2013-08-07 20:32:44 +02:00
< ? php
2013-09-05 23:46:51 +02:00
// Error translation
$errors = array (
'unknown_username_password' => array ( 'fr' => 'Nom d\'utilisateur ou mot de passe inconnu.' , 'en' => 'Unknown username or password.' ),
'token_error' => array ( 'fr' => 'Erreur de token. Veuillez réessayer.' , 'en' => 'Token error. Please resubmit the form.' ),
'password_mismatch' => array ( 'fr' => 'Les deux mots de passe ne correspondent pas.' , 'en' => 'The content of the two passwords fields doesn\'t match.' ),
'user_already_exists' => array ( 'fr' => 'Un utilisateur avec le même login ou nom d\'affichage existe déjà. Choisissez un login ou un nom d\'affichage différent.' , 'en' => 'A user with the same login or display name already exists. Choose a different login or display name.' ),
'write_error_data' => array ( 'fr' => 'Le script ne peut pas écrire dans le dossier data/, vérifiez les permissions sur ce dossier.' , 'en' => 'The script can\'t write in data/ dir, check permissions set on this folder.' ),
'unable_write_config' => array ( 'fr' => 'Impossible d\'écrire le fichier data/config.php. Vérifiez les permissions.' , 'en' => 'Unable to write data/config.php file. Check permissions.' ),
'negative_amount' => array ( 'fr' => 'Montant négatif non autorisé.' , 'en' => 'Negative amount not allowed.' ),
2013-09-08 18:36:59 +02:00
'template_error' => array ( 'fr' => 'Template non disponible.' , 'en' => 'Template not available.' ),
'unauthorized' => array ( 'fr' => 'Vous n\'avez pas le droit de faire cette action.' , 'en' => 'You are not authorized to do that.' )
2013-09-05 23:46:51 +02:00
);
2013-09-08 16:12:30 +02:00
$localized = array (
'guest' => array ( 'fr' => 'invité' , 'en' => 'guest' )
);
2013-08-11 22:25:25 +02:00
// Include necessary files
2013-08-24 23:28:56 +02:00
if ( ! file_exists ( 'data/config.php' )) { header ( 'location: install.php' ); exit (); }
2013-08-12 09:52:50 +02:00
require_once ( 'data/config.php' );
2013-08-09 00:44:43 +02:00
require_once ( 'inc/User.class.php' );
2013-08-13 19:37:11 +02:00
require_once ( 'inc/Invoices.class.php' );
2013-08-09 00:44:43 +02:00
require_once ( 'inc/rain.tpl.class.php' );
2013-08-12 09:52:50 +02:00
require_once ( 'inc/functions.php' );
2013-08-25 00:06:14 +02:00
require_once ( 'inc/Ban.inc.php' );
2013-08-24 23:53:52 +02:00
require_once ( 'inc/CSRF.inc.php' );
2013-09-06 20:07:28 +02:00
if ( ! empty ( $_GET [ 'json' ])) {
raintpl :: $tpl_dir = 'tpl/json/' ;
$get_redir = 'json=1' ;
}
else {
raintpl :: $tpl_dir = TEMPLATE_DIR ;
$get_redir = '' ;
}
2013-08-09 00:44:43 +02:00
raintpl :: $cache_dir = 'tmp/' ;
2013-08-11 22:25:25 +02:00
// Define raintpl instance
2013-08-09 00:44:43 +02:00
$tpl = new raintpl ();
2013-08-09 23:47:01 +02:00
$tpl -> assign ( 'instance_title' , htmlspecialchars ( INSTANCE_TITLE ));
2013-08-09 23:35:20 +02:00
$tpl -> assign ( 'connection' , false );
2013-08-12 09:52:50 +02:00
$tpl -> assign ( 'notice' , nl2br ( getNotice ()));
2013-08-09 23:43:56 +02:00
$tpl -> assign ( 'error' , '' );
2013-08-12 09:52:50 +02:00
