mirror of
https://gitlab.com/t6353/sharee.bike.git
synced 2024-05-25 01:46:43 +02:00
session-cookie return by primary fix
This commit is contained in:
Rainer Gümpelein
parent
4c11beb331
commit
d5ea6afcd7
|
|
@ -936,6 +936,7 @@ sub booking_update(){
|
|||
#prevent reset occupied values OR only if genkey defined
|
||||
#if(($state eq "occupied" && $record_pos->{txt10} =~ /requested/) || ($state eq "occupied" && $record_pos->{txt10} =~ /occupied/ && $q->param('genkey') eq "1"))
|
||||
if(($state_key == 3 && $record_pos->{int10} == 2) || ($state_key == 3 && $record_pos->{int10} == 3 && $q->param('genkey') eq "1")){
|
||||
|
||||
$update_pos->{start_time} = "now()";
|
||||
$update_pos->{end_time} = "now()";
|
||||
#$update_pos->{txt05} = "$gps";#start GPS, not exist on request
|
||||
|
|
@ -1065,12 +1066,12 @@ sub booking_update(){
|
|||
$booking_values->{response_state} = "Failure 2012: occupied bike " . $q->param('bike') . " cannot be $state";
|
||||
$booking_values->{response_text} = "Fahrrad Nr. " . $q->param('bike') . " ist in Benutzung und kann somit nicht storniert werden.";
|
||||
}elsif($state_key == 3 && $record_pos->{int10} == 1){
|
||||
$booking_values->{response_state} = "Failure 2016: occupied bike " . $q->param('bike') . " cannot be $state";
|
||||
$booking_values->{response_state} = "Failure 2016: available bike " . $q->param('bike') . " have to be at first reserved, thats because cannot be $state";
|
||||
$booking_values->{response_text} = "Fahrrad Nr. " . $q->param('bike') . " wurde nicht reserviert und kann somit nicht gemietet werden.";
|
||||
|
||||
}else{
|
||||
$booking_values->{response_state} = "Failure 2035: bike " . $q->param('bike') . " state change to $state not possible.";
|
||||
$booking_values->{response_text} = "Fehler! Die Miete Fahrrad Nr. " . $q->param('bike') . " kann nicht mit dem vorhandnen Status $state_text werden.";
|
||||
$booking_values->{response_text} = "Fehler! Die Miete Fahrrad Nr. " . $q->param('bike') . " kann nicht mit dem vorhandenen Status $state_text werden.";
|
||||
}
|
||||
|
||||
#contenttrans
|
||||
|
|
@ -2050,6 +2051,7 @@ sub auth_verify(){
|
|||
user_tour => [],
|
||||
user_group => []
|
||||
};
|
||||
|
||||
my $user_group = "";
|
||||
my $bike_group = "";
|
||||
my $tariff_content = "";
|
||||
|
|
@ -2058,6 +2060,11 @@ sub auth_verify(){
|
|||
$return->{merchant_id} = $1 if($cgi_authcookie && $cgi_authcookie =~ /\w+_(\w+)$/);
|
||||
my $netloc = $q->url(-base=>1);
|
||||
$bw->log("--> auth_verify on dbname $varenv{dbname},\n Starting with authcookie: $cgi_authcookie",$netloc,"");
|
||||
my $debug=1;
|
||||
my $now_dt = strftime "%Y-%m-%d %H:%M:%S", localtime;
|
||||
open(FILE,">>$varenv{logdir}/authcookie.log") if($debug);
|
||||
print FILE "\n*-->$now_dt $netloc | $varenv{dbname} | $cgi_authcookie\n" if($debug);
|
||||
|
||||
if($cgi_authcookie && length($cgi_authcookie) > 30){
|
||||
my $authref = {
|
||||
table => "contentadr",
|
||||
|
|
@ -2069,16 +2076,18 @@ sub auth_verify(){
|
|||
$auth_operator = $dbt->fetch_record($dbh,$authref);
|
||||
$bw->log("auth_verified on operator $varenv{dbname} anchor 1",$auth_operator->{c_id},"");
|
||||
|
||||
my $auth_primary = { c_id => 0 };
