fajri/BE_CPONE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
BE_CPONE/application/controllers/v1/system/Auth_v2.php
sas.fajri bf9b9097ee Initial import
2026-04-27 10:26:26 +07:00

529 lines
15 KiB
PHP
Raw Permalink Blame History

<?php
/*
### Auth API
- Functions
- login x
- logout
template function {
$this->sys_debug();
try {
if (! $this->isLogin) {
$this->sys_error("Invalid Token");
exit;
}
$prm = $this->sys_input;
} catch(Exception $exc) {
$message = $exc->getMessage();
$this->sys_error($message);
}
}
*/
class Auth_V2 extends MY_Controller
{
var $db_onedev;
public function index()
{
echo "AUTH API";
}
public function __construct()
{
parent::__construct();
$this->db_onedev = $this->load->database("onedev", true);
}
function isLogin()
{
if (!$this->isLogin) {
$this->sys_error("Invalid Token");
} else {
$prm = $this->sys_input;
$data = array(
"user" => $this->sys_user
);
$this->sys_ok($data);
}
}
function multi_login()
{
// check in m_user
//$sm_password = md5($this->one_salt . $prm["password"] . $this->one_salt);
$prm = $this->sys_input;
$sql = "select M_UserEmail from m_user where
M_UserEmail = ? and M_UserIsActive = 'Y'";
$qry = $this->db->query($sql, [$prm["username"]]);
if (!$qry) {
$message = $this->db->error();
$this->sys_error($message);
exit;
}
$rows = $qry->result_array();
if (count($rows) > 0) {
$this->login();
exit;
}
// pic
$sm_password = md5($this->one_salt . $prm["password"] . $this->one_salt);
$sql_pic = "
SELECT
Mgm_McuUserID AS M_UserID,
Mgm_McuUserEmail AS M_UserEmail,
Mgm_McuUserEmail AS M_UserUsername,
'pic' AS M_UserGroupDashboard,
1 AS M_UserDefaultT_SampleStationID,
Mgm_McuUserEmail AS M_StaffName,
'N' as is_courier,
IFNULL(S_SystemsAutoLogoutTime,0) as time_autologout
FROM mgm_mcuuser
JOIN conf_systems ON S_SystemsIsActive = 'Y'
AND Mgm_McuUserEmail = ? AND Mgm_McuUserPassword = ?
AND Mgm_McuUserIsActive = 'Y'
";
$query = $this->db->query($sql_pic, array($prm["username"], $sm_password));
if (!$query) {
$message = $this->db->error();
$this->sys_error($message);
exit;
}
$rows = $query->result_array();
if (count($rows) > 0) {
$user = $rows[0];
$user['ip'] = $_SERVER['REMOTE_ADDR'];
$user['agent'] = $_SERVER['HTTP_USER_AGENT'];
//v2
$user['version'] = 'v2';
$user['last-login'] = date('Y-m-d H:i:s');
$token = JWT::encode($user, $this->SECRET_KEY);
$data = array(
"user" => $user,
"token" => $token,
"type" => "pic"
);
$this->sys_ok($data);
exit;
}
//patient
$sql = "
select authPatientID M_UserID,
authPatientEmail M_UserEmail, authPatientEmail as M_UserUsername,
'patient' M_UserGroupDashboard, 1 as M_UserDefaultT_SampleStationID,
M_PatientNAme M_StaffName, 'N' as is_courier,
IFNULL(S_SystemsAutoLogoutTime,0) as time_autologout
from auth_patient
join m_patient on authPatientM_PatientID = M_PatientID
and authPatientEmail=? and authPatientPassword=?
