andy/mip
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
0e9ca75d775112a4ff5f8f1bf644b4824092d31f
mip/Data/BulkLoad/EFT/Nominations/Changes/Aug_2010/caco_security.bdy

2528 lines
84 KiB
Plaintext
Raw Blame History

CREATE OR REPLACE PACKAGE BODY caco_security IS
--
-- Constants
--
c_session_duration_hours CONSTANT NUMBER := TO_NUMBER(cout_system_configuration.get_configuration_item('SESSION_TIMEOUT'),'999.999');
--
-- Use the configuration parameter to set when the password expires following a change, if not found use 30 days as a default.
--
c_password_expiry_period CONSTANT NUMBER := NVL(cout_system_configuration.get_configuration_item('G_ACCOUNT_EXPIRE_PERIOD'),30);
--
-- Private procedural logic
--
FUNCTION scramble(p_string IN VARCHAR2) RETURN VARCHAR2 IS
--
v_return VARCHAR2(30);
--
BEGIN
--
v_return := substr(dbms_obfuscation_toolkit.md5(input => utl_raw.cast_to_raw(p_string))
,1
,30);
--
RETURN v_return;
--
END scramble;
--
-- Get User
--
FUNCTION get_user RETURN VARCHAR2 IS
BEGIN
--
RETURN g_current_user;
--
END get_user;
--
--
--
PROCEDURE get_session_data(p_client_id IN VARCHAR2 DEFAULT NULL) IS
BEGIN
--
IF g_client_id IS NULL THEN
--
IF p_client_id IS NULL THEN
--
g_client_id := wsgl.getclientid;
--
ELSE
--
g_client_id := p_client_id;
--
END IF;
--
END IF;
--
IF g_client_id IS NOT NULL THEN
--
BEGIN
SELECT user_name
,syus_id
,inte_id
,cust_id
INTO g_current_user
,g_current_syus_id
,g_current_inte_id
,g_current_cust_id
FROM sessions
WHERE client_id = g_client_id;
EXCEPTION
WHEN no_data_found THEN
--
-- the client id is invalid
--
g_current_user := NULL;
g_current_syus_id := NULL;
g_current_inte_id := NULL;
g_current_cust_id := NULL;
END;
--
END IF;
--
END;
--
--
--
PROCEDURE storeclientid(p_client_id_str IN VARCHAR2) IS
l_script_name VARCHAR2(80) := owa_util.get_cgi_env('SCRIPT_NAME');
BEGIN
--
IF substr(l_script_name
,-1
,1) = '/' THEN
l_script_name := substr(l_script_name
,1
,length(l_script_name) - 1);
END IF;
owa_util.mime_header('text/html'
,FALSE);
--
owa_cookie.send(wsgl.wsg_clientid_cookie
,p_client_id_str
,NULL
,l_script_name
,NULL);
--
owa_util.http_header_close;
--
END;
-- Check_Session: Check that the supplied client ID is valid
-- for the IP address of the client, that the
-- session is still valid, and that the client
-- ID supplied is not null.
--
FUNCTION check_session(p_client_id IN VARCHAR2) RETURN BOOLEAN IS
l_stored_ip VARCHAR2(30);
l_current_ip VARCHAR2(30);
l_check_ok BOOLEAN;
l_expires DATE;
l_debugging BOOLEAN := caco_debug.debugging;
BEGIN
--
IF p_client_id IS NOT NULL THEN
--
-- Get IP address of client
--
l_current_ip := owa_util.get_cgi_env('REMOTE_ADDR');
l_check_ok := TRUE;
--
-- Check wsgsec_sessions table for an existing session
-- with the specified ID and the current IP address
--
BEGIN
SELECT ip_address
,expires
INTO l_stored_ip
,l_expires
FROM sessions
WHERE client_id = p_client_id
AND ip_address = l_current_ip;
EXCEPTION
WHEN no_data_found THEN
BEGIN
SELECT ip_address
,expires
INTO l_stored_ip
,l_expires
FROM sessions
WHERE client_id = p_client_id;
IF NOT l_debugging THEN
caco_debug.debug_on;
END IF;
caco_debug.putline('Looked for client at ' || l_current_ip ||
' and failed. Found client at IP ' ||
l_stored_ip);
IF (NOT l_debugging)
AND caco_debug.debugging THEN
caco_debug.debug_off;
END IF;
EXCEPTION
WHEN no_data_found THEN
IF NOT l_debugging THEN
caco_debug.debug_on;
END IF;
caco_debug.putline('Looked for client at any IP and failed.');
IF (NOT l_debugging)
AND caco_debug.debugging THEN
caco_debug.debug_off;
END IF;
l_check_ok := FALSE;
l_expires := SYSDATE;
END;
END;
--
-- Check that the session has not expired
--
IF (SYSDATE > l_expires) THEN
l_check_ok := FALSE;
END IF;
--
ELSE
--
-- Supplied client ID was null, so return fail.
--
l_check_ok := FALSE;
--
END IF;
--
-- Check that the license is valid
--
IF NOT saco_licensing.check_license THEN
--
l_check_ok := FALSE;
--
END IF;
--
-- If an invalid session was found (either expired or for
-- another IP address) then delete that session.
--
IF NOT l_check_ok
AND p_client_id IS NOT NULL THEN
--
BEGIN
--
dbms_transaction.begin_discrete_transaction;
--
DELETE FROM sessions
WHERE client_id = p_client_id;
COMMIT;
EXCEPTION
WHEN OTHERS THEN
IF NOT caco_debug.debugging THEN
caco_debug.debug_on;
caco_debug.putline(SQLERRM);
caco_debug.debug_off;
ELSE
caco_debug.putline(SQLERRM);
END IF;
END;
--
END IF;
--
RETURN l_check_ok;
--
END;
--
--
-- Generate_Client_Id: Generate a unique identifier for a new session.
--
FUNCTION generate_client_id RETURN VARCHAR2 IS
--
l_client_id VARCHAR2(240);
l_is_unique BOOLEAN := FALSE;
l_count INTEGER;
--
BEGIN
--
-- Generate a pseudo random number.
SELECT to_char(to_number(userenv('sessionid')) *
to_number(to_char(SYSDATE
,'DDDSSSS')))
INTO l_client_id
FROM sys.dual;
--
-- Check that it is unique in the session table. If it is not, increment
-- it until it is.
--
WHILE NOT l_is_unique LOOP
BEGIN
SELECT COUNT(*)
INTO l_count
FROM sessions
WHERE client_id = l_client_id;
EXCEPTION
WHEN no_data_found THEN
l_count := 0;
END;
IF l_count = 0 THEN
--
-- The ID does not already exist in session table
--
l_is_unique := TRUE;
ELSE
l_client_id := to_number(l_client_id) + 1;
END IF;
END LOOP;
RETURN l_client_id;
END;
PROCEDURE update_session_expiry(p_client_id sessions.client_id%TYPE) IS
PRAGMA AUTONOMOUS_TRANSACTION;
e_resource_busy EXCEPTION;
PRAGMA EXCEPTION_INIT(e_resource_busy
,-54);
l_dummy sessions.client_id%TYPE;
BEGIN
SELECT client_id
INTO l_dummy
FROM sessions
WHERE client_id = p_client_id
FOR UPDATE NOWAIT;
UPDATE sessions
SET expires = SYSDATE + (c_session_duration_hours / 24)
WHERE client_id = p_client_id;
COMMIT;
EXCEPTION
WHEN e_resource_busy THEN
--
-- Unable to lock the client session, must be another update occurring
COMMIT;
END update_session_expiry;
--
--
-- Security_Check: Returns true if the currently logged on user is
-- allowed access to the specified package. If not,
-- will return false. This function will also provide
-- a means for the user to log on.
--
FUNCTION security_check(p_package_name IN VARCHAR2) RETURN BOOLEAN IS
--
l_client_id VARCHAR2(240);
l_username VARCHAR2(30);
l_rows INTEGER := 0;
--
BEGIN
--
-- Get the current client ID
--
l_client_id := wsgl.getclientid;
--
IF l_client_id IS NOT NULL THEN
--
-- Call check_session to ensure current session
-- is valid
--
IF check_session(l_client_id) THEN
--
-- Update the session table to set the expiry date to SYSDATE + session duration
--
update_session_expiry(l_client_id);
--
-- Get user name
--
get_session_data(l_client_id);
--
-- Check that the current user has a responsibility
-- that allows it to access the specified package name
--
IF lower(p_package_name) = 'home' THEN
--
l_rows := 1;
--
ELSE
--
BEGIN
--
SELECT COUNT(*)
INTO l_rows
FROM user_profiles uspr
,profile_options prop
,system_options syop
WHERE uspr.syus_id = g_current_syus_id
AND uspr.sypr_id = prop.sypr_id
AND syop.syop_id = prop.syop_id
AND syop.module_name IS NOT NULL
AND upper(substr(syop.module_name
,1
,decode(instr(syop.module_name
,'$')
,0
,length(syop.module_name)
,instr(syop.module_name
,'$')))) =
upper(substr(p_package_name
,1
,decode(instr(p_package_name
,'$')
,0
,length(p_package_name)
,instr(p_package_name
,'$'))));
--
EXCEPTION
WHEN no_data_found THEN
l_rows := 0;
END;
--
END IF;
--
ELSE
--
-- No valid session was found, so display a
-- logon form.
