mitrobill/system/controllers/accounts.php

<?php

/**
 *  PHP Mikrotik Billing (https://github.com/hotspotbilling/phpnuxbill/)
 *  by https://t.me/ibnux
 **/


_auth();
$ui->assign('_title', Lang::T('My Account'));
$ui->assign('_system_menu', 'accounts');

$action = $routes['1'];
$user = User::_info();
$ui->assign('_user', $user);

switch ($action) {

    case 'change-password':
        run_hook('customer_view_change_password'); #HOOK
        $ui->display('user-change-password.tpl');
        break;

    case 'change-password-post':
        $password = _post('password');
        run_hook('customer_change_password'); #HOOK
        if ($password != '') {
            $d = ORM::for_table('tbl_customers')->where('username', $user['username'])->find_one();
            if ($d) {
                $d_pass = $d['password'];
                $npass = _post('npass');
                $cnpass = _post('cnpass');

                if (Password::_uverify($password, $d_pass) == true) {
                    if (!Validator::Length($npass, 15, 2)) {
                        r2(U . 'accounts/change-password', 'e', 'New Password must be 3 to 14 character');
                    }
                    if ($npass != $cnpass) {
                        r2(U . 'accounts/change-password', 'e', 'Both Password should be same');
                    }

                    $c = ORM::for_table('tbl_user_recharges')->where('username', $user['username'])->find_one();
                    if ($c) {
                        $p = ORM::for_table('tbl_plans')->where('id', $c['plan_id'])->find_one();
                        if ($p['is_radius']) {
                            if ($c['type'] == 'Hotspot' || ($c['type'] == 'PPPOE' && empty($d['pppoe_password']))) {
                                Radius::customerUpsert($d, $p);
                            }
                        } else {
                            $mikrotik = Mikrotik::info($c['routers']);
                            $client = Mikrotik::getClient($mikrotik['ip_address'], $mikrotik['username'], $mikrotik['password']);
                            if ($c['type'] == 'Hotspot') {
                                Mikrotik::setHotspotUser($client, $c['username'], $npass);
                                Mikrotik::removeHotspotActiveUser($client, $user['username']);
                            } else if (empty($d['pppoe_password'])) {
                                // only change when pppoe_password empty
                                Mikrotik::setPpoeUser($client, $c['username'], $npass);
                                Mikrotik::removePpoeActive($client, $user['username']);
                            }
                        }
                    }
                    $d->password = $npass;
                    $d->save();

                    _msglog('s', Lang::T('Password changed successfully, Please login again'));
                    _log('[' . $user['username'] . ']: Password changed successfully', 'User', $user['id']);

                    r2(U . 'login');
                } else {
                    r2(U . 'accounts/change-password', 'e', Lang::T('Incorrect Current Password'));
                }
            } else {
                r2(U . 'accounts/change-password', 'e', Lang::T('Incorrect Current Password'));
            }
        } else {
            r2(U . 'accounts/change-password', 'e', Lang::T('Incorrect Current Password'));
        }
        break;

    case 'profile':
        $d = ORM::for_table('tbl_customers')->find_one($user['id']);
        if ($d) {
            run_hook('customer_view_edit_profile'); #HOOK
            $ui->assign('d', $d);
            $ui->display('user-profile.tpl');
        } else {
            r2(U . 'home', 'e', Lang::T('Account Not Found'));
        }
        break;

    case 'edit-profile-post':
        $fullname = _post('fullname');
        $address = _post('address');
        $email = _post('email');
        $phonenumber = _post('phonenumber');
        run_hook('customer_edit_profile'); #HOOK
        $msg = '';
        if (Validator::Length($fullname, 31, 2) == false) {
            $msg .= 'Full Name should be between 3 to 30 characters' . '<br>';
        }
        if (Validator::UnsignedNumber($phonenumber) == false) {
            $msg .= 'Phone Number must be a number' . '<br>';
        }

        $d = ORM::for_table('tbl_customers')->find_one($user['id']);
        if ($d) {
        } else {
            $msg .= Lang::T('Data Not Found') . '<br>';
        }

        if ($msg == '') {
            $d->fullname = $fullname;
            $d->address = $address;
            $d->email = $email;
            $d->phonenumber = $phonenumber;
            $d->save();

            _log('[' . $user['username'] . ']: ' . Lang::T('User Updated Successfully'), 'User', $user['id']);
            r2(U . 'accounts/profile', 's', Lang::T('User Updated Successfully'));
        } else {
            r2(U . 'accounts/profile', 'e', $msg);
        }
        break;


    case 'phone-update':

        $d = ORM::for_table('tbl_customers')->find_one($user['id']);
        if ($d) {
            //run_hook('customer_view_edit_profile'); #HOOK
            $ui->assign('d', $d);
            $ui->display('user-phone-update.tpl');
        } else {
            r2(U . 'home', 'e', Lang::T('Account Not Found'));
        }
        break;

    case 'phone-update-otp':
        $phone = _post('phone');
        $username = $user['username'];
        $otpPath = $CACHE_PATH . '/sms/';

        // Validate the phone number format
        if (!preg_match('/^[0-9]{10,}$/', $phone)) {
            r2(U . 'accounts/phone-update', 'e', Lang::T('Invalid phone number format'));
        }

        if (empty($config['sms_url'])) {
            r2(U . 'accounts/phone-update', 'e', Lang::T('SMS server not Available, Please try again later'));
        }

        if (!empty($config['sms_url'])) {
            if (!empty($phone)) {
                $d = ORM::for_table('tbl_customers')->where('username', $username)->where('phonenumber', $phone)->find_one();
                if ($d) {
                    r2(U . 'accounts/phone-update', 'e', Lang::T('You cannot use your current phone number'));
                }
                if (!file_exists($otpPath)) {
                    mkdir($otpPath);
                    touch($otpPath . 'index.html');
                }
                $otpFile = $otpPath . sha1($username . $db_password) . ".txt";
                $phoneFile = $otpPath . sha1($username . $db_password) . "_phone.txt";

                // expired 10 minutes
                if (file_exists($otpFile) && time() - filemtime($otpFile) < 1200) {
                    r2(U . 'accounts/phone-update', 'e', Lang::T('Please wait ' . (1200 - (time() - filemtime($otpFile))) . ' seconds before sending another SMS'));
                } else {
                    $otp = rand(100000, 999999);
                    file_put_contents($otpFile, $otp);
                    file_put_contents($phoneFile, $phone);
                    // send send OTP to user
                    if ($config['phone_otp_type'] === 'sms') {
                        Message::sendSMS($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");
                    } elseif ($config['phone_otp_type'] === 'whatsapp') {
                        Message::sendWhatsapp($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");
                    } elseif ($config['phone_otp_type'] === 'both') {
                        Message::sendSMS($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");
                        Message::sendWhatsapp($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");
                    }
                    //redirect after sending OTP
                    r2(U . 'accounts/phone-update', 'e', Lang::T('Verification code has been sent to your phone'));
                }
            }
        }

        break;

    case 'phone-update-post':
        $phone = _post('phone');
        $otp_code = _post('otp');
        $username = $user['username'];
        $otpPath = $CACHE_PATH . '/sms/';

        // Validate the phone number format
        if (!preg_match('/^[0-9]{10,}$/', $phone)) {
            r2(U . 'accounts/phone-update', 'e', Lang::T('Invalid phone number format'));
            exit();
        }

        if (!empty($config['sms_url'])) {
            $otpFile = $otpPath . sha1($username . $db_password) . ".txt";
            $phoneFile = $otpPath . sha1($username . $db_password) . "_phone.txt";

            // Check if OTP file exists
            if (!file_exists($otpFile)) {
                r2(U . 'accounts/phone-update', 'e', Lang::T('Please request OTP first'));
                exit();
            }

            // expired 10 minutes
            if (time() - filemtime($otpFile) > 1200) {
                unlink($otpFile);
                unlink($phoneFile);
                r2(U . 'accounts/phone-update', 'e', Lang::T('Verification code expired'));
                exit();
            } else {
                $code = file_get_contents($otpFile);

                // Check if OTP code matches
                if ($code != $otp_code) {
                    r2(U . 'accounts/phone-update', 'e', Lang::T('Wrong Verification code'));
                    exit();
                }

                // Check if the phone number matches the one that requested the OTP
                $savedPhone = file_get_contents($phoneFile);
                if ($savedPhone !== $phone) {
                    r2(U . 'accounts/phone-update', 'e', Lang::T('The phone number does not match the one that requested the OTP'));
                    exit();
                }

                // OTP verification successful, delete OTP and phone number files
                unlink($otpFile);
                unlink($phoneFile);
            }
        } else {
            r2(U . 'accounts/phone-update', 'e', Lang::T('SMS server not available'));
            exit();
        }

        // Update the phone number in the database
        $d = ORM::for_table('tbl_customers')->where('username', $username)->find_one();
        if ($d) {
            $d->phonenumber = Lang::phoneFormat($phone);
            $d->save();
        }

        r2(U . 'accounts/profile', 's', Lang::T('Phone number updated successfully'));
        break;

    default:
        $ui->display('a404.tpl');
}
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`<?php`
Fix redirect and check user in database 2023-06-15 17:06:22 +07:00
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`/**`
show error stacktrace 2023-10-12 15:47:45 +07:00			`* PHP Mikrotik Billing (https://github.com/hotspotbilling/phpnuxbill/)`
Change credits 2023-10-12 15:55:42 +07:00			`* by https://t.me/ibnux`
Fix redirect and check user in database 2023-06-15 17:06:22 +07:00			`**/`
show error stacktrace 2023-10-12 15:47:45 +07:00

PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`_auth();`
Auto Translate Language 2024-02-13 13:54:01 +07:00			`$ui->assign('_title', Lang::T('My Account'));`
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`$ui->assign('_system_menu', 'accounts');`

			`$action = $routes['1'];`
			`$user = User::_info();`
			`$ui->assign('_user', $user);`

			`switch ($action) {`
Show error, and fix IP Port custom 2022-08-23 16:33:21 +07:00
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`case 'change-password':`
add hook 2022-09-18 00:00:40 +07:00			`run_hook('customer_view_change_password'); #HOOK`
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`$ui->display('user-change-password.tpl');`
			`break;`

			`case 'change-password-post':`
			`$password = _post('password');`
add menu hook 2022-09-17 22:34:55 +07:00			`run_hook('customer_change_password'); #HOOK`
Fix redirect and check user in database 2023-06-15 17:06:22 +07:00			`if ($password != '') {`
			`$d = ORM::for_table('tbl_customers')->where('username', $user['username'])->find_one();`
			`if ($d) {`
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`$d_pass = $d['password'];`
Fix redirect and check user in database 2023-06-15 17:06:22 +07:00			`$npass = _post('npass');`
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`$cnpass = _post('cnpass');`
Show error, and fix IP Port custom 2022-08-23 16:33:21 +07:00
Fix redirect and check user in database 2023-06-15 17:06:22 +07:00			`if (Password::_uverify($password, $d_pass) == true) {`
			`if (!Validator::Length($npass, 15, 2)) {`
			`r2(U . 'accounts/change-password', 'e', 'New Password must be 3 to 14 character');`
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`}`
Fix redirect and check user in database 2023-06-15 17:06:22 +07:00			`if ($npass != $cnpass) {`
			`r2(U . 'accounts/change-password', 'e', 'Both Password should be same');`
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`}`

