Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.20 System : Linux st2.domain.com 3.10.0-1127.10.1.el7.x86_64 #1 SMP Wed Jun 3 14:28:03 UTC 2020 x86_64 User : apache ( 48) PHP Version : 7.4.20 Disable Function : NONE Directory : /var/www/html/netphim/code/guest/ |
<?php
$row_check = $DB->fetch_row($DB->query("SELECT * FROM tb_guest WHERE (guest_email = '".$_SESSION['email']."' or openid = '".$_SESSION['openid']."') AND openid_type='".$_SESSION['openid_type']."' "));
/*$_SESSION['openid_type'] = 'google';
$_SESSION['openid'] = $user_id;
$_SESSION['fullname'] = $user_name;
$_SESSION['email'] = $email;
$_SESSION['avatar'] = $profile_image_url;*/
if($row_check and intval($row_check['user_id'])>0){//user already beafore
$guest_id = $row_check['guest_id'];
$user_id = $row_check['user_id'];
$row_check_user = $DB->fetch_row($DB->query("SELECT * FROM tb_user WHERE user_id='$user_id' "));
if($row_check_user and $row_check_user['user_status']=='locked'){
header('Location: /?act=user_locked');
exit();
}
$token = array_merge($row_check, $row_check_user);
unset($token['user_password_default'], $token['user_password_hash']);
if ($row_check['guest_avatar'] != '' and $row_check['guest_avatar'] != 'NULL') {
if($row_check['openid_type']!=$_SESSION['openid_type']){//khac trang nhung cung email update guest
$link_avatar = download_image($_SESSION['avatar'],$_SESSION['openid'].'_'.time().'.webp');
if(!empty($link_avatar) and file_exists($link_avatar)){
unlink($row_check['guest_avatar']);
}
$arr_update_guest=array('openid_type'=>$_SESSION['openid_type'],'openid'=>$_SESSION['openid'],'guest_fullname'=>$_SESSION['fullname'],'guest_avatar'=>$link_avatar,'guest_ip'=>$ip);
$DB->do_update('tb_guest',$arr_update_guest, " WHERE guest_email = '".$_SESSION['email']."' ");
}
$token['user_image'] = $link_avatar;
} else {
$token['user_image'] = 'layout/adminlte320rc/dist/img/letter/' . strtolower(substr($row_check['guest_email'], 0, 1)) . '.png';
}
$token['user_name'] = $row_check['guest_email'];
$token['fullname'] = $row_check['guest_fullname'];
$token['user_last_login'] = date('d/m/Y h:i A');
$token['user_type'] = $row_check_user['user_type'];
$token['from_ip'] = $v_ip = $func->get_ip_address();
$_SESSION['local_token'] = json_encode($token);
setcookie('cookie_local_token', json_encode($token), time()+31536000, "/");
$DB->query("UPDATE tb_user SET user_last_login=NOW(),user_ip='$v_ip' WHERE user_id='$user_id' ");
$DB->query("DELETE FROM tb_follow WHERE follow_ip='$ip' AND user_id='0' ");
$url_ref = $_SESSION['url_ref'];
unset($_SESSION['url_ref']);
header('Location: '.$url_ref);
}elseif($row_check and intval($row_check['user_id'])==0){//user not auth or update password
$guest_id = $row_check['guest_id'];
$link_avatar = $row_check['guest_avatar'];
$fullname = $row_check['guest_fullname'];
//show form input password
}elseif(!$row_check){//user first login
$link_avatar = download_image($_SESSION['avatar'], $_SESSION['openid'] . '_' . time() . '.webp');
$arr_insert_guest = array('user_id' => 0, 'openid_type' => $_SESSION['openid_type'], 'openid' => $_SESSION['openid'], 'guest_fullname' => $_SESSION['fullname'], 'guest_email' => $_SESSION['email'], 'guest_avatar' => $link_avatar, 'guest_ip' => $ip);
$guest_id = $DB->do_insert('tb_guest', $arr_insert_guest);
$link_avatar = $link_avatar;
$fullname = $_SESSION['fullname'];
//show form input password
}
if(isset($CORE->input['submitbt'])){
$guest_id = $CORE->input['guest_id'] ?? 0;
if($guest_id==0){
echo 'error';
exit();
}
$row_guest = $DB->fetch_row($DB->query("SELECT * FROM tb_guest WHERE guest_id='$guest_id' "));
$email_user = $CORE->input['email_user'] ?? '';
if($_SESSION['openid_type']=='facebook' and $email_user!=''){
if (filter_var($email_user, FILTER_VALIDATE_EMAIL)) {
$row_check_email = $DB->fetch_row($DB->query("SELECT * FROM tb_user WHERE user_key='$email_user' "));
if($row_check_email){
header('Location: /updatepassword.html#'.$email_user);
}else{
$guest_password = trim($CORE->input['re_password']);
$auth_code=$func->make_password(6);
$arr_insert_authcode = array('guest_id'=>$guest_id,'authcode_code'=>$auth_code,'guest_fullname'=>$row_guest['guest_fullname'],'guest_email'=>$email_user,'guest_password'=>$guest_password,'time_post'=>time());
$row_check_authcode = $DB->fetch_row($DB->query("SELECT * FROM tb_authcode WHERE guest_id='$guest_id' "));
if(!$row_check_authcode){
$DB->do_insert('tb_authcode',$arr_insert_authcode);
}else{
$DB->do_update('tb_authcode',$arr_insert_authcode," WHERE guest_id='$guest_id' ");
}
$fromname = $arr_option['blogname'];
$subject = 'Auth code confirm your email';
$sub_subject = 'Please confirm this email address so we can update your contact information';
$body = file_get_contents('layout/default/mail_tpl/auth_code.html');
$html_body = '<p style="font-size: 14px; line-height: 140%; text-align: center;">Hello '.$row_guest['guest_fullname'].'!</p>
<p style="font-size: 14px; line-height: 140%; text-align: center;">You recently added '.$email_user.' to your '.$arr_option['blogname'].' account. Please confirm this email address for we can update your contact information.</p>
<p style="font-size: 14px; line-height: 140%; text-align: center;">You need to enter this confirmation code:</p>';
$logo = $INFO['home_url'].$arr_option['logo_website'];
$body = str_replace(array('{logo}','{body}','{auth_code}','{site_name}','{site_des}'),array($logo,$html_body,$auth_code,$arr_option['blogname'],$arr_option['blogdescription']),$body);
$arr_to = array(
array('Email'=>$email_user,'Name'=>$row_guest['guest_fullname'])
);
send_mail($fromname,$subject,$sub_subject,$body,$arr_to);
$txt_email_user = str_replace('@','[]',$email_user);
header('Location: /updatepassword.html#auth_code_input--'.$txt_email_user);
}
}
}else {
$password = trim($CORE->input['re_password']);
$password_hash = password_hash($password, PASSWORD_DEFAULT, ['cost' => 12]);
$arr_insert_user = array(
'user_key' => $_SESSION['email'], 'user_password_default' => '', 'user_password_hash' => $password_hash, 'user_image' => $row_guest['guest_avatar'], 'user_type' => 'guest', 'user_last_login' => date('Y-m-d H:i:s'), 'user_ip' => $func->get_ip_address(), 'user_rule' => '', 'user_status' => 'active', 'user_jointime' => time(), 'user_comment_status' => 'active'
);
$user_id = $DB->do_insert('tb_user', $arr_insert_user);
$arr_update_guest = array(
'user_id' => $user_id
);
$DB->do_update('tb_guest', $arr_update_guest, " WHERE guest_id='" . $row_check['guest_id'] . "' ");
//login info
$row_check_user = $DB->fetch_row($DB->query("SELECT * FROM tb_user WHERE user_id='$user_id' "));
$token = array_merge($row_check, $row_check_user);
unset($token['user_password_default'], $token['user_password_hash']);
if ($row_check['guest_avatar'] != '' and $row_check['guest_avatar'] != 'NULL') {
$token['user_image'] = $row_check['guest_avatar'];
} else {
$token['user_image'] = 'layout/adminlte320rc/dist/img/letter/' . strtolower(substr($row_check['guest_email'], 0, 1)) . '.png';
}
$token['user_name'] = $row_check['guest_email'];
$token['fullname'] = $row_check['guest_fullname'];
$token['user_last_login'] = date('d/m/Y h:i A');
$token['user_type'] = $row_check_user['user_type'];
$token['from_ip'] = $ip;
$_SESSION['local_token'] = json_encode($token);
setcookie('cookie_local_token', json_encode($token), time()+31536000, "/");
$DB->query("UPDATE tb_user SET user_last_login=NOW(),user_ip='$v_ip' WHERE user_id='$user_id' ");
$DB->query("DELETE FROM tb_follow WHERE follow_ip='$ip' AND user_id='0' ");
$url_ref = $_SESSION['url_ref'];
unset($_SESSION['url_ref']);
header('Location: ' . $url_ref);
}
}
?>