Subversion Repositories PEEPS

#!/usr/bin/perl

# Redirect error messages to a log of my choosing. (it's annoying to filter for errors in the shared env)

#my $error_log_path = $ENV{SERVER_NAME} eq "volunteers.rollercon.com" ? "/home3/rollerco/logs/" : "/tmp/";

#close STDERR;

#open STDERR, '>>', $error_log_path.'vorc_error.log' or warn "Failed to open redirected logfile ($0): $!";

#warn "Redirecting errors to ${error_log_path}vorc_error.log";

use strict;

use PEEPS;

use CGI qw/param header start_html url redirect/;

use CGI::Cookie;

our $h = HTML::Tiny->new( mode => 'html' );

my $dbh = getRCDBH ();

$ENV{HTTPS} = 'ON' if $ENV{SERVER_NAME} =~ /^peeps/;

my $cookie_string = authenticate (1) || die;

my ($EML, $PWD, $LVL) = split /&/, $cookie_string;

my $user = $ORCUSER;

my $RENEWAL_WINDOW = 90;

#my $activated = $ORCUSER->{access};

use DateTime;

my $dt = DateTime->today()->strftime ('%Y-%m-%d');

## Which Policy ID is being requested?

##

my $policy_id = WebDB::trim scalar param ("policy") // "ERROR";

my $policy = getPolicyByID ($policy_id) // {};

if ($policy_id ne $policy->{id} or !$policy->{active}) {

  ERROR ("Policy ID [$policy_id] not found",

         "It's unclear what type of insurance you're attempting to purchase.",

         "Viewed Attestation page without valid policy_id.");

}

## We have a valid Policy ID, check purchase eligibility.

##

my ($eligible, $daysremaining, $active_policy, $league_id, $league_name);

if ($policy->{type} eq "league") {

  ## If it's a League Policy Type, then get the Leauge ID too.

  ##

  $league_id = $policy->{type} eq "league" ? WebDB::trim scalar param ("league") // undef : undef;

  $league_name = $league_id =~ /^\d+$/ ? getLeagueName ($league_id) : undef;

  if (!$league_name) {

    ## If there's no leauge_name, it's not a valid league...

    ERROR ("League ID [$league_id] not found",

           "It's unclear which league you are attempting to cover.",

           "Viewed Attestation page for league coverage without valid league_id.");

  }

  ## Only Leauge Admins should be purchasing league type polcies

  use tableViewer qw/ notInArray /;

  if (notInArray ($league_id, isLeagueAdmin ($user->{person_id}))) {

    ERROR ("Not a League Admin [$league_id]",

           "You must be a League Admin to purchase insurance for the league.",

           "Viewed Attestation page for league coverage but not a league admin.");

  }

  ## Check to see if this is a new purchase or within the renewal period.  If neither, eligible will be empty.

  $active_policy = isLeagueCovered ($league_id);

  if ($active_policy) {

    $daysremaining = remainingOrgPolicyDays ($league_id, $active_policy);

    if ($daysremaining <= $RENEWAL_WINDOW) {

      $eligible = "renew";

    }

  } else {

    $eligible = "new";

  }

} elsif ($policy->{type} eq "personal") {

  if ($policy->{id} eq "4") { # They're trying to buy RollerCon Coverage...

    $active_policy = isPersonCovered ($user->{id}, '2026-07-11');

    if (!$active_policy) {

      ($active_policy) = $dbh->selectrow_array ("select id from coverage where policy_id = ? and person_id = ?", undef, 4, $user->{id});

    }

    ERROR ("Already Covered",

           "You are already covered for RollerCon 2026 by Policy $active_policy. No need to purchase.",

           "Attempted to purchase RollerCon 2026 covereage but not needed") unless !$active_policy;

  } else {

    ## Check to see if this is a new purchase or within the renewal period.  If neither, eligible will be empty.

    $active_policy = isPersonCovered ($user->{id});

    if ($active_policy) {

      $daysremaining = remainingPolicyDays ($user->{id}, $active_policy);

      if ($daysremaining <= $RENEWAL_WINDOW) {

        $eligible = "renew";

      }

    } else {

      $eligible = "new";

    }

  }

} else {

  ## If we're here, it means the policy type wasn't recognized...

  ERROR ("Something weird happened...",

         "The type of policy you attempted to puchase doesn't seem to exist.",

         "Viewed Attestation page for invalid policy type.");

}

ERROR ("Not Eligible for Renewal",

       "You".($policy->{type} eq "league" ? "r league is" : " are")." currently covered by policy $active_policy, which has $daysremaining days remaining. You can only renew within the last $RENEWAL_WINDOW days of your current policy.",

       "Viewed Attestation page but wasn't eligible to renew.") unless $eligible;

## Check to see if there is an abandoned checkout that needs to be completed...

my ($abandoned_checkout) = $policy->{type} eq "league" ?

