diff --git a/includes/config.inc.php-dist b/includes/config.inc.php-dist index 18d53a7..bafbcf7 100644 --- a/includes/config.inc.php-dist +++ b/includes/config.inc.php-dist @@ -6,6 +6,13 @@ $apiip = ''; # The IP of the PowerDNS API $apiport = '8081'; # The port of the PowerDNS API $apisid = ''; # PowerDNS's :server_id + +# If you configure this, nsedit will try to authenticate via WeFact too. +# Debtors will be added to the sqlitedatabase with their crypted password. + +#$wefactapiurl = 'https://yourdomain/Pro/apiv2/api.php'; +#$wefactapikey = 'xyz'; + $authdb = "../etc/pdns.users.sqlite3"; $templates = array(); diff --git a/includes/misc.inc.php b/includes/misc.inc.php index 975ed03..b41d808 100644 --- a/includes/misc.inc.php +++ b/includes/misc.inc.php @@ -28,6 +28,31 @@ function get_all_users() { return $ret; } +function get_user_info($u) { + $db = get_db(); + $q = $db->prepare('SELECT * FROM users WHERE emailaddress = ?'); + $q->bindValue(1, $u); + $result = $q->execute(); + $userinfo = $result->fetchArray(SQLITE3_ASSOC); + $db->close(); + + return $userinfo; +} + +function do_db_auth($u, $p) { + $db = get_db(); + $q = $db->prepare('SELECT * FROM users WHERE emailaddress = ?'); + $q->bindValue(1, $u); + $result = $q->execute(); + $userinfo = $result->fetchArray(SQLITE3_ASSOC); + $db->close(); + if (isset($userinfo['password']) and (crypt($p, $userinfo['password']) == $userinfo['password'])) { + return TRUE; + } + + return FALSE; +} + function get_pw($username) { $db = get_db(); $q = $db->prepare('SELECT password FROM users WHERE emailaddress = ? LIMIT 1'); diff --git a/includes/session.inc.php b/includes/session.inc.php index 8357e6a..86b4fdd 100644 --- a/includes/session.inc.php +++ b/includes/session.inc.php @@ -43,19 +43,31 @@ function try_login() { if (valid_user($_POST['username']) === FALSE) { return FALSE; } - $db = get_db(); - $q = $db->prepare('SELECT * FROM users WHERE emailaddress = ?'); - $q->bindValue(1, $_POST['username']); - $result = $q->execute(); - $userinfo = $result->fetchArray(SQLITE3_ASSOC); - if (isset($userinfo['password']) and (crypt($_POST['password'], $userinfo['password']) == $userinfo['password'])) { - set_logged_in($_POST['username']); - if (isset($userinfo['isadmin']) && $userinfo['isadmin'] == 1) { - set_is_adminuser(); + $do_local_auth = 1; + + if (isset($wefactapiurl) && isset($wefactapikey)) { + $wefact = do_wefact_auth($_POST['username'], $_POST['password']); + if ($wefact === FALSE) { + return FALSE; + } + if ($wefact != -1) { + $do_local_auth = 0; } - return TRUE; } - $db->close(); + + if ($do_local_auth == 1) { + if (do_db_auth($_POST['username'], $_POST['password']) === FALSE) { + return FALSE; + } + } + + $userinfo = get_user_info($_POST['username']); + + set_logged_in($_POST['username']); + if (isset($userinfo['isadmin']) && $userinfo['isadmin'] == 1) { + set_is_adminuser(); + } + return TRUE; } return FALSE; diff --git a/includes/wefactauth.inc.php b/includes/wefactauth.inc.php index ad3fcd5..aa7545e 100644 --- a/includes/wefactauth.inc.php +++ b/includes/wefactauth.inc.php @@ -1,6 +1,10 @@ sendRequest('debtor', 'checklogin', array( - 'Username' => $u, - 'Password' => $p - )); + $r = $wefact->sendRequest('debtor', 'show', array( + 'DebtorCode' => $u)); if (isset($r['status']) && $r['status'] == 'success') { - return TRUE; - } + $r = $wefact->sendRequest('debtor', 'checklogin', array( + 'Username' => $u, + 'Password' => $p + )); - return FALSE; + if (isset($r['status']) && $r['status'] == 'success') { + if (get_user_info($u) == FALSE) { + add_user($u); + } + return TRUE; + } + + return FALSE; + } else { + return -1; + } } ?>