2017-03-21 22:11:24 +01:00
< ? php
2017-03-22 02:01:06 +01:00
$codemod = 2138367 ; // modificator with which the confirmation ID will be obfuscated
2017-03-23 23:30:03 +01:00
$output = " " ;
$selfurl = " http://pmpc-test.mehl.mx/cgi/sign.php " ; // absolute URL of this PHP script
2017-03-24 01:20:54 +01:00
$db = " ../../signatures.json " ; // Signature database path
2017-03-22 00:06:08 +01:00
2017-03-24 02:21:10 +01:00
// Get basic info from form
if ( $_SERVER [ 'REQUEST_METHOD' ] === 'POST' ) {
$action = isset ( $_POST [ 'action' ]) ? $_POST [ 'action' ] : false ;
} else {
$action = isset ( $_GET [ 'action' ]) ? $_GET [ 'action' ] : false ;
}
$honeypot = isset ( $_POST [ 'url' ]) ? $_POST [ 'url' ] : false ;
2017-03-23 23:56:56 +01:00
2017-03-24 01:45:16 +01:00
if ( ! empty ( $honeypot )) { // honeypot input field isn't empty
2017-03-23 23:56:56 +01:00
$output .= " Invalid input. Error code: 5|°4m " ;
show_page ( $output , 1 );
}
2017-03-22 01:07:43 +01:00
if ( empty ( $action )) {
2017-03-23 23:30:03 +01:00
$output .= " No action defined. " ;
show_page ( $output , 1 );
2017-03-22 01:07:43 +01:00
} else if ( $action === " sign " ) {
2017-03-24 02:21:10 +01:00
$name = isset ( $_POST [ 'name' ]) ? $_POST [ 'name' ] : false ;
$email = isset ( $_POST [ 'email' ]) ? $_POST [ 'email' ] : false ;
$country = isset ( $_POST [ 'country' ]) ? $_POST [ 'country' ] : false ;
$zip = isset ( $_POST [ 'zip' ]) ? $_POST [ 'zip' ] : false ;
$permPriv = isset ( $_POST [ 'permissionPriv' ]) ? $_POST [ 'permissionPriv' ] : false ;
$permNews = isset ( $_POST [ 'permissionNews' ]) ? $_POST [ 'permissionNews' ] : false ;
$permPub = isset ( $_POST [ 'permissionPub' ]) ? $_POST [ 'permissionPub' ] : false ;
2017-03-22 01:07:43 +01:00
// Check for missing required fields
2017-03-23 21:37:01 +01:00
if ( empty ( $name ) || empty ( $email ) || empty ( $permPriv )) {
2017-03-23 23:30:03 +01:00
$output .= " At least one required variable is empty. " ;
show_page ( $output , 1 );
2017-03-22 01:07:43 +01:00
}
} else if ( $action === " confirm " ) {
2017-03-22 02:01:06 +01:00
$confirmcode = isset ( $_GET [ 'code' ]) ? $_GET [ 'code' ] : false ;
$confirmid = isset ( $_GET [ 'id' ]) ? $_GET [ 'id' ] : false ;
2017-03-22 01:07:43 +01:00
// Check for missing required fields
2017-03-22 02:01:06 +01:00
if ( empty ( $confirmcode ) || empty ( $confirmid )) {
2017-03-23 23:30:03 +01:00
$output .= " Confirmation code or ID is missing. " ;
show_page ( $output , 1 );
2017-03-22 01:07:43 +01:00
}
} else {
2017-03-23 23:30:03 +01:00
$output .= " Invalid action. " ;
show_page ( $output , 1 );
2017-03-22 01:07:43 +01:00
}
2017-03-23 23:30:03 +01:00
// Continue only if action = sign/confirmation
2017-03-22 00:06:08 +01:00
// Validate input
2017-03-23 23:30:03 +01:00
//TODO
2017-03-22 00:06:08 +01:00
2017-03-23 23:30:03 +01:00
// Read database (should only be called if really needed)
function read_db ( $db ) {
global $data ; // declare $data a global variable to access it outside this function
if ( ! file_exists ( $db )) {
touch ( $db );
}
$file = file_get_contents ( $db , true );
$data = json_decode ( $file , true );
unset ( $file );
2017-03-22 01:07:43 +01:00
}
2017-03-23 23:30:03 +01:00
2017-03-22 00:06:08 +01:00
2017-03-22 01:07:43 +01:00
/// SIGNING ///
if ( $action === " sign " ) {
2017-03-23 23:39:27 +01:00
read_db ( $db );
2017-03-22 01:07:43 +01:00
// Test whether email is a duplicate
$total = count ( $data );
for ( $row = 0 ; $row < $total ; $row ++ ) {
if ( $email === $data [ $row ][ 'email' ]) {
2017-03-23 23:30:03 +01:00
$output .= " We already received a signature with this email address. " ;
show_page ( $output , 1 );
2017-03-22 01:07:43 +01:00
}
2017-03-22 00:06:08 +01:00
}
2017-03-23 23:30:03 +01:00
// Take sequential ID
$id = $total ;
// Create a random string for email verification
$code = rand ( 1000000000 , 9999999999 ) . uniqid ();
$codeid = $id + $codemod ; // this is to obfuscate the real ID of the user if we don't want to publish this number
2017-03-22 00:06:08 +01:00
2017-03-23 23:30:03 +01:00
// Append new signature to array
2017-03-24 01:51:22 +01:00
$data [] = array ( " id " => $id ,
2017-03-23 23:30:03 +01:00
" name " => $name ,
" email " => $email ,
" country " => $country ,
" zip " => $zip ,
" permPriv " => $permPriv ,
" permNews " => $permNews ,
" permPub " => $permPub ,
" code " => $code ,
" confirmed " => " no " );
2017-03-22 00:06:08 +01:00
2017-03-23 23:30:03 +01:00
// Encode to JSON again and write to file
$allsig = json_encode ( $data , JSON_PRETTY_PRINT );
file_put_contents ( $db , $allsig , LOCK_EX );
unset ( $allsig );
// Send email asking for confirmation
$to = $email ;
$subject = " One step left to sign the \" Public Money - Public Code \" letter " ;
2017-03-24 01:45:16 +01:00
$message = " Dear $name , \r \n \r \n " .
