Bug correction in global paybacks + no more unset vars when token errors appear

This commit is contained in:
Phyks 2013-09-26 18:34:29 +02:00
parent dfdfa1f496
commit afb7c0ef85
8 changed files with 38 additions and 14 deletions

2
TODO
View File

@ -1,7 +1,5 @@
Issues :
========
* Regenerate token
* Global paybacks
* Test fr
* Paybacks and user deletion
* Minify CSS / JS

View File

@ -259,19 +259,24 @@
$user_id = $current_user->getId();
}
if(check_token(600, 'password')) {
if(check_token(600, 'password') || check_token(600, 'edit_users')) {
$user = new User();
$user = $user->load(array('id'=>$user_id), true);
$user->newJsonToken();
$user->save();
$_SESSION['current_user'] = $user->sessionStore();
header('location: index.php?do=password&'.$get_redir);
if(!empty($_GET['user_id']))
header('location: index.php?do=edit_users&user_id='.$user_id);
else
header('location: index.php?do=password&'.$get_redir);
exit();
}
else {
$tpl->assign('error', $errors['token_error'][LANG]);
$tpl->assign('block_error', true);
$tpl->draw('index');
exit();
}
break;
@ -330,7 +335,9 @@
}
else {
$tpl->assign('error', $errors['token_error'][LANG]);
$tpl->assign('block_error', 'true');
$tpl->draw('index');
exit();
}
}
break;
@ -544,12 +551,16 @@
}
else {
$tpl->assign('error', $errors['unauthorized'][LANG]);
$tpl->assign('block_error', true);
$tpl->draw('index');
exit();
}
}
else {
$tpl->assign('error', $errors['token_error'][LANG]);
$tpl->assign('block_error', true);
$tpl->draw('index');
exit();
}
}
else {
@ -598,13 +609,17 @@
}
else {
$tpl->assign('error', $errors['token_error'][LANG]);
$tpl->assign('block_error', true);
$tpl->draw('index');
exit();
}
}
else {
$tpl->assign('error', $errors['unauthorized'][LANG]);
$tpl->assign('block_error', true);
$tpl->draw('index');
exit();
}
}
else {
@ -635,7 +650,9 @@
}
else {
$tpl->assign('error', $errors['token_error'][LANG]);
$tpl->assign('block_error', true);
$tpl->draw('index');
exit();
}
}
@ -705,7 +722,9 @@
}
else {
$tpl->assign('error', $errors['token_error'][LANG]);
$tpl->assign('block_error', true);
$tpl->draw('index');
exit();
}
}
@ -747,7 +766,7 @@
$tpl->assign('list', true);
$tpl->assign('global_paybacks', $global_paybacks);
$tpl->assign('payback', generate_token('global_payback'));
$tpl->assign('token', generate_token('global_payback'));
$tpl->draw('see_paybacks');
break;
@ -789,7 +808,9 @@
}
else {
$tpl->assign('error', $errors['token_error'][LANG]);
$tpl->assign('block_error', true);
$tpl->draw('index');
exit();
}
}
else {
@ -815,7 +836,7 @@
$tpl->assign('global_paybacks', $global_paybacks);
}
else {
if(!empty($_POST['users_in'])) {
if(!empty($_POST['users_in']) && count($_POST['users_in']) > 1) {
if(check_token(600, 'global_payback')) {
$global_payback = new GlobalPayback();
@ -918,7 +939,9 @@
}
else {
$tpl->assign('error', $errors['token_error'][LANG]);
$tpl->assign('block_error', true);
$tpl->draw('index');
exit();
}
}
@ -927,7 +950,7 @@
$tpl->assign('users', $users_list);
}
$tpl->assign('payback', generate_token('global_payback'));
$tpl->assign('token', generate_token('global_payback'));
$tpl->draw('manage_paybacks');
break;

View File

@ -52,7 +52,7 @@
{if condition="$user_id != -1"}
<h2>Personal token for this user</h2>
<p>The personal token for this user to be used with the API is : {$user_data->getJsonToken()}.<br/>If you think it might be compromised, you can <a href="index.php?do=new_token&user_id={$user_data->getId()}&token={$token}">generate a new one</a>.</p>
<p>The personal token for this user to be used with the API is : {$user_data->getJsonToken()}.<br/>If you think it might be compromised, you can <a href="index.php?do=new_token&user_id={$user_data->getId()}&amp;token={$token}">generate a new one</a>.</p>
{/if}
{elseif condition="$view == 'password'"}
@ -64,6 +64,6 @@
</form>
<h2>Your personal token to use the API</h2>
<p>Your personal token to use the API is : {$json_token}.<br/>If you think it might be compromised, you can <a href="index.php?do=new_token">generate a new one</a>.</p>
<p>Your personal token to use the API is : {$json_token}.<br/>If you think it might be compromised, you can <a href="index.php?do=new_token&amp;token={$token}">generate a new one</a>.</p>
{/if}
{include="footer"}

View File

@ -31,4 +31,5 @@
{/if}
</div>
{/if}
{if condition="!empty($error)"}<p class="error">{$error}</p>{/if}
{if condition="!empty($error)"}<p class="error">{$error}</p>
{if condition="!empty($block_error) && $block_error"}<p class="center"><a href="{$base_url}" onclick="window.history.back(); return false;">Go back to previous page</a></p></body></html>{function="exit();"}{/if}{/if}

View File

@ -7,7 +7,7 @@
{loop="$global_paybacks"}
<dt>{$value->getDate()}</dt>
<dd>
{if condition="$value->getClosed() !== false"}
{if condition="$value->getClosed() === false"}
<a href="?do=see_paybacks&id={$value->getId()}">Payback n°{$value->getId()}</a>
{else}
[Closed] Payback n°{$value->getId()}

View File

@ -52,7 +52,7 @@
{if condition="$user_id != -1"}
<h2>Jeton d'identification pour l'utilisateur</h2>
<p>Le jeton personnel d'identification à utiliser pour la connection à l'API est : {$user_data->getJsonToken()}.<br/>Si vous pensez qu'il a pu être compromis, vous pouvez <a href="index.php?do=new_token&user_id={$user_data->getId()}">en générer un nouveau</a>.</p>
<p>Le jeton personnel d'identification à utiliser pour la connection à l'API est : {$user_data->getJsonToken()}.<br/>Si vous pensez qu'il a pu être compromis, vous pouvez <a href="index.php?do=new_token&user_id={$user_data->getId()}&amp;token={$token}">en générer un nouveau</a>.</p>
{/if}
{elseif condition="$view == 'password'"}

View File

@ -31,4 +31,6 @@
{/if}
</div>
{/if}
{if condition="!empty($error)"}<p class="error">{$error}</p>{/if}
{if condition="!empty($error)"}<p class="error">{$error}</p>
{if condition="!empty($block_error) && $block_error"}<p class="center"><a href="{$base_url}" onclick="window.history.back(); return false;">Go back to previous page</a></p></body></html>{function="exit();"}{/if}{/if}

View File

@ -7,7 +7,7 @@
{loop="$global_paybacks"}
<dt>{$value->getDate()}</dt>
<dd>
{if condition="$value->getClosed() !== false"}
{if condition="$value->getClosed() === false"}
<a href="?do=see_paybacks&id={$value->getId()}">Remboursement n°{$value->getId()}</a>
{else}
[Terminé] Remboursement n°{$value->getId()}