X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fpayment.php;h=66c56b239a51eaaf877f61b635688b9da4745e93;hb=d4cb8f1fea2a6f2cc2bc0411f94c12195d2c99b2;hp=03d9119dd8d6606cfd4c9ef4ad23da340f97568b;hpb=19ec6c8a9e24975bf168a07512c58ce300307dec;p=platal.git diff --git a/modules/payment.php b/modules/payment.php index 03d9119..66c56b2 100644 --- a/modules/payment.php +++ b/modules/payment.php @@ -105,11 +105,11 @@ class PaymentModule extends PLModule function handlers() { return array( - 'payment' => $this->make_hook('payment', AUTH_COOKIE, 'user'), + 'payment' => $this->make_hook('payment', AUTH_PUBLIC, 'user'), 'payment/cyber2_return' => $this->make_hook('cyber2_return', AUTH_PUBLIC, 'user', NO_HTTPS), 'payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS), - '%grp/paiement' => $this->make_hook('xnet_payment', AUTH_PASSWD, 'user'), - '%grp/payment' => $this->make_hook('xnet_payment', AUTH_PASSWD, 'user'), + '%grp/paiement' => $this->make_hook('xnet_payment', AUTH_PUBLIC, 'user'), + '%grp/payment' => $this->make_hook('xnet_payment', AUTH_PUBLIC, 'user'), '%grp/payment/csv' => $this->make_hook('payment_csv', AUTH_PASSWD, 'groupadmin'), '%grp/payment/cyber2_return' => $this->make_hook('cyber2_return', AUTH_PUBLIC, 'user', NO_HTTPS), '%grp/payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS), @@ -125,15 +125,20 @@ class PaymentModule extends PLModule function handler_payment($page, $ref = -1) { - $this->load('money.inc.php'); - $page->changeTpl('payment/payment.tpl'); $page->setTitle('Télépaiement'); + $this->load('money.inc.php'); $meth = new PayMethod(Env::i('methode', -1)); $pay = new Payment($ref); - if($pay->flags->hasflag('old')){ + if (!$pay->flags->hasflag('public') && (!S::user() || !S::logged())) { + $page->kill("Vous n'avez pas les permissions nécessaires pour accéder à cette page."); + } else { + $page->assign('public', true); + } + + if ($pay->flags->hasflag('old')) { $page->kill('La transaction selectionnée est périmée.'); } @@ -144,9 +149,23 @@ class PaymentModule extends PLModule } if (Post::has('op') && Post::v('op', 'select') == 'submit') { - $pay->init($val, $meth); - $pay->prepareform($pay); - } else { + if (S::logged()) { + $user = S::user(); + } else { + $user = User::getSilent(Post::t('login')); + } + + if (is_null($user)) { + $page->trigError("L'identifiant est erroné."); + $page->assign('login_error', true); + $page->assign('login', Post::t('login')); + } else { + $pay->init($val, $meth); + $pay->prepareform($user); + $page->assign('full_name', $user->fullName(true)); + $page->assign('sex', $user->isFemale()); + } + } elseif (S::logged()) { $res = XDB::iterator('SELECT ts_confirmed, amount FROM payment_transactions WHERE uid = {?} AND ref = {?} @@ -196,7 +215,6 @@ class PaymentModule extends PLModule $page->assign('meth', $meth); $page->assign('pay', $pay); $page->assign('evtlink', $pay->event()); - $page->assign('sex', S::user()->isFemale()); } function handler_cyber2_return($page, $uid = null) @@ -398,7 +416,7 @@ class PaymentModule extends PLModule global $globals; $perms = S::v('perms'); - if (!$perms->hasFlag('groupmember')) { + if (!(S::identified() && $perms->hasFlag('groupmember'))) { if (is_null($pid)) { return PL_FORBIDDEN; } @@ -407,7 +425,12 @@ class PaymentModule extends PLModule INNER JOIN group_event_participants AS ep ON (ep.eid = e.eid AND ep.uid = {?}) WHERE e.paiement_id = {?} AND e.asso_id = {?}", S::i('uid'), $pid, $globals->asso('id')); - if ($res->numRows() == 0) { + $public = XDB::query("SELECT 1 + FROM payments AS p + INNER JOIN group_events AS g ON (g.paiement_id = p.id) + WHERE g.asso_id = {?} AND p.id = {?} AND FIND_IN_SET('public', p.flags)", + $globals->asso('id'), $pid); + if ($res->numRows() == 0 && $public->numRows() == 0) { return PL_FORBIDDEN; } }