ADD Creative,
sorry for so long replay. I thought no one will replay me, so I did not check this topic.
I changed my line 11, but not only the line, but full if function.
Code: Select all
<?php
class ControllerApiLogin extends Controller {
public function index() {
$this->load->language('api/login');
$json = array();
$this->load->model('account/api');
// Login with API Key
if(isset($this->request->post['username'])) {
$api_info = $this->model_account_api->login($this->request->post['username'], $this->request->post['key']);
} else {
$api_info = $this->model_account_api->login('Default', $this->request->post['key']);
}
if ($api_info) {
// Check if IP is allowed
$ip_data = array();
$results = $this->model_account_api->getApiIps($api_info['api_id']);
foreach ($results as $result) {
$ip_data[] = trim($result['ip']);
}
if (!in_array($this->request->server['REMOTE_ADDR'], $ip_data)) {
$json['error']['ip'] = sprintf($this->language->get('error_ip'), $this->request->server['REMOTE_ADDR']);
}
if (!$json) {
$json['success'] = $this->language->get('text_success');
$session = new Session($config->get('session_engine'), $registry);
$session->start();
$this->model_account_api->addApiSession($api_info['api_id'], $session->getId(), $this->request->server['REMOTE_ADDR']);
$session->data['api_id'] = $api_info['api_id'];
// Create Token
$json['api_token'] = $session->getId();
} else {
$json['error']['key'] = $this->language->get('error_key');
}
}
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
}
I switched off display errors, but same problem happens, but this time it shows me error in
catalog/controller/startup/session.php on line 8.
This file looks like this:
Code: Select all
<?php
class ControllerStartupSession extends Controller {
public function index() {
if (isset($this->request->get['route']) && substr($this->request->get['route'], 0, 4) == 'api/') {
$this->db->query("DELETE FROM `" . DB_PREFIX . "api_session` WHERE TIMESTAMPADD(HOUR, 1, date_modified) < NOW()");
// Make sure the IP is allowed
$api_query = $this->db->query("SELECT DISTINCT * FROM `" . DB_PREFIX . "api` `a` LEFT JOIN `" . DB_PREFIX . "api_session` `as` ON (a.api_id = as.api_id) LEFT JOIN " . DB_PREFIX . "api_ip `ai` ON (a.api_id = ai.api_id) WHERE a.status = '1' AND `as`.`session_id` = '" . $this->db->escape($this->request->get['api_token']) . "' AND ai.ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "'");
if ($api_query->num_rows) {
$this->session->start($this->request->get['api_token']);
// keep the session alive
$this->db->query("UPDATE `" . DB_PREFIX . "api_session` SET `date_modified` = NOW() WHERE `api_session_id` = '" . (int)$api_query->row['api_session_id'] . "'");
}
} else {
if (isset($_COOKIE[$this->config->get('session_name')])) {
$session_id = $_COOKIE[$this->config->get('session_name')];
} else {
$session_id = '';
}
$this->session->start($session_id);
setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
}
}
}
the line 8 is this:
Code: Select all
$api_query = $this->db->query("SELECT DISTINCT * FROM `" . DB_PREFIX . "api` `a` LEFT JOIN `" . DB_PREFIX . "api_session` `as` ON (a.api_id = as.api_id) LEFT JOIN " . DB_PREFIX . "api_ip `ai` ON (a.api_id = ai.api_id) WHERE a.status = '1' AND `as`.`session_id` = '" . $this->db->escape($this->request->get['api_token']) . "' AND ai.ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "'");
I guess I have to change it in the same way as I changed the login.php...
Any suggestion what to do now?
Thank You