Bug correction in global paybacks + no more unset vars when token errors appear

2013-09-26 18:34:29 +02:00 · 2013-09-26 18:34:29 +02:00 · afb7c0ef85
parent dfdfa1f496
commit afb7c0ef85
8 changed files with 38 additions and 14 deletions
--- a/2
+++ b/2
@ -1,7 +1,5 @@
 Issues :
 ========
 * Regenerate token
 * Global paybacks
 * Test fr
 * Paybacks and user deletion
 * Minify CSS / JS
--- a/index.php
+++ b/index.php
@ -259,19 +259,24 @@
                $user_id = $current_user->getId();
            }
-            if(check_token(600, 'password')) {  
+            if(check_token(600, 'password') || check_token(600, 'edit_users')) {  
                $user = new User();
                $user = $user->load(array('id'=>$user_id), true);
                $user->newJsonToken();
                $user->save();
                $_SESSION['current_user'] = $user->sessionStore();
-                header('location: index.php?do=password&'.$get_redir);
+                if(!empty($_GET['user_id']))
                    header('location: index.php?do=edit_users&user_id='.$user_id);
                else
                    header('location: index.php?do=password&'.$get_redir);
                exit();
            }
            else {
                $tpl->assign('error', $errors['token_error'][LANG]);
                $tpl->assign('block_error', true);
                $tpl->draw('index');
                exit();
            }
            break;
@ -330,7 +335,9 @@
                }
                else {
                    $tpl->assign('error', $errors['token_error'][LANG]);
                    $tpl->assign('block_error', 'true');
                    $tpl->draw('index');
                    exit();
                }
            }
            break;
@ -544,12 +551,16 @@
                    }
                    else {
                        $tpl->assign('error', $errors['unauthorized'][LANG]);
                        $tpl->assign('block_error', true);
                        $tpl->draw('index');
                        exit();
                    }
                }
                else {
                    $tpl->assign('error', $errors['token_error'][LANG]);
                    $tpl->assign('block_error', true);
                    $tpl->draw('index');
                    exit();
                }
            }
            else {
@ -598,13 +609,17 @@
                    }
                    else {
                        $tpl->assign('error', $errors['token_error'][LANG]);
                        $tpl->assign('block_error', true);
                        $tpl->draw('index');
                        exit();
                    }
                }
                else {
                    $tpl->assign('error', $errors['unauthorized'][LANG]);
                    $tpl->assign('block_error', true);
                    $tpl->draw('index');
                    exit();
                }
            }
            else {
@ -635,7 +650,9 @@
                    }
                    else {
                        $tpl->assign('error', $errors['token_error'][LANG]);
                        $tpl->assign('block_error', true);
                        $tpl->draw('index');
                        exit();
                    }
                }
@ -705,7 +722,9 @@
                    }
                    else {
                        $tpl->assign('error', $errors['token_error'][LANG]);
                        $tpl->assign('block_error', true);
                        $tpl->draw('index');
                        exit();
                    }
                }
@ -747,7 +766,7 @@
            $tpl->assign('list', true);
            $tpl->assign('global_paybacks', $global_paybacks);
-            $tpl->assign('payback', generate_token('global_payback'));
+            $tpl->assign('token', generate_token('global_payback'));
            $tpl->draw('see_paybacks');
            break;
@ -789,7 +808,9 @@
                }
                else {
                    $tpl->assign('error', $errors['token_error'][LANG]);
                    $tpl->assign('block_error', true);
                    $tpl->draw('index');
                    exit();
                }
            }
            else {
@ -815,7 +836,7 @@
                $tpl->assign('global_paybacks', $global_paybacks);
            }
            else {
-                if(!empty($_POST['users_in'])) {
+                if(!empty($_POST['users_in']) && count($_POST['users_in']) > 1) {
                    if(check_token(600, 'global_payback')) {
                        $global_payback = new GlobalPayback();
@ -918,7 +939,9 @@
                    }
                    else {
                        $tpl->assign('error', $errors['token_error'][LANG]);
                        $tpl->assign('block_error', true);
                        $tpl->draw('index');
                        exit();
                    }
                }
@ -927,7 +950,7 @@
                $tpl->assign('users', $users_list);
            }
-            $tpl->assign('payback', generate_token('global_payback'));
+            $tpl->assign('token', generate_token('global_payback'));
            $tpl->draw('manage_paybacks');
            break;
--- a/tpl/default_en/edit_users.html
+++ b/tpl/default_en/edit_users.html
@ -52,7 +52,7 @@
 {if condition="$user_id != -1"}
    <h2>Personal token for this user</h2>
-    <p>The personal token for this user to be used with the API is : {$user_data->getJsonToken()}.<br/>If you think it might be compromised, you can <a href="index.php?do=new_token&user_id={$user_data->getId()}&token={$token}">generate a new one</a>.</p>
+    <p>The personal token for this user to be used with the API is : {$user_data->getJsonToken()}.<br/>If you think it might be compromised, you can <a href="index.php?do=new_token&user_id={$user_data->getId()}&amp;token={$token}">generate a new one</a>.</p>
 {/if}
 {elseif condition="$view == 'password'"}
@ -64,6 +64,6 @@
 </form>
 <h2>Your personal token to use the API</h2>
-<p>Your personal token to use the API is : {$json_token}.<br/>If you think it might be compromised, you can <a href="index.php?do=new_token">generate a new one</a>.</p>
+<p>Your personal token to use the API is : {$json_token}.<br/>If you think it might be compromised, you can <a href="index.php?do=new_token&amp;token={$token}">generate a new one</a>.</p>
 {/if}
 {include="footer"}
--- a/tpl/default_en/header.html
+++ b/tpl/default_en/header.html
@ -31,4 +31,5 @@
    {/if}
 </div>
 {/if}
-{if condition="!empty($error)"}<p class="error">{$error}</p>{/if}
+{if condition="!empty($error)"}<p class="error">{$error}</p>
 {if condition="!empty($block_error) && $block_error"}<p class="center"><a href="{$base_url}" onclick="window.history.back(); return false;">Go back to previous page</a></p></body></html>{function="exit();"}{/if}{/if}
--- a/tpl/default_en/see_paybacks.html
+++ b/tpl/default_en/see_paybacks.html
@ -7,7 +7,7 @@
                {loop="$global_paybacks"}
                <dt>{$value->getDate()}</dt>
                <dd>
-                    {if condition="$value->getClosed() !== false"}
+                    {if condition="$value->getClosed() === false"}
                         <a href="?do=see_paybacks&id={$value->getId()}">Payback n°{$value->getId()}</a>
                    {else}
                        [Closed] Payback n°{$value->getId()}
--- a/tpl/default_fr/edit_users.html
+++ b/tpl/default_fr/edit_users.html
@ -52,7 +52,7 @@
 {if condition="$user_id != -1"}
    <h2>Jeton d'identification pour l'utilisateur</h2>
-    <p>Le jeton personnel d'identification à utiliser pour la connection à l'API est : {$user_data->getJsonToken()}.<br/>Si vous pensez qu'il a pu être compromis, vous pouvez <a href="index.php?do=new_token&user_id={$user_data->getId()}">en générer un nouveau</a>.</p>
+    <p>Le jeton personnel d'identification à utiliser pour la connection à l'API est : {$user_data->getJsonToken()}.<br/>Si vous pensez qu'il a pu être compromis, vous pouvez <a href="index.php?do=new_token&user_id={$user_data->getId()}&amp;token={$token}">en générer un nouveau</a>.</p>
 {/if}
 {elseif condition="$view == 'password'"}
--- a/tpl/default_fr/header.html
+++ b/tpl/default_fr/header.html
@ -31,4 +31,6 @@
    {/if}
 </div>
 {/if}
-{if condition="!empty($error)"}<p class="error">{$error}</p>{/if}
+{if condition="!empty($error)"}<p class="error">{$error}</p>
 {if condition="!empty($block_error) && $block_error"}<p class="center"><a href="{$base_url}" onclick="window.history.back(); return false;">Go back to previous page</a></p></body></html>{function="exit();"}{/if}{/if}
--- a/tpl/default_fr/see_paybacks.html
+++ b/tpl/default_fr/see_paybacks.html
@ -7,7 +7,7 @@
                {loop="$global_paybacks"}
                <dt>{$value->getDate()}</dt>
                <dd>
-                    {if condition="$value->getClosed() !== false"}
+                    {if condition="$value->getClosed() === false"}
                        <a href="?do=see_paybacks&id={$value->getId()}">Remboursement n°{$value->getId()}</a>
                    {else}
                        [Terminé] Remboursement n°{$value->getId()}