function api_getAlerts_start_date($start_date) { $args = array('start_date' => $start_date, 'end_date' => get_http_var('end_date')); $alert = new ALERT(); $data = $alert->fetch_between($confirmed = 1, $deleted = 0, $args['start_date'], $args['end_date']); api_output($data); }
// This token is a salted version of their email address concatenated // with the time the alert was created. // We check this exists in the database and if so we run the confirm // function of class ALERT to set the field confirmed in the table // alerts to true. // We then print a nice welcome message. // This depends on there being page definitions in metadata.php // FUNCTIONS // confirm_success() Displays a page with a success confirmation message // confirm_error() Displays a page with an error message // INITIALISATION include_once "../../../includes/easyparliament/init.php"; include_once "../../../includes/easyparliament/member.php"; include_once INCLUDESPATH . '../../../phplib/crosssell.php'; // Instantiate an instance of ALERT $ALERT = new ALERT(); $success = $ALERT->confirm(get_http_var('t')); if ($success) { confirm_success($ALERT); } else { confirm_error(); } // FUNCTION: confirm_success function confirm_success($ALERT) { global $PAGE, $this_page, $THEUSER; $this_page = 'alertconfirmsucceeded'; $criteria = $ALERT->criteria_pretty(true); $email = $ALERT->email(); $extra = null; $PAGE->page_start();
function add($details, $confirmation_required = true) { // Adds a new user's info into the db. // Then optionally (and usually) calls another function to // send them a confirmation email. // $details is an associative array of all the user's details, of the form: // array ( // "firstname" => "Fred", // "lastname" => "Bloggs", // etc... using the same keys as the object variable names. // ) // The BOOL variables (eg, optin) will be true or false and will need to be // converted to 1/0 for MySQL. global $REMOTE_ADDR; $registrationtime = gmdate("YmdHis"); // We crypt all passwords going into DB. $passwordforDB = crypt($details["password"]); if (!isset($details["status"])) { $details["status"] = "User"; } $optin = $details["optin"] == true ? 1 : 0; $emailpublic = $details["emailpublic"] == true ? 1 : 0; $q = $this->db->query("INSERT INTO users (\n\t\t\t\tfirstname,\n\t\t\t\tlastname,\n\t\t\t\temail,\n\t\t\t\temailpublic,\n\t\t\t\tpostcode,\n\t\t\t\turl,\n\t\t\t\tpassword,\n\t\t\t\toptin,\n\t\t\t\tstatus,\n\t\t\t\tregistrationtime,\n\t\t\t\tregistrationip,\n\t\t\t\tdeleted\n\t\t\t) VALUES (\n\t\t\t\t'" . mysql_escape_string($details["firstname"]) . "',\n\t\t\t\t'" . mysql_escape_string($details["lastname"]) . "',\n\t\t\t\t'" . mysql_escape_string($details["email"]) . "',\n\t\t\t\t'" . mysql_escape_string($emailpublic) . "',\n\t\t\t\t'" . mysql_escape_string($details["postcode"]) . "',\n\t\t\t\t'" . mysql_escape_string($details["url"]) . "',\n\t\t\t\t'" . mysql_escape_string($passwordforDB) . "',\n\t\t\t\t'" . mysql_escape_string($optin) . "',\n\t\t\t\t'" . mysql_escape_string($details["status"]) . "',\n\t\t\t\t'" . mysql_escape_string($registrationtime) . "',\n\t\t\t\t'" . mysql_escape_string($REMOTE_ADDR) . "',\n\t\t\t\t'0'\n\t\t\t)\n\t\t"); if ($q->success()) { // Set these so we can log in. // Except we no longer automatically log new users in, we // send them an email. So this may not be required. $this->user_id = $q->insert_id(); $this->password = $passwordforDB; // We have to set the user's registration token. // This will be sent to them via email, so we can confirm they exist. // The token will be the first 16 characters of a crypt. $token = substr(crypt($details["email"] . microtime()), 12, 16); // Full stops don't work well at the end of URLs in emails, // so replace them. We won't be doing anything clever with the crypt // stuff, just need to match this token. $this->registrationtoken = strtr($token, '.', 'X'); // Add that to the DB. $r = $this->db->query("UPDATE users\n\t\t\t\t\t\t\tSET\tregistrationtoken = '" . mysql_escape_string($this->registrationtoken) . "'\n\t\t\t\t\t\t\tWHERE\tuser_id = '" . mysql_escape_string($this->user_id) . "'\n\t\t\t\t\t\t\t"); if ($r->success()) { // Updated DB OK. if ($details['mp_alert'] && $details['postcode']) { $MEMBER = new MEMBER(array('postcode' => $details['postcode'])); $pid = $MEMBER->person_id(); # No confirmation email, but don't automatically confirm $ALERT = new ALERT(); $ALERT->add(array('email' => $details['email'], 'pid' => $pid), false, false); } if ($confirmation_required) { // Right, send the email... $success = $this->send_confirmation_email($details); if ($success) { // All is good in the world! return true; } else { // Couldn't send the email. return false; } } else { // No confirmation email needed. return true; } } else { // Couldn't add the registration token to the DB. return false; } } else { // Couldn't add the user's data to the DB. return false; } }
