Pro-Idler/AccountHub
1
0
Fork 0
forked from Business/AccountHub
Code Issues Pull Requests Projects Releases Wiki Activity

Improve mobile integration, fix some upper/lower case bugs

Browse Source
This commit is contained in:
Skylar Ittner 2017-07-03 03:00:23 -06:00
parent bee707be8a
commit 14f401f355
10 changed files with 68 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
api.php
View File

@ -43,10 +43,10 @@ switch ($VARS['action']) {
case "auth": case "auth":
$errmsg = ""; $errmsg = "";
if (authenticate_user($VARS['username'], $VARS['password'], $errmsg)) { if (authenticate_user($VARS['username'], $VARS['password'], $errmsg)) {
insertAuthLog(12, null, "Username: " . $VARS['username'] . ", Key: " . getCensoredKey()); insertAuthLog(12, null, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
exit(json_encode(["status" => "OK", "msg" => lang("login successful", false)])); exit(json_encode(["status" => "OK", "msg" => lang("login successful", false)]));
} else { } else {
insertAuthLog(13, $uid, "Username: " . $VARS['username'] . ", Key: " . getCensoredKey()); insertAuthLog(13, $uid, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
if (!is_empty($errmsg)) { if (!is_empty($errmsg)) {
exit(json_encode(["status" => "ERROR", "msg" => lang2("ldap error", ['error' => $errmsg], false)])); exit(json_encode(["status" => "ERROR", "msg" => lang2("ldap error", ['error' => $errmsg], false)]));
} }
@ -70,7 +70,7 @@ switch ($VARS['action']) {
case "userinfo": case "userinfo":
if (!is_empty($VARS['username'])) { if (!is_empty($VARS['username'])) {
if (user_exists_local($VARS['username'])) { if (user_exists_local($VARS['username'])) {
$data = $database->select("accounts", ["uid", "username", "realname (name)", "email", "phone" => ["phone1 (1)", "phone2 (2)"]], ["username" => $VARS['username']])[0]; $data = $database->select("accounts", ["uid", "username", "realname (name)", "email", "phone" => ["phone1 (1)", "phone2 (2)"]], ["username" => strtolower($VARS['username'])])[0];
exit(json_encode(["status" => "OK", "data" => $data])); exit(json_encode(["status" => "OK", "data" => $data]));
} else { } else {
exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)])); exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)]));
@ -112,7 +112,7 @@ switch ($VARS['action']) {
if (verifyTOTP($VARS['username'], $VARS['code'])) { if (verifyTOTP($VARS['username'], $VARS['code'])) {
exit(json_encode(["status" => "OK", "valid" => true])); exit(json_encode(["status" => "OK", "valid" => true]));
} else { } else {
insertAuthLog(7, null, "Username: " . $VARS['username'] . ", Key: " . getCensoredKey()); insertAuthLog(7, null, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
exit(json_encode(["status" => "ERROR", "msg" => lang("2fa incorrect", false), "valid" => false])); exit(json_encode(["status" => "ERROR", "msg" => lang("2fa incorrect", false), "valid" => false]));
} }
break; break;
@ -123,30 +123,30 @@ switch ($VARS['action']) {
// simulate a login, checking account status and alerts // simulate a login, checking account status and alerts
$errmsg = ""; $errmsg = "";
if (authenticate_user($VARS['username'], $VARS['password'], $errmsg)) { if (authenticate_user($VARS['username'], $VARS['password'], $errmsg)) {
$uid = $database->select('accounts', 'uid', ['username' => $VARS['username']])[0]; $uid = $database->select('accounts', 'uid', ['username' => strtolower($VARS['username'])])[0];
switch (get_account_status($VARS['username'])) { switch (get_account_status($VARS['username'])) {
case "LOCKED_OR_DISABLED": case "LOCKED_OR_DISABLED":
insertAuthLog(5, $uid, "Username: " . $VARS['username'] . ", Key: " . getCensoredKey()); insertAuthLog(5, $uid, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
exit(json_encode(["status" => "ERROR", "msg" => lang("account locked", false)])); exit(json_encode(["status" => "ERROR", "msg" => lang("account locked", false)]));
case "TERMINATED": case "TERMINATED":
insertAuthLog(5, $uid, "Username: " . $VARS['username'] . ", Key: " . getCensoredKey()); insertAuthLog(5, $uid, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
exit(json_encode(["status" => "ERROR", "msg" => lang("account terminated", false)])); exit(json_encode(["status" => "ERROR", "msg" => lang("account terminated", false)]));
case "CHANGE_PASSWORD": case "CHANGE_PASSWORD":
insertAuthLog(5, $uid, "Username: " . $VARS['username'] . ", Key: " . getCensoredKey()); insertAuthLog(5, $uid, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
exit(json_encode(["status" => "ERROR", "msg" => lang("password expired", false)])); exit(json_encode(["status" => "ERROR", "msg" => lang("password expired", false)]));
case "NORMAL": case "NORMAL":
insertAuthLog(4, $uid, "Username: " . $VARS['username'] . ", Key: " . getCensoredKey()); insertAuthLog(4, $uid, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
exit(json_encode(["status" => "OK"])); exit(json_encode(["status" => "OK"]));
case "ALERT_ON_ACCESS": case "ALERT_ON_ACCESS":
sendLoginAlertEmail($VARS['username']); sendLoginAlertEmail($VARS['username']);
insertAuthLog(4, $uid, "Username: " . $VARS['username'] . ", Key: " . getCensoredKey()); insertAuthLog(4, $uid, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
exit(json_encode(["status" => "OK", "alert" => true])); exit(json_encode(["status" => "OK", "alert" => true]));
default: default:
insertAuthLog(5, $uid, "Username: " . $VARS['username'] . ", Key: " . getCensoredKey()); insertAuthLog(5, $uid, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
exit(json_encode(["status" => "ERROR", "msg" => lang("account state error", false)])); exit(json_encode(["status" => "ERROR", "msg" => lang("account state error", false)]));
} }
} else { } else {
insertAuthLog(5, null, "Username: " . $VARS['username'] . ", Key: " . getCensoredKey()); insertAuthLog(5, null, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
if (!is_empty($errmsg)) { if (!is_empty($errmsg)) {
exit(json_encode(["status" => "ERROR", "msg" => lang2("ldap error", ['error' => $errmsg], false)])); exit(json_encode(["status" => "ERROR", "msg" => lang2("ldap error", ['error' => $errmsg], false)]));
} }
@ -168,13 +168,13 @@ switch ($VARS['action']) {
} else { } else {
if (user_exists_local($VARS['manager'])) { if (user_exists_local($VARS['manager'])) {
if (user_exists_local($VARS['employee'])) { if (user_exists_local($VARS['employee'])) {
$managerid = $database->select('accounts', 'uid', ['username' => $VARS['manager']]); $managerid = $database->select('accounts', 'uid', ['username' => strtolower($VARS['manager'])]);
$employeeid = $database->select('accounts', 'uid', ['username' => $VARS['employee']]); $employeeid = $database->select('accounts', 'uid', ['username' => strtolower($VARS['employee'])]);
} else { } else {
exit(json_encode(["status" => "ERROR", "msg" => lang("user does not exist", false), "user" => $VARS['employee']])); exit(json_encode(["status" => "ERROR", "msg" => lang("user does not exist", false), "user" => strtolower($VARS['employee'])]));
} }
} else { } else {
exit(json_encode(["status" => "ERROR", "msg" => lang("user does not exist", false), "user" => $VARS['manager']])); exit(json_encode(["status" => "ERROR", "msg" => lang("user does not exist", false), "user" => strtolower($VARS['manager'])]));
} }
} }
if ($database->has('managers', ['AND' => ['managerid' => $managerid, 'employeeid' => $employeeid]])) { if ($database->has('managers', ['AND' => ['managerid' => $managerid, 'employeeid' => $employeeid]])) {
@ -191,8 +191,8 @@ switch ($VARS['action']) {
exit(json_encode(["status" => "ERROR", "msg" => lang("user does not exist", false)])); exit(json_encode(["status" => "ERROR", "msg" => lang("user does not exist", false)]));
} }
} else if ($VARS['username']) { } else if ($VARS['username']) {
if ($database->has("accounts", ['username' => $VARS['username']])) { if ($database->has("accounts", ['username' => strtolower($VARS['username'])])) {
$managerid = $database->select('accounts', 'uid', ['username' => $VARS['username']]); $managerid = $database->select('accounts', 'uid', ['username' => strtolower($VARS['username'])]);
} else { } else {
exit(json_encode(["status" => "ERROR", "msg" => lang("user does not exist", false)])); exit(json_encode(["status" => "ERROR", "msg" => lang("user does not exist", false)]));
} }
@ -211,8 +211,8 @@ switch ($VARS['action']) {
exit(json_encode(["status" => "ERROR", "msg" => lang("user does not exist", false)])); exit(json_encode(["status" => "ERROR", "msg" => lang("user does not exist", false)]));
} }
} else if ($VARS['username']) { } else if ($VARS['username']) {
if ($database->has("accounts", ['username' => $VARS['username']])) { if ($database->has("accounts", ['username' => strtolower($VARS['username'])])) {
$empid = $database->select('accounts', 'uid', ['username' => $VARS['username']]); $empid = $database->select('accounts', 'uid', ['username' => strtolower($VARS['username'])]);
} else { } else {
exit(json_encode(["status" => "ERROR", "msg" => lang("user does not exist", false)])); exit(json_encode(["status" => "ERROR", "msg" => lang("user does not exist", false)]));
} }
@ -243,7 +243,7 @@ switch ($VARS['action']) {
exit(json_encode(["status" => "ERROR", "msg" => lang("user does not exist", false)])); exit(json_encode(["status" => "ERROR", "msg" => lang("user does not exist", false)]));
} }
} else if ($VARS['username']) { } else if ($VARS['username']) {
if ($database->has("accounts", ['username' => $VARS['username']])) { if ($database->has("accounts", ['username' => strtolower($VARS['username'])])) {
$user = $VARS['username']; $user = $VARS['username'];
} else { } else {
exit(json_encode(["status" => "ERROR", "msg" => lang("user does not exist", false)])); exit(json_encode(["status" => "ERROR", "msg" => lang("user does not exist", false)]));
@ -262,7 +262,8 @@ switch ($VARS['action']) {
http_response_code(400); http_response_code(400);
die("\"400 Bad Request\""); die("\"400 Bad Request\"");
} }
$user_key_valid = $database->has('mobile_codes', ['[>]accounts' => ['uid' => 'uid']], ["AND" => ['mobile_codes.code' => $VARS['code'], 'accounts.username' => $VARS['username']]]); $code = strtoupper($VARS['code']);
$user_key_valid = $database->has('mobile_codes', ['[>]accounts' => ['uid' => 'uid']], ["AND" => ['mobile_codes.code' => $code, 'accounts.username' => strtolower($VARS['username'])]]);
exit(json_encode(["status" => "OK", "valid" => $user_key_valid])); exit(json_encode(["status" => "OK", "valid" => $user_key_valid]));
case "alertemail": case "alertemail":
engageRateLimit(); engageRateLimit();

