From 337c3d81f0280420ce8817ff5e46b2f86280736d Mon Sep 17 00:00:00 2001 From: Phyks Date: Sat, 30 Aug 2014 23:39:41 +0200 Subject: [PATCH] Further refactoring --- TODO | 9 -------- inc/User.class.php | 2 +- index.php | 42 ++++++++++++++++++------------------- install.php | 5 +---- tpl/default/edit_users.html | 22 +++++++++---------- tpl/default/settings.html | 39 +++++++++++++++++----------------- 6 files changed, 54 insertions(+), 65 deletions(-) delete mode 100644 TODO diff --git a/TODO b/TODO deleted file mode 100644 index 35e18d8..0000000 --- a/TODO +++ /dev/null @@ -1,9 +0,0 @@ -* Notifications by e-mail for users - -Improvements : -============== -* User groups -* Search invoice -* JSON output => do index view -* API -* README file diff --git a/inc/User.class.php b/inc/User.class.php index 81a5f0d..e6d4350 100644 --- a/inc/User.class.php +++ b/inc/User.class.php @@ -29,7 +29,7 @@ class User extends Storage { } public function getDisplayName() { - return $this->display_name; + return (!empty($this->display_name) ? $this->display_name : $this->login); } public function getId() { diff --git a/index.php b/index.php index e6e2a97..8953967 100644 --- a/index.php +++ b/index.php @@ -54,7 +54,7 @@ $tpl->assign('base_url', htmlspecialchars(BASE_URL)); $tpl->assign('currency', htmlspecialchars(CURRENCY)); $tpl->assign('email_webmaster', htmlspecialchars(EMAIL_WEBMASTER)); - + $current_user = new User(); if(isset($_SESSION['current_user'])) { $current_user->sessionRestore($_SESSION['current_user'], true); @@ -112,13 +112,13 @@ } else { //If json token not available - + // If not connected, redirect to connection page if($current_user === false && (empty($_GET['do']) OR $_GET['do'] != 'connect')) { header('location: index.php?do=connect&'.$get_redir); exit(); } - + // If IP has changed, logout if($current_user !== false && user_ip() != $_SESSION['ip']) { logout(); @@ -201,7 +201,7 @@ $error = true; $tpl->assign('error', $errors['email_invalid'][LANG]); } - + $current_user->setNotifications($_POST['notifications']); $current_user->save(); @@ -228,7 +228,7 @@ exit(); } - if(!empty($_POST['login']) && !empty($_POST['display_name']) && !empty($_POST['email']) && (!empty($_POST['password']) || !empty($_POST['user_id'])) && !empty($_POST['notifications']) && isset($_POST['admin'])) { + if(!empty($_POST['login']) && (!empty($_POST['password']) || !empty($_POST['user_id'])) && !empty($_POST['notifications']) && isset($_POST['admin'])) { if(check_token(600, 'edit_users')) { $user = new User(); if(!empty($_POST['user_id'])) { @@ -238,7 +238,7 @@ $user->newJsonToken(); } $user->setLogin($_POST['login']); - $user->setDisplayName($_POST['display_name']); + $user->setDisplayName(!empty($_POST['display_name']) ? $_POST['display_name'] : ''); if(!empty($_POST['password'])) { $user->setPassword($user->encrypt($_POST['password'])); } @@ -270,7 +270,7 @@ $tpl->assign('error', $errors['token_error'][LANG]); } } - + if(!empty($_GET['user_id']) || $_GET['do'] == 'add_user') { if(!empty($_GET['user_id'])) { $user_id = (int) $_GET['user_id']; @@ -304,7 +304,7 @@ $user_id = $current_user->getId(); } - if(check_token(600, 'password') || check_token(600, 'edit_users')) { + if(check_token(600, 'password') || check_token(600, 'edit_users')) { $user = new User(); $user = $user->load(array('id'=>$user_id), true); $user->newJsonToken(); @@ -312,7 +312,7 @@ if(empty($_GET['user_id'])) $_SESSION['current_user'] = $user->sessionStore(); - + if(!empty($_GET['user_id'])) header('location: index.php?do=edit_users&user_id='.$user_id); else @@ -398,7 +398,7 @@ // Clear the cache ($cached_files = glob(raintpl::$cache_dir."*.rtpl.php")) or ($cached_files = array()); array_map("unlink", $cached_files); - + header('location: index.php?'.$get_redir); exit(); } @@ -413,7 +413,7 @@ break; case 'settings': - if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_db']) && !empty($_POST['currency']) && !empty($_POST['instance_title']) && !empty($_POST['base_url']) && !empty($_POST['timezone']) && !empty($_POST['email_webmaster']) && !empty($_POST['template'])) { + if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_password']) && !empty($_POST['mysql_db']) && !empty($_POST['instance_title']) && !empty($_POST['base_url']) && !empty($_POST['currency']) && !empty($_POST['timezone']) && !empty($_POST['template'])) { if(check_token(600, 'settings')) { if(!is_writable('data/')) { $tpl>assign('error', $errors['write_error_data'][LANG]); @@ -478,9 +478,9 @@ $tpl->assign('timezone', @date_default_timezone_get()); $tpl->assign('show_settings', true); $tpl->assign('token', generate_token('settings')); - $tpl->assign('templates', listTemplates('tpl/')); - $tpl->assign('current_template', trim(substr(TEMPLATE_DIR, 4), '/')); - $tpl->assign('lang', LANG); + $tpl->assign('templates', secureDisplay(listTemplates('tpl/'))); + $tpl->assign('current_template', htmlspecialchars(trim(substr(TEMPLATE_DIR, 4), '/'))); + $tpl->assign('lang', htmlspecialchars(LANG)); $tpl->draw('settings'); break; @@ -534,7 +534,7 @@ $invoice->setDate(0, int2ampm($_POST['date_hour']), $_POST['date_day'], $_POST['date_month'], $_POST['date_year']); - + $invoice->setUsersIn($users_in); $invoice->save(); @@ -655,7 +655,7 @@ $payback->setTo($_GET['to']); $payback->save(); - + // Clear the cache ($cached_files = glob(raintpl::$cache_dir."*.rtpl.php")) or ($cached_files = array()); array_map("unlink", $cached_files); @@ -798,7 +798,7 @@ case "see_paybacks": $global_paybacks = new GlobalPayback(); - + if(empty($_GET['id'])) { $global_paybacks = $global_paybacks->load(); @@ -1034,7 +1034,7 @@ $simplified_balances[$user1][$user2] = round(abs($value), 2); $balances[$user1] = round($balances[$user1] + abs($value), 2); $balances[$user2] = round($balances[$user2] - abs($value), 2); - } + } break; } } @@ -1068,7 +1068,7 @@ exit(); } } - + $users_list = new User(); $users_list = $users_list->load(); @@ -1165,7 +1165,7 @@ } } - // Then search for all invoices paid by 1 and check if user2 was in + // Then search for all invoices paid by 1 and check if user2 was in $invoices_list_balances = new Invoice(); $invoices_list_balances = $invoices_list_balances->load(array('buyer'=>$user1->getId())); if($invoices_list_balances !== false) { @@ -1201,7 +1201,7 @@ $user_balance = $user_balance - $balances[$current_user->getId()][$user1->getId()]; $user_balance = $user_balance + $balances[$user1->getId()][$current_user->getId()]; } - + $tpl->assign('user_balance', round($user_balance,2)); } diff --git a/install.php b/install.php index a058a08..661186d 100644 --- a/install.php +++ b/install.php @@ -103,9 +103,6 @@ if(!empty($_POST['email_webmaster']) && !filter_var($_POST['email_webmaster'], FILTER_VALIDATE_EMAIL)) { $error = "Webmaster's email address is invalid."; } - else { - $email_webmaster = !empty($_POST['email_webmaster']) ? $_POST['email_webmaster'] : ''; - } if(empty($error)) { if(function_exists('mcrypt_create_iv')) { @@ -128,7 +125,7 @@ define('BASE_URL', '".$_POST['base_url']."'); define('SALT', '".$salt."'); define('CURRENCY', '".$_POST['currency']."'); - define('EMAIL_WEBMASTER', '".$email_webmaster."'); + define('EMAIL_WEBMASTER', '".$_POST['email_webmaster']."'); define('TEMPLATE_DIR', 'tpl/".$_POST['template']."'); define('LANG', '".$_POST['lang']."'); diff --git a/tpl/default/edit_users.html b/tpl/default/edit_users.html index b326d1a..6923d16 100644 --- a/tpl/default/edit_users.html +++ b/tpl/default/edit_users.html @@ -29,13 +29,13 @@