function add_alert($details) { global $ALERT, $PAGE, $THEUSER, $this_page; $extra = null; // Instantiate an instance of ALERT $ALERT = new ALERT(); $external_auth = auth_verify_with_shared_secret($details['email'], OPTION_AUTH_SHARED_SECRET, get_http_var('sign')); if ($external_auth) { $site = get_http_var('site'); if ($site != 'wtt' && $site != 'hfymp') { $site = 'unknown'; } $extra = 'from_' . $site . '=1'; $confirm = false; } elseif ($THEUSER->loggedin()) { $confirm = false; } else { $confirm = true; } // If this goes well, the alert will be added to the database and a confirmation email // will be sent to them. $success = $ALERT->add($details, $confirm); // Display results message on blank page for both success and failure $this_page = 'alertwelcome'; $URL = new URL('alertwelcome'); $backlink = $URL->generate(); $PAGE->page_start(); $PAGE->stripe_start(); $advert = false; if ($success > 0 && !$confirm) { if ($details['pid']) { $MEMBER = new MEMBER(array('person_id' => $details['pid'])); $criteria = $MEMBER->full_name(); if ($details['keyword']) { $criteria .= ' mentions \'' . $details['keyword'] . '\''; } else { $criteria .= ' contributes'; } } elseif ($details['keyword']) { $criteria = '\'' . $details['keyword'] . '\' is mentioned'; } $message = array('title' => 'Your alert has been added', 'text' => 'You will now receive email alerts on any day when ' . $criteria . ' in parliament.'); $advert = true; } elseif ($success > 0) { $message = array('title' => "We're nearly done...", 'text' => "You should receive an email shortly which will contain a link. You will need to follow that link to confirm your email address to receive the alert. Thanks."); } elseif ($success == -2) { $message = array('title' => 'You already have this alert', 'text' => 'You already appear to be subscribed to this email alert, so we have not signed you up to it again.'); $advert = true; } else { $message = array('title' => "This alert has not been accepted", 'text' => "Sorry, we were unable to create this alert. Please <a href=\"mailto:" . CONTACTEMAIL . "\">let us know</a>. Thanks."); } $PAGE->message($message); if ($advert) { $advert_shown = alert_confirmation_advert($details); if ($extra) { $extra .= "; "; } $extra .= "advert={$advert_shown}"; } suggest_alerts($details['email'], $details['pid'], 5); $PAGE->stripe_end(); $PAGE->page_end($extra); }
$toemail = $m[1]; } } if ($nomail) { mlog("NOT SENDING EMAIL\n"); } if ($fromemail && $onlyemail || $toemail && $onlyemail) { mlog("Can't have both from/to and only!\n"); exit; } $active = 0; $queries = 0; $unregistered = 0; $registered = 0; $sentemails = 0; $LIVEALERTS = new ALERT(); $current_email = ''; $email_text = ''; $globalsuccess = 1; # Fetch all confirmed, non-deleted alerts $confirmed = 1; $deleted = 0; $alertdata = $LIVEALERTS->fetch($confirmed, $deleted); $alertdata = $alertdata['data']; $DEBATELIST = new DEBATELIST(); # Nothing debate specific, but has to be one of them $sects = array('', 'House of Representatives debate', 'Westminster Hall debate', 'Written Answer', 'Written Ministerial Statement', 'Northern Ireland Assembly debate'); $sects[101] = 'Lords debate'; $sects_short = array('', 'debate', 'westminhall', 'wrans', 'wms', 'ni'); $sects_short[101] = 'lords'; $results = array();
// What happens? They will come here with t=23-adsf7897fd78d9sfsd200501021500 // where the value of 't' is a form of their registration token. // This token is a salted version of their email address concatenated // with the time the alert was created. // We check this exists in the database and if so we run the delete // function of class ALERT to set the field deleted in the table // alerts to true. // We then print a confirmation message. // This depends on there being page definitions in metadata.php // FUNCTIONS // delete_success() Displays a page with a success confirmation message // delete_error() Displays a page with an error message // INITIALISATION include_once "../../../includes/easyparliament/init.php"; // Instantiate an instance of ALERT $ALERT = new ALERT(); $success = $ALERT->delete(get_http_var('t')); if ($success) { delete_success(); } else { delete_error(); } // FUNCTION: delete_success function delete_success() { global $PAGE, $this_page; $this_page = 'alertdeletesucceeded'; $PAGE->page_start(); $PAGE->stripe_start(); ?>
public function add($details, $confirmation_required = true) { // Adds a new user's info into the db. // Then optionally (and usually) calls another function to // send them a confirmation email. // $details is an associative array of all the user's details, of the form: // array ( // "firstname" => "Fred", // "lastname" => "Bloggs", // etc... using the same keys as the object variable names. // ) // The BOOL variables (eg, optin) will be true or false and will need to be // converted to 1/0 for MySQL. global $REMOTE_ADDR; $registrationtime = gmdate("YmdHis"); $passwordforDB = password_hash($details["password"], PASSWORD_BCRYPT); if (!isset($details["status"])) { $details["status"] = "User"; } $optin = $details["optin"] == true ? 1 : 0; $emailpublic = $details["emailpublic"] == true ? 1 : 0; $q = $this->db->query("INSERT INTO users (\n firstname,\n lastname,\n email,\n emailpublic,\n postcode,\n url,\n password,\n optin,\n status,\n registrationtime,\n registrationip,\n deleted\n ) VALUES (\n :firstname,\n :lastname,\n :email,\n :emailpublic,\n :postcode,\n :url,\n :password,\n :optin,\n :status,\n :registrationtime,\n :registrationip,\n '0'\n )\n ", array(':firstname' => $details["firstname"], ':lastname' => $details["lastname"], ':email' => $details["email"], ':emailpublic' => $emailpublic, ':postcode' => $details["postcode"], ':url' => $details["url"], ':password' => $passwordforDB, ':optin' => $optin, ':status' => $details["status"], ':registrationtime' => $registrationtime, ':registrationip' => $REMOTE_ADDR)); if ($q->success()) { // Set these so we can log in. // Except we no longer automatically log new users in, we // send them an email. So this may not be required. $this->user_id = $q->insert_id(); $this->password = $passwordforDB; // We have to set the user's registration token. // This will be sent to them via email, so we can confirm they exist. // The token will be the first 16 characters of a hash. $token = substr(password_hash($details["email"] . microtime(), PASSWORD_BCRYPT), 29, 16); // Full stops don't work well at the end of URLs in emails, // so replace them. We won't be doing anything clever with the hash // stuff, just need to match this token. $this->registrationtoken = strtr($token, '.', 'X'); // Add that to the DB. $r = $this->db->query("UPDATE users\n SET registrationtoken = :registrationtoken\n WHERE user_id = :user_id\n ", array(':registrationtoken' => $this->registrationtoken, ':user_id' => $this->user_id)); if ($r->success()) { // Updated DB OK. if ($details['mp_alert'] && $details['postcode']) { $MEMBER = new MEMBER(array('postcode' => $details['postcode'], 'house' => 1)); $pid = $MEMBER->person_id(); # No confirmation email, but don't automatically confirm $ALERT = new ALERT(); $ALERT->add(array('email' => $details['email'], 'pid' => $pid, 'pc' => $details['postcode']), false, false); } if ($confirmation_required) { // Right, send the email... $success = $this->send_confirmation_email($details); if ($success) { // All is good in the world! return true; } else { // Couldn't send the email. return false; } } else { // No confirmation email needed. return true; } } else { // Couldn't add the registration token to the DB. return false; } } else { // Couldn't add the user's data to the DB. return false; } }
FUNCTIONS check_input() Validates the edited or added alert data and creates error messages. add_alert() Adds alert to database depending on success. display_search_form() Shows the new form to enter alert data. set_criteria() Sets search criteria from information in MP and Keyword fields. */ include_once '../../includes/easyparliament/init.php'; include_once INCLUDESPATH . "easyparliament/people.php"; include_once INCLUDESPATH . "easyparliament/member.php"; include_once INCLUDESPATH . "easyparliament/searchengine.php"; include_once INCLUDESPATH . '../../commonlib/phplib/auth.php'; include_once INCLUDESPATH . '../../commonlib/phplib/crosssell.php'; $this_page = "alert"; $extra = null; $ALERT = new ALERT(); $token = get_http_var('t'); $alert = $ALERT->check_token($token); $message = ''; if ($action = get_http_var('action')) { $success = true; if ($action == 'Confirm') { $success = $ALERT->confirm($token); if ($success) { $criteria = $ALERT->criteria_pretty(true); $message = "<p>Your alert has been confirmed. You will now\n receive email alerts for the following criteria:</p>\n <ul>{$criteria}</ul> <p>This is normally the day after, but could\n conceivably be later due to issues at our or parliament.uk's\n end.</p>"; } } elseif ($action == 'Suspend') { $success = $ALERT->suspend($token); if ($success) { $message = '<p><strong>That alert has been suspended.</strong> You will no longer receive this alert.</p>';
/** * Test that we can't delete an alert with a bad token */ public function testResumeInvalid() { $ALERT = new ALERT(); $response = $ALERT->resume('6::badtoken'); $this->assertEquals(false, $response); }