unset($_SESSION['member']);
$cap = 'notEq';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($_POST['txtCapchainput'] == $_SESSION['cap_code']) {
$cap = 'Eq';
$alphanum = "0123456789";
$alphaz = "0123456789qwertyuioplkjhgfdsazxcvbnm";
$code_cards = substr(str_shuffle($alphanum), 0, 5);
$passNew = substr(str_shuffle($alphaz), 0, 8);
if (isset($_POST['btnSignEmail'])) {
$pass = md5($passNew);
$capcha = isset($_POST['txtCapcha']) ? trim($_POST['txtCapcha']) : '';
$capchainput = isset($_POST['txtCapchainput']) ? trim($_POST['txtCapchainput']) : '';
$email1 = isset($_POST['txtUid']) ? trim($_POST['txtUid']) : '';
$email = chackInputSql($email1);
$openidReturn_to = isset($_POST['openidReturn_to']) ? trim($_POST['openidReturn_to']) : '';
if (check_email_address($email)) {
$errMsg = '';
} else {
$errMsg = CEMAILTHISVARIANCE;
}
/*if($capcha!=$capchainput){
$errMsg = TINCORRECTSECURITYCODE;
}else{
$errMsg = '';
}*/
if ($errMsg == '') {
// kiem tra bao loi
//up date mat khau moi
$fields_arrForgotpassUpdate = array("pwd" => "'{$pass}'", "last_modified" => "now()", "lang" => "'{$_lang}'");
//nguoi gioi thieu
$address = isset($_POST['txtAddress']) ? trim($_POST['txtAddress']) : '';
$type_member = isset($_POST['type_member']) ? trim($_POST['type_member']) : '0';
$pass = isset($_POST['txtPwd']) ? trim($_POST['txtPwd']) : '';
$voucher = isset($_POST['txtCodeVoucher']) ? trim($_POST['txtCodeVoucher']) : '';
$discouts = isset($_POST['comboDiscounts']) ? trim($_POST['comboDiscounts']) : 0;
$email = chackInputSql($email1);
$date_from = isset($_POST['date-from']) ? trim($_POST['date-from']) : time();
$date_from1 = explode('/', $date_from);
$date_from2 = $date_from1[1] . '/' . $date_from1[0] . '/' . $date_from1[2] . " 00:00:01";
$date_from = strtotime($date_from2);
$date_to = isset($_POST['date-to']) ? trim($_POST['date-to']) : time();
$date_to1 = explode('/', $date_to);
$date_to2 = $date_to1[1] . '/' . $date_to1[0] . '/' . $date_to1[2] . " 23:59:59";
$date_to = strtotime($date_to2);
$name = chackInputSql($name1);
$ldate = $strtotimeDmy;
//LAY THONG TIN NGUOI GIOI THIEU
if ($email == '') {
$errMsg = CYOUMAYENTEREMAIL;
} else {
$errMsg = '';
}
if (check_email_address($email)) {
$errMsg = '';
} else {
$errMsg = CFNBOXMALFORMED;
}
if ($name == '') {
$errMsg = CNAME;
} else {
$urlCode = removeVietnamese($name, " ", "-");
//lay url tu dong
$phone = strip_tags($phone1);
$address = strip_tags($address1);
$email = chackInputSql($email1);
$birthday = chackInputSql($birthday1);
$telephone = chackInputSql($telephone1);
$schools = chackInputSql($schools1);
$majors = chackInputSql($majors1);
$subject = chackInputSql($subject1);
$yexperience1 = isset($_POST['txtYexperience']) ? trim($_POST['txtYexperience']) : '';
//students_number
$higher_scores1 = isset($_POST['txtHigher_scores']) ? trim($_POST['txtHigher_scores']) : '';
//tong diem 3 mon
$yexperience = chackInputSql($yexperience1);
$higher_scores = chackInputSql($higher_scores1);
$classes_good = isset($_POST['classes_good']) ? trim($_POST['classes_good']) : '';
$price = isset($_POST['txtPrice']) ? trim($_POST['txtPrice']) : '';
for ($e = 1; $e <= count($TYPE_SEARCH['TG_SCT']); $e++) {
$tg_scts1 = $_POST['TG_SCTS' . $e] != '' ? $e : 0;
$tg_sctc1 = $_POST['TG_SCTC' . $e] != '' ? $e : 0;
$tg_sctt1 = $_POST['TG_SCTT' . $e] != '' ? $e : 0;
$tg_scts2 .= $tg_scts1 . '_';
$tg_sctc2 .= $tg_sctc1 . '_';
$tg_sctt2 .= $tg_sctt1 . '_';
}
$tg_scts = substr($tg_scts2, 0, -1);
$tg_sctc = substr($tg_sctc2, 0, -1);
$tg_sctt = substr($tg_sctt2, 0, -1);
$detail_short = isset($_POST['txtDetailShort']) ? trim($_POST['txtDetailShort']) : '';
$keywords = removeUtf8($name);
//kiem tra neu da bam nut
unset($_SESSION['member']);
unset($_SESSION['memberlogin']);
echo "<script>window.location='" . $serverName . $_lang . '?openidReturn_to=' . $urlFullMahoa . "'</script>";
}
if (!isset($_SESSION['member']) || $_SESSION['member'] == '') {
$flagLogin = false;
} else {
$flagLogin = true;
}
if (isset($_POST['login'])) {
//kiem tra bat dau tu trang login============================
$email1 = trim($_POST['txtUid']);
$pass1 = $_POST['txtPwd'];
$email = chackInputSql($email1);
$pass = chackInputSql($pass1);
$auto_login = $_POST['chackLogin'] != '' ? 1 : 0;
$openidReturn_to = $_POST['openidReturn_to'];
if (!isset($_SESSION['member']) || $_SESSION['member'] == '') {
//kiem tra session da ton tai hay chua tao moi============================
$resultSignIn = @mysql_query("select * from " . $tableMemberId . " where email='" . $email . "' and " . $whereStatus . " limit 1", $conn);
$rowsSignIn = @mysql_num_rows($resultSignIn);
if ($rowsSignIn < 1) {
$errMsg = MWRONGUSERNAME;
} else {
$rowSignIn = @mysql_fetch_array($resultSignIn);
if ($pass != $rowSignIn['pwd']) {
$errMsg = MWRONGPASSWORD . " - <a href=\"" . $serverName . FRAMEMEMBERYFPNAME . '/?openidReturn_to=' . $openidReturn_to . "\" class=\"name_xanh\" title=\"" . MFORGOTPASSWORD . "\" class=\"font11\">" . MFORGOTPASSWORD . "?</a>";
} else {
$flagLogin = true;
$idMember = $rowSignIn['id'];
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($_POST['txtCapchainput'] == $_SESSION['cap_code']) {
$cap = 'Eq';
$email1 = isset($_POST['txtUid']) ? trim($_POST['txtUid']) : '';
$passSend1 = isset($_POST['txtpass']) ? trim($_POST['txtpass']) : '';
$pass1 = isset($_POST['txtPwd']) ? trim($_POST['txtPwd']) : '';
$phone = isset($_POST['txtPhone']) ? trim($_POST['txtPhone']) : '';
$name1 = isset($_POST['txtName']) ? trim($_POST['txtName']) : '';
//nguoi gioi thieu
$referrer1 = isset($_POST['txtCode']) ? trim($_POST['txtCode']) : '';
$type_member = $_POST['type_member'];
$email = chackInputSql($email1);
$passSend = chackInputSql($passSend1);
$pass = chackInputSql($pass1);
$name = chackInputSql($name1);
$referrer = chackInputSql($referrer1);
$capcha = isset($_POST['txtCapcha']) ? trim($_POST['txtCapcha']) : '';
$capchainput = isset($_POST['txtCapchainput']) ? trim($_POST['txtCapchainput']) : '';
$codereferrer = $referrer;
$openidReturn_to = $_POST['openidReturn_to'];
$ldate = $strtotimeDmy;
//LAY THONG TIN NGUOI GIOI THIEU
if ($email == '') {
$errMsg = CYOUMAYENTEREMAIL;
} else {
$errMsg = '';
}
if (check_email_address($email)) {
$errMsg = '';
} else {
$errMsg = CFNBOXMALFORMED;
}
//lay theo ngon ngu
} else {
//neu tham moi
$fields_arr = array("parent" => "{$codeParent}", "parent_1" => "'{$parent_1}'", "id_member" => "'{$idMember}'", "name_member" => "'{$nameMember}'", "ldate" => "'{$ldate}'", "name" => "'{$name}'", "code" => "'{$code}'", "district" => "'{$district}'", "city" => "'{$city}'", "website" => "'{$website}'", "phone" => "'{$phone}'", "email" => "'{$email}'", "sex" => "'{$sex}'", "discount_start_date" => "'{$discount_start_date}'", "discount_end_date" => "'{$discount_end_date}'", "url" => "'{$urlCode}'", "last_modified" => "now()", "date_added" => "now()", "lang" => "'{$_lang}'");
$updateprofileId = insert($tableNewId, $fields_arr);
$oldid = @mysql_insert_id();
//lay id vua them vo
//lay theo ngon ngu
foreach ($conf as $ln => $j) {
$name1 = isset($_POST['txtName' . $ln]) ? trim($_POST['txtName' . $ln]) : '';
$name = chackInputSql(strip_tags($name1));
$urlCode = removeVietnamese($name, " ", "-");
//lay url tu dong
$address1 = isset($_POST['txtAddress' . $ln]) ? trim($_POST['txtAddress' . $ln]) : '';
$address = chackInputSql(strip_tags($address1));
$detail_short = isset($_POST['txtDetailShort' . $ln]) ? trim($_POST['txtDetailShort' . $ln]) : '';
//$detail_short = strip_tags($detail_short1,'<script><iframe>');
$detail = isset($_POST['txtDetail' . $ln]) ? trim($_POST['txtDetail' . $ln]) : '';
//$detail = strip_tags($detail1,'<script><iframe>');
$keywords = $name;
$description = substrNumber(strip_tags($detail_short), '160', '');
$fields_arr1 = array("id_code" => "{$oldid}", "parent" => "{$codeParent}", "parent_1" => "'{$parent_1}'", "id_member" => "'{$idMember}'", "name_member" => "'{$nameMember}'", "ldate" => "'{$ldate}'", "name" => "'{$name}'", "code" => "'{$code}'", "district" => "'{$district}'", "detail" => "'{$detail}'", "detail_short" => "'{$detail_short}'", "city" => "'{$city}'", "website" => "'{$website}'", "address" => "'{$address}'", "phone" => "'{$phone}'", "email" => "'{$email}'", "sex" => "'{$sex}'", "discount_start_date" => "'{$discount_start_date}'", "discount_end_date" => "'{$discount_end_date}'", "keywords" => "'{$keywords}'", "description" => "'{$description}'", "url" => "'{$urlCode}'", "last_modified" => "now()", "date_added" => "now()", "lang" => "'{$ln}'");
//$updateprofileId = update($tableNewId,$fields_profile,"id=".$oldid);
$updateprofile = insert($tableNew, $fields_arr1);
$rowoldidLn = getRecord($tableNew, 'id_code=' . $oldid . " and lang='" . $ln . "'");
$oldidLn = $rowoldidLn['id'];
//lay id vua them vo
//kiem tra url nay da ton tai hay chua
if (countRecord($tableNew, "url='" . $urlCode . "' and id<>" . $oldidLn) > 0) {
$urlCodeUp = $urlCode . "-" . $oldidLn;
