frank/DeclarationTVA
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
480d3c5deb
DeclarationTVA/declarationtva_create.php
Frank Cools 480d3c5deb Fix CSRF token validation function 
Security Fix:
- Changed checkToken() to dolibarr_checkToken()
- Uses the correct Dolibarr CSRF protection function
- Fixes 'Call to undefined function checkToken()' error

The form should now work properly with CSRF protection.
2025-10-02 18:16:07 +02:00

137 lines
4.3 KiB
PHP
Raw Blame History

<?php
/**
* DeclarationTVA Create Declaration
* French CA-3 VAT Declaration Module for Dolibarr
* MVP Version - Phase 1
*/
// Load Dolibarr environment
if (file_exists('../main.inc.php')) {
$res = @include '../main.inc.php';
} elseif (file_exists('../../main.inc.php')) {
$res = @include '../../main.inc.php';
} else {
$res = 0;
}
if (!$res) {
die("Include of main fails");
}
// Load module classes
require_once DOL_DOCUMENT_ROOT . '/custom/declarationtva/core/class/declarationtva.class.php';
require_once DOL_DOCUMENT_ROOT . '/custom/declarationtva/core/class/declarationtva_config.class.php';
require_once DOL_DOCUMENT_ROOT . '/custom/declarationtva/core/class/declarationtva_period.class.php';
// Access control
if (!$user->hasRight("declarationtva", "declarationtva", "write")) {
accessforbidden();
}
// Load language files
$langs->load("declarationtva@declarationtva");
// Initialize objects
$declarationtva = new DeclarationTVA($db, $conf->entity);
$config = new DeclarationTVA_Config($db, $conf->entity);
$period = new DeclarationTVA_Period($db, $conf->entity);
// Handle form submission
$action = GETPOST('action', 'alpha');
$declaration_name = GETPOST('declaration_name', 'alpha');
$start_date = GETPOST('start_date', 'alpha');
$end_date = GETPOST('end_date', 'alpha');
$error = '';
$success = '';
if ($action == 'create') {
// Check CSRF token
if (!dolibarr_checkToken()) {
$error = $langs->trans("ErrorCSRFToken");
} elseif (!empty($start_date) && !empty($end_date)) {
// Create the declaration with dates
$declaration_id = $declarationtva->createDeclarationWithDates($start_date, $end_date, $declaration_name);
if ($declaration_id > 0) {
$success = $langs->trans("DeclarationCreated");
// Redirect to view the created declaration
header("Location: declarationtva_view.php?id=" . $declaration_id);
exit;
} else {
$error = $langs->trans("ErrorCreatingDeclaration") . ": " . $declarationtva->error;
}
} else {
$error = $langs->trans("ErrorMissingDates");
}
}
// Page title
$title = $langs->trans("CreateDeclaration");
llxHeader('', $title);
// Print page header
print load_fiche_titre($title, '', 'title_accountancy');
// Display messages
if ($error) {
setEventMessages($error, null, 'errors');
}
if ($success) {
setEventMessages($success, null, 'mesgs');
}
// Print form
print '<div class="fiche">';
print '<div class="titre">' . $langs->trans("DeclarationDetails") . '</div>';
print '<form method="POST" action="' . $_SERVER['PHP_SELF'] . '">';
print '<input type="hidden" name="action" value="create">';
print '<input type="hidden" name="token" value="' . newToken() . '">';
print '<table class="noborder centpercent">';
// Date range (now mandatory and at the top)
print '<tr>';
print '<td class="fieldrequired">' . $langs->trans("SelectPeriod") . '</td>';
print '<td>';
print '<input type="date" name="start_date" class="flat" value="' . dol_escape_htmltag($start_date) . '" required>';
print ' - ';
print '<input type="date" name="end_date" class="flat" value="' . dol_escape_htmltag($end_date) . '" required>';
print '<br><small>' . $langs->trans("DateRangeHelp") . '</small>';
print '</td>';
print '</tr>';
// Declaration name
print '<tr>';
print '<td class="fieldrequired">' . $langs->trans("DeclarationName") . '</td>';
print '<td>';
print '<input type="text" name="declaration_name" class="flat" value="' . dol_escape_htmltag($declaration_name) . '" required>';
print '<br><small>' . $langs->trans("DeclarationNameHelp") . '</small>';
print '</td>';
print '</tr>';
print '</table>';
// Buttons
print '<div class="center">';
print '<input type="submit" class="button" value="' . $langs->trans("CreateDeclaration") . '">';
print '<a href="declarationtvaindex.php" class="button">' . $langs->trans("Cancel") . '</a>';
print '</div>';
print '</form>';
print '</div>';
// Print configuration section
print '<div class="fiche">';
print '<div class="titre">' . $langs->trans("DeclarationTVAConfiguration") . '</div>';
print '<div class="info">';
print $langs->trans("ConfigurationInfo") . ' ';
print '<a href="admin/setup_mvp.php" class="butAction">' . $langs->trans("ConfigurePCGAccounts") . '</a>';
print '</div>';
print '</div>';
// Print footer
llxFooter();
?>
Reference in New Issue View Git Blame Copy Permalink