lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: Controle scurit user externes sur accs fichier par wrapper

Browse Source 
Qual: Utilisation de isproduct() et isservice()  au lieu des tests sur le type
This commit is contained in:
Laurent Destailleur 2007-01-31 17:52:54 +00:00
parent 131cdca0c7
commit 18e989b311
30 changed files with 193 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/adherents/adherent.class.php
View File

@ -157,7 +157,7 @@ class Adherent
$this->nom,
$infos,
$infos,
"http://".$_SERVER["SERVER_NAME"]."/",
DOL_MAIN_URL_ROOT,
$this->societe,
$this->adresse,
$this->cp,

5
htdocs/comm/propal.php
View File

@ -54,7 +54,6 @@ if (isset($_GET["msg"])) { $mesg=urldecode($_GET["mesg"]); }
$year=isset($_GET["year"])?$_GET["year"]:"";
$month=isset($_GET["month"])?$_GET["month"]:"";
// Sécurité accés client
$socid='';
if ($_GET["socid"]) { $socid=$_GET["socid"]; }
@ -102,6 +101,7 @@ $NBLINES=4;
$form=new Form($db);
/******************************************************************************/
/* Actions */
/******************************************************************************/
@ -316,9 +316,12 @@ if ($_POST['action'] == 'setstatut' && $user->rights->propale->cloturer)
{
$propal = new Propal($db);
$propal->fetch($_GET['propalid']);
// prevent browser refresh from closing proposal several times
if ($propal->statut==1) {
$propal->cloture($user, $_POST['statut'], $_POST['note']);
}
}
}
/*
* Envoi de la propale par mail

15
htdocs/commande/fiche.php
View File

@ -57,9 +57,18 @@ if (!$user->rights->commande->lire) accessforbidden();
$socid=0;
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
$socid = $user->societe_id;
}
if ($user->societe_id >0 && isset($_GET["id"]) && $_GET["id"]>0)
{
$commande = new Commande($db);
$commande->fetch((int)$_GET['id']);
if ($user->societe_id != $commande->socid) {
accessforbidden();
}
}
// Récupération de l'id de projet
$projetid = 0;
@ -504,7 +513,7 @@ if ($_REQUEST['action'] == 'builddoc') // En get ou en post
}
// Efface les fichiers
if ($action=='remove_file')
if ($_REQUEST['action'] == 'remove_file')
{
$com = new Commande($db);

4
htdocs/compta/facture.php
View File

@ -1608,8 +1608,10 @@ else
if ($mesg) print $mesg.'<br>';
$fac = New Facture($db);
if ( $fac->fetch($_GET['facid'], $user->societe_id) > 0)
if ($fac->fetch($_GET['facid']))
{
if ($user->societe_id>0 && $user->societe_id!=$fac->socid) accessforbidden('',0);
$soc = new Societe($db, $fac->socid);
$soc->fetch($fac->socid);
$absolute_discount=$soc->getCurrentDiscount();