2
apps/inventory_link.php
View File

@ -10,6 +10,6 @@ $APPS["inventory_link"]["i18n"] = TRUE;
$APPS["inventory_link"]["title"] = "inventory"; $APPS["inventory_link"]["title"] = "inventory";
$APPS["inventory_link"]["icon"] = "cubes"; $APPS["inventory_link"]["icon"] = "cubes";
$APPS["inventory_link"]["type"] = "teal"; $APPS["inventory_link"]["type"] = "teal";
$content = "<p>" . lang("open inventory system", false) . '</p><a href="' . INVENTORY_HOME . '" class="btn btn-primary btn-block">' . lang("open app", false) . ' &nbsp;<i class="fa fa-external-link-square"></i></a>'; $content = "<p class='mobile-app-hide'>" . lang("open inventory system", false) . '</p><a href="' . INVENTORY_HOME . '" class="btn btn-primary btn-block mobile-app-hide">' . lang("open app", false) . ' &nbsp;<i class="fa fa-external-link-square"></i></a>';
$APPS["inventory_link"]["content"] = $content; $APPS["inventory_link"]["content"] = $content;
?> ?>

2
apps/qwikclock_inout.php
View File

@ -38,6 +38,6 @@ $content .= <<<END
<a href="home.php?&qwikclock=punchin" class="btn btn-block btn-success btn-lg"><i class="fa fa-play"></i> $lang_punchin</a> <a href="home.php?&qwikclock=punchin" class="btn btn-block btn-success btn-lg"><i class="fa fa-play"></i> $lang_punchin</a>
<a href="home.php?qwikclock=punchout" class="btn btn-block btn-danger btn-lg"><i class="fa fa-stop"></i> $lang_punchout</a> <a href="home.php?qwikclock=punchout" class="btn btn-block btn-danger btn-lg"><i class="fa fa-stop"></i> $lang_punchout</a>
END; END;
$content .= '<br /><a href="' . QWIKCLOCK_HOME . '" class="btn btn-primary btn-block">' . lang("open app", false) . ' &nbsp;<i class="fa fa-external-link-square"></i></a>'; $content .= '<br /><a href="' . QWIKCLOCK_HOME . '" class="btn btn-primary btn-block mobile-app-hide">' . lang("open app", false) . ' &nbsp;<i class="fa fa-external-link-square"></i></a>';
$APPS["qwikclock_inout"]["content"] = $content; $APPS["qwikclock_inout"]["content"] = $content;
?> ?>

6
apps/sync_mobile.php
View File

@ -31,8 +31,9 @@ if ($_GET['mobilecode'] == "generate") {
$code = strtoupper(substr(md5(mt_rand() . uniqid("", true)), 0, 20)); $code = strtoupper(substr(md5(mt_rand() . uniqid("", true)), 0, 20));
$database->insert('mobile_codes', ['uid' => $_SESSION['uid'], 'code' => $code]); $database->insert('mobile_codes', ['uid' => $_SESSION['uid'], 'code' => $code]);
} }
$url = str_replace("/", "\\", URL . "mobile/index.php"); $url = URL . "mobile/index.php";
$codeuri = "bizsync://" . $url . "/" . $_SESSION['username'] . "/" . $code; $encodedurl = str_replace("/", "\\", $url);
$codeuri = "bizsync://" . $encodedurl . "/" . $_SESSION['username'] . "/" . $code;
$qrCode = new QrCode($codeuri); $qrCode = new QrCode($codeuri);
$qrCode->setSize(200); $qrCode->setSize(200);
$qrCode->setErrorCorrection("H"); $qrCode->setErrorCorrection("H");
@ -42,6 +43,7 @@ if ($_GET['mobilecode'] == "generate") {
$APPS["sync_mobile"]["content"] = '<div class="alert alert-info"><i class="fa fa-info-circle"></i> ' . lang("scan sync qrcode", false) . '</div>' . <<<END $APPS["sync_mobile"]["content"] = '<div class="alert alert-info"><i class="fa fa-info-circle"></i> ' . lang("scan sync qrcode", false) . '</div>' . <<<END
<img src="$qrcode" class="img-responsive qrcode" /> <img src="$qrcode" class="img-responsive qrcode" />
<div class="well well-sm" style="text-align: center; font-size: 110%; font-family: monospace;">$chunk_code</div> <div class="well well-sm" style="text-align: center; font-size: 110%; font-family: monospace;">$chunk_code</div>
<div class="well well-sm" style="text-align: center; font-size: 110%; font-family: monospace;">$url</div>
<a class="btn btn-success btn-sm btn-block" href="home.php?page=security">$lang_done</a> <a class="btn btn-success btn-sm btn-block" href="home.php?page=security">$lang_done</a>
END; END;
} else { } else {

2
apps/taskfloor_messages.php
View File

@ -49,6 +49,6 @@ END;
} catch (Exception $e) { } catch (Exception $e) {
$content = "<div class=\"alert alert-danger\">" . lang("error loading widget", false) . " " . $e->getMessage() . "</div>"; $content = "<div class=\"alert alert-danger\">" . lang("error loading widget", false) . " " . $e->getMessage() . "</div>";
} }
$content .= '<a href="' . TASKFLOOR_HOME . '" class="btn btn-primary btn-block">' . lang("open app", false) . ' &nbsp;<i class="fa fa-external-link-square"></i></a>'; $content .= '<a href="' . TASKFLOOR_HOME . '" class="btn btn-primary btn-block mobile-app-hide">' . lang("open app", false) . ' &nbsp;<i class="fa fa-external-link-square"></i></a>';
$APPS["taskfloor_messages"]["content"] = $content; $APPS["taskfloor_messages"]["content"] = $content;
?> ?>

2
apps/taskfloor_tasks.php
View File

@ -37,6 +37,6 @@ try {
} catch (Exception $e) { } catch (Exception $e) {
$content = "<div class=\"alert alert-danger\">" . lang("error loading widget", false) . " " . $e->getMessage() . "</div>"; $content = "<div class=\"alert alert-danger\">" . lang("error loading widget", false) . " " . $e->getMessage() . "</div>";
} }
$content .= '<a href="' . TASKFLOOR_HOME . '" class="btn btn-primary btn-block">' . lang("open app", false) . ' &nbsp;<i class="fa fa-external-link-square"></i></a>'; $content .= '<a href="' . TASKFLOOR_HOME . '" class="btn btn-primary btn-block mobile-app-hide">' . lang("open app", false) . ' &nbsp;<i class="fa fa-external-link-square"></i></a>';
$APPS["taskfloor_tasks"]["content"] = $content; $APPS["taskfloor_tasks"]["content"] = $content;
?> ?>

4
home.php
View File

@ -83,7 +83,7 @@ if (!is_empty($_GET['page'])) {
<ul class="dropdown-menu" role="menu"> <ul class="dropdown-menu" role="menu">
<li><a href="home.php?page=security"><i class="fa fa-gears fa-fw"></i> <?php lang("options") ?></a></li> <li><a href="home.php?page=security"><i class="fa fa-gears fa-fw"></i> <?php lang("options") ?></a></li>
<li class="divider"></li> <li class="divider"></li>
<li><a href="action.php?action=signout"><i class="fa fa-sign-out fa-fw"></i> <?php lang("sign out") ?></a></li> <li class="mobile-app-hide"><a href="action.php?action=signout"><i class="fa fa-sign-out fa-fw"></i> <?php lang("sign out") ?></a></li>
</ul> </ul>
</li> </li>
</ul> </ul>
@ -91,7 +91,7 @@ if (!is_empty($_GET['page'])) {
</div> </div>
</nav> </nav>
<div class="app-dock-container"> <div class="app-dock-container mobile-app-hide">
<div class="app-dock"> <div class="app-dock">
<?php <?php
foreach (EXTERNAL_APPS as $a) { foreach (EXTERNAL_APPS as $a) {

12
index.php
View File

@ -190,8 +190,8 @@ if ($VARS['progress'] == "1") {
if (!$multiauth && !$change_password) { if (!$multiauth && !$change_password) {
?> ?>
<input type="text" class="form-control" name="username" placeholder="<?php lang("username"); ?>" required="required" autofocus /><br /> <input type="text" class="form-control" name="username" placeholder="<?php lang("username"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br />
<input type="password" class="form-control" name="password" placeholder="<?php lang("password"); ?>" required="required" /><br /> <input type="password" class="form-control" name="password" placeholder="<?php lang("password"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" /><br />
<?php if (RECAPTCHA_ENABLED) { ?> <?php if (RECAPTCHA_ENABLED) { ?>
<div class="g-recaptcha" data-sitekey="<?php echo RECAPTCHA_SITE_KEY; ?>"></div> <div class="g-recaptcha" data-sitekey="<?php echo RECAPTCHA_SITE_KEY; ?>"></div>
<br /> <br />
@ -203,15 +203,15 @@ if ($VARS['progress'] == "1") {
<div class="alert alert-info"> <div class="alert alert-info">
<?php lang("2fa prompt"); ?> <?php lang("2fa prompt"); ?>
</div> </div>
<input type="text" class="form-control" name="authcode" placeholder="<?php lang("authcode"); ?>" required="required" autocomplete="off" autofocus /><br /> <input type="text" class="form-control" name="authcode" placeholder="<?php lang("authcode"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br />
<input type="hidden" name="progress" value="2" /> <input type="hidden" name="progress" value="2" />
<input type="hidden" name="username" value="<?php echo $VARS['username']; ?>" /> <input type="hidden" name="username" value="<?php echo $VARS['username']; ?>" />
<?php <?php
} else if ($change_password) { } else if ($change_password) {
?> ?>
<input type="password" class="form-control" name="oldpass" placeholder="Current password" required="required" autocomplete="new-password" autofocus /><br /> <input type="password" class="form-control" name="oldpass" placeholder="Current password" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br />
<input type="password" class="form-control" name="newpass" placeholder="New password" required="required" autocomplete="off" /><br /> <input type="password" class="form-control" name="newpass" placeholder="New password" required="required" autocomplete="new-password" autocorrect="off" autocapitalize="off" spellcheck="false" /><br />
<input type="password" class="form-control" name="conpass" placeholder="New password (again)" required="required" autocomplete="off" /><br /> <input type="password" class="form-control" name="conpass" placeholder="New password (again)" required="required" autocomplete="new-password" autocorrect="off" autocapitalize="off" spellcheck="false" /><br />
<input type="hidden" name="progress" value="chpasswd" /> <input type="hidden" name="progress" value="chpasswd" />
<?php <?php
} }

8
lib/login.php
View File

@ -190,7 +190,7 @@ function authenticate_user($username, $password, &$errormsg, &$errorcode) {
} }
function user_exists($username) { function user_exists($username) {
return account_location($username) !== "NONE"; return account_location(strtolower($username)) !== "NONE";
} }
/** /**
@ -285,12 +285,14 @@ function doLoginUser($username, $password) {
*/ */
function sendLoginAlertEmail($username, $appname = SITE_TITLE) { function sendLoginAlertEmail($username, $appname = SITE_TITLE) {
if (is_empty(ADMIN_EMAIL) || filter_var(ADMIN_EMAIL, FILTER_VALIDATE_EMAIL) === FALSE) { if (is_empty(ADMIN_EMAIL) || filter_var(ADMIN_EMAIL, FILTER_VALIDATE_EMAIL) === FALSE) {
return "false"; return "invalid_to_email";
} }
if (is_empty(FROM_EMAIL) || filter_var(FROM_EMAIL, FILTER_VALIDATE_EMAIL) === FALSE) { if (is_empty(FROM_EMAIL) || filter_var(FROM_EMAIL, FILTER_VALIDATE_EMAIL) === FALSE) {
return "false"; return "invalid_from_email";
} }
$username = strtolower($username);
$mail = new PHPMailer; $mail = new PHPMailer;
if (DEBUG) { if (DEBUG) {

