diff --git a/Xtest.php b/Xtest.php
new file mode 100644
index 0000000..33c5f98
--- /dev/null
+++ b/Xtest.php
@@ -0,0 +1,50 @@
+<?php
+use PHPMailer\PHPMailer\PHPMailer;
+use PHPMailer\PHPMailer\SMTP;
+
+require FCPATH . "vendor/PHPMailer/src/Exception.php";
+require FCPATH . "vendor/PHPMailer/src/PHPMailer.php";
+require FCPATH . "vendor/PHPMailer/src/SMTP.php";
+class Xtest extends MY_Controller {
+   function __construct() {
+      parent::__construct();
+      echo "FC PATH : " . FCPATH ;
+   }
+   function info() {
+      $mail = new PHPMailer();
+      $mail->SMTPDebug = 2;
+      $mail->isSMTP();
+      $mail->Host = 'smtp.gmail.com';
+      $mail->Port = 587;
+      $mail->SMTPAuth = true;
+      $mail->Username = 'sas.test.2023@gmail.com';
+      $mail->Password = 'Sas!102938';
+      $mail->SMTPSecure = "tls"; //PHPMailer::ENCRYPTION_SMTPS;
+      //sender information
+      $mail->setFrom('sas.test.2023@gmail.com', 'Sasana');
+      //
+      ////receiver email address and name
+      $mail->addAddress('padmanto@gmail.com', 'padmanto'); 
+      //
+      // Add cc or bcc   
+      // $mail->addCC('email@mail.com');  
+      // $mail->addBCC('user@mail.com');  
+
+
+      $mail->isHTML(true);
+
+      $mail->Subject = 'PHPMailer SMTP test';
+      $mail->Body    = "<h4> PHPMailer the awesome Package </h4>
+         <b>PHPMailer is working fine for sending mail</b>
+         <p> This is a tutorial to guide you on PHPMailer integration</p>";
+
+      // Send mail   
+      if (!$mail->send()) {
+         echo 'Email not sent an error was encountered: ' . $mail->ErrorInfo;
+      } else {
+         echo 'Message has been sent.';
+      }
+      //
+      $mail->smtpClose();
+   }
+}
diff --git a/pettycash/Auth.php b/pettycash/Auth.php
new file mode 100644
index 0000000..e27658d
--- /dev/null
+++ b/pettycash/Auth.php
@@ -0,0 +1,414 @@
+<?php
+
+   class Auth extends MY_Controller {
+      var $db_onedev;
+      public function index()
+      {
+         echo "AUTH API";
+      }
+      public function __construct()
+      {
+         parent::__construct();
+         $this->db_onedev = $this->load->database("onedev", true);
+      }
+
+      function isLogin() {
+         if (! $this->isLogin) {
+           $this->sys_error("Invalid Token");
+         } else {
+           $prm = $this->sys_input;
+           $data = array(
+               "user" => $this->sys_user
+             );
+             $this->sys_ok($data);
+         }
+       }
+     
+      function login() {
+         $prm = $this->sys_input;
+         try {
+            //existing password enc
+            $sm_password = md5($this->one_salt . $prm["password"] . $this->one_salt);
+            
+            $query = $this->db_onedev->query("SELECT 
+               M_UserID, M_UserUsername, M_UserEmail,
+               M_CompanyID, M_CompanyName
+               FROM m_user 
+               JOIN m_usercompany
+               ON M_UserCompanyM_UserID = M_UserID
+               AND M_UserCompanyIsActive = 'Y'
+               AND M_UserDefaultCompany = 'Y'
+               JOIN m_company
+               ON M_CompanyID = M_UserCompanyM_CompanyID
+               AND M_CompanyIsActive = 'Y'
+            WHERE M_UserEmail= ?
+            AND M_UserPassword=?
+            AND M_UserIsActive = 'Y'
+            ",array($prm["email"], $sm_password));
+            if (!$query) {
+               $message = $this->db_onedev->error();
+               $this->sys_error($message, $this->db_onedev);
+               exit;
+            }
+            $rows = $query->result_array();
+            if (count($rows) > 0 ) {
+               $user = $rows[0];
+               $user['ip'] = $_SERVER['REMOTE_ADDR'];
+               $user['agent'] = $_SERVER['HTTP_USER_AGENT'];
+               $token  = JWT::encode($user,$this->SECRET_KEY);
+               $data = array(
+               "user" => $user,
+               "token" => $token
+               );
+      
+               $query = $this->db_onedev->query("update m_user SET M_UserIsLoggedIn = 'Y', M_UserLastAccess = now(), M_UserActiveToken = '{$token}' WHERE M_UserID = ?
+               ",array($user['M_UserID']));
+               if (!$query) {
+               $message = $this->db_onedev->error();
+               $this->sys_error($message);
+               exit;
+               }
+      
+               $this->sys_ok($data);
+               exit;
+            }
+            $this->sys_error_db("Invalid email / Password");
+         } catch(Exception $exc) {
+            $message = $exc->getMessage();
+            $this->sys_error($message);
+         }
+      }
+
+      function logout() {
+         $prm = $this->sys_input;
+         try 
+         {
+            
+            $query = $this->db_onedev->query("
+            UPDATE m_user 
+            SET M_UserIsLoggedIn = 'N', M_UserActiveToken = null
+            WHERE M_UserID = ?", 
+            array($prm['M_UserID']));
+
+            if (!$query) 
+            {
+            $message = $this->db_onedev->error();
+            $this->sys_error($message);
+            exit;
+            }
+            $this->sys_ok("OK");
+         } 
+         catch(Exception $exc) 
+         {
+            $message = $exc->getMessage();
+            $this->sys_error($message);
+         }
+      }
+      
+      function change_password() {
+
+         $prm = $this->sys_input;
+         if ( ! $this->isLogin ) {
+         echo json_encode(
+            array("status"=>"ERR", "message"=> "Invalid Token")
+         );
+         exit;
+         }
+         
+         $token = $prm['tokenx'];
+         $old_password = md5($this->one_salt . $prm["old_password"] . $this->one_salt);
+         $userID = $this->sys_user["M_UserID"];
+         
+         $query_get_data =  $this->db_onedev->query("SELECT *
+         FROM m_user
+         WHERE M_UserID = ?
+         AND M_UserActiveToken = ?
+         AND M_UserIsLoggedIn = 'Y'
+         ",array($userID, $token) );
+
+         if(!$query_get_data) {
+            echo json_encode(
+               array("status"=>"ERR", "message"=> "Silahkan Login")
+            );
+            exit;
+         }
+
+         $rows = $query_get_data->result_array();
+         if(count($rows) == 0 ) {
+           echo json_encode(
+              array("status"=>"ERR", "message"=> "Silahkan Login")
+           );
+           exit;
+         }
+     
+         $query = $this->db_onedev->query("select * from m_user where M_UserID = ? and M_UserPassword = ?",
+           array($userID, $old_password) );
+         if(!$query) {
+           echo json_encode(
+              array("status"=>"ERR", "message"=> "Invalid Old Password")
+           );
+           exit;
+         }
+
+         $rows = $query->result_array();
+         if(count($rows) == 0 ) {
+           echo json_encode(
+              array("status"=>"ERR", "message"=> "Invalid Old Password")
+           );
+           exit;
+         }
+
+         if(!isset($prm['new_password']) || empty($prm['new_password'])){
+         echo json_encode(
+            array("status"=>"ERR", "message"=> "Silahkan Isi New Password")
+         );
+         exit;
+         }
+
+         if(!isset($prm['confirm_password']) || empty($prm['confirm_password'])){
+         echo json_encode(
+            array("status"=>"ERR", "message"=> "Silahkan Isi Konfirmasi Password")
+         );
+         exit;
+         }
+
+         $new_password = $prm['new_password'];
+         $confirm_password = $prm['confirm_password'];
+
+         if($new_password !== $confirm_password){
+         echo json_encode(
+            array("status"=>"ERR", "message"=> "New Password dan Confirm Password Tidak Sama")
+         );
+         exit;
+         }
+
+         // Validate password strength
+         $uppercase = preg_match('@[A-Z]@', $prm['new_password']);
+         $lowercase = preg_match('@[a-z]@', $prm['new_password']);
+         $number    = preg_match('@[0-9]@', $prm['new_password']);
+
+         if(strlen($prm['new_password']) < 8) {
+         echo json_encode(
+            array("status"=>"ERR", "message"=> "Password minimal 8 digit")
+         );
+         exit;
+         }
+
+         if(!$uppercase) {
+         echo json_encode(
+            array("status"=>"ERR", "message"=> "Password minimal mengandung 1 huruf besar")
+         );
+         exit;
+         }
+
+         if(!$lowercase) {
+         echo json_encode(
+            array("status"=>"ERR", "message"=> "Password minimal mengandung 1 huruf kecil")
+         );
+         exit;
+         }
+
+         if(!$number) {
+         echo json_encode(
+            array("status"=>"ERR", "message"=> "Password minimal mengandung 1 angka")
+         );
+         exit;
+         }
+         
+         $userID = $this->sys_user["M_UserID"];
+         $userToken = $this->sys_user["M_UserID"];
+         // $M_UserID = $prm['M_UserID'];
+
+         $query = $this->db_onedev->query("select * from m_user where M_UserID = ?",
+            array($userID) );
+         if(!$query) {
+            $this->db_onedev->trans_rollback();
+            echo json_encode(
+               array("status"=>"ERR", "message"=> "Data Tidak Ditemukan")
+            );
+            exit;
+         }
+
+         // json before start
+         $sql_json_before = "SELECT * 
+         FROM m_user
+         WHERE M_UserIsActive = 'Y'
+         AND M_UserID = ?";
+
+         $qry_json_before = $this->db->query(
+               $sql_json_before, 
+         [
+               $userID
+         ]);
+
+         if (!$qry_json_before) {
+               $this->db->trans_rollback();
+               $this->sys_error_db("m_user select json before");
+               exit;
+         } 
+
+         $data_before_by_id = $qry_json_before->row();
+
+         $json_before_log = json_encode($data_before_by_id);
+         // json before end
+
+         $new_password_salt = md5($this->one_salt . $prm['new_password'] . $this->one_salt);
+
+         if($old_password == $new_password_salt){
+            echo json_encode(
+               array("status"=>"ERR", "message"=> "password baru tidak boleh sama dengan password lama")
+            );
+            exit;
+         }
+
+         $query = $this->db_onedev->query("select M_UserID,M_UserEmail
+         from m_user 
+         where M_UserID=? and M_UserPassword=?
+         and M_UserIsActive = 'Y'
+         ",array($userID, $old_password));
+         $rows = $query->result_array();
+         if (count($rows) > 0 ) {
+            $query = $this->db_onedev->query("UPDATE 
+            m_user set 
+            M_UserPassword= ?,
+            M_UserIsLoggedIn = 'N',
+            M_UserActiveToken = null,
+            M_UserLastUpdated = now(),
+            M_UserLastAccess = now()
+            WHERE M_UserID = ?
+            ",array(
+               $new_password_salt, 
+               $userID));
+            if (!$query) {
+               $message = $this->db_onedev->error();
+               $this->sys_error($message);
+               exit;
+            }
+         
+      
+            echo json_encode(array("status"=>"OK", "message"=>"Berhasil memperbaharui Password. Silahkan login ulang\n dengan password yang baru"));
+            exit;
+         }  else{
+            $this->db_onedev->trans_rollback();
+            echo json_encode(
+               array("status"=>"ERR", "message"=> "Err 002 : Error Change Password")
+               );
+            exit;
+         }
+      }
+
+      function reset_password() {
+
+         $prm = $this->sys_input;
+         try 
+         {
+         if ( ! $this->isLogin ) {
+         echo json_encode(
+            array("status"=>"ERR", "message"=> "Invalid Token")
+         );
+         exit;
+         }
+
+         $token = $prm['tokenx'];
+         $userID = $this->sys_user['userID'];
+         $userEmail = $prm["email"];
+         //validasi token user
+         $query_get_data=  $this->db_onedev->query("SELECT COUNT(*) AS data_count
+         FROM m_user
+         WHERE M_UserID = ?
+         AND M_UserActiveToken = ?
+         AND M_UserIsLoggedIn = 'Y'
+         ",array($userID, $token) );
+         if (!$query_get_data) {
+            $message = $this->db_onedev->error();
+            $this->sys_error($message);
+            exit;
+         }
+         
+         $rows = $query_get_data->result_array();
+
+         if(count($rows) == 0 ) {
+           echo json_encode(
+              array("status"=>"ERR", "message"=> "Silahkan Login")
+           );
+           exit;
+         }
+
+         //checking user is Admin
+         $query_check_admin = $this->db_onedev->query("SELECT COUNT(*) AS data_count
+            FROM m_user 
+            WHERE M_UserID = ?
+            AND M_UserIsAdmin = 'Y' 
+            AND M_UserIsActive = 'Y'
+            ",
+           array($userID) );
+         if (!$query_check_admin) {
+            $message = $this->db_onedev->error();
+            $this->sys_error($message);
+            exit;
+         }
+         $rows = $query_check_admin->result_array();
+
+         if(count($rows) == 0 ) {
+            // Jika tidak ada data, kembalikan pesan "Anda tidak memiliki hak akses"
+            echo json_encode(
+                array("status" => "ERR", "message" => "Anda tidak memiliki hak akses")
+            );
+            exit;
+         }
+
+         //checking user by email for reset password
+         $query_check_email = $this->db_onedev->query("SELECT COUNT(*) AS data_count
+            FROM m_user 
+            WHERE M_UserEmail = ?
+            AND M_UserIsActive = 'Y'
+            ",
+           array($userEmail) );
+         if (!$query_check_email) {
+            $message = $this->db_onedev->error();
+            $this->sys_error($message);
+            exit;
+         }
+         $rows = $query_check_email->result_array();
+         if (count($rows) == 1) {
+            function generateRandomString($length = 8) {
+               $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
+               $randomString = substr(str_shuffle($characters), 0, $length);
+   
+               return $randomString;
+            };
+            $newPassword = generateRandomString();
+            $new_password_salt = md5($this->one_salt . $newPassword . $this->one_salt);
+
+            $query = $this->db_onedev->query("UPDATE 
+               m_user SET 
+               M_UserLastUpdated = now(),
+               M_UserLastAccess = now(),
+               M_UserIsLoggedIn = 'N',
+               M_UserActiveToken = null,
+               M_UserPassword = ?
+               WHERE M_UserEmail = ?
+               ",array($new_password_salt ,$userEmail)
+            );
+            echo json_encode(array("status"=>"OK", "message"=>"Berhasil memperbaharui Password untuk email '{$userEmail}'. \n
+            Silahkan login ulang dengan password :  '{$newPassword}'", "newPassword"=> "'{$newPassword}'"));
+            exit;
+         }  else{
+            $this->db_onedev->trans_rollback();
+            echo json_encode(
+               array("status"=>"ERR", "message"=> "Email yang akan direset tidak ditemukan")
+               );
+            exit;
+         }
+         $this->sys_ok("OK");
+      } 
+      catch(Exception $exc) 
+      {
+         $message = $exc->getMessage();
+         $this->sys_error($message);
+      }
+      }
+   }
+
+
+?>
\ No newline at end of file
diff --git a/pettycash/AuthOld.php b/pettycash/AuthOld.php
new file mode 100644
index 0000000..4273942
--- /dev/null
+++ b/pettycash/AuthOld.php
@@ -0,0 +1,419 @@
+<?php
+
+   class AuthOld extends MY_Controller {
+      var $db_onedev;
+      public function index()
+      {
+         echo "AUTH API";
+      }
+      public function __construct()
+      {
+         parent::__construct();
+         $this->db_onedev = $this->load->database("onedev", true);
+      }
+
+      function isLogin() {
+         if (! $this->isLogin) {
+           $this->sys_error("Invalid Token");
+         } else {
+           $prm = $this->sys_input;
+           $data = array(
+               "user" => $this->sys_user
+             );
+             $this->sys_ok($data);
+         }
+       }
+     
+      function login() {
+         $prm = $this->sys_input;
+         try {
+            //existing password enc
+            $sm_password = md5($this->one_salt . $prm["password"] . $this->one_salt);
+            
+            $query = $this->db_onedev->query("SELECT 
+               M_UserID, M_UserUsername, M_UserEmail,
+               M_CompanyID, M_CompanyName
+               FROM m_user 
+               JOIN m_usercompany
+               ON M_UserCompanyM_UserID = M_UserID
+               AND M_UserCompanyIsActive = 'Y'
+               AND M_UserDefaultCompany = 'Y'
+               JOIN m_company
+               ON M_CompanyID = M_UserCompanyM_CompanyID
+               AND M_CompanyIsActive = 'Y'
+            WHERE M_UserEmail= ?
+            AND M_UserPassword=?
+            AND M_UserIsActive = 'Y'
+            ",array($prm["email"], $sm_password));
+            if (!$query) {
+               $message = $this->db_onedev->error();
+               $this->sys_error($message, $this->db_onedev);
+               exit;
+            }
+            $rows = $query->result_array();
+            if (count($rows) > 0 ) {
+               $user = $rows[0];
+               $user['ip'] = $_SERVER['REMOTE_ADDR'];
+               $user['agent'] = $_SERVER['HTTP_USER_AGENT'];
+               $token  = JWT::encode($user,$this->SECRET_KEY);
+               $data = array(
+               "user" => $user,
+               "token" => $token
+               );
+      
+               $query = $this->db_onedev->query("update m_user SET M_UserIsLoggedIn = 'Y', M_UserLastAccess = now(), M_UserActiveToken = '{$token}' WHERE M_UserID = ?
+               ",array($user['M_UserID']));
+               if (!$query) {
+               $message = $this->db_onedev->error();
+               $this->sys_error($message);
+               exit;
+               }
+      
+               $this->sys_ok($data);
+               exit;
+            }
+            $this->sys_error_db("Invalid email / Password");
+         } catch(Exception $exc) {
+            $message = $exc->getMessage();
+            $this->sys_error($message);
+         }
+      }
+
+      function logout() {
+         $prm = $this->sys_input;
+         try 
+         {
+            
+            $query = $this->db_onedev->query("
+            UPDATE m_user 
+            SET M_UserIsLoggedIn = 'N', M_UserActiveToken = null
+            WHERE M_UserID = ?", 
+            array($prm['M_UserID']));
+
+            if (!$query) 
+            {
+            $message = $this->db_onedev->error();
+            $this->sys_error($message);
+            exit;
+            }
+            $this->sys_ok("OK");
+         } 
+         catch(Exception $exc) 
+         {
+            $message = $exc->getMessage();
+            $this->sys_error($message);
+         }
+      }
+      
+      function change_password() {
+
+         $prm = $this->sys_input;
+         if ( ! $this->isLogin ) {
+         echo json_encode(
+            array("status"=>"ERR", "message"=> "Invalid Token")
+         );
+         exit;
+         }
+
+         
+         $data = json_decode(file_get_contents('php://input'), true);
+         $token = $data['token'];
+         $tokenx = $prm['tokenx'];
+         echo $tokenx;
+         exit;
+         
+         $old_password = md5($this->one_salt . $prm["old_password"] . $this->one_salt);
+         $userID = $this->sys_user["M_UserID"];
+         
+         $query_get_data =  $this->db_onedev->query("SELECT *
+         FROM m_user
+         WHERE M_UserID = ?
+         AND M_UserActiveToken = ?
+         AND M_UserIsLoggedIn = 'Y'
+         ",array($userID, $token) );
+
+         if(!$query_get_data) {
+            echo json_encode(
+               array("status"=>"ERR", "message"=> "Silahkan Login")
+            );
+            exit;
+         }
+
+         $rows = $query_get_data->result_array();
+         if(count($rows) == 0 ) {
+           echo json_encode(
+              array("status"=>"ERR", "message"=> "Silahkan Login")
+           );
+           exit;
+         }
+     
+         $query = $this->db_onedev->query("select * from m_user where M_UserID = ? and M_UserPassword = ?",
+           array($userID, $old_password) );
+         if(!$query) {
+           echo json_encode(
+              array("status"=>"ERR", "message"=> "Invalid Old Password")
+           );
+           exit;
+         }
+
+         $rows = $query->result_array();
+         if(count($rows) == 0 ) {
+           echo json_encode(
+              array("status"=>"ERR", "message"=> "Invalid Old Password")
+           );
+           exit;
+         }
+
+         if(!isset($prm['new_password']) || empty($prm['new_password'])){
+         echo json_encode(
+            array("status"=>"ERR", "message"=> "Silahkan Isi New Password")
+         );
+         exit;
+         }
+
+         if(!isset($prm['confirm_password']) || empty($prm['confirm_password'])){
+         echo json_encode(
+            array("status"=>"ERR", "message"=> "Silahkan Isi Konfirmasi Password")
+         );
+         exit;
+         }
+
+         $new_password = $prm['new_password'];
+         $confirm_password = $prm['confirm_password'];
+
+         if($new_password !== $confirm_password){
+         echo json_encode(
+            array("status"=>"ERR", "message"=> "New Password dan Confirm Password Tidak Sama")
+         );
+         exit;
+         }
+
+         // Validate password strength
+         $uppercase = preg_match('@[A-Z]@', $prm['new_password']);
+         $lowercase = preg_match('@[a-z]@', $prm['new_password']);
+         $number    = preg_match('@[0-9]@', $prm['new_password']);
+
+         if(strlen($prm['new_password']) < 8) {
+         echo json_encode(
+            array("status"=>"ERR", "message"=> "Password minimal 8 digit")
+         );
+         exit;
+         }
+
+         if(!$uppercase) {
+         echo json_encode(
+            array("status"=>"ERR", "message"=> "Password minimal mengandung 1 huruf besar")
+         );
+         exit;
+         }
+
+         if(!$lowercase) {
+         echo json_encode(
+            array("status"=>"ERR", "message"=> "Password minimal mengandung 1 huruf kecil")
+         );
+         exit;
+         }
+
+         if(!$number) {
+         echo json_encode(
+            array("status"=>"ERR", "message"=> "Password minimal mengandung 1 angka")
+         );
+         exit;
+         }
+         
+         $userID = $this->sys_user["M_UserID"];
+         $userToken = $this->sys_user["M_UserID"];
+         // $M_UserID = $prm['M_UserID'];
+
+         $query = $this->db_onedev->query("select * from m_user where M_UserID = ?",
+            array($userID) );
+         if(!$query) {
+            $this->db_onedev->trans_rollback();
+            echo json_encode(
+               array("status"=>"ERR", "message"=> "Data Tidak Ditemukan")
+            );
+            exit;
+         }
+
+         // json before start
+         $sql_json_before = "SELECT * 
+         FROM m_user
+         WHERE M_UserIsActive = 'Y'
+         AND M_UserID = ?";
+
+         $qry_json_before = $this->db->query(
+               $sql_json_before, 
+         [
+               $userID
+         ]);
+
+         if (!$qry_json_before) {
+               $this->db->trans_rollback();
+               $this->sys_error_db("m_user select json before");
+               exit;
+         } 
+
+         $data_before_by_id = $qry_json_before->row();
+
+         $json_before_log = json_encode($data_before_by_id);
+         // json before end
+
+         $new_password_salt = md5($this->one_salt . $prm['new_password'] . $this->one_salt);
+
+         if($old_password == $new_password_salt){
+            echo json_encode(
+               array("status"=>"ERR", "message"=> "password baru tidak boleh sama dengan password lama")
+            );
+            exit;
+         }
+
+         $query = $this->db_onedev->query("select M_UserID,M_UserEmail
+         from m_user 
+         where M_UserID=? and M_UserPassword=?
