Untitled

mail@pastecode.io avatar
unknown
php
2 years ago
26 kB
1
Indexable
Never
//set pin verify online
$app->post('/setpin_verify_online', function (Request $request, Response $response, array $args) {
    //      if ( sqlsrv_begin_transaction( $GLOBALS['conn'] ) === false )  {  
    //     $result = (object) array('api_status' => 0, 'api_message' => 'กรุณาทำรายการใหม่อีกครั้ง', 'haspin' => false);
    //     returnJson($result);
    //     exit();  
    // }
    try{
        $postValue = $request->getParsedBody();
        write_request_logs('/setpin_verify_online', $postValue);
         write_logs_changedevice('/setpin_verify_online',$postValue,1);
        $simimei = $postValue['simimei'];
        $simimei = mssql_escape($simimei);
        $simimei = splitSim($simimei);
        $deviceimei = mssql_escape($postValue['deviceimei']);
       
        $token = mssql_escape($postValue['token']);
        $pin = mssql_escape($postValue['pin']);
        $token_real = mssql_escape($postValue['token']);
        $platform = mssql_escape($postValue['platform']);
        $token = hash('md5', $token);
        $options = [
            'cost' => 11,
            'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM),
        ];
        $pin = password_hash($pin, PASSWORD_BCRYPT, $options);

        $SQL  = "SELECT * FROM cms_users WHERE device_imei = ? AND verify_status = 1 AND user_remove != 1 AND id_cms_privileges = 2";
        $SQLQuery = sqlsrv_query($GLOBALS['conn'], $SQL, array($deviceimei));
        while ($row = sqlsrv_fetch_array($SQLQuery, SQLSRV_FETCH_ASSOC)) {
            $id = $row['id'];
            $user = $row['username'];
            $username_account = $row['username'];
            $name = $row['name'];
            $device_imei = $row['device_imei'];
            $citizen = $row['identification_card'];
            $current_platform = $row['platform'];
        }
        // $SQLCitizen  = "SELECT * FROM cms_users WHERE id = ?";
        $user = getuserauthenfromtoken($token_real);
        if($id==''){
            $id = $user['id'];
            $username_account = $user['username'];
            $name = $user['name'];
            $device_imei = $user['device_imei'];
            $citizen = $user['identification_card'];
        }
        $id = $user['id'];

        if (!$citizen) {
            output(0, SETPIN_UNKNOWN);
        } else {
            // if($deviceimei != $device_imei){
            //     $txtSqlEmptyDevImei = ",device_imei = ''";
            // }else{
                $txtSqlEmptyDevImei = '';
            // }
            $SQL = "UPDATE cms_users SET pin = '{$pin}' ,lock = 0,active=1, unlock = 0 ".$txtSqlEmptyDevImei." WHERE id = ?";
            $SQLQuery = sqlsrv_query($GLOBALS['conn'], $SQL, array($id));
            $rows_affected = sqlsrv_rows_affected($SQLQuery);

            if ($rows_affected > 0) {

                $deviceregister =  createTokenFromTelDevice($deviceimei, $simimei);
               
                $SQL = "UPDATE cms_users SET tb_device_status_id = 1, actived_date = GETDATE() WHERE id = '$id'";
                sqlsrv_query($GLOBALS['conn'], $SQL, array($id));
                
