protected function doAuth($level) { if (S::identified()) { // Nothing to do there return User::getSilentWithValues(null, array('uid' => S::i('uid'))); } if (!Get::has('auth')) { return null; } global $globals; if (md5('1' . S::v('challenge') . $globals->xnet->secret . Get::i('uid') . '1') != Get::v('auth')) { return null; } Get::kill('auth'); S::set('auth', AUTH_PASSWD); return User::getSilentWithValues(null, array('uid' => Get::i('uid'))); }
function handler_xnet_payment($page, $pid = null) { global $globals; $perms = S::v('perms'); if (is_null($pid)) { if (!(S::identified() && $perms->hasFlag('groupadmin'))) { return PL_FORBIDDEN; } } else { if (!(S::identified() && $perms->hasFlag('groupmember'))) { $res = XDB::query("SELECT 1\n FROM group_events AS e\n INNER JOIN group_event_participants AS ep ON (ep.eid = e.eid AND ep.uid = {?})\n WHERE e.paiement_id = {?} AND e.asso_id = {?}", S::i('uid'), $pid, $globals->asso('id')); $public = XDB::query("SELECT 1\n FROM payments AS p\n INNER JOIN group_events AS g ON (g.paiement_id = p.id)\n WHERE g.asso_id = {?} AND p.id = {?} AND FIND_IN_SET('public', p.flags)", $globals->asso('id'), $pid); if ($res->numRows() == 0 && $public->numRows() == 0) { return PL_FORBIDDEN; } } } if (!is_null($pid)) { return $this->handler_payment($page, $pid); } $page->changeTpl('payment/xnet.tpl'); $res = XDB::query("SELECT id, text, url\n FROM payments\n WHERE asso_id = {?} AND NOT FIND_IN_SET('old', flags)\n ORDER BY id DESC", $globals->asso('id')); $tit = $res->fetchAllAssoc(); $page->assign('titles', $tit); $trans = array(); $event = array(); if (may_update()) { static $orders = array('ts_confirmed' => 'p', 'directory_name' => 'a', 'promo' => 'pd', 'comment' => 'p', 'amount' => 'p'); if (Get::has('order_id') && Get::has('order') && array_key_exists(Get::v('order'), $orders)) { $order_id = Get::i('order_id'); $order = Get::v('order'); $ordering = ' ORDER BY ' . $orders[$order] . '.' . $order; if (Get::has('order_inv') && Get::i('order_inv') == 1) { $ordering .= ' DESC'; $page->assign('order_inv', 0); } else { $page->assign('order_inv', 1); } $page->assign('order_id', $order_id); $page->assign('order', $order); $page->assign('anchor', 'legend_' . $order_id); } else { $order_id = false; $ordering = ''; $page->assign('order', false); } } else { $ordering = ''; $page->assign('order', false); } foreach ($tit as $foo) { $pid = $foo['id']; if (may_update()) { $res = XDB::query('SELECT p.uid, IF(p.ts_confirmed = \'0000-00-00\', 0, p.ts_confirmed) AS date, p.comment, p.amount FROM payment_transactions AS p INNER JOIN accounts AS a ON (a.uid = p.uid) LEFT JOIN account_profiles AS ap ON (ap.uid = p.uid AND FIND_IN_SET(\'owner\', ap.perms)) LEFT JOIN profile_display AS pd ON (ap.pid = pd.pid) WHERE p.ref = {?}' . ($order_id == $pid ? $ordering : ''), $pid); $trans[$pid] = User::getBulkUsersWithUIDs($res->fetchAllAssoc(), 'uid', 'user'); $sum = 0; foreach ($trans[$pid] as $i => $t) { $sum += $t['amount']; $trans[$pid][$i]['amount'] = $t['amount']; } $trans[$pid][] = array('limit' => true, 'amount' => $sum); } $res = XDB::iterRow("SELECT e.eid, e.short_name, e.intitule, ep.nb, ei.montant, ep.paid\n FROM group_events AS e\n LEFT JOIN group_event_participants AS ep ON (ep.eid = e.eid AND ep.uid = {?})\n INNER JOIN group_event_items AS ei ON (ep.eid = ei.eid AND ep.item_id = ei.item_id)\n WHERE e.paiement_id = {?}", S::v('uid'), $pid); $event[$pid] = array(); $event[$pid]['paid'] = 0; if ($res->total()) { $event[$pid]['topay'] = 0; while (list($eid, $shortname, $title, $nb, $montant, $paid) = $res->next()) { $event[$pid]['topay'] += $nb * $montant; $event[$pid]['eid'] = $eid; $event[$pid]['shortname'] = $shortname; $event[$pid]['title'] = $title; $event[$pid]['ins'] = !is_null($nb); $event[$pid]['paid'] = $paid; } } $res = XDB::query('SELECT SUM(amount) AS sum_amount FROM payment_transactions WHERE ref = {?} AND uid = {?}', $pid, S::v('uid')); $event[$pid]['paid'] = $res->fetchOneCell(); } $page->register_modifier('decode_comment', 'decode_comment'); $page->assign('trans', $trans); $page->assign('event', $event); }