2017-04-29 02:35:49 -06:00
|
|
|
<?php
|
|
|
|
|
|
2017-12-16 13:27:09 -07:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
|
2017-04-29 02:35:49 -06:00
|
|
|
/**
|
|
|
|
|
* Simple JSON API to allow other apps to access accounts in this system.
|
2018-01-03 21:53:42 -07:00
|
|
|
*
|
2017-04-29 02:35:49 -06:00
|
|
|
* Requests can be sent via either GET or POST requests. POST is recommended
|
|
|
|
|
* as it has a lower chance of being logged on the server, exposing unencrypted
|
|
|
|
|
* user passwords.
|
|
|
|
|
*/
|
|
|
|
|
require __DIR__ . '/required.php';
|
|
|
|
|
header("Content-Type: application/json");
|
|
|
|
|
|
2018-07-11 23:32:47 -06:00
|
|
|
|
|
|
|
|
if (empty($VARS['key'])) {
|
2017-04-29 02:35:49 -06:00
|
|
|
die("\"403 Unauthorized\"");
|
2018-07-11 23:32:47 -06:00
|
|
|
} else {
|
|
|
|
|
$key = $VARS['key'];
|
|
|
|
|
if ($database->has('apikeys', ['key' => $key]) !== TRUE) {
|
|
|
|
|
engageRateLimit();
|
|
|
|
|
http_response_code(403);
|
|
|
|
|
Log::insert(LogType::API_BAD_KEY, null, "Key: " . $key);
|
|
|
|
|
die("\"403 Unauthorized\"");
|
|
|
|
|
}
|
2017-04-29 02:35:49 -06:00
|
|
|
}
|
|
|
|
|
|
2017-05-01 14:29:22 -06:00
|
|
|
/**
|
|
|
|
|
* Get the API key with most of the characters replaced with *s.
|
|
|
|
|
* @global string $key
|
|
|
|
|
* @return string
|
|
|
|
|
*/
|
|
|
|
|
function getCensoredKey() {
|
|
|
|
|
global $key;
|
|
|
|
|
$resp = $key;
|
|
|
|
|
if (strlen($key) > 5) {
|
|
|
|
|
for ($i = 2; $i < strlen($key) - 2; $i++) {
|
|
|
|
|
$resp[$i] = "*";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return $resp;
|
|
|
|
|
}
|
|
|
|
|
|
2018-07-11 23:32:47 -06:00
|
|
|
if (empty($VARS['action'])) {
|
|
|
|
|
http_response_code(404);
|
|
|
|
|
die(json_encode("No action specified."));
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-29 02:35:49 -06:00
|
|
|
switch ($VARS['action']) {
|
|
|
|
|
case "ping":
|
|
|
|
|
exit(json_encode(["status" => "OK"]));
|
|
|
|
|
break;
|
|
|
|
|
case "auth":
|
2018-07-11 23:32:47 -06:00
|
|
|
$user = User::byUsername($VARS['username']);
|
|
|
|
|
if ($user->checkPassword($VARS['password'])) {
|
|
|
|
|
Log::insert(LogType::API_AUTH_OK, null, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
|
2018-07-09 23:16:43 -06:00
|
|
|
exit(json_encode(["status" => "OK", "msg" => $Strings->get("login successful", false)]));
|
2017-04-29 02:35:49 -06:00
|
|
|
} else {
|
2018-07-11 23:32:47 -06:00
|
|
|
Log::insert(LogType::API_AUTH_FAILED, $user->getUID(), "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
|
|
|
|
|
if ($user->exists()) {
|
|
|
|
|
switch ($user->getStatus()->get()) {
|
|
|
|
|
case AccountStatus::LOCKED_OR_DISABLED:
|
2018-07-09 23:16:43 -06:00
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("account locked", false)]));
|
2018-07-11 23:32:47 -06:00
|
|
|
case AccountStatus::TERMINATED:
|
2018-07-09 23:16:43 -06:00
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("account terminated", false)]));
|
2018-07-11 23:32:47 -06:00
|
|
|
case AccountStatus::CHANGE_PASSWORD:
|
2018-07-09 23:16:43 -06:00
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("password expired", false)]));
|
2018-07-11 23:32:47 -06:00
|
|
|
case AccountStatus::NORMAL:
|
2017-05-14 12:42:02 -06:00
|
|
|
break;
|
2017-05-06 23:19:22 -06:00
|
|
|
default:
|
2018-07-09 23:16:43 -06:00
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("account state error", false)]));
|
2017-05-06 23:19:22 -06:00
|
|
|
}
|
|
|
|
|
}
|
2018-07-09 23:16:43 -06:00
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("login incorrect", false)]));
|
2017-04-29 02:35:49 -06:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case "userinfo":
|
2018-07-11 23:32:47 -06:00
|
|
|
if (!empty($VARS['username'])) {
|
|
|
|
|
$user = User::byUsername($VARS['username']);
|
|
|
|
|
} else if (!empty($VARS['uid']) && is_numeric($VARS['uid'])) {
|
|
|
|
|
$user = new User($VARS['uid']);
|
2017-04-29 02:35:49 -06:00
|
|
|
} else {
|
2017-06-16 18:40:12 -06:00
|
|
|
http_response_code(400);
|
2017-05-01 14:38:36 -06:00
|
|
|
die("\"400 Bad Request\"");
|
2017-04-29 02:35:49 -06:00
|
|
|
}
|
2018-07-11 23:32:47 -06:00
|
|
|
if ($user->exists()) {
|
|
|
|
|
$data = $database->get("accounts", ["uid", "username", "realname (name)", "email", "phone" => ["phone1 (1)", "phone2 (2)"], 'pin'], ["uid" => $user->getUID()]);
|
|
|
|
|
$data['pin'] = (is_null($data['pin']) || $data['pin'] == "" ? false : true);
|
|
|
|
|
exit(json_encode(["status" => "OK", "data" => $data]));
|
|
|
|
|
} else {
|
|
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("login incorrect", false)]));
|
|
|
|
|
}
|
2017-04-29 02:35:49 -06:00
|
|
|
break;
|
|
|
|
|
case "userexists":
|
2018-07-11 23:32:47 -06:00
|
|
|
if (!empty($VARS['uid']) && is_numeric($VARS['uid'])) {
|
|
|
|
|
$user = new User($VARS['uid']);
|
|
|
|
|
} else if (!empty($VARS['username'])) {
|
|
|
|
|
$user = User::byUsername($VARS['username']);
|
2017-04-29 02:35:49 -06:00
|
|
|
} else {
|
2018-07-11 23:32:47 -06:00
|
|
|
http_response_code(400);
|
|
|
|
|
die("\"400 Bad Request\"");
|
2017-04-29 02:35:49 -06:00
|
|
|
}
|
2018-07-11 23:32:47 -06:00
|
|
|
|
|
|
|
|
exit(json_encode(["status" => "OK", "exists" => $user->exists()]));
|
2017-04-29 02:35:49 -06:00
|
|
|
break;
|
|
|
|
|
case "hastotp":
|
2018-07-11 23:32:47 -06:00
|
|
|
exit(json_encode(["status" => "OK", "otp" => User::byUsername($VARS['username'])->has2fa()]));
|
2017-04-29 02:35:49 -06:00
|
|
|
break;
|
|
|
|
|
case "verifytotp":
|
2018-07-11 23:32:47 -06:00
|
|
|
$user = User::byUsername($VARS['username']);
|
|
|
|
|
if ($user->check2fa($VARS['code'])) {
|
2017-04-29 02:35:49 -06:00
|
|
|
exit(json_encode(["status" => "OK", "valid" => true]));
|
|
|
|
|
} else {
|
2018-07-11 23:32:47 -06:00
|
|
|
Log::insert(LogType::API_BAD_2FA, null, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
|
2018-07-09 23:16:43 -06:00
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("2fa incorrect", false), "valid" => false]));
|
2017-04-29 02:35:49 -06:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case "acctstatus":
|
2018-07-11 23:32:47 -06:00
|
|
|
exit(json_encode(["status" => "OK", "account" => User::byUsername($VARS['username'])->getStatus()->getString()]));
|
2017-04-29 02:35:49 -06:00
|
|
|
case "login":
|
|
|
|
|
// simulate a login, checking account status and alerts
|
2018-07-11 23:32:47 -06:00
|
|
|
engageRateLimit();
|
|
|
|
|
$user = User::byUsername($VARS['username']);
|
|
|
|
|
if ($user->checkPassword($VARS['password'])) {
|
|
|
|
|
switch ($user->getStatus()->getString()) {
|
2017-04-29 02:35:49 -06:00
|
|
|
case "LOCKED_OR_DISABLED":
|
2018-07-11 23:32:47 -06:00
|
|
|
Log::insert(LogType::API_LOGIN_FAILED, $uid, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
|
2018-07-09 23:16:43 -06:00
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("account locked", false)]));
|
2017-04-29 02:35:49 -06:00
|
|
|
case "TERMINATED":
|
2018-07-11 23:32:47 -06:00
|
|
|
Log::insert(LogType::API_LOGIN_FAILED, $uid, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
|
2018-07-09 23:16:43 -06:00
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("account terminated", false)]));
|
2017-04-29 02:35:49 -06:00
|
|
|
case "CHANGE_PASSWORD":
|
2018-07-11 23:32:47 -06:00
|
|
|
Log::insert(LogType::API_LOGIN_FAILED, $uid, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
|
2018-07-09 23:16:43 -06:00
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("password expired", false)]));
|
2017-04-29 02:35:49 -06:00
|
|
|
case "NORMAL":
|
2018-07-11 23:32:47 -06:00
|
|
|
Log::insert(LogType::API_LOGIN_OK, $uid, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
|
2017-04-29 02:35:49 -06:00
|
|
|
exit(json_encode(["status" => "OK"]));
|
|
|
|
|
case "ALERT_ON_ACCESS":
|
2018-07-11 23:32:47 -06:00
|
|
|
$user->sendAlertEmail();
|
|
|
|
|
Log::insert(LogType::API_LOGIN_OK, $uid, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
|
2017-04-29 02:35:49 -06:00
|
|
|
exit(json_encode(["status" => "OK", "alert" => true]));
|
|
|
|
|
default:
|
2018-07-11 23:32:47 -06:00
|
|
|
Log::insert(LogType::API_LOGIN_FAILED, $uid, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
|
2018-07-09 23:16:43 -06:00
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("account state error", false)]));
|
2017-04-29 02:35:49 -06:00
|
|
|
}
|
|
|
|
|
} else {
|
2018-07-11 23:32:47 -06:00
|
|
|
Log::insert(LogType::API_LOGIN_FAILED, null, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
|
2018-07-09 23:16:43 -06:00
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("login incorrect", false)]));
|
2017-04-29 02:35:49 -06:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case "ismanagerof":
|
2018-01-03 21:53:42 -07:00
|
|
|
if ($VARS['uid'] == "1") {
|
2018-07-11 23:32:47 -06:00
|
|
|
$manager = new User($VARS['manager']);
|
|
|
|
|
$employee = new User($VARS['employee']);
|
2017-04-29 02:35:49 -06:00
|
|
|
} else {
|
2018-07-11 23:32:47 -06:00
|
|
|
$manager = User::byUsername($VARS['manager']);
|
|
|
|
|
$employee = User::byUsername($VARS['employee']);
|
|
|
|
|
}
|
|
|
|
|
if (!$manager->exists()) {
|
|
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("user does not exist", false), "user" => $VARS['manager']]));
|
2017-05-02 19:18:59 -06:00
|
|
|
}
|
2018-07-11 23:32:47 -06:00
|
|
|
if (!$employee->exists()) {
|
|
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("user does not exist", false), "user" => $VARS['employee']]));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($database->has('managers', ['AND' => ['managerid' => $manager->getUID(), 'employeeid' => $employee->getUID()]])) {
|
2017-05-02 19:18:59 -06:00
|
|
|
exit(json_encode(["status" => "OK", "managerof" => true]));
|
|
|
|
|
} else {
|
|
|
|
|
exit(json_encode(["status" => "OK", "managerof" => false]));
|
|
|
|
|
}
|
|
|
|
|
break;
|
2017-05-03 13:32:11 -06:00
|
|
|
case "getmanaged":
|
2018-07-11 23:32:47 -06:00
|
|
|
if (!empty($VARS['uid'])) {
|
|
|
|
|
$manager = new User($VARS['uid']);
|
|
|
|
|
} else if (!empty($VARS['username'])) {
|
|
|
|
|
$manager = User::byUsername($VARS['username']);
|
2017-05-03 13:32:11 -06:00
|
|
|
} else {
|
2017-06-16 18:40:12 -06:00
|
|
|
http_response_code(400);
|
2017-05-03 13:32:11 -06:00
|
|
|
die("\"400 Bad Request\"");
|
|
|
|
|
}
|
2018-07-11 23:32:47 -06:00
|
|
|
if (!$manager->exists()) {
|
|
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("user does not exist", false)]));
|
|
|
|
|
}
|
2017-10-10 12:36:18 -06:00
|
|
|
if ($VARS['get'] == "username") {
|
2018-07-11 23:32:47 -06:00
|
|
|
$managed = $database->select('managers', ['[>]accounts' => ['employeeid' => 'uid']], 'username', ['managerid' => $manager->getUID()]);
|
2017-10-10 12:36:18 -06:00
|
|
|
} else {
|
2018-07-11 23:32:47 -06:00
|
|
|
$managed = $database->select('managers', 'employeeid', ['managerid' => $manager->getUID()]);
|
2017-10-10 12:36:18 -06:00
|
|
|
}
|
2017-05-03 13:32:11 -06:00
|
|
|
exit(json_encode(["status" => "OK", "employees" => $managed]));
|
|
|
|
|
break;
|
|
|
|
|
case "getmanagers":
|
2018-07-11 23:32:47 -06:00
|
|
|
if (!empty($VARS['uid'])) {
|
|
|
|
|
$emp = new User($VARS['uid']);
|
|
|
|
|
} else if (!empty($VARS['username'])) {
|
|
|
|
|
$emp = User::byUsername($VARS['username']);
|
2017-05-03 13:32:11 -06:00
|
|
|
} else {
|
2017-06-16 18:40:12 -06:00
|
|
|
http_response_code(400);
|
2017-05-03 13:32:11 -06:00
|
|
|
die("\"400 Bad Request\"");
|
|
|
|
|
}
|
2018-07-11 23:32:47 -06:00
|
|
|
if (!$emp->exists()) {
|
|
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("user does not exist", false)]));
|
|
|
|
|
}
|
|
|
|
|
$managers = $database->select('managers', 'managerid', ['employeeid' => $emp->getUID()]);
|
2017-05-03 13:32:11 -06:00
|
|
|
exit(json_encode(["status" => "OK", "managers" => $managers]));
|
|
|
|
|
break;
|
2017-05-02 19:18:59 -06:00
|
|
|
case "usersearch":
|
|
|
|
|
if (is_empty($VARS['search']) || strlen($VARS['search']) < 3) {
|
|
|
|
|
exit(json_encode(["status" => "OK", "result" => []]));
|
2017-04-29 02:35:49 -06:00
|
|
|
}
|
2017-05-05 17:13:55 -06:00
|
|
|
$data = $database->select('accounts', ['uid', 'username', 'realname (name)'], ["OR" => ['username[~]' => $VARS['search'], 'realname[~]' => $VARS['search']], "LIMIT" => 10]);
|
2017-05-02 19:18:59 -06:00
|
|
|
exit(json_encode(["status" => "OK", "result" => $data]));
|
2017-04-29 02:35:49 -06:00
|
|
|
break;
|
2017-05-25 00:43:33 -06:00
|
|
|
case "permission":
|
2018-07-11 23:32:47 -06:00
|
|
|
if (empty($VARS['code'])) {
|
2017-06-16 18:40:12 -06:00
|
|
|
http_response_code(400);
|
2017-05-25 00:43:33 -06:00
|
|
|
die("\"400 Bad Request\"");
|
|
|
|
|
}
|
|
|
|
|
$perm = $VARS['code'];
|
2018-07-11 23:32:47 -06:00
|
|
|
if (!empty($VARS['uid'])) {
|
|
|
|
|
$user = new User($VARS['uid']);
|
|
|
|
|
} else if (!empty($VARS['username'])) {
|
|
|
|
|
$user = User::byUsername($VARS['username']);
|
2017-05-25 00:43:33 -06:00
|
|
|
} else {
|
2017-06-16 18:40:12 -06:00
|
|
|
http_response_code(400);
|
2017-05-25 00:43:33 -06:00
|
|
|
die("\"400 Bad Request\"");
|
|
|
|
|
}
|
2018-07-11 23:32:47 -06:00
|
|
|
if (!$user->exists()) {
|
|
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("user does not exist", false)]));
|
|
|
|
|
}
|
|
|
|
|
exit(json_encode(["status" => "OK", "has_permission" => $user->hasPermission($perm)]));
|
2017-05-25 00:43:33 -06:00
|
|
|
break;
|
2017-06-16 22:25:26 -06:00
|
|
|
case "mobileenabled":
|
|
|
|
|
exit(json_encode(["status" => "OK", "mobile" => MOBILE_ENABLED]));
|
|
|
|
|
case "mobilevalid":
|
|
|
|
|
if (is_empty($VARS['username']) || is_empty($VARS['code'])) {
|
|
|
|
|
http_response_code(400);
|
|
|
|
|
die("\"400 Bad Request\"");
|
|
|
|
|
}
|
2017-07-03 03:00:23 -06:00
|
|
|
$code = strtoupper($VARS['code']);
|
|
|
|
|
$user_key_valid = $database->has('mobile_codes', ['[>]accounts' => ['uid' => 'uid']], ["AND" => ['mobile_codes.code' => $code, 'accounts.username' => strtolower($VARS['username'])]]);
|
2017-06-16 22:25:26 -06:00
|
|
|
exit(json_encode(["status" => "OK", "valid" => $user_key_valid]));
|
2017-06-23 15:48:45 -06:00
|
|
|
case "alertemail":
|
|
|
|
|
engageRateLimit();
|
2018-07-11 23:32:47 -06:00
|
|
|
if (is_empty($VARS['username']) || !User::byUsername($VARS['username'])->exists()) {
|
2017-06-23 15:48:45 -06:00
|
|
|
http_response_code(400);
|
|
|
|
|
die("\"400 Bad Request\"");
|
|
|
|
|
}
|
|
|
|
|
$appname = "???";
|
|
|
|
|
if (!is_empty($VARS['appname'])) {
|
|
|
|
|
$appname = $VARS['appname'];
|
|
|
|
|
}
|
2018-07-11 23:32:47 -06:00
|
|
|
$result = User::byUsername($VARS['username'])->sendAlertEmail($appname);
|
2017-06-23 15:48:45 -06:00
|
|
|
if ($result === TRUE) {
|
|
|
|
|
exit(json_encode(["status" => "OK"]));
|
|
|
|
|
}
|
|
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $result]));
|
2017-12-18 01:44:53 -07:00
|
|
|
case "codelogin":
|
|
|
|
|
$database->delete("onetimekeys", ["expires[<]" => date("Y-m-d H:i:s")]); // cleanup
|
|
|
|
|
if ($database->has("onetimekeys", ["key" => $VARS['code'], "expires[>]" => date("Y-m-d H:i:s")])) {
|
|
|
|
|
