From cb6a1c729cc8bfc44122c2a95f8be62a79539034 Mon Sep 17 00:00:00 2001
From: Skylar Ittner <admin@netsyms.com>
Date: Sat, 30 Dec 2017 11:30:48 -0700
Subject: [PATCH] Add `checkpin` API, add `pin` boolean to `userinfo` and
 `getusersbygroup`

---
 api.php | 42 +++++++++++++++++++++++++++++++++++++++---
 1 file changed, 39 insertions(+), 3 deletions(-)

diff --git a/api.php b/api.php
index 6cd4971..b89bbde 100644
--- a/api.php
+++ b/api.php
@@ -74,14 +74,16 @@ switch ($VARS['action']) {
     case "userinfo":
         if (!is_empty($VARS['username'])) {
             if (user_exists_local($VARS['username'])) {
-                $data = $database->select("accounts", ["uid", "username", "realname (name)", "email", "phone" => ["phone1 (1)", "phone2 (2)"]], ["username" => strtolower($VARS['username'])])[0];
+                $data = $database->select("accounts", ["uid", "username", "realname (name)", "email", "phone" => ["phone1 (1)", "phone2 (2)"], 'pin'], ["username" => strtolower($VARS['username'])])[0];
+                $data['pin'] = (is_null($data['pin']) || $data['pin'] == "" ? false : true);
                 exit(json_encode(["status" => "OK", "data" => $data]));
             } else {
                 exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)]));
             }
         } else if (!is_empty($VARS['uid'])) {
             if ($database->has('accounts', ['uid' => $VARS['uid']])) {
-                $data = $database->select("accounts", ["uid", "username", "realname (name)", "email", "phone" => ["phone1 (1)", "phone2 (2)"]], ["uid" => $VARS['uid']])[0];
+                $data = $database->select("accounts", ["uid", "username", "realname (name)", "email", "phone" => ["phone1 (1)", "phone2 (2)"], 'pin'], ["uid" => $VARS['uid']])[0];
+                $data['pin'] = (is_null($data['pin']) || $data['pin'] == "" ? false : true);
                 exit(json_encode(["status" => "OK", "data" => $data]));
             } else {
                 exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)]));
@@ -319,7 +321,14 @@ switch ($VARS['action']) {
         if ($VARS['get'] == "username") {
             $users = $database->select('assigned_groups', ['[>]accounts' => ['uid' => 'uid']], 'username', ['groupid' => $groupid]);
         } else if ($VARS['get'] == "detail") {
-            $users = $database->select('assigned_groups', ['[>]accounts' => ['uid' => 'uid']], ['username', 'realname (name)', 'accounts.uid'], ['groupid' => $groupid]);
+            $users = $database->select('assigned_groups', ['[>]accounts' => ['uid' => 'uid']], ['username', 'realname (name)', 'accounts.uid', 'pin'], ['groupid' => $groupid]);
+            for ($i = 0; $i < count($users); $i++) {
+                if (is_null($users[$i]['pin']) || $users[$i]['pin'] == "") {
+                    $users[$i]['pin'] = false;
+                } else {
+                    $users[$i]['pin'] = true;
+                }
+            }
         } else {
             $users = $database->select('assigned_groups', 'uid', ['groupid' => $groupid]);
         }
@@ -356,6 +365,33 @@ switch ($VARS['action']) {
         $data = $database->select('groups', ['groupid (id)', 'groupname (name)'], ['groupname[~]' => $VARS['search'], "LIMIT" => 10]);
         exit(json_encode(["status" => "OK", "result" => $data]));
         break;
+    case "checkpin":
+        $pin = "";
+        if (is_empty($VARS['pin'])) {
+            http_response_code(400);
+            die("\"400 Bad Request\"");
+        }
+        if (!is_empty($VARS['username'])) {
+            if (user_exists_local($VARS['username'])) {
+                $pin = $database->get("accounts", "pin", ["username" => strtolower($VARS['username'])]);
+            } else {
+                exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)]));
+            }
+        } else if (!is_empty($VARS['uid'])) {
+            if ($database->has('accounts', ['uid' => $VARS['uid']])) {
+                $pin = $database->get("accounts", "pin", ["uid" => strtolower($VARS['uid'])]);
+            } else {
+                exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)]));
+            }
+        } else {
+            http_response_code(400);
+            die("\"400 Bad Request\"");
+        }
+        if (is_null($pin) || $pin == "") {
+            exit(json_encode(["status" => "ERROR", "pinvalid" => false, "nopinset" => true]));
+        }
+        exit(json_encode(["status" => "OK", "pinvalid" => ($pin == $VARS['pin'])]));
+        break;
     default:
         http_response_code(404);
         die(json_encode("404 Not Found: the requested action is not available."));