File: /home/cafsindia/uds.cafsinfotech.in/application/controllers/Login.php
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Login extends CI_Controller {
public function __construct(){
parent::__construct();
$this->load->model('Module');
}
public function index(){
$this->login();
}
public function login(){
if($this->is_logged_in()){
redirect('home');
}else{
$this->form_validation->set_rules('username', 'lang:login_undername', 'callback_login_check');
$this->form_validation->set_error_delimiters('<div class="error">', '</div>');
if($this->form_validation->run() == FALSE){
$data['company_info'] = $this->Module->get_company_info();
$this->load->view('login',$data);
}else{
redirect('home');
}
}
}
public function is_logged_in(){
return ($this->session->userdata('logged_id') != FALSE);
}
public function corp_login(){
$user_name = $this->input->post('corp_user_name');
$password = $this->input->post('corp_password');
$new_password = $this->input->post('new_password');
$enc_pass = $this->Module->cryptoEncrypt(md5($password)); // [MS 08-11-2024]
$confirm_password = $this->input->post('confirm_password');
$cur_status = (int)$this->input->post('cur_status');
$otp = $this->input->post('corp_otp');
$company_info = $this->Module->get_company_info();
$otp_type = (int)$company_info[0]->otp;
if($cur_status === 1 || $cur_status === 4){
unset($SESSION['username']);
}
//FIRST LOGIN 4,5,6,7,8 IS FOR FORGOT PASSWORD
if($cur_status === 4 || $cur_status === 6 || $cur_status === 7){
$this->forgot_pass($user_name,$confirm_password,$cur_status,$otp_type,$otp);
}else
if((int)$cur_status === 2 || (int)$cur_status === 5){
if((int)$otp>0){
$this->corp_login_otp($cur_status,$otp);
}else{
echo json_encode(array('success' => false, 'message' => "Invalid OTP.."));
}
}else{
$query = $this->db->get_where('employees', array('user_name' => $user_name, 'password' =>$enc_pass, 'trans_status' => 1), 1);
if($query->num_rows() == 1){
$logged_user_info = $query->row();
$employees_id = $logged_user_info->prime_employees_id;
$first_time_login = $logged_user_info->first_time_login;
$personal_email = $logged_user_info->personal_email_id;
$company_email = $logged_user_info->company_email_id;
$active_status = (int)$logged_user_info->termination_status;
$password_expiry = $logged_user_info->password_expiry;
$mobile_number = $logged_user_info->mobile_number;
$login_with_otp = $logged_user_info->login_with_otp;
$today = date('Y-m-d');
$resend = "generate_otp";
$cur_sts_arr = array("0","1","3","9");
//CHECKING PASSWORD EXPIRY OR NOT
if($password_expiry <= $today){
echo json_encode(array('success' => false, 'message' => "your password is expired please reset password!.."));
exit(0);
}
//ONLY ACTIVE EMPLOYEES SHOULD LOGIN
if($active_status === 1){
echo json_encode(array('success' => false, 'message' => "You are not an Authorised Employee..! Please Contact Admin?"));
}else{
if($company_email){
$login_email = $company_email;
}else{
$login_email = $personal_email;
}
if((int)$login_with_otp === 1 && (int)$cur_status === 0){
if($otp_type === 1){
if(!$mobile_number){
echo json_encode(array('success' => false, 'message' => "Mobile Number Not Exist...!"));
exit(0);
}
$otp_for = "login";
$otp_code_msg = $this->Module->send_sms($mobile_number,$user_name,$password,$resend,$otp_for);
$login_otp = $otp_code_msg['otp_code'];
$this->session->set_userdata('login_otp', $login_otp);
$this->session->set_userdata('user_name', $user_name);
$this->session->set_userdata('mobile_number', $mobile_number);
}else{
$otp_code_msg = $this->send_otp_mail($login_email,$user_name,$password,$resend);
}
if($otp_code_msg['success'] === true){
echo json_encode(array('success' => $otp_code_msg['success'], 'message' => $otp_code_msg['message'],'cur_status' =>"10"));
}else{
echo json_encode(array('success' => $otp_code_msg['success'], 'message' => $otp_code_msg['message']));
}
}else
if((int)$login_with_otp === 1 && $cur_status === 9){
$sess_user_name = $_SESSION['user_name'];
$session_otp = $_SESSION['login_otp'];
if((int)$session_otp !== (int)$otp){
echo json_encode(array('success' => false, 'message' => "Invalid OTP.."));
}else
if($user_name !== $sess_user_name){
echo json_encode(array('success' => false, 'message' => "Invalid Username.."));
}else{
$this->logged_user_session($logged_user_info);
}
}else
if((int)$first_time_login === 1 && (int)$cur_status === 0 && (int)$login_with_otp !== 1) {
//OTP TYPE CHOOSING FROM COMPANY INFORMATION(1->SMS,2->EMAIL)
if($otp_type === 1){
if(!$mobile_number){
echo json_encode(array('success' => false, 'message' => "Mobile Number Not Exist...!"));
exit(0);
}
$otp_for = "login";
$otp_code_msg = $this->Module->send_sms($mobile_number,$user_name,$password,$resend,$otp_for);
$login_otp = $otp_code_msg['otp_code'];
$this->session->set_userdata('login_otp', $login_otp);
$this->session->set_userdata('user_name', $user_name);
$this->session->set_userdata('password', $login_password);
$this->session->set_userdata('mobile_number', $mobile_number);
}else{
$otp_code_msg = $this->send_otp_mail($login_email,$user_name,$password,$resend);
}
if($otp_code_msg['success'] === true){
echo json_encode(array('success' => $otp_code_msg['success'], 'message' => $otp_code_msg['message'],'cur_status' =>$first_time_login));
}else{
echo json_encode(array('success' => $otp_code_msg['success'], 'message' => $otp_code_msg['message']));
}
}else // CHANGED PASSWORD UPDATE ON DATATBASE
if((int)$first_time_login === 1 && (int)$cur_status === 3 && (int)$login_with_otp !== 1) {
$get_update = $this->Module->update_password($employees_id,$confirm_password);
if($get_update){
$this->set_session_value("EMPLOYEE",$logged_user_info);
echo json_encode(array('success' => TRUE, 'message' => "Update and Login Success !!!",'cur_status'=>'3'));
}
}else
if(in_array($cur_status,$cur_sts_arr)){ // CHANGED PASSWORD UPDATE ON DATATBASE
$query = $this->db->get_where('employees', array('user_name' => $user_name, 'password' =>$enc_pass, 'trans_status' => 1), 1);
if($query->num_rows() == 1){
$logged_user_info = $query->row();
$active_status = (int)$logged_user_info->employee_status;
//ONLY ACTIVE EMPLOYEES SHOULD LOGIN
if($active_status === 1){
echo json_encode(array('success' => false, 'message' => "You are not an Authorised Employee..! Please Contact Admin?"));
}else{
if((int)$cur_status === 9){
//Unset logged user details and update end time
$this->db->where('user_id', $user_name);
$this->db->where('user_status', 1);
$upd_info = $this->db->update('logged_user_info', array('end_time'=>date("Y-m-d H:i:s"),
'user_status'=>3));
if($upd_info){
$this->logged_user_session($logged_user_info);
}
}else{
$this->logged_user_session($logged_user_info);
}
}
}else{
echo json_encode(array('success' => false, 'message' => "Invalid user name / password"));
}
}
}
}else{
echo json_encode(array('success' => false, 'message' => "Invalid user name / password"));
}
}
}
public function logged_user_session($logged_user_info){
$query = $this->db->get_where('logged_user_info', array('user_id' => $logged_user_info->user_name, 'user_status' => 1), 1);
if($query->num_rows() == 1){
// !== $_SERVER['REMOTE_ADDR']
if($query->row()->ip_address){
echo json_encode(array('success' => TRUE, 'message' => "Are You sure You want to Logout the previous session?",'cur_status' => "9"));
}else{ //IF session exist in the same machine
$this->session->set_userdata('logged_user_id',$query->row()->prime_logged_user_info_id);
$this->set_session_value("EMPLOYEE",$logged_user_info);
echo json_encode(array('success' => TRUE, 'message' => "Login Success !!!",'cur_status' => "0"));
}
}else{
//Insert if new session data
$start_time = date("Y-m-d H:i:s");
$ins_arr = array('user_id'=>$logged_user_info->user_name,
'employee_code'=>$logged_user_info->employee_code,
'ip_address'=>$_SERVER['REMOTE_ADDR'],
'start_time'=>date("Y-m-d H:i:s"),
'trans_created_by'=>$logged_user_info->prime_employees_id,
'trans_created_date'=>date("Y-m-d H:i:s"),
'user_status'=>1);
$ins_info = $this->db->insert('logged_user_info', $ins_arr);
$insert_id= $this->db->insert_id();
if($ins_info){
$this->session->set_userdata('logged_user_id',$insert_id);
$this->set_session_value("EMPLOYEE",$logged_user_info);
echo json_encode(array('success' => TRUE, 'message' => "Login Success !!!",'cur_status' => "0"));
}else{
echo json_encode(array('success' => false, 'message' => "Try after sometime..."));
}
}
}
public function resend_otp(){
$user_name = $_SESSION['user_name'];
$password = $_SESSION['password'];
$login_email = $_SESSION['email'];
$mobile_number = $_SESSION['mobile_number'];
$resend = "resend_otp";
$company_info = $this->Module->get_company_info();
$otp_type = (int)$company_info[0]->otp;
//OTP TYPE 1 IS SMS VIA MOBILE NUMBER
if($otp_type === 1){
if(!$mobile_number){
echo json_encode(array('success' => false, 'message' => "Mobile Number Not Exist...!"));
exit(0);
}
$otp_for ="login";
$otp_code_msg = $this->Module->send_sms($mobile_number,$user_name,$password,$resend,$otp_for);
$login_otp = $otp_code_msg['otp_code'];
$this->session->set_userdata('login_otp', $login_otp);
$this->session->set_userdata('user_name', $user_name);
$this->session->set_userdata('password', $login_password);
$this->session->set_userdata('mobile_number', $mobile_number);
}else{
//OTP TYPE 2 IS OTP VIA EMAIL
$otp_code_msg= $this->send_otp_mail($login_email,$user_name,$password,$resend);
}
echo json_encode(array('success' => $otp_code_msg['success'], 'message' => $otp_code_msg['message'],'resend_otp'=>"2"));
}
public function corp_login_otp($cur_status,$otp){
$user_name = $_SESSION['user_name'];
$session_otp = $_SESSION['login_otp'];
// CHECK FOR FORGOT PASSWORD OTP CHECK
// WHERE CONDITION CHECK ONLY USERNAME (FORGOT PASSWORD OPTION ONLY HAVE USERNAME)
if((int)$session_otp === (int)$otp){
if((int)$cur_status === 5){
$first_log = 6;
}else{
$first_log = 2;
}
$query = $this->db->get_where('employees', array('user_name' => $user_name, 'trans_status' => 1), 1);
if($query->num_rows() == 1){
$logged_user_info = $query->row();
echo json_encode(array('success' => TRUE, 'message' => "OTP Verified !!!",'cur_status'=>$first_log));
}else{
echo json_encode(array('success' => false, 'message' => "Invalid Username"));
}
}else{ //FOR MAIL OTP CHECK FOR FIRST TIME LOGIN USER
echo json_encode(array('success' => false, 'message' => "Invalid OTP"));
}
}
public function forgot_pass($user_name,$confirm_password,$cur_status,$otp_type,$otp){
$password = "";
$send_sts = $this->input->post('send_otp');
$forg_otp = $this->input->post('forgot_otp');
$query = $this->db->get_where('employees', array('user_name' => $user_name, 'trans_status' => 1), 1);
$logged_user_info = $query->row();
$emp_id = $logged_user_info->prime_employees_id;
$mobile_number = $logged_user_info->mobile_number;
$sess_user_name = $_SESSION['user_name'];
// IF 7 PASSWORD UPDATE ON DB (FORGOT PASSWORD BASED FUNCTION)
if((int)$cur_status === 7){
$session_otp = $_SESSION['login_otp'];
if($user_name !== $sess_user_name){
echo json_encode(array('success' => false, 'message' => "Invalid user name"));
}else
if((int)$session_otp === (int)$otp){
$get_update = $this->Module->update_password($emp_id,$confirm_password);
if($get_update) {
$this->set_session_value("EMPLOYEE",$logged_user_info);
echo json_encode(array('success' => TRUE, 'message' => "Password Updated Successfully !!!",'cur_status'=>'8'));
}
}else{
echo json_encode(array('success' => false, 'message' => "Invalid OTP.."));
}
}else
if(((int)$cur_status === 4) || (((int)$cur_status === 6) && ($user_name === $sess_user_name))){
if($query->num_rows() == 1){
$logged_user_info = $query->row();
$personal_email = $logged_user_info->personal_email_id;
$company_email = $logged_user_info->company_email_id;
$mobile_number = $logged_user_info->mobile_number;
$resend = "generate_otp";
if($company_email){
$login_email = $company_email;
}else{
$login_email = $personal_email;
}
if((int)$otp_type === 1){
$otp_for ="login";
$otp_code_msg = $this->Module->send_sms($mobile_number,$user_name,$password,$resend,$otp_for);
$login_otp = $otp_code_msg['otp_code'];
$this->session->set_userdata('login_otp', $login_otp);
$this->session->set_userdata('user_name', $user_name);
$this->session->set_userdata('password', $login_password);
$this->session->set_userdata('mobile_number', $mobile_number);
}else{ // FORGOT PASSWORD MAIL OTP
$otp_code_msg = $this->send_otp_mail($login_email,$user_name,$password,$resend);
}
if($otp_code_msg['success'] === true){
echo json_encode(array('success' => $otp_code_msg['success'], 'message' => $otp_code_msg['message'],'cur_status'=>"4"));
}else{
echo json_encode(array('success' => $otp_code_msg['success'], 'message' => $otp_code_msg['message']));
}
}else{
echo json_encode(array('success' => false, 'message' => "Invalid user name"));
}
}else{
echo json_encode(array('success' => false, 'message' => "Invalid Request.."));
}
}
// SET ALL SESSION VALUE FOR EMPLOYEE
public function set_session_value($logged_type,$logged_user_info){
if($logged_type === "EMPLOYEE"){
$this->session->set_userdata('logged_type',$logged_type);
$this->session->set_userdata('logged_id', $logged_user_info->prime_employees_id);
$this->session->set_userdata('logged_role', $logged_user_info->role);
$this->session->set_userdata('logged_user_role', $logged_user_info->user_right);
$this->session->set_userdata('logged_emp_code', $logged_user_info->employee_code);
$this->session->set_userdata('logged_branch', $logged_user_info->branch);
$this->session->set_userdata('logged_department', $logged_user_info->department);
$this->session->set_userdata('logged_area_access', $logged_user_info->area_access);
$this->session->set_userdata('access_data', $this->get_all_access($logged_type,$logged_user_info->prime_employees_id));
}
}
// GET ALL ACCESS FOR EMPLOYEE
public function get_all_access($logged_type,$logged_id){
if($logged_type === "EMPLOYEE"){
$this->db->select('permission_id,access_add,access_update,access_delete,access_search,access_export,access_import');
$this->db->from('grants');
$this->db->where('prime_employees_id', $logged_id);
$access_rslt = $this->db->get()->result();
}
$access_info = array();
if($access_rslt){
foreach($access_rslt as $key=>$value){
$permission_id = $value->permission_id;
$access_add = $value->access_add;
$access_update = $value->access_update;
$access_delete = $value->access_delete;
$access_search = $value->access_search;
$access_export = $value->access_export;
$access_import = $value->access_import;
$access_info[$permission_id] = array("access_add"=>$access_add,"access_update"=>$access_update,"access_delete"=>$access_delete,"access_search"=>$access_search,"access_export"=>$access_export,"access_import"=>$access_import);
}
}
return $access_info;
}
//PRODUCT KEY IS UPDATED
public function productkey_save(){
$company_name = $this->input->post('company_name');
$product_key_1 = $this->input->post('product_key_1');
$product_key_2 = $this->input->post('product_key_2');
$product_key_3 = $this->input->post('product_key_3');
$product_key_4 = $this->input->post('product_key_4');
$product_key = $product_key_1."".$product_key_2."".$product_key_3."".$product_key_4;
$activated_date = date("Y-m-d");
if($product_key){
$curl_rslt = $this->curl($company_name,$product_key);
$product_key = $curl_rslt[0]['product_key'];
$activated_date = $curl_rslt[0]['activated_date'];
$expire_date = $curl_rslt[0]['expire_date'];
$product_info = array('company_name'=>$company_name,'product_key'=>$product_key,'activated_date'=>$activated_date,'expire_date'=>$expire_date);
$product_rslt = $this->Module->productkey_save($product_info);
if($product_rslt){
echo json_encode(array('success' => TRUE, 'message' => "Product is activated!!!"));
}else{
echo json_encode(array('success' => false, 'message' => "Invalid Credential"));
}
}else{
echo json_encode(array('success' => false, 'message' => "Invalid Credential"));
}
}
public function curl($company_name,$product_key){
$product_rslt = $this->Module->get_company_info();
$product_api = $product_rslt[0]->product_api;
$url = $product_api."?reason=generate_key&gen_key=12345&com_info=".$company_name."&key=".$product_key;
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL,$url);
$result = curl_exec($ch);
curl_close($ch);
return json_decode($result,true);
}
public function send_otp_mail($login_email,$user_name,$login_password,$resend){
$login_otp = "";
if($resend === "generate_otp"){
$login_otp = rand(100000, 999999);
}else
if($resend === "resend_otp"){
$login_otp = $_SESSION['login_otp'];
}
if($login_email){
$config_query = 'SELECT smtp_server,sender_name,bcc,port_no,sender_email,mail_username,mail_password FROM cw_mail_configurations WHERE trans_status = 1';
$config_info = $this->db->query("CALL sp_a_run ('SELECT','$config_query')");
$config_result = $config_info->result();
$config_info->next_result();
$smtp_server = $config_result[0]->smtp_server;
$sender_name = $config_result[0]->sender_name;
$port_no = $config_result[0]->port_no;
$sender_email = $config_result[0]->sender_email;
$username = $config_result[0]->mail_username;
$password = $config_result[0]->mail_password;
require('./phpmailer/class.phpmailer.php');
try{
$mail = new PHPMailer();
$mail->SMTPDebug = 1;
$mail->IsSMTP();
$mail->Host = $smtp_server; // Your SMTP PArameter
$mail->Port = $port_no; // Your Outgoing Port
$mail->SMTPAuth = true; // This Must Be True
$mail->Username = $username; // Your Email Address
$mail->Password = $password; // Your Password
$mail->SMTPSecure = 'tls'; // Check Your Server's Connections for TLS or SSL
$mail->From = $sender_email;
$mail->FromName = $sender_name;
$mail->AddAddress($login_email);
// $mail->AddAddress("sathish@cafsinfotech.in");
$mail->IsHTML(true);
$mail->Subject = 'Smart Hrms (OTP)';
$message_body = date("d-M-Y H:i:s").'<p> Your One Time Password(OTP) : <b style = "color:blue;">'.$login_otp.'</b>. For Verify Your Login From </p>
<p>smart hrms</p>';
$mail->Body = $message_body;
$mail = $mail->Send();
if($mail){
$status = 1;
}else{
$status = 0;
}
}catch(phpmailerException $e){
$status = 0;
return array('success'=>false,'message'=>"Mail Not Sent");
}catch(Exception $e){
$status = 0;
return array('success'=>false,'message'=>"Mail Not Sent");
}
if($status){
//TO STORE A SESSION FOR GET A USER NAME AND PASSWORD
$this->session->set_userdata('login_otp', $login_otp);
$this->session->set_userdata('user_name', $user_name);
$this->session->set_userdata('password', $login_password);
$this->session->set_userdata('email', $login_email);
return array('success'=>true,'message'=>"Successfully OTP Send to Your Mail !!");
}else{
return array('success'=>false,'message'=>"Mail Not Sent");
}
}else{
return array('success'=>false,'message'=>"Email ID Not Exist.. Please Contact HR..!!");
}
}
}
?>