File: /home/cafsindia/login_cafsindia_com/app/api_model.php
<?php
include('./dbconnect.php');
require("vendor/autoload.php");
error_reporting(0);
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
class api_model extends dbconnect{
protected $jwt_secret;
protected $jwt_issuer;
protected $jwt_algo;
private $enckey = 'vDIa5JdknBqfrKOu8d7UpddnBMCH1vza'; //32 characters
public function __construct(){
$this->open_db();
$this->jwt_secret = 'lgHfKxh%zjqC7ZMKAcY@B(fC(aC0Opv9Q';
$this->jwt_issuer = 'CAFS INFOTECH';
$this->jwt_algo = 'HS512';
}
public function get_login_code_number($mysql_login_code_number_qry){
$get_login_code_number_info = $this->runQuery("$mysql_login_code_number_qry");
$get_login_code_number_rslt = $this->result($get_login_code_number_info);
return $get_login_code_number_rslt;
}
public function get_mobile_number($mysql_mobile_number_qry){
$get_mobile_number_info = $this->runQuery("$mysql_mobile_number_qry");
$get_mobile_number_rslt = $this->result($get_mobile_number_info);
return $get_mobile_number_rslt;
}
public function get_portfolio_login_code($mysql_portfolio_qry){
$mysql_portfolio_info = $this->runQuery("$mysql_portfolio_qry");
$mysql_portfolio_rslt = $this->result($mysql_portfolio_info);
return $mysql_portfolio_rslt;
}
public function get_health_login_code($mysql_health_qry){
$mysql_health_info = $this->runQuery("$mysql_health_qry");
$mysql_health_rslt = $this->result($mysql_health_info);
return $mysql_health_rslt;
}
public function get_select_qry($mysql_select_qry){
$mysql_select_info = $this->runQuery("$mysql_select_qry");
$mysql_select_rslt = $this->result($mysql_select_info);
return $mysql_select_rslt;
}
public function get_insert_qry($get_insert_qry){
$get_insert_info = $this->runQuery("$get_insert_qry");
return $get_insert_info;
}
public function get_upd_qry($get_upd_qry){
$get_upd_info = $this->runQuery("$get_upd_qry");
return $get_upd_info;
}
public function get_life_business($mysql_portfolio_qry){
$mysql_portfolio_info = $this->runQuery("$mysql_portfolio_qry");
$mysql_portfolio_rslt = $this->result($mysql_portfolio_info);
return $mysql_portfolio_rslt;
}
public function get_health_business($mysql_health_qry){
$mysql_health_info = $this->runQuery("$mysql_health_qry");
$mysql_health_rslt = $this->result($mysql_health_info);
return $mysql_health_rslt;
}
public function get_life_business_sts($mysql_life_business_qry){
$mysql_portfolio_info = $this->runQuery("$mysql_life_business_qry");
$mysql_portfolio_rslt = $this->result($mysql_portfolio_info);
return $mysql_portfolio_rslt;
}
public function get_health_business_sts($mysql_health_business_qry){
$mysql_health_info = $this->runQuery("$mysql_health_business_qry");
$mysql_health_rslt = $this->result($mysql_health_info);
return $mysql_health_rslt;
}
/* JWT TOKEN START */
public function verify_user($username,$password){
$user_qry = 'select COUNT(*) as count,username from cw_api_user_details where trans_status = 1 and username = "'.$username.'" and api_password = "'.$password.'"';
$user_info = $this->runQuery("$user_qry");
$user_rslt = $this->result($user_info);
$count = $user_rslt[0]->count;
if((int)$count === 1){
return $this->get_token($user_rslt);
}else{
return array("status"=>FALSE,'message'=>"Please Enter the Valid Username and Password..",'rslt'=>"");
}
}
public function get_token($user_rslt){
$now = strtotime("now");
$jwt = JWT::encode([
"iat" => $now, // ISSUED AT - TIME WHEN TOKEN IS GENERATED
"nbf" => $now, // NOT BEFORE - WHEN THIS TOKEN IS CONSIDERED VALID
"exp" => $now + 3600, // EXPIRY - 1 HR (3600 SECS) FROM NOW IN THIS EXAMPLE
"jti" => base64_encode(random_bytes(16)), // JSON TOKEN ID
"iss" => $this->jwt_issuer, // ISSUER
"aud" => $this->base_url(), // AUDIENCE
// WHATEVER USER DATA YOU WANT TO ADD
/*"data" => [
"username" => $user_rslt[0]->username
]*/
], $this->jwt_secret, $this->jwt_algo);
$jwt = base64_encode($jwt);
return array("status"=>true,'message'=>"Token Generated",'rslt'=>$jwt);
}
public function base_url(){
return sprintf(
"%s://%s%s",
isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ? 'https' : 'http',
$_SERVER['SERVER_NAME'],
$_SERVER['REQUEST_URI']
);
}
public function verify_token($token){
$status = FALSE;
$rslt = "";
$msg = "";
if($token){
$token = base64_decode($token);
try{
$jwt = JWT::decode($token, new Key($this->jwt_secret, 'HS512'));
if($jwt){ // (C) JWT VALIDATION
$now = strtotime("now");
if($jwt->iss !== $this->jwt_issuer || $jwt->nbf > $now || $jwt->exp < $now){
$status = FALSE;
$msg = "Token Not Available or Expired.. Please Create New One..";
}else
if($jwt->aud !== $this->base_url()){
$status = FALSE;
$msg = "Unauthorized Access..";
}else{
$status = TRUE;
$msg = "Token Authenticated";
}
}else{
$status = FALSE;
$msg = "Invalid Token..";
}
}catch (Exception $e) {
$status = FALSE;
$msg = "Please Enter Valid Token";
}
}else{
$status = FALSE;
$msg = "Please Enter the Autherization Token";
}
return array("status"=>$status,'message'=>$msg,'rslt'=>$rslt);
}
/* JWT TOKEN END */
# PASSWORD UPDATE BASED ON ENCRYPTION
public function update_password(){
$select_qry = 'SELECT employee_code,`password` FROM cw_employees WHERE trans_status = 1';
// echo $select_qry; die;
$select_info = $this->runQuery($select_qry);
$select_rslt = $this->result_array($select_info);
foreach($select_rslt as $val){
$employee_code = $val['employee_code'];
$password = $val['password'];
$enc_password = $this->cryptoEncrypt($password);
$upd_qry = 'UPDATE cw_employees SET `password` = "'.$enc_password.'" WHERE employee_code = "'.$employee_code.'"';
$upd_info = $this->runQuery("$upd_qry");
}
if($upd_info){
return true;
}else{
return false;
}
}
//Five STAGES OF ENCRYPTION AND DECRYPTION
public function cryptoEncrypt($data){
try {
// For Password Encryption
$hash1 = hash('sha512', $data);
$hash2 = hash('sha1', $hash1);
$Hash3 = hash('haval160,4', $hash2);
$Hash4 = hash('haval160,5', $Hash3);
// Generate the HMAC hash
$finalhash = hash_hmac('sha256', $Hash4, $this->enckey);
return $finalhash;
} catch (Exception $e) {
// Log the error or handle it as needed
error_log("Encryption Error: " . $e->getMessage()); // Log the error for debugging
return false;
}
}
}
?>