X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fpayment.php;h=11926f9c840730bbc0368c77ca10411ab2195f7d;hb=734e15dc6a0039706148c833168713dec4789260;hp=5ecc7f4fb68c035d46490356f8961545f33d22fb;hpb=1d55fe45fa148bbe6209f82f97d19dcd26455eeb;p=platal.git diff --git a/modules/payment.php b/modules/payment.php index 5ecc7f4..11926f9 100644 --- a/modules/payment.php +++ b/modules/payment.php @@ -1,6 +1,6 @@ $this->make_hook('payment', AUTH_MDP), 'payment/cyber_return' => $this->make_hook('cyber_return', AUTH_PUBLIC), 'payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC), - '%grp/paiement' => $this->make_hook('xnet_payment', AUTH_MDP, 'groupmember'), - '%grp/payment' => $this->make_hook('xnet_payment', AUTH_MDP, 'groupmember'), + '%grp/paiement' => $this->make_hook('xnet_payment', AUTH_MDP), + '%grp/payment' => $this->make_hook('xnet_payment', AUTH_MDP), '%grp/payment/cyber_return' => $this->make_hook('cyber_return', AUTH_PUBLIC), '%grp/payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC), 'admin/payments' => $this->make_hook('admin', AUTH_MDP, 'admin'), - + ); } @@ -200,7 +210,7 @@ class PaymentModule extends PLModule WHERE rcb.id='$champ906'"); if (list($rcb_text, $c_id, $c_text) = $res->fetchOneRow()) { cb_erreur("erreur lors du paiement : $c_text ($c_id)"); - } else{ + } else{ cb_erreur("erreur inconnue lors du paiement"); } } @@ -218,6 +228,7 @@ class PaymentModule extends PLModule $conf_text = str_replace("",$femme ? "Chère" : "Cher",$conf_text); $conf_text = str_replace("",$femme ? "Chère" : "Cher",$conf_text); + global $globals; $mymail = new PlMailer(); $mymail->setFrom($conf_mail); $mymail->addTo("\"$prenom $nom\" <$forlife@" . $globals->mail->domain . '>'); @@ -307,6 +318,7 @@ class PaymentModule extends PLModule $conf_text = str_replace("",$femme ? "Chère" : "Cher",$conf_text); $conf_text = str_replace("",$femme ? "Chère" : "Cher",$conf_text); + global $globals; $mymail = new PlMailer(); $mymail->setFrom($conf_mail); $mymail->addTo("\"$prenom $nom\" <$forlife@" . $globals->mail->domain . '>'); @@ -337,12 +349,27 @@ class PaymentModule extends PLModule function handler_xnet_payment(&$page, $pid = null) { global $globals; - + + $perms = S::v('perms'); + if (!$perms->hasFlag('groupmember')) { + if (is_null($pid)) { + return PL_FORBIDDEN; + } + $res = XDB::query("SELECT 1 + FROM groupex.evenements AS e + INNER JOIN groupex.evenements_participants AS ep ON (ep.eid = e.eid AND uid = {?}) + WHERE e.paiement_id = {?} AND e.asso_id = {?}", + S::i('uid'), $pid, $globals->asso('id')); + if ($res->numRows() == 0) { + return PL_FORBIDDEN; + } + } + if (!is_null($pid)) { return $this->handler_payment($page, $pid); } $page->changeTpl('payment/xnet.tpl'); - + $res = XDB::query( "SELECT id, text, url FROM {$globals->money->mpay_tprefix}paiements @@ -433,10 +460,11 @@ class PaymentModule extends PLModule $event[$pid]['paid'] += trim($p); } } + $page->register_modifier('decode_comment', 'decode_comment'); $page->assign('trans', $trans); $page->assign('event', $event); } - + function handler_admin(&$page, $action = 'list', $id = null) { $page->assign('xorg_title','Polytechnique.org - Administration - Paiements'); $page->assign('title', 'Gestion des télépaiements'); @@ -453,7 +481,7 @@ class PaymentModule extends PLModule $table_editor->describe('mail','email contact',true); $table_editor->describe('confirmation','message confirmation',false); $table_editor->apply($page, $action, $id); - } + } } // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: