kevinowino869/mitrobill
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Api always Valid

Browse Source
This commit is contained in:
iBNu Maksum 2024-10-11 11:42:38 +07:00
parent d5cba4b3c1
commit 7267bd082a
No known key found for this signature in database
GPG Key ID: 7FC82848810579E5
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
system/autoload/Admin.php
View File

@ -15,7 +15,7 @@ class Admin
$enable_session_timeout = $config['enable_session_timeout'] == 1;
$session_timeout_duration = $config['session_timeout_duration'] ? intval($config['session_timeout_duration'] * 60) : intval(60 * 60); // Convert minutes to seconds
if (!$isApi) {
if ($isApi) {
$enable_session_timeout = false;
}
if ($enable_session_timeout && !empty($_SESSION['aid']) && !empty($_SESSION['aid_expiration'])) {
@ -51,6 +51,10 @@ class Admin
if (sha1("$tmp[0].$tmp[1].$db_pass") == $tmp[2]) {
// Validate the token in the cookie
$isValid = self::validateToken($tmp[0], $_COOKIE['aid']);
if ($isApi) {
// For now API need to always return true, next need to add revoke token API
$isValid = true;
}
if (!empty($_COOKIE['aid']) && !$isValid) {
self::removeCookie();
_alert(Lang::T('Token has expired. Please log in again.'), 'danger', "admin");