MERMS/MermsEmrWeb
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Backend Service

Browse Source
This commit is contained in:
Olusesan Ameye
2019-03-09 01:43:46 +00:00
parent d1f697b738
commit c559475f86
6 changed files with 346 additions and 420 deletions
Download Patch File Download Diff File Expand all files Collapse all files
mermsemr/src/shared_tool/function_members.cc
+302 -295
View File
@@ -21,6 +21,308 @@
/* -- */
#include "function_members.h"
long MemberLogin(CVars in, CVars &out) {
long ret = PHP_API_BAD_PARAM;
try {
REQ_STRING(in, "username", 2, 49, "(.*)");
REQ_STRING(in, "password", 2, 49, "(.*)");
const char * loc = getenv("REMOTE_ADDR");
ret = load_db_record(out, "SELECT UPPER( md5( now()::text) ) AS sessionid,m.*,mp.*,m.id AS member_id,mp.id AS member_profile_id FROM members m \
LEFT JOIN members_profile mp ON mp.member_id = m.id \
WHERE m.status=1 AND LOWER(m.username)=LOWER('%s') AND m.password= md5('%s')", in["username"].c_str(), in["password"].c_str());
if (ret && out["member_id"].Long() > 0) {
// remove all existing session
pgsql_exec("DELETE FROM members_session WHERE member_id=%ld ", out["member_id"].Long());
// Create New Session Now
if (MemberSessionCheck(out["member_id"].Long(), out["sessionid"].c_str(), 1) > 0) {
out["stauts"] = "OK";
/*LOAD THE SESSION INTO OUT now */
load_db_record(out, "SELECT session FROM members_session WHERE member_id=%lu ORDER BY id DESC LIMIT 1", out["member_id"].Long());
//Email-bad member_email_calls(in["action"].Long(), out, out);
//===============================================================================================================================
pgsql_query("UPDATE members SET last_login = now() WHERE id = %lu", out["member_id"].Long());
// account_email(ACCOUNT_LOGIN_ALERT,out,out); // ALERT CUSTOMER OF LOGIN
ret = PHP_LOGIN_OK;
} else {
out["status"] = "Session check failed";
}
} else {
out["status_message"] = "Invalid Username/Password";
}
} catch (bad_parameter) {
logfmt(logINFO, "ERROR CALL long medTMemberLogin(CVars in, CVars &out)");
}
return ret;
}
long MemberSessionCheck(long uid, const char *sessionid, int create) {
logfmt(logINFO, "long MemberSessionCheck(long uid, const char *sessionid, int create )");
// Sanity check
long session_expired_minutes = 15; // load in the global
if (uid < 1 || sessionid == NULL || strlen(sessionid) < 4) {
return -1L; // Invalif parameters
}
logfmt(logINFO, "#######-#########-A");
// Clean old sessions
if (create == 1) // Clean Previous session by force
{
pgsql_exec("DELETE FROM members_session WHERE member_id=%ld", uid);
}
logfmt(logINFO, "#######-#########-B");
pgsql_exec("DELETE FROM members_session WHERE member_id=%ld AND updated < (now() - interval '%lu minutes')", uid, session_expired_minutes);
// Update/check existing session
if (create == 0) {
pgsql_exec("UPDATE members_session SET updated=NOW() WHERE member_id=%ld AND session='%s'", uid, sessionid);
const PGresult *res = pgsql_query("SELECT * FROM members_session WHERE member_id=%ld AND session='%s'", uid, sessionid);
if (res != NULL && pgsql_num_rows(res) > 0) {
logfmt(logINFO, "VALID SESSION *****");
return 1L; // Session updated
} else {
logfmt(logINFO, "INVALID SESSION *****");
//INVALID SESSION DETECTED
return -1L; // Invalid parameters
}
}
if (create > 0) {
// Check session i?
const PGresult *res = pgsql_query("SELECT * FROM members_session WHERE member_id=%ld AND session<>'%s'", uid, sessionid);
if (res != NULL && pgsql_num_rows(res) > 0) {
return -2L; // Active sessions found
}
CVars sess; // Do we have the same session already?
if (load_db_record(sess, "SELECT * FROM members_session WHERE member_id=%lu AND session='%s'", uid, sessionid) > 0) {
pgsql_exec("UPDATE members_session SET updated=NOW() WHERE member_id=%ld AND session='%s'", uid, sessionid);
return sess["id"].Long();
}
// Create a new session
const char * loc = getenv("REMOTE_ADDR");
sess["loc"] = loc;
sess["loc"].set_valid(true);
sess["member_id"] = uid;
sess["member_id"].set_valid(true);
sess["session"] = sessionid;
sess["session"].set_valid(true);
long sid = insert_db_record(DBS_VALID, "members_session", "members_session_id_seq", sess); //members_session_id_seq
if (sid > 0) {
return sid; // New session created
}
return -3L; // Failed to create new session
}
logfmt(logINFO, "/long MemberSessionCheck(long uid, const char *sessionid, int create )");
return 0L; // No route
}
long CreateMember(CVars in, CVars &out) {
long ret = PHP_API_BAD_PARAM;
logfmt(logINFO, "medTrCreateMember()");
try {
// REQ_LONG(in, "pid", 0, -1);
REQ_STRING(in, "username", 5, 49, "(.*)");
REQ_STRING(in, "firstname", 2, 49, "(.*)");
REQ_STRING(in, "lastname", 2, 49, "(.*)");
OPTIONAL(in, "phone") REQ_STRING(in, "phone", 5, 23, "(.*)");
REQ_STRING(in, "password", 5, 49, "(.*)");
OPTIONAL(in, "phone") REQ_STRING(in, "loc", 5, 16, "(.*)");
OPTIONAL(in, "login") REQ_LONG(in, "login", 0, -1);
long member_id = 0;
//REQ_STRING (in, "sessionid", 4, 40, "(.*)");
const char * loc = getenv("REMOTE_ADDR");
ret = load_db_record(out, "SELECT *,id AS member_id FROM members WHERE LOWER(username)=LOWER('%s') ", in["username"].c_str());
if (ret > 0) {
// LETS CREATE THE ACOUNT NOW
CVars x;
x["username"] = in["username"];
x["username"].set_valid(true);
x["firstname"] = in["firstname"];
x["firstname"].set_valid(true);
x["lastname"] = in["lastname"];
x["lastname"].set_valid(true);
x["phone"] = in["phone"];
x["phone"].set_valid(true);
x["loc"] = in["loc"];
x["loc"].set_valid(true);
x["email"] = in["email"];
x["email"].set_valid(true);
x["password"] = in["email"];
x["password"].set_valid(true);
out["member_id"] = insert_db_record(DBS_VALID, "members", "members_id_seq", x);
if (out["member_id"].Long() > 0) {
pgsql_query("UPDATE members SET password = md5('%s') WHERE id = %lu", in["password"].c_str(), out["member_id"].Long()); // setting the password MD5 now
// Now Send Email
ret = PHP_API_OK;
out["status"] = "OK";
member_id = out["member_id"].Long();
//---emailbad member_email_calls(MERMS_USER_CREATEACCOUNT, out, out);
// out["member_id"] = member_id;
// if (in["login"] != "" && in["login"] == 1) {
in["action"] = MERMS_USER_LOGIN;
in["action"].set_valid(true); // needed for next action to know what email to send
ret = MemberLogin(in, out);
ret = 100; // needed if login is good
// }
// ==============
}
} else {
// LETS CREATE THE ACOUNT NOW
CVars x;
x["username"] = in["username"];
x["username"].set_valid(true);
x["firstname"] = in["firstname"];
x["firstname"].set_valid(true);
x["lastname"] = in["lastname"];
x["lastname"].set_valid(true);
x["phone"] = in["phone"];
x["phone"].set_valid(true);
x["loc"] = in["loc"];
x["loc"].set_valid(true);
x["email"] = in["email"];
x["email"].set_valid(true);
x["password"] = in["email"];
x["password"].set_valid(true);
