Browse Source

Reimplemented chapter donations to fix git history

pull/8/head
parent
commit
ea8667b798
No known key found for this signature in database GPG Key ID: 630A04EE35E56530
3 changed files with 225 additions and 107 deletions
  1. +67
    -24
      donate/capture.php
  2. +1
    -0
      donate/form.php
  3. +157
    -83
      donate/index.php

+ 67
- 24
donate/capture.php View File

@ -1,5 +1,5 @@
<?php
// Copyright (C) 2021 Socialist Rifle Association
// Copyright (C) 2021 Aayla Semyonova
//
// This file is part of SRA Website.
//
@ -15,28 +15,71 @@
//
// You should have received a copy of the GNU General Public License
// along with website. If not, see <http://www.gnu.org/licenses/>.
?>
<?php
die("Donations are currently shut down pending a full penetration test");
// Validate input
if (strip_tags($_POST['email'])!== strip_tags($_POST['email2'])) {
header("Location: https://socialistra.org/donate/?error=email"); /* Redirect browser */
exit();
}
require "../res/php/payment/charge.php";
$token = $_POST['stripeToken'];
// Convert human readable price to raw amount
$raw_amount = strip_tags($_POST['hidden_amount']);
$raw_amount = number_format($raw_amount, 2, '.', '');
$raw_amount = str_replace('.', '', $raw_amount);
// Attempt charge
$response = charge($raw_amount, $token, "SRA Donation");
// Handle response
if ($response == "error") {
header("Location: https://socialistra.org/donate/?error=failed"); // Redirect browser for failure
exit();
} else {
header("Location: https://socialistra.org/donate/confirmed.php"); // Redirect browser for success
exit();
// Ensure that the provided emails match each other
$email = strip_tags($_POST['email']);
$email2 = strip_tags($_POST["email2"]);
if ($email !== $email2) {
header("Location: /donate/?error=email_mismatch");
die("Provided emails don't match");
}
// Ensure that the provided email is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: /donate/?error=email_invalid");
die("Provided email is invalid");
}
// Ensure the amount to donate is numeric
$amount = strip_tags($_POST['amount']);
if (!is_numeric($amount)) {
header("Location: /donate/?error=amount_not_numeric");
die("Provided amount is not numeric");
}
// Convert human readable integer into format Stripe wants
$amount = intval($amount * 100);
// Ensure the amount to donate is within Stripe's accepted range
if ($amount > 100000) {
header("Location: /donate/?error=maximum_amount");
die("Provided amount is too large");
}
if ($amount < 100) {
header("Location: /donate/?error=minimum_amount");
die("Provided amount is too small");
}
/*
Generate a list of all possible donation recipients and test that the
provided value is inside of it. This is done to ensure that the provided
recipient is valid and not a malicious custom value. The $recipientsList
array starts with the "National SRA" value because it's a special case.
*/
$recipient = strip_tags($_POST["recipient"]);
$recipientsList = array("National SRA");
// Load chapters.json from /chapters
$chapters = json_decode(
file_get_contents("../chapters/chapters.json"),
true // Make an associative array
);
// Create the list
foreach ($chapters as $state => $list) {
foreach ($list as $chapter) {
$chapterString = $state . ': ' . $chapter["name"];
array_push($recipientsList, $chapterString);
}
}
// Check that the intended recipient is in the list of allowed values
if (!in_array($recipient, $recipientsList)) {
header("Location: /donate?error=invalid_recipient");
die("Provided recipient is invalid");
}
// Load charge() function from charge.php
require "../res/php/payment/charge.php";
// Attempt charge
$response = charge($amount, $_POST['stripeToken'], 'Donation - ' . $recipient, $email);
// Redirect to donation page with response
header("Location: /donate?error=". $response); // Redirect browser for success
exit();
?>

+ 1
- 0
donate/form.php View File

@ -16,6 +16,7 @@
// You should have received a copy of the GNU General Public License
// along with website. If not, see <http://www.gnu.org/licenses/>.
?>
<form action="./capture.php" method="post" id="payment-form">
<input type="hidden" name="hidden_amount" value="0">
<?php echo $error; ?>


+ 157
- 83
donate/index.php View File

@ -15,17 +15,10 @@
//
// You should have received a copy of the GNU General Public License
// along with website. If not, see <http://www.gnu.org/licenses/>.
?>
<?php
error_reporting(0);
$error = '';
if (isset($_GET['error']) && $_GET['error'] === 'failed') {
$error = '<b style="color:#ff0909">Payment Failed. Your card was likely declined.</b>';
}
if (isset($_GET['error']) && $_GET['error'] === 'email') {
$error = '<b style="color:#ff0909">Your typed email addresses did not match.</b>';
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
@ -226,64 +219,165 @@ if (isset($_GET['error']) && $_GET['error'] === 'email') {
}
}
</style>
<style>
/* Error Message Styling */
.error-body blockquote {
border-left: 8px solid red;
background-color: #feecf0;
}
.error-body h2 {
color: black;
}
/* Success Message Styling */
.success-body blockquote {
border-left: 8px solid #48c774;
background-color: #effaf3;
}
.success-body h2 {
color: black
}
</style>
<body>
<?php include("../res/php/top.php") ?>
<div id="section-title">Donate to the SRA</div>
<hr>
<?php
/*
Code for displaying errors if a donation fails and a user is redirected here.
*/
function displayError($title, $text) {
/*
Display error messages based on what is present in the GET parameter
*/
echo '
<div class="error-body">
<blockquote>
<h2>' . $title . '</h2><hr>
<p>' . $text . '</p>
<p>If you believe this to be a mistake, please contact
<a href="mailto:[email protected]">aayla@socialistra.org</a></p>
</blockquote>
</div>'; // Error message template
}
function displaySuccess() {
/*
Display a successful donation message similar to the error message
*/
echo '
<div class="success-body">
<blockquote>
<h2>Thank you!</h2><br>
<p>Your donation was completed successfully and you will be emailed a receipt.</p>
</blockquote>
</div>
';
}
// Get error message from GET parameter
if (isset($_GET["error"])) {
$error = strip_tags($_GET["error"]);
}
// Switch statement to display the correct error message
if (isset($error)) {
switch ($error) {
case "email_mismatch":
displayError("Emails Don't Match", "The provided email addresses do not match. Make sure you typed your address correctly.");
break;
case "email_invalid":
displayError("Invalid Email Address", "The email address you provided is not a properly formatted address.");
break;
case "amount_not_numeric":
displayError("Donation Amount isn't a number", "The donation amount you enter has to be a number.");
break;
case "maximum_amount":
displayError("Amount Too Large", "We appreciate your generosity, but only amounts up to $1,000.00 are accepted.");
break;
case "minimum_amount":
displayError("Amount Too Small", "Unfortunately we can only accept donations greater than or equal to than $1.");
break;
case "invalid_recipient":
displayError("Invalid Recipient", "An invalid recipient was provided. Make sure you select a recipient from the dropdown.");
break;
case "success":
displaySuccess();
break;
default:
displayError($error, "There is no error message written for this issue. If this arose natually, please contact Aayla.");
break;
}
}
?>
<br>
<h2>We Appreciate Your Interest.</h2>
<p>However, in light of a recent <a href="/news/story.php?id=6">security vulnerability</a>, donations are currently shut down pending a complete penetration test.</p>
<!--<div id="member-con">-->
<!-- <div id="contact-left">-->
<!-- <div style="text-align: center;"><img src="https://srastatic.nyc3.cdn.digitaloceanspaces.com/web/img/donate/give.png" alt="hand holding flower"></div>-->
<!-- <p style="text-align: center;">Donations will allow us to carry on the hard work we've been doing to make the-->
<!-- SRA the best firearms association in the country! Your donation will help us fund things like disaster-->
<!-- relief supplies, instructor sponsorships, and other SRA programs.</p>-->
<!-- <br>-->
<!-- <h2>Donation Amount</h2>-->
<!-- <br>-->
<!-- <div class="section group donate_buttons">-->
<!-- <div class="col span_1_of_3 donate_button">-->
<!-- <i class="fas fa-money-bill"></i><br>-->
<!-- <span>$1</span>-->
<!-- </div>-->
<!-- <div class="col span_1_of_3 donate_button">-->
<!-- <i class="fas fa-money-bill"></i><br>-->
<!-- <span>$5</span>-->
<!-- </div>-->
<!-- <div class="col span_1_of_3 donate_button">-->
<!-- <i class="fas fa-money-bill"></i><br>-->
<!-- <span>$10</span>-->
<!-- </div>-->
<!-- </div>-->
<!-- <div class="section group donate_buttons">-->
<!-- <div class="col span_1_of_3 donate_button">-->
<!-- <i class="fas fa-money-bill"></i><br>-->
<!-- <span>$20</span>-->
<!-- </div>-->
<!-- <div class="col span_1_of_3 donate_button">-->
<!-- <i class="fas fa-money-bill"></i><br>-->
<!-- <span>$50</span>-->
<!-- </div>-->
<!-- <div class="col span_1_of_3 donate_button">-->
<!-- <i class="fas fa-money-bill"></i><br>-->
<!-- <span>$100</span>-->
<!-- </div>-->
<!-- </div>-->
<!-- <div class="section group donate_buttons">-->
<!-- <div class="col span_1_of_3 donate_button">-->
<!-- <i class="fas fa-money-bill"></i><br>-->
<!-- <span class="custom_donation">$ <input type="number" name="custom_donation" class="custom_input" min="1"-->
<!-- value="0"></span>-->
<!-- </div>-->
<!-- </div>-->
<!-- </div>-->
<!-- <div id="contact-right">-->
<!-- <div id="pform">-->
<!-- -->
<!-- </div>-->
<!-- </div>-->
<!--</div>-->
<div id="member-con">
<div id="contact-left">
<div style="text-align: center;"><img src="https://srastatic.nyc3.cdn.digitaloceanspaces.com/web/img/donate/give.png" alt="hand holding flower"></div>
<p style="text-align: center;">Donations will allow us to carry on the hard work we've been doing to make the
SRA the best firearms association in the country! Your donation will help us fund things like disaster
relief supplies, instructor sponsorships, and other SRA programs.</p>
<br>
</div>
<div id="contact-right">
<div id="pform">
<form action="./capture.php" method="post" id="payment-form">
<div class="form-row">
<h4>Who would you like to donate to?</h4>
<div>
<select name="recipient" id="recipient" required>
<option value="National SRA">National SRA</option>
<?php
// Populate selection with list of chapters
$chapters = json_decode(
file_get_contents("../chapters/chapters.json"),
true
);
$chapterIndex = 1;
foreach ($chapters as $state => $list) {
foreach($list as $chapter) {
echo '<option value="'
. $state . ': ' . $chapter["name"] .
'"';
if (isset($_GET["chapter"]) && $chapterIndex == $_GET["chapter"]) {
echo ' selected';
}
echo '>';
echo $state . ': ' . $chapter["name"] . '</option>';
$chapterIndex += 1;
}
}
?>
</select>
</div>
<h4>Your receipt will be sent to this address</h4>
<div id="email">
<input type="email" name="email" placeholder="Email" required>
</div>
<div id="email2">
<input type="email" name="email2" placeholder="Email (again)" required>
</div>
<h4>How much would you like to donate? (In dollars)</h4>
<input type="number" name="amount" value="5">
<h4>Payment Info</h4>
<div id="card-element">
<!-- A Stripe Element will be inserted here. -->
</div>
<!-- Used to display form errors. -->
<div id="card-errors" role="alert"></div>
</div>
<br>
<input type="checkbox" name="policy" value="policy" style="width: 5% !important;margin: 0;" required="true"><label for="policy"> I have read and understand the <mark>&nbsp;<a href="https://socialistra.org/docs/privacy_policy.txt">Privacy Policy</a>&nbsp;</mark>.</label>
<br>
<h5>Disclaimer: The Socialist Rifle Association Inc. (SRA) is a not-for-profit corporation incorporated in Wichita, Kansas. It is exempt from income tax under section 501(c)(4) of the Internal Revenue Code as a social welfare organization. Contributions to 501(c)(4) entities, and thus the SRA, are not tax deductible by donors and are not to be considered charitable donations.</h5>
<h4 id="donation_amount" style="color:#000;">You are donating $0.</h4>
<input type="submit" name="" value="Submit Payment">
</form>
</div>
</div>
</div>
<?php include("../res/php/bottom.php") ?>
<script type="text/javascript">
// Create a Stripe client.
@ -362,25 +456,5 @@ if (isset($_GET['error']) && $_GET['error'] === 'email') {
form.submit();
}
</script>
<script type="text/javascript">
$(document).ready(function () {
$('.donate_button').click(function (event) {
var check = $(this).find('input').val();
if (typeof (check) != "undefined" && check !== null) {
$('input[name=custom_donation]').change(function () {
var donateval = $('input[name=custom_donation]').val();
$('#donation_amount').text('You are donating $' + donateval + '.');
$('input[name=hidden_amount]').val(donateval);
});
} else {
$('.clicked_button').attr('class', 'col span_1_of_3 donate_button');
$(this).attr('class', 'col span_1_of_3 clicked_button');
var donval = $(this).find('span').text();
$('#donation_amount').text('You are donating ' + donval + '.');
$('input[name=hidden_amount]').val(donval);
}
});
});
</script>
</body>
</html>

Loading…
Cancel
Save