Fix redirect and check user in database 2023-06-15 17:06:22 +07:00			`$c = ORM::for_table('tbl_user_recharges')->where('username', $user['username'])->find_one();`
			`if ($c) {`
Radius name reserved 2023-10-04 16:25:21 +07:00			`$p = ORM::for_table('tbl_plans')->where('id', $c['plan_id'])->find_one();`
Update: New Features "Miscellaneous" [option] OTP is required when user want to change phone number. admin can choose option in [Miscellaneous] 2024-02-21 00:15:36 +01:00			`if ($p['is_radius']) {`
			`if ($c['type'] == 'Hotspot' \|\| ($c['type'] == 'PPPOE' && empty($d['pppoe_password']))) {`
Customer update insert 2023-10-12 13:27:44 +07:00			`Radius::customerUpsert($d, $p);`
Persiapan Radius Mode 2022-09-07 16:11:35 +07:00			`}`
Update: New Features "Miscellaneous" [option] OTP is required when user want to change phone number. admin can choose option in [Miscellaneous] 2024-02-21 00:15:36 +01:00			`} else {`
Radius name reserved 2023-10-04 16:25:21 +07:00			`$mikrotik = Mikrotik::info($c['routers']);`
			`$client = Mikrotik::getClient($mikrotik['ip_address'], $mikrotik['username'], $mikrotik['password']);`
			`if ($c['type'] == 'Hotspot') {`
Update: New Features "Miscellaneous" [option] OTP is required when user want to change phone number. admin can choose option in [Miscellaneous] 2024-02-21 00:15:36 +01:00			`Mikrotik::setHotspotUser($client, $c['username'], $npass);`
			`Mikrotik::removeHotspotActiveUser($client, $user['username']);`
			`} else if (empty($d['pppoe_password'])) {`
Radius name reserved 2023-10-04 16:25:21 +07:00			`// only change when pppoe_password empty`
			`Mikrotik::setPpoeUser($client, $c['username'], $npass);`
Fix redirect and check user in database 2023-06-15 17:06:22 +07:00			`Mikrotik::removePpoeActive($client, $user['username']);`
Persiapan Radius Mode 2022-09-07 16:11:35 +07:00			`}`
Fix redirect and check user in database 2023-06-15 17:06:22 +07:00			`}`
Radius name reserved 2023-10-04 16:25:21 +07:00			`}`
			`$d->password = $npass;`
			`$d->save();`
Show error, and fix IP Port custom 2022-08-23 16:33:21 +07:00
Auto Translate Language 2024-02-13 13:54:01 +07:00			`_msglog('s', Lang::T('Password changed successfully, Please login again'));`
Radius name reserved 2023-10-04 16:25:21 +07:00			`_log('[' . $user['username'] . ']: Password changed successfully', 'User', $user['id']);`
Show error, and fix IP Port custom 2022-08-23 16:33:21 +07:00
Radius name reserved 2023-10-04 16:25:21 +07:00			`r2(U . 'login');`
Fix redirect and check user in database 2023-06-15 17:06:22 +07:00			`} else {`
Auto Translate Language 2024-02-13 13:54:01 +07:00			`r2(U . 'accounts/change-password', 'e', Lang::T('Incorrect Current Password'));`
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`}`
Fix redirect and check user in database 2023-06-15 17:06:22 +07:00			`} else {`
Auto Translate Language 2024-02-13 13:54:01 +07:00			`r2(U . 'accounts/change-password', 'e', Lang::T('Incorrect Current Password'));`
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`}`
Fix redirect and check user in database 2023-06-15 17:06:22 +07:00			`} else {`
Auto Translate Language 2024-02-13 13:54:01 +07:00			`r2(U . 'accounts/change-password', 'e', Lang::T('Incorrect Current Password'));`
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`}`
			`break;`

			`case 'profile':`
Fix redirect and check user in database 2023-06-15 17:06:22 +07:00			`$d = ORM::for_table('tbl_customers')->find_one($user['id']);`
			`if ($d) {`
add hook 2022-09-18 00:00:40 +07:00			`run_hook('customer_view_edit_profile'); #HOOK`
Fix redirect and check user in database 2023-06-15 17:06:22 +07:00			`$ui->assign('d', $d);`
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`$ui->display('user-profile.tpl');`
Fix redirect and check user in database 2023-06-15 17:06:22 +07:00			`} else {`
Update accounts.php fix lang function 2024-02-21 10:13:05 +01:00			`r2(U . 'home', 'e', Lang::T('Account Not Found'));`
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`}`
			`break;`

			`case 'edit-profile-post':`
			`$fullname = _post('fullname');`
			`$address = _post('address');`
change to adminlte 2 2022-10-15 23:18:24 +07:00			`$email = _post('email');`
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`$phonenumber = _post('phonenumber');`
add menu hook 2022-09-17 22:34:55 +07:00			`run_hook('customer_edit_profile'); #HOOK`
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`$msg = '';`
Fix redirect and check user in database 2023-06-15 17:06:22 +07:00			`if (Validator::Length($fullname, 31, 2) == false) {`
			`$msg .= 'Full Name should be between 3 to 30 characters' . '<br>';`
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`}`
Fix redirect and check user in database 2023-06-15 17:06:22 +07:00			`if (Validator::UnsignedNumber($phonenumber) == false) {`
			`$msg .= 'Phone Number must be a number' . '<br>';`
			`}`

			`$d = ORM::for_table('tbl_customers')->find_one($user['id']);`
			`if ($d) {`
			`} else {`
Auto Translate Language 2024-02-13 13:54:01 +07:00			`$msg .= Lang::T('Data Not Found') . '<br>';`
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`}`

Fix redirect and check user in database 2023-06-15 17:06:22 +07:00			`if ($msg == '') {`
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`$d->fullname = $fullname;`
Fix redirect and check user in database 2023-06-15 17:06:22 +07:00			`$d->address = $address;`
			`$d->email = $email;`
			`$d->phonenumber = $phonenumber;`
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`$d->save();`
Show error, and fix IP Port custom 2022-08-23 16:33:21 +07:00
Auto Translate Language 2024-02-13 13:54:01 +07:00			`_log('[' . $user['username'] . ']: ' . Lang::T('User Updated Successfully'), 'User', $user['id']);`
			`r2(U . 'accounts/profile', 's', Lang::T('User Updated Successfully'));`
Fix redirect and check user in database 2023-06-15 17:06:22 +07:00			`} else {`
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`r2(U . 'accounts/profile', 'e', $msg);`
			`}`
			`break;`
Show error, and fix IP Port custom 2022-08-23 16:33:21 +07:00
Bug Fix: OTP bugs add phone number validation to prevent invalid phone number, phone number must be 10 digits up fix issue with updating phone number without OTP 2024-02-21 10:02:31 +01:00
Update: New Features "Miscellaneous" [option] OTP is required when user want to change phone number. admin can choose option in [Miscellaneous] 2024-02-21 00:15:36 +01:00			`case 'phone-update':`

			`$d = ORM::for_table('tbl_customers')->find_one($user['id']);`
			`if ($d) {`
			`//run_hook('customer_view_edit_profile'); #HOOK`
			`$ui->assign('d', $d);`
			`$ui->display('user-phone-update.tpl');`
			`} else {`
			`r2(U . 'home', 'e', Lang::T('Account Not Found'));`
			`}`
			`break;`

			`case 'phone-update-otp':`
			`$phone = _post('phone');`
			`$username = $user['username'];`
Path Configuration 2024-02-26 14:38:04 +07:00			`$otpPath = $CACHE_PATH . '/sms/';`
Update: New Features "Miscellaneous" [option] OTP is required when user want to change phone number. admin can choose option in [Miscellaneous] 2024-02-21 00:15:36 +01:00
Bug Fix: OTP bugs add phone number validation to prevent invalid phone number, phone number must be 10 digits up fix issue with updating phone number without OTP 2024-02-21 10:02:31 +01:00			`// Validate the phone number format`
			`if (!preg_match('/^[0-9]{10,}$/', $phone)) {`
			`r2(U . 'accounts/phone-update', 'e', Lang::T('Invalid phone number format'));`
			`}`

Update: New Features "Miscellaneous" [option] OTP is required when user want to change phone number. admin can choose option in [Miscellaneous] 2024-02-21 00:15:36 +01:00			`if (empty($config['sms_url'])) {`
			`r2(U . 'accounts/phone-update', 'e', Lang::T('SMS server not Available, Please try again later'));`
			`}`

			`if (!empty($config['sms_url'])) {`
			`if (!empty($phone)) {`
			`$d = ORM::for_table('tbl_customers')->where('username', $username)->where('phonenumber', $phone)->find_one();`
			`if ($d) {`
			`r2(U . 'accounts/phone-update', 'e', Lang::T('You cannot use your current phone number'));`
			`}`
			`if (!file_exists($otpPath)) {`
			`mkdir($otpPath);`
			`touch($otpPath . 'index.html');`
			`}`
			`$otpFile = $otpPath . sha1($username . $db_password) . ".txt";`
			`$phoneFile = $otpPath . sha1($username . $db_password) . "_phone.txt";`

			`// expired 10 minutes`
			`if (file_exists($otpFile) && time() - filemtime($otpFile) < 1200) {`
			`r2(U . 'accounts/phone-update', 'e', Lang::T('Please wait ' . (1200 - (time() - filemtime($otpFile))) . ' seconds before sending another SMS'));`
			`} else {`
			`$otp = rand(100000, 999999);`
			`file_put_contents($otpFile, $otp);`
			`file_put_contents($phoneFile, $phone);`
Bug Fix: OTP bugs add phone number validation to prevent invalid phone number, phone number must be 10 digits up fix issue with updating phone number without OTP 2024-02-21 10:02:31 +01:00			`// send send OTP to user`
Update accounts.php Fix OTP not sending bug 2024-02-21 11:58:13 +01:00			`if ($config['phone_otp_type'] === 'sms') {`
Bug Fix: OTP bugs add phone number validation to prevent invalid phone number, phone number must be 10 digits up fix issue with updating phone number without OTP 2024-02-21 10:02:31 +01:00			`Message::sendSMS($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");`
Update accounts.php Fix OTP not sending bug 2024-02-21 11:58:13 +01:00			`} elseif ($config['phone_otp_type'] === 'whatsapp') {`
Bug Fix: OTP bugs add phone number validation to prevent invalid phone number, phone number must be 10 digits up fix issue with updating phone number without OTP 2024-02-21 10:02:31 +01:00			`Message::sendWhatsapp($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");`
Update accounts.php Fix OTP not sending bug 2024-02-21 11:58:13 +01:00			`} elseif ($config['phone_otp_type'] === 'both') {`
Bug Fix: OTP bugs add phone number validation to prevent invalid phone number, phone number must be 10 digits up fix issue with updating phone number without OTP 2024-02-21 10:02:31 +01:00			`Message::sendSMS($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");`
			`Message::sendWhatsapp($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");`
			`}`
Path Configuration 2024-02-26 14:38:04 +07:00			`//redirect after sending OTP`
Update: New Features "Miscellaneous" [option] OTP is required when user want to change phone number. admin can choose option in [Miscellaneous] 2024-02-21 00:15:36 +01:00			`r2(U . 'accounts/phone-update', 'e', Lang::T('Verification code has been sent to your phone'));`
			`}`
			`}`
			`}`

			`break;`

			`case 'phone-update-post':`
			`$phone = _post('phone');`
			`$otp_code = _post('otp');`
			`$username = $user['username'];`
Path Configuration 2024-02-26 14:38:04 +07:00			`$otpPath = $CACHE_PATH . '/sms/';`
Update: New Features "Miscellaneous" [option] OTP is required when user want to change phone number. admin can choose option in [Miscellaneous] 2024-02-21 00:15:36 +01:00
Bug Fix: OTP bugs add phone number validation to prevent invalid phone number, phone number must be 10 digits up fix issue with updating phone number without OTP 2024-02-21 10:02:31 +01:00			`// Validate the phone number format`
			`if (!preg_match('/^[0-9]{10,}$/', $phone)) {`
			`r2(U . 'accounts/phone-update', 'e', Lang::T('Invalid phone number format'));`
			`exit();`
			`}`

Update: New Features "Miscellaneous" [option] OTP is required when user want to change phone number. admin can choose option in [Miscellaneous] 2024-02-21 00:15:36 +01:00			`if (!empty($config['sms_url'])) {`
			`$otpFile = $otpPath . sha1($username . $db_password) . ".txt";`
			`$phoneFile = $otpPath . sha1($username . $db_password) . "_phone.txt";`
Bug Fix: OTP bugs add phone number validation to prevent invalid phone number, phone number must be 10 digits up fix issue with updating phone number without OTP 2024-02-21 10:02:31 +01:00
			`// Check if OTP file exists`
			`if (!file_exists($otpFile)) {`
			`r2(U . 'accounts/phone-update', 'e', Lang::T('Please request OTP first'));`
			`exit();`
			`}`

