An easy point of sale system with automatic inventory tracking. https://netsyms.biz/apps/nickelbox/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Login.lib.php 3.5KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129
  1. <?php
  2. /*
  3. * This Source Code Form is subject to the terms of the Mozilla Public
  4. * License, v. 2.0. If a copy of the MPL was not distributed with this
  5. * file, You can obtain one at http://mozilla.org/MPL/2.0/.
  6. */
  7. class Login {
  8. const BAD_USERPASS = 1;
  9. const BAD_2FA = 2;
  10. const ACCOUNT_DISABLED = 3;
  11. const LOGIN_OK = 4;
  12. public static function auth(string $username, string $password, string $twofa = ""): int {
  13. global $database;
  14. $username = strtolower($username);
  15. $user = User::byUsername($username);
  16. if (!$user->exists()) {
  17. return Login::BAD_USERPASS;
  18. }
  19. if (!$user->checkPassword($password)) {
  20. return Login::BAD_USERPASS;
  21. }
  22. if ($user->has2fa()) {
  23. if (!$user->check2fa($twofa)) {
  24. return Login::BAD_2FA;
  25. }
  26. }
  27. switch ($user->getStatus()->get()) {
  28. case AccountStatus::TERMINATED:
  29. return Login::BAD_USERPASS;
  30. case AccountStatus::LOCKED_OR_DISABLED:
  31. return Login::ACCOUNT_DISABLED;
  32. case AccountStatus::NORMAL:
  33. default:
  34. return Login::LOGIN_OK;
  35. }
  36. return Login::LOGIN_OK;
  37. }
  38. public static function verifyCaptcha(string $session, string $answer, string $url): bool {
  39. $data = [
  40. 'session_id' => $session,
  41. 'answer_id' => $answer,
  42. 'action' => "verify"
  43. ];
  44. $options = [
  45. 'http' => [
  46. 'header' => "Content-type: application/x-www-form-urlencoded\r\n",
  47. 'method' => 'POST',
  48. 'content' => http_build_query($data)
  49. ]
  50. ];
  51. $context = stream_context_create($options);
  52. $result = file_get_contents($url, false, $context);
  53. $resp = json_decode($result, TRUE);
  54. if (!$resp['result']) {
  55. return false;
  56. } else {
  57. return true;
  58. }
  59. }
  60. /**
  61. * Check the login server API for sanity
  62. * @return boolean true if OK, else false
  63. */
  64. public static function checkLoginServer() {
  65. try {
  66. $client = new GuzzleHttp\Client();
  67. $response = $client
  68. ->request('POST', PORTAL_API, [
  69. 'form_params' => [
  70. 'key' => PORTAL_KEY,
  71. 'action' => "ping"
  72. ]
  73. ]);
  74. if ($response->getStatusCode() != 200) {
  75. return false;
  76. }
  77. $resp = json_decode($response->getBody(), TRUE);
  78. if ($resp['status'] == "OK") {
  79. return true;
  80. } else {
  81. return false;
  82. }
  83. } catch (Exception $e) {
  84. return false;
  85. }
  86. }
  87. /**
  88. * Checks if the given AccountHub API key is valid by attempting to
  89. * access the API with it.
  90. * @param String $key The API key to check
  91. * @return boolean TRUE if the key is valid, FALSE if invalid or something went wrong
  92. */
  93. function checkAPIKey($key) {
  94. try {
  95. $client = new GuzzleHttp\Client();
  96. $response = $client
  97. ->request('POST', PORTAL_API, [
  98. 'form_params' => [
  99. 'key' => $key,
  100. 'action' => "ping"
  101. ]
  102. ]);
  103. if ($response->getStatusCode() === 200) {
  104. return true;
  105. }
  106. return false;
  107. } catch (Exception $e) {
  108. return false;
  109. }
  110. }
  111. }