source: WAeUP_SRP/trunk/skins/waeup_epayment/epayment_cb.py @ 1619

Last change on this file since 1619 was 1619, checked in by joachim, 18 years ago

catch illegal access
  • Property svn:keywords set to Id
File size: 2.4 KB
Line 
1## Script (Python) "epayment_cb"
2##bind container=container
3##bind context=context
4##bind namespace=
5##bind script=script
6##bind subpath=traverse_subpath
7##parameters=
8##title=
9##
10# $Id: epayment_cb.py 1619 2007-03-22 20:42:53Z joachim $
11"""
12payment callback
13"""
14import logging
15logger = logging.getLogger('Skins.epayment_cb')
16from AccessControl import Unauthorized
17import DateTime
18if context.portal_membership.isAnonymousUser():
19    return None
20
21request = context.REQUEST
22students = context.portal_url.getPortalObject().campus.students
23wftool = context.portal_workflow
24mtool = context.portal_membership
25member = mtool.getAuthenticatedMember()
26member_id = str(member)
27student_id = context.getStudentId()
28if student_id is None or student_id != member_id:
29    logger.info('%s tried to access payment object of %s' % (member_id,student_id))
30    referer = request.get('HTTP_REFERER','NO REFERER')
31    logger.info('%s:%s illegal access referer %s' % (member_id,student_id,referer))
32    real_ip = request.get('HTTP_X_REAL_IP',"NO REAL_X_IP")
33    logger.info('%s:%s illegal access real_x_ip %s' % (member_id,student_id,real_ip))
34    return context.REQUEST.RESPONSE.redirect("%s/srp_anonymous_view" % context.portal_url())
35
36student = getattr(students,student_id)
37
38resp_codes = (("x_RespDesc","resp_desc"),
39              ("x_RespPayRef","resp_pay_reference"),
40              ("x_RespCode","resp_code"),
41              ("x_CardNum","resp_card_num"),
42              ("x_ApprAmt","resp_approved_amount"),
43              )
44pd = {}
45#from Products.zdb import set_trace;set_trace()
46for rc,pdk in resp_codes:
47    pd[pdk] = request.get(rc)
48try:
49    context.getContent().edit(mapping=pd)
50except UnAuthorized,E:
51    logger.info('%s ' % student_id)
52   
53#resp = pd['resp_desc']
54#if  resp.startswith('Appro') and resp.endswith('essful'):
55resp = pd['resp_code']
56if  resp == '00':
57    wftool.doActionFor(student,'pay_school_fee')
58    logger.info('%s received valid callback' % student_id)
59    referer = request.get('HTTP_REFERER','NO REFERER')
60    logger.info('%s valid callback referer %s' % (student_id,referer))
61    real_ip = request.get('HTTP_X_REAL_IP',"NO REAL_X_IP")
62    logger.info('%s valid callback real_ip %s' % (student_id,real_ip))
63
64elif len(resp) < 3:
65    logger.info('%s received no callback' % student_id)
66else:
67    logger.info('%s received unsuccessfull callback' % student_id)
68wftool.doActionFor(context,'close')
69
70return request.RESPONSE.redirect("%s/waeup_document_view" % context.absolute_url())
Note: See TracBrowser for help on using the repository browser.