time() - (15*60) AND strpos($_SERVER['HTTP_REFERER'], 'http://'.$CONFIG['base_url'].'/index.php') == 0) { //Check wether we are the person who receive the money or the admin if($_SESSION['id'] == $_GET['a'] || $_SESSION['admin'] == 1) { //And check that we didn't validate it before $req_count = $bdd->prepare('SELECT COUNT(*) AS nbre_paiements FROM paiements WHERE de=:de AND a=:a AND id_depense=:id_depense'); $req_count->bindValue(':de', $_GET['de']); $req_count->bindValue(':a', $_GET['a']); $req_count->bindValue(':id_depense', $_GET['id_depense']); $req_count->execute(); $count = $req_count->fetch(); if($count['nbre_paiements'] == 0) //If everything is ok -> validation { $req = $bdd->prepare('INSERT INTO paiements(id, de, a, id_depense, date, montant) VALUES("", :de, :a, :id_depense, :date, :montant)'); $req->bindValue(':de', $_GET['de']); $req->bindValue(':a', $_GET['a']); $req->bindValue(':id_depense', $_GET['id_depense']); $req->bindValue(':date', time()); $req_montant = $bdd->prepare('SELECT montant, copains, invites FROM depenses WHERE id=:id_depense'); $req_montant->bindValue(':id_depense', $_GET['id_depense']); $req_montant->execute(); $donnees_montant = $req_montant->fetch(); $montant = $donnees_montant['montant']/(substr_count($donnees_montant['copains'], ',') + 1 + $donnees_montant['invites']); $req->bindValue(':montant', $montant); $req->execute(); } else //If entry already exist -> we update it because the cost of the meal may have been changed { $req_montant = $bdd->prepare('SELECT montant, copains, invites FROM depenses WHERE id=:id_depense'); $req_montant->bindValue(':id_depense', $_GET['id_depense']); $req_montant->execute(); $donnees_montant = $req_montant->fetch(); $montant = $donnees_montant['montant']/(substr_count($donnees_montant['copains'], ',') + 1 + $donnees_montant['invites']); $req = $bdd->prepare('UPDATE paiements SET montant=:montant, date=:date WHERE de=:de AND a=:a AND id_depense=:id_depense'); $req->bindValue(':de', $_GET['de']); $req->bindValue(':a', $_GET['a']); $req->bindValue(':id_depense', $_GET['id_depense']); $req->bindValue(':date', time()); $req->bindValue(':montant', $montant); $req->execute(); } header('location: message.php?id=10'); exit(); } else { header('location: message.php?id=9'); exit(); } } //If we want to add a new meal (or edit it) if(isset($_POST['menu']) && isset($_POST['jour']) && isset($_POST['mois']) && isset($_POST['annee']) && isset($_POST['AM_PM']) && isset($_POST['montant']) && isset($_POST['invites']) && !empty($_POST['token']) && $_POST['token'] == $_SESSION['token_modif'] && $_SESSION['token_modif_time'] > time() - (15*60) AND strpos($_SERVER['HTTP_REFERER'], 'http://'.$CONFIG['base_url'].'/index.php') == 0) { if(!empty($_POST['id'])) { $req = $bdd->query('SELECT de FROM depenses WHERE id='.(int) $_POST['id']); $donnees = $req->fetch(); if($donnees['de'] != $_SESSION['id'] && $_SESSION['admin'] != 1) { header('location: message.php?id=9'); exit(); } $req = $bdd->prepare('UPDATE depenses SET menu=:menu, date=:date, montant=:montant, copains=:copains, invites=:invites WHERE id='.(int) $_POST['id']); $message = 2; } else { $req = $bdd->prepare('INSERT INTO depenses (id, menu, date, de, copains, montant, invites) VALUES ("", :menu, :date, '.$_SESSION['id'].', :copains, :montant, :invites)'); $message = 3; } //Here, we treat $_POST['copain_...'] $copains_req = $bdd->query('SELECT id FROM copains ORDER BY id ASC'); $i = 0; $copains_insert = ''; while($copain_base = $copains_req->fetch()) { if(!empty($_POST['copain_'.$copain_base['id']])) { if($i != 0) { $copains_insert .= ','; } $copains_insert .= $copain_base['id']; $i = 1; } } $req->bindValue(':menu', $_POST['menu']); $req->bindValue(':date', mktime($_POST['AM_PM'], 0, 0, $_POST['mois'], $_POST['jour'], $_POST['annee'])); $req->bindValue(':copains', $copains_insert); $req->bindValue(':montant', (float) strtr($_POST['montant'], ',', '.')); $req->bindValue(':invites', (int) $_POST['invites']); $req->execute(); header('location: message.php?id='.$message); exit(); } else //Else, we just display the form { if(isset($_GET['id'])) //And get the data to prefill if we edit a meal { $modif = (int) $_GET['id']; $req = $bdd->query('SELECT menu, de, date, copains, montant, invites FROM depenses WHERE id='.$modif); $donnees = $req->fetch(); if($donnees['de'] != $_SESSION['id'] && $_SESSION['admin'] != 1) { header('location: message.php?id=9'); exit(); } $copains_modif = explode(',', $donnees['copains']); } $_SESSION['token_modif'] = sha1(uniqid(rand(), true)); //We generate a token and store it in a session variable $_SESSION['token_modif_time'] = time(); //We also store the time at which the token has been generated ?> Bouffe@Ulm

Bouffe@Ulm

Modifier une dépense'; else echo '

Ajouter une dépense

'; ?>

/>€

Copains :
query('SELECT id, nom FROM copains ORDER BY nom ASC'); while($donnees2 = $req2->fetch()) { if((isset($copains_modif) && in_array($donnees2['id'], $copains_modif)) || ($_SESSION['id'] == $donnees2['id'])) { echo "
"; } else { echo "
"; } } ?> "/>

ou retour à l'accueil