public function run($static = false)
{
$form = new Form();
$form->post('login')->val('blank')->post('password')->val('blank');
if (!$form->submit()) {
// Error
$this->_error($static);
return false;
}
$data = $form->fetch();
$login = $data['login'];
$password = Hash::create('sha256', $data['password'], PASS_HASH_KEY);
$query = "SELECT userid, login, role FROM user WHERE login = :login AND password = :password";
if (!($result = $this->db->select($query, array(':login' => $login, ':password' => $password)))) {
$this->_error($static);
return false;
}
Session::init();
Session::set('userid', $result[0]['userid']);
Session::set('login', $result[0]['login']);
Session::set('role', $result[0]['role']);
Session::set('loggedIn', true);
if ($static) {
header('location:' . URL . 'dashboard');
}
echo json_encode('success');
}
public function auth()
{
$user = new User();
$username = $_POST['username'];
$password = Hash::create('md5', $_POST['password'], HASH_SALT_KEY);
$data = $user->getUser($username, $password);
foreach ($data as $value) {
$this->user = $value->get('nama_user');
$this->nama = $value->get('namaPegawai');
$this->role = $value->get('role');
$this->bagian = $value->get('bagian');
}
$int = count($data);
$this->view->error = array();
if ($int > 0) {
@Session::createSession();
Session::set('loggedin', true);
Session::set('user', $this->user);
Session::set('nama', $this->nama);
Session::set('role', $this->role);
Session::set('bagian', $this->bagian);
$log = new Log();
$log->addLog(Session::get('user'), 'LOGIN', '');
unset($log);
// header('location:../home');
echo json_encode(array('status' => 'success'));
} else {
// $this->view->error['invalid'] = 'Akun tidak ditemukan';
//header('location:../login');
// $this->view->render('login/index');
// echo 'Akun tidak ditemukan';
echo json_encode(array('status' => 'error', 'message' => 'Akun tidak ditemukan'));
}
}
public function run()
{
/*
* md5 is a 32 bit hash
*/
$statement = $this->db->prepare("SELECT id, role FROM users WHERE login = :user AND password = :pass");
$statement->execute(array(':user' => $_POST['user'], ':pass' => Hash::create('sha256', $_POST['pass'], HASH_KEY)));
/*
* The Obj returned by $statement was 'Array of Arrays'
*/
$result = $statement->fetchAll();
//$statement returns an Array of objects
//print_r($result);
//echo '</br>';
$data = $result['0'];
//print_r($data);
//echo '</br>role='.$data['role'];
$count = $statement->rowCount();
if ($count > 0) {
//log in the user
Session::init();
Session::set('userid', $data['id']);
Session::set('role', $data['role']);
Session::set('loggedIn', true);
header('location: ../dashboard');
} else {
//show an error
header('location: ../login');
}
}
public function run()
{
$login = $_POST['login'];
$password = $_POST['password'];
/* PDO */
$res = $this->db->prepare("SELECT userid, role FROM users WHERE\n login = :login AND password = :password");
$res->execute(array(':login' => $login, ':password' => Hash::create(HASH_METHOD, $password, HASH_PASSWORD_KEY)));
// $data = $res->fetchAll();
$count = $res->rowCount();
/* mysqli */
/*$res = $this->db->prepare("select id from users
where login = ?
and password = MD5(?)");
$res->bind_param("ss",$login,$password);
$res->execute();
$res->bind_result($ret);
$res->fetch();*/
$data = $res->fetch();
if ($count > 0) {
//login
Session::init();
Session::set('role', $data['role']);
Session::set('loggedIn', true);
Session::set('userid', $data['userid']);
header('Location:../dashboard');
exit;
} else {
//show an Error
header('Location:../login');
exit;
}
// return $ret;
}
public function editSave($data)
{
$myTable = 'users';
$postData = array('login' => $data['login'], 'password' => Hash::create('sha256', $data['password'], HASH_PASSWORD_KEY), 'role' => $data['role']);
$where = "`id` = {$data['id']}";
$this->db->update($myTable, $postData, $where);
}
function changePass()
{
Auth::handleClientLogin();
$data['client_id'] = Session::get('client_id');
$client_pass = $this->model->getPass();
$client_old_pass = Hash::create('md5', $_POST['client_old_pass'], HASH_PASSWORD_KEY);
if ($client_pass[0]['client_pass'] != $client_old_pass) {
echo -2;
exit;
}
if ($_POST['client_old_pass'] == '' || $_POST['client_pass_1'] == '' || $_POST['client_pass_2'] == "") {
echo -1;
exit;
}
if (strlen($_POST['client_pass_1']) < 6 || strlen($_POST['client_pass_2']) < 6) {
echo 0;
exit;
}
if ($_POST['client_pass_1'] != $_POST['client_pass_2']) {
echo 1;
exit;
}
$data['client_pass'] = Hash::create('md5', $_POST['client_pass_2'], HASH_PASSWORD_KEY);
$this->model->changePass($data);
}
/**
* @covers ::__construct
* @covers ::create
* @covers ::set
* @covers ::has
* @covers ::get
* @covers ::_filterName
*/
public function testCreate()
{
$this->assertInstanceOf(__NAMESPACE__ . '\\Hash', $hash = Hash::create(Hash::NO_CASE_SENSITIVE, ['a' => 'b'], ['c' => 'd'], ['hoge' => 'XYZ'], ['hOgE' => 'ABC']));
$this->assertTrue($hash->has('HoGe'));
$this->assertEquals('ABC', $hash->get('HoGe'));
$this->assertEquals('not_exists', $hash->get('NotExists', 'not_exists'));
return $hash;
}
public function validateUser($userName, $password, AuthenticationManager $authenticationManager)
{
ResultHelper::whenEqual($password, null, AppLabelUtil::$ERROR_USER_NOT_FOUND, HttpStatusCode::badRequest());
$user = $this->userService->validateUser($userName, $password);
ResultHelper::whenEmpty($user, AppLabelUtil::$ERROR_USER_NOT_FOUND, HttpStatusCode::unauthorized());
$token = Hash::create("sha256", mcrypt_create_iv(64, MCRYPT_DEV_URANDOM), HASH_USER_TOKEN_KEY);
$authenticationManager->createValidationToken($user->getId(), $user->getRole()->getName(), $token);
return $this->userMapper->mapUserToDto($user, $token);
}
public function editSave($data)
{
$postData = array('login' => $data['login'], 'password' => Hash::create(HASH_METHOD, $data['password'], HASH_PASSWORD_KEY), 'role' => $data['role'], 'userid' => $data['userid']);
$this->db->update('users', $postData, "`userid`= {$data['userid']}");
$res = $this->db->prepare('UPDATE users
SET `login`=:login, `password`=:password, `role`=:role
WHERE userid=:userid
');
$res->execute(array(':login' => $data['login'], ':password' => Hash::create(HASH_METHOD, $data['password'], HASH_PASSWORD_KEY), ':role' => $data['role'], ':userid' => $data['userid']));
}
public function createResetToken(User $user)
{
ResultHelper::whenEmpty($user->getEmail(), AppLabelUtil::$ERROR_USER_NO_EMAIL, HttpStatusCode::internalServerError());
$tokenHash = Hash::create("sha256", mcrypt_create_iv(64, MCRYPT_DEV_URANDOM), HASH_GENERAL_KEY);
$this->mailService->setMailHeading(array($user->getEmail() => $user->getFirstName() . " " . $user->getLastName()));
$this->mailService->setBody("Instellen van uw wachtwoord", "Beste gebruiker, gelieve de volgende link te gebruiken om uw wachtwoord in te stellen: " . URL . "#/reset/token/" . $tokenHash);
$this->mailService->sendMail();
$resetToken = $this->resetTokenFactory->createResetToken($user->getId(), $tokenHash);
$this->resetTokenDao->create($resetToken);
}
public function editSave($data)
{
$password = Hash::create('sha256', $data['password'], HASH_PASSWORD_KEY);
$user = new User();
$existingUser = $user->findById($data['id']);
