diff --git a/src/Controller/RequestController.php b/src/Controller/RequestController.php index 992f712..0edc607 100644 --- a/src/Controller/RequestController.php +++ b/src/Controller/RequestController.php @@ -99,13 +99,18 @@ class RequestController } else { [$prefix,] = explode(separator: '.', string: $apiKey); $apiUsers = new ApiKeys(databaseConnection: $this->databaseConnection); - $apiResult = $apiUsers->findByPrefix(prefix: $prefix); - $storedHash = $apiResult['api_token']; - - if (!password_verify(password: $apiKey, hash: $storedHash)) { + if ($apiResult = $apiUsers->findByPrefix(prefix: $prefix)) { + $storedHash = $apiResult['api_token']; + if (!password_verify(password: $apiKey, hash: $storedHash)) { + $this->header = "401 Unauthorized"; + $this->status = "401 Unauthorized"; + $this->message = "API key mismatch."; + return false; + } + } else { $this->header = "401 Unauthorized"; $this->status = "401 Unauthorized"; - $this->message = "API key mismatch."; + $this->message = "API key not found."; return false; } } @@ -137,18 +142,21 @@ class RequestController public function handleDomainPostRequest(): void { $name = $_POST['name'] ?? ''; - $panelID = $_POST['panel_id'] ?? ''; + $panelID = intval(value: $_POST['panel_id'] ?? 0); $a = $_POST['a'] ?? ''; $aaaa = $_POST['aaaa'] ?? ''; if (empty($name)) { + $this->header = "400 Bad Request"; $this->status = "400 Bad Request"; $this->message = "A name is required"; } else { - if (empty($a) && empty($aaaa)) { + if (empty($a) && empty($aaaa) && empty($panelID)) { + $this->header = "400 Bad Request"; $this->status = "400 Bad Request"; - $this->message = "At least one IP address is required."; + $this->message = "At least one IP address or panel ID is required."; } else { if ($this->domainController->findByName(name: $name)) { + $this->header = "400 Bad request"; $this->status = "400 Bad request"; $this->message = "Domain: $name already exists."; } else {