1
0
mirror of https://gitlab.com/animath/si/plateforme.git synced 2025-01-26 09:01:51 +00:00
Yohann D'ANELLO 2ee1c75d0c Sécurité
2020-01-22 22:18:55 +01:00

83 lines
2.9 KiB
PHP

<?php
if (!isset($_SESSION["user_id"]) || ($_SESSION["role"] != Role::PARTICIPANT && $_SESSION["role"] != Role::ENCADRANT))
require_once "server_files/403.php";
/**
* @var User $user
* @var Team $team
* @var Tournament $tournament
*/
$user = $_SESSION["user"];
$team = $_SESSION["team"];
$tournament = $team->getEffectiveTournament();
$payment = $user->getPayment();
if ($team->getValidationStatus() != ValidationStatus::VALIDATED)
require_once "server_files/403.php";
if (isset($_POST["pay"])) {
$pay = new Pay($_POST);
try {
$pay->makeVerifications();
$pay->submit();
}
catch (AssertionError $e) {
$has_error = true;
$error_message = $e->getMessage();
}
}
class Pay {
private $method;
private $infos;
private $scholarship;
public function __construct($data)
{
foreach ($data as $key => $value)
$this->$key = htmlspecialchars($value);
$this->method = PaymentMethod::fromName(strtoupper($this->method));
$this->scholarship = $_FILES["scholarship"];
}
public function makeVerifications()
{
global $payment;
ensure($payment->getValidationStatus() == ValidationStatus::NOT_READY, "Un paiement est déjà initié.");
ensure($this->method != PaymentMethod::NOT_PAID, "Vous n'avez pas payé.");
ensure($this->method == PaymentMethod::SCHOLARSHIP || ($this->infos != null && strlen($this->infos) > 0), "Merci d'indiquer des informations pour retrouver votre paiement.");
ensure($this->method != PaymentMethod::SCHOLARSHIP || ($this->scholarship != null && !$this->scholarship["error"]), "Si vous êtes boursier, vous devez indiquer votre notifcation de bourse (une erreur est survenue).");
}
public function submit()
{
global $DB, $LOCAL_PATH, $payment, $user, $team, $tournament;
$payment->setMethod($this->method);
$payment->setAmount($this->method == PaymentMethod::SCHOLARSHIP ? 0 : $tournament->getPrice());
$payment->setValidationStatus(ValidationStatus::WAITING);
if ($this->method == PaymentMethod::SCHOLARSHIP) {
do
$id = genRandomPhrase(64);
while (file_exists("$LOCAL_PATH/files/$id"));
if (!rename($this->scholarship["tmp_name"], "$LOCAL_PATH/files/$id"))
throw new AssertionError("Une erreur est survenue lors de l'envoi du fichier.");
$req = $DB->prepare("INSERT INTO `documents`(`file_id`, `user`, `team`, `tournament`, `type`)
VALUES (?, ?, ?, ?, ?);");
$req->execute([$id, $_SESSION["user_id"], $_SESSION["team"]->getId(), $tournament->getId(), DocumentType::getName(DocumentType::SCHOLARSHIP)]);
$payment->setTransactionInfos($id);
}
else
$payment->setTransactionInfos($this->infos);
Mailer::requestPaymentValidation($user, $team, $tournament, $payment);
}
}
require_once "server_files/views/paiement.php";