db_onedev = $this->load->database("onedev", true); } function isLogin() { if (! $this->isLogin) { $this->sys_error("Invalid Token"); } else { $prm = $this->sys_input; $data = array( "user" => $this->sys_user ); $this->sys_ok($data); } } function login() { $prm = $this->sys_input; try { //existing password enc $sm_password = md5($this->one_salt . $prm["password"] . $this->one_salt); $query = $this->db_onedev->query("SELECT M_UserID, M_UserUsername, M_UserEmail, M_CompanyID, M_CompanyName FROM m_user JOIN m_usercompany ON M_UserCompanyM_UserID = M_UserID AND M_UserCompanyIsActive = 'Y' AND M_UserDefaultCompany = 'Y' JOIN m_company ON M_CompanyID = M_UserCompanyM_CompanyID AND M_CompanyIsActive = 'Y' WHERE M_UserEmail= ? AND M_UserPassword=? AND M_UserIsActive = 'Y' ",array($prm["email"], $sm_password)); if (!$query) { $message = $this->db_onedev->error(); $this->sys_error($message, $this->db_onedev); exit; } $rows = $query->result_array(); if (count($rows) > 0 ) { $user = $rows[0]; $user['ip'] = $_SERVER['REMOTE_ADDR']; $user['agent'] = $_SERVER['HTTP_USER_AGENT']; $token = JWT::encode($user,$this->SECRET_KEY); $data = array( "user" => $user, "token" => $token ); $query = $this->db_onedev->query("update m_user SET M_UserIsLoggedIn = 'Y', M_UserLastAccess = now(), M_UserActiveToken = '{$token}' WHERE M_UserID = ? ",array($user['M_UserID'])); if (!$query) { $message = $this->db_onedev->error(); $this->sys_error($message); exit; } $this->sys_ok($data); exit; } $this->sys_error_db("Invalid email / Password"); } catch(Exception $exc) { $message = $exc->getMessage(); $this->sys_error($message); } } function logout() { $prm = $this->sys_input; try { $query = $this->db_onedev->query(" UPDATE m_user SET M_UserIsLoggedIn = 'N', M_UserActiveToken = null WHERE M_UserID = ?", array($prm['M_UserID'])); if (!$query) { $message = $this->db_onedev->error(); $this->sys_error($message); exit; } $this->sys_ok("OK"); } catch(Exception $exc) { $message = $exc->getMessage(); $this->sys_error($message); } } function change_password() { $prm = $this->sys_input; if ( ! $this->isLogin ) { echo json_encode( array("status"=>"ERR", "message"=> "Invalid Token") ); exit; } $token = $prm['tokenx']; $old_password = md5($this->one_salt . $prm["old_password"] . $this->one_salt); $userID = $this->sys_user["M_UserID"]; $query_get_data = $this->db_onedev->query("SELECT * FROM m_user WHERE M_UserID = ? AND M_UserActiveToken = ? AND M_UserIsLoggedIn = 'Y' ",array($userID, $token) ); if(!$query_get_data) { echo json_encode( array("status"=>"ERR", "message"=> "Silahkan Login") ); exit; } $rows = $query_get_data->result_array(); if(count($rows) == 0 ) { echo json_encode( array("status"=>"ERR", "message"=> "Silahkan Login") ); exit; } $query = $this->db_onedev->query("select * from m_user where M_UserID = ? and M_UserPassword = ?", array($userID, $old_password) ); if(!$query) { echo json_encode( array("status"=>"ERR", "message"=> "Invalid Old Password") ); exit; } $rows = $query->result_array(); if(count($rows) == 0 ) { echo json_encode( array("status"=>"ERR", "message"=> "Invalid Old Password") ); exit; } if(!isset($prm['new_password']) || empty($prm['new_password'])){ echo json_encode( array("status"=>"ERR", "message"=> "Silahkan Isi New Password") ); exit; } if(!isset($prm['confirm_password']) || empty($prm['confirm_password'])){ echo json_encode( array("status"=>"ERR", "message"=> "Silahkan Isi Konfirmasi Password") ); exit; } $new_password = $prm['new_password']; $confirm_password = $prm['confirm_password']; if($new_password !== $confirm_password){ echo json_encode( array("status"=>"ERR", "message"=> "New Password dan Confirm Password Tidak Sama") ); exit; } // Validate password strength $uppercase = preg_match('@[A-Z]@', $prm['new_password']); $lowercase = preg_match('@[a-z]@', $prm['new_password']); $number = preg_match('@[0-9]@', $prm['new_password']); if(strlen($prm['new_password']) < 8) { echo json_encode( array("status"=>"ERR", "message"=> "Password minimal 8 digit") ); exit; } if(!$uppercase) { echo json_encode( array("status"=>"ERR", "message"=> "Password minimal mengandung 1 huruf besar") ); exit; } if(!$lowercase) { echo json_encode( array("status"=>"ERR", "message"=> "Password minimal mengandung 1 huruf kecil") ); exit; } if(!$number) { echo json_encode( array("status"=>"ERR", "message"=> "Password minimal mengandung 1 angka") ); exit; } $userID = $this->sys_user["M_UserID"]; $userToken = $this->sys_user["M_UserID"]; // $M_UserID = $prm['M_UserID']; $query = $this->db_onedev->query("select * from m_user where M_UserID = ?", array($userID) ); if(!$query) { $this->db_onedev->trans_rollback(); echo json_encode( array("status"=>"ERR", "message"=> "Data Tidak Ditemukan") ); exit; } // json before start $sql_json_before = "SELECT * FROM m_user WHERE M_UserIsActive = 'Y' AND M_UserID = ?"; $qry_json_before = $this->db->query( $sql_json_before, [ $userID ]); if (!$qry_json_before) { $this->db->trans_rollback(); $this->sys_error_db("m_user select json before"); exit; } $data_before_by_id = $qry_json_before->row(); $json_before_log = json_encode($data_before_by_id); // json before end $new_password_salt = md5($this->one_salt . $prm['new_password'] . $this->one_salt); if($old_password == $new_password_salt){ echo json_encode( array("status"=>"ERR", "message"=> "password baru tidak boleh sama dengan password lama") ); exit; } $query = $this->db_onedev->query("select M_UserID,M_UserEmail from m_user where M_UserID=? and M_UserPassword=? and M_UserIsActive = 'Y' ",array($userID, $old_password)); $rows = $query->result_array(); if (count($rows) > 0 ) { $query = $this->db_onedev->query("UPDATE m_user set M_UserPassword= ?, M_UserIsLoggedIn = 'N', M_UserActiveToken = null, M_UserLastUpdated = now(), M_UserLastAccess = now() WHERE M_UserID = ? ",array( $new_password_salt, $userID)); if (!$query) { $message = $this->db_onedev->error(); $this->sys_error($message); exit; } echo json_encode(array("status"=>"OK", "message"=>"Berhasil memperbaharui Password. Silahkan login ulang\n dengan password yang baru")); exit; } else{ $this->db_onedev->trans_rollback(); echo json_encode( array("status"=>"ERR", "message"=> "Err 002 : Error Change Password") ); exit; } } function reset_password() { $prm = $this->sys_input; try { if ( ! $this->isLogin ) { echo json_encode( array("status"=>"ERR", "message"=> "Invalid Token") ); exit; } $token = $prm['tokenx']; $userID = $this->sys_user['userID']; $userEmail = $prm["email"]; //validasi token user $query_get_data= $this->db_onedev->query("SELECT COUNT(*) AS data_count FROM m_user WHERE M_UserID = ? AND M_UserActiveToken = ? AND M_UserIsLoggedIn = 'Y' ",array($userID, $token) ); if (!$query_get_data) { $message = $this->db_onedev->error(); $this->sys_error($message); exit; } $rows = $query_get_data->result_array(); if(count($rows) == 0 ) { echo json_encode( array("status"=>"ERR", "message"=> "Silahkan Login") ); exit; } //checking user is Admin $query_check_admin = $this->db_onedev->query("SELECT COUNT(*) AS data_count FROM m_user WHERE M_UserID = ? AND M_UserIsAdmin = 'Y' AND M_UserIsActive = 'Y' ", array($userID) ); if (!$query_check_admin) { $message = $this->db_onedev->error(); $this->sys_error($message); exit; } $rows = $query_check_admin->result_array(); if(count($rows) == 0 ) { // Jika tidak ada data, kembalikan pesan "Anda tidak memiliki hak akses" echo json_encode( array("status" => "ERR", "message" => "Anda tidak memiliki hak akses") ); exit; } //checking user by email for reset password $query_check_email = $this->db_onedev->query("SELECT COUNT(*) AS data_count FROM m_user WHERE M_UserEmail = ? AND M_UserIsActive = 'Y' ", array($userEmail) ); if (!$query_check_email) { $message = $this->db_onedev->error(); $this->sys_error($message); exit; } $rows = $query_check_email->result_array(); if (count($rows) == 1) { function generateRandomString($length = 8) { $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $randomString = substr(str_shuffle($characters), 0, $length); return $randomString; }; $newPassword = generateRandomString(); $new_password_salt = md5($this->one_salt . $newPassword . $this->one_salt); $query = $this->db_onedev->query("UPDATE m_user SET M_UserLastUpdated = now(), M_UserLastAccess = now(), M_UserIsLoggedIn = 'N', M_UserActiveToken = null, M_UserPassword = ? WHERE M_UserEmail = ? ",array($new_password_salt ,$userEmail) ); echo json_encode(array("status"=>"OK", "message"=>"Berhasil memperbaharui Password untuk email '{$userEmail}'. \n Silahkan login ulang dengan password : '{$newPassword}'", "newPassword"=> "'{$newPassword}'")); exit; } else{ $this->db_onedev->trans_rollback(); echo json_encode( array("status"=>"ERR", "message"=> "Email yang akan direset tidak ditemukan") ); exit; } $this->sys_ok("OK"); } catch(Exception $exc) { $message = $exc->getMessage(); $this->sys_error($message); } } } ?>