Added ability to login directly with WHMCS credentials (on Airtime login

screen)
2014-06-18 18:27:16 -04:00 · 2014-06-18 18:27:16 -04:00 · 971e81756c
parent 7f6fc7770a
commit 971e81756c
2 changed files with 95 additions and 6 deletions
--- a/airtime_mvc/application/controllers/LoginController.php
+++ b/airtime_mvc/application/controllers/LoginController.php
@ -1,5 +1,7 @@
 <?php

+require_once('WhmcsLoginController.php');
+
 class LoginController extends Zend_Controller_Action
 {

@ -73,11 +75,23 @@ class LoginController extends Zend_Controller_Action

                        $this->_redirect('Showbuilder');
                    } else {
-                        $message = _("Wrong username or password provided. Please try again.");
-                        Application_Model_Subjects::increaseLoginAttempts($username);
-                        Application_Model_LoginAttempts::increaseAttempts($_SERVER['REMOTE_ADDR']);
-                        $form = new Application_Form_Login();
-                        $error = true;
+                        $email = $form->getValue('username');
+                        $authAdapter = new WHMCS_Auth_Adapter("admin", $email, $password);
+                        $auth = Zend_Auth::getInstance();
+                        $result = $auth->authenticate($authAdapter);
+                        if ($result->isValid()) {
+                            //set the user locale in case user changed it in when logging in
+                            Application_Model_Preference::SetUserLocale($locale);
+                            
+                            $this->_redirect('Showbuilder');
+                        }
+                        else {
+                            $message = _("Wrong username or password provided. Please try again.");
+                            Application_Model_Subjects::increaseLoginAttempts($username);
+                            Application_Model_LoginAttempts::increaseAttempts($_SERVER['REMOTE_ADDR']);
+                            $form = new Application_Form_Login();
+                            $error = true;
+                        }
                    }
                }
            }
--- a/airtime_mvc/application/controllers/WhmcsLoginController.php
+++ b/airtime_mvc/application/controllers/WhmcsLoginController.php
@ -17,7 +17,7 @@ class WhmcsLoginController extends Zend_Controller_Action
        $this->view->layout()->disableLayout();
        $this->_helper->viewRenderer->setNoRender(true);
        
-        $username = "admin";
+        $username = "admin"; //This is just for appearance in your session. It shows up in the corner of the Airtime UI.
        $email = $_POST["email"];
        $password = $_POST["password"];
                
@ -87,6 +87,10 @@ class WHMCS_Auth_Adapter implements Zend_Auth_Adapter_Interface {
        {
            return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, null);
        }
+        if (!$this->verifyClientSubdomainOwnership())
+        {
+            return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, null);
+        }
    
        $identity = array();
        
@ -173,4 +177,75 @@ class WHMCS_Auth_Adapter implements Zend_Auth_Adapter_Interface {
                
        return true;
    }
+    
+    function verifyClientSubdomainOwnership()
+    {
+        $client_postfields = array();
+        $client_postfields["username"] = $_SERVER['WHMCS_USERNAME'];
+        $client_postfields["password"] = md5($_SERVER['WHMCS_PASSWORD']);
+        $client_postfields["action"] ="getclientsproducts";
+        $client_postfields["responsetype"] = "json";
+    
+        $client_postfields["clientid"] = Application_Model_Preference::GetClientId();
+        //$client_postfields["stats"] = "true";
+    
+        $query_string = "";
+        foreach ($client_postfields as $k => $v) $query_string .= "$k=".urlencode($v)."&";
+    
+        $ch = curl_init();
+        curl_setopt($ch, CURLOPT_URL, WHMCS_API_URL);
+        curl_setopt($ch, CURLOPT_POST, 1);
+        curl_setopt($ch, CURLOPT_TIMEOUT, 30);
+        curl_setopt($ch, CURLOPT_FAILONERROR, 1);
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+        curl_setopt($ch, CURLOPT_POSTFIELDS, $query_string);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
+        $jsondata = curl_exec($ch);
+        if (curl_error($ch)) {
+            die(curl_getinfo($ch, CURLINFO_EFFECTIVE_URL));
+            //die("Connection Error: ".curl_errno($ch).' - '.curl_error($ch));
+        }
+        curl_close($ch);
+    
+        $arr = json_decode($jsondata, true); # Decode JSON String
+        //$client_id = $arr["clientid"];
+        //print_r($arr);
+        if ($arr["result"] != "success") {
+            die("Sorry, that email address or password was incorrect.");
+        }
+    
+        $doesAirtimeProductExist = false;
+        $isAirtimeAccountSuspended = true;
+        $airtimeProduct = null;
+    
+        foreach ($arr["products"] as $product)
+        {
+            if (strpos($product[0]["groupname"], "Airtime") === FALSE)
+            {
+                //Ignore non-Airtime products
+                continue;
+            }
+            else
+            {
+                if ($product[0]["status"] === "Active") {
+                    $airtimeProduct = $product[0];
+                    $subdomain = '';
+
+                    foreach ($airtimeProduct['customfields']['customfield'] as $customField)
+                    {
+                        if ($customField['name'] === SUBDOMAIN_WHMCS_CUSTOM_FIELD_NAME)
+                        {
+                            $subdomain = $customField['value'];
+                            if ($subdomain . ".airtime.pro" === $_SERVER['SERVER_NAME'])
+                            {
+                                return true;
+                            }
+                        }
+                    }
+                }
+            }
+        }
+        return false;
+    }
 }