Bug correction in global paybacks + no more unset vars when token errors appear
This commit is contained in:
parent
dfdfa1f496
commit
afb7c0ef85
2
TODO
2
TODO
@ -1,7 +1,5 @@
|
||||
Issues :
|
||||
========
|
||||
* Regenerate token
|
||||
* Global paybacks
|
||||
* Test fr
|
||||
* Paybacks and user deletion
|
||||
* Minify CSS / JS
|
||||
|
31
index.php
31
index.php
@ -259,19 +259,24 @@
|
||||
$user_id = $current_user->getId();
|
||||
}
|
||||
|
||||
if(check_token(600, 'password')) {
|
||||
if(check_token(600, 'password') || check_token(600, 'edit_users')) {
|
||||
$user = new User();
|
||||
$user = $user->load(array('id'=>$user_id), true);
|
||||
$user->newJsonToken();
|
||||
$user->save();
|
||||
$_SESSION['current_user'] = $user->sessionStore();
|
||||
|
||||
if(!empty($_GET['user_id']))
|
||||
header('location: index.php?do=edit_users&user_id='.$user_id);
|
||||
else
|
||||
header('location: index.php?do=password&'.$get_redir);
|
||||
exit();
|
||||
}
|
||||
else {
|
||||
$tpl->assign('error', $errors['token_error'][LANG]);
|
||||
$tpl->assign('block_error', true);
|
||||
$tpl->draw('index');
|
||||
exit();
|
||||
}
|
||||
break;
|
||||
|
||||
@ -330,7 +335,9 @@
|
||||
}
|
||||
else {
|
||||
$tpl->assign('error', $errors['token_error'][LANG]);
|
||||
$tpl->assign('block_error', 'true');
|
||||
$tpl->draw('index');
|
||||
exit();
|
||||
}
|
||||
}
|
||||
break;
|
||||
@ -544,12 +551,16 @@
|
||||
}
|
||||
else {
|
||||
$tpl->assign('error', $errors['unauthorized'][LANG]);
|
||||
$tpl->assign('block_error', true);
|
||||
$tpl->draw('index');
|
||||
exit();
|
||||
}
|
||||
}
|
||||
else {
|
||||
$tpl->assign('error', $errors['token_error'][LANG]);
|
||||
$tpl->assign('block_error', true);
|
||||
$tpl->draw('index');
|
||||
exit();
|
||||
}
|
||||
}
|
||||
else {
|
||||
@ -598,13 +609,17 @@
|
||||
}
|
||||
else {
|
||||
$tpl->assign('error', $errors['token_error'][LANG]);
|
||||
$tpl->assign('block_error', true);
|
||||
$tpl->draw('index');
|
||||
exit();
|
||||
}
|
||||
|
||||
}
|
||||
else {
|
||||
$tpl->assign('error', $errors['unauthorized'][LANG]);
|
||||
$tpl->assign('block_error', true);
|
||||
$tpl->draw('index');
|
||||
exit();
|
||||
}
|
||||
}
|
||||
else {
|
||||
@ -635,7 +650,9 @@
|
||||
}
|
||||
else {
|
||||
$tpl->assign('error', $errors['token_error'][LANG]);
|
||||
$tpl->assign('block_error', true);
|
||||
$tpl->draw('index');
|
||||
exit();
|
||||
}
|
||||
|
||||
}
|
||||
@ -705,7 +722,9 @@
|
||||
}
|
||||
else {
|
||||
$tpl->assign('error', $errors['token_error'][LANG]);
|
||||
$tpl->assign('block_error', true);
|
||||
$tpl->draw('index');
|
||||
exit();
|
||||
}
|
||||
|
||||
}
|
||||
@ -747,7 +766,7 @@
|
||||
|
||||
$tpl->assign('list', true);
|
||||
$tpl->assign('global_paybacks', $global_paybacks);
|
||||
$tpl->assign('payback', generate_token('global_payback'));
|
||||
$tpl->assign('token', generate_token('global_payback'));
|
||||
|
||||
$tpl->draw('see_paybacks');
|
||||
break;
|
||||
@ -789,7 +808,9 @@
|
||||
}
|
||||
else {
|
||||
$tpl->assign('error', $errors['token_error'][LANG]);
|
||||
$tpl->assign('block_error', true);
|
||||
$tpl->draw('index');
|
||||
exit();
|
||||
}
|
||||
}
|
||||
else {
|
||||
@ -815,7 +836,7 @@
|
||||
$tpl->assign('global_paybacks', $global_paybacks);
|
||||
}
|
||||
else {
|
||||
if(!empty($_POST['users_in'])) {
|
||||
if(!empty($_POST['users_in']) && count($_POST['users_in']) > 1) {
|
||||
if(check_token(600, 'global_payback')) {
|
||||
$global_payback = new GlobalPayback();
|
||||
|
||||
@ -918,7 +939,9 @@
|
||||
}
|
||||
else {
|
||||
$tpl->assign('error', $errors['token_error'][LANG]);
|
||||
$tpl->assign('block_error', true);
|
||||
$tpl->draw('index');
|
||||
exit();
|
||||
}
|
||||
}
|
||||
|
||||
@ -927,7 +950,7 @@
|
||||
|
||||
$tpl->assign('users', $users_list);
|
||||