|
||||
my $auth_operator = { c_id => 0 };
|
||||
|
||||
#just part of operator-routing (sharee account management)
|
||||
#primary select
|
||||
if(1==1){
|
||||
if($varenv{dbname} ne "sharee_primary"){
|
||||
if($varenv{dbname} ne "sharee_primary"){
|
||||
#primary select
|
||||
my $dbh_primary = $dbt->dbconnect_extern("sharee_primary");
|
||||
my $auth_primary = { c_id => 0 };
|
||||
$auth_primary = $dbt->fetch_record($dbh_primary,$authref);
|
||||
|
||||
if($auth_primary->{c_id} && $auth_primary->{c_id} > 0){
|
||||
$bw->log("auth_verified on primary anchor 2 by dbname $varenv{dbname}",$auth_primary->{c_id},"");
|
||||
print FILE "auth_verified on primary anchor 2 by dbname $varenv{dbname} | pri $auth_primary->{c_id}\n if($debug)";
|
||||
|
||||
#On booking_request, user must be authenticated and addr must exist
|
||||
#At first insert/update Operator dbname array on primary
|
||||
|
|
@ -2086,8 +2095,9 @@ sub auth_verify(){
|
|||
|
||||
#first, save operator array which are used
|
||||
my %operator_hash = ();#local DB
|
||||
$bw->log("booking_request auth_verified by dbname $varenv{dbname} (dbname=$varenv{dbname})",$auth_operator->{c_id},"");
|
||||
|
||||
$bw->log("booking_request auth_verified by dbname $varenv{dbname}",$auth_operator->{c_id},"");
|
||||
print FILE "booking_request auth_verified by dbname $varenv{dbname} | pri $auth_primary->{c_id}\n if($debug)";
|
||||
|
||||
if($auth_primary->{txt17} && $auth_primary->{txt17} =~ /\w\s\w/){#append DB's
|
||||
%operator_hash = map { $_ => 1 } split(/\s+/,$auth_primary->{txt17});
|
||||
}elsif($auth_primary->{txt17}){
|
||||
|
|
@ -2097,6 +2107,7 @@ sub auth_verify(){
|
|||
|
||||
my @operator_array = keys %operator_hash;
|
||||
$bw->log("auth_verified update operator keys by array: @operator_array",\%operator_hash,"");
|
||||
print FILE "auth_verified update operator keys by array: @operator_array | pri $auth_primary->{c_id}\n" if($debug);
|
||||
my $update_primary = {
|
||||
table => "contentadr",
|
||||
txt17 => "@operator_array",#operator ids
|
||||
|
|
@ -2132,13 +2143,15 @@ sub auth_verify(){
|
|||
my $auth_operator3 = { c_id => 0 };
|
||||
$auth_operator3 = $dbt->fetch_record($dbh,$authref);# if($uid);
|
||||
$bw->log("auth_verified on operator anchor 3 by dbname $varenv{dbname}",$auth_operator3->{c_id},"");
|
||||
print FILE "auth_verified on operator anchor 3 by dbname $varenv{dbname} | op3 $auth_operator3->{c_id}\n" if($debug);
|
||||
|
||||
#if user on operator available by userid c_id, then update authcookie
|
||||
if($auth_operator3->{c_id} > 0){
|
||||
my $authcookies = $auth_operator3->{txt05} . "|" . $cgi_authcookie;
|
||||
$bw->log("UPDATE adr on operator by dbname $varenv{dbname}",$auth_operator3->{c_id},"");
|
||||
print FILE "UPDATE adr on operator by dbname $varenv{dbname} | op3 $auth_operator3->{c_id}\n" if($debug);
|
||||
my $update = {
|
||||
table => "contentadr",
|
||||
#txt05 => "$auth_primary->{txt05}",#authcookies
|
||||
txt05 => "$authcookies",#authcookies
|
||||
atime => "now()",
|
||||
#mtime => "now()",#only set mtime on real user-data change
|
||||
|
|
@ -2152,6 +2165,7 @@ sub auth_verify(){
|
|||
my $c_id = 0;
|
||||
if($auth_primary->{c_id} > 0){
|
||||
$bw->log("INSERT adr from record_primary to operator by dbname $varenv{dbname}",$auth_primary->{c_id},"");
|
||||
print FILE "INSERT adr from record_primary to operator by dbname $varenv{dbname} | pri $auth_primary->{c_id}\n" if($debug);
|
||||
my $insert = {
|
||||
%$auth_primary,
|
||||
table => "contentadr",
|
||||
|
|
@ -2162,42 +2176,40 @@ sub auth_verify(){
|
|||
}
|
||||
}else{
|
||||
$bw->log("auth_verified on operator anchor 3 FAILS by dbname $varenv{dbname}. user seem not be activated",$auth_operator->{c_id},"");
|
||||
print FILE "auth_verified on operator anchor 3 FAILS by dbname $varenv{dbname}. user seem not be activated | op $auth_operator->{c_id}\n" if($debug);
|
||||
}
|
||||
}
|
||||
$auth_operator = $dbt->fetch_record($dbh,$authref);
|
||||
if($auth_operator->{c_id} > 0){
|
||||
$record = $auth_operator;#At first try using operator to get Tarif
|
||||
$bw->log("auth_verified on operator anchor 2.2 by dbname $varenv{dbname}",$auth_operator->{c_id},"");
|
||||
print FILE "auth_verified on operator anchor 2.2 by dbname $varenv{dbname} | op $auth_operator->{c_id}\n" if($debug);
|
||||
}else{
|
||||
$record = $auth_primary;
|
||||
$bw->log("auth_verified on primary anchor 2.3 by dbname $varenv{dbname}",$auth_primary->{c_id},"");
|
||||
print FILE "auth_verified on primary anchor 2.3 by dbname $varenv{dbname} | pri $auth_primary->{c_id}\n" if($debug);
|
||||
}
|
||||
}else{# if($auth_primary->{c_id}){ fails
|
||||
}else{# if($auth_primary->{c_id}) fails
|
||||
$bw->log("auth_verified on primary anchor 4 FAILS by dbname $varenv{dbname}.",$auth_primary->{c_id},"");
|
||||
print FILE "auth_verified on primary anchor 4 FAILS by dbname $varenv{dbname} | pri $auth_primary->{c_id}\n" if($debug);
|
||||
$auth_operator = $dbt->fetch_record($dbh,$authref);
|
||||
$record = $auth_operator;
|
||||
$bw->log("auth_verified on operator anchor 9 by dbname $varenv{dbname}.",$auth_operator->{c_id},"");
|
||||
print FILE "auth_verified on operator anchor 9 by dbname $varenv{dbname} | op $auth_operator->{c_id}\n" if($debug);
|
||||
}
|
||||
}else{# if($varenv{dbname} eq "sharee_primary")
|
||||
my $auth_operator = { c_id => 0 };
|
||||
$auth_operator = $dbt->fetch_record($dbh,$authref);
|
||||
$bw->log("auth_verified on operator anchor 4 by dbname $varenv{dbname}",$auth_operator->{c_id},"");
|
||||
$record = $auth_operator;
|
||||
}#end if($varenv{dbname} ne "sharee_primary")
|
||||
|
||||
}else{
|
||||
my $auth_operator = { c_id => 0 };
|
||||
$auth_operator = $dbt->fetch_record($dbh,$authref);
|
||||
$bw->log("auth_verified on operator anchor 6 by dbname $varenv{dbname}",$auth_operator->{c_id},"");
|
||||
$record = $auth_operator;
|
||||
}else{# if($varenv{dbname} eq "sharee_primary")
|
||||
$auth_primary = $dbt->fetch_record($dbh,$authref);
|
||||
$bw->log("auth_verified on operator anchor 4 by dbname $varenv{dbname}",$auth_primary->{c_id},"");
|
||||
print FILE "auth_verified on operator anchor 4 by dbname $varenv{dbname} | pri $auth_primary->{c_id}\n" if($debug);
|
||||
$record = $auth_primary;
|
||||
}#end if($varenv{dbname} ne "sharee_primary")
|
||||
|
||||
if($varenv{dbname} ne "sharee_primary"){
|
||||
($bike_group,$user_group,$tariff_content,$user_tour) = $self->fetch_tariff($record,$q->param('authcookie'));
|
||||
}
|
||||
|
||||
if($varenv{dbname} ne "sharee_primary"){
|
||||
($bike_group,$user_group,$tariff_content,$user_tour) = $self->fetch_tariff($record,$q->param('authcookie'));
|
||||
}
|
||||
|
||||
if ($record->{c_id} > 0 && length($record->{txt05}) > 30){
|
||||
my @check_cookies = split(/\|/,$record->{txt05});
|
||||
if($auth_primary->{c_id} > 0 && length($auth_primary->{txt05}) > 30){
|
||||
my @check_cookies = split(/\|/,$auth_primary->{txt05});
|
||||
foreach(@check_cookies){
|
||||
if(length($_) > 30 && $_ =~ /$cgi_authcookie/){
|
||||
$return->{authcookie} = $cgi_authcookie;
|
||||
|
|
@ -2209,8 +2221,7 @@ sub auth_verify(){
|
|||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
elsif($userc_id && looks_like_number($userc_id) && length($userc_id) >= 4){
|
||||
}elsif($userc_id && looks_like_number($userc_id) && length($userc_id) >= 4){
|
||||
my $authref = {
|
||||
table => "contentadr",
|
||||
fetch => "one",
|
||||
|
|
@ -2232,6 +2243,7 @@ sub auth_verify(){
|
|||
}
|
||||
}else{
|
||||
$bw->log("auth_verified on operator anchor FAILS by dbname $varenv{dbname}, no authcookie, dump \$q",$q,"");
|
||||
print FILE "auth_verified on operator anchor FAILS by dbname $varenv{dbname}, no authcookie\n" if($debug);
|
||||
}
|
||||
$return->{agb_checked} = "0";
|
||||
$return->{agb_checked} = "1" if($record->{int14});#sharee AGB global
|
||||
|
|
@ -2275,9 +2287,15 @@ sub auth_verify(){
|
|||
|
||||
if(!$users_serviceapp->{u_id} || $users_serviceapp->{u_id} == 0){
|
||||
$record = { c_id => 0 };
|
||||
$return = { c_id => 0 };
|
||||
$bw->log("reset auth_verify because of only Servicetool users access:",$record,"");
|
||||
}
|
||||
print FILE "users_serviceapp: $users_serviceapp->{u_id} | $return->{authcookie}\n" if($debug);
|
||||
}
|
||||
|
||||
print FILE "final return: $return->{authcookie}\n" if($debug);
|
||||
|
||||
close(FILE) if($debug);
|
||||
|
||||
return ($return,$record);
|
||||
}#end auth_verify
|
||||
|
|
@ -2297,15 +2315,13 @@ sub authorization(){
|
|||
my $user_pw = $q->param('user_pw') || $q->param('txt04');
|
||||
#print "user_pw:" . $q->param('user_pw') . "|txt04:" . $q->param('txt04') . "|user_pw:" . $q->param('user_pw');
|
||||
|
||||
my $pw_length = 6;#only 6 and if < 8 user failure will be set
|
||||
$user_pw = "mo2Xah6a" if(length($user_pw) < $pw_length);
|
||||
|
||||
my $pw_length = 8;
|
||||
my $record = { c_id => 0 };#if fails
|
||||
my $return = { authcookie => 0 };#if fails
|
||||
my $return = { authcookie => "" };#if fails
|
||||
#print "$hw_id | $merchant_id | $user_id | $user_pw\n";exit;
|
||||
|
||||
|
||||
if($user_id && length($user_id) >= 4 && length($user_pw) >= $pw_length && length($hw_id) >= 10 && length($merchant_id) >= 8){
|
||||
if($user_id && length($user_id) >= 4 && $user_pw && length($user_pw) >= $pw_length && length($hw_id) >= 10 && length($merchant_id) >= 8){
|
||||
my $authref = {
|
||||
table => "contentadr",
|
||||
fetch => "one",
|
||||
|
|
@ -2334,7 +2350,7 @@ sub authorization(){
|
|||
$return = $self->authcookie_manager($dbh,$q,$record,$merchant_id,$hw_id,$aowner);
|
||||
|
||||
}else{
|
||||
