function create_key($commercial, $reason)
{
global $THEUSER;
$key = auth_ab64_encode(urandom_bytes(16));
$db = new ParlDB();
$db->query('INSERT INTO api_key (user_id, api_key, commercial, created, reason) VALUES
(' . $THEUSER->user_id() . ', "' . $key . '", ' . mysql_escape_string($commercial) . ', NOW(), "' . mysql_escape_string($reason) . '")');
}
function create_key($commercial, $reason, $estimated_usage)
{
global $THEUSER;
$key = auth_ab64_encode(urandom_bytes(16));
$db = new ParlDB();
if ($commercial == '') {
$commercial = 0;
}
$db->query('INSERT INTO api_key (user_id, api_key, commercial, created, reason, estimated_usage) VALUES
(:user_id, :key, :commercial, NOW(), :reason, :estimated_usage)', array(':user_id' => $THEUSER->user_id(), ':key' => $key, ':commercial' => $commercial, ':reason' => $reason, ':estimated_usage' => $estimated_usage));
}
public function get_values()
{
global $this_page;
$data = array();
// TODO: think about not hard coding these
$current_question = 3;
$always_ask = 1;
$data['survey_site'] = "twfy-mini-{$current_question}";
$show_survey_qn = 0;
$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
$has_answered_question = get_http_var('answered_survey');
$hide_question = get_http_var('hide_survey');
$data['show'] = false;
if ($hide_question) {
$always_ask = 0;
$show_survey_qn = $current_question;
setcookie('survey', $current_question, time() + 60 * 60 * 24 * 365, '/');
} elseif ($has_answered_question == $current_question && !$always_ask) {
$show_survey_qn = $current_question;
setcookie('survey', $current_question, time() + 60 * 60 * 24 * 365, '/');
} elseif (isset($_COOKIE['survey'])) {
$show_survey_qn = $_COOKIE['survey'];
}
if ($show_survey_qn < $current_question && !$has_answered_question) {
$data['show'] = true;
$page_url = '';
$hide_url = '';
if (in_array($this_page, array('mp', 'peer', 'msp', 'mla', 'royal'))) {
global $MEMBER;
if ($MEMBER) {
$page_url = $MEMBER->url() . "?answered_survey={$current_question}";
$hide_url = $MEMBER->url() . "?hide_survey={$current_question}";
}
} else {
$URL = new \URL($this_page);
$URL->insert(array('answered_survey' => $current_question));
$page_url = 'http://' . DOMAIN . $URL->generate();
$URL = new \URL($this_page);
$URL->insert(array('hide_survey' => $current_question));
$hide_url = 'http://' . DOMAIN . $URL->generate();
}
$data['page_url'] = $page_url;
$data['hide_url'] = $hide_url;
$data['user_code'] = bin2hex(urandom_bytes(16));
$data['auth_signature'] = auth_sign_with_shared_secret($data['user_code'], OPTION_SURVEY_SECRET);
$data['datetime'] = time();
}
$data['current_q'] = $current_question;
$data['answered'] = $has_answered_question;
return $data;
}
function stash_new_request($method, $url, $params, $extra = null, $email = null)
{
$key = bin2hex(urandom_bytes(8));
if ($method == 'GET' || $method == 'HEAD') {
if (!is_null($params)) {
/* Strip query. */
$url = preg_replace('/\\?.*$/', '', $url);
$a = array();
foreach ($params as $k => $v) {
/* XXX doesn't handle multiple parameters */
array_push($a, urlencode($k) . '=' . urlencode($v));
}
if (count($a) > 0) {
$url .= '?' . implode('&', $a);
}
}
db_query('
insert into requeststash (key, method, url, extra, email)
values (?, ?, ?, ?, ?)', array($key, 'GET', $url, $extra, $email));
} else {
if ($method == 'POST') {
$ser = '';
rabx_wire_wr($params, $ser);
db_query('
insert into requeststash (key, method, url, post_data, extra, email)
values (?, ?, ?, ?, ?, ?)', array($key, 'POST', $url, $ser, $extra, $email));
} else {
err("Cannot stash request for method '{$method}'");
}
}
# XXX Turned off until better thing can be devised.
/* Also take this opportunity to remove old stashed state from the db. We
* do this as two queries, one to produce the threshold time and another to
* actually do the delete because PG isn't smart enough (in 7.3.x, anyway)
* to use the index for the query if the RHS of the < is nonconstant. */
#$t = db_getOne("select ms_current_timestamp() - '365 days'::interval");
#db_query("delete from requeststash where whensaved < ?", $t);
return $key;
}
exit;
}
$show_survey_qn = $_COOKIE['survey'];
if ($show_survey_qn == 2) {
header('Location: http://' . DOMAIN . '/survey/done', true, 301);
exit;
}
setcookie('survey', '1b', time()+60*60*24*365, '/');
if ($show_survey_qn == 1) {
$db = new ParlDB;
$db->query("UPDATE survey SET $find = $find + 1");
}
$user_code = bin2hex(urandom_bytes(16));
$auth_signature = auth_sign_with_shared_secret($user_code, OPTION_SURVEY_SECRET);
if ($find == 'yes') { ?>
<div style="margin:1em; border: solid 2px #cc9933; background-color: #ffffcc; padding: 4px; font-size:larger;">
Glad we could help you!
Maybe you could help us by answering some questions in our user survey which will contribute to make TheyWorkForYou even better – five minutes should be enough.
If you don’t want to participate, thanks anyway<? if ($referer) print ', <a href="' . $referer . '">return to where you were</a>'; ?>.
</div>
<? } else { ?>
<div style="margin:1em; padding: 4px; border: solid 2px #cc9933; background-color: #ffffcc; font-size:larger;">
We’re sorry to hear that.
Maybe you could help us make TheyWorkForYou better by answering some questions in our user survey –
five minutes should be enough.
If you don’t want to participate, thanks anyway<? if ($referer) print ', <a href="' . $referer . '">return to where you were</a>'; ?>.
</div>
function person_cookie_token($id, $duration = null)
{
if (is_null($duration)) {
$duration = 365 * 86400;
}
/* one year */
if (!preg_match('/^[1-9]\\d*$/', $id)) {
err("ID should be a decimal integer, not '{$id}'");
}
if (!preg_match('/^[1-9]\\d*$/', $duration) || $duration <= 0) {
err("DURATION should be a positive decimal integer, not '{$duration}'");
}
$salt = bin2hex(urandom_bytes(8));
$start = time();
$sha = sha1("{$id}/{$start}/{$duration}/{$salt}/" . db_secret());
return sprintf('%d/%d/%d/%s/%s', $id, $start, $duration, $salt, $sha);
}
$policyID = get_http_var('policy');
$answered_q = get_http_var('answered');
if ($policyID) {
$policiesList = new MySociety\TheyWorkForYou\Policies($policyID);
} else {
$policiesList = new MySociety\TheyWorkForYou\Policies();
}
$positions = new MySociety\TheyWorkForYou\PolicyPositions($policiesList, $MEMBER);
$divisions = new MySociety\TheyWorkForYou\Divisions($MEMBER, $positions, $policiesList);
if ($policyID) {
$data['policydivisions'] = $divisions->getMemberDivisionsForPolicy($policyID);
} else {
$data['policydivisions'] = $divisions->getAllMemberDivisionsByPolicy();
}
// data for the 'what else would you like to see' question box
$data['user_code'] = bin2hex(urandom_bytes(16));
$data['auth_signature'] = auth_sign_with_shared_secret($data['user_code'], OPTION_SURVEY_SECRET);
$data['page_url'] = "http://" . DOMAIN . $_SERVER['REQUEST_URI'] . ($policyID ? '&' : '?') . 'answered=1';
$data['answered_q'] = $answered_q;
// Send the output for rendering
MySociety\TheyWorkForYou\Renderer::output('mp/divisions', $data);
break;
case '':
default:
$policiesList = new MySociety\TheyWorkForYou\Policies();
$policies = $policiesList->limitToSet('summary')->shuffle();
// Generate limited voting record list
$data['policyPositions'] = new MySociety\TheyWorkForYou\PolicyPositions($policies, $MEMBER, 6);
// Send the output for rendering
MySociety\TheyWorkForYou\Renderer::output('mp/profile', $data);
break;
function auth_sign_with_shared_secret($item, $secret)
{
$salt = bin2hex(urandom_bytes(8));
$sha = sha1("{$salt}-{$secret}-{$item}");
return "{$sha}-{$salt}";
}