HCoop / clinton / MarylandElectronicPetitionSignature.git / blob
? search:


bf1333b2fb2edffc637b36fd0c96d3567a979286
[clinton/MarylandElectronicPetitionSignature.git] / presign.php
1 <?PHP
2 include_once('/var/www/secure.php');
3 include_once('slack.php');
4 $petition_id = $_COOKIE['pID'];
5 $VTRID = $_COOKIE['pVTRID'];
6 if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
7 $ip = $_SERVER['HTTP_CLIENT_IP'];
8 } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
9 $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
10 } else {
11 $ip = $_SERVER['REMOTE_ADDR'];
12 }
13 $signed_name_as = $petition->real_escape_string($_POST['signed_name_as']);
14 $date_of_birth = $petition->real_escape_string($_COOKIE['pDOB']);
15 $signed_name_as_circulator = $petition->real_escape_string($_POST['signed_name_as_circulator']);
16 $contact_phone = $petition->real_escape_string($_COOKIE['pPHONE']);
17 $signature_status = $petition->real_escape_string($_COOKIE['signature_status']);
18 $bot_check = $petition->real_escape_string($_SERVER['HTTP_USER_AGENT']);
19
20 $petition->query("insert into signatures (bot_check,VTRID,ip_address,date_of_birth,date_time_signed,just_date,petition_id,signed_name_as,signed_name_as_circulator,contact_phone,signature_status) values ('$bot_check','$VTRID','$ip','$date_of_birth',NOW(),NOW(),'$petition_id','$signed_name_as','$signed_name_as_circulator','$contact_phone','$signature_status')") or die(mysqli_error($petition));
21 if($petition_id == '' || $petition_id == '0'){
22 slack_general_admin("MISSING petition_id",'md-petition-signed');
23 echo "<h1>AN ERROR HAS OCCURED - PLEASE TRY AGAIN <a href='reset.php'>HERE</a></h1>";
24 die(); // do not clear invite!!!
25 }
26 slack_general_admin("$signed_name_as Petition $petition_id",'md-petition-signed');
27
28 $last = $petition->insert_id;
29 setcookie("invite_used", $_COOKIE['invite']);
30 setcookie("invite", ""); // clear invite
31
32 $q="SELECT ip_address, petition_id,VTRID, COUNT(*) as count FROM signatures where signature_status = 'verified' group by ip_address, petition_id, VTRID";
33 $r = $petition->query($q);
34 while($d = mysqli_fetch_array($r)){
35 if ($d['count'] > 1){
36 $msg = "*ALERT* https://www.md-petition.com/admin/abuse.php?ip_address=$d[ip_address] https://www.md-petition.com/admin/abuse.php?VTRID=$d[VTRID] $d[petition_id] $d[count]";
37 slack_general_admin($msg,'md-petition-signed');
38 }
39 }
40 header('Location: sign.php');
41
42 ?>
Unnamed repository; edit this file 'description' to name the repository.