mitrobill/system/controllers/admin.php

<?php

/**
 *  PHP Mikrotik Billing (https://github.com/hotspotbilling/phpnuxbill/)
 *  by https://t.me/ibnux
 **/

 header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
 header("Expires: Tue, 01 Jan 2000 00:00:00 GMT");
 header("Pragma: no-cache");

if(Admin::getID()){
    r2(U.'dashboard', "s", Lang::T("You are already logged in"));
}

if (isset($routes['1'])) {
    $do = $routes['1'];
} else {
    $do = 'login-display';
}

switch ($do) {
    case 'post':
        $username = _post('username');
        $password = _post('password');
        run_hook('admin_login'); #HOOK
        if ($username != '' and $password != '') {
            $d = ORM::for_table('tbl_users')->where('username', $username)->find_one();
            if ($d) {
                $d_pass = $d['password'];
                if (Password::_verify($password, $d_pass) == true) {
                    $_SESSION['aid'] = $d['id'];
                    $token = Admin::setCookie($d['id']);
                    $d->last_login = date('Y-m-d H:i:s');
                    $d->save();
                    _log($username . ' ' . Lang::T('Login Successful'), $d['user_type'], $d['id']);
                    if ($isApi) {
                        if ($token) {
                            showResult(true, Lang::T('Login Successful'), ['token' => "a.".$token]);
                        } else {
                            showResult(false, Lang::T('Invalid Username or Password'));
                        }
                    }
                    _alert(Lang::T('Login Successful'),'success', "dashboard");
                } else {
                    _log($username . ' ' . Lang::T('Failed Login'), $d['user_type']);
                    _alert(Lang::T('Invalid Username or Password').".",'danger', "admin");
                }
            } else {
                _alert(Lang::T('Invalid Username or Password')."..",'danger', "admin");
            }
        } else {
            _alert(Lang::T('Invalid Username or Password')."...",'danger', "admin");
        }

        break;
    default:
        run_hook('view_login'); #HOOK
        $ui->display('admin-login.tpl');
        break;
}
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`<?php`
add menu hook 2022-09-17 22:34:55 +07:00
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`/**`
Change credits 2023-10-12 15:55:42 +07:00			`* PHP Mikrotik Billing (https://github.com/hotspotbilling/phpnuxbill/)`
			`* by https://t.me/ibnux`
add menu hook 2022-09-17 22:34:55 +07:00			`**/`
Change credits 2023-10-12 15:55:42 +07:00
Added more security flags to prevent XSS attack from cookie. 2024-10-09 15:56:47 +01:00			`header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");`
			`header("Expires: Tue, 01 Jan 2000 00:00:00 GMT");`
			`header("Pragma: no-cache");`

redirect after login 2024-02-27 10:37:41 +07:00			`if(Admin::getID()){`
fix rest api, need to change every variable to readable 2024-04-01 13:01:21 +07:00			`r2(U.'dashboard', "s", Lang::T("You are already logged in"));`
redirect after login 2024-02-27 10:37:41 +07:00			`}`

PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`if (isset($routes['1'])) {`
			`$do = $routes['1'];`
			`} else {`
			`$do = 'login-display';`
			`}`

add menu hook 2022-09-17 22:34:55 +07:00			`switch ($do) {`
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`case 'post':`
add menu hook 2022-09-17 22:34:55 +07:00			`$username = _post('username');`
			`$password = _post('password');`
			`run_hook('admin_login'); #HOOK`
			`if ($username != '' and $password != '') {`
			`$d = ORM::for_table('tbl_users')->where('username', $username)->find_one();`
			`if ($d) {`
			`$d_pass = $d['password'];`
			`if (Password::_verify($password, $d_pass) == true) {`
			`$_SESSION['aid'] = $d['id'];`
fix rest api, need to change every variable to readable 2024-04-01 13:01:21 +07:00			`$token = Admin::setCookie($d['id']);`
add menu hook 2022-09-17 22:34:55 +07:00			`$d->last_login = date('Y-m-d H:i:s');`
			`$d->save();`
Auto Translate Language 2024-02-13 13:54:01 +07:00			`_log($username . ' ' . Lang::T('Login Successful'), $d['user_type'], $d['id']);`
Found lazy way to create api 2024-03-31 21:23:19 +07:00			`if ($isApi) {`
			`if ($token) {`
			`showResult(true, Lang::T('Login Successful'), ['token' => "a.".$token]);`
			`} else {`
			`showResult(false, Lang::T('Invalid Username or Password'));`
			`}`
			`}`
Add Alert Page 2024-02-23 14:20:12 +07:00			`_alert(Lang::T('Login Successful'),'success', "dashboard");`
add menu hook 2022-09-17 22:34:55 +07:00			`} else {`
Auto Translate Language 2024-02-13 13:54:01 +07:00			`_log($username . ' ' . Lang::T('Failed Login'), $d['user_type']);`
fix rest api, need to change every variable to readable 2024-04-01 13:01:21 +07:00			`_alert(Lang::T('Invalid Username or Password').".",'danger', "admin");`
add menu hook 2022-09-17 22:34:55 +07:00			`}`
			`} else {`
fix rest api, need to change every variable to readable 2024-04-01 13:01:21 +07:00			`_alert(Lang::T('Invalid Username or Password')."..",'danger', "admin");`
add menu hook 2022-09-17 22:34:55 +07:00			`}`
			`} else {`
fix rest api, need to change every variable to readable 2024-04-01 13:01:21 +07:00			`_alert(Lang::T('Invalid Username or Password')."...",'danger', "admin");`
add menu hook 2022-09-17 22:34:55 +07:00			`}`
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00
			`break;`
			`default:`
add hook 2022-09-18 00:00:40 +07:00			`run_hook('view_login'); #HOOK`
admin change to adminlte 2022-10-16 14:48:21 +07:00			`$ui->display('admin-login.tpl');`
PHPMixBill v5.0 - First Upload 2017-03-11 02:51:06 +07:00			`break;`
			`}`