From 0923b54d001c678fb60087be25cac94437a71876 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Thu, 21 Feb 2008 15:53:46 +0000
Subject: [PATCH] Fix: Bad year saved for end planned date (service contracts)

---
 htdocs/contrat/fiche.php     |  73 ++++++------------
 htdocs/lib/functions.inc.php | 146 ++++++++++++++++++-----------------
 2 files changed, 98 insertions(+), 121 deletions(-)

diff --git a/htdocs/contrat/fiche.php b/htdocs/contrat/fiche.php
index e3cf61f2e01..776480c3284 100644
--- a/htdocs/contrat/fiche.php
+++ b/htdocs/contrat/fiche.php
@@ -36,37 +36,8 @@ $langs->load("companies");
 $langs->load("bills");
 $langs->load("products");
 
-
-if (! $user->rights->contrat->lire)
-accessforbidden();
-
-// Securite acces client et commerciaux
-$contratid = isset($_GET["id"])?$_GET["id"]:'';
-
-if ($user->societe_id > 0)
-{
-    $action = '';
-    $socid = $user->societe_id;
-}
-
-// Protection restriction commercial
-if ($contratid && !$user->rights->commercial->client->voir)
-{
-        $sql = "SELECT sc.fk_soc, c.fk_soc";
-        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."contrat as c";
-        $sql .= " WHERE c.rowid = ".$contratid;
-        if (!$user->rights->commercial->client->voir && !$user->societe_id > 0)
-        {
-        	$sql .= " AND sc.fk_soc = c.fk_soc AND sc.fk_user = ".$user->id;
-        }
-        if ($user->societe_id > 0) $sql .= " AND c.fk_soc = ".$socid;
-
-        if ( $db->query($sql) )
-        {
-          if ( $db->num_rows() == 0) accessforbidden();
-        }
-}
-
+// Security check
+restrictedArea($user,'contrat',$contratid,'contrat');
 
 
 
@@ -112,14 +83,14 @@ if ($_POST["mode"]=='predefined')
 {
 	$date_start='';
 	$date_end='';
-  if ($_POST["date_startmonth"] && $_POST["date_startday"] && $_POST["date_startyear"])
-  {
-    $date_start=dolibarr_mktime(12, 0 , 0, $_POST["date_startmonth"], $_POST["date_startday"], $_POST["date_startyear"]);
-  }
-  if ($_POST["date_endmonth"] && $_POST["date_endday"] && $_POST["date_endyear"])
-  {
-    $date_end=dolibarr_mktime(12, 0 , 0, $_POST["date_endmonth"], $_POST["date_endday"], $_POST["date_endyear"]);
-  }
+	if ($_POST["date_startmonth"] && $_POST["date_startday"] && $_POST["date_startyear"])
+	{
+		$date_start=dolibarr_mktime(12, 0 , 0, $_POST["date_startmonth"], $_POST["date_startday"], $_POST["date_startyear"]);
+	}
+	if ($_POST["date_endmonth"] && $_POST["date_endday"] && $_POST["date_endyear"])
+	{
+		$date_end=dolibarr_mktime(12, 0 , 0, $_POST["date_endmonth"], $_POST["date_endday"], $_POST["date_endyear"]);
+	}
 }
 
 // Si ajout champ produit libre
@@ -127,14 +98,14 @@ if ($_POST["mode"]=='libre')
 {
 	$date_start_sl='';
 	$date_end_sl='';
-  if ($_POST["date_start_slmonth"] && $_POST["date_start_slday"] && $_POST["date_start_slyear"])
-  {
-    $date_start_sl=dolibarr_mktime(12, 0 , 0, $_POST["date_start_slmonth"], $_POST["date_start_slday"], $_POST["date_start_slyear"]);
-  }
-  if ($_POST["date_end_slmonth"] && $_POST["date_end_slday"] && $_POST["date_end_slyear"])
-  {
-    $date_end_sl=dolibarr_mktime(12, 0 , 0, $_POST["date_end_slmonth"], $_POST["date_end_slday"], $_POST["date_end_slyear"]);
-  }
+	if ($_POST["date_start_slmonth"] && $_POST["date_start_slday"] && $_POST["date_start_slyear"])
+	{
+		$date_start_sl=dolibarr_mktime(12, 0 , 0, $_POST["date_start_slmonth"], $_POST["date_start_slday"], $_POST["date_start_slyear"]);
+	}
+	if ($_POST["date_end_slmonth"] && $_POST["date_end_slday"] && $_POST["date_end_slyear"])
+	{
+		$date_end_sl=dolibarr_mktime(12, 0 , 0, $_POST["date_end_slmonth"], $_POST["date_end_slday"], $_POST["date_end_slyear"]);
+	}
 }
 
 // Param si updateligne
@@ -237,7 +208,7 @@ if ($_POST["action"] == 'addligne' && $user->rights->contrat->creer)
 			}
 			if ($_POST['date_endyear'] && $_POST['date_endmonth'] && $_POST['date_endday'])
 			{
-				$date_end=dolibarr_mktime(12,0,0,$_POST['date_endmonth'],$_POST['date_endday'],$_POST['date_endmonth']);
+				$date_end=dolibarr_mktime(12,0,0,$_POST['date_endmonth'],$_POST['date_endday'],$_POST['date_endyear']);
 			}
 		}
 
@@ -1114,7 +1085,7 @@ else
 			$var=false;
 
 			// Service sur produit predefini
-			print '<form name="addligne" action="fiche.php?id='.$id.'" method="post">';
+			print '<form name="addligne" action="'.$_SERVER["PHP_SELF"].'?id='.$id.'" method="post">';
 			print '<input type="hidden" name="action" value="addligne">';
 			print '<input type="hidden" name="mode" value="predefined">';
 			print '<input type="hidden" name="id" value="'.$id.'">';
@@ -1149,7 +1120,7 @@ else
 			$var=!$var;
 			
 			// Service libre
-			print '<form name="addligne_sl" action="fiche.php?id='.$id.'" method="post">';
+			print '<form name="addligne_sl" action="'.$_SERVER["PHP_SELF"].'?id='.$id.'" method="post">';
 			print '<input type="hidden" name="action" value="addligne">';
 			print '<input type="hidden" name="mode" value="libre">';
 			print '<input type="hidden" name="id" value="'.$id.'">';
@@ -1198,7 +1169,7 @@ else
         {
             print '<div class="tabsAction">';
 
-            if ($contrat->statut == 0 && $num)
+            if (($contrat->statut == 0 || $conf->global->CONTRAT_EDITWHENVALIDATED) && $num)
             {
                 print '<a class="butAction" href="fiche.php?id='.$id.'&amp;action=valid">'.$langs->trans("Validate").'</a>';
             }
diff --git a/htdocs/lib/functions.inc.php b/htdocs/lib/functions.inc.php
index 7f7b9f37288..347d4d45cd7 100644
--- a/htdocs/lib/functions.inc.php
+++ b/htdocs/lib/functions.inc.php
@@ -1227,77 +1227,83 @@ function info_admin($texte,$infoonimgalt=0)
      \param      dbtable       Table de la base correspondant au module (optionnel)
      \param      list          Défini si la page sert de liste et donc ne fonctionne pas avec un id
 */
- function restrictedArea($user, $modulename, $objectid='', $dbtablename='', $list=0)
- {
- 	global $db;
- 	
- 	if (!$modulename)
- 	{
- 		$modulename = 'societe';
- 		$list = 1;
- 	}
- 	
- 	$socid = 0;
- 	$nocreate = 0; 
- 	
- 	//si dbtable non défini, méme nom que le module
- 	if (!$dbtablename) $dbtablename = $modulename;
+function restrictedArea($user, $modulename, $objectid='', $dbtablename='', $list=0)
+{
+	global $db;
+	
+	// Clean parameters
+	if (!$modulename)
+	{
+		$modulename = 'societe';
+		$list = 1;
+	}
+	
+	$objectid = 0;
+	$socid = 0;
+	$nocreate = 0; 
+	
+	// Check permission from module
+	if (! $user->rights->$modulename->lire)
+	{
+		accessforbidden();
+	}
+	else if (!$user->rights->$modulename->creer)
+	{
+		$nocreate = 1;
+		if ($_GET["action"] == 'create' || $_POST["action"] == 'create')
+		{
+			accessforbidden();
+		}
+	}
+	
+	// Check permission from company affiliation
+	if ($user->societe_id > 0)
+	{
+		$_GET["action"] = '';
+		$_POST["action"] = '';
+		$socid = $user->societe_id;
+		if (!$objectid) $objectid = $socid;
+		if ($modulename == 'societe' && $socid <> $objectid) accessforbidden();
+	}
 
