Game server and admin dashboard for TerranQuest.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

index.php 2.7KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687
  1. <?php
  2. /* This Source Code Form is subject to the terms of the Mozilla Public
  3. * License, v. 2.0. If a copy of the MPL was not distributed with this
  4. * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
  5. /*
  6. * Mobile app API
  7. */
  8. // The name of the permission needed to log in.
  9. // Set to null if you don't need it.
  10. $access_permission = null;
  11. require __DIR__ . "/../required.php";
  12. header('Content-Type: application/json');
  13. header('Access-Control-Allow-Origin: *');
  14. // Allow ping check without authentication
  15. if ($VARS['action'] == "ping") {
  16. exit(json_encode(["status" => "OK"]));
  17. }
  18. function mobile_enabled() {
  19. $resp = AccountHubApi::get("mobileenabled");
  20. if ($resp['status'] == "OK" && $resp['mobile'] === TRUE) {
  21. return true;
  22. } else {
  23. return false;
  24. }
  25. }
  26. function mobile_valid($username, $code) {
  27. try {
  28. $resp = AccountHubApi::get("mobilevalid", ["code" => $code, "username" => $username], true);
  29. if ($resp['status'] == "OK" && $resp['valid'] === TRUE) {
  30. return true;
  31. } else {
  32. return false;
  33. }
  34. } catch (Exception $ex) {
  35. return false;
  36. }
  37. }
  38. if (mobile_enabled() !== TRUE) {
  39. exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("mobile login disabled", false)]));
  40. }
  41. // Make sure we have a username and access key
  42. if (empty($VARS['username']) || empty($VARS['key'])) {
  43. http_response_code(401);
  44. die(json_encode(["status" => "ERROR", "msg" => "Missing username and/or access key."]));
  45. }
  46. // Make sure the username and key are actually legit
  47. if (!mobile_valid($VARS['username'], $VARS['key'])) {
  48. engageRateLimit();
  49. http_response_code(401);
  50. die(json_encode(["status" => "ERROR", "msg" => "Invalid username and/or access key."]));
  51. }
  52. // Process the action
  53. switch ($VARS['action']) {
  54. case "start_session":
  55. // Do a web login.
  56. $user = User::byUsername($VARS['username']);
  57. if ($user->exists()) {
  58. if ($user->getStatus()->getString() == "NORMAL") {
  59. if ($user->checkPassword($VARS['password'])) {
  60. if (is_null($access_permission) || $user->hasPermission($access_permission)) {
  61. Session::start($user);
  62. $_SESSION['mobile'] = true;
  63. exit(json_encode(["status" => "OK"]));
  64. } else {
  65. exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("no admin permission", false)]));
  66. }
  67. }
  68. }
  69. }
  70. exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("login incorrect", false)]));
  71. default:
  72. http_response_code(404);
  73. die(json_encode(["status" => "ERROR", "msg" => "The requested action is not available."]));
  74. }