1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
#!/usr/bin/perl -w
# confirm.cgi:
# Confirmation code for Neighbourhood Fix-It
#
# Copyright (c) 2006 UK Citizens Online Democracy. All rights reserved.
# Email: matthew@mysociety.org. WWW: http://www.mysociety.org
#
# $Id: confirm.cgi,v 1.7 2007-01-26 22:48:31 matthew Exp $
use strict;
require 5.8.0;
# Horrible boilerplate to set up appropriate library paths.
use FindBin;
use lib "$FindBin::Bin/../perllib";
use lib "$FindBin::Bin/../../perllib";
use Digest::SHA1 qw(sha1_hex);
use Page;
use mySociety::AuthToken;
use mySociety::Config;
use mySociety::DBHandle qw(dbh select_all);
use mySociety::Util qw(random_bytes);
BEGIN {
mySociety::Config::set_file("$FindBin::Bin/../conf/general");
mySociety::DBHandle::configure(
Name => mySociety::Config::get('BCI_DB_NAME'),
User => mySociety::Config::get('BCI_DB_USER'),
Password => mySociety::Config::get('BCI_DB_PASS'),
Host => mySociety::Config::get('BCI_DB_HOST', undef),
Port => mySociety::Config::get('BCI_DB_PORT', undef)
);
}
sub main {
my $q = shift;
my $out = '';
my $token = $q->param('token');
my $type = $q->param('type');
my $id = mySociety::AuthToken::retrieve($type, $token);
if ($id) {
if ($type eq 'update') {
dbh()->do("update comment set state='confirmed' where id=?", {}, $id);
my ($email) = dbh()->selectrow_array("select email from comment where id=?", {}, $id);
my ($problem_id, $fixed, $reopen) = dbh()->selectrow_array("select problem_id,mark_fixed,mark_open from comment where id=?", {}, $id);
if ($fixed) {
dbh()->do("update problem set state='fixed' where id=? and state='confirmed'", {}, $problem_id);
} elsif ($reopen) {
dbh()->do("update problem set state='confirmed' where id=? and state='fixed'", {}, $problem_id);
}
my $salt = unpack('h*', random_bytes(8));
my $secret = scalar(dbh()->selectrow_array('select secret from secret'));
my $signed_email = sha1_hex("$problem_id-$email-$salt-$secret");
$out = <<EOF;
<form action="/alert" method="post">
<p>You have successfully confirmed your update and you can now <a href="/?id=$problem_id#update_$id">view it on the site</a>.</p>
<p>You could also
<a href="/rss/$problem_id">subscribe to the RSS feed</a> of updates on this problem,
or
<input type="hidden" name="signed_email" value="$salt,$signed_email">
<input type="hidden" name="email" value="$email">
<input type="hidden" name="id" value="$problem_id">
<input type="hidden" name="type" value="updates">
<input type="submit" value="sign up"> if you wish to receive updates by email.
</p>
</form>
EOF
} elsif ($type eq 'problem') {
dbh()->do("update problem set state='confirmed' where id=?", {}, $id);
my $email = dbh()->selectrow_array("select email from problem where id=?", {}, $id);
my $salt = unpack('h*', random_bytes(8));
my $secret = scalar(dbh()->selectrow_array('select secret from secret'));
my $signed_email = sha1_hex("$id-$email-$salt-$secret");
$out = <<EOF;
<form action="/alert" method="post">
<p>You have successfully confirmed your problem and you can now <a href="/?id=$id">view it on the site</a>.</p>
<p>You could also
<a href="/rss/$id">subscribe to the RSS feed</a> of updates on this problem,
or
<input type="hidden" name="signed_email" value="$salt,$signed_email">
<input type="hidden" name="email" value="$email">
<input type="hidden" name="id" value="$id">
<input type="hidden" name="type" value="updates">
<input type="submit" value="sign up"> if you wish to receive updates by email.
</p>
</form>
EOF
}
dbh()->commit();
} else {
$out = <<EOF;
<p>Thank you for trying to confirm your update or problem. We seem to have a
problem ourselves though, so <a href="/contact">please let us know what went on</a>
and we'll look into it.
EOF
}
print Page::header($q, 'Confirmation');
print $out;
print Page::footer();
}
Page::do_fastcgi(\&main);
|
