=" . $nv_redirect . "\" />";
include NV_ROOTDIR . "/includes/header.php";
echo nv_site_theme($contents);
include NV_ROOTDIR . "/includes/footer.php";
exit;
}
$array_login = array("nv_login" => $nv_username, "nv_password" => $nv_password, "nv_redirect" => $nv_redirect, 'login_info' => "<span style=\"color:#fb490b;\">" . $error . "</span>");
} else {
$array_login = array("nv_login" => '', "nv_password" => '', 'login_info' => $lang_module['openid_note1'], "nv_redirect" => $nv_redirect);
}
$contents .= user_openid_login($gfx_chk, $array_login, $attribs);
include NV_ROOTDIR . "/includes/header.php";
echo nv_site_theme($contents);
include NV_ROOTDIR . "/includes/footer.php";
exit;
} elseif ($option == 1 or $option == 2) {
$nv_Request->unset_request('openid_attribs', 'session');
$reg_attribs = set_reg_attribs($attribs);
if (empty($reg_attribs['username'])) {
openidLogin_Res0($lang_module['logged_in_failed']);
die;
}
if ($option == 2) {
$sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "` \r\n (`userid`, `username`, `password`, `email`, `full_name`, `gender`, `photo`, `birthday`, \r\n `regdate`, `website`, `location`, `yim`, `telephone`, `fax`, `mobile`, `question`, `answer`, `passlostkey`, \r\n `view_mail`, `remember`, `in_groups`, `active`, `checknum`, `last_login`, `last_ip`, `last_agent`, `last_openid`) VALUES \r\n (\r\n NULL, \r\n " . $db->dbescape($reg_attribs['username']) . ", \r\n '', \r\n " . $db->dbescape($reg_attribs['email']) . ", \r\n " . $db->dbescape($reg_attribs['full_name']) . ", \r\n " . $db->dbescape(ucfirst($reg_attribs['gender'])) . ", \r\n '', 0, " . NV_CURRENTTIME . ", '', '', \r\n " . $db->dbescape($reg_attribs['yim']) . ", \r\n '', '', '', '', '', '', 0, 0, '', 1, '', 0, '', '', ''\r\n )";
$userid = $db->sql_query_insert_id($sql);
if (!$userid) {
openidLogin_Res0($lang_module['err_no_save_account']);
die;
}
$query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`=" . $userid . " AND `active`=1";
$result = $db->sql_query($query);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . intval($row['userid']) . ", " . $db->dbescape($reg_attribs['openid']) . ", " . $db->dbescape($reg_attribs['opid']) . ", " . $db->dbescape($reg_attribs['email']) . ")";
$db->sql_query($sql);
validUserLog($row, 1, $reg_attribs['opid']);
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name;
Header("Location: " . $nv_redirect);
exit;
} else {
$reg_attribs = serialize($reg_attribs);
$nv_Request->set_Session('reg_attribs', $reg_attribs);
Header("Location: " . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=register&openid=1&nv_redirect=" . $nv_redirect);
exit;
}
}
$array_user_login = array();
if (!defined('NV_IS_USER_FORUM')) {
$array_user_login[] = array("title" => $lang_module['openid_note3'], "link" => NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=login&server=" . $attribs['server'] . "&result=1&option=1&nv_redirect=" . $nv_redirect);
$array_user_login[] = array("title" => $lang_module['openid_note4'], "link" => NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=login&server=" . $attribs['server'] . "&result=1&option=2&nv_redirect=" . $nv_redirect);
} else {
$array_user_login[] = array("title" => $lang_module['openid_note6'], "link" => NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=register&nv_redirect=" . $nv_redirect);
}
$array_user_login[] = array("title" => $lang_module['openid_note5'], "link" => NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=login&server=" . $attribs['server'] . "&result=1&option=3&nv_redirect=" . $nv_redirect);
$contents .= user_openid_login2($attribs, $array_user_login);
include NV_ROOTDIR . "/includes/header.php";
echo nv_site_theme($contents);
include NV_ROOTDIR . "/includes/footer.php";
exit;
}
$fname = nv_substr($nv_Request->get_title('fname', 'post', '', 1), 0, 100);
$femail = nv_substr($nv_Request->get_title('femail', 'post', '', 1), 0, 100);
}
if (empty($fname)) {
die(json_encode(array('status' => 'error', 'input' => 'fname', 'mess' => $lang_module['error_fullname'])));
}
if (($check_valid_email = nv_check_valid_email($femail)) != '') {
die(json_encode(array('status' => 'error', 'input' => 'femail', 'mess' => $check_valid_email)));
}
if (($ftitle = nv_substr($nv_Request->get_title('ftitle', 'post', '', 1), 0, 255)) == '') {
die(json_encode(array('status' => 'error', 'input' => 'ftitle', 'mess' => $lang_module['error_title'])));
}
if (($fcon = $nv_Request->get_editor('fcon', '', NV_ALLOWED_HTML_TAGS)) == '') {
die(json_encode(array('status' => 'error', 'input' => 'fcon', 'mess' => $lang_module['error_content'])));
}
if (!nv_capcha_txt($nv_Request->get_title('fcode', 'post', ''))) {
die(json_encode(array('status' => 'error', 'input' => 'fcode', 'mess' => $lang_module['error_captcha'])));
}
$fcat = $nv_Request->get_int('fcat', 'post', 0);
if (isset($cats[$fcat])) {
$fpart = (int) $cats[$fcat][0];
$fcat = $cats[$fcat][1];
} else {
$fpart = (int) $cats[0][0];
$fcat = $cats[0][1];
}
if ($fpart == 0) {
$fpart = $dpDefault;
$fcat = '';
}
$fcon = nv_nl2br($fcon);
$array_data['temporarily_d'] = $nv_Request->get_title('district2', 'post', 0);
$array_data['temporarily_w'] = $nv_Request->get_title('ward2', 'post', 0);
$array_data['temporarily_s'] = $nv_Request->get_title('temporarily_s', 'post', '');
$count_identity_card = $db->query('SELECT COUNT(*) FROM ' . NV_PREFIXLANG . '_' . $module_data . ' WHERE identity_card=' . $db->quote($array_data['identity_card']) . ' AND id != ' . $array_data['id'])->fetchColumn();
if (empty($array_user['first_name'])) {
$error[] = $lang_module['error_first_name'];
}
if (empty($array_user['last_name'])) {
$error[] = $lang_module['error_last_name'];
}
if (empty($array_data['identity_card'])) {
$error[] = $lang_module['error_identity_card'];
} elseif ($count_identity_card > 0) {
$error[] = $lang_module['error_identity_card_exist'];
}
if (!nv_capcha_txt($array_data['fcode'])) {
$error[] = $lang_module['error_captcha'];
}
if (preg_match('/^([0-9]{1,2})\\/([0-9]{1,2})\\/([0-9]{4})$/', $nv_Request->get_string('birthday', 'post'), $m)) {
$_hour = 0;
$_min = 0;
$array_user['birthday'] = mktime($_hour, $_min, 0, $m[2], $m[1], $m[3]);
} else {
$array_user['birthday'] = 0;
}
if (preg_match('/^([0-9]{1,2})\\/([0-9]{1,2})\\/([0-9]{4})$/', $nv_Request->get_string('recent_time', 'post'), $m)) {
$_hour = 0;
$_min = 0;
$array_data['recent_time'] = mktime($_hour, $_min, 0, $m[2], $m[1], $m[3]);
} else {
$array_data['recent_time'] = 0;
