File: //home/cafsindia/hrms_allyindian_com/application_bk/controllers/Secure_Controller.php
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
#[\AllowDynamicProperties]
class Secure_Controller extends CI_Controller{
public function __construct($module_id = NULL, $submodule_id = NULL){
parent::__construct();
$this->load->library('user_agent');
$this->track_page_navigation();
if(!$this->is_logged_in()){
redirect('login');
}
$logged_user = $this->get_logged_user_info();
if((int)$this->session->userdata('logged_role') === 12){
$logged_id = $logged_user->prime_cumstomer_id;
}else{
$logged_id = $logged_user->prime_employees_id;
}
if(!$this->has_module_grant($module_id, $logged_id)){
redirect('no_access/' . $module_id . '/' . $submodule_id);
}
$data['allowed_modules'] = $this->Module->get_allowed_modules($logged_id);
$data['header_menu'] = $this->Module->get_header_menu($logged_id);
$data['report_menu'] = $this->Module->get_report_menu($logged_user);
$data['template_menu'] = $this->Module->get_template_menu($logged_user);
$data['notification_menu'] = $this->Module->get_notification_count();
$data['company_info'] = $this->Module->get_company_info();
$data['user_info'] = $logged_user;
$data['controller_name'] = $module_id;
$this->load->vars($data);
}
public function is_logged_in(){
return ($this->session->userdata('logged_id') != FALSE);
}
public function get_logged_user_info(){
if($this->is_logged_in()){
return $this->get_info($this->session->userdata('logged_id'));
}
return FALSE;
}
public function get_info($logged_id){
if((int)$this->session->userdata('logged_role') === 12){
$this->db->from('cumstomer');
$this->db->join('cumstomer_cf', 'cumstomer_cf.prime_cumstomer_id = cumstomer.prime_cumstomer_id');
$this->db->join('category', 'category.prime_category_id = 12');
$this->db->where('cumstomer.prime_cumstomer_id', $logged_id);
$query = $this->db->get();
}else{
$this->db->from('employees');
$this->db->where('employees.prime_employees_id', $logged_id);
$this->db->join('category', 'category.prime_category_id = employees.role');
$query = $this->db->get();
}
if((int)$query->num_rows() === 1){
return $query->row();
}else{
$person_obj = "";
return $person_obj;
}
}
public function has_module_grant($permission_id, $logged_id){
if((int)$this->session->userdata('logged_role') === 12){
$this->db->from('grants_customer');
$this->db->like('permission_id', $permission_id, 'after');
$this->db->where('prime_customer_id', $logged_id);
$query = $this->db->get();
}else{
$this->db->from('grants');
$this->db->like('permission_id', $permission_id, 'after');
$this->db->where('prime_employees_id', $logged_id);
$query = $this->db->get();
}
if((int)$query->num_rows() > 0){
return true;
}else{
return false;
}
}
protected function xss_clean($str, $is_image = FALSE){
if($this->config->item('cw_xss_clean') == FALSE){
return $str;
}else{
return $this->security->xss_clean($str, $is_image);
}
}
// NAVIGATION TRACKER ADDED FOR STORE PAGE NAVIGATE STATUS _ARN 12-10-2025
private function track_page_navigation(){
$employee_code = $this->session->userdata('logged_emp_code');
$session_id = session_id();
$current_page = uri_string(); // Get current URL segment
$ip_address = $this->input->ip_address();
$device_type = $this->agent->mobile() ? "Mobile" : "Desktop";
$browser = $this->agent->browser();
$previous_page = $this->session->userdata('last_page') ?? 'Login';
$this->Module->log_page_entry($employee_code, $session_id, $previous_page, $current_page, $ip_address, $device_type, $browser);
$this->session->set_userdata('last_page', $current_page);
}
// public function index() { return FALSE; }