$existingUser->setId($data['id']);
$existingUser->setLogin($data['login']);
$existingUser->setPassword($password);
$existingUser->setRole($data['role']);
$existingUser->update(true);
}
public function editSave($id)
{
//Form is posted from the Edit page, Do the Error check
$data = array();
$data['id'] = $id;
$data['login'] = $_POST['login'];
$data['password'] = Hash::create('sha256', $_POST['password'], HASH_KEY);
$data['role'] = $_POST['role'];
//Do the Error checking
$this->model->RunEditSave($data);
header('location: ' . URL . 'users');
}
/**
* update
* @param String $table A name of table to insert into
* @param String $data An associative array
* @param String $where the WHERE query part
*/
public function update($table, $data, $where)
{
ksort($data);
$data['password'] = Hash::create('md5', $data['password'], HASH_KEY);
$arrTemp = array();
foreach ($data as $key => $value) {
$arrTemp[$key] = $key . "=" . "'{$value}'";
}
$fieldValues = implode(",", array_values($arrTemp));
$pquery = $this->prepare("UPDATE {$table} SET {$fieldValues} WHERE {$where}");
$pquery->execute();
}
function clientLogin($data)
{
$sql = "SELECT client_id,client_username FROM client WHERE client_email = :client_email AND client_pass = :client_pass AND client_is_active = 1";
$client = array(':client_email' => $data['email_login'], ':client_pass' => Hash::create('md5', $data['pass_login'], HASH_PASSWORD_KEY));
$result = $this->db->select($sql, $client);
if (isset($result[0]['client_id'])) {
Session::init();
Session::set('client_id', $result[0]['client_id']);
Session::set('client_username', $result[0]['client_username']);
}
echo json_encode($result);
}
public function save()
{
$password = $this->model->generate_password();
$this->model->mail($_POST['email'], $_POST['name'], $password);
$data = array("name" => $_POST['name'], "email" => $_POST['email'], "password" => Hash::create($password));
if ($_POST['type'] == 'create') {
$this->model->create($data);
}
if ($_POST['type'] == 'edit') {
$this->model->edit($data, $_POST['id']);
}
header("Location: " . URL . "user");
}
public static function create($data)
{
global $REG;
/* Create a part of token using secretKey and other stuff */
$tokenGeneric = $REG->secret_key . $_SERVER["SERVER_NAME"];
$salt = 'salt';
if (isset($REG)) {
$salt = $REG->hash_gen_key;
}
/* Encoding token */
$token = Hash::create('sha256', $tokenGeneric . $data, $salt);
return $token;
}
/**
* Run
*/
public function run()
{
$data = array(":name" => $_POST["login_username"], ":password" => Hash::create($_POST["login_password"]));
$user = $this->db->select("SELECT id FROM Users WHERE name = :name AND password = :password", $data);
if (count($user) > 0) {
Session::init();
Session::set('logged_on', true);
Session::set('user_id', $user[0]['id']);
header("Location: " . URL . "index");
} else {
header("Location: " . URL . "login");
}
}
public function run()
{
$sth = $this->db->prepare("SELECT UserId FROM user WHERE \n\t\t\t\tUserName = :username AND Password = :password");
$sth->execute(array(':username' => $_POST['username'], ':password' => Hash::create('md5', $_POST['password'], HASH_PASSWORD_KEY)));
$data = $sth->fetch();
$count = $sth->rowCount();
if ($count > 0) {
// login
Session::init();
Session::set('id', $data['UserId']);
echo $data['UserId'];
}
}
public static function isRequestAuthenticated($hash_key = NULL)
{
if (is_null($hash_key)) {
return false;
die;
} else {
$api_key = Hash::create("sha256", API_KEY_WORD, HASH_PASSWORD_KEY);
if ($api_key == $hash_key) {
return true;
} else {
return false;
}
}
}
public function run()
{
$query = $this->db->prepare("SELECT userid FROM users WHERE \n\t\t\t\tlogin = :login AND password = :password");
$query->execute(array(':login' => $_POST['login'], ':password' => Hash::create('sha256', $_POST['password'], HASH_PASSWORD_KEY)));
$data = $query->fetch();
$count = $query->rowCount();
if ($count > 0) {
// login
Session::init();
Session::set('loggedIn', true);
Session::set('userid', $data['userid']);
header('location: ../index');
} else {
header('location: ../login');
}
