From 18e989b31127b60d8228e1c1708c9d81102da442 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 31 Jan 2007 17:52:54 +0000 Subject: [PATCH] =?UTF-8?q?Fix:=20Controle=20s=E9curit=E9=20user=20externe?= =?UTF-8?q?s=20sur=20acc=E8s=20fichier=20par=20wrapper=20Qual:=20Utilisati?= =?UTF-8?q?on=20de=20isproduct()=20et=20isservice()=20=20au=20lieu=20des?= =?UTF-8?q?=20tests=20sur=20le=20type?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- htdocs/adherents/adherent.class.php | 2 +- htdocs/comm/propal.php | 5 +- htdocs/commande/fiche.php | 15 ++++- htdocs/compta/facture.php | 4 +- htdocs/document.php | 57 +++++++++++++++++-- .../pdf/pdf_expedition_rouget.modules.php | 6 +- htdocs/includes/boxes/box_produits.php | 2 +- htdocs/includes/boxes/box_services_vendus.php | 2 +- .../modules/commande/pdf_einstein.modules.php | 6 +- .../modules/facture/pdf_crabe.modules.php | 6 +- .../propale/pdf_propale_azur.modules.php | 6 +- htdocs/lib/functions.inc.php | 5 +- htdocs/lib/product.lib.php | 4 +- htdocs/master.inc.php | 4 +- htdocs/product.class.php | 17 ++++++ htdocs/product/barcode.php | 3 - htdocs/product/canvas/product.livre.class.php | 2 +- htdocs/product/fiche.php | 31 +++++----- htdocs/product/fournisseurs.php | 9 ++- htdocs/product/index.php | 5 +- htdocs/product/liste.php | 12 ++-- htdocs/product/photos.php | 4 -- htdocs/product/popuprop.php | 5 +- htdocs/product/price.php | 3 - htdocs/product/reassort.php | 15 ++--- htdocs/product/sousproduits/fiche.php | 38 ++++++++++--- htdocs/product/stats/fiche.php | 5 +- htdocs/product/stats/index.php | 8 +-- htdocs/product/stock/product.php | 8 +-- htdocs/product/traduction.php | 3 - 30 files changed, 193 insertions(+), 99 deletions(-) diff --git a/htdocs/adherents/adherent.class.php b/htdocs/adherents/adherent.class.php index 206cf63ef28..747a0ced42f 100644 --- a/htdocs/adherents/adherent.class.php +++ b/htdocs/adherents/adherent.class.php @@ -157,7 +157,7 @@ class Adherent $this->nom, $infos, $infos, - "http://".$_SERVER["SERVER_NAME"]."/", + DOL_MAIN_URL_ROOT, $this->societe, $this->adresse, $this->cp, diff --git a/htdocs/comm/propal.php b/htdocs/comm/propal.php index 68c4b14ee01..68ebb0e2110 100644 --- a/htdocs/comm/propal.php +++ b/htdocs/comm/propal.php @@ -54,7 +54,6 @@ if (isset($_GET["msg"])) { $mesg=urldecode($_GET["mesg"]); } $year=isset($_GET["year"])?$_GET["year"]:""; $month=isset($_GET["month"])?$_GET["month"]:""; - // Sécurité accés client $socid=''; if ($_GET["socid"]) { $socid=$_GET["socid"]; } @@ -102,6 +101,7 @@ $NBLINES=4; $form=new Form($db); + /******************************************************************************/ /* Actions */ /******************************************************************************/ @@ -316,9 +316,12 @@ if ($_POST['action'] == 'setstatut' && $user->rights->propale->cloturer) { $propal = new Propal($db); $propal->fetch($_GET['propalid']); + // prevent browser refresh from closing proposal several times + if ($propal->statut==1) { $propal->cloture($user, $_POST['statut'], $_POST['note']); } } +} /* * Envoi de la propale par mail diff --git a/htdocs/commande/fiche.php b/htdocs/commande/fiche.php index 772430d0a7c..ab8f01d8176 100644 --- a/htdocs/commande/fiche.php +++ b/htdocs/commande/fiche.php @@ -57,9 +57,18 @@ if (!$user->rights->commande->lire) accessforbidden(); $socid=0; if ($user->societe_id > 0) { - $action = ''; - $socid = $user->societe_id; + $socid = $user->societe_id; } +if ($user->societe_id >0 && isset($_GET["id"]) && $_GET["id"]>0) +{ + $commande = new Commande($db); + $commande->fetch((int)$_GET['id']); + if ($user->societe_id != $commande->socid) { + accessforbidden(); + } +} + + // Récupération de l'id de projet $projetid = 0; @@ -504,7 +513,7 @@ if ($_REQUEST['action'] == 'builddoc') // En get ou en post } // Efface les fichiers -if ($action=='remove_file') +if ($_REQUEST['action'] == 'remove_file') { $com = new Commande($db); diff --git a/htdocs/compta/facture.php b/htdocs/compta/facture.php index 3c6c6dcc54b..ebc52e5bf3f 100644 --- a/htdocs/compta/facture.php +++ b/htdocs/compta/facture.php @@ -1608,8 +1608,10 @@ else if ($mesg) print $mesg.'
'; $fac = New Facture($db); - if ( $fac->fetch($_GET['facid'], $user->societe_id) > 0) + if ($fac->fetch($_GET['facid'])) { + if ($user->societe_id>0 && $user->societe_id!=$fac->socid) accessforbidden('',0); + $soc = new Societe($db, $fac->socid); $soc->fetch($fac->socid); $absolute_discount=$soc->getCurrentDiscount(); diff --git a/htdocs/document.php b/htdocs/document.php index 17fea29b932..89fc702a936 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -1,6 +1,6 @@ - * Copyright (C) 2004-2006 Laurent Destailleur + * Copyright (C) 2004-2007 Laurent Destailleur * Copyright (C) 2005 Simon Tosser * * This program is free software; you can redistribute it and/or modify @@ -32,8 +32,13 @@ require_once("main.inc.php"); -// C'est un wrapper, donc header vierge -function llxHeader() { } +function llxHeader() +{ + global $user,$langs; + top_menu($head, $title); + $menu = new Menu(); + left_menu($menu->liste); +} $action = $_GET["action"]; @@ -54,8 +59,11 @@ if (eregi('\.tiff$',$original_file)) { $type='image/tiff'; $attachment = true; //Suppression de la chaine de caractère ../ dans $original_file $original_file = str_replace("../","/", "$original_file"); +# find the subdirectory name as the reference +$refname=basename(dirname($original_file)."/"); $accessallowed=0; +$sqlprotectagainstexternals=''; if ($modulepart) { // On fait une vérification des droits et on définit le répertoire concern @@ -69,6 +77,7 @@ if ($modulepart) $accessallowed=1; } $original_file=$conf->facture->dir_output.'/'.$original_file; + $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."facture WHERE ref='$refname'"; } // Wrapping pour les fiches intervention @@ -80,6 +89,7 @@ if ($modulepart) $accessallowed=1; } $original_file=$conf->fichinter->dir_output.'/'.$original_file; + $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='$refname'"; } // Wrapping pour les prelevements @@ -91,6 +101,7 @@ if ($modulepart) $accessallowed=1; } $original_file=$conf->prelevement->dir_output.'/'.$original_file; + //$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."$modulepart WHERE ref='$refname'"; } // Wrapping pour les propales @@ -101,7 +112,9 @@ if ($modulepart) { $accessallowed=1; } + $original_file=$conf->propal->dir_output.'/'.$original_file; + $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."propal WHERE ref='$refname'"; } // Wrapping pour les commandes if ($modulepart == 'commande') @@ -112,6 +125,7 @@ if ($modulepart) $accessallowed=1; } $original_file=$conf->commande->dir_output.'/'.$original_file; + $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."commande WHERE ref='$refname'"; } // Wrapping pour les commandes fournisseurs @@ -123,6 +137,7 @@ if ($modulepart) $accessallowed=1; } $original_file=$conf->fournisseur->commande->dir_output.'/'.$original_file; + $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."commande_fournisseur WHERE ref='$refname'"; } // Wrapping pour les factures fournisseurs @@ -134,6 +149,7 @@ if ($modulepart) $accessallowed=1; } $original_file=$conf->fournisseur->facture->dir_output.'/'.$original_file; + //$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."facture_fourn WHERE facnumber='$refname'"; } // Wrapping pour les rapport de paiements @@ -146,6 +162,7 @@ if ($modulepart) } if ($user->societe_id > 0) $original_file=DOL_DATA_ROOT.'/private/'.$user->id.'/compta/'.$original_file; else $original_file=$conf->compta->dir_output.'/payments/'.$original_file; + //$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='$refname'"; } // Wrapping pour les exports de compta @@ -168,6 +185,7 @@ if ($modulepart) $accessallowed=1; } $original_file=$conf->societe->dir_output.'/'.$original_file; + $sqlprotectagainstexternals = "SELECT idp as fk_soc FROM ".MAIN_DB_PREFIX."societe WHERE idp='$refname'"; } // Wrapping pour les expedition @@ -179,6 +197,7 @@ if ($modulepart) $accessallowed=1; } $original_file=$conf->expedition->dir_output.'/'.$original_file; + //$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='$refname'"; } // Wrapping pour les bons de livraison @@ -190,6 +209,7 @@ if ($modulepart) $accessallowed=1; } $original_file=$conf->livraison->dir_output.'/'.$original_file; + //$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='$refname'"; } // Wrapping pour la telephonie @@ -201,6 +221,7 @@ if ($modulepart) $accessallowed=1; } $original_file=$conf->telephonie->dir_output.'/'.$original_file; + //$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='$refname'"; } // Wrapping pour les actions @@ -212,6 +233,7 @@ if ($modulepart) $accessallowed=1; //} $original_file=$conf->actions->dir_output.'/'.$original_file; + //$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='$refname'"; } // Wrapping pour les actions @@ -223,6 +245,7 @@ if ($modulepart) $accessallowed=1; //} $original_file = $conf->actions->dir_temp."/".$original_file; + //$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='$refname'"; } // Wrapping pour les produits et services @@ -234,6 +257,7 @@ if ($modulepart) $accessallowed=1; //} $original_file=$conf->produit->dir_output.'/'.$original_file; + $sqlprotectagainstexternals = ''; } // Wrapping pour les dons @@ -245,6 +269,7 @@ if ($modulepart) $accessallowed=1; } $original_file=$conf->don->dir_output.'/'.$original_file; + $sqlprotectagainstexternals = ''; } // Wrapping pour les remises de cheques @@ -257,6 +282,7 @@ if ($modulepart) } $original_file=DOL_DATA_ROOT.'/compta/bordereau/'.get_exdir(basename($original_file,".pdf")).$original_file; + $sqlprotectagainstexternals = ''; } // Wrapping pour les exports @@ -266,15 +292,17 @@ if ($modulepart) // le rep export qui est propre à l'utilisateur $accessallowed=1; $original_file=$conf->export->dir_temp.'/'.$user->id.'/'.$original_file; + $sqlprotectagainstexternals = ''; } // Wrapping pour l'éditeur wysiwyg if ($modulepart == 'editor') { - // Aucun test necessaire car on force le rep de doanwload sur + // Aucun test necessaire car on force le rep de download sur // le rep export qui est propre à l'utilisateur $accessallowed=1; $original_file=$conf->fckeditor->dir_output.'/'.$original_file; + $sqlprotectagainstexternals = ''; } // Wrapping pour les backups @@ -285,11 +313,28 @@ if ($modulepart) $accessallowed=1; } $original_file=DOL_DATA_ROOT.'/admin/temp/'.$original_file; + $sqlprotectagainstexternals = ''; } } +// Basic protection (against external users only) +if ($user->societe_id>0) +{ + if ($sqlprotectagainstexternals) + { + $resql = $db->query($sqlprotectagainstexternals); + if ($resql) + { + $obj = $db->fetch_object($resql); + $num=$db->num_rows($resql); + if ($num>0 && $user->societe_id != $obj->fk_soc) + $accessallowed=0; + } + } +} + // Limite accès si droits non corrects if (! $accessallowed) { @@ -315,7 +360,9 @@ if ($action == 'remove_file') unlink($original_file); dolibarr_syslog("document.php back to ".urldecode($urlsource)); - Header("Location: ".urldecode($urlsource)); + + header("Location: ".urldecode($urlsource)); + return; } else diff --git a/htdocs/expedition/mods/pdf/pdf_expedition_rouget.modules.php b/htdocs/expedition/mods/pdf/pdf_expedition_rouget.modules.php index 5ff65315104..edee135fa93 100644 --- a/htdocs/expedition/mods/pdf/pdf_expedition_rouget.modules.php +++ b/htdocs/expedition/mods/pdf/pdf_expedition_rouget.modules.php @@ -231,10 +231,10 @@ Class pdf_expedition_rouget extends ModelePdfExpedition if ($prodser->ref) { $prefix_prodserv = ""; - if($prodser->type == 0) - $prefix_prodserv = $outputlangs->transnoentities("Product")." "; - if($prodser->type == 1) + if($prodser->isservice()) $prefix_prodserv = $outputlangs->transnoentities("Service")." "; + else + $prefix_prodserv = $outputlangs->transnoentities("Product")." "; $libelleproduitservice=$prefix_prodserv.$prodser->ref." - ".$libelleproduitservice; } diff --git a/htdocs/includes/boxes/box_produits.php b/htdocs/includes/boxes/box_produits.php index 1a42aa55ff1..41f6501728c 100644 --- a/htdocs/includes/boxes/box_produits.php +++ b/htdocs/includes/boxes/box_produits.php @@ -107,7 +107,7 @@ class box_produits extends ModeleBoxes { $this->info_box_contents[$i][0] = array( 'align' => 'left', - 'logo' => ($objp->fk_product_type?'object_service':'object_product'), + 'logo' => ($objp->fk_product_type==1?'object_service':'object_product'), 'text' => $objp->label, 'url' => DOL_URL_ROOT."/product/fiche.php?id=".$objp->rowid); diff --git a/htdocs/includes/boxes/box_services_vendus.php b/htdocs/includes/boxes/box_services_vendus.php index e610cc6d4c2..ed6963b9fc4 100644 --- a/htdocs/includes/boxes/box_services_vendus.php +++ b/htdocs/includes/boxes/box_services_vendus.php @@ -117,7 +117,7 @@ class box_services_vendus extends ModeleBoxes { } $this->info_box_contents[$i][0] = array('align' => 'left', - 'logo' => ($objp->fk_product_type?'object_service':'object_product'), + 'logo' => ($objp->fk_product_type==1?'object_service':'object_product'), 'text' => $objp->label, 'maxlength' => 16, 'url' => DOL_URL_ROOT."/contrat/fiche.php?id=".$objp->rowid); diff --git a/htdocs/includes/modules/commande/pdf_einstein.modules.php b/htdocs/includes/modules/commande/pdf_einstein.modules.php index a4f586d46c8..78ff0b84c11 100644 --- a/htdocs/includes/modules/commande/pdf_einstein.modules.php +++ b/htdocs/includes/modules/commande/pdf_einstein.modules.php @@ -238,10 +238,10 @@ class pdf_einstein extends ModelePDFCommandes if ($prodser->ref) { $prefix_prodserv = ""; - if($prodser->type == 0) - $prefix_prodserv = $outputlangs->transnoentities("Product")." "; - if($prodser->type == 1) + if($prodser->isservice()) $prefix_prodserv = $outputlangs->transnoentities("Service")." "; + else + $prefix_prodserv = $outputlangs->transnoentities("Product")." "; $libelleproduitservice=$prefix_prodserv.$prodser->ref." - ".$libelleproduitservice; } diff --git a/htdocs/includes/modules/facture/pdf_crabe.modules.php b/htdocs/includes/modules/facture/pdf_crabe.modules.php index b8cc92e3e99..6b8151b59d0 100644 --- a/htdocs/includes/modules/facture/pdf_crabe.modules.php +++ b/htdocs/includes/modules/facture/pdf_crabe.modules.php @@ -232,10 +232,10 @@ class pdf_crabe extends ModelePDFFactures if ($prodser->ref) { $prefix_prodserv = ""; - if($prodser->type == 0) - $prefix_prodserv = $outputlangs->transnoentities("Product")." "; - if($prodser->type == 1) + if($prodser->isservice()) $prefix_prodserv = $outputlangs->transnoentities("Service")." "; + else + $prefix_prodserv = $outputlangs->transnoentities("Product")." "; $libelleproduitservice=$prefix_prodserv.$prodser->ref." - ".$libelleproduitservice; } diff --git a/htdocs/includes/modules/propale/pdf_propale_azur.modules.php b/htdocs/includes/modules/propale/pdf_propale_azur.modules.php index 1104d3e4183..8a0dcb760e7 100644 --- a/htdocs/includes/modules/propale/pdf_propale_azur.modules.php +++ b/htdocs/includes/modules/propale/pdf_propale_azur.modules.php @@ -230,10 +230,10 @@ class pdf_propale_azur extends ModelePDFPropales if ($prodser->ref) { $prefix_prodserv = ""; - if($prodser->type == 0) - $prefix_prodserv = $outputlangs->transnoentities("Product")." "; - if($prodser->type == 1) + if($prodser->isservice()) $prefix_prodserv = $outputlangs->transnoentities("Service")." "; + else + $prefix_prodserv = $outputlangs->transnoentities("Product")." "; $libelleproduitservice=$prefix_prodserv.$prodser->ref." - ".$libelleproduitservice; } diff --git a/htdocs/lib/functions.inc.php b/htdocs/lib/functions.inc.php index 0aac4b34e3e..b901d10b97b 100644 --- a/htdocs/lib/functions.inc.php +++ b/htdocs/lib/functions.inc.php @@ -1240,14 +1240,15 @@ function dol_loginfunction($notused,$pearstatus) /** \brief Affiche message erreur de type acces interdit et arrete le programme \param message Force error message + \param printheader Affiche avant le header \remarks L'appel a cette fonction termine le code. */ -function accessforbidden($message='') +function accessforbidden($message='',$printheader=1) { global $user, $langs; $langs->load("other"); - llxHeader(); + if ($printheader) llxHeader(); print '
'; if (! $message) print $langs->trans("ErrorForbidden"); else print $message; diff --git a/htdocs/lib/product.lib.php b/htdocs/lib/product.lib.php index 27f58f022e2..e57b9f80b81 100644 --- a/htdocs/lib/product.lib.php +++ b/htdocs/lib/product.lib.php @@ -57,7 +57,7 @@ function product_prepare_head($product, $user) $h++; } - if($product->type == 0) + if($product->isproduct()) { if ($user->rights->barcode->lire) { @@ -113,7 +113,7 @@ function product_prepare_head($product, $user) $head[$h][2] = 'documents'; $h++; - if($product->type == 0) // Si produit stockable + if($product->isproduct()) // Si produit stockable { if ($conf->stock->enabled) { diff --git a/htdocs/master.inc.php b/htdocs/master.inc.php index a0a7420cfd0..95108c97002 100644 --- a/htdocs/master.inc.php +++ b/htdocs/master.inc.php @@ -1,7 +1,7 @@ * Copyright (C) 2003 Xavier Dutoit - * Copyright (C) 2004-2006 Laurent Destailleur + * Copyright (C) 2004-2007 Laurent Destailleur * Copyright (C) 2004 Sebastien Di Cintio * Copyright (C) 2004 Benoit Mortier * Copyright (C) 2005-2006 Regis Houssin @@ -74,7 +74,7 @@ if (! $dolibarr_main_data_root) { } define('DOL_DOCUMENT_ROOT', $dolibarr_main_document_root); define('DOL_DATA_ROOT', $dolibarr_main_data_root); - +define('DOL_MAIN_URL_ROOT', $dolibarr_main_url_root); $uri=eregi_replace('^http(s?)://','',$dolibarr_main_url_root); $pos = strstr ($uri, '/'); // $pos contient alors url sans nom domaine if ($pos == '/') $pos = ''; // si $pos vaut /, on le met a '' diff --git a/htdocs/product.class.php b/htdocs/product.class.php index 4612966b724..fc7a6e65d53 100644 --- a/htdocs/product.class.php +++ b/htdocs/product.class.php @@ -2524,5 +2524,22 @@ class Product { } + + function isproduct() { + if ($this->type != 1) { + return 1; + } else { + return 0; + } + } + + function isservice() { + if ($this->type==1) { + return 1; + } else { + return 0; + } + } + } ?> diff --git a/htdocs/product/barcode.php b/htdocs/product/barcode.php index c25dac980d5..62fe31d6ef8 100644 --- a/htdocs/product/barcode.php +++ b/htdocs/product/barcode.php @@ -40,9 +40,6 @@ $user->getrights('barcode'); if (!$user->rights->barcode->lire) accessforbidden(); -$types[0] = $langs->trans("Product"); -$types[1] = $langs->trans("Service"); - /* * Affiche historique prix */ diff --git a/htdocs/product/canvas/product.livre.class.php b/htdocs/product/canvas/product.livre.class.php index 5b758190121..aac79f11751 100644 --- a/htdocs/product/canvas/product.livre.class.php +++ b/htdocs/product/canvas/product.livre.class.php @@ -447,7 +447,7 @@ class ProductLivre extends Product */ function LoadListDatas($limit, $offset, $sortfield, $sortorder) { - $sql = 'SELECT p.rowid, p.ref, p.label, pl.px_feuillet as price, p.fk_product_type,'; + $sql = 'SELECT p.rowid, p.ref, p.label, pl.px_feuillet as price, '; $sql.= ' p.duration, p.envente as statut, p.stock_loc'; $sql.= ',pl.pages'; $sql.= ',SUM(fd.qty) as ventes'; diff --git a/htdocs/product/fiche.php b/htdocs/product/fiche.php index 0aa0ed6676b..4e4131eb86d 100644 --- a/htdocs/product/fiche.php +++ b/htdocs/product/fiche.php @@ -44,9 +44,6 @@ $mesg = ''; if (!$user->rights->produit->lire) accessforbidden(); -$types[0] = $langs->trans("Product"); -$types[1] = $langs->trans("Service"); - /* * */ @@ -436,8 +433,8 @@ if ($_GET["action"] == 'create' && $user->rights->produit->creer) print ''; print ''."\n"; - if ($_GET["type"]==0) { $title=$langs->trans("NewProduct"); } - if ($_GET["type"]==1) { $title=$langs->trans("NewService"); } + if ($_GET["type"]==1) $title=$langs->trans("NewService"); + else $title=$langs->trans("NewProduct"); print_fiche_titre($title); print ''; @@ -484,7 +481,7 @@ if ($_GET["action"] == 'create' && $user->rights->produit->creer) print ''; print ''; - if ($_GET["type"] == 0 && $conf->stock->enabled) + if ($_GET["type"] != 1 && $conf->stock->enabled) { print ''; // Stock - if ($product->type == 0 && $conf->stock->enabled) + if ($product->isproduct() && $conf->stock->enabled) { print ''; if ($product->no_stock) @@ -759,7 +756,7 @@ if ($_GET["id"] || $_GET["ref"]) print ''; // Durée - if ($product->type == 1) + if ($product->isservice()) { print ''; - if ($product->type == 0 && $conf->stock->enabled) + if ($product->isproduct() && $conf->stock->enabled) { print "".'"; print "\n"; - if ($product->type == 1) + if ($product->isservice()) { print '
Seuil stock'; print ''; @@ -657,8 +654,8 @@ if ($_GET["id"] || $_GET["ref"]) $nblignes=6; - if ($product->type == 0 && $conf->stock->enabled) $nblignes++; - if ($product->type == 1) $nblignes++; + if ($product->isproduct() && $conf->stock->enabled) $nblignes++; + if ($product->isservice()) $nblignes++; if ($product->is_photo_available($conf->produit->dir_output)) { // Photo @@ -734,7 +731,7 @@ if ($_GET["id"] || $_GET["ref"]) print '
'.$langs->trans("VATRate").''.$product->tva_tx.'%
'.$langs->trans("Stock").'
'.$langs->trans("Description").''.nl2br($product->description).'
'.$langs->trans("Duration").''.$product->duration_value.' '; if ($product->duration_value > 1) @@ -798,7 +795,11 @@ if ($_GET["id"] || $_GET["ref"]) */ if ($_GET["action"] == 'edit' && $user->rights->produit->creer) { - print_fiche_titre($langs->trans('Edit').' '.$types[$product->type].' : '.$product->ref, ""); + if ($product->isservice()) { + print_fiche_titre($langs->trans('Edit').' '.$langs->trans('Service').' : '.$product->ref, ""); + } else { + print_fiche_titre($langs->trans('Edit').' '.$langs->trans('Product').' : '.$product->ref, ""); + } if ($mesg) { print '
'.$mesg.'

'; @@ -831,7 +832,7 @@ if ($_GET["id"] || $_GET["ref"]) print ''; } print '
Seuil stock'; print ''; @@ -860,7 +861,7 @@ if ($_GET["id"] || $_GET["ref"]) print "
'.$langs->trans("Duration").''; print '  '; @@ -939,14 +940,14 @@ if ($_GET["action"] == '') } /* - if ($product->type == 0 && $user->rights->commande->creer) + if ($product->isproduct() && $user->rights->commande->creer) { $langs->load('orders'); print ''; print $langs->trans("CreateCustomerOrder").''; } - if ($product->type == 0 && $user->rights->fournisseur->commande->creer) + if ($product->isproduct() && $user->rights->fournisseur->commande->creer) { $langs->load('orders'); print ''; diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index 7721672c2b7..91e54a8c214 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -46,10 +46,6 @@ $mesg = ''; if (! $user->rights->produit->lire) accessforbidden(); -$types[0] = $langs->trans("Product"); -$types[1] = $langs->trans("Service"); - - /* * Actions */ @@ -276,9 +272,10 @@ if ($_GET["id"] || $_GET["ref"]) print '
'; + if ($user->rights->fournisseur->lire) { // Titre liste des fournisseurs print ''; - if ($product->type == 0) $nblignefour=4; + if ($product->isproduct()) $nblignefour=4; else $nblignefour=4; print ''; @@ -297,6 +294,7 @@ if ($_GET["id"] || $_GET["ref"]) $sql.= " WHERE pf.fk_soc = s.idp AND pf.fk_product = ".$product->id; $sql.= " ORDER BY lower(s.nom), pfp.quantity"; + $resql=""; $resql=$db->query($sql); if ($resql) { @@ -355,6 +353,7 @@ if ($_GET["id"] || $_GET["ref"]) } } } +} else { print $langs->trans("ErrorUnknown"); diff --git a/htdocs/product/index.php b/htdocs/product/index.php index 51f657a20d5..e273d545008 100644 --- a/htdocs/product/index.php +++ b/htdocs/product/index.php @@ -161,7 +161,10 @@ if ($result) else print img_object($langs->trans("ShowProduct"),"product"); print "rowid\">$objp->ref\n"; print ''; - print '"; + print ""; print '"; diff --git a/htdocs/product/liste.php b/htdocs/product/liste.php index 49b47088111..9df3457a4d0 100644 --- a/htdocs/product/liste.php +++ b/htdocs/product/liste.php @@ -87,9 +87,8 @@ else if (isset($_GET["type"]) || isset($_POST["type"])) { - $type=isset($_GET["type"])?$_GET["type"]:$_POST["type"]; - if ($type) { $texte = $langs->trans("Services"); } - else { $texte = $langs->trans("Products"); } + if ($type==1) { $texte = $langs->trans("Services"); } + else { $texte = $langs->trans("Products"); } } else { $texte = $langs->trans("ProductsAndServices"); } @@ -116,9 +115,14 @@ if ($sall) { $sql .= " AND (p.ref like '%".addslashes($sall)."%' OR p.label like '%".addslashes($sall)."%' OR p.description like '%".addslashes($sall)."%' OR p.note like '%".addslashes($sall)."%')"; } +# if the type is not 1, we show all products (type = 0,2,3) if (strlen($_GET["type"]) || strlen($_POST["type"])) { - $sql .= " AND p.fk_product_type = ".(strlen($_GET["type"])?$_GET["type"]:$_POST["type"]); + if ($type==1) { + $sql .= " AND p.fk_product_type = '1'"; + } else { + $sql .= " AND p.fk_product_type <> '1'"; + } } if ($sref) { diff --git a/htdocs/product/photos.php b/htdocs/product/photos.php index 46834a29d52..2efbc93ceee 100644 --- a/htdocs/product/photos.php +++ b/htdocs/product/photos.php @@ -45,10 +45,6 @@ $mesg = ''; if (!$user->rights->produit->lire) accessforbidden(); -$types[0] = $langs->trans("Product"); -$types[1] = $langs->trans("Service"); - - /* * Actions */ diff --git a/htdocs/product/popuprop.php b/htdocs/product/popuprop.php index 91d1e0b57aa..43f6931ae91 100644 --- a/htdocs/product/popuprop.php +++ b/htdocs/product/popuprop.php @@ -116,7 +116,10 @@ if ($result) else print img_object($langs->trans("ShowProduct"),"product"); print " "; print $objp->ref.''; - print ''; + print ''; print ''; print ''; print "\n"; diff --git a/htdocs/product/price.php b/htdocs/product/price.php index a8baad23ac3..74eee0bb7ba 100644 --- a/htdocs/product/price.php +++ b/htdocs/product/price.php @@ -42,9 +42,6 @@ $user->getrights('produit'); if (!$user->rights->produit->lire) accessforbidden(); -$types[0] = $langs->trans("Product"); -$types[1] = $langs->trans("Service"); - $html = new Form($db); /* diff --git a/htdocs/product/reassort.php b/htdocs/product/reassort.php index 2946a784ee3..a1ce4e55fbd 100644 --- a/htdocs/product/reassort.php +++ b/htdocs/product/reassort.php @@ -101,9 +101,11 @@ if ($sall) { $sql .= " AND (p.ref like '%".addslashes($sall)."%' OR p.label like '%".addslashes($sall)."%' OR p.description like '%".addslashes($sall)."%' OR p.note like '%".addslashes($sall)."%')"; } -if (strlen($_GET["type"]) || strlen($_POST["type"])) +if ($type==1) { - $sql .= " AND p.fk_product_type = ".(strlen($_GET["type"])?$_GET["type"]:$_POST["type"]); + $sql .= " AND p.fk_product_type = '1'; +} else + $sql .= " AND p.fk_product_type <> '1'; } if ($sref) { @@ -154,8 +156,7 @@ if ($resql) if (isset($_GET["type"]) || isset($_POST["type"])) { - $type=isset($_GET["type"])?$_GET["type"]:$_POST["type"]; - if ($type) { $texte = $langs->trans("Services"); } + if ($type==1) { $texte = $langs->trans("Services"); } else { $texte = $langs->trans("Products"); } } else { $texte = $langs->trans("ProductsAndServices"); @@ -189,7 +190,7 @@ if ($resql) print_liste_field_titre($langs->trans("Ref"),"reassort.php", "p.ref","&envente=$envente".(isset($type)?"&type=$type":"")."&fourn_id=$fourn_id&snom=$snom&sref=$sref","","",$sortfield); print_liste_field_titre($langs->trans("Label"),"reassort.php", "p.label","&envente=$envente&".(isset($type)?"&type=$type":"")."&fourn_id=$fourn_id&snom=$snom&sref=$sref","","",$sortfield); print_liste_field_titre($langs->trans("StockAvailable"),"reassort.php", "p.stock_dispo","&envente=$envente&".(isset($type)?"&type=$type":"")."&fourn_id=$fourn_id&snom=$snom&sref=$sref","",'align="right"',$sortfield); - if ($conf->service->enabled && $type != 0) print_liste_field_titre($langs->trans("Duration"),"reassort.php", "p.duration","&envente=$envente&".(isset($type)?"&type=$type":"")."&fourn_id=$fourn_id&snom=$snom&sref=$sref","",'align="center"',$sortfield); + if ($conf->service->enabled && $type == 1) print_liste_field_titre($langs->trans("Duration"),"reassort.php", "p.duration","&envente=$envente&".(isset($type)?"&type=$type":"")."&fourn_id=$fourn_id&snom=$snom&sref=$sref","",'align="center"',$sortfield); print_liste_field_titre($langs->trans("StockInstant"),"reassort.php", "stock","&envente=$envente&".(isset($type)?"&type=$type":"")."&fourn_id=$fourn_id&snom=$snom&sref=$sref","",'align="right"',$sortfield); print_liste_field_titre($langs->trans("Status"),"reassort.php", "p.envente","&envente=$envente&".(isset($type)?"&type=$type":"")."&fourn_id=$fourn_id&snom=$snom&sref=$sref","",'align="right"',$sortfield); print "\n"; @@ -206,7 +207,7 @@ if ($resql) print ''; - if ($conf->service->enabled && $type != 0) + if ($conf->service->enabled && $type == 1) { print ''; print ''; - if ($conf->service->enabled && $type != 0) + if ($conf->service->enabled && $type == 1) { print '"; $nblignes=6; - if ($product->type == 0 && $conf->stock->enabled) $nblignes++; - if ($product->type == 1) $nblignes++; + if ($product->isproduct() && $conf->stock->enabled) $nblignes++; + if ($product->isservice()) $nblignes++; // Reference print '"; $nblignes=6; - if ($product->type == 0 && $conf->stock->enabled) $nblignes++; - if ($product->type == 1) $nblignes++; + if ($product->isproduct() && $conf->stock->enabled) $nblignes++; + if ($product->isservice()) $nblignes++; // Reference print '"; print ''; print ''; diff --git a/htdocs/product/stats/fiche.php b/htdocs/product/stats/fiche.php index 982a42c43fd..fb7cf539c60 100644 --- a/htdocs/product/stats/fiche.php +++ b/htdocs/product/stats/fiche.php @@ -39,9 +39,6 @@ $langs->load("companies"); $langs->load("products"); $langs->load("bills"); -$types[0] = $langs->trans("Product"); -$types[1] = $langs->trans("Service"); - if ($user->societe_id > 0) { $action = ''; @@ -104,7 +101,7 @@ if ($_GET["id"] || $_GET["ref"]) print ''; // Stock - if ($product->type == 0 && $conf->stock->enabled) + if ($product->isproduct() && $conf->stock->enabled) { print ''; if ($product->no_stock) diff --git a/htdocs/product/stats/index.php b/htdocs/product/stats/index.php index 021c4cbd871..aefbab6903f 100644 --- a/htdocs/product/stats/index.php +++ b/htdocs/product/stats/index.php @@ -47,7 +47,7 @@ if ($conf->categorie->enabled && !$user->rights->categorie->voir) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie_product as cp ON cp.fk_product = p.rowid"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie as c ON cp.fk_categorie = c.rowid"; } -$sql .= " WHERE p.fk_product_type = 0"; +$sql .= " WHERE p.fk_product_type <> 1"; if ($conf->categorie->enabled && !$user->rights->categorie->voir) { $sql.= ' AND IFNULL(c.visible,1)=1'; @@ -65,7 +65,7 @@ if ($conf->categorie->enabled && !$user->rights->categorie->voir) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie_product as cp ON cp.fk_product = p.rowid"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie as c ON cp.fk_categorie = c.rowid"; } -$sql .= " WHERE p.envente = 0 AND p.fk_product_type = 0"; +$sql .= " WHERE p.envente = 0 AND p.fk_product_type <> '1'"; if ($conf->categorie->enabled && !$user->rights->categorie->voir) { $sql.= ' AND IFNULL(c.visible,1)=1'; @@ -111,7 +111,7 @@ if ($conf->service->enabled) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie_product as cp ON cp.fk_product = p.rowid"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie as c ON cp.fk_categorie = c.rowid"; } - $sql .= " WHERE p.fk_product_type = 1"; + $sql .= " WHERE p.fk_product_type = '1'"; if ($conf->categorie->enabled && !$user->rights->categorie->voir) { $sql.= ' AND IFNULL(c.visible,1)=1'; @@ -129,7 +129,7 @@ if ($conf->service->enabled) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie_product as cp ON cp.fk_product = p.rowid"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie as c ON cp.fk_categorie = c.rowid"; } - $sql .= " WHERE p.envente = 0 AND p.fk_product_type = 1"; + $sql .= " WHERE p.envente = 0 AND p.fk_product_type = '1'"; if ($conf->categorie->enabled && !$user->rights->categorie->voir) { $sql.= ' AND IFNULL(c.visible,1)=1'; diff --git a/htdocs/product/stock/product.php b/htdocs/product/stock/product.php index 31ac227e925..10189f53297 100644 --- a/htdocs/product/stock/product.php +++ b/htdocs/product/stock/product.php @@ -47,10 +47,6 @@ if (! $user->rights->produit->lire || ! $product->type == 0 || ! $conf->stock->e } -$types[0] = $langs->trans("Product"); -$types[1] = $langs->trans("Service"); - - if ($_POST["action"] == "create_stock") { $product = new Product($db); @@ -231,7 +227,9 @@ if ($_GET["id"] || $_GET["ref"]) print ''; print ''; print ''; - print ''; + print ''; + + print ''; print ''; print '
'; print $langs->trans("Suppliers").' '.dolibarr_trunc($objp->label,40).''.$staticproduct->typeprodser[$objp->fk_product_type].""; + if ($objp->type==1) print $langs->trans("ShowService"); + else print $langs->trans("ShowProduct"); + print "'; print $staticproduct->LibStatut($objp->envente,5); print "'.$staticproduct->typeprodser[$objp->fk_product_type].''; + if ($objp->type==1) print $langs->trans("ShowService"); + else print $langs->trans("ShowProduct"); + print ''.$objp->label.''.$objp->c.'
'; print ''; print ''; print ' '; @@ -265,7 +266,7 @@ if ($resql) print ''.$objp->ref.''.$objp->label.''; if (eregi('([0-9]+)y',$objp->duration,$regs)) print $regs[1].' '.$langs->trans("DurationYear"); diff --git a/htdocs/product/sousproduits/fiche.php b/htdocs/product/sousproduits/fiche.php index 0ca769f6934..ba0f678c987 100644 --- a/htdocs/product/sousproduits/fiche.php +++ b/htdocs/product/sousproduits/fiche.php @@ -59,8 +59,6 @@ if ($action <> 're-edit') if (!$user->rights->produit->lire) accessforbidden(); $html = new Form($db); -$types[0] = $langs->trans("Product"); -$types[1] = $langs->trans("Service"); // Action association d'un sousproduit if ($action == 'add_prod' && @@ -102,7 +100,8 @@ if ($action == 'add_prod' && // action recherche des produits par mot-clé et/ou par catégorie if($action == 'search' ) { - $sql = 'SELECT p.rowid, p.ref, p.label, p.price, p.fk_product_type'; + #$sql = 'SELECT p.rowid, p.ref, p.label, p.price, p.fk_product_type'; + $sql = 'SELECT p.rowid, p.ref, p.label, p.price'; $sql.= ' FROM '.MAIN_DB_PREFIX.'product as p'; if($conf->categorie->enabled && $catMere != -1) { @@ -160,8 +159,8 @@ if ($id || $ref) print "
'.$langs->trans("Ref").''; @@ -220,7 +219,11 @@ if ($id || $ref) if (($action == 'edit' || $action == 'search' || $action == 're-edit') && $user->rights->produit->creer) { - print_fiche_titre($langs->trans('EditAssociate').' '.$types[$product->type].' : '.$product->ref, ""); + if ($product->isservice()) { + print_fiche_titre($langs->trans('EditAssociate').' '.$langs->trans('Service').' : '.$product->ref, ""); + } else { + print_fiche_titre($langs->trans('EditAssociate').' '.$langs->trans('Product').' : '.$product->ref, ""); + } if ($mesg) { print '
'.$mesg.'

'; @@ -231,8 +234,8 @@ if ($id || $ref) print "
'.$langs->trans("Ref").''; @@ -294,6 +297,25 @@ if ($id || $ref) $objp = $db->fetch_object($resql); if($objp->rowid != $id) { + // check if a product is not already a parent product of this one + $prod_arbo=new Product($db,$objp->rowid); + if ($prod_arbo->type==2 || $prod_arbo->type==3) { + $is_pere=0; + $prod_arbo->get_sousproduits_arbo (); + // associations sousproduits + $prods_arbo = $prod_arbo->get_arbo_each_prod(); + if(sizeof($prods_arbo) > 0) { + foreach($prods_arbo as $key => $value) { + if ($value[1]==$id) { + $is_pere=1; + } + } + } + if ($is_pere==1) { + $i++; + continue; + } + } print "\n
'.$objp->ref.''.$objp->label.'
'.$langs->trans("Stock").''.$langs->trans("NumberOfUnit").'
'.$langs->trans("NumberOfUnit").'
 '; print '
'; diff --git a/htdocs/product/traduction.php b/htdocs/product/traduction.php index 7d5ada34a15..39d67870ac2 100644 --- a/htdocs/product/traduction.php +++ b/htdocs/product/traduction.php @@ -40,9 +40,6 @@ $user->getrights('produit'); if (!$user->rights->produit->lire) accessforbidden(); -$types[0] = $langs->trans("Product"); -$types[1] = $langs->trans("Service"); - /* * Actions */