out["member_id"] = insert_db_record(DBS_VALID, "members", "members_id_seq", x);
if (out["member_id"].Long() > 0) {
pgsql_query("UPDATE members SET password = md5('%s') WHERE id = %lu", in["password"].c_str(), out["member_id"].Long()); // setting the password MD5 now
// Now Send Email
ret = PHP_API_OK;
out["status"] = "OK";
//Email bad member_email_calls(in["action"].Long(), out, out);
// if (in["login"] != "" && in["login"] == 1) {
in["action"] = MERMS_USER_LOGIN;
in["action"].set_valid(true); // needed for next action to know what email to send
ret = MemberLogin(in, out);
ret = 100; // needed if login is good
// }
// ==============
}
}
}catch (bad_parameter) {
logfmt(logINFO, "ERROR CALL medTrCreateMember");
}
logfmt(logINFO, "/medTrCreateMember()");
return ret;
}
long medTrUpdateStartProfile(CVars in, CVars &out) {
long ret = medTrUpdateProfile(in, out);
if (ret == PHP_API_OK) {
load_db_record(out, "SELECT UPPER( md5( now()::text) ) AS sessionid,m.*,mp.*,m.id AS member_id,mp.id AS member_profile_id FROM members m \
LEFT JOIN members_profile mp ON mp.member_id = m.id \
WHERE m.id = %lu", in["member_id"].Long());
// We need to have the session back
load_db_record(out, "SELECT * FROM members_session WHERE member_id = %lu ORDER BY id DESC limit 1", in["member_id"].Long());
}
return ret;
}
long medTrUpdateProfile(CVars in, CVars &out) {
long ret = PHP_API_BAD_PARAM;
logfmt(logINFO, "medTrUpdateProfile()");
REQ_LONG(in, "pid", 0, -1);
REQ_LONG(in, "member_id", 0, -1);
REQ_STRING(in, "street1", 2, 49, "(.*)");
OPTIONAL(in, "street2") REQ_STRING(in, "street2", 1, 49, "(.*)");
REQ_STRING(in, "city", 5, 49, "(.*)");
// OPTIONAL(in, "phone") REQ_STRING(in, "phone", 5, 23, "(.*)");
REQ_STRING(in, "zipcode", 1, 12, "(.*)");
REQ_STRING(in, "state", 1, 3, "(.*)");
REQ_STRING(in, "country", 1, 3, "(.*)");
REQ_STRING(in, "loc", 5, 16, "(.*)");
//REQ_STRING (in, "sessionid", 4, 40, "(.*)");
const char * loc = getenv("REMOTE_ADDR");
CVars x;
x["pid"] = in["pid"];
x["pid"].set_valid(true);
x["street1"] = in["street1"];
x["street1"].set_valid(true);
x["street2"] = in["street2"];
x["street2"].set_valid(true);
x["city"] = in["city"];
x["city"].set_valid(true);
// x["phone"] = in["phone"];
// x["phone"].set_valid(true);
x["zipcode"] = in["zipcode"];
x["zipcode"].set_valid(true);
x["loc"] = in["loc"];
x["loc"].set_valid(true);
x["state"] = in["state"];
x["state"].set_valid(true);
x["country"] = in["country"];
x["country"].set_valid(true);
ret = load_db_record(out, "SELECT *,id AS member_profile_id FROM members_profile WHERE member_id = %lu ", in["member_id"].Long());
if (ret > 0) {
update_db_record(DBS_VALID, "members_profile", x, in["member_profile_id"].Long());
member_email_calls(in["action"].Long(), in, out);
ret = PHP_API_OK;
} else {
// LETS CREATE THE ACOUNT NOW
x["member_id"] = in["member_id"];
x["member_id"].set_valid(true);
out["member_profile_id"] = insert_db_record(DBS_VALID, "members_profile", "members_profile_id_seq", x);
if (out["member_profile_id"].Long() > 0) {
member_email_calls(in["action"].Long(), in, out);
// Now Send Email
ret = PHP_API_OK;
// ==============
}
}
logfmt(logINFO, "/medTrUpdateProfile()");
return ret;
}
//------------------------------------------------------
long serviceCost(long service_id, long discount_rate);
long medTrMemberTransportById(CVars in, CVars &out) {
@@ -275,112 +577,7 @@ long getServiceDetail(long service_id, CVars &out) {
long medTMemberLogin(CVars in, CVars &out) {
long ret = PHP_API_BAD_PARAM;
try {
REQ_STRING(in, "username", 2, 49, "(.*)");
REQ_STRING(in, "password", 2, 49, "(.*)");
const char * loc = getenv("REMOTE_ADDR");
ret = load_db_record(out, "SELECT UPPER( md5( now()::text) ) AS sessionid,m.*,mp.*,m.id AS member_id,mp.id AS member_profile_id FROM members m \
LEFT JOIN members_profile mp ON mp.member_id = m.id \
WHERE m.status=1 AND LOWER(m.username)=LOWER('%s') AND m.password= md5('%s')", in["username"].c_str(), in["password"].c_str());
if (ret && out["member_id"].Long() > 0) {
// remove all existing session
pgsql_exec("DELETE FROM members_session WHERE member_id=%ld ", out["member_id"].Long());
// Create New Session Now
if (SessionCheck(out["member_id"].Long(), out["sessionid"].c_str(), 1) > 0) {
out["stauts"] = "OK";
/*LOAD THE SESSION INTO OUT now */
load_db_record(out, "SELECT session FROM members_session WHERE member_id=%lu ORDER BY id DESC LIMIT 1", out["member_id"].Long());
member_email_calls(in["action"].Long(), in, out);
//===============================================================================================================================
pgsql_query("UPDATE members SET last_login = now() WHERE id = %lu", out["member_id"].Long());
// account_email(ACCOUNT_LOGIN_ALERT,out,out); // ALERT CUSTOMER OF LOGIN
ret = PHP_LOGIN_OK;
} else {
out["status"] = "Session check failed";
}
} else {
out["status_message"] = "Invalid Username/Password";
}
} catch (bad_parameter) {
logfmt(logINFO, "ERROR CALL long medTMemberLogin(CVars in, CVars &out)");
}
return ret;
}
long SessionCheck(long uid, const char *sessionid, int create) {
logfmt(logINFO, "long SessionCheck(long uid, const char *sessionid, int create )");
// Sanity check
long session_expired_minutes = 15; // load in the global
if (uid < 1 || sessionid == NULL || strlen(sessionid) < 4) {
return -1L; // Invalif parameters
}
logfmt(logINFO, "#######-#########-A");
// Clean old sessions
if (create == 1) // Clean Previous session by force
{
pgsql_exec("DELETE FROM members_session WHERE member_id=%ld", uid);
}
logfmt(logINFO, "#######-#########-B");
pgsql_exec("DELETE FROM members_session WHERE member_id=%ld AND updated < (now() - interval '%lu minutes')", uid, session_expired_minutes);
// Update/check existing session
if (create == 0) {
pgsql_exec("UPDATE members_session SET updated=NOW() WHERE member_id=%ld AND session='%s'", uid, sessionid);
const PGresult *res = pgsql_query("SELECT * FROM members_session WHERE member_id=%ld AND session='%s'", uid, sessionid);
if (res != NULL && pgsql_num_rows(res) > 0) {
logfmt(logINFO, "VALID SESSION *****");
return 1L; // Session updated
} else {
logfmt(logINFO, "INVALID SESSION *****");
//INVALID SESSION DETECTED
return -1L; // Invalid parameters
}
}
if (create > 0) {
// Check session i?
const PGresult *res = pgsql_query("SELECT * FROM members_session WHERE member_id=%ld AND session<>'%s'", uid, sessionid);
if (res != NULL && pgsql_num_rows(res) > 0) {
return -2L; // Active sessions found
}
CVars sess; // Do we have the same session already?
