<BODY>
<div id="controls">
<?php
- if( $_SESSION['permissions'] <= CCCP_PERM_ADMIN ) {
-?>
- <a href="research.php" class="category">Research</a>
-<?php } ?>
- <a href="canvass.php" class="category">Canvassing</a>
- <a href="phonebank.php" class="category">Phonebank</a>
-<?php
- if( $_SESSION['permissions'] <= CCCP_PERM_LEAD ) {
-?>
- <a href="users.php" class="category">User Management</a>
-<?php } ?>
-<?php
- if( $_SESSION['permissions'] <= CCCP_PERM_ADMIN ) {
+ if( $_SESSION['permissions'] == CCCP_PERM_INVITE ) {
+ echo '<div class="category"><strong><em>Please check with your lead to get access.</em></strong></div>';
+ } else if( $_SESSION['permissions'] <= CCCP_PERM_LEAD ) {
+ $research = 0;
+ $canvass = 1;
+ $phonebank= 0;
+ $users = 1;
+ $settings = 0;
+ } else if( $_SESSION['permissions'] <= CCCP_PERM_ADMIN ) {
+ $research = 1;
+ $canvass = 1;
+ $phonebank= 1;
+ $users = 1;
+ $settings = 1;
+ } else {
+ $research = 0;
+ $canvass = 1;
+ $phonebank= 0;
+ $users = 0;
+ $settings = 0;
+ }
+
+ echo ($research ? ' <a href="research.php" class="category">Research</a>' : '');
+ echo ($canvass ? ' <a href="canvass.php" class="category">Canvassing</a>' : '');
+ echo ($phonebank? ' <a href="phonebank.php" class="category">Phonebanking</a>' : '');
+ echo ($users ? ' <a href="users.php" class="category">User Management</a>' : '');
+ echo ($settings ? ' <a href="settings.php" class="category">Settings</a>' : '');
+
?>
- <a href="settings.php" class="category">Settings</a>
-<?php } ?>
<a href="index.php?logout" class="category">Logout</a>
<?php licenseCategory(); ?>
+
</div>
<div id="details" style="display: block; padding: 2em;">
<p><b>Research</b> - View stats and cut turf</p>
// If an admin, display selected invite token link and QR -- token should be unique to a lead and/or turf?
-if( $_SESSION['permissions'] <= CCCP_PERM_LEAD ) {
- $query = "DELETE FROM invites WHERE expiry < CURRENT_TIMESTAMP()";
+if( isset($_SESSION['permissions']) && $_SESSION['permissions'] <= CCCP_PERM_LEAD ) {
+ $query = "DELETE FROM invites WHERE expiry > CURRENT_TIMESTAMP";
$stmt = $dbh->prepare($query);
$stmt->execute();
if( isset($_GET['canvassId']) ) {
$canvassId = $_GET['canvassId'];
- $leadId = $SESSION['userId'];
+ $leadId = $_SESSION['userId'];
$query = "SELECT token FROM invites WHERE canvassId = ? AND userId = ? AND expiry < TIMESTAMPADD(HOUR,1,CURRENT_TIMESTAMP)";
$params= Array($canvassId,$leadId);
$stmt = $dbh->prepare($query);
$token = $res[0]['token'];
} else {
$token = base64_encode(random_bytes(64));
- $query = "INSERT INTO invites(token, canvassId, userId) VALUES(?,?,?)";
+ $query = "INSERT INTO invites(token, canvassId, userId) VALUES(?,?,?);";
$params= Array($token,$canvassId,$leadId);
$stmt = $dbh->prepare($query);
$stmt->execute($params);
$res = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
- $url = CCCP_BASEURL."invite.php?token=".$token;
+ $url = CCCP_BASEURL."invite.php?token=".urlencode($token);
$qrl = "https://api.qrserver.com/v1/create-qr-code/?size=500x500&data=".urlencode($url);
echo "<a style='text-align: center; width: 100%; display: block;' href='".$url."'>".$url."</a><br/>";
echo "<img style='width: 90%; margin-left: 5%' src='".$qrl."' />";
// TODO: Add the user to the canvass
} else if( isset($_GET['token']) ) {
- $token = $_GET['token'];
- echo <<EOF
+ $token = urlencode($_GET['token']);
+ echo <<<EOF
<HTML>
<HEAD>
<link rel="stylesheet" href="css/invite.css" />
<BODY>
<div id="invitePrompt">
- <form name="cccp-invite" action="api.php?set=invite" method="POST" >
+ <form name="cccp-invite" action="invite.php" method="POST" >
<label for="username" id="label-username">Username</label>
<input type="text" id="username" name="username" />
<label for="password" id="label-password">Password</label>
</div>
</BODY>
</HTML>
-EOF
+EOF;
+
die();
}
// Register from a request
if( isset($_POST['token']) ) {
// Validate the token and get the canvass details
- $query = "SELECT * FROM invites WHERE expiry < CURRENT_TIMESTAMP AND token = ?;";
- $params= [$_POST['token']];
+ $query = "SELECT * FROM invites WHERE expiry > CURRENT_TIMESTAMP AND token = ?;";
+ $params= [urldecode($_POST['token'])];
$stmt = $dbh->prepare($query);
$stmt->execute($params);
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
- $lead = $rows['userId'];
- $canvass = $rows['canvassId'];
+ $lead = $rows[0]['userId'];
+ $canvass = $rows[0]['canvassId'];
// Add the user with INVITE permissions
- $query = "INSERT INTO users(username, realName, passhash, email, phone, permissions) VALUES(?, ?, ?, ?, ?, CCCP_PERM_INVITE);";
+ $query = "INSERT INTO users(username, realName, passhash, email, phone, permissions) VALUES(?, ?, ?, ?, ?, ".CCCP_PERM_INVITE.");";
$params= [$username, $realname, $passhash, $email, $phone];
- $stmt = $dbh->prepare($query)
+ $stmt = $dbh->prepare($query);
$stmt->execute($params);
$user = $dbh->lastInsertId();
$query = "INSERT INTO canvassGroups(canvassId, userId, leadId) VALUES(?,?,?);";
$params= [$canvass, $user, $lead];
+ $stmt = $dbh->prepare($query);
+ $stmt->execute($params);
+
+
+ header("Location: ./login.php");
}
git://git.slightlycyberpunk.com / CCCP.git / commitdiff