2013-08-07 20:32:44 +02:00
|
|
|
<?php
|
2013-08-11 22:25:25 +02:00
|
|
|
// Include necessary files
|
2013-08-24 23:28:56 +02:00
|
|
|
if(!file_exists('data/config.php')) { header('location: install.php'); exit(); }
|
2013-08-12 09:52:50 +02:00
|
|
|
require_once('data/config.php');
|
2013-08-09 00:44:43 +02:00
|
|
|
require_once('inc/User.class.php');
|
2013-08-13 19:37:11 +02:00
|
|
|
require_once('inc/Invoices.class.php');
|
2013-08-09 00:44:43 +02:00
|
|
|
require_once('inc/rain.tpl.class.php');
|
2013-08-12 09:52:50 +02:00
|
|
|
require_once('inc/functions.php');
|
2013-08-25 00:06:14 +02:00
|
|
|
require_once('inc/Ban.inc.php');
|
2013-08-24 23:53:52 +02:00
|
|
|
require_once('inc/CSRF.inc.php');
|
2013-08-09 00:44:43 +02:00
|
|
|
raintpl::$tpl_dir = 'tpl/';
|
|
|
|
raintpl::$cache_dir = 'tmp/';
|
2013-09-04 23:04:05 +02:00
|
|
|
raintpl::configure('base_url', htmlspecialchars(BASE_URL));
|
2013-08-09 00:44:43 +02:00
|
|
|
|
2013-08-11 22:25:25 +02:00
|
|
|
// Define raintpl instance
|
2013-08-09 00:44:43 +02:00
|
|
|
$tpl = new raintpl();
|
2013-08-09 23:47:01 +02:00
|
|
|
$tpl->assign('instance_title', htmlspecialchars(INSTANCE_TITLE));
|
2013-08-09 23:35:20 +02:00
|
|
|
$tpl->assign('connection', false);
|
2013-08-12 09:52:50 +02:00
|
|
|
$tpl->assign('notice', nl2br(getNotice()));
|
2013-08-09 23:43:56 +02:00
|
|
|
$tpl->assign('error', '');
|
2013-08-12 09:52:50 +02:00
|
|
|
$tpl->assign('base_url', htmlspecialchars(BASE_URL));
|
|
|
|
$tpl->assign('currency', htmlspecialchars(CURRENCY));
|
2013-08-24 23:28:56 +02:00
|
|
|
$tpl->assign('email_webmaster', htmlspecialchars(EMAIL_WEBMASTER));
|
2013-09-04 23:04:05 +02:00
|
|
|
|
|
|
|
// TODO : Avoid a bug in rainTPL with img near input
|
|
|
|
$tpl->configure('path_replace_list', array('a', 'img', 'link', 'script'));
|
2013-08-24 23:28:56 +02:00
|
|
|
|
|
|
|
// Set sessions parameters
|
|
|
|
ini_set('session.use_cookies', 1);
|
|
|
|
ini_set('session.use_only_cookies', 1);
|
|
|
|
ini_set('session.use_trans_sid', false);
|
|
|
|
session_name('bouffeatulm');
|
|
|
|
|
|
|
|
// Regenerate session if needed
|
|
|
|
$cookie = session_get_cookie_params();
|
|
|
|
$cookie_dir = ''; if(dirname($_SERVER['SCRIPT_NAME']) != '/') $cookie_dir = dirname($_SERVER['SCRIPT_NAME']);
|
|
|
|
session_set_cookie_params($cookie['lifetime'], $cookie_dir, $_SERVER['HTTP_HOST']);
|
|
|
|
session_regenerate_id(true);
|
2013-08-09 23:35:20 +02:00
|
|
|
|
2013-08-11 22:25:25 +02:00
|
|
|
// Handle current user status
|
2013-08-24 23:28:56 +02:00
|
|
|
if(session_id() == '') session_start();
|
|
|
|
|
2013-08-11 22:25:25 +02:00
|
|
|
$current_user = new User();
|
|
|
|
if(isset($_SESSION['current_user'])) {
|
|
|
|
$current_user->sessionRestore($_SESSION['current_user'], true);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$current_user = false;
|
|
|
|
}
|
2013-08-26 21:21:52 +02:00
|
|
|
$tpl->assign('current_user', secureDisplay($current_user));
|
2013-08-09 00:44:43 +02:00
|
|
|
|
2013-08-11 22:25:25 +02:00
|
|
|
// If not connected, redirect to connection page
|
|
|
|
if($current_user === false && (empty($_GET['do']) OR $_GET['do'] != 'connect')) {
|
2013-08-09 00:44:43 +02:00
|
|
|
header('location: index.php?do=connect');
|
2013-08-24 23:28:56 +02:00
|
|
|
exit();
|
2013-08-09 00:44:43 +02:00
|
|
|
}
|
2013-08-25 22:36:46 +02:00
|
|
|
|
|
|
|
// If IP has changed, logout
|
|
|
|
if($current_user !== false && user_ip() != $_SESSION['ip']) {
|
|
|
|
session_destroy();
|
|
|
|
header('location: index.php?do=connect');
|
|
|
|
exit();
|
|
|
|
}
|
2013-08-24 23:53:52 +02:00
|
|
|
|
2013-08-11 22:25:25 +02:00
|
|
|
// Initialize empty $_GET['do'] if required to avoid error
|
2013-08-09 00:44:43 +02:00
|
|
|
if(empty($_GET['do'])) {
|
|
|
|
$_GET['do'] = '';
|
|
|
|
}
|
|
|
|
|
2013-08-11 22:25:25 +02:00
|
|
|
// Check what to do
|
2013-08-09 00:44:43 +02:00
|
|
|
switch($_GET['do']) {
|
|
|
|
case 'connect':
|
2013-08-11 22:25:25 +02:00
|
|
|
if($current_user !== false) {
|
|
|
|
header('location: index.php');
|
2013-08-24 23:28:56 +02:00
|
|
|
exit();
|
2013-08-11 22:25:25 +02:00
|
|
|
}
|
2013-08-24 23:53:52 +02:00
|
|
|
if(!empty($_POST['login']) && !empty($_POST['password']) && check_token(600, 'connection')) {
|
2013-08-12 09:52:50 +02:00
|
|
|
$user = new User();
|
|
|
|
$user->setLogin($_POST['login']);
|
2013-08-24 23:28:56 +02:00
|
|
|
if(ban_canLogin() == false) {
|
|
|
|
$error = "Unknown username / password.";
|
2013-08-09 00:44:43 +02:00
|
|
|
}
|
|
|
|
else {
|
2013-08-29 12:26:28 +02:00
|
|
|
$user = $user->exists($_POST['login']);
|
|
|
|
if($user !== false && $user->checkPassword($_POST['password'])) {
|
2013-08-24 23:28:56 +02:00
|
|
|
ban_loginOk();
|
|
|
|
$_SESSION['current_user'] = $user->sessionStore();
|
|
|
|
$_SESSION['ip'] = user_ip();
|
|
|
|
|
|
|
|
if(!empty($_POST['remember_me'])) { // Handle remember me cookie
|
|
|
|
$_SESSION['remember_me'] = 31536000;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$_SESSION['remember_me'] = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
$cookie_dir = ''; if(dirname($_SERVER['SCRIPT_NAME']) != '/') $cookie_dir = dirname($_SERVER['SCRIPT_NAME']);
|
|
|
|
session_set_cookie_params($_SESSION['remember_me'], $cookie_dir, $_SERVER['HTTP_HOST']);
|
|
|
|
session_regenerate_id(true);
|
|
|
|
|
|
|
|
header('location: index.php');
|
|
|
|
exit();
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
ban_loginFailed();
|
|
|
|
$error = "Unknown username/password.";
|
|
|
|
}
|
2013-08-09 00:44:43 +02:00
|
|
|
}
|
|
|
|
}
|
2013-08-25 22:36:46 +02:00
|
|
|
$tpl->assign('connection', true);
|
2013-08-09 23:47:01 +02:00
|
|
|
$tpl->assign('user_post', (!empty($_POST['login'])) ? htmlspecialchars($_POST['login']) : '');
|
2013-08-24 23:53:52 +02:00
|
|
|
$tpl->assign('token', generate_token('connection'));
|
|
|
|
$tpl->draw('connection');
|
2013-08-09 00:44:43 +02:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 'disconnect':
|
|
|
|
$current_user = false;
|
|
|
|
session_destroy();
|
|
|
|
header('location: index.php?do=connect');
|
|
|
|
exit();
|
2013-08-09 23:35:20 +02:00
|
|
|
break;
|
2013-08-09 00:44:43 +02:00
|
|
|
|
2013-08-09 23:35:20 +02:00
|
|
|
case 'password':
|
2013-08-09 23:43:56 +02:00
|
|
|
if(!empty($_POST['password']) && !empty($_POST['password_confirm'])) {
|
|
|
|
if($_POST['password'] == $_POST['password_confirm']) {
|
2013-08-25 23:06:47 +02:00
|
|
|
if(check_token(600, 'password')) {
|
|
|
|
$current_user->setPassword($current_user->encrypt($_POST['password']));
|
|
|
|
$current_user->save();
|
2013-08-09 00:44:43 +02:00
|
|
|
|
2013-08-25 23:06:47 +02:00
|
|
|
header('location: index.php');
|
|
|
|
exit();
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$tpl->assign('error', 'Token error. Please resubmit the form.');
|
|
|
|
}
|
2013-08-09 23:43:56 +02:00
|
|
|
}
|
|
|
|
else {
|
|
|
|
$tpl->assign('error', 'The content of the two password fields doesn\'t match.');
|
|
|
|
}
|
|
|
|
}
|
2013-08-10 23:58:40 +02:00
|
|
|
$tpl->assign('view', 'password');
|
2013-08-25 23:06:47 +02:00
|
|
|
$tpl->assign('token', generate_token('password'));
|
2013-08-09 23:35:20 +02:00
|
|
|
$tpl->draw('edit_users');
|
|
|
|
break;
|
|
|
|
|
2013-08-10 23:58:40 +02:00
|
|
|
case 'edit_users':
|
|
|
|
case 'add_user':
|
2013-08-11 22:25:25 +02:00
|
|
|
if(!$current_user->getAdmin()) {
|
2013-08-10 23:58:40 +02:00
|
|
|
header('location: index.php');
|
2013-08-24 23:28:56 +02:00
|
|
|
exit();
|
2013-08-10 23:58:40 +02:00
|
|
|
}
|
2013-08-11 22:25:25 +02:00
|
|
|
|
2013-08-13 17:58:14 +02:00
|
|
|
if(!empty($_POST['login']) && !empty($_POST['display_name']) && (!empty($_POST['password']) || !empty($_POST['user_id'])) && isset($_POST['admin'])) {
|
2013-08-25 23:06:47 +02:00
|
|
|
if(check_token(600, 'edit_users')) {
|
2013-08-24 23:53:52 +02:00
|
|
|
$user = new User();
|
|
|
|
if(!empty($_POST['user_id'])) {
|
|
|
|
$user->setId($_POST['user_id']);
|
|
|
|
}
|
|
|
|
$user->setLogin($_POST['login']);
|
|
|
|
$user->setDisplayName($_POST['display_name']);
|
|
|
|
if(!empty($_POST['password'])) {
|
|
|
|
$user->setPassword($user->encrypt($_POST['password']));
|
|
|
|
}
|
|
|
|
$user->setAdmin($_POST['admin']);
|
2013-08-11 22:25:25 +02:00
|
|
|
|
2013-08-25 23:06:47 +02:00
|
|
|
if(!empty($_POST['user_id']) || $user->isUnique()) {
|
2013-08-25 00:06:14 +02:00
|
|
|
$user->save();
|
2013-09-02 00:23:37 +02:00
|
|
|
|
|
|
|
// Clear the cache
|
|
|
|
array_map("unlink", glob(raintpl::$cache_dir."*.rtpl.php"));
|
|
|
|
|
2013-08-25 00:06:14 +02:00
|
|
|
header('location: index.php?do=edit_users');
|
|
|
|
exit();
|
|
|
|
}
|
|
|
|
else {
|
2013-08-25 23:06:47 +02:00
|
|
|
$tpl->assign('error', 'A user with the same login or display name already exists. Choose a different login.');
|
2013-08-25 00:06:14 +02:00
|
|
|
}
|
2013-08-24 23:53:52 +02:00
|
|
|
}
|
2013-08-25 23:06:47 +02:00
|
|
|
else {
|
|
|
|
$tpl->assign('error', 'Token error. Please resubmit the form.');
|
|
|
|
}
|
2013-08-11 22:25:25 +02:00
|
|
|
}
|
2013-08-10 23:58:40 +02:00
|
|
|
|
|
|
|
if(!empty($_GET['user_id']) || $_GET['do'] == 'add_user') {
|
|
|
|
if(!empty($_GET['user_id'])) {
|
|
|
|
$user_id = (int) $_GET['user_id'];
|
|
|
|
$user = new User();
|
2013-08-27 15:51:04 +02:00
|
|
|
$user = $user->load(array('id'=>$user_id), true);
|
2013-08-26 21:21:52 +02:00
|
|
|
$tpl->assign('user_data', $user->secureDisplay());
|
2013-08-10 23:58:40 +02:00
|
|
|
}
|
2013-08-12 09:52:50 +02:00
|
|
|
$tpl->assign('user_id', (!empty($user_id) ? (int) $user_id : -1));
|
2013-08-10 23:58:40 +02:00
|
|
|
$tpl->assign('view', 'edit_user');
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$users_list = new User();
|
2013-08-27 15:51:04 +02:00
|
|
|
$users_list = $users_list->load();
|
2013-08-11 22:25:25 +02:00
|
|
|
|
2013-08-26 21:21:52 +02:00
|
|
|
$tpl->assign('users', secureDisplay($users_list));
|
2013-08-10 23:58:40 +02:00
|
|
|
$tpl->assign('view', 'list_users');
|
|
|
|
}
|
2013-08-11 22:25:25 +02:00
|
|
|
$tpl->assign('login_post', (!empty($_POST['login']) ? htmlspecialchars($_POST['login']) : ''));
|
2013-08-13 17:58:14 +02:00
|
|
|
$tpl->assign('display_name_post', (!empty($_POST['display_name']) ? htmlspecialchars($_POST['display_name']) : ''));
|
2013-08-11 22:25:25 +02:00
|
|
|
$tpl->assign('admin_post', (isset($_POST['admin']) ? (int) $_POST['admin'] : -1));
|
2013-08-24 23:53:52 +02:00
|
|
|
$tpl->assign('token', generate_token('edit_users'));
|
2013-08-10 23:58:40 +02:00
|
|
|
$tpl->draw('edit_users');
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'delete_user':
|
2013-08-11 22:25:25 +02:00
|
|
|
if($_GET['user_id'] != $current_user->getId()) {
|
|
|
|
$user = new User();
|
2013-08-11 22:34:39 +02:00
|
|
|
$user->setId($_GET['user_id']);
|
2013-08-11 22:25:25 +02:00
|
|
|
$user->delete();
|
|
|
|
|
2013-09-02 00:23:37 +02:00
|
|
|
// Clear the cache
|
|
|
|
array_map("unlink", glob(raintpl::$cache_dir."*.rtpl.php"));
|
|
|
|
|
2013-08-11 22:34:39 +02:00
|
|
|
header('location: index.php?do=edit_users');
|
2013-08-11 22:25:25 +02:00
|
|
|
exit();
|
|
|
|
}
|
2013-08-10 23:58:40 +02:00
|
|
|
break;
|
|
|
|
|
2013-08-12 09:52:50 +02:00
|
|
|
case 'edit_notice':
|
|
|
|
if(isset($_POST['notice'])) {
|
|
|
|
setNotice($_POST['notice']);
|
2013-09-02 00:23:37 +02:00
|
|
|
|
|
|
|
// Clear the cache
|
|
|
|
array_map("unlink", glob(raintpl::$cache_dir."*.rtpl.php"));
|
2013-08-12 09:52:50 +02:00
|
|
|
|
|
|
|
header('location: index.php');
|
|
|
|
exit();
|
|
|
|
}
|
|
|
|
|
|
|
|
$tpl->assign('show_settings', false);
|
|
|
|
$tpl->draw('settings');
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'settings':
|
2013-08-25 23:06:47 +02:00
|
|
|
if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_db']) && !empty($_POST['currency']) && !empty($_POST['instance_title']) && !empty($_POST['base_url']) && !empty($_POST['timezone']) && !empty($_POST['email_webmaster'])) {
|
|
|
|
if(check_token(600, 'settings')) {
|
|
|
|
if(!is_writable('data/')) {
|
|
|
|
$tpl>assign('error', 'The script can\'t write in data/ dir, check permissions set on this folder.');