$user = $database->get("onetimekeys", ["[>]accounts" => ["uid" => "uid"]], ["username", "realname", "accounts.uid"], ["key" => $VARS['code']]);
|
|
|
|
|
exit(json_encode(["status" => "OK", "user" => $user]));
|
|
|
|
|
} else {
|
2018-07-09 23:16:43 -06:00
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("no such code or code expired", false)]));
|
2017-12-18 01:44:53 -07:00
|
|
|
}
|
2017-12-20 17:36:25 -07:00
|
|
|
case "listapps":
|
|
|
|
|
$apps = EXTERNAL_APPS;
|
|
|
|
|
// Format paths as absolute URLs
|
|
|
|
|
foreach ($apps as $k => $v) {
|
|
|
|
|
if (strpos($apps[$k]['url'], "http") === FALSE) {
|
|
|
|
|
$apps[$k]['url'] = (isset($_SERVER['HTTPS']) ? "https" : "http") . "://" . $_SERVER['HTTP_HOST'] . ($_SERVER['SERVER_PORT'] != 80 || $_SERVER['SERVER_PORT'] != 443 ? ":" . $_SERVER['SERVER_PORT'] : "") . $apps[$k]['url'];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
exit(json_encode(["status" => "OK", "apps" => $apps]));
|
2017-12-21 01:21:18 -07:00
|
|
|
case "getusersbygroup":
|
|
|
|
|
if ($VARS['gid']) {
|
|
|
|
|
if ($database->has("groups", ['groupid' => $VARS['gid']])) {
|
|
|
|
|
$groupid = $VARS['gid'];
|
|
|
|
|
} else {
|
2018-07-09 23:16:43 -06:00
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("group does not exist", false)]));
|
2017-12-21 01:21:18 -07:00
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
http_response_code(400);
|
|
|
|
|
die("\"400 Bad Request\"");
|
|
|
|
|
}
|
|
|
|
|
if ($VARS['get'] == "username") {
|
2018-01-19 14:19:33 -07:00
|
|
|
$users = $database->select('assigned_groups', ['[>]accounts' => ['uid' => 'uid']], 'username', ['groupid' => $groupid, "ORDER" => "username"]);
|
2017-12-28 16:12:15 -07:00
|
|
|
} else if ($VARS['get'] == "detail") {
|
2018-01-19 14:19:33 -07:00
|
|
|
$users = $database->select('assigned_groups', ['[>]accounts' => ['uid' => 'uid']], ['username', 'realname (name)', 'accounts.uid', 'pin'], ['groupid' => $groupid, "ORDER" => "realname"]);
|
2017-12-30 11:30:48 -07:00
|
|
|
for ($i = 0; $i < count($users); $i++) {
|
|
|
|
|
if (is_null($users[$i]['pin']) || $users[$i]['pin'] == "") {
|
|
|
|
|
$users[$i]['pin'] = false;
|
|
|
|
|
} else {
|
|
|
|
|
$users[$i]['pin'] = true;
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-12-21 01:21:18 -07:00
|
|
|
} else {
|
|
|
|
|
$users = $database->select('assigned_groups', 'uid', ['groupid' => $groupid]);
|
|
|
|
|
}
|
|
|
|
|
exit(json_encode(["status" => "OK", "users" => $users]));
|
|
|
|
|
break;
|
|
|
|
|
case "getgroupsbyuser":
|
|
|
|
|
if ($VARS['uid']) {
|
|
|
|
|
if ($database->has("accounts", ['uid' => $VARS['uid']])) {
|
|
|
|
|
$empid = $VARS['uid'];
|
|
|
|
|
} else {
|
2018-07-09 23:16:43 -06:00
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("user does not exist", false)]));
|
2017-12-21 01:21:18 -07:00
|
|
|
}
|
|
|
|
|
} else if ($VARS['username']) {
|
|
|
|
|
if ($database->has("accounts", ['username' => strtolower($VARS['username'])])) {
|
|
|
|
|
$empid = $database->select('accounts', 'uid', ['username' => strtolower($VARS['username'])]);
|
|
|
|
|
} else {
|
2018-07-09 23:16:43 -06:00
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("user does not exist", false)]));
|
2017-12-21 01:21:18 -07:00
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
http_response_code(400);
|
|
|
|
|
die("\"400 Bad Request\"");
|
|
|
|
|
}
|
|
|
|
|
$groups = $database->select('assigned_groups', ["[>]groups" => ["groupid" => "groupid"]], ['groups.groupid (id)', 'groups.groupname (name)'], ['uid' => $empid]);
|
|
|
|
|
exit(json_encode(["status" => "OK", "groups" => $groups]));
|
|
|
|
|
break;
|
|
|
|
|
case "getgroups":
|
|
|
|
|
$groups = $database->select('groups', ['groupid (id)', 'groupname (name)']);
|
|
|
|
|
exit(json_encode(["status" => "OK", "groups" => $groups]));
|
|
|
|
|
break;
|
|
|
|
|
case "groupsearch":
|
|
|
|
|
if (is_empty($VARS['search']) || strlen($VARS['search']) < 2) {
|
|
|
|
|
exit(json_encode(["status" => "OK", "result" => []]));
|
|
|
|
|
}
|
|
|
|
|
$data = $database->select('groups', ['groupid (id)', 'groupname (name)'], ['groupname[~]' => $VARS['search'], "LIMIT" => 10]);
|
|
|
|
|
exit(json_encode(["status" => "OK", "result" => $data]));
|
|
|
|
|
break;
|
2017-12-30 11:30:48 -07:00
|
|
|
case "checkpin":
|
|
|
|
|
$pin = "";
|
|
|
|
|
if (is_empty($VARS['pin'])) {
|
|
|
|
|
http_response_code(400);
|
|
|
|
|
die("\"400 Bad Request\"");
|
|
|
|
|
}
|
2018-07-11 23:32:47 -06:00
|
|
|
if (!empty($VARS['username'])) {
|
|
|
|
|
$user = User::byUsername($VARS['username']);
|
|
|
|
|
} else if (!empty($VARS['uid'])) {
|
|
|
|
|
$user = new User($VARS['uid']);
|
2017-12-30 11:30:48 -07:00
|
|
|
} else {
|
|
|
|
|
http_response_code(400);
|
|
|
|
|
die("\"400 Bad Request\"");
|
|
|
|
|
}
|
2018-07-11 23:32:47 -06:00
|
|
|
if ($user->exists()) {
|
|
|
|
|
$pin = $database->get("accounts", "pin", ["uid" => $user->getUID()]);
|
|
|
|
|
} else {
|
|
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("login incorrect", false)]));
|
|
|
|
|
}
|
2017-12-30 11:30:48 -07:00
|
|
|
if (is_null($pin) || $pin == "") {
|
|
|
|
|
exit(json_encode(["status" => "ERROR", "pinvalid" => false, "nopinset" => true]));
|
|
|
|
|
}
|
|
|
|
|
exit(json_encode(["status" => "OK", "pinvalid" => ($pin == $VARS['pin'])]));
|
|
|
|
|
break;
|
2018-07-12 00:00:38 -06:00
|
|
|
case "getnotifications":
|
|
|
|
|
if (!empty($VARS['username'])) {
|
|
|
|
|
$user = User::byUsername($VARS['username']);
|
|
|
|
|
} else if (!empty($VARS['uid'])) {
|
|
|
|
|
$user = new User($VARS['uid']);
|
|
|
|
|
} else {
|
|
|
|
|
http_response_code(400);
|
|
|
|
|
die("\"400 Bad Request\"");
|
|
|
|
|
}
|
2018-07-12 02:19:06 -06:00
|
|
|
try {
|
|
|
|
|
$notifications = Notifications::get($user);
|
2018-07-12 00:00:38 -06:00
|
|
|
exit(json_encode(["status" => "OK", "notifications" => $notifications]));
|
2018-07-12 02:19:06 -06:00
|
|
|
} catch (Exception $ex) {
|
|
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $ex->getMessage()]));
|
2018-07-12 00:00:38 -06:00
|
|
|
}
|
2018-07-12 02:19:06 -06:00
|
|
|
