2026-04-05_14-37-09Z_Sunday fix for status change on reclicking link
This commit is contained in:
@@ -17,23 +17,64 @@ include 'header.php';
|
||||
|
||||
$ip = $_SERVER["REMOTE_ADDR"];
|
||||
|
||||
# Remove any stale requests.
|
||||
# Remove any stale REQUEST_UNVERIFIED requests.
|
||||
# This should be enough to deter attackers while been short enough to allow real hosts to request a show.
|
||||
$query_delete_old = "DELETE
|
||||
$query_delete_old_REQUEST_UNVERIFIED = "DELETE
|
||||
FROM
|
||||
reservations
|
||||
WHERE
|
||||
reservations.timestamp + INTERVAL 1 HOUR <= UTC_TIMESTAMP()
|
||||
AND reservations.status = 'REQUEST_UNVERIFIED'";
|
||||
$result_delete_old = @mysqli_query($connection, $query_delete_old);
|
||||
logextra( "Deleting requests older than 1 hour" . $result_delete_old );
|
||||
$result_delete_old_REQUEST_UNVERIFIED = @mysqli_query($connection, $query_delete_old_REQUEST_UNVERIFIED);
|
||||
if(!$result_delete_old_REQUEST_UNVERIFIED) {
|
||||
problem("ERROR: DB problem - The old REQUEST_UNVERIFIED records were not removed from the reservations db.");
|
||||
}
|
||||
else{
|
||||
logextra( "mysql_query.result: \"$result\"\n" );
|
||||
}
|
||||
|
||||
logextra( "Removed REQUEST_UNVERIFIED requests older than 1 hour " . $result_delete_old_REQUEST_UNVERIFIED );
|
||||
|
||||
|
||||
# Remove any stale REQUEST_EMAIL_SENT requests.
|
||||
# This should be enough for someone to acutally upload a show
|
||||
$query_delete_old_REQUEST_EMAIL_SENT = "DELETE
|
||||
FROM
|
||||
reservations
|
||||
WHERE
|
||||
reservations.timestamp + INTERVAL 3 HOUR <= UTC_TIMESTAMP()
|
||||
AND reservations.status = 'REQUEST_EMAIL_SENT'";
|
||||
$result_delete_old_REQUEST_EMAIL_SENT = @mysqli_query($connection, $query_delete_old_REQUEST_EMAIL_SENT);
|
||||
if(!$result_delete_old_REQUEST_EMAIL_SENT) {
|
||||
problem("ERROR: DB problem - The old REQUEST_EMAIL_SENT records were not removed from the reservations db.");
|
||||
}
|
||||
else{
|
||||
logextra( "mysql_query.result: \"$result\"\n" );
|
||||
}
|
||||
|
||||
logextra( "Removed REQUEST_EMAIL_SENT requests older than 3 hours " . $result_delete_old_REQUEST_EMAIL_SENT );
|
||||
|
||||
|
||||
# Remove stale requests from this IP Address after 15 minutes.
|
||||
# This should be enough to deter attackers while been short enough to allow real hosts to request a show.
|
||||
$query_delete = "DELETE FROM reservations WHERE reservations.ip = '$ip' AND reservations.timestamp + INTERVAL 15 MINUTE <= UTC_TIMESTAMP() AND reservations.status = 'REQUEST_UNVERIFIED'";
|
||||
$query_delete = "DELETE
|
||||
FROM
|
||||
reservations
|
||||
WHERE
|
||||
reservations.ip = '$ip'
|
||||
AND
|
||||
reservations.timestamp + INTERVAL 15 MINUTE <= UTC_TIMESTAMP()
|
||||
AND
|
||||
reservations.status = 'REQUEST_UNVERIFIED'";
|
||||
$result_delete = @mysqli_query($connection, $query_delete);
|
||||
logextra( "Remove stale requests from this \"${ip}\" IP Address after 15 minutes. " . $result_delete_old );
|
||||
if(!$result_delete) {
|
||||
problem("ERROR: DB problem - The old REQUEST_UNVERIFIED records were not removed from this \"${ip}\" IP Address after 15 minutes.");
|
||||
}
|
||||
else{
|
||||
logextra( "mysql_query.result: \"$result\"\n" );
|
||||
}
|
||||
|
||||
logextra( "Remove REQUEST_UNVERIFIED stale requests from this \"${ip}\" IP Address after 15 minutes. " . $result_delete );
|
||||
|
||||
// --------------------------------------------
|
||||
// Get first free slot
|
||||
|
||||
@@ -10,18 +10,23 @@ if ( $_SERVER['REQUEST_METHOD'] !== 'GET' and empty($_SERVER["REMOTE_ADDR"]) and
|
||||
call412("9a77e4ab24410cbf68a3a05ba97221e4 Not a GET request");
|
||||
}
|
||||
|
||||
logextra( "Is a GET Request" );
|
||||
|
||||
if ( isset( $_GET['key'] ) and strlen( $_GET['key'] ) === 45 and strlen( htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) ) ) === 45 and ctype_xdigit( $_GET['key'] ) ) {
|
||||
$key = htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) );
|
||||
}
|
||||
else {
|
||||
if ( isset( $_GET['delete'] ) and strlen( $_GET['delete'] ) === 45 and strlen( htmlspecialchars( stripslashes( strip_tags( $_GET['delete'] ) ) ) ) === 45 and ctype_xdigit( $_GET['delete'] ) ) {
|
||||
$key = htmlspecialchars( stripslashes( strip_tags( $_GET['delete'] ) ) );
|
||||
logextra( "Is delete request" );
|
||||
}
|
||||
else {
|
||||
call412("e8ac90fc2a8996e5fb7a83e73e636e80 Invalid key");
|
||||
}
|
||||
}
|
||||
|
||||
logextra( "Key is valid" );
|
||||
|
||||
$ip = $_SERVER["REMOTE_ADDR"];
|
||||
|
||||
$query = "select * FROM reservations WHERE reservations.ip = '$ip' AND reservations.key = '$key' ";
|
||||
@@ -29,6 +34,8 @@ $result = mysqli_query($connection, $query);
|
||||
if($result === FALSE) {
|
||||
call412("91432866e3c9c36a9c4884345d578761 Could not find ip=\"$ip\" AND key=\"$key\" in the database. Did your IP address change ? Was the removed after 15 Munites ?");
|
||||
}
|
||||
logextra( "Found ip=\"$ip\" AND key=\"$key\" in the database" );
|
||||
|
||||
$db = mysqli_fetch_array($result, MYSQLI_ASSOC);
|
||||
if ( empty($db) or empty( $db['timestamp'] ) or empty( $db['key'] ) or empty( $db['ep_num'] ) or empty( $db['ep_date'] ) or empty( $db['email'] ) ) {
|
||||
call412("b019bd29c1fe5b756e4b620a5428f730 The information for this reservation is not correct in the database.");
|
||||
@@ -41,8 +48,11 @@ else {
|
||||
$ep_num = $db['ep_num'];
|
||||
$ep_date = $db['ep_date'];
|
||||
$db_ip = $db['ip'];
|
||||
$status = $db['status'];
|
||||
}
|
||||
|
||||
logextra( "The information for this reservation is correct in the database." );
|
||||
|
||||
// User selects delete
|
||||
if ( isset( $_GET['delete'] ) ) {
|
||||
$query = "DELETE FROM reservations WHERE reservations.ip = '$ip' AND reservations.key = '$key' ";
|
||||
@@ -54,10 +64,24 @@ if ( isset( $_GET['delete'] ) ) {
|
||||
header( "Location: ${hubBaseurl}calendar.php" ) ;
|
||||
$dir_structure = "/home/hpr/upload/" . strtotime($db_timestamp) . "_${ep_num}_${ep_date}_${db_key}/";
|
||||
rrmdir("$dir_structure");
|
||||
logextra( "Removed the reservation" );
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
logextra( "Not a delete" );
|
||||
|
||||
if ( empty($status) ) {
|
||||
naughty("317be55a55a82110b2836499580be486 did not find a status \"$status\" in the db.");
|
||||
}
|
||||
|
||||
logextra( "Found the status $status" );
|
||||
|
||||
if ($status !== 'REQUEST_EMAIL_SENT' && $status !== 'EMAIL_LINK_CLICKED') {
|
||||
naughty("65743c3fb8a2e171f56ec514ec45c1bc The status \"$status\" is not expected, should be REQUEST_EMAIL_SENT or EMAIL_LINK_CLICKED in the db.");
|
||||
}
|
||||
logextra( "The status \"$status\" is expected, should be either REQUEST_EMAIL_SENT or EMAIL_LINK_CLICKED." );
|
||||
|
||||
// Set the show to verified so that we can remove the temporary lock
|
||||
$status = strtotime("now") . ".EMAIL_LINK_CLICKED." . date('Y-m-d\TH:i:s\Z');
|
||||
$query = "UPDATE reservations SET `verified` = '1', `status` = 'EMAIL_LINK_CLICKED' WHERE `ip` = '$db_ip' AND `timestamp` = '$db_timestamp' AND `key` = '$db_key'";
|
||||
@@ -66,6 +90,8 @@ if(!isset($result)) {
|
||||
naughty("066c518314f0d3b1ad3e4af60fcf36ce Could not change status to EMAIL_LINK_CLICKED");
|
||||
}
|
||||
|
||||
logextra( "Updated status to EMAIL_LINK_CLICKED" );
|
||||
|
||||
// Display host information
|
||||
/*
|
||||
*/
|
||||
@@ -354,5 +380,6 @@ include 'header.php';
|
||||
</script>
|
||||
</form>
|
||||
<?php
|
||||
logextra( "Form displayed" );
|
||||
include 'footer.php';
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user