X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fpayment.php;h=4fa064197d51f3fe55267edcd1230be997276b27;hb=4dcee20be6bd4ca928c54a6ae580f832b287777e;hp=863ce4166757a0cdf0b9a24c3733039f29f01d79;hpb=959221f7482b51bb1b3f03d86aeabc0bd246205a;p=platal.git diff --git a/modules/payment.php b/modules/payment.php index 863ce41..4fa0641 100644 --- a/modules/payment.php +++ b/modules/payment.php @@ -1,6 +1,6 @@ addTo($globals->money->email); $mymail->setFrom("webmaster@" . $globals->mail->domain); $mymail->setSubject("erreur lors d'un télépaiement (CyberPaiement)"); - $mymail->setTxtBody("\n\n".var_export($_REQUEST,true)); + $content = "raison de l'erreur : " . $text . "\n"; + if ($conf_title != "") { + $content = $content."paiement : ".$conf_title."\n"; + } + $content = $content . "dump de REQUEST :\n" . var_export($_REQUEST, true); + $mymail->setTxtBody($content); $mymail->send(); echo "Notification sent.\n"; exit; @@ -45,7 +50,10 @@ function paypal_erreur($text, $send=true) $mymail->addTo($globals->money->email); $mymail->setFrom("webmaster@" . $globals->mail->domain); $mymail->setSubject("erreur lors d'un télépaiement (PayPal)"); - $mymail->setTxtBody("\n\n".var_export($_REQUEST,true)); + $mymail->setTxtBody("raison de l'erreur : ".$text."\n". + "paiement : $conf_title \n\n". + "dump de REQUEST :\n". + var_export($_REQUEST,true)); $mymail->send(); Platal::page()->trigError($text); @@ -105,11 +113,11 @@ class PaymentModule extends PLModule function handlers() { return array( - 'donation' => $this->make_hook('donation', AUTH_COOKIE, 'user'), - 'donation/cyber2_return' => $this->make_hook('cyber2_return', AUTH_PUBLIC, 'user', NO_HTTPS), - 'donation/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS), - '%grp/paiement' => $this->make_hook('xnet_payment', AUTH_PASSWD, 'user'), - '%grp/payment' => $this->make_hook('xnet_payment', AUTH_PASSWD, 'user'), + 'payment' => $this->make_hook('payment', AUTH_PUBLIC, 'user'), + 'payment/cyber2_return' => $this->make_hook('cyber2_return', AUTH_PUBLIC, 'user', NO_HTTPS), + 'payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS), + '%grp/paiement' => $this->make_hook('xnet_payment', AUTH_PUBLIC, 'user'), + '%grp/payment' => $this->make_hook('xnet_payment', AUTH_PUBLIC, 'user'), '%grp/payment/csv' => $this->make_hook('payment_csv', AUTH_PASSWD, 'groupadmin'), '%grp/payment/cyber2_return' => $this->make_hook('cyber2_return', AUTH_PUBLIC, 'user', NO_HTTPS), '%grp/payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS), @@ -119,22 +127,32 @@ class PaymentModule extends PLModule 'admin/reconcile' => $this->make_hook('adm_reconcile', AUTH_PASSWD, 'admin'), 'admin/reconcile/importlogs' => $this->make_hook('adm_importlogs', AUTH_PASSWD, 'admin'), 'admin/reconcile/transfers' => $this->make_hook('adm_transfers', AUTH_PASSWD, 'admin'), - 'admin/reconcile/bankaccounts' => $this->make_hook('adm_bankaccounts', AUTH_PASSWD, 'admin'), + 'admin/payments/bankaccounts' => $this->make_hook('adm_bankaccounts', AUTH_PASSWD, 'admin'), ); } - function handler_donation($page) + function handler_payment($page, $ref = -1) { - global $globals; - + $page->changeTpl('payment/payment.tpl'); + $page->setTitle('Télépaiement'); $this->load('money.inc.php'); - $page->changeTpl('payment/donation.tpl'); - $page->setTitle("Don à l'association Polytechnique.org"); - $meth = new PayMethod(Env::i('methode', -1)); - $pay = new Payment(); + $pay = new Payment($ref); + if (!