diff --git a/apps/sync_mobile.php b/apps/sync_mobile.php index 0c24ed0..8bea14a 100644 --- a/apps/sync_mobile.php +++ b/apps/sync_mobile.php @@ -31,7 +31,7 @@ if ($_GET['mobilecode'] == "generate") { $code = strtoupper(substr(md5(mt_rand() . uniqid("", true)), 0, 20)); $database->insert('mobile_codes', ['uid' => $_SESSION['uid'], 'code' => $code]); } - $url = str_replace("/", "\\", URL); + $url = str_replace("/", "\\", URL . "mobile/index.php"); $codeuri = "bizsync://" . $url . "/" . $_SESSION['username'] . "/" . $code; $qrCode = new QrCode($codeuri); $qrCode->setSize(200); diff --git a/database.mwb b/database.mwb index 8ad217a..f61f63a 100644 Binary files a/database.mwb and b/database.mwb differ diff --git a/mobile/index.php b/mobile/index.php index 1f710ac..0615607 100644 --- a/mobile/index.php +++ b/mobile/index.php @@ -9,6 +9,7 @@ require __DIR__ . "/../required.php"; require __DIR__ . "/../lib/login.php"; header('Content-Type: application/json'); +header('Access-Control-Allow-Origin: *'); // Allow ping check without authentication if ($VARS['action'] == "ping") { @@ -60,6 +61,25 @@ switch ($VARS['action']) { exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)])); } } + case "user_info": + engageRateLimit(); + if (get_account_status($VARS['username']) != "NORMAL") { + insertAuthLog(20, null, "Username: " . $VARS['username'] . ", Key: " . $VARS['key']); + exit(json_encode(["status" => "ERROR", "msg" => lang("login failed try on web", false)])); + } + if (authenticate_user($VARS['username'], $VARS['password'], $autherror)) { + $userinfo = $database->get("accounts", ["uid", "username", "realname", "email"], ["username" => $VARS['username']]); + insertAuthLog(19, $userinfo['uid'], "Key: " . $VARS['key']); + exit(json_encode(["status" => "OK", "info" => $userinfo])); + } else { + if (!is_empty($autherror)) { + insertAuthLog(20, null, "Username: " . $VARS['username'] . ", Key: " . $VARS['key']); + exit(json_encode(["status" => "ERROR", "msg" => $autherror])); + } else { + insertAuthLog(20, null, "Username: " . $VARS['username'] . ", Key: " . $VARS['key']); + exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)])); + } + } case "start_session": // Do a web login. engageRateLimit(); @@ -72,6 +92,8 @@ switch ($VARS['action']) { } } exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)])); + case "listapps": + exit(json_encode(["status" => "OK", "apps" => EXTERNAL_APPS])); default: http_response_code(404); die(json_encode(["status" => "ERROR", "msg" => "The requested action is not available."])); diff --git a/settings.template.php b/settings.template.php index dbfd76c..8dbf67d 100644 --- a/settings.template.php +++ b/settings.template.php @@ -73,25 +73,25 @@ define('LANGUAGE', "en_us"); define('EXTERNAL_APPS', [ "portal" => [ "url" => "http://localhost/portal", - "mobileapi" => "/mobile", + "mobileapi" => "/mobile/index.php", "icon" => "/static/img/logo.svg", "title" => SITE_TITLE ], "taskfloor" => [ "url" => "http://localhost/taskfloor", - "mobileapi" => "/mobile", + "mobileapi" => "/mobile/index.php", "icon" => "/static/img/logo.svg", "title" => "TaskFloor" ], "qwikclock" => [ "url" => "http://localhost/qwikclock", - "mobileapi" => "/mobile", + "mobileapi" => "/mobile/index.php", "icon" => "/static/img/logo.svg", "title" => "QwikClock" ], "inventory" => [ "url" => "http://localhost/inventory", - "mobileapi" => "/mobile", + "mobileapi" => "/mobile/index.php", "icon" => "/static/img/logo.svg", "title" => "Inventory" ]