roko.li/sharee.bike
5
0
Fork 0
mirror of https://gitlab.com/t6353/sharee.bike.git synced 2025-05-11 22:37:27 +02:00
Code Issues Projects Releases Packages Wiki Activity

session without cookie fix

Browse source
This commit is contained in:
ragu 2023-10-09 07:40:13 +02:00
parent 01a9f06617
commit 9213ca6a70
8 changed files with 37 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

1
copri4/main/src/Mod/APIfunc.pm
View file

@ -3141,6 +3141,7 @@ sub authcookie_manager {
my %varenv = $cf->envonline();
my $authcookie=md5_hex($record->{txt08}.$q->escapeHTML($hw_id));
$bw->log("generating authcookie with input: $record->{txt08}.$hw_id",$authcookie,"");
$authcookie = $record->{c_id} . "_" . $authcookie . "_" . $q->escapeHTML($merchant_id);
#if user_id && user_pw matched

4
copri4/main/src/Mod/DBtank.pm
View file

@ -799,7 +799,7 @@ sub fetch_record(){
$where .= " and ct.$key $op '$value'";
}
}
if($key =~ /^(c_id|barcode|int\d+|owner|contentadr_id)$/){
if($key =~ /^(c_id|ca_id|barcode|int\d+|owner|contentadr_id)$/){
if(looks_like_number($value) || $value eq "null"){
if($value eq "null"){
$where .= " and (ct.$key is null OR ct.$key = 0)";
@ -835,7 +835,7 @@ sub fetch_record(){
#ct.* because of nd.txt01 and ct.txt01 .
my $sql = "SELECT ct.*,rel.*,nd.node_name,nd.parent_id,nd.type_id,nd.energy_id FROM $fetch->{table} ct, relation rel, nodes nd $where $order";
#$bw->log("DBtank fetch_record : ",$sql,"") if($debug);
$bw->log("DBtank fetch_record : ",$sql,"") if($debug);
my $sth = $dbh->prepare($sql);
my $rc = $sth->execute();

40
copri4/main/src/Mod/Indexsharee.pm
View file

@ -64,6 +64,7 @@ sub handler {
my $html_charset = "utf-8";
my $user_agent = $q->user_agent();
my $debug=1;
my $lang = "en";
$lang = $1 if($q->http('Accept-Language') =~ /^(\w+)/);
$lang = lc($lang) if($lang);
@ -139,9 +140,11 @@ sub handler {
my $hw_id = unpack ('H*', pack('Nc', time, $$ % 0xff));#old $co
#3. authorize
my $author = $apif->authorization($q,$varenv{merchant_id},$hw_id,$lang,$aowner);#$co like browser hw_id
my $author = { authcookie => ""};
$author = $apif->authorization($q,$varenv{merchant_id},$hw_id,$lang,$aowner);#$co like browser hw_id
#4. verify and get user values
($api_return,$users_sharee) = $apif->auth_verify($q,$author->{authcookie},"");
#print "$author->{authcookie},$users_sharee->{c_id}"; exit;
#5. domcookie by authcookie substr (cut first 15 chars), AND also sessionid
if($author->{authcookie} && length($author->{authcookie}) > 30){
@ -169,8 +172,12 @@ sub handler {
my $session="";
my $session_and="";
if(length($coo) > 20 && !$q->cookie(-name=>'domcookie')){
#if(length($coo) > 20){#breaks login
$session = "?sessionid=$coo";
$session_and = "&sessionid=$coo";
$bw->log("Indexsharee authcookie userid=$users_sharee->{c_id} by using sessionid=$coo with merchant_id $varenv{merchant_id}, project_id $varenv{project_id}, referer=$referer, path=$path, access_owner $aowner",$varenv{merchant_id},"");
}else{
$bw->log("Indexsharee authcookie userid=$users_sharee->{c_id} by using cookie=$coo with merchant_id $varenv{merchant_id}, project_id $varenv{project_id}, referer=$referer, path=$path, access_owner $aowner",$varenv{merchant_id},"");
}
#DMS
@ -253,12 +260,12 @@ sub handler {
}
my $tpl = $dbt->get_tpl($dbh,"302001");#Kundendaten template
$tpl->{tpl_order} .= ",txt04,txt08";
$tpl->{tpl_order} .= ",txt04,txt08,int14";
if($R::login_sharee){
if($users_sharee->{c_id} && (!$payable_check || ($users_sharee->{txt31} && $tpl->{tpl_order} =~ /$users_sharee->{txt31}/))){
my $row = $db->updater("contentadr","c_id","$users_sharee->{c_id}","int12","1");#Vde
my $row = $db->updater("contentadr","c_id","$users_sharee->{c_id}","int12","1") if(!$payable_check);#Vde
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1}$session");
exit 0;
}elsif($users_sharee->{c_id} && !$payable_check){
@ -495,7 +502,7 @@ sub handler {
if($returnwww =~ /conflict_txt22/){
$return = $tk->delete_account($users_sharee->{c_id},$users_dms->{u_id});
$apif->authout($q,$coo) if($coo);
print redirect("$varenv{wwwhost}/$varenv{mandant}/Anmelden?conflict_failure=1");
print redirect("$varenv{wwwhost}/$varenv{mandant}/Anmelden?conflict_failure=1$session_and");
exit 0;
}
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_2}?cum=1$session_and\&$returnwww");
@ -567,6 +574,9 @@ sub handler {
#$payone_txid = $payone->preauthorizationCC_main(\%varenv,$users_sharee,$ctt,$aowner);
#if($payone_txid)
if(1==1){
open(FILE,">>$varenv{logdir}/confirm.log") if($debug);
print FILE "\n\n*--> $now_dt done by $0\n" if($debug);
print FILE "trigger confirm-code request by pseudocardpan\n" if($debug);
#$ctt->{txt16} = "$payone_txid";
#$payone_txid = $payone->captureCC_main(\%varenv,$users_sharee,$ctt,$aowner);
@ -578,7 +588,7 @@ sub handler {
if(($users_sharee->{int13} != 1) && ($users_sharee->{txt07} =~ /\d{9}/ && length($users_sharee->{txt07}) <= 16)){
$tk->smsack($users_sharee);
}
close(FILE) if($debug);
}else{
$dbt->update_one($dbh,$update_adr,"int12=$vde_on_fail");#Vde
}
@ -597,17 +607,19 @@ sub handler {
}
my $debug=0;
$debug=1;
#send confirm codes
if($users_sharee->{c_id} && $users_sharee->{txt34} && length($users_sharee->{txt34}) > 10 && $payable_check && $R::sharee_edit && $R::sharee_edit =~ /save_account|send_email|send_sms/){
open(FILE,">>$varenv{logdir}/confirm.log") if($debug);
print FILE "\n\n*--> $now_dt done by $0\n" if($debug);
print FILE "trigger confirm-code request by $R::sharee_edit\n" if($debug);
if(($users_sharee->{int04} != 1 || $R::sharee_edit =~ /send_email/) && ($users_sharee->{txt08} =~ /\w\@\w/)){
if(($users_sharee->{int04} != 1 && $R::sharee_edit =~ /send_email/) && ($users_sharee->{txt08} =~ /\w\@\w/)){
$tk->emailack(\%varenv,$users_sharee->{c_id});
}
if(($users_sharee->{int13} != 1 || $R::sharee_edit =~ /send_sms/) && ($users_sharee->{txt07} =~ /\d{9}/ && length($users_sharee->{txt07}) <= 16)){
if(($users_sharee->{int13} != 1 && $R::sharee_edit =~ /send_sms/) && ($users_sharee->{txt07} =~ /\d{9}/ && length($users_sharee->{txt07}) <= 16)){
$tk->smsack($users_sharee);
}
close(FILE) if($debug);
}#send confirm code
#email and sms acknowledgments, check and save confirm states
@ -691,7 +703,7 @@ sub handler {
}
close(FILE) if($debug);
if($users_sharee->{c_id} && $users_sharee->{int04} && $users_sharee->{int13}){
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_3}?confirm_success=1");
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_3}?confirm_success=1$session_and");
exit 0;
}
}#end confirm
@ -723,7 +735,7 @@ sub handler {
exit 0;
}
elsif($payable_check && (!$users_sharee->{int04} || !$users_sharee->{int13})){
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_3}?cum=2$session_and\&$returnwww");
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_3}?cum=2\&sharee_edit=send_email_send_sms$session_and\&$returnwww");#send both
exit 0;
}
elsif($payable_check){
@ -732,7 +744,7 @@ sub handler {
}
}elsif($path =~ /$varenv{mandant}\/$varenv{profile}/ && $referer !~ /failure=\w/){
if((!$users_sharee->{int14}) || ($users_sharee->{txt31} && $tpl->{tpl_order} =~ /$users_sharee->{txt31}/)){
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1}?failure=$users_sharee->{txt31}$session_and#top");
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1}?cum=3\&failure=$users_sharee->{txt31}$session_and#top");
exit 0;
}elsif(!$payable_check){
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1_5}?cum=3$session_and\&$returnwww");
@ -743,8 +755,8 @@ sub handler {
}
}
}
#disabled
elsif(1==2 && $users_sharee->{c_id} && ($path =~ /$varenv{mandant}\/Anmelden|$varenv{mandant}\/$varenv{profile}/)){
#redirect used by App user profile button
elsif($session && $users_sharee->{c_id} && ($path =~ /$varenv{mandant}\/Anmelden|$varenv{mandant}\/$varenv{profile}/)){
if(!$users_sharee->{int14}){
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1}?cum=4$session_and\&$returnwww");
exit 0;