Chiefsoft/CoreGrade
1
0
Fork 0
Code Issues Pull Requests Releases Activity

fix

Browse Source
This commit is contained in:
Olusesan Ameye
2020-04-12 13:47:16 -04:00
parent 71d634b76e
commit 24ea6b9ae7
14 changed files with 494 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files
coregrade/src/include/coregrade_api.h
+18 -13
View File
@@ -23,6 +23,9 @@
#define COREGRADE_ACCOUNT_TESTEMAIL 11001
#define COREGRADE_ACCOUNT_PENDING 11010
#define COREGRADE_VERIFY_PENDING_LINK 11015
#define COREGRADE_START_RESET_PASSWORD 11017
#define COREGRADE_ACCOUNT_CREATEACC 11020
#define COREGRADE_ACCOUNT_LOGIN 11025
#define COREGRADE_ACCOUNT_ADDCARD 11027
@@ -41,7 +44,9 @@
//**************************************************************
#define RESET_START 100
#define RESET_CONFIRM 200
#define RESET_COMPLETE 300
@@ -56,15 +61,15 @@
#define COREGRADE_INTERSW_DO_TRANSFER 560
#define COREGRADE_INTERSW_QUERY_TRANSACTION 561
#define COREGRADE_ADD_MONEYRECIPIENT 600
#define COREGRADE_ADD_MONEYRECIPIENT 600
#define COREGRADE_CREATE_USER_ACCOUNT 700
#define COREGRADE_USER_ACCOUNT_LOGIN 710
#define COREGRADE_START_PASSWORDRESET 720
#define COREGRADE_COMPLETE_PASSWORDRESET 730
#define COREGRADE_START_ADDMONEY 770
#define COREGRADE_COMPLETE_ADDMONEY 775
#define COREGRADE_START_ADDMONEY 770
#define COREGRADE_COMPLETE_ADDMONEY 775
#define COREGRADE_ADD_MOBILE_TOPUPNUM 900
#define COREGRADE_PROMO_CALL 990
@@ -78,27 +83,27 @@
#define COREGRADE_TOPUP_ORDER 900020
#define COREGRADE_TOPUP_ORDER_PURCHASE 900030
#define COREGRADE_TOPUP_ORDER_PURCHASE 900030
#define COREGRADE_PAYPAL_IPNMSG 900090
#define COREGRADE_BULKTOPUP_ORDER 700010
#define COREGRADE_BULKTOPUP_ITEM 700020
#define COREGRADE_BULKTOPUP_ITEMUPDATE 700030
#define COREGRADE_BULKTOPUP_DELIVER 700040
#define COREGRADE_BULKTOPUP_ORDER 700010
#define COREGRADE_BULKTOPUP_ITEM 700020
#define COREGRADE_BULKTOPUP_ITEMUPDATE 700030
#define COREGRADE_BULKTOPUP_DELIVER 700040
#define COREGRADE_BALANCE_TOPUP_ORDER 800020
#define COREGRADE_BALANCE_TOPUP_PURCHASE 800030
#define COREGRADE_BALANCE_TOPUP_PAYMENT 800040
#define COREGRADE_BALANCE_TOPUP_PURCHASE 800030
#define COREGRADE_BALANCE_TOPUP_PAYMENT 800040
#define VIRTUAL_AIRTOPUP 70011
#define VIRTUAL_AIRTOPUP 70011
#define PAY_MODE_BALANCE 0
#define PAY_MODE_CCARD 1
#define PAY_MODE_BONUS 9
#define PAY_MODE_BONUS 9
#define APPROVED_BALANCE 5
#define DISAPROVE_BALANCE 3
coregrade/src/include/email.h
+8
View File
@@ -8,6 +8,14 @@ long WelcomeAccountMail(CVars in);
long GroupCreateMemberMail(CVars in);
long CreateCoreGradeGroupMail(CVars in);
long member_email_calls(long action, CVars in, CVars &out);
/*long transporter_email_calls(long action, CVars in, CVars &out);
long agent_email_calls(long action, CVars in, CVars &out);
long cron_email_calls(long action, CVars in, CVars &out);
long alert_email_calls(long action, CVars in, CVars &out);
long email_test(CVars in, CVars &out);
long provider_email_calls(long action, CVars in, CVars &out); */
long carpool_email_calls(long action, CVars in, CVars &out);
long send_email(CVars in, CVars &out);
coregrade/src/shared_tool/account.cc
+192 -8
View File
@@ -11,10 +11,15 @@
#include "pgsql_wrapper.h"
#include "cfg.h"
#include <curl/curl.h>
#include "email.h"
#define CREATE_BY_EMAIL 1000
#define CREATE_BY_PHONE 2000
long CreateDefaultPage(CVars in, CVars &out);
long CreateUserPage(CVars in, CVars &out);
long AddPageCard(CVars in, CVars &out);
@@ -94,6 +99,8 @@ string base64_decode(string const& encoded_string) {
return ret;
}
long passwordReset(CVars in, CVars &out);
long account_calls(CVars in, CVars &out) {
logfmt(logINFO, "account_calls()");
out["result"] = "YES I GET TO BACK END";
@@ -111,6 +118,10 @@ long account_calls(CVars in, CVars &out) {
return CreateCoreGradeAccountPending(in, out);
break;
case COREGRADE_START_RESET_PASSWORD:
return passwordReset(in, out);
break;
case COREGRADE_ACCOUNT_CREATEACC:
return CreateCoreGradeAccount(in, out);
break;
@@ -122,11 +133,179 @@ long account_calls(CVars in, CVars &out) {
case COREGRADE_ACCOUNT_ADDPAGECARD:
return AddPageCard(in, out);
break;
}
logfmt(logINFO, "/account_calls()");
return 0;
}
/*************************************************************************************************************************/
long startPassReset(CVars in, CVars &out);
long confirmPassReset(CVars in, CVars &out);
long completePassReset(CVars in, CVars &out);
long passwordReset(CVars in, CVars &out) {
logfmt(logINFO, "passwordReset()");
long mode = REQ_LONG(in, "mode", 0, -1);
switch (mode) {
case RESET_START:
return startPassReset(in, out);
break;
case RESET_CONFIRM:
return confirmPassReset(in, out);
break;
case RESET_COMPLETE:
return completePassReset(in, out);
break;
}
}
/*
#define RESET_START 100
#define RESET_CONFIRM 200
#define RESET_COMPLETE 300
*/
long startPassReset(CVars in, CVars &out) {
logfmt(logINFO, "startPassReset()");
long ret = PHP_API_BAD_PARAM;
CVars x, y;
try {
REQ_STRING(in, "username", 2, 49, "(.*)");
const char *loc = getenv("REMOTE_ADDR");
ret = load_db_record(out, "SELECT id AS member_id,now() AS reset_seed FROM members WHERE status=1 AND LOWER(username)=LOWER('%s') ", in["username"].c_str());
if (ret && out["member_id"].Long() > 0) {
// remove all existing session
pgsql_exec("UPDATE resetpassword SET status=7 WHERE status NOT IN (3,5) AND member_id=%ld ", out["member_id"].Long());
// Create New Session Now
if (load_db_record(y, "SELECT floor( random()*100000) AS reset_pin ,md5('%s') AS reset_key", out["reset_seed"].c_str()) >= 0) {
x["username"] = in["username"];
x["member_id"] = out["member_id"];
x["loc"] = loc;
x["reset_key"] = y["reset_key"];
x["reset_pin"] = y["reset_pin"];
x["username"].set_valid(true);
x["loc"].set_valid(true);
x["reset_key"].set_valid(true);
x["reset_pin"].set_valid(true);
x["member_id"].set_valid(true);
out["reset_id"] = insert_db_record(DBS_VALID, "resetpassword", "resetpassword_id_seq", x);
if (out["reset_id"].Long() > 0) {
ret = PHP_API_OK;
out["reset_key"] = "YOU WILL GET THIS IF PIN IS CORRECT IN CONFIRM"; //x["reset_key"];
out["mode"] = RESET_START;
member_email_calls(in["action"].Long(), out, x); // note the use of out to send in
}
}
} else {
x["username"] = in["username"];
x["loc"] = loc;
x["status"] = 3;
x["username"].set_valid(true);
x["loc"].set_valid(true);
x["status"].set_valid(true);
out["reset_id"] = insert_db_record(DBS_VALID, "resetpassword", "resetpassword_id_seq", x);
out["status_message"] = "Invalid Username or disabled account";
out["status_advice"] = "Check username or Contact support";
}
out["reset_seed="] = "REMOVED";
} catch (bad_parameter) {
out["status_message"] = "Reset Error A00";
logfmt(logINFO, "ERROR CALL long startPassReset(CVars in, CVars &out)");
}
return ret;
}
long confirmPassReset(CVars in, CVars &out) {
logfmt(logINFO, "confirmPassReset()");
long ret = PHP_API_BAD_PARAM;
CVars x, y;
try {
REQ_STRING(in, "username", 2, 49, "(.*)");
REQ_LONG(in, "reset_pin", 0, -1);
const char *loc = getenv("REMOTE_ADDR");
ret = load_db_record(out, "SELECT *, id AS reset_id FROM resetpassword WHERE status = 0 AND LOWER(username)=LOWER('%s') AND reset_pin='%lu' AND loc='%s'", in["username"].c_str(), in["reset_pin"].Long(), loc);
if (ret && out["id"].Long() > 0) {
pgsql_query("UPDATE resetpassword SET status = 1 WHERE id =%lu", out["reset_id"].Long());
ret = PHP_API_OK;
} else {
out["status_message"] = "Invalid PIN or disabled account";
out["status_advice"] = "Contact support or Start all over";
}
// out["reset_seed="] = "REMOVED";
} catch (bad_parameter) {
out["status_message"] = "Reset Error A02";
logfmt(logINFO, "ERROR CALL long confirmPassReset(CVars in, CVars &out)");
}
return ret;
}
long completePassReset(CVars in, CVars &out) {
logfmt(logINFO, "completePassReset()");
long ret = PHP_API_BAD_PARAM;
CVars x, y;
try {
REQ_STRING(in, "username", 2, 49, "(.*)");
REQ_STRING(in, "newpass", 5, 15, "(.*)");
REQ_LONG(in, "reset_pin", 0, -1);
REQ_STRING(in, "reset_key", 2, 49, "(.*)");
const char *loc = getenv("REMOTE_ADDR");
ret = load_db_record(out, "SELECT *,id AS reset_id FROM resetpassword WHERE status=1 AND LOWER(username)=LOWER('%s') AND reset_pin='%lu' AND loc='%s' AND reset_key='%s'", in["username"].c_str(), in["reset_pin"].Long(), loc, in["reset_key"].c_str());
if (ret && out["reset_id"].Long() > 0) {
char mcf[128];
int result = 0; //libscrypt_hash(mcf, in["password"].c_str(), SCRYPT_N, SCRYPT_r, SCRYPT_p);
if (result > 0) {
if (pgsql_query("UPDATE members SET password='%s' WHERE id =%lu", mcf, out["member_id"].Long()) >= 0) {
pgsql_query("UPDATE resetpassword SET status = 5,reset_key=NULL WHERE id =%lu", out["reset_id"].Long());
ret = PHP_API_OK;
}
out["reset_key"] = "YOU WILL GET THIS IF PIN IS CORRECT IN CONFIRM"; //x["reset_key"];
out["mode"] = RESET_COMPLETE;
member_email_calls(in["action"].Long(), out, x); // note the use of out to send in
} else {
logfmt(logINFO, "ERROR create hash using SCRYPT");
}
} else {
out["status_message"] = "Invalid call or disabled account";
out["status_advice"] = "Contact Support";
}
// out["reset_seed="] = "REMOVED";
} catch (bad_parameter) {
out["status_message"] = "Reset Error A03";
logfmt(logINFO, "ERROR CALL long confirmPassReset(CVars in, CVars &out)");
}
return ret;
}
/*************************************************************************************************************************/
long AddPageCard(CVars in, CVars &out) {
long ret = PHP_API_BAD_PARAM;
@@ -155,16 +334,13 @@ long AddPageCard(CVars in, CVars &out) {
x["member_id"] = in["member_id"];
x["member_id"].set_valid(true);
x["item_type"] = in["item_type"];
x["item_type"].set_valid( true );
x["item_type"].set_valid(true);
ret = insert_db_record(DBS_VALID, "members_page_item", "members_page_item_id_seq", x);
out["page_item_id"] = insert_db_record(DBS_VALID, "members_page_item", "members_page_item_id_seq", x);
// } else {
// out["status"] = "Error";
// }
if (out["page_item_id"].Long()) {
ret = PHP_API_OK;
}
} catch (bad_parameter) {
out["status"] = "Invalid session ID";
@@ -271,6 +447,14 @@ long LoginCoreGradeAccount(CVars in, CVars &out) {
out["status"] = "Invalid username and/or password";
}
// make sure we have folder for the user
if (out["folder"] == "") {
load_db_record(out, "SELECT upper(md5( now()::text )) AS folder");
CVars x;
x["folder"] = out["folder"];
x["folder"].set_valid(true);
update_db_record(DBS_VALID, "members", x, out["member_id"].Long());
}
logfmt(logINFO, "/LoginCoreGradeAccount()");
return ret;
coregrade/src/shared_tool/email.cc
+190
View File
@@ -12,7 +12,197 @@ void vars2form( CVars &v, C_CGI_Form &form );
extern int mailsend(CVars in,CVars &out);
long carpool_email_calls(long email_action, CVars in, CVars &out) {
logfmt(logINFO, "carpool_email_calls() action=%lu", email_action);
out["result"] = "ECHO BACKEND";
CVars x, y, z, x1, x2;
long ret = 0;
const char *loc = getenv("REMOTE_ADDR");
C_CGI_Form form("", "");
char accept_link[150];
char reject_link[150];
out["contactus"] = CfgReadChar("system.contactus");
out["facebook"] = CfgReadChar("system.facebook");
out["twitter"] = CfgReadChar("system.twitter");
out["site_www"] = CfgReadChar("system.site_www");
//https://www.float.sg/
try {
form.LetStr("site_name", "Float");
form.LetStr("site_www", out["site_www"].c_str());
form.LetStr("contactus", out["contactus"].c_str());
form.LetStr("facebook", out["facebook"].c_str());
form.LetStr("twitter", out["twitter"].c_str());
// email_action = SAVVY_BKO_CARPOOL_FRIENDMESSAGE;
logfmt(logINFO, "carpool_email_calls() 11 - JOY email_action=%lu", email_action);
switch (email_action) {
logfmt(logINFO, "carpool_email_calls() 00 - FAITH");
/*
case SAVVY_BKO_CARPOOL_FRIENDMESSAGE:
logfmt(logINFO, "carpool_email_calls() 01");
if (load_db_record(x, "SELECT cf.email AS friend_email, cf.*,cp.member_id,m.firstname AS invite_firstname FROM members_carpool_friends cf LEFT JOIN members_carpool cp ON cp.id =cf.carpool_id LEFT JOIN members m ON m.id =cp.member_id WHERE cf.id =%lu ", in["carpool_friend_id"].Long())) {
snprintf(accept_link, sizeof (accept_link), "lmsg/carpool?pid=%s&ans=accept", x["link"].c_str());
snprintf(reject_link, sizeof (reject_link), "lmsg/carpool?pid=%s&ans=reject", x["link"].c_str());
form.LetStr("reject_link", reject_link);
form.LetStr("accept_link", accept_link);
logfmt(logINFO, "carpool_email_calls() 02");
// form.LetStr("msgid", "ABCDEFGHIJKLMNOPQRST");
logfmt(logINFO, "carpool_email_calls() 03");
vars2form(x, form);
form.LetStr("subject", "Carpool Invitation");
form.LetStr("email", x["friend_email"].c_str());
form.Email("carpool/carpool_invite.mailfile");
}
break;
case SAVVY_BKO_CARPOOL_FRIENDACCEPT:
logfmt(logINFO, "carpool_email_calls() 01");
if (load_db_record(x, "SELECT m.email AS sender_email, cf.*,cp.member_id,cf.firstname AS friend_firstname FROM members_carpool_friends cf LEFT JOIN members_carpool cp ON cp.id =cf.carpool_id LEFT JOIN members m ON m.id =cp.member_id WHERE cf.id =%lu ", in["carpool_friend_id"].Long())) {
snprintf(accept_link, sizeof (accept_link), "lmsg/carpool?pid=%s&ans=accept", x["link"].c_str());
snprintf(reject_link, sizeof (reject_link), "lmsg/carpool?pid=%s&ans=reject", x["link"].c_str());
form.LetStr("reject_link", reject_link);
form.LetStr("accept_link", accept_link);
logfmt(logINFO, "carpool_email_calls() 02");
// form.LetStr("msgid", "ABCDEFGHIJKLMNOPQRST");
logfmt(logINFO, "carpool_email_calls() 03");
vars2form(x, form);
form.LetStr("subject", "Carpool Accepted");
form.LetStr("email", x["sender_email"].c_str());
//form.LetStr("email", "olu@float.sg");
form.Email("carpool/carpool_accepted.mailfile");
}
break;
*/
}
} catch (bad_parameter) {
logfmt(logINFO, "ERROR CALL long member_email_calls(CVars in, CVars &out)");
}
logfmt(logINFO, "/carpool_email_calls()");
return ret;
}
long member_email_calls(long action, CVars in, CVars &out) {
logfmt(logINFO, "member_email_calls()");
out["result"] = "ECHO BACKEND";
CVars x, y, z, x1, x2;
long ret = 0;
long mode = 0;
const char *loc = getenv("REMOTE_ADDR");
C_CGI_Form form("", "");
// form.LetStr("subject", "KleenApp Email Test");
out["contactus"] = CfgReadChar("system.contactus");
out["facebook"] = CfgReadChar("system.facebook");
out["twitter"] = CfgReadChar("system.twitter");
//https://www.float.sg/
form.LetStr("site_name", "Float");
form.LetStr("contactus", out["contactus"].c_str());
form.LetStr("facebook", out["facebook"].c_str());
form.LetStr("twitter", out["twitter"].c_str());
CGIList *inv_list = new CGIList(&form, "inv_items");
char listing_items[1024];
//const PGresult *res;
try {
switch (action) {
/*
case SAVVY_USER_LOGINACCOUNT:
if (load_db_record(x, "SELECT *,email as email2,now() AS last_login2 FROM members WHERE id = %lu ", in["member_id"].Long())) {
vars2form(x, form);
form.LetStr("subject", "Float Account Access");
form.LetStr("email", x["email2"].c_str());
// form.Email("member/user_login.mailfile");
}
break;
case SAVVY_USER_CREATEACCOUNT:
if (in["pending_id"].Long() > 0) {
if (load_db_record(x, " SELECT * FROM members_pending WHERE id=%lu", in["pending_id"].Long()) > 0) {
vars2form(x, form);
form.LetStr("subject", "Confirm your Float Account");
form.LetStr("email", x["email"].c_str());
form.Email("member/user_pending.mailfile");
}
} else {
if (in["member_id"].Long() > 0) {
if (load_db_record(x, "SELECT *,email as email2,now() AS last_login2 FROM members WHERE id = %lu ", in["member_id"].Long())) {
vars2form(x, form);
form.LetStr("subject", "Welcome to Float ");
form.LetStr("email", x["email2"].c_str());
form.Email("member/user_welcome.mailfile");
}
} // member created first time email only
}
break;
case FLOAT_SYSTEM_EMAIL_NOTIFICATION:
if (load_db_record(x, "SELECT * FROM members_notification WHERE id =%lu ", in["notify_id"].Long())) {
vars2form(x, form);
form.LetStr("subject", "Float - Save Money and Time");
form.LetStr("email", "olu@float.sg");
form.LetStr("email", "ses66181@gmal.com");
// form.LetStr("email", x["email2"].c_str());
form.Email("member/user_notification.mailfile");
}
break;
*/
case COREGRADE_START_RESET_PASSWORD:
mode = REQ_LONG(in, "mode", 0, -1);
if (load_db_record(x, "SELECT m.firstname,p.*,m.email AS member_email FROM resetpassword p LEFT JOIN members m ON m.id=p.member_id WHERE p.id=%lu ", in["reset_id"].Long())) {
vars2form(x, form);
form.LetStr("subject", "Reset Password");
form.LetStr("email", x["member_email"].c_str());
switch (mode) {
case RESET_START:
form.Email("member/reset_password.mailfile");
break;
case RESET_CONFIRM:
break;
case RESET_COMPLETE:
break;
}
}
break;
}
} catch (bad_parameter) {
logfmt(logINFO, "ERROR CALL long member_email_calls(CVars in, CVars &out)");
}
logfmt(logINFO, "/member_email_calls()");
return ret;
}
////TO_CHAR(r.service_date :: TIMESTAMP, 'Day Mon dd, yyyy HH:MI AM') AS long_date
long AccountPendingMail(CVars in)
{