Commit | Line | Data |
---|---|---|
c1dbd507 | 1 | <?PHP |
734213e2 | 2 | session_start(); |
c1dbd507 PM |
3 | include_once('/var/www/secure.php'); |
4 | include_once('slack.php'); | |
5 | $petition_id = $_COOKIE['pID']; | |
6 | $VTRID = $_COOKIE['pVTRID']; | |
7 | if (!empty($_SERVER['HTTP_CLIENT_IP'])) { | |
8 | $ip = $_SERVER['HTTP_CLIENT_IP']; | |
9 | } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { | |
10 | $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; | |
11 | } else { | |
12 | $ip = $_SERVER['REMOTE_ADDR']; | |
13 | } | |
30f1a182 PM |
14 | function id2petition($id){ |
15 | global $petition; | |
16 | $q = "select petition_name from petitions where petition_id = '$id'"; | |
17 | $r = $petition->query($q); | |
18 | $d = mysqli_fetch_array($r,MYSQLI_ASSOC); | |
19 | return $d['petition_name']; | |
20 | } | |
c1dbd507 PM |
21 | $signed_name_as = $petition->real_escape_string($_POST['signed_name_as']); |
22 | $date_of_birth = $petition->real_escape_string($_COOKIE['pDOB']); | |
23 | $signed_name_as_circulator = $petition->real_escape_string($_POST['signed_name_as_circulator']); | |
24 | $contact_phone = $petition->real_escape_string($_COOKIE['pPHONE']); | |
25 | $signature_status = $petition->real_escape_string($_COOKIE['signature_status']); | |
26 | $bot_check = $petition->real_escape_string($_SERVER['HTTP_USER_AGENT']); | |
21b5d375 | 27 | $php_session_id = session_id(); |
30f1a182 PM |
28 | global $time_on_site; |
29 | if (empty($_COOKIE['start_time'])){ | |
30 | setcookie("start_time", time()); | |
31 | $time_on_site = 0; | |
32 | }else{ | |
33 | $now = time(); | |
34 | $time_on_site = $now - $_COOKIE['start_time']; | |
35 | } | |
21b5d375 PM |
36 | $petition->query("insert into signatures (php_session_id,bot_check,VTRID,ip_address,date_of_birth,date_time_signed,just_date,petition_id,signed_name_as,signed_name_as_circulator,contact_phone,signature_status) |
37 | values ('$php_session_id','$bot_check','$VTRID','$ip','$date_of_birth',NOW(),NOW(),'$petition_id','$signed_name_as','$signed_name_as_circulator','$contact_phone','$signature_status')") or die(mysqli_error($petition)); | |
734213e2 PM |
38 | |
39 | $last = $petition->insert_id; | |
40 | ||
21b5d375 | 41 | $petition->query("update presign set presign_status = 'SIGNED' where php_session_id = '$php_session_id' and presign_status = 'NEW' "); |
c1dbd507 PM |
42 | if($petition_id == '' || $petition_id == '0'){ |
43 | slack_general_admin("MISSING petition_id",'md-petition-signed'); | |
44 | echo "<h1>AN ERROR HAS OCCURED - PLEASE TRY AGAIN <a href='reset.php'>HERE</a></h1>"; | |
45 | die(); // do not clear invite!!! | |
46 | } | |
45671a08 | 47 | |
c1dbd507 | 48 | |
734213e2 | 49 | |
45671a08 | 50 | slack_general_admin("$signed_name_as ".id2petition($petition_id)." sig #".$last,'md-petition-signed'); |
4379fae0 | 51 | setcookie("last", $last); |
c1dbd507 PM |
52 | setcookie("invite_used", $_COOKIE['invite']); |
53 | setcookie("invite", ""); // clear invite | |
54 | ||
55 | $q="SELECT ip_address, petition_id,VTRID, COUNT(*) as count FROM signatures where signature_status = 'verified' group by ip_address, petition_id, VTRID"; | |
56 | $r = $petition->query($q); | |
57 | while($d = mysqli_fetch_array($r)){ | |
58 | if ($d['count'] > 1){ | |
30f1a182 | 59 | $msg = "*ALERT* https://www.md-petition.com/admin/abuse.php $d[ip_address] $d[VTRID] ".id2petition($d['petition_id'])." *$d[count]*"; |
c1dbd507 PM |
60 | slack_general_admin($msg,'md-petition-signed'); |
61 | } | |
62 | } | |
45671a08 | 63 | header('Location: sign.php?s='.$last); |
c1dbd507 PM |
64 | |
65 | ?> |