191 lines
6.0 KiB
PHP
191 lines
6.0 KiB
PHP
<?php
|
|
class Auth extends MY_Controller
|
|
{
|
|
var $db;
|
|
public function index()
|
|
{
|
|
echo "AUTH API";
|
|
}
|
|
public function __construct()
|
|
{
|
|
parent::__construct();
|
|
// $this->db = $this->load->database("default", true);
|
|
$this->db->query("use one_dash");
|
|
}
|
|
|
|
function corss()
|
|
{
|
|
header('Access-Control-Allow-Origin: *');
|
|
|
|
header('Access-Control-Allow-Methods: GET, POST');
|
|
|
|
header("Access-Control-Allow-Headers: X-Requested-With");
|
|
|
|
//for preflight
|
|
// header('Access-Control-Allow-Origin: *');
|
|
// header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
|
|
// header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept');
|
|
// //for disable cached
|
|
// header('Last-Modified: ' . gmdate("D, d M Y H:i:s") . ' GMT');
|
|
// header('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0');
|
|
// header('Pragma: no-cache');
|
|
// header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
|
|
|
|
// global $_SERVER;
|
|
// header("Access-Control-Allow-Private-Network: true");
|
|
// header("Access-Control-Allow-Credentials : true");
|
|
// if (isset($_SERVER["HTTP_ORIGIN"])) {
|
|
// header("Access-Control-Allow-Origin: " . $_SERVER["HTTP_ORIGIN"]);
|
|
// } else {
|
|
// header("Access-Control-Allow-Origin: */*");
|
|
// }
|
|
// header("Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS");
|
|
// header(
|
|
// "Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization"
|
|
// );
|
|
|
|
if (
|
|
isset($_SERVER["REQUEST_METHOD"]) &&
|
|
$_SERVER["REQUEST_METHOD"] == "OPTIONS"
|
|
) {
|
|
http_response_code(200);
|
|
echo json_encode("OK");
|
|
exit();
|
|
}
|
|
}
|
|
|
|
function isLogin()
|
|
{
|
|
if (!$this->isLogin) {
|
|
$this->sys_error("Invalid Token");
|
|
} else {
|
|
$prm = $this->sys_input;
|
|
$data = array(
|
|
"user" => $this->sys_user
|
|
);
|
|
$this->sys_ok($data);
|
|
}
|
|
}
|
|
|
|
function login()
|
|
{
|
|
$this->corss();
|
|
$prm = $this->sys_input;
|
|
try {
|
|
//existing password enc
|
|
// print_r($prm);
|
|
$sm_password = md5($this->one_salt . $prm["password"] . $this->one_salt);
|
|
$query = $this->db->query("select M_UserID,
|
|
M_UserFullName,
|
|
M_UserUsername,
|
|
M_UserIsAdmin
|
|
from m_user
|
|
where M_UserUsername=? and M_UserPassword=?
|
|
and M_UserIsActive = 'Y'
|
|
", array($prm["username"], $sm_password));
|
|
// print_r($this->db->last_query());
|
|
if (!$query) {
|
|
$message = $this->db->error();
|
|
$this->sys_error($message, $this->db);
|
|
exit;
|
|
}
|
|
$rows = $query->result_array();
|
|
|
|
// permission
|
|
$get_M_UserID = $rows[0]['M_UserID'];
|
|
$qry_permission = $this->db->query("select
|
|
M_UserPermissionID,
|
|
M_UserPermissionIsNasional,
|
|
M_UserPermissionM_UserID,
|
|
M_UserPermissionRegionalJSON,
|
|
M_UserPermissionM_MenuID,
|
|
M_MenuName
|
|
from m_user_permission
|
|
join m_menu
|
|
ON M_UserPermissionM_MenuID = M_MenuID
|
|
AND M_MenuIsActive = 'Y'
|
|
where M_UserPermissionM_UserID=?
|
|
and M_UserPermissionIsActive = 'Y'", array($get_M_UserID));
|
|
// print_r($this->db->last_query());
|
|
if (!$qry_permission) {
|
|
$message = $this->db->error();
|
|
$this->sys_error($message, $this->db);
|
|
exit;
|
|
}
|
|
$rows_pemisison = $qry_permission->result_array();
|
|
|
|
if (count($rows) > 0) {
|
|
$user = $rows[0];
|
|
$permission = [];
|
|
$permission = $rows_pemisison;
|
|
$user['ip'] = $_SERVER['REMOTE_ADDR'];
|
|
$user['agent'] = $_SERVER['HTTP_USER_AGENT'];
|
|
$token = JWT::encode($user, $this->SECRET_KEY);
|
|
$data = array(
|
|
"user" => $user,
|
|
"permission" => $permission,
|
|
"token" => $token
|
|
);
|
|
|
|
$query = $this->db->query("update m_user SET M_UserIsLoggedIn = 'Y', M_UserLastAccess = now(), M_UserActiveToken = '{$token}' WHERE M_UserID = ?
|
|
", array($user['M_UserID']));
|
|
if (!$query) {
|
|
$message = $this->db->error();
|
|
$this->sys_error($message);
|
|
exit;
|
|
}
|
|
|
|
$query = $this->db->query("INSERT INTO log_login(Log_LoginDateTime,Log_LoginIP,Log_LoginType,Log_LoginStatus,Log_LoginLogin) VALUES (?,?,?,?,?)
|
|
", array(date('Y-m-d H:i:s'), $_SERVER['REMOTE_ADDR'], 'LOGIN', 'SUCCESS', $prm["username"]));
|
|
if (!$query) {
|
|
$message = $this->db->error();
|
|
$this->sys_error($message);
|
|
exit;
|
|
}
|
|
|
|
$this->sys_ok($data);
|
|
exit;
|
|
}
|
|
$query = $this->db->query("INSERT INTO log_login(Log_LoginDateTime,Log_LoginIP,Log_LoginType,Log_LoginStatus,Log_LoginLogin) VALUES (?,?,?,?,?)
|
|
", array(date('Y-m-d H:i:s'), $this->input->ip_address(), 'LOGIN', 'FAILED', $prm["username"]));
|
|
if (!$query) {
|
|
$message = $this->db->error();
|
|
$this->sys_error($message);
|
|
exit;
|
|
}
|
|
$this->sys_error_db("Invalid UserName / Password");
|
|
} catch (Exception $exc) {
|
|
$message = $exc->getMessage();
|
|
$this->sys_error($message);
|
|
}
|
|
}
|
|
|
|
function logout()
|
|
{
|
|
$prm = $this->sys_input;
|
|
try {
|
|
|
|
$query = $this->db->query(
|
|
"
|
|
UPDATE m_user
|
|
SET M_UserIsLoggedIn = 'N', M_UserActiveToken = null
|
|
WHERE M_UserID = ?",
|
|
array($prm['M_UserID'])
|
|
);
|
|
|
|
if (!$query) {
|
|
$message = $this->db->error();
|
|
$this->sys_error($message);
|
|
exit;
|
|
}
|
|
|
|
$this->db->query("INSERT INTO log_login(Log_LoginDateTime,Log_LoginIP,Log_LoginType,Log_LoginStatus,Log_LoginLogin) VALUES (?,?,?,?,?)
|
|
", array(date('Y-m-d H:i:s'), $_SERVER['REMOTE_ADDR'], 'LOGOUT', 'SUCCESS', $prm['M_UserUsername']));
|
|
$this->sys_ok("OK");
|
|
} catch (Exception $exc) {
|
|
$message = $exc->getMessage();
|
|
$this->sys_error($message);
|
|
}
|
|
}
|
|
}
|