[clinton/MarylandElectronicPetitionSignature.git] / presign.php

<?PHP 
session_start();
include_once('/var/www/secure.php'); 
include_once('slack.php');
$petition_id = $_COOKIE['pID'];
$VTRID = $_COOKIE['pVTRID'];
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
    $ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
    $ip = $_SERVER['REMOTE_ADDR'];
}
function id2petition($id){
  global $petition;
  $q = "select petition_name from petitions where petition_id = '$id'";
  $r = $petition->query($q);
  $d = mysqli_fetch_array($r,MYSQLI_ASSOC);
  return $d['petition_name'];
}
$signed_name_as             = $petition->real_escape_string($_POST['signed_name_as']);
$date_of_birth              = $petition->real_escape_string($_COOKIE['pDOB']);
$signed_name_as_circulator  = $petition->real_escape_string($_POST['signed_name_as_circulator']);
$contact_phone              = $petition->real_escape_string($_COOKIE['pPHONE']);
$shared_email               = $petition->real_escape_string($_COOKIE['email']);
$signature_status           = $petition->real_escape_string($_COOKIE['signature_status']);
$bot_check                  = $petition->real_escape_string($_SERVER['HTTP_USER_AGENT']);
$VoterList_table           = $petition->real_escape_string($_COOKIE['VoterList_table']);
$php_session_id             = session_id();
global $time_on_site;
if (empty($_COOKIE['start_time'])){
  setcookie("start_time", time());
  $time_on_site = 0;
}else{
  $now  = time();
  $time_on_site = $now - $_COOKIE['start_time']; 
}
$petition->query("insert into signatures (shared_email,VoterList_table,php_session_id,bot_check,VTRID,ip_address,date_of_birth,date_time_signed,just_date,petition_id,signed_name_as,signed_name_as_circulator,contact_phone,signature_status)
values ('$shared_email','$VoterList_table','$php_session_id','$bot_check','$VTRID','$ip','$date_of_birth',NOW(),NOW(),'$petition_id','$signed_name_as','$signed_name_as_circulator','$contact_phone','$signature_status')") or die(mysqli_error($petition));

$last = $petition->insert_id;

$petition->query("update presign set presign_status = 'SIGNED' where php_session_id = '$php_session_id' and presign_status = 'NEW' ");
if($petition_id == '' || $petition_id == '0'){
    slack_general_admin("MISSING petition_id",'md-petition-signed'); 
    echo "<h1>AN ERROR HAS OCCURED - PLEASE TRY AGAIN <a href='reset.php'>HERE</a></h1>";   
    die();  // do not clear invite!!! 
}


slack_general_admin("$signed_name_as ".id2petition($petition_id)." sig #".$last,'md-petition-signed');
setcookie("last", $last);
setcookie("invite_used", $_COOKIE['invite']);
setcookie("invite", ""); // clear invite


$q="SELECT ip_address, petition_id,VTRID, COUNT(*) as count FROM signatures where signature_status = 'verified' group by ip_address, petition_id, VTRID";
$r = $petition->query($q);
while($d = mysqli_fetch_array($r)){
  if ($d['count'] > 1){
    $msg = "*ALERT* https://www.md-petition.com/admin/analytics.php $d[ip_address] $d[VTRID] ".id2petition($d['petition_id'])." *$d[count]*"; 
    slack_general_admin($msg,'md-petition-signed');
  }
}

$q = "select exit_page from petitions where petition_id = '$petition_id'";
$r = $petition->query($q);
$d = mysqli_fetch_array($r,MYSQLI_ASSOC);
if ($d['exit_page'] != ''){
    header('Location: '.$d['exit_page']);  
    die();
}

header('Location: sign.php?s='.$last);

?>
Commit	Line	Data
c1dbd507	1	<?PHP
734213e2	2	session_start();
c1dbd507 PM	3	include_once('/var/www/secure.php');
	4	include_once('slack.php');
	5	$petition_id = $_COOKIE['pID'];
	6	$VTRID = $_COOKIE['pVTRID'];
	7	if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
	8	$ip = $_SERVER['HTTP_CLIENT_IP'];
	9	} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
	10	$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
	11	} else {
	12	$ip = $_SERVER['REMOTE_ADDR'];
	13	}
30f1a182 PM	14	function id2petition($id){
	15	global $petition;
	16	$q = "select petition_name from petitions where petition_id = '$id'";
	17	$r = $petition->query($q);
	18	$d = mysqli_fetch_array($r,MYSQLI_ASSOC);
	19	return $d['petition_name'];
	20	}
c1dbd507 PM	21	$signed_name_as = $petition->real_escape_string($_POST['signed_name_as']);
	22	$date_of_birth = $petition->real_escape_string($_COOKIE['pDOB']);
	23	$signed_name_as_circulator = $petition->real_escape_string($_POST['signed_name_as_circulator']);
	24	$contact_phone = $petition->real_escape_string($_COOKIE['pPHONE']);
b84ce3ec	25	$shared_email = $petition->real_escape_string($_COOKIE['email']);
c1dbd507 PM	26	$signature_status = $petition->real_escape_string($_COOKIE['signature_status']);
c1dbd507 PM	27	$bot_check = $petition->real_escape_string($_SERVER['HTTP_USER_AGENT']);
c6e6004d	28	$VoterList_table = $petition->real_escape_string($_COOKIE['VoterList_table']);
21b5d375	29	$php_session_id = session_id();
30f1a182 PM	30	global $time_on_site;
	31	if (empty($_COOKIE['start_time'])){
	32	setcookie("start_time", time());
	33	$time_on_site = 0;
	34	}else{
	35	$now = time();
	36	$time_on_site = $now - $_COOKIE['start_time'];
	37	}
b84ce3ec PM	38	$petition->query("insert into signatures (shared_email,VoterList_table,php_session_id,bot_check,VTRID,ip_address,date_of_birth,date_time_signed,just_date,petition_id,signed_name_as,signed_name_as_circulator,contact_phone,signature_status)
b84ce3ec PM	39	values ('$shared_email','$VoterList_table','$php_session_id','$bot_check','$VTRID','$ip','$date_of_birth',NOW(),NOW(),'$petition_id','$signed_name_as','$signed_name_as_circulator','$contact_phone','$signature_status')") or die(mysqli_error($petition));
734213e2 PM	40
	41	$last = $petition->insert_id;
	42
21b5d375	43	$petition->query("update presign set presign_status = 'SIGNED' where php_session_id = '$php_session_id' and presign_status = 'NEW' ");
c1dbd507 PM	44	if($petition_id == '' \|\| $petition_id == '0'){
	45	slack_general_admin("MISSING petition_id",'md-petition-signed');
	46	echo "<h1>AN ERROR HAS OCCURED - PLEASE TRY AGAIN <a href='reset.php'>HERE</a></h1>";
	47	die(); // do not clear invite!!!
	48	}
45671a08	49
c1dbd507	50
734213e2	51
45671a08	52	slack_general_admin("$signed_name_as ".id2petition($petition_id)." sig #".$last,'md-petition-signed');
4379fae0	53	setcookie("last", $last);
c1dbd507 PM	54	setcookie("invite_used", $_COOKIE['invite']);
	55	setcookie("invite", ""); // clear invite
	56
b28bae7a PM	57
	58
	59
	60
c1dbd507 PM	61	$q="SELECT ip_address, petition_id,VTRID, COUNT(*) as count FROM signatures where signature_status = 'verified' group by ip_address, petition_id, VTRID";
	62	$r = $petition->query($q);
	63	while($d = mysqli_fetch_array($r)){
	64	if ($d['count'] > 1){
ed8c9fd7	65	$msg = "ALERT https://www.md-petition.com/admin/analytics.php $d[ip_address] $d[VTRID] ".id2petition($d['petition_id'])." $d[count]";
c1dbd507 PM	66	slack_general_admin($msg,'md-petition-signed');
	67	}
	68	}
b28bae7a	69
f745b06c	70	$q = "select exit_page from petitions where petition_id = '$petition_id'";
b28bae7a PM	71	$r = $petition->query($q);
b28bae7a PM	72	$d = mysqli_fetch_array($r,MYSQLI_ASSOC);
f745b06c PM	73	if ($d['exit_page'] != ''){
f745b06c PM	74	header('Location: '.$d['exit_page']);
b28bae7a PM	75	die();
	76	}
	77
45671a08	78	header('Location: sign.php?s='.$last);
c1dbd507 PM	79
c1dbd507 PM	80	?>