From 9213ca6a70890f1c241d379a4a7c3be994411367 Mon Sep 17 00:00:00 2001 From: ragu Date: Mon, 9 Oct 2023 07:40:13 +0200 Subject: [PATCH] session without cookie fix --- copri4/main/src/Mod/APIfunc.pm | 1 + copri4/main/src/Mod/DBtank.pm | 4 +- copri4/main/src/Mod/Indexsharee.pm | 40 ++++++++++++------- copri4/main/src/Tpl/BaseEdit.pm | 2 +- copri4/main/src/Tpl/Calorin.pm | 2 +- .../src/Tpl/AccountSubmenu.pm | 2 +- copri4/shareeapp-operator/src/Tpl/Anmelden.pm | 8 ++-- copri4/shareeapp-operator/src/Tpl/FormEdit.pm | 2 +- 8 files changed, 37 insertions(+), 24 deletions(-) diff --git a/copri4/main/src/Mod/APIfunc.pm b/copri4/main/src/Mod/APIfunc.pm index 1a946a0..9ed6cd3 100755 --- a/copri4/main/src/Mod/APIfunc.pm +++ b/copri4/main/src/Mod/APIfunc.pm @@ -3141,6 +3141,7 @@ sub authcookie_manager { my %varenv = $cf->envonline(); my $authcookie=md5_hex($record->{txt08}.$q->escapeHTML($hw_id)); + $bw->log("generating authcookie with input: $record->{txt08}.$hw_id",$authcookie,""); $authcookie = $record->{c_id} . "_" . $authcookie . "_" . $q->escapeHTML($merchant_id); #if user_id && user_pw matched diff --git a/copri4/main/src/Mod/DBtank.pm b/copri4/main/src/Mod/DBtank.pm index ff8e993..f43debc 100755 --- a/copri4/main/src/Mod/DBtank.pm +++ b/copri4/main/src/Mod/DBtank.pm @@ -799,7 +799,7 @@ sub fetch_record(){ $where .= " and ct.$key $op '$value'"; } } - if($key =~ /^(c_id|barcode|int\d+|owner|contentadr_id)$/){ + if($key =~ /^(c_id|ca_id|barcode|int\d+|owner|contentadr_id)$/){ if(looks_like_number($value) || $value eq "null"){ if($value eq "null"){ $where .= " and (ct.$key is null OR ct.$key = 0)"; @@ -835,7 +835,7 @@ sub fetch_record(){ #ct.* because of nd.txt01 and ct.txt01 . my $sql = "SELECT ct.*,rel.*,nd.node_name,nd.parent_id,nd.type_id,nd.energy_id FROM $fetch->{table} ct, relation rel, nodes nd $where $order"; - #$bw->log("DBtank fetch_record : ",$sql,"") if($debug); + $bw->log("DBtank fetch_record : ",$sql,"") if($debug); my $sth = $dbh->prepare($sql); my $rc = $sth->execute(); diff --git a/copri4/main/src/Mod/Indexsharee.pm b/copri4/main/src/Mod/Indexsharee.pm index 88d65de..b7c8c4a 100755 --- a/copri4/main/src/Mod/Indexsharee.pm +++ b/copri4/main/src/Mod/Indexsharee.pm @@ -64,6 +64,7 @@ sub handler { my $html_charset = "utf-8"; my $user_agent = $q->user_agent(); + my $debug=1; my $lang = "en"; $lang = $1 if($q->http('Accept-Language') =~ /^(\w+)/); $lang = lc($lang) if($lang); @@ -139,9 +140,11 @@ sub handler { my $hw_id = unpack ('H*', pack('Nc', time, $$ % 0xff));#old $co #3. authorize - my $author = $apif->authorization($q,$varenv{merchant_id},$hw_id,$lang,$aowner);#$co like browser hw_id + my $author = { authcookie => ""}; + $author = $apif->authorization($q,$varenv{merchant_id},$hw_id,$lang,$aowner);#$co like browser hw_id #4. verify and get user values ($api_return,$users_sharee) = $apif->auth_verify($q,$author->{authcookie},""); + #print "$author->{authcookie},$users_sharee->{c_id}"; exit; #5. domcookie by authcookie substr (cut first 15 chars), AND also sessionid if($author->{authcookie} && length($author->{authcookie}) > 30){ @@ -169,8 +172,12 @@ sub handler { my $session=""; my $session_and=""; if(length($coo) > 20 && !