--
IF saco_licensing.check_license
AND saco_licensing.check_users THEN
--
IF lower(p_package_name) = 'home' THEN
--
show_logon_form(p_embedded => TRUE);
--
ELSE
--
show_logon_form(p_embedded => FALSE);
--
END IF;
--
END IF;
--
RETURN FALSE;
--
END IF;
--
IF l_rows != 0 THEN
--
-- User is logged on and has permission to access
-- the specified package.
--
RETURN TRUE;
--
ELSE
--
-- User is logged on but does not have permission
-- to access the specified package
--
show_no_access;
RETURN FALSE;
--
END IF;
--
ELSE
--
-- No current client ID, so display logon form.
--
IF lower(p_package_name) = 'home' THEN
--
show_logon_form(p_embedded => TRUE);
--
ELSE
--
show_logon_form(p_embedded => FALSE);
--
END IF;
--
RETURN FALSE;
--
END IF;
--
END;
--
-- allow_username_login: allows the user to login using a username or password
--
FUNCTION allow_username_login RETURN BOOLEAN IS
--
l_return BOOLEAN := FALSE;
--
BEGIN
--
IF cout_system_configuration.get_configuration_item('G_ALLOW_USERNAME_LOGIN') = 'Y' THEN
--
l_return := TRUE;
--
END IF;
--
RETURN l_return;
--
END allow_username_login;
--
-- Show_Logon_Form: Renders logon form
--
PROCEDURE show_logon_form(p_embedded IN BOOLEAN
,h_href IN VARCHAR2 DEFAULT NULL) IS
BEGIN
--
IF saco_licensing.check_license
AND saco_licensing.check_users THEN
--
IF NOT p_embedded THEN
--
owa_util.mime_header('text/html'
,FALSE);
htp.p('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0');
owa_util.http_header_close;
--
htp.p('<html>');
--
htp.headopen;
--
htp.title(wsgl.msggettext(605
,wsglm.sec605_logon_caption));
--
caco_system.content_type;
htp.linkrel('stylesheet'
,'caco_system.css?p_type=general');
--
-- Display the standard menu
--
htp.print(caco_system.menu);
--
htp.headclose;
--
END IF;
--
-- Output JavaScript for handling onLoad event for setting
-- the focus to the username field upon invocation.
--
htp.bodyopen(cattributes => 'onLoad="return Logon_OnLoad()"');
htp.p('<SCRIPT><!--');
htp.p('function Logon_OnLoad () {');
IF h_href IS NULL THEN
--
-- If the caller href is null, determine it from the caller URL
--
htp.p('document.Logonform.h_href.value = window.location.href;');
--
END IF;
--
htp.p('document.Logonform.p_username.focus();');
htp.p('}');
htp.p('//-->');
htp.p('</SCRIPT>');
htp.formopen(curl => 'caco_security.process_logon'
,ctarget => ''
,cmethod => 'POST'
,cattributes => 'NAME="Logonform"');
--
-- Hidden field to store the calling URL
--
htp.formHidden(cname => 'h_href', cvalue => h_href);
--
--
htp.p('<div id="ContainerMainbereich">
<a id="SubNavigation"></a>
<div id="ContainerSubNav">
<div class="SubNavHead">
</div>
</div>
<div id="ContainerContent">
<a id="Content"></a>
<div class="ContentRow">
<div class="Content3SpAbschluss">
<h1>E.ON F<>ldg<64>z Trade Zrt</h1>');
--
IF allow_username_login THEN
--
htp.p('<p>
<span id="ctl00_cphContent_lblEingabeZugansdaten">Please log in here</span>
</p>');
--
END IF;
--
htp.p('</div>
</div>
<div class="ContentRow">
<div class="Content2Sp">
<div id="ctl00_cphContent_pnlAnmeldung" class="Formular">
<fieldset>');
--
IF allow_username_login THEN
--
htp.p('<fieldset>
<legend>Login</legend>
<p>*) required fields</p>
<label for="ctl00_cphContent_tbEmail" id="ctl00_cphContent_lblBenutzername">User name
</label> *)
<span id="ctl00_cphContent_rfvTbEmail" style="color: Red; display: none;"><img
src="" alt="" style="border-width: 0px; margin: 0pt; width: 12px; height: 12px;"></span>
<span id="ctl00_cphContent_revTbEmail" style="color: Red; display: none;"><img
src="" alt="" style="border-width: 0px; margin: 0pt; width: 12px; height: 12px;"></span>
<span id="ctl00_cphContent_cvAnmeldung" style="color: Red; display: none;"></span>
<br>
<input name="p_username" maxlength="255" id="p_username"
title="User name" class="FormularListe1SpTextBox" type="text"><br>
<label for="ctl00_cphContent_tbKennwort"
id="ctl00_cphContent_lblPasswort">Password</label> *)
<span id="ctl00_cphContent_rfvTbKennwort" style="color: Red; display: none;"><img src="" alt="" style="border-width: 0px; margin: 0pt; width: 12px; height: 12px;"></span>
<br>
<input name="p_password" maxlength="255" id="p_password" title="Password" class="FormularListe1SpTextBox" type="password"><br>
<input name="p_login_button" value="Login" title="Login" class="ButtonRechts ButtonSenden" style="margin-bottom: 0pt;" type="submit">
<br />
<br />
</fieldset>');
--
END IF;
--
htp.p('<fieldset>
<legend>Register</legend>
<span>New users register here</span>
<input name="p_login_button" value="Register" title="Register" class="ButtonRechts ButtonSenden" style="margin-bottom: 0pt;" type="submit">
<br />
<br />
</fieldset>
</fieldset>
</div>
</div>
<div class="Content1SpAbschluss">
<span id="ctl00_cphContent_lblMeldung"></span>
</div>
</div>
</div>
<div id="ContainerMarginal">
</div>
</div>');
--
htp.formclose;
--
IF NOT p_embedded THEN
caco_system.footer(p_closebody => TRUE);
END IF;
--
END IF;
--
END;
--
PROCEDURE online_user_registration ( p_register_title IN VARCHAR2 DEFAULT NULL
, p_register_first_name IN VARCHAR2 DEFAULT NULL
, p_register_surname IN VARCHAR2 DEFAULT NULL
, p_register_company IN VARCHAR2 DEFAULT NULL
, p_register_email IN VARCHAR2 DEFAULT NULL
, p_register_phone IN VARCHAR2 DEFAULT NULL
, p_register_submit IN VARCHAR2 DEFAULT NULL
) IS
--
l_email_body VARCHAR2(4000);
--
BEGIN
--
-- Output the standard pages headings
--
htp.p('<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-2">');
htp.p('<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">');
--
htp.p('<html>');
htp.comment(ctext => 'Copyright 2009 GL Industrial Services');
htp.p('<head id="ctl00_Head1"><title>E.ON F<>ldg<64>z Trade Zrt - User Registration</title>');
htp.p(' <link rel="stylesheet" type="text/css" href="caco_system.eon_css" media="all"/>');
htp.p('<script type="text/javascript">');
htp.p('function JSLNotNull(pctl, pmsg){
if (pctl.value == "") { alert(pmsg); pctl.focus(); return false; }
return true;
}');
htp.p('function validate_form( formHandler )
{
if (!JSLNotNull(p_register_title, "Title : A value must be entered")) {p_register_title.focus(); return false }
if (!JSLNotNull(p_register_first_name, "First Name : A value must be entered")) {p_register_first_name.focus(); return false }
if (!JSLNotNull(p_register_surname, "Surname : A value must be entered")) {p_register_surname.focus(); return false }
if (!JSLNotNull(p_register_company, "Company : A value must be entered")) {p_register_company.focus(); return false }
if (!JSLNotNull(p_register_email, "Email : A value must be entered")) {p_register_email.focus(); return false }
if (!JSLNotNull(p_register_phone, "Phone Number : A value must be entered")) {p_register_phone.focus(); return false }
return true;
}');
htp.p('</script>');
htp.p('<div>
<a id="ScreenReaderNavigation"></a>
<ul class="NurScreenReader">
</ul>
</div>');
htp.p('<div id="ContainerSeitenkopfInhalt">
<a id="Seitenanfang"></a>
<div id="ContainerLogo" style="width: 216px; height: 49px;">
<a href="http://www.eon-foldgaz-trade.com" title="E.ON F&ouml;ldg&aacute;z Trade Homepage"><img id="imgLogo" src="docs/logo_eft.gif" alt="Logo of E.ON F<>ldg<64>z Trade Zrt" style="width: 216px;
height: 49px;"></a>
</div>
<a id="ServiceNavigation"></a>
<ul class="ServiceNav">
</ul>
<br style="clear: right;">
<ul class="ServiceNav">
</ul>
<a id="TopNavigation"></a>
<ul id="TopNavLevel1">
</ul>
</div>');
--
-- Now output the content
--
IF p_register_submit IS NULL THEN
--
htp.formopen(curl => 'caco_security.online_user_registration'
,ctarget => ''
,cmethod => 'POST'
,cattributes => ' onsubmit="return validate_form(this.form);"');
--
END IF;
--
htp.p('<div id="ContainerMainbereich">
<a id="SubNavigation"></a>
<div id="ContainerSubNav">
<div class="SubNavHead">
</div>
</div>
<div id="ContainerContent">
<a id="Content"></a>
<div class="ContentRow">
<div class="Content3SpAbschluss">
<h1>User Registration</h1>');
--
htp.p('</div>
</div>
<div class="ContentRow">
<div class="Content2Sp">
<div id="ctl00_cphContent_pnlAnmeldung" class="Formular">
<fieldset>');
--
IF p_register_submit IS NULL THEN
--
-- Personal Identification
--
htp.p('<fieldset>
<legend>Person</legend>');
htp.p('<label for="p_register_title" id="p_register_title_label" class="FormularListe2SpBeschriftung">Title:</label>
<input name="p_register_title" maxlength="255" id="p_register_title" class="FormularListe2SpTextBox" type="text">
<br>
<label for="p_register_first_name" id="p_register_first_name_label" class="FormularListe2SpBeschriftung">First name:</label>
<input name="p_register_first_name" maxlength="255" id="p_register_first_name" class="FormularListe2SpTextBox" type="text">
<br>
<label for="p_register_surname" id="p_register_surname_label" class="FormularListe2SpBeschriftung">Surname:</label>
<input name="p_register_surname" maxlength="255" id="p_register_surname" class="FormularListe2SpTextBox" type="text">
<br>
<label for="p_register_company" id="p_register_company_label" class="FormularListe2SpBeschriftung">Company:</label>
<input name="p_register_company" maxlength="255" id="p_register_company" class="FormularListe2SpTextBox" type="text">
</fieldset>');
--
-- Contact Details
--
htp.p('<fieldset>
<legend>Contact Details</legend>
<label for="p_register_email" id="p_register_email_label" class="FormularListe2SpBeschriftung">E-mail:</label>
<input name="p_register_email" maxlength="255" id="p_register_email" class="FormularListe2SpTextBox" type="text">
<br>
<label for="p_register_phone" id="p_register_phone_label" class="FormularListe2SpBeschriftung">Phone:</label>
<input name="p_register_phone" maxlength="255" id="p_register_phone" class="FormularListe2SpTextBox" type="text">
</fieldset>
<br>
<input name="p_register_submit" value="Submit" id="register_button_submit" title="Submit Form" class="ButtonRechts ButtonSenden" style="margin-bottom: 0pt;" type="submit">
</fieldset>');
--
ELSE
--
-- Record what we have received
--
amfr_journal.log_transaction( 'INSERT'
, 'Application Registration Received'
, name_value_tab(
name_value_rec('TITLE' , p_register_title )
, name_value_rec('FIRST NAME', p_register_first_name )
, name_value_rec('SURNAME' , p_register_surname )
, name_value_rec('COMPANY' , p_register_company )
, name_value_rec('EMAIL' , p_register_email )
, name_value_rec('PHONE' , p_register_phone )
)
, amfr_journal.g_name_value_tab
);
--
-- Send it as an email
--
l_email_body := CHR(13) || caco_utilities.get_module_text(3931)|| CHR(13);
l_email_body := l_email_body || 'Title: ' || CHR(9) || CHR(9) || p_register_title || CHR(13);
l_email_body := l_email_body || 'First Name: ' || CHR(9) || p_register_first_name || CHR(13);
l_email_body := l_email_body || 'Surname: ' || CHR(9) || p_register_surname || CHR(13);
l_email_body := l_email_body || 'Company: ' || CHR(9) || p_register_company || CHR(13);
l_email_body := l_email_body || 'Email: ' || CHR(9) || CHR(9) || p_register_email || CHR(13);
l_email_body := l_email_body || 'Phone Number: ' || CHR(9) || p_register_phone || CHR(13);
--
amfr_messaging.send_background_email( from_name => cout_system_configuration.get_configuration_item('CONTACT_EMAIL')
, to_names => cout_system_configuration.get_configuration_item('G_SYSADMIN_EMAIL_ADDRESS')
, subject => caco_utilities.get_module_text(3933)
, message => l_email_body
);
--
-- Output the details
--
htp.p('<span>'||caco_utilities.get_module_text(3932)||'</span>');
htp.p('<br><input value="Home" title="Home" class="ButtonRechts ButtonSenden" style="margin-bottom: 0pt;" type="button" onclick="window.location='''||caco_system.dad_path||'''"></fieldset>');
--
END IF;
--
htp.p('</fieldset>
</div>
</div>
<div class="Content1SpAbschluss">
<span id="ctl00_cphContent_lblMeldung"></span>
</div>
</div>
</div>
<div id="ContainerMarginal">
</div>
</div>');
--
IF p_register_submit IS NULL THEN
--
htp.formclose;
--
END IF;
--
-- Standard Footer
--
htp.p('<div id="ContainerFooter">
<div id="ContainerFooterOben">
</div>
<div id="ContainerFooterUnten">
<p id="FooterCopyright">E.ON F<>ldg<64>z Trade Zrt.</p>
<ul id="FooterNavRechts">
<li><a href='''||caco_system.dad_path||'efno_disclaimer.display'' title="Disclaimer">Disclaimer</a></li>
<li><a href="http://www.eon-foldgaz-trade.com/cps/rde/xchg/SID-3F57EEEE-1363C636/eon-foldgaz-trade/hs.xsl/2350.htm" title="Privacy policy">Privacy policy</a></li>
<li><a href="http://www.eon-foldgaz-trade.com/cps/rde/xchg/SID-3F57EEEE-1363C636/eon-foldgaz-trade/hs.xsl/2348.htm" title="Imprint">Imprint</a></li>
</ul>
</div>
</div>
</body>
</html>');
--
END online_user_registration;
--
-- Process_Logon: Accepts submitted logon form and logs user on. If logon
-- fails then notifies user.
--
PROCEDURE process_logon(p_username IN VARCHAR2 DEFAULT NULL
,p_password IN VARCHAR2 DEFAULT NULL
,h_href IN VARCHAR2 DEFAULT NULL
,p_login_button IN VARCHAR2 DEFAULT NULL
) IS
--
l_client_id VARCHAR2(240);
l_success BOOLEAN := FALSE;
l_invalid_password BOOLEAN := FALSE;
l_current_ip VARCHAR2(30);
--
v_message VARCHAR2(2000);
--
CURSOR cur_syus(p_username IN system_users.db_username%TYPE) IS
SELECT syus.syus_id
,syus.cust_id
,syus.inte_id
,syus.password_expires
,syus.grace_logins
,nvl(syus.user_locked
,'N') user_locked
,syus.period_start
,syus.period_end
,NVL(syus.failed_login_attempts,0) failed_login_attempts
,syus.password
FROM system_users syus
WHERE syus.db_username = p_username;
--
r_syus_rec cur_syus%ROWTYPE;
--
BEGIN
--
-- If the request is a login request
--
IF p_login_button = 'Login' THEN
--
-- Retrieve details from system users for the passed username and password
--
IF p_username IS NOT NULL THEN
--
OPEN cur_syus(p_username);
FETCH cur_syus
INTO r_syus_rec;
IF cur_syus%FOUND
THEN
IF scramble(p_username || '/' || p_password) <> r_syus_rec.password
THEN
l_invalid_password := TRUE;
END IF;
END IF;
CLOSE cur_syus;
--
-- Get current client ID
--
l_client_id := wsgl.getclientid;
--
END IF;
--
-- If username/password valid
--
IF r_syus_rec.syus_id IS NOT NULL
AND r_syus_rec.user_locked <> 'Y'
AND saco_licensing.check_users
AND saco_licensing.check_license
AND SYSDATE >= r_syus_rec.period_start -- user validity period
AND SYSDATE < (TRUNC(NVL(r_syus_rec.period_end,SYSDATE)) + 1 - (1/86400)) -- HH24:MI:SS = 23:59:59
AND p_username IS NOT NULL
AND allow_username_login
AND NOT l_invalid_password
THEN
--
-- Check that current client ID is valid
--
IF l_client_id IS NOT NULL
AND check_session(l_client_id) THEN
--
-- Update the session table for this client with
-- the new user
--
dbms_transaction.begin_discrete_transaction;
--
UPDATE sessions
SET user_name = p_username
WHERE client_id = l_client_id;
--
COMMIT;
--
l_success := TRUE;
--
ELSE
--
-- Current client ID is not valid so create a new one
--
l_client_id := generate_client_id;
--
-- Write to browser as a cookie
--
storeclientid(l_client_id);
--
-- Get current IP address
--
l_current_ip := NVL(owa_util.get_cgi_env('REMOTE_ADDR'), '127.0.0.1');
--
-- Create new session in session table
--
dbms_transaction.begin_discrete_transaction;
--
INSERT INTO sessions
(client_id
,user_name
,syus_id
,cust_id
,inte_id
,ip_address
,expires)
VALUES
(l_client_id
,p_username
,r_syus_rec.syus_id
,r_syus_rec.cust_id
,r_syus_rec.inte_id
,l_current_ip
,SYSDATE + (c_session_duration_hours / 24));
--
COMMIT;
--
l_success := TRUE;
--
END IF;
--
UPDATE system_users syus
SET syus.failed_login_attempts = 0
WHERE syus.syus_id = r_syus_rec.syus_id;
--
--
-- User can connect, but check to see if account is nearing expiry
--
IF r_syus_rec.password_expires IS NOT NULL THEN
IF r_syus_rec.password_expires <= SYSDATE THEN
--
IF r_syus_rec.grace_logins = 0 THEN
--
r_syus_rec.user_locked := 'Y';
--
UPDATE system_users syus
SET syus.user_locked = r_syus_rec.user_locked
WHERE syus.syus_id = r_syus_rec.syus_id;
--
l_success := FALSE;
v_message := caco_utilities.get_module_text(1000);
--
ELSIF r_syus_rec.grace_logins = 1 THEN
--
-- password has expired with no grace logins remaining
--
UPDATE system_users syus
SET syus.grace_logins = 0
WHERE syus.syus_id = r_syus_rec.syus_id;
--
v_message := caco_utilities.get_module_text(1001);
--
ELSE
--
-- Password expired, update grace logins
--
UPDATE system_users syus
SET syus.grace_logins = nvl(grace_logins
,3) - 1
WHERE syus.syus_id = r_syus_rec.syus_id;
--
v_message := wsgl.msggettext(p_msgno => NULL
,p_dflttext => caco_utilities.get_module_text(1003)
,p_subst1 => nvl(r_syus_rec.grace_logins
,3) - 1);
--
END IF;
--
ELSIF trunc(r_syus_rec.password_expires) - trunc(SYSDATE) <= 5 THEN
--
v_message := wsgl.msggettext(p_msgno => NULL
,p_dflttext => caco_utilities.get_module_text(1004)
,p_subst1 => trunc(r_syus_rec.password_expires) -
trunc(SYSDATE));
--
END IF;
--
END IF;
--
ELSE
--
-- Invalid username / password
--
IF NOT allow_username_login THEN
--
v_message := caco_utilities.get_module_text(3930); -- username authentication has been disabled.
--
ELSIF l_invalid_password
AND r_syus_rec.syus_id IS NOT NULL
AND NVL(r_syus_rec.user_locked,'N') <> 'Y'
THEN
--
r_syus_rec.failed_login_attempts := NVL(r_syus_rec.failed_login_attempts,0) + 1;
IF r_syus_rec.failed_login_attempts >= C_password_max_tries
THEN
r_syus_rec.user_locked := 'Y';
v_message := caco_utilities.get_module_text(3966);
ELSE
v_message := REPLACE(caco_utilities.get_module_text(3965),'<p1>',TO_CHAR((C_password_max_tries - r_syus_rec.failed_login_attempts)));
END IF;
--
UPDATE system_users syus
SET syus.failed_login_attempts = r_syus_rec.failed_login_attempts
, syus.user_locked = r_syus_rec.user_locked
WHERE syus.syus_id = r_syus_rec.syus_id;
--
ELSIF r_syus_rec.syus_id IS NULL THEN
--
v_message := wsgl.msggettext(608
,wsglm.sec608_invalid_logon);
--
ELSIF r_syus_rec.user_locked = 'Y' THEN
--
v_message := caco_utilities.get_module_text(1000);
--
ELSIF NOT saco_licensing.check_users THEN
--
v_message := 'Number of concurrent users exceeded, please try again later.';
--
ELSIF NOT saco_licensing.check_license THEN
--
v_message := 'License is not valid - please contact your system administrator.';
--
ELSIF SYSDATE < r_syus_rec.period_start -- user validity period
OR SYSDATE > (TRUNC(NVL(r_syus_rec.period_end,SYSDATE)) + 1 - (1/86400)) -- HH24:MI:SS = 23:59:59
THEN
-- The user has expired. Please contact your system administrator
v_message := caco_utilities.get_module_text(2518);
--
END IF;
--
-- EFT request to log failed logons
amfr_journal.log_transaction( 'FAILED LOGIN'
, caco_utilities.get_system_name
, name_value_tab(
name_value_rec('USERNAME', p_username )
, name_value_rec('CLIENT_ID', l_client_id )
, name_value_rec('REMOTE_IP', owa_util.get_cgi_env('REMOTE_ADDR') )
, name_value_rec('MESSAGE', v_message )
)
, amfr_journal.g_name_value_tab
);
--
IF l_client_id IS NOT NULL THEN
--
-- Invalid logon so delete the session for the current client.
--
dbms_transaction.begin_discrete_transaction;
--
DELETE FROM sessions
WHERE client_id = l_client_id;
--
COMMIT;
--
END IF;
--
END IF;
--
-- Output HTML to indicate success or failure
--
htp.htmlopen;
--
IF l_success THEN
--
-- Audit the logon action, if enabled
--
IF cout_system_configuration.get_configuration_item('AUDIT_LOGON') = 'Y' THEN
--
-- Populate the global variables for use with other packages
--
caco_security.g_client_id := l_client_id;
--
amfr_journal.log_transaction('LOGON'
,caco_utilities.get_system_name
,amfr_journal.g_name_value_tab
,amfr_journal.g_name_value_tab);
--
END IF;
--
-- Close the login box and navigate back to the application
--
IF v_message IS NOT NULL THEN
--
caco_system.content_type;
htp.linkrel('stylesheet'
,'caco_system.css');
--
-- Display the standard menu
--
htp.print(caco_system.menu);
htp.bodyopen;
htp.header(2
,wsgl.msggettext(606
,wsglm.sec606_logon_success));
--
htp.header(4
,v_message);
htp.tabledata(htf.formsubmit(cname => 'p_button'
,cvalue => caco_utilities.get_module_text(992)
,cattributes => 'onclick="location.href = ''caco_security.change_password'';"') ||
' ' ||
htf.formsubmit(cname => 'p_button'
,cvalue => caco_utilities.get_module_text(993)
,cattributes => 'onclick="location.href = ''home'';"'));
--
ELSE
--
htp.bodyopen;
--
IF h_href IS NULL
OR UPPER(h_href) LIKE '%/HOME?%' THEN
--
htp.script('<!--
//opener.location.reload(true);
location.href = ''home'';
//-->');
--
ELSE
--
htp.script('<!--
//opener.location.reload(true);
location.href = '''||h_href||''';
//-->');
--
END IF;
--
END IF;
--
ELSE
--
-- Display failure message
--
caco_system.content_type;
htp.linkrel('stylesheet'
,'caco_system.eon_css');
--
-- Display the standard menu
--
htp.p('<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">');
htp.p('<head>');
htp.p('<head id="ctl00_Head1"><title>E.ON F<>ldg<64>z Trade Zrt - Login</title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">');
htp.p(' <link rel="stylesheet" type="text/css" href="caco_system.eon_css" media="all"/>');
htp.p('<div>
<a id="ScreenReaderNavigation"></a>
<ul class="NurScreenReader">
</ul>
</div>');
htp.p('
<div id="ContainerSeitenkopfInhalt">
<a id="Seitenanfang"></a>
<div id="ContainerLogo" style="width: 216px; height: 49px;">
<a href="http://www.eon-foldgaz-trade.com" title="E.ON F&ouml;ldg&aacute;z Trade Homepage"><img id="imgLogo" src="docs/logo_eft.gif" alt="Logo of E.ON F<>ldg<64>z Trade Zrt" style="width: 216px;
height: 49px;"></a>
<img id="imgLogoPrint" src="Login_files/EON_n_Ru_R_49.gif" alt="Logo der E.ON Ruhrgas AG">
</div>
<a id="ServiceNavigation"></a>
<ul class="ServiceNav">
</ul>
<br style="clear: right;">
<ul class="ServiceNav">
</ul>
<a id="TopNavigation"></a>
<ul id="TopNavLevel1">
</ul>
</div>');
--
htp.bodyopen(cattributes => 'onLoad="return Logon_OnLoad()"');
htp.br;
htp.header(2
,v_message);
htp.br;
--
show_logon_form(TRUE, h_href);
--
htp.p('<div id="ContainerFooter">
<div id="ContainerFooterOben">
</div>
<div id="ContainerFooterUnten">
<p id="FooterCopyright">&copy E.ON F<>ldg<64>z Trade Zrt. 2007</p>
<ul id="FooterNavRechts">
<li><a href='''||caco_system.dad_path||'efno_disclaimer.display'' title="Disclaimer">Disclaimer</a></li>
<li><a href="http://www.eon-foldgaz-trade.com/cps/rde/xchg/SID-3F57EEEE-1363C636/eon-foldgaz-trade/hs.xsl/2350.htm" title="Privacy policy">Privacy policy</a></li>
<li><a href="http://www.eon-foldgaz-trade.com/cps/rde/xchg/SID-3F57EEEE-1363C636/eon-foldgaz-trade/hs.xsl/2348.htm" title="Imprint">Imprint</a></li>
</ul>
</div>
</div>
</body>
</html>');
--
END IF;
--
htp.bodyclose;
htp.htmlclose;
--
ELSIF p_login_button = 'Register' THEN
--
-- Show the user registration page
--
online_user_registration;
--
END IF;
--
END process_logon;
--
-- Process_Logon: Overloaded version for client certificate
--
PROCEDURE process_certificate_logon IS
--
l_client_id VARCHAR2(240);
l_success BOOLEAN := FALSE;
l_current_ip VARCHAR2(30);
--
l_client_certificate VARCHAR2(4000) := SUBSTR(owa_util.get_cgi_env('SSL_CLIENT_CERT'),1,4000);
l_client_cert_serial VARCHAR2(4000) := SUBSTR(owa_util.get_cgi_env('SSL_CLIENT_M_SERIAL'),1,4000);
l_client_cert_start VARCHAR2(4000) := SUBSTR(owa_util.get_cgi_env('SSL_CLIENT_V_START'),1,4000);
l_client_cert_end VARCHAR2(4000) := SUBSTR(owa_util.get_cgi_env('SSL_CLIENT_V_END'),1,4000);
l_client_cert_verify VARCHAR2(4000) := SUBSTR(owa_util.get_cgi_env('SSL_CLIENT_VERIFY'),1,4000);
--
BEGIN
--
IF l_client_certificate IS NOT NULL
AND l_client_cert_serial IS NOT NULL THEN
--
-- Client certificate has been presented, let's check it
--
IF l_client_cert_verify = 'SUCCESS' THEN
--
-- Certificate is valid, check the date range
--
IF SYSDATE BETWEEN TO_DATE(SUBSTR(l_client_cert_start,1,20),'Mon DD HH24:MI:SS YYYY') AND TO_DATE(SUBSTR(l_client_cert_end,1,20),'Mon DD HH24:MI:SS YYYY') THEN
--
-- Change the serial number into a recognised format
--
l_client_cert_serial := SUBSTR(l_client_cert_serial,3,2)||':'||SUBSTR(l_client_cert_serial,5,2)||':'||SUBSTR(l_client_cert_serial,7,2)||':'||SUBSTR(l_client_cert_serial,9,2)||':'||SUBSTR(l_client_cert_serial,11,2)||':'||SUBSTR(l_client_cert_serial,13,2);
--
-- Check to see if this certificate is linked to an active user
--
FOR rec IN (SELECT su.syus_id
,su.db_username
,su.inte_id
,su.cust_id
FROM system_users su
WHERE su.certificate_serial = l_client_cert_serial
