Skip to content

I
iwl-live
Commit 7805856a authored by Antonio.Suerte's avatar Antonio.Suerte
Browse files
Options

Domain Whitelisting Feature

parent 8d679fe9
Hide whitespace changes
Inline Side-by-side
Showing with 776 additions and 404 deletions
api/MoneyRequest.php
View file @ 7805856a
<?php
include_once('../system/lib/config.php');
$sys = new System();
// 変数宣言部
$rtn = array();
$params = array();
$rsStatus = NO_STRING;
$result = NO_STRING;
$ip = NO_STRING;
$referer = NO_STRING;
// POSTデータ
$pNum = $sys -> getDataPost('p_num');
$amount = $sys -> getDataPost('amount');
$fromAccount = $sys -> getDataPost('from_account');
$toAccount = $sys -> getDataPost('to_account');
$debitCurrency = $sys -> getDataPost('debit_currency');
$currency = $sys -> getDataPost('currency');
$message = $sys -> getDataPost('message');
$signature = $sys -> getDataPost('signature');
$debitAmount = NO_COUNT;
// 取得データの生成
if(isset($_SERVER['REMOTE_ADDR'])) {
$ip = $_SERVER['REMOTE_ADDR'];
}
if(isset($_SERVER['HTTP_REFERER'])) {
$referer = $_SERVER['HTTP_REFERER'];
}
$post = http_build_query($_POST, '', '&');
// APIチェック用データ
// シグネチャ生成用のデータを取得する
$row = $sys -> getRowData($sys -> accessSelect('SELECT_API_SIGNATURE_BY_A_ID', array($pNum)));
$apiPassword = $sys -> getColumnData($row, COLUMN_PASSWORD);
$apiUserAccount = $sys -> getColumnData($row, COLUMN_USER_ACCOUNT);
$checkPassword = $apiUserAccount
. $apiPassword
. $pNum
. $amount;
$sha = hash('sha256', $checkPassword);
// POSTのログを取る
$sys -> logPost();
//check if request is sent to self
if(($fromAccount != "" && $toAccount != "") && ($fromAccount == $toAccount)){
$rsStatus = 'REJECTED';
// 返却値生成
$rtn[PARAM_RESULT] = sprintf('%02d', VAL_INT_93);
$rtn[PARAM_STATUS] = $rsStatus;
}
else{
if($sys -> checkSettlementIpAddress($pNum)) {
// シグネチャとコチラのデータが一致したら、処理続行
if($signature == $sha) {
// 各パラメータのチェックを行う
$result = $sys -> checkTransfer($fromAccount
, $toAccount
, $currency
, $amount
, $debitCurrency);
if($result[PARAM_RESULT] == NO_COUNT) {
$debitAmount = $sys -> getColumnData($result, PARAM_AMOUNT);
// 取引番号の生成
$transactionNum = $sys -> getTransactionNumberCommon(VAR_TRANSACTION_TRANSFER_DEPOSIT);
//to fee
$toFee = $sys -> currencyToInt($sys -> getColumnData($result, PARAM_TO_FEE), $currency);
// 送金実行
$params[] = $fromAccount; // 送金元口座番号
$params[] = $fromAccount; // 送金元口座番号
$params[] = $debitCurrency; // 送金通貨
$params[] = $sys -> currencyToInt($sys -> getColumnData($result, PARAM_FROM_FEE), $debitCurrency); // 口座元手数料
$params[] = $toAccount; // 送金先口座番号
$params[] = $currency; // 送金元通貨
$params[] = $toFee; // 送金先手数料
$params[] = $amount; // 入力金額
$params[] = NO_COUNT; // 送金方法
$params[] = $message; // メッセージ
$params[] = $debitCurrency; // 出金通貨
$params[] = $sys -> currencyToInt($debitAmount, $debitCurrency); // 出金金額
$params[] = $currency; // 送金通貨
$params[] = $sys -> currencyToInt($amount, $currency); // 送金金額
$params[] = $sys -> getColumnData($result, PARAM_RATE); // レート
$params[] = NO_COUNT; // 処理種別
$params[] = NO_STRING; // 管理者ID
$params[] = VAL_INT_2; // 処理ステータス
$params[] = $transactionNum; // 取引番号
$params[] = date("Y-m-d H:i:s"); // 取引番号
$res = $sys -> accessModify('INSERT_TRANSFER', $params, false);
if(!$res){
$rsStatus = 'REJECTED';
// 返却値生成
$rtn[PARAM_RESULT] = sprintf('%02d', VAL_INT_99);
$rtn[PARAM_STATUS] = $rsStatus;
echo json_encode($rtn);
// 登録用パラメータ
$sys -> accessModifyCommon('INSERT_LOG_POST', array($ip,$referer,'[INSERT_DB_ERR]'.json_encode($params)));
exit();
} else {
// 登録用パラメータ
$sys -> accessModifyCommon('INSERT_LOG_POST', array($ip,$referer,'[INSERT_DB]'.json_encode($params)));
//send email to reciever
$emailParams = array();
$emailParams = getSendDataTo($fromAccount, $toAccount, $toFee, $amount, $currency, $debitCurrency, $message, $transactionNum);
$toAccountData = $sys -> getAccountCommon($toAccount);
$language = $sys -> getColumnData($sys -> getRowData($toAccountData), COLUMN_USE_LANGUAGE);
$sys -> sendMailByTmp($language.DIRECTORY_SEPARATOR.'transfer_receive_user.xml'
, $emailParams
, $emailParams[VAL_INT_11]
, VAR_CS_MAIL_ADDRESS);
}
// 通貨が違う場合は、為替コミッションの発生
if($debitCurrency != $currency) {
// 着金額指定の場合
$sys -> registCommisionExchange($fromAccount
, $currency
, $debitCurrency
, $sys -> currencyToInt($debitAmount, $debitCurrency));
}
// echo $fromAccount . ' : ' . $debitCurrency . ' : ' . $sys -> getColumnData($result, PARAM_FROM_FEE) . '<br/>';
// echo $toAccount . ' : ' . $currencyromAccount . ' : ' . $sys -> getColumnData($result, PARAM_TO_FEE) . '<br/>';
// コミッションの集計(送金元)
$sys -> registCommision(VAR_TRANSFER
, null
, $fromAccount
, $debitCurrency
, $sys -> getColumnData($result, PARAM_FROM_FEE));
// コミッションの集計(送金先)
$sys -> registCommision(VAR_TRANSFER
, null
, $toAccount
, $currency
, $sys -> getColumnData($result, PARAM_TO_FEE)
, PARAM_TO);
$rsStatus = 'OK';
// 返却値生成(成功時)
$rtn[PARAM_RESULT] = sprintf('%02d', NO_COUNT);
$rtn[PARAM_STATUS] = $rsStatus;
$rtn[PARAM_TRANSACTION_NUMBER] = $transactionNum;
$rtn[PARAM_CURRENCY] = $debitCurrency;
$rtn[PARAM_AMOUNT] = $debitAmount;
$rtn[PARAM_FEE] = $sys -> getColumnData($result, PARAM_FROM_FEE);
// will include account # within API callback - anton
$rtn[PARAM_FROM_ACCOUNT] = $fromAccount;
$rtn[PARAM_TO_ACCOUNT] = $toAccount;
} else {
$rsStatus = 'ERROR(CODE:' . sprintf('%02d', $result[PARAM_RESULT]) . ')';
// 返却値生成
$rtn[PARAM_RESULT] = sprintf('%02d', $result[PARAM_RESULT]);
$rtn[PARAM_STATUS] = $rsStatus;
}
} else {
$rsStatus = 'REJECTED';
// 返却値生成
$rtn[PARAM_RESULT] = sprintf('%02d', VAL_INT_90);
$rtn[PARAM_STATUS] = $rsStatus;
}
} else {
$rsStatus = 'REJECTED';
// 返却値生成
$rtn[PARAM_RESULT] = sprintf('%02d', VAL_INT_92);
$rtn[PARAM_STATUS] = $rsStatus;
class MoneyRequest extends System {
/**
*
* @var string
*/
private $pnum = NO_STRING;
/**
*
* @var string
*/
private $amount = NO_COUNT;
/**
*
* @var string
*/
private $debitAmount = NO_COUNT;
/**
*
* @var string
*/
private $fromAccount = NO_STRING;
/**
*
* @var string
*/
private $toAccount = NO_STRING;
/**
*
* @var string
*/
private $debitCurrency = NO_STRING;
/**
*
* @var string
*/
private $currency = NO_STRING;
/**
*
* @var string
*/
private $signature = NO_STRING;
/**
*
* @var string
*/
private $message = NO_STRING;
// header-filled params
/**
*
* @var string
*/
private $ip = NO_STRING;
/**
*
* @var string
*/
private $referer = NO_STRING;
// end-of-header-filled-params
/**
*
* @var boolean
*/
private $proceedToRemittanceRequest = false;
/**
*
* @var array
*/
private $result = [];
/**
*
* @var array
*/
private $ctransfer = [];
// Case-to-case basis variables
/**
*
* @var string
*/
private $transactionNum = NO_STRING;
/**
*
* @var string
*/
private $toFee = NO_COUNT;
// end-of-case-to-case-basis-variables
public function __construct(){
parent::__construct();
$this -> setParameter();
$this -> validate();
}
private function setParameter(){
$this -> pnum = $this -> getDataPost("p_num");
$this -> amount = $this -> getDataPost('amount');
$this -> fromAccount = $this -> getDataPost('from_account');
$this -> toAccount = $this -> getDataPost('to_account');
$this -> debitCurrency = $this -> getDataPost('debit_currency');
$this -> currency = $this -> getDataPost('currency');
$this -> message = $this -> getDataPost('message');
$this -> signature = $this -> getDataPost('signature');
$this -> ip = $this -> getColumnData($_SERVER, "REMOTE_ADDR");
$this -> referer = $this -> getColumnData($_SERVER, "HTTP_REFERER");
}
public function validate(){
$userAgent = $this -> getColumnData($_SERVER, "HTTP_USER_AGENT");
$whitelisitingValidationPassed = true;
// first layer of validation (Whitelisted IP Address)
$isIpInRemittanceDisabled = false;
// second layer of validation (Whitelisted Domains)
$isDomainInRemittanceDisabled = false;
if($userAgent){
// this condition will be considered if this was triggered in browser
if(!$this -> checkSettlementIpAddress($this -> pnum, "allow_ip_in_remittance", $isIpInRemittanceDisabled)){
if(!$isIpInRemittanceDisabled)
$whitelisitingValidationPassed = false;
}
if(!$this -> checkSettlementDomain($this -> pnum, "allow_domain_in_remittance", $isDomainInRemittanceDisabled)){
if(!$isDomainInRemittanceDisabled)
$whitelisitingValidationPassed = false;
}
}else{
// to insist the mandatory checking of IP in case it's triggered using server-to-server processing.
if(!$this -> checkSettlementIpAddress($this -> pnum, "mandatory", $isIpInRemittanceDisabled)){
if(!$isIpInRemittanceDisabled)
$whitelisitingValidationPassed = false;
}
}
if($whitelisitingValidationPassed){
if(($this -> fromAccount != NO_STRING && $this -> toAccount != NO_STRING)
&& ($this -> fromAccount == $this -> toAccount)){
$this -> result[PARAM_RESULT] = sprintf('%02d', VAL_INT_93);
$this -> result[PARAM_STATUS] = "REJECTED";
}else{
// APIチェック用データ
// シグネチャ生成用のデータを取得する
$row = $this -> getRowData($this -> accessSelect("SELECT_API_SIGNATURE_BY_A_ID", array($this -> pnum)));
$apiPassword = $this -> getColumnData($row, COLUMN_PASSWORD);
$apiUserAccount = $this -> getColumnData($row, COLUMN_USER_ACCOUNT);
$checkSignature = $apiUserAccount
.$apiPassword
.$this -> pnum
.$this -> amount;
$sha = hash("sha256", $checkSignature);
if($this -> signature != $sha){
$this -> result[PARAM_RESULT] = sprintf("%02d", VAL_INT_90);
$this -> result[PARAM_STATUS] = "REJECTED";
}else{
$this -> ctransfer = $this -> checkTransfer(
$this -> fromAccount,
$this -> toAccount,
$this -> currency,
$this -> amount,
$this -> debitCurrency);
if($this -> ctransfer[PARAM_RESULT] == NO_COUNT){
$this -> proceedToRemittanceRequest = true;
}else{
$format = sprintf("%02d", $this -> ctransfer[PARAM_RESULT]);
$this -> result[PARAM_RESULT] = sprintf("%02d", $this -> result[PARAM_RESULT]);
$this -> result[PARAM_STATUS] = "ERROR(CODE:{$format})";
}
}
}
}else{
$this -> result[PARAM_RESULT] = sprintf("%02d", VAL_INT_92);
$this -> result[PARAM_STATUS] = "REJECTED";
}
$this -> logPost();
}
private function getTransactionalParams(){
$this -> debitAmount = $this -> getColumnData($this -> ctransfer, PARAM_AMOUNT);
// 取引番号の生成
$this -> transactionNum = $this -> getTransactionNumberCommon(VAR_TRANSACTION_TRANSFER_DEPOSIT);
//to fee
$this -> toFee = $this -> currencyToInt($this -> getColumnData($this -> ctransfer, PARAM_TO_FEE), $this -> currency);
$params = [];
// 送金実行
$params[] = $this -> fromAccount; // 送金元口座番号
$params[] = $this -> fromAccount; // 送金元口座番号
$params[] = $this -> debitCurrency; // 送金通貨
$params[] = $this -> currencyToInt($this -> getColumnData($this -> ctransfer, PARAM_FROM_FEE), $this -> debitCurrency); // 口座元手数料
$params[] = $this -> toAccount; // 送金先口座番号
$params[] = $this -> currency; // 送金元通貨
$params[] = $this -> fee; // 送金先手数料
$params[] = $this -> amount; // 入力金額
$params[] = NO_COUNT; // 送金方法
$params[] = $this -> message; // メッセージ
$params[] = $this -> debitCurrency; // 出金通貨
$params[] = $this -> currencyToInt($this -> debitAmount, $this -> debitCurrency); // 出金金額
$params[] = $this -> currency; // 送金通貨
$params[] = $this -> currencyToInt($this -> amount, $this -> currency); // 送金金額
$params[] = $this -> getColumnData($this -> ctransfer, PARAM_RATE); // レート
$params[] = NO_COUNT; // 処理種別
$params[] = NO_STRING; // 管理者ID
$params[] = VAL_INT_2; // 処理ステータス
$params[] = $this -> transactionNum; // 取引番号
$params[] = date("Y-m-d H:i:s");
return $params;
}
private function getFullNameString(Array $rowData){
if($this -> isLoopData($rowData)){
return
$this -> getColumnData($rowData, COLUMN_FIRST_NAME)
.DELIMIT_SPACE
.$this -> getColumnData($rowData, COLUMN_LAST_NAME);
}
return NO_STRING;
}
private function getSendDataParams() {
$rtn = [];
$row1 = $this -> getRowData($this -> getAccountCommon($this -> fromAccount));
$row2 = $this -> getRowData($this -> getAccountCommon($this -> toAccount));
$rtn[] = $this -> fromAccount; // ユーザ口座番号
$rtn[] = $this -> getFullNameString($row2); // ユーザ名
$rtn[] = $this -> getUserData(PARAM_USER_ACCOUNT); // 送金先口座番号
$rtn[] = $this -> getFullNameString($row1); // ユーザ名(送金元)
$rtn[] = $this -> getCurrentTimeCommon(); // 現在時刻
$rtn[] = $this -> currency; // 通貨
$rtn[] = $this -> formatCurrency($this -> amount, $this -> currency); // 金額
$rtn[] = $this -> debitCurrency; // 手数料通貨
$rtn[] = $this -> formatCurrency($this -> toFee, $this -> currency); // 手数料
$rtn[] = $this -> message; // メッセージ
$rtn[] = $this -> transactionNum; // 取引番号
$rtn[] = $this -> getColumnData($row2, COLUMN_MAIL); // メールアドレス
return $rtn;
}
private function printCallbackResult(){
$this -> accessModifyCommon('INSERT_LOG_POST',
[
$this -> ip,
$this -> referer,
'[REMITTANCE_CALLBACK_RESULT]'.json_encode($this -> result)
]);
echo json_encode($this -> result);
}
public function listen(){
if($this -> proceedToRemittanceRequest){
$params = $this -> getTransactionalParams();
$insertNewTransfer = $this -> accessModify('INSERT_TRANSFER', $params, false);
if($insertNewTransfer){
$encodedParams = json_encode($params);
$this -> accessModifyCommon('INSERT_LOG_POST', [
$this -> ip,
$this -> referer,
"[INSERT_DB]{$encodedParams}"
]);
$transactionNum = $params[VAL_INT_18];
// send email to receiver
$emailParams = $this -> getSendDataParams();
$toAccountData = $this -> getAccountCommon($this -> toAccount);
$language = $this -> getColumnData($this -> getRowData($toAccountData), COLUMN_USE_LANGUAGE);
$this -> sendMailByTmp($language.DIRECTORY_SEPARATOR.'transfer_receive_user.xml'
, $emailParams
, $emailParams[VAL_INT_11]
, VAR_CS_MAIL_ADDRESS);
// 通貨が違う場合は、為替コミッションの発生
if($this -> debitCurrency != $this -> currency) {
// 着金額指定の場合
$this -> registCommisionExchange($this -> fromAccount
, $this -> currency
, $this -> debitCurrency
, $this -> currencyToInt($this -> debitAmount, $this -> debitCurrency));
}
// コミッションの集計(送金元)
$this -> registCommision(VAR_TRANSFER
, null
, $this -> fromAccount
, $this -> debitCurrency
, $this -> getColumnData($this -> ctransfer, PARAM_FROM_FEE));
// コミッションの集計(送金先)
$this -> registCommision(VAR_TRANSFER
, null
, $this -> toAccount
, $this -> currency
, $this -> getColumnData($this -> ctransfer, PARAM_TO_FEE)
, PARAM_TO);
$this -> result[PARAM_RESULT] = sprintf("%02d", NO_COUNT);
$this -> result[PARAM_STATUS] = "OK";
$this -> result[PARAM_TRANSACTION_NUMBER] = $transactionNum;
$this -> result[PARAM_CURRENCY] = $this -> debitCurrency;
$this -> result[PARAM_AMOUNT] = $this -> debitAmount;
$this -> result[PARAM_FEE] = $this -> getColumnData($this -> ctransfer, PARAM_FROM_FEE);
// this brings back memories - anton (2021)
$this -> result[PARAM_FROM_ACCOUNT] = $this -> fromAccount;
$this -> result[PARAM_TO_ACCOUNT] = $this -> toAccount;
}else{
$this -> result[PARAM_RESULT] = sprintf("%02d", VAL_INT_99);
$this -> result[PARAM_STATUS] = "REJECTED";
$this -> accessModifyCommon("INSERT_LOG_POST",
[
$this -> ip,
$this -> referer,
'[INSERT_DB_ERR]'.json_encode($params)
]);
}
}
$this -> printCallbackResult();
}
}
// 登録用パラメータ
$sys -> accessModifyCommon('INSERT_LOG_POST', array($ip,$referer,'[SUCCESSFUL]'.json_encode($rtn)));
echo json_encode($rtn);
//**************************FUNCTIONS****************************************//
/*-------------------------------------------------------------------------
* @function_name: メール送信用のデータを取得(送金先ユーザ)
* @parameter : なし
* @return : メール送信用データ
-------------------------------------------------------------------------*/
function getSendDataTo($fromAccount, $toAccount, $toFee, $amount, $currency, $debitCurrency, $message, $transactionNum) {
global $sys;
// 変数宣言部
$rtn = array();
$data = $sys -> getAccountCommon($fromAccount);
$row = $sys -> getRowData($data);
$data2 = $sys -> getAccountCommon($toAccount);
$row2 = $sys -> getRowData($data2);
$rtn[] = $fromAccount; // ユーザ口座番号
$rtn[] = $sys -> getColumnData($row2, COLUMN_FIRST_NAME)
. DELIMIT_SPACE . $sys -> getColumnData($row2, COLUMN_LAST_NAME); // ユーザ名
$rtn[] = $sys -> getUserData(PARAM_USER_ACCOUNT); // 送金先口座番号
$rtn[] = $sys -> getColumnData($row, COLUMN_FIRST_NAME)
. DELIMIT_SPACE . $sys -> getColumnData($row, COLUMN_LAST_NAME); // ユーザ名(送金元)
$rtn[] = $sys -> getCurrentTimeCommon(); // 現在時刻
$rtn[] = $currency; // 通貨
$rtn[] = $sys -> formatCurrency($amount, $currency); // 金額
$rtn[] = $debitCurrency; // 手数料通貨
$rtn[] = $sys -> formatCurrency($toFee, $currency); // 手数料
$rtn[] = $message; // メッセージ
$rtn[] = $transactionNum; // 取引番号
$rtn[] = $sys -> getColumnData($row2, COLUMN_MAIL); // メールアドレス
return $rtn;
}
/*
// コールバック
$data = array('MerchantTransactionId' => $fromAccount
, 'Result' => $rsStatus
);
$data = http_build_query($data, '', '&');
$header = array(
"Content-Type: application/x-www-form-urlencoded",
"Content-Length: ".strlen($data)
);
$opts = array(
'http' =>array('method' => 'POST'
, 'header' => implode("\r\n", $header)
, 'content' => $data
)
);
$context = stream_context_create($opts);
if($callbackUrl == NO_STRING) {
echo 'OK';
} else {
$file = file_get_contents($callbackUrl, false, $context);
}
// 最終の遷移
if($rsStatus == 'OK') { // 処理成功時
if($successUrl == NO_STRING) {
echo $rsStatus;
} else {
header('Location: ' . $successUrl);
}
} else if($rsStatus = 'ERROR') { // エラー時
if($errorUrl == NO_STRING) {
echo $rsStatus;
} else {
header('Location: ' . $errorUrl);
}
} else if($rsStatus = 'REJECTED') {
if($rejectUrl == NO_STRING) {
echo $rsStatus;
} else {
header('Location: ' . $rejectUrl);
}
}
*/
?>
$request = new MoneyRequest();
$request -> listen();
\ No newline at end of file
logic/settlement/model.php
View file @ 7805856a
<?php
<?php
require_once(SITE_LOGICS . 'settlement/config.php');
class SettlementModelClass extends ModelClassEx {
......@@ -238,10 +238,22 @@ class SettlementModelClass extends ModelClassEx {
return false;
}
$domWhitelistedDisabled = false;
// APIの確認
if(!$this -> checkSettlementIpAddress($this -> pNum)) {
$this -> popUpSessionMessage(ERROR, 'E_ERROR_IP_ADDRESS', array());
$rtn = false;
if(!$this -> checkSettlementDomain($this -> pNum, "allow_domain_in_payment", $domWhitelistedDisabled)){
if(!$domWhitelistedDisabled){
$this -> popUpSessionMessage(ERROR, 'E_ERROR_DOMAIN', array());
$rtn = false;
}
}
$ipWhitelistDisabled = false;
// APIの確認
if(!$this -> checkSettlementIpAddress($this -> pNum, "allow_ip_in_payment", $ipWhitelistDisabled)) {
if(!$ipWhitelistDisabled){
$this -> popUpSessionMessage(ERROR, 'E_ERROR_IP_ADDRESS', array());
$rtn = false;
}
}
// シグネチャのチェック
......@@ -588,7 +600,7 @@ class SettlementModelClass extends ModelClassEx {
}
function getAgentCodeURL(){
$baseUrl = 'https://secure.'.SITE_DOMAIN.'/'. $this -> getLangage() .'/register';
$baseUrl = 'https://'.SITE_DOMAIN_FULL.'/'. $this -> getLangage() .'/register';
if(!empty($this -> pNum)){
$rowData = $this -> getRowData($this -> accessSelect('SELECT_AGENT_CODE_BY_AID', array($this -> pNum)));
$AgentCode = $this -> getColumnData($rowData, COLUMN_AGENT_CODE);
......
system/en/template/tmp_api_signature_confirm.php
View file @ 7805856a
......@@ -31,9 +31,7 @@ include_once('template/base_head.php');
</tr>
<tr>
<th>Name</th>
<td>
<?php $this -> echoLastName(); ?> <?php $this -> echoFirstName(); ?>
</td>
<td><?php $this -> echoLastName(); ?> <?php $this -> echoFirstName(); ?></td>
</tr>
<tr>
<th>API Signature</th>
......@@ -47,6 +45,14 @@ include_once('template/base_head.php');
<th>IP Address</th>
<td><?php $this -> echoIpAddress(); ?></td>
</tr>
<tr>
<th>Domain Name</th>
<td><?php $this -> echoDomainName(); ?></td>
</tr>
<tr>
<th>Validation Settings</th>
<td><?php $this -> echoWhitelistSettingsCheckboxes(true); ?></td>
</tr>
</table>
<input type="hidden" value="action" id="type" name="type" />
......@@ -54,6 +60,7 @@ include_once('template/base_head.php');
<input type="hidden" value="<?php $this -> echoUserName(); ?>" id="user_name" name="user_name" />
<input type="hidden" value="<?php $this -> echoPassword(); ?>" id="password" name="password" />
<input type="hidden" value="<?php $this -> echoIpAddress(); ?>" id="ip_address" name="ip_address" />
<input type="hidden" value="<?php $this -> echoDomainName(); ?>" id="domain_name" name="domain_name" />
<!-- Language Transition Data (Anton) 04/23/2016 -->
<input class="lang-trans-data" type="hidden" id="lang_data_action" value="/api_signature"/>
......
system/en/template/tmp_api_signature_edit.php
View file @ 7805856a
......@@ -52,7 +52,19 @@ include_once('template/base_head.php');
<tr>
<th>IP Address</th>
<td>
<input type="text" id="ip_address" name="ip_address" value="<?php $this -> echoIpAddress(); ?>" class="w30p">
<textarea id="ip_address" name="ip_address" rows="10" cols="50"><?php $this -> echoIpAddress(); ?></textarea>
</td>
</tr>
<tr>
<th>Domain Name</th>
<td>
<textarea id="domain_name" name="domain_name" rows="10" cols="50"><?php $this -> echoDomainName(); ?></textarea>
</td>
</tr>
<tr>
<th>Validation Settings</th>
<td>
<?php $this -> echoWhitelistSettingsCheckboxes(); ?>
</td>
</tr>
</table>
......
system/en/template/tmp_api_signature_input.php
View file @ 7805856a
......@@ -53,7 +53,19 @@ include_once('template/base_head.php');
<tr>
<th>IP Address</th>
<td>
<input type="text" id="ip_address" name="ip_address" value="<?php $this -> echoIpAddress(); ?>" class="w30p">
<textarea id="ip_address" name="ip_address" rows="10" cols="50"><?php $this -> echoIpAddress(); ?></textarea>
</td>
</tr>
<tr>
<th>Domain Name</th>
<td>
<textarea id="domain_name" name="domain_name" rows="10" cols="50"><?php $this -> echoDomainName(); ?></textarea>
</td>
</tr>
<tr>
<th>Validation Settings</th>
<td>
<?php $this -> echoWhitelistSettingsCheckboxes(); ?>
</td>
</tr>
</table>
......
system/js/api_signature.js
View file @ 7805856a
......@@ -17,6 +17,7 @@ $(function() {
});
$('#btnComplete').click(function() {
$(".wl-set-cbox").prop("disabled", false)
$('#type').val('complete');
submitForm();
});
......@@ -56,6 +57,12 @@ function actionDelete(){
}
function actionInput(){
$(".wl-set-cbox").prop("disabled", false)
$('#type').val('input');
submitForm();
}
/**
* データ修正
*/
......
system/lib/checker.php
View file @ 7805856a
......@@ -1469,27 +1469,23 @@ class Checker extends Chiket {
* @parameter : 番組コード
* @return : 成功:TRUE、失敗:FALSE
-------------------------------------------------------------------------*/
function checkSettlementIpAddress($pnum) {
function checkSettlementIpAddress($pnum, $validationProperty, &$isDisabled = false) {
// 変数宣言部
$rtn = true;
$row = null;
$ip = NO_STRING;
$connecter = NO_STRING;
// シグネチャ生成用のデータを取得する
$row = $this -> getRowData($this -> accessSelect('SELECT_API_SIGNATURE_BY_A_ID', array($pnum)));
$ip = $this -> getColumnData($row, COLUMN_IP_ADDRESS);
$ips = explode(DELIMIT_COMMA, $ip);
$row = $this -> getRowData($this -> accessSelect('SELECT_API_SIGNATURE_BY_A_ID', array($pnum)));
$ip = $this -> getColumnData($row, COLUMN_IP_ADDRESS);
$allowSet = $this -> getColumnData($row, COLUMN_WHITELIST_SETTING);
$ips = explode(DELIMIT_COMMA, $ip);
//error_log paths
$logPath = SYSTEM_PATH.DIRECTORY_SEPARATOR.'documents'.DIRECTORY_SEPARATOR.'error_log';
$serverLogPath = $logPath.DIRECTORY_SEPARATOR.'Visitor_server_params';
//check if directory exists if not, create directory
if(!file_exists($serverLogPath)) {
if(!file_exists($serverLogPath))
mkdir($serverLogPath, 0777, true);
}
//log the transaction details
error_log(date("[Y-m-d H:i:s]")."\r\n".print_r($_SERVER,true)."\r\n", 3, $serverLogPath.DIRECTORY_SEPARATOR.'Log_'.date("Y-m-d").'.log');
......@@ -1500,34 +1496,102 @@ class Checker extends Chiket {
// リファラがなければ、エラー
if($connecter == NO_STRING) { // リファラなし
$connecter = $this -> getColumnData($_SERVER, 'REMOTE_ADDR');
if($connecter == NO_STRING) {
if($connecter == NO_STRING)
return false;
}
} else { // リファラあり
$connecter = parse_url($connecter);
$connecter = gethostbyname($this -> getColumnData($connecter, PARAM_HOST));
}
// IPアドレスのチェック(複数設定対応)
if($this -> isLoopData($ips)) {
$rtn = false;
foreach($ips as $ip) {
if($connecter == $ip) {
$rtn = true;
break;
}
}
} else {
$rtn = false;
}
$rtn = false;
if($this -> checkJSONString($allowSet)){
$allowSet = json_decode($allowSet);
if(isset($allowSet -> {$validationProperty})){
if($allowSet -> {$validationProperty}){
if($this -> isLoopData($ips))
$rtn = in_array($connecter, $ips);
}else
$isDisabled = ["exception" => "The {$validationProperty} setting is disabled"];
}else{
switch($validationProperty){
case "mandatory":
if($this -> isLoopData($ips))
$rtn = in_array($connecter, $ips);
break;
default:
$isDisabled = ["exception" => "Invalid Validation Property"];
break;
}
}
}else
$isDisabled = ["exception" => "Invalid Setting Data"];
return $rtn;
}
/*-------------------------------------------------------------------------
* @function_name: Domainのチェック
* @parameter : 番組コード
* @return : 成功:TRUE、失敗:FALSE
-------------------------------------------------------------------------*/
function checkSettlementDomain($pnum, $validationProperty, &$isDisabled = false) {
// 変数宣言部
$rtn = true;
// シグネチャ生成用のデータを取得する
$row = $this -> getRowData($this -> accessSelect('SELECT_API_SIGNATURE_BY_A_ID', array($pnum)));
$domain = $this -> getColumnData($row, COLUMN_DOMAINS);
$allowSet = $this -> getColumnData($row, COLUMN_WHITELIST_SETTING);
$domains = explode(DELIMIT_COMMA, $domain);
//error_log paths
$logPath = SYSTEM_PATH.DIRECTORY_SEPARATOR.'documents'.DIRECTORY_SEPARATOR.'error_log';
$serverLogPath = $logPath.DIRECTORY_SEPARATOR.'Visitor_server_params';
//check if directory exists if not, create directory
if(!file_exists($serverLogPath))
mkdir($serverLogPath, 0777, true);
//log the transaction details
error_log(date("[Y-m-d H:i:s]")."\r\n".print_r($_SERVER,true)."\r\n", 3, $serverLogPath.DIRECTORY_SEPARATOR.'Log_'.date("Y-m-d").'.log');
chmod($serverLogPath.DIRECTORY_SEPARATOR.'Log_'.date("Y-m-d").'.log',511);
// 接続IPアドレス
$connecter = $this -> getColumnData($_SERVER, PARAM_HTTP_REFERER);
// リファラがなければ、エラー
if($connecter == NO_STRING) { // リファラなし
$connecter = $this -> getColumnData($_SERVER, 'REMOTE_ADDR');
if($connecter == NO_STRING)
return false;
} else { // リファラあり
$connecter = parse_url($connecter);
$connecter = $this -> getColumnData($connecter, PARAM_HOST);
}
$rtn = false;
if($this -> checkJSONString($allowSet)){
$allowSet = json_decode($allowSet);
if($allowSet -> {$validationProperty}){
if($this -> isLoopData($domains))
$rtn = in_array($connecter, $domains);
} else
$isDisabled = ["exception" => "The {$validationProperty} setting is disabled"];
}else
$isDisabled = ["exception" => "Invalid Setting Data"];
return $rtn;
}
/*-------------------------------------------------------------------------
* @function_name: CHIDとカード番号の存在チェック
......@@ -1560,6 +1624,17 @@ class Checker extends Chiket {
throw new Exception('E_WRONG_SIGNATURE');
}
}
/*-------------------------------------------------------------------------
* @function_name: JSON表現の確認
* @parameter : String
* @return : 成功:true、失敗:false
-------------------------------------------------------------------------*/
function checkJSONString($string){
return is_string($string)
&& is_array(json_decode($string, true))
&& (json_last_error() == JSON_ERROR_NONE) ? true : false;
}
/*-------------------------------------------------------------------------
......
system/lib/core/column_keys.php
View file @ 7805856a
......@@ -217,6 +217,8 @@ define('COLUMN_TOTAL', 'total');
define('COLUMN_TRANSACTION_ID', 'transaction_id');
define('COLUMN_FAIL_FILENAME', 'fail_filename');
define('COLUMN_IP_ADDRESS', 'ip_address');
define('COLUMN_DOMAINS', 'domains');
define('COLUMN_WHITELIST_SETTING', 'whitelist_setting');
define('COLUMN_USER_AGENT', 'user_agent');
define('COLUMN_COMMISION', 'commision');
define('COLUMN_CARD_NUMBER', 'card_number');
......
system/lib/core/literals.php
View file @ 7805856a
......@@ -121,6 +121,8 @@ define('VAL_STR_CEO_NAME', '代表者氏名');
define('VAL_STR_SITE_NAME', 'サイト名・屋号');
define('VAL_STR_TARGET_COUNTRY', 'サービス主要対象国');
define('VAL_STR_URL', 'URL');
define('VAL_STR_IP_ADDRESS_VALIDATION', 'IPアドレス確認');
define('VAL_STR_DOMAIN_NAME_VALIDATION', 'ドメイン名の確認');
define('VAL_STR_SITE_URL', 'サイトURL');
define('VAL_STR_MANAGER_NAME', '口座取引責任者氏名');
define('VAL_STR_MANAGER_EMAIL', '責任者メールアドレス');
......
system/lib/core/literals_en.php
View file @ 7805856a
......@@ -123,6 +123,8 @@ define('VAL_STR_CEO_NAME', 'Corporation Representative Name');
define('VAL_STR_SITE_NAME', 'Site Name・Business Name');
define('VAL_STR_TARGET_COUNTRY', 'Targeted country');
define('VAL_STR_URL', 'URL');
define('VAL_STR_IP_ADDRESS_VALIDATION', 'IP Address Validation');
define('VAL_STR_DOMAIN_NAME_VALIDATION', 'Domain Name Validation');
define('VAL_STR_SITE_URL', 'Website URL');
define('VAL_STR_MANAGER_NAME', 'Name of personal in charge of account');
define('VAL_STR_MANAGER_EMAIL', 'E-mail address of personal in charge');
......
system/lib/core/post_keys.php
View file @ 7805856a
......@@ -228,6 +228,8 @@ define('PARAM_EXCHANGE_FEE_ID', 'exchange_fee_id');
define('PARAM_PARENT_CORPORATION_NAME', 'parent_corporation_name');
define('PARAM_FAIL', 'fail');
define('PARAM_IP_ADDRESS', 'ip_address');
define('PARAM_DOMAIN_NAME', 'domain_name');
define('PARAM_WHITELIST_SETTING', 'whitelist_setting');
define('PARAM_ORDER_NUMBER', 'order_number');
define('PARAM_DATETIME', 'datetime');
define('PARAM_WL_NAME', 'wl_name');
......
system/lib/message.xml
View file @ 7805856a
......@@ -263,6 +263,9 @@
<E_ERROR_IP_ADDRESS>
不正なIPアドレスからの接続です。
</E_ERROR_IP_ADDRESS>
<E_ERROR_DOMAIN>
不正なドメインやホストなどからの接続です。
</E_ERROR_DOMAIN>
<E_DO_NOT_SELECT>
__MEGELM01__を選択してください。
</E_DO_NOT_SELECT>
......
system/lib/message_en.xml
View file @ 7805856a
......@@ -272,6 +272,9 @@
<E_ERROR_IP_ADDRESS>
Unable to connect to an unauthorized IP address.
</E_ERROR_IP_ADDRESS>
<E_ERROR_DOMAIN>
Unable to connect to an unauthorized Host/Domain.
</E_ERROR_DOMAIN>
<E_DO_NOT_SELECT>
Please select the requested __MEGELM01__.
</E_DO_NOT_SELECT>
......
system/lib/message_id.xml
View file @ 7805856a
......@@ -248,6 +248,9 @@
<E_ERROR_IP_ADDRESS>
Tidak dapat terhubung ke alamat IP yang tidak sah.
</E_ERROR_IP_ADDRESS>
<E_ERROR_DOMAIN>
Tidak dapat terhubung ke Host/Domain yang tidak sah.
</E_ERROR_DOMAIN>
<E_DO_NOT_SELECT>
Silakan pilih __MEGELM01__ yang diminta.
</E_DO_NOT_SELECT>
......
system/lib/message_sc.xml
View file @ 7805856a
......@@ -257,6 +257,9 @@
<E_ERROR_IP_ADDRESS>
IP地址未授权。
</E_ERROR_IP_ADDRESS>
<E_ERROR_IP_ADDRESS>
HOST/Domain地址未授权。
</E_ERROR_IP_ADDRESS>
<E_DO_NOT_SELECT>
请在__MEGELM01__选择。
</E_DO_NOT_SELECT>
......
system/lib/message_tc.xml
View file @ 7805856a
......@@ -257,6 +257,9 @@
<E_ERROR_IP_ADDRESS>
IP地址未授權。
</E_ERROR_IP_ADDRESS>
<E_ERROR_DOMAIN>
HOST/Domain地址未授權。
</E_ERROR_DOMAIN>
<E_DO_NOT_SELECT>
請在__MEGELM01__選擇。
</E_DO_NOT_SELECT>
......
system/lib/sql.xml
View file @ 7805856a
......@@ -9386,6 +9386,8 @@ WHERE
, user_name
, password
, ip_address
, domain
, whitelist_setting
FROM
t_api_signature
WHERE
......@@ -9403,6 +9405,8 @@ WHERE
, user_name
, password
, ip_address
, domain
, whitelist_setting
FROM
t_api_signature
WHERE
......@@ -9420,6 +9424,8 @@ WHERE
, user_name
, password
, ip_address
, domains
, whitelist_setting
FROM
t_api_signature
WHERE
......@@ -9994,14 +10000,16 @@ WHERE
-->
<LIST_API_SIGNATURE>
SELECT
api_signature.a_id AS a_id
, api_signature.user_name AS user_name
, api_signature.password AS password
, api_signature.user_account AS user_account
, IFNULL(users.first_name, '') AS first_name
, IFNULL(users.last_name, '') AS last_name
, api_signature.ip_address AS ip_address
, api_signature.create_time AS create_time
api_signature.a_id AS a_id
, api_signature.user_name AS user_name
, api_signature.password AS password
, api_signature.user_account AS user_account
, IFNULL(users.first_name, '') AS first_name
, IFNULL(users.last_name, '') AS last_name
, api_signature.ip_address AS ip_address
, api_signature.create_time AS create_time
, api_signature.domains AS domains
, api_signature.whitelist_setting AS whitelist_setting
FROM
t_api_signature AS api_signature
LEFT OUTER JOIN
......@@ -10013,14 +10021,16 @@ WHERE
<!-- Mark -->
<LIST_API_SIGNATURE_REVISED>
SELECT
api_signature.a_id AS a_id,
api_signature.user_name AS user_name,
api_signature.password AS password,
api_signature.user_account AS user_account,
IFNULL(users.first_name, '') AS first_name,
IFNULL(users.last_name, '') AS last_name,
api_signature.ip_address AS ip_address,
api_signature.create_time AS create_time
api_signature.a_id AS a_id,
api_signature.user_name AS user_name,
api_signature.password AS password,
api_signature.user_account AS user_account,
IFNULL(users.first_name, '') AS first_name,
IFNULL(users.last_name, '') AS last_name,
api_signature.ip_address AS ip_address,
api_signature.create_time AS create_time,
api_signature.domains AS domains,
api_signature.whitelist_setting AS whitelist_setting
FROM
t_api_signature AS api_signature
LEFT OUTER JOIN
......@@ -10058,6 +10068,8 @@ WHERE
, user_name
, password
, ip_address
, domains
, whitelist_setting
, create_time
) VALUES (
'__ELEMENT01__'
......@@ -10065,6 +10077,8 @@ WHERE
, '__ELEMENT03__'
, '__ELEMENT04__'
, '__ELEMENT05__'
, '__ELEMENT06__'
, '__ELEMENT07__'
, NOW() + INTERVAL 17 HOUR
)
</INSERT_API_SIGNATURE>
......@@ -10080,9 +10094,11 @@ WHERE
UPDATE
t_api_signature
SET
user_name = '__ELEMENT02__'
, password = '__ELEMENT03__'
, ip_address = '__ELEMENT04__'
user_name = '__ELEMENT02__'
, password = '__ELEMENT03__'
, ip_address = '__ELEMENT04__'
, domains = '__ELEMENT05__'
, whitelist_setting = '__ELEMENT06__'
WHERE
user_account = '__ELEMENT01__'
</UPDATE_API_SIGNATURE>
......
system/logic/api_signature/logic.php
View file @ 7805856a
......@@ -80,13 +80,13 @@ class LogicApiSignature extends ApiSignatureModelClass {
* @parameter : なし
* @return : なし
-------------------------------------------------------------------------*/
function select($newCredential = false) {
$rs = $this -> getAPISignatureCommon($this -> getAId());
function select() {
$rs = $this -> getRowData($this -> getAPISignatureCommon($this -> getAId()));
$userAccount = $this -> getUserAccount();
if(count($rs) > 0)
$userAccount = $this -> getColumnData($rs[0], COLUMN_USER_ACCOUNT);
$userAccount = $this -> getColumnData($rs, COLUMN_USER_ACCOUNT);
$this -> setResult($rs);
$this -> setAccount($this -> getAccountCommon($userAccount));
......
system/logic/api_signature/model.php
View file @ 7805856a
<?php
use function GuzzleHttp\json_decode;
class ApiSignatureModelClass extends ModelClassEx {
/*-------------------------------------------------------------------------
......@@ -13,6 +15,8 @@ class ApiSignatureModelClass extends ModelClassEx {
private $userName = NO_STRING; // ユーザ名
private $password = NO_STRING; // パスワード
private $ipAddress = NO_STRING; // IPアドレス
private $domainName = NO_STRING; // ドメイン名
private $whitelistSet = NO_STRING; // ホワイトリスト設定
private $lang = NO_STRING;
......@@ -55,12 +59,13 @@ class ApiSignatureModelClass extends ModelClassEx {
* @return : なし
-------------------------------------------------------------------------*/
private function setParameter() {
$this -> aId = $this -> getDataPost(PARAM_A_ID); // APIID
$this -> userAccount = $this -> getDataPost(PARAM_USER_ACCOUNT); // 口座番号
$this -> userName = $this -> getDataPost(PARAM_USER_NAME); // ユーザ名
$this -> password = $this -> getDataPost(PARAM_PASSWORD); // パスワード
$this -> ipAddress = $this -> getDataPost(PARAM_IP_ADDRESS); // IPアドレス
$this -> aId = $this -> getDataPost(PARAM_A_ID); // APIID
$this -> userAccount = $this -> getDataPost(PARAM_USER_ACCOUNT); // 口座番号
$this -> userName = $this -> getDataPost(PARAM_USER_NAME); // ユーザ名
$this -> password = $this -> getDataPost(PARAM_PASSWORD); // パスワード
$this -> ipAddress = $this -> getDataPost(PARAM_IP_ADDRESS); // IPアドレス
$this -> domainName = $this -> getDataPost(PARAM_DOMAIN_NAME); // IPアドレス
$this -> whitelistSet = $this -> getDataPost(PARAM_WHITELIST_SETTING); // ホワイトリスト設定
$this -> lang = $this -> getLangage();
}
......@@ -76,12 +81,21 @@ class ApiSignatureModelClass extends ModelClassEx {
$this -> userAccount = $this -> getColumnData($this -> account, COLUMN_USER_ACCOUNT);
// 修正データ取得の場合
if($this -> getType() == TYPE_EDIT
&& $this -> isLoopData($this -> rs)) {
$row = $this -> getRowData($this -> rs);
$this -> userName = $this -> getColumnData($row, COLUMN_USER_NAME);
$this -> password = $this -> getColumnData($row, COLUMN_PASSWORD);
$this -> ipAddress = $this -> getColumnData($row, COLUMN_IP_ADDRESS);
if($this -> getType() == TYPE_EDIT && $this -> isLoopData($this -> rs)) {
$this -> userName = $this -> getColumnData($this -> rs, COLUMN_USER_NAME);
$this -> password = $this -> getColumnData($this -> rs, COLUMN_PASSWORD);
$this -> ipAddress = $this -> getColumnData($this -> rs, COLUMN_IP_ADDRESS);
$this -> domainName = $this -> getColumnData($this -> rs, COLUMN_DOMAINS);
if($this -> checkJSONString($this -> getColumnData($this -> rs, COLUMN_WHITELIST_SETTING))){
$this -> whitelistSet = [];
$wlsets = (array) json_decode($this -> getColumnData($this -> rs, COLUMN_WHITELIST_SETTING));
foreach($wlsets as $key => $var){
if($var)
$this -> whitelistSet[] = $key;
}
}
}
}
......@@ -278,24 +292,43 @@ class ApiSignatureModelClass extends ModelClassEx {
echo $rtn;
}
private function getWhitelistSettingPayload(){
$whitelistSetting = [
"allow_ip_in_payment" => false,
"allow_domain_in_payment" => false,
"allow_ip_in_remittance" => false,
"allow_domain_in_remittance" => false
];
foreach(array_keys($whitelistSetting) as $key){
if(in_array($key, $this -> whitelistSet))
$whitelistSetting[$key] = true;
}
return json_encode($whitelistSetting);
}
/*-------------------------------------------------------------------------
* @function_name: 登録データの取得
* @parameter : なし
* @return : 登録パラメータの取得
-------------------------------------------------------------------------*/
function getRegistParams() {
public function getRegistParams() {
// 変数宣言部
$rtn = array();
// パラメータの設定
$rtn[] = $this -> getSequenceNo(API_SIGNATURE);
$rtn[] = $this -> userAccount;
$rtn[] = $this -> userName;
$rtn[] = $this -> password;
$rtn[] = $this -> ipAddress;
$rtn = [
$this -> getSequenceNo(API_SIGNATURE),
$this -> userAccount,
$this -> userName,
$this -> password,
$this -> ipAddress,
$this -> domainName,
$this -> getWhitelistSettingPayload()
];
return $rtn;
}
......@@ -304,17 +337,20 @@ class ApiSignatureModelClass extends ModelClassEx {
* @parameter : なし
* @return : 更新パラメータの取得
-------------------------------------------------------------------------*/
function getUpdateParams() {
public function getUpdateParams() {
// 変数宣言部
$rtn = array();
// パラメータの設定
$rtn[] = $this -> userAccount;
$rtn[] = $this -> userName;
$rtn[] = $this -> password;
$rtn[] = $this -> ipAddress;
$rtn = [
$this -> userAccount,
$this -> userName,
$this -> password,
$this -> ipAddress,
$this -> domainName,
$this -> getWhitelistSettingPayload()
];
return $rtn;
}
......@@ -423,6 +459,50 @@ class ApiSignatureModelClass extends ModelClassEx {
public function echoIpAddress() {
echo $this -> ipAddress;
}
/*-------------------------------------------------------------------------
* @function_name: ドメイン名の取得
* @parameter : なし
* @return : ドメイン名
-------------------------------------------------------------------------*/
public function echoDomainName() {
echo $this -> domainName;
}
/*-------------------------------------------------------------------------
* @function_name: ホワイトリスト管理の設定の取得
* @parameter : なし
* @return : ホワイトリスト管理の設定
-------------------------------------------------------------------------*/
public function echoWhitelistSettingsCheckboxes($disabled = false) {
$settings = [
"Payment API" => [
VAL_STR_IP_ADDRESS_VALIDATION => "allow_ip_in_payment",
VAL_STR_DOMAIN_NAME_VALIDATION => "allow_domain_in_payment"
],
"Remittance API" => [
VAL_STR_IP_ADDRESS_VALIDATION => "allow_ip_in_remittance",
VAL_STR_DOMAIN_NAME_VALIDATION => "allow_domain_in_remittance"
]
];
foreach($settings as $setKey => $setVars){
echo "<b>{$setKey}</b>";
echo "<label class=\"method_name\">";
foreach($setVars as $vkey => $var){
$checked = in_array($var, $this -> whitelistSet) ? "checked" : NO_STRING;
$disabled = $disabled ? "disabled" : NO_STRING;
echo "<input type=\"checkbox\" class=\"wl-set-cbox\" value=\"{$var}\" {$disabled}
name=\"whitelist_setting[]\" {$checked}/>&nbsp;";
echo "<span>{$vkey}</span><br/>";
}
echo "</label>";
echo "<br/>";
}
}
/*-------------------------------------------------------------------------
* @function_name: insertActivity
......@@ -430,61 +510,77 @@ class ApiSignatureModelClass extends ModelClassEx {
* @return :
-------------------------------------------------------------------------*/
function getActivity(){
$rtn = array();
$userAccount = $this -> userAccount;
$rs = $this -> getAccountCommon($userAccount);
$rs = $this -> getRowData($this -> getAccountCommon($userAccount));
$details = array();
$type = $this -> getType();
$newUserName = $this -> userName;
$newIpAddress = $this -> ipAddress;
$newPassword = $this -> password;
$newPayload = $this -> getWhitelistSettingPayload();
$lastName = $this -> getColumnData($rs[0], COLUMN_LAST_NAME);
$firstName = $this -> getColumnData($rs[0], COLUMN_FIRST_NAME);
$row = $this -> accessSelect('SELECT_API_SIGNATURE_BY_A_ID', array($this -> aId));
$lastName = $this -> getColumnData($rs, COLUMN_LAST_NAME);
$firstName = $this -> getColumnData($rs, COLUMN_FIRST_NAME);
$row = $this -> getRowData($this -> accessSelect('SELECT_API_SIGNATURE_BY_A_ID', array($this -> aId)));
if(count($row) > 0){
$id = $this -> getColumnData($row[0], COLUMN_A_ID);
$uNumber = $this -> getColumnData($row[0], COLUMN_USER_ACCOUNT);
$oldUserName = $this -> getColumnData($row[0], COLUMN_USER_NAME);
$oldIpAddress = $this -> getColumnData($row[0], COLUMN_IP_ADDRESS);
$oldPassword = $this -> getColumnData($row[0], COLUMN_PASSWORD);
$id = $this -> getColumnData($row, COLUMN_A_ID);
$oldUserName = $this -> getColumnData($row, COLUMN_USER_NAME);
$oldIpAddress = $this -> getColumnData($row, COLUMN_IP_ADDRESS);
$oldPassword = $this -> getColumnData($row, COLUMN_PASSWORD);
$oldPayload = $this -> getColumnData($row, COLUMN_WHITELIST_SETTING);
if($type == TYPE_SAVE){
if($oldUserName != $newUserName){
$details[] = ' API username from ['.$oldUserName.'] to ['.$newUserName.']';
$details[] = " API username from [{$oldUserName}] to [{$newUserName}]";
}
if($oldIpAddress != $newIpAddress){
$details[] = ' IP address from ['.$oldIpAddress.'] to ['.$newIpAddress.']';
$details[] = " IP address from [{$oldIpAddress}] to [{$newIpAddress}]";
}
if($oldPassword != $newPassword){
$details[] = ' password from ['.$oldPassword.'] to ['.$newPassword.']';
$details[] = " password from [{$oldPassword}] to [{$newPassword}]";
}
if($oldPayload != $newPayload){
$oldsets = (array) json_decode($oldPayload);
$newsets = (array) json_decode($newPayload);
foreach(array_keys($oldsets) as $key){
if(isset($oldsets[$key]) && isset($newsets[$key])){
if($oldsets[$key] != $newsets[$key]){
$oldb = $oldsets[$key] ? "true" : "false";
$newb = $newsets[$key] ? "true" : "false";
$details[] = " Updated {$key} from [{$oldb}] to [{$newb}]";
}
}
}
}
if($details != NULL){
$message = 'Edited '.$userAccount.' '.$lastName.' '.$firstName.'\'s'.' '. implode(', <br/>', $details);
$message = "Edited {$userAccount} {$lastName} {$firstName}'s <br/> ". implode(', <br/>', $details);
}else{
$message = 'Saved without any changes';
$message = "Saved without any changes";
}
}elseif ($type == TYPE_DELETE){
$message = "Deleted an API Signature [AID: {$id}][Account No: {$userAccount}][Username: {$oldUserName}][IP Address: {$oldIpAddress}]";
}elseif ($type == TYPE_COMPLETE) {
$message = 'Created an API Signature for ['.$userAccount .']';
$message = "Created an API Signature for [{$userAccount}]";
}
$rtn[] = $this -> getAdminUserData(PARAM_UID);
$rtn[] = $_SERVER[PARAM_REMOTE_ADDR];
$rtn[] = $_SERVER[PARAM_HTTP_USER_AGENT];
$rtn[] = 17;
$rtn[] = date("Y-m-d H:i:s");
$rtn[] = $message;
$rtn = [
$this -> getAdminUserData(PARAM_UID),
$_SERVER[PARAM_REMOTE_ADDR],
$_SERVER[PARAM_HTTP_USER_AGENT],
17,
date("Y-m-d H:i:s"),
$message
];
}
return $rtn;
......
system/template/tmp_api_signature_confirm.php
View file @ 7805856a
......@@ -31,9 +31,7 @@ include_once('template/base_head.php');
</tr>
<tr>
<th>氏名</th>
<td>
<?php $this -> echoLastName(); ?> <?php $this -> echoFirstName(); ?>
</td>
<td><?php $this -> echoLastName(); ?> <?php $this -> echoFirstName(); ?></td>
</tr>
<tr>
<th>APIユーザ名</th>
......@@ -47,6 +45,14 @@ include_once('template/base_head.php');
<th>IPアドレス</th>
<td><?php $this -> echoIpAddress(); ?></td>
</tr>
<tr>
<th>ドメイン名</th>
<td><?php $this -> echoDomainName(); ?></td>
</tr>
<tr>
<th>確認設定</th>
<td><?php $this -> echoWhitelistSettingsCheckboxes(true); ?></td>
</tr>
</table>
<input type="hidden" value="action" id="type" name="type" />
......@@ -54,6 +60,7 @@ include_once('template/base_head.php');
<input type="hidden" value="<?php $this -> echoUserName(); ?>" id="user_name" name="user_name" />
<input type="hidden" value="<?php $this -> echoPassword(); ?>" id="password" name="password" />
<input type="hidden" value="<?php $this -> echoIpAddress(); ?>" id="ip_address" name="ip_address" />
<input type="hidden" value="<?php $this -> echoDomainName(); ?>" id="domain_name" name="domain_name" />
</form>
<p class="calign">
<a href="javascript:actionInput();" class="btn bg-default">&laquo; 戻る</a>&emsp;
......
system/template/tmp_api_signature_edit.php
View file @ 7805856a
......@@ -28,7 +28,9 @@ include_once('template/base_head.php');
</colgroup>
<tr>
<th>口座番号</th>
<td><?php $this -> echoUserAccount(); ?></td>
<td>
<?php $this -> echoUserAccount(); ?>
</td>
</tr>
<tr>
<th>氏名</th>
......@@ -51,7 +53,19 @@ include_once('template/base_head.php');
<tr>
<th>IPアドレス</th>
<td>
<input type="text" id="ip_address" name="ip_address" value="<?php $this -> echoIpAddress(); ?>" class="w30p">
<textarea id="ip_address" name="ip_address" rows="10" cols="50"><?php $this -> echoIpAddress(); ?></textarea>
</td>
</tr>
<tr>
<th>ドメイン名</th>
<td>
<textarea id="domain_name" name="domain_name" rows="10" cols="50"><?php $this -> echoDomainName(); ?></textarea>
</td>
</tr>
<tr>
<th>確認設定</th>
<td>
<?php $this -> echoWhitelistSettingsCheckboxes(); ?>
</td>
</tr>
</table>
......
system/template/tmp_api_signature_input.php
View file @ 7805856a
......@@ -53,7 +53,19 @@ include_once('template/base_head.php');
<tr>
<th>IPアドレス</th>
<td>
<input type="text" id="ip_address" name="ip_address" value="<?php $this -> echoIpAddress(); ?>" class="w30p">
<textarea id="ip_address" name="ip_address" rows="10" cols="50"><?php $this -> echoIpAddress(); ?></textarea>
</td>
</tr>
<tr>
<th>ドメイン名</th>
<td>
<textarea id="domain_name" name="domain_name" rows="10" cols="50"><?php $this -> echoDomainName(); ?></textarea>
</td>
</tr>
<tr>
<th>確認設定</th>
<td>
<?php $this -> echoWhitelistSettingsCheckboxes(); ?>
</td>
</tr>
</table>
......
test/test_MoneyRequest.php
View file @ 7805856a
......@@ -24,7 +24,7 @@ $apiToAccount = (isset($_GET["to_account"]) ? $_GET["to_account"] : "85823926");
パスワード:<input type="text" value="<?=$apiPwd?>" name="password" /><br/>
番組コード:<input type="text" value="<?=$apiPnum?>" name="p_num" /><br/>
金額:<input type="text" value="<?=$apiAmt?>" name="amount" /><br/>
FROM_ACCOUNT:<input type="text" value="<?=$apiFromAccount?>" name="from_account" /><br/>
FROM_ACCOUNT:<input type="text" value="<?=$apiFromAccount?>" name="from_account"/><br/>
TO_ACCOUNT::<input type="text" value="<?=$apiToAccount?>" name="to_account" /><br/>
DEBIT_CURRENCY:<input type="text" value="<?=$apiTCur?>" name="debit_currency" /><br/>
CURRENCY:<input type="text" value="<?=$apiFCur?>" name="currency" /><br/>
......
test/test_referring.php
View file @ 7805856a
......@@ -5,6 +5,8 @@ function getServer($param){
return isset($_SERVER[$param]) ? $_SERVER[$param] : "";
}
print_r(getServer("HTTP_USER_AGENT"));
$connector = getServer("HTTP_REFERER");
if($connector == ""){
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment