Skip to content

I
iwl-live
Commit 75600e14 authored by iWallet Dev's avatar iWallet Dev
Browse files
Options

Remittance API Security Enhancement

parent 7813a375
Show whitespace changes
Inline Side-by-side
Showing with 37 additions and 5 deletions
api/MoneyRequest.php
View file @ 75600e14
......@@ -168,10 +168,34 @@ class MoneyRequest extends System {
mkdir($this -> accessLogDir, 0777, true);
}
$charvalidity = [
$this -> fromAccount,
$this -> toAccount
];
foreach($charvalidity as $checkaccnum){
if(!is_numeric($checkaccnum)){
$this -> result[PARAM_RESULT] = sprintf("%02d", VAL_INT_6);
$this -> result[PARAM_STATUS] = "CHARACTER_RESTRICTION";
$this -> result["desc"] = "account number must be numeric";
goto ends;
}
if(strlen($checkaccnum) > VAL_INT_8){
$this -> result[PARAM_RESULT] = sprintf("%02d", VAL_INT_6);
$this -> result[PARAM_STATUS] = "CHARACTER_LIMIT";
$this -> result["desc"] = "an account number must only have 8 digits";
goto ends;
}
}
$requestDetails = [
"IP_Address" => $this -> getColumnData($_SERVER, "REMOTE_ADDR"),
"Program_Code" => $this -> pnum
];
$requestDetails = print_r(array_merge($requestDetails, apache_request_headers()), true);
$this -> logDetails($requestDetails, VAL_INT_1);
......@@ -226,6 +250,13 @@ class MoneyRequest extends System {
$sha = hash("sha256", $checkSignature);
if($apiUserAccount !== $this -> fromAccount){
$this -> result[PARAM_RESULT] = sprintf("%02d", VAL_INT_4);
$this -> result[PARAM_STATUS] = "SENDER_ERROR";
goto ends;
}
if($this -> signature != $sha){
$this -> result["combination"] = [
"real_raw" => $checkSignature,
......@@ -265,6 +296,7 @@ class MoneyRequest extends System {
$this -> responseCode = 406;
}
ends:
$this -> logPost($this -> pnum);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment