package Mod::Indexsharee;
#
# SPDX-License-Identifier: AGPL-3.0-or-later
# Copyright (c) Rainer Gümpelein, TeilRad GmbH
#
#
use strict;
use warnings;
use POSIX;
use CGI::Cookie ();
use CGI ':standard';
use DateTime;
use DateTime::Format::Pg;
use DBI;
use Apache2::RequestUtil ();
use Apache2::RequestIO ();
use Apache2::Const -compile => qw(OK);
use Scalar::Util qw(looks_like_number);
use Lib::Config;
use Mod::Buttons;
use Mod::Prelogic;
use Lib::Mlogic;
use Mod::Basework;
use Mod::DBtank;
use Mod::Libenzdb;
use Mod::APIfunc;
use Mod::Shareework;
use Mod::Prelib;
use Mod::Payment;
use Mod::Modalbox;
use Mod::Modalbox3;
use Data::Dumper;
sub handler {
my $re = shift;
my $q = new CGI();
$q->import_names('R');
my $cf = new Config;
my $ml = new Mlogic;
my $bw = new Basework;
my $pre = new Prelogic;
my $tk = new Shareework;
my $dbt = new DBtank;
my $db = new Libenzdb;
my $apif = new APIfunc;
my $but = new Buttons;
my $pl = new Prelib;
my $payone = new Payment;
my %varenv = $cf->envonline();
my $netloc = $q->url(-base=>1);
my $dbh = "";
my $script = $q->script_name();
my $referer = $q->referer();
my $path = $q->path_info();
$path = "$script" . "$path";
$path =~ s/\.html//;
my $refer = $ENV{HTTP_REFERER};
my $now_dt = strftime "%Y-%m-%d %H:%M:%S", localtime;
my $return = "";
my $returnwww = "";
my $html_charset = "utf-8";
my $user_agent = $q->user_agent();
my $debug=1;
my $lang = "en";
$lang = $1 if($q->http('Accept-Language') =~ /^(\w+)/);
$lang = lc($lang) if($lang);
my $feedb = {
c_id => "",
message => "",
i_rows => 0,
u_rows => 0,
d_rows => 0,
};
#$mode is used to set GUI features like "maintainer" contextmenue
my $modes = $dbt->{shareedms_conf}->{modes};
my $mode = "";
if($R::mode && length($R::mode) >= 5 && $R::mode =~ /($modes)/){
$mode = "$R::mode";
}elsif($path && $path =~ /\/($modes)$/){
$mode = $1;
}elsif($path && $path =~ /\/($modes)\?\w/){
$mode = $1;
}
#main datadir is main config directive like "shareeapp-kn" and catched by syshost name
if($netloc =~ /:\/\/(sharee\w+-\w+)\.copri/){
#$bw->log("Indexsharee merchant select by netloc:",$netloc,"");
$varenv{syshost} = $1 if( -d "/var/www/copri-bike/$1");
$mode = "manager" if($varenv{syshost} =~ /shareedms-/ && !$mode);
}elsif($netloc =~ /lastenradbayern\.net/){
$varenv{syshost} = "shareeweb-bayern";
}
exit 0 if(!$varenv{syshost});
if($varenv{orga} ne "dms" && $path =~ /DMS|Waren|Kunden\/|Einstellung|journal|Faktur/i){
print redirect("$varenv{wwwhost}");
exit 0;
}
my $dyn_js = "";
my $users_dms = {};
my $users_sharee = {};
my $api_return = {};
print $q->header(-charset=>"$html_charset");
my $coo = $q->cookie('domcookie') || $R::sessionid || "";
#Prio sessionid if also domcookie is set ... and s.u.
if($R::sessionid && $R::sessionid ne $q->cookie('domcookie')){
$coo = $q->param('sessionid');
my $cookie = CGI::Cookie->new(-name => 'domcookie',-value => $coo);
print $q->header(-charset=>"$html_charset", -cookie=>$cookie);
}
my $aowner = "";
my $return_merchant = {
merchant_id => "",
project_id => "",
};
($aowner,$return_merchant) = $apif->fetch_merchant($q,\%varenv,$coo,$R::merchant_id);
$varenv{merchant_id} = $return_merchant->{merchant_id};
$varenv{project_id} = $return_merchant->{project_id};
$bw->log("Indexsharee merchant select used with merchant_id $varenv{merchant_id}, project_id $varenv{project_id}, access_owner $aowner",$varenv{merchant_id},"");
($api_return,$users_sharee) = $apif->auth_verify($q,$coo,"");
#login-screen should only be available if auth_verify fails
if($R::login_sharee || $R::login_dms){
#1. logout
$apif->authout($q,$coo);
my $hw_id = unpack ('H*', pack('Nc', time, $$ % 0xff));#old $co
#3. authorize
my $author = { authcookie => ""};
$author = $apif->authorization($q,$varenv{merchant_id},$hw_id,$lang,$aowner);#$co like browser hw_id
#4. verify and get user values
($api_return,$users_sharee) = $apif->auth_verify($q,$author->{authcookie},"");
#print "$author->{authcookie},$users_sharee->{c_id}"; exit;
#5. domcookie by authcookie substr (cut first 15 chars), AND also sessionid
if($author->{authcookie} && length($author->{authcookie}) > 30){
# take last 21 chars
$coo = substr $author->{authcookie}, 15;
my $cookie = CGI::Cookie->new(-name => 'domcookie',-value => $coo);
print $q->header(-charset=>"$html_charset", -cookie=>$cookie);
#DMS login
if($users_sharee->{c_id} && $varenv{orga} eq "dms" && $R::login_dms eq "Login" && $coo && length($coo) > 20){
$users_dms = $dbt->select_users($dbh,$users_sharee->{c_id});
my $update_users = {
table => "users",
owner => $aowner,
u_id => $users_dms->{u_id}
};
$dbt->update_one($dbh,$update_users,"cookie='$coo'") if($users_dms->{u_id});
print redirect("$varenv{wwwhost}");
exit 0;
}
}
}
my $session="";
my $session_and="";
if(length($coo) > 20 && !$q->cookie(-name=>'domcookie')){
#if(length($coo) > 20){#breaks login
$session = "?sessionid=$coo";
$session_and = "&sessionid=$coo";
$bw->log("Indexsharee authcookie userid=$users_sharee->{c_id} by using sessionid=$coo with merchant_id $varenv{merchant_id}, project_id $varenv{project_id}, referer=$referer, path=$path, access_owner $aowner",$varenv{merchant_id},"");
}else{
$bw->log("Indexsharee authcookie userid=$users_sharee->{c_id} by using cookie=$coo with merchant_id $varenv{merchant_id}, project_id $varenv{project_id}, referer=$referer, path=$path, access_owner $aowner",$varenv{merchant_id},"");
}
#DMS
if($users_sharee->{c_id} && $varenv{orga} eq "dms" && $coo && length($coo) > 20){
$users_dms = $dbt->select_users($dbh,$users_sharee->{c_id},"and cookie='$coo'");
}
if($varenv{dbname} eq $dbt->{primary}->{sharee_primary}->{database}->{dbname}){
$varenv{cms} = $dbt->fetch_cms($dbh,{ lang => $q->escapeHTML($lang) });
}else{
my $dbh_primary = $dbt->dbconnect_extern($dbt->{primary}->{sharee_primary}->{database}->{dbname});
$varenv{cms} = $dbt->fetch_cms($dbh_primary,{ lang => $q->escapeHTML($lang) });
}
#Save anyway on create ... and hopefully delete it later
if($R::sharee_edit && $R::sharee_edit =~ /create_account/ && $R::txt04 && $R::txt04 =~ /\w+/ && $R::txt08 && $R::txt08 =~ /\w+\@\w+/){
#1. logout
$apif->authout($q,$coo);
#create_account. 2. inserts contentadr
my $tinkc_id = $tk->create_account($aowner);
($returnwww,$feedb) = $tk->save_account($q,$tinkc_id,\%varenv,$aowner);
#Like login_sharee, redundant
my $hw_id = unpack ('H*', pack('Nc', time, $$ % 0xff));#old $co
#3. authorize
my $author = $apif->authorization($q,$varenv{merchant_id},$hw_id,$lang,$aowner);#$co like browser hw_id
#print "3. authorize: " . $author->{authcookie} . " -- " . $q->param('authcookie') . " ++ " . $coo . "
";
#4. verify and get user values
($api_return,$users_sharee) = $apif->auth_verify($q,$author->{authcookie},"",$author->{new_authcoo});
#print "4. verifyize: " . $author->{authcookie} . " -- c_id: " . $users_sharee->{c_id} . " ++ " . $coo . "
";
#5. domcookie by authcookie substr (cut first 15 chars), AND also sessionid
if($author->{authcookie} && length($author->{authcookie}) > 30){
# take last 21 chars
$coo = substr $author->{authcookie}, 15;
my $cookie = CGI::Cookie->new(-name => 'domcookie',-value => $coo);
print $q->header(-charset=>"$html_charset", -cookie=>$cookie);
#print "5. set cookie: " . $author->{authcookie} . " -- " . $q->param('authcookie') . " ++ " . $coo . "
";
#if user-pw authorized, then ignore conflict_ because it matches exist user-data
#should be result to Uhps page
if($tinkc_id && $returnwww && $returnwww =~ /conflict_txt07|conflict_txt08/){
$return = $tk->delete_account($tinkc_id,$users_dms->{u_id});
$apif->authout($q,$coo) if($coo);
print redirect("$varenv{wwwhost}/$varenv{mandant}/Anmelden?conflict_failure=1");
exit 0;
}
elsif(length($coo) > 20){
#we need this to get $R::sessionid to FormEdit
($api_return,$users_sharee) = $apif->auth_verify($q,$author->{authcookie},"");
if(($returnwww && $returnwww =~ /failure::(.*)/) || ($users_sharee->{txt31} && $users_sharee->{txt31} =~ /\w/)){
$returnwww =~ s/::/=/g;
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1}?sessionid=$coo\&$returnwww");
exit 0;
}else{
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1_5}?sessionid=$coo");
exit 0;
}
}
}
}
#$payable_check==1 if payment data OK
#$payable_check==2 if payment data AND sms-,email-Ack,:!Vde,AGB OK
my $payable_check=0;
$payable_check = $bw->isuser_rentable($users_sharee,\%varenv);
# Logout
if($mode =~ /logout/){
if($mode =~ /logout_sharee/){
$apif->authout($q,$coo);
}else{
$db->cook_out($coo);
}
print redirect("$varenv{wwwhost}");
exit 0;
}
my $tpl = $dbt->get_tpl($dbh,"302001");#Kundendaten template
$tpl->{tpl_order} .= ",txt04,txt08,int14";
if($R::login_sharee){
if($users_sharee->{c_id} && (!$payable_check || ($users_sharee->{txt31} && $tpl->{tpl_order} =~ /$users_sharee->{txt31}/))){
my $row = $db->updater("contentadr","c_id","$users_sharee->{c_id}","int12","1") if(!$payable_check);#Vde
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1}$session");
exit 0;
}elsif($users_sharee->{c_id} && !$payable_check){
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_2}$session");
