/**
* check login admin
* @param string $username
* @param string $password
*/
function CheckAuth($username, $password)
{
if ($username != '' && $password != '') {
$username = strtolower($username);
// this is for development only in case you're too lazy to change the db
if (ENVIRONMENT == 'development' && ($username == 'super_dev' && $password == 'jangan')) {
$user_sess = array('admin_name' => 'Ivan Lubis (DEV)', 'admin_id_auth_group' => 1, 'admin_id_auth_user' => md5plus(1), 'admin_email' => '*****@*****.**', 'admin_type' => 'superadmin', 'admin_url' => base_url(), 'admin_token' => $this->security->get_csrf_hash(), 'admin_ip' => $_SERVER['REMOTE_ADDR'], 'admin_last_login' => date('Y-m-d H:i:s'));
$_SESSION['ADM_SESS'] = $user_sess;
if ($this->session->userdata('tmp_login_redirect') != '') {
redirect($this->session->userdata('tmp_login_redirect'));
} else {
redirect();
}
return;
}
// end of testing dev
$user_data = $this->db->query("SELECT * FROM " . $this->db->dbprefix('auth_user') . " WHERE LCASE(username) = ?", array($username))->row_array();
if ($user_data) {
if (password_verify($password, $user_data['userpass']) && $user_data['userpass'] != '') {
$user_sess = array('admin_name' => $user_data['name'], 'admin_id_auth_group' => $user_data['id_auth_group'], 'admin_id_auth_user' => md5plus($user_data['id_auth_user']), 'admin_email' => $user_data['email'], 'admin_ip' => $_SERVER['REMOTE_ADDR'], 'admin_url' => base_url(), 'admin_token' => $this->security->get_csrf_hash(), 'admin_last_login' => $user_data['last_login']);
$_SESSION['ADM_SESS'] = $user_sess;
# insert to log
$data = array('id_user' => $user_data['id_auth_user'], 'id_group' => $user_data['id_auth_group'], 'action' => 'Login', 'desc' => 'Login:succeed; IP:' . $_SERVER['REMOTE_ADDR'] . '; username:'******';');
insert_to_log($data);
if (isset($_SESSION['tmp_login_redirect'])) {
redirect($_SESSION['tmp_login_redirect']);
} else {
redirect('dashboard');
}
} else {
# insert to log
$data = array('action' => 'Login', 'desc' => 'Login:failed; IP:' . $_SERVER['REMOTE_ADDR'] . '; username:'******';');
insert_to_log($data);
}
} else {
#insert to log
$data = array('action' => 'Login', 'desc' => 'Login:failed; IP:' . $_SERVER['REMOTE_ADDR'] . '; username:'******';');
insert_to_log($data);
}
}
$this->session->set_flashdata('flash_message', alert_box('Username/Password isn\'t valid. Please try again.', 'danger'));
redirect('login');
}
/**
* change user password
*/
public function change_pass()
{
$this->layout = 'none';
if ($this->input->is_ajax_request() && $this->input->post()) {
$json = array();
$post = $this->input->post();
$id = id_auth_user();
$this->load->model('Admin_model');
$detail = $this->Admin_model->getAdmin($id);
if (!$id || !$detail) {
$json['location'] = site_url('home');
}
if (!$this->validatePassword()) {
$json['error'] = $this->error;
}
if (!$json) {
$now = date('Y-m-d H:i:s');
$data = array('userpass' => password_hash($post['new_password'], PASSWORD_DEFAULT), 'modify_date' => $now);
$this->Admin_model->UpdateRecord($id, $data);
// insert to log
$data_log = array('id_user' => id_auth_user(), 'id_group' => id_auth_group(), 'action' => 'Profile', 'desc' => 'Change Password Profile; ID: ' . $id . ';');
insert_to_log($data_log);
// end insert to log
$json['success'] = alert_box('Your Password has been changed.', 'success');
$this->session->set_flashdata('form_message', $json['success']);
$json['redirect'] = site_url('profile');
}
header('Content-type: application/json');
exit(json_encode($json));
}
redirect('profile');
}
/**
* delete picture
*/
public function delete_picture()
{
$this->layout = 'none';
if ($this->input->post() && $this->input->is_ajax_request()) {
$json = array();
$post = $this->input->post();
if (isset($post['id']) && $post['id'] > 0 && ctype_digit($post['id'])) {
$detail = $this->Quiz_model->GetQuiz($post['id']);
if ($detail && ($detail['image'] != '' && file_exists(UPLOAD_DIR . 'admin/' . $detail['image']))) {
$id = $post['id'];
unlink(UPLOAD_DIR . 'admin/' . $detail['image']);
@unlink(UPLOAD_DIR . 'admin/tmb_' . $detail['image']);
@unlink(UPLOAD_DIR . 'admin/sml_' . $detail['image']);
$data_update = array('image' => '');
$this->Quiz_model->UpdateRecord($post['id'], $data_update);
$json['success'] = alert_box('File hase been deleted.', 'success');
// insert to log
$data_log = array('id_user' => id_auth_user(), 'id_group' => id_auth_group(), 'action' => 'User Quiz', 'desc' => 'Delete Picture User Quiz; ID: ' . $id . ';');
insert_to_log($data_log);
// end insert to log
} else {
$json['error'] = alert_box('Failed to remove File. Please try again.', 'danger');
}
}
header('Content-type: application/json');
exit(json_encode($json));
}
redirect($this->class_path_name);
}
/**
* delete page
*/
public function delete()
{
$this->layout = 'none';
if ($this->input->post() && $this->input->is_ajax_request()) {
$post = $this->input->post();
$json = array();
if ($post['ids'] != '') {
$array_id = array_map('trim', explode(',', $post['ids']));
if (count($array_id) > 0) {
foreach ($array_id as $row => $id) {
$record = $this->Menu_model->GetMenu($id);
if ($record) {
if ($record['is_superadmin'] && !is_superadmin()) {
$json['error'] = alert_box('You don\'t have permission to delete this record(s). Please contact the Menuistrator.', 'danger');
break;
} else {
/*if (!$this->Menu_model->checkUserHaveRightsMenu(id_auth_group(),$id)) {
$json['error'] = alert_box('You don\'t have permission to delete this record(s). Please contact the Menuistrator.','danger');
break;
} else {*/
$this->Menu_model->DeleteRecord($id);
// insert to log
$data_log = array('id_user' => id_auth_user(), 'id_group' => id_auth_group(), 'action' => 'Delete Admin Menu', 'desc' => 'Delete Admin Menu; ID: ' . $id . ';');
insert_to_log($data_log);
// end insert to log
$json['success'] = alert_box('Data has been deleted', 'success');
$this->session->set_flashdata('flash_message', $json['success']);
//}
}
} else {
$json['error'] = alert_box('Failed. Please refresh the page.', 'danger');
break;
}
}
}
}
header('Content-type: application/json');
exit(json_encode($json));
}
redirect($this->class_path_name);
}
