From 0de9a1b1d1d980f16e0bb56b66b281ee76c52499 Mon Sep 17 00:00:00 2001
From: scoliono <2191476+scoliono@users.noreply.github.com>
Date: Mon, 27 Dec 2021 08:07:02 +0000
Subject: [PATCH] Improved error handling

---
 admin/login.php         | 10 ++++++++++
 admin/logout.php        |  2 +-
 admin/unsubscribe.php   |  5 ++++-
 index.html => index.php |  0
 js/app.js               |  4 +++-
 subscribe.php           | 29 ++++++++++++++++++++++++++---
 6 files changed, 44 insertions(+), 6 deletions(-)
 rename index.html => index.php (100%)

diff --git a/admin/login.php b/admin/login.php
index 3f3f7d9..0d9e07e 100755
--- a/admin/login.php
+++ b/admin/login.php
@@ -1,10 +1,19 @@
 <?php
 
+session_set_cookie_params(3600);
 session_start();
 
+if (!isset($_SESSION['login_attempts'])) {
+	$_SESSION['login_attempts'] = 0;
+}
+
 $token = $_POST['token'];
 
 if (!isset($_SESSION['uid'])) {
+	if ($_SESSION['login_attempts'] >= 5) {
+		http_response_code(403);
+		die("Error: too many login attempts.");
+	}
 	if (!isset($token)) {
 ?>
 <!DOCTYPE HTML>
@@ -24,6 +33,7 @@ if (!isset($_SESSION['uid'])) {
 <?php
 		die;
 	} else if ($token !== '1445') {
+		$_SESSION['login_attempts']++;
 		http_response_code(403);
 		die("Error: incorrect token");
 	} else {
diff --git a/admin/logout.php b/admin/logout.php
index c134e7d..e309465 100755
--- a/admin/logout.php
+++ b/admin/logout.php
@@ -8,7 +8,7 @@ unset($_SESSION['uid']);
 <!DOCTYPE HTML>
 <html>
 <head>
-	<meta http-equiv="refresh" content="3; /">
+	<meta http-equiv="refresh" content="1; /">
 </head>
 <body>
 	<p>Signed out.</p>
diff --git a/admin/unsubscribe.php b/admin/unsubscribe.php
index 0f3ce95..b1224b9 100755
--- a/admin/unsubscribe.php
+++ b/admin/unsubscribe.php
@@ -21,7 +21,10 @@ if (!$query) {
 	die("Error: {$conn->error}");
 }
 $query->bind_param("s", $email);
-$query->execute();
+if (!$query->execute()) {
+	http_response_code(500);
+	die("Error {$query->errno}: {$query->error}");
+}
 
 if ($query->affected_rows === 0) {
 	http_response_code(400);
diff --git a/index.html b/index.php
similarity index 100%
rename from index.html
rename to index.php
diff --git a/js/app.js b/js/app.js
index 552c021..09a58c7 100755
--- a/js/app.js
+++ b/js/app.js
@@ -59,7 +59,9 @@ document.addEventListener('DOMContentLoaded', function () {
 		}).then(function (res) {
 			if (!res.ok) {
 				res.json().then(function (err) {
-					document.querySelector('input[name="'+ err.field + '"]').classList.add('invalid');
+					if ('field' in err) {
+						document.querySelector('input[name="'+ err.field + '"]').classList.add('invalid');
+					}
 					alert(err.message);
 				});
 			} else {
diff --git a/subscribe.php b/subscribe.php
index f8669b6..efde88e 100755
--- a/subscribe.php
+++ b/subscribe.php
@@ -1,5 +1,7 @@
 <?php
-#ini_set('display_errors', 1);
+
+session_set_cookie_params(3600);
+session_start();
 
 $email = $_POST['email'];
 $fname = $_POST['full_name'];
@@ -15,8 +17,9 @@ $phone_num = preg_replace("/[^0-9]/", '', $phone);
 if (strlen($phone_num) == 11)
 	$phone_num = preg_replace("/^1/", '', $phone_num);
 
-if (!$email || preg_match($pattern, $email) !== 1 || !$fname || strlen($phone_num) != 10) {
+if (!$email || preg_match($pattern, $email) !== 1 || !$fname || strlen($phone_num) !== 10) {
     http_response_code(400);
+	header('Content-Type: application/json');
     die(json_encode([
 	    'field' => 'email',
 	    'message' => 'Error: An email address, first name, and last name are required.'
@@ -24,6 +27,7 @@ if (!$email || preg_match($pattern, $email) !== 1 || !$fname || strlen($phone_nu
 }
 if ($gender && $gender !== 'm' && $gender !== 'f') {
     http_response_code(400);
+	header('Content-Type: application/json');
     die(json_encode([
 	    'field' => 'full_name',
 	    'message' => 'Error: An invalid gender was given.'
@@ -37,14 +41,33 @@ $query = $conn->prepare(
 );
 if (!$query) {
     http_response_code(500);
+	header('Content-Type: application/json');
     die(json_encode(['message' => $conn->error]));
 }
+if (!isset($_SESSION['signups'])) {
+	$_SESSION['signups'] = 0;
+} else if ($_SESSION['signups'] >= 5) {
+	http_response_code(429);
+	header('Content-Type: application/json');
+	die(json_encode(['message' => 'You are subscribing too often.']));
+}
 $query->bind_param(
     "sssss",
     $email, $fname, $phone_num, $gender,
     date("Y-m-d H:i:s")
 );
-$query->execute();
+if (!$query->execute()) {
+	http_response_code(500);
+	header('Content-Type: application/json');
+	if ($query->errno === 1062) {
+		http_response_code(400);
+		header('Content-Type: application/json');
+		die(json_encode(['message' => 'This email is already subscribed.', 'field' => 'email']));
+	} else {
+		die(json_encode(['message' => $query->error, 'errno' => $query->errno]));
+	}
+}
+$_SESSION['signups']++;
 
 ?>
 <!DOCTYPE HTML>