2013-08-07 20:32:44 +02:00
|
|
|
<?php
|
2013-08-11 22:25:25 +02:00
|
|
|
// Include necessary files
|
2013-08-24 23:28:56 +02:00
|
|
|
if(!file_exists('data/config.php')) { header('location: install.php'); exit(); }
|
2013-08-12 09:52:50 +02:00
|
|
|
require_once('data/config.php');
|
2013-08-09 00:44:43 +02:00
|
|
|
require_once('inc/User.class.php');
|
2013-08-13 19:37:11 +02:00
|
|
|
require_once('inc/Invoices.class.php');
|
2013-09-10 23:07:39 +02:00
|
|
|
require_once('inc/Paybacks.class.php');
|
2013-09-23 23:08:01 +02:00
|
|
|
require_once('inc/GlobalPaybacks.class.php');
|
2013-08-09 00:44:43 +02:00
|
|
|
require_once('inc/rain.tpl.class.php');
|
2013-08-12 09:52:50 +02:00
|
|
|
require_once('inc/functions.php');
|
2013-08-25 00:06:14 +02:00
|
|
|
require_once('inc/Ban.inc.php');
|
2013-08-24 23:53:52 +02:00
|
|
|
require_once('inc/CSRF.inc.php');
|
2013-12-26 00:13:54 +01:00
|
|
|
|
|
|
|
|
session_start();
|
2014-08-31 14:27:57 +02:00
|
|
|
$i18n = array();
|
|
|
|
|
require_once(LANG);
|
2013-12-26 00:13:54 +01:00
|
|
|
|
|
|
|
|
// Long lasting session inspired by the work from sbgodin for shaarli
|
|
|
|
|
define('WEB_PATH', substr($_SERVER["REQUEST_URI"], 0, 1+strrpos($_SERVER["REQUEST_URI"], '/', 0)));
|
|
|
|
|
|
2013-09-06 20:07:28 +02:00
|
|
|
if(!empty($_GET['json'])) {
|
|
|
|
|
raintpl::$tpl_dir = 'tpl/json/';
|
|
|
|
|
$get_redir = 'json=1';
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
raintpl::$tpl_dir = TEMPLATE_DIR;
|
|
|
|
|
$get_redir = '';
|
|
|
|
|
}
|
2013-08-09 00:44:43 +02:00
|
|
|
raintpl::$cache_dir = 'tmp/';
|
|
|
|
|
|
2013-08-11 22:25:25 +02:00
|
|
|
// Define raintpl instance
|
2013-08-09 00:44:43 +02:00
|
|
|
$tpl = new raintpl();
|
2013-08-09 23:47:01 +02:00
|
|
|
$tpl->assign('instance_title', htmlspecialchars(INSTANCE_TITLE));
|
2013-08-09 23:35:20 +02:00
|
|
|
$tpl->assign('connection', false);
|
2013-08-12 09:52:50 +02:00
|
|
|
$tpl->assign('notice', nl2br(getNotice()));
|
2013-08-09 23:43:56 +02:00
|
|
|
$tpl->assign('error', '');
|
2013-08-12 09:52:50 +02:00
|
|
|
$tpl->assign('base_url', htmlspecialchars(BASE_URL));
|
|
|
|
|
$tpl->assign('currency', htmlspecialchars(CURRENCY));
|
2013-08-24 23:28:56 +02:00
|
|
|
$tpl->assign('email_webmaster', htmlspecialchars(EMAIL_WEBMASTER));
|
2014-08-31 14:27:57 +02:00
|
|
|
$tpl->assign('i18n', $i18n);
|
2014-08-30 23:39:41 +02:00
|
|
|
|
2013-08-11 22:25:25 +02:00
|
|
|
$current_user = new User();
|
|
|
|
|
if(isset($_SESSION['current_user'])) {
|
|
|
|
|
$current_user->sessionRestore($_SESSION['current_user'], true);
|
|
|
|
|
}
|
|
|
|
|
else {
|
2013-12-26 00:13:54 +01:00
|
|
|
if(!empty($_COOKIE['bouffeatulm_staySignedIn']) && !empty($_COOKIE['bouffeatulm_login'])) {
|
|
|
|
|
// Connect back
|
|
|
|
|
$user = new User();
|
|
|
|
|
$user->setLogin($_COOKIE['bouffeatulm_login']);
|
|
|
|
|
|
|
|
|
|
if(ban_canLogin() == false) {
|
2013-12-26 00:20:59 +01:00
|
|
|
setcookie('bouffeatulm_login', 0, 0, WEB_PATH);
|
|
|
|
|
setcookie('bouffeatulm_staySignedIn', 0, 0, WEB_PATH);
|
2014-08-31 14:49:30 +02:00
|
|
|
exit($errors['unknown_username_password']);
|
2013-12-26 00:13:54 +01:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$user = $user->exists($_COOKIE['bouffeatulm_login']);
|
|
|
|
|
if($_COOKIE['bouffeatulm_staySignedIn'] === md5($user->getStaySignedInToken().$_SERVER['REMOTE_ADDR'])) {
|
|
|
|
|
ban_loginOk();
|
|
|
|
|
$_SESSION['current_user'] = $user->sessionStore();
|
|
|
|
|
$_SESSION['ip'] = user_ip();
|
|
|
|
|
setcookie('bouffeatulm_login', $_COOKIE['bouffeatulm_login'], time()+31536000, WEB_PATH);
|
2013-12-26 00:20:59 +01:00
|
|
|
setcookie('bouffeatulm_staySignedIn', $_COOKIE['bouffeatulm_staySignedIn'], time()+31536000, WEB_PATH);
|
2013-12-26 00:13:54 +01:00
|
|
|
header('location: index.php?'.$get_redir);
|
|
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
ban_loginFailed();
|
2013-12-26 00:20:59 +01:00
|
|
|
setcookie('bouffeatulm_login', 0, 0, WEB_PATH);
|
|
|
|
|
setcookie('bouffeatulm_staySignedIn', 0, 0, WEB_PATH);
|
2014-08-31 14:49:30 +02:00
|
|
|
exit($errors['unknown_username_password']);
|
2013-12-26 00:13:54 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$current_user = false;
|
|
|
|
|
}
|
2013-08-11 22:25:25 +02:00
|
|
|
}
|
2013-12-26 00:13:54 +01:00
|
|
|
|
2013-08-26 21:21:52 +02:00
|
|
|
$tpl->assign('current_user', secureDisplay($current_user));
|
2013-08-09 00:44:43 +02:00
|
|
|
|
2013-09-06 20:07:28 +02:00
|
|
|
if(!empty($_GET['json_token'])) {
|
|
|
|
|
$current_user = new User();
|
|
|
|
|
|
|
|
|
|
if($current_user->load(array('json_token'=>$_GET['json_token'], true)) === false) {
|
|
|
|
|
header('location: index.php?do=connect'.$get_redir);
|
|
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
if(!empty($get_redir))
|
|
|
|
|
$get_redir .= '&';
|
|
|
|
|
|
|
|
|
|
$get_redir .= 'json_token='.$_GET['json_token'];
|
|
|
|
|
}
|
2013-08-09 00:44:43 +02:00
|
|
|
}
|
2013-09-06 20:07:28 +02:00
|
|
|
else {
|
|
|
|
|
//If json token not available
|
2014-08-30 23:39:41 +02:00
|
|
|
|
2013-09-06 20:07:28 +02:00
|
|
|
// If not connected, redirect to connection page
|
|
|
|
|
if($current_user === false && (empty($_GET['do']) OR $_GET['do'] != 'connect')) {
|
|
|
|
|
header('location: index.php?do=connect&'.$get_redir);
|
|
|
|
|
exit();
|
|
|
|
|
}
|
2014-08-30 23:39:41 +02:00
|
|
|
|
2013-09-06 20:07:28 +02:00
|
|
|
// If IP has changed, logout
|
|
|
|
|
if($current_user !== false && user_ip() != $_SESSION['ip']) {
|
2013-12-26 00:13:54 +01:00
|
|
|
logout();
|
2013-09-06 20:07:28 +02:00
|
|
|
header('location: index.php?do=connect&'.$get_redir);
|
|
|
|
|
exit();
|
|
|
|
|
}
|
2013-08-25 22:36:46 +02:00
|
|
|
}
|
2013-08-24 23:53:52 +02:00
|
|
|
|
2013-08-11 22:25:25 +02:00
|
|
|
// Initialize empty $_GET['do'] if required to avoid error
|
2013-08-09 00:44:43 +02:00
|
|
|
if(empty($_GET['do'])) {
|
|
|
|
|
$_GET['do'] = '';
|
|
|
|
|
}
|
|
|
|
|
|
2013-08-11 22:25:25 +02:00
|
|
|
// Check what to do
|
2013-08-09 00:44:43 +02:00
|
|
|
switch($_GET['do']) {
|
|
|
|
|
case 'connect':
|
2013-08-11 22:25:25 +02:00
|
|
|
if($current_user !== false) {
|
2013-09-06 20:07:28 +02:00
|
|
|
header('location: index.php?'.$get_redir);
|
2013-08-24 23:28:56 +02:00
|
|
|
exit();
|
2013-08-11 22:25:25 +02:00
|
|
|
}
|
2013-08-24 23:53:52 +02:00
|
|
|
if(!empty($_POST['login']) && !empty($_POST['password']) && check_token(600, 'connection')) {
|
2013-08-12 09:52:50 +02:00
|
|
|
$user = new User();
|
|
|
|
|
$user->setLogin($_POST['login']);
|
2013-08-24 23:28:56 +02:00
|
|
|
if(ban_canLogin() == false) {
|
2014-08-31 14:49:30 +02:00
|
|
|
$error = $errors['unknown_username_password'];
|
2013-08-09 00:44:43 +02:00
|
|
|
}
|
|
|
|
|
else {
|
2013-08-29 12:26:28 +02:00
|
|
|
$user = $user->exists($_POST['login']);
|
|
|
|
|
if($user !== false && $user->checkPassword($_POST['password'])) {
|
2013-08-24 23:28:56 +02:00
|
|
|
ban_loginOk();
|
|
|
|
|
$_SESSION['current_user'] = $user->sessionStore();
|
|
|
|
|
$_SESSION['ip'] = user_ip();
|
|
|
|
|
|
|
|
|
|
if(!empty($_POST['remember_me'])) { // Handle remember me cookie
|
2013-12-26 00:13:54 +01:00
|
|
|
$token = md5(uniqid(mt_rand(), true));
|
|
|
|
|
$user->setStaySignedInToken($token);
|
|
|
|
|
$user->save();
|
|
|
|
|
setcookie('bouffeatulm_login', $_POST['login'], time()+31536000, WEB_PATH);
|
|
|
|
|
setcookie('bouffeatulm_staySignedIn', md5($token.$_SERVER['REMOTE_ADDR']), time()+31536000, WEB_PATH);
|
2013-08-24 23:28:56 +02:00
|
|
|
}
|
|
|
|
|
|
2013-09-06 20:07:28 +02:00
|
|
|
header('location: index.php?'.$get_redir);
|
2013-08-24 23:28:56 +02:00
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
ban_loginFailed();
|
2014-08-31 14:49:30 +02:00
|
|
|
$error = $errors['unknown_username_password'];
|
2013-08-24 23:28:56 +02:00
|
|
|
}
|
2013-08-09 00:44:43 +02:00
|
|
|
}
|
|
|
|
|
}
|
2013-08-25 22:36:46 +02:00
|
|
|
$tpl->assign('connection', true);
|
2013-08-09 23:47:01 +02:00
|
|
|
$tpl->assign('user_post', (!empty($_POST['login'])) ? htmlspecialchars($_POST['login']) : '');
|
2013-09-27 17:33:04 +02:00
|
|
|
if(!empty($error))
|
|
|
|
|
$tpl->assign('error', $error);
|
2013-08-24 23:53:52 +02:00
|
|
|
$tpl->assign('token', generate_token('connection'));
|
|
|
|
|
$tpl->draw('connection');
|
2013-08-09 00:44:43 +02:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'disconnect':
|
|
|
|
|
$current_user = false;
|
2013-12-26 00:13:54 +01:00
|
|
|
logout();
|
2013-09-06 20:07:28 +02:00
|
|
|
header('location: index.php?do=connect&'.$get_redir);
|
2013-08-09 00:44:43 +02:00
|
|
|
exit();
|
2013-08-09 23:35:20 +02:00
|
|
|
break;
|
2013-08-09 00:44:43 +02:00
|
|
|
|
2013-08-09 23:35:20 +02:00
|
|
|
case 'password':
|
2013-09-28 19:35:13 +02:00
|
|
|
if(!empty($_POST['email']) && !empty($_POST['notifications'])) {
|
2013-09-28 19:31:27 +02:00
|
|
|
if(check_token(600, 'password')) {
|
|
|
|
|
if(!empty($_POST['password']) && !empty($_POST['password_confirm'])) {
|
|
|
|
|
if($_POST['password'] == $_POST['password_confirm']) {
|
|
|
|
|
$current_user->setPassword($current_user->encrypt($_POST['password']));
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$error = true;
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['password_mismatch']);
|
2013-09-28 19:31:27 +02:00
|
|
|
}
|
|
|
|
|
}
|
2013-08-09 00:44:43 +02:00
|
|
|
|
2013-09-28 19:31:27 +02:00
|
|
|
if($current_user->setEmail($_POST['email']) === false) {
|
|
|
|
|
$error = true;
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['email_invalid']);
|
2013-09-28 19:31:27 +02:00
|
|
|
}
|
2014-08-30 23:39:41 +02:00
|
|
|
|
2013-09-28 19:35:13 +02:00
|
|
|
$current_user->setNotifications($_POST['notifications']);
|
2013-09-28 19:31:27 +02:00
|
|
|
$current_user->save();
|
|
|
|
|
|
|
|
|
|
if(!empty($error)) {
|
2013-09-06 20:07:28 +02:00
|
|
|
header('location: index.php?'.$get_redir);
|
2013-08-25 23:06:47 +02:00
|
|
|
exit();
|
|
|
|
|
}
|
2013-08-09 23:43:56 +02:00
|
|
|
}
|
|
|
|
|
else {
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['token_error']);
|
2013-08-09 23:43:56 +02:00
|
|
|
}
|
|
|
|
|
}
|
2013-09-28 19:31:27 +02:00
|
|
|
|
2013-08-10 23:58:40 +02:00
|
|
|
$tpl->assign('view', 'password');
|
2013-09-06 20:07:28 +02:00
|
|
|
$tpl->assign('json_token', htmlspecialchars($current_user->getJsonToken()));
|
2013-08-25 23:06:47 +02:00
|
|
|
$tpl->assign('token', generate_token('password'));
|
2013-08-09 23:35:20 +02:00
|
|
|
$tpl->draw('edit_users');
|
|
|
|
|
break;
|
|
|
|
|
|
2013-08-10 23:58:40 +02:00
|
|
|
case 'edit_users':
|
|
|
|
|
case 'add_user':
|
2013-08-11 22:25:25 +02:00
|
|
|
if(!$current_user->getAdmin()) {
|
2013-09-06 20:07:28 +02:00
|
|
|
header('location: index.php?'.$get_redir);
|
2013-08-24 23:28:56 +02:00
|
|
|
exit();
|
2013-08-10 23:58:40 +02:00
|
|
|
}
|
2013-08-11 22:25:25 +02:00
|
|
|
|
2014-08-30 23:39:41 +02:00
|
|
|
if(!empty($_POST['login']) && (!empty($_POST['password']) || !empty($_POST['user_id'])) && !empty($_POST['notifications']) && isset($_POST['admin'])) {
|
2013-08-25 23:06:47 +02:00
|
|
|
if(check_token(600, 'edit_users')) {
|
2013-08-24 23:53:52 +02:00
|
|
|
$user = new User();
|
|
|
|
|
if(!empty($_POST['user_id'])) {
|
2013-10-28 21:24:01 +01:00
|
|
|
$user = $user->load(array('id' => $_POST['user_id']), true);
|
2013-08-24 23:53:52 +02:00
|
|
|
}
|
2013-09-06 20:07:28 +02:00
|
|
|
else {
|
|
|
|
|
$user->newJsonToken();
|
|
|
|
|
}
|
2013-08-24 23:53:52 +02:00
|
|
|
$user->setLogin($_POST['login']);
|
2014-08-30 23:39:41 +02:00
|
|
|
$user->setDisplayName(!empty($_POST['display_name']) ? $_POST['display_name'] : '');
|
2013-08-24 23:53:52 +02:00
|
|
|
if(!empty($_POST['password'])) {
|
|
|
|
|
$user->setPassword($user->encrypt($_POST['password']));
|
|
|
|
|
}
|
|
|
|
|
$user->setAdmin($_POST['admin']);
|
2014-08-31 15:09:50 +02:00
|
|
|
$user->setStaySignedInToken(NULL);
|
2013-08-11 22:25:25 +02:00
|
|
|
|
2013-09-28 19:31:27 +02:00
|
|
|
if($user->setEmail($_POST['email']) !== false) {
|
|
|
|
|
if(!empty($_POST['user_id']) || $user->isUnique()) {
|
2013-09-28 19:35:13 +02:00
|
|
|
$user->setNotifications($_POST['notifications']);
|
|
|
|
|
|
2013-09-28 19:31:27 +02:00
|
|
|
$user->save();
|
2013-09-02 00:23:37 +02:00
|
|
|
|
2013-09-28 19:31:27 +02:00
|
|
|
// Clear the cache
|
|
|
|
|
($cached_files = glob(raintpl::$cache_dir."*.rtpl.php")) or ($cached_files = array());
|
|
|
|
|
array_map("unlink", $cached_files);
|
2013-09-02 00:23:37 +02:00
|
|
|
|
2013-09-28 19:31:27 +02:00
|
|
|
header('location: index.php?do=edit_users&'.$get_redir);
|
|
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
else {
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['user_already_exists']);
|
2013-09-28 19:31:27 +02:00
|
|
|
}
|
2013-08-25 00:06:14 +02:00
|
|
|
}
|
|
|
|
|
else {
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['email_invalid']);
|
2013-08-25 00:06:14 +02:00
|
|
|
}
|
2013-08-24 23:53:52 +02:00
|
|
|
}
|
2013-08-25 23:06:47 +02:00
|
|
|
else {
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['token_error']);
|
2013-08-25 23:06:47 +02:00
|
|
|
}
|
2013-08-11 22:25:25 +02:00
|
|
|
}
|
2014-08-30 23:39:41 +02:00
|
|
|
|
2013-08-10 23:58:40 +02:00
|
|
|
if(!empty($_GET['user_id']) || $_GET['do'] == 'add_user') {
|
|
|
|
|
if(!empty($_GET['user_id'])) {
|
|
|
|
|
$user_id = (int) $_GET['user_id'];
|
|
|
|
|
$user = new User();
|
2013-08-27 15:51:04 +02:00
|
|
|
$user = $user->load(array('id'=>$user_id), true);
|
2013-08-26 21:21:52 +02:00
|
|
|
$tpl->assign('user_data', $user->secureDisplay());
|
2013-08-10 23:58:40 +02:00
|
|
|
}
|
2013-08-12 09:52:50 +02:00
|
|
|
$tpl->assign('user_id', (!empty($user_id) ? (int) $user_id : -1));
|
2013-08-10 23:58:40 +02:00
|
|
|
$tpl->assign('view', 'edit_user');
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$users_list = new User();
|
2013-08-27 15:51:04 +02:00
|
|
|
$users_list = $users_list->load();
|
2013-08-11 22:25:25 +02:00
|
|
|
|
2013-08-26 21:21:52 +02:00
|
|
|
$tpl->assign('users', secureDisplay($users_list));
|
2013-08-10 23:58:40 +02:00
|
|
|
$tpl->assign('view', 'list_users');
|
|
|
|
|
}
|
2013-08-11 22:25:25 +02:00
|
|
|
$tpl->assign('login_post', (!empty($_POST['login']) ? htmlspecialchars($_POST['login']) : ''));
|
2013-09-28 19:31:27 +02:00
|
|
|
$tpl->assign('email_post', (!empty($_POST['email']) ? htmlspecialchars($_POST['email']) : ''));
|
2013-08-13 17:58:14 +02:00
|
|
|
$tpl->assign('display_name_post', (!empty($_POST['display_name']) ? htmlspecialchars($_POST['display_name']) : ''));
|
2013-08-11 22:25:25 +02:00
|
|
|
$tpl->assign('admin_post', (isset($_POST['admin']) ? (int) $_POST['admin'] : -1));
|
2013-08-24 23:53:52 +02:00
|
|
|
$tpl->assign('token', generate_token('edit_users'));
|
2013-08-10 23:58:40 +02:00
|
|
|
$tpl->draw('edit_users');
|
|
|
|
|
break;
|
|
|
|
|
|
2013-09-06 20:07:28 +02:00
|
|
|
case 'new_token':
|
|
|
|
|
if(!empty($_GET['user_id']) && $current_user->getAdmin()) {
|
|
|
|
|
$user_id = (int) $_GET['user_id'];
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$user_id = $current_user->getId();
|
|
|
|
|
}
|
|
|
|
|
|
2014-08-30 23:39:41 +02:00
|
|
|
if(check_token(600, 'password') || check_token(600, 'edit_users')) {
|
2013-09-25 22:09:25 +02:00
|
|
|
$user = new User();
|
|
|
|
|
$user = $user->load(array('id'=>$user_id), true);
|
|
|
|
|
$user->newJsonToken();
|
|
|
|
|
$user->save();
|
2013-10-28 21:24:01 +01:00
|
|
|
|
|
|
|
|
if(empty($_GET['user_id']))
|
|
|
|
|
$_SESSION['current_user'] = $user->sessionStore();
|
2014-08-30 23:39:41 +02:00
|
|
|
|
2013-09-26 18:34:29 +02:00
|
|
|
if(!empty($_GET['user_id']))
|
|
|
|
|
header('location: index.php?do=edit_users&user_id='.$user_id);
|
|
|
|
|
else
|
|
|
|
|
header('location: index.php?do=password&'.$get_redir);
|
2013-09-25 22:09:25 +02:00
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
else {
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['token_error']);
|
2013-09-26 18:34:29 +02:00
|
|
|
$tpl->assign('block_error', true);
|
2013-09-25 22:09:25 +02:00
|
|
|
$tpl->draw('index');
|
2013-09-26 18:34:29 +02:00
|
|
|
exit();
|
2013-09-25 22:09:25 +02:00
|
|
|
}
|
2013-09-06 20:07:28 +02:00
|
|
|
break;
|
|
|
|
|
|
2013-08-10 23:58:40 +02:00
|
|
|
case 'delete_user':
|
2013-08-11 22:25:25 +02:00
|
|
|
if($_GET['user_id'] != $current_user->getId()) {
|
2013-09-26 17:21:46 +02:00
|
|
|
if(check_token(600, 'edit_users')) {
|
2013-09-25 22:09:25 +02:00
|
|
|
$user = new User();
|
|
|
|
|
$user->setId($_GET['user_id']);
|
|
|
|
|
$user->delete();
|
2013-09-14 23:21:49 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
// Update concerned invoices
|
|
|
|
|
$invoices = new Invoice();
|
|
|
|
|
$invoices = $invoices->load();
|
|
|
|
|
if($invoices !== FALSE) {
|
|
|
|
|
foreach($invoices as $invoice) {
|
|
|
|
|
if($invoice->getBuyer() == $_GET['user_id']) {
|
2013-09-15 16:19:37 +02:00
|
|
|
$invoice->delete();
|
2013-09-25 22:09:25 +02:00
|
|
|
}
|
|
|
|
|
if($invoice->getUsersIn()->inUsersIn($_GET['user_id'])) {
|
|
|
|
|
$users_in = $invoice->getUsersIn()->get();
|
|
|
|
|
unset($users_in[$_GET['user_id']]);
|
|
|
|
|
|
|
|
|
|
if(empty($users_in) || array_keys($users_in) == array($invoice->getBuyer()))
|
|
|
|
|
$invoice->delete();
|
|
|
|
|
else {
|
|
|
|
|
$invoice->setUsersIn($users_in);
|
|
|
|
|
$invoice->save();
|
|
|
|
|
}
|
2013-09-15 16:19:37 +02:00
|
|
|
}
|
2013-09-14 23:21:49 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
// Update paybacks
|
|
|
|
|
$paybacks = new Payback();
|
|
|
|
|
$paybacks = $paybacks->load(array('from_user'=>(int) $_GET['user_id']));
|
|
|
|
|
if($paybacks !== FALSE) {
|
|
|
|
|
foreach($paybacks as $payback) {
|
|
|
|
|
$payback->delete();
|
|
|
|
|
}
|
2013-09-14 23:21:49 +02:00
|
|
|
}
|
2013-09-25 22:09:25 +02:00
|
|
|
$paybacks = new Payback();
|
|
|
|
|
$paybacks = $paybacks->load(array('to_user'=>(int) $_GET['user_id']));
|
|
|
|
|
if($paybacks !== FALSE) {
|
|
|
|
|
foreach($paybacks as $payback) {
|
|
|
|
|
$payback->delete();
|
|
|
|
|
}
|
2013-09-14 23:21:49 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
// Clear the cache
|
|
|
|
|
($cached_files = glob(raintpl::$cache_dir."*.rtpl.php")) or ($cached_files = array());
|
|
|
|
|
array_map("unlink", $cached_files);
|
2013-09-02 00:23:37 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
header('location: index.php?do=edit_users&'.$get_redir);
|
|
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
else {
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['token_error']);
|
2013-09-26 18:34:29 +02:00
|
|
|
$tpl->assign('block_error', 'true');
|
2013-09-25 22:09:25 +02:00
|
|
|
$tpl->draw('index');
|
2013-09-26 18:34:29 +02:00
|
|
|
exit();
|
2013-09-25 22:09:25 +02:00
|
|
|
}
|
2013-08-11 22:25:25 +02:00
|
|
|
}
|
2013-08-10 23:58:40 +02:00
|
|
|
break;
|
|
|
|
|
|
2013-08-12 09:52:50 +02:00
|
|
|
case 'edit_notice':
|
|
|
|
|
if(isset($_POST['notice'])) {
|
2013-09-26 17:36:59 +02:00
|
|
|
$tpl->assign('notice', htmlspecialchars($_POST['notice']));
|
2013-09-26 17:21:46 +02:00
|
|
|
if(check_token(600, 'settings')) {
|
2013-09-25 22:09:25 +02:00
|
|
|
setNotice($_POST['notice']);
|
2013-09-02 00:23:37 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
// Clear the cache
|
|
|
|
|
($cached_files = glob(raintpl::$cache_dir."*.rtpl.php")) or ($cached_files = array());
|
|
|
|
|
array_map("unlink", $cached_files);
|
2014-08-30 23:39:41 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
header('location: index.php?'.$get_redir);
|
|
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
else {
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['token_error']);
|
2013-09-25 22:09:25 +02:00
|
|
|
}
|
2013-08-12 09:52:50 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$tpl->assign('show_settings', false);
|
2013-09-26 17:36:59 +02:00
|
|
|
$tpl->assign('token', generate_token('settings'));
|
2013-08-12 09:52:50 +02:00
|
|
|
$tpl->draw('settings');
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'settings':
|
2014-08-30 23:57:12 +02:00
|
|
|
if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_db']) && !empty($_POST['instance_title']) && !empty($_POST['base_url']) && !empty($_POST['currency']) && !empty($_POST['timezone']) && !empty($_POST['template'])) {
|
2013-08-25 23:06:47 +02:00
|
|
|
if(check_token(600, 'settings')) {
|
|
|
|
|
if(!is_writable('data/')) {
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl>assign('error', $errors['write_error_data']);
|
2013-08-25 23:06:47 +02:00
|
|
|
}
|
|
|
|
|
else {
|
2013-09-05 23:57:47 +02:00
|
|
|
if(!is_dir('tpl/'.$_POST['template'])) {
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['template_error']);
|
2013-09-05 23:46:51 +02:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$config = file('data/config.php');
|
|
|
|
|
|
|
|
|
|
foreach($config as $line_number=>$line) {
|
2013-09-21 14:36:30 +02:00
|
|
|
if(strpos(trim($line), "MYSQL_HOST") !== false)
|
2013-10-03 16:57:56 +02:00
|
|
|
$config[$line_number] = "\tdefine('MYSQL_HOST', '".$_POST['mysql_host']."');\n";
|
2013-09-21 14:36:30 +02:00
|
|
|
elseif(strpos(trim($line), "MYSQL_LOGIN") !== false)
|
2013-10-03 16:57:56 +02:00
|
|
|
$config[$line_number] = "\tdefine('MYSQL_LOGIN', '".$_POST['mysql_login']."');\n";
|
2013-09-21 14:36:30 +02:00
|
|
|
elseif(strpos(trim($line), "MYSQL_PASSWORD") !== false && !empty($_POST['mysql_password']))
|
2013-10-03 16:57:56 +02:00
|
|
|
$config[$line_number] = "\tdefine('MYSQL_PASSWORD', '".$_POST['mysql_password']."');\n";
|
2013-09-21 14:36:30 +02:00
|
|
|
elseif(strpos(trim($line), "MYSQL_DB") !== false)
|
2013-10-03 16:57:56 +02:00
|
|
|
$config[$line_number] = "\tdefine('MYSQL_DB', '".$_POST['mysql_db']."');\n";
|
2013-09-21 14:36:30 +02:00
|
|
|
elseif(strpos(trim($line), "MYSQL_PREFIX") !== false && !empty($_POST['mysql_prefix']))
|
2013-10-03 16:57:56 +02:00
|
|
|
$config[$line_number] = "\tdefine('MYSQL_PREFIX', '".$_POST['mysql_prefix']."');\n";
|
2013-09-21 14:36:30 +02:00
|
|
|
elseif(strpos(trim($line), "INSTANCE_TITLE") !== false)
|
2013-10-03 16:57:56 +02:00
|
|
|
$config[$line_number] = "\tdefine('INSTANCE_TITLE', '".$_POST['instance_title']."');\n";
|
2013-09-21 14:36:30 +02:00
|
|
|
elseif(strpos(trim($line), "BASE_URL") !== false)
|
2013-10-03 16:57:56 +02:00
|
|
|
$config[$line_number] = "\tdefine('BASE_URL', '".$_POST['base_url']."');\n";
|
2013-09-21 14:36:30 +02:00
|
|
|
elseif(strpos(trim($line), "CURRENCY") !== false)
|
2013-10-03 16:57:56 +02:00
|
|
|
$config[$line_number] = "\tdefine('CURRENCY', '".$_POST['currency']."');\n";
|
2013-09-21 14:36:30 +02:00
|
|
|
elseif(strpos(trim($line), "EMAIL_WEBMASTER") !== false)
|
2013-10-03 16:57:56 +02:00
|
|
|
$config[$line_number] = "\tdefine('EMAIL_WEBMASTER', '".$_POST['email_webmaster']."');\n";
|
2013-09-21 14:36:30 +02:00
|
|
|
elseif(strpos(trim($line), "TEMPLATE_DIR") !== false)
|
2013-10-03 16:57:56 +02:00
|
|
|
$config[$line_number] = "\tdefine('TEMPLATE_DIR', 'tpl/".$_POST['template']."/');\n";
|
2013-09-21 14:36:30 +02:00
|
|
|
elseif(strpos(trim($line), "LANG") !== false)
|
2014-08-30 23:57:12 +02:00
|
|
|
$config[$line_number] = "\tdefine('LANG', 'i18n/".$_POST['lang']."');\n";
|
2013-09-21 14:36:30 +02:00
|
|
|
elseif(strpos(trim($line), 'date_default_timezone_set') !== false)
|
2013-10-03 16:57:56 +02:00
|
|
|
$config[$line_number] = "\tdate_default_timezone_set('".$_POST['timezone']."');\n";
|
2013-09-05 23:46:51 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(file_put_contents("data/config.php", $config)) {
|
|
|
|
|
// Clear the cache
|
2013-09-21 14:36:30 +02:00
|
|
|
($cached_files = glob(raintpl::$cache_dir."*.rtpl.php")) or ($cached_files = array());
|
|
|
|
|
array_map("unlink", $cached_files);
|
2013-09-05 23:46:51 +02:00
|
|
|
|
2013-09-06 20:07:28 +02:00
|
|
|
header('location: index.php?'.$get_redir);
|
2013-09-05 23:46:51 +02:00
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
else {
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['unable_write_config']);
|
2013-09-05 23:46:51 +02:00
|
|
|
}
|
|
|
|
|
}
|
2013-08-25 23:06:47 +02:00
|
|
|
}
|
2013-08-12 09:52:50 +02:00
|
|
|
}
|
|
|
|
|
else {
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['token_error']);
|
2013-08-12 09:52:50 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-08-26 21:21:52 +02:00
|
|
|
$tpl->assign('mysql_host', htmlspecialchars(MYSQL_HOST));
|
|
|
|
|
$tpl->assign('mysql_login', htmlspecialchars(MYSQL_LOGIN));
|
|
|
|
|
$tpl->assign('mysql_db', htmlspecialchars(MYSQL_DB));
|
|
|
|
|
$tpl->assign('mysql_prefix', htmlspecialchars(MYSQL_PREFIX));
|
2013-08-22 23:14:14 +02:00
|
|
|
$tpl->assign('timezone', @date_default_timezone_get());
|
2013-08-12 09:52:50 +02:00
|
|
|
$tpl->assign('show_settings', true);
|
2013-08-24 23:53:52 +02:00
|
|
|
$tpl->assign('token', generate_token('settings'));
|
2014-08-30 23:39:41 +02:00
|
|
|
$tpl->assign('templates', secureDisplay(listTemplates('tpl/')));
|
|
|
|
|
$tpl->assign('current_template', htmlspecialchars(trim(substr(TEMPLATE_DIR, 4), '/')));
|
2014-08-30 23:57:12 +02:00
|
|
|
$tpl->assign('current_lang', htmlspecialchars(LANG));
|
|
|
|
|
$tpl->assign('available_lang', secureDisplay(listLangs()));
|
2013-08-12 09:52:50 +02:00
|
|
|
$tpl->draw('settings');
|
|
|
|
|
break;
|
|
|
|
|
|
2013-08-13 19:37:11 +02:00
|
|
|
case 'new_invoice':
|
2013-08-17 19:16:16 +02:00
|
|
|
case 'edit_invoice':
|
2014-08-31 18:32:31 +02:00
|
|
|
$users_list = new User();
|
|
|
|
|
$users_list = $users_list->load();
|
|
|
|
|
|
2013-08-17 19:16:16 +02:00
|
|
|
if(!empty($_GET['id'])) {
|
|
|
|
|
$invoice = new Invoice();
|
2013-08-30 20:07:52 +02:00
|
|
|
$invoice = $invoice->load(array('id'=>(int) $_GET['id']), true);
|
2013-08-17 19:16:16 +02:00
|
|
|
|
2013-08-30 20:07:52 +02:00
|
|
|
$date_hour = $invoice->getDate('a');
|
|
|
|
|
$date_day = $invoice->getDate('d');
|
|
|
|
|
$date_month = $invoice->getDate('m');
|
|
|
|
|
$date_year = $invoice->getDate('Y');
|
2013-08-17 19:16:16 +02:00
|
|
|
$amount = $invoice->getAmount();
|
|
|
|
|
$what = $invoice->getWhat();
|
2013-09-08 16:29:55 +02:00
|
|
|
$users_in = $invoice->getUsersIn()->get();
|
2013-08-17 19:16:16 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(!empty($_POST['what'])) $what = $_POST['what'];
|
|
|
|
|
if(!empty($_POST['amount'])) $amount = $_POST['amount'];
|
|
|
|
|
if(!empty($_POST['date_day'])) $date_day = $_POST['date_day'];
|
|
|
|
|
if(!empty($_POST['date_month'])) $date_month = $_POST['date_month'];
|
|
|
|
|
if(!empty($_POST['date_year'])) $date_year = $_POST['date_year'];
|
2013-09-08 16:29:55 +02:00
|
|
|
if(!empty($_POST['users_in'])) {
|
|
|
|
|
$users_in = array();
|
|
|
|
|
foreach($_POST['users_in'] as $user) {
|
|
|
|
|
$users_in[(int) $user] = (int) $_POST['guest_user_'.$user];
|
|
|
|
|
}
|
|
|
|
|
}
|
2013-08-17 19:16:16 +02:00
|
|
|
|
2013-11-04 19:53:47 +01:00
|
|
|
if(!empty($_POST['what']) && !empty($_POST['amount']) && (float) $_POST['amount'] != 0 && isset($_POST['date_hour']) && !empty($_POST['date_day']) && !empty($_POST['date_month']) && !empty($_POST['date_year']) && !empty($_POST['users_in'])) {
|
2013-08-25 23:06:47 +02:00
|
|
|
if(check_token(600, 'new_invoice')) {
|
2013-08-30 20:07:52 +02:00
|
|
|
if($_POST['amount'] <= 0) {
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['negative_amount']);
|
2013-08-25 23:06:47 +02:00
|
|
|
}
|
2013-08-30 20:07:52 +02:00
|
|
|
else {
|
2013-09-15 16:28:44 +02:00
|
|
|
if(array_keys($users_in) == array($current_user->getId())) {
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['no_users']);
|
2013-09-15 16:28:44 +02:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$invoice = new Invoice();
|
2013-08-30 20:07:52 +02:00
|
|
|
|
2014-08-31 18:32:31 +02:00
|
|
|
if(!empty($_POST['id'])) {
|
2013-09-15 16:28:44 +02:00
|
|
|
$invoice->setId($_POST['id']);
|
2014-08-31 18:32:31 +02:00
|
|
|
}
|
2013-08-30 20:07:52 +02:00
|
|
|
|
2013-09-15 16:28:44 +02:00
|
|
|
$invoice->setWhat($_POST['what']);
|
|
|
|
|
$invoice->setAmount($_POST['amount']);
|
2014-01-27 00:00:47 +01:00
|
|
|
|
2014-08-31 18:32:31 +02:00
|
|
|
if(empty($_POST['id'])) {
|
2014-01-27 00:00:47 +01:00
|
|
|
$invoice->setBuyer($current_user->getId());
|
2014-08-31 18:32:31 +02:00
|
|
|
}
|
2014-01-27 00:00:47 +01:00
|
|
|
|
2013-09-15 16:28:44 +02:00
|
|
|
$invoice->setDate(0, int2ampm($_POST['date_hour']), $_POST['date_day'], $_POST['date_month'], $_POST['date_year']);
|
2013-08-30 20:07:52 +02:00
|
|
|
|
2014-08-30 23:39:41 +02:00
|
|
|
|
2013-09-15 16:28:44 +02:00
|
|
|
$invoice->setUsersIn($users_in);
|
2013-08-13 19:37:11 +02:00
|
|
|
|
2013-09-15 16:28:44 +02:00
|
|
|
$invoice->save();
|
2013-09-02 00:23:37 +02:00
|
|
|
|
2014-08-31 18:32:31 +02:00
|
|
|
// Send notifications
|
|
|
|
|
if (!empty($_POST['id'])) {
|
|
|
|
|
$invoice = new Invoice();
|
|
|
|
|
$invoice = $invoice->load(array('id'=>$_POST['id']), true);
|
|
|
|
|
$buyer = $invoice->getBuyer();
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$buyer = $current_user->getId();
|
|
|
|
|
}
|
|
|
|
|
foreach ($users_in as $user_in=>$guest) {
|
|
|
|
|
if (empty($_POST['id']) && $user_in == $buyer) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
$user_in_details = new User();
|
|
|
|
|
$user_in_details = $user_in_details->load(array('id'=>$user_in), true);
|
|
|
|
|
if (!empty($user_in_details->getEmail()) && $user_in_details->getNotifications() === 3) {
|
|
|
|
|
sendmail($user_in_details, $subject, $msg, $from); // TODO notifs
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-15 16:28:44 +02:00
|
|
|
// Clear the cache
|
2013-09-21 14:36:30 +02:00
|
|
|
($cached_files = glob(raintpl::$cache_dir."*.rtpl.php")) or ($cached_files = array());
|
|
|
|
|
array_map("unlink", $cached_files);
|
2013-09-02 00:23:37 +02:00
|
|
|
|
2013-09-15 16:28:44 +02:00
|
|
|
header('location: index.php?'.$get_redir);
|
|
|
|
|
exit();
|
|
|
|
|
}
|
2013-08-30 20:07:52 +02:00
|
|
|
}
|
2013-08-25 23:06:47 +02:00
|
|
|
}
|
|
|
|
|
else {
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['token_error']);
|
2013-08-25 23:06:47 +02:00
|
|
|
}
|
2013-08-13 19:37:11 +02:00
|
|
|
}
|
|
|
|
|
|
2013-08-26 21:21:52 +02:00
|
|
|
$tpl->assign('days', range(1,31));
|
2013-08-13 19:37:11 +02:00
|
|
|
$tpl->assign('months', range(1, 12));
|
|
|
|
|
$tpl->assign('years', range(date('Y') - 1, date('Y') + 1));
|
|
|
|
|
|
2013-08-30 20:07:52 +02:00
|
|
|
$tpl->assign('hour_post', (!empty($date_hour) ? (int) ampm2int($date_hour) : (int) ampm2int(date('a'))));
|
2013-08-17 19:16:16 +02:00
|
|
|
$tpl->assign('day_post', (!empty($date_day) ? (int) $date_day : (int) date('d')));
|
|
|
|
|
$tpl->assign('month_post', (!empty($date_month) ? (int) $date_month : (int) date('m')));
|
|
|
|
|
$tpl->assign('year_post', (!empty($date_year) ? (int) $date_year : (int) date('Y')));
|
|
|
|
|
$tpl->assign('amount_post', (!empty($amount) ? (float) $amount : 0));
|
|
|
|
|
$tpl->assign('what_post', (!empty($what) ? htmlspecialchars($what) : ''));
|
2013-08-26 21:21:52 +02:00
|
|
|
$tpl->assign('users', secureDisplay($users_list));
|
2013-09-27 17:33:04 +02:00
|
|
|
|
2013-09-29 19:38:39 +02:00
|
|
|
if(isset($_POST['what']) && empty($_POST['what']))
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['what_unknown']);
|
2013-09-29 19:38:39 +02:00
|
|
|
if(!empty($_POST['amount']) && (float) $_POST['amount'] == 0)
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['incorrect_amount']);
|
2013-09-27 17:33:04 +02:00
|
|
|
|
2013-08-17 19:16:16 +02:00
|
|
|
$tpl->assign('users_in', (!empty($users_in) ? $users_in : array()));
|
|
|
|
|
$tpl->assign('id', (!empty($_GET['id']) ? (int) $_GET['id'] : 0));
|
2013-08-24 23:53:52 +02:00
|
|
|
$tpl->assign('token', generate_token('new_invoice'));
|
2013-08-13 19:37:11 +02:00
|
|
|
$tpl->draw('new_invoice');
|
|
|
|
|
break;
|
|
|
|
|
|
2013-08-17 19:28:42 +02:00
|
|
|
case 'delete_invoice':
|
|
|
|
|
if(!empty($_GET['id'])) {
|
2013-09-26 17:21:46 +02:00
|
|
|
if(check_token(600, 'invoice')) {
|
2013-09-25 22:09:25 +02:00
|
|
|
$invoice = new Invoice();
|
|
|
|
|
$invoice = $invoice->load(array('id'=>(int) $_GET['id']), true);
|
2013-08-17 19:28:42 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
if($current_user->getAdmin() || $invoice->getBuyer() == $current_user->getId()) {
|
|
|
|
|
$invoice->delete();
|
2013-09-02 00:23:37 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
// Delete related paybacks
|
|
|
|
|
$paybacks = new Payback();
|
|
|
|
|
$paybacks = $paybacks->load(array('invoice_id'=>(int) $_GET['id']));
|
2013-09-14 23:36:19 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
if($paybacks !== false) {
|
|
|
|
|
foreach($paybacks as $payback) {
|
|
|
|
|
$payback->delete();
|
|
|
|
|
}
|
2013-09-14 23:36:19 +02:00
|
|
|
}
|
|
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
// Clear the cache
|
|
|
|
|
($cached_files = glob(raintpl::$cache_dir."*.rtpl.php")) or ($cached_files = array());
|
|
|
|
|
array_map("unlink", $cached_files);
|
2013-09-08 18:36:59 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
header('location: index.php?'.$get_redir);
|
|
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
else {
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['unauthorized']);
|
2013-09-26 18:34:29 +02:00
|
|
|
$tpl->assign('block_error', true);
|
2013-09-25 22:09:25 +02:00
|
|
|
$tpl->draw('index');
|
2013-09-26 18:34:29 +02:00
|
|
|
exit();
|
2013-09-25 22:09:25 +02:00
|
|
|
}
|
2013-09-08 18:36:59 +02:00
|
|
|
}
|
|
|
|
|
else {
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['token_error']);
|
2013-09-26 18:34:29 +02:00
|
|
|
$tpl->assign('block_error', true);
|
2013-09-08 18:36:59 +02:00
|
|
|
$tpl->draw('index');
|
2013-09-26 18:34:29 +02:00
|
|
|
exit();
|
2013-09-08 18:36:59 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
2013-09-06 20:07:28 +02:00
|
|
|
header('location: index.php?'.$get_redir);
|
2013-08-17 19:28:42 +02:00
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
2013-09-11 00:51:45 +02:00
|
|
|
case 'confirm_payback':
|
2013-09-15 16:28:44 +02:00
|
|
|
if(!empty($_GET['from']) && !empty($_GET['to']) && !empty($_GET['invoice_id']) && $_GET['from'] != $_GET['to']) {
|
2013-09-11 00:51:45 +02:00
|
|
|
if($_GET['to'] == $current_user->getId() || $current_user->getAdmin()) {
|
2013-09-26 17:21:46 +02:00
|
|
|
if(check_token(600, 'invoice')) {
|
2013-09-25 22:09:25 +02:00
|
|
|
$invoice = new Invoice();
|
|
|
|
|
$invoice = $invoice->load(array('id'=>(int) $_GET['invoice_id']), true);
|
2013-09-11 00:51:45 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
$payback = new Payback();
|
2013-09-11 00:51:45 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
if(!empty($_GET['payback_id'])) {
|
|
|
|
|
$payback = $payback->load(array('id'=>(int) $_GET['payback_id']), true);
|
2013-09-11 00:51:45 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
if($payback->getFrom() != $_GET['from'] || $payback->getTo() != $_GET['to']) {
|
|
|
|
|
$payback = new Payback();
|
|
|
|
|
}
|
2013-09-11 00:51:45 +02:00
|
|
|
}
|
2013-09-25 22:09:25 +02:00
|
|
|
else {
|
|
|
|
|
$payback = $payback->load(array('invoice_id'=>(int) $_GET['invoice_id'], 'to_user'=>(int) $_GET['to'], 'from_user'=>(int) $_GET['from']), true);
|
2013-09-14 23:21:49 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
if($payback == false)
|
|
|
|
|
$payback = new Payback();
|
|
|
|
|
}
|
2013-09-11 00:51:45 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
$payback->setDate(date('i'), date('G'), date('j'), date('n'), date('Y'));
|
|
|
|
|
$payback->setInvoice($_GET['invoice_id']);
|
|
|
|
|
$payback->setAmount($invoice->getAmountPerPerson($_GET['from']));
|
|
|
|
|
$payback->setFrom($_GET['from']);
|
|
|
|
|
$payback->setTo($_GET['to']);
|
2013-09-11 00:51:45 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
$payback->save();
|
2014-08-30 23:39:41 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
// Clear the cache
|
|
|
|
|
($cached_files = glob(raintpl::$cache_dir."*.rtpl.php")) or ($cached_files = array());
|
|
|
|
|
array_map("unlink", $cached_files);
|
2013-09-11 00:51:45 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
header('location: index.php');
|
|
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
else {
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['token_error']);
|
2013-09-26 18:34:29 +02:00
|
|
|
$tpl->assign('block_error', true);
|
2013-09-25 22:09:25 +02:00
|
|
|
$tpl->draw('index');
|
2013-09-26 18:34:29 +02:00
|
|
|
exit();
|
2013-09-25 22:09:25 +02:00
|
|
|
}
|
2013-09-11 00:51:45 +02:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
else {
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['unauthorized']);
|
2013-09-26 18:34:29 +02:00
|
|
|
$tpl->assign('block_error', true);
|
2013-09-11 00:51:45 +02:00
|
|
|
$tpl->draw('index');
|
2013-09-26 18:34:29 +02:00
|
|
|
exit();
|
2013-09-11 00:51:45 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
header('location: index.php?'.$get_redir);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'delete_payback':
|
|
|
|
|
if(!empty($_GET['from']) && !empty($_GET['to']) && !empty($_GET['invoice_id'])) {
|
|
|
|
|
if($_GET['to'] == $current_user->getId() || $current_user->getAdmin()) {
|
2013-09-26 17:21:46 +02:00
|
|
|
if(check_token(600, 'invoice')) {
|
2013-09-25 22:09:25 +02:00
|
|
|
$paybacks = new Payback();
|
2013-09-11 00:51:45 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
$paybacks = $paybacks->load(array('to_user'=>(int) $_GET['to'], 'from_user'=> (int) $_GET['from'], 'invoice_id'=> (int) $_GET['invoice_id']));
|
2013-09-11 00:51:45 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
if($paybacks !== false) {
|
|
|
|
|
foreach($paybacks as $payback) {
|
|
|
|
|
$payback->delete();
|
|
|
|
|
}
|
2013-09-14 23:21:49 +02:00
|
|
|
}
|
2013-09-11 00:51:45 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
// Clear the cache
|
|
|
|
|
($cached_files = glob(raintpl::$cache_dir."*.rtpl.php")) or ($cached_files = array());
|
|
|
|
|
array_map("unlink", $cached_files);
|
|
|
|
|
|
|
|
|
|
header('location: index.php');
|
|
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
else {
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['token_error']);
|
2013-09-26 18:34:29 +02:00
|
|
|
$tpl->assign('block_error', true);
|
2013-09-25 22:09:25 +02:00
|
|
|
$tpl->draw('index');
|
2013-09-26 18:34:29 +02:00
|
|
|
exit();
|
2013-09-25 22:09:25 +02:00
|
|
|
}
|
2013-09-11 00:51:45 +02:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
else {
|
2013-09-15 16:55:22 +02:00
|
|
|
header('location: index.php');
|
|
|
|
|
exit();
|
2013-09-11 00:51:45 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
header('location: index.php');
|
|
|
|
|
exit();
|
|
|
|
|
}
|
2013-09-15 16:55:22 +02:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'payall':
|
|
|
|
|
if(!empty($_GET['from']) && !empty($_GET['to'])) {
|
|
|
|
|
if($_GET['to'] == $current_user->getId() || $current_user->getAdmin()) {
|
2013-09-26 17:21:46 +02:00
|
|
|
if(check_token(600, 'invoice')) {
|
2013-09-25 22:09:25 +02:00
|
|
|
// Confirm all paybacks when to is buyer
|
|
|
|
|
$invoices = new Invoice();
|
|
|
|
|
$invoices = $invoices->load(array('buyer'=>(int) $_GET['to']));
|
|
|
|
|
|
|
|
|
|
if($invoices !== false) {
|
|
|
|
|
foreach($invoices as $invoice) {
|
|
|
|
|
$paybacks = new Payback();
|
|
|
|
|
$paybacks = $paybacks->load(array('invoice_id'=>$invoice->getId(), 'to_user'=>(int) $_GET['to'], 'from_user'=>(int) $_GET['from']));
|
|
|
|
|
|
|
|
|
|
if($paybacks === false) {
|
|
|
|
|
$payback = new Payback();
|
|
|
|
|
$payback->setTo($_GET['to']);
|
|
|
|
|
$payback->setFrom($_GET['from']);
|
|
|
|
|
$payback->setAmount($invoice->getAmountPerPerson($_GET['from']));
|
|
|
|
|
$payback->setInvoice($invoice->getId());
|
|
|
|
|
$payback->setDate(date('i'), date('G'), date('j'), date('n'), date('Y'));
|
|
|
|
|
$payback->save();
|
|
|
|
|
}
|
2013-09-15 16:55:22 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
// Confirm all paybacks when from is buyer
|
|
|
|
|
$invoices = new Invoice();
|
|
|
|
|
$invoices = $invoices->load(array('buyer'=>(int) $_GET['from']));
|
|
|
|
|
|
|
|
|
|
if($invoices !== false) {
|
|
|
|
|
foreach($invoices as $invoice) {
|
|
|
|
|
$paybacks = new Payback();
|
|
|
|
|
$paybacks = $paybacks->load(array('invoice_id'=>$invoice->getId(), 'to_user'=>(int) $_GET['from'], 'from_user'=>(int) $_GET['to']));
|
|
|
|
|
|
|
|
|
|
if($paybacks === false) {
|
|
|
|
|
$payback = new Payback();
|
|
|
|
|
$payback->setTo($_GET['from']);
|
|
|
|
|
$payback->setFrom($_GET['to']);
|
|
|
|
|
$payback->setAmount($invoice->getAmountPerPerson($_GET['to']));
|
|
|
|
|
$payback->setInvoice($invoice->getId());
|
|
|
|
|
$payback->setDate(date('i'), date('G'), date('j'), date('n'), date('Y'));
|
|
|
|
|
$payback->save();
|
|
|
|
|
}
|
2013-09-15 16:55:22 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
// Clear the cache
|
|
|
|
|
($cached_files = glob(raintpl::$cache_dir."*.rtpl.php")) or ($cached_files = array());
|
|
|
|
|
array_map("unlink", $cached_files);
|
|
|
|
|
|
|
|
|
|
header('location: index.php');
|
|
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
else {
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['token_error']);
|
2013-09-26 18:34:29 +02:00
|
|
|
$tpl->assign('block_error', true);
|
2013-09-25 22:09:25 +02:00
|
|
|
$tpl->draw('index');
|
2013-09-26 18:34:29 +02:00
|
|
|
exit();
|
2013-09-25 22:09:25 +02:00
|
|
|
}
|
2013-09-15 16:55:22 +02:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
header('location: index.php');
|
|
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
header('location: index.php');
|
|
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
break;
|
2013-09-11 00:51:45 +02:00
|
|
|
|
2013-09-24 14:50:05 +02:00
|
|
|
case "see_paybacks":
|
|
|
|
|
$global_paybacks = new GlobalPayback();
|
2014-08-30 23:39:41 +02:00
|
|
|
|
2013-09-24 14:50:05 +02:00
|
|
|
if(empty($_GET['id'])) {
|
|
|
|
|
$global_paybacks = $global_paybacks->load();
|
2013-09-25 19:44:43 +02:00
|
|
|
|
|
|
|
|
if($global_paybacks !== false) {
|
|
|
|
|
$sort_keys = array();
|
|
|
|
|
foreach($global_paybacks as $key=>$entry) {
|
|
|
|
|
$sort_keys[$key] = $entry->getId();
|
|
|
|
|
}
|
|
|
|
|
array_multisort($sort_keys, SORT_DESC, $global_paybacks);
|
|
|
|
|
}
|
2013-09-24 14:50:05 +02:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$global_paybacks = $global_paybacks->load(array('id'=>(int) $_GET['id']), true);
|
|
|
|
|
$tpl->assign('id', (int) $_GET['id']);
|
|
|
|
|
|
|
|
|
|
$users_list = new User();
|
|
|
|
|
$users_list = $users_list->load();
|
|
|
|
|
|
|
|
|
|
$tpl->assign('users', $users_list);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$tpl->assign('list', true);
|
|
|
|
|
$tpl->assign('global_paybacks', $global_paybacks);
|
2013-09-26 18:34:29 +02:00
|
|
|
$tpl->assign('token', generate_token('global_payback'));
|
2013-09-24 14:50:05 +02:00
|
|
|
|
|
|
|
|
$tpl->draw('see_paybacks');
|
|
|
|
|
break;
|
|
|
|
|
|
2013-09-24 16:48:42 +02:00
|
|
|
case "confirm_global_paybacks":
|
|
|
|
|
if(!empty($_GET['from']) && !empty($_GET['to']) && !empty($_GET['payback_id']) && $_GET['from'] != $_GET['to']) {
|
|
|
|
|
if($_GET['to'] == $current_user->getId() || $current_user->getAdmin()) {
|
2013-09-26 17:21:46 +02:00
|
|
|
if(check_token(600, 'global_payback')) {
|
2013-09-25 22:09:25 +02:00
|
|
|
$global_payback = new GlobalPayback();
|
|
|
|
|
$global_payback = $global_payback->load(array('id'=>(int) $_GET['payback_id']), true);
|
2013-09-24 16:48:42 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
$users_in = $global_payback->getUsersIn()->get();
|
2013-09-24 16:48:42 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
$users_in[(int) $_GET['from']][(int) $_GET['to']] = 0;
|
|
|
|
|
$users_in[(int) $_GET['to']][(int) $_GET['from']] = 0;
|
2013-09-24 16:48:42 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
$global_payback->setUsersIn($users_in);
|
2013-09-25 20:28:09 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
if($global_payback->getUsersIn()->isEmpty()) {
|
|
|
|
|
$global_payback->setClosed(true);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$global_payback->setClosed(false);
|
|
|
|
|
}
|
2013-09-24 16:48:42 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
$global_payback->save();
|
2013-09-24 16:48:42 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
// Clear the cache
|
|
|
|
|
($cached_files = glob(raintpl::$cache_dir."*.rtpl.php")) or ($cached_files = array());
|
|
|
|
|
array_map("unlink", $cached_files);
|
2013-09-24 16:48:42 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
header('location: ?do=see_paybacks&id='.(int)$_GET['payback_id']);
|
|
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
header('location: index.php');
|
|
|
|
|
exit();
|
|
|
|
|
}
|
2013-09-24 16:48:42 +02:00
|
|
|
}
|
|
|
|
|
else {
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['token_error']);
|
2013-09-26 18:34:29 +02:00
|
|
|
$tpl->assign('block_error', true);
|
2013-09-24 16:48:42 +02:00
|
|
|
$tpl->draw('index');
|
2013-09-26 18:34:29 +02:00
|
|
|
exit();
|
2013-09-24 16:48:42 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
header('location: index.php?'.$get_redir);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
2013-09-23 23:08:01 +02:00
|
|
|
case "manage_paybacks":
|
|
|
|
|
if(empty($_GET['new'])) {
|
2013-09-23 23:43:53 +02:00
|
|
|
$global_paybacks = new GlobalPayback();
|
|
|
|
|
$global_paybacks = $global_paybacks->load();
|
|
|
|
|
|
2013-09-25 19:44:43 +02:00
|
|
|
// Sort paybacks by id DESC
|
|
|
|
|
if($global_paybacks !== false) {
|
|
|
|
|
$sort_keys = array();
|
|
|
|
|
foreach($global_paybacks as $key=>$entry) {
|
|
|
|
|
$sort_keys[$key] = $entry->getId();
|
|
|
|
|
}
|
|
|
|
|
array_multisort($sort_keys, SORT_DESC, $global_paybacks);
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-23 23:08:01 +02:00
|
|
|
$tpl->assign('list', true);
|
2013-09-23 23:43:53 +02:00
|
|
|
$tpl->assign('global_paybacks', $global_paybacks);
|
2013-09-23 23:08:01 +02:00
|
|
|
}
|
|
|
|
|
else {
|
2013-09-26 18:34:29 +02:00
|
|
|
if(!empty($_POST['users_in']) && count($_POST['users_in']) > 1) {
|
2013-09-26 17:21:46 +02:00
|
|
|
if(check_token(600, 'global_payback')) {
|
2013-09-25 22:09:25 +02:00
|
|
|
$global_payback = new GlobalPayback();
|
2013-09-23 23:08:01 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
// Backup database
|
|
|
|
|
if(!is_dir('db_backups')) {
|
|
|
|
|
mkdir('db_backups');
|
|
|
|
|
}
|
2014-01-07 11:13:23 +01:00
|
|
|
if(!is_writeable('db_backups')) {
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['write_error_db_backups']);
|
2014-01-07 11:13:23 +01:00
|
|
|
$tpl->assign('block_error', true);
|
|
|
|
|
$tpl->draw('index');
|
|
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
else {
|
2014-01-27 00:00:47 +01:00
|
|
|
if(system(escapeshellcmd("mysqldump -q -h \"".MYSQL_HOST."\" -u \"".MYSQL_LOGIN."\" -p\"".MYSQL_PASSWORD."\" \"".MYSQL_DB."\" > db_backups/".date('d-m-Y_H:i'))) === FALSE) {
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['db_dump_failed']);
|
2014-01-27 00:00:47 +01:00
|
|
|
$tpl->assign('block_error', true);
|
|
|
|
|
$tpl->draw('index');
|
|
|
|
|
exit();
|
2014-01-07 11:13:23 +01:00
|
|
|
}
|
|
|
|
|
else {
|
2014-01-27 00:00:47 +01:00
|
|
|
$users_in = array();
|
|
|
|
|
foreach($_POST['users_in'] as $user1_id) {
|
|
|
|
|
$user1_id = intval($user1_id);
|
|
|
|
|
foreach($_POST['users_in'] as $user2_id) {
|
|
|
|
|
$user2_id = intval($user2_id);
|
|
|
|
|
if($user1_id == $user2_id) {
|
|
|
|
|
$users_in[$user1_id][$user2_id] = 0;
|
|
|
|
|
}
|
|
|
|
|
elseif(!empty($users_in[$user2_id][$user1_id])) {
|
|
|
|
|
if($users_in[$user2_id][$user1_id] > 0) {
|
|
|
|
|
$users_in[$user1_id][$user2_id] = 0;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$users_in[$user1_id][$user2_id] = -$users_in[$user2_id][$user1_id];
|
|
|
|
|
$users_in[$user2_id][$user1_id] = 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
// Get the amount user1 owes to user2
|
|
|
|
|
$users_in[$user1_id][$user2_id] = 0;
|
|
|
|
|
|
|
|
|
|
// Confirm all paybacks when user2 is buyer
|
|
|
|
|
$invoices = new Invoice();
|
|
|
|
|
$invoices = $invoices->load(array('buyer'=>$user2_id));
|
|
|
|
|
|
|
|
|
|
if($invoices !== false) {
|
|
|
|
|
foreach($invoices as $invoice) {
|
|
|
|
|
if($invoice->getAmountPerPerson($user1_id) !== false) {
|
|
|
|
|
$paybacks = new Payback();
|
|
|
|
|
$paybacks = $paybacks->load(array('invoice_id'=>$invoice->getId(), 'to_user'=>$user2_id, 'from_user'=>$user1_id));
|
|
|
|
|
|
|
|
|
|
if($paybacks === false) {
|
|
|
|
|
$payback = new Payback();
|
|
|
|
|
$payback->setTo($user2_id);
|
|
|
|
|
$payback->setFrom($user1_id);
|
|
|
|
|
$payback->setAmount($invoice->getAmountPerPerson($user1_id));
|
|
|
|
|
$payback->setInvoice($invoice->getId());
|
|
|
|
|
$payback->setDate(date('i'), date('G'), date('j'), date('n'), date('Y'));
|
|
|
|
|
$payback->save();
|
|
|
|
|
|
|
|
|
|
// Add the amount to what user1 owes to user2
|
|
|
|
|
$users_in[$user1_id][$user2_id] += $payback->getAmount();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Confirm all paybacks when from is buyer
|
|
|
|
|
$invoices = new Invoice();
|
|
|
|
|
$invoices = $invoices->load(array('buyer'=>$user1_id));
|
|
|
|
|
|
|
|
|
|
if($invoices !== false) {
|
|
|
|
|
foreach($invoices as $invoice) {
|
|
|
|
|
if($invoice->getAmountPerPerson($user2_id) !== false) {
|
|
|
|
|
$paybacks = new Payback();
|
|
|
|
|
$paybacks = $paybacks->load(array('invoice_id'=>$invoice->getId(), 'to_user'=>$user1_id, 'from_user'=>$user2_id));
|
|
|
|
|
|
|
|
|
|
if($paybacks === false) {
|
|
|
|
|
$payback = new Payback();
|
|
|
|
|
$payback->setTo($user1_id);
|
|
|
|
|
$payback->setFrom($user2_id);
|
|
|
|
|
$payback->setAmount($invoice->getAmountPerPerson($user2_id));
|
|
|
|
|
$payback->setInvoice($invoice->getId());
|
|
|
|
|
$payback->setDate(date('i'), date('G'), date('j'), date('n'), date('Y'));
|
|
|
|
|
$payback->save();
|
|
|
|
|
|
|
|
|
|
// Substract the amount to what user1 owes to user2
|
|
|
|
|
$users_in[$user1_id][$user2_id] -= $payback->getAmount();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Now, let's simplify the matrix ! :)
|
|
|
|
|
// First, get the total balance by user (gains - debts)
|
|
|
|
|
$balances = array();
|
|
|
|
|
$simplified_balances = array();
|
|
|
|
|
foreach($_POST['users_in'] as $user) {
|
|
|
|
|
$balances[$user] = 0;
|
|
|
|
|
foreach($_POST['users_in'] as $user2) {
|
|
|
|
|
if(!empty($users_in[$user][$user2])) {
|
|
|
|
|
$balances[$user] -= $users_in[$user][$user2];
|
|
|
|
|
}
|
|
|
|
|
if(!empty($users_in[$user2][$user])) {
|
|
|
|
|
$balances[$user] += $users_in[$user2][$user];
|
|
|
|
|
}
|
|
|
|
|
$simplified_balances[$user][$user2] = 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Round at 0.01 currency
|
|
|
|
|
foreach($balances as $key=>$balance) {
|
|
|
|
|
$balances[$key] = round($balance, 2);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Do while $balances is not identically filled with zeros
|
|
|
|
|
$i = 0;
|
|
|
|
|
while(count(array_unique($balances)) != 1 or $balances[key($balances)] != 0) {
|
|
|
|
|
// Sort balances in abs values, desc
|
|
|
|
|
uasort($balances, "sort_array_abs");
|
|
|
|
|
|
|
|
|
|
// Get the largest one in abs
|
|
|
|
|
// The following largest with opposite sign must pay him back the max
|
|
|
|
|
reset($balances);
|
|
|
|
|
$user1 = key($balances);
|
|
|
|
|
|
|
|
|
|
foreach($balances as $user2=>$value) {
|
|
|
|
|
if($value * $balances[$user1] < 0) {
|
|
|
|
|
if($balances[$user1] > 0) {
|
|
|
|
|
$simplified_balances[$user2][$user1] = round(abs($value), 2);
|
|
|
|
|
$balances[$user1] = round($balances[$user1] - abs($value), 2);
|
|
|
|
|
$balances[$user2] = round($balances[$user2] + abs($value), 2);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$simplified_balances[$user1][$user2] = round(abs($value), 2);
|
|
|
|
|
$balances[$user1] = round($balances[$user1] + abs($value), 2);
|
|
|
|
|
$balances[$user2] = round($balances[$user2] - abs($value), 2);
|
2014-08-30 23:39:41 +02:00
|
|
|
}
|
2014-01-27 00:00:47 +01:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$global_payback->setUsersIn($simplified_balances);
|
|
|
|
|
|
|
|
|
|
if($global_payback->getUsersIn()->isEmpty()) {
|
|
|
|
|
$global_payback->setClosed(true);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$global_payback->setClosed(false);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$global_payback->setDate(date('i'), date('G'), date('j'), date('n'), date('Y'));
|
|
|
|
|
$global_payback->save();
|
|
|
|
|
|
|
|
|
|
// Clear the cache
|
|
|
|
|
($cached_files = glob(raintpl::$cache_dir."*.rtpl.php")) or ($cached_files = array());
|
|
|
|
|
array_map("unlink", $cached_files);
|
|
|
|
|
|
|
|
|
|
header('location: index.php?do=manage_paybacks&'.$get_redir);
|
|
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
}
|
2013-09-25 22:09:25 +02:00
|
|
|
}
|
|
|
|
|
else {
|
2014-08-31 14:49:30 +02:00
|
|
|
$tpl->assign('error', $errors['token_error']);
|
2013-09-26 18:34:29 +02:00
|
|
|
$tpl->assign('block_error', true);
|
2013-09-25 22:09:25 +02:00
|
|
|
$tpl->draw('index');
|
2013-09-26 18:34:29 +02:00
|
|
|
exit();
|
2013-09-25 22:09:25 +02:00
|
|
|
}
|
2013-09-23 23:08:01 +02:00
|
|
|
}
|
2014-08-30 23:39:41 +02:00
|
|
|
|
2013-09-23 23:08:01 +02:00
|
|
|
$users_list = new User();
|
|
|
|
|
$users_list = $users_list->load();
|
|
|
|
|
|
|
|
|
|
$tpl->assign('users', $users_list);
|
|
|
|
|
}
|
2013-09-26 18:34:29 +02:00
|
|
|
$tpl->assign('token', generate_token('global_payback'));
|
2013-09-23 23:08:01 +02:00
|
|
|
$tpl->draw('manage_paybacks');
|
|
|
|
|
break;
|
|
|
|
|
|
2013-09-11 00:51:45 +02:00
|
|
|
|
2013-08-09 23:35:20 +02:00
|
|
|
default:
|
2013-09-15 15:28:27 +02:00
|
|
|
if(empty($_GET['all']))
|
|
|
|
|
$_GET['all'] = 0;
|
|
|
|
|
|
2013-09-01 23:09:37 +02:00
|
|
|
// Display cached page in priority
|
2013-09-15 15:28:27 +02:00
|
|
|
if($cache = $tpl->cache('index', $expire_time = 600, $cache_id = $current_user->getLogin().$_GET['all'])) {
|
2013-09-01 23:09:37 +02:00
|
|
|
echo $cache;
|
|
|
|
|
}
|
2013-09-08 18:36:59 +02:00
|
|
|
else {
|
2013-09-01 23:09:37 +02:00
|
|
|
$users_list = new User();
|
|
|
|
|
$users_list = $users_list->load();
|
2013-08-13 19:37:11 +02:00
|
|
|
|
2013-09-01 23:09:37 +02:00
|
|
|
$invoices_list = new Invoice();
|
2013-09-15 15:28:27 +02:00
|
|
|
if(empty($_GET['all'])) {
|
|
|
|
|
$invoices_list = $invoices_list->load(array('date'=>array('>='.date('Y-m').'-01 00:00:00', 'AND', '<='.date('Y-m').'-31 23:59:59')));
|
|
|
|
|
$tpl->assign('all', 0);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$invoices_list = $invoices_list->load();
|
|
|
|
|
$tpl->assign('all', 1);
|
|
|
|
|
}
|
2013-08-13 19:37:11 +02:00
|
|
|
|
2013-11-12 20:11:24 +01:00
|
|
|
// Only keep the invoices which concern the user (as buyer or user in) (only if user != admin)
|
|
|
|
|
// TODO : Optimize ?
|
2014-08-31 15:09:50 +02:00
|
|
|
if(!$current_user->getAdmin() && $invoices_list !== false) {
|
2013-11-12 20:11:24 +01:00
|
|
|
foreach($invoices_list as $key=>$invoice) {
|
|
|
|
|
if($invoice->getBuyer() != $current_user->getId() && !$invoice->getUsersIn()->inUsersIn($current_user->getId())) {
|
|
|
|
|
unset($invoices_list[$key]);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2013-09-10 23:07:39 +02:00
|
|
|
if($invoices_list === false) $invoices_list = array();
|
2013-09-26 17:21:46 +02:00
|
|
|
else {
|
|
|
|
|
$sort_keys = array();
|
|
|
|
|
foreach($invoices_list as $key=>$entry) {
|
|
|
|
|
$sort_keys[$key] = $entry->getDate();
|
|
|
|
|
}
|
|
|
|
|
array_multisort($sort_keys, SORT_DESC, $invoices_list);
|
|
|
|
|
}
|
2013-09-10 23:07:39 +02:00
|
|
|
|
|
|
|
|
$paybacks = array();
|
|
|
|
|
foreach($invoices_list as $invoice) {
|
|
|
|
|
$paybacks[$invoice->getId()] = new Payback();
|
2013-09-11 00:51:45 +02:00
|
|
|
$paybacks[$invoice->getId()] = $paybacks[$invoice->getId()]->load(array('invoice_id'=>$invoice->getId()), false, 'from_user');
|
2013-09-10 23:07:39 +02:00
|
|
|
}
|
|
|
|
|
|
2013-09-12 18:44:04 +02:00
|
|
|
$balances = array();
|
|
|
|
|
foreach($users_list as $user1) {
|
|
|
|
|
foreach($users_list as $user2) {
|
|
|
|
|
if($user1->getId() == $user2->getId()) {
|
|
|
|
|
$balances[$user1->getId()][$user2->getId()] = 'X';
|
|
|
|
|
}
|
2013-09-13 19:18:49 +02:00
|
|
|
if(!empty($balances[$user2->getId()][$user1->getId()])) {
|
|
|
|
|
// If the opposed element in the matrix exists
|
|
|
|
|
if(is_float($balances[$user2->getId()][$user1->getId()])) {
|
|
|
|
|
if($balances[$user2->getId()][$user1->getId()] >= 0) {
|
|
|
|
|
$balances[$user1->getId()][$user2->getId()] = '-';
|
|
|
|
|
}
|
|
|
|
|
else {
|
2014-01-27 00:00:47 +01:00
|
|
|
$balances[$user1->getId()][$user2->getId()] = -$balances[$user2->getId()][$user1->getId()];
|
2013-09-13 19:18:49 +02:00
|
|
|
$balances[$user2->getId()][$user1->getId()] = '-';
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2013-09-12 18:44:04 +02:00
|
|
|
else {
|
2013-09-13 19:18:49 +02:00
|
|
|
// TODO : Optimize ?
|
|
|
|
|
$balances[$user1->getId()][$user2->getId()] = 0;
|
|
|
|
|
|
|
|
|
|
// First, get a list of all invoices paid by user2 and check if user1 was in
|
|
|
|
|
$invoices_list_balances = new Invoice();
|
|
|
|
|
$invoices_list_balances = $invoices_list_balances->load(array('buyer'=>$user2->getId()));
|
|
|
|
|
if($invoices_list_balances !== false) {
|
|
|
|
|
foreach($invoices_list_balances as $invoice) {
|
|
|
|
|
if($invoice->getUsersIn()->inUsersIn($user1->getId())) {
|
2014-01-27 00:00:47 +01:00
|
|
|
$balances[$user1->getId()][$user2->getId()] = $balances[$user1->getId()][$user2->getId()] + $invoice->getAmountPerPerson($user1->getId(), false);
|
2013-09-15 16:39:16 +02:00
|
|
|
|
|
|
|
|
$payback_balance = new Payback();
|
|
|
|
|
$payback_balance = $payback_balance->load(array('invoice_id'=>$invoice->getId(), 'from_user'=>$user1->getId(), 'to_user'=>$user2->getId()), true);
|
|
|
|
|
if($payback_balance !== false)
|
2014-01-27 00:00:47 +01:00
|
|
|
$balances[$user1->getId()][$user2->getId()] = $balances[$user1->getId()][$user2->getId()] - $payback_balance->getAmount();
|
2013-09-13 19:18:49 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-08-30 23:39:41 +02:00
|
|
|
// Then search for all invoices paid by 1 and check if user2 was in
|
2013-09-13 19:18:49 +02:00
|
|
|
$invoices_list_balances = new Invoice();
|
|
|
|
|
$invoices_list_balances = $invoices_list_balances->load(array('buyer'=>$user1->getId()));
|
|
|
|
|
if($invoices_list_balances !== false) {
|
|
|
|
|
foreach($invoices_list_balances as $invoice) {
|
|
|
|
|
if($invoice->getUsersIn()->inUsersIn($user2->getId())) {
|
2014-01-27 00:00:47 +01:00
|
|
|
$balances[$user1->getId()][$user2->getId()] = $balances[$user1->getId()][$user2->getId()] - $invoice->getAmountPerPerson($user2->getId(), false);
|
2013-09-15 16:39:16 +02:00
|
|
|
|
|
|
|
|
$payback_balance = new Payback();
|
|
|
|
|
$payback_balance = $payback_balance->load(array('invoice_id'=>$invoice->getId(), 'from_user'=>$user2->getId(), 'to_user'=>$user1->getId()), true);
|
|
|
|
|
if($payback_balance !== false)
|
2014-01-27 00:00:47 +01:00
|
|
|
$balances[$user1->getId()][$user2->getId()] = $balances[$user1->getId()][$user2->getId()] + $payback_balance->getAmount();
|
2013-09-13 19:18:49 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2013-09-15 16:39:16 +02:00
|
|
|
|
|
|
|
|
if($balances[$user1->getId()][$user2->getId()] == 0) {
|
|
|
|
|
$balances[$user1->getId()][$user2->getId()] = '-';
|
|
|
|
|
$balances[$user2->getId()][$user1->getId()] = '-';
|
|
|
|
|
}
|
2013-09-12 18:44:04 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2014-01-27 00:00:47 +01:00
|
|
|
foreach($users_list as $user1) {
|
|
|
|
|
foreach($users_list as $user2) {
|
|
|
|
|
if($balances[$user1->getId()][$user2->getId()] != '-' && $balances[$user1->getId()][$user2->getId()] != 'X')
|
|
|
|
|
$balances[$user1->getId()][$user2->getId()] = round($balances[$user1->getId()][$user2->getId()], 2);
|
|
|
|
|
}
|
|
|
|
|
}
|
2013-09-12 18:44:04 +02:00
|
|
|
|
2013-11-19 14:14:29 +01:00
|
|
|
if(!$current_user->getAdmin()) {
|
|
|
|
|
$user_balance = 0;
|
|
|
|
|
foreach($users_list as $user1) {
|
2014-01-27 00:00:47 +01:00
|
|
|
$user_balance = $user_balance - $balances[$current_user->getId()][$user1->getId()];
|
|
|
|
|
$user_balance = $user_balance + $balances[$user1->getId()][$current_user->getId()];
|
2013-11-19 14:14:29 +01:00
|
|
|
}
|
2014-08-30 23:39:41 +02:00
|
|
|
|
2014-01-27 00:00:47 +01:00
|
|
|
$tpl->assign('user_balance', round($user_balance,2));
|
2013-11-19 14:14:29 +01:00
|
|
|
}
|
|
|
|
|
|
2013-09-01 23:09:37 +02:00
|
|
|
$tpl->assign('users', secureDisplay($users_list));
|
|
|
|
|
$tpl->assign('invoices', secureDisplay($invoices_list));
|
2013-09-10 23:07:39 +02:00
|
|
|
$tpl->assign('paybacks', secureDisplay($paybacks));
|
2013-09-12 18:44:04 +02:00
|
|
|
$tpl->assign('balances', secureDisplay($balances));
|
2013-08-13 19:37:11 +02:00
|
|
|
|
2013-09-25 22:09:25 +02:00
|
|
|
$tpl->assign('token', generate_token('invoice'));
|
|
|
|
|
|
|
|
|
|
|
2013-09-01 23:09:37 +02:00
|
|
|
// Cache the page (1 month to make it almost permanent and only regenerate it upon new invoice)
|
2013-09-15 15:28:27 +02:00
|
|
|
$tpl->cache('index', 108000, $current_user->getLogin().$_GET['all']);
|
2013-09-01 23:09:37 +02:00
|
|
|
|
|
|
|
|
$tpl->draw('index');
|
|
|
|
|
break;
|
2013-09-08 18:36:59 +02:00
|
|
|
}
|
2013-08-09 00:44:43 +02:00
|
|
|
}
|
