Single-sign-on and self-serve account management. https://netsyms.biz/apps/accounthub
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

api.php 5.0KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119
  1. <?php
  2. /**
  3. * Simple JSON API to allow other apps to access accounts in this system.
  4. *
  5. * Requests can be sent via either GET or POST requests. POST is recommended
  6. * as it has a lower chance of being logged on the server, exposing unencrypted
  7. * user passwords.
  8. */
  9. require __DIR__ . '/required.php';
  10. require_once __DIR__ . '/lib/login.php';
  11. header("Content-Type: application/json");
  12. //try {
  13. $key = $VARS['key'];
  14. if ($database->has('apikeys', ['key' => $key]) !== TRUE) {
  15. header("HTTP/1.1 403 Unauthorized");
  16. die("\"403 Unauthorized\"");
  17. }
  18. switch ($VARS['action']) {
  19. case "ping":
  20. exit(json_encode(["status" => "OK"]));
  21. break;
  22. case "auth":
  23. if (authenticate_user($VARS['username'], $VARS['password'])) {
  24. insertAuthLog(12);
  25. exit(json_encode(["status" => "OK", "msg" => lang("login successful", false)]));
  26. } else {
  27. insertAuthLog(13);
  28. exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)]));
  29. }
  30. break;
  31. case "userinfo":
  32. if (user_exists($VARS['username'])) {
  33. $data = $database->select("accounts", ["uid", "realname (name)", "email", "phone" => ["phone1 (1)", "phone2 (2)"]], ["username" => $VARS['username']])[0];
  34. exit(json_encode(["status" => "OK", "data" => $data]));
  35. } else {
  36. exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)]));
  37. }
  38. break;
  39. case "userexists":
  40. if (user_exists($VARS['username'])) {
  41. exit(json_encode(["status" => "OK", "exists" => true]));
  42. } else {
  43. exit(json_encode(["status" => "OK", "exists" => false]));
  44. }
  45. break;
  46. case "hastotp":
  47. if (userHasTOTP($VARS['username'])) {
  48. exit(json_encode(["status" => "OK", "otp" => true]));
  49. } else {
  50. exit(json_encode(["status" => "OK", "otp" => false]));
  51. }
  52. break;
  53. case "verifytotp":
  54. if (verifyTOTP($VARS['username'], $VARS['code'])) {
  55. exit(json_encode(["status" => "OK", "valid" => true]));
  56. } else {
  57. insertAuthLog(7);
  58. exit(json_encode(["status" => "ERROR", "msg" => lang("2fa incorrect", false), "valid" => false]));
  59. }
  60. break;
  61. case "acctstatus":
  62. exit(json_encode(["status" => "OK", "account" => get_account_status($VARS['username'])]));
  63. case "login":
  64. // simulate a login, checking account status and alerts
  65. if (authenticate_user($VARS['username'], $VARS['password'])) {
  66. switch (get_account_status($VARS['username'])) {
  67. case "LOCKED_OR_DISABLED":
  68. insertAuthLog(5);
  69. exit(json_encode(["status" => "ERROR", "msg" => lang("account locked", false)]));
  70. case "TERMINATED":
  71. insertAuthLog(5);
  72. exit(json_encode(["status" => "ERROR", "msg" => lang("account terminated", false)]));
  73. case "CHANGE_PASSWORD":
  74. insertAuthLog(5);
  75. exit(json_encode(["status" => "ERROR", "msg" => lang("password expired", false)]));
  76. case "NORMAL":
  77. insertAuthLog(4);
  78. exit(json_encode(["status" => "OK"]));
  79. case "ALERT_ON_ACCESS":
  80. sendLoginAlertEmail($VARS['username']);
  81. insertAuthLog(4);
  82. exit(json_encode(["status" => "OK", "alert" => true]));
  83. default:
  84. insertAuthLog(5);
  85. exit(json_encode(["status" => "ERROR", "msg" => lang("account state error", false)]));
  86. }
  87. } else {
  88. insertAuthLog(5);
  89. exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)]));
  90. }
  91. break;
  92. case "ismanagerof":
  93. if (user_exists($VARS['manager'])) {
  94. if (user_exists($VARS['employee'])) {
  95. $managerid = $database->select('accounts', 'uid', ['username' => $VARS['manager']]);
  96. $employeeid = $database->select('accounts', 'uid', ['username' => $VARS['employee']]);
  97. if ($database->has('managers', ['AND' => ['managerid' => $managerid, 'employeeid' => $employeeid]])) {
  98. exit(json_encode(["status" => "OK", "managerof" => true]));
  99. } else {
  100. exit(json_encode(["status" => "OK", "managerof" => false]));
  101. }
  102. } else {
  103. exit(json_encode(["status" => "ERROR", "msg" => lang("user does not exist", false), "user" => $VARS['employee']]));
  104. }
  105. } else {
  106. exit(json_encode(["status" => "ERROR", "msg" => lang("user does not exist", false), "user" => $VARS['manager']]));
  107. }
  108. break;
  109. default:
  110. header("HTTP/1.1 400 Bad Request");
  111. die("\"400 Bad Request\"");
  112. }
  113. /* } catch (Exception $e) {
  114. header("HTTP/1.1 500 Internal Server Error");
  115. die("\"500 Internal Server Error\"");
  116. } */