diff --git a/system/autoload/Message.php b/system/autoload/Message.php index ce0806c6..a7fbae9b 100644 --- a/system/autoload/Message.php +++ b/system/autoload/Message.php @@ -96,7 +96,7 @@ class Message public static function sendEmail($to, $subject, $body) { - global $config, $PAGES_PATH, $_app_stage; + global $config, $PAGES_PATH, $debug_mail; if (empty($body)) { return ""; } @@ -116,7 +116,7 @@ class Message } else { $mail = new PHPMailer(); $mail->isSMTP(); - if ($_app_stage == 'Dev') { + if (isset($debug_mail) && $debug_mail == 'Dev') { $mail->SMTPDebug = SMTP::DEBUG_SERVER; } $mail->Host = $config['smtp_host']; diff --git a/system/controllers/accounts.php b/system/controllers/accounts.php index 3803279b..4fb44e3d 100644 --- a/system/controllers/accounts.php +++ b/system/controllers/accounts.php @@ -67,16 +67,9 @@ switch ($action) { break; case 'profile': - $d = ORM::for_table('tbl_customers')->find_one($user['id']); - if ($d) { - run_hook('customer_view_edit_profile'); #HOOK - $ui->assign('d', $d); - $ui->display('user-ui/profile.tpl'); - } else { - r2(U . 'home', 'e', Lang::T('Account Not Found')); - } + run_hook('customer_view_edit_profile'); #HOOK + $ui->display('user-ui/profile.tpl'); break; - case 'edit-profile-post': $fullname = _post('fullname'); $address = _post('address'); @@ -84,45 +77,32 @@ switch ($action) { $phonenumber = _post('phonenumber'); run_hook('customer_edit_profile'); #HOOK $msg = ''; - if (Validator::Length($fullname, 31, 2) == false) { - $msg .= 'Full Name should be between 3 to 30 characters' . '
'; + if (Validator::Length($fullname, 31, 1) == false) { + $msg .= 'Full Name should be between 1 to 30 characters' . '
'; } if (Validator::UnsignedNumber($phonenumber) == false) { $msg .= 'Phone Number must be a number' . '
'; } - $d = ORM::for_table('tbl_customers')->find_one($user['id']); - if ($d) { - } else { - $msg .= Lang::T('Data Not Found') . '
'; + $user->fullname = $fullname; + $user->address = $address; + if ($_c['allow_phone_otp'] != 'yes') { + $user->phonenumber = $phonenumber; + } + if ($_c['allow_email_otp'] != 'yes') { + $user->email = $email; } - if ($msg == '') { - $d->fullname = $fullname; - $d->address = $address; - $d->email = $email; - $d->phonenumber = $phonenumber; - $d->save(); + $user->save(); - _log('[' . $user['username'] . ']: ' . Lang::T('User Updated Successfully'), 'User', $user['id']); - r2(U . 'accounts/profile', 's', Lang::T('User Updated Successfully')); - } else { - r2(U . 'accounts/profile', 'e', $msg); - } + _log('[' . $user['username'] . ']: ' . Lang::T('User Updated Successfully'), 'User', $user['id']); + r2(U . 'accounts/profile', 's', Lang::T('User Updated Successfully')); break; case 'phone-update': - - $d = ORM::for_table('tbl_customers')->find_one($user['id']); - if ($d) { - //run_hook('customer_view_edit_profile'); #HOOK - $ui->assign('d', $d); - $ui->assign('new_phone', $_SESSION['new_phone']); - $ui->display('user-ui/phone-update.tpl'); - } else { - r2(U . 'home', 'e', Lang::T('Account Not Found')); - } + $ui->assign('new_phone', $_SESSION['new_phone']); + $ui->display('user-ui/phone-update.tpl'); break; case 'phone-update-otp': @@ -131,7 +111,7 @@ switch ($action) { $otpPath = $CACHE_PATH . '/sms/'; $_SESSION['new_phone'] = $phone; // Validate the phone number format - if (!preg_match('/^[0-9]{10,}$/', $phone)) { + if (!preg_match('/^[0-9]{10,}$/', $phone) || empty($phone)) { r2(U . 'accounts/phone-update', 'e', Lang::T('Invalid phone number format')); } @@ -139,39 +119,35 @@ switch ($action) { r2(U . 'accounts/phone-update', 'e', Lang::T('SMS server not Available, Please try again later')); } - if (!empty($config['sms_url'])) { - if (!empty($phone)) { - $d = ORM::for_table('tbl_customers')->where('username', $username)->where('phonenumber', $phone)->find_one(); - if ($d) { - r2(U . 'accounts/phone-update', 'e', Lang::T('You cannot use your current phone number')); - } - if (!file_exists($otpPath)) { - mkdir($otpPath); - touch($otpPath . 'index.html'); - } - $otpFile = $otpPath . sha1($username . $db_pass) . ".txt"; - $phoneFile = $otpPath . sha1($username . $db_pass) . "_phone.txt"; + $d = ORM::for_table('tbl_customers')->whereNotEqual('username', $username)->where('phonenumber', $phone)->find_one(); + if ($d) { + r2(U . 'accounts/phone-update', 'e', Lang::T('Phone number already registered by another customer')); + } + if (!file_exists($otpPath)) { + mkdir($otpPath); + touch($otpPath . 'index.html'); + } + $otpFile = $otpPath . sha1($username . $db_pass) . ".txt"; + $phoneFile = $otpPath . sha1($username . $db_pass) . "_phone.txt"; - // expired 10 minutes - if (file_exists($otpFile) && time() - filemtime($otpFile) < 600) { - r2(U . 