james/miles-city-council
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
miles-city-council/subscribe.php
scoliono 0de9a1b1d1 Improved error handling
2021-12-27 08:07:02 +00:00

83 lines
3.4 KiB
PHP
Executable File
Raw Blame History

<?php
session_set_cookie_params(3600);
session_start();
$email = $_POST['email'];
$fname = $_POST['full_name'];
$phone = $_POST['phone'];
$gender = isset($_POST['gender']) && $_POST['gender'];
$pattern = '/^(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){255,})(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){65,}@)(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22))(?:\\.(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-+[a-z0-9]+)*\\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-+[a-z0-9]+)*)|(?:\\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\\]))$/iD';
//eliminate every char except 0-9
$phone_num = preg_replace("/[^0-9]/", '', $phone);
//eliminate leading 1 if its there
if (strlen($phone_num) == 11)
$phone_num = preg_replace("/^1/", '', $phone_num);
if (!$email || preg_match($pattern, $email) !== 1 || !$fname || strlen($phone_num) !== 10) {
http_response_code(400);
header('Content-Type: application/json');
die(json_encode([
'field' => 'email',
'message' => 'Error: An email address, first name, and last name are required.'
]));
}
if ($gender && $gender !== 'm' && $gender !== 'f') {
http_response_code(400);
header('Content-Type: application/json');
die(json_encode([
'field' => 'full_name',
'message' => 'Error: An invalid gender was given.'
]));
}
$conn = new mysqli("localhost", "mileslinden", "Daiso@6969", "mileslinden");
$query = $conn->prepare(
"INSERT INTO subscribers (`email`, `full_name`, `phone`, `gender`, `join_date`) VALUES (?, ?, ?, ?, ?)"
);
if (!$query) {
http_response_code(500);
header('Content-Type: application/json');
die(json_encode(['message' => $conn->error]));
}
if (!isset($_SESSION['signups'])) {
$_SESSION['signups'] = 0;
} else if ($_SESSION['signups'] >= 5) {
http_response_code(429);
header('Content-Type: application/json');
die(json_encode(['message' => 'You are subscribing too often.']));
}
$query->bind_param(
"sssss",
$email, $fname, $phone_num, $gender,
date("Y-m-d H:i:s")
);
if (!$query->execute()) {
http_response_code(500);
header('Content-Type: application/json');
if ($query->errno === 1062) {
http_response_code(400);
header('Content-Type: application/json');
die(json_encode(['message' => 'This email is already subscribed.', 'field' => 'email']));
} else {
die(json_encode(['message' => $query->error, 'errno' => $query->errno]));
}
}
$_SESSION['signups']++;
?>
<!DOCTYPE HTML>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Miles Linden for San Jose City Council</title>
</head>
<body>
<h1>You have subscribed successfully.</h1>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink