QwikClock is an employee time tracking app.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

login.php 7.9KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313
  1. <?php
  2. /**
  3. * Authentication and account functions. Connects to a Portal instance.
  4. */
  5. /**
  6. * Check the login server API for sanity
  7. * @return boolean true if OK, else false
  8. */
  9. function checkLoginServer() {
  10. try {
  11. $client = new GuzzleHttp\Client();
  12. $response = $client
  13. ->request('POST', PORTAL_API, [
  14. 'form_params' => [
  15. 'key' => PORTAL_KEY,
  16. 'action' => "ping"
  17. ]
  18. ]);
  19. if ($response->getStatusCode() != 200) {
  20. return false;
  21. }
  22. $resp = json_decode($response->getBody(), TRUE);
  23. if ($resp['status'] == "OK") {
  24. return true;
  25. } else {
  26. return false;
  27. }
  28. } catch (Exception $e) {
  29. return false;
  30. }
  31. }
  32. ////////////////////////////////////////////////////////////////////////////////
  33. // Account handling //
  34. ////////////////////////////////////////////////////////////////////////////////
  35. /**
  36. * Checks the given credentials against the API.
  37. * @param string $username
  38. * @param string $password
  39. * @return boolean True if OK, else false
  40. */
  41. function authenticate_user($username, $password, &$errmsg) {
  42. $client = new GuzzleHttp\Client();
  43. $response = $client
  44. ->request('POST', PORTAL_API, [
  45. 'form_params' => [
  46. 'key' => PORTAL_KEY,
  47. 'action' => "auth",
  48. 'username' => $username,
  49. 'password' => $password
  50. ]
  51. ]);
  52. if ($response->getStatusCode() > 299) {
  53. sendError("Login server error: " . $response->getBody());
  54. }
  55. $resp = json_decode($response->getBody(), TRUE);
  56. if ($resp['status'] == "OK") {
  57. return true;
  58. } else {
  59. $errmsg = $resp['msg'];
  60. return false;
  61. }
  62. }
  63. /**
  64. * Check if a username exists.
  65. * @param String $username
  66. */
  67. function user_exists($username) {
  68. $client = new GuzzleHttp\Client();
  69. $response = $client
  70. ->request('POST', PORTAL_API, [
  71. 'form_params' => [
  72. 'key' => PORTAL_KEY,
  73. 'action' => "userexists",
  74. 'username' => $username
  75. ]
  76. ]);
  77. if ($response->getStatusCode() > 299) {
  78. sendError("Login server error: " . $response->getBody());
  79. }
  80. $resp = json_decode($response->getBody(), TRUE);
  81. if ($resp['status'] == "OK" && $resp['exists'] === true) {
  82. return true;
  83. } else {
  84. return false;
  85. }
  86. }
  87. /**
  88. * Check if a UID exists.
  89. * @param String $uid
  90. */
  91. function uid_exists($uid) {
  92. $client = new GuzzleHttp\Client();
  93. $response = $client
  94. ->request('POST', PORTAL_API, [
  95. 'form_params' => [
  96. 'key' => PORTAL_KEY,
  97. 'action' => "userexists",
  98. 'uid' => $uid
  99. ]
  100. ]);
  101. if ($response->getStatusCode() > 299) {
  102. sendError("Login server error: " . $response->getBody());
  103. }
  104. $resp = json_decode($response->getBody(), TRUE);
  105. if ($resp['status'] == "OK" && $resp['exists'] === true) {
  106. return true;
  107. } else {
  108. return false;
  109. }
  110. }
  111. /**
  112. * Get the account status: NORMAL, TERMINATED, LOCKED_OR_DISABLED,
  113. * CHANGE_PASSWORD, or ALERT_ON_ACCESS
  114. * @param string $username
  115. * @return string
  116. */
  117. function get_account_status($username) {
  118. $client = new GuzzleHttp\Client();
  119. $response = $client
  120. ->request('POST', PORTAL_API, [
  121. 'form_params' => [
  122. 'key' => PORTAL_KEY,
  123. 'action' => "acctstatus",
  124. 'username' => $username
  125. ]
  126. ]);
  127. if ($response->getStatusCode() > 299) {
  128. sendError("Login server error: " . $response->getBody());
  129. }
  130. $resp = json_decode($response->getBody(), TRUE);
  131. if ($resp['status'] == "OK") {
  132. return $resp['account'];
  133. } else {
  134. return false;
  135. }
  136. }
  137. ////////////////////////////////////////////////////////////////////////////////
  138. // Login handling //
  139. ////////////////////////////////////////////////////////////////////////////////
  140. /**
  141. * Setup $_SESSION values with user data and set loggedin flag to true
  142. * @param string $username
  143. */
  144. function doLoginUser($username) {
  145. $client = new GuzzleHttp\Client();
  146. $response = $client
  147. ->request('POST', PORTAL_API, [
  148. 'form_params' => [
  149. 'key' => PORTAL_KEY,
  150. 'action' => "userinfo",
  151. 'username' => $username
  152. ]
  153. ]);
  154. if ($response->getStatusCode() > 299) {
  155. sendError("Login server error: " . $response->getBody());
  156. }
  157. $resp = json_decode($response->getBody(), TRUE);
  158. var_dump($resp);
  159. if ($resp['status'] == "OK") {
  160. $userinfo = $resp['data'];
  161. $_SESSION['username'] = $username;
  162. $_SESSION['uid'] = $userinfo['uid'];
  163. $_SESSION['email'] = $userinfo['email'];
  164. $_SESSION['realname'] = $userinfo['name'];
  165. $_SESSION['loggedin'] = true;
  166. return true;
  167. } else {
  168. return false;
  169. }
  170. }
  171. function simLogin($username, $password) {
  172. $client = new GuzzleHttp\Client();
  173. $response = $client
  174. ->request('POST', PORTAL_API, [
  175. 'form_params' => [
  176. 'key' => PORTAL_KEY,
  177. 'action' => "login",
  178. 'username' => $username,
  179. 'password' => $password
  180. ]
  181. ]);
  182. if ($response->getStatusCode() > 299) {
  183. sendError("Login server error: " . $response->getBody());
  184. }
  185. $resp = json_decode($response->getBody(), TRUE);
  186. if ($resp['status'] == "OK") {
  187. return true;
  188. } else {
  189. return $resp['msg'];
  190. }
  191. }
  192. function verifyReCaptcha($code) {
  193. try {
  194. $client = new GuzzleHttp\Client();
  195. $response = $client
  196. ->request('POST', "https://www.google.com/recaptcha/api/siteverify", [
  197. 'form_params' => [
  198. 'secret' => RECAPTCHA_SECRET_KEY,
  199. 'response' => $code
  200. ]
  201. ]);
  202. if ($response->getStatusCode() != 200) {
  203. return false;
  204. }
  205. $resp = json_decode($response->getBody(), TRUE);
  206. if ($resp['success'] === true) {
  207. return true;
  208. }
  209. return false;
  210. } catch (Exception $e) {
  211. return false;
  212. }
  213. }
  214. ////////////////////////////////////////////////////////////////////////////////
  215. // 2-factor authentication //
  216. ////////////////////////////////////////////////////////////////////////////////
  217. /**
  218. * Check if a user has TOTP setup
  219. * @param string $username
  220. * @return boolean true if TOTP secret exists, else false
  221. */
  222. function userHasTOTP($username) {
  223. $client = new GuzzleHttp\Client();
  224. $response = $client
  225. ->request('POST', PORTAL_API, [
  226. 'form_params' => [
  227. 'key' => PORTAL_KEY,
  228. 'action' => "hastotp",
  229. 'username' => $username
  230. ]
  231. ]);
  232. if ($response->getStatusCode() > 299) {
  233. sendError("Login server error: " . $response->getBody());
  234. }
  235. $resp = json_decode($response->getBody(), TRUE);
  236. if ($resp['status'] == "OK") {
  237. return $resp['otp'];
  238. } else {
  239. return false;
  240. }
  241. }
  242. /**
  243. * Verify a TOTP multiauth code
  244. * @global $database
  245. * @param string $username
  246. * @param int $code
  247. * @return boolean true if it's legit, else false
  248. */
  249. function verifyTOTP($username, $code) {
  250. $client = new GuzzleHttp\Client();
  251. $response = $client
  252. ->request('POST', PORTAL_API, [
  253. 'form_params' => [
  254. 'key' => PORTAL_KEY,
  255. 'action' => "verifytotp",
  256. 'username' => $username,
  257. 'code' => $code
  258. ]
  259. ]);
  260. if ($response->getStatusCode() > 299) {
  261. sendError("Login server error: " . $response->getBody());
  262. }
  263. $resp = json_decode($response->getBody(), TRUE);
  264. if ($resp['status'] == "OK") {
  265. return $resp['valid'];
  266. } else {
  267. return false;
  268. }
  269. }