diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index 186b20a051d..6b651234788 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -2,4 +2,4 @@ open_collective: dolibarr custom: https://wiki.dolibarr.org/index.php/Subscribe -# github: [eldy] \ No newline at end of file +github: [eldy] \ No newline at end of file diff --git a/.tx/config b/.tx/config index dae10d60866..d4ca5e73180 100644 --- a/.tx/config +++ b/.tx/config @@ -170,12 +170,6 @@ source_file = htdocs/langs/en_US/hrm.lang source_lang = en_US type = MOZILLAPROPERTIES -[dolibarr.intracommreport] -file_filter = htdocs/langs//intracommreport.lang -source_file = htdocs/langs/en_US/intracommreport.lang -source_lang = en_US -type = MOZILLAPROPERTIES - [dolibarr.install] file_filter = htdocs/langs//install.lang source_file = htdocs/langs/en_US/install.lang @@ -188,6 +182,12 @@ source_file = htdocs/langs/en_US/interventions.lang source_lang = en_US type = MOZILLAPROPERTIES +[dolibarr.intracommreport] +file_filter = htdocs/langs//intracommreport.lang +source_file = htdocs/langs/en_US/intracommreport.lang +source_lang = en_US +type = MOZILLAPROPERTIES + [dolibarr.knowledgemanagement] file_filter = htdocs/langs//knowledgemanagement.lang source_file = htdocs/langs/en_US/knowledgemanagement.lang @@ -392,18 +392,18 @@ source_file = htdocs/langs/en_US/stripe.lang source_lang = en_US type = MOZILLAPROPERTIES -[dolibarr.suppliers] -file_filter = htdocs/langs//suppliers.lang -source_file = htdocs/langs/en_US/suppliers.lang -source_lang = en_US -type = MOZILLAPROPERTIES - [dolibarr.supplier_proposal] file_filter = htdocs/langs//supplier_proposal.lang source_file = htdocs/langs/en_US/supplier_proposal.lang source_lang = en_US type = MOZILLAPROPERTIES +[dolibarr.suppliers] +file_filter = htdocs/langs//suppliers.lang +source_file = htdocs/langs/en_US/suppliers.lang +source_lang = en_US +type = MOZILLAPROPERTIES + [dolibarr.ticket] file_filter = htdocs/langs//ticket.lang source_file = htdocs/langs/en_US/ticket.lang diff --git a/ChangeLog b/ChangeLog index 66bccd31c06..cd9397939f5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,45 @@ English Dolibarr ChangeLog -------------------------------------------------------------- +***** ChangeLog for 14.0.1 compared to 14.0.0 ***** + +FIX: $conf->task used but it does not exist, use $conf->projet instead +FIX: #18181 +FIX: #18212 : Add url field +FIX: #18267 +FIX: #18289 #18294 +FIX: #18341 lang not loaded +FIX: #18389 Accountancy - Bug on LDcompta10 export for supplier invoice +FIX: #18399 Fix shipment validation email template override. +FIX: Accountancy - Debug Export Sage50 / CIEL Compta / CIEL Compta Evo (Format XIMPORT) +FIX: Accountancy - Rules to delete & modify transaction not applied in ledger & subledger +FIX: Accountancy - Search date on journal +FIX: Accountancy - SQL error on select journal on journal +FIX: Accountancy - SQL error when insert a manuel transaction +FIX: add include missing file '/core/actions_dellink.inc.php' in project card +FIX: avoid to have link to create bookmark on page to create bookmark +FIX: bad approver shown on holiday once approved +FIX: bad closing div on error message +FIX: cannot add time spentd when column ref is not displayed +FIX: Can't remove a permission of a group +FIX: Can't set cost price when product is not on purchase +FIX: compatibility postgresql +FIX: filter on status Draft in modulebuilder +FIX: holiday card: hooks uninitialized +FIX: Invoice - Missing button to reopen an abandoned situation invoice +FIX: Link of download main doc on vat list +FIX: look and field v14 +FIX: Missing column Date validation in ledger & subledger +FIX: on admin/pdf.php (with javascript enabled) if you set some boolean confs then click on "save", all boolean values are reset +FIX: on supplier order, JOIN with product fourn price table must be done with fk_soc too to avoid display several times a same line (because of same supplier product ref) +FIX: postgresql filter select search extrafield +FIX: shipping validation workflow: 'ORDER_NEW' trigger called from wrong object +FIX: show info of company into user dropdown +FIX: totalDayAll hours in tasks +FIX: update product lot +FIX: using Tulip, deposit mask was not saved +FIX: #yogosha6907 + ***** ChangeLog for 15.0.0 compared to 14.0.0 ***** @@ -12,6 +51,9 @@ WARNING: Following changes may create regressions for some external modules, but were necessary to make Dolibarr better: * Update hook 'printOriginObjectLine', removed check on product type and special code. Need now reshook. +* Old deprecated module "SimplePOS" has been completely removed. Use module "TakePOS" is you need a Point Of Sale. + + ***** ChangeLog for 14.0.0 compared to 13.0.0 ***** diff --git a/build/generate_filelist_xml.php b/build/generate_filelist_xml.php index f5d9f64e518..8e7ef3ef46c 100755 --- a/build/generate_filelist_xml.php +++ b/build/generate_filelist_xml.php @@ -48,17 +48,16 @@ $includecustom=0; $includeconstants=array(); if (empty($argv[1])) { - print "Usage: ".$script_file." release=autostable|auto[-mybuild]|x.y.z[-mybuild] [includecustom=1] [includeconstant=CC:MY_CONF_NAME:value]\n"; + print "Usage: ".$script_file." release=autostable|auto[-mybuild]|x.y.z[-mybuild] [includecustom=1] [includeconstant=CC:MY_CONF_NAME:value] [buildzip=1]\n"; print "Example: ".$script_file." release=6.0.0 includecustom=1 includeconstant=FR:INVOICE_CAN_ALWAYS_BE_REMOVED:0 includeconstant=all:MAILING_NO_USING_PHPMAIL:1\n"; exit -1; } -parse_str($argv[1]); $i=0; while ($i < $argc) { if (! empty($argv[$i])) { - parse_str($argv[$i]); + parse_str($argv[$i]); // set all params $release, $includecustom, $includeconstant, $buildzip ... } if (preg_match('/includeconstant=/', $argv[$i])) { $tmp=explode(':', $includeconstant, 3); // $includeconstant has been set with previous parse_str() @@ -125,8 +124,8 @@ print "\n"; //$outputfile=dirname(__FILE__).'/../htdocs/install/filelist-'.$release.'.xml'; $outputdir=dirname(dirname(__FILE__)).'/htdocs/install'; -print 'Delete current files '.$outputdir.'/filelist*.xml'."\n"; -dol_delete_file($outputdir.'/filelist*.xml', 0, 1, 1); +print 'Delete current files '.$outputdir.'/filelist*.xml*'."\n"; +dol_delete_file($outputdir.'/filelist*.xml*', 0, 1, 1); $checksumconcat=array(); @@ -237,6 +236,14 @@ fputs($fp, ''."\n"); fputs($fp, ''."\n"); fclose($fp); -print "File ".$outputfile." generated\n"; +if (empty($buildzip)) { + print "File ".$outputfile." generated\n"; +} else { + $result = dol_compress_file($outputfile, $outputfile.'.zip'); + if ($result > 0) { + dol_delete_file($outputfile); + print "File ".$outputfile.".zip generated\n"; + } +} exit(0); diff --git a/dev/initdata/dbf/import-dbf.php b/dev/initdata/dbf/import-dbf.php deleted file mode 100644 index ba1da9722d6..00000000000 --- a/dev/initdata/dbf/import-dbf.php +++ /dev/null @@ -1,234 +0,0 @@ -#!/usr/bin/env php - - * Copyright (C) 2016 Juanjo Menent - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * - * WARNING, THIS WILL LOAD MASS DATA ON YOUR INSTANCE - */ - -/** - * \file dev/initdata/import-dbf.php - * \brief Script example to create a table from a large DBF file (openoffice) - * To purge data, you can have a look at purge-data.php - */ -// Test si mode batch -$sapi_type = php_sapi_name(); -$script_file = basename(__FILE__); - -$path = dirname(__FILE__) . '/'; -if (substr($sapi_type, 0, 3) == 'cgi') { - echo "Error: You are using PHP for CGI. To execute ".$script_file." from command line, you must use PHP for CLI mode.\n"; - exit; -} - -// Recupere root dolibarr -$path = dirname($_SERVER["PHP_SELF"]); -require $path . "./../htdocs/master.inc.php"; -require $path . "/includes/dbase.class.php"; - -// Global variables -$version = DOL_VERSION; -$confirmed = 1; -$error = 0; - - -/* - * Main - */ - -@set_time_limit(0); -print "***** " . $script_file . " (" . $version . ") pid=" . dol_getmypid() . " *****\n"; -dol_syslog($script_file . " launched with arg " . implode(',', $argv)); - - -$filepath = $argv[1]; -$filepatherr = $filepath . '.err'; -$startchar = empty($argv[2]) ? 0 : (int) $argv[2]; -$deleteTable = empty($argv[3]) ? 1 : 0; -$startlinenb = empty($argv[3]) ? 1 : (int) $argv[3]; -$endlinenb = empty($argv[4]) ? 0 : (int) $argv[4]; - -if (empty($filepath)) { - print "Usage: php $script_file myfilepath.dbf [removeChatColumnName] [startlinenb] [endlinenb]\n"; - print "Example: php $script_file myfilepath.dbf 0 2 1002\n"; - print "\n"; - exit(-1); -} -if (!file_exists($filepath)) { - print "Error: File " . $filepath . " not found.\n"; - print "\n"; - exit(-1); -} - -$ret = $user->fetch('', 'admin'); -if (!$ret > 0) { - print 'A user with login "admin" and all permissions must be created to use this script.' . "\n"; - exit; -} -$user->getrights(); - -// Ask confirmation -if (!$confirmed) { - print "Hit Enter to continue or CTRL+C to stop...\n"; - $input = trim(fgets(STDIN)); -} - -// Open input and output files -$fhandle = dbase_open($filepath, 0); -if (!$fhandle) { - print 'Error: Failed to open file ' . $filepath . "\n"; - exit(1); -} -$fhandleerr = fopen($filepatherr, 'w'); -if (!$fhandleerr) { - print 'Error: Failed to open file ' . $filepatherr . "\n"; - exit(1); -} - -$langs->setDefaultLang($defaultlang); - -$record_numbers = dbase_numrecords($fhandle); -$table_name = substr(basename($filepath), 0, strpos(basename($filepath), '.')); -print 'Info: ' . $record_numbers . " lines in file \n"; -$header = dbase_get_header_info($fhandle); -if ($deleteTable) { - $db->query("DROP TABLE IF EXISTS `$table_name`"); -} -$sqlCreate = "CREATE TABLE IF NOT EXISTS `$table_name` ( `id` INT(11) NOT NULL AUTO_INCREMENT "; -$fieldArray = array("`id`"); -foreach ($header as $value) { - $fieldName = substr(str_replace('_', '', $value['name']), $startchar); - $fieldArray[] = "`$fieldName`"; - $sqlCreate .= ", `" . $fieldName . "` VARCHAR({$value['length']}) NULL DEFAULT NULL "; -} -$sqlCreate .= ", PRIMARY KEY (`id`)) ENGINE = InnoDB"; -$resql = $db->query($sqlCreate); -if ($resql !== false) { - print "Table $table_name created\n"; -} else { - var_dump($db->errno()); - print "Impossible : " . $sqlCreate . "\n"; - die(); -} - -$i = 0; -$nboflines++; - -$fields = implode(',', $fieldArray); -//var_dump($fieldArray);die(); -$maxLength = 0; -for ($i = 1; $i <= $record_numbers; $i++) { - if ($startlinenb && $i < $startlinenb) { - continue; - } - if ($endlinenb && $i > $endlinenb) { - continue; - } - $row = dbase_get_record_with_names($fhandle, $i); - if ($row === false || (isset($row["deleted"]) && $row["deleted"] == '1')) { - continue; - } - $sqlInsert = "INSERT INTO `$table_name`($fields) VALUES (null,"; - array_shift($row); // remove delete column - foreach ($row as $value) { - $sqlInsert .= "'" . $db->escape(utf8_encode($value)) . "', "; - } - replaceable_echo(implode("\t", $row)); - $sqlInsert = rtrim($sqlInsert, ', '); - $sqlInsert .= ")"; - $resql = $db->query($sqlInsert); - if ($resql === false) { - print "Impossible : " . $sqlInsert . "\n"; - var_dump($row, $db->errno()); - die(); - } - // $fields = (object) $row; - // var_dump($fields); - continue; -} -die(); - - - - - -// commit or rollback -print "Nb of lines qualified: " . $nboflines . "\n"; -print "Nb of errors: " . $error . "\n"; -if ($mode != 'confirmforced' && ($error || $mode != 'confirm')) { - print "Rollback any changes.\n"; - $db->rollback(); -} else { - print "Commit all changes.\n"; - $db->commit(); -} - -$db->close(); -fclose($fhandle); -fclose($fhandleerr); - -exit($error); - - -/** - * replaceable_echo - * - * @param string $message Message - * @param int $force_clear_lines Force clear messages - * @return void - */ -function replaceable_echo($message, $force_clear_lines = null) -{ - static $last_lines = 0; - - if (!is_null($force_clear_lines)) { - $last_lines = $force_clear_lines; - } - - $toss = array(); - $status = 0; - $term_width = exec('tput cols', $toss, $status); - if ($status) { - $term_width = 64; // Arbitrary fall-back term width. - } - - $line_count = 0; - foreach (explode("\n", $message) as $line) { - $line_count += count(str_split($line, $term_width)); - } - - // Erasure MAGIC: Clear as many lines as the last output had. - for ($i = 0; $i < $last_lines; $i++) { - // Return to the beginning of the line - echo "\r"; - // Erase to the end of the line - echo "\033[K"; - // Move cursor Up a line - echo "\033[1A"; - // Return to the beginning of the line - echo "\r"; - // Erase to the end of the line - echo "\033[K"; - // Return to the beginning of the line - echo "\r"; - // Can be consolodated into - // echo "\r\033[K\033[1A\r\033[K\r"; - } - - $last_lines = $line_count; - - echo $message . "\n"; -} diff --git a/dev/initdata/dbf/importdb-products.php b/dev/initdata/dbf/importdb-products.php deleted file mode 100644 index 6da24faee4e..00000000000 --- a/dev/initdata/dbf/importdb-products.php +++ /dev/null @@ -1,248 +0,0 @@ -#!/usr/bin/env php - - * Copyright (C) 2016 Juanjo Menent - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * - * WARNING, THIS WILL LOAD MASS DATA ON YOUR INSTANCE - */ - -/** - * \file dev/initdata/import-product.php - * \brief Script example to insert products from a csv file. - * To purge data, you can have a look at purge-data.php - */ -// Test si mode batch -$sapi_type = php_sapi_name(); -$script_file = basename(__FILE__); -$path = dirname(__FILE__) . '/'; -if (substr($sapi_type, 0, 3) == 'cgi') { - echo "Error: You are using PHP for CGI. To execute ".$script_file." from command line, you must use PHP for CLI mode.\n"; - exit; -} - -// Recupere root dolibarr -$path = preg_replace('/importdb-products.php/i', '', $_SERVER["PHP_SELF"]); -require $path . "../../htdocs/master.inc.php"; -require $path . "includes/dbase.class.php"; -include_once DOL_DOCUMENT_ROOT . '/societe/class/societe.class.php'; -include_once DOL_DOCUMENT_ROOT . '/product/class/product.class.php'; - -//$delimiter = ','; -//$enclosure = '"'; -//$linelength = 10000; -//$escape = '/'; -// Global variables -$version = DOL_VERSION; -$confirmed = 1; -$error = 0; - -$tvas = [ - '1' => "20.00", - '2' => "5.50", - '3' => "0.00", - '4' => "20.60", - '5' => "19.60", -]; -$tvasD = [ - '1' => "20", - '2' => "5.5", - '3' => "0", - '4' => "20", - '5' => "20", -]; - -/* - * Main - */ - -@set_time_limit(0); -print "***** " . $script_file . " (" . $version . ") pid=" . dol_getmypid() . " *****\n"; -dol_syslog($script_file . " launched with arg " . implode(',', $argv)); - -$table = $argv[1]; - -if (empty($argv[1])) { - print "Error: Which table ?\n"; - print "\n"; - exit(-1); -} - -$ret = $user->fetch('', 'admin'); -if (!$ret > 0) { - print 'A user with login "admin" and all permissions must be created to use this script.' . "\n"; - exit; -} - -$sql = "SELECT * FROM `$table` WHERE 1"; -$resql = $db->query($sql); -if ($resql) { - while ($fields = $db->fetch_array($resql)) { - $errorrecord = 0; - if ($fields === false) { - continue; - } - $nboflines++; - - $produit = new Product($db); - $produit->type = 0; - $produit->status = 1; - $produit->ref = trim($fields['REF']); - if ($produit->ref == '') { - continue; - } - print "Process line nb " . $j . ", ref " . $produit->ref; - $produit->label = trim($fields['LIBELLE']); - if ($produit->label == '') { - $produit->label = $produit->ref; - } - if (empty($produit->label)) { - continue; - } - //$produit->description = trim($fields[4] . "\n" . ($fields[5] ? $fields[5] . ' x ' . $fields[6] . ' x ' . $fields[7] : '')); - // $produit->volume = price2num($fields[8]); - // $produit->volume_unit = 0; - $produit->weight = price2num($fields['MASSE']); - $produit->weight_units = 0; // -3 = g - //$produit->customcode = $fields[10]; - $produit->barcode = str_pad($fields['CODE'], 12, "0", STR_PAD_LEFT); - $produit->barcode_type = '2'; - $produit->import_key = $fields['CODE']; - - $produit->status = 1; - $produit->status_buy = 1; - - $produit->finished = 1; - - // $produit->multiprices[0] = price2num($fields['TARIF0']); - // $produit->multiprices[1] = price2num($fields['TARIF1']); - // $produit->multiprices[2] = price2num($fields['TARIF2']); - // $produit->multiprices[3] = price2num($fields['TARIF3']); - // $produit->multiprices[4] = price2num($fields['TARIF4']); - // $produit->multiprices[5] = price2num($fields['TARIF5']); - // $produit->multiprices[6] = price2num($fields['TARIF6']); - // $produit->multiprices[7] = price2num($fields['TARIF7']); - // $produit->multiprices[8] = price2num($fields['TARIF8']); - // $produit->multiprices[9] = price2num($fields['TARIF9']); - // $produit->price_min = null; - // $produit->price_min_ttc = null; - // $produit->price = price2num($fields[11]); - // $produit->price_ttc = price2num($fields[12]); - // $produit->price_base_type = 'TTC'; - // $produit->tva_tx = price2num($fields[13]); - $produit->tva_tx = (int) ($tvas[$fields['CODTVA']]); - $produit->tva_npr = 0; - // $produit->cost_price = price2num($fields[16]); - //compta - - $produit->accountancy_code_buy = trim($fields['COMACH']); - $produit->accountancy_code_sell = trim($fields['COMVEN']); - // $produit->accountancy_code_sell_intra=trim($fields['COMVEN']); - // $produit->accountancy_code_sell_export=trim($fields['COMVEN']); - // Extrafields - // $produit->array_options['options_ecotaxdeee'] = price2num($fields[17]); - - $produit->seuil_stock_alerte = $fields['STALERTE']; - $ret = $produit->create($user, 0); - if ($ret < 0) { - print " - Error in create result code = " . $ret . " - " . $produit->errorsToString(); - $errorrecord++; - } else { - print " - Creation OK with ref " . $produit->ref . " - id = " . $ret; - } - - dol_syslog("Add prices"); - - // If we use price level, insert price for each level - if (!$errorrecord && 1) { - //$ret1 = $produit->updatePrice($produit->price_ttc, $produit->price_base_type, $user, $produit->tva_tx, $produit->price_min, 1, $produit->tva_npr, 0, 0, array()); - $ret1 = false; - for ($i = 0; $i < 10; $i++) { - if ($fields['TARIF' . ($i)] == 0) { - continue; - } - $ret1 = $ret1 || $produit->updatePrice(price2num($fields['TARIF' . ($i)]), 'HT', $user, $produit->tva_tx, $produit->price_min, $i + 1, $produit->tva_npr, 0, 0, array()) < 0; - } - if ($ret1) { - print " - Error in updatePrice result " . $produit->errorsToString(); - $errorrecord++; - } else { - print " - updatePrice OK"; - } - } - - - // dol_syslog("Add multilangs"); - // Add alternative languages - // if (!$errorrecord && 1) { - // $produit->multilangs['fr_FR'] = array('label' => $produit->label, 'description' => $produit->description, 'note' => $produit->note_private); - // $produit->multilangs['en_US'] = array('label' => $fields[3], 'description' => $produit->description, 'note' => $produit->note_private); - // - // $ret = $produit->setMultiLangs($user); - // if ($ret < 0) { - // print " - Error in setMultiLangs result code = " . $ret . " - " . $produit->errorsToString(); - // $errorrecord++; - // } else { - // print " - setMultiLangs OK"; - // } - // } - - - dol_syslog("Add stocks"); - // stocks - if (!$errorrecord && $fields['STOCK'] != 0) { - $rets = $produit->correct_stock($user, 1, $fields['STOCK'], 0, 'Stock importé'); - if ($rets < 0) { - print " - Error in correct_stock result " . $produit->errorsToString(); - $errorrecord++; - } else { - print " - correct_stock OK"; - } - } - - //update date créa - if (!$errorrecord) { - $date = substr($fields['DATCREA'], 0, 4) . '-' . substr($fields['DATCREA'], 4, 2) . '-' . substr($fields['DATCREA'], 6, 2); - $retd = $db->query("UPDATE `llx_product` SET `datec` = '$date 00:00:00' WHERE `llx_product`.`rowid` = $produit->id"); - if ($retd < 1) { - print " - Error in update date créa result " . $produit->errorsToString(); - $errorrecord++; - } else { - print " - update date créa OK"; - } - } - print "\n"; - - if ($errorrecord) { - print( 'Error on record nb ' . $i . " - " . $produit->errorsToString() . "\n"); - var_dump($db); - die(); - $error++; // $errorrecord will be reset - } - $j++; - } -} else { - die("error : $sql"); -} - - - - -// commit or rollback -print "Nb of lines qualified: " . $nboflines . "\n"; -print "Nb of errors: " . $error . "\n"; -$db->close(); - -exit($error); diff --git a/dev/initdata/dbf/importdb-thirdparties.php b/dev/initdata/dbf/importdb-thirdparties.php deleted file mode 100644 index ecb1820fad1..00000000000 --- a/dev/initdata/dbf/importdb-thirdparties.php +++ /dev/null @@ -1,365 +0,0 @@ -#!/usr/bin/env php - - * Copyright (C) 2016 Juanjo Menent - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * - * WARNING, THIS WILL LOAD MASS DATA ON YOUR INSTANCE - */ - -/** - * \file dev/initdata/import-product.php - * \brief Script example to insert products from a csv file. - * To purge data, you can have a look at purge-data.php - */ -// Test si mode batch -$sapi_type = php_sapi_name(); -$script_file = basename(__FILE__); -$path = dirname(__FILE__) . '/'; -if (substr($sapi_type, 0, 3) == 'cgi') { - echo "Error: You are using PHP for CGI. To execute ".$script_file." from command line, you must use PHP for CLI mode.\n"; - exit; -} - -// Recupere root dolibarr -$path = preg_replace('/importdb-thirdparties.php/i', '', $_SERVER["PHP_SELF"]); -require $path . "../../htdocs/master.inc.php"; -require $path . "includes/dbase.class.php"; -include_once DOL_DOCUMENT_ROOT . '/societe/class/societe.class.php'; -include_once DOL_DOCUMENT_ROOT . '/product/class/product.class.php'; - -//$delimiter = ','; -//$enclosure = '"'; -//$linelength = 10000; -//$escape = '/'; -// Global variables -$version = DOL_VERSION; -$confirmed = 1; -$error = 0; - -$civilPrivate = array("MLLE", - "MM", - "MM/MADAME", - "MME", - "MME.", - "MME²", - "MMONSIEUR", - "MMR", - "MOBNSIEUR", - "MOMSIEUR", - "MON SIEUR", - "MONDIAL", - "MONIEUR", - "MONJSIEUR", - "MONNSIEUR", - "MONRIEUR", - "MONS", - "MONSIEÕR", - "MONSIER", - "MONSIERU", - "MONSIEU", - "monsieue", - "MONSIEUR", - "Monsieur     \"", - "MONSIEUR    \"", - "MONSIEUR   E", - "MONSIEUR  DENIS", - "MONSIEUR ET MME", - "MONSIEUR!", - "MONSIEUR.", - "MONSIEUR.MADAME", - "MONSIEUR3", - "MONSIEURN", - "MONSIEURT", - "MONSIEUR£", - "MONSIEYR", - "Monsigur", - "MONSIIEUR", - "MONSIUER", - "MONSIZEUR", - "MOPNSIEUR", - "MOSIEUR", - "MR", - "Mr  Mme", - "Mr - MME", - "MR BLANC", - "MR ET MME", - "mr mm", - "MR OU MME", - "Mr.", - "MR/MME", - "MRME", - "MRR", - "Mrs", - "Mademoiselle", - "MADAOME", - "madamme", - "MADAME", - "M0NSIEUR", - "M.et Madame", - "M. ET MR", - "M.", - "M%", - "M MME", - "M ET MME", - "M", - "M CROCE", - "M DIEVART", -); - -/* - * Main - */ - -@set_time_limit(0); -print "***** " . $script_file . " (" . $version . ") pid=" . dol_getmypid() . " *****\n"; -dol_syslog($script_file . " launched with arg " . implode(',', $argv)); - -$table = $argv[1]; - -if (empty($argv[1])) { - print "Error: Quelle table ?\n"; - print "\n"; - exit(-1); -} - -$ret = $user->fetch('', 'admin'); -if (!$ret > 0) { - print 'A user with login "admin" and all permissions must be created to use this script.' . "\n"; - exit; -} - -$sql = "SELECT * FROM `$table` WHERE 1 "; //ORDER BY REMISE DESC,`LCIVIL` DESC"; -$resql = $db->query($sql); -//$db->begin(); -if ($resql) { - while ($fields = $db->fetch_array($resql)) { - $i++; - $errorrecord = 0; - - if ($startlinenb && $i < $startlinenb) { - continue; - } - if ($endlinenb && $i > $endlinenb) { - continue; - } - - $nboflines++; - - $object = new Societe($db); - $object->import_key = $fields['CODE']; - $object->state = 1; - $object->client = 3; - $object->fournisseur = 0; - - $object->name = $fields['FCIVIL'] . ' ' . $fields['FNOM']; - //$object->name_alias = $fields[0] != $fields[13] ? trim($fields[0]) : ''; - - $date = $fields['DATCREA'] ? $fields['DATCREA'] : ($fields['DATMOD'] ? $fields['DATMOD'] : '20200101'); - $object->code_client = 'CU' . substr($date, 2, 2) . substr($date, 4, 2) . '-' . str_pad(substr($fields['CODE'], 0, 5), 5, "0", STR_PAD_LEFT); - - - $object->address = trim($fields['FADR1']); - if ($fields['FADR2']) { - $object->address .= "\n" . trim($fields['FADR2']); - } - if ($fields['FADR3']) { - $object->address .= "\n" . trim($fields['FADR3']); - } - - $object->zip = trim($fields['FPOSTE']); - $object->town = trim($fields['FVILLE']); - if ($fields['FPAYS']) { - $object->country_id = dol_getIdFromCode($db, trim(ucwords(strtolower($fields['FPAYS']))), 'c_country', 'label', 'rowid'); - } else { - $object->country_id = 1; - } - $object->phone = trim($fields['FTEL']) ? trim($fields['FTEL']) : trim($fields['FCONTACT']); - $object->phone = substr($object->phone, 0, 20); - $object->fax = trim($fields['FFAX']) ? trim($fields['FFAX']) : trim($fields['FCONTACT']); - $object->fax = substr($object->fax, 0, 20); - $object->email = trim($fields['FMAIL']); - // $object->idprof2 = trim($fields[29]); - $object->tva_intra = str_replace(['.', ' '], '', $fields['TVAINTRA']); - $object->tva_intra = substr($object->tva_intra, 0, 20); - $object->default_lang = 'fr_FR'; - - $object->cond_reglement_id = dol_getIdFromCode($db, 'PT_ORDER', 'c_payment_term', 'code', 'rowid', 1); - $object->multicurrency_code = 'EUR'; - - if ($fields['REMISE'] != '0.00') { - $object->remise_percent = abs($fields['REMISE']); - } - - // $object->code_client = $fields[9]; - // $object->code_fournisseur = $fields[10]; - - - if ($fields['FCIVIL']) { - $labeltype = in_array($fields['FCIVIL'], $civilPrivate) ? 'TE_PRIVATE' : 'TE_SMALL'; - $object->typent_id = dol_getIdFromCode($db, $labeltype, 'c_typent', 'code'); - } - - // Set price level - $object->price_level = $fields['TARIF'] + 1; - // if ($labeltype == 'Revendeur') - // $object->price_level = 2; - - print "Process line nb " . $i . ", code " . $fields['CODE'] . ", name " . $object->name; - - - // Extrafields - $object->array_options['options_banque'] = $fields['BANQUE']; - $object->array_options['options_banque2'] = $fields['BANQUE2']; - $object->array_options['options_banquevalid'] = $fields['VALID']; - - if (!$errorrecord) { - $ret = $object->create($user); - if ($ret < 0) { - print " - Error in create result code = " . $ret . " - " . $object->errorsToString(); - $errorrecord++; - var_dump($object->code_client, $db); - die(); - } else { - print " - Creation OK with name " . $object->name . " - id = " . $ret; - } - } - - if (!$errorrecord) { - dol_syslog("Set price level"); - $object->set_price_level($object->price_level, $user); - } - if (!$errorrecord && @$object->remise_percent) { - dol_syslog("Set remise client"); - $object->set_remise_client($object->remise_percent, 'Importé', $user); - } - - dol_syslog("Add contact"); - // Insert an invoice contact if there is an invoice email != standard email - if (!$errorrecord && ($fields['LCIVIL'] || $fields['LNOM'])) { - $madame = array("MADAME", - "MADEMOISELLE", - "MELLE", - "MLLE", - "MM", - "Mme", - "MNE", - ); - $monsieur = array("M", - "M ET MME", - "M MME", - "M.", - "M. MME", - "M. OU Mme", - "M.ou Madame", - "MONSEUR", - "MONSIER", - "MONSIEU", - "MONSIEUR", - "monsieur:mme", - "MONSIEUR¨", - "MONSIEZUR", - "MONSIUER", - "MONSKIEUR", - "MR", - ); - $ret1 = $ret2 = 0; - - $contact = new Contact($db); - if (in_array($fields['LCIVIL'], $madame)) { - // une dame - $contact->civility_id = 'MME'; - $contact->lastname = $fields['LNOM']; - } elseif (in_array($fields['LCIVIL'], $monsieur)) { - // un monsieur - $contact->civility_id = 'MR'; - $contact->lastname = $fields['LNOM']; - } elseif (in_array($fields['LCIVIL'], ['DOCTEUR'])) { - // un monsieur - $contact->civility_id = 'DR'; - $contact->lastname = $fields['LNOM']; - } else { - // un a rattraper - $contact->lastname = $fields['LCIVIL'] . " " . $fields['LNOM']; - } - $contact->address = trim($fields['LADR1']); - if ($fields['LADR2']) { - $contact->address .= "\n" . trim($fields['LADR2']); - } - if ($fields['LADR3']) { - $contact->address .= "\n" . trim($fields['LADR3']); - } - - $contact->zip = trim($fields['LPOSTE']); - $contact->town = trim($fields['LVILLE']); - if ($fields['FPAYS']) { - $contact->country_id = dol_getIdFromCode($db, trim(ucwords(strtolower($fields['LPAYS']))), 'c_country', 'label', 'rowid'); - } else { - $contact->country_id = 1; - } - $contact->email = $fields['LMAIL']; - $contact->phone = trim($fields['LTEL']) ? trim($fields['LTEL']) : trim($fields['LCONTACT']); - $contact->fax = trim($fields['LFAX']) ? trim($fields['LFAX']) : trim($fields['LCONTACT']); - $contact->socid = $object->id; - - $ret1 = $contact->create($user); - if ($ret1 > 0) { - //$ret2=$contact->add_contact($object->id, 'BILLING'); - } - if ($ret1 < 0 || $ret2 < 0) { - print " - Error in create contact result code = " . $ret1 . " " . $ret2 . " - " . $contact->errorsToString(); - $errorrecord++; - } else { - print " - create contact OK"; - } - } - - - //update date créa - if (!$errorrecord) { - $datec = substr($date, 0, 4) . '-' . substr($date, 4, 2) . '-' . substr($date, 6, 2); - $retd = $db->query("UPDATE `llx_societe` SET `datec` = '$datec 00:00:00' WHERE `rowid` = $object->id"); - if ($retd < 1) { - print " - Error in update date créa result " . $object->errorsToString(); - $errorrecord++; - } else { - print " - update date créa OK"; - } - } - print "\n"; - - if ($errorrecord) { - print( 'Error on record nb ' . $i . " - " . $object->errorsToString() . "\n"); - var_dump($db, $object, $contact); - // $db->rollback(); - die(); - $error++; // $errorrecord will be reset - } - $j++; - } -} else { - die("error : $sql"); -} - -$db->commit(); - - - -// commit or rollback -print "Nb of lines qualified: " . $nboflines . "\n"; -print "Nb of errors: " . $error . "\n"; -$db->close(); - -exit($error); diff --git a/dev/initdata/dbf/includes/dbase.class.php b/dev/initdata/dbf/includes/dbase.class.php deleted file mode 100644 index a225d67cde9..00000000000 --- a/dev/initdata/dbf/includes/dbase.class.php +++ /dev/null @@ -1,599 +0,0 @@ -fd = $fd; - // Byte 4-7 (32-bit number): Number of records in the database file. Currently 0 - fseek($this->fd, 4, SEEK_SET); - $this->recordCount = self::getInt32($fd); - // Byte 8-9 (16-bit number): Number of bytes in the header. - fseek($this->fd, 8, SEEK_SET); - $this->headerLength = self::getInt16($fd); - // Number of fields is (headerLength - 33) / 32) - $this->fieldCount = ($this->headerLength - 33) / 32; - // Byte 10-11 (16-bit number): Number of bytes in record. - fseek($this->fd, 10, SEEK_SET); - $this->recordLength = self::getInt16($fd); - // Byte 32 - n (32 bytes each): Field descriptor array - fseek($fd, 32, SEEK_SET); - for ($i = 0; $i < $this->fieldCount; $i++) { - $data = fread($this->fd, 32); - $field = array_map('trim', unpack('a11name/a1type/c4/c1length/c1precision/s1workid/c1example/c10/c1production', $data)); - $this->fields[] = $field; - } - } - - /** - * dbase_close - * @return void - */ - public function close() - { - fclose($this->fd); - } - - // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps - /** - * dbase_get_header_info - * @return array - */ - public function get_header_info() - { - // phpcs:disable - return $this->fields; - } - - /** - * dbase_numfields - * @return int - */ - public function numfields() - { - return $this->fieldCount; - } - - /** - * dbase_numrecords - * @return int - */ - public function numrecords() - { - return $this->recordCount; - } - - // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps - /** - * dbase_add_record - * @param array $record record - * @return bool - */ - public function add_record($record) - { - // phpcs:enable - if (count($record) != $this->fieldCount) { - return false; - } - // Seek to end of file, minus the end of file marker - fseek($this->fd, 0, SEEK_END); - // Put the deleted flag - self::putChar8($this->fd, 0x20); - // Put the record - if (!$this->putRecord($record)) { - return false; - } - // Update the record count - fseek($this->fd, 4); - self::putInt32($this->fd, ++$this->recordCount); - return true; - } - - // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps - /** - * dbase_replace_record - * @param array $record record - * @param int $record_number record number - * @return bool - */ - public function replace_record($record, $record_number) - { - // phpcs:enable - if (count($record) != $this->fieldCount) { - return false; - } - if ($record_number < 1 || $record_number > $this->recordCount) { - return false; - } - // Skip to the record location, plus the 1 byte for the deleted flag - fseek($this->fd, $this->headerLength + ($this->recordLength * ($record_number - 1)) + 1); - return $this->putRecord($record); - } - - // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps - /** - * dbase_delete_record - * @param int $record_number record number - * @return bool - */ - public function delete_record($record_number) - { - // phpcs:enable - if ($record_number < 1 || $record_number > $this->recordCount) { - return false; - } - fseek($this->fd, $this->headerLength + ($this->recordLength * ($record_number - 1))); - self::putChar8($this->fd, 0x2A); - return true; - } - - // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps - /** - * dbase_get_record - * @param int $record_number record number - * @return array - */ - public function get_record($record_number) - { - // phpcs:enable - if ($record_number < 1 || $record_number > $this->recordCount) { - return false; - } - fseek($this->fd, $this->headerLength + ($this->recordLength * ($record_number - 1))); - $record = array( - 'deleted' => self::getChar8($this->fd) == 0x2A ? 1 : 0 - ); - foreach ($this->fields as $i => &$field) { - $value = trim(fread($this->fd, $field['length'])); - if ($field['type'] == 'L') { - $value = strtolower($value); - if ($value == 't' || $value == 'y') { - $value = true; - } elseif ($value == 'f' || $value == 'n') { - $value = false; - } else { - $value = null; - } - } - $record[$i] = $value; - } - return $record; - } - - // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps - /** - * dbase_get_record_with_names - * @param int $record_number record number - * @return array - */ - public function get_record_with_names($record_number) - { - // phpcs:enable - if ($record_number < 1 || $record_number > $this->recordCount) { - return false; - } - $record = $this->get_record($record_number); - foreach ($this->fields as $i => &$field) { - $record[$field['name']] = $record[$i]; - unset($record[$i]); - } - return $record; - } - - /** - * dbase_pack - * @return void - */ - public function pack() - { - $in_offset = $out_offset = $this->headerLength; - $new_count = 0; - $rec_count = $this->recordCount; - while ($rec_count > 0) { - fseek($this->fd, $in_offset, SEEK_SET); - $record = fread($this->fd, $this->recordLength); - $deleted = substr($record, 0, 1); - if ($deleted != '*') { - fseek($this->fd, $out_offset, SEEK_SET); - fwrite($this->fd, $record); - $out_offset += $this->recordLength; - $new_count++; - } - $in_offset += $this->recordLength; - $rec_count--; - } - ftruncate($this->fd, $out_offset); - // Update the record count - fseek($this->fd, 4); - self::putInt32($this->fd, $new_count); - } - - /* - * A few utilitiy functions - */ - - /** - * @param string $field field - * @return int - */ - private static function length($field) - { - switch ($field[1]) { - case 'D': // Date: Numbers and a character to separate month, day, and year (stored internally as 8 digits in YYYYMMDD format) - return 8; - case 'T': // DateTime (YYYYMMDDhhmmss.uuu) (FoxPro) - return 18; - case 'M': // Memo (ignored): All ASCII characters (stored internally as 10 digits representing a .dbt block number, right justified, padded with whitespaces) - case 'N': // Number: -.0123456789 (right justified, padded with whitespaces) - case 'F': // Float: -.0123456789 (right justified, padded with whitespaces) - case 'C': // String: All ASCII characters (padded with whitespaces up to the field's length) - return $field[2]; - case 'L': // Boolean: YyNnTtFf? (? when not initialized) - return 1; - } - return 0; - } - - /* - * Functions for reading and writing bytes - */ - - /** - * getChar8 - * @param mixed $fd file descriptor - * @return int - */ - private static function getChar8($fd) - { - return ord(fread($fd, 1)); - } - - /** - * putChar8 - * @param mixed $fd file descriptor - * @param mixed $value value - * @return bool - */ - private static function putChar8($fd, $value) - { - return fwrite($fd, chr($value)); - } - - /** - * getInt16 - * @param mixed $fd file descriptor - * @param int $n n - * @return bool - */ - private static function getInt16($fd, $n = 1) - { - $data = fread($fd, 2 * $n); - $i = unpack("S$n", $data); - if ($n == 1) { - return (int) $i[1]; - } else { - return array_merge($i); - } - } - - /** - * putInt16 - * @param mixed $fd file descriptor - * @param mixed $value value - * @return bool - */ - private static function putInt16($fd, $value) - { - return fwrite($fd, pack('S', $value)); - } - - /** - * getInt32 - * @param mixed $fd file descriptor - * @param int $n n - * @return bool - */ - private static function getInt32($fd, $n = 1) - { - $data = fread($fd, 4 * $n); - $i = unpack("L$n", $data); - if ($n == 1) { - return (int) $i[1]; - } else { - return array_merge($i); - } - } - - /** - * putint32 - * @param mixed $fd file descriptor - * @param mixed $value value - * @return bool - */ - private static function putInt32($fd, $value) - { - return fwrite($fd, pack('L', $value)); - } - - /** - * putString - * @param mixed $fd file descriptor - * @param mixed $value value - * @param int $length length - * @return bool - */ - private static function putString($fd, $value, $length = 254) - { - $ret = fwrite($fd, pack('A' . $length, $value)); - } - - /** - * putRecord - * @param mixed $record record - * @return bool - */ - private function putRecord($record) - { - foreach ($this->fields as $i => &$field) { - $value = $record[$i]; - // Number types are right aligned with spaces - if ($field['type'] == 'N' || $field['type'] == 'F' && strlen($value) < $field['length']) { - $value = str_repeat(' ', $field['length'] - strlen($value)) . $value; - } - self::putString($this->fd, $value, $field['length']); - } - return true; - } -} - -if (!function_exists('dbase_open')) { - /** - * dbase_open - * @param string $filename filename - * @param int $mode mode - * @return DBase - */ - function dbase_open($filename, $mode) - { - return DBase::open($filename, $mode); - } - - /** - * dbase_create - * @param string $filename filename - * @param array $fields fields - * @param int $type type - * @return DBase - */ - function dbase_create($filename, $fields, $type = DBASE_TYPE_DBASE) - { - return DBase::create($filename, $fields, $type); - } - - /** - * dbase_close - * @param Resource $dbase_identifier dbase identifier - * @return bool - */ - function dbase_close($dbase_identifier) - { - return $dbase_identifier->close(); - } - - /** - * dbase_get_header_info - * @param Resource $dbase_identifier dbase identifier - * @return string - */ - function dbase_get_header_info($dbase_identifier) - { - return $dbase_identifier->get_header_info(); - } - - /** - * dbase_numfields - * @param Resource $dbase_identifier dbase identifier - * @return int - */ - function dbase_numfields($dbase_identifier) - { - $dbase_identifier->numfields(); - } - - /** - * dbase_numrecords - * @param Resource $dbase_identifier dbase identifier - * @return int - */ - function dbase_numrecords($dbase_identifier) - { - return $dbase_identifier->numrecords(); - } - - /** - * dbase_add_record - * @param Resource $dbase_identifier dbase identifier - * @param array $record record - * @return bool - */ - function dbase_add_record($dbase_identifier, $record) - { - return $dbase_identifier->add_record($record); - } - - /** - * dbase_delete_record - * @param Resource $dbase_identifier dbase identifier - * @param int $record_number record number - * @return bool - */ - function dbase_delete_record($dbase_identifier, $record_number) - { - return $dbase_identifier->delete_record($record_number); - } - - /** - * dbase_replace_record - * @param Resource $dbase_identifier dbase identifier - * @param array $record record - * @param int $record_number record number - * @return bool - */ - function dbase_replace_record($dbase_identifier, $record, $record_number) - { - return $dbase_identifier->replace_record($record, $record_number); - } - - /** - * dbase_get_record - * @param Resource $dbase_identifier dbase identifier - * @param int $record_number record number - * @return bool - */ - function dbase_get_record($dbase_identifier, $record_number) - { - return $dbase_identifier->get_record($record_number); - } - - /** - * dbase_get_record_with_names - * @param Resource $dbase_identifier dbase identifier - * @param int $record_number record number - * @return bool - */ - function dbase_get_record_with_names($dbase_identifier, $record_number) - { - return $dbase_identifier->get_record_with_names($record_number); - } - - /** - * dbase_pack - * @param Resource $dbase_identifier dbase identifier - * @return bool - */ - function dbase_pack($dbase_identifier) - { - return $dbase_identifier->pack(); - } -} diff --git a/dev/tools/fixaltlanguages.sh b/dev/tools/fixaltlanguages.sh index 955552940a9..5ed9f704df9 100755 --- a/dev/tools/fixaltlanguages.sh +++ b/dev/tools/fixaltlanguages.sh @@ -50,6 +50,10 @@ then then aaupper="SA" fi + if [ $bb = "IQ" ] + then + aaupper="SA" + fi bblower=`echo $dirshort | nawk -F"_" '{ print tolower($2) }'` @@ -57,23 +61,29 @@ then if [ "$aa" != "$bblower" -a "$dirshort" != "en_US" ] then reflang="htdocs/langs/"$aa"_"$aaupper - if [ -d $reflang -a $aa"_"$bb != $aa"_"$aaupper ] + echo $reflang" "$aa"_"$bb != $aa"_"$aaupper + + # If $reflang is a main language to use to sanitize the alternative file + if [ -d $reflang ] then - echo "***** Search original into "$reflang - echo $dirshort is an alternative language of $reflang - echo ./dev/translation/strip_language_file.php $aa"_"$aaupper $aa"_"$bb $2 - ./dev/translation/strip_language_file.php $aa"_"$aaupper $aa"_"$bb $2 - for fic in `ls htdocs/langs/${aa}_${bb}/*.delta`; do f=`echo $fic | sed -e 's/\.delta//'`; echo $f; mv $f.delta $f; done - for fic in `ls htdocs/langs/${aa}_${bb}/*.lang`; - do f=`cat $fic | wc -l`; - #echo $f lines into file $fic; - if [ $f = 1 ] - then - echo Only one line remainging into file $fic, we delete it; - rm $fic - fi; - done - fi + if [ $aa"_"$bb != $aa"_"$aaupper ] + then + echo "***** Search original into "$reflang + echo $dirshort is an alternative language of $reflang + echo ./dev/translation/strip_language_file.php $aa"_"$aaupper $aa"_"$bb $2 + ./dev/translation/strip_language_file.php $aa"_"$aaupper $aa"_"$bb $2 + for fic in `ls htdocs/langs/${aa}_${bb}/*.delta`; do f=`echo $fic | sed -e 's/\.delta//'`; echo $f; mv $f.delta $f; done + for fic in `ls htdocs/langs/${aa}_${bb}/*.lang`; + do f=`cat $fic | wc -l`; + #echo $f lines into file $fic; + if [ $f = 1 ] + then + echo Only one line remainging into file $fic, we delete it; + rm $fic + fi; + done + fi + fi fi done; fi diff --git a/dev/translation/strip_language_file.php b/dev/translation/strip_language_file.php index f3287db6128..3467b648457 100755 --- a/dev/translation/strip_language_file.php +++ b/dev/translation/strip_language_file.php @@ -177,7 +177,7 @@ foreach ($filesToProcess as $fileToProcess) { // Start reading and parsing English - + $aEnglish = array(); if ($handle = fopen($lEnglishFile, 'r')) { print "Read English File $lEnglishFile:\n"; $cnt = 0; @@ -246,6 +246,9 @@ foreach ($filesToProcess as $fileToProcess) { fwrite($oh, "# Dolibarr language file - Source file is en_US - ".(preg_replace('/\.lang$/', '', $fileToProcess))."\n"); + $fileFirstFound = array(); + $lineFirstFound = array(); + $cnt = 0; while (($line = fgets($handle)) !== false) { $cnt++; @@ -299,6 +302,7 @@ foreach ($filesToProcess as $fileToProcess) { } // String exists in both files and value into alternative language differs from main language but also from english files + // so we keep it. if ((! empty($aSecondary[$key]) && $aSecondary[$key] != $aPrimary[$key] && ! empty($aEnglish[$key]) && $aSecondary[$key] != $aEnglish[$key]) || in_array($key, $arrayofkeytoalwayskeep) || preg_match('/^FormatDate/', $key) || preg_match('/^FormatHour/', $key) diff --git a/htdocs/accountancy/admin/accountmodel.php b/htdocs/accountancy/admin/accountmodel.php index 0f4d538cfac..6aacda28677 100644 --- a/htdocs/accountancy/admin/accountmodel.php +++ b/htdocs/accountancy/admin/accountmodel.php @@ -553,16 +553,16 @@ if ($id) { $num = $db->num_rows($resql); $i = 0; - $param = '&id='.$id; + $param = '&id='.urlencode($id); if ($search_country_id > 0) { - $param .= '&search_country_id='.$search_country_id; + $param .= '&search_country_id='.urlencode($search_country_id); } $paramwithsearch = $param; if ($sortorder) { - $paramwithsearch .= '&sortorder='.$sortorder; + $paramwithsearch .= '&sortorder='.urlencode($sortorder); } if ($sortfield) { - $paramwithsearch .= '&sortfield='.$sortfield; + $paramwithsearch .= '&sortfield='.urlencode($sortfield); } // There is several pages diff --git a/htdocs/accountancy/admin/card.php b/htdocs/accountancy/admin/card.php index b629e45cf0d..86efee3a04a 100644 --- a/htdocs/accountancy/admin/card.php +++ b/htdocs/accountancy/admin/card.php @@ -257,7 +257,20 @@ if ($action == 'create') { print $form->textwithpicto($langs->trans("Pcgtype"), $langs->transnoentitiesnoconv("PcgtypeDesc")); print ''; print ''; - print ''; + print ''; + // autosuggest from existing account types if found + print ''; + $sql = 'SELECT DISTINCT pcg_type FROM ' . MAIN_DB_PREFIX . 'accounting_account'; + $sql .= " WHERE fk_pcg_version = '" . $db->escape($accountsystem->ref) . "'"; + $sql .= ' AND entity in ('.getEntity('accounting_account', 0).')'; // Always limit to current entity. No sharing in accountancy. + $sql .= ' LIMIT 50000'; // just as a sanity check + $resql = $db->query($sql); + if ($resql) { + while ($obj = $db->fetch_object($resql)) { + print ''; print ''; // Category @@ -320,7 +333,20 @@ if ($action == 'create') { print $form->textwithpicto($langs->trans("Pcgtype"), $langs->transnoentitiesnoconv("PcgtypeDesc")); print ''; print ''; - print ''; + print ''; + // autosuggest from existing account types if found + print ''; + $sql = 'SELECT DISTINCT pcg_type FROM ' . MAIN_DB_PREFIX . 'accounting_account'; + $sql .= " WHERE fk_pcg_version = '" . $db->escape($accountsystem->ref) . "'"; + $sql .= ' AND entity in ('.getEntity('accounting_account', 0).')'; // Always limit to current entity. No sharing in accountancy. + $sql .= ' LIMIT 50000'; // just as a sanity check + $resql = $db->query($sql); + if ($resql) { + while ($obj = $db->fetch_object($resql)) { + print ''; print ''; // Category @@ -335,11 +361,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } else { diff --git a/htdocs/accountancy/admin/categories_list.php b/htdocs/accountancy/admin/categories_list.php index 9a8a84893fe..53a1d75129b 100644 --- a/htdocs/accountancy/admin/categories_list.php +++ b/htdocs/accountancy/admin/categories_list.php @@ -580,7 +580,7 @@ if ($resql) { $param = '&id='.$id; if ($search_country_id > 0) { - $param .= '&search_country_id='.$search_country_id; + $param .= '&search_country_id='.urlencode($search_country_id); } $paramwithsearch = $param; if ($sortorder) { diff --git a/htdocs/accountancy/admin/fiscalyear_card.php b/htdocs/accountancy/admin/fiscalyear_card.php index 16463ec027b..2aa33f21645 100644 --- a/htdocs/accountancy/admin/fiscalyear_card.php +++ b/htdocs/accountancy/admin/fiscalyear_card.php @@ -242,11 +242,7 @@ if ($action == 'create') { print ''; - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; diff --git a/htdocs/accountancy/admin/journals_list.php b/htdocs/accountancy/admin/journals_list.php index 9ba9d8a6e20..49103716387 100644 --- a/htdocs/accountancy/admin/journals_list.php +++ b/htdocs/accountancy/admin/journals_list.php @@ -512,7 +512,7 @@ if ($id) { $param = '&id='.$id; if ($search_country_id > 0) { - $param .= '&search_country_id='.$search_country_id; + $param .= '&search_country_id='.urlencode($search_country_id); } $paramwithsearch = $param; if ($sortorder) { diff --git a/htdocs/accountancy/admin/productaccount.php b/htdocs/accountancy/admin/productaccount.php index e29653a3e40..9596cd96af8 100644 --- a/htdocs/accountancy/admin/productaccount.php +++ b/htdocs/accountancy/admin/productaccount.php @@ -198,7 +198,7 @@ if ($action == 'update') { $sql .= " WHERE rowid = ".((int) $productid); } - dol_syslog("/accountancy/admin/productaccount.php sql=".$sql, LOG_DEBUG); + dol_syslog("/accountancy/admin/productaccount.php", LOG_DEBUG); if ($db->query($sql)) { $ok++; $db->commit(); @@ -329,7 +329,7 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) { $sql .= $db->plimit($limit + 1, $offset); -dol_syslog("/accountancy/admin/productaccount.php:: sql=".$sql, LOG_DEBUG); +dol_syslog("/accountancy/admin/productaccount.php", LOG_DEBUG); $result = $db->query($sql); if ($result) { $num = $db->num_rows($result); diff --git a/htdocs/accountancy/bookkeeping/balance.php b/htdocs/accountancy/bookkeeping/balance.php index b84fe255760..126f61e272c 100644 --- a/htdocs/accountancy/bookkeeping/balance.php +++ b/htdocs/accountancy/bookkeeping/balance.php @@ -40,6 +40,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; $langs->loadLangs(array("accountancy", "compta")); $action = GETPOST('action', 'aZ09'); +$contextpage = GETPOST('contextpage', 'aZ09'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; @@ -120,19 +121,19 @@ if ($limit > 0 && $limit != $conf->liste_limit) { $filter = array(); if (!empty($search_date_start)) { $filter['t.doc_date>='] = $search_date_start; - $param .= '&date_startmonth='.GETPOST('date_startmonth', 'int').'&date_startday='.GETPOST('date_startday', 'int').'&date_startyear='.GETPOST('date_startyear', 'int'); + $param .= '&date_startmonth='.GETPOST('date_startmonth', 'int').'&date_startday='.GETPOST('date_startday', 'int').'&date_startyear='.GETPOST('date_startyear', 'int'); } if (!empty($search_date_end)) { $filter['t.doc_date<='] = $search_date_end; - $param .= '&date_endmonth='.GETPOST('date_endmonth', 'int').'&date_endday='.GETPOST('date_endday', 'int').'&date_endyear='.GETPOST('date_endyear', 'int'); + $param .= '&date_endmonth='.GETPOST('date_endmonth', 'int').'&date_endday='.GETPOST('date_endday', 'int').'&date_endyear='.GETPOST('date_endyear', 'int'); } if (!empty($search_accountancy_code_start)) { $filter['t.numero_compte>='] = $search_accountancy_code_start; - $param .= '&search_accountancy_code_start='.$search_accountancy_code_start; + $param .= '&search_accountancy_code_start='.urlencode($search_accountancy_code_start); } if (!empty($search_accountancy_code_end)) { $filter['t.numero_compte<='] = $search_accountancy_code_end; - $param .= '&search_accountancy_code_end='.$search_accountancy_code_end; + $param .= '&search_accountancy_code_end='.urlencode($search_accountancy_code_end); } if (!empty($search_ledger_code)) { $filter['t.code_journal'] = $search_ledger_code; diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php index bc260c77ed3..73c23e4d63b 100644 --- a/htdocs/accountancy/bookkeeping/list.php +++ b/htdocs/accountancy/bookkeeping/list.php @@ -530,25 +530,25 @@ $sqlwhere = array(); if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.doc_date') { - $sqlwhere[] = $key.'=\''.$db->idate($value).'\''; + $sqlwhere[] = $key."='".$db->idate($value)."'"; } elseif ($key == 't.doc_date>=' || $key == 't.doc_date<=') { - $sqlwhere[] = $key.'\''.$db->idate($value).'\''; + $sqlwhere[] = $key."'".$db->idate($value)."'"; } elseif ($key == 't.numero_compte>=' || $key == 't.numero_compte<=') { - $sqlwhere[] = $key.'\''.$db->escape($value).'\''; + $sqlwhere[] = $key."'".$db->escape($value)."'"; } elseif ($key == 't.fk_doc' || $key == 't.fk_docdet' || $key == 't.piece_num') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key.'='.((int) $value); } elseif ($key == 't.numero_compte') { - $sqlwhere[] = $key.' LIKE \''.$db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '".$db->escape($value)."%'"; } elseif ($key == 't.subledger_account') { $sqlwhere[] = natural_search($key, $value, 0, 1); } elseif ($key == 't.date_creation>=' || $key == 't.date_creation<=') { - $sqlwhere[] = $key.'\''.$db->idate($value).'\''; + $sqlwhere[] = $key."'".$db->idate($value)."'"; } elseif ($key == 't.tms>=' || $key == 't.tms<=') { - $sqlwhere[] = $key.'\''.$db->idate($value).'\''; + $sqlwhere[] = $key."'".$db->idate($value)."'"; } elseif ($key == 't.date_export>=' || $key == 't.date_export<=') { - $sqlwhere[] = $key.'\''.$db->idate($value).'\''; + $sqlwhere[] = $key."'".$db->idate($value)."'"; } elseif ($key == 't.date_validated>=' || $key == 't.date_validated<=') { - $sqlwhere[] = $key.'\''.$db->idate($value).'\''; + $sqlwhere[] = $key."'".$db->idate($value)."'"; } elseif ($key == 't.credit' || $key == 't.debit') { $sqlwhere[] = natural_search($key, $value, 1, 1); } elseif ($key == 't.reconciled_option') { @@ -612,7 +612,7 @@ if ($action == 'export_fileconfirm' && $user->rights->accounting->mouvements->ex } $sql .= " WHERE rowid = ".((int) $movement->id); - dol_syslog("/accountancy/bookeeping/list.php Function export_file Specify movements as exported sql=".$sql, LOG_DEBUG); + dol_syslog("/accountancy/bookeeping/list.php Function export_file Specify movements as exported", LOG_DEBUG); $result = $db->query($sql); if (!$result) { $error++; diff --git a/htdocs/accountancy/class/accountancycategory.class.php b/htdocs/accountancy/class/accountancycategory.class.php index 77d10516daa..bc7226edb22 100644 --- a/htdocs/accountancy/class/accountancycategory.class.php +++ b/htdocs/accountancy/class/accountancycategory.class.php @@ -433,7 +433,7 @@ class AccountancyCategory // extends CommonObject $this->lines_display = array(); - dol_syslog(__METHOD__." sql=".$sql, LOG_DEBUG); + dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); @@ -632,7 +632,7 @@ class AccountancyCategory // extends CommonObject $sql .= " WHERE aa.rowid = ".((int) $cpt_id); $this->db->begin(); - dol_syslog(__METHOD__." sql=".$sql, LOG_DEBUG); + dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { $error++; diff --git a/htdocs/accountancy/class/accountancyexport.class.php b/htdocs/accountancy/class/accountancyexport.class.php index c8aa1407ddb..d46580b98b2 100644 --- a/htdocs/accountancy/class/accountancyexport.class.php +++ b/htdocs/accountancy/class/accountancyexport.class.php @@ -1307,7 +1307,9 @@ class AccountancyExport /** * Export format : LD Compta version 10 & higher - * http://www.ldsysteme.fr/fileadmin/telechargement/np/ldcompta/Documentation/IntCptW10.pdf + * Last review for this format : 08-15-2021 Alexandre Spangaro (aspangaro@open-dsi.fr) + * + * Help : http://www.ldsysteme.fr/fileadmin/telechargement/np/ldcompta/Documentation/IntCptW10.pdf * * @param array $objectLines data * @@ -1470,14 +1472,14 @@ class AccountancyExport print $date_lim_reglement.$separator; // CNPI if ($line->doc_type == 'supplier_invoice') { - if (($line->debit - $line->credit) > 0) { + if (($line->amount) < 0) { // Currently, only the sign of amount allows to know the type of invoice (standard or credit note). Other solution is to analyse debit/credit/role of account. TODO Add column doc_type_long or make amount mandatory with rule on sign. $nature_piece = 'AF'; } else { $nature_piece = 'FF'; } } elseif ($line->doc_type == 'customer_invoice') { - if (($line->debit - $line->credit) < 0) { - $nature_piece = 'AC'; + if (($line->amount) < 0) { + $nature_piece = 'AC'; // Currently, only the sign of amount allows to know the type of invoice (standard or credit note). Other solution is to analyse debit/credit/role of account. TODO Add column doc_type_long or make amount mandatory with rule on sign. } else { $nature_piece = 'FC'; } diff --git a/htdocs/accountancy/class/accountancysystem.class.php b/htdocs/accountancy/class/accountancysystem.class.php index 1b481027ac0..a62dddd6a26 100644 --- a/htdocs/accountancy/class/accountancysystem.class.php +++ b/htdocs/accountancy/class/accountancysystem.class.php @@ -105,7 +105,7 @@ class AccountancySystem $sql .= " a.pcg_version = '".$this->db->escape($ref)."'"; } - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $obj = $this->db->fetch_object($result); @@ -143,9 +143,9 @@ class AccountancySystem $sql = "INSERT INTO ".MAIN_DB_PREFIX."accounting_system"; $sql .= " (date_creation, fk_user_author, numero, label)"; - $sql .= " VALUES ('".$this->db->idate($now)."',".$user->id.",'".$this->db->escape($this->numero)."','".$this->db->escape($this->label)."')"; + $sql .= " VALUES ('".$this->db->idate($now)."',".((int) $user->id).",'".$this->db->escape($this->numero)."','".$this->db->escape($this->label)."')"; - dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $id = $this->db->last_insert_id(MAIN_DB_PREFIX."accounting_system"); diff --git a/htdocs/accountancy/class/accountingaccount.class.php b/htdocs/accountancy/class/accountingaccount.class.php index 99a0dc0dc48..35178e43947 100644 --- a/htdocs/accountancy/class/accountingaccount.class.php +++ b/htdocs/accountancy/class/accountingaccount.class.php @@ -150,7 +150,7 @@ class AccountingAccount extends CommonObject global $conf; $this->db = $db; - $this->next_prev_filter = 'fk_pcg_version IN (SELECT pcg_version FROM '.MAIN_DB_PREFIX.'accounting_system WHERE rowid='.$conf->global->CHARTOFACCOUNTS.')'; // Used to add a filter in Form::showrefnav method + $this->next_prev_filter = "fk_pcg_version IN (SELECT pcg_version FROM ".MAIN_DB_PREFIX."accounting_system WHERE rowid=".((int) $conf->global->CHARTOFACCOUNTS).")"; // Used to add a filter in Form::showrefnav method } /** @@ -185,7 +185,7 @@ class AccountingAccount extends CommonObject $sql .= " AND a.fk_pcg_version = '".$this->db->escape($limittoachartaccount)."'"; } - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $obj = $this->db->fetch_object($result); @@ -289,7 +289,7 @@ class AccountingAccount extends CommonObject $this->db->begin(); - dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -352,7 +352,7 @@ class AccountingAccount extends CommonObject $sql .= " , reconcilable = ".(int) $this->reconcilable; $sql .= " WHERE rowid = ".((int) $this->id); - dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::update", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $this->db->commit(); @@ -374,12 +374,12 @@ class AccountingAccount extends CommonObject global $langs; $sql = "(SELECT fk_code_ventilation FROM ".MAIN_DB_PREFIX."facturedet"; - $sql .= " WHERE fk_code_ventilation=".$this->id.")"; + $sql .= " WHERE fk_code_ventilation=".((int) $this->id).")"; $sql .= "UNION"; $sql .= " (SELECT fk_code_ventilation FROM ".MAIN_DB_PREFIX."facture_fourn_det"; - $sql .= " WHERE fk_code_ventilation=".$this->id.")"; + $sql .= " WHERE fk_code_ventilation=".((int) $this->id).")"; - dol_syslog(get_class($this)."::checkUsage sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::checkUsage", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -604,7 +604,7 @@ class AccountingAccount extends CommonObject $sql .= "SET ".$fieldtouse." = '0'"; $sql .= " WHERE rowid = ".((int) $id); - dol_syslog(get_class($this)."::accountDeactivate ".$fieldtouse." sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::accountDeactivate ".$fieldtouse, LOG_DEBUG); $result = $this->db->query($sql); if ($result) { @@ -642,7 +642,7 @@ class AccountingAccount extends CommonObject $sql .= " SET ".$fieldtouse." = '1'"; $sql .= " WHERE rowid = ".((int) $id); - dol_syslog(get_class($this)."::account_activate ".$fieldtouse." sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::account_activate ".$fieldtouse, LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $this->db->commit(); diff --git a/htdocs/accountancy/class/accountingjournal.class.php b/htdocs/accountancy/class/accountingjournal.class.php index 95a69466658..376178b45ba 100644 --- a/htdocs/accountancy/class/accountingjournal.class.php +++ b/htdocs/accountancy/class/accountingjournal.class.php @@ -113,7 +113,7 @@ class AccountingJournal extends CommonObject $sql .= " AND entity = ".$conf->entity; } - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $obj = $this->db->fetch_object($result); @@ -170,18 +170,18 @@ class AccountingJournal extends CommonObject $sql .= ' WHERE 1 = 1'; $sql .= " AND entity IN (".getEntity('accountancy').")"; if (count($sqlwhere) > 0) { - $sql .= ' AND '.implode(' '.$filtermode.' ', $sqlwhere); + $sql .= " AND ".implode(" ".$filtermode." ", $sqlwhere); } if (!empty($sortfield)) { $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit + 1, $offset); + $sql .= $this->db->plimit($limit + 1, $offset); } $this->lines = array(); - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); diff --git a/htdocs/accountancy/class/bookkeeping.class.php b/htdocs/accountancy/class/bookkeeping.class.php index aeaa42154d8..e1a54edf3cd 100644 --- a/htdocs/accountancy/class/bookkeeping.class.php +++ b/htdocs/accountancy/class/bookkeeping.class.php @@ -297,7 +297,7 @@ class BookKeeping extends CommonObject $sql .= " AND fk_doc = ".((int) $this->fk_doc); if (!empty($conf->global->ACCOUNTANCY_ENABLE_FKDOCDET)) { // DO NOT USE THIS IN PRODUCTION. This will generate a lot of trouble into reports and will corrupt database (by generating duplicate entries. - $sql .= " AND fk_docdet = ".$this->fk_docdet; // This field can be 0 if record is for several lines + $sql .= " AND fk_docdet = ".((int) $this->fk_docdet); // This field can be 0 if record is for several lines } $sql .= " AND numero_compte = '".$this->db->escape($this->numero_compte)."'"; $sql .= " AND label_operation = '".$this->db->escape($this->label_operation)."'"; @@ -390,7 +390,7 @@ class BookKeeping extends CommonObject $sql .= ", '".$this->db->idate($now)."'"; $sql .= ", '".$this->db->escape($this->code_journal)."'"; $sql .= ", ".(!empty($this->journal_label) ? ("'".$this->db->escape($this->journal_label)."'") : "NULL"); - $sql .= ", ".$this->db->escape($this->piece_num); + $sql .= ", ".((int) $this->piece_num); $sql .= ", ".(!isset($this->entity) ? $conf->entity : $this->entity); $sql .= ")"; @@ -647,7 +647,7 @@ class BookKeeping extends CommonObject $sql .= ' '.(!isset($this->credit) ? 'NULL' : $this->credit).','; $sql .= ' '.(!isset($this->montant) ? 'NULL' : $this->montant).','; $sql .= ' '.(!isset($this->sens) ? 'NULL' : "'".$this->db->escape($this->sens)."'").','; - $sql .= ' '.$user->id.','; + $sql .= ' '.((int) $user->id).','; $sql .= ' '."'".$this->db->idate($now)."',"; $sql .= ' '.(empty($this->code_journal) ? 'NULL' : "'".$this->db->escape($this->code_journal)."'").','; $sql .= ' '.(empty($this->journal_label) ? 'NULL' : "'".$this->db->escape($this->journal_label)."'").','; @@ -729,7 +729,10 @@ class BookKeeping extends CommonObject $sql .= " t.journal_label,"; $sql .= " t.piece_num,"; $sql .= " t.date_creation,"; - $sql .= " t.date_export,"; + // In llx_accounting_bookkeeping_tmp, field date_export doesn't exist + if ($mode != "_tmp") { + $sql .= " t.date_export,"; + } $sql .= " t.date_validated as date_validation"; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.$mode.' as t'; $sql .= ' WHERE 1 = 1'; @@ -880,7 +883,7 @@ class BookKeeping extends CommonObject $sql .= ' WHERE 1 = 1'; $sql .= " AND entity IN (".getEntity('accountancy').")"; if (count($sqlwhere) > 0) { - $sql .= ' AND '.implode(' '.$filtermode.' ', $sqlwhere); + $sql .= " AND ".implode(" ".$filtermode." ", $sqlwhere); } // Affichage par compte comptable if (!empty($option)) { @@ -891,10 +894,10 @@ class BookKeeping extends CommonObject } if (!empty($sortfield)) { - $sql .= ', '.$sortfield.' '.$sortorder; + $sql .= ", ".$sortfield." ".$sortorder; } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit + 1, $offset); + $sql .= $this->db->plimit($limit + 1, $offset); } $resql = $this->db->query($sql); @@ -1024,6 +1027,12 @@ class BookKeeping extends CommonObject $sqlwhere[] = $key.'\''.$this->db->idate($value).'\''; } elseif ($key == 't.credit' || $key == 't.debit') { $sqlwhere[] = natural_search($key, $value, 1, 1); + } elseif ($key == 't.code_journal' && !empty($value)) { + if (is_array($value)) { + $sqlwhere[] = natural_search("t.code_journal", join(',', $value), 3, 1); + } else { + $sqlwhere[] = natural_search("t.code_journal", $value, 3, 1); + } } else { $sqlwhere[] = natural_search($key, $value, 0, 1); } @@ -1034,13 +1043,13 @@ class BookKeeping extends CommonObject $sql .= " AND t.date_export IS NULL"; } if (count($sqlwhere) > 0) { - $sql .= ' AND '.implode(' '.$filtermode.' ', $sqlwhere); + $sql .= ' AND '.implode(" ".$filtermode." ", $sqlwhere); } if (!empty($sortfield)) { $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit + 1, $offset); + $sql .= $this->db->plimit($limit + 1, $offset); } $this->lines = array(); @@ -1128,17 +1137,17 @@ class BookKeeping extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.doc_date') { - $sqlwhere[] = $key.'=\''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 't.doc_date>=' || $key == 't.doc_date<=') { - $sqlwhere[] = $key.'\''.$this->db->idate($value).'\''; + $sqlwhere[] = $key."'".$this->db->idate($value)."'"; } elseif ($key == 't.numero_compte>=' || $key == 't.numero_compte<=' || $key == 't.subledger_account>=' || $key == 't.subledger_account<=') { - $sqlwhere[] = $key.'\''.$this->db->escape($value).'\''; + $sqlwhere[] = $key."'".$this->db->escape($value)."'"; } elseif ($key == 't.fk_doc' || $key == 't.fk_docdet' || $key == 't.piece_num') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif ($key == 't.subledger_account' || $key == 't.numero_compte') { - $sqlwhere[] = $key.' LIKE \''.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '".$this->db->escape($value)."%'"; } elseif ($key == 't.subledger_label') { - $sqlwhere[] = $key.' LIKE \''.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '".$this->db->escape($value)."%'"; } elseif ($key == 't.code_journal' && !empty($value)) { if (is_array($value)) { $sqlwhere[] = natural_search("t.code_journal", join(',', $value), 3, 1); @@ -1146,13 +1155,13 @@ class BookKeeping extends CommonObject $sqlwhere[] = natural_search("t.code_journal", $value, 3, 1); } } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } $sql .= ' WHERE entity IN ('.getEntity('accountancy').')'; if (count($sqlwhere) > 0) { - $sql .= ' AND '.implode(' '.$filtermode.' ', $sqlwhere); + $sql .= " AND ".implode(" ".$filtermode." ", $sqlwhere); } $sql .= ' GROUP BY t.numero_compte'; @@ -1161,7 +1170,7 @@ class BookKeeping extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit + 1, $offset); + $sql .= $this->db->plimit($limit + 1, $offset); } $resql = $this->db->query($sql); @@ -1338,8 +1347,9 @@ class BookKeeping extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element.$mode; - $sql .= ' SET '.$field.'='.(is_numeric($value) ? $value : "'".$this->db->escape($value)."'"); - $sql .= " WHERE piece_num = '".$this->db->escape($piece_num)."'"; + $sql .= " SET ".$field." = ".(is_numeric($value) ? ((float) $value) : "'".$this->db->escape($value)."'"); + $sql .= " WHERE piece_num = ".((int) $piece_num); + $resql = $this->db->query($sql); if (!$resql) { @@ -1622,9 +1632,13 @@ class BookKeeping extends CommonObject global $conf; $sql = "SELECT piece_num, doc_date,code_journal, journal_label, doc_ref, doc_type,"; - $sql .= " date_creation, tms as date_modification, date_export, date_validated as date_validation"; + $sql .= " date_creation, tms as date_modification, date_validated as date_validation"; + // In llx_accounting_bookkeeping_tmp, field date_export doesn't exist + if ($mode != "_tmp") { + $sql .= ", date_export"; + } $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element.$mode; - $sql .= " WHERE piece_num = ".$piecenum; + $sql .= " WHERE piece_num = ".((int) $piecenum); $sql .= " AND entity IN (".getEntity('accountancy').")"; dol_syslog(__METHOD__, LOG_DEBUG); @@ -1665,7 +1679,7 @@ class BookKeeping extends CommonObject $sql = "SELECT MAX(piece_num)+1 as max FROM ".MAIN_DB_PREFIX.$this->table_element.$mode; $sql .= " WHERE entity IN (".getEntity('accountancy').")"; - dol_syslog(get_class($this)."getNextNumMvt sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."getNextNumMvt", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { @@ -1699,9 +1713,13 @@ class BookKeeping extends CommonObject $sql .= " doc_ref, fk_doc, fk_docdet, thirdparty_code, subledger_account, subledger_label,"; $sql .= " numero_compte, label_compte, label_operation, debit, credit,"; $sql .= " montant as amount, sens, fk_user_author, import_key, code_journal, journal_label, piece_num,"; - $sql .= " date_creation, tms as date_modification, date_export, date_validated as date_validation"; + $sql .= " date_creation, tms as date_modification, date_validated as date_validation"; + // In llx_accounting_bookkeeping_tmp, field date_export doesn't exist + if ($mode != "_tmp") { + $sql .= ", date_export"; + } $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element.$mode; - $sql .= " WHERE piece_num = ".$piecenum; + $sql .= " WHERE piece_num = ".((int) $piecenum); $sql .= " AND entity IN (".getEntity('accountancy').")"; dol_syslog(__METHOD__, LOG_DEBUG); @@ -1841,7 +1859,7 @@ class BookKeeping extends CommonObject $sql .= ' SELECT doc_date, doc_type,'; $sql .= ' doc_ref, fk_doc, fk_docdet, entity, thirdparty_code, subledger_account, subledger_label,'; $sql .= ' numero_compte, label_compte, label_operation, debit, credit,'; - $sql .= ' montant, sens, fk_user_author, import_key, code_journal, journal_label, '.$next_piecenum.", '".$this->db->idate($now)."'"; + $sql .= ' montant, sens, fk_user_author, import_key, code_journal, journal_label, '.((int) $next_piecenum).", '".$this->db->idate($now)."'"; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.'_tmp WHERE piece_num = '.((int) $piece_num); $resql = $this->db->query($sql); if (!$resql) { @@ -2000,7 +2018,7 @@ class BookKeeping extends CommonObject $sql .= " WHERE aa.account_number = '".$this->db->escape($account)."'"; $sql .= " AND aa.entity IN (".getEntity('accountancy').")"; - dol_syslog(get_class($this)."::select_account sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::select_account", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $obj = ''; @@ -2040,7 +2058,7 @@ class BookKeeping extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_accounting_category as cat ON aa.fk_accounting_category = cat.rowid"; $sql .= " WHERE aa.entity IN (".getEntity('accountancy').")"; - dol_syslog(get_class($this)."::select_account sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::select_account", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $obj = ''; diff --git a/htdocs/accountancy/class/lettering.class.php b/htdocs/accountancy/class/lettering.class.php index b2abf01948e..1dd4c4df3e5 100644 --- a/htdocs/accountancy/class/lettering.class.php +++ b/htdocs/accountancy/class/lettering.class.php @@ -279,7 +279,7 @@ class Lettering extends BookKeeping $sql .= " WHERE rowid IN (".$this->db->sanitize(implode(',', $ids)).") AND date_validated IS NULL "; $this->db->begin(); - dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { $error++; diff --git a/htdocs/accountancy/closure/index.php b/htdocs/accountancy/closure/index.php index b612762d358..a7220d01a28 100644 --- a/htdocs/accountancy/closure/index.php +++ b/htdocs/accountancy/closure/index.php @@ -95,7 +95,7 @@ if ($action == 'validate_movements_confirm' && !empty($user->rights->accounting- $sql .= " AND doc_date >= '" . $db->idate($date_start) . "'"; $sql .= " AND doc_date <= '" . $db->idate($date_end) . "'"; - dol_syslog("/accountancy/closure/index.php :: Function validate_movement_confirm Specify movements as validated sql=".$sql, LOG_DEBUG); + dol_syslog("/accountancy/closure/index.php :: Function validate_movement_confirm Specify movements as validated", LOG_DEBUG); $result = $db->query($sql); if (!$result) { $error++; @@ -189,7 +189,7 @@ for ($i = 1; $i <= 12; $i++) { if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(b.doc_date)='.$j, '1', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(b.doc_date)=".$j, "1", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " COUNT(b.rowid) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as b"; @@ -198,7 +198,7 @@ $sql .= " AND b.doc_date <= '".$db->idate($search_date_end)."'"; $sql .= " AND b.entity IN (".getEntity('bookkeeping', 0).")"; // We don't share object for accountancy $sql .= " AND date_validated IS NULL"; -dol_syslog('htdocs/accountancy/closure/index.php sql='.$sql, LOG_DEBUG); +dol_syslog('htdocs/accountancy/closure/index.php', LOG_DEBUG); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); diff --git a/htdocs/accountancy/customer/card.php b/htdocs/accountancy/customer/card.php index b3ce892b235..296d6729301 100644 --- a/htdocs/accountancy/customer/card.php +++ b/htdocs/accountancy/customer/card.php @@ -117,7 +117,7 @@ if (!empty($id)) { $sql .= " WHERE f.fk_statut > 0 AND l.rowid = ".((int) $id); $sql .= " AND f.entity IN (".getEntity('invoice', 0).")"; // We don't share object for accountancy - dol_syslog("/accounting/customer/card.php sql=".$sql, LOG_DEBUG); + dol_syslog("/accounting/customer/card.php", LOG_DEBUG); $result = $db->query($sql); if ($result) { diff --git a/htdocs/accountancy/customer/index.php b/htdocs/accountancy/customer/index.php index ede72c9d9e6..3b30d00dbf6 100644 --- a/htdocs/accountancy/customer/index.php +++ b/htdocs/accountancy/customer/index.php @@ -85,8 +85,8 @@ if ($action == 'clean' || $action == 'validatehistory') { $sql1 .= ' (SELECT accnt.rowid '; $sql1 .= ' FROM '.MAIN_DB_PREFIX.'accounting_account as accnt'; $sql1 .= ' INNER JOIN '.MAIN_DB_PREFIX.'accounting_system as syst'; - $sql1 .= ' ON accnt.fk_pcg_version = syst.pcg_version AND syst.rowid='.$conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity.')'; - $sql1 .= ' AND fd.fk_facture IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'facture WHERE entity = '.$conf->entity.')'; + $sql1 .= ' ON accnt.fk_pcg_version = syst.pcg_version AND syst.rowid='.((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.((int) $conf->entity).')'; + $sql1 .= ' AND fd.fk_facture IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'facture WHERE entity = '.((int) $conf->entity).')'; $sql1 .= ' AND fk_code_ventilation <> 0'; dol_syslog("htdocs/accountancy/customer/index.php fixaccountancycode", LOG_DEBUG); @@ -110,13 +110,13 @@ if ($action == 'validatehistory') { $sql1 = "UPDATE " . MAIN_DB_PREFIX . "facturedet"; $sql1 .= " SET fk_code_ventilation = accnt.rowid"; $sql1 .= " FROM " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst"; - $sql1 .= " WHERE " . MAIN_DB_PREFIX . "facturedet.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity; + $sql1 .= " WHERE " . MAIN_DB_PREFIX . "facturedet.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.((int) $conf->entity); $sql1 .= " AND accnt.active = 1 AND p.accountancy_code_sell=accnt.account_number"; $sql1 .= " AND " . MAIN_DB_PREFIX . "facturedet.fk_code_ventilation = 0"; } else { $sql1 = "UPDATE " . MAIN_DB_PREFIX . "facturedet as fd, " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst"; $sql1 .= " SET fk_code_ventilation = accnt.rowid"; - $sql1 .= " WHERE fd.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity; + $sql1 .= " WHERE fd.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.((int) $conf->entity); $sql1 .= " AND accnt.active = 1 AND p.accountancy_code_sell=accnt.account_number"; $sql1 .= " AND fd.fk_code_ventilation = 0"; }*/ @@ -283,7 +283,7 @@ for ($i = 1; $i <= 12; $i++) { if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(f.datef)='.$j, 'fd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(f.datef)=".$j, "fd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(fd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd"; @@ -306,7 +306,7 @@ if (!empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) { } $sql .= " GROUP BY fd.fk_code_ventilation,aa.account_number,aa.label"; -dol_syslog('htdocs/accountancy/customer/index.php sql='.$sql, LOG_DEBUG); +dol_syslog('htdocs/accountancy/customer/index.php', LOG_DEBUG); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); @@ -367,7 +367,7 @@ for ($i = 1; $i <= 12; $i++) { if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(f.datef)='.$j, 'fd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(f.datef)=".$j, "fd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(fd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd"; @@ -452,7 +452,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) { // This part of code looks strange if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(f.datef)='.$j, 'fd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(f.datef)=".$j, "fd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(fd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd"; @@ -513,7 +513,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) { // This part of code looks strange if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(f.datef)='.$j, '(fd.total_ht-(fd.qty * fd.buy_price_ht))', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(f.datef)=".$j, "(fd.total_ht-(fd.qty * fd.buy_price_ht))", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM((fd.total_ht-(fd.qty * fd.buy_price_ht))) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd"; diff --git a/htdocs/accountancy/customer/list.php b/htdocs/accountancy/customer/list.php index 5ce9f5e13e8..35e02d5b007 100644 --- a/htdocs/accountancy/customer/list.php +++ b/htdocs/accountancy/customer/list.php @@ -188,7 +188,7 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { $accountventilated = new AccountingAccount($db); $accountventilated->fetch($monCompte, '', 1); - dol_syslog("accountancy/customer/list.php sql=".$sql, LOG_DEBUG); + dol_syslog("accountancy/customer/list.php", LOG_DEBUG); if ($db->query($sql)) { $msg .= '
