| 1 | <?PHP |
| 2 | session_start(); |
| 3 | include_once('/var/www/secure.php'); |
| 4 | include_once('slack.php'); |
| 5 | $petition_id = $_COOKIE['pID']; |
| 6 | $VTRID = $_COOKIE['pVTRID']; |
| 7 | if (!empty($_SERVER['HTTP_CLIENT_IP'])) { |
| 8 | $ip = $_SERVER['HTTP_CLIENT_IP']; |
| 9 | } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { |
| 10 | $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; |
| 11 | } else { |
| 12 | $ip = $_SERVER['REMOTE_ADDR']; |
| 13 | } |
| 14 | function id2petition($id){ |
| 15 | global $petition; |
| 16 | $q = "select petition_name from petitions where petition_id = '$id'"; |
| 17 | $r = $petition->query($q); |
| 18 | $d = mysqli_fetch_array($r,MYSQLI_ASSOC); |
| 19 | return $d['petition_name']; |
| 20 | } |
| 21 | $signed_name_as = $petition->real_escape_string($_POST['signed_name_as']); |
| 22 | $date_of_birth = $petition->real_escape_string($_COOKIE['pDOB']); |
| 23 | $signed_name_as_circulator = $petition->real_escape_string($_POST['signed_name_as_circulator']); |
| 24 | $contact_phone = $petition->real_escape_string($_COOKIE['pPHONE']); |
| 25 | $shared_email = $petition->real_escape_string($_COOKIE['email']); |
| 26 | $signature_status = $petition->real_escape_string($_COOKIE['signature_status']); |
| 27 | $bot_check = $petition->real_escape_string($_SERVER['HTTP_USER_AGENT']); |
| 28 | $VoterList_table = $petition->real_escape_string($_COOKIE['VoterList_table']); |
| 29 | $php_session_id = session_id(); |
| 30 | global $time_on_site; |
| 31 | if (empty($_COOKIE['start_time'])){ |
| 32 | setcookie("start_time", time()); |
| 33 | $time_on_site = 0; |
| 34 | }else{ |
| 35 | $now = time(); |
| 36 | $time_on_site = $now - $_COOKIE['start_time']; |
| 37 | } |
| 38 | $petition->query("insert into signatures (shared_email,VoterList_table,php_session_id,bot_check,VTRID,ip_address,date_of_birth,date_time_signed,just_date,petition_id,signed_name_as,signed_name_as_circulator,contact_phone,signature_status) |
| 39 | values ('$shared_email','$VoterList_table','$php_session_id','$bot_check','$VTRID','$ip','$date_of_birth',NOW(),NOW(),'$petition_id','$signed_name_as','$signed_name_as_circulator','$contact_phone','$signature_status')") or die(mysqli_error($petition)); |
| 40 | |
| 41 | $last = $petition->insert_id; |
| 42 | |
| 43 | $petition->query("update presign set presign_status = 'SIGNED' where php_session_id = '$php_session_id' and presign_status = 'NEW' "); |
| 44 | if($petition_id == '' || $petition_id == '0'){ |
| 45 | slack_general_admin("MISSING petition_id",'md-petition-signed'); |
| 46 | echo "<h1>AN ERROR HAS OCCURED - PLEASE TRY AGAIN <a href='reset.php'>HERE</a></h1>"; |
| 47 | die(); // do not clear invite!!! |
| 48 | } |
| 49 | |
| 50 | |
| 51 | |
| 52 | slack_general_admin("$signed_name_as ".id2petition($petition_id)." sig #".$last,'md-petition-signed'); |
| 53 | setcookie("last", $last); |
| 54 | setcookie("invite_used", $_COOKIE['invite']); |
| 55 | setcookie("invite", ""); // clear invite |
| 56 | |
| 57 | |
| 58 | |
| 59 | |
| 60 | |
| 61 | $q="SELECT ip_address, petition_id,VTRID, COUNT(*) as count FROM signatures where signature_status = 'verified' group by ip_address, petition_id, VTRID"; |
| 62 | $r = $petition->query($q); |
| 63 | while($d = mysqli_fetch_array($r)){ |
| 64 | if ($d['count'] > 1){ |
| 65 | $msg = "*ALERT* https://www.md-petition.com/admin/analytics.php $d[ip_address] $d[VTRID] ".id2petition($d['petition_id'])." *$d[count]*"; |
| 66 | slack_general_admin($msg,'md-petition-signed'); |
| 67 | } |
| 68 | } |
| 69 | |
| 70 | $q = "select exit_page from petitions where petition_id = '$petition_id'"; |
| 71 | $r = $petition->query($q); |
| 72 | $d = mysqli_fetch_array($r,MYSQLI_ASSOC); |
| 73 | if ($d['exit_page'] != ''){ |
| 74 | header('Location: '.$d['exit_page']); |
| 75 | die(); |
| 76 | } |
| 77 | |
| 78 | header('Location: sign.php?s='.$last); |
| 79 | |
| 80 | ?> |