                $SQLUpdateOTP = "update tb_otp_fail set count_index = 0 where username = '$user';";
                sqlsrv_query($GLOBALS['conn'], $SQLUpdateOTP);
               $SQLUnLockUserOTP = "UPDATE tb_sendotp_fail SET count_index = 0 ,  count_send = 0 ,  count_fail = 0 ,  otp = 0  ,  time_check = null  WHERE username = '$user'";
                sqlsrv_query($GLOBALS['conn'], $SQLUnLockUserOTP);
                $SQLUpdateBankAccount = "update tb_bankaccount_fail set count_index = 0 where username = '$user';";
                sqlsrv_query($GLOBALS['conn'], $SQLUpdateBankAccount);
                $SQLUpdateBirthday = "update tb_birthday_fail set count_index = 0 where username = '$user';";
                sqlsrv_query($GLOBALS['conn'], $SQLUpdateBirthday);
                $SQLUpdatePIN = "update tb_pin_fail set count_index = 0 where username = '$user';";
                sqlsrv_query($GLOBALS['conn'], $SQLUpdatePIN);
                $token_ref = guidv4(openssl_random_pseudo_bytes(16),$id);
                if($deviceimei == $device_imei){
                    write_logs_changedevice('/setpin_verify_online',json_encode(array(
                        'api_status' => 1,
                        'api_message'=> 'ท่านได้ปลดล็อคการใช้งาน GHB ALL เรียบร้อยแล้ว',
                    'username' => $username_account,
                    'citizen' => $citizen,
                    'token_ref' => $token_ref,
                    'name' => $name,
                    'token' => $token_real,
                    'platform' => $platform
                )),2);
                    output(1, 'ท่านได้ปลดล็อคการใช้งาน GHB ALL เรียบร้อยแล้ว', array(
                    'username' => $username_account,
                    'citizen' => $citizen,
                    'token_ref' => $token_ref,
                    'name' => $name,
                    'token' => $token_real,
                    'platform' => $platform
                ));
                }else{
                     write_logs_changedevice('/setpin_verify_online',json_encode(array(
                        'api_status' =>2,
                        'api_message'=> 'ท่านได้ปลดล็อค PIN เรียบร้อยแล้ว กรุณาทำการย้ายเครื่อง',
                    'username' => $username_account,
                    'citizen' => $citizen,
                    'token_ref' => $token_ref,
                    'name' => $name,
                    'token' => $token_real,
                    'platform' => $platform
                )),2);
                    output(2, 'ท่านได้ปลดล็อค PIN เรียบร้อยแล้ว กรุณาทำการย้ายเครื่อง', array(
                        'username' => $username_account,
                        'citizen' => $citizen,
                        'token_ref' => $token_ref,
                        'name' => $name,
                        'token' => $token_real,
                        'platform' => $platform
                    ));
                }
                
            } else {
                output(0, SETPIN_FAIL);
            }
        }
    } catch (Exception $e) {
   $result = (object) array('api_status' => 0, 'api_message' => 'ไม่สามารถทำรายการได้');
    returnJson($result);
    exit(); 
    }
});


/* NDID */
$app->post('/setpin', function (Request $request, Response $response, array $args) {

    $postValue = $request->getParsedBody();
    write_request_logs('/setpin', $postValue);
    $simimei = $postValue['simimei'];
    $simimei = mssql_escape($simimei);
    $simimei = splitSim($simimei);
    $deviceimei = mssql_escape($postValue['deviceimei']);
    $ndid = mssql_escape($postValue['ndid']);
    $token = mssql_escape($postValue['token']);
    $pin = mssql_escape($postValue['pin']);
    $platform = mssql_escape($postValue['platform']);
    $username = $postValue['username'];
    $token = hash('md5', $token);
    $options = [
        'cost' => 11,
        'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM),
    ];
    $pin = password_hash($pin, PASSWORD_BCRYPT, $options);

    if ($ndid) {
        $SQLCitizen  = "SELECT * FROM cms_users WHERE device_imei = ? AND verify_status = 0 AND user_remove != 1 AND id_cms_privileges = 2 AND tb_device_status_id = 19 AND ndid = 1";
    } else {
        $SQLcheck19  = "SELECT * FROM cms_users  WHERE username = '{$username}' AND verify_status = 1 AND user_remove != 1 AND id_cms_privileges = 2 AND ndid != 1 AND tb_device_status_id in (19,8)";
        // print_r($SQLcheck19);
        // die;
        $SQLCitizenQuery = sqlsrv_query($GLOBALS['conn'], $SQLcheck19);
        if(count($SQLCitizenQuery)==0){
        $SQLCitizen  = "SELECT * FROM cms_users WHERE device_imei = '{$deviceimei}' AND verify_status = 1 AND user_remove != 1 AND id_cms_privileges = 2";
        }else{
        $SQLCitizen  = "SELECT * FROM cms_users  WHERE username = '{$username}' AND verify_status = 1 AND user_remove != 1 AND id_cms_privileges = 2 AND ndid != 1 AND tb_device_status_id in (19,8)";   
        }
    }

    //// ปิดการตรวจสอบ sim_imei android
    // if ($platform == "android") {
    //     $SQLCitizen .= " AND sim_imei LIKE '$simimei%'";
    // }


