From 83dd564e531b92f488df97d2ca7ea3b7c8b7290b Mon Sep 17 00:00:00 2001
From: iBNu Maksum <me@ibnux.net>
Date: Fri, 11 Oct 2024 11:07:47 +0700
Subject: [PATCH] fix position Admin::_info();

---
 system/autoload/Admin.php | 52 ++++++++++++++++++---------------------
 system/boot.php           |  6 ++---
 system/lan/indonesia.json | 16 +++++++++++-
 3 files changed, 42 insertions(+), 32 deletions(-)

diff --git a/system/autoload/Admin.php b/system/autoload/Admin.php
index a401c6eb..be5e253c 100644
--- a/system/autoload/Admin.php
+++ b/system/autoload/Admin.php
@@ -11,34 +11,40 @@ class Admin
 
     public static function getID()
     {
-        global $db_pass, $config;
-        $enable_session_timeout = $config['enable_session_timeout'];
-        $session_timeout_duration = $config['session_timeout_duration'] ? intval($config['session_timeout_duration'] * 60) : intval(60 * 60); // Convert minutes to seconds
+        global $db_pass, $config, $isApi;
 
-        // Check if the session is active and valid
-        if (isset($_SESSION['aid']) && isset($_SESSION['aid_expiration'])) {
+        $enable_session_timeout = $config['enable_session_timeout'] == 1;
+        $session_timeout_duration = $config['session_timeout_duration'] ? intval($config['session_timeout_duration'] * 60) : intval(60 * 60); // Convert minutes to seconds
+        if(!$isApi){
+            $enable_session_timeout = false;
+        }
+        if($enable_session_timeout && !empty($_SESSION['aid']) && !empty($_SESSION['aid_expiration'])){
             if ($_SESSION['aid_expiration'] > time()) {
-                if ($enable_session_timeout) {
-                    $_SESSION['aid_expiration'] = time() + $session_timeout_duration;
-                }
-                // Validate the token in the cookie
                 $isValid = self::validateToken($_SESSION['aid'], $_COOKIE['aid']);
                 if (!$isValid) {
                     self::removeCookie();
                     _alert(Lang::T('Token has expired. Please log in again.'), 'danger', "admin");
                     return 0;
                 }
+                // extend timeout duration
+                $_SESSION['aid_expiration'] = time() + $session_timeout_duration;
 
                 return $_SESSION['aid'];
-            }
-            // Session expired, log out the user
-            elseif ($enable_session_timeout && $_SESSION['aid_expiration'] <= time()) {
+            }else{
+                // Session expired, log out the user
                 self::removeCookie();
                 _alert(Lang::T('Session has expired. Please log in again.'), 'danger', "admin");
                 return 0;
             }
+        }else if (!empty($_SESSION['aid'])) {
+            $isValid = self::validateToken($_SESSION['aid'], $_COOKIE['aid']);
+            if (!$isValid) {
+                self::removeCookie();
+                _alert(Lang::T('Token has expired. Please log in again.'), 'danger', "admin");
+                return 0;
+            }
+            return $_SESSION['aid'];
         }
-
         // Check if the cookie is set and valid
         elseif (isset($_COOKIE['aid'])) {
             $tmp = explode('.', $_COOKIE['aid']);
@@ -65,7 +71,7 @@ class Admin
     }
     public static function setCookie($aid)
     {
-        global $db_pass, $config, $_app_stage;
+        global $db_pass, $config;
         $enable_session_timeout = $config['enable_session_timeout'];
         $session_timeout_duration = intval($config['session_timeout_duration']) * 60; // Convert minutes to seconds
 
@@ -131,24 +137,14 @@ class Admin
 
     public static function upsertToken($aid, $token)
     {
-        $query = ORM::for_table('tbl_users')->where('id', $aid)->findOne();
-        $query->login_token = $token;
+        $query = ORM::for_table('tbl_users')->findOne($aid);
+        $query->login_token = sha1($token);
         $query->save();
     }
 
     public static function validateToken($aid, $cookieToken)
     {
-        $query =  ORM::for_table('tbl_users')->select('login_token')->where('id', $aid)->findOne();
-        $storedToken = $query->login_token;
-
-        if (empty($storedToken)) {
-            return false;
-        }
-
-        if ($storedToken !== $cookieToken) {
-            return false;
-        }
-
-        return $storedToken === $cookieToken;
+        $query =  ORM::for_table('tbl_users')->select('login_token')->findOne($aid);
+        return $query->login_token === sha1($cookieToken);
     }
 }
diff --git a/system/boot.php b/system/boot.php
index 1d3fc8cd..07545ca2 100644
--- a/system/boot.php
+++ b/system/boot.php
@@ -79,8 +79,8 @@ $handler = $routes[0];
 if ($handler == '') {
     $handler = 'default';
 }
-$admin = Admin::_info();
 try {
+    $admin = Admin::_info();
     $sys_render = $root_path . File::pathFixer('system/controllers/' . $handler . '.php');
     if (file_exists($sys_render)) {
         $menus = array();
@@ -128,7 +128,7 @@ try {
             $e->getMessage() . "\n" .
             $e->getTraceAsString()
     );
-    if (!Admin::getID()) {
+    if (empty($_SESSION['aid'])) {
         $ui->display('customer/error.tpl'); die();
     }
     $ui->assign("error_message", $e->getMessage() . '<br><pre>' . $e->getTraceAsString() . '</pre>');
@@ -141,7 +141,7 @@ try {
             $e->getMessage() . "\n" .
             $e->getTraceAsString()
     );
-    if (!Admin::getID()) {
+    if (empty($_SESSION['aid'])) {
         $ui->display('customer/error.tpl'); die();
     }
     $ui->assign("error_message", $e->getMessage() . '<br><pre>' . $e->getTraceAsString() . '</pre>');
diff --git a/system/lan/indonesia.json b/system/lan/indonesia.json
index ad70c3c3..6eb7d82f 100644
--- a/system/lan/indonesia.json
+++ b/system/lan/indonesia.json
@@ -607,5 +607,19 @@
     "Not_Working_with_Freeradius_Mysql": "Tidak Bekerja dengan Freeradius Mysql",
     "User_Cannot_change_this__only_admin__if_it_Empty_it_will_use_Customer_Credentials": "Pengguna tidak dapat mengubah ini, hanya admin. Jika Kosong, maka akan menggunakan Kredensial Pelanggan",
     "Buy_this__your_active_package_will_be_overwritten": "Beli ini? Paket aktif Anda akan ditimpa",
-    "Pay_this_with_Balance__your_active_package_will_be_overwritten": "Bayar ini dengan Saldo? Paket aktif Anda akan ditimpa"
+    "Pay_this_with_Balance__your_active_package_will_be_overwritten": "Bayar ini dengan Saldo? Paket aktif Anda akan ditimpa",
+    "Error": "Kesalahan",
+    "Internal_Error": "Kesalahan Internal",
+    "Sorry__the_software_failed_to_process_the_request__if_it_still_happening__please_tell": "Maaf, perangkat lunak gagal memproses permintaan, jika masih terjadi, mohon beri tahu",
+    "Try_Again": "Coba Lagi",
+    "Make_sure_you_use_API_Port__Default_8728": "Pastikan Anda menggunakan Port API, Default 8728",
+    "Make_sure_Username_and_Password_are_correct": "Pastikan Username dan Password sudah benar",
+    "Make_sure_your_hosting_not_blocking_port_to_external": "Pastikan hosting Anda tidak memblokir port ke eksternal",
+    "Make_sure_your_Mikrotik_accessible_from_PHPNuxBill": "Pastikan Mikrotik Anda dapat diakses dari PHPNuxBill",
+    "If_you_just_update_PHPNuxBill_from_upload_files__try_click_Update": "Jika Anda baru saja memperbarui PHPNuxBill dari mengunggah file, coba klik Perbarui",
+    "Update_PHPNuxBill": "Perbarui PHPNuxBill",
+    "Ask_Github_Community": "Tanya Komunitas Github",
+    "Ask_Telegram_Community": "Tanya Komunitas Telegram",
+    "Token_has_expired__Please_log_in_again_": "Token telah kedaluwarsa. Silakan masuk lagi.",
+    "danger": "bahaya"
 }
\ No newline at end of file