Your IP : 216.73.216.93
<?php defined('BASEPATH') or exit('No direct script access allowed');
error_reporting(0);
/**
* Class Auth
* @property Ion_auth|Ion_auth_model $ion_auth The ION Auth spark
* @property CI_Form_validation $form_validation The form validation library
*/
class Auth extends CI_Controller
{
public $data = [];
public function __construct()
{
parent::__construct();
$this->load->database();
$this->load->library(['ion_auth', 'form_validation']);
$this->load->helper(['url', 'language', 'function_helper', 'sms_helper']);
$this->form_validation->set_error_delimiters($this->config->item('error_start_delimiter', 'ion_auth'), $this->config->item('error_end_delimiter', 'ion_auth'));
$this->lang->load('auth');
}
/**
* Redirect if needed, otherwise display the user list
*/
public function index()
{
if (!$this->ion_auth->logged_in()) {
// redirect them to the login page
redirect('auth/login', 'refresh');
} else if (!$this->ion_auth->is_admin()) // remove this elseif if you want to enable this for non-admins
{
// redirect them to the home page because they must be an administrator to view this
show_error('You must be an administrator to view this page.');
} else {
$this->data['title'] = $this->lang->line('index_heading');
// set the flash data error message if there is one
$this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
//list the users
$this->data['users'] = $this->ion_auth->users()->result();
//USAGE NOTE - you can do more complicated queries like this
foreach ($this->data['users'] as $k => $user) {
$this->data['users'][$k]->groups = $this->ion_auth->get_users_groups($user->id)->result();
}
$this->_render_page('auth' . DIRECTORY_SEPARATOR . 'index', $this->data);
}
}
/**
* Log the user in
*/
public function login()
{
$this->data['title'] = $this->lang->line('login_heading');
$identity_column = $this->config->item('identity', 'ion_auth');
// validate form input
$this->form_validation->set_rules('identity', ucfirst($identity_column), 'required|xss_clean|numeric|min_length[3]|max_length[16]');
$this->form_validation->set_rules('password', str_replace(':', '', $this->lang->line('login_password_label')), 'required|xss_clean');
if ($this->form_validation->run() === TRUE) {
$tables = $this->config->item('tables', 'ion_auth');
$identity = $this->input->post('identity', true);
if (isset($_POST['type']) && $_POST['type'] != 'phone') {
$res = $this->db->select('id')->where('email', $identity)->get($tables['login_users'])->result_array();
} else {
$res = $this->db->select('id')->where($identity_column, $identity)->get($tables['login_users'])->result_array();
}
if (!empty($res)) {
if ($this->ion_auth_model->in_group('admin', $res[0]['id'])) {
// check to see if the user is logging in
// check for "remember me"
$remember = (bool)$this->input->post('remember');
if ($this->ion_auth->login($this->input->post('identity'), $this->input->post('password'), $remember, 'phone')) {
//if the login is successful
if (!$this->input->is_ajax_request()) {
redirect('admin/home', 'refresh');
}
$response['error'] = false;
$response['csrfName'] = $this->security->get_csrf_token_name();
$response['csrfHash'] = $this->security->get_csrf_hash();
$response['message'] = $this->ion_auth->messages();
echo json_encode($response);
} else {
// if the login was un-successful
$response['error'] = true;
$response['csrfName'] = $this->security->get_csrf_token_name();
$response['csrfHash'] = $this->security->get_csrf_hash();
$response['message'] = $this->ion_auth->errors();
echo json_encode($response);
}
} else if ($this->ion_auth_model->in_group('seller', $res[0]['id'])) {
// check for "remember me"
$remember = (bool)$this->input->post('remember');
if ($this->ion_auth->login($this->input->post('identity'), $this->input->post('password'), $remember,'phone')) {
//if the login is successful
$seller_status = $this->ion_auth->seller_status($this->session->userdata('user_id'));
$messages = array("0" => "Your acount is deactivated", "1" => "Logged in successfully", "2" => "Your account is not yet approved.", "7" => "Your account has been removed by the admin. Contact admin for more information.");
if (!$this->input->is_ajax_request() && ($seller_status == '1' || $seller_status == '0')) {
redirect('seller/home', 'refresh');
}
$response['error'] = false;
$response['csrfName'] = $this->security->get_csrf_token_name();
$response['csrfHash'] = $this->security->get_csrf_hash();
$response['message'] = $messages[$seller_status];
echo json_encode($response);
} else {
// if the login was un-successful
$response['error'] = true;
$response['csrfName'] = $this->security->get_csrf_token_name();
$response['csrfHash'] = $this->security->get_csrf_hash();
$response['message'] = $this->ion_auth->errors();
echo json_encode($response);
}
} else {
$response['error'] = true;
$response['csrfName'] = $this->security->get_csrf_token_name();
$response['csrfHash'] = $this->security->get_csrf_hash();
$response['message'] = '<div>Incorrect Login</div>';
echo json_encode($response);
}
} else {
$response['error'] = true;
$response['csrfName'] = $this->security->get_csrf_token_name();
$response['csrfHash'] = $this->security->get_csrf_hash();
$response['message'] = 'Incorrect Login';
echo json_encode($response);
}
} else {
// the user is not logging in so display the login page
if (validation_errors()) {
$response['error'] = true;
$response['csrfName'] = $this->security->get_csrf_token_name();
$response['csrfHash'] = $this->security->get_csrf_hash();
$response['message'] = validation_errors();
echo json_encode($response);
return false;
exit();
}
if ($this->session->flashdata('message')) {
$response['error'] = false;
$response['csrfName'] = $this->security->get_csrf_token_name();
$response['csrfHash'] = $this->security->get_csrf_hash();
$response['message'] = $this->session->flashdata('message');
echo json_encode($response);
return false;
exit();
}
// set the flash data error message if there is one
$this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
$this->data['identity'] = [
'name' => 'identity',
'id' => 'identity',
'type' => 'text',
'value' => $this->form_validation->set_value('identity'),
];
$this->data['password'] = [
'name' => 'password',
'id' => 'password',
'type' => 'password',
];
$this->_render_page('auth' . DIRECTORY_SEPARATOR . 'login', $this->data);
}
}
/**
* Log the user out
*/
public function logout()
{
$this->data['title'] = "Logout";
// log the user out
$this->ion_auth->logout();
// redirect them to the login page
redirect('auth/login', 'refresh');
}
/**
* Change password
*/
public function change_password()
{
$this->form_validation->set_rules('old', $this->lang->line('change_password_validation_old_password_label'), 'required|xss_clean');
$this->form_validation->set_rules('new', $this->lang->line('change_password_validation_new_password_label'), 'required|xss_clean|min_length[' . $this->config->item('min_password_length', 'ion_auth') . ']|matches[new_confirm]');
$this->form_validation->set_rules('new_confirm', $this->lang->line('change_password_validation_new_password_confirm_label'), 'required|xss_clean');
$identity = $this->session->userdata('identity');
if ($this->form_validation->run() === FALSE) {
if ($this->ion_auth->change_password($identity, $this->input->post('old'), $this->input->post('new'))) {
//if the login is successful
$response['error'] = false;
$response['csrfName'] = $this->security->get_csrf_token_name();
$response['csrfHash'] = $this->security->get_csrf_hash();
$response['message'] = $this->ion_auth->messages();
echo json_encode($response);
return;
exit();
} else {
// if the login was un-successful
$response['error'] = true;
$response['csrfName'] = $this->security->get_csrf_token_name();
$response['csrfHash'] = $this->security->get_csrf_hash();
$response['message'] = $this->ion_auth->errors();
echo json_encode($response);
return;
exit();
}
} else {
if (validation_errors()) {
$response['error'] = true;
$response['csrfName'] = $this->security->get_csrf_token_name();
$response['csrfHash'] = $this->security->get_csrf_hash();
$response['message'] = validation_errors();
echo json_encode($response);
return false;
exit();
}
if ($this->session->flashdata('message')) {
$response['error'] = false;
$response['csrfName'] = $this->security->get_csrf_token_name();
$response['csrfHash'] = $this->security->get_csrf_hash();
$response['message'] = $this->session->flashdata('message');
echo json_encode($response);
return false;
exit();
}
}
}
/**
* Forgot password
*/
public function forgot_password()
{
$this->data['title'] = $this->lang->line('forgot_password_heading');
// setting validation rules by checking whether identity is username or email
if ($this->config->item('identity', 'ion_auth') != 'email') {
$this->form_validation->set_rules('identity', $this->lang->line('forgot_password_identity_label'), 'required|xss_clean');
} else {
$this->form_validation->set_rules('identity', $this->lang->line('forgot_password_validation_email_label'), 'required|valid_email|xss_clean');
}
if (!$this->form_validation->run()) {
$this->data['type'] = $this->config->item('identity', 'ion_auth');
// setup the input
$this->data['identity'] = [
'name' => 'identity',
'id' => 'identity',
];
if ($this->config->item('identity', 'ion_auth') != 'email') {
$this->data['identity_label'] = $this->lang->line('forgot_password_identity_label');
} else {
$this->data['identity_label'] = $this->lang->line('forgot_password_email_identity_label');
}
// set any errors and display the form
$response['error'] = true;
$response['csrfName'] = $this->security->get_csrf_token_name();
$response['csrfHash'] = $this->security->get_csrf_hash();
$response['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
echo json_encode($response);
return false;
} else {
$identity_column = $this->config->item('identity', 'ion_auth');
$identity = $this->ion_auth->where($identity_column, $this->input->post('identity'))->users()->row();
if (empty($identity)) {
if ($this->config->item('identity', 'ion_auth') != 'email') {
$this->ion_auth->set_error('forgot_password_identity_not_found');
} else {
$this->ion_auth->set_error('forgot_password_email_not_found');
}
