浏览代码

Add mobile API

tags/v1.0
Skylar Ittner 2 年前
父节点
当前提交
4462925c50
共有 4 个文件被更改,包括 108 次插入4 次删除
  1. 1
    1
      index.php
  2. 3
    2
      lang/en_us.php
  3. 1
    1
      lib/login.php
  4. 103
    0
      mobile/index.php

+ 1
- 1
index.php 查看文件

@@ -35,7 +35,7 @@ if (checkLoginServer()) {
}
if ($userpass_ok) {
if (account_has_permission($VARS['username'], "QWIKCLOCK") == FALSE) {
$alert = lang("no admin permission", false);
$alert = lang("no permission", false);
} else {
$_SESSION['passok'] = true; // stop logins using only username and authcode
if (userHasTOTP($VARS['username'])) {

+ 3
- 2
lang/en_us.php 查看文件

@@ -5,7 +5,7 @@ define("STRINGS", [
"username" => "Username",
"password" => "Password",
"continue" => "Continue",
"no admin permission" => "You do not have permission to access this system.",
"no permission" => "You do not have permission to access this system.",
"authcode" => "Authentication code",
"2fa prompt" => "Enter the six-digit code from your mobile authenticator app.",
"2fa incorrect" => "Authentication code incorrect.",
@@ -44,5 +44,6 @@ define("STRINGS", [
"this week" => "This Week",
"x on the clock" => "{time} on the clock",
"x punches" => "{count} punches",
"history" => "History"
"history" => "History",
"shifts" => "Shifts"
]);

+ 1
- 1
lib/login.php 查看文件

@@ -213,7 +213,7 @@ function doLoginUser($username) {
}

$resp = json_decode($response->getBody(), TRUE);
var_dump($resp);
if ($resp['status'] == "OK") {
$userinfo = $resp['data'];
$_SESSION['username'] = $username;

+ 103
- 0
mobile/index.php 查看文件

@@ -0,0 +1,103 @@
<?php

/*
* Mobile app API
*/

require __DIR__ . "/../required.php";

require __DIR__ . "/../lib/login.php";

header('Content-Type: application/json');

// Allow ping check without authentication
if ($VARS['action'] == "ping") {
exit(json_encode(["status" => "OK"]));
}

function mobile_enabled() {
$client = new GuzzleHttp\Client();

$response = $client
->request('POST', PORTAL_API, [
'form_params' => [
'key' => PORTAL_KEY,
'action' => "mobileenabled"
]
]);

if ($response->getStatusCode() > 299) {
return false;
}

$resp = json_decode($response->getBody(), TRUE);
if ($resp['status'] == "OK" && $resp['mobile'] === TRUE) {
return true;
} else {
return false;
}
}

function mobile_valid($username, $code) {
$client = new GuzzleHttp\Client();

$response = $client
->request('POST', PORTAL_API, [
'form_params' => [
'key' => PORTAL_KEY,
"code" => $code,
"username" => $username,
'action' => "mobilevalid"
]
]);

if ($response->getStatusCode() > 299) {
return false;
}

$resp = json_decode($response->getBody(), TRUE);
if ($resp['status'] == "OK" && $resp['valid'] === TRUE) {
return true;
} else {
return false;
}
}

if (mobile_enabled() !== TRUE) {
exit(json_encode(["status" => "ERROR", "msg" => lang("mobile login disabled", false)]));
}

// Make sure we have a username and access key
if (is_empty($VARS['username']) || is_empty($VARS['key'])) {
http_response_code(401);
die(json_encode(["status" => "ERROR", "msg" => "Missing username and/or access key."]));
}

// Make sure the username and key are actually legit
if (!mobile_valid($VARS['username'], $VARS['key'])) {
engageRateLimit();
http_response_code(401);
die(json_encode(["status" => "ERROR", "msg" => "Invalid username and/or access key."]));
}

// Process the action
switch ($VARS['action']) {
case "start_session":
// Do a web login.
if (user_exists($VARS['username'])) {
if (get_account_status($VARS['username']) == "NORMAL") {
if (authenticate_user($VARS['username'], $VARS['password'], $autherror)) {
if (account_has_permission($VARS['username'], "QWIKCLOCK")) {
doLoginUser($VARS['username'], $VARS['password']);
exit(json_encode(["status" => "OK"]));
} else {
exit(json_encode(["status" => "ERROR", "msg" => lang("no permission", false)]));
}
}
}
}
exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)]));
default:
http_response_code(404);
die(json_encode(["status" => "ERROR", "msg" => "The requested action is not available."]));
}

正在加载...
取消
保存