Update: New Features "Miscellaneous" [option] OTP is required when user want to change phone number. admin can choose option in [Miscellaneous] 2024-02-21 00:15:36 +01:00			`// expired 10 minutes`
Bug Fix: OTP bugs add phone number validation to prevent invalid phone number, phone number must be 10 digits up fix issue with updating phone number without OTP 2024-02-21 10:02:31 +01:00			`if (time() - filemtime($otpFile) > 1200) {`
Update: New Features "Miscellaneous" [option] OTP is required when user want to change phone number. admin can choose option in [Miscellaneous] 2024-02-21 00:15:36 +01:00			`unlink($otpFile);`
			`unlink($phoneFile);`
Bug Fix: OTP bugs add phone number validation to prevent invalid phone number, phone number must be 10 digits up fix issue with updating phone number without OTP 2024-02-21 10:02:31 +01:00			`r2(U . 'accounts/phone-update', 'e', Lang::T('Verification code expired'));`
			`exit();`
			`} else {`
Update: New Features "Miscellaneous" [option] OTP is required when user want to change phone number. admin can choose option in [Miscellaneous] 2024-02-21 00:15:36 +01:00			`$code = file_get_contents($otpFile);`
Bug Fix: OTP bugs add phone number validation to prevent invalid phone number, phone number must be 10 digits up fix issue with updating phone number without OTP 2024-02-21 10:02:31 +01:00
			`// Check if OTP code matches`
Update: New Features "Miscellaneous" [option] OTP is required when user want to change phone number. admin can choose option in [Miscellaneous] 2024-02-21 00:15:36 +01:00			`if ($code != $otp_code) {`
Bug Fix: OTP bugs add phone number validation to prevent invalid phone number, phone number must be 10 digits up fix issue with updating phone number without OTP 2024-02-21 10:02:31 +01:00			`r2(U . 'accounts/phone-update', 'e', Lang::T('Wrong Verification code'));`
			`exit();`
			`}`

			`// Check if the phone number matches the one that requested the OTP`
			`$savedPhone = file_get_contents($phoneFile);`
			`if ($savedPhone !== $phone) {`
			`r2(U . 'accounts/phone-update', 'e', Lang::T('The phone number does not match the one that requested the OTP'));`
Update: New Features "Miscellaneous" [option] OTP is required when user want to change phone number. admin can choose option in [Miscellaneous] 2024-02-21 00:15:36 +01:00			`exit();`
			`}`
Bug Fix: OTP bugs add phone number validation to prevent invalid phone number, phone number must be 10 digits up fix issue with updating phone number without OTP 2024-02-21 10:02:31 +01:00
			`// OTP verification successful, delete OTP and phone number files`
			`unlink($otpFile);`
			`unlink($phoneFile);`
Update: New Features "Miscellaneous" [option] OTP is required when user want to change phone number. admin can choose option in [Miscellaneous] 2024-02-21 00:15:36 +01:00			`}`
Bug Fix: OTP bugs add phone number validation to prevent invalid phone number, phone number must be 10 digits up fix issue with updating phone number without OTP 2024-02-21 10:02:31 +01:00			`} else {`
			`r2(U . 'accounts/phone-update', 'e', Lang::T('SMS server not available'));`
			`exit();`
Update: New Features "Miscellaneous" [option] OTP is required when user want to change phone number. admin can choose option in [Miscellaneous] 2024-02-21 00:15:36 +01:00			`}`

Bug Fix: OTP bugs add phone number validation to prevent invalid phone number, phone number must be 10 digits up fix issue with updating phone number without OTP 2024-02-21 10:02:31 +01:00			`// Update the phone number in the database`
Update: New Features "Miscellaneous" [option] OTP is required when user want to change phone number. admin can choose option in [Miscellaneous] 2024-02-21 00:15:36 +01:00			`$d = ORM::for_table('tbl_customers')->where('username', $username)->find_one();`
			`if ($d) {`
			`$d->phonenumber = Lang::phoneFormat($phone);`
			`$d->save();`
			`}`

Bug Fix: OTP bugs add phone number validation to prevent invalid phone number, phone number must be 10 digits up fix issue with updating phone number without OTP 2024-02-21 10:02:31 +01:00			`r2(U . 'accounts/profile', 's', Lang::T('Phone number updated successfully'));`
Update: New Features "Miscellaneous" [option] OTP is required when user want to change phone number. admin can choose option in [Miscellaneous] 2024-02-21 00:15:36 +01:00			`break;`

PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`default:`
404 2023-09-27 15:01:48 +07:00			`$ui->display('a404.tpl');`
Fix redirect and check user in database 2023-06-15 17:06:22 +07:00			`}`