$pay->flags->hasflag('public') && (!S::user() || !S::logged())) { + $page->kill("Vous n'avez pas les permissions nécessaires pour accéder à cette page."); + } else { + $page->assign('public', true); + } + + if ($pay->flags->hasflag('old')) { + $page->kill('La transaction selectionnée est périmée.'); + } + + if (Env::has('montant')) { + $pay->amount_def = Env::v('montant'); + } $val = (Post::v('amount') != 0) ? Post::v('amount') : $pay->amount_def; if (($error = $pay->check($val)) !== true) { @@ -142,9 +160,23 @@ class PaymentModule extends PLModule } if (Post::has('op') && Post::v('op', 'select') == 'submit') { - $pay->init($val, $meth); - $pay->prepareform($pay); - } else { + if (S::logged()) { + $user = S::user(); + } else { + $user = User::getSilent(Post::t('login')); + } + + if (is_null($user)) { + $page->trigError("L'identifiant est erroné."); + $page->assign('login_error', true); + $page->assign('login', Post::t('login')); + } else { + $pay->init($val, $meth); + $pay->prepareform($user); + $page->assign('full_name', $user->fullName(true)); + $page->assign('sex', $user->isFemale()); + } + } elseif (S::logged()) { $res = XDB::iterator('SELECT ts_confirmed, amount FROM payment_transactions WHERE uid = {?} AND ref = {?} @@ -155,32 +187,36 @@ class PaymentModule extends PLModule $page->assign('transactions', $res); } - $biggest_donations = XDB::fetchAllAssoc('SELECT IF(p.display, - IF(ap.pid IS NOT NULL, CONCAT(a.full_name, \' (\', pd.promo, \')\'), a.full_name), - \'XXXX\') AS name, p.amount, p.ts_confirmed - FROM payment_transactions AS p - INNER JOIN accounts AS a ON (a.uid = p.uid) - LEFT JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET(\'owner\', ap.perms)) - LEFT JOIN profile_display AS pd ON (ap.pid = pd.pid) - WHERE p.ref = {?} - ORDER BY LENGTH(p.amount) DESC, p.amount DESC, name - LIMIT 10', - $pay->id); - - $donations = XDB::fetchAllAssoc('(SELECT SUM(amount) AS amount, YEAR(ts_confirmed) AS year, MONTH(ts_confirmed) AS month, ts_confirmed - FROM payment_transactions - WHERE ref = {?} AND YEAR(ts_confirmed) = YEAR(CURDATE()) - GROUP BY month) - UNION - (SELECT SUM(amount) AS amount, YEAR(ts_confirmed) AS year, 0 AS month, ts_confirmed - FROM payment_transactions - WHERE ref = {?} AND YEAR(ts_confirmed) < YEAR(CURDATE()) - GROUP BY year) - ORDER BY year DESC, month DESC', - $pay->id, $pay->id); - - $page->assign('biggest_donations', $biggest_donations); - $page->assign('donations', $donations); + // Only if $id = -1, meaning only for donation the site's association + if ($ref == -1) { + $biggest_donations = XDB::fetchAllAssoc('SELECT IF(p.display, + IF(ap.pid IS NOT NULL, CONCAT(a.full_name, \' (\', pd.promo, \')\'), a.full_name), + \'XXXX\') AS name, p.amount, p.ts_confirmed + FROM payment_transactions AS p + INNER JOIN accounts AS a ON (a.uid = p.uid) + LEFT JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET(\'owner\', ap.perms)) + LEFT JOIN profile_display AS pd ON (ap.pid = pd.pid) + WHERE p.ref = {?} + ORDER BY LENGTH(p.amount) DESC, p.amount DESC, name + LIMIT 10', + $pay->id); + + $donations = XDB::fetchAllAssoc('(SELECT SUM(amount) AS amount, YEAR(ts_confirmed) AS year, MONTH(ts_confirmed) AS month, ts_confirmed + FROM payment_transactions + WHERE ref = {?} AND YEAR(ts_confirmed) = YEAR(CURDATE()) + GROUP BY month) + UNION + (SELECT SUM(amount) AS amount, YEAR(ts_confirmed) AS year, 0 AS month, ts_confirmed + FROM payment_transactions + WHERE ref = {?