fixed messing with invalid api key

Signed-off-by: tracer <tracer@24unix.net>

src/Controller/RequestController.php

@@ -99,13 +99,18 @@ class RequestController
 		} else {
 			[$prefix,] = explode(separator: '.', string: $apiKey);
 			$apiUsers = new ApiKeys(databaseConnection: $this->databaseConnection);
-			$apiResult = $apiUsers->findByPrefix(prefix: $prefix);
-			$storedHash = $apiResult['api_token'];
-			
-			if (!password_verify(password: $apiKey, hash: $storedHash)) {
+			if ($apiResult = $apiUsers->findByPrefix(prefix: $prefix)) {
+				$storedHash = $apiResult['api_token'];
+				if (!password_verify(password: $apiKey, hash: $storedHash)) {
+					$this->header = "401 Unauthorized";
+					$this->status = "401 Unauthorized";
+					$this->message = "API key mismatch.";
+					return false;
+				}
+			} else {
 				$this->header = "401 Unauthorized";
 				$this->status = "401 Unauthorized";
-				$this->message = "API key mismatch.";
+				$this->message = "API key not found.";
 				return false;
 			}
 		}
@@ -137,18 +142,21 @@ class RequestController
 	public function handleDomainPostRequest(): void
 	{
 		$name = $_POST['name'] ?? '';
-		$panelID = $_POST['panel_id'] ?? '';
+		$panelID = intval(value: $_POST['panel_id'] ?? 0);
 		$a = $_POST['a'] ?? '';
 		$aaaa = $_POST['aaaa'] ?? '';
 		if (empty($name)) {
+			$this->header = "400 Bad Request";
 			$this->status = "400 Bad Request";
 			$this->message = "A name is required";
 		} else {
-			if (empty($a) && empty($aaaa)) {
+			if (empty($a) && empty($aaaa) && empty($panelID)) {
+				$this->header = "400 Bad Request";
 				$this->status = "400 Bad Request";
-				$this->message = "At least one IP address is required.";
+				$this->message = "At least one IP address or panel ID is required.";
 			} else {
 				if ($this->domainController->findByName(name: $name)) {
+					$this->header = "400 Bad request";
 					$this->status = "400 Bad request";
 					$this->message = "Domain: $name already exists.";
 				} else {