Add uid_exists($uid), better login error messages

2017-05-06 23:20:18 -06:00 · 2017-05-06 23:20:18 -06:00 · de4dcc37bc
commit de4dcc37bc
parent eaeb8806a1
3 changed files with 38 additions and 3 deletions
--- a/app.php
+++ b/app.php
@ -114,6 +114,7 @@ if (!is_empty($_GET['page'])) {
                            ?>
                        </ul>
                        <ul class="nav navbar-nav navbar-right">
+                            <li><span class="navbar-text navbar-link"><i class="fa fa-user fa-fw"></i> <?php echo $_SESSION['realname'] ?></span></li>
                            <li><a href="action.php?action=signout"><i class="fa fa-sign-out fa-fw"></i> <?php lang("sign out") ?></a></li>
                        </ul>
                    </div>
--- a/index.php
+++ b/index.php
@ -14,7 +14,8 @@ $multiauth = false;
 if (checkLoginServer()) {
    if ($VARS['progress'] == "1") {
        if (!RECAPTCHA_ENABLED || (RECAPTCHA_ENABLED && verifyReCaptcha($VARS['g-recaptcha-response']))) {
-            if (authenticate_user($VARS['username'], $VARS['password'])) {
+            $errmsg = "";
+            if (authenticate_user($VARS['username'], $VARS['password'], $errmsg)) {
                switch (get_account_status($VARS['username'])) {
                    case "LOCKED_OR_DISABLED":
                        $alert = lang("account locked", false);
@ -42,9 +43,13 @@ if (checkLoginServer()) {
                        die("Logged in, go to app.php");
                    }
                }
+            } else {
+                if (!is_empty($errmsg)) {
+                    $alert = lang2("login server error", ['arg' => $errmsg], false);
                } else {
                    $alert = lang("login incorrect", false);
                }
+            }
        } else {
            $alert = lang("captcha error", false);
        }
--- a/lib/login.php
+++ b/lib/login.php
@ -45,7 +45,7 @@ function checkLoginServer() {
 * @param string $password
 * @return boolean True if OK, else false
 */
-function authenticate_user($username, $password) {
+function authenticate_user($username, $password, &$errmsg) {
    $client = new GuzzleHttp\Client();

    $response = $client
@ -66,6 +66,7 @@ function authenticate_user($username, $password) {
    if ($resp['status'] == "OK") {
        return true;
    } else {
+        $errmsg = $resp['msg'];
        return false;
    }
 }
@ -98,6 +99,34 @@ function user_exists($username) {
    }
 }

+/**
+ * Check if a UID exists.
+ * @param String $uid
+ */
+function uid_exists($uid) {
+    $client = new GuzzleHttp\Client();
+
+    $response = $client
+            ->request('POST', PORTAL_API, [
+        'form_params' => [
+            'key' => PORTAL_KEY,
+            'action' => "userexists",
+            'uid' => $uid
+        ]
+    ]);
+
+    if ($response->getStatusCode() > 299) {
+        sendError("Login server error: " . $response->getBody());
+    }
+
+    $resp = json_decode($response->getBody(), TRUE);
+    if ($resp['status'] == "OK" && $resp['exists'] === true) {
+        return true;
+    } else {
+        return false;
+    }
+}
+
 /**
 * Get the account status: NORMAL, TERMINATED, LOCKED_OR_DISABLED,
 * CHANGE_PASSWORD, or ALERT_ON_ACCESS