kevinowino869/mitrobill
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Email Verification when change email

Browse Source
This commit is contained in:
Ibnu Maksum 2024-08-19 14:21:21 +07:00
parent da985f27e1
commit 0d966a5e03
No known key found for this signature in database
GPG Key ID: 7FC82848810579E5
7 changed files with 314 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
system/autoload/Message.php
View File

@ -96,7 +96,7 @@ class Message
public static function sendEmail($to, $subject, $body)
{
global $config, $PAGES_PATH, $_app_stage;
global $config, $PAGES_PATH, $debug_mail;
if (empty($body)) {
return "";
}
@ -116,7 +116,7 @@ class Message
} else {
$mail = new PHPMailer();
$mail->isSMTP();
if ($_app_stage == 'Dev') {
if (isset($debug_mail) && $debug_mail == 'Dev') {
$mail->SMTPDebug = SMTP::DEBUG_SERVER;
}
$mail->Host = $config['smtp_host'];

295
system/controllers/accounts.php
View File

@ -67,16 +67,9 @@ switch ($action) {
break;
case 'profile':
$d = ORM::for_table('tbl_customers')->find_one($user['id']);
if ($d) {
run_hook('customer_view_edit_profile'); #HOOK
$ui->assign('d', $d);
$ui->display('user-ui/profile.tpl');
} else {
r2(U . 'home', 'e', Lang::T('Account Not Found'));
}
run_hook('customer_view_edit_profile'); #HOOK
$ui->display('user-ui/profile.tpl');
break;
case 'edit-profile-post':
$fullname = _post('fullname');
$address = _post('address');
@ -84,45 +77,32 @@ switch ($action) {
$phonenumber = _post('phonenumber');
run_hook('customer_edit_profile'); #HOOK
$msg = '';
if (Validator::Length($fullname, 31, 2) == false) {
$msg .= 'Full Name should be between 3 to 30 characters' . '<br>';
if (Validator::Length($fullname, 31, 1) == false) {
$msg .= 'Full Name should be between 1 to 30 characters' . '<br>';
}
if (Validator::UnsignedNumber($phonenumber) == false) {
$msg .= 'Phone Number must be a number' . '<br>';
}
$d = ORM::for_table('tbl_customers')->find_one($user['id']);
if ($d) {
} else {
$msg .= Lang::T('Data Not Found') . '<br>';
$user->fullname = $fullname;
$user->address = $address;
if ($_c['allow_phone_otp'] != 'yes') {
$user->phonenumber = $phonenumber;
}
if ($_c['allow_email_otp'] != 'yes') {
$user->email = $email;
}
if ($msg == '') {
$d->fullname = $fullname;
$d->address = $address;
$d->email = $email;
$d->phonenumber = $phonenumber;
$d->save();
$user->save();
_log('[' . $user['username'] . ']: ' . Lang::T('User Updated Successfully'), 'User', $user['id']);
r2(U . 'accounts/profile', 's', Lang::T('User Updated Successfully'));
} else {
r2(U . 'accounts/profile', 'e', $msg);
}
_log('[' . $user['username'] . ']: ' . Lang::T('User Updated Successfully'), 'User', $user['id']);
r2(U . 'accounts/profile', 's', Lang::T('User Updated Successfully'));
break;
case 'phone-update':
$d = ORM::for_table('tbl_customers')->find_one($user['id']);
if ($d) {
//run_hook('customer_view_edit_profile'); #HOOK
$ui->assign('d', $d);
$ui->assign('new_phone', $_SESSION['new_phone']);
$ui->display('user-ui/phone-update.tpl');
} else {
r2(U . 'home', 'e', Lang::T('Account Not Found'));
}
$ui->assign('new_phone', $_SESSION['new_phone']);
$ui->display('user-ui/phone-update.tpl');
break;
case 'phone-update-otp':
@ -131,7 +111,7 @@ switch ($action) {
$otpPath = $CACHE_PATH . '/sms/';
$_SESSION['new_phone'] = $phone;
// Validate the phone number format
if (!preg_match('/^[0-9]{10,}$/', $phone)) {
if (!preg_match('/^[0-9]{10,}$/', $phone) || empty($phone)) {
r2(U . 'accounts/phone-update', 'e', Lang::T('Invalid phone number format'));
}
@ -139,39 +119,35 @@ switch ($action) {
r2(U . 'accounts/phone-update', 'e', Lang::T('SMS server not Available, Please try again later'));
}
if (!empty($config['sms_url'])) {
if (!empty($phone)) {
$d = ORM::for_table('tbl_customers')->where('username', $username)->where('phonenumber', $phone)->find_one();
if ($d) {
r2(U . 'accounts/phone-update', 'e', Lang::T('You cannot use your current phone number'));
}
if (!file_exists($otpPath)) {
mkdir($otpPath);
touch($otpPath . 'index.html');
}
$otpFile = $otpPath . sha1($username . $db_pass) . ".txt";
$phoneFile = $otpPath . sha1($username . $db_pass) . "_phone.txt";
$d = ORM::for_table('tbl_customers')->whereNotEqual('username', $username)->where('phonenumber', $phone)->find_one();
if ($d) {
r2(U . 'accounts/phone-update', 'e', Lang::T('Phone number already registered by another customer'));
}
if (!file_exists($otpPath)) {
mkdir($otpPath);
touch($otpPath . 'index.html');
}
$otpFile = $otpPath . sha1($username . $db_pass) . ".txt";
$phoneFile = $otpPath . sha1($username . $db_pass) . "_phone.txt";
// expired 10 minutes
if (file_exists($otpFile) && time() - filemtime($otpFile) < 600) {
r2(U . 'accounts/phone-update', 'e', Lang::T('Please wait ' . (600 - (time() - filemtime($otpFile))) . ' seconds before sending another SMS'));
} else {
$otp = rand(100000, 999999);
file_put_contents($otpFile, $otp);
file_put_contents($phoneFile, $phone);
// send send OTP to user
if ($config['phone_otp_type'] === 'sms') {
Message::sendSMS($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");
} elseif ($config['phone_otp_type'] === 'whatsapp') {
Message::sendWhatsapp($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");
} elseif ($config['phone_otp_type'] === 'both') {
Message::sendSMS($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");
Message::sendWhatsapp($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");
}
//redirect after sending OTP
r2(U . 'accounts/phone-update', 'e', Lang::T('Verification code has been sent to your phone'));
}
// expired 10 minutes
if (file_exists($otpFile) && time() - filemtime($otpFile) < 600) {
r2(U . 'accounts/phone-update', 'e', Lang::T('Please wait ') . (600 - (time() - filemtime($otpFile))) . Lang::T(' seconds before sending another SMS'));
} else {
$otp = rand(100000, 999999);
file_put_contents($otpFile, $otp);
file_put_contents($phoneFile, $phone);
// send send OTP to user
if ($config['phone_otp_type'] === 'sms') {
Message::sendSMS($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");
} elseif ($config['phone_otp_type'] === 'whatsapp') {
Message::sendWhatsapp($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");
} elseif ($config['phone_otp_type'] === 'both') {
Message::sendSMS($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");
Message::sendWhatsapp($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");
}
//redirect after sending OTP
r2(U . 'accounts/phone-update', 'e', Lang::T('Verification code has been sent to your phone'));
}
break;
@ -185,60 +161,157 @@ switch ($action) {
// Validate the phone number format
if (!preg_match('/^[0-9]{10,}$/', $phone)) {
r2(U . 'accounts/phone-update', 'e', Lang::T('Invalid phone number format'));
}
if (empty($config['sms_url'])) {
r2(U . 'accounts/phone-update', 'e', Lang::T('SMS server not Available, Please try again later'));
}
$otpFile = $otpPath . sha1($username . $db_pass) . ".txt";
$phoneFile = $otpPath . sha1($username . $db_pass) . "_phone.txt";
// Check if OTP file exists
if (!file_exists($otpFile)) {
r2(U . 'accounts/phone-update', 'e', Lang::T('Please request OTP first'));
exit();
}
if (!empty($config['sms_url'])) {
$otpFile = $otpPath . sha1($username . $db_pass) . ".txt";
$phoneFile = $otpPath . sha1($username . $db_pass) . "_phone.txt";
// Check if OTP file exists
if (!file_exists($otpFile)) {
r2(U . 'accounts/phone-update', 'e', Lang::T('Please request OTP first'));
exit();
}
// expired 10 minutes
if (time() - filemtime($otpFile) > 1200) {
unlink($otpFile);
unlink($phoneFile);
r2(U . 'accounts/phone-update', 'e', Lang::T('Verification code expired'));
exit();
} else {
$code = file_get_contents($otpFile);
// Check if OTP code matches
if ($code != $otp_code) {
r2(U . 'accounts/phone-update', 'e', Lang::T('Wrong Verification code'));
exit();
}
// Check if the phone number matches the one that requested the OTP
$savedPhone = file_get_contents($phoneFile);
if ($savedPhone !== $phone) {
r2(U . 'accounts/phone-update', 'e', Lang::T('The phone number does not match the one that requested the OTP'));
exit();
}
// OTP verification successful, delete OTP and phone number files
unlink($otpFile);
unlink($phoneFile);
}
} else {
r2(U . 'accounts/phone-update', 'e', Lang::T('SMS server not available'));
// expired 10 minutes
if (time() - filemtime($otpFile) > 1200) {
unlink($otpFile);
unlink($phoneFile);
r2(U . 'accounts/phone-update', 'e', Lang::T('Verification code expired'));
exit();
} else {
$code = file_get_contents($otpFile);
// Check if OTP code matches
if ($code != $otp_code) {
r2(U . 'accounts/phone-update', 'e', Lang::T('Wrong Verification code'));
exit();
}
// Check if the phone number matches the one that requested the OTP
$savedPhone = file_get_contents($phoneFile);
if ($savedPhone !== $phone) {
r2(U . 'accounts/phone-update', 'e', Lang::T('The phone number does not match the one that requested the OTP'));
exit();
}
// OTP verification successful, delete OTP and phone number files
unlink($otpFile);
unlink($phoneFile);
}
// Update the phone number in the database
$d = ORM::for_table('tbl_customers')->where('username', $username)->find_one();
if ($d) {
$d->phonenumber = Lang::phoneFormat($phone);
$d->save();
}
$user->phonenumber = Lang::phoneFormat($phone);
$user->save();
r2(U . 'accounts/profile', 's', Lang::T('Phone number updated successfully'));
break;
case 'email-update':
$ui->assign('new_email', $_SESSION['new_email']);
$ui->display('user-ui/email-update.tpl');
break;
case 'email-update-otp':
$email = trim(_post('email'));
$username = $user['username'];
$otpPath = $CACHE_PATH . '/email/';
$_SESSION['new_email'] = $email;
// Validate the phone number format
if (!Validator::Email($email)) {
r2(U . 'accounts/email-update', 'e', Lang::T('Invalid Email address format'));
}
if (empty($config['smtp_host'])) {
r2(U . 'accounts/email-update', 'e', Lang::T('Email server not Available, Please ask admin to configure it'));
}
$d = ORM::for_table('tbl_customers')->whereNotEqual('username', $username)->where('email', $email)->find_one();
if ($d) {
r2(U . 'accounts/email-update', 'e', Lang::T('Email already used by another Customer'));
}
if (!file_exists($otpPath)) {
mkdir($otpPath);
touch($otpPath . 'index.html');
}
$otpFile = $otpPath . sha1($username . $db_pass) . ".txt";
$emailFile = $otpPath . sha1($username . $db_pass) . "_email.txt";
// expired 10 minutes
if (file_exists($otpFile) && time() - filemtime($otpFile) < 600) {
r2(U . 'accounts/email-update', 'e', Lang::T('Please wait ') . (600 - (time() - filemtime($otpFile))) . Lang::T(' seconds before sending another Email'));
} else {
$otp = rand(100000, 999999);
file_put_contents($otpFile, $otp);
file_put_contents($emailFile, $email);
// send OTP to user
$body = Lang::T("Hello") . ' ' . $user['fullname'] . ",\n\n" . Lang::T("Your Email Verification Code is:") . " $otp";
Message::sendEmail($email, Lang::T('Change Email Verification Code'), $body);
//redirect after sending OTP
r2(U . 'accounts/email-update', 'e', Lang::T('Verification code has been sent to your email. Check Spam folder if not found.'));
}
break;
case 'email-update-post':
$email = trim(_post('email'));
$otp_code = _post('otp');
$username = $user['username'];
$otpPath = $CACHE_PATH . '/email/';
// Validate the phone number format
if (!Validator::Email($email)) {
r2(U . 'accounts/email-update', 'e', Lang::T('Invalid Email address format'));
exit();
}
if (empty($config['smtp_host'])) {
r2(U . 'accounts/email-update', 'e', Lang::T('Email server not Available, Please ask admin to configure it'));
}
$otpFile = $otpPath . sha1($username . $db_pass) . ".txt";
$emailFile = $otpPath . sha1($username . $db_pass) . "_email.txt";
// Check if OTP file exists
if (!file_exists($otpFile)) {
r2(U . 'accounts/email-update', 'e', Lang::T('Please request OTP first'));
exit();
}
// expired 10 minutes
if (time() - filemtime($otpFile) > 1200) {
unlink($otpFile);
unlink($emailFile);
r2(U . 'accounts/email-update', 'e', Lang::T('Verification code expired'));
exit();
} else {
$code = file_get_contents($otpFile);
// Check if OTP code matches
if ($code != $otp_code) {
r2(U . 'accounts/email-update', 'e', Lang::T('Wrong Verification code'));
exit();
}
// Check if the phone number matches the one that requested the OTP
$savedEmail = file_get_contents($emailFile);
if ($savedEmail !== $email) {
r2(U . 'accounts/email-update', 'e', Lang::T('The Email Address does not match the one that requested the OTP'));
exit();
}
// OTP verification successful, delete OTP and phone number files
unlink($otpFile);
unlink($emailFile);
}
$user->email = $email;
$user->save();
r2(U . 'accounts/profile', 's', Lang::T('Email Address updated successfully'));
break;
case 'language-update-post':
global $root_path;
$selected_language = _req('lang', 'english');

6
system/controllers/register.php
View File

@ -22,7 +22,7 @@ switch ($do) {
$password = _post('password');
$cpassword = _post('cpassword');
$address = _post('address');
if (!empty($config['sms_url'])) {
if (!empty($config['sms_url']) && $_c['allow_phone_otp'] == 'yes') {
$phonenumber = Lang::phoneFormat($username);
$username = $phonenumber;
} else if (strlen($username) < 21) {
@ -45,7 +45,7 @@ switch ($do) {
$msg .= Lang::T('Passwords does not match') . '<br>';
}
if (!empty($config['sms_url'])) {
if (!empty($config['sms_url']) && $_c['allow_phone_otp'] == 'yes') {
$otpPath .= sha1($username . $db_pass) . ".txt";
run_hook('validate_otp'); #HOOK
//expired 10 minutes
@ -111,7 +111,7 @@ switch ($do) {
break;
default:
if (!empty($config['sms_url'])) {
if (!empty($config['sms_url']) && $_c['allow_phone_otp'] == 'yes') {
$username = _post('username');
if (!empty($username)) {
$d = ORM::for_table('tbl_customers')->where('username', $username)->find_one();

18
ui/ui/app-settings.tpl
View File

@ -626,7 +626,7 @@
</p>
</div>
<div class="form-group">
<label class="col-md-2 control-label">{Lang::T('OTP Required')}</label>
<label class="col-md-2 control-label">{Lang::T('Phone OTP Required')}</label>
<div class="col-md-6">
<select name="allow_phone_otp" id="allow_phone_otp" class="form-control">
<option value="no" {if $_c['allow_phone_otp']=='no' }selected="selected" {/if}>
@ -636,7 +636,7 @@
</select>
</div>
<p class="help-block col-md-4">
{Lang::T('OTP is required when user want to change phone number')}
{Lang::T('OTP is required when user want to change phone number and registration')}
</p>
</div>
<div class="form-group">
@ -654,6 +654,20 @@
</div>
<p class="help-block col-md-4">{Lang::T('The method which OTP will be sent to user')}</p>
</div>
<div class="form-group">
<label class="col-md-2 control-label">{Lang::T('Email OTP Required')}</label>
<div class="col-md-6">
<select name="allow_email_otp" id="allow_email_otp" class="form-control">
<option value="no" {if $_c['allow_email_otp']=='no' }selected="selected" {/if}>
No</option>
<option value="yes" {if $_c['allow_email_otp']=='yes' }selected="selected" {/if}>Yes
</option>
</select>
</div>
<p class="help-block col-md-4">
{Lang::T('OTP is required when user want to change Email Address')}
</p>
</div>
<div class="form-group">
<label class="col-md-2 control-label">{Lang::T('Extend Package Expiry')}</label>
<div class="col-md-6">

79
ui/ui/user-ui/email-update.tpl Normal file
View File

@ -0,0 +1,79 @@
{include file="user-ui/header.tpl"}
<!-- user-phone-update -->
<div class="box box-danger">
<div class="box-header with-border">
<h3 class="box-title">{Lang::T('Change Email Address')}</h3>
</div>
<div class="box-body">
<div class="form-horizontal">
<div class="form-group">
<label class="col-md-2 control-label">{Lang::T('Current Email')}</label>
<div class="col-md-6">
<div class="input-group">
<span class="input-group-addon" id="basic-addon1">+</span>
<input type="text" class="form-control" name="email"
value="{$_user['email']}" readonly placeholder="{Lang::T('Email')}">
</div>
</div>
</div>
<form method="post" role="form" action="{$_url}accounts/email-update-otp">
<div class="form-group">
<label class="col-md-2 control-label">{Lang::T('New Email')}</label>
<div class="col-md-6">
<div class="input-group">
<span class="input-group-addon" id="basic-addon1">+</span>
<input type="text" class="form-control" name="email" id="email" value="{$new_email}" required
placeholder="{Lang::T('Input your Email')}">
<span class="input-group-btn">
<button type="submit" class="btn btn-info btn-flat">{Lang::T('Request OTP')}</button>
</span>
</div>
</div>
</div>
</form>
<form method="post" role="form" action="{$_url}accounts/email-update-post">
<!-- Form 2 -->
<div class="form-group">
<label class="col-md-2 control-label">{Lang::T('OTP')}</label>
<div class="col-md-6">
<input type="number" class="form-control" id="otp" name="otp"
placeholder="{Lang::T('Enter OTP that was sent to your email')}" required>
</div>
</div>
<!-- Hidden field to store the phone number value -->
<input type="hidden" name="email" id="hidden_email">
<center>
<button class="btn btn-success" type="submit"
onclick="return validateForm()">{Lang::T('Update')}</button>
Or <a href="{$_url}home">{Lang::T('Cancel')}</a>
</center>
</form>
<script>
function validateForm() {
var email = document.getElementById("email").value;
var otp = document.getElementById("otp").value;
if (email.trim() === "") {
alert("Email Address is required.");
return false; // Prevent form submission
}
if (otp.trim() === "") {
alert("OTP code is required.");
return false; // Prevent form submission
}
// Set the phone number value in the hidden field
document.getElementById("hidden_email").value = email;
return true; // Allow form submission
}
</script>
</div>
</div>
</div>
{include file="user-ui/footer.tpl"}