      $dbh->selectrow_array ("select url from square_order where organization_id = ? and policy_id = ? and status = ? order by created desc limit 1", undef, $league_id, $policy->{id}, "DRAFT") :

      $dbh->selectrow_array ("select url from square_order where person_id = ? and policy_id = ? and status = ? order by created desc limit 1", undef, $user->{id}, $policy->{id}, "DRAFT") ;

if ($abandoned_checkout) {

  my $cgi = CGI->new();

  logit ($user->{id}, "Returned to abandoned $policy->{type} policy checkout.");

  print $cgi->redirect ($abandoned_checkout);

  exit;

}

## Get the terms for attestion...

my @terms = map { @{$_} } @{ $dbh->selectall_arrayref ("select term from attestation where id = ? order by attestation.index", undef, $policy->{attestation_id}) };

my $terms;

foreach (1..scalar @terms) {

  $terms++ if param ("Term".$_);

}

my $esig = param ("esignature") // "";

if ($terms == scalar @terms and $esig =~ /^\w+$/) {

  # All of the checkboxes were accepted and an eSignature was entered.

  # Create the Square Checkout link and redirect the user there.

  logit ($user->{id}, "Submitted purchase attestation for $policy->{type} $policy->{name} with all terms accepted and esignature entered.");

  sendToSquare ($esig, $terms, $policy);

  exit;

}

print header (-cookie=>CGI::Cookie->new(-name=>'PEEPSAUTH',-value=>"$cookie_string"));

printRCHeader("Atttestation");

print $h->close ("table");

print $h->open ("form", { name => "Attestation", method => "post", action => url });

print $h->input ( { type => "hidden", name => "timezone", id => "TZFIELD", value => "" } );

print $h->input ( { type => "hidden", name => "policy", value => $policy_id } );

print $h->input ( { type => "hidden", name => "league", value => $league_id } ) unless !$league_id;

print $h->div ({ class=>"error" }, "&nbsp;", "ERROR: You must agree to each term to continue.") if $terms and $terms < scalar @terms;

print $h->h2 ("Policy Details");

print $h->div ({ style=>"max-width:850px;" }, $h->ul ([$h->li (map { "$_: $policy->{$_}" } keys %{$policy})]));

print map { $h->div ({ class => "lisp0" }, [

    $h->div ({ class=>"liRight", style=>"margin-right:.5em" }, ucfirst ($_).": "),

    $h->div ({ class=>"liLeft" }, $policy->{$_} )]) } qw/ name type fee /;

if ($policy->{type} eq "personal") {

  print $h->h2 ("Release and Waiver of Liability");

  print $h->div ({ style=>"max-width:850px;" }, "RELEASE AND WAIVER OF LIABILITY, ASSUMPTION OF RISK, AND INDEMNITY AGREEMENT (\"Agreement\") IN CONSIDERATION of being permitted to participate this date, in any way, at any time, in Women’s Flat Track Roller Derby (\"Activity\"), I, for myself, my personal representatives, assigns, heirs, and next of kin:");

  print $h->ol ({ style=>"max-width:850px;" }, [

    $h->li ("ACKNOWLEDGE, agree, and represent that I understand the nature of this Activity, and that I am qualified, in good health, and in proper physical condition to participate in such Activity. I further agree and warrant that if, at any time, I believe the conditions to be unsafe, I will immediately discontinue further participation in this Activity."),

    $h->li ("FULLY UNDERSTAND that: (a) THIS ACTIVITY INVOLVES RISKS AND DANGERS OF SERIOUS BODILY INJURY, INCLUDING PERMANENT DISABILITY, PARALYSIS, AND DEATH (\"Risks\"); (b) these Risks and dangers may be caused by my own actions or inactions, the actions or inactions of others participating in the Activity, the conditions in which the Activity takes place, or THE NEGLIGENCE OF THE \"RELEASEES\" NAMED BELOW; (c) there may be OTHER RISKS or SOCIAL AND ECONOMIC LOSSES either not known to me or not readily foreseeable at this time; and I FULLY ACCEPT AND ASSUME ALL SUCH RISKS AND ALL RESPONSIBILITY FOR LOSSES, COSTS, AND DAMAGES I incur as a result of my participation, in the Activity."),

    $h->li ("HEREBY RELEASE, DISCHARGE, AND COVENANT NOT TO SUE the sanctioning organization(s), their administrators, directors, agents, officers, members, volunteers, and employees, other participants, officials, rescue personnel, sponsors, advertisers, owners and lessees of Premises on which the Activity is conducted, (each of the forgoing shall be considered one of the RELEASEES herein) FROM ALL LIABILITY, CLAIMS, DEMANDS, LOSSES, OR DAMAGES ON MY ACCOUNT CAUSED, OR ALLEGED TO BE CAUSED, IN WHOLE OR IN PART BY THE NEGLIGENCE OF THE RELEASEES OR OTHERWISE, INCLUDING NEGLIGENT RESCUE OPERATIONS; AND I FURTHER AGREE that if, despite this RELEASE AND WAIVER OF LIABILITY, ASSUMPTION OF RISK, AND INDEMNITY AGREEMENT I, or anyone on my behalf, makes a claim against any of the RELEASEES, I WILL INDEMNIFY, SAVE, AND HOLD HARMLESS EACH OF THE RELEASEES from any litigation expenses, attorney fees, loss, liability, damage, or cost which may be incurred as the result of such claim."),

    ]);

  print $h->div ({ style=>"max-width:850px;" }, "I ACKNOWLEDGE THAT I AM OVER THE AGE OF 18 YEARS, HAVE READ THIS AGREEMENT AND FULLY UNDERSTAND ITS TERMS, UNDERSTAND THAT I HAVE GIVEN UP SUBSTANTIAL RIGHTS BY SIGNING IT, HAVE SIGNED IT FREELY AND WITHOUT ANY INDUCEMENT OR ASSURANCE OF ANY NATURE, AND I INTEND IT TO BE A COMPLETE AND UNCONDITIONAL RELEASE OF ALL LIABILITY TO THE GREATEST EXTENT ALLOWED BY LAW AND AGREE THAT IF ANY PORTION OF THIS AGREEMENT IS HELD TO BE INVALID, THE BALANCE, NOTWITHSTANDING, SHALL CONTINUE IN FULL FORCE AND EFFECT.");

  print $h->br;

}

my $t = 1;

my @terms = map { $h->div ({ class => "lisp0", style=>"margin-bottom:1em" }, [

    $h->div ({ class=>"liLeft" }, $_),

    $h->div ({ class=>"liRight", onClick=>"document.forms['Attestation'].elements['Term$t'].click();" }, ["I Agree. ", $h->input ({ type => "checkbox", class => "attest", name => "Term".$t++, onClick=>"event.stopPropagation();" })])]) } @terms;

print $h->div ({ style=>"max-width:850px;" }, [

  $h->h3 ($policy->{name}),

  @terms,

#  $h->div ({ class => "lisp0"}, [

#    $h->div ({ class=>"liLeft" }, "I have read and agree with the WFTDA Release and Waiver of Liability, Assumption of Risk, and Indemnity Agreement *Click here to download the Release and Waiver of Liability form."),

#    $h->div ({ class=>"liRight" }, ["I Agree. ", $h->input ({ type => "checkbox", class => "attest", name => "Term1" })])]),

#  $h->h3 ("Accidental Medical"),

#  $h->div ({ class => "lisp0", style=>"margin-bottom:1em"}, [

#    $h->div ({ class=>"liLeft" }, "I am 18 or older."),

#    $h->div ({ class=>"liRight" }, ["I Agree. ", $h->input ({ type => "checkbox", class => "attest", name => "Term2" })])]),

#  $h->div ({ class => "lisp0", style=>"margin-bottom:1em"}, [

#    $h->div ({ class=>"liLeft" }, "I am obtaining coverage for myself (I may not acquire coverage on behalf of someone else)."),

#    $h->div ({ class=>"liRight" }, ["I Agree. ", $h->input ({ type => "checkbox", class => "attest", name => "Term3" })])]),

