put all output of the signature script on a template page with placeholders

content/template.html

@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html lang="{{ with .Site.LanguageCode }}{{ . }}{{ else }}en-US{{ end }}">
+    <head>
+        {{ partial "head.html" . }}
+    </head>
+    <body id="page-top">
+        {{ partial "navpage.html" . }}
+
+        {{ partial "page-template.html" . }}
+        
+        {{ partial "language.html" . }}
+        
+        {{ partial "legal.html" . }}
+        
+        {{ partial "sharecolumn.html" . }}
+
+        {{ partial "js.html" . }}
+    </body>
+</html>

layouts/partials/page-template.html

@@ -0,0 +1,14 @@
+{{ "<!-- SUBPAGE TEMPLATE -->" | safeHTML }}
+<header>
+    <div class="header-content">
+        <div class="header-content-inner">
+          <div class="col-lg-8 col-lg-offset-2 text-center">
+            <h1>:HEADLINE:</h1>
+            <hr />
+            <p>:BODY1:</p>
+            <p>:BODY2:</p>
+            <a href="/" class="btn btn-primary btn-xl">Back</a>
+          </div>
+        </div>
+    </div>
+</header>

static/cgi/sign.php

@@ -1,16 +1,16 @@
 <?php
 
-$error = 0;           // error status
 $codemod = 2138367;   // modificator with which the confirmation ID will be obfuscated
-
+$output = "";
-// Database path
+$selfurl = "http://pmpc-test.mehl.mx/cgi/sign.php";  // absolute URL of this PHP script
-$db = "../userdata/signatures.json";
+$db = "../userdata/signatures.json";  // Signature database path
+$data = "";
 
 // Get info from form
 $action = isset($_GET['action']) ? $_GET['action'] : false;
 if(empty($action)) {
-  echo "No action defined.";
+  $output .= "No action defined.";
-  exit(1);
+  show_page($output, 1);
 } else if ($action === "sign") {
   $name = isset($_GET['name']) ? $_GET['name'] : false;
   $email = isset($_GET['email']) ? $_GET['email'] : false;
@@ -22,8 +22,8 @@ if(empty($action)) {
   
   // Check for missing required fields
   if(empty($name) || empty($email) || empty($permPriv)) {
-    echo "At least one required variable is empty.";
+    $output .= "At least one required variable is empty.";
-    exit(1);
+    show_page($output, 1);
   }
 } else if ($action === "confirm") {
   $confirmcode = isset($_GET['code']) ? $_GET['code'] : false;
@@ -31,24 +31,29 @@ if(empty($action)) {
   
   // Check for missing required fields
   if(empty($confirmcode) || empty($confirmid)) {
-    echo "Confirmation code or ID is missing.";
+    $output .= "Confirmation code or ID is missing.";
-    exit(1);
+    show_page($output, 1);
   }
 } else {
-  echo "Invalid action.";
+  $output .= "Invalid action.";
-  exit(1);
+  show_page($output, 1);
 }
+// Continue only if action = sign/confirmation
 
 // Validate input
+//TODO
 
-
+// Read database (should only be called if really needed)
-// Read database
+function read_db($db) {
-if (! file_exists($db)) {
+  global $data;   // declare $data a global variable to access it outside this function
+  if (! file_exists($db)) {
     touch($db);
+  }
+  $file = file_get_contents($db, true);
+  $data = json_decode($file, true);
+  unset($file);
 }
-$file = file_get_contents($db, true);
+
-$data = json_decode($file, true);
-unset($file);
 
 /// SIGNING ///
 if ($action === "sign") {
@@ -56,13 +61,13 @@ if ($action === "sign") {
   $total = count($data);
   for ($row = 0; $row < $total; $row++) {
     if ($email === $data[$row]['email']) {
-      echo "email $email already exists!";
+      $output .= "We already received a signature with this email address.";
-      $error = 1;
+      show_page($output, 1);
-      break 1;
     }
   }
   
-  if ($error === 0) {   // only make entry if no error happened
+  read_db($db);
+  
   // Take sequential ID
   $id = $total;
   // Create a random string for email verification
@@ -91,18 +96,35 @@ if ($action === "sign") {
   $to       = $email;
   $subject  = "One step left to sign the \"Public Money - Public Code\" letter";
   $message  = "Thank you for signing the open \"Public Money - Public Code\" letter! \r\n\r\n" .
-                "In order to confirm your signature, please visit following link:\r\n http://pmpc-test.mehl.mx/cgi/sign.php?action=confirm&id=$codeid&code=$code \r\n\r\n" .
+              "In order to confirm your signature, please visit following link:\r\n" . 
+              "$selfurl?action=confirm&id=$codeid&code=$code \r\n\r\n" .
               "If your confirmation succeeds, your signature will appear on the website within the next few hours.";
-    $headers  = "From: noreply@mehl.mx" . "\r\n" .
+  $headers  = "From: noreply@fsfe.org" . "\r\n" .
               "Message-ID: <confirmation-$code@fsfe.org>" . "\r\n" .
               "X-Mailer: PHP/" . phpversion();
 
   mail($to, $subject, $message, $headers);
-  }
+  
+  $output .= "Thank you for signing our open letter! <br /><br />";
+  $output .= "We just sent an email to your address ($email) for you to confirm your signature.";
+  show_page($output, 0);
+
 } else if ($action === "confirm") {
   /// CONFIRMATION ///
   
   $id = $confirmid - $codemod;              // substract the obfuscation number from the given ID
+  if ($id < 0) {
+    $output .= "Invalid signature ID.";
+    show_page($output, 1);
+  }
+  
+  read_db($db);
+  
+  if (empty($data[$id])) {
+    $output .= "The signature ID does not exist.";
+    show_page($output, 1);
+  }
+  
   $email = $data[$id]['email'];             // Get the user's email in case we need it
   $code = $data[$id]['code'];               // The confirmation code according to the DB
   $confirmed = $data[$id]['confirmed'];     // The current confirmation status
@@ -110,9 +132,6 @@ if ($action === "sign") {
   // Check whether the confirmation code is what we saved in the DB
   if ($confirmed === "no") {
     if ($confirmcode === $code) {
-      echo "Your signature with the Email &lt;$email&gt; has been confirmed. <br />";
-      echo "Thank you for signing the open letter!";
-      
       // Set the user's confirmation key to "yes"
       $data[$id]['confirmed'] = "yes";
       // Encode to JSON again and write to file
@@ -120,17 +139,47 @@ if ($action === "sign") {
       file_put_contents($db, $allsig, LOCK_EX);
       unset($allsig);
       
+      $output .= "Your email address ($email) has been confirmed. <br /><br />";
+      $output .= "Thank you for signing the open letter! Your signature will appear on the website within the next hours.";
+      show_page($output, 0);
+      
     } else {
-      echo "The given signature code is incorrect.";
+      $output .= "The provided signature code is incorrect.";
+      show_page($output, 1);
     }
+  } else if ($confirmed === "yes") {
+    $output .= "This email address is already confirmed. It can take a few hours until your signature appears online.";
+    show_page($output, 1);
   } else {
-    echo "You already confirmed your email address.";
+    $output .= "This signature ID does not exist or the confirmation status is broken.";
+    show_page($output, 1);
   }
   
+} // END confirm
+
+// --- PRINT OUTPUT IN TEMPLATE FILE ---
+
+function replace_page($template, $placeholder, $content){
+    $vars = array($placeholder=>$content);
+    return str_replace(array_keys($vars), $vars, $template);
 }
 
-echo "<pre>";
+function show_page($output, $exit) {
-print_r($data);
+  if ($exit === 0) {
-echo "</pre>";
+    $headline = "Success";
-unset($data);
+    $notice = "";
+  } else if ($exit === 1) {
+    $headline = "Error";
+    $notice = "This error could have happened because one or more fields contained invalid information. Please try again. If you think that you see this error by mistake, please contact us.";
+  } else {
+    $headline = "Thank you";
+  }
+  $template = file_get_contents('../template/index.html', true);
+  $page = replace_page($template, ':HEADLINE:', $headline);
+  $page = replace_page($page, ':BODY1:', $output);
+  $page = replace_page($page, ':BODY2:', $notice);
+  echo $page;
+  unset($data);
+  exit($exit);
+}
 ?>