- 	if (!$user->rights->$modulename->lire)
- 	{
- 		accessforbidden();
- 	}
- 	else if (!$user->rights->$modulename->creer)
- 	{
- 		$nocreate = 1;
- 		if ($_GET["action"] == 'create' || $_POST["action"] == 'create')
- 		{
- 			accessforbidden();
- 		}
- 	}
- 	
- 	if ($user->societe_id > 0)
- 	{
-    $_GET["action"] = '';
-	  $_POST["action"] = '';
-    $socid = $user->societe_id;
-    if (!$objectid) $objectid = $socid;
-    if ($modulename == 'societe' && $socid <> $objectid) accessforbidden();
-  }
-
-  if ($objectid)
-  {
-  	if ($modulename == 'societe' && !$user->rights->commercial->client->voir && !$socid > 0)
-  	{
-  		$sql = "SELECT sc.fk_soc";
-      $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
-      $sql .= " WHERE sc.fk_soc = ".$objectid." AND sc.fk_user = ".$user->id;
-    }
-    else if (!$user->rights->commercial->client->voir || $socid > 0)
-    {
-  	  $sql = "SELECT sc.fk_soc, dbt.fk_soc";
-  	  $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX.$dbtablename." as dbt";
-  	  $sql .= " WHERE dbt.rowid = ".$objectid;
-      if (!$user->rights->commercial->client->voir && !$socid > 0)
-      {
-    	  $sql .= " AND sc.fk_soc = dbt.fk_soc AND sc.fk_user = ".$user->id;
-      }
-      if ($socid > 0) $sql .= " AND dbt.fk_soc = ".$socid;
-    }
-//print $sql;
-    if ($sql && $db->query($sql))
-    {
-      if ($db->num_rows() == 0)
-      {
-      	accessforbidden();
-      }
-    }
-  }
-  else if ((!$objectid && $list==0) && $nocreate == 1)
-  {
-  	accessforbidden();
-  }
-  return $objectid;
+	if ($objectid)
+	{
+		if ($modulename == 'societe' && ! $user->rights->commercial->client->voir && ! $socid > 0)
+		{
+			$sql = "SELECT sc.fk_soc";
+			$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
+			$sql .= " WHERE sc.fk_soc = ".$objectid." AND sc.fk_user = ".$user->id;
+		}
+		else if (! $user->rights->commercial->client->voir || $socid > 0)
+		{
+			// Si dbtable non défini, méme nom que le module
+			if (!$dbtablename) $dbtablename = $modulename;
+			
+			$sql = "SELECT sc.fk_soc, dbt.fk_soc";
+			$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX.$dbtablename." as dbt";
+			$sql .= " WHERE dbt.rowid = ".$objectid;
+			if (!$user->rights->commercial->client->voir && !$socid > 0)
+			{
+				$sql .= " AND sc.fk_soc = dbt.fk_soc AND sc.fk_user = ".$user->id;
+			}
+			if ($socid > 0) $sql .= " AND dbt.fk_soc = ".$socid;
+		}
+		//print $sql;
+		if ($sql)
+		{
+			$resql=$db->query($sql);
+			if ($resql && $db->num_rows($resql) == 0)
+			{
+				accessforbidden();
+			}
+		}
+	}
+	else if ((!$objectid && $list==0) && $nocreate == 1)
+	{
+		accessforbidden();
+	}
+	
+	return $objectid;
 }