Merge pull request #111 from Focuslinkstech/Development
Bug Fix: OTP bugs
This commit is contained in:
iBNu Maksum
GitHub
commit
3bdf44ddbe
@ -84,7 +84,7 @@ switch ($action) {
|
|||||||
$ui->assign('d', $d);
|
$ui->assign('d', $d);
|
||||||
$ui->display('user-profile.tpl');
|
$ui->display('user-profile.tpl');
|
||||||
} else {
|
} else {
|
||||||
r2(U . 'home', 'e', $_L['Account_Not_Found']);
|
r2(U . 'home', 'e', Lang::T('Account Not Found'));
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -122,6 +122,7 @@ switch ($action) {
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|
||||||
case 'phone-update':
|
case 'phone-update':
|
||||||
|
|
||||||
$d = ORM::for_table('tbl_customers')->find_one($user['id']);
|
$d = ORM::for_table('tbl_customers')->find_one($user['id']);
|
||||||
@ -139,6 +140,11 @@ switch ($action) {
|
|||||||
$username = $user['username'];
|
$username = $user['username'];
|
||||||
$otpPath = 'system/cache/sms/';
|
$otpPath = 'system/cache/sms/';
|
||||||
|
|
||||||
|
// Validate the phone number format
|
||||||
|
if (!preg_match('/^[0-9]{10,}$/', $phone)) {
|
||||||
|
r2(U . 'accounts/phone-update', 'e', Lang::T('Invalid phone number format'));
|
||||||
|
}
|
||||||
|
|
||||||
if (empty($config['sms_url'])) {
|
if (empty($config['sms_url'])) {
|
||||||
r2(U . 'accounts/phone-update', 'e', Lang::T('SMS server not Available, Please try again later'));
|
r2(U . 'accounts/phone-update', 'e', Lang::T('SMS server not Available, Please try again later'));
|
||||||
}
|
}
|
||||||
@ -163,7 +169,16 @@ switch ($action) {
|
|||||||
$otp = rand(100000, 999999);
|
$otp = rand(100000, 999999);
|
||||||
file_put_contents($otpFile, $otp);
|
file_put_contents($otpFile, $otp);
|
||||||
file_put_contents($phoneFile, $phone);
|
file_put_contents($phoneFile, $phone);
|
||||||
Message::sendSMS($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");
|
// send send OTP to user
|
||||||
|
if ($_c['phone_otp_type'] === 'sms') {
|
||||||
|
Message::sendSMS($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");
|
||||||
|
} elseif ($_c['phone_otp_type'] === 'whatsapp') {
|
||||||
|
Message::sendWhatsapp($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");
|
||||||
|
} elseif ($_c['phone_otp_type'] === 'both') {
|
||||||
|
Message::sendSMS($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");
|
||||||
|
Message::sendWhatsapp($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");
|
||||||
|
}
|
||||||
|
//redirect after sending OTP
|
||||||
r2(U . 'accounts/phone-update', 'e', Lang::T('Verification code has been sent to your phone'));
|
r2(U . 'accounts/phone-update', 'e', Lang::T('Verification code has been sent to your phone'));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -177,41 +192,61 @@ switch ($action) {
|
|||||||
$username = $user['username'];
|
$username = $user['username'];
|
||||||
$otpPath = 'system/cache/sms/';
|
$otpPath = 'system/cache/sms/';
|
||||||
|
|
||||||
|
// Validate the phone number format
|
||||||
|
if (!preg_match('/^[0-9]{10,}$/', $phone)) {
|
||||||
|
r2(U . 'accounts/phone-update', 'e', Lang::T('Invalid phone number format'));
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
if (!empty($config['sms_url'])) {
|
if (!empty($config['sms_url'])) {
|
||||||
$otpFile = $otpPath . sha1($username . $db_password) . ".txt";
|
$otpFile = $otpPath . sha1($username . $db_password) . ".txt";
|
||||||
$phoneFile = $otpPath . sha1($username . $db_password) . "_phone.txt";
|
$phoneFile = $otpPath . sha1($username . $db_password) . "_phone.txt";
|
||||||
|
|
||||||
|
// Check if OTP file exists
|
||||||
|
if (!file_exists($otpFile)) {
|
||||||
|
r2(U . 'accounts/phone-update', 'e', Lang::T('Please request OTP first'));
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
// expired 10 minutes
|
// expired 10 minutes
|
||||||
if (file_exists($otpFile) && time() - filemtime($otpFile) > 1200) {
|
if (time() - filemtime($otpFile) > 1200) {
|
||||||
unlink($otpFile);
|
unlink($otpFile);
|
||||||
unlink($phoneFile);
|
unlink($phoneFile);
|
||||||
r2(U . 'accounts/phone-update', 'e', 'Verification code expired');
|
r2(U . 'accounts/phone-update', 'e', Lang::T('Verification code expired'));
|
||||||
} else if (file_exists($otpFile)) {
|
exit();
|
||||||
|
} else {
|
||||||
$code = file_get_contents($otpFile);
|
$code = file_get_contents($otpFile);
|
||||||
|
|
||||||
|
// Check if OTP code matches
|
||||||
if ($code != $otp_code) {
|
if ($code != $otp_code) {
|
||||||
r2(U . 'accounts/phone-update', 'e', 'Wrong Verification code');
|
r2(U . 'accounts/phone-update', 'e', Lang::T('Wrong Verification code'));
|
||||||
exit();
|
exit();
|
||||||
} elseif (file_exists($phoneFile)) {
|
|
||||||
$savedPhone = file_get_contents($phoneFile);
|
|
||||||
if ($savedPhone !== $phone) {
|
|
||||||
r2(U . 'accounts/phone-update', 'e', 'The phone number does not match the one that requested the OTP');
|
|
||||||
exit();
|
|
||||||
} else {
|
|
||||||
unlink($otpFile);
|
|
||||||
unlink($phoneFile);
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
r2(U . 'accounts/phone-update', 'e', 'No Verification code');
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check if the phone number matches the one that requested the OTP
|
||||||
|
$savedPhone = file_get_contents($phoneFile);
|
||||||
|
if ($savedPhone !== $phone) {
|
||||||
|
r2(U . 'accounts/phone-update', 'e', Lang::T('The phone number does not match the one that requested the OTP'));
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
|
// OTP verification successful, delete OTP and phone number files
|
||||||
|
unlink($otpFile);
|
||||||
|
unlink($phoneFile);
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
r2(U . 'accounts/phone-update', 'e', Lang::T('SMS server not available'));
|
||||||
|
exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Update the phone number in the database
|
||||||
$d = ORM::for_table('tbl_customers')->where('username', $username)->find_one();
|
$d = ORM::for_table('tbl_customers')->where('username', $username)->find_one();
|
||||||
if ($d) {
|
if ($d) {
|
||||||
$d->phonenumber = Lang::phoneFormat($phone);
|
$d->phonenumber = Lang::phoneFormat($phone);
|
||||||
$d->save();
|
$d->save();
|
||||||
}
|
}
|
||||||
r2(U . 'accounts/profile', 's', 'Phone number updated successfully');
|
|
||||||
|
|
||||||
|
r2(U . 'accounts/profile', 's', Lang::T('Phone number updated successfully'));
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
|
|||||||
@ -475,6 +475,21 @@
|
|||||||
<p class="help-block col-md-4">{Lang::T('OTP is required when user want to change phone
|
<p class="help-block col-md-4">{Lang::T('OTP is required when user want to change phone
|
||||||
number')}</p>
|
number')}</p>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="form-group">
|
||||||
|
<label class="col-md-2 control-label">{Lang::T('OTP Method')}</label>
|
||||||
|
<div class="col-md-6">
|
||||||
|
<select name="phone_otp_type" id="phone_otp_type" class="form-control">
|
||||||
|
<option value="sms" {if $_c['phone_otp_type']=='sms' }selected="selected" {/if}>
|
||||||
|
{Lang::T('SMS')}
|
||||||
|
<option value="whatsapp" {if $_c['phone_otp_type']=='whatsapp' }selected="selected"
|
||||||
|
{/if}> {Lang::T('WhatsApp')}
|
||||||
|
<option value="both" {if $_c['phone_otp_type']=='both' }selected="selected" {/if}>
|
||||||
|
{Lang::T('SMS and WhatsApp')}
|
||||||
|
</option>
|
||||||
|
</select>
|
||||||
|
</div>
|
||||||
|
<p class="help-block col-md-4">{Lang::T('The method which OTP will be sent to user')}</p>
|
||||||
|
</div>
|
||||||
</div>
|
</div>
|
||||||
{* <div class="panel-heading" id="envato">
|
{* <div class="panel-heading" id="envato">
|
||||||
<div class="btn-group pull-right">
|
<div class="btn-group pull-right">
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user