sys_debug(); try { if (! $this->isLogin) { $this->sys_error("Invalid Token"); exit; } $prm = $this->sys_input; } catch(Exception $exc) { $message = $exc->getMessage(); $this->sys_error($message); } } */ class Auth_V2 extends MY_Controller { var $db_onedev; public function index() { echo "AUTH API"; } public function __construct() { parent::__construct(); $this->db_onedev = $this->load->database("onedev", true); } function isLogin() { if (!$this->isLogin) { $this->sys_error("Invalid Token"); } else { $prm = $this->sys_input; $data = array( "user" => $this->sys_user ); $this->sys_ok($data); } } function multi_login() { // check in m_user //$sm_password = md5($this->one_salt . $prm["password"] . $this->one_salt); $prm = $this->sys_input; $sql = "select M_UserEmail from m_user where M_UserEmail = ? and M_UserIsActive = 'Y'"; $qry = $this->db->query($sql, [$prm["username"]]); if (!$qry) { $message = $this->db->error(); $this->sys_error($message); exit; } $rows = $qry->result_array(); if (count($rows) > 0) { $this->login(); exit; } // pic $sm_password = md5($this->one_salt . $prm["password"] . $this->one_salt); $sql_pic = " SELECT Mgm_McuUserID AS M_UserID, Mgm_McuUserEmail AS M_UserEmail, Mgm_McuUserEmail AS M_UserUsername, 'pic' AS M_UserGroupDashboard, 1 AS M_UserDefaultT_SampleStationID, Mgm_McuUserEmail AS M_StaffName, 'N' as is_courier, IFNULL(S_SystemsAutoLogoutTime,0) as time_autologout FROM mgm_mcuuser JOIN conf_systems ON S_SystemsIsActive = 'Y' AND Mgm_McuUserEmail = ? AND Mgm_McuUserPassword = ? AND Mgm_McuUserIsActive = 'Y' "; $query = $this->db->query($sql_pic, array($prm["username"], $sm_password)); if (!$query) { $message = $this->db->error(); $this->sys_error($message); exit; } $rows = $query->result_array(); if (count($rows) > 0) { $user = $rows[0]; $user['ip'] = $_SERVER['REMOTE_ADDR']; $user['agent'] = $_SERVER['HTTP_USER_AGENT']; //v2 $user['version'] = 'v2'; $user['last-login'] = date('Y-m-d H:i:s'); $token = JWT::encode($user, $this->SECRET_KEY); $data = array( "user" => $user, "token" => $token, "type" => "pic" ); $this->sys_ok($data); exit; } //patient $sql = " select authPatientID M_UserID, authPatientEmail M_UserEmail, authPatientEmail as M_UserUsername, 'patient' M_UserGroupDashboard, 1 as M_UserDefaultT_SampleStationID, M_PatientNAme M_StaffName, 'N' as is_courier, IFNULL(S_SystemsAutoLogoutTime,0) as time_autologout from auth_patient join m_patient on authPatientM_PatientID = M_PatientID and authPatientEmail=? and authPatientPassword=? JOIN conf_systems ON S_SystemsIsActive = 'Y' order by authPatientID desc limit 0,1"; $query = $this->db->query($sql, array($prm["username"], $sm_password)); if (!$query) { $message = $this->db->error(); $this->sys_error($message); exit; } $rows = $query->result_array(); if (count($rows) > 0) { $user = $rows[0]; $user['ip'] = $_SERVER['REMOTE_ADDR']; $user['agent'] = $_SERVER['HTTP_USER_AGENT']; //v2 $user['version'] = 'v2'; $user['last-login'] = date('Y-m-d H:i:s'); $token = JWT::encode($user, $this->SECRET_KEY); $data = array( "user" => $user, "token" => $token, "type" => "patient" ); $this->sys_ok($data); exit; } } function login() { $prm = $this->sys_input; try { $branchID = $prm["branchID"]; //existing password enc $sm_password = md5($this->one_salt . $prm["password"] . $this->one_salt); $query = $this->db_onedev->query("select M_UserID,M_UserEmail,M_UserEmail as M_UserUsername, IFNULL(M_UserLastActivityUrl,M_UserGroupDashboard) as M_UserGroupDashboard, 1 as M_UserDefaultT_SampleStationID, M_StaffName, 'N' as is_courier, M_BranchID, M_BranchName, IFNULL(S_SystemsAutoLogoutTime,0) as time_autologout from m_user join m_usergroup ON M_UserM_UserGroupID = M_UserGroupID left join m_staff on M_UserM_StaffID = M_StaffID JOIN conf_systems ON S_SystemsIsActive = 'Y' LEFT JOIN m_userlastactivity ON M_UserLastActivityM_UserID = M_UserID AND M_UserLastActivityIsActive = 'Y' LEFT JOIN m_branch ON M_BranchID = ? AND M_BranchIsActive = 'Y' where M_UserEmail = ? and M_UserPassword = ? and M_UserIsActive = 'Y' ", array($branchID, $prm["username"], $sm_password)); //echo $query; if (!$query) { $message = $this->db_onedev->error(); $this->sys_error($message); exit; } // echo $this->db_onedev->last_query(); $rows = $query->result_array(); if (count($rows) > 0) { if ($branchID == "0") { $rows[0]['M_BranchID'] = "0"; $rows[0]['M_BranchName'] = "MCU ONSITE"; } $user = $rows[0]; $user['ip'] = $_SERVER['REMOTE_ADDR']; $user['agent'] = $_SERVER['HTTP_USER_AGENT']; //v2 $user['version'] = 'v2'; $user['last-login'] = date('Y-m-d H:i:s'); $token = JWT::encode($user, $this->SECRET_KEY); $data = array( "user" => $user, "token" => $token, "type" => "cpone" ); $query = $this->db_onedev->query("update m_user SET M_UserIsLoggedIn = 'Y', M_UserLastAccess = now(), M_UserIsLoggedBranch = 'Y', M_UserActiveToken = '{$token}', M_UserLoginM_BranchID = '{$branchID}' WHERE M_UserID = ? ", array($user['M_UserID'])); if (!$query) { $message = $this->db_onedev->error(); $this->sys_error($message); exit; } $query = $this->db_onedev->query("INSERT INTO cpone_log.log_login(Log_LoginDateTime,Log_LoginIP,Log_LoginType,Log_LoginStatus,Log_LoginLogin) VALUES (?,?,?,?,?) ", array(date('Y-m-d H:i:s'), $_SERVER['REMOTE_ADDR'], 'LOGIN', 'SUCCESS', $prm["username"])); if (!$query) { $message = $this->db_onedev->error(); $this->sys_error($message); exit; } $this->sys_ok($data); exit; } $query = $this->db_onedev->query("INSERT INTO cpone_log.log_login(Log_LoginDateTime,Log_LoginIP,Log_LoginType,Log_LoginStatus,Log_LoginLogin) VALUES (?,?,?,?,?) ", array(date('Y-m-d H:i:s'), $this->input->ip_address(), 'LOGIN', 'FAILED', $prm["username"])); if (!$query) { $message = $this->db_onedev->error(); $this->sys_error($message); exit; } $this->sys_error_db("Invalid UserName / Password"); } catch (Exception $exc) { $message = $exc->getMessage(); $this->sys_error($message); } } function logout() { $prm = $this->sys_input; try { $query = $this->db_onedev->query( " UPDATE m_user SET M_UserIsLoggedIn = 'N', M_UserActiveToken = null WHERE M_UserID = ?", array($this->sys_user['M_UserID']) ); if (!$query) { $message = $this->db_onedev->error(); $this->sys_error($message); exit; } $this->db_onedev->query("INSERT INTO cpone_log.log_login(Log_LoginDateTime,Log_LoginIP,Log_LoginType,Log_LoginStatus,Log_LoginLogin) VALUES (?,?,?,?,?) ", array(date('Y-m-d H:i:s'), $_SERVER['REMOTE_ADDR'], 'LOGOUT', 'SUCCESS', $this->sys_user['M_UserEmail'])); $this->sys_ok("OK"); } catch (Exception $exc) { $message = $exc->getMessage(); $this->sys_error($message); } } function list_branch() { $query = "SELECT M_BranchID, M_BranchCode, M_BranchName FROM m_branch WHERE M_BranchIsActive = 'Y' "; $qry = $this->db_onedev->query($query); if (!$qry) { $message = $this->db_onedev->error(); $this->sys_error($message); exit; } $data = $qry->result_array(); $onsite = [ "M_BranchID" => "0", "M_BranchCode" => "00000000", "M_BranchName" => "MCU ONSITE" ]; $data[] = $onsite; $this->sys_ok($data); exit; } function multi_login_v2() { $prm = $this->sys_input; // check if its admin $sql = "SELECT M_UserEmail FROM m_user JOIN m_userlocation ON M_UserLocationM_UserID = M_UserID WHERE M_UserEmail = ? AND M_UserIsActive = 'Y'"; $qry = $this->db->query($sql, [$prm['username']]); if (!$qry) { $msg = $this->db->error(); $this->sys_error_db($msg); exit; } $rows = $qry->result_array(); if (count($rows) > 0) { $this->login_v2(); exit; } // check if its pic $sm_password = md5($this->one_salt . $prm['password'] . $this->one_salt); $sqlpic = "SELECT Mgm_McuUserID AS M_UserID, Mgm_McuUserEmail AS M_UserEmail, Mgm_McuUserEmail AS M_UserUsername, 'pic' AS M_UserGroupDashboard, 1 AS M_UserDefaultT_SampleStationID, Mgm_McuUserEmail AS M_StaffName, 'N' as is_courier, IFNULL(S_SystemsAutoLogoutTime,0) as time_autologout FROM mgm_mcuuser JOIN conf_systems ON S_SystemsIsActive = 'Y' AND Mgm_McuUserEmail = ? AND Mgm_McuUserPassword = ? AND Mgm_McuUserIsActive = 'Y' "; $qrypic = $this->db->query($sqlpic, [$prm['username'], $sm_password]); if (!$qrypic) { $msg = $this->db->error(); $this->sys_error($msg); exit; } $rowpic = $qrypic->result_array(); if (count($rowpic) > 0) { $user = $rowpic[0]; $user['ip'] = $_SERVER['REMOTE_ADDR']; $user['agent'] = $_SERVER['HTTP_USER_AGENT']; //v2 $user['version'] = 'v2'; $user['last-login'] = date('Y-m-d H:i:s'); $token = JWT::encode($user, $this->SECRET_KEY); $data = array( "user" => $user, "token" => $token, "type" => "pic" ); $this->sys_ok($data); exit; } // check if its patient $sqlpat = "SELECT authPatientID M_UserID, authPatientEmail M_UserEmail, authPatientEmail AS M_UserUsername, 'patient' M_UserGroupDashboard, 1 AS M_UserDefaultT_SampleStationID, M_PatientNAme M_StaffName, 'N' as is_courier, IFNULL(S_SystemsAutoLogoutTime,0) as time_autologout FROM auth_patient JOIN m_patient ON authPatientM_PatientID = M_PatientID AND authPatientEmail= ? AND authPatientPassword= ? JOIN conf_systems ON S_SystemsIsActive = 'Y' ORDER BY authPatientID DESC LIMIT 0,1"; $qrypat = $this->db->query($sqlpat, [$prm['username'], $sm_password]); if (!$qrypat) { $msg = $this->db->error(); $this->sys_error($msg); exit; } $rowpat = $qrypat->result_array(); if (count($rowpat) > 0) { $user = $rowpat[0]; $user['ip'] = $_SERVER['REMOTE_ADDR']; $user['agent'] = $_SERVER['HTTP_USER_AGENT']; //v2 $user['version'] = 'v2'; $user['last-login'] = date('Y-m-d H:i:s'); $token = JWT::encode($user, $this->SECRET_KEY); $data = array( "user" => $user, "token" => $token, "type" => "patient" ); $this->sys_ok($data); exit; } $this->sys_error("Invalid username / password"); } function login_v2() { $prm = $this->sys_input; try { $sm_password = md5($this->one_salt . $prm['password'] . $this->one_salt); $sql = "SELECT M_UserID, M_UserEmail, M_UserEmail AS M_UserUsername, IFNULL(M_UserLastActivityUrl, M_UserGroupDashboard) AS M_UserGroupDashboard, 1 AS M_UserDefaultT_SampleStationID, M_StaffName, 'N' AS is_courier, M_UserLocationM_BranchID AS M_BranchID, M_BranchName, IFNULL(S_SystemsAutoLogoutTime,0) AS time_autologout FROM m_user JOIN m_usergroup ON M_UserM_UserGroupID = M_UserGroupID JOIN m_userlocation ON M_UserLocationM_UserID = M_UserID LEFT JOIN m_staff ON M_UserM_StaffID = M_StaffID JOIN conf_systems ON S_SystemsIsActive = 'Y' LEFT JOIN m_userlastactivity ON M_UserLastActivityM_UserID = M_UserID AND M_UserLastActivityIsActive = 'Y' LEFT JOIN m_branch ON M_BranchID = M_UserLocationM_BranchID AND M_BranchIsActive = 'Y' WHERE M_UserEmail = ? AND M_UserPassword = ? AND M_UserIsActive = 'Y' AND CURRENT_DATE() BETWEEN DATE(M_StaffStartDate) AND DATE(M_StaffEndDate)"; $query = $this->db_onedev->query($sql, [$prm['username'], $sm_password]); if (!$query) { $message = $this->db_onedev->error(); $this->sys_error($message); exit; } $rows = $query->result_array(); if (count($rows) > 0) { $user = $rows[0]; $loggedBranch = 'Y'; if ($user['M_BranchID'] == '0') { $user['M_BranchName'] = "MCU ONSITE"; $loggedBranch = 'N'; } $user['ip'] = $_SERVER['REMOTE_ADDR']; $user['agent'] = $_SERVER['HTTP_USER_AGENT']; $user['version'] = 'v2'; $user['last-login'] = date('Y-m-d H:i:s'); $token = JWT::encode($user, $this->SECRET_KEY); $data = array( "user" => $user, "token" => $token, "type" => "cpone" ); $sqlu = "UPDATE m_user SET M_UserIsLoggedIn = 'Y', M_UserLastAccess = NOW(), M_UserIsLoggedBranch = ?, M_UserActiveToken = ?, M_UserLoginM_BranchID = ? WHERE M_UserID = ?"; $qryu = $this->db_onedev->query($sqlu, [ $loggedBranch, $token, $user['M_BranchID'], $user['M_UserID'] ]); if (!$qryu) { $msge = $this->db_onedev->error(); $this->sys_error($msge); exit; }; $sqlog = "INSERT INTO cpone_log.log_login( Log_LoginDateTime, Log_LoginIP, Log_LoginType, Log_LoginStatus, Log_LoginLogin ) VALUES (?,?,?,?,?)"; $qrlog = $this->db_onedev->query($sqlog, [ date('Y-m-d H:i:s'), $_SERVER['REMOTE_ADDR'], 'LOGIN', 'SUCCESS', $prm['username'] ]); if (!$qrlog) { $msg = $this->db_onedev->error(); $this->sys_error($msg); exit; } $this->sys_ok($data); exit; } $sqlog = "INSERT INTO cpone_log.log_login( Log_LoginDateTime, Log_LoginIP, Log_LoginType, Log_LoginStatus, Log_LoginLogin ) VALUES (?,?,?,?,?)"; $qrlog = $this->db_onedev->query($sqlog, [ date('Y-m-d H:i:s'), $this->input->ip_address(), 'LOGIN', 'FAILED', $prm['username'] ]); if (!$qrlog) { $msg = $this->db_onedev->error(); $this->sys_error($msg); exit; } $this->sys_error("Invalid UserName / Password"); } catch(Exception $exc) { $msg = $exc->getMessage(); $this->sys_error($msg); } } }