An easy point of sale system with automatic inventory tracking. https://netsyms.biz/apps/nickelbox/
Du kannst nicht mehr als 25 Themen auswählen Themen müssen mit entweder einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.

login.php 6.6KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259
  1. <?php
  2. /**
  3. * Authentication and account functions. Connects to a Portal instance.
  4. */
  5. /**
  6. * Check the login server API for sanity
  7. * @return boolean true if OK, else false
  8. */
  9. function checkLoginServer() {
  10. try {
  11. $client = new GuzzleHttp\Client();
  12. $response = $client
  13. ->request('POST', PORTAL_API, [
  14. 'form_params' => [
  15. 'key' => PORTAL_KEY,
  16. 'action' => "ping"
  17. ]
  18. ]);
  19. if ($response->getStatusCode() != 200) {
  20. return false;
  21. }
  22. $resp = json_decode($response->getBody(), TRUE);
  23. if ($resp['status'] == "OK") {
  24. return true;
  25. } else {
  26. return false;
  27. }
  28. } catch (Exception $e) {
  29. return false;
  30. }
  31. }
  32. ////////////////////////////////////////////////////////////////////////////////
  33. // Account handling //
  34. ////////////////////////////////////////////////////////////////////////////////
  35. /**
  36. * Checks the given credentials against the API.
  37. * @param string $username
  38. * @param string $password
  39. * @return boolean True if OK, else false
  40. */
  41. function authenticate_user($username, $password) {
  42. $client = new GuzzleHttp\Client();
  43. $response = $client
  44. ->request('POST', PORTAL_API, [
  45. 'form_params' => [
  46. 'key' => PORTAL_KEY,
  47. 'action' => "auth",
  48. 'username' => $username,
  49. 'password' => $password
  50. ]
  51. ]);
  52. if ($response->getStatusCode() > 299) {
  53. sendError("Login server error: " . $response->getBody());
  54. }
  55. $resp = json_decode($response->getBody(), TRUE);
  56. if ($resp['status'] == "OK") {
  57. return true;
  58. } else {
  59. return false;
  60. }
  61. }
  62. /**
  63. * Check if a username exists.
  64. * @param String $username
  65. */
  66. function user_exists($username) {
  67. $client = new GuzzleHttp\Client();
  68. $response = $client
  69. ->request('POST', PORTAL_API, [
  70. 'form_params' => [
  71. 'key' => PORTAL_KEY,
  72. 'action' => "userexists",
  73. 'username' => $username
  74. ]
  75. ]);
  76. if ($response->getStatusCode() > 299) {
  77. sendError("Login server error: " . $response->getBody());
  78. }
  79. $resp = json_decode($response->getBody(), TRUE);
  80. if ($resp['status'] == "OK" && $resp['exists'] === true) {
  81. return true;
  82. } else {
  83. return false;
  84. }
  85. }
  86. /**
  87. * Get the account status: NORMAL, TERMINATED, LOCKED_OR_DISABLED,
  88. * CHANGE_PASSWORD, or ALERT_ON_ACCESS
  89. * @param string $username
  90. * @return string
  91. */
  92. function get_account_status($username) {
  93. $client = new GuzzleHttp\Client();
  94. $response = $client
  95. ->request('POST', PORTAL_API, [
  96. 'form_params' => [
  97. 'key' => PORTAL_KEY,
  98. 'action' => "acctstatus",
  99. 'username' => $username
  100. ]
  101. ]);
  102. if ($response->getStatusCode() > 299) {
  103. sendError("Login server error: " . $response->getBody());
  104. }
  105. $resp = json_decode($response->getBody(), TRUE);
  106. if ($resp['status'] == "OK") {
  107. return $resp['account'];
  108. } else {
  109. return false;
  110. }
  111. }
  112. ////////////////////////////////////////////////////////////////////////////////
  113. // Login handling //
  114. ////////////////////////////////////////////////////////////////////////////////
  115. /**
  116. * Setup $_SESSION values with user data and set loggedin flag to true
  117. * @param string $username
  118. */
  119. function doLoginUser($username) {
  120. $client = new GuzzleHttp\Client();
  121. $response = $client
  122. ->request('POST', PORTAL_API, [
  123. 'form_params' => [
  124. 'key' => PORTAL_KEY,
  125. 'action' => "userinfo",
  126. 'username' => $username
  127. ]
  128. ]);
  129. if ($response->getStatusCode() > 299) {
  130. sendError("Login server error: " . $response->getBody());
  131. }
  132. $resp = json_decode($response->getBody(), TRUE);
  133. var_dump($resp);
  134. if ($resp['status'] == "OK") {
  135. $userinfo = $resp['data'];
  136. $_SESSION['username'] = $username;
  137. $_SESSION['uid'] = $userinfo['uid'];
  138. $_SESSION['email'] = $userinfo['email'];
  139. $_SESSION['realname'] = $userinfo['name'];
  140. $_SESSION['password'] = $password;
  141. $_SESSION['loggedin'] = true;
  142. return true;
  143. } else {
  144. return false;
  145. }
  146. }
  147. function simLogin($username, $password) {
  148. $client = new GuzzleHttp\Client();
  149. $response = $client
  150. ->request('POST', PORTAL_API, [
  151. 'form_params' => [
  152. 'key' => PORTAL_KEY,
  153. 'action' => "login",
  154. 'username' => $username,
  155. 'password' => $password
  156. ]
  157. ]);
  158. if ($response->getStatusCode() > 299) {
  159. sendError("Login server error: " . $response->getBody());
  160. }
  161. $resp = json_decode($response->getBody(), TRUE);
  162. if ($resp['status'] == "OK") {
  163. return true;
  164. } else {
  165. return $resp['msg'];
  166. }
  167. }
  168. ////////////////////////////////////////////////////////////////////////////////
  169. // 2-factor authentication //
  170. ////////////////////////////////////////////////////////////////////////////////
  171. /**
  172. * Check if a user has TOTP setup
  173. * @param string $username
  174. * @return boolean true if TOTP secret exists, else false
  175. */
  176. function userHasTOTP($username) {
  177. $client = new GuzzleHttp\Client();
  178. $response = $client
  179. ->request('POST', PORTAL_API, [
  180. 'form_params' => [
  181. 'key' => PORTAL_KEY,
  182. 'action' => "hastotp",
  183. 'username' => $username
  184. ]
  185. ]);
  186. if ($response->getStatusCode() > 299) {
  187. sendError("Login server error: " . $response->getBody());
  188. }
  189. $resp = json_decode($response->getBody(), TRUE);
  190. if ($resp['status'] == "OK") {
  191. return $resp['otp'];
  192. } else {
  193. return false;
  194. }
  195. }
  196. /**
  197. * Verify a TOTP multiauth code
  198. * @global $database
  199. * @param string $username
  200. * @param int $code
  201. * @return boolean true if it's legit, else false
  202. */
  203. function verifyTOTP($username, $code) {
  204. $client = new GuzzleHttp\Client();
  205. $response = $client
  206. ->request('POST', PORTAL_API, [
  207. 'form_params' => [
  208. 'key' => PORTAL_KEY,
  209. 'action' => "verifytotp",
  210. 'username' => $username,
  211. 'code' => $code
  212. ]
  213. ]);
  214. if ($response->getStatusCode() > 299) {
  215. sendError("Login server error: " . $response->getBody());
  216. }
  217. $resp = json_decode($response->getBody(), TRUE);
  218. if ($resp['status'] == "OK") {
  219. return $resp['valid'];
  220. } else {
  221. return false;
  222. }
  223. }