    $SQLCitizenQuery = sqlsrv_query($GLOBALS['conn'], $SQLCitizen);
    while ($row = sqlsrv_fetch_array($SQLCitizenQuery, SQLSRV_FETCH_ASSOC)) {
        $id = $row['id'];
        $user = $row['username'];
        $name = $row['name'];
        $citizen = $row['identification_card'];
        $current_platform = $row['platform'];
        $device_status = $row['tb_device_status_id'];
    }
    write_request_logs('/setpin', $SQLCitizen);

    if (!$citizen) {
        output(0, SETPIN_UNKNOWN);
    } else {
        $SQL = "UPDATE cms_users SET pin = '{$pin}' ,lock = 0, unlock = 0 WHERE id = ?";
        $SQLQuery = sqlsrv_query($GLOBALS['conn'], $SQL, array($id));
        $rows_affected = sqlsrv_rows_affected($SQLQuery);

        if ($rows_affected > 0) {

            $deviceregister =  createTokenFromTelDevice($deviceimei, $simimei);
            if ($ndid) {
                $datetimeTransaction = date('Y-m-d H:i:s');
                $citizen_md5 = md5($citizen);
                $SQLInsertToken = "INSERT INTO tb_token (token, token_date, cms_users_id) VALUES('$citizen_md5', '$datetimeTransaction', $id)";
                sqlsrv_query($GLOBALS['conn'], $SQLInsertToken);

                $SQL = "UPDATE cms_users SET tb_device_status_id = 1, actived_date = GETDATE(), verify_status=1, platform='{$platform}', device_register='{$deviceregister}' WHERE id = ?";
                sqlsrv_query($GLOBALS['conn'], $SQL, array($id));
            } else {
                if($device_status == 19 || $device_status == 8){
                    $SQL = "UPDATE cms_users SET tb_device_status_id = 1, device_imei ='$deviceimei', actived_date = GETDATE() WHERE id = ?";
                sqlsrv_query($GLOBALS['conn'], $SQL, array($id));
                }else{
                    $SQL = "UPDATE cms_users SET tb_device_status_id = 1, actived_date = GETDATE() WHERE id = ?";
                sqlsrv_query($GLOBALS['conn'], $SQL, array($id));
                }
                
            }
            $token_ref = guidv4(openssl_random_pseudo_bytes(16),$id);

            output(1, 'Success', array(
                'username' => $user,
                'citizen' => $citizen,
                'name' => $name,
                'token_ref' => $token_ref,
                'platform' => $platform,
                'ndid' => !empty($ndid) ? 1 : 0
            ));
        } else {
            output(0, SETPIN_FAIL);
        }
    }
});

$app->post('/verifypin', function (Request $request, Response $response, array $args) {

    $postValue = $request->getParsedBody();
    $simimei = $postValue['simimei'];
    $simimei = mssql_escape($simimei);
    $simimei = splitSim($simimei);

    $deviceimei = $postValue['deviceimei'];
    $deviceimei = mssql_escape($deviceimei);

    $deviceimei_new = $postValue['deviceimei_new'];
    $deviceimei_new = mssql_escape($deviceimei_new);

    $token = $postValue['token'];
    $token = mssql_escape($token);

    $pin = $postValue['pin'];
    $pin = mssql_escape($pin);

    $pin_ori = $postValue['pin'];
    $pin_ori = mssql_escape($pin_ori);

    $type = $postValue['type'];
    $type = mssql_escape($type);

    $token = hash('md5', $token);
    $lock = false; 

    $platform = $postValue['platform'];
    $platform = mssql_escape($platform);

    $device_status = 0;

    write_request_logs("verifypin", $postValue);


    
    $SQLCitizen  = "SELECT * FROM cms_users WHERE device_imei = '$deviceimei'  AND verify_status = 1 AND user_remove != 1 AND id_cms_privileges = 2 ";    

    // ปิดการตรวจสอบ sim_imei android
    // if ($platform == "android") {
    //     $SQLCitizen  .= " AND sim_imei LIKE '$simimei%'";
    // }

    $SQLCitizenQuery = sqlsrv_query($GLOBALS['conn'], $SQLCitizen, array($deviceimei));
    while ($row = sqlsrv_fetch_array($SQLCitizenQuery, SQLSRV_FETCH_ASSOC)) {
        $id = $row['id'];
        $user = $row['username'];
        $name = $row['name'];
        $bank_account = $row['bank_account'];
        $citizen = $row['identification_card'];
        $status = $row['status'];
        $user_remove = $row['user_remove'];
        $active = $row['active'];
        $pin_query = $row['pin'];
        $verify_status = $row['verify_status'];
        $device_status = $row['tb_device_status_id'];
        $current_platform = $row['platform'];
        $email = trim($row['email']);
    }
    // if($device_status == 23){
    //     $api_status = 4;
    //     $api_message = "บัญชีของท่านถูกระงับการใช้งาน เนื่องจากกรอก Pin ผิด ท่านสามารถยืนยันตัวตน เพื่อใช้งาน";
    //     $result = (object) array('api_status' => $api_status, 'api_message' => $api_message, 'lock' => $lock);
    //     returnJson($result);
    //     exit();
    // }
    if ($type == '0') {
        $verify_status =  password_verify($pin, $pin_query);

        if ($id == '' || $verify_status != 1) {
            if($device_status == 13){
                $SQLLockUser = "UPDATE tb_pin_fail SET count_index = 0 WHERE username = ? AND username != '' ";
                sqlsrv_query($GLOBALS['conn'], $SQLLockUser, array($user));
            }
            $timetransaction = date("Y-m-d H:i:s");
            $SQLInsertFail = "INSERT INTO tb_pin_fail (pin,username,name,bankaccount,datelogin,count_index) VALUES('$pin','$user','$name','$bank_account','$timetransaction',1);";
            sqlsrv_query($GLOBALS['conn'], $SQLInsertFail);
            $SQLCountFail = "SELECT count(username) AS count_fail FROM tb_pin_fail where username = ? AND count_index = 1 AND username != ''";
            $SQLCountFailQuery = sqlsrv_query($GLOBALS['conn'], $SQLCountFail, array($user));

            while ($row = sqlsrv_fetch_array($SQLCountFailQuery, SQLSRV_FETCH_ASSOC)) {
                $count_fail = $row['count_fail'];
            }

            if($device_status == 22){
                $result = COUNT_SENDOTP_PINLOCK22;
            }else{
                $result = COUNT_SENDOTP_PINLOCK;
            }
            // echo $result;
            // die;
            // $result = 6;
            $result = $result - $count_fail;

            if ($result <= 0) {
                //$SQLLockUser = "UPDATE cms_users SET lock = 1 ,unlock = 0 , tb_device_status_id = 4 WHERE username = '$user';";
                if($device_status == 22){
                    $device_status = 21;
                }else{
                    $device_status = 20;
                }
                

                //check IAL

                


                $SQLLockUser = "UPDATE cms_users SET lock = 1, unlock = 0, active=0, tb_device_status_id = ".$device_status." WHERE username = ? AND username != ''  ";
                sqlsrv_query($GLOBALS['conn'], $SQLLockUser, array($user));
                $SQLGetToken = "select TOP 1 token from tb_token where cms_users_id = $id;";
                $SQLQueryToken = sqlsrv_query($GLOBALS['conn'], $SQLGetToken);
                while ($row_token = sqlsrv_fetch_array($SQLQueryToken, SQLSRV_FETCH_ASSOC)) { 
                    $token_ial = $row_token['token'];
                }
                $lock = true;
                $isConfirm = true;
                $api_status = 0;
                $api_message = sprintf(VERIFYPIN_INVALID_PIN, $result);
                if($device_status == 20 || $device_status == 21){
                    $pathCheckIAL = BASE_URL."checkIALAuthen";
                    $ch = curl_init();
                    curl_setopt($ch, CURLOPT_URL,$pathCheckIAL);
                    curl_setopt($ch, CURLOPT_POST, 1);
                    curl_setopt($ch, CURLOPT_POSTFIELDS,"token=$token_ial");
                    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
                    $server_output = curl_exec($ch);
                    curl_close ($ch);
                    $server_output = json_decode($server_output,true);
                    $IALStatus = $server_output['api_status'];
                    // $IALStatus = 1;
                    if($IALStatus == 0){
                        $api_status = 0;
                        $api_message = "บัญชีของท่านถูกระงับการใช้งาน กรุณาติดต่อสาขา";
                        //lock = 2 หมายความว่าหน้า Login ให้เช็ค Popup 1 ปุ่ม บัญชีล็อคและ IAL ไม่ผ่าน ให้ User ไปที่สาขา
                        $SQLLockUser = "UPDATE cms_users SET lock = 2 WHERE username = ? AND username != ''  ";
                        sqlsrv_query($GLOBALS['conn'], $SQLLockUser, array($user));
                    }else{
                        $api_status = 2;
                        $api_message = "บัญชีของท่านถูกระงับการใช้งาน เนื่องจากกรอก PIN ผิด ท่านสามารถยืนยันตัวตนเพื่อใช้งาน";
                    }
                }elseif($device_status == 23){
                    $api_status = 0;
                    $api_message = "บัญชีของท่านถูกระงับการใช้งาน กรุณาติดต่อสาขา";
                    // $api_status = 2;
                    // $api_message = "บัญชีของท่านถูกระงับการใช้งาน เนื่องจากกรอก Pin ผิด ท่านสามารถยืนยันตัวตน เพื่อใช้งาน";

                }
                $token_ref = "";
                $result = (object) array('api_status' => $api_status, 'api_message' => $api_message, 'lock' => $lock, 'token_ref' => $token_ref);
                write_response_logs('/verifypin',$result);
                returnJson($result);
                exit();
            }else{
                $api_status = 0;
                $api_message = sprintf(VERIFYPIN_INVALID_PIN, $result);
            }
            // if ($result <= 0) {
            //     $api_status = 4;
            //     $api_message = 'บัญชีของท่านถูกระงับการใช้งาน เนื่องจากกรอก Pin ผิด ท่านสามารถยืนยันตัวตน เพื่อใช้งาน หรือติดต่อ สาขา';
            // } else {
            //     $api_status = 0;
            //     $api_message = sprintf(VERIFYPIN_INVALID_PIN, $result);
            // }
        } else {
            $SQLLockUser = "UPDATE tb_pin_fail SET count_index = 0 WHERE username = ? AND username != '' ";
            sqlsrv_query($GLOBALS['conn'], $SQLLockUser, array($user));
            $SQLUnLockUserOTP = "UPDATE tb_otp_fail SET count_index = 0 WHERE username = ? AND username != '' ";
            sqlsrv_query($GLOBALS['conn'], $SQLUnLockUserOTP, array($user));
            $SQLUnLockUserBankAccount = "UPDATE tb_bankaccount_fail SET count_index = 0 WHERE username = ? AND username != '' ";
            sqlsrv_query($GLOBALS['conn'], $SQLUnLockUserBankAccount, array($user));
            $SQLUnLockUserBirthdate = "UPDATE tb_bankaccount_fail SET count_index = 0 WHERE username = ? AND username != '' ";
            sqlsrv_query($GLOBALS['conn'], $SQLUnLockUserBirthdate, array($user));
            if($deviceimei_new!=""&& $deviceimei_new != $deviceimei){
                $SQL = "UPDATE cms_users SET device_imei = '".$deviceimei_new."' WHERE device_imei = '".$deviceimei."' AND user_remove != 1 AND device_imei != ''  ";
                $SQLQuery = sqlsrv_query($GLOBALS['conn'], $SQL);   
            }
             
           
            if($device_status == 22 || $device_status == 23){
                $SQLUnLockUser = "UPDATE cms_users SET lock = 0, unlock = 0,verify_status = 1, active=1, tb_device_status_id = 1 WHERE username = '$user' AND username != ''  ";
                sqlsrv_query($GLOBALS['conn'], $SQLUnLockUser);  
            }
            $api_status = 1;
            $api_message = "Success";
            $token_ref = guidv4(openssl_random_pseudo_bytes(16),$id);
        }
    } else {
        if (strlen($id) > 0) {
            $api_status = 1;
            $api_message = "Success";
            $token_ref = guidv4(openssl_random_pseudo_bytes(16),$id);
        } else {
            $api_status = 0;
            $api_message = VERIFYPIN_INVALID_PIN_FINGER;
            //รหัสพินไม่ถูกต้องท่านสามารถใส่พินได้ทั้งหมด
            $timetransaction = date("Y-m-d H:i:s");
            $SQLInsertFail = "INSERT INTO tb_pin_fail (pin,username,name,bankaccount,datelogin,count_index) VALUES('$pin','$user','$name','$bank_account','$timetransaction',1);";
            sqlsrv_query($GLOBALS['conn'], $SQLInsertFail);
        }
    }

