Single-sign-on and self-serve account management. https://netsyms.biz/apps/accounthub
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

index.php 3.3KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113
  1. <?php
  2. /* This Source Code Form is subject to the terms of the Mozilla Public
  3. * License, v. 2.0. If a copy of the MPL was not distributed with this
  4. * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
  5. /*
  6. * Mobile app API
  7. */
  8. // The name of the permission needed to log in.
  9. // Set to null if you don't need it.
  10. $access_permission = null;
  11. require __DIR__ . "/../required.php";
  12. require __DIR__ . "/../lib/login.php";
  13. header('Content-Type: application/json');
  14. header('Access-Control-Allow-Origin: *');
  15. // Allow ping check without authentication
  16. if ($VARS['action'] == "ping") {
  17. exit(json_encode(["status" => "OK"]));
  18. }
  19. function mobile_enabled() {
  20. $client = new GuzzleHttp\Client();
  21. $response = $client
  22. ->request('POST', PORTAL_API, [
  23. 'form_params' => [
  24. 'key' => PORTAL_KEY,
  25. 'action' => "mobileenabled"
  26. ]
  27. ]);
  28. if ($response->getStatusCode() > 299) {
  29. return false;
  30. }
  31. $resp = json_decode($response->getBody(), TRUE);
  32. if ($resp['status'] == "OK" && $resp['mobile'] === TRUE) {
  33. return true;
  34. } else {
  35. return false;
  36. }
  37. }
  38. function mobile_valid($username, $code) {
  39. $client = new GuzzleHttp\Client();
  40. $response = $client
  41. ->request('POST', PORTAL_API, [
  42. 'form_params' => [
  43. 'key' => PORTAL_KEY,
  44. "code" => $code,
  45. "username" => $username,
  46. 'action' => "mobilevalid"
  47. ]
  48. ]);
  49. if ($response->getStatusCode() > 299) {
  50. return false;
  51. }
  52. $resp = json_decode($response->getBody(), TRUE);
  53. if ($resp['status'] == "OK" && $resp['valid'] === TRUE) {
  54. return true;
  55. } else {
  56. return false;
  57. }
  58. }
  59. if (mobile_enabled() !== TRUE) {
  60. exit(json_encode(["status" => "ERROR", "msg" => lang("mobile login disabled", false)]));
  61. }
  62. // Make sure we have a username and access key
  63. if (is_empty($VARS['username']) || is_empty($VARS['key'])) {
  64. http_response_code(401);
  65. die(json_encode(["status" => "ERROR", "msg" => "Missing username and/or access key."]));
  66. }
  67. // Make sure the username and key are actually legit
  68. if (!mobile_valid($VARS['username'], $VARS['key'])) {
  69. engageRateLimit();
  70. http_response_code(401);
  71. die(json_encode(["status" => "ERROR", "msg" => "Invalid username and/or access key."]));
  72. }
  73. // Process the action
  74. switch ($VARS['action']) {
  75. case "start_session":
  76. // Do a web login.
  77. if (user_exists($VARS['username'])) {
  78. if (get_account_status($VARS['username']) == "NORMAL") {
  79. if (authenticate_user($VARS['username'], $VARS['password'], $autherror)) {
  80. if (is_null($access_permission) || account_has_permission($VARS['username'], $access_permission)) {
  81. doLoginUser($VARS['username'], $VARS['password']);
  82. $_SESSION['mobile'] = true;
  83. exit(json_encode(["status" => "OK"]));
  84. } else {
  85. exit(json_encode(["status" => "ERROR", "msg" => lang("no admin permission", false)]));
  86. }
  87. }
  88. }
  89. }
  90. exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)]));
  91. default:
  92. http_response_code(404);
  93. die(json_encode(["status" => "ERROR", "msg" => "The requested action is not available."]));
  94. }