kevinowino869/mitrobill
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix rest api, need to change every variable to readable

Browse Source
This commit is contained in:
Ibnu Maksum 2024-04-01 13:01:21 +07:00
parent ee73621c85
commit 254fd4ccf7
No known key found for this signature in database
GPG Key ID: 7FC82848810579E5
4 changed files with 26 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
init.php
View File

@ -73,8 +73,11 @@ ORM::configure('return_result_sets', true);
if ($_app_stage != 'Live') { if ($_app_stage != 'Live') {
ORM::configure('logging', true); ORM::configure('logging', true);
} }
if($isApi){
define('U', APP_URL . '/system/api.php?r=');
}else{
define('U', APP_URL . '/index.php?_route='); define('U', APP_URL . '/index.php?_route=');
}
// notification message // notification message
if (file_exists($UPLOAD_PATH . DIRECTORY_SEPARATOR . "notifications.json")) { if (file_exists($UPLOAD_PATH . DIRECTORY_SEPARATOR . "notifications.json")) {
@ -224,8 +227,10 @@ function alphanumeric($str, $tambahan = "")
function showResult($success, $message = '', $result = [], $meta = []) function showResult($success, $message = '', $result = [], $meta = [])
{ {
header("Content-Type: Application/json; charset=utf-8"); header("Content-Type: Application/json");
die(json_encode(array('success' => $success, 'message' => $message, 'result' => $result, 'meta' => $meta))); $json = json_encode(['success' => $success, 'message' => $message, 'result' => $result, 'meta' => $meta]);
echo $json;
die();
} }
function sendTelegram($txt) function sendTelegram($txt)

9
system/api.php
View File

@ -1,7 +1,7 @@
<?php <?php
/** /**
* PHP Mikrotik Billing (https://github.com/SiberTech/) * PHP Mikrotik Billing (https://github.com/hotspotbilling/phpnuxbill/)
* by https://t.me/ibnux * by https://t.me/ibnux
* *
* This File is for API Access * This File is for API Access
@ -19,8 +19,6 @@ $isApi = true;
include "../init.php"; include "../init.php";
unset($_COOKIE['aid']);
// Dummy Class // Dummy Class
$ui = new class($key) $ui = new class($key)
{ {
@ -71,7 +69,7 @@ if (!empty($token)) {
} else { } else {
# validate token # validate token
list($tipe, $uid, $time, $sha1) = explode('.', $token); list($tipe, $uid, $time, $sha1) = explode('.', $token);
if (trim($sha1) != sha1($uid . '.' . $time . '.' . $db_password)) { if (trim($sha1) != sha1($uid . '.' . $time . '.' . $api_secret)) {
showResult(false, Lang::T("Token is invalid")); showResult(false, Lang::T("Token is invalid"));
} }
@ -109,6 +107,9 @@ if (!empty($token)) {
showResult(false, Lang::T("Token is invalid")); showResult(false, Lang::T("Token is invalid"));
} }
} }
}else{
unset($_COOKIE);
unset($_SESSION);
} }
try { try {

6
system/autoload/Admin.php
View File

@ -32,10 +32,14 @@ class Admin
global $db_password; global $db_password;
if (isset($aid)) { if (isset($aid)) {
$time = time(); $time = time();
setcookie('aid', $aid . '.' . $time . '.' . sha1($aid . '.' . $time . '.' . $db_password), time() + 86400 * 7); $token = $aid . '.' . $time . '.' . sha1($aid . '.' . $time . '.' . $db_password);
setcookie('aid', $token, time() + 86400 * 7);
return $token;
} }
return '';
} }
public static function removeCookie() public static function removeCookie()
{ {
if (isset($_COOKIE['aid'])) { if (isset($_COOKIE['aid'])) {

10
system/controllers/admin.php
View File

@ -6,7 +6,7 @@
**/ **/
if(Admin::getID()){ if(Admin::getID()){
r2(U.'dashboard'); r2(U.'dashboard', "s", Lang::T("You are already logged in"));
} }
if (isset($routes['1'])) { if (isset($routes['1'])) {
@ -26,7 +26,7 @@ switch ($do) {
$d_pass = $d['password']; $d_pass = $d['password'];
if (Password::_verify($password, $d_pass) == true) { if (Password::_verify($password, $d_pass) == true) {
$_SESSION['aid'] = $d['id']; $_SESSION['aid'] = $d['id'];
Admin::setCookie($d['id']); $token = Admin::setCookie($d['id']);
$d->last_login = date('Y-m-d H:i:s'); $d->last_login = date('Y-m-d H:i:s');
$d->save(); $d->save();
_log($username . ' ' . Lang::T('Login Successful'), $d['user_type'], $d['id']); _log($username . ' ' . Lang::T('Login Successful'), $d['user_type'], $d['id']);
@ -40,13 +40,13 @@ switch ($do) {
_alert(Lang::T('Login Successful'),'success', "dashboard"); _alert(Lang::T('Login Successful'),'success', "dashboard");
} else { } else {
_log($username . ' ' . Lang::T('Failed Login'), $d['user_type']); _log($username . ' ' . Lang::T('Failed Login'), $d['user_type']);
_alert(Lang::T('Invalid Username or Password'),'danger', "admin"); _alert(Lang::T('Invalid Username or Password').".",'danger', "admin");
} }
} else { } else {
_alert(Lang::T('Invalid Username or Password'),'danger', "admin"); _alert(Lang::T('Invalid Username or Password')."..",'danger', "admin");
} }
} else { } else {
_alert(Lang::T('Invalid Username or Password'),'danger', "admin"); _alert(Lang::T('Invalid Username or Password')."...",'danger', "admin");
} }
break; break;