X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=expenses.php;h=e1eaeddae4cd14503a07f53396e455eb75a357ed;hb=ce2df23479c88d1bc9db04a68164af3feb6346e1;hp=eb11e73a3b74300d9dddbfa6d347dc7ca7c947d2;hpb=7b6cfb2cceac61a6e899590ac8ac9fa8cb326c6a;p=timetracker.git

diff --git a/expenses.php b/expenses.php
index eb11e73a..e1eaedda 100644
--- a/expenses.php
+++ b/expenses.php
@@ -31,6 +31,7 @@ import('form.Form');
 import('ttUserHelper');
 import('ttGroupHelper');
 import('DateAndTime');
+import('ttTimeHelper');
 import('ttExpenseHelper');
 
 // Access checks.
@@ -42,6 +43,10 @@ if (!$user->isPluginEnabled('ex')) {
   header('Location: feature_disabled.php');
   exit();
 }
+if (!$user->exists()) {
+  header('Location: access_denied.php'); // Nobody to enter expenses for.
+  exit();
+}
 if ($user->behalf_id && (!$user->can('track_expenses') || !$user->checkBehalfId())) {
   header('Location: access_denied.php'); // Trying on behalf, but no right or wrong user.
   exit();
@@ -65,9 +70,6 @@ if ($request->isPost() && $userChanged) {
   $user->setOnBehalfUser($user_id);
 } else {
   $user_id = $user->getUser();
-  // Handle a situation for no users in on behalf group.
-  if ($user->behalfGroup && $user_id == $user->id)
-    $user_id = null;
 }
 
 // Initialize and store date in session.
@@ -201,6 +203,7 @@ if ($request->isPost()) {
       if ($selected_date->after($browser_today))
         $err->add($i18n->get('error.future_date'));
     }
+    if (!ttTimeHelper::canAdd()) $err->add($i18n->get('error.expired'));
     // Finished validating input data.
 
     // Prohibit creating entries in locked range.