Added more security flags to prevent XSS attack from cookie.

system/controllers/admin.php

@@ -5,6 +5,10 @@
  *  by https://t.me/ibnux
  **/
 
+ header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
+ header("Expires: Tue, 01 Jan 2000 00:00:00 GMT");
+ header("Pragma: no-cache");
+
 if(Admin::getID()){
     r2(U.'dashboard', "s", Lang::T("You are already logged in"));
 }

system/controllers/login.php

@@ -5,6 +5,10 @@
  *  by https://t.me/ibnux
  **/
 
+header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
+header("Expires: Tue, 01 Jan 2000 00:00:00 GMT");
+header("Pragma: no-cache");
+
 $maintenance_mode = $config['maintenance_mode'];
 if ($maintenance_mode == true) {
     displayMaintenanceMessage();

system/controllers/logout.php

@@ -1,12 +1,17 @@
 <?php
+
 /**
  *  PHP Mikrotik Billing (https://github.com/hotspotbilling/phpnuxbill/)
  *  by https://t.me/ibnux
  **/
 
+header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
+header("Expires: Tue, 01 Jan 2000 00:00:00 GMT");
+header("Pragma: no-cache");
+
 run_hook('customer_logout'); #HOOK
 if (session_status() == PHP_SESSION_NONE) session_start();
 Admin::removeCookie();
 User::removeCookie();
 session_destroy();
-_alert(Lang::T('Logout Successful'),'warning', "login");
+_alert(Lang::T('Logout Successful'), 'warning', "login");