// public function search() { return FALSE; }
// public function suggest_search() { return FALSE; }
// public function view($data_item_id = -1) { return FALSE; }
// public function save($data_item_id = -1) { return FALSE; }
// public function delete() { return FALSE; }
//DR FUNCTION FOR INSERT A FORM SETTING CREATE AND ALTER QRY TO (ALL SETTING QUERIES) TABLE
public function setting_cr_alt_queries_insert($table_qry){
$created_on = date("Y-m-d H:i:s");
$logged_user = $this->get_logged_user_info();
$logged_id = $logged_user->prime_employees_id;
$from_create_qry = 'insert into cw_all_setting_queries (all_setting_query,trans_created_by,trans_created_date) values ("'.$table_qry.'","'.$logged_id.'","'.$created_on.'")';
$this->db->query($from_create_qry);
}
//DR FUNCTION FOR INSERT A FORM SETTING INSERT AND UPDATE QRY TO (ALL SETTING QUERIES) TABLE
public function setting_qry_ins_upd_function($table_qry){
$created_on = date("Y-m-d H:i:s");
$logged_user = $this->get_logged_user_info();
$logged_id = $logged_user->prime_employees_id;
$this->db->query("CALL sp_setting_queries_insert ('$table_qry','$logged_id')");
}
//TL AND PM FETCH BASED ON TEAM
public function tl_pm_fetch(){
$team = $this->input->post("team");
//TEAM TABLE SELECT QUERY
$tl_pm_qry = 'select cw_team.team,cw_team.tl_report,tl.emp_name tl_name,cw_team.manager_report,pm.emp_name pm_name from cw_team inner join cw_employees tl on cw_team.tl_report = tl.employee_code and tl.termination_status = 0 inner join cw_employees pm on cw_team.manager_report = pm.employee_code and pm.termination_status = 0 where cw_team.prime_team_id = "'.$team.'" and tl.trans_status = 1 and pm.trans_status = 1 and cw_team.trans_status = 1';
$tl_pm_info = $this->db->query("CALL sp_a_run ('SELECT','$tl_pm_qry')");
$tl_pm_rslt = $tl_pm_info->result_array();
$tl_pm_info->next_result();
echo json_encode(array('success' => true,'message' => 'Proceed.!','tl_pm_arr' => $tl_pm_rslt));
}
//Generate Key
public function generateKey(){
$sess_id = $this->session->userdata('__ci_last_regenerate');
$employee_code = $this->session->userdata('logged_emp_code');
$encKey = $this->config->item("encKey");
$combineKey = $sess_id."||".$employee_code."||".$encKey;
$key = hash('sha512', $combineKey);
return $key;
}
//Decrypt Encrypted string from Javascript
public function cryptoDecrypt($encString){
try{
$key = $this->generateKey();
$password = hash('sha512', $key);
$keySize = 256;
$iterations = 1000;
$decSalt = substr($encString, 0, 32);
$decIvhex = substr($encString, 32, 32);
$encrypted = substr($encString, 64);
$decKey = hash_pbkdf2( 'sha1', $password, hex2bin($decSalt), $iterations, $keySize / 8, true);
// AES decryption using OpenSSL in PHP
$decrypted = openssl_decrypt(
base64_decode($encrypted), // Encrypted data (decode from Base64)
'AES-256-CBC', // Cipher method (AES-256-CBC for 256-bit key size)
$decKey, // Decryption key
OPENSSL_RAW_DATA, // Options: raw data output
hex2bin($decIvhex) // Initialization vector
);
if(!$decrypted){
throw new Exception('Error0001..');
}else{
return json_decode($decrypted,TRUE);
}
}catch(Exception $e){
// Log the error or handle it as needed
error_log("Decryption Error: " . $e->getMessage()); // Log the error for debugging
return false;
}
}
//Upload Files
public function upload_files(){
$send_for = $this->input->post('send_for'); //import or upload
$send_from = $this->input->post('send_from'); //module name
$file_name = $this->input->post('fileName');
$file_data = base64_decode($this->input->post('file_data'));
$finfo = new finfo(FILEINFO_MIME_TYPE);
$file_type = $finfo->buffer($file_data); // Get the MIME type from the binary data
