2017-03-11 02:51:06 +07:00
|
|
|
<?php
|
2022-09-17 22:34:55 +07:00
|
|
|
|
2017-03-11 02:51:06 +07:00
|
|
|
/**
|
2023-10-12 15:55:42 +07:00
|
|
|
* PHP Mikrotik Billing (https://github.com/hotspotbilling/phpnuxbill/)
|
|
|
|
|
* by https://t.me/ibnux
|
2022-09-17 22:34:55 +07:00
|
|
|
**/
|
2023-10-12 15:55:42 +07:00
|
|
|
|
2024-10-09 17:13:25 +01:00
|
|
|
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
|
|
|
|
|
header("Expires: Tue, 01 Jan 2000 00:00:00 GMT");
|
|
|
|
|
header("Pragma: no-cache");
|
2024-10-09 15:56:47 +01:00
|
|
|
|
2024-10-09 17:13:25 +01:00
|
|
|
if (Admin::getID()) {
|
2025-01-31 16:22:58 +07:00
|
|
|
r2(getUrl('dashboard'), "s", Lang::T("You are already logged in"));
|
2024-02-27 10:37:41 +07:00
|
|
|
}
|
|
|
|
|
|
2017-03-11 02:51:06 +07:00
|
|
|
if (isset($routes['1'])) {
|
|
|
|
|
$do = $routes['1'];
|
|
|
|
|
} else {
|
|
|
|
|
$do = 'login-display';
|
|
|
|
|
}
|
|
|
|
|
|
2022-09-17 22:34:55 +07:00
|
|
|
switch ($do) {
|
2017-03-11 02:51:06 +07:00
|
|
|
case 'post':
|
2022-09-17 22:34:55 +07:00
|
|
|
$username = _post('username');
|
|
|
|
|
$password = _post('password');
|
2024-10-09 17:13:25 +01:00
|
|
|
//csrf token
|
|
|
|
|
$csrf_token = _post('csrf_token');
|
|
|
|
|
if (!Csrf::check($csrf_token)) {
|
2024-10-09 17:58:35 +01:00
|
|
|
_alert(Lang::T('Invalid or Expired CSRF Token') . ".", 'danger', "admin");
|
2024-10-09 17:13:25 +01:00
|
|
|
}
|
2022-09-17 22:34:55 +07:00
|
|
|
run_hook('admin_login'); #HOOK
|
|
|
|
|
if ($username != '' and $password != '') {
|
|
|
|
|
$d = ORM::for_table('tbl_users')->where('username', $username)->find_one();
|
|
|
|
|
if ($d) {
|
|
|
|
|
$d_pass = $d['password'];
|
|
|
|
|
if (Password::_verify($password, $d_pass) == true) {
|
|
|
|
|
$_SESSION['aid'] = $d['id'];
|
2024-04-01 13:01:21 +07:00
|
|
|
$token = Admin::setCookie($d['id']);
|
2022-09-17 22:34:55 +07:00
|
|
|
$d->last_login = date('Y-m-d H:i:s');
|
|
|
|
|
$d->save();
|
2024-02-13 13:54:01 +07:00
|
|
|
_log($username . ' ' . Lang::T('Login Successful'), $d['user_type'], $d['id']);
|
2024-03-31 21:23:19 +07:00
|
|
|
if ($isApi) {
|
|
|
|
|
if ($token) {
|
2024-10-09 17:13:25 +01:00
|
|
|
showResult(true, Lang::T('Login Successful'), ['token' => "a." . $token]);
|
2024-03-31 21:23:19 +07:00
|
|
|
} else {
|
|
|
|
|
showResult(false, Lang::T('Invalid Username or Password'));
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-10-09 17:13:25 +01:00
|
|
|
_alert(Lang::T('Login Successful'), 'success', "dashboard");
|
2022-09-17 22:34:55 +07:00
|
|
|
} else {
|
2024-02-13 13:54:01 +07:00
|
|
|
_log($username . ' ' . Lang::T('Failed Login'), $d['user_type']);
|
2024-10-09 17:13:25 +01:00
|
|
|
_alert(Lang::T('Invalid Username or Password') . ".", 'danger', "admin");
|
2022-09-17 22:34:55 +07:00
|
|
|
}
|
|
|
|
|
} else {
|
2024-10-09 17:13:25 +01:00
|
|
|
_alert(Lang::T('Invalid Username or Password') . "..", 'danger', "admin");
|
2022-09-17 22:34:55 +07:00
|
|
|
}
|
|
|
|
|
} else {
|
2024-10-09 17:13:25 +01:00
|
|
|
_alert(Lang::T('Invalid Username or Password') . "...", 'danger', "admin");
|
2022-09-17 22:34:55 +07:00
|
|
|
}
|
2017-03-11 02:51:06 +07:00
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
default:
|
2022-09-18 00:00:40 +07:00
|
|
|
run_hook('view_login'); #HOOK
|
2024-10-09 17:13:25 +01:00
|
|
|
$csrf_token = Csrf::generateAndStoreToken();
|
|
|
|
|
$ui->assign('csrf_token', $csrf_token);
|
2025-02-04 09:23:55 +07:00
|
|
|
$ui->display('admin/admin/login.tpl');
|
2017-03-11 02:51:06 +07:00
|
|
|
break;
|
|
|
|
|
}
|
