X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fpayment.php;h=f54ce5b7f0613ebcc219f65d64db8b5dc7babc59;hb=4f970ab081dfb75e7595d98c61e1660f76edab65;hp=6cd2b14397f90daad9ed4b86dc9b396502f69b36;hpb=787bb3d745141f2f85bd947ad7dd775d2c63f908;p=platal.git diff --git a/modules/payment.php b/modules/payment.php index 6cd2b14..f54ce5b 100644 --- a/modules/payment.php +++ b/modules/payment.php @@ -1,6 +1,6 @@ addTo($globals->money->email); $mymail->setFrom("webmaster@" . $globals->mail->domain); @@ -33,7 +34,7 @@ function cb_erreur($text) { /* sort en affichant une erreur */ function paypal_erreur($text, $send=true) { - global $page, $erreur; + global $erreur, $globals; if ($erreur) return; $erreur = $text; if (!$send) return; @@ -45,7 +46,7 @@ function paypal_erreur($text, $send=true) $mymail->setTxtBody("\n\n".var_export($_REQUEST,true)); $mymail->send(); - $page->trig($text); + Platal::page()->trigError($text); } /* http://fr.wikipedia.org/wiki/Formule_de_Luhn */ @@ -71,20 +72,30 @@ function cle_accept($d1,$d2,$d3,$d4,$d5) return $alpha{$n-1}.$m1.$m2.$m3.$m4; } +/* decode the comment */ +function comment_decode($comment) { + $comment = urldecode($comment); + if (is_utf8($comment)) { + return $comment; + } else { + return utf8_encode($comment); + } +} + class PaymentModule extends PLModule { function handlers() { return array( - 'payment' => $this->make_hook('payment', AUTH_MDP), - 'payment/cyber_return' => $this->make_hook('cyber_return', AUTH_PUBLIC), - 'payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC), - '%grp/paiement' => $this->make_hook('xnet_payment', AUTH_MDP, 'groupmember'), - '%grp/payment' => $this->make_hook('xnet_payment', AUTH_MDP, 'groupmember'), - '%grp/payment/cyber_return' => $this->make_hook('cyber_return', AUTH_PUBLIC), - '%grp/payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC), - 'admin/payments' => $this->make_hook('admin', AUTH_MDP, 'admin'), + 'payment' => $this->make_hook('payment', AUTH_MDP), + 'payment/cyber_return' => $this->make_hook('cyber_return', AUTH_PUBLIC, 'user', NO_HTTPS), + 'payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS), + '%grp/paiement' => $this->make_hook('xnet_payment', AUTH_MDP), + '%grp/payment' => $this->make_hook('xnet_payment', AUTH_MDP), + '%grp/payment/cyber_return' => $this->make_hook('cyber_return', AUTH_PUBLIC, 'user', NO_HTTPS), + '%grp/payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS), + 'admin/payments' => $this->make_hook('admin', AUTH_MDP, 'admin'), ); } @@ -94,7 +105,7 @@ class PaymentModule extends PLModule global $globals; require_once 'profil.func.inc.php' ; - require_once dirname(__FILE__).'/payment/money.inc.php' ; + $this->load('money.inc.php'); if (!empty($GLOBALS['IS_XNET_SITE'])) { if (!$globals->asso('id')) { @@ -109,7 +120,7 @@ class PaymentModule extends PLModule } } $page->changeTpl('payment/index.tpl'); - $page->assign('xorg_title','Polytechnique.org - Télépaiements'); + $page->setTitle('Télépaiements'); // initialisation $op = Env::v('op', 'select'); @@ -117,13 +128,13 @@ class PaymentModule extends PLModule $pay = new Payment($ref); if($pay->flags->hasflag('old')){ - $page->trig("La transaction selectionnée est périmée."); + $page->trigError("La transaction selectionnée est périmée."); $pay = new Payment(); } $val = Env::v('montant') != 0 ? Env::v('montant') : $pay->montant_def; if (($e = $pay->check($val)) !== true) { - $page->trig($e); + $page->trigError($e); } if ($op=='submit') { @@ -197,7 +208,7 @@ class PaymentModule extends PLModule $res = XDB::query("SELECT rcb.text,c.id,c.text FROM paiement.codeRCB AS rcb LEFT JOIN paiement.codeC AS c ON rcb.codeC=c.id - WHERE rcb.id='$champ906'"); + WHERE rcb.id={?}", $champ906); if (list($rcb_text, $c_id, $c_text) = $res->fetchOneRow()) { cb_erreur("erreur lors du paiement : $c_text ($c_id)"); } else{ @@ -218,6 +229,7 @@ class PaymentModule extends PLModule $conf_text = str_replace("",$femme ? "Chère" : "Cher",$conf_text); $conf_text = str_replace("",$femme ? "Chère" : "Cher",$conf_text); + global $globals; $mymail = new PlMailer(); $mymail->setFrom($conf_mail); $mymail->addTo("\"$prenom $nom\" <$forlife@" . $globals->mail->domain . '>'); @@ -307,6 +319,7 @@ class PaymentModule extends PLModule $conf_text = str_replace("",$femme ? "Chère" : "Cher",$conf_text); $conf_text = str_replace("",$femme ? "Chère" : "Cher",$conf_text); + global $globals; $mymail = new PlMailer(); $mymail->setFrom($conf_mail); $mymail->addTo("\"$prenom $nom\" <$forlife@" . $globals->mail->domain . '>'); @@ -338,6 +351,21 @@ class PaymentModule extends PLModule { global $globals; + $perms = S::v('perms'); + if (!$perms->hasFlag('groupmember')) { + if (is_null($pid)) { + return PL_FORBIDDEN; + } + $res = XDB::query("SELECT 1 + FROM groupex.evenements AS e + INNER JOIN groupex.evenements_participants AS ep ON (ep.eid = e.eid AND uid = {?}) + WHERE e.paiement_id = {?} AND e.asso_id = {?}", + S::i('uid'), $pid, $globals->asso('id')); + if ($res->numRows() == 0) { + return PL_FORBIDDEN; + } + } + if (!is_null($pid)) { return $this->handler_payment($page, $pid); } @@ -433,12 +461,13 @@ class PaymentModule extends PLModule $event[$pid]['paid'] += trim($p); } } + $page->register_modifier('decode_comment', 'decode_comment'); $page->assign('trans', $trans); $page->assign('event', $event); } function handler_admin(&$page, $action = 'list', $id = null) { - $page->assign('xorg_title','Polytechnique.org - Administration - Paiements'); + $page->setTitle('Administration - Paiements'); $page->assign('title', 'Gestion des télépaiements'); $table_editor = new PLTableEditor('admin/payments','paiement.paiements','id'); $table_editor->add_join_table('paiement.transactions','ref',true);