}
public function run()
{
$sth = $this->db->prepare("SELECT id, role FROM users WHERE \n\t\t\t\tlogin = :login AND password = :password");
$sth->execute(array(':login' => $_POST['login'], ':password' => Hash::create('md5', $_POST['password'], HASH_PASSWORD_KEY)));
$data = $sth->fetch();
$count = $sth->rowCount();
if ($count > 0) {
// login
Session::init();
Session::set('role', $data['role']);
Session::set('loggedIn', true);
header('location: ../dashboard');
} else {
header('location: ../login');
}
}
public function editSave($data)
{
$postData = array('username' => $data['username'], 'password' => Hash::create('md5', $data['password'], MY_HASH_PASSWORD_KEY), 'role' => $data['role']);
//$this->db->update('users', $postData , "'id' = {$data['id']}");
$this->db->update('user', $postData, " 'userid' = {$data['userid']} ");
// $sth = $this->db->prepare('UPDATE users
// SET `username` = :username, `password` = :password, `role` = :role
// WHERE id = :id
// ');
// $sth->execute(array(
// ':id' => $data['id'],
// ':username' => $data['username'],
// ':password' => Hash::create('md5', $_POST['password'], MY_HASH_PASSWORD_KEY),
// ':role' => $data['role']
// ));
}
public function run()
{
$sth = $this->db->prepare("SELECT user_id, role, login FROM users WHERE \n login = :login AND password = :password");
$sth->execute(array(':login' => $_POST['login'], ':password' => Hash::create('sha256', $_POST['password'], HASH_PASSWORD_KEY)));
$data = $sth->fetch();
var_dump($data);
$count = $sth->rowCount();
if ($count > 0) {
Session::init();
Session::set('login', $data['login']);
Session::set('role', $data['role']);
Session::set('loggedIn', true);
Session::set('userid', $data['user_id']);
} else {
header('location: ../login');
}
}
public function run()
{
$l_oSth = $this->db->prepare("SELECT user_id, role_id FROM user WHERE user_name = :name AND user_pwd = :password");
$l_oSth->execute(array(':name' => $_POST['login'], ':password' => Hash::create('sha256', $_POST['password'], HASH_PASSWORD_KEY)));
$data = $l_oSth->fetch();
$count = $l_oSth->rowCount();
if ($count > 0) {
Session::init();
Session::set('role_id', $data['role_id']);
Session::set('loggedIn', true);
Session::set('user_id', $data['user_id']);
Session::set('user_name', $_POST['login']);
header('location: ' . URL . 'admin_artist');
} else {
header('location: ' . URL . 'login');
}
}
public function run()
{
$sth = $this->db->prepare("\n\t\t\tSELECT userid,role FROM user\n\t\t\tWHERE username = :username AND password = :password");
$sth->execute(array(':username' => $_POST['username'], ':password' => Hash::create('md5', $_POST['password'], MY_HASH_PASSWORD_KEY)));
$data = $sth->fetch();
$count = $sth->rowCount();
if ($count > 0) {
//login
Session::init();
Session::set('role', $data['role']);
Session::set('loggedIn', true);
Session::set('userid', $data['userid']);
header('location: ../dashboard');
} else {
//show error
header('location: ../login');
}
}
public function login()
{
if (isset($_POST['user'])) {
$user = $_POST['user'];
$pass = $_POST['pass'];
$pwd = Hash::create('sha1', $pass, HASH_SALT_KEY);
$cuser = new User($this->registry);
$res = $cuser->login($user, $pwd);
switch ($res[1]) {
case 1:
$role = 'admin';
break;
case 2:
$role = 'koordinator';
break;
case 3:
$role = 'inputer';
break;
default:
$role = 'guest';
}
if ((int) $res[0] == 1) {
$pegawai = new Pegawai($this->registry);
$data = $pegawai->get($res[3]);
Session::createSession();
Session::set('loggedin', TRUE);
Session::set('nama', $data[0]['nama']);
Session::set('user', $res[2]);
Session::set('role', $role);
Session::set('id_user', $res[4]);
header('location:' . URL);
} else {
if ((int) $res[0] == 0) {
$this->view->add_error('error', "user tidak ditemukan!");
$this->view->load('admin/login');
} else {
$this->view->add_error('error', "database tidak valid!");
$this->view->load('admin/login');
}
}
} else {
$this->view->load('admin/login');
}
}
public function sendRequestPassword()
{
if (isset($_POST['email_address'])) {
if ($_POST['email_address'] != "") {
$data['new_pass'] = bin2hex(openssl_random_pseudo_bytes(3));
$data['client_email'] = $_POST['email_address'];
//Nội dung email
$body = '<h1>WAHANDA Thông Báo</h1>';
$body .= '<p>Bạn đã yêu cầu đổi password trên http:' . URL . '</p>';
$body .= '<p>Mật khẩu đăng nhập mới trên WAHANDA của bạn là: <h3><strong><i>' . $data['new_pass'] . '</i></strong></h3></p>';
$body .= '<p>Hãy đăng nhập lại và đổi password của bạn nhé ( ^.^!) </p>';
$body .= '<p>Chúc một bạn ngày mới tốt lành</p>';
$body .= '<div align="right"><small><i><b>Ban quản trị Wahanda</b></i></small></div>';
//Gửi mail local
$mail = new PHPMailer(TRUE);
$mail->CharSet = "UTF-8";
// create a new object
$mail->IsSMTP();
// enable SMTP
$mail->SMTPDebug = 1;
// debugging: 1 = errors and messages, 2 = messages only
$mail->SMTPAuth = true;
// authentication enabled
$mail->SMTPSecure = 'ssl';
// secure transfer enabled REQUIRED for GMail
$mail->Host = "smtp.gmail.com";
$mail->Port = 465;
// or 587
$mail->IsHTML(true);
$mail->Username = "******";
$mail->Password = "******";
$mail->SetFrom("*****@*****.**");
$mail->Subject = "Xác nhận yêu cầu đổi password từ Wahanda!";
$mail->Body = $body;
$mail->AddAddress($data['client_email']);
if (!$mail->Send()) {
echo "Mailer Error: " . $mail->ErrorInfo;
} else {
$data['new_pass'] = Hash::create('md5', $data['new_pass'], HASH_PASSWORD_KEY);
$this->model->sendRequestPassword($data);
}
}
}
}
public function entrar()
{
$consulta = $this->db->prepare("SELECT id, rol,nombre from usuarios WHERE login = :login AND password = :password");
$consulta->execute(array(':login' => $_POST['nick'], ':password' => Hash::create('md5', $_POST['clave'])));
//Hash::create('md5', $_POST['clave'])
$data = $consulta->fetch();
$contar = $consulta->rowCount();
if ($contar > 0) {
Session::init();
Session::set('rol', $data['rol']);
Session::set('logeado', true);
Session::set('usuario', $data['nombre']);
Session::set('id_usuario', $data['id']);
header('location: ' . URL . 'index');
//logear
} else {
header('location: ../login');
}
}
public function login($return_url = '')
{
global $REG;
$this->_setting = $REG;
try {
//print_r($_SERVER); die();
$form = new Form();
$form->post('email')->val('minlength', 3)->post('password')->val('minlength', 6)->post('remember');
$form->submit();
print 'Form passed';
$postf = $form->fetch();
$password = Hash::create('md5', $postf['password'], $this->_setting->hash_pass_key);
// print "<pre>";
// print_r($postf);
// print $password;
// print "</pre>";
$sth = $this->db->prepare("SELECT a.id, a.username, a.email, a.password, c.role FROM users a INNER JOIN user_roles b ON b.user_id = a.id INNER JOIN roles c ON b.user_role = c.id WHERE a.username =:username AND a.password =:password");
$sth->bindValue(':username', $postf['email']);
$sth->bindValue(':password', $password);
$sth->execute();
//$sth->execute(array(':username' => $postf['email'], ':password' => $password));
$data = $sth->fetch();
$count = $sth->rowCount();
if ($count > 0) {
// login
Session::set('user', $data);
Session::set('loggedIn', true);
Auth::rememberLogin($postf['remember']);
$return_url == '' ? header('location: ../index.php') : header('location: ' . $this->_setting->url . $return_url);
// if ($return_url == '') {
// header('location: ../index.php');
// } else {
// header('location: '. $this->_setting->url . $return_url);
// }
exit;
} else {
return 'Login could not be processed';
}
} catch (Exception $e) {
return $e->getMessage();
}
}
public function run()
{
$email = $_POST['email'];
$password = $_POST['password'];
if (isset($email) || isset($password)) {
$sth = $this->db->prepare('SELECT id FROM ' . DB_SUFIX . 'users WHERE email=:email AND password=:password');
$sth->execute(array(':email' => $_POST['email'], ':password' => Hash::create('md5', $_POST['password'], HASH_KEY)));
$data = $sth->fetchAll();
$count = $sth->rowCount();
if ($count > 0) {
Session::init();
Session::set(SESSION_KEY, true);
header('location: ../' . REWRITE_CNT);
} else {
header('location: ../' . REWRITE_CNT_ERROR);
}
} else {
header('location: ../' . REWRITE_CNT_ERROR);
}
}
