An easy point of sale system with automatic inventory tracking. https://netsyms.biz/apps/nickelbox/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

index.php 2.6KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384
  1. <?php
  2. /* This Source Code Form is subject to the terms of the Mozilla Public
  3. * License, v. 2.0. If a copy of the MPL was not distributed with this
  4. * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
  5. /*
  6. * Mobile app API
  7. */
  8. require __DIR__ . "/../required.php";
  9. header('Content-Type: application/json');
  10. header('Access-Control-Allow-Origin: *');
  11. // Allow ping check without authentication
  12. if ($VARS['action'] == "ping") {
  13. exit(json_encode(["status" => "OK"]));
  14. }
  15. function mobile_enabled() {
  16. $resp = AccountHubApi::get("mobileenabled");
  17. if ($resp['status'] == "OK" && $resp['mobile'] === TRUE) {
  18. return true;
  19. } else {
  20. return false;
  21. }
  22. }
  23. function mobile_valid($username, $code) {
  24. try {
  25. $resp = AccountHubApi::get("mobilevalid", ["code" => $code, "username" => $username], true);
  26. if ($resp['status'] == "OK" && $resp['valid'] === TRUE) {
  27. return true;
  28. } else {
  29. return false;
  30. }
  31. } catch (Exception $ex) {
  32. return false;
  33. }
  34. }
  35. if (mobile_enabled() !== TRUE) {
  36. exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("mobile login disabled", false)]));
  37. }
  38. // Make sure we have a username and access key
  39. if (empty($VARS['username']) || empty($VARS['key'])) {
  40. http_response_code(401);
  41. die(json_encode(["status" => "ERROR", "msg" => "Missing username and/or access key."]));
  42. }
  43. // Make sure the username and key are actually legit
  44. if (!mobile_valid($VARS['username'], $VARS['key'])) {
  45. engageRateLimit();
  46. http_response_code(401);
  47. die(json_encode(["status" => "ERROR", "msg" => "Invalid username and/or access key."]));
  48. }
  49. // Process the action
  50. switch ($VARS['action']) {
  51. case "start_session":
  52. // Do a web login.
  53. $user = User::byUsername($VARS['username']);
  54. if ($user->exists()) {
  55. if ($user->getStatus()->getString() == "NORMAL") {
  56. if ($user->checkPassword($VARS['password'])) {
  57. foreach ($SETTINGS['permissions'] as $perm) {
  58. if (!$user->hasPermission($perm)) {
  59. exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("no permission", false)]));
  60. }
  61. }
  62. Session::start($user);
  63. $_SESSION['mobile'] = true;
  64. exit(json_encode(["status" => "OK"]));
  65. }
  66. }
  67. }
  68. exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("login incorrect", false)]));
  69. default:
  70. http_response_code(404);
  71. die(json_encode(["status" => "ERROR", "msg" => "The requested action is not available."]));
  72. }