'.$langs->trans("Lineofinvoice", $monId).' - '.$langs->trans("VentilatedinAccount").' : '.length_accountg($accountventilated->account_number).'
'; $ok++; diff --git a/htdocs/accountancy/expensereport/card.php b/htdocs/accountancy/expensereport/card.php index db270b9d2db..7c2310ccce4 100644 --- a/htdocs/accountancy/expensereport/card.php +++ b/htdocs/accountancy/expensereport/card.php @@ -110,7 +110,7 @@ if (!empty($id)) { $sql .= " WHERE er.fk_statut > 0 AND erd.rowid = ".((int) $id); $sql .= " AND er.entity IN (".getEntity('expensereport', 0).")"; // We don't share object for accountancy - dol_syslog("/accounting/expensereport/card.php sql=".$sql, LOG_DEBUG); + dol_syslog("/accounting/expensereport/card.php", LOG_DEBUG); $result = $db->query($sql); if ($result) { diff --git a/htdocs/accountancy/expensereport/index.php b/htdocs/accountancy/expensereport/index.php index f06dd5f8d6f..1544976bb07 100644 --- a/htdocs/accountancy/expensereport/index.php +++ b/htdocs/accountancy/expensereport/index.php @@ -79,8 +79,8 @@ if (($action == 'clean' || $action == 'validatehistory') && $user->rights->accou $sql1 .= ' (SELECT accnt.rowid '; $sql1 .= ' FROM '.MAIN_DB_PREFIX.'accounting_account as accnt'; $sql1 .= ' INNER JOIN '.MAIN_DB_PREFIX.'accounting_system as syst'; - $sql1 .= ' ON accnt.fk_pcg_version = syst.pcg_version AND syst.rowid='.$conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity.')'; - $sql1 .= ' AND erd.fk_expensereport IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'expensereport WHERE entity = '.$conf->entity.')'; + $sql1 .= ' ON accnt.fk_pcg_version = syst.pcg_version AND syst.rowid='.((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.((int) $conf->entity).')'; + $sql1 .= ' AND erd.fk_expensereport IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'expensereport WHERE entity = '.((int) $conf->entity).')'; $sql1 .= ' AND fk_code_ventilation <> 0'; dol_syslog("htdocs/accountancy/customer/index.php fixaccountancycode", LOG_DEBUG); $resql1 = $db->query($sql1); @@ -103,13 +103,13 @@ if ($action == 'validatehistory') { $sql1 = "UPDATE ".MAIN_DB_PREFIX."expensereport_det"; $sql1 .= " SET fk_code_ventilation = accnt.rowid"; $sql1 .= " FROM ".MAIN_DB_PREFIX."c_type_fees as t, ".MAIN_DB_PREFIX."accounting_account as accnt , ".MAIN_DB_PREFIX."accounting_system as syst"; - $sql1 .= " WHERE ".MAIN_DB_PREFIX."expensereport_det.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid = ".((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity; + $sql1 .= " WHERE ".MAIN_DB_PREFIX."expensereport_det.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid = ".((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.((int) $conf->entity); $sql1 .= " AND accnt.active = 1 AND t.accountancy_code = accnt.account_number"; $sql1 .= " AND ".MAIN_DB_PREFIX."expensereport_det.fk_code_ventilation = 0"; } else { $sql1 = "UPDATE ".MAIN_DB_PREFIX."expensereport_det as erd, ".MAIN_DB_PREFIX."c_type_fees as t, ".MAIN_DB_PREFIX."accounting_account as accnt , ".MAIN_DB_PREFIX."accounting_system as syst"; $sql1 .= " SET erd.fk_code_ventilation = accnt.rowid"; - $sql1 .= " WHERE erd.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid = ".((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity; + $sql1 .= " WHERE erd.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid = ".((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.((int) $conf->entity); $sql1 .= " AND accnt.active = 1 AND t.accountancy_code=accnt.account_number"; $sql1 .= " AND erd.fk_code_ventilation = 0"; } @@ -166,13 +166,13 @@ for ($i = 1; $i <= 12; $i++) { print ''.$langs->trans("Total").''; $sql = "SELECT ".$db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number')." AS codecomptable,"; -$sql .= " ".$db->ifsql('aa.label IS NULL', "'tobind'", 'aa.label')." AS intitule,"; +$sql .= " ".$db->ifsql('aa.label IS NULL', "'tobind'", 'aa.label')." AS intitule,"; for ($i = 1; $i <= 12; $i++) { $j = $i + ($conf->global->SOCIETE_FISCAL_MONTH_START ? $conf->global->SOCIETE_FISCAL_MONTH_START : 1) - 1; if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(er.date_debut)='.$j, 'erd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(er.date_debut)=".$j, "erd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(erd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."expensereport_det as erd"; @@ -251,7 +251,7 @@ for ($i = 1; $i <= 12; $i++) { if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(er.date_debut)='.$j, 'erd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(er.date_debut)=".$j, "erd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " ROUND(SUM(erd.total_ht),2) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."expensereport_det as erd"; @@ -330,7 +330,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) { // This part of code looks strange if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(er.date_create)='.$j, 'erd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(er.date_create)=".$j, "erd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(erd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."expensereport_det as erd"; diff --git a/htdocs/accountancy/expensereport/list.php b/htdocs/accountancy/expensereport/list.php index d69e78fead2..4cfc4dfb4ba 100644 --- a/htdocs/accountancy/expensereport/list.php +++ b/htdocs/accountancy/expensereport/list.php @@ -159,7 +159,7 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { $accountventilated = new AccountingAccount($db); $accountventilated->fetch($monCompte, '', 1); - dol_syslog('accountancy/expensereport/list.php:: sql='.$sql, LOG_DEBUG); + dol_syslog('accountancy/expensereport/list.php', LOG_DEBUG); if ($db->query($sql)) { $msg .= '
'.$langs->trans("LineOfExpenseReport").' '.$monId.' - '.$langs->trans("VentilatedinAccount").' : '.length_accountg($accountventilated->account_number).'
'; $ok++; diff --git a/htdocs/accountancy/journal/bankjournal.php b/htdocs/accountancy/journal/bankjournal.php index bdda4583d54..d05135e7a67 100644 --- a/htdocs/accountancy/journal/bankjournal.php +++ b/htdocs/accountancy/journal/bankjournal.php @@ -364,10 +364,10 @@ if ($result) { // Note: We have the social contribution id, it can be faster to get accounting code from social contribution id. $sqlmid = 'SELECT cchgsoc.accountancy_code'; $sqlmid .= " FROM ".MAIN_DB_PREFIX."c_chargesociales cchgsoc"; - $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."chargesociales as chgsoc ON chgsoc.fk_type=cchgsoc.id"; - $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."paiementcharge as paycharg ON paycharg.fk_charge=chgsoc.rowid"; + $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."chargesociales as chgsoc ON chgsoc.fk_type = cchgsoc.id"; + $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."paiementcharge as paycharg ON paycharg.fk_charge = chgsoc.rowid"; $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."bank_url as bkurl ON bkurl.url_id=paycharg.rowid AND bkurl.type = 'payment_sc'"; - $sqlmid .= " WHERE bkurl.fk_bank=".$obj->rowid; + $sqlmid .= " WHERE bkurl.fk_bank = ".((int) $obj->rowid); dol_syslog("accountancy/journal/bankjournal.php:: sqlmid=".$sqlmid, LOG_DEBUG); $resultmid = $db->query($sqlmid); diff --git a/htdocs/accountancy/journal/expensereportsjournal.php b/htdocs/accountancy/journal/expensereportsjournal.php index c1a62847b32..9633157b5b7 100644 --- a/htdocs/accountancy/journal/expensereportsjournal.php +++ b/htdocs/accountancy/journal/expensereportsjournal.php @@ -3,7 +3,7 @@ * Copyright (C) 2007-2010 Jean Heimburger * Copyright (C) 2011 Juanjo Menent * Copyright (C) 2012 Regis Houssin - * Copyright (C) 2013-2018 Alexandre Spangaro + * Copyright (C) 2013-2021 Alexandre Spangaro * Copyright (C) 2013-2016 Olivier Geffroy * Copyright (C) 2013-2016 Florian Henry * Copyright (C) 2018 Frédéric France @@ -627,7 +627,7 @@ if (empty($action) || $action == 'view') { print "".$expensereportstatic->getNomUrl(1).""; // Account print ""; - $accountoshow = length_accounta($conf->global->SALARIES_ACCOUNTING_ACCOUNT_PAYMENT); + $accountoshow = length_accountg($conf->global->SALARIES_ACCOUNTING_ACCOUNT_PAYMENT); if (($accountoshow == "") || $accountoshow == 'NotDefined') { print ''.$langs->trans("MainAccountForUsersNotDefined").''; } else { diff --git a/htdocs/accountancy/journal/purchasesjournal.php b/htdocs/accountancy/journal/purchasesjournal.php index 71358770775..9a65844871d 100644 --- a/htdocs/accountancy/journal/purchasesjournal.php +++ b/htdocs/accountancy/journal/purchasesjournal.php @@ -3,7 +3,7 @@ * Copyright (C) 2007-2010 Jean Heimburger * Copyright (C) 2011 Juanjo Menent * Copyright (C) 2012 Regis Houssin - * Copyright (C) 2013-2017 Alexandre Spangaro + * Copyright (C) 2013-2021 Alexandre Spangaro * Copyright (C) 2013-2016 Olivier Geffroy * Copyright (C) 2013-2016 Florian Henry * Copyright (C) 2018 Frédéric France @@ -648,7 +648,7 @@ if ($action == 'exportcsv') { // ISO and not UTF8 ! print '"'.$val["refsologest"].'"'.$sep; print '"'.utf8_decode(dol_trunc($companystatic->name, 32)).'"'.$sep; print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; - print '"'.$conf->global->ACCOUNTING_ACCOUNT_SUPPLIER.'"'.$sep; + print '"'.length_accountg($conf->global->ACCOUNTING_ACCOUNT_SUPPLIER).'"'.$sep; print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; print '"'.$langs->trans("Thirdparty").'"'.$sep; print '"'.utf8_decode(dol_trunc($companystatic->name, 16)).' - '.$val["refsuppliersologest"].' - '.$langs->trans("Thirdparty").'"'.$sep; @@ -717,9 +717,9 @@ if ($action == 'exportcsv') { // ISO and not UTF8 ! print '"'.$date.'"'.$sep; print '"'.$val["refsologest"].'"'.$sep; print '"'.utf8_decode(dol_trunc($companystatic->name, 32)).'"'.$sep; - print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; - print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; - print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; + print '"'.length_accountg(html_entity_decode($k)).'"'.$sep; + print '"'.length_accountg(html_entity_decode($k)).'"'.$sep; + print '"'.length_accountg(html_entity_decode($k)).'"'.$sep; print '"'.$langs->trans("Thirdparty").'"'.$sep; print '"'.utf8_decode(dol_trunc($companystatic->name, 16)).' - '.$val["refsuppliersologest"].' - '.$langs->trans("VAT").' NPR"'.$sep; print '"'.($mt < 0 ? price(-$mt) : '').'"'.$sep; @@ -894,7 +894,7 @@ if (empty($action) || $action == 'view') { print "".$invoicestatic->getNomUrl(1).""; // Account print ""; - $accountoshow = length_accounta($conf->global->ACCOUNTING_ACCOUNT_SUPPLIER); + $accountoshow = length_accountg($conf->global->ACCOUNTING_ACCOUNT_SUPPLIER); if (($accountoshow == "") || $accountoshow == 'NotDefined') { print ''.$langs->trans("MainAccountForSuppliersNotDefined").''; } else { diff --git a/htdocs/accountancy/journal/sellsjournal.php b/htdocs/accountancy/journal/sellsjournal.php index 93be8e8b1b9..bd476173427 100644 --- a/htdocs/accountancy/journal/sellsjournal.php +++ b/htdocs/accountancy/journal/sellsjournal.php @@ -609,7 +609,7 @@ if ($action == 'exportcsv') { // ISO and not UTF8 ! print '"'.$val["ref"].'"'.$sep; print '"'.utf8_decode(dol_trunc($companystatic->name, 32)).'"'.$sep; print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; - print '"'.$conf->global->ACCOUNTING_ACCOUNT_CUSTOMER.'"'.$sep; + print '"'.length_accountg($conf->global->ACCOUNTING_ACCOUNT_CUSTOMER).'"'.$sep; print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; print '"'.$langs->trans("Thirdparty").'"'.$sep; print '"'.utf8_decode(dol_trunc($companystatic->name, 16)).' - '.$invoicestatic->ref.' - '.$langs->trans("Thirdparty").'"'.$sep; @@ -834,7 +834,7 @@ if (empty($action) || $action == 'view') { print "".$invoicestatic->getNomUrl(1).""; // Account print ""; - $accountoshow = length_accounta($conf->global->ACCOUNTING_ACCOUNT_CUSTOMER); + $accountoshow = length_accountg($conf->global->ACCOUNTING_ACCOUNT_CUSTOMER); if (($accountoshow == "") || $accountoshow == 'NotDefined') { print ''.$langs->trans("MainAccountForCustomersNotDefined").''; } else { diff --git a/htdocs/accountancy/supplier/card.php b/htdocs/accountancy/supplier/card.php index 1e7887c1bdc..05d32d0cec5 100644 --- a/htdocs/accountancy/supplier/card.php +++ b/htdocs/accountancy/supplier/card.php @@ -118,7 +118,7 @@ if (!empty($id)) { $sql .= " WHERE f.fk_statut > 0 AND l.rowid = ".((int) $id); $sql .= " AND f.entity IN (".getEntity('facture_fourn', 0).")"; // We don't share object for accountancy - dol_syslog("/accounting/supplier/card.php sql=".$sql, LOG_DEBUG); + dol_syslog("/accounting/supplier/card.php", LOG_DEBUG); $result = $db->query($sql); if ($result) { diff --git a/htdocs/accountancy/supplier/index.php b/htdocs/accountancy/supplier/index.php index f047ddf70de..1836687d042 100644 --- a/htdocs/accountancy/supplier/index.php +++ b/htdocs/accountancy/supplier/index.php @@ -283,7 +283,7 @@ for ($i = 1; $i <= 12; $i++) { if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(ff.datef)='.$j, 'ffd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(ff.datef)=".$j, "ffd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(ffd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn_det as ffd"; @@ -362,7 +362,7 @@ for ($i = 1; $i <= 12; $i++) { if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(ff.datef)='.$j, 'ffd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(ff.datef)=".$j, "ffd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(ffd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn_det as ffd"; @@ -441,7 +441,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) { // This part of code looks strange if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(ff.datef)='.$j, 'ffd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(ff.datef)=".$j, "ffd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(ffd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn_det as ffd"; diff --git a/htdocs/accountancy/supplier/list.php b/htdocs/accountancy/supplier/list.php index 4fd16df2afe..c6cfd3f7c92 100644 --- a/htdocs/accountancy/supplier/list.php +++ b/htdocs/accountancy/supplier/list.php @@ -193,7 +193,7 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { $accountventilated = new AccountingAccount($db); $accountventilated->fetch($monCompte, '', 1); - dol_syslog('accountancy/supplier/list.php sql='.$sql, LOG_DEBUG); + dol_syslog('accountancy/supplier/list.php', LOG_DEBUG); if ($db->query($sql)) { $msg .= '
'.$langs->trans("Lineofinvoice").' '.$monId.' - '.$langs->trans("VentilatedinAccount").' : '.length_accountg($accountventilated->account_number).'
'; $ok++; diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index 7c5d074d51e..b6cd597254b 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -535,7 +535,7 @@ if (empty($reshook)) { $error++; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Type")), null, 'errors'); } - if ($conf->global->ADHERENT_MAIL_REQUIRED && !isValidEMail($email)) { + if (!empty($conf->global->ADHERENT_MAIL_REQUIRED) && !isValidEMail($email)) { $error++; $langs->load("errors"); setEventMessages($langs->trans("ErrorBadEMail", $email), null, 'errors'); @@ -1032,7 +1032,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print ''; // EMail - print ''.($conf->global->ADHERENT_MAIL_REQUIRED ? '' : '').$langs->trans("EMail").($conf->global->ADHERENT_MAIL_REQUIRED ? '' : '').''; + print ''.(!empty($conf->global->ADHERENT_MAIL_REQUIRED) ? '' : '').$langs->trans("EMail").(!empty($conf->global->ADHERENT_MAIL_REQUIRED) ? '' : '').''; print ''.img_picto('', 'object_email').' '; // Website @@ -1121,15 +1121,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - if (!empty($backtopage)) { - print ''; - } else { - print ''; - } - print '
'; + print $form->buttonsSaveCancel("AddMember"); print "\n"; } @@ -1396,11 +1388,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print ''; print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ''; } @@ -1821,8 +1809,16 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { $company = new Societe($db); $result = $company->fetch($object->socid); print $company->getNomUrl(1); + + // Show link to invoices + $tmparray = $company->getOutstandingBills('customer'); + if (!empty($tmparray['refs'])) { + print ' - '.img_picto($langs->trans("Invoices"), 'bill', 'class="paddingright"').''.$langs->trans("Invoices").': '.count($tmparray['refs']); + // TODO Add alert if warning on at least one invoice late + print ''; + } } else { - print $langs->trans("NoThirdPartyAssociatedToMember"); + print ''.$langs->trans("NoThirdPartyAssociatedToMember").''; } } print ''; @@ -1846,7 +1842,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { } print ''; - //VCard + // VCard print ''; print $langs->trans("VCard").''; print ''; @@ -2002,8 +1998,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Generated documents $filename = dol_sanitizeFileName($object->ref); //$filename = 'tmp_cards.php'; - //$filedir = $conf->adherent->dir_output . '/' . get_exdir($object->id, 2, 0, 0, $object, 'member') . dol_sanitizeFileName($object->ref); - $filedir = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 0, $object, 'member'); + $filedir = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member'); $urlsource = $_SERVER['PHP_SELF'].'?id='.$object->id; $genallowed = $user->rights->adherent->lire; $delallowed = $user->rights->adherent->creer; diff --git a/htdocs/adherents/cartes/carte.php b/htdocs/adherents/cartes/carte.php index 8d9ed70a925..0512349ec4f 100644 --- a/htdocs/adherents/cartes/carte.php +++ b/htdocs/adherents/cartes/carte.php @@ -73,7 +73,7 @@ if ((!empty($foruserid) || !empty($foruserlogin) || !empty($mode)) && !$mesg) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } $sql .= " FROM ".MAIN_DB_PREFIX."adherent_type as t, ".MAIN_DB_PREFIX."adherent as d"; diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 2d5eae90938..78deca61028 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -774,7 +774,7 @@ class Adherent extends CommonObject // Remove links to user and replace with new one if (!$error) { dol_syslog(get_class($this)."::update update link to user"); - $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL WHERE fk_member = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL WHERE fk_member = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -784,7 +784,7 @@ class Adherent extends CommonObject } // If there is a user linked to this member if ($this->user_id > 0) { - $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".$this->id." WHERE rowid = ".$this->user_id; + $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".((int) $this->id)." WHERE rowid = ".((int) $this->user_id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -926,7 +926,7 @@ class Adherent extends CommonObject // Search for last subscription id and end date $sql = "SELECT rowid, datec as dateop, dateadh as datedeb, datef as datefin"; $sql .= " FROM ".MAIN_DB_PREFIX."subscription"; - $sql .= " WHERE fk_adherent=".$this->id; + $sql .= " WHERE fk_adherent = ".((int) $this->id); $sql .= " ORDER by dateadh DESC"; // Sort by start subscription date dol_syslog(get_class($this)."::update_end_date", LOG_DEBUG); @@ -939,7 +939,7 @@ class Adherent extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET"; $sql .= " datefin=".($datefin != '' ? "'".$this->db->idate($datefin)."'" : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_end_date", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1100,7 +1100,7 @@ class Adherent extends CommonObject } else { $sql .= ", pass = '".$this->db->escape($password_indatabase)."'"; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); //dol_syslog("Adherent::Password sql=hidden"); dol_syslog(get_class($this)."::setPassword", LOG_DEBUG); @@ -1223,7 +1223,7 @@ class Adherent extends CommonObject // Add link to third party for current member $sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET fk_soc = ".($thirdpartyid > 0 ? $thirdpartyid : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setThirdPartyId", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1465,7 +1465,7 @@ class Adherent extends CommonObject $sql .= " c.dateadh as dateh,"; $sql .= " c.datef as datef"; $sql .= " FROM ".MAIN_DB_PREFIX."subscription as c"; - $sql .= " WHERE c.fk_adherent = ".$this->id; + $sql .= " WHERE c.fk_adherent = ".((int) $this->id); $sql .= " ORDER BY c.dateadh"; dol_syslog(get_class($this)."::fetch_subscriptions", LOG_DEBUG); @@ -1831,8 +1831,8 @@ class Adherent extends CommonObject if (!$error && !empty($bank_line_id)) { // Update fk_bank into subscription table - $sql = 'UPDATE '.MAIN_DB_PREFIX.'subscription SET fk_bank='.$bank_line_id; - $sql .= ' WHERE rowid='.$subscriptionid; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'subscription SET fk_bank='.((int) $bank_line_id); + $sql .= ' WHERE rowid='.((int) $subscriptionid); $result = $this->db->query($sql); if (!$result) { @@ -1900,8 +1900,8 @@ class Adherent extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET"; $sql .= " statut = ".self::STATUS_VALIDATED; $sql .= ", datevalid = '".$this->db->idate($now)."'"; - $sql .= ", fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= ", fk_user_valid = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate", LOG_DEBUG); $result = $this->db->query($sql); @@ -1952,7 +1952,7 @@ class Adherent extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET"; $sql .= " statut = ".self::STATUS_RESILIATED; $sql .= ", fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { @@ -2002,7 +2002,7 @@ class Adherent extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET"; $sql .= " statut = ".self::STATUS_EXCLUDED; $sql .= ", fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/adherents/class/adherent_type.class.php b/htdocs/adherents/class/adherent_type.class.php index ad24b9f1c05..88dbf6e2b39 100644 --- a/htdocs/adherents/class/adherent_type.class.php +++ b/htdocs/adherents/class/adherent_type.class.php @@ -142,7 +142,7 @@ class AdherentType extends CommonObject $sql = "SELECT lang, label, description, email"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent_type_lang"; - $sql .= " WHERE fk_type=".$this->id; + $sql .= " WHERE fk_type = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { @@ -181,21 +181,21 @@ class AdherentType extends CommonObject if ($key == $current_lang) { $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent_type_lang"; - $sql .= " WHERE fk_type=".$this->id; + $sql .= " WHERE fk_type = ".((int) $this->id); $sql .= " AND lang = '".$this->db->escape($key)."'"; $result = $this->db->query($sql); if ($this->db->num_rows($result)) { // if there is already a description line for this language $sql2 = "UPDATE ".MAIN_DB_PREFIX."adherent_type_lang"; - $sql2 .= " SET "; - $sql2 .= " label='".$this->db->escape($this->label)."',"; - $sql2 .= " description='".$this->db->escape($this->description)."'"; - $sql2 .= " WHERE fk_type=".$this->id." AND lang='".$this->db->escape($key)."'"; + $sql2 .= " SET"; + $sql2 .= " label = '".$this->db->escape($this->label)."',"; + $sql2 .= " description = '".$this->db->escape($this->description)."'"; + $sql2 .= " WHERE fk_type = ".((int) $this->id)." AND lang='".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."adherent_type_lang (fk_type, lang, label, description"; $sql2 .= ")"; - $sql2 .= " VALUES(".$this->id.",'".$this->db->escape($key)."','".$this->db->escape($this->label)."',"; + $sql2 .= " VALUES(".((int) $this->id).",'".$this->db->escape($key)."','".$this->db->escape($this->label)."',"; $sql2 .= " '".$this->db->escape($this->description)."'"; $sql2 .= ")"; } @@ -207,7 +207,7 @@ class AdherentType extends CommonObject } elseif (isset($this->multilangs[$key])) { $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent_type_lang"; - $sql .= " WHERE fk_type=".$this->id; + $sql .= " WHERE fk_type = ".((int) $this->id); $sql .= " AND lang = '".$this->db->escape($key)."'"; $result = $this->db->query($sql); @@ -215,9 +215,9 @@ class AdherentType extends CommonObject if ($this->db->num_rows($result)) { // if there is already a description line for this language $sql2 = "UPDATE ".MAIN_DB_PREFIX."adherent_type_lang"; $sql2 .= " SET "; - $sql2 .= " label='".$this->db->escape($this->multilangs["$key"]["label"])."',"; - $sql2 .= " description='".$this->db->escape($this->multilangs["$key"]["description"])."'"; - $sql2 .= " WHERE fk_type=".$this->id." AND lang='".$this->db->escape($key)."'"; + $sql2 .= " label = '".$this->db->escape($this->multilangs["$key"]["label"])."',"; + $sql2 .= " description = '".$this->db->escape($this->multilangs["$key"]["description"])."'"; + $sql2 .= " WHERE fk_type = ".((int) $this->id)." AND lang='".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."adherent_type_lang (fk_type, lang, label, description"; $sql2 .= ")"; @@ -259,7 +259,7 @@ class AdherentType extends CommonObject public function delMultiLangs($langtodelete, $user) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent_type_lang"; - $sql .= " WHERE fk_type=".$this->id." AND lang='".$this->db->escape($langtodelete)."'"; + $sql .= " WHERE fk_type = ".((int) $this->id)." AND lang = '".$this->db->escape($langtodelete)."'"; dol_syslog(get_class($this).'::delMultiLangs', LOG_DEBUG); $result = $this->db->query($sql); @@ -584,7 +584,7 @@ class AdherentType extends CommonObject /** * Return array of Member objects for member type this->id (or all if this->id not defined) * - * @param string $excludefilter Filter to exclude + * @param string $excludefilter Filter to exclude. This value must not come from a user input. * @param int $mode 0=Return array of member instance * 1=Return array of member instance without extra data * 2=Return array of members id only diff --git a/htdocs/adherents/class/adherentstats.class.php b/htdocs/adherents/class/adherentstats.class.php index 489ed20d6c2..e777108c491 100644 --- a/htdocs/adherents/class/adherentstats.class.php +++ b/htdocs/adherents/class/adherentstats.class.php @@ -70,7 +70,7 @@ class AdherentStats extends Stats $this->where .= " m.statut != -1"; $this->where .= " AND p.fk_adherent = m.rowid AND m.entity IN (".getEntity('adherent').")"; - //if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id; + //if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .((int) $user->id); if ($this->memberid) { $this->where .= " AND m.rowid = ".((int) $this->memberid); } diff --git a/htdocs/adherents/class/api_members.class.php b/htdocs/adherents/class/api_members.class.php index d57a01510d4..b95313bdbc1 100644 --- a/htdocs/adherents/class/api_members.class.php +++ b/htdocs/adherents/class/api_members.class.php @@ -204,7 +204,7 @@ class Members extends DolibarrApi * @param int $limit Limit for list * @param int $page Page number * @param string $typeid ID of the type of member - * @param int $category Use this param to filter list by category + * @param int $category Use this param to filter list by category * @param string $sqlfilters Other criteria to filter answers separated by a comma. * Example: "(t.ref:like:'SO-%') and ((t.date_creation:<:'20160101') or (t.nature:is:NULL))" * @return array Array of member objects diff --git a/htdocs/adherents/class/subscription.class.php b/htdocs/adherents/class/subscription.class.php index fff9d925cd9..cae5dd07beb 100644 --- a/htdocs/adherents/class/subscription.class.php +++ b/htdocs/adherents/class/subscription.class.php @@ -275,7 +275,7 @@ class Subscription extends CommonObject $sql .= " datef='".$this->db->idate($this->datef)."',"; $sql .= " datec='".$this->db->idate($this->datec)."',"; $sql .= " fk_bank = ".($this->fk_bank ? ((int) $this->fk_bank) : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/adherents/ldap.php b/htdocs/adherents/ldap.php index 44d5ee5399b..d714e3d9a32 100644 --- a/htdocs/adherents/ldap.php +++ b/htdocs/adherents/ldap.php @@ -204,7 +204,7 @@ if ($result > 0) { $result = show_ldap_content($records, 0, $records['count'], true); } } else { - print ''.$langs->trans("LDAPRecordNotFound").' (dn='.$dn.' - search='.$search.')'; + print ''.$langs->trans("LDAPRecordNotFound").' (dn='.dol_escape_htmltag($dn).' - search='.dol_escape_htmltag($search).')'; } } diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index 68430a71bab..fd667ad6a2f 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -323,7 +323,7 @@ $sql .= " state.code_departement as state_code, state.nom as state_name,"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks diff --git a/htdocs/adherents/subscription.php b/htdocs/adherents/subscription.php index 7f8da3a33b3..3a967677e17 100644 --- a/htdocs/adherents/subscription.php +++ b/htdocs/adherents/subscription.php @@ -209,7 +209,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && ! // Subscription informations $datesubscription = 0; $datesubend = 0; - $paymentdate = 0; + $paymentdate = ''; // Do not use 0 here, default value is '' that means not filled where 0 means 1970-01-01 if (GETPOST("reyear", "int") && GETPOST("remonth", "int") && GETPOST("reday", "int")) { $datesubscription = dol_mktime(0, 0, 0, GETPOST("remonth", "int"), GETPOST("reday", "int"), GETPOST("reyear", "int")); } @@ -260,7 +260,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && ! } // Check if a payment is mandatory or not - if (!$error && $adht->subscription) { // Member type need subscriptions + if ($adht->subscription) { // Member type need subscriptions if (!is_numeric($amount)) { // If field is '' or not a numeric value $errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("Amount")); @@ -268,28 +268,35 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && ! $error++; $action = 'addsubscription'; } else { + // If an amount has been provided, we check also fields that becomes mandatory when amount is not null. if (!empty($conf->banque->enabled) && GETPOST("paymentsave") != 'none') { if (GETPOST("subscription")) { if (!GETPOST("label")) { $errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("Label")); + setEventMessages($errmsg, null, 'errors'); + $error++; + $action = 'addsubscription'; } if (GETPOST("paymentsave") != 'invoiceonly' && !GETPOST("operation")) { $errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode")); + setEventMessages($errmsg, null, 'errors'); + $error++; + $action = 'addsubscription'; } if (GETPOST("paymentsave") != 'invoiceonly' && !(GETPOST("accountid", 'int') > 0)) { $errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("FinancialAccount")); + setEventMessages($errmsg, null, 'errors'); + $error++; + $action = 'addsubscription'; } } else { - if (GETPOST("accountid")) { + if (GETPOST("accountid", 'int')) { $errmsg = $langs->trans("ErrorDoNotProvideAccountsIfNullAmount"); + setEventMessages($errmsg, null, 'errors'); + $error++; + $action = 'addsubscription'; } } - if ($errmsg) { - $error++; - setEventMessages($errmsg, null, 'errors'); - $error++; - $action = 'addsubscription'; - } } } } @@ -601,8 +608,16 @@ if ($rowid > 0) { $company = new Societe($db); $result = $company->fetch($object->fk_soc); print $company->getNomUrl(1); + + // Show link to invoices + $tmparray = $company->getOutstandingBills('customer'); + if (!empty($tmparray['refs'])) { + print ' - '.img_picto($langs->trans("Invoices"), 'bill', 'class="paddingright"').''.$langs->trans("Invoices").': '.count($tmparray['refs']); + // TODO Add alert if warning on at least one invoice late + print ''; + } } else { - print $langs->trans("NoThirdPartyAssociatedToMember"); + print ''.$langs->trans("NoThirdPartyAssociatedToMember").''; } } print ''; @@ -628,7 +643,7 @@ if ($rowid > 0) { if ($object->user_id) { $form->form_users($_SERVER['PHP_SELF'].'?rowid='.$object->id, $object->user_id, 'none'); } else { - print $langs->trans("NoDolibarrAccess"); + print ''.$langs->trans("NoDolibarrAccess").''; } } print ''; @@ -970,17 +985,18 @@ if ($rowid > 0) { print ''.$langs->trans('MoreActions'); print ''; print ''; - print ' '.$langs->trans("None").'
'; + print ''; + print '
'; // Add entry into bank accoun if (!empty($conf->banque->enabled)) { print ' '.$langs->trans("MoreActionBankDirect").'
'; + print '>
'; } // Add invoice with no payments if (!empty($conf->societe->enabled) && !empty($conf->facture->enabled)) { print 'fk_soc)) print ' disabled'; - print '> '.$langs->trans("MoreActionInvoiceOnly"); + print '>
'; } // Add invoice with payments if (!empty($conf->banque->enabled) && !empty($conf->societe->enabled) && !empty($conf->facture->enabled)) { print 'fk_soc)) print ' disabled'; - print '> '.$langs->trans("MoreActionBankViaInvoice"); + print '>
'; } print ''; diff --git a/htdocs/adherents/subscription/card.php b/htdocs/adherents/subscription/card.php index 575d6d2301b..3f4a3872980 100644 --- a/htdocs/adherents/subscription/card.php +++ b/htdocs/adherents/subscription/card.php @@ -245,11 +245,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print ''; - print '       '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; print "\n"; diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php index 10560d38648..7ff9c3806a5 100644 --- a/htdocs/adherents/type.php +++ b/htdocs/adherents/type.php @@ -381,12 +381,12 @@ if ($action == 'create') { print ''.$langs->trans("Description").''; require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; - $doleditor = new DolEditor('comment', $object->note, '', 200, 'dolibarr_notes', '', false, true, $conf->fckeditor->enabled, 15, '90%'); + $doleditor = new DolEditor('comment', $object->note, '', 200, 'dolibarr_notes', '', false, true, empty($conf->fckeditor->enabled) ? false : $conf->fckeditor->enabled, 15, '90%'); $doleditor->Create(); print ''.$langs->trans("WelcomeEMail").''; require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; - $doleditor = new DolEditor('mail_valid', $object->mail_valid, '', 250, 'dolibarr_notes', '', false, true, $conf->fckeditor->enabled, 15, '90%'); + $doleditor = new DolEditor('mail_valid', $object->mail_valid, '', 250, 'dolibarr_notes', '', false, true, empty($conf->fckeditor->enabled) ? false : $conf->fckeditor->enabled, 15, '90%'); $doleditor->Create(); print ''; @@ -399,9 +399,8 @@ if ($action == 'create') { print dol_get_fiche_end(); print '
'; - print ''; - print '     '; - print ''; + print ''; + print ''; print '
'; print "\n"; @@ -814,12 +813,12 @@ if ($rowid > 0) { print ''.$langs->trans("Description").''; require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; - $doleditor = new DolEditor('comment', $object->note, '', 280, 'dolibarr_notes', '', false, true, $conf->fckeditor->enabled, 15, '90%'); + $doleditor = new DolEditor('comment', $object->note, '', 280, 'dolibarr_notes', '', false, true, empty($conf->fckeditor->enabled) ? false : $conf->fckeditor->enabled, 15, '90%'); $doleditor->Create(); print ""; print ''.$langs->trans("WelcomeEMail").''; - $doleditor = new DolEditor('mail_valid', $object->mail_valid, '', 280, 'dolibarr_notes', '', false, true, $conf->fckeditor->enabled, 15, '90%'); + $doleditor = new DolEditor('mail_valid', $object->mail_valid, '', 280, 'dolibarr_notes', '', false, true, empty($conf->fckeditor->enabled) ? false : $conf->fckeditor->enabled, 15, '90%'); $doleditor->Create(); print ""; @@ -830,11 +829,7 @@ if ($rowid > 0) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ""; } diff --git a/htdocs/adherents/type_ldap.php b/htdocs/adherents/type_ldap.php index 87a952a68b4..a695f84bb81 100644 --- a/htdocs/adherents/type_ldap.php +++ b/htdocs/adherents/type_ldap.php @@ -166,7 +166,7 @@ if ($result > 0) { $result = show_ldap_content($records, 0, $records['count'], true); } } else { - print ''.$langs->trans("LDAPRecordNotFound").' (dn='.$dn.' - search='.$search.')'; + print ''.$langs->trans("LDAPRecordNotFound").' (dn='.dol_escape_htmltag($dn).' - search='.dol_escape_htmltag($search).')'; } $ldap->unbind(); diff --git a/htdocs/adherents/type_translation.php b/htdocs/adherents/type_translation.php index 6c8f273ae77..63ff01584b0 100644 --- a/htdocs/adherents/type_translation.php +++ b/htdocs/adherents/type_translation.php @@ -228,13 +228,7 @@ if ($action == 'edit') { } } - print '
'; - - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } elseif ($action != 'create') { @@ -297,11 +291,7 @@ if ($action == 'create' && $user->rights->adherent->configurer) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; diff --git a/htdocs/admin/accountant.php b/htdocs/admin/accountant.php index 24df7e0cb68..c7bd40efa37 100644 --- a/htdocs/admin/accountant.php +++ b/htdocs/admin/accountant.php @@ -177,12 +177,7 @@ print ''; print ''; -print '
'; -print ''; -//print '     '; -//print ''; -print '
'; -//print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/agenda.php b/htdocs/admin/agenda.php index a3d725bee93..730983ad090 100644 --- a/htdocs/admin/agenda.php +++ b/htdocs/admin/agenda.php @@ -209,9 +209,7 @@ print ''; print dol_get_fiche_end(); -print '
'; -print ''; -print "
"; +print $form->buttonsSaveCancel("Save", ''); print "\n"; diff --git a/htdocs/admin/agenda_other.php b/htdocs/admin/agenda_other.php index 54d5158b4ed..463df5475f9 100644 --- a/htdocs/admin/agenda_other.php +++ b/htdocs/admin/agenda_other.php @@ -392,7 +392,7 @@ print ''; print dol_get_fiche_end(); -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/agenda_xcal.php b/htdocs/admin/agenda_xcal.php index 59dd1bf1ac2..f854649962c 100644 --- a/htdocs/admin/agenda_xcal.php +++ b/htdocs/admin/agenda_xcal.php @@ -139,9 +139,7 @@ print ''; print dol_get_fiche_end(); -print '
'; -print ''; -print "
"; +print $form->buttonsSaveCancel("Save", ''); print "\n"; @@ -165,24 +163,27 @@ $urlvcal = ''.$langs->trans("WebCalUrlForVCalExport", 'vcal', '').''); $message .= '
'; -$message .= ''; +$message .= ''; $message .= '
'; +$message .= ajax_autoselect('onlinepaymenturl1'); $message .= '
'; $urlical = ''; $urlical .= $urlwithroot.'/public/agenda/agendaexport.php?format=ical&type=event'.$getentity.'&exportkey='.($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY ?urlencode($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY) : 'KEYNOTDEFINED').''; $message .= img_picto('', 'globe').' '.str_replace('{url}', $urlical, ''.$langs->trans("WebCalUrlForVCalExport", 'ical/ics', '').''); $message .= '
'; -$message .= ''; +$message .= ''; $message .= '
'; +$message .= ajax_autoselect('onlinepaymenturl2'); $message .= '
'; $urlrss = ''; $urlrss .= $urlwithroot.'/public/agenda/agendaexport.php?format=rss'.$getentity.'&exportkey='.($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY ?urlencode($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY) : 'KEYNOTDEFINED').''; $message .= img_picto('', 'globe').' '.str_replace('{url}', $urlrss, ''.$langs->trans("WebCalUrlForVCalExport", 'rss', '').''); $message .= '
'; -$message .= ''; +$message .= ''; $message .= '
'; +$message .= ajax_autoselect('onlinepaymenturl3'); $message .= '
'; print $message; diff --git a/htdocs/admin/bank.php b/htdocs/admin/bank.php index 79853c9cda9..fb937dc1dbe 100644 --- a/htdocs/admin/bank.php +++ b/htdocs/admin/bank.php @@ -499,9 +499,7 @@ print "\n"; print ''; print dol_get_fiche_end(); -print '
'; -print ''; -print '
'; +$form->buttonsSaveCancel("Save", ''); print "\n"; diff --git a/htdocs/admin/barcode.php b/htdocs/admin/barcode.php index e6211f0b56f..b0eb36d81ac 100644 --- a/htdocs/admin/barcode.php +++ b/htdocs/admin/barcode.php @@ -272,8 +272,7 @@ if ($resql) { print "\n"; if (empty($conf->use_javascript_ajax)) { - print '
'; - print ''; + print $form->buttonsSaveCancel("Save", ''); } print "
"; diff --git a/htdocs/admin/boxes.php b/htdocs/admin/boxes.php index 56971457f76..c4e697bfe00 100644 --- a/htdocs/admin/boxes.php +++ b/htdocs/admin/boxes.php @@ -473,9 +473,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL == 2 || !empty($conf->global->MAIN_ACTIVA print ''; print ''; -print '
'; -print '
'; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; print "\n".''."\n"; diff --git a/htdocs/admin/company.php b/htdocs/admin/company.php index 0ca1ae7d98e..7420aa17ce9 100644 --- a/htdocs/admin/company.php +++ b/htdocs/admin/company.php @@ -824,10 +824,7 @@ if ($mysoc->useRevenueStamp()) { print ""; - -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/company_socialnetworks.php b/htdocs/admin/company_socialnetworks.php index 2d4b2e6d128..57c75b352f8 100644 --- a/htdocs/admin/company_socialnetworks.php +++ b/htdocs/admin/company_socialnetworks.php @@ -135,9 +135,7 @@ print ''; print '
'; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/contract.php b/htdocs/admin/contract.php index c10a6ed04b4..ea8a80b17d6 100644 --- a/htdocs/admin/contract.php +++ b/htdocs/admin/contract.php @@ -468,9 +468,7 @@ print ''; print ''; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/delais.php b/htdocs/admin/delais.php index 4b1e34335e8..2c6f9dc17c9 100644 --- a/htdocs/admin/delais.php +++ b/htdocs/admin/delais.php @@ -448,8 +448,8 @@ if (empty($conf->global->MAIN_DISABLE_METEO) || $conf->global->MAIN_DISABLE_METE if ($action == 'edit') { - print '
'; - print '
'; + print $form->buttonsSaveCancel("Save", ''); + print ''; } else { print '
'; print ''.$langs->trans("Modify").'
'; diff --git a/htdocs/admin/dolistore/class/dolistore.class.php b/htdocs/admin/dolistore/class/dolistore.class.php index 9e5a1e8bce1..bfcb751f9a9 100644 --- a/htdocs/admin/dolistore/class/dolistore.class.php +++ b/htdocs/admin/dolistore/class/dolistore.class.php @@ -84,7 +84,7 @@ class Dolistore try { $this->api = new PrestaShopWebservice($conf->global->MAIN_MODULE_DOLISTORE_API_SRV, $conf->global->MAIN_MODULE_DOLISTORE_API_KEY, $this->debug_api); - dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".$conf->global->MAIN_MODULE_DOLISTORE_API_SRV); + dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".getDolGlobalString('MAIN_MODULE_DOLISTORE_API_SRV')); // $conf->global->MAIN_MODULE_DOLISTORE_API_KEY is for the login of basic auth. There is no password as it is public data. // Here we set the option array for the Webservice : we want categories resources @@ -134,7 +134,7 @@ class Dolistore try { $this->api = new PrestaShopWebservice($conf->global->MAIN_MODULE_DOLISTORE_API_SRV, $conf->global->MAIN_MODULE_DOLISTORE_API_KEY, $this->debug_api); - dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".$conf->global->MAIN_MODULE_DOLISTORE_API_SRV); + dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".getDolGlobalString('MAIN_MODULE_DOLISTORE_API_SRV')); // $conf->global->MAIN_MODULE_DOLISTORE_API_KEY is for the login of basic auth. There is no password as it is public data. // Here we set the option array for the Webservice : we want products resources diff --git a/htdocs/admin/emailcollector_card.php b/htdocs/admin/emailcollector_card.php index fdc0b893087..fe1a61c686c 100644 --- a/htdocs/admin/emailcollector_card.php +++ b/htdocs/admin/emailcollector_card.php @@ -276,11 +276,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; } @@ -309,9 +305,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/admin/emailcollector_list.php b/htdocs/admin/emailcollector_list.php index c57e681be34..ddfa847d813 100644 --- a/htdocs/admin/emailcollector_list.php +++ b/htdocs/admin/emailcollector_list.php @@ -208,12 +208,12 @@ $title = $langs->trans('ListOf', $langs->transnoentitiesnoconv("EmailCollector") // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -259,7 +259,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY "; foreach ($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/admin/eventorganization.php b/htdocs/admin/eventorganization.php index d01aece1ca0..c37c5ccd41f 100644 --- a/htdocs/admin/eventorganization.php +++ b/htdocs/admin/eventorganization.php @@ -298,11 +298,7 @@ if ($action == 'edit') { } print ''; - print '
'; - print ''; - print '   '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; print '
'; diff --git a/htdocs/admin/expensereport.php b/htdocs/admin/expensereport.php index 7ff30242336..0b6beb2abc6 100644 --- a/htdocs/admin/expensereport.php +++ b/htdocs/admin/expensereport.php @@ -460,9 +460,7 @@ print ''."\n"; print ''; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/fckeditor.php b/htdocs/admin/fckeditor.php index 3388b649a67..9d3fd768647 100644 --- a/htdocs/admin/fckeditor.php +++ b/htdocs/admin/fckeditor.php @@ -215,7 +215,7 @@ if (empty($conf->use_javascript_ajax)) { print $conf->global->FCKEDITOR_TEST; print ''; } - print '
'."\n"; + print $form->buttonsSaveCancel("Save", ''); print '
'; print ''."\n"; diff --git a/htdocs/admin/holiday.php b/htdocs/admin/holiday.php index c9214742d13..9dfb15477cc 100644 --- a/htdocs/admin/holiday.php +++ b/htdocs/admin/holiday.php @@ -556,10 +556,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL >= 2) { print ''; print ''; - -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/ihm.php b/htdocs/admin/ihm.php index cf4c250a678..5b9a11dcf5f 100644 --- a/htdocs/admin/ihm.php +++ b/htdocs/admin/ihm.php @@ -43,12 +43,12 @@ if (!$user->admin) { $action = GETPOST('action', 'aZ09'); $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'adminihm'; // To manage different context of search +$mode = GETPOST('mode', 'aZ09') ? GETPOST('mode', 'aZ09') : 'language'; // 'language', 'template', 'login', 'other' + if (!defined("MAIN_MOTD")) { define("MAIN_MOTD", ""); } - - /* * Action */ @@ -94,168 +94,178 @@ if ($action == 'removebackgroundlogin' && !empty($conf->global->MAIN_LOGIN_BACKG } if ($action == 'update') { - dolibarr_set_const($db, "MAIN_LANG_DEFAULT", GETPOST("MAIN_LANG_DEFAULT", 'aZ09'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_IHM_PARAMS_REV", (int) $conf->global->MAIN_IHM_PARAMS_REV + 1, 'chaine', 0, '', $conf->entity); - //dolibarr_set_const($db, "MAIN_MULTILANGS", GETPOST("MAIN_MULTILANGS"), 'chaine', 0, '', $conf->entity); + $error = 0; - dolibarr_set_const($db, "MAIN_THEME", GETPOST("main_theme", 'aZ09'), 'chaine', 0, '', $conf->entity); - - /*$val=GETPOST('THEME_TOPMENU_DISABLE_IMAGE'); - if (! $val) dolibarr_del_const($db, 'THEME_TOPMENU_DISABLE_IMAGE', $conf->entity); - else dolibarr_set_const($db, 'THEME_TOPMENU_DISABLE_IMAGE', GETPOST('THEME_TOPMENU_DISABLE_IMAGE'), 'chaine', 0, '', $conf->entity);*/ - - $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_BACKBODY'), array())))); - if ($val == '') { - dolibarr_del_const($db, 'THEME_ELDY_BACKBODY', $conf->entity); - } else { - dolibarr_set_const($db, 'THEME_ELDY_BACKBODY', $val, 'chaine', 0, '', $conf->entity); + if ($mode == 'language') { + dolibarr_set_const($db, "MAIN_LANG_DEFAULT", GETPOST("MAIN_LANG_DEFAULT", 'aZ09'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_IHM_PARAMS_REV", (int) $conf->global->MAIN_IHM_PARAMS_REV + 1, 'chaine', 0, '', $conf->entity); + //dolibarr_set_const($db, "MAIN_MULTILANGS", GETPOST("MAIN_MULTILANGS"), 'chaine', 0, '', $conf->entity); } - $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_TOPMENU_BACK1'), array())))); - if ($val == '') { - dolibarr_del_const($db, 'THEME_ELDY_TOPMENU_BACK1', $conf->entity); - } else { - dolibarr_set_const($db, 'THEME_ELDY_TOPMENU_BACK1', $val, 'chaine', 0, '', $conf->entity); + if ($mode == 'template') { + dolibarr_set_const($db, "MAIN_THEME", GETPOST("main_theme", 'aZ09'), 'chaine', 0, '', $conf->entity); + + /*$val=GETPOST('THEME_TOPMENU_DISABLE_IMAGE'); + if (! $val) dolibarr_del_const($db, 'THEME_TOPMENU_DISABLE_IMAGE', $conf->entity); + else dolibarr_set_const($db, 'THEME_TOPMENU_DISABLE_IMAGE', GETPOST('THEME_TOPMENU_DISABLE_IMAGE'), 'chaine', 0, '', $conf->entity);*/ + + $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_BACKBODY'), array())))); + if ($val == '') { + dolibarr_del_const($db, 'THEME_ELDY_BACKBODY', $conf->entity); + } else { + dolibarr_set_const($db, 'THEME_ELDY_BACKBODY', $val, 'chaine', 0, '', $conf->entity); + } + + $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_TOPMENU_BACK1'), array())))); + if ($val == '') { + dolibarr_del_const($db, 'THEME_ELDY_TOPMENU_BACK1', $conf->entity); + } else { + dolibarr_set_const($db, 'THEME_ELDY_TOPMENU_BACK1', $val, 'chaine', 0, '', $conf->entity); + } + + $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_VERMENU_BACK1'), array())))); + if ($val == '') { + dolibarr_del_const($db, 'THEME_ELDY_VERMENU_BACK1', $conf->entity); + } else { + dolibarr_set_const($db, 'THEME_ELDY_VERMENU_BACK1', $val, 'chaine', 0, '', $conf->entity); + } + + $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_TEXTTITLENOTAB'), array())))); + if ($val == '') { + dolibarr_del_const($db, 'THEME_ELDY_TEXTTITLENOTAB', $conf->entity); + } else { + dolibarr_set_const($db, 'THEME_ELDY_TEXTTITLENOTAB', $val, 'chaine', 0, '', $conf->entity); + } + + $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_BACKTITLE1'), array())))); + if ($val == '') { + dolibarr_del_const($db, 'THEME_ELDY_BACKTITLE1', $conf->entity); + } else { + dolibarr_set_const($db, 'THEME_ELDY_BACKTITLE1', $val, 'chaine', 0, '', $conf->entity); + } + + $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_TEXTTITLE'), array())))); + if ($val == '') { + dolibarr_del_const($db, 'THEME_ELDY_TEXTTITLE', $conf->entity); + } else { + dolibarr_set_const($db, 'THEME_ELDY_TEXTTITLE', $val, 'chaine', 0, '', $conf->entity); + } + + $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_TEXTTITLELINK'), array())))); + if ($val == '') { + dolibarr_del_const($db, 'THEME_ELDY_TEXTTITLELINK', $conf->entity); + } else { + dolibarr_set_const($db, 'THEME_ELDY_TEXTTITLELINK', $val, 'chaine', 0, '', $conf->entity); + } + + $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_LINEIMPAIR1'), array())))); + if ($val == '') { + dolibarr_del_const($db, 'THEME_ELDY_LINEIMPAIR1', $conf->entity); + } else { + dolibarr_set_const($db, 'THEME_ELDY_LINEIMPAIR1', $val, 'chaine', 0, '', $conf->entity); + } + $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_LINEIMPAIR1'), array())))); + if ($val == '') { + dolibarr_del_const($db, 'THEME_ELDY_LINEIMPAIR2', $conf->entity); + } else { + dolibarr_set_const($db, 'THEME_ELDY_LINEIMPAIR2', $val, 'chaine', 0, '', $conf->entity); + } + + $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_LINEPAIR1'), array())))); + if ($val == '') { + dolibarr_del_const($db, 'THEME_ELDY_LINEPAIR1', $conf->entity); + } else { + dolibarr_set_const($db, 'THEME_ELDY_LINEPAIR1', $val, 'chaine', 0, '', $conf->entity); + } + $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_LINEPAIR1'), array())))); + if ($val == '') { + dolibarr_del_const($db, 'THEME_ELDY_LINEPAIR2', $conf->entity); + } else { + dolibarr_set_const($db, 'THEME_ELDY_LINEPAIR2', $val, 'chaine', 0, '', $conf->entity); + } + + $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_TEXTLINK'), array())))); + if ($val == '') { + dolibarr_del_const($db, 'THEME_ELDY_TEXTLINK', $conf->entity); + } else { + dolibarr_set_const($db, 'THEME_ELDY_TEXTLINK', $val, 'chaine', 0, '', $conf->entity); + } + + $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_USE_HOVER'), array())))); + if ($val == '') { + dolibarr_del_const($db, 'THEME_ELDY_USE_HOVER', $conf->entity); + } else { + dolibarr_set_const($db, "THEME_ELDY_USE_HOVER", $val, 'chaine', 0, '', $conf->entity); + } + + $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_USE_CHECKED'), array())))); + if ($val == '') { + dolibarr_del_const($db, 'THEME_ELDY_USE_CHECKED', $conf->entity); + } else { + dolibarr_set_const($db, "THEME_ELDY_USE_CHECKED", $val, 'chaine', 0, '', $conf->entity); + } } - $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_VERMENU_BACK1'), array())))); - if ($val == '') { - dolibarr_del_const($db, 'THEME_ELDY_VERMENU_BACK1', $conf->entity); - } else { - dolibarr_set_const($db, 'THEME_ELDY_VERMENU_BACK1', $val, 'chaine', 0, '', $conf->entity); + if ($mode == 'other') { + dolibarr_set_const($db, "MAIN_SIZE_LISTE_LIMIT", GETPOST("main_size_liste_limit", 'int'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_SIZE_SHORTLIST_LIMIT", GETPOST("main_size_shortliste_limit", 'int'), 'chaine', 0, '', $conf->entity); + + //dolibarr_set_const($db, "MAIN_DISABLE_JAVASCRIPT", GETPOST("MAIN_DISABLE_JAVASCRIPT", 'aZ09'), 'chaine', 0, '', $conf->entity); + //dolibarr_set_const($db, "MAIN_BUTTON_HIDE_UNAUTHORIZED", GETPOST("MAIN_BUTTON_HIDE_UNAUTHORIZED", 'aZ09'), 'chaine', 0, '', $conf->entity); + //dolibarr_set_const($db, "MAIN_MENU_HIDE_UNAUTHORIZED", GETPOST("MAIN_MENU_HIDE_UNAUTHORIZED", 'aZ09'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_START_WEEK", GETPOST("MAIN_START_WEEK", 'int'), 'chaine', 0, '', $conf->entity); + + dolibarr_set_const($db, "MAIN_DEFAULT_WORKING_DAYS", GETPOST("MAIN_DEFAULT_WORKING_DAYS", 'alphanohtml'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_DEFAULT_WORKING_HOURS", GETPOST("MAIN_DEFAULT_WORKING_HOURS", 'alphanohtml'), 'chaine', 0, '', $conf->entity); + + dolibarr_set_const($db, "MAIN_BUGTRACK_ENABLELINK", GETPOST("MAIN_BUGTRACK_ENABLELINK", 'alpha'), 'chaine', 0, '', $conf->entity); + + dolibarr_set_const($db, "MAIN_FIRSTNAME_NAME_POSITION", GETPOST("MAIN_FIRSTNAME_NAME_POSITION", 'aZ09'), 'chaine', 0, '', $conf->entity); + + dolibarr_set_const($db, "MAIN_MOTD", dol_htmlcleanlastbr(GETPOST("main_motd", 'restricthtml')), 'chaine', 0, '', $conf->entity); } - $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_TEXTTITLENOTAB'), array())))); - if ($val == '') { - dolibarr_del_const($db, 'THEME_ELDY_TEXTTITLENOTAB', $conf->entity); - } else { - dolibarr_set_const($db, 'THEME_ELDY_TEXTTITLENOTAB', $val, 'chaine', 0, '', $conf->entity); - } + if ($mode == 'login') { + dolibarr_set_const($db, "MAIN_HOME", dol_htmlcleanlastbr(GETPOST("main_home", 'restricthtml')), 'chaine', 0, '', $conf->entity); + //dolibarr_set_const($db, "MAIN_HELP_DISABLELINK", GETPOST("MAIN_HELP_DISABLELINK", 'aZ09'), 'chaine', 0, '', 0); // Param for all entities - $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_BACKTITLE1'), array())))); - if ($val == '') { - dolibarr_del_const($db, 'THEME_ELDY_BACKTITLE1', $conf->entity); - } else { - dolibarr_set_const($db, 'THEME_ELDY_BACKTITLE1', $val, 'chaine', 0, '', $conf->entity); - } + $varforimage = 'imagebackground'; + $dirforimage = $conf->mycompany->dir_output . '/logos/'; + if ($_FILES[$varforimage]["tmp_name"]) { + $reg = array(); + if (preg_match('/([^\\/:]+)$/i', $_FILES[$varforimage]["name"], $reg)) { + $original_file = $reg[1]; - $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_TEXTTITLE'), array())))); - if ($val == '') { - dolibarr_del_const($db, 'THEME_ELDY_TEXTTITLE', $conf->entity); - } else { - dolibarr_set_const($db, 'THEME_ELDY_TEXTTITLE', $val, 'chaine', 0, '', $conf->entity); - } - - $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_TEXTTITLELINK'), array())))); - if ($val == '') { - dolibarr_del_const($db, 'THEME_ELDY_TEXTTITLELINK', $conf->entity); - } else { - dolibarr_set_const($db, 'THEME_ELDY_TEXTTITLELINK', $val, 'chaine', 0, '', $conf->entity); - } - - $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_LINEIMPAIR1'), array())))); - if ($val == '') { - dolibarr_del_const($db, 'THEME_ELDY_LINEIMPAIR1', $conf->entity); - } else { - dolibarr_set_const($db, 'THEME_ELDY_LINEIMPAIR1', $val, 'chaine', 0, '', $conf->entity); - } - $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_LINEIMPAIR1'), array())))); - if ($val == '') { - dolibarr_del_const($db, 'THEME_ELDY_LINEIMPAIR2', $conf->entity); - } else { - dolibarr_set_const($db, 'THEME_ELDY_LINEIMPAIR2', $val, 'chaine', 0, '', $conf->entity); - } - - $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_LINEPAIR1'), array())))); - if ($val == '') { - dolibarr_del_const($db, 'THEME_ELDY_LINEPAIR1', $conf->entity); - } else { - dolibarr_set_const($db, 'THEME_ELDY_LINEPAIR1', $val, 'chaine', 0, '', $conf->entity); - } - $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_LINEPAIR1'), array())))); - if ($val == '') { - dolibarr_del_const($db, 'THEME_ELDY_LINEPAIR2', $conf->entity); - } else { - dolibarr_set_const($db, 'THEME_ELDY_LINEPAIR2', $val, 'chaine', 0, '', $conf->entity); - } - - $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_TEXTLINK'), array())))); - if ($val == '') { - dolibarr_del_const($db, 'THEME_ELDY_TEXTLINK', $conf->entity); - } else { - dolibarr_set_const($db, 'THEME_ELDY_TEXTLINK', $val, 'chaine', 0, '', $conf->entity); - } - - $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_USE_HOVER'), array())))); - if ($val == '') { - dolibarr_del_const($db, 'THEME_ELDY_USE_HOVER', $conf->entity); - } else { - dolibarr_set_const($db, "THEME_ELDY_USE_HOVER", $val, 'chaine', 0, '', $conf->entity); - } - - $val = (implode(',', (colorStringToArray(GETPOST('THEME_ELDY_USE_CHECKED'), array())))); - if ($val == '') { - dolibarr_del_const($db, 'THEME_ELDY_USE_CHECKED', $conf->entity); - } else { - dolibarr_set_const($db, "THEME_ELDY_USE_CHECKED", $val, 'chaine', 0, '', $conf->entity); - } - - dolibarr_set_const($db, "MAIN_SIZE_LISTE_LIMIT", GETPOST("main_size_liste_limit", 'int'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_SIZE_SHORTLIST_LIMIT", GETPOST("main_size_shortliste_limit", 'int'), 'chaine', 0, '', $conf->entity); - - //dolibarr_set_const($db, "MAIN_DISABLE_JAVASCRIPT", GETPOST("MAIN_DISABLE_JAVASCRIPT", 'aZ09'), 'chaine', 0, '', $conf->entity); - //dolibarr_set_const($db, "MAIN_BUTTON_HIDE_UNAUTHORIZED", GETPOST("MAIN_BUTTON_HIDE_UNAUTHORIZED", 'aZ09'), 'chaine', 0, '', $conf->entity); - //dolibarr_set_const($db, "MAIN_MENU_HIDE_UNAUTHORIZED", GETPOST("MAIN_MENU_HIDE_UNAUTHORIZED", 'aZ09'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_START_WEEK", GETPOST("MAIN_START_WEEK", 'int'), 'chaine', 0, '', $conf->entity); - - dolibarr_set_const($db, "MAIN_DEFAULT_WORKING_DAYS", GETPOST("MAIN_DEFAULT_WORKING_DAYS", 'alphanohtml'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_DEFAULT_WORKING_HOURS", GETPOST("MAIN_DEFAULT_WORKING_HOURS", 'alphanohtml'), 'chaine', 0, '', $conf->entity); - - dolibarr_set_const($db, "MAIN_BUGTRACK_ENABLELINK", GETPOST("MAIN_BUGTRACK_ENABLELINK", 'alpha'), 'chaine', 0, '', $conf->entity); - - dolibarr_set_const($db, "MAIN_FIRSTNAME_NAME_POSITION", GETPOST("MAIN_FIRSTNAME_NAME_POSITION", 'aZ09'), 'chaine', 0, '', $conf->entity); - - dolibarr_set_const($db, "MAIN_MOTD", dol_htmlcleanlastbr(GETPOST("main_motd", 'restricthtml')), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_HOME", dol_htmlcleanlastbr(GETPOST("main_home", 'restricthtml')), 'chaine', 0, '', $conf->entity); - //dolibarr_set_const($db, "MAIN_HELP_DISABLELINK", GETPOST("MAIN_HELP_DISABLELINK", 'aZ09'), 'chaine', 0, '', 0); // Param for all entities - - $varforimage = 'imagebackground'; $dirforimage = $conf->mycompany->dir_output.'/logos/'; - if ($_FILES[$varforimage]["tmp_name"]) { - $reg = array(); - if (preg_match('/([^\\/:]+)$/i', $_FILES[$varforimage]["name"], $reg)) { - $original_file = $reg[1]; - - $isimage = image_format_supported($original_file); - if ($isimage >= 0) { - dol_syslog("Move file ".$_FILES[$varforimage]["tmp_name"]." to ".$dirforimage.$original_file); - if (!is_dir($dirforimage)) { - dol_mkdir($dirforimage); - } - $result = dol_move_uploaded_file($_FILES[$varforimage]["tmp_name"], $dirforimage.$original_file, 1, 0, $_FILES[$varforimage]['error']); - if ($result > 0) { - dolibarr_set_const($db, "MAIN_LOGIN_BACKGROUND", $original_file, 'chaine', 0, '', $conf->entity); - } elseif (preg_match('/^ErrorFileIsInfectedWithAVirus/', $result)) { - $error++; - $langs->load("errors"); - $tmparray = explode(':', $result); - setEventMessages($langs->trans('ErrorFileIsInfectedWithAVirus', $tmparray[1]), null, 'errors'); + $isimage = image_format_supported($original_file); + if ($isimage >= 0) { + dol_syslog("Move file " . $_FILES[$varforimage]["tmp_name"] . " to " . $dirforimage . $original_file); + if (!is_dir($dirforimage)) { + dol_mkdir($dirforimage); + } + $result = dol_move_uploaded_file($_FILES[$varforimage]["tmp_name"], $dirforimage . $original_file, 1, 0, $_FILES[$varforimage]['error']); + if ($result > 0) { + dolibarr_set_const($db, "MAIN_LOGIN_BACKGROUND", $original_file, 'chaine', 0, '', $conf->entity); + } elseif (preg_match('/^ErrorFileIsInfectedWithAVirus/', $result)) { + $error++; + $langs->load("errors"); + $tmparray = explode(':', $result); + setEventMessages($langs->trans('ErrorFileIsInfectedWithAVirus', $tmparray[1]), null, 'errors'); + } else { + $error++; + setEventMessages($langs->trans("ErrorFailedToSaveFile"), null, 'errors'); + } } else { $error++; - setEventMessages($langs->trans("ErrorFailedToSaveFile"), null, 'errors'); + $langs->load("errors"); + setEventMessages($langs->trans("ErrorBadImageFormat"), null, 'errors'); } - } else { - $error++; - $langs->load("errors"); - setEventMessages($langs->trans("ErrorBadImageFormat"), null, 'errors'); } } } + $_SESSION["mainmenu"] = ""; // The menu manager may have changed - - $_SESSION["mainmenu"] = ""; // Le gestionnaire de menu a pu changer - - header("Location: ".$_SERVER["PHP_SELF"]."?mainmenu=home&leftmenu=setup".(GETPOSTISSET('page_y', 'int') ? '&page_y='.GETPOST('page_y', 'int') : '')); + header("Location: ".$_SERVER["PHP_SELF"]."?mainmenu=home&leftmenu=setup".'&mode='.$mode.(GETPOSTISSET('page_y', 'int') ? '&page_y='.GETPOST('page_y', 'int') : '')); exit; } @@ -274,6 +284,7 @@ $formadmin = new FormAdmin($db); print load_fiche_titre($langs->trans("GUISetup"), '', 'title_setup'); print ''.$langs->trans("DisplayDesc")."
\n"; +print "
\n"; //WYSIWYG Editor require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; @@ -282,242 +293,223 @@ print '
'; print ''; print ''; +print ''; + +$head = ihm_prepare_head(); + +print dol_get_fiche_head($head, $mode, '', -1, ''); clearstatcache(); -print '
'; -print '
'; -print ''; -print ''; -print ''; +if ($mode == 'language') { + print '
'; + print '
'.img_picto('', 'language').' '.$langs->trans("Language").'
'; -// Default language -print ''; -print ''; + // Default language + print ''; + print ''; -// Multilingual GUI -print ''; -print ''; + // Multilingual GUI + print ''; + print ''; -print '
'.$langs->trans("DefaultLanguage").''; -print img_picto('', 'language', 'class="pictofixedwidth"'); -print $formadmin->select_language($conf->global->MAIN_LANG_DEFAULT, 'MAIN_LANG_DEFAULT', 1, null, '', 0, 0, 'minwidth300', 2); -//print ''; -print '
'.$langs->trans("DefaultLanguage").''; + print img_picto('', 'language', 'class="pictofixedwidth"'); + print $formadmin->select_language($conf->global->MAIN_LANG_DEFAULT, 'MAIN_LANG_DEFAULT', 1, null, '', 0, 0, 'minwidth300', 2); + //print ''; + print '
'.$langs->trans("EnableMultilangInterface").''; -print ajax_constantonoff("MAIN_MULTILANGS", array(), $conf->entity, 0, 0, 1, 0); -print '
' . $langs->trans("EnableMultilangInterface") . ''; + print ajax_constantonoff("MAIN_MULTILANGS", array(), $conf->entity, 0, 0, 1, 0); + print '
'."\n"; -print '
'; - -print '
'; -print '
'; -print ''; -print '
'; - -print '

'; - -// Themes and themes options -showSkins(null, 1); -print '
'; -print '
'; -print ''; -print '
'; - -print '

'; - -// Other -print '
'; -print ''; -print ''; -print ''; -print ''; - -// Disable javascript and ajax -print ''; -print ''; -print ''; - -// Max size of lists -print ''; -print ''; -print ''; - -// Max size of short lists on customer card -print ''; -print ''; -print ''; - -// show input border -/* - print ''; - print ''; - print ''; - */ - -// First day for weeks -print ''; -print ''; -print ''; - -// DefaultWorkingDays -print ''; -print ''; -print ''; - -// DefaultWorkingHours -print ''; -print ''; -print ''; - -// Firstname/Name -print ''; -print ''; -print ''; - -// Hide unauthorized menus -print ''; -print ''; -print ''; - -// Hide unauthorized button -print ''; -print ''; -print ''; - -// Hide version link -/* - -print ''; -print ''; -print ''; -*/ - -// Show bugtrack link -print ''; -print ''; -print ''; - -// Hide wiki link on login page -$pictohelp = ''; -print ''; -print ''; -print ''; - -// Message of the day on home page -$substitutionarray = getCommonSubstitutionArray($langs, 0, array('object', 'objectamount')); -complete_substitutions_array($substitutionarray, $langs); - -print '
'.$langs->trans("Miscellaneous").' '; -print '
'.$langs->trans("DisableJavascript").''; -print ajax_constantonoff("MAIN_DISABLE_JAVASCRIPT", array(), $conf->entity, 0, 0, 1, 0); -print '     '.$langs->trans("DisableJavascriptNote").''; -print ''; -print '
'.$langs->trans("DefaultMaxSizeList").' 
'.$langs->trans("DefaultMaxSizeShortList").' 
'.$langs->trans("showInputBorder").''; - print $form->selectyesno('main_showInputBorder',isset($conf->global->THEME_ELDY_SHOW_BORDER_INPUT)?$conf->global->THEME_ELDY_SHOW_BORDER_INPUT:0,1); - print ' 
'.$langs->trans("WeekStartOnDay").''; -print $formother->select_dayofweek((isset($conf->global->MAIN_START_WEEK) ? $conf->global->MAIN_START_WEEK : '1'), 'MAIN_START_WEEK', 0); -print ' 
'.$langs->trans("DefaultWorkingDays").''; -print ''; -print ' 
'.$langs->trans("DefaultWorkingHours").''; -print ''; -print ' 
'.$langs->trans("FirstnameNamePosition").''; -$array = array(0=>$langs->trans("Firstname").' '.$langs->trans("Lastname"), 1=>$langs->trans("Lastname").' '.$langs->trans("Firstname")); -print $form->selectarray('MAIN_FIRSTNAME_NAME_POSITION', $array, (isset($conf->global->MAIN_FIRSTNAME_NAME_POSITION) ? $conf->global->MAIN_FIRSTNAME_NAME_POSITION : 0)); -print ' 
'.$langs->trans("HideUnauthorizedMenu").''; -//print $form->selectyesno('MAIN_MENU_HIDE_UNAUTHORIZED', isset($conf->global->MAIN_MENU_HIDE_UNAUTHORIZED) ? $conf->global->MAIN_MENU_HIDE_UNAUTHORIZED : 0, 1); -print ajax_constantonoff("MAIN_MENU_HIDE_UNAUTHORIZED", array(), $conf->entity, 0, 0, 1, 0); -print ' 
'.$langs->trans("ButtonHideUnauthorized").''; -//print $form->selectyesno('MAIN_BUTTON_HIDE_UNAUTHORIZED', isset($conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED) ? $conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED : 0, 1); -print ajax_constantonoff("MAIN_BUTTON_HIDE_UNAUTHORIZED", array(), $conf->entity, 0, 0, 1, 0); -print ' 
'.$langs->trans("HideVersionLink").''; -print $form->selectyesno('MAIN_HIDE_VERSION',$conf->global->MAIN_HIDE_VERSION,1); -print ' 
'.$langs->trans("ShowBugTrackLink", $langs->transnoentitiesnoconv("FindBug")).''; -print ''; -print ' 
'.str_replace('{picto}', $pictohelp, $langs->trans("DisableLinkToHelp", '{picto}')).''; -print ajax_constantonoff("MAIN_HELP_DISABLELINK", array(), $conf->entity, 0, 0, 1, 0); -//print $form->selectyesno('MAIN_HELP_DISABLELINK', isset($conf->global->MAIN_HELP_DISABLELINK) ? $conf->global->MAIN_HELP_DISABLELINK : 0, 1); -print ' 
'; -$texthelp = $langs->trans("FollowingConstantsWillBeSubstituted").'
'; -foreach ($substitutionarray as $key => $val) { - $texthelp .= $key.'
'; + print '
' . "\n"; + print '
'; } -print $form->textwithpicto($langs->trans("MessageOfDay"), $texthelp, 1, 'help', '', 0, 2, 'tooltipmessageofday'); -print ''; - -$doleditor = new DolEditor('main_motd', (isset($conf->global->MAIN_MOTD) ? $conf->global->MAIN_MOTD : ''), '', 142, 'dolibarr_notes', 'In', false, true, true, ROWS_4, '90%'); -$doleditor->Create(); - -print ''."\n"; - -print ''."\n"; -print ''; - -print '
'; - -print '
'; -print ''; -print '
'; - -print '

'; - -// Other -print '
'; -print ''; -print ''; -print ''; -print ''; -print ''; - -// Hide helpcenter link on login page -print ''; -print ''; -print ''; - -// Message on login page -$substitutionarray = getCommonSubstitutionArray($langs, 0, array('object', 'objectamount', 'user')); -complete_substitutions_array($substitutionarray, $langs); -print ''."\n"; -// Background -print '' . "\n"; + + print '
'.$langs->trans("LoginPage").' 
'.$langs->trans("DisableLinkToHelpCenter").''; -print ajax_constantonoff("MAIN_HELPCENTER_DISABLELINK", array(), $conf->entity, 0, 0, 0, 0); -print ' 
'; -$texthelp = $langs->trans("FollowingConstantsWillBeSubstituted").'
'; -foreach ($substitutionarray as $key => $val) { - $texthelp .= $key.'
'; +if ($mode == 'template') { + // Themes and themes options + showSkins(null, 1); } -print $form->textwithpicto($langs->trans("MessageLogin"), $texthelp, 1, 'help', '', 0, 2, 'tooltipmessagelogin'); -print '		'; -$doleditor = new DolEditor('main_home', (isset($conf->global->MAIN_HOME) ? $conf->global->MAIN_HOME : ''), '', 142, 'dolibarr_notes', 'In', false, true, true, ROWS_4, '90%'); -$doleditor->Create(); -print '
'; -print '
'; -$disabled = ''; -if (!empty($conf->global->ADD_UNSPLASH_LOGIN_BACKGROUND)) { - $disabled = ' disabled="disabled"'; -} -print ''; -if ($disabled) { - print '('.$langs->trans("DisabledByOptionADD_UNSPLASH_LOGIN_BACKGROUND").') '; -} -if (!empty($conf->global->MAIN_LOGIN_BACKGROUND)) { - print ''.img_delete($langs->trans("Delete")).''; - if (file_exists($conf->mycompany->dir_output.'/logos/'.$conf->global->MAIN_LOGIN_BACKGROUND)) { - print '   '; - print ''; +if ($mode == 'other') { + // Other + print '
'; + print ''; + + // Disable javascript and ajax + print ''; + print ''; + print ''; + + // Max size of lists + print ''; + print ''; + print ''; + + // Max size of short lists on customer card + print ''; + print ''; + print ''; + + // show input border + /* + print ''; + print ''; + print ''; + */ + + // First day for weeks + print ''; + print ''; + print ''; + + // DefaultWorkingDays + print ''; + print ''; + print ''; + + // DefaultWorkingHours + print ''; + print ''; + print ''; + + // Firstname/Name + print ''; + print ''; + print ''; + + // Hide unauthorized menus + print ''; + print ''; + print ''; + + // Hide unauthorized button + print ''; + print ''; + print ''; + + // Hide version link + /* + + print ''; + print ''; + print ''; + */ + + // Show bugtrack link + print ''; + print ''; + print ''; + + // Hide wiki link on login page + $pictohelp = ''; + print ''; + print ''; + print ''; + + // Message of the day on home page + $substitutionarray = getCommonSubstitutionArray($langs, 0, array('object', 'objectamount')); + complete_substitutions_array($substitutionarray, $langs); + + print ''; + print $form->textwithpicto($langs->trans("MessageOfDay"), $texthelp, 1, 'help', '', 0, 2, 'tooltipmessageofday'); -print '
' . $langs->trans("DisableJavascript") . ''; + print ajax_constantonoff("MAIN_DISABLE_JAVASCRIPT", array(), $conf->entity, 0, 0, 1, 0); + print '     ' . $langs->trans("DisableJavascriptNote") . ''; + print ''; + print '
' . $langs->trans("DefaultMaxSizeList") . ' 
' . $langs->trans("DefaultMaxSizeShortList") . ' 
'.$langs->trans("showInputBorder").''; + print $form->selectyesno('main_showInputBorder',isset($conf->global->THEME_ELDY_SHOW_BORDER_INPUT)?$conf->global->THEME_ELDY_SHOW_BORDER_INPUT:0,1); + print ' 
' . $langs->trans("WeekStartOnDay") . ''; + print $formother->select_dayofweek((isset($conf->global->MAIN_START_WEEK) ? $conf->global->MAIN_START_WEEK : '1'), 'MAIN_START_WEEK', 0); + print ' 
' . $langs->trans("DefaultWorkingDays") . ''; + print ''; + print ' 
' . $langs->trans("DefaultWorkingHours") . ''; + print ''; + print ' 
' . $langs->trans("FirstnameNamePosition") . ''; + $array = array(0 => $langs->trans("Firstname") . ' ' . $langs->trans("Lastname"), 1 => $langs->trans("Lastname") . ' ' . $langs->trans("Firstname")); + print $form->selectarray('MAIN_FIRSTNAME_NAME_POSITION', $array, (isset($conf->global->MAIN_FIRSTNAME_NAME_POSITION) ? $conf->global->MAIN_FIRSTNAME_NAME_POSITION : 0)); + print ' 
' . $langs->trans("HideUnauthorizedMenu") . ''; + //print $form->selectyesno('MAIN_MENU_HIDE_UNAUTHORIZED', isset($conf->global->MAIN_MENU_HIDE_UNAUTHORIZED) ? $conf->global->MAIN_MENU_HIDE_UNAUTHORIZED : 0, 1); + print ajax_constantonoff("MAIN_MENU_HIDE_UNAUTHORIZED", array(), $conf->entity, 0, 0, 1, 0); + print ' 
' . $langs->trans("ButtonHideUnauthorized") . ''; + //print $form->selectyesno('MAIN_BUTTON_HIDE_UNAUTHORIZED', isset($conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED) ? $conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED : 0, 1); + print ajax_constantonoff("MAIN_BUTTON_HIDE_UNAUTHORIZED", array(), $conf->entity, 0, 0, 1, 0); + print ' 
'.$langs->trans("HideVersionLink").''; + print $form->selectyesno('MAIN_HIDE_VERSION',$conf->global->MAIN_HIDE_VERSION,1); + print ' 
' . $langs->trans("ShowBugTrackLink", $langs->transnoentitiesnoconv("FindBug")) . ''; + print ''; + print ' 
' . str_replace('{picto}', $pictohelp, $langs->trans("DisableLinkToHelp", '{picto}')) . ''; + print ajax_constantonoff("MAIN_HELP_DISABLELINK", array(), $conf->entity, 0, 0, 1, 0); + //print $form->selectyesno('MAIN_HELP_DISABLELINK', isset($conf->global->MAIN_HELP_DISABLELINK) ? $conf->global->MAIN_HELP_DISABLELINK : 0, 1); + print ' 
'; + $texthelp = $langs->trans("FollowingConstantsWillBeSubstituted") . '
'; + foreach ($substitutionarray as $key => $val) { + $texthelp .= $key . '
'; } -} else { - print ''; -} -print ''; -print '
'."\n"; -print '
'; + print '
'; + + $doleditor = new DolEditor('main_motd', (isset($conf->global->MAIN_MOTD) ? $conf->global->MAIN_MOTD : ''), '', 142, 'dolibarr_notes', 'In', false, true, true, ROWS_4, '90%'); + $doleditor->Create(); + + print '
' . "\n"; + print '
'; +} + +if ($mode == 'login') { + // Other + print '
'; + print ''; + + // Hide helpcenter link on login page + print ''; + print ''; + print ''; + + // Message on login page + $substitutionarray = getCommonSubstitutionArray($langs, 0, array('object', 'objectamount', 'user')); + complete_substitutions_array($substitutionarray, $langs); + print '' . "\n"; + + // Background + print ''; + + print '
' . $langs->trans("DisableLinkToHelpCenter") . ''; + print ajax_constantonoff("MAIN_HELPCENTER_DISABLELINK", array(), $conf->entity, 0, 0, 0, 0); + print ' 
'; + $texthelp = $langs->trans("FollowingConstantsWillBeSubstituted") . '
'; + foreach ($substitutionarray as $key => $val) { + $texthelp .= $key . '
'; + } + print $form->textwithpicto($langs->trans("MessageLogin"), $texthelp, 1, 'help', '', 0, 2, 'tooltipmessagelogin'); + print '		'; + $doleditor = new DolEditor('main_home', (isset($conf->global->MAIN_HOME) ? $conf->global->MAIN_HOME : ''), '', 142, 'dolibarr_notes', 'In', false, true, true, ROWS_4, '90%'); + $doleditor->Create(); + print '
'; + print '
'; + $disabled = ''; + if (!empty($conf->global->ADD_UNSPLASH_LOGIN_BACKGROUND)) { + $disabled = ' disabled="disabled"'; + } + print ''; + if ($disabled) { + print '(' . $langs->trans("DisabledByOptionADD_UNSPLASH_LOGIN_BACKGROUND") . ') '; + } + if (!empty($conf->global->MAIN_LOGIN_BACKGROUND)) { + print '' . img_delete($langs->trans("Delete")) . ''; + if (file_exists($conf->mycompany->dir_output . '/logos/' . $conf->global->MAIN_LOGIN_BACKGROUND)) { + print '   '; + print ''; + } + } else { + print ''; + } + print '
'; + print '
' . "\n"; + print '
'; +} print '
'; print '
'; -print ''; +print ''; print '
'; print '
'; diff --git a/htdocs/admin/limits.php b/htdocs/admin/limits.php index 4a599499053..ef0c996569f 100644 --- a/htdocs/admin/limits.php +++ b/htdocs/admin/limits.php @@ -108,9 +108,9 @@ $aCurrencies = array($conf->currency); // Default currency always first position if (!empty($conf->multicurrency->enabled) && !empty($conf->global->MULTICURRENCY_USE_LIMIT_BY_CURRENCY)) { require_once DOL_DOCUMENT_ROOT.'/core/lib/multicurrency.lib.php'; - $sql = 'SELECT rowid, code FROM '.MAIN_DB_PREFIX.'multicurrency'; - $sql .= ' WHERE entity = '.$conf->entity; - $sql .= ' AND code != "'.$conf->currency.'"'; // Default currency always first position + $sql = "SELECT rowid, code FROM ".MAIN_DB_PREFIX."multicurrency"; + $sql .= " WHERE entity = ".((int) $conf->entity); + $sql .= " AND code <> '".$db->escape($conf->currency)."'"; // Default currency always first position $resql = $db->query($sql); if ($resql) { while ($obj = $db->fetch_object($resql)) { diff --git a/htdocs/admin/mails.php b/htdocs/admin/mails.php index e86c78763ee..de160a1c946 100644 --- a/htdocs/admin/mails.php +++ b/htdocs/admin/mails.php @@ -536,11 +536,7 @@ if ($action == 'edit') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } else { diff --git a/htdocs/admin/mails_emailing.php b/htdocs/admin/mails_emailing.php index 511f5dde698..436ffa3d003 100644 --- a/htdocs/admin/mails_emailing.php +++ b/htdocs/admin/mails_emailing.php @@ -405,11 +405,7 @@ if ($action == 'edit') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } else { diff --git a/htdocs/admin/mails_senderprofile_list.php b/htdocs/admin/mails_senderprofile_list.php index d8c827337ad..baa8c3688d8 100644 --- a/htdocs/admin/mails_senderprofile_list.php +++ b/htdocs/admin/mails_senderprofile_list.php @@ -226,12 +226,12 @@ print "
\n"; // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -282,7 +282,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY " foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { @@ -395,12 +395,8 @@ if ($action != 'create') { print $form->selectarray('active', $object->fields['active']['arrayofkeyval'], (GETPOSTISSET('active') ? GETPOST('active', 'int') : $object->active), 0, 0, 0, '', 1); print ''; print ''; - print '
'; - print '
'; - print ''; - print '   '; - print ''; - print '
'; + + print $form->buttonsSaveCancel(); } } else { /*print '
'; @@ -428,12 +424,8 @@ if ($action != 'create') { print $form->selectarray('active', $object->fields['active']['arrayofkeyval'], GETPOST('active', 'int'), 0); print ''; print ''; - print '
'; - print '
'; - print ''; - print '   '; - print ''; - print '
'; + + print $form->buttonsSaveCancel(); //print '
'; } diff --git a/htdocs/admin/mails_templates.php b/htdocs/admin/mails_templates.php index db3c45a0776..1ea8564808e 100644 --- a/htdocs/admin/mails_templates.php +++ b/htdocs/admin/mails_templates.php @@ -564,8 +564,8 @@ $sql = "SELECT rowid as rowid, module, label, type_template, lang, fk_user, priv $sql .= " FROM ".MAIN_DB_PREFIX."c_email_templates"; $sql .= " WHERE entity IN (".getEntity('email_template').")"; if (!$user->admin) { - $sql .= " AND (private = 0 OR (private = 1 AND fk_user = ".$user->id."))"; // Show only public and private to me - $sql .= " AND (active = 1 OR fk_user = ".$user->id.")"; // Show only active or owned by me + $sql .= " AND (private = 0 OR (private = 1 AND fk_user = ".((int) $user->id)."))"; // Show only public and private to me + $sql .= " AND (active = 1 OR fk_user = ".((int) $user->id).")"; // Show only active or owned by me } if (empty($conf->global->MAIN_MULTILANGS)) { $sql .= " AND (lang = '".$db->escape($langs->defaultlang)."' OR lang IS NULL OR lang = '')"; diff --git a/htdocs/admin/mails_ticket.php b/htdocs/admin/mails_ticket.php index 939273c1da2..667f58807dc 100644 --- a/htdocs/admin/mails_ticket.php +++ b/htdocs/admin/mails_ticket.php @@ -380,11 +380,7 @@ if ($action == 'edit') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } else { diff --git a/htdocs/admin/menus/edit.php b/htdocs/admin/menus/edit.php index 2e84efbfb06..aaadde965a2 100644 --- a/htdocs/admin/menus/edit.php +++ b/htdocs/admin/menus/edit.php @@ -391,11 +391,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } elseif ($action == 'edit') { @@ -516,12 +512,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - // Bouton - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php index 77c070ad573..e3448d19702 100644 --- a/htdocs/admin/modules.php +++ b/htdocs/admin/modules.php @@ -789,16 +789,16 @@ if ($mode == 'common' || $mode == 'commonkanban') { if (!empty($objMod->config_page_url) && !$disableSetup) { $backtourlparam = ''; if ($search_keyword != '') { - $backtourlparam .= ($backtourlparam ? '&' : '?').'search_keyword='.$search_keyword; // No urlencode here, done later + $backtourlparam .= ($backtourlparam ? '&' : '?').'search_keyword='.urlencode($search_keyword); // No urlencode here, done later } if ($search_nature > -1) { - $backtourlparam .= ($backtourlparam ? '&' : '?').'search_nature='.$search_nature; // No urlencode here, done later + $backtourlparam .= ($backtourlparam ? '&' : '?').'search_nature='.urlencode($search_nature); // No urlencode here, done later } if ($search_version > -1) { - $backtourlparam .= ($backtourlparam ? '&' : '?').'search_version='.$search_version; // No urlencode here, done later + $backtourlparam .= ($backtourlparam ? '&' : '?').'search_version='.urlencode($search_version); // No urlencode here, done later } if ($search_status > -1) { - $backtourlparam .= ($backtourlparam ? '&' : '?').'search_status='.$search_status; // No urlencode here, done later + $backtourlparam .= ($backtourlparam ? '&' : '?').'search_status='.urlencode($search_status); // No urlencode here, done later } $backtourl = $_SERVER["PHP_SELF"].$backtourlparam; diff --git a/htdocs/admin/notification.php b/htdocs/admin/notification.php index c0c6b45464f..8137c34e1e6 100644 --- a/htdocs/admin/notification.php +++ b/htdocs/admin/notification.php @@ -47,7 +47,7 @@ $error = 0; */ // Action to update or add a constant -if ($action == 'settemplates') { +if ($action == 'settemplates' && $user->admin) { $db->begin(); if (!$error && is_array($_POST)) { @@ -192,7 +192,8 @@ print "\n"; print ''; print $langs->trans("NotificationEMailFrom").''; print ''; -print ''; +print img_picto('', 'email', 'class="pictofixedwidth"'); +print ''; if (!empty($conf->global->NOTIFICATION_EMAIL_FROM) && !isValidEmail($conf->global->NOTIFICATION_EMAIL_FROM)) { print ' '.img_warning($langs->trans("ErrorBadEMail")); } @@ -200,7 +201,7 @@ print ''; print ''; print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; @@ -270,9 +271,16 @@ if ($conf->global->MAIN_FEATURES_LEVEL >= 2) { } $helptext = ''; - form_constantes($constantes, 3, $helptext); + form_constantes($constantes, 3, $helptext, 'EmailTemplate'); - print '
'; + print '
'; + print '* '.$langs->trans("GoOntoUserCardToAddMore").'
'; + if (!empty($conf->societe->enabled)) { + print '** '.$langs->trans("GoOntoContactCardToAddMore").'
'; + } + print '
'; + + print $form->buttonsSaveCancel("Save", ''); } else { print ''; print ''; @@ -316,15 +324,14 @@ if ($conf->global->MAIN_FEATURES_LEVEL >= 2) { print ''; print '
'; -} - -print '
'; -print '* '.$langs->trans("GoOntoUserCardToAddMore").'
'; -if (!empty($conf->societe->enabled)) { - print '** '.$langs->trans("GoOntoContactCardToAddMore").'
'; + print '
'; + print '* '.$langs->trans("GoOntoUserCardToAddMore").'
'; + if (!empty($conf->societe->enabled)) { + print '** '.$langs->trans("GoOntoContactCardToAddMore").'
'; + } + print '
'; } -print '
'; print ''; @@ -335,6 +342,7 @@ print '

'; print '
'; print ''; print ''; +print ''; print load_fiche_titre($langs->trans("ListOfFixedNotifications"), '', ''); @@ -376,6 +384,12 @@ foreach ($listofnotifiedevents as $notifiedevent) { $elementLabel = $langs->trans('ExpenseReport'); } + $labelfortrigger = 'AmountHT'; + $codehasnotrigger = 0; + if (preg_match('/^HOLIDAY/', $notifiedevent['code'])) { + $codehasnotrigger++; + } + print ''; print ''; print img_picto('', $elementPicto, 'class="pictofixedwidth"'); @@ -384,6 +398,7 @@ foreach ($listofnotifiedevents as $notifiedevent) { print ''.$notifiedevent['code'].''; print ''.$label.''; print ''; + $inputfieldalreadyshown = 0; // Notification with threshold foreach ($conf->global as $key => $val) { if ($val == '' || !preg_match('/^NOTIFICATION_FIXEDEMAIL_'.$notifiedevent['code'].'_THRESHOLD_HIGHER_(.*)/', $key, $reg)) { @@ -407,24 +422,35 @@ foreach ($listofnotifiedevents as $notifiedevent) { } print $form->textwithpicto($s, $langs->trans("YouCanUseCommaSeparatorForSeveralRecipients").'
'.$langs->trans("YouCanAlsoUseSupervisorKeyword"), 1, 'help', '', 0, 2); print '
'; + + $inputfieldalreadyshown++; } // New entry input fields - $s = ''; // Do not use type="email" here, we must be able to enter a list of email with , separator. - print $form->textwithpicto($s, $langs->trans("YouCanUseCommaSeparatorForSeveralRecipients").'
'.$langs->trans("YouCanAlsoUseSupervisorKeyword"), 1, 'help', '', 0, 2); + if (empty($inputfieldalreadyshown) || !$codehasnotrigger) { + $s = ''; // Do not use type="email" here, we must be able to enter a list of email with , separator. + print $form->textwithpicto($s, $langs->trans("YouCanUseCommaSeparatorForSeveralRecipients").'
'.$langs->trans("YouCanAlsoUseSupervisorKeyword"), 1, 'help', '', 0, 2); + } print ''; print ''; // Notification with threshold + $inputfieldalreadyshown = 0; foreach ($conf->global as $key => $val) { if ($val == '' || !preg_match('/^NOTIFICATION_FIXEDEMAIL_'.$notifiedevent['code'].'_THRESHOLD_HIGHER_(.*)/', $key, $reg)) { continue; } - print $langs->trans("AmountHT").' >= '; - print '
'; + if (!$codehasnotrigger) { + print $langs->trans($labelfortrigger).' >= '; + print '
'; + + $inputfieldalreadyshown++; + } } // New entry input fields - print $langs->trans("AmountHT").' >= '; + if (!$codehasnotrigger) { + print $langs->trans($labelfortrigger).' >= '; + } print ''; print ''; @@ -437,7 +463,7 @@ print ''; print '
'; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print '
'; diff --git a/htdocs/admin/openinghours.php b/htdocs/admin/openinghours.php index 2e262a1bb7e..e6bc6ee8f1d 100644 --- a/htdocs/admin/openinghours.php +++ b/htdocs/admin/openinghours.php @@ -131,10 +131,7 @@ if (empty($action) || $action == 'edit' || $action == 'updateedit') { print ''; - print '
'; - print ''; - print '
'; - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ''; } diff --git a/htdocs/admin/payment.php b/htdocs/admin/payment.php index 9b380b676b4..b4b06d62e5e 100644 --- a/htdocs/admin/payment.php +++ b/htdocs/admin/payment.php @@ -273,11 +273,7 @@ print ''; print dol_get_fiche_end(); -print '
'; -print '
'; -print ''; -print '
'; -print '
'; +print $form->buttonsSaveCancel("Modify", ''); print ''; diff --git a/htdocs/admin/paymentbybanktransfer.php b/htdocs/admin/paymentbybanktransfer.php index 43ad8c15929..251d5194b27 100644 --- a/htdocs/admin/paymentbybanktransfer.php +++ b/htdocs/admin/paymentbybanktransfer.php @@ -114,7 +114,7 @@ if ($action == "set") { if ($action == "addnotif") { $bon = new BonPrelevement($db); - $bon->AddNotification($db, GETPOST('user', 'int'), $action); + $bon->addNotification($db, GETPOST('user', 'int'), $action); header("Location: ".$_SERVER["PHP_SELF"]); exit; @@ -122,7 +122,7 @@ if ($action == "addnotif") { if ($action == "deletenotif") { $bon = new BonPrelevement($db); - $bon->DeleteNotificationById(GETPOST('notif', 'int')); + $bon->deleteNotificationById(GETPOST('notif', 'int')); header("Location: ".$_SERVER["PHP_SELF"]); exit; @@ -200,9 +200,8 @@ if (!$conf->global->PAYMENTBYBANKTRANSFER_ADDDAYS) { print ''; print ''; print ''; -print '
'; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/pdf.php b/htdocs/admin/pdf.php index cee63fd91fd..5030c487537 100644 --- a/htdocs/admin/pdf.php +++ b/htdocs/admin/pdf.php @@ -65,6 +65,11 @@ if ($action == 'update') { if (GETPOSTISSET('MAIN_PROFID5_IN_ADDRESS')) dolibarr_set_const($db, "MAIN_PROFID5_IN_ADDRESS", GETPOST("MAIN_PROFID5_IN_ADDRESS"), 'chaine', 0, '', $conf->entity); if (GETPOSTISSET('MAIN_PROFID6_IN_ADDRESS')) dolibarr_set_const($db, "MAIN_PROFID6_IN_ADDRESS", GETPOST("MAIN_PROFID6_IN_ADDRESS"), 'chaine', 0, '', $conf->entity); + if (GETPOSTISSET('MAIN_PDF_NO_SENDER_FRAME')) dolibarr_set_const($db, "MAIN_PDF_NO_SENDER_FRAME", GETPOST("MAIN_PDF_NO_SENDER_FRAME"), 'chaine', 0, '', $conf->entity); + if (GETPOSTISSET('MAIN_PDF_NO_RECIPENT_FRAME')) dolibarr_set_const($db, "MAIN_PDF_NO_RECIPENT_FRAME", GETPOST("MAIN_PDF_NO_RECIPENT_FRAME"), 'chaine', 0, '', $conf->entity); + + if (GETPOSTISSET('MAIN_PDF_HIDE_SENDER_NAME')) dolibarr_set_const($db, "MAIN_PDF_HIDE_SENDER_NAME", GETPOST("MAIN_PDF_HIDE_SENDER_NAME"), 'chaine', 0, '', $conf->entity); + if (GETPOSTISSET('MAIN_GENERATE_DOCUMENTS_WITHOUT_VAT')) dolibarr_set_const($db, "MAIN_GENERATE_DOCUMENTS_WITHOUT_VAT", GETPOST("MAIN_GENERATE_DOCUMENTS_WITHOUT_VAT"), 'chaine', 0, '', $conf->entity); if (GETPOSTISSET('MAIN_TVAINTRA_NOT_IN_ADDRESS')) dolibarr_set_const($db, "MAIN_TVAINTRA_NOT_IN_ADDRESS", GETPOST("MAIN_TVAINTRA_NOT_IN_ADDRESS"), 'chaine', 0, '', $conf->entity); @@ -89,6 +94,8 @@ if ($action == 'update') { if (GETPOSTISSET('MAIN_DOCUMENTS_LOGO_HEIGHT')) dolibarr_set_const($db, "MAIN_DOCUMENTS_LOGO_HEIGHT", GETPOST("MAIN_DOCUMENTS_LOGO_HEIGHT", 'int'), 'chaine', 0, '', $conf->entity); if (GETPOSTISSET('MAIN_INVERT_SENDER_RECIPIENT')) dolibarr_set_const($db, "MAIN_INVERT_SENDER_RECIPIENT", GETPOST("MAIN_INVERT_SENDER_RECIPIENT"), 'chaine', 0, '', $conf->entity); if (GETPOSTISSET('MAIN_PDF_USE_ISO_LOCATION')) dolibarr_set_const($db, "MAIN_PDF_USE_ISO_LOCATION", GETPOST("MAIN_PDF_USE_ISO_LOCATION"), 'chaine', 0, '', $conf->entity); + if (GETPOSTISSET('MAIN_PDF_NO_CUSTOMER_CODE')) dolibarr_set_const($db, "MAIN_PDF_NO_CUSTOMER_CODE", GETPOST("MAIN_PDF_NO_CUSTOMER_CODE"), 'chaine', 0, '', $conf->entity); + if (GETPOSTISSET('MAIN_GENERATE_DOCUMENTS_SHOW_FOOT_DETAILS')) dolibarr_set_const($db, "MAIN_GENERATE_DOCUMENTS_SHOW_FOOT_DETAILS", GETPOST("MAIN_GENERATE_DOCUMENTS_SHOW_FOOT_DETAILS"), 'chaine', 0, '', $conf->entity); if (GETPOSTISSET('MAIN_PDF_MAIN_HIDE_SECOND_TAX')) dolibarr_set_const($db, "MAIN_PDF_MAIN_HIDE_SECOND_TAX", GETPOST("MAIN_PDF_MAIN_HIDE_SECOND_TAX"), 'chaine', 0, '', $conf->entity); @@ -253,6 +260,55 @@ for ($i = 1; $i <= 6; $i++) { } } +// Borders on address frame + +print ''.$langs->trans("MAIN_PDF_NO_SENDER_FRAME").''; +if ($conf->use_javascript_ajax) { + print ajax_constantonoff('MAIN_PDF_NO_SENDER_FRAME'); +} else { + $arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes")); + print $form->selectarray("MAIN_PDF_NO_SENDER_FRAME", $arrval, $conf->global->MAIN_PDF_NO_SENDER_FRAME); +} +print ''; + +print ''.$langs->trans("MAIN_PDF_NO_RECIPENT_FRAME").''; +if ($conf->use_javascript_ajax) { + print ajax_constantonoff('MAIN_PDF_NO_RECIPENT_FRAME'); +} else { + $arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes")); + print $form->selectarray("MAIN_PDF_NO_RECIPENT_FRAME", $arrval, $conf->global->MAIN_PDF_NO_RECIPENT_FRAME); +} + +// Show sender name + +print ''.$langs->trans("MAIN_PDF_HIDE_SENDER_NAME").''; +if ($conf->use_javascript_ajax) { + print ajax_constantonoff('MAIN_PDF_HIDE_SENDER_NAME'); +} else { + print $form->selectyesno('MAIN_PDF_HIDE_SENDER_NAME', (!empty($conf->global->MAIN_PDF_HIDE_SENDER_NAME)) ? $conf->global->MAIN_PDF_HIDE_SENDER_NAME : 0, 1); +} +print ''; + +//Invert sender and recipient + +print ''.$langs->trans("SwapSenderAndRecipientOnPDF").''; +if ($conf->use_javascript_ajax) { + print ajax_constantonoff('MAIN_INVERT_SENDER_RECIPIENT'); +} else { + print $form->selectyesno('MAIN_INVERT_SENDER_RECIPIENT', (!empty($conf->global->MAIN_INVERT_SENDER_RECIPIENT)) ? $conf->global->MAIN_INVERT_SENDER_RECIPIENT : 0, 1); +} +print ''; + +// Place customer adress to the ISO location + +print ''.$langs->trans("PlaceCustomerAddressToIsoLocation").''; +if ($conf->use_javascript_ajax) { + print ajax_constantonoff('MAIN_PDF_USE_ISO_LOCATION'); +} else { + print $form->selectyesno('MAIN_PDF_USE_ISO_LOCATION', (!empty($conf->global->MAIN_PDF_USE_ISO_LOCATION)) ? $conf->global->MAIN_PDF_USE_ISO_LOCATION : 0, 1); +} +print ''; + print ''; print ''; @@ -323,14 +379,24 @@ print '
'; print ''; print ''; -// Height of logo +// Use 2 languages into PDF +print ''; + +// Height of logo print ''; // Show project - if (!empty($conf->projet->enabled)) { print ''; } -//Invert sender and recipient +// -print ''; -// Place customer adress to the ISO location - -print ''; - -// Use 2 languages into PDF - -print ''; - // Ref print ''; print '
'.$langs->trans("Parameter").''.$langs->trans("Value").'
'.$langs->trans("PDF_USE_ALSO_LANGUAGE_CODE").''; +//if (! empty($conf->global->MAIN_MULTILANGS)) + //{ +$selected = GETPOSTISSET('PDF_USE_ALSO_LANGUAGE_CODE') ? GETPOST('PDF_USE_ALSO_LANGUAGE_CODE') : (!empty($conf->global->PDF_USE_ALSO_LANGUAGE_CODE) ? $conf->global->PDF_USE_ALSO_LANGUAGE_CODE : 0); +print $formadmin->select_language($selected, 'PDF_USE_ALSO_LANGUAGE_CODE', 0, null, 1); +//} else { +// print ''.$langs->trans("MultiLangNotEnabled").''; +//} +print '
'.$langs->trans("MAIN_DOCUMENTS_LOGO_HEIGHT").''; print ''; print '
'.$langs->trans("PDF_SHOW_PROJECT").''; $tmparray = array('no' => 'No', 'showprojectref' => 'RefProject', 'showprojectlabel' => 'ShowProjectLabel'); @@ -339,38 +405,18 @@ if (!empty($conf->projet->enabled)) { print '
'.$langs->trans("SwapSenderAndRecipientOnPDF").''; +print '
'.$langs->trans("MAIN_PDF_HIDE_CUSTOMER_CODE"); +print ''; if ($conf->use_javascript_ajax) { - print ajax_constantonoff('MAIN_INVERT_SENDER_RECIPIENT'); + print ajax_constantonoff('MAIN_PDF_HIDE_CUSTOMER_CODE'); } else { - print $form->selectyesno('MAIN_INVERT_SENDER_RECIPIENT', (!empty($conf->global->MAIN_INVERT_SENDER_RECIPIENT)) ? $conf->global->MAIN_INVERT_SENDER_RECIPIENT : 0, 1); + $arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes")); + print $form->selectarray("MAIN_PDF_HIDE_CUSTOMER_CODE", $arrval, $conf->global->MAIN_PDF_HIDE_CUSTOMER_CODE); } print '
'.$langs->trans("PlaceCustomerAddressToIsoLocation").''; -if ($conf->use_javascript_ajax) { - print ajax_constantonoff('MAIN_PDF_USE_ISO_LOCATION'); -} else { - print $form->selectyesno('MAIN_PDF_USE_ISO_LOCATION', (!empty($conf->global->MAIN_PDF_USE_ISO_LOCATION)) ? $conf->global->MAIN_PDF_USE_ISO_LOCATION : 0, 1); -} -print '
'.$langs->trans("PDF_USE_ALSO_LANGUAGE_CODE").''; -//if (! empty($conf->global->MAIN_MULTILANGS)) -//{ -$selected = GETPOSTISSET('PDF_USE_ALSO_LANGUAGE_CODE') ? GETPOST('PDF_USE_ALSO_LANGUAGE_CODE') : (!empty($conf->global->PDF_USE_ALSO_LANGUAGE_CODE) ? $conf->global->PDF_USE_ALSO_LANGUAGE_CODE : 0); -print $formadmin->select_language($selected, 'PDF_USE_ALSO_LANGUAGE_CODE', 0, null, 1); -//} else { -// print ''.$langs->trans("MultiLangNotEnabled").''; -//} -print '
'.$langs->trans("HideRefOnPDF").''; @@ -420,9 +466,7 @@ print '
'; print '
'; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/pdf_other.php b/htdocs/admin/pdf_other.php index d50476528cb..3883e885619 100644 --- a/htdocs/admin/pdf_other.php +++ b/htdocs/admin/pdf_other.php @@ -113,26 +113,6 @@ if ($conf->use_javascript_ajax) { } print ''; -print ''.$langs->trans("PROPOSAL_PDF_HIDE_PAYMENTTERM"); -print ''; -if ($conf->use_javascript_ajax) { - print ajax_constantonoff('PROPOSAL_PDF_HIDE_PAYMENTTERM'); -} else { - $arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes")); - print $form->selectarray("PROPOSAL_PDF_HIDE_PAYMENTTERM", $arrval, $conf->global->PROPOSAL_PDF_HIDE_PAYMENTTERM); -} -print ''; - -print ''.$langs->trans("PROPOSAL_PDF_HIDE_PAYMENTMODE"); -print ''; -if ($conf->use_javascript_ajax) { - print ajax_constantonoff('PROPOSAL_PDF_HIDE_PAYMENTMODE'); -} else { - $arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes")); - print $form->selectarray("PROPOSAL_PDF_HIDE_PAYMENTMODE", $arrval, $conf->global->PROPOSAL_PDF_HIDE_PAYMENTMODE); -} -print ''; - /* print ''.$langs->trans("MAIN_PDF_PROPAL_USE_ELECTRONIC_SIGNING").''; if ($conf->use_javascript_ajax) { @@ -148,9 +128,7 @@ print ''; print ''; /* -print '
'; -print ''; -print '
'; + print $form->buttonsSaveCancel(); */ print ''; diff --git a/htdocs/admin/prelevement.php b/htdocs/admin/prelevement.php index 01e3b6d4913..db48ab19849 100644 --- a/htdocs/admin/prelevement.php +++ b/htdocs/admin/prelevement.php @@ -117,7 +117,7 @@ if ($action == "set") { if ($action == "addnotif") { $bon = new BonPrelevement($db); - $bon->AddNotification($db, GETPOST('user', 'int'), $action); + $bon->addNotification($db, GETPOST('user', 'int'), $action); header("Location: ".$_SERVER["PHP_SELF"]); exit; @@ -125,7 +125,7 @@ if ($action == "addnotif") { if ($action == "deletenotif") { $bon = new BonPrelevement($db); - $bon->DeleteNotificationById(GETPOST('notif', 'int')); + $bon->deleteNotificationById(GETPOST('notif', 'int')); header("Location: ".$_SERVER["PHP_SELF"]); exit; @@ -214,9 +214,8 @@ print ''; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/receiptprinter.php b/htdocs/admin/receiptprinter.php index 883a6ff6f03..988023175db 100644 --- a/htdocs/admin/receiptprinter.php +++ b/htdocs/admin/receiptprinter.php @@ -341,7 +341,7 @@ if ($mode == 'config' && $user->admin) { print ''.$printer->profileresprint.''; print ''; print ''; - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ''; print ''; } else { @@ -432,7 +432,7 @@ if ($mode == 'template' && $user->admin) { print ''; print ''; print ''; - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ''; } else { print ''.$printer->listprinterstemplates[$line]['name'].''; diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index f2df395060b..8a6d6bbb4ed 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -91,7 +91,13 @@ print '
'; print "PHP session.use_strict_mode = ".(ini_get('session.use_strict_mode') ? ini_get('session.use_strict_mode') : yn(0)).'   ('.$langs->trans("RecommendedValueIs", '1').")
\n"; print "PHP session.use_only_cookies = ".(ini_get('session.use_only_cookies') ? ini_get('session.use_only_cookies') : yn(0)).'   ('.$langs->trans("RecommendedValueIs", '1').")
\n"; print "PHP session.cookie_httponly = ".(ini_get('session.cookie_httponly') ? ini_get('session.cookie_httponly') : '').'   ('.$langs->trans("RecommendedValueIs", '1').")
\n"; -print "PHP session.cookie_samesite = ".(ini_get('session.cookie_samesite') ? ini_get('session.cookie_samesite') : 'None').'   ('.$langs->trans("RecommendedValueIs", 'Strict').")
\n"; +print "PHP session.cookie_samesite = ".(ini_get('session.cookie_samesite') ? ini_get('session.cookie_samesite') : 'None'); +if (!ini_get('session.cookie_samesite') || ini_get('session.cookie_samesite') == 'Lax') { + print '   ('.$langs->trans("RecommendedValueIs", 'Lax').")"; +} elseif (ini_get('session.cookie_samesite') == 'Strict') { + print '   '.img_warning().' '.$langs->trans("WarningPaypalPaymentNotCompatibleWithStrict").""; +} +print "
\n"; print "PHP open_basedir = ".(ini_get('open_basedir') ? ini_get('open_basedir') : yn(0).'   ('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("ARestrictedPath").', '.$langs->transnoentitiesnoconv("Example").' '.$_SERVER["DOCUMENT_ROOT"]).')')."
\n"; print "PHP allow_url_fopen = ".(ini_get('allow_url_fopen') ? img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.ini_get('allow_url_fopen') : yn(0)).'   ('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).")
\n"; print "PHP allow_url_include = ".(ini_get('allow_url_include') ? img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.ini_get('allow_url_include') : yn(0)).'   ('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).")
\n"; diff --git a/htdocs/admin/ticket.php b/htdocs/admin/ticket.php index 320857de887..bfd2ae4b09b 100644 --- a/htdocs/admin/ticket.php +++ b/htdocs/admin/ticket.php @@ -580,9 +580,7 @@ print ''; print ''; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/ticket_public.php b/htdocs/admin/ticket_public.php index 98ce554c363..22e4a4a1b42 100644 --- a/htdocs/admin/ticket_public.php +++ b/htdocs/admin/ticket_public.php @@ -390,7 +390,7 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) { print ''; print ''; - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ''; } diff --git a/htdocs/admin/translation.php b/htdocs/admin/translation.php index 3fa2e5d0af9..4fb4e05f771 100644 --- a/htdocs/admin/translation.php +++ b/htdocs/admin/translation.php @@ -146,7 +146,7 @@ if ($action == 'add') { if (!$error) { $db->begin(); - $sql = "INSERT INTO ".MAIN_DB_PREFIX."overwrite_trans(lang, transkey, transvalue, entity) VALUES ('".$db->escape($langcode)."','".$db->escape($transkey)."','".$db->escape($transvalue)."', ".$db->escape($conf->entity).")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."overwrite_trans(lang, transkey, transvalue, entity) VALUES ('".$db->escape($langcode)."','".$db->escape($transkey)."','".$db->escape($transvalue)."', ".((int) $conf->entity).")"; $result = $db->query($sql); if ($result > 0) { $db->commit(); diff --git a/htdocs/api/class/api.class.php b/htdocs/api/class/api.class.php index 0a84de7b7c1..ab65576811a 100644 --- a/htdocs/api/class/api.class.php +++ b/htdocs/api/class/api.class.php @@ -327,7 +327,7 @@ class DolibarrApi * Function to forge a SQL criteria * * @param array $matches Array of found string by regex search. - * Example: "t.ref:like:'SO-%'" or "t.date_creation:<:'20160101'" or "t.date_creation:<:'2016-01-01 12:30:00'" or "t.nature:is:NULL" + * Example: "t.ref:like:'SO-%'" or "t.date_creation:<:'20160101'" or "t.date_creation:<:'2016-01-01 12:30:00'" or "t.nature:is:NULL" or "t.nature:isnot:NULL" * @return string Forged criteria. Example: "t.field like 'abc%'" */ protected static function _forge_criteria_callback($matches) @@ -345,18 +345,36 @@ class DolibarrApi return ''; } + // Sanitize operand $operand = preg_replace('/[^a-z0-9\._]/i', '', trim($tmp[0])); + // Sanitize operator $operator = strtoupper(preg_replace('/[^a-z<>=]/i', '', trim($tmp[1]))); + // Only some operators are allowed. + if (! in_array($operator, array('LIKE', 'ULIKE', '<', '>', '<=', '>=', '=', '<>', 'IS', 'ISNOT', 'IN'))) { + return ''; + } + if ($operator == 'ISNOT') { + $operator = 'IS NOT'; + } + // Sanitize value $tmpescaped = trim($tmp[2]); $regbis = array(); if ($operator == 'IN') { $tmpescaped = "(".$db->sanitize($tmpescaped, 1).")"; - } elseif (preg_match('/^\'(.*)\'$/', $tmpescaped, $regbis)) { - $tmpescaped = "'".$db->escape($regbis[1])."'"; + } elseif (in_array($operator, array('<', '>', '<=', '>=', '=', '<>'))) { + if (preg_match('/^\'(.*)\'$/', $tmpescaped, $regbis)) { // If 'YYYY-MM-DD HH:MM:SS+X' + $tmpescaped = "'".$db->escape($regbis[1])."'"; + } else { + $tmpescaped = ((float) $tmpescaped); + } } else { - $tmpescaped = $db->sanitize($db->escape($tmpescaped)); + if (preg_match('/^\'(.*)\'$/', $tmpescaped, $regbis)) { + $tmpescaped = "'".$db->escape($regbis[1])."'"; + } else { + $tmpescaped = "'".$db->escape($tmpescaped)."'"; + } } return $db->escape($operand).' '.$db->escape($operator)." ".$tmpescaped; diff --git a/htdocs/asset/admin/setup.php b/htdocs/asset/admin/setup.php index c6cd45a0cc5..07da0541619 100644 --- a/htdocs/asset/admin/setup.php +++ b/htdocs/asset/admin/setup.php @@ -81,9 +81,7 @@ if ($action == 'edit') { print ''; - print '
'; - print ''; - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ''; print '
'; diff --git a/htdocs/asset/card.php b/htdocs/asset/card.php index 3d722bca400..4a2e98fc666 100644 --- a/htdocs/asset/card.php +++ b/htdocs/asset/card.php @@ -169,11 +169,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; @@ -210,9 +206,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/asset/list.php b/htdocs/asset/list.php index 1d994e25177..770493a90f6 100644 --- a/htdocs/asset/list.php +++ b/htdocs/asset/list.php @@ -197,12 +197,12 @@ $title = $langs->trans('ListOf', $langs->transnoentitiesnoconv("Assets")); // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -249,7 +249,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY " foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/asset/type.php b/htdocs/asset/type.php index 6103b963e21..6f743172617 100644 --- a/htdocs/asset/type.php +++ b/htdocs/asset/type.php @@ -396,11 +396,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + $form->buttonsSaveCancel("Add"); print "\n"; } @@ -600,9 +596,7 @@ if ($rowid > 0) { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ""; } diff --git a/htdocs/blockedlog/admin/blockedlog.php b/htdocs/blockedlog/admin/blockedlog.php index f90385b4209..423c40d9e20 100644 --- a/htdocs/blockedlog/admin/blockedlog.php +++ b/htdocs/blockedlog/admin/blockedlog.php @@ -79,7 +79,10 @@ $form = new Form($db); $block_static = new BlockedLog($db); $block_static->loadTrackedEvents(); -llxHeader('', $langs->trans("BlockedLogSetup")); +$title = $langs->trans("BlockedLogSetup"); +$help_url="EN:Module_Unalterable_Archives_-_Logs|FR:Module_Archives_-_Logs_Inaltérable"; + +llxHeader('', $title, $help_url); $linkback = ''; if ($withtab) { diff --git a/htdocs/blockedlog/admin/blockedlog_list.php b/htdocs/blockedlog/admin/blockedlog_list.php index 265c12dd49c..385101c7468 100644 --- a/htdocs/blockedlog/admin/blockedlog_list.php +++ b/htdocs/blockedlog/admin/blockedlog_list.php @@ -275,8 +275,9 @@ if (GETPOST('withtab', 'alpha')) { } else { $title = $langs->trans("BrowseBlockedLog"); } +$help_url="EN:Module_Unalterable_Archives_-_Logs|FR:Module_Archives_-_Logs_Inaltérable"; -llxHeader('', $langs->trans("BrowseBlockedLog")); +llxHeader('', $title, $help_url); $MAXLINES = 10000; diff --git a/htdocs/blockedlog/ajax/check_signature.php b/htdocs/blockedlog/ajax/check_signature.php index ba164e3e715..4d59b56a981 100644 --- a/htdocs/blockedlog/ajax/check_signature.php +++ b/htdocs/blockedlog/ajax/check_signature.php @@ -17,9 +17,9 @@ */ /** - * \file htdocs/blockedlog/ajax/block-info.php + * \file htdocs/blockedlog/ajax/check_signature.php * \ingroup blockedlog - * \brief block-info + * \brief This page is not used yet. */ @@ -38,13 +38,15 @@ if (!defined('NOREQUIREHTML')) { require '../../main.inc.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/blockedlog/class/blockedlog.class.php'; +require_once DOL_DOCUMENT_ROOT.'/blockedlog/class/authority.class.php'; + if (empty($conf->global->BLOCKEDLOG_AUTHORITY_URL)) { exit('BLOCKEDLOG_AUTHORITY_URL not set'); } -require_once DOL_DOCUMENT_ROOT.'/blockedlog/class/blockedlog.class.php'; -require_once DOL_DOCUMENT_ROOT.'/blockedlog/class/authority.class.php'; $auth = new BlockedLogAuthority($db); $auth->syncSignatureWithAuthority(); @@ -63,8 +65,11 @@ if (is_array($bocks)) { $hash = $auth->getBlockchainHash(); -$url = $conf->global->BLOCKEDLOG_AUTHORITY_URL.'/blockedlog/ajax/authority.php?s='.$auth->signature.'&h='.$hash; +// Call external authority +$url = $conf->global->BLOCKEDLOG_AUTHORITY_URL.'/blockedlog/ajax/authority.php?s='.urlencode($auth->signature).'&h='.urlencode($hash); + +$resarray = getURLContent($url, 'GET', '', 1, array(), array(), 2); +$res = $resarray['content']; -$res = file_get_contents($url); //echo $url; -echo $res; +echo dol_escape_htmltag($res); diff --git a/htdocs/bom/bom_card.php b/htdocs/bom/bom_card.php index cd530994b9b..235336d4f73 100644 --- a/htdocs/bom/bom_card.php +++ b/htdocs/bom/bom_card.php @@ -267,11 +267,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; } @@ -302,9 +298,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; } diff --git a/htdocs/bom/bom_list.php b/htdocs/bom/bom_list.php index 2cd7492395d..4a94dc7ce86 100644 --- a/htdocs/bom/bom_list.php +++ b/htdocs/bom/bom_list.php @@ -297,7 +297,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.' ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.' ' : ''); } } // Add fields from hooks @@ -325,7 +325,7 @@ foreach ($search as $key => $val) { } $mode_search = (($object->isInt($object->fields[$key]) || $object->isFloat($object->fields[$key])) ? 1 : 0); if ((strpos($object->fields[$key]['type'], 'integer:') === 0) || (strpos($object->fields[$key]['type'], 'sellist:') === 0) || !empty($object->fields[$key]['arrayofkeyval'])) { - if ($search[$key] == '-1' || $search[$key] === '0') { + if ($search[$key] == '-1' || ($search[$key] === '0' && (empty($object->fields[$key]['arrayofkeyval']) || !array_key_exists('0', $object->fields[$key]['arrayofkeyval'])))) { $search[$key] = ''; } $mode_search = 2; @@ -363,7 +363,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/bom/class/bom.class.php b/htdocs/bom/class/bom.class.php index 3996b5e49bd..6de13ac137a 100644 --- a/htdocs/bom/class/bom.class.php +++ b/htdocs/bom/class/bom.class.php @@ -431,25 +431,25 @@ class BOM extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } if (count($sqlwhere) > 0) { - $sql .= ' AND ('.implode(' '.$filtermode.' ', $sqlwhere).')'; + $sql .= " AND (".implode(" ".$filtermode." ", $sqlwhere).")"; } if (!empty($sortfield)) { $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); @@ -1288,13 +1288,13 @@ class BOMLine extends CommonObjectLine if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -1306,7 +1306,7 @@ class BOMLine extends CommonObjectLine $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/bookmarks/card.php b/htdocs/bookmarks/card.php index f7795a14f47..045e656de50 100644 --- a/htdocs/bookmarks/card.php +++ b/htdocs/bookmarks/card.php @@ -301,7 +301,8 @@ if ($id > 0 && !preg_match('/^add/i', $action)) { print dol_get_fiche_end(); if ($action == 'edit') { - print '
   
'; + print $form->buttonsSaveCancel(); + print ''; } diff --git a/htdocs/cashdesk/admin/cashdesk.php b/htdocs/cashdesk/admin/cashdesk.php deleted file mode 100644 index eee5cac755f..00000000000 --- a/htdocs/cashdesk/admin/cashdesk.php +++ /dev/null @@ -1,191 +0,0 @@ - - * Copyright (C) 2011-2017 Juanjo Menent - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -/** - * \file htdocs/cashdesk/admin/cashdesk.php - * \ingroup cashdesk - * \brief Setup page for cashdesk module - */ - -require '../../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/product/class/html.formproduct.class.php'; - -// If socid provided by ajax company selector -if (!empty($_REQUEST['CASHDESK_ID_THIRDPARTY_id'])) { - $_GET['CASHDESK_ID_THIRDPARTY'] = GETPOST('CASHDESK_ID_THIRDPARTY_id', 'alpha'); - $_POST['CASHDESK_ID_THIRDPARTY'] = GETPOST('CASHDESK_ID_THIRDPARTY_id', 'alpha'); - $_REQUEST['CASHDESK_ID_THIRDPARTY'] = GETPOST('CASHDESK_ID_THIRDPARTY_id', 'alpha'); -} - -// Security check -if (!$user->admin) { - accessforbidden(); -} - -// Load translation files required by the page -$langs->loadLangs(array("admin", "cashdesk")); - - -/* - * Actions - */ - -if (GETPOST('action', 'alpha') == 'set') { - $db->begin(); - - if (GETPOST('socid', 'int') < 0) { - $_POST["socid"] = ''; - } - - $res = dolibarr_set_const($db, "CASHDESK_ID_THIRDPARTY", (GETPOST('socid', 'int') > 0 ? GETPOST('socid', 'int') : ''), 'chaine', 0, '', $conf->entity); - $res = dolibarr_set_const($db, "CASHDESK_ID_BANKACCOUNT_CASH", (GETPOST('CASHDESK_ID_BANKACCOUNT_CASH', 'alpha') > 0 ? GETPOST('CASHDESK_ID_BANKACCOUNT_CASH', 'alpha') : ''), 'chaine', 0, '', $conf->entity); - $res = dolibarr_set_const($db, "CASHDESK_ID_BANKACCOUNT_CHEQUE", (GETPOST('CASHDESK_ID_BANKACCOUNT_CHEQUE', 'alpha') > 0 ? GETPOST('CASHDESK_ID_BANKACCOUNT_CHEQUE', 'alpha') : ''), 'chaine', 0, '', $conf->entity); - $res = dolibarr_set_const($db, "CASHDESK_ID_BANKACCOUNT_CB", (GETPOST('CASHDESK_ID_BANKACCOUNT_CB', 'alpha') > 0 ? GETPOST('CASHDESK_ID_BANKACCOUNT_CB', 'alpha') : ''), 'chaine', 0, '', $conf->entity); - $res = dolibarr_set_const($db, "CASHDESK_ID_WAREHOUSE", (GETPOST('CASHDESK_ID_WAREHOUSE', 'alpha') > 0 ? GETPOST('CASHDESK_ID_WAREHOUSE', 'alpha') : ''), 'chaine', 0, '', $conf->entity); - $res = dolibarr_set_const($db, "CASHDESK_NO_DECREASE_STOCK", GETPOST('CASHDESK_NO_DECREASE_STOCK', 'alpha'), 'chaine', 0, '', $conf->entity); - $res = dolibarr_set_const($db, "CASHDESK_SERVICES", GETPOST('CASHDESK_SERVICES', 'alpha'), 'chaine', 0, '', $conf->entity); - $res = dolibarr_set_const($db, "CASHDESK_DOLIBAR_RECEIPT_PRINTER", GETPOST('CASHDESK_DOLIBAR_RECEIPT_PRINTER', 'alpha'), 'chaine', 0, '', $conf->entity); - - dol_syslog("admin/cashdesk: level ".GETPOST('level', 'alpha')); - - if (!($res > 0)) { - $error++; - } - - if (!$error) { - $db->commit(); - setEventMessages($langs->trans("SetupSaved"), null, 'mesgs'); - } else { - $db->rollback(); - setEventMessages($langs->trans("Error"), null, 'errors'); - } -} - -/* - * View - */ - -$form = new Form($db); -$formproduct = new FormProduct($db); - -llxHeader('', $langs->trans("CashDeskSetup")); - -$linkback = ''.$langs->trans("BackToModuleList").''; -print load_fiche_titre($langs->trans("CashDeskSetup").' (SimplePOS)', $linkback, 'title_setup'); -print '
'; - - -// Mode -print '
'; -print ''; -print ''; - -if (!empty($conf->service->enabled)) { - print ''; - print ''; - print ''; - print "\n"; - - print '\n"; - - print '
'.$langs->trans("Parameters").''.$langs->trans("Value").'
'; - print $langs->trans("CashdeskShowServices"); - print ''; - print $form->selectyesno("CASHDESK_SERVICES", $conf->global->CASHDESK_SERVICES, 1); - print "
'; - - print '
'; -} - - -print ''; -print ''; -print ''; -print "\n"; - -print ''; -print ''; -if (!empty($conf->banque->enabled)) { - print ''; - print ''; - - - print ''; - print ''; - - - print ''; - print ''; -} - -if (!empty($conf->stock->enabled)) { - print ''; // Force warehouse (this is not a default value) - print ''; - - $disabled = $conf->global->CASHDESK_NO_DECREASE_STOCK; - - - print ''; // Force warehouse (this is not a default value) - print ''; -} - -// Use Dolibarr Receipt Printer -if (!empty($conf->receiptprinter->enabled)) { - print '\n"; -} - -print '
'.$langs->trans("Terminal").' 0'.$langs->trans("Value").'
'.$langs->trans("CashDeskThirdPartyForSell").''; -print $form->select_company($conf->global->CASHDESK_ID_THIRDPARTY, 'socid', '(s.client in (1,3) AND s.status = 1)', 1, 0, 0, array(), 0); -print '
'.$langs->trans("CashDeskBankAccountForSell").''; - $form->select_comptes($conf->global->CASHDESK_ID_BANKACCOUNT_CASH, 'CASHDESK_ID_BANKACCOUNT_CASH', 0, "courant=2", 1); - print '
'.$langs->trans("CashDeskBankAccountForCheque").''; - $form->select_comptes($conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE, 'CASHDESK_ID_BANKACCOUNT_CHEQUE', 0, "courant=1", 1); - print '
'.$langs->trans("CashDeskBankAccountForCB").''; - $form->select_comptes($conf->global->CASHDESK_ID_BANKACCOUNT_CB, 'CASHDESK_ID_BANKACCOUNT_CB', 0, "courant=1", 1); - print '
'.$langs->trans("CashDeskDoNotDecreaseStock").''; - if (empty($conf->productbatch->enabled)) { - print $form->selectyesno('CASHDESK_NO_DECREASE_STOCK', $conf->global->CASHDESK_NO_DECREASE_STOCK, 1); - } else { - if (!$conf->global->CASHDESK_NO_DECREASE_STOCK) { - $res = dolibarr_set_const($db, "CASHDESK_NO_DECREASE_STOCK", 1, 'chaine', 0, '', $conf->entity); - } - print $langs->trans("Yes").'
'; - print ''.$langs->trans('StockDecreaseForPointOfSaleDisabledbyBatch').''; - } - print '
'.$langs->trans("CashDeskIdWareHouse").''; - if (!$disabled) { - print $formproduct->selectWarehouses($conf->global->CASHDESK_ID_WAREHOUSE, 'CASHDESK_ID_WAREHOUSE', '', 1, $disabled); - print ' ('.$langs->trans("Create").')'; - } else { - print ''.$langs->trans("StockDecreaseForPointOfSaleDisabled").''; - } - print '
'; - print $langs->trans("DolibarrReceiptPrinter").' ('.$langs->trans("FeatureNotYetAvailable").')'; - print ''; - print $form->selectyesno("CASHDESK_DOLIBAR_RECEIPT_PRINTER", $conf->global->CASHDESK_DOLIBAR_RECEIPT_PRINTER, 1); - print "
'; -print '
'; - -print '
'; - -print "
\n"; - -// End of page -llxFooter(); -$db->close(); diff --git a/htdocs/cashdesk/affContenu.php b/htdocs/cashdesk/affContenu.php deleted file mode 100644 index d8e31f3b9c9..00000000000 --- a/htdocs/cashdesk/affContenu.php +++ /dev/null @@ -1,100 +0,0 @@ - - * Copyright (C) 2008-2009 Laurent Destailleur - * Copyright (C) 2009 Regis Houssin - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -/** - * \file htdocs/cashdesk/affContenu.php - * \ingroup cashdesk - * \brief Include to show main page for cashdesk module - */ - -require_once 'class/Facturation.class.php'; - -// Si nouvelle vente, reinitialisation des donnees (destruction de l'objet et vidage de la table contenant la liste des articles) -if (GETPOST('id', 'int') == 'NOUV') { - unset($_SESSION['serObjFacturation']); - unset($_SESSION['poscart']); -} - -// Recuperation, s'il existe, de l'objet contenant les infos de la vente en cours ... -if (isset($_SESSION['serObjFacturation'])) { - $obj_facturation = unserialize($_SESSION['serObjFacturation']); - unset($_SESSION['serObjFacturation']); -} else { - // ... sinon, c'est une nouvelle vente - $obj_facturation = new Facturation(); -} - -if (empty($user->rights->cashdesk->run)) { - accessforbidden(); -} - - -/* - * View - */ - -// $obj_facturation contains data for all invoice total + selection of current product - -$obj_facturation->calculTotaux(); // Redefine prix_total_ttc, prix_total_ht et montant_tva from $_SESSION['poscart'] - -$total_ttc = $obj_facturation->amountWithTax(); - -/*var_dump($obj_facturation); -var_dump($_SESSION['poscart']); -var_dump($total_ttc); -exit;*/ - - -// Left area with selected articles (area for article, amount and payments) -print '
'; -print '
'; - -$page = GETPOST('menutpl', 'alpha'); -if (empty($page)) { - $page = 'facturation'; -} - -if (in_array( - $page, - array( - 'deconnexion', - 'index', 'index_verif', 'facturation', 'facturation_verif', 'facturation_dhtml', - 'validation', 'validation_ok', 'validation_ticket', 'validation_verif', - ) -)) { - include $page.'.php'; -} else { - dol_print_error('', 'menu param '.$page.' is not inside allowed list'); -} - -print '
'; -print '
'; - - - -// Right area with selected articles (shopping cart) -print '
'; -print '
'; - -require 'tpl/liste_articles.tpl.php'; - -print '
'; -print '
'; - -$_SESSION['serObjFacturation'] = serialize($obj_facturation); diff --git a/htdocs/cashdesk/affIndex.php b/htdocs/cashdesk/affIndex.php deleted file mode 100644 index a352649feb4..00000000000 --- a/htdocs/cashdesk/affIndex.php +++ /dev/null @@ -1,78 +0,0 @@ - - * Copyright (C) 2008-2010 Laurent Destailleur - * Copyright (C) 2009 Regis Houssin - * Copyright (C) 2011 Juanjo Menent - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -/** - * \file htdocs/cashdesk/affIndex.php - * \ingroup cashdesk - * \brief First page of point of sale module - */ -require '../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/cashdesk/include/environnement.php'; -require_once DOL_DOCUMENT_ROOT.'/cashdesk/include/keypad.php'; - -$error = GETPOST('error'); - -// Test if already logged -if ($_SESSION['uid'] <= 0) { - header('Location: index.php'); - exit; -} - -// Load translation files required by the page -$langs->loadLangs(array("companies", "compta", "cashdesk")); - -if (empty($user->rights->cashdesk->run)) { - accessforbidden(); -} - - -/* - * View - */ - -$form = new Form($db); - -$arrayofjs = array(); -$arrayofcss = array('/cashdesk/css/style.css'); - -top_htmlhead($head, $langs->trans("CashDesk"), 0, 0, $arrayofjs, $arrayofcss); - -print ''."\n"; - -if (!empty($error)) { - dol_htmloutput_events(); -} - -print '
'."\n"; -print '
'."\n"; -print '
'."\n"; - -print '
'."\n"; -include_once 'tpl/menu.tpl.php'; -print '
'."\n"; - -print '
'."\n"; -include_once 'affContenu.php'; -print '
'."\n"; - -include_once 'affPied.php'; - -print '
'."\n"; -print ''."\n"; diff --git a/htdocs/cashdesk/affPied.php b/htdocs/cashdesk/affPied.php deleted file mode 100644 index 6481a0c2aff..00000000000 --- a/htdocs/cashdesk/affPied.php +++ /dev/null @@ -1,52 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -/** - * \file htdocs/cashdesk/affPied.php - * \ingroup cashdesk - * \brief Bottom of main page of point of sale module - */ - -if (empty($user->rights->cashdesk->run)) { - accessforbidden(); -} - -?> - -
-use_javascript_ajax) && empty($conf->dol_no_mouse_hover)) { - print "\n\n"; - print '' . "\n"; -} - -printCommonFooter('private'); -?> -
diff --git a/htdocs/cashdesk/class/Auth.class.php b/htdocs/cashdesk/class/Auth.class.php deleted file mode 100644 index 23fa4d6d0a1..00000000000 --- a/htdocs/cashdesk/class/Auth.class.php +++ /dev/null @@ -1,144 +0,0 @@ - - * Copyright (C) 2008-2011 Laurent Destailleur - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - - -/** - * Class ot manage authentication for pos module (cashdesk) - */ -class Auth -{ - protected $db; - - private $login; - private $passwd; - - private $reponse; - - public $sqlQuery; - - /** - * Enter description here ... - * - * @param DoliDB $db Database handler - * @return void - */ - public function __construct($db) - { - $this->db = $db; - $this->reponse(null); - } - - /** - * Enter description here ... - * - * @param string $aLogin Login - * @return void - */ - public function login($aLogin) - { - $this->login = $aLogin; - } - - /** - * Enter description here ... - * - * @param string $aPasswd Password - * @return void - */ - public function passwd($aPasswd) - { - $this->passwd = $aPasswd; - } - - /** - * Enter description here ... - * - * @param string $aReponse Response - * @return void - */ - public function reponse($aReponse) - { - $this->reponse = $aReponse; - } - - /** - * Validate login/pass - * - * @param string $aLogin Login - * @param string $aPasswd Password - * @return int 0 or 1 - */ - public function verif($aLogin, $aPasswd) - { - global $conf, $langs; - global $dolibarr_main_authentication, $dolibarr_auto_user; - - $ret = -1; - - $login = ''; - - $test = true; - - // Authentication mode - if (empty($dolibarr_main_authentication)) { - $dolibarr_main_authentication = 'http,dolibarr'; - } - // Authentication mode: forceuser - if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) { - $dolibarr_auto_user = 'auto'; - } - // Set authmode - $authmode = explode(',', $dolibarr_main_authentication); - - // No authentication mode - if (!count($authmode)) { - $langs->load('main'); - dol_print_error('', $langs->trans("ErrorConfigParameterNotDefined", 'dolibarr_main_authentication')); - exit; - } - - $usertotest = $aLogin; - $passwordtotest = $aPasswd; - $entitytotest = $conf->entity; - - // Validation tests user / password - // If ok, the variable will be initialized login - // If error, we will put error message in session under the name dol_loginmesg - $goontestloop = false; - if (isset($_SERVER["REMOTE_USER"]) && in_array('http', $authmode)) { - $goontestloop = true; - } - if (isset($aLogin) || GETPOST('openid_mode', 'alpha', 1)) { - $goontestloop = true; - } - - if ($test && $goontestloop) { - include_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php'; - $login = checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode); - if ($login) { - $this->login($aLogin); - $this->passwd($aPasswd); - $ret = 0; - } else { - $ret = -1; - } - } - - return $ret; - } -} diff --git a/htdocs/cashdesk/class/Facturation.class.php b/htdocs/cashdesk/class/Facturation.class.php deleted file mode 100644 index 339edce5f03..00000000000 --- a/htdocs/cashdesk/class/Facturation.class.php +++ /dev/null @@ -1,558 +0,0 @@ - - * Copyright (C) 2008-2010 Laurent Destailleur - * Copyright (C) 2010 Juanjo Menent - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -include_once DOL_DOCUMENT_ROOT.'/core/lib/price.lib.php'; - - -/** - * Class to manage invoices for pos module (cashdesk) - */ -class Facturation -{ - /** - * Attributs "volatiles" : reinitialises apres chaque traitement d'un article - *

