Initial Commit

Signed-off-by: fly <merspieler@airmail.cc>
2021-06-03 22:24:25 +02:00 · 2021-06-03 22:24:25 +02:00 · ff3d23195a
commit ff3d23195a
7 changed files with 391 additions and 0 deletions
--- a/24
+++ b/24
@ -0,0 +1,24 @@
+FROM docker.io/library/php:7.2-apache
+
+RUN docker-php-ext-install -j$(nproc) mysqli
+
+RUN pear install --alldeps Mail-1.4.1
+
+WORKDIR /var/www/html/
+
+COPY www/* .
+
+# Set default env vars
+ENV BASE_URL http://localhost
+## mysql
+ENV SQL_HOST mysql
+ENV SQL_PORT 3306
+ENV SQL_USER flightgear
+ENV SQL_PASSWORD FG-is-GREAT
+ENV SQL_DATABASE aircraft-dev-registry
+
+## SMTP
+ENV SMTP_HOST smtp
+ENV SMTP_USER none
+ENV SMTP_PASSWORD none
+ENV SMTP_FROM none
--- a/www/api.php
+++ b/www/api.php
@ -0,0 +1,77 @@
+<?php
+include("common.php");
+$API_VERSION = 0.1;
+
+function quit()
+{
+	$ret = new stdClass;
+	$ret->success = false;
+	$ret->version = $GLOBALS["API_VERSION"];
+	echo(json_encode($ret));
+	exit();
+}
+
+$ret = new stdClass;
+$ret->success = true;
+$ret->version = $API_VERSION;
+
+if (isset($_POST["action"]) && $_POST["action"] != "")
+{
+	$action = $_POST["action"];
+}
+else
+{
+	quit();
+}
+
+$con = new mysqli(getenv("SQL_HOST"), getenv("SQL_USER"), getenv("SQL_PASSWORD"), getenv("SQL_DATABASE"), getenv("SQL_PORT"));
+if ($con->connect_error)
+{
+	quit();
+}
+
+if ($action == "send-report")
+{
+	if (isset($_POST["aircraft-id"]) && $_POST["aircraft-id"] != "" && isset($_POST["report"]) && $_POST["report"] != "")
+	{
+		$acID = $_POST["aircraft-id"];
+		$report = $_POST["report"];
+	}
+	else
+	{
+		quit();
+	}
+
+	$stmt = $con->prepare("SELECT user FROM `aircraft-devs` WHERE acid = ?");
+	$stmt->bind_param("s", $acID);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	$res = $result->fetch_assoc();
+	$stmt->close();
+	if ($res == Null)
+	{
+		$ret->success = false;
+		$ret->error = "No dev in db";
+	}
+	else
+	{
+		while ($res != Null)
+		{
+			$msg = $report . "
+
+
+You're receiving this email cause you have signed up to the Aircraft Developer Registry.
+You can always sign off of receiving mails for the " . $acID . " using this link
+" . getenv("BASE_URL") . "/signoff.php?aircraft-id=" . $acID . "&email=" . $res["user"] . "
+Or sign off from receiving any mails using this link;
+" . getenv("BASE_URL") . "/signoff.php?aircraft-id=all&email=" . $res["user"];
+			send_mail($res, "Issue Report: " . $acID, $msg);
+			$res = $result->fetch_assoc();
+		}
+	}
+
+}
+
+$con->close();
+echo(json_encode($ret));
+?>
--- a/www/common.php
+++ b/www/common.php
@ -0,0 +1,28 @@
+<?php
+require_once "Mail.php";
+function send_mail($to, $subject, $body)
+{
+	$from = getenv("SMTP_FROM");
+	$subject = "[Aircraft Dev Registry] " . $subject;
+	$host = getenv("SMTP_HOST");
+	$username = getenv("SMTP_USER");
+	$password = getenv("SMTP_PASSWORD");
+	$headers = array ('From' => $from,
+		'To' => $to,
+		'Subject' => $subject);
+	$smtp = Mail::factory('smtp',
+		array ('host' => $host,
+			'auth' => true,
+			'username' => $username,
+			'password' => $password));
+	$mail = $smtp->send($to, $headers, $body);
+	if (PEAR::isError($mail))
+	{
+		return false;
+	}
+	else
+	{
+	return true;	
+	}
+}
+?>
--- a/www/confirm.php
+++ b/www/confirm.php
@ -0,0 +1,72 @@
+<html>
+	<head>
+		<title>Aircraft Developer Registry</title>
+	</head>
+	<body>
+<?php
+if (isset($_GET["id"]) && $_GET["id"] != "")
+{
+	$con = new mysqli(getenv("SQL_HOST"), getenv("SQL_USER"), getenv("SQL_PASSWORD"), getenv("SQL_DATABASE"), getenv("SQL_PORT"));
+	if ($con->connect_error)
+	{
+		echo("An error occured, please try later</body></html>");
+		exit();
+	}
+
+	$stmt = $con->prepare("SELECT action FROM `confirmation-pending` WHERE id = ?;");
