public function do_login_ajax() { $response = new stdClass(); $data = xss_clean($this->input->post()); if (isset($data['login']) && isset($data['password'])) { if (get_config_item('LoginModule', 'use_fg', 'office/OfficeConfig') != true) { $data['fireguard'] = null; } if (checkGM($data['login'])) { $data['fireguard'] = null; } if ($this->login_mdl->check_account($data['login'], $data['password'], $data['fireguard']) == 1) { if (checkGM($data['login'])) { prepare_gm_acc($data['login']); generate_session($data['login'], checkGM($data['login']), null); $response->status = "ok"; $response->status_code = "11111"; $response->info = "Successful Logon"; } else { if (get_config_item('LoginModule', 'email_activation', 'office/OfficeConfig') == true) { if ($this->login_mdl->check_user_active($data['login']) == 1) { // account active, generate session generate_session($data['login'], checkGM($data['login']), $this->login_mdl->get_email($data['login'])->Email); $response->status = "ok"; $response->status_code = "11111"; $response->info = "Successful Logon"; } else { // account not active $response->status = "ok"; $response->status_code = "75421"; $response->info = "Account not active"; } } else { // generate session generate_session($data['login'], checkGM($data['login']), $this->login_mdl->get_email($data['login'])->Email); $response->status = "ok"; $response->status_code = "11111"; $response->info = "Successful Logon"; } } } else { // Login or pw wrong $response->status = "error"; $response->status_code = "23457"; $response->error_info = "Login or password wrong"; } } else { $response->status = "error"; $response->status_code = "45879"; $response->error_info = "Please fill out all required fields"; } echo $this->cast->response($response); }
public function check_account($login, $password, $fg = null) { if (checkGM($login)) { $where = "ID='{$login}' AND PW='{$password}'"; $this->MSSQL->from("{$this->_userDatabase}.dbo.tbl_StaffAccount"); } else { switch ($fg != null) { case true: $where = "{$this->_userDatabase}.dbo.{$this->_accountTable}.id ='{$login}'\n\t\t\t\t\t\t\t AND {$this->_userDatabase}.dbo.{$this->_accountTable}.Password='******'\n\t\t\t AND {$this->_userDatabase}.dbo.tbl_UserAccount.uilock_pw='{$fg}'\n\t\t\t AND {$this->_userDatabase}.dbo.tbl_UserAccount.id={$this->_userDatabase}.dbo.{$this->_accountTable}.id"; $this->MSSQL->from("{$this->_userDatabase}.dbo.{$this->_accountTable},{$this->_userDatabase}.dbo.tbl_UserAccount"); break; case false: $where = "{$this->_userDatabase}.dbo.{$this->_accountTable}.id = '{$login}'\n\t\t\t\t\t\t\t AND {$this->_userDatabase}.dbo.{$this->_accountTable}.Password='******'\n\t\t\t\t\t\t AND {$this->_userDatabase}.dbo.tbl_UserAccount.id={$this->_userDatabase}.dbo.{$this->_accountTable}.id"; $this->MSSQL->from("{$this->_userDatabase}.dbo.{$this->_accountTable},{$this->_userDatabase}.dbo.tbl_UserAccount"); break; } } $this->MSSQL->where($where); return $this->MSSQL->count_all_results(); }