diff --git a/lib/login.php b/lib/login.php
index 1a92bdc..326deae 100644
--- a/lib/login.php
+++ b/lib/login.php
@@ -213,7 +213,7 @@ function doLoginUser($username) {
}
$resp = json_decode($response->getBody(), TRUE);
- var_dump($resp);
+
if ($resp['status'] == "OK") {
$userinfo = $resp['data'];
$_SESSION['username'] = $username;
diff --git a/mobile/index.php b/mobile/index.php
new file mode 100644
index 0000000..a98f643
--- /dev/null
+++ b/mobile/index.php
@@ -0,0 +1,103 @@
+ "OK"]));
+}
+
+function mobile_enabled() {
+ $client = new GuzzleHttp\Client();
+
+ $response = $client
+ ->request('POST', PORTAL_API, [
+ 'form_params' => [
+ 'key' => PORTAL_KEY,
+ 'action' => "mobileenabled"
+ ]
+ ]);
+
+ if ($response->getStatusCode() > 299) {
+ return false;
+ }
+
+ $resp = json_decode($response->getBody(), TRUE);
+ if ($resp['status'] == "OK" && $resp['mobile'] === TRUE) {
+ return true;
+ } else {
+ return false;
+ }
+}
+
+function mobile_valid($username, $code) {
+ $client = new GuzzleHttp\Client();
+
+ $response = $client
+ ->request('POST', PORTAL_API, [
+ 'form_params' => [
+ 'key' => PORTAL_KEY,
+ "code" => $code,
+ "username" => $username,
+ 'action' => "mobilevalid"
+ ]
+ ]);
+
+ if ($response->getStatusCode() > 299) {
+ return false;
+ }
+
+ $resp = json_decode($response->getBody(), TRUE);
+ if ($resp['status'] == "OK" && $resp['valid'] === TRUE) {
+ return true;
+ } else {
+ return false;
+ }
+}
+
+if (mobile_enabled() !== TRUE) {
+ exit(json_encode(["status" => "ERROR", "msg" => lang("mobile login disabled", false)]));
+}
+
+// Make sure we have a username and access key
+if (is_empty($VARS['username']) || is_empty($VARS['key'])) {
+ http_response_code(401);
+ die(json_encode(["status" => "ERROR", "msg" => "Missing username and/or access key."]));
+}
+
+// Make sure the username and key are actually legit
+if (!mobile_valid($VARS['username'], $VARS['key'])) {
+ engageRateLimit();
+ http_response_code(401);
+ die(json_encode(["status" => "ERROR", "msg" => "Invalid username and/or access key."]));
+}
+
+// Process the action
+switch ($VARS['action']) {
+ case "start_session":
+ // Do a web login.
+ if (user_exists($VARS['username'])) {
+ if (get_account_status($VARS['username']) == "NORMAL") {
+ if (authenticate_user($VARS['username'], $VARS['password'], $autherror)) {
+ if (account_has_permission($VARS['username'], "TASKFLOOR")) {
+ doLoginUser($VARS['username'], $VARS['password']);
+ exit(json_encode(["status" => "OK"]));
+ } else {
+ exit(json_encode(["status" => "ERROR", "msg" => lang("no permission", false)]));
+ }
+ }
+ }
+ }
+ exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)]));
+ default:
+ http_response_code(404);
+ die(json_encode(["status" => "ERROR", "msg" => "The requested action is not available."]));
+}
\ No newline at end of file
diff --git a/pages/edittask.php b/pages/edittask.php
index 2375dbc..b6ac8b0 100644
--- a/pages/edittask.php
+++ b/pages/edittask.php
@@ -57,10 +57,10 @@ if (!is_empty($taskid) && $database->has('assigned_tasks', ['taskid' => $taskid]
:
" placeholder="" />
- :
+ :
- :
+ :