Add mobile API and pairing widget
parent
07be8bd774
commit
ff33f9e6b3
@ -0,0 +1,63 @@
|
||||
<?php
|
||||
|
||||
dieifnotloggedin();
|
||||
|
||||
use Endroid\QrCode\QrCode;
|
||||
|
||||
addMultiLangStrings(["en_us" => [
|
||||
"sync mobile" => "Sync Mobile App",
|
||||
"scan sync qrcode" => "Scan this code with the mobile app or enter the code manually.",
|
||||
"sync explained" => "Access your account and apps on the go. Use a sync code to securely connect your phone or tablet to Portal with the Netsyms Business mobile app.",
|
||||
"generate sync" => "Create new sync code",
|
||||
"active sync codes" => "Active codes",
|
||||
"no active codes" => "No active codes.",
|
||||
"done adding sync code" => "Done adding code"
|
||||
]
|
||||
]);
|
||||
|
||||
$APPS["sync_mobile"]["title"] = lang("sync mobile", false);
|
||||
$APPS["sync_mobile"]["icon"] = "mobile";
|
||||
|
||||
if (!is_empty($_GET['delsynccode'])) {
|
||||
if ($database->has("mobile_codes", ["AND" => ["uid" => $_SESSION['uid'], "codeid" => $_GET['delsynccode']]])) {
|
||||
$database->delete("mobile_codes", ["AND" => ["uid" => $_SESSION['uid'], "codeid" => $_GET['delsynccode']]]);
|
||||
}
|
||||
}
|
||||
|
||||
if ($_GET['mobilecode'] == "generate") {
|
||||
if (!is_empty($_GET['showsynccode']) && $database->has("mobile_codes", ["AND" => ["uid" => $_SESSION['uid'], "codeid" => $_GET['showsynccode']]])) {
|
||||
$code = $database->get("mobile_codes", 'code', ["AND" => ["uid" => $_SESSION['uid'], "codeid" => $_GET['showsynccode']]]);
|
||||
} else {
|
||||
$code = strtoupper(substr(md5(mt_rand() . uniqid("", true)), 0, 20));
|
||||
$database->insert('mobile_codes', ['uid' => $_SESSION['uid'], 'code' => $code]);
|
||||
}
|
||||
$url = str_replace("/", "\\", URL);
|
||||
$codeuri = "bizsync://" . $url . "/" . $_SESSION['username'] . "/" . $code;
|
||||
$qrCode = new QrCode($codeuri);
|
||||
$qrCode->setSize(200);
|
||||
$qrCode->setErrorCorrection("H");
|
||||
$qrcode = $qrCode->getDataUri();
|
||||
$chunk_code = trim(chunk_split($code, 5, ' '));
|
||||
$lang_done = lang("done adding sync code", false);
|
||||
$APPS["sync_mobile"]["content"] = '<div class="alert alert-info"><i class="fa fa-info-circle"></i> ' . lang("scan sync qrcode", false) . '</div>' . <<<END
|
||||
<img src="$qrcode" class="img-responsive qrcode" />
|
||||
<div class="well well-sm" style="text-align: center; font-size: 110%; font-family: monospace;">$chunk_code</div>
|
||||
<a class="btn btn-success btn-sm btn-block" href="home.php?page=security">$lang_done</a>
|
||||
END;
|
||||
} else {
|
||||
$activecodes = $database->select("mobile_codes", ["codeid", "code"], ["uid" => $_SESSION['uid']]);
|
||||
$content = '<div class="alert alert-info"><i class="fa fa-info-circle"></i> ' . lang("sync explained", false) . '</div>'
|
||||
. '<a class="btn btn-success btn-sm btn-block" href="home.php?page=security&mobilecode=generate">'
|
||||
. lang("generate sync", false) . '</a>';
|
||||
$content .= "<br /><b>" . lang("active sync codes", false) . ":</b><br />";
|
||||
$content .= "<div class='list-group'>";
|
||||
if (count($activecodes) > 0) {
|
||||
foreach ($activecodes as $c) {
|
||||
$content .= "<div class='list-group-item'><span style='font-family: Ubuntu Mono,monospace;'>" . trim(chunk_split($c['code'], 5, ' ')) . "</span> <span class='pull-right'><a class='btn btn-primary btn-sm' href='home.php?page=security&mobilecode=generate&showsynccode=" . $c['codeid'] . "'><i class='fa fa-qrcode'></i></a> <a class='btn btn-danger btn-sm' href='home.php?page=security&delsynccode=" . $c['codeid'] . "'><i class='fa fa-trash'></i></a></span></div>";
|
||||
}
|
||||
} else {
|
||||
$content .= "<div class='list-group-item'>" . lang("no active codes", false) . "</div>";
|
||||
}
|
||||
$content .= "</div>";
|
||||
$APPS["sync_mobile"]["content"] = $content;
|
||||
}
|
Binary file not shown.
@ -0,0 +1,63 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* Mobile app API
|
||||
*/
|
||||
|
||||
require __DIR__ . "/../required.php";
|
||||
|
||||
require __DIR__ . "/../lib/login.php";
|
||||
|
||||
header('Content-Type: application/json');
|
||||
|
||||
// Allow ping check without authentication
|
||||
if ($VARS['action'] == "ping") {
|
||||
exit(json_encode(["status" => "OK"]));
|
||||
}
|
||||
|
||||
if (MOBILE_ENABLED !== TRUE) {
|
||||
exit(json_encode(["status" => "ERROR", "msg" => lang("mobile login disabled", false)]));
|
||||
}
|
||||
|
||||
// Make sure we have a username and access key
|
||||
if (is_empty($VARS['username']) || is_empty($VARS['key'])) {
|
||||
http_response_code(401);
|
||||
die(json_encode(["status" => "ERROR", "msg" => "Missing username and/or access key."]));
|
||||
}
|
||||
|
||||
// Make sure the username and key are actually legit
|
||||
$user_key_valid = $database->has('mobile_codes', ['[>]accounts' => ['uid' => 'uid']], ["AND" => ['mobile_codes.code' => $VARS['key'], 'accounts.username' => $VARS['username']]]);
|
||||
if ($user_key_valid !== TRUE) {
|
||||
http_response_code(401);
|
||||
insertAuthLog(21, null, "Username: " . $VARS['username'] . ", Key: " . $VARS['key']);
|
||||
die(json_encode(["status" => "ERROR", "msg" => "Invalid username and/or access key."]));
|
||||
}
|
||||
|
||||
// Process the action
|
||||
switch ($VARS['action']) {
|
||||
case "check_key":
|
||||
// Check if the username/key combo is valid.
|
||||
// If we get this far, it is, so return success.
|
||||
exit(json_encode(["status" => "OK"]));
|
||||
case "check_password":
|
||||
if (get_account_status($VARS['username']) != "NORMAL") {
|
||||
insertAuthLog(20, null, "Username: " . $VARS['username'] . ", Key: " . $VARS['key']);
|
||||
exit(json_encode(["status" => "ERROR", "msg" => lang("login failed try on web", false)]));
|
||||
}
|
||||
if (authenticate_user($VARS['username'], $VARS['password'], $autherror)) {
|
||||
$uid = $database->get("accounts", "uid", ["username" => $VARS['username']]);
|
||||
insertAuthLog(19, $uid, "Key: " . $VARS['key']);
|
||||
exit(json_encode(["status" => "OK", "uid" => $uid]));
|
||||
} else {
|
||||
if (!is_empty($autherror)) {
|
||||
insertAuthLog(20, null, "Username: " . $VARS['username'] . ", Key: " . $VARS['key']);
|
||||
exit(json_encode(["status" => "ERROR", "msg" => $autherror]));
|
||||
} else {
|
||||
insertAuthLog(20, null, "Username: " . $VARS['username'] . ", Key: " . $VARS['key']);
|
||||
exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)]));
|
||||
}
|
||||
}
|
||||
default:
|
||||
http_response_code(404);
|
||||
die(json_encode(["status" => "ERROR", "msg" => "The requested action is not available."]));
|
||||
}
|
Loading…
Reference in New Issue