stopplidelsen/innhold
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update resend confirmation flow with improved messaging

Browse source 
Improve the resend confirmation flow by:
- Consolidating multiple status messages into a single generic response
- Adding HTML support for the result message
- Moving the instruction text after the message display
- Simplifying the PHP logic by removing redundant checks
- Making the messaging more privacy-conscious by not revealing email
  existence
- Adding a link to sign again in the result message

The changes follow the project's minimal PHP philosophy while improving
user experience and security.
This commit is contained in:
Ruben 2026-02-02 00:26:42 +01:00
parent c8efa479bc
commit 201f5ebb6a
3 changed files with 25 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

10
content/underskriftskampanje/medisinsk-cannabis-pa-resept/send-bekreftelse-pa-nytt/01-content.php
View file

@ -1,12 +1,15 @@
<h1>Send bekreftelse nytt</h1> <h1>Send bekreftelse nytt</h1>
<p>Skriv inn e-postadressen du brukte da du signerte, sender vi en ny bekreftelseslenke.</p>
<?php if (!empty($petition_resend_message)): ?> <?php if (!empty($petition_resend_message)): ?>
<div class="form-message form-message--<?= htmlspecialchars($petition_resend_message['type']) ?>" role="alert"> <div class="form-message form-message--<?= htmlspecialchars($petition_resend_message['type']) ?>" role="alert">
<?php if (!empty($petition_resend_message['html'])): ?>
<p><?= $petition_resend_message['text'] ?></p>
<?php else: ?>
<p><?= htmlspecialchars($petition_resend_message['text']) ?></p> <p><?= htmlspecialchars($petition_resend_message['text']) ?></p>
<?php endif; ?>
</div> </div>
<?php endif; ?> <?php else: ?>
<p>Skriv inn e-postadressen du brukte da du signerte, sender vi en ny bekreftelseslenke.</p>
<form method="post" action="" class="resend-form"> <form method="post" action="" class="resend-form">
<div class="form-group"> <div class="form-group">
@ -17,5 +20,6 @@
<button type="submit" name="petition_resend" class="button">Send nytt</button> <button type="submit" name="petition_resend" class="button">Send nytt</button>
</div> </div>
</form> </form>
<?php endif; ?>
<p><a href="../">Tilbake til underskriftskampanjen</a></p> <p><a href="../">Tilbake til underskriftskampanjen</a></p>

5
custom/languages/no.ini
View file

@ -81,11 +81,8 @@ newsletter_subscribe = "Jeg ønsker å motta nyhetsbrev fra Stopp Lidelsen (omtr
email_rights_info = "Du har rett til innsyn, retting og sletting av dine opplysninger. Kontakt oss på kontakt@stopplidelsen.no eller klag til Datatilsynet (datatilsynet.no)." email_rights_info = "Du har rett til innsyn, retting og sletting av dine opplysninger. Kontakt oss på kontakt@stopplidelsen.no eller klag til Datatilsynet (datatilsynet.no)."
resend_title = "Fikk du ikke e-posten?" resend_title = "Fikk du ikke e-posten?"
resend_description = "Skriv inn e-postadressen du brukte da du signerte, så sender vi en ny bekreftelseslenke." resend_description = "Skriv inn e-postadressen du brukte da du signerte, så sender vi en ny bekreftelseslenke."
resend_email_placeholder = "din@epost.no"
resend_submit = "Send på nytt" resend_submit = "Send på nytt"
resend_success = "Hvis e-postadressen finnes i vårt system, har vi sendt en ny bekreftelseslenke." resend_result = "Hvis e-postadressen har en ubekreftet signatur, har vi sendt en ny bekreftelseslenke. Sjekk innboksen og søppelpost-mappen. Hvis du fortsatt ikke mottar noen e-post, kan det hende du skrev feil da du signerte. I så fall kan du <a href=\"{petition_url}\">signere på nytt</a>."
resend_not_found = "Vi fant ingen ubekreftet signatur med denne e-postadressen. Kanskje du skrev feil da du signerte? Du kan gjerne prøve å signere på nytt."
resend_already_confirmed = "Denne signaturen er allerede bekreftet."
resend_rate_limit = "Vennligst vent litt før du ber om en ny e-post." resend_rate_limit = "Vennligst vent litt før du ber om en ny e-post."
[regions] [regions]

