@@ -11,6 +11,5 @@ | |||
"invalid parameters": "Invalid request parameters.", | |||
"login server error": "The login server returned an error: {arg}", | |||
"login server user data error": "The login server refused to provide account information. Try again or contact technical support.", | |||
"captcha error": "There was a problem with the CAPTCHA (robot test). Try again.", | |||
"no access permission": "You do not have permission to access this system." | |||
} |
@@ -45,29 +45,6 @@ class Login { | |||
return Login::LOGIN_OK; | |||
} | |||
public static function verifyCaptcha(string $session, string $answer, string $url): bool { | |||
$data = [ | |||
'session_id' => $session, | |||
'answer_id' => $answer, | |||
'action' => "verify" | |||
]; | |||
$options = [ | |||
'http' => [ | |||
'header' => "Content-type: application/x-www-form-urlencoded\r\n", | |||
'method' => 'POST', | |||
'content' => http_build_query($data) | |||
] | |||
]; | |||
$context = stream_context_create($options); | |||
$result = file_get_contents($url, false, $context); | |||
$resp = json_decode($result, TRUE); | |||
if (!$resp['result']) { | |||
return false; | |||
} else { | |||
return true; | |||
} | |||
} | |||
/** | |||
* Check the login server API for sanity | |||
* @return boolean true if OK, else false |
@@ -32,7 +32,6 @@ session_start(); // stick some cookies in it | |||
// renew session cookie | |||
setcookie(session_name(), session_id(), time() + $session_length, "/", false, false); | |||
$captcha_server = ($SETTINGS['captcha']['enabled'] === true ? preg_replace("/http(s)?:\/\//", "", $SETTINGS['captcha']['server']) : ""); | |||
if ($_SESSION['mobile'] === TRUE) { | |||
header("Content-Security-Policy: " | |||
. "default-src 'self';" | |||
@@ -42,8 +41,8 @@ if ($_SESSION['mobile'] === TRUE) { | |||
. "frame-src 'none'; " | |||
. "font-src 'self'; " | |||
. "connect-src *; " | |||
. "style-src 'self' 'unsafe-inline' $captcha_server; " | |||
. "script-src 'self' 'unsafe-inline' $captcha_server"); | |||
. "style-src 'self' 'unsafe-inline'; " | |||
. "script-src 'self' 'unsafe-inline'"); | |||
} else { | |||
header("Content-Security-Policy: " | |||
. "default-src 'self';" | |||
@@ -53,8 +52,8 @@ if ($_SESSION['mobile'] === TRUE) { | |||
. "frame-src 'none'; " | |||
. "font-src 'self'; " | |||
. "connect-src *; " | |||
. "style-src 'self' 'nonce-$SECURE_NONCE' $captcha_server; " | |||
. "script-src 'self' 'nonce-$SECURE_NONCE' $captcha_server"); | |||
. "style-src 'self' 'nonce-$SECURE_NONCE'; " | |||
. "script-src 'self' 'nonce-$SECURE_NONCE'"); | |||
} | |||
// |
@@ -15,7 +15,6 @@ $SETTINGS = [ | |||
// Turning this on in production is a security risk and can sometimes break | |||
// things, such as JSON output where extra content is not expected. | |||
"debug" => false, | |||
// Database connection settings | |||
// See http://medoo.in/api/new for info | |||
"database" => [ | |||
@@ -26,10 +25,8 @@ $SETTINGS = [ | |||
"password" => "", | |||
"charset" => "utf8" | |||
], | |||
// Name of the app. | |||
"site_title" => "Web App Template", | |||
// Settings for connecting to the AccountHub server. | |||
"accounthub" => [ | |||
// URL for the API endpoint | |||
@@ -39,26 +36,14 @@ $SETTINGS = [ | |||
// API key | |||
"key" => "123" | |||
], | |||
// For supported values, see http://php.net/manual/en/timezones.php | |||
"timezone" => "America/Denver", | |||
// Use Captcheck on login screen to slow down bots | |||
// https://captcheck.netsyms.com | |||
"captcha" => [ | |||
"enabled" => false, | |||
"server" => "https://captcheck.netsyms.com" | |||
], | |||
// Language to use for localization. See langs folder to add a language. | |||
"language" => "en", | |||
// Shown in the footer of all the pages. | |||
"footer_text" => "", | |||
// Also shown in the footer, but with "Copyright <current_year>" in front. | |||
"copyright" => "Netsyms Technologies", | |||
// Base URL for building links relative to the location of the app. | |||
// Only used when there's no good context for the path. | |||
// The default is almost definitely fine. |