2013-08-07 20:32:44 +02:00
< ? php
2013-09-05 23:46:51 +02:00
// Error translation
$errors = array (
'unknown_username_password' => array ( 'fr' => 'Nom d\'utilisateur ou mot de passe inconnu.' , 'en' => 'Unknown username or password.' ),
'token_error' => array ( 'fr' => 'Erreur de token. Veuillez réessayer.' , 'en' => 'Token error. Please resubmit the form.' ),
'password_mismatch' => array ( 'fr' => 'Les deux mots de passe ne correspondent pas.' , 'en' => 'The content of the two passwords fields doesn\'t match.' ),
'user_already_exists' => array ( 'fr' => 'Un utilisateur avec le même login ou nom d\'affichage existe déjà. Choisissez un login ou un nom d\'affichage différent.' , 'en' => 'A user with the same login or display name already exists. Choose a different login or display name.' ),
'write_error_data' => array ( 'fr' => 'Le script ne peut pas écrire dans le dossier data/, vérifiez les permissions sur ce dossier.' , 'en' => 'The script can\'t write in data/ dir, check permissions set on this folder.' ),
'unable_write_config' => array ( 'fr' => 'Impossible d\'écrire le fichier data/config.php. Vérifiez les permissions.' , 'en' => 'Unable to write data/config.php file. Check permissions.' ),
'negative_amount' => array ( 'fr' => 'Montant négatif non autorisé.' , 'en' => 'Negative amount not allowed.' ),
2013-09-08 18:36:59 +02:00
'template_error' => array ( 'fr' => 'Template non disponible.' , 'en' => 'Template not available.' ),
2013-09-15 16:28:44 +02:00
'unauthorized' => array ( 'fr' => 'Vous n\'avez pas le droit de faire cette action.' , 'en' => 'You are not authorized to do that.' ),
2013-09-27 17:33:04 +02:00
'no_users' => array ( 'fr' => 'Vous devez ajouter au moins un autre utilisateur.' , 'en' => 'You must add at least one more user beside you.' ),
2013-09-29 19:38:39 +02:00
'what_unknown' => array ( 'fr' => 'Vous devez renseigner un objet pour la dépense.' , 'en' => 'You must add something to describe this invoice in "what" field.' ),
2013-09-28 19:31:27 +02:00
'incorrect_amount' => array ( 'fr' => 'Montant incorrect ou nul.' , 'en' => 'Incorrect amount or amount is zero.' ),
'email_invalid' => array ( 'fr' => 'L\'adresse e-mail est invalide.' , 'en' => 'Incorrect e-mail address.' )
2013-09-08 16:12:30 +02:00
);
2013-08-11 22:25:25 +02:00
// Include necessary files
2013-08-24 23:28:56 +02:00
if ( ! file_exists ( 'data/config.php' )) { header ( 'location: install.php' ); exit (); }
2013-08-12 09:52:50 +02:00
require_once ( 'data/config.php' );
2013-08-09 00:44:43 +02:00
require_once ( 'inc/User.class.php' );
2013-08-13 19:37:11 +02:00
require_once ( 'inc/Invoices.class.php' );
2013-09-10 23:07:39 +02:00
require_once ( 'inc/Paybacks.class.php' );
2013-09-23 23:08:01 +02:00
require_once ( 'inc/GlobalPaybacks.class.php' );
2013-08-09 00:44:43 +02:00
require_once ( 'inc/rain.tpl.class.php' );
2013-08-12 09:52:50 +02:00
require_once ( 'inc/functions.php' );
2013-08-25 00:06:14 +02:00
require_once ( 'inc/Ban.inc.php' );
2013-08-24 23:53:52 +02:00
require_once ( 'inc/CSRF.inc.php' );
2013-09-06 20:07:28 +02:00
if ( ! empty ( $_GET [ 'json' ])) {
raintpl :: $tpl_dir = 'tpl/json/' ;
$get_redir = 'json=1' ;
}
else {
raintpl :: $tpl_dir = TEMPLATE_DIR ;
$get_redir = '' ;
}
2013-08-09 00:44:43 +02:00
raintpl :: $cache_dir = 'tmp/' ;
2013-08-11 22:25:25 +02:00
// Define raintpl instance
2013-08-09 00:44:43 +02:00
$tpl = new raintpl ();
2013-08-09 23:47:01 +02:00
$tpl -> assign ( 'instance_title' , htmlspecialchars ( INSTANCE_TITLE ));
2013-08-09 23:35:20 +02:00
$tpl -> assign ( 'connection' , false );
2013-08-12 09:52:50 +02:00
$tpl -> assign ( 'notice' , nl2br ( getNotice ()));
2013-08-09 23:43:56 +02:00
$tpl -> assign ( 'error' , '' );
2013-08-12 09:52:50 +02:00
$tpl -> assign ( 'base_url' , htmlspecialchars ( BASE_URL ));
$tpl -> assign ( 'currency' , htmlspecialchars ( CURRENCY ));
2013-08-24 23:28:56 +02:00
$tpl -> assign ( 'email_webmaster' , htmlspecialchars ( EMAIL_WEBMASTER ));
2013-09-04 23:04:05 +02:00
2013-08-24 23:28:56 +02:00
// Set sessions parameters
ini_set ( 'session.use_cookies' , 1 );
ini_set ( 'session.use_only_cookies' , 1 );
ini_set ( 'session.use_trans_sid' , false );
session_name ( 'bouffeatulm' );
// Regenerate session if needed
$cookie = session_get_cookie_params ();
$cookie_dir = '' ; if ( dirname ( $_SERVER [ 'SCRIPT_NAME' ]) != '/' ) $cookie_dir = dirname ( $_SERVER [ 'SCRIPT_NAME' ]);
session_set_cookie_params ( $cookie [ 'lifetime' ], $cookie_dir , $_SERVER [ 'HTTP_HOST' ]);
session_regenerate_id ( true );
2013-08-09 23:35:20 +02:00
2013-08-11 22:25:25 +02:00
// Handle current user status
2013-08-24 23:28:56 +02:00
if ( session_id () == '' ) session_start ();
2013-08-11 22:25:25 +02:00
$current_user = new User ();
if ( isset ( $_SESSION [ 'current_user' ])) {
$current_user -> sessionRestore ( $_SESSION [ 'current_user' ], true );
}
else {
$current_user = false ;
}
2013-08-26 21:21:52 +02:00
$tpl -> assign ( 'current_user' , secureDisplay ( $current_user ));
2013-08-09 00:44:43 +02:00
2013-09-06 20:07:28 +02:00
if ( ! empty ( $_GET [ 'json_token' ])) {
$current_user = new User ();
if ( $current_user -> load ( array ( 'json_token' => $_GET [ 'json_token' ], true )) === false ) {
header ( 'location: index.php?do=connect' . $get_redir );
exit ();
}
else {
if ( ! empty ( $get_redir ))
$get_redir .= '&' ;
$get_redir .= 'json_token=' . $_GET [ 'json_token' ];
}
2013-08-09 00:44:43 +02:00
}
2013-09-06 20:07:28 +02:00
else {
//If json token not available
// If not connected, redirect to connection page
if ( $current_user === false && ( empty ( $_GET [ 'do' ]) OR $_GET [ 'do' ] != 'connect' )) {
header ( 'location: index.php?do=connect&' . $get_redir );
exit ();
}
// If IP has changed, logout
if ( $current_user !== false && user_ip () != $_SESSION [ 'ip' ]) {
session_destroy ();
header ( 'location: index.php?do=connect&' . $get_redir );
exit ();
}
2013-08-25 22:36:46 +02:00
}
2013-08-24 23:53:52 +02:00
2013-08-11 22:25:25 +02:00
// Initialize empty $_GET['do'] if required to avoid error
2013-08-09 00:44:43 +02:00
if ( empty ( $_GET [ 'do' ])) {
$_GET [ 'do' ] = '' ;
}
2013-08-11 22:25:25 +02:00
// Check what to do
2013-08-09 00:44:43 +02:00
switch ( $_GET [ 'do' ]) {
case 'connect' :
2013-08-11 22:25:25 +02:00
if ( $current_user !== false ) {
2013-09-06 20:07:28 +02:00
header ( 'location: index.php?' . $get_redir );
2013-08-24 23:28:56 +02:00
exit ();
2013-08-11 22:25:25 +02:00
}
2013-08-24 23:53:52 +02:00
if ( ! empty ( $_POST [ 'login' ]) && ! empty ( $_POST [ 'password' ]) && check_token ( 600 , 'connection' )) {
2013-08-12 09:52:50 +02:00
$user = new User ();
$user -> setLogin ( $_POST [ 'login' ]);
2013-08-24 23:28:56 +02:00
if ( ban_canLogin () == false ) {
2013-09-05 23:46:51 +02:00
$error = $errors [ 'unknown_username_password' ][ LANG ];
2013-08-09 00:44:43 +02:00
}
else {
2013-08-29 12:26:28 +02:00
$user = $user -> exists ( $_POST [ 'login' ]);
if ( $user !== false && $user -> checkPassword ( $_POST [ 'password' ])) {
2013-08-24 23:28:56 +02:00
ban_loginOk ();
$_SESSION [ 'current_user' ] = $user -> sessionStore ();
$_SESSION [ 'ip' ] = user_ip ();
if ( ! empty ( $_POST [ 'remember_me' ])) { // Handle remember me cookie
$_SESSION [ 'remember_me' ] = 31536000 ;
}
else {
$_SESSION [ 'remember_me' ] = 0 ;
}
$cookie_dir = '' ; if ( dirname ( $_SERVER [ 'SCRIPT_NAME' ]) != '/' ) $cookie_dir = dirname ( $_SERVER [ 'SCRIPT_NAME' ]);
session_set_cookie_params ( $_SESSION [ 'remember_me' ], $cookie_dir , $_SERVER [ 'HTTP_HOST' ]);
session_regenerate_id ( true );
2013-09-06 20:07:28 +02:00
header ( 'location: index.php?' . $get_redir );
2013-08-24 23:28:56 +02:00
exit ();
}
else {
ban_loginFailed ();
2013-09-05 23:46:51 +02:00
$error = $errors [ 'unknown_username_password' ][ LANG ];
2013-08-24 23:28:56 +02:00
}
2013-08-09 00:44:43 +02:00
}
}
2013-08-25 22:36:46 +02:00
$tpl -> assign ( 'connection' , true );
2013-08-09 23:47:01 +02:00
$tpl -> assign ( 'user_post' , ( ! empty ( $_POST [ 'login' ])) ? htmlspecialchars ( $_POST [ 'login' ]) : '' );
2013-09-27 17:33:04 +02:00
if ( ! empty ( $error ))
$tpl -> assign ( 'error' , $error );
2013-08-24 23:53:52 +02:00
$tpl -> assign ( 'token' , generate_token ( 'connection' ));
$tpl -> draw ( 'connection' );
2013-08-09 00:44:43 +02:00
break ;
case 'disconnect' :
$current_user = false ;
session_destroy ();
2013-09-06 20:07:28 +02:00
header ( 'location: index.php?do=connect&' . $get_redir );
2013-08-09 00:44:43 +02:00
exit ();
2013-08-09 23:35:20 +02:00
break ;
2013-08-09 00:44:43 +02:00
2013-08-09 23:35:20 +02:00
case 'password' :
2013-09-28 19:35:13 +02:00
if ( ! empty ( $_POST [ 'email' ]) && ! empty ( $_POST [ 'notifications' ])) {
2013-09-28 19:31:27 +02:00
if ( check_token ( 600 , 'password' )) {
if ( ! empty ( $_POST [ 'password' ]) && ! empty ( $_POST [ 'password_confirm' ])) {
if ( $_POST [ 'password' ] == $_POST [ 'password_confirm' ]) {
$current_user -> setPassword ( $current_user -> encrypt ( $_POST [ 'password' ]));
}
else {
$error = true ;
$tpl -> assign ( 'error' , $errors [ 'password_mismatch' ][ LANG ]);
}
}
2013-08-09 00:44:43 +02:00
2013-09-28 19:31:27 +02:00
if ( $current_user -> setEmail ( $_POST [ 'email' ]) === false ) {
$error = true ;
$tpl -> assign ( 'error' , $errors [ 'email_invalid' ][ LANG ]);
}
2013-09-28 19:35:13 +02:00
$current_user -> setNotifications ( $_POST [ 'notifications' ]);
2013-09-28 19:31:27 +02:00
$current_user -> save ();
if ( ! empty ( $error )) {
2013-09-06 20:07:28 +02:00
header ( 'location: index.php?' . $get_redir );
2013-08-25 23:06:47 +02:00
exit ();
}
2013-08-09 23:43:56 +02:00
}
else {
2013-09-28 19:31:27 +02:00
$tpl -> assign ( 'error' , $errors [ 'token_error' ][ LANG ]);
2013-08-09 23:43:56 +02:00
}
}
2013-09-28 19:31:27 +02:00
2013-08-10 23:58:40 +02:00
$tpl -> assign ( 'view' , 'password' );
2013-09-06 20:07:28 +02:00
$tpl -> assign ( 'json_token' , htmlspecialchars ( $current_user -> getJsonToken ()));
2013-08-25 23:06:47 +02:00
$tpl -> assign ( 'token' , generate_token ( 'password' ));
2013-08-09 23:35:20 +02:00
$tpl -> draw ( 'edit_users' );
break ;
2013-08-10 23:58:40 +02:00
case 'edit_users' :
case 'add_user' :
2013-08-11 22:25:25 +02:00
if ( ! $current_user -> getAdmin ()) {
2013-09-06 20:07:28 +02:00
header ( 'location: index.php?' . $get_redir );
2013-08-24 23:28:56 +02:00
exit ();
2013-08-10 23:58:40 +02:00
}
2013-08-11 22:25:25 +02:00
2013-10-28 21:04:34 +01:00
if ( ! empty ( $_POST [ 'login' ]) && ! empty ( $_POST [ 'display_name' ]) && ! empty ( $_POST [ 'email' ]) && ( ! empty ( $_POST [ 'password' ]) || ! empty ( $_POST [ 'user_id' ])) && ! empty ( $_POST [ 'notifications' ]) && isset ( $_POST [ 'admin' ])) {
2013-08-25 23:06:47 +02:00
if ( check_token ( 600 , 'edit_users' )) {
2013-08-24 23:53:52 +02:00
$user = new User ();
if ( ! empty ( $_POST [ 'user_id' ])) {
2013-10-28 21:24:01 +01:00
$user = $user -> load ( array ( 'id' => $_POST [ 'user_id' ]), true );
2013-08-24 23:53:52 +02:00
}
2013-09-06 20:07:28 +02:00
else {
$user -> newJsonToken ();
}
2013-08-24 23:53:52 +02:00
$user -> setLogin ( $_POST [ 'login' ]);
$user -> setDisplayName ( $_POST [ 'display_name' ]);
if ( ! empty ( $_POST [ 'password' ])) {
$user -> setPassword ( $user -> encrypt ( $_POST [ 'password' ]));
}
$user -> setAdmin ( $_POST [ 'admin' ]);
2013-08-11 22:25:25 +02:00
2013-09-28 19:31:27 +02:00
if ( $user -> setEmail ( $_POST [ 'email' ]) !== false ) {
if ( ! empty ( $_POST [ 'user_id' ]) || $user -> isUnique ()) {
2013-09-28 19:35:13 +02:00
$user -> setNotifications ( $_POST [ 'notifications' ]);
2013-09-28 19:31:27 +02:00
$user -> save ();
2013-09-02 00:23:37 +02:00
2013-09-28 19:31:27 +02:00
// Clear the cache
( $cached_files = glob ( raintpl :: $cache_dir . " *.rtpl.php " )) or ( $cached_files = array ());
array_map ( " unlink " , $cached_files );
2013-09-02 00:23:37 +02:00
2013-09-28 19:31:27 +02:00
header ( 'location: index.php?do=edit_users&' . $get_redir );
exit ();
}
else {
$tpl -> assign ( 'error' , $errors [ 'user_already_exists' ][ LANG ]);
}
2013-08-25 00:06:14 +02:00
}
else {
2013-09-28 19:31:27 +02:00
$tpl -> assign ( 'error' , $errors [ 'email_invalid' ][ LANG ]);
2013-08-25 00:06:14 +02:00
}
2013-08-24 23:53:52 +02:00
}
2013-08-25 23:06:47 +02:00
else {
2013-09-05 23:46:51 +02:00
$tpl -> assign ( 'error' , $errors [ 'token_error' ][ LANG ]);
2013-08-25 23:06:47 +02:00
}
2013-08-11 22:25:25 +02:00
}
2013-08-10 23:58:40 +02:00
if ( ! empty ( $_GET [ 'user_id' ]) || $_GET [ 'do' ] == 'add_user' ) {
if ( ! empty ( $_GET [ 'user_id' ])) {
$user_id = ( int ) $_GET [ 'user_id' ];
$user = new User ();
2013-08-27 15:51:04 +02:00
$user = $user -> load ( array ( 'id' => $user_id ), true );
2013-08-26 21:21:52 +02:00
$tpl -> assign ( 'user_data' , $user -> secureDisplay ());
2013-08-10 23:58:40 +02:00
}
2013-08-12 09:52:50 +02:00
$tpl -> assign ( 'user_id' , ( ! empty ( $user_id ) ? ( int ) $user_id : - 1 ));
2013-08-10 23:58:40 +02:00
$tpl -> assign ( 'view' , 'edit_user' );
}
else {
$users_list = new User ();
2013-08-27 15:51:04 +02:00
$users_list = $users_list -> load ();
2013-08-11 22:25:25 +02:00
2013-08-26 21:21:52 +02:00
$tpl -> assign ( 'users' , secureDisplay ( $users_list ));
2013-08-10 23:58:40 +02:00
$tpl -> assign ( 'view' , 'list_users' );
}
2013-08-11 22:25:25 +02:00
$tpl -> assign ( 'login_post' , ( ! empty ( $_POST [ 'login' ]) ? htmlspecialchars ( $_POST [ 'login' ]) : '' ));
2013-09-28 19:31:27 +02:00
$tpl -> assign ( 'email_post' , ( ! empty ( $_POST [ 'email' ]) ? htmlspecialchars ( $_POST [ 'email' ]) : '' ));
2013-08-13 17:58:14 +02:00
$tpl -> assign ( 'display_name_post' , ( ! empty ( $_POST [ 'display_name' ]) ? htmlspecialchars ( $_POST [ 'display_name' ]) : '' ));
2013-08-11 22:25:25 +02:00
$tpl -> assign ( 'admin_post' , ( isset ( $_POST [ 'admin' ]) ? ( int ) $_POST [ 'admin' ] : - 1 ));
2013-08-24 23:53:52 +02:00
$tpl -> assign ( 'token' , generate_token ( 'edit_users' ));
2013-08-10 23:58:40 +02:00
$tpl -> draw ( 'edit_users' );
break ;
2013-09-06 20:07:28 +02:00
case 'new_token' :
if ( ! empty ( $_GET [ 'user_id' ]) && $current_user -> getAdmin ()) {
$user_id = ( int ) $_GET [ 'user_id' ];
}
else {
$user_id = $current_user -> getId ();
}
2013-09-26 18:34:29 +02:00
if ( check_token ( 600 , 'password' ) || check_token ( 600 , 'edit_users' )) {
2013-09-25 22:09:25 +02:00
$user = new User ();
$user = $user -> load ( array ( 'id' => $user_id ), true );
$user -> newJsonToken ();
$user -> save ();
2013-10-28 21:24:01 +01:00
if ( empty ( $_GET [ 'user_id' ]))
$_SESSION [ 'current_user' ] = $user -> sessionStore ();
2013-09-25 22:09:25 +02:00
2013-09-26 18:34:29 +02:00
if ( ! empty ( $_GET [ 'user_id' ]))
header ( 'location: index.php?do=edit_users&user_id=' . $user_id );
else
header ( 'location: index.php?do=password&' . $get_redir );
2013-09-25 22:09:25 +02:00
exit ();
}
else {
$tpl -> assign ( 'error' , $errors [ 'token_error' ][ LANG ]);
2013-09-26 18:34:29 +02:00
$tpl -> assign ( 'block_error' , true );
2013-09-25 22:09:25 +02:00
$tpl -> draw ( 'index' );
2013-09-26 18:34:29 +02:00
exit ();
2013-09-25 22:09:25 +02:00
}
2013-09-06 20:07:28 +02:00
break ;
2013-08-10 23:58:40 +02:00
case 'delete_user' :
2013-08-11 22:25:25 +02:00
if ( $_GET [ 'user_id' ] != $current_user -> getId ()) {
2013-09-26 17:21:46 +02:00
if ( check_token ( 600 , 'edit_users' )) {
2013-09-25 22:09:25 +02:00
$user = new User ();
$user -> setId ( $_GET [ 'user_id' ]);
$user -> delete ();
2013-09-14 23:21:49 +02:00
2013-09-25 22:09:25 +02:00
// Update concerned invoices
$invoices = new Invoice ();
$invoices = $invoices -> load ();
if ( $invoices !== FALSE ) {
foreach ( $invoices as $invoice ) {
if ( $invoice -> getBuyer () == $_GET [ 'user_id' ]) {
2013-09-15 16:19:37 +02:00
$invoice -> delete ();
2013-09-25 22:09:25 +02:00
}
if ( $invoice -> getUsersIn () -> inUsersIn ( $_GET [ 'user_id' ])) {
$users_in = $invoice -> getUsersIn () -> get ();
unset ( $users_in [ $_GET [ 'user_id' ]]);
if ( empty ( $users_in ) || array_keys ( $users_in ) == array ( $invoice -> getBuyer ()))
$invoice -> delete ();
else {
$invoice -> setUsersIn ( $users_in );
$invoice -> save ();
}
2013-09-15 16:19:37 +02:00
}
2013-09-14 23:21:49 +02:00
}
}
2013-09-25 22:09:25 +02:00
// Update paybacks
$paybacks = new Payback ();
$paybacks = $paybacks -> load ( array ( 'from_user' => ( int ) $_GET [ 'user_id' ]));
if ( $paybacks !== FALSE ) {
foreach ( $paybacks as $payback ) {
$payback -> delete ();
}
2013-09-14 23:21:49 +02:00
}
2013-09-25 22:09:25 +02:00
$paybacks = new Payback ();
$paybacks = $paybacks -> load ( array ( 'to_user' => ( int ) $_GET [ 'user_id' ]));
if ( $paybacks !== FALSE ) {
foreach ( $paybacks as $payback ) {
$payback -> delete ();
}
2013-09-14 23:21:49 +02:00
}
2013-09-25 22:09:25 +02:00
// Clear the cache
( $cached_files = glob ( raintpl :: $cache_dir . " *.rtpl.php " )) or ( $cached_files = array ());
array_map ( " unlink " , $cached_files );
2013-09-02 00:23:37 +02:00
2013-09-25 22:09:25 +02:00
header ( 'location: index.php?do=edit_users&' . $get_redir );
exit ();
}
else {
$tpl -> assign ( 'error' , $errors [ 'token_error' ][ LANG ]);
2013-09-26 18:34:29 +02:00
$tpl -> assign ( 'block_error' , 'true' );
2013-09-25 22:09:25 +02:00
$tpl -> draw ( 'index' );
2013-09-26 18:34:29 +02:00
exit ();
2013-09-25 22:09:25 +02:00
}
2013-08-11 22:25:25 +02:00
}
2013-08-10 23:58:40 +02:00
break ;
2013-08-12 09:52:50 +02:00
case 'edit_notice' :
if ( isset ( $_POST [ 'notice' ])) {
2013-09-26 17:36:59 +02:00
$tpl -> assign ( 'notice' , htmlspecialchars ( $_POST [ 'notice' ]));
2013-09-26 17:21:46 +02:00
if ( check_token ( 600 , 'settings' )) {
2013-09-25 22:09:25 +02:00
setNotice ( $_POST [ 'notice' ]);
2013-09-02 00:23:37 +02:00
2013-09-25 22:09:25 +02:00
// Clear the cache
( $cached_files = glob ( raintpl :: $cache_dir . " *.rtpl.php " )) or ( $cached_files = array ());
array_map ( " unlink " , $cached_files );
header ( 'location: index.php?' . $get_redir );
exit ();
}
else {
$tpl -> assign ( 'error' , $errors [ 'token_error' ][ LANG ]);
}
2013-08-12 09:52:50 +02:00
}
$tpl -> assign ( 'show_settings' , false );
2013-09-26 17:36:59 +02:00
$tpl -> assign ( 'token' , generate_token ( 'settings' ));
2013-08-12 09:52:50 +02:00
$tpl -> draw ( 'settings' );
break ;
case 'settings' :
2013-09-05 23:57:47 +02:00
if ( ! empty ( $_POST [ 'mysql_host' ]) && ! empty ( $_POST [ 'mysql_login' ]) && ! empty ( $_POST [ 'mysql_db' ]) && ! empty ( $_POST [ 'currency' ]) && ! empty ( $_POST [ 'instance_title' ]) && ! empty ( $_POST [ 'base_url' ]) && ! empty ( $_POST [ 'timezone' ]) && ! empty ( $_POST [ 'email_webmaster' ]) && ! empty ( $_POST [ 'template' ])) {
2013-08-25 23:06:47 +02:00
if ( check_token ( 600 , 'settings' )) {
if ( ! is_writable ( 'data/' )) {
2013-09-05 23:46:51 +02:00
$tpl > assign ( 'error' , $errors [ 'write_error_data' ][ LANG ]);
2013-08-25 23:06:47 +02:00
}
else {
2013-09-05 23:57:47 +02:00
if ( ! is_dir ( 'tpl/' . $_POST [ 'template' ])) {
$tpl -> assign ( 'error' , $errors [ 'template_error' ][ LANG ]);
2013-09-05 23:46:51 +02:00
}
else {
$config = file ( 'data/config.php' );
foreach ( $config as $line_number => $line ) {
2013-09-21 14:36:30 +02:00
if ( strpos ( trim ( $line ), " MYSQL_HOST " ) !== false )
2013-10-03 16:57:56 +02:00
$config [ $line_number ] = " \t define('MYSQL_HOST', ' " . $_POST [ 'mysql_host' ] . " '); \n " ;
2013-09-21 14:36:30 +02:00
elseif ( strpos ( trim ( $line ), " MYSQL_LOGIN " ) !== false )
2013-10-03 16:57:56 +02:00
$config [ $line_number ] = " \t define('MYSQL_LOGIN', ' " . $_POST [ 'mysql_login' ] . " '); \n " ;
2013-09-21 14:36:30 +02:00
elseif ( strpos ( trim ( $line ), " MYSQL_PASSWORD " ) !== false && ! empty ( $_POST [ 'mysql_password' ]))
2013-10-03 16:57:56 +02:00
$config [ $line_number ] = " \t define('MYSQL_PASSWORD', ' " . $_POST [ 'mysql_password' ] . " '); \n " ;
2013-09-21 14:36:30 +02:00
elseif ( strpos ( trim ( $line ), " MYSQL_DB " ) !== false )
2013-10-03 16:57:56 +02:00
$config [ $line_number ] = " \t define('MYSQL_DB', ' " . $_POST [ 'mysql_db' ] . " '); \n " ;
2013-09-21 14:36:30 +02:00
elseif ( strpos ( trim ( $line ), " MYSQL_PREFIX " ) !== false && ! empty ( $_POST [ 'mysql_prefix' ]))
2013-10-03 16:57:56 +02:00
$config [ $line_number ] = " \t define('MYSQL_PREFIX', ' " . $_POST [ 'mysql_prefix' ] . " '); \n " ;
2013-09-21 14:36:30 +02:00
elseif ( strpos ( trim ( $line ), " INSTANCE_TITLE " ) !== false )
2013-10-03 16:57:56 +02:00
$config [ $line_number ] = " \t define('INSTANCE_TITLE', ' " . $_POST [ 'instance_title' ] . " '); \n " ;
2013-09-21 14:36:30 +02:00
elseif ( strpos ( trim ( $line ), " BASE_URL " ) !== false )
2013-10-03 16:57:56 +02:00
$config [ $line_number ] = " \t define('BASE_URL', ' " . $_POST [ 'base_url' ] . " '); \n " ;
2013-09-21 14:36:30 +02:00
elseif ( strpos ( trim ( $line ), " CURRENCY " ) !== false )
2013-10-03 16:57:56 +02:00
$config [ $line_number ] = " \t define('CURRENCY', ' " . $_POST [ 'currency' ] . " '); \n " ;
2013-09-21 14:36:30 +02:00
elseif ( strpos ( trim ( $line ), " EMAIL_WEBMASTER " ) !== false )
2013-10-03 16:57:56 +02:00
$config [ $line_number ] = " \t define('EMAIL_WEBMASTER', ' " . $_POST [ 'email_webmaster' ] . " '); \n " ;
2013-09-21 14:36:30 +02:00
elseif ( strpos ( trim ( $line ), " TEMPLATE_DIR " ) !== false )
2013-10-03 16:57:56 +02:00
$config [ $line_number ] = " \t define('TEMPLATE_DIR', 'tpl/ " . $_POST [ 'template' ] . " /'); \n " ;
2013-09-21 14:36:30 +02:00
elseif ( strpos ( trim ( $line ), " LANG " ) !== false )
2013-10-03 16:57:56 +02:00
$config [ $line_number ] = " \t define('LANG', ' " . substr ( $_POST [ 'template' ], - 2 ) . " '); \n " ;
2013-09-21 14:36:30 +02:00
elseif ( strpos ( trim ( $line ), 'date_default_timezone_set' ) !== false )
2013-10-03 16:57:56 +02:00
$config [ $line_number ] = " \t date_default_timezone_set(' " . $_POST [ 'timezone' ] . " '); \n " ;
2013-09-05 23:46:51 +02:00
}
if ( file_put_contents ( " data/config.php " , $config )) {
// Clear the cache
2013-09-21 14:36:30 +02:00
( $cached_files = glob ( raintpl :: $cache_dir . " *.rtpl.php " )) or ( $cached_files = array ());
array_map ( " unlink " , $cached_files );
2013-09-05 23:46:51 +02:00
2013-09-06 20:07:28 +02:00
header ( 'location: index.php?' . $get_redir );
2013-09-05 23:46:51 +02:00
exit ();
}
else {
$tpl -> assign ( 'error' , $errors [ 'unable_write_config' ][ LANG ]);
}
}
2013-08-25 23:06:47 +02:00
}
2013-08-12 09:52:50 +02:00
}
else {
2013-09-05 23:46:51 +02:00
$tpl -> assign ( 'error' , $errors [ 'token_error' ][ LANG ]);
2013-08-12 09:52:50 +02:00
}
}
2013-08-26 21:21:52 +02:00
$tpl -> assign ( 'mysql_host' , htmlspecialchars ( MYSQL_HOST ));
$tpl -> assign ( 'mysql_login' , htmlspecialchars ( MYSQL_LOGIN ));
$tpl -> assign ( 'mysql_db' , htmlspecialchars ( MYSQL_DB ));
$tpl -> assign ( 'mysql_prefix' , htmlspecialchars ( MYSQL_PREFIX ));
2013-08-22 23:14:14 +02:00
$tpl -> assign ( 'timezone' , @ date_default_timezone_get ());
2013-08-12 09:52:50 +02:00
$tpl -> assign ( 'show_settings' , true );
2013-08-24 23:53:52 +02:00
$tpl -> assign ( 'token' , generate_token ( 'settings' ));
2013-09-05 23:46:51 +02:00
$tpl -> assign ( 'templates' , listTemplates ( 'tpl/' ));
2013-09-05 20:09:03 +02:00
$tpl -> assign ( 'current_template' , trim ( substr ( TEMPLATE_DIR , 4 ), '/' ));
2013-09-05 23:46:51 +02:00
$tpl -> assign ( 'lang' , LANG );
2013-08-12 09:52:50 +02:00
$tpl -> draw ( 'settings' );
break ;
2013-08-13 19:37:11 +02:00
case 'new_invoice' :
2013-08-17 19:16:16 +02:00
case 'edit_invoice' :
if ( ! empty ( $_GET [ 'id' ])) {
$invoice = new Invoice ();
2013-08-30 20:07:52 +02:00
$invoice = $invoice -> load ( array ( 'id' => ( int ) $_GET [ 'id' ]), true );
2013-08-17 19:16:16 +02:00
2013-08-30 20:07:52 +02:00
$date_hour = $invoice -> getDate ( 'a' );
$date_day = $invoice -> getDate ( 'd' );
$date_month = $invoice -> getDate ( 'm' );
$date_year = $invoice -> getDate ( 'Y' );
2013-08-17 19:16:16 +02:00
$amount = $invoice -> getAmount ();
$what = $invoice -> getWhat ();
2013-09-08 16:29:55 +02:00
$users_in = $invoice -> getUsersIn () -> get ();
2013-08-17 19:16:16 +02:00
}
if ( ! empty ( $_POST [ 'what' ])) $what = $_POST [ 'what' ];
if ( ! empty ( $_POST [ 'amount' ])) $amount = $_POST [ 'amount' ];
if ( ! empty ( $_POST [ 'date_day' ])) $date_day = $_POST [ 'date_day' ];
if ( ! empty ( $_POST [ 'date_month' ])) $date_month = $_POST [ 'date_month' ];
if ( ! empty ( $_POST [ 'date_year' ])) $date_year = $_POST [ 'date_year' ];
2013-09-08 16:29:55 +02:00
if ( ! empty ( $_POST [ 'users_in' ])) {
$users_in = array ();
foreach ( $_POST [ 'users_in' ] as $user ) {
$users_in [( int ) $user ] = ( int ) $_POST [ 'guest_user_' . $user ];
}
}
2013-08-17 19:16:16 +02:00
2013-11-04 19:53:47 +01:00
if ( ! empty ( $_POST [ 'what' ]) && ! empty ( $_POST [ 'amount' ]) && ( float ) $_POST [ 'amount' ] != 0 && isset ( $_POST [ 'date_hour' ]) && ! empty ( $_POST [ 'date_day' ]) && ! empty ( $_POST [ 'date_month' ]) && ! empty ( $_POST [ 'date_year' ]) && ! empty ( $_POST [ 'users_in' ])) {
2013-08-25 23:06:47 +02:00
if ( check_token ( 600 , 'new_invoice' )) {
2013-08-30 20:07:52 +02:00
if ( $_POST [ 'amount' ] <= 0 ) {
2013-09-05 23:46:51 +02:00
$tpl -> assign ( 'error' , $errors [ 'negative_amount' ][ LANG ]);
2013-08-25 23:06:47 +02:00
}
2013-08-30 20:07:52 +02:00
else {
2013-09-15 16:28:44 +02:00
if ( array_keys ( $users_in ) == array ( $current_user -> getId ())) {
$tpl -> assign ( 'error' , $errors [ 'no_users' ][ LANG ]);
}
else {
$invoice = new Invoice ();
2013-08-30 20:07:52 +02:00
2013-09-15 16:28:44 +02:00
if ( ! empty ( $_POST [ 'id' ]))
$invoice -> setId ( $_POST [ 'id' ]);
2013-08-30 20:07:52 +02:00
2013-09-15 16:28:44 +02:00
$invoice -> setWhat ( $_POST [ 'what' ]);
$invoice -> setAmount ( $_POST [ 'amount' ]);
$invoice -> setBuyer ( $current_user -> getId ());
$invoice -> setDate ( 0 , int2ampm ( $_POST [ 'date_hour' ]), $_POST [ 'date_day' ], $_POST [ 'date_month' ], $_POST [ 'date_year' ]);
2013-08-30 20:07:52 +02:00
2013-09-15 16:28:44 +02:00
$invoice -> setUsersIn ( $users_in );
2013-08-13 19:37:11 +02:00
2013-09-15 16:28:44 +02:00
$invoice -> save ();
2013-09-02 00:23:37 +02:00
2013-09-15 16:28:44 +02:00
// Clear the cache
2013-09-21 14:36:30 +02:00
( $cached_files = glob ( raintpl :: $cache_dir . " *.rtpl.php " )) or ( $cached_files = array ());
array_map ( " unlink " , $cached_files );
2013-09-02 00:23:37 +02:00
2013-09-15 16:28:44 +02:00
header ( 'location: index.php?' . $get_redir );
exit ();
}
2013-08-30 20:07:52 +02:00
}
2013-08-25 23:06:47 +02:00
}
else {
2013-09-05 23:46:51 +02:00
$tpl -> assign ( 'error' , $errors [ 'token_error' ][ LANG ]);
2013-08-25 23:06:47 +02:00
}
2013-08-13 19:37:11 +02:00
}
$users_list = new User ();
2013-08-27 15:51:04 +02:00
$users_list = $users_list -> load ();
2013-08-13 19:37:11 +02:00
2013-08-26 21:21:52 +02:00
$tpl -> assign ( 'days' , range ( 1 , 31 ));
2013-08-13 19:37:11 +02:00
$tpl -> assign ( 'months' , range ( 1 , 12 ));
$tpl -> assign ( 'years' , range ( date ( 'Y' ) - 1 , date ( 'Y' ) + 1 ));
2013-08-30 20:07:52 +02:00
$tpl -> assign ( 'hour_post' , ( ! empty ( $date_hour ) ? ( int ) ampm2int ( $date_hour ) : ( int ) ampm2int ( date ( 'a' ))));
2013-08-17 19:16:16 +02:00
$tpl -> assign ( 'day_post' , ( ! empty ( $date_day ) ? ( int ) $date_day : ( int ) date ( 'd' )));
$tpl -> assign ( 'month_post' , ( ! empty ( $date_month ) ? ( int ) $date_month : ( int ) date ( 'm' )));
$tpl -> assign ( 'year_post' , ( ! empty ( $date_year ) ? ( int ) $date_year : ( int ) date ( 'Y' )));
$tpl -> assign ( 'amount_post' , ( ! empty ( $amount ) ? ( float ) $amount : 0 ));
$tpl -> assign ( 'what_post' , ( ! empty ( $what ) ? htmlspecialchars ( $what ) : '' ));
2013-08-26 21:21:52 +02:00
$tpl -> assign ( 'users' , secureDisplay ( $users_list ));
2013-09-27 17:33:04 +02:00
2013-09-29 19:38:39 +02:00
if ( isset ( $_POST [ 'what' ]) && empty ( $_POST [ 'what' ]))
2013-09-27 17:33:04 +02:00
$tpl -> assign ( 'error' , $errors [ 'what_unknown' ][ LANG ]);
2013-09-29 19:38:39 +02:00
if ( ! empty ( $_POST [ 'amount' ]) && ( float ) $_POST [ 'amount' ] == 0 )
2013-09-27 17:33:04 +02:00
$tpl -> assign ( 'error' , $errors [ 'incorrect_amount' ][ LANG ]);
2013-08-17 19:16:16 +02:00
$tpl -> assign ( 'users_in' , ( ! empty ( $users_in ) ? $users_in : array ()));
$tpl -> assign ( 'id' , ( ! empty ( $_GET [ 'id' ]) ? ( int ) $_GET [ 'id' ] : 0 ));
2013-08-24 23:53:52 +02:00
$tpl -> assign ( 'token' , generate_token ( 'new_invoice' ));
2013-08-13 19:37:11 +02:00
$tpl -> draw ( 'new_invoice' );
break ;
2013-08-17 19:28:42 +02:00
case 'delete_invoice' :
if ( ! empty ( $_GET [ 'id' ])) {
2013-09-26 17:21:46 +02:00
if ( check_token ( 600 , 'invoice' )) {
2013-09-25 22:09:25 +02:00
$invoice = new Invoice ();
$invoice = $invoice -> load ( array ( 'id' => ( int ) $_GET [ 'id' ]), true );
2013-08-17 19:28:42 +02:00
2013-09-25 22:09:25 +02:00
if ( $current_user -> getAdmin () || $invoice -> getBuyer () == $current_user -> getId ()) {
$invoice -> delete ();
2013-09-02 00:23:37 +02:00
2013-09-25 22:09:25 +02:00
// Delete related paybacks
$paybacks = new Payback ();
$paybacks = $paybacks -> load ( array ( 'invoice_id' => ( int ) $_GET [ 'id' ]));
2013-09-14 23:36:19 +02:00
2013-09-25 22:09:25 +02:00
if ( $paybacks !== false ) {
foreach ( $paybacks as $payback ) {
$payback -> delete ();
}
2013-09-14 23:36:19 +02:00
}
2013-09-25 22:09:25 +02:00
// Clear the cache
( $cached_files = glob ( raintpl :: $cache_dir . " *.rtpl.php " )) or ( $cached_files = array ());
array_map ( " unlink " , $cached_files );
2013-09-08 18:36:59 +02:00
2013-09-25 22:09:25 +02:00
header ( 'location: index.php?' . $get_redir );
exit ();
}
else {
$tpl -> assign ( 'error' , $errors [ 'unauthorized' ][ LANG ]);
2013-09-26 18:34:29 +02:00
$tpl -> assign ( 'block_error' , true );
2013-09-25 22:09:25 +02:00
$tpl -> draw ( 'index' );
2013-09-26 18:34:29 +02:00
exit ();
2013-09-25 22:09:25 +02:00
}
2013-09-08 18:36:59 +02:00
}
else {
2013-09-25 22:09:25 +02:00
$tpl -> assign ( 'error' , $errors [ 'token_error' ][ LANG ]);
2013-09-26 18:34:29 +02:00
$tpl -> assign ( 'block_error' , true );
2013-09-08 18:36:59 +02:00
$tpl -> draw ( 'index' );
2013-09-26 18:34:29 +02:00
exit ();
2013-09-08 18:36:59 +02:00
}
}
else {
2013-09-06 20:07:28 +02:00
header ( 'location: index.php?' . $get_redir );
2013-08-17 19:28:42 +02:00
exit ();
}
break ;
2013-09-11 00:51:45 +02:00
case 'confirm_payback' :
2013-09-15 16:28:44 +02:00
if ( ! empty ( $_GET [ 'from' ]) && ! empty ( $_GET [ 'to' ]) && ! empty ( $_GET [ 'invoice_id' ]) && $_GET [ 'from' ] != $_GET [ 'to' ]) {
2013-09-11 00:51:45 +02:00
if ( $_GET [ 'to' ] == $current_user -> getId () || $current_user -> getAdmin ()) {
2013-09-26 17:21:46 +02:00
if ( check_token ( 600 , 'invoice' )) {
2013-09-25 22:09:25 +02:00
$invoice = new Invoice ();
$invoice = $invoice -> load ( array ( 'id' => ( int ) $_GET [ 'invoice_id' ]), true );
2013-09-11 00:51:45 +02:00
2013-09-25 22:09:25 +02:00
$payback = new Payback ();
2013-09-11 00:51:45 +02:00
2013-09-25 22:09:25 +02:00
if ( ! empty ( $_GET [ 'payback_id' ])) {
$payback = $payback -> load ( array ( 'id' => ( int ) $_GET [ 'payback_id' ]), true );
2013-09-11 00:51:45 +02:00
2013-09-25 22:09:25 +02:00
if ( $payback -> getFrom () != $_GET [ 'from' ] || $payback -> getTo () != $_GET [ 'to' ]) {
$payback = new Payback ();
}
2013-09-11 00:51:45 +02:00
}
2013-09-25 22:09:25 +02:00
else {
$payback = $payback -> load ( array ( 'invoice_id' => ( int ) $_GET [ 'invoice_id' ], 'to_user' => ( int ) $_GET [ 'to' ], 'from_user' => ( int ) $_GET [ 'from' ]), true );
2013-09-14 23:21:49 +02:00
2013-09-25 22:09:25 +02:00
if ( $payback == false )
$payback = new Payback ();
}
2013-09-11 00:51:45 +02:00
2013-09-25 22:09:25 +02:00
$payback -> setDate ( date ( 'i' ), date ( 'G' ), date ( 'j' ), date ( 'n' ), date ( 'Y' ));
$payback -> setInvoice ( $_GET [ 'invoice_id' ]);
$payback -> setAmount ( $invoice -> getAmountPerPerson ( $_GET [ 'from' ]));
$payback -> setFrom ( $_GET [ 'from' ]);
$payback -> setTo ( $_GET [ 'to' ]);
2013-09-11 00:51:45 +02:00
2013-09-25 22:09:25 +02:00
$payback -> save ();
// Clear the cache
( $cached_files = glob ( raintpl :: $cache_dir . " *.rtpl.php " )) or ( $cached_files = array ());
array_map ( " unlink " , $cached_files );
2013-09-11 00:51:45 +02:00
2013-09-25 22:09:25 +02:00
header ( 'location: index.php' );
exit ();
}
else {
$tpl -> assign ( 'error' , $errors [ 'token_error' ][ LANG ]);
2013-09-26 18:34:29 +02:00
$tpl -> assign ( 'block_error' , true );
2013-09-25 22:09:25 +02:00
$tpl -> draw ( 'index' );
2013-09-26 18:34:29 +02:00
exit ();
2013-09-25 22:09:25 +02:00
}
2013-09-11 00:51:45 +02:00
}
else {
2013-09-25 22:09:25 +02:00
$tpl -> assign ( 'error' , $errors [ 'unauthorized' ][ LANG ]);
2013-09-26 18:34:29 +02:00
$tpl -> assign ( 'block_error' , true );
2013-09-11 00:51:45 +02:00
$tpl -> draw ( 'index' );
2013-09-26 18:34:29 +02:00
exit ();
2013-09-11 00:51:45 +02:00
}
}
else {
header ( 'location: index.php?' . $get_redir );
}
break ;
case 'delete_payback' :
if ( ! empty ( $_GET [ 'from' ]) && ! empty ( $_GET [ 'to' ]) && ! empty ( $_GET [ 'invoice_id' ])) {
if ( $_GET [ 'to' ] == $current_user -> getId () || $current_user -> getAdmin ()) {
2013-09-26 17:21:46 +02:00
if ( check_token ( 600 , 'invoice' )) {
2013-09-25 22:09:25 +02:00
$paybacks = new Payback ();
2013-09-11 00:51:45 +02:00
2013-09-25 22:09:25 +02:00
$paybacks = $paybacks -> load ( array ( 'to_user' => ( int ) $_GET [ 'to' ], 'from_user' => ( int ) $_GET [ 'from' ], 'invoice_id' => ( int ) $_GET [ 'invoice_id' ]));
2013-09-11 00:51:45 +02:00
2013-09-25 22:09:25 +02:00
if ( $paybacks !== false ) {
foreach ( $paybacks as $payback ) {
$payback -> delete ();
}
2013-09-14 23:21:49 +02:00
}
2013-09-11 00:51:45 +02:00
2013-09-25 22:09:25 +02:00
// Clear the cache
( $cached_files = glob ( raintpl :: $cache_dir . " *.rtpl.php " )) or ( $cached_files = array ());
array_map ( " unlink " , $cached_files );
header ( 'location: index.php' );
exit ();
}
else {
$tpl -> assign ( 'error' , $errors [ 'token_error' ][ LANG ]);
2013-09-26 18:34:29 +02:00
$tpl -> assign ( 'block_error' , true );
2013-09-25 22:09:25 +02:00
$tpl -> draw ( 'index' );
2013-09-26 18:34:29 +02:00
exit ();
2013-09-25 22:09:25 +02:00
}
2013-09-11 00:51:45 +02:00
}
else {
2013-09-15 16:55:22 +02:00
header ( 'location: index.php' );
exit ();
2013-09-11 00:51:45 +02:00
}
}
else {
header ( 'location: index.php' );
exit ();
}
2013-09-15 16:55:22 +02:00
break ;
case 'payall' :
if ( ! empty ( $_GET [ 'from' ]) && ! empty ( $_GET [ 'to' ])) {
if ( $_GET [ 'to' ] == $current_user -> getId () || $current_user -> getAdmin ()) {
2013-09-26 17:21:46 +02:00
if ( check_token ( 600 , 'invoice' )) {
2013-09-25 22:09:25 +02:00
// Confirm all paybacks when to is buyer
$invoices = new Invoice ();
$invoices = $invoices -> load ( array ( 'buyer' => ( int ) $_GET [ 'to' ]));
if ( $invoices !== false ) {
foreach ( $invoices as $invoice ) {
$paybacks = new Payback ();
$paybacks = $paybacks -> load ( array ( 'invoice_id' => $invoice -> getId (), 'to_user' => ( int ) $_GET [ 'to' ], 'from_user' => ( int ) $_GET [ 'from' ]));
if ( $paybacks === false ) {
$payback = new Payback ();
$payback -> setTo ( $_GET [ 'to' ]);
$payback -> setFrom ( $_GET [ 'from' ]);
$payback -> setAmount ( $invoice -> getAmountPerPerson ( $_GET [ 'from' ]));
$payback -> setInvoice ( $invoice -> getId ());
$payback -> setDate ( date ( 'i' ), date ( 'G' ), date ( 'j' ), date ( 'n' ), date ( 'Y' ));
$payback -> save ();
}
2013-09-15 16:55:22 +02:00
}
}
2013-09-25 22:09:25 +02:00
// Confirm all paybacks when from is buyer
$invoices = new Invoice ();
$invoices = $invoices -> load ( array ( 'buyer' => ( int ) $_GET [ 'from' ]));
if ( $invoices !== false ) {
foreach ( $invoices as $invoice ) {
$paybacks = new Payback ();
$paybacks = $paybacks -> load ( array ( 'invoice_id' => $invoice -> getId (), 'to_user' => ( int ) $_GET [ 'from' ], 'from_user' => ( int ) $_GET [ 'to' ]));
if ( $paybacks === false ) {
$payback = new Payback ();
$payback -> setTo ( $_GET [ 'from' ]);
$payback -> setFrom ( $_GET [ 'to' ]);
$payback -> setAmount ( $invoice -> getAmountPerPerson ( $_GET [ 'to' ]));
$payback -> setInvoice ( $invoice -> getId ());
$payback -> setDate ( date ( 'i' ), date ( 'G' ), date ( 'j' ), date ( 'n' ), date ( 'Y' ));
$payback -> save ();
}
2013-09-15 16:55:22 +02:00
}
}
2013-09-25 22:09:25 +02:00
// Clear the cache
( $cached_files = glob ( raintpl :: $cache_dir . " *.rtpl.php " )) or ( $cached_files = array ());
array_map ( " unlink " , $cached_files );
header ( 'location: index.php' );
exit ();
}
else {
$tpl -> assign ( 'error' , $errors [ 'token_error' ][ LANG ]);
2013-09-26 18:34:29 +02:00
$tpl -> assign ( 'block_error' , true );
2013-09-25 22:09:25 +02:00
$tpl -> draw ( 'index' );
2013-09-26 18:34:29 +02:00
exit ();
2013-09-25 22:09:25 +02:00
}
2013-09-15 16:55:22 +02:00
}
else {
header ( 'location: index.php' );
exit ();
}
}
else {
header ( 'location: index.php' );
exit ();
}
break ;
2013-09-11 00:51:45 +02:00
2013-09-24 14:50:05 +02:00
case " see_paybacks " :
$global_paybacks = new GlobalPayback ();
if ( empty ( $_GET [ 'id' ])) {
$global_paybacks = $global_paybacks -> load ();
2013-09-25 19:44:43 +02:00
if ( $global_paybacks !== false ) {
$sort_keys = array ();
foreach ( $global_paybacks as $key => $entry ) {
$sort_keys [ $key ] = $entry -> getId ();
}
array_multisort ( $sort_keys , SORT_DESC , $global_paybacks );
}
2013-09-24 14:50:05 +02:00
}
else {
$global_paybacks = $global_paybacks -> load ( array ( 'id' => ( int ) $_GET [ 'id' ]), true );
$tpl -> assign ( 'id' , ( int ) $_GET [ 'id' ]);
$users_list = new User ();
$users_list = $users_list -> load ();
$tpl -> assign ( 'users' , $users_list );
}
$tpl -> assign ( 'list' , true );
$tpl -> assign ( 'global_paybacks' , $global_paybacks );
2013-09-26 18:34:29 +02:00
$tpl -> assign ( 'token' , generate_token ( 'global_payback' ));
2013-09-24 14:50:05 +02:00
$tpl -> draw ( 'see_paybacks' );
break ;
2013-09-24 16:48:42 +02:00
case " confirm_global_paybacks " :
if ( ! empty ( $_GET [ 'from' ]) && ! empty ( $_GET [ 'to' ]) && ! empty ( $_GET [ 'payback_id' ]) && $_GET [ 'from' ] != $_GET [ 'to' ]) {
if ( $_GET [ 'to' ] == $current_user -> getId () || $current_user -> getAdmin ()) {
2013-09-26 17:21:46 +02:00
if ( check_token ( 600 , 'global_payback' )) {
2013-09-25 22:09:25 +02:00
$global_payback = new GlobalPayback ();
$global_payback = $global_payback -> load ( array ( 'id' => ( int ) $_GET [ 'payback_id' ]), true );
2013-09-24 16:48:42 +02:00
2013-09-25 22:09:25 +02:00
$users_in = $global_payback -> getUsersIn () -> get ();
2013-09-24 16:48:42 +02:00
2013-09-25 22:09:25 +02:00
$users_in [( int ) $_GET [ 'from' ]][( int ) $_GET [ 'to' ]] = 0 ;
$users_in [( int ) $_GET [ 'to' ]][( int ) $_GET [ 'from' ]] = 0 ;
2013-09-24 16:48:42 +02:00
2013-09-25 22:09:25 +02:00
$global_payback -> setUsersIn ( $users_in );
2013-09-25 20:28:09 +02:00
2013-09-25 22:09:25 +02:00
if ( $global_payback -> getUsersIn () -> isEmpty ()) {
$global_payback -> setClosed ( true );
}
else {
$global_payback -> setClosed ( false );
}
2013-09-24 16:48:42 +02:00
2013-09-25 22:09:25 +02:00
$global_payback -> save ();
2013-09-24 16:48:42 +02:00
2013-09-25 22:09:25 +02:00
// Clear the cache
( $cached_files = glob ( raintpl :: $cache_dir . " *.rtpl.php " )) or ( $cached_files = array ());
array_map ( " unlink " , $cached_files );
2013-09-24 16:48:42 +02:00
2013-09-25 22:09:25 +02:00
header ( 'location: ?do=see_paybacks&id=' . ( int ) $_GET [ 'payback_id' ]);
exit ();
}
else {
header ( 'location: index.php' );
exit ();
}
2013-09-24 16:48:42 +02:00
}
else {
2013-09-25 22:09:25 +02:00
$tpl -> assign ( 'error' , $errors [ 'token_error' ][ LANG ]);
2013-09-26 18:34:29 +02:00
$tpl -> assign ( 'block_error' , true );
2013-09-24 16:48:42 +02:00
$tpl -> draw ( 'index' );
2013-09-26 18:34:29 +02:00
exit ();
2013-09-24 16:48:42 +02:00
}
}
else {
header ( 'location: index.php?' . $get_redir );
}
break ;
2013-09-23 23:08:01 +02:00
case " manage_paybacks " :
if ( empty ( $_GET [ 'new' ])) {
2013-09-23 23:43:53 +02:00
$global_paybacks = new GlobalPayback ();
$global_paybacks = $global_paybacks -> load ();
2013-09-25 19:44:43 +02:00
// Sort paybacks by id DESC
if ( $global_paybacks !== false ) {
$sort_keys = array ();
foreach ( $global_paybacks as $key => $entry ) {
$sort_keys [ $key ] = $entry -> getId ();
}
array_multisort ( $sort_keys , SORT_DESC , $global_paybacks );
}
2013-09-23 23:08:01 +02:00
$tpl -> assign ( 'list' , true );
2013-09-23 23:43:53 +02:00
$tpl -> assign ( 'global_paybacks' , $global_paybacks );
2013-09-23 23:08:01 +02:00
}
else {
2013-09-26 18:34:29 +02:00
if ( ! empty ( $_POST [ 'users_in' ]) && count ( $_POST [ 'users_in' ]) > 1 ) {
2013-09-26 17:21:46 +02:00
if ( check_token ( 600 , 'global_payback' )) {
2013-09-25 22:09:25 +02:00
$global_payback = new GlobalPayback ();
2013-09-23 23:08:01 +02:00
2013-09-25 22:09:25 +02:00
// Backup database
if ( ! is_dir ( 'db_backups' )) {
mkdir ( 'db_backups' );
}
system ( " mysqldump -h " . MYSQL_HOST . " -u " . MYSQL_LOGIN . " -p " . MYSQL_PASSWORD . " " . MYSQL_DB . " > db_backups/ " . date ( 'd-m-Y_H:i' ));
$users_in = array ();
foreach ( $_POST [ 'users_in' ] as $user1_id ) {
$user1_id = intval ( $user1_id );
foreach ( $_POST [ 'users_in' ] as $user2_id ) {
$user2_id = intval ( $user2_id );
if ( $user1_id == $user2_id ) {
2013-09-23 23:08:01 +02:00
$users_in [ $user1_id ][ $user2_id ] = 0 ;
}
2013-09-25 22:09:25 +02:00
elseif ( ! empty ( $users_in [ $user2_id ][ $user1_id ])) {
if ( $users_in [ $user2_id ][ $user1_id ] > 0 ) {
$users_in [ $user1_id ][ $user2_id ] = 0 ;
}
else {
$users_in [ $user1_id ][ $user2_id ] = - $users_in [ $user2_id ][ $user1_id ];
$users_in [ $user2_id ][ $user1_id ] = 0 ;
}
2013-09-23 23:08:01 +02:00
}
2013-09-25 22:09:25 +02:00
else {
// Get the amount user1 owes to user2
$users_in [ $user1_id ][ $user2_id ] = 0 ;
// Confirm all paybacks when user2 is buyer
$invoices = new Invoice ();
$invoices = $invoices -> load ( array ( 'buyer' => $user2_id ));
if ( $invoices !== false ) {
foreach ( $invoices as $invoice ) {
$paybacks = new Payback ();
$paybacks = $paybacks -> load ( array ( 'invoice_id' => $invoice -> getId (), 'to_user' => $user2_id , 'from_user' => $user1_id ));
if ( $paybacks === false ) {
$payback = new Payback ();
$payback -> setTo ( $user2_id );
$payback -> setFrom ( $user1_id );
$payback -> setAmount ( $invoice -> getAmountPerPerson ( $user1_id ));
$payback -> setInvoice ( $invoice -> getId ());
$payback -> setDate ( date ( 'i' ), date ( 'G' ), date ( 'j' ), date ( 'n' ), date ( 'Y' ));
$payback -> save ();
// Add the amount to what user1 owes to user2
$users_in [ $user1_id ][ $user2_id ] += $payback -> getAmount ();
}
2013-09-23 23:08:01 +02:00
}
}
2013-09-25 22:09:25 +02:00
// Confirm all paybacks when from is buyer
$invoices = new Invoice ();
$invoices = $invoices -> load ( array ( 'buyer' => $user1_id ));
if ( $invoices !== false ) {
foreach ( $invoices as $invoice ) {
$paybacks = new Payback ();
$paybacks = $paybacks -> load ( array ( 'invoice_id' => $invoice -> getId (), 'to_user' => $user1_id , 'from_user' => $user2_id ));
if ( $paybacks === false ) {
$payback = new Payback ();
$payback -> setTo ( $user1_id );
$payback -> setFrom ( $user2_id );
$payback -> setAmount ( $invoice -> getAmountPerPerson ( $user2_id ));
$payback -> setInvoice ( $invoice -> getId ());
$payback -> setDate ( date ( 'i' ), date ( 'G' ), date ( 'j' ), date ( 'n' ), date ( 'Y' ));
$payback -> save ();
// Substract the amount to what user1 owes to user2
$users_in [ $user1_id ][ $user2_id ] -= $payback -> getAmount ();
}
2013-09-23 23:08:01 +02:00
}
}
}
}
}
2013-09-25 22:09:25 +02:00
$global_payback -> setUsersIn ( $users_in );
2013-09-25 20:28:09 +02:00
2013-09-25 22:09:25 +02:00
if ( $global_payback -> getUsersIn () -> isEmpty ()) {
$global_payback -> setClosed ( true );
}
else {
$global_payback -> setClosed ( false );
}
2013-09-25 20:28:09 +02:00
2013-09-25 22:09:25 +02:00
$global_payback -> setDate ( date ( 'i' ), date ( 'G' ), date ( 'j' ), date ( 'n' ), date ( 'Y' ));
$global_payback -> save ();
2013-09-23 23:08:01 +02:00
2013-09-25 22:09:25 +02:00
// Clear the cache
( $cached_files = glob ( raintpl :: $cache_dir . " *.rtpl.php " )) or ( $cached_files = array ());
array_map ( " unlink " , $cached_files );
2013-09-23 23:08:01 +02:00
2013-09-25 22:09:25 +02:00
header ( 'location: index.php?do=manage_paybacks&' . $get_redir );
exit ();
}
else {
$tpl -> assign ( 'error' , $errors [ 'token_error' ][ LANG ]);
2013-09-26 18:34:29 +02:00
$tpl -> assign ( 'block_error' , true );
2013-09-25 22:09:25 +02:00
$tpl -> draw ( 'index' );
2013-09-26 18:34:29 +02:00
exit ();
2013-09-25 22:09:25 +02:00
}
2013-09-23 23:08:01 +02:00
}
$users_list = new User ();
$users_list = $users_list -> load ();
$tpl -> assign ( 'users' , $users_list );
}
2013-09-26 18:34:29 +02:00
$tpl -> assign ( 'token' , generate_token ( 'global_payback' ));
2013-09-23 23:08:01 +02:00
$tpl -> draw ( 'manage_paybacks' );
break ;
2013-09-11 00:51:45 +02:00
2013-08-09 23:35:20 +02:00
default :
2013-09-15 15:28:27 +02:00
if ( empty ( $_GET [ 'all' ]))
$_GET [ 'all' ] = 0 ;
2013-09-01 23:09:37 +02:00
// Display cached page in priority
2013-09-15 15:28:27 +02:00
if ( $cache = $tpl -> cache ( 'index' , $expire_time = 600 , $cache_id = $current_user -> getLogin () . $_GET [ 'all' ])) {
2013-09-01 23:09:37 +02:00
echo $cache ;
}
2013-09-08 18:36:59 +02:00
else {
2013-09-01 23:09:37 +02:00
$users_list = new User ();
$users_list = $users_list -> load ();
2013-08-13 19:37:11 +02:00
2013-09-01 23:09:37 +02:00
$invoices_list = new Invoice ();
2013-09-15 15:28:27 +02:00
if ( empty ( $_GET [ 'all' ])) {
$invoices_list = $invoices_list -> load ( array ( 'date' => array ( '>=' . date ( 'Y-m' ) . '-01 00:00:00' , 'AND' , '<=' . date ( 'Y-m' ) . '-31 23:59:59' )));
$tpl -> assign ( 'all' , 0 );
}
else {
$invoices_list = $invoices_list -> load ();
$tpl -> assign ( 'all' , 1 );
}
2013-08-13 19:37:11 +02:00
2013-09-10 23:07:39 +02:00
if ( $invoices_list === false ) $invoices_list = array ();
2013-09-26 17:21:46 +02:00
else {
$sort_keys = array ();
foreach ( $invoices_list as $key => $entry ) {
$sort_keys [ $key ] = $entry -> getDate ();
}
array_multisort ( $sort_keys , SORT_DESC , $invoices_list );
}
2013-09-10 23:07:39 +02:00
$paybacks = array ();
foreach ( $invoices_list as $invoice ) {
$paybacks [ $invoice -> getId ()] = new Payback ();
2013-09-11 00:51:45 +02:00
$paybacks [ $invoice -> getId ()] = $paybacks [ $invoice -> getId ()] -> load ( array ( 'invoice_id' => $invoice -> getId ()), false , 'from_user' );
2013-09-10 23:07:39 +02:00
}
2013-09-12 18:44:04 +02:00
$balances = array ();
foreach ( $users_list as $user1 ) {
foreach ( $users_list as $user2 ) {
if ( $user1 -> getId () == $user2 -> getId ()) {
$balances [ $user1 -> getId ()][ $user2 -> getId ()] = 'X' ;
}
2013-09-13 19:18:49 +02:00
if ( ! empty ( $balances [ $user2 -> getId ()][ $user1 -> getId ()])) {
// If the opposed element in the matrix exists
if ( is_float ( $balances [ $user2 -> getId ()][ $user1 -> getId ()])) {
if ( $balances [ $user2 -> getId ()][ $user1 -> getId ()] >= 0 ) {
$balances [ $user1 -> getId ()][ $user2 -> getId ()] = '-' ;
}
else {
$balances [ $user1 -> getId ()][ $user2 -> getId ()] = - $balances [ $user2 -> getId ()][ $user1 -> getId ()];
$balances [ $user2 -> getId ()][ $user1 -> getId ()] = '-' ;
}
}
}
2013-09-12 18:44:04 +02:00
else {
2013-09-13 19:18:49 +02:00
// TODO : Optimize ?
$balances [ $user1 -> getId ()][ $user2 -> getId ()] = 0 ;
// First, get a list of all invoices paid by user2 and check if user1 was in
$invoices_list_balances = new Invoice ();
$invoices_list_balances = $invoices_list_balances -> load ( array ( 'buyer' => $user2 -> getId ()));
if ( $invoices_list_balances !== false ) {
foreach ( $invoices_list_balances as $invoice ) {
if ( $invoice -> getUsersIn () -> inUsersIn ( $user1 -> getId ())) {
2013-09-14 23:21:49 +02:00
$balances [ $user1 -> getId ()][ $user2 -> getId ()] += $invoice -> getAmountPerPerson ( $user1 -> getId ());
2013-09-15 16:39:16 +02:00
$payback_balance = new Payback ();
$payback_balance = $payback_balance -> load ( array ( 'invoice_id' => $invoice -> getId (), 'from_user' => $user1 -> getId (), 'to_user' => $user2 -> getId ()), true );
if ( $payback_balance !== false )
$balances [ $user1 -> getId ()][ $user2 -> getId ()] -= $payback_balance -> getAmount ();
2013-09-13 19:18:49 +02:00
}
}
}
// Then search for all invoices paid by 1 and check if user2 was in
$invoices_list_balances = new Invoice ();
$invoices_list_balances = $invoices_list_balances -> load ( array ( 'buyer' => $user1 -> getId ()));
if ( $invoices_list_balances !== false ) {
foreach ( $invoices_list_balances as $invoice ) {
if ( $invoice -> getUsersIn () -> inUsersIn ( $user2 -> getId ())) {
2013-09-14 23:21:49 +02:00
$balances [ $user1 -> getId ()][ $user2 -> getId ()] -= $invoice -> getAmountPerPerson ( $user2 -> getId ());
2013-09-15 16:39:16 +02:00
$payback_balance = new Payback ();
$payback_balance = $payback_balance -> load ( array ( 'invoice_id' => $invoice -> getId (), 'from_user' => $user2 -> getId (), 'to_user' => $user1 -> getId ()), true );
if ( $payback_balance !== false )
$balances [ $user1 -> getId ()][ $user2 -> getId ()] += $payback_balance -> getAmount ();
2013-09-13 19:18:49 +02:00
}
}
}
2013-09-15 16:39:16 +02:00
if ( $balances [ $user1 -> getId ()][ $user2 -> getId ()] == 0 ) {
$balances [ $user1 -> getId ()][ $user2 -> getId ()] = '-' ;
$balances [ $user2 -> getId ()][ $user1 -> getId ()] = '-' ;
}
2013-09-12 18:44:04 +02:00
}
}
}
2013-09-01 23:09:37 +02:00
$tpl -> assign ( 'users' , secureDisplay ( $users_list ));
$tpl -> assign ( 'invoices' , secureDisplay ( $invoices_list ));
2013-09-10 23:07:39 +02:00
$tpl -> assign ( 'paybacks' , secureDisplay ( $paybacks ));
2013-09-12 18:44:04 +02:00
$tpl -> assign ( 'balances' , secureDisplay ( $balances ));
2013-08-13 19:37:11 +02:00
2013-09-25 22:09:25 +02:00
$tpl -> assign ( 'token' , generate_token ( 'invoice' ));
2013-09-01 23:09:37 +02:00
// Cache the page (1 month to make it almost permanent and only regenerate it upon new invoice)
2013-09-15 15:28:27 +02:00
$tpl -> cache ( 'index' , 108000 , $current_user -> getLogin () . $_GET [ 'all' ]);
2013-09-01 23:09:37 +02:00
$tpl -> draw ( 'index' );
break ;
2013-09-08 18:36:59 +02:00
}
2013-08-09 00:44:43 +02:00
}