Created
April 9, 2012 02:41
-
-
Save mcamiano/2340972 to your computer and use it in GitHub Desktop.
One-shot status update for Joomla 1.5* component (not tested)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* @package One-time pad signal script | |
* @description Feedback signal via HTTP GET or POST using a one-time pad communicated through a separate process, as an alternative to the convoluted Joomla! 1.5.x XMLRPC feature. | |
* @version 1.0 | |
* @copyright Copyright 2010 by Mitchell Amiano All Rights Reserved. | |
* @license http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL | |
* */ | |
// place this script in a non-Web accessible location, then require it from a wrapper script | |
require("configuration.php"); // Joomla config for database, user details | |
$jconfig = new JConfig(); | |
$Forwarding_url = "http://some.joomla.domain.agilemarkup.com/index.php/some-landing-page"; | |
$error_message = "Request Failed."; | |
$mysqli = new mysqli( | |
$jconfig->host, | |
$jconfig->user, | |
$jconfig->password, | |
$jconfig->db | |
) or die( $error_message. " (no database access)" ); | |
if (mysqli_connect_errno()) { | |
printf("Connect failed: %s\n", mysqli_connect_error()); | |
exit(); | |
} | |
// Using $_REQUEST makes the script ambivalent to whether a POST or a GET with query parameters. | |
// but... | |
// GET should never make changes to a resource. but... | |
// If the source system only allows GET requests, HTTP idempotence for GET request could be violated as a special case. | |
// Some survey tools, for instance, (only) allow a GET request to signal the end of a survey process. | |
// | |
$username = $subnum = $onetimepad = ""; | |
$status="Submitted"; | |
if (isset($_REQUEST['username'])) { | |
$username=mysqli_real_escape_string( $mysqli, substr($_REQUEST['username'],0,60)); | |
} | |
if (isset($_REQUEST['subnum'])) { | |
$subnum=mysqli_real_escape_string( $mysqli, substr($_REQUEST['subnum'],0,5)); | |
} | |
if (isset($_REQUEST['pad'])) { | |
$onetimepad=mysqli_real_escape_string( $mysqli, substr($_REQUEST['pad'],0,100)); | |
} | |
$lengths = [ strlen($username), strlen($subnum), strlen($onetimepad) ]; | |
$max_param_length = 100; | |
if ( count($lengths) != count(array_filter($lengths, function ($element) use ($max_param_length) { return ($element > 0 && $element < $max_param_length); } )) ) { | |
printf("$error_message" . " (improper parameters)" ); | |
exit(); | |
} | |
// compute a prefix and a suffix that are more or less secret. | |
// (these should not be in a Web-visible script) | |
$onetimepad="ComputedPrefix".$onetimepad."ComputedSuffix"; | |
// Due to the one-time pad, only one update is allowed per row. | |
// Subsequent requests will have no effect and return the same result. | |
$stmt_string = "UPDATE jos_some_component_table set subnum=?, status=? WHERE username=? AND subnum=?"; | |
$stmt = $mysqli->prepare($stmt_string); | |
$stmt->bind_param("ssss", $subnum, $status, $username, $onetimepad); | |
$stmt->execute(); | |
if (strlen($mysqli->error)==0) { | |
$stmt->close(); | |
$mysqli->close(); | |
header("Location: ".$Forwarding_url); | |
} else { | |
?><div style="margin-top: 12ex; margin-left:auto; margin-right: auto; width: 30em; height: 20ex; position: relative; text-align: center;"> | |
<strong>Sorry, but the status was not updated.</strong> | |
<br/> | |
<p>Your feedback form <em>WAS</em> still submitted.</p> | |
<br/> | |
<p>Click on <a href="<?php echo $Forwarding_url;?>" title="landing page">Some Landing Page</a> to return to the project site. | |
</div> | |
<?php | |
// send an email note to the Joomla administrator | |
$headers = 'From: ' . $mailfrom . "\r\n" . 'Reply-To: ' . $mailfrom . "\r\n" . 'X-Mailer: PHP/' . phpversion(); | |
$body = htmlspecialchars("The feedback form was completed for ". $username.", submission #".$subnum.", but the site was not updated to reflect the fact that it was completed. \nThe 'one-time-pad' was '".$onetimepad."'\n The referrer was ". mysqli_real_escape_string($_SERVER['HTTP_REFERER'])."\n Please ask the Web administrator to look into this."); | |
mail( $mailfrom, "Status not updated for ".htmlspecialchars($username).", #".htmlspecialchars($subnum), $body, $headers); | |
$mysqli->close(); | |
} | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment