From ee73621c85cb6c15204f45c8f8036b41f744570d Mon Sep 17 00:00:00 2001 From: Ibnu Maksum Date: Sun, 31 Mar 2024 21:23:19 +0700 Subject: [PATCH] Found lazy way to create api --- init.php | 11 ++++++++- system/api.php | 42 ++++++++++++++++++++++++++------- system/controllers/admin.php | 7 ++++++ system/controllers/plan.php | 6 ----- system/controllers/settings.php | 15 ------------ 5 files changed, 50 insertions(+), 31 deletions(-) diff --git a/init.php b/init.php index e8b6a2de..85bfd3c6 100644 --- a/init.php +++ b/init.php @@ -11,7 +11,9 @@ if (realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME'])) { die(); } $root_path = realpath(dirname(__FILE__)) . DIRECTORY_SEPARATOR; -$isApi = false; +if(!isset($isApi)){ + $isApi = false; +} // on some server, it getting error because of slash is backwards function _autoloader($class) { @@ -243,6 +245,13 @@ function sendWhatsapp($phone, $txt) function r2($to, $ntype = 'e', $msg = '') { + global $isApi; + if ($isApi) { + showResult( + ($ntype=='s')? true : false, + $msg + ); + } if ($msg == '') { header("location: $to"); exit; diff --git a/system/api.php b/system/api.php index ac464724..f6367daf 100644 --- a/system/api.php +++ b/system/api.php @@ -1,7 +1,7 @@ assign[$key] = $value; } - - function get($key,) + function get($key) { if (isset($this->assign[$key])) { return $this->assign[$key]; } return ''; } + function getTemplateVars($key) + { + if (isset($this->assign[$key])) { + return $this->assign[$key]; + } + return ''; + } + function getAll() + { + return $this->assign; + } }; $req = _get('r'); # a/c.id.time.md5 # md5(a/c.id.time.$api_secret) -$token = _get('token'); +$token = _req('token'); $routes = explode('/', $req); $handler = $routes[0]; if (!empty($token)) { - if ($token == $config['api_key']) { $admin = ORM::for_table('tbl_users')->where('user_type', 'SuperAdmin')->find_one($id); if (empty($admin)) { @@ -59,18 +70,21 @@ if (!empty($token)) { } } else { # validate token - list($tipe, $uid, $time, $md5) = explode('.', $token); - if ($md5 != md5($uid . '.' . $time . '.' . $api_secret)) { + list($tipe, $uid, $time, $sha1) = explode('.', $token); + if (trim($sha1) != sha1($uid . '.' . $time . '.' . $db_password)) { showResult(false, Lang::T("Token is invalid")); } #cek token expiration - if ($time != 0 && time() > $time) { + // 3 bulan + if ($time != 0 && time()-$time > 7776000) { + die("$time != ". (time()-$time)); showResult(false, Lang::T("Token Expired"), [], ['login' => true]); } if ($tipe == 'a') { $_SESSION['aid'] = $uid; + $admin = Admin::_info(); } else if ($tipe == 'c') { $_SESSION['uid'] = $uid; } else { @@ -86,12 +100,22 @@ if (!empty($token)) { if ($handler == 'isValid') { showResult(true, Lang::T("Token is valid")); } + + if ($handler == 'me') { + $admin = Admin::_info(); + if (!empty($admin['id'])) { + showResult(true, "", $admin); + } else { + showResult(false, Lang::T("Token is invalid")); + } + } } try { $sys_render = File::pathFixer($root_path . 'system/controllers/' . $handler . '.php'); if (file_exists($sys_render)) { include($sys_render); + showResult(true, $req, $ui->getAll()); } else { showResult(false, Lang::T('Command not found')); } diff --git a/system/controllers/admin.php b/system/controllers/admin.php index 76bd7400..0d2faf00 100644 --- a/system/controllers/admin.php +++ b/system/controllers/admin.php @@ -30,6 +30,13 @@ switch ($do) { $d->last_login = date('Y-m-d H:i:s'); $d->save(); _log($username . ' ' . Lang::T('Login Successful'), $d['user_type'], $d['id']); + if ($isApi) { + if ($token) { + showResult(true, Lang::T('Login Successful'), ['token' => "a.".$token]); + } else { + showResult(false, Lang::T('Invalid Username or Password')); + } + } _alert(Lang::T('Login Successful'),'success', "dashboard"); } else { _log($username . ' ' . Lang::T('Failed Login'), $d['user_type']); diff --git a/system/controllers/plan.php b/system/controllers/plan.php index 940bc44d..042a0698 100644 --- a/system/controllers/plan.php +++ b/system/controllers/plan.php @@ -59,9 +59,6 @@ switch ($action) { } $log .= "DONE : $plan[username], $plan[namebp], $plan[type], $plan[routers]
"; } - if ($isApi) { - showResult(true, $log); - } r2(U . 'plan/list', 's', $log); case 'list': $ui->assign('xfooter', ''); @@ -75,9 +72,6 @@ switch ($action) { $d = Paginator::findMany($query); } run_hook('view_list_billing'); #HOOK - if ($isApi) { - showResult(true, $action, $d, ['search' => $search]); - } $ui->assign('d', $d); $ui->assign('search', $search); $ui->display('plan.tpl'); diff --git a/system/controllers/settings.php b/system/controllers/settings.php index d143b7b3..ad978029 100644 --- a/system/controllers/settings.php +++ b/system/controllers/settings.php @@ -336,12 +336,6 @@ switch ($action) { $admins[$adm['id']] = $adm['fullname']; } } - if ($isApi) { - showResult(true, $action, [ - 'admins' => $d, - 'roots' => $admins - ], ['search' => $search]); - } $ui->assign('admins', $admins); $ui->assign('d', $d); $ui->assign('search', $search); @@ -380,15 +374,6 @@ switch ($action) { if ($d['user_type'] == 'Sales') { $ui->assign('agent', ORM::for_table('tbl_users')->where('id', $d['root'])->find_array()[0]); } - if ($isApi) { - unset($d['password']); - $agent = $ui->get('agent'); - if ($agent) unset($agent['password']); - showResult(true, $action, [ - 'admin' => $d, - 'agent' => $agent - ], ['search' => $search]); - } $ui->assign('d', $d); $ui->assign('_title', $d['username']); $ui->display('users-view.tpl');