"OK"])); } function mobile_enabled() { $client = new GuzzleHttp\Client(); $response = $client ->request('POST', PORTAL_API, [ 'form_params' => [ 'key' => PORTAL_KEY, 'action' => "mobileenabled" ] ]); if ($response->getStatusCode() > 299) { return false; } $resp = json_decode($response->getBody(), TRUE); if ($resp['status'] == "OK" && $resp['mobile'] === TRUE) { return true; } else { return false; } } if (mobile_enabled() !== TRUE) { exit(json_encode(["status" => "ERROR", "msg" => lang("mobile login disabled", false)])); } // Make sure we have a username and access key if (is_empty($VARS['username']) || is_empty($VARS['key'])) { http_response_code(401); die(json_encode(["status" => "ERROR", "msg" => "Missing username and/or access key."])); } // Make sure the username and key are actually legit $user_key_valid = $database->has('mobile_codes', ['[>]accounts' => ['uid' => 'uid']], ["AND" => ['mobile_codes.code' => $VARS['key'], 'accounts.username' => $VARS['username']]]); if ($user_key_valid !== TRUE) { engageRateLimit(); http_response_code(401); insertAuthLog(21, null, "Username: " . $VARS['username'] . ", Key: " . $VARS['key']); die(json_encode(["status" => "ERROR", "msg" => "Invalid username and/or access key."])); } // Process the action switch ($VARS['action']) { case "start_session": // Do a web login. if (user_exists($VARS['username'])) { if (get_account_status($VARS['username']) == "NORMAL") { if (authenticate_user($VARS['username'], $VARS['password'], $autherror)) { doLoginUser($VARS['username'], $VARS['password']); exit(json_encode(["status" => "OK"])); } } } exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)])); default: http_response_code(404); die(json_encode(["status" => "ERROR", "msg" => "The requested action is not available."])); }