57
htdocs/document.php
View File

@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2004-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2006 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004-2007 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005 Simon Tosser <simon@kornog-computing.com>
*
* This program is free software; you can redistribute it and/or modify
@ -32,8 +32,13 @@
require_once("main.inc.php");
// C'est un wrapper, donc header vierge
function llxHeader() { }
function llxHeader()
{
global $user,$langs;
top_menu($head, $title);
$menu = new Menu();
left_menu($menu->liste);
}
$action = $_GET["action"];
@ -54,8 +59,11 @@ if (eregi('\.tiff$',$original_file)) { $type='image/tiff'; $attachment = true;
//Suppression de la chaine de caractère ../ dans $original_file
$original_file = str_replace("../","/", "$original_file");
# find the subdirectory name as the reference
$refname=basename(dirname($original_file)."/");
$accessallowed=0;
$sqlprotectagainstexternals='';
if ($modulepart)
{
// On fait une vérification des droits et on définit le répertoire concern
@ -69,6 +77,7 @@ if ($modulepart)
$accessallowed=1;
}
$original_file=$conf->facture->dir_output.'/'.$original_file;
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."facture WHERE ref='$refname'";
}
// Wrapping pour les fiches intervention
@ -80,6 +89,7 @@ if ($modulepart)
$accessallowed=1;
}
$original_file=$conf->fichinter->dir_output.'/'.$original_file;
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='$refname'";
}
// Wrapping pour les prelevements
@ -91,6 +101,7 @@ if ($modulepart)
$accessallowed=1;
}
$original_file=$conf->prelevement->dir_output.'/'.$original_file;
//$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."$modulepart WHERE ref='$refname'";
}
// Wrapping pour les propales
@ -101,7 +112,9 @@ if ($modulepart)
{
$accessallowed=1;
}
$original_file=$conf->propal->dir_output.'/'.$original_file;
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."propal WHERE ref='$refname'";
}
// Wrapping pour les commandes
if ($modulepart == 'commande')
@ -112,6 +125,7 @@ if ($modulepart)
$accessallowed=1;
}
$original_file=$conf->commande->dir_output.'/'.$original_file;
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."commande WHERE ref='$refname'";
}
// Wrapping pour les commandes fournisseurs
@ -123,6 +137,7 @@ if ($modulepart)
$accessallowed=1;
}
$original_file=$conf->fournisseur->commande->dir_output.'/'.$original_file;
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."commande_fournisseur WHERE ref='$refname'";
}
// Wrapping pour les factures fournisseurs
@ -134,6 +149,7 @@ if ($modulepart)
$accessallowed=1;
}
$original_file=$conf->fournisseur->facture->dir_output.'/'.$original_file;
//$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."facture_fourn WHERE facnumber='$refname'";
}
// Wrapping pour les rapport de paiements
@ -146,6 +162,7 @@ if ($modulepart)
}
if ($user->societe_id > 0) $original_file=DOL_DATA_ROOT.'/private/'.$user->id.'/compta/'.$original_file;
else $original_file=$conf->compta->dir_output.'/payments/'.$original_file;
//$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='$refname'";
}
// Wrapping pour les exports de compta
@ -168,6 +185,7 @@ if ($modulepart)
$accessallowed=1;
}
$original_file=$conf->societe->dir_output.'/'.$original_file;
$sqlprotectagainstexternals = "SELECT idp as fk_soc FROM ".MAIN_DB_PREFIX."societe WHERE idp='$refname'";
}
// Wrapping pour les expedition
@ -179,6 +197,7 @@ if ($modulepart)
$accessallowed=1;
}
$original_file=$conf->expedition->dir_output.'/'.$original_file;
//$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='$refname'";
}
// Wrapping pour les bons de livraison
@ -190,6 +209,7 @@ if ($modulepart)
$accessallowed=1;
}
$original_file=$conf->livraison->dir_output.'/'.$original_file;
//$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='$refname'";
}
// Wrapping pour la telephonie
@ -201,6 +221,7 @@ if ($modulepart)
$accessallowed=1;
}
$original_file=$conf->telephonie->dir_output.'/'.$original_file;
//$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='$refname'";
}
// Wrapping pour les actions
@ -212,6 +233,7 @@ if ($modulepart)
$accessallowed=1;
//}
$original_file=$conf->actions->dir_output.'/'.$original_file;
//$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='$refname'";
}
// Wrapping pour les actions
@ -223,6 +245,7 @@ if ($modulepart)
$accessallowed=1;
//}
$original_file = $conf->actions->dir_temp."/".$original_file;
//$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='$refname'";
}
// Wrapping pour les produits et services
@ -234,6 +257,7 @@ if ($modulepart)
$accessallowed=1;
//}
$original_file=$conf->produit->dir_output.'/'.$original_file;
$sqlprotectagainstexternals = '';
}
// Wrapping pour les dons
@ -245,6 +269,7 @@ if ($modulepart)
$accessallowed=1;
}
$original_file=$conf->don->dir_output.'/'.$original_file;
$sqlprotectagainstexternals = '';
}
// Wrapping pour les remises de cheques
@ -257,6 +282,7 @@ if ($modulepart)
}
$original_file=DOL_DATA_ROOT.'/compta/bordereau/'.get_exdir(basename($original_file,".pdf")).$original_file;
$sqlprotectagainstexternals = '';
}
// Wrapping pour les exports
@ -266,15 +292,17 @@ if ($modulepart)
// le rep export qui est propre à l'utilisateur
$accessallowed=1;
$original_file=$conf->export->dir_temp.'/'.$user->id.'/'.$original_file;
$sqlprotectagainstexternals = '';
}
// Wrapping pour l'éditeur wysiwyg
if ($modulepart == 'editor')
{
// Aucun test necessaire car on force le rep de doanwload sur
// Aucun test necessaire car on force le rep de download sur
// le rep export qui est propre à l'utilisateur
$accessallowed=1;
$original_file=$conf->fckeditor->dir_output.'/'.$original_file;
$sqlprotectagainstexternals = '';
}
// Wrapping pour les backups
@ -285,11 +313,28 @@ if ($modulepart)
$accessallowed=1;
}
$original_file=DOL_DATA_ROOT.'/admin/temp/'.$original_file;
$sqlprotectagainstexternals = '';
}
}
// Basic protection (against external users only)
if ($user->societe_id>0)
{
if ($sqlprotectagainstexternals)
{
$resql = $db->query($sqlprotectagainstexternals);
if ($resql)
{
$obj = $db->fetch_object($resql);
$num=$db->num_rows($resql);
if ($num>0 && $user->societe_id != $obj->fk_soc)
$accessallowed=0;
}
}
}
// Limite accès si droits non corrects
if (! $accessallowed)
{
@ -315,7 +360,9 @@ if ($action == 'remove_file')
unlink($original_file);
dolibarr_syslog("document.php back to ".urldecode($urlsource));
Header("Location: ".urldecode($urlsource));
header("Location: ".urldecode($urlsource));
return;
}
else

6
htdocs/expedition/mods/pdf/pdf_expedition_rouget.modules.php
View File

@ -231,10 +231,10 @@ Class pdf_expedition_rouget extends ModelePdfExpedition
if ($prodser->ref)
{
$prefix_prodserv = "";
if($prodser->type == 0)
$prefix_prodserv = $outputlangs->transnoentities("Product")." ";
if($prodser->type == 1)
if($prodser->isservice())
$prefix_prodserv = $outputlangs->transnoentities("Service")." ";
else
$prefix_prodserv = $outputlangs->transnoentities("Product")." ";
$libelleproduitservice=$prefix_prodserv.$prodser->ref." - ".$libelleproduitservice;
}

2
htdocs/includes/boxes/box_produits.php
View File

@ -107,7 +107,7 @@ class box_produits extends ModeleBoxes {
$this->info_box_contents[$i][0] = array(
'align' => 'left',
'logo' => ($objp->fk_product_type?'object_service':'object_product'),
'logo' => ($objp->fk_product_type==1?'object_service':'object_product'),
'text' => $objp->label,
'url' => DOL_URL_ROOT."/product/fiche.php?id=".$objp->rowid);

2
htdocs/includes/boxes/box_services_vendus.php
View File

@ -117,7 +117,7 @@ class box_services_vendus extends ModeleBoxes {
}
$this->info_box_contents[$i][0] = array('align' => 'left',
'logo' => ($objp->fk_product_type?'object_service':'object_product'),
'logo' => ($objp->fk_product_type==1?'object_service':'object_product'),
'text' => $objp->label,
'maxlength' => 16,
'url' => DOL_URL_ROOT."/contrat/fiche.php?id=".$objp->rowid);

6
htdocs/includes/modules/commande/pdf_einstein.modules.php
View File

@ -238,10 +238,10 @@ class pdf_einstein extends ModelePDFCommandes
if ($prodser->ref)
{
$prefix_prodserv = "";
if($prodser->type == 0)
$prefix_prodserv = $outputlangs->transnoentities("Product")." ";
if($prodser->type == 1)
if($prodser->isservice())
$prefix_prodserv = $outputlangs->transnoentities("Service")." ";
else
$prefix_prodserv = $outputlangs->transnoentities("Product")." ";
$libelleproduitservice=$prefix_prodserv.$prodser->ref." - ".$libelleproduitservice;
}

6
htdocs/includes/modules/facture/pdf_crabe.modules.php
View File

@ -232,10 +232,10 @@ class pdf_crabe extends ModelePDFFactures
if ($prodser->ref)
{
$prefix_prodserv = "";
if($prodser->type == 0)
$prefix_prodserv = $outputlangs->transnoentities("Product")." ";
if($prodser->type == 1)
if($prodser->isservice())
$prefix_prodserv = $outputlangs->transnoentities("Service")." ";
else
$prefix_prodserv = $outputlangs->transnoentities("Product")." ";
$libelleproduitservice=$prefix_prodserv.$prodser->ref." - ".$libelleproduitservice;
}

6
htdocs/includes/modules/propale/pdf_propale_azur.modules.php
View File

@ -230,10 +230,10 @@ class pdf_propale_azur extends ModelePDFPropales
if ($prodser->ref)
{
$prefix_prodserv = "";
if($prodser->type == 0)
$prefix_prodserv = $outputlangs->transnoentities("Product")." ";
if($prodser->type == 1)
if($prodser->isservice())
$prefix_prodserv = $outputlangs->transnoentities("Service")." ";
else
$prefix_prodserv = $outputlangs->transnoentities("Product")." ";
$libelleproduitservice=$prefix_prodserv.$prodser->ref." - ".$libelleproduitservice;
}

5
htdocs/lib/functions.inc.php
View File

@ -1240,14 +1240,15 @@ function dol_loginfunction($notused,$pearstatus)
/**
\brief Affiche message erreur de type acces interdit et arrete le programme
\param message Force error message
\param printheader Affiche avant le header
\remarks L'appel a cette fonction termine le code.
*/
function accessforbidden($message='')
function accessforbidden($message='',$printheader=1)
{
global $user, $langs;
$langs->load("other");
llxHeader();
if ($printheader) llxHeader();
print '<div class="error">';
if (! $message) print $langs->trans("ErrorForbidden");
else print $message;

