Research - View stats and cut turf

diff --git a/invite.php b/invite.php index cc5604e..8178dd7 100644 --- a/invite.php +++ b/invite.php @@ -37,14 +37,14 @@ $dbh = new PDO("mysql:host=localhost;dbname=CCCP", "root", "yix", $options); // If an admin, display selected invite token link and QR -- token should be unique to a lead and/or turf? -if( $_SESSION['permissions'] <= CCCP_PERM_LEAD ) { - $query = "DELETE FROM invites WHERE expiry < CURRENT_TIMESTAMP()"; +if( isset($_SESSION['permissions']) && $_SESSION['permissions'] <= CCCP_PERM_LEAD ) { + $query = "DELETE FROM invites WHERE expiry > CURRENT_TIMESTAMP"; $stmt = $dbh->prepare($query); $stmt->execute(); if( isset($_GET['canvassId']) ) { $canvassId = $_GET['canvassId']; - $leadId = $SESSION['userId']; + $leadId = $_SESSION['userId']; $query = "SELECT token FROM invites WHERE canvassId = ? AND userId = ? AND expiry < TIMESTAMPADD(HOUR,1,CURRENT_TIMESTAMP)"; $params= Array($canvassId,$leadId); $stmt = $dbh->prepare($query); @@ -55,14 +55,14 @@ if( $_SESSION['permissions'] <= CCCP_PERM_LEAD ) { $token = $res[0]['token']; } else { $token = base64_encode(random_bytes(64)); - $query = "INSERT INTO invites(token, canvassId, userId) VALUES(?,?,?)"; + $query = "INSERT INTO invites(token, canvassId, userId) VALUES(?,?,?);"; $params= Array($token,$canvassId,$leadId); $stmt = $dbh->prepare($query); $stmt->execute($params); $res = $stmt->fetchAll(PDO::FETCH_ASSOC); } - $url = CCCP_BASEURL."invite.php?token=".$token; + $url = CCCP_BASEURL."invite.php?token=".urlencode($token); $qrl = "https://api.qrserver.com/v1/create-qr-code/?size=500x500&data=".urlencode($url); echo "".$url."
"; echo "

"; @@ -75,8 +75,8 @@ if( isset($_GET['token']) && isset($_SESSION['userId']) ) { // TODO: Add the user to the canvass } else if( isset($_GET['token']) ) { - $token = $_GET['token']; - echo < @@ -86,7 +86,7 @@ if( isset($_GET['token']) && isset($_SESSION['userId']) ) {

-EOF +EOF; + die(); } // Register from a request if( isset($_POST['token']) ) { // Validate the token and get the canvass details - $query = "SELECT * FROM invites WHERE expiry < CURRENT_TIMESTAMP AND token = ?;"; - $params= [$_POST['token']]; + $query = "SELECT * FROM invites WHERE expiry > CURRENT_TIMESTAMP AND token = ?;"; + $params= [urldecode($_POST['token'])]; $stmt = $dbh->prepare($query); $stmt->execute($params); $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); @@ -146,16 +147,21 @@ if( isset($_POST['token']) ) { } - $lead = $rows['userId']; - $canvass = $rows['canvassId']; + $lead = $rows[0]['userId']; + $canvass = $rows[0]['canvassId']; // Add the user with INVITE permissions - $query = "INSERT INTO users(username, realName, passhash, email, phone, permissions) VALUES(?, ?, ?, ?, ?, CCCP_PERM_INVITE);"; + $query = "INSERT INTO users(username, realName, passhash, email, phone, permissions) VALUES(?, ?, ?, ?, ?, ".CCCP_PERM_INVITE.");"; $params= [$username, $realname, $passhash, $email, $phone]; - $stmt = $dbh->prepare($query) + $stmt = $dbh->prepare($query); $stmt->execute($params); $user = $dbh->lastInsertId(); $query = "INSERT INTO canvassGroups(canvassId, userId, leadId) VALUES(?,?,?);"; $params= [$canvass, $user, $lead]; + $stmt = $dbh->prepare($query); + $stmt->execute($params); + + + header("Location: ./login.php"); } -- 1.8.3.1