connect_errno) { echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error; return null; } // Set charset to utf8mb4 $mysqli->set_charset("utf8mb4"); return $mysqli;}// Function to check and reconnect if necessaryfunction checkAndReconnect(&$mysqli, $host, $username, $password, $database) { if (!$mysqli || $mysqli->ping() === false) { $mysqli = getPersistentMySQLiConnection($host, $username, $password, $database); }}// Database connection parameters$zakoboUserDBParams = [ 'host' => '185.132.127.160', 'username' => 'zakobo_main_db', 'password' => 'VhpGwuC2w3FQajgtfGxU', 'database' => 'zakobo_main_db'];$zakoboDBParams = [ 'host' => '185.132.127.160', 'username' => 'zakobo_customer_db', 'password' => 't9dMefrphNDxKLjabtCn', 'database' => 'zakobo_customer_db'];$unionDBParams = [ 'host' => '185.132.127.160', 'username' => 'zakobo_unions', 'password' => 'RG4KqGpQ4WnhPtjGedJE', 'database' => 'zakobo_unions'];$govermentDBParams = [ 'host' => '185.132.127.160', 'username' => 'zakobo_goverments', 'password' => 'CrW8twJqLpJmNsvYPyQD', 'database' => 'zakobo_goverments'];$zakoboDB = getPersistentMySQLiConnection( $zakoboDBParams['host'], $zakoboDBParams['username'], $zakoboDBParams['password'], $zakoboDBParams['database']);$baseSiteURL = str_replace("www.", "", strtolower($_SERVER['HTTP_HOST']));checkAndReconnect($zakoboDB, $zakoboDBParams['host'], $zakoboDBParams['username'], $zakoboDBParams['password'], $zakoboDBParams['database']);if ($stmt = $zakoboDB->prepare("SELECT db_host, db_login, db_pass, db_name, mapsLoc, clubname, url, ID, user_id, client_id, clubType, maintenance FROM customers WHERE url = ?")) { $stmt->bind_param("s", $baseSiteURL); if ($stmt->execute()) { $stmt->bind_result($siteMainDBHost, $siteMainDBUsr, $siteMainDBPass, $siteMainDBName, $siteMainMapsLoc, $siteMainClubName, $siteMainClubUrl, $siteMainClubID, $siteMainWebID, $siteMainClientID, $siteMainClubType, $siteMaintenance); $stmt->fetch(); $stmt->close(); }}// Get global tokensif ($stmt = $zakoboDB->prepare("SELECT token FROM siteTokens WHERE type = 'digisense'")) { if ($stmt->execute()) { $stmt->bind_result($digisenseToken); $stmt->fetch(); $stmt->close(); }}$currentWebsiteURL = "https://" . $_SERVER['HTTP_HOST'];$mainSiteDBNameVar = $siteMainDBName;$mysqli = getPersistentMySQLiConnection($siteMainDBHost, $siteMainDBUsr, $siteMainDBPass, $siteMainDBName);checkAndReconnect($mysqli, $siteMainDBHost, $siteMainDBUsr, $siteMainDBPass, $siteMainDBName);if ($mysqli->connect_errno) { echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;}$mysqli->set_charset("utf8mb4");$mysqli->query("SET collation_connection = utf8mb4_general_ci");function getUserIp() { if (!empty($_SERVER['HTTP_CLIENT_IP'])) { //ip from share internet $ip = $_SERVER['HTTP_CLIENT_IP']; } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { //ip pass from proxy $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip = $_SERVER['REMOTE_ADDR']; } return $ip;}// create validation tokenfunction generateUserToken($userID, $isZakoboAdmin = 0) { global $mysqli; $token = base64_encode(openssl_random_pseudo_bytes(64)); $userIP = getUserIp(); $sql = "DELETE FROM user_tokens WHERE userID = ?"; if ($stmt = $mysqli->prepare($sql)) { $stmt->bind_param("i", $userID); if ($stmt->execute()) { $stmt->close(); $sqlGenerateUserToken = "INSERT INTO user_tokens (token, userID, ip_address, isZakoboAdmin) VALUES(?,?,?,?)"; if ($stmtGenerateUserToken = $mysqli->prepare($sqlGenerateUserToken)) { $stmtGenerateUserToken->bind_param("sisi", $token, $userID, $userIP, $isZakoboAdmin); if ($stmtGenerateUserToken->execute()) { $stmtGenerateUserToken->close(); $newLife = new DateTime(); $newLife->modify("+30 minutes"); $_SESSION['tokenLife'] = $newLife->format("Y-m-d H:i:s"); return $token; } } } }}function deleteUserToken($token) { global $mysqli; $sql = "DELETE FROM user_tokens WHERE token = ?"; if ($stmt = $mysqli->prepare($sql)) { $stmt->bind_param("s", $token); if ($stmt->execute()) { $stmt->close(); } }}// validate validation tokenfunction validateToken($token) { global $mysqli; $userIP = getUserIp(); if ($stmt = $mysqli->prepare("SELECT COUNT(ID) as validTokens, lastUpdate, userID FROM user_tokens WHERE token = '$token' AND ip_address = '$userIP'")) { if ($stmt->execute()) { $stmt->bind_result($validTokens, $lastUpdate, $userID); $stmt->fetch(); $stmt->close(); if ($validTokens == 1) { $curTime = new DateTime(); $curTime->modify("-30 minutes"); $lastUpdate = new DateTime($lastUpdate); if ($lastUpdate > $curTime) { // reset token timer $sql = "UPDATE user_tokens SET lastUpdate = NOW() WHERE token = ?"; if ($stmt = $mysqli->prepare($sql)) { $stmt->bind_param("s", $token); if ($stmt->execute()) { $stmt->close(); } } $newLife = new DateTime(); $newLife->modify("+30 minutes"); $_SESSION['tokenLife'] = $newLife->format("Y-m-d H:i:s"); return TRUE; } else { deleteUserToken($token); session_destroy(); return FALSE; } } else { deleteUserToken($token); return FALSE; } } else { deleteUserToken($token); return FALSE; } } else { deleteUserToken($token); return FALSE; }}function userAccessViaToken($token) { global $mysqli; $tokenAccess = array(); if (validateToken($token)) { $isZakoboAdmin = 0; if ($stmt = $mysqli->prepare("SELECT lastUpdate, userID, isZakoboAdmin FROM user_tokens WHERE token = '$token'")) { if ($stmt->execute()) { $stmt->bind_result($lastUpdate, $userID, $isZakoboAdmin); $stmt->fetch(); $stmt->close(); if ($isZakoboAdmin == 1) { $AllUserRolesStr = 'frontRead,pageRead,contactFormRead,menuRead,newsRead,blogRead,galleryRead,libaryRead,instructorLibaryRead,calendarRead,' . 'teamRead,seasonalControlRead,levelsRead,seasonalPreferenceRead,locationOverviewRead,lessonRead,groupRead,' . 'horseRead,stableRead,' . 'skvRead,weaponRead,weaponHandlingRead,shootingPartyRead,' . 'userRead,memberRapportRead,accessControlRead,packageSignRead,volunteerRead,roleRead,' . 'scheduleRead,eventRead,mailRead,' . 'shopItemRead,shopSaleRead,shopRegisterRead,shopRegisterRapportRead,' . 'rentalBadmintonItemRead,reantalBadmintonSaleRead,' . 'rentalItemRead,reantalSaleRead,' . 'invoiceRead,accCustomersRead,bookRead,receiptArchiveRead,accRead,accCreateRead,budgetRead,yearAccRead,' . 'setGenRead,setInfoRead,setPaymentRead,setDiscRead,setExtraFieldRead,setLocationRead,setTermsRead' . ',setCFRRead,setClosingRead,setMailTextRead,setGDPRRead,messengerControl,websiteMetaRead,fitnessRead'; $tokenAccess['frontendAccess'][] = "userCanUploadReceipts"; $tokenAccess['frontendAccess'][] = "userCanACcessTeamOffice"; $tokenAccess['frontendAccess'][] = "userHaveScheduleAccess"; $rightArr = explode(",", $AllUserRolesStr); foreach ($rightArr as $K => $V) { if (!in_array($V, $tokenAccess)) { $tokenAccess[] = $V; } } } else { // collect user access types $sql = "SELECT users_roles.rightStr AS rightStr, " . "users_roles.receiptUpload AS receiptUpload, " . "users_roles.officeAccess AS officeAccess, " . "users_roles.scheduleAccess AS scheduleAccess " . "FROM users_roles " . "INNER JOIN users_role_to_user " . "ON users_role_to_user.roleID = users_roles.ID " . "WHERE users_role_to_user.userID = ?"; if ($stmt = $mysqli->prepare($sql)) { $stmt->bind_param("i", $userID); if ($stmt->execute()) { $res = $stmt->get_result(); while ($row = $res->fetch_assoc()) { $rightStr = $row['rightStr']; $receiptUpload = $row['receiptUpload']; $officeAccess = $row['officeAccess']; $scheduleAccess = $row['scheduleAccess']; if ($receiptUpload > 0) { $tokenAccess['frontendAccess'][] = "userCanUploadReceipts"; } if ($officeAccess > 0) { $tokenAccess['frontendAccess'][] = "userCanACcessTeamOffice"; } if ($scheduleAccess > 0) { $tokenAccess['frontendAccess'][] = "userHaveScheduleAccess"; } $rightArr = explode(",", $rightStr); foreach ($rightArr as $K => $V) { if (!in_array($V, $tokenAccess) && !empty($V)) { $tokenAccess[] = $V; } } } $stmt->close(); } } } } } } return $tokenAccess;}function doesUserHaveRole($token) { global $mysqli; $doesUserHaveRoles = 0; if (validateToken($token)) { $isZakoboAdmin = 0; if ($stmt = $mysqli->prepare("SELECT lastUpdate, userID, isZakoboAdmin FROM user_tokens WHERE token = '$token'")) { if ($stmt->execute()) { $stmt->bind_result($lastUpdate, $userID, $isZakoboAdmin); $stmt->fetch(); $stmt->close(); if ($isZakoboAdmin == 1) { return true; } else { // collect user access types $sql = "SELECT COUNT(ID) FROM users_role_to_user WHERE userID = ?"; if ($stmt = $mysqli->prepare($sql)) { $stmt->bind_param("i", $userID); if ($stmt->execute()) { $stmt->bind_result($doesUserHaveRoles); $stmt->fetch(); $stmt->close(); if ($doesUserHaveRoles > 0) { return true; } else { return false; } } } } } } } return false;}// Check if user is a Zakobo adminfunction zakoboAdminToken($token) { global $mysqli; if (validateToken($token)) { $isZakoboAdmin = 0; if ($stmt = $mysqli->prepare("SELECT lastUpdate, userID, isZakoboAdmin FROM user_tokens WHERE token = '$token'")) { if ($stmt->execute()) { $stmt->bind_result($lastUpdate, $userID, $isZakoboAdmin); $stmt->fetch(); $stmt->close(); if ($isZakoboAdmin == 1) { return TRUE; } else { return FALSE; } } else { return FALSE; } } else { return