phyks/bouffeatulm
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Bug corrections

Browse Source
This commit is contained in:
Phyks 2013-08-25 23:06:47 +02:00
parent eda37541b3
commit 8272ffb725
7 changed files with 115 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
TODO
View File

@ -17,3 +17,18 @@ inc/Invoices.class.php :
Manage paybacks : Manage paybacks :
================= =================
* TODO : Payback system
Tests :
=======
* Remember me ?
* Add a bill
* Edit a bill
* Change settings
Tests passed (quick tests) :
============================
* Connection form
* Edit notice
* Add / Edit user
* Change password

4
inc/User.class.php
View File

@ -65,7 +65,7 @@ class User extends Storage {
$user_data = $this->load(array('login'=>$this->login)); $user_data = $this->load(array('login'=>$this->login));
if(count($user_data) == 1) { if(count($user_data) == 1) {
$this->setId($user_data[0]['id']); $this->setId($user_data[0]['id']);
$this->setDisplayName($user_data[0]['admin']); $this->setDisplayName($user_data[0]['display_name']);
$this->setAdmin($user_data[0]['admin']); $this->setAdmin($user_data[0]['admin']);
$this->setPassword($user_data[0]['password']); $this->setPassword($user_data[0]['password']);
@ -122,7 +122,7 @@ class User extends Storage {
} }
public function isUnique() { public function isUnique() {
if(count($this->load_users(array('login'=>$this->login))) == 0) { if(count($this->load_users(array('login'=>$this->login))) == 0 && count($this->load_users(array('display_name'=>$this->display_name)))) {
return true; return true;
} }
else { else {

133
index.php
View File

@ -118,17 +118,23 @@
case 'password': case 'password':
if(!empty($_POST['password']) && !empty($_POST['password_confirm'])) { if(!empty($_POST['password']) && !empty($_POST['password_confirm'])) {
if($_POST['password'] == $_POST['password_confirm']) { if($_POST['password'] == $_POST['password_confirm']) {
$current_user->setPassword($current_user->encrypt($_POST['password'])); if(check_token(600, 'password')) {
$current_user->save(); $current_user->setPassword($current_user->encrypt($_POST['password']));
$current_user->save();
header('location: index.php'); header('location: index.php');
exit(); exit();
}
else {
$tpl->assign('error', 'Token error. Please resubmit the form.');
}
} }
else { else {
$tpl->assign('error', 'The content of the two password fields doesn\'t match.'); $tpl->assign('error', 'The content of the two password fields doesn\'t match.');
} }
} }
$tpl->assign('view', 'password'); $tpl->assign('view', 'password');
$tpl->assign('token', generate_token('password'));
$tpl->draw('edit_users'); $tpl->draw('edit_users');
break; break;
@ -140,7 +146,7 @@
} }
if(!empty($_POST['login']) && !empty($_POST['display_name']) && (!empty($_POST['password']) || !empty($_POST['user_id'])) && isset($_POST['admin'])) { if(!empty($_POST['login']) && !empty($_POST['display_name']) && (!empty($_POST['password']) || !empty($_POST['user_id'])) && isset($_POST['admin'])) {
if(check_token('edit_users')) { if(check_token(600, 'edit_users')) {
$user = new User(); $user = new User();
if(!empty($_POST['user_id'])) { if(!empty($_POST['user_id'])) {
$user->setId($_POST['user_id']); $user->setId($_POST['user_id']);
@ -152,15 +158,18 @@
} }
$user->setAdmin($_POST['admin']); $user->setAdmin($_POST['admin']);
if($user->isUnique()) { if(!empty($_POST['user_id']) || $user->isUnique()) {
$user->save(); $user->save();
header('location: index.php?do=edit_users'); header('location: index.php?do=edit_users');
exit(); exit();
} }
else { else {
$tpl->assign('error', 'A user with the same login exists. Choose a different login.'); $tpl->assign('error', 'A user with the same login or display name already exists. Choose a different login.');
} }
} }
else {
$tpl->assign('error', 'Token error. Please resubmit the form.');
}
} }
if(!empty($_GET['user_id']) || $_GET['do'] == 'add_user') { if(!empty($_GET['user_id']) || $_GET['do'] == 'add_user') {
@ -212,41 +221,46 @@
break; break;
case 'settings': case 'settings':
if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_db']) && !empty($_POST['currency']) && !empty($_POST['instance_title']) && !empty($_POST['base_url']) && !empty($_POST['timezone']) && !empty($_POST['email_webmaster']) && check_token(600, 'settings')) { if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_db']) && !empty($_POST['currency']) && !empty($_POST['instance_title']) && !empty($_POST['base_url']) && !empty($_POST['timezone']) && !empty($_POST['email_webmaster'])) {
if(!is_writable('data/')) { if(check_token(600, 'settings')) {
$tpl>assign('error', 'The script can\'t write in data/ dir, check permissions set on this folder.'); if(!is_writable('data/')) {
} $tpl>assign('error', 'The script can\'t write in data/ dir, check permissions set on this folder.');
$config = file('data/config.php'); }
$config = file('data/config.php');
foreach($config as $line_number=>$line) { foreach($config as $line_number=>$line) {
if(strpos($line, "MYSQL_HOST") !== FALSE) if(strpos($line, "MYSQL_HOST") !== FALSE)
$config[$line_number] = "\tdefine('MYSQL_HOST', '".$_POST['mysql_host']."');\n"; $config[$line_number] = "\tdefine('MYSQL_HOST', '".$_POST['mysql_host']."');\n";
elseif(strpos($line, "MYSQL_LOGIN") !== FALSE) elseif(strpos($line, "MYSQL_LOGIN") !== FALSE)
$config[$line_number] = "\tdefine('MYSQL_LOGIN', '".$_POST['mysql_login']."');\n"; $config[$line_number] = "\tdefine('MYSQL_LOGIN', '".$_POST['mysql_login']."');\n";
elseif(strpos($line, "MYSQL_PASSWORD") !== FALSE && !empty($_POST['mysql_password'])) elseif(strpos($line, "MYSQL_PASSWORD") !== FALSE && !empty($_POST['mysql_password']))
$config[$line_number] = "\tdefine('MYSQL_PASSWORD', '".$_POST['mysql_password']."');\n"; $config[$line_number] = "\tdefine('MYSQL_PASSWORD', '".$_POST['mysql_password']."');\n";
elseif(strpos($line, "MYSQL_DB") !== FALSE) elseif(strpos($line, "MYSQL_DB") !== FALSE)
$config[$line_number] = "\tdefine('MYSQL_DB', '".$_POST['mysql_db']."');\n"; $config[$line_number] = "\tdefine('MYSQL_DB', '".$_POST['mysql_db']."');\n";
elseif(strpos($line, "MYSQL_PREFIX") !== FALSE && !empty($_POST['mysql_prefix'])) elseif(strpos($line, "MYSQL_PREFIX") !== FALSE && !empty($_POST['mysql_prefix']))
$config[$line_number] = "\tdefine('MYSQL_PREFIX', '".$_POST['mysql_prefix']."');\n"; $config[$line_number] = "\tdefine('MYSQL_PREFIX', '".$_POST['mysql_prefix']."');\n";
elseif(strpos($line, "INSTANCE_TITLE") !== FALSE) elseif(strpos($line, "INSTANCE_TITLE") !== FALSE)
$config[$line_number] = "\tdefine('INSTANCE_TITLE', '".$_POST['instance_title']."');\n"; $config[$line_number] = "\tdefine('INSTANCE_TITLE', '".$_POST['instance_title']."');\n";
elseif(strpos($line, "BASE_URL") !== FALSE) elseif(strpos($line, "BASE_URL") !== FALSE)
$config[$line_number] = "\tdefine('BASE_URL', '".$_POST['base_url']."');\n"; $config[$line_number] = "\tdefine('BASE_URL', '".$_POST['base_url']."');\n";
elseif(strpos($line, "CURRENCY") !== FALSE) elseif(strpos($line, "CURRENCY") !== FALSE)
$config[$line_number] = "\tdefine('CURRENCY', '".$_POST['currency']."');\n"; $config[$line_number] = "\tdefine('CURRENCY', '".$_POST['currency']."');\n";
elseif(strpos($line, "EMAIL_WEBMASTER") !== FALSE) elseif(strpos($line, "EMAIL_WEBMASTER") !== FALSE)
$config[$line_number] = "\tdefine('EMAIL_WEBMASTER', '".$_POST['email_webmaster']."');\n"; $config[$line_number] = "\tdefine('EMAIL_WEBMASTER', '".$_POST['email_webmaster']."');\n";
elseif(strpos($line_number, 'date_default_timezone_set') !== FALSE) elseif(strpos($line_number, 'date_default_timezone_set') !== FALSE)
$config[$line_number] = "\tdate_default_timezone_set('".$_POST['timezone']."');\n"; $config[$line_number] = "\tdate_default_timezone_set('".$_POST['timezone']."');\n";
} }
if(file_put_contents("data/config.php", $config)) { if(file_put_contents("data/config.php", $config)) {
header('location: index.php'); header('location: index.php');
exit(); exit();
}
else {
$tpl->assign('error', 'Unable to write data/config.php file.');
}
} }
else { else {
$tpl->assign('error', 'Unable to write data/config.php file.'); $tpl->assign('error', 'Token error. Please resubmit the form.');
} }
} }
@ -282,29 +296,34 @@
if(!empty($_POST['date_year'])) $date_year = $_POST['date_year']; if(!empty($_POST['date_year'])) $date_year = $_POST['date_year'];
if(!empty($_POST['users_in'])) $users_in = $_POST['users_in']; if(!empty($_POST['users_in'])) $users_in = $_POST['users_in'];
if(!empty($_POST['what']) && !empty($_POST['amount']) && (float) $_POST['amount'] != 0 && !empty($_POST['date_day']) && !empty($_POST['date_month']) && !empty($_POST['date_year']) && !empty($_POST['users_in']) && check_token(600, 'new_invoice')) { if(!empty($_POST['what']) && !empty($_POST['amount']) && (float) $_POST['amount'] != 0 && !empty($_POST['date_day']) && !empty($_POST['date_month']) && !empty($_POST['date_year']) && !empty($_POST['users_in'])) {
$invoice = new Invoice(); if(check_token(600, 'new_invoice')) {
$invoice = new Invoice();
if(!empty($_POST['id'])) if(!empty($_POST['id']))
$invoice->setId($_POST['id']); $invoice->setId($_POST['id']);
$invoice->setWhat($_POST['what']); $invoice->setWhat($_POST['what']);
$invoice->setAmount($_POST['amount']); $invoice->setAmount($_POST['amount']);
$invoice->setBuyer($current_user->getId()); $invoice->setBuyer($current_user->getId());
$invoice->setDate($date_day, $date_month, $date_year); $invoice->setDate($date_day, $date_month, $date_year);
$users_in = ''; $users_in = '';
$guests = array(); $guests = array();
foreach($_POST['users_in'] as $user) { foreach($_POST['users_in'] as $user) {
$users_in .= ($users_in != '') ? ', ' : ''; $users_in .= ($users_in != '') ? ', ' : '';
$users_in .= $user.'('.(!empty($_POST['guest_user_'.$user]) ? (int) $_POST['guest_user_'.$user] : '0').')'; $users_in .= $user.'('.(!empty($_POST['guest_user_'.$user]) ? (int) $_POST['guest_user_'.$user] : '0').')';
$guests[$user] = (int) $_POST['guest_user_'.$user]; $guests[$user] = (int) $_POST['guest_user_'.$user];
}
$invoice->setUsersIn($users_in);
$invoice->save();
header('location: index.php');
exit();
}
else {
$tpl->assign('error', 'Token error. Please resubmit the form.');
} }
$invoice->setUsersIn($users_in);
$invoice->save();
header('location: index.php');
exit();
} }
$users_list = new User(); $users_list = new User();

9
tmp/edit_users.af3906cfde643ae7f290cfdc51cc9342.rtpl.php
View File

@ -35,13 +35,13 @@
</table> </table>
<?php }elseif( $view == 'edit_user' ){ ?> <?php }elseif( $view == 'edit_user' ){ ?>
<h2>Edit a user</h2> <h2><?php echo $user_id != -1 ? 'Edit' : 'Add';?> a user</h2>
<form method="post" action="index.php?do=add_user" id="edit_user_form"> <form method="post" action="index.php?do=<?php echo $user_id != -1 ? 'edit_users' : 'add_user';?>" id="edit_user_form">
<p> <p>
<label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" <?php if( $login_post != '' ){ ?> value="<?php echo $login_post;?>" <?php }else{ ?> <?php echo $user_id != -1 ? 'value="'.$user_data->getLogin().'"' : '';?> <?php } ?>/> <label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" <?php if( $login_post != '' ){ ?> value="<?php echo $login_post;?>" <?php }else{ ?> <?php echo $user_id != -1 ? 'value="'.$user_data->getLogin().'"' : '';?> <?php } ?>/>
</p> </p>
<p> <p>
<label for="display_name" class="label-block">Displayed name : </label><input type="text" name="display_name" id="display_name" <?php if( $display_name_post != '' ){ ?> value="<?php echo $display_name_post;?>" {/else} <?php echo $user_id != -1 ? 'value="'.$user_data->getDisplayName().'"' : '';?> <?php } ?>/> <label for="display_name" class="label-block">Displayed name : </label><input type="text" name="display_name" id="display_name" <?php if( $display_name_post != '' ){ ?> value="<?php echo $display_name_post;?>" <?php }else{ ?> <?php echo $user_id != -1 ? 'value="'.$user_data->getDisplayName().'"' : '';?> <?php } ?>/>
</p> </p>
<p> <p>
<label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/> <label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/>
@ -60,6 +60,7 @@
<input type="submit" value="<?php echo $user_id != -1 ? 'Edit' : 'Add';?>"/> <input type="submit" value="<?php echo $user_id != -1 ? 'Edit' : 'Add';?>"/>
<?php if( $user_id != -1 ){ ?><input type="hidden" name="user_id" value="<?php echo $user_id;?>"/><?php } ?> <?php if( $user_id != -1 ){ ?><input type="hidden" name="user_id" value="<?php echo $user_id;?>"/><?php } ?>
<input type="hidden" name="token" value="<?php echo $token;?>"/>
</p> </p>
</form> </form>
@ -69,7 +70,7 @@
<form method="post" action="index.php?do=password" id="edit_password_form"> <form method="post" action="index.php?do=password" id="edit_password_form">
<p><label for="password" class="label-block">New password : </label><input type="password" id="password" name="password"/></p> <p><label for="password" class="label-block">New password : </label><input type="password" id="password" name="password"/></p>
<p><label for="password_confirm" class="label-block">Confirm new password : </label><input type="password" id="password_confirm" name="password_confirm"/></p> <p><label for="password_confirm" class="label-block">Confirm new password : </label><input type="password" id="password_confirm" name="password_confirm"/></p>
<p class="center"><input type="submit" value="Update"/></p> <p class="center"><input type="submit" value="Update"/><input type="hidden" name="token" value="<?php echo $token;?>"</p>
</form> </form>
<?php } ?> <?php } ?>