$bw->log("authorization fals because of failing condition: if($user_id && length($user_id) >= 4 && length($user_pw) >= $pw_length && length($hw_id) >= 10 && length($merchant_id) >= 8)","","");
|
||||
$bw->log("authorization fails because of failing condition: if($user_id && length($user_id) >= 4 && length($user_pw) >= $pw_length && length($hw_id) >= 10 && length($merchant_id) >= 8)","","");
|
||||
}
|
||||
return $return;
|
||||
}#end authorization
|
||||
|
|
@ -2351,7 +2367,7 @@ sub authcookie_manager {
|
|||
|
||||
my $user_agent = $q->user_agent();
|
||||
my $clientIP = $q->remote_addr();
|
||||
my $return = { authcookie => 0 };#if fails
|
||||
my $return = { authcookie => "" };#if fails
|
||||
my %varenv = $cf->envonline();
|
||||
|
||||
my $authcookie=md5_hex($record->{txt08}.$q->escapeHTML($hw_id));
|
||||
|
|
|
|||
|
|
@ -416,7 +416,6 @@ elsif($q->param('request') eq "user_bikes_occupied"){
|
|||
|
||||
#bikes_available
|
||||
elsif($q->param('request') eq "bikes_available"){
|
||||
#use Time::HiRes qw/gettimeofday/;
|
||||
if($varenv{syshost} eq "shareeapp-primary"){
|
||||
($aowner,my $return_merchant) = $apif->fetch_merchant($q,\%varenv,$coo,$q->param('merchant_id'));
|
||||
$varenv{merchant_id} = $return_merchant->{merchant_id};
|
||||
|
|
@ -425,13 +424,13 @@ elsif($q->param('request') eq "bikes_available"){
|
|||
my ($auth,$authraw) = $apif->auth_verify($q);
|
||||
$response = { %$response, %$auth };
|
||||
($response->{bikes},$response->{uri_operator_array},$response->{user_group},$response->{user_tour}) = $jsc->loop_sharees($q,$authraw,$return_merchant);
|
||||
#my $stamp = gettimeofday;
|
||||
#$bw->log("X bikes_available $varenv{syshost} $stamp: $response->{user_group}",$response,"");
|
||||
}else{
|
||||
($aowner,my $return_merchant) = $apif->fetch_merchant($q,\%varenv,$coo,$q->param('merchant_id'));
|
||||
$varenv{merchant_id} = $return_merchant->{merchant_id};
|
||||
|
||||
my ($auth,$authraw) = $apif->auth_verify($q);#on operator loop select, operator adr must be select to get user_group
|
||||
#on operator loop select, operator adr must be select to get user_group
|
||||
my ($auth,$authraw) = $apif->auth_verify($q);
|
||||
$response = { %$response, %$auth };
|
||||
$bw->log("Y bikes_available by c_id $authraw->{c_id}, Tarif:",$authraw->{txt30},"");
|
||||
$response->{bikes} = $apif->bikes_available($q,\%varenv,$authraw);
|
||||
|
|
|
|||
|
|
@ -47,8 +47,8 @@ sub tpl(){
|
|||
|
||||
if($users_sharee->{c_id} && $R::sharee_edit ne "delete_account2" && ($users_sharee->{c_id} eq $varenv->{superu_id} || $users_sharee->{c_id} eq "22262" || $dbt->{copri_conf}->{stage} eq "test")){
|
||||
my $coo = $q->cookie('domcookie') || $q->param('sessionid') || "";
|
||||
my $api_test = "sharee_kn";
|
||||
#my $api_test = "sharee_fr01";
|
||||
#my $api_test = "sharee_kn";
|
||||
my $api_test = "sharee_fr01";
|
||||
print $q->div({-style=>'float:right;text-align:right;height:25px;padding:6px 15px;background-color:white'},$q->a({-style=>"color:#$bgcolor1;", -href=>"$varenv->{metahost}/src/scripts/tests/index.pl?sessionid=$coo\&api_test=$api_test", -target=>'_blank'}," [ $api_test ] ")),"\n";
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue