|
|
|
<?php
|
|
|
|
|
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Mobile app API
|
|
|
|
*/
|
|
|
|
|
|
|
|
require __DIR__ . "/../required.php";
|
|
|
|
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
header('Access-Control-Allow-Origin: *');
|
|
|
|
|
|
|
|
// Allow ping check without authentication
|
|
|
|
if ($VARS['action'] == "ping") {
|
|
|
|
exit(json_encode(["status" => "OK"]));
|
|
|
|
}
|
|
|
|
|
|
|
|
function mobile_enabled() {
|
|
|
|
$resp = AccountHubApi::get("mobileenabled");
|
|
|
|
if ($resp['status'] == "OK" && $resp['mobile'] === TRUE) {
|
|
|
|
return true;
|
|
|
|
} else {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
function mobile_valid($username, $code) {
|
|
|
|
try {
|
|
|
|
$resp = AccountHubApi::get("mobilevalid", ["code" => $code, "username" => $username], true);
|
|
|
|
|
|
|
|
if ($resp['status'] == "OK" && $resp['valid'] === TRUE) {
|
|
|
|
return true;
|
|
|
|
} else {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
} catch (Exception $ex) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (mobile_enabled() !== TRUE) {
|
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("mobile login disabled", false)]));
|
|
|
|
}
|
|
|
|
|
|
|
|
// Make sure we have a username and access key
|
|
|
|
if (empty($VARS['username']) || empty($VARS['key'])) {
|
|
|
|
http_response_code(401);
|
|
|
|
die(json_encode(["status" => "ERROR", "msg" => "Missing username and/or access key."]));
|
|
|
|
}
|
|
|
|
|
|
|
|
// Make sure the username and key are actually legit
|
|
|
|
if (!mobile_valid($VARS['username'], $VARS['key'])) {
|
|
|
|
engageRateLimit();
|
|
|
|
http_response_code(401);
|
|
|
|
die(json_encode(["status" => "ERROR", "msg" => "Invalid username and/or access key."]));
|
|
|
|
}
|
|
|
|
|
|
|
|
// Process the action
|
|
|
|
switch ($VARS['action']) {
|
|
|
|
case "start_session":
|
|
|
|
// Do a web login.
|
|
|
|
$user = User::byUsername($VARS['username']);
|
|
|
|
if ($user->exists()) {
|
|
|
|
if ($user->getStatus()->getString() == "NORMAL") {
|
|
|
|
if ($user->checkPassword($VARS['password'])) {
|
|
|
|
foreach ($SETTINGS['permissions'] as $perm) {
|
|
|
|
if (!$user->hasPermission($perm)) {
|
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("no permission", false)]));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
Session::start($user);
|
|
|
|
$_SESSION['mobile'] = true;
|
|
|
|
exit(json_encode(["status" => "OK"]));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("login incorrect", false)]));
|
|
|
|
default:
|
|
|
|
http_response_code(404);
|
|
|
|
die(json_encode(["status" => "ERROR", "msg" => "The requested action is not available."]));
|
|
|
|
}
|