sessiuin controls

This commit is contained in:
CHIEFSOFT\ameye
2023-08-30 23:56:07 -04:00
parent 5ccbc4cb91
commit f509f25e0e
5 changed files with 53 additions and 4 deletions
@@ -99,6 +99,14 @@ abstract class BaseController extends Controller
return $wrenchboard->cfgReadChar($config_item);
}
public function sessionCheck($sessionid,$member_id){
$in["action"] = WRENCHBOARD_SESSION_CHECK;
$in["sessionid"] = $sessionid;
$in["member_id"] = $member_id;
$wrenchboard = new \App\Models\BackendModel();
$ret = $wrenchboard->wrenchboard_api($in, $out);
return $ret;
}
public function endPointList(){
$endpoints = [
@@ -281,4 +289,27 @@ abstract class BaseController extends Controller
// }
return 0;
}
public function sessionExcludedList(){
$excludedPoint = [
'apigate' => ['POST'],
'generics' => ['POST'],
'createuser' => ['POST'],
'verifysignuplink' => ['POST'],
'completesignuplink' => ['POST'],
'createmobileuser' => ['POST'],
'completemobileuser' => ['POST'],
'startresetpasword' => ['POST'],
'stepresetpass' => ['POST'],
'userlogin' => ['POST'],
'authlogin' => ['POST'],
'startjoblist' => ['POST'],
'sitecontact' => ['POST'],
'signupcountry' => ['POST'],
'blogdata' => ['POST'],
'blogitem' => ['POST'],
];
return $excludedPoint;
}
}
+13
View File
@@ -486,6 +486,19 @@ class WrenchApi extends BaseController
$in = $this->prepareEndPointData($endpoint, $raw_array,$call_backend,$local_out);
log_message('critical', "wrenchboard_api-CALL PREPARE DATA".serialize($in) );
$ecludedEndpoints = $this->sessionExcludedList();
$out = array();
$res1 = [];
if (!array_key_exists($endpoint, $ecludedEndpoints)) {
// we need to check session now
if ( $this->sessionCheck($in["sessionid"],$in["member_id"]) != PHP_API_OK){
$call_backend = false;
$local_out["status_msg"] = "invalid_session_msg";
$out['internal_return'] = PHP_INVALID_SESSION;
}
}
if ( $call_backend == true && $in["action"] !='' ){
$wrenchboard = new \App\Models\BackendModel();