Change the question id after confirmation (protect again validation by sender)

This commit is contained in:
Némunaire 2012-06-09 23:52:45 +02:00
parent d2544cabb2
commit a058ffa29f
3 changed files with 30 additions and 51 deletions

View File

@ -50,9 +50,15 @@ class Question
return $q;
}
public function regen_id()
{
$this->id = md5(time().$this->question.$this->validator);
}
public function set_validator($val)
{
$this->validator = $val;
$this->regen_id();
}
public function get_validator()

View File

@ -1,32 +1,25 @@
<!DOCTYPE html>
<?php
<?php
include("Question.class.php");
include("QuestionsFile.class.php");
$id = $_GET['id'];
$file = new QuestionsFile("questions.xml");
$question = $file->get_question($id);
$fileQ = new QuestionsFile("questions.xml");
$question = $fileQ->get_question($id);
if (!$question)
{
echo "Mauvais ID\n";
}
else
if (!empty($question))
{
$dest_mail = $question->get_validator();
$validationAddress = "/validation.php?id=".$question->getId();
// Uncomment the following part for random email
while ($dest_mail == $question->get_validator())
do
{
$file = fopen('email.txt', 'r');
$number = fgets($file);
$random = rand(1, $number);
$random = rand(1, intval($number));
for ($i = 0; $i < $random; $i++)
{
@ -34,11 +27,15 @@ else
}
fclose($file);
}
while ($dest_mail == $question->get_validator());
$question->set_validator($dest_mail);
$validationAddress = "/validation.php?id=".$question->getId();
/* This code works, perhaps should be placed in a method in Question class?*/
$to = $dest_mail;
$subject = "[Nemubot] Validation d'une question";
$headers = "From: Nemubot <bot@nemunai.re>";
$headers = "From: Nemubot <bot@nemunai.re>\n";
$message = "Bonjour,\n"
."Une nouvelle question a été proposée à Nemubot.\n\n"
@ -60,22 +57,15 @@ else
if (mail($to, $subject, $message, $headers))
{
echo ("Email sent to: " . $dest_mail);
$fileQ->save();
header("Location: ./thanksConfirmation.php");
}
else
echo ("Error with the email");
header("Location: ./thanksConfirmation.php?id=" . $question->getId());
die("Une erreur s'est produite lors de l'envoie du mail");
}
//*/
else
{
die("ID de question invalide ou déjà validé.");
}
?>
<html>
<head>
<meta charset="utf8" />
</head>
<body>
</body>
</html>

View File

@ -18,30 +18,13 @@
<section>
<h2>Merci de votre participation</h2>
<p>
<?php
include("Question.class.php");
include("QuestionsFile.class.php");
$id = $_GET['id'];
$file = new QuestionsFile("questions.xml");
$question = $file->get_question($id);
if (!$question)
{
echo "La question n'existe pas.";
}
else
{
echo ("Votre question a bien été prise en compte.<br/>"
."Un email a été envoyé à une personne du chan pour "
."qu'elle valide votre question."
."</p>
Votre question a bien été prise en compte.<br/>
Un email a été envoyé à une personne du chan pour
qu'elle valide votre question.
</p>
<p>
Nemubot vous remercie de l'aider à agrandir sa base de donnée
</p>");
}
?>
</p>
</section>
</body>
</html>