} AND YEAR(ts_confirmed) < YEAR(CURDATE()) + GROUP BY year) + ORDER BY year DESC, month DESC', + $pay->id, $pay->id); + + $page->assign('biggest_donations', $biggest_donations); + $page->assign('donations', $donations); + $page->assign('donation', true); + } } $val = floor($val * 100) / 100; @@ -189,7 +225,7 @@ class PaymentModule extends PLModule $page->assign('meth', $meth); $page->assign('pay', $pay); - $page->assign('sex', S::user()->isFemale()); + $page->assign('evtlink', $pay->event()); } function handler_cyber2_return($page, $uid = null) @@ -215,7 +251,7 @@ class PaymentModule extends PLModule } /* on extrait la reference de la commande */ - if (!ereg('-([0-9]+)$', Env::v('vads_order_id'), $matches)) { + if (!preg_match('/-([0-9]+)$/', Env::v('vads_order_id'), $matches)) { cb_erreur("référence de commande invalide"); } @@ -236,7 +272,7 @@ class PaymentModule extends PLModule /* on extrait le code de retour */ if (Env::v('vads_result') != '00') { - cb_erreur('erreur lors du paiement : ?? (' . Env::v('vads_result') . ')'); + cb_erreur('erreur lors du paiement : ?? (' . Env::v('vads_result') . ')', $conf_title); } /* on fait l'insertion en base de donnees */ @@ -253,7 +289,7 @@ class PaymentModule extends PLModule list($eid, $asso_id) = $res->fetchOneRow(); require_once dirname(__FILE__) . '/xnetevents/xnetevents.inc.php'; $evt = get_event_detail($eid, false, $asso_id); - subscribe_lists_event($user->id(), $evt['short_name'], 1, $amount, true); + subscribe_lists_event($user->id(), $evt['short_name'], 1, $montant, true); } /* on genere le mail de confirmation */ @@ -302,7 +338,7 @@ class PaymentModule extends PLModule /* raison */ $reason = ($status == 'Pending') ? Env::s('pending_reason') : Env::s('reason_code'); /* reference complete de la commande */ - $fullref = Env::s('cm'); + $fullref = str_replace('%2d','-',Env::s('cm')); /* montant de la transaction */ $montant = Env::s('amt'); /* devise */ @@ -326,7 +362,7 @@ class PaymentModule extends PLModule } /* on extrait la reference de la commande */ - if (!ereg('-xorg-([0-9]+)$', $fullref, $matches)) { + if (!preg_match('/-xorg-([0-9]+)$/', $fullref, $matches)) { paypal_erreur("référence de commande invalide"); } @@ -344,12 +380,13 @@ class PaymentModule extends PLModule $no_transaction, $user->id(), $ref, $fullref, $montant, $clef, Env::v('comment'), Get::i('display')); // We check if it is an Xnet payment and then update the related ML. - $res = XDB::query('SELECT eid + $res = XDB::query('SELECT eid, asso_id FROM group_events WHERE paiement_id = {?}', $ref); - if ($eid = $res->fetchOneCell()) { + if ($res->numRows() == 1) { + list($eid, $asso_id) = $res->fetchOneRow(); require_once dirname(__FILE__) . '/xnetevents/xnetevents.inc.php'; - $evt = get_event_detail($eid); + $evt = get_event_detail($eid, false, $asso_id); subscribe_lists_event($user->id(), $evt['short_name'], 1, $montant, true); } @@ -391,17 +428,25 @@ class PaymentModule extends PLModule global $globals; $perms = S::v('perms'); - if (!$perms->hasFlag('groupmember')) { - if (is_null($pid)) { + if (is_null($pid)) { + if (!(S::identified() && $perms->hasFlag('groupadmin'))) { return PL_FORBIDDEN; } - $res = XDB::query("SELECT 1 - FROM group_events AS e - INNER JOIN group_event_participants AS ep ON (ep.eid = e.eid AND ep.uid = {?}) - WHERE e.paiement_id = {?} AND e.asso_id = {?}", - S::i('uid'), $pid, $globals->asso('id')); - if ($res->numRows() == 0) { - return PL_FORBIDDEN; + } else { + if (!(S::identified() && $perms->hasFlag('groupmember'))) { + $res = XDB::query("SELECT 1 + FROM group_events AS e + INNER JOIN group_event_participants AS ep ON (ep.eid = e.eid AND ep.uid = {?}) + WHERE e.paiement_id = {?} AND e.asso_id = {?}", + S::i('uid'), $pid, $globals->asso('id')); + $public = XDB::query("SELECT 1 + FROM payments AS p + INNER JOIN group_events AS g ON (g.paiement_id = p.id) + WHERE g.asso_id = {?} AND p.id = {?} AND FIND_IN_SET('public', p.flags)", + $globals->asso('id'), $pid); + if ($res->numRows() == 0 && $public->numRows() == 0) { + return PL_FORBIDDEN; + } } } @@ -421,7 +466,7 @@ class PaymentModule extends PLModule $trans = array(); $event = array(); if (may_update()) { - static $orders = array('timestamp' => 'p', 'directory_name' => 'a', 'promo' => 'pd', 'comment' => 'p', 'amount' => 'p'); + static $orders = array('ts_confirmed' => 'p', 'directory_name' => 'a', 'promo' => 'pd', 'comment' => 'p', 'amount' => 'p'); if (Get::has('order_id') && Get::has('order') && array_key_exists(Get::v('order'), $orders)) { $order_id = Get::i('order_id'); @@ -514,17 +559,17 @@ class PaymentModule extends PLModule $users = User::getBulkUsersWithUIDs($res, 'uid', 'user'); $sum = 0; - pl_cached_content_headers('text/x-csv', 1); + pl_cached_content_headers('text/x-csv', 'iso-8859-1', 1); $csv = fopen('php://output', 'w'); - fputcsv($csv, array('Date', 'Nom', 'Prénom', 'Sexe', 'Promotion', 'Email', 'Commentaire', 'Montant'), ';'); + fputcsv($csv, array('Date', 'Nom', utf8_decode('Prénom'), 'Sexe', 'Promotion', 'Email', 'Commentaire', 'Montant'), ';'); foreach ($users as $item) { $user = $item['user']; $sum += $item['amount']; - fputcsv($csv, array(format_datetime($item['date'], '%d/%m/%y'), $user->lastName(), $user->firstName(), + fputcsv($csv, array(format_datetime($item['date'], '%d/%m/%y'), utf8_decode($user->lastName()), utf8_decode($user->firstName()), ($user->isFemale()) ? 'F' : 'M', $user->promo(), $user->ForlifeEmail(), - $item['comment'], strtr($item['amount'],'.',',').' €' ), ';'); + utf8_decode($item['comment']), strtr($item['amount'], '.', ',') . ' EUR' ), ';'); } - fputcsv($csv, array(date('d/m/y'), 'Total', '', '', '' , '', '', strtr($sum,'.',',').' €'), ';'); + fputcsv($csv, array(date('d/m/y'), 'Total', '', '', '' , '', '', strtr($sum, '.', ',') . ' EUR'), ';'); fclose($csv); exit; @@ -534,7 +579,6 @@ class PaymentModule extends PLModule $page->setTitle('Administration - Paiements'); $page->assign('title', 'Gestion des télépaiements'); $table_editor = new PLTableEditor('admin/payments','payments','id'); - //$table_editor->add_join_table('payment_transactions','ref',true); => on ne supprime jamais une transaction $table_editor->add_sort_field('flags'); $table_editor->add_sort_field('id', true, true); $table_editor->on_delete("UPDATE payments SET flags = 'old' WHERE id = {?}", "Le paiement a été archivé"); @@ -545,10 +589,15 @@ class PaymentModule extends PLModule $table_editor->describe('amount_max', 'montant maximum', false, true); $table_editor->describe('mail', 'email contact', true); $table_editor->describe('confirmation', 'message confirmation', false, true); - + $table_editor->describe('rib_id', 'RIB', false, true); // adds a column with the start date of the linked event if there is one $table_editor->add_option_table('group_events', 'group_events.paiement_id = t.id'); - $table_editor->add_option_field('group_events.debut', 'related_event', 'évènement', 'timestamp'); + $table_editor->add_option_field('group_events.archive', 'related_event', 'évènement archivé ?', 'tinyint'); + // adds a column with the linked rib if there is one + $table_editor->add_option_table('payment_bankaccounts', 'payment_bankaccounts.id = t.rib_id'); + $table_editor->add_option_field('payment_bankaccounts.owner', 'linked_rib_owner', 'rib associé', 'varchar'); + // adds a link to the table of all the transactions + $table_editor->addLink('id', "admin/payments/transactions/"); $table_editor->apply($page, $action, $id); } @@ -561,10 +610,17 @@ class PaymentModule extends PLModule if ($payment_id == null) $page->trigError("Aucun ID de paiement fourni."); - $table_editor = new PLTableEditor("admin/transactions/{$payment_id}",'payment_transactions','id'); + $table_editor = new PLTableEditor("admin/payments/transactions/{$payment_id}",'payment_transactions','id', true); $table_editor->set_where_clause(XDB::format('ref = {?}', $payment_id)); - $table_editor->apply($page, 'list', $id); // only the 'list' action is allowed - $page->assign('readonly', 'readonly'); // don't show modification features + $table_editor->add_sort_field('id', true); + $table_editor->describe('ts_initiated', 'ts_initiated', true, false); + $table_editor->describe('commission', 'commission', true, false); + $table_editor->describe('pkey', 'pkey', true, true); + $table_editor->describe('comment', 'comment', true, true); + $table_editor->describe('recon_id', 'recon_id', true, false); + $table_editor->describe('display', 'display', true, true); + $table_editor->apply($page, $action, $id); + $page->assign('addonly', 'addonly'); // don't show modification features, only add feature } function handler_adm_bankaccounts($page, $action = "list", $id = null) { @@ -573,17 +629,18 @@ class PaymentModule extends PLModule $page->assign('title', "Liste des RIBs"); $table_editor = new PLTableEditor('admin/payments/bankaccounts', 'payment_bankaccounts', 'id'); - $table_editor->describe('asso_id', 'ID du groupe', false, false); + $table_editor->describe('asso_id', 'ID du groupe', false, true); $table_editor->describe('owner', 'titulaire', true); $table_editor->add_option_table('groups', 'groups.id = t.asso_id'); - $table_editor->add_option_field('groups.diminutif', 'group_name', 'groupe', 'varchar','account'); + $table_editor->add_option_field('groups.diminutif', 'group_name', 'groupe', 'varchar','iban'); - // check RIB key + /* check RIB key FIXME: the column format (and name) changed if ($action == 'update' && Post::has('account') && !check_rib(Post::v('account'))) { $page->trigError("Le RIB n'est pas valide"); $table_editor->apply($page, 'edit', $id); return; } + */ $table_editor->apply($page, $action, $id); } @@ -628,6 +685,7 @@ class PaymentModule extends PLModule $recongps = array(); + // récupère les réconciliations non groupées $res = XDB::query("SELECT r.id, short_name AS method, period_start, period_end, status, payment_count, sum_amounts, sum_commissions FROM payment_reconcilations AS r @@ -637,10 +695,12 @@ class PaymentModule extends PLModule foreach ($res->fetchAllAssoc() as $recon) $recongps[] = array('recons' => array($recon), 'transfers' => array()); + // ne récupère que les 18 derniers groupements $res = XDB::query("SELECT recongroup_id AS id FROM payment_reconcilations GROUP BY recongroup_id - ORDER BY MAX(period_end) DESC, MIN(period_start) DESC"); + ORDER BY MAX(period_end) DESC, MIN(period_start) DESC + LIMIT 18"); foreach ($res->fetchAllAssoc() as $recongp) { $res = XDB::query("SELECT r.id, short_name AS method, period_start, period_end, status, payment_count, sum_amounts, sum_commissions @@ -651,11 +711,26 @@ class PaymentModule extends PLModule $recongp['id']); $recongp['recons'] = $res->fetchAllAssoc(); - $res = XDB::query('SELECT id, payment_id, amount, account_id, message, date - FROM payment_transfers + $res = XDB::query('SELECT t.id, t.payment_id, t.amount, t.message, t.date + FROM payment_transfers AS t WHERE recongroup_id = {?}', $recongp['id']); - $recongp['transfers'] = $res->fetchAllAssoc(); + $transfers = $res->fetchAllAssoc(); + foreach ($transfers as $id => $t) { + if ($t['date'] == NULL) { // si le virement n'est pas fait, on va récupérer le rib associé au paiment + $ownertmp = XDB::fetchOneCell('SELECT b.owner + FROM payment_bankaccounts AS b + LEFT JOIN payments AS p ON (p.rib_id = b.id) + WHERE p.id = {?}', $t['payment_id']); + } else { // sinon on prend celui associé au virement + $ownertmp = XDB::fetchOneCell('SELECT b.owner + FROM payment_bankaccounts AS b + LEFT JOIN payment_transfers AS t ON (t.account_id = b.id) + WHERE t.id = {?}', $t['id']); + } + $transfers[$id]['owner'] = $ownertmp; + } + $recongp['transfers'] = $transfers; $recongps[] = $recongp; } @@ -859,7 +934,7 @@ class PaymentModule extends PLModule FROM payment_transactions AS t LEFT JOIN payments AS p ON (t.ref = p.id) LEFT JOIN groups AS g ON (p.asso_id = g.id) - WHERE t.recon_id IN {?} + WHERE t.recon_id IN {?} AND t.status = "confirmed" GROUP BY t.ref', $recongp_id, $recon_ids); @@ -882,9 +957,13 @@ class PaymentModule extends PLModule } elseif ($action == "confirm") { S::assert_xsrf_token(); + $account_id = XDB::fetchOneCell('SELECT rib_id + FROM payments AS p + LEFT JOIN payment_transfers AS t ON (t.payment_id = p.id) + WHERE t.id = {?}', $id); XDB::execute('UPDATE payment_transfers - SET date = NOW() - WHERE id = {?}', $id); + SET date = NOW(), account_id = {?} + WHERE id = {?}', $account_id, $id); $page->trigSuccess('Virement ' . $id . ' confirmé.'); $this->handler_adm_reconcile($page); @@ -926,7 +1005,7 @@ class PaymentLogsImporter extends CSVImporter { static public function compute_systempay_commission($line, $key, $relation) { static $EEE_countries = array( - 'France', 'Allemagne', 'Autriche', 'Belgique', 'Bulgarie', 'Chypre', + 'France', 'Allemagne', 'Autriche', 'Belgique', 'Bulgarie', 'Chypre', 'Croatie', 'Danemark', 'Espagne', 'Estonie', 'Finlande', 'Grèce', 'Hongrie', 'Irlande', 'Islande', 'Italie', 'Lettonie', 'Liechtenstein', 'Lituanie', 'Luxembourg', 'Malte', 'Norvège', 'Pays-Bas', 'Pologne', 'Portugal', 'Roumanie', 'Royaume-Uni', 'Slovaquie', 'Slovénie', 'Suède', 'République Tchèque' @@ -939,7 +1018,7 @@ class PaymentLogsImporter extends CSVImporter { if (in_array($line['pays carte'], $EEE_countries)) { return -0.20 - round($amount * 0.005, 2); } else { - return -0.20 - round($amount * 0.005, 2) - 0.76; + return -0.20 - round($amount * 0.005, 2) - 0.75; } } @@ -948,7 +1027,7 @@ class PaymentLogsImporter extends CSVImporter { return null; } $reference = self::getValue($line, 'reference', $relation['reference']); - if (ereg('-([0-9]+)$', $reference, $matches)) { + if (preg_match('/-([0-9]+)$/', $reference, $matches)) { return $matches[1]; } else { return null; @@ -956,5 +1035,5 @@ class PaymentLogsImporter extends CSVImporter { } } -// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: +// vim:set et sw=4 sts=4 sws=4 foldmethod=marker fenc=utf-8: ?>