{$user_id != -1 ? 'Edit' : 'Add'} a user

- +

- +

- +

@@ -46,9 +46,9 @@

- Toggle visible + Toggle visible {if condition="$user_id != -1"} -
Note : Leave blank this field if you don't want to edit password. +
Note: Leave blank this field if you don't want to edit password. {/if}

@@ -65,16 +65,16 @@ {if condition="$user_id != -1"}

Personal token for this user

-

The personal token for this user to be used with the API is : {$user_data->getJsonToken()}.
If you think it might be compromised, you can generate a new one.

+

The personal token for this user to be used with the API is: {$user_data->getJsonToken()}.
If you think it might be compromised, you can generate a new one.

{/if} {elseif condition="$view == 'password'"}

Edit your password

-

Toggle visible

-

Toggle visible

+

Toggle visible

+

Toggle visible

- +

@@ -84,11 +84,11 @@

-

Note : Leave blank the password fields if you don't want to edit password.

+

Note: Leave blank the password fields if you don't want to edit password.

Your personal token to use the API

-

Your personal token to use the API is : {$json_token}.
If you think it might be compromised, you can generate a new one.

+

Your personal token to use the API is: {$json_token}.
If you think it might be compromised, you can generate a new one.

{/if} {include="footer"} diff --git a/tpl/default/settings.html b/tpl/default/settings.html index 8839e98..f08bac8 100644 --- a/tpl/default/settings.html +++ b/tpl/default/settings.html @@ -4,10 +4,10 @@

Edit homepage notice

-
+

-

Note : You can use HTML formatting in this form.

+

Note: You can use HTML formatting in this form.

@@ -19,43 +19,44 @@

Database -

Note : Use these settings carefully. Your database won't be updated by the script as it was during install and you'll have to manually update it.

-

+

Note: Use these settings carefully. Your database won't be updated by the script as it was during install and you'll have to manually update it.

+

-

+

- Toggle visible
- Note : Leave the above field blank if you don't want to change your password. + Toggle visible
+ Note: Leave the above field blank if you don't want to change your password.

-
- Note : You must create this database first. +
+ Note: You must create this database first.

-
- Note : Leave the field blank to not use any. You must create the necessary tables manually.

+
+ Note: Leave the field blank to not use any. You must create the necessary tables manually.

General options -

+

-
- Note : This is the base URL from which you access this page. You must keep the trailing "/" in the above address. +
+ Note: This is the base URL from which you access this page. You must keep the trailing "/" in the above address.

-

+

-
- For example : Europe/Paris. See the doc for more info. +
+ For example: Europe/Paris. See the doc for more info.

- + -

+

+