From d110322762dd0c5a49951087dbb1ed63ab2ca5f5 Mon Sep 17 00:00:00 2001
From: Krombel <krombel@krombel.de>
Date: Fri, 25 Jan 2019 02:50:38 +0100
Subject: [PATCH 1/3] change selection to radio buttons

---
 public/verify_admin.php | 40 ++++++++++++++++++++++++++--------------
 1 file changed, 26 insertions(+), 14 deletions(-)

diff --git a/public/verify_admin.php b/public/verify_admin.php
index 5daa013..f21b382 100644
--- a/public/verify_admin.php
+++ b/public/verify_admin.php
@@ -33,23 +33,19 @@ try {
     if ($_SERVER["REQUEST_METHOD"] != "GET") {
         throw new Exception("Method not allowed");
     }
-    if (!isset($_GET["t"])) {
+    $token = filter_input(INPUT_GET, "t", FILTER_SANITIZE_STRING);
+    if (empty($token)) {
         throw new Exception("UNKNOWN_TOKEN");
     }
-    $token = filter_var($_GET["t"], FILTER_SANITIZE_STRING);
 
     require_once(__DIR__ . "/../database.php");
 
-    $action = NULL;
-    if (isset($_GET["allow"])) {
+    $param_action = filter_input(INPUT_GET, "d", FILTER_SANITIZE_STRING);
+    if ($param_action == "allow") {
         $action = RegisterState::RegistrationAccepted;
-    }
-    $decline_reason = NULL;
-    if (isset($_GET["deny"])) {
+    } elseif ($param_action == "deny") {
         $action = RegisterState::RegistrationDeclined;
-        if (isset($_GET["reason"])) {
-            $decline_reason = filter_var($_GET["reason"], FILTER_SANITIZE_STRING);
-        }
+        $decline_reason = filter_input(INPUT_GET, "reason", FILTER_SANITIZE_STRING);
     }
 
     $user = $mx_db->getUserForApproval($token);
@@ -139,7 +135,6 @@ try {
         print("<h1>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</h1>");
         print("<p>" . $language["ADMIN_REGISTER_DECLINED_BODY"] . "</p>");
     } else {
-
         print("<title>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</title>");
         ?>
         <link href="//netdna.bootstrapcdn.com/bootstrap/3.1.0/css/bootstrap.min.css" rel="stylesheet">
@@ -196,9 +191,16 @@ try {
                                     <input type="text" id="username" class="form-control input-sm"
                                            value="<?php echo $username; ?>" disabled=true>
                                 </div>
+                                <div class="form-group">
+                                    <input type="text" id="decline_reason" class="form-control input-sm"
+                                           placeholder="<?php echo $language["DECLINE_REASON"]; ?>">
+                                </div>
                                 <input type="hidden" name="t" id="token" value="<?php echo $token; ?>">
-                                <input type="submit" name="allow" value="<?php echo $language["ACCEPT"]; ?>" class="btn btn-info btn-block">
-                                <input type="submit" name="deny" value="<?php echo $language["DECLINE"]; ?>" class="btn btn-info btn-block">
+                                <div class="form-group">
+                                    <input type="radio" name="d" onchange="changeSelection(true)" value="allow"><?php echo $language["ACCEPT"]; ?>
+                                    <input type="radio" name="d" onchange="changeSelection(false)" value="deny"><?php echo $language["DECLINE"]; ?>
+                                </div>
+                                <input type="submit" value="SEND<?php echo $language["ACCEPT"]; ?>" class="btn btn-info btn-block">
                             </form>
                         </div>
                     </div>
@@ -206,7 +208,17 @@ try {
             </div>
         </div>
         <script type="text/javascript">
-
+            var rad = document.appForm.d;
+            for(var i = 0; i < rad.length; i++) {
+                rad[i].onclick = function() {
+                    if (this.value === "deny") {
+                        document.appForm.decline_reason.type = "text";
+                    } else {
+                        document.appForm.decline_reason.type = "hidden";
+                    }
+                });
+            }
+        </script>
             <?php
         } // else - no action provided
     } catch (Exception $e) {
-- 
2.39.5


From 95e18a106c809fff93c1c1a137054b2be23d1576 Mon Sep 17 00:00:00 2001
From: Krombel <krombel@krombel.de>
Date: Fri, 25 Jan 2019 03:14:21 +0100
Subject: [PATCH 2/3] add translations for placeholder and button title

---
 lang/lang.de-de.php | 2 ++
 lang/lang.en-gb.php | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/lang/lang.de-de.php b/lang/lang.de-de.php
index 1a3f8db..c755a58 100644
--- a/lang/lang.de-de.php
+++ b/lang/lang.de-de.php
@@ -17,6 +17,8 @@
 $language = array(
     "ACCEPT" => "Akzeptieren",
     "DECLINE" => "Ablehnen",
+    "DECLINE_REASON" => "Grund für die Ablehnung",
+    "SUBMIT" => "Abschicken",
     "SUCCESS" => "Erfolgreich",
     "FIRST_NAME" => "Vorname",
     "LAST_NAME" => "Nachname",
diff --git a/lang/lang.en-gb.php b/lang/lang.en-gb.php
index 3a4cb97..c20e695 100644
--- a/lang/lang.en-gb.php
+++ b/lang/lang.en-gb.php
@@ -17,6 +17,8 @@
 $language = array(
     "ACCEPT" => "Accept",
     "DECLINE" => "Decline",
+    "DECLINE_REASON" => "Reason for declining",
+    "SUBMIT" => "Submit",
     "SUCCESS" => "Success",
     "FIRST_NAME" => "First name",
     "LAST_NAME" => "Last name",
-- 
2.39.5


From 39412e6b404c1a1bd5b3f3ed9cb287861de7a80f Mon Sep 17 00:00:00 2001
From: Krombel <krombel@krombel.de>
Date: Fri, 25 Jan 2019 03:41:25 +0100
Subject: [PATCH 3/3] fixes and add check if selected

---
 lang/lang.de-de.php     |  1 +
 lang/lang.en-gb.php     |  1 +
 public/verify_admin.php | 27 ++++++++++++++++++++-------
 3 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/lang/lang.de-de.php b/lang/lang.de-de.php
index c755a58..c11fdb9 100644
--- a/lang/lang.de-de.php
+++ b/lang/lang.de-de.php
@@ -19,6 +19,7 @@ $language = array(
     "DECLINE" => "Ablehnen",
     "DECLINE_REASON" => "Grund für die Ablehnung",
     "SUBMIT" => "Abschicken",
+    "MAKE_A_SELECTION" => "Treffe eine Auswahl",
     "SUCCESS" => "Erfolgreich",
     "FIRST_NAME" => "Vorname",
     "LAST_NAME" => "Nachname",
diff --git a/lang/lang.en-gb.php b/lang/lang.en-gb.php
index c20e695..32c2559 100644
--- a/lang/lang.en-gb.php
+++ b/lang/lang.en-gb.php
@@ -19,6 +19,7 @@ $language = array(
     "DECLINE" => "Decline",
     "DECLINE_REASON" => "Reason for declining",
     "SUBMIT" => "Submit",
+    "MAKE_A_SELECTION" => "Make a selection",
     "SUCCESS" => "Success",
     "FIRST_NAME" => "First name",
     "LAST_NAME" => "Last name",
diff --git a/public/verify_admin.php b/public/verify_admin.php
index f21b382..0839168 100644
--- a/public/verify_admin.php
+++ b/public/verify_admin.php
@@ -45,7 +45,7 @@ try {
         $action = RegisterState::RegistrationAccepted;
     } elseif ($param_action == "deny") {
         $action = RegisterState::RegistrationDeclined;
-        $decline_reason = filter_input(INPUT_GET, "reason", FILTER_SANITIZE_STRING);
+        $decline_reason = filter_input(INPUT_GET, "decline_reason", FILTER_SANITIZE_STRING);
     }
 
     $user = $mx_db->getUserForApproval($token);
@@ -163,7 +163,7 @@ try {
                             <h3 class="panel-title"><?php echo $language["ADMIN_VERIFY_SITE_TITLE"]; ?></h3>
                         </div>
                         <div class="panel-body">
-                            <form name="appForm" role="form" action="verify_admin.php" method="GET">
+                            <form name="appForm" role="form" onsubmit="return submitForm()" action="verify_admin.php" method="GET">
                                 <?php
                                 if (isset($config["operationMode"]) && $config["operationMode"] === "local") {
                                     // this values will not be used when using the register operation type
@@ -192,15 +192,15 @@ try {
                                            value="<?php echo $username; ?>" disabled=true>
                                 </div>
                                 <div class="form-group">
-                                    <input type="text" id="decline_reason" class="form-control input-sm"
+                                    <input type="hidden" name="decline_reason" class="form-control input-sm"
                                            placeholder="<?php echo $language["DECLINE_REASON"]; ?>">
                                 </div>
                                 <input type="hidden" name="t" id="token" value="<?php echo $token; ?>">
                                 <div class="form-group">
-                                    <input type="radio" name="d" onchange="changeSelection(true)" value="allow"><?php echo $language["ACCEPT"]; ?>
-                                    <input type="radio" name="d" onchange="changeSelection(false)" value="deny"><?php echo $language["DECLINE"]; ?>
+                                    <input type="radio" name="d" value="allow"><?php echo $language["ACCEPT"]; ?>
+                                    <input type="radio" name="d" value="deny"><?php echo $language["DECLINE"]; ?>
                                 </div>
-                                <input type="submit" value="SEND<?php echo $language["ACCEPT"]; ?>" class="btn btn-info btn-block">
+                                <input type="submit" value="<?php echo $language["SUBMIT"]; ?>" class="btn btn-info btn-block">
                             </form>
                         </div>
                     </div>
@@ -209,6 +209,19 @@ try {
         </div>
         <script type="text/javascript">
             var rad = document.appForm.d;
+            function isSelected() {
+                for (var i=0; i<rad.length; i++)
+                    if (rad[i].checked)
+                        return true;
+                return false;
+            }
+            function submitForm() {
+                if (isSelected()) {
+                    return true;
+                }
+                alert("<?php echo $language["MAKE_A_SELECTION"];?>");
+                return false;
+            }
             for(var i = 0; i < rad.length; i++) {
                 rad[i].onclick = function() {
                     if (this.value === "deny") {
@@ -216,7 +229,7 @@ try {
                     } else {
                         document.appForm.decline_reason.type = "hidden";
                     }
-                });
+                };
             }
         </script>
             <?php
-- 
2.39.5