111 lines
3.1 KiB
PHP
111 lines
3.1 KiB
PHP
<?php
|
|
define('PICONTROL', true);
|
|
|
|
$doNotCheckForAuthentification = true;
|
|
(include_once realpath(dirname(__FILE__)).'/../../resources/init.php') or die('Error: 0x0000');
|
|
(include_once LIBRARY_PATH.'main/main.function.php') or die('Error: 0x0001');
|
|
(include_once LIBRARY_PATH.'api/api.class.php') or die('Error: 0x0002');
|
|
|
|
$api = new API;
|
|
|
|
$externalAccess = (urlIsPublic($_SERVER['REMOTE_ADDR']) && getConfig('main:access.external', 'false') == 'false') ? false : true;
|
|
$nextTry = getConfig('login:login.nextTry');
|
|
|
|
if ($externalAccess === false)
|
|
$api->addData('error', 'Local network.');
|
|
elseif ($nextTry > time())
|
|
$api->addData('error', array('msg' => 'Login disabled.', 'seconds' => $nextTry-time()));
|
|
|
|
if (isset($_POST['username'], $_POST['password']) && $externalAccess === true)
|
|
{
|
|
if (trim($_POST['username']) != '' && $_POST['password'] != '')
|
|
{
|
|
$pUsername = strtolower(trim($_POST['username']));
|
|
$pPassword = $_POST['password'];
|
|
|
|
$try = getConfig('login:login.try');
|
|
|
|
do
|
|
{
|
|
if ($nextTry > time())
|
|
break;
|
|
|
|
if (($userinfo = getConfig('user:user_'.$pUsername, 0)) === 0)
|
|
break;
|
|
|
|
if (!is_array($userinfo))
|
|
break;
|
|
|
|
if (strtolower($userinfo['username']) != $pUsername || password_verify($pPassword, $userinfo['password']) !== true)
|
|
break;
|
|
|
|
setConfig('login:login.try', 0);
|
|
setConfig('login:login.nextTry', 0);
|
|
$uniqid = generateUniqId(32, false);
|
|
|
|
if (setConfig('login:token_'.$uniqid.'.created', time()) !== true) break;
|
|
if (setConfig('login:token_'.$uniqid.'.username', $pUsername) !== true) break;
|
|
if (setConfig('login:token_'.$uniqid.'.address', $_SERVER['REMOTE_ADDR']) !== true) break;
|
|
if (setConfig('user:user_'.$pUsername.'.last_login', time()) !== true) break;
|
|
|
|
if (isset($_POST['rememberMe']) && $_POST['rememberMe'] == 'checked')
|
|
setConfig('login:token_'.$uniqid.'.remember_me', 'true');
|
|
|
|
$api->addData('token', $uniqid);
|
|
|
|
$api->display();
|
|
exit();
|
|
}
|
|
while (false);
|
|
|
|
if ($nextTry > time())
|
|
{
|
|
$api->addData('error', array('msg' => 'Login disabled.', 'seconds' => $nextTry-time()));
|
|
}
|
|
elseif ($try == 5)
|
|
{
|
|
$api->addData('error', array('msg' => 'Login failed.', 'seconds' => 30));
|
|
setConfig('login:login.nextTry', time() + 30);
|
|
}
|
|
elseif ($try == 6)
|
|
{
|
|
$api->addData('error', array('msg' => 'Login failed.', 'seconds' => 60));
|
|
setConfig('login:login.nextTry', time() + 60);
|
|
}
|
|
elseif ($try == 7)
|
|
{
|
|
$api->addData('error', array('msg' => 'Login failed.', 'seconds' => 120));
|
|
setConfig('login:login.nextTry', time() + 120);
|
|
}
|
|
elseif ($try >= 8)
|
|
{
|
|
$api->addData('error', array('msg' => 'Login failed.', 'seconds' => 300));
|
|
setConfig('login:login.nextTry', time() + 300);
|
|
}
|
|
else
|
|
{
|
|
$api->addData('error', array('msg' => 'Login failed.'));
|
|
}
|
|
|
|
setConfig('login:login.try', $try + 1);
|
|
}
|
|
}
|
|
|
|
if (isset($_POST['logout']))
|
|
{
|
|
if (isset($_POST['token']))
|
|
{
|
|
$uniqid = $_POST['token'];
|
|
removeConfig('login:token_'.$uniqid);
|
|
|
|
$api->addData('success', 'logout');
|
|
}
|
|
else
|
|
$api->setError('error', 'No token set.');
|
|
|
|
$api->display();
|
|
exit();
|
|
}
|
|
|
|
$api->display();
|
|
?>
|