gettoken.php 2.11 KB
Newer Older
dmorley's avatar
dmorley committed
1
<?php
2 3 4 5 6 7

// Required parameters.
($_domain = $_POST['domain'] ?? null) || die('no pod domain given');

// Other parameters.
$_email = $_POST['email'] ?? '';
8 9 10

require_once __DIR__ . '/../config.php';

dmorley's avatar
cleanup  
dmorley committed
11
$dbh = pg_connect("dbname=$pgdb user=$pguser password=$pgpass");
12 13
$dbh || die('Error in connection: ' . pg_last_error());

14 15
$sql    = 'SELECT email FROM pods WHERE domain = $1';
$result = pg_query_params($dbh, $sql, [$_domain]);
16 17
$result || die('Error in SQL query: ' . pg_last_error());

dmorley's avatar
dmorley committed
18
$rows = pg_num_rows($result);
19 20
$rows > 0 || die('domain not found');

dmorley's avatar
cleanup  
dmorley committed
21
while ($row = pg_fetch_array($result)) {
22 23 24 25 26
  // Set up common variables.
  $uuid          = md5(uniqid($_domain, true));
  $link          = sprintf('https://%1$s/db/edit.php?domain=%2$s&token=%3$s', $_SERVER['HTTP_HOST'], $_domain, $uuid);
  $headers       = ['From: ' . $adminemail];
  $message_lines = [];
27

28 29
  if ($_email) {
    $row['email'] === $_email || die('email mismatch');
30

31 32 33 34 35
    $to        = $_email;
    $subject   = 'Temporary edit key for ' . $_SERVER['HTTP_HOST'];
    $headers[] = 'Bcc: ' . $adminemail;
    $expire    = time() + 2700;
    $output    = 'Link sent to your email';
David Morley's avatar
David Morley committed
36 37 38
  } elseif (!$row['email']) {
      echo "domain is registered but no email associated, to add an email use the add a pod feature";die;  
    } else {
39 40 41 42 43 44 45 46
    $to              = $adminemail;
    $subject         = 'FORWARD REQUEST: Temporary edit key for ' . $_SERVER['HTTP_HOST'];
    $message_lines[] = 'User trying to edit pod without email address.';
    $message_lines[] = 'Email found: ' . $row['email'];
    $expire          = time() + 9700;
    $output          = 'Link sent to administrator to review and verify, if approved they will forward the edit key to you.';
  }

47
    $sql    = 'UPDATE pods SET token = $1, tokenexpire = $2 WHERE domain = $3';
David Morley's avatar
David Morley committed
48
    $result = pg_query_params($dbh, $sql, [$uuid, date('Y-m-d H:i:s', $expire), $_domain]);
49 50
    $result || die('Error in SQL query: ' . pg_last_error());

51 52 53 54 55 56
  $message_lines[] = 'Link: ' . $link;
  $message_lines[] = 'Expires: ' . date('Y-m-d H:i:s T', $expire);

  @mail($to, $subject, implode("\r\n", $message_lines), implode("\r\n", $headers));

  echo $output;
57
}