12
tmp/settings.af3906cfde643ae7f290cfdc51cc9342.rtpl.php
View File

@ -4,19 +4,25 @@
<?php if( !$show_settings ){ ?> <?php if( !$show_settings ){ ?>
<h2>Edit homepage notice</h2> <h2>Edit homepage notice</h2>
<?php if( $error ){ ?><p class="error"><?php echo $error;?></p><?php } ?>
<form method="post" id="notice_form" action="index.php?do=edit_notice"> <form method="post" id="notice_form" action="index.php?do=edit_notice">
<p> <p>
<label for="textarea_notice">Homepage notice :</label><br/> <label for="textarea_notice">Homepage notice :</label><br/>
<textarea name="notice" rows="15" id="textarea_notice"><?php echo $notice;?></textarea> <textarea name="notice" rows="15" id="textarea_notice"><?php echo $notice;?></textarea>
</p> </p>
<p><em>Note :</em> You can use HTML formatting in this form.</p> <p><em>Note :</em> You can use HTML formatting in this form.</p>
<input type="submit" value="Submit"/> <p>
<input type="submit" value="Submit"/>
<input type="hidden" name="token" value="<?php echo $token;?>"/>
</p>
</form> </form>
<?php }else{ ?> <?php }else{ ?>
<h2>Change settings of your Bouffe@Ulm installation</h2> <h2>Change settings of your Bouffe@Ulm installation</h2>
<?php if( $error ){ ?><p class="error"><?php echo $error;?></p><?php } ?>
<form method="post" action="index.php?do=settings" id="settings_form"> <form method="post" action="index.php?do=settings" id="settings_form">
<fieldset> <fieldset>
<legend>Database</legend> <legend>Database</legend>
@ -50,7 +56,7 @@
</p> </p>
<p><label for="email_webmaster">Webmaster's email : </label><input type="text" name="email_webmaster" id="email_webmaster" value="<?php echo $email_webmaster;?>"/></p> <p><label for="email_webmaster">Webmaster's email : </label><input type="text" name="email_webmaster" id="email_webmaster" value="<?php echo $email_webmaster;?>"/></p>
</fieldset> </fieldset>
<p class="center"><input type="submit" value="Update settings"></p> <p class="center"><input type="submit" value="Update settings"><input type="hidden" name="token" value="<?php echo $token;?>"/></p>
</form> </form>
<?php } ?> <?php } ?>

7
tpl/edit_users.html
View File

@ -28,14 +28,13 @@
{/loop} {/loop}
</table> </table>
{elseif condition="$view == 'edit_user'"} {elseif condition="$view == 'edit_user'"}
<h2>Edit a user</h2> <h2>{$user_id != -1 ? 'Edit' : 'Add'} a user</h2>
{if condition="$error"}<p class="error">{$error}</p>{/if} <form method="post" action="index.php?do={$user_id != -1 ? 'edit_users' : 'add_user'}" id="edit_user_form">
<form method="post" action="index.php?do=add_user" id="edit_user_form">
<p> <p>
<label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" {if condition="$login_post != ''"} value="{$login_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getLogin().'"' : ''} {/if}/> <label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" {if condition="$login_post != ''"} value="{$login_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getLogin().'"' : ''} {/if}/>
</p> </p>
<p> <p>
<label for="display_name" class="label-block">Displayed name : </label><input type="text" name="display_name" id="display_name" {if condition="$display_name_post != ''"} value="{$display_name_post}" {/else} {$user_id != -1 ? 'value="'.$user_data->getDisplayName().'"' : ''} {/if}/> <label for="display_name" class="label-block">Displayed name : </label><input type="text" name="display_name" id="display_name" {if condition="$display_name_post != ''"} value="{$display_name_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getDisplayName().'"' : ''} {/if}/>
</p> </p>
<p> <p>
<label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/> <label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/>

6
tpl/new_invoice.html
View File

@ -1,5 +1,9 @@
{include="header"} {include="header"}
{if condition="$error != ''"}
<p class="error">{$error}</p>
{/if}
<h2>Add a bill</h2> <h2>Add a bill</h2>
<form method="post" action="index.php?do=new_invoice" id="invoice_form"> <form method="post" action="index.php?do=new_invoice" id="invoice_form">
@ -38,7 +42,7 @@
<p> <p>
<input type="submit" value="Add"/> <input type="submit" value="Add"/>
{if condition="$id != 0"}<input type="hidden" name="id" value="{$id}"/>{/if} {if condition="$id != 0"}<input type="hidden" name="id" value="{$id}"/>{/if}
<input type="hidden" name="token" value="{$token"}/> <input type="hidden" name="token" value="{$token}"/>
</p> </p>
</form> </form>