Changeset 21722
- Timestamp:
- 2012/04/09 15:59:04 (12 years ago)
- Location:
- branches/version-2_12-dev
- Files:
-
- 1 added
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/version-2_12-dev/data/class/api/SC_Api_Operation.php
r21713 r21722 64 64 $table = 'dtb_member'; 65 65 $where = 'login_id = ? AND del_flg <> 1 AND work = 1'; 66 $arrData = $objQuery->getRow($cols, $table, $where, array($ login_id));66 $arrData = $objQuery->getRow($cols, $table, $where, array($member_id)); 67 67 if (SC_Utils_Ex::isBlank($arrData)) { 68 68 return false; 69 69 } 70 70 // ユーザー入力パスワードの判定 71 if (SC_Utils_Ex::sfIsMatchHashPassword($ pass, $arrData['password'], $arrData['salt'])) {71 if (SC_Utils_Ex::sfIsMatchHashPassword($member_password, $arrData['password'], $arrData['salt'])) { 72 72 return true; 73 73 } … … 134 134 $access_key = $arrParam['AccessKeyId']; 135 135 $secret_key = SC_Api_Operation_Ex::getApiSecretKey($access_key); 136 if(SC_Utils_Ex::isBlank($secret_key)) { 137 return false; 138 } 136 139 137 140 // バイト順に並び替え … … 155 158 . $_SERVER['PHP_SELF'] . "\n" 156 159 . $check_str; 157 158 160 $signature = base64_encode(hash_hmac('sha256', $check_str, $secret_key, true)); 159 160 161 if($signature === $arrParam['Signature']) { 161 162 return true; … … 190 191 protected function getApiSecretKey($access_key) { 191 192 $objQuery =& SC_Query_Ex::getSingletonInstance(); 192 $secret_key = $objQuery->get('api_secret_key', 'dtb_api_account', 'api_access_key = ? and del_flg = 0');193 $secret_key = $objQuery->get('api_secret_key', 'dtb_api_account', 'api_access_key = ? and enable = 1 and del_flg = 0', array($access_key)); 193 194 return $secret_key; 194 195 } … … 201 202 * @return boolean 権限がある場合 true; 無い場合 false 202 203 */ 203 protected function checkOperationAuth($operation_name, &$arrParam s, &$arrApiConfig) {204 protected function checkOperationAuth($operation_name, &$arrParam, &$arrApiConfig) { 204 205 if (SC_Utils_Ex::isBlank($operation_name)) { 205 206 return false; … … 300 301 $arrApiConfig = SC_Api_Utils_Ex::getApiConfig($operation_name); 301 302 302 if (SC_Api_Operation_Ex::checkOperationAuth($operation_name, $arrP aram, $arrApiConfig)) {303 if (SC_Api_Operation_Ex::checkOperationAuth($operation_name, $arrPost, $arrApiConfig)) { 303 304 SC_Api_Utils_Ex::printApiLog('Authority PASS', $start_time, $operation_name); 304 305 -
branches/version-2_12-dev/data/class/api/SC_Api_Utils.php
r21713 r21722 35 35 class SC_Api_Utils { 36 36 37 /** API XML Namspase */37 /** API XML Namspase Header */ 38 38 const API_XMLNS = 'http://www.ec-cube.net/ECCUBEApi/'; 39 39
Note: See TracChangeset
for help on using the changeset viewer.