diff options
Diffstat (limited to 'web/alert.cgi')
| -rwxr-xr-x | web/alert.cgi | 86 |
1 files changed, 65 insertions, 21 deletions
diff --git a/web/alert.cgi b/web/alert.cgi index e9a173273..724e1731f 100755 --- a/web/alert.cgi +++ b/web/alert.cgi @@ -6,7 +6,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: matthew@mysociety.org. WWW: http://www.mysociety.org # -# $Id: alert.cgi,v 1.1 2007-01-26 01:01:23 matthew Exp $ +# $Id: alert.cgi,v 1.2 2007-01-26 22:48:31 matthew Exp $ use strict; require 5.8.0; @@ -15,12 +15,15 @@ require 5.8.0; use FindBin; use lib "$FindBin::Bin/../perllib"; use lib "$FindBin::Bin/../../perllib"; +use Digest::SHA1 qw(sha1_hex); use Page; use mySociety::Alert; use mySociety::AuthToken; use mySociety::Config; use mySociety::DBHandle qw(dbh select_all); +use mySociety::Util qw(is_valid_email); +use mySociety::Web qw(ent); BEGIN { mySociety::Config::set_file("$FindBin::Bin/../conf/general"); @@ -36,10 +39,22 @@ BEGIN { sub main { my $q = shift; my $out = ''; - if (my $token = $q->param('token')) { + if (my $signed_email = $q->param('signed_email')) { + my ($salt, $signed_email) = split /,/, $signed_email; + my $email = $q->param('email'); + my $id = $q->param('id'); + my $secret = scalar(dbh()->selectrow_array('select secret from secret')); + if ($signed_email eq sha1_hex("$id-$email-$salt-$secret")) { + my $alert_id = mySociety::Alert::create($email, 'new_updates', $id); + mySociety::Alert::confirm($alert_id); + $out .= '<p>You have successfully subscribed to that alert.</p>'; + } else { + $out = '<p>We could not validate that alert.</p>'; + } + } elsif (my $token = $q->param('token')) { my $data = mySociety::AuthToken::retrieve('alert', $token); - if (my $id = $data->{id}) { - my $type = $data->{type}; + if (my $id = $data->{id}) { + my $type = $data->{type}; if ($type eq 'subscribe') { mySociety::Alert::confirm($id); $out = '<p>You have successfully confirmed your alert.</p>'; @@ -55,24 +70,31 @@ and we'll look into it. EOF } } elsif (my $email = $q->param('email')) { - # XXX: Need to validate email - my $type = $q->param('type'); - my $alert_id; - if ($type eq 'updates') { - my $id = $q->param('id'); - $alert_id = mySociety::Alert::create($email, 'new_updates', $id); - } elsif ($type eq 'problems') { - $alert_id = mySociety::Alert::create($email, 'new_problems'); - } else { - throw mySociety::Alert::Error('Invalid type'); - } - my %h = (); - $h{url} = mySociety::Config::get('BASE_URL') . '/A/' - . mySociety::AuthToken::store('alert', { id => $alert_id, type => 'subscribe' } ); - dbh()->commit(); - $out = Page::send_email($email, undef, 'alert-confirm', %h); + my @errors; + push @errors, 'Please enter a valid email address' unless is_valid_email($email); + if (@errors) { + $out = display_form($q, @errors); + } else { + my $type = $q->param('type'); + my $alert_id; + if ($type eq 'updates') { + my $id = $q->param('id'); + $alert_id = mySociety::Alert::create($email, 'new_updates', $id); + } elsif ($type eq 'problems') { + $alert_id = mySociety::Alert::create($email, 'new_problems'); + } else { + throw mySociety::Alert::Error('Invalid type'); + } + my %h = (); + $h{url} = mySociety::Config::get('BASE_URL') . '/A/' + . mySociety::AuthToken::store('alert', { id => $alert_id, type => 'subscribe' } ); + dbh()->commit(); + $out = Page::send_email($email, undef, 'alert-confirm', %h); + } + } elsif ($q->param('id')) { + $out = display_form($q); } else { - $out = 'This should probably show some sort of subscribe page.'; + $out = '<p>Subscribe from a problem page!</p>'; } print Page::header($q, 'Confirmation'); @@ -81,3 +103,25 @@ EOF } Page::do_fastcgi(\&main); +# Updates only at present +sub display_form { + my ($q, @errors) = @_; + my @vars = qw(id email); + my %input = map { $_ => $q->param($_) || '' } @vars; + my %input_h = map { $_ => $q->param($_) ? ent($q->param($_)) : '' } @vars; + my $out = ''; + if (@errors) { + $out .= '<ul id="error"><li>' . join('</li><li>', @errors) . '</li></ul>'; + } + $out .= <<EOF; +<p>Receive email when updates are left on this problem. +<form action="alert" method="post"> +<label class="n" for="alert_email">Email:</label> +<input type="text" name="email" id="alert_email" value="$input_h{email}" size="30"> +<input type="hidden" name="id" value="$input_h{id}"> +<input type="hidden" name="type" value="updates"> +<input type="submit" value="Subscribe"> +</form> +EOF + return $out; +} |