Validate global paybacks

TODO

@@ -2,7 +2,6 @@ Issues :
 ========
 * Check CSRF everywhere
 * Close a global payback
-* View see_paybacks in english
 * Sort global paybacks DESC by DATE or id
 
 Improvements :

index.php

@@ -698,6 +698,39 @@
             $tpl->draw('see_paybacks');
             break;
 
+        case "confirm_global_paybacks":
+            if(!empty($_GET['from']) && !empty($_GET['to']) && !empty($_GET['payback_id']) && $_GET['from'] != $_GET['to']) {
+                if($_GET['to'] == $current_user->getId() || $current_user->getAdmin()) {
+                    $global_payback = new GlobalPayback();
+                    $global_payback = $global_payback->load(array('id'=>(int) $_GET['payback_id']), true);
+
+                    $users_in = $global_payback->getUsersIn()->get();
+
+                    $users_in[(int) $_GET['from']][(int) $_GET['to']] = 0;
+                    $users_in[(int) $_GET['to']][(int) $_GET['from']] = 0;
+
+                    $global_payback->setUsersIn($users_in);
+
+                    $global_payback->save();
+
+                    // Clear the cache
+                    ($cached_files = glob(raintpl::$cache_dir."*.rtpl.php")) or ($cached_files = array());
+                    array_map("unlink", $cached_files);
+
+                    header('location: index.php');
+                    exit();
+
+                }
+                else {
+                    $tpl->assign('error', $errors['unauthorized']);
+                    $tpl->draw('index');
+                }
+            }
+            else {
+                header('location: index.php?'.$get_redir);
+            }
+            break;
+
         case "manage_paybacks":
             if(empty($_GET['new'])) {
                 $global_paybacks = new GlobalPayback();

tpl/default_en/see_paybacks.html

@@ -32,7 +32,7 @@
                     {else}
                         <td>
                             {if condition="$table[$key1][$key2] != 0"}
-                                <a href="?do=confirm_global_paybacks&amp;from={$key1}&amp;to={$key2}" title="Confirm payback">{$table[$key1][$key2]}</a>
+                                <a href="?do=confirm_global_paybacks&amp;from={$key1}&amp;to={$key2}&amp;payback_id={$global_paybacks->getId()}" title="Confirm payback">{$table[$key1][$key2]}</a>
                             {else}
                                 -
                             {/if}

tpl/default_fr/see_paybacks.html

@@ -32,7 +32,7 @@
                     {else}
                         <td>
                             {if condition="$table[$key1][$key2] != 0"}
-                                <a href="?do=confirm_global_paybacks&amp;from={$key1}&amp;to={$key2}" title="Confirmer le remboursement">{$table[$key1][$key2]}</a>
+                                <a href="?do=confirm_global_paybacks&amp;from={$key1}&amp;to={$key2}&amp;payback_id={$global_paybacks->getId()}" title="Confirmer le remboursement">{$table[$key1][$key2]}</a>
                             {else}
                                 -
                             {/if}