'payment' => $this->make_hook('payment', AUTH_PUBLIC, 'user'),
'payment/cyber2_return' => $this->make_hook('cyber2_return', AUTH_PUBLIC, 'user', NO_HTTPS),
'payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS),
- '%grp/paiement' => $this->make_hook('xnet_payment', AUTH_PASSWD, 'user'),
- '%grp/payment' => $this->make_hook('xnet_payment', AUTH_PASSWD, 'user'),
+ '%grp/paiement' => $this->make_hook('xnet_payment', AUTH_PUBLIC, 'user'),
+ '%grp/payment' => $this->make_hook('xnet_payment', AUTH_PUBLIC, 'user'),
'%grp/payment/csv' => $this->make_hook('payment_csv', AUTH_PASSWD, 'groupadmin'),
'%grp/payment/cyber2_return' => $this->make_hook('cyber2_return', AUTH_PUBLIC, 'user', NO_HTTPS),
'%grp/payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS),
} else {
$pay->init($val, $meth);
$pay->prepareform($user);
+ $page->assign('full_name', $user->fullName(true));
$page->assign('sex', $user->isFemale());
}
} elseif (S::logged()) {
list($eid, $asso_id) = $res->fetchOneRow();
require_once dirname(__FILE__) . '/xnetevents/xnetevents.inc.php';
$evt = get_event_detail($eid, false, $asso_id);
- subscribe_lists_event($user->id(), $evt['short_name'], 1, $amount, true);
+ subscribe_lists_event($user->id(), $evt['short_name'], 1, $montant, true);
}
/* on genere le mail de confirmation */
$no_transaction, $user->id(), $ref, $fullref, $montant, $clef, Env::v('comment'), Get::i('display'));
// We check if it is an Xnet payment and then update the related ML.
- $res = XDB::query('SELECT eid
+ $res = XDB::query('SELECT eid, asso_id
FROM group_events
WHERE paiement_id = {?}', $ref);
- if ($eid = $res->fetchOneCell()) {
+ if ($res->numRows() == 1) {
+ list($eid, $asso_id) = $res->fetchOneRow();
require_once dirname(__FILE__) . '/xnetevents/xnetevents.inc.php';
- $evt = get_event_detail($eid);
+ $evt = get_event_detail($eid, false, $asso_id);
subscribe_lists_event($user->id(), $evt['short_name'], 1, $montant, true);
}
global $globals;
$perms = S::v('perms');
- if (!$perms->hasFlag('groupmember')) {
+ if (!(S::identified() && $perms->hasFlag('groupmember'))) {
if (is_null($pid)) {
return PL_FORBIDDEN;
}
INNER JOIN group_event_participants AS ep ON (ep.eid = e.eid AND ep.uid = {?})
WHERE e.paiement_id = {?} AND e.asso_id = {?}",
S::i('uid'), $pid, $globals->asso('id'));
- if ($res->numRows() == 0) {
+ $public = XDB::query("SELECT 1
+ FROM payments AS p
+ INNER JOIN group_events AS g ON (g.paiement_id = p.id)
+ WHERE g.asso_id = {?} AND p.id = {?} AND FIND_IN_SET('public', p.flags)",
+ $globals->asso('id'), $pid);
+ if ($res->numRows() == 0 && $public->numRows() == 0) {
return PL_FORBIDDEN;
}
}
$trans = array();
$event = array();
if (may_update()) {
- static $orders = array('timestamp' => 'p', 'directory_name' => 'a', 'promo' => 'pd', 'comment' => 'p', 'amount' => 'p');
+ static $orders = array('ts_confirmed' => 'p', 'directory_name' => 'a', 'promo' => 'pd', 'comment' => 'p', 'amount' => 'p');
if (Get::has('order_id') && Get::has('order') && array_key_exists(Get::v('order'), $orders)) {
$order_id = Get::i('order_id');
projects / platal.git / blobdiff