diff options
Diffstat (limited to 'api/rapprochement_gestion_compta.php')
-rw-r--r-- | api/rapprochement_gestion_compta.php | 113 |
1 files changed, 113 insertions, 0 deletions
diff --git a/api/rapprochement_gestion_compta.php b/api/rapprochement_gestion_compta.php new file mode 100644 index 0000000..9a99844 --- /dev/null +++ b/api/rapprochement_gestion_compta.php @@ -0,0 +1,113 @@ +<?php +/** + * Copyright 2017 Ludovic Pouzenc <ludovic@pouzenc.fr> + * + * This file is part of CHD Gestion. + * + * CHD Gestion is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * CHD Gestion is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with CHD Gestion. If not, see <http://www.gnu.org/licenses/>. + **/ + +// Undefined | Multiple Files | $_FILES Corruption Attack +// If this request falls under any of them, treat it invalid. +if ( !isset($_FILES['upfile']['error']) || is_array($_FILES['upfile']['error']) ) { +?> +<!DOCTYPE html> +<html> +<body> +<form method="post" enctype="multipart/form-data"> + Envoi de l'export CSV de l'échéancier Crédit Coop<br> + <input type="file" name="upfile" id="upfile"><br> + <input type="submit" name="submit"> +</form> +</body> +</html> +<?php + exit(); +} + +header('Content-Type: text/plain; charset=utf-8'); +include_once('inc/config.php'); +$mysqli = new mysqli($db_config['host'], $db_config['username'], $db_config['password'], $db_config['database']); +if (mysqli_connect_errno()) { + die(mysqli_connect_error()); +} +unset($db_config); +$mysqli->set_charset("utf8") or die($mysqli->error); + +// Check $_FILES['upfile']['error'] value. +switch ($_FILES['upfile']['error']) { + case UPLOAD_ERR_OK: + break; + case UPLOAD_ERR_NO_FILE: + die('No file sent.'); + case UPLOAD_ERR_INI_SIZE: + case UPLOAD_ERR_FORM_SIZE: + die('Exceeded filesize limit.'); + default: + die('Unknown errors.'); +} + +// You should also check filesize here. +if ($_FILES['upfile']['size'] > 1000000) { + die('Exceeded filesize limit.'); +} + +// DO NOT TRUST $_FILES['upfile']['mime'] VALUE !! +// Check MIME Type by yourself. +$finfo = finfo_open(FILEINFO_MIME_TYPE); +$mtype = finfo_file($finfo, $_FILES['upfile']['tmp_name']); +if ( $mtype !== 'text/plain' ) { + die('Invalid file format.'.$mtype); +} + +$fhcsv = fopen($_FILES['upfile']['tmp_name'], "r") or die('Can\'t read CSV'); +$headers = fgetcsv($fhcsv, 1200, ";"); +if ( $headers === FALSE ) { + die('Can\'t read CSV headers'); +} +$numcol = count($headers); +echo "CSV $numcol colonnes\n"; + + +$res = $mysqli->query("SELECT * FROM v_rapprochement_compta WHERE actif2016='oui'"); +if ( $res === FALSE ) { + die("Wrong query"); +} +$sqldata = array(); +$sqlidx_adt_svctype = array(); +$row = 0; +while ( ($data = $res->fetch_assoc()) !== NULL ) { + $row++; + $sqldata[$row] = $data; + $k = $data['adt'] . '_' . ($data['service_type']==='Adhésion'?'adh':'abo'); + if ( !isset($sqlidx_adt_svctype[$k])) { + $sqlidx_adt_svctype[$k] = array(); + } + $sqlidx_adt_svctype[$k][] = $row; +} +//print_r($sqlidx_adt_svctype); +echo "SQL " . ($row) . " lignes\n"; + +$row = 1; +while (($data = fgetcsv($fhcsv, 1200, ";")) !== FALSE ) { + $row++; + if ( count($data) !== $numcol ) { + echo "CSV skipping line $row : bad col count\n"; + continue; + } + // +} +fclose($fhcsv); +echo "CSV " . ($row-1) . " lignes\n"; + |