From c1dbd5073a9c890b7d01b266093e061fd0d6a026 Mon Sep 17 00:00:00 2001
From: Patrick McGuire <insidenothing@gmail.com>
Date: Sat, 6 Jun 2020 11:49:32 -0400
Subject: [PATCH] Create presign.php

---
 presign.php | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 presign.php

diff --git a/presign.php b/presign.php
new file mode 100644
index 0000000..bf1333b
--- /dev/null
+++ b/presign.php
@@ -0,0 +1,42 @@
+<?PHP 
+include_once('/var/www/secure.php'); 
+include_once('slack.php');
+$petition_id = $_COOKIE['pID'];
+$VTRID = $_COOKIE['pVTRID'];
+if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
+    $ip = $_SERVER['HTTP_CLIENT_IP'];
+} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+    $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
+} else {
+    $ip = $_SERVER['REMOTE_ADDR'];
+}
+$signed_name_as             = $petition->real_escape_string($_POST['signed_name_as']);
+$date_of_birth              = $petition->real_escape_string($_COOKIE['pDOB']);
+$signed_name_as_circulator  = $petition->real_escape_string($_POST['signed_name_as_circulator']);
+$contact_phone              = $petition->real_escape_string($_COOKIE['pPHONE']);
+$signature_status           = $petition->real_escape_string($_COOKIE['signature_status']);
+$bot_check                  = $petition->real_escape_string($_SERVER['HTTP_USER_AGENT']);
+
+$petition->query("insert into signatures (bot_check,VTRID,ip_address,date_of_birth,date_time_signed,just_date,petition_id,signed_name_as,signed_name_as_circulator,contact_phone,signature_status) values ('$bot_check','$VTRID','$ip','$date_of_birth',NOW(),NOW(),'$petition_id','$signed_name_as','$signed_name_as_circulator','$contact_phone','$signature_status')") or die(mysqli_error($petition));
+if($petition_id == '' || $petition_id == '0'){
+    slack_general_admin("MISSING petition_id",'md-petition-signed'); 
+    echo "<h1>AN ERROR HAS OCCURED - PLEASE TRY AGAIN <a href='reset.php'>HERE</a></h1>";   
+    die();  // do not clear invite!!! 
+}
+slack_general_admin("$signed_name_as Petition $petition_id",'md-petition-signed');
+
+$last = $petition->insert_id;
+setcookie("invite_used", $_COOKIE['invite']);
+setcookie("invite", ""); // clear invite
+
+$q="SELECT ip_address, petition_id,VTRID, COUNT(*) as count FROM signatures where signature_status = 'verified' group by ip_address, petition_id, VTRID";
+$r = $petition->query($q);
+while($d = mysqli_fetch_array($r)){
+  if ($d['count'] > 1){
+    $msg = "*ALERT* https://www.md-petition.com/admin/abuse.php?ip_address=$d[ip_address] https://www.md-petition.com/admin/abuse.php?VTRID=$d[VTRID] $d[petition_id] $d[count]"; 
+    slack_general_admin($msg,'md-petition-signed');
+  }
+}
+header('Location: sign.php');
+
+?>
-- 
2.20.1