Context navigation

source: WAeUP_SRP/trunk/skins/waeup_epayment/epayment_cb.py @ 1619

Last change on this file since 1619 was 1619, checked in by joachim, 18 years ago
catch illegal access
Property svn:keywords set to `Id`
File size: 2.4 KB

Rev	Line
[1224]	1	## Script (Python) "epayment_cb"
	2	##bind container=container
	3	##bind context=context
	4	##bind namespace=
	5	##bind script=script
	6	##bind subpath=traverse_subpath
	7	##parameters=
	8	##title=
	9	##
	10	# $Id: epayment_cb.py 1619 2007-03-22 20:42:53Z joachim $
	11	"""
	12	payment callback
	13	"""
	14	import logging
[1568]	15	logger = logging.getLogger('Skins.epayment_cb')
[1619]	16	from AccessControl import Unauthorized
[1224]	17	import DateTime
[1365]	18	if context.portal_membership.isAnonymousUser():
	19	return None
[1224]	20
	21	request = context.REQUEST
	22	students = context.portal_url.getPortalObject().campus.students
[1303]	23	wftool = context.portal_workflow
[1619]	24	mtool = context.portal_membership
	25	member = mtool.getAuthenticatedMember()
	26	member_id = str(member)
[1224]	27	student_id = context.getStudentId()
[1619]	28	if student_id is None or student_id != member_id:
	29	logger.info('%s tried to access payment object of %s' % (member_id,student_id))
	30	referer = request.get('HTTP_REFERER','NO REFERER')
	31	logger.info('%s:%s illegal access referer %s' % (member_id,student_id,referer))
	32	real_ip = request.get('HTTP_X_REAL_IP',"NO REAL_X_IP")
	33	logger.info('%s:%s illegal access real_x_ip %s' % (member_id,student_id,real_ip))
[1224]	34	return context.REQUEST.RESPONSE.redirect("%s/srp_anonymous_view" % context.portal_url())
	35
	36	student = getattr(students,student_id)
	37
[1246]	38	resp_codes = (("x_RespDesc","resp_desc"),
[1224]	39	("x_RespPayRef","resp_pay_reference"),
	40	("x_RespCode","resp_code"),
	41	("x_CardNum","resp_card_num"),
	42	("x_ApprAmt","resp_approved_amount"),
	43	)
[1229]	44	pd = {}
[1243]	45	#from Products.zdb import set_trace;set_trace()
[1224]	46	for rc,pdk in resp_codes:
	47	pd[pdk] = request.get(rc)
[1619]	48	try:
	49	context.getContent().edit(mapping=pd)
	50	except UnAuthorized,E:
	51	logger.info('%s ' % student_id)
	52
[1367]	53	#resp = pd['resp_desc']
	54	#if resp.startswith('Appro') and resp.endswith('essful'):
	55	resp = pd['resp_code']
	56	if resp == '00':
[1348]	57	wftool.doActionFor(student,'pay_school_fee')
[1568]	58	logger.info('%s received valid callback' % student_id)
[1619]	59	referer = request.get('HTTP_REFERER','NO REFERER')
	60	logger.info('%s valid callback referer %s' % (student_id,referer))
	61	real_ip = request.get('HTTP_X_REAL_IP',"NO REAL_X_IP")
	62	logger.info('%s valid callback real_ip %s' % (student_id,real_ip))
[1367]	63
[1349]	64	elif len(resp) < 3:
[1568]	65	logger.info('%s received no callback' % student_id)
[1348]	66	else:
[1568]	67	logger.info('%s received unsuccessfull callback' % student_id)
[1308]	68	wftool.doActionFor(context,'close')
[1303]	69
[1304]	70	return request.RESPONSE.redirect("%s/waeup_document_view" % context.absolute_url())

Note: See TracBrowser for help on using the repository browser.

Download in other formats: