function nv_check_email_reg($email) { global $db, $lang_module; $error = nv_check_valid_email($email); if ($error != "") { return preg_replace("/\\&(l|r)dquo\\;/", "", strip_tags($error)); } $sql = "SELECT `content` FROM `" . NV_USERS_GLOBALTABLE . "_config` WHERE `config`='deny_email'"; $result = $db->sql_query($sql); list($deny_email) = $db->sql_fetchrow($result); $db->sql_freeresult(); if (!empty($deny_email) and preg_match("/" . $deny_email . "/i", $email)) { return sprintf($lang_module['email_deny_name'], $email); } list($left, $right) = explode("@", $email); $left = preg_replace("/[\\.]+/", "", $left); $pattern = str_split($left); $pattern = implode(".?", $pattern); $pattern = "^" . $pattern . "@" . $right . "\$"; $sql = "SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `email` RLIKE " . $db->dbescape($pattern); if ($db->sql_numrows($db->sql_query($sql)) != 0) { return sprintf($lang_module['email_registered_name'], $email); } $sql = "SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "_reg` WHERE `email`RLIKE " . $db->dbescape($pattern); if ($db->sql_numrows($db->sql_query($sql)) != 0) { return sprintf($lang_module['email_registered_name'], $email); } $sql = "SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "_openid` WHERE `email` RLIKE " . $db->dbescape($pattern); if ($db->sql_numrows($db->sql_query($sql)) != 0) { return sprintf($lang_module['email_registered_name'], $email); } return ""; }
/** * nv_check_email_change() * * @param mixed $email * @return */ function nv_check_email_change($email) { global $db, $lang_module, $user_info; $error = nv_check_valid_email($email); if ($error != "") { return $error; } $sql = "SELECT `content` FROM `" . NV_USERS_GLOBALTABLE . "_config` WHERE `config`='deny_email'"; $result = $db->sql_query($sql); list($deny_email) = $db->sql_fetchrow($result); $db->sql_freeresult(); if (!empty($deny_email) and preg_match("/" . $deny_email . "/i", $email)) { return sprintf($lang_module['email_deny_name'], '<strong>' . $email . '</strong>'); } $sql = "SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`!=" . $user_info['userid'] . " AND `email`=" . $db->dbescape($email); if ($db->sql_numrows($db->sql_query($sql)) != 0) { return sprintf($lang_module['email_registered_name'], '<strong>' . $email . '</strong>'); } $sql = "SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "_reg` WHERE `email`=" . $db->dbescape($email); if ($db->sql_numrows($db->sql_query($sql)) != 0) { return sprintf($lang_module['email_registered_name'], '<strong>' . $email . '</strong>'); } $sql = "SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "_openid` WHERE `userid`!=" . $user_info['userid'] . " AND `email`=" . $db->dbescape($email); if ($db->sql_numrows($db->sql_query($sql)) != 0) { return sprintf($lang_module['email_registered_name'], '<strong>' . $email . '</strong>'); } return ""; }
/** * nv_SendMail2User() * * @param mixed $cid * @param mixed $fcontent * @param mixed $ftitle * @param mixed $femail * @param mixed $full_name * @return void */ function nv_SendMail2User($cid, $fcontent, $ftitle, $femail, $full_name) { global $db, $module_data; $email_list = array(); $sql = "SELECT `email`, `admins` FROM `" . NV_PREFIXLANG . "_" . $module_data . "_rows` WHERE `id` =" . $cid; $result = $db->sql_query($sql); list($email, $admins) = $db->sql_fetchrow($result); if (!empty($email)) { $email_list[] = $email; } if (!empty($admins)) { $admins = array_map("trim", explode(";", $admins)); $a_l = array(); foreach ($admins as $adm) { if (preg_match("/^([0-9]+)\\/([0-1]{1})\\/([0-1]{1})\\/([0-1]{1})\$/i", $adm)) { $adm2 = array_map("trim", explode("/", $adm)); if ($adm2[3] == 1) { $a_l[] = intval($adm2[0]); } } } if (!empty($a_l)) { $a_l = implode(",", $a_l); $sql = "SELECT t2.email as admin_email FROM `" . NV_AUTHORS_GLOBALTABLE . "` AS t1 INNER JOIN `" . NV_USERS_GLOBALTABLE . "` AS t2 ON t1.admin_id = t2.userid WHERE t1.lev!=0 AND t1.is_suspend=0 AND t1.admin_id IN (" . $a_l . ")"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { if (nv_check_valid_email($row['admin_email']) == "") { $email_list[] = $row['admin_email']; } } } } $email_list = array_unique($email_list); if (!empty($email_list)) { $from = array($full_name, $femail); foreach ($email_list as $to) { @nv_sendmail($from, $to, $ftitle, $fcontent); } } }
/** * nv_check_email_reg() * Ham kiem tra email kha dung * * @param mixed $email * @return */ function nv_check_email_reg($email) { global $db, $db_config, $lang_module; $error = nv_check_valid_email($email); if ($error != '') { return preg_replace('/\\&(l|r)dquo\\;/', '', strip_tags($error)); } $sql = "SELECT content FROM " . NV_USERS_GLOBALTABLE . "_config WHERE config='deny_email'"; $result = $db->query($sql); $deny_email = $result->fetchColumn(); $result->closeCursor(); if (!empty($deny_email) and preg_match('/' . $deny_email . '/i', $email)) { return sprintf($lang_module['email_deny_name'], $email); } list($left, $right) = explode('@', $email); $left = preg_replace('/[\\.]+/', '', $left); $pattern = str_split($left); $pattern = implode('.?', $pattern); $pattern = '^' . $pattern . '@' . $right . '$'; $stmt = $db->prepare('SELECT userid FROM ' . NV_USERS_GLOBALTABLE . ' WHERE email RLIKE :pattern'); $stmt->bindParam(':pattern', $pattern, PDO::PARAM_STR); $stmt->execute(); if ($stmt->fetchColumn()) { return sprintf($lang_module['email_registered_name'], $email); } $stmt = $db->prepare('SELECT userid FROM ' . NV_USERS_GLOBALTABLE . '_reg WHERE email RLIKE :pattern'); $stmt->bindParam(':pattern', $pattern, PDO::PARAM_STR); $stmt->execute(); if ($stmt->fetchColumn()) { return sprintf($lang_module['email_registered_name'], $email); } $stmt = $db->prepare('SELECT userid FROM ' . NV_USERS_GLOBALTABLE . '_openid WHERE email RLIKE :pattern'); $stmt->bindParam(':pattern', $pattern, PDO::PARAM_STR); $stmt->execute(); if ($stmt->fetchColumn()) { return sprintf($lang_module['email_registered_name'], $email); } return ''; }
/** * nv_SendMail2User() * * @param mixed $cid * @param mixed $fcontent * @param mixed $ftitle * @param mixed $femail * @param mixed $full_name * @return void */ function nv_SendMail2User($cid, $fcontent, $ftitle, $femail, $full_name) { global $db, $module_data, $db_config; $email_list = array(); $sql = 'SELECT email, admins FROM ' . NV_PREFIXLANG . '_' . $module_data . '_department WHERE id =' . $cid; $result = $db->query($sql); list($email, $admins) = $result->fetch(3); if (!empty($email)) { $email_list[] = $email; } if (!empty($admins)) { $admins = array_map('trim', explode(';', $admins)); $a_l = array(); foreach ($admins as $adm) { if (preg_match('/^([0-9]+)\\/([0-1]{1})\\/([0-1]{1})\\/([0-1]{1})$/i', $adm)) { $adm2 = array_map('trim', explode('/', $adm)); if ($adm2[3] == 1) { $a_l[] = intval($adm2[0]); } } } if (!empty($a_l)) { $a_l = implode(',', $a_l); $sql = 'SELECT t2.email as admin_email FROM ' . NV_AUTHORS_GLOBALTABLE . ' t1 INNER JOIN ' . NV_USERS_GLOBALTABLE . ' t2 ON t1.admin_id = t2.userid WHERE t1.lev!=0 AND t1.is_suspend=0 AND t1.admin_id IN (' . $a_l . ')'; $result = $db->query($sql); while ($row = $result->fetch()) { if (nv_check_valid_email($row['admin_email']) == '') { $email_list[] = $row['admin_email']; } } } } if (!empty($email_list)) { $from = array($full_name, $femail); $email_list = array_unique($email_list); @nv_sendmail($from, $email_list, $ftitle, $fcontent); } }
} else { $data = array(); $data['checkss'] = md5($client_info['session_id'] . $global_config['sitekey']); $data['userField'] = nv_substr($nv_Request->get_title('userField', 'post', '', 1), 0, 100); $data['answer'] = nv_substr($nv_Request->get_title('answer', 'post', '', 1), 0, 255); $data['send'] = $nv_Request->get_bool('send', 'post', false); $data['nv_seccode'] = $nv_Request->get_title('nv_seccode', 'post', ''); $data['nv_redirect'] = $nv_Request->get_title('nv_redirect', 'get, post', ''); $checkss = $nv_Request->get_title('checkss', 'post', ''); $seccode = $nv_Request->get_string('lostpass_seccode', 'session', ''); $step = 1; $error = $question = ''; if ($checkss == $data['checkss']) { if (!empty($seccode) and md5($data['nv_seccode']) == $seccode or nv_capcha_txt($data['nv_seccode'])) { if (!empty($data['userField'])) { $check_email = nv_check_valid_email($data['userField']); if (empty($check_email)) { $sql = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE email= :userField AND active=1'; $userField = $data['userField']; } else { $sql = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE md5username=:userField AND active=1'; $userField = nv_md5safe($data['userField']); } $stmt = $db->prepare($sql); $stmt->bindParam(':userField', $userField, PDO::PARAM_STR); $stmt->execute(); $row = $stmt->fetch(); if (!empty($row)) { $step = 2; if (empty($seccode)) { $nv_Request->set_Session('lostpass_seccode', md5($data['nv_seccode']));
} if (!empty($array_department[$fpart]['admins'])) { $admins = array_filter(array_map('trim', explode(';', $array_department[$fpart]['admins']))); $a_l = array(); foreach ($admins as $adm) { unset($adm2); if (preg_match('/^([0-9]+)\\/[0-1]{1}\\/[0-1]{1}\\/1$/', $adm, $adm2)) { $a_l[] = $adm2[1]; } } if (!empty($a_l)) { $a_l = implode(',', $a_l); $sql = 'SELECT t2.email as admin_email FROM ' . NV_AUTHORS_GLOBALTABLE . ' t1 INNER JOIN ' . NV_USERS_GLOBALTABLE . ' t2 ON t1.admin_id = t2.userid WHERE t1.lev!=0 AND t1.is_suspend=0 AND t2.active=1 AND t1.admin_id IN (' . $a_l . ')'; $result = $db_slave->query($sql); while ($row = $result->fetch()) { if (nv_check_valid_email($row['admin_email']) == '') { $email_list[] = $row['admin_email']; } } } } if (!empty($email_list)) { $from = array($fname, $femail); $email_list = array_unique($email_list); @nv_sendmail($from, $email_list, $ftitle, $fcon_mail); } // Gửi bản sao đến hộp thư người gửi if ($fsendcopy) { $from = array($global_config['site_name'], $global_config['site_email']); $fcon_mail = contact_sendcontact($row_id, $fcat, $ftitle, $fname, $femail, $fphone, $fcon, $fpart, false); @nv_sendmail($from, $femail, $ftitle, $fcon_mail);
/** * openidLogin_Res1() * Function thuc hien khi OpenID duoc nhan dien * * @param mixed $attribs * @return */ function openidLogin_Res1($attribs) { global $page_title, $key_words, $mod_title, $db, $crypt, $nv_Request, $lang_module, $lang_global, $module_name, $module_info, $global_config, $gfx_chk, $nv_redirect, $op, $db_config; $email = (isset($attribs['contact/email']) and nv_check_valid_email($attribs['contact/email']) == '') ? $attribs['contact/email'] : ''; if (empty($email)) { $nv_Request->unset_request('openid_attribs', 'session'); openidLogin_Res0($lang_module['logged_in_failed']); die; } $opid = $crypt->hash($attribs['id']); $current_mode = isset($attribs['current_mode']) ? $attribs['current_mode'] : 1; $stmt = $db->prepare('SELECT a.userid AS uid, a.email AS uemail, b.active AS uactive FROM ' . NV_USERS_GLOBALTABLE . '_openid a, ' . NV_USERS_GLOBALTABLE . ' b WHERE a.opid= :opid AND a.email= :email AND a.userid=b.userid'); $stmt->bindParam(':opid', $opid, PDO::PARAM_STR); $stmt->bindParam(':email', $email, PDO::PARAM_STR); $stmt->execute(); list($user_id, $op_email, $user_active) = $stmt->fetch(3); if ($user_id) { $nv_Request->unset_request('openid_attribs', 'session'); if ($op_email != $email) { openidLogin_Res0($lang_module['not_logged_in']); die; } if (!$user_active) { openidLogin_Res0($lang_module['login_no_active']); die; } if (defined('NV_IS_USER_FORUM') and file_exists(NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/set_user_login.php')) { require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/set_user_login.php'; if (defined('NV_IS_USER_LOGIN_FORUM_OK')) { $nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name; } else { $nv_redirect = NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name; } } else { $query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid=' . $user_id; $row = $db->query($query)->fetch(); if (!empty($row)) { validUserLog($row, 1, $opid, $current_mode); $nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name; } else { $nv_redirect = NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name; } } Header('Location: ' . nv_url_rewrite($nv_redirect, true)); die; } $stmt = $db->prepare('SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE email= :email'); $stmt->bindParam(':email', $email, PDO::PARAM_STR); $stmt->execute(); $nv_row = $stmt->fetch(); if (!empty($nv_row)) { $login_allowed = false; if (empty($nv_row['password'])) { $nv_Request->unset_request('openid_attribs', 'session'); $login_allowed = true; } if ($nv_Request->isset_request('openid_account_confirm', 'post')) { $password = $nv_Request->get_string('password', 'post', ''); $nv_seccode = $nv_Request->get_title('nv_seccode', 'post', ''); $nv_seccode = !$gfx_chk ? 1 : (nv_capcha_txt($nv_seccode) ? 1 : 0); $nv_Request->unset_request('openid_attribs', 'session'); if (defined('NV_IS_USER_FORUM') and file_exists(NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php')) { $nv_username = $nv_row['username']; $nv_password = $password; require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php'; if (empty($error)) { $login_allowed = true; } else { openidLogin_Res0($lang_module['openid_confirm_failed']); die; } } else { if ($crypt->validate_password($password, $nv_row['password']) and $nv_seccode) { $login_allowed = true; } else { openidLogin_Res0($lang_module['openid_confirm_failed']); die; } } } if ($login_allowed) { $stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . intval($nv_row['userid']) . ', :server, :opid, :email )'); $stmt->bindParam(':server', $attribs['server'], PDO::PARAM_STR); $stmt->bindParam(':opid', $opid, PDO::PARAM_STR); $stmt->bindParam(':email', $email, PDO::PARAM_STR); $stmt->execute(); if (intval($nv_row['active']) != 1) { openidLogin_Res0($lang_module['login_no_active']); } else { validUserLog($nv_row, 1, $opid, $current_mode); Header('Location: ' . nv_url_rewrite(NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name, true)); } die; } $page_title = $lang_module['openid_login']; $key_words = $module_info['keywords']; $mod_title = $lang_module['openid_login']; $lang_module['login_info'] = sprintf($lang_module['openid_confirm_info'], $email); $contents = openid_account_confirm($gfx_chk, $attribs); include NV_ROOTDIR . '/includes/header.php'; echo nv_site_theme($contents); include NV_ROOTDIR . '/includes/footer.php'; exit; } if ($global_config['allowuserreg'] == 2 or $global_config['allowuserreg'] == 3) { $query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . '_reg WHERE email= :email'; if ($global_config['allowuserreg'] == 2) { $query .= ' AND regdate>' . (NV_CURRENTTIME - 86400); } $stmt = $db->prepare($query); $stmt->bindParam(':email', $email, PDO::PARAM_STR); $stmt->execute(); $row = $stmt->fetch(); if (!empty($row)) { if ($global_config['allowuserreg'] == 2) { if ($nv_Request->isset_request('openid_active_confirm', 'post')) { $nv_Request->unset_request('openid_attribs', 'session'); $password = $nv_Request->get_string('password', 'post', ''); $nv_seccode = $nv_Request->get_title('nv_seccode', 'post', ''); $nv_seccode = !$gfx_chk ? 1 : (nv_capcha_txt($nv_seccode) ? 1 : 0); if ($crypt->validate_password($password, $row['password']) and $nv_seccode) { $reg_attribs = set_reg_attribs($attribs); $sql = "INSERT INTO " . NV_USERS_GLOBALTABLE . " (\n\t\t\t\t\t\t\tusername, md5username, password, email, first_name, last_name, gender, photo, birthday, regdate,\n\t\t\t\t\t\t\tquestion, answer, passlostkey, view_mail, remember, in_groups,\n\t\t\t\t\t\t\tactive, checknum, last_login, last_ip, last_agent, last_openid, idsite) VALUES (\n\t\t\t\t\t\t\t:username,\n\t\t\t\t\t\t\t:md5username,\n\t\t\t\t\t\t\t:password,\n\t\t\t\t\t\t\t:email,\n\t\t\t\t\t\t\t:first_name,\n\t\t\t\t\t\t\t:last_name,\n\t\t\t\t\t\t\t:gender,\n\t\t\t\t\t\t\t'', 0,\n\t\t\t\t\t\t\t:regdate,\n\t\t\t\t\t\t\t:question,\n\t\t\t\t\t\t\t:answer,\n\t\t\t\t\t\t\t'', 1, 1, '', 1, '', 0, '', '', '', " . $global_config['idsite'] . ")"; $data_insert = array(); $data_insert['username'] = $row['username']; $data_insert['md5username'] = nv_md5safe($row['username']); $data_insert['password'] = $row['password']; $data_insert['email'] = $row['email']; $data_insert['first_name'] = $row['first_name']; $data_insert['last_name'] = $row['last_name']; $data_insert['gender'] = $reg_attribs['gender']; $data_insert['regdate'] = $row['regdate']; $data_insert['question'] = $row['question']; $data_insert['answer'] = $row['answer']; $userid = $db->insert_id($sql, 'userid', $data_insert); if (!$userid) { openidLogin_Res0($lang_module['account_active_error']); die; } $db->query('UPDATE ' . NV_GROUPS_GLOBALTABLE . ' SET numbers = numbers+1 WHERE group_id=4'); $stmt = $db->prepare('DELETE FROM ' . NV_USERS_GLOBALTABLE . '_reg WHERE userid= :userid'); $stmt->bindParam(':userid', $row['userid'], PDO::PARAM_STR); $stmt->execute(); $stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . $userid . ', :server, :opid, :email )'); $stmt->bindParam(':server', $attribs['server'], PDO::PARAM_STR); $stmt->bindParam(':opid', $opid, PDO::PARAM_STR); $stmt->bindParam(':email', $email, PDO::PARAM_STR); $stmt->execute(); $query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid=' . $userid; $result = $db->query($query); $row = $result->fetch(); validUserLog($row, 1, $opid, $current_mode); $info = $lang_module['account_active_ok'] . "<br /><br />\n"; $info .= "<img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n"; $info .= '[<a href="' . NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '">' . $lang_module['redirect_to_home'] . '</a>]'; $contents = user_info_exit($info); $contents .= '<meta http-equiv="refresh" content="2;url=' . nv_url_rewrite(NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name, true) . '" />'; include NV_ROOTDIR . '/includes/header.php'; echo nv_site_theme($contents); include NV_ROOTDIR . '/includes/footer.php'; exit; } else { openidLogin_Res0($lang_module['openid_confirm_failed']); die; } } $page_title = $mod_title = $lang_module['openid_activate_account']; $key_words = $module_info['keywords']; $lang_module['login_info'] = sprintf($lang_module['openid_active_confirm_info'], $email); $contents = openid_active_confirm($gfx_chk, $attribs); include NV_ROOTDIR . '/includes/header.php'; echo nv_site_theme($contents); include NV_ROOTDIR . '/includes/footer.php'; exit; } else { $nv_Request->unset_request('openid_attribs', 'session'); openidLogin_Res0($lang_module['account_register_to_admin']); die; } } } $option = $nv_Request->get_int('option', 'get', 0); if (!$global_config['allowuserreg']) { $option = 3; } $contents = ''; $page_title = $lang_module['openid_login']; if ($option == 3) { $error = ''; if ($nv_Request->isset_request('nv_login', 'post')) { $nv_username = $nv_Request->get_title('nv_login', 'post', '', 1); $nv_password = $nv_Request->get_title('nv_password', 'post', ''); $nv_seccode = $nv_Request->get_title('nv_seccode', 'post', ''); $check_seccode = !$gfx_chk ? true : (nv_capcha_txt($nv_seccode) ? true : false); if (!$check_seccode) { $error = $lang_global['securitycodeincorrect']; } elseif (empty($nv_username)) { $error = $lang_global['username_empty']; } elseif (empty($nv_password)) { $error = $lang_global['password_empty']; } else { if (defined('NV_IS_USER_FORUM')) { require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php'; } else { $error = $lang_global['loginincorrect']; $sql = "SELECT * FROM " . NV_USERS_GLOBALTABLE . " WHERE md5username ='******'"; $row = $db->query($sql)->fetch(); if (!empty($row)) { if ($row['username'] == $nv_username and $crypt->validate($nv_password, $row['password'])) { if (!$row['active']) { $error = $lang_module['login_no_active']; } else { $error = ''; $stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . intval($row['userid']) . ', :server, :opid, :email )'); $stmt->bindParam(':server', $attribs['server'], PDO::PARAM_STR); $stmt->bindParam(':opid', $opid, PDO::PARAM_STR); $stmt->bindParam(':email', $email, PDO::PARAM_STR); $stmt->execute(); validUserLog($row, 1, $opid); } } } } } if (empty($error)) { $nv_Request->unset_request('openid_attribs', 'session'); $nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name; $info = $lang_module['login_ok'] . "<br /><br />\n"; $info .= "<img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n"; $info .= '[<a href="' . $nv_redirect . '">' . $lang_module['redirect_to_back'] . '</a>]'; $contents .= user_info_exit($info); $contents .= '<meta http-equiv="refresh" content="2;url=' . nv_url_rewrite($nv_redirect, true) . '" />'; include NV_ROOTDIR . '/includes/header.php'; echo nv_site_theme($contents); include NV_ROOTDIR . '/includes/footer.php'; exit; } $array_login = array('nv_login' => $nv_username, 'nv_password' => $nv_password, 'nv_redirect' => $nv_redirect, 'login_info' => '<span style="color:#fb490b;">' . $error . '</span>'); } else { $array_login = array('nv_login' => '', 'nv_password' => '', 'login_info' => $lang_module['openid_note1'], 'nv_redirect' => $nv_redirect); } $contents .= user_openid_login($gfx_chk, $array_login, $attribs); include NV_ROOTDIR . '/includes/header.php'; echo nv_site_theme($contents); include NV_ROOTDIR . '/includes/footer.php'; exit; } elseif ($option == 1 or $option == 2) { $nv_Request->unset_request('openid_attribs', 'session'); $reg_attribs = set_reg_attribs($attribs); if (empty($reg_attribs['username'])) { openidLogin_Res0($lang_module['logged_in_failed']); die; } if ($option == 2) { // Dang nhap bang mot tai khoan do he thong tao tu dong $sql = "INSERT INTO " . NV_USERS_GLOBALTABLE . "\n\t\t\t\t(username, md5username, password, email, first_name, last_name, gender, photo, birthday, regdate,\n\t\t\t\tquestion, answer, passlostkey, view_mail, remember, in_groups,\n\t\t\t\tactive, checknum, last_login, last_ip, last_agent, last_openid, idsite) VALUES (\n\t\t\t\t:username,\n\t\t\t\t:md5username,\n\t\t\t\t'',\n\t\t\t\t:email,\n\t\t\t\t:first_name,\n\t\t\t\t:last_name,\n\t\t\t\t:gender,\n\t\t\t\t'', 0,\n\t\t\t\t" . NV_CURRENTTIME . ",\n\t\t\t\t'', '', '', 0, 0, '', 1, '', 0, '', '', '', " . intval($global_config['idsite']) . "\n\t\t\t)"; $data_insert = array(); $data_insert['username'] = $reg_attribs['username']; $data_insert['md5username'] = nv_md5safe($reg_attribs['username']); $data_insert['email'] = $reg_attribs['email']; $data_insert['first_name'] = $reg_attribs['first_name']; $data_insert['last_name'] = $reg_attribs['last_name']; $data_insert['gender'] = ucfirst($reg_attribs['gender'] ? $reg_attribs['gender'][0] : 'N'); $userid = $db->insert_id($sql, 'userid', $data_insert); if (!$userid) { openidLogin_Res0($lang_module['err_no_save_account']); die; } // Cap nhat so thanh vien $db->query('UPDATE ' . NV_GROUPS_GLOBALTABLE . ' SET numbers = numbers+1 WHERE group_id=4'); $query = 'SELECT * FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid=' . $userid . ' AND active=1'; $result = $db->query($query); $row = $result->fetch(); $result->closeCursor(); // Luu vao bang thong tin tuy chinh $query_field = array(); $query_field['userid'] = $userid; $result_field = $db->query('SELECT * FROM ' . NV_USERS_GLOBALTABLE . '_field ORDER BY fid ASC'); while ($row_f = $result_field->fetch()) { $query_field[$row_f['field']] = $db->quote($row_f['default_value']); } $db->query('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_info (' . implode(', ', array_keys($query_field)) . ') VALUES (' . implode(', ', array_values($query_field)) . ')'); // Luu vao bang OpenID $stmt = $db->prepare('INSERT INTO ' . NV_USERS_GLOBALTABLE . '_openid VALUES (' . intval($row['userid']) . ', :server, :opid , :email)'); $stmt->bindParam(':server', $reg_attribs['server'], PDO::PARAM_STR); $stmt->bindParam(':opid', $reg_attribs['opid'], PDO::PARAM_STR); $stmt->bindParam(':email', $reg_attribs['email'], PDO::PARAM_STR); $stmt->execute(); validUserLog($row, 1, $reg_attribs['opid'], $current_mode); $nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name; Header('Location: ' . nv_url_rewrite($nv_redirect, true)); exit; } else { $reg_attribs = serialize($reg_attribs); $nv_Request->set_Session('reg_attribs', $reg_attribs); Header('Location: ' . nv_url_rewrite(NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=register&openid=1&nv_redirect=' . $nv_redirect, true)); exit; } } $array_user_login = array(); if (!defined('NV_IS_USER_FORUM')) { $array_user_login[] = array('title' => $lang_module['openid_note3'], 'link' => NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=login&server=' . $attribs['server'] . '&result=1&option=1&nv_redirect=' . $nv_redirect); $array_user_login[] = array('title' => $lang_module['openid_note4'], 'link' => NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=login&server=' . $attribs['server'] . '&result=1&option=2&nv_redirect=' . $nv_redirect); } else { $array_user_login[] = array('title' => $lang_module['openid_note6'], 'link' => NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=register&nv_redirect=' . $nv_redirect); } $array_user_login[] = array('title' => $lang_module['openid_note5'], 'link' => NV_BASE_SITEURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=login&server=' . $attribs['server'] . '&result=1&option=3&nv_redirect=' . $nv_redirect); $page_title = $lang_module['openid_login']; $key_words = $module_info['keywords']; $mod_title = $lang_module['openid_login']; $contents .= user_openid_login2($attribs, $array_user_login); include NV_ROOTDIR . '/includes/header.php'; echo nv_site_theme($contents); include NV_ROOTDIR . '/includes/footer.php'; exit; }
* @Copyright (C) 2014 PHAN TAN DUNG. All rights reserved * @License GNU/GPL version 2 or any later version * @Createdate Dec 11, 2013, 09:50:11 PM */ if (!defined('NV_IS_MOD_BLOG')) { die('Stop!!!'); } // Dang ky nhan ban tin if ($nv_Request->isset_request('newsletters', 'post')) { $array['email'] = nv_substr($nv_Request->get_title('newsletters', 'post', '', 1), 0, 255); $array['checksess'] = nv_substr($nv_Request->get_title('checksess', 'post', '', 1), 0, 255); if (empty($array['email']) or empty($array['checksess']) or $array['checksess'] != md5($global_config['sitekey'] . $client_info['session_id'])) { die('Error Access!!!'); } // Kiem tra email hop le $checkEmail = nv_check_valid_email($array['email']); if ($checkEmail != '') { die($checkEmail); } // Kiem tra email da dang ky $sql = "SELECT * FROM " . $BL->table_prefix . "_newsletters WHERE email=" . $db->quote($array['email']); $result = $db->query($sql); if ($result->rowCount()) { $row = $result->fetch(); if ($row['status'] == 0) { die(sprintf($BL->lang('newsletterIsBan'), $array['email'])); } elseif ($row['status'] == 1) { die(sprintf($BL->lang('newsletterIsActive'), $array['email'])); } else { if (!$db->query("DELETE FROM " . $BL->table_prefix . "_newsletters WHERE email=" . $db->quote($array['email']))) { die('Unknow Error!!!');
$_user['answer'] = nv_substr($nv_Request->get_title('answer', 'post', '', 1), 0, 255); $_user['first_name'] = nv_substr($nv_Request->get_title('first_name', 'post', '', 1), 0, 255); $_user['last_name'] = nv_substr($nv_Request->get_title('last_name', 'post', '', 1), 0, 255); $_user['gender'] = nv_substr($nv_Request->get_title('gender', 'post', '', 1), 0, 1); $_user['photo'] = nv_substr($nv_Request->get_title('photo', 'post', '', 1), 0, 255); $_user['view_mail'] = $nv_Request->get_int('view_mail', 'post', 0); $_user['sig'] = $nv_Request->get_textarea('sig', '', NV_ALLOWED_HTML_TAGS); $_user['birthday'] = $nv_Request->get_title('birthday', 'post'); $_user['in_groups'] = $nv_Request->get_typed_array('group', 'post', 'int'); $_user['delpic'] = $nv_Request->get_int('delpic', 'post', 0); $custom_fields = $nv_Request->get_array('custom_fields', 'post'); if ($_user['username'] != $row['username'] and ($error_username = nv_check_valid_login($_user['username'], NV_UNICKMAX, NV_UNICKMIN)) != '') { $error = $error_username; } elseif ("'" . $_user['username'] . "'" != $db->quote($_user['username'])) { $error = sprintf($lang_module['account_deny_name'], '<strong>' . $_user['username'] . '</strong>'); } elseif (($error_xemail = nv_check_valid_email($_user['email'])) != '') { $error = $error_xemail; } elseif ($db->query('SELECT userid FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid!=' . $userid . ' AND md5username='******'username'])))->fetchColumn()) { $error = $lang_module['edit_error_username_exist']; } elseif ($db->query('SELECT userid FROM ' . NV_USERS_GLOBALTABLE . ' WHERE userid!=' . $userid . ' AND email=' . $db->quote($_user['email']))->fetchColumn()) { $error = $lang_module['edit_error_email_exist']; } elseif ($db->query('SELECT userid FROM ' . NV_USERS_GLOBALTABLE . '_reg WHERE email=' . $db->quote($_user['email']))->fetchColumn()) { $error = $lang_module['edit_error_email_exist']; } elseif ($db->query('SELECT userid FROM ' . NV_USERS_GLOBALTABLE . '_openid WHERE userid!=' . $userid . ' AND email=' . $db->quote($_user['email']))->fetchColumn()) { $error = $lang_module['edit_error_email_exist']; } elseif (!empty($_user['password1']) and ($check_pass = nv_check_valid_pass($_user['password1'], NV_UPASSMAX, NV_UPASSMIN)) != '') { $error = $check_pass; } elseif (!empty($_user['password1']) and $_user['password1'] != $_user['password2']) { $error = $lang_module['edit_error_password']; } elseif (empty($_user['question'])) { $error = $lang_module['edit_error_question'];
$array['linkdirect'] = array(); } if (!empty($array['linkdirect'])) { $array['linkdirect'] = array_unique($array['linkdirect']); } $stmt = $db->prepare('SELECT COUNT(*) FROM ' . NV_PREFIXLANG . '_' . $module_data . ' WHERE title= :title '); $stmt->bindParam(':title', $array['title'], PDO::PARAM_STR); $stmt->execute(); $is_exists = $stmt->fetchColumn(); if (empty($array['title'])) { $is_error = true; $error = $lang_module['file_error_title']; } elseif ($is_exists) { $is_error = true; $error = $lang_module['file_title_exists']; } elseif (!empty($array['author_email']) and ($check_valid_email = nv_check_valid_email($array['author_email'])) != '') { $is_error = true; $error = $check_valid_email; } elseif (!empty($array['author_url']) and !nv_is_url($array['author_url'])) { $is_error = true; $error = $lang_module['file_error_author_url']; } elseif (empty($array['fileupload']) and empty($array['linkdirect']) and empty($array['fileupload2'])) { $is_error = true; $error = $lang_module['file_error_fileupload']; } else { $alias = change_alias($array['title']); $array['introtext'] = nv_nl2br($array['introtext'], '<br />'); if ($row['user_id']) { $array['user_name'] = $row['user_name']; } if (!empty($array['fileupload2'])) {
$xtpl->assign('GLANG', $lang_global); $is_read = intval($row['is_read']); if (!$is_read) { $db->query('UPDATE ' . NV_PREFIXLANG . '_' . $module_data . '_send SET is_read=1 WHERE id=' . $id); $is_read = 1; } $admin_name = $admin_info['full_name']; if (empty($admin_name)) { $admin_name = $admin_info['username']; } $mess_content = $error = ''; if ($nv_Request->get_int('save', 'post') == '1') { $mess_content = $nv_Request->get_editor('mess_content', '', NV_ALLOWED_HTML_TAGS); if (strip_tags($mess_content) != '') { $from = $db->query('SELECT email FROM ' . NV_PREFIXLANG . '_' . $module_data . '_department WHERE id=' . $row['cid'])->fetchColumn(); if (nv_check_valid_email($from) != '') { $from = $admin_info['email']; } $from = array($admin_name, $from); $subject = 'Re: ' . $row['title']; if (nv_sendmail($from, $row['sender_email'], $subject, $mess_content)) { $sth = $db->prepare('INSERT INTO ' . NV_PREFIXLANG . '_' . $module_data . '_reply (id, reply_content, reply_time, reply_aid) VALUES (' . $id . ', :reply_content, ' . NV_CURRENTTIME . ', ' . $admin_info['admin_id'] . ')'); $sth->bindParam(':reply_content', $mess_content, PDO::PARAM_STR, strlen($mess_content)); $sth->execute(); $db->query('UPDATE ' . NV_PREFIXLANG . '_' . $module_data . '_send SET is_reply=1 WHERE id=' . $id); Header('Location: ' . NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=view&id=' . $id); die; } else { $error = $lang_global['error_sendmail_admin']; } }
$array_config_global['site_keywords'] = array(); if (!empty($site_keywords)) { foreach ($site_keywords as $keywords) { if (!empty($keywords) and !is_numeric($keywords)) { $array_config_global['site_keywords'][] = $keywords; } } } $array_config_global['site_keywords'] = !empty($array_config_global['site_keywords']) ? implode(", ", $array_config_global['site_keywords']) : ""; } $array_config_global['site_email'] = filter_text_input('site_email', 'post', '', 1, 255); if (nv_check_valid_email($array_config_global['site_email']) != '') { $array_config_global['site_email'] = $global_config['site_email']; } $array_config_global['error_send_email'] = filter_text_input('error_send_email', 'post', '', 1, 255); if (nv_check_valid_email($array_config_global['error_send_email']) != '') { $array_config_global['error_send_email'] = $global_config['error_send_email']; } $array_config_global['site_phone'] = filter_text_input('site_phone', 'post', '', 1, 255); $array_config_global['site_lang'] = filter_text_input('site_lang', 'post', '', 1, 255); if (!in_array($array_config_global['site_lang'], $allow_sitelangs)) { $array_config_global['site_lang'] = 'vi'; } $array_config_global['site_timezone'] = filter_text_input('site_timezone', 'post', '', 1, 255); $array_config_global['date_pattern'] = filter_text_input('date_pattern', 'post', '', 1, 255); $array_config_global['time_pattern'] = filter_text_input('time_pattern', 'post', '', 1, 255); $array_config_global['my_domains'] = filter_text_input('my_domains', 'post', '', 1, 255); $my_domains = array(NV_SERVER_NAME); if (!empty($array_config_global['my_domains'])) { $array_config_global['my_domains'] = array_map("trim", explode(",", $array_config_global['my_domains'])); foreach ($array_config_global['my_domains'] as $dm) {
} elseif ($row_f['field_type'] == 'date') { if (preg_match('/^([0-9]{1,2})\\/([0-9]{1,2})\\/([0-9]{4})$/', $value, $m)) { $value = mktime(0, 0, 0, $m[2], $m[1], $m[3]); if ($row_f['min_length'] > 0 and ($value < $row_f['min_length'] or $value > $row_f['max_length'])) { die(json_encode(array('status' => 'error', 'input' => 'custom_fields[' . $row_f['field'] . ']', 'mess' => sprintf($lang_module['field_min_max_value'], $row_f['title'], date('d/m/Y', $row_f['min_length']), date('d/m/Y', $row_f['max_length']))))); } } else { die(json_encode(array('status' => 'error', 'input' => 'custom_fields[' . $row_f['field'] . ']', 'mess' => sprintf($lang_module['field_match_type_error'], $row_f['title'])))); } } elseif ($row_f['field_type'] == 'textbox') { if ($row_f['match_type'] == 'alphanumeric') { if (!preg_match('/^[a-zA-Z0-9\\_]+$/', $value)) { die(json_encode(array('status' => 'error', 'input' => 'custom_fields[' . $row_f['field'] . ']', 'mess' => sprintf($lang_module['field_match_type_error'], $row_f['title'])))); } } elseif ($row_f['match_type'] == 'email') { if (($error = nv_check_valid_email($value)) != '') { die(json_encode(array('status' => 'error', 'input' => 'custom_fields[' . $row_f['field'] . ']', 'mess' => $error))); } } elseif ($row_f['match_type'] == 'url') { if (!nv_is_url($value)) { die(json_encode(array('status' => 'error', 'input' => 'custom_fields[' . $row_f['field'] . ']', 'mess' => sprintf($lang_module['field_match_type_error'], $row_f['title'])))); } } elseif ($row_f['match_type'] == 'regex') { if (!preg_match('/' . $row_f['match_regex'] . '/', $value)) { die(json_encode(array('status' => 'error', 'input' => 'custom_fields[' . $row_f['field'] . ']', 'mess' => sprintf($lang_module['field_match_type_error'], $row_f['title'])))); } } elseif ($row_f['match_type'] == 'callback') { if (function_exists($row_f['func_callback'])) { if (!call_user_func($row_f['func_callback'], $value)) { die(json_encode(array('status' => 'error', 'input' => 'custom_fields[' . $row_f['field'] . ']', 'mess' => sprintf($lang_module['field_match_type_error'], $row_f['title'])))); }
if (defined('NV_IS_USER')) { $userid = $user_info['userid']; $name = $user_info['username']; $email = $user_info['email']; } elseif (defined('NV_IS_ADMIN')) { $userid = $admin_info['userid']; $name = $admin_info['username']; $email = $admin_info['email']; $status = 1; } else { $userid = 0; $name = filter_text_input('name', 'post', '', 1); $email = filter_text_input('email', 'post', ''); } $contents = ""; if ($setting['comment_' . $type] and $id > 0 and $checkss == md5($id . session_id() . $global_config['sitekey']) and $name != "" and nv_check_valid_email($email) == "" and $code != "" and $content != "") { $timeout = $nv_Request->get_int($module_name . '_' . $op . '_' . $id, 'cookie', 0); if (!nv_capcha_txt($code)) { $contents = "ERR_" . $lang_global['securitycodeincorrect']; } elseif ($timeout == 0 or NV_CURRENTTIME - $timeout > $difftimeout) { $query = $db->sql_query("SELECT " . $scatid . " allowed_comm FROM `" . NV_PREFIXLANG . "_" . $module_data . "_" . $type . "` WHERE `" . $wid . "` = " . $id); $row = $db->sql_fetchrow($query); if (isset($row['allowed_comm']) and ($row['allowed_comm'] == 1 or $row['allowed_comm'] == 2 and defined('NV_IS_USER'))) { $row['catid'] = 0; $content = nv_nl2br($content, '<br />'); $sql = "INSERT INTO `" . NV_PREFIXLANG . "_" . $module_data . "_comment_" . $type . "` (`cid`, `level`, `cmcount`, `id`, `content`, `like`, `user_like`, `user_dislike`, `dislike`, `post_time`, `userid`, `post_name`, `post_email`, `post_ip`, `status`) VALUES (NULL, " . $db->dbescape($level) . ", 0, " . $id . "," . $db->dbescape($content) . ", 0, '', '', 0, UNIX_TIMESTAMP(), " . $userid . ", " . $db->dbescape($name) . ", " . $db->dbescape($email) . ", " . $db->dbescape(NV_CLIENT_IP) . ", " . $status . ")"; $result = $db->sql_query($sql); if ($result) { $query = "UPDATE `" . NV_PREFIXLANG . "_" . $module_data . "_comment_" . $type . "` SET `cmcount`=`cmcount`+1 WHERE `level`=" . $db->dbescape($plevel); $db->sql_query($query); $page = 0;
$post['group_type'] = $nv_Request->get_int('group_type', 'post', 0); if (!in_array($post['group_type'], array(0, 1, 2))) { $post['group_type'] = 0; } $post['siteus'] = $nv_Request->get_int('siteus', 'post', 0); if ($post['siteus'] != 1) { $post['siteus'] = 0; } $post['is_default'] = $nv_Request->get_int('is_default', 'post', 0); if ($post['is_default'] != 1) { $post['is_default'] = 0; } } if (empty($post['id']) or $post['id'] > 9 or $post['id'] == 1 or $post['id'] == 2 or $post['id'] == 3 or $post['id'] == 4 or $post['id'] == 7) { $post['email'] = $nv_Request->get_title('email', 'post', '', 1); if (!empty($post['email']) and ($error_xemail = nv_check_valid_email($post['email'])) != '') { die($error_xemail); } } else { $post['email'] = ''; } if (empty($post['id']) or $post['id'] > 9 or $post['id'] == 0 or $post['id'] == 1 or $post['id'] == 2 or $post['id'] == 3) { //lấy thông tin cấu hình phân quyền $post['config']['access_groups_add'] = $nv_Request->get_int('access_groups_add', 'post', 0); $post['config']['access_groups_del'] = $nv_Request->get_int('access_groups_del', 'post', 0); $post['config']['access_addus'] = $nv_Request->get_int('access_addus', 'post', 0); $post['config']['access_waiting'] = $nv_Request->get_int('access_waiting', 'post', 0); $post['config']['access_editus'] = $nv_Request->get_int('access_editus', 'post', 0); $post['config']['access_delus'] = $nv_Request->get_int('access_delus', 'post', 0); $post['config']['access_passus'] = $nv_Request->get_int('access_passus', 'post', 0); $post['config'] = serialize($post['config']);
/** * openidLogin_Res1() * Function thuc hien khi OpenID duoc nhan dien * * @param mixed $attribs * @return */ function openidLogin_Res1($attribs) { global $page_title, $key_words, $mod_title, $db, $crypt, $nv_Request, $lang_module, $lang_global, $module_name, $module_info, $global_config, $gfx_chk, $nv_redirect; $email = (isset($attribs['contact/email']) and nv_check_valid_email($attribs['contact/email']) == "") ? $attribs['contact/email'] : ""; if (empty($email)) { $nv_Request->unset_request('openid_attribs', 'session'); openidLogin_Res0($lang_module['logged_in_failed']); die; } $opid = $crypt->hash($attribs['id']); $query = "SELECT a.userid AS uid, a.email AS uemail, b.active AS uactive FROM `" . NV_USERS_GLOBALTABLE . "_openid` a, `" . NV_USERS_GLOBALTABLE . "` b \r\n WHERE a.opid=" . $db->dbescape($opid) . " \r\n AND a.email=" . $db->dbescape($email) . " \r\n AND a.userid=b.userid"; $result = $db->sql_query($query); $numrows = $db->sql_numrows($result); if ($numrows) { list($user_id, $op_email, $user_active) = $db->sql_fetchrow($result); $db->sql_freeresult($result); $nv_Request->unset_request('openid_attribs', 'session'); if ($op_email != $email) { openidLogin_Res0($lang_module['not_logged_in']); die; } if (!$user_active) { openidLogin_Res0($lang_module['login_no_active']); die; } $query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`=" . $db->dbescape($user_id); $result = $db->sql_query($query); $row = $db->sql_fetchrow($result); validUserLog($row, 1, $opid); $nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name; Header("Location: " . $nv_redirect); die; } $query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `email`=" . $db->dbescape($email); $result = $db->sql_query($query); $numrows = $db->sql_numrows($result); if ($numrows) { $nv_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); $login_allowed = false; if (empty($nv_row['password'])) { $nv_Request->unset_request('openid_attribs', 'session'); $login_allowed = true; } if ($nv_Request->isset_request('openid_account_confirm', 'post')) { $nv_Request->unset_request('openid_attribs', 'session'); if (defined('NV_IS_USER_FORUM') and file_exists(NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php')) { $nv_username = $nv_row['username']; $nv_password = $password; require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php'; if (empty($error)) { $login_allowed = true; } else { openidLogin_Res0($lang_module['openid_confirm_failed']); die; } } else { $password = $nv_Request->get_string('password', 'post', ''); $nv_seccode = filter_text_input('nv_seccode', 'post', ''); $nv_seccode = !$gfx_chk ? 1 : (nv_capcha_txt($nv_seccode) ? 1 : 0); if ($crypt->validate($password, $nv_row['password']) and $nv_seccode) { $login_allowed = true; } else { openidLogin_Res0($lang_module['openid_confirm_failed']); die; } } } if ($login_allowed) { $sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . intval($nv_row['userid']) . ", " . $db->dbescape($attribs['id']) . ", " . $db->dbescape($opid) . ", " . $db->dbescape($email) . ")"; $db->sql_query($sql); if (intval($nv_row['active']) != 1) { openidLogin_Res0($lang_module['login_no_active']); } else { validUserLog($nv_row, 1, $opid); Header("Location: " . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name); } die; } $page_title = $lang_module['openid_login']; $key_words = $module_info['keywords']; $mod_title = $lang_module['openid_login']; $lang_module['login_info'] = sprintf($lang_module['openid_confirm_info'], $email); $contents = openid_account_confirm($gfx_chk, $attribs); include NV_ROOTDIR . "/includes/header.php"; echo nv_site_theme($contents); include NV_ROOTDIR . "/includes/footer.php"; exit; } if ($global_config['allowuserreg'] == 2 or $global_config['allowuserreg'] == 3) { $query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "_reg` WHERE `email`=" . $db->dbescape($email); if ($global_config['allowuserreg'] == 2) { $query .= " AND `regdate`>" . (NV_CURRENTTIME - 86400); } $result = $db->sql_query($query); $numrows = $db->sql_numrows($result); if ($numrows) { if ($global_config['allowuserreg'] == 2) { $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($nv_Request->isset_request('openid_active_confirm', 'post')) { $nv_Request->unset_request('openid_attribs', 'session'); $password = $nv_Request->get_string('password', 'post', ''); $nv_seccode = filter_text_input('nv_seccode', 'post', ''); $nv_seccode = !$gfx_chk ? 1 : (nv_capcha_txt($nv_seccode) ? 1 : 0); if ($crypt->validate($password, $row['password']) and $nv_seccode) { $reg_attribs = set_reg_attribs($attribs); $sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "` (\r\n `userid`, `username`, `password`, `email`, `full_name`, `gender`, `photo`, `birthday`, `regdate`, `website`, \r\n `location`, `yim`, `telephone`, `fax`, `mobile`, `question`, `answer`, `passlostkey`, `view_mail`, `remember`, `in_groups`, \r\n `active`, `checknum`, `last_login`, `last_ip`, `last_agent`, `last_openid`) VALUES (\r\n NULL, \r\n " . $db->dbescape($row['username']) . ", \r\n " . $db->dbescape($row['password']) . ", \r\n " . $db->dbescape($row['email']) . ", \r\n " . $db->dbescape(!empty($row['full_name']) ? $row['full_name'] : $reg_attribs['full_name']) . ", \r\n " . $db->dbescape($reg_attribs['gender']) . ", \r\n '', 0, \r\n " . $db->dbescape($row['regdate']) . ", \r\n '', '', \r\n " . $db->dbescape($reg_attribs['yim']) . ", \r\n '', '', '', \r\n " . $db->dbescape($row['question']) . ", \r\n " . $db->dbescape($row['answer']) . ", \r\n '', 1, 1, '', 1, '', 0, '', '', '')"; $userid = $db->sql_query_insert_id($sql); if (!$userid) { openidLogin_Res0($lang_module['account_active_error']); die; } $sql = "DELETE FROM `" . NV_USERS_GLOBALTABLE . "_reg` WHERE `userid`=" . $db->dbescape($row['userid']); $db->sql_query($sql); $sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . $userid . ", " . $db->dbescape($attribs['id']) . ", " . $db->dbescape($opid) . ", " . $db->dbescape($email) . ")"; $db->sql_query($sql); $query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`=" . $db->dbescape($userid); $result = $db->sql_query($query); $row = $db->sql_fetchrow($result); validUserLog($row, 1, $opid); $info = $lang_module['account_active_ok'] . "<br /><br />\n"; $info .= "<img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n"; $info .= "[<a href=\"" . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "\">" . $lang_module['redirect_to_home'] . "</a>]"; $contents .= user_info_exit($info); $contents .= "<meta http-equiv=\"refresh\" content=\"2;url=" . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "\" />"; include NV_ROOTDIR . "/includes/header.php"; echo nv_site_theme($contents); include NV_ROOTDIR . "/includes/footer.php"; exit; } else { openidLogin_Res0($lang_module['openid_confirm_failed']); die; } } $page_title = $mod_title = $lang_module['openid_active_title']; $key_words = $module_info['keywords']; $lang_module['login_info'] = sprintf($lang_module['openid_active_confirm_info'], $email); $contents = openid_active_confirm($gfx_chk, $attribs); include NV_ROOTDIR . "/includes/header.php"; echo nv_site_theme($contents); include NV_ROOTDIR . "/includes/footer.php"; exit; } else { $nv_Request->unset_request('openid_attribs', 'session'); openidLogin_Res0($lang_module['account_register_to_admin']); die; } } } $option = $nv_Request->get_int('option', 'get', 0); if (!$global_config['allowuserreg']) { $option = 3; } $contents = ""; if ($option == 3) { $error = ""; if ($nv_Request->isset_request('nv_login', 'post')) { $nv_username = filter_text_input('nv_login', 'post', ''); $nv_password = filter_text_input('nv_password', 'post', ''); $nv_seccode = filter_text_input('nv_seccode', 'post', ''); $check_login = nv_check_valid_login($nv_username, NV_UNICKMAX, NV_UNICKMIN); $check_pass = nv_check_valid_pass($nv_password, NV_UPASSMAX, NV_UPASSMIN); $check_seccode = !$gfx_chk ? true : (nv_capcha_txt($nv_seccode) ? true : false); if (!$check_seccode) { $error = $lang_global['securitycodeincorrect']; } elseif (!empty($check_login)) { $error = $check_login; } elseif (!empty($check_pass)) { $error = $check_pass; } else { $sql = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `username`=" . $db->dbescape($nv_username); $result = $db->sql_query($sql); $numrows = $db->sql_numrows($result); if ($numrows != 1) { $error = $lang_global['loginincorrect']; } else { $row = $db->sql_fetchrow($result); if (empty($row['password']) or !$crypt->validate($nv_password, $row['password'])) { $error = $lang_global['loginincorrect']; } else { if (!$row['active']) { $error = $lang_module['login_no_active']; } else { $nv_Request->unset_request('openid_attribs', 'session'); $sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . intval($row['userid']) . ", " . $db->dbescape($attribs['id']) . ", " . $db->dbescape($opid) . ", " . $db->dbescape($email) . ")"; $db->sql_query($sql); validUserLog($row, 1, $opid); } } } } if (empty($error)) { $nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name; $info = $lang_module['login_ok'] . "<br /><br />\n"; $info .= "<img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n"; $info .= "[<a href=\"" . $nv_redirect . "\">" . $lang_module['redirect_to_back'] . "</a>]"; $contents .= user_info_exit($info); $contents .= "<meta http-equiv=\"refresh\" content=\"2;url=" . $nv_redirect . "\" />"; include NV_ROOTDIR . "/includes/header.php"; echo nv_site_theme($contents); include NV_ROOTDIR . "/includes/footer.php"; exit; } $array_login = array("nv_login" => $nv_username, "nv_password" => $nv_password, "nv_redirect" => $nv_redirect, 'login_info' => "<span style=\"color:#fb490b;\">" . $error . "</span>"); } else { $array_login = array("nv_login" => '', "nv_password" => '', 'login_info' => $lang_module['openid_note1'], "nv_redirect" => $nv_redirect); } $contents .= user_openid_login($gfx_chk, $array_login, $attribs); include NV_ROOTDIR . "/includes/header.php"; echo nv_site_theme($contents); include NV_ROOTDIR . "/includes/footer.php"; exit; } elseif ($option == 1 or $option == 2) { $nv_Request->unset_request('openid_attribs', 'session'); $reg_attribs = set_reg_attribs($attribs); if (empty($reg_attribs['username'])) { openidLogin_Res0($lang_module['logged_in_failed']); die; } if ($option == 2) { $sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "` \r\n (`userid`, `username`, `password`, `email`, `full_name`, `gender`, `photo`, `birthday`, \r\n `regdate`, `website`, `location`, `yim`, `telephone`, `fax`, `mobile`, `question`, `answer`, `passlostkey`, \r\n `view_mail`, `remember`, `in_groups`, `active`, `checknum`, `last_login`, `last_ip`, `last_agent`, `last_openid`) VALUES \r\n (\r\n NULL, \r\n " . $db->dbescape($reg_attribs['username']) . ", \r\n '', \r\n " . $db->dbescape($reg_attribs['email']) . ", \r\n " . $db->dbescape($reg_attribs['full_name']) . ", \r\n " . $db->dbescape(ucfirst($reg_attribs['gender'])) . ", \r\n '', 0, " . NV_CURRENTTIME . ", '', '', \r\n " . $db->dbescape($reg_attribs['yim']) . ", \r\n '', '', '', '', '', '', 0, 0, '', 1, '', 0, '', '', ''\r\n )"; $userid = $db->sql_query_insert_id($sql); if (!$userid) { openidLogin_Res0($lang_module['err_no_save_account']); die; } $query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`=" . $userid . " AND `active`=1"; $result = $db->sql_query($query); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); $sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "_openid` VALUES (" . intval($row['userid']) . ", " . $db->dbescape($reg_attribs['openid']) . ", " . $db->dbescape($reg_attribs['opid']) . ", " . $db->dbescape($reg_attribs['email']) . ")"; $db->sql_query($sql); validUserLog($row, 1, $reg_attribs['opid']); $nv_redirect = !empty($nv_redirect) ? nv_base64_decode($nv_redirect) : NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name; Header("Location: " . $nv_redirect); exit; } else { $reg_attribs = serialize($reg_attribs); $nv_Request->set_Session('reg_attribs', $reg_attribs); Header("Location: " . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=register&openid=1&nv_redirect=" . $nv_redirect); exit; } } $array_user_login = array(); if (!defined('NV_IS_USER_FORUM')) { $array_user_login[] = array("title" => $lang_module['openid_note3'], "link" => NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=login&server=" . $attribs['server'] . "&result=1&option=1&nv_redirect=" . $nv_redirect); $array_user_login[] = array("title" => $lang_module['openid_note4'], "link" => NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=login&server=" . $attribs['server'] . "&result=1&option=2&nv_redirect=" . $nv_redirect); } else { $array_user_login[] = array("title" => $lang_module['openid_note6'], "link" => NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=register&nv_redirect=" . $nv_redirect); } $array_user_login[] = array("title" => $lang_module['openid_note5'], "link" => NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=login&server=" . $attribs['server'] . "&result=1&option=3&nv_redirect=" . $nv_redirect); $contents .= user_openid_login2($attribs, $array_user_login); include NV_ROOTDIR . "/includes/header.php"; echo nv_site_theme($contents); include NV_ROOTDIR . "/includes/footer.php"; exit; }
include_once NV_ROOTDIR . "/includes/class/openid.class.php"; $openid_class = new LightOpenID(); if ($nv_Request->isset_request('openid_mode', 'get')) { $openid_mode = $nv_Request->get_string('openid_mode', 'get', ''); if ($openid_mode == "cancel") { $nv_Request->set_Session('openid_error', 1); header("Location: " . nv_url_rewrite(NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=openid", true)); die; } elseif (!$openid_class->validate()) { $nv_Request->set_Session('openid_error', 2); header("Location: " . nv_url_rewrite(NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=openid", true)); die; } else { $openid = $openid_class->identity; $attribs = $openid_class->getAttributes(); $email = (isset($attribs['contact/email']) and nv_check_valid_email($attribs['contact/email']) == "") ? $attribs['contact/email'] : ""; if (empty($openid) or empty($email)) { $nv_Request->set_Session('openid_error', 3); header("Location: " . nv_url_rewrite(NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=openid", true)); die; } $opid = $crypt->hash($openid); $query = "SELECT COUNT(*) AS `count` FROM `" . NV_USERS_GLOBALTABLE . "_openid` WHERE `opid`=" . $db->dbescape($opid); $result = $db->sql_query($query); list($count) = $db->sql_fetchrow($result); if ($count) { $nv_Request->set_Session('openid_error', 4); header("Location: " . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=openid"); die; } $query = "SELECT COUNT(*) AS `count` FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`!=" . $user_info['userid'] . " AND `email`=" . $db->dbescape($email);
