function api_getAlerts_start_date($start_date)
{
$args = array('start_date' => $start_date, 'end_date' => get_http_var('end_date'));
$alert = new ALERT();
$data = $alert->fetch_between($confirmed = 1, $deleted = 0, $args['start_date'], $args['end_date']);
api_output($data);
}
// This token is a salted version of their email address concatenated
// with the time the alert was created.
// We check this exists in the database and if so we run the confirm
// function of class ALERT to set the field confirmed in the table
// alerts to true.
// We then print a nice welcome message.
// This depends on there being page definitions in metadata.php
// FUNCTIONS
// confirm_success() Displays a page with a success confirmation message
// confirm_error() Displays a page with an error message
// INITIALISATION
include_once "../../../includes/easyparliament/init.php";
include_once "../../../includes/easyparliament/member.php";
include_once INCLUDESPATH . '../../../phplib/crosssell.php';
// Instantiate an instance of ALERT
$ALERT = new ALERT();
$success = $ALERT->confirm(get_http_var('t'));
if ($success) {
confirm_success($ALERT);
} else {
confirm_error();
}
// FUNCTION: confirm_success
function confirm_success($ALERT)
{
global $PAGE, $this_page, $THEUSER;
$this_page = 'alertconfirmsucceeded';
$criteria = $ALERT->criteria_pretty(true);
$email = $ALERT->email();
$extra = null;
$PAGE->page_start();
function add($details, $confirmation_required = true)
{
// Adds a new user's info into the db.
// Then optionally (and usually) calls another function to
// send them a confirmation email.
// $details is an associative array of all the user's details, of the form:
// array (
// "firstname" => "Fred",
// "lastname" => "Bloggs",
// etc... using the same keys as the object variable names.
// )
// The BOOL variables (eg, optin) will be true or false and will need to be
// converted to 1/0 for MySQL.
global $REMOTE_ADDR;
$registrationtime = gmdate("YmdHis");
// We crypt all passwords going into DB.
$passwordforDB = crypt($details["password"]);
if (!isset($details["status"])) {
$details["status"] = "User";
}
$optin = $details["optin"] == true ? 1 : 0;
$emailpublic = $details["emailpublic"] == true ? 1 : 0;
$q = $this->db->query("INSERT INTO users (\n\t\t\t\tfirstname,\n\t\t\t\tlastname,\n\t\t\t\temail,\n\t\t\t\temailpublic,\n\t\t\t\tpostcode,\n\t\t\t\turl,\n\t\t\t\tpassword,\n\t\t\t\toptin,\n\t\t\t\tstatus,\n\t\t\t\tregistrationtime,\n\t\t\t\tregistrationip,\n\t\t\t\tdeleted\n\t\t\t) VALUES (\n\t\t\t\t'" . mysql_escape_string($details["firstname"]) . "',\n\t\t\t\t'" . mysql_escape_string($details["lastname"]) . "',\n\t\t\t\t'" . mysql_escape_string($details["email"]) . "',\n\t\t\t\t'" . mysql_escape_string($emailpublic) . "',\n\t\t\t\t'" . mysql_escape_string($details["postcode"]) . "',\n\t\t\t\t'" . mysql_escape_string($details["url"]) . "',\n\t\t\t\t'" . mysql_escape_string($passwordforDB) . "',\n\t\t\t\t'" . mysql_escape_string($optin) . "',\n\t\t\t\t'" . mysql_escape_string($details["status"]) . "',\n\t\t\t\t'" . mysql_escape_string($registrationtime) . "',\n\t\t\t\t'" . mysql_escape_string($REMOTE_ADDR) . "',\n\t\t\t\t'0'\n\t\t\t)\n\t\t");
if ($q->success()) {
// Set these so we can log in.
// Except we no longer automatically log new users in, we
// send them an email. So this may not be required.
$this->user_id = $q->insert_id();
$this->password = $passwordforDB;
// We have to set the user's registration token.
// This will be sent to them via email, so we can confirm they exist.
// The token will be the first 16 characters of a crypt.
$token = substr(crypt($details["email"] . microtime()), 12, 16);
// Full stops don't work well at the end of URLs in emails,
// so replace them. We won't be doing anything clever with the crypt
// stuff, just need to match this token.
$this->registrationtoken = strtr($token, '.', 'X');
// Add that to the DB.
$r = $this->db->query("UPDATE users\n\t\t\t\t\t\t\tSET\tregistrationtoken = '" . mysql_escape_string($this->registrationtoken) . "'\n\t\t\t\t\t\t\tWHERE\tuser_id = '" . mysql_escape_string($this->user_id) . "'\n\t\t\t\t\t\t\t");
if ($r->success()) {
// Updated DB OK.
if ($details['mp_alert'] && $details['postcode']) {
$MEMBER = new MEMBER(array('postcode' => $details['postcode']));
$pid = $MEMBER->person_id();
# No confirmation email, but don't automatically confirm
$ALERT = new ALERT();
$ALERT->add(array('email' => $details['email'], 'pid' => $pid), false, false);
}
if ($confirmation_required) {
// Right, send the email...
$success = $this->send_confirmation_email($details);
if ($success) {
// All is good in the world!
return true;
} else {
// Couldn't send the email.
return false;
}
} else {
// No confirmation email needed.
return true;
}
} else {
// Couldn't add the registration token to the DB.
return false;
}
} else {
// Couldn't add the user's data to the DB.
return false;
}
}
function add_alert($details)
{
global $ALERT, $PAGE, $THEUSER, $this_page;
$extra = null;
// Instantiate an instance of ALERT
$ALERT = new ALERT();
$external_auth = auth_verify_with_shared_secret($details['email'], OPTION_AUTH_SHARED_SECRET, get_http_var('sign'));
if ($external_auth) {
$site = get_http_var('site');
if ($site != 'wtt' && $site != 'hfymp') {
$site = 'unknown';
}
$extra = 'from_' . $site . '=1';
$confirm = false;
} elseif ($THEUSER->loggedin()) {
$confirm = false;
} else {
$confirm = true;
}
// If this goes well, the alert will be added to the database and a confirmation email
// will be sent to them.
$success = $ALERT->add($details, $confirm);
// Display results message on blank page for both success and failure
$this_page = 'alertwelcome';
$URL = new URL('alertwelcome');
$backlink = $URL->generate();
$PAGE->page_start();
$PAGE->stripe_start();
$advert = false;
if ($success > 0 && !$confirm) {
if ($details['pid']) {
$MEMBER = new MEMBER(array('person_id' => $details['pid']));
$criteria = $MEMBER->full_name();
if ($details['keyword']) {
$criteria .= ' mentions \'' . $details['keyword'] . '\'';
} else {
$criteria .= ' contributes';
}
} elseif ($details['keyword']) {
$criteria = '\'' . $details['keyword'] . '\' is mentioned';
}
$message = array('title' => 'Your alert has been added', 'text' => 'You will now receive email alerts on any day when ' . $criteria . ' in parliament.');
$advert = true;
} elseif ($success > 0) {
$message = array('title' => "We're nearly done...", 'text' => "You should receive an email shortly which will contain a link. You will need to follow that link to confirm your email address to receive the alert. Thanks.");
} elseif ($success == -2) {
$message = array('title' => 'You already have this alert', 'text' => 'You already appear to be subscribed to this email alert, so we have not signed you up to it again.');
$advert = true;
} else {
$message = array('title' => "This alert has not been accepted", 'text' => "Sorry, we were unable to create this alert. Please <a href=\"mailto:" . CONTACTEMAIL . "\">let us know</a>. Thanks.");
}
$PAGE->message($message);
if ($advert) {
$advert_shown = alert_confirmation_advert($details);
if ($extra) {
$extra .= "; ";
}
$extra .= "advert={$advert_shown}";
}
suggest_alerts($details['email'], $details['pid'], 5);
$PAGE->stripe_end();
$PAGE->page_end($extra);
}
$toemail = $m[1];
}
}
if ($nomail) {
mlog("NOT SENDING EMAIL\n");
}
if ($fromemail && $onlyemail || $toemail && $onlyemail) {
mlog("Can't have both from/to and only!\n");
exit;
}
$active = 0;
$queries = 0;
$unregistered = 0;
$registered = 0;
$sentemails = 0;
$LIVEALERTS = new ALERT();
$current_email = '';
$email_text = '';
$globalsuccess = 1;
# Fetch all confirmed, non-deleted alerts
$confirmed = 1;
$deleted = 0;
$alertdata = $LIVEALERTS->fetch($confirmed, $deleted);
$alertdata = $alertdata['data'];
$DEBATELIST = new DEBATELIST();
# Nothing debate specific, but has to be one of them
$sects = array('', 'House of Representatives debate', 'Westminster Hall debate', 'Written Answer', 'Written Ministerial Statement', 'Northern Ireland Assembly debate');
$sects[101] = 'Lords debate';
$sects_short = array('', 'debate', 'westminhall', 'wrans', 'wms', 'ni');
$sects_short[101] = 'lords';
$results = array();
// What happens? They will come here with t=23-adsf7897fd78d9sfsd200501021500
// where the value of 't' is a form of their registration token.
// This token is a salted version of their email address concatenated
// with the time the alert was created.
// We check this exists in the database and if so we run the delete
// function of class ALERT to set the field deleted in the table
// alerts to true.
// We then print a confirmation message.
// This depends on there being page definitions in metadata.php
// FUNCTIONS
// delete_success() Displays a page with a success confirmation message
// delete_error() Displays a page with an error message
// INITIALISATION
include_once "../../../includes/easyparliament/init.php";
// Instantiate an instance of ALERT
$ALERT = new ALERT();
$success = $ALERT->delete(get_http_var('t'));
if ($success) {
delete_success();
} else {
delete_error();
}
// FUNCTION: delete_success
function delete_success()
{
global $PAGE, $this_page;
$this_page = 'alertdeletesucceeded';
$PAGE->page_start();
$PAGE->stripe_start();
?>
public function add($details, $confirmation_required = true)
{
// Adds a new user's info into the db.
// Then optionally (and usually) calls another function to
// send them a confirmation email.
// $details is an associative array of all the user's details, of the form:
// array (
// "firstname" => "Fred",
// "lastname" => "Bloggs",
// etc... using the same keys as the object variable names.
// )
// The BOOL variables (eg, optin) will be true or false and will need to be
// converted to 1/0 for MySQL.
global $REMOTE_ADDR;
$registrationtime = gmdate("YmdHis");
$passwordforDB = password_hash($details["password"], PASSWORD_BCRYPT);
if (!isset($details["status"])) {
$details["status"] = "User";
}
$optin = $details["optin"] == true ? 1 : 0;
$emailpublic = $details["emailpublic"] == true ? 1 : 0;
$q = $this->db->query("INSERT INTO users (\n firstname,\n lastname,\n email,\n emailpublic,\n postcode,\n url,\n password,\n optin,\n status,\n registrationtime,\n registrationip,\n deleted\n ) VALUES (\n :firstname,\n :lastname,\n :email,\n :emailpublic,\n :postcode,\n :url,\n :password,\n :optin,\n :status,\n :registrationtime,\n :registrationip,\n '0'\n )\n ", array(':firstname' => $details["firstname"], ':lastname' => $details["lastname"], ':email' => $details["email"], ':emailpublic' => $emailpublic, ':postcode' => $details["postcode"], ':url' => $details["url"], ':password' => $passwordforDB, ':optin' => $optin, ':status' => $details["status"], ':registrationtime' => $registrationtime, ':registrationip' => $REMOTE_ADDR));
if ($q->success()) {
// Set these so we can log in.
// Except we no longer automatically log new users in, we
// send them an email. So this may not be required.
$this->user_id = $q->insert_id();
$this->password = $passwordforDB;
// We have to set the user's registration token.
// This will be sent to them via email, so we can confirm they exist.
// The token will be the first 16 characters of a hash.
$token = substr(password_hash($details["email"] . microtime(), PASSWORD_BCRYPT), 29, 16);
// Full stops don't work well at the end of URLs in emails,
// so replace them. We won't be doing anything clever with the hash
// stuff, just need to match this token.
$this->registrationtoken = strtr($token, '.', 'X');
// Add that to the DB.
$r = $this->db->query("UPDATE users\n SET registrationtoken = :registrationtoken\n WHERE user_id = :user_id\n ", array(':registrationtoken' => $this->registrationtoken, ':user_id' => $this->user_id));
if ($r->success()) {
// Updated DB OK.
if ($details['mp_alert'] && $details['postcode']) {
$MEMBER = new MEMBER(array('postcode' => $details['postcode'], 'house' => 1));
$pid = $MEMBER->person_id();
# No confirmation email, but don't automatically confirm
$ALERT = new ALERT();
$ALERT->add(array('email' => $details['email'], 'pid' => $pid, 'pc' => $details['postcode']), false, false);
}
if ($confirmation_required) {
// Right, send the email...
$success = $this->send_confirmation_email($details);
if ($success) {
// All is good in the world!
return true;
} else {
// Couldn't send the email.
return false;
}
} else {
// No confirmation email needed.
return true;
}
} else {
// Couldn't add the registration token to the DB.
return false;
}
} else {
// Couldn't add the user's data to the DB.
return false;
}
}
FUNCTIONS
check_input() Validates the edited or added alert data and creates error messages.
add_alert() Adds alert to database depending on success.
display_search_form() Shows the new form to enter alert data.
set_criteria() Sets search criteria from information in MP and Keyword fields.
*/
include_once '../../includes/easyparliament/init.php';
include_once INCLUDESPATH . "easyparliament/people.php";
include_once INCLUDESPATH . "easyparliament/member.php";
include_once INCLUDESPATH . "easyparliament/searchengine.php";
include_once INCLUDESPATH . '../../commonlib/phplib/auth.php';
include_once INCLUDESPATH . '../../commonlib/phplib/crosssell.php';
$this_page = "alert";
$extra = null;
$ALERT = new ALERT();
$token = get_http_var('t');
$alert = $ALERT->check_token($token);
$message = '';
if ($action = get_http_var('action')) {
$success = true;
if ($action == 'Confirm') {
$success = $ALERT->confirm($token);
if ($success) {
$criteria = $ALERT->criteria_pretty(true);
$message = "<p>Your alert has been confirmed. You will now\n receive email alerts for the following criteria:</p>\n <ul>{$criteria}</ul> <p>This is normally the day after, but could\n conceivably be later due to issues at our or parliament.uk's\n end.</p>";
}
} elseif ($action == 'Suspend') {
$success = $ALERT->suspend($token);
if ($success) {
$message = '<p><strong>That alert has been suspended.</strong> You will no longer receive this alert.</p>';
/**
* Test that we can't delete an alert with a bad token
*/
public function testResumeInvalid()
{
$ALERT = new ALERT();
$response = $ALERT->resume('6::badtoken');
$this->assertEquals(false, $response);
}