FALSE; } } else { return FALSE; }}// Return userID from tokenfunction convertTokenToUser($token) { global $mysqli; if ($stmt = $mysqli->prepare("SELECT userID FROM user_tokens WHERE token = '$token'")) { if ($stmt->execute()) { $stmt->bind_result($userID); $stmt->fetch(); $stmt->close(); if ($userID > 0) { return $userID; } else { return NULL; } } }}function validatePasswordStrength($password) { $uppercase = preg_match('@[A-Z]@', $password); $lowercase = preg_match('@[a-z]@', $password); $number = preg_match('@[0-9]@', $password); $specialChars = preg_match('@[^\w]@', $password); if (!$uppercase || !$lowercase || !$number || strlen($password) < 8) { return FALSE; } else { return TRUE; }}if (isset($_SESSION['token'])) { if (validateToken($_SESSION['token'])) { $currentUserIDFromToken = convertTokenToUser($_SESSION['token']); } else { $currentUserIDFromToken = NULL; }} else { $currentUserIDFromToken = NULL;}// Check for cross site login$crossSiteProfileEnabled = 0;$isSiteMainClub = 0;$sqlCrossSite = "SELECT COUNT(ID) AS totalCount, COUNT(CASE WHEN mainClub = ? THEN 1 END) AS mainClubCount, mainClubFROM club_linkWHERE mainClub = ? OR clubID = ?LIMIT 1";if ($stmt = $zakoboDB->prepare($sqlCrossSite)) { $stmt->bind_param("iii", $siteMainClubID, $siteMainClubID, $siteMainClubID); if ($stmt->execute()) { $stmt->bind_result($crossSiteProfileEnabled, $isSiteMainClub, $crossSiteMainClubID); $stmt->fetch(); $stmt->close(); }}if ($stmt = $zakoboDB->prepare("SELECT version FROM version_control ORDER BY version DESC LIMIT 1")) { if ($stmt->execute()) { $stmt->bind_result($versionControl); $stmt->fetch(); $stmt->close(); }}if ($stmt = $zakoboDB->prepare("SELECT user, pass, cfrLink FROM cfr_info WHERE ID = 1")) { if ($stmt->execute()) { $stmt->bind_result($cfrUserName, $cfrPassWord, $cfrLinkStr); $stmt->fetch(); $stmt->close(); }}$mainBankAcc = null;$defVatOutAcc = null;$defVatInAcc = null;$accDimensionsCreated = null;$pointExpenseAcc = 0;$pointPassiveAcc = 0;$sql = "SELECT 'mainBankAcc' AS type, ID FROM acc_accountPlan WHERE def = 1 AND type = 5 UNION ALL SELECT 'defVatOutAcc' AS type, ID FROM acc_accountPlan WHERE vatOut = 1 UNION ALL SELECT 'defVatInAcc' AS type, ID FROM acc_accountPlan WHERE vatIn = 1 UNION ALL SELECT 'defOtherVatAcc' AS type, ID FROM acc_accountPlan WHERE vatOther = 1 UNION ALL SELECT 'accDimensionsCreated' AS type, COUNT(ID) FROM acc_accountPlan_dimension UNION ALL SELECT 'pointExpenseAcc' AS type, ID FROM acc_accountPlan WHERE discountAcc = 1 UNION ALL SELECT 'pointPassiveAcc' AS type, ID FROM acc_accountPlan WHERE pointPassiveDef = 1";if ($stmt = $mysqli->prepare($sql)) { if ($stmt->execute()) { $stmt->bind_result($type, $value); while ($stmt->fetch()) { switch ($type) { case 'mainBankAcc': $mainBankAcc = $value; break; case 'defVatOutAcc': $defVatOutAcc = $value; break; case 'defVatInAcc': $defVatInAcc = $value; break; case 'defOtherVatAcc': $defOtherVatAcc = $value; break; case 'accDimensionsCreated': $accDimensionsCreated = $value; break; case 'pointExpenseAcc': $pointExpenseAcc = $value; break; case 'pointPassiveAcc': $pointPassiveAcc = $value; break; } } $stmt->close(); }}// Use $mainBankAcc, $defVatOutAcc, $defVatInAcc, and $accDimensionsCreated as needed$sql = "SELECT * FROM aa_clubinfo WHERE ID = 1 ORDER BY ID ASC LIMIT 1";if ($stmt = $mysqli->prepare($sql)) { if ($stmt->execute()) { $res = $stmt->get_result(); if ($row = $res->fetch_assoc()) { $clubTypeArr = explode(",", $row['clubTypes']); $clubSmSName = $row['smsName']; $clubName = $row['name']; foreach ($row as $K => $V) { $K = "clubInfo_" . $K; $$K = $V; } } } $stmt->close();}$sqlAttNum = "SELECT curNum FROM acc_attNum WHERE ID = 1";if ($stmtAttNum = $mysqli->prepare($sqlAttNum)) { if ($stmtAttNum->execute()) { $stmtAttNum->bind_result($curAttNum); $stmtAttNum->fetch(); $stmtAttNum->close(); }}$sql = "SELECT * FROM general_settings ORDER BY ID ASC LIMIT 1";if ($stmt = $mysqli->prepare($sql)) { if ($stmt->execute()) { $res = $stmt->get_result(); while ($row = $res->fetch_assoc()) { foreach ($row as $K => $V) { $K = "gs_" . $K; $$K = $V; } } } $stmt->close();}$sql = "SELECT accessTypes, dbuID, dhuID, zaPay, crossSIteMainClub, mailIP, SMTPUsername, mailAddress, mailPass, mailPort, encryptionType, mailApiFrom, mailNews, mailInfo, mailApiID, mailApiSecret, accessStatus, accessURL, accessUser, accessPass, accessBuffer FROM zakobo_settings WHERE ID = 1";if ($stmt = $mysqli->prepare($sql)) { if ($stmt->execute()) { $stmt->bind_result( $accessTypes, $clubDBUID, $clubDHUID, $clubZaPay, $clubCrossSIteMainClub, $phpmail_IP, $phpmail_SMTPUser, $phpmail_Address, $phpmail_Pass, $phpmail_Port, $phpmail_Encryption, $conn_mailApiFrom, $conn_mailNews, $conn_mailInfo, $conn_mailApiID, $conn_mailApiSecret, $zas_accessStatus, $zas_accessURL, $zas_accessUser, $zas_accessPass, $zas_accessBuffer ); $stmt->fetch(); $stmt->close(); $accessTypesArr = explode(",", $accessTypes); }}// Get mail List UUID$sql = "SELECT type, uuid FROM mail_lists WHERE type IN ('info', 'news')";if ($stmt = $mysqli->prepare($sql)) { if ($stmt->execute()) { $stmt->bind_result($type, $uuid); while ($stmt->fetch()) { if ($type == 'info') { $mailListInfoUUID = $uuid; } elseif ($type == 'news') { $mailListNewsUUID = $uuid; } } $stmt->close(); }}$curUserSignUpTeamOverall = 0;if ($stmt = $mysqli->prepare("SELECT gender, birthDate, familiyID FROM users_main WHERE ID = ?")) { $stmt->bind_param("i", $currentUserIDFromToken); if ($stmt->execute()) { $stmt->bind_result($curUserGender, $curUserBirthDate, $curUserFamID); $stmt->fetch(); $stmt->close(); $dateOfBirth = new DateTime($curUserBirthDate); $todaysDate = new DateTime('today'); $curUserAge = $dateOfBirth->diff($todaysDate)->y; if ($stmt = $mysqli->prepare("SELECT COUNT(ID) FROM team_memberList WHERE (userID = ? OR (famID = ? AND NOT famID = 0)) AND type = 1")) { $stmt->bind_param("ii", $currentUserIDFromToken, $curUserFamID); if ($stmt->execute()) { $stmt->bind_result($curUserSignUpTeamOverall); $stmt->fetch(); $stmt->close(); } } }}include dirname(__FILE__) . '/sharedFunctions.php';