    /*if ($api_status == 1 && !empty($user)  && !empty($postValue['osVersion']) && !empty($postValue['appVersion'])) {
        $osVersion = mssql_escape($postValue['osVersion']);
        $appVersion = mssql_escape($postValue['appVersion']);
        $sqlCheckVersion = "SELECT cms_users_id FROM cms_users_version where cms_users_id = ?";
        $sqlCheckVersionQ = sqlsrv_query($GLOBALS['conn'], $sqlCheckVersion, array($id));
        $sqlCheckVersionQRow = sqlsrv_fetch_array($sqlCheckVersionQ, SQLSRV_FETCH_ASSOC);
        $cms_users_id = $sqlCheckVersionQRow['cms_users_id'];
        if (!empty($cms_users_id)) {
            $updateOS = "UPDATE cms_users_version SET osVersion = N'{$osVersion}', appVersion = N'{$appVersion}', update_date = GETDATE() WHERE cms_users_id = '{$id}' ";
            sqlsrv_query($GLOBALS['conn'], $updateOS);
        } else {
            $updateOS = "INSERT INTO cms_users_version (osVersion, appVersion, cms_users_id, update_date) VALUES( N'{$appVersion}', N'{$appVersion}', '$id', GETDATE())";
            sqlsrv_query($GLOBALS['conn'], $updateOS);
        }
    }

    if ($api_status == 1 && !empty($email)) {
        $name = urlencode($name);
        $email = urlencode($email);
        $mailurl = "http://localhost/v2_0_0/public/PHPMailer/sendmail.php?name={$name}&email={$email}";
        $api_message = @file_get_contents($mailurl);
        flush();
    }*/
    if(empty($token_ref)){
        $token_ref = "";        
    }
    if($api_status==0){
   $result = (object) array('api_status' => $api_status, 'api_message' => $api_message, 'lock' => $lock);
    returnJson($result);
    }else{
         $result = (object) array('api_status' => $api_status, 'api_message' => $api_message, 'lock' => $lock, 'token_ref' => $token_ref);
    returnJson($result);  
    }

 
});


$app->post('/validate/pin', function (Request $request, Response $response, array $args) {

    $post = build_request($request->getParsedBody());
    $pin = $post['pin'];
    $user = getuserfromtoken($post['token']);
    $uid = $user['id'];

    $SQL = "SELECT pin FROM cms_users WHERE id = $uid";
    $Query = sqlsrv_query($GLOBALS['conn'], $SQL);
    $row = sqlsrv_fetch_array($Query, SQLSRV_FETCH_ASSOC);
    if (password_verify($pin, $row['pin']) == 1) {
        $result = array(
            'api_status' => 1,
            'api_message' => 'Success'
        );
    } else {
        $result = array(
            'api_status' => 0,
            'api_message' => 'Failed'
        );
    }

    return $response->withStatus(200)->withJson($result);
});

$app->post('/update/pin', function (Request $request, Response $response, array $args) {
    $post = build_request($request->getParsedBody());
    $pin = $post['pin'];
    $user = getuserfromtoken($post['token']);
    $uid = $user['id'];

    $SQL = "SELECT pin FROM cms_users WHERE id = $uid";
    $Query = sqlsrv_query($GLOBALS['conn'], $SQL);
    $row = sqlsrv_fetch_array($Query, SQLSRV_FETCH_ASSOC);
    $options = [
        'cost' => 11,
        'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM),
    ];
    $pin = password_hash($pin, PASSWORD_BCRYPT, $options);
    $SQL = "UPDATE cms_users SET pin = '" . $pin . "' WHERE id = $uid";
    sqlsrv_query($GLOBALS['conn'], $SQL);
    $result = array(
        'api_status' => 1,
        'api_message' => 'เปลี่ยนรหัส PIN ใหม่เรียบร้อยแล้ว'
    );

    return $response->withStatus(200)->withJson($result);
});