function nv_check_email_reg($email)
{
global $db, $lang_module;
$error = nv_check_valid_email($email);
if ($error != "") {
return preg_replace("/\\&(l|r)dquo\\;/", "", strip_tags($error));
}
$sql = "SELECT `content` FROM `" . NV_USERS_GLOBALTABLE . "_config` WHERE `config`='deny_email'";
$result = $db->sql_query($sql);
list($deny_email) = $db->sql_fetchrow($result);
$db->sql_freeresult();
if (!empty($deny_email) and preg_match("/" . $deny_email . "/i", $email)) {
return sprintf($lang_module['email_deny_name'], $email);
}
list($left, $right) = explode("@", $email);
$left = preg_replace("/[\\.]+/", "", $left);
$pattern = str_split($left);
$pattern = implode(".?", $pattern);
$pattern = "^" . $pattern . "@" . $right . "\$";
$sql = "SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `email` RLIKE " . $db->dbescape($pattern);
if ($db->sql_numrows($db->sql_query($sql)) != 0) {
return sprintf($lang_module['email_registered_name'], $email);
}
$sql = "SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "_reg` WHERE `email`RLIKE " . $db->dbescape($pattern);
if ($db->sql_numrows($db->sql_query($sql)) != 0) {
return sprintf($lang_module['email_registered_name'], $email);
}
$sql = "SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "_openid` WHERE `email` RLIKE " . $db->dbescape($pattern);
if ($db->sql_numrows($db->sql_query($sql)) != 0) {
return sprintf($lang_module['email_registered_name'], $email);
}
return "";
}
/**
* nv_check_email_change()
*
* @param mixed $email
* @return
*/
function nv_check_email_change($email)
{
global $db, $lang_module, $user_info;
$error = nv_check_valid_email($email);
if ($error != "") {
return $error;
}
$sql = "SELECT `content` FROM `" . NV_USERS_GLOBALTABLE . "_config` WHERE `config`='deny_email'";
$result = $db->sql_query($sql);
list($deny_email) = $db->sql_fetchrow($result);
$db->sql_freeresult();
if (!empty($deny_email) and preg_match("/" . $deny_email . "/i", $email)) {
return sprintf($lang_module['email_deny_name'], '<strong>' . $email . '</strong>');
}
$sql = "SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`!=" . $user_info['userid'] . " AND `email`=" . $db->dbescape($email);
if ($db->sql_numrows($db->sql_query($sql)) != 0) {
return sprintf($lang_module['email_registered_name'], '<strong>' . $email . '</strong>');
}
$sql = "SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "_reg` WHERE `email`=" . $db->dbescape($email);
if ($db->sql_numrows($db->sql_query($sql)) != 0) {
return sprintf($lang_module['email_registered_name'], '<strong>' . $email . '</strong>');
}
$sql = "SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "_openid` WHERE `userid`!=" . $user_info['userid'] . " AND `email`=" . $db->dbescape($email);
if ($db->sql_numrows($db->sql_query($sql)) != 0) {
return sprintf($lang_module['email_registered_name'], '<strong>' . $email . '</strong>');
}
return "";
}
/**
* nv_SendMail2User()
*
* @param mixed $cid
* @param mixed $fcontent
* @param mixed $ftitle
* @param mixed $femail
* @param mixed $full_name
* @return void
*/
function nv_SendMail2User($cid, $fcontent, $ftitle, $femail, $full_name)
{
global $db, $module_data;
$email_list = array();
$sql = "SELECT `email`, `admins` FROM `" . NV_PREFIXLANG . "_" . $module_data . "_rows` WHERE `id` =" . $cid;
$result = $db->sql_query($sql);
list($email, $admins) = $db->sql_fetchrow($result);
if (!empty($email)) {
$email_list[] = $email;
}
if (!empty($admins)) {
$admins = array_map("trim", explode(";", $admins));
$a_l = array();
foreach ($admins as $adm) {
if (preg_match("/^([0-9]+)\\/([0-1]{1})\\/([0-1]{1})\\/([0-1]{1})\$/i", $adm)) {
$adm2 = array_map("trim", explode("/", $adm));
if ($adm2[3] == 1) {
$a_l[] = intval($adm2[0]);
}
}
}
if (!empty($a_l)) {
$a_l = implode(",", $a_l);
$sql = "SELECT t2.email as admin_email FROM `" . NV_AUTHORS_GLOBALTABLE . "` AS t1 INNER JOIN `" . NV_USERS_GLOBALTABLE . "` AS t2 ON t1.admin_id = t2.userid WHERE t1.lev!=0 AND t1.is_suspend=0 AND t1.admin_id IN (" . $a_l . ")";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
if (nv_check_valid_email($row['admin_email']) == "") {
$email_list[] = $row['admin_email'];
}
}
}
}
$email_list = array_unique($email_list);
if (!empty($email_list)) {
$from = array($full_name, $femail);
foreach ($email_list as $to) {
@nv_sendmail($from, $to, $ftitle, $fcontent);
}
}
}
/**
* nv_check_email_reg()
* Ham kiem tra email kha dung
*
* @param mixed $email
* @return
*/
function nv_check_email_reg($email)
{
global $db, $db_config, $lang_module;
$error = nv_check_valid_email($email);
if ($error != '') {
return preg_replace('/\\&(l|r)dquo\\;/', '', strip_tags($error));
}
$sql = "SELECT content FROM " . NV_USERS_GLOBALTABLE . "_config WHERE config='deny_email'";
$result = $db->query($sql);
$deny_email = $result->fetchColumn();
$result->closeCursor();
if (!empty($deny_email) and preg_match('/' . $deny_email . '/i', $email)) {
return sprintf($lang_module['email_deny_name'], $email);
}
list($left, $right) = explode('@', $email);
$left = preg_replace('/[\\.]+/', '', $left);
$pattern = str_split($left);
$pattern = implode('.?', $pattern);
$pattern = '^' . $pattern . '@' . $right . '$';
$stmt = $db->prepare('SELECT userid FROM ' . NV_USERS_GLOBALTABLE . ' WHERE email RLIKE :pattern');
$stmt->bindParam(':pattern', $pattern, PDO::PARAM_STR);
$stmt->execute();
if ($stmt->fetchColumn()) {
return sprintf($lang_module['email_registered_name'], $email);
}
$stmt = $db->prepare('SELECT userid FROM ' . NV_USERS_GLOBALTABLE . '_reg WHERE email RLIKE :pattern');
$stmt->bindParam(':pattern', $pattern, PDO::PARAM_STR);
$stmt->execute();
if ($stmt->fetchColumn()) {
return sprintf($lang_module['email_registered_name'], $email);
}
$stmt = $db->prepare('SELECT userid FROM ' . NV_USERS_GLOBALTABLE . '_openid WHERE email RLIKE :pattern');
$stmt->bindParam(':pattern', $pattern, PDO::PARAM_STR);
$stmt->execute();
if ($stmt->fetchColumn()) {
return sprintf($lang_module['email_registered_name'], $email);
}
return '';
}
/**
* nv_SendMail2User()
*
* @param mixed $cid
* @param mixed $fcontent
* @param mixed $ftitle
* @param mixed $femail
* @param mixed $full_name
* @return void
*/
function nv_SendMail2User($cid, $fcontent, $ftitle, $femail, $full_name)
{
global $db, $module_data, $db_config;
$email_list = array();
$sql = 'SELECT email, admins FROM ' . NV_PREFIXLANG . '_' . $module_data . '_department WHERE id =' . $cid;
$result = $db->query($sql);
list($email, $admins) = $result->fetch(3);
if (!empty($email)) {
$email_list[] = $email;
}
if (!empty($admins)) {
$admins = array_map('trim', explode(';', $admins));
$a_l = array();
foreach ($admins as $adm) {
if (preg_match('/^([0-9]+)\\/([0-1]{1})\\/([0-1]{1})\\/([0-1]{1})$/i', $adm)) {
$adm2 = array_map('trim', explode('/', $adm));
if ($adm2[3] == 1) {
$a_l[] = intval($adm2[0]);
}
}
}
if (!empty($a_l)) {
$a_l = implode(',', $a_l);
$sql = 'SELECT t2.email as admin_email FROM ' . NV_AUTHORS_GLOBALTABLE . ' t1 INNER JOIN ' . NV_USERS_GLOBALTABLE . ' t2 ON t1.admin_id = t2.userid WHERE t1.lev!=0 AND t1.is_suspend=0 AND t1.admin_id IN (' . $a_l . ')';
$result = $db->query($sql);
while ($row = $result->fetch()) {
if (nv_check_valid_email($row['admin_email']) == '') {
$email_list[] = $row['admin_email'];
}
}
}
}
if (!empty($email_list)) {
$from = array($full_name, $femail);
$email_list = array_unique($email_list);
@nv_sendmail($from, $email_list, $ftitle, $fcontent);
}
}
} else {
$data = array();
$data['checkss'] = md5($client_info['session_id'] . $global_config['sitekey']);
$data['userField'] = nv_substr($nv_Request->get_title('userField', 'post', '', 1), 0, 100);
$data['answer'] = nv_substr($nv_Request->get_title('answer', 'post', '', 1), 0, 255);
$data['send'] = $nv_Request->get_bool('send', 'post', false);
$data['nv_seccode'] = $nv_Request->get_title('nv_seccode', 'post', '');
$data['nv_redirect'] = $nv_Request->get_title('nv_redirect', 'get, post', '');
$checkss = $nv_Request->get_title('checkss', 'post', '');
$seccode = $nv_Request->get_string('lostpass_seccode', 'session', '');
$step = 1;
$error = $question = '';
if ($checkss == $data['checkss']) {
if (!empty($seccode) and md5($data['nv_seccode']) == $seccode or nv_capcha_txt($data['nv_seccode'])) {
if (!empty($data['userField'])) {
$check_email = nv_check_valid_email($data['userField']);
if (empty($check_email)) {
$sql = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE email= :userField AND active=1';
$userField = $data['userField'];
} else {
$sql = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE md5username=:userField AND active=1';
$userField = nv_md5safe($data['userField']);
}
$stmt = $db->prepare($sql);
$stmt->bindParam(':userField', $userField, PDO::PARAM_STR);
$stmt->execute();
$row = $stmt->fetch();
if (!empty($row)) {
$step = 2;
if (empty($seccode)) {
$nv_Request->set_Session('lostpass_seccode', md5($data['nv_seccode']));
}
if (!empty($array_department[$fpart]['admins'])) {
$admins = array_filter(array_map('trim', explode(';', $array_department[$fpart]['admins'])));
$a_l = array();
foreach ($admins as $adm) {
unset($adm2);
if (preg_match('/^([0-9]+)\\/[0-1]{1}\\/[0-1]{1}\\/1$/', $adm, $adm2)) {
$a_l[] = $adm2[1];
}
}
if (!empty($a_l)) {
$a_l = implode(',', $a_l);
$sql = 'SELECT t2.email as admin_email FROM ' . NV_AUTHORS_GLOBALTABLE . ' t1 INNER JOIN ' . NV_USERS_GLOBALTABLE . ' t2 ON t1.admin_id = t2.userid WHERE t1.lev!=0 AND t1.is_suspend=0 AND t2.active=1 AND t1.admin_id IN (' . $a_l . ')';
$result = $db_slave->query($sql);
while ($row = $result->fetch()) {
if (nv_check_valid_email($row['admin_email']) == '') {
$email_list[] = $row['admin_email'];
}
}
}
}
if (!empty($email_list)) {
$from = array($fname, $femail);
$email_list = array_unique($email_list);
@nv_sendmail($from, $email_list, $ftitle, $fcon_mail);
}
// Gửi bản sao đến hộp thư người gửi
if ($fsendcopy) {
$from = array($global_config['site_name'], $global_config['site_email']);
$fcon_mail = contact_sendcontact($row_id, $fcat, $ftitle, $fname, $femail, $fphone, $fcon, $fpart, false);
@nv_sendmail($from, $femail, $ftitle, $fcon_mail);
/**
* openidLogin_Res1()
* Function thuc hien khi OpenID duoc nhan dien
*
* @param mixed $attribs
* @return
*/
function openidLogin_Res1($attribs)
{
global $page_title, $key_words, $mod_title, $db, $crypt, $nv_Request, $lang_module, $lang_global, $module_name, $module_info, $global_config, $gfx_chk, $nv_redirect, $op, $db_config;
$email = (isset($attribs['contact/email']) and nv_check_valid_email($attribs['contact/email']) == '') ? $attribs['contact/email'] : '';
if (empty($email)) {
$nv_Request->unset_request('openid_attribs', 'session');
openidLogin_Res0($lang_module['logged_in_failed']);
die;
}
$opid = $crypt->hash($attribs['id']);
$current_mode = isset($attribs['current_mode']) ? $attribs['current_mode'] : 1;
$stmt = $db->prepare('SELECT a.userid AS uid, a.email AS uemail, b.active AS uactive FROM ' . NV_USERS_GLOBALTABLE . '_openid a, ' . NV_USERS_GLOBALTABLE . ' b
WHERE a.opid= :opid
AND a.email= :email
AND a.userid=b.userid');
$stmt->bindParam(':opid', $opid, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
list($user_id, $op_email, $user_active) = $stmt->fetch(3);
if ($user_id) {
$nv_Request->unset_request('openid_attribs', 'session');
if ($op_email != $email) {
openidLogin_Res0($lang_module['not_logged_in']);
die;
}
if (!$user_active) {
openidLogin_Res0($lang_module['login_no_active']);
die;
}
if (defined('NV_IS_USER_FORUM') and file_exists(NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/set_user_login.php')) {
require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/set_user_login.php';
if (defined('NV_IS_USER_LOGIN_FORUM_OK')) {
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
} else {
$nv_redirect = NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
}
} else {
$query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid=' . $user_id;
$row = $db->query($query)->fetch();
if (!empty($row)) {
validUserLog($row, 1, $opid, $current_mode);
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
} else {
$nv_redirect = NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
}
}
Header('Location: ' . nv_url_rewrite($nv_redirect, true));
die;
}
$stmt = $db->prepare('SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE email= :email');
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
$nv_row = $stmt->fetch();
if (!empty($nv_row)) {
$login_allowed = false;
if (empty($nv_row['password'])) {
$nv_Request->unset_request('openid_attribs', 'session');
$login_allowed = true;
}
if ($nv_Request->isset_request('openid_account_confirm', 'post')) {
$password = $nv_Request->get_string('password', 'post', '');
$nv_seccode = $nv_Request->get_title('nv_seccode', 'post', '');
$nv_seccode = !$gfx_chk ? 1 : (nv_capcha_txt($nv_seccode) ? 1 : 0);
$nv_Request->unset_request('openid_attribs', 'session');
if (defined('NV_IS_USER_FORUM') and file_exists(NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php')) {
$nv_username = $nv_row['username'];
$nv_password = $password;
require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php';
if (empty($error)) {
$login_allowed = true;
} else {
openidLogin_Res0($lang_module['openid_confirm_failed']);
die;
}
} else {
if ($crypt->validate_password($password, $nv_row['password']) and $nv_seccode) {
$login_allowed = true;
} else {
openidLogin_Res0($lang_module['openid_confirm_failed']);
die;
}
}
}
if ($login_allowed) {
$stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . intval($nv_row['userid']) . ', :server, :opid, :email )');
$stmt->bindParam(':server', $attribs['server'], PDO::PARAM_STR);
$stmt->bindParam(':opid', $opid, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
if (intval($nv_row['active']) != 1) {
openidLogin_Res0($lang_module['login_no_active']);
} else {
validUserLog($nv_row, 1, $opid, $current_mode);
Header('Location: ' . nv_url_rewrite(NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name, true));
}
die;
}
$page_title = $lang_module['openid_login'];
$key_words = $module_info['keywords'];
$mod_title = $lang_module['openid_login'];
$lang_module['login_info'] = sprintf($lang_module['openid_confirm_info'], $email);
$contents = openid_account_confirm($gfx_chk, $attribs);
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
exit;
}
if ($global_config['allowuserreg'] == 2 or $global_config['allowuserreg'] == 3) {
$query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . '_reg WHERE email= :email';
if ($global_config['allowuserreg'] == 2) {
$query .= ' AND regdate>' . (NV_CURRENTTIME - 86400);
}
$stmt = $db->prepare($query);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
$row = $stmt->fetch();
if (!empty($row)) {
if ($global_config['allowuserreg'] == 2) {
if ($nv_Request->isset_request('openid_active_confirm', 'post')) {
$nv_Request->unset_request('openid_attribs', 'session');
$password = $nv_Request->get_string('password', 'post', '');
$nv_seccode = $nv_Request->get_title('nv_seccode', 'post', '');
$nv_seccode = !$gfx_chk ? 1 : (nv_capcha_txt($nv_seccode) ? 1 : 0);
if ($crypt->validate_password($password, $row['password']) and $nv_seccode) {
$reg_attribs = set_reg_attribs($attribs);
$sql = "INSERT INTO " . NV_USERS_GLOBALTABLE . " (\n\t\t\t\t\t\t\tusername, md5username, password, email, first_name, last_name, gender, photo, birthday, regdate,\n\t\t\t\t\t\t\tquestion, answer, passlostkey, view_mail, remember, in_groups,\n\t\t\t\t\t\t\tactive, checknum, last_login, last_ip, last_agent, last_openid, idsite) VALUES (\n\t\t\t\t\t\t\t:username,\n\t\t\t\t\t\t\t:md5username,\n\t\t\t\t\t\t\t:password,\n\t\t\t\t\t\t\t:email,\n\t\t\t\t\t\t\t:first_name,\n\t\t\t\t\t\t\t:last_name,\n\t\t\t\t\t\t\t:gender,\n\t\t\t\t\t\t\t'', 0,\n\t\t\t\t\t\t\t:regdate,\n\t\t\t\t\t\t\t:question,\n\t\t\t\t\t\t\t:answer,\n\t\t\t\t\t\t\t'', 1, 1, '', 1, '', 0, '', '', '', " . $global_config['idsite'] . ")";
$data_insert = array();
$data_insert['username'] = $row['username'];
$data_insert['md5username'] = nv_md5safe($row['username']);
$data_insert['password'] = $row['password'];
$data_insert['email'] = $row['email'];
$data_insert['first_name'] = $row['first_name'];
$data_insert['last_name'] = $row['last_name'];
$data_insert['gender'] = $reg_attribs['gender'];
$data_insert['regdate'] = $row['regdate'];
$data_insert['question'] = $row['question'];
$data_insert['answer'] = $row['answer'];
$userid = $db->insert_id($sql, 'userid', $data_insert);
if (!$userid) {
openidLogin_Res0($lang_module['account_active_error']);
die;
}
$db->query('UPDATE ' . NV_GROUPS_GLOBALTABLE . ' SET numbers = numbers+1 WHERE group_id=4');
$stmt = $db->prepare('DELETE FROM ' . NV_USERS_GLOBALTABLE . '_reg WHERE userid= :userid');
$stmt->bindParam(':userid', $row['userid'], PDO::PARAM_STR);
$stmt->execute();
$stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . $userid . ', :server, :opid, :email )');
$stmt->bindParam(':server', $attribs['server'], PDO::PARAM_STR);
$stmt->bindParam(':opid', $opid, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
$query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid=' . $userid;
$result = $db->query($query);
$row = $result->fetch();
validUserLog($row, 1, $opid, $current_mode);
$info = $lang_module['account_active_ok'] . "<br /><br />\n";
$info .= "<img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n";
$info .= '[<a href="' . NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '">' . $lang_module['redirect_to_home'] . '</a>]';
$contents = user_info_exit($info);
$contents .= '<meta http-equiv="refresh" content="2;url=' . nv_url_rewrite(NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name, true) . '" />';
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
exit;
} else {
openidLogin_Res0($lang_module['openid_confirm_failed']);
die;
}
}
$page_title = $mod_title = $lang_module['openid_activate_account'];
$key_words = $module_info['keywords'];
$lang_module['login_info'] = sprintf($lang_module['openid_active_confirm_info'], $email);
$contents = openid_active_confirm($gfx_chk, $attribs);
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
exit;
} else {
$nv_Request->unset_request('openid_attribs', 'session');
openidLogin_Res0($lang_module['account_register_to_admin']);
die;
}
}
}
$option = $nv_Request->get_int('option', 'get', 0);
if (!$global_config['allowuserreg']) {
$option = 3;
}
$contents = '';
$page_title = $lang_module['openid_login'];
if ($option == 3) {
$error = '';
if ($nv_Request->isset_request('nv_login', 'post')) {
$nv_username = $nv_Request->get_title('nv_login', 'post', '', 1);
$nv_password = $nv_Request->get_title('nv_password', 'post', '');
$nv_seccode = $nv_Request->get_title('nv_seccode', 'post', '');
$check_seccode = !$gfx_chk ? true : (nv_capcha_txt($nv_seccode) ? true : false);
if (!$check_seccode) {
$error = $lang_global['securitycodeincorrect'];
} elseif (empty($nv_username)) {
$error = $lang_global['username_empty'];
} elseif (empty($nv_password)) {
$error = $lang_global['password_empty'];
} else {
if (defined('NV_IS_USER_FORUM')) {
require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php';
} else {
$error = $lang_global['loginincorrect'];
$sql = "SELECT * FROM " . NV_USERS_GLOBALTABLE . " WHERE md5username ='******'";
$row = $db->query($sql)->fetch();
if (!empty($row)) {
if ($row['username'] == $nv_username and $crypt->validate($nv_password, $row['password'])) {
if (!$row['active']) {
$error = $lang_module['login_no_active'];
} else {
$error = '';
$stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . intval($row['userid']) . ', :server, :opid, :email )');
$stmt->bindParam(':server', $attribs['server'], PDO::PARAM_STR);
$stmt->bindParam(':opid', $opid, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
validUserLog($row, 1, $opid);
}
}
}
}
}
if (empty($error)) {
$nv_Request->unset_request('openid_attribs', 'session');
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
$info = $lang_module['login_ok'] . "<br /><br />\n";
$info .= "<img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n";
$info .= '[<a href="' . $nv_redirect . '">' . $lang_module['redirect_to_back'] . '</a>]';
$contents .= user_info_exit($info);
$contents .= '<meta http-equiv="refresh" content="2;url=' . nv_url_rewrite($nv_redirect, true) . '" />';
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
exit;
}
$array_login = array('nv_login' => $nv_username, 'nv_password' => $nv_password, 'nv_redirect' => $nv_redirect, 'login_info' => '<span style="color:#fb490b;">' . $error . '</span>');
} else {
$array_login = array('nv_login' => '', 'nv_password' => '', 'login_info' => $lang_module['openid_note1'], 'nv_redirect' => $nv_redirect);
}
$contents .= user_openid_login($gfx_chk, $array_login, $attribs);
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
exit;
} elseif ($option == 1 or $option == 2) {
$nv_Request->unset_request('openid_attribs', 'session');
$reg_attribs = set_reg_attribs($attribs);
if (empty($reg_attribs['username'])) {
openidLogin_Res0($lang_module['logged_in_failed']);
die;
}
if ($option == 2) {
// Dang nhap bang mot tai khoan do he thong tao tu dong
$sql = "INSERT INTO " . NV_USERS_GLOBALTABLE . "\n\t\t\t\t(username, md5username, password, email, first_name, last_name, gender, photo, birthday, regdate,\n\t\t\t\tquestion, answer, passlostkey, view_mail, remember, in_groups,\n\t\t\t\tactive, checknum, last_login, last_ip, last_agent, last_openid, idsite) VALUES (\n\t\t\t\t:username,\n\t\t\t\t:md5username,\n\t\t\t\t'',\n\t\t\t\t:email,\n\t\t\t\t:first_name,\n\t\t\t\t:last_name,\n\t\t\t\t:gender,\n\t\t\t\t'', 0,\n\t\t\t\t" . NV_CURRENTTIME . ",\n\t\t\t\t'', '', '', 0, 0, '', 1, '', 0, '', '', '', " . intval($global_config['idsite']) . "\n\t\t\t)";
$data_insert = array();
$data_insert['username'] = $reg_attribs['username'];
$data_insert['md5username'] = nv_md5safe($reg_attribs['username']);
$data_insert['email'] = $reg_attribs['email'];
$data_insert['first_name'] = $reg_attribs['first_name'];
$data_insert['last_name'] = $reg_attribs['last_name'];
$data_insert['gender'] = ucfirst($reg_attribs['gender'] ? $reg_attribs['gender'][0] : 'N');
$userid = $db->insert_id($sql, 'userid', $data_insert);
if (!$userid) {
openidLogin_Res0($lang_module['err_no_save_account']);
die;
}
// Cap nhat so thanh vien
$db->query('UPDATE ' . NV_GROUPS_GLOBALTABLE . ' SET numbers = numbers+1 WHERE group_id=4');
$query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid=' . $userid . ' AND active=1';
$result = $db->query($query);
$row = $result->fetch();
$result->closeCursor();
// Luu vao bang thong tin tuy chinh
$query_field = array();
$query_field['userid'] = $userid;
$result_field = $db->query('SELECT * FROM ' . NV_USERS_GLOBALTABLE . '_field ORDER BY fid ASC');
while ($row_f = $result_field->fetch()) {
$query_field[$row_f['field']] = $db->quote($row_f['default_value']);
}
$db->query('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_info (' . implode(', ', array_keys($query_field)) . ') VALUES (' . implode(', ', array_values($query_field)) . ')');
// Luu vao bang OpenID
$stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . intval($row['userid']) . ', :server, :opid , :email)');
$stmt->bindParam(':server', $reg_attribs['server'], PDO::PARAM_STR);
$stmt->bindParam(':opid', $reg_attribs['opid'], PDO::PARAM_STR);
$stmt->bindParam(':email', $reg_attribs['email'], PDO::PARAM_STR);
$stmt->execute();
validUserLog($row, 1, $reg_attribs['opid'], $current_mode);
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name;
Header('Location: ' . nv_url_rewrite($nv_redirect, true));
exit;
} else {
$reg_attribs = serialize($reg_attribs);
$nv_Request->set_Session('reg_attribs', $reg_attribs);
Header('Location: ' . nv_url_rewrite(NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=register&openid=1&nv_redirect=' . $nv_redirect, true));
exit;
}
}
$array_user_login = array();
if (!defined('NV_IS_USER_FORUM')) {
$array_user_login[] = array('title' => $lang_module['openid_note3'], 'link' => NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=login&server=' . $attribs['server'] . '&result=1&option=1&nv_redirect=' . $nv_redirect);
$array_user_login[] = array('title' => $lang_module['openid_note4'], 'link' => NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=login&server=' . $attribs['server'] . '&result=1&option=2&nv_redirect=' . $nv_redirect);
} else {
$array_user_login[] = array('title' => $lang_module['openid_note6'], 'link' => NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=register&nv_redirect=' . $nv_redirect);
}
$array_user_login[] = array('title' => $lang_module['openid_note5'], 'link' => NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=login&server=' . $attribs['server'] . '&result=1&option=3&nv_redirect=' . $nv_redirect);
$page_title = $lang_module['openid_login'];
$key_words = $module_info['keywords'];
$mod_title = $lang_module['openid_login'];
$contents .= user_openid_login2($attribs, $array_user_login);
include NV_ROOTDIR . '/includes/header.php';
echo nv_site_theme($contents);
include NV_ROOTDIR . '/includes/footer.php';
exit;
}
* @Copyright (C) 2014 PHAN TAN DUNG. All rights reserved
* @License GNU/GPL version 2 or any later version
* @Createdate Dec 11, 2013, 09:50:11 PM
*/
if (!defined('NV_IS_MOD_BLOG')) {
die('Stop!!!');
}
// Dang ky nhan ban tin
if ($nv_Request->isset_request('newsletters', 'post')) {
$array['email'] = nv_substr($nv_Request->get_title('newsletters', 'post', '', 1), 0, 255);
$array['checksess'] = nv_substr($nv_Request->get_title('checksess', 'post', '', 1), 0, 255);
if (empty($array['email']) or empty($array['checksess']) or $array['checksess'] != md5($global_config['sitekey'] . $client_info['session_id'])) {
die('Error Access!!!');
}
// Kiem tra email hop le
$checkEmail = nv_check_valid_email($array['email']);
if ($checkEmail != '') {
die($checkEmail);
}
// Kiem tra email da dang ky
$sql = "SELECT * FROM " . $BL->table_prefix . "_newsletters WHERE email=" . $db->quote($array['email']);
$result = $db->query($sql);
if ($result->rowCount()) {
$row = $result->fetch();
if ($row['status'] == 0) {
die(sprintf($BL->lang('newsletterIsBan'), $array['email']));
} elseif ($row['status'] == 1) {
die(sprintf($BL->lang('newsletterIsActive'), $array['email']));
} else {
if (!$db->query("DELETE FROM " . $BL->table_prefix . "_newsletters WHERE email=" . $db->quote($array['email']))) {
die('Unknow Error!!!');
$_user['answer'] = nv_substr($nv_Request->get_title('answer', 'post', '', 1), 0, 255);
$_user['first_name'] = nv_substr($nv_Request->get_title('first_name', 'post', '', 1), 0, 255);
$_user['last_name'] = nv_substr($nv_Request->get_title('last_name', 'post', '', 1), 0, 255);
$_user['gender'] = nv_substr($nv_Request->get_title('gender', 'post', '', 1), 0, 1);
$_user['photo'] = nv_substr($nv_Request->get_title('photo', 'post', '', 1), 0, 255);
$_user['view_mail'] = $nv_Request->get_int('view_mail', 'post', 0);
$_user['sig'] = $nv_Request->get_textarea('sig', '', NV_ALLOWED_HTML_TAGS);
$_user['birthday'] = $nv_Request->get_title('birthday', 'post');
$_user['in_groups'] = $nv_Request->get_typed_array('group', 'post', 'int');
$_user['delpic'] = $nv_Request->get_int('delpic', 'post', 0);
$custom_fields = $nv_Request->get_array('custom_fields', 'post');
if ($_user['username'] != $row['username'] and ($error_username = nv_check_valid_login($_user['username'], NV_UNICKMAX, NV_UNICKMIN)) != '') {
$error = $error_username;
} elseif ("'" . $_user['username'] . "'" != $db->quote($_user['username'])) {
$error = sprintf($lang_module['account_deny_name'], '<strong>' . $_user['username'] . '</strong>');
} elseif (($error_xemail = nv_check_valid_email($_user['email'])) != '') {
$error = $error_xemail;
} elseif ($db->query('SELECT userid FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid!=' . $userid . ' AND md5username='******'username'])))->fetchColumn()) {
$error = $lang_module['edit_error_username_exist'];
} elseif ($db->query('SELECT userid FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid!=' . $userid . ' AND email=' . $db->quote($_user['email']))->fetchColumn()) {
$error = $lang_module['edit_error_email_exist'];
} elseif ($db->query('SELECT userid FROM ' . NV_USERS_GLOBALTABLE . '_reg WHERE email=' . $db->quote($_user['email']))->fetchColumn()) {
$error = $lang_module['edit_error_email_exist'];
} elseif ($db->query('SELECT userid FROM ' . NV_USERS_GLOBALTABLE . '_openid WHERE userid!=' . $userid . ' AND email=' . $db->quote($_user['email']))->fetchColumn()) {
$error = $lang_module['edit_error_email_exist'];
} elseif (!empty($_user['password1']) and ($check_pass = nv_check_valid_pass($_user['password1'], NV_UPASSMAX, NV_UPASSMIN)) != '') {
$error = $check_pass;
} elseif (!empty($_user['password1']) and $_user['password1'] != $_user['password2']) {
$error = $lang_module['edit_error_password'];
} elseif (empty($_user['question'])) {
$error = $lang_module['edit_error_question'];
$array['linkdirect'] = array();
}
if (!empty($array['linkdirect'])) {
$array['linkdirect'] = array_unique($array['linkdirect']);
}
$stmt = $db->prepare('SELECT COUNT(*) FROM ' . NV_PREFIXLANG . '_' . $module_data . ' WHERE title= :title ');
$stmt->bindParam(':title', $array['title'], PDO::PARAM_STR);
$stmt->execute();
$is_exists = $stmt->fetchColumn();
if (empty($array['title'])) {
$is_error = true;
$error = $lang_module['file_error_title'];
} elseif ($is_exists) {
$is_error = true;
$error = $lang_module['file_title_exists'];
} elseif (!empty($array['author_email']) and ($check_valid_email = nv_check_valid_email($array['author_email'])) != '') {
$is_error = true;
$error = $check_valid_email;
} elseif (!empty($array['author_url']) and !nv_is_url($array['author_url'])) {
$is_error = true;
$error = $lang_module['file_error_author_url'];
} elseif (empty($array['fileupload']) and empty($array['linkdirect']) and empty($array['fileupload2'])) {
$is_error = true;
$error = $lang_module['file_error_fileupload'];
} else {
$alias = change_alias($array['title']);
$array['introtext'] = nv_nl2br($array['introtext'], '<br />');
if ($row['user_id']) {
$array['user_name'] = $row['user_name'];
}
if (!empty($array['fileupload2'])) {
$xtpl->assign('GLANG', $lang_global);
$is_read = intval($row['is_read']);
if (!$is_read) {
$db->query('UPDATE ' . NV_PREFIXLANG . '_' . $module_data . '_send SET is_read=1 WHERE id=' . $id);
$is_read = 1;
}
$admin_name = $admin_info['full_name'];
if (empty($admin_name)) {
$admin_name = $admin_info['username'];
}
$mess_content = $error = '';
if ($nv_Request->get_int('save', 'post') == '1') {
$mess_content = $nv_Request->get_editor('mess_content', '', NV_ALLOWED_HTML_TAGS);
if (strip_tags($mess_content) != '') {
$from = $db->query('SELECT email FROM ' . NV_PREFIXLANG . '_' . $module_data . '_department WHERE id=' . $row['cid'])->fetchColumn();
if (nv_check_valid_email($from) != '') {
$from = $admin_info['email'];
}
$from = array($admin_name, $from);
$subject = 'Re: ' . $row['title'];
if (nv_sendmail($from, $row['sender_email'], $subject, $mess_content)) {
$sth = $db->prepare('INSERT INTO ' . NV_PREFIXLANG . '_' . $module_data . '_reply (id, reply_content, reply_time, reply_aid) VALUES (' . $id . ', :reply_content, ' . NV_CURRENTTIME . ', ' . $admin_info['admin_id'] . ')');
$sth->bindParam(':reply_content', $mess_content, PDO::PARAM_STR, strlen($mess_content));
$sth->execute();
$db->query('UPDATE ' . NV_PREFIXLANG . '_' . $module_data . '_send SET is_reply=1 WHERE id=' . $id);
Header('Location: ' . NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=view&id=' . $id);
die;
} else {
$error = $lang_global['error_sendmail_admin'];
}
}
$array_config_global['site_keywords'] = array();
if (!empty($site_keywords)) {
foreach ($site_keywords as $keywords) {
if (!empty($keywords) and !is_numeric($keywords)) {
$array_config_global['site_keywords'][] = $keywords;
}
}
}
$array_config_global['site_keywords'] = !empty($array_config_global['site_keywords']) ? implode(", ", $array_config_global['site_keywords']) : "";
}
$array_config_global['site_email'] = filter_text_input('site_email', 'post', '', 1, 255);
if (nv_check_valid_email($array_config_global['site_email']) != '') {
$array_config_global['site_email'] = $global_config['site_email'];
}
$array_config_global['error_send_email'] = filter_text_input('error_send_email', 'post', '', 1, 255);
if (nv_check_valid_email($array_config_global['error_send_email']) != '') {
$array_config_global['error_send_email'] = $global_config['error_send_email'];
}
$array_config_global['site_phone'] = filter_text_input('site_phone', 'post', '', 1, 255);
$array_config_global['site_lang'] = filter_text_input('site_lang', 'post', '', 1, 255);
if (!in_array($array_config_global['site_lang'], $allow_sitelangs)) {
$array_config_global['site_lang'] = 'vi';
}
$array_config_global['site_timezone'] = filter_text_input('site_timezone', 'post', '', 1, 255);
$array_config_global['date_pattern'] = filter_text_input('date_pattern', 'post', '', 1, 255);
$array_config_global['time_pattern'] = filter_text_input('time_pattern', 'post', '', 1, 255);
$array_config_global['my_domains'] = filter_text_input('my_domains', 'post', '', 1, 255);
$my_domains = array(NV_SERVER_NAME);
if (!empty($array_config_global['my_domains'])) {
$array_config_global['my_domains'] = array_map("trim", explode(",", $array_config_global['my_domains']));
foreach ($array_config_global['my_domains'] as $dm) {
} elseif ($row_f['field_type'] == 'date') {
if (preg_match('/^([0-9]{1,2})\\/([0-9]{1,2})\\/([0-9]{4})$/', $value, $m)) {
$value = mktime(0, 0, 0, $m[2], $m[1], $m[3]);
if ($row_f['min_length'] > 0 and ($value < $row_f['min_length'] or $value > $row_f['max_length'])) {
die(json_encode(array('status' => 'error', 'input' => 'custom_fields[' . $row_f['field'] . ']', 'mess' => sprintf($lang_module['field_min_max_value'], $row_f['title'], date('d/m/Y', $row_f['min_length']), date('d/m/Y', $row_f['max_length'])))));
}
} else {
die(json_encode(array('status' => 'error', 'input' => 'custom_fields[' . $row_f['field'] . ']', 'mess' => sprintf($lang_module['field_match_type_error'], $row_f['title']))));
}
} elseif ($row_f['field_type'] == 'textbox') {
if ($row_f['match_type'] == 'alphanumeric') {
if (!preg_match('/^[a-zA-Z0-9\\_]+$/', $value)) {
die(json_encode(array('status' => 'error', 'input' => 'custom_fields[' . $row_f['field'] . ']', 'mess' => sprintf($lang_module['field_match_type_error'], $row_f['title']))));
}
} elseif ($row_f['match_type'] == 'email') {
if (($error = nv_check_valid_email($value)) != '') {
die(json_encode(array('status' => 'error', 'input' => 'custom_fields[' . $row_f['field'] . ']', 'mess' => $error)));
}
} elseif ($row_f['match_type'] == 'url') {
if (!nv_is_url($value)) {
die(json_encode(array('status' => 'error', 'input' => 'custom_fields[' . $row_f['field'] . ']', 'mess' => sprintf($lang_module['field_match_type_error'], $row_f['title']))));
}
} elseif ($row_f['match_type'] == 'regex') {
if (!preg_match('/' . $row_f['match_regex'] . '/', $value)) {
die(json_encode(array('status' => 'error', 'input' => 'custom_fields[' . $row_f['field'] . ']', 'mess' => sprintf($lang_module['field_match_type_error'], $row_f['title']))));
}
} elseif ($row_f['match_type'] == 'callback') {
if (function_exists($row_f['func_callback'])) {
if (!call_user_func($row_f['func_callback'], $value)) {
die(json_encode(array('status' => 'error', 'input' => 'custom_fields[' . $row_f['field'] . ']', 'mess' => sprintf($lang_module['field_match_type_error'], $row_f['title']))));
}
if (defined('NV_IS_USER')) {
$userid = $user_info['userid'];
$name = $user_info['username'];
$email = $user_info['email'];
} elseif (defined('NV_IS_ADMIN')) {
$userid = $admin_info['userid'];
$name = $admin_info['username'];
$email = $admin_info['email'];
$status = 1;
} else {
$userid = 0;
$name = filter_text_input('name', 'post', '', 1);
$email = filter_text_input('email', 'post', '');
}
$contents = "";
if ($setting['comment_' . $type] and $id > 0 and $checkss == md5($id . session_id() . $global_config['sitekey']) and $name != "" and nv_check_valid_email($email) == "" and $code != "" and $content != "") {
$timeout = $nv_Request->get_int($module_name . '_' . $op . '_' . $id, 'cookie', 0);
if (!nv_capcha_txt($code)) {
$contents = "ERR_" . $lang_global['securitycodeincorrect'];
} elseif ($timeout == 0 or NV_CURRENTTIME - $timeout > $difftimeout) {
$query = $db->sql_query("SELECT " . $scatid . " allowed_comm FROM `" . NV_PREFIXLANG . "_" . $module_data . "_" . $type . "` WHERE `" . $wid . "` = " . $id);
$row = $db->sql_fetchrow($query);
if (isset($row['allowed_comm']) and ($row['allowed_comm'] == 1 or $row['allowed_comm'] == 2 and defined('NV_IS_USER'))) {
$row['catid'] = 0;
$content = nv_nl2br($content, '<br />');
$sql = "INSERT INTO `" . NV_PREFIXLANG . "_" . $module_data . "_comment_" . $type . "` (`cid`, `level`, `cmcount`, `id`, `content`, `like`, `user_like`, `user_dislike`, `dislike`, `post_time`, `userid`, `post_name`, `post_email`, `post_ip`, `status`) VALUES (NULL, " . $db->dbescape($level) . ", 0, " . $id . "," . $db->dbescape($content) . ", 0, '', '', 0, UNIX_TIMESTAMP(), " . $userid . ", " . $db->dbescape($name) . ", " . $db->dbescape($email) . ", " . $db->dbescape(NV_CLIENT_IP) . ", " . $status . ")";
$result = $db->sql_query($sql);
if ($result) {
$query = "UPDATE `" . NV_PREFIXLANG . "_" . $module_data . "_comment_" . $type . "` SET `cmcount`=`cmcount`+1 WHERE `level`=" . $db->dbescape($plevel);
$db->sql_query($query);
$page = 0;
$post['group_type'] = $nv_Request->get_int('group_type', 'post', 0);
if (!in_array($post['group_type'], array(0, 1, 2))) {
$post['group_type'] = 0;
}
$post['siteus'] = $nv_Request->get_int('siteus', 'post', 0);
if ($post['siteus'] != 1) {
$post['siteus'] = 0;
}
$post['is_default'] = $nv_Request->get_int('is_default', 'post', 0);
if ($post['is_default'] != 1) {
$post['is_default'] = 0;
}
}
if (empty($post['id']) or $post['id'] > 9 or $post['id'] == 1 or $post['id'] == 2 or $post['id'] == 3 or $post['id'] == 4 or $post['id'] == 7) {
$post['email'] = $nv_Request->get_title('email', 'post', '', 1);
if (!empty($post['email']) and ($error_xemail = nv_check_valid_email($post['email'])) != '') {
die($error_xemail);
}
} else {
$post['email'] = '';
}
if (empty($post['id']) or $post['id'] > 9 or $post['id'] == 0 or $post['id'] == 1 or $post['id'] == 2 or $post['id'] == 3) {
//lấy thông tin cấu hình phân quyền
$post['config']['access_groups_add'] = $nv_Request->get_int('access_groups_add', 'post', 0);
$post['config']['access_groups_del'] = $nv_Request->get_int('access_groups_del', 'post', 0);
$post['config']['access_addus'] = $nv_Request->get_int('access_addus', 'post', 0);
$post['config']['access_waiting'] = $nv_Request->get_int('access_waiting', 'post', 0);
$post['config']['access_editus'] = $nv_Request->get_int('access_editus', 'post', 0);
$post['config']['access_delus'] = $nv_Request->get_int('access_delus', 'post', 0);
$post['config']['access_passus'] = $nv_Request->get_int('access_passus', 'post', 0);
$post['config'] = serialize($post['config']);
/**
* openidLogin_Res1()
* Function thuc hien khi OpenID duoc nhan dien
*
* @param mixed $attribs
* @return
*/
function openidLogin_Res1($attribs)
{
global $page_title, $key_words, $mod_title, $db, $crypt, $nv_Request, $lang_module, $lang_global, $module_name, $module_info, $global_config, $gfx_chk, $nv_redirect;
$email = (isset($attribs['contact/email']) and nv_check_valid_email($attribs['contact/email']) == "") ? $attribs['contact/email'] : "";
if (empty($email)) {
$nv_Request->unset_request('openid_attribs', 'session');
openidLogin_Res0($lang_module['logged_in_failed']);
die;
}
$opid = $crypt->hash($attribs['id']);
$query = "SELECT a.userid AS uid, a.email AS uemail, b.active AS uactive FROM `" . NV_USERS_GLOBALTABLE . "_openid` a, `" . NV_USERS_GLOBALTABLE . "` b \r\n WHERE a.opid=" . $db->dbescape($opid) . " \r\n AND a.email=" . $db->dbescape($email) . " \r\n AND a.userid=b.userid";
$result = $db->sql_query($query);
$numrows = $db->sql_numrows($result);
if ($numrows) {
list($user_id, $op_email, $user_active) = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$nv_Request->unset_request('openid_attribs', 'session');
if ($op_email != $email) {
openidLogin_Res0($lang_module['not_logged_in']);
die;
}
if (!$user_active) {
openidLogin_Res0($lang_module['login_no_active']);
die;
}
$query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`=" . $db->dbescape($user_id);
$result = $db->sql_query($query);
$row = $db->sql_fetchrow($result);
validUserLog($row, 1, $opid);
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name;
Header("Location: " . $nv_redirect);
die;
}
$query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `email`=" . $db->dbescape($email);
$result = $db->sql_query($query);
$numrows = $db->sql_numrows($result);
if ($numrows) {
$nv_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$login_allowed = false;
if (empty($nv_row['password'])) {
$nv_Request->unset_request('openid_attribs', 'session');
$login_allowed = true;
}
if ($nv_Request->isset_request('openid_account_confirm', 'post')) {
$nv_Request->unset_request('openid_attribs', 'session');
if (defined('NV_IS_USER_FORUM') and file_exists(NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php')) {
$nv_username = $nv_row['username'];
$nv_password = $password;
require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php';
if (empty($error)) {
$login_allowed = true;
} else {
openidLogin_Res0($lang_module['openid_confirm_failed']);
die;
}
} else {
$password = $nv_Request->get_string('password', 'post', '');
$nv_seccode = filter_text_input('nv_seccode', 'post', '');
$nv_seccode = !$gfx_chk ? 1 : (nv_capcha_txt($nv_seccode) ? 1 : 0);
if ($crypt->validate($password, $nv_row['password']) and $nv_seccode) {
$login_allowed = true;
} else {
openidLogin_Res0($lang_module['openid_confirm_failed']);
die;
}
}
}
if ($login_allowed) {
$sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . intval($nv_row['userid']) . ", " . $db->dbescape($attribs['id']) . ", " . $db->dbescape($opid) . ", " . $db->dbescape($email) . ")";
$db->sql_query($sql);
if (intval($nv_row['active']) != 1) {
openidLogin_Res0($lang_module['login_no_active']);
} else {
validUserLog($nv_row, 1, $opid);
Header("Location: " . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name);
}
die;
}
$page_title = $lang_module['openid_login'];
$key_words = $module_info['keywords'];
$mod_title = $lang_module['openid_login'];
$lang_module['login_info'] = sprintf($lang_module['openid_confirm_info'], $email);
$contents = openid_account_confirm($gfx_chk, $attribs);
include NV_ROOTDIR . "/includes/header.php";
echo nv_site_theme($contents);
include NV_ROOTDIR . "/includes/footer.php";
exit;
}
if ($global_config['allowuserreg'] == 2 or $global_config['allowuserreg'] == 3) {
$query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "_reg` WHERE `email`=" . $db->dbescape($email);
if ($global_config['allowuserreg'] == 2) {
$query .= " AND `regdate`>" . (NV_CURRENTTIME - 86400);
}
$result = $db->sql_query($query);
$numrows = $db->sql_numrows($result);
if ($numrows) {
if ($global_config['allowuserreg'] == 2) {
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($nv_Request->isset_request('openid_active_confirm', 'post')) {
$nv_Request->unset_request('openid_attribs', 'session');
$password = $nv_Request->get_string('password', 'post', '');
$nv_seccode = filter_text_input('nv_seccode', 'post', '');
$nv_seccode = !$gfx_chk ? 1 : (nv_capcha_txt($nv_seccode) ? 1 : 0);
if ($crypt->validate($password, $row['password']) and $nv_seccode) {
$reg_attribs = set_reg_attribs($attribs);
$sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "` (\r\n `userid`, `username`, `password`, `email`, `full_name`, `gender`, `photo`, `birthday`, `regdate`, `website`, \r\n `location`, `yim`, `telephone`, `fax`, `mobile`, `question`, `answer`, `passlostkey`, `view_mail`, `remember`, `in_groups`, \r\n `active`, `checknum`, `last_login`, `last_ip`, `last_agent`, `last_openid`) VALUES (\r\n NULL, \r\n " . $db->dbescape($row['username']) . ", \r\n " . $db->dbescape($row['password']) . ", \r\n " . $db->dbescape($row['email']) . ", \r\n " . $db->dbescape(!empty($row['full_name']) ? $row['full_name'] : $reg_attribs['full_name']) . ", \r\n " . $db->dbescape($reg_attribs['gender']) . ", \r\n '', 0, \r\n " . $db->dbescape($row['regdate']) . ", \r\n '', '', \r\n " . $db->dbescape($reg_attribs['yim']) . ", \r\n '', '', '', \r\n " . $db->dbescape($row['question']) . ", \r\n " . $db->dbescape($row['answer']) . ", \r\n '', 1, 1, '', 1, '', 0, '', '', '')";
$userid = $db->sql_query_insert_id($sql);
if (!$userid) {
openidLogin_Res0($lang_module['account_active_error']);
die;
}
$sql = "DELETE FROM `" . NV_USERS_GLOBALTABLE . "_reg` WHERE `userid`=" . $db->dbescape($row['userid']);
$db->sql_query($sql);
$sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . $userid . ", " . $db->dbescape($attribs['id']) . ", " . $db->dbescape($opid) . ", " . $db->dbescape($email) . ")";
$db->sql_query($sql);
$query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`=" . $db->dbescape($userid);
$result = $db->sql_query($query);
$row = $db->sql_fetchrow($result);
validUserLog($row, 1, $opid);
$info = $lang_module['account_active_ok'] . "<br /><br />\n";
$info .= "<img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n";
$info .= "[<a href=\"" . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "\">" . $lang_module['redirect_to_home'] . "</a>]";
$contents .= user_info_exit($info);
$contents .= "<meta http-equiv=\"refresh\" content=\"2;url=" . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "\" />";
include NV_ROOTDIR . "/includes/header.php";
echo nv_site_theme($contents);
include NV_ROOTDIR . "/includes/footer.php";
exit;
} else {
openidLogin_Res0($lang_module['openid_confirm_failed']);
die;
}
}
$page_title = $mod_title = $lang_module['openid_active_title'];
$key_words = $module_info['keywords'];
$lang_module['login_info'] = sprintf($lang_module['openid_active_confirm_info'], $email);
$contents = openid_active_confirm($gfx_chk, $attribs);
include NV_ROOTDIR . "/includes/header.php";
echo nv_site_theme($contents);
include NV_ROOTDIR . "/includes/footer.php";
exit;
} else {
$nv_Request->unset_request('openid_attribs', 'session');
openidLogin_Res0($lang_module['account_register_to_admin']);
die;
}
}
}
$option = $nv_Request->get_int('option', 'get', 0);
if (!$global_config['allowuserreg']) {
$option = 3;
}
$contents = "";
if ($option == 3) {
$error = "";
if ($nv_Request->isset_request('nv_login', 'post')) {
$nv_username = filter_text_input('nv_login', 'post', '');
$nv_password = filter_text_input('nv_password', 'post', '');
$nv_seccode = filter_text_input('nv_seccode', 'post', '');
$check_login = nv_check_valid_login($nv_username, NV_UNICKMAX, NV_UNICKMIN);
$check_pass = nv_check_valid_pass($nv_password, NV_UPASSMAX, NV_UPASSMIN);
$check_seccode = !$gfx_chk ? true : (nv_capcha_txt($nv_seccode) ? true : false);
if (!$check_seccode) {
$error = $lang_global['securitycodeincorrect'];
} elseif (!empty($check_login)) {
$error = $check_login;
} elseif (!empty($check_pass)) {
$error = $check_pass;
} else {
$sql = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `username`=" . $db->dbescape($nv_username);
$result = $db->sql_query($sql);
$numrows = $db->sql_numrows($result);
if ($numrows != 1) {
$error = $lang_global['loginincorrect'];
} else {
$row = $db->sql_fetchrow($result);
if (empty($row['password']) or !$crypt->validate($nv_password, $row['password'])) {
$error = $lang_global['loginincorrect'];
} else {
if (!$row['active']) {
$error = $lang_module['login_no_active'];
} else {
$nv_Request->unset_request('openid_attribs', 'session');
$sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . intval($row['userid']) . ", " . $db->dbescape($attribs['id']) . ", " . $db->dbescape($opid) . ", " . $db->dbescape($email) . ")";
$db->sql_query($sql);
validUserLog($row, 1, $opid);
}
}
}
}
if (empty($error)) {
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name;
$info = $lang_module['login_ok'] . "<br /><br />\n";
$info .= "<img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n";
$info .= "[<a href=\"" . $nv_redirect . "\">" . $lang_module['redirect_to_back'] . "</a>]";
$contents .= user_info_exit($info);
$contents .= "<meta http-equiv=\"refresh\" content=\"2;url=" . $nv_redirect . "\" />";
include NV_ROOTDIR . "/includes/header.php";
echo nv_site_theme($contents);
include NV_ROOTDIR . "/includes/footer.php";
exit;
}
$array_login = array("nv_login" => $nv_username, "nv_password" => $nv_password, "nv_redirect" => $nv_redirect, 'login_info' => "<span style=\"color:#fb490b;\">" . $error . "</span>");
} else {
$array_login = array("nv_login" => '', "nv_password" => '', 'login_info' => $lang_module['openid_note1'], "nv_redirect" => $nv_redirect);
}
$contents .= user_openid_login($gfx_chk, $array_login, $attribs);
include NV_ROOTDIR . "/includes/header.php";
echo nv_site_theme($contents);
include NV_ROOTDIR . "/includes/footer.php";
exit;
} elseif ($option == 1 or $option == 2) {
$nv_Request->unset_request('openid_attribs', 'session');
$reg_attribs = set_reg_attribs($attribs);
if (empty($reg_attribs['username'])) {
openidLogin_Res0($lang_module['logged_in_failed']);
die;
}
if ($option == 2) {
$sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "` \r\n (`userid`, `username`, `password`, `email`, `full_name`, `gender`, `photo`, `birthday`, \r\n `regdate`, `website`, `location`, `yim`, `telephone`, `fax`, `mobile`, `question`, `answer`, `passlostkey`, \r\n `view_mail`, `remember`, `in_groups`, `active`, `checknum`, `last_login`, `last_ip`, `last_agent`, `last_openid`) VALUES \r\n (\r\n NULL, \r\n " . $db->dbescape($reg_attribs['username']) . ", \r\n '', \r\n " . $db->dbescape($reg_attribs['email']) . ", \r\n " . $db->dbescape($reg_attribs['full_name']) . ", \r\n " . $db->dbescape(ucfirst($reg_attribs['gender'])) . ", \r\n '', 0, " . NV_CURRENTTIME . ", '', '', \r\n " . $db->dbescape($reg_attribs['yim']) . ", \r\n '', '', '', '', '', '', 0, 0, '', 1, '', 0, '', '', ''\r\n )";
$userid = $db->sql_query_insert_id($sql);
if (!$userid) {
openidLogin_Res0($lang_module['err_no_save_account']);
die;
}
$query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`=" . $userid . " AND `active`=1";
$result = $db->sql_query($query);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . intval($row['userid']) . ", " . $db->dbescape($reg_attribs['openid']) . ", " . $db->dbescape($reg_attribs['opid']) . ", " . $db->dbescape($reg_attribs['email']) . ")";
$db->sql_query($sql);
validUserLog($row, 1, $reg_attribs['opid']);
$nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name;
Header("Location: " . $nv_redirect);
exit;
} else {
$reg_attribs = serialize($reg_attribs);
$nv_Request->set_Session('reg_attribs', $reg_attribs);
Header("Location: " . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=register&openid=1&nv_redirect=" . $nv_redirect);
exit;
}
}
$array_user_login = array();
if (!defined('NV_IS_USER_FORUM')) {
$array_user_login[] = array("title" => $lang_module['openid_note3'], "link" => NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=login&server=" . $attribs['server'] . "&result=1&option=1&nv_redirect=" . $nv_redirect);
$array_user_login[] = array("title" => $lang_module['openid_note4'], "link" => NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=login&server=" . $attribs['server'] . "&result=1&option=2&nv_redirect=" . $nv_redirect);
} else {
$array_user_login[] = array("title" => $lang_module['openid_note6'], "link" => NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=register&nv_redirect=" . $nv_redirect);
}
$array_user_login[] = array("title" => $lang_module['openid_note5'], "link" => NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=login&server=" . $attribs['server'] . "&result=1&option=3&nv_redirect=" . $nv_redirect);
$contents .= user_openid_login2($attribs, $array_user_login);
include NV_ROOTDIR . "/includes/header.php";
echo nv_site_theme($contents);
include NV_ROOTDIR . "/includes/footer.php";
exit;
}
include_once NV_ROOTDIR . "/includes/class/openid.class.php";
$openid_class = new LightOpenID();
if ($nv_Request->isset_request('openid_mode', 'get')) {
$openid_mode = $nv_Request->get_string('openid_mode', 'get', '');
if ($openid_mode == "cancel") {
$nv_Request->set_Session('openid_error', 1);
header("Location: " . nv_url_rewrite(NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=openid", true));
die;
} elseif (!$openid_class->validate()) {
$nv_Request->set_Session('openid_error', 2);
header("Location: " . nv_url_rewrite(NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=openid", true));
die;
} else {
$openid = $openid_class->identity;
$attribs = $openid_class->getAttributes();
$email = (isset($attribs['contact/email']) and nv_check_valid_email($attribs['contact/email']) == "") ? $attribs['contact/email'] : "";
if (empty($openid) or empty($email)) {
$nv_Request->set_Session('openid_error', 3);
header("Location: " . nv_url_rewrite(NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=openid", true));
die;
}
$opid = $crypt->hash($openid);
$query = "SELECT COUNT(*) AS `count` FROM `" . NV_USERS_GLOBALTABLE . "_openid` WHERE `opid`=" . $db->dbescape($opid);
$result = $db->sql_query($query);
list($count) = $db->sql_fetchrow($result);
if ($count) {
$nv_Request->set_Session('openid_error', 4);
header("Location: " . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=openid");
die;
}
$query = "SELECT COUNT(*) AS `count` FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`!=" . $user_info['userid'] . " AND `email`=" . $db->dbescape($email);
}
if (empty($nv_username)) {
die(signin_result(array('status' => 'error', 'input' => 'nv_login', 'mess' => $lang_global['username_empty'])));
}
if (empty($nv_password)) {
die(signin_result(array('status' => 'error', 'input' => 'nv_password', 'mess' => $lang_global['password_empty'])));
}
if (defined('NV_IS_USER_FORUM')) {
$error = '';
require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php';
if (!empty($error)) {
die(signin_result(array('status' => 'error', 'input' => 'nv_login', 'mess' => $error)));
}
} else {
$error1 = $lang_global['loginincorrect'];
if (nv_check_valid_email($nv_username) == '') {
// Email login
$nv_username = nv_strtolower($nv_username);
$sql = "SELECT * FROM " . NV_USERS_GLOBALTABLE . " WHERE email =" . $db->quote($nv_username);
$login_email = true;
} else {
// Username login
$sql = "SELECT * FROM " . NV_USERS_GLOBALTABLE . " WHERE md5username ='******'";
$login_email = false;
}
$row = $db->query($sql)->fetch();
if (!empty($row)) {
if (($row['username'] == $nv_username and $login_email == false or $row['email'] == $nv_username and $login_email == true) and $crypt->validate_password($nv_password, $row['password'])) {
if (!$row['active']) {
$error1 = $lang_module['login_no_active'];
} else {
} elseif (defined('NV_IS_USER')) {
$name = $user_info['username'];
$youremail = $user_info['email'];
} else {
$name = filter_text_input('name', 'post', '', 1);
$youremail = filter_text_input('youremail', 'post', '');
}
$to_mail = $content = "";
if ($checkss == md5($id . session_id() . $global_config['sitekey']) and $allowed_send == 1) {
$link = NV_MY_DOMAIN . nv_url_rewrite(NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=" . $global_array_cat[$catid]['alias'] . "/" . $alias . "-" . $id, true);
$link = "<a href=\"{$link}\" title=\"{$title}\">{$link}</a>\n";
$nv_seccode = filter_text_input('nv_seccode', 'post', '');
$to_mail = filter_text_input('email', 'post', '');
$content = filter_text_input('content', 'post', '', 1);
$err_email = nv_check_valid_email($to_mail);
$err_youremail = nv_check_valid_email($youremail);
$err_name = "";
$message = "";
$success = "";
if ($global_config['gfx_chk'] > 0 and !nv_capcha_txt($nv_seccode)) {
$err_name = $lang_global['securitycodeincorrect'];
} elseif (empty($name)) {
$err_name = $lang_module['sendmail_err_name'];
} elseif (empty($err_email) and empty($err_youremail)) {
$subject = $lang_module['sendmail_subject'] . "{$name}";
$message .= "" . $lang_module['sendmail_welcome'] . " <strong>" . $global_config['site_name'] . "</strong> " . $lang_module['sendmail_welcome1'] . "<br /><br />" . $content . "<br /><br />" . $hometext . " <br/><br /><strong>" . $lang_module['sendmail_welcome2'] . "</strong><br />" . $link;
$from = array($name, $youremail);
$check = nv_sendmail($from, $to_mail, $subject, $message);
if ($check) {
$success = "" . $lang_module['sendmail_success'] . "<strong> " . $to_mail . "</strong>";
} else {
$full_name = $nv_Request->get_title('full_name', 'post', '', 1);
$alias = $nv_Request->get_title('alias', 'post', '', 1);
$phone = $nv_Request->get_title('phone', 'post', '', 1);
$fax = $nv_Request->get_title('fax', 'post', '', 1);
$email = $nv_Request->get_title('email', 'post', '', 1);
$yahoo = $nv_Request->get_title('yahoo', 'post', '', 1);
$skype = $nv_Request->get_title('skype', 'post', '', 1);
$note = $nv_Request->get_editor('note', '', NV_ALLOWED_HTML_TAGS);
$view_level = $nv_Request->get_array('view_level', 'post', array());
$reply_level = $nv_Request->get_array('reply_level', 'post', array());
$obt_level = $nv_Request->get_array('obt_level', 'post', array());
if (!empty($email)) {
$_email = array_map("trim", explode(",", $email));
$email = array();
foreach ($_email as $e) {
$check_valid_email = nv_check_valid_email($e);
if (empty($check_valid_email)) {
$email[] = $e;
}
}
$email = implode(", ", $email);
}
$admins = array();
if (!empty($view_level)) {
foreach ($view_level as $admid) {
$admins[$admid]['view_level'] = 1;
$admins[$admid]['reply_level'] = 0;
$admins[$admid]['obt_level'] = 0;
}
}
if (!empty($reply_level)) {
}
if ($array_config_global['lang_multi'] == 0) {
$array_config_global['rewrite_optional'] = $nv_Request->get_int('rewrite_optional', 'post', 0);
$array_config_global['lang_geo'] = 0;
$array_config_global['rewrite_op_mod'] = $nv_Request->get_title('rewrite_op_mod', 'post');
if (!isset($site_mods[$array_config_global['rewrite_op_mod']]) or $array_config_global['rewrite_optional'] == 0) {
$array_config_global['rewrite_op_mod'] = '';
}
} else {
$array_config_global['rewrite_optional'] = 0;
$array_config_global['lang_geo'] = $nv_Request->get_int('lang_geo', 'post', 0);
$array_config_global['rewrite_op_mod'] = '';
}
$array_config_global['error_set_logs'] = $nv_Request->get_int('error_set_logs', 'post', 0);
$error_send_email = nv_substr($nv_Request->get_title('error_send_email', 'post', '', 1), 0, 255);
if (nv_check_valid_email($error_send_email) == '') {
$array_config_global['error_send_email'] = $error_send_email;
}
$array_config_global['cdn_url'] = '';
$cdn_url = rtrim($nv_Request->get_string('cdn_url', 'post'), '/');
if (!empty($cdn_url)) {
$cdn_url = preg_replace('/^(http|https)\\:\\/\\//', '', $cdn_url);
$cdn_url = preg_replace('/^([^\\/]+)\\/*(.*)$/', '\\1', $cdn_url);
$_p = '';
if (preg_match('/(.*)\\:([0-9]+)$/', $cdn_url, $m)) {
$cdn_url = $m[1];
$_p = ':' . $m[2];
}
$cdn_url = nv_check_domain(nv_strtolower($cdn_url));
if (!empty($cdn_url)) {
$array_config_global['cdn_url'] = $cdn_url . $_p;
} elseif ($row_f['question_type'] == 'date') {
if (preg_match("/^([0-9]{1,2})\\/([0-9]{1,2})\\/([0-9]{4})\$/", $value, $m)) {
$value = mktime(0, 0, 0, $m[2], $m[1], $m[3]);
if ($value < $row_f['min_length'] or $value > $row_f['max_length']) {
$error = sprintf($lang_module['field_min_max_value'], $row_f['title'], date('d/m/Y', $row_f['min_length']), date('d/m/Y', $row_f['max_length']));
}
} else {
$error = sprintf($lang_module['field_match_type_error'], $row_f['title']);
}
} elseif ($row_f['question_type'] == 'textbox') {
if ($row_f['match_type'] == 'alphanumeric') {
if (!preg_match("/^[a-zA-Z0-9\\_]+\$/", $value)) {
$error = sprintf($lang_module['field_match_type_error'], $row_f['title']);
}
} elseif ($row_f['match_type'] == 'email') {
$error = nv_check_valid_email($value);
} elseif ($row_f['match_type'] == 'url') {
if (!nv_is_url($value)) {
$error = sprintf($lang_module['field_match_type_error'], $row_f['title']);
}
} elseif ($row_f['match_type'] == 'regex') {
if (!preg_match("/" . $row_f['match_regex'] . "/", $value)) {
$error = sprintf($lang_module['field_match_type_error'], $row_f['title']);
}
} elseif ($row_f['match_type'] == 'callback') {
if (function_exists($row_f['func_callback'])) {
if (!call_user_func($row_f['func_callback'], $value)) {
$error = sprintf($lang_module['field_match_type_error'], $row_f['title']);
}
} else {
$error = "error function not exists " . $row_f['func_callback'];
$subject = filter_text_input('subject', 'post', '', 1);
$content = filter_text_textarea('content', '', NV_ALLOWED_HTML_TAGS);
$seccode = filter_text_input('seccode', 'post', '');
$post_id = 0;
if (defined('NV_IS_USER')) {
$uname = !empty($user_info['full_name']) ? $user_info['full_name'] : $user_info['username'];
$uemail = $user_info['email'];
$post_id = $user_info['userid'];
}
if (!nv_capcha_txt($seccode)) {
$error[] = $lang_module['comment_error2'];
}
if (empty($uname) or nv_strlen($uname) < 3) {
$error[] = $lang_module['comment_error3'];
}
if (($validemail = nv_check_valid_email($uemail)) != "") {
$error[] = $validemail;
}
if (empty($subject) or nv_strlen($subject) < 3) {
$error[] = $lang_module['comment_error4'];
}
if (empty($content) or nv_strlen($content) < 3) {
$error[] = $lang_module['comment_error5'];
}
$download_config = initial_config_data();
if ($download_config['is_autocomment_allow']) {
$status = 1;
} else {
$status = 0;
}
if (!empty($error)) {
$is_read = intval($row['is_read']);
if (!$is_read) {
$sql = "UPDATE `" . NV_PREFIXLANG . "_" . $module_data . "_send` SET `is_read`=1 WHERE `id`=" . $id;
$result = $db->sql_query($sql);
$is_read = 1;
}
$admin_name = $admin_info['full_name'];
if (empty($admin_name)) {
$admin_name = $admin_info['username'];
}
$mess_content = $error = "";
if ($nv_Request->get_int('save', 'post') == '1') {
$mess_content = nv_editor_filter_textarea('mess_content', '', NV_ALLOWED_HTML_TAGS, true);
if (strip_tags($mess_content) != "") {
list($from) = $db->sql_fetchrow($db->sql_query("SELECT `email` FROM `" . NV_PREFIXLANG . "_" . $module_data . "_rows` WHERE `id`=" . $row['cid']));
if (nv_check_valid_email($from) != "") {
$from = $admin_info['email'];
}
$from = array($admin_name, $from);
$subject = "Re: " . $row['title'];
if (nv_sendmail($from, $row['sender_email'], $subject, $mess_content)) {
$sql = "UPDATE `" . NV_PREFIXLANG . "_" . $module_data . "_send` SET `is_reply`=1, `reply_content`=" . $db->dbescape($mess_content) . ", `reply_time`=" . NV_CURRENTTIME . ", `reply_aid`=" . $admin_info['admin_id'] . " WHERE `id`=" . $id;
$db->sql_query($sql);
Header("Location: " . NV_BASE_ADMINURL . "index.php?" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=view&id=" . $id);
die;
} else {
$error = $lang_global['error_sendmail_admin'];
}
}
} else {
$mess_content .= "<br /><br />----------<br />Best regards,<br /><br />" . $admin_name . "<br />";
$email_receive = filter_text_input('email_receive', 'post', '', 1, 255);
$body = filter_text_input('body', 'post', '', 1, 500);
// Kiem tra
if (empty($id)) {
die("Error access !!!");
}
if (empty($who_send)) {
die($lang_module['error_gift_send']);
}
if (empty($who_receive)) {
die($lang_module['error_gift_recieve']);
}
if (empty($email_receive)) {
die($lang_module['error_empty_email']);
}
$check_valid_email = nv_check_valid_email($email_receive);
if (!empty($check_valid_email)) {
die(str_replace(array("”", "“"), " ", strip_tags($check_valid_email)));
}
// Kiem tra thoi gian
$timeout = $nv_Request->get_int($module_name . '_gift', 'cookie', 0);
if ($timeout == 0 or NV_CURRENTTIME - $timeout > 360) {
$song = getsongbyID($id);
if (empty($song)) {
die($lang_module['err_exist_song']);
}
$nv_Request->set_Cookie($module_name . '_gift', NV_CURRENTTIME);
$sql = "INSERT INTO `" . NV_PREFIXLANG . "_" . $module_data . "_gift` VALUES ( \n\t\t\tNULL, \n\t\t\t" . $db->dbescape($who_send) . ", \n\t\t\t" . $db->dbescape($who_receive) . ", \n\t\t\t" . $db->dbescape($id) . ", \n\t\t\tUNIX_TIMESTAMP(), \n\t\t\t" . $db->dbescape($body) . ", \n\t\t\t" . $setting['auto_gift'] . " \n\t\t)";
if ($db->sql_query_insert_id($sql)) {
if ($setting['auto_gift']) {
nv_del_moduleCache($module_name);
$error = '';
define('NV_USERS_GLOBALTABLE', $db_config['prefix'] . '_users');
// Bat dau phien lam viec cua MySQL
$db = new NukeViet\Core\Database($db_config);
if (!empty($db->error)) {
$error = !empty($db->error['user_message']) ? $db->error['user_message'] : $db->error['message'];
}
$array_data['site_name'] = $nv_Request->get_title('site_name', 'post', $array_data['site_name'], 1);
$array_data['nv_login'] = nv_substr($nv_Request->get_title('nv_login', 'post', $array_data['nv_login'], 1), 0, NV_UNICKMAX);
$array_data['nv_email'] = $nv_Request->get_title('nv_email', 'post', $array_data['nv_email']);
$array_data['nv_password'] = $nv_Request->get_title('nv_password', 'post', $array_data['nv_password']);
$array_data['re_password'] = $nv_Request->get_title('re_password', 'post', $array_data['re_password']);
$array_data['lang_multi'] = (int) $nv_Request->get_bool('lang_multi', 'post', $array_data['lang_multi']);
$check_login = nv_check_valid_login($array_data['nv_login'], NV_UNICKMAX, NV_UNICKMIN);
$check_pass = nv_check_valid_pass($array_data['nv_password'], NV_UPASSMAX, NV_UPASSMIN);
$check_email = nv_check_valid_email($array_data['nv_email']);
$array_data['question'] = $nv_Request->get_title('question', 'post', $array_data['question'], 1);
$array_data['answer_question'] = $nv_Request->get_title('answer_question', 'post', $array_data['answer_question'], 1);
$global_config['site_email'] = $array_data['nv_email'];
if ($nv_Request->isset_request('nv_login,nv_password', 'post')) {
if (empty($array_data['site_name'])) {
$error = $lang_module['err_sitename'];
} elseif (!empty($check_login)) {
$error = $check_login;
} elseif ("'" . $array_data['nv_login'] . "'" != $db->quote($array_data['nv_login'])) {
$error = sprintf($lang_module['account_deny_name'], '<strong>' . $array_data['nv_login'] . '</strong>');
} elseif (!empty($check_email)) {
$error = $check_email;
} elseif (!empty($check_pass)) {
$error = $check_pass;
} elseif ($array_data['nv_password'] != $array_data['re_password']) {
} else {
$total = $total_coupons - $counpons['discount'];
}
} else {
if ($counpons['type'] == 'p') {
$total = $total - $total * $counpons['discount'] / 100;
} else {
$total = $total - $counpons['discount'];
}
}
}
$data_order['order_total'] = $total;
if (empty($data_order['order_name'])) {
$error['order_name'] = $lang_module['order_name_err'];
}
if (nv_check_valid_email($data_order['order_email']) != '') {
$error['order_email'] = $lang_module['order_email_err'];
}
if (empty($data_order['order_phone'])) {
$error['order_phone'] = $lang_module['order_phone_err'];
}
if ($data_order['order_shipping'] and empty($data_order['shipping']['ship_name'])) {
$error['order_shipping_name'] = $lang_module['order_shipping_name_err'];
}
if ($data_order['order_shipping'] and empty($data_order['shipping']['ship_phone'])) {
$error['order_shipping_phone'] = $lang_module['order_shipping_phone_err'];
}
if ($data_order['order_shipping'] and empty($data_order['shipping']['ship_address_extend'])) {
$error['order_shipping_address_extend'] = $lang_module['shipping_address_extend_empty'];
}
if ($data_order['order_shipping'] and empty($data_order['shipping']['ship_carrier_id'])) {
if (defined('NV_IS_USER')) {
$userid = $user_info['userid'];
$name = $user_info['username'];
$email = $user_info['email'];
} elseif (defined('NV_IS_ADMIN')) {
$userid = $admin_info['userid'];
$name = $admin_info['username'];
$email = $admin_info['email'];
$status = 1;
} else {
$userid = 0;
$name = filter_text_input('name', 'post', '', 1);
$email = filter_text_input('email', 'post', '');
}
$contents = "";
if ($module_config[$module_name]['activecomm'] and $id > 0 and $checkss == md5($id . session_id() . $global_config['sitekey']) and $name != "" and nv_check_valid_email($email) == "" and $code != "" and $content != "") {
$timeout = $nv_Request->get_int($module_name . '_' . $op . '_' . $id, 'cookie', 0);
if (!nv_capcha_txt($code)) {
$contents = "ERR_" . $lang_global['securitycodeincorrect'];
} elseif ($timeout == 0 or NV_CURRENTTIME - $timeout > $difftimeout) {
$query = $db->sql_query("SELECT listcatid, allowed_comm FROM `" . NV_PREFIXLANG . "_" . $module_data . "_rows` WHERE `id` = " . $id . " AND `status`=1 AND `publtime` < " . NV_CURRENTTIME . " AND (`exptime`=0 OR `exptime`>" . NV_CURRENTTIME . ")");
$row = $db->sql_fetchrow($query);
if (isset($row['allowed_comm']) and ($row['allowed_comm'] == 1 or $row['allowed_comm'] == 2 and defined('NV_IS_USER'))) {
$array_catid = explode(",", $row['listcatid']);
$sql = "INSERT INTO `" . NV_PREFIXLANG . "_" . $module_data . "_comments` (`cid`, `id`, `content`, `post_time`, `userid`, `post_name`, `post_email`, `post_ip`, `status`) VALUES (NULL, " . $id . "," . $db->dbescape($content) . ", UNIX_TIMESTAMP(), " . $userid . ", " . $db->dbescape($name) . ", " . $db->dbescape($email) . ", " . $db->dbescape(NV_CLIENT_IP) . ", " . $status . ")";
$result = $db->sql_query($sql);
if ($result) {
$page = 0;
list($numf) = $db->sql_fetchrow($db->sql_query("SELECT COUNT(*) FROM `" . NV_PREFIXLANG . "_" . $module_data . "_comments` where `id`= '" . $id . "' AND `status`=1"));
if ($status) {
$query = "UPDATE `" . NV_PREFIXLANG . "_" . $module_data . "_rows` SET `hitscm`=" . $numf . " WHERE `id`=" . $id;
if (!$is_read) {
$db->query('UPDATE ' . NV_PREFIXLANG . '_' . $module_data . '_send SET is_read=1 WHERE id=' . $id);
$is_read = 1;
}
$mess_content = $error = '';
if ($nv_Request->get_int('save', 'post') == '1') {
$mess_content = $nv_Request->get_editor('mess_content', '', NV_ALLOWED_HTML_TAGS);
if (strip_tags($mess_content) != '') {
$mail = new NukeViet\Core\Sendmail($global_config, NV_LANG_INTERFACE);
$mail->To($row['sender_email']);
$_array_email = array();
$frow = $db->query('SELECT full_name, email, admins FROM ' . NV_PREFIXLANG . '_' . $module_data . '_department WHERE id=' . $row['cid'])->fetch();
if (!empty($frow)) {
$_arr_mail = explode(',', $frow['email']);
foreach ($_arr_mail as $_email) {
if (nv_check_valid_email($_email) != '') {
$mail->addReplyTo($_email, $frow['full_name']);
$_array_email[] = $_email;
}
}
// Gửi cho các quản trị trong bộ phận
$obt_level = array();
$admins_list = $frow['admins'];
$admins_list = !empty($admins_list) ? array_map('trim', explode(';', $admins_list)) : array();
foreach ($admins_list as $l) {
$l2 = array_map('intval', explode('/', $l));
if (isset($l2[3]) and $l2[3] === 1) {
$obt_level[] = intval($l2[0]);
}
}
if (!empty($obt_level)) {
