X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fpayment.php;h=66c56b239a51eaaf877f61b635688b9da4745e93;hb=38f35d8935896a31c97d5628a04b9fb3eb6d9059;hp=59f4574ff772a23b6447516f68510608213de4f2;hpb=d82359a556779137f8a90d0312b3098a2db6f482;p=platal.git diff --git a/modules/payment.php b/modules/payment.php index 59f4574..66c56b2 100644 --- a/modules/payment.php +++ b/modules/payment.php @@ -105,83 +105,116 @@ class PaymentModule extends PLModule function handlers() { return array( - 'payment' => $this->make_hook('payment', AUTH_MDP, 'payment'), + 'payment' => $this->make_hook('payment', AUTH_PUBLIC, 'user'), 'payment/cyber2_return' => $this->make_hook('cyber2_return', AUTH_PUBLIC, 'user', NO_HTTPS), 'payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS), - '%grp/paiement' => $this->make_hook('xnet_payment', AUTH_MDP), - '%grp/payment' => $this->make_hook('xnet_payment', AUTH_MDP), - '%grp/payment/csv' => $this->make_hook('payment_csv', AUTH_MDP, 'groupadmin'), + '%grp/paiement' => $this->make_hook('xnet_payment', AUTH_PUBLIC, 'user'), + '%grp/payment' => $this->make_hook('xnet_payment', AUTH_PUBLIC, 'user'), + '%grp/payment/csv' => $this->make_hook('payment_csv', AUTH_PASSWD, 'groupadmin'), '%grp/payment/cyber2_return' => $this->make_hook('cyber2_return', AUTH_PUBLIC, 'user', NO_HTTPS), '%grp/payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS), - 'admin/payments' => $this->make_hook('admin', AUTH_MDP, 'admin'), - 'admin/payments/methods' => $this->make_hook('adm_methods', AUTH_MDP, 'admin'), - 'admin/payments/transactions' => $this->make_hook('adm_transactions', AUTH_MDP, 'admin'), - 'admin/reconcile' => $this->make_hook('adm_reconcile', AUTH_MDP, 'admin'), - 'admin/reconcile/importlogs' => $this->make_hook('adm_importlogs', AUTH_MDP, 'admin'), - 'admin/reconcile/transfers' => $this->make_hook('adm_transfers', AUTH_MDP, 'admin'), - 'admin/reconcile/bankaccounts' => $this->make_hook('adm_bankaccounts', AUTH_MDP, 'admin'), + 'admin/payments' => $this->make_hook('admin', AUTH_PASSWD, 'admin'), + 'admin/payments/methods' => $this->make_hook('adm_methods', AUTH_PASSWD, 'admin'), + 'admin/payments/transactions' => $this->make_hook('adm_transactions', AUTH_PASSWD, 'admin'), + 'admin/reconcile' => $this->make_hook('adm_reconcile', AUTH_PASSWD, 'admin'), + 'admin/reconcile/importlogs' => $this->make_hook('adm_importlogs', AUTH_PASSWD, 'admin'), + 'admin/reconcile/transfers' => $this->make_hook('adm_transfers', AUTH_PASSWD, 'admin'), + 'admin/reconcile/bankaccounts' => $this->make_hook('adm_bankaccounts', AUTH_PASSWD, 'admin'), ); } function handler_payment($page, $ref = -1) { - global $globals; - + $page->changeTpl('payment/payment.tpl'); + $page->setTitle('Télépaiement'); $this->load('money.inc.php'); - if (!empty($GLOBALS['IS_XNET_SITE'])) { - if (!$globals->asso('id')) { - return PL_NOT_FOUND; - } - $res = XDB::query('SELECT asso_id - FROM payments - WHERE asso_id = {?} AND id = {?}', - $globals->asso('id'), $ref); - if (!$res->numRows()) { - return PL_FORBIDDEN; - } - } - $page->changeTpl('payment/index.tpl'); - $page->setTitle('Télépaiements'); - - // initialisation - $op = Env::v('op', 'select'); $meth = new PayMethod(Env::i('methode', -1)); $pay = new Payment($ref); - if($pay->flags->hasflag('old')){ - $page->trigError("La transaction selectionnée est périmée."); - $pay = new Payment(); + if (!$pay->flags->hasflag('public') && (!S::user() || !S::logged())) { + $page->kill("Vous n'avez pas les permissions nécessaires pour accéder à cette page."); + } else { + $page->assign('public', true); } - $val = Env::v('montant') != 0 ? Env::v('montant') : $pay->amount_def; - if (($e = $pay->check($val)) !== true) { - $page->trigError($e); + if ($pay->flags->hasflag('old')) { + $page->kill('La transaction selectionnée est périmée.'); } - if ($op == 'submit') { - $pay->init($val, $meth); - $pay->prepareform($pay); - } else { - $res = XDB::iterator('SELECT timestamp, amount + $val = (Post::v('amount') != 0) ? Post::v('amount') : $pay->amount_def; + + if (($error = $pay->check($val)) !== true) { + $page->trigError($error); + } + + if (Post::has('op') && Post::v('op', 'select') == 'submit') { + if (S::logged()) { + $user = S::user(); + } else { + $user = User::getSilent(Post::t('login')); + } + + if (is_null($user)) { + $page->trigError("L'identifiant est erroné."); + $page->assign('login_error', true); + $page->assign('login', Post::t('login')); + } else { + $pay->init($val, $meth); + $pay->prepareform($user); + $page->assign('full_name', $user->fullName(true)); + $page->assign('sex', $user->isFemale()); + } + } elseif (S::logged()) { + $res = XDB::iterator('SELECT ts_confirmed, amount FROM payment_transactions WHERE uid = {?} AND ref = {?} - ORDER BY timestamp DESC', - S::v('uid', -1), $ref); + ORDER BY ts_confirmed DESC', + S::v('uid', -1), $pay->id); if ($res->total()) { $page->assign('transactions', $res); } + + // Only if $id = -1, meaning only for donation the site's association + if ($ref == -1) { + $biggest_donations = XDB::fetchAllAssoc('SELECT IF(p.display, + IF(ap.pid IS NOT NULL, CONCAT(a.full_name, \' (\', pd.promo, \')\'), a.full_name), + \'XXXX\') AS name, p.amount, p.ts_confirmed + FROM payment_transactions AS p + INNER JOIN accounts AS a ON (a.uid = p.uid) + LEFT JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET(\'owner\', ap.perms)) + LEFT JOIN profile_display AS pd ON (ap.pid = pd.pid) + WHERE p.ref = {?} + ORDER BY LENGTH(p.amount) DESC, p.amount DESC, name + LIMIT 10', + $pay->id); + + $donations = XDB::fetchAllAssoc('(SELECT SUM(amount) AS amount, YEAR(ts_confirmed) AS year, MONTH(ts_confirmed) AS month, ts_confirmed + FROM payment_transactions + WHERE ref = {?} AND YEAR(ts_confirmed) = YEAR(CURDATE()) + GROUP BY month) + UNION + (SELECT SUM(amount) AS amount, YEAR(ts_confirmed) AS year, 0 AS month, ts_confirmed + FROM payment_transactions + WHERE ref = {?} AND YEAR(ts_confirmed) < YEAR(CURDATE()) + GROUP BY year) + ORDER BY year DESC, month DESC', + $pay->id, $pay->id); + + $page->assign('biggest_donations', $biggest_donations); + $page->assign('donations', $donations); + $page->assign('donation', true); + } } - $val = floor($val) . '.' . substr(floor(($val - floor($val)) * 100 + 100), 1); - $page->assign('montant', $val); + $val = floor($val * 100) / 100; + $page->assign('amount', $val); $page->assign('comment', Env::v('comment')); $page->assign('meth', $meth); $page->assign('pay', $pay); $page->assign('evtlink', $pay->event()); - $page->assign('sex', S::user()->isFemale()); } function handler_cyber2_return($page, $uid = null) @@ -224,8 +257,7 @@ class PaymentModule extends PLModule if (Env::v('vads_currency') != '978') { cb_erreur("monnaie autre que l'euro"); } - $amount = ((float)Env::i('vads_amount')) / 100; - $montant = sprintf("%.02f EUR", $amount); + $montant = ((float)Env::i('vads_amount')) / 100; /* on extrait le code de retour */ if (Env::v('vads_result') != '00') { @@ -233,10 +265,10 @@ class PaymentModule extends PLModule } /* on fait l'insertion en base de donnees */ - XDB::execute('INSERT INTO payment_transactions (id, uid, ref, fullref, amount, pkey, comment) - VALUES ({?}, {?}, {?}, {?}, {?}, {?}, {?})', - Env::v('vads_trans_date'), $user->id(), $ref, Env::v('vads_order_id'), $montant, '', Env::v('vads_order_info')); - echo "Paiement stored.\n"; + XDB::execute('INSERT INTO payment_transactions (id, method_id, uid, ref, fullref, ts_confirmed, amount, pkey, comment, status, display) + VALUES ({?}, 2, {?}, {?}, {?}, NOW(), {?}, {?}, {?}, "confirmed", {?})', + Env::v('vads_trans_date'), $user->id(), $ref, Env::v('vads_order_id'), $montant, '', Env::v('vads_order_info'), Env::i('vads_order_info2')); + echo "Payment stored.\n"; // We check if it is an Xnet payment and then update the related ML. $res = XDB::query('SELECT eid, asso_id @@ -297,10 +329,11 @@ class PaymentModule extends PLModule /* reference complete de la commande */ $fullref = Env::s('cm'); /* montant de la transaction */ - $montant_nb = Env::s('amt'); + $montant = Env::s('amt'); /* devise */ - $montant_dev = Env::s('cc'); - $montant = "$montant_nb $montant_dev"; + if (Env::s('cc') != 'EUR') { + cb_erreur("monnaie autre que l'euro"); + } /* on extrait le code de retour */ if ($status != "Completed") { @@ -331,9 +364,9 @@ class PaymentModule extends PLModule } /* on fait l'insertion en base de donnees */ - XDB::execute("INSERT INTO payment_transactions (id, uid, ref, fullref, amount, pkey, comment) - VALUES ({?}, {?}, {?}, {?}, {?}, {?}, {?})", - $no_transaction, $user->id(), $ref, $fullref, $montant, $clef, Env::v('comment')); + XDB::execute("INSERT INTO payment_transactions (id, method_id, uid, ref, fullref, ts_confirmed, amount, pkey, comment, status, display) + VALUES ({?}, 1, {?}, {?}, {?}, NOW(), {?}, {?}, {?}, 'confirmed', {?})", + $no_transaction, $user->id(), $ref, $fullref, $montant, $clef, Env::v('comment'), Get::i('display')); // We check if it is an Xnet payment and then update the related ML. $res = XDB::query('SELECT eid @@ -383,16 +416,21 @@ class PaymentModule extends PLModule global $globals; $perms = S::v('perms'); - if (!$perms->hasFlag('groupmember')) { + if (!(S::identified() && $perms->hasFlag('groupmember'))) { if (is_null($pid)) { return PL_FORBIDDEN; } $res = XDB::query("SELECT 1 FROM group_events AS e - INNER JOIN group_event_participants AS ep ON (ep.eid = e.eid AND e.uid = {?}) + INNER JOIN group_event_participants AS ep ON (ep.eid = e.eid AND ep.uid = {?}) WHERE e.paiement_id = {?} AND e.asso_id = {?}", S::i('uid'), $pid, $globals->asso('id')); - if ($res->numRows() == 0) { + $public = XDB::query("SELECT 1 + FROM payments AS p + INNER JOIN group_events AS g ON (g.paiement_id = p.id) + WHERE g.asso_id = {?} AND p.id = {?} AND FIND_IN_SET('public', p.flags)", + $globals->asso('id'), $pid); + if ($res->numRows() == 0 && $public->numRows() == 0) { return PL_FORBIDDEN; } } @@ -440,7 +478,7 @@ class PaymentModule extends PLModule foreach($tit as $foo) { $pid = $foo['id']; if (may_update()) { - $res = XDB::query('SELECT p.uid, IF(p.timestamp = \'0000-00-00\', 0, p.timestamp) AS date, p.comment, p.amount + $res = XDB::query('SELECT p.uid, IF(p.ts_confirmed = \'0000-00-00\', 0, p.ts_confirmed) AS date, p.comment, p.amount FROM payment_transactions AS p INNER JOIN accounts AS a ON (a.uid = p.uid) LEFT JOIN account_profiles AS ap ON (ap.uid = p.uid AND FIND_IN_SET(\'owner\', ap.perms)) @@ -450,11 +488,11 @@ class PaymentModule extends PLModule $trans[$pid] = User::getBulkUsersWithUIDs($res->fetchAllAssoc(), 'uid', 'user'); $sum = 0; foreach ($trans[$pid] as $i => $t) { - $sum += strtr(substr($t['amount'], 0, strpos($t['amount'], 'EUR')), ',', '.'); - $trans[$pid][$i]['amount'] = str_replace('EUR', '€', $t['amount']); + $sum += $t['amount']; + $trans[$pid][$i]['amount'] = $t['amount']; } $trans[$pid][] = array('limit' => true, - 'amount' => strtr($sum, '.', ',') . ' €'); + 'amount' => $sum); } $res = XDB::iterRow("SELECT e.eid, e.short_name, e.intitule, ep.nb, ei.montant, ep.paid FROM group_events AS e @@ -475,15 +513,10 @@ class PaymentModule extends PLModule $event[$pid]['paid'] = $paid; } } - $res = XDB::query('SELECT amount + $res = XDB::query('SELECT SUM(amount) AS sum_amount FROM payment_transactions - WHERE id = {?} AND uid = {?}', $pid, S::v('uid')); - $montants = $res->fetchColumn(); - - foreach ($montants as $m) { - $p = strtr(substr($m, 0, strpos($m, 'EUR')), ',', '.'); - $event[$pid]['paid'] += trim($p); - } + WHERE ref = {?} AND uid = {?}', $pid, S::v('uid')); + $event[$pid]['paid'] = $res->fetchOneCell(); } $page->register_modifier('decode_comment', 'decode_comment'); $page->assign('trans', $trans); @@ -499,10 +532,10 @@ class PaymentModule extends PLModule $pid = substr($pid, 0, strlen($pid) - 4); } - $res = XDB::fetchAllAssoc('SELECT uid, IF(timestamp = \'0000-00-00\', 0, timestamp) AS date, comment, amount + $res = XDB::fetchAllAssoc('SELECT uid, IF(ts_confirmed = \'0000-00-00\', 0, ts_confirmed) AS date, comment, amount FROM payment_transactions WHERE ref = {?} - ORDER BY timestamp', + ORDER BY ts_confirmed', $pid); if (is_null($res)) { pl_redirect('payment'); @@ -516,12 +549,12 @@ class PaymentModule extends PLModule fputcsv($csv, array('Date', 'Nom', 'Prénom', 'Sexe', 'Promotion', 'Email', 'Commentaire', 'Montant'), ';'); foreach ($users as $item) { $user = $item['user']; - $sum += strtr(substr($item['amount'], 0, strpos($item['amount'], 'EUR')), ',', '.'); + $sum += $item['amount']; fputcsv($csv, array(format_datetime($item['date'], '%d/%m/%y'), $user->lastName(), $user->firstName(), ($user->isFemale()) ? 'F' : 'M', $user->promo(), $user->ForlifeEmail(), - $item['comment'], str_replace('EUR', '€', $item['amount'])), ';'); + $item['comment'], strtr($item['amount'],'.',',').' €' ), ';'); } - fputcsv($csv, array(date('d/m/y'), 'Total', '', '', '' , '', '', strtr($sum, '.', ',') . ' €'), ';'); + fputcsv($csv, array(date('d/m/y'), 'Total', '', '', '' , '', '', strtr($sum,'.',',').' €'), ';'); fclose($csv); exit; @@ -536,12 +569,12 @@ class PaymentModule extends PLModule $table_editor->add_sort_field('id', true, true); $table_editor->on_delete("UPDATE payments SET flags = 'old' WHERE id = {?}", "Le paiement a été archivé"); $table_editor->describe('text', 'intitulé', true); - $table_editor->describe('url', 'site web', false); - $table_editor->describe('amount_def', 'montant par défaut', false); - $table_editor->describe('amount_min', 'montant minimum', false); - $table_editor->describe('amount_max', 'montant maximum', false); + $table_editor->describe('url', 'site web', false, true); + $table_editor->describe('amount_def', 'montant par défaut', false, true); + $table_editor->describe('amount_min', 'montant minimum', false, true); + $table_editor->describe('amount_max', 'montant maximum', false, true); $table_editor->describe('mail', 'email contact', true); - $table_editor->describe('confirmation', 'message confirmation', false); + $table_editor->describe('confirmation', 'message confirmation', false, true); // adds a column with the start date of the linked event if there is one $table_editor->add_option_table('group_events', 'group_events.paiement_id = t.id'); @@ -570,7 +603,7 @@ class PaymentModule extends PLModule $page->assign('title', "Liste des RIBs"); $table_editor = new PLTableEditor('admin/payments/bankaccounts', 'payment_bankaccounts', 'id'); - $table_editor->describe('asso_id', 'ID du groupe', false); + $table_editor->describe('asso_id', 'ID du groupe', false, false); $table_editor->describe('owner', 'titulaire', true); $table_editor->add_option_table('groups', 'groups.id = t.asso_id'); $table_editor->add_option_field('groups.diminutif', 'group_name', 'groupe', 'varchar','account'); @@ -906,7 +939,11 @@ class PaymentLogsImporter extends CSVImporter { $this->result = array(); foreach ($this->data as $line) { $a = $this->makeAssoc($line, $insert_relation); + // convert date $a['date'] = preg_replace('/([0-9]{2})\/([0-9]{2})\/([0-9]{4}).*/', '\3-\2-\1', $a['date']); + $a['date'] = preg_replace('/T.*/','', $a['date']); + + // convert money $a['amount'] = str_replace(',', '.', $a['amount']); $a['commission'] = str_replace(',', '.', $a['commission']); $this->result[] = $a;