}
|
||||
$tpl->assign('payback', generate_token('global_payback'));
|
||||
$tpl->assign('token', generate_token('global_payback'));
|
||||
$tpl->draw('manage_paybacks');
|
||||
break;
|
||||
|
||||
|
@ -52,7 +52,7 @@
|
||||
|
||||
{if condition="$user_id != -1"}
|
||||
<h2>Personal token for this user</h2>
|
||||
<p>The personal token for this user to be used with the API is : {$user_data->getJsonToken()}.<br/>If you think it might be compromised, you can <a href="index.php?do=new_token&user_id={$user_data->getId()}&token={$token}">generate a new one</a>.</p>
|
||||
<p>The personal token for this user to be used with the API is : {$user_data->getJsonToken()}.<br/>If you think it might be compromised, you can <a href="index.php?do=new_token&user_id={$user_data->getId()}&token={$token}">generate a new one</a>.</p>
|
||||
{/if}
|
||||
|
||||
{elseif condition="$view == 'password'"}
|
||||
@ -64,6 +64,6 @@
|
||||
</form>
|
||||
|
||||
<h2>Your personal token to use the API</h2>
|
||||
<p>Your personal token to use the API is : {$json_token}.<br/>If you think it might be compromised, you can <a href="index.php?do=new_token">generate a new one</a>.</p>
|
||||
<p>Your personal token to use the API is : {$json_token}.<br/>If you think it might be compromised, you can <a href="index.php?do=new_token&token={$token}">generate a new one</a>.</p>
|
||||
{/if}
|
||||
{include="footer"}
|
||||
|
@ -31,4 +31,5 @@
|
||||
{/if}
|
||||
</div>
|
||||
{/if}
|
||||
{if condition="!empty($error)"}<p class="error">{$error}</p>{/if}
|
||||
{if condition="!empty($error)"}<p class="error">{$error}</p>
|
||||
{if condition="!empty($block_error) && $block_error"}<p class="center"><a href="{$base_url}" onclick="window.history.back(); return false;">Go back to previous page</a></p></body></html>{function="exit();"}{/if}{/if}
|
||||
|
@ -7,7 +7,7 @@
|
||||
{loop="$global_paybacks"}
|
||||
<dt>{$value->getDate()}</dt>
|
||||
<dd>
|
||||
{if condition="$value->getClosed() !== false"}
|
||||
{if condition="$value->getClosed() === false"}
|
||||
<a href="?do=see_paybacks&id={$value->getId()}">Payback n°{$value->getId()}</a>
|
||||
{else}
|
||||
[Closed] Payback n°{$value->getId()}
|
||||
|
@ -52,7 +52,7 @@
|
||||
|
||||
{if condition="$user_id != -1"}
|
||||
<h2>Jeton d'identification pour l'utilisateur</h2>
|
||||
<p>Le jeton personnel d'identification à utiliser pour la connection à l'API est : {$user_data->getJsonToken()}.<br/>Si vous pensez qu'il a pu être compromis, vous pouvez <a href="index.php?do=new_token&user_id={$user_data->getId()}">en générer un nouveau</a>.</p>
|
||||
<p>Le jeton personnel d'identification à utiliser pour la connection à l'API est : {$user_data->getJsonToken()}.<br/>Si vous pensez qu'il a pu être compromis, vous pouvez <a href="index.php?do=new_token&user_id={$user_data->getId()}&token={$token}">en générer un nouveau</a>.</p>
|
||||
{/if}
|
||||
|
||||
{elseif condition="$view == 'password'"}
|
||||
|
@ -31,4 +31,6 @@
|
||||
{/if}
|
||||
</div>
|
||||
{/if}
|
||||
{if condition="!empty($error)"}<p class="error">{$error}</p>{/if}
|
||||
{if condition="!empty($error)"}<p class="error">{$error}</p>
|
||||
{if condition="!empty($block_error) && $block_error"}<p class="center"><a href="{$base_url}" onclick="window.history.back(); return false;">Go back to previous page</a></p></body></html>{function="exit();"}{/if}{/if}
|
||||
|
||||
|
@ -7,7 +7,7 @@
|
||||
{loop="$global_paybacks"}
|
||||
<dt>{$value->getDate()}</dt>
|
||||
<dd>
|
||||
{if condition="$value->getClosed() !== false"}
|
||||
{if condition="$value->getClosed() === false"}
|
||||
<a href="?do=see_paybacks&id={$value->getId()}">Remboursement n°{$value->getId()}</a>
|
||||
{else}
|
||||
[Terminé] Remboursement n°{$value->getId()}
|
||||
|
Loading…
Reference in New Issue
Block a user