Skip to content

I
iwl-live
Commit 75600e14 authored by iWallet Dev's avatar iWallet Dev
Browse files
Options

Remittance API Security Enhancement

parent 7813a375
Hide whitespace changes
Inline Side-by-side
Showing with 37 additions and 5 deletions
api/MoneyRequest.php
View file @ 75600e14
...@@ -168,10 +168,34 @@ class MoneyRequest extends System { ...@@ -168,10 +168,34 @@ class MoneyRequest extends System {
mkdir($this -> accessLogDir, 0777, true); mkdir($this -> accessLogDir, 0777, true);
} }
$charvalidity = [
$this -> fromAccount,
$this -> toAccount
];
foreach($charvalidity as $checkaccnum){
if(!is_numeric($checkaccnum)){
$this -> result[PARAM_RESULT] = sprintf("%02d", VAL_INT_6);
$this -> result[PARAM_STATUS] = "CHARACTER_RESTRICTION";
$this -> result["desc"] = "account number must be numeric";
goto ends;
}
if(strlen($checkaccnum) > VAL_INT_8){
$this -> result[PARAM_RESULT] = sprintf("%02d", VAL_INT_6);
$this -> result[PARAM_STATUS] = "CHARACTER_LIMIT";
$this -> result["desc"] = "an account number must only have 8 digits";
goto ends;
}
}
$requestDetails = [ $requestDetails = [
"IP_Address" => $this -> getColumnData($_SERVER, "REMOTE_ADDR"), "IP_Address" => $this -> getColumnData($_SERVER, "REMOTE_ADDR"),
"Program_Code" => $this -> pnum "Program_Code" => $this -> pnum
]; ];
$requestDetails = print_r(array_merge($requestDetails, apache_request_headers()), true); $requestDetails = print_r(array_merge($requestDetails, apache_request_headers()), true);
$this -> logDetails($requestDetails, VAL_INT_1); $this -> logDetails($requestDetails, VAL_INT_1);
...@@ -225,6 +249,13 @@ class MoneyRequest extends System { ...@@ -225,6 +249,13 @@ class MoneyRequest extends System {
.$this -> amount; .$this -> amount;
$sha = hash("sha256", $checkSignature); $sha = hash("sha256", $checkSignature);
if($apiUserAccount !== $this -> fromAccount){
$this -> result[PARAM_RESULT] = sprintf("%02d", VAL_INT_4);
$this -> result[PARAM_STATUS] = "SENDER_ERROR";
goto ends;
}
if($this -> signature != $sha){ if($this -> signature != $sha){
$this -> result["combination"] = [ $this -> result["combination"] = [
...@@ -236,14 +267,14 @@ class MoneyRequest extends System { ...@@ -236,14 +267,14 @@ class MoneyRequest extends System {
$this -> result[PARAM_STATUS] = "REJECTED"; $this -> result[PARAM_STATUS] = "REJECTED";
$this -> responseCode = 406; $this -> responseCode = 406;
}else{ }else{
$this -> randomSecondsDelay(); $this -> randomSecondsDelay();
$this -> ctransfer = $this -> checkTransfer( $this -> ctransfer = $this -> checkTransfer(
$this -> fromAccount, $this -> fromAccount,
$this -> toAccount, $this -> toAccount,
$this -> currency, $this -> currency,
$this -> amount, $this -> amount,
$this -> debitCurrency); $this -> debitCurrency);
if($this -> ctransfer[PARAM_RESULT] == NO_COUNT){ if($this -> ctransfer[PARAM_RESULT] == NO_COUNT){
...@@ -265,6 +296,7 @@ class MoneyRequest extends System { ...@@ -265,6 +296,7 @@ class MoneyRequest extends System {
$this -> responseCode = 406; $this -> responseCode = 406;
} }
ends:
$this -> logPost($this -> pnum); $this -> logPost($this -> pnum);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment