function handlers()
{
return array(
- 'payment' => $this->make_hook('payment', AUTH_COOKIE, 'user'),
+ 'payment' => $this->make_hook('payment', AUTH_PUBLIC, 'user'),
'payment/cyber2_return' => $this->make_hook('cyber2_return', AUTH_PUBLIC, 'user', NO_HTTPS),
'payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS),
- '%grp/paiement' => $this->make_hook('xnet_payment', AUTH_PASSWD, 'user'),
- '%grp/payment' => $this->make_hook('xnet_payment', AUTH_PASSWD, 'user'),
+ '%grp/paiement' => $this->make_hook('xnet_payment', AUTH_PUBLIC, 'user'),
+ '%grp/payment' => $this->make_hook('xnet_payment', AUTH_PUBLIC, 'user'),
'%grp/payment/csv' => $this->make_hook('payment_csv', AUTH_PASSWD, 'groupadmin'),
'%grp/payment/cyber2_return' => $this->make_hook('cyber2_return', AUTH_PUBLIC, 'user', NO_HTTPS),
'%grp/payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS),
function handler_payment($page, $ref = -1)
{
- $this->load('money.inc.php');
-
$page->changeTpl('payment/payment.tpl');
$page->setTitle('Télépaiement');
+ $this->load('money.inc.php');
$meth = new PayMethod(Env::i('methode', -1));
$pay = new Payment($ref);
- if($pay->flags->hasflag('old')){
+ if (!$pay->flags->hasflag('public') && (!S::user() || !S::logged())) {
+ $page->kill("Vous n'avez pas les permissions nécessaires pour accéder à cette page.");
+ } else {
+ $page->assign('public', true);
+ }
+
+ if ($pay->flags->hasflag('old')) {
$page->kill('La transaction selectionnée est périmée.');
}
}
if (Post::has('op') && Post::v('op', 'select') == 'submit') {
- $pay->init($val, $meth);
- $pay->prepareform($pay);
- } else {
+ if (S::logged()) {
+ $user = S::user();
+ } else {
+ $user = User::getSilent(Post::t('login'));
+ }
+
+ if (is_null($user)) {
+ $page->trigError("L'identifiant est erroné.");
+ $page->assign('login_error', true);
+ $page->assign('login', Post::t('login'));
+ } else {
+ $pay->init($val, $meth);
+ $pay->prepareform($user);
+ $page->assign('full_name', $user->fullName(true));
+ $page->assign('sex', $user->isFemale());
+ }
+ } elseif (S::logged()) {
$res = XDB::iterator('SELECT ts_confirmed, amount
FROM payment_transactions
WHERE uid = {?} AND ref = {?}
$page->assign('meth', $meth);
$page->assign('pay', $pay);
$page->assign('evtlink', $pay->event());
- $page->assign('sex', S::user()->isFemale());
}
function handler_cyber2_return($page, $uid = null)
global $globals;
$perms = S::v('perms');
- if (!$perms->hasFlag('groupmember')) {
+ if (!(S::identified() && $perms->hasFlag('groupmember'))) {
if (is_null($pid)) {
return PL_FORBIDDEN;
}
INNER JOIN group_event_participants AS ep ON (ep.eid = e.eid AND ep.uid = {?})
WHERE e.paiement_id = {?} AND e.asso_id = {?}",
S::i('uid'), $pid, $globals->asso('id'));
- if ($res->numRows() == 0) {
+ $public = XDB::query("SELECT 1
+ FROM payments AS p
+ INNER JOIN group_events AS g ON (g.paiement_id = p.id)
+ WHERE g.asso_id = {?} AND p.id = {?} AND FIND_IN_SET('public', p.flags)",
+ $globals->asso('id'), $pid);
+ if ($res->numRows() == 0 && $public->numRows() == 0) {
return PL_FORBIDDEN;
}
}
projects / platal.git / blobdiff