mirror of
https://github.com/hotspotbilling/phpnuxbill.git
synced 2024-09-20 23:06:27 +08:00
128 lines
3.3 KiB
PHP
128 lines
3.3 KiB
PHP
<?php
|
|
|
|
/**
|
|
* PHP Mikrotik Billing (https://github.com/hotspotbilling/phpnuxbill/)
|
|
* by https://t.me/ibnux
|
|
*
|
|
* This File is for API Access
|
|
**/
|
|
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === "OPTIONS" || $_SERVER['REQUEST_METHOD'] === "HEAD") {
|
|
header('Access-Control-Allow-Origin: *');
|
|
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization");
|
|
header("HTTP/1.1 200 OK");
|
|
die();
|
|
}
|
|
|
|
$isApi = true;
|
|
|
|
include "../init.php";
|
|
|
|
// Dummy Class
|
|
$ui = new class($key)
|
|
{
|
|
var $assign = [];
|
|
function display($key)
|
|
{
|
|
global $req;
|
|
showResult(true, $req, $this->getAll());
|
|
}
|
|
function assign($key, $value)
|
|
{
|
|
$this->assign[$key] = $value;
|
|
}
|
|
function get($key)
|
|
{
|
|
if (isset($this->assign[$key])) {
|
|
return $this->assign[$key];
|
|
}
|
|
return '';
|
|
}
|
|
function getTemplateVars($key)
|
|
{
|
|
if (isset($this->assign[$key])) {
|
|
return $this->assign[$key];
|
|
}
|
|
return '';
|
|
}
|
|
function getAll()
|
|
{
|
|
return $this->assign;
|
|
}
|
|
};
|
|
|
|
$req = _get('r');
|
|
# a/c.id.time.md5
|
|
# md5(a/c.id.time.$api_secret)
|
|
$token = _req('token');
|
|
$routes = explode('/', $req);
|
|
$handler = $routes[0];
|
|
|
|
if (!empty($token)) {
|
|
if ($token == $config['api_key']) {
|
|
$admin = ORM::for_table('tbl_users')->where('user_type', 'SuperAdmin')->find_one($id);
|
|
if (empty($admin)) {
|
|
$admin = ORM::for_table('tbl_users')->where('user_type', 'Admin')->find_one($id);
|
|
if (empty($admin)) {
|
|
showResult(false, Lang::T("Token is invalid"));
|
|
}
|
|
}
|
|
} else {
|
|
# validate token
|
|
list($tipe, $uid, $time, $sha1) = explode('.', $token);
|
|
if (trim($sha1) != sha1($uid . '.' . $time . '.' . $api_secret)) {
|
|
showResult(false, Lang::T("Token is invalid"));
|
|
}
|
|
|
|
#cek token expiration
|
|
// 3 bulan
|
|
if ($time != 0 && time() - $time > 7776000) {
|
|
die("$time != " . (time() - $time));
|
|
showResult(false, Lang::T("Token Expired"), [], ['login' => true]);
|
|
}
|
|
|
|
if ($tipe == 'a') {
|
|
$_SESSION['aid'] = $uid;
|
|
$admin = Admin::_info();
|
|
} else if ($tipe == 'c') {
|
|
$_SESSION['uid'] = $uid;
|
|
} else {
|
|
showResult(false, Lang::T("Unknown Token"), [], ['login' => true]);
|
|
}
|
|
}
|
|
|
|
if (!isset($handler) || empty($handler)) {
|
|
showResult(true, Lang::T("Token is valid"));
|
|
}
|
|
|
|
|
|
if ($handler == 'isValid') {
|
|
showResult(true, Lang::T("Token is valid"));
|
|
}
|
|
|
|
if ($handler == 'me') {
|
|
$admin = Admin::_info();
|
|
if (!empty($admin['id'])) {
|
|
showResult(true, "", $admin);
|
|
} else {
|
|
showResult(false, Lang::T("Token is invalid"));
|
|
}
|
|
}
|
|
}else{
|
|
unset($_COOKIE);
|
|
unset($_SESSION);
|
|
}
|
|
|
|
try {
|
|
$sys_render = File::pathFixer($root_path . 'system/controllers/' . $handler . '.php');
|
|
if (file_exists($sys_render)) {
|
|
include($sys_render);
|
|
showResult(true, $req, $ui->getAll());
|
|
} else {
|
|
showResult(false, Lang::T('Command not found'));
|
|
}
|
|
} catch (Exception $e) {
|
|
showResult(false, $e->getMessage());
|
|
}
|