HPR/hpr_hub
8
0
Fork 3
Code Issues 48 Pull Requests Packages Projects Releases Wiki Activity

2026-04-05_14-37-09Z_Sunday fix for status change on reclicking link

Browse Source
This commit is contained in:
Ken Fallon
2026-04-05 16:37:09 +02:00
parent c92a73ff4e
commit e59d26d0ea
2 changed files with 74 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
hub/upload.php
View File

@@ -10,18 +10,23 @@ if ( $_SERVER['REQUEST_METHOD'] !== 'GET' and empty($_SERVER["REMOTE_ADDR"]) and
call412("9a77e4ab24410cbf68a3a05ba97221e4 Not a GET request");
}
logextra( "Is a GET Request" );
if ( isset( $_GET['key'] ) and strlen( $_GET['key'] ) === 45 and strlen( htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) ) ) === 45 and ctype_xdigit( $_GET['key'] ) ) {
$key = htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) );
}
else {
if ( isset( $_GET['delete'] ) and strlen( $_GET['delete'] ) === 45 and strlen( htmlspecialchars( stripslashes( strip_tags( $_GET['delete'] ) ) ) ) === 45 and ctype_xdigit( $_GET['delete'] ) ) {
$key = htmlspecialchars( stripslashes( strip_tags( $_GET['delete'] ) ) );
logextra( "Is delete request" );
}
else {
call412("e8ac90fc2a8996e5fb7a83e73e636e80 Invalid key");
}
}
logextra( "Key is valid" );
$ip = $_SERVER["REMOTE_ADDR"];
$query = "select * FROM reservations WHERE reservations.ip = '$ip' AND reservations.key = '$key' ";
@@ -29,6 +34,8 @@ $result = mysqli_query($connection, $query);
if($result === FALSE) {
call412("91432866e3c9c36a9c4884345d578761 Could not find ip=\"$ip\" AND key=\"$key\" in the database. Did your IP address change ? Was the removed after 15 Munites ?");
}
logextra( "Found ip=\"$ip\" AND key=\"$key\" in the database" );
$db = mysqli_fetch_array($result, MYSQLI_ASSOC);
if ( empty($db) or empty( $db['timestamp'] ) or empty( $db['key'] ) or empty( $db['ep_num'] ) or empty( $db['ep_date'] ) or empty( $db['email'] ) ) {
call412("b019bd29c1fe5b756e4b620a5428f730 The information for this reservation is not correct in the database.");
@@ -41,8 +48,11 @@ else {
$ep_num = $db['ep_num'];
$ep_date = $db['ep_date'];
$db_ip = $db['ip'];
$status = $db['status'];
}
logextra( "The information for this reservation is correct in the database." );
// User selects delete
if ( isset( $_GET['delete'] ) ) {
$query = "DELETE FROM reservations WHERE reservations.ip = '$ip' AND reservations.key = '$key' ";
@@ -54,10 +64,24 @@ if ( isset( $_GET['delete'] ) ) {
header( "Location: ${hubBaseurl}calendar.php" ) ;
$dir_structure = "/home/hpr/upload/" . strtotime($db_timestamp) . "_${ep_num}_${ep_date}_${db_key}/";
rrmdir("$dir_structure");
logextra( "Removed the reservation" );
exit;
}
}
logextra( "Not a delete" );
if ( empty($status) ) {
naughty("317be55a55a82110b2836499580be486 did not find a status \"$status\" in the db.");
}
logextra( "Found the status $status" );
if ($status !== 'REQUEST_EMAIL_SENT' && $status !== 'EMAIL_LINK_CLICKED') {
naughty("65743c3fb8a2e171f56ec514ec45c1bc The status \"$status\" is not expected, should be REQUEST_EMAIL_SENT or EMAIL_LINK_CLICKED in the db.");
}
logextra( "The status \"$status\" is expected, should be either REQUEST_EMAIL_SENT or EMAIL_LINK_CLICKED." );
// Set the show to verified so that we can remove the temporary lock
$status = strtotime("now") . ".EMAIL_LINK_CLICKED." . date('Y-m-d\TH:i:s\Z');
$query = "UPDATE reservations SET `verified` = '1', `status` = 'EMAIL_LINK_CLICKED' WHERE `ip` = '$db_ip' AND `timestamp` = '$db_timestamp' AND `key` = '$db_key'";
@@ -66,6 +90,8 @@ if(!isset($result)) {
naughty("066c518314f0d3b1ad3e4af60fcf36ce Could not change status to EMAIL_LINK_CLICKED");
}
logextra( "Updated status to EMAIL_LINK_CLICKED" );
// Display host information
/*
*/
@@ -354,5 +380,6 @@ include 'header.php';
</script>
</form>
<?php
logextra( "Form displayed" );
include 'footer.php';
?>