Tweak mobile APIs

apps/sync_mobile.php

@@ -31,7 +31,7 @@ if ($_GET['mobilecode'] == "generate") {
         $code = strtoupper(substr(md5(mt_rand() . uniqid("", true)), 0, 20));
         $database->insert('mobile_codes', ['uid' => $_SESSION['uid'], 'code' => $code]);
     }
-    $url = str_replace("/", "\\", URL);
+    $url = str_replace("/", "\\", URL . "mobile/index.php");
     $codeuri = "bizsync://" . $url . "/" . $_SESSION['username'] . "/" . $code;
     $qrCode = new QrCode($codeuri);
     $qrCode->setSize(200);

mobile/index.php

@@ -9,6 +9,7 @@ require __DIR__ . "/../required.php";
 require __DIR__ . "/../lib/login.php";
 
 header('Content-Type: application/json');
+header('Access-Control-Allow-Origin: *');
 
 // Allow ping check without authentication
 if ($VARS['action'] == "ping") {
@@ -60,6 +61,25 @@ switch ($VARS['action']) {
                 exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)]));
             }
         }
+    case "user_info":
+        engageRateLimit();
+        if (get_account_status($VARS['username']) != "NORMAL") {
+            insertAuthLog(20, null, "Username: " . $VARS['username'] . ", Key: " . $VARS['key']);
+            exit(json_encode(["status" => "ERROR", "msg" => lang("login failed try on web", false)]));
+        }
+        if (authenticate_user($VARS['username'], $VARS['password'], $autherror)) {
+            $userinfo = $database->get("accounts", ["uid", "username", "realname", "email"], ["username" => $VARS['username']]);
+            insertAuthLog(19, $userinfo['uid'], "Key: " . $VARS['key']);
+            exit(json_encode(["status" => "OK", "info" => $userinfo]));
+        } else {
+            if (!is_empty($autherror)) {
+                insertAuthLog(20, null, "Username: " . $VARS['username'] . ", Key: " . $VARS['key']);
+                exit(json_encode(["status" => "ERROR", "msg" => $autherror]));
+            } else {
+                insertAuthLog(20, null, "Username: " . $VARS['username'] . ", Key: " . $VARS['key']);
+                exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)]));
+            }
+        }
     case "start_session":
         // Do a web login.
         engageRateLimit();
@@ -72,6 +92,8 @@ switch ($VARS['action']) {
             }
         }
         exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)]));
+    case "listapps":
+        exit(json_encode(["status" => "OK", "apps" => EXTERNAL_APPS]));
     default:
         http_response_code(404);
         die(json_encode(["status" => "ERROR", "msg" => "The requested action is not available."]));

settings.template.php

@@ -73,25 +73,25 @@ define('LANGUAGE', "en_us");
 define('EXTERNAL_APPS', [
     "portal" => [
         "url" => "http://localhost/portal",
-        "mobileapi" => "/mobile",
+        "mobileapi" => "/mobile/index.php",
         "icon" => "/static/img/logo.svg",
         "title" => SITE_TITLE
     ],
     "taskfloor" => [
         "url" => "http://localhost/taskfloor",
-        "mobileapi" => "/mobile",
+        "mobileapi" => "/mobile/index.php",
         "icon" => "/static/img/logo.svg",
         "title" => "TaskFloor"
     ],
     "qwikclock" => [
         "url" => "http://localhost/qwikclock",
-        "mobileapi" => "/mobile",
+        "mobileapi" => "/mobile/index.php",
         "icon" => "/static/img/logo.svg",
         "title" => "QwikClock"
     ],
     "inventory" => [
         "url" => "http://localhost/inventory",
-        "mobileapi" => "/mobile",
+        "mobileapi" => "/mobile/index.php",
         "icon" => "/static/img/logo.svg",
         "title" => "Inventory"
     ]