MOON
Server: Apache
System: Linux nserver.cafsindia.com 4.18.0-553.104.1.lve.el8.x86_64 #1 SMP Tue Feb 10 20:07:30 UTC 2026 x86_64
User: cafsindia (1002)
PHP: 8.2.30
Disabled: NONE
$ pwd: /home/cafsindia/cpaqua.cafsinfotech.in/dump/application/controllers/
Upload Files
File: //home/cafsindia/cpaqua.cafsinfotech.in/dump/application/controllers/Secure_Controller.php
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Secure_Controller extends CI_Controller{
	
	public function __construct($module_id = NULL, $submodule_id = NULL){
		parent::__construct();

		if(!$this->is_logged_in()){
			redirect('login');
		}
		
		$logged_user = $this->get_logged_user_info();
		$logged_id   = $logged_user->prime_employees_id;
		
		if(!$this->has_module_grant($module_id, $logged_id)){
			redirect('no_access/' . $module_id . '/' . $submodule_id);
		}
		
		$data['allowed_modules']     = $this->Module->get_allowed_modules($logged_id);
		$data['header_menu']         = $this->Module->get_header_menu($logged_id);
		$data['report_menu']         = $this->Module->get_report_menu($logged_user);
		//$data['template_menu']       = $this->Module->get_template_menu($logged_user);
		//$data['notification_menu']   = $this->Module->get_notification_count();
		$data['company_info']        = $this->Module->get_company_info();
		$data['user_info']       = $logged_user;
		$data['controller_name'] = $module_id;
		$this->load->vars($data);
	}
	
	public function is_logged_in(){
		return ($this->session->userdata('logged_id') != FALSE);
	}

	public function get_logged_user_info(){
		if($this->is_logged_in()){
			return $this->get_info($this->session->userdata('logged_id'));
		}
		return FALSE;
	}
	
	public function get_info($logged_id){
		$this->db->from('employees');
		$this->db->where('employees.prime_employees_id', $logged_id);
		$this->db->join('category', 'category.prime_category_id = employees.role');
		$query = $this->db->get();
		if((int)$query->num_rows() === 1){
			return $query->row();
		}else{
			$person_obj = "";
			return $person_obj;
		}
	}
	
	public function has_module_grant($permission_id, $logged_id){
		$this->db->from('grants');
		$this->db->like('permission_id', $permission_id, 'after');
		$this->db->where('prime_employees_id', $logged_id);
		$query = $this->db->get();
		if((int)$query->num_rows() > 0){
			return true;
		}else{
			return false;
		}
	}
	
	protected function xss_clean($str, $is_image = FALSE){
		if($this->config->item('cw_xss_clean') == FALSE){
			return $str;
		}else{
			return $this->security->xss_clean($str, $is_image);
		}
	}
	//Generate Key
	public function generateKey(){
		$sess_id        = $this->session->userdata('__ci_last_regenerate');		
		$employee_code  = $this->session->userdata('logged_emp_code');
		$encKey         = $this->config->item("encKey");
		$combineKey     = $sess_id."||".$employee_code."||".$encKey;
		$key            = hash('sha512', $combineKey);
		return $key;
	}
	//Decrypt Encrypted string from Javascript
	public function cryptoDecrypt($encString){
		try{
			$key            = $this->generateKey();
			$password       = hash('sha512', $key);
			$keySize        = 256;
			$iterations     = 1000;
			$decSalt        = substr($encString, 0, 32);
			$decIvhex       = substr($encString, 32, 32);
			$encrypted      = substr($encString, 64);
			$decKey         = hash_pbkdf2( 'sha1', $password, hex2bin($decSalt), $iterations, $keySize / 8, true);
			// AES decryption using OpenSSL in PHP
			$decrypted      = openssl_decrypt(
				base64_decode($encrypted),  // Encrypted data (decode from Base64)
				'AES-256-CBC',              // Cipher method (AES-256-CBC for 256-bit key size)
				$decKey,                    // Decryption key
				OPENSSL_RAW_DATA,           // Options: raw data output
				hex2bin($decIvhex)          // Initialization vector
			);		
			if(!$decrypted){
				throw new Exception('Error0001..');
			}else{
				return json_decode($decrypted,TRUE);
			}			
		}catch(Exception $e){
			$to_email = $this->config->item("to_email");
			$cc_email = $this->config->item("cc_email");
			$content = "Hi, Unautherised Attempt happened from the login ".$this->session->userdata('logged_emp_code')." at ".date("d-m-Y H:i:s").". Please find the string below '$encString'";
			$this->sent_mail($to_email,$cc_email,"Unauthorized Attempt",$content);
			// Log the error or handle it as needed
			error_log("Decryption Error: " . $e->getMessage()); // Log the error for debugging
			echo json_encode(array('success' => false,'message' => 'Please try After sometime...'));
			// $this->session->sess_destroy();
			// redirect('login');
			exit(0);
			return false;		
		}	
	}
	// public function index() { return FALSE; }
	// public function search() { return FALSE; }
	// public function suggest_search() { return FALSE; }
	// public function view($data_item_id = -1) { return FALSE; }
	// public function save($data_item_id = -1) { return FALSE; }
	// public function delete() { return FALSE; }
}
?>
@ Telegram