2017-03-11 02:51:06 +07:00
|
|
|
<?php
|
2023-06-15 17:06:22 +07:00
|
|
|
|
2017-03-11 02:51:06 +07:00
|
|
|
/**
|
2023-10-12 15:47:45 +07:00
|
|
|
* PHP Mikrotik Billing (https://github.com/hotspotbilling/phpnuxbill/)
|
2023-10-12 15:55:42 +07:00
|
|
|
* by https://t.me/ibnux
|
2023-06-15 17:06:22 +07:00
|
|
|
**/
|
2023-10-12 15:47:45 +07:00
|
|
|
|
|
|
|
|
|
2017-03-11 02:51:06 +07:00
|
|
|
_auth();
|
2024-02-13 13:54:01 +07:00
|
|
|
$ui->assign('_title', Lang::T('My Account'));
|
2017-03-11 02:51:06 +07:00
|
|
|
$ui->assign('_system_menu', 'accounts');
|
|
|
|
|
|
|
|
|
|
$action = $routes['1'];
|
|
|
|
|
$user = User::_info();
|
|
|
|
|
$ui->assign('_user', $user);
|
|
|
|
|
|
|
|
|
|
switch ($action) {
|
2022-08-23 16:33:21 +07:00
|
|
|
|
2017-03-11 02:51:06 +07:00
|
|
|
case 'change-password':
|
2022-09-18 00:00:40 +07:00
|
|
|
run_hook('customer_view_change_password'); #HOOK
|
2024-10-10 15:48:32 +01:00
|
|
|
$csrf_token = Csrf::generateAndStoreToken();
|
|
|
|
|
$ui->assign('csrf_token', $csrf_token);
|
2024-10-10 10:19:01 +07:00
|
|
|
$ui->display('customer/change-password.tpl');
|
2017-03-11 02:51:06 +07:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'change-password-post':
|
|
|
|
|
$password = _post('password');
|
2024-10-10 15:48:32 +01:00
|
|
|
$csrf_token = _post('csrf_token');
|
|
|
|
|
if (!Csrf::check($csrf_token)) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/change-password'), 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
|
2024-10-10 15:48:32 +01:00
|
|
|
}
|
2022-09-17 22:34:55 +07:00
|
|
|
run_hook('customer_change_password'); #HOOK
|
2023-06-15 17:06:22 +07:00
|
|
|
if ($password != '') {
|
2024-06-25 13:51:46 +07:00
|
|
|
$d_pass = $user['password'];
|
2024-06-25 12:06:34 +07:00
|
|
|
$npass = _post('npass');
|
|
|
|
|
$cnpass = _post('cnpass');
|
2024-06-25 13:51:46 +07:00
|
|
|
if ($password == $d_pass) {
|
2024-06-25 12:06:34 +07:00
|
|
|
if (!Validator::Length($password, 36, 2)) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/change-password'), 'e', 'New Password must be 2 to 35 character');
|
2024-06-25 12:06:34 +07:00
|
|
|
}
|
|
|
|
|
if ($npass != $cnpass) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/change-password'), 'e', 'Both Password should be same');
|
2024-06-25 12:06:34 +07:00
|
|
|
}
|
2024-06-25 14:02:48 +07:00
|
|
|
$user->password = $npass;
|
2024-06-25 16:08:40 +07:00
|
|
|
$turs = ORM::for_table('tbl_user_recharges')->where('customer_id', $user['id'])->find_many();
|
2024-08-14 18:24:43 +01:00
|
|
|
foreach ($turs as $tur) {
|
2024-06-25 12:06:34 +07:00
|
|
|
// if has active plan, change the password to devices
|
|
|
|
|
if ($tur['status'] == 'on') {
|
|
|
|
|
$p = ORM::for_table('tbl_plans')->where('id', $tur['plan_id'])->find_one();
|
2024-06-05 17:19:24 +07:00
|
|
|
$dvc = Package::getDevice($p);
|
2024-06-20 14:16:09 +07:00
|
|
|
if ($_app_stage != 'demo') {
|
|
|
|
|
if (file_exists($dvc)) {
|
|
|
|
|
require_once $dvc;
|
2024-06-25 12:06:34 +07:00
|
|
|
(new $p['device'])->add_customer($user, $p);
|
2024-06-20 14:16:09 +07:00
|
|
|
} else {
|
|
|
|
|
new Exception(Lang::T("Devices Not Found"));
|
|
|
|
|
}
|
2023-06-15 17:06:22 +07:00
|
|
|
}
|
2023-10-04 16:25:21 +07:00
|
|
|
}
|
2024-06-25 12:06:34 +07:00
|
|
|
}
|
|
|
|
|
$user->save();
|
2024-06-25 13:51:46 +07:00
|
|
|
User::removeCookie();
|
|
|
|
|
session_destroy();
|
2024-06-25 12:06:34 +07:00
|
|
|
_log('[' . $user['username'] . ']: Password changed successfully', 'User', $user['id']);
|
2024-06-25 13:51:46 +07:00
|
|
|
_alert(Lang::T('Password changed successfully, Please login again'), 'success', "login");
|
2023-06-15 17:06:22 +07:00
|
|
|
} else {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/change-password'), 'e', Lang::T('Incorrect Current Password'));
|
2017-03-11 02:51:06 +07:00
|
|
|
}
|
2023-06-15 17:06:22 +07:00
|
|
|
} else {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/change-password'), 'e', Lang::T('Incorrect Current Password'));
|
2017-03-11 02:51:06 +07:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'profile':
|
2024-08-19 14:21:21 +07:00
|
|
|
run_hook('customer_view_edit_profile'); #HOOK
|
2024-10-10 15:48:32 +01:00
|
|
|
$csrf_token = Csrf::generateAndStoreToken();
|
|
|
|
|
$ui->assign('csrf_token', $csrf_token);
|
2024-11-19 18:11:34 +07:00
|
|
|
$ui->assign('customFields', User::getFormCustomField($ui, false, $user['id']));
|
2024-10-10 10:19:01 +07:00
|
|
|
$ui->display('customer/profile.tpl');
|
2017-03-11 02:51:06 +07:00
|
|
|
break;
|
|
|
|
|
case 'edit-profile-post':
|
2024-10-10 15:48:32 +01:00
|
|
|
$csrf_token = _post('csrf_token');
|
|
|
|
|
if (!Csrf::check($csrf_token)) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/profile'), 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
|
2024-10-10 15:48:32 +01:00
|
|
|
}
|
2017-03-11 02:51:06 +07:00
|
|
|
$fullname = _post('fullname');
|
|
|
|
|
$address = _post('address');
|
2022-10-15 23:18:24 +07:00
|
|
|
$email = _post('email');
|
2017-03-11 02:51:06 +07:00
|
|
|
$phonenumber = _post('phonenumber');
|
2022-09-17 22:34:55 +07:00
|
|
|
run_hook('customer_edit_profile'); #HOOK
|
2017-03-11 02:51:06 +07:00
|
|
|
$msg = '';
|
2024-08-19 14:21:21 +07:00
|
|
|
if (Validator::Length($fullname, 31, 1) == false) {
|
|
|
|
|
$msg .= 'Full Name should be between 1 to 30 characters' . '<br>';
|
2017-03-11 02:51:06 +07:00
|
|
|
}
|
2023-06-15 17:06:22 +07:00
|
|
|
if (Validator::UnsignedNumber($phonenumber) == false) {
|
|
|
|
|
$msg .= 'Phone Number must be a number' . '<br>';
|
|
|
|
|
}
|
|
|
|
|
|
2024-10-31 13:49:51 +07:00
|
|
|
if (empty($msg)) {
|
2024-10-31 14:46:51 +07:00
|
|
|
if (!empty($_FILES['photo']['name']) && file_exists($_FILES['photo']['tmp_name'])) {
|
2024-10-31 13:49:51 +07:00
|
|
|
if (function_exists('imagecreatetruecolor')) {
|
|
|
|
|
$hash = md5_file($_FILES['photo']['tmp_name']);
|
|
|
|
|
$subfolder = substr($hash, 0, 2);
|
|
|
|
|
$folder = $UPLOAD_PATH . DIRECTORY_SEPARATOR . 'photos' . DIRECTORY_SEPARATOR;
|
|
|
|
|
if (!file_exists($folder)) {
|
|
|
|
|
mkdir($folder);
|
|
|
|
|
}
|
|
|
|
|
$folder = $UPLOAD_PATH . DIRECTORY_SEPARATOR . 'photos' . DIRECTORY_SEPARATOR . $subfolder . DIRECTORY_SEPARATOR;
|
|
|
|
|
if (!file_exists($folder)) {
|
|
|
|
|
mkdir($folder);
|
|
|
|
|
}
|
|
|
|
|
$imgPath = $folder . $hash . '.jpg';
|
|
|
|
|
if (!file_exists($imgPath)) {
|
|
|
|
|
File::resizeCropImage($_FILES['photo']['tmp_name'], $imgPath, 1600, 1600, 100);
|
|
|
|
|
}
|
|
|
|
|
if (!file_exists($imgPath . '.thumb.jpg')) {
|
|
|
|
|
if (_post('faceDetect') == 'yes') {
|
|
|
|
|
try {
|
|
|
|
|
$detector = new svay\FaceDetector();
|
|
|
|
|
$detector->setTimeout(5000);
|
|
|
|
|
$detector->faceDetect($imgPath);
|
|
|
|
|
$detector->cropFaceToJpeg($imgPath . '.thumb.jpg', false);
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
File::makeThumb($imgPath, $imgPath . '.thumb.jpg', 200);
|
|
|
|
|
} catch (Throwable $e) {
|
|
|
|
|
File::makeThumb($imgPath, $imgPath . '.thumb.jpg', 200);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
File::makeThumb($imgPath, $imgPath . '.thumb.jpg', 200);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (file_exists($imgPath)) {
|
2024-10-31 14:46:51 +07:00
|
|
|
if ($user['photo'] != '' && strpos($user['photo'], 'default') === false) {
|
|
|
|
|
if (file_exists($UPLOAD_PATH . $user['photo'])) {
|
|
|
|
|
unlink($UPLOAD_PATH . $user['photo']);
|
|
|
|
|
if (file_exists($UPLOAD_PATH . $user['photo'] . '.thumb.jpg')) {
|
|
|
|
|
unlink($UPLOAD_PATH . $user['photo'] . '.thumb.jpg');
|
2024-10-31 13:49:51 +07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
$user->photo = '/photos/' . $subfolder . '/' . $hash . '.jpg';
|
|
|
|
|
}
|
|
|
|
|
if (file_exists($_FILES['photo']['tmp_name'])) unlink($_FILES['photo']['tmp_name']);
|
|
|
|
|
} else {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('settings/app'), 'e', 'PHP GD is not installed');
|
2024-10-31 13:49:51 +07:00
|
|
|
}
|
|
|
|
|
}
|
2017-03-11 02:51:06 +07:00
|
|
|
|
2024-10-31 13:49:51 +07:00
|
|
|
$user->fullname = $fullname;
|
|
|
|
|
$user->address = $address;
|
|
|
|
|
if ($_c['allow_phone_otp'] != 'yes') {
|
|
|
|
|
$user->phonenumber = $phonenumber;
|
|
|
|
|
}
|
|
|
|
|
if ($_c['allow_email_otp'] != 'yes') {
|
|
|
|
|
$user->email = $email;
|
|
|
|
|
}
|
2022-08-23 16:33:21 +07:00
|
|
|
|
2024-11-19 18:11:34 +07:00
|
|
|
User::setFormCustomField($user['id']);
|
|
|
|
|
|
2024-10-31 13:49:51 +07:00
|
|
|
$user->save();
|
|
|
|
|
|
|
|
|
|
_log('[' . $user['username'] . ']: ' . Lang::T('User Updated Successfully'), 'User', $user['id']);
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/profile'), 's', Lang::T('User Updated Successfully'));
|
2024-10-31 13:49:51 +07:00
|
|
|
}else{
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/profile'), 'e', $msg);
|
2024-10-31 13:49:51 +07:00
|
|
|
}
|
2017-03-11 02:51:06 +07:00
|
|
|
break;
|
2022-08-23 16:33:21 +07:00
|
|
|
|
2024-02-21 10:02:31 +01:00
|
|
|
|
2024-02-21 00:15:36 +01:00
|
|
|
case 'phone-update':
|
2024-10-10 15:48:32 +01:00
|
|
|
$csrf_token = Csrf::generateAndStoreToken();
|
|
|
|
|
$ui->assign('csrf_token', $csrf_token);
|
2024-08-19 14:21:21 +07:00
|
|
|
$ui->assign('new_phone', $_SESSION['new_phone']);
|
2024-10-10 10:19:01 +07:00
|
|
|
$ui->display('customer/phone-update.tpl');
|
2024-02-21 00:15:36 +01:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'phone-update-otp':
|
2024-10-10 15:48:32 +01:00
|
|
|
$csrf_token = _post('csrf_token');
|
|
|
|
|
if (!Csrf::check($csrf_token)) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/phone-update'), 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
|
2024-10-10 15:48:32 +01:00
|
|
|
}
|
2024-06-25 12:06:34 +07:00
|
|
|
$phone = Lang::phoneFormat(_post('phone'));
|
2024-02-21 00:15:36 +01:00
|
|
|
$username = $user['username'];
|
2024-02-26 14:38:04 +07:00
|
|
|
$otpPath = $CACHE_PATH . '/sms/';
|
2024-06-25 14:31:12 +07:00
|
|
|
$_SESSION['new_phone'] = $phone;
|
2024-02-21 10:02:31 +01:00
|
|
|
// Validate the phone number format
|
2024-08-19 14:21:21 +07:00
|
|
|
if (!preg_match('/^[0-9]{10,}$/', $phone) || empty($phone)) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/phone-update'), 'e', Lang::T('Invalid phone number format'));
|
2024-02-21 10:02:31 +01:00
|
|
|
}
|
|
|
|
|
|
2024-02-21 00:15:36 +01:00
|
|
|
if (empty($config['sms_url'])) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/phone-update'), 'e', Lang::T('SMS server not Available, Please try again later'));
|
2024-02-21 00:15:36 +01:00
|
|
|
}
|
|
|
|
|
|
2024-08-19 14:21:21 +07:00
|
|
|
$d = ORM::for_table('tbl_customers')->whereNotEqual('username', $username)->where('phonenumber', $phone)->find_one();
|
|
|
|
|
if ($d) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/phone-update'), 'e', Lang::T('Phone number already registered by another customer'));
|
2024-08-19 14:21:21 +07:00
|
|
|
}
|
|
|
|
|
if (!file_exists($otpPath)) {
|
|
|
|
|
mkdir($otpPath);
|
|
|
|
|
touch($otpPath . 'index.html');
|
|
|
|
|
}
|
|
|
|
|
$otpFile = $otpPath . sha1($username . $db_pass) . ".txt";
|
|
|
|
|
$phoneFile = $otpPath . sha1($username . $db_pass) . "_phone.txt";
|
|
|
|
|
|
|
|
|
|
// expired 10 minutes
|
|
|
|
|
if (file_exists($otpFile) && time() - filemtime($otpFile) < 600) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/phone-update'), 'e', Lang::T('Please wait ') . (600 - (time() - filemtime($otpFile))) . Lang::T(' seconds before sending another SMS'));
|
2024-08-19 14:21:21 +07:00
|
|
|
} else {
|
|
|
|
|
$otp = rand(100000, 999999);
|
|
|
|
|
file_put_contents($otpFile, $otp);
|
|
|
|
|
file_put_contents($phoneFile, $phone);
|
|
|
|
|
// send send OTP to user
|
|
|
|
|
if ($config['phone_otp_type'] === 'sms') {
|
2024-08-29 15:33:49 +07:00
|
|
|
Message::sendSMS($phone, $config['CompanyName'] . "\n\n" . Lang::T("Verification code") . "\n$otp");
|
2024-08-19 14:21:21 +07:00
|
|
|
} elseif ($config['phone_otp_type'] === 'whatsapp') {
|
2024-08-29 15:33:49 +07:00
|
|
|
Message::sendWhatsapp($phone, $config['CompanyName'] . "\n\n" . Lang::T("Verification code") . "\n$otp");
|
2024-08-19 14:21:21 +07:00
|
|
|
} elseif ($config['phone_otp_type'] === 'both') {
|
2024-08-29 15:33:49 +07:00
|
|
|
Message::sendSMS($phone, $config['CompanyName'] . "\n\n" . Lang::T("Verification code") . "\n$otp");
|
|
|
|
|
Message::sendWhatsapp($phone, $config['CompanyName'] . "\n\n" . Lang::T("Verification code") . "\n$otp");
|
2024-02-21 00:15:36 +01:00
|
|
|
}
|
2024-08-19 14:21:21 +07:00
|
|
|
//redirect after sending OTP
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/phone-update'), 'e', Lang::T('Verification code has been sent to your phone'));
|
2024-02-21 00:15:36 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'phone-update-post':
|
2024-10-10 15:48:32 +01:00
|
|
|
$csrf_token = _post('csrf_token');
|
|
|
|
|
if (!Csrf::check($csrf_token)) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/phone-update'), 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
|
2024-10-10 15:48:32 +01:00
|
|
|
}
|
2024-06-25 12:06:34 +07:00
|
|
|
$phone = Lang::phoneFormat(_post('phone'));
|
2024-02-21 00:15:36 +01:00
|
|
|
$otp_code = _post('otp');
|
|
|
|
|
$username = $user['username'];
|
2024-02-26 14:38:04 +07:00
|
|
|
$otpPath = $CACHE_PATH . '/sms/';
|
2024-02-21 00:15:36 +01:00
|
|
|
|
2024-02-21 10:02:31 +01:00
|
|
|
// Validate the phone number format
|
|
|
|
|
if (!preg_match('/^[0-9]{10,}$/', $phone)) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/phone-update'), 'e', Lang::T('Invalid phone number format'));
|
2024-08-19 14:21:21 +07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (empty($config['sms_url'])) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/phone-update'), 'e', Lang::T('SMS server not Available, Please try again later'));
|
2024-08-19 14:21:21 +07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$otpFile = $otpPath . sha1($username . $db_pass) . ".txt";
|
|
|
|
|
$phoneFile = $otpPath . sha1($username . $db_pass) . "_phone.txt";
|
|
|
|
|
|
|
|
|
|
// Check if OTP file exists
|
|
|
|
|
if (!file_exists($otpFile)) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/phone-update'), 'e', Lang::T('Please request OTP first'));
|
2024-02-21 10:02:31 +01:00
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
|
2024-08-19 14:21:21 +07:00
|
|
|
// expired 10 minutes
|
|
|
|
|
if (time() - filemtime($otpFile) > 1200) {
|
|
|
|
|
unlink($otpFile);
|
|
|
|
|
unlink($phoneFile);
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/phone-update'), 'e', Lang::T('Verification code expired'));
|
2024-08-19 14:21:21 +07:00
|
|
|
exit();
|
|
|
|
|
} else {
|
|
|
|
|
$code = file_get_contents($otpFile);
|
2024-02-21 10:02:31 +01:00
|
|
|
|
2024-08-19 14:21:21 +07:00
|
|
|
// Check if OTP code matches
|
|
|
|
|
if ($code != $otp_code) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/phone-update'), 'e', Lang::T('Wrong Verification code'));
|
2024-02-21 10:02:31 +01:00
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
|
2024-08-19 14:21:21 +07:00
|
|
|
// Check if the phone number matches the one that requested the OTP
|
|
|
|
|
$savedPhone = file_get_contents($phoneFile);
|
|
|
|
|
if ($savedPhone !== $phone) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/phone-update'), 'e', Lang::T('The phone number does not match the one that requested the OTP'));
|
2024-02-21 10:02:31 +01:00
|
|
|
exit();
|
2024-08-19 14:21:21 +07:00
|
|
|
}
|
2024-02-21 10:02:31 +01:00
|
|
|
|
2024-08-19 14:21:21 +07:00
|
|
|
// OTP verification successful, delete OTP and phone number files
|
|
|
|
|
unlink($otpFile);
|
|
|
|
|
unlink($phoneFile);
|
|
|
|
|
}
|
2024-02-21 10:02:31 +01:00
|
|
|
|
2024-08-19 14:21:21 +07:00
|
|
|
// Update the phone number in the database
|
|
|
|
|
$user->phonenumber = Lang::phoneFormat($phone);
|
|
|
|
|
$user->save();
|
2024-02-21 10:02:31 +01:00
|
|
|
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/profile'), 's', Lang::T('Phone number updated successfully'));
|
2024-08-19 14:21:21 +07:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'email-update':
|
2024-10-10 15:48:32 +01:00
|
|
|
$csrf_token = Csrf::generateAndStoreToken();
|
|
|
|
|
$ui->assign('csrf_token', $csrf_token);
|
2024-08-19 14:21:21 +07:00
|
|
|
$ui->assign('new_email', $_SESSION['new_email']);
|
2024-10-10 10:19:01 +07:00
|
|
|
$ui->display('customer/email-update.tpl');
|
2024-08-19 14:21:21 +07:00
|
|
|
break;
|
|
|
|
|
case 'email-update-otp':
|
2024-10-10 15:48:32 +01:00
|
|
|
$csrf_token = _post('csrf_token');
|
|
|
|
|
if (!Csrf::check($csrf_token)) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/email-update'), 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
|
2024-10-10 15:48:32 +01:00
|
|
|
}
|
2024-08-19 14:21:21 +07:00
|
|
|
$email = trim(_post('email'));
|
|
|
|
|
$username = $user['username'];
|
|
|
|
|
$otpPath = $CACHE_PATH . '/email/';
|
|
|
|
|
$_SESSION['new_email'] = $email;
|
|
|
|
|
// Validate the phone number format
|
|
|
|
|
if (!Validator::Email($email)) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/email-update'), 'e', Lang::T('Invalid Email address format'));
|
2024-08-19 14:21:21 +07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (empty($config['smtp_host'])) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/email-update'), 'e', Lang::T('Email server not Available, Please ask admin to configure it'));
|
2024-08-19 14:21:21 +07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$d = ORM::for_table('tbl_customers')->whereNotEqual('username', $username)->where('email', $email)->find_one();
|
|
|
|
|
if ($d) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/email-update'), 'e', Lang::T('Email already used by another Customer'));
|
2024-08-19 14:21:21 +07:00
|
|
|
}
|
|
|
|
|
if (!file_exists($otpPath)) {
|
|
|
|
|
mkdir($otpPath);
|
|
|
|
|
touch($otpPath . 'index.html');
|
|
|
|
|
}
|
|
|
|
|
$otpFile = $otpPath . sha1($username . $db_pass) . ".txt";
|
|
|
|
|
$emailFile = $otpPath . sha1($username . $db_pass) . "_email.txt";
|
|
|
|
|
|
|
|
|
|
// expired 10 minutes
|
|
|
|
|
if (file_exists($otpFile) && time() - filemtime($otpFile) < 600) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/email-update'), 'e', Lang::T('Please wait ') . (600 - (time() - filemtime($otpFile))) . Lang::T(' seconds before sending another Email'));
|
2024-02-21 10:02:31 +01:00
|
|
|
} else {
|
2024-08-19 14:21:21 +07:00
|
|
|
$otp = rand(100000, 999999);
|
|
|
|
|
file_put_contents($otpFile, $otp);
|
|
|
|
|
file_put_contents($emailFile, $email);
|
|
|
|
|
// send OTP to user
|
|
|
|
|
$body = Lang::T("Hello") . ' ' . $user['fullname'] . ",\n\n" . Lang::T("Your Email Verification Code is:") . " $otp";
|
|
|
|
|
Message::sendEmail($email, Lang::T('Change Email Verification Code'), $body);
|
|
|
|
|
//redirect after sending OTP
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/email-update'), 'e', Lang::T('Verification code has been sent to your email. Check Spam folder if not found.'));
|
2024-08-19 14:21:21 +07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'email-update-post':
|
2024-10-10 15:48:32 +01:00
|
|
|
$csrf_token = _post('csrf_token');
|
|
|
|
|
if (!Csrf::check($csrf_token)) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/email-update'), 'e', Lang::T('Invalid or Expired CSRF Token') . ".");
|
2024-10-10 15:48:32 +01:00
|
|
|
}
|
2024-08-19 14:21:21 +07:00
|
|
|
$email = trim(_post('email'));
|
|
|
|
|
$otp_code = _post('otp');
|
|
|
|
|
$username = $user['username'];
|
|
|
|
|
$otpPath = $CACHE_PATH . '/email/';
|
|
|
|
|
// Validate the phone number format
|
|
|
|
|
if (!Validator::Email($email)) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/email-update'), 'e', Lang::T('Invalid Email address format'));
|
2024-02-21 10:02:31 +01:00
|
|
|
exit();
|
2024-02-21 00:15:36 +01:00
|
|
|
}
|
|
|
|
|
|
2024-08-19 14:21:21 +07:00
|
|
|
if (empty($config['smtp_host'])) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/email-update'), 'e', Lang::T('Email server not Available, Please ask admin to configure it'));
|
2024-02-21 00:15:36 +01:00
|
|
|
}
|
|
|
|
|
|
2024-08-19 14:21:21 +07:00
|
|
|
$otpFile = $otpPath . sha1($username . $db_pass) . ".txt";
|
|
|
|
|
$emailFile = $otpPath . sha1($username . $db_pass) . "_email.txt";
|
|
|
|
|
|
|
|
|
|
// Check if OTP file exists
|
|
|
|
|
if (!file_exists($otpFile)) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/email-update'), 'e', Lang::T('Please request OTP first'));
|
2024-08-19 14:21:21 +07:00
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// expired 10 minutes
|
|
|
|
|
if (time() - filemtime($otpFile) > 1200) {
|
|
|
|
|
unlink($otpFile);
|
|
|
|
|
unlink($emailFile);
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/email-update'), 'e', Lang::T('Verification code expired'));
|
2024-08-19 14:21:21 +07:00
|
|
|
exit();
|
|
|
|
|
} else {
|
|
|
|
|
$code = file_get_contents($otpFile);
|
|
|
|
|
|
|
|
|
|
// Check if OTP code matches
|
|
|
|
|
if ($code != $otp_code) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/email-update'), 'e', Lang::T('Wrong Verification code'));
|
2024-08-19 14:21:21 +07:00
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check if the phone number matches the one that requested the OTP
|
|
|
|
|
$savedEmail = file_get_contents($emailFile);
|
|
|
|
|
if ($savedEmail !== $email) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/email-update'), 'e', Lang::T('The Email Address does not match the one that requested the OTP'));
|
2024-08-19 14:21:21 +07:00
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// OTP verification successful, delete OTP and phone number files
|
|
|
|
|
unlink($otpFile);
|
|
|
|
|
unlink($emailFile);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$user->email = $email;
|
|
|
|
|
$user->save();
|
|
|
|
|
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('accounts/profile'), 's', Lang::T('Email Address updated successfully'));
|
2024-02-21 00:15:36 +01:00
|
|
|
break;
|
|
|
|
|
|
2024-08-14 18:24:43 +01:00
|
|
|
case 'language-update-post':
|
|
|
|
|
global $root_path;
|
2024-08-15 15:33:44 +07:00
|
|
|
$selected_language = _req('lang', 'english');
|
2024-08-14 18:24:43 +01:00
|
|
|
|
2024-08-15 15:33:44 +07:00
|
|
|
$_SESSION['user_language'] = $selected_language;
|
2024-08-14 18:24:43 +01:00
|
|
|
|
2024-08-15 15:33:44 +07:00
|
|
|
$lan_file = $root_path . File::pathFixer('system/lan/' . $selected_language . '.json');
|
2024-08-14 18:24:43 +01:00
|
|
|
|
2024-08-15 15:33:44 +07:00
|
|
|
if (file_exists($lan_file)) {
|
|
|
|
|
$_L = json_decode(file_get_contents($lan_file), true);
|
|
|
|
|
} else {
|
|
|
|
|
$_L['author'] = 'Auto Generated by iBNuX Script';
|
|
|
|
|
file_put_contents($lan_file, json_encode($_L));
|
2024-08-14 18:24:43 +01:00
|
|
|
}
|
2024-08-19 14:58:52 +07:00
|
|
|
User::setAttribute("Language", $selected_language);
|
2024-08-15 15:33:44 +07:00
|
|
|
r2($_SERVER['HTTP_REFERER'], 's', ucwords($selected_language));
|
|
|
|
|
|
|
|
|
|
|
2024-08-14 18:24:43 +01:00
|
|
|
break;
|
|
|
|
|
|
2017-03-11 02:51:06 +07:00
|
|
|
default:
|
2025-02-04 09:23:55 +07:00
|
|
|
$ui->display('admin/404.tpl');
|
2023-06-15 17:06:22 +07:00
|
|
|
}
|
