Merge ssh://source.netsyms.com:2322/Business/BusinessAppTemplate

# Conflicts:
#	required.php
#	settings.template.php
master
Skylar Ittner 6 years ago
commit a10220659d

@ -18,7 +18,7 @@ $userpass_ok = false;
$multiauth = false; $multiauth = false;
if (checkLoginServer()) { if (checkLoginServer()) {
if ($VARS['progress'] == "1") { if ($VARS['progress'] == "1") {
if (!RECAPTCHA_ENABLED || (RECAPTCHA_ENABLED && verifyReCaptcha($VARS['g-recaptcha-response']))) { if (!CAPTCHA_ENABLED || (CAPTCHA_ENABLED && verifyCaptcheck($VARS['captcheck_session_code'], $VARS['captcheck_selected_answer'], CAPTCHA_SERVER . "/api.php"))) {
$errmsg = ""; $errmsg = "";
if (authenticate_user($VARS['username'], $VARS['password'], $errmsg)) { if (authenticate_user($VARS['username'], $VARS['password'], $errmsg)) {
switch (get_account_status($VARS['username'])) { switch (get_account_status($VARS['username'])) {
@ -97,8 +97,8 @@ header("Link: <static/js/bootstrap.min.js>; rel=preload; as=script", false);
<link href="static/css/bootstrap.min.css" rel="stylesheet"> <link href="static/css/bootstrap.min.css" rel="stylesheet">
<link href="static/css/material-color/material-color.min.css" rel="stylesheet"> <link href="static/css/material-color/material-color.min.css" rel="stylesheet">
<link href="static/css/index.css" rel="stylesheet"> <link href="static/css/index.css" rel="stylesheet">
<?php if (RECAPTCHA_ENABLED) { ?> <?php if (CAPTCHA_ENABLED) { ?>
<script src='https://www.google.com/recaptcha/api.js'></script> <script src="<?php echo CAPTCHA_SERVER ?>/captcheck.js"></script>
<?php } ?> <?php } ?>
</head> </head>
<body> <body>
@ -125,8 +125,8 @@ header("Link: <static/js/bootstrap.min.js>; rel=preload; as=script", false);
?> ?>
<input type="text" class="form-control" name="username" placeholder="<?php lang("username"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br /> <input type="text" class="form-control" name="username" placeholder="<?php lang("username"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br />
<input type="password" class="form-control" name="password" placeholder="<?php lang("password"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" /><br /> <input type="password" class="form-control" name="password" placeholder="<?php lang("password"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" /><br />
<?php if (RECAPTCHA_ENABLED) { ?> <?php if (CAPTCHA_ENABLED) { ?>
<div class="g-recaptcha" data-sitekey="<?php echo RECAPTCHA_SITE_KEY; ?>"></div> <div class="captcheck_container" data-stylenonce="<?php echo $SECURE_NONCE; ?>"></div>
<br /> <br />
<?php } ?> <?php } ?>
<input type="hidden" name="progress" value="1" /> <input type="hidden" name="progress" value="1" />

@ -309,29 +309,26 @@ function simLogin($username, $password) {
} }
} }
function verifyReCaptcha($code) { function verifyCaptcheck($session, $answer, $url) {
try { $data = [
$client = new GuzzleHttp\Client(); 'session_id' => $session,
'answer_id' => $answer,
$response = $client 'action' => "verify"
->request('POST', "https://www.google.com/recaptcha/api/siteverify", [ ];
'form_params' => [ $options = [
'secret' => RECAPTCHA_SECRET_KEY, 'http' => [
'response' => $code 'header' => "Content-type: application/x-www-form-urlencoded\r\n",
] 'method' => 'POST',
]); 'content' => http_build_query($data)
]
if ($response->getStatusCode() != 200) { ];
return false; $context = stream_context_create($options);
} $result = file_get_contents($url, false, $context);
$resp = json_decode($result, TRUE);
$resp = json_decode($response->getBody(), TRUE); if (!$resp['result']) {
if ($resp['success'] === true) {
return true;
}
return false;
} catch (Exception $e) {
return false; return false;
} else {
return true;
} }
} }

@ -8,6 +8,9 @@
* This file contains global settings and utility functions. * This file contains global settings and utility functions.
*/ */
ob_start(); // allow sending headers after content ob_start(); // allow sending headers after content
// Settings file
require __DIR__ . '/settings.php';
// Unicode, solves almost all stupid encoding problems // Unicode, solves almost all stupid encoding problems
header('Content-Type: text/html; charset=utf-8'); header('Content-Type: text/html; charset=utf-8');
@ -28,6 +31,7 @@ session_start(); // stick some cookies in it
// renew session cookie // renew session cookie
setcookie(session_name(), session_id(), time() + $session_length); setcookie(session_name(), session_id(), time() + $session_length);
$captcha_server = (CAPTCHA_ENABLED === true ? preg_replace("/http(s)?:\/\//", "", CAPTCHA_SERVER) : "");
if ($_SESSION['mobile'] === TRUE) { if ($_SESSION['mobile'] === TRUE) {
header("Content-Security-Policy: " header("Content-Security-Policy: "
. "default-src 'self';" . "default-src 'self';"
@ -37,26 +41,24 @@ if ($_SESSION['mobile'] === TRUE) {
. "frame-src 'none'; " . "frame-src 'none'; "
. "font-src 'self'; " . "font-src 'self'; "
. "connect-src *; " . "connect-src *; "
. "style-src 'self' 'unsafe-inline'; " . "style-src 'self' 'unsafe-inline' $captcha_server; "
. "script-src 'self' 'unsafe-inline'"); . "script-src 'self' 'unsafe-inline' $captcha_server");
} else { } else {
// header("Content-Security-Policy: " header("Content-Security-Policy: "
// . "default-src 'self';" . "default-src 'self';"
// . "object-src 'none'; " . "object-src 'none'; "
// . "img-src * data:; " . "img-src * data:; "
// . "media-src 'self'; " . "media-src 'self'; "
// . "frame-src 'none'; " . "frame-src 'none'; "
// . "font-src 'self'; " . "font-src 'self'; "
// . "connect-src *; " . "connect-src *; "
// . "style-src 'self' 'nonce-$SECURE_NONCE'; " . "style-src 'self' 'nonce-$SECURE_NONCE' $captcha_server; "
// . "script-src 'self' 'nonce-$SECURE_NONCE'"); . "script-src 'self' 'nonce-$SECURE_NONCE' $captcha_server");
} }
// Composer // Composer
require __DIR__ . '/vendor/autoload.php'; require __DIR__ . '/vendor/autoload.php';
// Settings file
require __DIR__ . '/settings.php';
// List of alert messages // List of alert messages
require __DIR__ . '/lang/messages.php'; require __DIR__ . '/lang/messages.php';
// text strings (i18n) // text strings (i18n)

@ -22,33 +22,24 @@ define("SITE_TITLE", "TaskFloor");
// Used to identify the system in OTP and other places // Used to identify the system in OTP and other places
define("SYSTEM_NAME", "TaskFloor"); define("SYSTEM_NAME", "TaskFloor");
// Which pages to show the app icon on:
// index, app, both, none // URL of the AccountHub API endpoint
define("SHOW_ICON", "both");
// Where to put the icon: top or menu
// Overridden to 'menu' if MENU_BAR_STYLE is 'fixed'.
define("ICON_POSITION", "menu");
// App menu bar style: fixed or static
define("MENU_BAR_STYLE", "fixed");
// URL of the Business Portal API endpoint
define("PORTAL_API", "http://localhost/accounthub/api.php"); define("PORTAL_API", "http://localhost/accounthub/api.php");
// URL of the Portal home page // URL of the AccountHub home page
define("PORTAL_URL", "http://localhost/accounthub/home.php"); define("PORTAL_URL", "http://localhost/accounthub/home.php");
// Business Portal API Key // AccountHub API Key
define("PORTAL_KEY", "123"); define("PORTAL_KEY", "123");
// For supported values, see http://php.net/manual/en/timezones.php // For supported values, see http://php.net/manual/en/timezones.php
define("TIMEZONE", "America/Denver"); define("TIMEZONE", "America/Denver");
// Base URL for site links. // Base URL for site links.
define('URL', 'http://localhost/taskfloor/'); define('URL', '.');
// Use reCAPTCHA on login screen // Use Captcheck on login screen
// https://www.google.com/recaptcha/ // https://captcheck.netsyms.com
define("RECAPTCHA_ENABLED", FALSE); define("CAPTCHA_ENABLED", FALSE);
define('RECAPTCHA_SITE_KEY', ''); define('CAPTCHA_SERVER', 'https://captcheck.netsyms.com');
define('RECAPTCHA_SECRET_KEY', '');
// See lang folder for language options // See lang folder for language options
define('LANGUAGE', "en_us"); define('LANGUAGE', "en_us");

Loading…
Cancel
Save