Changeset 1619 for WAeUP_SRP/trunk/skins


Ignore:
Timestamp:
22 Mar 2007, 20:42:53 (18 years ago)
Author:
joachim
Message:

catch illegal access

File:
1 edited

Legend:

Unmodified
Added
Removed
  • WAeUP_SRP/trunk/skins/waeup_epayment/epayment_cb.py

    r1568 r1619  
    1414import logging
    1515logger = logging.getLogger('Skins.epayment_cb')
     16from AccessControl import Unauthorized
    1617import DateTime
    1718if context.portal_membership.isAnonymousUser():
     
    2122students = context.portal_url.getPortalObject().campus.students
    2223wftool = context.portal_workflow
     24mtool = context.portal_membership
     25member = mtool.getAuthenticatedMember()
     26member_id = str(member)
    2327student_id = context.getStudentId()
    24 if student_id is None:
     28if student_id is None or student_id != member_id:
     29    logger.info('%s tried to access payment object of %s' % (member_id,student_id))
     30    referer = request.get('HTTP_REFERER','NO REFERER')
     31    logger.info('%s:%s illegal access referer %s' % (member_id,student_id,referer))
     32    real_ip = request.get('HTTP_X_REAL_IP',"NO REAL_X_IP")
     33    logger.info('%s:%s illegal access real_x_ip %s' % (member_id,student_id,real_ip))
    2534    return context.REQUEST.RESPONSE.redirect("%s/srp_anonymous_view" % context.portal_url())
    2635
     
    3746for rc,pdk in resp_codes:
    3847    pd[pdk] = request.get(rc)
    39 context.getContent().edit(mapping=pd)
     48try:
     49    context.getContent().edit(mapping=pd)
     50except UnAuthorized,E:
     51    logger.info('%s ' % student_id)
     52   
    4053#resp = pd['resp_desc']
    4154#if  resp.startswith('Appro') and resp.endswith('essful'):
     
    4457    wftool.doActionFor(student,'pay_school_fee')
    4558    logger.info('%s received valid callback' % student_id)
     59    referer = request.get('HTTP_REFERER','NO REFERER')
     60    logger.info('%s valid callback referer %s' % (student_id,referer))
     61    real_ip = request.get('HTTP_X_REAL_IP',"NO REAL_X_IP")
     62    logger.info('%s valid callback real_ip %s' % (student_id,real_ip))
    4663
    4764elif len(resp) < 3:
Note: See TracChangeset for help on using the changeset viewer.