1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112
|
DEFINE CLASS WsOrder_Item AS Session OLEPUBLIC
ArtID = .NULL.
ArtQty = .NULL.
ENDDEFINE
DEFINE CLASS WsOrder_CodeDate AS Session OLEPUBLIC
ReturnCode = .NULL.
ReturnDate = .NULL.
* PROCEDURE init
* this.ReturnDate = DATETIME()
* ENDPROC
ENDDEFINE
DEFINE CLASS WsOrder AS Session OLEPUBLIC
DbfDirectory = .NULL.
OrderJounal = .NULL.
SecureKeyLifeTime = 300
ReturnValue = .NULL.
DIMENSION ReturnValue_COMATTRIB[4]
ReturnValue_COMATTRIB[1] = 0 && Full Access
ReturnValue_COMATTRIB[2] = "ReturnValue"
ReturnValue_COMATTRIB[3] = "RETURNVALUE" && Proper capitalization.
ReturnValue_COMATTRIB[4] = "WsOrder_CodeDate" && Data type
* FUNCTION - return the curent date
FUNCTION GetDate() AS Datetime
RETURN DATETIME()
ENDFUNC
* FUNCTION - try to add an orderline
*
* retuns code
* 0 : Failed
* 1 : Succeeded
*
* 400 : Wrong Access
* 404 : Wrong article(s)
* 500 : Wrong signature
* 501 : Wrong date
*
PROCEDURE PassOrder(tcUserID AS String, tcCode AS String, ttSentDate AS Datetime, tcKey AS String, taItems AS Dimension)
LOCAL liReturnCode AS Integer
liReturnCode = this.pPassOrder(tcUserID, tcCode, ttSentDate, tcKey, taItems)
this.ReturnValue = CREATEOBJECT("WsOrder_CodeDate")
this.ReturnValue.ReturnCode = liReturnCode
ENDPROC
FUNCTION pPassOrder(tcUserID AS String, tcCode AS String, ttSentDate AS Datetime, tcKey AS String, taItems AS Dimension) AS Integer
IF PCOUNT( ) <> 5
* wrong function signature
RETURN 500
ENDIF
* right function signature
IF (ttSentDate > DATETIME()) OR (ttSentDate < (DATETIME() - this.SecureKeyLifeTime))
* date out of valid range
RETURN 501
ENDIF
* date inside of valid range
USE this.DbfDirectory + "Cust.dbf"
LOCATE FOR Cust.CUSTID == tcUserID
IF !FOUND( )
* user not found
RETURN 400
ENDIF
* user found
LOCAL lcPassword AS String
STORE Cust.ECOM_PASS TO lcPassword
LOCAL lcCode AS String
* yyyymmddhhmmss + tcKey + lcPassword
lcCode = TTOC(ttSentDate) + tcKey + lcPassword
* check for code
LOCAL luMD5 AS MD5
luMD5 = CREATEOBJECT('MD5')
luMD5.tohash = lcCode
IF tcCode <> luMD5.compute()
* wrong access code
RETURN 400
ENDIF
* right access code
* check for user, date, key triplet uniquity
USE this.DbfDirectory + "SecureKeys.dbf"
LOCATE FOR (SecureKeys.CUSTID == tcUserID) AND (SecureKeys.USEDKEY == tcKey) AND (SecureKeys.USEDDATE = ttSentDate)
IF FOUND( )
* triplet non unique (potent hacking attempt)
RETURN 0
ENDIF
* triplet unique
* remove obsolete SecureKeys
DELETE FROM SecureKeys WHERE SecureKeys.USEDDATE < (DATETIME() - this.SecureKeyLifeTime)
* insert new triplet
APPEND BLANK
REPLACE SecureKeys.CUSTID WITH tcUserID, SecureKeys.USEDKEY WITH tcKey, SecureKeys.USEDDATE WITH ttSentDate
RETURN LEN(lcPassword)
RETURN ALEN(items)
ENDFUNC
ENDDEFINE |
Partager