$tpl -> assign ( 'base_url' , htmlspecialchars ( BASE_URL ));
$tpl -> assign ( 'currency' , htmlspecialchars ( CURRENCY ));
2013-08-24 23:28:56 +02:00
$tpl -> assign ( 'email_webmaster' , htmlspecialchars ( EMAIL_WEBMASTER ));
2013-09-04 23:04:05 +02:00
2013-08-24 23:28:56 +02:00
// Set sessions parameters
ini_set ( 'session.use_cookies' , 1 );
ini_set ( 'session.use_only_cookies' , 1 );
ini_set ( 'session.use_trans_sid' , false );
session_name ( 'bouffeatulm' );
// Regenerate session if needed
$cookie = session_get_cookie_params ();
$cookie_dir = '' ; if ( dirname ( $_SERVER [ 'SCRIPT_NAME' ]) != '/' ) $cookie_dir = dirname ( $_SERVER [ 'SCRIPT_NAME' ]);
session_set_cookie_params ( $cookie [ 'lifetime' ], $cookie_dir , $_SERVER [ 'HTTP_HOST' ]);
session_regenerate_id ( true );
2013-08-09 23:35:20 +02:00
2013-08-11 22:25:25 +02:00
// Handle current user status
2013-08-24 23:28:56 +02:00
if ( session_id () == '' ) session_start ();
2013-08-11 22:25:25 +02:00
$current_user = new User ();
if ( isset ( $_SESSION [ 'current_user' ])) {
$current_user -> sessionRestore ( $_SESSION [ 'current_user' ], true );
}
else {
$current_user = false ;
}
2013-08-26 21:21:52 +02:00
$tpl -> assign ( 'current_user' , secureDisplay ( $current_user ));
2013-08-09 00:44:43 +02:00
2013-09-06 20:07:28 +02:00
if ( ! empty ( $_GET [ 'json_token' ])) {
$current_user = new User ();
if ( $current_user -> load ( array ( 'json_token' => $_GET [ 'json_token' ], true )) === false ) {
header ( 'location: index.php?do=connect' . $get_redir );
exit ();
}
else {
if ( ! empty ( $get_redir ))
$get_redir .= '&' ;
$get_redir .= 'json_token=' . $_GET [ 'json_token' ];
}
2013-08-09 00:44:43 +02:00
}
2013-09-06 20:07:28 +02:00
else {
//If json token not available
// If not connected, redirect to connection page
if ( $current_user === false && ( empty ( $_GET [ 'do' ]) OR $_GET [ 'do' ] != 'connect' )) {
header ( 'location: index.php?do=connect&' . $get_redir );
exit ();
}
// If IP has changed, logout
if ( $current_user !== false && user_ip () != $_SESSION [ 'ip' ]) {
session_destroy ();
header ( 'location: index.php?do=connect&' . $get_redir );
exit ();
}
2013-08-25 22:36:46 +02:00
}
2013-08-24 23:53:52 +02:00
2013-08-11 22:25:25 +02:00
// Initialize empty $_GET['do'] if required to avoid error
2013-08-09 00:44:43 +02:00
if ( empty ( $_GET [ 'do' ])) {
$_GET [ 'do' ] = '' ;
}
2013-08-11 22:25:25 +02:00
// Check what to do
2013-08-09 00:44:43 +02:00
switch ( $_GET [ 'do' ]) {
case 'connect' :
2013-08-11 22:25:25 +02:00
if ( $current_user !== false ) {
2013-09-06 20:07:28 +02:00
header ( 'location: index.php?' . $get_redir );
2013-08-24 23:28:56 +02:00
exit ();
2013-08-11 22:25:25 +02:00
}
2013-08-24 23:53:52 +02:00
if ( ! empty ( $_POST [ 'login' ]) && ! empty ( $_POST [ 'password' ]) && check_token ( 600 , 'connection' )) {
2013-08-12 09:52:50 +02:00
$user = new User ();
$user -> setLogin ( $_POST [ 'login' ]);
2013-08-24 23:28:56 +02:00
if ( ban_canLogin () == false ) {
2013-09-05 23:46:51 +02:00
$error = $errors [ 'unknown_username_password' ][ LANG ];
2013-08-09 00:44:43 +02:00
}
else {
2013-08-29 12:26:28 +02:00
$user = $user -> exists ( $_POST [ 'login' ]);
if ( $user !== false && $user -> checkPassword ( $_POST [ 'password' ])) {
2013-08-24 23:28:56 +02:00
ban_loginOk ();
$_SESSION [ 'current_user' ] = $user -> sessionStore ();
$_SESSION [ 'ip' ] = user_ip ();
if ( ! empty ( $_POST [ 'remember_me' ])) { // Handle remember me cookie
$_SESSION [ 'remember_me' ] = 31536000 ;
}
else {
$_SESSION [ 'remember_me' ] = 0 ;
}
$cookie_dir = '' ; if ( dirname ( $_SERVER [ 'SCRIPT_NAME' ]) != '/' ) $cookie_dir = dirname ( $_SERVER [ 'SCRIPT_NAME' ]);
session_set_cookie_params ( $_SESSION [ 'remember_me' ], $cookie_dir , $_SERVER [ 'HTTP_HOST' ]);
session_regenerate_id ( true );
2013-09-06 20:07:28 +02:00
header ( 'location: index.php?' . $get_redir );
2013-08-24 23:28:56 +02:00
exit ();
}
else {
ban_loginFailed ();
2013-09-05 23:46:51 +02:00
$error = $errors [ 'unknown_username_password' ][ LANG ];
2013-08-24 23:28:56 +02:00
}
2013-08-09 00:44:43 +02:00
}
}
2013-08-25 22:36:46 +02:00
$tpl -> assign ( 'connection' , true );
2013-08-09 23:47:01 +02:00
$tpl -> assign ( 'user_post' , ( ! empty ( $_POST [ 'login' ])) ? htmlspecialchars ( $_POST [ 'login' ]) : '' );
2013-08-24 23:53:52 +02:00
$tpl -> assign ( 'token' , generate_token ( 'connection' ));
$tpl -> draw ( 'connection' );
2013-08-09 00:44:43 +02:00
break ;
case 'disconnect' :
$current_user = false ;
session_destroy ();
2013-09-06 20:07:28 +02:00
header ( 'location: index.php?do=connect&' . $get_redir );
2013-08-09 00:44:43 +02:00
exit ();
2013-08-09 23:35:20 +02:00
break ;
2013-08-09 00:44:43 +02:00
2013-08-09 23:35:20 +02:00
case 'password' :
2013-08-09 23:43:56 +02:00
if ( ! empty ( $_POST [ 'password' ]) && ! empty ( $_POST [ 'password_confirm' ])) {
if ( $_POST [ 'password' ] == $_POST [ 'password_confirm' ]) {
2013-08-25 23:06:47 +02:00
if ( check_token ( 600 , 'password' )) {
$current_user -> setPassword ( $current_user -> encrypt ( $_POST [ 'password' ]));
$current_user -> save ();
2013-08-09 00:44:43 +02:00
2013-09-06 20:07:28 +02:00
header ( 'location: index.php?' . $get_redir );
2013-08-25 23:06:47 +02:00
exit ();
}
else {
2013-09-05 23:46:51 +02:00
$tpl -> assign ( 'error' , $errors [ 'token_error' ][ LANG ]);
2013-08-25 23:06:47 +02:00
}
2013-08-09 23:43:56 +02:00
}
else {
2013-09-05 23:46:51 +02:00
$tpl -> assign ( 'error' , $errors [ 'password_mismatch' ][ LANG ]);
2013-08-09 23:43:56 +02:00
}
}
2013-08-10 23:58:40 +02:00
$tpl -> assign ( 'view' , 'password' );
2013-09-06 20:07:28 +02:00
$tpl -> assign ( 'json_token' , htmlspecialchars ( $current_user -> getJsonToken ()));
2013-08-25 23:06:47 +02:00
$tpl -> assign ( 'token' , generate_token ( 'password' ));
2013-08-09 23:35:20 +02:00
$tpl -> draw ( 'edit_users' );
break ;
2013-08-10 23:58:40 +02:00
case 'edit_users' :
case 'add_user' :
2013-08-11 22:25:25 +02:00
if ( ! $current_user -> getAdmin ()) {
2013-09-06 20:07:28 +02:00
header ( 'location: index.php?' . $get_redir );
2013-08-24 23:28:56 +02:00