$this->session->set_flashdata('message', $this->ion_auth->errors());
redirect("auth/forgot_password", 'refresh');
}
// run the forgotten password method to email an activation code to the user
$forgotten = $this->ion_auth->forgotten_password($identity->{$this->config->item('identity', 'ion_auth')});
if ($forgotten) {
// if there were no errors
$response['error'] = false;
$response['csrfName'] = $this->security->get_csrf_token_name();
$response['csrfHash'] = $this->security->get_csrf_hash();
$response['message'] = $this->ion_auth->messages();
echo json_encode($response);
return false;
} else {
$response['error'] = true;
$response['csrfName'] = $this->security->get_csrf_token_name();
$response['csrfHash'] = $this->security->get_csrf_hash();
$response['message'] = $this->ion_auth->errors();
echo json_encode($response);
return false;
}
}
}
/**
* Reset password - final step for forgotten password
*
* @param string|null $code The reset code
*/
public function reset_password($code = NULL)
{
if (!$code) {
show_404();
}
$this->data['title'] = $this->lang->line('reset_password_heading');
$user = $this->ion_auth->forgotten_password_check($code);
if ($user) {
// if the code is valid then display the password reset form
$this->form_validation->set_rules('new', $this->lang->line('reset_password_validation_new_password_label'), 'required|xss_clean|min_length[' . $this->config->item('min_password_length', 'ion_auth') . ']|matches[new_confirm]');
$this->form_validation->set_rules('new_confirm', $this->lang->line('reset_password_validation_new_password_confirm_label'), 'required|xss_clean');
if ($this->form_validation->run() === FALSE) {
// display the form
// set the flash data error message if there is one
$this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
$this->data['min_password_length'] = $this->config->item('min_password_length', 'ion_auth');
$this->data['new_password'] = [
'name' => 'new',
'id' => 'new',
'type' => 'password',
'pattern' => '^.{' . $this->data['min_password_length'] . '}.*$',
];
$this->data['new_password_confirm'] = [
'name' => 'new_confirm',
'id' => 'new_confirm',
'type' => 'password',
'pattern' => '^.{' . $this->data['min_password_length'] . '}.*$',
];
$this->data['user_id'] = [
'name' => 'user_id',
'id' => 'user_id',
'type' => 'hidden',
'value' => $user->id,
];
$this->data['csrf'] = $this->_get_csrf_nonce();
$this->data['code'] = $code;
// render
$this->_render_page('auth' . DIRECTORY_SEPARATOR . 'reset_password', $this->data);
} else {
$identity = $user->{$this->config->item('identity', 'ion_auth')};
// do we have a valid request?
if ($this->_valid_csrf_nonce() === FALSE || $user->id != $this->input->post('user_id')) {
// something fishy might be up
$this->ion_auth->clear_forgotten_password_code($identity);
show_error($this->lang->line('error_csrf'));
} else {
// finally change the password
$change = $this->ion_auth->reset_password($identity, $this->input->post('new'));
if ($change) {
// if the password was successfully changed
$this->session->set_flashdata('message', $this->ion_auth->messages());
redirect("auth/login", 'refresh');
} else {
$this->session->set_flashdata('message', $this->ion_auth->errors());
redirect('auth/reset_password/' . $code, 'refresh');
}
}
}
} else {
// if the code is invalid then send them back to the forgot password page
$this->session->set_flashdata('message', $this->ion_auth->errors());
redirect("admin/login/forgot_password", 'refresh');
}
}
/**
* Activate the user
*
* @param int $id The user ID
* @param string|bool $code The activation code
*/
public function activate($id, $code = FALSE)
{
$activation = FALSE;
if ($code !== FALSE) {
$activation = $this->ion_auth->activate($id, $code);
} else if ($this->ion_auth->is_admin()) {
$activation = $this->ion_auth->activate($id);
}
if ($activation) {
// redirect them to the auth page
$this->session->set_flashdata('message', $this->ion_auth->messages());
redirect("admin/auth", 'refresh');
} else {
// redirect them to the forgot password page
$this->session->set_flashdata('message', $this->ion_auth->errors());
redirect("auth/forgot_password", 'refresh');
}
}
/**
* Deactivate the user
*
* @param int|string|null $id The user ID
*/
public function deactivate($id = NULL)
{
if (!$this->ion_auth->logged_in() || !$this->ion_auth->is_admin()) {
// redirect them to the home page because they must be an administrator to view this
show_error('You must be an administrator to view this page.');
}
$id = (int)$id;
$this->load->library('form_validation');
$this->form_validation->set_rules('confirm', $this->lang->line('deactivate_validation_confirm_label'), 'required|xss_clean');
$this->form_validation->set_rules('id', $this->lang->line('deactivate_validation_user_id_label'), 'required|alpha_numeric|xss_clean');
if ($this->form_validation->run() === FALSE) {
// insert csrf check
$this->data['csrf'] = $this->_get_csrf_nonce();
$this->data['user'] = $this->ion_auth->user($id)->row();
$this->_render_page('auth' . DIRECTORY_SEPARATOR . 'deactivate_user', $this->data);
} else {
// do we really want to deactivate?
if ($this->input->post('confirm') == 'yes') {
// do we have a valid request?
if ($this->_valid_csrf_nonce() === FALSE || $id != $this->input->post('id')) {
show_error($this->lang->line('error_csrf'));
}
// do we have the right userlevel?
if ($this->ion_auth->logged_in() && $this->ion_auth->is_admin()) {
$this->ion_auth->deactivate($id);
}
}
// redirect them back to the auth page
redirect('auth', 'refresh');
}
}
/**
* Create a new user
*/
public function create_user()
{
$this->data['title'] = $this->lang->line('create_user_heading');
if (!$this->ion_auth->logged_in() || !$this->ion_auth->is_admin()) {
redirect('auth', 'refresh');
}
$tables = $this->config->item('tables', 'ion_auth');
$identity_column = $this->config->item('identity', 'ion_auth');
$this->data['identity_column'] = $identity_column;
// validate form input
$this->form_validation->set_rules('first_name', $this->lang->line('create_user_validation_fname_label'), 'trim|required|xss_clean');
$this->form_validation->set_rules('last_name', $this->lang->line('create_user_validation_lname_label'), 'trim|required|xss_clean');
if ($identity_column !== 'email') {
$this->form_validation->set_rules('identity', $this->lang->line('create_user_validation_identity_label'), 'trim|xss_clean|required|is_unique[' . $tables['login_users'] . '.' . $identity_column . ']');
$this->form_validation->set_rules('email', $this->lang->line('create_user_validation_email_label'), 'trim|required|valid_email|xss_clean');
} else {
$this->form_validation->set_rules('email', $this->lang->line('create_user_validation_email_label'), 'trim|required|xss_clean|valid_email|is_unique[' . $tables['login_users'] . '.email]');
}
$this->form_validation->set_rules('phone', $this->lang->line('create_user_validation_phone_label'), 'trim|xss_clean');
$this->form_validation->set_rules('company', $this->lang->line('create_user_validation_company_label'), 'trim|xss_clean');
$this->form_validation->set_rules('password', $this->lang->line('create_user_validation_password_label'), 'required|xss_clean|min_length[' . $this->config->item('min_password_length', 'ion_auth') . ']|matches[password_confirm]');
$this->form_validation->set_rules('password_confirm', $this->lang->line('create_user_validation_password_confirm_label'), 'required|xss_clean');
if ($this->form_validation->run() === TRUE) {
$email = strtolower($this->input->post('email'));
$identity = ($identity_column === 'email') ? $email : $this->input->post('identity');
$password = $this->input->post('password');
$additional_data = [
'first_name' => $this->input->post('first_name'),
'last_name' => $this->input->post('last_name'),
'company' => $this->input->post('company'),
'phone' => $this->input->post('phone'),
];
}
if ($this->form_validation->run() === TRUE && $this->ion_auth->register($identity, $password, $email, $additional_data)) {
// check to see if we are creating the user
// redirect them back to the admin page
$this->session->set_flashdata('message', $this->ion_auth->messages());
redirect("auth", 'refresh');
} else {
// display the create user form
// set the flash data error message if there is one
$this->data['message'] = (validation_errors() ? validation_errors() : ($this->ion_auth->errors() ? $this->ion_auth->errors() : $this->session->flashdata('message')));
$this->data['first_name'] = [
'name' => 'first_name',
'id' => 'first_name',
'type' => 'text',
'value' => $this->form_validation->set_value('first_name'),
];
$this->data['last_name'] = [
'name' => 'last_name',
'id' => 'last_name',
'type' => 'text',
'value' => $this->form_validation->set_value('last_name'),
];
$this->data['identity'] = [
'name' => 'identity',
'id' => 'identity',
'type' => 'text',
'value' => $this->form_validation->set_value('identity'),
];
$this->data['email'] = [
'name' => 'email',
'id' => 'email',
'type' => 'text',
'value' => $this->form_validation->set_value('email'),
];
$this->data['company'] = [
'name' => 'company',
'id' => 'company',
'type' => 'text',
'value' => $this->form_validation->set_value('company'),
];
$this->data['phone'] = [
'name' => 'phone',
'id' => 'phone',
'type' => 'text',
'value' => $this->form_validation->set_value('phone'),
];
$this->data['password'] = [
'name' => 'password',
'id' => 'password',
'type' => 'password',
'value' => $this->form_validation->set_value('password'),
];
$this->data['password_confirm'] = [
'name' => 'password_confirm',
'id' => 'password_confirm',
'type' => 'password',
'value' => $this->form_validation->set_value('password_confirm'),
];
$this->_render_page('auth' . DIRECTORY_SEPARATOR . 'create_user', $this->data);
}
}
/**
* Redirect a user checking if is admin
*/
public function redirectUser()
{
if ($this->ion_auth->is_admin()) {
redirect('auth', 'refresh');
}
redirect('/', 'refresh');
}
/**
* Edit a user
*
* @param int|string $id
*/
public function edit_user($id)
{
$this->data['title'] = $this->lang->line('edit_user_heading');
if (!$this->ion_auth->logged_in() || (!$this->ion_auth->is_admin() && !($this->ion_auth->user()->row()->id == $id))) {
redirect('auth', 'refresh');
}
$user = $this->ion_auth->user($id)->row();
$groups = $this->ion_auth->groups()->result_array();
$currentGroups = $this->ion_auth->get_users_groups($id)->result();
//USAGE NOTE - you can do more complicated queries like this
// validate form input
$this->form_validation->set_rules('first_name', $this->lang->line('edit_user_validation_fname_label'), 'trim|required|xss_clean');
$this->form_validation->set_rules('last_name', $this->lang->line('edit_user_validation_lname_label'), 'trim|required|xss_clean');
$this->form_validation->set_rules('phone', $this->lang->line('edit_user_validation_phone_label'), 'trim|xss_clean');
$this->form_validation->set_rules('company', $this->lang->line('edit_user_validation_company_label'), 'trim|xss_clean');
if (isset($_POST) && !empty($_POST)) {
// do we have a valid request?
if ($this->_valid_csrf_nonce() === FALSE || $id != $this->input->post('id')) {
show_error($this->lang->line('error_csrf'));
}
// update the password if it was posted
if ($this->input->post('password')) {
$this->form_validation->set_rules('password', $this->lang->line('edit_user_validation_password_label'), 'required|xss_clean|min_length[' . $this->config->item('min_password_length', 'ion_auth') . ']|matches[password_confirm]');
$this->form_validation->set_rules('password_confirm', $this->lang->line('edit_user_validation_password_confirm_label'), 'required|xss_clean');
}
if ($this->form_validation->run() === TRUE) {
$data = [
'first_name' => $this->input->post('first_name'),
'last_name' => $this->input->post('last_name'),
'company' => $this->input->post('company'),
'phone' => $this->input->post('phone'),
];
// update the password if it was posted
if ($this->input->post('password')) {
$data['password'] = $this->input->post('password');
}
// Only allow updating groups if user is admin
if ($this->ion_auth->is_admin()) {
// Update the groups user belongs to
$this->ion_auth->remove_from_group('', $id);
$groupData = $this->input->post('groups');
if (isset($groupData) && !empty($groupData)) {
foreach ($groupData as $grp) {
$this->ion_auth->add_to_group($grp, $id);
}
}
}
// check to see if we are updating the user
if ($this->ion_auth->update($user->id, $data)) {
// redirect them back to the admin page if admin, or to the base url if non admin
$this->session->set_flashdata('message', $this->ion_auth->messages());
$this->redirectUser();
} else {
// redirect them back to the admin page if admin, or to the base url if non admin
$this->session->set_flashdata('message', $this->ion_auth->errors());
$this->redirectUser();
}
}
}
// display the edit user form
$this->data['csrf'] = $this->_get_csrf_nonce();
// set the flash data error message if there is one
$this->data['message'] = (validation_errors() ? validation_errors() : ($this->ion_auth->errors() ? $this->ion_auth->errors() : $this->session->flashdata('message')));
// pass the user to the view
$this->data['user'] = $user;
$this->data['groups'] = $groups;
$this->data['currentGroups'] = $currentGroups;
$this->data['first_name'] = [
'name' => 'first_name',
'id' => 'first_name',
'type' => 'text',
'value' => $this->form_validation->set_value('first_name', $user->first_name),
];
$this->data['last_name'] = [
'name' => 'last_name',
'id' => 'last_name',
'type' => 'text',
'value' => $this->form_validation->set_value('last_name', $user->last_name),
];
$this->data['company'] = [
'name' => 'company',
'id' => 'company',
'type' => 'text',
'value' => $this->form_validation->set_value('company', $user->company),
];
$this->data['phone'] = [
'name' => 'phone',
'id' => 'phone',
'type' => 'text',
'value' => $this->form_validation->set_value('phone', $user->phone),
];
$this->data['password'] = [
'name' => 'password',
'id' => 'password',
'type' => 'password'
];
$this->data['password_confirm'] = [
'name' => 'password_confirm',
'id' => 'password_confirm',
'type' => 'password'
];
$this->_render_page('auth/edit_user', $this->data);
}
/**
* Create a new group
*/
public function create_group()
{
$this->data['title'] = $this->lang->line('create_group_title');
if (!$this->ion_auth->logged_in() || !$this->ion_auth->is_admin()) {
redirect('auth', 'refresh');
}
// validate form input
$this->form_validation->set_rules('group_name', $this->lang->line('create_group_validation_name_label'), 'trim|required|alpha_dash|xss_clean');
if ($this->form_validation->run() === TRUE) {
$new_group_id = $this->ion_auth->create_group($this->input->post('group_name'), $this->input->post('description'));
if ($new_group_id) {
// check to see if we are creating the group
// redirect them back to the admin page
$this->session->set_flashdata('message', $this->ion_auth->messages());
redirect("auth", 'refresh');
} else {
$this->session->set_flashdata('message', $this->ion_auth->errors());
}
}
// display the create group form
// set the flash data error message if there is one
$this->data['message'] = (validation_errors() ? validation_errors() : ($this->ion_auth->errors() ? $this->ion_auth->errors() : $this->session->flashdata('message')));
$this->data['group_name'] = [
'name' => 'group_name',
'id' => 'group_name',
'type' => 'text',
'value' => $this->form_validation->set_value('group_name'),
];
$this->data['description'] = [
'name' => 'description',
'id' => 'description',
'type' => 'text',
'value' => $this->form_validation->set_value('description'),
];
$this->_render_page('auth/create_group', $this->data);
}
/**
* Edit a group
*
* @param int|string $id
*/
public function edit_group($id)
{
// bail if no group id given
if (!$id || empty($id)) {
redirect('auth', 'refresh');
}
$this->data['title'] = $this->lang->line('edit_group_title');
if (!$this->ion_auth->logged_in() || !$this->ion_auth->is_admin()) {
redirect('auth', 'refresh');
}
$group = $this->ion_auth->group($id)->row();
// validate form input
$this->form_validation->set_rules('group_name', $this->lang->line('edit_group_validation_name_label'), 'trim|required|alpha_dash|xss_clean');
if (isset($_POST) && !empty($_POST)) {
if ($this->form_validation->run() === TRUE) {
$group_update = $this->ion_auth->update_group($id, $_POST['group_name'], array(
'description' => $_POST['group_description']
));
if ($group_update) {
$this->session->set_flashdata('message', $this->lang->line('edit_group_saved'));
redirect("auth", 'refresh');
} else {
$this->session->set_flashdata('message', $this->ion_auth->errors());
}
}
}
// set the flash data error message if there is one
$this->data['message'] = (validation_errors() ? validation_errors() : ($this->ion_auth->errors() ? $this->ion_auth->errors() : $this->session->flashdata('message')));
// pass the user to the view
$this->data['group'] = $group;
$this->data['group_name'] = [
'name' => 'group_name',
'id' => 'group_name',
'type' => 'text',
'value' => $this->form_validation->set_value('group_name', $group->name),
];
if ($this->config->item('admin_group', 'ion_auth') === $group->name) {
$this->data['group_name']['readonly'] = 'readonly';
}
$this->data['group_description'] = [
'name' => 'group_description',
'id' => 'group_description',
'type' => 'text',
'value' => $this->form_validation->set_value('group_description', $group->description),
];
$this->_render_page('auth' . DIRECTORY_SEPARATOR . 'edit_group', $this->data);
}
/**
* @return array A CSRF key-value pair
*/
public function _get_csrf_nonce()
{
$this->load->helper('string');
$key = random_string('alnum', 8);
$value = random_string('alnum', 20);
$this->session->set_flashdata('csrfkey', $key);
$this->session->set_flashdata('csrfvalue', $value);
return [$key => $value];
}
/**
* @return bool Whether the posted CSRF token matches
*/
public function _valid_csrf_nonce()
{
$csrfkey = $this->input->post($this->session->flashdata('csrfkey'));
if ($csrfkey && $csrfkey === $this->session->flashdata('csrfvalue')) {
return TRUE;
}
return FALSE;
}
/**
* @param string $view
* @param array|null $data
* @param bool $returnhtml
*
* @return mixed
*/
public function _render_page($view, $data = NULL, $returnhtml = FALSE) //I think this makes more sense
{
$viewdata = (empty($data)) ? $this->data : $data;
$view_html = $this->load->view($view, $viewdata, $returnhtml);
// This will return html on 3rd argument being true
if ($returnhtml) {
return $view_html;
}
}
public function verify_user()
{
/* Parameters to be passed
mobile: 9874565478
email: test@gmail.com
*/
$auth_settings = get_settings('authentication_settings', true);
if (defined('ALLOW_MODIFICATION') && ALLOW_MODIFICATION == 0) {
$this->response['error'] = true;
$this->response['message'] = DEMO_VERSION_MSG;
echo json_encode($this->response);
return;
}
$this->form_validation->set_rules('mobile', 'Mobile', 'trim|numeric|required|xss_clean');
