gettoken.php 2.1 KB
Newer Older
1
<?php
2

noplanman's avatar
noplanman committed
3 4
use RedBeanPHP\R;

5 6 7 8 9
// Required parameters.
($_domain = $_POST['domain'] ?? null) || die('no pod domain given');

// Other parameters.
$_email = $_POST['email'] ?? '';
10

noplanman's avatar
noplanman committed
11
require_once __DIR__ . '/../vendor/autoload.php';
12 13
require_once __DIR__ . '/../config.php';

noplanman's avatar
noplanman committed
14 15 16 17 18
define('PODUPTIME', microtime(true));

// Set up global DB connection.
R::setup("pgsql:host={$pghost};dbname={$pgdb}", $pguser, $pgpass, true);
R::testConnection() || die('Error in DB connection');
dmorley's avatar
dmorley committed
19
R::usePartialBeans(true);
noplanman's avatar
noplanman committed
20 21 22 23 24 25 26 27 28 29

try {
  $pod = R::findOne('pods', 'domain = ?', [$_domain]);
  $pod || die('domain not found');
} catch (\RedBeanPHP\RedException $e) {
  die('Error in SQL query: ' . $e->getMessage());
}

// Set up common variables.
$uuid          = md5(uniqid($_domain, true));
dmorley's avatar
dmorley committed
30
$link          = sprintf('https://%1$s/?edit&domain=%2$s&token=%3$s', $_SERVER['HTTP_HOST'], $_domain, $uuid);
noplanman's avatar
noplanman committed
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55
$headers       = ['From: ' . $adminemail];
$message_lines = [];

if ($_email) {
  $pod['email'] === $_email || die('email mismatch');

  $to        = $_email;
  $subject   = 'Temporary edit key for ' . $_SERVER['HTTP_HOST'];
  $headers[] = 'Bcc: ' . $adminemail;
  $expire    = time() + 2700;
  $output    = 'Link sent to your email';
} elseif (!$pod['email']) {
  die('domain is registered but no email associated, to add an email use the add a pod feature');
} else {
  $to              = $adminemail;
  $subject         = 'FORWARD REQUEST: Temporary edit key for ' . $_SERVER['HTTP_HOST'];
  $message_lines[] = 'User trying to edit pod without email address.';
  $message_lines[] = 'Email found: ' . $pod['email'];
  $expire          = time() + 9700;
  $output          = 'Link sent to administrator to review and verify, if approved they will forward the edit key to you.';
}

try {
  $pod['token']       = $uuid;
  $pod['tokenexpire'] = date('Y-m-d H:i:s', $expire);
56

noplanman's avatar
noplanman committed
57 58 59
  R::store($pod);
} catch (\RedBeanPHP\RedException $e) {
  die('Error in SQL query: ' . $e->getMessage());
60
}
noplanman's avatar
noplanman committed
61 62 63 64 65 66 67

$message_lines[] = 'Link: ' . $link;
$message_lines[] = 'Expires: ' . date('Y-m-d H:i:s T', $expire);

@mail($to, $subject, implode("\r\n", $message_lines), implode("\r\n", $headers));

echo $output;