194 lines
5.5 KiB
PHP
194 lines
5.5 KiB
PHP
<?php
|
|
header("Cache-Control: no-cache, must-revalidate");
|
|
// Date in the past
|
|
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
|
|
include_once 'class/ORAConnectionClass.php';
|
|
include_once 'init/initialisation_parameter.php';
|
|
|
|
$ora_obj = new ORAConnectionClass('init/ORA_INIT.php');
|
|
$ora_res = $ora_obj->ORA_PConnect();
|
|
if (!$ora_res){
|
|
echo "<BR>Error : " . htmlspecialchars($ora_obj->last_error_msg) . "<br>";
|
|
exit();
|
|
}
|
|
|
|
if ($_REQUEST['action'] == "login") {
|
|
$result = logMeIn($ora_obj);
|
|
} else if ($_REQUEST['action'] == "logout") {
|
|
$result = logMeOut();
|
|
} else {
|
|
$result = -1;
|
|
}
|
|
|
|
echo $result;
|
|
|
|
if ($ora_obj->conn) {
|
|
$ora_obj->ORA_Close();
|
|
#echo "connection closed.<br>";
|
|
}
|
|
|
|
function logMeOut(){
|
|
if (!is_null($_SESSION)) {
|
|
session_destroy();
|
|
}
|
|
return true;
|
|
}
|
|
|
|
function logMeIn(&$ora_obj){
|
|
$userData = verify_user($_REQUEST['loginid'], $_REQUEST['passwd']);
|
|
|
|
if (strlen($userData) > 1) {
|
|
$userRawArray = explode("\t",$userData);
|
|
foreach ($userRawArray as $rkey => $rval) {
|
|
list($key,$val) = explode('=',$rval);
|
|
$userArray[0][$key]=$val;
|
|
}
|
|
foreach ($userArray as $ukey => $uval) {
|
|
if ($uval['CHECK_LOGIN_COUNT'] == 0) {
|
|
if ($uval['MASTER_STATUS'] != 'P') {
|
|
if ($uval['STATUS'] ==='A' && $uval['MASTER_STATUS'] === 'A') {
|
|
$result = 1; //success
|
|
$session = 1;
|
|
$_SESSION['KD_APPS'] = $uval['KD_APPS'];
|
|
$_SESSION['KD_USER'] = $uval['KD_USER'];
|
|
$_SESSION['NAMA_USER'] = $uval['NAMA_USER'];
|
|
$_SESSION['KD_GROUP'] = $uval['KD_GROUP'];
|
|
$_SESSION['NAMA_GROUP'] = $uval['NAMA_GROUP'];
|
|
$_SESSION['STATUS'] = $uval['STATUS'];
|
|
$_SESSION['MASTER_STATUS'] = $uval['MASTER_STATUS'];
|
|
$_SESSION['KD_CABANG'] = $uval['KD_CABANG'];
|
|
$_SESSION['MULTI_BRANCH'] = $uval['MULTI_BRANCH'];
|
|
//$_SESSION['BRANCH_CODE'] = $uval['BRANCH_CODE'];
|
|
$_SESSION['LAST_LOGIN'] = mktime();
|
|
$_SESSION['MENU'] = $uval['MENU'];
|
|
$_SESSION['SCRIPT_ALLOW'] = getAllowableScript($uval['MENU']);
|
|
} elseif ($uval['STATUS'] === 'D' || $uval['MASTER_STATUS'] === 'D') {
|
|
$result = 4; // status disabled
|
|
$session = 4;
|
|
} elseif ($uval['STATUS'] === 'L' || $uval['MASTER_STATUS'] === 'L') {
|
|
$result = 5; // status lock
|
|
$session = 5;
|
|
}
|
|
} else {
|
|
$_SESSION['KD_APPS'] = $uval['KD_APPS'];
|
|
$_SESSION['KD_USER'] = $uval['KD_USER'];
|
|
$_SESSION['NAMA_USER'] = $uval['NAMA_USER'];
|
|
$_SESSION['KD_GROUP'] = $uval['KD_GROUP'];
|
|
$_SESSION['NAMA_GROUP'] = $uval['NAMA_GROUP'];
|
|
$_SESSION['STATUS'] = $uval['STATUS'];
|
|
$_SESSION['MASTER_STATUS'] = $uval['MASTER_STATUS'];
|
|
$_SESSION['LAST_LOGIN'] = mktime();
|
|
$_SESSION['MENU'] = $uval['MENU'];
|
|
$_SESSION['SCRIPT_ALLOW'] = getAllowableScript($uval['MENU']);
|
|
$result = 6;
|
|
$session = 6;
|
|
}
|
|
} else {
|
|
$attempt = $uval['MAX_LOGIN_COUNT'] - $uval['CHECK_LOGIN_COUNT'];
|
|
if ($uval['CHECK_LOGIN_COUNT'] >= $uval['MAX_LOGIN_COUNT']) {
|
|
$result = 5; // status lock
|
|
$session = 5;
|
|
} else {
|
|
$result = 'Invalid Password, you have '.$attempt.' chance(s) to try';
|
|
$session = 2; // wrong password
|
|
}
|
|
}
|
|
}
|
|
} else {
|
|
$result = 0; // user not registered
|
|
$session = 0;
|
|
}
|
|
|
|
//if ($result == 1) {
|
|
$user_login = $_REQUEST['loginid'];
|
|
//$user_login = $_SESSION["KD_USER"];
|
|
$tgl_login = date('YmdHis');
|
|
$ip_login = gethostbyname($_SERVER['REMOTE_ADDR']);
|
|
$sql = "INSERT INTO AUDIT_SESSION VALUES ('".$user_login."', SYSDATE, '".$ip_login."', '".$session."')";
|
|
$exec = $ora_obj->ORA_InsertData($sql,null);
|
|
$ora_obj->ORA_Commit();
|
|
//}
|
|
return $result;
|
|
}
|
|
|
|
function verify_user($loginid, $passwd){
|
|
$SERVER_ADDR = $_SERVER['SERVER_ADDR'] .':'.$_SERVER['SERVER_PORT'];
|
|
$SERVER_ADDR = '10.0.1.82:80';
|
|
|
|
$USERMANPROG = "user_verification.php";
|
|
$sock = fsockopen("tcp://".USERMANAGERIP, USERMANAGERPORT, $errno, $errstr, 30);
|
|
if (!$sock) die("$errstr ($errno)\n");
|
|
|
|
$data = "appsid=".urlencode(APPSID). "&loginid=".urlencode($loginid). "&passwd=".urlencode($passwd). "&addr=".$SERVER_ADDR. "&version=2";
|
|
|
|
fwrite($sock, "POST /user_verification.php HTTP/1.0\r\n");
|
|
fwrite($sock, "Host: $USERMANAGERIP\r\n");
|
|
fwrite($sock, "Content-type: application/x-www-form-urlencoded\r\n");
|
|
fwrite($sock, "Content-length: " . strlen($data) . "\r\n");
|
|
fwrite($sock, "Accept: */*\r\n");
|
|
fwrite($sock, "\r\n");
|
|
fwrite($sock, "$data\r\n");
|
|
fwrite($sock, "\r\n");
|
|
|
|
$headers = "";
|
|
while ($str = trim(fgets($sock, 4096)))
|
|
$headers .= "$str\n";
|
|
|
|
$body = "";
|
|
while (!feof($sock))
|
|
$body .= fgets($sock, 4096);
|
|
|
|
fclose($sock);
|
|
|
|
return decompress($body);
|
|
}
|
|
|
|
function getAllowableScript($sessionMenu){
|
|
//$sessionMenu = $_SESSION['MENU'];
|
|
|
|
if (!empty($sessionMenu)) {
|
|
$tempMenuArrayLine = explode('-',$sessionMenu);
|
|
//print_r($tempMenuArrayLine);
|
|
if (count($tempMenuArrayLine) > 0) {
|
|
foreach ($tempMenuArrayLine as $tkey => $tval) {
|
|
$tempMenuArray = explode('|',$tval);
|
|
if (count($tempMenuArray) > 0) {
|
|
foreach ($tempMenuArray as $mkey => $mval) {
|
|
list($menukey,$menuval) = explode('>',$mval);
|
|
if ($menukey === 'LINK'){
|
|
$SCRIPT_ALLOW[$menuval] = 1;
|
|
}
|
|
//$menu[$menuCounter][$menukey] = $menuval;
|
|
}
|
|
//$menuCounter++;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return $SCRIPT_ALLOW;
|
|
}
|
|
|
|
function decompress ($data){
|
|
$total = strlen($data);
|
|
for ($j=0;$j<$total;$j=$j+2){
|
|
$text .= chr(hexdec(substr($data,$j,2)));
|
|
}
|
|
|
|
return $text;
|
|
}
|
|
|
|
function compress ($data){
|
|
$total = strlen($data);
|
|
for ($i=0;$i<$total;$i++){
|
|
$temp = dechex(ord(substr($data,$i,1)));
|
|
if (strlen($temp)<2) {
|
|
$temp = '0'.$temp;
|
|
}
|
|
$text .= $temp;
|
|
}
|
|
|
|
|
|
return $text;
|
|
}
|
|
|
|
?>
|