Changeset 1619

Timestamp:

22 Mar 2007, 20:42:53 (18 years ago)

Author:

joachim

Message:

catch illegal access

File:

• WAeUP_SRP/trunk/skins/waeup_epayment/epayment_cb.py (modified) (4 diffs)

WAeUP_SRP/trunk/skins/waeup_epayment/epayment_cb.py

@@ -14 +14 @@
 import logging
 logger = logging.getLogger('Skins.epayment_cb')
+from AccessControl import Unauthorized
 import DateTime
 if context.portal_membership.isAnonymousUser():
@@ -21 +22 @@
 students = context.portal_url.getPortalObject().campus.students
 wftool = context.portal_workflow
+mtool = context.portal_membership
+member = mtool.getAuthenticatedMember()
+member_id = str(member)
 student_id = context.getStudentId()
-if student_id is None:
+if student_id is None or student_id != member_id:
+    logger.info('%s tried to access payment object of %s' % (member_id,student_id))
+    referer = request.get('HTTP_REFERER','NO REFERER')
+    logger.info('%s:%s illegal access referer %s' % (member_id,student_id,referer))
+    real_ip = request.get('HTTP_X_REAL_IP',"NO REAL_X_IP")
+    logger.info('%s:%s illegal access real_x_ip %s' % (member_id,student_id,real_ip))
     return context.REQUEST.RESPONSE.redirect("%s/srp_anonymous_view" % context.portal_url())
 
@@ -37 +46 @@
 for rc,pdk in resp_codes:
     pd[pdk] = request.get(rc)
-context.getContent().edit(mapping=pd)
+try:
+    context.getContent().edit(mapping=pd)
+except UnAuthorized,E:
+    logger.info('%s ' % student_id)
+    
 #resp = pd['resp_desc']
 #if  resp.startswith('Appro') and resp.endswith('essful'):
@@ -44 +57 @@
     wftool.doActionFor(student,'pay_school_fee')
     logger.info('%s received valid callback' % student_id)
+    referer = request.get('HTTP_REFERER','NO REFERER')
+    logger.info('%s valid callback referer %s' % (student_id,referer))
+    real_ip = request.get('HTTP_X_REAL_IP',"NO REAL_X_IP")
+    logger.info('%s valid callback real_ip %s' % (student_id,real_ip))
 
 elif len(resp) < 3: