Allow authentication via Wefact

includes/config.inc.php-dist

@@ -6,6 +6,13 @@ $apiip   = '';      # The IP of the PowerDNS API
 $apiport = '8081';  # The port of the PowerDNS API
 $apisid  = '';      # PowerDNS's :server_id
 
+
+# If you configure this, nsedit will try to authenticate via WeFact too.
+# Debtors will be added to the sqlitedatabase with their crypted password.
+
+#$wefactapiurl = 'https://yourdomain/Pro/apiv2/api.php';
+#$wefactapikey = 'xyz';
+
 $authdb  = "../etc/pdns.users.sqlite3";
 
 $templates = array();

includes/misc.inc.php

@@ -28,6 +28,31 @@ function get_all_users() {
     return $ret;
 }
 
+function get_user_info($u) {
+    $db = get_db();
+    $q = $db->prepare('SELECT * FROM users WHERE emailaddress = ?');
+    $q->bindValue(1, $u);
+    $result = $q->execute();
+    $userinfo = $result->fetchArray(SQLITE3_ASSOC);
+    $db->close();
+
+    return $userinfo;
+}
+
+function do_db_auth($u, $p) {
+    $db = get_db();
+    $q = $db->prepare('SELECT * FROM users WHERE emailaddress = ?');
+    $q->bindValue(1, $u);
+    $result = $q->execute();
+    $userinfo = $result->fetchArray(SQLITE3_ASSOC);
+    $db->close();
+    if (isset($userinfo['password']) and (crypt($p, $userinfo['password']) == $userinfo['password'])) {
+        return TRUE;
+    }
+
+    return FALSE;
+}
+
 function get_pw($username) {
     $db = get_db();
     $q = $db->prepare('SELECT password FROM users WHERE emailaddress = ? LIMIT 1');

includes/session.inc.php

@@ -43,19 +43,31 @@ function try_login() {
         if (valid_user($_POST['username']) === FALSE) {
             return FALSE;
         }
-        $db = get_db();
+        $do_local_auth = 1;
-        $q = $db->prepare('SELECT * FROM users WHERE emailaddress = ?');
+
-        $q->bindValue(1, $_POST['username']);
+        if (isset($wefactapiurl) && isset($wefactapikey)) {
-        $result = $q->execute();
+            $wefact = do_wefact_auth($_POST['username'], $_POST['password']);
-        $userinfo = $result->fetchArray(SQLITE3_ASSOC);
+            if ($wefact === FALSE) {
-        if (isset($userinfo['password']) and (crypt($_POST['password'], $userinfo['password']) == $userinfo['password'])) {
+                return FALSE;
-            set_logged_in($_POST['username']);
+            }
-            if (isset($userinfo['isadmin']) && $userinfo['isadmin'] == 1) {
+            if ($wefact != -1) {
-                set_is_adminuser();
+                $do_local_auth = 0;
             }
-            return TRUE;
         }
-        $db->close();
+
+        if ($do_local_auth == 1) {
+            if (do_db_auth($_POST['username'], $_POST['password']) === FALSE) {
+                return FALSE;
+            }
+        }
+
+        $userinfo = get_user_info($_POST['username']);
+
+        set_logged_in($_POST['username']);
+        if (isset($userinfo['isadmin']) && $userinfo['isadmin'] == 1) {
+            set_is_adminuser();
+        }
+        return TRUE;
     }
 
     return FALSE;

includes/wefactauth.inc.php

@@ -1,6 +1,10 @@
 <?php
 
 include_once('config.inc.php');
+include_once('misc.inc.php');
+
+/* This class is written by Wefact. See https://www.wefact.nl/wefact-hosting/apiv2/
+*/
 
 class WeFactAPI
 {
@@ -52,16 +56,26 @@ class WeFactAPI
 
 function do_wefact_auth($u, $p) {
     $wefact = new WeFactApi();
-    $r = $wefact->sendRequest('debtor', 'checklogin', array(
+    $r = $wefact->sendRequest('debtor', 'show', array(
-        'Username'  => $u,
+        'DebtorCode' => $u));
-        'Password'  => $p
-    ));
 
     if (isset($r['status']) && $r['status'] == 'success') {
-        return TRUE;
+        $r = $wefact->sendRequest('debtor', 'checklogin', array(
-    }
+            'Username'  => $u,
+            'Password'  => $p
+        ));
 
-    return FALSE;
+        if (isset($r['status']) && $r['status'] == 'success') {
+            if (get_user_info($u) == FALSE) {
+                add_user($u);
+            }
+            return TRUE;
+        }
+
+        return FALSE;
+    } else {
+        return -1;
+    }
 }
 
 ?>