nemunaire/nemubot-askweb
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Change the question id after confirmation (protect again validation by sender)

Browse Source
This commit is contained in:
Némunaire 2012-06-09 23:52:45 +02:00
parent d2544cabb2
commit a058ffa29f
3 changed files with 30 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Question.class.php
View File

@ -50,9 +50,15 @@ class Question
return $q; return $q;
} }
public function regen_id()
{
$this->id = md5(time().$this->question.$this->validator);
}
public function set_validator($val) public function set_validator($val)
{ {
$this->validator = $val; $this->validator = $val;
$this->regen_id();
} }
public function get_validator() public function get_validator()

46
confirmation.php
View File

@ -1,32 +1,25 @@
<!DOCTYPE html> <?php
<?php
include("Question.class.php"); include("Question.class.php");
include("QuestionsFile.class.php"); include("QuestionsFile.class.php");
$id = $_GET['id']; $id = $_GET['id'];
$file = new QuestionsFile("questions.xml"); $fileQ = new QuestionsFile("questions.xml");
$question = $file->get_question($id); $question = $fileQ->get_question($id);
if (!$question) if (!empty($question))
{
echo "Mauvais ID\n";
}
else
{ {
$dest_mail = $question->get_validator(); $dest_mail = $question->get_validator();
$validationAddress = "/validation.php?id=".$question->getId();
// Uncomment the following part for random email // Uncomment the following part for random email
while ($dest_mail == $question->get_validator()) do
{ {
$file = fopen('email.txt', 'r'); $file = fopen('email.txt', 'r');
$number = fgets($file); $number = fgets($file);
$random = rand(1, $number); $random = rand(1, intval($number));
for ($i = 0; $i < $random; $i++) for ($i = 0; $i < $random; $i++)
{ {
@ -34,11 +27,15 @@ else
} }
fclose($file); fclose($file);
} }
while ($dest_mail == $question->get_validator());
$question->set_validator($dest_mail);
$validationAddress = "/validation.php?id=".$question->getId();
/* This code works, perhaps should be placed in a method in Question class?*/ /* This code works, perhaps should be placed in a method in Question class?*/
$to = $dest_mail; $to = $dest_mail;
$subject = "[Nemubot] Validation d'une question"; $subject = "[Nemubot] Validation d'une question";
$headers = "From: Nemubot <bot@nemunai.re>"; $headers = "From: Nemubot <bot@nemunai.re>\n";
$message = "Bonjour,\n" $message = "Bonjour,\n"
."Une nouvelle question a été proposée à Nemubot.\n\n" ."Une nouvelle question a été proposée à Nemubot.\n\n"
@ -60,22 +57,15 @@ else
if (mail($to, $subject, $message, $headers)) if (mail($to, $subject, $message, $headers))
{ {
echo ("Email sent to: " . $dest_mail); $fileQ->save();
header("Location: ./thanksConfirmation.php");
} }
else else
echo ("Error with the email"); die("Une erreur s'est produite lors de l'envoie du mail");
header("Location: ./thanksConfirmation.php?id=" . $question->getId());
} }
//*/ //*/
else
{
die("ID de question invalide ou déjà validé.");
}
?> ?>
<html>
<head>
<meta charset="utf8" />
</head>
<body>
</body>
</html>

29
thanksConfirmation.php
View File

@ -18,30 +18,13 @@
<section> <section>
<h2>Merci de votre participation</h2> <h2>Merci de votre participation</h2>
<p> <p>
<?php Votre question a bien été prise en compte.<br/>
include("Question.class.php"); Un email a été envoyé à une personne du chan pour
include("QuestionsFile.class.php"); qu'elle valide votre question.
</p>
$id = $_GET['id']; <p>
$file = new QuestionsFile("questions.xml");
$question = $file->get_question($id);
if (!$question)
{
echo "La question n'existe pas.";
}
else
{
echo ("Votre question a bien été prise en compte.<br/>"
."Un email a été envoyé à une personne du chan pour "
."qu'elle valide votre question."
."</p>
<p>
Nemubot vous remercie de l'aider à agrandir sa base de donnée Nemubot vous remercie de l'aider à agrandir sa base de donnée
</p>"); </p>
}
?>
</section> </section>
</body> </body>
</html> </html>