+         and M_UserIsActive = 'Y'
+         ",array($userID, $old_password));
+         $rows = $query->result_array();
+         if (count($rows) > 0 ) {
+            $query = $this->db_onedev->query("UPDATE 
+            m_user set 
+            M_UserPassword= ?,
+            M_UserIsLoggedIn = 'N',
+            M_UserActiveToken = null,
+            M_UserLastUpdated = now(),
+            M_UserLastAccess = now()
+            WHERE M_UserID = ?
+            ",array(
+               $new_password_salt, 
+               $userID));
+            if (!$query) {
+               $message = $this->db_onedev->error();
+               $this->sys_error($message);
+               exit;
+            }
+         
+      
+            echo json_encode(array("status"=>"OK", "message"=>"Berhasil memperbaharui Password. Silahkan login ulang\n dengan password yang baru"));
+            exit;
+         }  else{
+            $this->db_onedev->trans_rollback();
+            echo json_encode(
+               array("status"=>"ERR", "message"=> "Err 002 : Error Change Password")
+               );
+            exit;
+         }
+      }
+
+      function reset_password() {
+
+         if ( ! $this->isLogin ) {
+            echo json_encode(
+               array("status"=>"ERR", "message"=> "Invalid Token")
+            );
+            exit;
+         }
+         $prm = $this->sys_input;
+         print_r($prm);
+         // 
+         // $data = json_decode(file_get_contents('php://input'), true);
+         // $token = $data['token'];
+         // $userID =$prm["userid"];
+         // $userEmail = $prm["email"];
+         // //validasi token user
+         // $query_get_data=  $this->db_onedev->query("SELECT COUNT(*) AS data_count
+         // FROM m_user
+         // WHERE M_UserID = ?
+         // AND M_UserActiveToken = ?
+         // AND M_UserIsLoggedIn = 'Y'
+         // ",array($userID, $token) );
+         // if (!$query_get_data) {
+         //    $message = $this->db_onedev->error();
+         //    $this->sys_error($message);
+         //    exit;
+         // }
+         // $rows = $query_get_data->result_array();
+         // echo $userID;
+         // echo count($rows);
+         // echo "diluar";
+         // if(count($rows) == 0 ) {
+         //    echo "Gabahya ta?";
+         //   echo json_encode(
+         //      array("status"=>"ERR", "message"=> "Silahkan Login")
+         //   );
+         //   exit;
+         // }
+
+         // echo "diluar";
+         // //checking user is Admin
+         // $query_check_admin = $this->db_onedev->query("SELECT COUNT(*) AS data_count
+         //    FROM m_user 
+         //    WHERE M_UserID = ?
+         //    AND M_UserIsAdmin = 'Y' 
+         //    AND M_UserIsActive = 'Y'
+         //    ",
+         //   array($userID) );
+         // if (!$query_check_admin) {
+         //    $message = $this->db_onedev->error();
+         //    $this->sys_error($message);
+         //    exit;
+         // }
+         // $result = $query_check_admin->row();
+
+         // if ($result->data_count == 0) {
+         //    // Jika tidak ada data, kembalikan pesan "Anda tidak memiliki hak akse"
+         //    echo json_encode(
+         //        array("status" => "ERR", "message" => "Anda tidak memiliki hak akses")
+         //    );
+         //    exit;
+         // }
+
+         // //checking user by email for reset password
+         // $query_check_email = $this->db_onedev->query("SELECT COUNT(*) AS data_count
+         //    FROM m_user 
+         //    WHERE M_UserEmail = ?
+         //    AND M_UserIsActive = 'Y'
+         //    ",
+         //   array($userEmail) );
+
+         // if (!$query_check_email) {
+         //    $message = $this->db_onedev->error();
+         //    $this->sys_error($message);
+         //    exit;
+         // }
+         // $result = $query_check_email->row();
+
+         // if ($result->data_count > 0) {
+
+         //    function generateRandomString($length = 8) {
+         //       $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
+         //       $randomString = substr(str_shuffle($characters), 0, $length);
+   
+         //       return $randomString;
+         //    }
+         //    $newPassword = generateRandomString();
+         //    $new_password_salt = md5($this->one_salt . $newPassword . $this->one_salt);
+
+         //    $query = $this->db_onedev->query("UPDATE 
+         //       m_user SET 
+         //       M_UserLastUpdated = now(),
+         //       M_UserLastAccess = now(),
+         //       M_UserIsLoggedIn = 'N',
+         //       M_UserActiveToken = null,
+         //       M_UserPassword = ?
+         //       WHERE M_UserEmail = ?
+         //       ",array($new_password_salt ,$prm['userEmail'])
+         //    );
+         //    echo json_encode(array("status"=>"OK", "message"=>"Berhasil memperbaharui Password untuk email '{$userEmail}'. \n
+         //    Silahkan login ulang dengan password :  '{$newPassword}'"));
+         //    exit;
+         // }  else{
+         //    $this->db_onedev->trans_rollback();
+         //    echo json_encode(
+         //       array("status"=>"ERR", "message"=> "Email yang akan direset tidak ditemukan")
+         //       );
+         //    exit;
+         // }
+      }
+   }
+
+
+?>
\ No newline at end of file
diff --git a/pettycash/History.php b/pettycash/History.php
new file mode 100644
index 0000000..e57dc00
--- /dev/null
+++ b/pettycash/History.php
@@ -0,0 +1,111 @@
+<?php
+
+class History extends MY_Controller
+{
+   var $db_onedev;
+   public function index()
+   {
+      echo "BRANCH API";
+   }
+   public function __construct()
+   {
+      parent::__construct();
+      $this->db_onedev = $this->load->database("onedev", true);
+   }
+   function list_total(){
+    try {
+        //# cek token valid
+        /* if (! $this->isLogin) {
+            $this->sys_error("Invalid Token");
+            exit;
+        }
+       */
+        $prm = $this->sys_input;
+        $startdate = $prm['startdate'];
+        $enddate = $prm['enddate'];
+        $kategoriid = $prm['kategoriid'];
+        $companyid = $prm['companyid'];
+         
+        $debit = 'Rp.';
+        $debit_rows  = 0 ;
+        IF($kategoriid !== 0){
+            $sql_debit = "SELECT SUM(T_TransactionAmount) as total_debit
+        FROM t_transaction WHERE T_TransactionType = 'DEBIT' 
+        AND T_TransactionIsActive = 'Y'
+        AND T_TransactionM_CompanyID = $companyid
+        AND T_TransactionDate BETWEEN '{$startdate}' AND '{$enddate}'
+        AND T_TransactionM_CategoryID = $kategoriid";
+        $query_debit = $this->db_onedev->query($sql_debit);
+        //echo $this->db_onedev->last_query();
+        if ($query_debit) {
+            $debit_rows =  $query_debit->row()->total_debit;           
+        } else {
+          $this->sys_error_db("Debit select");
+          exit;
+        }
+        }
+        
+        
+        $total = 'Rp '.number_format($debit_rows,2,',','.');
+
+        $result = array("total_all"=>$total);
+        $this->sys_ok($result);
+
+    } catch(Exception $exc) {
+        $message = $exc->getMessage();
+        $this->sys_error($message);
+    }
+   }
+   function list_transaction(){
+    try {
+        //# cek token valid
+        /* if (! $this->isLogin) {
+            $this->sys_error("Invalid Token");
