233 lines
9.6 KiB
PHP
233 lines
9.6 KiB
PHP
<?php
|
|
require('include.php');
|
|
init(true, false);
|
|
|
|
//If we want to validate something someone paid us
|
|
if(isset($_GET['de']) && isset($_GET['a']) && isset($_GET['id_depense']) && !empty($_GET['token']) && $_GET['token'] == $_SESSION['token_validate_single'] && $_SESSION['token_validate_single_time'] > time() - (15*60) AND strpos($_SERVER['HTTP_REFERER'], 'http://'.$CONFIG['base_url'].'/index.php') == 0)
|
|
{
|
|
//Check wether we are the person who receive the money or the admin
|
|
if($_SESSION['id'] == $_GET['a'] || $_SESSION['admin'] == 1)
|
|
{
|
|
//And check that we didn't validate it before
|
|
$req_count = $bdd->prepare('SELECT COUNT(*) AS nbre_paiements FROM paiements WHERE de=:de AND a=:a AND id_depense=:id_depense');
|
|
$req_count->bindValue(':de', $_GET['de']);
|
|
$req_count->bindValue(':a', $_GET['a']);
|
|
$req_count->bindValue(':id_depense', $_GET['id_depense']);
|
|
$req_count->execute();
|
|
|
|
$count = $req_count->fetch();
|
|
|
|
if($count['nbre_paiements'] == 0) //If everything is ok -> validation
|
|
{
|
|
$req = $bdd->prepare('INSERT INTO paiements(id, de, a, id_depense, date, montant) VALUES("", :de, :a, :id_depense, :date, :montant)');
|
|
$req->bindValue(':de', $_GET['de']);
|
|
$req->bindValue(':a', $_GET['a']);
|
|
$req->bindValue(':id_depense', $_GET['id_depense']);
|
|
$req->bindValue(':date', time());
|
|
|
|
$req_montant = $bdd->prepare('SELECT montant, copains, invites FROM depenses WHERE id=:id_depense');
|
|
$req_montant->bindValue(':id_depense', $_GET['id_depense']);
|
|
$req_montant->execute();
|
|
$donnees_montant = $req_montant->fetch();
|
|
$montant = $donnees_montant['montant']/(substr_count($donnees_montant['copains'], ',') + 1 + $donnees_montant['invites']);
|
|
|
|
$req->bindValue(':montant', $montant);
|
|
$req->execute();
|
|
}
|
|
else //If entry already exist -> we update it because the cost of the meal may have been changed
|
|
{
|
|
$req_montant = $bdd->prepare('SELECT montant, copains, invites FROM depenses WHERE id=:id_depense');
|
|
$req_montant->bindValue(':id_depense', $_GET['id_depense']);
|
|
$req_montant->execute();
|
|
$donnees_montant = $req_montant->fetch();
|
|
$montant = $donnees_montant['montant']/(substr_count($donnees_montant['copains'], ',') + 1 + $donnees_montant['invites']);
|
|
|
|
$req = $bdd->prepare('UPDATE paiements SET montant=:montant, date=:date WHERE de=:de AND a=:a AND id_depense=:id_depense');
|
|
$req->bindValue(':de', $_GET['de']);
|
|
$req->bindValue(':a', $_GET['a']);
|
|
$req->bindValue(':id_depense', $_GET['id_depense']);
|
|
$req->bindValue(':date', time());
|
|
|
|
$req->bindValue(':montant', $montant);
|
|
$req->execute();
|
|
}
|
|
|
|
header('location: message.php?id=10');
|
|
exit();
|
|
}
|
|
else
|
|
{
|
|
header('location: message.php?id=9');
|
|
exit();
|
|
}
|
|
}
|
|
|
|
//If we want to add a new meal (or edit it)
|
|
if(isset($_POST['menu']) && isset($_POST['jour']) && isset($_POST['mois']) && isset($_POST['annee']) && isset($_POST['AM_PM']) && isset($_POST['montant']) && isset($_POST['invites']) && !empty($_POST['token']) && $_POST['token'] == $_SESSION['token_modif'] && $_SESSION['token_modif_time'] > time() - (15*60) AND strpos($_SERVER['HTTP_REFERER'], 'http://'.$CONFIG['base_url'].'/index.php') == 0)
|
|
{
|
|
if(!empty($_POST['id']))
|
|
{
|
|
$req = $bdd->query('SELECT de FROM depenses WHERE id='.(int) $_POST['id']);
|
|
$donnees = $req->fetch();
|
|
|
|
if($donnees['de'] != $_SESSION['id'] && $_SESSION['admin'] != 1)
|
|
{
|
|
header('location: message.php?id=9');
|
|
exit();
|
|
}
|
|
|
|
$req = $bdd->prepare('UPDATE depenses SET menu=:menu, date=:date, montant=:montant, copains=:copains, invites=:invites WHERE id='.(int) $_POST['id']);
|
|
$message = 2;
|
|
}
|
|
else
|
|
{
|
|
$req = $bdd->prepare('INSERT INTO depenses (id, menu, date, de, copains, montant, invites) VALUES ("", :menu, :date, '.$_SESSION['id'].', :copains, :montant, :invites)');
|
|
$message = 3;
|
|
}
|
|
|
|
//Here, we treat $_POST['copain_...']
|
|
$copains_req = $bdd->query('SELECT id FROM copains ORDER BY id ASC');
|
|
$i = 0;
|
|
$copains_insert = '';
|
|
|
|
while($copain_base = $copains_req->fetch())
|
|
{
|
|
if(!empty($_POST['copain_'.$copain_base['id']]))
|
|
{
|
|
if($i != 0)
|
|
{
|
|
$copains_insert .= ',';
|
|
}
|
|
$copains_insert .= $copain_base['id'];
|
|
$i = 1;
|
|
}
|
|
}
|
|
|
|
$req->bindValue(':menu', $_POST['menu']);
|
|
$req->bindValue(':date', mktime($_POST['AM_PM'], 0, 0, $_POST['mois'], $_POST['jour'], $_POST['annee']));
|
|
$req->bindValue(':copains', $copains_insert);
|
|
$req->bindValue(':montant', (float) strtr($_POST['montant'], ',', '.'));
|
|
$req->bindValue(':invites', (int) $_POST['invites']);
|
|
$req->execute();
|
|
header('location: message.php?id='.$message);
|
|
exit();
|
|
}
|
|
else //Else, we just display the form
|
|
{
|
|
if(isset($_GET['id'])) //And get the data to prefill if we edit a meal
|
|
{
|
|
$modif = (int) $_GET['id'];
|
|
$req = $bdd->query('SELECT menu, de, date, copains, montant, invites FROM depenses WHERE id='.$modif);
|
|
|
|
$donnees = $req->fetch();
|
|
|
|
if($donnees['de'] != $_SESSION['id'] && $_SESSION['admin'] != 1)
|
|
{
|
|
header('location: message.php?id=9');
|
|
exit();
|
|
}
|
|
|
|
$copains_modif = explode(',', $donnees['copains']);
|
|
}
|
|
$_SESSION['token_modif'] = sha1(uniqid(rand(), true)); //We generate a token and store it in a session variable
|
|
$_SESSION['token_modif_time'] = time(); //We also store the time at which the token has been generated
|
|
?>
|
|
<!DOCTYPE html>
|
|
<html lang="fr">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<title>Bouffe@Ulm</title>
|
|
<link rel="stylesheet" media="screen" type="text/css" href="misc/design.css" />
|
|
<script type="text/javascript" src="misc/modif.js"></script>
|
|
<link rel="icon" href="favicon.ico" />
|
|
</head>
|
|
<body>
|
|
<h1>Bouffe@Ulm</h1>
|
|
<?php
|
|
if(isset($modif)) echo '<h2>Modifier une dépense</h2>'; else echo '<h2>Ajouter une dépense</h2>';
|
|
?>
|
|
<form method="post" action="modif.php">
|
|
<p><label for="menu">Menu : </label><textarea name="menu" value="menu" cols="40" rows="5"><?php if(isset($modif)) { echo nl2br(htmlspecialchars($donnees['menu']));}?></textarea></p>
|
|
<p><label for="jour">Date : </label>
|
|
<select name="jour" id="jour">
|
|
<?php
|
|
for($i=1; $i<32; $i++)
|
|
{
|
|
if((date('j') == $i && !isset($modif)) || (isset($modif) && date('j', $donnees['date']) == $i))
|
|
{
|
|
echo "<option value='".$i."' selected='selected'>".$i."</option>";
|
|
}
|
|
else
|
|
{
|
|
echo "<option value='".$i."'>".$i."</option>";
|
|
}
|
|
}
|
|
?>
|
|
</select>
|
|
<select name="mois" id="mois">
|
|
<?php
|
|
for($i=1; $i<13; $i++)
|
|
{
|
|
if((date('m') == $i && !isset($modif)) || (isset($modif) && date('m', $donnees['date']) == $i))
|
|
{
|
|
echo "<option value='".$i."' selected='selected'>".$i."</option>";
|
|
}
|
|
else
|
|
{
|
|
echo "<option value='".$i."'>".$i."</option>";
|
|
}
|
|
}
|
|
?>
|
|
</select>
|
|
<select name="AM_PM">
|
|
<option value='11' <?php if((date('A') == "AM" && !isset($modif)) || (isset($modif) && date('A', $donnees['date']) == "AM")) { echo 'selected="selected"';}?>>Midi</option>
|
|
<option value='22' <?php if((date('A') == "PM" && !isset($modif)) || (isset($modif) && date('A', $donnees['date']) == "PM")) { echo 'selected="selected"';}?>>Soir</option>
|
|
</select>
|
|
<select name="annee" id="annee">
|
|
<?php
|
|
for($i=date('Y')-1; $i<date('Y')+2; $i++)
|
|
{
|
|
if((date('Y') == $i && !isset($modif)) || (isset($modif) && date('Y', $donnees['date']) == $i))
|
|
{
|
|
echo "<option value='".$i."' selected='selected'>".$i."</option>";
|
|
}
|
|
else
|
|
{
|
|
echo "<option value='".$i."'>".$i."</option>";
|
|
}
|
|
}
|
|
?>
|
|
</select>
|
|
</p>
|
|
<p><label for="montant">Montant : </label><input type="text" size="5" maxlength="6" name="montant" id="montant" <?php if(isset($modif)) echo 'value="'.$donnees['montant'].'"';?>/>€</p>
|
|
<p style="text-align: left; display: inline-block;">Copains : <br/>
|
|
<?php
|
|
$req2 = $bdd->query('SELECT id, nom FROM copains ORDER BY nom ASC');
|
|
while($donnees2 = $req2->fetch())
|
|
{
|
|
if((isset($copains_modif) && in_array($donnees2['id'], $copains_modif)) || ($_SESSION['id'] == $donnees2['id']))
|
|
{
|
|
echo "<input type='checkbox' name='copain_".htmlspecialchars($donnees2['id'])."' id='copain_".htmlspecialchars($donnees2['id'])."' checked='checked'/><label for='copain_".htmlspecialchars($donnees2['id'])."' class='inline'>".htmlspecialchars($donnees2['nom'])."</label><br/>";
|
|
}
|
|
else
|
|
{
|
|
echo "<input type='checkbox' name='copain_".htmlspecialchars($donnees2['id'])."' id='copain_".htmlspecialchars($donnees2['id'])."'/><label for='copain_".htmlspecialchars($donnees2['id'])."' class='inline'>".htmlspecialchars($donnees2['nom'])."</label><br/>";
|
|
}
|
|
}
|
|
?>
|
|
<input type="number" name="invites" id="invites" size="2" maxlength="2" value="<?php if(isset($donnees['invites'])) echo (int) $donnees['invites']; else echo "0";?>"/>
|
|
<label for="invites" class="inline" id="invites_label">
|
|
<?php if(isset($donnees['invites']) && $donnees['invites'] > 1) echo 'invités'; else echo 'invité';?>
|
|
</label>
|
|
</p>
|
|
<p>
|
|
<input type="submit" value="<?php if(isset($modif)) { echo 'Modifier'; } else { echo 'Ajouter';}?>"/> ou <a href="index.php">retour à l'accueil</a><input type="hidden" name="id" value="<?php if(isset($modif)) { echo $modif;}?>"/>
|
|
<input type="hidden" name="token" value="<?php echo $_SESSION['token_modif'];?>"/>
|
|
</p>
|
|
</form>
|
|
</body>
|
|
</html>
|
|
<?php
|
|
}
|
|
?>
|