session without cookie fix

2025-02-22 03:36:30 +01:00 · 2023-10-09 07:40:13 +02:00 · 2023-10-09 07:40:13 +02:00 · 9213ca6a70
commit 9213ca6a70
parent 01a9f06617
8 changed files with 37 additions and 24 deletions
--- a/copri4/main/src/Mod/APIfunc.pm
+++ b/copri4/main/src/Mod/APIfunc.pm
@ -3141,6 +3141,7 @@ sub authcookie_manager {
 my %varenv = $cf->envonline();

   my $authcookie=md5_hex($record->{txt08}.$q->escapeHTML($hw_id));
+   $bw->log("generating authcookie with input: $record->{txt08}.$hw_id",$authcookie,"");
   $authcookie = $record->{c_id} . "_" . $authcookie . "_" . $q->escapeHTML($merchant_id); 

   #if user_id && user_pw matched
--- a/copri4/main/src/Mod/DBtank.pm
+++ b/copri4/main/src/Mod/DBtank.pm
@ -799,7 +799,7 @@ sub fetch_record(){
     	$where .= " and ct.$key $op '$value'";
     }
   }
-   if($key =~ /^(c_id|barcode|int\d+|owner|contentadr_id)$/){
+   if($key =~ /^(c_id|ca_id|barcode|int\d+|owner|contentadr_id)$/){
    if(looks_like_number($value) || $value eq "null"){
     if($value eq "null"){
        $where .= " and (ct.$key is null OR ct.$key = 0)";
@ -835,7 +835,7 @@ sub fetch_record(){

 #ct.* because of nd.txt01 and ct.txt01 .
 my $sql = "SELECT ct.*,rel.*,nd.node_name,nd.parent_id,nd.type_id,nd.energy_id FROM $fetch->{table} ct, relation rel, nodes nd $where $order";
- #$bw->log("DBtank fetch_record : ",$sql,"") if($debug);
+ $bw->log("DBtank fetch_record : ",$sql,"") if($debug);
 my $sth = $dbh->prepare($sql);
 my $rc = $sth->execute();

--- a/copri4/main/src/Mod/Indexsharee.pm
+++ b/copri4/main/src/Mod/Indexsharee.pm
@ -64,6 +64,7 @@ sub handler {
 my $html_charset = "utf-8";
 my $user_agent = $q->user_agent();

+ my $debug=1;
 my $lang = "en";
 $lang = $1 if($q->http('Accept-Language') =~ /^(\w+)/);
 $lang = lc($lang) if($lang);
@ -139,9 +140,11 @@ sub handler {

    my $hw_id = unpack ('H*', pack('Nc', time, $$ % 0xff));#old $co
    #3. authorize
-    my $author = $apif->authorization($q,$varenv{merchant_id},$hw_id,$lang,$aowner);#$co like browser hw_id
+    my $author = { authcookie => ""};
+    $author = $apif->authorization($q,$varenv{merchant_id},$hw_id,$lang,$aowner);#$co like browser hw_id
    #4. verify and get user values
    ($api_return,$users_sharee) = $apif->auth_verify($q,$author->{authcookie},"");
+    #print "$author->{authcookie},$users_sharee->{c_id}"; exit; 

    #5. domcookie by authcookie substr (cut first 15 chars), AND also sessionid 
    if($author->{authcookie} && length($author->{authcookie}) > 30){
@ -169,8 +172,12 @@ sub handler {
 my $session="";
 my $session_and="";
 if(length($coo) > 20 && !$q->cookie(-name=>'domcookie')){
+ #if(length($coo) > 20){#breaks login
        $session = "?sessionid=$coo";
        $session_and = "&sessionid=$coo";
+	$bw->log("Indexsharee authcookie userid=$users_sharee->{c_id} by using sessionid=$coo with merchant_id $varenv{merchant_id}, project_id $varenv{project_id}, referer=$referer, path=$path, access_owner $aowner",$varenv{merchant_id},"");
+ }else{
+	$bw->log("Indexsharee authcookie userid=$users_sharee->{c_id} by using cookie=$coo with merchant_id $varenv{merchant_id}, project_id $varenv{project_id}, referer=$referer, path=$path, access_owner $aowner",$varenv{merchant_id},"");
 }

