123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259 |
- <?php
-
- /**
- * Authentication and account functions. Connects to a Portal instance.
- */
-
- /**
- * Check the login server API for sanity
- * @return boolean true if OK, else false
- */
- function checkLoginServer() {
- try {
- $client = new GuzzleHttp\Client();
-
- $response = $client
- ->request('POST', PORTAL_API, [
- 'form_params' => [
- 'key' => PORTAL_KEY,
- 'action' => "ping"
- ]
- ]);
-
- if ($response->getStatusCode() != 200) {
- return false;
- }
-
- $resp = json_decode($response->getBody(), TRUE);
- if ($resp['status'] == "OK") {
- return true;
- } else {
- return false;
- }
- } catch (Exception $e) {
- return false;
- }
- }
-
- ////////////////////////////////////////////////////////////////////////////////
- // Account handling //
- ////////////////////////////////////////////////////////////////////////////////
-
- /**
- * Checks the given credentials against the API.
- * @param string $username
- * @param string $password
- * @return boolean True if OK, else false
- */
- function authenticate_user($username, $password) {
- $client = new GuzzleHttp\Client();
-
- $response = $client
- ->request('POST', PORTAL_API, [
- 'form_params' => [
- 'key' => PORTAL_KEY,
- 'action' => "auth",
- 'username' => $username,
- 'password' => $password
- ]
- ]);
-
- if ($response->getStatusCode() > 299) {
- sendError("Login server error: " . $response->getBody());
- }
-
- $resp = json_decode($response->getBody(), TRUE);
- if ($resp['status'] == "OK") {
- return true;
- } else {
- return false;
- }
- }
-
- /**
- * Check if a username exists.
- * @param String $username
- */
- function user_exists($username) {
- $client = new GuzzleHttp\Client();
-
- $response = $client
- ->request('POST', PORTAL_API, [
- 'form_params' => [
- 'key' => PORTAL_KEY,
- 'action' => "userexists",
- 'username' => $username
- ]
- ]);
-
- if ($response->getStatusCode() > 299) {
- sendError("Login server error: " . $response->getBody());
- }
-
- $resp = json_decode($response->getBody(), TRUE);
- if ($resp['status'] == "OK" && $resp['exists'] === true) {
- return true;
- } else {
- return false;
- }
- }
-
- /**
- * Get the account status: NORMAL, TERMINATED, LOCKED_OR_DISABLED,
- * CHANGE_PASSWORD, or ALERT_ON_ACCESS
- * @param string $username
- * @return string
- */
- function get_account_status($username) {
- $client = new GuzzleHttp\Client();
-
- $response = $client
- ->request('POST', PORTAL_API, [
- 'form_params' => [
- 'key' => PORTAL_KEY,
- 'action' => "acctstatus",
- 'username' => $username
- ]
- ]);
-
- if ($response->getStatusCode() > 299) {
- sendError("Login server error: " . $response->getBody());
- }
-
- $resp = json_decode($response->getBody(), TRUE);
- if ($resp['status'] == "OK") {
- return $resp['account'];
- } else {
- return false;
- }
- }
-
- ////////////////////////////////////////////////////////////////////////////////
- // Login handling //
- ////////////////////////////////////////////////////////////////////////////////
-
- /**
- * Setup $_SESSION values with user data and set loggedin flag to true
- * @param string $username
- */
- function doLoginUser($username) {
- $client = new GuzzleHttp\Client();
-
- $response = $client
- ->request('POST', PORTAL_API, [
- 'form_params' => [
- 'key' => PORTAL_KEY,
- 'action' => "userinfo",
- 'username' => $username
- ]
- ]);
-
- if ($response->getStatusCode() > 299) {
- sendError("Login server error: " . $response->getBody());
- }
-
- $resp = json_decode($response->getBody(), TRUE);
- var_dump($resp);
- if ($resp['status'] == "OK") {
- $userinfo = $resp['data'];
- $_SESSION['username'] = $username;
- $_SESSION['uid'] = $userinfo['uid'];
- $_SESSION['email'] = $userinfo['email'];
- $_SESSION['realname'] = $userinfo['name'];
- $_SESSION['password'] = $password;
- $_SESSION['loggedin'] = true;
- return true;
- } else {
- return false;
- }
- }
-
- function simLogin($username, $password) {
- $client = new GuzzleHttp\Client();
-
- $response = $client
- ->request('POST', PORTAL_API, [
- 'form_params' => [
- 'key' => PORTAL_KEY,
- 'action' => "login",
- 'username' => $username,
- 'password' => $password
- ]
- ]);
-
- if ($response->getStatusCode() > 299) {
- sendError("Login server error: " . $response->getBody());
- }
-
- $resp = json_decode($response->getBody(), TRUE);
- if ($resp['status'] == "OK") {
- return true;
- } else {
- return $resp['msg'];
- }
- }
-
- ////////////////////////////////////////////////////////////////////////////////
- // 2-factor authentication //
- ////////////////////////////////////////////////////////////////////////////////
-
- /**
- * Check if a user has TOTP setup
- * @param string $username
- * @return boolean true if TOTP secret exists, else false
- */
- function userHasTOTP($username) {
- $client = new GuzzleHttp\Client();
-
- $response = $client
- ->request('POST', PORTAL_API, [
- 'form_params' => [
- 'key' => PORTAL_KEY,
- 'action' => "hastotp",
- 'username' => $username
- ]
- ]);
-
- if ($response->getStatusCode() > 299) {
- sendError("Login server error: " . $response->getBody());
- }
-
- $resp = json_decode($response->getBody(), TRUE);
- if ($resp['status'] == "OK") {
- return $resp['otp'];
- } else {
- return false;
- }
- }
-
- /**
- * Verify a TOTP multiauth code
- * @global $database
- * @param string $username
- * @param int $code
- * @return boolean true if it's legit, else false
- */
- function verifyTOTP($username, $code) {
- $client = new GuzzleHttp\Client();
-
- $response = $client
- ->request('POST', PORTAL_API, [
- 'form_params' => [
- 'key' => PORTAL_KEY,
- 'action' => "verifytotp",
- 'username' => $username,
- 'code' => $code
- ]
- ]);
-
- if ($response->getStatusCode() > 299) {
- sendError("Login server error: " . $response->getBody());
- }
-
- $resp = json_decode($response->getBody(), TRUE);
- if ($resp['status'] == "OK") {
- return $resp['valid'];
- } else {
- return false;
- }
- }
|