gregorio/lepisi-pengumuman
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
766fe4425d
lepisi-pengumuman/App/Controllers/Home.php

244 lines
7.5 KiB
PHP
Raw Blame History

<?php
namespace App\Controllers;
use Core\View;
use App\Models\Access;
use App\Models\ClientSession;
use Core\Token;
use Core\Session;
use Core\Redirect;
use Core\Hash;
use Core\XSS;
use Defuse\Crypto\Crypto;
use Defuse\Crypto\Key;
class Home
{
/* Routes */
public function index()
{
$posts = new Posts();
$posts->index();
}
public function login($args = [])
{
// Login
if ($args) {
$logged_in = ['status' => false];
// Avoid XSS
$args['exclude'] = [
'password'
];
$args = XSS::avoid($args);
$username = $args['username'];
$password = $args['password'];
$user = Access::showAll([
['username', '=', $username]
]);
if ($user == false) {
$info = "Username/password salah";
$logged_in['status'] = false;
$logged_in['message'] = $info;
} else {
if ($user['flag'] != 0) {
$info = "User telah login";
$logged_in['status'] = false;
$logged_in['message'] = $info;
}
$hash = Hash::compare($password, $user['salt'], $user['password']);
if ($hash == true) {
if ($user['flag'] != 0) {
$info = "User telah login";
} else {
if (Access::update(['flag' => 1], $user['id'])) {
$ip_address = isset($_SERVER['HTTP_X_FORWADED_FOR']) ? $_SERVER['HTTP_X_FORWADED_FOR'] : $_SERVER['REMOTE_ADDR'];
ClientSession::entry([
'ip_address' => $ip_address,
'uid' => $user['id']
]);
$session = ClientSession::fetch(['uid' => $user['id']]);
setcookie('signal', $user['privilege']);
$info = "Berhasil masuk";
$logged_in['status'] = true;
$logged_in['redirect_to'] = '/?s='.$session['id']."&u=".$session['uid'];
$logged_in['message'] = 'Berhasil login';
}
}
} else {
$info = "Username/password salah";
$logged_in['message'] = $info;
}
}
if (isset($_SERVER['HTTP_CLIENT']) && $_SERVER['HTTP_CLIENT'] == 'api') {
echo json_encode($logged_in); die();
}
Session::flash('info', $info);
Redirect::to('/');
die();
} else {
View::render('Access/login.html', [
'token' => Token::generate()
]);
}
}
public function logout($id = '') {
$logged_out = ['status' => false];
try {
if ($id) {
$this->delete($id);
} else {
$this->delete();
}
session_destroy();
header('X-Token: ');
setcookie('signal', '', time()-3600);
$info = "Berhasil keluar";
$logged_out['status'] = true;
$logged_out['redirect_to'] = '';
$logged_out['message'] = 'Berhasil logout';
} catch (\Exception $e) {
$logged_out['status'] = false;
$logged_out['message'] = $e->getMessage();
}
if (isset($_SERVER['HTTP_CLIENT']) && $_SERVER['HTTP_CLIENT'] == 'api') {
echo json_encode($logged_out);die();
}
Session::flash('info', $info);
Redirect::to('/');
}
public function register()
{
if (Session::exists('userid') && Session::get('privilege') == 1) {
View::render('Access/registrasi.html', [
'token' => Token::generate()
]);
} else {
throw new \Exception("Bad Request", 400);
}
}
/* Methods */
public function post($args = [])
{
$registered = [];
foreach ($args as $value) {
if ($value == '') {
$info = 'Semua data harus diisi';
$registered['status'] = false;
$registered['message'] = $info;
if (isset($_SERVER['HTTP_CLIENT']) && $_SERVER['HTTP_CLIENT'] == 'api') {
echo json_encode($registered);die();
}
Session::flash('info', $info);
Redirect::to('./register');
die();
}
}
$date = new \DateTime();
$now = $date->format('Y-m-d');
$args['registered_at'] = $now;
$salt = Hash::salt();
$password = Hash::make($args['password'], $salt);
$args['salt'] = $salt;
$args['password'] = $password;
// Avoid XSS attack
// Exclude password and salt
$args['exclude'] = [
'salt',
'password'
];
$args = XSS::avoid($args);
$data = Access::showAll();
foreach ($data as $users) {
if (is_array($users)) {
$known_uname = $users['username'];
} else {
$known_uname = $data['username'];
}
if ($args['username'] == $known_uname) {
$info = 'Username telah digunakan. Silahkan gunakan username lain';
$registered['status'] = false;
$registered['message'] = $info;
if (isset($_SERVER['HTTP_CLIENT']) && $_SERVER['HTTP_CLIENT'] == 'api') {
echo json_encode($registered);die();
}
Session::flash('info', $info);
Redirect::to('./register');
die();
}
}
Access::entry($args);
if (isset($_SERVER['HTTP_CLIENT']) && $_SERVER['HTTP_CLIENT'] == 'api') {
echo json_encode([
'status' => true,
'route_to' => '',
'message' => 'Proses berhasil'
]);die();
}
Session::flash('info', 'Registrasi berhasil');
Redirect::to('/');
die();
}
public function delete($id = '')
{
if ($id) {
$uid = $id;
// } elseif (isset($_SERVER['HTTP_X_TOKEN'])) {
// $token = Token::fetch($_SERVER['HTTP_X_TOKEN']);
// if ($token == '') {
// throw new \Exception("Token invalid");
// }
// $uid = $token['uid'];
} elseif (isset($_SERVER['HTTP_X_QUERY'])) {
$query_string = $_SERVER['HTTP_X_QUERY'];
$exploded = explode('&', $query_string);
$uid = $exploded[1];
$uid = explode('=', $uid);
$uid = $uid[1];
}
$ip = isset($_SERVER['HTTP_X_FORWADED_FOR']) ? $_SERVER['HTTP_X_FORWADED_FOR'] : $_SERVER['REMOTE_ADDR'];
ClientSession::remove($ip, $uid);
Access::update(['flag' => 0], $uid);
return true;
}
// Branch mithril test
public function mithril() {
if (Session::exists('userid')) {
$user['id'] = Session::get('userid');
$user['username'] = Session::get('username');
$user['full_name'] = Session::get('full_name');
$user['privilege'] = Session::get('privilege');
} else {
$user = false;
}
View::render('Data/mithril.html', [
'user' => $user
]);
}
}
Reference in New Issue View Git Blame Copy Permalink