exit 0;
}elsif(!$users_sharee->{c_id} || ($users_sharee->{c_id} && $users_sharee->{c_id} !~ /^\d+$/)){
print redirect("$varenv{wwwhost}/$varenv{mandant}/Anmelden?failure=1$session_and");
exit 0;
}else{
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_3}$session");
exit 0;
}
}
my $oncontextmenu="";
$oncontextmenu="return false;";# if($mode =~ /maintainer/);
$oncontextmenu="" if(!$users_dms->{u_id});
#Menu & node_path handling
my $view = "";
my @viewsel = ("app","shareestart");
if($path && $path =~ /^\/\w/ && $path =~ /^\/(.*)/){
@viewsel = split /\//,$1;
if("$path" =~ /\/$modes$/){
pop @viewsel;
}
$view = $viewsel[0];
}
my $node_meta = $dbt->get_node_meta($dbh,\@viewsel);
#DMS & Tools
if($varenv{orga} eq "dms" && $users_dms->{u_id}){
if($R::cal_delta_start){
use Date::Calc qw(Add_Delta_YMD);
my $day = strftime "%d", localtime;
my $mon = strftime "%m", localtime;
my $year = strftime "%Y", localtime;
$users_dms->{cal_start} =~ s/\s.*//;
($year,$mon,$day) = split(/-/,$users_dms->{cal_start}) if($users_dms->{cal_start});
my ($year1,$mon1,$day1) = split(/:/,$R::cal_delta_start);
my ($Dy,$Dm,$Dd) = Add_Delta_YMD($year,$mon,$day, $year1,$mon1,$day1);
$db->users_up("cal_start","$Dy-$Dm-$Dd",$users_dms->{u_id});
}
if($R::cal_today){
my $today4db = strftime("%Y-%m-%d %H:%M",localtime(time));
$db->users_up("cal_start","$today4db",$users_dms->{u_id});
}
if($R::cal_sort_updown){
$db->users_up("cal_sort_updown",$R::cal_sort_updown,$users_dms->{u_id});
}
if($R::col_sort && $node_meta->{ct_table}){
$db->users_up("col_sort_$node_meta->{ct_table}",$R::col_sort,$users_dms->{u_id});
}
if($R::sort_updown){
$db->users_up("sort_updown_$node_meta->{ct_table}",$R::sort_updown,$users_dms->{u_id});
}
#base_edit implements new DMS methodes without Pre* things
#permissions
#DMS Kunden rw
if($R::base_edit && $node_meta->{ct_table} eq "contentadr"){
$bw->log("DMS action from $users_dms->{u_id} on $node_meta->{ct_table}",$q,"");
my $dbh_primary = $dbt->dbconnect_extern($dbt->{primary}->{sharee_primary}->{database}->{dbname});
my $users_dms_primary = { u_id => 0 };
$users_dms_primary = $dbt->select_users($dbh_primary,$users_dms->{u_id},"and int02 >= 1");
if($users_dms_primary->{u_id} && $users_dms_primary->{int02} == 2 && $users_dms->{u_id} && $users_dms->{int02} == 2){
if($R::c_id && $R::base_edit eq "remove_chk4rel"){
my $delete_key = "delete_adr";
$return = "failure::Datensatz wirklich löschen. ::?base_edit=$delete_key\&exit_box2=1\&c_id=$R::c_id ::löschen";
}elsif($R::c_id && $R::base_edit eq "delete_adr"){
$return = $tk->delete_account($R::c_id,$users_dms->{u_id});
}elsif($R::c_id && $R::base_edit eq "save_adr"){
($returnwww,$feedb) = $tk->save_account($q,$R::c_id,\%varenv,$users_dms->{u_id});
}
}else{
$feedb->{message} = "failure::Abbruch. Schreibender Zugriff \"Kunden Stammdaten\" verweigert.";
}
}
#DMS users accounts
if($R::base_edit && $node_meta->{ct_table} eq "users"){#DMS-Account rw
$bw->log("DMS action from $users_dms->{u_id} on $node_meta->{ct_table}",$q,"");
if($users_dms->{u_id} && $users_dms->{int07} == 2){
if($R::u_id && $R::base_edit eq "remove_chk4rel"){#users
my $delete_key = "delete_dmsusers";
$feedb->{message} = "failure::Datensatz wirklich löschen. ::?base_edit=$delete_key\&exit_box2=1\&u_id=$R::u_id ::löschen";
}elsif(($R::u_id || $R::c_idadr) && $R::base_edit =~ /_dmsusers/){
my $u_id = $1 if($R::u_id && $R::u_id =~ /(\d+)/);
$u_id = $1 if($R::c_idadr && $R::c_idadr =~ /(\d+)/ && $R::base_edit eq "new_dmsusers");
$feedb = $pl->manage_dmsusers($q,\%varenv,$R::base_edit,$u_id,$users_dms);
}
}else{
$feedb->{message} = "failure::Abbruch. Schreibender Zugriff \"DMS-Account\" verweigert.";
}
}
#DMS Waren
if(($R::rel_edit || $R::base_edit) && $node_meta->{ct_table} eq "content"){
$bw->log("DMS action from $users_dms->{u_id} on $node_meta->{ct_table}",$q,"");
if($users_dms->{u_id} && $users_dms->{int01} == 2){
if($R::rel_edit eq "save_relation" && $R::main_id && $R::main_id >= 200000){
$return = $pl->save_relation($q,$R::main_id,$users_dms->{u_id});
}elsif($R::rel_edit eq "delete_relation" && $R::main_id && $R::main_id >= 200000){
$return = $pl->delete_relation($q,$R::main_id,$users_dms->{u_id});
}elsif($R::rel_edit eq "new_relation" && $R::main_id && $R::main_id >= 200000){
$return = $pl->new_relation($q,$R::main_id,$users_dms->{u_id});
}elsif($R::base_edit eq "new_content" && $node_meta->{main_id} && $node_meta->{main_id} >= 200000){
$feedb = $pl->new_content($q,$users_dms,$node_meta);
}elsif($R::base_edit eq "save_content"){
$feedb = $pl->save_content($q,$users_dms,$node_meta,$R::c_id) if(looks_like_number($R::c_id));
$apif->stations_caching($q,\%varenv,$users_sharee) if($node_meta->{template_id} =~ /210|205|225/);
}elsif($R::base_edit eq "move_content"){
$feedb = $pl->move_content($q,$users_dms,$node_meta,$R::c_id) if(looks_like_number($R::c_id));
$apif->stations_caching($q,\%varenv,$users_sharee) if($node_meta->{template_id} == 205);
}elsif($R::c_id && $R::base_edit eq "remove_chk4rel"){
my $delete_key = "delete_content";
$feedb->{message} = "failure::Datensatz wirklich löschen. ::?base_edit=$delete_key\&exit_box2=1\&c_id=$R::c_id ::löschen";
}elsif($R::c_id && $R::base_edit eq "delete_content"){
$feedb = $pl->delete_content($node_meta,$R::c_id);
$apif->stations_caching($q,\%varenv,$users_sharee) if($node_meta->{template_id} =~ /210|205|225/);
}
}else{
$feedb->{message} = "failure::Abbruch. Schreibender Zugriff \"Waren Stammdaten\" verweigert.";
}
}
#Einstellung
if(($R::rel_edit || $R::base_edit) && $node_meta->{ct_table} eq "contentuser"){
$bw->log("DMS action from $users_dms->{u_id} on $node_meta->{ct_table}",$q,"");
if($users_dms->{u_id} && $users_dms->{int08} == 2){
if($R::rel_edit eq "save_ctuser" && $node_meta->{main_id} && $node_meta->{main_id} >= 200000){
$return = $pl->save_service_desc($q,$users_dms,$R::c_id);
}elsif($R::rel_edit eq "save_user"){
$feedb = $pl->save_content($q,$users_dms,$node_meta,$R::c_id) if(looks_like_number($R::c_id));
}elsif($R::base_edit eq "new_contentcms" && $node_meta->{main_id} && $node_meta->{main_id} >= 200000){
$feedb = $pl->new_content($q,$users_dms,$node_meta);
}elsif($R::base_edit eq "save_contentcms" && $node_meta->{main_id} && $node_meta->{main_id} >= 200000){
$feedb = $pl->save_content($q,$users_dms,$node_meta,$R::c_id) if(looks_like_number($R::c_id));
}elsif($R::c_id && $R::base_edit eq "remove_chk4rel"){
my $delete_key = "delete_contentuser";
$feedb->{message} = "failure::Datensatz wirklich löschen. ::?base_edit=$delete_key\&exit_box2=1\&c_id=$R::c_id ::löschen";
}elsif($R::c_id && $R::base_edit eq "delete_contentuser"){
$feedb = $pl->delete_content($node_meta,$R::c_id);
}
}else{
$feedb->{message} = "failure::Abbruch. Schreibender Zugriff \"Einstellung\" verweigert.";
}
}
#DMS Faktura
if($node_meta->{ct_table} eq "contenttrans"){
$bw->log("DMS action from $users_dms->{u_id} on $node_meta->{ct_table}",$q,"");
my $dbh_primary = $dbt->dbconnect_extern($dbt->{primary}->{sharee_primary}->{database}->{dbname});
my $users_dms_primary = { u_id => 0 };
$users_dms_primary = $dbt->select_users($dbh_primary,$users_dms->{u_id},"and int03 >= 1");
if($users_dms_primary->{u_id} && $users_dms_primary->{int03} >= 1 && $users_dms->{u_id} && $users_dms->{int03} >= 1 && $R::ct_trans eq "open"){#DMS Faktura read
$db->update_users4trans($R::c_id4trans,$R::tpl_id4trans,"",$users_dms->{u_id}) if(looks_like_number($R::c_id4trans) && looks_like_number($R::tpl_id4trans));
}
if($users_dms_primary->{u_id} && $users_dms_primary->{int03} == 2 && $users_dms->{u_id} && $users_dms->{int03} == 2){#DMS Faktura rw
$db->update_users4trans($R::c_id4trans,$R::tpl_id4trans,"",$users_dms->{u_id}) if(looks_like_number($R::c_id4trans) && looks_like_number($R::tpl_id4trans));
if($R::ct_trans =~ /set_workflow2invoice|set_workflow2storno/){
$return = $pl->set_workflow($q,$users_dms,$R::c_id4trans,$R::set_main_id4workflow) if(looks_like_number($R::c_id4trans) && looks_like_number($R::tpl_id4trans) && looks_like_number($R::set_main_id4workflow));
}elsif($R::ct_trans =~ /set_accounting2invoice/){
$return = $pl->set_accounting2invoice($q,$users_dms,$R::c_id4trans,$R::set_main_id4workflow) if(looks_like_number($R::c_id4trans) && looks_like_number($R::tpl_id4trans) && looks_like_number($R::set_main_id4workflow));
}elsif($R::ct_trans =~ /save_text|save_adr/){
$feedb = $pl->save_text2contenttrans($q,$users_dms,$R::c_id4trans) if(looks_like_number($R::c_id4trans));
}
#not used because of attachement
elsif($R::ct_trans =~ /email_generate/ && $R::c_id4trans && $R::email_select){
#my $sendref = $pl->prepare_email(\%varenv,$R::c_id4trans,$R::email_select);
#print redirect("mailto:$sendref->{mail_to}?subject=$sendref->{subject}\&body=$sendref->{message}");
#exit 0;
}
elsif($R::detail_search && $R::detail_search eq "operator_accounting"){
my $ck4ex = "@R::ck4ex" || "";
$return = $pl->operator_accounting($q,$users_dms,$users_sharee,$R::accounting_type,$ck4ex);
}
#on prepaid account
elsif($R::ct_trans eq "save_pos" && $R::tpl_id4trans == 219 && $R::c_idpos){
$feedb = $pl->save_contenttranspos($q,$R::c_idpos,$users_dms->{u_id});
}
#should do all else invoice text save , without positions and booking payment
elsif($R::ct_trans || $R::set_state || $R::v_abschluss || $R::trans2edit){
if($R::ct_trans !~ /_pos|open/ && looks_like_number($R::c_id4trans) && !$R::v_abschluss && !$R::trans2edit){
$feedb = $pl->save_text2contenttrans($q,$users_dms,$R::c_id4trans);
}
#in future the prelogic modul should be disabled at all
$return .= "|";
$return .= $pre->preinit($q,$node_meta,$users_dms);
}
}elsif($R::ct_trans){
$feedb->{message} = "failure::Abbruch. Schreibender Zugriff \"Faktura\" verweigert.";
}
}
#DMS Mietjournal
if($node_meta->{ct_table} eq "contenttranspos" && $R::base_edit eq "save_pos"){
$feedb = $pl->save_contenttranspos($q,$R::c_id,$users_dms->{u_id});
$apif->stations_caching($q,\%varenv,$users_sharee);
}
#DMS insert part or fee
if($node_meta->{ct_table} eq "contenttranspos" && $R::insert_contenttranspos){
$feedb = $pl->insert_contenttranspos($q,$R::cc_id,$R::ca_id,$R::ct_id,$users_dms->{u_id});
}
$users_dms = $dbt->select_users($dbh,$users_dms->{u_id},"");#just to get update after save
#none DMS hosts ----------------------------------------------------
}elsif($varenv{orga} ne "dms"){
#save_account. 3. updates contentadr
if($users_sharee->{c_id} && $R::sharee_edit && $R::sharee_edit =~ /save_account/){
($returnwww,$feedb) = $tk->save_account($q,$users_sharee->{c_id},\%varenv,$aowner);
}
if($users_sharee->{c_id} && $R::sharee_edit && $R::sharee_edit =~ /save_transact/){
$returnwww = $tk->save_transact($q,$users_sharee->{c_id},$coo,$aowner);
}
if($returnwww && $returnwww =~ /failure::(.*)/){
$returnwww =~ s/::/=/g;
($api_return,$users_sharee) = $apif->auth_verify($q,$coo,"");
if($returnwww =~ /txt22|txt23/){
#should be result to Uhps page
if($returnwww =~ /conflict_txt22/){
$return = $tk->delete_account($users_sharee->{c_id},$users_dms->{u_id});
$apif->authout($q,$coo) if($coo);
print redirect("$varenv{wwwhost}/$varenv{mandant}/Anmelden?conflict_failure=1$session_and");
exit 0;
}
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_2}?cum=1$session_and\&$returnwww");
}elsif($returnwww =~ /int03/){
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1_5}?cum=1$session_and\&$returnwww");
}elsif($returnwww =~ /txt09|txt16/){
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_3}?cum=1$session_and\&$returnwww");
}elsif($returnwww =~ /int01/ && $R::radID){
print redirect("$varenv{wwwhost}/?ask_radID=$R::radID\&failure=not-synced$session_and");
}else{
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1}?cum=1$session_and\&$returnwww");
}
exit 0;
}else{
($api_return,$users_sharee) = $apif->auth_verify($q,$coo,"");
#Payone Response POST (TransactionStatus)
#payone response ($R::pseudocardpan || $R::status)
if($users_sharee->{c_id} && ($R::pseudocardpan || $R::status)){
my $payone_return = "";
open(FILE,">>$varenv{logdir}/payone-return-post.log");
print FILE "<--- $now_dt from Indexsharee.pm \nPayone return-way by ajaxCall: $R::status\n";
my @keywords = $q->param;
foreach(@keywords){
my $val = $q->param($_);
print FILE "$_=$val\n";
$payone_return .= "$_=$val\n";# if($_ =~ /error|message/i);
}
close(FILE);
my $update_adr = {
table => "contentadr",
mtime => "now()",
owner => $aowner,
c_id => $users_sharee->{c_id}
};
my $vde_on_fail = $users_sharee->{int12} || 3;#keep last or set 3
#SEPA, done in payone Payment
#CC
if($R::pseudocardpan && length($R::pseudocardpan) >= 19){#done by payone AJAX return
#if($R::status eq "APPROVED")
$now_dt = strftime "%Y-%m-%d %H:%M:%S", localtime;
$update_adr->{txt22} = "";
$update_adr->{txt23} = "";
$update_adr->{ct_name} = $q->escapeHTML($R::pseudocardpan);
$update_adr->{txt27} = $q->escapeHTML($R::status);
$update_adr->{txt28} = $now_dt . "\n" . $q->escapeHTML($payone_return);
$update_adr->{int12} = 0 if($users_sharee->{int12} != 2);#Vde hard set by fibu
$update_adr->{int03} = 2;
$update_adr->{int24} = "null";#cpdate reset
$dbt->update_record($dbh,$update_adr,$users_sharee) if($users_sharee->{c_id} > 0);
($api_return,$users_sharee) = $apif->auth_verify($q,$coo,"");
#define fictiv invoice to get 1 € test
my $epoche = time();
my $ctt = {
c_id => 1,
int01 => 0,#capture amount
int15 => 1,#preauth amount
txt16 => "",
reference => "$users_sharee->{c_id}_$epoche",
payone_reset => ''
};
my $payone_txid = "";
##preauthorization and/or capture needs to much time, must be done async!
#$payone_txid = $payone->preauthorizationCC_main(\%varenv,$users_sharee,$ctt,$aowner);
#if($payone_txid)
if(1==1){
open(FILE,">>$varenv{logdir}/confirm.log") if($debug);
print FILE "\n\n*--> $now_dt done by $0\n" if($debug);
print FILE "trigger confirm-code request by pseudocardpan\n" if($debug);
#$ctt->{txt16} = "$payone_txid";
#$payone_txid = $payone->captureCC_main(\%varenv,$users_sharee,$ctt,$aowner);
#int12=0 should be set after capture success in payment module
if(($users_sharee->{int04} != 1) && ($users_sharee->{txt08} =~ /\w\@\w/)){
$tk->emailack(\%varenv,$users_sharee->{c_id});
}
if(($users_sharee->{int13} != 1) && ($users_sharee->{txt07} =~ /\d{9}/ && length($users_sharee->{txt07}) <= 16)){
$tk->smsack($users_sharee);
}
close(FILE) if($debug);
}else{
$dbt->update_one($dbh,$update_adr,"int12=$vde_on_fail");#Vde
}
$dbt->update_operatorsloop($varenv{dbname},$users_sharee->{c_id},"update");
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_3}?$returnwww$session_and");
exit 0;
}else{
$update_adr->{txt28} = $now_dt . " else pseudocardpan\n" . $q->escapeHTML($payone_return);
$update_adr->{int12} = $vde_on_fail;
$dbt->update_record($dbh,$update_adr,$users_sharee) if($users_sharee->{c_id} > 0);
$dbt->update_operatorsloop($varenv{dbname},$users_sharee->{c_id},"update");
}
}#end payone response with pseudocardpan
}
#send confirm codes
if($users_sharee->{c_id} && $users_sharee->{txt34} && length($users_sharee->{txt34}) > 10 && $payable_check && $R::sharee_edit && $R::sharee_edit =~ /save_account|send_email|send_sms/){
open(FILE,">>$varenv{logdir}/confirm.log") if($debug);
print FILE "\n\n*--> $now_dt done by $0\n" if($debug);
print FILE "trigger confirm-code request by $R::sharee_edit\n" if($debug);
if(($users_sharee->{int04} != 1 && $R::sharee_edit =~ /send_email/) && ($users_sharee->{txt08} =~ /\w\@\w/)){
$tk->emailack(\%varenv,$users_sharee->{c_id});
}
if(($users_sharee->{int13} != 1 && $R::sharee_edit =~ /send_sms/) && ($users_sharee->{txt07} =~ /\d{9}/ && length($users_sharee->{txt07}) <= 16)){
$tk->smsack($users_sharee);
}
close(FILE) if($debug);
}#send confirm code
#email and sms acknowledgments, check and save confirm states
if($R::confirm_userid && $R::confirm_userid =~ /^\d+$/ && ($R::confirm_code && length($R::confirm_code) >= 5 || $R::confirm_smscode && length($R::confirm_smscode) >= 5)){
#keep in mind, for now and just for testing confirm codes are just c_id
open(FILE,">>$varenv{logdir}/confirm.log") if($debug);
print FILE "\n\n*--> $now_dt done by $0\n" if($debug);
print FILE "confirm_userid:$R::confirm_userid\nconfirm_code:$R::confirm_code\nconfirm_smscode:$R::confirm_smscode\n" if($debug);
$R::confirm_code =~ s/\s//g;
$R::confirm_smscode =~ s/\s//g;
my $confirm_code = $q->escapeHTML($R::confirm_code);
my $confirm_smscode = $q->escapeHTML($R::confirm_smscode);
#confirm email
if($confirm_code){
my $authref = {
table => "contentadr",
fetch => "one",
template_id => "202",
c_id => $R::confirm_userid,
txt34 => "ilike::$confirm_code%",
};
my $confirmed_email = { c_id => 0 };
$confirmed_email = $dbt->fetch_record($dbh,$authref);
#($api_return,$users_sharee) = $apif->auth_verify($q,"",$R::confirm_code);
if($confirmed_email->{c_id}){
$db->updater("contentadr","c_id","$confirmed_email->{c_id}","int04","1");
#save verified email
$db->updater("contentadr","c_id","$confirmed_email->{c_id}","txt32","$confirmed_email->{txt08}");
print FILE "confirmed_email: $confirmed_email->{c_id} update because confirm_code:$confirm_code\n" if($debug);
#after mailAck, delete all douple adr with no mailAck
my $ctadr = $db->collect_ct4rel3("contentadr","","","ilike","txt08","$confirmed_email->{txt08}","","","");
foreach my $aid (keys(%$ctadr)){
if(!$ctadr->{$aid}->{int04}){
$db->delete_content("contentadr",$ctadr->{$aid}->{c_id});
print FILE "c_id $ctadr->{$aid}->{c_id} $confirmed_email->{txt08} delete because of dopplel\n" if($debug);
}
}
}
}
#confirm sms
if($confirm_smscode){
my $authref = {
table => "contentadr",
fetch => "one",
template_id => "202",
c_id => $R::confirm_userid,
txt34 => "ilike::%$confirm_smscode",
};
my $confirmed_sms = { c_id => 0 };
$confirmed_sms = $dbt->fetch_record($dbh,$authref);
#($api_return,$users_sharee) = $apif->auth_verify($q,"",$R::confirm_smscode);
if($confirmed_sms->{c_id}){
$db->updater("contentadr","c_id","$confirmed_sms->{c_id}","int13","1");
#save verified telnr
$db->updater("contentadr","c_id","$confirmed_sms->{c_id}","txt33","$confirmed_sms->{txt07}");
print FILE "confirmed_sms: $confirmed_sms->{c_id} update because confirm_smscode:$confirm_smscode\n" if($debug);
}
}
($api_return,$users_sharee) = $apif->auth_verify($q,"",$users_sharee->{c_id}) if($users_sharee->{c_id});
if($users_sharee->{int04} && $users_sharee->{int13}){
#2023-01-17 disabled because of should only be set by pseudocardpan ajax
#my $row = $db->updater("contentadr","c_id","$users_sharee->{c_id}","int12","0");#Vde
$dbt->update_operatorsloop($varenv{dbname},$users_sharee->{c_id},"update");
}else{
my $field = "int13";
$field = "int04" if(!$users_sharee->{int04});
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_3}?cum=5$session_and\&failure=$field#top");
exit 0;
}
if(!$coo){
print FILE "c_id: $users_sharee->{c_id} empty auth because of no cookie\n" if($debug);
$users_sharee = { c_id => 0 };
}
close(FILE) if($debug);
if($users_sharee->{c_id} && $users_sharee->{int04} && $users_sharee->{int13}){
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_3}?confirm_success=1$session_and");
exit 0;
}
}#end confirm
if($R::email && $R::sharee_edit =~ /password_forgotten/){
my $hw_id = unpack ('H*', pack('Nc', time, $$ % 0xff));#old $co
$tk->send_password(\%varenv,$R::email,$hw_id,$aowner);
}
#redirections
if($users_sharee->{c_id} && ($path =~ /$varenv{mandant}\/$varenv{profile}/ || $path =~ /$varenv{mandant}\/Account/)){
if($R::sharee_edit =~ /save_account/){
$returnwww =~ s/::/=/g if($returnwww && $returnwww =~ /success::\w+/);
($api_return,$users_sharee) = $apif->auth_verify($q,$coo,"");
$payable_check = $bw->isuser_rentable($users_sharee,\%varenv);
if((!$users_sharee->{int14}) || ($users_sharee->{txt31} && $tpl->{tpl_order} =~ /$users_sharee->{txt31}/)){
#failure redirect should do the delete job
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1}?failure=$users_sharee->{txt31}$session_and#top");
exit 0;
}
elsif(!$users_sharee->{int03}){
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1_5}$session");
exit 0;
}
elsif(!$payable_check && $users_sharee->{int03}){
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_2}$session");
exit 0;
}
elsif($payable_check && (!$users_sharee->{int04} || !$users_sharee->{int13})){
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_3}?cum=2\&sharee_edit=send_email_send_sms$session_and\&$returnwww");#send both
exit 0;
}
elsif($payable_check){
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_3}?cum=2-$payable_check$session_and\&$returnwww");
exit 0;
}
}elsif($path =~ /$varenv{mandant}\/$varenv{profile}/ && $referer !~ /failure=\w/){
if((!$users_sharee->{int14}) || ($users_sharee->{txt31} && $tpl->{tpl_order} =~ /$users_sharee->{txt31}/)){
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1}?cum=3\&failure=$users_sharee->{txt31}$session_and#top");
exit 0;
}elsif(!$payable_check){
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1_5}?cum=3$session_and\&$returnwww");
exit 0;
}else{
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_3}?cum=3$session_and\&$returnwww");
exit 0;
}
}
}
#redirect used by App user profile button
elsif($session && $users_sharee->{c_id} && ($path =~ /$varenv{mandant}\/Anmelden|$varenv{mandant}\/$varenv{profile}/)){
if(!$users_sharee->{int14}){
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1}?cum=4$session_and\&$returnwww");
exit 0;
}elsif(!$payable_check){
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_1_5}?cum=4$session_and\&$returnwww");
exit 0;
}else{
print redirect("$varenv{wwwhost}/$varenv{mandant}/Account/$varenv{accounting_3}?cum=4$session_and\&$returnwww");
exit 0;
}
}
###
}
#Printpreview
if($view =~ /Printpreview/){
require "Mod/Printpreview.pm";
&Printpreview::printpre();
exit 0;
}
elsif($view =~ /PDFGenerator/){
require "Mod/PDFGenerator.pm";
&PDFGenerator::printpre();
exit 0;
}
#CSVout
if($R::rel_edit && $R::rel_edit =~ /XLSout/){
$users_dms = $dbt->select_users($dbh,$users_dms->{u_id});
if(-f "$dbt->{copri_conf}->{basedir}/pdf/$users_dms->{owner}-$users_dms->{time4csv}.xls"){
print $q->redirect(-uri=>"$varenv{metahost}/pdf/$users_dms->{owner}-$users_dms->{time4csv}.xls", -type=>"application/octet-stream", -target=>'_blank');
exit 0;
}
}
my $dyn_css = "";
my $url = "$varenv{wwwhost}/$path";
my $onload="";
my $local_style = "$varenv{metahost}/$dbt->{shareeapp_conf}->{local_style}";
my $jquery = "";
my $jquery_ui = "";
my $style_jquery_ui = "";
my $js_bootstrap = "$varenv{metahost}/$dbt->{shareeapp_conf}->{js_bootstrap}";
my $style_bootstrap = "$varenv{metahost}/$dbt->{shareeapp_conf}->{style_bootstrap}";
my $style_bootstrap_icons = "$varenv{metahost}/$dbt->{copri_conf}->{style_bootstrap_icons}";
if($varenv{wwwhost} =~ /shareedms/){
$local_style = "$varenv{metahost}/$dbt->{shareedms_conf}->{local_style}";
$jquery = "$varenv{metahost}/$dbt->{shareedms_conf}->{jquery}";
$jquery_ui = "$varenv{metahost}/$dbt->{shareedms_conf}->{jquery_ui}";
$style_jquery_ui = "$varenv{metahost}/$dbt->{shareedms_conf}->{style_jquery_ui}";
$js_bootstrap = "$varenv{metahost}/$dbt->{shareedms_conf}->{js_bootstrap}";
$style_bootstrap = "$varenv{metahost}/$dbt->{shareedms_conf}->{style_bootstrap}";
$dyn_js = "\$(function() {
\$( '#datepicker1' ).datepicker({ dateFormat: 'dd.mm.yy', dayNamesMin: ['So', 'Mo', 'Di', 'Mi', 'Do', 'Fr', 'Sa'], monthNames: ['Januar','Februar','März','April','Mai','Juni','Juli','August','September','Oktober','November','Dezember']});
\$( '#datepicker2' ).datepicker({ dateFormat: 'dd.mm.yy', dayNamesMin: ['So', 'Mo', 'Di', 'Mi', 'Do', 'Fr', 'Sa'], monthNames: ['Januar','Februar','März','April','Mai','Juni','Juli','August','September','Oktober','November','Dezember']});
\$( '#datepicker3' ).datepicker({ dateFormat: 'dd.mm.yy', dayNamesMin: ['So', 'Mo', 'Di', 'Mi', 'Do', 'Fr', 'Sa'], monthNames: ['Januar','Februar','März','April','Mai','Juni','Juli','August','September','Oktober','November','Dezember']});
\$( '#datepicker4' ).datepicker({ dateFormat: 'dd.mm.yy', dayNamesMin: ['So', 'Mo', 'Di', 'Mi', 'Do', 'Fr', 'Sa'], monthNames: ['Januar','Februar','März','April','Mai','Juni','Juli','August','September','Oktober','November','Dezember']});
});";
}
my $favicon = "css/favicon.ico";
my $base_uri = "true";
my $title = "";
$title = $dbt->{primary}->{$varenv{dbname}}->{title} if($dbt->{primary}->{$varenv{dbname}}->{title});
$title = $dbt->{operator}->{$varenv{dbname}}->{title} if($dbt->{operator}->{$varenv{dbname}}->{title});
if($dbt->{website}->{$varenv{syshost}}->{title}){
$title = $dbt->{website}->{$varenv{syshost}}->{title};
$favicon = "data/favicon.ico";
}
$title .= " devel" if($dbt->{copri_conf}->{stage} eq "test");
my $html5 = $q->start_html(-title=>"$title",
-lang=>"$lang",
-onload=>"$onload",
-oncontextmenu=>"$oncontextmenu",
-encoding=>"$html_charset",
-base=>"$base_uri",
-target=>"",
-head=>[
Link({
-rel=>'shortcut icon',
-type=>'image/x-icon',
-href=>"$varenv{metahost}/$favicon"
})
],
-meta=>{
'viewport'=>"width=device-width,initial-scale=1,user-scalable=yes",
'author'=>"Rainer Gümpelein",
'publisher'=>"TeilRad GmbH",
'copyright'=>"TeilRad GmbH",
'keywords'=>"",
'description'=>"sharee.bike Mietradmanagementsystem"
},
-script=>[
{-language=>'JAVASCRIPT',
-src=>"$jquery"},
{-language=>'JAVASCRIPT',
-src=>"$jquery_ui"},
{-language=>'JAVASCRIPT',
-src=>"$varenv{metahost}/$dbt->{copri_conf}->{jsscript}"},
{-language=>'JAVASCRIPT',
-code=>"$dyn_js"}
],
-STYLE=>{
-code=>"$dyn_css",
-src=>[
"$local_style",
"$style_bootstrap",
"$style_bootstrap_icons",
"$style_jquery_ui"
],
-verbatim=>"\@import url(\"$local_style\");",
-media=>'screen'
}
);
# CGI.pm doesn't support HTML5 DTD; replace the one it puts in.
$html5 =~ s{}{}s;
$html5 =~ s{}{}s;
print $html5;
print $q->div({-style=>'background-color:black;color:white;'},""),"\n";
#feedb will be the new hashed return. todo refactoring
if(ref($return) eq "HASH"){
$feedb = $return;
}elsif($return =~ /failure::/){
$feedb->{message} = $return;
}
$ml->tpl($q,$node_meta,$users_dms,$mode,\%varenv,$users_sharee,$feedb);
if(ref($api_return) eq "HASH" && $api_return->{response_text}){
print<div#retm_konrad {position:fixed;right:40%;top:0;padding:5px;text-align:center;color:black;background-color:white;z-index:110;}
EOF
;
print $q->div({-id=>'retm_konrad'},"$api_return->{response_text}"),"\n";
}
print "\n";
print $q->end_html;
return Apache2::Const::OK;
}
1;