diff --git a/donate/capture.php b/donate/capture.php index af7580f..7ca5fcb 100755 --- a/donate/capture.php +++ b/donate/capture.php @@ -1,5 +1,5 @@ . -?> - 100000) { + header("Location: /donate/?error=maximum_amount"); + die("Provided amount is too large"); +} +if ($amount < 100) { + header("Location: /donate/?error=minimum_amount"); + die("Provided amount is too small"); +} + +/* +Generate a list of all possible donation recipients and test that the +provided value is inside of it. This is done to ensure that the provided +recipient is valid and not a malicious custom value. The $recipientsList +array starts with the "National SRA" value because it's a special case. +*/ +$recipient = strip_tags($_POST["recipient"]); +$recipientsList = array("National SRA"); +// Load chapters.json from /chapters +$chapters = json_decode( + file_get_contents("../chapters/chapters.json"), + true // Make an associative array +); +// Create the list +foreach ($chapters as $state => $list) { + foreach ($list as $chapter) { + $chapterString = $state . ': ' . $chapter["name"]; + array_push($recipientsList, $chapterString); } +} +// Check that the intended recipient is in the list of allowed values +if (!in_array($recipient, $recipientsList)) { + header("Location: /donate?error=invalid_recipient"); + die("Provided recipient is invalid"); +} + +// Load charge() function from charge.php +require "../res/php/payment/charge.php"; + +// Attempt charge +$response = charge($amount, $_POST['stripeToken'], 'Donation - ' . $recipient, $email); +// Redirect to donation page with response +header("Location: /donate?error=". $response); // Redirect browser for success +exit(); +?> \ No newline at end of file diff --git a/donate/form.php b/donate/form.php index e197e65..77956f2 100755 --- a/donate/form.php +++ b/donate/form.php @@ -16,6 +16,7 @@ // You should have received a copy of the GNU General Public License // along with website. If not, see . ?> +
diff --git a/donate/index.php b/donate/index.php index 34ed196..5dbf187 100755 --- a/donate/index.php +++ b/donate/index.php @@ -15,17 +15,10 @@ // // You should have received a copy of the GNU General Public License // along with website. If not, see . + + ?> -Payment Failed. Your card was likely declined.'; -} -if (isset($_GET['error']) && $_GET['error'] === 'email') { - $error = 'Your typed email addresses did not match.'; -} -?> + @@ -226,64 +219,165 @@ if (isset($_GET['error']) && $_GET['error'] === 'email') { } } +
Donate to the SRA

+ + +
+

' . $title . '


+

' . $text . '

+

If you believe this to be a mistake, please contact + aayla@socialistra.org

+
+ '; // Error message template +} +function displaySuccess() { + /* + Display a successful donation message similar to the error message + */ + echo ' +
+
+

Thank you!


+

Your donation was completed successfully and you will be emailed a receipt.

+
+
+ '; +} + +// Get error message from GET parameter +if (isset($_GET["error"])) { + $error = strip_tags($_GET["error"]); +} +// Switch statement to display the correct error message +if (isset($error)) { + switch ($error) { + case "email_mismatch": + displayError("Emails Don't Match", "The provided email addresses do not match. Make sure you typed your address correctly."); + break; + case "email_invalid": + displayError("Invalid Email Address", "The email address you provided is not a properly formatted address."); + break; + case "amount_not_numeric": + displayError("Donation Amount isn't a number", "The donation amount you enter has to be a number."); + break; + case "maximum_amount": + displayError("Amount Too Large", "We appreciate your generosity, but only amounts up to $1,000.00 are accepted."); + break; + case "minimum_amount": + displayError("Amount Too Small", "Unfortunately we can only accept donations greater than or equal to than $1."); + break; + case "invalid_recipient": + displayError("Invalid Recipient", "An invalid recipient was provided. Make sure you select a recipient from the dropdown."); + break; + case "success": + displaySuccess(); + break; + default: + displayError($error, "There is no error message written for this issue. If this arose natually, please contact Aayla."); + break; + } +} +?> +
-

We Appreciate Your Interest.

-

However, in light of a recent security vulnerability, donations are currently shut down pending a complete penetration test.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
+
+
hand holding flower
+

Donations will allow us to carry on the hard work we've been doing to make the + SRA the best firearms association in the country! Your donation will help us fund things like disaster + relief supplies, instructor sponsorships, and other SRA programs.

+
+
+
+
+ +
+

Who would you like to donate to?

+
+ +
+

Your receipt will be sent to this address

+
+ +
+
+ +
+

How much would you like to donate? (In dollars)

+ +

Payment Info

+
+ +
+ + + +
+
+ +
+ +
Disclaimer: The Socialist Rifle Association Inc. (SRA) is a not-for-profit corporation incorporated in Wichita, Kansas. It is exempt from income tax under section 501(c)(4) of the Internal Revenue Code as a social welfare organization. Contributions to 501(c)(4) entities, and thus the SRA, are not tax deductible by donors and are not to be considered charitable donations.
+

You are donating $0.

+ + +
+
+
- \ No newline at end of file