Attributs "volatiles" : reinitialises apres chaque traitement d'un article

- * int $id => 'rowid' du produit dans llx_product - * string $ref => 'ref' du produit dans llx_product - * int $qte => Quantite pour le produit en cours de traitement - * int $stock => Stock theorique pour le produit en cours de traitement - * int $remise_percent => Remise en pourcent sur le produit en cours - * int $montant_remise => Remise en pourcent sur le produit en cours - * int $prix => Prix HT du produit en cours - * int $tva => 'rowid' du taux de tva dans llx_c_tva - */ - - /** - * @var int ID - */ - public $id; - - protected $ref; - protected $qte; - protected $stock; - protected $remise_percent; - protected $montant_remise; - protected $prix; - protected $tva; - - /** - * Attributs persistants : utilises pour toute la duree de la vente (jusqu'a validation ou annulation) - * string $num_facture => Numero de la facture (de la forme FAYYMM-XXXX) - * string $mode_reglement => Mode de reglement (ESP, CB ou CHQ) - * int $montant_encaisse => Montant encaisse en cas de reglement en especes - * int $montant_rendu => Monnaie rendue en cas de reglement en especes - * int $paiement_le => Date de paiement en cas de paiement differe - * - * int $prix_total_ht => Prix total hors taxes - * int $montant_tva => Montant total de la TVA, tous taux confondus - * int $prix_total_ttc => Prix total TTC - */ - protected $num_facture; - protected $mode_reglement; - protected $montant_encaisse; - protected $montant_rendu; - protected $paiement_le; - - protected $prix_total_ht; - protected $montant_tva; - protected $prix_total_ttc; - - - /** - * Constructor - */ - public function __construct() - { - $this->raz(); - $this->razPers(); - } - - - // Data processing methods - - - /** - * Add a product into cart - * - * @return void - */ - public function ajoutArticle() - { - global $conf, $db, $mysoc; - - $thirdpartyid = $_SESSION['CASHDESK_ID_THIRDPARTY']; - - $societe = new Societe($db); - $societe->fetch($thirdpartyid); - - $product = new Product($db); - $product->fetch($this->id); - - - $vatrowid = $this->tva(); - - $tmp = getTaxesFromId($vatrowid); - $txtva = $tmp['rate'].(empty($tmp['code']) ? '' : ' ('.$tmp['code'].')'); - $vat_npr = $tmp['npr']; - - $localtaxarray = getLocalTaxesFromRate($vatrowid, 0, $societe, $mysoc, 1); - - // Clean vat code - $reg = array(); - $vat_src_code = ''; - if (preg_match('/\((.*)\)/', $txtva, $reg)) { - $vat_src_code = $reg[1]; - $txtva = preg_replace('/\s*\(.*\)/', '', $txtva); // Remove code into vatrate. - } - - // Define part of HT, VAT, TTC - $resultarray = calcul_price_total($this->qte, $this->prix(), $this->remisePercent(), $txtva, -1, -1, 0, 'HT', $vat_npr, $product->type, $mysoc, $localtaxarray); - - // Calculation of total HT without discount - $total_ht = $resultarray[0]; - $total_vat = $resultarray[1]; - $total_ttc = $resultarray[2]; - $total_localtax1 = $resultarray[9]; - $total_localtax2 = $resultarray[10]; - - // Calculation of the discount amount - if ($this->remisePercent()) { - $remise_percent = $this->remisePercent(); - } else { - $remise_percent = 0; - } - $montant_remise_ht = ($resultarray[6] - $resultarray[0]); - $this->amountDiscount($montant_remise_ht); - - $newcartarray = $_SESSION['poscart']; - - $i = 0; - if (!is_null($newcartarray) && !empty($newcartarray)) { - $i = count($newcartarray); - } - - $newcartarray[$i]['id'] = $i; - $newcartarray[$i]['ref'] = $product->ref; - $newcartarray[$i]['label'] = $product->label; - $newcartarray[$i]['price'] = $product->price; - $newcartarray[$i]['price_ttc'] = $product->price_ttc; - - if (!empty($conf->global->PRODUIT_MULTIPRICES)) { - if (isset($product->multiprices[$societe->price_level])) { - $newcartarray[$i]['price'] = $product->multiprices[$societe->price_level]; - $newcartarray[$i]['price_ttc'] = $product->multiprices_ttc[$societe->price_level]; - } - } - - $newcartarray[$i]['fk_article'] = $this->id; - $newcartarray[$i]['qte'] = $this->qte(); - $newcartarray[$i]['fk_tva'] = $this->tva(); // Vat rowid - $newcartarray[$i]['remise_percent'] = $remise_percent; - $newcartarray[$i]['remise'] = price2num($montant_remise_ht); - $newcartarray[$i]['total_ht'] = price2num($total_ht, 'MT'); - $newcartarray[$i]['total_ttc'] = price2num($total_ttc, 'MT'); - $newcartarray[$i]['total_vat'] = price2num($total_vat, 'MT'); - $newcartarray[$i]['total_localtax1'] = price2num($total_localtax1, 'MT'); - $newcartarray[$i]['total_localtax2'] = price2num($total_localtax2, 'MT'); - $_SESSION['poscart'] = $newcartarray; - - $this->raz(); - } - - /** - * Remove a product from panel - * - * @param int $aArticle Id of line into cart to remove - * @return void - */ - public function supprArticle($aArticle) - { - $poscart = $_SESSION['poscart']; - - $j = 0; - $newposcart = array(); - foreach ($poscart as $key => $val) { - if ($poscart[$key]['id'] != $aArticle) { - $newposcart[$j] = $poscart[$key]; - $newposcart[$j]['id'] = $j; - $j++; - } - } - unset($poscart); - //var_dump($poscart);exit; - $_SESSION['poscart'] = $newposcart; - } - - /** - * Calculation of total HT, total TTC and VAT amounts - * - * @return int Total - */ - public function calculTotaux() - { - global $db; - - $total_ht = 0; - $total_ttc = 0; - $total_vat = 0; - $total_localtax1 = 0; - $total_localtax2 = 0; - - $tab = (!empty($_SESSION['poscart']) ? $_SESSION['poscart'] : array()); - - $tab_size = count($tab); - for ($i = 0; $i < $tab_size; $i++) { - // Total HT - $remise = $tab[$i]['remise']; - $total_ht += ($tab[$i]['total_ht']); - $total_vat += ($tab[$i]['total_vat']); - $total_ttc += ($tab[$i]['total_ttc']); - $total_localtax1 += ($tab[$i]['total_localtax1']); - $total_localtax2 += ($tab[$i]['total_localtax2']); - } - - $this->prix_total_ttc = $total_ttc; - $this->prix_total_ht = $total_ht; - $this->prix_total_vat = $total_vat; - $this->prix_total_localtax1 = $total_localtax1; - $this->prix_total_localtax2 = $total_localtax2; - - $this->montant_tva = $total_ttc - $total_ht; - //print 'total: '.$this->prix_total_ttc; exit; - } - - /** - * Reset attributes - * - * @return void - */ - public function raz() - { - $this->id('RESET'); - $this->ref('RESET'); - $this->qte('RESET'); - $this->stock('RESET'); - $this->remisePercent('RESET'); - $this->amountDiscount('RESET'); - $this->prix('RESET'); - $this->tva('RESET'); - } - - /** - * Resetting persistent attributes - * - * @return void - */ - private function razPers() - { - $this->numInvoice('RESET'); - $this->getSetPaymentMode('RESET'); - $this->amountCollected('RESET'); - $this->amountReturned('RESET'); - $this->paiementLe('RESET'); - - $this->amountWithoutTax('RESET'); - $this->amountVat('RESET'); - $this->amountWithTax('RESET'); - } - - - // Methods for modifying protected attributes - - /** - * Getter for id - * - * @param int $aId Id - * @return int Id - */ - public function id($aId = null) - { - - if (!$aId) { - return $this->id; - } elseif ($aId == 'RESET') { - $this->id = null; - } else { - $this->id = $aId; - } - } - - /** - * Getter for ref - * - * @param string $aRef Ref - * @return string Ref - */ - public function ref($aRef = null) - { - - if (is_null($aRef)) { - return $this->ref; - } elseif ($aRef == 'RESET') { - $this->ref = null; - } else { - $this->ref = $aRef; - } - } - - /** - * Getter for qte - * - * @param int $aQte Qty - * @return int Qty - */ - public function qte($aQte = null) - { - if (is_null($aQte)) { - return $this->qte; - } elseif ($aQte == 'RESET') { - $this->qte = null; - } else { - $this->qte = $aQte; - } - } - - /** - * Getter for stock - * - * @param string $aStock Stock - * @return string Stock - */ - public function stock($aStock = null) - { - - if (is_null($aStock)) { - return $this->stock; - } elseif ($aStock == 'RESET') { - $this->stock = null; - } else { - $this->stock = $aStock; - } - } - - /** - * Getter for remise_percent - * - * @param string $aRemisePercent Discount - * @return string Discount - */ - public function remisePercent($aRemisePercent = null) - { - - if (is_null($aRemisePercent)) { - return $this->remise_percent; - } elseif ($aRemisePercent == 'RESET') { - $this->remise_percent = null; - } else { - $this->remise_percent = $aRemisePercent; - } - } - - /** - * Getter for montant_remise - * - * @param int $aMontantRemise Amount - * @return string Amount - */ - public function amountDiscount($aMontantRemise = null) - { - - if (is_null($aMontantRemise)) { - return $this->montant_remise; - } elseif ($aMontantRemise == 'RESET') { - $this->montant_remise = null; - } else { - $this->montant_remise = $aMontantRemise; - } - } - - /** - * Getter for prix - * - * @param int $aPrix Price - * @return string Stock - */ - public function prix($aPrix = null) - { - - if (is_null($aPrix)) { - return $this->prix; - } elseif ($aPrix == 'RESET') { - $this->prix = null; - } else { - $this->prix = $aPrix; - } - } - - /** - * Getter for tva - * - * @param int $aTva Vat - * @return int Vat - */ - public function tva($aTva = null) - { - if (is_null($aTva)) { - return $this->tva; - } elseif ($aTva == 'RESET') { - $this->tva = null; - } else { - $this->tva = $aTva; - } - } - - /** - * Get num invoice - * - * @param string $aNumFacture Invoice ref - * @return string Invoice ref - */ - public function numInvoice($aNumFacture = null) - { - if (is_null($aNumFacture)) { - return $this->num_facture; - } elseif ($aNumFacture == 'RESET') { - $this->num_facture = null; - } else { - $this->num_facture = $aNumFacture; - } - } - - /** - * Get payment mode - * - * @param int $aModeReglement Payment mode - * @return int Payment mode - */ - public function getSetPaymentMode($aModeReglement = null) - { - - if (is_null($aModeReglement)) { - return $this->mode_reglement; - } elseif ($aModeReglement == 'RESET') { - $this->mode_reglement = null; - } else { - $this->mode_reglement = $aModeReglement; - } - } - - /** - * Get amount - * - * @param int $aMontantEncaisse Amount - * @return int Amount - */ - public function amountCollected($aMontantEncaisse = null) - { - - if (is_null($aMontantEncaisse)) { - return $this->montant_encaisse; - } elseif ($aMontantEncaisse == 'RESET') { - $this->montant_encaisse = null; - } else { - $this->montant_encaisse = $aMontantEncaisse; - } - } - - /** - * Get amount - * - * @param int $aMontantRendu Amount - * @return int Amount - */ - public function amountReturned($aMontantRendu = null) - { - - if (is_null($aMontantRendu)) { - return $this->montant_rendu; - } elseif ($aMontantRendu == 'RESET') { - $this->montant_rendu = null; - } else { - $this->montant_rendu = $aMontantRendu; - } - } - - /** - * Get payment date - * - * @param integer $aPaiementLe Date - * @return integer Date - */ - public function paiementLe($aPaiementLe = null) - { - if (is_null($aPaiementLe)) { - return $this->paiement_le; - } elseif ($aPaiementLe == 'RESET') { - $this->paiement_le = null; - } else { - $this->paiement_le = $aPaiementLe; - } - } - - /** - * Get total HT - * - * @param int $aTotalHt Total amount - * @return int Total amount - */ - public function amountWithoutTax($aTotalHt = null) - { - if (is_null($aTotalHt)) { - return $this->prix_total_ht; - } elseif ($aTotalHt == 'RESET') { - $this->prix_total_ht = null; - } else { - $this->prix_total_ht = $aTotalHt; - } - } - - /** - * Get amount vat - * - * @param int $aMontantTva Amount vat - * @return int Amount vat - */ - public function amountVat($aMontantTva = null) - { - if (is_null($aMontantTva)) { - return $this->montant_tva; - } elseif ($aMontantTva == 'RESET') { - $this->montant_tva = null; - } else { - $this->montant_tva = $aMontantTva; - } - } - - /** - * Get total TTC - * - * @param int $aTotalTtc Amount ttc - * @return int Amount ttc - */ - public function amountWithTax($aTotalTtc = null) - { - if (is_null($aTotalTtc)) { - return $this->prix_total_ttc; - } elseif ($aTotalTtc == 'RESET') { - $this->prix_total_ttc = null; - } else { - $this->prix_total_ttc = $aTotalTtc; - } - } -} diff --git a/htdocs/cashdesk/css/style.css b/htdocs/cashdesk/css/style.css deleted file mode 100644 index b17a63e548e..00000000000 --- a/htdocs/cashdesk/css/style.css +++ /dev/null @@ -1,455 +0,0 @@ -/* Copyright (C) 2007-2008 Jeremie Ollivier - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -body { - background: #fff; - color: #333; - margin: 0; - padding: 0; -} - -p { - margin: 0; -} - -.conteneur { - background: #fff; - text-align: left; - /*max-width: 770px;*/ - /*margin: 10px auto; - border: 2px solid #000;*/ -} - -.conteneur_img_gauche { - /* background: url("../img/bg_conteneur_gauche.png") top left repeat-y; */ -} - -.conteneur_img_droite { - /* background: url("../img/bg_conteneur_droite.png") top right repeat-y; */ -} - -.contenu { - width: 100%; - text-align: center; - padding-top: 20px; -} - -.logo { - text-align: center; -} -.logopos { - padding-top: 20px; - max-height: 40px; -} - -/* ------------------- Header ------------------- */ -.entete { - height: 15px; - margin: 0; - /* background: url('../img/bg_entete.png') no-repeat left top; */ -} - -.entete span { - display: none; -} - -.principal_login td.label1 { - width: 50%; -} - -/* ------------------- Menu ------------------- */ -.menu_principal { - margin: 0; - font-size: 14px; - height: 84px; - background: #CCCCCC; - background-image: linear-gradient(top, rgba(255,255,255,.3) 0%, rgba(40,40,40,.3) 100%); - background-image: -o-linear-gradient(top, rgba(255,255,255,.3) 0%, rgba(40,40,40,.3) 100%); - background-image: -moz-linear-gradient(top, rgba(255,255,255,.3) 0%, rgba(40,40,40,.3) 100%); - background-image: -webkit-linear-gradient(top, rgba(255,255,255,.3) 0%, rgba(40,40,40,.3) 100%); - background-image: -ms-linear-gradient(top, rgba(255,255,255,.3) 0%, rgba(40,40,40,.3) 100%); - background-image: -webkit-gradient( linear, left top, left bottom, color-stop(0, rgba(255,255,255,.3)), color-stop(1, rgba(40,40,40,.3)) ); -} - -.menu_bloc { - margin-left: 12px; -} - -.menu { - margin: 0; - list-style-type: none; - padding: 8px 0 0; -} - -.menu li { - float: left; - padding-right: 10px; -} - -.menu_choix0 { - font-size: 10px; - text-align: right; - font-style: italic; - font-weight: normal; - display: block; - color: #333; - text-decoration: none; - padding-right: 5px; -} - -/* Force values for small screen 570 */ -@media only screen and (max-width: 570px) -{ - .menu_choix0 { - max-width: 180px; - } -} - -.menu_choix0 a { - font-weight: normal; - text-decoration: none; -} -li.menu_choix0 { - float: right; -} - -/* ------------------- Remind of products ------------------- */ -.liste_articles { - min-width: 215px; - float: right; - margin-top: 8px; - margin-right: 20px; - border: 1px dotted #5ca64d; - padding-bottom: 10px; - vertical-align: middle; -} - -p.titre { - margin: 0 0 20px; - text-align: center; - font-weight: bold; - font-size: 1.4em; - color: #5ca64d; - border-bottom: 1px dotted; -} - -.cadre_article { - width: 180px; - text-align: center; - margin: 0 auto 10px; - padding-bottom: 10px; - border-bottom: 1px solid #eee; -} - -.cadre_article p { - color: #5ca64d; -} - -.cadre_article p a { - color: #333; - font-size: 1.1em; - text-decoration: none; - padding-right: 25px; - background: url('../img/basket_delete.png') top right no-repeat; -} - -.cadre_article p a:hover { - color: #6d3f6d; -} - -.cadre_aucun_article { - text-align: center; - font-style: italic; -} - -.cadre_prix_total { - text-align: center; - font-weight: bold; - font-size: 1.4em; - color: #6d3f6d; - padding-top: 10px; - padding-bottom: 10px; - margin-left: 20px; - margin-right: 20px; - border: 1px dotted #6d3f6d; -} - -/* ------------------- Contenu ------------------- */ -.principal_login { - margin: 10px; - padding: 0; - max-width: 800px; - text-align: left; -} - -.formulaire_login { - text-align: center; -} - -.formulaire_login table { - padding-left: 60px; - margin: 0 auto 20px; - background: url('../img/login.png') bottom left no-repeat; -} - -.formulaire_login table tr { - height: 30px; -} - -.texte_login { - padding-left: 2px; - padding-right: 2px; - background: #fff; - border: 1px solid #6d3f6d; -} - -.principal { - float: left; - margin: 0 15px; - padding: 0; - max-width: 900px; -} - -.blocksellfinished { - min-width: 215px; - margin-top: 8px; -} -.titre1 { - font-weight: bold; - color: #ff9900; - margin: 0; - font-size: 1.4em; -} - -.label1 { - color: #333; - font-size: 1.1em; -} - -.cadre_facturation { - border: 2px solid #ddd; - margin-bottom: 15px; -} - -.principal p { - padding-left: 10px; - padding-right: 10px; -} - -.lien1 { - color: #333; - font-size: 1.1em; - text-decoration: underline; -} - -.lien1:hover { - color: #6d3f6d; -} - -/* Formulaires */ -.formulaire1 { - padding: 0; -} - - -/* --------------------- Combo lists ------------------- */ -.select_design { - overflow: auto; -} - -.select_design select { - border: 1px solid #6d3f6d; - font: 12px verdana,arial,helvetica; - background: #fff; -} - -.select_tva select { - width: 60px; - border: 1px solid #6d3f6d; - background: #fff; -} - -.top_liste { - font-style: italic; - text-align: center; - color: #aaa; -} - -/* --------------- Champs texte ---------------- */ -.texte_ref,.texte1,.texte1_off,.texte2,.texte2_off,.textarea_note { - padding-left: 2px; - padding-right: 2px; -} - -.texte_ref,.texte1,.texte2,.textarea_note { - background: #fff; - border: 1px solid #6d3f6d; -} - -.texte1_off,.texte2_off { - color: #000; - border: 1px solid #eee; - background: #eee; -} - -.texte_ref { - min-width: 150px; -} - -.texte1,.texte1_off { - width: 60px; -} - -.texte2,.texte2_off { - width: 140px; -} - -/* ------------------- */ -.textarea_note { - width: 100%; - height: 50px; - padding: 2px 2px; -} - -/* -------------- Buttons for SimplePOS --------------------- */ -.bouton_ajout_article { - margin-top: 10px; - width: 60%; - height: 40px; -} - -.bouton_mode_reglement, .bouton_mode_reglement_disabled { - width: 150px; - height: 40px; -} - -.bouton_validation { /* width: 80px; */ - margin-left: 10px; - margin-top: 20px; - margin-bottom: 10px; -} - -.formulaire2 { - padding: 0; - width: 100%; -} - -.table_resume { - width: 100%; -} - -.table_resume tr { - background: #eee; -} - -.table_resume td { - padding-left: 8px; -} - -.resume_label,.note_label { - min-width: 200px; - font-weight: bold; - font-size: 1.1em; -} - -.note_label { - padding-top: 20px; -} - -/* ------------------- Pied de page ------------------- */ -.pied { - clear: both; - height: 15px; - /* background: url('../img/bg_pied.png') no-repeat bottom left; */ -} - -/* ------------------- Param�tres communs (messages d'erreur, informations, etc...) ------------------- */ -.msg_err1 { - color: #c00; -} - -/* Messages d'erreur */ -.cadre_err1 { - margin-right: 10px; - margin-bottom: 10px; - padding: 10px 10px; - border: 1px solid #c00; - background: #feffac; - color: #c00; -} - -/* Titre */ -.err_titre { - font-weight: bold; - margin: 0 0 10px; - padding: 0; -} - -/* Description */ -.err_desc { - margin: 0; - padding: 0; -} - -/* Messages d'information */ -.cadre_msg1 { - margin-right: 10px; - margin-bottom: 10px; - padding: 10px 10px; - border: 1px solid #070; - background: #e8f8da; - color: #070; -} - -/* Titre */ -.msg_titre { - font-weight: bold; - margin: 0 0 10px; - padding: 0; -} - -/* Description */ -.msg_desc { - margin: 0; - padding: 0; -} - -/* Affichage de la liste des resultats */ -.dhtml_bloc { - margin: 0; - padding: 3px; - font-size: 13px; - font-family: arial, sans-serif; - border: 1px solid #000; - z-index: 1; - width: 455px; - max-height: 500px; - overflow: auto; - position: absolute; - background-color: white; -} - -.dhtml_defaut { - list-style-type: none; - display: block; - height: 16px; - overflow: hidden; -} - -.dhtml_selection { - background-color: #3366cc; - color: white ! important; -} diff --git a/htdocs/cashdesk/css/ticket.css b/htdocs/cashdesk/css/ticket.css deleted file mode 100644 index 248e0f7b9b6..00000000000 --- a/htdocs/cashdesk/css/ticket.css +++ /dev/null @@ -1,61 +0,0 @@ -/* - * TPV ticket.css - */ -body { - font-size: 1.5em; - position: relative; -} - -.entete { /* position: relative; */ - -} - -.address { /* float: left; */ - font-size: 12px; -} - -.date_heure { - position: absolute; - top: 0; - right: 0; - font-size: 16px; -} - -.infos { - position: relative; -} - -.liste_articles { - width: 100%; - border-bottom: 1px solid #000; - text-align: center; -} - -.liste_articles tr.titres th { - border-bottom: 1px solid #000; -} - -.liste_articles td.total { - text-align: right; -} - -.totaux { - margin-top: 20px; - width: 30%; - float: right; - text-align: right; -} - -.lien { - position: absolute; - top: 0; - left: 0; - display: none; -} - -@media print { - .lien { - display: none; - } -} - diff --git a/htdocs/cashdesk/deconnexion.php b/htdocs/cashdesk/deconnexion.php deleted file mode 100644 index f7506902ab5..00000000000 --- a/htdocs/cashdesk/deconnexion.php +++ /dev/null @@ -1,48 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -/** - * \file htdocs/cashdesk/deconnexion.php - * \ingroup cashdesk - * \brief Manage deconnexion for point of sale module - */ - -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1'); // Uncomment creates pb to relogon after a disconnect -if (!defined('NOREQUIREMENU')) { - define('NOREQUIREMENU', '1'); -} -if (!defined('NOREQUIREHTML')) { - define('NOREQUIREHTML', '1'); -} -if (!defined('NOREQUIREAJAX')) { - define('NOREQUIREAJAX', '1'); -} -if (!defined('NOREQUIRESOC')) { - define('NOREQUIRESOC', '1'); -} - -require_once '../main.inc.php'; - -// This destroy tag that say "Point of Sale session is on". -unset($_SESSION['uid']); - -if (empty($user->rights->cashdesk->run)) { - accessforbidden(); -} - -header('Location: '.DOL_URL_ROOT.'/cashdesk/index.php'); -exit; diff --git a/htdocs/cashdesk/facturation.php b/htdocs/cashdesk/facturation.php deleted file mode 100644 index edce8acd781..00000000000 --- a/htdocs/cashdesk/facturation.php +++ /dev/null @@ -1,159 +0,0 @@ - - * Copyright (C) 2008-2011 Laurent Destailleur - * Copyright (C) 2011 Juanjo Menent - * Copyright (C) 2013 Marcos García - * Copyright (C) 2013 Adolfo Segura - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -/** - * \file htdocs/cashdesk/facturation.php - * \ingroup cashdesk - * \brief Include to show main page for cashdesk module - */ - - -if (empty($user->rights->cashdesk->run)) { - accessforbidden(); -} - - -/* - * View - */ - -$form = new Form($db); - -// Get list of articles (in warehouse '$conf_fkentrepot' if defined and stock module enabled) -if (GETPOST('filtre', 'alpha')) { - // Avec filtre - $ret = array(); $i = 0; - - $sql = "SELECT p.rowid, p.ref, p.label, p.tva_tx, p.fk_product_type"; - if (!empty($conf->stock->enabled) && !empty($conf_fkentrepot)) { - $sql .= ", ps.reel"; - } - $sql .= " FROM ".MAIN_DB_PREFIX."product as p"; - if (!empty($conf->stock->enabled) && !empty($conf_fkentrepot)) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps ON p.rowid = ps.fk_product AND ps.fk_entrepot = '".$db->escape($conf_fkentrepot)."'"; - } - $sql .= " WHERE p.entity IN (".getEntity('product').")"; - $sql .= " AND p.tosell = 1"; - if (!$conf->global->CASHDESK_SERVICES) { - $sql .= " AND p.fk_product_type = 0"; - } - $sql .= " AND ("; - $sql .= "p.ref LIKE '%".$db->escape(GETPOST('filtre'))."%' OR p.label LIKE '%".$db->escape(GETPOST('filtre'))."%'"; - if (!empty($conf->barcode->enabled)) { - $filtre = GETPOST('filtre', 'alpha'); - - //If the barcode looks like an EAN13 format and the last digit is included in it, - //then whe look for the 12-digit too - //As the twelve-digit string will also hit the 13-digit code, we only look for this one - if (strlen($filtre) == 13) { - $crit_12digit = substr($filtre, 0, 12); - $sql .= " OR p.barcode LIKE '%".$db->escape($crit_12digit)."%'"; - } else { - $sql .= " OR p.barcode LIKE '%".$db->escape($filtre)."%'"; - } - } - $sql .= ")"; - $sql .= " ORDER BY label"; - - dol_syslog("facturation.php", LOG_DEBUG); - $resql = $db->query($sql); - if ($resql) { - $nbr_enreg = $db->num_rows($resql); - - while ($i < $conf_taille_listes && $tab = $db->fetch_array($resql)) { - foreach ($tab as $cle => $valeur) { - $ret[$i][$cle] = $valeur; - } - $i++; - } - $db->free($resql); - } else { - dol_print_error($db); - } - $tab_designations = $ret; -} else { - // Sans filtre - $ret = array(); - $i = 0; - - $sql = "SELECT p.rowid, ref, label, tva_tx, p.fk_product_type"; - if (!empty($conf->stock->enabled) && !empty($conf_fkentrepot)) { - $sql .= ", ps.reel"; - } - $sql .= " FROM ".MAIN_DB_PREFIX."product as p"; - if (!empty($conf->stock->enabled) && !empty($conf_fkentrepot)) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps ON p.rowid = ps.fk_product AND ps.fk_entrepot = '".$db->escape($conf_fkentrepot)."'"; - } - $sql .= " WHERE p.entity IN (".getEntity('product').")"; - $sql .= " AND p.tosell = 1"; - if (!$conf->global->CASHDESK_SERVICES) { - $sql .= " AND p.fk_product_type = 0"; - } - $sql .= " ORDER BY p.label"; - - dol_syslog($sql); - $resql = $db->query($sql); - if ($resql) { - $nbr_enreg = $db->num_rows($resql); - - while ($i < $conf_taille_listes && $tab = $db->fetch_array($resql)) { - foreach ($tab as $cle => $valeur) { - $ret[$i][$cle] = $valeur; - } - $i++; - } - $db->free($resql); - } else { - dol_print_error($db); - } - $tab_designations = $ret; -} - -//$nbr_enreg = count($tab_designations); - -if ($nbr_enreg > 1) { - if ($nbr_enreg > $conf_taille_listes) { - $top_liste_produits = '----- '.$conf_taille_listes.' '.$langs->transnoentitiesnoconv("CashDeskProducts").' '.$langs->trans("CashDeskOn").' '.$nbr_enreg.' -----'; - } else { - $top_liste_produits = '----- '.$nbr_enreg.' '.$langs->transnoentitiesnoconv("CashDeskProducts").' '.$langs->trans("CashDeskOn").' '.$nbr_enreg.' -----'; - } -} elseif ($nbr_enreg == 1) { - $top_liste_produits = '----- 1 '.$langs->transnoentitiesnoconv("ProductFound").' -----'; -} else { - $top_liste_produits = '----- '.$langs->transnoentitiesnoconv("NoProductFound").' -----'; -} - - -// Recuperation des taux de tva -global $mysoc; - -$ret = array(); -$i = 0; - -// Reinitialisation du mode de paiement, en cas de retour aux achats apres validation -$obj_facturation->getSetPaymentMode('RESET'); -$obj_facturation->amountCollected('RESET'); -$obj_facturation->amountReturned('RESET'); -$obj_facturation->paiementLe('RESET'); - - -// Affichage des templates -require 'tpl/facturation1.tpl.php'; diff --git a/htdocs/cashdesk/facturation_dhtml.php b/htdocs/cashdesk/facturation_dhtml.php deleted file mode 100644 index 3d0e9ff84ec..00000000000 --- a/htdocs/cashdesk/facturation_dhtml.php +++ /dev/null @@ -1,129 +0,0 @@ - - * Copyright (C) 2008-2009 Laurent Destailleur - * Copyright (C) 2015 Regis Houssin - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -/** - * \file htdocs/cashdesk/facturation_dhtml.php - * \ingroup cashdesk - * \brief This page is called each time we press a key in the code search form to show product combo list. - */ - - -if (!defined('NOREQUIRESOC')) { - define('NOREQUIRESOC', '1'); -} -if (!defined('NOCSRFCHECK')) { - define('NOCSRFCHECK', '1'); -} -if (!defined('NOTOKENRENEWAL')) { - define('NOTOKENRENEWAL', '1'); -} -if (!defined('NOREQUIREMENU')) { - define('NOREQUIREMENU', '1'); -} -if (!defined('NOREQUIREHTML')) { - define('NOREQUIREHTML', '1'); -} -if (!defined('NOREQUIREAJAX')) { - define('NOREQUIREAJAX', '1'); -} - -// Change this following line to use the correct relative path (../, ../../, etc) -require '../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/cashdesk/include/environnement.php'; - -if (empty($user->rights->cashdesk->run)) { - accessforbidden(); -} - - -/* - * View - */ - -top_httphead('text/html'); - -$search = GETPOST("code", "alpha"); - -// Search from criteria -if (dol_strlen($search) >= 0) { // If search criteria is on char length at least - $sql = "SELECT p.rowid, p.ref, p.label, p.tva_tx"; - if (!empty($conf->stock->enabled) && !empty($conf_fkentrepot)) { - $sql .= ", ps.reel"; - } - $sql .= " FROM ".MAIN_DB_PREFIX."product as p"; - if (!empty($conf->stock->enabled) && !empty($conf_fkentrepot)) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps ON p.rowid = ps.fk_product AND ps.fk_entrepot = '".$db->escape($conf_fkentrepot)."'"; - } - $sql .= " WHERE p.entity IN (".getEntity('product').")"; - $sql .= " AND p.tosell = 1"; - $sql .= " AND p.fk_product_type = 0"; - // Add criteria on ref/label - if (!empty($conf->global->PRODUCT_DONOTSEARCH_ANYWHERE)) { - $sql .= " AND (p.ref LIKE '".$db->escape($search)."%' OR p.label LIKE '".$db->escape($search)."%'"; - if (!empty($conf->barcode->enabled)) { - $sql .= " OR p.barcode LIKE '".$db->escape($search)."%'"; - } - $sql .= ")"; - } else { - $sql .= " AND (p.ref LIKE '%".$db->escape($search)."%' OR p.label LIKE '%".$db->escape($search)."%'"; - if (!empty($conf->barcode->enabled)) { - $sql .= " OR p.barcode LIKE '%".$db->escape($search)."%'"; - } - $sql .= ")"; - } - $sql .= " ORDER BY label"; - - dol_syslog("facturation_dhtml.php", LOG_DEBUG); - $result = $db->query($sql); - - if ($result) { - if ($nbr = $db->num_rows($result)) { - $resultat = '
    '; - - $ret = array(); $i = 0; - while ($tab = $db->fetch_array($result)) { - foreach ($tab as $cle => $valeur) { - $ret[$i][$cle] = $valeur; - } - $i++; - } - $tab = $ret; - - $tab_size = count($tab); - for ($i = 0; $i < $tab_size; $i++) { - $resultat .= ' -
  • '.$tab[$i]['ref'].' - '.$tab[$i]['label'].'
    • - '; - } - - $resultat .= '
'; - - print $resultat; - } else { - $langs->load("cashdesk"); - - print '
    '; - print '
  • '.$langs->trans("NoResults").'
    • '; - print '
'; - } - } -} diff --git a/htdocs/cashdesk/facturation_verif.php b/htdocs/cashdesk/facturation_verif.php deleted file mode 100644 index f51cda3e77b..00000000000 --- a/htdocs/cashdesk/facturation_verif.php +++ /dev/null @@ -1,225 +0,0 @@ - - * Copyright (C) 2008-2010 Laurent Destailleur - * Copyright (C) 2018 Juanjo Menent - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -/** - * \file htdocs/cashdesk/facturation_verif.php - * \ingroup cashdesk - * \brief facturation_verif.php - */ - -require '../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/cashdesk/include/environnement.php'; -require_once DOL_DOCUMENT_ROOT.'/cashdesk/class/Facturation.class.php'; -require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; -require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php'; - -$action = GETPOST('action', 'aZ09'); - -$obj_facturation = unserialize($_SESSION['serObjFacturation']); -unset($_SESSION['serObjFacturation']); - -if (empty($user->rights->cashdesk->run)) { - accessforbidden(); -} - - -/* - * View - */ - -switch ($action) { - default: - if (GETPOST('hdnSource') != 'NULL') { - $sql = "SELECT p.rowid, p.ref, p.price, p.tva_tx, p.default_vat_code, p.recuperableonly"; - if (!empty($conf->stock->enabled) && !empty($conf_fkentrepot)) { - $sql .= ", ps.reel"; - } - $sql .= " FROM ".MAIN_DB_PREFIX."product as p"; - if (!empty($conf->stock->enabled) && !empty($conf_fkentrepot)) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps ON p.rowid = ps.fk_product AND ps.fk_entrepot = ".((int) $conf_fkentrepot); - } - $sql .= " WHERE p.entity IN (".getEntity('product').")"; - - // Recuperation des donnees en fonction de la source (liste deroulante ou champ texte) ... - if ($_POST['hdnSource'] == 'LISTE') { - $sql .= " AND p.rowid = ".((int) GETPOST('selProduit', 'int')); - } elseif ($_POST['hdnSource'] == 'REF') { - $sql .= " AND p.ref = '".$db->escape(GETPOST('txtRef', 'alpha'))."'"; - } - - $result = $db->query($sql); - if ($result) { - // ... et enregistrement dans l'objet - if ($db->num_rows($result)) { - $ret = array(); - $tab = $db->fetch_array($result); - foreach ($tab as $key => $value) { - $ret[$key] = $value; - } - // Here $ret['tva_tx'] is vat rate of product but we want to not use the one into table but found by function - - $productid = $ret['rowid']; - $product = new Product($db); - $product->fetch($productid); - $prod = $product; - - $thirdpartyid = $_SESSION['CASHDESK_ID_THIRDPARTY']; - $societe = new Societe($db); - $societe->fetch($thirdpartyid); - - // Update if prices fields are defined - $tva_tx = get_default_tva($mysoc, $societe, $product->id); - $tva_npr = get_default_npr($mysoc, $societe, $product->id); - if (empty($tva_tx)) { - $tva_npr = 0; - } - - $pu_ht = $prod->price; - $pu_ttc = $prod->price_ttc; - $price_min = $prod->price_min; - $price_base_type = $prod->price_base_type; - - // multiprix - if (!empty($conf->global->PRODUIT_MULTIPRICES) && !empty($societe->price_level)) { - $pu_ht = $prod->multiprices[$societe->price_level]; - $pu_ttc = $prod->multiprices_ttc[$societe->price_level]; - $price_min = $prod->multiprices_min[$societe->price_level]; - $price_base_type = $prod->multiprices_base_type[$societe->price_level]; - if (!empty($conf->global->PRODUIT_MULTIPRICES_USE_VAT_PER_LEVEL)) { // using this option is a bug. kept for backward compatibility - if (isset($prod->multiprices_tva_tx[$societe->price_level])) { - $tva_tx = $prod->multiprices_tva_tx[$societe->price_level]; - } - if (isset($prod->multiprices_recuperableonly[$societe->price_level])) { - $tva_npr = $prod->multiprices_recuperableonly[$societe->price_level]; - } - } - } elseif (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { - require_once DOL_DOCUMENT_ROOT.'/product/class/productcustomerprice.class.php'; - - $prodcustprice = new Productcustomerprice($db); - - $filter = array('t.fk_product' => $prod->id, 't.fk_soc' => $societe->id); - - $result = $prodcustprice->fetch_all('', '', 0, 0, $filter); - if ($result >= 0) { - if (count($prodcustprice->lines) > 0) { - $pu_ht = price($prodcustprice->lines[0]->price); - $pu_ttc = price($prodcustprice->lines[0]->price_ttc); - $price_base_type = $prodcustprice->lines[0]->price_base_type; - $tva_tx = $prodcustprice->lines[0]->tva_tx; - if ($prodcustprice->lines[0]->default_vat_code && !preg_match('/\(.*\)/', $tva_tx)) { - $tva_tx .= ' ('.$prodcustprice->lines[0]->default_vat_code.')'; - } - $tva_npr = $prodcustprice->lines[0]->recuperableonly; - if (empty($tva_tx)) { - $tva_npr = 0; - } - } - } else { - setEventMessages($prodcustprice->error, $prodcustprice->errors, 'errors'); - } - } - - $tmpvat = price2num(preg_replace('/\s*\(.*\)/', '', $tva_tx)); - $tmpprodvat = price2num(preg_replace('/\s*\(.*\)/', '', $prod->tva_tx)); - - // if price ht is forced (ie: calculated by margin rate and cost price). TODO Why this ? - if (!empty($price_ht)) { - $pu_ht = price2num($price_ht, 'MU'); - $pu_ttc = price2num($pu_ht * (1 + ($tmpvat / 100)), 'MU'); - } elseif ($tmpvat != $tmpprodvat) { - // On reevalue prix selon taux tva car taux tva transaction peut etre different - // de ceux du produit par defaut (par exemple si pays different entre vendeur et acheteur). - if ($price_base_type != 'HT') { - $pu_ht = price2num($pu_ttc / (1 + ($tmpvat / 100)), 'MU'); - } else { - $pu_ttc = price2num($pu_ht * (1 + ($tmpvat / 100)), 'MU'); - } - } - - $obj_facturation->id($ret['rowid']); - $obj_facturation->ref($ret['ref']); - $obj_facturation->stock($ret['reel']); - //$obj_facturation->prix($ret['price']); - $obj_facturation->prix($pu_ht); - - - $vatrate = $tva_tx; - $obj_facturation->vatrate = $vatrate; // Save vat rate (full text vat with code) - - // Definition du filtre pour n'afficher que le produit concerne - if (GETPOST('hdnSource') == 'LISTE') { - $filtre = $ret['ref']; - } elseif (GETPOST('hdnSource') == 'REF') { - $filtre = GETPOST('txtRef'); - } - - $redirection = DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=facturation&filtre='.urlencode($filtre); - } else { - $obj_facturation->raz(); - - if (GETPOST('hdnSource') == 'REF') { - $redirection = DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=facturation&filtre='.urlencode(GETPOST('txtRef')); - } else { - $redirection = DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=facturation'; - } - } - } else { - dol_print_error($db); - } - } else { - $redirection = DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=facturation'; - } - - break; - - case 'change_thirdparty': // We have clicked on button "Modify" a thirdparty - $newthirdpartyid = GETPOST('CASHDESK_ID_THIRDPARTY', 'int'); - if ($newthirdpartyid > 0) { - $_SESSION["CASHDESK_ID_THIRDPARTY"] = $newthirdpartyid; - } - - $redirection = DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=facturation'; - break; - - case 'ajout_article': - if (!empty($obj_facturation->id)) { // A product was previously selected and stored in session, so we can add it - dol_syslog("facturation_verif save vat ".GETPOST('selTva')); - $obj_facturation->qte(GETPOST('txtQte')); - $obj_facturation->tva(GETPOST('selTva')); // id of vat. Saved so we can use it for next product - $obj_facturation->remisePercent(GETPOST('txtRemise')); - $obj_facturation->ajoutArticle(); // This add an entry into $_SESSION['poscart'] - // We update prixTotalTtc - } - - $redirection = DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=facturation'; - break; - - case 'suppr_article': - $obj_facturation->supprArticle(GETPOST('suppr_id')); - - $redirection = DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=facturation'; - break; -} - -// We saved object obj_facturation -$_SESSION['serObjFacturation'] = serialize($obj_facturation); -//var_dump($_SESSION['serObjFacturation']); -header('Location: '.$redirection); -exit; diff --git a/htdocs/cashdesk/img/basket_delete.png b/htdocs/cashdesk/img/basket_delete.png deleted file mode 100644 index 9419d91d9f1..00000000000 Binary files a/htdocs/cashdesk/img/basket_delete.png and /dev/null differ diff --git a/htdocs/cashdesk/img/bg_conteneur_droite.png b/htdocs/cashdesk/img/bg_conteneur_droite.png deleted file mode 100644 index 87d7fcf069a..00000000000 Binary files a/htdocs/cashdesk/img/bg_conteneur_droite.png and /dev/null differ diff --git a/htdocs/cashdesk/img/bg_conteneur_gauche.png b/htdocs/cashdesk/img/bg_conteneur_gauche.png deleted file mode 100644 index a6da5629413..00000000000 Binary files a/htdocs/cashdesk/img/bg_conteneur_gauche.png and /dev/null differ diff --git a/htdocs/cashdesk/img/bg_entete.png b/htdocs/cashdesk/img/bg_entete.png deleted file mode 100644 index 0c7670509bc..00000000000 Binary files a/htdocs/cashdesk/img/bg_entete.png and /dev/null differ diff --git a/htdocs/cashdesk/img/bg_pied.png b/htdocs/cashdesk/img/bg_pied.png deleted file mode 100644 index 36a38a42ced..00000000000 Binary files a/htdocs/cashdesk/img/bg_pied.png and /dev/null differ diff --git a/htdocs/cashdesk/img/calendrier.png b/htdocs/cashdesk/img/calendrier.png deleted file mode 100644 index 7ac67ea96b3..00000000000 Binary files a/htdocs/cashdesk/img/calendrier.png and /dev/null differ diff --git a/htdocs/cashdesk/img/decrypted.png b/htdocs/cashdesk/img/decrypted.png deleted file mode 100644 index 8d2b4696a2b..00000000000 Binary files a/htdocs/cashdesk/img/decrypted.png and /dev/null differ diff --git a/htdocs/cashdesk/img/gescom.png b/htdocs/cashdesk/img/gescom.png deleted file mode 100644 index 0ec1639335e..00000000000 Binary files a/htdocs/cashdesk/img/gescom.png and /dev/null differ diff --git a/htdocs/cashdesk/img/lock.png b/htdocs/cashdesk/img/lock.png deleted file mode 100644 index 55258949069..00000000000 Binary files a/htdocs/cashdesk/img/lock.png and /dev/null differ diff --git a/htdocs/cashdesk/img/login.png b/htdocs/cashdesk/img/login.png deleted file mode 100644 index 600cb67dd0a..00000000000 Binary files a/htdocs/cashdesk/img/login.png and /dev/null differ diff --git a/htdocs/cashdesk/img/new.png b/htdocs/cashdesk/img/new.png deleted file mode 100644 index ed848a86550..00000000000 Binary files a/htdocs/cashdesk/img/new.png and /dev/null differ diff --git a/htdocs/cashdesk/include/environnement.php b/htdocs/cashdesk/include/environnement.php deleted file mode 100644 index fc67c65ea4c..00000000000 --- a/htdocs/cashdesk/include/environnement.php +++ /dev/null @@ -1,50 +0,0 @@ - - * Copyright (C) 2009-2011 Laurent Destailleur - * Copyright (C) 2011 Juanjo Menent - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -// This file initializes more variables to already initialized variables with main.inc.php -// So include of this file must be always done after include to main.inc.php - -$conf_db_type = $dolibarr_main_db_type; - -// Parametres de connexion a la base -$conf_db_host = $dolibarr_main_db_host; -$conf_db_user = $dolibarr_main_db_user; -$conf_db_pass = $dolibarr_main_db_pass; -$conf_db_base = $dolibarr_main_db_name; - -// Identifiant unique correspondant au tiers generique pour la vente -$conf_fksoc = (!empty($_SESSION["CASHDESK_ID_THIRDPARTY"])) ? $_SESSION["CASHDESK_ID_THIRDPARTY"] : ($conf->global->CASHDESK_ID_THIRDPARTY > 0 ? $conf->global->CASHDESK_ID_THIRDPARTY : 0); -// Identifiant unique correspondant a l'entrepot a utiliser -$conf_fkentrepot = (!empty($_SESSION["CASHDESK_ID_WAREHOUSE"])) ? $_SESSION["CASHDESK_ID_WAREHOUSE"] : ($conf->global->CASHDESK_ID_WAREHOUSE > 0 ? $conf->global->CASHDESK_ID_WAREHOUSE : 0); -if (!empty($conf->global->CASHDESK_NO_DECREASE_STOCK)) { - $conf_fkentrepot = 0; // If option to disable the stock decrease is on, we set warehouse id to 0. -} - -// Identifiant unique correspondant au compte caisse / liquide -$conf_fkaccount_cash = (!empty($_SESSION["CASHDESK_ID_BANKACCOUNT_CASH"])) ? $_SESSION["CASHDESK_ID_BANKACCOUNT_CASH"] : ($conf->global->CASHDESK_ID_BANKACCOUNT_CASH > 0 ? $conf->global->CASHDESK_ID_BANKACCOUNT_CASH : 0); -// Identifiant unique correspondant au compte cheque -$conf_fkaccount_cheque = (!empty($_SESSION["CASHDESK_ID_BANKACCOUNT_CHEQUE"])) ? $_SESSION["CASHDESK_ID_BANKACCOUNT_CHEQUE"] : ($conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE > 0 ? $conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE : 0); -// Identifiant unique correspondant au compte cb -$conf_fkaccount_cb = (!empty($_SESSION["CASHDESK_ID_BANKACCOUNT_CB"])) ? $_SESSION["CASHDESK_ID_BANKACCOUNT_CB"] : ($conf->global->CASHDESK_ID_BANKACCOUNT_CB > 0 ? $conf->global->CASHDESK_ID_BANKACCOUNT_CB : 0); -//var_dump($_SESSION); - - -// View parameters -$conf_taille_listes = (empty($conf->global->PRODUIT_LIMIT_SIZE) ? 1000 : $conf->global->PRODUIT_LIMIT_SIZE); // Number max of lines to show in lists -$conf_nbr_car_listes = 60; // Nombre max de caracteres par ligne dans les listes diff --git a/htdocs/cashdesk/include/keypad.php b/htdocs/cashdesk/include/keypad.php deleted file mode 100644 index 6e4c9c874d6..00000000000 --- a/htdocs/cashdesk/include/keypad.php +++ /dev/null @@ -1,56 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -/** - * Return a string to output a keypad - * - * @param string $keypadname Key pad name - * @param string $formname Form name - * @return string HTML code to show a js keypad. - */ -function genkeypad($keypadname, $formname) -{ - global $conf; - - if (empty($conf->global->CASHDESK_SHOW_KEYPAD)) { - return ''; - } - - // défine the font size of button - $btnsize = 32; - $sz = ''."\n"; - $sz .= '
'."\n"; - $sz .= ''; - return $sz; -} diff --git a/htdocs/cashdesk/index.php b/htdocs/cashdesk/index.php deleted file mode 100644 index a4ee6fa415c..00000000000 --- a/htdocs/cashdesk/index.php +++ /dev/null @@ -1,232 +0,0 @@ - - * Copyright (C) 2011-2017 Juanjo Menent - * Copyright (C) 2011 Laurent Destailleur - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -/** - * \file htdocs/cashdesk/index.php - * \ingroup cashdesk - * \brief File to login to point of sales - */ - -// Set and init common variables -// This include will set: config file variable $dolibarr_xxx, $conf, $langs and $mysoc objects -require_once '../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/product/class/html.formproduct.class.php'; - -// Load translation files required by the page -$langs->loadLangs(array("admin", "cashdesk")); - -// Test if user logged -if ($_SESSION['uid'] > 0) { - header('Location: '.DOL_URL_ROOT.'/cashdesk/affIndex.php'); - exit; -} - -$usertxt = GETPOST('user', '', 1); -$err = GETPOST("err"); - -// Instantiate hooks of thirdparty module only if not already define -$hookmanager->initHooks(array('cashdeskloginpage')); - -if (empty($user->rights->cashdesk->run)) { - accessforbidden(); -} - - -/* - * View - */ - -$form = new Form($db); -$formproduct = new FormProduct($db); - -$arrayofcss = array('/cashdesk/css/style.css'); -top_htmlhead('', '', 0, 0, '', $arrayofcss); - -// Execute hook getLoginPageOptions (for table) -$parameters = array('entity' => GETPOST('entity', 'int')); -$reshook = $hookmanager->executeHooks('getLoginPageOptions', $parameters); // Note that $action and $object may have been modified by some hooks. -if (is_array($hookmanager->resArray) && !empty($hookmanager->resArray)) { - $morelogincontent = $hookmanager->resArray; // (deprecated) For compatibility -} else { - $morelogincontent = $hookmanager->resPrint; -} -?> - - -
-
-
- -
- -
- -
-
- -
-
- -
-
-
- - -'; diff --git a/htdocs/cashdesk/index_verif.php b/htdocs/cashdesk/index_verif.php deleted file mode 100644 index 94e0e7009cf..00000000000 --- a/htdocs/cashdesk/index_verif.php +++ /dev/null @@ -1,126 +0,0 @@ - - * Copyright (C) 2008-2010 Laurent Destailleur - * Copyright (C) 2011 Juanjo Menent - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * - * This page is called after submission of login page. - * We set here login choices into session. - */ - -/** - * \file htdocs/cashdesk/index_verif.php - * \ingroup cashdesk - * \brief index_verif.php - */ - -include '../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/cashdesk/include/environnement.php'; -require_once DOL_DOCUMENT_ROOT.'/cashdesk/class/Auth.class.php'; - -// Load translation files required by the page -$langs->loadLangs(array("admin", "cashdesk")); - -$username = GETPOST("txtUsername"); -$password = GETPOST("pwdPassword"); -$thirdpartyid = (GETPOST('socid', 'int') > 0) ?GETPOST('socid', 'int') : $conf->global->CASHDESK_ID_THIRDPARTY; -$warehouseid = (GETPOST("warehouseid") > 0) ?GETPOST("warehouseid", 'int') : $conf->global->CASHDESK_ID_WAREHOUSE; -$bankid_cash = (GETPOST("CASHDESK_ID_BANKACCOUNT_CASH") > 0) ?GETPOST("CASHDESK_ID_BANKACCOUNT_CASH", 'int') : $conf->global->CASHDESK_ID_BANKACCOUNT_CASH; -$bankid_cheque = (GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE") > 0) ?GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE", 'int') : $conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE; -$bankid_cb = (GETPOST("CASHDESK_ID_BANKACCOUNT_CB") > 0) ?GETPOST("CASHDESK_ID_BANKACCOUNT_CB", 'int') : $conf->global->CASHDESK_ID_BANKACCOUNT_CB; - - -if (empty($user->rights->cashdesk->run)) { - accessforbidden(); -} - - -// Check username -if (empty($username)) { - $retour = $langs->trans("ErrorFieldRequired", $langs->transnoentities("Login")); - header('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username.'&socid='.$thirdpartyid.'&warehouseid='.$warehouseid.'&bankid_cash='.$bankid_cash.'&bankid_cheque='.$bankid_cheque.'&bankid_cb='.$bankid_cb); - exit; -} -// Check third party id -if (!($thirdpartyid > 0)) { - $retour = $langs->trans("ErrorFieldRequired", $langs->transnoentities("CashDeskThirdPartyForSell")); - header('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username.'&socid='.$thirdpartyid.'&warehouseid='.$warehouseid.'&bankid_cash='.$bankid_cash.'&bankid_cheque='.$bankid_cheque.'&bankid_cb='.$bankid_cb); - exit; -} - -// If we setup stock module to ask movement on invoices, we must not allow access if required setup not finished. -if (!empty($conf->stock->enabled) && empty($conf->global->CASHDESK_NO_DECREASE_STOCK) && !($warehouseid > 0)) { - $retour = $langs->trans("CashDeskYouDidNotDisableStockDecease"); - header('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username.'&socid='.$thirdpartyid.'&warehouseid='.$warehouseid.'&bankid_cash='.$bankid_cash.'&bankid_cheque='.$bankid_cheque.'&bankid_cb='.$bankid_cb); - exit; -} - -// If stock decrease on bill validation, check user has stock edit permissions -if (!empty($conf->stock->enabled) && empty($conf->global->CASHDESK_NO_DECREASE_STOCK) && !empty($username)) { - $testuser = new User($db); - $testuser->fetch(0, $username); - $testuser->getrights('stock'); - if (empty($testuser->rights->stock->creer)) { - $retour = $langs->trans("UserNeedPermissionToEditStockToUsePos"); - header('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username.'&socid='.$thirdpartyid.'&warehouseid='.$warehouseid.'&bankid_cash='.$bankid_cash.'&bankid_cheque='.$bankid_cheque.'&bankid_cb='.$bankid_cb); - exit; - } -} - - -// Check password -$auth = new Auth($db); -$retour = $auth->verif($username, $password); - -if ($retour >= 0) { - $return = array(); - - $sql = "SELECT rowid, lastname, firstname"; - $sql .= " FROM ".MAIN_DB_PREFIX."user"; - $sql .= " WHERE login = '".$db->escape($username)."'"; - $sql .= " AND entity IN (0,".$conf->entity.")"; - - $result = $db->query($sql); - if ($result) { - $tab = $db->fetch_array($res); - - foreach ($tab as $key => $value) { - $return[$key] = $value; - } - - $_SESSION['uid'] = $tab['rowid']; - $_SESSION['uname'] = $username; - $_SESSION['lastname'] = $tab['lastname']; - $_SESSION['firstname'] = $tab['firstname']; - $_SESSION['CASHDESK_ID_THIRDPARTY'] = ($thirdpartyid > 0 ? $thirdpartyid : ''); - $_SESSION['CASHDESK_ID_WAREHOUSE'] = ($warehouseid > 0 ? $warehouseid : ''); - - $_SESSION['CASHDESK_ID_BANKACCOUNT_CASH'] = ($bankid_cash > 0 ? $bankid_cash : ''); - $_SESSION['CASHDESK_ID_BANKACCOUNT_CHEQUE'] = ($bankid_cheque > 0 ? $bankid_cheque : ''); - $_SESSION['CASHDESK_ID_BANKACCOUNT_CB'] = ($bankid_cb > 0 ? $bankid_cb : ''); - //var_dump($_SESSION);exit; - - header('Location: '.DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=facturation&id=NOUV'); - exit; - } else { - dol_print_error($db); - } -} else { - // Load translation files required by the page - $langs->loadLangs(array("other", "errors")); - $retour = $langs->trans("ErrorBadLoginPassword"); - header('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username.'&socid='.$thirdpartyid.'&warehouseid='.$warehouseid); - exit; -} diff --git a/htdocs/cashdesk/javascript/dhtml.js b/htdocs/cashdesk/javascript/dhtml.js deleted file mode 100644 index fd15704b318..00000000000 --- a/htdocs/cashdesk/javascript/dhtml.js +++ /dev/null @@ -1,73 +0,0 @@ - -/* Copyright (C) 2007-2008 Jeremie Ollivier - * Copyright (C) 2015 Regis Houssin - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -// Instanciation et initialisation de l'objet xmlhttprequest -function file(fichier) { - - // Instanciation de l'objet pour Mozilla, Konqueror, Opera, Safari, etc ... - if (window.XMLHttpRequest) { - - xhr_object = new XMLHttpRequest (); - - // ... ou pour IE - } else if (window.ActiveXObject) { - - xhr_object = new ActiveXObject ("Microsoft.XMLHTTP"); - - } else { - - return (false); - - } - - xhr_object.open ("GET", fichier, false); - xhr_object.send (null); - - if (xhr_object.readyState == 4) { - - return (xhr_object.responseText); - - } else { - - return (false); - - } - -} - - -// aCible : id du bloc de destination; aCode : argument a passer a la page php chargee du traitement et de l'affichage -function verifResultat(aCible, aCode, iLimit) { - if (aCode != '' && aCode.length >= iLimit) { - - if (texte = file('facturation_dhtml.php?code='+escape(aCode))) { - document.getElementById(aCible).innerHTML = texte; - } else - document.getElementById(aCible).innerHTML = ''; - } - -} - - -// Change dynamiquement la classe de l'element ayant l'id aIdElement pour aClasse -function setStyle(aIdElement, aClasse) { - - aIdElement.className = aClasse; - -} - diff --git a/htdocs/cashdesk/javascript/facturation1.js b/htdocs/cashdesk/javascript/facturation1.js deleted file mode 100644 index b25a1473c53..00000000000 --- a/htdocs/cashdesk/javascript/facturation1.js +++ /dev/null @@ -1,175 +0,0 @@ - -/* Copyright (C) 2007-2008 Jeremie Ollivier - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -// Calcul et affichage en temps reel des informations sur le produit en cours -function modif() { - - var prix_unit = parseFloat ( document.getElementById('frmQte').txtPrixUnit.value ); - var qte = parseFloat ( document.getElementById('frmQte').txtQte.value ); - var _index = parseFloat ( document.getElementById('frmQte').selTva.selectedIndex ); - var tva = parseFloat ( document.getElementById('frmQte').selTva.options[_index].text ); - var remise = parseInt ( document.getElementById('frmQte').txtRemise.value ); - var stock = document.getElementById('frmQte').txtStock.value; - -// // On s'assure que la quantitee tapee ne depasse pas le stock -// if ( qte > stock ) { -// -// qte = stock; -// document.getElementById('frmQte').txtQte.value = qte; -// -// } -// -// if ( qte < 1 ) { -// -// qte = 1; -// document.getElementById('frmQte').txtQte.value = qte; -// -// } -// -// if ( !stock || stock <= 0 ) { -// -// qte = 0; -// document.getElementById('frmQte').txtQte.value = qte; -// -// } - - // Calcul du total HT, sans remise - var total_ht = Math.round ( (prix_unit * qte) * 100 ) / 100; - - // Calcul du montant de la remise, apres s'etre assure que cette derniere ne soit pas negative - if ( remise <= 0 ) { - - document.getElementById('frmQte').txtRemise.value = 0; - montant_remise = 0; - - } else { - - var montant_remise = total_ht * remise / 100; - - } - - // Recalcul du montant total, avec la remise - var total = Math.round ( (total_ht - montant_remise) *100 ) / 100; - - // Affichage du resultat dans le formulaire - document.getElementById('frmQte').txtTotal.value = total.toFixed(2); - -} - -// Affecte la source de la requete (liste deroulante ou champ texte 'ref') au champ cache -function setSource(aSrc) { - - document.getElementById('frmFacturation').hdnSource.value = aSrc; - document.getElementById('frmFacturation').submit(); - -} - -// Verification de la coherence des informations saisies dans le formulaire de choix du nombre d'articles -function verifSaisie() { - - if ( document.getElementById('frmQte').txtQte.value ) { - - return true; - - } else { - - document.getElementById('frmQte').txtQte.focus(); - return false; - - } - -} - -// Verification de la coherence des informations saisies dans le formulaire de calcul de la difference -function verifDifference() { - - var du = parseFloat ( document.getElementById('frmDifference').txtDu.value ); - var encaisse = parseFloat ( document.getElementById('frmDifference').txtEncaisse.value ); - - if (encaisse > du) { - - resultat = Math.round ( (encaisse - du) * 100 ) / 100; - document.getElementById('frmDifference').txtRendu.value = resultat.toFixed(2); - - } else if (encaisse == du) { - - document.getElementById('frmDifference').txtRendu.value = '0'; - - } else { - - document.getElementById('frmDifference').txtRendu.value = '-'; - - } - -} - -// Affecte le moyen de paiement (ESP, CB ou CHQ) au champ cache en fonction du bouton clique -function verifClic(aChoix) { - - document.getElementById('frmDifference').hdnChoix.value = aChoix; - -} - -// Determination du moyen de paiement, et validation du formulaire si les donnees sont coherentes -function verifReglement() { - - var choix = document.getElementById('frmDifference').hdnChoix.value; - var du = parseFloat (document.getElementById('frmDifference').txtDu.value); - var encaisse = parseFloat (document.getElementById('frmDifference').txtEncaisse.value); - - if ( du > 0 ) { - - if ( choix == 'ESP' ) { - - if ( encaisse != 0 && encaisse >= du ) { - - return true; - - } else { - - document.getElementById('frmDifference').txtEncaisse.select(); - document.getElementById('frmDifference').txtEncaisse.focus(); - return false; - - } - - } else if ( choix == 'DIF' ) { - - if ( document.getElementById('frmDifference').txtDatePaiement.value ) { - - return true; - - } else { - - document.getElementById('frmDifference').txtDatePaiement.select(); - document.getElementById('frmDifference').txtDatePaiement.focus(); - return false; - - } - - } else { - - return true; - - } - - } else { - - return false; - - } -} diff --git a/htdocs/cashdesk/javascript/keypad.js b/htdocs/cashdesk/javascript/keypad.js deleted file mode 100644 index 48d8491e8bc..00000000000 --- a/htdocs/cashdesk/javascript/keypad.js +++ /dev/null @@ -1,36 +0,0 @@ -/* Copyright (C) 2014 Charles-FR BENKE - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -function closekeypad(keypadname) -{ - document.getElementById('keypad'+keypadname).style.display='none'; - document.getElementById('closekeypad'+keypadname).style.display='none'; - document.getElementById('openkeypad'+keypadname).style.display='inline-block'; -} -function openkeypad(keypadname) -{ - document.getElementById('keypad'+keypadname).style.display='inline-block'; - document.getElementById('closekeypad'+keypadname).style.display='inline-block'; - document.getElementById('openkeypad'+keypadname).style.display='none'; -} -function addvalue(keypadname, formname, valueToAdd) -{ - myform=document.forms[formname]; - if (myform.elements[keypadname].value=="0") - myform.elements[keypadname].value=""; - myform.elements[keypadname].value+=valueToAdd; - modif(); -} diff --git a/htdocs/cashdesk/tpl/facturation1.tpl.php b/htdocs/cashdesk/tpl/facturation1.tpl.php deleted file mode 100644 index 41a0f0b757e..00000000000 --- a/htdocs/cashdesk/tpl/facturation1.tpl.php +++ /dev/null @@ -1,225 +0,0 @@ - - * Copyright (C) 2011 Laurent Destailleur - * Copyright (C) 2011 Juanjo Menent - * Copyright (C) 2015 Regis Houssin - * Copyright (C) 2018 Frédéric France - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * - */ - -// Protection to avoid direct call of template -if (empty($langs) || !is_object($langs)) { - print "Error, template page can't be called as URL"; - exit; -} - -// Load translation files required by the page -$langs->loadLangs(array("main", "bills", "cashdesk")); - -// Object $form must de defined - -?> - - - - - - -
trans("Article"); ?> -
- - - - - - - - - - - - -
trans("FilterRefOrLabelOrBC"); ?>trans("Designation"); ?>
- - -
-
- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
trans("Qty"); ?>trans("PriceUHT"); ?>trans("Discount"); ?> (%)trans("VATRate"); ?>
- - - - - vatrate; // To get vat rate we just have selected - - $buyer = new Societe($db); - if ($_SESSION["CASHDESK_ID_THIRDPARTY"] > 0) { - $buyer->fetch($_SESSION["CASHDESK_ID_THIRDPARTY"]); - } - echo $form->load_tva('selTva', (GETPOSTISSET("selTva") ? GETPOST("selTva", 'alpha', 2) : $vatrate), $mysoc, $buyer, 0, 0, '', false, -1); - ?> -
trans("Stock"); ?> - - trans("TotalHT"); ?>
- - " /> -
-
- - -
- - -
trans("Amount"); ?> - - - - - - - - - - - -
trans("TotalTicket"); ?>trans("Received"); ?>trans("Change"); ?>
- -
-
- -
trans("PaymentMode"); ?> -
- '; - if (empty($_SESSION['CASHDESK_ID_BANKACCOUNT_CASH']) || $_SESSION['CASHDESK_ID_BANKACCOUNT_CASH'] < 0) { - $langs->load("errors"); - print 'transnoentitiesnoconv("CashDesk"))).'" />'; - } else { - print ''; - } - print '
'; - print '
'; - if (empty($_SESSION['CASHDESK_ID_BANKACCOUNT_CB']) || $_SESSION['CASHDESK_ID_BANKACCOUNT_CB'] < 0) { - $langs->load("errors"); - print 'transnoentitiesnoconv("CashDesk"))).'" />'; - } else { - print ''; - } - print '
'; - print '
'; - if (empty($_SESSION['CASHDESK_ID_BANKACCOUNT_CHEQUE']) || $_SESSION['CASHDESK_ID_BANKACCOUNT_CHEQUE'] < 0) { - $langs->load("errors"); - print 'transnoentitiesnoconv("CashDesk")).'" />'; - } else { - print ''; - } - print '
'; - print '
'; - print '
'; - ?> - " onclick="javascript: verifClic('DIF');" /> - trans("DateDue").' :'; - print $form->selectDate(-1, 'txtDatePaiement', 0, 0, 0, 'paymentmode', 1, 0); - print '
'; - ?> -
-
-
- - diff --git a/htdocs/cashdesk/tpl/liste_articles.tpl.php b/htdocs/cashdesk/tpl/liste_articles.tpl.php deleted file mode 100644 index 74be200945f..00000000000 --- a/htdocs/cashdesk/tpl/liste_articles.tpl.php +++ /dev/null @@ -1,73 +0,0 @@ - - * Copyright (C) 2011 Juanjo Menent - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * - */ - -// Protection to avoid direct call of template -if (empty($langs) || !is_object($langs)) { - print "Error, template page can't be called as URL"; - exit; -} - - -require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; -require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php'; - -// Load translation files required by the page -$langs->loadLangs(array("main", "bills", "cashdesk")); - -?> - -
-
- -

trans("ShoppingCart"); ?>

- -fetch($thirdpartyid); -/** end add Ditto */ - -$tab = (!empty($_SESSION['poscart']) ? $_SESSION['poscart'] : array()); - -$tab_size = count($tab); -if ($tab_size <= 0) { - print '
'.$langs->trans("NoArticle").'