+	$stmt->bind_param("s", $_GET["id"]);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	$res = $result->fetch_assoc();
+	$stmt->close();
+	if ($res == Null)
+	{
+		echo("Invalid Link</body></html>");
+		exit();
+	}
+
+	$res = json_decode($res["action"]);
+	$action = $res->action;
+	if ($action == "signup")
+	{
+		$stmt = $con->prepare("INSERT INTO `aircraft-devs` (acid, user) VALUES (?, ?);");
+		$stmt->bind_param("ss", $res->acid, $res->email);
+		$stmt->execute();
+		$stmt->close();
+		$stmt = $con->prepare("DELETE FROM `confirmation-pending` WHERE id = ?;");
+		$stmt->bind_param("s", $_GET["id"]);
+		$stmt->execute();
+		$stmt->close();
+		echo("You're successfully signed up");
+	}
+	else if ($action == "signoff")
+	{
+		if ($res->acid == "all")
+		{
+			$stmt = $con->prepare("DELETE FROM `aircraft-devs` WHERE user = ?;");
+			$stmt->bind_param("s", $res->email);
+			$stmt->execute();
+			$stmt->close();
+			echo("You're successfully signed off from all aircraft");
+		}
+		else
+		{
+			$stmt = $con->prepare("DELETE FROM `aircraft-devs` WHERE user = ? AND acid = ?;");
+			$stmt->bind_param("ss", $res->email, $res->acid);
+			$stmt->execute();
+			$stmt->close();
+			echo("Your successfully signed off from " . $res->acid);
+		}
+		$stmt = $con->prepare("DELETE FROM `confirmation-pending` WHERE id = ?;");
+		$stmt->bind_param("s", $_GET["id"]);
+		$stmt->execute();
+		$stmt->close();
+	}
+}
+else
+{
+	echo("Invalid link");
+}
+?>
+	</body>
+</html>
--- a/www/index.php
+++ b/www/index.php
@ -0,0 +1,45 @@
+<html>
+	<head>
+		<title>Aircraft Developer Registry</title>
+	</head>
+	<body>
+		<h1>Aircraft Developer Registry</h1>
+		<h2>Sign Up</h2>
+		<form action="signup.php" method="POST">
+			<label>Aircraft ID</label><input type="text" name="aircraft-id" required/><br/>
+			<label>Email Address</label><input type="email" name="email" required/><br/>
+			<input type="hidden" name="name"/>
+			<input type="submit" value="Sign Up"/>
+		</form><br/>
+		<h2>Statistics</h2>
+<?php
+$con = new mysqli(getenv("SQL_HOST"), getenv("SQL_USER"), getenv("SQL_PASSWORD"), getenv("SQL_DATABASE"), getenv("SQL_PORT"));
+$fetch_failed = false;
+if ($con->connect_error)
+{
+	$fetch_failed = true;
+}
+else
+{
+	// Aircraft stats
+	echo('<table border="1"><tr><th>Aircraft</th><th>Developers</th></tr>');
+	$sql = "SELECT acid, COUNT(user) AS ucount FROM `aircraft-devs` GROUP BY acid;";
+	$result = $con->query($sql);
+	while ($row = $result->fetch_assoc())
+	{
+		echo('<tr><td>' . $row["acid"] . '</td><td>' . $row["ucount"] . '</td></tr>');
+	}
+	echo('</table><br/>');
+	// User stats
+	$sql = "SELECT COUNT(DISTINCT user) AS ucount FROM `aircraft-devs`;";
+	$result = $con->query($sql);
+	$row = $result->fetch_assoc();
+	echo('There are ' . $row["ucount"] . ' developers registered');
+}
+if ($fetch_failed)
+{
+	echo("Unable to get complete statistics");
+}
+?>
+	</body>
+</html>
--- a/www/signoff.php
+++ b/www/signoff.php
@ -0,0 +1,76 @@
+<html>
+	<head>
+		<title>Sign Off</title>
+	</head>
+	<body>
+<?php
+include("common.php");
+if (isset($_GET["aircraft-id"]) && $_GET["aircraft-id"] != "" && isset($_GET["email"]) && $_GET["email"] != "")
+{
+	$con = new mysqli(getenv("SQL_HOST"), getenv("SQL_USER"), getenv("SQL_PASSWORD"), getenv("SQL_DATABASE"), getenv("SQL_PORT"));
+	if ($con->connect_error)
+	{
+		echo("An error occured, please try later</body></html>");
+		exit();
+	}
+	if ($_GET["aircraft-id"] == "all")
+	{
+		$stmt = $con->prepare("SELECT id FROM `aircraft-devs` WHERE user = ?");
+		$stmt->bind_param("s", $_GET["email"]);
+	}
+	else
+	{
+		$stmt = $con->prepare("SELECT id FROM `aircraft-devs` WHERE acid = ? AND user = ?");