 #DMS
@ -253,12 +260,12 @@ sub handler {
 }
 
 my $tpl = $dbt->get_tpl($dbh,"302001");#Kundendaten template
- $tpl->{tpl_order} .= ",txt04,txt08";
+ $tpl->{tpl_order} .= ",txt04,txt08,int14";


 if($R::login_sharee){
  if($users_sharee->{c_id} && (!$payable_check || ($users_sharee->{txt31} && $tpl->{tpl_order} =~ /$users_sharee->{txt31}/))){
-      my $row = $db->updater("contentadr","c_id","$users_sharee->{c_id}","int12","1");#Vde
+      my $row = $db->updater("contentadr","c_id","$users_sharee->{c_id}","int12","1") if(!$payable_check);#Vde
      print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1}$session");
      exit 0;
  }elsif($users_sharee->{c_id} && !$payable_check){
@ -495,7 +502,7 @@ sub handler {
     if($returnwww =~ /conflict_txt22/){
          $return = $tk->delete_account($users_sharee->{c_id},$users_dms->{u_id});
          $apif->authout($q,$coo) if($coo);
-          print redirect("$varenv{wwwhost}/$varenv{mandant}/Anmelden?conflict_failure=1");
+          print redirect("$varenv{wwwhost}/$varenv{mandant}/Anmelden?conflict_failure=1$session_and");
          exit 0;
     }
     print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_2}?cum=1$session_and\&$returnwww");
@ -567,6 +574,9 @@ sub handler {
 	   #$payone_txid = $payone->preauthorizationCC_main(\%varenv,$users_sharee,$ctt,$aowner);
 	   #if($payone_txid)
     	   if(1==1){
+   	     open(FILE,">>$varenv{logdir}/confirm.log") if($debug);
+   	     print FILE "\n\n*--> $now_dt done by $0\n" if($debug);
+   	     print FILE "trigger confirm-code request by pseudocardpan\n" if($debug);

 	     #$ctt->{txt16} = "$payone_txid";
 	     #$payone_txid = $payone->captureCC_main(\%varenv,$users_sharee,$ctt,$aowner);
@ -578,7 +588,7 @@ sub handler {
   	     if(($users_sharee->{int13} != 1) && ($users_sharee->{txt07} =~ /\d{9}/ && length($users_sharee->{txt07}) <= 16)){
    		$tk->smsack($users_sharee);
   	     }
-
+	     close(FILE) if($debug);
     	   }else{
             $dbt->update_one($dbh,$update_adr,"int12=$vde_on_fail");#Vde
     	   }
@ -597,17 +607,19 @@ sub handler {
  }


-  my $debug=0;
-  $debug=1;
  #send confirm codes
  if($users_sharee->{c_id} && $users_sharee->{txt34} && length($users_sharee->{txt34}) > 10 && $payable_check && $R::sharee_edit && $R::sharee_edit =~ /save_account|send_email|send_sms/){
+   open(FILE,">>$varenv{logdir}/confirm.log") if($debug);
+   print FILE "\n\n*--> $now_dt done by $0\n" if($debug);
+   print FILE "trigger confirm-code request by $R::sharee_edit\n" if($debug);

-   if(($users_sharee->{int04} != 1 || $R::sharee_edit =~ /send_email/) && ($users_sharee->{txt08} =~ /\w\@\w/)){
+   if(($users_sharee->{int04} != 1 && $R::sharee_edit =~ /send_email/) && ($users_sharee->{txt08} =~ /\w\@\w/)){
    $tk->emailack(\%varenv,$users_sharee->{c_id});
   }
-   if(($users_sharee->{int13} != 1 || $R::sharee_edit =~ /send_sms/) && ($users_sharee->{txt07} =~ /\d{9}/ && length($users_sharee->{txt07}) <= 16)){
+   if(($users_sharee->{int13} != 1 && $R::sharee_edit =~ /send_sms/) && ($users_sharee->{txt07} =~ /\d{9}/ && length($users_sharee->{txt07}) <= 16)){
    $tk->smsack($users_sharee);
   }
+   close(FILE) if($debug);
  }#send confirm code

  #email and sms acknowledgments, check and save confirm states
@ -691,7 +703,7 @@ sub handler {
    }
    close(FILE) if($debug);
    if($users_sharee->{c_id} && $users_sharee->{int04} && $users_sharee->{int13}){
-      print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_3}?confirm_success=1");
+      print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_3}?confirm_success=1$session_and");
      exit 0;
    }
  }#end confirm
@ -723,7 +735,7 @@ sub handler {
      exit 0;
     }
     elsif($payable_check && (!$users_sharee->{int04} || !$users_sharee->{int13})){
-      print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_3}?cum=2$session_and\&$returnwww");
+      print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_3}?cum=2\&sharee_edit=send_email_send_sms$session_and\&$returnwww");#send both
      exit 0;
     }
     elsif($payable_check){
@ -732,7 +744,7 @@ sub handler {
     }
    }elsif($path =~ /$varenv{mandant}\/$varenv{profile}/ && $referer !~ /failure=\w/){
     if((!$users_sharee->{int14}) || ($users_sharee->{txt31} && $tpl->{tpl_order} =~ /$users_sharee->{txt31}/)){
-      print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1}?failure=$users_sharee->{txt31}$session_and#top");
+      print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1}?cum=3\&failure=$users_sharee->{txt31}$session_and#top");
      exit 0;
     }elsif(!$payable_check){
      print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1_5}?cum=3$session_and\&$returnwww");
@ -743,8 +755,8 @@ sub handler {
     }  
    }
   }
-   #disabled
-   elsif(1==2 && $users_sharee->{c_id} && ($path =~ /$varenv{mandant}\/Anmelden|$varenv{mandant}\/$varenv{profile}/)){
+   #redirect used by App user profile button 
+   elsif($session && $users_sharee->{c_id} && ($path =~ /$varenv{mandant}\/Anmelden|$varenv{mandant}\/$varenv{profile}/)){
    if(!$users_sharee->{int14}){
      print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1}?cum=4$session_and\&$returnwww");
      exit 0;
--- a/copri4/main/src/Tpl/BaseEdit.pm
+++ b/copri4/main/src/Tpl/BaseEdit.pm
@ -531,7 +531,7 @@ EOF
 	  $cttpos->{$key} = $q->unescapeHTML("$cttpos->{$key}");
          $cttpos->{$key} = $lb->newline($cttpos->{$key},"","");
       	  print $q->Tr(),"\n";
-	  print $q->td({-class=>'content1_cms',-colspan=>2},"response-log<br />$cttpos->{$key}"),"\n";
+	  print $q->td({-class=>'content1_cms',-colspan=>2},"response-log$cttpos->{$key}"),"\n";
 	 }
        }elsif($key =~ /txt/){
       	  print $q->Tr(),"\n";
--- a/copri4/main/src/Tpl/Calorin.pm
+++ b/copri4/main/src/Tpl/Calorin.pm
@ -480,7 +480,7 @@ sub tpl(){

