Subversion Repositories SmartDukaan

Rev

Rev 15311 | Rev 15378 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed

Rev 15311 Rev 15335
Line 134... Line 134...
134 
				$this->redirect('/users/verifymobile');
 134 
				$this->redirect('/users/verifymobile');
135 
			}
 135 
			}
136 
		}
 136 
		}
137 
    }
 137 
    }
138 
 
 138 
 
139 
    function checkToken() {
 139 
    function checkToken($userId = null) {
140 
		$headers =  $this->getallheaders();
 140 
        $headers =  $this->getallheaders();
141 
        $this->log(print_r($headers,1),'headers');
 141 
        $this->log(print_r($headers,1),'headers');
142 
        $token = $_COOKIE['token'];
 142 
        $token = $_COOKIE['token'];
143 
        $checkToken = $_COOKIE['walletAuthentication'];
 143 
        $checkToken = $_COOKIE['walletAuthentication'];
144 
        $this->log("Token : $token",'headers');
 144 
        $this->log("Token : $token",'headers');
145 
        $this->log("CheckToken : $checkToken",'headers');
 145 
        $this->log("CheckToken : $checkToken",'headers');
146 
        if(isset($checkToken) && !empty($checkToken) && isset($token) && !empty($token)) {
 146 
        if(isset($checkToken) && !empty($checkToken) && isset($token) && !empty($token)) {
147 
        	$this->loadModel('SocialProfile');
 147 
                $this->loadModel('SocialProfile');
148 
        	$options = array('conditions'=>array('access_token'=>$token),'fields'=>array('user_id'),'recursive'=>-1);
 148 
                $options = array('conditions'=>array('access_token'=>$token),'fields'=>array('user_id'),'recursive'=>-1);
149 
        	$user = $this->SocialProfile->find('first',$options);
 149 
                $user = $this->SocialProfile->find('first',$options);
- 
 
 150 
                $this->log(print_r($user['SocialProfile'],1),'headers');
- 
 
 151 
                if(!$userId){
150 
        	$userId = $this->request->query('user_id');
 152 
                	$userId = $this->request->query('user_id');
- 
 
 153 
                }
151 
			if(isset($userId) && !empty($userId)){
 154 
                if(isset($userId) && !empty($userId)){
152 
				if($userId == $user['SocialProfile']['user_id']){
 155 
                    if($userId == $user['SocialProfile']['user_id']){
153 
					return true;
 156 
                        return true;
- 
 
 157 
                    } else{
- 
 
 158 
                    	// token mismatch, so maybe hack attempt
- 
 
 159 
                        return false;
154 
				}
 160 
                    }
155 
			}
 161 
                } else {
- 
 
 162 
                	// userId is not sent so maybe hack attempt
- 
 
 163 
                	return false;
156 
        } else {
 164 
                }
- 
 
 165 
        } else {
157 
        	return true;
 166 
            return true;
158 
        }
 167 
        }
159 
        return true;
 168 
        // return true;
160 
    }
 169 
    }
161 
 
 170 
 
162 
    function getallheaders() {
171 
    function getallheaders() {
163 
	   $headers = '';
172 
	   $headers = '';
164 
       foreach ($_SERVER as $name => $value)
173 
       foreach ($_SERVER as $name => $value)
Line 203... Line 212...
203 
			    'Content-Length: ' . strlen($fields))
212 
			    'Content-Length: ' . strlen($fields))
204 
			);
213 
			);
205 
		}
 214 
		}
206 
		//execute post
 215 
		//execute post
207 
		$result = curl_exec($ch);
 216 
		$result = curl_exec($ch);
208 
		// $this->log("[response] ".print_r($result,1),'api');
 217 
		$this->log("[response] ".print_r($result,1),'api');
209 
		//close connection
 218 
		//close connection
210 
		curl_close($ch);
 219 
		curl_close($ch);
211 
		switch($format){
 220 
		switch($format){
212 
			case 'json':
 221 
			case 'json':
213 
			$response = json_decode($result,1);
 222 
			$response = json_decode($result,1);
Line 385... Line 394...
385 
		$user = $this->User->find('first',$options);
 394 
		$user = $this->User->find('first',$options);
386 
		$this->log("user_accounts ".print_r($user,1));
 395 
		$this->log("user_accounts ".print_r($user,1));
387 
		$data = array('email'=>$user['User']['email'],'Id'=>$user['UserAccount'][0]['account_key'],'cartId' => $user['UserAccount'][1]['account_key'],'isPrivateDealUser'=>1,'next'=>$next);
 396 
		$data = array('email'=>$user['User']['email'],'Id'=>$user['UserAccount'][0]['account_key'],'cartId' => $user['UserAccount'][1]['account_key'],'isPrivateDealUser'=>1,'next'=>$next);
388 
		$data = '?data='.base64_encode(serialize($data));
 397 
		$data = '?data='.base64_encode(serialize($data));
389 
		$token = '&token='.md5(Configure::read('saholicapikey').'|'.$user['UserAccount'][0]['account_key']);
398 
		$token = '&token='.md5(Configure::read('saholicapikey').'|'.$user['UserAccount'][0]['account_key']);
- 
 
 399 
		$url = Configure::read('saholicapihost')."login!authorizeProfitMandiUser?userId=".$user['UserAccount'][0]['account_key']."&source=ProfitMandi";
- 
 
 400 
		$result = $this->make_request($url);
- 
 
 401 
		if(!empty($result['tokenString'])){
- 
 
 402 
			$token = '&token='.$result['tokenString'];
- 
 
 403 
			return Configure::read('saholicauthurl').$data.$token.'&v=2';
- 
 
 404 
		}
390 
		return Configure::read('saholicauthurl').$data.$token;
 405 
		return Configure::read('saholicauthurl').$data.$token;
391 
	}
 406 
	}
392 
 
 407 
 
393 
 	function createUploadDirectory($modelClass) {
 408 
 	function createUploadDirectory($modelClass) {
394 
        //Create directory
 409 
        //Create directory