if (load_db_record(sess, "SELECT * FROM members_session WHERE member_id=%lu AND session='%s'", uid, sessionid) > 0) {
pgsql_exec("UPDATE members_session SET updated=NOW() WHERE member_id=%ld AND session='%s'", uid, sessionid);
return sess["id"].Long();
}
// Create a new session
const char * loc = getenv("REMOTE_ADDR");
sess["loc"] = loc;
sess["loc"].set_valid(true);
sess["member_id"] = uid;
sess["member_id"].set_valid(true);
sess["session"] = sessionid;
sess["session"].set_valid(true);
long sid = insert_db_record(DBS_VALID, "members_session", "members_session_id_seq", sess); //members_session_id_seq
if (sid > 0) {
return sid; // New session created
}
return -3L; // Failed to create new session
}
logfmt(logINFO, "/long SessionCheck(long uid, const char *sessionid, int create )");
return 0L; // No route
}
vector<string> split_string(const char *str, char c = ' ')
{
@@ -631,195 +828,5 @@ long serviceCost(long service_id, long discount_rate) {
return service_cost;
}
long medTrCreateMember(CVars in, CVars &out) {
long ret = PHP_API_BAD_PARAM;
logfmt(logINFO, "medTrCreateMember()");
try {
REQ_LONG(in, "pid", 0, -1);
REQ_STRING(in, "username", 5, 49, "(.*)");
REQ_STRING(in, "firstname", 2, 49, "(.*)");
REQ_STRING(in, "lastname", 2, 49, "(.*)");
OPTIONAL(in, "phone") REQ_STRING(in, "phone", 5, 23, "(.*)");
REQ_STRING(in, "password", 5, 49, "(.*)");
OPTIONAL(in, "phone") REQ_STRING(in, "loc", 5, 16, "(.*)");
OPTIONAL(in, "login") REQ_LONG(in, "login", 0, -1);
long member_id = 0;
//REQ_STRING (in, "sessionid", 4, 40, "(.*)");
const char * loc = getenv("REMOTE_ADDR");
ret = load_db_record(out, "SELECT *,id AS member_id FROM members WHERE LOWER(username)=LOWER('%s') ", in["username"].c_str());
if (ret > 0) {
// LETS CREATE THE ACOUNT NOW
CVars x;
x["pid"] = in["pid"];
x["pid"].set_valid(true);
x["username"] = in["username"];
x["username"].set_valid(true);
x["firstname"] = in["firstname"];
x["firstname"].set_valid(true);
x["lastname"] = in["lastname"];
x["lastname"].set_valid(true);
x["phone"] = in["phone"];
x["phone"].set_valid(true);
x["loc"] = in["loc"];
x["loc"].set_valid(true);
x["email"] = in["email"];
x["email"].set_valid(true);
x["password"] = in["email"];
x["password"].set_valid(true);
out["member_id"] = insert_db_record(DBS_VALID, "members", "members_id_seq", x);
if (out["member_id"].Long() > 0) {
pgsql_query("UPDATE members SET password = md5('%s') WHERE id = %lu", in["password"].c_str(), out["member_id"].Long()); // setting the password MD5 now
// Now Send Email
ret = PHP_API_OK;
out["status"] = "OK";
member_id = out["member_id"].Long();
member_email_calls(MEDTRANS_USER_CREATE, out, out);
// out["member_id"] = member_id;
// if (in["login"] != "" && in["login"] == 1) {
in["action"] = MEDTRANS_USER_LOGIN;
in["action"].set_valid(true); // needed for next action to know what email to send
ret = medTMemberLogin(in, out);
ret = 100; // needed if login is good
// }
// ==============
}
} else {
// LETS CREATE THE ACOUNT NOW
CVars x;
x["pid"] = in["pid"];
x["pid"].set_valid(true);
x["username"] = in["username"];
x["username"].set_valid(true);
x["firstname"] = in["firstname"];
x["firstname"].set_valid(true);
x["lastname"] = in["lastname"];
x["lastname"].set_valid(true);
x["phone"] = in["phone"];
x["phone"].set_valid(true);
x["loc"] = in["loc"];
x["loc"].set_valid(true);
x["email"] = in["email"];
x["email"].set_valid(true);
x["password"] = in["email"];
x["password"].set_valid(true);
out["member_id"] = insert_db_record(DBS_VALID, "members", "members_id_seq", x);
if (out["member_id"].Long() > 0) {
pgsql_query("UPDATE members SET password = md5('%s') WHERE id = %lu", in["password"].c_str(), out["member_id"].Long()); // setting the password MD5 now
// Now Send Email
ret = PHP_API_OK;
out["status"] = "OK";
member_email_calls(in["action"].Long(), out, out);
// if (in["login"] != "" && in["login"] == 1) {
in["action"] = MEDTRANS_USER_LOGIN;
in["action"].set_valid(true); // needed for next action to know what email to send
ret = medTMemberLogin(in, out);
ret = 100; // needed if login is good
// }
// ==============
}
}
}catch (bad_parameter) {
logfmt(logINFO, "ERROR CALL medTrCreateMember");
}
logfmt(logINFO, "/medTrCreateMember()");
return ret;
}
long medTrUpdateStartProfile(CVars in, CVars &out) {
long ret = medTrUpdateProfile(in, out);
if (ret == PHP_API_OK) {
load_db_record(out, "SELECT UPPER( md5( now()::text) ) AS sessionid,m.*,mp.*,m.id AS member_id,mp.id AS member_profile_id FROM members m \
LEFT JOIN members_profile mp ON mp.member_id = m.id \
WHERE m.id = %lu", in["member_id"].Long());
// We need to have the session back
load_db_record(out, "SELECT * FROM members_session WHERE member_id = %lu ORDER BY id DESC limit 1", in["member_id"].Long());
}
return ret;
}
long medTrUpdateProfile(CVars in, CVars &out) {
long ret = PHP_API_BAD_PARAM;
logfmt(logINFO, "medTrUpdateProfile()");
REQ_LONG(in, "pid", 0, -1);
REQ_LONG(in, "member_id", 0, -1);
REQ_STRING(in, "street1", 2, 49, "(.*)");
OPTIONAL(in, "street2") REQ_STRING(in, "street2", 1, 49, "(.*)");
REQ_STRING(in, "city", 5, 49, "(.*)");
// OPTIONAL(in, "phone") REQ_STRING(in, "phone", 5, 23, "(.*)");
REQ_STRING(in, "zipcode", 1, 12, "(.*)");
REQ_STRING(in, "state", 1, 3, "(.*)");
REQ_STRING(in, "country", 1, 3, "(.*)");
REQ_STRING(in, "loc", 5, 16, "(.*)");
//REQ_STRING (in, "sessionid", 4, 40, "(.*)");
const char * loc = getenv("REMOTE_ADDR");
CVars x;
x["pid"] = in["pid"];
x["pid"].set_valid(true);
x["street1"] = in["street1"];
x["street1"].set_valid(true);
x["street2"] = in["street2"];
x["street2"].set_valid(true);
x["city"] = in["city"];
x["city"].set_valid(true);
// x["phone"] = in["phone"];
// x["phone"].set_valid(true);
x["zipcode"] = in["zipcode"];
x["zipcode"].set_valid(true);
x["loc"] = in["loc"];
x["loc"].set_valid(true);
x["state"] = in["state"];
x["state"].set_valid(true);
x["country"] = in["country"];
x["country"].set_valid(true);
ret = load_db_record(out, "SELECT *,id AS member_profile_id FROM members_profile WHERE member_id = %lu ", in["member_id"].Long());
if (ret > 0) {
update_db_record(DBS_VALID, "members_profile", x, in["member_profile_id"].Long());
member_email_calls(in["action"].Long(), in, out);
ret = PHP_API_OK;
} else {
// LETS CREATE THE ACOUNT NOW
x["member_id"] = in["member_id"];
x["member_id"].set_valid(true);
out["member_profile_id"] = insert_db_record(DBS_VALID, "members_profile", "members_profile_id_seq", x);
if (out["member_profile_id"].Long() > 0) {
member_email_calls(in["action"].Long(), in, out);
// Now Send Email
ret = PHP_API_OK;
// ==============
}
}
logfmt(logINFO, "/medTrUpdateProfile()");
return ret;
}
// vi:ts=2