/** * Displays a given invoice number $invoiceNo of $user * * @param int $invoiceNo * @param UserTable $user * @return string */ protected function showInvoice( $invoiceNo, $user ) { global $_CB_database, $_CB_framework; $return = ''; $params = $this->params; $showInvoices = $params->get( 'show_invoices', 1 ); if ( $showInvoices ) { $invoiceNo = (int) $invoiceNo; if ( $invoiceNo ) { $basket = new cbpaidPaymentBasket( $_CB_database ); if ( ( $basket->load( (int) $invoiceNo ) ) && ( $user->id == $basket->user_id ) ) { $ok = false; $myId = $_CB_framework->myId(); if ( $myId == 0 ) { $ck = $this->base->_getReqParam( 'invoicecheck' ); if ( $ck && ( $ck == $basket->checkHashInvoice( $ck ) ) ) { $ok = true; } } elseif ( $user->id == $myId ) { $ok = true; } elseif ( cbpaidApp::authoriseAction( 'cbsubs.sales' ) || cbpaidApp::authoriseAction( 'cbsubs.financial' ) ) { $ok = true; } if ( $ok ) { $itsmyself = ( $_CB_framework->myId() == $user->id ); $return .= $basket->displayInvoice( $user, $itsmyself ); } else { $return .= '<div class="error">' . CBPTXT::Th("You need to be logged in to view your private information.") . '</div>' ; } } else { $this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") ); } } else { $this->base->_setErrorMSG( CBPTXT::T("Not authorized action") ); } } else { $this->base->_setErrorMSG( CBPTXT::T("Not authorized action") ); } return $return; }