Bug correction in global paybacks + no more unset vars when token errors appear

This commit is contained in:
Phyks 2013-09-26 18:34:29 +02:00
parent dfdfa1f496
commit afb7c0ef85
8 changed files with 38 additions and 14 deletions

2
TODO
View File

@ -1,7 +1,5 @@
Issues : Issues :
======== ========
* Regenerate token
* Global paybacks
* Test fr * Test fr
* Paybacks and user deletion * Paybacks and user deletion
* Minify CSS / JS * Minify CSS / JS

View File

@ -259,19 +259,24 @@
$user_id = $current_user->getId(); $user_id = $current_user->getId();
} }
if(check_token(600, 'password')) { if(check_token(600, 'password') || check_token(600, 'edit_users')) {
$user = new User(); $user = new User();
$user = $user->load(array('id'=>$user_id), true); $user = $user->load(array('id'=>$user_id), true);
$user->newJsonToken(); $user->newJsonToken();
$user->save(); $user->save();
$_SESSION['current_user'] = $user->sessionStore(); $_SESSION['current_user'] = $user->sessionStore();
if(!empty($_GET['user_id']))
header('location: index.php?do=edit_users&user_id='.$user_id);
else
header('location: index.php?do=password&'.$get_redir); header('location: index.php?do=password&'.$get_redir);
exit(); exit();
} }
else { else {
$tpl->assign('error', $errors['token_error'][LANG]); $tpl->assign('error', $errors['token_error'][LANG]);
$tpl->assign('block_error', true);
$tpl->draw('index'); $tpl->draw('index');
exit();
} }
break; break;
@ -330,7 +335,9 @@
} }
else { else {
$tpl->assign('error', $errors['token_error'][LANG]); $tpl->assign('error', $errors['token_error'][LANG]);
$tpl->assign('block_error', 'true');
$tpl->draw('index'); $tpl->draw('index');
exit();
} }
} }
break; break;
@ -544,12 +551,16 @@
} }
else { else {
$tpl->assign('error', $errors['unauthorized'][LANG]); $tpl->assign('error', $errors['unauthorized'][LANG]);
$tpl->assign('block_error', true);
$tpl->draw('index'); $tpl->draw('index');
exit();
} }
} }
else { else {
$tpl->assign('error', $errors['token_error'][LANG]); $tpl->assign('error', $errors['token_error'][LANG]);
$tpl->assign('block_error', true);
$tpl->draw('index'); $tpl->draw('index');
exit();
} }
} }
else { else {
@ -598,13 +609,17 @@
} }
else { else {
$tpl->assign('error', $errors['token_error'][LANG]); $tpl->assign('error', $errors['token_error'][LANG]);
$tpl->assign('block_error', true);
$tpl->draw('index'); $tpl->draw('index');
exit();
} }
} }
else { else {
$tpl->assign('error', $errors['unauthorized'][LANG]); $tpl->assign('error', $errors['unauthorized'][LANG]);
$tpl->assign('block_error', true);
$tpl->draw('index'); $tpl->draw('index');
exit();
} }
} }
else { else {
@ -635,7 +650,9 @@
} }
else { else {
$tpl->assign('error', $errors['token_error'][LANG]); $tpl->assign('error', $errors['token_error'][LANG]);
$tpl->assign('block_error', true);
$tpl->draw('index'); $tpl->draw('index');
exit();
} }
} }
@ -705,7 +722,9 @@
} }
else { else {
$tpl->assign('error', $errors['token_error'][LANG]); $tpl->assign('error', $errors['token_error'][LANG]);
$tpl->assign('block_error', true);
$tpl->draw('index'); $tpl->draw('index');
exit();
} }
} }
@ -747,7 +766,7 @@
$tpl->assign('list', true); $tpl->assign('list', true);
$tpl->assign('global_paybacks', $global_paybacks); $tpl->assign('global_paybacks', $global_paybacks);
$tpl->assign('payback', generate_token('global_payback')); $tpl->assign('token', generate_token('global_payback'));
$tpl->draw('see_paybacks'); $tpl->draw('see_paybacks');
break; break;
@ -789,7 +808,9 @@
} }
else { else {
$tpl->assign('error', $errors['token_error'][LANG]); $tpl->assign('error', $errors['token_error'][LANG]);
$tpl->assign('block_error', true);
$tpl->draw('index'); $tpl->draw('index');
exit();
} }
} }
else { else {
@ -815,7 +836,7 @@
$tpl->assign('global_paybacks', $global_paybacks); $tpl->assign('global_paybacks', $global_paybacks);
} }
else { else {
if(!empty($_POST['users_in'])) { if(!empty($_POST['users_in']) && count($_POST['users_in']) > 1) {
if(check_token(600, 'global_payback')) { if(check_token(600, 'global_payback')) {
$global_payback = new GlobalPayback(); $global_payback = new GlobalPayback();
@ -918,7 +939,9 @@
} }
else { else {
$tpl->assign('error', $errors['token_error'][LANG]); $tpl->assign('error', $errors['token_error'][LANG]);
$tpl->assign('block_error', true);
$tpl->draw('index'); $tpl->draw('index');
exit();
} }
} }
@ -927,7 +950,7 @@
$tpl->assign('users', $users_list); $tpl->assign('users', $users_list);
} }
$tpl->assign('payback', generate_token('global_payback')); $tpl->assign('token', generate_token('global_payback'));
$tpl->draw('manage_paybacks'); $tpl->draw('manage_paybacks');
break; break;

View File

@ -52,7 +52,7 @@
{if condition="$user_id != -1"} {if condition="$user_id != -1"}
<h2>Personal token for this user</h2> <h2>Personal token for this user</h2>
<p>The personal token for this user to be used with the API is : {$user_data->getJsonToken()}.<br/>If you think it might be compromised, you can <a href="index.php?do=new_token&user_id={$user_data->getId()}&token={$token}">generate a new one</a>.</p> <p>The personal token for this user to be used with the API is : {$user_data->getJsonToken()}.<br/>If you think it might be compromised, you can <a href="index.php?do=new_token&user_id={$user_data->getId()}&amp;token={$token}">generate a new one</a>.</p>
{/if} {/if}
{elseif condition="$view == 'password'"} {elseif condition="$view == 'password'"}
@ -64,6 +64,6 @@
</form> </form>
<h2>Your personal token to use the API</h2> <h2>Your personal token to use the API</h2>
<p>Your personal token to use the API is : {$json_token}.<br/>If you think it might be compromised, you can <a href="index.php?do=new_token">generate a new one</a>.</p> <p>Your personal token to use the API is : {$json_token}.<br/>If you think it might be compromised, you can <a href="index.php?do=new_token&amp;token={$token}">generate a new one</a>.</p>
{/if} {/if}
{include="footer"} {include="footer"}

View File

@ -31,4 +31,5 @@
{/if} {/if}
</div> </div>
{/if} {/if}
{if condition="!empty($error)"}<p class="error">{$error}</p>{/if} {if condition="!empty($error)"}<p class="error">{$error}</p>
{if condition="!empty($block_error) && $block_error"}<p class="center"><a href="{$base_url}" onclick="window.history.back(); return false;">Go back to previous page</a></p></body></html>{function="exit();"}{/if}{/if}

View File

@ -7,7 +7,7 @@
{loop="$global_paybacks"} {loop="$global_paybacks"}
<dt>{$value->getDate()}</dt> <dt>{$value->getDate()}</dt>
<dd> <dd>
{if condition="$value->getClosed() !== false"} {if condition="$value->getClosed() === false"}
<a href="?do=see_paybacks&id={$value->getId()}">Payback n°{$value->getId()}</a> <a href="?do=see_paybacks&id={$value->getId()}">Payback n°{$value->getId()}</a>
{else} {else}
[Closed] Payback n°{$value->getId()} [Closed] Payback n°{$value->getId()}

View File

@ -52,7 +52,7 @@
{if condition="$user_id != -1"} {if condition="$user_id != -1"}
<h2>Jeton d'identification pour l'utilisateur</h2> <h2>Jeton d'identification pour l'utilisateur</h2>
<p>Le jeton personnel d'identification à utiliser pour la connection à l'API est : {$user_data->getJsonToken()}.<br/>Si vous pensez qu'il a pu être compromis, vous pouvez <a href="index.php?do=new_token&user_id={$user_data->getId()}">en générer un nouveau</a>.</p> <p>Le jeton personnel d'identification à utiliser pour la connection à l'API est : {$user_data->getJsonToken()}.<br/>Si vous pensez qu'il a pu être compromis, vous pouvez <a href="index.php?do=new_token&user_id={$user_data->getId()}&amp;token={$token}">en générer un nouveau</a>.</p>
{/if} {/if}
{elseif condition="$view == 'password'"} {elseif condition="$view == 'password'"}

View File

@ -31,4 +31,6 @@
{/if} {/if}
</div> </div>
{/if} {/if}
{if condition="!empty($error)"}<p class="error">{$error}</p>{/if} {if condition="!empty($error)"}<p class="error">{$error}</p>
{if condition="!empty($block_error) && $block_error"}<p class="center"><a href="{$base_url}" onclick="window.history.back(); return false;">Go back to previous page</a></p></body></html>{function="exit();"}{/if}{/if}

View File

@ -7,7 +7,7 @@
{loop="$global_paybacks"} {loop="$global_paybacks"}
<dt>{$value->getDate()}</dt> <dt>{$value->getDate()}</dt>
<dd> <dd>
{if condition="$value->getClosed() !== false"} {if condition="$value->getClosed() === false"}
<a href="?do=see_paybacks&id={$value->getId()}">Remboursement n°{$value->getId()}</a> <a href="?do=see_paybacks&id={$value->getId()}">Remboursement n°{$value->getId()}</a>
{else} {else}
[Terminé] Remboursement n°{$value->getId()} [Terminé] Remboursement n°{$value->getId()}