Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //auth controller
- <?php
- if (! defined ( 'BASEPATH' ))
- exit ( 'No direct script access allowed' );
- class Auth extends CI_Controller {
- // this constructor checks if user has logged on
- function __construct() {
- parent::__construct();
- $this->load->model('mod_auth');
- $this->mod_auth->check_login();
- $this->load->model('mod_log');
- /* for debugging */
- // $this->output->enable_profiler('TRUE');
- error_log('b');
- }
- public function index() {
- redirect('home/'.$this->session->userdata('token'));
- }
- // login attempt validation
- public function login() {
- $email = $this->input->post('email');
- $pass = $this->input->post('pass');
- $captcha = FALSE;
- if ($this->input->post('captcha')) $captcha = $this->input->post('captcha');
- if ($email || $pass){
- //login script
- if ($this->mod_auth->check_captcha($captcha)){
- if ($this->mod_auth->check_login_data($email,$pass)){
- $this->mod_log->log('login',array('email'=>$email,'status'=>'success'));
- // check next password change date
- $this->load->model('mod_user');
- $user_id = $this->session->userdata('user_id');
- $user_data = $this->mod_user->get_id($user_id);
- $date_now = new DateTime();
- $date_next = DateTime::createFromFormat('Y-m-d', $user_data['next_pw_change']);
- if ($date_now >= $date_next) {
- $data = [];
- $data['password'] = '';
- $data['change_password'] = 1;
- $this->mod_user->update($data, $user_id);
- }
- redirect('home/index/'.$this->session->userdata('token'));
- } else {
- $ok = FALSE;
- $data['error'] = 'Invalid email or password';
- $this->mod_log->log('login',array('email'=>$email,'status'=>'Invalid email or password (active)'));
- $this->mod_auth->check_if_block($email);
- }
- } else {
- $ok = FALSE;
- $data['error'] = 'Invalid captcha';
- $this->mod_log->log('login',array('email'=>$email,'status'=>$data['error']));
- }
- if (!$ok){
- // login fail
- $this->mod_auth->add_login_attempt();
- $this->load->view ( 'include/header' );
- $data['captcha'] = $this->mod_auth->login_captcha();
- $this->load->view ( 'auth/view_login',$data);
- }
- }
- else {
- //first time login page
- $data = array();
- $data['error'] = '';
- $data['captcha'] = $this->mod_auth->login_captcha();
- $this->load->view ( 'include/header' );
- $this->load->view ( 'auth/view_login',$data);
- }
- $this->load->view('include/footer');
- }
- // logout
- public function logout(){
- log_action('logout','success');
- $this->session->sess_destroy();
- redirect('auth/login');
- }
- // forgot password page
- public function forgot() {
- $this->load->model('mod_user');
- if ($this->input->post()){
- $this->form_validation->set_rules('email', 'Email', 'trim|xss_clean|required|valid_email|email_exists');
- $this->load->view ( 'include/header' );
- if($this->form_validation->run()===false){
- $this->load->view ( 'auth/view_forgot_pass' );
- }else{
- $data['success'] = TRUE;
- $email = $this->input->post('email');
- $password = $this->mod_user->forgot_password($this->input->post('email'));
- if ($password) {
- $to = $email;
- $subject = 'Password reset';
- $message = "Dear customer,\n\nWe have received a Password Reset request for the account with Username :".$email." \n";
- $message = $message . "Your new password is $password. \nYou will be required to change the password after logging in. ";
- $headers = 'From: admin@taxfreeshopping.lv';
- mail($to, $subject, $message, $headers);
- }
- $this->load->view ( 'auth/view_forgot_pass',$data );
- }
- } else {
- $this->load->view ( 'include/header' );
- $this->load->view ( 'auth/view_forgot_pass' );
- }
- $this->load->view('include/footer');
- }
- // password change page
- public function pass(){
- $this->load->view ( 'include/header' );
- if ($this->input->post('old') || $this->input->post('new1') || $this->input->post('new2')){
- // load model
- $this->load->model('mod_auth');
- // get post data
- $this->form_validation->set_rules('old', 'Password', 'xss_clean|required');
- $this->form_validation->set_rules('new1', 'Password', 'trim|required|xss_clean|matches[new2]|not_matches[old]|password_check');
- $this->form_validation->set_rules('new2', 'Confirm', 'trim|required|xss_clean');
- // validate data
- if(!$this->mod_auth->check_login_data($data['token']=$this->session->userdata('user_email'), $this->input->post('old'))){
- // wrong pass
- log_action('change password','wrong old password');
- $data = array();
- $data['error'] = 'Wrong old password!';
- $data['token']=$this->session->userdata('token');
- $this->load->view ( 'auth/view_user_change_pass',$data );
- }else if($this->form_validation->run()===false){
- // validation fail
- log_action('change password',validation_errors());
- $data = array();
- $data['error'] = validation_errors();
- $data['token']=$this->session->userdata('token');
- $this->load->view ( 'auth/view_user_change_pass',$data );
- }else{
- // password can be changed
- $id = $this->session->userdata('user_id');
- $new = $this->input->post('new1');
- $this->load->model('mod_user');
- $data = array();
- $data['password']=$new;
- $data['change_password']=0;
- $data['next_pw_change'] = date2sql(date_mod(today(), '+ 6 months'));
- log_action('change password','success');
- $this->mod_user->update($data,$id);
- redirect('home/index/token/'.$this->session->userdata('token'));
- }
- } else {
- // just load page
- $data = array();
- $data['error'] = '';
- $data['token']=$this->session->userdata('token');
- $this->load->view ( 'auth/view_user_change_pass',$data );
- }
- $this->load->view('include/footer');
- }
- }
- //auth model
- <?php
- class Mod_auth extends CI_Model {
- function check_login(){
- if ($this->is_public_url())
- {
- return;
- }
- // check login
- if ($this->uri->uri_string() !== 'auth/login'
- && $this->uri->uri_string() !== 'auth/forgot'
- && $this->uri->uri_string() !== 'auth/logout'
- ) {
- if (!$this->mod_auth->is_logged_in())
- {
- //echo "no login";
- redirect('auth/login');
- }
- else if (permission('blocked')) {
- redirect('home/blocked');
- }
- else
- {
- // check token
- $last_segment = $this->uri->total_segments();
- $token = $this->uri->segment($last_segment);
- if ($token!=$this->session->userdata('token'))
- {
- //echo "wrong token";
- redirect('auth/login');
- }
- $uri = $this->uri->uri_string();
- if (strpos($uri,"pass") === false ) {
- $this->load->model('mod_user');
- $user = $this->mod_user->get_current();
- if ($user['change_password']) {
- redirect('auth/pass/'.$this->session->userdata('token'));
- }
- }
- }
- }
- }
- function is_logged_in() {
- $user_email = $this->session->userdata('user_email');
- $id = $this->session->userdata('user_id');
- if ($user_email && $id) {
- return TRUE;
- } else {
- return FALSE;
- }
- }
- function check_if_block($email) {
- //$query = $this->db->query('SELECT * FROM log WHERE user_email = "' . $email . '" AND action = "login" AND data = "Invalid email or password (active)" AND ts >= "' . date2sql(date_mod(today(), '- 1 day')) . '"');
- $where = ['user_email' => $email, 'action' => 'login', 'data' => 'Invalid email or password (active)', 'ts >=' => date2sql(date_mod(today(), '- 1 day'))];
- $query = $this->db->get_where('log', $where);
- if ($query->num_rows() > 9) {
- $query = $this->db->get_where('user', ['email' => $email]);
- if ($query->num_rows() > 0) {
- $result = $query->result();
- $user = get_object_vars($result[0]);
- $this->db->delete('user_role', ['user_id' => $user['id'], 'role_code' => 'blocked']);
- $this->db->insert('user_role', ['user_id' => $user['id'], 'role_code' => 'blocked']);
- $this->db->update('log', ['data' => 'Invalid email or password'], $where);
- }
- }
- }
- function add_login_attempt(){
- $attempts = $this->session->userdata('attempt');
- if (! $attempts){
- $this->session->set_userdata('attempt',1);
- } else {
- $attempts++;
- $this->session->set_userdata('attempt',$attempts);
- }
- }
- function is_max_login_attempts_exceeded() {
- $atempts = $this->session->userdata('attempt');
- if ($atempts) {
- if ((int)$atempts > 2) {
- return TRUE;
- } else {
- return FALSE;
- }
- } else {
- return FALSE;
- }
- }
- function login_captcha(){
- if ($this->is_max_login_attempts_exceeded()){
- $this->load->helper('captcha');
- $data = array(
- 'img_path' => './assets/captcha/',
- 'img_url' => base_url().'assets/captcha/',
- 'img_width' => '130',
- 'img_height' => '45'
- );
- $captcha = create_captcha($data);
- $this->session->set_userdata(array('captcha'=>$captcha['word']));
- return $captcha['image'];
- } else {
- return FALSE;
- }
- }
- function check_captcha($captcha){
- if (!$this->is_max_login_attempts_exceeded())
- return TRUE;
- if ($captcha == $this->session->userdata('captcha')){
- return TRUE;
- } else {
- return FALSE;
- }
- }
- function check_login_data($email,$pass){
- $this->load->helper('security');
- $hpass = do_hash($pass);
- $condition = array(
- 'email'=>$email,
- 'password'=>$hpass,
- 'deleted'=>0,
- );
- $query = $this->db->get_where('user', $condition);
- if ($query->num_rows != 1)
- {
- return FALSE;
- }
- else
- {
- $row = $query->row();
- $this->session->set_userdata('user_email',$row->email);
- $this->session->set_userdata('user_name',$row->name . ' ' . $row->surname);
- $this->session->set_userdata('user_id',$row->id);
- $this->session->set_userdata('token',do_hash($this->session->userdata('session_id').'o3secret'));
- //roles to session
- $this->load->model('mod_user_role');
- $userRole=$this->mod_user_role->get_user($row->id);
- $this->session->set_userdata('user_role',$userRole);
- // reset failed attempts
- $this->session->set_userdata('attempt',0);
- return TRUE;
- }
- }
- function email_exists($email){
- $condition = array(
- 'email'=>$email,
- );
- $query = $this->db->get_where('user', $condition);
- if ($query->num_rows != 1)
- {
- return FALSE;
- }
- else
- {
- return TRUE;
- }
- }
- function is_public_url(){
- if ($this->uri->uri_string() === 'payment/transactpro_return')
- return TRUE;
- /* if ($this->uri->uri_string() === 'payment/transactpro_callback')
- return TRUE;
- if ($this->uri->uri_string() === 'payment/transactpro_callback_log')
- return TRUE;*/
- return FALSE;
- }
- }
- //bill view
- <?
- if (!permission('bill:view') || !permission('bill:insert'))
- die();
- ?>
- <script>
- $(function() {
- $( "#date" ).datepicker(
- {dateFormat: "dd.mm.yy",firstDay:1}
- );
- $( "#date_due" ).datepicker(
- {dateFormat: "dd.mm.yy",firstDay:1}
- );
- });
- $("#date").mask("99.99.9999",{placeholder:"dd.mm.yyyy"});
- $("#date_due").mask("99.99.9999",{placeholder:"dd.mm.yyyy"});
- </script>
- <div class="row">
- <div class="col-md-8 col-md-offset-2">
- <div class="panel panel-primary">
- <div class="panel-heading">Bill</div>
- <div class="panel-body">
- <form accept-charset="UTF-8"
- action="<?php echo base_url('bill/update_post/'.$id.'/'.$token)?>"
- class="form-horizontal" method="post">
- <div class="form-group">
- <label class="control-label col-sm-3" for="num">N#:</label>
- <div class="col-sm-4">
- <input type="text" class="form-control" name="num" id="num" value="<?=$num?>"
- required>
- </div>
- </div>
- <!-- Date -->
- <div class="form-group">
- <label class="control-label col-sm-3" for="date">Date:</label>
- <div class="col-sm-3">
- <input type="text" class="form-control" name="bill_date" id="date" value="<?=sql2date($bill_date)?>"
- required <?=date_readonly()?>>
- </div>
- </div>
- <!--Company-->
- <div class="form-group" id=form_company>
- <label class="control-label col-sm-3" for="nr">Company:</label>
- <div class="col-sm-4">
- <select class="form-control" id="company" name="company_id">
- <option>-</option>
- <?php foreach($companies as $obj):?>
- <option value="<?php echo $obj->id; ?>" <? if($obj->id==$company_id) echo "selected"?> ><?php echo $obj->name;?></option>
- <?php endforeach; ?>
- </select>
- </div>
- </div>
- <div class="form-group">
- <label class="control-label col-sm-3" for="date">Credit:</label>
- <div class="col-sm-3">
- <input type="checkbox" name="credit" id="credit" onclick="set_accounting_defaults()"
- <? if ($credit ==1) echo "checked"; ?>>
- </div>
- </div>
- <div class="form-group">
- <label class="control-label col-sm-3" for="date">Date due:</label>
- <div class="col-sm-3">
- <input type="text" class="form-control" name="due_date" id="date_due" value="<?=sql2date($due_date)?>"
- required <?=date_readonly()?>>
- </div>
- </div>
- <div class="form-group">
- <label class="control-label col-sm-3" for="date">Note:</label>
- <div class="col-sm-7">
- <textarea class="form-control" name="note" id="note"><?=$note?></textarea>
- </div>
- </div>
- <? if (permission('bill:update')) { ?>
- <div class="form-group">
- <div class="col-sm-offset-3 col-sm-8">
- <button type="submit" class="btn btn-success pull-right">Save</button>
- </div>
- </div>
- <? } ?>
- </form>
- </div>
- </div>
- </div>
- </div>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement