input; if($this->request != 'POST'){ $this->httpHeaders = 405; } else { require_once "./Controller/Recitven.php"; $RECITVEN = new Recitven(); $token = null; if($input->usuario){ $query = $this->consult("SELECT * FROM auth.users WHERE activo AND usuario = ?"); $query->execute([$input->email]); $result = $query->fetchAll(PDO::FETCH_ASSOC); if($result){ foreach ($result as $dato) $correo = $dato['email']; $token = $RECITVEN->AccessToken($correo,$input->password); } } else { $correo = $input->email; $token = $RECITVEN->AccessToken($input->email,$input->password); } if($token){ $query = $this->consult("SELECT * FROM auth.users WHERE activo AND email = ?"); $query->execute([$correo]); $result = $query->fetchAll(PDO::FETCH_ASSOC); if($result){ foreach ($result as $dato) $this->userid = $dato['id']; $this->data = array( 'userid' => $this->userid, 'name' => $dato['name'], 'lastname' => $dato['lastname'], 'email' => $dato['email'], 'token' => $this->token($this->userid), 'photo' => null, ); $this->httpHeaders = 200; } } } } private function token($userid) { $token = hash('sha256',bin2hex(random_bytes(64))); $login =date("Y-n-j H:i:s"); $exp = date("Y-n-j H:i:s"); $tokennew = $this->encode($token); $query = $this->consult("UPDATE auth.users SET token=:token, login=now(), expires= (now() + interval '3 hour') WHERE id=:id"); $query->bindParam(":id", $userid); $query->bindParam(":token", $tokennew); $query->execute(); return $token; } public function Reset() { $input = $this->input; if($this->request != 'POST'){ $this->httpHeaders = 405; } else { $code = mt_rand(100000, 999999); $password = $this->cifrar($code); $query = $this->consult("UPDATE auth.users SET password=:password WHERE email=:email"); $query->bindParam(":password", $password); $query->bindParam(":email", $input->email); $query->execute(); if ($query) { require_once "./Controller/Notify.php"; $Notify = new Notify(); $Notify->Send_Code($input->email,$code); $this->data = array( 'code' => $code, ); $this->httpHeaders = 200; } else { $this->httpHeaders = 204; } } } public function Resetpassw() { $input = $this->input; if($this->request != 'POST'){ $this->httpHeaders = 405; } else { $password = $this->cifrar($input->code); $query = $this->consult("SELECT * FROM auth.users WHERE email=:email AND password=:password"); $query->bindParam(":password", $password); $query->bindParam(":email", $input->email); $query->execute(); $result = $query->fetchAll(PDO::FETCH_ASSOC); if($result){ $passw = $this->cifrar($input->passw); $query = $this->consult("UPDATE auth.users SET password=:password WHERE email=:email"); $query->bindParam(":password", $passw); $query->bindParam(":email", $input->email); $query->execute(); $this->data = array( 'email' => true, 'password' => $password, 'email' => $input->email, ); $this->httpHeaders = 200; } } } public function Menu() { if($this->request != 'GET'){ $this->httpHeaders = 405; } else { $this->UserID(); $userid = $this->userid; $query = $this->consult("SELECT pag_nombre as nombre, pag_icon as icon,'/'||pag_to as to, insert, edit, delete FROM auth.vsecurity WHERE id=? AND activo AND mod_activo AND rol_activo GROUP BY pag_nombre, pag_icon, pag_to, insert, edit, delete"); $query->execute([$userid]); $pages = $query->fetchAll(PDO::FETCH_ASSOC); $menu = $this->Menu_Detail($userid); $this->data = array( 'userid' => $userid, 'pages' => $pages, 'menu' => $menu, ); $this->httpHeaders = 200; } } public function Menu_Detail($userid) { $query = $this->consult("SELECT DISTINCT pag_nombre AS label, pag_icon as icon, pag_to as to, pag_orden FROM auth.vsecurity WHERE id=? AND activo AND module=1 AND mod_activo AND rol_activo AND pag_activo ORDER BY pag_orden"); $query->execute([$userid]); $external = $query->fetchAll(PDO::FETCH_ASSOC); $query = $this->consult("SELECT DISTINCT module, mod_nombre AS mod, mod_icon as icon, ord FROM auth.vsecurity WHERE id=? AND activo AND module<>1 AND mod_activo AND rol_activo AND pag_activo ORDER BY ord"); $query->execute([$userid]); $consult = $query->fetchAll(PDO::FETCH_ASSOC); $internal = array(); if($consult){ for ($i = 0; $i < count($consult); $i++) { $internal[$i]['label'] = $consult[$i]['mod']; $internal[$i]['icon'] = $consult[$i]['icon']; $query = $this->consult("SELECT DISTINCT module, pag_nombre AS label, pag_icon as icon,pag_to as to, pag_orden FROM auth.vsecurity WHERE id=? AND module=? AND activo AND mod_activo AND rol_activo AND pag_activo ORDER BY pag_orden"); $query->execute([$userid,$consult[$i]['module']]); $internal[$i]['items'] = $query->fetchAll(PDO::FETCH_ASSOC); } } return array( 'external' => $external, 'internal' => $internal, ); } public function Exit() { if($this->request != 'GET'){ $this->httpHeaders = 405; } else { $this->UserID(); $query = $this->consult("UPDATE auth.users SET token=NULL WHERE id=:id"); $query->bindParam(":id", $this->userid); $query->execute(); if ($query) { $this->httpHeaders = 200; } } } public function PUT() { if($this->input->clave=='kqOosMGvdoaEi39xin8Dasd'){ $query = $this->consult("SELECT cedula FROM sys_usuario WHERE reset IS NULL AND cedula IN (SELECT cedula FROM estudiante WHERE activo) LIMIT ?"); $query->execute([$this->input->lote]); $result = $query->fetchAll(PDO::FETCH_ASSOC); for ($i = 0; $i < count($result); $i++) { $cedula = $result[$i]['cedula']; $password = $this->cifrar($result[$i]['cedula']); $query = $this->consult("UPDATE sys_usuario SET clave=:clave, reset='t' WHERE cedula=:cedula"); $query->bindParam(":cedula", $cedula); $query->bindParam(":clave", $password); $query->execute(); } $this->data = count($result); $this->httpHeaders = 200; } } public function POST() { if($this->input->clave=='kqOosMGvdoaEi39xin8Dasd'){ $cedula =$this->input->cedula; $password = $this->cifrar($cedula); $query = $this->consult("UPDATE sys_usuario SET clave=:clave, reset='t' WHERE cedula=:cedula"); $query->bindParam(":cedula", $cedula); $query->bindParam(":clave", $password); $query->execute(); $this->data = true; $this->httpHeaders = 200; } } }