 		#Parts and prepaids
 		if($cttpos->{$pid}->{template_id} && $cttpos->{$pid}->{template_id} =~ /219|224|229/){
-		  $part_path = "Prepaid";
+		  $part_path = "Prepaid" if($cttpos->{$pid}->{template_id} == 219);
            	  print $q->div({-style=>"float:left;margin-left:$c_left"}, "$i) $edit_pos $pos_id &rarr; $start_time &rarr; $part_path Nr. $bikenr &rarr; $kunde &rarr; $u_name/$u_name_end $comment_view"),"\n";
 		}else{
 		  print $q->div({-style=>"float:left;margin-left:$c_left"}, "$i) $edit_pos $pos_id &rarr; <span style='$time_style'>$start_time – $end_time</span> &rarr; $kunde &rarr; Start Station $start_station &rarr; End Station $end_station &rarr; Bike $bikenr $status $lock_state &rarr; $u_name/$u_name_end<br /><span style='padding-left:60px;'>$charge $track_info $comment_view</span>"),"\n";
--- a/copri4/shareeapp-operator/src/Tpl/AccountSubmenu.pm
+++ b/copri4/shareeapp-operator/src/Tpl/AccountSubmenu.pm
@ -143,7 +143,7 @@ if(1==1){

 	  #sharee AGB
    	  if(!$users_sharee->{int14}){
-	   print $q->li($q->a({-style=>"$mstyle_1",-title=>"$node1->{$id1}->{node_name}", -href=>"/$viewsel[0]/Account/$node1->{$id1}->{node_name}$session"}, $q->img({-src=>"$varenv->{metahost}/img/Account_Kundendaten.svg"}))),"\n";
+	   print $q->li($q->a({-style=>"$mstyle_1",-title=>"$varenv->{accounting_1}", -href=>"/$viewsel[0]/Account/$varenv->{accounting_1}$session"}, $q->img({-src=>"$varenv->{metahost}/img/Account_Kundendaten.svg"}))),"\n";
 	  }
 	  elsif(!$users_sharee->{int03}){
 	   print $q->li($q->a({-style=>"$mstyle_1",-title=>"$varenv->{accounting_1}", -href=>"/$viewsel[0]/Account/$varenv->{accounting_1}$session"}, $q->img({-src=>"$varenv->{metahost}/img/Account_Kundendaten.svg"}))),"\n";
--- a/copri4/shareeapp-operator/src/Tpl/Anmelden.pm
+++ b/copri4/shareeapp-operator/src/Tpl/Anmelden.pm
@ -132,11 +132,11 @@ sub tpl(){
      print $q->div({-class=>'content2',-style=>'color:#c83434'},"$varenv->{cms}->{'iframe-uhps'}->{txt}"),"\n";
      print $q->div({-class=>'content2'}, "$varenv->{cms}->{'iframe-account-conflict'}->{txt}"),"\n";
      #Bitte beachten Sie: nach 60 Minuten verfallen unbestätigte Formulare und Zugangsdaten.
-      print $q->div($q->a({-style=>"background-color:#ffffff;color:#$bgcolor1;font-size:1.1em;text-decoration:none;", -role=>'button', -href=>"$varenv->{wwwhost}/$varenv->{mandant}/Account"}, "$varenv->{cms}->{'iframe-request-pw'}->{txt}")),"\n";
+      print $q->div($q->a({-style=>"background-color:#ffffff;color:#$bgcolor1;font-size:1.1em;text-decoration:none;", -role=>'button', -href=>"$varenv->{wwwhost}/$varenv->{mandant}/Account?sessionid=$R::sessionid"}, "$varenv->{cms}->{'iframe-request-pw'}->{txt}")),"\n";
      print $q->div({-class=>'content2'}, "$varenv->{cms}->{'iframe-contact-us'}->{txt}"),"\n";
    }
    print $q->div({-class=>'content2',-style=>'font-size:1.2em;'}, "$varenv->{cms}->{'iframe-login'}->{txt}"),"\n";  
-    print $q->div({-style=>'color:#c83434'},"Login verweigert. ",$q->a({-class=>"", -style=>"color:gray;", -role=>"button", -href=>"$varenv->{wwwhost}/$varenv->{mandant}/Account"}, "$varenv->{cms}->{'iframe-request-pw'}->{txt}")),"\n" if($R::failure);
+    print $q->div({-style=>'color:#c83434'},"Login verweigert. ",$q->a({-class=>"", -style=>"color:gray;", -role=>"button", -href=>"$varenv->{wwwhost}/$varenv->{mandant}/Account?sessionid=$R::sessionid"}, "$varenv->{cms}->{'iframe-request-pw'}->{txt}")),"\n" if($R::failure);
    print $q->div({-style=>'color:#c83434'},"Login verweigert. "),"\n" if($R::basicauthfailure);
    print $q->label({-for=>'Email'},""),"\n";
    print $q->textfield(-class=>'form-control', -name=>'user_id', -value=>'', -override=>1, -type=>'email',-class=>'form-control', -id=>'Email', -placeholder=>'E-Mail Adresse', -required=>1, -autofocus=>1),"\n";
@ -150,9 +150,9 @@ sub tpl(){
   # print $q->div({-style=>'margin-top:1em;'},"<div type='text' onClick='javascript:request_apiauth(\"$varenv->{wwwhost}\",\"/$varenv->{mandant}/$varenv->{profile}\")' name='login_sharee' value='Login' class='btn btn-primary btn-lg btn-block'>Anmelden</div>"),"\n";
    print $q->div({-style=>'margin-top:1em;text-align:center;'},"<button type='submit' name='login_sharee' value='Login' class='btn btn-primary btn-lg btn-block' style='border:1px solid #$bgcolor1;background-color:#$bgcolor1;'>$varenv->{cms}->{'iframe-login'}->{txt}</button>"),"\n";