+            exit;
+        }
+        */
+        $prm = $this->sys_input;
+        $startdate = $prm['startdate'];
+        $enddate = $prm['enddate'];
+        $kategoriid = $prm['kategoriid'];
+        $companyid = $prm['companyid'];
+        $sql = "SELECT T_TransactionID as id,
+        DATE_FORMAT(T_TransactionDate,'%d-%m-%Y') as tanggaltransaksi,	
+        T_TransactionType as tipe,
+        IFNULL(M_CategoryID,0) as kategoriid,
+        IFNULL(M_CategoryName,'Saldo') as kategoriname,
+        T_TransactionNote as note, 
+        CONCAT(REPLACE(CONCAT('Rp ',format(T_TransactionAmount,0)),',','.'),',00') as amount,	
+        T_TransactionSender as sender,	
+        T_TransactionImg as imgurl,
+        T_TransactionIsConfirm as isconfirm,	
+        IFNULL(DATE_FORMAT(T_TransactionConfirmDate,'%d-%m-%Y'),'-') as tanggalconfirm,	
+        a.M_UserUsername as usertransaksi,
+        IFNULL(b.M_UserUsername,'') as userconfirm,
+        IFNULL(DATE_FORMAT(T_TransactionCreated,'%d-%m-%Y %H:%i:%s'),'-') as tanggalcreated
+        
+        FROM t_transaction
+        LEFT JOIN m_user a ON a.M_UserID = T_TransactionUserID
+        LEFT JOIN m_user b ON b.M_UserID = T_TransactionConfirmUserID
+        LEFT JOIN m_category ON M_CategoryID = T_TransactionM_CategoryID
+        WHERE T_TransactionIsActive = 'Y'
+        AND T_TransactionM_CompanyID = $companyid
+        AND T_TransactionDate BETWEEN '{$startdate}' AND '{$enddate}'
+        AND ($kategoriid = 0 OR($kategoriid > 0 AND T_TransactionM_CategoryID = $kategoriid))
+        ORDER BY T_TransactionID DESC";
+        $query = $this->db_onedev->query($sql);
+        //echo $this->db_onedev->last_query();
+        if ($query) {
+            $rows = $query->result_array();        
+        } else {
+          $this->sys_error_db("Transaksi select");
+          exit;
+        }
+        $this->sys_ok($rows);
+
+    } catch(Exception $exc) {
+        $message = $exc->getMessage();
+        $this->sys_error($message);
+    }
+   }
+}
\ No newline at end of file
diff --git a/pettycash/Homescreen.php b/pettycash/Homescreen.php
new file mode 100644
index 0000000..c29e22d
--- /dev/null
+++ b/pettycash/Homescreen.php
@@ -0,0 +1,155 @@
+<?php
+
+class Homescreen extends MY_Controller
+{
+   var $db_onedev;
+   public function index()
+   {
+      echo "BRANCH API";
+   }
+   public function __construct()
+   {
+      parent::__construct();
+      $this->db_onedev = $this->load->database("onedev", true);
+   }
+   
+   function list_total(){
+    try {
+        //# cek token valid
+        /* if (! $this->isLogin) {
+            $this->sys_error("Invalid Token");
+            exit;
+        }
+       */
+        $prm = $this->sys_input;
+        $companyid = $prm['companyid'];
+         
+        $total = 'Rp.';
+        $kredit = 'Rp.';
+        $debit = 'Rp.';
+
+        $kredit_rows_confirm  = 0 ;
+        $sql_kredit_confirm = "SELECT SUM(T_TransactionAmount) as total_kredit_confirm
+        FROM t_transaction WHERE T_TransactionType = 'KREDIT' 
+        AND T_TransactionIsActive = 'Y' 
+        AND T_TransactionIsConfirm = 'Y'
+        AND T_TransactionM_CompanyID = $companyid";
+        $query_kredit_confirm = $this->db_onedev->query($sql_kredit_confirm);
+       // echo $this->db_onedev->last_query();
+        if ($query_kredit_confirm) {
+            $kredit_rows_confirm =  $query_kredit_confirm->row()->total_kredit_confirm;             
+        } else {
+          $this->sys_error_db("Kredit select");
+          exit;
+        }
+
+        $debit_rows_confirm  = 0 ;
+        $sql_debit_confirm = "SELECT SUM(T_TransactionAmount) as total_debit_confirm
+        FROM t_transaction WHERE T_TransactionType = 'DEBIT' 
+        AND T_TransactionIsActive = 'Y' 
+        AND T_TransactionIsConfirm = 'Y'
+        AND T_TransactionM_CompanyID = $companyid";
+        $query_debit_confirm = $this->db_onedev->query($sql_debit_confirm);
+        //echo $this->db_onedev->last_query();
+        if ($query_debit_confirm) {
+            $debit_rows_confirm =  $query_debit_confirm->row()->total_debit_confirm;           
+        } else {
+          $this->sys_error_db("Debit select");
+          exit;
+        }
+
+
+        $kredit_rows  = 0 ;
+        $total_rows_confirm = $kredit_rows_confirm - $debit_rows_confirm;
+
+        $sql_kredit = "SELECT $total_rows_confirm + SUM(T_TransactionAmount) as total_kredit
+        FROM t_transaction WHERE T_TransactionType = 'KREDIT' 
+        AND T_TransactionIsActive = 'Y' 
+        AND T_TransactionIsConfirm = 'N'
+        AND T_TransactionM_CompanyID = $companyid";
+        $query_kredit = $this->db_onedev->query($sql_kredit);
+       // echo $this->db_onedev->last_query();
+        if ($query_kredit) {
+            $kredit_rows =  $query_kredit->row()->total_kredit;             
+        } else {
+          $this->sys_error_db("Kredit select");
+          exit;
+        }
+
+        $debit_rows  = 0 ;
+        $sql_debit = "SELECT SUM(T_TransactionAmount) as total_debit
+        FROM t_transaction WHERE T_TransactionType = 'DEBIT' 
+        AND T_TransactionIsActive = 'Y' 
+        AND T_TransactionIsConfirm = 'N'
+        AND T_TransactionM_CompanyID = $companyid";
+        $query_debit = $this->db_onedev->query($sql_debit);
+        //echo $this->db_onedev->last_query();
+        if ($query_debit) {
+            $debit_rows =  $query_debit->row()->total_debit;           
+        } else {
+          $this->sys_error_db("Debit select");
+          exit;
+        }
+        
+        
+        $total_rows = $kredit_rows - $debit_rows;
+        $total = 'Rp ' .number_format($total_rows,2,',','.');
+        $kredit = 'Rp '.number_format($kredit_rows,2,',','.');
+        $debit = 'Rp '.number_format($debit_rows,2,',','.');
+
+        $result = array("total_all"=>$total,"kredit"=>$kredit,"debit"=>$debit,"sisa_confirm"=>$total_rows_confirm);
+        $this->sys_ok($result);
+
+    } catch(Exception $exc) {
+        $message = $exc->getMessage();
+        $this->sys_error($message);
+    }
+   }
+   function list_transaction(){
+    try {
+        //# cek token valid
+        /* if (! $this->isLogin) {
+            $this->sys_error("Invalid Token");
+            exit;
+        }
+        */
+        $prm = $this->sys_input;
+        $companyid = $prm['companyid'];
+        $sql = "SELECT T_TransactionID as id,
+        DATE_FORMAT(T_TransactionDate,'%d-%m-%Y') as tanggaltransaksi,	
+        T_TransactionType as tipe,
+        IFNULL(M_CategoryID,0) as kategoriid,
+        IFNULL(M_CategoryName,'Saldo') as kategoriname,
+        T_TransactionNote as note, 	
+        CONCAT(REPLACE(CONCAT('Rp ',format(T_TransactionAmount,0)),',','.'),',00') as amount,	
+        T_TransactionSender as sender,	
+        T_TransactionImg as imgurl,
+        T_TransactionIsConfirm as isconfirm,	
+        IFNULL(DATE_FORMAT(T_TransactionConfirmDate,'%d-%m-%Y'),'-') as tanggalconfirm,	
+        a.M_UserUsername as usertransaksi,
+        IFNULL(b.M_UserUsername,'') as userconfirm,
+        IFNULL(DATE_FORMAT(T_TransactionCreated,'%d-%m-%Y %H:%i:%s'),'-') as tanggalcreated
+        
+        FROM t_transaction
+        LEFT JOIN m_user a ON a.M_UserID = T_TransactionUserID
+        LEFT JOIN m_user b ON b.M_UserID = T_TransactionConfirmUserID
+        LEFT JOIN m_category ON M_CategoryID = T_TransactionM_CategoryID
+        WHERE T_TransactionIsActive = 'Y'
+        AND T_TransactionM_CompanyID = $companyid
+        ORDER BY T_TransactionID DESC LIMIT 5";
+        $query = $this->db_onedev->query($sql);
+        //echo $this->db_onedev->last_query();
+        if ($query) {
+            $rows = $query->result_array();        
+        } else {
+          $this->sys_error_db("Transaksi select");
+          exit;
+        }
+        $this->sys_ok($rows);
+
+    } catch(Exception $exc) {
+        $message = $exc->getMessage();
+        $this->sys_error($message);
+    }
+   }
+}
\ No newline at end of file
diff --git a/pettycash/Homescreenv2.php b/pettycash/Homescreenv2.php
new file mode 100644
index 0000000..8b421bb
--- /dev/null
+++ b/pettycash/Homescreenv2.php
@@ -0,0 +1,194 @@
+<?php
+
+class Homescreenv2 extends MY_Controller
+{
+   var $db_onedev;
+   public function index()
+   {
+      echo "BRANCH API";
+   }
+   public function __construct()
+   {
+      parent::__construct();
+      $this->db_onedev = $this->load->database("onedev", true);
+   }
+   
+   function list_total(){
+    try {
+        //# cek token valid
+        /* if (! $this->isLogin) {
+            $this->sys_error("Invalid Token");
+            exit;
+        }
+       */
+        $prm = $this->sys_input;
+        $companyid = $prm['companyid'];
+         
+        $total = 'Rp.';
+        $kredit = 'Rp.';
+        $debit = 'Rp.';
+
+        $kredit_rows_confirm  = 0 ;
+        $sql_kredit_confirm = "SELECT SUM(T_TransactionAmount) as total_kredit_confirm
+        FROM t_transaction WHERE T_TransactionType = 'KREDIT' 
+        AND T_TransactionIsActive = 'Y' 
+        AND T_TransactionIsConfirm = 'Y'
+        AND T_TransactionM_CompanyID = $companyid";
+        $query_kredit_confirm = $this->db_onedev->query($sql_kredit_confirm);
+       // echo $this->db_onedev->last_query();
+        if ($query_kredit_confirm) {
+            $kredit_rows_confirm =  $query_kredit_confirm->row()->total_kredit_confirm;             
+        } else {
+          $this->sys_error_db("Kredit select");
+          exit;
+        }
+
+        $debit_rows_confirm  = 0 ;
+        $sql_debit_confirm = "SELECT SUM(T_TransactionAmount) as total_debit_confirm
+        FROM t_transaction WHERE T_TransactionType = 'DEBIT' 
+        AND T_TransactionIsActive = 'Y' 
+        AND T_TransactionIsConfirm = 'Y'
+        AND T_TransactionM_CompanyID = $companyid";
+        $query_debit_confirm = $this->db_onedev->query($sql_debit_confirm);
+        //echo $this->db_onedev->last_query();
+        if ($query_debit_confirm) {
+            $debit_rows_confirm =  $query_debit_confirm->row()->total_debit_confirm;           
+        } else {
+          $this->sys_error_db("Debit select");
+          exit;
+        }
+
+
+        $kredit_rows  = 0 ;
+        $total_rows_confirm = $kredit_rows_confirm - $debit_rows_confirm;
+
+        $sql_kredit = "SELECT $total_rows_confirm + SUM(T_TransactionAmount) as total_kredit
+        FROM t_transaction WHERE T_TransactionType = 'KREDIT' 
+        AND T_TransactionIsActive = 'Y' 
+        AND T_TransactionIsConfirm = 'N'
+        AND T_TransactionM_CompanyID = $companyid";
+        $query_kredit = $this->db_onedev->query($sql_kredit);
+       // echo $this->db_onedev->last_query();
+        if ($query_kredit) {
+            $kredit_rows =  $query_kredit->row()->total_kredit;             
+        } else {
+          $this->sys_error_db("Kredit select");
+          exit;
+        }
+
+        $debit_rows  = 0 ;
+        $sql_debit = "SELECT SUM(T_TransactionAmount) as total_debit
+        FROM t_transaction WHERE T_TransactionType = 'DEBIT' 
+        AND T_TransactionIsActive = 'Y' 
+        AND T_TransactionIsConfirm = 'N'
+        AND T_TransactionM_CompanyID = $companyid";
+        $query_debit = $this->db_onedev->query($sql_debit);
+        //echo $this->db_onedev->last_query();
+        if ($query_debit) {
+            $debit_rows =  $query_debit->row()->total_debit;           
+        } else {
+          $this->sys_error_db("Debit select");
+          exit;
+        }
+        
+        
+        $total_rows = $kredit_rows - $debit_rows;
+        $total = 'Rp ' .number_format($total_rows,2,',','.');
+        $kredit = 'Rp '.number_format($kredit_rows,2,',','.');
+        $debit = 'Rp '.number_format($debit_rows,2,',','.');
+
+        $result = array("total_all"=>$total,"kredit"=>$kredit,"debit"=>$debit,"sisa_confirm"=>$total_rows_confirm);
+        $this->sys_ok($result);
+
+    } catch(Exception $exc) {
+        $message = $exc->getMessage();
+        $this->sys_error($message);
+    }
+   }
+   function list_transaction(){
+    try {
+        //# cek token valid
+        /* if (! $this->isLogin) {
+            $this->sys_error("Invalid Token");
+            exit;
+        }
+        */
+        $prm = $this->sys_input;
+        $companyid = $prm['companyid'];
+        $sql = "SELECT T_TransactionID as id,
+        DATE_FORMAT(T_TransactionDate,'%d-%m-%Y') as tanggaltransaksi,	
+        T_TransactionType as tipe,
+        IFNULL(M_CategoryID,0) as kategoriid,
+        IFNULL(M_CategoryName,'Saldo') as kategoriname,
+        T_TransactionNote as note, 	
+        CONCAT(REPLACE(CONCAT('Rp ',format(T_TransactionAmount,0)),',','.'),',00') as amount,	
+        T_TransactionSender as sender,	
+        T_TransactionImg as imgurl,
+        T_TransactionIsConfirm as isconfirm,	
+        IFNULL(DATE_FORMAT(T_TransactionConfirmDate,'%d-%m-%Y'),'-') as tanggalconfirm,	
+        a.M_UserUsername as usertransaksi,
+        IFNULL(b.M_UserUsername,'') as userconfirm,
+        IFNULL(DATE_FORMAT(T_TransactionCreated,'%d-%m-%Y %H:%i:%s'),'-') as tanggalcreated
+        
+        FROM t_transaction
+        LEFT JOIN m_user a ON a.M_UserID = T_TransactionUserID
+        LEFT JOIN m_user b ON b.M_UserID = T_TransactionConfirmUserID
+        LEFT JOIN m_category ON M_CategoryID = T_TransactionM_CategoryID
+        WHERE T_TransactionIsActive = 'Y'
+        AND T_TransactionM_CompanyID = $companyid
+        ORDER BY T_TransactionID DESC LIMIT 5";
+        $query = $this->db_onedev->query($sql);
+        //echo $this->db_onedev->last_query();
+        if ($query) {
+            $rows = $query->result_array();        
+        } else {
+          $this->sys_error_db("Transaksi select");
+          exit;
+        }
+        $this->sys_ok($rows);
+
+    } catch(Exception $exc) {
+        $message = $exc->getMessage();
+        $this->sys_error($message);
+    }
+   }
+   function list_chart(){
+    try {
+        //# cek token valid
+        /* if (! $this->isLogin) {
+            $this->sys_error("Invalid Token");
+            exit;
+        }
+        */
+        $prm = $this->sys_input;
+        $companyid = $prm['companyid'];
+        $sql = "SELECT xmonth, 
+        xyear,
+        SUM(T_TransactionAmount) as total,
+        CONCAT(REPLACE(CONCAT('Rp ',format(SUM(T_TransactionAmount),0)),',','.'),',00') as totaltext
+        FROM ( SELECT T_TransactionAmount,
+            month(T_TransactionDate) as xmonth,
+            year(T_TransactionDate) as xyear
+            FROM t_transaction
+            WHERE T_TransactionIsActive = 'Y'
+            AND T_TransactionM_CompanyID = $companyid
+            AND T_TransactionType = 'DEBIT'
+            AND T_TransactionDate >= CURDATE() - INTERVAL 3 MONTH) a
