X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=invoice_send.php;h=20c3c187015285a157d43cd76c4a95264a42944c;hb=e0ec0364d761e2dff5a7c0032f04ec1dbae50980;hp=ee333a622487efdc83d26fd5ccd8e7628e5589eb;hpb=8ccdc0ed79c1703162607702c6846d2c76a7a755;p=timetracker.git diff --git a/invoice_send.php b/invoice_send.php index ee333a62..20c3c187 100644 --- a/invoice_send.php +++ b/invoice_send.php @@ -31,19 +31,24 @@ import('form.Form'); import('ttInvoiceHelper'); import('ttSysConfig'); -// Access check. -if (!ttAccessAllowed('manage_invoices') || !$user->isPluginEnabled('iv')) { +// Access checks. +if (!(ttAccessAllowed('manage_invoices') || ttAccessAllowed('view_own_invoices'))) { header('Location: access_denied.php'); exit(); } - +if (!$user->isPluginEnabled('iv')) { + header('Location: feature_disabled.php'); + exit(); +} $cl_invoice_id = (int)$request->getParameter('id'); -$invoice = ttInvoiceHelper::getInvoice($cl_invoice_id); -$sc = new ttSysConfig($user->id); +$invoice = ttInvoiceHelper::getInvoice($cl_invoice_id); +if (!$invoice) { + header('Location: access_denied.php'); + exit(); +} +// End of access checks. -// Security check. -if (!$cl_invoice_id || !$invoice) - die ($i18n->getKey('error.sys')); +$sc = new ttSysConfig($user->id); if ($request->isPost()) { $cl_receiver = trim($request->getParameter('receiver')); @@ -53,7 +58,7 @@ if ($request->isPost()) { } else { $cl_receiver = $sc->getValue(SYSC_LAST_INVOICE_EMAIL); $cl_cc = $sc->getValue(SYSC_LAST_INVOICE_CC); - $cl_subject = $i18n->getKey('title.invoice').' '.$invoice['name'].', '.$user->team; + $cl_subject = $i18n->get('title.invoice').' '.$invoice['name'].', '.$user->team; } $form = new Form('mailForm'); @@ -62,14 +67,14 @@ $form->addInput(array('type'=>'text','name'=>'receiver','style'=>'width: 300px;' $form->addInput(array('type'=>'text','name'=>'cc','style'=>'width: 300px;','value'=>$cl_cc)); $form->addInput(array('type'=>'text','name'=>'subject','style'=>'width: 300px;','value'=>$cl_subject)); $form->addInput(array('type'=>'textarea','name'=>'comment','maxlength'=>'250','style'=>'width: 300px; height: 60px;')); -$form->addInput(array('type'=>'submit','name'=>'btn_send','value'=>$i18n->getKey('button.send'))); +$form->addInput(array('type'=>'submit','name'=>'btn_send','value'=>$i18n->get('button.send'))); if ($request->isPost()) { // Validate user input. - if (!ttValidEmailList($cl_receiver)) $err->add($i18n->getKey('error.field'), $i18n->getKey('form.mail.to')); - if (!ttValidEmailList($cl_cc, true)) $err->add($i18n->getKey('error.field'), $i18n->getKey('label.cc')); - if (!ttValidString($cl_subject)) $err->add($i18n->getKey('error.field'), $i18n->getKey('label.subject')); - if (!ttValidString($cl_comment, true)) $err->add($i18n->getKey('error.field'), $i18n->getKey('label.comment')); + if (!ttValidEmailList($cl_receiver)) $err->add($i18n->get('error.field'), $i18n->get('form.mail.to')); + if (!ttValidEmailList($cl_cc, true)) $err->add($i18n->get('error.field'), $i18n->get('label.cc')); + if (!ttValidString($cl_subject)) $err->add($i18n->get('error.field'), $i18n->get('label.subject')); + if (!ttValidString($cl_comment, true)) $err->add($i18n->get('error.field'), $i18n->get('label.comment')); if ($err->no()) { // Save last invoice emails for future use. @@ -90,9 +95,9 @@ if ($request->isPost()) { $mailer->setReceiverBCC($user->bcc_email); $mailer->setMailMode(MAIL_MODE); if ($mailer->send($cl_subject, $body)) - $msg->add($i18n->getKey('form.mail.invoice_sent')); + $msg->add($i18n->get('form.mail.invoice_sent')); else - $err->add($i18n->getKey('error.mail_send')); + $err->add($i18n->get('error.mail_send')); } } // isPost @@ -106,7 +111,7 @@ if (function_exists('imap_mime_header_decode')) { } } -$smarty->assign('title', $i18n->getKey('title.send_invoice')); +$smarty->assign('title', $i18n->get('title.send_invoice')); $smarty->assign('forms', array($form->getName()=>$form->toArray())); $smarty->assign('onload', 'onLoad="document.mailForm.'.($cl_receiver?'comment':'receiver').'.focus()"'); $smarty->assign('content_page_name', 'mail.tpl');