From d3edc3c48b498e66c53048c21d56bc2fa9370600 Mon Sep 17 00:00:00 2001
From: lgb <353856593@qq.com>
Date: Mon, 1 Apr 2024 21:39:43 +0800
Subject: [PATCH] login update user lang

---
 app/Http/Middleware/VerifyCsrfToken.php |  3 ++-
 include/constants.php                   |  4 ++--
 include/globalfunctions.php             | 20 +++++++++++++-------
 public/takelogin.php                    | 10 +++++++++-
 4 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/app/Http/Middleware/VerifyCsrfToken.php b/app/Http/Middleware/VerifyCsrfToken.php
index 0c13b854..a082ad95 100644
--- a/app/Http/Middleware/VerifyCsrfToken.php
+++ b/app/Http/Middleware/VerifyCsrfToken.php
@@ -6,12 +6,13 @@ use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;
 
 class VerifyCsrfToken extends Middleware
 {
+    const TG_WEBHOOK_PREFIX = "tg-webhook";
     /**
      * The URIs that should be excluded from CSRF verification.
      *
      * @var array
      */
     protected $except = [
-        //
+        self::TG_WEBHOOK_PREFIX . "/*"
     ];
 }
diff --git a/include/constants.php b/include/constants.php
index 9e98bf34..fde4393a 100644
--- a/include/constants.php
+++ b/include/constants.php
@@ -1,6 +1,6 @@
 <?php
-defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.8.11');
-defined('RELEASE_DATE') || define('RELEASE_DATE', '2024-03-27');
+defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.8.12');
+defined('RELEASE_DATE') || define('RELEASE_DATE', '2024-04-01');
 defined('IN_TRACKER') || define('IN_TRACKER', false);
 defined('PROJECTNAME') || define("PROJECTNAME","NexusPHP");
 defined('NEXUSPHPURL') || define("NEXUSPHPURL","https://nexusphp.org");
diff --git a/include/globalfunctions.php b/include/globalfunctions.php
index 6a552fe7..2e9bf4ed 100644
--- a/include/globalfunctions.php
+++ b/include/globalfunctions.php
@@ -470,20 +470,26 @@ function arr_set(&$array, $key, $value)
 
 function isHttps(): bool
 {
-    $schema = nexus()->getRequestSchema();
-    return $schema == 'https';
+    if (isRunningInConsole()) {
+        $securityLogin = get_setting("security.securelogin");
+        if ($securityLogin != "no") {
+            return true;
+        }
+        return false;
+    }
+    return nexus()->getRequestSchema() == 'https';
 }
 
 
-function getSchemeAndHttpHost()
+function getSchemeAndHttpHost(bool $fromConfig = false)
 {
-    global $BASEURL;
-    if (isRunningInConsole()) {
-        return $BASEURL;
+    if (isRunningInConsole() || $fromConfig) {
+        $host = get_setting("basic.BASEURL");
+    } else {
+        $host = nexus()->getRequestHost();
     }
     $isHttps = isHttps();
     $protocol = $isHttps ? 'https' : 'http';
-    $host = nexus()->getRequestHost();
     return "$protocol://" . $host;
 }
 
diff --git a/public/takelogin.php b/public/takelogin.php
index 48c8964a..ee3edcea 100644
--- a/public/takelogin.php
+++ b/public/takelogin.php
@@ -16,7 +16,7 @@ function bark($text = "")
 }
 if ($iv == "yes")
 	check_code ($_POST['imagehash'], $_POST['imagestring'],'login.php',true);
-$res = sql_query("SELECT id, passhash, secret, enabled, status, two_step_secret FROM users WHERE username = " . sqlesc($username));
+$res = sql_query("SELECT id, passhash, secret, enabled, status, two_step_secret, lang FROM users WHERE username = " . sqlesc($username));
 $row = mysql_fetch_array($res);
 
 if (!$row)
@@ -83,6 +83,14 @@ else
 
 do_log($log);
 
+//update user lang
+$language = \App\Models\Language::query()->where("site_lang_folder", get_langfolder_cookie())->first();
+if ($language && $language->id != $row["lang"]) {
+    do_log(sprintf("update user: %s lang: %s => %s", $row["id"], $row["lang"], $language->id));
+    \App\Models\User::query()->where("id", $row["id"])->update(["lang" => $language->id]);
+    clear_user_cache($row["id"]);
+}
+
 if (isset($_POST["logout"]) && $_POST["logout"] == "yes")
 {
 	logincookie($row["id"], $passh,1,900,$securelogin_indentity_cookie, $ssl, $trackerssl);