|
|
|
|
}
|
|
|
|
$config = file('data/config.php');
|
|
|
|
|
|
|
|
foreach($config as $line_number=>$line) {
|
|
|
|
if(strpos($line, "MYSQL_HOST") !== FALSE)
|
|
|
|
$config[$line_number] = "\tdefine('MYSQL_HOST', '".$_POST['mysql_host']."');\n";
|
|
|
|
elseif(strpos($line, "MYSQL_LOGIN") !== FALSE)
|
|
|
|
$config[$line_number] = "\tdefine('MYSQL_LOGIN', '".$_POST['mysql_login']."');\n";
|
|
|
|
elseif(strpos($line, "MYSQL_PASSWORD") !== FALSE && !empty($_POST['mysql_password']))
|
|
|
|
$config[$line_number] = "\tdefine('MYSQL_PASSWORD', '".$_POST['mysql_password']."');\n";
|
|
|
|
elseif(strpos($line, "MYSQL_DB") !== FALSE)
|
|
|
|
$config[$line_number] = "\tdefine('MYSQL_DB', '".$_POST['mysql_db']."');\n";
|
|
|
|
elseif(strpos($line, "MYSQL_PREFIX") !== FALSE && !empty($_POST['mysql_prefix']))
|
|
|
|
$config[$line_number] = "\tdefine('MYSQL_PREFIX', '".$_POST['mysql_prefix']."');\n";
|
|
|
|
elseif(strpos($line, "INSTANCE_TITLE") !== FALSE)
|
|
|
|
$config[$line_number] = "\tdefine('INSTANCE_TITLE', '".$_POST['instance_title']."');\n";
|
|
|
|
elseif(strpos($line, "BASE_URL") !== FALSE)
|
|
|
|
$config[$line_number] = "\tdefine('BASE_URL', '".$_POST['base_url']."');\n";
|
|
|
|
elseif(strpos($line, "CURRENCY") !== FALSE)
|
|
|
|
$config[$line_number] = "\tdefine('CURRENCY', '".$_POST['currency']."');\n";
|
|
|
|
elseif(strpos($line, "EMAIL_WEBMASTER") !== FALSE)
|
|
|
|
$config[$line_number] = "\tdefine('EMAIL_WEBMASTER', '".$_POST['email_webmaster']."');\n";
|
|
|
|
elseif(strpos($line_number, 'date_default_timezone_set') !== FALSE)
|
|
|
|
$config[$line_number] = "\tdate_default_timezone_set('".$_POST['timezone']."');\n";
|
|
|
|
}
|
2013-08-12 09:52:50 +02:00
|
|
|
|
2013-08-25 23:06:47 +02:00
|
|
|
if(file_put_contents("data/config.php", $config)) {
|
2013-09-02 00:23:37 +02:00
|
|
|
// Clear the cache
|
|
|
|
array_map("unlink", glob(raintpl::$cache_dir."*.rtpl.php"));
|
|
|
|
|
2013-08-25 23:06:47 +02:00
|
|
|
header('location: index.php');
|
|
|
|
exit();
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$tpl->assign('error', 'Unable to write data/config.php file.');
|
|
|
|
}
|
2013-08-12 09:52:50 +02:00
|
|
|
}
|
|
|
|
else {
|
2013-08-25 23:06:47 +02:00
|
|
|
$tpl->assign('error', 'Token error. Please resubmit the form.');
|
2013-08-12 09:52:50 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-08-26 21:21:52 +02:00
|
|
|
$tpl->assign('mysql_host', htmlspecialchars(MYSQL_HOST));
|
|
|
|
$tpl->assign('mysql_login', htmlspecialchars(MYSQL_LOGIN));
|
|
|
|
$tpl->assign('mysql_db', htmlspecialchars(MYSQL_DB));
|
|
|
|
$tpl->assign('mysql_prefix', htmlspecialchars(MYSQL_PREFIX));
|
2013-08-22 23:14:14 +02:00
|
|
|
$tpl->assign('timezone', @date_default_timezone_get());
|
2013-08-12 09:52:50 +02:00
|
|
|
$tpl->assign('show_settings', true);
|
2013-08-24 23:53:52 +02:00
|
|
|
$tpl->assign('token', generate_token('settings'));
|
2013-08-12 09:52:50 +02:00
|
|
|
$tpl->draw('settings');
|
|
|
|
break;
|
|
|
|
|
2013-08-13 19:37:11 +02:00
|
|
|
case 'new_invoice':
|
2013-08-17 19:16:16 +02:00
|
|
|
case 'edit_invoice':
|
|
|
|
if(!empty($_GET['id'])) {
|
|
|
|
$invoice = new Invoice();
|
2013-08-30 20:07:52 +02:00
|
|
|
$invoice = $invoice->load(array('id'=>(int) $_GET['id']), true);
|
2013-08-17 19:16:16 +02:00
|
|
|
|
2013-08-30 20:07:52 +02:00
|
|
|
$date_hour = $invoice->getDate('a');
|
|
|
|
$date_day = $invoice->getDate('d');
|
|
|
|
$date_month = $invoice->getDate('m');
|
|
|
|
$date_year = $invoice->getDate('Y');
|
2013-08-17 19:16:16 +02:00
|
|
|
$amount = $invoice->getAmount();
|
|
|
|
$what = $invoice->getWhat();
|
|
|
|
$users_in = explode(',', $invoice->getUsersIn());
|
|
|
|
$guests = array();
|
|
|
|
}
|
|
|
|
|
|
|
|
if(!empty($_POST['what'])) $what = $_POST['what'];
|
|
|
|
if(!empty($_POST['amount'])) $amount = $_POST['amount'];
|
|
|
|
if(!empty($_POST['date_day'])) $date_day = $_POST['date_day'];
|
|
|
|
if(!empty($_POST['date_month'])) $date_month = $_POST['date_month'];
|
|
|
|
if(!empty($_POST['date_year'])) $date_year = $_POST['date_year'];
|
|
|
|
if(!empty($_POST['users_in'])) $users_in = $_POST['users_in'];
|
|
|
|
|
2013-08-30 20:07:52 +02:00
|
|
|
if(!empty($_POST['what']) && !empty($_POST['amount']) && (float) $_POST['amount'] != 0 && !empty($_POST['date_hour']) && !empty($_POST['date_day']) && !empty($_POST['date_month']) && !empty($_POST['date_year']) && !empty($_POST['users_in'])) {
|
2013-08-25 23:06:47 +02:00
|
|
|
if(check_token(600, 'new_invoice')) {
|
2013-08-30 20:07:52 +02:00
|
|
|
if($_POST['amount'] <= 0) {
|
|
|
|
$tpl->assign('error', 'Negative amount.');
|
2013-08-25 23:06:47 +02:00
|
|
|
}
|
2013-08-30 20:07:52 +02:00
|
|
|
else {
|
|
|
|
$invoice = new Invoice();
|
|
|
|
|
|
|
|
if(!empty($_POST['id']))
|
|
|
|
$invoice->setId($_POST['id']);
|
|
|
|
|
|
|
|
$invoice->setWhat($_POST['what']);
|
|
|
|
$invoice->setAmount($_POST['amount']);
|
|
|
|
$invoice->setBuyer($current_user);
|
|
|
|
$invoice->setDate(0, int2ampm($_POST['date_hour']), $_POST['date_day'], $_POST['date_month'], $_POST['date_year']);
|
|
|
|
|
|
|
|
$users_in = array();
|
|
|
|
$guests = array();
|
|
|
|
foreach($_POST['users_in'] as $user) {
|
|
|
|
$users_in[] = (int) $user;
|
|
|
|
$guests[] = (int) $_POST['guest_user_'.$user];
|
|
|
|
}
|
|
|
|
$invoice->setUsersIn($users_in);
|
|
|
|
$invoice->setGuests($guests);
|
2013-08-13 19:37:11 +02:00
|
|
|
|
2013-08-30 20:07:52 +02:00
|
|
|
$invoice->save();
|
2013-09-02 00:23:37 +02:00
|
|
|
|
|
|
|
// Clear the cache
|
|
|
|
array_map("unlink", glob(raintpl::$cache_dir."*.rtpl.php"));
|
|
|
|
|
2013-08-30 20:07:52 +02:00
|
|
|
header('location: index.php');
|
|
|
|
exit();
|
|
|
|
}
|
2013-08-25 23:06:47 +02:00
|
|
|
}
|
|
|
|
else {
|
|
|
|
$tpl->assign('error', 'Token error. Please resubmit the form.');
|
|
|
|
}
|
2013-08-13 19:37:11 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
$users_list = new User();
|
2013-08-27 15:51:04 +02:00
|
|
|
$users_list = $users_list->load();
|
2013-08-13 19:37:11 +02:00
|
|
|
|
2013-08-26 21:21:52 +02:00
|
|
|
$tpl->assign('days', range(1,31));
|
2013-08-13 19:37:11 +02:00
|
|
|
$tpl->assign('months', range(1, 12));
|
|
|
|
$tpl->assign('years', range(date('Y') - 1, date('Y') + 1));
|
|
|
|
|
2013-08-30 20:07:52 +02:00
|
|
|
$tpl->assign('hour_post', (!empty($date_hour) ? (int) ampm2int($date_hour) : (int) ampm2int(date('a'))));
|
2013-08-17 19:16:16 +02:00
|
|
|
$tpl->assign('day_post', (!empty($date_day) ? (int) $date_day : (int) date('d')));
|
|
|
|
$tpl->assign('month_post', (!empty($date_month) ? (int) $date_month : (int) date('m')));
|
|
|
|
$tpl->assign('year_post', (!empty($date_year) ? (int) $date_year : (int) date('Y')));
|
|
|
|
$tpl->assign('amount_post', (!empty($amount) ? (float) $amount : 0));
|
|
|
|
$tpl->assign('what_post', (!empty($what) ? htmlspecialchars($what) : ''));
|
2013-08-26 21:21:52 +02:00
|
|
|
$tpl->assign('users', secureDisplay($users_list));
|
2013-08-17 19:16:16 +02:00
|
|
|
$tpl->assign('users_in', (!empty($users_in) ? $users_in : array()));
|
2013-08-17 18:43:35 +02:00
|
|
|
$tpl->assign('guests', (!empty($guests) ? $guests : array()));
|
2013-08-17 19:16:16 +02:00
|
|
|
$tpl->assign('id', (!empty($_GET['id']) ? (int) $_GET['id'] : 0));
|
2013-08-24 23:53:52 +02:00
|
|
|
$tpl->assign('token', generate_token('new_invoice'));
|
2013-08-13 19:37:11 +02:00
|
|
|
$tpl->draw('new_invoice');
|
|
|
|
break;
|
|
|
|
|
2013-08-17 19:28:42 +02:00
|
|
|
case 'delete_invoice':
|
|
|
|
if(!empty($_GET['id'])) {
|
|
|
|
$invoice = new Invoice();
|
|
|
|
$invoice->setId($_GET['id']);
|
|
|
|
$invoice->delete();
|
|
|
|
|
2013-09-02 00:23:37 +02:00
|
|
|
// Clear the cache
|
|
|
|
array_map("unlink", glob(raintpl::$cache_dir."*.rtpl.php"));
|
|
|
|
|
2013-08-17 19:28:42 +02:00
|
|
|
header('location: index.php');
|
|
|
|
exit();
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
2013-08-09 23:35:20 +02:00
|
|
|
default:
|
2013-09-01 23:09:37 +02:00
|
|
|
// Display cached page in priority
|
2013-09-02 00:23:37 +02:00
|
|
|
if($cache = $tpl->cache('index', $expire_time = 600, $cache_id = $current_user->getLogin())) {
|
2013-09-01 23:09:37 +02:00
|
|
|
echo $cache;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$users_list = new User();
|
|
|
|
$users_list = $users_list->load();
|
2013-08-13 19:37:11 +02:00
|
|
|
|
2013-09-01 23:09:37 +02:00
|
|
|
$invoices_list = new Invoice();
|
|
|
|
$invoices_list = $invoices_list->load();
|
2013-08-13 19:37:11 +02:00
|
|
|
|
2013-09-01 23:09:37 +02:00
|
|
|
$tpl->assign('users', secureDisplay($users_list));
|
|
|
|
$tpl->assign('invoices', secureDisplay($invoices_list));
|
2013-08-13 19:37:11 +02:00
|
|
|
|
2013-09-01 23:09:37 +02:00
|
|
|
// Cache the page (1 month to make it almost permanent and only regenerate it upon new invoice)
|
2013-09-02 00:23:37 +02:00
|
|
|
$tpl->cache('index', 108000, $current_user->getLogin());
|
2013-09-01 23:09:37 +02:00
|
|
|
|
|
|
|
$tpl->draw('index');
|
|
|
|
break;
|
|
|
|
}
|
2013-08-09 00:44:43 +02:00
|
|
|
}
|