Pro-Idler/ManagePanel
1
0
Fork 0
forked from Business/ManagePanel
Code Issues Pull Requests Projects Releases Wiki Activity

Tweak mobile APIs

Browse Source
This commit is contained in:
Skylar Ittner 2017-06-29 04:04:31 -06:00
parent 4702be8199
commit f12bafd51a
2 changed files with 33 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/login.php
View File

@ -213,7 +213,7 @@ function doLoginUser($username) {
} }
$resp = json_decode($response->getBody(), TRUE); $resp = json_decode($response->getBody(), TRUE);
var_dump($resp);
if ($resp['status'] == "OK") { if ($resp['status'] == "OK") {
$userinfo = $resp['data']; $userinfo = $resp['data'];
$_SESSION['username'] = $username; $_SESSION['username'] = $username;

37
mobile/index.php
View File

@ -38,6 +38,31 @@ function mobile_enabled() {
} }
} }
function mobile_valid($username, $code) {
$client = new GuzzleHttp\Client();
$response = $client
->request('POST', PORTAL_API, [
'form_params' => [
'key' => PORTAL_KEY,
"code" => $code,
"username" => $username,
'action' => "mobilevalid"
]
]);
if ($response->getStatusCode() > 299) {
return false;
}
$resp = json_decode($response->getBody(), TRUE);
if ($resp['status'] == "OK" && $resp['valid'] === TRUE) {
return true;
} else {
return false;
}
}
if (mobile_enabled() !== TRUE) { if (mobile_enabled() !== TRUE) {
exit(json_encode(["status" => "ERROR", "msg" => lang("mobile login disabled", false)])); exit(json_encode(["status" => "ERROR", "msg" => lang("mobile login disabled", false)]));
} }
@ -49,11 +74,9 @@ if (is_empty($VARS['username']) || is_empty($VARS['key'])) {
} }
// Make sure the username and key are actually legit // Make sure the username and key are actually legit
$user_key_valid = $database->has('mobile_codes', ['[>]accounts' => ['uid' => 'uid']], ["AND" => ['mobile_codes.code' => $VARS['key'], 'accounts.username' => $VARS['username']]]); if (!mobile_valid($VARS['username'], $VARS['key'])) {
if ($user_key_valid !== TRUE) {
engageRateLimit(); engageRateLimit();
http_response_code(401); http_response_code(401);
insertAuthLog(21, null, "Username: " . $VARS['username'] . ", Key: " . $VARS['key']);
die(json_encode(["status" => "ERROR", "msg" => "Invalid username and/or access key."])); die(json_encode(["status" => "ERROR", "msg" => "Invalid username and/or access key."]));
} }
@ -64,8 +87,12 @@ switch ($VARS['action']) {
if (user_exists($VARS['username'])) { if (user_exists($VARS['username'])) {
if (get_account_status($VARS['username']) == "NORMAL") { if (get_account_status($VARS['username']) == "NORMAL") {
if (authenticate_user($VARS['username'], $VARS['password'], $autherror)) { if (authenticate_user($VARS['username'], $VARS['password'], $autherror)) {
doLoginUser($VARS['username'], $VARS['password']); if (account_has_permission($VARS['username'], "ADMIN")) {
exit(json_encode(["status" => "OK"])); doLoginUser($VARS['username'], $VARS['password']);
exit(json_encode(["status" => "OK"]));
} else {
exit(json_encode(["status" => "ERROR", "msg" => lang("no admin permission", false)]));
}
} }
} }
} }