db = \Config\Database::connect(); } // public function login() { // $username = $this->request->getVar('username'); // $password = $this->request->getVar('password'); // $key = getenv('JWT_SECRET'); // if (!$username) { // return $this->fail('Username required.', 400); // } // $sql = "SELECT * FROM users WHERE username=".$this->db->escape($username); // $query = $this->db->query($sql); // $row = $query->getRowArray(); // if (!$row) { // return $this->fail('User not found.', 401); // Use 401 for authentication failures // } // if (!password_verify($password, $row['password'])) { // return $this->fail('Invalid password.', 401); // } // // JWT payload // $payload = [ // 'userid' => $row['id'], // 'username' => $row['username'], // 'exp' => time() + 3600 // ]; // try { // $jwt = JWT::encode($payload, $key, 'HS256'); // } catch (Exception $e) { // return $this->fail('Error generating JWT: ' . $e->getMessage(), 500); // } // // Update last_login // //$this->userModel->update($user['id'], ['lastlogin' => date('Y-m-d H:i:s')]); // $response = [ // 'status' => 'success', // 'message' => 'Login successful', // 'token' => $jwt, // ]; // return $this->respond($response); // } public function login() { $username = $this->request->getVar('username'); $password = $this->request->getVar('password'); $key = getenv('JWT_SECRET'); if (!$username) { return $this->fail('Username required.', 400); } $sql = "SELECT * FROM users WHERE username=" . $this->db->escape($username); $query = $this->db->query($sql); $row = $query->getRowArray(); if (!$row) { return $this->fail('User not found.', 401); } if (!password_verify($password, $row['password'])) { return $this->fail('Invalid password.', 401); } // JWT payload $payload = [ 'userid' => $row['id'], 'username' => $row['username'], 'exp' => time() + 3600 ]; try { $jwt = JWT::encode($payload, $key, 'HS256'); } catch (Exception $e) { return $this->fail('Error generating JWT: ' . $e->getMessage(), 500); } // Set cookie (HttpOnly + Secure + SameSite=Strict) $this->response->setCookie([ 'name' => 'token', 'value' => $jwt, 'expire' => 3600, // 1 jam 'path' => '/', 'secure' => true, // set true kalau sudah HTTPS 'httponly' => true, 'samesite' => Cookie::SAMESITE_NONE // set true kalau sudah HTTPS // 'samesite' => Cookie::SAMESITE_STRICT ]); // Response tanpa token di body return $this->respond([ 'status' => 'success', 'message' => 'Login successful' ]); } public function change_pass() { $db = \Config\Database::connect(); $username = $this->request->getJsonVar('username'); $password = $this->request->getJsonVar('password'); $password = password_hash($password, PASSWORD_DEFAULT); $master = $this->request->getJsonVar('master'); $masterkey = getenv('masterkey'); if($master != $masterkey) { return $this->fail('Invalid master key.', 401); } $sql = "update users set password='$password' where username='$username'"; $query = $db->query($sql); $response = [ 'message' => "Password Changed for $username" ]; return $this->respond($response); } public function register() { $username = $this->request->getJsonVar('username'); $password = $this->request->getJsonVar('password'); $password = password_hash($password, PASSWORD_DEFAULT); // $master = $this->request->getJsonVar('master'); // $masterkey = getenv('MASTERKEY'); // if($master != $masterkey) { // return $this->fail('Invalid master key.', 401); // } $sql = "INSERT INTO users(username, password) values('$username', '$password')"; $this->db->query($sql); $response = [ 'message' => "User $username created" ]; return $this->respondCreated($response); } public function checkAuth() { $token = $this->request->getCookie('token'); $key = getenv('JWT_SECRET'); if (!$token) { return $this->fail('No token found', 401); } try { $decoded = JWT::decode($token, new Key($key, 'HS256')); return $this->respond([ 'status' => 'success', 'message' => 'Authenticated', 'data' => $decoded ]); } catch (\Exception $e) { return $this->fail('Invalid or expired token: ' . $e->getMessage(), 401); } } public function logout() { return $this->response ->deleteCookie('token') ->setJSON(['message' => 'Logout successful']); } }