293 lines
9.5 KiB
PHP
293 lines
9.5 KiB
PHP
<?php
|
|
namespace App\Controllers;
|
|
|
|
use Core\View;
|
|
use App\Models\Access;
|
|
use App\Models\ClientSession;
|
|
use Core\Token;
|
|
use Core\Session;
|
|
use Core\Redirect;
|
|
use Core\Hash;
|
|
use Core\XSS;
|
|
use Defuse\Crypto\Crypto;
|
|
use Defuse\Crypto\Key;
|
|
|
|
class Home
|
|
{
|
|
|
|
/* Routes */
|
|
public function index()
|
|
{
|
|
$posts = new Posts();
|
|
$posts->index();
|
|
}
|
|
|
|
public function login($args = [])
|
|
{
|
|
|
|
// Login
|
|
if ($args) {
|
|
$logged_in = ['status' => false];
|
|
|
|
// Avoid XSS
|
|
$args['exclude'] = [
|
|
'password'
|
|
];
|
|
$args = XSS::avoid($args);
|
|
|
|
$username = $args['username'];
|
|
$password = $args['password'];
|
|
|
|
$user = Access::showAll([
|
|
['username', '=', $username]
|
|
]);
|
|
|
|
if ($user == false) {
|
|
$info = "Username/password salah";
|
|
$logged_in['status'] = false;
|
|
$logged_in['message'] = $info;
|
|
} else {
|
|
if ($user['flag'] != 0) {
|
|
$info = "User telah login";
|
|
$logged_in['status'] = false;
|
|
$logged_in['message'] = $info;
|
|
}
|
|
$hash = Hash::compare($password, $user['salt'], $user['password']);
|
|
|
|
if ($hash == true) {
|
|
if ($user['flag'] != 0) {
|
|
$info = "User telah login";
|
|
} else {
|
|
if (Access::update(['flag' => 1], $user['id'])) {
|
|
$ip_address = isset($_SERVER['HTTP_X_FORWADED_FOR']) ? $_SERVER['HTTP_X_FORWADED_FOR'] : $_SERVER['REMOTE_ADDR'];
|
|
|
|
ClientSession::entry([
|
|
'ip_address' => $ip_address,
|
|
'uid' => $user['id']
|
|
]);
|
|
$session = ClientSession::fetch(['uid' => $user['id']]);
|
|
setcookie('signal', $user['privilege']);
|
|
|
|
$info = "Berhasil masuk";
|
|
$logged_in['status'] = true;
|
|
$logged_in['redirect_to'] = '/?s='.$session['id']."&u=".$session['uid'];
|
|
$logged_in['message'] = 'Berhasil login';
|
|
}
|
|
}
|
|
} else {
|
|
$info = "Username/password salah";
|
|
$logged_in['message'] = $info;
|
|
}
|
|
}
|
|
if (isset($_SERVER['HTTP_CLIENT']) && $_SERVER['HTTP_CLIENT'] == 'api') {
|
|
echo json_encode($logged_in); die();
|
|
}
|
|
Session::flash('info', $info);
|
|
Redirect::to('/');
|
|
die();
|
|
} else {
|
|
View::render('Access/login.html', [
|
|
'token' => Token::generate()
|
|
]);
|
|
}
|
|
}
|
|
|
|
public function logout($id = '') {
|
|
$logged_out = ['status' => false];
|
|
try {
|
|
if ($id) {
|
|
$this->delete($id);
|
|
} else {
|
|
$this->delete();
|
|
}
|
|
|
|
session_destroy();
|
|
header('X-Token: ');
|
|
setcookie('signal', '', time()-3600);
|
|
|
|
$info = "Berhasil keluar";
|
|
$logged_out['status'] = true;
|
|
$logged_out['redirect_to'] = '';
|
|
$logged_out['message'] = 'Berhasil logout';
|
|
} catch (\Exception $e) {
|
|
$logged_out['status'] = false;
|
|
$logged_out['message'] = $e->getMessage();
|
|
}
|
|
|
|
if (isset($_SERVER['HTTP_CLIENT']) && $_SERVER['HTTP_CLIENT'] == 'api') {
|
|
echo json_encode($logged_out);die();
|
|
}
|
|
Session::flash('info', $info);
|
|
Redirect::to('/');
|
|
}
|
|
|
|
public function register()
|
|
{
|
|
if (Session::exists('userid') && Session::get('privilege') == 1) {
|
|
View::render('Access/registrasi.html', [
|
|
'token' => Token::generate()
|
|
]);
|
|
} else {
|
|
throw new \Exception("Bad Request", 400);
|
|
}
|
|
}
|
|
|
|
/* Methods */
|
|
public function post($args = [])
|
|
{
|
|
$registered = [];
|
|
foreach ($args as $value) {
|
|
if ($value == '') {
|
|
$info = 'Semua data harus diisi';
|
|
$registered['status'] = false;
|
|
$registered['message'] = $info;
|
|
if (isset($_SERVER['HTTP_CLIENT']) && $_SERVER['HTTP_CLIENT'] == 'api') {
|
|
echo json_encode($registered);die();
|
|
}
|
|
Session::flash('info', $info);
|
|
Redirect::to('./register');
|
|
die();
|
|
}
|
|
}
|
|
|
|
$date = new \DateTime();
|
|
$now = $date->format('Y-m-d');
|
|
$args['registered_at'] = $now;
|
|
|
|
$salt = Hash::salt();
|
|
$password = Hash::make($args['password'], $salt);
|
|
$args['salt'] = $salt;
|
|
$args['password'] = $password;
|
|
|
|
// Avoid XSS attack
|
|
// Exclude password and salt
|
|
$args['exclude'] = [
|
|
'salt',
|
|
'password'
|
|
];
|
|
$args = XSS::avoid($args);
|
|
|
|
$data = Access::showAll();
|
|
foreach ($data as $users) {
|
|
if (is_array($users)) {
|
|
$known_uname = $users['username'];
|
|
} else {
|
|
$known_uname = $data['username'];
|
|
}
|
|
if ($args['username'] == $known_uname) {
|
|
$info = 'Username telah digunakan. Silahkan gunakan username lain';
|
|
$registered['status'] = false;
|
|
$registered['message'] = $info;
|
|
if (isset($_SERVER['HTTP_CLIENT']) && $_SERVER['HTTP_CLIENT'] == 'api') {
|
|
echo json_encode($registered);die();
|
|
}
|
|
Session::flash('info', $info);
|
|
Redirect::to('./register');
|
|
die();
|
|
}
|
|
}
|
|
|
|
Access::entry($args);
|
|
if (isset($_SERVER['HTTP_CLIENT']) && $_SERVER['HTTP_CLIENT'] == 'api') {
|
|
echo json_encode([
|
|
'status' => true,
|
|
'route_to' => '',
|
|
'message' => 'Proses berhasil'
|
|
]);die();
|
|
}
|
|
Session::flash('info', 'Registrasi berhasil');
|
|
Redirect::to('/');
|
|
die();
|
|
}
|
|
|
|
public function delete($id = '')
|
|
{
|
|
if ($id) {
|
|
$uid = $id;
|
|
// } elseif (isset($_SERVER['HTTP_X_TOKEN'])) {
|
|
// $token = Token::fetch($_SERVER['HTTP_X_TOKEN']);
|
|
// if ($token == '') {
|
|
// throw new \Exception("Token invalid");
|
|
// }
|
|
// $uid = $token['uid'];
|
|
} elseif (isset($_SERVER['HTTP_X_QUERY'])) {
|
|
$query_string = $_SERVER['HTTP_X_QUERY'];
|
|
$exploded = explode('&', $query_string);
|
|
$uid = $exploded[1];
|
|
$uid = explode('=', $uid);
|
|
$uid = $uid[1];
|
|
}
|
|
|
|
$ip = isset($_SERVER['HTTP_X_FORWADED_FOR']) ? $_SERVER['HTTP_X_FORWADED_FOR'] : $_SERVER['REMOTE_ADDR'];
|
|
|
|
ClientSession::remove($ip, $uid);
|
|
Access::update(['flag' => 0], $uid);
|
|
return true;
|
|
}
|
|
|
|
// Branch mithril test
|
|
public function mithril() {
|
|
if (Session::exists('userid')) {
|
|
$user['id'] = Session::get('userid');
|
|
$user['username'] = Session::get('username');
|
|
$user['full_name'] = Session::get('full_name');
|
|
$user['privilege'] = Session::get('privilege');
|
|
} else {
|
|
$user = false;
|
|
}
|
|
|
|
View::render('Data/mithril.html', [
|
|
'user' => $user
|
|
]);
|
|
}
|
|
|
|
public function editProfile($args) {
|
|
$user = Access::showAll([
|
|
['id', '=', $args['id']]
|
|
]);
|
|
|
|
if (is_array($user)) {
|
|
if (Hash::compare($args['old_password'], $user['salt'], $args['password'])) {
|
|
unset($args['old_password']);
|
|
$args['password'] = $args['new_password'];
|
|
unset($args['new_password']);
|
|
$args['password'] = Hash::make($args['password'], $user['salt']);
|
|
$data = Access::update($args, $args['id']);
|
|
if ($data) {
|
|
if (isset($_SERVER['HTTP_CLIENT']) && $_SERVER['HTTP_CLIENT'] == 'api') {
|
|
echo json_encode([
|
|
'status' => true,
|
|
'route_to' => '/user' . '/' . $args['id'],
|
|
'message' => 'Proses berhasil'
|
|
]);die();
|
|
}
|
|
} else {
|
|
if (isset($_SERVER['HTTP_CLIENT']) && $_SERVER['HTTP_CLIENT'] == 'api') {
|
|
echo json_encode([
|
|
'status' => false,
|
|
'route_to' => '/user' . '/' . $args['id'],
|
|
'message' => 'Proses gagal'
|
|
]);die();
|
|
}
|
|
}
|
|
} else {
|
|
if (isset($_SERVER['HTTP_CLIENT']) && $_SERVER['HTTP_CLIENT'] == 'api') {
|
|
echo json_encode([
|
|
'status' => false,
|
|
'route_to' => '/user' . '/' . $args['id'],
|
|
'message' => 'Password lama tidak sama'
|
|
]);die();
|
|
}
|
|
}
|
|
} else {
|
|
if (isset($_SERVER['HTTP_CLIENT']) && $_SERVER['HTTP_CLIENT'] == 'api') {
|
|
echo json_encode([
|
|
'status' => false,
|
|
'route_to' => '/user' . '/' . $args['id'],
|
|
'message' => 'User tidak ditemukan'
|
|
]);die();
|
|
}
|
|
}
|
|
}
|
|
}
|