MOON
Server: Apache
System: Linux nserver.cafsindia.com 4.18.0-553.104.1.lve.el8.x86_64 #1 SMP Tue Feb 10 20:07:30 UTC 2026 x86_64
User: cafsindia (1002)
PHP: 8.2.30
Disabled: NONE
$ pwd: /home/cafsindia/wealth_cafsindia_com/application/controllers/
Upload Files
File: /home/cafsindia/wealth_cafsindia_com/application/controllers/Login.php
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Login extends CI_Controller {
	
	public function __construct(){
		parent::__construct();
	}
	
	public function index(){
		if($this->is_logged_in()){
			redirect('home');
		}else{
			$this->form_validation->set_rules('username', 'lang:login_undername', 'callback_login_check');
    	    $this->form_validation->set_error_delimiters('<div class="error">', '</div>');
			
			if($this->form_validation->run() == FALSE){
				$this->load->view('login');
			}else{
				redirect('home');
			}
		}
	}
	
	public function is_logged_in(){
		return ($this->session->userdata('logged_id') != FALSE);
	}
	
	// EMPLOYEE LOGIN
	public function corp_login(){
		$user_name = $this->input->post('corp_user_name');
		$password  = $this->input->post('corp_password');
		$query = $this->db->get_where('employees', array('user_name' => $user_name, 'password' => md5($password), 'trans_status' => 1), 1);
		if($query->num_rows() == 1){
			$logged_user_info = $query->row();
			$this->set_session_value("EMPLOYEE",$logged_user_info);
			echo json_encode(array('success' => TRUE, 'message' => "Login Success !!!"));
		}else{
			echo json_encode(array('success' => false, 'message' => "Invalid user name / password"));
		}
	}
	
	// CUSTOMER LOGIN
	public function cust_login(){
		$user_name = $this->input->post('cust_user_name');
		$password  = $this->input->post('cust_password');
		$login_sts = false;
		
		$cust_query  = 'SELECT * FROM cw_customer inner join cw_customer_cf on cw_customer.prime_customer_id = cw_customer_cf.prime_customer_id where group_code = "'.$user_name.'" and password = "'.md5($password).'" and group_head = 1 and cw_customer.trans_status = 1';
		$query = $this->db->query("CALL sp_a_run ('SELECT','$cust_query')");		
		///$query = $this->db->get_where('customer,customer_cf', array('group_code' => $user_name, 'password' => md5($password), 'group_head' => 1, 'customer.trans_status' => 1), 1);
		if((int)$query->num_rows() === 1){
			$login_sts = true;
		}else{
			$cust_query  = 'SELECT * FROM cw_customer inner join cw_customer_cf on cw_customer.prime_customer_id = cw_customer_cf.prime_customer_id where user_name = "'.$user_name.'" and password = "'.md5($password).'" and group_head = 1 and cw_customer.trans_status = 1';
			$query = $this->db->query("CALL sp_a_run ('SELECT','$cust_query')");
			//$query = $this->db->get_where('customer,customer_cf', array('user_name' => $user_name, 'password' => md5($password), 'group_head' => 1,'customer.trans_status' => 1), 1);
			if((int)$query->num_rows() === 1){
				$login_sts = true;
			}else{
				$login_sts = false;
			}
		}
		if($login_sts){
			$logged_user_info = $query->row();
			$query->next_result();
			$this->set_session_value("CUSTOMER",$logged_user_info);
			echo json_encode(array('success' => TRUE, 'message' => "Login Success !!!"));
		}else{
			echo json_encode(array('success' => false, 'message' => "Invalid user name / password"));
		}
	}
	
	// SET ALL SESSION VALUE FOR BOTH CUSTOMER AND EMPLOYEE
	public function set_session_value($logged_type,$logged_user_info){
		if($logged_type === "EMPLOYEE"){
			$this->session->set_userdata('logged_type',$logged_type);
			$this->session->set_userdata('logged_id', $logged_user_info->prime_employees_id);
			$this->session->set_userdata('logged_role', $logged_user_info->role);
			

			//MAPPED EMPLOYEE
			$this->db->select('GROUP_CONCAT(prime_employees_id) as logged_repot_to');
			$this->db->from('employees');
			$this->db->where('reporting_to', $logged_user_info->prime_employees_id);
			$emp_mapped_rslt = $this->db->get()->result();
			$this->session->set_userdata('logged_repot_to', $emp_mapped_rslt[0]->logged_repot_to);
			
			//MAPPED CUSTOMER
			$role = $logged_user_info->role;
			$this->db->select('GROUP_CONCAT(prime_customer_id) as logged_map_cust');
			$this->db->from('customer');
			if(((int)$role >= 3) && ((int)$role <= 7)){
				$this->db->where_in('managed_by', $emp_mapped_rslt[0]->logged_repot_to);
			}else{
				$this->db->where('managed_by', $logged_user_info->prime_employees_id);
			}			
			$mapped_rslt = $this->db->get()->result();
			$this->session->set_userdata('logged_map_cust', $mapped_rslt[0]->logged_map_cust);
			$this->session->set_userdata('access_data', $this->get_all_access($logged_type,$logged_user_info->prime_employees_id));
		}else
		if($logged_type === "CUSTOMER"){
			$this->session->set_userdata('logged_type',$logged_type);			
			$this->session->set_userdata('logged_id', $logged_user_info->prime_customer_id);
			$this->session->set_userdata('logged_role',12);
			$this->session->set_userdata('logged_group_head',$logged_user_info->group_head);
			$this->session->set_userdata('logged_group',$logged_user_info->group_code);
			$this->session->set_userdata('logged_group_mapped',$logged_user_info->map_group);
			
			//MAPPED CUSTOMER IDS
			$this->db->select('GROUP_CONCAT(prime_customer_id) as logged_cust_ids');
			$this->db->from('customer');
			$this->db->where('group_code', $logged_user_info->group_code);
			$this->db->or_where('map_group', $logged_user_info->group_code);
			$mapped_rslt = $this->db->get()->result();
			$this->session->set_userdata('logged_cust_ids', $mapped_rslt[0]->logged_cust_ids);
			
			
			$this->session->set_userdata('access_data', $this->get_all_access($logged_type,$logged_user_info->prime_customer_id));
		}
	}
	
	// GET ALL ACCESS FOR BOTH CUSTOMER AND EMPLOYEE
	public function get_all_access($logged_type,$logged_id){
		if($logged_type === "EMPLOYEE"){
			$this->db->select('permission_id,access_add,access_update,access_delete,access_search,access_export,access_import');
			$this->db->from('grants');
			$this->db->where('prime_employees_id', $logged_id);
			$access_rslt = $this->db->get()->result();
		}else
		if($logged_type === "CUSTOMER"){
			$this->db->select('permission_id,access_add,access_update,access_delete,access_search,access_export,access_import');
			$this->db->from('grants_customer');
			$this->db->where('prime_customer_id', $logged_id);
			$access_rslt =  $this->db->get()->result();
		}
		$access_info = array();
		if($access_rslt){
			foreach($access_rslt as $key=>$value){
				$permission_id = $value->permission_id;
				$access_add    = $value->access_add;
				$access_update = $value->access_update;
				$access_delete = $value->access_delete;
				$access_search = $value->access_search;
				$access_export = $value->access_export;
				$access_import = $value->access_import;
				$access_info[$permission_id] = array("access_add"=>$access_add,"access_update"=>$access_update,"access_delete"=>$access_delete,"access_search"=>$access_search,"access_export"=>$access_export,"access_import"=>$access_import);
			}
		}
		return 	$access_info;
	}
}
?>
@ Telegram