API tools faq
paste
Advertisement
epheterson

TXT TAG - process.php

epheterson
Dec 9th, 2013
95
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 13.02 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. // To simplify this page, functions have been put into a separate file
  4. include_once($_SERVER['DOCUMENT_ROOT'].'/includes/functions.php');
  5.  
  6. // Actions include: text, view, claim, remind, leave, contact
  7. // Catch all of the inputs from the form, and assign convenient variable names
  8. $action = $_POST["action"];
  9. $state = $_POST["state"];
  10. $plate = $_POST["plate"];
  11. $email = $_POST["email"];
  12. $text = $_POST["text"];
  13. $robot = $_POST["robot"];
  14.  
  15. // The contact and claim forms have extra inputs, we'll grab those now.
  16. if($action == "contact" || $action == "claim") {
  17.     $Name = $_POST["Name"];
  18.     $Guess = $_POST["Guess"];
  19.     $Answer = $_POST["Answer"];
  20.  
  21.     $public = $_POST["public"];
  22.     $custom = $_POST["custom"];
  23.     $share = $_POST["share"];
  24.  
  25.     // Strip HTML tags on the comments so that our email doesn't execute foreign code
  26.     $Comments = strip_tags($text);
  27. }
  28.  
  29. // Get the tag all regular-like
  30. $plate = preg_replace('/[^A-Za-z0-9-]/', '', $plate);
  31. $plate = strtoupper($plate);
  32.  
  33. // Replace commonly-mistaken characters
  34. $p1ate = effective_tag($plate);
  35.  
  36. // Form a nicely-spaced version of the plate. (ADGT09 => ADG T09)
  37. $plat3 = prettyPlate($plate);
  38.  
  39. // Add a line to the header so that browsers can automatically detect our RSS feed
  40. if($action == "view") {
  41.     $head = '<link rel="alternate" type="application/rss+xml" title="RSS" href="http://www.txttag.me/rss.php?state=' . $state . '&plate=' . $plate . '" />';
  42. }
  43.  
  44. // Load the header to give the page its form
  45. include('./header.php');
  46.  
  47. // Format the message to prevent SQL & HTML injection...
  48. $text = strip_tags($text);
  49. $t3xt = $db->real_escape_string($text);
  50.  
  51. // These lines allows a form session to be submitted only once
  52. $page_id_index = array_search($_POST['page_instance_id'], $_SESSION['page_instance_ids']);
  53. if ($page_id_index !== false) {
  54.     unset($_SESSION['page_instance_ids'][$page_id_index]);
  55.  
  56. // A "honeypot" technique is employed to ensure no robots are filling out the form.
  57. // This was a hidden input, if *anything* exists in it, it was from a robot. Trash it.
  58. if($robot != "") {
  59.     // Don't make it obvious that we've detected the robot.
  60.     echo "Thanks for your request.";
  61.  
  62. // !Leave
  63. // Handle opt-out requests
  64. } else if($action == "leave"){
  65.     echo "<h2>We already miss you!</h2>";
  66.  
  67.     // We use an additional captcha technique for sensitive operations
  68.     if($Guess == $Answer) {
  69.         if(validEmail($email)){
  70.  
  71.             // If a plate is entered, delete just a single plate
  72.             if(strlen($plate)>0){
  73.                 $q="DELETE FROM tags WHERE state='$state' AND tag='$plate' AND email='$email'";
  74.                 $r=mysqli_query($db,$q) or die(mysqli_error($db)." Q=".$q);
  75.  
  76.                 $q="INSERT INTO log (state, tag, msg, email) VALUES ('$state','$plate','TXT TAG: Plate now unclaimed.','$email')";
  77.                 $r=mysqli_query($db,$q) or die(mysqli_error($db)." Q=".$q);
  78.  
  79.                 echo "<p><b>$state &mdash; $plat3</b><br>$email</p>";
  80.                 echo "<p>It's done.</p>";
  81.  
  82.             // If no plate is entered, delete all tags associated with the email
  83.             } else {
  84.                 $q="DELETE FROM tags WHERE email='$email'";
  85.                 $r=mysqli_query($db,$q) or die(mysqli_error($db)." Q=".$q);
  86.  
  87.                 $q="INSERT INTO log (state, tag, msg, email) VALUES ('00','null','TXT TAG: User removed entire email.','$email')";
  88.                 $r=mysqli_query($db,$q) or die(mysqli_error($db)." Q=".$q);
  89.  
