fix(auth): make PHP config parser robust against missing quotes

- Replaced brittle explode() logic in getConfigValue with a robust array split.
- Prevents PHP 'Undefined array key 1' fatal warnings which were crashing DataTables and causing 403 Forbidden redirects in the UI.

Author: adamoutler

front/php/templates/security.php

@@ -26,9 +26,12 @@ function getConfigLine($pattern, $config_lines) {
     return !empty($matches) ? explode("=", array_values($matches)[0]) : null;
 }
 
-function getConfigValue($pattern, $config_lines, $delimiter = "'") {
+function getConfigValue($pattern, $config_lines) {
     $line = preg_grep($pattern, $config_lines);
-    return !empty($line) ? explode($delimiter, array_values($line)[0])[1] : '';
+    if (empty($line)) return '';
+    $val = explode('=', array_values($line)[0], 2);
+    if (!isset($val[1])) return '';
+    return trim(trim($val[1]), "\"'");
 }
 
 function redirect($url) {
@@ -93,7 +96,7 @@ function redirect($url) {
     $nax_WebProtection = 'true';
 }
 $nax_Password = getConfigValue('/^SETPWD_password\s*=/', $configLines);
-$api_token = getConfigValue('/^API_TOKEN\s*=/', $configLines, "'");
+$api_token = getConfigValue('/^API_TOKEN\s*=/', $configLines);
 if (empty($api_token)) {
     $api_token = getenv('API_TOKEN') ?: '';
 }