// Topup management toosl #include "clog.h" #include "cgi.h" #include "input.h" #include "wrenchboard_api.h" #include "bko.h" #include "account.h" #include "email.h" #include "safestring.h" #include #include "pgsql.h" #include "pgsql_wrapper.h" #include #include "account.h" long BkoCommonSessionCheck(long backoffice_id,long shop,long acc, const char *sessionid, int create ); long BkoResendOffer(CVars in, CVars &out); long bko_calls(CVars in, CVars &out) { logfmt( logINFO, "bko_calls()" ); out["result"] = "YES I GET TO BACK END"; long action = REQ_LONG( in, "action", 0, -1); switch( action ) { case WRENCHBOARD_BKO_LOGIN: return LoginBkoAdmin( in, out); break; case WRENCHBOARD_BKO_RESEND_OFFER: return BkoResendOffer( in, out); break; } logfmt( logINFO, "/bko_calls()" ); return 0; } long BkoResendOffer(CVars in, CVars &out) { logfmt( logINFO, "BkoResendOffer()" ); REQ_STRING (in, "offer_code", 5, 49, "(.*)"); CVars x; if ( load_db_record( x, "SELECT id AS offer_id FROM members_jobs_offer WHERE offer_code='%s'", in["offer_code"].c_str() )){ //ret = PHP_CREATED_OK; //x["offer_id"] = offer_id; //x["offer_id"].set_valid(true); job_email(JOBS_INDIVIDUAL_OFFER_MAIL, x, out); } logfmt( logINFO, "/BkoResendOffer()" ); return 0; } long LoginBkoAdmin(CVars in, CVars &out) { long ret = PHP_API_BAD_PARAM; logfmt( logINFO, "LoginBkoAdmin()" ); REQ_STRING (in, "username", 5, 49, "(.*)"); REQ_STRING (in, "password", 5, 49, "(.*)"); //REQ_STRING (in, "sessionid", 4, 40, "(.*)"); const char * loc = getenv("REMOTE_ADDR"); load_db_record( out, "SELECT md5( md5('now()')||'%d' ) AS sessionid",rand()*10000); in["sessionid"] = out["sessionid"]; in["sessionid"].set_valid( true ); ret = load_db_record( out, "SELECT *,id AS backoffice_id FROM backoffice WHERE status=1 AND LOWER(username)=LOWER('%s') AND pass= md5('%s')", in["username"].c_str(), in["password"].c_str() ); if (ret>0) { if (BkoCommonSessionCheck(out["id"].Long(),0,0, in["sessionid"].c_str(), 1)>0) { out["stauts"] = "OK"; ret = PHP_API_OK; } else { out["status"] = "Session check failed"; } } else { out["status"] = "Invalid username and/or password"; } logfmt( logINFO, "/LoginBkoAdmin()" ); return ret; } long BkoCommonSessionCheck(long backoffice_id,long shop,long acc, const char *sessionid, int create ) { logfmt( logINFO, "long BkoCommonSessionCheck(long backoffice_id,long shop, const char *sessionid, int create )" ); // Sanity check if (backoffice_id<1 || sessionid==NULL || strlen(sessionid)<4) { return -1L; // Invalif parameters } char ptid[30]; if ( shop > 0 ) { sprintf( ptid, " AND shop=%lu ", shop ); } else { sprintf( ptid, " " ); // just empty space } // Clean old sessions if (create>0) { pgsql_exec("DELETE FROM backoffice_session WHERE backoffice_id=%ld %s ", backoffice_id,ptid); } else { pgsql_exec("DELETE FROM backoffice_session WHERE backoffice_id=%ld %s AND updated < (now() - interval '15 minutes')", backoffice_id,ptid); } if (create==0 && pgsql_exec("UPDATE backoffice_session SET updated=NOW() WHERE backoffice_id=%ld %s AND sessionid='%s'", backoffice_id,ptid, sessionid)>0) { return 1L; // Session updated } if (create>0) { // Check session i? /* const PGresult *res = pgsql_query("SELECT * FROM backoffice_session WHERE backoffice_id=%ld %s AND sessionid<>'%s'", backoffice_id,ptid, sessionid); if (res!=NULL && pgsql_num_rows(res)>0) { return -2L; // Active sessions found } */ CVars sess; // Do we have the same session already? if (load_db_record( sess, "SELECT * FROM backoffice_session WHERE backoffice_id=%lu %s AND sessionid='%s'", backoffice_id,ptid, sessionid)>0) { pgsql_exec("UPDATE backoffice_session SET updated=NOW() WHERE backoffice_id=%ld %s AND sessionid='%s'", backoffice_id,ptid, sessionid); return sess["id"].Long(); } // Create a new session sess["backoffice_id"] = backoffice_id; sess["backoffice_id"].set_valid(true); sess["sessionid"] = sessionid; sess["sessionid"].set_valid(true); const char * loc = getenv("REMOTE_ADDR"); sess["loc"] = loc; sess["loc"].set_valid(true); if ( shop > 0 ) { sess["shop"] = shop; sess["shop"].set_valid(true); } if ( acc > 0 ) { sess["account"] = acc; sess["account"].set_valid(true); } long sid = insert_db_record( DBS_VALID, "backoffice_session", "backoffice_session_id_seq", sess ); if (sid>0) { return sid; // New session created } return -3L; // Failed to create new session } logfmt( logINFO, "/long BkoCommonSessionCheck(long backoffice_id,long shop, const char *sessionid, int create )" ); return 0L; // No route } /* CREATE TABLE backoffice_session ( id SERIAL, backoffice_id INT REFERENCES managers(id), shop INT DEFAULT 0, sessionid varchar(100) NOT NULL, added timestamp without time zone DEFAULT now(), updated timestamp without time zone DEFAULT now(), status integer DEFAULT 1, loc INET ); */