JOIN conf_systems ON S_SystemsIsActive = 'Y'
order by authPatientID desc limit 0,1";
$query = $this->db->query($sql, array($prm["username"], $sm_password));
if (!$query) {
$message = $this->db->error();
$this->sys_error($message);
exit;
}
$rows = $query->result_array();
if (count($rows) > 0) {
$user = $rows[0];
$user['ip'] = $_SERVER['REMOTE_ADDR'];
$user['agent'] = $_SERVER['HTTP_USER_AGENT'];
//v2
$user['version'] = 'v2';
$user['last-login'] = date('Y-m-d H:i:s');
$token = JWT::encode($user, $this->SECRET_KEY);
$data = array(
"user" => $user,
"token" => $token,
"type" => "patient"
);
$this->sys_ok($data);
exit;
}
}
function login()
{
$prm = $this->sys_input;
try {
$branchID = $prm["branchID"];
//existing password enc
$sm_password = md5($this->one_salt . $prm["password"] . $this->one_salt);
$query = $this->db_onedev->query("select M_UserID,M_UserEmail,M_UserEmail as M_UserUsername, IFNULL(M_UserLastActivityUrl,M_UserGroupDashboard) as M_UserGroupDashboard, 1 as M_UserDefaultT_SampleStationID,
M_StaffName, 'N' as is_courier, M_BranchID, M_BranchName,
IFNULL(S_SystemsAutoLogoutTime,0) as time_autologout
from m_user
join m_usergroup ON M_UserM_UserGroupID = M_UserGroupID
left join m_staff on M_UserM_StaffID = M_StaffID
JOIN conf_systems ON S_SystemsIsActive = 'Y'
LEFT JOIN m_userlastactivity ON M_UserLastActivityM_UserID = M_UserID AND M_UserLastActivityIsActive = 'Y'
LEFT JOIN m_branch ON M_BranchID = ? AND M_BranchIsActive = 'Y'
where M_UserEmail = ? and M_UserPassword = ?
and M_UserIsActive = 'Y'
", array($branchID, $prm["username"], $sm_password));
//echo $query;
if (!$query) {
$message = $this->db_onedev->error();
$this->sys_error($message);
exit;
}
// echo $this->db_onedev->last_query();
$rows = $query->result_array();
if (count($rows) > 0) {
if ($branchID == "0") {
$rows[0]['M_BranchID'] = "0";
$rows[0]['M_BranchName'] = "MCU ONSITE";
}
$user = $rows[0];
$user['ip'] = $_SERVER['REMOTE_ADDR'];
$user['agent'] = $_SERVER['HTTP_USER_AGENT'];
//v2
$user['version'] = 'v2';
$user['last-login'] = date('Y-m-d H:i:s');
$token = JWT::encode($user, $this->SECRET_KEY);
$data = array(
"user" => $user,
"token" => $token,
"type" => "cpone"
);
$query = $this->db_onedev->query("update m_user SET
M_UserIsLoggedIn = 'Y', M_UserLastAccess = now(), M_UserIsLoggedBranch = 'Y',
M_UserActiveToken = '{$token}', M_UserLoginM_BranchID = '{$branchID}'
WHERE M_UserID = ?
", array($user['M_UserID']));
if (!$query) {
$message = $this->db_onedev->error();
$this->sys_error($message);
exit;
}
$query = $this->db_onedev->query("INSERT INTO cpone_log.log_login(Log_LoginDateTime,Log_LoginIP,Log_LoginType,Log_LoginStatus,Log_LoginLogin) VALUES (?,?,?,?,?)
", array(date('Y-m-d H:i:s'), $_SERVER['REMOTE_ADDR'], 'LOGIN', 'SUCCESS', $prm["username"]));
if (!$query) {
$message = $this->db_onedev->error();
$this->sys_error($message);
exit;
}
$this->sys_ok($data);
exit;
}
$query = $this->db_onedev->query("INSERT INTO cpone_log.log_login(Log_LoginDateTime,Log_LoginIP,Log_LoginType,Log_LoginStatus,Log_LoginLogin) VALUES (?,?,?,?,?)
", array(date('Y-m-d H:i:s'), $this->input->ip_address(), 'LOGIN', 'FAILED', $prm["username"]));
if (!$query) {
$message = $this->db_onedev->error();
$this->sys_error($message);
exit;
}
$this->sys_error_db("Invalid UserName / Password");
} catch (Exception $exc) {
$message = $exc->getMessage();
$this->sys_error($message);
}
}
function logout()
{
$prm = $this->sys_input;
try {
$query = $this->db_onedev->query(
"
UPDATE m_user
SET M_UserIsLoggedIn = 'N', M_UserActiveToken = null
WHERE M_UserID = ?",
array($this->sys_user['M_UserID'])
);
if (!$query) {
$message = $this->db_onedev->error();
$this->sys_error($message);
exit;
}
$this->db_onedev->query("INSERT INTO cpone_log.log_login(Log_LoginDateTime,Log_LoginIP,Log_LoginType,Log_LoginStatus,Log_LoginLogin) VALUES (?,?,?,?,?)
", array(date('Y-m-d H:i:s'), $_SERVER['REMOTE_ADDR'], 'LOGOUT', 'SUCCESS', $this->sys_user['M_UserEmail']));
$this->sys_ok("OK");
} catch (Exception $exc) {
$message = $exc->getMessage();
$this->sys_error($message);
}
}
function list_branch()
{
$query = "SELECT
M_BranchID,
M_BranchCode,
M_BranchName
FROM m_branch
WHERE M_BranchIsActive = 'Y'
";
$qry = $this->db_onedev->query($query);
if (!$qry) {
$message = $this->db_onedev->error();
$this->sys_error($message);
exit;
}
$data = $qry->result_array();
$onsite = [
"M_BranchID" => "0",
"M_BranchCode" => "00000000",
"M_BranchName" => "MCU ONSITE"
];
$data[] = $onsite;
$this->sys_ok($data);
exit;
}
function multi_login_v2() {
$prm = $this->sys_input;
// check if its admin
$sql = "SELECT M_UserEmail
FROM m_user
JOIN m_userlocation ON M_UserLocationM_UserID = M_UserID
WHERE M_UserEmail = ?
AND M_UserIsActive = 'Y'";
$qry = $this->db->query($sql, [$prm['username']]);
if (!$qry) {
$msg = $this->db->error();
$this->sys_error_db($msg);
exit;
}
$rows = $qry->result_array();
if (count($rows) > 0) {
$this->login_v2();
exit;
}
// check if its pic
$sm_password = md5($this->one_salt . $prm['password'] . $this->one_salt);
$sqlpic = "SELECT
Mgm_McuUserID AS M_UserID,
Mgm_McuUserEmail AS M_UserEmail,
Mgm_McuUserEmail AS M_UserUsername,
'pic' AS M_UserGroupDashboard,
1 AS M_UserDefaultT_SampleStationID,
Mgm_McuUserEmail AS M_StaffName,
'N' as is_courier,
IFNULL(S_SystemsAutoLogoutTime,0) as time_autologout
FROM mgm_mcuuser
JOIN conf_systems ON S_SystemsIsActive = 'Y'
AND Mgm_McuUserEmail = ?
AND Mgm_McuUserPassword = ?
AND Mgm_McuUserIsActive = 'Y'
";
$qrypic = $this->db->query($sqlpic, [$prm['username'], $sm_password]);
if (!$qrypic) {
$msg = $this->db->error();
$this->sys_error($msg);
exit;
}
$rowpic = $qrypic->result_array();
if (count($rowpic) > 0) {
$user = $rowpic[0];
$user['ip'] = $_SERVER['REMOTE_ADDR'];
$user['agent'] = $_SERVER['HTTP_USER_AGENT'];
//v2
$user['version'] = 'v2';
$user['last-login'] = date('Y-m-d H:i:s');
$token = JWT::encode($user, $this->SECRET_KEY);
$data = array(
"user" => $user,
"token" => $token,
"type" => "pic"
);
$this->sys_ok($data);
exit;
}
// check if its patient
$sqlpat = "SELECT
authPatientID M_UserID,
authPatientEmail M_UserEmail,
authPatientEmail AS M_UserUsername,
'patient' M_UserGroupDashboard,
1 AS M_UserDefaultT_SampleStationID,
M_PatientNAme M_StaffName,
'N' as is_courier,
IFNULL(S_SystemsAutoLogoutTime,0) as time_autologout
FROM auth_patient
JOIN m_patient ON authPatientM_PatientID = M_PatientID
AND authPatientEmail= ?
AND authPatientPassword= ?
JOIN conf_systems ON S_SystemsIsActive = 'Y'
ORDER BY authPatientID DESC LIMIT 0,1";
$qrypat = $this->db->query($sqlpat, [$prm['username'], $sm_password]);
if (!$qrypat) {
$msg = $this->db->error();
$this->sys_error($msg);
exit;
}
$rowpat = $qrypat->result_array();
if (count($rowpat) > 0) {
$user = $rowpat[0];
$user['ip'] = $_SERVER['REMOTE_ADDR'];
$user['agent'] = $_SERVER['HTTP_USER_AGENT'];
//v2
$user['version'] = 'v2';
$user['last-login'] = date('Y-m-d H:i:s');
$token = JWT::encode($user, $this->SECRET_KEY);
$data = array(
"user" => $user,
"token" => $token,
"type" => "patient"
);
$this->sys_ok($data);
exit;
}
$this->sys_error("Invalid username / password");
}
function login_v2() {
$prm = $this->sys_input;
try {
$sm_password = md5($this->one_salt . $prm['password'] . $this->one_salt);
$sql = "SELECT
M_UserID,
M_UserEmail,
M_UserEmail AS M_UserUsername,
IFNULL(M_UserLastActivityUrl, M_UserGroupDashboard) AS M_UserGroupDashboard,
1 AS M_UserDefaultT_SampleStationID,
M_StaffName,
'N' AS is_courier,
M_UserLocationM_BranchID AS M_BranchID,
M_BranchName,
IFNULL(S_SystemsAutoLogoutTime,0) AS time_autologout
FROM m_user
JOIN m_usergroup ON M_UserM_UserGroupID = M_UserGroupID
JOIN m_userlocation ON M_UserLocationM_UserID = M_UserID
LEFT JOIN m_staff ON M_UserM_StaffID = M_StaffID
JOIN conf_systems ON S_SystemsIsActive = 'Y'
LEFT JOIN m_userlastactivity ON M_UserLastActivityM_UserID = M_UserID
AND M_UserLastActivityIsActive = 'Y'
LEFT JOIN m_branch ON M_BranchID = M_UserLocationM_BranchID
AND M_BranchIsActive = 'Y'
WHERE M_UserEmail = ?
AND M_UserPassword = ?
AND M_UserIsActive = 'Y'
AND CURRENT_DATE() BETWEEN DATE(M_StaffStartDate) AND DATE(M_StaffEndDate)";
$query = $this->db_onedev->query($sql, [$prm['username'], $sm_password]);
if (!$query) {
$message = $this->db_onedev->error();
$this->sys_error($message);
exit;
}
$rows = $query->result_array();
if (count($rows) > 0) {
$user = $rows[0];
$loggedBranch = 'Y';
if ($user['M_BranchID'] == '0') {
$user['M_BranchName'] = "MCU ONSITE";
$loggedBranch = 'N';
}
$user['ip'] = $_SERVER['REMOTE_ADDR'];
$user['agent'] = $_SERVER['HTTP_USER_AGENT'];
$user['version'] = 'v2';
$user['last-login'] = date('Y-m-d H:i:s');
$token = JWT::encode($user, $this->SECRET_KEY);
$data = array(
"user" => $user,
"token" => $token,
"type" => "cpone"
);
$sqlu = "UPDATE m_user SET
M_UserIsLoggedIn = 'Y',
M_UserLastAccess = NOW(),
M_UserIsLoggedBranch = ?,
M_UserActiveToken = ?,
M_UserLoginM_BranchID = ?
WHERE M_UserID = ?";
$qryu = $this->db_onedev->query($sqlu, [
$loggedBranch, $token, $user['M_BranchID'], $user['M_UserID']
]);
if (!$qryu) {
$msge = $this->db_onedev->error();
$this->sys_error($msge);
exit;
};
$sqlog = "INSERT INTO cpone_log.log_login(
Log_LoginDateTime,
Log_LoginIP,
Log_LoginType,
Log_LoginStatus,
Log_LoginLogin
) VALUES (?,?,?,?,?)";
$qrlog = $this->db_onedev->query($sqlog, [
date('Y-m-d H:i:s'),
$_SERVER['REMOTE_ADDR'],
'LOGIN',
'SUCCESS',
$prm['username']
]);
if (!$qrlog) {
$msg = $this->db_onedev->error();
$this->sys_error($msg);
exit;
}
$this->sys_ok($data);
exit;
}
$sqlog = "INSERT INTO cpone_log.log_login(
Log_LoginDateTime,
Log_LoginIP,
Log_LoginType,
Log_LoginStatus,
Log_LoginLogin
) VALUES (?,?,?,?,?)";
$qrlog = $this->db_onedev->query($sqlog, [
date('Y-m-d H:i:s'),
$this->input->ip_address(),
'LOGIN',
'FAILED',
$prm['username']
]);
if (!$qrlog) {
$msg = $this->db_onedev->error();
$this->sys_error($msg);
exit;
}
$this->sys_error("Invalid UserName / Password");
} catch(Exception $exc) {
$msg = $exc->getMessage();
$this->sys_error($msg);
}
}
}
Reference in New Issue View Git Blame Copy Permalink