MOON
Server: Apache
System: Linux nserver.cafsindia.com 4.18.0-553.104.1.lve.el8.x86_64 #1 SMP Tue Feb 10 20:07:30 UTC 2026 x86_64
User: cafsindia (1002)
PHP: 8.2.30
Disabled: NONE
$ pwd: /home/cafsindia/uds.cafsinfotech.in/application/controllers/
Upload Files
File: //home/cafsindia/uds.cafsinfotech.in/application/controllers/Secure_Controller.php
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Secure_Controller extends CI_Controller{
	
	public function __construct($module_id = NULL, $submodule_id = NULL){
		parent::__construct();
		if(!$this->is_user_exist()){ //Check Logged user exist based on IP address
			$logged_id      = $_SESSION['logged_id'];
			if((int)$logged_id !== 1){
				$this->session->sess_destroy();
				redirect('login');
			}			
		}
		if(!$this->is_logged_in()){
			$logged_user_id = $_SESSION['logged_user_id'];
			//Unset logged user details and update end time
			if($logged_user_id){
				$this->db->where('prime_logged_user_info_id', $logged_user_id);
				$upd_info = $this->db->update('logged_user_info', array('end_time'=>date("Y-m-d H:i:s"),
					'user_status'=>4));
				if($upd_info){
					unset($_SESSION['logged_user_id']);
				}	
			}				
			redirect('login');
		}
		
		$logged_user = $this->get_logged_user_info();		
		if((int)$this->session->userdata('logged_role') === 12){
			$logged_id   = $logged_user->prime_cumstomer_id;
		}else{
			$logged_id   = $logged_user->prime_employees_id;
		}
		
		if(!$this->has_module_grant($module_id, $logged_id)){
			redirect('no_access/' . $module_id . '/' . $submodule_id);
		}
		
		$data['allowed_modules']     = $this->Module->get_allowed_modules($logged_id);
		$data['header_menu']         = $this->Module->get_header_menu($logged_id);
		$data['report_menu']         = $this->Module->get_report_menu($logged_user);
		$data['template_menu']       = $this->Module->get_template_menu($logged_user);
		$data['notification_menu']   = $this->Module->get_notification_count();
		$data['company_info']        = $this->Module->get_company_info();
		$data['user_info']           = $logged_user;
		$data['controller_name']     = $module_id;
		$this->load->vars($data);
	}
	
	public function is_logged_in(){
		return ($this->session->userdata('logged_id') != FALSE);
	}
	public function is_user_exist(){
		$logged_user_id = $_SESSION['logged_user_id'];		
		$query = $this->db->get_where('logged_user_info', array('prime_logged_user_info_id' => $logged_user_id, 'user_status' => 1), 1);
		if($query->num_rows() == 1){
			return true;
		}else{
			return false;
		}
	}

	public function get_logged_user_info(){		
		if($this->is_logged_in()){
			return $this->get_info($this->session->userdata('logged_id'));
		}
		return FALSE;
	}
	
	public function get_info($logged_id){
		/*if((int)$this->session->userdata('logged_role') === 12){
			$this->db->from('cumstomer');			
			$this->db->join('cumstomer_cf', 'cumstomer_cf.prime_cumstomer_id = cumstomer.prime_cumstomer_id');
			$this->db->join('category', 'category.prime_category_id = 12');
			$this->db->where('cumstomer.prime_cumstomer_id', $logged_id);
			$query = $this->db->get();
		}else{*/
			$this->db->from('employees');
			$this->db->where('employees.prime_employees_id', $logged_id);
			$this->db->join('category', 'category.prime_category_id = employees.role');
			$query = $this->db->get();
		//}
		if((int)$query->num_rows() === 1){
			return $query->row();
		}else{
			$person_obj = "";
			return $person_obj;
		}
	}
	
	public function has_module_grant($permission_id, $logged_id){
		if((int)$this->session->userdata('logged_role') === 12){
			$this->db->from('grants_customer');
			$this->db->like('permission_id', $permission_id, 'after');
			$this->db->where('prime_customer_id', $logged_id);
			$query = $this->db->get();
		}else{
			$this->db->from('grants');
			$this->db->like('permission_id', $permission_id, 'after');
			$this->db->where('prime_employees_id', $logged_id);
			$query = $this->db->get();
		}
		if((int)$query->num_rows() > 0){
			return true;
		}else{
			return false;
		}
	}
	
	protected function xss_clean($str, $is_image = FALSE){
		if($this->config->item('cw_xss_clean') == FALSE){
			return $str;
		}else{
			return $this->security->xss_clean($str, $is_image);
		}
	}
	