44
mobile/index.php
View File

@ -26,12 +26,15 @@ if (is_empty($VARS['username']) || is_empty($VARS['key'])) {
die(json_encode(["status" => "ERROR", "msg" => "Missing username and/or access key."])); die(json_encode(["status" => "ERROR", "msg" => "Missing username and/or access key."]));
} }
$username = strtolower($VARS['username']);
$key = strtoupper($VARS['key']);
// Make sure the username and key are actually legit // Make sure the username and key are actually legit
$user_key_valid = $database->has('mobile_codes', ['[>]accounts' => ['uid' => 'uid']], ["AND" => ['mobile_codes.code' => $VARS['key'], 'accounts.username' => $VARS['username']]]); $user_key_valid = $database->has('mobile_codes', ['[>]accounts' => ['uid' => 'uid']], ["AND" => ['mobile_codes.code' => $key, 'accounts.username' => $username]]);
if ($user_key_valid !== TRUE) { if ($user_key_valid !== TRUE) {
engageRateLimit(); engageRateLimit();
http_response_code(401); http_response_code(401);
insertAuthLog(21, null, "Username: " . $VARS['username'] . ", Key: " . $VARS['key']); insertAuthLog(21, null, "Username: " . $username . ", Key: " . $key);
die(json_encode(["status" => "ERROR", "msg" => "Invalid username and/or access key."])); die(json_encode(["status" => "ERROR", "msg" => "Invalid username and/or access key."]));
} }
@ -44,53 +47,54 @@ switch ($VARS['action']) {
case "check_password": case "check_password":
// Check if the user-supplied password is valid. // Check if the user-supplied password is valid.
engageRateLimit(); engageRateLimit();
if (get_account_status($VARS['username']) != "NORMAL") { if (get_account_status($username) != "NORMAL") {
insertAuthLog(20, null, "Username: " . $VARS['username'] . ", Key: " . $VARS['key']); insertAuthLog(20, null, "Username: " . $username . ", Key: " . $key);
exit(json_encode(["status" => "ERROR", "msg" => lang("login failed try on web", false)])); exit(json_encode(["status" => "ERROR", "msg" => lang("login failed try on web", false)]));
} }
if (authenticate_user($VARS['username'], $VARS['password'], $autherror)) { if (authenticate_user($username, $VARS['password'], $autherror)) {
$uid = $database->get("accounts", "uid", ["username" => $VARS['username']]); $uid = $database->get("accounts", "uid", ["username" => $username]);
insertAuthLog(19, $uid, "Key: " . $VARS['key']); insertAuthLog(19, $uid, "Key: " . $key);
exit(json_encode(["status" => "OK", "uid" => $uid])); exit(json_encode(["status" => "OK", "uid" => $uid]));
} else { } else {
if (!is_empty($autherror)) { if (!is_empty($autherror)) {
insertAuthLog(20, null, "Username: " . $VARS['username'] . ", Key: " . $VARS['key']); insertAuthLog(20, null, "Username: " . $username . ", Key: " . $key);
exit(json_encode(["status" => "ERROR", "msg" => $autherror])); exit(json_encode(["status" => "ERROR", "msg" => $autherror]));
} else { } else {
insertAuthLog(20, null, "Username: " . $VARS['username'] . ", Key: " . $VARS['key']); insertAuthLog(20, null, "Username: " . $username . ", Key: " . $key);
exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)])); exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)]));
} }
} }
case "user_info": case "user_info":
engageRateLimit(); engageRateLimit();
if (get_account_status($VARS['username']) != "NORMAL") { if (get_account_status($username) != "NORMAL") {
insertAuthLog(20, null, "Username: " . $VARS['username'] . ", Key: " . $VARS['key']); insertAuthLog(20, null, "Username: " . $username . ", Key: " . $key);
exit(json_encode(["status" => "ERROR", "msg" => lang("login failed try on web", false)])); exit(json_encode(["status" => "ERROR", "msg" => lang("login failed try on web", false)]));
} }
if (authenticate_user($VARS['username'], $VARS['password'], $autherror)) { if (authenticate_user($username, $VARS['password'], $autherror)) {
$userinfo = $database->get("accounts", ["uid", "username", "realname", "email"], ["username" => $VARS['username']]); $userinfo = $database->get("accounts", ["uid", "username", "realname", "email"], ["username" => $username]);
insertAuthLog(19, $userinfo['uid'], "Key: " . $VARS['key']); insertAuthLog(19, $userinfo['uid'], "Key: " . $key);
exit(json_encode(["status" => "OK", "info" => $userinfo])); exit(json_encode(["status" => "OK", "info" => $userinfo]));
} else { } else {
if (!is_empty($autherror)) { if (!is_empty($autherror)) {
insertAuthLog(20, null, "Username: " . $VARS['username'] . ", Key: " . $VARS['key']); insertAuthLog(20, null, "Username: " . $username . ", Key: " . $key);
exit(json_encode(["status" => "ERROR", "msg" => $autherror])); exit(json_encode(["status" => "ERROR", "msg" => $autherror]));
} else { } else {
insertAuthLog(20, null, "Username: " . $VARS['username'] . ", Key: " . $VARS['key']); insertAuthLog(20, null, "Username: " . $username . ", Key: " . $key);
exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)])); exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)]));
} }
} }
case "start_session": case "start_session":
// Do a web login. // Do a web login.
engageRateLimit(); engageRateLimit();
if (user_exists($VARS['username'])) { if (user_exists($username)) {
if (get_account_status($VARS['username']) == "NORMAL") { if (get_account_status($username) == "NORMAL") {
if (authenticate_user($VARS['username'], $VARS['password'], $autherror)) { if (authenticate_user($username, $VARS['password'], $autherror)) {
doLoginUser($VARS['username'], $VARS['password']); doLoginUser($username, $VARS['password']);
exit(json_encode(["status" => "OK"])); exit(json_encode(["status" => "OK"]));
} }
} }
} }
insertAuthLog(20, null, "Username: " . $username . ", Key: " . $key);
exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)])); exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)]));
case "listapps": case "listapps":
exit(json_encode(["status" => "OK", "apps" => EXTERNAL_APPS])); exit(json_encode(["status" => "OK", "apps" => EXTERNAL_APPS]));