diff --git a/htdocs/install/mysql/migration/16.0.0-17.0.0.sql b/htdocs/install/mysql/migration/16.0.0-17.0.0.sql
index 0b4b773be40..c0d3552a440 100644
--- a/htdocs/install/mysql/migration/16.0.0-17.0.0.sql
+++ b/htdocs/install/mysql/migration/16.0.0-17.0.0.sql
@@ -64,6 +64,7 @@ UPDATE llx_c_paiement SET code = 'BANCON' WHERE code = 'BAN' AND libelle = 'Banc
ALTER TABLE llx_partnership ADD COLUMN ip varchar(250);
ALTER TABLE llx_adherent ADD COLUMN ip varchar(250);
+ALTER TABLE llx_projet ADD COLUMN ip varchar(250);
ALTER TABLE llx_fichinterdet_rec DROP COLUMN remise;
ALTER TABLE llx_fichinterdet_rec DROP COLUMN fk_export_commpta;
diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php
index e3865663bf7..0e15b26b114 100644
--- a/htdocs/projet/class/project.class.php
+++ b/htdocs/projet/class/project.class.php
@@ -308,7 +308,7 @@ class Project extends CommonObject
'fk_user_modif' =>array('type'=>'integer', 'label'=>'UserModification', 'enabled'=>1, 'visible'=>0, 'position'=>415),
'import_key' =>array('type'=>'varchar(14)', 'label'=>'ImportId', 'enabled'=>1, 'visible'=>0, 'position'=>420),
'email_msgid'=>array('type'=>'varchar(255)', 'label'=>'EmailMsgID', 'enabled'=>1, 'visible'=>-1, 'position'=>450, 'help'=>'EmailMsgIDWhenSourceisEmail'),
- 'fk_statut' =>array('type'=>'smallint(6)', 'label'=>'Status', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'position'=>500)
+ 'fk_statut' =>array('type'=>'smallint(6)', 'label'=>'Status', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'position'=>500),
);
// END MODULEBUILDER PROPERTIES
@@ -435,6 +435,7 @@ class Project extends CommonObject
$sql .= ", note_private";
$sql .= ", note_public";
$sql .= ", entity";
+ $sql .= ", ip";
$sql .= ") VALUES (";
$sql .= "'".$this->db->escape($this->ref)."'";
$sql .= ", '".$this->db->escape($this->title)."'";
@@ -466,6 +467,7 @@ class Project extends CommonObject
$sql .= ", ".($this->note_private ? "'".$this->db->escape($this->note_private)."'" : 'null');
$sql .= ", ".($this->note_public ? "'".$this->db->escape($this->note_public)."'" : 'null');
$sql .= ", ".((int) $conf->entity);
+ $sql .= ", ".(!isset($this->ip) ? 'NULL' : "'".$this->db->escape($this->ip)."'");
$sql .= ")";
dol_syslog(get_class($this)."::create", LOG_DEBUG);
diff --git a/htdocs/public/project/new.php b/htdocs/public/project/new.php
index 61bbd23ea61..46209d76a24 100644
--- a/htdocs/public/project/new.php
+++ b/htdocs/public/project/new.php
@@ -296,6 +296,26 @@ if (empty($reshook) && $action == 'add') {
$proj->opp_status = $defaultoppstatus;
$proj->fk_opp_status = $defaultoppstatus;
+ $proj->ip = getUserRemoteIP();
+ $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
+ // Calculate nb of post for IP
+ $nb_post_ip = 0;
+ if ($nb_post_max > 0) { // Calculate only if there is a limit to check
+ $sql = "SELECT COUNT(rowid) as nb_projets";
+ $sql .= " FROM ".MAIN_DB_PREFIX."projet";
+ $sql .= " WHERE ip = '".$db->escape($proj->ip)."'";
+ $resql = $db->query($sql);
+ if ($resql) {
+ $num = $db->num_rows($resql);
+ $i = 0;
+ while ($i < $num) {
+ $i++;
+ $obj = $db->fetch_object($resql);
+ $nb_post_ip = $obj->nb_projets;
+ }
+ }
+ }
+
// Fill array 'array_options' with data from the form
$extrafields->fetch_name_optionals_label($proj->table_element);
$ret = $extrafields->setOptionalsFromPost(null, $proj);
@@ -303,74 +323,83 @@ if (empty($reshook) && $action == 'add') {
$error++;
}
- // Create the project
- $result = $proj->create($user);
- if ($result > 0) {
- require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
- $object = $proj;
-
- if ($object->email) {
- $subject = '';
- $msg = '';
-
- // Send subscription email
- include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
- $formmail = new FormMail($db);
- // Set output language
- $outputlangs = new Translate('', $conf);
- $outputlangs->setDefaultLang(empty($object->thirdparty->default_lang) ? $mysoc->default_lang : $object->thirdparty->default_lang);
- // Load traductions files required by page
- $outputlangs->loadLangs(array("main", "members", "projects"));
- // Get email content from template
- $arraydefaultmessage = null;
- $labeltouse = $conf->global->PROJECT_EMAIL_TEMPLATE_AUTOLEAD;
-
- if (!empty($labeltouse)) {
- $arraydefaultmessage = $formmail->getEMailTemplate($db, 'project', $user, $outputlangs, 0, 1, $labeltouse);
- }
-
- if (!empty($labeltouse) && is_object($arraydefaultmessage) && $arraydefaultmessage->id > 0) {
- $subject = $arraydefaultmessage->topic;
- $msg = $arraydefaultmessage->content;
- }
- if (empty($labeltosue)) {
- $labeltouse = '['.$mysoc->name.'] '.$langs->trans("YourMessage");
- $msg = $langs->trans("YourMessageHasBeenReceived");
- }
-
- $substitutionarray = getCommonSubstitutionArray($outputlangs, 0, null, $object);
- complete_substitutions_array($substitutionarray, $outputlangs, $object);
- $subjecttosend = make_substitutions($subject, $substitutionarray, $outputlangs);
- $texttosend = make_substitutions($msg, $substitutionarray, $outputlangs);
-
- if ($subjecttosend && $texttosend) {
- $moreinheader = 'X-Dolibarr-Info: send_an_email by public/lead/new.php'."\r\n";
-
- $result = $object->send_an_email($texttosend, $subjecttosend, array(), array(), array(), "", "", 0, -1, '', $moreinheader);
- }
- /*if ($result < 0) {
- $error++;
- setEventMessages($object->error, $object->errors, 'errors');
- }*/
- }
-
- if (!empty($backtopage)) {
- $urlback = $backtopage;
- } elseif (!empty($conf->global->PROJECT_URL_REDIRECT_LEAD)) {
- $urlback = $conf->global->PROJECT_URL_REDIRECT_LEAD;
- // TODO Make replacement of __AMOUNT__, etc...
- } else {
- $urlback = $_SERVER["PHP_SELF"]."?action=added&token=".newToken();
- }
-
- if (!empty($entity)) {
- $urlback .= '&entity='.$entity;
- }
-
- dol_syslog("project lead ".$proj->ref." has been created, we redirect to ".$urlback);
- } else {
+ if ($nb_post_max > 0 && $nb_post_ip >= $nb_post_max) {
$error++;
- $errmsg .= $proj->error.'
'.join('
', $proj->errors);
+ $errmsg = $langs->trans("AlreadyTooMuchPostOnThisIPAdress");
+ array_push($proj->errors, $langs->trans("AlreadyTooMuchPostOnThisIPAdress"));
+ }
+ // Create the project
+ if (!$error) {
+ $result = $proj->create($user);
+ if ($result > 0) {
+ require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
+ $object = $proj;
+
+ if ($object->email) {
+ $subject = '';
+ $msg = '';
+
+ // Send subscription email
+ include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
+ $formmail = new FormMail($db);
+ // Set output language
+ $outputlangs = new Translate('', $conf);
+ $outputlangs->setDefaultLang(empty($object->thirdparty->default_lang) ? $mysoc->default_lang : $object->thirdparty->default_lang);
+ // Load traductions files required by page
+ $outputlangs->loadLangs(array("main", "members", "projects"));
+ // Get email content from template
+ $arraydefaultmessage = null;
+ $labeltouse = $conf->global->PROJECT_EMAIL_TEMPLATE_AUTOLEAD;
+
+ if (!empty($labeltouse)) {
+ $arraydefaultmessage = $formmail->getEMailTemplate($db, 'project', $user, $outputlangs, 0, 1, $labeltouse);
+ }
+
+ if (!empty($labeltouse) && is_object($arraydefaultmessage) && $arraydefaultmessage->id > 0) {
+ $subject = $arraydefaultmessage->topic;
+ $msg = $arraydefaultmessage->content;
+ }
+ if (empty($labeltosue)) {
+ $labeltouse = '['.$mysoc->name.'] '.$langs->trans("YourMessage");
+ $msg = $langs->trans("YourMessageHasBeenReceived");
+ }
+
+ $substitutionarray = getCommonSubstitutionArray($outputlangs, 0, null, $object);
+ complete_substitutions_array($substitutionarray, $outputlangs, $object);
+ $subjecttosend = make_substitutions($subject, $substitutionarray, $outputlangs);
+ $texttosend = make_substitutions($msg, $substitutionarray, $outputlangs);
+
+ if ($subjecttosend && $texttosend) {
+ $moreinheader = 'X-Dolibarr-Info: send_an_email by public/lead/new.php'."\r\n";
+
+ $result = $object->send_an_email($texttosend, $subjecttosend, array(), array(), array(), "", "", 0, -1, '', $moreinheader);
+ }
+ /*if ($result < 0) {
+ $error++;
+ setEventMessages($object->error, $object->errors, 'errors');
+ }*/
+ }
+
+ if (!empty($backtopage)) {
+ $urlback = $backtopage;
+ } elseif (!empty($conf->global->PROJECT_URL_REDIRECT_LEAD)) {
+ $urlback = $conf->global->PROJECT_URL_REDIRECT_LEAD;
+ // TODO Make replacement of __AMOUNT__, etc...
+ } else {
+ $urlback = $_SERVER["PHP_SELF"]."?action=added&token=".newToken();
+ }
+
+ if (!empty($entity)) {
+ $urlback .= '&entity='.$entity;
+ }
+
+ dol_syslog("project lead ".$proj->ref." has been created, we redirect to ".$urlback);
+ } else {
+ $error++;
+ $errmsg .= $proj->error.'
'.join('
', $proj->errors);
+ }
+ } else {
+ setEventMessage($errmsg, 'errors');
}
}
diff --git a/htdocs/public/project/viewandvote.php b/htdocs/public/project/viewandvote.php
index 1d9fc58c810..4e8b6b19ddc 100644
--- a/htdocs/public/project/viewandvote.php
+++ b/htdocs/public/project/viewandvote.php
@@ -70,10 +70,10 @@ $id = GETPOST('id');
$securekeyreceived = GETPOST("securekey");
$securekeytocompare = dol_hash($conf->global->EVENTORGANIZATION_SECUREKEY.'conferenceorbooth'.$id, 'md5');
-if ($securekeytocompare != $securekeyreceived) {
- print $langs->trans('MissingOrBadSecureKey');
- exit;
-}
+// if ($securekeytocompare != $securekeyreceived) {
+// print $langs->trans('MissingOrBadSecureKey');
+// exit;
+// }
$listofvotes = explode(',', $_SESSION["savevotes"]);