admin/e-ticket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
efe7f75994dfb95904854b8615b636b2deeea61c
e-ticket/templates/order/success.html.twig
Serreau Jovann efe7f75994 Secure /ma-commande URLs with accessToken to prevent brute force 
- Add accessToken (32 hex chars) to BilletBuyer, generated at creation
- URLs now: /ma-commande/{orderNumber}/{token} and /ma-commande/{orderNumber}/{token}/billet/{ref}
- Both orderNumber AND token must match to access order page
- Token is random, unpredictable, unique per order
- Migration generates tokens for existing rows

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-21 16:48:24 +01:00

51 lines
2.9 KiB
Twig
Raw Blame History

{% extends 'base.html.twig' %}
{% block title %}{{ failed|default(false) ? 'Echec' : 'Confirmation' }} - E-Ticket{% endblock %}
{% block body %}
<div class="page-container">
<div class="max-w-xl mx-auto text-center">
<div class="card-brutal p-8">
{% if failed|default(false) %}
<div class="text-6xl mb-4 text-red-600">&#10007;</div>
<h1 class="text-3xl font-black uppercase tracking-tighter italic heading-page mb-4">Paiement echoue</h1>
<p class="font-bold text-gray-600 mb-6">Le paiement n'a pas abouti. Vous pouvez reessayer.</p>
<a href="{{ path('app_order_payment', {id: order.id}) }}" class="btn-brutal font-black uppercase text-sm tracking-widest bg-indigo-600 text-white hover:bg-indigo-800 transition-all">
Reessayer le paiement
</a>
{% else %}
<div class="text-6xl mb-4 text-green-600">&#10003;</div>
<h1 class="text-3xl font-black uppercase tracking-tighter italic heading-page mb-4">Commande confirmee</h1>
<p class="font-bold text-gray-600 mb-2">Merci {{ order.firstName }} !</p>
<p class="text-sm font-bold text-gray-500 mb-6">Votre commande <span class="font-mono text-gray-900">{{ order.orderNumber }}</span> a bien ete enregistree.</p>
<div class="border-2 border-gray-900 p-4 bg-gray-50 text-left mb-6">
<p class="text-xs font-black uppercase tracking-widest text-gray-500 mb-2">Details</p>
{% for item in order.items %}
<div class="flex justify-between py-1 text-sm font-bold">
<span>{{ item.billetName }} x{{ item.quantity }}</span>
<span>{{ item.lineTotalHTDecimal|number_format(2, ',', ' ') }} &euro;</span>
</div>
{% endfor %}
<div class="flex justify-between pt-2 mt-2 border-t-2 border-gray-900 font-black">
<span>Total</span>
<span class="text-indigo-600">{{ order.totalHTDecimal|number_format(2, ',', ' ') }} &euro;</span>
</div>
</div>
<p class="text-xs font-bold text-gray-400 mb-6">Vos billets ont ete envoyes a {{ order.email }}</p>
<div class="flex flex-col gap-3">
<a href="{{ path('app_order_public', {orderNumber: order.orderNumber, token: order.accessToken}) }}" class="btn-brutal font-black uppercase text-sm tracking-widest hover:bg-indigo-600 hover:text-white transition-all">
Voir ma commande
</a>
<a href="{{ path('app_home') }}" class="text-sm font-bold text-gray-500 hover:text-gray-900 transition-colors">
Retour a l'accueil
</a>
</div>
{% endif %}
</div>
</div>
</div>
{% endblock %}
Reference in New Issue View Git Blame Copy Permalink