-      print $q->div({-style=>'margin-top:1em;text-align:center;'},$q->a({-class=>"btn btn-default btn-lg btn-block", -style=>"background-color:#ffffff;color:#$bgcolor1;", -role=>"button", -href=>"$varenv->{wwwhost}/$varenv->{mandant}/Account/$varenv->{accounting_1}"}, "$varenv->{cms}->{'iframe-new-account'}->{txt}")),"\n";
+      print $q->div({-style=>'margin-top:1em;text-align:center;'},$q->a({-class=>"btn btn-default btn-lg btn-block", -style=>"background-color:#ffffff;color:#$bgcolor1;", -role=>"button", -href=>"$varenv->{wwwhost}/$varenv->{mandant}/Account/$varenv->{accounting_1}?sessionid=$R::sessionid"}, "$varenv->{cms}->{'iframe-new-account'}->{txt}")),"\n";

-      print $q->div({-style=>'margin-top:1em;text-align:center;'},$q->a({-class=>"", -style=>"background-color:#ffffff;color:#$bgcolor1;font-size:1.1em;text-decoration:underline;", -role=>"button", -href=>"$varenv->{wwwhost}/$varenv->{mandant}/Account"}, "$varenv->{cms}->{'iframe-request-pw'}->{txt}")),"\n";
+      print $q->div({-style=>'margin-top:1em;text-align:center;'},$q->a({-class=>"", -style=>"background-color:#ffffff;color:#$bgcolor1;font-size:1.1em;text-decoration:underline;", -role=>"button", -href=>"$varenv->{wwwhost}/$varenv->{mandant}/Account?sessionid=$R::sessionid"}, "$varenv->{cms}->{'iframe-request-pw'}->{txt}")),"\n";

  }
  print "</div>\n";
--- a/copri4/shareeapp-operator/src/Tpl/FormEdit.pm
+++ b/copri4/shareeapp-operator/src/Tpl/FormEdit.pm
@ -610,7 +610,7 @@ EOF

        #sharee AGB global new
        if($key eq "int14" && $size eq "checkbox"){
-	  $required="";
+	  $required="required";
 	  #bootstrap 5
 	  my $sharee_agb = "<button type='button' class='btn btn-primary ' style='padding:1px 40px;border:1px solid #$bgcolor1;background-color:#$bgcolor1;' data-bs-toggle='modal' data-bs-target='#sharee_agb'>$des</button>\n";