Update resend confirmation flow with improved messaging

Improve the resend confirmation flow by: - Consolidating multiple status messages into a single generic response - Adding HTML support for the result message - Moving the instruction text after the message display - Simplifying the PHP logic by removing redundant checks - Making the messaging more privacy-conscious by not revealing email existence - Adding a link to sign again in the result message The changes follow the project's minimal PHP philosophy while improving user experience and security.
2026-02-02 00:26:42 +01:00 · 2026-02-02 00:26:42 +01:00 · 201f5ebb6a
commit 201f5ebb6a
parent c8efa479bc
3 changed files with 25 additions and 33 deletions
--- a/content/underskriftskampanje/medisinsk-cannabis-pa-resept/send-bekreftelse-pa-nytt/01-content.php
+++ b/content/underskriftskampanje/medisinsk-cannabis-pa-resept/send-bekreftelse-pa-nytt/01-content.php
@ -1,12 +1,15 @@
 <h1>Send bekreftelse på nytt</h1>

-<p>Skriv inn e-postadressen du brukte da du signerte, så sender vi en ny bekreftelseslenke.</p>
-
 <?php if (!empty($petition_resend_message)): ?>
 <div class="form-message form-message--<?= htmlspecialchars($petition_resend_message['type']) ?>" role="alert">
+    <?php if (!empty($petition_resend_message['html'])): ?>
+    <p><?= $petition_resend_message['text'] ?></p>
+    <?php else: ?>
    <p><?= htmlspecialchars($petition_resend_message['text']) ?></p>
+    <?php endif; ?>
 </div>
-<?php endif; ?>
+<?php else: ?>
+<p>Skriv inn e-postadressen du brukte da du signerte, så sender vi en ny bekreftelseslenke.</p>

 <form method="post" action="" class="resend-form">
    <div class="form-group">
@ -17,5 +20,6 @@
        <button type="submit" name="petition_resend" class="button">Send på nytt</button>
    </div>
 </form>
+<?php endif; ?>

 <p><a href="../">Tilbake til underskriftskampanjen</a></p>
--- a/custom/languages/no.ini
+++ b/custom/languages/no.ini
@ -81,11 +81,8 @@ newsletter_subscribe = "Jeg ønsker å motta nyhetsbrev fra Stopp Lidelsen (omtr
 email_rights_info = "Du har rett til innsyn, retting og sletting av dine opplysninger. Kontakt oss på kontakt@stopplidelsen.no eller klag til Datatilsynet (datatilsynet.no)."
 resend_title = "Fikk du ikke e-posten?"
 resend_description = "Skriv inn e-postadressen du brukte da du signerte, så sender vi en ny bekreftelseslenke."
-resend_email_placeholder = "din@epost.no"
 resend_submit = "Send på nytt"
-resend_success = "Hvis e-postadressen finnes i vårt system, har vi sendt en ny bekreftelseslenke."
-resend_not_found = "Vi fant ingen ubekreftet signatur med denne e-postadressen. Kanskje du skrev feil da du signerte? Du kan gjerne prøve å signere på nytt."
-resend_already_confirmed = "Denne signaturen er allerede bekreftet."
+resend_result = "Hvis e-postadressen har en ubekreftet signatur, har vi sendt en ny bekreftelseslenke. Sjekk innboksen og søppelpost-mappen. Hvis du fortsatt ikke mottar noen e-post, kan det hende du skrev feil da du signerte. I så fall kan du <a href=\"{petition_url}\">signere på nytt</a>."
 resend_rate_limit = "Vennligst vent litt før du ber om en ny e-post."

 [regions]
--- a/custom/plugins/page/petition-form.php
+++ b/custom/plugins/page/petition-form.php
@ -1295,60 +1295,51 @@ function petitionGetPageData(?Context $ctx): ?array {
        }
    }

-    // Handle resend confirmation request (POST from thank-you page)
+    // Handle resend confirmation request (POST from resend page)
    if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['petition_resend'])) {
        $resendEmail = strtolower(trim($_POST['resend_email'] ?? ''));

+        // Build petition URL for the result message
+        $langPrefix = $ctx->get('langPrefix', '');
+        $currentPath = trim($ctx->requestPath, '/');
+        $petitionPath = preg_replace('#/(takk|send-bekreftelse-pa-nytt)$#', '', $currentPath);
+        $petitionUrl = "{$langPrefix}/{$petitionPath}/#sign-now";
+
        // Rate limit check (reuse existing IP rate limiting)
        if (!petitionCheckIPRateLimit($petitionId . '-resend', 3, 300)) {
            $confirmMessage = ['type' => 'error', 'text' => petitionT($ctx, 'petition', 'resend_rate_limit')];
        } elseif (empty($resendEmail) || !filter_var($resendEmail, FILTER_VALIDATE_EMAIL)) {
            $confirmMessage = ['type' => 'error', 'text' => petitionT($ctx, 'petition', 'email_required')];
        } else {
-            // Look up signature by email
+            // Look up signature by email and attempt to resend if pending
            $signature = petitionGetPendingSignatureByEmail($csvPath, $resendEmail);

-            if ($signature === null) {
-                // Email not found at all
-                $confirmMessage = ['type' => 'error', 'text' => petitionT($ctx, 'petition', 'resend_not_found')];
-            } elseif ($signature['status'] === 'confirmed') {
-                // Already confirmed
-                $confirmMessage = ['type' => 'info', 'text' => petitionT($ctx, 'petition', 'resend_already_confirmed')];
-            } else {
-                // Generate new token and update signature
+            if ($signature !== null && $signature['status'] === 'pending') {
+                // Generate new token and send email
                $newToken = bin2hex(random_bytes(32));
                if (petitionUpdateSignatureToken($csvPath, $resendEmail, $newToken)) {
-                    // Build confirmation URL
-                    $langPrefix = $ctx->get('langPrefix', '');
-                    $currentPath = trim($ctx->requestPath, '/');
-                    // Remove subpage suffixes to get petition base path
-                    $currentPath = preg_replace('#/(takk|send-bekreftelse-pa-nytt)$#', '', $currentPath);
                    $protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
                    $host = $_SERVER['HTTP_HOST'];
-                    $confirmUrl = "{$protocol}://{$host}{$langPrefix}/{$currentPath}/?confirm={$newToken}#sign-now";
+                    $confirmUrl = "{$protocol}://{$host}{$langPrefix}/{$petitionPath}/?confirm={$newToken}#sign-now";

-                    // Send confirmation email
                    $signatureData = [
                        'email' => $signature['email'],
                        'firstname' => $signature['firstname'],
                        'surname' => $signature['surname']
                    ];

-                    if (petitionSendConfirmationEmail($signatureData, $confirmUrl, $petitionTitle, $petitionId, $ctx)) {
-                        $confirmMessage = ['type' => 'success', 'text' => petitionT($ctx, 'petition', 'resend_success')];
-                    } else {
-                        $confirmMessage = ['type' => 'error', 'text' => petitionT($ctx, 'petition', 'error_email_send')];
-                    }
-                } else {
-                    $confirmMessage = ['type' => 'error', 'text' => petitionT($ctx, 'petition', 'resend_not_found')];
+                    // Send email (ignore result - show same message regardless)
+                    petitionSendConfirmationEmail($signatureData, $confirmUrl, $petitionTitle, $petitionId, $ctx);
                }
            }
+
+            // Always show the same generic message (privacy: don't reveal if email exists)
+            $resultText = petitionT($ctx, 'petition', 'resend_result', ['petition_url' => $petitionUrl]);
+            $confirmMessage = ['type' => 'info', 'text' => $resultText, 'html' => true];
        }

        // Store message in session and redirect back (PRG pattern)
        $_SESSION['petition_resend_message'] = $confirmMessage;
-        $langPrefix = $ctx->get('langPrefix', '');
-        $currentPath = trim($ctx->requestPath, '/');
        header("Location: {$langPrefix}/{$currentPath}/");
        exit;
    }