" . pg_last_error($conn)); } function reset_password_ajax($data) { if(trim($data['password'])=='') { return '1|0|Error: Enter Password you want to create'; } //echo '1|0|';print_r($data); $data['ppwd'] = trim($data['ppwd']); $data['email'] = trim($data['email']); $sql = "Select * from forgot_password_link where link_code='".trim($data['link_code'])."' and usedd=0 "; $rr = mysql_query($sql); $data2 = mysql_fetch_assoc($rr); if($data2['code']<=0) { return '1|0|Error: Reset Password Link Expired/Invalid'; } if($data['re-password']<>$data['password']) { return '1|0|Error: Password and Retyped Password not matched'.$sql; } $qry = "SELECT * from admin_users where email_address='".$data2['email']."' and panel_1 "; $result = mysql_query($qry); $row = mysql_fetch_assoc($result); if ($row['email_address']==$data2['email']) { $sql = "Update admin_users SET password = '".md5(trim($_REQUEST['password']))."' where admin_id = '".$row['admin_id']."' "; $r = mysql_query($sql); $sql = "Update forgot_password_link SET usedd = '1' where code = '".$data2['code']."' "; $r = mysql_query($sql); return '1|1|Password Updated Successfully. Click here to Login'; } else { return '1|0|Error: Reset Password Link Expired/Invalid..'; } } function forgot_password($data) { /*if(trim($data['g-recaptcha-response'])=='') { return '1|0|Error: Captcha Verification Failed'; } $data['ppwd'] = trim($data['ppwd']);*/ $data['email'] = trim($data['email']); if(trim($data['email'])=='') { return '1|0|Error: Email Address please'; } $qry = "SELECT * from admin_users where email_address='".$data['email']."' and admin_users_status='1' and is_panel_access= 1 and panel_1=1 "; $result = mysql_query($qry); $row = mysql_fetch_assoc($result); if(($row['email_address']==$data['email'])) { $row['link_code'] = md5($row['email_address'].time().$row['admin_id']); $sql = "INSERT INTO forgot_password_link SET email='".$row['email_address']."',customer_code='".$row['admin_id']."',link_code='".$row['link_code']."'"; mysql_query($sql); $a = SITE_PATH_ADMIN.'index.php?task=reset_password&code='.$row['link_code'].''; $sql = "select * from email_template where template_for='Employee Password Reset' "; $r = mysql_query($sql); $ro_4 = mysql_fetch_assoc($r); if($ro_4['code']>0) { $ro_4['template'] = str_replace("[NAME]",$row['name'],$ro_4['template']); $ro_4['template'] = str_replace("[EMAIL]",$row['email_address'],$ro_4['template']); $ro_4['template'] = str_replace("[MOBILE]",$row['mobile'],$ro_4['template']); $ro_4['template'] = str_replace("[DESIGNATION]",$row['designation_employee'],$ro_4['template']); $ro_4['template'] = str_replace("[LINK_PASSWORD_RESET]",$a,$ro_4['template']); auto_email($ro_4['subject'],$row['email_address'],$ro_4['template'],$ro_4['email_from'],$row['admin_id']); return '1|1|Password reset email sent to '.$row['email_address']; } } else { return '1|0|Error: Invalid Email address'; } } function resend_v_email($data) { if(trim($data['g-recaptcha-response'])=='') { return '1|0|Error: Captcha Verification Failed'; } $data['ppwd'] = trim($data['ppwd']); $data['email'] = trim($data['email']); $qry = "SELECT * from admin_user where email_address='".$data['email']."' and status='1' and panel_1=1 and is_panel_access= 1 "; $result = mysql_query($qry); $row = mysql_fetch_assoc($result); if ($row['email_address']==$data['email']) { if($row['code_v_done']==1) { return '1|1|Email already verified'; } $a = SITE_PATH_ADMIN.'index.php?task=confirm_email&code='.$row['confirm_email'].''; $sql = "select * from email_template where template_for='Email Verification Required' "; $r = mysql_query($sql); $ro_4 = mysql_fetch_assoc($r); if($ro_4['code']>0) { $ro_4['template'] = str_replace("[CUSTOMER_CODE]",$row['customer_code'],$ro_4['template']); $ro_4['template'] = str_replace("[NAME]",$row['name'],$ro_4['template']); $ro_4['template'] = str_replace("[PASSWORD]",$row['pwd'],$ro_4['template']); $ro_4['template'] = str_replace("[EMAIL]",$row['email_address'],$ro_4['template']); $ro_4['template'] = str_replace("[MOBILE]",$row['mobile'],$ro_4['template']); $ro_4['template'] = str_replace("[EMAIL_VERIFICATION_LINK]",$a,$ro_4['template']); auto_email($ro_4['subject'],$row['email'],$ro_4['template'],$ro_4['email_from'],$row['admin_id']); return '1|1|Email Sent to '.$row['email']; } } else { return '1|0|Error: Invalid customer code/email'; } } function uLogin($data) { //unset($_SESSION); $sql = "SELECT * from admin_users where panel_1=1 and email = '".$data['user']."' AND password ='".md5($data['pwd'])."' "; $result = mysql_query($sql); $rows = mysql_fetch_assoc($result); $nRows = mysql_num_rows($result); // return '0$$Wrong Username/Password!!'.$rows['user']; // print_r($rows);exit; if($rows['email']===$data['user'] and strtolower($rows['password'])===strtolower(md5($data['pwd']))) { /*if($row['code_v_done']==0) { return '1|0|Email Verification Pending, to resend verification email click here'; }*/ $_SESSION['admin_code'] = $rows['admin_id']; $_SESSION['admin_name'] = $rows['name']; $_SESSION['user_type'] = $rows['user_type']; $_SESSION['master_account'] = $rows['master_account']; $_SESSION['timeout'] = time(); $_SESSION['unique_enc_id'] = $this->randomPrefix(10); $_SESSION['department_code'] = 0; //$converter->encode($str); //print_r($_SESSION);die(); $this->enter_log(); $this->move(); return; //$this->set_menu(); //return true; } else { return '0|0|Wrong Username/Password!'; } } function send_password($data) { $sql = "SELECT * from admin_users where email = '".$data['user_f']."' AND mobile ='".($data['mobile'])."' and admin_users_status='1'"; $result = mysql_query($sql); $rows = mysql_fetch_assoc($result); $nRows = mysql_num_rows($result); if($rows['email']===$data['user_f'] and strtolower($rows['mobile'])===strtolower(($data['mobile'])) and $nRows>='1') { $this->msg('Forgot Password',$rows['code']); return true; } else return false; } function msg($task,$id) { $sql = "SELECT m.*,username,p.code as p_code from member m INNER JOIN policy p ON memid=m.code and p.code = '".$id."' "; $result = mysql_query($sql); $rows = mysql_fetch_assoc($result); $nRows = pg_num_rows($result); if($nRows>='1') { $sql2 = "SELECT * from message where task = '".$task."' "; $result2 = mysql_query($sql2); $rows2 = mysql_fetch_assoc($result2); $nRows2 = pg_num_rows($result2); if($nRows2>='1') { if($rows2['email']=="1") auto_email($task,$rows['email'],$this->auto_replace($rows,$rows2['email_msg'])); return true; //if($rows2['sms']=="1") // $this->auto_sms($rows['mobile'],$this->auto_replace($rows,$rows2['sms_msg'])); } } } function move() { require_once("common_pages/enc.php"); $converter = new Encryption($_SESSION['unique_enc_id']); /*$s="select m.* FROM menu_master m where parent_id='0' and status='1' order by sort_id"; $res = mysql_query($s); while($rows = mysql_fetch_assoc($res)) {*/ $s22="select m.* FROM menu_master m where parent_id='0' and status='1' and is_deleted=0 and panel_2=1 order by sort_id"; $res22 = mysql_query($s22); while($rows22 = mysql_fetch_assoc($res22)) { if($this->check_checked($rows22['code'],$_SESSION['user_type'])) { if($rows22['folder']<>"#") { $_SESSION['menu_default'] = 0; echo "1|1|".SITE_PATH."admin/modules/".$rows22['folder']."/index.php?task=".$converter->encode($rows22['task'])."&cur=daily&sub_cat=".$rows22['sub_task'].'&m_id='.$rows22['code']; return; } $s2="select m.* FROM menu_master m where parent_id='".$rows22['code']."' and status='1' and is_deleted=0 and panel_2=1 and not folder='#' order by sort_id"; $res2 = mysql_query($s2); while($rows2 = mysql_fetch_assoc($res2)) { if($this->check_checked($rows2['code'],$_SESSION['user_type'])) { if($rows2['folder']<>"#") { $_SESSION['menu_default'] = 0; echo "1|1|".SITE_PATH."admin/modules/".$rows2['folder']."/index.php?task=".$converter->encode($rows2['task'])."&cur=daily&sub_cat=".$rows2['sub_task'].'&m_id='.$rows2['code']; return; //die($rows['folder']); //header("Location: modules/".$rows2['folder']."/index.php?task=".$converter->encode($rows2['task'])."&cur=daily&sub_cat=".$rows2['sub_task'].""); } } } } } /*}*/ //header("Location: modules/home/index.php?task=".$converter->encode($rows['home']).""); } function check_checked($id,$user_type) { $sql = "SELECT * FROM menu_master_permission where menu_id='".$id."' and user_type='".$user_type."'"; $res = mysql_query($sql); $result = mysql_fetch_assoc($res); if($result['id']>0) return true; else return false; } function enter_log() { if($_SESSION['department_code']>0) $tt = "Member"; else $tt = "Admin"; $sql = "Select * from login_log where user_code = '".$_SESSION['admin_code']."' and type = '".$tt."' order by code desc limit 0,1"; $res = mysql_query($sql); $rows = mysql_fetch_assoc($res); if($rows['code']>0) { $_SESSION['last_login'] = date("D, d-m-Y H:i:s",strtotime($rows['date'])); $_SESSION['last_ip'] = $rows['ip']; } else { $_SESSION['last_login'] = 'First Time Login'; $_SESSION['last_ip'] = ' Current IP is '.$_SERVER['REMOTE_ADDR']; } $s = "INSERT INTO login_log(user_name"; $s1 = "values('".$_SESSION['admin_name']."'"; $s = $s.",user_code"; $s1 = $s1.",'".$_SESSION['admin_code']."'"; $s = $s.",ip"; $s1 = $s1.",'".$this->getRealIpAddr()."'"; $s = $s.",type"; $s1 = $s1.",'".$tt."'"; $s = $s.",session_id"; $s1 = $s1.",'".session_id()."'"; $s = $s.",user_agent"; $s1 = $s1.",'".$_SERVER['HTTP_USER_AGENT']."'"; $s = $s.")"; $s1 = $s1.")"; $s = $s.$s1; if(@mysql_query($s)) return true; else return false; } function randomPrefix($length) { $random= ""; srand((double)microtime()*1000000); $data = "ABCDE123JKLMN67QRSTUVWXYZ"; $data .= ""; for($i = 0; $i < $length; $i++) { $random .= substr($data, (rand()%(strlen($data))), 1); } return $random; } function getRealIpAddr() { if (!empty($_SERVER['HTTP_CLIENT_IP'])) //check ip from share internet { $ip=$_SERVER['HTTP_CLIENT_IP']; } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) //to check ip is pass from proxy { $ip=$_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip=$_SERVER['REMOTE_ADDR']; } return $ip; } function set_menu() { $sql = 'SELECT * FROM pages where status=1'; $result = mysql_query($sql); unset($menu_array); $i = 0; while($rows = mysql_fetch_assoc($result)) { $b = array(code=>$rows['code'],title=>$rows['title'],action=>$rows['action']); $menu_array[$rows['code']] = $b; $i++; } $_SESSION['menu_array'] = $menu_array; } function auto_sms($num,$msg) { $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $curl_scraped_page = curl_exec($ch); curl_close($ch); return $curl_scraped_page; } function auto_replace($data,$msg) { $sql = "SELECT * from replace_var "; $result = mysql_query($sql); while($rows = mysql_fetch_assoc($result)) { if($rows['type']=='db') { $msg = str_replace($rows['from_var'],$data[$rows['to_var']],$msg); } else { if($rows['from_var']=='[DATE]') $vv = date('d-M-Y'); $msg = str_replace($rows['from_var'],$vv,$msg); } } return $msg; } } #class ends ?>