Business
/
NickelBox
2
0
Fork 0
Código Incidencias 7 Pull Requests 0 Lanzamientos 0 Wiki Actividad
An easy point of sale system with automatic inventory tracking. https://netsyms.biz/apps/nickelbox/
No puede seleccionar más de 25 temas Los temas deben comenzar con una letra o número, pueden incluir guiones ('-') y pueden tener hasta 35 caracteres de largo.
181 Commits
1 Rama
2.8 MiB
 
 
 
Árbol: d8613f0baa
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde 'd8613f0baa'
${ noResults }
NickelBox/lib/Login.lib.php

130 líneas
3.5 KiB
Original Blame Histórico 

  1. <?php

  2. 

  3. /*

  4.  * This Source Code Form is subject to the terms of the Mozilla Public

  5.  * License, v. 2.0. If a copy of the MPL was not distributed with this

  6.  * file, You can obtain one at http://mozilla.org/MPL/2.0/.

  7.  */

  8. 

  9. class Login {

  10. 

  11.     const BAD_USERPASS = 1;

  12.     const BAD_2FA = 2;

  13.     const ACCOUNT_DISABLED = 3;

  14.     const LOGIN_OK = 4;

  15. 

  16.     public static function auth(string $username, string $password, string $twofa = ""): int {

  17.         global $database;

  18.         $username = strtolower($username);

  19. 

  20.         $user = User::byUsername($username);

  21. 

  22.         if (!$user->exists()) {

  23.             return Login::BAD_USERPASS;

  24.         }

  25.         if (!$user->checkPassword($password)) {

  26.             return Login::BAD_USERPASS;

  27.         }

  28. 

  29.         if ($user->has2fa()) {

  30.             if (!$user->check2fa($twofa)) {

  31.                 return Login::BAD_2FA;

  32.             }

  33.         }

  34. 

  35.         switch ($user->getStatus()->get()) {

  36.             case AccountStatus::TERMINATED:

  37.                 return Login::BAD_USERPASS;

  38.             case AccountStatus::LOCKED_OR_DISABLED:

  39.                 return Login::ACCOUNT_DISABLED;

  40.             case AccountStatus::NORMAL:

  41.             default:

  42.                 return Login::LOGIN_OK;

  43.         }

  44. 

  45.         return Login::LOGIN_OK;

  46.     }

  47. 

  48.     public static function verifyCaptcha(string $session, string $answer, string $url): bool {

  49.         $data = [

  50.             'session_id' => $session,

  51.             'answer_id' => $answer,

  52.             'action' => "verify"

  53.         ];

  54.         $options = [

  55.             'http' => [

  56.                 'header' => "Content-type: application/x-www-form-urlencoded\r\n",

  57.                 'method' => 'POST',

  58.                 'content' => http_build_query($data)

  59.             ]

  60.         ];

  61.         $context = stream_context_create($options);

  62.         $result = file_get_contents($url, false, $context);

  63.         $resp = json_decode($result, TRUE);

  64.         if (!$resp['result']) {

  65.             return false;

  66.         } else {

  67.             return true;

  68.         }

  69.     }

  70. 

  71.     /**

  72.      * Check the login server API for sanity

  73.      * @return boolean true if OK, else false

  74.      */

  75.     public static function checkLoginServer() {

  76.         try {

  77.             $client = new GuzzleHttp\Client();

  78. 

  79.             $response = $client

  80.                     ->request('POST', PORTAL_API, [

  81.                 'form_params' => [

  82.                     'key' => PORTAL_KEY,

  83.                     'action' => "ping"

  84.                 ]

  85.             ]);

  86. 

  87.             if ($response->getStatusCode() != 200) {

  88.                 return false;

  89.             }

  90. 

  91.             $resp = json_decode($response->getBody(), TRUE);

  92.             if ($resp['status'] == "OK") {

  93.                 return true;

  94.             } else {

  95.                 return false;

  96.             }

  97.         } catch (Exception $e) {

  98.             return false;

  99.         }

  100.     }

  101. 

  102.     /**

  103.      * Checks if the given AccountHub API key is valid by attempting to

  104.      * access the API with it.

  105.      * @param String $key The API key to check

  106.      * @return boolean TRUE if the key is valid, FALSE if invalid or something went wrong

  107.      */

  108.     function checkAPIKey($key) {

  109.         try {

  110.             $client = new GuzzleHttp\Client();

  111. 

  112.             $response = $client

  113.                     ->request('POST', PORTAL_API, [

  114.                 'form_params' => [

  115.                     'key' => $key,

  116.                     'action' => "ping"

  117.                 ]

  118.             ]);

  119. 

  120.             if ($response->getStatusCode() === 200) {

  121.                 return true;

  122.             }

  123.             return false;

  124.         } catch (Exception $e) {

  125.             return false;

  126.         }

  127.     }

  128. 

  129. }