'accounts/phone-update', 'e', Lang::T('Please wait ' . (600 - (time() - filemtime($otpFile))) . ' seconds before sending another SMS')); - } else { - $otp = rand(100000, 999999); - file_put_contents($otpFile, $otp); - file_put_contents($phoneFile, $phone); - // send send OTP to user - if ($config['phone_otp_type'] === 'sms') { - Message::sendSMS($phone, $config['CompanyName'] . "\n Your Verification code is: $otp"); - } elseif ($config['phone_otp_type'] === 'whatsapp') { - Message::sendWhatsapp($phone, $config['CompanyName'] . "\n Your Verification code is: $otp"); - } elseif ($config['phone_otp_type'] === 'both') { - Message::sendSMS($phone, $config['CompanyName'] . "\n Your Verification code is: $otp"); - Message::sendWhatsapp($phone, $config['CompanyName'] . "\n Your Verification code is: $otp"); - } - //redirect after sending OTP - r2(U . 'accounts/phone-update', 'e', Lang::T('Verification code has been sent to your phone')); - } + // expired 10 minutes + if (file_exists($otpFile) && time() - filemtime($otpFile) < 600) { + r2(U . 'accounts/phone-update', 'e', Lang::T('Please wait ') . (600 - (time() - filemtime($otpFile))) . Lang::T(' seconds before sending another SMS')); + } else { + $otp = rand(100000, 999999); + file_put_contents($otpFile, $otp); + file_put_contents($phoneFile, $phone); + // send send OTP to user + if ($config['phone_otp_type'] === 'sms') { + Message::sendSMS($phone, $config['CompanyName'] . "\n Your Verification code is: $otp"); + } elseif ($config['phone_otp_type'] === 'whatsapp') { + Message::sendWhatsapp($phone, $config['CompanyName'] . "\n Your Verification code is: $otp"); + } elseif ($config['phone_otp_type'] === 'both') { + Message::sendSMS($phone, $config['CompanyName'] . "\n Your Verification code is: $otp"); + Message::sendWhatsapp($phone, $config['CompanyName'] . "\n Your Verification code is: $otp"); } + //redirect after sending OTP + r2(U . 'accounts/phone-update', 'e', Lang::T('Verification code has been sent to your phone')); } break; @@ -185,60 +161,157 @@ switch ($action) { // Validate the phone number format if (!preg_match('/^[0-9]{10,}$/', $phone)) { r2(U . 'accounts/phone-update', 'e', Lang::T('Invalid phone number format')); + } + + if (empty($config['sms_url'])) { + r2(U . 'accounts/phone-update', 'e', Lang::T('SMS server not Available, Please try again later')); + } + + $otpFile = $otpPath . sha1($username . $db_pass) . ".txt"; + $phoneFile = $otpPath . sha1($username . $db_pass) . "_phone.txt"; + + // Check if OTP file exists + if (!file_exists($otpFile)) { + r2(U . 'accounts/phone-update', 'e', Lang::T('Please request OTP first')); exit(); } - if (!empty($config['sms_url'])) { - $otpFile = $otpPath . sha1($username . $db_pass) . ".txt"; - $phoneFile = $otpPath . sha1($username . $db_pass) . "_phone.txt"; - - // Check if OTP file exists - if (!file_exists($otpFile)) { - r2(U . 'accounts/phone-update', 'e', Lang::T('Please request OTP first')); - exit(); - } - - // expired 10 minutes - if (time() - filemtime($otpFile) > 1200) { - unlink($otpFile); - unlink($phoneFile); - r2(U . 'accounts/phone-update', 'e', Lang::T('Verification code expired')); - exit(); - } else { - $code = file_get_contents($otpFile); - - // Check if OTP code matches - if ($code != $otp_code) { - r2(U . 'accounts/phone-update', 'e', Lang::T('Wrong Verification code')); - exit(); - } - - // Check if the phone number matches the one that requested the OTP - $savedPhone = file_get_contents($phoneFile); - if ($savedPhone !== $phone) { - r2(U . 'accounts/phone-update', 'e', Lang::T('The phone number does not match the one that requested the OTP')); - exit(); - } - - // OTP verification successful, delete OTP and phone number files - unlink($otpFile); - unlink($phoneFile); - } - } else { - r2(U . 'accounts/phone-update', 'e', Lang::T('SMS server not available')); + // expired 10 minutes + if (time() - filemtime($otpFile) > 1200) { + unlink($otpFile); + unlink($phoneFile); + r2(U . 'accounts/phone-update', 'e', Lang::T('Verification code expired')); exit(); + } else { + $code = file_get_contents($otpFile); + + // Check if OTP code matches + if ($code != $otp_code) { + r2(U . 'accounts/phone-update', 'e', Lang::T('Wrong Verification code')); + exit(); + } + + // Check if the phone number matches the one that requested the OTP + $savedPhone = file_get_contents($phoneFile); + if ($savedPhone !== $phone) { + r2(U . 'accounts/phone-update', 'e', Lang::T('The phone number does not match the one that requested the OTP')); + exit(); + } + + // OTP verification successful, delete OTP and phone number files + unlink($otpFile); + unlink($phoneFile); } // Update the phone number in the database - $d = ORM::for_table('tbl_customers')->where('username', $username)->find_one(); - if ($d) { - $d->phonenumber = Lang::phoneFormat($phone); - $d->save(); - } + $user->phonenumber = Lang::phoneFormat($phone); + $user->save(); r2(U . 'accounts/profile', 's', Lang::T('Phone number updated successfully')); break; + case 'email-update': + $ui->assign('new_email', $_SESSION['new_email']); + $ui->display('user-ui/email-update.tpl'); + break; + case 'email-update-otp': + $email = trim(_post('email')); + $username = $user['username']; + $otpPath = $CACHE_PATH . '/email/'; + $_SESSION['new_email'] = $email; + // Validate the phone number format + if (!Validator::Email($email)) { + r2(U . 'accounts/email-update', 'e', Lang::T('Invalid Email address format')); + } + + if (empty($config['smtp_host'])) { + r2(U . 'accounts/email-update', 'e', Lang::T('Email server not Available, Please ask admin to configure it')); + } + + $d = ORM::for_table('tbl_customers')->whereNotEqual('username', $username)->where('email', $email)->find_one(); + if ($d) { + r2(U . 'accounts/email-update', 'e', Lang::T('Email already used by another Customer')); + } + if (!file_exists($otpPath)) { + mkdir($otpPath); + touch($otpPath . 'index.html'); + } + $otpFile = $otpPath . sha1($username . $db_pass) . ".txt"; + $emailFile = $otpPath . sha1($username . $db_pass) . "_email.txt"; + + // expired 10 minutes + if (file_exists($otpFile) && time() - filemtime($otpFile) < 600) { + r2(U . 'accounts/email-update', 'e', Lang::T('Please wait ') . (600 - (time() - filemtime($otpFile))) . Lang::T(' seconds before sending another Email')); + } else { + $otp = rand(100000, 999999); + file_put_contents($otpFile, $otp); + file_put_contents($emailFile, $email); + // send OTP to user + $body = Lang::T("Hello") . ' ' . $user['fullname'] . ",\n\n" . Lang::T("Your Email Verification Code is:") . " $otp"; + Message::sendEmail($email, Lang::T('Change Email Verification Code'), $body); + //redirect after sending OTP + r2(U . 'accounts/email-update', 'e', Lang::T('Verification code has been sent to your email. Check Spam folder if not found.')); + } + + break; + + case 'email-update-post': + $email = trim(_post('email')); + $otp_code = _post('otp'); + $username = $user['username']; + $otpPath = $CACHE_PATH . '/email/'; + // Validate the phone number format + if (!Validator::Email($email)) { + r2(U . 'accounts/email-update', 'e', Lang::T('Invalid Email address format')); + exit(); + } + + if (empty($config['smtp_host'])) { + r2(U . 'accounts/email-update', 'e', Lang::T('Email server not Available, Please ask admin to configure it')); + } + + $otpFile = $otpPath . sha1($username . $db_pass) . ".txt"; + $emailFile = $otpPath . sha1($username . $db_pass) . "_email.txt"; + + // Check if OTP file exists + if (!file_exists($otpFile)) { + r2(U . 'accounts/email-update', 'e', Lang::T('Please request OTP first')); + exit(); + } + + // expired 10 minutes + if (time() - filemtime($otpFile) > 1200) { + unlink($otpFile); + unlink($emailFile); + r2(U . 'accounts/email-update', 'e', Lang::T('Verification code expired')); + exit(); + } else { + $code = file_get_contents($otpFile); + + // Check if OTP code matches + if ($code != $otp_code) { + r2(U . 'accounts/email-update', 'e', Lang::T('Wrong Verification code')); + exit(); + } + + // Check if the phone number matches the one that requested the OTP + $savedEmail = file_get_contents($emailFile); + if ($savedEmail !== $email) { + r2(U . 'accounts/email-update', 'e', Lang::T('The Email Address does not match the one that requested the OTP')); + exit(); + } + + // OTP verification successful, delete OTP and phone number files + unlink($otpFile); + unlink($emailFile); + } + + $user->email = $email; + $user->save(); + + r2(U . 'accounts/profile', 's', Lang::T('Email Address updated successfully')); + break; + case 'language-update-post': global $root_path; $selected_language = _req('lang', 'english'); diff --git a/system/controllers/register.php b/system/controllers/register.php index ddbb280a..b3269748 100644 --- a/system/controllers/register.php +++ b/system/controllers/register.php @@ -22,7 +22,7 @@ switch ($do) { $password = _post('password'); $cpassword = _post('cpassword'); $address = _post('address'); - if (!empty($config['sms_url'])) { + if (!empty($config['sms_url']) && $_c['allow_phone_otp'] == 'yes') { $phonenumber = Lang::phoneFormat($username); $username = $phonenumber; } else if (strlen($username) < 21) { @@ -45,7 +45,7 @@ switch ($do) { $msg .= Lang::T('Passwords does not match') . '
'; } - if (!empty($config['sms_url'])) { + if (!empty($config['sms_url']) && $_c['allow_phone_otp'] == 'yes') { $otpPath .= sha1($username . $db_pass) . ".txt"; run_hook('validate_otp'); #HOOK //expired 10 minutes @@ -111,7 +111,7 @@ switch ($do) { break; default: - if (!empty($config['sms_url'])) { + if (!empty($config['sms_url']) && $_c['allow_phone_otp'] == 'yes') { $username = _post('username'); if (!empty($username)) { $d = ORM::for_table('tbl_customers')->where('username', $username)->find_one(); diff --git a/ui/ui/app-settings.tpl b/ui/ui/app-settings.tpl index 146a62b1..018cb787 100644 --- a/ui/ui/app-settings.tpl +++ b/ui/ui/app-settings.tpl @@ -626,7 +626,7 @@

- +

- {Lang::T('OTP is required when user want to change phone number')} + {Lang::T('OTP is required when user want to change phone number and registration')}

@@ -654,6 +654,20 @@

{Lang::T('The method which OTP will be sent to user')}

+
+ +
+ +
+

+ {Lang::T('OTP is required when user want to change Email Address')} +

+
diff --git a/ui/ui/user-ui/email-update.tpl b/ui/ui/user-ui/email-update.tpl new file mode 100644 index 00000000..e79a3e34 --- /dev/null +++ b/ui/ui/user-ui/email-update.tpl @@ -0,0 +1,79 @@ +{include file="user-ui/header.tpl"} + + + +
+
+

{Lang::T('Change Email Address')}

+
+
+
+
+ +
+
+ + + +
+
+
+
+
+ +
+
+ + + + + + +
+
+
+
+
+ +
+ +
+ +
+
+ + + + +
+ + Or {Lang::T('Cancel')} +
+
+ + +
+
+
+{include file="user-ui/footer.tpl"} \ No newline at end of file diff --git a/ui/ui/user-ui/phone-update.tpl b/ui/ui/user-ui/phone-update.tpl index 2f69a782..12cfa75e 100644 --- a/ui/ui/user-ui/phone-update.tpl +++ b/ui/ui/user-ui/phone-update.tpl @@ -14,7 +14,7 @@
+ + value="{$_user['phonenumber']}" readonly placeholder="{Lang::T('Phone Number')}">
diff --git a/ui/ui/user-ui/profile.tpl b/ui/ui/user-ui/profile.tpl index cede2f77..e63402b5 100644 --- a/ui/ui/user-ui/profile.tpl +++ b/ui/ui/user-ui/profile.tpl @@ -8,14 +8,14 @@
- +
+
@@ -24,14 +24,14 @@
+ value="{$_user['fullname']}">
- +
{if $_c['allow_phone_otp'] != 'yes'} @@ -41,7 +41,7 @@
+
@@ -53,7 +53,7 @@
+
{/if} -
- -
- + + {if $_c['allow_email_otp'] != 'yes'} +
+ +
+ +
-
+ {else} +
+ +
+
+ + + + {Lang::T('Change')} + +
+
+
+ {/if}