From b6a12f4b32bc1671298a6625d2f56709fcf072c4 Mon Sep 17 00:00:00 2001
From: "vincent@cubedesigners.com"
 <vincent@cubedesigners.com@f5622870-0f3c-0410-866d-9cb505b7a8ef>
Date: Wed, 2 Sep 2020 10:25:58 +0000
Subject: [PATCH] wip #3866 @0.75

---
 fluidbook/mailer/index.php             | 154 ++++++++++++++-----------
 fluidbook/mailer/verification-code.php |  48 +-------
 inc/commons/class.common.ajax.php      |   5 +
 inc/commons/class.common.tools.php     |  23 ++++
 4 files changed, 115 insertions(+), 115 deletions(-)

diff --git a/fluidbook/mailer/index.php b/fluidbook/mailer/index.php
index fdf1f8eff..8537f327c 100644
--- a/fluidbook/mailer/index.php
+++ b/fluidbook/mailer/index.php
@@ -16,87 +16,105 @@ echo json_encode(process());
 
 //--------------//
 
-function process() {
-
-	$result['success'] = false;
-
-	if($_SERVER['REQUEST_METHOD'] != 'POST') {
-		$result['message'] = 'Invalid request';
-		return $result;
-	}
-
-	// Check that important fields are present
-	if(empty($_POST['_formID']) || empty($_POST['_recipient']) || empty($_POST['_verification'])) {
-		$result['message'] = 'Error: missing form configuration data';
-		return $result;
-	}
-
-	// Confirm that the form is valid and hasn't been tampered with
-	$secret = SECRET_CODE; // see config.php
-	$verification = md5("{$_POST['_recipient']}+{$_POST['_formID']}+$secret");
-	if(strtolower($_POST['_verification']) != $verification) {
-		$result['message'] = 'Error verifying form. E-mail could not be sent.';
-		return $result;
-	}
-
-	// If we get to here, the form can be processed and the email sent.
-	// First, build the email body
-	$content = buildEmail($_POST);
-
-	// Save data into a log file for this form
-	$saved = saveData($content, $_POST['_formID']);
-	if(!$saved) $result['save_error'] = true;
-
-	// Send e-mail...
-	require('PHPMailer/PHPMailerAutoload.php');
-	$mail = new PHPMailer;
-
-	$mail->From = 'no-reply@fluidbook.com';
-	$mail->FromName = 'Fluidbook';
-	$mail->addAddress($_POST['_recipient']);
-	if (isset($_POST['email'])) { $mail->addReplyTo($_POST['email']); } // Guess the reply address field
-	$mail->addBCC('test@cubedesigners.com');
-
-	$mail->Subject = isset($_POST['_subject']) ? $_POST['_subject'] : 'Fluidbook e-mail form submission';
-	$mail->Body    = $content;
-	//$mail->AltBody = $content;
-
-	if(!$mail->send()) {
-		$result['message'] = 'Error sending mail: '. $mail->ErrorInfo;
-	} else {
-		$result['message'] = 'Your information has been sent successfully';
-		$result['success'] = true;
-	}
-
-	return $result;	
+function process()
+{
+
+    $result['success'] = false;
+
+    if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+        $result['message'] = 'Invalid request';
+        return $result;
+    }
+
+    // Check that important fields are present
+    if (empty($_POST['_formID']) || empty($_POST['_recipient']) || empty($_POST['_verification'])) {
+        $result['message'] = 'Error: missing form configuration data';
+        return $result;
+    }
+
+    // Confirm that the form is valid and hasn't been tampered with
+    $secret = SECRET_CODE; // see config.php
+    $verification = md5("{$_POST['_recipient']}+{$_POST['_formID']}+$secret");
+    if (strtolower($_POST['_verification']) != $verification) {
+        $result['message'] = 'Error verifying form. E-mail could not be sent.';
+        return $result;
+    }
+
+    // If we get to here, the form can be processed and the email sent.
+    // First, build the email body
+    $content = buildEmail($_POST);
+
+    // Save data into a log file for this form
+    $saved = saveData($content, $_POST['_formID']);
+    if (!$saved) $result['save_error'] = true;
+
+    // Send e-mail...
+    require('PHPMailer/PHPMailerAutoload.php');
+    $mail = new PHPMailer;
+    $mail->CharSet = 'UTF-8';
+
+    $mail->From = 'no-reply@fluidbook.com';
+    $mail->FromName = 'Fluidbook';
+    $mail->addAddress($_POST['_recipient']);
+    if (isset($_POST['email'])) {
+        $mail->addReplyTo($_POST['email']);
+    } // Guess the reply address field
+    $mail->addBCC('test@cubedesigners.com');
+
+    $mail->Subject = isset($_POST['_subject']) ? $_POST['_subject'] : 'Fluidbook e-mail form submission';
+    $mail->Body = $content;
+    //$mail->AltBody = $content;
+
+    if (!$mail->send()) {
+        $result['message'] = 'Error sending mail: ' . $mail->ErrorInfo;
+    } else {
+        $result['message'] = 'Your information has been sent successfully';
+        $result['success'] = true;
+    }
+
+    return $result;
 }
 
 // Save form data to a log file in the logs directory
-function saveData($data = null, $filename = null) {
+function saveData($data = null, $filename = null)
+{
 
-	if(!$data || !filename) return false;
+    if (!$data || !filename) return false;
 
-	$filename = preg_replace("/[^A-Za-z0-9]/", '', $filename); // Sanitize filename
-	$filepath = "./logs/$filename.txt";
+    $filename = preg_replace("/[^A-Za-z0-9]/", '', $filename); // Sanitize filename
+    $filepath = "./logs/$filename.txt";
 
-	$data .= "\n----\n\n"; // Small divider between entries
+    $data .= "\n----\n\n"; // Small divider between entries
 
-	return file_put_contents($filepath, $data, FILE_APPEND | LOCK_EX);
+    return file_put_contents($filepath, $data, FILE_APPEND | LOCK_EX);
 }
 
 // Builds a string for use in the email based on array of data
 // Array keys beginning with "_" are not included
-function buildEmail($data) {
+function buildEmail($data)
+{
 
-	$res = 'Submission Date: '. date('Y-m-d H:i:s') . "\n\n";
+    $labels = [
+        'date' => ['fr' => 'Date', 'en' => 'Date'],
+        'surname' => ['fr' => 'Nom', 'en' => 'Surname'],
+        'first_name' => ['fr' => 'Prénom', 'en' => 'First Name'],
+        'phone' => ['fr' => 'Téléphone', 'en' => 'Phone'],
+        'city' => ['fr' => 'Ville', 'en' => 'City'],
+        'email' => ['fr' => 'E-mail', 'en' => 'Email'],
+        'message' => ['fr' => 'Message', 'en' => 'Message'],
+    ];
 
-	foreach($data as $key => $value) {
-		if(substr($key, 0, 1) === '_') continue; // Ignore keys starting with "_"
+    $locale = $data['_locale'] ?? 'en';
 
-		// Tidy up key names for presentation
-		$key  = ucwords(str_replace('_', ' ', $key));
-		$res .= "$key: $value\n";
-	}
+    $res = $labels['data']['locale'].': ' . date('Y-m-d H:i:s') . "\n\n";
 
