An easy point of sale system with automatic inventory tracking. https://netsyms.biz/apps/nickelbox/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

login.php 5.9KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227
  1. <?php
  2. /**
  3. * Authentication and account functions. Connects to a Portal instance.
  4. */
  5. ////////////////////////////////////////////////////////////////////////////////
  6. // Account handling //
  7. ////////////////////////////////////////////////////////////////////////////////
  8. /**
  9. * Checks the given credentials against the API.
  10. * @param string $username
  11. * @param string $password
  12. * @return boolean True if OK, else false
  13. */
  14. function authenticate_user($username, $password) {
  15. $client = new GuzzleHttp\Client();
  16. $response = $client
  17. ->request('POST', PORTAL_API, [
  18. 'form_params' => [
  19. 'key' => PORTAL_KEY,
  20. 'action' => "auth",
  21. 'username' => $username,
  22. 'password' => $password
  23. ]
  24. ]);
  25. if ($response->getStatusCode() > 299) {
  26. sendError("Login server error: " . $response->getBody());
  27. }
  28. $resp = json_decode($response->getBody(), TRUE);
  29. if ($resp['status'] == "OK") {
  30. return true;
  31. } else {
  32. return false;
  33. }
  34. }
  35. /**
  36. * Check if a username exists.
  37. * @param String $username
  38. */
  39. function user_exists($username) {
  40. $client = new GuzzleHttp\Client();
  41. $response = $client
  42. ->request('POST', PORTAL_API, [
  43. 'form_params' => [
  44. 'key' => PORTAL_KEY,
  45. 'action' => "userexists",
  46. 'username' => $username
  47. ]
  48. ]);
  49. if ($response->getStatusCode() > 299) {
  50. sendError("Login server error: " . $response->getBody());
  51. }
  52. $resp = json_decode($response->getBody(), TRUE);
  53. if ($resp['status'] == "OK" && $resp['exists'] === true) {
  54. return true;
  55. } else {
  56. return false;
  57. }
  58. }
  59. /**
  60. * Get the account status: NORMAL, TERMINATED, LOCKED_OR_DISABLED,
  61. * CHANGE_PASSWORD, or ALERT_ON_ACCESS
  62. * @param string $username
  63. * @return string
  64. */
  65. function get_account_status($username) {
  66. $client = new GuzzleHttp\Client();
  67. $response = $client
  68. ->request('POST', PORTAL_API, [
  69. 'form_params' => [
  70. 'key' => PORTAL_KEY,
  71. 'action' => "acctstatus",
  72. 'username' => $username
  73. ]
  74. ]);
  75. if ($response->getStatusCode() > 299) {
  76. sendError("Login server error: " . $response->getBody());
  77. }
  78. $resp = json_decode($response->getBody(), TRUE);
  79. if ($resp['status'] == "OK") {
  80. return $resp['account'];
  81. } else {
  82. return false;
  83. }
  84. }
  85. ////////////////////////////////////////////////////////////////////////////////
  86. // Login handling //
  87. ////////////////////////////////////////////////////////////////////////////////
  88. /**
  89. * Setup $_SESSION values with user data and set loggedin flag to true
  90. * @param string $username
  91. */
  92. function doLoginUser($username) {
  93. $client = new GuzzleHttp\Client();
  94. $response = $client
  95. ->request('POST', PORTAL_API, [
  96. 'form_params' => [
  97. 'key' => PORTAL_KEY,
  98. 'action' => "userinfo",
  99. 'username' => $username
  100. ]
  101. ]);
  102. if ($response->getStatusCode() > 299) {
  103. sendError("Login server error: " . $response->getBody());
  104. }
  105. $resp = json_decode($response->getBody(), TRUE);
  106. var_dump($resp);
  107. if ($resp['status'] == "OK") {
  108. $userinfo = $resp['data'];
  109. $_SESSION['username'] = $username;
  110. $_SESSION['uid'] = $userinfo['uid'];
  111. $_SESSION['email'] = $userinfo['email'];
  112. $_SESSION['realname'] = $userinfo['name'];
  113. $_SESSION['password'] = $password;
  114. $_SESSION['loggedin'] = true;
  115. return true;
  116. } else {
  117. return false;
  118. }
  119. }
  120. function simLogin($username, $password) {
  121. $client = new GuzzleHttp\Client();
  122. $response = $client
  123. ->request('POST', PORTAL_API, [
  124. 'form_params' => [
  125. 'key' => PORTAL_KEY,
  126. 'action' => "login",
  127. 'username' => $username,
  128. 'password' => $password
  129. ]
  130. ]);
  131. if ($response->getStatusCode() > 299) {
  132. sendError("Login server error: " . $response->getBody());
  133. }
  134. $resp = json_decode($response->getBody(), TRUE);
  135. if ($resp['status'] == "OK") {
  136. return true;
  137. } else {
  138. return $resp['msg'];
  139. }
  140. }
  141. ////////////////////////////////////////////////////////////////////////////////
  142. // 2-factor authentication //
  143. ////////////////////////////////////////////////////////////////////////////////
  144. /**
  145. * Check if a user has TOTP setup
  146. * @param string $username
  147. * @return boolean true if TOTP secret exists, else false
  148. */
  149. function userHasTOTP($username) {
  150. $client = new GuzzleHttp\Client();
  151. $response = $client
  152. ->request('POST', PORTAL_API, [
  153. 'form_params' => [
  154. 'key' => PORTAL_KEY,
  155. 'action' => "hastotp",
  156. 'username' => $username
  157. ]
  158. ]);
  159. if ($response->getStatusCode() > 299) {
  160. sendError("Login server error: " . $response->getBody());
  161. }
  162. $resp = json_decode($response->getBody(), TRUE);
  163. if ($resp['status'] == "OK") {
  164. return $resp['otp'];
  165. } else {
  166. return false;
  167. }
  168. }
  169. /**
  170. * Verify a TOTP multiauth code
  171. * @global $database
  172. * @param string $username
  173. * @param int $code
  174. * @return boolean true if it's legit, else false
  175. */
  176. function verifyTOTP($username, $code) {
  177. $client = new GuzzleHttp\Client();
  178. $response = $client
  179. ->request('POST', PORTAL_API, [
  180. 'form_params' => [
  181. 'key' => PORTAL_KEY,
  182. 'action' => "verifytotp",
  183. 'username' => $username,
  184. 'code' => $code
  185. ]
  186. ]);
  187. if ($response->getStatusCode() > 299) {
  188. sendError("Login server error: " . $response->getBody());
  189. }
  190. $resp = json_decode($response->getBody(), TRUE);
  191. if ($resp['status'] == "OK") {
  192. return $resp['valid'];
  193. } else {
  194. return false;
  195. }
  196. }