securekey added to newpayment page, correction in the invoice line created

2021-04-21 14:19:07 +02:00 · 2021-04-21 14:19:07 +02:00 · 9809179aa4
commit 9809179aa4
parent 780b3f4714
3 changed files with 17 additions and 3 deletions
--- a/htdocs/langs/en_US/eventorganization.lang
+++ b/htdocs/langs/en_US/eventorganization.lang
@ -107,7 +107,7 @@ MissingOrBadSecureKey = The security key is invalid or missing
 EvntOrgWelcomeMessage = This form allows you to register as a new participant to the conference 
 EvntOrgStartDuration = This conference starts on 
 EvntOrgEndDuration =  and ends on
-ConferenceAttendeeFee = Conference attendee fee
+ConferenceAttendeeFee = Conference attendee fee for the event : '%s' occurring from %s to %s
 #
 # SubscriptionOk page
 #
--- a/htdocs/public/eventorganization/attendee_subscription.php
+++ b/htdocs/public/eventorganization/attendee_subscription.php
@ -334,14 +334,25 @@ if (empty($reshook) && $action == 'add') {
 			if (!$error) {
 				// Add line to draft invoice
 				$vattouse = get_default_tva($mysoc, $thirdparty, $productforinvoicerow->id);
-				$result = $facture->addline($langs->trans("ConferenceAttendeeFee").' for the event : \''.$conference->label.'\' occuring from '.dol_print_date($conference->datep, '%d/%m/%y %H:%M:%S').' to '.dol_print_date($conference->datep2, '%d/%m/%y %H:%M:%S'), floatval($project->price_registration), 1, $vattouse, 0, 0, $productforinvoicerow->id, 0, dol_now(), '', 0, 0, '', 'HT', 0, 1);
+				$result = $facture->addline($langs->trans("ConferenceAttendeeFee", $conference->label, dol_print_date($conference->datep, '%d/%m/%y %H:%M:%S'), dol_print_date($conference->datep2, '%d/%m/%y %H:%M:%S')), floatval($project->price_registration), 1, $vattouse, 0, 0, $productforinvoicerow->id, 0, dol_now(), '', 0, 0, '', 'HT', 0, 1);
 				if ($result <= 0) {
 					$confattendee->error = $facture->error;
 					$confattendee->errors = $facture->errors;
 					$error++;
 				}
 				if (!$error) {
-					$redirection = $dolibarr_main_url_root.'/public/payment/newpayment.php?source=conferencesubscription&ref='.dol_encode($facture->id, $dolibarr_main_instance_unique_id);
+					$valid = true;
+					$sourcetouse = 'conferencesubscription';
+					$reftouse = dol_encode($facture->id, $dolibarr_main_instance_unique_id);
+					$redirection = $dolibarr_main_url_root.'/public/payment/newpayment.php?source='.$sourcetouse.'&ref='.$reftouse;
+					if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) {
+						if (!empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) {
+							$redirection .= '&securekey='.dol_hash($conf->global->PAYMENT_SECURITY_TOKEN . $sourcetouse . $reftouse, 2); // Use the source in the hash to avoid duplicates if the references are identical
+
+						} else {
+							$redirection .= '&securekey='.$conf->global->PAYMENT_SECURITY_TOKEN;
+						}
+					}
 					Header("Location: ".$redirection);
 					exit;
 				}
--- a/htdocs/public/payment/newpayment.php
+++ b/htdocs/public/payment/newpayment.php
@ -155,6 +155,7 @@ foreach ($_POST as $key => $val) {
 }


+
 // Define $urlwithroot
 //$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root));
 //$urlwithroot=$urlwithouturlroot.DOL_URL_ROOT;		// This is to use external domain name found into config file
@ -168,6 +169,7 @@ $ref = $REF = GETPOST('ref', 'alpha');
 $TAG = GETPOST("tag", 'alpha');
 $FULLTAG = GETPOST("fulltag", 'alpha'); // fulltag is tag with more informations
 $SECUREKEY = GETPOST("securekey"); // Secure key
+
 if ($paymentmethod && !preg_match('/'.preg_quote('PM='.$paymentmethod, '/').'/', $FULLTAG)) {
 	$FULLTAG .= ($FULLTAG ? '.' : '').'PM='.$paymentmethod;
 }
@ -262,6 +264,7 @@ if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) {
 	} else {
 		$token = $conf->global->PAYMENT_SECURITY_TOKEN;
 	}
+
 	if ($SECUREKEY != $token) {
 		if (empty($conf->global->PAYMENT_SECURITY_ACCEPT_ANY_TOKEN)) {
 			$valid = false; // PAYMENT_SECURITY_ACCEPT_ANY_TOKEN is for backward compatibility