forked from Business/AccountHub
parent
8b091c59f6
commit
5929d13147
@ -0,0 +1,119 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Simple JSON API to allow other apps to access accounts in this system.
|
||||||
|
*
|
||||||
|
* Requests can be sent via either GET or POST requests. POST is recommended
|
||||||
|
* as it has a lower chance of being logged on the server, exposing unencrypted
|
||||||
|
* user passwords.
|
||||||
|
*/
|
||||||
|
require __DIR__ . '/required.php';
|
||||||
|
require_once __DIR__ . '/lib/login.php';
|
||||||
|
header("Content-Type: application/json");
|
||||||
|
|
||||||
|
//try {
|
||||||
|
$key = $VARS['key'];
|
||||||
|
if ($database->has('apikeys', ['key' => $key]) !== TRUE) {
|
||||||
|
header("HTTP/1.1 403 Unauthorized");
|
||||||
|
die("\"403 Unauthorized\"");
|
||||||
|
}
|
||||||
|
|
||||||
|
switch ($VARS['action']) {
|
||||||
|
case "ping":
|
||||||
|
exit(json_encode(["status" => "OK"]));
|
||||||
|
break;
|
||||||
|
case "auth":
|
||||||
|
if (authenticate_user($VARS['username'], $VARS['password'])) {
|
||||||
|
insertAuthLog(12);
|
||||||
|
exit(json_encode(["status" => "OK", "msg" => lang("login successful", false)]));
|
||||||
|
} else {
|
||||||
|
insertAuthLog(13);
|
||||||
|
exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)]));
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "userinfo":
|
||||||
|
if (user_exists($VARS['username'])) {
|
||||||
|
$data = $database->select("accounts", ["uid", "realname (name)", "email", "phone" => ["phone1 (1)", "phone2 (2)"]], ["username" => $VARS['username']])[0];
|
||||||
|
exit(json_encode(["status" => "OK", "data" => $data]));
|
||||||
|
} else {
|
||||||
|
exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)]));
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "userexists":
|
||||||
|
if (user_exists($VARS['username'])) {
|
||||||
|
exit(json_encode(["status" => "OK", "exists" => true]));
|
||||||
|
} else {
|
||||||
|
exit(json_encode(["status" => "OK", "exists" => false]));
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "hastotp":
|
||||||
|
if (userHasTOTP($VARS['username'])) {
|
||||||
|
exit(json_encode(["status" => "OK", "otp" => true]));
|
||||||
|
} else {
|
||||||
|
exit(json_encode(["status" => "OK", "otp" => false]));
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "verifytotp":
|
||||||
|
if (verifyTOTP($VARS['username'], $VARS['code'])) {
|
||||||
|
exit(json_encode(["status" => "OK", "valid" => true]));
|
||||||
|
} else {
|
||||||
|
insertAuthLog(7);
|
||||||
|
exit(json_encode(["status" => "ERROR", "msg" => lang("2fa incorrect", false), "valid" => false]));
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "acctstatus":
|
||||||
|
exit(json_encode(["status" => "OK", "account" => get_account_status($VARS['username'])]));
|
||||||
|
case "login":
|
||||||
|
// simulate a login, checking account status and alerts
|
||||||
|
if (authenticate_user($VARS['username'], $VARS['password'])) {
|
||||||
|
switch (get_account_status($VARS['username'])) {
|
||||||
|
case "LOCKED_OR_DISABLED":
|
||||||
|
insertAuthLog(5);
|
||||||
|
exit(json_encode(["status" => "ERROR", "msg" => lang("account locked", false)]));
|
||||||
|
case "TERMINATED":
|
||||||
|
insertAuthLog(5);
|
||||||
|
exit(json_encode(["status" => "ERROR", "msg" => lang("account terminated", false)]));
|
||||||
|
case "CHANGE_PASSWORD":
|
||||||
|
insertAuthLog(5);
|
||||||
|
exit(json_encode(["status" => "ERROR", "msg" => lang("password expired", false)]));
|
||||||
|
case "NORMAL":
|
||||||
|
insertAuthLog(4);
|
||||||
|
exit(json_encode(["status" => "OK"]));
|
||||||
|
case "ALERT_ON_ACCESS":
|
||||||
|
sendLoginAlertEmail($VARS['username']);
|
||||||
|
insertAuthLog(4);
|
||||||
|
exit(json_encode(["status" => "OK", "alert" => true]));
|
||||||
|
default:
|
||||||
|
insertAuthLog(5);
|
||||||
|
exit(json_encode(["status" => "ERROR", "msg" => lang("account state error", false)]));
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
insertAuthLog(5);
|
||||||
|
exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)]));
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "ismanagerof":
|
||||||
|
if (user_exists($VARS['manager'])) {
|
||||||
|
if (user_exists($VARS['employee'])) {
|
||||||
|
$managerid = $database->select('accounts', 'uid', ['username' => $VARS['manager']]);
|
||||||
|
$employeeid = $database->select('accounts', 'uid', ['username' => $VARS['employee']]);
|
||||||
|
if ($database->has('managers', ['AND' => ['managerid' => $managerid, 'employeeid' => $employeeid]])) {
|
||||||
|
exit(json_encode(["status" => "OK", "managerof" => true]));
|
||||||
|
} else {
|
||||||
|
exit(json_encode(["status" => "OK", "managerof" => false]));
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
exit(json_encode(["status" => "ERROR", "msg" => lang("user does not exist", false), "user" => $VARS['employee']]));
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
exit(json_encode(["status" => "ERROR", "msg" => lang("user does not exist", false), "user" => $VARS['manager']]));
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
header("HTTP/1.1 400 Bad Request");
|
||||||
|
die("\"400 Bad Request\"");
|
||||||
|
}
|
||||||
|
/* } catch (Exception $e) {
|
||||||
|
header("HTTP/1.1 500 Internal Server Error");
|
||||||
|
die("\"500 Internal Server Error\"");
|
||||||
|
} */
|
Binary file not shown.
@ -0,0 +1,78 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||||
|
<!-- Created with Inkscape (http://www.inkscape.org/) -->
|
||||||
|
|
||||||
|
<svg
|
||||||
|
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||||
|
xmlns:cc="http://creativecommons.org/ns#"
|
||||||
|
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
|
||||||
|
xmlns:svg="http://www.w3.org/2000/svg"
|
||||||
|
xmlns="http://www.w3.org/2000/svg"
|
||||||
|
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
|
||||||
|
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
|
||||||
|
width="512"
|
||||||
|
height="512"
|
||||||
|
viewBox="0 0 512.00001 512.00001"
|
||||||
|
id="svg2"
|
||||||
|
version="1.1"
|
||||||
|
inkscape:version="0.91 r13725"
|
||||||
|
sodipodi:docname="logo.svg"
|
||||||
|
inkscape:export-filename="/home/skylar/Documents/Projects/Assets/BusinessPortal/logo_512.png"
|
||||||
|
inkscape:export-xdpi="90"
|
||||||
|
inkscape:export-ydpi="90">
|
||||||
|
<defs
|
||||||
|
id="defs4" />
|
||||||
|
<sodipodi:namedview
|
||||||
|
id="base"
|
||||||
|
pagecolor="#ffffff"
|
||||||
|
bordercolor="#666666"
|
||||||
|
borderopacity="1.0"
|
||||||
|
inkscape:pageopacity="0.0"
|
||||||
|
inkscape:pageshadow="2"
|
||||||
|
inkscape:zoom="0.49497475"
|
||||||
|
inkscape:cx="-135.9681"
|
||||||
|
inkscape:cy="352.66131"
|
||||||
|
inkscape:document-units="px"
|
||||||
|
inkscape:current-layer="layer1"
|
||||||
|
showgrid="false"
|
||||||
|
units="px" />
|
||||||
|
<metadata
|
||||||
|
id="metadata7">
|
||||||
|
<rdf:RDF>
|
||||||
|
<cc:Work
|
||||||
|
rdf:about="">
|
||||||
|
<dc:format>image/svg+xml</dc:format>
|
||||||
|
<dc:type
|
||||||
|
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
|
||||||
|
<dc:title />
|
||||||
|
</cc:Work>
|
||||||
|
</rdf:RDF>
|
||||||
|
</metadata>
|
||||||
|
<g
|
||||||
|
inkscape:label="Layer 1"
|
||||||
|
inkscape:groupmode="layer"
|
||||||
|
id="layer1"
|
||||||
|
transform="translate(0,-540.36216)">
|
||||||
|
<rect
|
||||||
|
style="opacity:1;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:20;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.74509804"
|
||||||
|
id="rect4726"
|
||||||
|
width="512"
|
||||||
|
height="512"
|
||||||
|
x="0"
|
||||||
|
y="540.36218"
|
||||||
|
rx="50"
|
||||||
|
ry="50" />
|
||||||
|
<ellipse
|
||||||
|
style="opacity:1;fill:none;fill-opacity:1;stroke:#2196f3;stroke-width:50;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
|
||||||
|
id="path4155"
|
||||||
|
cx="901.47205"
|
||||||
|
cy="-256"
|
||||||
|
rx="68.690376"
|
||||||
|
ry="193.9493"
|
||||||
|
transform="matrix(0,1,-1,0,0,0)" />
|
||||||
|
<path
|
||||||
|
inkscape:connector-curvature="0"
|
||||||
|
d="m 257.45991,599.83707 c 9.94158,-3.2506 20.98401,-3.01096 30.77413,0.67362 8.13772,3.03356 15.37803,8.41343 20.65625,15.31019 5.7326,7.42341 9.11199,16.6258 9.55504,25.99551 0.63974,11.77034 -3.4201,23.71233 -11.14414,32.62095 6.11458,6.07391 10.75535,13.62837 13.37297,21.84299 3.28899,10.26035 3.40883,21.51078 0.35265,31.84111 -2.44585,8.32302 -6.96227,16.01318 -12.98644,22.24763 -5.15388,5.31434 -11.38153,9.60704 -18.23981,12.40548 -0.0129,14.28395 -0.007,28.56791 -0.004,42.85187 -0.50863,0 -1.01271,-0.0143 -1.51227,-0.0143 0.0129,30.01462 -10e-4,60.02924 0.009,90.04386 0.0543,0.47919 -0.14918,0.95395 -0.54929,1.23189 -4.56391,3.42459 -9.12781,6.85389 -13.69623,10.2762 -0.5787,0.4362 -1.43991,0.42506 -2.02089,0.0143 -5.08607,-3.42245 -10.18796,-6.8199 -15.26953,-10.24677 -0.44305,-0.26224 -0.65099,-0.76871 -0.58547,-1.26589 0.0159,-30.01462 -0.0129,-60.02696 0.0159,-90.04172 -2.60182,0 -5.20363,0 -7.80317,0 -0.0114,-4.06875 0.0339,-8.13992 -0.0181,-12.20652 -0.53574,1.44442 -1.03529,2.90698 -1.60493,4.3424 -0.43399,-0.18082 -0.86577,-0.34593 -1.29978,-0.50632 -9.53697,26.00443 -19.14397,51.98187 -28.70129,77.97974 -0.13112,0.4272 -0.38428,0.85668 -0.859,0.94937 -5.01825,1.51913 -10.04102,3.01768 -15.06381,4.52094 -0.74369,0.26452 -1.57784,-0.1014 -1.97343,-0.75727 -3.15789,-4.37183 -6.3248,-8.7368 -9.50077,-13.09491 -0.37071,-0.47476 -0.80472,-1.06922 -0.486,-1.6908 7.00975,-19.06727 14.04209,-38.12755 21.05862,-57.19253 2.5566,-6.99387 5.19005,-13.96288 7.69466,-20.97717 -2.25143,-0.78213 -4.48025,-1.62982 -6.71587,-2.45493 4.56389,-12.36478 9.10972,-24.73398 13.66911,-37.10119 -6.0965,-5.61043 -10.75082,-12.76712 -13.42272,-20.60638 -3.3568,-9.71789 -3.59191,-20.48227 -0.62388,-30.32899 3.38618,-11.61193 11.17807,-21.8587 21.46999,-28.21756 -5.26461,-8.55355 -7.54771,-18.87946 -6.50336,-28.85942 0.91548,-9.41942 4.851,-18.50206 11.03791,-25.65645 5.5314,-6.43108 12.84403,-11.32052 20.91847,-13.92679 m -13.13113,14.70443 c -6.2276,5.76422 -10.57903,13.53348 -12.16813,21.8746 -1.94174,9.85347 -0.052,20.40536 5.25335,28.94094 4.48253,-2.07972 9.27248,-3.49243 14.16418,-4.18643 0.74819,-0.10855 1.51225,-0.12855 2.24914,-0.3278 7.64496,-2.25365 15.79171,-2.74188 23.66271,-1.53254 9.18205,1.406 17.95044,5.28493 25.23598,11.04019 2.56112,-3.05396 4.71761,-6.46055 6.29543,-10.12481 4.19092,-9.57528 4.426,-20.79176 0.65329,-30.53671 -2.92507,-7.68337 -8.28467,-14.40606 -15.09097,-19.01291 -7.28325,-4.97078 -16.23022,-7.42788 -25.03026,-6.89669 -9.32448,0.49954 -18.40936,4.3808 -25.22472,10.76216 m 20.4596,59.08886 c -3.87446,1.01265 -7.05947,4.14802 -8.22589,7.9681 7.28328,2.99525 15.45491,3.74567 23.17444,2.22669 -0.36167,-3.1128 -1.94175,-6.08077 -4.4102,-8.02923 -2.90697,-2.33281 -6.94871,-3.20306 -10.53835,-2.16556 m -7.45051,14.82199 c 1.12344,2.37566 2.91375,4.45081 5.19004,5.78911 3.65069,2.2017 8.43386,2.41865 12.2337,0.46562 1.66825,-1.08506 2.90924,-2.7103 3.84961,-4.44181 -7.10695,1.04193 -14.43996,0.39321 -21.27335,-1.81292 z"
|
||||||
|
id="path3"
|
||||||
|
style="fill:#ff9100;fill-opacity:1" />
|
||||||
|
</g>
|
||||||
|
</svg>
|
After Width: | Height: | Size: 5.2 KiB |
Binary file not shown.
After Width: | Height: | Size: 19 KiB |
Loading…
Reference in New Issue