protected function doAuth($level)
{
if (S::identified()) {
// Nothing to do there
return User::getSilentWithValues(null, array('uid' => S::i('uid')));
}
if (!Get::has('auth')) {
return null;
}
global $globals;
if (md5('1' . S::v('challenge') . $globals->xnet->secret . Get::i('uid') . '1') != Get::v('auth')) {
return null;
}
Get::kill('auth');
S::set('auth', AUTH_PASSWD);
return User::getSilentWithValues(null, array('uid' => Get::i('uid')));
}
function handler_xnet_payment($page, $pid = null)
{
global $globals;
$perms = S::v('perms');
if (is_null($pid)) {
if (!(S::identified() && $perms->hasFlag('groupadmin'))) {
return PL_FORBIDDEN;
}
} else {
if (!(S::identified() && $perms->hasFlag('groupmember'))) {
$res = XDB::query("SELECT 1\n FROM group_events AS e\n INNER JOIN group_event_participants AS ep ON (ep.eid = e.eid AND ep.uid = {?})\n WHERE e.paiement_id = {?} AND e.asso_id = {?}", S::i('uid'), $pid, $globals->asso('id'));
$public = XDB::query("SELECT 1\n FROM payments AS p\n INNER JOIN group_events AS g ON (g.paiement_id = p.id)\n WHERE g.asso_id = {?} AND p.id = {?} AND FIND_IN_SET('public', p.flags)", $globals->asso('id'), $pid);
if ($res->numRows() == 0 && $public->numRows() == 0) {
return PL_FORBIDDEN;
}
}
}
if (!is_null($pid)) {
return $this->handler_payment($page, $pid);
}
$page->changeTpl('payment/xnet.tpl');
$res = XDB::query("SELECT id, text, url\n FROM payments\n WHERE asso_id = {?} AND NOT FIND_IN_SET('old', flags)\n ORDER BY id DESC", $globals->asso('id'));
$tit = $res->fetchAllAssoc();
$page->assign('titles', $tit);
$trans = array();
$event = array();
if (may_update()) {
static $orders = array('ts_confirmed' => 'p', 'directory_name' => 'a', 'promo' => 'pd', 'comment' => 'p', 'amount' => 'p');
if (Get::has('order_id') && Get::has('order') && array_key_exists(Get::v('order'), $orders)) {
$order_id = Get::i('order_id');
$order = Get::v('order');
$ordering = ' ORDER BY ' . $orders[$order] . '.' . $order;
if (Get::has('order_inv') && Get::i('order_inv') == 1) {
$ordering .= ' DESC';
$page->assign('order_inv', 0);
} else {
$page->assign('order_inv', 1);
}
$page->assign('order_id', $order_id);
$page->assign('order', $order);
$page->assign('anchor', 'legend_' . $order_id);
} else {
$order_id = false;
$ordering = '';
$page->assign('order', false);
}
} else {
$ordering = '';
$page->assign('order', false);
}
foreach ($tit as $foo) {
$pid = $foo['id'];
if (may_update()) {
$res = XDB::query('SELECT p.uid, IF(p.ts_confirmed = \'0000-00-00\', 0, p.ts_confirmed) AS date, p.comment, p.amount
FROM payment_transactions AS p
INNER JOIN accounts AS a ON (a.uid = p.uid)
LEFT JOIN account_profiles AS ap ON (ap.uid = p.uid AND FIND_IN_SET(\'owner\', ap.perms))
LEFT JOIN profile_display AS pd ON (ap.pid = pd.pid)
WHERE p.ref = {?}' . ($order_id == $pid ? $ordering : ''), $pid);
$trans[$pid] = User::getBulkUsersWithUIDs($res->fetchAllAssoc(), 'uid', 'user');
$sum = 0;
foreach ($trans[$pid] as $i => $t) {
$sum += $t['amount'];
$trans[$pid][$i]['amount'] = $t['amount'];
}
$trans[$pid][] = array('limit' => true, 'amount' => $sum);
}
$res = XDB::iterRow("SELECT e.eid, e.short_name, e.intitule, ep.nb, ei.montant, ep.paid\n FROM group_events AS e\n LEFT JOIN group_event_participants AS ep ON (ep.eid = e.eid AND ep.uid = {?})\n INNER JOIN group_event_items AS ei ON (ep.eid = ei.eid AND ep.item_id = ei.item_id)\n WHERE e.paiement_id = {?}", S::v('uid'), $pid);
$event[$pid] = array();
$event[$pid]['paid'] = 0;
if ($res->total()) {
$event[$pid]['topay'] = 0;
while (list($eid, $shortname, $title, $nb, $montant, $paid) = $res->next()) {
$event[$pid]['topay'] += $nb * $montant;
$event[$pid]['eid'] = $eid;
$event[$pid]['shortname'] = $shortname;
$event[$pid]['title'] = $title;
$event[$pid]['ins'] = !is_null($nb);
$event[$pid]['paid'] = $paid;
}
}
$res = XDB::query('SELECT SUM(amount) AS sum_amount
FROM payment_transactions
WHERE ref = {?} AND uid = {?}', $pid, S::v('uid'));
$event[$pid]['paid'] = $res->fetchOneCell();
}
$page->register_modifier('decode_comment', 'decode_comment');
$page->assign('trans', $trans);
$page->assign('event', $event);
}