break;
|
2018-07-12 00:00:38 -06:00
|
|
|
case "readnotification":
|
|
|
|
|
if (!empty($VARS['username'])) {
|
|
|
|
|
$user = User::byUsername($VARS['username']);
|
|
|
|
|
} else if (!empty($VARS['uid'])) {
|
|
|
|
|
$user = new User($VARS['uid']);
|
|
|
|
|
} else {
|
|
|
|
|
http_response_code(400);
|
|
|
|
|
die("\"400 Bad Request\"");
|
|
|
|
|
}
|
2018-07-12 02:19:06 -06:00
|
|
|
if (empty($VARS['id'])) {
|
2018-07-12 00:00:38 -06:00
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("invalid parameters", false)]));
|
|
|
|
|
}
|
2018-07-12 02:19:06 -06:00
|
|
|
try {
|
|
|
|
|
Notifications::read($user, $VARS['id']);
|
|
|
|
|
exit(json_encode(["status" => "OK"]));
|
|
|
|
|
} catch (Exception $ex) {
|
|
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $ex->getMessage()]));
|
|
|
|
|
}
|
|
|
|
|
break;
|
2018-07-12 00:00:38 -06:00
|
|
|
case "addnotification":
|
|
|
|
|
if (!empty($VARS['username'])) {
|
|
|
|
|
$user = User::byUsername($VARS['username']);
|
|
|
|
|
} else if (!empty($VARS['uid'])) {
|
|
|
|
|
$user = new User($VARS['uid']);
|
|
|
|
|
} else {
|
|
|
|
|
http_response_code(400);
|
|
|
|
|
die("\"400 Bad Request\"");
|
|
|
|
|
}
|
|
|
|
|
|
2018-07-12 02:19:06 -06:00
|
|
|
try {
|
|
|
|
|
$timestamp = "";
|
2018-07-12 00:00:38 -06:00
|
|
|
if (!empty($VARS['timestamp'])) {
|
|
|
|
|
$timestamp = date("Y-m-d H:i:s", strtotime($VARS['timestamp']));
|
|
|
|
|
}
|
|
|
|
|
$url = "";
|
|
|
|
|
if (!empty($VARS['url'])) {
|
|
|
|
|
$url = $VARS['url'];
|
|
|
|
|
}
|
2018-07-12 02:19:06 -06:00
|
|
|
$nid = Notifications::add($user, $VARS['title'], $VARS['content'], $timestamp, $url, isset($VARS['sensitive']));
|
|
|
|
|
|
|
|
|
|
exit(json_encode(["status" => "OK", "id" => $nid]));
|
|
|
|
|
} catch (Exception $ex) {
|
|
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $ex->getMessage()]));
|
2018-07-12 00:00:38 -06:00
|
|
|
}
|
2018-07-12 02:19:06 -06:00
|
|
|
break;
|
2018-07-12 00:00:38 -06:00
|
|
|
case "deletenotification":
|
|
|
|
|
if (!empty($VARS['username'])) {
|
|
|
|
|
$user = User::byUsername($VARS['username']);
|
|
|
|
|
} else if (!empty($VARS['uid'])) {
|
|
|
|
|
$user = new User($VARS['uid']);
|
|
|
|
|
} else {
|
|
|
|
|
http_response_code(400);
|
|
|
|
|
die("\"400 Bad Request\"");
|
|
|
|
|
}
|
|
|
|
|
|
2018-07-12 02:19:06 -06:00
|
|
|
if (empty($VARS['id'])) {
|
2018-07-12 00:00:38 -06:00
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("invalid parameters", false)]));
|
|
|
|
|
}
|
2018-07-12 02:19:06 -06:00
|
|
|
try {
|
|
|
|
|
Notifications::delete($user, $VARS['id']);
|
|
|
|
|
exit(json_encode(["status" => "OK"]));
|
|
|
|
|
} catch (Exception $ex) {
|
|
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $ex->getMessage()]));
|
|
|
|
|
}
|
|
|
|
|
break;
|
2017-04-29 02:35:49 -06:00
|
|
|
default:
|
2017-06-16 18:40:12 -06:00
|
|
|
http_response_code(404);
|
2017-06-16 22:25:26 -06:00
|
|
|
die(json_encode("404 Not Found: the requested action is not available."));
|
2018-07-11 23:32:47 -06:00
|
|
|
}
|
