Add publication sending UI

6 years ago · c9964394d5
parent d7c693b1d7
commit c9964394d5
12 changed files with 172 additions and 2 deletions
--- a/action.php
+++ b/action.php
@ -30,6 +30,9 @@ function returnToSender($msg, $arg = "") {
 }

 switch ($VARS['action']) {
+    case "sendpub":
+        die("not implemented yet.");
+        break;
    case "editpub":
        $insert = true;
        if (is_empty($VARS['pubid'])) {
--- a/database.mwb
+++ b/database.mwb
--- a/lang/en_us.php
+++ b/lang/en_us.php
@ -91,5 +91,12 @@ define("STRINGS", [
    "publications" => "Publications",
    "grid" => "Grid",
    "list" => "List",
-    "search" => "Search"
+    "search" => "Search",
+    "send" => "Send",
+    "send publication" => "Send Publication",
+    "subject" => "Subject",
+    "placeholder subject" => "Type an email subject",
+    "message" => "Message",
+    "default message" => "Hello,  \nClick the link to view the newsletter:",
+    "cancel" => "Cancel"
 ]);
--- a/lib/iputils.php
+++ b/lib/iputils.php
@ -4,7 +4,6 @@
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

-
 /**
 * Check if a given ipv4 address is in a given cidr
 * @param  string $ip    IP to check in IPV4 format eg. 127.0.0.1
@ -130,3 +129,25 @@ function getClientIP() {

    return "0.0.0.0"; // This will not happen unless we aren't a web server
 }
+
+/**
+ * Check if the client's IP has been doing too many brute-force-friendly
+ * requests lately.
+ * Kills the script with a "friendly" error and response code 429
+ * (Too Many Requests) if the last access time in the DB is too near.
+ *
+ * Also updates the rate_limit table with the latest data and purges old rows.
+ * @global type $database
+ */
+function engageRateLimit() {
+    global $database;
+    $delay = date("Y-m-d H:i:s", strtotime("-5 seconds"));
+    $database->delete('rate_limit', ["lastaction[<]" => $delay]);
+    if ($database->has('rate_limit', ["AND" => ["ipaddr" => getClientIP()]])) {
+        http_response_code(429);
+        die("You're going too fast.  Wait a few seconds and try again.");
+    } else {
+        // Add a record for the IP address
+        $database->insert('rate_limit', ["ipaddr" => getClientIP(), "lastaction" => date("Y-m-d H:i:s")]);
+    }
+}
--- a/pages.php
+++ b/pages.php
@ -69,6 +69,15 @@ define("PAGES", [
            "static/js/editlist.js"
        ],
    ],
+    "send" => [
+        "title" => "send",
+        "navbar" => false,
+        "icon" => "fas fa-paper-plane",
+        "scripts" => [
+            "static/js/snarkdown.umd.js",
+            "static/js/send.js"
+        ]
+    ],
    "404" => [
        "title" => "404 error"
    ]
--- a/pages/content.php
+++ b/pages/content.php
@ -146,6 +146,7 @@ if ($pub === false) {
            <div class="btn btn-success" id="new_tile_btn" data-toggle="modal" data-target="#new-tile-modal"><i class="fas fa-plus"></i> <?php lang("new tile"); ?></div>
        <?php } ?>
        <a class="btn btn-primary" id="preview_btn" href="lib/gencontent.php?pubid=<?php echo $pub; ?>" target="_BLANK"><i class="fas fa-search"></i> <?php lang("preview"); ?></a>
+        <a class="btn btn-info" id="send_btn" href="./app.php?page=send&pubid=<?php echo $pub; ?>"><i class="fas fa-paper-plane"></i> <?php lang("send"); ?></a>
    </div>

    <div class="pages-box">
--- a/pages/send.php
+++ b/pages/send.php
@ -0,0 +1,78 @@
+<?php
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+require_once __DIR__ . '/../required.php';
+
+redirectifnotloggedin();
+
+if (is_empty($VARS['pubid']) || !$database->has("publications", ['pubid' => $VARS['pubid']])) {
+    header('Location: app.php?page=home');
+    die();
+}
+
+$lists = $database->select("mail_lists", ['listid', 'listname']);
+?>
+
+<form role="form" action="action.php" method="POST">
+    <div class="card border-deep-purple">
+        <h3 class="card-header text-deep-purple">
+            <i class="fas fa-paper-plane"></i> <?php lang("send publication"); ?>
+        </h3>
+        <div class="card-body">
+            <div class="row">
+                <div class="col-12 col-sm-6">
+                    <div class="form-group">
+                        <label for="subject"><i class="fas fa-envelope"></i> <?php lang("subject"); ?></label>
+                        <input type="text" class="form-control" id="subject" name="subject" placeholder="<?php lang("placeholder subject"); ?>" required="required" />
+                    </div>
+                    <div class="form-group">
+                        <label for="message"><i class="fas fa-edit"></i> <?php lang("message"); ?></label>
+                        <textarea id="message" name="message" class="form-control" rows="5"><?php lang("default message"); ?></textarea>
+                    </div>
+                </div>
+                <div class="col-12 col-sm-6">
+                    <label for="preview"><i class="fas fa-search"></i> <?php lang("preview"); ?></label>
+                    <div class="card border-deep-purple">
+                        <div class="card-header">
+                            <span id="subjectpreview" class="h5"><?php lang("subject"); ?></span>
+                        </div>
+                        <div class="card-body">
+                            <span id="messagepreview">
+                                <?php echo str_replace("\n", "<br>", lang("default message", false)); ?>
+                            </span>
+                            <br>
+                            <a href="<?php echo URL; ?>/view.php?id=<?php echo $VARS['pubid']; ?>"><?php echo URL; ?>/view.php?id=<?php echo $VARS['pubid']; ?></a>
+                            <hr />
+                            Unsubscribe: <a href="<?php echo URL; ?>/unsubscribe.php?a=xxxxx@example.com"><?php echo URL; ?>/unsubscribe.php?a=xxxxx@example.com</a>
+                        </div>
+                    </div>
+                </div>
+            </div>
+            <div class="form-group">
+                <label for="list"><i class="fas fa-bars"></i> <?php lang("list"); ?></label>
+                <select name="list" id="list" class="form-control">
+                    <?php
+                    foreach ($lists as $l) {
+                        echo "<option value=\"" . $l['listid'] . "\">" . htmlspecialchars($l['listname']) . "</option>\n";
+                    }
+                    ?>
+                </select>
+            </div>
+        </div>
+
+        <input type="hidden" name="pubid" value="<?php
+        echo htmlspecialchars($VARS['pubid']);
+        ?>" />
+
+        <input type="hidden" name="action" value="sendpub" />
+        <input type="hidden" name="source" value="home" />
+
+        <div class="card-footer d-flex">
+            <button type="submit" class="btn btn-success mr-auto"><i class="fas fa-paper-plane"></i> <?php lang("send"); ?></button>
+
+            <a href="./app.php?page=content&pubid=<?php echo htmlspecialchars($VARS['pubid']); ?>" class="btn btn-danger"><i class="fas fa-times"></i> <?php lang('cancel'); ?></a>
+        </div>
+    </div>
+</form>
--- a/static/js/send.js
+++ b/static/js/send.js
@ -0,0 +1,14 @@
+/*
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+
+$("#subject").on("keyup", function () {
+    $("#subjectpreview").text($("#subject").val());
+});
+
+$("#message").on("keyup", function () {
+    $("#messagepreview").html(snarkdown($("#message").val()));
+});
--- a/static/js/snarkdown.umd.js
+++ b/static/js/snarkdown.umd.js
@ -0,0 +1 @@
+!function(e,n){"object"==typeof exports&&"undefined"!=typeof module?module.exports=n():"function"==typeof define&&define.amd?define(n):e.snarkdown=n()}(this,function(){function e(e){return e.replace(RegExp("^"+(e.match(/^(\t| )+/)||"")[0],"gm"),"")}function n(e){return(e+"").replace(/"/g,"&quot;").replace(/</g,"&lt;").replace(/>/g,"&gt;")}function r(o){function c(e){var n=t[e.replace(/\*/g,"_")[1]||""],r=f[f.length-1]==e;return n?n[1]?(f[r?"pop":"push"](e),n[0|r]):n[0]:e}function a(){for(var e="";f.length;)e+=c(f[f.length-1]);return e}var l,u,p,s,g,i=/((?:^|\n+)(?:\n---+|\* \*(?: \*)+)\n)|(?:^```(\w*)\n([\s\S]*?)\n```$)|((?:(?:^|\n+)(?:\t|  {2,}).+)+\n*)|((?:(?:^|\n)([>*+-]|\d+\.)\s+.*)+)|(?:\!\[([^\]]*?)\]\(([^\)]+?)\))|(\[)|(\](?:\(([^\)]+?)\))?)|(?:(?:^|\n+)([^\s].*)\n(\-{3,}|={3,})(?:\n+|$))|(?:(?:^|\n+)(#{1,3})\s*(.+)(?:\n+|$))|(?:`([^`].*?)`)|(  \n\n*|\n{2,}|__|\*\*|[_*])/gm,f=[],m="",d=0,h={};for(o=o.replace(/^\[(.+?)\]:\s*(.+)$/gm,function(e,n,r){return h[n.toLowerCase()]=r,""}).replace(/^\n+|\n+$/g,"");p=i.exec(o);)u=o.substring(d,p.index),d=i.lastIndex,l=p[0],u.match(/[^\\](\\\\)*\\$/)||(p[3]||p[4]?l='<pre class="code '+(p[4]?"poetry":p[2].toLowerCase())+'">'+e(n(p[3]||p[4]).replace(/^\n+|\n+$/g,""))+"</pre>":p[6]?(g=p[6],g.match(/\./)&&(p[5]=p[5].replace(/^\d+/gm,"")),s=r(e(p[5].replace(/^\s*[>*+.-]/gm,""))),">"===g?g="blockquote":(g=g.match(/\./)?"ol":"ul",s=s.replace(/^(.*)(\n|$)/gm,"<li>$1</li>")),l="<"+g+">"+s+"</"+g+">"):p[8]?l='<img src="'+n(p[8])+'" alt="'+n(p[7])+'">':p[10]?(m=m.replace("<a>",'<a href="'+n(p[11]||h[u.toLowerCase()])+'">'),l=a()+"</a>"):p[9]?l="<a>":p[12]||p[14]?(g="h"+(p[14]?p[14].length:"="===p[13][0]?1:2),l="<"+g+">"+r(p[12]||p[15])+"</"+g+">"):p[16]?l="<code>"+n(p[16])+"</code>":(p[17]||p[1])&&(l=c(p[17]||"--"))),m+=u,m+=l;return(m+o.substring(d)+a()).trim()}var t={"":["<em>","</em>"],_:["<strong>","</strong>"],"\n":["<br />"]," ":["<br />"],"-":["<hr />"]};return r});
