Init

2023-03-28 10:34:44 +02:00
parent f803effbbd
commit f7e0f37528
428 changed files with 9982 additions and 100 deletions
--- a/backend/api/v1/login.php
+++ b/backend/api/v1/login.php
@@ -0,0 +1,111 @@
+<?php
+define('PICONTROL', true);
+
+$doNotCheckForAuthentification = true;
+(include_once realpath(dirname(__FILE__)).'/../../resources/init.php')	or die('Error: 0x0000');
+(include_once LIBRARY_PATH.'main/main.function.php')					or die('Error: 0x0001');
+(include_once LIBRARY_PATH.'api/api.class.php')							or die('Error: 0x0002');
+
+$api = new API;
+
+$externalAccess = (urlIsPublic($_SERVER['REMOTE_ADDR']) && getConfig('main:access.external', 'false') == 'false') ? false : true;
+$nextTry = getConfig('login:login.nextTry');
+
+if ($externalAccess === false)
+	$api->addData('error', 'Local network.');
+elseif ($nextTry > time())
+	$api->addData('error', array('msg' => 'Login disabled.', 'seconds' => $nextTry-time()));
+
+if (isset($_POST['username'], $_POST['password']) && $externalAccess === true)
+{
+	if (trim($_POST['username']) != '' && $_POST['password'] != '')
+	{
+		$pUsername = strtolower(trim($_POST['username']));
+		$pPassword = $_POST['password'];
+		
+		$try = getConfig('login:login.try');
+		
+		do
+		{
+			if ($nextTry > time())
+				break;
+			
+			if (($userinfo = getConfig('user:user_'.$pUsername, 0)) === 0)
+				break;
+			
+			if (!is_array($userinfo))
+				break;
+			
+			if (strtolower($userinfo['username']) != $pUsername || password_verify($pPassword, $userinfo['password']) !== true)
+				break;
+			
+			setConfig('login:login.try', 0);
+			setConfig('login:login.nextTry', 0);
+			$uniqid = generateUniqId(32, false);
+			
+			if (setConfig('login:token_'.$uniqid.'.created', time())					!== true) break;
+			if (setConfig('login:token_'.$uniqid.'.username', $pUsername) 				!== true) break;
+			if (setConfig('login:token_'.$uniqid.'.address', $_SERVER['REMOTE_ADDR']) 	!== true) break;
+			if (setConfig('user:user_'.$pUsername.'.last_login', time())				!== true) break;
+			
+			if (isset($_POST['rememberMe']) && $_POST['rememberMe'] == 'checked')
+				setConfig('login:token_'.$uniqid.'.remember_me', 'true');
+			
+			$api->addData('token', $uniqid);
+			
+			$api->display();
+			exit();
+		}
+		while (false);
+		
+		if ($nextTry > time())
+		{
+			$api->addData('error', array('msg' => 'Login disabled.', 'seconds' => $nextTry-time()));
+		}
+		elseif ($try == 5)
+		{
+			$api->addData('error', array('msg' => 'Login failed.', 'seconds' => 30));
+			setConfig('login:login.nextTry', time() + 30);
+		}
+		elseif ($try == 6)
+		{
+			$api->addData('error', array('msg' => 'Login failed.', 'seconds' => 60));
+			setConfig('login:login.nextTry', time() + 60);
+		}
+		elseif ($try == 7)
+		{
+			$api->addData('error', array('msg' => 'Login failed.', 'seconds' => 120));
+			setConfig('login:login.nextTry', time() + 120);
+		}
+		elseif ($try >= 8)
+		{
+			$api->addData('error', array('msg' => 'Login failed.', 'seconds' => 300));
+			setConfig('login:login.nextTry', time() + 300);
+		}
+		else
+		{
+			$api->addData('error', array('msg' => 'Login failed.'));
+		}
+		
+		setConfig('login:login.try', $try + 1);
+	}
+}
+
+if (isset($_POST['logout']))
+{
+	if (isset($_POST['token']))
+	{
+		$uniqid = $_POST['token'];
+		removeConfig('login:token_'.$uniqid);
+		
+		$api->addData('success', 'logout');
+	}
+	else
+		$api->setError('error', 'No token set.');
+	
+	$api->display();
+	exit();
+}
+
+$api->display();
+?>