diff --git a/index.php b/index.php index 1e6a411..763bbb4 100644 --- a/index.php +++ b/index.php @@ -35,7 +35,7 @@ if (checkLoginServer()) { } if ($userpass_ok) { if (account_has_permission($VARS['username'], "QWIKCLOCK") == FALSE) { - $alert = lang("no admin permission", false); + $alert = lang("no permission", false); } else { $_SESSION['passok'] = true; // stop logins using only username and authcode if (userHasTOTP($VARS['username'])) { diff --git a/lang/en_us.php b/lang/en_us.php index d8b24c5..856b10e 100644 --- a/lang/en_us.php +++ b/lang/en_us.php @@ -5,7 +5,7 @@ define("STRINGS", [ "username" => "Username", "password" => "Password", "continue" => "Continue", - "no admin permission" => "You do not have permission to access this system.", + "no permission" => "You do not have permission to access this system.", "authcode" => "Authentication code", "2fa prompt" => "Enter the six-digit code from your mobile authenticator app.", "2fa incorrect" => "Authentication code incorrect.", @@ -44,5 +44,6 @@ define("STRINGS", [ "this week" => "This Week", "x on the clock" => "{time} on the clock", "x punches" => "{count} punches", - "history" => "History" + "history" => "History", + "shifts" => "Shifts" ]); \ No newline at end of file diff --git a/lib/login.php b/lib/login.php index 1a92bdc..326deae 100644 --- a/lib/login.php +++ b/lib/login.php @@ -213,7 +213,7 @@ function doLoginUser($username) { } $resp = json_decode($response->getBody(), TRUE); - var_dump($resp); + if ($resp['status'] == "OK") { $userinfo = $resp['data']; $_SESSION['username'] = $username; diff --git a/mobile/index.php b/mobile/index.php new file mode 100644 index 0000000..373f48f --- /dev/null +++ b/mobile/index.php @@ -0,0 +1,103 @@ + "OK"])); +} + +function mobile_enabled() { + $client = new GuzzleHttp\Client(); + + $response = $client + ->request('POST', PORTAL_API, [ + 'form_params' => [ + 'key' => PORTAL_KEY, + 'action' => "mobileenabled" + ] + ]); + + if ($response->getStatusCode() > 299) { + return false; + } + + $resp = json_decode($response->getBody(), TRUE); + if ($resp['status'] == "OK" && $resp['mobile'] === TRUE) { + return true; + } else { + return false; + } +} + +function mobile_valid($username, $code) { + $client = new GuzzleHttp\Client(); + + $response = $client + ->request('POST', PORTAL_API, [ + 'form_params' => [ + 'key' => PORTAL_KEY, + "code" => $code, + "username" => $username, + 'action' => "mobilevalid" + ] + ]); + + if ($response->getStatusCode() > 299) { + return false; + } + + $resp = json_decode($response->getBody(), TRUE); + if ($resp['status'] == "OK" && $resp['valid'] === TRUE) { + return true; + } else { + return false; + } +} + +if (mobile_enabled() !== TRUE) { + exit(json_encode(["status" => "ERROR", "msg" => lang("mobile login disabled", false)])); +} + +// Make sure we have a username and access key +if (is_empty($VARS['username']) || is_empty($VARS['key'])) { + http_response_code(401); + die(json_encode(["status" => "ERROR", "msg" => "Missing username and/or access key."])); +} + +// Make sure the username and key are actually legit +if (!mobile_valid($VARS['username'], $VARS['key'])) { + engageRateLimit(); + http_response_code(401); + die(json_encode(["status" => "ERROR", "msg" => "Invalid username and/or access key."])); +} + +// Process the action +switch ($VARS['action']) { + case "start_session": + // Do a web login. + if (user_exists($VARS['username'])) { + if (get_account_status($VARS['username']) == "NORMAL") { + if (authenticate_user($VARS['username'], $VARS['password'], $autherror)) { + if (account_has_permission($VARS['username'], "QWIKCLOCK")) { + doLoginUser($VARS['username'], $VARS['password']); + exit(json_encode(["status" => "OK"])); + } else { + exit(json_encode(["status" => "ERROR", "msg" => lang("no permission", false)])); + } + } + } + } + exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)])); + default: + http_response_code(404); + die(json_encode(["status" => "ERROR", "msg" => "The requested action is not available."])); +} \ No newline at end of file