hotspotbilling/phpnuxbill
1
1
Fork 0
mirror of https://github.com/hotspotbilling/phpnuxbill.git synced 2025-02-24 23:45:38 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #111 from Focuslinkstech/Development

Browse source 
Bug Fix: OTP bugs
This commit is contained in:
iBNu Maksum 2024-02-21 16:13:26 +07:00 committed by GitHub
commit 3bdf44ddbe
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 68 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

71
system/controllers/accounts.php
View file

@ -84,7 +84,7 @@ switch ($action) {
$ui->assign('d', $d);
$ui->display('user-profile.tpl');
} else {
r2(U . 'home', 'e', $_L['Account_Not_Found']);
r2(U . 'home', 'e', Lang::T('Account Not Found'));
}
break;
@ -122,6 +122,7 @@ switch ($action) {
}
break;
case 'phone-update':
$d = ORM::for_table('tbl_customers')->find_one($user['id']);
@ -139,6 +140,11 @@ switch ($action) {
$username = $user['username'];
$otpPath = 'system/cache/sms/';
// Validate the phone number format
if (!preg_match('/^[0-9]{10,}$/', $phone)) {
r2(U . 'accounts/phone-update', 'e', Lang::T('Invalid phone number format'));
}
if (empty($config['sms_url'])) {
r2(U . 'accounts/phone-update', 'e', Lang::T('SMS server not Available, Please try again later'));
}
@ -163,7 +169,16 @@ switch ($action) {
$otp = rand(100000, 999999);
file_put_contents($otpFile, $otp);
file_put_contents($phoneFile, $phone);
Message::sendSMS($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");
// send send OTP to user
if ($_c['phone_otp_type'] === 'sms') {
Message::sendSMS($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");
} elseif ($_c['phone_otp_type'] === 'whatsapp') {
Message::sendWhatsapp($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");
} elseif ($_c['phone_otp_type'] === 'both') {
Message::sendSMS($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");
Message::sendWhatsapp($phone, $config['CompanyName'] . "\n Your Verification code is: $otp");
}
//redirect after sending OTP
r2(U . 'accounts/phone-update', 'e', Lang::T('Verification code has been sent to your phone'));
}
}
@ -177,41 +192,61 @@ switch ($action) {
$username = $user['username'];
$otpPath = 'system/cache/sms/';
// Validate the phone number format
if (!preg_match('/^[0-9]{10,}$/', $phone)) {
r2(U . 'accounts/phone-update', 'e', Lang::T('Invalid phone number format'));
exit();
}
if (!empty($config['sms_url'])) {
$otpFile = $otpPath . sha1($username . $db_password) . ".txt";
$phoneFile = $otpPath . sha1($username . $db_password) . "_phone.txt";
// Check if OTP file exists
if (!file_exists($otpFile)) {
r2(U . 'accounts/phone-update', 'e', Lang::T('Please request OTP first'));
exit();
}
// expired 10 minutes
if (file_exists($otpFile) && time() - filemtime($otpFile) > 1200) {
if (time() - filemtime($otpFile) > 1200) {
unlink($otpFile);
unlink($phoneFile);
r2(U . 'accounts/phone-update', 'e', 'Verification code expired');
} else if (file_exists($otpFile)) {
r2(U . 'accounts/phone-update', 'e', Lang::T('Verification code expired'));
exit();
} else {
$code = file_get_contents($otpFile);
// Check if OTP code matches
if ($code != $otp_code) {
r2(U . 'accounts/phone-update', 'e', 'Wrong Verification code');
r2(U . 'accounts/phone-update', 'e', Lang::T('Wrong Verification code'));
exit();
} elseif (file_exists($phoneFile)) {
$savedPhone = file_get_contents($phoneFile);
if ($savedPhone !== $phone) {
r2(U . 'accounts/phone-update', 'e', 'The phone number does not match the one that requested the OTP');
exit();
} else {
unlink($otpFile);
unlink($phoneFile);
}
} else {
r2(U . 'accounts/phone-update', 'e', 'No Verification code');
}
// Check if the phone number matches the one that requested the OTP
$savedPhone = file_get_contents($phoneFile);
if ($savedPhone !== $phone) {
r2(U . 'accounts/phone-update', 'e', Lang::T('The phone number does not match the one that requested the OTP'));
exit();
}
// OTP verification successful, delete OTP and phone number files
unlink($otpFile);
unlink($phoneFile);
}
} else {
r2(U . 'accounts/phone-update', 'e', Lang::T('SMS server not available'));
exit();
}
// Update the phone number in the database
$d = ORM::for_table('tbl_customers')->where('username', $username)->find_one();
if ($d) {
$d->phonenumber = Lang::phoneFormat($phone);
$d->save();
}
r2(U . 'accounts/profile', 's', 'Phone number updated successfully');
r2(U . 'accounts/profile', 's', Lang::T('Phone number updated successfully'));
break;
default:

15
ui/ui/app-settings.tpl
View file

@ -475,6 +475,21 @@
<p class="help-block col-md-4">{Lang::T('OTP is required when user want to change phone
number')}</p>
</div>
<div class="form-group">
<label class="col-md-2 control-label">{Lang::T('OTP Method')}</label>
<div class="col-md-6">
<select name="phone_otp_type" id="phone_otp_type" class="form-control">
<option value="sms" {if $_c['phone_otp_type']=='sms' }selected="selected" {/if}>
{Lang::T('SMS')}
<option value="whatsapp" {if $_c['phone_otp_type']=='whatsapp' }selected="selected"
{/if}> {Lang::T('WhatsApp')}
<option value="both" {if $_c['phone_otp_type']=='both' }selected="selected" {/if}>
{Lang::T('SMS and WhatsApp')}
</option>
</select>
</div>
<p class="help-block col-md-4">{Lang::T('The method which OTP will be sent to user')}</p>
</div>
</div>
{* <div class="panel-heading" id="envato">
<div class="btn-group pull-right">