sessiuin controls

wrenchboard/src/include/wrenchboard_api.h

@@ -11,7 +11,8 @@ enum { PARTNER_STRIPE };
 #define PHP_UPDATED_OK     15
 
 #define PHP_LOGIN_OK       100
-#define PHP_API_BAD_PARAM -1
+#define PHP_API_BAD_PARAM   -1
+#define PHP_INVALID_SESSION -9999
 
 #define PAYMENT_MODE   100
 #define REFUND_MODE    333

wrenchboard/src/shared_tool/account.cc

@@ -1779,10 +1779,11 @@ long WrenchSendRefer(CVars in, CVars &out) {
 /**************************************************************************************************************************/
 long account_session_check(CVars in, CVars out) {
     logfmt(logINFO, "long account_session_check(CVars in, CVars out)");
-    long ret = PHP_API_BAD_PARAM;
+    long ret = PHP_INVALID_SESSION;
     try {
-        REQ_STRING(in, "sessionid", 4, 40, "(.*)");
-        if (load_db_record(out, "SELECT uid FROM members_session WHERE sessionid='%s'", in["sessionid"].c_str()) > 0) {
+        REQ_STRING(in, "sessionid", 4, 140, "(.*)");
+        long member_id = REQ_LONG(in, "member_id", 1, -1);
+        if (load_db_record(out, "SELECT uid FROM members_session WHERE sessionid='%s' AMD member_is = %lu", in["sessionid"].c_str(),member_id) > 0) {
             if (SessionCheck(out["uid"].Long(), in["sessionid"].c_str(), 0) > 0) {
                 out["status"] = "Session valid";
                 ret = PHP_API_OK;

www-api/app/Config/Constants.php

@@ -104,6 +104,9 @@ define('PHP_API_OK', 0);
 define('PHP_LOGIN_OK', 100);
 define('PHP_CREATED_OK', 10);
 define('PHP_API_BAD_PARAM', -1);
+
+define('PHP_INVALID_SESSION' -9999);
+
 define('SESSION_TIMEOUT_LOGOUT',6000);
 
 define('MOBILE_LOGIN', 1101);

www-api/app/Controllers/BaseController.php

@@ -99,6 +99,14 @@ abstract class BaseController extends Controller
         return  $wrenchboard->cfgReadChar($config_item);
     }
 
+    public function sessionCheck($sessionid,$member_id){
+        $in["action"] = WRENCHBOARD_SESSION_CHECK;
+        $in["sessionid"] = $sessionid;
+        $in["member_id"] = $member_id;
+        $wrenchboard = new  \App\Models\BackendModel();
+        $ret = $wrenchboard->wrenchboard_api($in, $out);
+        return $ret;
+    }
     public function endPointList(){
 
         $endpoints = [
@@ -281,4 +289,27 @@ abstract class BaseController extends Controller
         //        }
         return 0;
     }
+
+    public function sessionExcludedList(){
+
+        $excludedPoint = [
+            'apigate' => ['POST'],
+            'generics' => ['POST'],
+            'createuser' => ['POST'],
+            'verifysignuplink' => ['POST'],
+            'completesignuplink' => ['POST'],
+            'createmobileuser' => ['POST'],
+            'completemobileuser' => ['POST'],
+            'startresetpasword' => ['POST'],
+            'stepresetpass' => ['POST'],
+            'userlogin' => ['POST'],
+            'authlogin' =>  ['POST'],
+            'startjoblist' => ['POST'],
+            'sitecontact' => ['POST'],
+            'signupcountry' => ['POST'],
+            'blogdata' =>  ['POST'],
+            'blogitem' =>  ['POST'],
+        ];
+        return  $excludedPoint;
+    }
 }

www-api/app/Controllers/WrenchApi.php

@@ -486,6 +486,19 @@ class WrenchApi extends BaseController
         $in  = $this->prepareEndPointData($endpoint, $raw_array,$call_backend,$local_out);
         log_message('critical', "wrenchboard_api-CALL PREPARE DATA".serialize($in) );
 
+        $ecludedEndpoints =  $this->sessionExcludedList();
+        $out = array();
+        $res1 = [];
+        if (!array_key_exists($endpoint, $ecludedEndpoints)) {
+        // we need to check session now
+            if ( $this->sessionCheck($in["sessionid"],$in["member_id"]) != PHP_API_OK){
+                $call_backend = false;
+                $local_out["status_msg"] = "invalid_session_msg";
+                $out['internal_return'] = PHP_INVALID_SESSION;
+            }
+        }
+
+
 
         if ( $call_backend ==  true  && $in["action"] !='' ){
             $wrenchboard = new  \App\Models\BackendModel();