function handlers()
{
return array(
- 'payment' => $this->make_hook('payment', AUTH_COOKIE, 'user'),
+ 'payment' => $this->make_hook('payment', AUTH_PUBLIC, 'user'),
'payment/cyber2_return' => $this->make_hook('cyber2_return', AUTH_PUBLIC, 'user', NO_HTTPS),
'payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS),
- '%grp/paiement' => $this->make_hook('xnet_payment', AUTH_PASSWD, 'user'),
- '%grp/payment' => $this->make_hook('xnet_payment', AUTH_PASSWD, 'user'),
+ '%grp/paiement' => $this->make_hook('xnet_payment', AUTH_PUBLIC, 'user'),
+ '%grp/payment' => $this->make_hook('xnet_payment', AUTH_PUBLIC, 'user'),
'%grp/payment/csv' => $this->make_hook('payment_csv', AUTH_PASSWD, 'groupadmin'),
'%grp/payment/cyber2_return' => $this->make_hook('cyber2_return', AUTH_PUBLIC, 'user', NO_HTTPS),
'%grp/payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS),
function handler_payment($page, $ref = -1)
{
- $this->load('money.inc.php');
-
$page->changeTpl('payment/payment.tpl');
$page->setTitle('Télépaiement');
+ $this->load('money.inc.php');
$meth = new PayMethod(Env::i('methode', -1));
$pay = new Payment($ref);
- if($pay->flags->hasflag('old')){
+ if (!$pay->flags->hasflag('public') && (!S::user() || !S::logged())) {
+ $page->kill("Vous n'avez pas les permissions nécessaires pour accéder à cette page.");
+ } else {
+ $page->assign('public', true);
+ }
+
+ if ($pay->flags->hasflag('old')) {
$page->kill('La transaction selectionnée est périmée.');
}
}
if (Post::has('op') && Post::v('op', 'select') == 'submit') {
- $pay->init($val, $meth);
- $pay->prepareform($pay);
- } else {
+ if (S::logged()) {
+ $user = S::user();
+ } else {
+ $user = User::getSilent(Post::t('login'));
+ }
+
+ if (is_null($user)) {
+ $page->trigError("L'identifiant est erroné.");
+ $page->assign('login_error', true);
+ $page->assign('login', Post::t('login'));
+ } else {
+ $pay->init($val, $meth);
+ $pay->prepareform($user);
+ $page->assign('full_name', $user->fullName(true));
+ $page->assign('sex', $user->isFemale());
+ }
+ } elseif (S::logged()) {
$res = XDB::iterator('SELECT ts_confirmed, amount
FROM payment_transactions
WHERE uid = {?} AND ref = {?}
$page->assign('meth', $meth);
$page->assign('pay', $pay);
$page->assign('evtlink', $pay->event());
- $page->assign('sex', S::user()->isFemale());
}
function handler_cyber2_return($page, $uid = null)
list($eid, $asso_id) = $res->fetchOneRow();
require_once dirname(__FILE__) . '/xnetevents/xnetevents.inc.php';
$evt = get_event_detail($eid, false, $asso_id);
- subscribe_lists_event($user->id(), $evt['short_name'], 1, $amount, true);
+ subscribe_lists_event($user->id(), $evt['short_name'], 1, $montant, true);
}
/* on genere le mail de confirmation */
$no_transaction, $user->id(), $ref, $fullref, $montant, $clef, Env::v('comment'), Get::i('display'));
// We check if it is an Xnet payment and then update the related ML.
- $res = XDB::query('SELECT eid
+ $res = XDB::query('SELECT eid, asso_id
FROM group_events
WHERE paiement_id = {?}', $ref);
- if ($eid = $res->fetchOneCell()) {
+ if ($res->numRows() == 1) {
+ list($eid, $asso_id) = $res->fetchOneRow();
require_once dirname(__FILE__) . '/xnetevents/xnetevents.inc.php';
- $evt = get_event_detail($eid);
+ $evt = get_event_detail($eid, false, $asso_id);
subscribe_lists_event($user->id(), $evt['short_name'], 1, $montant, true);
}
global $globals;
$perms = S::v('perms');
- if (!$perms->hasFlag('groupmember')) {
+ if (!(S::identified() && $perms->hasFlag('groupmember'))) {
if (is_null($pid)) {
return PL_FORBIDDEN;
}
INNER JOIN group_event_participants AS ep ON (ep.eid = e.eid AND ep.uid = {?})
WHERE e.paiement_id = {?} AND e.asso_id = {?}",
S::i('uid'), $pid, $globals->asso('id'));
- if ($res->numRows() == 0) {
+ $public = XDB::query("SELECT 1
+ FROM payments AS p
+ INNER JOIN group_events AS g ON (g.paiement_id = p.id)
+ WHERE g.asso_id = {?} AND p.id = {?} AND FIND_IN_SET('public', p.flags)",
+ $globals->asso('id'), $pid);
+ if ($res->numRows() == 0 && $public->numRows() == 0) {
return PL_FORBIDDEN;
}
}
$trans = array();
$event = array();
if (may_update()) {
- static $orders = array('timestamp' => 'p', 'directory_name' => 'a', 'promo' => 'pd', 'comment' => 'p', 'amount' => 'p');
+ static $orders = array('ts_confirmed' => 'p', 'directory_name' => 'a', 'promo' => 'pd', 'comment' => 'p', 'amount' => 'p');
if (Get::has('order_id') && Get::has('order') && array_key_exists(Get::v('order'), $orders)) {
$order_id = Get::i('order_id');
projects / platal.git / blobdiff