sfandrianah | update e_portal | e_pusbang

Tripoin · Feb 15, 2017 · 78a8664 · 78a8664
1 parent 0056832
commit 78a8664
Show file tree

Hide file tree

Showing 36 changed files with 1,057 additions and 219 deletions.
diff --git a/app/Controller/Base/Auth.php b/app/Controller/Base/Auth.php
@@ -30,6 +30,7 @@
 use app\Util\Form;
 use app\Model\SecurityUser;
 use app\Model\SecurityUserProfile;
+use app\Model\SecurityGroup;
 use app\Util\PHPMail\PHPMailer;
 use app\Model\TransactionRegistration;
 use app\Model\LinkRegistration;
@@ -363,31 +364,70 @@ public function sendMailRegister() {
     }
 
     public function loginProses() {
+
         $user = new SecurityUser();
         $userProfile = new SecurityUserProfile();
+        $group = new SecurityGroup();
 //        $username = $_POST['username'];
-        $email = $_POST['emaillogin'];
-        $password = $_POST['passwordlogin'];
-        $dbNew = new Database();
-        $dbNew->connect();
-        $dbNew->sql("SELECT * FROM " . $user->getEntity() . " 
+        $email = $_POST['username'];
+        $password = $_POST['password'];
+        $security_code = $_POST['security_code'];
+        if ($security_code == $_SESSION[SESSION_CAPTCHA]['code']) {
+
+            $dbNew = new Database();
+            $dbNew->connect();
+
+            $dbNew->sql("SELECT * FROM " . $user->getEntity() . " 
+            WHERE LOWER(" . $user->getCode() . ") = '" . $email . "' 
+                AND " . $user->getStatus() . EQUAL . ONE);
+            $rsPostNew = $dbNew->getResult();
+            if (empty($rsPostNew)) {
+                $dbNew->sql("SELECT * FROM " . $user->getEntity() . " 
             WHERE LOWER(" . $user->getEmail() . ") = '" . $email . "' 
-            AND (" . $user->getPassword() . " = SHA1(CONCAT(user_salt, SHA1(CONCAT(user_salt, SHA1('" . $password . "'))))) 
-            OR " . $user->getEmail() . " = '" . md5($password) . "') AND status = '1' AND " . $user->getApproved() . " = '1'");
-        $rsPostNew = $dbNew->getResult();
-        if (empty($rsPostNew)) {
-//            echo 'Login Failed';
-            echo toastAlert("error", lang('general.login_failed'), lang('general.login_failed_username'));
-            echo "<script>$(function(){postAjaxGetValue('" . URL('/page/login') . "','modal-body-self','" . json_encode($_POST) . "'); })</script>";
+                AND " . $user->getStatus() . EQUAL . ONE);
+                $rsPostNew = $dbNew->getResult();
+            }
+
+            if (empty($rsPostNew)) {
+                echo resultPageMsg("danger", lang('general.login_failed'), lang('general.login_failed_username'));
+                echo '<script>ajaxPostManual(\'' . URL('captcha/reload') . '\',\'captcha_image_security_code\');</script>';
+            } else {
+                $result_group = false;
+                if ($rsPostNew[0][$user->getGroupId()] != 2) {
+                    $res_group = $dbNew->selectByID($group, $group->getId() . "='" . $rsPostNew[0][$user->getGroupId()] . "'");
+                    if (!empty($res_group)) {
+                        if ($res_group[0][$group->getParentId()] == 2) {
+                            $result_group = true;
+                        }
+                    }
+                } else {
+                    $result_group = true;
+                }
+
+                if ($result_group == false) {
+                    echo resultPageMsg("danger", lang('general.login_failed'), lang('general.login_failed_username'));
+                    echo '<script>ajaxPostManual(\'' . URL('captcha/reload') . '\',\'captcha_image_security_code\');</script>';
+                } else {
+                    if (password_verify($password, $rsPostNew[0][$user->getPassword()])) {
+                        $res_user = $dbNew->selectByID($userProfile, $userProfile->getUserId() . "='" . $rsPostNew[0][$user->getId()] . "'");
+                        $_SESSION[SESSION_USERNAME_GUEST] = $rsPostNew[0][$user->getCode()];
+                        $_SESSION[SESSION_EMAIL_GUEST] = $rsPostNew[0][$user->getEmail()];
+                        $_SESSION[SESSION_FULLNAME_GUEST] = $res_user[0][$userProfile->getName()];
+                        $_SESSION[SESSION_GROUP_GUEST] = $rsPostNew[0][$user->getGroupId()];
+                        $_SESSION[SESSION_EXPIRED_DATE_GUEST] = $rsPostNew[0][$user->getExpiredDate()];
+                        echo resultPageMsg("success", lang('general.login_success'), lang('general.login_success_message'));
+                        echo '<script>window.location.href = "' . URL('') . '";</script>';
+                    } else {
+                        echo resultPageMsg("danger", lang('general.login_failed'), lang('general.login_failed_username'));
+                        echo '<script>ajaxPostManual(\'' . URL('captcha/reload') . '\',\'captcha_image_security_code\');</script>';
+                    }
+
+//                
+                }
+            }
         } else {
-            $res_user = $dbNew->selectByID($userProfile, $userProfile->getEmail() . "='" . $email . "'");
-            $_SESSION[SESSION_USERNAME] = $rsPostNew[0][$user->getCode()];
-            $_SESSION[SESSION_EMAIL] = $rsPostNew[0][$user->getEmail()];
-            $_SESSION[SESSION_FULLNAME] = $res_user[0][$userProfile->getFullname()];
-            $_SESSION[SESSION_GROUP] = $rsPostNew[0][$user->getGroup()->getId()];
-//            echo '<h3 align="center">Login Sukses</h3>';
-            echo toastAlert("success", lang('general.login_success'), lang('general.login_success_message'));
-            echo '<script>window.location.href = "' . URL('') . '";</script>';
+            echo resultPageMsg("danger", lang('general.login_failed'), lang('general.security_code') . " is Wrong");
+            echo '<script>ajaxPostManual(\'' . URL('captcha/reload') . '\',\'captcha_image_security_code\');</script>';
         }
     }
 

diff --git a/app/Controller/Base/AuthAdmin.php b/app/Controller/Base/AuthAdmin.php
@@ -153,39 +153,8 @@ public function loginProses() {
         } else {
             $user_profile = $dbNew->selectByID($userProfile, $userProfile->getId() . EQUAL . $rsPostNew[0][$user->getId()]);
             if ($rsPostNew[0][$user->getGroupId()] == 2) {
-
-
-                /* $dbNew->sql("SELECT * FROM " . $user->getEntity() . " 
-                  WHERE LOWER(" . $user->getEmail() . ") = '" . $email . "'
-                  OR LOWER(" . $user->getCode() . ") = '" . $code . "'
-                  AND (" . $user->getPassword() . " = SHA1(CONCAT(" . $user->getSalt() . ", SHA1(CONCAT(" . $user->getSalt() . ", SHA1('" . $password . "')))))
-                  OR " . $user->getEmail() . " = '" . md5($password) . "'
-                  OR " . $user->getCode() . " = '" . md5($password) . "')
-                  AND " . $user->getStatus() . EQUAL . ONE . " AND " . $user->getApproved() . EQUAL . ONE);
-                  $rsPostNews = $dbNew->getResult();
-                 * 
-                 */
-                $dbNew->selectByID($user->getEntity(), $user->getCode() . EQUAL . "'" . $code . "'");
-                $rsPostNews = $dbNew->getResult();
-//                print_r($rsPostNews);
-                if (empty($rsPostNew)) {
-//            echo 'Login Failed';
-                    if (password_verify($password, $rsPostNews[0][$user->getPassword()])) {
-                        $_SESSION[SESSION_USERNAME] = $rsPostNews[0][$user->getCode()];
-                        $_SESSION[SESSION_EMAIL] = $rsPostNews[0][$user->getEmail()];
-                        $_SESSION[SESSION_FULLNAME] = $rsPostNews[0][$user->getName()];
-                        $_SESSION[SESSION_GROUP] = $rsPostNews[0][$user->getGroupId()];
-                        $result = array("result" => "success", "title" => "Login Success", "nexturl" => $_SERVER['HTTP_REFERER'], "message" => "You Have Successfully Login");
-                        echo json_encode($result);
-                    } else {
-                        $result = array("result" => "error", "title" => "Login Failed", "message" => "Email Or Password Is Incorrect");
-                        echo json_encode($result);
-                    }
-                } else {
-                    $result = array("result" => "error", "title" => "Login Failed", "message" => "Email Or Password Is Incorrect" . $rsPostNews[0]);
-                    echo json_encode($result);
-//            echo '<h3 align="center">Login Sukses</h3>';
-                }
+                $result = array("result" => "error", "title" => "Login Failed", "message" => "Email Or Password Is Incorrect");
+                echo json_encode($result);
             } else {
 //                $dbNew->selectByID($user->getEntity(), $user->getCode() . EQUAL . "'" . $code . "'");
 //                $rsPostNews = $dbNew->getResult();
@@ -486,10 +455,12 @@ public function logout() {
         $admin_url = getAdminTheme();
         echo '<script>window.location.href = "' . URL($admin_url) . '";</script>';
     }
-     public function lockScreen() {
+
+    public function lockScreen() {
         ini_set("display_errors", "Off");
         $_SESSION[SESSION_LOCK_SCREEN] = true;
         $admin_url = getAdminTheme();
-        echo '<script>window.location.href = "' .URL($admin_url) . '";</script>';
+        echo '<script>window.location.href = "' . URL($admin_url) . '";</script>';
     }
+
 }
diff --git a/app/Controller/Member/UserProfile.php b/app/Controller/Member/UserProfile.php
@@ -15,6 +15,7 @@
 use app\Util\DataTable;
 use app\Model\Confirm;
 use app\Model\SecurityUser;
+use app\Model\MasterContact;
 
 class UserProfile {
 
@@ -42,16 +43,16 @@ public function detailSaldoTopup() {
             $Datatable->per_page = $_POST['per_page'];
         }
         if (isset($_POST['search_pagination'])) {
-            $Datatable->search = $_POST['search_by'].'>'.$_POST['search_pagination'];
+            $Datatable->search = $_POST['search_by'] . '>' . $_POST['search_pagination'];
         }
         $up = new SecurityUserProfile();
-        $user = $db->selectByID($up->getUser(), $up->getUser()->getCode() . "='" . $_SESSION[SESSION_USERNAME] . "'");
+        $user = $db->selectByID($up->getUser(), $up->getUser()->getCode() . "='" . $_SESSION[SESSION_USERNAME_GUEST] . "'");
         $cek_user_profile = $db->selectByID($up, $up->getId() . "=" . $user[0][$up->getId()] . "");
 
         $confirm = new Confirm();
-        $list_data = $Datatable->select_pagination($confirm, $confirm->getEntity(),$confirm->getCreatedByUsername().EQUAL."'".$user[0][$up->getUser()->getCode()]."'");
-        
-        $sql_saldo = $db->sql("SELECT SUM(".$confirm->getTransferAmount().") as saldo FROM ".$confirm->getEntity()." WHERE ".$confirm->getConfirmStatus().EQUAL."1 AND ".$confirm->getCreatedByUsername()."='".$_SESSION[SESSION_USERNAME]."'");
+        $list_data = $Datatable->select_pagination($confirm, $confirm->getEntity(), $confirm->getCreatedByUsername() . EQUAL . "'" . $user[0][$up->getUser()->getCode()] . "'");
+
+        $sql_saldo = $db->sql("SELECT SUM(" . $confirm->getTransferAmount() . ") as saldo FROM " . $confirm->getEntity() . " WHERE " . $confirm->getConfirmStatus() . EQUAL . "1 AND " . $confirm->getCreatedByUsername() . "='" . $_SESSION[SESSION_USERNAME_GUEST] . "'");
         $rs_saldo = $db->getResult();
         include_once FILE_PATH('view/page/member/user-profile/user-profile-saldo.html.php');
     }
@@ -60,23 +61,26 @@ public function edit() {
         echo '<form id="form-user" action="' . URL('/page/member/user-profile/save') . '" method="POST" class="form" onsubmit="return false;">';
         $this->changeUserProfile();
         echo '</form>';
-        echo '<div id="detailSaldoPage">';
-        $this->detailSaldoTopup();
-        echo '</div>';
     }
 
     public function changeUserProfile() {
         $Form = new Form();
         $db = new Database();
         $Datatable = new DataTable();
-//        $su = new SecurityUser();
+        $su = new SecurityUser();
         $up = new SecurityUserProfile();
         $db->connect();
-        $user = $db->selectByID($up->getUser(), $up->getUser()->getCode() . "='" . $_SESSION[SESSION_USERNAME] . "'");
-        $cek_user_profile = $db->selectByID($up, $up->getId() . "=" . $user[0][$up->getId()] . "");
-
-        $confirm = new Confirm();
-        $list_data = $Datatable->select_pagination($confirm, $confirm->getEntity());
+        $user = $db->selectByID($su, $su->getCode() . "='" . $_SESSION[SESSION_USERNAME_GUEST_GUEST] . "'");
+        $cek_user_profile = $db->selectByID($up, $up->getUserId() . "=" . $user[0][$su->getId()] . "");
+
+        $masterContact = new MasterContact();
+        $cek_contact = $db->selectByID($masterContact, $masterContact->getId() . "=" . $cek_user_profile[0][$up->getContactId()] . "");
+        $contact = "";
+        if (!empty($cek_contact)) {
+            $contact = $cek_contact[0][$masterContact->getPhoneNumber1()];
+        }
+//        $confirm = new Confirm();
+//        $list_data = $Datatable->select_pagination($confirm, $confirm->getEntity());
         include_once FILE_PATH('view/page/member/user-profile/user-profile-edit.html.php');
     }
 
@@ -100,7 +104,7 @@ public function changePasswordProses() {
         $dbNew->connect();
 //        $dbNew->insert($user->getEntity(),$user);
 
-        $res_user = $dbNew->selectByID($user, $user->getCode() . "='" . $_SESSION[SESSION_USERNAME] . "'");
+        $res_user = $dbNew->selectByID($user, $user->getCode() . "='" . $_SESSION[SESSION_USERNAME_GUEST] . "'");
         if (!empty($res_user)) {
             $salt = $res_user[0][$user->getSalt()];
             $password_e = sha1($salt . sha1($salt . sha1($passwordOld)));
@@ -114,18 +118,18 @@ public function changePasswordProses() {
                     echo "<script>$(function(){postAjaxGetValue('" . URL('/page/member/user-profile/change-password') . "','pageMember','" . json_encode($_POST) . "'); })</script>";
                 } else {
 //                    $db->connect();
-                    
+
                     $salt_new = substr(md5(uniqid(rand(), true)), 0, 9);
                     $passwordHashNew = sha1($salt_new . sha1($salt_new . sha1($passwordNew)));
                     $dbNew->update($user->getEntity(), array(
                         $user->getSalt() => $salt_new,
                         $user->getPassword() => $passwordHashNew,
                         $user->getModifiedById() => $res_user[0][$user->getId()],
                         $user->getModifiedOn() => date('Y-m-d h:i:s'),
-                        $user->getModifiedByUsername() => $_SESSION[SESSION_USERNAME],
+                        $user->getModifiedByUsername() => $_SESSION[SESSION_USERNAME_GUEST],
                             ), $user->getId() . "=" . $res_user[0][$user->getId()]);
                     $result_change = $dbNew->getResult();
-                    if($result_change[0] == 1){
+                    if ($result_change[0] == 1) {
                         echo toastAlert("success", lang('user.title_change_password_success'), lang('user.title_change_password_success'));
                         echo '<script>window.location.href = "' . URL('/page/member/user-profile/change-password') . '";</script>';
 //                         echo "<script>$(function(){postAjaxGetValue('" . URL('/page/member/user-profile/change-password') . "','pageMember','" . json_encode($_POST) . "'); })</script>";
@@ -142,7 +146,7 @@ public function changePasswordProses() {
             echo toastAlert("error", lang('user.title_change_password_failed'), lang('user.message_change_password_failed'));
             echo "<script>$(function(){postAjaxGetValue('" . URL('/page/member/user-profile/change-password') . "','pageMember','" . json_encode($_POST) . "'); })</script>";
         }
-        
+
 
 //        $res_user = $dbNew->selectByID($user, $user->getEmail() . "='" . $email . "'");
     }
@@ -160,28 +164,51 @@ public function save() {
 
             $uploadImg = $_FILES['upload_img'];
             $random = createRandomBooking();
-            $path = 'uploads/member/' . $_SESSION[SESSION_USERNAME] . '/';
+            $path = 'uploads/member/' . $_SESSION[SESSION_USERNAME_GUEST_GUEST] . '/';
             $upload = uploadImage($uploadImg, $path, $uploadImg["name"][0] . '-' . $random . '-' . date('Ymdhis'));
             $exp_up = explode(",", $upload);
             if ($exp_up[0] == 1) {
-                $user = $db->selectByID($up->getUser(), $up->getUser()->getCode() . "='" . $_SESSION[SESSION_USERNAME] . "'");
+                $user = $db->selectByID($users, $users->getCode() . "='" . $_SESSION[SESSION_USERNAME_GUEST_GUEST] . "'");
+                $userProfile = $db->selectByID($up, $up->getUserId() . "='" . $user[0][$users->getId()] . "'");
 //        $user = $db->getResult();
 //        print_r($user);
                 $db->connect();
                 $db->update($users->getEntity(), array(
-                    $users->getModifiedById() => $user[0][$up->getUser()->getId()],
                     $users->getModifiedOn() => date('Y-m-d h:i:s'),
-                    $users->getModifiedByUsername() => $_SESSION[SESSION_USERNAME],
-                        ), $up->getUser()->getId() . "=" . $user[0][$up->getUser()->getId()]);
+                    $users->getModifiedByUsername() => $_SESSION[SESSION_USERNAME_GUEST_GUEST],
+                        ), $users->getId() . "=" . $user[0][$users->getId()]);
+                $rs_upd_user = $db->getResult();
+//                print_r($rs_upd_user);
+                $masterContact = new MasterContact();
+                $contact = $db->selectByID($masterContact, $masterContact->getId() . "='" . $userProfile[0][$up->getContactId()] . "'");
+                $contactId = 0;
+                if (empty($contact)) {
+                    $db->insert($masterContact->getEntity(), array(
+                        $masterContact->getPhoneNumber1() => $telephone
+                    ));
+                    $rs_contact = $db->getResult();
+                    $rs_insert_contact = $db->getResult();
+                    if ($rs_insert_contact[0] != 1) {
+                        $contactId = null;
+                    } else {
+                        $contactId = $rs_contact[0];
+                    }
+                } else {
+                    $contactId = $contact[0][$masterContact->getId()];
+                    $db->update($masterContact->getEntity(), array(
+                        $masterContact->getPhoneNumber1() => $telephone
+                            ), $masterContact->getId() . EQUAL . $contactId);
+                }
 
                 $db->update($up->getEntity(), array(
-                    $up->getFullname() => $firstname . ' ' . $lastname,
+                    $up->getName() => $firstname . ' ' . $lastname,
                     $up->getPlace() => $placeofbirth,
                     $up->getBirthdate() => $birthdate,
-                    $up->getTelp() => $telephone,
+                    $up->getContactId() => $contactId,
                     $up->getPathimage() => $exp_up[1],
-                        ), $up->getUser()->getId() . "=" . $user[0][$up->getUser()->getId()]);
+                        ), $up->getId() . "=" . $userProfile[0][$up->getId()]);
                 $rs_u = $db->getResult();
+//                print_r($rs_u);
                 if ($rs_u[0] != 1) {
                     echo toastAlert("error", lang('general.title_update_error'), lang('general.message_update_error'));
                     echo "<script>$(function(){postAjaxGetValue('" . URL('/page/member/user-profile/changeProfile') . "','form-user','" . json_encode($_POST) . "'); })</script>";