Change the question id after confirmation (protect again validation by sender)
This commit is contained in:
parent
d2544cabb2
commit
a058ffa29f
@ -50,9 +50,15 @@ class Question
|
||||
return $q;
|
||||
}
|
||||
|
||||
public function regen_id()
|
||||
{
|
||||
$this->id = md5(time().$this->question.$this->validator);
|
||||
}
|
||||
|
||||
public function set_validator($val)
|
||||
{
|
||||
$this->validator = $val;
|
||||
$this->regen_id();
|
||||
}
|
||||
|
||||
public function get_validator()
|
||||
|
@ -1,32 +1,25 @@
|
||||
<!DOCTYPE html>
|
||||
|
||||
<?php
|
||||
|
||||
include("Question.class.php");
|
||||
include("QuestionsFile.class.php");
|
||||
|
||||
|
||||
$id = $_GET['id'];
|
||||
|
||||
$file = new QuestionsFile("questions.xml");
|
||||
$question = $file->get_question($id);
|
||||
$fileQ = new QuestionsFile("questions.xml");
|
||||
$question = $fileQ->get_question($id);
|
||||
|
||||
if (!$question)
|
||||
{
|
||||
echo "Mauvais ID\n";
|
||||
}
|
||||
else
|
||||
if (!empty($question))
|
||||
{
|
||||
$dest_mail = $question->get_validator();
|
||||
$validationAddress = "/validation.php?id=".$question->getId();
|
||||
|
||||
// Uncomment the following part for random email
|
||||
|
||||
while ($dest_mail == $question->get_validator())
|
||||
do
|
||||
{
|
||||
$file = fopen('email.txt', 'r');
|
||||
$number = fgets($file);
|
||||
|
||||
$random = rand(1, $number);
|
||||
$random = rand(1, intval($number));
|
||||
|
||||
for ($i = 0; $i < $random; $i++)
|
||||
{
|
||||
@ -34,11 +27,15 @@ else
|
||||
}
|
||||
fclose($file);
|
||||
}
|
||||
while ($dest_mail == $question->get_validator());
|
||||
|
||||
$question->set_validator($dest_mail);
|
||||
$validationAddress = "/validation.php?id=".$question->getId();
|
||||
|
||||
/* This code works, perhaps should be placed in a method in Question class?*/
|
||||
$to = $dest_mail;
|
||||
$subject = "[Nemubot] Validation d'une question";
|
||||
$headers = "From: Nemubot <bot@nemunai.re>";
|
||||
$headers = "From: Nemubot <bot@nemunai.re>\n";
|
||||
$message = "Bonjour,\n"
|
||||
."Une nouvelle question a été proposée à Nemubot.\n\n"
|
||||
|
||||
@ -60,22 +57,15 @@ else
|
||||
|
||||
if (mail($to, $subject, $message, $headers))
|
||||
{
|
||||
echo ("Email sent to: " . $dest_mail);
|
||||
$fileQ->save();
|
||||
header("Location: ./thanksConfirmation.php");
|
||||
}
|
||||
else
|
||||
echo ("Error with the email");
|
||||
|
||||
header("Location: ./thanksConfirmation.php?id=" . $question->getId());
|
||||
die("Une erreur s'est produite lors de l'envoie du mail");
|
||||
}
|
||||
//*/
|
||||
|
||||
else
|
||||
{
|
||||
die("ID de question invalide ou déjà validé.");
|
||||
}
|
||||
?>
|
||||
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf8" />
|
||||
</head>
|
||||
|
||||
<body>
|
||||
</body>
|
||||
</html>
|
@ -18,30 +18,13 @@
|
||||
<section>
|
||||
<h2>Merci de votre participation</h2>
|
||||
<p>
|
||||
<?php
|
||||
include("Question.class.php");
|
||||
include("QuestionsFile.class.php");
|
||||
|
||||
$id = $_GET['id'];
|
||||
$file = new QuestionsFile("questions.xml");
|
||||
$question = $file->get_question($id);
|
||||
|
||||
if (!$question)
|
||||
{
|
||||
echo "La question n'existe pas.";
|
||||
}
|
||||
else
|
||||
{
|
||||
echo ("Votre question a bien été prise en compte.<br/>"
|
||||
."Un email a été envoyé à une personne du chan pour "
|
||||
."qu'elle valide votre question."
|
||||
."</p>
|
||||
Votre question a bien été prise en compte.<br/>
|
||||
Un email a été envoyé à une personne du chan pour
|
||||
qu'elle valide votre question.
|
||||
</p>
|
||||
<p>
|
||||
Nemubot vous remercie de l'aider à agrandir sa base de donnée
|
||||
</p>");
|
||||
}
|
||||
?>
|
||||
|
||||
</p>
|
||||
</section>
|
||||
</body>
|
||||
</html>
|
||||
|
Reference in New Issue
Block a user