HEX
Server: LiteSpeed
System: Linux s1049.use1.mysecurecloudhost.com 4.18.0-477.27.2.lve.el8.x86_64 #1 SMP Wed Oct 11 12:32:56 UTC 2023 x86_64
User: xedaptot (3356)
PHP: 8.3.31
Disabled: NONE
Upload Files
File: /home/xedaptot/360.naniguide.com/backend/ajax/save_user.php
<?php
error_reporting(E_ALL & ~E_WARNING & ~E_NOTICE & ~E_DEPRECATED);
ob_start();
session_start();
if((($_SERVER['SERVER_ADDR']==$_SESSION['demo_server_ip']) && ($_SERVER['REMOTE_ADDR']!=$_SESSION['demo_developer_ip']) && ($_SESSION['id_user']==$_SESSION['demo_user_id'])) || ($_SESSION['svt_si']!=session_id())) {
    die();
}
require_once("../../db/connection.php");
require_once("../functions.php");
$settings = get_settings();
$id_user = $_SESSION['id_user'];
$user_info = get_user_info($id_user);
if(!empty($user_info['language'])) {
    set_language($user_info['language'],$settings['language_domain']);
} else {
    set_language($settings['language'],$settings['language_domain']);
}
session_write_close();
if(!get_user_role($id_user)=='administrator') {
    ob_end_clean();
    echo json_encode(array("status"=>"error"));
    exit;
}
$id_user = (int)$_POST['id_svt'];
$username = strip_tags($_POST['username_svt']);
$email = strip_tags($_POST['email_svt']);
$role = strip_tags($_POST['role_svt']);
if($role=='super_admin') {
    $super_admin = 1;
    $role = 'administrator';
} else {
    $super_admin = 0;
}
$id_plan = (int)$_POST['plan_svt'];
$active = (int)$_POST['active_svt'];
$language = strip_tags($_POST['language_svt']);
$expire_plan_date_manual_date = $_POST['expire_plan_date_manual_date_svt'];
$expire_plan_date_manual_time = $_POST['expire_plan_date_manual_time_svt'];
if(empty($expire_plan_date_manual_date) && empty($expire_plan_date_manual_time)) {
    $expire_plan_date_manual = NULL;
} else if(!empty($expire_plan_date_manual_date) && empty($expire_plan_date_manual_time)) {
    $expire_plan_date_manual = "$expire_plan_date_manual_date 23:59:00";
} else if(empty($expire_plan_date_manual_date) && !empty($expire_plan_date_manual_time)) {
    $expire_plan_date_manual = NULL;
} else {
    $expire_plan_date_manual = "$expire_plan_date_manual_date $expire_plan_date_manual_time";
}
$query_check = "SELECT id FROM svt_users WHERE username=? AND id!=?;";
if($smt = $mysqli->prepare($query_check)) {
    $smt->bind_param('si', $username, $id_user);
    $result_check = $smt->execute();
    if ($result_check) {
        $result_check = get_result($smt);
        if (count($result_check) > 0) {
            ob_end_clean();
            echo json_encode(array("status"=>"error","msg"=>_("Username already registered!")));
            exit;
        }
    }
}
$query_check = "SELECT id FROM svt_users WHERE email=? AND id!=?;";
if($smt = $mysqli->prepare($query_check)) {
    $smt->bind_param('si', $email, $id_user);
    $result_check = $smt->execute();
    if ($result_check) {
        $result_check = get_result($smt);
        if (count($result_check) > 0) {
            ob_end_clean();
            echo json_encode(array("status"=>"error","msg"=>_("E-mail already registered!")));
            exit;
        }
    }
}
$reload = 0;
$change_plan = false;
$query_check = "SELECT expire_plan_date_manual,id_plan FROM svt_users WHERE id=? LIMIT 1;";
if($smt = $mysqli->prepare($query_check)) {
    $smt->bind_param('i',  $id_user);
    $result_check = $smt->execute();
    if ($result_check) {
        $result_check = get_result($smt);
        if (count($result_check) == 1) {
            $row_check = array_shift($result_check);
            if(empty($row_check['expire_plan_date_manual'])) $row_check['expire_plan_date_manual']=NULL;
            if($row_check['expire_plan_date_manual']!=$expire_plan_date_manual) {
                $reload = 1;
            }
            if($row_check['id_plan']!=$id_plan) {
                $reload = 1;
                $change_plan = true;
            }
        }
    }
}
$query = "UPDATE svt_users SET username=?,email=?,role=?,super_admin=?,id_plan=?,active=?,language=?,expire_plan_date_manual=? WHERE id=?;";
if($smt = $mysqli->prepare($query)) {
    $smt->bind_param('sssiiissi', $username,$email,$role,$super_admin,$id_plan,$active,$language,$expire_plan_date_manual,$id_user);
    $result = $smt->execute();
    if($result) {
        update_plans_expires_date($id_user);
        if($change_plan) {
            $mysqli->query("UPDATE svt_users SET status_subscription_stripe=0,status_subscription_paypal=0,status_subscription_2checkout=0,id_subscription_stripe=NULL,id_subscription_paypal=NULL,status_subscription_2checkout=NULL WHERE id=$id_user;");
            if($settings['notify_plan_changes']) {
                $query = "SELECT u.id,u.username,u.email,p.name as plan FROM svt_users as u LEFT JOIN svt_plans as p ON p.id=u.id_plan WHERE u.id=$id_user;";
                $result = $mysqli->query($query);
                if($result) {
                    if($result->num_rows>0) {
                        while($row=$result->fetch_array(MYSQLI_ASSOC)) {
                            $username = $row['username'];
                            $email_u = $row['email'];
                            $plan = $row['plan'];
                            if(empty($plan)) $plan = _("None");
                            $subject = $settings['mail_plan_changed_subject'];
                            $body = $settings['mail_plan_changed_body'];
                            $body = str_replace("%USER_NAME%",$username,$body);
                            $body = str_replace("%PLAN_NAME%",$plan,$body);
                            $body = str_replace('<p><br></p>','<br>',$body);
                            $body = str_replace('<p>','<p style="padding:0;margin:0;">',$body);
                            $subject_q = str_replace("'","\'",$subject);
                            $body_q = str_replace("'","\'",$body);
                            $mysqli->query("INSERT INTO svt_notifications(id_user,subject,body,notify_user,notified) VALUES($id_user,'$subject_q','$body_q',1,0);");
                        }
                    }
                }
            }
        }
        ob_end_clean();
        echo json_encode(array("status"=>"ok","reload"=>$reload));
    } else {
        ob_end_clean();
        echo json_encode(array("status"=>"error","msg"=>_("An error has occurred, please try again later")));
    }
} else {
    ob_end_clean();
    echo json_encode(array("status"=>"error","msg"=>_("An error has occurred, please try again later")));
}