1<?php
2# MantisBT - A PHP based bugtracking system
3
4# MantisBT is free software: you can redistribute it and/or modify
5# it under the terms of the GNU General Public License as published by
6# the Free Software Foundation, either version 2 of the License, or
7# (at your option) any later version.
8#
9# MantisBT is distributed in the hope that it will be useful,
10# but WITHOUT ANY WARRANTY; without even the implied warranty of
11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12# GNU General Public License for more details.
13#
14# You should have received a copy of the GNU General Public License
15# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
16
17/**
18 * This page updates a user's sponsorships
19 * If an account is protected then changes are forbidden
20 * The page gets redirected back to account_page.php
21 *
22 * @package MantisBT
23 * @copyright Copyright 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
24 * @copyright Copyright 2002  MantisBT Team - mantisbt-dev@lists.sourceforge.net
25 * @link http://www.mantisbt.org
26 *
27 * @uses core.php
28 * @uses access_api.php
29 * @uses authentication_api.php
30 * @uses bug_api.php
31 * @uses config_api.php
32 * @uses form_api.php
33 * @uses gpc_api.php
34 * @uses html_api.php
35 * @uses lang_api.php
36 * @uses print_api.php
37 * @uses sponsorship_api.php
38 */
39
40require_once( 'core.php' );
41require_api( 'access_api.php' );
42require_api( 'authentication_api.php' );
43require_api( 'bug_api.php' );
44require_api( 'config_api.php' );
45require_api( 'form_api.php' );
46require_api( 'gpc_api.php' );
47require_api( 'html_api.php' );
48require_api( 'lang_api.php' );
49require_api( 'print_api.php' );
50require_api( 'sponsorship_api.php' );
51
52if( !config_get( 'enable_sponsorship' ) ) {
53	trigger_error( ERROR_SPONSORSHIP_NOT_ENABLED, ERROR );
54}
55
56form_security_validate( 'account_sponsor_update' );
57
58auth_ensure_user_authenticated();
59
60$f_bug_list = gpc_get_string( 'buglist', '' );
61$t_bug_list = explode( ',', $f_bug_list );
62
63foreach( $t_bug_list as $t_bug ) {
64	list( $t_bug_id, $t_sponsor_id ) = explode( ':', $t_bug );
65	$c_bug_id = (int)$t_bug_id;
66
67	bug_ensure_exists( $c_bug_id ); # dies if bug doesn't exist
68
69	access_ensure_bug_level( config_get( 'handle_sponsored_bugs_threshold' ), $c_bug_id ); # dies if user can't handle bug
70
71	$t_bug = bug_get( $c_bug_id );
72	$t_sponsor = sponsorship_get( (int)$t_sponsor_id );
73
74	$t_new_payment = gpc_get_int( 'sponsor_' . $c_bug_id . '_' . $t_sponsor->id, $t_sponsor->paid );
75	if( $t_new_payment != $t_sponsor->paid ) {
76		sponsorship_update_paid( $t_sponsor_id, $t_new_payment );
77	}
78}
79
80form_security_purge( 'account_sponsor_update' );
81
82$t_redirect_url = 'account_sponsor_page.php';
83layout_page_header( null, $t_redirect_url );
84
85layout_page_begin();
86
87html_operation_successful( $t_redirect_url, lang_get( 'payment_updated' ) );
88
89layout_page_end();
90