" Thank you for signing the open \" Public Money - Public Code \" letter! \r \n \r \n " .
2017-03-23 23:30:03 +01:00
" In order to confirm your signature, please visit following link: \r \n " .
" $selfurl ?action=confirm&id= $codeid &code= $code \r \n \r \n " .
" If your confirmation succeeds, your signature will appear on the website within the next few hours. " ;
2017-03-24 01:45:16 +01:00
$headers = " From: noreply@fsfe.org \r \n " .
" Message-ID: <confirmation- $code @fsfe.org> \r \n " .
" X-Mailer: PHP " ;
2017-03-22 00:06:08 +01:00
2017-03-23 23:30:03 +01:00
mail ( $to , $subject , $message , $headers );
$output .= " Thank you for signing our open letter! <br /><br /> " ;
$output .= " We just sent an email to your address ( $email ) for you to confirm your signature. " ;
show_page ( $output , 0 );
2017-03-22 00:06:08 +01:00
2017-03-22 02:01:06 +01:00
} else if ( $action === " confirm " ) {
/// CONFIRMATION ///
$id = $confirmid - $codemod ; // substract the obfuscation number from the given ID
2017-03-23 23:39:27 +01:00
2017-03-24 01:45:16 +01:00
if ( $id < 0 ) { // $confirmid is less than $codemod
2017-03-23 23:30:03 +01:00
$output .= " Invalid signature ID. " ;
show_page ( $output , 1 );
}
read_db ( $db );
2017-03-24 01:45:16 +01:00
if ( empty ( $data [ $id ])) { // there is no array element with this ID
2017-03-23 23:30:03 +01:00
$output .= " The signature ID does not exist. " ;
show_page ( $output , 1 );
}
2017-03-22 02:01:06 +01:00
$email = $data [ $id ][ 'email' ]; // Get the user's email in case we need it
$code = $data [ $id ][ 'code' ]; // The confirmation code according to the DB
$confirmed = $data [ $id ][ 'confirmed' ]; // The current confirmation status
// Check whether the confirmation code is what we saved in the DB
if ( $confirmed === " no " ) {
if ( $confirmcode === $code ) {
// Set the user's confirmation key to "yes"
$data [ $id ][ 'confirmed' ] = " yes " ;
// Encode to JSON again and write to file
2017-03-24 01:45:16 +01:00
$allsig = json_encode ( $data , JSON_PRETTY_PRINT ); // TODO: JSON_PRETTY_PRINT could be turned off to make file smaller
2017-03-22 02:01:06 +01:00
file_put_contents ( $db , $allsig , LOCK_EX );
unset ( $allsig );
2017-03-23 23:39:27 +01:00
$output .= " Your email address has been confirmed. <br /><br /> " ;
2017-03-24 01:45:16 +01:00
$output .= " Thank you for signing the open letter! Your signature will appear <a href='/signatures/'>in the signature list</a> within the next hours. " ;
2017-03-23 23:30:03 +01:00
show_page ( $output , 0 );
2017-03-22 02:01:06 +01:00
} else {
2017-03-23 23:39:27 +01:00
$output .= " The provided confirmation code is incorrect. " ;
2017-03-23 23:30:03 +01:00
show_page ( $output , 1 );
2017-03-22 02:01:06 +01:00
}
2017-03-23 23:30:03 +01:00
} else if ( $confirmed === " yes " ) {
2017-03-24 01:45:16 +01:00
$output .= " This email address is already confirmed. It can take a few hours until your signature appears <a href='/signatures/'>in the signature list</a>. " ;
2017-03-23 23:30:03 +01:00
show_page ( $output , 1 );
2017-03-22 02:01:06 +01:00
} else {
2017-03-23 23:30:03 +01:00
$output .= " This signature ID does not exist or the confirmation status is broken. " ;
show_page ( $output , 1 );
2017-03-22 02:01:06 +01:00
}
2017-03-23 23:30:03 +01:00
} // END confirm
// --- PRINT OUTPUT IN TEMPLATE FILE ---
function replace_page ( $template , $placeholder , $content ){
$vars = array ( $placeholder => $content );
return str_replace ( array_keys ( $vars ), $vars , $template );
2017-03-22 00:06:08 +01:00
}
2017-03-23 23:30:03 +01:00
function show_page ( $output , $exit ) {
if ( $exit === 0 ) {
$headline = " Success " ;
$notice = " " ;
} else if ( $exit === 1 ) {
$headline = " Error " ;
2017-03-24 01:45:16 +01:00
$notice = " <p>This error could have happened because one or more fields contained invalid information. Please try again. If you think that you see this error by mistake, please contact us.</p> " ;
2017-03-23 23:30:03 +01:00
} else {
$headline = " Thank you " ;
}
$template = file_get_contents ( '../template/index.html' , true );
$page = replace_page ( $template , ':HEADLINE:' , $headline );
$page = replace_page ( $page , ':BODY1:' , $output );
$page = replace_page ( $page , ':BODY2:' , $notice );
echo $page ;
unset ( $data );
exit ( $exit );
}
2017-03-21 22:11:24 +01:00
?>