From 337c3d81f0280420ce8817ff5e46b2f86280736d Mon Sep 17 00:00:00 2001
From: Phyks
Date: Sat, 30 Aug 2014 23:39:41 +0200
Subject: [PATCH] Further refactoring
---
TODO | 9 --------
inc/User.class.php | 2 +-
index.php | 42 ++++++++++++++++++-------------------
install.php | 5 +----
tpl/default/edit_users.html | 22 +++++++++----------
tpl/default/settings.html | 39 +++++++++++++++++-----------------
6 files changed, 54 insertions(+), 65 deletions(-)
delete mode 100644 TODO
diff --git a/TODO b/TODO
deleted file mode 100644
index 35e18d8..0000000
--- a/TODO
+++ /dev/null
@@ -1,9 +0,0 @@
-* Notifications by e-mail for users
-
-Improvements :
-==============
-* User groups
-* Search invoice
-* JSON output => do index view
-* API
-* README file
diff --git a/inc/User.class.php b/inc/User.class.php
index 81a5f0d..e6d4350 100644
--- a/inc/User.class.php
+++ b/inc/User.class.php
@@ -29,7 +29,7 @@ class User extends Storage {
}
public function getDisplayName() {
- return $this->display_name;
+ return (!empty($this->display_name) ? $this->display_name : $this->login);
}
public function getId() {
diff --git a/index.php b/index.php
index e6e2a97..8953967 100644
--- a/index.php
+++ b/index.php
@@ -54,7 +54,7 @@
$tpl->assign('base_url', htmlspecialchars(BASE_URL));
$tpl->assign('currency', htmlspecialchars(CURRENCY));
$tpl->assign('email_webmaster', htmlspecialchars(EMAIL_WEBMASTER));
-
+
$current_user = new User();
if(isset($_SESSION['current_user'])) {
$current_user->sessionRestore($_SESSION['current_user'], true);
@@ -112,13 +112,13 @@
}
else {
//If json token not available
-
+
// If not connected, redirect to connection page
if($current_user === false && (empty($_GET['do']) OR $_GET['do'] != 'connect')) {
header('location: index.php?do=connect&'.$get_redir);
exit();
}
-
+
// If IP has changed, logout
if($current_user !== false && user_ip() != $_SESSION['ip']) {
logout();
@@ -201,7 +201,7 @@
$error = true;
$tpl->assign('error', $errors['email_invalid'][LANG]);
}
-
+
$current_user->setNotifications($_POST['notifications']);
$current_user->save();
@@ -228,7 +228,7 @@
exit();
}
- if(!empty($_POST['login']) && !empty($_POST['display_name']) && !empty($_POST['email']) && (!empty($_POST['password']) || !empty($_POST['user_id'])) && !empty($_POST['notifications']) && isset($_POST['admin'])) {
+ if(!empty($_POST['login']) && (!empty($_POST['password']) || !empty($_POST['user_id'])) && !empty($_POST['notifications']) && isset($_POST['admin'])) {
if(check_token(600, 'edit_users')) {
$user = new User();
if(!empty($_POST['user_id'])) {
@@ -238,7 +238,7 @@
$user->newJsonToken();
}
$user->setLogin($_POST['login']);
- $user->setDisplayName($_POST['display_name']);
+ $user->setDisplayName(!empty($_POST['display_name']) ? $_POST['display_name'] : '');
if(!empty($_POST['password'])) {
$user->setPassword($user->encrypt($_POST['password']));
}
@@ -270,7 +270,7 @@
$tpl->assign('error', $errors['token_error'][LANG]);
}
}
-
+
if(!empty($_GET['user_id']) || $_GET['do'] == 'add_user') {
if(!empty($_GET['user_id'])) {
$user_id = (int) $_GET['user_id'];
@@ -304,7 +304,7 @@
$user_id = $current_user->getId();
}
- if(check_token(600, 'password') || check_token(600, 'edit_users')) {
+ if(check_token(600, 'password') || check_token(600, 'edit_users')) {
$user = new User();
$user = $user->load(array('id'=>$user_id), true);
$user->newJsonToken();
@@ -312,7 +312,7 @@
if(empty($_GET['user_id']))
$_SESSION['current_user'] = $user->sessionStore();
-
+
if(!empty($_GET['user_id']))
header('location: index.php?do=edit_users&user_id='.$user_id);
else
@@ -398,7 +398,7 @@
// Clear the cache
($cached_files = glob(raintpl::$cache_dir."*.rtpl.php")) or ($cached_files = array());
array_map("unlink", $cached_files);
-
+
header('location: index.php?'.$get_redir);
exit();
}
@@ -413,7 +413,7 @@
break;
case 'settings':
- if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_db']) && !empty($_POST['currency']) && !empty($_POST['instance_title']) && !empty($_POST['base_url']) && !empty($_POST['timezone']) && !empty($_POST['email_webmaster']) && !empty($_POST['template'])) {
+ if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_password']) && !empty($_POST['mysql_db']) && !empty($_POST['instance_title']) && !empty($_POST['base_url']) && !empty($_POST['currency']) && !empty($_POST['timezone']) && !empty($_POST['template'])) {
if(check_token(600, 'settings')) {
if(!is_writable('data/')) {
$tpl>assign('error', $errors['write_error_data'][LANG]);
@@ -478,9 +478,9 @@
$tpl->assign('timezone', @date_default_timezone_get());
$tpl->assign('show_settings', true);
$tpl->assign('token', generate_token('settings'));
- $tpl->assign('templates', listTemplates('tpl/'));
- $tpl->assign('current_template', trim(substr(TEMPLATE_DIR, 4), '/'));
- $tpl->assign('lang', LANG);
+ $tpl->assign('templates', secureDisplay(listTemplates('tpl/')));
+ $tpl->assign('current_template', htmlspecialchars(trim(substr(TEMPLATE_DIR, 4), '/')));
+ $tpl->assign('lang', htmlspecialchars(LANG));
$tpl->draw('settings');
break;
@@ -534,7 +534,7 @@
$invoice->setDate(0, int2ampm($_POST['date_hour']), $_POST['date_day'], $_POST['date_month'], $_POST['date_year']);
-
+
$invoice->setUsersIn($users_in);
$invoice->save();
@@ -655,7 +655,7 @@
$payback->setTo($_GET['to']);
$payback->save();
-
+
// Clear the cache
($cached_files = glob(raintpl::$cache_dir."*.rtpl.php")) or ($cached_files = array());
array_map("unlink", $cached_files);
@@ -798,7 +798,7 @@
case "see_paybacks":
$global_paybacks = new GlobalPayback();
-
+
if(empty($_GET['id'])) {
$global_paybacks = $global_paybacks->load();
@@ -1034,7 +1034,7 @@
$simplified_balances[$user1][$user2] = round(abs($value), 2);
$balances[$user1] = round($balances[$user1] + abs($value), 2);
$balances[$user2] = round($balances[$user2] - abs($value), 2);
- }
+ }
break;
}
}
@@ -1068,7 +1068,7 @@
exit();
}
}
-
+
$users_list = new User();
$users_list = $users_list->load();
@@ -1165,7 +1165,7 @@
}
}
- // Then search for all invoices paid by 1 and check if user2 was in
+ // Then search for all invoices paid by 1 and check if user2 was in
$invoices_list_balances = new Invoice();
$invoices_list_balances = $invoices_list_balances->load(array('buyer'=>$user1->getId()));
if($invoices_list_balances !== false) {
@@ -1201,7 +1201,7 @@
$user_balance = $user_balance - $balances[$current_user->getId()][$user1->getId()];
$user_balance = $user_balance + $balances[$user1->getId()][$current_user->getId()];
}
-
+
$tpl->assign('user_balance', round($user_balance,2));
}
diff --git a/install.php b/install.php
index a058a08..661186d 100644
--- a/install.php
+++ b/install.php
@@ -103,9 +103,6 @@
if(!empty($_POST['email_webmaster']) && !filter_var($_POST['email_webmaster'], FILTER_VALIDATE_EMAIL)) {
$error = "Webmaster's email address is invalid.";
}
- else {
- $email_webmaster = !empty($_POST['email_webmaster']) ? $_POST['email_webmaster'] : '';
- }
if(empty($error)) {
if(function_exists('mcrypt_create_iv')) {
@@ -128,7 +125,7 @@
define('BASE_URL', '".$_POST['base_url']."');
define('SALT', '".$salt."');
define('CURRENCY', '".$_POST['currency']."');
- define('EMAIL_WEBMASTER', '".$email_webmaster."');
+ define('EMAIL_WEBMASTER', '".$_POST['email_webmaster']."');
define('TEMPLATE_DIR', 'tpl/".$_POST['template']."');
define('LANG', '".$_POST['lang']."');
diff --git a/tpl/default/edit_users.html b/tpl/default/edit_users.html
index b326d1a..6923d16 100644
--- a/tpl/default/edit_users.html
+++ b/tpl/default/edit_users.html
@@ -29,13 +29,13 @@
{$user_id != -1 ? 'Edit' : 'Add'} a user
Your personal token to use the API
-Your personal token to use the API is : {$json_token}.
If you think it might be compromised, you can generate a new one.
+Your personal token to use the API is: {$json_token}.
If you think it might be compromised, you can generate a new one.
{/if}
{include="footer"}
diff --git a/tpl/default/settings.html b/tpl/default/settings.html
index 8839e98..f08bac8 100644
--- a/tpl/default/settings.html
+++ b/tpl/default/settings.html
@@ -4,10 +4,10 @@
Edit homepage notice