RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix user seeing other users transactions

Browse Source 
Fixes #577
This commit is contained in:
Sebastian Grewe 2013-08-08 09:36:05 +02:00
parent 6767b5a235
commit 03da52117a
1 changed files with 12 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
public/include/classes/transaction.class.php
View File

@ -72,52 +72,50 @@ class Transaction extends Base {
FROM $this->table AS t FROM $this->table AS t
LEFT JOIN " . $this->block->getTableName() . " AS b ON t.block_id = b.id LEFT JOIN " . $this->block->getTableName() . " AS b ON t.block_id = b.id
LEFT JOIN " . $this->user->getTableName() . " AS a ON t.account_id = a.id"; LEFT JOIN " . $this->user->getTableName() . " AS a ON t.account_id = a.id";
if (!empty($account_id)) {
$sql .= " WHERE ( t.account_id = ? ) ";
$this->addParam('i', $account_id);
}
if (is_array($filter)) { if (is_array($filter)) {
$aFilter = array(); $aFilter = array();
foreach ($filter as $key => $value) { foreach ($filter as $key => $value) {
if (!empty($value)) { if (!empty($value)) {
switch ($key) { switch ($key) {
case 'type': case 'type':
$aFilter[] = "t.type = ?"; $aFilter[] = "( t.type = ? )";
$this->addParam('s', $value); $this->addParam('s', $value);
break; break;
case 'status': case 'status':
switch ($value) { switch ($value) {
case 'Confirmed': case 'Confirmed':
if (empty($filter['type']) || ($filter['type'] != 'Debit_AP' && $filter['type'] != 'Debit_MP' && $filter['type'] != 'TXFee' && $filter['type'] != 'Credit_PPS' && $filter['type'] != 'Fee_PPS' && $filter['type'] != 'Donation_PPS')) { if (empty($filter['type']) || ($filter['type'] != 'Debit_AP' && $filter['type'] != 'Debit_MP' && $filter['type'] != 'TXFee' && $filter['type'] != 'Credit_PPS' && $filter['type'] != 'Fee_PPS' && $filter['type'] != 'Donation_PPS')) {
$aFilter[] = "b.confirmations >= " . $this->config['confirmations'] . " OR ISNULL(b.confirmations)"; $aFilter[] = "( b.confirmations >= " . $this->config['confirmations'] . " OR ISNULL(b.confirmations) )";
} }
break; break;
case 'Unconfirmed': case 'Unconfirmed':
$aFilter[] = "b.confirmations < " . $this->config['confirmations'] . " AND b.confirmations >= 0"; $aFilter[] = "( b.confirmations < " . $this->config['confirmations'] . " AND b.confirmations >= 0 )";
break; break;
case 'Orphan': case 'Orphan':
$aFilter[] = "b.confirmations = -1"; $aFilter[] = "( b.confirmations = -1 )";
break; break;
} }
break; break;
case 'account': case 'account':
$aFilter[] = "LOWER(a.username) = LOWER(?)"; $aFilter[] = "( LOWER(a.username) = LOWER(?) )";
$this->addParam('s', $value); $this->addParam('s', $value);
break; break;
case 'address': case 'address':
$aFilter[] = "t.coin_address = ?"; $aFilter[] = "( t.coin_address = ? )";
$this->addParam('s', $value); $this->addParam('s', $value);
break; break;
} }
} }
} }
if (!empty($aFilter)) { if (!empty($aFilter)) {
$sql .= " WHERE " . implode(' AND ', $aFilter); empty($account_id) ? $sql .= " WHERE " : $sql .= " AND ";
$sql .= implode(' AND ', $aFilter);
} }
} }
if (is_int($account_id) && empty($aFilter)) {
$sql .= " WHERE a.id = ?";
$this->addParam('i', $account_id);
} else if (is_int($account_id)) {
$sql .= " AND a.id = ?";
$this->addParam('i', $account_id);
}
$sql .= " $sql .= "
ORDER BY id DESC ORDER BY id DESC
LIMIT ?,? LIMIT ?,?