Further refactoring

This commit is contained in:
Phyks 2014-08-30 23:39:41 +02:00
parent d465f2aab9
commit 337c3d81f0
6 changed files with 54 additions and 65 deletions

9
TODO
View File

@ -1,9 +0,0 @@
* Notifications by e-mail for users
Improvements :
==============
* User groups
* Search invoice
* JSON output => do index view
* API
* README file

View File

@ -29,7 +29,7 @@ class User extends Storage {
} }
public function getDisplayName() { public function getDisplayName() {
return $this->display_name; return (!empty($this->display_name) ? $this->display_name : $this->login);
} }
public function getId() { public function getId() {

View File

@ -54,7 +54,7 @@
$tpl->assign('base_url', htmlspecialchars(BASE_URL)); $tpl->assign('base_url', htmlspecialchars(BASE_URL));
$tpl->assign('currency', htmlspecialchars(CURRENCY)); $tpl->assign('currency', htmlspecialchars(CURRENCY));
$tpl->assign('email_webmaster', htmlspecialchars(EMAIL_WEBMASTER)); $tpl->assign('email_webmaster', htmlspecialchars(EMAIL_WEBMASTER));
$current_user = new User(); $current_user = new User();
if(isset($_SESSION['current_user'])) { if(isset($_SESSION['current_user'])) {
$current_user->sessionRestore($_SESSION['current_user'], true); $current_user->sessionRestore($_SESSION['current_user'], true);
@ -112,13 +112,13 @@
} }
else { else {
//If json token not available //If json token not available
// If not connected, redirect to connection page // If not connected, redirect to connection page
if($current_user === false && (empty($_GET['do']) OR $_GET['do'] != 'connect')) { if($current_user === false && (empty($_GET['do']) OR $_GET['do'] != 'connect')) {
header('location: index.php?do=connect&'.$get_redir); header('location: index.php?do=connect&'.$get_redir);
exit(); exit();
} }
// If IP has changed, logout // If IP has changed, logout
if($current_user !== false && user_ip() != $_SESSION['ip']) { if($current_user !== false && user_ip() != $_SESSION['ip']) {
logout(); logout();
@ -201,7 +201,7 @@
$error = true; $error = true;
$tpl->assign('error', $errors['email_invalid'][LANG]); $tpl->assign('error', $errors['email_invalid'][LANG]);
} }
$current_user->setNotifications($_POST['notifications']); $current_user->setNotifications($_POST['notifications']);
$current_user->save(); $current_user->save();
@ -228,7 +228,7 @@
exit(); exit();
} }
if(!empty($_POST['login']) && !empty($_POST['display_name']) && !empty($_POST['email']) && (!empty($_POST['password']) || !empty($_POST['user_id'])) && !empty($_POST['notifications']) && isset($_POST['admin'])) { if(!empty($_POST['login']) && (!empty($_POST['password']) || !empty($_POST['user_id'])) && !empty($_POST['notifications']) && isset($_POST['admin'])) {
if(check_token(600, 'edit_users')) { if(check_token(600, 'edit_users')) {
$user = new User(); $user = new User();
if(!empty($_POST['user_id'])) { if(!empty($_POST['user_id'])) {
@ -238,7 +238,7 @@
$user->newJsonToken(); $user->newJsonToken();
} }
$user->setLogin($_POST['login']); $user->setLogin($_POST['login']);
$user->setDisplayName($_POST['display_name']); $user->setDisplayName(!empty($_POST['display_name']) ? $_POST['display_name'] : '');
if(!empty($_POST['password'])) { if(!empty($_POST['password'])) {
$user->setPassword($user->encrypt($_POST['password'])); $user->setPassword($user->encrypt($_POST['password']));
} }
@ -270,7 +270,7 @@
$tpl->assign('error', $errors['token_error'][LANG]); $tpl->assign('error', $errors['token_error'][LANG]);
} }
} }
if(!empty($_GET['user_id']) || $_GET['do'] == 'add_user') { if(!empty($_GET['user_id']) || $_GET['do'] == 'add_user') {
if(!empty($_GET['user_id'])) { if(!empty($_GET['user_id'])) {
$user_id = (int) $_GET['user_id']; $user_id = (int) $_GET['user_id'];
@ -304,7 +304,7 @@
$user_id = $current_user->getId(); $user_id = $current_user->getId();
} }
if(check_token(600, 'password') || check_token(600, 'edit_users')) { if(check_token(600, 'password') || check_token(600, 'edit_users')) {
$user = new User(); $user = new User();
$user = $user->load(array('id'=>$user_id), true); $user = $user->load(array('id'=>$user_id), true);
$user->newJsonToken(); $user->newJsonToken();
@ -312,7 +312,7 @@
if(empty($_GET['user_id'])) if(empty($_GET['user_id']))
$_SESSION['current_user'] = $user->sessionStore(); $_SESSION['current_user'] = $user->sessionStore();
if(!empty($_GET['user_id'])) if(!empty($_GET['user_id']))
header('location: index.php?do=edit_users&user_id='.$user_id); header('location: index.php?do=edit_users&user_id='.$user_id);
else else
@ -398,7 +398,7 @@
// Clear the cache // Clear the cache
($cached_files = glob(raintpl::$cache_dir."*.rtpl.php")) or ($cached_files = array()); ($cached_files = glob(raintpl::$cache_dir."*.rtpl.php")) or ($cached_files = array());
array_map("unlink", $cached_files); array_map("unlink", $cached_files);
header('location: index.php?'.$get_redir); header('location: index.php?'.$get_redir);
exit(); exit();
} }
@ -413,7 +413,7 @@
break; break;
case 'settings': case 'settings':
if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_db']) && !empty($_POST['currency']) && !empty($_POST['instance_title']) && !empty($_POST['base_url']) && !empty($_POST['timezone']) && !empty($_POST['email_webmaster']) && !empty($_POST['template'])) { if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_password']) && !empty($_POST['mysql_db']) && !empty($_POST['instance_title']) && !empty($_POST['base_url']) && !empty($_POST['currency']) && !empty($_POST['timezone']) && !empty($_POST['template'])) {
if(check_token(600, 'settings')) { if(check_token(600, 'settings')) {
if(!is_writable('data/')) { if(!is_writable('data/')) {
$tpl>assign('error', $errors['write_error_data'][LANG]); $tpl>assign('error', $errors['write_error_data'][LANG]);
@ -478,9 +478,9 @@
$tpl->assign('timezone', @date_default_timezone_get()); $tpl->assign('timezone', @date_default_timezone_get());
$tpl->assign('show_settings', true); $tpl->assign('show_settings', true);
$tpl->assign('token', generate_token('settings')); $tpl->assign('token', generate_token('settings'));
$tpl->assign('templates', listTemplates('tpl/')); $tpl->assign('templates', secureDisplay(listTemplates('tpl/')));
$tpl->assign('current_template', trim(substr(TEMPLATE_DIR, 4), '/')); $tpl->assign('current_template', htmlspecialchars(trim(substr(TEMPLATE_DIR, 4), '/')));
$tpl->assign('lang', LANG); $tpl->assign('lang', htmlspecialchars(LANG));
$tpl->draw('settings'); $tpl->draw('settings');
break; break;
@ -534,7 +534,7 @@
$invoice->setDate(0, int2ampm($_POST['date_hour']), $_POST['date_day'], $_POST['date_month'], $_POST['date_year']); $invoice->setDate(0, int2ampm($_POST['date_hour']), $_POST['date_day'], $_POST['date_month'], $_POST['date_year']);
$invoice->setUsersIn($users_in); $invoice->setUsersIn($users_in);
$invoice->save(); $invoice->save();
@ -655,7 +655,7 @@
$payback->setTo($_GET['to']); $payback->setTo($_GET['to']);
$payback->save(); $payback->save();
// Clear the cache // Clear the cache
($cached_files = glob(raintpl::$cache_dir."*.rtpl.php")) or ($cached_files = array()); ($cached_files = glob(raintpl::$cache_dir."*.rtpl.php")) or ($cached_files = array());
array_map("unlink", $cached_files); array_map("unlink", $cached_files);
@ -798,7 +798,7 @@
case "see_paybacks": case "see_paybacks":
$global_paybacks = new GlobalPayback(); $global_paybacks = new GlobalPayback();
if(empty($_GET['id'])) { if(empty($_GET['id'])) {
$global_paybacks = $global_paybacks->load(); $global_paybacks = $global_paybacks->load();
@ -1034,7 +1034,7 @@
$simplified_balances[$user1][$user2] = round(abs($value), 2); $simplified_balances[$user1][$user2] = round(abs($value), 2);
$balances[$user1] = round($balances[$user1] + abs($value), 2); $balances[$user1] = round($balances[$user1] + abs($value), 2);
$balances[$user2] = round($balances[$user2] - abs($value), 2); $balances[$user2] = round($balances[$user2] - abs($value), 2);
} }
break; break;
} }
} }
@ -1068,7 +1068,7 @@
exit(); exit();
} }
} }
$users_list = new User(); $users_list = new User();
$users_list = $users_list->load(); $users_list = $users_list->load();
@ -1165,7 +1165,7 @@
} }
} }
// Then search for all invoices paid by 1 and check if user2 was in // Then search for all invoices paid by 1 and check if user2 was in
$invoices_list_balances = new Invoice(); $invoices_list_balances = new Invoice();
$invoices_list_balances = $invoices_list_balances->load(array('buyer'=>$user1->getId())); $invoices_list_balances = $invoices_list_balances->load(array('buyer'=>$user1->getId()));
if($invoices_list_balances !== false) { if($invoices_list_balances !== false) {
@ -1201,7 +1201,7 @@
$user_balance = $user_balance - $balances[$current_user->getId()][$user1->getId()]; $user_balance = $user_balance - $balances[$current_user->getId()][$user1->getId()];
$user_balance = $user_balance + $balances[$user1->getId()][$current_user->getId()]; $user_balance = $user_balance + $balances[$user1->getId()][$current_user->getId()];
} }
$tpl->assign('user_balance', round($user_balance,2)); $tpl->assign('user_balance', round($user_balance,2));
} }

View File

@ -103,9 +103,6 @@
if(!empty($_POST['email_webmaster']) && !filter_var($_POST['email_webmaster'], FILTER_VALIDATE_EMAIL)) { if(!empty($_POST['email_webmaster']) && !filter_var($_POST['email_webmaster'], FILTER_VALIDATE_EMAIL)) {
$error = "Webmaster's email address is invalid."; $error = "Webmaster's email address is invalid.";
} }
else {
$email_webmaster = !empty($_POST['email_webmaster']) ? $_POST['email_webmaster'] : '';
}
if(empty($error)) { if(empty($error)) {
if(function_exists('mcrypt_create_iv')) { if(function_exists('mcrypt_create_iv')) {
@ -128,7 +125,7 @@
define('BASE_URL', '".$_POST['base_url']."'); define('BASE_URL', '".$_POST['base_url']."');
define('SALT', '".$salt."'); define('SALT', '".$salt."');
define('CURRENCY', '".$_POST['currency']."'); define('CURRENCY', '".$_POST['currency']."');
define('EMAIL_WEBMASTER', '".$email_webmaster."'); define('EMAIL_WEBMASTER', '".$_POST['email_webmaster']."');
define('TEMPLATE_DIR', 'tpl/".$_POST['template']."'); define('TEMPLATE_DIR', 'tpl/".$_POST['template']."');
define('LANG', '".$_POST['lang']."'); define('LANG', '".$_POST['lang']."');

View File

@ -29,13 +29,13 @@
<h2>{$user_id != -1 ? 'Edit' : 'Add'} a user</h2> <h2>{$user_id != -1 ? 'Edit' : 'Add'} a user</h2>
<form method="post" action="index.php?do={$user_id != -1 ? 'edit_users' : 'add_user'}" id="edit_user_form"> <form method="post" action="index.php?do={$user_id != -1 ? 'edit_users' : 'add_user'}" id="edit_user_form">
<p> <p>
<label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" {if condition="$login_post != ''"} value="{$login_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getLogin().'"' : ''} {/if}/> <label for="login" class="label-block">Login: </label><input type="text" name="login" id="login" {if condition="$login_post != ''"} value="{$login_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getLogin().'"' : ''} {/if}/>
</p> </p>
<p> <p>
<label for="display_name" class="label-block">Displayed name : </label><input type="text" name="display_name" id="display_name" {if condition="$display_name_post != ''"} value="{$display_name_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getDisplayName().'"' : ''} {/if}/> <label for="display_name" class="label-block">Displayed name (optionnal): </label><input type="text" name="display_name" id="display_name" {if condition="$display_name_post != ''"} value="{$display_name_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getDisplayName().'"' : ''} {/if}/>
</p> </p>
<p> <p>
<label for="email" class="label-block">E-mail address : </label><input type="text" name="email" id="email" {if condition="$email_post != ''"} value="{$email_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getEmail().'"' : ''} {/if}/> <label for="email" class="label-block">E-mail address (optionnal): </label><input type="text" name="email" id="email" {if condition="$email_post != ''"} value="{$email_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getEmail().'"' : ''} {/if}/>
</p> </p>
<p> <p>
<label for="notifications" class="label-block">Notifications for </label> <label for="notifications" class="label-block">Notifications for </label>
@ -46,9 +46,9 @@
</select> </select>
</p> </p>
<p> <p>
<label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/> <a href="" onclick="toggle_password('password'); return false;"><img src="img/toggleVisible.png" alt="Toggle visible"/></a> <label for="password" class="label-block">Password: </label><input type="password" name="password" id="password"/> <a href="" onclick="toggle_password('password'); return false;"><img src="img/toggleVisible.png" alt="Toggle visible"/></a>
{if condition="$user_id != -1"} {if condition="$user_id != -1"}
<br/><em>Note :</em> Leave blank this field if you don't want to edit password. <br/><em>Note:</em> Leave blank this field if you don't want to edit password.
{/if} {/if}
</p> </p>
<p id="edit_user_admin_rights"> <p id="edit_user_admin_rights">
@ -65,16 +65,16 @@
{if condition="$user_id != -1"} {if condition="$user_id != -1"}
<h2>Personal token for this user</h2> <h2>Personal token for this user</h2>
<p>The personal token for this user to be used with the API is : {$user_data->getJsonToken()}.<br/>If you think it might be compromised, you can <a href="index.php?do=new_token&user_id={$user_data->getId()}&amp;token={$token}">generate a new one</a>.</p> <p>The personal token for this user to be used with the API is: {$user_data->getJsonToken()}.<br/>If you think it might be compromised, you can <a href="index.php?do=new_token&user_id={$user_data->getId()}&amp;token={$token}">generate a new one</a>.</p>
{/if} {/if}
{elseif condition="$view == 'password'"} {elseif condition="$view == 'password'"}
<h2>Edit your password</h2> <h2>Edit your password</h2>
<form method="post" action="index.php?do=password" id="edit_password_form"> <form method="post" action="index.php?do=password" id="edit_password_form">
<p><label for="password" class="label-block">New password : </label><input type="password" id="password" name="password"/> <a href="" onclick="toggle_password('password'); return false;"><img src="img/toggleVisible.png" alt="Toggle visible"/></a></p> <p><label for="password" class="label-block">New password: </label><input type="password" id="password" name="password"/> <a href="" onclick="toggle_password('password'); return false;"><img src="img/toggleVisible.png" alt="Toggle visible"/></a></p>
<p><label for="password_confirm" class="label-block">Confirm new password : </label><input type="password" id="password_confirm" name="password_confirm"/> <a href="" onclick="toggle_password('password_confirm'); return false;"><img src="img/toggleVisible.png" alt="Toggle visible"/></a></p> <p><label for="password_confirm" class="label-block">Confirm new password: </label><input type="password" id="password_confirm" name="password_confirm"/> <a href="" onclick="toggle_password('password_confirm'); return false;"><img src="img/toggleVisible.png" alt="Toggle visible"/></a></p>
<p> <p>
<label for="email" class="label-block">E-mail address : </label><input type="text" name="email" id="email" value="{$current_user->getEmail()}"/> <label for="email" class="label-block">E-mail address: </label><input type="text" name="email" id="email" value="{$current_user->getEmail()}"/>
</p> </p>
<p> <p>
<label for="notifications" class="label-block">Notifications for </label> <label for="notifications" class="label-block">Notifications for </label>
@ -84,11 +84,11 @@
<option value="3" {if condition="$current_user->getNotifications() == 3"}selected="selected"{/if}>everything involving you.</option> <option value="3" {if condition="$current_user->getNotifications() == 3"}selected="selected"{/if}>everything involving you.</option>
</select> </select>
</p> </p>
<p><em>Note :</em> Leave blank the password fields if you don't want to edit password.</p> <p><em>Note:</em> Leave blank the password fields if you don't want to edit password.</p>
<p class="center"><input type="submit" value="Update"/><input type="hidden" name="token" value="{$token}"</p> <p class="center"><input type="submit" value="Update"/><input type="hidden" name="token" value="{$token}"</p>
</form> </form>
<h2>Your personal token to use the API</h2> <h2>Your personal token to use the API</h2>
<p>Your personal token to use the API is : {$json_token}.<br/>If you think it might be compromised, you can <a href="index.php?do=new_token&amp;token={$token}">generate a new one</a>.</p> <p>Your personal token to use the API is: {$json_token}.<br/>If you think it might be compromised, you can <a href="index.php?do=new_token&amp;token={$token}">generate a new one</a>.</p>
{/if} {/if}
{include="footer"} {include="footer"}

View File

@ -4,10 +4,10 @@
<h2>Edit homepage notice</h2> <h2>Edit homepage notice</h2>
<form method="post" id="notice_form" action="index.php?do=edit_notice"> <form method="post" id="notice_form" action="index.php?do=edit_notice">
<p> <p>
<label for="textarea_notice">Homepage notice :</label><br/> <label for="textarea_notice">Homepage notice:</label><br/>
<textarea name="notice" rows="15" id="textarea_notice">{$notice}</textarea> <textarea name="notice" rows="15" id="textarea_notice">{$notice}</textarea>
</p> </p>
<p><em>Note :</em> You can use HTML formatting in this form.</p> <p><em>Note:</em> You can use HTML formatting in this form.</p>
<p class="center"> <p class="center">
<input type="submit" value="Submit"/> <input type="submit" value="Submit"/>
<input type="hidden" name="token" value="{$token}"/> <input type="hidden" name="token" value="{$token}"/>
@ -19,43 +19,44 @@
<form method="post" action="index.php?do=settings" id="settings_form"> <form method="post" action="index.php?do=settings" id="settings_form">
<fieldset> <fieldset>
<legend>Database</legend> <legend>Database</legend>
<p><em>Note :</em> Use these settings carefully. Your database won't be updated by the script as it was during install and you'll have to manually update it.</p> <p><em>Note:</em> Use these settings carefully. Your database won't be updated by the script as it was during install and you'll have to manually update it.</p>
<p><label for="mysql_host">MySQL host : </label><input type="text" name="mysql_host" id="mysql_host" value="{$mysql_host}"/></p> <p><label for="mysql_host">MySQL host: </label><input type="text" name="mysql_host" id="mysql_host" value="{$mysql_host}"/></p>
<p><label for="mysql_login">MySQL login : </label><input type="text" name="mysql_login" id="mysql_login" value="{$mysql_login}"/></p> <p><label for="mysql_login">MySQL login: </label><input type="text" name="mysql_login" id="mysql_login" value="{$mysql_login}"/></p>
<p> <p>
<label for="mysql_password">MySQL password : </label><input type="password" name="mysql_password" id="mysql_password"/> <a href="" onclick="toggle_password('mysql_password'); return false;"><img src="img/toggleVisible.png" alt="Toggle visible"/></a><br/> <label for="mysql_password">MySQL password: </label><input type="password" name="mysql_password" id="mysql_password"/> <a href="" onclick="toggle_password('mysql_password'); return false;"><img src="img/toggleVisible.png" alt="Toggle visible"/></a><br/>
<em>Note :</em> Leave the above field blank if you don't want to change your password. <em>Note:</em> Leave the above field blank if you don't want to change your password.
</p> </p>
<p> <p>
<label for="mysql_db">Name of the MySQL database to use : </label><input type="text" name="mysql_db" id="mysql_db" value="{$mysql_db}"/><br/> <label for="mysql_db">Name of the MySQL database to use: </label><input type="text" name="mysql_db" id="mysql_db" value="{$mysql_db}"/><br/>
<em>Note :</em> You <em>must</em> create this database first. <em>Note:</em> You <em>must</em> create this database first.
</p> </p>
<p> <p>
<label for="mysql_prefix">Prefix for the created tables : </label><input type="text" name="mysql_prefix" id="mysql_prefix" value="{$mysql_prefix}"/><br/> <label for="mysql_prefix">Prefix for the created tables: </label><input type="text" name="mysql_prefix" id="mysql_prefix" value="{$mysql_prefix}"/><br/>
<em>Note :</em> Leave the field blank to not use any. You must create the necessary tables manually.</p> <em>Note:</em> Leave the field blank to not use any. You must create the necessary tables manually.</p>
</fieldset> </fieldset>
<fieldset> <fieldset>
<legend>General options</legend> <legend>General options</legend>
<p><label for="instance_title">Title to display in pages : </label><input type="text" name="instance_title" id="instance_title" value="{$instance_title}"/></p> <p><label for="instance_title">Title to display in pages: </label><input type="text" name="instance_title" id="instance_title" value="{$instance_title}"/></p>
<p> <p>
<label for="base_url">Base URL : </label><input type="text" size="30" name="base_url" id="base_url" value="{$base_url}"/><br/> <label for="base_url">Base URL: </label><input type="text" size="30" name="base_url" id="base_url" value="{$base_url}"/><br/>
<em>Note :</em> This is the base URL from which you access this page. You must keep the trailing "/" in the above address. <em>Note:</em> This is the base URL from which you access this page. You must keep the trailing "/" in the above address.
</p> </p>
<p><label for="currency">Currency : </label><input type="text" name="currency" id="currency" size="3" value="{$currency}"/></p> <p><label for="currency">Currency: </label><input type="text" name="currency" id="currency" size="3" value="{$currency}"/></p>
<p> <p>
<label for="timezone">Timezone : </label><input type="text" name="timezone" id="timezone" value="{$timezone}"/><br/> <label for="timezone">Timezone: </label><input type="text" name="timezone" id="timezone" value="{$timezone}"/><br/>
<em>For example :</em> Europe/Paris. See the doc for more info. <em>For example:</em> Europe/Paris. See the doc for more info.
</p> </p>
<p> <p>
<label for="template">Template : </label> <label for="template">Template: </label>
<select name="template" id="template"> <select name="template" id="template">
{loop="templates"} {loop="templates"}
<option value="{$value['value']}" {if condition="$value['value'] == $current_template"} selected="selected" {/if}>{$value['option']}</option> <option value="{$value['value']}" {if condition="$value['value'] == $current_template"} selected="selected" {/if}>{$value['option']}</option>
{/loop} {/loop}
</select </select
</p> </p>
<p><label for="email_webmaster">Webmaster's email : </label><input type="text" name="email_webmaster" id="email_webmaster" value="{$email_webmaster}"/></p> <p><label for="lang">Lang: </label><select name="lang" id="lang">TODO</select></p>
<p><label for="email_webmaster">Webmaster's email (optionnal): </label><input type="text" name="email_webmaster" id="email_webmaster" value="{$email_webmaster}"/></p>
</fieldset> </fieldset>
<p class="center"><input type="submit" value="Update settings"><input type="hidden" name="token" value="{$token}"/></p> <p class="center"><input type="submit" value="Update settings"><input type="hidden" name="token" value="{$token}"/></p>
</form> </form>