function add_alert($details)
{
global $ALERT, $PAGE, $THEUSER, $this_page;
$extra = null;
// Instantiate an instance of ALERT
$ALERT = new ALERT();
$external_auth = auth_verify_with_shared_secret($details['email'], OPTION_AUTH_SHARED_SECRET, get_http_var('sign'));
if ($external_auth) {
$site = get_http_var('site');
if ($site != 'wtt' && $site != 'hfymp') {
$site = 'unknown';
}
$extra = 'from_' . $site . '=1';
$confirm = false;
} elseif ($THEUSER->loggedin()) {
$confirm = false;
} else {
$confirm = true;
}
// If this goes well, the alert will be added to the database and a confirmation email
// will be sent to them.
$success = $ALERT->add($details, $confirm);
// Display results message on blank page for both success and failure
$this_page = 'alertwelcome';
$URL = new URL('alertwelcome');
$backlink = $URL->generate();
$PAGE->page_start();
$PAGE->stripe_start();
$advert = false;
if ($success > 0 && !$confirm) {
if ($details['pid']) {
$MEMBER = new MEMBER(array('person_id' => $details['pid']));
$criteria = $MEMBER->full_name();
if ($details['keyword']) {
$criteria .= ' mentions \'' . $details['keyword'] . '\'';
} else {
$criteria .= ' contributes';
}
} elseif ($details['keyword']) {
$criteria = '\'' . $details['keyword'] . '\' is mentioned';
}
$message = array('title' => 'Your alert has been added', 'text' => 'You will now receive email alerts on any day when ' . $criteria . ' in parliament.');
$advert = true;
} elseif ($success > 0) {
$message = array('title' => "We're nearly done...", 'text' => "You should receive an email shortly which will contain a link. You will need to follow that link to confirm your email address to receive the alert. Thanks.");
} elseif ($success == -2) {
$message = array('title' => 'You already have this alert', 'text' => 'You already appear to be subscribed to this email alert, so we have not signed you up to it again.');
$advert = true;
} else {
$message = array('title' => "This alert has not been accepted", 'text' => "Sorry, we were unable to create this alert. Please <a href=\"mailto:" . CONTACTEMAIL . "\">let us know</a>. Thanks.");
}
$PAGE->message($message);
if ($advert) {
$advert_shown = alert_confirmation_advert($details);
if ($extra) {
$extra .= "; ";
}
$extra .= "advert={$advert_shown}";
}
suggest_alerts($details['email'], $details['pid'], 5);
$PAGE->stripe_end();
$PAGE->page_end($extra);
}
public function add($details, $confirmation_required = true)
{
// Adds a new user's info into the db.
// Then optionally (and usually) calls another function to
// send them a confirmation email.
// $details is an associative array of all the user's details, of the form:
// array (
// "firstname" => "Fred",
// "lastname" => "Bloggs",
// etc... using the same keys as the object variable names.
// )
// The BOOL variables (eg, optin) will be true or false and will need to be
// converted to 1/0 for MySQL.
global $REMOTE_ADDR;
$registrationtime = gmdate("YmdHis");
$passwordforDB = password_hash($details["password"], PASSWORD_BCRYPT);
if (!isset($details["status"])) {
$details["status"] = "User";
}
$optin = $details["optin"] == true ? 1 : 0;
$emailpublic = $details["emailpublic"] == true ? 1 : 0;
$q = $this->db->query("INSERT INTO users (\n firstname,\n lastname,\n email,\n emailpublic,\n postcode,\n url,\n password,\n optin,\n status,\n registrationtime,\n registrationip,\n deleted\n ) VALUES (\n :firstname,\n :lastname,\n :email,\n :emailpublic,\n :postcode,\n :url,\n :password,\n :optin,\n :status,\n :registrationtime,\n :registrationip,\n '0'\n )\n ", array(':firstname' => $details["firstname"], ':lastname' => $details["lastname"], ':email' => $details["email"], ':emailpublic' => $emailpublic, ':postcode' => $details["postcode"], ':url' => $details["url"], ':password' => $passwordforDB, ':optin' => $optin, ':status' => $details["status"], ':registrationtime' => $registrationtime, ':registrationip' => $REMOTE_ADDR));
if ($q->success()) {
// Set these so we can log in.
// Except we no longer automatically log new users in, we
// send them an email. So this may not be required.
$this->user_id = $q->insert_id();
$this->password = $passwordforDB;
// We have to set the user's registration token.
// This will be sent to them via email, so we can confirm they exist.
// The token will be the first 16 characters of a hash.
$token = substr(password_hash($details["email"] . microtime(), PASSWORD_BCRYPT), 29, 16);
// Full stops don't work well at the end of URLs in emails,
// so replace them. We won't be doing anything clever with the hash
// stuff, just need to match this token.
$this->registrationtoken = strtr($token, '.', 'X');
// Add that to the DB.
$r = $this->db->query("UPDATE users\n SET registrationtoken = :registrationtoken\n WHERE user_id = :user_id\n ", array(':registrationtoken' => $this->registrationtoken, ':user_id' => $this->user_id));
if ($r->success()) {
// Updated DB OK.
if ($details['mp_alert'] && $details['postcode']) {
$MEMBER = new MEMBER(array('postcode' => $details['postcode'], 'house' => 1));
$pid = $MEMBER->person_id();
# No confirmation email, but don't automatically confirm
$ALERT = new ALERT();
$ALERT->add(array('email' => $details['email'], 'pid' => $pid, 'pc' => $details['postcode']), false, false);
}
if ($confirmation_required) {
// Right, send the email...
$success = $this->send_confirmation_email($details);
if ($success) {
// All is good in the world!
return true;
} else {
// Couldn't send the email.
return false;
}
} else {
// No confirmation email needed.
return true;
}
} else {
// Couldn't add the registration token to the DB.
return false;
}
} else {
// Couldn't add the user's data to the DB.
return false;
}
}
function add($details, $confirmation_required = true)
{
// Adds a new user's info into the db.
// Then optionally (and usually) calls another function to
// send them a confirmation email.
// $details is an associative array of all the user's details, of the form:
// array (
// "firstname" => "Fred",
// "lastname" => "Bloggs",
// etc... using the same keys as the object variable names.
// )
// The BOOL variables (eg, optin) will be true or false and will need to be
// converted to 1/0 for MySQL.
global $REMOTE_ADDR;
$registrationtime = gmdate("YmdHis");
// We crypt all passwords going into DB.
$passwordforDB = crypt($details["password"]);
if (!isset($details["status"])) {
$details["status"] = "User";
}
$optin = $details["optin"] == true ? 1 : 0;
$emailpublic = $details["emailpublic"] == true ? 1 : 0;
$q = $this->db->query("INSERT INTO users (\n\t\t\t\tfirstname,\n\t\t\t\tlastname,\n\t\t\t\temail,\n\t\t\t\temailpublic,\n\t\t\t\tpostcode,\n\t\t\t\turl,\n\t\t\t\tpassword,\n\t\t\t\toptin,\n\t\t\t\tstatus,\n\t\t\t\tregistrationtime,\n\t\t\t\tregistrationip,\n\t\t\t\tdeleted\n\t\t\t) VALUES (\n\t\t\t\t'" . mysql_escape_string($details["firstname"]) . "',\n\t\t\t\t'" . mysql_escape_string($details["lastname"]) . "',\n\t\t\t\t'" . mysql_escape_string($details["email"]) . "',\n\t\t\t\t'" . mysql_escape_string($emailpublic) . "',\n\t\t\t\t'" . mysql_escape_string($details["postcode"]) . "',\n\t\t\t\t'" . mysql_escape_string($details["url"]) . "',\n\t\t\t\t'" . mysql_escape_string($passwordforDB) . "',\n\t\t\t\t'" . mysql_escape_string($optin) . "',\n\t\t\t\t'" . mysql_escape_string($details["status"]) . "',\n\t\t\t\t'" . mysql_escape_string($registrationtime) . "',\n\t\t\t\t'" . mysql_escape_string($REMOTE_ADDR) . "',\n\t\t\t\t'0'\n\t\t\t)\n\t\t");
if ($q->success()) {
// Set these so we can log in.
// Except we no longer automatically log new users in, we
// send them an email. So this may not be required.
$this->user_id = $q->insert_id();
$this->password = $passwordforDB;
// We have to set the user's registration token.
// This will be sent to them via email, so we can confirm they exist.
// The token will be the first 16 characters of a crypt.
$token = substr(crypt($details["email"] . microtime()), 12, 16);
// Full stops don't work well at the end of URLs in emails,
// so replace them. We won't be doing anything clever with the crypt
// stuff, just need to match this token.
$this->registrationtoken = strtr($token, '.', 'X');
// Add that to the DB.
$r = $this->db->query("UPDATE users\n\t\t\t\t\t\t\tSET\tregistrationtoken = '" . mysql_escape_string($this->registrationtoken) . "'\n\t\t\t\t\t\t\tWHERE\tuser_id = '" . mysql_escape_string($this->user_id) . "'\n\t\t\t\t\t\t\t");
if ($r->success()) {
// Updated DB OK.
if ($details['mp_alert'] && $details['postcode']) {
$MEMBER = new MEMBER(array('postcode' => $details['postcode']));
$pid = $MEMBER->person_id();
# No confirmation email, but don't automatically confirm
$ALERT = new ALERT();
$ALERT->add(array('email' => $details['email'], 'pid' => $pid), false, false);
}
if ($confirmation_required) {
// Right, send the email...
$success = $this->send_confirmation_email($details);
if ($success) {
// All is good in the world!
return true;
} else {
// Couldn't send the email.
return false;
}
} else {
// No confirmation email needed.
return true;
}
} else {
// Couldn't add the registration token to the DB.
return false;
}
} else {
// Couldn't add the user's data to the DB.
return false;
}
}
/**
* Test that adding an already deleted alert works as expected
*/
public function testAddDeleted()
{
$ALERT = new ALERT();
$details = array('email' => '*****@*****.**', 'keyword' => 'test4', 'pc' => 'SW1A 1AA');
$response = $ALERT->add($details, false, true);
// We *should* get a return of 1
$this->assertEquals(1, $response);
// There is no way to get the last insert ID from the response itself.
// Currently we trust that add() can spot its own errors.
}
