put all output of the signature script on a template page with placeholders

lektura
max.mehl 2017-03-23 23:30:03 +01:00
parent 4cf860d077
commit 03b1a35d9c
3 changed files with 147 additions and 65 deletions

View File

@ -0,0 +1,19 @@
<!DOCTYPE html>
<html lang="{{ with .Site.LanguageCode }}{{ . }}{{ else }}en-US{{ end }}">
<head>
{{ partial "head.html" . }}
</head>
<body id="page-top">
{{ partial "navpage.html" . }}
{{ partial "page-template.html" . }}
{{ partial "language.html" . }}
{{ partial "legal.html" . }}
{{ partial "sharecolumn.html" . }}
{{ partial "js.html" . }}
</body>
</html>

View File

@ -0,0 +1,14 @@
{{ "<!-- SUBPAGE TEMPLATE -->" | safeHTML }}
<header>
<div class="header-content">
<div class="header-content-inner">
<div class="col-lg-8 col-lg-offset-2 text-center">
<h1>:HEADLINE:</h1>
<hr />
<p>:BODY1:</p>
<p>:BODY2:</p>
<a href="/" class="btn btn-primary btn-xl">Back</a>
</div>
</div>
</div>
</header>

View File

@ -1,16 +1,16 @@
<?php <?php
$error = 0; // error status
$codemod = 2138367; // modificator with which the confirmation ID will be obfuscated $codemod = 2138367; // modificator with which the confirmation ID will be obfuscated
$output = "";
// Database path $selfurl = "http://pmpc-test.mehl.mx/cgi/sign.php"; // absolute URL of this PHP script
$db = "../userdata/signatures.json"; $db = "../userdata/signatures.json"; // Signature database path
$data = "";
// Get info from form // Get info from form
$action = isset($_GET['action']) ? $_GET['action'] : false; $action = isset($_GET['action']) ? $_GET['action'] : false;
if(empty($action)) { if(empty($action)) {
echo "No action defined."; $output .= "No action defined.";
exit(1); show_page($output, 1);
} else if ($action === "sign") { } else if ($action === "sign") {
$name = isset($_GET['name']) ? $_GET['name'] : false; $name = isset($_GET['name']) ? $_GET['name'] : false;
$email = isset($_GET['email']) ? $_GET['email'] : false; $email = isset($_GET['email']) ? $_GET['email'] : false;
@ -22,8 +22,8 @@ if(empty($action)) {
// Check for missing required fields // Check for missing required fields
if(empty($name) || empty($email) || empty($permPriv)) { if(empty($name) || empty($email) || empty($permPriv)) {
echo "At least one required variable is empty."; $output .= "At least one required variable is empty.";
exit(1); show_page($output, 1);
} }
} else if ($action === "confirm") { } else if ($action === "confirm") {
$confirmcode = isset($_GET['code']) ? $_GET['code'] : false; $confirmcode = isset($_GET['code']) ? $_GET['code'] : false;
@ -31,24 +31,29 @@ if(empty($action)) {
// Check for missing required fields // Check for missing required fields
if(empty($confirmcode) || empty($confirmid)) { if(empty($confirmcode) || empty($confirmid)) {
echo "Confirmation code or ID is missing."; $output .= "Confirmation code or ID is missing.";
exit(1); show_page($output, 1);
} }
} else { } else {
echo "Invalid action."; $output .= "Invalid action.";
exit(1); show_page($output, 1);
} }
// Continue only if action = sign/confirmation
// Validate input // Validate input
//TODO
// Read database (should only be called if really needed)
// Read database function read_db($db) {
if (! file_exists($db)) { global $data; // declare $data a global variable to access it outside this function
if (! file_exists($db)) {
touch($db); touch($db);
}
$file = file_get_contents($db, true);
$data = json_decode($file, true);
unset($file);
} }
$file = file_get_contents($db, true);
$data = json_decode($file, true);
unset($file);
/// SIGNING /// /// SIGNING ///
if ($action === "sign") { if ($action === "sign") {
@ -56,13 +61,13 @@ if ($action === "sign") {
$total = count($data); $total = count($data);
for ($row = 0; $row < $total; $row++) { for ($row = 0; $row < $total; $row++) {
if ($email === $data[$row]['email']) { if ($email === $data[$row]['email']) {
echo "email $email already exists!"; $output .= "We already received a signature with this email address.";
$error = 1; show_page($output, 1);
break 1;
} }
} }
if ($error === 0) { // only make entry if no error happened read_db($db);
// Take sequential ID // Take sequential ID
$id = $total; $id = $total;
// Create a random string for email verification // Create a random string for email verification
@ -91,18 +96,35 @@ if ($action === "sign") {
$to = $email; $to = $email;
$subject = "One step left to sign the \"Public Money - Public Code\" letter"; $subject = "One step left to sign the \"Public Money - Public Code\" letter";
$message = "Thank you for signing the open \"Public Money - Public Code\" letter! \r\n\r\n" . $message = "Thank you for signing the open \"Public Money - Public Code\" letter! \r\n\r\n" .
"In order to confirm your signature, please visit following link:\r\n http://pmpc-test.mehl.mx/cgi/sign.php?action=confirm&id=$codeid&code=$code \r\n\r\n" . "In order to confirm your signature, please visit following link:\r\n" .
"$selfurl?action=confirm&id=$codeid&code=$code \r\n\r\n" .
"If your confirmation succeeds, your signature will appear on the website within the next few hours."; "If your confirmation succeeds, your signature will appear on the website within the next few hours.";
$headers = "From: noreply@mehl.mx" . "\r\n" . $headers = "From: noreply@fsfe.org" . "\r\n" .
"Message-ID: <confirmation-$code@fsfe.org>" . "\r\n" . "Message-ID: <confirmation-$code@fsfe.org>" . "\r\n" .
"X-Mailer: PHP/" . phpversion(); "X-Mailer: PHP/" . phpversion();
mail($to, $subject, $message, $headers); mail($to, $subject, $message, $headers);
}
$output .= "Thank you for signing our open letter! <br /><br />";
$output .= "We just sent an email to your address ($email) for you to confirm your signature.";
show_page($output, 0);
} else if ($action === "confirm") { } else if ($action === "confirm") {
/// CONFIRMATION /// /// CONFIRMATION ///
$id = $confirmid - $codemod; // substract the obfuscation number from the given ID $id = $confirmid - $codemod; // substract the obfuscation number from the given ID
if ($id < 0) {
$output .= "Invalid signature ID.";
show_page($output, 1);
}
read_db($db);
if (empty($data[$id])) {
$output .= "The signature ID does not exist.";
show_page($output, 1);
}
$email = $data[$id]['email']; // Get the user's email in case we need it $email = $data[$id]['email']; // Get the user's email in case we need it
$code = $data[$id]['code']; // The confirmation code according to the DB $code = $data[$id]['code']; // The confirmation code according to the DB
$confirmed = $data[$id]['confirmed']; // The current confirmation status $confirmed = $data[$id]['confirmed']; // The current confirmation status
@ -110,9 +132,6 @@ if ($action === "sign") {
// Check whether the confirmation code is what we saved in the DB // Check whether the confirmation code is what we saved in the DB
if ($confirmed === "no") { if ($confirmed === "no") {
if ($confirmcode === $code) { if ($confirmcode === $code) {
echo "Your signature with the Email &lt;$email&gt; has been confirmed. <br />";
echo "Thank you for signing the open letter!";
// Set the user's confirmation key to "yes" // Set the user's confirmation key to "yes"
$data[$id]['confirmed'] = "yes"; $data[$id]['confirmed'] = "yes";
// Encode to JSON again and write to file // Encode to JSON again and write to file
@ -120,17 +139,47 @@ if ($action === "sign") {
file_put_contents($db, $allsig, LOCK_EX); file_put_contents($db, $allsig, LOCK_EX);
unset($allsig); unset($allsig);
$output .= "Your email address ($email) has been confirmed. <br /><br />";
$output .= "Thank you for signing the open letter! Your signature will appear on the website within the next hours.";
show_page($output, 0);
} else { } else {
echo "The given signature code is incorrect."; $output .= "The provided signature code is incorrect.";
show_page($output, 1);
} }
} else if ($confirmed === "yes") {
$output .= "This email address is already confirmed. It can take a few hours until your signature appears online.";
show_page($output, 1);
} else { } else {
echo "You already confirmed your email address."; $output .= "This signature ID does not exist or the confirmation status is broken.";
show_page($output, 1);
} }
} // END confirm
// --- PRINT OUTPUT IN TEMPLATE FILE ---
function replace_page($template, $placeholder, $content){
$vars = array($placeholder=>$content);
return str_replace(array_keys($vars), $vars, $template);
} }
echo "<pre>"; function show_page($output, $exit) {
print_r($data); if ($exit === 0) {
echo "</pre>"; $headline = "Success";
unset($data); $notice = "";
} else if ($exit === 1) {
$headline = "Error";
$notice = "This error could have happened because one or more fields contained invalid information. Please try again. If you think that you see this error by mistake, please contact us.";
} else {
$headline = "Thank you";
}
$template = file_get_contents('../template/index.html', true);
$page = replace_page($template, ':HEADLINE:', $headline);
$page = replace_page($page, ':BODY1:', $output);
$page = replace_page($page, ':BODY2:', $notice);
echo $page;
unset($data);
exit($exit);
}
?> ?>