$this->form_validation->set_rules('email', 'Email', 'trim|xss_clean|valid_email');
$this->response['csrfName'] = $this->security->get_csrf_token_name();
$this->response['csrfHash'] = $this->security->get_csrf_hash();
if (!$this->form_validation->run()) {
$this->response['error'] = true;
$this->response['message'] = strip_tags(validation_errors());
$this->response['data'] = array();
print_r(json_encode($this->response));
return;
} else {
$user_data = fetch_details('users', ['mobile' => $_POST['mobile']], 'id');
if($_POST['from_seller'] == '1'){
if(!$this->ion_auth->is_seller($user_data[0]['id'])){
$this->response['error'] = true;
$this->response['message'] = 'You are not authorized to access seller!';
$this->response['data'] = array();
print_r(json_encode($this->response));
return;
}
}
if($_POST['from_admin'] == '1'){
if(!$this->ion_auth->is_admin($user_data[0]['id'])){
$this->response['error'] = true;
$this->response['message'] = 'You are not authorized to access admin!';
$this->response['data'] = array();
print_r(json_encode($this->response));
return;
}
}
if($_POST['from_delivery_boy'] == '1'){
if(!$this->ion_auth->is_delivery_boy($user_data[0]['id'])){
$this->response['error'] = true;
$this->response['message'] = 'You are not authorized to access delivery boy!';
$this->response['data'] = array();
print_r(json_encode($this->response));
return;
}
}
if (!isset($_POST['forget_password_val']) && is_exist(['mobile' => $_POST['mobile']], 'users')) {
if (isset($_POST['mobile']) && is_exist(['mobile' => $_POST['mobile']], 'users')) {
$this->response['error'] = true;
$this->response['message'] = 'Mobile is already registered.Please try to login !';
$this->response['data'] = array();
print_r(json_encode($this->response));
return;
}
}
if (isset($_POST['forget_password_val']) && ($_POST['forget_password_val'] == 1) && !is_exist(['mobile' => $_POST['mobile']], 'users')) {
$this->response['error'] = true;
$this->response['message'] = 'Mobile is not register yet !';
$this->response['data'] = array();
print_r(json_encode($this->response));
return;
}
if (isset($_POST['email']) && is_exist(['email' => $_POST['email']], 'users')) {
$this->response['error'] = true;
$this->response['message'] = 'Email is already registered.Please try to login !';
$this->response['data'] = array();
print_r(json_encode($this->response));
return;
}
if ($auth_settings['authentication_method'] == "firebase") {
$this->response['error'] = false;
$this->response['message'] = 'Ready to sent OTP request';
$this->response['data'] = array();
print_r(json_encode($this->response));
return;
} else {
$mobile = $_POST['mobile'];
$country_code = $_POST['country_code'];
$mobile_data = array(
'mobile' => $mobile // Replace $mobile with the actual mobile value you want to insert
);
if (isset($_POST['mobile']) && !is_exist(['mobile' => $_POST['mobile']], 'otps')) {
$this->db->insert('otps', $mobile_data);
}
$otps = fetch_details('otps', ['mobile' => $mobile]);
$query = $this->db->select(' * ')->where('id', $otps[0]['id'])->get('otps')->result_array();
$otp = random_int(100000, 999999);
$data = set_user_otp($mobile, $otp,$country_code);
$this->response['error'] = false;
$this->response['message'] = 'Ready to sent OTP request';
$this->response['data'] = array();
print_r(json_encode($this->response));
return;
}
}
}
public function register_user()
{
$this->form_validation->set_rules('name', 'Name', 'trim|required|xss_clean');
$this->form_validation->set_rules('email', 'Mail', 'trim|required|xss_clean');
if (isset($_POST['type']) && !empty($_POST['type']) && $_POST['type'] == 'phone') {
$this->form_validation->set_rules('email', 'Mail', 'trim|required|xss_clean|valid_email|is_unique[users.email]', array('is_unique' => ' The email is already registered . Please login'));
} else {
$this->form_validation->set_rules('email', 'Mail', 'trim|required|xss_clean|valid_email');
}
if (isset($_POST['type']) && !empty($_POST['type']) && $_POST['type'] == 'phone') {
$this->form_validation->set_rules('mobile', 'Mobile', 'trim|required|xss_clean|min_length[5]|numeric|is_unique[users.mobile]', array('is_unique' => ' The mobile number is already registered . Please login'));
$this->form_validation->set_rules('country_code', 'Country Code', 'trim|required|xss_clean');
}
$this->form_validation->set_rules('dob', 'Date of birth', 'trim|xss_clean');
$this->form_validation->set_rules('city', 'City', 'trim|numeric|xss_clean');
$this->form_validation->set_rules('area', 'Area', 'trim|numeric|xss_clean');
$this->form_validation->set_rules('street', 'Street', 'trim|xss_clean');
$this->form_validation->set_rules('pincode', 'Pincode', 'trim|xss_clean');
$this->form_validation->set_rules('fcm_id', 'Fcm Id', 'trim|xss_clean');
$this->form_validation->set_rules('friends_code', 'Friends code', 'trim|xss_clean');
$this->form_validation->set_rules('latitude', 'Latitude', 'trim|xss_clean');
$this->form_validation->set_rules('longitude', 'Longitude', 'trim|xss_clean');
$this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean');
$this->response['csrfName'] = $this->security->get_csrf_token_name();
$this->response['csrfHash'] = $this->security->get_csrf_hash();
if (!$this->form_validation->run()) {
$this->response['error'] = true;
$this->response['message'] = strip_tags(validation_errors());
$this->response['data'] = array();
} else {
if (isset($_POST['friends_code']) && !empty($_POST['friends_code'])) {
$settings = get_settings('system_settings', true);
$refer_earn_bonus_times = $settings['refer_earn_bonus_times'];
$used_refer_and_earn = fetch_details('users', ['friends_code' => $_POST['friends_code']]);
if (count($used_refer_and_earn) < $refer_earn_bonus_times) {
if (!is_exist(['referral_code' => $_POST['friends_code']], 'users')) {
$response["error"] = true;
$response["message"] = "Invalid friends code!";
$response["data"] = array();
echo json_encode($response);
return false;
}
} else {
$response["error"] = true;
$response["message"] = "Code already used for $refer_earn_bonus_times times!";
$response["data"] = array();
echo json_encode($response);
return false;
}
}
if (isset($_POST['type']) && !empty($_POST['type']) && $_POST['type'] == 'phone') {
$identity_column = $this->config->item('identity', 'ion_auth');
} else {
$identity_column = 'email';
}
$email = strtolower($this->input->post('email'));
$mobile = $this->input->post('mobile');
if (isset($_POST['type']) && !empty($_POST['type']) && $_POST['type'] == 'phone') {
$identity = ($identity_column == 'mobile') ? $mobile : $email;
} else {
$identity = $email;
}
$password = $this->input->post('password');
$additional_data = [
'username' => $this->input->post('name'),
'mobile' => (isset($_POST['mobile']) && !empty($_POST['mobile'])) ? $this->input->post('mobile') : '',
'dob' => $this->input->post('dob'),
'city' => $this->input->post('city'),
'area' => $this->input->post('area'),
'country_code' => isset($_POST['country_code']) ? str_replace('+', '', $this->input->post('country_code')) : 0,
'pincode' => $this->input->post('pincode'),
'street' => $this->input->post('street'),
'fcm_id' => $this->input->post('fcm_id'),
'friends_code' => $this->input->post('friends_code', true),
'referral_code' => $this->input->post('referral_code'),
'latitude' => $this->input->post('latitude'),
'longitude' => $this->input->post('longitude'),
'active' => 1,
'type' => $this->input->post('type'),
];
$auth_settings = get_settings('authentication_settings', true);
if ($auth_settings['authentication_method'] == "sms" && isset($_POST['type']) && !empty($_POST['type']) && $_POST['type'] == 'phone') {
$otps = fetch_details('otps', ['mobile' => $mobile]);
$time = $otps[0]['created_at'];
$time_expire = checkOTPExpiration($time);
if ($time_expire['error'] == 1) {
$response['error'] = true;
$response['message'] = $time_expire['message'];
echo json_encode($response);
return false;
}
if (($otps[0]['otp'] != $_POST['otp'])) {
$response['error'] = true;
$response['message'] = "OTP not valid , check again ";
echo json_encode($response);
return false;
} else {
update_details(['varified' => 1], ['mobile' => $mobile], 'otps');
}
}
$res = $this->ion_auth->register($identity, $password, $email, $additional_data, ['2']);
update_details(['active' => 1], [$identity_column => $identity], 'users');
$data = $this->db->select('u.id,u.username,u.email,u.mobile,c.name as city_name,a.name as area_name')->where([$identity_column => $identity])->join('cities c', 'c.id=u.city', 'left')->join('areas a', 'a.city_id=c.id', 'left')->group_by('email')->get('users u')->result_array();
$referal_id = fetch_details('users', ['referral_code' => $this->input->post('friends_code', true)], 'id,referral_code');
$referal_code = $this->input->post('friends_code', true);
if (isset($referal_code) && !empty($referal_code)) {
$refer_and_earn_data = [
'referal_id' => $referal_id[0]['id'],
'user_id' => $data[0]['id'],
'referal_code' => $this->input->post('friends_code', true),
];
insert_details($refer_and_earn_data, 'refer_and_earn');
}
$this->response['error'] = false;
$this->response['message'] = 'Registered Successfully';
$this->response['data'] = $data;
}
print_r(json_encode($this->response));
}
}