Hezčí tabulka

[mirrors/SokoMan.git] / assistants / bank.inc.php

diff --git a/assistants/bank.inc.php b/assistants/bank.inc.php
index 4c64d0d4e9dad310ad87130eb27f49633aab067f..06a01557d154c4d7ade7f3a8a7e5eb904db84e19 100644 (file)
--- a/assistants/bank.inc.php
+++ b/assistants/bank.inc.php
@@ -9,6 +9,7 @@ function bank_transaction($ctx, $from, $to, $comment, $amount=0) {
        $author=$ctx->db->quote($ctx->db->auth->get_user_id());
        $from=$ctx->db->quote(bank_name($from));
        $to=$ctx->db->quote(bank_name($to));
+       $amount=$ctx->db->quote($amount);
 
        $comment=trim($comment);
        if(strlen($comment)<4) die("Komentář musí mít alespoň 4 znaky!");
@@ -33,6 +34,7 @@ if(isset($_POST['create_account'])) {
        $this->post_redirect_get("$URL_INTERNAL","Účet byl vytvořen");
 }
 if(isset($_POST['transaction'])) {
+       if(!is_numeric($_POST['amount']) || $_POST['amount'] < 0) $this->post_redirect_get("$URL_INTERNAL","Lze převádět jen kladné částky", true);
        bank_transaction($this, $_POST['account_from'], $_POST['account_to'], $_POST['comment'], $_POST['amount']);
        $this->post_redirect_get("$URL_INTERNAL","Transakce byla provedena"); //TODO redirect na account_from
 }
@@ -76,6 +78,7 @@ switch($SUBPATH[0]) {
                        echo("$deposits-$withdrawals $bank_currency");
            $result = $this->db->safe_query_fetch("SELECT * FROM `bank` WHERE `bank_to`=$account_sql OR `bank_from`=$account_sql ORDER BY bank_time DESC;");
                }
+               $this->html->table_hide_columns($result, 'bank');
          echo $this->html->render_item_table($result);