From 52c50ee615ca844d92875e2cb587f1cdbc98ef42 Mon Sep 17 00:00:00 2001
From: Skylar Ittner <admin@netsyms.com>
Date: Sat, 6 May 2017 23:22:07 -0600
Subject: [PATCH] Better login error messages, merge manage.php into
 userinfo.php

---
 action.php         |  1 -
 index.php          | 11 ++++++++---
 lib/gettaskman.php |  1 -
 lib/login.php      |  4 ++--
 lib/manage.php     | 25 -------------------------
 lib/userinfo.php   | 40 +++++++++++++++++++++++++++++++++++++++-
 6 files changed, 49 insertions(+), 33 deletions(-)
 delete mode 100644 lib/manage.php

diff --git a/action.php b/action.php
index 7959d77..b359269 100644
--- a/action.php
+++ b/action.php
@@ -6,7 +6,6 @@
 require_once __DIR__ . "/required.php";
 require_once __DIR__ . "/lib/login.php";
 require_once __DIR__ . "/lib/userinfo.php";
-require_once __DIR__ . "/lib/manage.php";
 
 
 dieifnotloggedin();
diff --git a/index.php b/index.php
index 553c230..c9ceac4 100644
--- a/index.php
+++ b/index.php
@@ -14,7 +14,8 @@ $multiauth = false;
 if (checkLoginServer()) {
     if ($VARS['progress'] == "1") {
         if (!RECAPTCHA_ENABLED || (RECAPTCHA_ENABLED && verifyReCaptcha($VARS['g-recaptcha-response']))) {
-            if (authenticate_user($VARS['username'], $VARS['password'])) {
+            $errmsg = "";
+            if (authenticate_user($VARS['username'], $VARS['password'], $errmsg)) {
                 switch (get_account_status($VARS['username'])) {
                     case "LOCKED_OR_DISABLED":
                         $alert = lang("account locked", false);
@@ -43,7 +44,11 @@ if (checkLoginServer()) {
                     }
                 }
             } else {
-                $alert = lang("login incorrect", false);
+                if (!is_empty($errmsg)) {
+                    $alert = lang2("login server error", ['arg' => $errmsg], false);
+                } else {
+                    $alert = lang("login incorrect", false);
+                }
             }
         } else {
             $alert = lang("captcha error", false);
@@ -73,7 +78,7 @@ if (checkLoginServer()) {
     <head>
         <meta charset="UTF-8">
         <meta http-equiv="X-UA-Compatible" content="IE=edge">
-        <meta name="viewport" contgreent="width=device-width, initial-scale=1">
+        <meta name="viewport" content="width=device-width, initial-scale=1">
 
         <title><?php echo SITE_TITLE; ?></title>
 
diff --git a/lib/gettaskman.php b/lib/gettaskman.php
index 217d88a..d967c15 100644
--- a/lib/gettaskman.php
+++ b/lib/gettaskman.php
@@ -4,7 +4,6 @@ require_once __DIR__ . "/../required.php";
 redirectifnotloggedin();
 
 require_once __DIR__ . "/userinfo.php";
-require_once __DIR__ . "/manage.php";
 
 $managed_uids = getManagedUIDs($_SESSION['uid']);
 
diff --git a/lib/login.php b/lib/login.php
index ec5d4bc..88c5313 100644
--- a/lib/login.php
+++ b/lib/login.php
@@ -45,7 +45,7 @@ function checkLoginServer() {
  * @param string $password
  * @return boolean True if OK, else false
  */
-function authenticate_user($username, $password) {
+function authenticate_user($username, $password, &$errmsg) {
     $client = new GuzzleHttp\Client();
 
     $response = $client
@@ -66,6 +66,7 @@ function authenticate_user($username, $password) {
     if ($resp['status'] == "OK") {
         return true;
     } else {
+        $errmsg = $resp['msg'];
         return false;
     }
 }
@@ -188,7 +189,6 @@ function doLoginUser($username) {
         $_SESSION['uid'] = $userinfo['uid'];
         $_SESSION['email'] = $userinfo['email'];
         $_SESSION['realname'] = $userinfo['name'];
-        $_SESSION['password'] = $password;
         $_SESSION['loggedin'] = true;
         return true;
     } else {
diff --git a/lib/manage.php b/lib/manage.php
deleted file mode 100644
index 28a46b3..0000000
--- a/lib/manage.php
+++ /dev/null
@@ -1,25 +0,0 @@
-<?php
-
-function getManagedUIDs($manageruid) {
-    $client = new GuzzleHttp\Client();
-
-    $response = $client
-            ->request('POST', PORTAL_API, [
-        'form_params' => [
-            'key' => PORTAL_KEY,
-            'action' => "getmanaged",
-            'uid' => $manageruid
-        ]
-    ]);
-
-    if ($response->getStatusCode() > 299) {
-        sendError("Login server error: " . $response->getBody());
-    }
-
-    $resp = json_decode($response->getBody(), TRUE);
-    if ($resp['status'] == "OK") {
-        return $resp['employees'];
-    } else {
-        return [];
-    }
-}
diff --git a/lib/userinfo.php b/lib/userinfo.php
index d16f4a4..7db54c5 100644
--- a/lib/userinfo.php
+++ b/lib/userinfo.php
@@ -1,5 +1,9 @@
 <?php
-
+/**
+ * Get user info for the given username.
+ * @param int $u username
+ * @return [string] Array of [uid, username, name]
+ */
 function getUserByUsername($u) {
     $client = new GuzzleHttp\Client();
 
@@ -25,6 +29,11 @@ function getUserByUsername($u) {
     }
 }
 
+/**
+ * Get user info for the given UID.
+ * @param int $u user ID
+ * @return [string] Array of [uid, username, name]
+ */
 function getUserByID($u) {
     $client = new GuzzleHttp\Client();
 
@@ -82,3 +91,32 @@ function isManagerOf($m, $e) {
         return ["name" => $u, "username" => $u, "uid" => $u];
     }
 }
+
+/**
+ * Get an array of UIDs the given UID is a manager of.
+ * @param int $manageruid The UID of the manager to find employees for.
+ * @return [int]
+ */
+function getManagedUIDs($manageruid) {
+    $client = new GuzzleHttp\Client();
+
+    $response = $client
+            ->request('POST', PORTAL_API, [
+        'form_params' => [
+            'key' => PORTAL_KEY,
+            'action' => "getmanaged",
+            'uid' => $manageruid
+        ]
+    ]);
+
+    if ($response->getStatusCode() > 299) {
+        sendError("Login server error: " . $response->getBody());
+    }
+
+    $resp = json_decode($response->getBody(), TRUE);
+    if ($resp['status'] == "OK") {
+        return $resp['employees'];
+    } else {
+        return [];
+    }
+}
\ No newline at end of file