2017-03-21 22:11:24 +01:00
< ? php
2017-03-22 02:01:06 +01:00
$error = 0 ; // error status
$codemod = 2138367 ; // modificator with which the confirmation ID will be obfuscated
2017-03-22 00:06:08 +01:00
// Database path
$db = " ../userdata/signatures.json " ;
// Get info from form
2017-03-22 01:07:43 +01:00
$action = isset ( $_GET [ 'action' ]) ? $_GET [ 'action' ] : false ;
if ( empty ( $action )) {
echo " No action defined. " ;
exit ( 1 );
} else if ( $action === " sign " ) {
$name = isset ( $_GET [ 'name' ]) ? $_GET [ 'name' ] : false ;
$email = isset ( $_GET [ 'email' ]) ? $_GET [ 'email' ] : false ;
$country = isset ( $_GET [ 'country' ]) ? $_GET [ 'country' ] : false ;
$zip = isset ( $_GET [ 'zip' ]) ? $_GET [ 'zip' ] : false ;
2017-03-23 21:37:01 +01:00
$permPriv = isset ( $_GET [ 'permissionPriv' ]) ? $_GET [ 'permissionPriv' ] : false ;
$permNews = isset ( $_GET [ 'permissionNews' ]) ? $_GET [ 'permissionNews' ] : false ;
$permPub = isset ( $_GET [ 'permissionPub' ]) ? $_GET [ 'permissionPub' ] : false ;
2017-03-22 01:07:43 +01:00
// Check for missing required fields
2017-03-23 21:37:01 +01:00
if ( empty ( $name ) || empty ( $email ) || empty ( $permPriv )) {
2017-03-22 01:07:43 +01:00
echo " At least one required variable is empty. " ;
exit ( 1 );
}
} else if ( $action === " confirm " ) {
2017-03-22 02:01:06 +01:00
$confirmcode = isset ( $_GET [ 'code' ]) ? $_GET [ 'code' ] : false ;
$confirmid = isset ( $_GET [ 'id' ]) ? $_GET [ 'id' ] : false ;
2017-03-22 01:07:43 +01:00
// Check for missing required fields
2017-03-22 02:01:06 +01:00
if ( empty ( $confirmcode ) || empty ( $confirmid )) {
echo " Confirmation code or ID is missing. " ;
2017-03-22 01:07:43 +01:00
exit ( 1 );
}
} else {
echo " Invalid action. " ;
exit ( 1 );
}
2017-03-22 00:06:08 +01:00
// Validate input
// Read database
2017-03-22 01:07:43 +01:00
if ( ! file_exists ( $db )) {
touch ( $db );
}
2017-03-22 00:06:08 +01:00
$file = file_get_contents ( $db , true );
$data = json_decode ( $file , true );
unset ( $file );
2017-03-22 01:07:43 +01:00
/// SIGNING ///
if ( $action === " sign " ) {
// Test whether email is a duplicate
$total = count ( $data );
for ( $row = 0 ; $row < $total ; $row ++ ) {
if ( $email === $data [ $row ][ 'email' ]) {
echo " email $email already exists! " ;
$error = 1 ;
break 1 ;
}
2017-03-22 00:06:08 +01:00
}
2017-03-22 01:07:43 +01:00
if ( $error === 0 ) { // only make entry if no error happened
// Take sequential ID
$id = $total ;
// Create a random string for email verification
$code = rand ( 1000000000 , 9999999999 ) . uniqid ();
2017-03-22 02:01:06 +01:00
$codeid = $id + $codemod ; // this is to obfuscate the real ID of the user if we don't want to publish this number
2017-03-22 00:06:08 +01:00
2017-03-22 01:07:43 +01:00
// Append new signature to array
$newsig = array ( " id " => $id ,
" name " => $name ,
" email " => $email ,
" country " => $country ,
" zip " => $zip ,
2017-03-23 21:37:01 +01:00
" permPriv " => $permPriv ,
" permNews " => $permNews ,
" permPub " => $permPub ,
2017-03-22 02:01:06 +01:00
" code " => $code ,
" confirmed " => " no " );
2017-03-22 01:07:43 +01:00
$data [] = $newsig ; // newsig is a separated variable for debugging purposes
2017-03-22 00:06:08 +01:00
2017-03-22 01:07:43 +01:00
// Encode to JSON again and write to file
$allsig = json_encode ( $data , JSON_PRETTY_PRINT );
file_put_contents ( $db , $allsig , LOCK_EX );
unset ( $allsig );
// Send email asking for confirmation
$to = $email ;
$subject = " One step left to sign the \" Public Money - Public Code \" letter " ;
$message = " Thank you for signing the open \" Public Money - Public Code \" letter! \r \n \r \n " .
2017-03-22 02:01:06 +01:00
" In order to confirm your signature, please visit following link: \r \n http://pmpc-test.mehl.mx/cgi/sign.php?action=confirm&id= $codeid &code= $code \r \n \r \n " .
2017-03-22 01:07:43 +01:00
" If your confirmation succeeds, your signature will appear on the website within the next few hours. " ;
$headers = " From: noreply@mehl.mx " . " \r \n " .
" Message-ID: <confirmation- $code @fsfe.org> " . " \r \n " .
" X-Mailer: PHP/ " . phpversion ();
2017-03-22 00:06:08 +01:00
2017-03-22 01:07:43 +01:00
mail ( $to , $subject , $message , $headers );
}
2017-03-22 02:01:06 +01:00
} else if ( $action === " confirm " ) {
/// CONFIRMATION ///
$id = $confirmid - $codemod ; // substract the obfuscation number from the given ID
$email = $data [ $id ][ 'email' ]; // Get the user's email in case we need it
$code = $data [ $id ][ 'code' ]; // The confirmation code according to the DB
$confirmed = $data [ $id ][ 'confirmed' ]; // The current confirmation status
// Check whether the confirmation code is what we saved in the DB
if ( $confirmed === " no " ) {
if ( $confirmcode === $code ) {
echo " Your signature with the Email < $email > has been confirmed. <br /> " ;
echo " Thank you for signing the open letter! " ;
// Set the user's confirmation key to "yes"
$data [ $id ][ 'confirmed' ] = " yes " ;
// Encode to JSON again and write to file
$allsig = json_encode ( $data , JSON_PRETTY_PRINT );
file_put_contents ( $db , $allsig , LOCK_EX );
unset ( $allsig );
} else {
echo " The given signature code is incorrect. " ;
}
} else {
echo " You already confirmed your email address. " ;
}
2017-03-22 00:06:08 +01:00
}
echo " <pre> " ;
print_r ( $data );
echo " </pre> " ;
unset ( $data );
2017-03-21 22:11:24 +01:00
?>