AND SYSDATE BETWEEN period_start AND NVL(period_end, SYSDATE)
AND user_locked = 'N'
) LOOP
--
l_client_id := wsgl.getclientid;
--
IF l_client_id IS NOT NULL
AND check_session(l_client_id) THEN
--
-- Update the session table for this client with
-- the new user
--
dbms_transaction.begin_discrete_transaction;
--
UPDATE sessions
SET user_name = rec.db_username
WHERE client_id = l_client_id;
--
COMMIT;
--
l_success := TRUE;
--
ELSE
--
-- Current client ID is not valid so create a new one
--
l_client_id := generate_client_id;
--
-- Write to browser as a cookie
--
storeclientid(l_client_id);
--
-- Get current IP address
--
l_current_ip := NVL(owa_util.get_cgi_env('REMOTE_ADDR'), '127.0.0.1');
--
-- Create new session in session table
--
dbms_transaction.begin_discrete_transaction;
--
INSERT INTO sessions
(client_id
,user_name
,syus_id
,cust_id
,inte_id
,ip_address
,expires)
VALUES
(l_client_id
,rec.db_username
,rec.syus_id
,rec.cust_id
,rec.inte_id
,l_current_ip
,SYSDATE + (c_session_duration_hours / 24));
--
COMMIT;
--
l_success := TRUE;
get_session_data(l_client_id);
--
END IF;
--
END LOOP;
--
ELSE
--
-- Current date falls outside valid range, should never happen as AS should catch this
--
htp.p('Client certificate is not valid at this time. Date from '||l_client_cert_start||' to '||l_client_cert_end);
--
END IF;
--
ELSE
--
-- Client certificate isn't valid - should put out a message, just print out for the moment
--
htp.p('Client certificate is not valid, status is: '||l_client_cert_verify);
--
END IF;
--
-- Journal this request
--
amfr_journal.log_transaction( 'INSERT'
, 'Certificate Login'
, name_value_tab(
name_value_rec('Serial Number', l_client_cert_serial )
)
, amfr_journal.g_name_value_tab
);
--
END IF;
--
END process_certificate_logon;
--
-- Show_No_Access: Displays message to inform user that they do not
-- have access to the application. Provides a link
-- to the logon form.
--
PROCEDURE show_no_access IS
BEGIN
htp.htmlopen;
--
caco_system.content_type;
htp.linkrel('stylesheet'
,'caco_system.css?p_type=logon');
--
htp.headopen;
htp.title('Access Denied');
htp.headclose;
htp.bodyopen;
htp.script('
function show_logon() {
frmLogon = open("caco_security.show_logon_form","winLogon","scrollbars=no,resizable=yes,width=400,height=300");
if (frmLogon.opener == null) {
frmLogon.opener = self;
};
};');
htp.header(2
,wsgl.msggettext(609
,wsglm.sec609_access_denied));
htp.header(4
,wsgl.msggettext(610
,wsglm.sec610_no_permission));
htp.hr;
htp.p('<SCRIPT>');
htp.p('<!--');
htp.p('document.write(''<A HREF="javascript:show_logon()">Logon</A>'');');
htp.p('//-->');
htp.p('</SCRIPT>');
htp.p('<NOSCRIPT>');
htp.anchor2(curl => 'caco_security.show_logon_form'
,ctext => 'Logon');
htp.p('</NOSCRIPT>');
htp.bodyclose;
htp.htmlclose;
END;
--
--
-- Call_Logon_Form: Outputs javascript to popup logon form in new window,
-- or include logon form in current window if javascript
-- is not available.
--
PROCEDURE call_logon_form IS
BEGIN
--
IF saco_licensing.check_license
AND saco_licensing.check_users THEN
--
htp.htmlopen;
--
caco_system.content_type;
htp.linkrel('stylesheet'
,'caco_system.css?p_type=general');
--
htp.bodyopen;
--
htp.script('
<!--
frmLogon = open("caco_security.show_logon_form","winLogon","scrollbars=no,resizable=yes,width=400,height=300");
if (frmLogon.opener == null) {
frmLogon.opener = self;
};
//-->');
htp.p('<NOSCRIPT>');
show_logon_form(TRUE);
htp.p('</NOSCRIPT>');
--
htp.bodyclose;
htp.htmlclose;
--
END IF;
--
END;
--
--
-- Add_Package_Resp: Adds a respondibility to a package, allowing users
-- with that responsibility to access the application.
-- This is called from the generated application
-- installation script if a value is supplied for
-- preference SECRES.
--
PROCEDURE add_package_resp(p_package_name IN VARCHAR2
,p_responsibility IN VARCHAR2) IS
l_rows INTEGER := 0;
l_syop_id NUMBER;
l_sypr_id NUMBER;
v_exists BOOLEAN;
v_module_to_add system_options.module_name%TYPE;
v_syop_id system_options.syop_id%TYPE;
v_sypr_id system_profiles.sypr_id%TYPE;
FUNCTION get_syop_id(p_module_name IN system_options.module_name%TYPE)
RETURN system_options.syop_id%TYPE IS
v_syop_id system_options.syop_id%TYPE;
BEGIN
v_syop_id := NULL;
FOR v_syop_rec IN (SELECT syop_id
FROM system_options syop
WHERE lower(syop.module_name) =
lower(p_module_name)) LOOP
v_syop_id := v_syop_rec.syop_id;
END LOOP;
IF v_syop_id IS NULL THEN
--
-- this module does not currently exist
--
INSERT INTO system_options
(option_type
,description
,NAME
,module_name)
VALUES
('S'
,'Generated ' || to_char(SYSDATE
,'dd-mon-yy hh24:mi:ss')
,substr(lower(p_module_name)
,1
,40)
,substr(p_module_name
,1
,255))
RETURNING syop_id INTO v_syop_id;
END IF;
RETURN v_syop_id;
END get_syop_id;
FUNCTION get_sypr_id(p_name IN system_profiles.NAME%TYPE)
RETURN system_profiles.sypr_id%TYPE IS
v_sypr_id system_profiles.sypr_id%TYPE;
BEGIN
v_sypr_id := NULL;
FOR v_sypr_rec IN (SELECT sypr_id
FROM system_profiles sypr
WHERE upper(sypr.NAME) = upper(p_name)) LOOP
v_sypr_id := v_sypr_rec.sypr_id;
END LOOP;
IF v_sypr_id IS NULL THEN
--
-- this role does not currently exist
--
INSERT INTO system_profiles
(NAME
,description
,role_name)
VALUES
(p_name
,'Generated ' || to_char(SYSDATE
,'dd-mon-yy hh24:mi:ss') || ' ' ||
p_name
,p_name)
RETURNING sypr_id INTO v_sypr_id;
END IF;
RETURN v_sypr_id;
END get_sypr_id;
BEGIN
--
-- get the role and the option ids
--
v_sypr_id := get_sypr_id(p_responsibility);
--
IF instr(p_package_name
,'$') > 0 THEN
--
v_module_to_add := lower(substr(p_package_name
,1
,instr(p_package_name
,'$'))) || '.startup';
--
ELSE
--
v_module_to_add := p_package_name;
--
END IF;
--
v_syop_id := get_syop_id(v_module_to_add);
v_exists := FALSE;
--
FOR v_package_installed IN (SELECT 1
FROM profile_options
WHERE sypr_id = v_sypr_id
AND syop_id = v_syop_id) LOOP
v_exists := TRUE;
END LOOP;
IF NOT v_exists THEN
INSERT INTO profile_options
(sypr_id
,syop_id)
VALUES
(v_sypr_id
,v_syop_id);
END IF;
END add_package_resp;
--
PROCEDURE logout AS
l_client_id VARCHAR2(240);
l_script_name VARCHAR2(80) := owa_util.get_cgi_env('SCRIPT_NAME');
BEGIN
-- Send a redirect to a public home page
htp.p('Location: ' || caco_system.home_path);
-- Send a cookie to indicate that that you want to logout
owa_cookie.send(NAME => 'WDB_GATEWAY_LOGOUT'
,VALUE => 'YES'
,path => '/');
IF substr(l_script_name
,-1
,1) = '/' THEN
l_script_name := substr(l_script_name
,1
,length(l_script_name) - 1);
END IF;
-- send a cookie to set the clientid to null
owa_cookie.send(NAME => wsgl.wsg_clientid_cookie
,VALUE => NULL
,path => l_script_name);
--
-- Close the http header
--
htp.p;
--
-- Get current client ID
--
l_client_id := wsgl.getclientid;
IF l_client_id IS NOT NULL THEN
--
-- Delete session for this client
--
dbms_transaction.begin_discrete_transaction;
--
IF cout_system_configuration.get_configuration_item('AUDIT_LOGOFF') = 'Y' THEN
--
-- Populate the global variables for use with other packages
--
amfr_journal.log_transaction('LOGOFF'
,caco_utilities.get_system_name
,amfr_journal.g_name_value_tab
,amfr_journal.g_name_value_tab);
--
END IF;
--
DELETE FROM sessions
WHERE client_id = l_client_id;
COMMIT;
END IF;
END;
--
-- Logoff: Removes the current user's session, logging them off. Outputs
-- HTML message when complete.