if($send_from === 'offer_upload'){
$send_from = 'offer_letter';
}
$upload_dir = "upload_files/$send_from";
if(($send_for !== "") && ($send_from !== "")){
if(!file_exists($upload_dir)){
mkdir($upload_dir, 0755, true);
chmod($upload_dir, 0755);
}
// Ensure the directory is writable
if (!is_writable($upload_dir)) {
echo json_encode(array('success' => false, 'msg' => "Error: Upload directory is not writable."));
exit(0);
}
$label_id = $this->input->post('label_id');
$file_size = $this->input->post('size');
//MIME Types
$mime_types = [ 'jpg' => 'image/jpeg', 'jpeg' => 'image/jpeg', 'png' => 'image/png', 'gif' => 'image/gif', 'html' => 'text/html', 'pdf' => 'application/pdf', 'doc' => 'application/msword', 'docx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document', 'xls' => 'application/vnd.ms-excel', 'xlsx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 'mp3' => 'audio/mpeg', 'mp4' => 'video/mp4', 'zip' => 'application/zip', 'txt' => 'text/plain'];
if($send_from != 'module_setting'){
//Get info from Form Settings
$from_query = 'select upload_extension,upload_file_size from cw_form_setting where prime_module_id = "'.$send_from.'" and field_show = "1" and field_type = 10 and label_name = "'.$label_id.'" and trans_status = "1" and FIND_IN_SET("'.$this->logged_role.'",field_for) ORDER BY input_for,field_sort asc';
$form_data = $this->db->query("CALL sp_a_run ('SELECT','$from_query')");
$form_result = $form_data->result();
$form_data->next_result();
if(count($form_result ?? []) === 0){
echo json_encode(array('success' => false, 'msg' =>"Url Expired.. Please refresh the page and try again...."));
exit(0);
}
$upload_filesize = $form_result[0]->upload_file_size;
$upload_extension = $form_result[0]->upload_extension;
}else{
// FOR MODULE SETTING STATIC PURPOSE
$upload_filesize = '500';
$upload_extension = "image/png,pdf,jpeg,jpg,png";
}
$allowed_ext = explode(",",$upload_extension);
// Find elements in $array1 that match the keys in $array2
$array_flip = array_flip($allowed_ext);
$allowed_mimes = array_intersect_key($mime_types,$array_flip);
if (!in_array($file_type, $allowed_mimes)) {
echo json_encode(array('success' => false, 'msg' =>"Please upload valid Mime type file such as $upload_extension"));
exit(0);
}
$file_name = str_replace(" ","_", $file_name);
$file_size = $file_size/1000;
if((int)$upload_filesize === 0){
$upload_filesize = 500;
}
if((int)$file_size <= (int)$upload_filesize){
if($file_name){
$ext = pathinfo($file_name, PATHINFO_EXTENSION);
if(in_array($ext, $allowed_ext)){
$random_digit = rand(0000,99999999999);
$new_file_name = "upload_files/$send_from/".$random_digit."_".$file_name;
$path = $this->sanitize_input($new_file_name, 10);
file_put_contents($path, $file_data);
echo json_encode(array('success' => true, 'msg' =>"File moved to server","path"=>$path));
}else{
echo json_encode(array('success' => false, 'msg' =>"Please upload valid file such as $upload_extension"));
}
}else{
echo json_encode(array('success' => false, 'msg' =>"Please upload valid file"));
}
}else{
echo json_encode(array('success' => false, 'msg' =>"File Size Must be below ".$upload_filesize."kb"));
}
}else{
echo json_encode(array('success' => false, 'msg' =>"Please refresh page and retry"));
}
}
// SANITIZE INPUT
public function sanitize_input($input, $field_type){
switch ($field_type){
case 3 ://INT
case 11://Mobile Number
// Sanitize integer values
return filter_var($input, FILTER_SANITIZE_NUMBER_INT);
case 2://Decimal
// Sanitize float values
return filter_var($input, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION | FILTER_FLAG_ALLOW_THOUSAND);
case 12://email
// Sanitize and validate email
$sanitized_email = filter_var($input, FILTER_SANITIZE_EMAIL);
return filter_var($sanitized_email, FILTER_VALIDATE_EMAIL) ? $sanitized_email : null;
case 10://url
// Sanitize and validate URL
$sanitized_url = filter_var($input, FILTER_SANITIZE_URL);
return $sanitized_url;
//return filter_var($sanitized_url, FILTER_VALIDATE_URL) ? $sanitized_url : null;
case 'array'://url
// Sanitize each element in an array recursively
if(is_array($input)){
return array_map(function($item) {
$sanitized_string = filter_var($item, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_FLAG_NO_ENCODE_QUOTES);
return htmlspecialchars($sanitized_string, ENT_QUOTES, 'UTF-8');
}, $input);
}
return null;
case 1://TEXT
case 4://DATE
case 5://PICKLIST
case 6://CHECKBOX
case 7://MULTIPICK
case 8://SUMMARY
case 9://AUTOCOMPLETE
case 10://FILE UPLOAD
case 13://DATE & TIME
case 15://TIME
default:
// Sanitize general strings (strips HTML tags, encodes special characters)
$sanitized_string = filter_var($input, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_FLAG_NO_ENCODE_QUOTES);
return htmlspecialchars($sanitized_string, ENT_QUOTES, 'UTF-8');
}
}
// CHECK MULTI EMPLOYEE CODES TO PROCESS _ARN 11:09:2025
public function check_employee_codes(){
$encString = file_get_contents('php://input');
$_POST = $this->cryptoDecrypt($encString);
if(!$_POST){
echo json_encode(['success' => false,'message' => 'Url Expired.. Please refresh the page and try again..','employees' => []]);
exit;
}
$codes_raw = $this->input->post('codes');
$process_mon = $this->input->post('process_month');
$process_mode = (int)$this->input->post('process_mode');
$fandf = (int)$this->input->post('fandf');
$pro_qry = '';
if($process_mode === 1){
$pro_qry = 'AND payroll_status != 1';
}else{
$pro_qry = 'AND payroll_status = 1';
}
if(!$codes_raw){
echo json_encode(['success' => false,'message' => 'No employee codes provided','employees' => []]);
return;
}
$codes_arr = preg_split('/[\s,]+/', trim($codes_raw));
$codes_arr = array_filter(array_map('trim', $codes_arr));
if(empty($codes_arr)){
echo json_encode(['success' => false,'message' => 'No employee codes provided','employees' => []]);
return;
}
$codes_in = "'" . implode("','", $codes_arr) . "'";
$final_qry = $final_qry = 'SELECT employee_code, emp_name FROM cw_monthly_input WHERE process_month = "'.$process_mon.'" AND input_status = 1 '.$pro_qry.' AND fandf = '.$fandf.' AND employee_code IN ('.$codes_in.')';
$final_data = $this->db->query($final_qry);
$final_result = $final_data->result();
$final_data->next_result();
$employees = [];
foreach ($final_result as $rslt){
$employees[] = ['employee_code' => $rslt->employee_code,'emp_name'=> $rslt->emp_name];
}
// Find invalid codes (difference between pasted and matched)
$valid_codes = array_column($employees, 'employee_code');
$invalid_codes = array_diff($codes_arr, $valid_codes);
if(empty($employees)){
echo json_encode(['success' => false,'message' => 'No employee match found','employees' => []]);
}else
if(!empty($invalid_codes)){
echo json_encode(['success' => true,'message' => 'Some employee codes not exist in the Monthly input','employees' => $employees,'invalid' => array_values($invalid_codes)]);
}else{
echo json_encode(['success' => true,'message' => '','employees' => $employees]);
}
}
// SESSION SETTER FOR AUDIT LOG _ARN 07-10-2025
public function session_setter($filter_keys,$entity,$intract_type){
$this->session->set_userdata('audit_filter_keys', $filter_keys);
$this->session->set_userdata('entity', $entity);
$this->session->set_userdata('intract_type', $intract_type);
}
}
?>