Game server and admin dashboard for TerranQuest.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Login.lib.php 2.8KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103
  1. <?php
  2. /*
  3. * This Source Code Form is subject to the terms of the Mozilla Public
  4. * License, v. 2.0. If a copy of the MPL was not distributed with this
  5. * file, You can obtain one at http://mozilla.org/MPL/2.0/.
  6. */
  7. class Login {
  8. const BAD_USERPASS = 1;
  9. const BAD_2FA = 2;
  10. const ACCOUNT_DISABLED = 3;
  11. const LOGIN_OK = 4;
  12. public static function auth(string $username, string $password, string $twofa = ""): int {
  13. global $database;
  14. $username = strtolower($username);
  15. $user = User::byUsername($username);
  16. if (!$user->exists()) {
  17. return Login::BAD_USERPASS;
  18. }
  19. if (!$user->checkPassword($password)) {
  20. return Login::BAD_USERPASS;
  21. }
  22. if ($user->has2fa()) {
  23. if (!$user->check2fa($twofa)) {
  24. return Login::BAD_2FA;
  25. }
  26. }
  27. switch ($user->getStatus()->get()) {
  28. case AccountStatus::TERMINATED:
  29. return Login::BAD_USERPASS;
  30. case AccountStatus::LOCKED_OR_DISABLED:
  31. return Login::ACCOUNT_DISABLED;
  32. case AccountStatus::NORMAL:
  33. default:
  34. return Login::LOGIN_OK;
  35. }
  36. return Login::LOGIN_OK;
  37. }
  38. public static function verifyCaptcha(string $session, string $answer, string $url): bool {
  39. $data = [
  40. 'session_id' => $session,
  41. 'answer_id' => $answer,
  42. 'action' => "verify"
  43. ];
  44. $options = [
  45. 'http' => [
  46. 'header' => "Content-type: application/x-www-form-urlencoded\r\n",
  47. 'method' => 'POST',
  48. 'content' => http_build_query($data)
  49. ]
  50. ];
  51. $context = stream_context_create($options);
  52. $result = file_get_contents($url, false, $context);
  53. $resp = json_decode($result, TRUE);
  54. if (!$resp['result']) {
  55. return false;
  56. } else {
  57. return true;
  58. }
  59. }
  60. /**
  61. * Check the login server API for sanity
  62. * @return boolean true if OK, else false
  63. */
  64. public static function checkLoginServer() {
  65. try {
  66. $resp = AccountHubApi::get("ping");
  67. if ($resp['status'] == "OK") {
  68. return true;
  69. } else {
  70. return false;
  71. }
  72. } catch (Exception $e) {
  73. return false;
  74. }
  75. }
  76. /**
  77. * Checks if the given AccountHub API key is valid by attempting to
  78. * access the API with it.
  79. * @param String $key The API key to check
  80. * @return boolean TRUE if the key is valid, FALSE if invalid or something went wrong
  81. */
  82. function checkAPIKey($key) {
  83. try {
  84. $resp = AccountHubApi::get("ping", null, true);
  85. return false;
  86. } catch (Exception $e) {
  87. return false;
  88. }
  89. }
  90. }