Netsyms/HACHEMembershipPortal
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add renewal verification UI flow. TODO: send verification email

Browse Source
This commit is contained in:
Skylar Ittner 2018-12-03 19:53:10 -07:00
parent 144685b31f
commit cce1584f1b
8 changed files with 212 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/requiredpublic.php
View File

@ -18,6 +18,9 @@ if (!DEBUG) {
ini_set('display_errors', 'On'); ini_set('display_errors', 'On');
} }
ini_set('session.gc_maxlifetime', 3600 * 2);
session_set_cookie_params(0);
session_start(); session_start();
// Unicode, solves almost all stupid encoding problems // Unicode, solves almost all stupid encoding problems
@ -31,7 +34,6 @@ header('X-Content-Type-Options: nosniff');
header('X-XSS-Protection: 1; mode=block'); header('X-XSS-Protection: 1; mode=block');
header('X-Frame-Options: "DENY"'); header('X-Frame-Options: "DENY"');
header('Referrer-Policy: "no-referrer, strict-origin-when-cross-origin"'); header('Referrer-Policy: "no-referrer, strict-origin-when-cross-origin"');
$SECURE_NONCE = base64_encode(random_bytes(8));
// //
// Composer // Composer

8
public/actions/submitmembership.php
View File

@ -9,7 +9,7 @@
require_once __DIR__ . "/../../lib/requiredpublic.php"; require_once __DIR__ . "/../../lib/requiredpublic.php";
function errorBack(string $errormsg) { function errorBack(string $errormsg) {
header("Location: ../?error=" . htmlentities($errormsg)); header("Location: ../?page=signup&error=" . htmlentities($errormsg));
die($errormsg); die($errormsg);
} }
@ -19,6 +19,10 @@ if (empty($_POST['agree_terms'])) {
if (!empty($_SESSION['familyid']) && $database->has("families", ['familyid' => $_SESSION['familyid']])) { if (!empty($_SESSION['familyid']) && $database->has("families", ['familyid' => $_SESSION['familyid']])) {
$familyid = $_SESSION['familyid']; $familyid = $_SESSION['familyid'];
} else if (!empty($_POST['renewing'])) {
// Session expired, but we're renewing, so kick them back to verification
header("Location: ../?page=renew&msg=sessionexpired");
die("You took too long and were automatically logged out. Please try again.");
} }
$database->action(function($database) { $database->action(function($database) {
@ -46,7 +50,7 @@ $database->action(function($database) {
errorBack("Enter a valid 10-digit phone number."); errorBack("Enter a valid 10-digit phone number.");
} }
$email = $_POST['email']; $email = strtolower($_POST['email']);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
errorBack("The email address looks wrong."); errorBack("The email address looks wrong.");
} }

12
public/index.php
View File

@ -7,11 +7,21 @@
require_once __DIR__ . "/../lib/requiredpublic.php"; require_once __DIR__ . "/../lib/requiredpublic.php";
$page = "signup.php"; $page = "entry.php";
if (!empty($_GET['page'])) { if (!empty($_GET['page'])) {
switch ($_GET['page']) { switch ($_GET['page']) {
case "renew":
$page = "renew.php";
break;
case "verify":
$page = "verify.php";
break;
case "signup":
$page = "signup.php";
break;
case "thanks": case "thanks":
$page = "thanks.php"; $page = "thanks.php";
break;
} }
} }
?> ?>

46
public/parts/entry.php Normal file
View File

@ -0,0 +1,46 @@
<?php
/*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
?>
<div class="container mt-4">
<div class="row justify-content-center">
<div class="card mb-4 col-sm-6">
<div class="card-body">
<div class="text-center">
<img class="img-fluid mb-4" style="max-height: 100px; min-width: 100px;" src="static/hachelogo.svg" alt="HACHE: Helena Area Christian Home Educators"/>
<h1>Membership Portal</h1>
</div>
</div>
<div class="list-group list-group-flush">
<a class="list-group-item list-group-item-action h3 d-flex" href="./?page=signup">
<div>
<span class="fa-layers fa-fw mr-2">
<i class="fas fa-users" data-fa-transform="left-6 up-3"></i>
<i class="fas fa-plus-circle text-success" data-fa-transform="shrink-4 right-5 down-5"></i>
</span>
New Family
</div>
<span class="ml-auto text-black-50"><i class="fas fa-chevron-right"></i></span>
</a>
<a class="list-group-item list-group-item-action h3 d-flex" href="./?page=renew">
<div>
<span class="fa-layers fa-fw mr-2">
<i class="fas fa-users" data-fa-transform="left-6 up-3"></i>
<i class="fas fa-sync-alt text-primary" data-fa-transform="shrink-4 right-5 down-5"></i>
</span>
Renewing Family
</div>
<span class="ml-auto text-black-50"><i class="fas fa-chevron-right"></i></span>
</a>
</div>
</div>
</div>
</div>

53
public/parts/renew.php
View File

@ -5,6 +5,57 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. * file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/ */
?> ?>
<div class="container"> <div class="container mt-4">
<div class="row justify-content-center">
<div class="card mb-4 col-lg-8">
<div class="card-body">
<div class="text-center">
<img class="img-fluid mb-4" style="max-height: 100px; min-width: 100px;" src="static/hachelogo.svg" alt="HACHE: Helena Area Christian Home Educators"/>
<h1>Renew Your Membership</h1>
<div class="card-text">
<p>
Please enter your email address below. You'll be
sent a verification code. This is to ensure nobody
else can view or change your family's information.
</div>
<?php
$msg = "";
if (!empty($_GET['msg'])) {
switch ($_GET['msg']) {
case "sessionexpired":
$msg = "You took too long and were automatically logged out. Please try again.";
break;
case "noemail":
$msg = "We don't have that email on file for any current families.";
break;
case "bademail":
$msg = "That email address doesn't look right. Please try again.";
break;
}
}
if ($msg != "") {
?>
<div class="alert alert-danger">
<?php echo $msg; ?>
</div>
<?php
}
?>
<form action="./?page=verify" method="POST">
<div class="input-group">
<input type="email" class="form-control" name="email" placeholder="family@example.com" />
<div class="input-group-append">
<button type="submit" class="btn btn-primary">Continue <i class="fas fa-chevron-right"></i></button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div> </div>

9
public/parts/signup.php
View File

@ -35,6 +35,15 @@ if (isset($_SESSION['familyid']) && $database->has('families', ['familyid' => $_
?> ?>
<div class="container mt-4"> <div class="container mt-4">
<form action="actions/submitmembership.php" method="post" id="membershipform"> <form action="actions/submitmembership.php" method="post" id="membershipform">
<?php
// Add a hidden form element, to detect if the renewal session
// expired before we submitted the thing
if (isset($_SESSION['familyid'])) {
?>
<input type="hidden" name="renewing" value="1" />
<?php
}
?>
<div class="card mb-4"> <div class="card mb-4">
<div class="card-body"> <div class="card-body">

1
public/parts/thanks.php
View File

@ -23,6 +23,7 @@
echo "<h2 class=\"h3\">Your membership has been submitted and paid for. We'll be in touch soon!</h2>"; echo "<h2 class=\"h3\">Your membership has been submitted and paid for. We'll be in touch soon!</h2>";
} }
?> ?>
<h3 class="h5 mt-4">You may now close this page.</h3> <h3 class="h5 mt-4">You may now close this page.</h3>
</div> </div>
</div> </div>

80
public/parts/verify.php Normal file
View File

@ -0,0 +1,80 @@
<?php
/*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
$badcode = false;
if (!empty($_POST['email'])) {
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
header("Location: ./?page=renew&msg=bademail");
die("That email address doesn't look right. Please try again.");
}
if (!$database->has("families", ['email' => strtolower($_POST['email'])])) {
header("Location: ./?page=renew&msg=noemail");
die("We don't have that email on file for any current families.");
}
$code = mt_rand(100000, 999999);
$_SESSION['code'] = $code;
$_SESSION['maybefamily'] = $database->get('families', 'familyid', ['email' => strtolower($_POST['email'])]);
// TODO: send email
echo $code;
} else if (!empty($_POST['code'])) {
if (empty($_SESSION['code'])) {
header("Location: ./?page=renew&msg=sessionexpired");
die("You took too long and were automatically logged out. Please try again.");
}
if (preg_replace("/[^0-9]/", "", $_POST['code']) == $_SESSION['code']) {
$_SESSION['familyid'] = $_SESSION['maybefamily'];
header("Location: ./?page=signup");
die("You are verified, go to ./?page=signup");
}
$badcode = true;
} else {
header("Location: ./?page=renew&msg=bademail");
die("That email address doesn't look right. Please try again.");
}
?>
<div class="container mt-4">
<div class="row justify-content-center">
<div class="card mb-4 col-lg-8">
<div class="card-body">
<div class="text-center">
<img class="img-fluid mb-4" style="max-height: 100px; min-width: 100px;" src="static/hachelogo.svg" alt="HACHE: Helena Area Christian Home Educators"/>
<h1>Renew Your Membership</h1>
<div class="card-text">
<p>
Enter the code from the email we just sent you.
If you didn't get it, check your spam or junk folder.
</div>
<?php
if ($badcode) {
?>
<div class="alert alert-danger">
The code you entered is incorrect.
</div>
<?php
}
?>
<form action="./?page=verify" method="POST">
<div class="input-group">
<input type="text" class="form-control" name="code" placeholder="123abc" />
<div class="input-group-append">
<button type="submit" class="btn btn-primary">Verify <i class="fas fa-chevron-right"></i></button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>