fixed messing with invalid api key

Signed-off-by: tracer <tracer@24unix.net>
This commit is contained in:
tracer 2022-01-27 15:16:20 +01:00
parent d1182c6243
commit 2e779ed606
1 changed files with 16 additions and 8 deletions

View File

@ -99,13 +99,18 @@ class RequestController
} else {
[$prefix,] = explode(separator: '.', string: $apiKey);
$apiUsers = new ApiKeys(databaseConnection: $this->databaseConnection);
$apiResult = $apiUsers->findByPrefix(prefix: $prefix);
$storedHash = $apiResult['api_token'];
if (!password_verify(password: $apiKey, hash: $storedHash)) {
if ($apiResult = $apiUsers->findByPrefix(prefix: $prefix)) {
$storedHash = $apiResult['api_token'];
if (!password_verify(password: $apiKey, hash: $storedHash)) {
$this->header = "401 Unauthorized";
$this->status = "401 Unauthorized";
$this->message = "API key mismatch.";
return false;
}
} else {
$this->header = "401 Unauthorized";
$this->status = "401 Unauthorized";
$this->message = "API key mismatch.";
$this->message = "API key not found.";
return false;
}
}
@ -137,18 +142,21 @@ class RequestController
public function handleDomainPostRequest(): void
{
$name = $_POST['name'] ?? '';
$panelID = $_POST['panel_id'] ?? '';
$panelID = intval(value: $_POST['panel_id'] ?? 0);
$a = $_POST['a'] ?? '';
$aaaa = $_POST['aaaa'] ?? '';
if (empty($name)) {
$this->header = "400 Bad Request";
$this->status = "400 Bad Request";
$this->message = "A name is required";
} else {
if (empty($a) && empty($aaaa)) {
if (empty($a) && empty($aaaa) && empty($panelID)) {
$this->header = "400 Bad Request";
$this->status = "400 Bad Request";
$this->message = "At least one IP address is required.";
$this->message = "At least one IP address or panel ID is required.";
} else {
if ($this->domainController->findByName(name: $name)) {
$this->header = "400 Bad request";
$this->status = "400 Bad request";
$this->message = "Domain: $name already exists.";
} else {