function add_alert($details) { global $ALERT, $PAGE, $THEUSER, $this_page; $extra = null; // Instantiate an instance of ALERT $ALERT = new ALERT(); $external_auth = auth_verify_with_shared_secret($details['email'], OPTION_AUTH_SHARED_SECRET, get_http_var('sign')); if ($external_auth) { $site = get_http_var('site'); if ($site != 'wtt' && $site != 'hfymp') { $site = 'unknown'; } $extra = 'from_' . $site . '=1'; $confirm = false; } elseif ($THEUSER->loggedin()) { $confirm = false; } else { $confirm = true; } // If this goes well, the alert will be added to the database and a confirmation email // will be sent to them. $success = $ALERT->add($details, $confirm); // Display results message on blank page for both success and failure $this_page = 'alertwelcome'; $URL = new URL('alertwelcome'); $backlink = $URL->generate(); $PAGE->page_start(); $PAGE->stripe_start(); $advert = false; if ($success > 0 && !$confirm) { if ($details['pid']) { $MEMBER = new MEMBER(array('person_id' => $details['pid'])); $criteria = $MEMBER->full_name(); if ($details['keyword']) { $criteria .= ' mentions \'' . $details['keyword'] . '\''; } else { $criteria .= ' contributes'; } } elseif ($details['keyword']) { $criteria = '\'' . $details['keyword'] . '\' is mentioned'; } $message = array('title' => 'Your alert has been added', 'text' => 'You will now receive email alerts on any day when ' . $criteria . ' in parliament.'); $advert = true; } elseif ($success > 0) { $message = array('title' => "We're nearly done...", 'text' => "You should receive an email shortly which will contain a link. You will need to follow that link to confirm your email address to receive the alert. Thanks."); } elseif ($success == -2) { $message = array('title' => 'You already have this alert', 'text' => 'You already appear to be subscribed to this email alert, so we have not signed you up to it again.'); $advert = true; } else { $message = array('title' => "This alert has not been accepted", 'text' => "Sorry, we were unable to create this alert. Please <a href=\"mailto:" . CONTACTEMAIL . "\">let us know</a>. Thanks."); } $PAGE->message($message); if ($advert) { $advert_shown = alert_confirmation_advert($details); if ($extra) { $extra .= "; "; } $extra .= "advert={$advert_shown}"; } suggest_alerts($details['email'], $details['pid'], 5); $PAGE->stripe_end(); $PAGE->page_end($extra); }
public function add($details, $confirmation_required = true) { // Adds a new user's info into the db. // Then optionally (and usually) calls another function to // send them a confirmation email. // $details is an associative array of all the user's details, of the form: // array ( // "firstname" => "Fred", // "lastname" => "Bloggs", // etc... using the same keys as the object variable names. // ) // The BOOL variables (eg, optin) will be true or false and will need to be // converted to 1/0 for MySQL. global $REMOTE_ADDR; $registrationtime = gmdate("YmdHis"); $passwordforDB = password_hash($details["password"], PASSWORD_BCRYPT); if (!isset($details["status"])) { $details["status"] = "User"; } $optin = $details["optin"] == true ? 1 : 0; $emailpublic = $details["emailpublic"] == true ? 1 : 0; $q = $this->db->query("INSERT INTO users (\n firstname,\n lastname,\n email,\n emailpublic,\n postcode,\n url,\n password,\n optin,\n status,\n registrationtime,\n registrationip,\n deleted\n ) VALUES (\n :firstname,\n :lastname,\n :email,\n :emailpublic,\n :postcode,\n :url,\n :password,\n :optin,\n :status,\n :registrationtime,\n :registrationip,\n '0'\n )\n ", array(':firstname' => $details["firstname"], ':lastname' => $details["lastname"], ':email' => $details["email"], ':emailpublic' => $emailpublic, ':postcode' => $details["postcode"], ':url' => $details["url"], ':password' => $passwordforDB, ':optin' => $optin, ':status' => $details["status"], ':registrationtime' => $registrationtime, ':registrationip' => $REMOTE_ADDR)); if ($q->success()) { // Set these so we can log in. // Except we no longer automatically log new users in, we // send them an email. So this may not be required. $this->user_id = $q->insert_id(); $this->password = $passwordforDB; // We have to set the user's registration token. // This will be sent to them via email, so we can confirm they exist. // The token will be the first 16 characters of a hash. $token = substr(password_hash($details["email"] . microtime(), PASSWORD_BCRYPT), 29, 16); // Full stops don't work well at the end of URLs in emails, // so replace them. We won't be doing anything clever with the hash // stuff, just need to match this token. $this->registrationtoken = strtr($token, '.', 'X'); // Add that to the DB. $r = $this->db->query("UPDATE users\n SET registrationtoken = :registrationtoken\n WHERE user_id = :user_id\n ", array(':registrationtoken' => $this->registrationtoken, ':user_id' => $this->user_id)); if ($r->success()) { // Updated DB OK. if ($details['mp_alert'] && $details['postcode']) { $MEMBER = new MEMBER(array('postcode' => $details['postcode'], 'house' => 1)); $pid = $MEMBER->person_id(); # No confirmation email, but don't automatically confirm $ALERT = new ALERT(); $ALERT->add(array('email' => $details['email'], 'pid' => $pid, 'pc' => $details['postcode']), false, false); } if ($confirmation_required) { // Right, send the email... $success = $this->send_confirmation_email($details); if ($success) { // All is good in the world! return true; } else { // Couldn't send the email. return false; } } else { // No confirmation email needed. return true; } } else { // Couldn't add the registration token to the DB. return false; } } else { // Couldn't add the user's data to the DB. return false; } }
function add($details, $confirmation_required = true) { // Adds a new user's info into the db. // Then optionally (and usually) calls another function to // send them a confirmation email. // $details is an associative array of all the user's details, of the form: // array ( // "firstname" => "Fred", // "lastname" => "Bloggs", // etc... using the same keys as the object variable names. // ) // The BOOL variables (eg, optin) will be true or false and will need to be // converted to 1/0 for MySQL. global $REMOTE_ADDR; $registrationtime = gmdate("YmdHis"); // We crypt all passwords going into DB. $passwordforDB = crypt($details["password"]); if (!isset($details["status"])) { $details["status"] = "User"; } $optin = $details["optin"] == true ? 1 : 0; $emailpublic = $details["emailpublic"] == true ? 1 : 0; $q = $this->db->query("INSERT INTO users (\n\t\t\t\tfirstname,\n\t\t\t\tlastname,\n\t\t\t\temail,\n\t\t\t\temailpublic,\n\t\t\t\tpostcode,\n\t\t\t\turl,\n\t\t\t\tpassword,\n\t\t\t\toptin,\n\t\t\t\tstatus,\n\t\t\t\tregistrationtime,\n\t\t\t\tregistrationip,\n\t\t\t\tdeleted\n\t\t\t) VALUES (\n\t\t\t\t'" . mysql_escape_string($details["firstname"]) . "',\n\t\t\t\t'" . mysql_escape_string($details["lastname"]) . "',\n\t\t\t\t'" . mysql_escape_string($details["email"]) . "',\n\t\t\t\t'" . mysql_escape_string($emailpublic) . "',\n\t\t\t\t'" . mysql_escape_string($details["postcode"]) . "',\n\t\t\t\t'" . mysql_escape_string($details["url"]) . "',\n\t\t\t\t'" . mysql_escape_string($passwordforDB) . "',\n\t\t\t\t'" . mysql_escape_string($optin) . "',\n\t\t\t\t'" . mysql_escape_string($details["status"]) . "',\n\t\t\t\t'" . mysql_escape_string($registrationtime) . "',\n\t\t\t\t'" . mysql_escape_string($REMOTE_ADDR) . "',\n\t\t\t\t'0'\n\t\t\t)\n\t\t"); if ($q->success()) { // Set these so we can log in. // Except we no longer automatically log new users in, we // send them an email. So this may not be required. $this->user_id = $q->insert_id(); $this->password = $passwordforDB; // We have to set the user's registration token. // This will be sent to them via email, so we can confirm they exist. // The token will be the first 16 characters of a crypt. $token = substr(crypt($details["email"] . microtime()), 12, 16); // Full stops don't work well at the end of URLs in emails, // so replace them. We won't be doing anything clever with the crypt // stuff, just need to match this token. $this->registrationtoken = strtr($token, '.', 'X'); // Add that to the DB. $r = $this->db->query("UPDATE users\n\t\t\t\t\t\t\tSET\tregistrationtoken = '" . mysql_escape_string($this->registrationtoken) . "'\n\t\t\t\t\t\t\tWHERE\tuser_id = '" . mysql_escape_string($this->user_id) . "'\n\t\t\t\t\t\t\t"); if ($r->success()) { // Updated DB OK. if ($details['mp_alert'] && $details['postcode']) { $MEMBER = new MEMBER(array('postcode' => $details['postcode'])); $pid = $MEMBER->person_id(); # No confirmation email, but don't automatically confirm $ALERT = new ALERT(); $ALERT->add(array('email' => $details['email'], 'pid' => $pid), false, false); } if ($confirmation_required) { // Right, send the email... $success = $this->send_confirmation_email($details); if ($success) { // All is good in the world! return true; } else { // Couldn't send the email. return false; } } else { // No confirmation email needed. return true; } } else { // Couldn't add the registration token to the DB. return false; } } else { // Couldn't add the user's data to the DB. return false; } }
/** * Test that adding an already deleted alert works as expected */ public function testAddDeleted() { $ALERT = new ALERT(); $details = array('email' => '*****@*****.**', 'keyword' => 'test4', 'pc' => 'SW1A 1AA'); $response = $ALERT->add($details, false, true); // We *should* get a return of 1 $this->assertEquals(1, $response); // There is no way to get the last insert ID from the response itself. // Currently we trust that add() can spot its own errors. }