jamesp/ppr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f6368f12f12221f8bf81111843035941c14030d7
ppr/functions.php

190 lines
5.9 KiB
PHP
Raw Blame History

<?php
// Database connection details
$host = 'sasaprod.pattinson.org'; // Replace with your database host (usually 'localhost')
$username = 'ppruser'; // Replace with your database username
$password = 'iJ8kN*5[g6P3jaqN'; // Replace with your database password
$database = 'pprdevdb'; // Replace with your database name
$mailHost = 'send.one.com'; // Your SMTP server
$mailSMTPAuth = true;
$mailUsername = 'noreply@swansea-airport.wales';
$mailPassword = 'SASAGoForward2155';
//$mailSMTPSecure = PHPMailer::ENCRYPTION_SMTPS;
$mailPort = 465;
$mailFromAddress = 'noreply@swansea-airport.wales';
$mailFromName = 'Swansea Airport';
$baseUrl = "https://ppr.swansea-airport.wales/dev";
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;
function getUserIP() {
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
return $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
return $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
return $_SERVER['REMOTE_ADDR'];
}
}
function connectDb() {
// Create connection
$conn = new mysqli( $GLOBALS['host'], $GLOBALS['username'], $GLOBALS['password'], $GLOBALS['database']);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
return $conn;
}
function logJournal($conn, $id, $message) {
if (isset($_SERVER['PHP_AUTH_USER'])) {
$user = $_SERVER['PHP_AUTH_USER'];
} else {
$user = "None";
}
$stmt = $conn->prepare("INSERT INTO journal (ppr_id, entry, user, ip) VALUES (?, ?, ?, ?)");
$ip = getUserIP();
$stmt->bind_param("isss", $id, $message, $user, $ip);
$stmt->execute();
$stmt->close();
}
function require_db_auth() {
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
send_auth_headers();
}
$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];
$conn = connectDb();
$stmt = $conn->prepare("SELECT password FROM users WHERE username = ?");
$stmt->bind_param("s", $user);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($stored_hash);
$stmt->fetch();
// Verify the password
if ($stmt->num_rows == 0 || !password_verify($pass, $stored_hash)) {
send_auth_headers();
}
// Close the connection
$stmt->close();
$conn->close();
}
function send_auth_headers() {
header('WWW-Authenticate: Basic realm="Restricted Area"');
header('HTTP/1.0 401 Unauthorized');
die("Authentication required.");
}
function require_auth() {
$AUTH_USER = 'admin';
$AUTH_PASS = 'admin';
header('Cache-Control: no-cache, must-revalidate, max-age=0');
$has_supplied_credentials = !(empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['PHP_AUTH_PW']));
$is_not_authenticated = (
!$has_supplied_credentials ||
$_SERVER['PHP_AUTH_USER'] != $AUTH_USER ||
$_SERVER['PHP_AUTH_PW'] != $AUTH_PASS
);
if ($is_not_authenticated) {
header('HTTP/1.1 401 Authorization Required');
header('WWW-Authenticate: Basic realm="PPR"');
echo 'Text to send if user hits Cancel button';
exit;
}
}
function generateSecureToken($email, $entryId) {
$secretKey = "your-very-secret-key"; // Use an environment variable for this
$timestamp = time();
$data = "$email|$entryId|$timestamp";
$hash = hash_hmac('sha256', $data, $secretKey);
return base64_encode("$data|$hash");
}
function validateSecureToken($token) {
$secretKey = "your-very-secret-key";
$decoded = base64_decode($token);
if (!$decoded) return false;
list($email, $entryId, $timestamp, $hash) = explode('|', $decoded);
// Check expiration (e.g., valid for 1 hour)
//if (time() - $timestamp > 3600) {
// return false;
//}
// Verify hash
$data = "$email|$entryId|$timestamp";
$validHash = hash_hmac('sha256', $data, $secretKey);
if (!hash_equals($validHash, $hash)) {
return false;
}
return ['email' => $email, 'entryId' => $entryId];
}
function generatePprEmail($entryId, $email, $ac_reg) {
global $conn, $mailHost, $mailSMTPAuth, $mailUsername, $mailPassword, $mailPort, $baseUrl, $mailFromAddress, $mailFromName;
if (!class_exists('PHPMailer\PHPMailer\PHPMailer')) {
require '../vendor/autoload.php';
}
$token = generateSecureToken($email, $entryId);
$secureLink = $baseUrl . "/pilotppr.php?op=view&token=" . urlencode($token);
$mail = new PHPMailer(true);
try {
$mail->isSMTP();
$mail->Host = $mailHost;
$mail->SMTPAuth = $mailSMTPAuth;
$mail->Username = $mailUsername;
$mail->Password = $mailPassword;
$mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS;
$mail->Port = $mailPort;
$mail->setFrom($mailFromAddress, $mailFromName);
$mail->addAddress($email);
$mail->isHTML(true);
$mail->Subject = "PPR Confirmation for " . $ac_reg;
$mail->Body = "
<p>Dear Pilot,<p>This is to confirm we have received your PPR information, and we look forward to welcoming you at Swansea Airport.<p>Please review our <a href=https://swansea-airport.wales/pilot-information/arrival-procedures.html>arrival procedures</a> prior to your arrival.<p>To view or cancel your PPR please click the button:</p>
<a href='$secureLink' style='display: inline-block; padding: 10px 20px; color: white; background-color: #007bff; text-decoration: none; border-radius: 5px;'>View PPR</a>
<p><img src='https://ppr.swansea-airport.wales/dev/assets/egfh.webp' alt='Swansea Airport' style='width: 200px;'>
";
$mail->send();
echo "Email sent successfully!";
logJournal($conn, $entryId, "Confirm email sent");
} catch (Exception $e) {
echo "Email sending failed: {$mail->ErrorInfo}";
logJournal($conn, $entryId, "Confirm email FAILED");
}
}
?>
Reference in New Issue View Git Blame Copy Permalink