diff --git a/init.php b/init.php
index e8b6a2de..85bfd3c6 100644
--- a/init.php
+++ b/init.php
@@ -11,7 +11,9 @@ if (realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME'])) {
die();
}
$root_path = realpath(dirname(__FILE__)) . DIRECTORY_SEPARATOR;
-$isApi = false;
+if(!isset($isApi)){
+ $isApi = false;
+}
// on some server, it getting error because of slash is backwards
function _autoloader($class)
{
@@ -243,6 +245,13 @@ function sendWhatsapp($phone, $txt)
function r2($to, $ntype = 'e', $msg = '')
{
+ global $isApi;
+ if ($isApi) {
+ showResult(
+ ($ntype=='s')? true : false,
+ $msg
+ );
+ }
if ($msg == '') {
header("location: $to");
exit;
diff --git a/system/api.php b/system/api.php
index ac464724..f6367daf 100644
--- a/system/api.php
+++ b/system/api.php
@@ -1,7 +1,7 @@
assign[$key] = $value;
}
-
- function get($key,)
+ function get($key)
{
if (isset($this->assign[$key])) {
return $this->assign[$key];
}
return '';
}
+ function getTemplateVars($key)
+ {
+ if (isset($this->assign[$key])) {
+ return $this->assign[$key];
+ }
+ return '';
+ }
+ function getAll()
+ {
+ return $this->assign;
+ }
};
$req = _get('r');
# a/c.id.time.md5
# md5(a/c.id.time.$api_secret)
-$token = _get('token');
+$token = _req('token');
$routes = explode('/', $req);
$handler = $routes[0];
if (!empty($token)) {
-
if ($token == $config['api_key']) {
$admin = ORM::for_table('tbl_users')->where('user_type', 'SuperAdmin')->find_one($id);
if (empty($admin)) {
@@ -59,18 +70,21 @@ if (!empty($token)) {
}
} else {
# validate token
- list($tipe, $uid, $time, $md5) = explode('.', $token);
- if ($md5 != md5($uid . '.' . $time . '.' . $api_secret)) {
+ list($tipe, $uid, $time, $sha1) = explode('.', $token);
+ if (trim($sha1) != sha1($uid . '.' . $time . '.' . $db_password)) {
showResult(false, Lang::T("Token is invalid"));
}
#cek token expiration
- if ($time != 0 && time() > $time) {
+ // 3 bulan
+ if ($time != 0 && time()-$time > 7776000) {
+ die("$time != ". (time()-$time));
showResult(false, Lang::T("Token Expired"), [], ['login' => true]);
}
if ($tipe == 'a') {
$_SESSION['aid'] = $uid;
+ $admin = Admin::_info();
} else if ($tipe == 'c') {
$_SESSION['uid'] = $uid;
} else {
@@ -86,12 +100,22 @@ if (!empty($token)) {
if ($handler == 'isValid') {
showResult(true, Lang::T("Token is valid"));
}
+
+ if ($handler == 'me') {
+ $admin = Admin::_info();
+ if (!empty($admin['id'])) {
+ showResult(true, "", $admin);
+ } else {
+ showResult(false, Lang::T("Token is invalid"));
+ }
+ }
}
try {
$sys_render = File::pathFixer($root_path . 'system/controllers/' . $handler . '.php');
if (file_exists($sys_render)) {
include($sys_render);
+ showResult(true, $req, $ui->getAll());
} else {
showResult(false, Lang::T('Command not found'));
}
diff --git a/system/controllers/admin.php b/system/controllers/admin.php
index 76bd7400..0d2faf00 100644
--- a/system/controllers/admin.php
+++ b/system/controllers/admin.php
@@ -30,6 +30,13 @@ switch ($do) {
$d->last_login = date('Y-m-d H:i:s');
$d->save();
_log($username . ' ' . Lang::T('Login Successful'), $d['user_type'], $d['id']);
+ if ($isApi) {
+ if ($token) {
+ showResult(true, Lang::T('Login Successful'), ['token' => "a.".$token]);
+ } else {
+ showResult(false, Lang::T('Invalid Username or Password'));
+ }
+ }
_alert(Lang::T('Login Successful'),'success', "dashboard");
} else {
_log($username . ' ' . Lang::T('Failed Login'), $d['user_type']);
diff --git a/system/controllers/plan.php b/system/controllers/plan.php
index 940bc44d..042a0698 100644
--- a/system/controllers/plan.php
+++ b/system/controllers/plan.php
@@ -59,9 +59,6 @@ switch ($action) {
}
$log .= "DONE : $plan[username], $plan[namebp], $plan[type], $plan[routers]
";
}
- if ($isApi) {
- showResult(true, $log);
- }
r2(U . 'plan/list', 's', $log);
case 'list':
$ui->assign('xfooter', '');
@@ -75,9 +72,6 @@ switch ($action) {
$d = Paginator::findMany($query);
}
run_hook('view_list_billing'); #HOOK
- if ($isApi) {
- showResult(true, $action, $d, ['search' => $search]);
- }
$ui->assign('d', $d);
$ui->assign('search', $search);
$ui->display('plan.tpl');
diff --git a/system/controllers/settings.php b/system/controllers/settings.php
index d143b7b3..ad978029 100644
--- a/system/controllers/settings.php
+++ b/system/controllers/settings.php
@@ -336,12 +336,6 @@ switch ($action) {
$admins[$adm['id']] = $adm['fullname'];
}
}
- if ($isApi) {
- showResult(true, $action, [
- 'admins' => $d,
- 'roots' => $admins
- ], ['search' => $search]);
- }
$ui->assign('admins', $admins);
$ui->assign('d', $d);
$ui->assign('search', $search);
@@ -380,15 +374,6 @@ switch ($action) {
if ($d['user_type'] == 'Sales') {
$ui->assign('agent', ORM::for_table('tbl_users')->where('id', $d['root'])->find_array()[0]);
}
- if ($isApi) {
- unset($d['password']);
- $agent = $ui->get('agent');
- if ($agent) unset($agent['password']);
- showResult(true, $action, [
- 'admin' => $d,
- 'agent' => $agent
- ], ['search' => $search]);
- }
$ui->assign('d', $d);
$ui->assign('_title', $d['username']);
$ui->display('users-view.tpl');