diff --git a/admin/index.php b/admin/index.php
index 8038248f..b8314803 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -5,4 +5,4 @@
  **/
 
 
-header('location: ../index.php?_route=admin/');
\ No newline at end of file
+header('location: ../?_route=admin/');
\ No newline at end of file
diff --git a/init.php b/init.php
index 7155de76..dbe56a7e 100644
--- a/init.php
+++ b/init.php
@@ -87,7 +87,7 @@ if ($_app_stage != 'Live') {
 if ($isApi) {
     define('U', APP_URL . '/system/api.php?r=');
 } else {
-    define('U', APP_URL . '/index.php?_route=');
+    define('U', APP_URL . '/?_route=');
 }
 
 // notification message
diff --git a/system/autoload/User.php b/system/autoload/User.php
index 1acb8fc6..9737baf7 100644
--- a/system/autoload/User.php
+++ b/system/autoload/User.php
@@ -157,10 +157,15 @@ class User
         return [];
     }
 
-    public static function generateToken($uid)
+    public static function generateToken($uid, $validDays = 30)
     {
         global $db_pass;
-        $time = time();
+        if($validDays>=30){
+            $time = time();
+        }else{
+            $time = strtotime("+ $validDays days");
+        }
+
         return [
             'time' => $time,
             'token' => $uid . '.' . $time . '.' . sha1($uid . '.' . $time . '.' . $db_pass)
diff --git a/system/boot.php b/system/boot.php
index 07545ca2..ec9806ca 100644
--- a/system/boot.php
+++ b/system/boot.php
@@ -80,6 +80,9 @@ if ($handler == '') {
     $handler = 'default';
 }
 try {
+    if(!empty($_GET['uid'])){
+        $_COOKIE['uid'] = $_GET['token'];
+    }
     $admin = Admin::_info();
     $sys_render = $root_path . File::pathFixer('system/controllers/' . $handler . '.php');
     if (file_exists($sys_render)) {
diff --git a/system/controllers/customers.php b/system/controllers/customers.php
index 7970a76d..98e52762 100644
--- a/system/controllers/customers.php
+++ b/system/controllers/customers.php
@@ -507,7 +507,7 @@ switch ($action) {
                 $welcomeMessage = str_replace('[[name]]', $d['fullname'], $welcomeMessage);
                 $welcomeMessage = str_replace('[[username]]', $d['username'], $welcomeMessage);
                 $welcomeMessage = str_replace('[[password]]', $d['password'], $welcomeMessage);
-                $welcomeMessage = str_replace('[[url]]', APP_URL . '/index.php?_route=login', $welcomeMessage);
+                $welcomeMessage = str_replace('[[url]]', APP_URL . '/?_route=login', $welcomeMessage);
 
                 $emailSubject = "Welcome to " . $config['CompanyName'];
 
diff --git a/system/controllers/login.php b/system/controllers/login.php
index b5c90329..d4871243 100644
--- a/system/controllers/login.php
+++ b/system/controllers/login.php
@@ -39,10 +39,17 @@ switch ($do) {
                 }
                 if (Password::_uverify($password, $d_pass) == true) {
                     $_SESSION['uid'] = $d['id'];
-                    User::setCookie($d['id']);
+                    $token = User::setCookie($d['id']);
                     $d->last_login = date('Y-m-d H:i:s');
                     $d->save();
                     _log($username . ' ' . Lang::T('Login Successful'), 'User', $d['id']);
+                    if ($isApi) {
+                        if ($token) {
+                            showResult(true, Lang::T('Login Successful'), ['token' => "u." . $token]);
+                        } else {
+                            showResult(false, Lang::T('Invalid Username or Password'));
+                        }
+                    }
                     _alert(Lang::T('Login Successful'), 'success', "home");
                 } else {
                     _msglog('e', Lang::T('Invalid Username or Password'));
diff --git a/system/controllers/message.php b/system/controllers/message.php
index a4a1a197..c9c9f691 100644
--- a/system/controllers/message.php
+++ b/system/controllers/message.php
@@ -30,9 +30,9 @@ document.addEventListener("DOMContentLoaded", function(event) {
         ajax: {
             url: function(params) {
                 if(params.term != undefined){
-                    return './index.php?_route=autoload/customer_select2&s='+params.term;
+                    return './?_route=autoload/customer_select2&s='+params.term;
                 }else{
-                    return './index.php?_route=autoload/customer_select2';
+                    return './?_route=autoload/customer_select2';
                 }
             }
         }
diff --git a/system/controllers/plan.php b/system/controllers/plan.php
index ed7560e1..617cf443 100644
--- a/system/controllers/plan.php
+++ b/system/controllers/plan.php
@@ -20,9 +20,9 @@ document.addEventListener("DOMContentLoaded", function(event) {
         ajax: {
             url: function(params) {
                 if(params.term != undefined){
-                    return './index.php?_route=autoload/customer_select2&s='+params.term;
+                    return './?_route=autoload/customer_select2&s='+params.term;
                 }else{
-                    return './index.php?_route=autoload/customer_select2';
+                    return './?_route=autoload/customer_select2';
                 }
             }
         }
diff --git a/system/lan/indonesia.json b/system/lan/indonesia.json
index 52f89373..b2ad5308 100644
--- a/system/lan/indonesia.json
+++ b/system/lan/indonesia.json
@@ -843,5 +843,6 @@
     "Settings_For_Cron_Reminder": "Pengaturan Untuk Pengingat Cron",
     "Security": "Keamanan",
     "Enable_CSRF_Validation": "Aktifkan Validasi CSRF",
-    "Cross_site_request_forgery": "Pemalsuan permintaan lintas situs"
+    "Cross_site_request_forgery": "Pemalsuan permintaan lintas situs",
+    "Forgot_Password": "Lupa Kata Sandi"
 }
\ No newline at end of file
diff --git a/ui/ui/customer/dashboard.tpl b/ui/ui/customer/dashboard.tpl
index 9c0597ba..7a92e4a5 100644
--- a/ui/ui/customer/dashboard.tpl
+++ b/ui/ui/customer/dashboard.tpl
@@ -325,7 +325,7 @@
                     <script>
                         setTimeout(() => {
                             $.ajax({
-                                url: "index.php?_route=autoload_user/isLogin/{$_bill['id']}",
+                                url: "?_route=autoload_user/isLogin/{$_bill['id']}",
                                 cache: false,
                                 success: function(msg) {
                                     $("#login_status_{$_bill['id']}").html(msg);
diff --git a/ui/ui/pppoe-add.tpl b/ui/ui/pppoe-add.tpl
index 9c863e9a..ca4ac703 100644
--- a/ui/ui/pppoe-add.tpl
+++ b/ui/ui/pppoe-add.tpl
@@ -183,7 +183,7 @@
                     document.getElementById("routers").required = false;
                     document.getElementById("routers").disabled = true;
                     $.ajax({
-                        url: "index.php?_route=autoload/pool",
+                        url: "?_route=autoload/pool",
                         data: "routers=radius",
                         cache: false,
                         success: function(msg) {
diff --git a/ui/ui/vpn-add.tpl b/ui/ui/vpn-add.tpl
index 10b41bd3..4fadfbdc 100644
--- a/ui/ui/vpn-add.tpl
+++ b/ui/ui/vpn-add.tpl
@@ -170,7 +170,7 @@
                     document.getElementById("routers").required = false;
                     document.getElementById("routers").disabled = true;
                     $.ajax({
-                        url: "index.php?_route=autoload/pool",
+                        url: "?_route=autoload/pool",
                         data: "routers=radius",
                         cache: false,
                         success: function(msg) {
diff --git a/update.php b/update.php
index 4a8a259b..1e9a6087 100644
--- a/update.php
+++ b/update.php
@@ -281,7 +281,7 @@ function deleteFolder($path)
                                     PHPNuxBill has been updated to Version <b><?= $version ?></b>
                                 </div>
                             </div>
-                            <meta http-equiv="refresh" content="5; ./index.php?_route=dashboard">
+                            <meta http-equiv="refresh" content="5; ./?_route=dashboard">
                         <?php } ?>
                     <?php } ?>
                 </div>