} if (empty($nv_username)) { die(signin_result(array('status' => 'error', 'input' => 'nv_login', 'mess' => $lang_global['username_empty']))); } if (empty($nv_password)) { die(signin_result(array('status' => 'error', 'input' => 'nv_password', 'mess' => $lang_global['password_empty']))); } if (defined('NV_IS_USER_FORUM')) { $error = ''; require_once NV_ROOTDIR . '/' . DIR_FORUM . '/nukeviet/login.php'; if (!empty($error)) { die(signin_result(array('status' => 'error', 'input' => 'nv_login', 'mess' => $error))); } } else { $error1 = $lang_global['loginincorrect']; if (nv_check_valid_email($nv_username) == '') { // Email login $nv_username = nv_strtolower($nv_username); $sql = "SELECT * FROM " . NV_USERS_GLOBALTABLE . " WHERE email =" . $db->quote($nv_username); $login_email = true; } else { // Username login $sql = "SELECT * FROM " . NV_USERS_GLOBALTABLE . " WHERE md5username ='******'"; $login_email = false; } $row = $db->query($sql)->fetch(); if (!empty($row)) { if (($row['username'] == $nv_username and $login_email == false or $row['email'] == $nv_username and $login_email == true) and $crypt->validate_password($nv_password, $row['password'])) { if (!$row['active']) { $error1 = $lang_module['login_no_active']; } else {
} elseif (defined('NV_IS_USER')) { $name = $user_info['username']; $youremail = $user_info['email']; } else { $name = filter_text_input('name', 'post', '', 1); $youremail = filter_text_input('youremail', 'post', ''); } $to_mail = $content = ""; if ($checkss == md5($id . session_id() . $global_config['sitekey']) and $allowed_send == 1) { $link = NV_MY_DOMAIN . nv_url_rewrite(NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=" . $global_array_cat[$catid]['alias'] . "/" . $alias . "-" . $id, true); $link = "<a href=\"{$link}\" title=\"{$title}\">{$link}</a>\n"; $nv_seccode = filter_text_input('nv_seccode', 'post', ''); $to_mail = filter_text_input('email', 'post', ''); $content = filter_text_input('content', 'post', '', 1); $err_email = nv_check_valid_email($to_mail); $err_youremail = nv_check_valid_email($youremail); $err_name = ""; $message = ""; $success = ""; if ($global_config['gfx_chk'] > 0 and !nv_capcha_txt($nv_seccode)) { $err_name = $lang_global['securitycodeincorrect']; } elseif (empty($name)) { $err_name = $lang_module['sendmail_err_name']; } elseif (empty($err_email) and empty($err_youremail)) { $subject = $lang_module['sendmail_subject'] . "{$name}"; $message .= "" . $lang_module['sendmail_welcome'] . " <strong>" . $global_config['site_name'] . "</strong> " . $lang_module['sendmail_welcome1'] . "<br /><br />" . $content . "<br /><br />" . $hometext . " <br/><br /><strong>" . $lang_module['sendmail_welcome2'] . "</strong><br />" . $link; $from = array($name, $youremail); $check = nv_sendmail($from, $to_mail, $subject, $message); if ($check) { $success = "" . $lang_module['sendmail_success'] . "<strong> " . $to_mail . "</strong>"; } else {
$full_name = $nv_Request->get_title('full_name', 'post', '', 1); $alias = $nv_Request->get_title('alias', 'post', '', 1); $phone = $nv_Request->get_title('phone', 'post', '', 1); $fax = $nv_Request->get_title('fax', 'post', '', 1); $email = $nv_Request->get_title('email', 'post', '', 1); $yahoo = $nv_Request->get_title('yahoo', 'post', '', 1); $skype = $nv_Request->get_title('skype', 'post', '', 1); $note = $nv_Request->get_editor('note', '', NV_ALLOWED_HTML_TAGS); $view_level = $nv_Request->get_array('view_level', 'post', array()); $reply_level = $nv_Request->get_array('reply_level', 'post', array()); $obt_level = $nv_Request->get_array('obt_level', 'post', array()); if (!empty($email)) { $_email = array_map("trim", explode(",", $email)); $email = array(); foreach ($_email as $e) { $check_valid_email = nv_check_valid_email($e); if (empty($check_valid_email)) { $email[] = $e; } } $email = implode(", ", $email); } $admins = array(); if (!empty($view_level)) { foreach ($view_level as $admid) { $admins[$admid]['view_level'] = 1; $admins[$admid]['reply_level'] = 0; $admins[$admid]['obt_level'] = 0; } } if (!empty($reply_level)) {
} if ($array_config_global['lang_multi'] == 0) { $array_config_global['rewrite_optional'] = $nv_Request->get_int('rewrite_optional', 'post', 0); $array_config_global['lang_geo'] = 0; $array_config_global['rewrite_op_mod'] = $nv_Request->get_title('rewrite_op_mod', 'post'); if (!isset($site_mods[$array_config_global['rewrite_op_mod']]) or $array_config_global['rewrite_optional'] == 0) { $array_config_global['rewrite_op_mod'] = ''; } } else { $array_config_global['rewrite_optional'] = 0; $array_config_global['lang_geo'] = $nv_Request->get_int('lang_geo', 'post', 0); $array_config_global['rewrite_op_mod'] = ''; } $array_config_global['error_set_logs'] = $nv_Request->get_int('error_set_logs', 'post', 0); $error_send_email = nv_substr($nv_Request->get_title('error_send_email', 'post', '', 1), 0, 255); if (nv_check_valid_email($error_send_email) == '') { $array_config_global['error_send_email'] = $error_send_email; } $array_config_global['cdn_url'] = ''; $cdn_url = rtrim($nv_Request->get_string('cdn_url', 'post'), '/'); if (!empty($cdn_url)) { $cdn_url = preg_replace('/^(http|https)\\:\\/\\//', '', $cdn_url); $cdn_url = preg_replace('/^([^\\/]+)\\/*(.*)$/', '\\1', $cdn_url); $_p = ''; if (preg_match('/(.*)\\:([0-9]+)$/', $cdn_url, $m)) { $cdn_url = $m[1]; $_p = ':' . $m[2]; } $cdn_url = nv_check_domain(nv_strtolower($cdn_url)); if (!empty($cdn_url)) { $array_config_global['cdn_url'] = $cdn_url . $_p;
} elseif ($row_f['question_type'] == 'date') { if (preg_match("/^([0-9]{1,2})\\/([0-9]{1,2})\\/([0-9]{4})\$/", $value, $m)) { $value = mktime(0, 0, 0, $m[2], $m[1], $m[3]); if ($value < $row_f['min_length'] or $value > $row_f['max_length']) { $error = sprintf($lang_module['field_min_max_value'], $row_f['title'], date('d/m/Y', $row_f['min_length']), date('d/m/Y', $row_f['max_length'])); } } else { $error = sprintf($lang_module['field_match_type_error'], $row_f['title']); } } elseif ($row_f['question_type'] == 'textbox') { if ($row_f['match_type'] == 'alphanumeric') { if (!preg_match("/^[a-zA-Z0-9\\_]+\$/", $value)) { $error = sprintf($lang_module['field_match_type_error'], $row_f['title']); } } elseif ($row_f['match_type'] == 'email') { $error = nv_check_valid_email($value); } elseif ($row_f['match_type'] == 'url') { if (!nv_is_url($value)) { $error = sprintf($lang_module['field_match_type_error'], $row_f['title']); } } elseif ($row_f['match_type'] == 'regex') { if (!preg_match("/" . $row_f['match_regex'] . "/", $value)) { $error = sprintf($lang_module['field_match_type_error'], $row_f['title']); } } elseif ($row_f['match_type'] == 'callback') { if (function_exists($row_f['func_callback'])) { if (!call_user_func($row_f['func_callback'], $value)) { $error = sprintf($lang_module['field_match_type_error'], $row_f['title']); } } else { $error = "error function not exists " . $row_f['func_callback'];
$subject = filter_text_input('subject', 'post', '', 1); $content = filter_text_textarea('content', '', NV_ALLOWED_HTML_TAGS); $seccode = filter_text_input('seccode', 'post', ''); $post_id = 0; if (defined('NV_IS_USER')) { $uname = !empty($user_info['full_name']) ? $user_info['full_name'] : $user_info['username']; $uemail = $user_info['email']; $post_id = $user_info['userid']; } if (!nv_capcha_txt($seccode)) { $error[] = $lang_module['comment_error2']; } if (empty($uname) or nv_strlen($uname) < 3) { $error[] = $lang_module['comment_error3']; } if (($validemail = nv_check_valid_email($uemail)) != "") { $error[] = $validemail; } if (empty($subject) or nv_strlen($subject) < 3) { $error[] = $lang_module['comment_error4']; } if (empty($content) or nv_strlen($content) < 3) { $error[] = $lang_module['comment_error5']; } $download_config = initial_config_data(); if ($download_config['is_autocomment_allow']) { $status = 1; } else { $status = 0; } if (!empty($error)) {
$is_read = intval($row['is_read']); if (!$is_read) { $sql = "UPDATE `" . NV_PREFIXLANG . "_" . $module_data . "_send` SET `is_read`=1 WHERE `id`=" . $id; $result = $db->sql_query($sql); $is_read = 1; } $admin_name = $admin_info['full_name']; if (empty($admin_name)) { $admin_name = $admin_info['username']; } $mess_content = $error = ""; if ($nv_Request->get_int('save', 'post') == '1') { $mess_content = nv_editor_filter_textarea('mess_content', '', NV_ALLOWED_HTML_TAGS, true); if (strip_tags($mess_content) != "") { list($from) = $db->sql_fetchrow($db->sql_query("SELECT `email` FROM `" . NV_PREFIXLANG . "_" . $module_data . "_rows` WHERE `id`=" . $row['cid'])); if (nv_check_valid_email($from) != "") { $from = $admin_info['email']; } $from = array($admin_name, $from); $subject = "Re: " . $row['title']; if (nv_sendmail($from, $row['sender_email'], $subject, $mess_content)) { $sql = "UPDATE `" . NV_PREFIXLANG . "_" . $module_data . "_send` SET `is_reply`=1, `reply_content`=" . $db->dbescape($mess_content) . ", `reply_time`=" . NV_CURRENTTIME . ", `reply_aid`=" . $admin_info['admin_id'] . " WHERE `id`=" . $id; $db->sql_query($sql); Header("Location: " . NV_BASE_ADMINURL . "index.php?" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=view&id=" . $id); die; } else { $error = $lang_global['error_sendmail_admin']; } } } else { $mess_content .= "<br /><br />----------<br />Best regards,<br /><br />" . $admin_name . "<br />";
$email_receive = filter_text_input('email_receive', 'post', '', 1, 255); $body = filter_text_input('body', 'post', '', 1, 500); // Kiem tra if (empty($id)) { die("Error access !!!"); } if (empty($who_send)) { die($lang_module['error_gift_send']); } if (empty($who_receive)) { die($lang_module['error_gift_recieve']); } if (empty($email_receive)) { die($lang_module['error_empty_email']); } $check_valid_email = nv_check_valid_email($email_receive); if (!empty($check_valid_email)) { die(str_replace(array("”", "“"), " ", strip_tags($check_valid_email))); } // Kiem tra thoi gian $timeout = $nv_Request->get_int($module_name . '_gift', 'cookie', 0); if ($timeout == 0 or NV_CURRENTTIME - $timeout > 360) { $song = getsongbyID($id); if (empty($song)) { die($lang_module['err_exist_song']); } $nv_Request->set_Cookie($module_name . '_gift', NV_CURRENTTIME); $sql = "INSERT INTO `" . NV_PREFIXLANG . "_" . $module_data . "_gift` VALUES ( \n\t\t\tNULL, \n\t\t\t" . $db->dbescape($who_send) . ", \n\t\t\t" . $db->dbescape($who_receive) . ", \n\t\t\t" . $db->dbescape($id) . ", \n\t\t\tUNIX_TIMESTAMP(), \n\t\t\t" . $db->dbescape($body) . ", \n\t\t\t" . $setting['auto_gift'] . " \n\t\t)"; if ($db->sql_query_insert_id($sql)) { if ($setting['auto_gift']) { nv_del_moduleCache($module_name);
$error = ''; define('NV_USERS_GLOBALTABLE', $db_config['prefix'] . '_users'); // Bat dau phien lam viec cua MySQL $db = new NukeViet\Core\Database($db_config); if (!empty($db->error)) { $error = !empty($db->error['user_message']) ? $db->error['user_message'] : $db->error['message']; } $array_data['site_name'] = $nv_Request->get_title('site_name', 'post', $array_data['site_name'], 1); $array_data['nv_login'] = nv_substr($nv_Request->get_title('nv_login', 'post', $array_data['nv_login'], 1), 0, NV_UNICKMAX); $array_data['nv_email'] = $nv_Request->get_title('nv_email', 'post', $array_data['nv_email']); $array_data['nv_password'] = $nv_Request->get_title('nv_password', 'post', $array_data['nv_password']); $array_data['re_password'] = $nv_Request->get_title('re_password', 'post', $array_data['re_password']); $array_data['lang_multi'] = (int) $nv_Request->get_bool('lang_multi', 'post', $array_data['lang_multi']); $check_login = nv_check_valid_login($array_data['nv_login'], NV_UNICKMAX, NV_UNICKMIN); $check_pass = nv_check_valid_pass($array_data['nv_password'], NV_UPASSMAX, NV_UPASSMIN); $check_email = nv_check_valid_email($array_data['nv_email']); $array_data['question'] = $nv_Request->get_title('question', 'post', $array_data['question'], 1); $array_data['answer_question'] = $nv_Request->get_title('answer_question', 'post', $array_data['answer_question'], 1); $global_config['site_email'] = $array_data['nv_email']; if ($nv_Request->isset_request('nv_login,nv_password', 'post')) { if (empty($array_data['site_name'])) { $error = $lang_module['err_sitename']; } elseif (!empty($check_login)) { $error = $check_login; } elseif ("'" . $array_data['nv_login'] . "'" != $db->quote($array_data['nv_login'])) { $error = sprintf($lang_module['account_deny_name'], '<strong>' . $array_data['nv_login'] . '</strong>'); } elseif (!empty($check_email)) { $error = $check_email; } elseif (!empty($check_pass)) { $error = $check_pass; } elseif ($array_data['nv_password'] != $array_data['re_password']) {
} else { $total = $total_coupons - $counpons['discount']; } } else { if ($counpons['type'] == 'p') { $total = $total - $total * $counpons['discount'] / 100; } else { $total = $total - $counpons['discount']; } } } $data_order['order_total'] = $total; if (empty($data_order['order_name'])) { $error['order_name'] = $lang_module['order_name_err']; } if (nv_check_valid_email($data_order['order_email']) != '') { $error['order_email'] = $lang_module['order_email_err']; } if (empty($data_order['order_phone'])) { $error['order_phone'] = $lang_module['order_phone_err']; } if ($data_order['order_shipping'] and empty($data_order['shipping']['ship_name'])) { $error['order_shipping_name'] = $lang_module['order_shipping_name_err']; } if ($data_order['order_shipping'] and empty($data_order['shipping']['ship_phone'])) { $error['order_shipping_phone'] = $lang_module['order_shipping_phone_err']; } if ($data_order['order_shipping'] and empty($data_order['shipping']['ship_address_extend'])) { $error['order_shipping_address_extend'] = $lang_module['shipping_address_extend_empty']; } if ($data_order['order_shipping'] and empty($data_order['shipping']['ship_carrier_id'])) {
if (defined('NV_IS_USER')) { $userid = $user_info['userid']; $name = $user_info['username']; $email = $user_info['email']; } elseif (defined('NV_IS_ADMIN')) { $userid = $admin_info['userid']; $name = $admin_info['username']; $email = $admin_info['email']; $status = 1; } else { $userid = 0; $name = filter_text_input('name', 'post', '', 1); $email = filter_text_input('email', 'post', ''); } $contents = ""; if ($module_config[$module_name]['activecomm'] and $id > 0 and $checkss == md5($id . session_id() . $global_config['sitekey']) and $name != "" and nv_check_valid_email($email) == "" and $code != "" and $content != "") { $timeout = $nv_Request->get_int($module_name . '_' . $op . '_' . $id, 'cookie', 0); if (!nv_capcha_txt($code)) { $contents = "ERR_" . $lang_global['securitycodeincorrect']; } elseif ($timeout == 0 or NV_CURRENTTIME - $timeout > $difftimeout) { $query = $db->sql_query("SELECT listcatid, allowed_comm FROM `" . NV_PREFIXLANG . "_" . $module_data . "_rows` WHERE `id` = " . $id . " AND `status`=1 AND `publtime` < " . NV_CURRENTTIME . " AND (`exptime`=0 OR `exptime`>" . NV_CURRENTTIME . ")"); $row = $db->sql_fetchrow($query); if (isset($row['allowed_comm']) and ($row['allowed_comm'] == 1 or $row['allowed_comm'] == 2 and defined('NV_IS_USER'))) { $array_catid = explode(",", $row['listcatid']); $sql = "INSERT INTO `" . NV_PREFIXLANG . "_" . $module_data . "_comments` (`cid`, `id`, `content`, `post_time`, `userid`, `post_name`, `post_email`, `post_ip`, `status`) VALUES (NULL, " . $id . "," . $db->dbescape($content) . ", UNIX_TIMESTAMP(), " . $userid . ", " . $db->dbescape($name) . ", " . $db->dbescape($email) . ", " . $db->dbescape(NV_CLIENT_IP) . ", " . $status . ")"; $result = $db->sql_query($sql); if ($result) { $page = 0; list($numf) = $db->sql_fetchrow($db->sql_query("SELECT COUNT(*) FROM `" . NV_PREFIXLANG . "_" . $module_data . "_comments` where `id`= '" . $id . "' AND `status`=1")); if ($status) { $query = "UPDATE `" . NV_PREFIXLANG . "_" . $module_data . "_rows` SET `hitscm`=" . $numf . " WHERE `id`=" . $id;
if (!$is_read) { $db->query('UPDATE ' . NV_PREFIXLANG . '_' . $module_data . '_send SET is_read=1 WHERE id=' . $id); $is_read = 1; } $mess_content = $error = ''; if ($nv_Request->get_int('save', 'post') == '1') { $mess_content = $nv_Request->get_editor('mess_content', '', NV_ALLOWED_HTML_TAGS); if (strip_tags($mess_content) != '') { $mail = new NukeViet\Core\Sendmail($global_config, NV_LANG_INTERFACE); $mail->To($row['sender_email']); $_array_email = array(); $frow = $db->query('SELECT full_name, email, admins FROM ' . NV_PREFIXLANG . '_' . $module_data . '_department WHERE id=' . $row['cid'])->fetch(); if (!empty($frow)) { $_arr_mail = explode(',', $frow['email']); foreach ($_arr_mail as $_email) { if (nv_check_valid_email($_email) != '') { $mail->addReplyTo($_email, $frow['full_name']); $_array_email[] = $_email; } } // Gửi cho các quản trị trong bộ phận $obt_level = array(); $admins_list = $frow['admins']; $admins_list = !empty($admins_list) ? array_map('trim', explode(';', $admins_list)) : array(); foreach ($admins_list as $l) { $l2 = array_map('intval', explode('/', $l)); if (isset($l2[3]) and $l2[3] === 1) { $obt_level[] = intval($l2[0]); } } if (!empty($obt_level)) {