43
custom/plugins/page/petition-form.php
View file

@ -1295,60 +1295,51 @@ function petitionGetPageData(?Context $ctx): ?array {
} }
} }
// Handle resend confirmation request (POST from thank-you page) // Handle resend confirmation request (POST from resend page)
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['petition_resend'])) { if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['petition_resend'])) {
$resendEmail = strtolower(trim($_POST['resend_email'] ?? '')); $resendEmail = strtolower(trim($_POST['resend_email'] ?? ''));
// Build petition URL for the result message
$langPrefix = $ctx->get('langPrefix', '');
$currentPath = trim($ctx->requestPath, '/');
$petitionPath = preg_replace('#/(takk|send-bekreftelse-pa-nytt)$#', '', $currentPath);
$petitionUrl = "{$langPrefix}/{$petitionPath}/#sign-now";
// Rate limit check (reuse existing IP rate limiting) // Rate limit check (reuse existing IP rate limiting)
if (!petitionCheckIPRateLimit($petitionId . '-resend', 3, 300)) { if (!petitionCheckIPRateLimit($petitionId . '-resend', 3, 300)) {
$confirmMessage = ['type' => 'error', 'text' => petitionT($ctx, 'petition', 'resend_rate_limit')]; $confirmMessage = ['type' => 'error', 'text' => petitionT($ctx, 'petition', 'resend_rate_limit')];
} elseif (empty($resendEmail) || !filter_var($resendEmail, FILTER_VALIDATE_EMAIL)) { } elseif (empty($resendEmail) || !filter_var($resendEmail, FILTER_VALIDATE_EMAIL)) {
$confirmMessage = ['type' => 'error', 'text' => petitionT($ctx, 'petition', 'email_required')]; $confirmMessage = ['type' => 'error', 'text' => petitionT($ctx, 'petition', 'email_required')];
} else { } else {
// Look up signature by email // Look up signature by email and attempt to resend if pending
$signature = petitionGetPendingSignatureByEmail($csvPath, $resendEmail); $signature = petitionGetPendingSignatureByEmail($csvPath, $resendEmail);
if ($signature === null) { if ($signature !== null && $signature['status'] === 'pending') {
// Email not found at all // Generate new token and send email
$confirmMessage = ['type' => 'error', 'text' => petitionT($ctx, 'petition', 'resend_not_found')];
} elseif ($signature['status'] === 'confirmed') {
// Already confirmed
$confirmMessage = ['type' => 'info', 'text' => petitionT($ctx, 'petition', 'resend_already_confirmed')];
} else {
// Generate new token and update signature
$newToken = bin2hex(random_bytes(32)); $newToken = bin2hex(random_bytes(32));
if (petitionUpdateSignatureToken($csvPath, $resendEmail, $newToken)) { if (petitionUpdateSignatureToken($csvPath, $resendEmail, $newToken)) {
// Build confirmation URL
$langPrefix = $ctx->get('langPrefix', '');
$currentPath = trim($ctx->requestPath, '/');
// Remove subpage suffixes to get petition base path
$currentPath = preg_replace('#/(takk|send-bekreftelse-pa-nytt)$#', '', $currentPath);
$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http'; $protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
$host = $_SERVER['HTTP_HOST']; $host = $_SERVER['HTTP_HOST'];
$confirmUrl = "{$protocol}://{$host}{$langPrefix}/{$currentPath}/?confirm={$newToken}#sign-now"; $confirmUrl = "{$protocol}://{$host}{$langPrefix}/{$petitionPath}/?confirm={$newToken}#sign-now";
// Send confirmation email
$signatureData = [ $signatureData = [
'email' => $signature['email'], 'email' => $signature['email'],
'firstname' => $signature['firstname'], 'firstname' => $signature['firstname'],
'surname' => $signature['surname'] 'surname' => $signature['surname']
]; ];
if (petitionSendConfirmationEmail($signatureData, $confirmUrl, $petitionTitle, $petitionId, $ctx)) { // Send email (ignore result - show same message regardless)
$confirmMessage = ['type' => 'success', 'text' => petitionT($ctx, 'petition', 'resend_success')]; petitionSendConfirmationEmail($signatureData, $confirmUrl, $petitionTitle, $petitionId, $ctx);
} else {
$confirmMessage = ['type' => 'error', 'text' => petitionT($ctx, 'petition', 'error_email_send')];
}
} else {
$confirmMessage = ['type' => 'error', 'text' => petitionT($ctx, 'petition', 'resend_not_found')];
} }
} }
// Always show the same generic message (privacy: don't reveal if email exists)
$resultText = petitionT($ctx, 'petition', 'resend_result', ['petition_url' => $petitionUrl]);
$confirmMessage = ['type' => 'info', 'text' => $resultText, 'html' => true];
} }
// Store message in session and redirect back (PRG pattern) // Store message in session and redirect back (PRG pattern)
$_SESSION['petition_resend_message'] = $confirmMessage; $_SESSION['petition_resend_message'] = $confirmMessage;
$langPrefix = $ctx->get('langPrefix', '');
$currentPath = trim($ctx->requestPath, '/');
header("Location: {$langPrefix}/{$currentPath}/"); header("Location: {$langPrefix}/{$currentPath}/");
exit; exit;
} }