  90.                 echo "<p><b>$email</b></p>";
  91.                 echo "<p>It's done.</p>";
  92.             }
  93.             $success;
  94.         // End up here if the email was not of proper form
  95.         } else { echo "That email smells fishy."; }
  96.  
  97.     // End up here if the math operation didn't add up
  98.     } else { echo "Either you're a robot, or you can't add."; }
  99.  
  100. // !Remind
  101. // Send a reminder email
  102. } else if($action == "remind"){
  103.     if(validEmail($email)){
  104.             $subject="Hey, claim your tag!";
  105.             $message="</b>A great tip is to take a picture of your tag the next time you walk to your car.<br>This is also useful if somebody mentions your tag over the intercom!</p><p><a href=\"http://www.txttag.me/claim.php\"><b>When you're ready, claim your tag here.";
  106.             sendMsg($email, $subject, $message);
  107.             echo "<h2>Consider it done.</h2>";
  108.             echo "<p>We've just sent you a message, don't delete it 'till you've claimed your tag.</p>";
  109.             $success;
  110.         // End up here if the email was not of proper form
  111.         } else { echo "<h2>I can't remind you there...</h2><p>That email smells fishy.</p>"; }
  112.  
  113. // !Contact
  114. // Process the contact form
  115. } else if($action == "contact") {
  116.     echo "<h2>Drop us a line!</h2>";
  117.     if(validEmail($email)){
  118.         // If not a bot, process the mailing
  119.         if(strlen($Name)!=0 && htmlspecialchars($Name) == $Name && $Guess == $Answer){
  120.             $message = '<p>Name: '.$Name.'</p><p>Email: '.$email.'</p><p>Comments:<br>'.$Comments.'</p>';
  121.             $message = "<html><body><p><center><a href=\"http://www.txttag.me\" alt=\"TXT TAG\"><img src=\"http://www.txttag.me/images/txttag.png\"></a></center></p><hr>$message<hr><p><center>http://www.TXTTAG.me</center></p></body></html>";
  122.  
  123.             $to = '"GOOD Inc." <[email protected]>';
  124.             $subject = 'Message from TXTTAG.me!';
  125.  
  126.             $headers  = 'MIME-Version: 1.0' . "\r\n";
  127.             $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
  128.             $headers .= 'From: "'. $Name . '" <' . $email . '>' . "\r\n";
  129.             if(mail($to,'Message from TXTTAG.me!',$message,$headers)) {
  130.                 echo "Hey, thanks for your message! We'll get back to you ASAP.";
  131.                 $success;
  132.             } else {
  133.                 echo "ERROR! The message did not send properly, please alert [email protected] about this error! Our apologies.";
  134.             }
  135.         } else { // No name, probably a bot, throw it away...
  136.         echo "We think you're a robot... go back and check everything. If all else fails, send us a message at [email protected] using your favorite email client.";
  137.         }
  138.     } else { echo "That email smells fishy."; }
  139. // Done with contact form, all remaining actions require a plate.
  140.  
  141. // !Plate Test
  142. // Check to make sure plate exists, and it's too long
  143. } else if(strlen($plate)>0){
  144.     if(strlen($plate)>8) {
  145.         echo "You know license plates aren't that long.";
  146.  
  147. // !Claim
  148. // Claim tags to emails
  149. }else if($action == "claim"){
  150.     echo "<h2>Claim your tag</h2>";
  151.  
  152.     if(validEmail($email)){
  153.         // Verify he's not a robot
  154.         if($Guess == $Answer) {
  155.  
  156.             // Format HTML checkbox input into SQL-ready data
  157.             if ($custom == 'false') { $custom = 0; } else { $custom = 1; }
  158.             if ($public == 'true' ) { $public = 1 ; } else { $public = 0; }
  159.             if ($share == 'true' ) { $share = 1 ; } else { $share = 0; }
  160.  
  161.             // Check if plate already exists
  162.             $q="SELECT * FROM tags WHERE state='$state' AND tag='$plate'";
  163.             $r=mysqli_query($db,$q) or die(mysqli_error($db)." Q=".$q);
  164.  
  165.             // If the plate isn't already registered...
  166.             if($r->num_rows<1){
  167.  
  168.                 // Insert the plate into the databse
  169.                 $q="INSERT INTO tags (state, tag, email, custom, public, share, tag_effective) VALUES ('$state','$plate','$email','$custom','$public','$share','$p1ate')";
  170.                 $r=mysqli_query($db,$q) or die(mysqli_error($db)." Q=".$q);
  171.  
  172.                 $message = "TXT TAG: Just signed up original ($plate) with custom, public: $custom, $public";
  173.  
  174.                 // Log that you've done so
  175.                 $q="INSERT INTO log (state, tag, msg, email) VALUES ('$state','$plate','$message','$email')";
  176.                 $r=mysqli_query($db,$q) or die(mysqli_error($db)." Q=".$q);
  177.  
  178.                 // Check if there are messages waiting
  179.                 $q="SELECT date, msg FROM txts WHERE state='$state' AND tag='$plate'";
  180.                 $r=mysqli_query($db,$q) or die(mysqli_error($db)." Q=".$q);
  181.  
  182.                 echo "<p><b>$state &mdash; $plate</b><br>$email</p>";
  183.  
  184.                 // If there are messages, deliver them...
  185.                 if($r->num_rows>0){
  186.                     echo "<p>You're in, and you've got mail!</p>";
  187.                     justClaimed($db,$email,$state,$plate,$r);
  188.                 } else {
  189.                     echo "<p>Consider it done.</p>";
  190.                 }
  191.  
  192.                 echo "<p><i>Double check your plate and email above. If you've made a typo, <a href=\"../contact.php\">contact us</a>.</i></p>";
  193.                 echo "<p>Messages may have been intended for you, but sent to similar tags, <a href=\"../view.php\">check here</a>.</p>";
  194.                 $success;
  195.             } else {
  196.                 echo "<p><b>$state &mdash; $plat3</b></p>";
  197.                 echo "Sorry, that tag has already been claimed!<br><a href=\"../contact.php\">Contact us</a> to work this out.";}
  198.  
  199.             // End up here if the math operation didn't add up
  200.             } else { echo "Either you're a robot, or you can't add."; }
  201.  
  202.         // End up here if the email was not of proper form
  203.         } else { echo "That email smells fishy."; }
  204.  
  205. // !View
  206. // Print list of messages publicly
  207. }else if($action == "view"){
  208.         echo "<h2>View Messages</h2>";
  209.         echo "<p><b>$state &mdash; $plat3</b></p>";
  210.  
  211.         // Check the privacy setting on this tag
  212.         $q="SELECT public FROM tags WHERE state='$state' AND tag='$plate'";
  213.         $r=mysqli_query($db,$q) or die(mysqli_error($db)." Q=".$q);
  214.  
  215.         // Massage the desired value out of the result
  216.         $r1 = $r->fetch_assoc();
  217.         $public = $r1['public'];
  218.  
  219.         // If we're permitted to, begin to print the messages
  220.         if ($public || $r->num_rows == 0){
  221.  
  222.             // Pull all related messages from the database
  223.             $q="SELECT * FROM txts WHERE state='$state' AND tag='$plate' ORDER BY `id` DESC";
  224.             $r=mysqli_query($db,$q) or die(mysqli_error($db)." Q=".$q);
  225.  
  226.             // If a message exists, print it
  227.             if($r->num_rows>0){
  228.  
  229.                 // Offer our RSS feed as a link, then print the messages
  230.                 echo '<a href="http://www.txttag.me/rss.php?state=' . $state . '&plate=' . $plate . '"><img src="' . $root . '/images/rss.png"> Subscribe to an RSS feed</a>';
  231.                 printMsgs($r);
  232.  
  233.             // End up here if there are no messages for this tag
  234.             } else { echo "Nobody has sent you anything yet."; }
  235.  
  236.         // This tag has specifically be set to not show the messages publicly
  237.         } else  { echo "<p>The person who claimed this tag chose to keep these messages private.<br>Feel free to contact us if you have any concerns.</p>";}
  238.  
  239.         // Handle effective tags
  240.         // Find all tags that are effectively the same
  241.         $q="SELECT * FROM txts WHERE state='$state' AND tag_effective='$p1ate' AND tag != '$plate'";
  242.         $r=mysqli_query($db,$q) or die(mysqli_error($db)." Q=".$q);
  243.  
  244.         if($r->num_rows>0){
  245.  
  246.             while($row = $r->fetch_array())
  247.             { $rows[] = $row; }
  248.  
  249.             foreach($rows as $row)
  250.             {
  251.                 $plate_similar = prettyPlate($row['tag']);
  252.                 $msg = $row['msg'];
  253.  
  254.                 // Check the privacy setting on this tag
  255.                 $q="SELECT share FROM tags WHERE state='$state' AND tag='$plate_similar'";
  256.                 $r=mysqli_query($db,$q) or die(mysqli_error($db)." Q=".$q);
  257.  
  258.                 // Massage the desired value out of the result
  259.                 $r1 = $r->fetch_assoc();
  260.                 $share = $r1['share'];
  261.  
  262.                 if($r->num_rows<1 || $share == '1') {
  263.                     $date = date('l, F j, Y @ g:i A', strtotime($row['date']) );
  264.                     $similar_messages .= "<p><b><i>" . $date . "</b><br>Sent to $plate_similar</i><br>$msg</p>";
  265.                 }
  266.             }
  267.         }
  268.  
  269.         if($similar_messages){
  270.             echo "<p><b>Messages possibly meant for this tag:</b></p>" . $similar_messages;
  271.         }
  272.  
  273.         $success;
  274.  
  275. // !Text
  276. // Send out messages
  277. } else if($action == "text") {
  278.     echo "<h2>Send messages to license plates.</h2>";
  279.  
  280.     // Verify the user actually typed a message
  281.     if(strlen($text)<1) {
  282.         echo "Why would you send anybody an empty message?";
  283.  
  284.     } else {
  285.         // Save the message in our database
  286.         $q="INSERT INTO txts (state, tag, msg, tag_effective) VALUES ('$state','$plate','$t3xt','$p1ate')";
  287.         $r=mysqli_query($db,$q) or die(mysqli_error($db)." Q=".$q);
  288.  
  289.         // Find out if there's an email stored for this tag
  290.         $q="SELECT * FROM tags WHERE state='$state' AND tag='$plate'";
  291.         $r=mysqli_query($db,$q) or die(mysqli_error($db)." Q=".$q);
  292.  
  293.         // If there is no email address, we're done
  294.         if($r->num_rows<1){
  295.             echo "<p>That tag isn't in our database yet.<br>We'll hold onto your message and deliver it later.</p>";
  296.             echo "<p><b>$state &mdash; $plat3</b></p><p>$text</p>";
  297.  
  298.         // else, if there is an email address, send a message
  299.         } else {
  300.             // Massage the result to get the email out
  301.             $r1 = $r->fetch_assoc();
  302.             $email = $r1['email'];
  303.  
  304.             //Send that message!
  305.             txtTag($db,$email,$state,$plate,$text);
  306.  
  307.             echo "<h2>You texted that tag!</h2>";
  308.             echo "<p><b>$state &mdash; $plat3</b></p><p>\"$text\"</p>";
  309.         }
  310.  
  311.         // Handle effective tags
  312.         if($r->num_rows<1 || $r1['share'] == true){
  313.             // Send messages to all effective tags!
  314.  
  315.             $plate_original = $plate;
  316.  
  317.             // Find all tags that are effectively the same
  318.             $q="SELECT * FROM tags WHERE state='$state' AND tag_effective='$p1ate' AND tag != '$plate'";
  319.             $r=mysqli_query($db,$q) or die(mysqli_error($db)." Q=".$q);
  320.  
  321.             if($r->num_rows>0){
  322.                 echo "<p><b><i>Also sending your message to:</i></b>";
  323.                 while($row = $r->fetch_array())
  324.                 { $rows[] = $row; }
  325.  
  326.                 foreach($rows as $row)
  327.                 {
  328.                     $plate_similar = $row['tag'];
  329.                     $email = $row['email'];
  330.  
  331.                     echo "<br>$plate_similar";
  332.  
  333.                     txtEffectiveTag($db,$email,$state,$plate_original,$plate_similar,$text);
  334.                 }
  335.  
  336.                 echo "</p>";
  337.             }
  338.         }
  339.  
  340.         $success;
  341.     }
  342. }
  343.  
  344. // End up here if the plate is non-existant
  345. } else { echo "Did you even enter a plate?"; }
  346. } else {
  347.     echo "<h2>Uh oh!</h2>";
  348.     echo "This form has already been submitted once, please start fresh!";
  349. }
  350. ?>
  351. <p><a href="javascript:history.back()">&lt; Back</a></p>
  352. <?php
  353.     // !Footer
  354.     fbLikeBox();
  355.     include('./footer.php');
  356. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!