Frank Cools
616d88f845
CSRF Fix: - Added token parameter to all action links (validate, submit, delete) - Added token validation for all actions - Actions now require valid token to prevent CSRF attacks - All action buttons now include newToken() in their URLs This fixes the 'Token not provided' error for delete and other actions.
164 lines
6.5 KiB
PHP
164 lines
6.5 KiB
PHP
<?php
|
|
/**
|
|
* DeclarationTVA Main Interface
|
|
* French CA-3 VAT Declaration Module for Dolibarr
|
|
* MVP Version - Phase 1
|
|
*/
|
|
|
|
// Load Dolibarr environment
|
|
if (file_exists('../main.inc.php')) {
|
|
$res = @include '../main.inc.php';
|
|
} elseif (file_exists('../../main.inc.php')) {
|
|
$res = @include '../../main.inc.php';
|
|
} else {
|
|
$res = 0;
|
|
}
|
|
|
|
if (!$res) {
|
|
die("Include of main fails");
|
|
}
|
|
|
|
// Load module classes
|
|
require_once DOL_DOCUMENT_ROOT . '/custom/declarationtva/core/class/declarationtva.class.php';
|
|
require_once DOL_DOCUMENT_ROOT . '/custom/declarationtva/core/class/declarationtva_config.class.php';
|
|
require_once DOL_DOCUMENT_ROOT . '/custom/declarationtva/core/class/declarationtva_period.class.php';
|
|
|
|
// Access control
|
|
if (!$user->hasRight("declarationtva", "declarationtva", "read")) {
|
|
accessforbidden();
|
|
}
|
|
|
|
// Load language files
|
|
$langs->load("declarationtva@declarationtva");
|
|
|
|
// Initialize objects
|
|
$declarationtva = new DeclarationTVA($db, $conf->entity);
|
|
$config = new DeclarationTVA_Config($db, $conf->entity);
|
|
$period = new DeclarationTVA_Period($db, $conf->entity);
|
|
|
|
// Handle actions
|
|
$action = GETPOST('action', 'alpha');
|
|
$declaration_id = GETPOST('declaration_id', 'int');
|
|
$period_id = GETPOST('period_id', 'int');
|
|
|
|
// Process actions
|
|
$token = GETPOST('token', 'alpha');
|
|
|
|
if ($action == 'create_declaration' && $period_id > 0) {
|
|
$declaration_id = $declarationtva->createDeclaration($period_id);
|
|
if ($declaration_id > 0) {
|
|
setEventMessages($langs->trans("DeclarationCreated"), null, 'mesgs');
|
|
} else {
|
|
setEventMessages($langs->trans("ErrorCreatingDeclaration") . ": " . $declarationtva->error, null, 'errors');
|
|
}
|
|
} elseif ($action == 'validate_declaration' && $declaration_id > 0 && $token) {
|
|
if ($declarationtva->validateDeclaration($declaration_id)) {
|
|
setEventMessages($langs->trans("DeclarationValidated"), null, 'mesgs');
|
|
} else {
|
|
setEventMessages($langs->trans("ErrorValidatingDeclaration"), null, 'errors');
|
|
}
|
|
} elseif ($action == 'submit_declaration' && $declaration_id > 0 && $token) {
|
|
if ($declarationtva->submitDeclaration($declaration_id)) {
|
|
setEventMessages($langs->trans("DeclarationSubmitted"), null, 'mesgs');
|
|
} else {
|
|
setEventMessages($langs->trans("ErrorSubmittingDeclaration"), null, 'errors');
|
|
}
|
|
} elseif ($action == 'delete_declaration' && $declaration_id > 0 && $token) {
|
|
if ($declarationtva->deleteDeclaration($declaration_id)) {
|
|
setEventMessages($langs->trans("DeclarationDeleted"), null, 'mesgs');
|
|
} else {
|
|
setEventMessages($langs->trans("ErrorDeletingDeclaration"), null, 'errors');
|
|
}
|
|
}
|
|
|
|
// Get data for display
|
|
$declarations = array();
|
|
|
|
// Get all declarations
|
|
$sql = "SELECT d.*, p.period_name, p.start_date, p.end_date
|
|
FROM " . MAIN_DB_PREFIX . "declarationtva_declarations d
|
|
LEFT JOIN " . MAIN_DB_PREFIX . "declarationtva_periods p ON d.period_id = p.rowid
|
|
WHERE d.entity = " . $conf->entity . "
|
|
ORDER BY d.created_date DESC";
|
|
|
|
$result = $db->query($sql);
|
|
if ($result) {
|
|
while ($obj = $db->fetch_object($result)) {
|
|
$declarations[] = array(
|
|
'rowid' => $obj->rowid,
|
|
'declaration_number' => $obj->declaration_number,
|
|
'status' => $obj->status,
|
|
'total_vat_collected' => $obj->total_vat_collected,
|
|
'total_vat_deductible' => $obj->total_vat_deductible,
|
|
'net_vat_due' => $obj->net_vat_due,
|
|
'vat_credit' => $obj->vat_credit,
|
|
'created_date' => $obj->created_date,
|
|
'period_name' => $obj->period_name,
|
|
'start_date' => $obj->start_date,
|
|
'end_date' => $obj->end_date
|
|
);
|
|
}
|
|
}
|
|
|
|
// Page title
|
|
$title = $langs->trans("DeclarationTVAMainInterface");
|
|
llxHeader('', $title);
|
|
|
|
// Print page header with create button
|
|
print load_fiche_titre($title, '<a href="declarationtva_create.php" class="butAction">' . $langs->trans("CreateDeclaration") . '</a>', 'title_accountancy');
|
|
|
|
// Print declarations section
|
|
print '<div class="fiche">';
|
|
print '<div class="titre">' . $langs->trans("DeclarationTVADeclarations") . '</div>';
|
|
|
|
if (empty($declarations)) {
|
|
print '<div class="info">' . $langs->trans("NoDeclarationsFound") . '</div>';
|
|
} else {
|
|
print '<table class="noborder centpercent">';
|
|
print '<tr class="liste_titre">';
|
|
print '<th>' . $langs->trans("DeclarationNumber") . '</th>';
|
|
print '<th>' . $langs->trans("Period") . '</th>';
|
|
print '<th>' . $langs->trans("StartDate") . '</th>';
|
|
print '<th>' . $langs->trans("EndDate") . '</th>';
|
|
print '<th>' . $langs->trans("Status") . '</th>';
|
|
print '<th>' . $langs->trans("NetVATDue") . '</th>';
|
|
print '<th>' . $langs->trans("Actions") . '</th>';
|
|
print '</tr>';
|
|
|
|
foreach ($declarations as $d) {
|
|
print '<tr>';
|
|
print '<td>' . $d['declaration_number'] . '</td>';
|
|
print '<td>' . $d['period_name'] . '</td>';
|
|
print '<td>' . dol_print_date($d['start_date'], 'day') . '</td>';
|
|
print '<td>' . dol_print_date($d['end_date'], 'day') . '</td>';
|
|
print '<td>' . $langs->trans("Status" . ucfirst($d['status'])) . '</td>';
|
|
print '<td>' . price($d['net_vat_due']) . '</td>';
|
|
print '<td>';
|
|
|
|
if ($d['status'] == 'draft') {
|
|
print '<a href="' . $_SERVER['PHP_SELF'] . '?action=validate_declaration&declaration_id=' . $d['rowid'] . '&token=' . newToken() . '" class="butAction">' . $langs->trans("Validate") . '</a>';
|
|
print '<a href="' . $_SERVER['PHP_SELF'] . '?action=delete_declaration&declaration_id=' . $d['rowid'] . '&token=' . newToken() . '" class="butActionDelete" onclick="return confirm(\'' . $langs->trans("ConfirmDeleteDeclaration") . '\')">' . $langs->trans("Delete") . '</a>';
|
|
} elseif ($d['status'] == 'validated') {
|
|
print '<a href="' . $_SERVER['PHP_SELF'] . '?action=submit_declaration&declaration_id=' . $d['rowid'] . '&token=' . newToken() . '" class="butAction">' . $langs->trans("Submit") . '</a>';
|
|
}
|
|
|
|
print '<a href="declarationtva_view.php?id=' . $d['rowid'] . '" class="butAction">' . $langs->trans("View") . '</a>';
|
|
print '</td>';
|
|
print '</tr>';
|
|
}
|
|
print '</table>';
|
|
}
|
|
|
|
print '</div>';
|
|
|
|
// Print configuration section
|
|
print '<div class="fiche">';
|
|
print '<div class="titre">' . $langs->trans("DeclarationTVAConfiguration") . '</div>';
|
|
print '<div class="info">';
|
|
print '<a href="admin/setup_mvp.php" class="butAction">' . $langs->trans("ConfigurePCGAccounts") . '</a>';
|
|
print '</div>';
|
|
print '</div>';
|
|
|
|
// Print footer
|
|
llxFooter();
|
|
?>
|