--
PROCEDURE logoff IS
l_client_id VARCHAR2(240);
BEGIN
htp.htmlopen;
--
caco_system.content_type;
htp.linkrel('stylesheet'
,'caco_system.css?p_type=logon');
--
htp.headopen;
htp.title(wsgl.msggettext(611
,wsglm.sec611_logging_off));
htp.headclose;
htp.bodyopen;
--
-- Get current client ID
--
l_client_id := wsgl.getclientid;
IF l_client_id IS NOT NULL THEN
--
-- Delete session for this client
--
dbms_transaction.begin_discrete_transaction;
--
IF cout_system_configuration.get_configuration_item('AUDIT_LOGOFF') = 'Y' THEN
--
-- Populate the global variables for use with other packages
--
amfr_journal.log_transaction('LOGOFF'
,caco_utilities.get_system_name
,amfr_journal.g_name_value_tab
,amfr_journal.g_name_value_tab);
--
END IF;
--
DELETE FROM sessions
WHERE client_id = l_client_id;
--
COMMIT;
--
END IF;
htp.header(2
,wsgl.msggettext(612
,wsglm.sec612_logged_off));
htp.bodyclose;
htp.htmlclose;
END;
--
---
-- S E T C U R R E N T I N T E C U S T
---
PROCEDURE set_current_inte_cust(p_inte_id IN intermediaries.inte_id%TYPE
,p_cust_id IN customers.cust_id%TYPE) IS
--
CURSOR cur_cust_inte(p_syus_id IN system_users.syus_id%TYPE, p_inte_id IN intermediaries.inte_id%TYPE, p_cust_id IN customers.cust_id%TYPE) IS
SELECT NULL
FROM intermediary_users inus
,customer_intermediaries cuin
WHERE cuin.inte_id = inus.inte_id
AND cuin.cust_id = p_cust_id
AND cuin.inte_id = p_inte_id
AND inus.syus_id = p_syus_id;
--
v_dummy VARCHAR2(10);
--
BEGIN
--
caco_utilities.get_user_data;
--
FOR v_cust_inte IN (SELECT NULL
FROM intermediary_users inus
,customer_intermediaries cuin
WHERE cuin.inte_id = inus.inte_id
AND cuin.cust_id = p_cust_id
AND cuin.inte_id = p_inte_id
AND inus.syus_id =
caco_security.g_current_syus_id) LOOP
--
UPDATE sessions sess
SET sess.cust_id = p_cust_id
,sess.inte_id = nvl(p_inte_id
,sess.inte_id)
WHERE sess.client_id = caco_security.g_client_id;
--
caco_utilities.get_user_data(TRUE);
--
END LOOP;
--
END set_current_inte_cust;
---
-- C H A N G E C U S T I N T E
---
PROCEDURE change_cust_inte(p_inte_id IN intermediaries.inte_id%TYPE DEFAULT NULL
,p_cust_id IN customers.cust_id%TYPE DEFAULT NULL
,p_savebtn IN VARCHAR2 DEFAULT NULL
,p_cancbtn IN VARCHAR2 DEFAULT NULL
,p_message IN VARCHAR2 DEFAULT NULL) IS
--
CURSOR cur_inte IS
SELECT inte.inte_id
,inte.NAME
FROM intermediaries inte
,intermediary_users inus
WHERE inte.inte_id = inus.inte_id
AND inus.syus_id = caco_utilities.get_syus_id
ORDER BY inte.NAME;
--
CURSOR cur_cust(p_inte_id IN intermediaries.inte_id%TYPE DEFAULT NULL) IS
SELECT cust.cust_id
,cust.NAME
FROM customers cust
,customer_intermediaries cuin
,intermediary_users inus
WHERE cuin.inte_id = inus.inte_id
AND cust.cust_id = cuin.cust_id
AND inus.syus_id = caco_utilities.get_syus_id
AND (cuin.inte_id = p_inte_id OR p_inte_id IS NULL)
GROUP BY cust.cust_id
,cust.NAME
ORDER BY cust.NAME;
--
v_array_string VARCHAR2(2000);
v_first_inte_id NUMBER;
v_first BOOLEAN;
--
BEGIN
--
IF NOT caco_security.security_check('caco_security.change_cust_inte') THEN
--
RETURN;
--
END IF;
--
IF p_savebtn IS NULL
AND p_cancbtn IS NULL THEN
--
-- Draw screen
--
htp.htmlopen;
caco_System.content_type;
htp.linkrel('stylesheet'
,'caco_system.css?p_type=general');
--
htp.bodyopen;
htp.p(caco_system.menu);
htp.p(caco_system.statusbar);
htp.bodyclose;
--
htp.p('<SCRIPT LANGUAGE="JavaScript">');
htp.p('var Customer = new Array();');
--
FOR cur_cust_rec IN cur_cust LOOP
--
htp.p('Customer[' || cur_cust_rec.cust_id || '] = ''' ||
cur_cust_rec.NAME || ''';');
--
END LOOP;
--
FOR cur_inte_rec IN cur_inte LOOP
--
htp.p('var Array_' || cur_inte_rec.inte_id || ' = new Array(');
--
v_array_string := NULL;
--
FOR cur_cust_rec IN cur_cust(cur_inte_rec.inte_id) LOOP
--
v_array_string := v_array_string || '"(''' ||
cur_cust_rec.cust_id || ''')",' || chr(10);
--
END LOOP;
--
htp.p(substr(v_array_string
,1
,length(v_array_string) - 2) || ');');
--
END LOOP;
--
htp.p('function populateCustomer(inForm,selected) {');
htp.p('var selectedArray = eval("Array_" + selected);');
htp.p('var allcustomerids = '''';');
htp.p('while (selectedArray.length < inForm.p_cust_id.options.length) {');
htp.p('inForm.p_cust_id.options[(inForm.p_cust_id.options.length - 1)] = null;');
htp.p('}');
htp.p('for (var i=0; i < selectedArray.length; i++) {');
htp.p('var customerid = eval(selectedArray[i]);');
htp.p('allcustomerids = allcustomerids + '':'' + customerid;');
htp.p('}');
htp.p('allcustomerids = allcustomerids.replace(/^:/,''#'');');
--
htp.p('for (var i=0; i < selectedArray.length; i++) {');
htp.p('eval("inForm.p_cust_id.options[i]=" + "new Option" + selectedArray[i]);');
htp.p('inForm.p_cust_id.options[i].value = eval( selectedArray[i]);');
htp.p('var customerid = eval(selectedArray[i]);');
htp.p('if (Customer[customerid]) {');
htp.p('inForm.p_cust_id.options[i].text = Customer[customerid];');
htp.p('}');
htp.p('}');
htp.p('inForm.p_cust_id.options[0].selected=true;');
htp.p('}');
htp.p('</SCRIPT>');
--
htp.title(caco_utilities.get_module_text(3540));
--
htp.header(1
,caco_utilities.get_module_text(3540));
--
htp.bodyopen;
--
IF p_message IS NOT NULL THEN
--
htp.p(htf.italic(p_message));
--
END IF;
--
htp.formopen(curl => 'caco_security.change_cust_inte'
,cmethod => 'POST'
,cattributes => 'NAME="custinte"');
--
htp.tableopen(cborder => '0');
--
htp.tablerowopen;
--
htp.tabledata(calign => 'LEFT'
,cattributes => 'WIDTH="25%"'
,cvalue => htf.bold(caco_utilities.get_module_text(3541)||': '));
--
htp.p('<TD WIDTH="25%" ALIGN="LEFT">');
--
htp.formselectopen(cname => 'p_inte_id'
,cattributes => 'onChange="populateCustomer(document.custinte,document.custinte.p_inte_id.options[document.custinte.p_inte_id.selectedIndex].value)"');
--
v_first := TRUE;
--
FOR cur_inte_rec IN cur_inte LOOP
--
htp.formselectoption(cur_inte_rec.NAME
,NULL
,cattributes => 'VALUE="' ||
to_char(cur_inte_rec.inte_id) || '"');
--
IF v_first THEN
--
-- Get the first inte put into the poplist in order to sync the customers
--
v_first_inte_id := cur_inte_rec.inte_id;
v_first := FALSE;
--
END IF;
--
END LOOP;
--
htp.formselectclose;
htp.p('</TD>');
htp.tabledata(calign => 'LEFT'
,cattributes => 'WIDTH="25%"'
,cvalue => htf.bold(caco_utilities.get_module_text(3542)||': '));
htp.tabledata(calign => 'LEFT'
,cattributes => 'WIDTH="25%"'
,cvalue => caco_utilities.get_inte_name);
htp.tablerowclose;
--
htp.tablerowopen;
--
htp.tabledata(cvalue => htf.bold(caco_utilities.get_module_text(3543)||': '));
--
htp.p('<TD ALIGN="LEFT">');
--
htp.formselectopen(cname => 'p_cust_id');
--
FOR cur_cust_rec IN cur_cust(v_first_inte_id) LOOP
--
htp.formselectoption(cur_cust_rec.NAME
,NULL
,cattributes => 'VALUE="' ||
to_char(cur_cust_rec.cust_id) || '"');
--
END LOOP;
--
htp.formselectclose;
htp.p('</TD>');
htp.tabledata(calign => 'LEFT'
,cattributes => 'WIDTH="25%"'
,cvalue => htf.bold(caco_utilities.get_module_text(3541)||': '));
htp.tabledata(calign => 'LEFT'
,cattributes => 'WIDTH="25%"'
,cvalue => caco_utilities.get_cust_name);
htp.tablerowclose;
--
htp.tableclose;
htp.br;
--
htp.formsubmit('p_savebtn'
,caco_utilities.get_module_text(837));
htp.formsubmit('p_cancbtn'
,caco_utilities.get_module_text(993));
--
htp.formclose;
htp.bodyclose;
htp.htmlclose;
--
ELSIF p_cancbtn IS NOT NULL THEN
--
change_cust_inte(p_message => caco_utilities.get_module_text(3545));
--
ELSIF p_savebtn IS NOT NULL THEN
--
-- Update current customer and intermediary
--
set_current_inte_cust(p_inte_id
,p_cust_id);
--
change_cust_inte(p_message => caco_utilities.get_module_text(3546));
--
END IF;
--
END change_cust_inte;
--
PROCEDURE check_password_policies ( p_password IN VARCHAR2
, p_message IN OUT VARCHAR2
, p_success IN OUT BOOLEAN
) IS
--
c_password_length CONSTANT NUMBER := NVL(cout_system_configuration.get_configuration_item('G_PASSWORD_LENGTH'),1);
c_numeric_chars CONSTANT NUMBER := NVL(cout_system_configuration.get_configuration_item('G_PASSWORD_NUM_CHRS'),0);
c_uppercase_chars CONSTANT NUMBER := NVL(cout_system_configuration.get_configuration_item('G_PASSWORD_UPP_CHRS'),0);
c_lowercase_chars CONSTANT NUMBER := NVL(cout_system_configuration.get_configuration_item('G_PASSWORD_LOW_CHRS'),0);
c_punct_chars CONSTANT NUMBER := NVL(cout_system_configuration.get_configuration_item('G_PASSWORD_SPC_CHRS'),0);
--
c_digitarray CONSTANT VARCHAR2(20) := '0123456789';
c_punctarray CONSTANT VARCHAR2(25) := '!"#$%&()``*+,-/:;<=>?_';
c_upperarray CONSTANT VARCHAR2(26) := 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
c_lowerarray CONSTANT VARCHAR2(26) := 'abcdefghijklmnopqrstuvwxyz';
--
v_password_length NUMBER;
v_numeric_chars NUMBER;
v_uppercase_chars NUMBER;
v_lowercase_chars NUMBER;
v_punct_chars NUMBER;
--
v_dummy VARCHAR2(50);
v_type VARCHAR2(50);
v_sub_list caco_utilities.g_t_substitution_list;
--
BEGIN
--
-- Get password length
--
v_password_length := LENGTH(p_password);
--
-- Check for numerics
--
v_dummy := p_password;
--
FOR i IN 1..LENGTH(c_digitarray) LOOP
--
v_dummy := REPLACE(v_dummy, SUBSTR(c_digitarray,i,1),'');
--
END LOOP;
--
v_numeric_chars := v_password_length - LENGTH(v_dummy);
--
-- Check for uppercase characters
--
v_dummy := p_password;
--
FOR i IN 1..LENGTH(c_upperarray) LOOP
--
v_dummy := REPLACE(v_dummy, SUBSTR(c_upperarray,i,1),'');
--
END LOOP;
--
v_uppercase_chars := v_password_length - LENGTH(v_dummy);
--
-- Check for lowercase characters
--
v_dummy := p_password;
--
FOR i IN 1..LENGTH(c_lowerarray) LOOP
--
v_dummy := REPLACE(v_dummy, SUBSTR(c_lowerarray,i,1),'');
--
END LOOP;
--
v_lowercase_chars := v_password_length - LENGTH(v_dummy);
--
-- Check for special characters
--
v_dummy := p_password;
--
FOR i IN 1..LENGTH(c_punctarray) LOOP
--
v_dummy := REPLACE(v_dummy, SUBSTR(c_punctarray,i,1),'');
--
END LOOP;
--
v_punct_chars := v_password_length - LENGTH(v_dummy);
--
-- Gathered all the info, now check and report
--
IF v_password_length < c_password_length THEN
--
v_sub_list(1) := c_password_length;
--
caco_utilities.get_exception_message ( p_exception_number => -20528
, p_message => p_message
, p_exme_type => v_type
, p_substitution_list => v_sub_list
);
--
p_success := FALSE;
--
ELSIF v_numeric_chars < c_numeric_chars THEN
--
v_sub_list(1) := c_numeric_chars;
--
caco_utilities.get_exception_message ( p_exception_number => -20529
, p_message => p_message
, p_exme_type => v_type
, p_substitution_list => v_sub_list
);
--
p_success := FALSE;
--
ELSIF v_uppercase_chars < c_uppercase_chars THEN
--
v_sub_list(1) := c_uppercase_chars;
--
caco_utilities.get_exception_message ( p_exception_number => -20530
, p_message => p_message
, p_exme_type => v_type
, p_substitution_list => v_sub_list
);
--
p_success := FALSE;
--
ELSIF v_lowercase_chars < c_lowercase_chars THEN
--
v_sub_list(1) := c_lowercase_chars;
--
caco_utilities.get_exception_message ( p_exception_number => -20531
, p_message => p_message
, p_exme_type => v_type
, p_substitution_list => v_sub_list
);
--
p_success := FALSE;
--
ELSIF v_punct_chars < c_punct_chars THEN
--
v_sub_list(1) := c_punctarray;
v_sub_list(2) := c_punct_chars;
--
caco_utilities.get_exception_message ( p_exception_number => -20532
, p_message => p_message
, p_exme_type => v_type
, p_substitution_list => v_sub_list
);
--
p_success := FALSE;
--
END IF;
--
v_dummy := NULL;
--
END check_password_policies;
--
PROCEDURE change_password(p_call_type IN VARCHAR2 DEFAULT NULL
,p_old_password IN VARCHAR2 DEFAULT NULL
,p_password IN VARCHAR2 DEFAULT NULL
,p_confirm IN VARCHAR2 DEFAULT NULL
,p_button IN VARCHAR2 DEFAULT NULL
,p_embedded IN BOOLEAN DEFAULT FALSE) IS
--
CURSOR cur_syop(p_syus_id IN system_users.syus_id%TYPE) IS
SELECT syus.password
FROM system_users syus
WHERE syus.syus_id = p_syus_id;
--
v_message module_text.text%TYPE;
v_proceed BOOLEAN := TRUE;
v_password system_users.password%TYPE;
--
BEGIN
--
-- Standard HTML header.