exit ();
2013-08-10 23:58:40 +02:00
}
2013-08-11 22:25:25 +02:00
2013-08-13 17:58:14 +02:00
if ( ! empty ( $_POST [ 'login' ]) && ! empty ( $_POST [ 'display_name' ]) && ( ! empty ( $_POST [ 'password' ]) || ! empty ( $_POST [ 'user_id' ])) && isset ( $_POST [ 'admin' ])) {
2013-08-25 23:06:47 +02:00
if ( check_token ( 600 , 'edit_users' )) {
2013-08-24 23:53:52 +02:00
$user = new User ();
if ( ! empty ( $_POST [ 'user_id' ])) {
$user -> setId ( $_POST [ 'user_id' ]);
}
2013-09-06 20:07:28 +02:00
else {
$user -> newJsonToken ();
}
2013-08-24 23:53:52 +02:00
$user -> setLogin ( $_POST [ 'login' ]);
$user -> setDisplayName ( $_POST [ 'display_name' ]);
if ( ! empty ( $_POST [ 'password' ])) {
$user -> setPassword ( $user -> encrypt ( $_POST [ 'password' ]));
}
$user -> setAdmin ( $_POST [ 'admin' ]);
2013-08-11 22:25:25 +02:00
2013-08-25 23:06:47 +02:00
if ( ! empty ( $_POST [ 'user_id' ]) || $user -> isUnique ()) {
2013-08-25 00:06:14 +02:00
$user -> save ();
2013-09-02 00:23:37 +02:00
// Clear the cache
array_map ( " unlink " , glob ( raintpl :: $cache_dir . " *.rtpl.php " ));
2013-09-06 20:07:28 +02:00
header ( 'location: index.php?do=edit_users&' . $get_redir );
2013-08-25 00:06:14 +02:00
exit ();
}
else {
2013-09-05 23:46:51 +02:00
$tpl -> assign ( 'error' , $errors [ 'user_already_exists' ][ LANG ]);
2013-08-25 00:06:14 +02:00
}
2013-08-24 23:53:52 +02:00
}
2013-08-25 23:06:47 +02:00
else {
2013-09-05 23:46:51 +02:00
$tpl -> assign ( 'error' , $errors [ 'token_error' ][ LANG ]);
2013-08-25 23:06:47 +02:00
}
2013-08-11 22:25:25 +02:00
}
2013-08-10 23:58:40 +02:00
if ( ! empty ( $_GET [ 'user_id' ]) || $_GET [ 'do' ] == 'add_user' ) {
if ( ! empty ( $_GET [ 'user_id' ])) {
$user_id = ( int ) $_GET [ 'user_id' ];
$user = new User ();
2013-08-27 15:51:04 +02:00
$user = $user -> load ( array ( 'id' => $user_id ), true );
2013-08-26 21:21:52 +02:00
$tpl -> assign ( 'user_data' , $user -> secureDisplay ());
2013-08-10 23:58:40 +02:00
}
2013-08-12 09:52:50 +02:00
$tpl -> assign ( 'user_id' , ( ! empty ( $user_id ) ? ( int ) $user_id : - 1 ));
2013-08-10 23:58:40 +02:00
$tpl -> assign ( 'view' , 'edit_user' );
}
else {
$users_list = new User ();
2013-08-27 15:51:04 +02:00
$users_list = $users_list -> load ();
2013-08-11 22:25:25 +02:00
2013-08-26 21:21:52 +02:00
$tpl -> assign ( 'users' , secureDisplay ( $users_list ));
2013-08-10 23:58:40 +02:00
$tpl -> assign ( 'view' , 'list_users' );
}
2013-08-11 22:25:25 +02:00
$tpl -> assign ( 'login_post' , ( ! empty ( $_POST [ 'login' ]) ? htmlspecialchars ( $_POST [ 'login' ]) : '' ));
2013-08-13 17:58:14 +02:00
$tpl -> assign ( 'display_name_post' , ( ! empty ( $_POST [ 'display_name' ]) ? htmlspecialchars ( $_POST [ 'display_name' ]) : '' ));
2013-08-11 22:25:25 +02:00
$tpl -> assign ( 'admin_post' , ( isset ( $_POST [ 'admin' ]) ? ( int ) $_POST [ 'admin' ] : - 1 ));
2013-08-24 23:53:52 +02:00
$tpl -> assign ( 'token' , generate_token ( 'edit_users' ));
2013-08-10 23:58:40 +02:00
$tpl -> draw ( 'edit_users' );
break ;
2013-09-06 20:07:28 +02:00
case 'new_token' :
if ( ! empty ( $_GET [ 'user_id' ]) && $current_user -> getAdmin ()) {
$user_id = ( int ) $_GET [ 'user_id' ];
}
else {
$user_id = $current_user -> getId ();
}
$user = new User ();
$user = $user -> load ( array ( 'id' => $user_id ), true );
$user -> newJsonToken ();
$user -> save ();
$_SESSION [ 'current_user' ] = $user -> sessionStore ();
header ( 'location: index.php' . $get_redir );
exit ();
break ;
2013-08-10 23:58:40 +02:00
case 'delete_user' :
2013-08-11 22:25:25 +02:00
if ( $_GET [ 'user_id' ] != $current_user -> getId ()) {
$user = new User ();
2013-08-11 22:34:39 +02:00
$user -> setId ( $_GET [ 'user_id' ]);
2013-08-11 22:25:25 +02:00
$user -> delete ();
2013-09-02 00:23:37 +02:00
// Clear the cache
array_map ( " unlink " , glob ( raintpl :: $cache_dir . " *.rtpl.php " ));
2013-09-06 20:07:28 +02:00
header ( 'location: index.php?do=edit_users&' . $get_redir );
2013-08-11 22:25:25 +02:00
exit ();
}
2013-08-10 23:58:40 +02:00
break ;
2013-08-12 09:52:50 +02:00
case 'edit_notice' :
if ( isset ( $_POST [ 'notice' ])) {
setNotice ( $_POST [ 'notice' ]);
2013-09-02 00:23:37 +02:00
// Clear the cache
array_map ( " unlink " , glob ( raintpl :: $cache_dir . " *.rtpl.php " ));
2013-08-12 09:52:50 +02:00
2013-09-06 20:07:28 +02:00
header ( 'location: index.php?' . $get_redir );
2013-08-12 09:52:50 +02:00
exit ();
}
$tpl -> assign ( 'show_settings' , false );
$tpl -> draw ( 'settings' );
break ;
case 'settings' :
2013-09-05 23:57:47 +02:00
if ( ! empty ( $_POST [ 'mysql_host' ]) && ! empty ( $_POST [ 'mysql_login' ]) && ! empty ( $_POST [ 'mysql_db' ]) && ! empty ( $_POST [ 'currency' ]) && ! empty ( $_POST [ 'instance_title' ]) && ! empty ( $_POST [ 'base_url' ]) && ! empty ( $_POST [ 'timezone' ]) && ! empty ( $_POST [ 'email_webmaster' ]) && ! empty ( $_POST [ 'template' ])) {
2013-08-25 23:06:47 +02:00
if ( check_token ( 600 , 'settings' )) {
if ( ! is_writable ( 'data/' )) {
2013-09-05 23:46:51 +02:00
$tpl > assign ( 'error' , $errors [ 'write_error_data' ][ LANG ]);
2013-08-25 23:06:47 +02:00
}
else {
2013-09-05 23:57:47 +02:00
if ( ! is_dir ( 'tpl/' . $_POST [ 'template' ])) {
$tpl -> assign ( 'error' , $errors [ 'template_error' ][ LANG ]);
2013-09-05 23:46:51 +02:00
}
else {
$config = file ( 'data/config.php' );
foreach ( $config as $line_number => $line ) {
if ( strpos ( $line , " MYSQL_HOST " ) !== FALSE )
$config [ $line_number ] = " \t define('MYSQL_HOST', ' " . $_POST [ 'mysql_host' ] . " '); \n " ;
elseif ( strpos ( $line , " MYSQL_LOGIN " ) !== FALSE )
$config [ $line_number ] = " \t define('MYSQL_LOGIN', ' " . $_POST [ 'mysql_login' ] . " '); \n " ;
elseif ( strpos ( $line , " MYSQL_PASSWORD " ) !== FALSE && ! empty ( $_POST [ 'mysql_password' ]))
$config [ $line_number ] = " \t define('MYSQL_PASSWORD', ' " . $_POST [ 'mysql_password' ] . " '); \n " ;
elseif ( strpos ( $line , " MYSQL_DB " ) !== FALSE )
$config [ $line_number ] = " \t define('MYSQL_DB', ' " . $_POST [ 'mysql_db' ] . " '); \n " ;
elseif ( strpos ( $line , " MYSQL_PREFIX " ) !== FALSE && ! empty ( $_POST [ 'mysql_prefix' ]))
$config [ $line_number ] = " \t define('MYSQL_PREFIX', ' " . $_POST [ 'mysql_prefix' ] . " '); \n " ;
elseif ( strpos ( $line , " INSTANCE_TITLE " ) !== FALSE )
$config [ $line_number ] = " \t define('INSTANCE_TITLE', ' " . $_POST [ 'instance_title' ] . " '); \n " ;
elseif ( strpos ( $line , " BASE_URL " ) !== FALSE )
$config [ $line_number ] = " \t define('BASE_URL', ' " . $_POST [ 'base_url' ] . " '); \n " ;
elseif ( strpos ( $line , " CURRENCY " ) !== FALSE )
$config [ $line_number ] = " \t define('CURRENCY', ' " . $_POST [ 'currency' ] . " '); \n " ;
elseif ( strpos ( $line , " EMAIL_WEBMASTER " ) !== FALSE )
$config [ $line_number ] = " \t define('EMAIL_WEBMASTER', ' " . $_POST [ 'email_webmaster' ] . " '); \n " ;
elseif ( strpos ( $line , " TEMPLATE_DIR " ) !== FALSE )
2013-09-05 23:57:47 +02:00
$config [ $line_number ] = " \t define('TEMPLATE_DIR', 'tpl/ " . $_POST [ 'template' ] . " /'); \n " ;
2013-09-05 23:46:51 +02:00
elseif ( strpos ( $line , " LANG " ) !== FALSE )
2013-09-05 23:57:47 +02:00
$config [ $line_number ] = " \t define('LANG', ' " . substr ( $_POST [ 'template' ], - 2 ) . " '); \n " ;
2013-09-05 23:46:51 +02:00
elseif ( strpos ( $line_number , 'date_default_timezone_set' ) !== FALSE )
$config [ $line_number ] = " \t date_default_timezone_set(' " . $_POST [ 'timezone' ] . " '); \n " ;
}
if ( file_put_contents ( " data/config.php " , $config )) {
// Clear the cache
array_map ( " unlink " , glob ( raintpl :: $cache_dir . " *.rtpl.php " ));
2013-09-06 20:07:28 +02:00
header ( 'location: index.php?' . $get_redir );
2013-09-05 23:46:51 +02:00
exit ();
}
else {
$tpl -> assign ( 'error' , $errors [ 'unable_write_config' ][ LANG ]);
}
}
2013-08-25 23:06:47 +02:00
}
2013-08-12 09:52:50 +02:00
}
else {
2013-09-05 23:46:51 +02:00
$tpl -> assign ( 'error' , $errors [ 'token_error' ][ LANG ]);
2013-08-12 09:52:50 +02:00
}
}
2013-08-26 21:21:52 +02:00
$tpl -> assign ( 'mysql_host' , htmlspecialchars ( MYSQL_HOST ));
$tpl -> assign ( 'mysql_login' , htmlspecialchars ( MYSQL_LOGIN ));
$tpl -> assign ( 'mysql_db' , htmlspecialchars ( MYSQL_DB ));
$tpl -> assign ( 'mysql_prefix' , htmlspecialchars ( MYSQL_PREFIX ));
2013-08-22 23:14:14 +02:00
$tpl -> assign ( 'timezone' , @ date_default_timezone_get ());
2013-08-12 09:52:50 +02:00
$tpl -> assign ( 'show_settings' , true );
2013-08-24 23:53:52 +02:00
$tpl -> assign ( 'token' , generate_token ( 'settings' ));
2013-09-05 23:46:51 +02:00
$tpl -> assign ( 'templates' , listTemplates ( 'tpl/' ));
2013-09-05 20:09:03 +02:00
$tpl -> assign ( 'current_template' , trim ( substr ( TEMPLATE_DIR , 4 ), '/' ));
2013-09-05 23:46:51 +02:00
$tpl -> assign ( 'lang' , LANG );
2013-08-12 09:52:50 +02:00
$tpl -> draw ( 'settings' );
break ;
2013-08-13 19:37:11 +02:00
case 'new_invoice' :
2013-08-17 19:16:16 +02:00
case 'edit_invoice' :
if ( ! empty ( $_GET [ 'id' ])) {
$invoice = new Invoice ();
2013-08-30 20:07:52 +02:00
$invoice = $invoice -> load ( array ( 'id' => ( int ) $_GET [ 'id' ]), true );
