fix rest api, need to change every variable to readable

2024-04-01 13:01:21 +07:00
parent ee73621c85
commit 254fd4ccf7
4 changed files with 26 additions and 16 deletions
--- a/system/api.php
+++ b/system/api.php
@ -1,7 +1,7 @@
 <?php

 /**
- *  PHP Mikrotik Billing (https://github.com/SiberTech/)
+ *  PHP Mikrotik Billing (https://github.com/hotspotbilling/phpnuxbill/)
 *  by https://t.me/ibnux
 *
 * This File is for API Access
@ -19,8 +19,6 @@ $isApi = true;

 include "../init.php";

-unset($_COOKIE['aid']);
-
 // Dummy Class
 $ui = new class($key)
 {
@ -71,14 +69,14 @@ if (!empty($token)) {
    } else {
        # validate token
        list($tipe, $uid, $time, $sha1) = explode('.', $token);
-        if (trim($sha1) != sha1($uid . '.' . $time . '.' . $db_password)) {
+        if (trim($sha1) != sha1($uid . '.' . $time . '.' . $api_secret)) {
            showResult(false, Lang::T("Token is invalid"));
        }

        #cek token expiration
        // 3 bulan
-        if ($time != 0 && time()-$time > 7776000) {
-            die("$time != ". (time()-$time));
+        if ($time != 0 && time() - $time > 7776000) {
+            die("$time != " . (time() - $time));
            showResult(false, Lang::T("Token Expired"), [], ['login' => true]);
        }

@ -109,6 +107,9 @@ if (!empty($token)) {
            showResult(false, Lang::T("Token is invalid"));
        }
    }
+}else{
+    unset($_COOKIE);
+    unset($_SESSION);
 }

 try {
--- a/system/autoload/Admin.php
+++ b/system/autoload/Admin.php
@ -32,10 +32,14 @@ class Admin
        global $db_password;
        if (isset($aid)) {
            $time = time();
-            setcookie('aid', $aid . '.' . $time . '.' . sha1($aid . '.' . $time . '.' . $db_password), time() + 86400 * 7);
+            $token = $aid . '.' . $time . '.' . sha1($aid . '.' . $time . '.' . $db_password);
+            setcookie('aid', $token, time() + 86400 * 7);
+            return $token;
        }
+        return '';
    }

+
    public static function removeCookie()
    {
        if (isset($_COOKIE['aid'])) {
--- a/system/controllers/admin.php
+++ b/system/controllers/admin.php
@ -6,7 +6,7 @@
 **/

 if(Admin::getID()){
-    r2(U.'dashboard');
+    r2(U.'dashboard', "s", Lang::T("You are already logged in"));
 }

 if (isset($routes['1'])) {
@ -26,7 +26,7 @@ switch ($do) {
                $d_pass = $d['password'];
                if (Password::_verify($password, $d_pass) == true) {
                    $_SESSION['aid'] = $d['id'];
-                    Admin::setCookie($d['id']);
+                    $token = Admin::setCookie($d['id']);
                    $d->last_login = date('Y-m-d H:i:s');
                    $d->save();
                    _log($username . ' ' . Lang::T('Login Successful'), $d['user_type'], $d['id']);
@ -40,13 +40,13 @@ switch ($do) {
                    _alert(Lang::T('Login Successful'),'success', "dashboard");
                } else {
                    _log($username . ' ' . Lang::T('Failed Login'), $d['user_type']);
-                    _alert(Lang::T('Invalid Username or Password'),'danger', "admin");
+                    _alert(Lang::T('Invalid Username or Password').".",'danger', "admin");
                }
            } else {
-                _alert(Lang::T('Invalid Username or Password'),'danger', "admin");
+                _alert(Lang::T('Invalid Username or Password')."..",'danger', "admin");
            }
        } else {
-            _alert(Lang::T('Invalid Username or Password'),'danger', "admin");
+            _alert(Lang::T('Invalid Username or Password')."...",'danger', "admin");
        }

        break;