X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fpayment.php;h=4a28ef3038ad792c3864923f8ed94fc4daf92019;hb=ba1cbd51cd218c3a8caf6d9518df9d2367a9ae54;hp=863ce4166757a0cdf0b9a24c3733039f29f01d79;hpb=959221f7482b51bb1b3f03d86aeabc0bd246205a;p=platal.git diff --git a/modules/payment.php b/modules/payment.php index 863ce41..4a28ef3 100644 --- a/modules/payment.php +++ b/modules/payment.php @@ -105,11 +105,11 @@ class PaymentModule extends PLModule function handlers() { return array( - 'donation' => $this->make_hook('donation', AUTH_COOKIE, 'user'), - 'donation/cyber2_return' => $this->make_hook('cyber2_return', AUTH_PUBLIC, 'user', NO_HTTPS), - 'donation/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS), - '%grp/paiement' => $this->make_hook('xnet_payment', AUTH_PASSWD, 'user'), - '%grp/payment' => $this->make_hook('xnet_payment', AUTH_PASSWD, 'user'), + 'payment' => $this->make_hook('payment', AUTH_PUBLIC, 'user'), + 'payment/cyber2_return' => $this->make_hook('cyber2_return', AUTH_PUBLIC, 'user', NO_HTTPS), + 'payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS), + '%grp/paiement' => $this->make_hook('xnet_payment', AUTH_PUBLIC, 'user'), + '%grp/payment' => $this->make_hook('xnet_payment', AUTH_PUBLIC, 'user'), '%grp/payment/csv' => $this->make_hook('payment_csv', AUTH_PASSWD, 'groupadmin'), '%grp/payment/cyber2_return' => $this->make_hook('cyber2_return', AUTH_PUBLIC, 'user', NO_HTTPS), '%grp/payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS), @@ -123,17 +123,24 @@ class PaymentModule extends PLModule ); } - function handler_donation($page) + function handler_payment($page, $ref = -1) { - global $globals; - + $page->changeTpl('payment/payment.tpl'); + $page->setTitle('Télépaiement'); $this->load('money.inc.php'); - $page->changeTpl('payment/donation.tpl'); - $page->setTitle("Don à l'association Polytechnique.org"); - $meth = new PayMethod(Env::i('methode', -1)); - $pay = new Payment(); + $pay = new Payment($ref); + + if (!$pay->flags->hasflag('public') && (!S::user() || !S::logged())) { + $page->kill("Vous n'avez pas les permissions nécessaires pour accéder à cette page."); + } else { + $page->assign('public', true); + } + + if ($pay->flags->hasflag('old')) { + $page->kill('La transaction selectionnée est périmée.'); + } $val = (Post::v('amount') != 0) ? Post::v('amount') : $pay->amount_def; @@ -142,9 +149,23 @@ class PaymentModule extends PLModule } if (Post::has('op') && Post::v('op', 'select') == 'submit') { - $pay->init($val, $meth); - $pay->prepareform($pay); - } else { + if (S::logged()) { + $user = S::user(); + } else { + $user = User::getSilent(Post::t('login')); + } + + if (is_null($user)) { + $page->trigError("L'identifiant est erroné."); + $page->assign('login_error', true); + $page->assign('login', Post::t('login')); + } else { + $pay->init($val, $meth); + $pay->prepareform($user); + $page->assign('full_name', $user->fullName(true)); + $page->assign('sex', $user->isFemale()); + } + } elseif (S::logged()) { $res = XDB::iterator('SELECT ts_confirmed, amount FROM payment_transactions WHERE uid = {?} AND ref = {?} @@ -155,32 +176,36 @@ class PaymentModule extends PLModule $page->assign('transactions', $res); } - $biggest_donations = XDB::fetchAllAssoc('SELECT IF(p.display, - IF(ap.pid IS NOT NULL, CONCAT(a.full_name, \' (\', pd.promo, \')\'), a.full_name), - \'XXXX\') AS name, p.amount, p.ts_confirmed - FROM payment_transactions AS p - INNER JOIN accounts AS a ON (a.uid = p.uid) - LEFT JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET(\'owner\', ap.perms)) - LEFT JOIN profile_display AS pd ON (ap.pid = pd.pid) - WHERE p.ref = {?} - ORDER BY LENGTH(p.amount) DESC, p.amount DESC, name - LIMIT 10', - $pay->id); - - $donations = XDB::fetchAllAssoc('(SELECT SUM(amount) AS amount, YEAR(ts_confirmed) AS year, MONTH(ts_confirmed) AS month, ts_confirmed - FROM payment_transactions - WHERE ref = {?} AND YEAR(ts_confirmed) = YEAR(CURDATE()) - GROUP BY month) - UNION - (SELECT SUM(amount) AS amount, YEAR(ts_confirmed) AS year, 0 AS month, ts_confirmed - FROM payment_transactions - WHERE ref = {?} AND YEAR(ts_confirmed) < YEAR(CURDATE()) - GROUP BY year) - ORDER BY year DESC, month DESC', - $pay->id, $pay->id); - - $page->assign('biggest_donations', $biggest_donations); - $page->assign('donations', $donations); + // Only if $id = -1, meaning only for donation the site's association + if ($ref == -1) { + $biggest_donations = XDB::fetchAllAssoc('SELECT IF(p.display, + IF(ap.pid IS NOT NULL, CONCAT(a.full_name, \' (\', pd.promo, \')\'), a.full_name), + \'XXXX\') AS name, p.amount, p.ts_confirmed + FROM payment_transactions AS p + INNER JOIN accounts AS a ON (a.uid = p.uid) + LEFT JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET(\'owner\', ap.perms)) + LEFT JOIN profile_display AS pd ON (ap.pid = pd.pid) + WHERE p.ref = {?} + ORDER BY LENGTH(p.amount) DESC, p.amount DESC, name + LIMIT 10', + $pay->id); + + $donations = XDB::fetchAllAssoc('(SELECT SUM(amount) AS amount, YEAR(ts_confirmed) AS year, MONTH(ts_confirmed) AS month, ts_confirmed + FROM payment_transactions + WHERE ref = {?} AND YEAR(ts_confirmed) = YEAR(CURDATE()) + GROUP BY month) + UNION + (SELECT SUM(amount) AS amount, YEAR(ts_confirmed) AS year, 0 AS month, ts_confirmed + FROM payment_transactions + WHERE ref = {?} AND YEAR(ts_confirmed) < YEAR(CURDATE()) + GROUP BY year) + ORDER BY year DESC, month DESC', + $pay->id, $pay->id); + + $page->assign('biggest_donations', $biggest_donations); + $page->assign('donations', $donations); + $page->assign('donation', true); + } } $val = floor($val * 100) / 100; @@ -189,7 +214,7 @@ class PaymentModule extends PLModule $page->assign('meth', $meth); $page->assign('pay', $pay); - $page->assign('sex', S::user()->isFemale()); + $page->assign('evtlink', $pay->event()); } function handler_cyber2_return($page, $uid = null) @@ -253,7 +278,7 @@ class PaymentModule extends PLModule list($eid, $asso_id) = $res->fetchOneRow(); require_once dirname(__FILE__) . '/xnetevents/xnetevents.inc.php'; $evt = get_event_detail($eid, false, $asso_id); - subscribe_lists_event($user->id(), $evt['short_name'], 1, $amount, true); + subscribe_lists_event($user->id(), $evt['short_name'], 1, $montant, true); } /* on genere le mail de confirmation */ @@ -344,12 +369,13 @@ class PaymentModule extends PLModule $no_transaction, $user->id(), $ref, $fullref, $montant, $clef, Env::v('comment'), Get::i('display')); // We check if it is an Xnet payment and then update the related ML. - $res = XDB::query('SELECT eid + $res = XDB::query('SELECT eid, asso_id FROM group_events WHERE paiement_id = {?}', $ref); - if ($eid = $res->fetchOneCell()) { + if ($res->numRows() == 1) { + list($eid, $asso_id) = $res->fetchOneRow(); require_once dirname(__FILE__) . '/xnetevents/xnetevents.inc.php'; - $evt = get_event_detail($eid); + $evt = get_event_detail($eid, false, $asso_id); subscribe_lists_event($user->id(), $evt['short_name'], 1, $montant, true); } @@ -391,7 +417,7 @@ class PaymentModule extends PLModule global $globals; $perms = S::v('perms'); - if (!$perms->hasFlag('groupmember')) { + if (!(S::identified() && $perms->hasFlag('groupmember'))) { if (is_null($pid)) { return PL_FORBIDDEN; } @@ -400,7 +426,12 @@ class PaymentModule extends PLModule INNER JOIN group_event_participants AS ep ON (ep.eid = e.eid AND ep.uid = {?}) WHERE e.paiement_id = {?} AND e.asso_id = {?}", S::i('uid'), $pid, $globals->asso('id')); - if ($res->numRows() == 0) { + $public = XDB::query("SELECT 1 + FROM payments AS p + INNER JOIN group_events AS g ON (g.paiement_id = p.id) + WHERE g.asso_id = {?} AND p.id = {?} AND FIND_IN_SET('public', p.flags)", + $globals->asso('id'), $pid); + if ($res->numRows() == 0 && $public->numRows() == 0) { return PL_FORBIDDEN; } } @@ -421,7 +452,7 @@ class PaymentModule extends PLModule $trans = array(); $event = array(); if (may_update()) { - static $orders = array('timestamp' => 'p', 'directory_name' => 'a', 'promo' => 'pd', 'comment' => 'p', 'amount' => 'p'); + static $orders = array('ts_confirmed' => 'p', 'directory_name' => 'a', 'promo' => 'pd', 'comment' => 'p', 'amount' => 'p'); if (Get::has('order_id') && Get::has('order') && array_key_exists(Get::v('order'), $orders)) { $order_id = Get::i('order_id');