From de4dcc37bce969399e98901551b3a15225b19747 Mon Sep 17 00:00:00 2001
From: Skylar Ittner <admin@netsyms.com>
Date: Sat, 6 May 2017 23:20:18 -0600
Subject: [PATCH] Add uid_exists($uid), better login error messages

---
 app.php       |  1 +
 index.php     |  9 +++++++--
 lib/login.php | 31 ++++++++++++++++++++++++++++++-
 3 files changed, 38 insertions(+), 3 deletions(-)

diff --git a/app.php b/app.php
index de75a75..e64530d 100644
--- a/app.php
+++ b/app.php
@@ -114,6 +114,7 @@ if (!is_empty($_GET['page'])) {
                             ?>
                         </ul>
                         <ul class="nav navbar-nav navbar-right">
+                            <li><span class="navbar-text navbar-link"><i class="fa fa-user fa-fw"></i> <?php echo $_SESSION['realname'] ?></span></li>
                             <li><a href="action.php?action=signout"><i class="fa fa-sign-out fa-fw"></i> <?php lang("sign out") ?></a></li>
                         </ul>
                     </div>
diff --git a/index.php b/index.php
index 163d599..c9ceac4 100644
--- a/index.php
+++ b/index.php
@@ -14,7 +14,8 @@ $multiauth = false;
 if (checkLoginServer()) {
     if ($VARS['progress'] == "1") {
         if (!RECAPTCHA_ENABLED || (RECAPTCHA_ENABLED && verifyReCaptcha($VARS['g-recaptcha-response']))) {
-            if (authenticate_user($VARS['username'], $VARS['password'])) {
+            $errmsg = "";
+            if (authenticate_user($VARS['username'], $VARS['password'], $errmsg)) {
                 switch (get_account_status($VARS['username'])) {
                     case "LOCKED_OR_DISABLED":
                         $alert = lang("account locked", false);
@@ -43,7 +44,11 @@ if (checkLoginServer()) {
                     }
                 }
             } else {
-                $alert = lang("login incorrect", false);
+                if (!is_empty($errmsg)) {
+                    $alert = lang2("login server error", ['arg' => $errmsg], false);
+                } else {
+                    $alert = lang("login incorrect", false);
+                }
             }
         } else {
             $alert = lang("captcha error", false);
diff --git a/lib/login.php b/lib/login.php
index 1442478..88c5313 100644
--- a/lib/login.php
+++ b/lib/login.php
@@ -45,7 +45,7 @@ function checkLoginServer() {
  * @param string $password
  * @return boolean True if OK, else false
  */
-function authenticate_user($username, $password) {
+function authenticate_user($username, $password, &$errmsg) {
     $client = new GuzzleHttp\Client();
 
     $response = $client
@@ -66,6 +66,7 @@ function authenticate_user($username, $password) {
     if ($resp['status'] == "OK") {
         return true;
     } else {
+        $errmsg = $resp['msg'];
         return false;
     }
 }
@@ -98,6 +99,34 @@ function user_exists($username) {
     }
 }
 
+/**
+ * Check if a UID exists.
+ * @param String $uid
+ */
+function uid_exists($uid) {
+    $client = new GuzzleHttp\Client();
+
+    $response = $client
+            ->request('POST', PORTAL_API, [
+        'form_params' => [
+            'key' => PORTAL_KEY,
+            'action' => "userexists",
+            'uid' => $uid
+        ]
+    ]);
+
+    if ($response->getStatusCode() > 299) {
+        sendError("Login server error: " . $response->getBody());
+    }
+
+    $resp = json_decode($response->getBody(), TRUE);
+    if ($resp['status'] == "OK" && $resp['exists'] === true) {
+        return true;
+    } else {
+        return false;
+    }
+}
+
 /**
  * Get the account status: NORMAL, TERMINATED, LOCKED_OR_DISABLED,
  * CHANGE_PASSWORD, or ALERT_ON_ACCESS