step 1 : download one api pettycash
This commit is contained in:
414
pettycash/Auth.php
Normal file
414
pettycash/Auth.php
Normal file
@@ -0,0 +1,414 @@
|
||||
<?php
|
||||
|
||||
class Auth extends MY_Controller {
|
||||
var $db_onedev;
|
||||
public function index()
|
||||
{
|
||||
echo "AUTH API";
|
||||
}
|
||||
public function __construct()
|
||||
{
|
||||
parent::__construct();
|
||||
$this->db_onedev = $this->load->database("onedev", true);
|
||||
}
|
||||
|
||||
function isLogin() {
|
||||
if (! $this->isLogin) {
|
||||
$this->sys_error("Invalid Token");
|
||||
} else {
|
||||
$prm = $this->sys_input;
|
||||
$data = array(
|
||||
"user" => $this->sys_user
|
||||
);
|
||||
$this->sys_ok($data);
|
||||
}
|
||||
}
|
||||
|
||||
function login() {
|
||||
$prm = $this->sys_input;
|
||||
try {
|
||||
//existing password enc
|
||||
$sm_password = md5($this->one_salt . $prm["password"] . $this->one_salt);
|
||||
|
||||
$query = $this->db_onedev->query("SELECT
|
||||
M_UserID, M_UserUsername, M_UserEmail,
|
||||
M_CompanyID, M_CompanyName
|
||||
FROM m_user
|
||||
JOIN m_usercompany
|
||||
ON M_UserCompanyM_UserID = M_UserID
|
||||
AND M_UserCompanyIsActive = 'Y'
|
||||
AND M_UserDefaultCompany = 'Y'
|
||||
JOIN m_company
|
||||
ON M_CompanyID = M_UserCompanyM_CompanyID
|
||||
AND M_CompanyIsActive = 'Y'
|
||||
WHERE M_UserEmail= ?
|
||||
AND M_UserPassword=?
|
||||
AND M_UserIsActive = 'Y'
|
||||
",array($prm["email"], $sm_password));
|
||||
if (!$query) {
|
||||
$message = $this->db_onedev->error();
|
||||
$this->sys_error($message, $this->db_onedev);
|
||||
exit;
|
||||
}
|
||||
$rows = $query->result_array();
|
||||
if (count($rows) > 0 ) {
|
||||
$user = $rows[0];
|
||||
$user['ip'] = $_SERVER['REMOTE_ADDR'];
|
||||
$user['agent'] = $_SERVER['HTTP_USER_AGENT'];
|
||||
$token = JWT::encode($user,$this->SECRET_KEY);
|
||||
$data = array(
|
||||
"user" => $user,
|
||||
"token" => $token
|
||||
);
|
||||
|
||||
$query = $this->db_onedev->query("update m_user SET M_UserIsLoggedIn = 'Y', M_UserLastAccess = now(), M_UserActiveToken = '{$token}' WHERE M_UserID = ?
|
||||
",array($user['M_UserID']));
|
||||
if (!$query) {
|
||||
$message = $this->db_onedev->error();
|
||||
$this->sys_error($message);
|
||||
exit;
|
||||
}
|
||||
|
||||
$this->sys_ok($data);
|
||||
exit;
|
||||
}
|
||||
$this->sys_error_db("Invalid email / Password");
|
||||
} catch(Exception $exc) {
|
||||
$message = $exc->getMessage();
|
||||
$this->sys_error($message);
|
||||
}
|
||||
}
|
||||
|
||||
function logout() {
|
||||
$prm = $this->sys_input;
|
||||
try
|
||||
{
|
||||
|
||||
$query = $this->db_onedev->query("
|
||||
UPDATE m_user
|
||||
SET M_UserIsLoggedIn = 'N', M_UserActiveToken = null
|
||||
WHERE M_UserID = ?",
|
||||
array($prm['M_UserID']));
|
||||
|
||||
if (!$query)
|
||||
{
|
||||
$message = $this->db_onedev->error();
|
||||
$this->sys_error($message);
|
||||
exit;
|
||||
}
|
||||
$this->sys_ok("OK");
|
||||
}
|
||||
catch(Exception $exc)
|
||||
{
|
||||
$message = $exc->getMessage();
|
||||
$this->sys_error($message);
|
||||
}
|
||||
}
|
||||
|
||||
function change_password() {
|
||||
|
||||
$prm = $this->sys_input;
|
||||
if ( ! $this->isLogin ) {
|
||||
echo json_encode(
|
||||
array("status"=>"ERR", "message"=> "Invalid Token")
|
||||
);
|
||||
exit;
|
||||
}
|
||||
|
||||
$token = $prm['tokenx'];
|
||||
$old_password = md5($this->one_salt . $prm["old_password"] . $this->one_salt);
|
||||
$userID = $this->sys_user["M_UserID"];
|
||||
|
||||
$query_get_data = $this->db_onedev->query("SELECT *
|
||||
FROM m_user
|
||||
WHERE M_UserID = ?
|
||||
AND M_UserActiveToken = ?
|
||||
AND M_UserIsLoggedIn = 'Y'
|
||||
",array($userID, $token) );
|
||||
|
||||
if(!$query_get_data) {
|
||||
echo json_encode(
|
||||
array("status"=>"ERR", "message"=> "Silahkan Login")
|
||||
);
|
||||
exit;
|
||||
}
|
||||
|
||||
$rows = $query_get_data->result_array();
|
||||
if(count($rows) == 0 ) {
|
||||
echo json_encode(
|
||||
array("status"=>"ERR", "message"=> "Silahkan Login")
|
||||
);
|
||||
exit;
|
||||
}
|
||||
|
||||
$query = $this->db_onedev->query("select * from m_user where M_UserID = ? and M_UserPassword = ?",
|
||||
array($userID, $old_password) );
|
||||
if(!$query) {
|
||||
echo json_encode(
|
||||
array("status"=>"ERR", "message"=> "Invalid Old Password")
|
||||
);
|
||||
exit;
|
||||
}
|
||||
|
||||
$rows = $query->result_array();
|
||||
if(count($rows) == 0 ) {
|
||||
echo json_encode(
|
||||
array("status"=>"ERR", "message"=> "Invalid Old Password")
|
||||
);
|
||||
exit;
|
||||
}
|
||||
|
||||
if(!isset($prm['new_password']) || empty($prm['new_password'])){
|
||||
echo json_encode(
|
||||
array("status"=>"ERR", "message"=> "Silahkan Isi New Password")
|
||||
);
|
||||
exit;
|
||||
}
|
||||
|
||||
if(!isset($prm['confirm_password']) || empty($prm['confirm_password'])){
|
||||
echo json_encode(
|
||||
array("status"=>"ERR", "message"=> "Silahkan Isi Konfirmasi Password")
|
||||
);
|
||||
exit;
|
||||
}
|
||||
|
||||
$new_password = $prm['new_password'];
|
||||
$confirm_password = $prm['confirm_password'];
|
||||
|
||||
if($new_password !== $confirm_password){
|
||||
echo json_encode(
|
||||
array("status"=>"ERR", "message"=> "New Password dan Confirm Password Tidak Sama")
|
||||
);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Validate password strength
|
||||
$uppercase = preg_match('@[A-Z]@', $prm['new_password']);
|
||||
$lowercase = preg_match('@[a-z]@', $prm['new_password']);
|
||||
$number = preg_match('@[0-9]@', $prm['new_password']);
|
||||
|
||||
if(strlen($prm['new_password']) < 8) {
|
||||
echo json_encode(
|
||||
array("status"=>"ERR", "message"=> "Password minimal 8 digit")
|
||||
);
|
||||
exit;
|
||||
}
|
||||
|
||||
if(!$uppercase) {
|
||||
echo json_encode(
|
||||
array("status"=>"ERR", "message"=> "Password minimal mengandung 1 huruf besar")
|
||||
);
|
||||
exit;
|
||||
}
|
||||
|
||||
if(!$lowercase) {
|
||||
echo json_encode(
|
||||
array("status"=>"ERR", "message"=> "Password minimal mengandung 1 huruf kecil")
|
||||
);
|
||||
exit;
|
||||
}
|
||||
|
||||
if(!$number) {
|
||||
echo json_encode(
|
||||
array("status"=>"ERR", "message"=> "Password minimal mengandung 1 angka")
|
||||
);
|
||||
exit;
|
||||
}
|
||||
|
||||
$userID = $this->sys_user["M_UserID"];
|
||||
$userToken = $this->sys_user["M_UserID"];
|
||||
// $M_UserID = $prm['M_UserID'];
|
||||
|
||||
$query = $this->db_onedev->query("select * from m_user where M_UserID = ?",
|
||||
array($userID) );
|
||||
if(!$query) {
|
||||
$this->db_onedev->trans_rollback();
|
||||
echo json_encode(
|
||||
array("status"=>"ERR", "message"=> "Data Tidak Ditemukan")
|
||||
);
|
||||
exit;
|
||||
}
|
||||
|
||||
// json before start
|
||||
$sql_json_before = "SELECT *
|
||||
FROM m_user
|
||||
WHERE M_UserIsActive = 'Y'
|
||||
AND M_UserID = ?";
|
||||
|
||||
$qry_json_before = $this->db->query(
|
||||
$sql_json_before,
|
||||
[
|
||||
$userID
|
||||
]);
|
||||
|
||||
if (!$qry_json_before) {
|
||||
$this->db->trans_rollback();
|
||||
$this->sys_error_db("m_user select json before");
|
||||
exit;
|
||||
}
|
||||
|
||||
$data_before_by_id = $qry_json_before->row();
|
||||
|
||||
$json_before_log = json_encode($data_before_by_id);
|
||||
// json before end
|
||||
|
||||
$new_password_salt = md5($this->one_salt . $prm['new_password'] . $this->one_salt);
|
||||
|
||||
if($old_password == $new_password_salt){
|
||||
echo json_encode(
|
||||
array("status"=>"ERR", "message"=> "password baru tidak boleh sama dengan password lama")
|
||||
);
|
||||
exit;
|
||||
}
|
||||
|
||||
$query = $this->db_onedev->query("select M_UserID,M_UserEmail
|
||||
from m_user
|
||||
where M_UserID=? and M_UserPassword=?
|
||||
and M_UserIsActive = 'Y'
|
||||
",array($userID, $old_password));
|
||||
$rows = $query->result_array();
|
||||
if (count($rows) > 0 ) {
|
||||
$query = $this->db_onedev->query("UPDATE
|
||||
m_user set
|
||||
M_UserPassword= ?,
|
||||
M_UserIsLoggedIn = 'N',
|
||||
M_UserActiveToken = null,
|
||||
M_UserLastUpdated = now(),
|
||||
M_UserLastAccess = now()
|
||||
WHERE M_UserID = ?
|
||||
",array(
|
||||
$new_password_salt,
|
||||
$userID));
|
||||
if (!$query) {
|
||||
$message = $this->db_onedev->error();
|
||||
$this->sys_error($message);
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
echo json_encode(array("status"=>"OK", "message"=>"Berhasil memperbaharui Password. Silahkan login ulang\n dengan password yang baru"));
|
||||
exit;
|
||||
} else{
|
||||
$this->db_onedev->trans_rollback();
|
||||
echo json_encode(
|
||||
array("status"=>"ERR", "message"=> "Err 002 : Error Change Password")
|
||||
);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
function reset_password() {
|
||||
|
||||
$prm = $this->sys_input;
|
||||
try
|
||||
{
|
||||
if ( ! $this->isLogin ) {
|
||||
echo json_encode(
|
||||
array("status"=>"ERR", "message"=> "Invalid Token")
|
||||
);
|
||||
exit;
|
||||
}
|
||||
|
||||
$token = $prm['tokenx'];
|
||||
$userID = $this->sys_user['userID'];
|
||||
$userEmail = $prm["email"];
|
||||
//validasi token user
|
||||
$query_get_data= $this->db_onedev->query("SELECT COUNT(*) AS data_count
|
||||
FROM m_user
|
||||
WHERE M_UserID = ?
|
||||
AND M_UserActiveToken = ?
|
||||
AND M_UserIsLoggedIn = 'Y'
|
||||
",array($userID, $token) );
|
||||
if (!$query_get_data) {
|
||||
$message = $this->db_onedev->error();
|
||||
$this->sys_error($message);
|
||||
exit;
|
||||
}
|
||||
|
||||
$rows = $query_get_data->result_array();
|
||||
|
||||
if(count($rows) == 0 ) {
|
||||
echo json_encode(
|
||||
array("status"=>"ERR", "message"=> "Silahkan Login")
|
||||
);
|
||||
exit;
|
||||
}
|
||||
|
||||
//checking user is Admin
|
||||
$query_check_admin = $this->db_onedev->query("SELECT COUNT(*) AS data_count
|
||||
FROM m_user
|
||||
WHERE M_UserID = ?
|
||||
AND M_UserIsAdmin = 'Y'
|
||||
AND M_UserIsActive = 'Y'
|
||||
",
|
||||
array($userID) );
|
||||
if (!$query_check_admin) {
|
||||
$message = $this->db_onedev->error();
|
||||
$this->sys_error($message);
|
||||
exit;
|
||||
}
|
||||
$rows = $query_check_admin->result_array();
|
||||
|
||||
if(count($rows) == 0 ) {
|
||||
// Jika tidak ada data, kembalikan pesan "Anda tidak memiliki hak akses"
|
||||
echo json_encode(
|
||||
array("status" => "ERR", "message" => "Anda tidak memiliki hak akses")
|
||||
);
|
||||
exit;
|
||||
}
|
||||
|
||||
//checking user by email for reset password
|
||||
$query_check_email = $this->db_onedev->query("SELECT COUNT(*) AS data_count
|
||||
FROM m_user
|
||||
WHERE M_UserEmail = ?
|
||||
AND M_UserIsActive = 'Y'
|
||||
",
|
||||
array($userEmail) );
|
||||
if (!$query_check_email) {
|
||||
$message = $this->db_onedev->error();
|
||||
$this->sys_error($message);
|
||||
exit;
|
||||
}
|
||||
$rows = $query_check_email->result_array();
|
||||
if (count($rows) == 1) {
|
||||
function generateRandomString($length = 8) {
|
||||
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
|
||||
$randomString = substr(str_shuffle($characters), 0, $length);
|
||||
|
||||
return $randomString;
|
||||
};
|
||||
$newPassword = generateRandomString();
|
||||
$new_password_salt = md5($this->one_salt . $newPassword . $this->one_salt);
|
||||
|
||||
$query = $this->db_onedev->query("UPDATE
|
||||
m_user SET
|
||||
M_UserLastUpdated = now(),
|
||||
M_UserLastAccess = now(),
|
||||
M_UserIsLoggedIn = 'N',
|
||||
M_UserActiveToken = null,
|
||||
M_UserPassword = ?
|
||||
WHERE M_UserEmail = ?
|
||||
",array($new_password_salt ,$userEmail)
|
||||
);
|
||||
echo json_encode(array("status"=>"OK", "message"=>"Berhasil memperbaharui Password untuk email '{$userEmail}'. \n
|
||||
Silahkan login ulang dengan password : '{$newPassword}'", "newPassword"=> "'{$newPassword}'"));
|
||||
exit;
|
||||
} else{
|
||||
$this->db_onedev->trans_rollback();
|
||||
echo json_encode(
|
||||
array("status"=>"ERR", "message"=> "Email yang akan direset tidak ditemukan")
|
||||
);
|
||||
exit;
|
||||
}
|
||||
$this->sys_ok("OK");
|
||||
}
|
||||
catch(Exception $exc)
|
||||
{
|
||||
$message = $exc->getMessage();
|
||||
$this->sys_error($message);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
?>
|
||||
Reference in New Issue
Block a user