Changeset 21722


Ignore:
Timestamp:
2012/04/09 15:59:04 (12 years ago)
Author:
AMUAMU
Message:

#1604 (外部連携用APIの実装) テスト用プログラム。コア機能の微修正。

Location:
branches/version-2_12-dev
Files:
1 added
2 edited

Legend:

Unmodified
Added
Removed
  • branches/version-2_12-dev/data/class/api/SC_Api_Operation.php

    r21713 r21722  
    6464        $table = 'dtb_member'; 
    6565        $where = 'login_id = ? AND del_flg <> 1 AND work = 1'; 
    66         $arrData = $objQuery->getRow($cols, $table, $where, array($login_id)); 
     66        $arrData = $objQuery->getRow($cols, $table, $where, array($member_id)); 
    6767        if (SC_Utils_Ex::isBlank($arrData)) { 
    6868            return false; 
    6969        } 
    7070        // ユーザー入力パスワードの判定 
    71         if (SC_Utils_Ex::sfIsMatchHashPassword($pass, $arrData['password'], $arrData['salt'])) { 
     71        if (SC_Utils_Ex::sfIsMatchHashPassword($member_password, $arrData['password'], $arrData['salt'])) { 
    7272            return true; 
    7373        } 
     
    134134        $access_key = $arrParam['AccessKeyId']; 
    135135        $secret_key = SC_Api_Operation_Ex::getApiSecretKey($access_key); 
     136        if(SC_Utils_Ex::isBlank($secret_key)) { 
     137            return false; 
     138        } 
    136139 
    137140        // バイト順に並び替え 
     
    155158                     . $_SERVER['PHP_SELF'] . "\n" 
    156159                     . $check_str; 
    157  
    158160        $signature = base64_encode(hash_hmac('sha256', $check_str, $secret_key, true)); 
    159  
    160161        if($signature === $arrParam['Signature']) { 
    161162            return true; 
     
    190191    protected function getApiSecretKey($access_key) { 
    191192        $objQuery =& SC_Query_Ex::getSingletonInstance(); 
    192         $secret_key = $objQuery->get('api_secret_key', 'dtb_api_account', 'api_access_key = ? and del_flg = 0'); 
     193        $secret_key = $objQuery->get('api_secret_key', 'dtb_api_account', 'api_access_key = ? and enable = 1 and del_flg = 0', array($access_key)); 
    193194        return $secret_key; 
    194195    } 
     
    201202     * @return boolean 権限がある場合 true; 無い場合 false 
    202203     */ 
    203     protected function checkOperationAuth($operation_name, &$arrParams, &$arrApiConfig) { 
     204    protected function checkOperationAuth($operation_name, &$arrParam, &$arrApiConfig) { 
    204205        if (SC_Utils_Ex::isBlank($operation_name)) { 
    205206            return false; 
     
    300301            $arrApiConfig = SC_Api_Utils_Ex::getApiConfig($operation_name); 
    301302 
    302             if (SC_Api_Operation_Ex::checkOperationAuth($operation_name, $arrParam, $arrApiConfig)) { 
     303            if (SC_Api_Operation_Ex::checkOperationAuth($operation_name, $arrPost, $arrApiConfig)) { 
    303304                SC_Api_Utils_Ex::printApiLog('Authority PASS', $start_time, $operation_name); 
    304305 
  • branches/version-2_12-dev/data/class/api/SC_Api_Utils.php

    r21713 r21722  
    3535class SC_Api_Utils { 
    3636 
    37     /** API XML Namspase */ 
     37    /** API XML Namspase Header */ 
    3838    const API_XMLNS = 'http://www.ec-cube.net/ECCUBEApi/'; 
    3939 
Note: See TracChangeset for help on using the changeset viewer.