$q->cookie(-name=>'domcookie')){ + #if(length($coo) > 20){#breaks login $session = "?sessionid=$coo"; $session_and = "&sessionid=$coo"; + $bw->log("Indexsharee authcookie userid=$users_sharee->{c_id} by using sessionid=$coo with merchant_id $varenv{merchant_id}, project_id $varenv{project_id}, referer=$referer, path=$path, access_owner $aowner",$varenv{merchant_id},""); + }else{ + $bw->log("Indexsharee authcookie userid=$users_sharee->{c_id} by using cookie=$coo with merchant_id $varenv{merchant_id}, project_id $varenv{project_id}, referer=$referer, path=$path, access_owner $aowner",$varenv{merchant_id},""); } #DMS @@ -253,12 +260,12 @@ sub handler { } my $tpl = $dbt->get_tpl($dbh,"302001");#Kundendaten template - $tpl->{tpl_order} .= ",txt04,txt08"; + $tpl->{tpl_order} .= ",txt04,txt08,int14"; if($R::login_sharee){ if($users_sharee->{c_id} && (!$payable_check || ($users_sharee->{txt31} && $tpl->{tpl_order} =~ /$users_sharee->{txt31}/))){ - my $row = $db->updater("contentadr","c_id","$users_sharee->{c_id}","int12","1");#Vde + my $row = $db->updater("contentadr","c_id","$users_sharee->{c_id}","int12","1") if(!$payable_check);#Vde print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1}$session"); exit 0; }elsif($users_sharee->{c_id} && !$payable_check){ @@ -495,7 +502,7 @@ sub handler { if($returnwww =~ /conflict_txt22/){ $return = $tk->delete_account($users_sharee->{c_id},$users_dms->{u_id}); $apif->authout($q,$coo) if($coo); - print redirect("$varenv{wwwhost}/$varenv{mandant}/Anmelden?conflict_failure=1"); + print redirect("$varenv{wwwhost}/$varenv{mandant}/Anmelden?conflict_failure=1$session_and"); exit 0; } print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_2}?cum=1$session_and\&$returnwww"); @@ -567,6 +574,9 @@ sub handler { #$payone_txid = $payone->preauthorizationCC_main(\%varenv,$users_sharee,$ctt,$aowner); #if($payone_txid) if(1==1){ + open(FILE,">>$varenv{logdir}/confirm.log") if($debug); + print FILE "\n\n*--> $now_dt done by $0\n" if($debug); + print FILE "trigger confirm-code request by pseudocardpan\n" if($debug); #$ctt->{txt16} = "$payone_txid"; #$payone_txid = $payone->captureCC_main(\%varenv,$users_sharee,$ctt,$aowner); @@ -578,7 +588,7 @@ sub handler { if(($users_sharee->{int13} != 1) && ($users_sharee->{txt07} =~ /\d{9}/ && length($users_sharee->{txt07}) <= 16)){ $tk->smsack($users_sharee); } - + close(FILE) if($debug); }else{ $dbt->update_one($dbh,$update_adr,"int12=$vde_on_fail");#Vde } @@ -597,17 +607,19 @@ sub handler { } - my $debug=0; - $debug=1; #send confirm codes if($users_sharee->{c_id} && $users_sharee->{txt34} && length($users_sharee->{txt34}) > 10 && $payable_check && $R::sharee_edit && $R::sharee_edit =~ /save_account|send_email|send_sms/){ + open(FILE,">>$varenv{logdir}/confirm.log") if($debug); + print FILE "\n\n*--> $now_dt done by $0\n" if($debug); + print FILE "trigger confirm-code request by $R::sharee_edit\n" if($debug); - if(($users_sharee->{int04} != 1 || $R::sharee_edit =~ /send_email/) && ($users_sharee->{txt08} =~ /\w\@\w/)){ + if(($users_sharee->{int04} != 1 && $R::sharee_edit =~ /send_email/) && ($users_sharee->{txt08} =~ /\w\@\w/)){ $tk->emailack(\%varenv,$users_sharee->{c_id}); } - if(($users_sharee->{int13} != 1 || $R::sharee_edit =~ /send_sms/) && ($users_sharee->{txt07} =~ /\d{9}/ && length($users_sharee->{txt07}) <= 16)){ + if(($users_sharee->{int13} != 1 && $R::sharee_edit =~ /send_sms/) && ($users_sharee->{txt07} =~ /\d{9}/ && length($users_sharee->{txt07}) <= 16)){ $tk->smsack($users_sharee); } + close(FILE) if($debug); }#send confirm code #email and sms acknowledgments, check and save confirm states @@ -691,7 +703,7 @@ sub handler { } close(FILE) if($debug); if($users_sharee->{c_id} && $users_sharee->{int04} && $users_sharee->{int13}){ - print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_3}?confirm_success=1"); + print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_3}?confirm_success=1$session_and"); exit 0; } }#end confirm @@ -723,7 +735,7 @@ sub handler { exit 0; } elsif($payable_check && (!$users_sharee->{int04} || !$users_sharee->{int13})){ - print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_3}?cum=2$session_and\&$returnwww"); + print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_3}?cum=2\&sharee_edit=send_email_send_sms$session_and\&$returnwww");#send both exit 0; } elsif($payable_check){ @@ -732,7 +744,7 @@ sub handler { } }elsif($path =~ /$varenv{mandant}\/$varenv{profile}/ && $referer !~ /failure=\w/){ if((!$users_sharee->{int14}) || ($users_sharee->{txt31} && $tpl->{tpl_order} =~ /$users_sharee->{txt31}/)){ - print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1}?failure=$users_sharee->{txt31}$session_and#top"); + print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1}?cum=3\&failure=$users_sharee->{txt31}$session_and#top"); exit 0; }elsif(!$payable_check){ print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1_5}?cum=3$session_and\&$returnwww"); @@ -743,8 +755,8 @@ sub handler { } } } - #disabled - elsif(1==2 && $users_sharee->{c_id} && ($path =~ /$varenv{mandant}\/Anmelden|$varenv{mandant}\/$varenv{profile}/)){ + #redirect used by App user profile button + elsif($session && $users_sharee->{c_id} && ($path =~ /$varenv{mandant}\/Anmelden|$varenv{mandant}\/$varenv{profile}/)){ if(!$users_sharee->{int14}){ print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1}?cum=4$session_and\&$returnwww"); exit 0; diff --git a/copri4/main/src/Tpl/BaseEdit.pm b/copri4/main/src/Tpl/BaseEdit.pm index cdd8f34..09fb099 100755 --- a/copri4/main/src/Tpl/BaseEdit.pm +++ b/copri4/main/src/Tpl/BaseEdit.pm @@ -531,7 +531,7 @@ EOF $cttpos->{$key} = $q->unescapeHTML("$cttpos->{$key}"); $cttpos->{$key} = $lb->newline($cttpos->{$key},"",""); print $q->Tr(),"\n"; - print $q->td({-class=>'content1_cms',-colspan=>2},"response-log
$cttpos->{$key}"),"\n"; + print $q->td({-class=>'content1_cms',-colspan=>2},"response-log$cttpos->{$key}"),"\n"; } }elsif($key =~ /txt/){ print $q->Tr(),"\n"; diff --git a/copri4/main/src/Tpl/Calorin.pm b/copri4/main/src/Tpl/Calorin.pm index cd6f74d..b607746 100755 --- a/copri4/main/src/Tpl/Calorin.pm +++ b/copri4/main/src/Tpl/Calorin.pm @@ -480,7 +480,7 @@ sub tpl(){ #Parts and prepaids if($cttpos->{$pid}->{template_id} && $cttpos->{$pid}->{template_id} =~ /219|224|229/){ - $part_path = "Prepaid"; + $part_path = "Prepaid" if($cttpos->{$pid}->{template_id} == 219); print $q->div({-style=>"float:left;margin-left:$c_left"}, "$i) $edit_pos $pos_id → $start_time → $part_path Nr. $bikenr → $kunde → $u_name/$u_name_end $comment_view"),"\n"; }else{ print $q->div({-style=>"float:left;margin-left:$c_left"}, "$i) $edit_pos $pos_id → $start_time – $end_time → $kunde → Start Station $start_station → End Station $end_station → Bike $bikenr $status $lock_state → $u_name/$u_name_end
$charge $track_info $comment_view"),"\n"; diff --git a/copri4/shareeapp-operator/src/Tpl/AccountSubmenu.pm b/copri4/shareeapp-operator/src/Tpl/AccountSubmenu.pm index 55a3df2..0c3f2c9 100755 --- a/copri4/shareeapp-operator/src/Tpl/AccountSubmenu.pm +++ b/copri4/shareeapp-operator/src/Tpl/AccountSubmenu.pm @@ -143,7 +143,7 @@ if(1==1){ #sharee AGB if(!$users_sharee->{int14}){ - print $q->li($q->a({-style=>"$mstyle_1",-title=>"$node1->{$id1}->{node_name}", -href=>"/$viewsel[0]/Account/$node1->{$id1}->{node_name}$session"}, $q->img({-src=>"$varenv->{metahost}/img/Account_Kundendaten.svg"}))),"\n"; + print $q->li($q->a({-style=>"$mstyle_1",-title=>"$varenv->{accounting_1}", -href=>"/$viewsel[0]/Account/$varenv->{accounting_1}$session"}, $q->img({-src=>"$varenv->{metahost}/img/Account_Kundendaten.svg"}))),"\n"; } elsif(!$users_sharee->{int03}){ print $q->li($q->a({-style=>"$mstyle_1",-title=>"$varenv->{accounting_1}", -href=>"/$viewsel[0]/Account/$varenv->{accounting_1}$session"}, $q->img({-src=>"$varenv->{metahost}/img/Account_Kundendaten.svg"}))),"\n"; diff --git a/copri4/shareeapp-operator/src/Tpl/Anmelden.pm b/copri4/shareeapp-operator/src/Tpl/Anmelden.pm index d0332fd..27fb9d8 100755 --- a/copri4/shareeapp-operator/src/Tpl/Anmelden.pm +++ b/copri4/shareeapp-operator/src/Tpl/Anmelden.pm @@ -132,11 +132,11 @@ sub tpl(){ print $q->div({-class=>'content2',-style=>'color:#c83434'},"$varenv->{cms}->{'iframe-uhps'}->{txt}"),"\n"; print $q->div({-class=>'content2'}, "$varenv->{cms}->{'iframe-account-conflict'}->{txt}"),"\n"; #Bitte beachten Sie: nach 60 Minuten verfallen unbestätigte Formulare und Zugangsdaten. - print $q->div($q->a({-style=>"background-color:#ffffff;color:#$bgcolor1;font-size:1.1em;text-decoration:none;", -role=>'button', -href=>"$varenv->{wwwhost}/$varenv->{mandant}/Account"}, "$varenv->{cms}->{'iframe-request-pw'}->{txt}")),"\n"; + print $q->div($q->a({-style=>"background-color:#ffffff;color:#$bgcolor1;font-size:1.1em;text-decoration:none;", -role=>'button', -href=>"$varenv->{wwwhost}/$varenv->{mandant}/Account?sessionid=$R::sessionid"}, "$varenv->{cms}->{'iframe-request-pw'}->{txt}")),"\n"; print $q->div({-class=>'content2'}, "$varenv->{cms}->{'iframe-contact-us'}->{txt}"),"\n"; } print $q->div({-class=>'content2',-style=>'font-size:1.2em;'}, "$varenv->{cms}->{'iframe-login'}->{txt}"),"\n"; - print $q->div({-style=>'color:#c83434'},"Login verweigert. ",$q->a({-class=>"", -style=>"color:gray;", -role=>"button", -href=>"$varenv->{wwwhost}/$varenv->{mandant}/Account"}, "$varenv->{cms}->{'iframe-request-pw'}->{txt}")),"\n" if($R::failure); + print $q->div({-style=>'color:#c83434'},"Login verweigert. ",$q->a({-class=>"", -style=>"color:gray;", -role=>"button", -href=>"$varenv->{wwwhost}/$varenv->{mandant}/Account?sessionid=$R::sessionid"}, "$varenv->{cms}->{'iframe-request-pw'}->{txt}")),"\n" if($R::failure); print $q->div({-style=>'color:#c83434'},"Login verweigert. "),"\n" if($R::basicauthfailure); print $q->label({-for=>'Email'},""),"\n"; print $q->textfield(-class=>'form-control', -name=>'user_id', -value=>'', -override=>1, -type=>'email',-class=>'form-control', -id=>'Email', -placeholder=>'E-Mail Adresse', -required=>1, -autofocus=>1),"\n"; @@ -150,9 +150,9 @@ sub tpl(){ # print $q->div({-style=>'margin-top:1em;'},"
Anmelden
"),"\n"; print $q->div({-style=>'margin-top:1em;text-align:center;'},""),"\n"; - print $q->div({-style=>'margin-top:1em;text-align:center;'},$q->a({-class=>"btn btn-default btn-lg btn-block", -style=>"background-color:#ffffff;color:#$bgcolor1;", -role=>"button", -href=>"$varenv->{wwwhost}/$varenv->{mandant}/Account/$varenv->{accounting_1}"}, "$varenv->{cms}->{'iframe-new-account'}->{txt}")),"\n"; + print $q->div({-style=>'margin-top:1em;text-align:center;'},$q->a({-class=>"btn btn-default btn-lg btn-block", -style=>"background-color:#ffffff;color:#$bgcolor1;", -role=>"button", -href=>"$varenv->{wwwhost}/$varenv->{mandant}/Account/$varenv->{accounting_1}?sessionid=$R::sessionid"}, "$varenv->{cms}->{'iframe-new-account'}->{txt}")),"\n"; - print $q->div({-style=>'margin-top:1em;text-align:center;'},$q->a({-class=>"", -style=>"background-color:#ffffff;color:#$bgcolor1;font-size:1.1em;text-decoration:underline;", -role=>"button", -href=>"$varenv->{wwwhost}/$varenv->{mandant}/Account"}, "$varenv->{cms}->{'iframe-request-pw'}->{txt}")),"\n"; + print $q->div({-style=>'margin-top:1em;text-align:center;'},$q->a({-class=>"", -style=>"background-color:#ffffff;color:#$bgcolor1;font-size:1.1em;text-decoration:underline;", -role=>"button", -href=>"$varenv->{wwwhost}/$varenv->{mandant}/Account?sessionid=$R::sessionid"}, "$varenv->{cms}->{'iframe-request-pw'}->{txt}")),"\n"; } print "\n"; diff --git a/copri4/shareeapp-operator/src/Tpl/FormEdit.pm b/copri4/shareeapp-operator/src/Tpl/FormEdit.pm index 692bf55..f0109d2 100755 --- a/copri4/shareeapp-operator/src/Tpl/FormEdit.pm +++ b/copri4/shareeapp-operator/src/Tpl/FormEdit.pm @@ -610,7 +610,7 @@ EOF #sharee AGB global new if($key eq "int14" && $size eq "checkbox"){ - $required=""; + $required="required"; #bootstrap 5 my $sharee_agb = "\n";