escape(trim($_POST['username'])); $post_password = $db->escape(trim($_POST['password'])); $md5_pass = md5($post_password); //$bcrypt = $db -> b_crypt($md5_pass); //always remmber $remember = true; asaLogin($post_username, $post_password, $remember, $utility, $db); //master record of user is from asa return false; $get_result_count = $db->select("SELECT count(1) from employee_account ea inner join employee_contact ec on ea.employee_id=ec.employee_id where (ea.employee_id='$post_username' or ea.username='$post_username' or ec.email_address='$post_username')"); if ($get_result_count != 0) { $get_result = $db->select("SELECT ea.password from employee_account ea inner join employee_contact ec on ea.employee_id=ec.employee_id where (ea.employee_id='$post_username' or ea.username='$post_username' or ec.email_address='$post_username')"); $valid = $db->check_b_crypt($md5_pass, $get_result); if ($valid == 1) { $query_locked_and_status = "SELECT ea.`locked`,ea.`status`,e.status as e_status from employee_account ea inner join employee_contact ec on ea.employee_id=ec.employee_id INNER JOIN employee e ON ea.employee_id=e.employee_id where (ea.employee_id='$post_username' or ea.username='$post_username' or ec.email_address='$post_username')"; $query_check = $db->sql_query($query_locked_and_status); $locked_status = 0; $enable_status = 0; $deleted_status = 0; foreach ($query_check as $query_check_data) { $locked_status = $query_check_data['locked']; $enable_status = $query_check_data['status']; $deleted_status = $query_check_data['e_status']; } if (intval($deleted_status) === 1) { if (intval($locked_status) === 0) { if (intval($enable_status) === 1) { $login = new Login(); $login->save(2, " AND (ea.employee_id='$post_username' or ea.username='$post_username' or ec.email_address='$post_username') ", $remember, $utility, $db); $return_arr["status"] = 1; $return_arr["message"] = " Login Successful, Please wait..."; //get all data of users //$db -> setLogin($uid); } else { //employee_account status not activated // $return_arr["status"]=0; // $return_arr["message"]=" Your account is not activated."; asaLogin($post_username, $post_password, $remember, $utility, $db); } } else { //employee_account locked $return_arr["status"] = 0; $return_arr["message"] = " Your account is disabled."; } } else { // employee table status = 0 considered as deleted account $return_arr["status"] = 0; $return_arr["message"] = " Username or password is invalid."; } } else { //invalid password but all is okay // $return_arr["status"]=0; // $return_arr["message"]=" Username or password is invalid."; asaLogin($post_username, $post_password, $remember, $utility, $db); } } else { // $return_arr["message"]=" Username or password is invalid."; //check to ASA DB asaLogin($post_username, $post_password, $remember, $utility, $db); } } echo json_encode($return_arr); function get_content($URL) { $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_URL, $URL); $data = curl_exec($ch); curl_close($ch); return $data; } function asaLogin($post_username, $post_password, $remember, $utility, $db) { $token_key = 'AEE10241977'; $data = get_content('https://autohub.ph/connect/LOGIN_service.php?loginKey=' . $token_key . '&loginUsername=' . $post_username . '&loginPassword=' . $post_password . ''); $data_arr = (json_decode($data, true)); // print_r($data_arr); if (isset($data_arr['statusCode'])) { if (intval($data_arr['statusCode']) == 0) { $return_arr["status"] = 0; $return_arr["message"] = $data_arr['status']; echo json_encode($return_arr); exit; } } $data_json = json_encode($data_arr[0]); $decodedData = json_decode($data_json); if (intval($decodedData->statusCode) !== 1) { //ACCESS DENIED $return_arr["status"] = 0; $return_arr["message"] = $decodedData->status; echo json_encode($return_arr); exit; } else { //ACCESS GRANTED $asa_number = removeNonNumeric($decodedData->usr_mobile); $new_number = ""; if (isNotEmpty($asa_number)) { $new_number = $utility->fix_mobile_format($asa_number); if (substr($new_number, 0, 3) === "+63") { $new_number = substr($new_number, 3, strlen($data)); } } $bcrypt_pass = $db->b_crypt($decodedData->u_password); //get department and position id from data con $department_position = $db->return_result("SELECT id FROM `employee_position` WHERE `position_name` = '$decodedData->u_position' LIMIT 1"); if (count($department_position) > 0) { $department = $db->select("SELECT department_id FROM `employee_position` WHERE `id` = '" . $department_position[0]['id'] . "' LIMIT 1"); $position = $department_position[0]['id']; } else { $department = 0; $position = $db->sql_query_id("INSERT INTO employee_position (department_id,position_name,add_by,status) VALUES ( '0','" . trim($decodedData->u_position) . "','0','1') "); } $user_id = $db->select("SELECT id FROM employee WHERE asa_id = '$decodedData->u_id' "); if ($user_id) { $db->sql_query("UPDATE employee_contact SET user_id = '$user_id',email_address = '$decodedData->employee_id',contact_number = '$new_number' WHERE employee_id = '$decodedData->employee_id' "); $db->sql_query("UPDATE employee_account SET user_id = '$user_id',username= '$decodedData->u_name', password = '$bcrypt_pass',status=1,locked=0 WHERE employee_id = '$decodedData->employee_id' "); } else { //personal info $user_id = $db->select("SELECT id FROM employee WHERE employee_id = '$decodedData->employee_id' "); if ($user_id) { $db->sql_query("UPDATE employee SET asa_id = '$decodedData->u_id', `first_name` = '$decodedData->u_fname', `middle_name` = '$decodedData->u_mname', `last_name` = '$decodedData->u_lname', `department_id` = '$department', `position_id` = '$position', `status` = 1 WHERE employee_id = '$decodedData->employee_id' "); $db->sql_query("UPDATE `employee_contact` SET `email_address` = '$decodedData->email', user_id = '$user_id', `contact_number`= '$new_number', `address` = '$decodedData->usr_address' WHERE employee_id = '$decodedData->employee_id' "); $db->sql_query("UPDATE `employee_account` SET `username` = '$decodedData->u_name', `password`= '$bcrypt_pass', user_id = '$user_id', `status` = '1', `locked` = '0' WHERE employee_id = '$decodedData->employee_id' "); } else { $user_id = $db->sql_query_id("INSERT INTO `employee`( `asa_id`, `employee_id`, `company_dealer_id`, `first_name`, `middle_name`, `last_name`, `suffix_id`, `date_of_birth`, `gender_id`, `department_id`, `position_id`, `photo`, `date_registered`, `status`) VALUES ( '$decodedData->u_id', '$decodedData->employee_id', '0', '$decodedData->u_fname', '$decodedData->u_mname', '$decodedData->u_lname', '0', '', '0', '$department', '$position', 'default.png', NOW(), '1' )"); //contact info $db->sql_query("INSERT INTO `employee_contact`( `employee_id`, `user_id`, `email_address`, `email_address_2`, `contact_number`, `contact_number_2`, `fax`, `business`, `residential`, `landline`, `address`, `provCode`, `city_id`, `postal`) VALUES ( '$decodedData->employee_id', $user_id, '$decodedData->email', '', '$new_number', '', '', '', '', '', '$decodedData->usr_address', '0', '0', '' )"); $db->sql_query("INSERT INTO `employee_account`( `employee_id`, `user_id`, `employee_role_id`, `username`, `password`, `status`, `locked`) VALUES ( '$decodedData->employee_id', $user_id, '2', '$decodedData->u_name', '$bcrypt_pass', '1', '0' )"); } } $login = new Login(); $login->save(3, " AND (ea.employee_id='$decodedData->employee_id' or ea.username='$decodedData->u_name' or ec.email_address='$decodedData->email') ", $remember, $utility, $db); $return_arr["status"] = 1; $return_arr["message"] = " Login Successful, Please wait..."; echo json_encode($return_arr); exit; } } function isNotEmpty($data) { return preg_match('/\S/', $data); } function removeNonNumeric($data) { return preg_replace("/[^0-9]/", "", $data); }