4
htdocs/lib/product.lib.php
View File

@ -57,7 +57,7 @@ function product_prepare_head($product, $user)
$h++;
}
if($product->type == 0)
if($product->isproduct())
{
if ($user->rights->barcode->lire)
{
@ -113,7 +113,7 @@ function product_prepare_head($product, $user)
$head[$h][2] = 'documents';
$h++;
if($product->type == 0) // Si produit stockable
if($product->isproduct()) // Si produit stockable
{
if ($conf->stock->enabled)
{

4
htdocs/master.inc.php
View File

@ -1,7 +1,7 @@
<?PHP
/* Copyright (C) 2002-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2003 Xavier Dutoit <doli@sydesy.com>
* Copyright (C) 2004-2006 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004-2007 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004 Sebastien Di Cintio <sdicintio@ressource-toi.org>
* Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
* Copyright (C) 2005-2006 Regis Houssin <regis.houssin@cap-networks.com>
@ -74,7 +74,7 @@ if (! $dolibarr_main_data_root) {
}
define('DOL_DOCUMENT_ROOT', $dolibarr_main_document_root);
define('DOL_DATA_ROOT', $dolibarr_main_data_root);
define('DOL_MAIN_URL_ROOT', $dolibarr_main_url_root);
$uri=eregi_replace('^http(s?)://','',$dolibarr_main_url_root);
$pos = strstr ($uri, '/'); // $pos contient alors url sans nom domaine
if ($pos == '/') $pos = ''; // si $pos vaut /, on le met a ''

17
htdocs/product.class.php
View File

@ -2524,5 +2524,22 @@ class Product
{
}
function isproduct() {
if ($this->type != 1) {
return 1;
} else {
return 0;
}
}
function isservice() {
if ($this->type==1) {
return 1;
} else {
return 0;
}
}
}
?>

3
htdocs/product/barcode.php
View File

@ -40,9 +40,6 @@ $user->getrights('barcode');
if (!$user->rights->barcode->lire)
accessforbidden();
$types[0] = $langs->trans("Product");
$types[1] = $langs->trans("Service");
/*
* Affiche historique prix
*/

2
htdocs/product/canvas/product.livre.class.php
View File

@ -447,7 +447,7 @@ class ProductLivre extends Product
*/
function LoadListDatas($limit, $offset, $sortfield, $sortorder)
{
$sql = 'SELECT p.rowid, p.ref, p.label, pl.px_feuillet as price, p.fk_product_type,';
$sql = 'SELECT p.rowid, p.ref, p.label, pl.px_feuillet as price, ';
$sql.= ' p.duration, p.envente as statut, p.stock_loc';
$sql.= ',pl.pages';
$sql.= ',SUM(fd.qty) as ventes';

31
htdocs/product/fiche.php
View File

@ -44,9 +44,6 @@ $mesg = '';
if (!$user->rights->produit->lire) accessforbidden();
$types[0] = $langs->trans("Product");
$types[1] = $langs->trans("Service");
/*
*
*/
@ -436,8 +433,8 @@ if ($_GET["action"] == 'create' && $user->rights->produit->creer)
print '<input type="hidden" name="action" value="add">';
print '<input type="hidden" name="type" value="'.$_GET["type"].'">'."\n";
if ($_GET["type"]==0) { $title=$langs->trans("NewProduct"); }
if ($_GET["type"]==1) { $title=$langs->trans("NewService"); }
if ($_GET["type"]==1) $title=$langs->trans("NewService");
else $title=$langs->trans("NewProduct");
print_fiche_titre($title);
print '<table class="border" width="100%">';
@ -484,7 +481,7 @@ if ($_GET["action"] == 'create' && $user->rights->produit->creer)
print '</select>';
print '</td></tr>';
if ($_GET["type"] == 0 && $conf->stock->enabled)
if ($_GET["type"] != 1 && $conf->stock->enabled)
{
print '<tr><td>Seuil stock</td><td>';
print '<input name="seuil_stock_alerte" size="4" value="0">';
@ -657,8 +654,8 @@ if ($_GET["id"] || $_GET["ref"])
$nblignes=6;
if ($product->type == 0 && $conf->stock->enabled) $nblignes++;
if ($product->type == 1) $nblignes++;
if ($product->isproduct() && $conf->stock->enabled) $nblignes++;
if ($product->isservice()) $nblignes++;
if ($product->is_photo_available($conf->produit->dir_output))
{
// Photo
@ -734,7 +731,7 @@ if ($_GET["id"] || $_GET["ref"])
print '<tr><td>'.$langs->trans("VATRate").'</td><td>'.$product->tva_tx.'%</td></tr>';
// Stock
if ($product->type == 0 && $conf->stock->enabled)
if ($product->isproduct() && $conf->stock->enabled)
{
print '<tr><td>'.$langs->trans("Stock").'</td>';
if ($product->no_stock)
@ -759,7 +756,7 @@ if ($_GET["id"] || $_GET["ref"])
print '<tr><td valign="top">'.$langs->trans("Description").'</td><td>'.nl2br($product->description).'</td></tr>';
// Durée
if ($product->type == 1)
if ($product->isservice())
{
print '<tr><td>'.$langs->trans("Duration").'</td><td>'.$product->duration_value.'&nbsp;';
if ($product->duration_value > 1)
@ -798,7 +795,11 @@ if ($_GET["id"] || $_GET["ref"])
*/
if ($_GET["action"] == 'edit' && $user->rights->produit->creer)
{
print_fiche_titre($langs->trans('Edit').' '.$types[$product->type].' : '.$product->ref, "");
if ($product->isservice()) {
print_fiche_titre($langs->trans('Edit').' '.$langs->trans('Service').' : '.$product->ref, "");
} else {
print_fiche_titre($langs->trans('Edit').' '.$langs->trans('Product').' : '.$product->ref, "");
}
if ($mesg) {
print '<br><div class="error">'.$mesg.'</div><br>';
@ -831,7 +832,7 @@ if ($_GET["id"] || $_GET["ref"])
print '<option value="0" selected="true">'.$langs->trans("NotOnSell").'</option>';
}
print '</td></tr>';
if ($product->type == 0 && $conf->stock->enabled)
if ($product->isproduct() && $conf->stock->enabled)
{
print "<tr>".'<td>Seuil stock</td><td colspan="2">';
print '<input name="seuil_stock_alerte" size="4" value="'.$product->seuil_stock_alerte.'">';
@ -860,7 +861,7 @@ if ($_GET["id"] || $_GET["ref"])
print "</td></tr>";
print "\n";
if ($product->type == 1)
if ($product->isservice())
{
print '<tr><td>'.$langs->trans("Duration").'</td><td colspan="2"><input name="duration_value" size="3" maxlength="5" value="'.$product->duration_value.'">';
print '&nbsp; ';
@ -939,14 +940,14 @@ if ($_GET["action"] == '')
}
/*
if ($product->type == 0 && $user->rights->commande->creer)
if ($product->isproduct() && $user->rights->commande->creer)
{
$langs->load('orders');
print '<a class="tabAction" href="fiche.php?action=fastappro&amp;id='.$product->id.'">';
print $langs->trans("CreateCustomerOrder").'</a>';
}
if ($product->type == 0 && $user->rights->fournisseur->commande->creer)
if ($product->isproduct() && $user->rights->fournisseur->commande->creer)
{
$langs->load('orders');
print '<a class="tabAction" href="fiche.php?action=fastappro&amp;id='.$product->id.'">';

9
htdocs/product/fournisseurs.php
View File

@ -46,10 +46,6 @@ $mesg = '';
if (! $user->rights->produit->lire) accessforbidden();
$types[0] = $langs->trans("Product");
$types[1] = $langs->trans("Service");
/*
* Actions
*/
@ -276,9 +272,10 @@ if ($_GET["id"] || $_GET["ref"])
print '<br>';
if ($user->rights->fournisseur->lire) {
// Titre liste des fournisseurs
print '<table class="noborder" width="100%">';
if ($product->type == 0) $nblignefour=4;
if ($product->isproduct()) $nblignefour=4;
else $nblignefour=4;
print '<tr class="liste_titre"><td valign="top">';
print $langs->trans("Suppliers").'</td>';
@ -297,6 +294,7 @@ if ($_GET["id"] || $_GET["ref"])
$sql.= " WHERE pf.fk_soc = s.idp AND pf.fk_product = ".$product->id;
$sql.= " ORDER BY lower(s.nom), pfp.quantity";
$resql="";
$resql=$db->query($sql);
if ($resql)
{
@ -355,6 +353,7 @@ if ($_GET["id"] || $_GET["ref"])
}
}
}
}
else
{
print $langs->trans("ErrorUnknown");

5
htdocs/product/index.php
View File

@ -161,7 +161,10 @@ if ($result)
else print img_object($langs->trans("ShowProduct"),"product");
print "</a> <a href=\"fiche.php?id=$objp->rowid\">$objp->ref</a></td>\n";
print '<td>'.dolibarr_trunc($objp->label,40).'</td>';
print '<td>'.$staticproduct->typeprodser[$objp->fk_product_type]."</td>";
print "<td>";
if ($objp->type==1) print $langs->trans("ShowService");
else print $langs->trans("ShowProduct");
print "</td>";
print '<td align="right" nowrap="nowrap">';
print $staticproduct->LibStatut($objp->envente,5);
print "</td>";

12
htdocs/product/liste.php
View File

@ -87,9 +87,8 @@ else
if (isset($_GET["type"]) || isset($_POST["type"]))
{
$type=isset($_GET["type"])?$_GET["type"]:$_POST["type"];
if ($type) { $texte = $langs->trans("Services"); }
else { $texte = $langs->trans("Products"); }
if ($type==1) { $texte = $langs->trans("Services"); }
else { $texte = $langs->trans("Products"); }
} else {
$texte = $langs->trans("ProductsAndServices");
}
@ -116,9 +115,14 @@ if ($sall)
{
$sql .= " AND (p.ref like '%".addslashes($sall)."%' OR p.label like '%".addslashes($sall)."%' OR p.description like '%".addslashes($sall)."%' OR p.note like '%".addslashes($sall)."%')";
}
# if the type is not 1, we show all products (type = 0,2,3)
if (strlen($_GET["type"]) || strlen($_POST["type"]))
{
$sql .= " AND p.fk_product_type = ".(strlen($_GET["type"])?$_GET["type"]:$_POST["type"]);
if ($type==1) {
$sql .= " AND p.fk_product_type = '1'";
} else {
$sql .= " AND p.fk_product_type <> '1'";
}
}
if ($sref)
{

4
htdocs/product/photos.php
View File

@ -45,10 +45,6 @@ $mesg = '';
if (!$user->rights->produit->lire) accessforbidden();
$types[0] = $langs->trans("Product");
$types[1] = $langs->trans("Service");
/*
* Actions
*/

5
htdocs/product/popuprop.php
View File

@ -116,7 +116,10 @@ if ($result)
else print img_object($langs->trans("ShowProduct"),"product");
print " ";
print $objp->ref.'</a></td>';
print '<td>'.$staticproduct->typeprodser[$objp->fk_product_type].'</td>';
print '<td>';
if ($objp->type==1) print $langs->trans("ShowService");
else print $langs->trans("ShowProduct");
print '</td>';
print '<td>'.$objp->label.'</td>';
print '<td align="right">'.$objp->c.'</td>';
print "</tr>\n";

3
htdocs/product/price.php
View File

@ -42,9 +42,6 @@ $user->getrights('produit');
if (!$user->rights->produit->lire)
accessforbidden();
$types[0] = $langs->trans("Product");
$types[1] = $langs->trans("Service");
$html = new Form($db);
/*

15
htdocs/product/reassort.php
View File

@ -101,9 +101,11 @@ if ($sall)
{
$sql .= " AND (p.ref like '%".addslashes($sall)."%' OR p.label like '%".addslashes($sall)."%' OR p.description like '%".addslashes($sall)."%' OR p.note like '%".addslashes($sall)."%')";
}
if (strlen($_GET["type"]) || strlen($_POST["type"]))
if ($type==1)
{
$sql .= " AND p.fk_product_type = ".(strlen($_GET["type"])?$_GET["type"]:$_POST["type"]);
$sql .= " AND p.fk_product_type = '1';
} else
$sql .= " AND p.fk_product_type <> '1';
}
if ($sref)
{
@ -154,8 +156,7 @@ if ($resql)
if (isset($_GET["type"]) || isset($_POST["type"]))
{
$type=isset($_GET["type"])?$_GET["type"]:$_POST["type"];
if ($type) { $texte = $langs->trans("Services"); }
if ($type==1) { $texte = $langs->trans("Services"); }
else { $texte = $langs->trans("Products"); }
} else {
$texte = $langs->trans("ProductsAndServices");
@ -189,7 +190,7 @@ if ($resql)
print_liste_field_titre($langs->trans("Ref"),"reassort.php", "p.ref","&amp;envente=$envente".(isset($type)?"&amp;type=$type":"")."&fourn_id=$fourn_id&amp;snom=$snom&amp;sref=$sref","","",$sortfield);
print_liste_field_titre($langs->trans("Label"),"reassort.php", "p.label","&envente=$envente&".(isset($type)?"&amp;type=$type":"")."&fourn_id=$fourn_id&amp;snom=$snom&amp;sref=$sref","","",$sortfield);
print_liste_field_titre($langs->trans("StockAvailable"),"reassort.php", "p.stock_dispo","&envente=$envente&".(isset($type)?"&amp;type=$type":"")."&fourn_id=$fourn_id&amp;snom=$snom&amp;sref=$sref","",'align="right"',$sortfield);
if ($conf->service->enabled && $type != 0) print_liste_field_titre($langs->trans("Duration"),"reassort.php", "p.duration","&envente=$envente&".(isset($type)?"&amp;type=$type":"")."&fourn_id=$fourn_id&amp;snom=$snom&amp;sref=$sref","",'align="center"',$sortfield);
if ($conf->service->enabled && $type == 1) print_liste_field_titre($langs->trans("Duration"),"reassort.php", "p.duration","&envente=$envente&".(isset($type)?"&amp;type=$type":"")."&fourn_id=$fourn_id&amp;snom=$snom&amp;sref=$sref","",'align="center"',$sortfield);
print_liste_field_titre($langs->trans("StockInstant"),"reassort.php", "stock","&envente=$envente&".(isset($type)?"&amp;type=$type":"")."&fourn_id=$fourn_id&amp;snom=$snom&amp;sref=$sref","",'align="right"',$sortfield);
print_liste_field_titre($langs->trans("Status"),"reassort.php", "p.envente","&envente=$envente&".(isset($type)?"&amp;type=$type":"")."&fourn_id=$fourn_id&amp;snom=$snom&amp;sref=$sref","",'align="right"',$sortfield);
print "</tr>\n";
@ -206,7 +207,7 @@ if ($resql)
print '<td class="liste_titre" valign="right">';
print '<input class="flat" type="text" name="snom" value="'.$snom.'">';
print '</td>';
if ($conf->service->enabled && $type != 0)
if ($conf->service->enabled && $type == 1)
{
print '<td class="liste_titre">';
print '&nbsp;';
@ -265,7 +266,7 @@ if ($resql)
print '<a href="fiche.php?id='.$objp->rowid.'">'.$objp->ref.'</a></td>';
print '<td>'.$objp->label.'</td>';
if ($conf->service->enabled && $type != 0)
if ($conf->service->enabled && $type == 1)
{
print '<td align="center">';
if (eregi('([0-9]+)y',$objp->duration,$regs)) print $regs[1].' '.$langs->trans("DurationYear");

