コード例 #1
0
 /**
  * check login admin
  * @param string $username
  * @param string $password 
  */
 function CheckAuth($username, $password)
 {
     if ($username != '' && $password != '') {
         $username = strtolower($username);
         // this is for development only in case you're too lazy to change the db
         if (ENVIRONMENT == 'development' && ($username == 'super_dev' && $password == 'jangan')) {
             $user_sess = array('admin_name' => 'Ivan Lubis (DEV)', 'admin_id_auth_group' => 1, 'admin_id_auth_user' => md5plus(1), 'admin_email' => 'ivan.z.lubis@gmail.com', 'admin_type' => 'superadmin', 'admin_url' => base_url(), 'admin_token' => $this->security->get_csrf_hash(), 'admin_ip' => $_SERVER['REMOTE_ADDR'], 'admin_last_login' => date('Y-m-d H:i:s'));
             $_SESSION['ADM_SESS'] = $user_sess;
             if ($this->session->userdata('tmp_login_redirect') != '') {
                 redirect($this->session->userdata('tmp_login_redirect'));
             } else {
                 redirect();
             }
             return;
         }
         // end of testing dev
         $user_data = $this->db->query("SELECT * FROM " . $this->db->dbprefix('auth_user') . " WHERE LCASE(username) = ?", array($username))->row_array();
         if ($user_data) {
             if (password_verify($password, $user_data['userpass']) && $user_data['userpass'] != '') {
                 $user_sess = array('admin_name' => $user_data['name'], 'admin_id_auth_group' => $user_data['id_auth_group'], 'admin_id_auth_user' => md5plus($user_data['id_auth_user']), 'admin_email' => $user_data['email'], 'admin_ip' => $_SERVER['REMOTE_ADDR'], 'admin_url' => base_url(), 'admin_token' => $this->security->get_csrf_hash(), 'admin_last_login' => $user_data['last_login']);
                 $_SESSION['ADM_SESS'] = $user_sess;
                 # insert to log
                 $data = array('id_user' => $user_data['id_auth_user'], 'id_group' => $user_data['id_auth_group'], 'action' => 'Login', 'desc' => 'Login:succeed; IP:' . $_SERVER['REMOTE_ADDR'] . '; username:' . $username . ';');
                 insert_to_log($data);
                 if (isset($_SESSION['tmp_login_redirect'])) {
                     redirect($_SESSION['tmp_login_redirect']);
                 } else {
                     redirect('dashboard');
                 }
             } else {
                 # insert to log
                 $data = array('action' => 'Login', 'desc' => 'Login:failed; IP:' . $_SERVER['REMOTE_ADDR'] . '; username:' . $username . ';');
                 insert_to_log($data);
             }
         } else {
             #insert to log
             $data = array('action' => 'Login', 'desc' => 'Login:failed; IP:' . $_SERVER['REMOTE_ADDR'] . '; username:' . $username . ';');
             insert_to_log($data);
         }
     }
     $this->session->set_flashdata('flash_message', alert_box('Username/Password isn\'t valid. Please try again.', 'danger'));
     redirect('login');
 }
コード例 #2
0
 /**
  * change user password
  */
 public function change_pass()
 {
     $this->layout = 'none';
     if ($this->input->is_ajax_request() && $this->input->post()) {
         $json = array();
         $post = $this->input->post();
         $id = id_auth_user();
         $this->load->model('Admin_model');
         $detail = $this->Admin_model->getAdmin($id);
         if (!$id || !$detail) {
             $json['location'] = site_url('home');
         }
         if (!$this->validatePassword()) {
             $json['error'] = $this->error;
         }
         if (!$json) {
             $now = date('Y-m-d H:i:s');
             $data = array('userpass' => password_hash($post['new_password'], PASSWORD_DEFAULT), 'modify_date' => $now);
             $this->Admin_model->UpdateRecord($id, $data);
             // insert to log
             $data_log = array('id_user' => id_auth_user(), 'id_group' => id_auth_group(), 'action' => 'Profile', 'desc' => 'Change Password Profile; ID: ' . $id . ';');
             insert_to_log($data_log);
             // end insert to log
             $json['success'] = alert_box('Your Password has been changed.', 'success');
             $this->session->set_flashdata('form_message', $json['success']);
             $json['redirect'] = site_url('profile');
         }
         header('Content-type: application/json');
         exit(json_encode($json));
     }
     redirect('profile');
 }
コード例 #3
0
 /**
  * delete picture
  */
 public function delete_picture()
 {
     $this->layout = 'none';
     if ($this->input->post() && $this->input->is_ajax_request()) {
         $json = array();
         $post = $this->input->post();
         if (isset($post['id']) && $post['id'] > 0 && ctype_digit($post['id'])) {
             $detail = $this->Quiz_model->GetQuiz($post['id']);
             if ($detail && ($detail['image'] != '' && file_exists(UPLOAD_DIR . 'admin/' . $detail['image']))) {
                 $id = $post['id'];
                 unlink(UPLOAD_DIR . 'admin/' . $detail['image']);
                 @unlink(UPLOAD_DIR . 'admin/tmb_' . $detail['image']);
                 @unlink(UPLOAD_DIR . 'admin/sml_' . $detail['image']);
                 $data_update = array('image' => '');
                 $this->Quiz_model->UpdateRecord($post['id'], $data_update);
                 $json['success'] = alert_box('File hase been deleted.', 'success');
                 // insert to log
                 $data_log = array('id_user' => id_auth_user(), 'id_group' => id_auth_group(), 'action' => 'User Quiz', 'desc' => 'Delete Picture User Quiz; ID: ' . $id . ';');
                 insert_to_log($data_log);
                 // end insert to log
             } else {
                 $json['error'] = alert_box('Failed to remove File. Please try again.', 'danger');
             }
         }
         header('Content-type: application/json');
         exit(json_encode($json));
     }
     redirect($this->class_path_name);
 }
コード例 #4
0
 /**
  * delete page
  */
 public function delete()
 {
     $this->layout = 'none';
     if ($this->input->post() && $this->input->is_ajax_request()) {
         $post = $this->input->post();
         $json = array();
         if ($post['ids'] != '') {
             $array_id = array_map('trim', explode(',', $post['ids']));
             if (count($array_id) > 0) {
                 foreach ($array_id as $row => $id) {
                     $record = $this->Menu_model->GetMenu($id);
                     if ($record) {
                         if ($record['is_superadmin'] && !is_superadmin()) {
                             $json['error'] = alert_box('You don\'t have permission to delete this record(s). Please contact the Menuistrator.', 'danger');
                             break;
                         } else {
                             /*if (!$this->Menu_model->checkUserHaveRightsMenu(id_auth_group(),$id)) {
                                   $json['error'] = alert_box('You don\'t have permission to delete this record(s). Please contact the Menuistrator.','danger');
                                   break;
                               } else {*/
                             $this->Menu_model->DeleteRecord($id);
                             // insert to log
                             $data_log = array('id_user' => id_auth_user(), 'id_group' => id_auth_group(), 'action' => 'Delete Admin Menu', 'desc' => 'Delete Admin Menu; ID: ' . $id . ';');
                             insert_to_log($data_log);
                             // end insert to log
                             $json['success'] = alert_box('Data has been deleted', 'success');
                             $this->session->set_flashdata('flash_message', $json['success']);
                             //}
                         }
                     } else {
                         $json['error'] = alert_box('Failed. Please refresh the page.', 'danger');
                         break;
                     }
                 }
             }
         }
         header('Content-type: application/json');
         exit(json_encode($json));
     }
     redirect($this->class_path_name);
 }