2013-08-17 19:16:16 +02:00
2013-08-30 20:07:52 +02:00
$date_hour = $invoice -> getDate ( 'a' );
$date_day = $invoice -> getDate ( 'd' );
$date_month = $invoice -> getDate ( 'm' );
$date_year = $invoice -> getDate ( 'Y' );
2013-08-17 19:16:16 +02:00
$amount = $invoice -> getAmount ();
$what = $invoice -> getWhat ();
2013-09-08 16:29:55 +02:00
$users_in = $invoice -> getUsersIn () -> get ();
2013-08-17 19:16:16 +02:00
}
if ( ! empty ( $_POST [ 'what' ])) $what = $_POST [ 'what' ];
if ( ! empty ( $_POST [ 'amount' ])) $amount = $_POST [ 'amount' ];
if ( ! empty ( $_POST [ 'date_day' ])) $date_day = $_POST [ 'date_day' ];
if ( ! empty ( $_POST [ 'date_month' ])) $date_month = $_POST [ 'date_month' ];
if ( ! empty ( $_POST [ 'date_year' ])) $date_year = $_POST [ 'date_year' ];
2013-09-08 16:29:55 +02:00
if ( ! empty ( $_POST [ 'users_in' ])) {
$users_in = array ();
foreach ( $_POST [ 'users_in' ] as $user ) {
$users_in [( int ) $user ] = ( int ) $_POST [ 'guest_user_' . $user ];
}
}
2013-08-17 19:16:16 +02:00
2013-08-30 20:07:52 +02:00
if ( ! empty ( $_POST [ 'what' ]) && ! empty ( $_POST [ 'amount' ]) && ( float ) $_POST [ 'amount' ] != 0 && ! empty ( $_POST [ 'date_hour' ]) && ! empty ( $_POST [ 'date_day' ]) && ! empty ( $_POST [ 'date_month' ]) && ! empty ( $_POST [ 'date_year' ]) && ! empty ( $_POST [ 'users_in' ])) {
2013-08-25 23:06:47 +02:00
if ( check_token ( 600 , 'new_invoice' )) {
2013-08-30 20:07:52 +02:00
if ( $_POST [ 'amount' ] <= 0 ) {
2013-09-05 23:46:51 +02:00
$tpl -> assign ( 'error' , $errors [ 'negative_amount' ][ LANG ]);
2013-08-25 23:06:47 +02:00
}
2013-08-30 20:07:52 +02:00
else {
$invoice = new Invoice ();
if ( ! empty ( $_POST [ 'id' ]))
$invoice -> setId ( $_POST [ 'id' ]);
$invoice -> setWhat ( $_POST [ 'what' ]);
$invoice -> setAmount ( $_POST [ 'amount' ]);
2013-09-08 13:52:00 +02:00
$invoice -> setBuyer ( $current_user -> getId ());
2013-08-30 20:07:52 +02:00
$invoice -> setDate ( 0 , int2ampm ( $_POST [ 'date_hour' ]), $_POST [ 'date_day' ], $_POST [ 'date_month' ], $_POST [ 'date_year' ]);
2013-09-08 16:29:55 +02:00
2013-08-30 20:07:52 +02:00
$invoice -> setUsersIn ( $users_in );
2013-08-13 19:37:11 +02:00
2013-08-30 20:07:52 +02:00
$invoice -> save ();
2013-09-02 00:23:37 +02:00
// Clear the cache
2013-09-08 15:54:44 +02:00
$tmp_files = glob ( raintpl :: $cache_dir . " *.rtpl.php " );
if ( is_array ( $tmp_files )) {
array_map ( " unlink " , $tmp_files );
}
2013-09-02 00:23:37 +02:00
2013-09-06 20:07:28 +02:00
header ( 'location: index.php?' . $get_redir );
2013-08-30 20:07:52 +02:00
exit ();
}
2013-08-25 23:06:47 +02:00
}
else {
2013-09-05 23:46:51 +02:00
$tpl -> assign ( 'error' , $errors [ 'token_error' ][ LANG ]);
2013-08-25 23:06:47 +02:00
}
2013-08-13 19:37:11 +02:00
}
$users_list = new User ();
2013-08-27 15:51:04 +02:00
$users_list = $users_list -> load ();
2013-08-13 19:37:11 +02:00
2013-08-26 21:21:52 +02:00
$tpl -> assign ( 'days' , range ( 1 , 31 ));
2013-08-13 19:37:11 +02:00
$tpl -> assign ( 'months' , range ( 1 , 12 ));
$tpl -> assign ( 'years' , range ( date ( 'Y' ) - 1 , date ( 'Y' ) + 1 ));
2013-08-30 20:07:52 +02:00
$tpl -> assign ( 'hour_post' , ( ! empty ( $date_hour ) ? ( int ) ampm2int ( $date_hour ) : ( int ) ampm2int ( date ( 'a' ))));
2013-08-17 19:16:16 +02:00
$tpl -> assign ( 'day_post' , ( ! empty ( $date_day ) ? ( int ) $date_day : ( int ) date ( 'd' )));
$tpl -> assign ( 'month_post' , ( ! empty ( $date_month ) ? ( int ) $date_month : ( int ) date ( 'm' )));
$tpl -> assign ( 'year_post' , ( ! empty ( $date_year ) ? ( int ) $date_year : ( int ) date ( 'Y' )));
$tpl -> assign ( 'amount_post' , ( ! empty ( $amount ) ? ( float ) $amount : 0 ));
$tpl -> assign ( 'what_post' , ( ! empty ( $what ) ? htmlspecialchars ( $what ) : '' ));
2013-08-26 21:21:52 +02:00
$tpl -> assign ( 'users' , secureDisplay ( $users_list ));
2013-08-17 19:16:16 +02:00
$tpl -> assign ( 'users_in' , ( ! empty ( $users_in ) ? $users_in : array ()));
$tpl -> assign ( 'id' , ( ! empty ( $_GET [ 'id' ]) ? ( int ) $_GET [ 'id' ] : 0 ));
2013-08-24 23:53:52 +02:00
$tpl -> assign ( 'token' , generate_token ( 'new_invoice' ));
2013-08-13 19:37:11 +02:00
$tpl -> draw ( 'new_invoice' );
break ;
2013-08-17 19:28:42 +02:00
case 'delete_invoice' :
if ( ! empty ( $_GET [ 'id' ])) {
$invoice = new Invoice ();
2013-09-08 18:36:59 +02:00
$invoice = $invoice -> load ( array ( 'id' => ( int ) $_GET [ 'id' ]), true );
2013-08-17 19:28:42 +02:00
2013-09-08 18:36:59 +02:00
if ( $current_user -> getAdmin () || $invoice -> getBuyer () == $current_user -> getId ()) {
$invoice -> delete ();
2013-09-02 00:23:37 +02:00
2013-09-08 18:36:59 +02:00
// Clear the cache
array_map ( " unlink " , glob ( raintpl :: $cache_dir . " *.rtpl.php " ));
header ( 'location: index.php?' . $get_redir );
exit ();
}
else {
$tpl -> assign ( 'error' , $errors [ 'unauthorized' ]);
$tpl -> draw ( 'index' );
}
}
else {
2013-09-06 20:07:28 +02:00
header ( 'location: index.php?' . $get_redir );
2013-08-17 19:28:42 +02:00
exit ();
}
break ;
2013-08-09 23:35:20 +02:00
default :
2013-09-01 23:09:37 +02:00
// Display cached page in priority
2013-09-08 18:36:59 +02:00
if ( $cache = $tpl -> cache ( 'index' , $expire_time = 600 , $cache_id = $current_user -> getLogin ())) {
2013-09-01 23:09:37 +02:00
echo $cache ;
}
2013-09-08 18:36:59 +02:00
else {
2013-09-01 23:09:37 +02:00
$users_list = new User ();
$users_list = $users_list -> load ();
2013-08-13 19:37:11 +02:00
2013-09-01 23:09:37 +02:00
$invoices_list = new Invoice ();
$invoices_list = $invoices_list -> load ();
2013-08-13 19:37:11 +02:00
2013-09-01 23:09:37 +02:00
$tpl -> assign ( 'users' , secureDisplay ( $users_list ));
$tpl -> assign ( 'invoices' , secureDisplay ( $invoices_list ));
2013-08-13 19:37:11 +02:00
2013-09-01 23:09:37 +02:00
// Cache the page (1 month to make it almost permanent and only regenerate it upon new invoice)
2013-09-02 00:23:37 +02:00
$tpl -> cache ( 'index' , 108000 , $current_user -> getLogin ());
2013-09-01 23:09:37 +02:00
$tpl -> draw ( 'index' );
break ;
2013-09-08 18:36:59 +02:00
}
2013-08-09 00:44:43 +02:00
}