	// public function index() { return FALSE; }
	// public function search() { return FALSE; }
	// public function suggest_search() { return FALSE; }
	// public function view($data_item_id = -1) { return FALSE; }
	// public function save($data_item_id = -1) { return FALSE; }
	// public function delete() { return FALSE; }

	//DR FUNCTION FOR INSERT A FORM SETTING CREATE AND ALTER QRY TO (ALL SETTING QUERIES) TABLE
	public function setting_cr_alt_queries_insert($table_qry){
		$created_on         = date("Y-m-d H:i:s");
		$logged_user        = $this->get_logged_user_info();	
		$logged_id          = $logged_user->prime_employees_id;
		$from_create_qry    = 'insert into cw_all_setting_queries (all_setting_query,trans_created_by,trans_created_date) values ("'.$table_qry.'","'.$logged_id.'","'.$created_on.'")';
		$this->db->query($from_create_qry);
		// $this->db->query("CALL sp_setting_queries_insert ('$table_qry','$logged_id')");
		
	}
	//DR FUNCTION FOR INSERT A FORM SETTING INSERT AND UPDATE QRY TO (ALL SETTING QUERIES) TABLE
	public function setting_qry_ins_upd_function($table_qry){
		$created_on         = date("Y-m-d H:i:s");
		$logged_user        = $this->get_logged_user_info();	
		$logged_id          = $logged_user->prime_employees_id;
		// $from_create_qry    = 'insert into cw_all_setting_queries (all_setting_query,trans_created_by,trans_created_date) values (\''.$table_qry.'\',\''.$logged_id.'\',\''.$created_on.'\')';
		// $this->db->query($from_create_qry);
		$this->db->query("CALL sp_setting_queries_insert ('$table_qry','$logged_id')");
	}

	//Generate Key
	public function generateKey(){
		$sess_id        = $this->session->userdata('__ci_last_regenerate');
		$employee_code  = $this->session->userdata('logged_emp_code');
		$encKey         = $this->config->item("encKey");
		$combineKey     = $sess_id."||".$employee_code."||".$encKey;
		$key            = hash('sha512', $combineKey);
		return $key;
	}
	//Decrypt Encrypted string from Javascript
	public function cryptoDecrypt($encString){
		try{
			$key            = $this->generateKey();
			$password       = hash('sha512', $key);
			$keySize        = 256;
			$iterations     = 1000;
			$decSalt        = substr($encString, 0, 32);
			$decIvhex       = substr($encString, 32, 32);
			$encrypted      = substr($encString, 64);
			$decKey         = hash_pbkdf2( 'sha1', $password, hex2bin($decSalt), $iterations, $keySize / 8, true);
			// AES decryption using OpenSSL in PHP
			$decrypted      = openssl_decrypt(
				base64_decode($encrypted),  // Encrypted data (decode from Base64)
				'AES-256-CBC',              // Cipher method (AES-256-CBC for 256-bit key size)
				$decKey,                    // Decryption key
				OPENSSL_RAW_DATA,           // Options: raw data output
				hex2bin($decIvhex)          // Initialization vector
			);		
			if(!$decrypted){
				throw new Exception('Error0001..');
			}else{
				return json_decode($decrypted,TRUE);
			}			
		}catch(Exception $e){
			$to_email = $this->config->item("to_email");
			$cc_email = $this->config->item("cc_email");
			$content = "Hi, Unautherised Attempt happened from the login ".$this->session->userdata('logged_emp_code')." at ".date("d-m-Y H:i:s").". Please find the string below '$encString'";
			// $this->send_email_notification($to_email,"","",$cc_email,"Unauthorized Attempt",$content,"");
			// Log the error or handle it as needed
			error_log("Decryption Error: " . $e->getMessage()); // Log the error for debugging
			echo json_encode(array('success' => false,'message' => 'Please try After sometime...'));
			//$this->session->sess_destroy();
			//redirect('login');
			exit(0);
			return false;		
		}	
	}
}
?>
@ Telegram