2
ui/ui/user-ui/phone-update.tpl
View File

@ -14,7 +14,7 @@
<div class="input-group">
<span class="input-group-addon" id="basic-addon1">+</span>
<input type="text" class="form-control" name="phonenumber" id="phonenumber"
value="{$d['phonenumber']}" readonly placeholder="{Lang::T('Phone Number')}">
value="{$_user['phonenumber']}" readonly placeholder="{Lang::T('Phone Number')}">
</div>
</div>
</div>

40
ui/ui/user-ui/profile.tpl
View File

@ -8,14 +8,14 @@
<div class="panel-body">
<form class="form-horizontal" method="post" role="form" action="{$_url}accounts/edit-profile-post">
<input type="hidden" name="id" value="{$d['id']}">
<input type="hidden" name="id" value="{$_user['id']}">
<div class="form-group">
<label class="col-md-2 control-label">{Lang::T('Username')}</label>
<div class="col-md-6">
<div class="input-group">
<span class="input-group-addon" id="basic-addon1">+</span>
<input type="text" class="form-control" name="username" id="username" readonly
value="{$d['username']}"
value="{$_user['username']}"
placeholder="{if $_c['country_code_phone']!= ''}{$_c['country_code_phone']}{/if} {Lang::T('Phone Number')}">
</div>
</div>
@ -24,14 +24,14 @@
<label class="col-md-2 control-label">{Lang::T('Full Name')}</label>
<div class="col-md-6">
<input type="text" class="form-control" id="fullname" name="fullname"
value="{$d['fullname']}">
value="{$_user['fullname']}">
</div>
</div>
<div class="form-group">
<label class="col-md-2 control-label">{Lang::T('Address')}</label>
<div class="col-md-6">
<textarea name="address" id="address" class="form-control">{$d['address']}</textarea>
<textarea name="address" id="address" class="form-control">{$_user['address']}</textarea>
</div>
</div>
{if $_c['allow_phone_otp'] != 'yes'}
@ -41,7 +41,7 @@
<div class="input-group">
<span class="input-group-addon" id="basic-addon1">+</span>
<input type="text" class="form-control" name="phonenumber" id="phonenumber"
value="{$d['phonenumber']}"
value="{$_user['phonenumber']}"
placeholder="{if $_c['country_code_phone']!= ''}{$_c['country_code_phone']}{/if} {Lang::T('Phone Number')}">
</div>
</div>
@ -53,7 +53,7 @@
<div class="input-group">
<span class="input-group-addon" id="basic-addon1">+</span>
<input type="text" class="form-control" name="phonenumber" id="phonenumber"
value="{$d['phonenumber']}" readonly
value="{$_user['phonenumber']}" readonly
placeholder="{if $_c['country_code_phone']!= ''}{$_c['country_code_phone']}{/if} {Lang::T('Phone Number')}">
<span class="input-group-btn">
<a href="{$_url}accounts/phone-update" type="button"
@ -63,12 +63,30 @@
</div>
</div>
{/if}
<div class="form-group">
<label class="col-md-2 control-label">{Lang::T('Email')}</label>
<div class="col-md-6">
<input type="text" class="form-control" id="email" name="email" value="{$d['email']}">
{if $_c['allow_email_otp'] != 'yes'}
<div class="form-group">
<label class="col-md-2 control-label">{Lang::T('Email')}</label>
<div class="col-md-6">
<input type="text" class="form-control" id="email" name="email" value="{$_user['email']}">
</div>
</div>
</div>
{else}
<div class="form-group">
<label class="col-md-2 control-label">{Lang::T('Email Address')}</label>
<div class="col-md-6">
<div class="input-group">
<span class="input-group-addon"><i class="glyphicon glyphicon-envelope"></i></span>
<input type="text" class="form-control" name="email" id="email"
value="{$_user['email']}" readonly>
<span class="input-group-btn">
<a href="{$_url}accounts/email-update" type="button"
class="btn btn-info btn-flat">{Lang::T('Change')}</a>
</span>
</div>
</div>
</div>
{/if}
<div class="form-group">
<div class="col-lg-offset-2 col-lg-10">