Improved error handling

2021-12-27 08:07:02 +00:00 · 2021-12-27 08:07:02 +00:00 · 0de9a1b1d1
commit 0de9a1b1d1
parent 896a3b29b5
6 changed files with 44 additions and 6 deletions
--- a/admin/login.php
+++ b/admin/login.php
@ -1,10 +1,19 @@
 <?php

+session_set_cookie_params(3600);
 session_start();

+if (!isset($_SESSION['login_attempts'])) {
+	$_SESSION['login_attempts'] = 0;
+}
+
 $token = $_POST['token'];

 if (!isset($_SESSION['uid'])) {
+	if ($_SESSION['login_attempts'] >= 5) {
+		http_response_code(403);
+		die("Error: too many login attempts.");
+	}
 	if (!isset($token)) {
 ?>
 <!DOCTYPE HTML>
@ -24,6 +33,7 @@ if (!isset($_SESSION['uid'])) {
 <?php
 		die;
 	} else if ($token !== '1445') {
+		$_SESSION['login_attempts']++;
 		http_response_code(403);
 		die("Error: incorrect token");
 	} else {
--- a/admin/logout.php
+++ b/admin/logout.php
@ -8,7 +8,7 @@ unset($_SESSION['uid']);
 <!DOCTYPE HTML>
 <html>
 <head>
-	<meta http-equiv="refresh" content="3; /">
+	<meta http-equiv="refresh" content="1; /">
 </head>
 <body>
 	<p>Signed out.</p>
--- a/admin/unsubscribe.php
+++ b/admin/unsubscribe.php
@ -21,7 +21,10 @@ if (!$query) {
 	die("Error: {$conn->error}");
 }
 $query->bind_param("s", $email);
-$query->execute();
+if (!$query->execute()) {
+	http_response_code(500);
+	die("Error {$query->errno}: {$query->error}");
+}

 if ($query->affected_rows === 0) {
 	http_response_code(400);
--- a/index.html
+++ b/index.html
--- a/js/app.js
+++ b/js/app.js
@ -59,7 +59,9 @@ document.addEventListener('DOMContentLoaded', function () {
 		}).then(function (res) {
 			if (!res.ok) {
 				res.json().then(function (err) {
-					document.querySelector('input[name="'+ err.field + '"]').classList.add('invalid');
+					if ('field' in err) {
+						document.querySelector('input[name="'+ err.field + '"]').classList.add('invalid');
+					}
 					alert(err.message);
 				});
 			} else {
--- a/subscribe.php
+++ b/subscribe.php
@ -1,5 +1,7 @@
 <?php
-#ini_set('display_errors', 1);
+
+session_set_cookie_params(3600);
+session_start();

 $email = $_POST['email'];
 $fname = $_POST['full_name'];
@ -15,8 +17,9 @@ $phone_num = preg_replace("/[^0-9]/", '', $phone);
 if (strlen($phone_num) == 11)
 	$phone_num = preg_replace("/^1/", '', $phone_num);

-if (!$email || preg_match($pattern, $email) !== 1 || !$fname || strlen($phone_num) != 10) {
+if (!$email || preg_match($pattern, $email) !== 1 || !$fname || strlen($phone_num) !== 10) {
    http_response_code(400);
+	header('Content-Type: application/json');
    die(json_encode([
 	    'field' => 'email',
 	    'message' => 'Error: An email address, first name, and last name are required.'
@ -24,6 +27,7 @@ if (!$email || preg_match($pattern, $email) !== 1 || !$fname || strlen($phone_nu
 }
 if ($gender && $gender !== 'm' && $gender !== 'f') {
    http_response_code(400);
+	header('Content-Type: application/json');
    die(json_encode([
 	    'field' => 'full_name',
 	    'message' => 'Error: An invalid gender was given.'
@ -37,14 +41,33 @@ $query = $conn->prepare(
 );
 if (!$query) {
    http_response_code(500);
+	header('Content-Type: application/json');
    die(json_encode(['message' => $conn->error]));
 }
+if (!isset($_SESSION['signups'])) {
+	$_SESSION['signups'] = 0;
+} else if ($_SESSION['signups'] >= 5) {
+	http_response_code(429);
+	header('Content-Type: application/json');
+	die(json_encode(['message' => 'You are subscribing too often.']));
+}
 $query->bind_param(
    "sssss",
    $email, $fname, $phone_num, $gender,
    date("Y-m-d H:i:s")
 );
-$query->execute();
+if (!$query->execute()) {
+	http_response_code(500);
+	header('Content-Type: application/json');
+	if ($query->errno === 1062) {
+		http_response_code(400);
+		header('Content-Type: application/json');
+		die(json_encode(['message' => 'This email is already subscribed.', 'field' => 'email']));
+	} else {
+		die(json_encode(['message' => $query->error, 'errno' => $query->errno]));
+	}
+}
+$_SESSION['signups']++;

 ?>
 <!DOCTYPE HTML>