38
htdocs/product/sousproduits/fiche.php
View File

@ -59,8 +59,6 @@ if ($action <> 're-edit')
if (!$user->rights->produit->lire) accessforbidden();
$html = new Form($db);
$types[0] = $langs->trans("Product");
$types[1] = $langs->trans("Service");
// Action association d'un sousproduit
if ($action == 'add_prod' &&
@ -102,7 +100,8 @@ if ($action == 'add_prod' &&
// action recherche des produits par mot-clé et/ou par catégorie
if($action == 'search' )
{
$sql = 'SELECT p.rowid, p.ref, p.label, p.price, p.fk_product_type';
#$sql = 'SELECT p.rowid, p.ref, p.label, p.price, p.fk_product_type';
$sql = 'SELECT p.rowid, p.ref, p.label, p.price';
$sql.= ' FROM '.MAIN_DB_PREFIX.'product as p';
if($conf->categorie->enabled && $catMere != -1)
{
@ -160,8 +159,8 @@ if ($id || $ref)
print "<tr>";
$nblignes=6;
if ($product->type == 0 && $conf->stock->enabled) $nblignes++;
if ($product->type == 1) $nblignes++;
if ($product->isproduct() && $conf->stock->enabled) $nblignes++;
if ($product->isservice()) $nblignes++;
// Reference
print '<td width="15%">'.$langs->trans("Ref").'</td><td>';
@ -220,7 +219,11 @@ if ($id || $ref)
if (($action == 'edit' || $action == 'search' || $action == 're-edit') && $user->rights->produit->creer)
{
print_fiche_titre($langs->trans('EditAssociate').' '.$types[$product->type].' : '.$product->ref, "");
if ($product->isservice()) {
print_fiche_titre($langs->trans('EditAssociate').' '.$langs->trans('Service').' : '.$product->ref, "");
} else {
print_fiche_titre($langs->trans('EditAssociate').' '.$langs->trans('Product').' : '.$product->ref, "");
}
if ($mesg) {
print '<br><div class="error">'.$mesg.'</div><br>';
@ -231,8 +234,8 @@ if ($id || $ref)
print "<tr>";
$nblignes=6;
if ($product->type == 0 && $conf->stock->enabled) $nblignes++;
if ($product->type == 1) $nblignes++;
if ($product->isproduct() && $conf->stock->enabled) $nblignes++;
if ($product->isservice()) $nblignes++;
// Reference
print '<td width="15%">'.$langs->trans("Ref").'</td><td>';
@ -294,6 +297,25 @@ if ($id || $ref)
$objp = $db->fetch_object($resql);
if($objp->rowid != $id)
{
// check if a product is not already a parent product of this one
$prod_arbo=new Product($db,$objp->rowid);
if ($prod_arbo->type==2 || $prod_arbo->type==3) {
$is_pere=0;
$prod_arbo->get_sousproduits_arbo ();
// associations sousproduits
$prods_arbo = $prod_arbo->get_arbo_each_prod();
if(sizeof($prods_arbo) > 0) {
foreach($prods_arbo as $key => $value) {
if ($value[1]==$id) {
$is_pere=1;
}
}
}
if ($is_pere==1) {
$i++;
continue;
}
}
print "\n<tr>";
print '<td>'.$objp->ref.'</td>';
print '<td>'.$objp->label.'</td>';

5
htdocs/product/stats/fiche.php
View File

@ -39,9 +39,6 @@ $langs->load("companies");
$langs->load("products");
$langs->load("bills");
$types[0] = $langs->trans("Product");
$types[1] = $langs->trans("Service");
if ($user->societe_id > 0)
{
$action = '';
@ -104,7 +101,7 @@ if ($_GET["id"] || $_GET["ref"])
print '</td></tr>';
// Stock
if ($product->type == 0 && $conf->stock->enabled)
if ($product->isproduct() && $conf->stock->enabled)
{
print '<tr><td>'.$langs->trans("Stock").'</td>';
if ($product->no_stock)

8
htdocs/product/stats/index.php
View File

@ -47,7 +47,7 @@ if ($conf->categorie->enabled && !$user->rights->categorie->voir)
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie_product as cp ON cp.fk_product = p.rowid";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie as c ON cp.fk_categorie = c.rowid";
}
$sql .= " WHERE p.fk_product_type = 0";
$sql .= " WHERE p.fk_product_type <> 1";
if ($conf->categorie->enabled && !$user->rights->categorie->voir)
{
$sql.= ' AND IFNULL(c.visible,1)=1';
@ -65,7 +65,7 @@ if ($conf->categorie->enabled && !$user->rights->categorie->voir)
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie_product as cp ON cp.fk_product = p.rowid";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie as c ON cp.fk_categorie = c.rowid";
}
$sql .= " WHERE p.envente = 0 AND p.fk_product_type = 0";
$sql .= " WHERE p.envente = 0 AND p.fk_product_type <> '1'";
if ($conf->categorie->enabled && !$user->rights->categorie->voir)
{
$sql.= ' AND IFNULL(c.visible,1)=1';
@ -111,7 +111,7 @@ if ($conf->service->enabled)
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie_product as cp ON cp.fk_product = p.rowid";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie as c ON cp.fk_categorie = c.rowid";
}
$sql .= " WHERE p.fk_product_type = 1";
$sql .= " WHERE p.fk_product_type = '1'";
if ($conf->categorie->enabled && !$user->rights->categorie->voir)
{
$sql.= ' AND IFNULL(c.visible,1)=1';
@ -129,7 +129,7 @@ if ($conf->service->enabled)
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie_product as cp ON cp.fk_product = p.rowid";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie as c ON cp.fk_categorie = c.rowid";
}
$sql .= " WHERE p.envente = 0 AND p.fk_product_type = 1";
$sql .= " WHERE p.envente = 0 AND p.fk_product_type = '1'";
if ($conf->categorie->enabled && !$user->rights->categorie->voir)
{
$sql.= ' AND IFNULL(c.visible,1)=1';

8
htdocs/product/stock/product.php
View File

@ -47,10 +47,6 @@ if (! $user->rights->produit->lire || ! $product->type == 0 || ! $conf->stock->e
}
$types[0] = $langs->trans("Product");
$types[1] = $langs->trans("Service");
if ($_POST["action"] == "create_stock")
{
$product = new Product($db);
@ -231,7 +227,9 @@ if ($_GET["id"] || $_GET["ref"])
print '<option value="0">'.$langs->trans("Add").'</option>';
print '<option value="1">'.$langs->trans("Delete").'</option>';
print '</select></td>';
print '<td width="20%">'.$langs->trans("NumberOfUnit").'</td><td width="20%"><input class="flat" name="nbpiece" size="10" value=""></td></tr>';
print '<td width="20%">'.$langs->trans("NumberOfUnit").'</td><td width="20%"><input class="flat" name="nbpiece" size="10" value=""></td>';
print '</tr>';
print '<tr><td colspan="5" align="center"><input type="submit" class="button" value="'.$langs->trans('Save').'">&nbsp;';
print '<input type="submit" class="button" name="cancel" value="'.$langs->trans("Cancel").'"></td></tr>';
print '</table>';

3
htdocs/product/traduction.php
View File

@ -40,9 +40,6 @@ $user->getrights('produit');
if (!$user->rights->produit->lire)
accessforbidden();
$types[0] = $langs->trans("Product");
$types[1] = $langs->trans("Service");
/*
* Actions
*/