giangnait
diff --git a/‎.gitignore
+1 b/‎.gitignore
+1
diff --git a/‎admin/language/edit.php
+15-11 b/‎admin/language/edit.php
+15-11
diff --git a/‎admin/settings/system.php
+6-4 b/‎admin/settings/system.php
+6-4
diff --git a/‎includes/core/admin_login.php
+10-8 b/‎includes/core/admin_login.php
+10-8
diff --git a/‎includes/functions.php
+33-12 b/‎includes/functions.php
+33-12
diff --git a/‎install/index.php
+5-3 b/‎install/index.php
+5-3
diff --git a/‎install/tpl/step6.tpl
+2-2 b/‎install/tpl/step6.tpl
+2-2
@@ -17,6 +17,7 @@
 /data/logs/voting_logs/
 /data/tmp/*
 /uploads/logo_*
+/assets/logo_*
 /install/default.php
 
 composer.lock
 
@@ -12,8 +12,7 @@
     die('Stop!!!');
 }
 
-$select_options = array();
-
+$select_options = [];
 $contents = '';
 
 $xtpl = new XTemplate('edit.tpl', NV_ROOTDIR . '/themes/' . $global_config['module_theme'] . '/modules/' . $module_file);
@@ -27,14 +26,19 @@
     $idfile = $nv_Request->get_int('idfile', 'post', 0);
 
     $authorSubmit = isset($_POST['pozauthor']['author']) ? $_POST['pozauthor']['author'] : '';
-    if (preg_match('/^([^\<]+)\<([^\>]+)\>$/', $authorSubmit, $m) and nv_check_valid_email(trim($m[2])) == '') {
-        $authorSubmit = trim(strip_tags($m[1])) . ' <' . trim($m[2]) . '>';
+    if (preg_match('/^([^\<]+)\<([^\>]+)\>$/', $authorSubmit, $m)) {
+        $check = nv_check_valid_email(trim($m[2]), true);
+        if ($check[0] == '') {
+            $authorSubmit = trim(strip_tags($m[1])) . ' <' . $check[1] . '>';
+        } else {
+            $authorSubmit = false;
+        }
     } else {
         $authorSubmit = false;
     }
 
-    $lang_translator = $nv_Request->get_array('pozauthor', 'post', array());
-    $lang_translator_save = array();
+    $lang_translator = $nv_Request->get_array('pozauthor', 'post', []);
+    $lang_translator_save = [];
 
     $langtype = isset($lang_translator['langtype']) ? strip_tags($lang_translator['langtype']) : 'lang_module';
 
@@ -59,7 +63,7 @@
 
     nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['nv_admin_edit'] . ' -> ' . $language_array[$dirlang]['name'], $module . ' : idfile = ' . $idfile, $admin_info['userid']);
 
-    $pozlang = $nv_Request->get_array('pozlang', 'post', array());
+    $pozlang = $nv_Request->get_array('pozlang', 'post', []);
 
     if (!empty($pozlang)) {
         $sth = $db->prepare('UPDATE ' . NV_LANGUAGE_GLOBALTABLE . ' SET lang_' . $dirlang . '= :lang_value WHERE id= :id');
@@ -71,8 +75,8 @@
         }
     }
 
-    $pozlangkey = $nv_Request->get_array('pozlangkey', 'post', array());
-    $pozlangval = $nv_Request->get_array('pozlangval', 'post', array());
+    $pozlangkey = $nv_Request->get_array('pozlangkey', 'post', []);
+    $pozlangval = $nv_Request->get_array('pozlangval', 'post', []);
 
     $sizeof = sizeof($pozlangkey);
     $sth = $db->prepare('INSERT INTO ' . NV_LANGUAGE_GLOBALTABLE . ' (idfile, lang_key, lang_' . $dirlang . ') VALUES (' . $idfile . ', :lang_key, :lang_value)');
@@ -102,7 +106,7 @@
 
     if (!empty($dirlang) and !empty($module)) {
         if (empty($author_lang)) {
-            $array_translator = array();
+            $array_translator = [];
             $array_translator['author'] = '';
             $array_translator['createdate'] = '';
             $array_translator['copyright'] = '';
@@ -161,4 +165,4 @@
 
 include NV_ROOTDIR . '/includes/header.php';
 echo nv_admin_theme($contents);
-include NV_ROOTDIR . '/includes/footer.php';
+include NV_ROOTDIR . '/includes/footer.php';
@@ -50,8 +50,9 @@
     }
 
     $site_email = nv_substr($nv_Request->get_title('site_email', 'post', '', 1), 0, 255);
-    if (nv_check_valid_email($site_email) == '') {
-        $array_config_site['site_email'] = $site_email;
+    $check = nv_check_valid_email($site_email, true);
+    if ($check[0] == '') {
+        $array_config_site['site_email'] = $check[1];
     }
 
     $array_config_site['site_phone'] = nv_substr($nv_Request->get_title('site_phone', 'post', ''), 0, 20);
@@ -139,8 +140,9 @@
 
         $array_config_global['error_set_logs'] = $nv_Request->get_int('error_set_logs', 'post', 0);
         $error_send_email = nv_substr($nv_Request->get_title('error_send_email', 'post', '', 1), 0, 255);
-        if (nv_check_valid_email($error_send_email) == '') {
-            $array_config_global['error_send_email'] = $error_send_email;
+        $check = nv_check_valid_email($error_send_email, true);
+        if ($check[0] == '') {
+            $array_config_global['error_send_email'] = $check[1];
         }
 
         $array_config_global['cdn_url'] = '';
 
@@ -57,13 +57,13 @@ function validUserLog($array_user)
     );
 
     $stmt = $db->prepare("UPDATE " . NV_USERS_GLOBALTABLE . " SET
-		checknum = :checknum,
-		last_login = " . NV_CURRENTTIME . ",
-		last_ip = :last_ip,
-		last_agent = :last_agent,
-		last_openid = '',
-		remember = 1
-		WHERE userid=" . $array_user['userid']);
+        checknum = :checknum,
+        last_login = " . NV_CURRENTTIME . ",
+        last_ip = :last_ip,
+        last_agent = :last_agent,
+        last_openid = '',
+        remember = 1
+        WHERE userid=" . $array_user['userid']);
 
     $stmt->bindValue(':checknum', $checknum, PDO::PARAM_STR);
     $stmt->bindValue(':last_ip', NV_CLIENT_IP, PDO::PARAM_STR);
@@ -124,7 +124,9 @@ function validUserLog($array_user)
             }
         }
 
-        if (nv_check_valid_email($nv_username) == '') {
+        $check_email = nv_check_valid_email($nv_username, true);
+        if ($check_email[0] == '') {
+            $nv_username = $check_email[1];
             $sql = 't2.email =' . $db->quote($nv_username);
             $login_email = true;
         } else {
 
@@ -411,34 +411,55 @@ function nv_check_valid_pass($pass, $max, $min)
 }
 
 /**
- * nv_check_valid_email()
+ * Kiểm tra email có hợp lệ hay không
+ * Nếu $return = true thì trả về email đã được hợp chuẩn
  *
  * @param string $mail
- * @return
+ * @param boolean $return
+ * @return string
  */
-function nv_check_valid_email($mail)
+function nv_check_valid_email($mail, $return = false)
 {
     global $lang_global, $global_config;
 
-    $mail = strip_tags(trim($mail));
-
     if (empty($mail)) {
-        return $lang_global['email_empty'];
+        return $return ? [$lang_global['email_empty'], $mail] : $lang_global['email_empty'];
+    }
+
+    if ($return) {
+        $mail = nv_strtolower(strip_tags(trim($mail)));
+    }
+
+    // Email quy định ký tự @ xuất hiện 1 lần duy nhất
+    if (substr_count($mail, '@') !== 1) {
+        return $return ? [$lang_global['email_incorrect'], $mail] : $lang_global['email_incorrect'];
+    }
+
+    // Cắt email ra làm hai phần để kiểm tra
+    $_mail = explode('@', $mail);
+    $_mail_user = $_mail[0];
+    $_mail_domain = nv_check_domain($_mail[1]);
+
+    if (empty($_mail_domain)) {
+        return $return ? [$lang_global['email_incorrect'], $mail] : $lang_global['email_incorrect'];
     }
 
+    // Chuyển lại email từ Unicode domain thành IDNA ASCII
+    $mail = $_mail_user . '@' . $_mail_domain;
+
     if (function_exists('filter_var') and filter_var($mail, FILTER_VALIDATE_EMAIL) === false) {
-        return $lang_global['email_incorrect'];
+        return $return ? [$lang_global['email_incorrect'], $mail] : $lang_global['email_incorrect'];
     }
 
-    if (! preg_match($global_config['check_email'], $mail)) {
-        return $lang_global['email_incorrect'];
+    if (!preg_match($global_config['check_email'], $mail)) {
+        return $return ? [$lang_global['email_incorrect'], $mail] : $lang_global['email_incorrect'];
     }
 
-    if (! preg_match('/\.([a-z0-9\-]+)$/', $mail)) {
-        return $lang_global['email_incorrect'];
+    if (!preg_match('/\.([a-z0-9\-]+)$/', $mail)) {
+        return $return ? [$lang_global['email_incorrect'], $mail] : $lang_global['email_incorrect'];
     }
 
-    return '';
+    return $return ? ['', $mail] : '';
 }
 
 /**
 
@@ -749,6 +749,9 @@
     $array_data['re_password'] = $nv_Request->get_title('re_password', 'post', $array_data['re_password']);
     $array_data['lang_multi'] = (int) $nv_Request->get_bool('lang_multi', 'post', $array_data['lang_multi']);
 
+    $check_email = nv_check_valid_email($array_data['nv_email'], true);
+    $array_data['nv_email'] = $check_email[1];
+
     try {
         $array_data['question'] = $nv_Request->get_title('question', 'post', $array_data['question'], 1);
         $array_data['answer_question'] = $nv_Request->get_title('answer_question', 'post', $array_data['answer_question'], 1);
@@ -773,16 +776,15 @@
             } else {
                 $check_login = nv_check_valid_login($array_data['nv_login'], $global_config['nv_unickmax'], $global_config['nv_unickmin']);
                 $check_pass = nv_check_valid_pass($array_data['nv_password'], $global_config['nv_upassmax'], $global_config['nv_upassmin']);
-                $check_email = nv_check_valid_email($array_data['nv_email']);
 
                 if (empty($array_data['site_name'])) {
                     $error = $lang_module['err_sitename'];
                 } elseif (!empty($check_login)) {
                     $error = $check_login;
                 } elseif ("'" . $array_data['nv_login'] . "'" != $db->quote($array_data['nv_login'])) {
                     $error = sprintf($lang_module['account_deny_name'], '<strong>' . $array_data['nv_login'] . '</strong>');
-                } elseif (!empty($check_email)) {
-                    $error = $check_email;
+                } elseif (!empty($check_email[0])) {
+                    $error = $check_email[0];
                 } elseif (!empty($check_pass)) {
                     $error = $check_pass;
                 } elseif ($array_data['nv_password'] != $array_data['re_password']) {
 
@@ -43,7 +43,7 @@ $(document).ready(function(){
         <tr>
             <th scope="row" class="spec"> {LANG.admin_email} <span class="highlight_red">*</span></th>
             <td>
-            <input type="text" value="{DATA.nv_email}" name="nv_email" class="required email" id="nv_email_iavim"/>
+            <input type="email" value="{DATA.nv_email}" name="nv_email" class="required email" id="nv_email_iavim"/>
             </td>
             <td>{LANG.admin_email_note}</td>
         </tr>
@@ -106,4 +106,4 @@ $(document).ready(function(){
 document.getElementById('site_config').setAttribute("autocomplete", "off");
 //]]>
 </script>
-<!-- END: step -->
+<!-- END: step -->
Original file line number	Diff line number	Diff line change
`@@ -50,8 +50,9 @@`
`50`	`50`	`}`
`51`	`51`
`52`	`52`	`$site_email = nv_substr($nv_Request->get_title('site_email', 'post', '', 1), 0, 255);`
`53`		`- if (nv_check_valid_email($site_email) == '') {`
`54`		`- $array_config_site['site_email'] = $site_email;`
	`53`	`+ $check = nv_check_valid_email($site_email, true);`
	`54`	`+ if ($check[0] == '') {`
	`55`	`+ $array_config_site['site_email'] = $check[1];`
`55`	`56`	`}`
`56`	`57`
`57`	`58`	`$array_config_site['site_phone'] = nv_substr($nv_Request->get_title('site_phone', 'post', ''), 0, 20);`
`@@ -139,8 +140,9 @@`
`139`	`140`
`140`	`141`	`$array_config_global['error_set_logs'] = $nv_Request->get_int('error_set_logs', 'post', 0);`
`141`	`142`	`$error_send_email = nv_substr($nv_Request->get_title('error_send_email', 'post', '', 1), 0, 255);`
`142`		`- if (nv_check_valid_email($error_send_email) == '') {`
`143`		`- $array_config_global['error_send_email'] = $error_send_email;`
	`143`	`+ $check = nv_check_valid_email($error_send_email, true);`
	`144`	`+ if ($check[0] == '') {`
	`145`	`+ $array_config_global['error_send_email'] = $check[1];`
`144`	`146`	`}`
`145`	`147`
`146`	`148`	`$array_config_global['cdn_url'] = '';`