Refactor limits, add backdoor

root · root · commit 69c41ce7e63a · 2022-08-28T16:44:47.000+02:00
diff --git a/config.php.example b/config.php.example
@@ -4,3 +4,7 @@ $mollie_apikey_live = "live_...";
 $mollie_apikey_test = "test_...";
 
 $mollie_test = true;  # set to false to use the live environment
+
+$limit_min = 13.37;
+$limit_max = 150;
+$limit_backdoor = "boardgavepermission";
diff --git a/index.php b/index.php
@@ -4,6 +4,7 @@
 <meta name=robots content=noindex,nofollow>
 <title>RevBank Deposit</title>
 <meta name="viewport" content="width=device-width, initial-scale=1">
+<?php include("config.php"); ?>
 <style>
 body, a {
     background: black;
@@ -53,8 +54,8 @@
 </style>
 <script>
 function ch(e) {
-    document.getElementById("exceeded").style.visibility = e.value && e.value > 150 ? "visible" : "hidden";
-    document.getElementById("insufficient").style.visibility = e.value && e.value < 13.37 ? "visible" : "hidden";
+    document.getElementById("exceeded").style.visibility = e.value && e.value > <?php print($limit_max); ?> ? "visible" : "hidden";
+    document.getElementById("insufficient").style.visibility = e.value && e.value < <?php print($limit_min); ?> ? "visible" : "hidden";
     return true;
 }
 function x() {
@@ -106,9 +107,9 @@ function x() {
 <h1>Deposit</h1>
 Here, you can buy an Aztec barcode that you can scan to add money to your RevBank account.
 <form method=post action=mollie.php>
-Amount: <input id=custom type=text size=6 maxlength=6 style="width:6ch" name=amount pattern="(?:[0-9]+(?:[,.][0-9]{2})?)?" title="42 or 42.00 or 42,00" onkeyup="return ch(this)" value="<?php echo($prefill); ?>"> <input type=submit value=ok><br>
-<div id=insufficient>Note: the minimum amount is 13.37 because of transaction fees that we can't (legally) pass on to you.</div>
-<div id=exceeded>Note: the maximum amount is 150.</div>
+Amount: <input id=custom type=text size=6 maxlength=21 style="width:6ch" name=amount pattern="(?:[0-9]+(?:[,.][0-9]{2})?)?(?:!\w+)?" title="42 or 42.00 or 42,00" onkeyup="return ch(this)" value="<?php echo($prefill); ?>"> <input type=submit value=ok><br>
+<div id=insufficient>Note: the minimum amount is <?php print($limit_min); ?> because of transaction fees that we can't (legally) pass on to you.</div>
+<div id=exceeded>Note: the maximum amount is <?php print($limit_max); ?>.</div>
 <p>
 <br><br>
 Or pick a preset:<br>
diff --git a/mollie.php b/mollie.php
@@ -79,12 +79,19 @@
 	// client is user
 
         $amount = $_POST["amount"];
+        $ignore_limits = preg_match("/!$limit_backdoor$/", $amount);
+        if ($ignore_limits) {
+            $amount = preg_replace("/!$limit_backdoor$/", "", $amount);
+        }
+
         if (! preg_match("/^[0-9]+(?:[,.][0-9]{2})?\\z/", $amount)) die("Invalid amount");
         $amount = preg_replace("/,/", ".", $amount);
         if (! preg_match("/\\./", $amount)) $amount .= ".00";
-    
-        if ($amount < 13.37) die("Minimum 13.37");
-        if ($amount > 150) die("Maximum 150.00");
+  
+        if (!$ignore_limits) {
+            if ($amount < $limit_min) die("Minimum $limit_min");
+            if ($amount > $limit_max) die("Maximum $limit_max");
+        }
     
         $payment = $mollie->payments->create([
             "amount" => [ "value" => $amount, "currency" => "EUR" ],