--
IF NOT caco_security.security_check('caco_security.change_password') THEN
--
RETURN;
--
END IF;
--
IF NOT p_embedded THEN
--
htp.htmlopen;
caco_system.content_type;
htp.linkrel('stylesheet'
,'caco_system.css?p_type=content');
--
htp.headopen;
htp.p(caco_system.menu);
htp.p(caco_system.statusbar);
htp.headclose;
--
htp.bodyopen;
--
htp.title(caco_utilities.get_module_text(986));
htp.header(1
,caco_utilities.get_module_text(987) || ' ' ||
caco_utilities.get_syus_name);
--
END IF;
--
IF p_call_type IS NULL THEN
--
htp.p('<SCRIPT><!--');
htp.p('function Logon_OnLoad (ctl, index) {');
htp.p('document.Passwordform.p_old_password.focus();');
htp.p('}');
htp.p('//-->');
htp.p('</SCRIPT>');
--
htp.para;
htp.p(caco_utilities.get_module_text(988));
--
htp.formopen(curl => 'caco_security.change_password'
,ctarget => ''
,cattributes => 'NAME="Passwordform"');
--
htp.formhidden(cname => 'p_call_type'
,cvalue => 'C');
--
htp.tableopen;
--
htp.tablerowopen;
htp.tabledata(htf.bold(caco_utilities.get_module_text(345)));
htp.tabledata(htf.bold(caco_utilities.get_syus_name));
htp.tablerowclose;
--
htp.tablerowopen;
htp.tabledata(htf.bold(caco_utilities.get_module_text(989)));
htp.tabledata(htf.formpassword(cname => 'p_old_password'));
htp.tablerowclose;
--
htp.tablerowopen;
htp.tabledata(htf.bold(caco_utilities.get_module_text(990)));
htp.tabledata(htf.formpassword(cname => 'p_password'));
htp.tablerowclose;
--
htp.tablerowopen;
htp.tabledata(htf.bold(caco_utilities.get_module_text(991)));
htp.tabledata(htf.formpassword(cname => 'p_confirm'));
htp.tablerowclose;
--
htp.tablerowopen;
htp.tabledata(htf.br);
htp.tabledata(htf.br);
htp.tablerowclose;
--
htp.tablerowopen;
htp.tabledata(htf.formsubmit(cname => 'p_button'
,cvalue => caco_utilities.get_module_text(992)) ||
' ' ||
htf.formsubmit(cname => 'p_button'
,cvalue => caco_utilities.get_module_text(993)));
htp.tablerowclose;
--
htp.tablerowopen;
htp.tabledata('''*'''||caco_utilities.get_module_text(2202));
htp.tablerowclose;
--
htp.formclose;
--
ELSE
--
-- Not the main screen, therefore validate and process passed data
--
IF p_button = caco_utilities.get_module_text(992) THEN
--
-- OK, validate and process password entry
--
IF p_old_password IS NULL
OR p_password IS NULL
OR p_confirm IS NULL THEN
--
-- Not all mandatory fields have been entered
--
v_message := caco_utilities.get_module_text(994);
v_proceed := FALSE;
--
END IF;
--
-- Check old password against stored password
--
OPEN cur_syop(caco_utilities.get_syus_id);
FETCH cur_syop
INTO v_password;
CLOSE cur_syop;
--
IF v_password <>
scramble(caco_utilities.get_syus_name || '/' || p_old_password) THEN
--
v_message := caco_utilities.get_module_text(995);
v_proceed := FALSE;
--
END IF;
--
-- Check p_password is the same as p_confirm
--
IF p_password <> p_confirm THEN
--
v_message := caco_utilities.get_module_text(996);
v_proceed := FALSE;
--
END IF;
--
-- Check that p_old_password <> p_password
--
/*IF scramble(caco_utilities.get_syus_name || '/' || p_password) =
p_old_password THEN*/
IF p_password = p_old_password THEN
--
v_message := caco_utilities.get_module_text(997);
v_proceed := FALSE;
--
END IF;
--
-- Additional password policies
--
check_password_policies ( p_password => p_password
, p_message => v_message
, p_success => v_proceed
);
--
IF v_proceed THEN
--
-- Update the system user with the new password
-- also set the expiry date to 30 days from today
-- and reset the grace logins to 3
--
v_password := scramble(caco_utilities.get_syus_name || '/' ||
p_password);
--
UPDATE system_users syus
SET syus.password = v_password
,syus.password_expires = trunc(SYSDATE) + C_password_expiry_period
,syus.grace_logins = 3
WHERE syus.syus_id = caco_utilities.get_syus_id;
--
--amfrw050$syus.update_user_details(caco_utilities.get_syus_name, p_password, 'UPDATE');
--
htp.header(4
,caco_utilities.get_module_text(998) || ' ' ||
to_char(trunc(SYSDATE) + 30
,'DD-MON-YYYY'));
--
ELSE
--
-- Something is wrong, display the stored error message and redisplay the change password page
--
htp.header(4
,v_message);
htp.hr;
--
caco_security.change_password(p_embedded => TRUE);
--
END IF;
--
ELSIF p_button = caco_utilities.get_module_text(993) THEN
--
-- Cancel, show cancelation screen
--
htp.header(4
,caco_utilities.get_module_text(999));
--
END IF;
--
END IF;
--
IF NOT p_embedded THEN
--
htp.bodyclose;
htp.htmlclose;
--
END IF;
--
END change_password;
--
-- Remove expired sessions
--
PROCEDURE remove_expired_sessions IS
--
PRAGMA AUTONOMOUS_TRANSACTION;
--
BEGIN
--
DELETE FROM sessions sess
WHERE sess.expires < SYSDATE;
--
COMMIT;
--
END remove_expired_sessions;
---
-- PROCESS INTERFACE LOGON
---
PROCEDURE process_interface_logon ( p_username IN VARCHAR2
, p_password IN VARCHAR2
, p_success OUT BOOLEAN
, p_message OUT VARCHAR2 ) IS
--
l_client_id VARCHAR2(240);
--
CURSOR cur_syus ( p_username IN system_users.db_username%TYPE
, p_password IN system_users.password%TYPE
) IS
SELECT syus.syus_id
,syus.cust_id
,syus.inte_id
,syus.password_expires
,syus.grace_logins
,nvl(syus.user_locked
,'N') user_locked
,syus.period_start
,syus.period_end
FROM system_users syus
WHERE syus.db_username = p_username
AND syus.password = p_password;
--
r_syus_rec cur_syus%ROWTYPE;
--
BEGIN
--
-- Initialise boolean with a pessimistic viewpoint
--
p_success := FALSE;
--
-- Retrieve details from system users for the passed username and password
--
OPEN cur_syus(p_username
,scramble(p_username || '/' || p_password));
FETCH cur_syus
INTO r_syus_rec;
CLOSE cur_syus;
--
-- Get current client ID
--
--l_client_id := wsgl.getclientid; //AG removed
--
-- If username/password valid
--
IF r_syus_rec.syus_id IS NOT NULL
AND r_syus_rec.user_locked <> 'Y'
AND saco_licensing.check_users
AND saco_licensing.check_license
AND SYSDATE >= r_syus_rec.period_start -- user validity period
AND SYSDATE < (TRUNC(NVL(r_syus_rec.period_end,SYSDATE)) + 1 - (1/86400)) THEN -- HH24:MI:SS = 23:59:59
--
-- Check that current client ID is valid
--
IF l_client_id IS NOT NULL
AND check_session(l_client_id) THEN
--
-- Update the session table for this client with
-- the new user
--
-- dbms_transaction.begin_discrete_transaction;
--
UPDATE sessions s
SET s.user_name = p_username
,s.syus_id = r_syus_rec.syus_id
,s.cust_id = r_syus_rec.cust_id
,s.inte_id = r_syus_rec.inte_id
WHERE client_id = l_client_id;
--
-- COMMIT;
--
--
ELSE
--
-- Current client ID is not valid so create a new one
--
l_client_id := generate_client_id;
--
-- Write to browser as a cookie
--
--storeclientid(l_client_id); //AG removed
--
-- Create new session in session table
--
-- dbms_transaction.begin_discrete_transaction;
--
INSERT INTO sessions
(client_id
,user_name
,syus_id
,cust_id
,inte_id
,ip_address
,expires)
VALUES
(l_client_id
,p_username
,r_syus_rec.syus_id
,r_syus_rec.cust_id
,r_syus_rec.inte_id
,NVL(owa_util.get_cgi_env('REMOTE_ADDR'),'127.0.0.1')
,SYSDATE + (c_session_duration_hours / 24));
--
g_current_syus_id := r_syus_rec.syus_id;
--
-- COMMIT;
--
END IF;
--
-- If I'm here, I'm successful
--
p_success := TRUE;
--
--
-- User can connect, but check to see if account is nearing expiry
--
IF r_syus_rec.password_expires IS NOT NULL THEN
--
IF r_syus_rec.password_expires <= SYSDATE THEN
--
IF r_syus_rec.grace_logins = 0 THEN
--
r_syus_rec.user_locked := 'Y';
--
UPDATE system_users syus
SET syus.user_locked = r_syus_rec.user_locked
WHERE syus.syus_id = r_syus_rec.syus_id;
--
p_success := FALSE;
p_message := caco_utilities.get_module_text(1000);
--
ELSIF r_syus_rec.grace_logins = 1 THEN
--
-- password has expired with no grace logins remaining
--
UPDATE system_users syus
SET syus.grace_logins = 0
WHERE syus.syus_id = r_syus_rec.syus_id;
--
ELSE
--
-- Password expired, update grace logins
--
UPDATE system_users syus
SET syus.grace_logins = NVL(grace_logins
,3) - 1
WHERE syus.syus_id = r_syus_rec.syus_id;
--
END IF;
--
END IF;
--
END IF;
--
ELSE
--
-- Invalid username / password
--
IF r_syus_rec.syus_id IS NULL THEN
--
p_message := wsgl.msggettext(608
,wsglm.sec608_invalid_logon);
--
ELSIF r_syus_rec.user_locked = 'Y' THEN
--
p_message := caco_utilities.get_module_text(1000);
--
ELSIF NOT saco_licensing.check_license THEN
--
p_message := 'License is not valid - please contact your system administrator.';
--
ELSIF SYSDATE < r_syus_rec.period_start -- user validity period
OR SYSDATE > (TRUNC(NVL(r_syus_rec.period_end,SYSDATE)) + 1 - (1/86400)) -- HH24:MI:SS = 23:59:59
THEN
-- The user has expired. Please contact your system administrator
p_message := caco_utilities.get_module_text(2518);
--
END IF;
--
IF l_client_id IS NOT NULL THEN
--
-- Invalid logon so delete the session for the current client.
--
-- dbms_transaction.begin_discrete_transaction;
--
DELETE FROM sessions
WHERE client_id = l_client_id;
--
-- COMMIT;
--
END IF;
--
END IF;
--
END process_interface_logon;
--
END caco_security; -- of package
/
Reference in New Issue View Git Blame Copy Permalink