kevinowino869/mitrobill
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix position Admin::_info();

Browse Source
This commit is contained in:
iBNu Maksum 2024-10-11 11:07:47 +07:00
parent 8e8a52d807
commit 83dd564e53
No known key found for this signature in database
GPG Key ID: 7FC82848810579E5
3 changed files with 42 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
system/autoload/Admin.php
View File

@ -11,34 +11,40 @@ class Admin
public static function getID() public static function getID()
{ {
global $db_pass, $config; global $db_pass, $config, $isApi;
$enable_session_timeout = $config['enable_session_timeout'];
$session_timeout_duration = $config['session_timeout_duration'] ? intval($config['session_timeout_duration'] * 60) : intval(60 * 60); // Convert minutes to seconds
// Check if the session is active and valid $enable_session_timeout = $config['enable_session_timeout'] == 1;
if (isset($_SESSION['aid']) && isset($_SESSION['aid_expiration'])) { $session_timeout_duration = $config['session_timeout_duration'] ? intval($config['session_timeout_duration'] * 60) : intval(60 * 60); // Convert minutes to seconds
if ($_SESSION['aid_expiration'] > time()) { if(!$isApi){
if ($enable_session_timeout) { $enable_session_timeout = false;
$_SESSION['aid_expiration'] = time() + $session_timeout_duration;
} }
// Validate the token in the cookie if($enable_session_timeout && !empty($_SESSION['aid']) && !empty($_SESSION['aid_expiration'])){
if ($_SESSION['aid_expiration'] > time()) {
$isValid = self::validateToken($_SESSION['aid'], $_COOKIE['aid']); $isValid = self::validateToken($_SESSION['aid'], $_COOKIE['aid']);
if (!$isValid) { if (!$isValid) {
self::removeCookie(); self::removeCookie();
_alert(Lang::T('Token has expired. Please log in again.'), 'danger', "admin"); _alert(Lang::T('Token has expired. Please log in again.'), 'danger', "admin");
return 0; return 0;
} }
// extend timeout duration
$_SESSION['aid_expiration'] = time() + $session_timeout_duration;
return $_SESSION['aid']; return $_SESSION['aid'];
} }else{
// Session expired, log out the user // Session expired, log out the user
elseif ($enable_session_timeout && $_SESSION['aid_expiration'] <= time()) {
self::removeCookie(); self::removeCookie();
_alert(Lang::T('Session has expired. Please log in again.'), 'danger', "admin"); _alert(Lang::T('Session has expired. Please log in again.'), 'danger', "admin");
return 0; return 0;
} }
}else if (!empty($_SESSION['aid'])) {
$isValid = self::validateToken($_SESSION['aid'], $_COOKIE['aid']);
if (!$isValid) {
self::removeCookie();
_alert(Lang::T('Token has expired. Please log in again.'), 'danger', "admin");
return 0;
}
return $_SESSION['aid'];
} }
// Check if the cookie is set and valid // Check if the cookie is set and valid
elseif (isset($_COOKIE['aid'])) { elseif (isset($_COOKIE['aid'])) {
$tmp = explode('.', $_COOKIE['aid']); $tmp = explode('.', $_COOKIE['aid']);
@ -65,7 +71,7 @@ class Admin
} }
public static function setCookie($aid) public static function setCookie($aid)
{ {
global $db_pass, $config, $_app_stage; global $db_pass, $config;
$enable_session_timeout = $config['enable_session_timeout']; $enable_session_timeout = $config['enable_session_timeout'];
$session_timeout_duration = intval($config['session_timeout_duration']) * 60; // Convert minutes to seconds $session_timeout_duration = intval($config['session_timeout_duration']) * 60; // Convert minutes to seconds
@ -131,24 +137,14 @@ class Admin
public static function upsertToken($aid, $token) public static function upsertToken($aid, $token)
{ {
$query = ORM::for_table('tbl_users')->where('id', $aid)->findOne(); $query = ORM::for_table('tbl_users')->findOne($aid);
$query->login_token = $token; $query->login_token = sha1($token);
$query->save(); $query->save();
} }
public static function validateToken($aid, $cookieToken) public static function validateToken($aid, $cookieToken)
{ {
$query = ORM::for_table('tbl_users')->select('login_token')->where('id', $aid)->findOne(); $query = ORM::for_table('tbl_users')->select('login_token')->findOne($aid);
$storedToken = $query->login_token; return $query->login_token === sha1($cookieToken);
if (empty($storedToken)) {
return false;
}
if ($storedToken !== $cookieToken) {
return false;
}
return $storedToken === $cookieToken;
} }
} }

6
system/boot.php
View File

@ -79,8 +79,8 @@ $handler = $routes[0];
if ($handler == '') { if ($handler == '') {
$handler = 'default'; $handler = 'default';
} }
$admin = Admin::_info();
try { try {
$admin = Admin::_info();
$sys_render = $root_path . File::pathFixer('system/controllers/' . $handler . '.php'); $sys_render = $root_path . File::pathFixer('system/controllers/' . $handler . '.php');
if (file_exists($sys_render)) { if (file_exists($sys_render)) {
$menus = array(); $menus = array();
@ -128,7 +128,7 @@ try {
$e->getMessage() . "\n" . $e->getMessage() . "\n" .
$e->getTraceAsString() $e->getTraceAsString()
); );
if (!Admin::getID()) { if (empty($_SESSION['aid'])) {
$ui->display('customer/error.tpl'); die(); $ui->display('customer/error.tpl'); die();
} }
$ui->assign("error_message", $e->getMessage() . '<br><pre>' . $e->getTraceAsString() . '</pre>'); $ui->assign("error_message", $e->getMessage() . '<br><pre>' . $e->getTraceAsString() . '</pre>');
@ -141,7 +141,7 @@ try {
$e->getMessage() . "\n" . $e->getMessage() . "\n" .
$e->getTraceAsString() $e->getTraceAsString()
); );
if (!Admin::getID()) { if (empty($_SESSION['aid'])) {
$ui->display('customer/error.tpl'); die(); $ui->display('customer/error.tpl'); die();
} }
$ui->assign("error_message", $e->getMessage() . '<br><pre>' . $e->getTraceAsString() . '</pre>'); $ui->assign("error_message", $e->getMessage() . '<br><pre>' . $e->getTraceAsString() . '</pre>');

16
system/lan/indonesia.json
View File

@ -607,5 +607,19 @@
"Not_Working_with_Freeradius_Mysql": "Tidak Bekerja dengan Freeradius Mysql", "Not_Working_with_Freeradius_Mysql": "Tidak Bekerja dengan Freeradius Mysql",
"User_Cannot_change_this__only_admin__if_it_Empty_it_will_use_Customer_Credentials": "Pengguna tidak dapat mengubah ini, hanya admin. Jika Kosong, maka akan menggunakan Kredensial Pelanggan", "User_Cannot_change_this__only_admin__if_it_Empty_it_will_use_Customer_Credentials": "Pengguna tidak dapat mengubah ini, hanya admin. Jika Kosong, maka akan menggunakan Kredensial Pelanggan",
"Buy_this__your_active_package_will_be_overwritten": "Beli ini? Paket aktif Anda akan ditimpa", "Buy_this__your_active_package_will_be_overwritten": "Beli ini? Paket aktif Anda akan ditimpa",
"Pay_this_with_Balance__your_active_package_will_be_overwritten": "Bayar ini dengan Saldo? Paket aktif Anda akan ditimpa" "Pay_this_with_Balance__your_active_package_will_be_overwritten": "Bayar ini dengan Saldo? Paket aktif Anda akan ditimpa",
"Error": "Kesalahan",
"Internal_Error": "Kesalahan Internal",
"Sorry__the_software_failed_to_process_the_request__if_it_still_happening__please_tell": "Maaf, perangkat lunak gagal memproses permintaan, jika masih terjadi, mohon beri tahu",
"Try_Again": "Coba Lagi",
"Make_sure_you_use_API_Port__Default_8728": "Pastikan Anda menggunakan Port API, Default 8728",
"Make_sure_Username_and_Password_are_correct": "Pastikan Username dan Password sudah benar",
"Make_sure_your_hosting_not_blocking_port_to_external": "Pastikan hosting Anda tidak memblokir port ke eksternal",
"Make_sure_your_Mikrotik_accessible_from_PHPNuxBill": "Pastikan Mikrotik Anda dapat diakses dari PHPNuxBill",
"If_you_just_update_PHPNuxBill_from_upload_files__try_click_Update": "Jika Anda baru saja memperbarui PHPNuxBill dari mengunggah file, coba klik Perbarui",
"Update_PHPNuxBill": "Perbarui PHPNuxBill",
"Ask_Github_Community": "Tanya Komunitas Github",
"Ask_Telegram_Community": "Tanya Komunitas Telegram",
"Token_has_expired__Please_log_in_again_": "Token telah kedaluwarsa. Silakan masuk lagi.",
"danger": "bahaya"
} }