gettoken.php 2.34 KB
Newer Older
1
<?php
2
$systemTimeZone = exec('date +%Z');
3 4 5 6 7 8

// Required parameters.
($_domain = $_POST['domain'] ?? null) || die('no pod domain given');

// Other parameters.
$_email = $_POST['email'] ?? '';
9 10 11

require_once __DIR__ . '/../config.php';

dmorley's avatar
dmorley committed
12
$dbh = pg_connect("dbname=$pgdb user=$pguser password=$pgpass");
13 14
$dbh || die('Error in connection: ' . pg_last_error());

15 16
$sql    = 'SELECT email FROM pods WHERE domain = $1';
$result = pg_query_params($dbh, $sql, [$_domain]);
17 18
$result || die('Error in SQL query: ' . pg_last_error());

dmorley's avatar
dmorley committed
19
$rows = pg_num_rows($result);
20 21
$rows > 0 || die('domain not found');

dmorley's avatar
dmorley committed
22
while ($row = pg_fetch_array($result)) {
23 24 25 26
  if ($_email) {
    $row['email'] === $_email || die('email not a match');

    $uuid   = md5(uniqid($_domain, true));
27
    $expire = date('Y-m-d H:i:s', time() + 2700);
28 29 30 31 32
    $sql    = 'UPDATE pods SET token = $1, tokenexpire = $2 WHERE domain = $3';
    $result = pg_query_params($dbh, $sql, [$uuid, $expire, $_domain]);
    $result || die('Error in SQL query: ' . pg_last_error());

    $to      = $_email;
dmorley's avatar
dmorley committed
33 34
    $subject = 'Temporary edit key for ' . $_SERVER['HTTP_HOST'];
    $message = 'Link: https://' . $_SERVER['HTTP_HOST'] . '/db/edit.php?domain=' . $_domain . '&token=' . $uuid . ' Expires: ' . $expire . ' ' . $systemTimeZone . "\n\n";
35
    $headers = "From: " . $adminemail . "\r\nBcc: " . $adminemail . "\r\n";
36
    @mail($to, $subject, $message, $headers);
37
    echo 'Link sent to your email';
38 39
  } else {
    $uuid   = md5(uniqid($_domain, true));
40
    $expire = date('Y-m-d H:i:s', time() + 9700);
41 42 43 44
    $sql    = 'UPDATE pods SET token = $1, tokenexpire = $2 WHERE domain = $3';
    $result = pg_query_params($dbh, $sql, [$uuid, $expire, $_domain]);
    $result || die('Error in SQL query: ' . pg_last_error());

david's avatar
david committed
45
    $to      = $adminemail;
dmorley's avatar
dmorley committed
46 47
    $subject = 'FORWARD REQUEST: Temporary edit key for ' . $_SERVER['HTTP_HOST'];
    $message = 'User trying to edit pod without email address. Email found: ' . $row['email'] . ' Link: https://' . $_SERVER['HTTP_HOST'] . '/db/edit.php?domain=' . $_domain . '&token=' . $uuid . ' Expires: ' . $expire . ' ' . $systemTimeZone . "\n\n";
48
    $headers = "From: " . $adminemail . "\r\nBcc: " . $adminemail . "\r\n";
49
    @mail($to, $subject, $message, $headers);
50
    echo 'Link sent to administrator to review and verify, if approved they will forward the edit key to you.';
dmorley's avatar
dmorley committed
51
  }
52

dmorley's avatar
dmorley committed
53
  pg_free_result($result);
54
}
55 56

pg_close($dbh);