--- a/style_dev/NOTE
+++ b/style_dev/NOTE
@ -0,0 +1 @@
+Add tile types to editor preview
--- a/unsubscribe.php
+++ b/unsubscribe.php
@ -0,0 +1,25 @@
+<?php
+
+require __DIR__ . "/required.php";
+
+require __DIR__ . "/lib/iputils.php";
+
+$address = $VARS['a'];
+
+engageRateLimit();
+
+if (!filter_var($address, FILTER_VALIDATE_EMAIL)) {
+    die("Invalid email address.");
+}
+
+$address = str_replace("%", '\%', $address);
+
+echo $address;
+
+if ($database->has('addresses', ['email' => $address])) {
+    $count = $database->count('addresses', ['email' => $address]);
+    $database->delete('addresses', ['email' => $address]);
+    die("$address has been removed from $count mailing " . ($count === 1 ? "list" : "lists") . ".");
+} else {
+    die("$address has already been removed.");
+}
--- a/view.php
+++ b/view.php
@ -0,0 +1,10 @@
+<?php
+
+$id = $_GET['id'];
+$id = filter_var($id, FILTER_SANITIZE_NUMBER_INT);
+
+header("Location: lib/gencontent.php?pubid=" . $_GET['id']);
+?>
+<!DOCTYPE html>
+<title>Redirect</title>
+<a href="lib/gencontent.php?pubid=<?php echo $_GET['id']; ?>">View Document</a>
				`@ -0,0 +1 @@`
				!function(e,n){"object"==typeof exports&&"undefined"!=typeof module?module.exports=n():"function"==typeof define&&define.amd?define(n):e.snarkdown=n()}(this,function(){function e(e){return e.replace(RegExp("^"+(e.match(/^(\t\| )+/)\|\|"")[0],"gm"),"")}function n(e){return(e+"").replace(/"/g,""").replace(/</g,"<").replace(/>/g,">")}function r(o){function c(e){var n=t[e.replace(/\/g,"_")[1]\|\|""],r=f[f.length-1]==e;return n?n[1]?(f[r?"pop":"push"](e),n[0\|r]):n[0]:e}function a(){for(var e="";f.length;)e+=c(f[f.length-1]);return e}var l,u,p,s,g,i=/((?:^\|\n+)(?:\n---+\|\ \(?: \)+)\n)\|(?:^```(\w)\n([\s\S]?)\n```$)\|((?:(?:^\|\n+)(?:\t\| {2,}).+)+\n)\|((?:(?:^\|\n)([>+-]\|\d+\.)\s+.)+)\|(?:\!\[([^\]]?)\]\(([^\)]+?)\))\|(\[)\|(\](?:\(([^\)]+?)\))?)\|(?:(?:^\|\n+)([^\s].)\n(\-{3,}\|={3,})(?:\n+\|$))\|(?:(?:^\|\n+)(#{1,3})\s(.+)(?:\n+\|$))\|(?:`([^`].?)`)\|( \n\n\|\n{2,}\|__\|\\\|[_])/gm,f=[],m="",d=0,h={};for(o=o.replace(/^\[(.+?)\]:\s(.+)$/gm,function(e,n,r){return h[n.toLowerCase()]=r,""}).replace(/^\n+\|\n+$/g,"");p=i.exec(o);)u=o.substring(d,p.index),d=i.lastIndex,l=p[0],u.match(/[^\\](\\\\)\\$/)\|\|(p[3]\|\|p[4]?l='<pre class="code '+(p[4]?"poetry":p[2].toLowerCase())+'">'+e(n(p[3]\|\|p[4]).replace(/^\n+\|\n+$/g,""))+"</pre>":p[6]?(g=p[6],g.match(/\./)&&(p[5]=p[5].replace(/^\d+/gm,"")),s=r(e(p[5].replace(/^\s[>+.-]/gm,""))),">"===g?g="blockquote":(g=g.match(/\./)?"ol":"ul",s=s.replace(/^(.)(\n\|$)/gm,"<li>$1</li>")),l="<"+g+">"+s+"</"+g+">"):p[8]?l='<img src="'+n(p[8])+'" alt="'+n(p[7])+'">':p[10]?(m=m.replace("<a>",'<a href="'+n(p[11]\|\|h[u.toLowerCase()])+'">'),l=a()+"</a>"):p[9]?l="<a>":p[12]\|\|p[14]?(g="h"+(p[14]?p[14].length:"="===p[13][0]?1:2),l="<"+g+">"+r(p[12]\|\|p[15])+"</"+g+">"):p[16]?l="<code>"+n(p[16])+"</code>":(p[17]\|\|p[1])&&(l=c(p[17]\|\|"--"))),m+=u,m+=l;return(m+o.substring(d)+a()).trim()}var t={"":["<em>","</em>"],_:["<strong>","</strong>"],"\n":["<br />"]," ":["<br />"],"-":["<hr />"]};return r});