'; -} else { - for ($i = 0; $i < $tab_size; $i++) { - echo ('
'."\n"); - echo ('

'.$tab[$i]['ref'].' - '.$tab[$i]['label'].'

'."\n"); - - if ($tab[$i]['remise_percent'] > 0) { - $remise_percent = ' -'.$tab[$i]['remise_percent'].'%'; - } else { - $remise_percent = ''; - } - - $remise = $tab[$i]['remise']; - - echo ('

'.$tab[$i]['qte'].' x '.price2num($tab[$i]['price'], 'MT').$remise_percent.' = '.price(price2num($tab[$i]['total_ht'], 'MT'), 0, $langs, 0, 0, -1, $conf->currency).' '.$langs->trans("HT").' ('.price(price2num($tab[$i]['total_ttc'], 'MT'), 0, $langs, 0, 0, -1, $conf->currency).' '.$langs->trans("TTC").')

'."\n"); - echo ('
'."\n"); - } -} - -echo ('

'.$langs->trans("Total").' : '.price(price2num($total_ttc, 'MT'), 0, $langs, 0, 0, -1, $conf->currency).'

'."\n"); - -?>
-
diff --git a/htdocs/cashdesk/tpl/menu.tpl.php b/htdocs/cashdesk/tpl/menu.tpl.php deleted file mode 100644 index 67891aa67cf..00000000000 --- a/htdocs/cashdesk/tpl/menu.tpl.php +++ /dev/null @@ -1,90 +0,0 @@ - - * Copyright (C) 2008-2010 Laurent Destailleur - * Copyright (C) 2009 Regis Houssin - * Copyright (C) 2017 Juanjo Menent - * Copyright (C) 2012 Marcos García - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -// Protection to avoid direct call of template -if (empty($langs) || !is_object($langs)) { - print "Error, template page can't be called as URL"; - exit; -} - - -include_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; -include_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'; -include_once DOL_DOCUMENT_ROOT.'/product/stock/class/entrepot.class.php'; - -/*if (!empty($_SESSION["CASHDESK_ID_THIRDPARTY"])) -{ - $company=new Societe($db); - $company->fetch($_SESSION["CASHDESK_ID_THIRDPARTY"]); - $companyLink = $company->getNomUrl(1); -}*/ -if (!empty($_SESSION["CASHDESK_ID_BANKACCOUNT_CASH"])) { - $bankcash = new Account($db); - $bankcash->fetch($_SESSION["CASHDESK_ID_BANKACCOUNT_CASH"]); - $bankcash->label = $bankcash->ref; - $bankcashLink = $bankcash->getNomUrl(1); -} -if (!empty($_SESSION["CASHDESK_ID_BANKACCOUNT_CB"])) { - $bankcb = new Account($db); - $bankcb->fetch($_SESSION["CASHDESK_ID_BANKACCOUNT_CB"]); - $bankcbLink = $bankcb->getNomUrl(1); -} -if (!empty($_SESSION["CASHDESK_ID_BANKACCOUNT_CHEQUE"])) { - $bankcheque = new Account($db); - $bankcheque->fetch($_SESSION["CASHDESK_ID_BANKACCOUNT_CHEQUE"]); - $bankchequeLink = $bankcheque->getNomUrl(1); -} -if (!empty($_SESSION["CASHDESK_ID_WAREHOUSE"]) && !empty($conf->stock->enabled)) { - $warehouse = new Entrepot($db); - $warehouse->fetch($_SESSION["CASHDESK_ID_WAREHOUSE"]); - $warehouseLink = $warehouse->getNomUrl(1); -} - -// Load translation files required by the page -$langs->loadLangs(array("main", "cashdesk")); - -print "\n".''."\n"; -print '
'; -print '
    '; -// Link to new sell -print '
  • '.$langs->trans("NewSell").'
    • '; -// Open new tab on backoffice (this is not a disconnect from POS) -print '
  • '.$langs->trans("BackOffice").'
    • '; -// Disconnect -print '
  • '.$langs->trans("User").': '.$_SESSION['firstname'].' '.$_SESSION['lastname'].'
    '; -print '
    '.img_picto($langs->trans('Logout'), 'logout.png').'
    '; -print '
    '; -print $langs->trans("CashDeskThirdParty").': '; -print $form->select_company($_SESSION["CASHDESK_ID_THIRDPARTY"], 'CASHDESK_ID_THIRDPARTY', '(s.client IN (1,3) AND s.status = 1)', '', 0, 0, null, 0, 'valignmiddle inline-block'); -print ''; -//print $companyLink; -print '
    '; -print '
    '; -/*print $langs->trans("CashDeskBankCash").': '.$bankcashLink.'
    '; -print $langs->trans("CashDeskBankCB").': '.$bankcbLink.'
    '; -print $langs->trans("CashDeskBankCheque").': '.$bankchequeLink.'
    ';*/ -print '
    '; -if (!empty($_SESSION["CASHDESK_ID_WAREHOUSE"]) && !empty($conf->stock->enabled) && empty($conf->global->CASHDESK_NO_DECREASE_STOCK)) { - print $langs->trans("CashDeskWarehouse").': '.$warehouseLink; -} -print '
'; -print '
'; -print "\n".''."\n"; diff --git a/htdocs/cashdesk/tpl/ticket.tpl.php b/htdocs/cashdesk/tpl/ticket.tpl.php deleted file mode 100644 index 9220e3daad4..00000000000 --- a/htdocs/cashdesk/tpl/ticket.tpl.php +++ /dev/null @@ -1,119 +0,0 @@ - - * Copyright (C) 2011 Laurent Destailleur - * Copyright (C) 2012 Marcos García - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -// Protection to avoid direct call of template -if (empty($langs) || !is_object($langs)) { - print "Error, template page can't be called as URL"; - exit; -} - - -include_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; - -// Load translation files required by the page -$langs->loadLangs(array("main", "cashdesk")); - -top_httphead('text/html'); - -$facid = GETPOST('facid', 'int'); -$object = new Facture($db); -$object->fetch($facid); - -?> - - - <?php echo $langs->trans('PrintTicket') ?> - - - - - -
- -
-

name; ?>
-
-

- -

'; - print $object->ref; - ?>

-
-
- -
- - - - - - - - - - - - - - - - - - - - - - -
trans("Code"); ?>trans("Label"); ?>trans("Qty"); ?>trans("Discount").' (%)'; ?>trans("TotalHT"); ?>
currency); ?>
- - - - - - - - - - - - -
trans("TotalHT"); ?>amountWithoutTax(), 'MT'), '', $langs, 0, -1, -1, $conf->currency)."\n"; ?>
trans("TotalVAT").''.price(price2num($obj_facturation->amountVat(), 'MT'), '', $langs, 0, -1, -1, $conf->currency)."\n"; ?>
trans("TotalTTC").''.price(price2num($obj_facturation->amountWithTax(), 'MT'), '', $langs, 0, -1, -1, $conf->currency)."\n"; ?>
- - - -trans("Close"); ?> - - diff --git a/htdocs/cashdesk/tpl/validation1.tpl.php b/htdocs/cashdesk/tpl/validation1.tpl.php deleted file mode 100644 index c2a9124f300..00000000000 --- a/htdocs/cashdesk/tpl/validation1.tpl.php +++ /dev/null @@ -1,118 +0,0 @@ - - * Copyright (C) 2011 Juanjo Menent - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -// Protection to avoid direct call of template -if (empty($langs) || !is_object($langs)) { - print "Error, template page can't be called as URL"; - exit; -} - -// Load translation files required by the page -$langs->loadLangs(array("main", "bills", "banks")); - -// Object $form must de defined - -?> - -
trans("Summary"); ?> - - - - - -amountVat()) { - echo (''); -} else { - echo (''); -} -?> - - - -getsetPaymentMode() == 'DIF') { - echo (''); -} else { - echo (''); -} - -// Affichage du montant rendu (reglement en especes) -if ($obj_facturation->amountReturned()) { - echo (''); -} - -?> - -
trans("Invoice"); ?>numInvoice(); ?>
trans("TotalHT"); ?>amountWithoutTax(), 'MT'), 0, $langs, 0, 0, -1, $conf->currency); ?>
'.$langs->trans("VAT").''.price(price2num($obj_facturation->amountVat(), 'MT'), 0, $langs, 0, 0, -1, $conf->currency).'
'.$langs->trans("VAT").''.$langs->trans("NoVAT").'
trans("TotalTTC"); ?> amountWithTax(), 'MT'), 0, $langs, 0, 0, -1, $conf->currency); ?>
trans("PaymentMode"); ?> - getSetPaymentMode()) { - case 'ESP': - echo $langs->trans("Cash"); - $filtre = 'courant=2'; - if (!empty($_SESSION["CASHDESK_ID_BANKACCOUNT_CASH"])) { - $selected = $_SESSION["CASHDESK_ID_BANKACCOUNT_CASH"]; - } - break; - case 'CB': - echo $langs->trans("CreditCard"); - $filtre = 'courant=1'; - if (!empty($_SESSION["CASHDESK_ID_BANKACCOUNT_CB"])) { - $selected = $_SESSION["CASHDESK_ID_BANKACCOUNT_CB"]; - } - break; - case 'CHQ': - echo $langs->trans("Cheque"); - $filtre = 'courant=1'; - if (!empty($_SESSION["CASHDESK_ID_BANKACCOUNT_CHEQUE"])) { - $selected = $_SESSION["CASHDESK_ID_BANKACCOUNT_CHEQUE"]; - } - break; - case 'DIF': - echo $langs->trans("Reported"); - $filtre = 'courant=1 OR courant=2'; - $selected = ''; - break; - default: - $filtre = 'courant=1 OR courant=2'; - $selected = ''; - } - - ?> -
'.$langs->trans("DateDue").''.$obj_facturation->paiementLe().'
'.$langs->trans("Received").''.price(price2num($obj_facturation->amountCollected(), 'MT'), 0, $langs, 0, 0, -1, $conf->currency).'
'.$langs->trans("Change").''.price(price2num($obj_facturation->amountReturned(), 'MT'), 0, $langs, 0, 0, -1, $conf->currency).'
- -
- -

- trans("BankToPay")."
"; - $form->select_comptes($selected, 'cashdeskbank', 0, $filtre); - ?> -

-

trans("Notes"); ?>

- -
" />
-
trans("RestartSelling"); ?> -
-
- - - -
diff --git a/htdocs/cashdesk/tpl/validation2.tpl.php b/htdocs/cashdesk/tpl/validation2.tpl.php deleted file mode 100644 index d89edfdc41a..00000000000 --- a/htdocs/cashdesk/tpl/validation2.tpl.php +++ /dev/null @@ -1,57 +0,0 @@ - - * Copyright (C) 2012 Marcos García - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * - */ - -// Protection to avoid direct call of template -if (empty($langs) || !is_object($langs)) { - print "Error, template page can't be called as URL"; - exit; -} - -// Load translation files required by the page -$langs->loadLangs(array("main", "bills")); - -?> - -
- -
-

trans("SellFinished"); ?>


- - - -

trans("ShowInvoice"); ?>

-
-

trans("PrintTicket"); ?>

- -
-
-
- diff --git a/htdocs/cashdesk/validation.php b/htdocs/cashdesk/validation.php deleted file mode 100644 index 799283f602a..00000000000 --- a/htdocs/cashdesk/validation.php +++ /dev/null @@ -1,27 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -/** - * \file htdocs/cashdesk/validation.php - * \ingroup cashdesk - * \brief validation.php - */ - -$form = new Form($db); - -// Affichage des templates -require 'tpl/validation1.tpl.php'; diff --git a/htdocs/cashdesk/validation_ok.php b/htdocs/cashdesk/validation_ok.php deleted file mode 100644 index 124d47a1e04..00000000000 --- a/htdocs/cashdesk/validation_ok.php +++ /dev/null @@ -1,25 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -/** - * \file htdocs/cashdesk/validation_ok.php - * \ingroup cashdesk - * \brief validation_ok.php - */ - -// Affichage des templates -require 'tpl/validation2.tpl.php'; diff --git a/htdocs/cashdesk/validation_ticket.php b/htdocs/cashdesk/validation_ticket.php deleted file mode 100644 index 5fcf017ada1..00000000000 --- a/htdocs/cashdesk/validation_ticket.php +++ /dev/null @@ -1,50 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -/** - * \file htdocs/cashdesk/validation_ticket.php - * \ingroup cashdesk - * \brief validation_ticket.php - */ - -require '../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/cashdesk/include/environnement.php'; -require_once DOL_DOCUMENT_ROOT.'/cashdesk/class/Facturation.class.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php'; - -if (empty($user->rights->cashdesk->run)) { - accessforbidden(); -} - - -/* - * Actions - */ - -$obj_facturation = unserialize($_SESSION['serObjFacturation']); -unset($_SESSION['serObjFacturation']); - -$hookmanager->initHooks(array('cashdeskTplTicket')); - -$parameters = array(); -$reshook = $hookmanager->executeHooks('doActions', $parameters, $obj_facturation); -if (empty($reshook)) { - require 'tpl/ticket.tpl.php'; -} - - -$_SESSION['serObjFacturation'] = serialize($obj_facturation); diff --git a/htdocs/cashdesk/validation_verif.php b/htdocs/cashdesk/validation_verif.php deleted file mode 100644 index 0c9758d9a29..00000000000 --- a/htdocs/cashdesk/validation_verif.php +++ /dev/null @@ -1,361 +0,0 @@ - - * Copyright (C) 2008-2009 Laurent Destailleur - * Copyright (C) 2011 Juanjo Menent - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -/** - * \file htdocs/cashdesk/validation_verif.php - * \ingroup cashdesk - * \brief validation_verif.php - */ - -require '../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/cashdesk/include/environnement.php'; -require_once DOL_DOCUMENT_ROOT.'/cashdesk/class/Facturation.class.php'; -require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; -require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'; -require_once DOL_DOCUMENT_ROOT.'/compta/paiement/class/paiement.class.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; - -$obj_facturation = unserialize($_SESSION['serObjFacturation']); - -$action = GETPOST('action', 'aZ09'); -$bankaccountid = GETPOST('cashdeskbank'); - -if (empty($user->rights->cashdesk->run)) { - accessforbidden(); -} - - -/* - * Actions - */ - -switch ($action) { - default: - $redirection = DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=validation'; - break; - - case 'validate_sell': - $thirdpartyid = $_SESSION['CASHDESK_ID_THIRDPARTY']; - - $company = new Societe($db); - $company->fetch($thirdpartyid); - - $invoice = new Facture($db); - $invoice->date = dol_now(); - $invoice->type = Facture::TYPE_STANDARD; - - // To use a specific numbering module for POS, reset $conf->global->FACTURE_ADDON and other vars here - // and restore values just after - $sav_FACTURE_ADDON = ''; - if (!empty($conf->global->POS_ADDON)) { - $sav_FACTURE_ADDON = $conf->global->FACTURE_ADDON; - $conf->global->FACTURE_ADDON = $conf->global->POS_ADDON; - - // To force prefix only for POS with terre module - if (!empty($conf->global->POS_NUMBERING_TERRE_FORCE_PREFIX)) { - $conf->global->INVOICE_NUMBERING_TERRE_FORCE_PREFIX = $conf->global->POS_NUMBERING_TERRE_FORCE_PREFIX; - } - // To force prefix only for POS with mars module - if (!empty($conf->global->POS_NUMBERING_MARS_FORCE_PREFIX)) { - $conf->global->INVOICE_NUMBERING_MARS_FORCE_PREFIX = $conf->global->POS_NUMBERING_MARS_FORCE_PREFIX; - } - // To force rule only for POS with mercure - //... - } - - $num = $invoice->getNextNumRef($company); - - // Restore save values - if (!empty($sav_FACTURE_ADDON)) { - $conf->global->FACTURE_ADDON = $sav_FACTURE_ADDON; - } - - $obj_facturation->numInvoice($num); - - $obj_facturation->getSetPaymentMode($_POST['hdnChoix']); - - // Si paiement autre qu'en especes, montant encaisse = prix total - $mode_reglement = $obj_facturation->getSetPaymentMode(); - if ($mode_reglement != 'ESP') { - $montant = $obj_facturation->amountWithTax(); - } else { - $montant = $_POST['txtEncaisse']; - } - - if ($mode_reglement != 'DIF') { - $obj_facturation->amountCollected($montant); - - //Determination de la somme rendue - $total = $obj_facturation->amountWithTax(); - $encaisse = $obj_facturation->amountCollected(); - - $obj_facturation->amountReturned($encaisse - $total); - } else { - //$txtDatePaiement=$_POST['txtDatePaiement']; - $datePaiement = dol_mktime(0, 0, 0, $_POST['txtDatePaiementmonth'], $_POST['txtDatePaiementday'], $_POST['txtDatePaiementyear']); - $txtDatePaiement = dol_print_date($datePaiement, 'dayrfc'); - $obj_facturation->paiementLe($txtDatePaiement); - } - - $redirection = 'affIndex.php?menutpl=validation'; - break; - - - case 'retour': - $redirection = 'affIndex.php?menutpl=facturation'; - break; - - - case 'validate_invoice': - $now = dol_now(); - - // Recuperation de la date et de l'heure - $date = dol_print_date($now, 'day'); - $heure = dol_print_date($now, 'hour'); - - $note = ''; - if (!is_object($obj_facturation)) { - dol_print_error('', 'Empty context'); - exit; - } - - switch ($obj_facturation->getSetPaymentMode()) { - case 'DIF': - $mode_reglement_id = 0; - //$cond_reglement_id = dol_getIdFromCode($db,'RECEP','cond_reglement','code','rowid') - $cond_reglement_id = 0; - break; - case 'ESP': - $mode_reglement_id = dol_getIdFromCode($db, 'LIQ', 'c_paiement', 'code', 'id', 1); - $cond_reglement_id = 0; - $note .= $langs->trans("Cash")."\n"; - $note .= $langs->trans("Received").' : '.$obj_facturation->amountCollected()." ".$conf->currency."\n"; - $note .= $langs->trans("Rendu").' : '.$obj_facturation->amountReturned()." ".$conf->currency."\n"; - $note .= "\n"; - $note .= '--------------------------------------'."\n\n"; - break; - case 'CB': - $mode_reglement_id = dol_getIdFromCode($db, 'CB', 'c_paiement', 'code', 'id', 1); - $cond_reglement_id = 0; - break; - case 'CHQ': - $mode_reglement_id = dol_getIdFromCode($db, 'CHQ', 'c_paiement', 'code', 'id', 1); - $cond_reglement_id = 0; - break; - } - if (empty($mode_reglement_id)) { - $mode_reglement_id = 0; // If mode_reglement_id not found - } - if (empty($cond_reglement_id)) { - $cond_reglement_id = 0; // If cond_reglement_id not found - } - $note .= GETPOST('txtaNotes', 'alphanohtml'); - dol_syslog("obj_facturation->getSetPaymentMode()=".$obj_facturation->getSetPaymentMode()." mode_reglement_id=".$mode_reglement_id." cond_reglement_id=".$cond_reglement_id); - - $error = 0; - - - $db->begin(); - - $user->fetch($_SESSION['uid']); - $user->getrights(); - - $thirdpartyid = $_SESSION['CASHDESK_ID_THIRDPARTY']; - $societe = new Societe($db); - $societe->fetch($thirdpartyid); - - $invoice = new Facture($db); - - // Get content of cart - $tab_liste = $_SESSION['poscart']; - - // Loop on each line into cart - $tab_liste_size = count($tab_liste); - for ($i = 0; $i < $tab_liste_size; $i++) { - $tmp = getTaxesFromId($tab_liste[$i]['fk_tva']); - $vat_rate = $tmp['rate']; - $vat_npr = $tmp['npr']; - $vat_src_code = $tmp['code']; - - $invoiceline = new FactureLigne($db); - $invoiceline->fk_product = $tab_liste[$i]['fk_article']; - $invoiceline->desc = $tab_liste[$i]['label']; - $invoiceline->qty = $tab_liste[$i]['qte']; - $invoiceline->remise_percent = $tab_liste[$i]['remise_percent']; - $invoiceline->price = $tab_liste[$i]['price']; - $invoiceline->subprice = $tab_liste[$i]['price']; - - $invoiceline->tva_tx = empty($vat_rate) ? 0 : $vat_rate; // works even if vat_rate is '' - $invoiceline->info_bits = empty($vat_npr) ? 0 : $vat_npr; - $invoiceline->vat_src_code = $vat_src_code; - - $invoiceline->total_ht = $tab_liste[$i]['total_ht']; - $invoiceline->total_ttc = $tab_liste[$i]['total_ttc']; - $invoiceline->total_tva = $tab_liste[$i]['total_vat']; - $invoiceline->total_localtax1 = $tab_liste[$i]['total_localtax1']; - $invoiceline->total_localtax2 = $tab_liste[$i]['total_localtax2']; - - $invoice->lines[] = $invoiceline; - } - - $invoice->socid = $conf_fksoc; - $invoice->date_creation = $now; - $invoice->date = $now; - $invoice->date_lim_reglement = 0; - $invoice->total_ht = $obj_facturation->amountWithoutTax(); - $invoice->total_tva = $obj_facturation->amountVat(); - $invoice->total_ttc = $obj_facturation->amountWithTax(); - $invoice->note_private = $note; - $invoice->cond_reglement_id = $cond_reglement_id; - $invoice->mode_reglement_id = $mode_reglement_id; - $invoice->module_source = 'cashdesk'; - $invoice->pos_source = '0'; - //print "c=".$invoice->cond_reglement_id." m=".$invoice->mode_reglement_id; exit; - - // Si paiement differe ... - if ($obj_facturation->getSetPaymentMode() == 'DIF') { - $resultcreate = $invoice->create($user, 0, dol_stringtotime($obj_facturation->paiementLe())); - if ($resultcreate > 0) { - $warehouseidtodecrease = (isset($_SESSION["CASHDESK_ID_WAREHOUSE"]) ? $_SESSION["CASHDESK_ID_WAREHOUSE"] : 0); - if (!empty($conf->global->CASHDESK_NO_DECREASE_STOCK)) { - $warehouseidtodecrease = 0; // If a particular stock is defined, we disable choice - } - - $resultvalid = $invoice->validate($user, $obj_facturation->numInvoice(), 0); - - if ($warehouseidtodecrease > 0) { - // Decrease - require_once DOL_DOCUMENT_ROOT.'/product/stock/class/mouvementstock.class.php'; - $langs->load("agenda"); - // Loop on each line - $cpt = count($invoice->lines); - for ($i = 0; $i < $cpt; $i++) { - if ($invoice->lines[$i]->fk_product > 0) { - $mouvP = new MouvementStock($db); - $mouvP->origin = &$invoice; - // We decrease stock for product - if ($invoice->type == $invoice::TYPE_CREDIT_NOTE) { - $result = $mouvP->reception($user, $invoice->lines[$i]->fk_product, $warehouseidtodecrease, $invoice->lines[$i]->qty, $invoice->lines[$i]->subprice, $langs->trans("InvoiceValidatedInDolibarrFromPos", $invoice->newref)); - } else { - $result = $mouvP->livraison($user, $invoice->lines[$i]->fk_product, $warehouseidtodecrease, $invoice->lines[$i]->qty, $invoice->lines[$i]->subprice, $langs->trans("InvoiceValidatedInDolibarrFromPos", $invoice->newref)); - } - if ($result < 0) { - $error++; - } - } - } - } - } else { - setEventMessages($invoice->error, $invoice->errors, 'errors'); - $error++; - } - - $id = $invoice->id; - } else { - $resultcreate = $invoice->create($user, 0, 0); - if ($resultcreate > 0) { - $warehouseidtodecrease = (isset($_SESSION["CASHDESK_ID_WAREHOUSE"]) ? $_SESSION["CASHDESK_ID_WAREHOUSE"] : 0); - if (!empty($conf->global->CASHDESK_NO_DECREASE_STOCK)) { - $warehouseidtodecrease = 0; // If a particular stock is defined, we disable choice - } - - $resultvalid = $invoice->validate($user, $obj_facturation->numInvoice(), 0); - - if ($warehouseidtodecrease > 0) { - // Decrease - require_once DOL_DOCUMENT_ROOT.'/product/stock/class/mouvementstock.class.php'; - $langs->load("agenda"); - // Loop on each line - $cpt = count($invoice->lines); - for ($i = 0; $i < $cpt; $i++) { - if ($invoice->lines[$i]->fk_product > 0) { - $mouvP = new MouvementStock($db); - $mouvP->origin = &$invoice; - // We decrease stock for product - if ($invoice->type == $invoice::TYPE_CREDIT_NOTE) { - $result = $mouvP->reception($user, $invoice->lines[$i]->fk_product, $warehouseidtodecrease, $invoice->lines[$i]->qty, $invoice->lines[$i]->subprice, $langs->trans("InvoiceValidatedInDolibarrFromPos", $invoice->newref)); - } else { - $result = $mouvP->livraison($user, $invoice->lines[$i]->fk_product, $warehouseidtodecrease, $invoice->lines[$i]->qty, $invoice->lines[$i]->subprice, $langs->trans("InvoiceValidatedInDolibarrFromPos", $invoice->newref)); - } - if ($result < 0) { - setEventMessages($mouvP->error, $mouvP->errors, 'errors'); - $error++; - } - } - } - } - - $id = $invoice->id; - - // Add the payment - $payment = new Paiement($db); - $payment->datepaye = $now; - $payment->amounts[$invoice->id] = $obj_facturation->amountWithTax(); - $payment->note_public = $langs->trans("Payment").' '.$langs->trans("Invoice").' '.$obj_facturation->numInvoice(); - $payment->paiementid = $invoice->mode_reglement_id; - $payment->num_paiement = ''; - $payment->num_payment = ''; - - $paiement_id = $payment->create($user); - if ($paiement_id > 0) { - if (!$error) { - $result = $payment->addPaymentToBank($user, 'payment', '(CustomerInvoicePayment)', $bankaccountid, '', ''); - if (!$result > 0) { - $errmsg = $paiement->error; - $error++; - } - } - - if (!$error) { - if ($invoice->total_ttc == $obj_facturation->amountWithTax() - && $obj_facturation->getSetPaymentMode() != 'DIFF') { - // We set status to paid - $result = $invoice->setPaid($user); - //print 'set paid';exit; - } - } - } else { - setEventMessages($invoice->error, $invoice->errors, 'errors'); - $error++; - } - } else { - setEventMessages($invoice->error, $invoice->errors, 'errors'); - $error++; - } - } - - - if (!$error) { - $db->commit(); - $redirection = 'affIndex.php?menutpl=validation_ok&facid='.$id; // Ajout de l'id de la facture, pour l'inclure dans un lien pointant directement vers celle-ci dans Dolibarr - } else { - $db->rollback(); - $redirection = 'affIndex.php?facid='.$id.'&error=1&mesg=ErrorFailedToCreateInvoice'; // Ajout de l'id de la facture, pour l'inclure dans un lien pointant directement vers celle-ci dans Dolibarr - } - break; - - // End of case: validate_invoice -} - -unset($_SESSION['serObjFacturation']); - -$_SESSION['serObjFacturation'] = serialize($obj_facturation); - -header('Location: '.$redirection); -exit; diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index bb70b520fa1..ba5515149d4 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -455,7 +455,7 @@ class Categorie extends CommonObject $sql .= ($this->socid > 0 ? $this->socid : 'null').", "; } $sql .= "'".$this->db->escape($this->visible)."', "; - $sql .= $this->db->escape($type).", "; + $sql .= ((int) $type).", "; $sql .= (!empty($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : 'null').", "; $sql .= (!empty($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'" : 'null').", "; $sql .= (int) $conf->entity.", "; @@ -547,7 +547,7 @@ class Categorie extends CommonObject $sql .= ", visible = ".(int) $this->visible; $sql .= ", fk_parent = ".(int) $this->fk_parent; $sql .= ", fk_user_modif = ".(int) $user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); if ($this->db->query($sql)) { @@ -613,7 +613,7 @@ class Categorie extends CommonObject if (!$error) { $sql = "UPDATE ".MAIN_DB_PREFIX."categorie"; $sql .= " SET fk_parent = ".((int) $this->fk_parent); - $sql .= " WHERE fk_parent = ".$this->id; + $sql .= " WHERE fk_parent = ".((int) $this->id); if (!$this->db->query($sql)) { $this->error = $this->db->lasterror(); @@ -634,7 +634,7 @@ class Categorie extends CommonObject ); foreach ($arraydelete as $key => $value) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$key; - $sql .= " WHERE ".$value." = ".$this->id; + $sql .= " WHERE ".$value." = ".((int) $this->id); if (!$this->db->query($sql)) { $this->errors[] = $this->db->lasterror(); dol_syslog("Error sql=".$sql." ".$this->error, LOG_ERR); @@ -687,13 +687,13 @@ class Categorie extends CommonObject $sql = "INSERT INTO ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]); $sql .= " (fk_categorie, fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type]).")"; - $sql .= " VALUES (".$this->id.", ".$obj->id.")"; + $sql .= " VALUES (".((int) $this->id).", ".((int) $obj->id).")"; dol_syslog(get_class($this).'::add_type', LOG_DEBUG); if ($this->db->query($sql)) { if (!empty($conf->global->CATEGORIE_RECURSIV_ADD)) { $sql = 'SELECT fk_parent FROM '.MAIN_DB_PREFIX.'categorie'; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::add_type", LOG_DEBUG); $resql = $this->db->query($sql); @@ -781,7 +781,7 @@ class Categorie extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]); - $sql .= " WHERE fk_categorie = ".$this->id; + $sql .= " WHERE fk_categorie = ".((int) $this->id); $sql .= " AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $obj->id); dol_syslog(get_class($this).'::del_type', LOG_DEBUG); @@ -833,11 +833,11 @@ class Categorie extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type])." as c"; $sql .= ", ".MAIN_DB_PREFIX.(empty($this->MAP_OBJ_TABLE[$type]) ? $type : $this->MAP_OBJ_TABLE[$type])." as o"; $sql .= " WHERE o.entity IN (".getEntity($obj->element).")"; - $sql .= " AND c.fk_categorie = ".$this->id; + $sql .= " AND c.fk_categorie = ".((int) $this->id); $sql .= " AND c.fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = o.rowid"; // Protection for external users if (($type == 'customer' || $type == 'supplier') && $user->socid > 0) { - $sql .= " AND o.rowid = ".$user->socid; + $sql .= " AND o.rowid = ".((int) $user->socid); } if ($limit > 0 || $offset > 0) { $sql .= $this->db->plimit($limit + 1, $offset); @@ -877,7 +877,7 @@ class Categorie extends CommonObject public function containsObject($type, $object_id) { $sql = "SELECT COUNT(*) as nb FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]); - $sql .= " WHERE fk_categorie = ".$this->id." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $object_id); + $sql .= " WHERE fk_categorie = ".((int) $this->id)." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $object_id); dol_syslog(get_class($this)."::containsObject", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -924,12 +924,11 @@ class Categorie extends CommonObject $idoftype = array_search($type, self::$MAP_ID_TO_CODE); $sql = "SELECT s.rowid"; - $sql .= " FROM ".MAIN_DB_PREFIX."categorie as s"; - $sql .= " , ".MAIN_DB_PREFIX."categorie_".$sub_type." as sub "; + $sql .= " FROM ".MAIN_DB_PREFIX."categorie as s, ".MAIN_DB_PREFIX."categorie_".$sub_type." as sub"; $sql .= ' WHERE s.entity IN ('.getEntity('category').')'; $sql .= ' AND s.type='.((int) $idoftype); $sql .= ' AND s.rowid = sub.fk_categorie'; - $sql .= ' AND sub.'.$subcol_name.' = '.((int) $id); + $sql .= " AND sub.".$subcol_name." = ".((int) $id); $sql .= $this->db->order($sortfield, $sortorder); @@ -1002,7 +1001,7 @@ class Categorie extends CommonObject { // phpcs:enable $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."categorie"; - $sql .= " WHERE fk_parent = ".$this->id; + $sql .= " WHERE fk_parent = ".((int) $this->id); $sql .= " AND entity IN (".getEntity('category').")"; $res = $this->db->query($sql); @@ -1408,7 +1407,7 @@ class Categorie extends CommonObject $parents = array(); $sql = "SELECT fk_parent FROM ".MAIN_DB_PREFIX."categorie"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $res = $this->db->query($sql); @@ -1508,7 +1507,7 @@ class Categorie extends CommonObject $sql .= " WHERE ct.fk_categorie = c.rowid AND ct.fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".(int) $id; // This seems useless because the table already contains id of category of 1 unique type. So commented. // So now it works also with external added categories. - //$sql .= " AND c.type = ".$this->MAP_ID[$type]; + //$sql .= " AND c.type = ".((int) $this->MAP_ID[$type]); $sql .= " AND c.entity IN (".getEntity('category').")"; $res = $this->db->query($sql); @@ -1803,7 +1802,7 @@ class Categorie extends CommonObject foreach ($langs_available as $key => $value) { $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."categorie_lang"; - $sql .= " WHERE fk_category=".$this->id; + $sql .= " WHERE fk_category=".((int) $this->id); $sql .= " AND lang = '".$this->db->escape($key)."'"; $result = $this->db->query($sql); @@ -1811,13 +1810,13 @@ class Categorie extends CommonObject if ($key == $current_lang) { if ($this->db->num_rows($result)) { // si aucune ligne dans la base $sql2 = "UPDATE ".MAIN_DB_PREFIX."categorie_lang"; - $sql2 .= " SET label='".$this->db->escape($this->label)."',"; - $sql2 .= " description='".$this->db->escape($this->description)."'"; - $sql2 .= " WHERE fk_category=".$this->id." AND lang='".$this->db->escape($key)."'"; + $sql2 .= " SET label = '".$this->db->escape($this->label)."',"; + $sql2 .= " description = '".$this->db->escape($this->description)."'"; + $sql2 .= " WHERE fk_category = ".((int) $this->id)." AND lang = '".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."categorie_lang (fk_category, lang, label, description)"; - $sql2 .= " VALUES(".$this->id.",'".$key."','".$this->db->escape($this->label); - $sql2 .= "','".$this->db->escape($this->multilangs["$key"]["description"])."')"; + $sql2 .= " VALUES(".((int) $this->id).", '".$this->db->escape($key)."', '".$this->db->escape($this->label)."'"; + $sql2 .= ", '".$this->db->escape($this->multilangs["$key"]["description"])."')"; } dol_syslog(get_class($this).'::setMultiLangs', LOG_DEBUG); if (!$this->db->query($sql2)) { @@ -1829,11 +1828,11 @@ class Categorie extends CommonObject $sql2 = "UPDATE ".MAIN_DB_PREFIX."categorie_lang"; $sql2 .= " SET label='".$this->db->escape($this->multilangs["$key"]["label"])."',"; $sql2 .= " description='".$this->db->escape($this->multilangs["$key"]["description"])."'"; - $sql2 .= " WHERE fk_category=".$this->id." AND lang='".$this->db->escape($key)."'"; + $sql2 .= " WHERE fk_category=".((int) $this->id)." AND lang='".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."categorie_lang (fk_category, lang, label, description)"; - $sql2 .= " VALUES(".$this->id.",'".$key."','".$this->db->escape($this->multilangs["$key"]["label"]); - $sql2 .= "','".$this->db->escape($this->multilangs["$key"]["description"])."')"; + $sql2 .= " VALUES(".((int) $this->id).", '".$this->db->escape($key)."', '".$this->db->escape($this->multilangs["$key"]["label"])."'"; + $sql2 .= ",'".$this->db->escape($this->multilangs["$key"]["description"])."')"; } // on ne sauvegarde pas des champs vides @@ -1871,7 +1870,7 @@ class Categorie extends CommonObject $sql = "SELECT lang, label, description"; $sql .= " FROM ".MAIN_DB_PREFIX."categorie_lang"; - $sql .= " WHERE fk_category=".$this->id; + $sql .= " WHERE fk_category=".((int) $this->id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/categories/traduction.php b/htdocs/categories/traduction.php index cd5d7ad8214..80f64210bf5 100644 --- a/htdocs/categories/traduction.php +++ b/htdocs/categories/traduction.php @@ -274,11 +274,7 @@ if ($action == 'edit') { print '
'; - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } elseif ($action != 'add') { @@ -334,11 +330,7 @@ if ($action == 'add' && ($user->rights->produit->creer || $user->rights->service print ''; print ''; - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index 245f90edf72..e5bbc5d676f 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -591,10 +591,10 @@ if (empty($reshook) && $action == 'update') { $sql .= " FROM ".MAIN_DB_PREFIX."element_resources as er"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."resource as r ON r.rowid = er.resource_id AND er.resource_type = 'dolresource'"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm as ac ON ac.id = er.element_id AND er.element_type = '".$db->escape($object->element)."'"; - $sql .= " WHERE ac.id != ".$object->id; + $sql .= " WHERE ac.id <> ".((int) $object->id); $sql .= " AND er.resource_id IN ("; $sql .= " SELECT resource_id FROM ".MAIN_DB_PREFIX."element_resources"; - $sql .= " WHERE element_id = ".$object->id; + $sql .= " WHERE element_id = ".((int) $object->id); $sql .= " AND element_type = '".$db->escape($object->element)."'"; $sql .= " AND busy = 1"; $sql .= ")"; @@ -770,10 +770,10 @@ if (empty($reshook) && GETPOST('actionmove', 'alpha') == 'mupdate') { $sql .= " FROM ".MAIN_DB_PREFIX."element_resources as er"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."resource as r ON r.rowid = er.resource_id AND er.resource_type = 'dolresource'"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm as ac ON ac.id = er.element_id AND er.element_type = '".$db->escape($object->element)."'"; - $sql .= " WHERE ac.id != ".$object->id; + $sql .= " WHERE ac.id <> ".((int) $object->id); $sql .= " AND er.resource_id IN ("; $sql .= " SELECT resource_id FROM ".MAIN_DB_PREFIX."element_resources"; - $sql .= " WHERE element_id = ".$object->id; + $sql .= " WHERE element_id = ".((int) $object->id); $sql .= " AND element_type = '".$db->escape($object->element)."'"; $sql .= " AND busy = 1"; $sql .= ")"; @@ -1185,9 +1185,9 @@ if ($action == 'create') { print ''.$langs->trans("Project").''; print img_picto('', 'project', 'class="pictofixedwidth"'); - print $formproject->select_projects((!empty($societe->id) ? $societe->id : -1), $projectid, 'projectid', 0, 0, 1, 1, 0, 0, 0, '', 1, 0, 'maxwidth500 widthcentpercentminusxx'); + print $formproject->select_projects((empty($societe->id) ? '' : $societe->id), $projectid, 'projectid', 0, 0, 1, 1, 0, 0, 0, '', 1, 0, 'maxwidth500 widthcentpercentminusxx'); - print ' '; + print ' '; print ''; $urloption = '?action=create&donotclearsession=1'; $url = dol_buildpath('comm/action/card.php', 2).$urloption; @@ -1317,15 +1317,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - if (empty($backtopage)) { - print ''; - } else { - print ''; - } - print '
'; + print $form->buttonsSaveCancel("Add"); print ""; } @@ -1804,11 +1796,7 @@ if ($id > 0) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } else { diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index bbf86d87c59..df73c6a70f7 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -542,18 +542,18 @@ class ActionComm extends CommonObject $sql .= (isset($this->type_id) ? $this->type_id : "null").","; $sql .= ($code ? ("'".$this->db->escape($code)."'") : "null").", "; $sql .= (!empty($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'" : "null").", "; - $sql .= ((isset($this->socid) && $this->socid > 0) ? $this->socid : "null").", "; - $sql .= ((isset($this->fk_project) && $this->fk_project > 0) ? $this->fk_project : "null").", "; + $sql .= ((isset($this->socid) && $this->socid > 0) ? ((int) $this->socid) : "null").", "; + $sql .= ((isset($this->fk_project) && $this->fk_project > 0) ? ((int) $this->fk_project) : "null").", "; $sql .= " '".$this->db->escape($this->note_private)."', "; - $sql .= ((isset($this->contact_id) && $this->contact_id > 0) ? $this->contact_id : "null").", "; // deprecated, use ->socpeopleassigned + $sql .= ((isset($this->contact_id) && $this->contact_id > 0) ? ((int) $this->contact_id) : "null").", "; // deprecated, use ->socpeopleassigned $sql .= (isset($user->id) && $user->id > 0 ? $user->id : "null").", "; $sql .= ($userownerid > 0 ? $userownerid : "null").", "; $sql .= ($userdoneid > 0 ? $userdoneid : "null").", "; $sql .= "'".$this->db->escape($this->label)."','".$this->db->escape($this->percentage)."','".$this->db->escape($this->priority)."','".$this->db->escape($this->fulldayevent)."','".$this->db->escape($this->location)."', "; $sql .= "'".$this->db->escape($this->transparency)."', "; - $sql .= (!empty($this->fk_element) ? $this->fk_element : "null").", "; + $sql .= (!empty($this->fk_element) ? ((int) $this->fk_element) : "null").", "; $sql .= (!empty($this->elementtype) ? "'".$this->db->escape($this->elementtype)."'" : "null").", "; - $sql .= $conf->entity.","; + $sql .= ((int) $conf->entity).","; $sql .= (!empty($this->extraparams) ? "'".$this->db->escape($this->extraparams)."'" : "null").", "; // Fields emails $sql .= (!empty($this->email_msgid) ? "'".$this->db->escape($this->email_msgid)."'" : "null").", "; @@ -585,15 +585,18 @@ class ActionComm extends CommonObject //dol_syslog(var_export($this->userassigned, true)); $already_inserted = array(); foreach ($this->userassigned as $key => $val) { - if (!is_array($val)) { // For backward compatibility when val=id + // Common value with new behavior is to have $val = array('id'=>iduser, 'transparency'=>0|1) and $this->userassigned is an array of iduser => $val. + if (!is_array($val)) { // For backward compatibility when $val='id'. $val = array('id'=>$val); } if ($val['id'] > 0) { - if (!empty($already_inserted[$val['id']])) continue; + if (!empty($already_inserted[$val['id']])) { + continue; + } $sql = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element, mandatory, transparency, answer_status)"; - $sql .= " VALUES(".$this->id.", 'user', ".$val['id'].", ".(empty($val['mandatory']) ? '0' : $val['mandatory']).", ".(empty($val['transparency']) ? '0' : $val['transparency']).", ".(empty($val['answer_status']) ? '0' : $val['answer_status']).")"; + $sql .= " VALUES(".((int) $this->id).", 'user', ".((int) $val['id']).", ".(empty($val['mandatory']) ? '0' : ((int) $val['mandatory'])).", ".(empty($val['transparency']) ? '0' : ((int) $val['transparency'])).", ".(empty($val['answer_status']) ? '0' : ((int) $val['answer_status'])).")"; $resql = $this->db->query($sql); if (!$resql) { @@ -612,10 +615,13 @@ class ActionComm extends CommonObject if (!empty($this->socpeopleassigned)) { $already_inserted = array(); foreach ($this->socpeopleassigned as $id => $val) { - if (!empty($already_inserted[$val['id']])) continue; + // Common value with new behavior is to have $val = iduser and $this->socpeopleassigned is an array of iduser => $val. + if (!empty($already_inserted[$id])) { + continue; + } $sql = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element, mandatory, transparency, answer_status)"; - $sql .= " VALUES(".$this->id.", 'socpeople', ".$id.", 0, 0, 0)"; + $sql .= " VALUES(".((int) $this->id).", 'socpeople', ".((int) $id).", 0, 0, 0)"; $resql = $this->db->query($sql); if (!$resql) { @@ -623,7 +629,7 @@ class ActionComm extends CommonObject dol_syslog('Error to process socpeopleassigned: ' . $this->db->lasterror(), LOG_ERR); $this->errors[] = $this->db->lasterror(); } else { - $already_inserted[$val['id']] = true; + $already_inserted[$id] = true; } } } @@ -875,7 +881,7 @@ class ActionComm extends CommonObject $sql = 'SELECT fk_actioncomm, element_type, fk_element, answer_status, mandatory, transparency'; $sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm_resources'; - $sql .= ' WHERE fk_actioncomm = '.$this->id; + $sql .= ' WHERE fk_actioncomm = '.((int) $this->id); $sql .= " AND element_type IN ('user', 'socpeople')"; $resql = $this->db->query($sql); if ($resql) { @@ -919,7 +925,7 @@ class ActionComm extends CommonObject // phpcs:enable $sql = "SELECT fk_actioncomm, element_type, fk_element, answer_status, mandatory, transparency"; $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm_resources"; - $sql .= " WHERE element_type = 'user' AND fk_actioncomm = ".$this->id; + $sql .= " WHERE element_type = 'user' AND fk_actioncomm = ".((int) $this->id); $resql2 = $this->db->query($sql); if ($resql2) { @@ -973,7 +979,7 @@ class ActionComm extends CommonObject // remove categorie association if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_actioncomm"; - $sql .= " WHERE fk_actioncomm=".$this->id; + $sql .= " WHERE fk_actioncomm=".((int) $this->id); $res = $this->db->query($sql); if (!$res) { @@ -985,7 +991,7 @@ class ActionComm extends CommonObject // remove actioncomm_resources if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources"; - $sql .= " WHERE fk_actioncomm=".$this->id; + $sql .= " WHERE fk_actioncomm=".((int) $this->id); $res = $this->db->query($sql); if (!$res) { @@ -996,7 +1002,7 @@ class ActionComm extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_reminder"; - $sql .= " WHERE fk_actioncomm = ".$this->id; + $sql .= " WHERE fk_actioncomm = ".((int) $this->id); $res = $this->db->query($sql); if (!$res) { @@ -1017,7 +1023,7 @@ class ActionComm extends CommonObject // remove actioncomm if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm"; - $sql .= " WHERE id=".$this->id; + $sql .= " WHERE id=".((int) $this->id); $res = $this->db->query($sql); if (!$res) { @@ -1159,7 +1165,7 @@ class ActionComm extends CommonObject // Now insert assignedusers if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".$this->id." AND element_type = 'user'"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".((int) $this->id)." AND element_type = 'user'"; $resql = $this->db->query($sql); $already_inserted = array(); @@ -1170,7 +1176,7 @@ class ActionComm extends CommonObject if (!empty($already_inserted[$val['id']])) continue; $sql = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element, mandatory, transparency, answer_status)"; - $sql .= " VALUES(".$this->id.", 'user', ".$val['id'].", ".(empty($val['mandatory']) ? '0' : $val['mandatory']).", ".(empty($val['transparency']) ? '0' : $val['transparency']).", ".(empty($val['answer_status']) ? '0' : $val['answer_status']).")"; + $sql .= " VALUES(".((int) $this->id).", 'user', ".((int) $val['id']).", ".(empty($val['mandatory']) ? '0' : ((int) $val['mandatory'])).", ".(empty($val['transparency']) ? '0' : ((int) $val['transparency'])).", ".(empty($val['answer_status']) ? '0' : ((int) $val['answer_status'])).")"; $resql = $this->db->query($sql); if (!$resql) { @@ -1184,7 +1190,7 @@ class ActionComm extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".$this->id." AND element_type = 'socpeople'"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".((int) $this->id)." AND element_type = 'socpeople'"; $resql = $this->db->query($sql); if (!empty($this->socpeopleassigned)) { @@ -1193,7 +1199,7 @@ class ActionComm extends CommonObject if (!empty($already_inserted[$val['id']])) continue; $sql = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element, mandatory, transparency, answer_status)"; - $sql .= " VALUES(".$this->id.", 'socpeople', ".$id.", 0, 0, 0)"; + $sql .= " VALUES(".((int) $this->id).", 'socpeople', ".((int) $id).", 0, 0, 0)"; $resql = $this->db->query($sql); if (!$resql) { @@ -1320,7 +1326,7 @@ class ActionComm extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc"; } if (!$user->rights->agenda->allactions->read) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_resources AS ar ON a.id = ar.fk_actioncomm AND ar.element_type ='user' AND ar.fk_element = ".$user->id; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_resources AS ar ON a.id = ar.fk_actioncomm AND ar.element_type ='user' AND ar.fk_element = ".((int) $user->id); } $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid"; $sql .= " WHERE 1 = 1"; @@ -1329,14 +1335,14 @@ class ActionComm extends CommonObject } $sql .= " AND a.entity IN (".getEntity('agenda').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($user->socid) { - $sql .= " AND a.fk_soc = ".$user->socid; + $sql .= " AND a.fk_soc = ".((int) $user->socid); } if (!$user->rights->agenda->allactions->read) { - $sql .= " AND (a.fk_user_author = ".$user->id." OR a.fk_user_action = ".$user->id." OR a.fk_user_done = ".$user->id; - $sql .= " OR ar.fk_element = ".$user->id; // Added by PV + $sql .= " AND (a.fk_user_author = ".((int) $user->id)." OR a.fk_user_action = ".((int) $user->id)." OR a.fk_user_done = ".((int) $user->id); + $sql .= " OR ar.fk_element = ".((int) $user->id); $sql .= ")"; } @@ -2226,7 +2232,7 @@ class ActionComm extends CommonObject //Select all action comm reminders for event $sql = "SELECT rowid as id, typeremind, dateremind, status, offsetvalue, offsetunit, fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm_reminder"; - $sql .= " WHERE fk_actioncomm = ".$this->id; + $sql .= " WHERE fk_actioncomm = ".((int) $this->id); if ($onlypast) { $sql .= " AND dateremind <= '".$this->db->idate(dol_now())."'"; } diff --git a/htdocs/comm/action/document.php b/htdocs/comm/action/document.php index eb1ac59cfe0..4c4d44c3a6e 100644 --- a/htdocs/comm/action/document.php +++ b/htdocs/comm/action/document.php @@ -108,6 +108,8 @@ $help_url = 'EN:Module_Agenda_En|FR:Module_Agenda|ES:M&omodulodulo_Agenda'; llxHeader('', $langs->trans("Agenda"), $help_url); +$now = dol_now(); +$delay_warning = $conf->global->MAIN_DELAY_ACTIONS_TODO * 24 * 60 * 60; if ($object->id > 0) { $result1 = $object->fetch($id); @@ -135,9 +137,6 @@ if ($object->id > 0) { $head = actions_prepare_head($object); - $now = dol_now(); - $delay_warning = $conf->global->MAIN_DELAY_ACTIONS_TODO * 24 * 60 * 60; - print dol_get_fiche_head($head, 'documents', $langs->trans("Action"), -1, 'action'); $linkback = img_picto($langs->trans("BackToList"), 'object_list', 'class="hideonsmartphone pictoactionview"'); diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index c87af9558e8..769a966eb8e 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -59,6 +59,8 @@ if (empty($filtert) && empty($conf->global->AGENDA_ALL_CALENDARS)) { $filtert = $user->id; } +$newparam = ''; + $sortfield = GETPOST("sortfield", 'alpha'); $sortorder = GETPOST("sortorder", 'alpha'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); @@ -525,6 +527,7 @@ $viewmode .= ''; // To add a space before t $newcardbutton = ''; +$newparam = ''; if ($user->rights->agenda->myactions->create || $user->rights->agenda->allactions->create) { $tmpforcreatebutton = dol_getdate(dol_now(), true); @@ -689,7 +692,7 @@ if ($pid) { $sql .= " AND a.fk_project=".((int) $pid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($socid > 0) { $sql .= ' AND a.fk_soc = '.$socid; @@ -875,7 +878,7 @@ if ($showbirthday) { // Add events in array $sql = 'SELECT sp.rowid, sp.lastname, sp.firstname, sp.birthday'; $sql .= ' FROM '.MAIN_DB_PREFIX.'socpeople as sp'; - $sql .= ' WHERE (priv=0 OR (priv=1 AND fk_user_creat='.$user->id.'))'; + $sql .= ' WHERE (priv=0 OR (priv=1 AND fk_user_creat='.((int) $user->id).'))'; $sql .= " AND sp.entity IN (".getEntity('socpeople').")"; if ($action == 'show_day') { $sql .= ' AND MONTH(birthday) = '.((int) $month); diff --git a/htdocs/comm/action/list.php b/htdocs/comm/action/list.php index 9c587a934e2..95d882f8076 100644 --- a/htdocs/comm/action/list.php +++ b/htdocs/comm/action/list.php @@ -381,7 +381,7 @@ $sql .= " sp.lastname, sp.firstname, sp.email, sp.phone, sp.address, sp.phone as // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } @@ -447,7 +447,7 @@ if ($pid) { $sql .= " AND a.fk_project=".((int) $pid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($socid > 0) { $sql .= " AND s.rowid = ".((int) $socid); @@ -517,526 +517,543 @@ $parameters = array(); $reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters); // Note that $action and $object may have been modified by hook $sql .= $hookmanager->resPrint; -$sql .= $db->order($sortfield, $sortorder); - +// Count total nb of records $nbtotalofrecords = ''; if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) { - // TODO Set and use an optimized request in $sqlforcount with no fields and no useless join to caluclate nb of records - $result = $db->query($sql); - $nbtotalofrecords = $db->num_rows($result); + /* This old and fast method to get and count full list returns all record so use a high amount of memory. + $resql = $db->query($sql); + $nbtotalofrecords = $db->num_rows($resql); + */ + /* The slow method does not consume memory on mysql (not tested on pgsql) */ + /*$resql = $db->query($sql, 0, 'auto', 1); + while ($db->fetch_object($resql)) { + $nbtotalofrecords++; + }*/ + /* This fast and low memory method to get and count full list converts the sql into a sql count */ + $sqlforcount = preg_replace('/^SELECT[a-z0-9\._\s\(\),]+FROM/i', 'SELECT COUNT(*) as nbtotalofrecords FROM', $sql); + $resql = $db->query($sqlforcount); + $objforcount = $db->fetch_object($resql); + $nbtotalofrecords = $objforcount->nbtotalofrecords; if (($page * $limit) > $nbtotalofrecords) { // if total resultset is smaller then paging size (filtering), goto and load page 0 $page = 0; $offset = 0; } + $db->free($resql); } -$sql .= $db->plimit($limit + 1, $offset); -//print $sql; +// Complete request and execute it with limit +$sql .= $db->order($sortfield, $sortorder); +if ($limit) { + $sql .= $db->plimit($limit + 1, $offset); +} -dol_syslog("comm/action/list.php", LOG_DEBUG); $resql = $db->query($sql); -if ($resql) { - $actionstatic = new ActionComm($db); - $societestatic = new Societe($db); +if (!$resql) { + dol_print_error($db); + exit; +} - $num = $db->num_rows($resql); +$num = $db->num_rows($resql); - $arrayofselected = is_array($toselect) ? $toselect : array(); - // Local calendar - $newtitle = '
'; - $newtitle .= ' '.$langs->trans("LocalAgenda").'   '; - $newtitle .= '
'; - //$newtitle=$langs->trans($title); +$actionstatic = new ActionComm($db); +$societestatic = new Societe($db); - $tabactive = 'cardlist'; +$num = $db->num_rows($resql); - $head = calendars_prepare_head($param); +$arrayofselected = is_array($toselect) ? $toselect : array(); - print '
'."\n"; +// Local calendar +$newtitle = '
'; +$newtitle .= ' '.$langs->trans("LocalAgenda").'   '; +$newtitle .= '
'; +//$newtitle=$langs->trans($title); - if ($optioncss != '') { - print ''; - } - print ''; - print ''; - print ''; - print ''; - print ''; - $nav = ''; +$tabactive = 'cardlist'; - if ($filter) { - $nav .= ''; - } - if ($showbirthday) { - $nav .= ''; - } - print $nav; +$head = calendars_prepare_head($param); - //print dol_get_fiche_head($head, $tabactive, $langs->trans('Agenda'), 0, 'action'); - //print_actions_filter($form, $canedit, $search_status, $year, $month, $day, $showbirthday, 0, $filtert, 0, $pid, $socid, $action, -1, $actioncode, $usergroup, '', $resourceid); - //print dol_get_fiche_end(); +print ''."\n"; - // Add link to show birthdays - /* - $link = ''; - if (empty($conf->use_javascript_ajax)) - { - $newparam=$param; // newparam is for birthday links - $newparam=preg_replace('/showbirthday=[0-1]/i','showbirthday='.(empty($showbirthday)?1:0),$newparam); - if (! preg_match('/showbirthday=/i',$newparam)) $newparam.='&showbirthday=1'; - $link=''; - if (empty($showbirthday)) $link.=$langs->trans("AgendaShowBirthdayEvents"); - else $link.=$langs->trans("AgendaHideBirthdayEvents"); - $link.=''; - } - */ +if ($optioncss != '') { + print ''; +} +print ''; +print ''; +print ''; +print ''; +print ''; +$nav = ''; - $s = $newtitle; +if ($filter) { + $nav .= ''; +} +if ($showbirthday) { + $nav .= ''; +} +print $nav; - // Calendars from hooks - $parameters = array(); $object = null; - $reshook = $hookmanager->executeHooks('addCalendarChoice', $parameters, $object, $action); - if (empty($reshook)) { - $s .= $hookmanager->resPrint; - } elseif ($reshook > 1) { - $s = $hookmanager->resPrint; +//print dol_get_fiche_head($head, $tabactive, $langs->trans('Agenda'), 0, 'action'); +//print_actions_filter($form, $canedit, $search_status, $year, $month, $day, $showbirthday, 0, $filtert, 0, $pid, $socid, $action, -1, $actioncode, $usergroup, '', $resourceid); +//print dol_get_fiche_end(); + +// Add link to show birthdays +/* +$link = ''; +if (empty($conf->use_javascript_ajax)) +{ + $newparam=$param; // newparam is for birthday links + $newparam=preg_replace('/showbirthday=[0-1]/i','showbirthday='.(empty($showbirthday)?1:0),$newparam); + if (! preg_match('/showbirthday=/i',$newparam)) $newparam.='&showbirthday=1'; + $link=''; + if (empty($showbirthday)) $link.=$langs->trans("AgendaShowBirthdayEvents"); + else $link.=$langs->trans("AgendaHideBirthdayEvents"); + $link.=''; +} +*/ + +$s = $newtitle; + +// Calendars from hooks +$parameters = array(); $object = null; +$reshook = $hookmanager->executeHooks('addCalendarChoice', $parameters, $object, $action); +if (empty($reshook)) { + $s .= $hookmanager->resPrint; +} elseif ($reshook > 1) { + $s = $hookmanager->resPrint; +} + +$viewmode = ''; +$viewmode .= ''; +//$viewmode .= ''; +$viewmode .= img_picto($langs->trans("List"), 'object_list', 'class="pictoactionview block"'); +//$viewmode .= ''; +$viewmode .= ''.$langs->trans("ViewList").''; + +$viewmode .= ''; +//$viewmode .= ''; +$viewmode .= img_picto($langs->trans("ViewCal"), 'object_calendarmonth', 'class="pictoactionview block"'); +//$viewmode .= ''; +$viewmode .= ''.$langs->trans("ViewCal").''; + +$viewmode .= ''; +//$viewmode .= ''; +$viewmode .= img_picto($langs->trans("ViewWeek"), 'object_calendarweek', 'class="pictoactionview block"'); +//$viewmode .= ''; +$viewmode .= ''.$langs->trans("ViewWeek").''; + +$viewmode .= ''; +//$viewmode .= ''; +$viewmode .= img_picto($langs->trans("ViewDay"), 'object_calendarday', 'class="pictoactionview block"'); +//$viewmode .= ''; +$viewmode .= ''.$langs->trans("ViewDay").''; + +$viewmode .= ''; +//$viewmode .= ''; +$viewmode .= img_picto($langs->trans("ViewPerUser"), 'object_calendarperuser', 'class="pictoactionview block"'); +//$viewmode .= ''; +$viewmode .= ''.$langs->trans("ViewPerUser").''; + +$viewmode .= ''; + +// Add more views from hooks +$parameters = array(); $object = null; +$reshook = $hookmanager->executeHooks('addCalendarView', $parameters, $object, $action); +if (empty($reshook)) { + $viewmode .= $hookmanager->resPrint; +} elseif ($reshook > 1) { + $viewmode = $hookmanager->resPrint; +} + +$tmpforcreatebutton = dol_getdate(dol_now(), true); + +$newparam .= '&month='.str_pad($month, 2, "0", STR_PAD_LEFT).'&year='.$tmpforcreatebutton['year']; + +//$param='month='.$monthshown.'&year='.$year; +$hourminsec = '100000'; + +$url = DOL_URL_ROOT.'/comm/action/card.php?action=create'; +$url .= '&datep='.sprintf("%04d%02d%02d", $tmpforcreatebutton['year'], $tmpforcreatebutton['mon'], $tmpforcreatebutton['mday']).$hourminsec; +$url .= '&backtopage='.urlencode($_SERVER["PHP_SELF"].($newparam ? '?'.$newparam : '')); + +$newcardbutton = dolGetButtonTitle($langs->trans('AddAction'), '', 'fa fa-plus-circle', $url, '', $user->rights->agenda->myactions->create || $user->rights->agenda->allactions->create); + +$param .= '&action='.$action; + +print_barre_liste($langs->trans("Agenda"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, -1 * $nbtotalofrecords, 'object_action', 0, $nav.$newcardbutton, '', $limit, 0, 0, 1, $viewmode); + +print $s; + +$objecttmp = new ActionComm($db); +include DOL_DOCUMENT_ROOT.'/core/tpl/massactions_pre.tpl.php'; + +$moreforfilter = ''; + +$varpage = empty($contextpage) ? $_SERVER["PHP_SELF"] : $contextpage; +$selectedfields = $form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage); // This also change content of $arrayfields +if ($massactionbutton) { + $selectedfields .= $form->showCheckAddButtons('checkforselect', 1); +} +$i = 0; + +print '
'; +print_actions_filter($form, $canedit, $search_status, $year, $month, $day, $showbirthday, 0, $filtert, 0, $pid, $socid, $action, -1, $actioncode, $usergroup, '', $resourceid); +print '
'; + +print '
'; +print ''."\n"; + +print ''; +if (!empty($arrayfields['a.id']['checked'])) { + print ''; +} +if (!empty($arrayfields['owner']['checked'])) { + print ''; +} +if (!empty($arrayfields['c.libelle']['checked'])) { + print ''; +} +if (!empty($arrayfields['a.label']['checked'])) { + print ''; +} +if (!empty($arrayfields['a.note']['checked'])) { + print ''; +} +if (!empty($arrayfields['a.datep']['checked'])) { + print ''; +} +if (!empty($arrayfields['a.datep2']['checked'])) { + print ''; +} +if (!empty($arrayfields['s.nom']['checked'])) { + print ''; +} +if (!empty($arrayfields['a.fk_contact']['checked'])) { + print ''; +} +if (!empty($arrayfields['a.fk_element']['checked'])) { + print ''; +} + +// Extra fields +include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_input.tpl.php'; + +// Fields from hook +$parameters = array('arrayfields'=>$arrayfields); +$reshook = $hookmanager->executeHooks('printFieldListOption', $parameters); // Note that $action and $object may have been modified by hook +print $hookmanager->resPrint; + +if (!empty($arrayfields['a.datec']['checked'])) { + print ''; +} +if (!empty($arrayfields['a.tms']['checked'])) { + print ''; +} +if (!empty($arrayfields['a.percent']['checked'])) { + print ''; +} +// Action column +print ''; +print "\n"; + +print ''; +if (!empty($arrayfields['a.id']['checked'])) { + print_liste_field_titre($arrayfields['a.id']['label'], $_SERVER["PHP_SELF"], "a.id", $param, "", "", $sortfield, $sortorder); +} +if (!empty($arrayfields['owner']['checked'])) { + print_liste_field_titre($arrayfields['owner']['label'], $_SERVER["PHP_SELF"], "", $param, "", "", $sortfield, $sortorder); +} +if (!empty($arrayfields['c.libelle']['checked'])) { + print_liste_field_titre($arrayfields['c.libelle']['label'], $_SERVER["PHP_SELF"], "c.libelle", $param, "", "", $sortfield, $sortorder); +} +if (!empty($arrayfields['a.label']['checked'])) { + print_liste_field_titre($arrayfields['a.label']['label'], $_SERVER["PHP_SELF"], "a.label", $param, "", "", $sortfield, $sortorder); +} +if (!empty($arrayfields['a.note']['checked'])) { + print_liste_field_titre($arrayfields['a.note']['label'], $_SERVER["PHP_SELF"], "a.note", $param, "", "", $sortfield, $sortorder); +} +//if (! empty($conf->global->AGENDA_USE_EVENT_TYPE)) +if (!empty($arrayfields['a.datep']['checked'])) { + print_liste_field_titre($arrayfields['a.datep']['label'], $_SERVER["PHP_SELF"], "a.datep,a.id", $param, '', 'align="center"', $sortfield, $sortorder); +} +if (!empty($arrayfields['a.datep2']['checked'])) { + print_liste_field_titre($arrayfields['a.datep2']['label'], $_SERVER["PHP_SELF"], "a.datep2", $param, '', 'align="center"', $sortfield, $sortorder); +} +if (!empty($arrayfields['s.nom']['checked'])) { + print_liste_field_titre($arrayfields['s.nom']['label'], $_SERVER["PHP_SELF"], "s.nom", $param, "", "", $sortfield, $sortorder); +} +if (!empty($arrayfields['a.fk_contact']['checked'])) { + print_liste_field_titre($arrayfields['a.fk_contact']['label'], $_SERVER["PHP_SELF"], "", $param, "", "", $sortfield, $sortorder); +} +if (!empty($arrayfields['a.fk_element']['checked'])) { + print_liste_field_titre($arrayfields['a.fk_element']['label'], $_SERVER["PHP_SELF"], "", $param, "", "", $sortfield, $sortorder); +} + +// Extra fields +include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_title.tpl.php'; + +// Hook fields +$parameters = array('arrayfields'=>$arrayfields, 'param'=>$param, 'sortfield'=>$sortfield, 'sortorder'=>$sortorder); +$reshook = $hookmanager->executeHooks('printFieldListTitle', $parameters); // Note that $action and $object may have been modified by hook +print $hookmanager->resPrint; + +if (!empty($arrayfields['a.datec']['checked'])) { + print_liste_field_titre($arrayfields['a.datec']['label'], $_SERVER["PHP_SELF"], "a.datec,a.id", $param, "", 'align="center"', $sortfield, $sortorder); +} +if (!empty($arrayfields['a.tms']['checked'])) { + print_liste_field_titre($arrayfields['a.tms']['label'], $_SERVER["PHP_SELF"], "a.tms,a.id", $param, "", 'align="center"', $sortfield, $sortorder); +} + +if (!empty($arrayfields['a.percent']['checked'])) { + print_liste_field_titre("Status", $_SERVER["PHP_SELF"], "a.percent", $param, "", 'align="center"', $sortfield, $sortorder); +} +print_liste_field_titre($selectedfields, $_SERVER["PHP_SELF"], "", '', '', 'align="center"', $sortfield, $sortorder, 'maxwidthsearch '); +print "\n"; + +$contactstatic = new Contact($db); +$now = dol_now(); +$delay_warning = $conf->global->MAIN_DELAY_ACTIONS_TODO * 24 * 60 * 60; + +require_once DOL_DOCUMENT_ROOT.'/comm/action/class/cactioncomm.class.php'; +$caction = new CActionComm($db); +$arraylist = $caction->liste_array(1, 'code', '', (empty($conf->global->AGENDA_USE_EVENT_TYPE) ? 1 : 0), '', 1); +$contactListCache = array(); + +while ($i < min($num, $limit)) { + $obj = $db->fetch_object($resql); + + // Discard auto action if option is on + if (!empty($conf->global->AGENDA_ALWAYS_HIDE_AUTO) && $obj->type_code == 'AC_OTH_AUTO') { + $i++; + continue; } - $viewmode = ''; - $viewmode .= ''; - //$viewmode .= ''; - $viewmode .= img_picto($langs->trans("List"), 'object_list', 'class="pictoactionview block"'); - //$viewmode .= ''; - $viewmode .= ''.$langs->trans("ViewList").''; + $actionstatic->id = $obj->id; + $actionstatic->ref = $obj->id; + $actionstatic->code = $obj->code; + $actionstatic->type_code = $obj->type_code; + $actionstatic->type_label = $obj->type_label; + $actionstatic->type_picto = $obj->type_picto; + $actionstatic->type_color = $obj->type_color; + $actionstatic->label = $obj->label; + $actionstatic->location = $obj->location; + $actionstatic->note_private = dol_htmlentitiesbr($obj->note); - $viewmode .= ''; - //$viewmode .= ''; - $viewmode .= img_picto($langs->trans("ViewCal"), 'object_calendarmonth', 'class="pictoactionview block"'); - //$viewmode .= ''; - $viewmode .= ''.$langs->trans("ViewCal").''; - - $viewmode .= ''; - //$viewmode .= ''; - $viewmode .= img_picto($langs->trans("ViewWeek"), 'object_calendarweek', 'class="pictoactionview block"'); - //$viewmode .= ''; - $viewmode .= ''.$langs->trans("ViewWeek").''; - - $viewmode .= ''; - //$viewmode .= ''; - $viewmode .= img_picto($langs->trans("ViewDay"), 'object_calendarday', 'class="pictoactionview block"'); - //$viewmode .= ''; - $viewmode .= ''.$langs->trans("ViewDay").''; - - $viewmode .= ''; - //$viewmode .= ''; - $viewmode .= img_picto($langs->trans("ViewPerUser"), 'object_calendarperuser', 'class="pictoactionview block"'); - //$viewmode .= ''; - $viewmode .= ''.$langs->trans("ViewPerUser").''; - - $viewmode .= ''; - - // Add more views from hooks - $parameters = array(); $object = null; - $reshook = $hookmanager->executeHooks('addCalendarView', $parameters, $object, $action); - if (empty($reshook)) { - $viewmode .= $hookmanager->resPrint; - } elseif ($reshook > 1) { - $viewmode = $hookmanager->resPrint; - } - - $tmpforcreatebutton = dol_getdate(dol_now(), true); - - $newparam .= '&month='.str_pad($month, 2, "0", STR_PAD_LEFT).'&year='.$tmpforcreatebutton['year']; - - //$param='month='.$monthshown.'&year='.$year; - $hourminsec = '100000'; - - $url = DOL_URL_ROOT.'/comm/action/card.php?action=create'; - $url .= '&datep='.sprintf("%04d%02d%02d", $tmpforcreatebutton['year'], $tmpforcreatebutton['mon'], $tmpforcreatebutton['mday']).$hourminsec; - $url .= '&backtopage='.urlencode($_SERVER["PHP_SELF"].($newparam ? '?'.$newparam : '')); - - $newcardbutton = dolGetButtonTitle($langs->trans('AddAction'), '', 'fa fa-plus-circle', $url, '', $user->rights->agenda->myactions->create || $user->rights->agenda->allactions->create); - - $param .= '&action='.$action; - - print_barre_liste($langs->trans("Agenda"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, -1 * $nbtotalofrecords, 'object_action', 0, $nav.$newcardbutton, '', $limit, 0, 0, 1, $viewmode); - - print $s; - - $objecttmp = new ActionComm($db); - include DOL_DOCUMENT_ROOT.'/core/tpl/massactions_pre.tpl.php'; - - $moreforfilter = ''; - - $varpage = empty($contextpage) ? $_SERVER["PHP_SELF"] : $contextpage; - $selectedfields = $form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage); // This also change content of $arrayfields - if ($massactionbutton) { - $selectedfields .= $form->showCheckAddButtons('checkforselect', 1); - } - $i = 0; - - print '
'; - print_actions_filter($form, $canedit, $search_status, $year, $month, $day, $showbirthday, 0, $filtert, 0, $pid, $socid, $action, -1, $actioncode, $usergroup, '', $resourceid); - print '
'; - - print '
'; - print '
'; + print $form->selectDate($datestart, 'datestart', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzuserrel'); + print ''; + print $form->selectDate($dateend, 'dateend', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzuserrel'); + print ''; + $formactions->form_select_status_action('formaction', $search_status, 1, 'search_status', 1, 2, 'minwidth100imp maxwidth125'); + print ajax_combobox('selectsearch_status'); + print ''; +$searchpicto = $form->showFilterButtons(); +print $searchpicto; +print '
'."\n"; - - print ''; - if (!empty($arrayfields['a.id']['checked'])) { - print ''; - } - if (!empty($arrayfields['owner']['checked'])) { - print ''; - } - if (!empty($arrayfields['c.libelle']['checked'])) { - print ''; - } - if (!empty($arrayfields['a.label']['checked'])) { - print ''; - } - if (!empty($arrayfields['a.note']['checked'])) { - print ''; - } - if (!empty($arrayfields['a.datep']['checked'])) { - print ''; - } - if (!empty($arrayfields['a.datep2']['checked'])) { - print ''; - } - if (!empty($arrayfields['s.nom']['checked'])) { - print ''; - } + // Initialize $this->userassigned && this->socpeopleassigned array && this->userownerid + // but only if we need it if (!empty($arrayfields['a.fk_contact']['checked'])) { - print ''; + $actionstatic->fetchResources(); } + + print ''; + + // Ref + if (!empty($arrayfields['a.id']['checked'])) { + print ''; + } + + // User owner + if (!empty($arrayfields['owner']['checked'])) { + print ''; + } + + // Type + if (!empty($arrayfields['c.libelle']['checked'])) { + print ''; + } + + // Label + if (!empty($arrayfields['a.label']['checked'])) { + print ''; + } + + // Description + if (!empty($arrayfields['a.note']['checked'])) { + print ''; + } + + $formatToUse = $obj->fulldayevent ? 'day' : 'dayhour'; + + // Start date + if (!empty($arrayfields['a.datep']['checked'])) { + print ''; + } + + // End date + if (!empty($arrayfields['a.datep2']['checked'])) { + print ''; + } + + // Third party + if (!empty($arrayfields['s.nom']['checked'])) { + print ''; + } + + // Contact + if (!empty($arrayfields['a.fk_contact']['checked'])) { + print ''; + } + + // Linked object if (!empty($arrayfields['a.fk_element']['checked'])) { - print ''; + print ''; } // Extra fields - include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_input.tpl.php'; - + include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_print_fields.tpl.php'; // Fields from hook - $parameters = array('arrayfields'=>$arrayfields); - $reshook = $hookmanager->executeHooks('printFieldListOption', $parameters); // Note that $action and $object may have been modified by hook + $parameters = array('arrayfields'=>$arrayfields, 'obj'=>$obj, 'i'=>$i, 'totalarray'=>&$totalarray); + $reshook = $hookmanager->executeHooks('printFieldListValue', $parameters); // Note that $action and $object may have been modified by hook print $hookmanager->resPrint; + // Date creation if (!empty($arrayfields['a.datec']['checked'])) { - print ''; + // Status/Percent + print ''; } + // Date update if (!empty($arrayfields['a.tms']['checked'])) { - print ''; + print ''; } if (!empty($arrayfields['a.percent']['checked'])) { - print ''; + // Status/Percent + $datep = $db->jdate($obj->dp); + print ''; } // Action column - print ''; + print "\n"; - - print ''; - if (!empty($arrayfields['a.id']['checked'])) { - print_liste_field_titre($arrayfields['a.id']['label'], $_SERVER["PHP_SELF"], "a.id", $param, "", "", $sortfield, $sortorder); - } - if (!empty($arrayfields['owner']['checked'])) { - print_liste_field_titre($arrayfields['owner']['label'], $_SERVER["PHP_SELF"], "", $param, "", "", $sortfield, $sortorder); - } - if (!empty($arrayfields['c.libelle']['checked'])) { - print_liste_field_titre($arrayfields['c.libelle']['label'], $_SERVER["PHP_SELF"], "c.libelle", $param, "", "", $sortfield, $sortorder); - } - if (!empty($arrayfields['a.label']['checked'])) { - print_liste_field_titre($arrayfields['a.label']['label'], $_SERVER["PHP_SELF"], "a.label", $param, "", "", $sortfield, $sortorder); - } - if (!empty($arrayfields['a.note']['checked'])) { - print_liste_field_titre($arrayfields['a.note']['label'], $_SERVER["PHP_SELF"], "a.note", $param, "", "", $sortfield, $sortorder); - } - //if (! empty($conf->global->AGENDA_USE_EVENT_TYPE)) - if (!empty($arrayfields['a.datep']['checked'])) { - print_liste_field_titre($arrayfields['a.datep']['label'], $_SERVER["PHP_SELF"], "a.datep,a.id", $param, '', 'align="center"', $sortfield, $sortorder); - } - if (!empty($arrayfields['a.datep2']['checked'])) { - print_liste_field_titre($arrayfields['a.datep2']['label'], $_SERVER["PHP_SELF"], "a.datep2", $param, '', 'align="center"', $sortfield, $sortorder); - } - if (!empty($arrayfields['s.nom']['checked'])) { - print_liste_field_titre($arrayfields['s.nom']['label'], $_SERVER["PHP_SELF"], "s.nom", $param, "", "", $sortfield, $sortorder); - } - if (!empty($arrayfields['a.fk_contact']['checked'])) { - print_liste_field_titre($arrayfields['a.fk_contact']['label'], $_SERVER["PHP_SELF"], "", $param, "", "", $sortfield, $sortorder); - } - if (!empty($arrayfields['a.fk_element']['checked'])) { - print_liste_field_titre($arrayfields['a.fk_element']['label'], $_SERVER["PHP_SELF"], "", $param, "", "", $sortfield, $sortorder); - } - - // Extra fields - include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_title.tpl.php'; - - // Hook fields - $parameters = array('arrayfields'=>$arrayfields, 'param'=>$param, 'sortfield'=>$sortfield, 'sortorder'=>$sortorder); - $reshook = $hookmanager->executeHooks('printFieldListTitle', $parameters); // Note that $action and $object may have been modified by hook - print $hookmanager->resPrint; - - if (!empty($arrayfields['a.datec']['checked'])) { - print_liste_field_titre($arrayfields['a.datec']['label'], $_SERVER["PHP_SELF"], "a.datec,a.id", $param, "", 'align="center"', $sortfield, $sortorder); - } - if (!empty($arrayfields['a.tms']['checked'])) { - print_liste_field_titre($arrayfields['a.tms']['label'], $_SERVER["PHP_SELF"], "a.tms,a.id", $param, "", 'align="center"', $sortfield, $sortorder); - } - - if (!empty($arrayfields['a.percent']['checked'])) { - print_liste_field_titre("Status", $_SERVER["PHP_SELF"], "a.percent", $param, "", 'align="center"', $sortfield, $sortorder); - } - print_liste_field_titre($selectedfields, $_SERVER["PHP_SELF"], "", '', '', 'align="center"', $sortfield, $sortorder, 'maxwidthsearch '); - print "\n"; - - $contactstatic = new Contact($db); - $now = dol_now(); - $delay_warning = $conf->global->MAIN_DELAY_ACTIONS_TODO * 24 * 60 * 60; - - require_once DOL_DOCUMENT_ROOT.'/comm/action/class/cactioncomm.class.php'; - $caction = new CActionComm($db); - $arraylist = $caction->liste_array(1, 'code', '', (empty($conf->global->AGENDA_USE_EVENT_TYPE) ? 1 : 0), '', 1); - $contactListCache = array(); - - while ($i < min($num, $limit)) { - $obj = $db->fetch_object($resql); - - // Discard auto action if option is on - if (!empty($conf->global->AGENDA_ALWAYS_HIDE_AUTO) && $obj->type_code == 'AC_OTH_AUTO') { - $i++; - continue; - } - - $actionstatic->id = $obj->id; - $actionstatic->ref = $obj->id; - $actionstatic->code = $obj->code; - $actionstatic->type_code = $obj->type_code; - $actionstatic->type_label = $obj->type_label; - $actionstatic->type_picto = $obj->type_picto; - $actionstatic->type_color = $obj->type_color; - $actionstatic->label = $obj->label; - $actionstatic->location = $obj->location; - $actionstatic->note_private = dol_htmlentitiesbr($obj->note); - - // Initialize $this->userassigned && this->socpeopleassigned array && this->userownerid - // but only if we need it - if (!empty($arrayfields['a.fk_contact']['checked'])) { - $actionstatic->fetchResources(); - } - - print ''; - - // Ref - if (!empty($arrayfields['a.id']['checked'])) { - print ''; - } - - // User owner - if (!empty($arrayfields['owner']['checked'])) { - print ''; - } - - // Type - if (!empty($arrayfields['c.libelle']['checked'])) { - print ''; - } - - // Label - if (!empty($arrayfields['a.label']['checked'])) { - print ''; - } - - // Description - if (!empty($arrayfields['a.note']['checked'])) { - print ''; - } - - $formatToUse = $obj->fulldayevent ? 'day' : 'dayhour'; - - // Start date - if (!empty($arrayfields['a.datep']['checked'])) { - print ''; - } - - // End date - if (!empty($arrayfields['a.datep2']['checked'])) { - print ''; - } - - // Third party - if (!empty($arrayfields['s.nom']['checked'])) { - print ''; - } - - // Contact - if (!empty($arrayfields['a.fk_contact']['checked'])) { - print ''; - } - - // Linked object - if (!empty($arrayfields['a.fk_element']['checked'])) { - print ''; - } - - // Extra fields - include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_print_fields.tpl.php'; - // Fields from hook - $parameters = array('arrayfields'=>$arrayfields, 'obj'=>$obj, 'i'=>$i, 'totalarray'=>&$totalarray); - $reshook = $hookmanager->executeHooks('printFieldListValue', $parameters); // Note that $action and $object may have been modified by hook - print $hookmanager->resPrint; - - // Date creation - if (!empty($arrayfields['a.datec']['checked'])) { - // Status/Percent - print ''; - } - // Date update - if (!empty($arrayfields['a.tms']['checked'])) { - print ''; - } - if (!empty($arrayfields['a.percent']['checked'])) { - // Status/Percent - $datep = $db->jdate($obj->dp); - print ''; - } - // Action column - print ''; - - print "\n"; - $i++; - } - print "
'; - print $form->selectDate($datestart, 'datestart', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzuserrel'); - print ''; - print $form->selectDate($dateend, 'dateend', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzuserrel'); - print '
'; + print $actionstatic->getNomUrl(1, -1); + print ''; // With edge and chrome the td overflow is not supported correctly when content is not full text. + if ($obj->fk_user_action > 0) { + $userstatic->fetch($obj->fk_user_action); + print $userstatic->getNomUrl(-1); + } else { + print ' '; + } + print ''; + print $actionstatic->getTypePicto(); + $labeltype = $obj->type_code; + if (empty($conf->global->AGENDA_USE_EVENT_TYPE) && empty($arraylist[$labeltype])) { + $labeltype = 'AC_OTH'; + } + if ($actionstatic->type_code == 'AC_OTH' && $actionstatic->code == 'TICKET_MSG') { + $labeltype = $langs->trans("Message"); + } else { + if (!empty($arraylist[$labeltype])) { + $labeltype = $arraylist[$labeltype]; + } + if ($obj->type_code == 'AC_OTH_AUTO' && ($obj->type_code != $obj->code) && $labeltype && !empty($arraylist[$obj->code])) { + $labeltype .= ' - '.$arraylist[$obj->code]; // Use code in priority on type_code + } + } + print dol_trunc($labeltype, 28); + print ''; + print $actionstatic->label; + print ''; + $text = dolGetFirstLineOfText(dol_string_nohtmltag($actionstatic->note_private, 0)); + print $form->textwithtooltip(dol_trunc($text, 40), $actionstatic->note_private); + print ''; + print dol_print_date($db->jdate($obj->dp), $formatToUse, 'tzuser'); + $late = 0; + if ($obj->percent == 0 && $obj->dp && $db->jdate($obj->dp) < ($now - $delay_warning)) { + $late = 1; + } + if ($obj->percent == 0 && !$obj->dp && $obj->dp2 && $db->jdate($obj->dp) < ($now - $delay_warning)) { + $late = 1; + } + if ($obj->percent > 0 && $obj->percent < 100 && $obj->dp2 && $db->jdate($obj->dp2) < ($now - $delay_warning)) { + $late = 1; + } + if ($obj->percent > 0 && $obj->percent < 100 && !$obj->dp2 && $obj->dp && $db->jdate($obj->dp) < ($now - $delay_warning)) { + $late = 1; + } + if ($late) { + print img_warning($langs->trans("Late")).' '; + } + print ''; + print dol_print_date($db->jdate($obj->dp2), $formatToUse, 'tzuser'); + print ''; + if ($obj->socid > 0) { + $societestatic->id = $obj->socid; + $societestatic->client = $obj->client; + $societestatic->name = $obj->societe; + $societestatic->email = $obj->socemail; + + print $societestatic->getNomUrl(1, '', 28); + } else { + print ' '; + } + print ''; + + if (!empty($actionstatic->socpeopleassigned)) { + $contactList = array(); + foreach ($actionstatic->socpeopleassigned as $socpeopleassigned) { + if (!isset($contactListCache[$socpeopleassigned['id']])) { + // if no cache found we fetch it + $contact = new Contact($db); + if ($contact->fetch($socpeopleassigned['id']) > 0) { + $contactListCache[$socpeopleassigned['id']] = $contact->getNomUrl(1, '', 0); + $contactList[] = $contact->getNomUrl(1, '', 0); + } + } else { + // use cache + $contactList[] = $contactListCache[$socpeopleassigned['id']]; + } + } + if (!empty($contactList)) { + print implode(', ', $contactList); + } + } elseif ($obj->fk_contact > 0) { //keep for retrocompatibility with faraway event + $contactstatic->id = $obj->fk_contact; + $contactstatic->email = $obj->email; + $contactstatic->lastname = $obj->lastname; + $contactstatic->firstname = $obj->firstname; + $contactstatic->phone_pro = $obj->phone_pro; + $contactstatic->phone_mobile = $obj->phone_mobile; + $contactstatic->phone_perso = $obj->phone_perso; + $contactstatic->country_id = $obj->country_id; + print $contactstatic->getNomUrl(1, '', 0); + } else { + print " "; + } + print ''; + //var_dump($obj->fkelement.' '.$obj->elementtype); + if ($obj->fk_element > 0 && !empty($obj->elementtype)) { + include_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; + print dolGetElementUrl($obj->fk_element, $obj->elementtype, 1); + } else { + print " "; + } + print ''.dol_print_date($db->jdate($obj->datec), 'dayhour', 'tzuser').''.dol_print_date($db->jdate($obj->datem), 'dayhour', 'tzuser').''; - $formactions->form_select_status_action('formaction', $search_status, 1, 'search_status', 1, 2, 'minwidth100imp maxwidth125'); - print ajax_combobox('selectsearch_status'); - print ''.$actionstatic->LibStatut($obj->percent, 5, 0, $datep).''; - $searchpicto = $form->showFilterButtons(); - print $searchpicto; + print ''; + if ($massactionbutton || $massaction) { // If we are in select mode (massactionbutton defined) or if we have already selected and sent an action ($massaction) defined + $selected = 0; + if (in_array($obj->id, $arrayofselected)) { + $selected = 1; + } + print ''; + } print '
'; - print $actionstatic->getNomUrl(1, -1); - print ''; // With edge and chrome the td overflow is not supported correctly when content is not full text. - if ($obj->fk_user_action > 0) { - $userstatic->fetch($obj->fk_user_action); - print $userstatic->getNomUrl(-1); - } else { - print ' '; - } - print ''; - print $actionstatic->getTypePicto(); - $labeltype = $obj->type_code; - if (empty($conf->global->AGENDA_USE_EVENT_TYPE) && empty($arraylist[$labeltype])) { - $labeltype = 'AC_OTH'; - } - if ($actionstatic->type_code == 'AC_OTH' && $actionstatic->code == 'TICKET_MSG') { - $labeltype = $langs->trans("Message"); - } else { - if (!empty($arraylist[$labeltype])) { - $labeltype = $arraylist[$labeltype]; - } - if ($obj->type_code == 'AC_OTH_AUTO' && ($obj->type_code != $obj->code) && $labeltype && !empty($arraylist[$obj->code])) { - $labeltype .= ' - '.$arraylist[$obj->code]; // Use code in priority on type_code - } - } - print dol_trunc($labeltype, 28); - print ''; - print $actionstatic->label; - print ''; - $text = dolGetFirstLineOfText(dol_string_nohtmltag($actionstatic->note_private, 0)); - print $form->textwithtooltip(dol_trunc($text, 40), $actionstatic->note_private); - print ''; - print dol_print_date($db->jdate($obj->dp), $formatToUse, 'tzuser'); - $late = 0; - if ($obj->percent == 0 && $obj->dp && $db->jdate($obj->dp) < ($now - $delay_warning)) { - $late = 1; - } - if ($obj->percent == 0 && !$obj->dp && $obj->dp2 && $db->jdate($obj->dp) < ($now - $delay_warning)) { - $late = 1; - } - if ($obj->percent > 0 && $obj->percent < 100 && $obj->dp2 && $db->jdate($obj->dp2) < ($now - $delay_warning)) { - $late = 1; - } - if ($obj->percent > 0 && $obj->percent < 100 && !$obj->dp2 && $obj->dp && $db->jdate($obj->dp) < ($now - $delay_warning)) { - $late = 1; - } - if ($late) { - print img_warning($langs->trans("Late")).' '; - } - print ''; - print dol_print_date($db->jdate($obj->dp2), $formatToUse, 'tzuser'); - print ''; - if ($obj->socid > 0) { - $societestatic->id = $obj->socid; - $societestatic->client = $obj->client; - $societestatic->name = $obj->societe; - $societestatic->email = $obj->socemail; - - print $societestatic->getNomUrl(1, '', 28); - } else { - print ' '; - } - print ''; - - if (!empty($actionstatic->socpeopleassigned)) { - $contactList = array(); - foreach ($actionstatic->socpeopleassigned as $socpeopleassigned) { - if (!isset($contactListCache[$socpeopleassigned['id']])) { - // if no cache found we fetch it - $contact = new Contact($db); - if ($contact->fetch($socpeopleassigned['id']) > 0) { - $contactListCache[$socpeopleassigned['id']] = $contact->getNomUrl(1, '', 0); - $contactList[] = $contact->getNomUrl(1, '', 0); - } - } else { - // use cache - $contactList[] = $contactListCache[$socpeopleassigned['id']]; - } - } - if (!empty($contactList)) { - print implode(', ', $contactList); - } - } elseif ($obj->fk_contact > 0) { //keep for retrocompatibility with faraway event - $contactstatic->id = $obj->fk_contact; - $contactstatic->email = $obj->email; - $contactstatic->lastname = $obj->lastname; - $contactstatic->firstname = $obj->firstname; - $contactstatic->phone_pro = $obj->phone_pro; - $contactstatic->phone_mobile = $obj->phone_mobile; - $contactstatic->phone_perso = $obj->phone_perso; - $contactstatic->country_id = $obj->country_id; - print $contactstatic->getNomUrl(1, '', 0); - } else { - print " "; - } - print ''; - //var_dump($obj->fkelement.' '.$obj->elementtype); - if ($obj->fk_element > 0 && !empty($obj->elementtype)) { - include_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; - print dolGetElementUrl($obj->fk_element, $obj->elementtype, 1); - } else { - print " "; - } - print ''.dol_print_date($db->jdate($obj->datec), 'dayhour', 'tzuser').''.dol_print_date($db->jdate($obj->datem), 'dayhour', 'tzuser').''.$actionstatic->LibStatut($obj->percent, 5, 0, $datep).''; - if ($massactionbutton || $massaction) { // If we are in select mode (massactionbutton defined) or if we have already selected and sent an action ($massaction) defined - $selected = 0; - if (in_array($obj->id, $arrayofselected)) { - $selected = 1; - } - print ''; - } - print '
"; - print '
'; - print '
'; - - $db->free($resql); -} else { - dol_print_error($db); + $i++; } +print ""; +print ''; +print ''; + +$db->free($resql); // End of page llxFooter(); diff --git a/htdocs/comm/action/pertype.php b/htdocs/comm/action/pertype.php index b39d6c3141d..b1fecbf6475 100644 --- a/htdocs/comm/action/pertype.php +++ b/htdocs/comm/action/pertype.php @@ -558,7 +558,7 @@ if ($pid) { $sql .= " AND a.fk_project=".((int) $pid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($socid > 0) { $sql .= ' AND a.fk_soc = '.((int) $socid); diff --git a/htdocs/comm/action/peruser.php b/htdocs/comm/action/peruser.php index 10d9871c4c9..413de33db1f 100644 --- a/htdocs/comm/action/peruser.php +++ b/htdocs/comm/action/peruser.php @@ -579,7 +579,7 @@ if ($pid) { $sql .= " AND a.fk_project = ".((int) $pid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($socid > 0) { $sql .= ' AND a.fk_soc = '.((int) $socid); diff --git a/htdocs/comm/card.php b/htdocs/comm/card.php index fefee1c07dd..015e06df36a 100644 --- a/htdocs/comm/card.php +++ b/htdocs/comm/card.php @@ -826,7 +826,7 @@ if ($object->id > 0) { $sql .= ", p.datep as dp, p.fin_validite as date_limit"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as p, ".MAIN_DB_PREFIX."c_propalst as c"; $sql .= " WHERE p.fk_soc = s.rowid AND p.fk_statut = c.id"; - $sql .= " AND s.rowid = ".$object->id; + $sql .= " AND s.rowid = ".((int) $object->id); $sql .= " AND p.entity IN (".getEntity('propal').")"; $sql .= " ORDER BY p.datep DESC"; @@ -891,7 +891,7 @@ if ($object->id > 0) { $sql .= ", c.facture as billed"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c"; $sql .= " WHERE c.fk_soc = s.rowid "; - $sql .= " AND s.rowid = ".$object->id; + $sql .= " AND s.rowid = ".((int) $object->id); $sql .= " AND c.entity IN (".getEntity('commande').')'; $sql .= " ORDER BY c.date_commande DESC"; @@ -907,7 +907,7 @@ if ($object->id > 0) { $sql2 .= ' FROM '.MAIN_DB_PREFIX.'societe as s'; $sql2 .= ', '.MAIN_DB_PREFIX.'commande as c'; $sql2 .= ' WHERE c.fk_soc = s.rowid'; - $sql2 .= ' AND s.rowid = '.$object->id; + $sql2 .= ' AND s.rowid = '.((int) $object->id); // Show orders with status validated, shipping started and delivered (well any order we can bill) $sql2 .= " AND ((c.fk_statut IN (1,2)) OR (c.fk_statut = 3 AND c.facture = 0))"; @@ -967,7 +967,7 @@ if ($object->id > 0) { $sql .= ', s.nom'; $sql .= ', s.rowid as socid'; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."expedition as e"; - $sql .= " WHERE e.fk_soc = s.rowid AND s.rowid = ".$object->id; + $sql .= " WHERE e.fk_soc = s.rowid AND s.rowid = ".((int) $object->id); $sql .= " AND e.entity IN (".getEntity('expedition').")"; $sql .= ' GROUP BY e.rowid'; $sql .= ', e.ref'; @@ -1032,7 +1032,7 @@ if ($object->id > 0) { $sql = "SELECT s.nom, s.rowid, c.rowid as id, c.ref as ref, c.statut as contract_status, c.datec as dc, c.date_contrat as dcon, c.ref_customer as refcus, c.ref_supplier as refsup"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c"; $sql .= " WHERE c.fk_soc = s.rowid "; - $sql .= " AND s.rowid = ".$object->id; + $sql .= " AND s.rowid = ".((int) $object->id); $sql .= " AND c.entity IN (".getEntity('contract').")"; $sql .= " ORDER BY c.datec DESC"; @@ -1106,7 +1106,7 @@ if ($object->id > 0) { $sql = "SELECT s.nom, s.rowid, f.rowid as id, f.ref, f.fk_statut, f.duree as duration, f.datei as startdate"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."fichinter as f"; $sql .= " WHERE f.fk_soc = s.rowid"; - $sql .= " AND s.rowid = ".$object->id; + $sql .= " AND s.rowid = ".((int) $object->id); $sql .= " AND f.entity IN (".getEntity('intervention').")"; $sql .= " ORDER BY f.tms DESC"; @@ -1171,7 +1171,7 @@ if ($object->id > 0) { $sql .= ', f.suspended as suspended'; $sql .= ', s.nom, s.rowid as socid'; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture_rec as f"; - $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id; + $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $object->id); $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= ' GROUP BY f.rowid, f.titre, f.total_ht, f.total_tva, f.total_ttc,'; $sql .= ' f.date_last_gen, f.datec, f.frequency, f.unit_frequency,'; @@ -1263,7 +1263,7 @@ if ($object->id > 0) { $sql .= ', SUM(pf.amount) as am'; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture as f"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiement_facture as pf ON f.rowid=pf.fk_facture'; - $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id; + $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $object->id); $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= ' GROUP BY f.rowid, f.ref, f.type, f.total_ht, f.total_tva, f.total_ttc,'; $sql .= ' f.datef, f.datec, f.paye, f.fk_statut,'; diff --git a/htdocs/comm/contact.php b/htdocs/comm/contact.php index 1d74cba61cd..52f6e675c5f 100644 --- a/htdocs/comm/contact.php +++ b/htdocs/comm/contact.php @@ -90,7 +90,7 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = p.fk_soc"; $sql .= " WHERE s.fk_stcomm = st.id"; $sql .= " AND p.entity IN (".getEntity('socpeople').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($type == "c") { $sql .= " AND s.client IN (1, 3)"; diff --git a/htdocs/comm/index.php b/htdocs/comm/index.php index 48e08ce3c0d..2603b520c77 100644 --- a/htdocs/comm/index.php +++ b/htdocs/comm/index.php @@ -106,10 +106,16 @@ print load_fiche_titre($langs->trans("CommercialArea"), '', 'commercial'); print '
'; -print getCustomerProposalPieChart($socid); -print '
'; -print getCustomerOrderPieChart($socid); -print '
'; +$tmp = getCustomerProposalPieChart($socid); +if ($tmp) { + print $tmp; + print '
'; +} +$tmp = getCustomerOrderPieChart($socid); +if ($tmp) { + print $tmp; + print '
