Business
/
NickelBox
Suivre 1
Ajouter aux favoris 0
Bifurcation 0
Code Tickets 7 Demandes d'ajout 0 Versions 0 Wiki Activité
An easy point of sale system with automatic inventory tracking. https://netsyms.biz/apps/nickelbox/
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
3 Révisions
1 Branche
Aborescence: e28d3a93ac
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de 'e28d3a93ac'
${ noResults }
NickelBox/lib/login.php

login.php 6.6KB
Brut Annotations Historique

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259 
  1. <?php

  2. 

  3. /**

  4.  * Authentication and account functions.  Connects to a Portal instance.

  5.  */

  6. 

  7. /**

  8.  * Check the login server API for sanity

  9.  * @return boolean true if OK, else false

  10.  */

  11. function checkLoginServer() {

  12.     try {

  13.         $client = new GuzzleHttp\Client();

  14. 

  15.         $response = $client

  16.                 ->request('POST', PORTAL_API, [

  17.             'form_params' => [

  18.                 'key' => PORTAL_KEY,

  19.                 'action' => "ping"

  20.             ]

  21.         ]);

  22. 

  23.         if ($response->getStatusCode() != 200) {

  24.             return false;

  25.         }

  26. 

  27.         $resp = json_decode($response->getBody(), TRUE);

  28.         if ($resp['status'] == "OK") {

  29.             return true;

  30.         } else {

  31.             return false;

  32.         }

  33.     } catch (Exception $e) {

  34.         return false;

  35.     }

  36. }

  37. 

  38. ////////////////////////////////////////////////////////////////////////////////

  39. //                           Account handling                                 //

  40. ////////////////////////////////////////////////////////////////////////////////

  41. 

  42. /**

  43.  * Checks the given credentials against the API.

  44.  * @param string $username

  45.  * @param string $password

  46.  * @return boolean True if OK, else false

  47.  */

  48. function authenticate_user($username, $password) {

  49.     $client = new GuzzleHttp\Client();

  50. 

  51.     $response = $client

  52.             ->request('POST', PORTAL_API, [

  53.         'form_params' => [

  54.             'key' => PORTAL_KEY,

  55.             'action' => "auth",

  56.             'username' => $username,

  57.             'password' => $password

  58.         ]

  59.     ]);

  60. 

  61.     if ($response->getStatusCode() > 299) {

  62.         sendError("Login server error: " . $response->getBody());

  63.     }

  64. 

  65.     $resp = json_decode($response->getBody(), TRUE);

  66.     if ($resp['status'] == "OK") {

  67.         return true;

  68.     } else {

  69.         return false;

  70.     }

  71. }

  72. 

  73. /**

  74.  * Check if a username exists.

  75.  * @param String $username

  76.  */

  77. function user_exists($username) {

  78.     $client = new GuzzleHttp\Client();

  79. 

  80.     $response = $client

  81.             ->request('POST', PORTAL_API, [

  82.         'form_params' => [

  83.             'key' => PORTAL_KEY,

  84.             'action' => "userexists",

  85.             'username' => $username

  86.         ]

  87.     ]);

  88. 

  89.     if ($response->getStatusCode() > 299) {

  90.         sendError("Login server error: " . $response->getBody());

  91.     }

  92. 

  93.     $resp = json_decode($response->getBody(), TRUE);

  94.     if ($resp['status'] == "OK" && $resp['exists'] === true) {

  95.         return true;

  96.     } else {

  97.         return false;

  98.     }

  99. }

  100. 

  101. /**

  102.  * Get the account status: NORMAL, TERMINATED, LOCKED_OR_DISABLED,

  103.  * CHANGE_PASSWORD, or ALERT_ON_ACCESS

  104.  * @param string $username

  105.  * @return string

  106.  */

  107. function get_account_status($username) {

  108.     $client = new GuzzleHttp\Client();

  109. 

  110.     $response = $client

  111.             ->request('POST', PORTAL_API, [

  112.         'form_params' => [

  113.             'key' => PORTAL_KEY,

  114.             'action' => "acctstatus",

  115.             'username' => $username

  116.         ]

  117.     ]);

  118. 

  119.     if ($response->getStatusCode() > 299) {

  120.         sendError("Login server error: " . $response->getBody());

  121.     }

  122. 

  123.     $resp = json_decode($response->getBody(), TRUE);

  124.     if ($resp['status'] == "OK") {

  125.         return $resp['account'];

  126.     } else {

  127.         return false;

  128.     }

  129. }

  130. 

  131. ////////////////////////////////////////////////////////////////////////////////

  132. //                              Login handling                                //

  133. ////////////////////////////////////////////////////////////////////////////////

  134. 

  135. /**

  136.  * Setup $_SESSION values with user data and set loggedin flag to true

  137.  * @param string $username

  138.  */

  139. function doLoginUser($username) {

  140.     $client = new GuzzleHttp\Client();

  141. 

  142.     $response = $client

  143.             ->request('POST', PORTAL_API, [

  144.         'form_params' => [

  145.             'key' => PORTAL_KEY,

  146.             'action' => "userinfo",

  147.             'username' => $username

  148.         ]

  149.     ]);

  150. 

  151.     if ($response->getStatusCode() > 299) {

  152.         sendError("Login server error: " . $response->getBody());

  153.     }

  154. 

  155.     $resp = json_decode($response->getBody(), TRUE);

  156.     var_dump($resp);

  157.     if ($resp['status'] == "OK") {

  158.         $userinfo = $resp['data'];

  159.         $_SESSION['username'] = $username;

  160.         $_SESSION['uid'] = $userinfo['uid'];

  161.         $_SESSION['email'] = $userinfo['email'];

  162.         $_SESSION['realname'] = $userinfo['name'];

  163.         $_SESSION['password'] = $password;

  164.         $_SESSION['loggedin'] = true;

  165.         return true;

  166.     } else {

  167.         return false;

  168.     }

  169. }

  170. 

  171. function simLogin($username, $password) {

  172.     $client = new GuzzleHttp\Client();

  173. 

  174.     $response = $client

  175.             ->request('POST', PORTAL_API, [

  176.         'form_params' => [

  177.             'key' => PORTAL_KEY,

  178.             'action' => "login",

  179.             'username' => $username,

  180.             'password' => $password

  181.         ]

  182.     ]);

  183. 

  184.     if ($response->getStatusCode() > 299) {

  185.         sendError("Login server error: " . $response->getBody());

  186.     }

  187. 

  188.     $resp = json_decode($response->getBody(), TRUE);

  189.     if ($resp['status'] == "OK") {

  190.         return true;

  191.     } else {

  192.         return $resp['msg'];

  193.     }

  194. }

  195. 

  196. ////////////////////////////////////////////////////////////////////////////////

  197. //                          2-factor authentication                           //

  198. ////////////////////////////////////////////////////////////////////////////////

  199. 

  200. /**

  201.  * Check if a user has TOTP setup

  202.  * @param string $username

  203.  * @return boolean true if TOTP secret exists, else false

  204.  */

  205. function userHasTOTP($username) {

  206.     $client = new GuzzleHttp\Client();

  207. 

  208.     $response = $client

  209.             ->request('POST', PORTAL_API, [

  210.         'form_params' => [

  211.             'key' => PORTAL_KEY,

  212.             'action' => "hastotp",

  213.             'username' => $username

  214.         ]

  215.     ]);

  216. 

  217.     if ($response->getStatusCode() > 299) {

  218.         sendError("Login server error: " . $response->getBody());

  219.     }

  220. 

  221.     $resp = json_decode($response->getBody(), TRUE);

  222.     if ($resp['status'] == "OK") {

  223.         return $resp['otp'];

  224.     } else {

  225.         return false;

  226.     }

  227. }

  228. 

  229. /**

  230.  * Verify a TOTP multiauth code

  231.  * @global $database

  232.  * @param string $username

  233.  * @param int $code

  234.  * @return boolean true if it's legit, else false

  235.  */

  236. function verifyTOTP($username, $code) {

  237.     $client = new GuzzleHttp\Client();

  238. 

  239.     $response = $client

  240.             ->request('POST', PORTAL_API, [

  241.         'form_params' => [

  242.             'key' => PORTAL_KEY,

  243.             'action' => "verifytotp",

  244.             'username' => $username,

  245.             'code' => $code

  246.         ]

  247.     ]);

  248. 

  249.     if ($response->getStatusCode() > 299) {

  250.         sendError("Login server error: " . $response->getBody());

  251.     }

  252. 

  253.     $resp = json_decode($response->getBody(), TRUE);

  254.     if ($resp['status'] == "OK") {

  255.         return $resp['valid'];

  256.     } else {

  257.         return false;

  258.     }

  259. }