diff --git a/lib/requiredpublic.php b/lib/requiredpublic.php index 9817887..8f6fe5b 100644 --- a/lib/requiredpublic.php +++ b/lib/requiredpublic.php @@ -18,6 +18,9 @@ if (!DEBUG) { ini_set('display_errors', 'On'); } +ini_set('session.gc_maxlifetime', 3600 * 2); +session_set_cookie_params(0); + session_start(); // Unicode, solves almost all stupid encoding problems @@ -31,7 +34,6 @@ header('X-Content-Type-Options: nosniff'); header('X-XSS-Protection: 1; mode=block'); header('X-Frame-Options: "DENY"'); header('Referrer-Policy: "no-referrer, strict-origin-when-cross-origin"'); -$SECURE_NONCE = base64_encode(random_bytes(8)); // // Composer diff --git a/public/actions/submitmembership.php b/public/actions/submitmembership.php index fffa2c4..53fd730 100644 --- a/public/actions/submitmembership.php +++ b/public/actions/submitmembership.php @@ -9,7 +9,7 @@ require_once __DIR__ . "/../../lib/requiredpublic.php"; function errorBack(string $errormsg) { - header("Location: ../?error=" . htmlentities($errormsg)); + header("Location: ../?page=signup&error=" . htmlentities($errormsg)); die($errormsg); } @@ -19,6 +19,10 @@ if (empty($_POST['agree_terms'])) { if (!empty($_SESSION['familyid']) && $database->has("families", ['familyid' => $_SESSION['familyid']])) { $familyid = $_SESSION['familyid']; +} else if (!empty($_POST['renewing'])) { + // Session expired, but we're renewing, so kick them back to verification + header("Location: ../?page=renew&msg=sessionexpired"); + die("You took too long and were automatically logged out. Please try again."); } $database->action(function($database) { @@ -46,7 +50,7 @@ $database->action(function($database) { errorBack("Enter a valid 10-digit phone number."); } - $email = $_POST['email']; + $email = strtolower($_POST['email']); if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { errorBack("The email address looks wrong."); } diff --git a/public/index.php b/public/index.php index 3250e6a..dc44c3b 100644 --- a/public/index.php +++ b/public/index.php @@ -7,11 +7,21 @@ require_once __DIR__ . "/../lib/requiredpublic.php"; -$page = "signup.php"; +$page = "entry.php"; if (!empty($_GET['page'])) { switch ($_GET['page']) { + case "renew": + $page = "renew.php"; + break; + case "verify": + $page = "verify.php"; + break; + case "signup": + $page = "signup.php"; + break; case "thanks": $page = "thanks.php"; + break; } } ?> diff --git a/public/parts/entry.php b/public/parts/entry.php new file mode 100644 index 0000000..26150c2 --- /dev/null +++ b/public/parts/entry.php @@ -0,0 +1,46 @@ + +
+
+
+
+ +
+ HACHE: Helena Area Christian Home Educators + +

Membership Portal

+
+
+ +
+ +
+ + + + + New Family +
+ + + + +
+ + + + + Renewing Family +
+ + + +
+
+
+
\ No newline at end of file diff --git a/public/parts/renew.php b/public/parts/renew.php index a9f1bc9..10006a9 100644 --- a/public/parts/renew.php +++ b/public/parts/renew.php @@ -5,6 +5,57 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ ?> -
+
+
+
+
+
+ HACHE: Helena Area Christian Home Educators + +

Renew Your Membership

+ +
+

+ Please enter your email address below. You'll be + sent a verification code. This is to ensure nobody + else can view or change your family's information. +

+ + +
+ +
+ + +
+
+ +
+ +
+
+
+
+
+
+
\ No newline at end of file diff --git a/public/parts/signup.php b/public/parts/signup.php index 903167d..f539ec8 100644 --- a/public/parts/signup.php +++ b/public/parts/signup.php @@ -35,6 +35,15 @@ if (isset($_SESSION['familyid']) && $database->has('families', ['familyid' => $_ ?>
+ + +
@@ -264,7 +273,7 @@ if (isset($_SESSION['familyid']) && $database->has('families', ['familyid' => $_

- The membership fees (determined by your newsletter + The membership fees (determined by your newsletter preference) cover costs of the following: phone; website; postage; distribution of newsletters and directories; publication of materials; library; and other diff --git a/public/parts/thanks.php b/public/parts/thanks.php index 0f01d91..3ef84ec 100644 --- a/public/parts/thanks.php +++ b/public/parts/thanks.php @@ -11,11 +11,11 @@

HACHE: Helena Area Christian Home Educators - +

Thank You!

- + Checkmark - + Your membership has been renewed."; @@ -23,6 +23,7 @@ echo "

Your membership has been submitted and paid for. We'll be in touch soon!

"; } ?> +

You may now close this page.

diff --git a/public/parts/verify.php b/public/parts/verify.php new file mode 100644 index 0000000..95b34b2 --- /dev/null +++ b/public/parts/verify.php @@ -0,0 +1,80 @@ +has("families", ['email' => strtolower($_POST['email'])])) { + header("Location: ./?page=renew&msg=noemail"); + die("We don't have that email on file for any current families."); + } + + $code = mt_rand(100000, 999999); + $_SESSION['code'] = $code; + $_SESSION['maybefamily'] = $database->get('families', 'familyid', ['email' => strtolower($_POST['email'])]); + + // TODO: send email + echo $code; + +} else if (!empty($_POST['code'])) { + if (empty($_SESSION['code'])) { + header("Location: ./?page=renew&msg=sessionexpired"); + die("You took too long and were automatically logged out. Please try again."); + } + if (preg_replace("/[^0-9]/", "", $_POST['code']) == $_SESSION['code']) { + $_SESSION['familyid'] = $_SESSION['maybefamily']; + header("Location: ./?page=signup"); + die("You are verified, go to ./?page=signup"); + } + $badcode = true; +} else { + header("Location: ./?page=renew&msg=bademail"); + die("That email address doesn't look right. Please try again."); +} +?> +
+
+
+
+ +
+ HACHE: Helena Area Christian Home Educators + +

Renew Your Membership

+ +
+

+ Enter the code from the email we just sent you. + If you didn't get it, check your spam or junk folder. +

+ + +
+ The code you entered is incorrect. +
+ + + +
+ +
+ +
+
+ +
+
+
+
+
\ No newline at end of file