sindhu/one-api-pettycash
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
Files
main
one-api-pettycash/pettycash/Auth.php
sindhu bd1e4e575b step 1 : download one api pettycash
2024-02-15 09:40:33 +07:00

414 lines
13 KiB
PHP
Raw Permalink Blame History

<?php
class Auth extends MY_Controller {
var $db_onedev;
public function index()
{
echo "AUTH API";
}
public function __construct()
{
parent::__construct();
$this->db_onedev = $this->load->database("onedev", true);
}
function isLogin() {
if (! $this->isLogin) {
$this->sys_error("Invalid Token");
} else {
$prm = $this->sys_input;
$data = array(
"user" => $this->sys_user
);
$this->sys_ok($data);
}
}
function login() {
$prm = $this->sys_input;
try {
//existing password enc
$sm_password = md5($this->one_salt . $prm["password"] . $this->one_salt);
$query = $this->db_onedev->query("SELECT
M_UserID, M_UserUsername, M_UserEmail,
M_CompanyID, M_CompanyName
FROM m_user
JOIN m_usercompany
ON M_UserCompanyM_UserID = M_UserID
AND M_UserCompanyIsActive = 'Y'
AND M_UserDefaultCompany = 'Y'
JOIN m_company
ON M_CompanyID = M_UserCompanyM_CompanyID
AND M_CompanyIsActive = 'Y'
WHERE M_UserEmail= ?
AND M_UserPassword=?
AND M_UserIsActive = 'Y'
",array($prm["email"], $sm_password));
if (!$query) {
$message = $this->db_onedev->error();
$this->sys_error($message, $this->db_onedev);
exit;
}
$rows = $query->result_array();
if (count($rows) > 0 ) {
$user = $rows[0];
$user['ip'] = $_SERVER['REMOTE_ADDR'];
$user['agent'] = $_SERVER['HTTP_USER_AGENT'];
$token = JWT::encode($user,$this->SECRET_KEY);
$data = array(
"user" => $user,
"token" => $token
);
$query = $this->db_onedev->query("update m_user SET M_UserIsLoggedIn = 'Y', M_UserLastAccess = now(), M_UserActiveToken = '{$token}' WHERE M_UserID = ?
",array($user['M_UserID']));
if (!$query) {
$message = $this->db_onedev->error();
$this->sys_error($message);
exit;
}
$this->sys_ok($data);
exit;
}
$this->sys_error_db("Invalid email / Password");
} catch(Exception $exc) {
$message = $exc->getMessage();
$this->sys_error($message);
}
}
function logout() {
$prm = $this->sys_input;
try
{
$query = $this->db_onedev->query("
UPDATE m_user
SET M_UserIsLoggedIn = 'N', M_UserActiveToken = null
WHERE M_UserID = ?",
array($prm['M_UserID']));
if (!$query)
{
$message = $this->db_onedev->error();
$this->sys_error($message);
exit;
}
$this->sys_ok("OK");
}
catch(Exception $exc)
{
$message = $exc->getMessage();
$this->sys_error($message);
}
}
function change_password() {
$prm = $this->sys_input;
if ( ! $this->isLogin ) {
echo json_encode(
array("status"=>"ERR", "message"=> "Invalid Token")
);
exit;
}
$token = $prm['tokenx'];
$old_password = md5($this->one_salt . $prm["old_password"] . $this->one_salt);
$userID = $this->sys_user["M_UserID"];
$query_get_data = $this->db_onedev->query("SELECT *
FROM m_user
WHERE M_UserID = ?
AND M_UserActiveToken = ?
AND M_UserIsLoggedIn = 'Y'
",array($userID, $token) );
if(!$query_get_data) {
echo json_encode(
array("status"=>"ERR", "message"=> "Silahkan Login")
);
exit;
}
$rows = $query_get_data->result_array();
if(count($rows) == 0 ) {
echo json_encode(
array("status"=>"ERR", "message"=> "Silahkan Login")
);
exit;
}
$query = $this->db_onedev->query("select * from m_user where M_UserID = ? and M_UserPassword = ?",
array($userID, $old_password) );
if(!$query) {
echo json_encode(
array("status"=>"ERR", "message"=> "Invalid Old Password")
);
exit;
}
$rows = $query->result_array();
if(count($rows) == 0 ) {
echo json_encode(
array("status"=>"ERR", "message"=> "Invalid Old Password")
);
exit;
}
if(!isset($prm['new_password']) || empty($prm['new_password'])){
echo json_encode(
array("status"=>"ERR", "message"=> "Silahkan Isi New Password")
);
exit;
}
if(!isset($prm['confirm_password']) || empty($prm['confirm_password'])){
echo json_encode(
array("status"=>"ERR", "message"=> "Silahkan Isi Konfirmasi Password")
);
exit;
}
$new_password = $prm['new_password'];
$confirm_password = $prm['confirm_password'];
if($new_password !== $confirm_password){
echo json_encode(
array("status"=>"ERR", "message"=> "New Password dan Confirm Password Tidak Sama")
);
exit;
}
// Validate password strength
$uppercase = preg_match('@[A-Z]@', $prm['new_password']);
$lowercase = preg_match('@[a-z]@', $prm['new_password']);
$number = preg_match('@[0-9]@', $prm['new_password']);
if(strlen($prm['new_password']) < 8) {
echo json_encode(
array("status"=>"ERR", "message"=> "Password minimal 8 digit")
);
exit;
}
if(!$uppercase) {
echo json_encode(
array("status"=>"ERR", "message"=> "Password minimal mengandung 1 huruf besar")
);
exit;
}
if(!$lowercase) {
echo json_encode(
array("status"=>"ERR", "message"=> "Password minimal mengandung 1 huruf kecil")
);
exit;
}
if(!$number) {
echo json_encode(
array("status"=>"ERR", "message"=> "Password minimal mengandung 1 angka")
);
exit;
}
$userID = $this->sys_user["M_UserID"];
$userToken = $this->sys_user["M_UserID"];
// $M_UserID = $prm['M_UserID'];
$query = $this->db_onedev->query("select * from m_user where M_UserID = ?",
array($userID) );
if(!$query) {
$this->db_onedev->trans_rollback();
echo json_encode(
array("status"=>"ERR", "message"=> "Data Tidak Ditemukan")
);
exit;
}
// json before start
$sql_json_before = "SELECT *
FROM m_user
WHERE M_UserIsActive = 'Y'
AND M_UserID = ?";
$qry_json_before = $this->db->query(
$sql_json_before,
[
$userID
]);
if (!$qry_json_before) {
$this->db->trans_rollback();
$this->sys_error_db("m_user select json before");
exit;
}
$data_before_by_id = $qry_json_before->row();
$json_before_log = json_encode($data_before_by_id);
// json before end
$new_password_salt = md5($this->one_salt . $prm['new_password'] . $this->one_salt);
if($old_password == $new_password_salt){
echo json_encode(
array("status"=>"ERR", "message"=> "password baru tidak boleh sama dengan password lama")
);
exit;
}
$query = $this->db_onedev->query("select M_UserID,M_UserEmail
from m_user
where M_UserID=? and M_UserPassword=?
and M_UserIsActive = 'Y'
",array($userID, $old_password));
$rows = $query->result_array();
if (count($rows) > 0 ) {
$query = $this->db_onedev->query("UPDATE
m_user set
M_UserPassword= ?,
M_UserIsLoggedIn = 'N',
M_UserActiveToken = null,
M_UserLastUpdated = now(),
M_UserLastAccess = now()
WHERE M_UserID = ?
",array(
$new_password_salt,
$userID));
if (!$query) {
$message = $this->db_onedev->error();
$this->sys_error($message);
exit;
}
echo json_encode(array("status"=>"OK", "message"=>"Berhasil memperbaharui Password. Silahkan login ulang\n dengan password yang baru"));
exit;
} else{
$this->db_onedev->trans_rollback();
echo json_encode(
array("status"=>"ERR", "message"=> "Err 002 : Error Change Password")
);
exit;
}
}
function reset_password() {
$prm = $this->sys_input;
try
{
if ( ! $this->isLogin ) {
echo json_encode(
array("status"=>"ERR", "message"=> "Invalid Token")
);
exit;
}
$token = $prm['tokenx'];
$userID = $this->sys_user['userID'];
$userEmail = $prm["email"];
//validasi token user
$query_get_data= $this->db_onedev->query("SELECT COUNT(*) AS data_count
FROM m_user
WHERE M_UserID = ?
AND M_UserActiveToken = ?
AND M_UserIsLoggedIn = 'Y'
",array($userID, $token) );
if (!$query_get_data) {
$message = $this->db_onedev->error();
$this->sys_error($message);
exit;
}
$rows = $query_get_data->result_array();
if(count($rows) == 0 ) {
echo json_encode(
array("status"=>"ERR", "message"=> "Silahkan Login")
);
exit;
}
//checking user is Admin
$query_check_admin = $this->db_onedev->query("SELECT COUNT(*) AS data_count
FROM m_user
WHERE M_UserID = ?
AND M_UserIsAdmin = 'Y'
AND M_UserIsActive = 'Y'
",
array($userID) );
if (!$query_check_admin) {
$message = $this->db_onedev->error();
$this->sys_error($message);
exit;
}
$rows = $query_check_admin->result_array();
if(count($rows) == 0 ) {
// Jika tidak ada data, kembalikan pesan "Anda tidak memiliki hak akses"
echo json_encode(
array("status" => "ERR", "message" => "Anda tidak memiliki hak akses")
);
exit;
}
//checking user by email for reset password
$query_check_email = $this->db_onedev->query("SELECT COUNT(*) AS data_count
FROM m_user
WHERE M_UserEmail = ?
AND M_UserIsActive = 'Y'
",
array($userEmail) );
if (!$query_check_email) {
$message = $this->db_onedev->error();
$this->sys_error($message);
exit;
}
$rows = $query_check_email->result_array();
if (count($rows) == 1) {
function generateRandomString($length = 8) {
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$randomString = substr(str_shuffle($characters), 0, $length);
return $randomString;
};
$newPassword = generateRandomString();
$new_password_salt = md5($this->one_salt . $newPassword . $this->one_salt);
$query = $this->db_onedev->query("UPDATE
m_user SET
M_UserLastUpdated = now(),
M_UserLastAccess = now(),
M_UserIsLoggedIn = 'N',
M_UserActiveToken = null,
M_UserPassword = ?
WHERE M_UserEmail = ?
",array($new_password_salt ,$userEmail)
);
echo json_encode(array("status"=>"OK", "message"=>"Berhasil memperbaharui Password untuk email '{$userEmail}'. \n
Silahkan login ulang dengan password : '{$newPassword}'", "newPassword"=> "'{$newPassword}'"));
exit;
} else{
$this->db_onedev->trans_rollback();
echo json_encode(
array("status"=>"ERR", "message"=> "Email yang akan direset tidak ditemukan")
);
exit;
}
$this->sys_ok("OK");
}
catch(Exception $exc)
{
$message = $exc->getMessage();
$this->sys_error($message);
}
}
}
?>
Reference in New Issue View Git Blame Copy Permalink