library/ajax/login_counter_ip_tracker.php

   1 <?php
   2
   3 /**
   4  * login_counter_ip_tracker.php
   5  *
   6  * @package   OpenEMR
   7  * @link      https://www.open-emr.org
   8  * @author    Brady Miller <brady.g.miller@gmail.com>
   9  * @copyright Copyright (c) 2023 Brady Miller <brady.g.miller@gmail.com>
  10  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  11  */
  12
  13 use OpenEMR\Common\Acl\AclMain;
  14 use OpenEMR\Common\Auth\AuthUtils;
  15 use OpenEMR\Common\Csrf\CsrfUtils;
  16
  17 require_once(__DIR__ . "/../../interface/globals.php");
  18
  19 if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"], 'counter')) {
  20     CsrfUtils::csrfNotVerified(false);
  21 }
  22
  23 if (empty($_POST['function'])) {
  24     exit;
  25 }
  26
  27 if ($_POST['function'] == 'resetUsernameCounter') {
  28     if (!AclMain::aclCheckCore('admin', 'users')) {
  29         error_log("Failed ACL access to login_counter_ip_tracker.php script for resetUsernameCounter function");
  30         exit;
  31     }
  32
  33     if (empty($_POST['username'])) {
  34         exit;
  35     }
  36     AuthUtils::resetLoginFailedCounter($_POST['username']);
  37     exit;
  38 }
  39
  40
  41 // all function below require admin super access
  42 if (!AclMain::aclCheckCore('admin', 'super')) {
  43     error_log("Failed ACL access to login_counter_ip_tracker.php script for " . errorLogEscape($_POST['function']) . " function");
  44     exit;
  45 }
  46
  47 if ($_POST['function'] == 'disableIp') {
  48     if (empty((int)$_POST['ipId'])) {
  49         exit;
  50     }
  51     AuthUtils::disableIp((int)$_POST['ipId']);
  52     exit;
  53 }
  54
  55 if ($_POST['function'] == 'enableIp') {
  56     if (empty((int)$_POST['ipId'])) {
  57         exit;
  58     }
  59     AuthUtils::enableIp((int)$_POST['ipId']);
  60     exit;
  61 }
  62
  63 if ($_POST['function'] == 'skipTiming') {
  64     if (empty((int)$_POST['ipId'])) {
  65         exit;
  66     }
  67     AuthUtils::skipTimingIp((int)$_POST['ipId']);
  68     exit;
  69 }
  70
  71 if ($_POST['function'] == 'noSkipTiming') {
  72     if (empty((int)$_POST['ipId'])) {
  73         exit;
  74     }
  75     AuthUtils::noSkipTimingIp((int)$_POST['ipId']);
  76     exit;
  77 }
  78
  79 if ($_POST['function'] == 'resetIpCounter') {
  80     if (empty((int)$_POST['ipId'])) {
  81         exit;
  82     }
  83     AuthUtils::resetIpCounter((int)$_POST['ipId']);
  84     exit;
  85 }