mirror of https://github.com/itflow-org/itflow
Initial add
This commit is contained in:
Marcus Hill
parent
3a18c0a0e7
commit
75ee2e643d
|
|
@ -0,0 +1,78 @@
|
|||
<?php
|
||||
// Headers to allow extensions access (CORS)
|
||||
$chrome_id = "to-be-confirmed";
|
||||
$firefox_id = "to-be-confirmed";
|
||||
$http_origin = $_SERVER['HTTP_ORIGIN'];
|
||||
if ($http_origin == "$chrome_id" || $http_origin == "$firefox_id")
|
||||
{
|
||||
header("Access-Control-Allow-Origin: $http_origin");
|
||||
header("Access-Control-Allow-Credentials: true");
|
||||
}
|
||||
|
||||
include("config.php");
|
||||
include("functions.php");
|
||||
|
||||
session_start();
|
||||
|
||||
// Check user is logged in
|
||||
// We do this manually, using check_login will break CORS due to the redirect.
|
||||
if(!(isset($_SESSION['logged']))){
|
||||
$data['found'] = "FALSE";
|
||||
$data['message'] = "ITFlow - You are not logged into ITFlow.";
|
||||
echo(json_encode($data));
|
||||
exit();
|
||||
}
|
||||
|
||||
// User is logged in!
|
||||
|
||||
// Get user info:
|
||||
$session_user_id = $_SESSION['user_id'];
|
||||
|
||||
$sql = mysqli_query($mysqli,"SELECT * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND users.user_id = $session_user_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$session_name = $row['user_name'];
|
||||
$session_email = $row['user_email'];
|
||||
$session_avatar = $row['user_avatar'];
|
||||
$session_token = $row['user_token'];
|
||||
$session_company_id = $row['user_default_company'];
|
||||
$session_user_role = $row['user_role'];
|
||||
if($session_user_role == 6){
|
||||
$session_user_role_display = "Global Administrator";
|
||||
}elseif($session_user_role == 5){
|
||||
$session_user_role_display = "Administrator";
|
||||
}elseif($session_user_role == 4){
|
||||
$session_user_role_display = "Technician";
|
||||
}elseif($session_user_role == 3){
|
||||
$session_user_role_display = "IT Contractor";
|
||||
}elseif($session_user_role == 2){
|
||||
$session_user_role_display = "Client";
|
||||
}else{
|
||||
$session_user_role_display = "Accountant";
|
||||
}
|
||||
|
||||
// Check user access level
|
||||
if($session_user_role < 4){
|
||||
$data['found'] = "FALSE";
|
||||
$data['message'] = "ITFlow - You are not authorised to use this application.";
|
||||
echo(json_encode($data));
|
||||
exit();
|
||||
}
|
||||
|
||||
if(isset($_GET['host'])){
|
||||
|
||||
$url = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['host'])));
|
||||
|
||||
$sql_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE (login_uri = '$url' AND company_id = '$session_company_id') LIMIT 1");
|
||||
|
||||
if(mysqli_num_rows($sql_logins) > 0){
|
||||
$row = mysqli_fetch_array($sql_logins);
|
||||
$data['found'] = "TRUE";
|
||||
$data['username'] = htmlentities($row['login_username']);
|
||||
$data['password'] = decryptLoginEntry($row['login_password']);
|
||||
echo json_encode($data);
|
||||
}
|
||||
}
|
||||
|
||||
//TODO: Future work:-
|
||||
// - Check user has permission to this client
|
||||
// - Showing multiple logins for a single URL
|
||||
Loading…
Reference in New Issue