db_onedev = $this->load->database("onedev", true); } function isLogin() { if (! $this->isLogin) { $this->sys_error("Invalid Token"); } else { $prm = $this->sys_input; $data = array( "user" => $this->sys_user ); $this->sys_ok($data); } } function login() { $prm = $this->sys_input; try { //existing password enc $sm_password = md5($this->one_salt . $prm["password"] . $this->one_salt); $query = $this->db_onedev->query("SELECT M_UserID, M_UserUsername, M_UserEmail, M_CompanyID, M_CompanyName FROM m_user JOIN m_usercompany ON M_UserCompanyM_UserID = M_UserID AND M_UserCompanyIsActive = 'Y' AND M_UserDefaultCompany = 'Y' JOIN m_company ON M_CompanyID = M_UserCompanyM_CompanyID AND M_CompanyIsActive = 'Y' WHERE M_UserEmail= ? AND M_UserPassword=? AND M_UserIsActive = 'Y' ",array($prm["email"], $sm_password)); if (!$query) { $message = $this->db_onedev->error(); $this->sys_error($message, $this->db_onedev); exit; } $rows = $query->result_array(); if (count($rows) > 0 ) { $user = $rows[0]; $user['ip'] = $_SERVER['REMOTE_ADDR']; $user['agent'] = $_SERVER['HTTP_USER_AGENT']; $token = JWT::encode($user,$this->SECRET_KEY); $data = array( "user" => $user, "token" => $token ); $query = $this->db_onedev->query("update m_user SET M_UserIsLoggedIn = 'Y', M_UserLastAccess = now(), M_UserActiveToken = '{$token}' WHERE M_UserID = ? ",array($user['M_UserID'])); if (!$query) { $message = $this->db_onedev->error(); $this->sys_error($message); exit; } $this->sys_ok($data); exit; } $this->sys_error_db("Invalid email / Password"); } catch(Exception $exc) { $message = $exc->getMessage(); $this->sys_error($message); } } function logout() { $prm = $this->sys_input; try { $query = $this->db_onedev->query(" UPDATE m_user SET M_UserIsLoggedIn = 'N', M_UserActiveToken = null WHERE M_UserID = ?", array($prm['M_UserID'])); if (!$query) { $message = $this->db_onedev->error(); $this->sys_error($message); exit; } $this->sys_ok("OK"); } catch(Exception $exc) { $message = $exc->getMessage(); $this->sys_error($message); } } function change_password() { $prm = $this->sys_input; if ( ! $this->isLogin ) { echo json_encode( array("status"=>"ERR", "message"=> "Invalid Token") ); exit; } $data = json_decode(file_get_contents('php://input'), true); $token = $data['token']; $tokenx = $prm['tokenx']; echo $tokenx; exit; $old_password = md5($this->one_salt . $prm["old_password"] . $this->one_salt); $userID = $this->sys_user["M_UserID"]; $query_get_data = $this->db_onedev->query("SELECT * FROM m_user WHERE M_UserID = ? AND M_UserActiveToken = ? AND M_UserIsLoggedIn = 'Y' ",array($userID, $token) ); if(!$query_get_data) { echo json_encode( array("status"=>"ERR", "message"=> "Silahkan Login") ); exit; } $rows = $query_get_data->result_array(); if(count($rows) == 0 ) { echo json_encode( array("status"=>"ERR", "message"=> "Silahkan Login") ); exit; } $query = $this->db_onedev->query("select * from m_user where M_UserID = ? and M_UserPassword = ?", array($userID, $old_password) ); if(!$query) { echo json_encode( array("status"=>"ERR", "message"=> "Invalid Old Password") ); exit; } $rows = $query->result_array(); if(count($rows) == 0 ) { echo json_encode( array("status"=>"ERR", "message"=> "Invalid Old Password") ); exit; } if(!isset($prm['new_password']) || empty($prm['new_password'])){ echo json_encode( array("status"=>"ERR", "message"=> "Silahkan Isi New Password") ); exit; } if(!isset($prm['confirm_password']) || empty($prm['confirm_password'])){ echo json_encode( array("status"=>"ERR", "message"=> "Silahkan Isi Konfirmasi Password") ); exit; } $new_password = $prm['new_password']; $confirm_password = $prm['confirm_password']; if($new_password !== $confirm_password){ echo json_encode( array("status"=>"ERR", "message"=> "New Password dan Confirm Password Tidak Sama") ); exit; } // Validate password strength $uppercase = preg_match('@[A-Z]@', $prm['new_password']); $lowercase = preg_match('@[a-z]@', $prm['new_password']); $number = preg_match('@[0-9]@', $prm['new_password']); if(strlen($prm['new_password']) < 8) { echo json_encode( array("status"=>"ERR", "message"=> "Password minimal 8 digit") ); exit; } if(!$uppercase) { echo json_encode( array("status"=>"ERR", "message"=> "Password minimal mengandung 1 huruf besar") ); exit; } if(!$lowercase) { echo json_encode( array("status"=>"ERR", "message"=> "Password minimal mengandung 1 huruf kecil") ); exit; } if(!$number) { echo json_encode( array("status"=>"ERR", "message"=> "Password minimal mengandung 1 angka") ); exit; } $userID = $this->sys_user["M_UserID"]; $userToken = $this->sys_user["M_UserID"]; // $M_UserID = $prm['M_UserID']; $query = $this->db_onedev->query("select * from m_user where M_UserID = ?", array($userID) ); if(!$query) { $this->db_onedev->trans_rollback(); echo json_encode( array("status"=>"ERR", "message"=> "Data Tidak Ditemukan") ); exit; } // json before start $sql_json_before = "SELECT * FROM m_user WHERE M_UserIsActive = 'Y' AND M_UserID = ?"; $qry_json_before = $this->db->query( $sql_json_before, [ $userID ]); if (!$qry_json_before) { $this->db->trans_rollback(); $this->sys_error_db("m_user select json before"); exit; } $data_before_by_id = $qry_json_before->row(); $json_before_log = json_encode($data_before_by_id); // json before end $new_password_salt = md5($this->one_salt . $prm['new_password'] . $this->one_salt); if($old_password == $new_password_salt){ echo json_encode( array("status"=>"ERR", "message"=> "password baru tidak boleh sama dengan password lama") ); exit; } $query = $this->db_onedev->query("select M_UserID,M_UserEmail from m_user where M_UserID=? and M_UserPassword=? and M_UserIsActive = 'Y' ",array($userID, $old_password)); $rows = $query->result_array(); if (count($rows) > 0 ) { $query = $this->db_onedev->query("UPDATE m_user set M_UserPassword= ?, M_UserIsLoggedIn = 'N', M_UserActiveToken = null, M_UserLastUpdated = now(), M_UserLastAccess = now() WHERE M_UserID = ? ",array( $new_password_salt, $userID)); if (!$query) { $message = $this->db_onedev->error(); $this->sys_error($message); exit; } echo json_encode(array("status"=>"OK", "message"=>"Berhasil memperbaharui Password. Silahkan login ulang\n dengan password yang baru")); exit; } else{ $this->db_onedev->trans_rollback(); echo json_encode( array("status"=>"ERR", "message"=> "Err 002 : Error Change Password") ); exit; } } function reset_password() { if ( ! $this->isLogin ) { echo json_encode( array("status"=>"ERR", "message"=> "Invalid Token") ); exit; } $prm = $this->sys_input; print_r($prm); // // $data = json_decode(file_get_contents('php://input'), true); // $token = $data['token']; // $userID =$prm["userid"]; // $userEmail = $prm["email"]; // //validasi token user // $query_get_data= $this->db_onedev->query("SELECT COUNT(*) AS data_count // FROM m_user // WHERE M_UserID = ? // AND M_UserActiveToken = ? // AND M_UserIsLoggedIn = 'Y' // ",array($userID, $token) ); // if (!$query_get_data) { // $message = $this->db_onedev->error(); // $this->sys_error($message); // exit; // } // $rows = $query_get_data->result_array(); // echo $userID; // echo count($rows); // echo "diluar"; // if(count($rows) == 0 ) { // echo "Gabahya ta?"; // echo json_encode( // array("status"=>"ERR", "message"=> "Silahkan Login") // ); // exit; // } // echo "diluar"; // //checking user is Admin // $query_check_admin = $this->db_onedev->query("SELECT COUNT(*) AS data_count // FROM m_user // WHERE M_UserID = ? // AND M_UserIsAdmin = 'Y' // AND M_UserIsActive = 'Y' // ", // array($userID) ); // if (!$query_check_admin) { // $message = $this->db_onedev->error(); // $this->sys_error($message); // exit; // } // $result = $query_check_admin->row(); // if ($result->data_count == 0) { // // Jika tidak ada data, kembalikan pesan "Anda tidak memiliki hak akse" // echo json_encode( // array("status" => "ERR", "message" => "Anda tidak memiliki hak akses") // ); // exit; // } // //checking user by email for reset password // $query_check_email = $this->db_onedev->query("SELECT COUNT(*) AS data_count // FROM m_user // WHERE M_UserEmail = ? // AND M_UserIsActive = 'Y' // ", // array($userEmail) ); // if (!$query_check_email) { // $message = $this->db_onedev->error(); // $this->sys_error($message); // exit; // } // $result = $query_check_email->row(); // if ($result->data_count > 0) { // function generateRandomString($length = 8) { // $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; // $randomString = substr(str_shuffle($characters), 0, $length); // return $randomString; // } // $newPassword = generateRandomString(); // $new_password_salt = md5($this->one_salt . $newPassword . $this->one_salt); // $query = $this->db_onedev->query("UPDATE // m_user SET // M_UserLastUpdated = now(), // M_UserLastAccess = now(), // M_UserIsLoggedIn = 'N', // M_UserActiveToken = null, // M_UserPassword = ? // WHERE M_UserEmail = ? // ",array($new_password_salt ,$prm['userEmail']) // ); // echo json_encode(array("status"=>"OK", "message"=>"Berhasil memperbaharui Password untuk email '{$userEmail}'. \n // Silahkan login ulang dengan password : '{$newPassword}'")); // exit; // } else{ // $this->db_onedev->trans_rollback(); // echo json_encode( // array("status"=>"ERR", "message"=> "Email yang akan direset tidak ditemukan") // ); // exit; // } } } ?>