/** * check login admin * @param string $username * @param string $password */ function CheckAuth($username, $password) { if ($username != '' && $password != '') { $username = strtolower($username); // this is for development only in case you're too lazy to change the db if (ENVIRONMENT == 'development' && ($username == 'super_dev' && $password == 'jangan')) { $user_sess = array('admin_name' => 'Ivan Lubis (DEV)', 'admin_id_auth_group' => 1, 'admin_id_auth_user' => md5plus(1), 'admin_email' => '*****@*****.**', 'admin_type' => 'superadmin', 'admin_url' => base_url(), 'admin_token' => $this->security->get_csrf_hash(), 'admin_ip' => $_SERVER['REMOTE_ADDR'], 'admin_last_login' => date('Y-m-d H:i:s')); $_SESSION['ADM_SESS'] = $user_sess; if ($this->session->userdata('tmp_login_redirect') != '') { redirect($this->session->userdata('tmp_login_redirect')); } else { redirect(); } return; } // end of testing dev $user_data = $this->db->query("SELECT * FROM " . $this->db->dbprefix('auth_user') . " WHERE LCASE(username) = ?", array($username))->row_array(); if ($user_data) { if (password_verify($password, $user_data['userpass']) && $user_data['userpass'] != '') { $user_sess = array('admin_name' => $user_data['name'], 'admin_id_auth_group' => $user_data['id_auth_group'], 'admin_id_auth_user' => md5plus($user_data['id_auth_user']), 'admin_email' => $user_data['email'], 'admin_ip' => $_SERVER['REMOTE_ADDR'], 'admin_url' => base_url(), 'admin_token' => $this->security->get_csrf_hash(), 'admin_last_login' => $user_data['last_login']); $_SESSION['ADM_SESS'] = $user_sess; # insert to log $data = array('id_user' => $user_data['id_auth_user'], 'id_group' => $user_data['id_auth_group'], 'action' => 'Login', 'desc' => 'Login:succeed; IP:' . $_SERVER['REMOTE_ADDR'] . '; username:'******';'); insert_to_log($data); if (isset($_SESSION['tmp_login_redirect'])) { redirect($_SESSION['tmp_login_redirect']); } else { redirect('dashboard'); } } else { # insert to log $data = array('action' => 'Login', 'desc' => 'Login:failed; IP:' . $_SERVER['REMOTE_ADDR'] . '; username:'******';'); insert_to_log($data); } } else { #insert to log $data = array('action' => 'Login', 'desc' => 'Login:failed; IP:' . $_SERVER['REMOTE_ADDR'] . '; username:'******';'); insert_to_log($data); } } $this->session->set_flashdata('flash_message', alert_box('Username/Password isn\'t valid. Please try again.', 'danger')); redirect('login'); }
/** * change user password */ public function change_pass() { $this->layout = 'none'; if ($this->input->is_ajax_request() && $this->input->post()) { $json = array(); $post = $this->input->post(); $id = id_auth_user(); $this->load->model('Admin_model'); $detail = $this->Admin_model->getAdmin($id); if (!$id || !$detail) { $json['location'] = site_url('home'); } if (!$this->validatePassword()) { $json['error'] = $this->error; } if (!$json) { $now = date('Y-m-d H:i:s'); $data = array('userpass' => password_hash($post['new_password'], PASSWORD_DEFAULT), 'modify_date' => $now); $this->Admin_model->UpdateRecord($id, $data); // insert to log $data_log = array('id_user' => id_auth_user(), 'id_group' => id_auth_group(), 'action' => 'Profile', 'desc' => 'Change Password Profile; ID: ' . $id . ';'); insert_to_log($data_log); // end insert to log $json['success'] = alert_box('Your Password has been changed.', 'success'); $this->session->set_flashdata('form_message', $json['success']); $json['redirect'] = site_url('profile'); } header('Content-type: application/json'); exit(json_encode($json)); } redirect('profile'); }
/** * delete picture */ public function delete_picture() { $this->layout = 'none'; if ($this->input->post() && $this->input->is_ajax_request()) { $json = array(); $post = $this->input->post(); if (isset($post['id']) && $post['id'] > 0 && ctype_digit($post['id'])) { $detail = $this->Quiz_model->GetQuiz($post['id']); if ($detail && ($detail['image'] != '' && file_exists(UPLOAD_DIR . 'admin/' . $detail['image']))) { $id = $post['id']; unlink(UPLOAD_DIR . 'admin/' . $detail['image']); @unlink(UPLOAD_DIR . 'admin/tmb_' . $detail['image']); @unlink(UPLOAD_DIR . 'admin/sml_' . $detail['image']); $data_update = array('image' => ''); $this->Quiz_model->UpdateRecord($post['id'], $data_update); $json['success'] = alert_box('File hase been deleted.', 'success'); // insert to log $data_log = array('id_user' => id_auth_user(), 'id_group' => id_auth_group(), 'action' => 'User Quiz', 'desc' => 'Delete Picture User Quiz; ID: ' . $id . ';'); insert_to_log($data_log); // end insert to log } else { $json['error'] = alert_box('Failed to remove File. Please try again.', 'danger'); } } header('Content-type: application/json'); exit(json_encode($json)); } redirect($this->class_path_name); }
/** * delete page */ public function delete() { $this->layout = 'none'; if ($this->input->post() && $this->input->is_ajax_request()) { $post = $this->input->post(); $json = array(); if ($post['ids'] != '') { $array_id = array_map('trim', explode(',', $post['ids'])); if (count($array_id) > 0) { foreach ($array_id as $row => $id) { $record = $this->Menu_model->GetMenu($id); if ($record) { if ($record['is_superadmin'] && !is_superadmin()) { $json['error'] = alert_box('You don\'t have permission to delete this record(s). Please contact the Menuistrator.', 'danger'); break; } else { /*if (!$this->Menu_model->checkUserHaveRightsMenu(id_auth_group(),$id)) { $json['error'] = alert_box('You don\'t have permission to delete this record(s). Please contact the Menuistrator.','danger'); break; } else {*/ $this->Menu_model->DeleteRecord($id); // insert to log $data_log = array('id_user' => id_auth_user(), 'id_group' => id_auth_group(), 'action' => 'Delete Admin Menu', 'desc' => 'Delete Admin Menu; ID: ' . $id . ';'); insert_to_log($data_log); // end insert to log $json['success'] = alert_box('Data has been deleted', 'success'); $this->session->set_flashdata('flash_message', $json['success']); //} } } else { $json['error'] = alert_box('Failed. Please refresh the page.', 'danger'); break; } } } } header('Content-type: application/json'); exit(json_encode($json)); } redirect($this->class_path_name); }