The SRA Website
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

85 lines
3.0 KiB

// Copyright (C) 2021 Aayla Semyonova
// This file is part of SRA Website.
// website is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// website is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with website. If not, see <>.
// Ensure that the provided emails match each other
$email = strip_tags($_POST['email']);
$email2 = strip_tags($_POST["email2"]);
if ($email !== $email2) {
header("Location: /donate/?error=email_mismatch");
die("Provided emails don't match");
// Ensure that the provided email is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: /donate/?error=email_invalid");
die("Provided email is invalid");
// Ensure the amount to donate is numeric
$amount = strip_tags($_POST['amount']);
if (!is_numeric($amount)) {
header("Location: /donate/?error=amount_not_numeric");
die("Provided amount is not numeric");
// Convert human readable integer into format Stripe wants
$amount = intval($amount * 100);
// Ensure the amount to donate is within Stripe's accepted range
if ($amount > 100000) {
header("Location: /donate/?error=maximum_amount");
die("Provided amount is too large");
if ($amount < 100) {
header("Location: /donate/?error=minimum_amount");
die("Provided amount is too small");
Generate a list of all possible donation recipients and test that the
provided value is inside of it. This is done to ensure that the provided
recipient is valid and not a malicious custom value. The $recipientsList
array starts with the "National SRA" value because it's a special case.
$recipient = strip_tags($_POST["recipient"]);
$recipientsList = array("National SRA");
// Load chapters.json from /chapters
$chapters = json_decode(
true // Make an associative array
// Create the list
foreach ($chapters as $state => $list) {
foreach ($list as $chapter) {
$chapterString = $state . ': ' . $chapter["name"];
array_push($recipientsList, $chapterString);
// Check that the intended recipient is in the list of allowed values
if (!in_array($recipient, $recipientsList)) {
header("Location: /donate?error=invalid_recipient");
die("Provided recipient is invalid");
// Load charge() function from charge.php
require "../res/php/payment/charge.php";
// Attempt charge
$response = charge($amount, $_POST['stripeToken'], 'Donation - ' . $recipient, $email);
// Redirect to donation page with response
header("Location: /donate?error=". $response); // Redirect browser for success