Files
FloatAppGate/public/core1/SAVVY/user/php_userlogin.php
T
dev-chiefworks 47f4fad75c Added Other AP
2022-04-26 11:30:34 -04:00

191 lines
7.4 KiB
PHP

<?php
function php_getMemberCardDescision($in, &$out)
{
$cnt = 0;
$card_limit = 35;
$member_points = 0;
$decision["decision_group"] = "A10AA01";
$member_id = $in["member_id"];
//CLEAN UP PREVIOUS CARDS
updateQuery("UPDATE members_card_assign SET status = 0 WHERE member_id= " . $member_id . " AND status=1 AND trigger_key IS NULL");
loadMemberDescisionData($member_id, $decision);
$member_points = $decision["points"];
$res = selectData("SELECT c.id,m.decision_group FROM members_card_assign c LEFT JOIN members m ON m.id = c.member_id WHERE c.member_id= " . $member_id . " AND c.status=1");
if ($res != null) {
$cnt = pg_num_rows($res);
}
$permCard = CARD_ADD_DENIED;
if ($card_limit - $cnt > 0) {
$cards = selectData("SELECT d.*,m.card_behavior,m.button1_action AS card_action FROM decision_cards d LEFT JOIN decision_group g ON g.id=d.decision_id LEFT JOIN main_cards m ON m.id=d.card_id
WHERE g.dkey='" . $decision['decision_group'] . "' AND d.status =1 ORDER BY m.card_order ASC");
if ($cards != null) {
$member = getMember($member_id);
while ($card = pg_fetch_assoc($cards)) {
$permCard = verifyMemberCardDescision($card, $member, $outy);
// END card action modification
if (CARD_ADD_ALLOWED == $permCard) {
userCardAdd($member_id, $card['card_id'], $outy);
}
}
}
}
$outy["status"] = "";
}
function php_member_email_calls($action, $in, &$out)
{
// WE ARE NOT SENDING LOGIN EMAIL RIGHT NOW
}
function php_SessionCheck($uid, $sessionid, $create)
{
global $pgconn;
error_log("php_SessionCheck($uid, $sessionid, $create )");
$session_expired_minutes = 15; // load in the global
// Sanity check
if ($uid < 1 || $sessionid == null || strlen($sessionid) < 4) {
return -1; // Invalid parameters
}
// Clean old sessions
if ($create == 1) // Clean Previous session by force
{
pg_query($pgconn, "DELETE FROM members_session WHERE member_id=" . $uid);
}
$q = "DELETE FROM members_session WHERE member_id=${uid} AND updated < (now() - interval '${session_expired_minutes} minutes')";
pg_query($pgconn, $q);
// Update/check existing session
if ($create == 0) {
$q = "UPDATE members_session SET updated=NOW() WHERE member_id=${uid} AND session='" . pg_escape_string($sessionid) . "'";
pg_query($pgconn, $q);
$q = "SELECT * FROM members_session WHERE member_id=${uid} AND session='" . pg_escape_string($sessionid) . "'";
$res = pg_query($pgconn, $q);
if ($res && pg_num_rows($res)) {
error_log("VALID SESSION *****");
return 1; // Session updated
} else {
error_log("INVALID SESSION *****");
//INVALID SESSION DETECTED
return -1; // Invalid parameters
}
}
if ($create > 0) {
// Check session i?
$q = "SELECT * FROM members_session WHERE member_id=${uid} AND session<>'" . pg_escape_string($sessionid) . "'";
$res = pg_query($pgconn, $q);
if ($res && pg_num_rows($res)) {
return -2; // Active sessions found
}
$sess = []; // Do we have the same session already?
$q = "SELECT * FROM members_session WHERE member_id=${uid} AND session='" . pg_escape_string($sessionid) . "'";
$res = pg_query($pgconn, $q);
if ($res && pg_num_rows($res) && $sess = pg_fetch_assoc($res)) {
$q = "UPDATE members_session SET updated=NOW() WHERE member_id=${uid} AND session='" . pg_escape_string($sessionid) . "'";
pg_query($pgconn, $q);
return $sess["id"];
}
// Create a new session
$loc = getRemoteIpAddress();
$sess["loc"] = $loc;
$sess["member_id"] = $uid;
$sess["session"] = $sessionid;
$q = "INSERT INTO members_session (loc,member_id,session) VALUES ('" . pg_escape_string($loc) . "',${uid},'" . pg_escape_string($sessionid) . "') RETURNING id";
$res = pg_query($pgconn, $q);
if ($res && pg_num_rows($res) && $f = pg_fetch_assoc($res)) {
if ($f["id"] > 0) {
return $f["id"]; // New session created
}
}
return -3; // Failed to create new session
}
error_log("/php_SessionCheck($uid, $sessionid, $create )");
return 0; // No route
}
function php_get_appSettings($in, &$out)
{
global $pgconn;
$out["total_record"] = "0";
$res = pg_query($pgconn, "SELECT * FROM app_settings");
if ($res && pg_num_rows($res)) {
$out["total_record"] = pg_num_rows($res);
while ($f = pg_fetch_assoc($res)) {
$out[$f["setting_key"]] = $f["value"];
}
}
return 0;
}
function php_userlogin($in, &$out)
{
global $pgconn;
$ret = -1;
#$q = "SELECT * FROM members WHERE lower(username)=lower('" . pg_escape_string($in["username"]) . "') AND password='" . md5($in["password"]) . "'";
$q = "SELECT UPPER( md5( now()::text) ) AS sessionid,m.*,mp.*,m.id AS member_id,mp.id AS member_profile_id FROM members m ";
$q .= " LEFT JOIN members_profile mp ON mp.member_id = m.id ";
$q .= " WHERE m.status=1 AND LOWER(m.username)=LOWER('" . pg_escape_string($in["username"]) . "') AND m.password2='" . md5($in["password"]) . "'"; //
$r = pg_query($pgconn, $q);
if ($r && pg_num_rows($r) && $out = pg_fetch_assoc($r)) {
unset($out["password"]);
$q = "DELETE FROM members_session WHERE member_id=" . $out["member_id"];
pg_query($pgconn, $q);
if (php_SessionCheck($out["member_id"], $out["sessionid"], 1) > 0) {
$iny = [];
$outy = [];
$iny["descision"] = "A10AA01";
$iny["member_id"] = $out["member_id"];
php_getMemberCardDescision($iny, $outy);
$out["status"] = "OK";
/*LOAD THE SESSION INTO OUT now */
$q = "SELECT session FROM members_session WHERE member_id=" . $out["member_id"] . " ORDER BY id DESC LIMIT 1";
$r = pg_query($pgconn, $q);
$f = pg_fetch_assoc($r);
$out = array_merge($out, $f);
php_member_email_calls($in["action"], $out, $out);
//===============================================================================================================================
$q = "UPDATE members SET last_login = now(),login_failures=0 WHERE id = " . $out["member_id"];
pg_query($pgconn, $q);
//member_email_calls(ACCOUNT_LOGIN_ALERT,out,out); // ALERT CUSTOMER OF LOGIN
$ret = PHP_LOGIN_OK;
$out["email_linked"] = "0";
$out["account_linked"] = "0";
$out["gps_allowed"] = "0";
$out["random"] = "0";
$out["todays_trips"] = "0";
$out["password"] = "REMOVED";
$out["php_userlogin"] = true; // check
$out["internal_return"] = 100;
$out["retval"] = 100;
} else {
$out["status"] = "Session check failed";
}
} else {
$q = "UPDATE members SET login_failures=login_failures+1 WHERE LOWER(username)=LOWER('" . $in["username"] . "')";
pg_query($pgconn, $q);
$out["status_message"] = "Invalid Username/Password";
}
php_get_appSettings($in, $out);
//$out["FEED_BOOKING_SHOW"] = '100'; // temporary return to test other parts
$out["password"] = "REMOVED";
ksort($out);
}