2024-02-04 20:40:40 +01:00
|
|
|
<?php
|
|
|
|
declare(strict_types = 1);
|
|
|
|
namespace Kimendisch\Sbgg_Jetzt;
|
2024-02-18 21:07:52 +01:00
|
|
|
use Flake\Excuse;
|
2024-02-17 22:15:43 +01:00
|
|
|
use Flake\Id64;
|
2024-02-04 20:40:40 +01:00
|
|
|
|
2024-02-18 21:07:52 +01:00
|
|
|
// CHECK CSRF PROTECTION //
|
|
|
|
$x_cookieless_csrf_protection = getallheaders()["x-cookieless-csrf-protection"] ?? null;
|
2024-07-24 16:57:27 +02:00
|
|
|
if(\Flake\Env::IS_PRODUCTION and $x_cookieless_csrf_protection !== "42"){
|
2024-02-18 21:07:52 +01:00
|
|
|
// show an excuse page
|
|
|
|
Excuse::show("invalid_csrf_token");
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2024-02-04 20:40:40 +01:00
|
|
|
// DECODE REQUEST //
|
|
|
|
// get json string
|
|
|
|
$json_body = file_get_contents("php://input");
|
|
|
|
if(strlen($json_body) <= 0){
|
|
|
|
http_response_code(400);
|
|
|
|
echo("malformed request body");
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
|
|
|
|
// try decoding json
|
|
|
|
$request = json_decode($json_body, true);
|
|
|
|
if(json_last_error() != JSON_ERROR_NONE){
|
|
|
|
http_response_code(400);
|
|
|
|
echo("malformed request body");
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// VALIDATE VALUES //
|
|
|
|
// mail address
|
|
|
|
$mail_address = $request["mail_address"] ?? "";
|
|
|
|
if(!is_string($mail_address)){
|
|
|
|
http_response_code(400);
|
|
|
|
echo("invalid mail address");
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
if(!preg_match("/^[a-zA-Z0-9\.\-\_\+]+@([a-z0-9\-]+\.)+[a-z0-9\-]{2,}$/", $mail_address)){
|
|
|
|
http_response_code(400);
|
|
|
|
echo("invalid mail address");
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
|
2024-02-17 22:15:43 +01:00
|
|
|
// verify key
|
|
|
|
$verify_key = $request["verify_key"] ?? null;
|
|
|
|
if(!Id64::is_valid($verify_key)){
|
2024-02-04 20:40:40 +01:00
|
|
|
http_response_code(400);
|
2024-02-17 22:15:43 +01:00
|
|
|
echo("invalid verify key");
|
2024-02-04 20:40:40 +01:00
|
|
|
die();
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2024-02-17 22:15:43 +01:00
|
|
|
// TRY SUBSCRIBING //
|
2024-02-19 22:01:41 +01:00
|
|
|
// make sure session isn't locked
|
|
|
|
if(extension_loaded("session")) session_write_close();
|
|
|
|
|
2024-02-20 18:22:13 +01:00
|
|
|
// acquire runlock
|
|
|
|
ignore_user_abort(true);
|
|
|
|
|
2024-02-19 22:01:41 +01:00
|
|
|
// subscribe
|
2024-02-20 18:22:13 +01:00
|
|
|
if(Newsletter::subscribe(mail_address: $mail_address, verify_key: $verify_key)){
|
|
|
|
http_response_code(200);
|
|
|
|
echo(json_encode([
|
|
|
|
"success" => true
|
|
|
|
]));
|
|
|
|
|
|
|
|
} else {
|
2024-02-17 22:15:43 +01:00
|
|
|
http_response_code(200);
|
|
|
|
echo(json_encode([
|
|
|
|
"success" => false
|
|
|
|
]));
|
|
|
|
}
|
2024-02-04 20:40:40 +01:00
|
|
|
|
|
|
|
|
2024-02-20 18:22:13 +01:00
|
|
|
// EXECUTE WORK //
|
|
|
|
// close connection
|
|
|
|
Newsletter::api_helper_http_close_connection();
|
|
|
|
|
|
|
|
// execute queued work
|
|
|
|
Newsletter::queue_work();
|
2024-02-04 20:40:40 +01:00
|
|
|
?>
|