#  $h->div ({ class => "lisp0", style=>"margin-bottom:1em"}, [

#    $h->div ({ class=>"liLeft" }, "My league has WFTDA Insurance. I understand I must obtain the same coverage as my league. If I am not affiliated with a league, I understand coverage is only valid when I skate with a WFTDA insured league."),

#    $h->div ({ class=>"liRight" }, ["I Agree. ", $h->input ({ type => "checkbox", class => "attest", name => "Term4" })])]),

#  $h->div ({ class => "lisp0", style=>"margin-bottom:1em"}, [

#    $h->div ({ class=>"liLeft" }, "I understand in order for insurance coverage to be in effect, I must adhere to the applicable Risk Management Guidelines and/or rules for the activity in which I am participating. Failure to do so will result in denial of claims and may result in revocation of coverage."),

#    $h->div ({ class=>"liRight" }, ["I Agree. ", $h->input ({ type => "checkbox", class => "attest", name => "Term5" })])]),

#  $h->div ({ class => "lisp0", style=>"margin-bottom:1em"}, [

#    $h->div ({ class=>"liLeft" }, "I understand if I am injured, I am responsible to submit an injury report, and must do so within 14 days of the date of my injury. I can request injury reports from insurance\@wftda.com. My league may assist me with this, but ultimately, it is my responsibility. Failure to submit an injury report within the allowable grace period will result in the denial of my claim."),

#    $h->div ({ class=>"liRight" }, ["I Agree. ", $h->input ({ type => "checkbox", class => "attest", name => "Term6" })])]),

#  $h->div ({ class => "lisp0", style=>"margin-bottom:1em"}, [

#    $h->div ({ class=>"liLeft" }, "I understand coverage is non-refundable and non-transferable. Coverage only transfers to other WFTDA Insured leagues."),

#    $h->div ({ class=>"liRight" }, ["I Agree. ", $h->input ({ type => "checkbox", class => "attest", name => "Term7" })])]),

#  $h->div ({ class => "lisp0", style=>"margin-bottom:1em"}, [

#    $h->div ({ class=>"liLeft" }, "I understand reckless or negligent behavior that is outside of the confines of game-related contact, including fighting, punching, kicking, or intentional injury, that puts you or any participant at risk is not tolerated, and is grounds for immediate termination of coverage."),

#    $h->div ({ class=>"liRight" }, ["I Agree. ", $h->input ({ type => "checkbox", class => "attest", name => "Term8" })])]),

  $h->div ({ class => "lisp0", style=>"margin-bottom:1em"}, [

    $h->div ({ class=>"liLeft" }, "Electronic Signature:&nbsp;&nbsp;".$h->input ({ type => "text", name => "esignature", id => "esig", value => "<enter civil name>", onFocus => "this.value = '';"})),

    $h->div ({ class=>"liRight" }, $h->input ({ type => "submit", id=>"submitButton", disabled=>[], onClick => "if (esignature.value == '' || esignature.value == '<enter civil name>') { alert('Please type your civil name in the Electronic Signature box'); document.getElementById('esig').focus(); return false; }" }))]),

]);

print<<javascript;

<script>

  document.addEventListener('DOMContentLoaded', function() {

    const checkboxes = document.querySelectorAll('.attest');

    const submitButton = document.getElementById('submitButton');

    function checkAllCheckboxes() {

        let allChecked = true;

        checkboxes.forEach(checkbox => {

            if (!checkbox.checked) {

                allChecked = false;

            }

        });

        submitButton.disabled = !allChecked;

    }

    checkboxes.forEach(checkbox => {

        checkbox.addEventListener('change', checkAllCheckboxes);

    });

    // Initial check when the page loads

    checkAllCheckboxes();

  });

  const hiddenField = document.getElementById('TZFIELD');

  hiddenField.value = Intl.DateTimeFormat().resolvedOptions().timeZone;

</script>

javascript

print $h->close ("form"), $h->close ("body"), $h->close ("html");

sub sendToSquare {

  my $esig = shift || return "ERROR: No Signature";

  my $terms = shift // return "ERROR: No Term Count";

  my $policy = shift // return "ERROR: No Policy ID";

  my $user_tz = param ("timezone") // 'America/Chicago';

  use REST::Client;

  use JSON;

  use Data::Dumper;

  use UUID::Tiny qw(create_UUID_as_string UUID_V4);

  my $uuid_v4_string = create_UUID_as_string(UUID_V4);

#  my $policy = getPolicyByID (1);

  my $client = REST::Client->new();

  $client->setHost (getSetting ("SQUARE_API_HOST"));

  my $headers = {

    "Authorization" => 'Bearer '.getSetting ("SQUARE_AUTH_TOKEN"),

    "Square-Version" => "2025-10-16",

    "Content-Type" => "application/json",

    };

  my $body = {

    "idempotency_key" => "$uuid_v4_string",

    "checkout_options" => {

      "redirect_url"  => url ( -base => 1 )."/confirmation",

      "enable_coupon" => JSON::false

    },

#    "quick_pay" => {

#      "name" => $policy->{name},

#      "price_money" => {

#        "amount" => $policy->{fee} * 100,

#        "currency" => "USD"

#      },

#      "location_id" => getSetting ("SQUARE_LOCATION_ID")

#    },

    "order" => {

    	"customer_id" => "$user->{id}",

      "location_id" => getSetting ("SQUARE_LOCATION_ID"),

      "discounts"   => isWFTDAMember ($user->{id}) ? [{

        "name"  => "WFTDA Member Discount",

        "scope" => "ORDER",

#        "type" => "FIXED_AMOUNT",

        "amount_money" => {

#          "amount"   => getSetting ("WFTDA_MEMBER_DISCOUNT") * 100,

          "amount"   => $policy->{member_discount} * 100,

          "currency" => "USD"

        }

      }] : [],

      "line_items" => [{

        "name" => $policy->{name},

        "quantity" => "1",

        "base_price_money" => {

          "amount" => $policy->{fee} * 100,

          "currency" => "USD"

        },

      }]

    },

    "payment_note" => $user_tz

  };

  my $json_body = encode_json $body;

  $client->POST(

    '/v2/online-checkout/payment-links',

    $json_body,

    $headers

  );

  my $response = from_json($client->responseContent());

  warn '/v2/online-checkout/payment-links/'.$response->{payment_link}->{id};

  $body->{payment_link}->{checkout_options}->{redirect_url} = url ( -base => 1 )."/confirmation?order_id=".$response->{payment_link}->{order_id};

  $body->{payment_link}->{version} = $response->{payment_link}->{version};

  $json_body = encode_json $body;

  $client->PUT(

    '/v2/online-checkout/payment-links/'.$response->{payment_link}->{id},

    $json_body,

    $headers

  );

  my $response2 = from_json($client->responseContent());

  warn Dumper($response2);

#  warn $response->{payment_link}->{url};

  $response->{payment_link}->{created_at} =~ s/T/ /;

  $response->{payment_link}->{created_at} =~ s/Z$//;

  $dbh->do ("insert into square_order

             (square_id, order_id, person_id, organization_id, policy_id, url, idempotency_key, created, user_ip, amount, status, attestation)

             values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", undef,

             $response->{payment_link}->{id},

             $response->{payment_link}->{order_id},

             $user->{id},

             $league_id,

             $policy->{id},

             $response->{payment_link}->{url},

             $uuid_v4_string,

             $response->{payment_link}->{created_at},

             $ENV{REMOTE_ADDR},

             $policy->{fee},

             $response->{related_resources}->{orders}->[0]->{state},

             $terms." + ".$esig

           ) unless !$response->{payment_link}->{id};

  my $cgi = CGI->new();

  logit ($user->{id}, "Redirected to Square for payment");

  print $cgi->redirect ($response->{payment_link}->{url});

  exit;

}

sub ERROR {

  my $header = shift // "Unknown Error";

  my $text   = shift // "Something unexpectedly bad happened.";

  my $logmsg = shift // "Unknown Error happened while viewing the Attestation page";

  print header (-cookie=>CGI::Cookie->new(-name=>'PEEPSAUTH',-value=>"$cookie_string"));

  printRCHeader("Atttestation");

  print $h->close ("table");

  print $h->h2 ($header);

  print $h->div ({ style=>"max-width:450px;" }, $text, " ");

  print $h->button ({onclick => "window.location.href='/';"}, "Home");

  print $h->close ("BODY", "HTML");

  logit ($user->{id}, $logmsg);

  exit;

}