One Hat Cyber Team
Your IP :
216.73.216.55
Server IP :
5.189.175.239
Server :
Linux panel.gemx-ai.com 5.14.0-570.19.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Jun 4 04:00:24 EDT 2025 x86_64
Server Software :
LiteSpeed
PHP Version :
8.2.28
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
home
/
farmersapp
/
loans.farmersapp.store
/
includes
/
View File Name :
auth.php
<?php // includes/auth.php // Authentication and session management session_start(); require_once '../config/database.php'; require_once '../config/constants.php'; require_once 'functions.php'; class Auth { private $db; public function __construct() { $this->db = new Database(); } /** * User login */ public function login($username, $password) { // Check if user exists $this->db->query("SELECT * FROM users WHERE username = :username AND status = 'active'"); $this->db->bind(':username', $username); $user = $this->db->single(); if (!$user) { return ['success' => false, 'message' => 'Invalid username or password']; } // Check login attempts if ($user['login_attempts'] >= LOGIN_ATTEMPTS) { return ['success' => false, 'message' => 'Account locked due to too many failed attempts']; } // Verify password if (password_verify($password, $user['password'])) { // Reset login attempts $this->db->query("UPDATE users SET login_attempts = 0, last_login = NOW() WHERE id = :id"); $this->db->bind(':id', $user['id']); $this->db->execute(); // Set session $_SESSION['user_id'] = $user['id']; $_SESSION['username'] = $user['username']; $_SESSION['role_id'] = $user['role_id']; $_SESSION['branch_id'] = $user['branch_id']; $_SESSION['logged_in'] = true; $_SESSION['login_time'] = time(); // Log audit logAudit($user['id'], AUDIT_LOGIN, 'users', $user['id']); // Add notification addNotification($user['id'], 'Login Successful', 'You have successfully logged into the system.', NOTIFICATION_SUCCESS); return ['success' => true, 'user' => $user]; } else { // Increment login attempts $this->db->query("UPDATE users SET login_attempts = login_attempts + 1 WHERE id = :id"); $this->db->bind(':id', $user['id']); $this->db->execute(); return ['success' => false, 'message' => 'Invalid username or password']; } } /** * User logout */ public function logout() { if (isset($_SESSION['user_id'])) { logAudit($_SESSION['user_id'], AUDIT_LOGOUT, 'users', $_SESSION['user_id']); } session_destroy(); return true; } /** * Check if user is logged in */ public function isLoggedIn() { if (isset($_SESSION['logged_in']) && $_SESSION['logged_in'] === true) { // Check session timeout if (isset($_SESSION['login_time'])) { $session_life = time() - $_SESSION['login_time']; if ($session_life > SESSION_TIMEOUT) { $this->logout(); return false; } // Update login time $_SESSION['login_time'] = time(); } return true; } return false; } /** * Get current user */ public function getCurrentUser() { if (!$this->isLoggedIn()) { return null; } $this->db->query("SELECT u.*, r.name as role_name, b.name as branch_name FROM users u LEFT JOIN roles r ON u.role_id = r.id LEFT JOIN branches b ON u.branch_id = b.id WHERE u.id = :id"); $this->db->bind(':id', $_SESSION['user_id']); return $this->db->single(); } /** * Check if user has specific role */ public function hasRole($roleId) { if (!$this->isLoggedIn()) { return false; } return $_SESSION['role_id'] == $roleId; } /** * Check if user has any of the given roles */ public function hasAnyRole($roleIds) { if (!$this->isLoggedIn()) { return false; } return in_array($_SESSION['role_id'], $roleIds); } /** * Change password */ public function changePassword($userId, $currentPassword, $newPassword) { // Get user $this->db->query("SELECT password FROM users WHERE id = :id"); $this->db->bind(':id', $userId); $user = $this->db->single(); if (!$user) { return ['success' => false, 'message' => 'User not found']; } // Verify current password if (!password_verify($currentPassword, $user['password'])) { return ['success' => false, 'message' => 'Current password is incorrect']; } // Update password $hashedPassword = password_hash($newPassword, PASSWORD_DEFAULT); $this->db->query("UPDATE users SET password = :password WHERE id = :id"); $this->db->bind(':password', $hashedPassword); $this->db->bind(':id', $userId); if ($this->db->execute()) { logAudit($userId, 'password_change', 'users', $userId); return ['success' => true, 'message' => 'Password changed successfully']; } return ['success' => false, 'message' => 'Failed to change password']; } /** * Reset password */ public function resetPassword($email) { $this->db->query("SELECT id FROM users WHERE email = :email AND status = 'active'"); $this->db->bind(':email', $email); $user = $this->db->single(); if (!$user) { return ['success' => false, 'message' => 'Email not found']; } // Generate reset token $token = bin2hex(random_bytes(32)); $expiry = date('Y-m-d H:i:s', strtotime('+1 hour')); $this->db->query("UPDATE users SET password_reset_token = :token, password_reset_expiry = :expiry WHERE id = :id"); $this->db->bind(':token', $token); $this->db->bind(':expiry', $expiry); $this->db->bind(':id', $user['id']); if ($this->db->execute()) { // TODO: Send email with reset link return ['success' => true, 'message' => 'Password reset instructions sent to your email']; } return ['success' => false, 'message' => 'Failed to initiate password reset']; } /** * Validate reset token */ public function validateResetToken($token) { $this->db->query("SELECT id FROM users WHERE password_reset_token = :token AND password_reset_expiry > NOW()"); $this->db->bind(':token', $token); $user = $this->db->single(); return $user ? $user['id'] : false; } /** * Update password with reset token */ public function updatePasswordWithToken($token, $newPassword) { $userId = $this->validateResetToken($token); if (!$userId) { return ['success' => false, 'message' => 'Invalid or expired reset token']; } $hashedPassword = password_hash($newPassword, PASSWORD_DEFAULT); $this->db->query("UPDATE users SET password = :password, password_reset_token = NULL, password_reset_expiry = NULL WHERE id = :id"); $this->db->bind(':password', $hashedPassword); $this->db->bind(':id', $userId); if ($this->db->execute()) { logAudit($userId, 'password_reset', 'users', $userId); return ['success' => true, 'message' => 'Password reset successfully']; } return ['success' => false, 'message' => 'Failed to reset password']; } } // Create auth instance $auth = new Auth(); /** * Require login middleware */ function requireLogin() { global $auth; if (!$auth->isLoggedIn()) { redirect('index.php', 'Please login to continue', 'warning'); } } /** * Require role middleware */ function requireRole($roleId) { global $auth; requireLogin(); if (!$auth->hasRole($roleId)) { redirect('modules/admin/dashboard.php', 'Access denied', 'error'); } } /** * Require any role middleware */ function requireAnyRole($roleIds) { global $auth; requireLogin(); if (!$auth->hasAnyRole($roleIds)) { redirect('modules/admin/dashboard.php', 'Access denied', 'error'); } } ?>