+        GROUP BY xmonth
+        ORDER BY xyear ASC, xmonth ASC";
+        $query = $this->db_onedev->query($sql);
+        //echo $this->db_onedev->last_query();
+        if ($query) {
+            $rows = $query->result_array();        
+        } else {
+          $this->sys_error_db("Transaksi select");
+          exit;
+        }
+        $this->sys_ok($rows);
+
+    } catch(Exception $exc) {
+        $message = $exc->getMessage();
+        $this->sys_error($message);
+    }
+   }
+}
\ No newline at end of file
diff --git a/pettycash/Report.php b/pettycash/Report.php
new file mode 100644
index 0000000..e57dc00
--- /dev/null
+++ b/pettycash/Report.php
@@ -0,0 +1,111 @@
+<?php
+
+class History extends MY_Controller
+{
+   var $db_onedev;
+   public function index()
+   {
+      echo "BRANCH API";
+   }
+   public function __construct()
+   {
+      parent::__construct();
+      $this->db_onedev = $this->load->database("onedev", true);
+   }
+   function list_total(){
+    try {
+        //# cek token valid
+        /* if (! $this->isLogin) {
+            $this->sys_error("Invalid Token");
+            exit;
+        }
+       */
+        $prm = $this->sys_input;
+        $startdate = $prm['startdate'];
+        $enddate = $prm['enddate'];
+        $kategoriid = $prm['kategoriid'];
+        $companyid = $prm['companyid'];
+         
+        $debit = 'Rp.';
+        $debit_rows  = 0 ;
+        IF($kategoriid !== 0){
+            $sql_debit = "SELECT SUM(T_TransactionAmount) as total_debit
+        FROM t_transaction WHERE T_TransactionType = 'DEBIT' 
+        AND T_TransactionIsActive = 'Y'
+        AND T_TransactionM_CompanyID = $companyid
+        AND T_TransactionDate BETWEEN '{$startdate}' AND '{$enddate}'
+        AND T_TransactionM_CategoryID = $kategoriid";
+        $query_debit = $this->db_onedev->query($sql_debit);
+        //echo $this->db_onedev->last_query();
+        if ($query_debit) {
+            $debit_rows =  $query_debit->row()->total_debit;           
+        } else {
+          $this->sys_error_db("Debit select");
+          exit;
+        }
+        }
+        
+        
+        $total = 'Rp '.number_format($debit_rows,2,',','.');
+
+        $result = array("total_all"=>$total);
+        $this->sys_ok($result);
+
+    } catch(Exception $exc) {
+        $message = $exc->getMessage();
+        $this->sys_error($message);
+    }
+   }
+   function list_transaction(){
+    try {
+        //# cek token valid
+        /* if (! $this->isLogin) {
+            $this->sys_error("Invalid Token");
+            exit;
+        }
+        */
+        $prm = $this->sys_input;
+        $startdate = $prm['startdate'];
+        $enddate = $prm['enddate'];
+        $kategoriid = $prm['kategoriid'];
+        $companyid = $prm['companyid'];
+        $sql = "SELECT T_TransactionID as id,
+        DATE_FORMAT(T_TransactionDate,'%d-%m-%Y') as tanggaltransaksi,	
+        T_TransactionType as tipe,
+        IFNULL(M_CategoryID,0) as kategoriid,
+        IFNULL(M_CategoryName,'Saldo') as kategoriname,
+        T_TransactionNote as note, 
+        CONCAT(REPLACE(CONCAT('Rp ',format(T_TransactionAmount,0)),',','.'),',00') as amount,	
+        T_TransactionSender as sender,	
+        T_TransactionImg as imgurl,
+        T_TransactionIsConfirm as isconfirm,	
+        IFNULL(DATE_FORMAT(T_TransactionConfirmDate,'%d-%m-%Y'),'-') as tanggalconfirm,	
+        a.M_UserUsername as usertransaksi,
+        IFNULL(b.M_UserUsername,'') as userconfirm,
+        IFNULL(DATE_FORMAT(T_TransactionCreated,'%d-%m-%Y %H:%i:%s'),'-') as tanggalcreated
+        
+        FROM t_transaction
+        LEFT JOIN m_user a ON a.M_UserID = T_TransactionUserID
+        LEFT JOIN m_user b ON b.M_UserID = T_TransactionConfirmUserID
+        LEFT JOIN m_category ON M_CategoryID = T_TransactionM_CategoryID
+        WHERE T_TransactionIsActive = 'Y'
+        AND T_TransactionM_CompanyID = $companyid
+        AND T_TransactionDate BETWEEN '{$startdate}' AND '{$enddate}'
+        AND ($kategoriid = 0 OR($kategoriid > 0 AND T_TransactionM_CategoryID = $kategoriid))
+        ORDER BY T_TransactionID DESC";
+        $query = $this->db_onedev->query($sql);
+        //echo $this->db_onedev->last_query();
+        if ($query) {
+            $rows = $query->result_array();        
+        } else {
+          $this->sys_error_db("Transaksi select");
+          exit;
+        }
+        $this->sys_ok($rows);
+
+    } catch(Exception $exc) {
+        $message = $exc->getMessage();
+        $this->sys_error($message);
+    }
+   }
+}
\ No newline at end of file
diff --git a/pettycash/Transaction.php b/pettycash/Transaction.php
new file mode 100644
index 0000000..13937d1
--- /dev/null
+++ b/pettycash/Transaction.php
@@ -0,0 +1,239 @@
+<?php
+
+class Transaction extends MY_Controller
+{
+    var $db_onedev;
+    public function index()
+    {
+        echo "BRANCH API";
+    }
+    public function __construct()
+    {
+        parent::__construct();
+        $this->db_onedev = $this->load->database("onedev", true);
+    }
+
+    function list_type()
+    {
+        try {
+            //# cek token valid
+            /* if (! $this->isLogin) {
+            $this->sys_error("Invalid Token");
+            exit;
+        }
+        */
+            $prm = $this->sys_input;
+            $sql = "SELECT 'DEBIT' as typeid,
+        'DEBIT' as typename
+        UNION SELECT 'KREDIT' as typeid,
+        'KREDIT' as typename";
+            $query = $this->db_onedev->query($sql);
+            //echo $this->db_onedev->last_query();
+            if ($query) {
+                $rows = $query->result_array();
+            } else {
+                $this->sys_error_db("Total select");
+                exit;
+            }
+            $this->sys_ok($rows);
+        } catch (Exception $exc) {
+            $message = $exc->getMessage();
+            $this->sys_error($message);
+        }
+    }
+
+    function list_category()
+    {
+        try {
+            //# cek token valid
+            /* if (! $this->isLogin) {
+            $this->sys_error("Invalid Token");
+            exit;
+        }
+        */
+            $prm = $this->sys_input;
+            $sql = "SELECT M_CategoryID as categoryid,	
+        M_CategoryName as categoryname
+        FROM m_category
+        WHERE
+        M_CategoryIsActive = 'Y'";
+            $query = $this->db_onedev->query($sql);
+            //echo $this->db_onedev->last_query();
+            if ($query) {
+                $rows = $query->result_array();
+            } else {
+                $this->sys_error_db("Category select");
+                exit;
+            }
+            $this->sys_ok($rows);
+        } catch (Exception $exc) {
+            $message = $exc->getMessage();
+            $this->sys_error($message);
+        }
+    }
+    public function addtransaction()
+    {
+        try {
+            //# cek token valid
+            /*  if (! $this->isLogin) {
+			$this->sys_error("Invalid Token");
+			exit;
+        }
+        */
+            $this->db_onedev->trans_begin();
+            //# ambil parameter input
+            $prm = $this->sys_input;
+            $tanggal = $prm['tanggal'];
+            $tipe = $prm['tipe'];
+            $kategori = $prm['kategoriid'];
+            $jumlah = $prm['jumlah'];
+            $catatan = $prm['catatan'];
+            $sender = $prm['sender'];
+            $companyid = $prm['companyid'];
+            $userid = $prm['userid'];
+            $fileDataBase64 = $prm['base64File'];
+            $fileName = $prm['fileName'];
+            $file = base64_decode($fileDataBase64);
+            // print_r(strlen($fileDataBase64));
+            // print_r(strlen($file));
+            // print_r($prm);
+            // exit;
+
+            $url = '';
+            $sql = "insert into t_transaction(
+            T_TransactionDate,	
+            T_TransactionType,
+            T_TransactionM_CategoryID,	
+            T_TransactionAmount,
+            T_TransactionNote,	
+            T_TransactionImg,
+            T_TransactionSender,
+            T_TransactionM_CompanyID,	
+            T_TransactionUserID,	
+            T_TransactionCreated,	
+            T_TransactionLastUpdated) 
+				values( ?, ?, ? , ?, ?, ? , ? , ?, ?, now(), now())";
+            $query = $this->db_onedev->query(
+                $sql,
+                array(
+                    $tanggal,
+                    $tipe,
+                    $kategori,
+                    $jumlah,
+                    $catatan,
+                    $url,
+                    $sender,
+                    $companyid,
+                    $userid
+                )
+            );
+            //echo $query;
+            if (!$query) {
+                // $error = array(
+                //     "message" => $this->db_onedev->error(),
+                // );
+                // $this->sys_error($error);
+                $this->sys_error_db("Error Insert transaksi");
+                $this->db_onedev->trans_rollback();
+                exit;
+            }
+            $last_id = $this->db_onedev->insert_id();
+            $newFilename = $companyid . "-" .  strval($last_id) . "-" . $fileName;
+            if ($fileDataBase64 != "") {
+                # code...
+                try {
+                    file_put_contents("/home/one/project/one/pettycash-media/attachment/" . $newFilename, $file);
+                } catch (Exception $e) {
+                    $this->sys_error_db("Error Upload file");
+                    $this->db_onedev->trans_rollback();
+                    exit;
+                }
+                $sql_update = "UPDATE t_transaction 
+                                SET T_TransactionImg = ?
+                                WHERE T_TransactionID = ?";
+                $query_update = $this->db_onedev->query(
+                    $sql_update,
+                    [$newFilename, $last_id]
+                );
+                //echo $query;
+                if (!$query_update) {
+                    // $error = array(
+                    //     "message" => $this->db_onedev->error(),
+                    // );
+                    // $this->sys_error($error);
+                    $this->sys_error_db("Error update transaksi");
+                    $this->db_onedev->trans_rollback();
+                    exit;
+                }
+            }
+
+            $result = array("total" => 1, "records" => array("xid" => 0, "file" => $fileDataBase64, "filename" => $fileName, 'path' => "/home/one/project/one/pettycash-media/attachment/" . strval($last_id) . " - " . $fileName));
+
+            $this->db_onedev->trans_commit();
+
+            $this->sys_ok($result);
+        } catch (Exception $exc) {
+            $message = $exc->getMessage();
+            $this->sys_error($message);
+        }
+    }
+    public function deletetransaction()
+    {
+        try {
+            //# cek token valid
+            /*  if (! $this->isLogin) {
+			$this->sys_error("Invalid Token");
+			exit;
+        }
+        */
+            //# ambil parameter input
+            $prm = $this->sys_input;
+            $id = $prm['id'];
+            $userid = $prm['userid'];
+            $sql = "UPDATE t_transaction SET T_TransactionIsActive = 'N',
+            T_TransactionUserID = $userid
+            WHERE T_TransactionID = $id";
+            $query = $this->db_onedev->query($sql);
+            //echo $query;
+            if (!$query) {
+                $this->sys_error_db("t_transaction delete");
+                exit;
+            }
+            $result = array("total" => 1, "records" => array("xid" => $id));
+            $this->sys_ok($result);
+        } catch (Exception $exc) {
+            $message = $exc->getMessage();
+            $this->sys_error($message);
+        }
+    }
+    public function confirmtransaction()
+    {
+        try {
+            //# cek token valid
+            /*  if (! $this->isLogin) {
+			$this->sys_error("Invalid Token");
+			exit;
+        }
+        */
+            //# ambil parameter input
+            $prm = $this->sys_input;
+            $id = $prm['id'];
+            $userid = $prm['userid'];
+            $sql = "UPDATE t_transaction SET T_TransactionIsConfirm = 'Y',
+            T_TransactionConfirmDate = now(),
+            T_TransactionConfirmUserID = $userid
+            WHERE T_TransactionID = $id";
+            $query = $this->db_onedev->query($sql);
+            //echo $query;
+            if (!$query) {
+                $this->sys_error_db("t_transaction confirmed");
+                exit;
+            }
+            $result = array("total" => 1, "records" => array("xid" => $id));
+            $this->sys_ok($result);
+        } catch (Exception $exc) {
+            $message = $exc->getMessage();
+            $this->sys_error($message);
+        }
+    }
+}
diff --git a/pettycash/Usercompany.php b/pettycash/Usercompany.php
new file mode 100644
index 0000000..c49a170
--- /dev/null
+++ b/pettycash/Usercompany.php
@@ -0,0 +1,55 @@
+<?php
+
+   class Usercompany extends MY_Controller {
+      var $db_onedev;
+      public function index()
+      {
+         echo "AUTH API";
+      }
+      public function __construct()
+      {
+         parent::__construct();
+         $this->db_onedev = $this->load->database("onedev", true);
+      }
+
+
+       function list_company(){
+        try {
+            //# cek token valid
+            /* if (! $this->isLogin) {
+                $this->sys_error("Invalid Token");
+                exit;
+            }
+            */
+            $prm = $this->sys_input;
+            $sql = "SELECT 
+                M_CompanyID as companyid,
+                M_CompanyName as companyname,
+                M_UserDefaultCompany
+                FROM m_user
+                join m_usercompany
+                on M_UserCompanyM_UserID = M_UserID
+                and M_UserCompanyIsActive = 'Y'
+                join m_company
+                on M_CompanyID = M_UserCompanyM_CompanyID
+                and M_CompanyIsActive = 'Y'
+                WHERE M_userID = ?
+                and M_UserIsActive	= 'Y'";
+            $query = $this->db_onedev->query($sql,array($prm['M_UserID']));
+            //echo $this->db_onedev->last_query();
+            if ($query) {
+                $rows = $query->result_array();        
+            } else {
+              $this->sys_error_db("Company select");
+              exit;
+            }
+            $this->sys_ok($rows);
+    
+        } catch(Exception $exc) {
+            $message = $exc->getMessage();
+            $this->sys_error($message);
+        }
+       }
+
+    }
+?>
\ No newline at end of file