+		$stmt->bind_param("ss", $_GET["aircraft-id"], $_GET["email"]);
+	}
+	$stmt->execute();
+	$result = $stmt->get_result();
+	$res = $result->fetch_assoc();
+	$stmt->close();
+	if ($res == Null)
+	{
+		echo("You're not signed up to receive emails for " . $_GET["aircraft-id"]);
+	}
+	else
+	{
+		$hash_unique = false;
+		while (!$hash_unique)
+		{
+			$hash = bin2hex(random_bytes(16));
+			$sql = "SELECT id FROM `confirmation-pending` WHERE id = '" . $hash . "';";
+			$result = $con->query($sql);
+			$res = $result->fetch_assoc();
+			if ($res == Null)
+			{
+				$hash_unique = true;
+			}
+		}
+		$action = new stdClass;
+		$action->action = "signoff";
+		$action->acid = $_GET["aircraft-id"];
+		$action->email = $_GET["email"];
+
+		$stmt = $con->prepare("INSERT INTO `confirmation-pending` (id, action, ts) VALUES (?, ?, NOW())");
+		$stmt->bind_param("ss", $hash, json_encode($action));
+		$stmt->execute();
+		$stmt->close();
+
+		$msg = "You've received this email cause someone requested to sign this
+email off of the Aircraft Developer Registry at
+" . getenv("BASE_URL") . "
+If you have requested this please use the following link to confirm
+" . getenv("BASE_URL") . "/confirm.php?id=" . $hash . "
+If you haven't requested to be signed up, please ignore this email.";
+
+		send_mail($_GET["email"], "Sign Off " . $_GET["aircraft-id"], $msg);
+		echo("We've sent you an email. Please confirm your sign off with the link");
+	}
+	$con->close();
+}
+else
+{
+	echo("Invalid request.");
+}
+?>
+	</body>
+</html>
--- a/www/signup.php
+++ b/www/signup.php
@ -0,0 +1,69 @@
+<html>
+	<head>
+		<title>Sign Up</title>
+	</head>
+	<body>
+<?php
+include("common.php");
+// We expect name to be empty cause it's hidden -> only bots will fill it out
+if (isset($_POST["aircraft-id"]) && $_POST["aircraft-id"] != "" && isset($_POST["email"]) && $_POST["email"] != "")
+{
+	$con = new mysqli(getenv("SQL_HOST"), getenv("SQL_USER"), getenv("SQL_PASSWORD"), getenv("SQL_DATABASE"), getenv("SQL_PORT"));
+	if ($con->connect_error)
+	{
+		echo("An error occured, please try later</body></html>");
+		exit();
+	}
+	$stmt = $con->prepare("SELECT id FROM `aircraft-devs` WHERE acid = ? AND user = ?");
+	$stmt->bind_param("ss", $_POST["aircraft-id"], $_POST["email"]);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	$res = $result->fetch_assoc();
+	$stmt->close();
+	if ($res != Null)
+	{
+		echo("You've already signed up to receive emails for " . $_POST["aircraft-id"]);
+	}
+	else
+	{
+		$hash_unique = false;
+		while (!$hash_unique)
+		{
+			$hash = bin2hex(random_bytes(16));
+			$sql = "SELECT id FROM `confirmation-pending` WHERE id = '" . $hash . "';";
+			$result = $con->query($sql);
+			$res = $result->fetch_assoc();
+			if ($res == Null)
+			{
+				$hash_unique = true;
+			}
+		}
+		$action = new stdClass;
+		$action->action = "signup";
+		$action->acid = $_POST["aircraft-id"];
+		$action->email = $_POST["email"];
+
+		$stmt = $con->prepare("INSERT INTO `confirmation-pending` (id, action, ts) VALUES (?, ?, NOW())");
+		$stmt->bind_param("ss", $hash, json_encode($action));
+		$stmt->execute();
+		$stmt->close();
+
+		$msg = "You've received this email cause someone requested to sign this
+email up for the Aircraft Developer Registry at
+" . getenv("BASE_URL") . "
+If you have requested this please use the following link to confirm
+" . getenv("BASE_URL") . "/confirm.php?id=" . $hash . "
+If you haven't requested to be signed up, please ignore this email.";
+
+		send_mail($_POST["email"], "Sign Up " . $_POST["aircraft-id"], $msg);
+		echo("We've sent you an email. Please confirm your sign up with the link");
+	}
+	$con->close();
+}
+else
+{
+	echo("Invalid request.");
+}
+?>
+	</body>
+</html>