-	return $res;
+    foreach ($data as $key => $value) {
+        if (substr($key, 0, 1) === '_') continue; // Ignore keys starting with "_"
+
+        // Tidy up key names for presentation
+        $key = $labels[$key][$locale];
+        $res .= "$key: $value\n";
+    }
+
+    return $res;
 }
diff --git a/fluidbook/mailer/verification-code.php b/fluidbook/mailer/verification-code.php
index 9bf1745fb..5618e268b 100644
--- a/fluidbook/mailer/verification-code.php
+++ b/fluidbook/mailer/verification-code.php
@@ -1,48 +1,2 @@
 <?php
-
-require_once('config.php');
-
-// Security:
-
-function do_auth()
-{
-  header("WWW-Authenticate: Basic realm=\"Restricted Area\"");
-
-  header("HTTP/1.0 401 Unauthorized");
-  echo("<HTML>Sorry, this is a restricted area.</HTML>\n");
-  exit;
-}
-
-if(!isset($_SERVER['PHP_AUTH_USER'])) {
-  do_auth();
-} else {
-	if ($_SERVER['PHP_AUTH_USER'] != "cubedesigners" || md5($_SERVER['PHP_AUTH_PW']) != "e5926182d37f851e540a64e80646152c") {
-		do_auth(); // wrong password. ask again
-	}
-}
-
-?>
-
-<html>
-<body>
-
-<h1>Fluidbook Mailer - Verification Code Generator</h1>
-
-<form method="post" action="">
-<input type="text" name="recipient" placeholder="Recipient">
-<input type="text" name="formID" placeholder="Form ID"> 
-
-<input type="submit">
-</form>
-
-<?php
-
-if ($_SERVER['REQUEST_METHOD'] == 'post') {
-	echo '<br><br>Verification code: ';
-	echo md5($_POST['recipient'] .'+'. $_POST['formID'] .'+'. SECRET_CODE); 
-}
-
-?>
-
-</body>
-</html>
+header('Location: https://workshop.fluidbook.com/tools/formVerificationCode');
\ No newline at end of file
diff --git a/inc/commons/class.common.ajax.php b/inc/commons/class.common.ajax.php
index d85ff5dcb..c93815c87 100644
--- a/inc/commons/class.common.ajax.php
+++ b/inc/commons/class.common.ajax.php
@@ -549,6 +549,11 @@ Mot de passe : $password";
         $mail->send($transport);
     }
 
+    public static function formVerificationCode($args, &$x)
+    {
+        $x->addContent('result', mb_strtoupper(md5($_POST['recipient'] . '+' . $_POST['form_id'] . '+n0_$PAM_please!')));
+    }
+
     /**
      * @param $args
      * @param cubeAjax $x
diff --git a/inc/commons/class.common.tools.php b/inc/commons/class.common.tools.php
index 1ed6ffa44..71f3829ea 100644
--- a/inc/commons/class.common.tools.php
+++ b/inc/commons/class.common.tools.php
@@ -1561,6 +1561,29 @@ class commonTools
         exit;
     }
 
+    public static function formVerificationCode($args)
+    {
+        wsDroits::admin();
+
+        global $core;
+        $res = commonPage::barre();
+        $res .= commonPage::tMain();
+        $res .= commonPage::bh();
+        $res .= '<form action="formVerificationCode" method="post">';
+        $res .= '<table class="liste">';
+        $res .= '<tr><th colspan="2"><strong>' . __('Générer un code de vérification') . '</strong></th></tr>';
+        $res .= '<tr><td>' . __('Identifiant du formulaire') . '</td><td ><input type="text" name="form_id" /></td></tr>';
+        $res .= '<tr class="odd"><td>' . __('Destinataire du formulaire') . '</td><td><input type="email" name="recipient"></td></tr>';
+        $res .= '<tr><td>' . __('Code de vérification') . '</td><td id="result"></td></tr>';
+        $res .= '<tr><td colspan="2" class="right"><a href="#" class="submit">' . $core->typo->BoutonOK(__('Générer')) . '</a></td></td>';
+        $res .= '</table>';
+        $res .= '</form>';
+        $res .= '</div>';
+        $res .= commonPage::bf();
+        $res .= commonPage::bMain();
+        return $res;
+    }
+
     public static function ipGlobal($error = "")
     {
         global $core;
-- 
2.39.5