HEX
Server: LiteSpeed
System: Linux s1049.use1.mysecurecloudhost.com 4.18.0-477.27.2.lve.el8.x86_64 #1 SMP Wed Oct 11 12:32:56 UTC 2023 x86_64
User: xedaptot (3356)
PHP: 8.3.31
Disabled: NONE
Upload Files
File: /home/xedaptot/360.naniguide.com/api/register.php
<?php
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
header("Access-Control-Allow-Methods: POST");
header("Access-Control-Max-Age: 3600");
header("Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With");
error_reporting(E_ALL & ~E_WARNING & ~E_NOTICE & ~E_DEPRECATED);
ob_start();
session_start();
require_once("../db/connection.php");
require_once("../backend/functions.php");
require_once("api_functions.php");
require_once("vendor/autoload.php");
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;
require_once('../backend/vendor/PHPMailer/Exception.php');
require_once('../backend/vendor/PHPMailer/PHPMailer.php');
require_once('../backend/vendor/PHPMailer/SMTP.php');

register_shutdown_function("fatal_handler");

$mail = new PHPMailer(true);
$mail_n = new PHPMailer(true);

$method = $_SERVER["REQUEST_METHOD"];
if($method!='POST') {
    ob_end_clean();
    http_response_code(405);
    echo json_encode(array("message"=>"invalid method $method"));
    exit;
}

switch($method) {
    case 'POST':
        if(!empty($_POST)) {
            $params = $_POST;
        } else {
            $content = trim(file_get_contents("php://input"));
            $params = json_decode($content, true);
        }
        break;
}

$saas = check_if_saas();

if(!$saas) {
    ob_end_clean();
    http_response_code(403);
    echo json_encode(array("message"=>"unauthorized"));
    exit;
}

$mandatory_params = ['username','email','password'];
check_api_missing_params($params,$mandatory_params);

if (is_ssl()) { $protocol = 'https'; } else { $protocol = 'http'; }
$base_url = $protocol ."://". $_SERVER['SERVER_NAME'] . str_replace("api/register.php","",$_SERVER['SCRIPT_NAME']);

register_user($params);
exit;

function register_user($params) {
    global $mysqli,$mail,$mail_n;
    $settings = get_settings();
    if (isset($params['id_plan']) && $params['id_plan'] !== '') {
        $id_plan = $params['id_plan'];
    } else {
        $id_plan = $settings['default_id_plan'];
    }
    $query_check = "SELECT id FROM svt_users WHERE username=?;";
    if($smt = $mysqli->prepare($query_check)) {
        $smt->bind_param('s', $params['username']);
        $result_check = $smt->execute();
        if ($result_check) {
            $result_check = get_result($smt);
            if (count($result_check) > 0) {
                ob_end_clean();
                http_response_code(201);
                echo json_encode(array("message"=>"Username {$params['username']} already registered"));
                exit;
            }
        }
    }
    $query_check = "SELECT id FROM svt_users WHERE email=?;";
    if($smt = $mysqli->prepare($query_check)) {
        $smt->bind_param('s', $params['email']);
        $result_check = $smt->execute();
        if ($result_check) {
            $result_check = get_result($smt);
            if (count($result_check) > 0) {
                ob_end_clean();
                http_response_code(202);
                echo json_encode(array("message"=>"E-Mail {$params['email']} already registered"));
                exit;
            }
        }
    }
    $validate_email = $settings['validate_email'];
    if($validate_email) {
        $active = 0;
        $hash = md5(rand(0,1000));
    } else {
        $active = 1;
        $hash = "";
    }
    $query = "INSERT INTO svt_users(username,email,password,role,id_plan,hash,active) VALUES(?,?,MD5(?),'customer',?,?,?); ";
    if ($smt = $mysqli->prepare($query)) {
        $smt->bind_param('sssisi', $params['username'], $params['email'], $params['password'], $id_plan, $hash,$active);
        $result = $smt->execute();
        if ($result) {
            $insert_id = $mysqli->insert_id;
            update_plans_expires_date($insert_id);
            validate_mail($validate_email,$params['email'],$insert_id);
            ob_end_clean();
            http_response_code(200);
            echo json_encode(array("message"=>"ok","id_user"=>$insert_id,"validate_mail"=>(int)$validate_email));
            exit;
        } else {
            ob_end_clean();
            http_response_code(500);
            echo json_encode(array("message"=>"error"));
            exit;
        }
    } else {
        ob_end_clean();
        http_response_code(500);
        echo json_encode(array("message"=>"error"));
        exit;
    }
}

function validate_mail($validate,$email,$id_user) {
    global $mysqli,$base_url,$mail,$mail_n;
    $settings = get_settings();
    $smtp_server = $settings['smtp_server'];
    $smtp_auth = $settings['smtp_auth'];
    $smtp_username = $settings['smtp_username'];
    $smtp_password = $settings['smtp_password'];
    $smtp_secure = $settings['smtp_secure'];
    $smtp_port = $settings['smtp_port'];
    $smtp_from_email = $settings['smtp_from_email'];
    $smtp_from_name = $settings['smtp_from_name'];
    $mail_activate_subject = $settings['mail_activate_subject'];
    $mail_activate_body = $settings['mail_activate_body'];
    $username = '';
    $query_m = "SELECT username FROM svt_users WHERE email='$email';";
    $result_m = $mysqli->query($query_m);
    if($result_m) {
        if ($result_m->num_rows == 1) {
            $row_m = $result_m->fetch_array(MYSQLI_ASSOC);
            $username = $row_m['username'];
        }
    }
    $notify_id=0;
    $body='';
    if($validate) {
        $query_m = "SELECT email,hash FROM svt_users WHERE id=$id_user;";
        $result_m = $mysqli->query($query_m);
        if($result_m) {
            if ($result_m->num_rows == 1) {
                $row_m = $result_m->fetch_array(MYSQLI_ASSOC);
                $email = $row_m['email'];
                $hash = $row_m['hash'];
                $url = $base_url."backend/validate_email.php?email=$email&hash=$hash";
                $subject = $mail_activate_subject;
                $mail_activate_body = str_replace("%LINK%","<a href='$url'>$url</a>",$mail_activate_body);
                $mail_activate_body = str_replace("%USER_NAME%",$username,$mail_activate_body);
                $body = $mail_activate_body;
            } else {
                ob_end_clean();
                http_response_code(500);
                echo json_encode(array("message"=>"error"));
                exit;
            }
        } else {
            ob_end_clean();
            http_response_code(500);
            echo json_encode(array("message"=>"error"));
            exit;
        }
        send_email($mail,$smtp_server,$smtp_auth,$smtp_username,$smtp_password,$smtp_secure,$smtp_port,$smtp_from_email,$smtp_from_name,$email,$subject,$body);
    }
    $notify_id=0;
    $body='';
    if($settings['notify_registrations']) {
        if(!empty($settings['notify_email'])) {
            $email = $settings['notify_email'];
        } else {
            $email = $settings['smtp_from_email'];
        }
        $subject = _("New registered user");
        $query = "SELECT u.username,u.email,u.expire_plan_date,p.name as plan FROM svt_users as u LEFT JOIN svt_plans as p ON p.id=u.id_plan WHERE u.id=$id_user;";
        $result = $mysqli->query($query);
        if($result) {
            if($result->num_rows==1) {
                $row = $result->fetch_array(MYSQLI_ASSOC);
                $username = $row['username'];
                $email_u = $row['email'];
                $plan = $row['plan'];
                $expire_plan_date = $row['expire_plan_date'];
            }
        }
        $body = _("Username").": $username<br>"._("E-Mail").": $email_u<br>"._("Plan").": $plan<br>"._("Expires on").": $expire_plan_date";
        $subject_q = str_replace("'","\'",$subject);
        $body_q = str_replace("'","\'",$body);
        $mysqli->query("INSERT INTO svt_notifications(id_user,subject,body,notified) VALUES($id_user,'$subject_q','$body_q',1);");
        send_email($mail_n,$smtp_server,$smtp_auth,$smtp_username,$smtp_password,$smtp_secure,$smtp_port,$smtp_from_email,$smtp_from_name,$email,$subject,$body);
    }
}

function send_email($mail,$smtp_server,$smtp_auth,$smtp_username,$smtp_password,$smtp_secure,$smtp_port,$smtp_from_email,$smtp_from_name,$email,$subject,$body) {
    global $mysqli,$verification_code,$id_user,$notify_id;
    $body = str_replace('<p><br></p>','<br>',$body);
    $body = str_replace('<p>','<p style="padding:0;margin:0;">',$body);
    try {
        $mail->isSMTP();
        $mail->CharSet = 'UTF-8';
        $mail->SMTPDebug = 1;
        $mail->Timeout = 10;
        $mail->Host = $smtp_server;
        $mail->SMTPAuth = $smtp_auth;
        $mail->Username = $smtp_username;
        $mail->Password = $smtp_password;
        switch($smtp_secure) {
            case 'ssl':
                $mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS;
                break;
            case 'tls':
                $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
                break;
        }
        $mail->Port = $smtp_port;
        $mail->setFrom($smtp_from_email, $smtp_from_name);
        $mail->addAddress($email);
        $mail->isHTML(true);
        $mail->Subject = $subject;
        $body = parse_body_images($body);
        $mail->Body = $body;
        $mail->send();
    } catch (Exception $e) {
        ob_end_clean();
        http_response_code(500);
        echo json_encode(array("message"=>$mail->ErrorInfo));
        exit;
    }
}

function parse_body_images($body) {
    global $mail;
    if(preg_match('/img.*?>/', $body)){
        preg_match_all('/(<img[^>]+>)/i', $body, $matches);
        $i = 1;
        foreach ($matches[0] as $img) {
            preg_match('/src="(.*?)"/', $img, $m);
            $src = $m[1];
            if ((strpos($src, 'http://') === 0 || strpos($src, 'https://') === 0)) {
                continue;
            }
            $id = 'img_' . ($i++);
            preg_match('/src="(.*?)"/', $img, $m);
            $imgdata = explode(',', $m[1]);
            $mime = explode(';', $imgdata[0]);
            $imgtype = explode(':', $mime[0]);
            $encodedData = str_replace(' ','+',$imgdata[1]);
            $decodedData = base64_decode($encodedData);
            $mail->AddStringEmbeddedImage($decodedData, $id, $id, $mime[1], $imgtype[1] );
            $body = str_replace($img, '<img alt="" src="cid:'.$id.'" style="border: none;" />', $body);
            $i++;
        }
    }
    return $body;
}