'; +} /* * Draft customer proposals @@ -130,7 +136,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut = ".Propal::STATUS_DRAFT; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -227,7 +233,7 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa $sql .= " AND p.fk_statut = ".SupplierProposal::STATUS_DRAFT; $sql .= " AND p.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -323,7 +329,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { $sql .= " AND c.fk_statut = ".Commande::STATUS_DRAFT; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -420,10 +426,10 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU $sql .= " AND cf.fk_statut = ".CommandeFournisseur::STATUS_DRAFT; $sql .= " AND cf.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { - $sql .= " AND cf.fk_soc = ".$socid; + $sql .= " AND cf.fk_soc = ".((int) $socid); } $resql = $db->query($sql); @@ -561,7 +567,7 @@ if (!empty($conf->societe->enabled) && $user->rights->societe->lire) { $sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")"; $sql .= " AND s.client IN (".Societe::CUSTOMER.", ".Societe::PROSPECT.", ".Societe::CUSTOMER_AND_PROSPECT.")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = $socid"; @@ -657,7 +663,7 @@ if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_S $sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")"; $sql .= " AND s.fournisseur = ".Societe::SUPPLIER; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -763,7 +769,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire && 0) { // T $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.fk_product = p.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -838,7 +844,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut = ".Propal::STATUS_VALIDATED; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -954,7 +960,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.fk_statut IN (".Commande::STATUS_VALIDATED.", ".Commande::STATUS_SHIPMENTONPROCESS.")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/comm/mailing/card.php b/htdocs/comm/mailing/card.php index e03d13c29e8..8b97f23737e 100644 --- a/htdocs/comm/mailing/card.php +++ b/htdocs/comm/mailing/card.php @@ -165,7 +165,7 @@ if (empty($reshook)) { $now = dol_now(); // Positioning date of start sending - $sql = "UPDATE ".MAIN_DB_PREFIX."mailing SET date_envoi='".$db->idate($now)."' WHERE rowid=".$object->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."mailing SET date_envoi='".$db->idate($now)."' WHERE rowid=".((int) $object->id); $resql2 = $db->query($sql); if (!$resql2) { dol_print_error($db); @@ -368,7 +368,7 @@ if (empty($reshook)) { dol_syslog("comm/mailing/card.php: error for #".$i.($mail->error ? ' - '.$mail->error : ''), LOG_WARNING); $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles"; - $sql .= " SET statut=-1, error_text='".$db->escape($mail->error)."', date_envoi='".$db->idate($now)."' WHERE rowid=".$obj->rowid; + $sql .= " SET statut=-1, error_text='".$db->escape($mail->error)."', date_envoi='".$db->idate($now)."' WHERE rowid=".((int) $obj->rowid); $resql2 = $db->query($sql); if (!$resql2) { dol_print_error($db); diff --git a/htdocs/comm/mailing/cibles.php b/htdocs/comm/mailing/cibles.php index 3f2cfc2974c..4411b8a326a 100644 --- a/htdocs/comm/mailing/cibles.php +++ b/htdocs/comm/mailing/cibles.php @@ -60,7 +60,7 @@ $search_lastname = GETPOST("search_lastname", 'alphanohtml'); $search_firstname = GETPOST("search_firstname", 'alphanohtml'); $search_email = GETPOST("search_email", 'alphanohtml'); $search_other = GETPOST("search_other", 'alphanohtml'); -$search_dest_status = GETPOST('search_dest_status', 'alphanohtml'); +$search_dest_status = GETPOST('search_dest_status', 'int'); // Search modules dirs $modulesdir = dolGetModulesDirs('/mailings'); @@ -135,7 +135,7 @@ if (GETPOST('exportcsv', 'int')) { $sql = "SELECT mc.rowid, mc.lastname, mc.firstname, mc.email, mc.other, mc.statut as status, mc.date_envoi, mc.tms,"; $sql .= " mc.source_id, mc.source_type, mc.error_text"; $sql .= " FROM ".MAIN_DB_PREFIX."mailing_cibles as mc"; - $sql .= " WHERE mc.fk_mailing=".$object->id; + $sql .= " WHERE mc.fk_mailing=".((int) $object->id); $sql .= $db->order($sortfield, $sortorder); $resql = $db->query($sql); @@ -454,7 +454,7 @@ if ($object->fetch($id) >= 0) { $sql = "SELECT mc.rowid, mc.lastname, mc.firstname, mc.email, mc.other, mc.statut, mc.date_envoi, mc.tms,"; $sql .= " mc.source_url, mc.source_id, mc.source_type, mc.error_text"; $sql .= " FROM ".MAIN_DB_PREFIX."mailing_cibles as mc"; - $sql .= " WHERE mc.fk_mailing=".$object->id; + $sql .= " WHERE mc.fk_mailing=".((int) $object->id); $asearchcriteriahasbeenset = 0; if ($search_lastname) { $sql .= natural_search("mc.lastname", $search_lastname); @@ -473,7 +473,7 @@ if ($object->fetch($id) >= 0) { $asearchcriteriahasbeenset++; } if ($search_dest_status != '' && $search_dest_status >= -1) { - $sql .= " AND mc.statut=".$db->escape($search_dest_status)." "; + $sql .= " AND mc.statut = ".((int) $search_dest_status); $asearchcriteriahasbeenset++; } $sql .= $db->order($sortfield, $sortorder); @@ -539,6 +539,8 @@ if ($object->fetch($id) >= 0) { } $morehtmlcenter .= '   id.'">'.$langs->trans("Download").''; + $massactionbutton = ''; + print_barre_liste($langs->trans("MailSelectedRecipients"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $morehtmlcenter, $num, $nbtotalofrecords, 'generic', 0, '', '', $limit); print ''; diff --git a/htdocs/comm/mailing/class/advtargetemailing.class.php b/htdocs/comm/mailing/class/advtargetemailing.class.php index 9051ebfa921..79e25c83385 100644 --- a/htdocs/comm/mailing/class/advtargetemailing.class.php +++ b/htdocs/comm/mailing/class/advtargetemailing.class.php @@ -181,7 +181,7 @@ class AdvanceTargetingMailing extends CommonObject $this->db->begin(); - dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { $error++; $this->errors[] = "Error ".$this->db->lasterror(); @@ -230,7 +230,7 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."advtargetemailing as t"; $sql .= " WHERE t.rowid = ".((int) $id); - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { if ($this->db->num_rows($resql)) { @@ -289,7 +289,7 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " WHERE t.fk_element = ".((int) $this->fk_element)." AND type_element = 'mailing'"; } - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { if ($this->db->num_rows($resql)) { @@ -352,7 +352,7 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " WHERE t.fk_element = ".((int) $this->fk_element)." AND type_element = '".$this->db->escape($type_element)."'"; } - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { if ($this->db->num_rows($resql)) { @@ -422,7 +422,7 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); - dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -600,31 +600,31 @@ class AdvanceTargetingMailing extends CommonObject if (($extrafields->attributes[$elementtype]['type'][$key] == 'varchar') || ($extrafields->attributes[$elementtype]['type'][$key] == 'text')) { if (!empty($arrayquery['options_'.$key])) { - $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key])."')"; + $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery["options_".$key])."')"; } } elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'int') || ($extrafields->attributes[$elementtype]['type'][$key] == 'double')) { if (!empty($arrayquery['options_'.$key.'_max'])) { - $sqlwhere[] = " (te.".$key." >= ".$arrayquery['options_'.$key.'_max']." AND te.".$key." <= ".$arrayquery['options_'.$key.'_min'].")"; + $sqlwhere[] = " (te.".$key." >= ".((float) $arrayquery["options_".$key."_max"])." AND te.".$key." <= ".((float) $arrayquery["options_".$key.'_min']).")"; } } elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'date') || ($extrafields->attributes[$elementtype]['type'][$key] == 'datetime')) { if (!empty($arrayquery['options_'.$key.'_end_dt'])) { - $sqlwhere[] = " (te.".$key." >= '".$this->db->idate($arrayquery['options_'.$key.'_st_dt'])."' AND te.".$key." <= '".$this->db->idate($arrayquery['options_'.$key.'_end_dt'])."')"; + $sqlwhere[] = " (te.".$key." >= '".$this->db->idate($arrayquery["options_".$key."_st_dt"])."' AND te.".$key." <= '".$this->db->idate($arrayquery["options_".$key."_end_dt"])."')"; } } elseif ($extrafields->attributes[$elementtype]['type'][$key] == 'boolean') { if ($arrayquery['options_'.$key] != '') { - $sqlwhere[] = " (te.".$key." = ".((int) $arrayquery['options_'.$key]).")"; + $sqlwhere[] = " (te.".$key." = ".((int) $arrayquery["options_".$key]).")"; } } elseif ($extrafields->attributes[$elementtype]['type'][$key] == 'link') { if ($arrayquery['options_'.$key] > 0) { - $sqlwhere[]= " (te.".$key." = ".((int) $arrayquery['options_'.$key]).")"; + $sqlwhere[]= " (te.".$key." = ".((int) $arrayquery["options_".$key]).")"; } } else { if (is_array($arrayquery['options_'.$key])) { - $sqlwhere[] = " (te.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery['options_'.$key])."'", 1)."))"; + $sqlwhere[] = " (te.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery["options_".$key])."'", 1)."))"; } elseif (!empty($arrayquery['options_'.$key])) { - $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key])."')"; + $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery["options_".$key])."')"; } } } @@ -636,7 +636,7 @@ class AdvanceTargetingMailing extends CommonObject } - dol_syslog(get_class($this)."::query_thirdparty sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::query_thirdparty", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $this->thirdparty_lines = array(); @@ -743,31 +743,31 @@ class AdvanceTargetingMailing extends CommonObject if (($extrafields->attributes[$elementtype]['type'][$key] == 'varchar') || ($extrafields->attributes[$elementtype]['type'][$key] == 'text')) { if (!empty($arrayquery['options_'.$key.'_cnct'])) { - $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key.'_cnct'])."')"; + $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery["options_".$key."_cnct"])."')"; } } elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'int') || ($extrafields->attributes[$elementtype]['type'][$key] == 'double')) { if (!empty($arrayquery['options_'.$key.'_max_cnct'])) { - $sqlwhere[] = " (te.".$key." >= ".$arrayquery['options_'.$key.'_max_cnct']." AND te.".$key." <= ".$arrayquery['options_'.$key.'_min_cnct'].")"; + $sqlwhere[] = " (te.".$key." >= ".((float) $arrayquery["options_".$key."_max_cnct"])." AND te.".$key." <= ".((float) $arrayquery["options_".$key."_min_cnct"]).")"; } } elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'date') || ($extrafields->attributes[$elementtype]['type'][$key] == 'datetime')) { if (!empty($arrayquery['options_'.$key.'_end_dt_cnct'])) { - $sqlwhere[] = " (te.".$key." >= '".$this->db->idate($arrayquery['options_'.$key.'_st_dt_cnct'])."' AND te.".$key." <= '".$this->db->idate($arrayquery['options_'.$key.'_end_dt_cnct'])."')"; + $sqlwhere[] = " (te.".$key." >= '".$this->db->idate($arrayquery["options_".$key."_st_dt_cnct"])."' AND te.".$key." <= '".$this->db->idate($arrayquery["options_".$key."_end_dt_cnct"])."')"; } } elseif ($extrafields->attributes[$elementtype]['type'][$key] == 'boolean') { if ($arrayquery['options_'.$key.'_cnct'] != '') { if ($arrayquery['options_'.$key.'_cnct'] == 0) { - $sqlwhere[] = " (te.".$key." = ".$arrayquery['options_'.$key.'_cnct']." OR ((te.".$key." IS NULL) AND (te.fk_object IS NOT NULL)))"; + $sqlwhere[] = " (te.".$key." = ".((int) $arrayquery["options_".$key."_cnct"])." OR ((te.".$key." IS NULL) AND (te.fk_object IS NOT NULL)))"; } else { - $sqlwhere[] = " (te.".$key." = ".$arrayquery['options_'.$key.'_cnct'].")"; + $sqlwhere[] = " (te.".$key." = ".((int) $arrayquery["options_".$key."_cnct"]).")"; } } } else { if (is_array($arrayquery['options_'.$key.'_cnct'])) { - $sqlwhere[] = " (te.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery['options_'.$key.'_cnct'])."'", 1)."))"; + $sqlwhere[] = " (te.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery["options_".$key."_cnct"])."'", 1)."))"; } elseif (!empty($arrayquery['options_'.$key.'_cnct'])) { - $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key.'_cnct'])."')"; + $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery["options_".$key."_cnct"])."')"; } } } @@ -850,22 +850,22 @@ class AdvanceTargetingMailing extends CommonObject } elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'int') || ($extrafields->attributes[$elementtype]['type'][$key] == 'double')) { if (!empty($arrayquery['options_'.$key.'_max'])) { - $sqlwhere[] = " (tse.".$key." >= ".$arrayquery['options_'.$key.'_max']." AND tse.".$key." <= ".$arrayquery['options_'.$key.'_min'].")"; + $sqlwhere[] = " (tse.".$key." >= ".((float) $arrayquery["options_".$key."_max"])." AND tse.".$key." <= ".((float) $arrayquery["options_".$key."_min"]).")"; } } elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'date') || ($extrafields->attributes[$elementtype]['type'][$key] == 'datetime')) { if (!empty($arrayquery['options_'.$key.'_end_dt'])) { - $sqlwhere[] = " (tse.".$key." >= '".$this->db->idate($arrayquery['options_'.$key.'_st_dt'])."' AND tse.".$key." <= '".$this->db->idate($arrayquery['options_'.$key.'_end_dt'])."')"; + $sqlwhere[] = " (tse.".$key." >= '".$this->db->idate($arrayquery["options_".$key."_st_dt"])."' AND tse.".$key." <= '".$this->db->idate($arrayquery["options_".$key."_end_dt"])."')"; } } elseif ($extrafields->attributes[$elementtype]['type'][$key] == 'boolean') { if ($arrayquery['options_'.$key] != '') { - $sqlwhere[] = " (tse.".$key." = ".$arrayquery['options_'.$key].")"; + $sqlwhere[] = " (tse.".$key." = ".((int) $arrayquery["options_".$key]).")"; } } else { if (is_array($arrayquery['options_'.$key])) { - $sqlwhere[] = " (tse.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery['options_'.$key])."'", 1)."))"; + $sqlwhere[] = " (tse.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery["options_".$key])."'", 1)."))"; } elseif (!empty($arrayquery['options_'.$key])) { - $sqlwhere[] = " (tse.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key])."')"; + $sqlwhere[] = " (tse.".$key." LIKE '".$this->db->escape($arrayquery["options_".$key])."')"; } } } @@ -877,7 +877,7 @@ class AdvanceTargetingMailing extends CommonObject } } - dol_syslog(get_class($this)."::query_contact sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::query_contact", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $this->contact_lines = array(); diff --git a/htdocs/comm/mailing/class/html.formadvtargetemailing.class.php b/htdocs/comm/mailing/class/html.formadvtargetemailing.class.php index 12684e5f873..cfdca4a1fc2 100644 --- a/htdocs/comm/mailing/class/html.formadvtargetemailing.class.php +++ b/htdocs/comm/mailing/class/html.formadvtargetemailing.class.php @@ -237,22 +237,22 @@ class FormAdvTargetEmailing extends Form $keyList = 'rowid'; if (count($InfoFieldList) >= 3) { - if (strpos($InfoFieldList [3], 'extra.') !== false) { - $keyList = 'main.'.$InfoFieldList [2].' as rowid'; + if (strpos($InfoFieldList[3], 'extra.') !== false) { + $keyList = 'main.'.$InfoFieldList[2].' as rowid'; } else { - $keyList = $InfoFieldList [2].' as rowid'; + $keyList = $InfoFieldList[2].' as rowid'; } } - $sql = 'SELECT '.$keyList.', '.$InfoFieldList [1]; - $sql .= ' FROM '.MAIN_DB_PREFIX.$InfoFieldList [0]; - if (!empty($InfoFieldList [3])) { + $sql = "SELECT ".$keyList.", ".$InfoFieldList[1]; + $sql .= " FROM ".MAIN_DB_PREFIX.$InfoFieldList[0]; + if (!empty($InfoFieldList[3])) { // We have to join on extrafield table - if (strpos($InfoFieldList [3], 'extra') !== false) { - $sql .= ' as main, '.MAIN_DB_PREFIX.$InfoFieldList [0].'_extrafields as extra'; - $sql .= ' WHERE extra.fk_object=main.'.$InfoFieldList [2].' AND '.$InfoFieldList [3]; + if (strpos($InfoFieldList[3], 'extra') !== false) { + $sql .= ' as main, '.MAIN_DB_PREFIX.$InfoFieldList[0].'_extrafields as extra'; + $sql .= " WHERE extra.fk_object=main.".$InfoFieldList[2]." AND ".$InfoFieldList[3]; } else { - $sql .= ' WHERE '.$InfoFieldList [3]; + $sql .= " WHERE ".$InfoFieldList[3]; } } if (!empty($InfoFieldList[1])) { @@ -267,7 +267,7 @@ class FormAdvTargetEmailing extends Form if ($num) { while ($i < $num) { $obj = $this->db->fetch_object($resql); - $labeltoshow = dol_trunc($obj->$InfoFieldList [1], 90); + $labeltoshow = dol_trunc($obj->$InfoFieldList[1], 90); $options_array[$obj->rowid] = $labeltoshow; $i++; } diff --git a/htdocs/comm/mailing/class/mailing.class.php b/htdocs/comm/mailing/class/mailing.class.php index d281fcb1a3a..2f9ef25af31 100644 --- a/htdocs/comm/mailing/class/mailing.class.php +++ b/htdocs/comm/mailing/class/mailing.class.php @@ -228,7 +228,7 @@ class Mailing extends CommonObject $sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing"; $sql .= " (date_creat, fk_user_creat, entity)"; - $sql .= " VALUES ('".$this->db->idate($now)."', ".$user->id.", ".$conf->entity.")"; + $sql .= " VALUES ('".$this->db->idate($now)."', ".((int) $user->id).", ".((int) $conf->entity).")"; if (!$this->title) { $this->title = $langs->trans("NoTitle"); @@ -490,7 +490,7 @@ class Mailing extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."mailing "; $sql .= " SET statut = 1, date_valid = '".$this->db->idate($now)."', fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("Mailing::valid", LOG_DEBUG); if ($this->db->query($sql)) { @@ -555,7 +555,7 @@ class Mailing extends CommonObject { // phpcs:enable $sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_cibles"; - $sql .= " WHERE fk_mailing = ".$this->id; + $sql .= " WHERE fk_mailing = ".((int) $this->id); dol_syslog("Mailing::delete_targets", LOG_DEBUG); $resql = $this->db->query($sql); @@ -582,7 +582,7 @@ class Mailing extends CommonObject // phpcs:enable $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles"; $sql .= " SET statut = 0"; - $sql .= " WHERE fk_mailing = ".$this->id; + $sql .= " WHERE fk_mailing = ".((int) $this->id); dol_syslog("Mailing::reset_targets_status", LOG_DEBUG); $resql = $this->db->query($sql); @@ -604,7 +604,7 @@ class Mailing extends CommonObject public function countNbOfTargets($mode) { $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."mailing_cibles"; - $sql .= " WHERE fk_mailing = ".$this->id; + $sql .= " WHERE fk_mailing = ".((int) $this->id); if ($mode == 'alreadysent') { $sql .= " AND statut <> 0"; } elseif ($mode == 'alreadysentok') { @@ -638,7 +638,7 @@ class Mailing extends CommonObject public function refreshNbOfTargets() { $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."mailing_cibles"; - $sql .= " WHERE fk_mailing = ".$this->id; + $sql .= " WHERE fk_mailing = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -647,7 +647,7 @@ class Mailing extends CommonObject $nbforupdate = $obj->nb; $sql = 'UPDATE '.MAIN_DB_PREFIX.'mailing SET nbemail = '.((int) $nbforupdate); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= ' WHERE rowid = '.((int) $this->id); $resqlupdate = $this->db->query($sql); if (! $resqlupdate) { diff --git a/htdocs/comm/multiprix.php b/htdocs/comm/multiprix.php index fb10c6435af..8da9a17ebb2 100644 --- a/htdocs/comm/multiprix.php +++ b/htdocs/comm/multiprix.php @@ -121,7 +121,7 @@ if ($_socid > 0) { print dol_get_fiche_end(); - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ""; @@ -134,7 +134,7 @@ if ($_socid > 0) { */ $sql = "SELECT rc.rowid,rc.price_level, rc.datec as dc, u.rowid as uid, u.login"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_prices as rc, ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE rc.fk_soc =".$objsoc->id; + $sql .= " WHERE rc.fk_soc = ".((int) $objsoc->id); $sql .= " AND u.rowid = rc.fk_user_author"; $sql .= " ORDER BY rc.datec DESC"; diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index 163581221a8..3020f9af822 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -1860,11 +1860,8 @@ if ($action == 'create') { print dol_get_fiche_end(); $langs->load("bills"); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + + print $form->buttonsSaveCancel("CreateDraft"); print ""; diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index 3bc30d7d729..d92638d7347 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -1727,7 +1727,7 @@ class Propal extends CommonObject $sql .= ' d.fk_multicurrency, d.multicurrency_code, d.multicurrency_subprice, d.multicurrency_total_ht, d.multicurrency_total_tva, d.multicurrency_total_ttc'; $sql .= ' FROM '.MAIN_DB_PREFIX.'propaldet as d'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON (d.fk_product = p.rowid)'; - $sql .= ' WHERE d.fk_propal = '.$this->id; + $sql .= ' WHERE d.fk_propal = '.((int) $this->id); if ($only_product) { $sql .= ' AND p.fk_product_type = 0'; } @@ -1879,8 +1879,8 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; $sql .= " SET ref = '".$this->db->escape($num)."',"; - $sql .= " fk_statut = ".self::STATUS_VALIDATED.", date_valid='".$this->db->idate($now)."', fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " fk_statut = ".self::STATUS_VALIDATED.", date_valid='".$this->db->idate($now)."', fk_user_valid=".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(get_class($this)."::valid", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1906,7 +1906,7 @@ class Propal extends CommonObject if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'propale/".$this->db->escape($this->newref)."'"; - $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'propale/".$this->db->escape($this->ref)."' and entity = ".$conf->entity; + $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'propale/".$this->db->escape($this->ref)."' and entity = ".((int) $conf->entity); $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -1974,7 +1974,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET datep = '".$this->db->idate($date)."'"; - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2030,7 +2030,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET fin_validite = ".($date_fin_validite != '' ? "'".$this->db->idate($date_fin_validite)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2101,7 +2101,7 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal "; $sql .= " SET date_livraison = ".($delivery_date != '' ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2156,9 +2156,9 @@ class Propal extends CommonObject $this->db->begin(); - $sql = "UPDATE ".MAIN_DB_PREFIX."propal "; - $sql .= " SET fk_availability = '".$id."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; + $sql .= " SET fk_availability = ".((int) $id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__.' availability('.$id.')', LOG_DEBUG); $resql = $this->db->query($sql); @@ -2221,7 +2221,7 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal "; $sql .= " SET fk_input_reason = ".((int) $id); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2284,8 +2284,8 @@ class Propal extends CommonObject $this->db->begin(); - $sql = 'UPDATE '.MAIN_DB_PREFIX.'propal SET ref_client = '.(empty($ref_client) ? 'NULL' : '\''.$this->db->escape($ref_client).'\''); - $sql .= ' WHERE rowid = '.$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET ref_client = ".(empty($ref_client) ? 'NULL' : "'".$this->db->escape($ref_client)."'"); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__.' $this->id='.$this->id.', ref_client='.$ref_client, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2346,7 +2346,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET remise_percent = ".((float) $remise); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2409,7 +2409,7 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; $sql .= " SET remise_absolue = ".((float) $remise); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2530,7 +2530,7 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; $sql .= " SET fk_statut = ".((int) $status).", note_private = '".$this->db->escape($newprivatenote)."', date_signature='".$this->db->idate($now)."', fk_user_signature=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -2627,8 +2627,8 @@ class Propal extends CommonObject $newprivatenote = dol_concatdesc($this->note_private, $note); $sql = 'UPDATE '.MAIN_DB_PREFIX.'propal SET fk_statut = '.self::STATUS_BILLED.", "; - $sql .= " note_private = '".$this->db->escape($newprivatenote)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_SIGNED; + $sql .= " note_private = '".$this->db->escape($newprivatenote)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".((int) $user->id); + $sql .= ' WHERE rowid = '.((int) $this->id).' AND fk_statut = '.((int) self::STATUS_SIGNED); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2707,7 +2707,7 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -2780,7 +2780,7 @@ class Propal extends CommonObject $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut = c.id"; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -2789,7 +2789,7 @@ class Propal extends CommonObject $sql .= " AND p.fk_statut = ".self::STATUS_DRAFT; } if ($notcurrentuser > 0) { - $sql .= " AND p.fk_user_author <> ".$user->id; + $sql .= " AND p.fk_user_author <> ".((int) $user->id); } $sql .= $this->db->order($sortfield, $sortorder); $sql .= $this->db->plimit($limit, $offset); @@ -2934,7 +2934,7 @@ class Propal extends CommonObject if (!$error && !empty($this->table_element_line)) { $tabletodelete = $this->table_element_line; $sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")"; - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id); if (!$this->db->query($sqlef) || !$this->db->query($sql)) { $error++; $this->error = $this->db->lasterror(); @@ -2970,7 +2970,7 @@ class Propal extends CommonObject // Delete main record if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".((int) $this->id); $res = $this->db->query($sql); if (!$res) { $error++; @@ -3285,7 +3285,7 @@ class Propal extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."propal as p"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." p.entity IN (".getEntity('propal').")"; @@ -3296,7 +3296,7 @@ class Propal extends CommonObject $sql .= " AND p.fk_statut = ".self::STATUS_SIGNED; } if ($user->socid) { - $sql .= " AND p.fk_soc = ".$user->socid; + $sql .= " AND p.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -3462,7 +3462,7 @@ class Propal extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." p.entity IN (".getEntity('propal').")"; @@ -4087,7 +4087,7 @@ class PropaleLigne extends CommonObjectLine $sql .= " ".price2num($this->localtax2_tx).","; $sql .= " '".$this->db->escape($this->localtax1_type)."',"; $sql .= " '".$this->db->escape($this->localtax2_type)."',"; - $sql .= " ".(price2num($this->subprice) !== '' ?price2num($this->subprice) : "null").","; + $sql .= " ".(price2num($this->subprice) !== '' ? price2num($this->subprice) : "null").","; $sql .= " ".price2num($this->remise_percent).","; $sql .= " ".(isset($this->info_bits) ? "'".$this->db->escape($this->info_bits)."'" : "null").","; $sql .= " ".price2num($this->total_ht).","; @@ -4097,12 +4097,12 @@ class PropaleLigne extends CommonObjectLine $sql .= " ".price2num($this->total_ttc).","; $sql .= " ".(!empty($this->fk_fournprice) ? "'".$this->db->escape($this->fk_fournprice)."'" : "null").","; $sql .= " ".(isset($this->pa_ht) ? "'".price2num($this->pa_ht)."'" : "null").","; - $sql .= ' '.$this->special_code.','; - $sql .= ' '.$this->rang.','; - $sql .= ' '.(!$this->fk_unit ? 'NULL' : $this->fk_unit).','; + $sql .= ' '.((int) $this->special_code).','; + $sql .= ' '.((int) $this->rang).','; + $sql .= ' '.(empty($this->fk_unit) ? 'NULL' : ((int) $this->fk_unit)).','; $sql .= " ".(!empty($this->date_start) ? "'".$this->db->idate($this->date_start)."'" : "null").','; $sql .= " ".(!empty($this->date_end) ? "'".$this->db->idate($this->date_end)."'" : "null"); - $sql .= ", ".($this->fk_multicurrency > 0 ? $this->fk_multicurrency : 'null'); + $sql .= ", ".($this->fk_multicurrency > 0 ? ((int) $this->fk_multicurrency) : 'null'); $sql .= ", '".$this->db->escape($this->multicurrency_code)."'"; $sql .= ", ".$this->multicurrency_subprice; $sql .= ", ".$this->multicurrency_total_ht; @@ -4156,7 +4156,7 @@ class PropaleLigne extends CommonObjectLine $error = 0; $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."propaldet WHERE rowid = ".$this->rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."propaldet WHERE rowid = ".((int) $this->rowid); dol_syslog("PropaleLigne::delete", LOG_DEBUG); if ($this->db->query($sql)) { // Remove extrafields diff --git a/htdocs/comm/propal/class/propalestats.class.php b/htdocs/comm/propal/class/propalestats.class.php index a06945a09a6..181e5b545f8 100644 --- a/htdocs/comm/propal/class/propalestats.class.php +++ b/htdocs/comm/propal/class/propalestats.class.php @@ -94,10 +94,10 @@ class PropaleStats extends Stats //$this->where.= " AND p.fk_soc = s.rowid AND p.entity = ".$conf->entity; $this->where .= ($this->where ? ' AND ' : '')."p.entity IN (".getEntity('propal').")"; if (!$user->rights->societe->client->voir && !$this->socid) { - $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($this->socid) { - $this->where .= " AND p.fk_soc = ".$this->socid; + $this->where .= " AND p.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { $this->where .= ' AND fk_user_author = '.((int) $this->userid); diff --git a/htdocs/comm/propal/index.php b/htdocs/comm/propal/index.php index 7ff3e405499..de2e4a1d64c 100644 --- a/htdocs/comm/propal/index.php +++ b/htdocs/comm/propal/index.php @@ -67,8 +67,11 @@ print load_fiche_titre($langs->trans("ProspectionArea"), '', 'propal'); print '
'; print '
'; -print getCustomerProposalPieChart($socid); -print '
'; +$tmp = getCustomerProposalPieChart($socid); +if ($tmp) { + print $tmp; + print '
'; +} /* * Draft proposals @@ -85,7 +88,7 @@ if (!empty($conf->propal->enabled)) { $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut =".Propal::STATUS_DRAFT; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND p.fk_soc = ".((int) $socid); @@ -163,7 +166,7 @@ if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.tms DESC"; $sql .= $db->plimit($max, 0); @@ -236,7 +239,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) { $sql .= " AND p.entity IN (".getEntity($propalstatic->element).")"; $sql .= " AND p.fk_statut = ".Propal::STATUS_VALIDATED; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -319,7 +322,7 @@ if (! empty($conf->propal->enabled)) $sql.= " AND c.entity = ".$conf->entity; $sql.= " AND c.fk_statut = 1"; if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); - if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id); $sql.= " ORDER BY c.rowid DESC"; $resql=$db->query($sql); @@ -394,7 +397,7 @@ if (! empty($conf->propal->enabled)) $sql.= " AND c.entity = ".$conf->entity; $sql.= " AND c.fk_statut = 2 "; if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); - if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id); $sql.= " ORDER BY c.rowid DESC"; $resql=$db->query($sql); diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php index 2d4eb5fb164..095b6770fe7 100644 --- a/htdocs/comm/propal/list.php +++ b/htdocs/comm/propal/list.php @@ -481,7 +481,7 @@ if ($search_categ_cus) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -517,10 +517,16 @@ if ($search_user > 0) { $sql .= ", ".MAIN_DB_PREFIX."element_contact as c"; $sql .= ", ".MAIN_DB_PREFIX."c_type_contact as tc"; } + +// Add table from hooks +$parameters = array(); +$reshook = $hookmanager->executeHooks('printFieldListFrom', $parameters, $object); // Note that $action and $object may have been modified by hook +$sql .= $hookmanager->resPrint; + $sql .= ' WHERE p.fk_soc = s.rowid'; $sql .= ' AND p.entity IN ('.getEntity('propal').')'; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_town) { @@ -575,7 +581,7 @@ if ($search_warehouse != '' && $search_warehouse > 0) { $sql .= natural_search("p.fk_warehouse", $search_warehouse, 1); } if ($search_multicurrency_code != '') { - $sql .= ' AND p.multicurrency_code = "'.$db->escape($search_multicurrency_code).'"'; + $sql .= " AND p.multicurrency_code = '".$db->escape($search_multicurrency_code)."'"; } if ($search_multicurrency_tx != '') { $sql .= natural_search('p.multicurrency_tx', $search_multicurrency_tx, 1); diff --git a/htdocs/comm/remise.php b/htdocs/comm/remise.php index bdf9b75998b..a31389340e8 100644 --- a/htdocs/comm/remise.php +++ b/htdocs/comm/remise.php @@ -214,7 +214,7 @@ if ($socid > 0) { $sql = "SELECT rc.rowid, rc.remise_client as remise_percent, rc.note, rc.datec as dc,"; $sql .= " u.login, u.rowid as user_id"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise as rc, ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE rc.fk_soc = ".$object->id; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); $sql .= " AND rc.entity IN (".getEntity('discount').")"; $sql .= " AND u.rowid = rc.fk_user_author"; $sql .= " ORDER BY rc.datec DESC"; @@ -266,7 +266,7 @@ if ($socid > 0) { $sql = "SELECT rc.rowid, rc.remise_supplier as remise_percent, rc.note, rc.datec as dc,"; $sql .= " u.login, u.rowid as user_id"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_supplier as rc, ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE rc.fk_soc = ".$object->id; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); $sql .= " AND rc.entity IN (".getEntity('discount').")"; $sql .= " AND u.rowid = rc.fk_user_author"; $sql .= " ORDER BY rc.datec DESC"; diff --git a/htdocs/comm/remx.php b/htdocs/comm/remx.php index 8f26d897389..42a5ee42e16 100644 --- a/htdocs/comm/remx.php +++ b/htdocs/comm/remx.php @@ -267,8 +267,8 @@ if ($socid > 0) { $remise_all = $remise_user = 0; $sql = "SELECT SUM(rc.amount_ht) as amount, rc.fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as rc"; - $sql .= " WHERE rc.fk_soc = ".$object->id; - $sql .= " AND rc.entity = ".$conf->entity; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); + $sql .= " AND rc.entity = ".((int) $conf->entity); $sql .= " AND discount_type = 0"; // Exclude supplier discounts $sql .= " AND (fk_facture_line IS NULL AND fk_facture IS NULL)"; $sql .= " GROUP BY rc.fk_user"; @@ -297,8 +297,8 @@ if ($socid > 0) { $remise_all = $remise_user = 0; $sql = "SELECT SUM(rc.amount_ht) as amount, rc.fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as rc"; - $sql .= " WHERE rc.fk_soc = ".$object->id; - $sql .= " AND rc.entity = ".$conf->entity; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); + $sql .= " AND rc.entity = ".((int) $conf->entity); $sql .= " AND discount_type = 1"; // Exclude customer discounts $sql .= " AND (fk_invoice_supplier_line IS NULL AND fk_invoice_supplier IS NULL)"; $sql .= " GROUP BY rc.fk_user"; @@ -408,8 +408,8 @@ if ($socid > 0) { $sql .= " fa.ref as ref, fa.type as type"; $sql .= " FROM ".MAIN_DB_PREFIX."user as u, ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture as fa ON rc.fk_facture_source = fa.rowid"; - $sql .= " WHERE rc.fk_soc = ".$object->id; - $sql .= " AND rc.entity = ".$conf->entity; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); + $sql .= " AND rc.entity = ".((int) $conf->entity); $sql .= " AND u.rowid = rc.fk_user"; $sql .= " AND rc.discount_type = 0"; // Eliminate supplier discounts $sql .= " AND (rc.fk_facture_line IS NULL AND rc.fk_facture IS NULL)"; @@ -547,8 +547,8 @@ if ($socid > 0) { $sql .= " fa.ref, fa.type as type"; $sql .= " FROM ".MAIN_DB_PREFIX."user as u, ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture_fourn as fa ON rc.fk_invoice_supplier_source = fa.rowid"; - $sql .= " WHERE rc.fk_soc = ".$object->id; - $sql .= " AND rc.entity = ".$conf->entity; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); + $sql .= " AND rc.entity = ".((int) $conf->entity); $sql .= " AND u.rowid = rc.fk_user"; $sql .= " AND rc.discount_type = 1"; // Eliminate customer discounts $sql .= " AND (rc.fk_invoice_supplier IS NULL AND rc.fk_invoice_supplier_line IS NULL)"; @@ -700,7 +700,7 @@ if ($socid > 0) { $sql .= " , ".MAIN_DB_PREFIX."facturedet as fc"; $sql .= " , ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture as fa ON rc.fk_facture_source = fa.rowid"; - $sql .= " WHERE rc.fk_soc =".$object->id; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); $sql .= " AND rc.fk_facture_line = fc.rowid"; $sql .= " AND fc.fk_facture = f.rowid"; $sql .= " AND rc.fk_user = u.rowid"; @@ -718,7 +718,7 @@ if ($socid > 0) { $sql2 .= " , ".MAIN_DB_PREFIX."user as u"; $sql2 .= " , ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql2 .= " LEFT JOIN ".MAIN_DB_PREFIX."facture as fa ON rc.fk_facture_source = fa.rowid"; - $sql2 .= " WHERE rc.fk_soc =".$object->id; + $sql2 .= " WHERE rc.fk_soc = ".((int) $object->id); $sql2 .= " AND rc.fk_facture = f.rowid"; $sql2 .= " AND rc.fk_user = u.rowid"; $sql2 .= " AND rc.discount_type = 0"; // Eliminate supplier discounts @@ -860,7 +860,7 @@ if ($socid > 0) { $sql .= " , ".MAIN_DB_PREFIX."facture_fourn_det as fc"; $sql .= " , ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture_fourn as fa ON rc.fk_invoice_supplier_source = fa.rowid"; - $sql .= " WHERE rc.fk_soc =".$object->id; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); $sql .= " AND rc.fk_invoice_supplier_line = fc.rowid"; $sql .= " AND fc.fk_facture_fourn = f.rowid"; $sql .= " AND rc.fk_user = u.rowid"; @@ -878,7 +878,7 @@ if ($socid > 0) { $sql2 .= " , ".MAIN_DB_PREFIX."user as u"; $sql2 .= " , ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql2 .= " LEFT JOIN ".MAIN_DB_PREFIX."facture_fourn as fa ON rc.fk_invoice_supplier_source = fa.rowid"; - $sql2 .= " WHERE rc.fk_soc =".$object->id; + $sql2 .= " WHERE rc.fk_soc = ".((int) $object->id); $sql2 .= " AND rc.fk_invoice_supplier = f.rowid"; $sql2 .= " AND rc.fk_user = u.rowid"; $sql2 .= " AND rc.discount_type = 1"; // Eliminate customer discounts diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index 8420a5e7f87..58a8edb67e7 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -1568,7 +1568,7 @@ if ($action == 'create' && $usercancreate) { print ''.$langs->trans('Customer').''; if ($socid > 0) { print ''; - print $soc->getNomUrl(1); + print $soc->getNomUrl(1, 'customer'); print ''; print ''; } else { @@ -1822,12 +1822,7 @@ if ($action == 'create' && $usercancreate) { print dol_get_fiche_end(); - // Button "Create Draft" - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("CreateDraft"); // Show origin lines if (!empty($origin) && !empty($originid) && is_object($objectsrc)) { @@ -2019,7 +2014,7 @@ if ($action == 'create' && $usercancreate) { $morehtmlref .= $form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, $usercancreate, 'string', '', 0, 1); $morehtmlref .= $form->editfieldval("RefCustomer", 'ref_client', $object->ref_client, $object, $usercancreate, 'string', '', null, null, '', 1); // Thirdparty - $morehtmlref .= '
'.$langs->trans('ThirdParty').' : '.$soc->getNomUrl(1); + $morehtmlref .= '
'.$langs->trans('ThirdParty').' : '.$soc->getNomUrl(1, 'customer'); if (empty($conf->global->MAIN_DISABLE_OTHER_LINK) && $object->thirdparty->id > 0) { $morehtmlref .= ' ('.$langs->trans("OtherOrders").')'; } diff --git a/htdocs/commande/class/api_orders.class.php b/htdocs/commande/class/api_orders.class.php index 745fea5ab76..c67d5267e53 100644 --- a/htdocs/commande/class/api_orders.class.php +++ b/htdocs/commande/class/api_orders.class.php @@ -967,6 +967,102 @@ class Orders extends DolibarrApi return $this->_cleanObjectDatas($this->commande); } + /** + * Get the shipments of an order + * + * @param int $id Id of the order + * + * @url GET {id}/shipment + * + * @return array + * + * @throws RestException 401 + * @throws RestException 404 + * @throws RestException 500 + */ + public function getOrderShipments($id) + { + require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php'; + if (!DolibarrApiAccess::$user->rights->expedition->lire) { + throw new RestException(401); + } + $sql = "SELECT e.rowid"; + $sql .= " FROM ".MAIN_DB_PREFIX."expedition as e"; + $sql .= " JOIN ".MAIN_DB_PREFIX."expeditiondet as edet"; + $sql .= " ON e.rowid = edet.fk_expedition"; + $sql .= " JOIN ".MAIN_DB_PREFIX."commandedet as cdet"; + $sql .= " ON edet.fk_origin_line = cdet.rowid"; + $sql .= " JOIN ".MAIN_DB_PREFIX."commande as c"; + $sql .= " ON cdet.fk_commande = c.rowid"; + $sql .= " WHERE c.rowid = ".((int) $id); + $sql .= " GROUP BY e.rowid"; + $sql .= $this->db->order("e.rowid", "ASC"); + + dol_syslog("API Rest request"); + $result = $this->db->query($sql); + + if ($result) { + $num = $this->db->num_rows($result); + if ($num <= 0) { + throw new RestException(404, 'Shipments not found '); + } + $i = 0; + while ($i < $num) { + $obj = $this->db->fetch_object($result); + $shipment_static = new Expedition($this->db); + if ($shipment_static->fetch($obj->rowid)) { + $obj_ret[] = $this->_cleanObjectDatas($shipment_static); + } + $i++; + } + } else { + throw new RestException(500, 'Error when retrieve shipment list : '.$this->db->lasterror()); + } + return $obj_ret; + } + + /** + * Create the shipment of an order + * + * @param int $id Id of the order + * @param int $warehouse_id Id of a warehouse + * + * @url POST {id}/shipment/{warehouse_id} + * + * @return int + * + * @throws RestException 401 + * @throws RestException 404 + * @throws RestException 500 + */ + public function createOrderShipment($id, $warehouse_id) + { + require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php'; + if (!DolibarrApiAccess::$user->rights->expedition->creer) { + throw new RestException(401); + } + if ($warehouse_id <= 0) { + throw new RestException(404, 'Warehouse not found'); + } + $result = $this->commande->fetch($id); + if (!$result) { + throw new RestException(404, 'Order not found'); + } + $shipment = new Expedition($this->db); + $shipment->socid = $this->commande->socid; + $result = $shipment->create(DolibarrApiAccess::$user); + if ($result <= 0) { + throw new RestException(500, 'Error on creating expedition :'.$this->db->lasterror()); + } + foreach ($this->commande->lines as $line) { + $result = $shipment->create_line($warehouse_id, $line->id, $line->qty); + if ($result <= 0) { + throw new RestException(500, 'Error on creating expedition lines:'.$this->db->lasterror()); + } + $i++; + } + return $shipment->id; + } // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore /** diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index 65b446727e5..daf55e81605 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -493,8 +493,8 @@ class Commande extends CommonOrder $sql .= " SET ref = '".$this->db->escape($num)."',"; $sql .= " fk_statut = ".self::STATUS_VALIDATED.","; $sql .= " date_valid='".$this->db->idate($now)."',"; - $sql .= " fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " fk_user_valid = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::valid", LOG_DEBUG); $resql = $this->db->query($sql); @@ -624,7 +624,7 @@ class Commande extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { if (!$error) { @@ -698,7 +698,7 @@ class Commande extends CommonOrder $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; $sql .= ' SET fk_statut='.self::STATUS_VALIDATED.', facture=0'; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::set_reopen", LOG_DEBUG); $resql = $this->db->query($sql); @@ -757,9 +757,9 @@ class Commande extends CommonOrder $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET fk_statut = '.self::STATUS_CLOSED.','; - $sql .= ' fk_user_cloture = '.$user->id.','; + $sql .= ' fk_user_cloture = '.((int) $user->id).','; $sql .= " date_cloture = '".$this->db->idate($now)."'"; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > '.self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > '.self::STATUS_DRAFT; if ($this->db->query($sql)) { if (!$notrigger) { @@ -807,7 +807,7 @@ class Commande extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande"; $sql .= " SET fk_statut = ".self::STATUS_CANCELED; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND fk_statut = ".self::STATUS_VALIDATED; dol_syslog(get_class($this)."::cancel", LOG_DEBUG); @@ -934,8 +934,8 @@ class Commande extends CommonOrder $sql .= ", multicurrency_code"; $sql .= ", multicurrency_tx"; $sql .= ")"; - $sql .= " VALUES ('(PROV)', ".$this->socid.", '".$this->db->idate($now)."', ".$user->id; - $sql .= ", ".($this->fk_project > 0 ? $this->fk_project : "null"); + $sql .= " VALUES ('(PROV)', ".((int) $this->socid).", '".$this->db->idate($now)."', ".((int) $user->id); + $sql .= ", ".($this->fk_project > 0 ? ((int) $this->fk_project) : "null"); $sql .= ", '".$this->db->idate($date)."'"; $sql .= ", ".($this->source >= 0 && $this->source != '' ? $this->db->escape($this->source) : 'null'); $sql .= ", '".$this->db->escape($this->note_private)."'"; @@ -944,15 +944,15 @@ class Commande extends CommonOrder $sql .= ", ".($this->ref_client ? "'".$this->db->escape($this->ref_client)."'" : "null"); $sql .= ", ".($this->ref_int ? "'".$this->db->escape($this->ref_int)."'" : "null"); $sql .= ", '".$this->db->escape($this->model_pdf)."'"; - $sql .= ", ".($this->cond_reglement_id > 0 ? $this->cond_reglement_id : "null"); - $sql .= ", ".($this->mode_reglement_id > 0 ? $this->mode_reglement_id : "null"); - $sql .= ", ".($this->fk_account > 0 ? $this->fk_account : 'NULL'); - $sql .= ", ".($this->availability_id > 0 ? $this->availability_id : "null"); - $sql .= ", ".($this->demand_reason_id > 0 ? $this->demand_reason_id : "null"); + $sql .= ", ".($this->cond_reglement_id > 0 ? ((int) $this->cond_reglement_id) : "null"); + $sql .= ", ".($this->mode_reglement_id > 0 ? ((int) $this->mode_reglement_id) : "null"); + $sql .= ", ".($this->fk_account > 0 ? ((int) $this->fk_account) : 'NULL'); + $sql .= ", ".($this->availability_id > 0 ? ((int) $this->availability_id) : "null"); + $sql .= ", ".($this->demand_reason_id > 0 ? ((int) $this->demand_reason_id) : "null"); $sql .= ", ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : "null"); - $sql .= ", ".($this->fk_delivery_address > 0 ? $this->fk_delivery_address : 'NULL'); - $sql .= ", ".(!empty($this->shipping_method_id) && $this->shipping_method_id > 0 ? $this->shipping_method_id : 'NULL'); - $sql .= ", ".(!empty($this->warehouse_id) && $this->warehouse_id > 0 ? $this->warehouse_id : 'NULL'); + $sql .= ", ".($this->fk_delivery_address > 0 ? ((int) $this->fk_delivery_address) : 'NULL'); + $sql .= ", ".(!empty($this->shipping_method_id) && $this->shipping_method_id > 0 ? ((int) $this->shipping_method_id) : 'NULL'); + $sql .= ", ".(!empty($this->warehouse_id) && $this->warehouse_id > 0 ? ((int) $this->warehouse_id) : 'NULL'); $sql .= ", ".($this->remise_absolue > 0 ? $this->db->escape($this->remise_absolue) : 'NULL'); $sql .= ", ".($this->remise_percent > 0 ? $this->db->escape($this->remise_percent) : 0); $sql .= ", ".(int) $this->fk_incoterms; @@ -962,7 +962,7 @@ class Commande extends CommonOrder $sql .= ", ".($this->pos_source != '' ? "'".$this->db->escape($this->pos_source)."'" : "null"); $sql .= ", ".(int) $this->fk_multicurrency; $sql .= ", '".$this->db->escape($this->multicurrency_code)."'"; - $sql .= ", ".(double) $this->multicurrency_tx; + $sql .= ", ".(float) $this->multicurrency_tx; $sql .= ")"; dol_syslog(get_class($this)."::create", LOG_DEBUG); @@ -2026,7 +2026,7 @@ class Commande extends CommonOrder $sql .= ' p.weight, p.weight_units, p.volume, p.volume_units'; $sql .= ' FROM '.MAIN_DB_PREFIX.'commandedet as l'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON (p.rowid = l.fk_product)'; - $sql .= ' WHERE l.fk_commande = '.$this->id; + $sql .= ' WHERE l.fk_commande = '.((int) $this->id); if ($only_product) { $sql .= ' AND p.fk_product_type = 0'; } @@ -2180,7 +2180,7 @@ class Commande extends CommonOrder $sql .= ' '.MAIN_DB_PREFIX.'commandedet as cd'; $sql .= ' WHERE'; $sql .= ' ed.fk_origin_line = cd.rowid'; - $sql .= ' AND cd.fk_commande ='.$this->id; + $sql .= ' AND cd.fk_commande = '.((int) $this->id); //print $sql; dol_syslog(get_class($this)."::getNbOfShipments", LOG_DEBUG); @@ -2222,12 +2222,12 @@ class Commande extends CommonOrder $sql .= ' ed.fk_expedition = e.rowid AND'; } $sql .= ' ed.fk_origin_line = cd.rowid'; - $sql .= ' AND cd.fk_commande ='.$this->id; + $sql .= ' AND cd.fk_commande = '.((int) $this->id); if ($this->fk_product > 0) { - $sql .= ' AND cd.fk_product = '.$this->fk_product; + $sql .= ' AND cd.fk_product = '.((int) $this->fk_product); } if ($filtre_statut >= 0) { - $sql .= ' AND e.fk_statut >= '.$filtre_statut; + $sql .= ' AND e.fk_statut >= '.((int) $filtre_statut); } $sql .= ' GROUP BY cd.rowid, cd.fk_product'; //print $sql; @@ -2264,7 +2264,7 @@ class Commande extends CommonOrder $sql = 'SELECT count(*)'; $sql .= ' FROM '.MAIN_DB_PREFIX.'expedition as e'; $sql .= ', '.MAIN_DB_PREFIX.'element_element as el'; - $sql .= ' WHERE el.fk_source = '.$this->id; + $sql .= ' WHERE el.fk_source = '.((int) $this->id); $sql .= " AND el.sourcetype = 'commande'"; $sql .= " AND el.fk_target = e.rowid"; $sql .= " AND el.targettype = 'shipping'"; @@ -2421,7 +2421,7 @@ class Commande extends CommonOrder $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; $sql .= ' SET remise_percent = '.((float) $remise); - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT; + $sql .= ' WHERE rowid = '.((int) $this->id).' AND fk_statut = '.((int) self::STATUS_DRAFT); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2485,7 +2485,7 @@ class Commande extends CommonOrder $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; $sql .= ' SET remise_absolue = '.((float) $remise); - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT; + $sql .= ' WHERE rowid = '.((int) $this->id).' AND fk_statut = '.self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2543,7 +2543,7 @@ class Commande extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande"; $sql .= " SET date_commande = ".($date ? "'".$this->db->idate($date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".((int) self::STATUS_DRAFT); + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".((int) self::STATUS_DRAFT); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2615,7 +2615,7 @@ class Commande extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande"; $sql .= " SET date_livraison = ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2688,7 +2688,7 @@ class Commande extends CommonOrder $sql .= " WHERE c.entity IN (".getEntity('commande').")"; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -2697,7 +2697,7 @@ class Commande extends CommonOrder $sql .= " AND c.fk_statut = ".self::STATUS_DRAFT; } if (is_object($excluser)) { - $sql .= " AND c.fk_user_author <> ".$excluser->id; + $sql .= " AND c.fk_user_author <> ".((int) $excluser->id); } $sql .= $this->db->order($sortfield, $sortorder); $sql .= $this->db->plimit($limit, $offset); @@ -2874,7 +2874,7 @@ class Commande extends CommonOrder $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande SET'; $sql .= ' ref_client = '.(empty($ref_client) ? 'NULL' : "'".$this->db->escape($ref_client)."'"); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= ' WHERE rowid = '.((int) $this->id); dol_syslog(__METHOD__.' this->id='.$this->id.', ref_client='.$ref_client, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2930,7 +2930,7 @@ class Commande extends CommonOrder $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande SET facture = 1'; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > '.self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > '.self::STATUS_DRAFT; dol_syslog(get_class($this)."::classifyBilled", LOG_DEBUG); if ($this->db->query($sql)) { @@ -2980,7 +2980,7 @@ class Commande extends CommonOrder $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande SET facture = 0'; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > '.self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > '.self::STATUS_DRAFT; dol_syslog(get_class($this)."::classifyUnBilled", LOG_DEBUG); if ($this->db->query($sql)) { @@ -3395,8 +3395,8 @@ class Commande extends CommonOrder // Delete extrafields of lines and lines if (!$error && !empty($this->table_element_line)) { $tabletodelete = $this->table_element_line; - $sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id.")"; - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id; + $sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id); if (!$this->db->query($sqlef) || !$this->db->query($sql)) { $error++; $this->error = $this->db->lasterror(); @@ -3432,7 +3432,7 @@ class Commande extends CommonOrder // Delete main record if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".((int) $this->id); $res = $this->db->query($sql); if (!$res) { $error++; @@ -3507,14 +3507,14 @@ class Commande extends CommonOrder $sql .= " FROM ".MAIN_DB_PREFIX."commande as c"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." c.entity IN (".getEntity('commande').")"; //$sql.= " AND c.fk_statut IN (1,2,3) AND c.facture = 0"; $sql .= " AND ((c.fk_statut IN (".self::STATUS_VALIDATED.",".self::STATUS_SHIPMENTONPROCESS.")) OR (c.fk_statut = ".self::STATUS_CLOSED." AND c.facture = 0))"; // If status is 2 and facture=1, it must be selected if ($user->socid) { - $sql .= " AND c.fk_soc = ".$user->socid; + $sql .= " AND c.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -3917,7 +3917,7 @@ class Commande extends CommonOrder $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON co.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." co.entity IN (".getEntity('commande').")"; @@ -4396,8 +4396,8 @@ class OrderLine extends CommonOrderLine $sql .= " ".($this->price != '' ? "'".price2num($this->price)."'" : "null").","; $sql .= " '".price2num($this->remise)."',"; $sql .= ' '.(!empty($this->fk_remise_except) ? $this->fk_remise_except : "null").','; - $sql .= ' '.$this->special_code.','; - $sql .= ' '.$this->rang.','; + $sql .= ' '.((int) $this->special_code).','; + $sql .= ' '.((int) $this->rang).','; $sql .= ' '.(!empty($this->fk_fournprice) ? $this->fk_fournprice : "null").','; $sql .= ' '.price2num($this->pa_ht).','; $sql .= " '".$this->db->escape($this->info_bits)."',"; @@ -4649,7 +4649,7 @@ class OrderLine extends CommonOrderLine $sql .= ",total_localtax1='".price2num($this->total_localtax1)."'"; $sql .= ",total_localtax2='".price2num($this->total_localtax2)."'"; $sql .= ",total_ttc='".price2num($this->total_ttc)."'"; - $sql .= " WHERE rowid = ".$this->rowid; + $sql .= " WHERE rowid = ".((int) $this->rowid); dol_syslog("OrderLine::update_total", LOG_DEBUG); diff --git a/htdocs/commande/class/commandestats.class.php b/htdocs/commande/class/commandestats.class.php index 6bd6067dcf7..8ac89d5a18f 100644 --- a/htdocs/commande/class/commandestats.class.php +++ b/htdocs/commande/class/commandestats.class.php @@ -94,13 +94,13 @@ class CommandeStats extends Stats $this->where .= ($this->where ? ' AND ' : '').'c.entity IN ('.getEntity('commande').')'; if (!$user->rights->societe->client->voir && !$this->socid) { - $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($this->socid) { - $this->where .= " AND c.fk_soc = ".$this->socid; + $this->where .= " AND c.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { - $this->where .= ' AND c.fk_user_author = '.$this->userid; + $this->where .= ' AND c.fk_user_author = '.((int) $this->userid); } if ($typentid) { diff --git a/htdocs/commande/customer.php b/htdocs/commande/customer.php index 62f8c4772f6..3ecaa0fbee1 100644 --- a/htdocs/commande/customer.php +++ b/htdocs/commande/customer.php @@ -87,7 +87,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE s.fk_stcomm = st.id AND c.fk_soc = s.rowid"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (GETPOST("search_nom")) { $sql .= natural_search("s.nom", GETPOST("search_nom")); diff --git a/htdocs/commande/index.php b/htdocs/commande/index.php index 73f40668cea..a794d79e743 100644 --- a/htdocs/commande/index.php +++ b/htdocs/commande/index.php @@ -77,8 +77,11 @@ print load_fiche_titre($langs->trans("OrdersArea"), '', 'order'); print '
'; -print getCustomerOrderPieChart($socid); -print '
'; +$tmp = getCustomerOrderPieChart($socid); +if ($tmp) { + print $tmp; + print '
'; +} /* @@ -101,7 +104,7 @@ if (!empty($conf->commande->enabled)) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $db->query($sql); @@ -169,7 +172,7 @@ if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.tms DESC"; $sql .= $db->plimit($max, 0); @@ -253,7 +256,7 @@ if (!empty($conf->commande->enabled)) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.rowid DESC"; @@ -342,7 +345,7 @@ if (!empty($conf->commande->enabled)) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.rowid DESC"; diff --git a/htdocs/commande/list.php b/htdocs/commande/list.php index 2e0ec42d2b0..5f3568701e5 100644 --- a/htdocs/commande/list.php +++ b/htdocs/commande/list.php @@ -436,7 +436,7 @@ if ($search_categ_cus) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -471,6 +471,12 @@ if ($search_user > 0) { $sql .= ", ".MAIN_DB_PREFIX."element_contact as ec"; $sql .= ", ".MAIN_DB_PREFIX."c_type_contact as tc"; } + +// Add table from hooks +$parameters = array(); +$reshook = $hookmanager->executeHooks('printFieldListFrom', $parameters, $object); // Note that $action and $object may have been modified by hook +$sql .= $hookmanager->resPrint; + $sql .= ' WHERE c.fk_soc = s.rowid'; $sql .= ' AND c.entity IN ('.getEntity('commande').')'; if ($search_product_category > 0) { @@ -480,7 +486,7 @@ if ($socid > 0) { $sql .= ' AND s.rowid = '.((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_ref) { $sql .= natural_search('c.ref', $search_ref); @@ -499,7 +505,7 @@ if ($search_status <> '') { if ($search_status == 1 && empty($conf->expedition->enabled)) { $sql .= ' AND c.fk_statut IN (1,2)'; // If module expedition disabled, we include order with status 'sending in process' into 'validated' } else { - $sql .= ' AND c.fk_statut = '.$search_status; // brouillon, validee, en cours, annulee + $sql .= ' AND c.fk_statut = '.((int) $search_status); // brouillon, validee, en cours, annulee } } if ($search_status == 4) { @@ -564,7 +570,7 @@ if ($search_sale > 0) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale); } if ($search_user > 0) { - $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='commande' AND tc.source='internal' AND ec.element_id = c.rowid AND ec.fk_socpeople = ".$search_user; + $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='commande' AND tc.source='internal' AND ec.element_id = c.rowid AND ec.fk_socpeople = ".((int) $search_user); } if ($search_total_ht != '') { $sql .= natural_search('c.total_ht', $search_total_ht, 1); @@ -579,7 +585,7 @@ if ($search_warehouse != '' && $search_warehouse > 0) { $sql .= natural_search('c.fk_warehouse', $search_warehouse, 1); } if ($search_multicurrency_code != '') { - $sql .= ' AND c.multicurrency_code = "'.$db->escape($search_multicurrency_code).'"'; + $sql .= " AND c.multicurrency_code = '".$db->escape($search_multicurrency_code)."'"; } if ($search_multicurrency_tx != '') { $sql .= natural_search('c.multicurrency_tx', $search_multicurrency_tx, 1); diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index 14aeee29d69..e5e264a12f5 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -561,7 +561,7 @@ $sql .= " ba.rowid as bankid, ba.ref as bankref"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -929,7 +929,7 @@ if ($resql) { if ($action != 'addline' && $action != 'reconcile') { if (empty($conf->global->BANK_DISABLE_DIRECT_INPUT)) { if (empty($conf->global->BANK_USE_OLD_VARIOUS_PAYMENT)) { // Default is to record miscellaneous direct entries using miscellaneous payments - $newcardbutton = dolGetButtonTitle($langs->trans('AddBankRecord'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/bank/various_payment/card.php?action=create&accountid='.$search_account.'&backtopage='.urlencode($_SERVER['PHP_SELF'].'?id='.urlencode($search_account)), '', $user->rights->banque->modifier); + $newcardbutton = dolGetButtonTitle($langs->trans('AddBankRecord'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/bank/various_payment/card.php?action=create&accountid='.urlencode($search_account).'&backtopage='.urlencode($_SERVER['PHP_SELF'].'?id='.urlencode($search_account)), '', $user->rights->banque->modifier); } else // If direct entries is not done using miscellaneous payments { $newcardbutton = dolGetButtonTitle($langs->trans('AddBankRecord'), '', 'fa fa-plus-circle', $_SERVER["PHP_SELF"].'?action=addline&page='.$page.$param, '', $user->rights->banque->modifier); diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php index d1cc0413bfd..02b967f6fdb 100644 --- a/htdocs/compta/bank/card.php +++ b/htdocs/compta/bank/card.php @@ -565,11 +565,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("CreateAccount"); print ''; } else { @@ -1081,11 +1077,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Modify"); print ''; } diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index 03ec879c5ad..804cfa09281 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -907,8 +907,8 @@ class Account extends CommonObject $sql .= ",owner_address = '".$this->db->escape($this->owner_address)."'"; $sql .= ",state_id = ".($this->state_id > 0 ? $this->state_id : "null"); $sql .= ",fk_pays = ".($this->country_id > 0 ? $this->country_id : "null"); - $sql .= " WHERE rowid = ".$this->id; - $sql .= " AND entity = ".$conf->entity; + $sql .= " WHERE rowid = ".((int) $this->id); + $sql .= " AND entity = ".((int) $conf->entity); dol_syslog(get_class($this)."::update_bban", LOG_DEBUG); @@ -1059,7 +1059,7 @@ class Account extends CommonObject // Delete link between tag and bank account if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_account"; - $sql .= " WHERE fk_account = ".$this->id; + $sql .= " WHERE fk_account = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -1151,7 +1151,7 @@ class Account extends CommonObject $sql = "SELECT COUNT(rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."bank"; - $sql .= " WHERE fk_account=".$this->id; + $sql .= " WHERE fk_account = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -1188,7 +1188,7 @@ class Account extends CommonObject $sql = "SELECT sum(amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."bank"; - $sql .= " WHERE fk_account = ".$this->id; + $sql .= " WHERE fk_account = ".((int) $this->id); if ($option == 1) { $sql .= " AND dateo <= '".$this->db->idate(dol_now())."'"; } @@ -1998,7 +1998,7 @@ class AccountLine extends CommonObject // Protection to avoid any delete of accounted lines. Protection on by default if (empty($conf->global->BANK_ALLOW_TRANSACTION_DELETION_EVEN_IF_IN_ACCOUNTING)) { - $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".$this->id; + $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); @@ -2385,7 +2385,7 @@ class AccountLine extends CommonObject $result .= yn($this->rappro); } if ($option == 'showall' || $option == 'showconciliatedandaccounted') { - $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".$this->id; + $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/compta/bank/class/bankcateg.class.php b/htdocs/compta/bank/class/bankcateg.class.php index ccf5828d40a..ab58cb8287c 100644 --- a/htdocs/compta/bank/class/bankcateg.class.php +++ b/htdocs/compta/bank/class/bankcateg.class.php @@ -213,7 +213,7 @@ class BankCateg // extends CommonObject // Delete link between tag and bank account if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_account"; - $sql .= " WHERE fk_categorie = ".$this->id; + $sql .= " WHERE fk_categorie = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -225,7 +225,7 @@ class BankCateg // extends CommonObject // Delete link between tag and bank lines if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class"; - $sql .= " WHERE fk_categ = ".$this->id; + $sql .= " WHERE fk_categ = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/compta/bank/class/paymentvarious.class.php b/htdocs/compta/bank/class/paymentvarious.class.php index cdb2c0596f5..5a6aa81d663 100644 --- a/htdocs/compta/bank/class/paymentvarious.class.php +++ b/htdocs/compta/bank/class/paymentvarious.class.php @@ -573,7 +573,7 @@ class PaymentVarious extends CommonObject { // phpcs:enable $sql = 'UPDATE '.MAIN_DB_PREFIX.'payment_various SET fk_bank = '.((int) $id_bank); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { return 1; diff --git a/htdocs/compta/bank/list.php b/htdocs/compta/bank/list.php index c1b446a9dd0..cd6e6cfd365 100644 --- a/htdocs/compta/bank/list.php +++ b/htdocs/compta/bank/list.php @@ -67,6 +67,8 @@ $socid = 0; if ($user->socid) { $socid = $user->socid; } + +$allowed = 0; if (!empty($user->rights->accounting->chartofaccount)) { $allowed = 1; // Dictionary with list of banks accounting account allowed to manager of chart account } @@ -183,7 +185,7 @@ $sql = "SELECT b.rowid, b.label, b.courant, b.rappro, b.account_number, b.fk_acc // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -191,7 +193,7 @@ $parameters = array(); $reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters); // Note that $action and $object may have been modified by hook $sql .= $hookmanager->resPrint; $sql .= " FROM ".MAIN_DB_PREFIX."bank_account as b"; -if (is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label'])) { +if (!empty($extrafields->attributes[$object->table_element]['label']) && is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label'])) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX.$object->table_element."_extrafields as ef on (b.rowid = ef.fk_object)"; } @@ -333,12 +335,12 @@ $objecttmp = new Account($db); $trackid = 'bank'.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/massactions_pre.tpl.php'; -if ($sall) { - foreach ($fieldstosearchall as $key => $val) { - $fieldstosearchall[$key] = $langs->trans($val); - } - print '
'.$langs->trans("FilterOnInto", $sall).join(', ', $fieldstosearchall).'
'; -} +//if ($sall) { +// foreach ($fieldstosearchall as $key => $val) { +// $fieldstosearchall[$key] = $langs->trans($val); +// } +// print '
'.$langs->trans("FilterOnInto", $sall).join(', ', $fieldstosearchall).'
'; +//} $moreforfilter = ''; diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php index 167c809a8b1..97184c1b8eb 100644 --- a/htdocs/compta/bank/releve.php +++ b/htdocs/compta/bank/releve.php @@ -116,7 +116,7 @@ if ($_GET["rel"] == 'prev') { $sql = "SELECT DISTINCT(b.num_releve) as num"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= " WHERE b.num_releve < '".$db->escape($numref)."'"; - $sql .= " AND b.fk_account = ".$object->id; + $sql .= " AND b.fk_account = ".((int) $object->id); $sql .= " ORDER BY b.num_releve DESC"; dol_syslog("htdocs/compta/bank/releve.php", LOG_DEBUG); @@ -134,7 +134,7 @@ if ($_GET["rel"] == 'prev') { $sql = "SELECT DISTINCT(b.num_releve) as num"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= " WHERE b.num_releve > '".$db->escape($numref)."'"; - $sql .= " AND b.fk_account = ".$object->id; + $sql .= " AND b.fk_account = ".((int) $object->id); $sql .= " ORDER BY b.num_releve ASC"; dol_syslog("htdocs/compta/bank/releve.php", LOG_DEBUG); @@ -165,7 +165,7 @@ $sql .= " WHERE b.num_releve='".$db->escape($numref)."'"; if (empty($numref)) { $sql .= " OR b.num_releve is null"; } -$sql .= " AND b.fk_account = ".$object->id; +$sql .= " AND b.fk_account = ".((int) $object->id); $sql .= " AND b.fk_account = ba.rowid"; $sql .= $db->order("b.datev, b.datec", "ASC"); // We add date of creation to have correct order when everything is done the same day @@ -340,7 +340,7 @@ if (empty($numref)) { $sql = "SELECT sum(b.amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= " WHERE b.num_releve < '".$db->escape($objp->numr)."'"; - $sql .= " AND b.fk_account = ".$object->id; + $sql .= " AND b.fk_account = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -353,7 +353,7 @@ if (empty($numref)) { $sql = "SELECT sum(b.amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= " WHERE b.num_releve = '".$db->escape($objp->numr)."'"; - $sql .= " AND b.fk_account = ".$object->id; + $sql .= " AND b.fk_account = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -421,7 +421,7 @@ if (empty($numref)) { $sql = "SELECT sum(b.amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= " WHERE b.num_releve < '".$db->escape($numref)."'"; - $sql .= " AND b.fk_account = ".$object->id; + $sql .= " AND b.fk_account = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { @@ -605,7 +605,7 @@ if (empty($numref)) { $sql .= " FROM ".MAIN_DB_PREFIX."bank_categ as ct"; $sql .= ", ".MAIN_DB_PREFIX."bank_class as cl"; $sql .= " WHERE ct.rowid = cl.fk_categ"; - $sql .= " AND ct.entity = ".$conf->entity; + $sql .= " AND ct.entity = ".((int) $conf->entity); $sql .= " AND cl.lineid = ".((int) $objp->rowid); $resc = $db->query($sql); diff --git a/htdocs/compta/bank/various_payment/card.php b/htdocs/compta/bank/various_payment/card.php index 2b4a68bec90..68c6ed20458 100644 --- a/htdocs/compta/bank/various_payment/card.php +++ b/htdocs/compta/bank/various_payment/card.php @@ -512,11 +512,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '   '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/compta/cashcontrol/cashcontrol_list.php b/htdocs/compta/cashcontrol/cashcontrol_list.php index 42e53085ea8..dbaaf882bfb 100644 --- a/htdocs/compta/cashcontrol/cashcontrol_list.php +++ b/htdocs/compta/cashcontrol/cashcontrol_list.php @@ -223,7 +223,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -251,7 +251,7 @@ foreach ($search as $key => $val) { } $mode_search = (($object->isInt($object->fields[$key]) || $object->isFloat($object->fields[$key])) ? 1 : 0); if ((strpos($object->fields[$key]['type'], 'integer:') === 0) || (strpos($object->fields[$key]['type'], 'sellist:') === 0) || !empty($object->fields[$key]['arrayofkeyval'])) { - if ($search[$key] == '-1' || $search[$key] === '0') { + if ($search[$key] == '-1' || ($search[$key] === '0' && (empty($object->fields[$key]['arrayofkeyval']) || !array_key_exists('0', $object->fields[$key]['arrayofkeyval'])))) { $search[$key] = ''; } $mode_search = 2; @@ -287,7 +287,7 @@ $sql .= $hookmanager->resPrint; /* If a group by is required $sql.= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/compta/cashcontrol/class/cashcontrol.class.php b/htdocs/compta/cashcontrol/class/cashcontrol.class.php index dccfc852213..1cf964815d5 100644 --- a/htdocs/compta/cashcontrol/class/cashcontrol.class.php +++ b/htdocs/compta/cashcontrol/class/cashcontrol.class.php @@ -99,7 +99,7 @@ class CashControl extends CommonObject 'fk_user_creat' =>array('type'=>'integer:User', 'label'=>'UserCreation', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>600), 'fk_user_valid' =>array('type'=>'integer:User', 'label'=>'UserValidation', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>602), 'import_key' =>array('type'=>'varchar(14)', 'label'=>'Import key', 'enabled'=>1, 'visible'=>0, 'position'=>700), - 'status' => array('type'=>'integer', 'label'=>'Status', 'enabled'=>1, 'visible'=>1, 'position'=>1000, 'notnull'=>1, 'index'=>1, 'arrayofkeyval'=>array('0'=>'Brouillon', '1'=>'Validated')), + 'status' => array('type'=>'integer', 'label'=>'Status', 'enabled'=>1, 'visible'=>1, 'position'=>1000, 'notnull'=>1, 'index'=>1, 'arrayofkeyval'=>array('0'=>'Draft', '1'=>'Validated')), ); /** diff --git a/htdocs/compta/cashcontrol/report.php b/htdocs/compta/cashcontrol/report.php index 0bc18e31bde..af61af5e836 100644 --- a/htdocs/compta/cashcontrol/report.php +++ b/htdocs/compta/cashcontrol/report.php @@ -115,9 +115,9 @@ elseif ($syear && $smonth && ! $sday) $sql.= " AND dateo BETWEEN '".$db->idate(d elseif ($syear && $smonth && $sday) $sql.= " AND dateo BETWEEN '".$db->idate(dol_mktime(0, 0, 0, $smonth, $sday, $syear))."' AND '".$db->idate(dol_mktime(23, 59, 59, $smonth, $sday, $syear))."'"; else dol_print_error('', 'Year not defined'); // Define filter on bank account -$sql.=" AND (b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CASH; -$sql.=" OR b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CB; -$sql.=" OR b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE; +$sql.=" AND (b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CASH); +$sql.=" OR b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CB); +$sql.=" OR b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE); $sql.=")"; */ $sql = "SELECT f.rowid as facid, f.ref, f.datef as do, pf.amount as amount, b.fk_account as bankid, cp.code"; diff --git a/htdocs/compta/clients.php b/htdocs/compta/clients.php index b0a4716b7e1..504e5638abc 100644 --- a/htdocs/compta/clients.php +++ b/htdocs/compta/clients.php @@ -104,7 +104,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE s.fk_stcomm = st.id AND s.client in (1, 3)"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (dol_strlen($stcomm)) { $sql .= " AND s.fk_stcomm=".((int) $stcomm); diff --git a/htdocs/compta/deplacement/class/deplacement.class.php b/htdocs/compta/deplacement/class/deplacement.class.php index 1972e3f686e..81022e9bc71 100644 --- a/htdocs/compta/deplacement/class/deplacement.class.php +++ b/htdocs/compta/deplacement/class/deplacement.class.php @@ -249,7 +249,7 @@ class Deplacement extends CommonObject $sql .= " , note_private = ".($this->note_private ? "'".$this->db->escape($this->note_private)."'" : "null"); $sql .= " , note_public = ".($this->note_public ? "'".$this->db->escape($this->note_public)."'" : "null"); $sql .= " , fk_projet = ".($this->fk_project > 0 ? $this->fk_project : 0); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/deplacement/index.php b/htdocs/compta/deplacement/index.php index 547f0676b7b..12351032b53 100644 --- a/htdocs/compta/deplacement/index.php +++ b/htdocs/compta/deplacement/index.php @@ -159,7 +159,7 @@ if (empty($user->rights->deplacement->readall) && empty($user->rights->deplaceme $sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')'; } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND d.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND d.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND d.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/deplacement/list.php b/htdocs/compta/deplacement/list.php index 61d30ea1345..428eacbc93a 100644 --- a/htdocs/compta/deplacement/list.php +++ b/htdocs/compta/deplacement/list.php @@ -105,7 +105,7 @@ if (empty($user->rights->deplacement->readall) && empty($user->rights->deplaceme $sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')'; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (sc.fk_user = ".$user->id." OR d.fk_soc IS NULL) "; + $sql .= " AND (sc.fk_user = ".((int) $user->id)." OR d.fk_soc IS NULL) "; } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/compta/facture/card-rec.php b/htdocs/compta/facture/card-rec.php index affdd2e8991..0da621efd97 100644 --- a/htdocs/compta/facture/card-rec.php +++ b/htdocs/compta/facture/card-rec.php @@ -1144,10 +1144,8 @@ if ($action == 'create') { } print "\n"; - print '
'; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Create"); + print "\n"; } else { dol_print_error('', "Error, no invoice ".$object->id); diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 5c21f2b9539..b1641729c9f 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -321,8 +321,8 @@ if (empty($reshook)) { //var_dump($array_of_total_ht_per_vat_rate);exit; foreach ($array_of_total_ht_per_vat_rate as $vatrate => $tmpvalue) { - $tmp_total_ht = $array_of_total_ht_per_vat_rate[$vatrate]; - $tmp_total_ht_devise = $array_of_total_ht_devise_per_vat_rate[$vatrate]; + $tmp_total_ht = price2num($array_of_total_ht_per_vat_rate[$vatrate]); + $tmp_total_ht_devise = price2num($array_of_total_ht_devise_per_vat_rate[$vatrate]); if (($tmp_total_ht < 0 || $tmp_total_ht_devise < 0) && empty($conf->global->FACTURE_ENABLE_NEGATIVE_LINES)) { if ($object->type == $object::TYPE_DEPOSIT) { @@ -708,7 +708,7 @@ if (empty($reshook)) { // On verifie si la facture a des paiements $sql = 'SELECT pf.amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf'; - $sql .= ' WHERE pf.fk_facture = '.$object->id; + $sql .= ' WHERE pf.fk_facture = '.((int) $object->id); $result = $db->query($sql); if ($result) { @@ -873,7 +873,7 @@ if (empty($reshook)) { $sql = 'SELECT SUM(pf.amount) as total_paiements'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf, '.MAIN_DB_PREFIX.'paiement as p'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as c ON p.fk_paiement = c.id'; - $sql .= ' WHERE pf.fk_facture = '.$object->id; + $sql .= ' WHERE pf.fk_facture = '.((int) $object->id); $sql .= ' AND pf.fk_paiement = p.rowid'; $sql .= ' AND p.entity IN ('.getEntity('invoice').')'; $resql = $db->query($sql); @@ -889,7 +889,7 @@ if (empty($reshook)) { $sql = "SELECT re.rowid, re.amount_ht, re.amount_tva, re.amount_ttc,"; $sql .= " re.description, re.fk_facture_source"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re"; - $sql .= " WHERE fk_facture = ".$object->id; + $sql .= " WHERE fk_facture = ".((int) $object->id); $resql = $db->query($sql); if (!empty($resql)) { while ($obj = $db->fetch_object($resql)) { @@ -2596,10 +2596,10 @@ if (empty($reshook)) { $errors = 0; if (count($linkedCreditNotesList) > 0) { // now, credit note must follow - $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture '; - $sql .= ' SET situation_cycle_ref='.$newCycle; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture'; + $sql .= ' SET situation_cycle_ref = '.((int) $newCycle); $sql .= ' , situation_final=0'; - $sql .= ' , situation_counter='.$object->situation_counter; + $sql .= ' , situation_counter='.((int) $object->situation_counter); $sql .= ' WHERE rowid IN ('.$db->sanitize(implode(',', $linkedCreditNotesList)).')'; $resql = $db->query($sql); @@ -3785,11 +3785,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - // Button "Create Draft" - print '
'; - print ''; - print ''; - print '
'; + print $form->buttonsSaveCancel("CreateDraft"); // Show origin lines if (!empty($origin) && !empty($originid) && is_object($objectsrc)) { @@ -4888,7 +4884,7 @@ if ($action == 'create') { $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as c ON p.fk_paiement = c.id'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON p.fk_bank = b.rowid'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON b.fk_account = ba.rowid'; - $sql .= ' WHERE pf.fk_facture = '.$object->id.' AND pf.fk_paiement = p.rowid'; + $sql .= ' WHERE pf.fk_facture = '.((int) $object->id).' AND pf.fk_paiement = p.rowid'; $sql .= ' AND p.entity IN ('.getEntity('invoice').')'; $sql .= ' ORDER BY p.datep, p.tms'; @@ -4979,7 +4975,7 @@ if ($action == 'create') { $sql = "SELECT re.rowid, re.amount_ht, re.amount_tva, re.amount_ttc,"; $sql .= " re.description, re.fk_facture_source"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re"; - $sql .= " WHERE fk_facture = ".$object->id; + $sql .= " WHERE fk_facture = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); @@ -5068,14 +5064,28 @@ if ($action == 'create') { // Remainder to pay print ''; print ''; - print $langs->trans('RemainderToPay'); - if ($resteapayeraffiche < 0) { - print ' ('.$langs->trans('ExcessReceived').')'; + if ($resteapayeraffiche >= 0) { + print $langs->trans('RemainderToPay'); + } else { + print $langs->trans('ExcessReceived'); } print ''; print ''; - print ''.price($resteapayeraffiche).''; - print ' '; + print ''.price($resteapayeraffiche).' '; + + // Remainder to pay Multicurrency + if ($object->multicurrency_code != $conf->currency || $object->multicurrency_tx != 1) { + print ''; + print ''; + if ($resteapayeraffiche >= 0) { + print $langs->trans('RemainderToPayMulticurrency'); + } else { + print $langs->trans('ExcessReceivedMulticurrency'); + } + print ''; + print ''; + print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($object->multicurrency_tx*$resteapayeraffiche, 'MT')).' '; + } // Retained warranty : usualy use on construction industry if (!empty($object->situation_final) && !empty($object->retained_warranty) && $displayWarranty) { @@ -5115,8 +5125,21 @@ if ($action == 'create') { print ' ('.$langs->trans('ExcessPaid').')'; } print ' :'; - print ''.price($sign * $resteapayeraffiche).''; - print ' '; + print ''.price($sign * $resteapayeraffiche).' '; + + // Remainder to pay back Multicurrency + if ($object->multicurrency_code != $conf->currency || $object->multicurrency_tx != 1) { + print ''; + print ''; + if ($resteapayeraffiche <= 0) { + print $langs->trans('RemainderToPayBackMulticurrency'); + } else { + print $langs->trans('ExcessPaidMulticurrency'); + } + print ''; + print ''; + print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($sign * $object->multicurrency_tx * $resteapayeraffiche, 'MT')).' '; + } // Sold credit note // print ''.$langs->trans('TotalTTC').' :'; diff --git a/htdocs/compta/facture/class/api_invoices.class.php b/htdocs/compta/facture/class/api_invoices.class.php index 3dfa5f70603..2708c9e8386 100644 --- a/htdocs/compta/facture/class/api_invoices.class.php +++ b/htdocs/compta/facture/class/api_invoices.class.php @@ -1138,7 +1138,7 @@ class Invoices extends DolibarrApi $sql = 'SELECT SUM(pf.amount) as total_payments'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf, '.MAIN_DB_PREFIX.'paiement as p'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as c ON p.fk_paiement = c.id'; - $sql .= ' WHERE pf.fk_facture = '.$this->invoice->id; + $sql .= ' WHERE pf.fk_facture = '.((int) $this->invoice->id); $sql .= ' AND pf.fk_paiement = p.rowid'; $sql .= ' AND p.entity IN ('.getEntity('invoice').')'; $resql = $this->db->query($sql); diff --git a/htdocs/compta/facture/class/facture-rec.class.php b/htdocs/compta/facture/class/facture-rec.class.php index 6b9837e77bd..a0509774998 100644 --- a/htdocs/compta/facture/class/facture-rec.class.php +++ b/htdocs/compta/facture/class/facture-rec.class.php @@ -665,7 +665,7 @@ class FactureRec extends CommonInvoice $sql .= ' p.ref as product_ref, p.fk_product_type as fk_product_type, p.label as product_label, p.description as product_desc'; $sql .= ' FROM '.MAIN_DB_PREFIX.'facturedet_rec as l'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON l.fk_product = p.rowid'; - $sql .= ' WHERE l.fk_facture = '.$this->id; + $sql .= ' WHERE l.fk_facture = '.((int) $this->id); $sql .= ' ORDER BY l.rang'; dol_syslog('FactureRec::fetch_lines', LOG_DEBUG); @@ -1752,7 +1752,7 @@ class FactureRec extends CommonInvoice if (!empty($unit)) { $sql .= ', unit_frequency = \''.$this->db->escape($unit).'\''; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setFrequencyAndUnit", LOG_DEBUG); if ($this->db->query($sql)) { @@ -1785,7 +1785,7 @@ class FactureRec extends CommonInvoice if ($increment_nb_gen_done > 0) { $sql .= ', nb_gen_done = nb_gen_done + 1'; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setNextDate", LOG_DEBUG); if ($this->db->query($sql)) { @@ -1819,7 +1819,7 @@ class FactureRec extends CommonInvoice $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET nb_gen_max = '.((int) $nb); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setMaxPeriod", LOG_DEBUG); if ($this->db->query($sql)) { @@ -1846,7 +1846,7 @@ class FactureRec extends CommonInvoice $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET auto_validate = '.((int) $validate); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setAutoValidate", LOG_DEBUG); if ($this->db->query($sql)) { @@ -1873,7 +1873,7 @@ class FactureRec extends CommonInvoice $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET generate_pdf = '.((int) $validate); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setGeneratePdf", LOG_DEBUG); if ($this->db->query($sql)) { @@ -1899,8 +1899,8 @@ class FactureRec extends CommonInvoice } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET modelpdf = "'.$model.'"'; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " SET modelpdf = '".$this->db->escape($model)."'"; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setModelPdf", LOG_DEBUG); if ($this->db->query($sql)) { diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 9cbfb33e5bd..bab9be7670c 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -293,7 +293,7 @@ class Facture extends CommonInvoice 'rowid' =>array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>1), 'ref' =>array('type'=>'varchar(30)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'showoncombobox'=>1, 'position'=>5), 'entity' =>array('type'=>'integer', 'label'=>'Entity', 'default'=>1, 'enabled'=>1, 'visible'=>-2, 'notnull'=>1, 'position'=>20, 'index'=>1), - 'ref_client' =>array('type'=>'varchar(255)', 'label'=>'Ref client', 'enabled'=>1, 'visible'=>-1, 'position'=>10), + 'ref_client' =>array('type'=>'varchar(255)', 'label'=>'RefCustomer', 'enabled'=>1, 'visible'=>-1, 'position'=>10), 'ref_ext' =>array('type'=>'varchar(255)', 'label'=>'Ref ext', 'enabled'=>1, 'visible'=>0, 'position'=>12), //'ref_int' =>array('type'=>'varchar(255)', 'label'=>'Ref int', 'enabled'=>1, 'visible'=>0, 'position'=>30), // deprecated 'type' =>array('type'=>'smallint(6)', 'label'=>'Type', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>15), @@ -343,8 +343,8 @@ class Facture extends CommonInvoice 'multicurrency_code' =>array('type'=>'varchar(255)', 'label'=>'Currency', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>280), 'multicurrency_tx' =>array('type'=>'double(24,8)', 'label'=>'CurrencyRate', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>285, 'isameasure'=>1), 'multicurrency_total_ht' =>array('type'=>'double(24,8)', 'label'=>'MulticurrencyAmountHT', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>290, 'isameasure'=>1), - 'multicurrency_total_tva' =>array('type'=>'double(24,8)', 'label'=>'MulticurrencyAmountVAT', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>295, 'isameasure'=>1), - 'multicurrency_total_ttc' =>array('type'=>'double(24,8)', 'label'=>'MulticurrencyAmountTTC', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>300, 'isameasure'=>1), + 'multicurrency_total_tva' =>array('type'=>'double(24,8)', 'label'=>'MulticurrencyAmountVAT', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>291, 'isameasure'=>1), + 'multicurrency_total_ttc' =>array('type'=>'double(24,8)', 'label'=>'MulticurrencyAmountTTC', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>292, 'isameasure'=>1), 'fk_fac_rec_source' =>array('type'=>'integer', 'label'=>'RecurringInvoiceSource', 'enabled'=>1, 'visible'=>-1, 'position'=>305), 'last_main_doc' =>array('type'=>'varchar(255)', 'label'=>'LastMainDoc', 'enabled'=>1, 'visible'=>-1, 'position'=>310), 'module_source' =>array('type'=>'varchar(32)', 'label'=>'POSModule', 'enabled'=>1, 'visible'=>-1, 'position'=>315), @@ -1769,7 +1769,7 @@ class Facture extends CommonInvoice $sql .= ' p.ref as product_ref, p.fk_product_type as fk_product_type, p.label as product_label, p.description as product_desc'; $sql .= ' FROM '.MAIN_DB_PREFIX.'facturedet as l'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON l.fk_product = p.rowid'; - $sql .= ' WHERE l.fk_facture = '.$this->id; + $sql .= ' WHERE l.fk_facture = '.((int) $this->id); $sql .= ' ORDER BY l.rang, l.rowid'; dol_syslog(get_class($this).'::fetch_lines', LOG_DEBUG); @@ -1876,8 +1876,8 @@ class Facture extends CommonInvoice $this->tab_next_situation_invoice = array(); $sql = 'SELECT rowid, type, situation_cycle_ref, situation_counter FROM '.MAIN_DB_PREFIX.'facture'; - $sql .= ' WHERE rowid <> '.$this->id; - $sql .= ' AND entity = '.$this->entity; + $sql .= " WHERE rowid <> ".((int) $this->id); + $sql .= ' AND entity = '.((int) $this->entity); $sql .= ' AND situation_cycle_ref = '.(int) $this->situation_cycle_ref; $sql .= ' ORDER BY situation_counter ASC'; @@ -2152,7 +2152,7 @@ class Facture extends CommonInvoice } else { $sql .= ' SET ref_client = \''.$this->db->escape($ref_client).'\''; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__.' this->id='.$this->id.', ref_client='.$ref_client, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2408,9 +2408,9 @@ class Facture extends CommonInvoice if ($close_note) { $sql .= ", close_note='".$this->db->escape($close_note)."'"; } - $sql .= ', fk_user_closing = '.$user->id; + $sql .= ', fk_user_closing = '.((int) $user->id); $sql .= ", date_closing = '".$this->db->idate($now)."'"; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -2474,7 +2474,7 @@ class Facture extends CommonInvoice $sql .= ' SET paye=0, fk_statut='.self::STATUS_VALIDATED.', close_code=null, close_note=null,'; $sql .= ' date_closing=null,'; $sql .= ' fk_user_closing=null'; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::set_unpaid", LOG_DEBUG); $resql = $this->db->query($sql); @@ -2545,7 +2545,7 @@ class Facture extends CommonInvoice if ($close_note) { $sql .= ", close_note='".$this->db->escape($close_note)."'"; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -2553,7 +2553,7 @@ class Facture extends CommonInvoice // as they have not been used since the invoice is abandoned. $sql = 'UPDATE '.MAIN_DB_PREFIX.'societe_remise_except'; $sql .= ' SET fk_facture = NULL'; - $sql .= ' WHERE fk_facture = '.$this->id; + $sql .= ' WHERE fk_facture = '.((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -2693,7 +2693,7 @@ class Facture extends CommonInvoice $sql .= ", datef='".$this->db->idate($this->date)."'"; $sql .= ", date_lim_reglement='".$this->db->idate($this->date_lim_reglement)."'"; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate", LOG_DEBUG); $resql = $this->db->query($sql); @@ -2996,7 +2996,7 @@ class Facture extends CommonInvoice $sql = "UPDATE ".MAIN_DB_PREFIX."facture"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { @@ -3755,7 +3755,7 @@ class Facture extends CommonInvoice $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture'; $sql .= ' SET remise_percent = '.((float) $remise); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= ' AND fk_statut = '.self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); @@ -3817,7 +3817,7 @@ class Facture extends CommonInvoice $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture'; $sql .= ' SET remise_absolue = '.((float) $remise); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= ' AND fk_statut = '.self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); @@ -3869,7 +3869,7 @@ class Facture extends CommonInvoice global $conf, $langs; if ($this->module_source == 'takepos') { - $langs->load('cashdesk@cashdesk'); + $langs->load('cashdesk'); $moduleName = 'takepos'; $moduleSourceName = 'Takepos'; @@ -4042,7 +4042,7 @@ class Facture extends CommonInvoice $sql .= " WHERE f.entity IN (".getEntity('invoice').")"; $sql .= " AND f.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -4051,7 +4051,7 @@ class Facture extends CommonInvoice $sql .= " AND f.fk_statut = ".self::STATUS_DRAFT; } if (is_object($excluser)) { - $sql .= " AND f.fk_user_author <> ".$excluser->id; + $sql .= " AND f.fk_user_author <> ".((int) $excluser->id); } $sql .= $this->db->order($sortfield, $sortorder); $sql .= $this->db->plimit($limit, $offset); @@ -4233,14 +4233,14 @@ class Facture extends CommonInvoice $sql .= " FROM ".MAIN_DB_PREFIX."facture as f"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON f.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." f.paye=0"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= " AND f.fk_statut = ".self::STATUS_VALIDATED; if ($user->socid) { - $sql .= " AND f.fk_soc = ".$user->socid; + $sql .= " AND f.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -4480,7 +4480,7 @@ class Facture extends CommonInvoice $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON f.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." f.entity IN (".getEntity('invoice').")"; @@ -4598,7 +4598,7 @@ class Facture extends CommonInvoice $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'facture'; $sql .= ' WHERE situation_cycle_ref = '.((int) $this->situation_cycle_ref); - $sql .= ' AND situation_counter < '.$this->situation_counter; + $sql .= ' AND situation_counter < '.((int) $this->situation_counter); $sql .= ' AND entity = '.($this->entity > 0 ? $this->entity : $conf->entity); $resql = $this->db->query($sql); $res = array(); @@ -4631,7 +4631,7 @@ class Facture extends CommonInvoice $this->db->begin(); - $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture SET situation_final = '.$this->situation_final.' where rowid = '.((int) $this->id); + $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture SET situation_final = '.((int) $this->situation_final).' WHERE rowid = '.((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -4849,10 +4849,11 @@ class Facture extends CommonInvoice public function setRetainedWarranty($value) { dol_syslog(get_class($this).'::setRetainedWarranty('.$value.')'); + if ($this->statut >= 0) { $fieldname = 'retained_warranty'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.floatval($value); + $sql .= " SET ".$fieldname." = ".((float) $value); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -4889,8 +4890,8 @@ class Facture extends CommonInvoice if ($this->statut >= 0) { $fieldname = 'retained_warranty_date_limit'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.(strval($timestamp) != '' ? '\''.$this->db->idate($timestamp).'\'' : 'null'); - $sql .= ' WHERE rowid='.((int) $this->id); + $sql .= " SET ".$fieldname." = ".(strval($timestamp) != '' ? "'".$this->db->idate($timestamp)."'" : 'null'); + $sql .= ' WHERE rowid = '.((int) $this->id); if ($this->db->query($sql)) { $this->retained_warranty_date_limit = $timestamp; @@ -5385,9 +5386,9 @@ class FactureLigne extends CommonInvoiceLine $sql .= ' '.(!empty($this->fk_remise_except) ? $this->fk_remise_except : "null").','; $sql .= " ".(!empty($this->date_start) ? "'".$this->db->idate($this->date_start)."'" : "null").","; $sql .= " ".(!empty($this->date_end) ? "'".$this->db->idate($this->date_end)."'" : "null").","; - $sql .= ' '.$this->fk_code_ventilation.','; - $sql .= ' '.$this->rang.','; - $sql .= ' '.$this->special_code.','; + $sql .= ' '.((int) $this->fk_code_ventilation).','; + $sql .= ' '.((int) $this->rang).','; + $sql .= ' '.((int) $this->special_code).','; $sql .= ' '.(!empty($this->fk_fournprice) ? $this->fk_fournprice : "null").','; $sql .= ' '.price2num($this->pa_ht).','; $sql .= " '".$this->db->escape($this->info_bits)."',"; @@ -5396,11 +5397,11 @@ class FactureLigne extends CommonInvoiceLine $sql .= " ".price2num($this->total_ttc).","; $sql .= " ".price2num($this->total_localtax1).","; $sql .= " ".price2num($this->total_localtax2); - $sql .= ", ".$this->situation_percent; + $sql .= ", ".((float) $this->situation_percent); $sql .= ", ".(!empty($this->fk_prev_id) ? $this->fk_prev_id : "null"); $sql .= ", ".(!$this->fk_unit ? 'NULL' : $this->fk_unit); - $sql .= ", ".$user->id; - $sql .= ", ".$user->id; + $sql .= ", ".((int) $user->id); + $sql .= ", ".((int) $user->id); $sql .= ", ".(int) $this->fk_multicurrency; $sql .= ", '".$this->db->escape($this->multicurrency_code)."'"; $sql .= ", ".price2num($this->multicurrency_subprice); @@ -5679,7 +5680,7 @@ class FactureLigne extends CommonInvoiceLine return -1; } - $sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet WHERE rowid = ".$this->rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet WHERE rowid = ".((int) $this->rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); if ($this->db->query($sql)) { $this->db->commit(); @@ -5719,7 +5720,7 @@ class FactureLigne extends CommonInvoiceLine $sql .= ",total_localtax1=".price2num($this->total_localtax1).""; $sql .= ",total_localtax2=".price2num($this->total_localtax2).""; $sql .= ",total_ttc=".price2num($this->total_ttc).""; - $sql .= " WHERE rowid = ".$this->rowid; + $sql .= " WHERE rowid = ".((int) $this->rowid); dol_syslog(get_class($this)."::update_total", LOG_DEBUG); @@ -5759,7 +5760,7 @@ class FactureLigne extends CommonInvoiceLine return 0; } - $sql = 'SELECT situation_percent FROM '.MAIN_DB_PREFIX.'facturedet WHERE rowid='.$this->fk_prev_id; + $sql = 'SELECT situation_percent FROM '.MAIN_DB_PREFIX.'facturedet WHERE rowid='.((int) $this->fk_prev_id); $resql = $this->db->query($sql); if ($resql && $resql->num_rows > 0) { $res = $this->db->fetch_array($resql); diff --git a/htdocs/compta/facture/class/facturestats.class.php b/htdocs/compta/facture/class/facturestats.class.php index e6547cc9f89..96c8e88b97e 100644 --- a/htdocs/compta/facture/class/facturestats.class.php +++ b/htdocs/compta/facture/class/facturestats.class.php @@ -86,16 +86,16 @@ class FactureStats extends Stats $this->where = " f.fk_statut >= 0"; $this->where .= " AND f.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$this->socid) { - $this->where .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $this->where .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($mode == 'customer') { $this->where .= " AND (f.fk_statut <> 3 OR f.close_code <> 'replaced')"; // Exclude replaced invoices as they are duplicated (we count closed invoices for other reasons) } if ($this->socid) { - $this->where .= " AND f.fk_soc = ".$this->socid; + $this->where .= " AND f.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { - $this->where .= ' AND f.fk_user_author = '.$this->userid; + $this->where .= ' AND f.fk_user_author = '.((int) $this->userid); } if (!empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) { $this->where .= " AND f.type IN (0,1,2,5)"; diff --git a/htdocs/compta/facture/class/paymentterm.class.php b/htdocs/compta/facture/class/paymentterm.class.php index 87cd50d27c6..f94ad573a81 100644 --- a/htdocs/compta/facture/class/paymentterm.class.php +++ b/htdocs/compta/facture/class/paymentterm.class.php @@ -311,7 +311,7 @@ class PaymentTerm // extends CommonObject $sql .= " type_cdr=".(isset($this->type_cdr) ? $this->type_cdr : "null").","; $sql .= " nbjour=".(isset($this->nbjour) ? $this->nbjour : "null").","; $sql .= " decalage=".(isset($this->decalage) ? $this->decalage : "null").""; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); @@ -350,7 +350,7 @@ class PaymentTerm // extends CommonObject $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."c_payment_term"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); diff --git a/htdocs/compta/facture/index.php b/htdocs/compta/facture/index.php index 66a2fccaf08..d3d3a33acb5 100644 --- a/htdocs/compta/facture/index.php +++ b/htdocs/compta/facture/index.php @@ -59,19 +59,33 @@ print load_fiche_titre($langs->trans("CustomersInvoicesArea"), '', 'bill'); print '
'; print '
'; -print getNumberInvoicesPieChart('customers'); -//print getCustomerInvoicePieChart($socid); -print '
'; -print getCustomerInvoiceDraftTable($max, $socid); +$tmp = getNumberInvoicesPieChart('customers'); +if ($tmp) { + print $tmp; + print '
'; +} +$tmp = getCustomerInvoiceDraftTable($max, $socid); +if ($tmp) { + print $tmp; + print '
'; +} print '
'; print '
'; print '
'; -print getCustomerInvoiceLatestEditTable($maxLatestEditCount, $socid); -print '
'; -print getCustomerInvoiceUnpaidOpenTable($max, $socid); +$tmp = getCustomerInvoiceLatestEditTable($maxLatestEditCount, $socid); +if ($tmp) { + print $tmp; + print '
'; +} + +$tmp = getCustomerInvoiceUnpaidOpenTable($max, $socid); +if ($tmp) { + print $tmp; + print '
'; +} print '
'; print '
'; diff --git a/htdocs/compta/facture/invoicetemplate_list.php b/htdocs/compta/facture/invoicetemplate_list.php index d099bfd57bc..660c7d7c4e4 100644 --- a/htdocs/compta/facture/invoicetemplate_list.php +++ b/htdocs/compta/facture/invoicetemplate_list.php @@ -260,7 +260,7 @@ $sql .= " f.fk_cond_reglement, f.fk_mode_reglement"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index 0becff9e54b..a54797323a3 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -235,13 +235,13 @@ $arrayfields = array( 'rtp'=>array('label'=>"Rest", 'checked'=>0, 'position'=>150), // Not enabled by default because slow 'u.login'=>array('label'=>"Author", 'checked'=>1, 'position'=>165), 'sale_representative'=>array('label'=>"SaleRepresentativesOfThirdParty", 'checked'=>0, 'position'=>166), - 'f.multicurrency_code'=>array('label'=>'Currency', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>170), - 'f.multicurrency_tx'=>array('label'=>'CurrencyRate', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>171), - 'f.multicurrency_total_ht'=>array('label'=>'MulticurrencyAmountHT', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>180), - 'f.multicurrency_total_vat'=>array('label'=>'MulticurrencyAmountVAT', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>190), - 'f.multicurrency_total_ttc'=>array('label'=>'MulticurrencyAmountTTC', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>200), - 'multicurrency_dynamount_payed'=>array('label'=>'MulticurrencyAlreadyPaid', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>210), - 'multicurrency_rtp'=>array('label'=>'MulticurrencyRemainderToPay', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>220), // Not enabled by default because slow + 'f.multicurrency_code'=>array('label'=>'Currency', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>280), + 'f.multicurrency_tx'=>array('label'=>'CurrencyRate', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>285), + 'f.multicurrency_total_ht'=>array('label'=>'MulticurrencyAmountHT', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>290), + 'f.multicurrency_total_vat'=>array('label'=>'MulticurrencyAmountVAT', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>291), + 'f.multicurrency_total_ttc'=>array('label'=>'MulticurrencyAmountTTC', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>292), + 'multicurrency_dynamount_payed'=>array('label'=>'MulticurrencyAlreadyPaid', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>295), + 'multicurrency_rtp'=>array('label'=>'MulticurrencyRemainderToPay', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>296), // Not enabled by default because slow 'total_pa' => array('label' => ($conf->global->MARGIN_TYPE == '1' ? 'BuyingPrice' : 'CostPrice'), 'checked' => 0, 'position' => 300, 'enabled' => (empty($conf->margin->enabled) || !$user->rights->margins->liretous ? 0 : 1)), 'total_margin' => array('label' => 'Margin', 'checked' => 0, 'position' => 301, 'enabled' => (empty($conf->margin->enabled) || !$user->rights->margins->liretous ? 0 : 1)), 'total_margin_rate' => array('label' => 'MarginRate', 'checked' => 0, 'position' => 302, 'enabled' => (empty($conf->margin->enabled) || !$user->rights->margins->liretous || empty($conf->global->DISPLAY_MARGIN_RATES) ? 0 : 1)), @@ -376,13 +376,64 @@ if (empty($reshook)) { include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php'; } -if ($massaction == 'makepayment_confirm') { +if ($action == 'makepayment_confirm' && $user->rights->facture->paiement) { + require_once DOL_DOCUMENT_ROOT.'/compta/paiement/class/paiement.class.php'; $arrayofselected = is_array($toselect) ? $toselect : array(); - - $loc = dol_buildpath('/compta/paiement.php', 2).'?action=create&facids='.implode(',', $arrayofselected); - - header('Location: '.$loc); - exit; + if (!empty($arrayofselected)) { + $bankid=GETPOST('bankid', 'int'); + $paiementid=GETPOST('paiementid', 'int'); + $paiementdate=dol_mktime(12, 0, 0, GETPOST('datepaimentmonth', 'int'), GETPOST('datepaimentday', 'int'), GETPOST('datepaimentyear', 'year')); + foreach ($arrayofselected as $toselectid) { + $errorpayment=0; + $facture = new Facture($db); + $result = $facture->fetch($toselectid); + if ($result < 0) { + setEventMessage($facture->error, 'errors'); + $errorpayment++; + } else { + if ($facture->type != Facture::TYPE_CREDIT_NOTE && $facture->statut == 1 && $facture->paye == 0) { + $paiementAmount = $facture->getSommePaiement(); + $totalcreditnotes = $facture->getSumCreditNotesUsed(); + $totaldeposits = $facture->getSumDepositsUsed(); + $totalpay = $paiementAmount + $totalcreditnotes + $totaldeposits; + $remaintopay = price2num($facture->total_ttc - $totalpay); + if ($remaintopay!=0) { + $resultBank = $facture->setBankAccount($bankid); + if ($resultBank < 0) { + setEventMessage($facture->error, 'errors'); + $errorpayment++; + } else { + $paiement = new Paiement($db); + $paiement->datepaye = $paiementdate; + $paiement->amounts[$facture->id] = $remaintopay; // Array with all payments dispatching with invoice id + $paiement->multicurrency_amounts[$facture->id] = $remaintopay; + $paiement->paiementid = $paiementid; + $paiement_id = $paiement->create($user, 1, $facture->thirdparty); + if ($paiement_id < 0) { + setEventMessage($facture->ref . ' ' . $paiement->error, 'errors'); + $errorpayment++; + } else { + $result = $paiement->addPaymentToBank($user, 'payment', '', $bankid, '', ''); + if ($result < 0) { + setEventMessages($facture->ref . ' ' . $paiement->error, $paiement->errors, 'errors'); + $errorpayment++; + } + } + } + } else { + setEventMessage($langs->trans('NoPaymentAvailable', $facture->ref), 'warnings'); + $errorpayment++; + } + } else { + setEventMessage($langs->trans('NoPaymentAvailable', $facture->ref), 'warnings'); + $errorpayment++; + } + } + if (empty($errorpayment)) { + setEventMessage($langs->trans('PaymentRegisteredAndInvoiceSetToPaid', $facture->ref)); + } + } + } } elseif ($massaction == 'withdrawrequest') { $langs->load("withdrawals"); @@ -510,7 +561,7 @@ if ($search_categ_cus && $search_categ_cus!=-1) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -556,7 +607,7 @@ $sql .= $hookmanager->resPrint; $sql .= ' WHERE f.fk_soc = s.rowid'; $sql .= ' AND f.entity IN ('.getEntity('invoice').')'; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_product_category > 0) { $sql .= " AND cp.fk_categorie = ".((int) $search_product_category); @@ -629,7 +680,7 @@ if ($search_montant_ttc != '') { $sql .= natural_search('f.total_ttc', $search_montant_ttc, 1); } if ($search_multicurrency_code != '') { - $sql .= ' AND f.multicurrency_code = "'.$db->escape($search_multicurrency_code).'"'; + $sql .= " AND f.multicurrency_code = '".$db->escape($search_multicurrency_code)."'"; } if ($search_multicurrency_tx != '') { $sql .= natural_search('f.multicurrency_tx', $search_multicurrency_tx, 1); @@ -724,7 +775,7 @@ if (!$sall) { $sql .= ' f.paye, f.fk_statut, f.close_code,'; $sql .= ' f.datec, f.tms, f.date_closing,'; $sql .= ' f.retained_warranty, f.retained_warranty_date_limit, f.situation_final, f.situation_cycle_ref, f.situation_counter,'; - $sql .= ' f.fk_user_author, f.fk_multicurrency, f.multicurrency_code, f.multicurrency_tx, f.multicurrency_total_ht, f.multicurrency_total_tva,'; + $sql .= ' f.fk_user_author, f.fk_multicurrency, f.multicurrency_code, f.multicurrency_tx, f.multicurrency_total_ht,'; $sql .= ' f.multicurrency_total_tva, f.multicurrency_total_ttc,'; $sql .= ' s.rowid, s.nom, s.name_alias, s.email, s.phone, s.fax, s.address, s.town, s.zip, s.fk_pays, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur,'; $sql .= ' typent.code,'; @@ -752,7 +803,7 @@ if (!$sall) { // Add HAVING from hooks $parameters = array(); $reshook = $hookmanager->executeHooks('printFieldListHaving', $parameters, $object); // Note that $action and $object may have been modified by hook -$sql .= !empty($hookmanager->resPrint) ? (' HAVING 1=1 ' . $hookmanager->resPrint) : ''; +$sql .= !empty($hookmanager->resPrint) ? (" HAVING 1=1 " . $hookmanager->resPrint) : ""; $sql .= ' ORDER BY '; $listfield = explode(',', $sortfield); @@ -972,8 +1023,10 @@ if ($resql) { 'generate_doc'=>img_picto('', 'pdf', 'class="pictofixedwidth"').$langs->trans("ReGeneratePDF"), 'builddoc'=>img_picto('', 'pdf', 'class="pictofixedwidth"').$langs->trans("PDFMerge"), 'presend'=>img_picto('', 'email', 'class="pictofixedwidth"').$langs->trans("SendByMail"), - //'makepayment'=>$langs->trans("InvoicePaymentsLimits"), ); + if ($user->rights->facture->paiement) { + $arrayofmassactions['makepayment'] = $langs->trans("RegisterPaymentAndClasiffiedPayed"); + } if ($conf->prelevement->enabled && !empty($user->rights->prelevement->bons->creer)) { $langs->load("withdrawals"); $arrayofmassactions['withdrawrequest'] = img_picto('', 'payment', 'class="pictofixedwidth"').$langs->trans("MakeWithdrawRequest"); @@ -985,7 +1038,7 @@ if ($resql) { $arrayofmassactions['predelete'] = img_picto('', 'delete', 'class="pictofixedwidth"').$langs->trans("Delete"); } } - if (in_array($massaction, array('presend', 'predelete'))) { + if (in_array($massaction, array('presend', 'predelete' ,'makepayment'))) { $arrayofmassactions = array(); } $massactionbutton = $form->selectMassAction('', $arrayofmassactions); @@ -1007,7 +1060,9 @@ if ($resql) { } print ''; print ''; - print ''; + if (!in_array($massaction, array('makepayment'))) { + print ''; + } print ''; print ''; print ''; @@ -1021,6 +1076,21 @@ if ($resql) { $trackid = 'inv'.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/massactions_pre.tpl.php'; + if ($massaction=='makepayment') { + $formconfirm = ''; + $formquestion = array( + // 'text' => $langs->trans("ConfirmClone"), + // array('type' => 'checkbox', 'name' => 'clone_content', 'label' => $langs->trans("CloneMainAttributes"), 'value' => 1), + // array('type' => 'checkbox', 'name' => 'update_prices', 'label' => $langs->trans("PuttingPricesUpToDate"), 'value' => 1), + array('type' => 'date', 'name' => 'datepaiment', 'label' => $langs->trans("Date")), + array('type' => 'other', 'name' => 'paiementid', 'label' => $langs->trans("PaymentMode"), 'value' => $form->select_types_paiements(GETPOST('search_paymentmode'), 'paiementid', '', 0, 0, 1, 0, 1, '', 1)), + array('type' => 'other', 'name' => 'bankid', 'label' => $langs->trans("BankAccount"), 'value'=>$form->select_comptes('', 'bankid', 0, '', 0, '', 0, '', 1)), + //array('type' => 'other', 'name' => 'invoicesid', 'label' => '', 'value'=>''), + ); + $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"], $langs->trans('RegisterPaymentAndClasiffiedPayed'), $langs->trans('RegisterPaymentAndClasiffiedPayed', $object->ref), 'makepayment_confirm', $formquestion, 1, 0, 200, 500, 1); + print $formconfirm; + } + if ($sall) { foreach ($fieldstosearchall as $key => $val) { $fieldstosearchall[$key] = $langs->trans($val); @@ -1875,7 +1945,7 @@ if ($resql) { } // Amount VAT if (!empty($arrayfields['f.total_tva']['checked'])) { - print ''.price($obj->total_vat)."\n"; + print ''.price($obj->total_tva)."\n"; if (!$i) { $totalarray['nbfield']++; } diff --git a/htdocs/compta/facture/prelevement.php b/htdocs/compta/facture/prelevement.php index 6fdc74a7539..0d2c3070261 100644 --- a/htdocs/compta/facture/prelevement.php +++ b/htdocs/compta/facture/prelevement.php @@ -577,9 +577,9 @@ if ($object->id > 0) { $sql .= " , pfd.amount"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd"; if ($type == 'bank-transfer') { - $sql .= " WHERE fk_facture_fourn = ".$object->id; + $sql .= " WHERE fk_facture_fourn = ".((int) $object->id); } else { - $sql .= " WHERE fk_facture = ".$object->id; + $sql .= " WHERE fk_facture = ".((int) $object->id); } $sql .= " AND pfd.traite = 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; @@ -598,9 +598,9 @@ if ($object->id > 0) { $sql = "SELECT SUM(pfd.amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd"; if ($type == 'bank-transfer') { - $sql .= " WHERE fk_facture_fourn = ".$object->id; + $sql .= " WHERE fk_facture_fourn = ".((int) $object->id); } else { - $sql .= " WHERE fk_facture = ".$object->id; + $sql .= " WHERE fk_facture = ".((int) $object->id); } $sql .= " AND pfd.traite = 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; @@ -699,9 +699,9 @@ if ($object->id > 0) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u on pfd.fk_user_demande = u.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."prelevement_bons as pb ON pb.rowid = pfd.fk_prelevement_bons"; if ($type == 'bank-transfer') { - $sql .= " WHERE fk_facture_fourn = ".$object->id; + $sql .= " WHERE fk_facture_fourn = ".((int) $object->id); } else { - $sql .= " WHERE fk_facture = ".$object->id; + $sql .= " WHERE fk_facture = ".((int) $object->id); } $sql .= " AND pfd.traite = 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; @@ -765,9 +765,9 @@ if ($object->id > 0) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u on pfd.fk_user_demande = u.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."prelevement_bons as pb ON pb.rowid = pfd.fk_prelevement_bons"; if ($type == 'bank-transfer') { - $sql .= " WHERE fk_facture_fourn = ".$object->id; + $sql .= " WHERE fk_facture_fourn = ".((int) $object->id); } else { - $sql .= " WHERE fk_facture = ".$object->id; + $sql .= " WHERE fk_facture = ".((int) $object->id); } $sql .= " AND pfd.traite = 1"; $sql .= " AND pfd.ext_payment_id IS NULL"; diff --git a/htdocs/compta/index.php b/htdocs/compta/index.php index b1ad18e6461..ca7cd08a6fe 100644 --- a/htdocs/compta/index.php +++ b/htdocs/compta/index.php @@ -135,7 +135,7 @@ if (!empty($conf->facture->enabled) && !empty($user->rights->facture->lire)) { $sql .= " WHERE s.rowid = f.fk_soc"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); @@ -280,7 +280,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU $sql .= " WHERE s.rowid = ff.fk_soc"; $sql .= " AND ff.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND ff.fk_soc = ".((int) $socid); @@ -592,7 +592,7 @@ if (!empty($conf->facture->enabled) && !empty($conf->commande->enabled) && $user $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/localtax/card.php b/htdocs/compta/localtax/card.php index 451007932d7..e2a96f4fb5b 100644 --- a/htdocs/compta/localtax/card.php +++ b/htdocs/compta/localtax/card.php @@ -196,11 +196,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/compta/paiement.php b/htdocs/compta/paiement.php index 03acd9d88eb..0f49b8d5823 100644 --- a/htdocs/compta/paiement.php +++ b/htdocs/compta/paiement.php @@ -529,14 +529,14 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie $sql .= ' f.datef as df, f.fk_soc as socid, f.date_lim_reglement as dlr'; $sql .= ' FROM '.MAIN_DB_PREFIX.'facture as f'; $sql .= ' WHERE f.entity IN ('.getEntity('facture').')'; - $sql .= ' AND (f.fk_soc = '.$facture->socid; + $sql .= ' AND (f.fk_soc = '.((int) $facture->socid); // Can pay invoices of all child of parent company if (!empty($conf->global->FACTURE_PAYMENTS_ON_DIFFERENT_THIRDPARTIES_BILLS) && !empty($facture->thirdparty->parent)) { - $sql .= ' OR f.fk_soc IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'societe WHERE parent = '.$facture->thirdparty->parent.')'; + $sql .= ' OR f.fk_soc IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'societe WHERE parent = '.((int) $facture->thirdparty->parent).')'; } // Can pay invoices of all child of myself if (!empty($conf->global->FACTURE_PAYMENTS_ON_SUBSIDIARY_COMPANIES)) { - $sql .= ' OR f.fk_soc IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'societe WHERE parent = '.$facture->thirdparty->id.')'; + $sql .= ' OR f.fk_soc IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'societe WHERE parent = '.((int) $facture->thirdparty->id).')'; } $sql .= ') AND f.paye = 0'; $sql .= ' AND f.fk_statut = 1'; // Statut=0 => not validated, Statut=2 => canceled @@ -875,7 +875,7 @@ if (!GETPOST('action', 'aZ09')) { $sql .= ' AND f.fk_soc = '.((int) $socid); } - $sql .= ' ORDER BY '.$sortfield.' '.$sortorder; + $sql .= $db->order($sortfield, $sortorder); $sql .= $db->plimit($limit + 1, $offset); $resql = $db->query($sql); diff --git a/htdocs/compta/paiement/card.php b/htdocs/compta/paiement/card.php index 2b65ad4a84a..ed8ec522aea 100644 --- a/htdocs/compta/paiement/card.php +++ b/htdocs/compta/paiement/card.php @@ -126,7 +126,7 @@ if ($action == 'confirm_validate' && $confirm == 'yes' && $user->rights->facture $sql .= ' WHERE pf.fk_facture = f.rowid'; $sql .= ' AND f.fk_soc = s.rowid'; $sql .= ' AND f.entity IN ('.getEntity('invoice').')'; - $sql .= ' AND pf.fk_paiement = '.$object->id; + $sql .= ' AND pf.fk_paiement = '.((int) $object->id); $resql = $db->query($sql); if ($resql) { $i = 0; @@ -342,7 +342,7 @@ $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf,'.MAIN_DB_PREFIX.'factur $sql .= ' WHERE pf.fk_facture = f.rowid'; $sql .= ' AND f.fk_soc = s.rowid'; $sql .= ' AND f.entity IN ('.getEntity('invoice').')'; -$sql .= ' AND pf.fk_paiement = '.$object->id; +$sql .= ' AND pf.fk_paiement = '.((int) $object->id); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); diff --git a/htdocs/compta/paiement/cheque/class/remisecheque.class.php b/htdocs/compta/paiement/cheque/class/remisecheque.class.php index 0c05a1bc03a..fe967543fdc 100644 --- a/htdocs/compta/paiement/cheque/class/remisecheque.class.php +++ b/htdocs/compta/paiement/cheque/class/remisecheque.class.php @@ -290,7 +290,7 @@ class RemiseCheque extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."bordereau_cheque"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND entity = ".$conf->entity; $resql = $this->db->query($sql); @@ -305,7 +305,7 @@ class RemiseCheque extends CommonObject if ($this->errno === 0) { $sql = "UPDATE ".MAIN_DB_PREFIX."bank"; $sql .= " SET fk_bordereau = 0"; - $sql .= " WHERE fk_bordereau = ".$this->id; + $sql .= " WHERE fk_bordereau = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -344,7 +344,7 @@ class RemiseCheque extends CommonObject if ($this->errno == 0 && $numref) { $sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque"; $sql .= " SET statut = 1, ref = '".$this->db->escape($numref)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND entity = ".$conf->entity; $sql .= " AND statut = 0"; @@ -585,7 +585,7 @@ class RemiseCheque extends CommonObject $sql .= ", ".MAIN_DB_PREFIX."bordereau_cheque as bc"; $sql .= " WHERE b.fk_account = ba.rowid"; $sql .= " AND b.fk_bordereau = bc.rowid"; - $sql .= " AND bc.rowid = ".$this->id; + $sql .= " AND bc.rowid = ".((int) $this->id); $sql .= " AND bc.entity = ".$conf->entity; $sql .= " ORDER BY b.dateo ASC, b.rowid ASC"; @@ -647,7 +647,7 @@ class RemiseCheque extends CommonObject $nb = 0; $sql = "SELECT amount "; $sql .= " FROM ".MAIN_DB_PREFIX."bank"; - $sql .= " WHERE fk_bordereau = ".$this->id; + $sql .= " WHERE fk_bordereau = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -661,7 +661,7 @@ class RemiseCheque extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque"; $sql .= " SET amount = ".price2num($total); $sql .= ", nbcheque = ".((int) $nb); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND entity = ".$conf->entity; $resql = $this->db->query($sql); @@ -851,7 +851,7 @@ class RemiseCheque extends CommonObject if ($user->rights->banque->cheque) { $sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque"; $sql .= " SET date_bordereau = ".($date ? "'".$this->db->idate($date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("RemiseCheque::set_date", LOG_DEBUG); $resql = $this->db->query($sql); @@ -880,8 +880,8 @@ class RemiseCheque extends CommonObject // phpcs:enable if ($user->rights->banque->cheque) { $sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque"; - $sql .= " SET ref = '".$ref."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " SET ref = '".$this->db->escape($ref)."'"; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("RemiseCheque::set_number", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/paiement/class/cpaiement.class.php b/htdocs/compta/paiement/class/cpaiement.class.php index e9623f55c11..1c7abf71c3b 100644 --- a/htdocs/compta/paiement/class/cpaiement.class.php +++ b/htdocs/compta/paiement/class/cpaiement.class.php @@ -273,7 +273,7 @@ class Cpaiement $sql .= ' active = '.(isset($this->active) ? $this->active : "null").','; $sql .= ' accountancy_code = '.(isset($this->accountancy_code) ? "'".$this->db->escape($this->accountancy_code)."'" : "null").','; $sql .= ' module = '.(isset($this->module) ? "'".$this->db->escape($this->module)."'" : "null"); - $sql .= ' WHERE id='.$this->id; + $sql .= ' WHERE id = '.((int) $this->id); $this->db->begin(); @@ -334,7 +334,7 @@ class Cpaiement if (!$error) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE id='.$this->id; + $sql .= ' WHERE id = '.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index f31d66a2f6d..3e1dc59a52e 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -292,8 +292,8 @@ class Paiement extends CommonObject $note = ($this->note_private ? $this->note_private : $this->note); $sql = "INSERT INTO ".MAIN_DB_PREFIX."paiement (entity, ref, ref_ext, datec, datep, amount, multicurrency_amount, fk_paiement, num_paiement, note, ext_payment_id, ext_payment_site, fk_user_creat, pos_change)"; - $sql .= " VALUES (".$conf->entity.", '".$this->db->escape($this->ref)."', '".$this->db->escape($this->ref_ext)."', '".$this->db->idate($now)."', '".$this->db->idate($this->datepaye)."', ".$total.", ".$mtotal.", ".$this->paiementid.", "; - $sql .= "'".$this->db->escape($num_payment)."', '".$this->db->escape($note)."', ".($this->ext_payment_id ? "'".$this->db->escape($this->ext_payment_id)."'" : "null").", ".($this->ext_payment_site ? "'".$this->db->escape($this->ext_payment_site)."'" : "null").", ".$user->id.", ".((float) $this->pos_change).")"; + $sql .= " VALUES (".((int) $conf->entity).", '".$this->db->escape($this->ref)."', '".$this->db->escape($this->ref_ext)."', '".$this->db->idate($now)."', '".$this->db->idate($this->datepaye)."', ".((float) $total).", ".((float) $mtotal).", ".((int) $this->paiementid).", "; + $sql .= "'".$this->db->escape($num_payment)."', '".$this->db->escape($note)."', ".($this->ext_payment_id ? "'".$this->db->escape($this->ext_payment_id)."'" : "null").", ".($this->ext_payment_site ? "'".$this->db->escape($this->ext_payment_site)."'" : "null").", ".((int) $user->id).", ".((float) $this->pos_change).")"; $resql = $this->db->query($sql); if ($resql) { @@ -305,7 +305,7 @@ class Paiement extends CommonObject if (is_numeric($amount) && $amount <> 0) { $amount = price2num($amount); $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'paiement_facture (fk_facture, fk_paiement, amount, multicurrency_amount)'; - $sql .= ' VALUES ('.$facid.', '.$this->id.', \''.$amount.'\', \''.$this->multicurrency_amounts[$key].'\')'; + $sql .= ' VALUES ('.((int) $facid).', '.((int) $this->id).", ".((float) $amount).", ".((float) $this->multicurrency_amounts[$key]).')'; dol_syslog(get_class($this).'::create Amount line '.$key.' insert paiement_facture', LOG_DEBUG); $resql = $this->db->query($sql); @@ -533,12 +533,12 @@ class Paiement extends CommonObject // Delete payment (into paiement_facture and paiement) $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'paiement_facture'; - $sql .= ' WHERE fk_paiement = '.$this->id; + $sql .= ' WHERE fk_paiement = '.((int) $this->id); dol_syslog($sql); $result = $this->db->query($sql); if ($result) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'paiement'; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog($sql); $result = $this->db->query($sql); if (!$result) { @@ -756,7 +756,7 @@ class Paiement extends CommonObject { // phpcs:enable $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' set fk_bank = '.((int) $id_bank); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this).'::update_fk_bank', LOG_DEBUG); $result = $this->db->query($sql); @@ -788,7 +788,7 @@ class Paiement extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET datep = '".$this->db->idate($date)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if (!$result) { @@ -800,7 +800,7 @@ class Paiement extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.'bank'; $sql .= " SET dateo = '".$this->db->idate($date)."', datev = '".$this->db->idate($date)."'"; - $sql .= " WHERE rowid IN (SELECT fk_bank FROM ".MAIN_DB_PREFIX."bank_url WHERE type = '".$this->db->escape($type)."' AND url_id = ".$this->id.")"; + $sql .= " WHERE rowid IN (SELECT fk_bank FROM ".MAIN_DB_PREFIX."bank_url WHERE type = '".$this->db->escape($type)."' AND url_id = ".((int) $this->id).")"; $sql .= " AND rappro = 0"; $result = $this->db->query($sql); @@ -839,7 +839,7 @@ class Paiement extends CommonObject if (!empty($num) && $this->statut != 1) { $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET num_paiement = '".$this->db->escape($num)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_num", LOG_DEBUG); $result = $this->db->query($sql); @@ -956,7 +956,7 @@ class Paiement extends CommonObject { $sql = 'SELECT pf.fk_facture'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf, '.MAIN_DB_PREFIX.'facture as f'; // We keep link on invoice to allow use of some filters on invoice - $sql .= ' WHERE pf.fk_facture = f.rowid AND pf.fk_paiement = '.$this->id; + $sql .= ' WHERE pf.fk_facture = f.rowid AND pf.fk_paiement = '.((int) $this->id); if ($filter) { $sql .= ' AND '.$filter; } @@ -989,7 +989,7 @@ class Paiement extends CommonObject { $sql = 'SELECT pf.fk_facture, pf.amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf'; - $sql .= ' WHERE pf.fk_paiement = '.$this->id; + $sql .= ' WHERE pf.fk_paiement = '.((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $i = 0; diff --git a/htdocs/compta/paiement/list.php b/htdocs/compta/paiement/list.php index ee847603954..d1a94f5e690 100644 --- a/htdocs/compta/paiement/list.php +++ b/htdocs/compta/paiement/list.php @@ -209,7 +209,7 @@ if (GETPOST("orphelins", "alpha")) { } $sql .= " WHERE p.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/payment_sc/card.php b/htdocs/compta/payment_sc/card.php index c75974077c3..27a35e83352 100644 --- a/htdocs/compta/payment_sc/card.php +++ b/htdocs/compta/payment_sc/card.php @@ -170,7 +170,7 @@ $sql = 'SELECT f.rowid as scid, f.libelle as label, f.paye, f.amount as sc_amoun $sql .= ' FROM '.MAIN_DB_PREFIX.'paiementcharge as pf,'.MAIN_DB_PREFIX.'chargesociales as f, '.MAIN_DB_PREFIX.'c_chargesociales as pc'; $sql .= ' WHERE pf.fk_charge = f.rowid AND f.fk_type = pc.id'; $sql .= ' AND f.entity = '.$conf->entity; -$sql .= ' AND pf.rowid = '.$object->id; +$sql .= ' AND pf.rowid = '.((int) $object->id); dol_syslog("compta/payment_sc/card.php", LOG_DEBUG); $resql = $db->query($sql); diff --git a/htdocs/compta/payment_vat/card.php b/htdocs/compta/payment_vat/card.php index 1b615bcbb8d..bfa14009380 100644 --- a/htdocs/compta/payment_vat/card.php +++ b/htdocs/compta/payment_vat/card.php @@ -227,7 +227,7 @@ $sql .= ' FROM '.MAIN_DB_PREFIX.'payment_vat as pf,'.MAIN_DB_PREFIX.'tva as f'; $sql .= ' WHERE pf.fk_tva = f.rowid'; //$sql .= ' AND f.fk_type = pc.id'; $sql .= ' AND f.entity = '.$conf->entity; -$sql .= ' AND pf.rowid = '.$object->id; +$sql .= ' AND pf.rowid = '.((int) $object->id); dol_syslog("compta/payment_vat/card.php", LOG_DEBUG); $resql = $db->query($sql); diff --git a/htdocs/compta/paymentbybanktransfer/index.php b/htdocs/compta/paymentbybanktransfer/index.php index 5d76ae4d8b4..25763dd8339 100644 --- a/htdocs/compta/paymentbybanktransfer/index.php +++ b/htdocs/compta/paymentbybanktransfer/index.php @@ -112,7 +112,7 @@ $sql .= " AND pfd.traite = 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; $sql .= " AND pfd.fk_facture_fourn = f.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index 1b6afa3cffe..ed7ecae5cf9 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -203,7 +203,7 @@ class BonPrelevement extends CommonObject */ $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_lignes"; - $sql .= " WHERE fk_prelevement_bons = ".$this->id; + $sql .= " WHERE fk_prelevement_bons = ".((int) $this->id); $sql .= " AND fk_soc =".((int) $client_id); $sql .= " AND code_banque = '".$this->db->escape($code_banque)."'"; $sql .= " AND code_guichet = '".$this->db->escape($code_guichet)."'"; @@ -348,8 +348,8 @@ class BonPrelevement extends CommonObject if ($this->db->begin()) { $sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_bons"; $sql .= " SET statut = ".self::STATUS_TRANSFERED; - $sql .= " WHERE rowid = ".$this->id; - $sql .= " AND entity = ".$conf->entity; + $sql .= " WHERE rowid = ".((int) $this->id); + $sql .= " AND entity = ".((int) $conf->entity); $result = $this->db->query($sql); if (!$result) { @@ -374,7 +374,7 @@ class BonPrelevement extends CommonObject if (!$error) { $sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_lignes"; $sql .= " SET statut = 2"; - $sql .= " WHERE fk_prelevement_bons = ".$this->id; + $sql .= " WHERE fk_prelevement_bons = ".((int) $this->id); if (!$this->db->query($sql)) { dol_syslog(get_class($this)."::set_credite Erreur 1"); @@ -429,7 +429,7 @@ class BonPrelevement extends CommonObject $sql .= ", statut = ".self::STATUS_CREDITED; $sql .= ", date_credit = '".$this->db->idate($date)."'"; $sql .= " WHERE rowid=".((int) $this->id); - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); $sql .= " AND statut = ".self::STATUS_TRANSFERED; $resql = $this->db->query($sql); @@ -528,7 +528,7 @@ class BonPrelevement extends CommonObject if (!$error) { $sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_lignes"; $sql .= " SET statut = 2"; - $sql .= " WHERE fk_prelevement_bons = ".$this->id; + $sql .= " WHERE fk_prelevement_bons = ".((int) $this->id); if (!$this->db->query($sql)) { dol_syslog(get_class($this)."::set_infocredit Update lines Error"); @@ -582,8 +582,8 @@ class BonPrelevement extends CommonObject $sql .= " , date_trans = '".$this->db->idate($date)."'"; $sql .= " , method_trans = ".((int) $method); $sql .= " , statut = ".self::STATUS_TRANSFERED; - $sql .= " WHERE rowid = ".$this->id; - $sql .= " AND entity = ".$conf->entity; + $sql .= " WHERE rowid = ".((int) $this->id); + $sql .= " AND entity = ".((int) $conf->entity); $sql .= " AND statut = 0"; if ($this->db->query($sql)) { @@ -646,8 +646,8 @@ class BonPrelevement extends CommonObject $sql .= " , ".MAIN_DB_PREFIX."prelevement_facture as pf"; $sql .= " WHERE pf.fk_prelevement_lignes = pl.rowid"; $sql .= " AND pl.fk_prelevement_bons = p.rowid"; - $sql .= " AND p.rowid = ".$this->id; - $sql .= " AND p.entity = ".$conf->entity; + $sql .= " AND p.rowid = ".((int) $this->id); + $sql .= " AND p.entity = ".((int) $conf->entity); if ($amounts) { if ($this->type == 'bank-transfer') { $sql .= " GROUP BY fk_facture_fourn"; @@ -868,7 +868,7 @@ class BonPrelevement extends CommonObject $sql .= " AND f.total_ttc > 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; - dol_syslog(__METHOD__."::Read invoices, sql=".$sql, LOG_DEBUG); + dol_syslog(__METHOD__."::Read invoices,", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -989,10 +989,10 @@ class BonPrelevement extends CommonObject $sql = "SELECT substring(ref from char_length(ref) - 1)"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_bons"; $sql .= " WHERE ref LIKE '%".$this->db->escape($ref)."%'"; - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); $sql .= " ORDER BY ref DESC LIMIT 1"; - dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -1076,7 +1076,7 @@ class BonPrelevement extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande"; $sql .= " SET traite = 1"; $sql .= ", date_traite = '".$this->db->idate($now)."'"; - $sql .= ", fk_prelevement_bons = ".$this->id; + $sql .= ", fk_prelevement_bons = ".((int) $this->id); $sql .= " WHERE rowid = ".((int) $fac[1]); $resql = $this->db->query($sql); @@ -1141,7 +1141,7 @@ class BonPrelevement extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_bons"; $sql .= " SET amount = ".price2num($this->total); $sql .= " WHERE rowid = ".((int) $this->id); - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); $resql = $this->db->query($sql); if (!$resql) { @@ -1205,7 +1205,7 @@ class BonPrelevement extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_facture WHERE fk_prelevement_lignes IN (SELECT rowid FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".$this->id.")"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_facture WHERE fk_prelevement_lignes IN (SELECT rowid FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".((int) $this->id).")"; $resql1 = $this->db->query($sql); if (!$resql1) { dol_print_error($this->db); @@ -1213,7 +1213,7 @@ class BonPrelevement extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".((int) $this->id); $resql2 = $this->db->query($sql); if (!$resql2) { dol_print_error($this->db); @@ -1221,7 +1221,7 @@ class BonPrelevement extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_bons WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_bons WHERE rowid = ".((int) $this->id); $resql3 = $this->db->query($sql); if (!$resql3) { dol_print_error($this->db); @@ -1229,7 +1229,7 @@ class BonPrelevement extends CommonObject } if (!$error) { - $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande SET fk_prelevement_bons = NULL, traite = 0 WHERE fk_prelevement_bons = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande SET fk_prelevement_bons = NULL, traite = 0 WHERE fk_prelevement_bons = ".((int) $this->id); $resql4 = $this->db->query($sql); if (!$resql4) { dol_print_error($this->db); @@ -1341,18 +1341,14 @@ class BonPrelevement extends CommonObject } - // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps /** * Delete a notification def by id * * @param int $rowid id of notification * @return int 0 if OK, <0 if KO */ - public function DeleteNotificationById($rowid) + public function deleteNotificationById($rowid) { - // phpcs:enable - $result = 0; - $sql = "DELETE FROM ".MAIN_DB_PREFIX."notify_def"; $sql .= " WHERE rowid = ".((int) $rowid); @@ -1363,21 +1359,23 @@ class BonPrelevement extends CommonObject } } - // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps /** * Delete a notification * - * @param int $user notification user - * @param string $action notification action - * @return int >0 if OK, <0 if KO + * @param int|User $user notification user + * @param string $action notification action + * @return int >0 if OK, <0 if KO */ - public function DeleteNotification($user, $action) + public function deleteNotification($user, $action) { - // phpcs:enable - $result = 0; + if (is_object($user)) { + $userid = $user->id; + } else { // If user is an id + $userid = $user; + } $sql = "DELETE FROM ".MAIN_DB_PREFIX."notify_def"; - $sql .= " WHERE fk_user=".$user." AND fk_action='".$this->db->escape($action)."'"; + $sql .= " WHERE fk_user=".((int) $userid)." AND fk_action='".$this->db->escape($action)."'"; if ($this->db->query($sql)) { return 0; @@ -1390,28 +1388,34 @@ class BonPrelevement extends CommonObject /** * Add a notification * - * @param DoliDB $db database handler - * @param int $user notification user - * @param string $action notification action - * @return int 0 if OK, <0 if KO + * @param DoliDB $db database handler + * @param int|User $user notification user + * @param string $action notification action + * @return int 0 if OK, <0 if KO */ - public function AddNotification($db, $user, $action) + public function addNotification($db, $user, $action) { // phpcs:enable $result = 0; - if ($this->DeleteNotification($user, $action) == 0) { + if (is_object($user)) { + $userid = $user->id; + } else { // If user is an id + $userid = $user; + } + + if ($this->deleteNotification($user, $action) == 0) { $now = dol_now(); $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify_def (datec,fk_user, fk_soc, fk_contact, fk_action)"; - $sql .= " VALUES ('".$this->db->idate($now)."', ".$user.", 'NULL', 'NULL', '".$this->db->escape($action)."')"; + $sql .= " VALUES ('".$this->db->idate($now)."', ".((int) $userid).", 'NULL', 'NULL', '".$this->db->escape($action)."')"; dol_syslog("adnotiff: ".$sql); if ($this->db->query($sql)) { $result = 0; } else { $result = -1; - dol_syslog(get_class($this)."::AddNotification Error $result"); + dol_syslog(get_class($this)."::addNotification Error $result"); } } @@ -1491,7 +1495,7 @@ class BonPrelevement extends CommonObject $sql .= " ".MAIN_DB_PREFIX."societe as soc,"; $sql .= " ".MAIN_DB_PREFIX."c_country as c,"; $sql .= " ".MAIN_DB_PREFIX."societe_rib as rib"; - $sql .= " WHERE pl.fk_prelevement_bons = ".$this->id; + $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id); $sql .= " AND pl.rowid = pf.fk_prelevement_lignes"; $sql .= " AND pf.fk_facture = f.rowid"; $sql .= " AND f.fk_soc = soc.rowid"; @@ -1607,7 +1611,7 @@ class BonPrelevement extends CommonObject $sql .= " ".MAIN_DB_PREFIX."societe as soc,"; $sql .= " ".MAIN_DB_PREFIX."c_country as c,"; $sql .= " ".MAIN_DB_PREFIX."societe_rib as rib"; - $sql .= " WHERE pl.fk_prelevement_bons = ".$this->id; + $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id); $sql .= " AND pl.rowid = pf.fk_prelevement_lignes"; $sql .= " AND pf.fk_facture_fourn = f.rowid"; $sql .= " AND f.fk_soc = soc.rowid"; @@ -1697,7 +1701,7 @@ class BonPrelevement extends CommonObject $sql .= " ".MAIN_DB_PREFIX."prelevement_lignes as pl,"; $sql .= " ".MAIN_DB_PREFIX."facture as f,"; $sql .= " ".MAIN_DB_PREFIX."prelevement_facture as pf"; - $sql .= " WHERE pl.fk_prelevement_bons = ".$this->id; + $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id); $sql .= " AND pl.rowid = pf.fk_prelevement_lignes"; $sql .= " AND pf.fk_facture = f.rowid"; @@ -1723,7 +1727,7 @@ class BonPrelevement extends CommonObject $sql .= " ".MAIN_DB_PREFIX."prelevement_lignes as pl,"; $sql .= " ".MAIN_DB_PREFIX."facture_fourn as f,"; $sql .= " ".MAIN_DB_PREFIX."prelevement_facture as pf"; - $sql .= " WHERE pl.fk_prelevement_bons = ".$this->id; + $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id); $sql .= " AND pl.rowid = pf.fk_prelevement_lignes"; $sql .= " AND pf.fk_facture_fourn = f.rowid"; diff --git a/htdocs/compta/prelevement/class/rejetprelevement.class.php b/htdocs/compta/prelevement/class/rejetprelevement.class.php index db92da8ce90..4a515357495 100644 --- a/htdocs/compta/prelevement/class/rejetprelevement.class.php +++ b/htdocs/compta/prelevement/class/rejetprelevement.class.php @@ -222,8 +222,8 @@ class RejetPrelevement $sql = "SELECT fk_user_demande"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd"; - $sql .= " WHERE pfd.fk_prelevement_bons = ".$this->bon_id; - $sql .= " AND pfd.fk_facture".($this->type == 'bank-transfer' ? '_fourn=' : '=').$fac->id; + $sql .= " WHERE pfd.fk_prelevement_bons = ".((int) $this->bon_id); + $sql .= " AND pfd.fk_facture".($this->type == 'bank-transfer' ? '_fourn' : '').' = '.((int) $fac->id); $resql = $this->db->query($sql); if ($resql) { @@ -296,7 +296,7 @@ class RejetPrelevement $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture as f ON (pf.fk_facture = f.rowid)"; } $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."prelevement_lignes as pl ON (pf.fk_prelevement_lignes = pl.rowid)"; - $sql .= " WHERE pf.fk_prelevement_lignes = ".$this->id; + $sql .= " WHERE pf.fk_prelevement_lignes = ".((int) $this->id); $sql .= " AND f.entity IN (".getEntity('invoice').")"; $resql = $this->db->query($sql); diff --git a/htdocs/compta/prelevement/demandes.php b/htdocs/compta/prelevement/demandes.php index 266097f7a2d..0230e4cb726 100644 --- a/htdocs/compta/prelevement/demandes.php +++ b/htdocs/compta/prelevement/demandes.php @@ -138,7 +138,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE s.rowid = f.fk_soc"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/prelevement/index.php b/htdocs/compta/prelevement/index.php index 11c38bbb044..c0f89a7e046 100644 --- a/htdocs/compta/prelevement/index.php +++ b/htdocs/compta/prelevement/index.php @@ -112,7 +112,7 @@ $sql .= " AND pfd.traite = 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; $sql .= " AND pfd.fk_facture = f.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/resultat/clientfourn.php b/htdocs/compta/resultat/clientfourn.php index 5aca25466a3..f2f192271ac 100644 --- a/htdocs/compta/resultat/clientfourn.php +++ b/htdocs/compta/resultat/clientfourn.php @@ -614,9 +614,9 @@ if ($modecompta == 'BOOKKEEPING') { } } - $sql .= " AND f.entity = ".$conf->entity; + $sql .= " AND f.entity = ".((int) $conf->entity); if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " GROUP BY name, socid"; $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/compta/sociales/class/cchargesociales.class.php b/htdocs/compta/sociales/class/cchargesociales.class.php index ee9a270b283..d03132b04f7 100644 --- a/htdocs/compta/sociales/class/cchargesociales.class.php +++ b/htdocs/compta/sociales/class/cchargesociales.class.php @@ -329,7 +329,7 @@ class Cchargesociales if (!$error) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE id='.$this->id; + $sql .= ' WHERE id = '.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/compta/sociales/class/chargesociales.class.php b/htdocs/compta/sociales/class/chargesociales.class.php index 1977ac9791b..a7c6ab2c593 100644 --- a/htdocs/compta/sociales/class/chargesociales.class.php +++ b/htdocs/compta/sociales/class/chargesociales.class.php @@ -301,7 +301,7 @@ class ChargeSociales extends CommonObject // Delete payments if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."paiementcharge WHERE fk_charge=".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."paiementcharge WHERE fk_charge=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -445,7 +445,7 @@ class ChargeSociales extends CommonObject { $sql = "UPDATE ".MAIN_DB_PREFIX."chargesociales SET"; $sql .= " paye = 1"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $return = $this->db->query($sql); if ($return) { return 1; @@ -480,7 +480,7 @@ class ChargeSociales extends CommonObject { $sql = "UPDATE ".MAIN_DB_PREFIX."chargesociales SET"; $sql .= " paye = 0"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $return = $this->db->query($sql); if ($return) { return 1; @@ -642,7 +642,7 @@ class ChargeSociales extends CommonObject $sql = 'SELECT sum(amount) as amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.$table; - $sql .= ' WHERE '.$field.' = '.$this->id; + $sql .= " WHERE ".$field." = ".((int) $this->id); dol_syslog(get_class($this)."::getSommePaiement", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php index 48ba4b06d30..fa95b08faca 100644 --- a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php +++ b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php @@ -777,7 +777,7 @@ class PaymentSocialContribution extends CommonObject $type = 'bank'; - $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->bank_line; + $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->bank_line); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/compta/sociales/list.php b/htdocs/compta/sociales/list.php index a4deec56715..388d0f5a7bf 100644 --- a/htdocs/compta/sociales/list.php +++ b/htdocs/compta/sociales/list.php @@ -209,10 +209,10 @@ if (!empty($search_users)) { $sql .= ' AND cs.fk_user IN('.implode(', ', $search_users).')'; } if (!empty($search_type) && $search_type > 0) { - $sql .= ' AND cs.fk_mode_reglement='.$search_type; + $sql .= ' AND cs.fk_mode_reglement='.((int) $search_type); } if (!empty($search_account) && $search_account > 0) { - $sql .= ' AND cs.fk_account='.$search_account; + $sql .= ' AND cs.fk_account='.((int) $search_account); } if ($search_amount) { $sql .= natural_search("cs.amount", $search_amount, 1); diff --git a/htdocs/compta/stats/byratecountry.php b/htdocs/compta/stats/byratecountry.php index d65bed019fc..afc56532fdf 100644 --- a/htdocs/compta/stats/byratecountry.php +++ b/htdocs/compta/stats/byratecountry.php @@ -306,7 +306,7 @@ if ($modecompta == 'CREANCES-DETTES') { $sql .= " fd.product_type AS product_type,"; $sql .= " cc.code, cc.label AS country,"; for ($i = 1; $i <= 12; $i++) { - $sql .= " SUM(".$db->ifsql('MONTH(f.datef)='.$i, 'fd.total_ht', '0').") AS month".str_pad($i, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(f.datef)=".$i, "fd.total_ht", "0").") AS month".str_pad($i, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(fd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd"; @@ -325,7 +325,7 @@ if ($modecompta == 'CREANCES-DETTES') { $sql .= " GROUP BY fd.tva_tx,fd.product_type, cc.label, cc.code "; $sql .= " ORDER BY country, product_type, vatrate"; - dol_syslog("htdocs/compta/tva/index.php sql=".$sql, LOG_DEBUG); + dol_syslog("htdocs/compta/tva/index.php", LOG_DEBUG); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); @@ -393,7 +393,7 @@ if ($modecompta == 'CREANCES-DETTES') { $sql2 .= " ffd.product_type AS product_type,"; $sql2 .= " cc.code, cc.label AS country,"; for ($i = 1; $i <= 12; $i++) { - $sql2 .= " SUM(".$db->ifsql('MONTH(ff.datef)='.$i, 'ffd.total_ht', '0').") AS month".str_pad($i, 2, '0', STR_PAD_LEFT).","; + $sql2 .= " SUM(".$db->ifsql("MONTH(ff.datef)=".$i, "ffd.total_ht", "0").") AS month".str_pad($i, 2, "0", STR_PAD_LEFT).","; } $sql2 .= " SUM(ffd.total_ht) as total"; $sql2 .= " FROM ".MAIN_DB_PREFIX."facture_fourn_det as ffd"; @@ -413,7 +413,7 @@ if ($modecompta == 'CREANCES-DETTES') { $sql2 .= " ORDER BY country, product_type, vatrate"; //print $sql2; - dol_syslog("htdocs/compta/tva/index.php sql=".$sql, LOG_DEBUG); + dol_syslog("htdocs/compta/tva/index.php", LOG_DEBUG); $resql2 = $db->query($sql2); if ($resql2) { $num = $db->num_rows($resql2); diff --git a/htdocs/compta/tva/card.php b/htdocs/compta/tva/card.php index daf5afb025e..a093a086050 100755 --- a/htdocs/compta/tva/card.php +++ b/htdocs/compta/tva/card.php @@ -726,12 +726,9 @@ if ($id) { print dol_get_fiche_end(); if ($action == 'edit') { - print '
'; - print ''; - print '   '; - print ''; - print '
'; - print "\n"; + print $form->buttonsSaveCancel(); + + print ""; } /* diff --git a/htdocs/compta/tva/class/paymentvat.class.php b/htdocs/compta/tva/class/paymentvat.class.php index bc234b4516e..8eaf141b06c 100644 --- a/htdocs/compta/tva/class/paymentvat.class.php +++ b/htdocs/compta/tva/class/paymentvat.class.php @@ -620,7 +620,7 @@ class PaymentVAT extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = "UPDATE ".MAIN_DB_PREFIX."payment_vat SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."payment_vat SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_fk_bank", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/tva/class/tva.class.php b/htdocs/compta/tva/class/tva.class.php index 45d3d2e74b4..38da3c21eae 100644 --- a/htdocs/compta/tva/class/tva.class.php +++ b/htdocs/compta/tva/class/tva.class.php @@ -247,7 +247,7 @@ class Tva extends CommonObject // phpcs:enable $sql = "UPDATE ".MAIN_DB_PREFIX."tva SET"; $sql .= " paye = 1"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { return 1; @@ -267,7 +267,7 @@ class Tva extends CommonObject // phpcs:enable $sql = "UPDATE ".MAIN_DB_PREFIX."tva SET"; $sql .= " paye = 0"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { return 1; @@ -768,7 +768,7 @@ class Tva extends CommonObject $sql = 'SELECT sum(amount) as amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.$table; - $sql .= ' WHERE '.$field.' = '.$this->id; + $sql .= " WHERE ".$field." = ".((int) $this->id); dol_syslog(get_class($this)."::getSommePaiement", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/tva/list.php b/htdocs/compta/tva/list.php index 1dc0180bd60..8c12dbfd704 100644 --- a/htdocs/compta/tva/list.php +++ b/htdocs/compta/tva/list.php @@ -161,16 +161,16 @@ if (!empty($search_label)) { $sql .= natural_search('t.label', $search_label); } if (!empty($search_dateend_start)) { - $sql .= ' AND t.datev >= "'.$db->idate($search_dateend_start).'"'; + $sql .= " AND t.datev >= '".$db->idate($search_dateend_start)."'"; } if (!empty($search_dateend_end)) { - $sql .= ' AND t.datev <= "'.$db->idate($search_dateend_end).'"'; + $sql .= " AND t.datev <= '".$db->idate($search_dateend_end)."'"; } if (!empty($search_datepayment_start)) { - $sql .= ' AND t.datep >= "'.$db->idate($search_datepayment_start).'"'; + $sql .= " AND t.datep >= '".$db->idate($search_datepayment_start)."'"; } if (!empty($search_datepayment_end)) { - $sql .= ' AND t.datep <= "'.$db->idate($search_datepayment_end).'"'; + $sql .= " AND t.datep <= '".$db->idate($search_datepayment_end)."'"; } if (!empty($search_type) && $search_type > 0) { $sql .= ' AND t.fk_typepayment = '.((int) $search_type); diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php index 469869f00e9..13096ddcd40 100644 --- a/htdocs/contact/card.php +++ b/htdocs/contact/card.php @@ -883,16 +883,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print dol_get_fiche_end(); - print '
'; - print ''; - if (!empty($backtopage)) { - print '     '; - print ''; - } else { - print '     '; - print ''; - } - print '
'; + print $form->buttonsSaveCancel("Add"); print ""; } elseif ($action == 'edit' && !empty($id)) { @@ -1220,11 +1211,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ""; } diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index 165a7bf7bc3..066ee681f7a 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -385,13 +385,13 @@ class Contact extends CommonObject if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= ", ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql .= " WHERE sp.fk_soc = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " WHERE sp.fk_soc = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); $clause = "AND"; } - $sql .= ' '.$clause.' sp.entity IN ('.getEntity($this->element).')'; - $sql .= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat=".$user->id."))"; + $sql .= " ".$clause." sp.entity IN (".getEntity($this->element).")"; + $sql .= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat = ".((int) $user->id)."))"; if ($user->socid > 0) { - $sql .= " AND sp.fk_soc = ".$user->socid; + $sql .= " AND sp.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -595,7 +595,7 @@ class Contact extends CommonObject $sql .= ", fk_user_modif=".($user->id > 0 ? "'".$this->db->escape($user->id)."'" : "NULL"); $sql .= ", default_lang=".($this->default_lang ? "'".$this->db->escape($this->default_lang)."'" : "NULL"); $sql .= ", entity = ".((int) $this->entity); - $sql .= " WHERE rowid=".((int) $id); + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $result = $this->db->query($sql); @@ -871,12 +871,12 @@ class Contact extends CommonObject // Mis a jour contact $sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET"; - $sql .= " birthday=".($this->birthday ? "'".$this->db->idate($this->birthday)."'" : "null"); + $sql .= " birthday = ".($this->birthday ? "'".$this->db->idate($this->birthday)."'" : "null"); $sql .= ", photo = ".($this->photo ? "'".$this->db->escape($this->photo)."'" : "null"); if ($user) { - $sql .= ", fk_user_modif=".$user->id; + $sql .= ", fk_user_modif = ".((int) $user->id); } - $sql .= " WHERE rowid=".$this->db->escape($id); + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::update_perso this->birthday=".$this->birthday." -", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1068,7 +1068,7 @@ class Contact extends CommonObject // Search Dolibarr user linked to this contact $sql = "SELECT u.rowid "; $sql .= " FROM ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE u.fk_socpeople = ".$this->id; + $sql .= " WHERE u.fk_socpeople = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -1091,7 +1091,7 @@ class Contact extends CommonObject if ($user) { $sql = "SELECT fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."user_alert"; - $sql .= " WHERE fk_user = ".$user->id." AND fk_contact = ".$this->db->escape($id); + $sql .= " WHERE fk_user = ".((int) $user->id)." AND fk_contact = ".((int) $id); $resql = $this->db->query($sql); if ($resql) { @@ -1162,7 +1162,7 @@ class Contact extends CommonObject $sql = "SELECT tc.element, count(ec.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as tc"; $sql .= " WHERE ec.fk_c_type_contact = tc.rowid"; - $sql .= " AND fk_socpeople = ".$this->id; + $sql .= " AND fk_socpeople = ".((int) $this->id); $sql .= " AND tc.source = 'external'"; $sql .= " GROUP BY tc.element"; @@ -1211,7 +1211,7 @@ class Contact extends CommonObject $sql = "SELECT ec.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."element_contact ec,"; $sql .= " ".MAIN_DB_PREFIX."c_type_contact tc"; - $sql .= " WHERE ec.fk_socpeople=".$this->id; + $sql .= " WHERE ec.fk_socpeople=".((int) $this->id); $sql .= " AND ec.fk_c_type_contact=tc.rowid"; $sql .= " AND tc.source='external'"; dol_syslog(__METHOD__, LOG_DEBUG); @@ -1242,7 +1242,7 @@ class Contact extends CommonObject if (!$error) { // Remove Roles - $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1254,7 +1254,7 @@ class Contact extends CommonObject if (!$error) { // Remove Roles - $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1266,7 +1266,7 @@ class Contact extends CommonObject if (!$error) { // Remove category - $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_contact WHERE fk_socpeople = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_contact WHERE fk_socpeople = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1278,7 +1278,7 @@ class Contact extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."socpeople"; - $sql .= " WHERE rowid=".((int) $this->id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $result = $this->db->query($sql); if (!$result) { @@ -1727,7 +1727,7 @@ class Contact extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."societe_contacts as sc, ".MAIN_DB_PREFIX."c_type_contact as tc"; $sql .= " WHERE tc.rowid = sc.fk_c_type_contact"; $sql .= " AND tc.source = 'external' AND tc.active=1"; - $sql .= " AND sc.fk_socpeople = ".$this->id; + $sql .= " AND sc.fk_socpeople = ".((int) $this->id); $sql .= " AND sc.entity IN (".getEntity('societe').')'; $resql = $this->db->query($sql); @@ -2040,7 +2040,7 @@ class Contact extends CommonObject $obj = $this->db->fetch_object($resql); $noemail = $obj->nb; if (empty($noemail)) { - $sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe(email, entity, date_creat) VALUES ('".$this->db->escape($this->email)."', ".$this->db->escape(getEntity('mailing', 0)).", '".$this->db->idate(dol_now())."')"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe(email, entity, date_creat) VALUES ('".$this->db->escape($this->email)."', ".getEntity('mailing', 0).", '".$this->db->idate(dol_now())."')"; $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -2054,7 +2054,7 @@ class Contact extends CommonObject $this->errors[] = $this->error; } } else { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_unsubscribe WHERE email = '".$this->db->escape($this->email)."' AND entity = ".$this->db->escape(getEntity('mailing', 0)); + $sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_unsubscribe WHERE email = '".$this->db->escape($this->email)."' AND entity IN (".getEntity('mailing', 0).")"; $resql = $this->db->query($sql); if (!$resql) { $error++; diff --git a/htdocs/contact/ldap.php b/htdocs/contact/ldap.php index 6677a7b17d7..79696d12997 100644 --- a/htdocs/contact/ldap.php +++ b/htdocs/contact/ldap.php @@ -178,7 +178,7 @@ if ($result > 0) { $result = show_ldap_content($records, 0, $records['count'], true); } } else { - print ''.$langs->trans("LDAPRecordNotFound").' (dn='.$dn.' - search='.$search.')'; + print ''.$langs->trans("LDAPRecordNotFound").' (dn='.dol_escape_htmltag($dn).' - search='.dol_escape_htmltag($search).')'; } $ldap->unbind(); diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index e5a9ab3f0d6..be5685615d7 100644 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -89,6 +89,7 @@ $search_categ_thirdparty = GETPOST("search_categ_thirdparty", 'int'); $search_categ_supplier = GETPOST("search_categ_supplier", 'int'); $search_status = GETPOST("search_status", 'int'); $search_type = GETPOST('search_type', 'alpha'); +$search_address = GETPOST('search_address', 'alpha'); $search_zip = GETPOST('search_zip', 'alpha'); $search_town = GETPOST('search_town', 'alpha'); $search_import_key = GETPOST("search_import_key", "alpha"); @@ -260,6 +261,7 @@ if (empty($reshook)) { $search_firstname = ""; $search_societe = ""; $search_town = ""; + $search_address = ""; $search_zip = ""; $search_country = ""; $search_poste = ""; @@ -353,7 +355,7 @@ if ($resql) { } $sql = "SELECT s.rowid as socid, s.nom as name,"; -$sql .= " p.rowid, p.lastname as lastname, p.statut, p.firstname, p.zip, p.town, p.poste, p.email, p.no_email,"; +$sql .= " p.rowid, p.lastname as lastname, p.statut, p.firstname, p.address, p.zip, p.town, p.poste, p.email, p.no_email,"; $sql .= " p.socialnetworks, p.photo,"; $sql .= " p.phone as phone_pro, p.phone_mobile, p.phone_perso, p.fax, p.fk_pays, p.priv, p.datec as date_creation, p.tms as date_update,"; $sql .= " st.libelle as stcomm, st.picto as stcomm_picto, p.fk_stcommcontact as stcomm_id, p.fk_prospectcontactlevel,"; @@ -361,7 +363,7 @@ $sql .= " co.label as country, co.code as country_code"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -389,7 +391,7 @@ if (!$user->rights->societe->client->voir && !$socid) { } $sql .= ' WHERE p.entity IN ('.getEntity('socpeople').')'; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND (sc.fk_user = ".$user->id." OR p.fk_soc IS NULL)"; + $sql .= " AND (sc.fk_user = ".((int) $user->id)." OR p.fk_soc IS NULL)"; } if (!empty($userid)) { // propre au commercial $sql .= " AND p.fk_user_creat=".((int) $userid); @@ -403,13 +405,13 @@ if ($search_stcomm != '' && $search_stcomm != -2) { // Filter to exclude not owned private contacts if ($search_priv != '0' && $search_priv != '1') { - $sql .= " AND (p.priv='0' OR (p.priv='1' AND p.fk_user_creat=".$user->id."))"; + $sql .= " AND (p.priv='0' OR (p.priv='1' AND p.fk_user_creat=".((int) $user->id)."))"; } else { if ($search_priv == '0') { $sql .= " AND p.priv='0'"; } if ($search_priv == '1') { - $sql .= " AND (p.priv='1' AND p.fk_user_creat=".$user->id.")"; + $sql .= " AND (p.priv='1' AND p.fk_user_creat=".((int) $user->id).")"; } } @@ -478,13 +480,16 @@ if (strlen($search_fax)) { if (!empty($conf->socialnetworks->enabled)) { foreach ($socialnetworks as $key => $value) { if ($value['active'] && strlen($search_[$key])) { - $sql .= ' AND p.socialnetworks LIKE \'%"'.$key.'":"'.$search_[$key].'%\''; + $sql .= " AND p.socialnetworks LIKE '%\"".$key."\":\"".$search_[$key]."%'"; } } } if (strlen($search_email)) { $sql .= natural_search('p.email', $search_email); } +if (strlen($search_address)) { + $sql .= natural_search("p.address", $search_address); +} if (strlen($search_zip)) { $sql .= natural_search("p.zip", $search_zip); } @@ -594,6 +599,9 @@ if ($search_firstname != '') { if ($search_societe != '') { $param .= '&search_societe='.urlencode($search_societe); } +if ($search_address != '') { + $param .= '&search_address='.urlencode($search_address); +} if ($search_zip != '') { $param .= '&search_zip='.urlencode($search_zip); } @@ -775,6 +783,11 @@ if (!empty($arrayfields['p.poste']['checked'])) { print ''; print ''; } +if (!empty($arrayfields['p.address']['checked'])) { + print ''; + print ''; + print ''; +} if (!empty($arrayfields['p.zip']['checked'])) { print ''; print ''; @@ -923,6 +936,9 @@ if (!empty($arrayfields['p.firstname']['checked'])) { if (!empty($arrayfields['p.poste']['checked'])) { print_liste_field_titre($arrayfields['p.poste']['label'], $_SERVER["PHP_SELF"], "p.poste", $begin, $param, '', $sortfield, $sortorder); } +if (!empty($arrayfields['p.address']['checked'])) { + print_liste_field_titre($arrayfields['p.address']['label'], $_SERVER["PHP_SELF"], "p.address", $begin, $param, '', $sortfield, $sortorder); +} if (!empty($arrayfields['p.zip']['checked'])) { print_liste_field_titre($arrayfields['p.zip']['label'], $_SERVER["PHP_SELF"], "p.zip", $begin, $param, '', $sortfield, $sortorder); } @@ -1016,6 +1032,7 @@ while ($i < min($num, $limit)) { $contactstatic->phone_pro = $obj->phone_pro; $contactstatic->phone_perso = $obj->phone_perso; $contactstatic->phone_mobile = $obj->phone_mobile; + $contactstatic->address = $obj->address; $contactstatic->zip = $obj->zip; $contactstatic->town = $obj->town; $contactstatic->socialnetworks = $arraysocialnetworks; @@ -1059,6 +1076,13 @@ while ($i < min($num, $limit)) { $totalarray['nbfield']++; } } + // Address + if (!empty($arrayfields['p.address']['checked'])) { + print ''.$obj->address.''; + if (!$i) { + $totalarray['nbfield']++; + } + } // Zip if (!empty($arrayfields['p.zip']['checked'])) { print ''.$obj->zip.''; diff --git a/htdocs/contact/perso.php b/htdocs/contact/perso.php index 261ffebf29c..a5b64e37998 100644 --- a/htdocs/contact/perso.php +++ b/htdocs/contact/perso.php @@ -205,11 +205,7 @@ if ($action == 'edit') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ""; } else { diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php index d5187c6a040..56e3d797086 100644 --- a/htdocs/contrat/card.php +++ b/htdocs/contrat/card.php @@ -1174,11 +1174,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Create"); if (is_object($objectsrc)) { print ''; @@ -1437,7 +1433,7 @@ if ($action == 'create') { $sql .= " p.rowid as pid, p.ref as pref, p.label as plabel, p.fk_product_type as ptype, p.entity as pentity, p.tosell, p.tobuy, p.tobatch"; $sql .= " FROM ".MAIN_DB_PREFIX."contratdet as cd"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid"; - $sql .= " WHERE cd.rowid = ".$object->lines[$cursorline - 1]->id; + $sql .= " WHERE cd.rowid = ".((int) $object->lines[$cursorline - 1]->id); $result = $db->query($sql); if ($result) { diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 5436c55faeb..a7a42ca7350 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -181,6 +181,13 @@ class Contrat extends CommonObject */ public $lines = array(); + public $nbofservices; + public $nbofserviceswait; + public $nbofservicesopened; + public $nbofservicesexpired; + //public $lower_planned_end_date; + //public $higher_planner_end_date; + /** * Maps ContratLigne IDs to $this->lines indexes * @var int[] @@ -429,7 +436,8 @@ class Contrat extends CommonObject foreach ($this->lines as $contratline) { // Close lines not already closed if ($contratline->statut != ContratLigne::STATUS_CLOSED) { - $contratline->date_cloture = $now; + $contratline->date_end_real = $now; + $contratline->date_cloture = $now; // For backward compatibility $contratline->fk_user_cloture = $user->id; $contratline->statut = ContratLigne::STATUS_CLOSED; $result = $contratline->close_line($user, $now, $comment, $notrigger); @@ -499,7 +507,7 @@ class Contrat extends CommonObject if ($num) { $sql = "UPDATE ".MAIN_DB_PREFIX."contrat SET ref = '".$this->db->escape($num)."', statut = 1"; //$sql.= ", fk_user_valid = ".$user->id.", date_valid = '".$this->db->idate($now)."'"; - $sql .= " WHERE rowid = ".$this->id." AND statut = 0"; + $sql .= " WHERE rowid = ".((int) $this->id)." AND statut = 0"; dol_syslog(get_class($this)."::validate", LOG_DEBUG); $resql = $this->db->query($sql); @@ -599,7 +607,7 @@ class Contrat extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."contrat SET statut = 0"; //$sql.= ", fk_user_valid = null, date_valid = null"; - $sql .= " WHERE rowid = ".$this->id." AND statut = 1"; + $sql .= " WHERE rowid = ".((int) $this->id)." AND statut = 1"; dol_syslog(get_class($this)."::validate", LOG_DEBUG); $resql = $this->db->query($sql); @@ -753,6 +761,7 @@ class Contrat extends CommonObject // phpcs:enable global $langs, $conf, $extrafields; + $this->nbofservices = 0; $this->nbofserviceswait = 0; $this->nbofservicesopened = 0; $this->nbofservicesexpired = 0; @@ -792,7 +801,7 @@ class Contrat extends CommonObject $sql .= " d.fk_unit,"; $sql .= " d.product_type as type"; $sql .= " FROM ".MAIN_DB_PREFIX."contratdet as d LEFT JOIN ".MAIN_DB_PREFIX."product as p ON d.fk_product = p.rowid"; - $sql .= " WHERE d.fk_contrat = ".$this->id; + $sql .= " WHERE d.fk_contrat = ".((int) $this->id); $sql .= " ORDER by d.rowid ASC"; dol_syslog(get_class($this)."::fetch_lines", LOG_DEBUG); @@ -948,13 +957,13 @@ class Contrat extends CommonObject $sql = "INSERT INTO ".MAIN_DB_PREFIX."contrat (datec, fk_soc, fk_user_author, date_contrat,"; $sql .= " fk_commercial_signature, fk_commercial_suivi, fk_projet,"; $sql .= " ref, entity, note_private, note_public, ref_customer, ref_supplier, ref_ext)"; - $sql .= " VALUES ('".$this->db->idate($now)."',".$this->socid.",".$user->id; + $sql .= " VALUES ('".$this->db->idate($now)."', ".((int) $this->socid).", ".((int) $user->id); $sql .= ", ".(dol_strlen($this->date_contrat) != 0 ? "'".$this->db->idate($this->date_contrat)."'" : "NULL"); - $sql .= ",".($this->commercial_signature_id > 0 ? $this->commercial_signature_id : "NULL"); - $sql .= ",".($this->commercial_suivi_id > 0 ? $this->commercial_suivi_id : "NULL"); - $sql .= ",".($this->fk_project > 0 ? $this->fk_project : "NULL"); + $sql .= ",".($this->commercial_signature_id > 0 ? ((int) $this->commercial_signature_id) : "NULL"); + $sql .= ",".($this->commercial_suivi_id > 0 ? ((int) $this->commercial_suivi_id) : "NULL"); + $sql .= ",".($this->fk_project > 0 ? ((int) $this->fk_project) : "NULL"); $sql .= ", ".(dol_strlen($this->ref) <= 0 ? "null" : "'".$this->db->escape($this->ref)."'"); - $sql .= ", ".$conf->entity; + $sql .= ", ".((int) $conf->entity); $sql .= ", ".(!empty($this->note_private) ? ("'".$this->db->escape($this->note_private)."'") : "NULL"); $sql .= ", ".(!empty($this->note_public) ? ("'".$this->db->escape($this->note_public)."'") : "NULL"); $sql .= ", ".(!empty($this->ref_customer) ? ("'".$this->db->escape($this->ref_customer)."'") : "NULL"); @@ -1150,11 +1159,11 @@ class Contrat extends CommonObject /* $sql = "DELETE cdl"; $sql.= " FROM ".MAIN_DB_PREFIX."contratdet_log as cdl, ".MAIN_DB_PREFIX."contratdet as cd"; - $sql.= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".$this->id; + $sql.= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".((int) $this->id); */ $sql = "SELECT cdl.rowid as cdlrowid "; $sql .= " FROM ".MAIN_DB_PREFIX."contratdet_log as cdl, ".MAIN_DB_PREFIX."contratdet as cd"; - $sql .= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".$this->id; + $sql .= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".((int) $this->id); dol_syslog(get_class($this)."::delete contratdet_log", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1188,7 +1197,7 @@ class Contrat extends CommonObject // Delete contratdet extrafields $main = MAIN_DB_PREFIX.'contratdet'; $ef = $main."_extrafields"; - $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_contrat = ".$this->id.")"; + $sql = "DELETE FROM ".$ef." WHERE fk_object IN (SELECT rowid FROM ".$main." WHERE fk_contrat = ".((int) $this->id).")"; dol_syslog(get_class($this)."::delete contratdet_extrafields", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1201,7 +1210,7 @@ class Contrat extends CommonObject if (!$error) { // Delete contratdet $sql = "DELETE FROM ".MAIN_DB_PREFIX."contratdet"; - $sql .= " WHERE fk_contrat=".$this->id; + $sql .= " WHERE fk_contrat=".((int) $this->id); dol_syslog(get_class($this)."::delete contratdet", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1213,7 +1222,7 @@ class Contrat extends CommonObject // Delete llx_ecm_files if (!$error) { - $sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".$this->id; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? "" : "@".$this->module))."' AND src_object_id = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); @@ -2103,9 +2112,9 @@ class Contrat extends CommonObject $sql = "SELECT cd.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."contratdet as cd"; - $sql .= " WHERE fk_contrat =".$this->id; + $sql .= " WHERE fk_contrat =".((int) $this->id); if ($status >= 0) { - $sql .= " AND statut = ".$status; + $sql .= " AND statut = ".((int) $status); } dol_syslog(get_class($this)."::array_detail()", LOG_DEBUG); @@ -2137,9 +2146,9 @@ class Contrat extends CommonObject $sql = "SELECT c.rowid, c.ref"; $sql .= " FROM ".MAIN_DB_PREFIX."contrat as c"; - $sql .= " WHERE fk_soc =".$this->socid; + $sql .= " WHERE fk_soc =".((int) $this->socid); if ($option == 'others') { - $sql .= " AND c.rowid != ".$this->id; + $sql .= " AND c.rowid <> ".((int) $this->id); } dol_syslog(get_class($this)."::getOtherContracts()", LOG_DEBUG); @@ -2205,12 +2214,12 @@ class Contrat extends CommonObject //$sql.= " AND cd.date_fin_validite < '".$this->db->idate($datetouse)."'"; } $sql .= " AND c.fk_soc = s.rowid"; - $sql .= " AND c.entity = ".$conf->entity; + $sql .= " AND c.entity = ".((int) $conf->entity); if ($user->socid) { - $sql .= " AND c.fk_soc = ".$user->socid; + $sql .= " AND c.fk_soc = ".((int) $user->socid); } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $this->db->query($sql); @@ -2279,7 +2288,7 @@ class Contrat extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." c.entity = ".$conf->entity; @@ -2642,10 +2651,23 @@ class ContratLigne extends CommonObjectLine public $date_end; // date end planned public $date_end_real; // date end real // For backward compatibility + /** + * @deprecated Use date_start + */ public $date_ouverture_prevue; // date start planned + /** + * @deprecated Use date_start_real + */ public $date_ouverture; // date start real + /** + * @deprecated Use date_end + */ public $date_fin_validite; // date end planned + /** + * @deprecated Use date_end_real + */ public $date_cloture; // date end real + public $tva_tx; public $localtax1_tx; public $localtax2_tx; @@ -3062,7 +3084,6 @@ class ContratLigne extends CommonObjectLine $this->oldcopy = new ContratLigne($this->db); $this->oldcopy->fetch($this->id); - $this->oldcopy->fetch_optionals(); // Update request $sql = "UPDATE ".MAIN_DB_PREFIX."contratdet SET"; @@ -3120,7 +3141,7 @@ class ContratLigne extends CommonObjectLine if ($this->date_ouverture_prevue != $this->oldcopy->date_ouverture_prevue) { $sql = 'UPDATE '.MAIN_DB_PREFIX.'contratdet SET'; $sql .= " date_ouverture_prevue = ".($this->date_ouverture_prevue != '' ? "'".$this->db->idate($this->date_ouverture_prevue)."'" : "null"); - $sql .= " WHERE fk_contrat = ".$this->fk_contrat; + $sql .= " WHERE fk_contrat = ".((int) $this->fk_contrat); $resql = $this->db->query($sql); if (!$resql) { @@ -3131,7 +3152,7 @@ class ContratLigne extends CommonObjectLine if ($this->date_fin_validite != $this->oldcopy->date_fin_validite) { $sql = 'UPDATE '.MAIN_DB_PREFIX.'contratdet SET'; $sql .= " date_fin_validite = ".($this->date_fin_validite != '' ? "'".$this->db->idate($this->date_fin_validite)."'" : "null"); - $sql .= " WHERE fk_contrat = ".$this->fk_contrat; + $sql .= " WHERE fk_contrat = ".((int) $this->fk_contrat); $resql = $this->db->query($sql); if (!$resql) { @@ -3181,7 +3202,7 @@ class ContratLigne extends CommonObjectLine $sql .= ",total_localtax1=".price2num($this->total_localtax1, 'MT').""; $sql .= ",total_localtax2=".price2num($this->total_localtax2, 'MT').""; $sql .= ",total_ttc=".price2num($this->total_ttc, 'MT').""; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_total", LOG_DEBUG); @@ -3236,12 +3257,12 @@ class ContratLigne extends CommonObjectLine $sql .= " '".$this->db->escape($this->info_bits)."',"; $sql .= " ".price2num($this->price_ht).",".price2num($this->remise).","; if ($this->fk_fournprice > 0) { - $sql .= ' '.$this->fk_fournprice.','; + $sql .= ' '.((int) $this->fk_fournprice).','; } else { $sql .= ' null,'; } if ($this->pa_ht > 0) { - $sql .= ' '.price2num($this->pa_ht); + $sql .= ' '.((float) price2num($this->pa_ht)); } else { $sql .= ' null'; } @@ -3311,10 +3332,10 @@ class ContratLigne extends CommonObjectLine if ($date_end >= 0) { $sql .= " date_fin_validite = ".(dol_strlen($date_end) != 0 ? "'".$this->db->idate($date_end)."'" : "null").","; } - $sql .= " fk_user_ouverture = ".$user->id.","; + $sql .= " fk_user_ouverture = ".((int) $user->id).","; $sql .= " date_cloture = null,"; $sql .= " commentaire = '".$this->db->escape($comment)."'"; - $sql .= " WHERE rowid = ".$this->id." AND (statut = ".ContratLigne::STATUS_INITIAL." OR statut = ".ContratLigne::STATUS_CLOSED.")"; + $sql .= " WHERE rowid = ".((int) $this->id)." AND (statut = ".ContratLigne::STATUS_INITIAL." OR statut = ".ContratLigne::STATUS_CLOSED.")"; dol_syslog(get_class($this)."::active_line", LOG_DEBUG); $resql = $this->db->query($sql); @@ -3375,9 +3396,9 @@ class ContratLigne extends CommonObjectLine $sql = "UPDATE ".MAIN_DB_PREFIX."contratdet SET statut = ".((int) ContratLigne::STATUS_CLOSED).","; $sql .= " date_cloture = '".$this->db->idate($date_end)."',"; - $sql .= " fk_user_cloture = ".$user->id.","; + $sql .= " fk_user_cloture = ".((int) $user->id).","; $sql .= " commentaire = '".$this->db->escape($comment)."'"; - $sql .= " WHERE rowid = ".$this->id." AND statut = ".((int) ContratLigne::STATUS_OPEN); + $sql .= " WHERE rowid = ".((int) $this->id)." AND statut = ".((int) ContratLigne::STATUS_OPEN); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/contrat/index.php b/htdocs/contrat/index.php index a5e3da943b7..b85cda094f3 100644 --- a/htdocs/contrat/index.php +++ b/htdocs/contrat/index.php @@ -99,10 +99,10 @@ $sql .= " WHERE cd.fk_contrat = c.rowid AND c.fk_soc = s.rowid"; $sql .= " AND (cd.statut != 4 OR (cd.statut = 4 AND (cd.date_fin_validite is null or cd.date_fin_validite >= '".$db->idate($now)."')))"; $sql .= " AND c.entity IN (".getEntity('contract', 0).")"; if ($user->socid) { - $sql .= ' AND c.fk_soc = '.$user->socid; + $sql .= ' AND c.fk_soc = '.((int) $user->socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY cd.statut"; $resql = $db->query($sql); @@ -136,10 +136,10 @@ $sql .= " WHERE cd.fk_contrat = c.rowid AND c.fk_soc = s.rowid"; $sql .= " AND (cd.statut = 4 AND cd.date_fin_validite < '".$db->idate($now)."')"; $sql .= " AND c.entity IN (".getEntity('contract', 0).")"; if ($user->socid) { - $sql .= ' AND c.fk_soc = '.$user->socid; + $sql .= ' AND c.fk_soc = '.((int) $user->socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY cd.statut"; $resql = $db->query($sql); @@ -247,7 +247,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire) { $sql .= " AND c.entity IN (".getEntity('contract', 0).")"; $sql .= " AND c.statut = 0"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -304,11 +304,11 @@ print '
'; // Last modified contracts $max = 5; $sql = 'SELECT '; -$sql .= ' sum('.$db->ifsql("cd.statut=0", 1, 0).') as nb_initial,'; -$sql .= ' sum('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NULL OR cd.date_fin_validite >= '".$db->idate($now)."')", 1, 0).') as nb_running,'; -$sql .= ' sum('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now)."')", 1, 0).') as nb_expired,'; -$sql .= ' sum('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now - $conf->contrat->services->expires->warning_delay)."')", 1, 0).') as nb_late,'; -$sql .= ' sum('.$db->ifsql("cd.statut=5", 1, 0).') as nb_closed,'; +$sql .= " sum(".$db->ifsql("cd.statut=0", 1, 0).') as nb_initial,'; +$sql .= " sum(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NULL OR cd.date_fin_validite >= '".$db->idate($now)."')", 1, 0).') as nb_running,'; +$sql .= " sum(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now)."')", 1, 0).') as nb_expired,'; +$sql .= " sum(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now - $conf->contrat->services->expires->warning_delay)."')", 1, 0).') as nb_late,'; +$sql .= " sum(".$db->ifsql("cd.statut=5", 1, 0).') as nb_closed,'; $sql .= " c.rowid as cid, c.ref, c.datec, c.tms, c.statut, s.nom as name, s.rowid as socid"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s,"; if (!$user->rights->societe->client->voir && !$socid) { @@ -320,7 +320,7 @@ $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('contract', 0).")"; $sql .= " AND c.statut > 0"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -395,7 +395,7 @@ $sql .= " WHERE c.entity IN (".getEntity('contract', 0).")"; $sql .= " AND cd.fk_contrat = c.rowid"; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -477,7 +477,7 @@ $sql .= " AND cd.statut = 0"; $sql .= " AND cd.fk_contrat = c.rowid"; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -559,7 +559,7 @@ $sql .= " AND cd.date_fin_validite < '".$db->idate($now)."'"; $sql .= " AND cd.fk_contrat = c.rowid"; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/contrat/list.php b/htdocs/contrat/list.php index a744b2c1bf7..66d84874d76 100644 --- a/htdocs/contrat/list.php +++ b/htdocs/contrat/list.php @@ -7,7 +7,8 @@ * Copyright (C) 2015 Claudio Aschieri * Copyright (C) 2015 Jean-François Ferry * Copyright (C) 2016-2018 Ferran Marcet - * Copyright (C) 2019 Nicolas ZABOURI + * Copyright (C) 2019 Nicolas Zabouri + * Copyright (C) 2021 Alexandre Spangaro * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -66,9 +67,14 @@ $search_product_category = GETPOST('search_product_category', 'int'); $search_dfmonth = GETPOST('search_dfmonth', 'int'); $search_dfyear = GETPOST('search_dfyear', 'int'); $search_op2df = GETPOST('search_op2df', 'alpha'); -$day = GETPOST("day", "int"); -$year = GETPOST("year", "int"); -$month = GETPOST("month", "int"); +$search_date_startday = GETPOST('search_date_startday', 'int'); +$search_date_startmonth = GETPOST('search_date_startmonth', 'int'); +$search_date_startyear = GETPOST('search_date_startyear', 'int'); +$search_date_endday = GETPOST('search_date_endday', 'int'); +$search_date_endmonth = GETPOST('search_date_endmonth', 'int'); +$search_date_endyear = GETPOST('search_date_endyear', 'int'); +$search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear); // Use tzserver +$search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear); $optioncss = GETPOST('optioncss', 'alpha'); @@ -171,9 +177,6 @@ include DOL_DOCUMENT_ROOT.'/core/actions_changeselectedfields.inc.php'; // Purge search criteria if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) { // All test are required to be compatible with all browsers - $day = ''; - $month = ''; - $year = ''; $search_dfmonth = ''; $search_dfyear = ''; $search_op2df = ''; @@ -190,6 +193,14 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x' $search_user = ''; $search_sale = ''; $search_product_category = ''; + $search_date_startday = ''; + $search_date_startmonth = ''; + $search_date_startyear = ''; + $search_date_endday = ''; + $search_date_endmonth = ''; + $search_date_endyear = ''; + $search_date_start = ''; + $search_date_end = ''; $sall = ""; $search_status = ""; $toselect = ''; @@ -225,15 +236,15 @@ $sql .= ' s.rowid as socid, s.nom as name, s.name_alias, s.email, s.town, s.zip, $sql .= " typent.code as typent_code,"; $sql .= " state.code_departement as state_code, state.nom as state_name,"; $sql .= " MIN(".$db->ifsql("cd.statut=4", "cd.date_fin_validite", "null").") as lower_planned_end_date,"; -$sql .= ' SUM('.$db->ifsql("cd.statut=0", 1, 0).') as nb_initial,'; -$sql .= ' SUM('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NULL OR cd.date_fin_validite >= '".$db->idate($now)."')", 1, 0).') as nb_running,'; -$sql .= ' SUM('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now)."')", 1, 0).') as nb_expired,'; -$sql .= ' SUM('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now - $conf->contrat->services->expires->warning_delay)."')", 1, 0).') as nb_late,'; -$sql .= ' SUM('.$db->ifsql("cd.statut=5", 1, 0).') as nb_closed'; +$sql .= " SUM(".$db->ifsql("cd.statut=0", 1, 0).') as nb_initial,'; +$sql .= " SUM(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NULL OR cd.date_fin_validite >= '".$db->idate($now)."')", 1, 0).') as nb_running,'; +$sql .= " SUM(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now)."')", 1, 0).') as nb_expired,'; +$sql .= " SUM(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now - $conf->contrat->services->expires->warning_delay)."')", 1, 0).') as nb_late,'; +$sql .= " SUM(".$db->ifsql("cd.statut=5", 1, 0).') as nb_closed'; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -271,9 +282,14 @@ if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); +} +if ($search_date_start) { + $sql .= " AND c.date_contrat >= '".$db->idate($search_date_start)."'"; +} +if ($search_date_end) { + $sql .= " AND c.date_contrat <= '".$db->idate($search_date_end)."'"; } -$sql .= dolSqlDateFilter('c.date_contrat', $day, $month, $year); if ($search_name) { $sql .= natural_search('s.nom', $search_name); } @@ -415,6 +431,24 @@ if ($search_ref_supplier != '') { if ($search_op2df != '') { $param .= '&search_op2df='.urlencode($search_op2df); } +if ($search_date_startday) { + $param .= '&search_date_startday='.urlencode($search_date_startday); +} +if ($search_date_startmonth) { + $param .= '&search_date_startmonth='.urlencode($search_date_startmonth); +} +if ($search_date_startyear) { + $param .= '&search_date_startyear='.urlencode($search_date_startyear); +} +if ($search_date_endday) { + $param .= '&search_date_endday='.urlencode($search_date_endday); +} +if ($search_date_endmonth) { + $param .= '&search_date_endmonth='.urlencode($search_date_endmonth); +} +if ($search_date_endyear) { + $param .= '&search_date_endyear='.urlencode($search_date_endyear); +} if ($search_dfyear != '') { $param .= '&search_dfyear='.urlencode($search_dfyear); } @@ -594,16 +628,13 @@ if (!empty($arrayfields['sale_representative']['checked'])) { print ''; } if (!empty($arrayfields['c.date_contrat']['checked'])) { - // Date contract - print ''; - //print $langs->trans('Month').': '; - if (!empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) { - print ''; - } - print ''; - //print ' '.$langs->trans('Year').': '; - $syear = $year; - print $formother->selectyear($syear, 'year', 1, 20, 5); + print ''; + print '
'; + print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')); + print '
'; + print '
'; + print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')); + print '
'; print ''; } // Extra fields diff --git a/htdocs/contrat/services_list.php b/htdocs/contrat/services_list.php index 8368bffbab2..0c06a194fd4 100644 --- a/htdocs/contrat/services_list.php +++ b/htdocs/contrat/services_list.php @@ -35,6 +35,8 @@ require_once DOL_DOCUMENT_ROOT."/societe/class/societe.class.php"; // Load translation files required by the page $langs->loadLangs(array('products', 'contracts', 'companies')); +$optioncss = GETPOST('optioncss', 'aZ09'); + $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); $sortorder = GETPOST("sortorder", 'alpha'); @@ -58,7 +60,6 @@ $search_name = GETPOST("search_name", 'alpha'); $search_contract = GETPOST("search_contract", 'alpha'); $search_service = GETPOST("search_service", 'alpha'); $search_status = GETPOST("search_status", 'alpha'); -$statut = GETPOST('statut', 'int') ?GETPOST('statut', 'int') : 1; $search_product_category = GETPOST('search_product_category', 'int'); $socid = GETPOST('socid', 'int'); $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'contractservicelist'.$mode; @@ -234,7 +235,7 @@ $sql .= " cd.tms as date_update"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -261,7 +262,7 @@ if ($search_product_category > 0) { } $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($mode == "0") { $sql .= " AND cd.statut = 0"; @@ -291,6 +292,11 @@ if ($socid > 0) { $sql .= " AND s.rowid = ".((int) $socid); } +$filter_dateouvertureprevue = ''; +$filter_date1 = ''; +$filter_date2 = ''; +$filter_opcloture = ''; + $filter_dateouvertureprevue_start = dol_mktime(0, 0, 0, $opouvertureprevuemonth, $opouvertureprevueday, $opouvertureprevueyear); $filter_dateouvertureprevue_end = dol_mktime(23, 59, 59, $opouvertureprevuemonth, $opouvertureprevueday, $opouvertureprevueyear); if ($filter_dateouvertureprevue_start != '' && $filter_opouvertureprevue == -1) { @@ -412,18 +418,19 @@ if (!empty($filter_op2) && $filter_op2 != -1) { if (!empty($filter_opcloture) && $filter_opcloture != -1) { $param .= '&filter_opcloture='.urlencode($filter_opcloture); } -if ($filter_dateouvertureprevue != '') { +if ($filter_dateouvertureprevue_start != '') { $param .= '&opouvertureprevueday='.$opouvertureprevueday.'&opouvertureprevuemonth='.$opouvertureprevuemonth.'&opouvertureprevueyear='.$opouvertureprevueyear; } -if ($filter_date1 != '') { +if ($filter_date1_start != '') { $param .= '&op1day='.$op1day.'&op1month='.$op1month.'&op1year='.$op1year; } -if ($filter_date2 != '') { +if ($filter_date2_start != '') { $param .= '&op2day='.$op2day.'&op2month='.$op2month.'&op2year='.$op2year; } -if ($filter_datecloture != '') { +if ($filter_datecloture_start != '') { $param .= '&opclotureday='.$op2day.'&opcloturemonth='.$op2month.'&opclotureyear='.$op2year; } + if ($optioncss != '') { $param .= '&optioncss='.$optioncss; } @@ -467,7 +474,7 @@ if ($mode == "5") { print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'contract', 0, '', '', $limit); -if ($sall) { +if (!empty($sall)) { foreach ($fieldstosearchall as $key => $val) { $fieldstosearchall[$key] = $langs->trans($val); } @@ -475,6 +482,7 @@ if ($sall) { } $morefilter = ''; +$moreforfilter = ''; // If the user can view categories of products if ($conf->categorie->enabled && ($user->rights->produit->lire || $user->rights->service->lire)) { diff --git a/htdocs/core/actions_addupdatedelete.inc.php b/htdocs/core/actions_addupdatedelete.inc.php index f871ed73de8..74ad69e4e1d 100644 --- a/htdocs/core/actions_addupdatedelete.inc.php +++ b/htdocs/core/actions_addupdatedelete.inc.php @@ -53,11 +53,11 @@ if ($action == 'add' && !empty($permissiontoadd)) { foreach ($object->fields as $key => $val) { if ($object->fields[$key]['type'] == 'duration') { if (GETPOST($key.'hour') == '' && GETPOST($key.'min') == '') { - continue; // The field was not submited to be edited + continue; // The field was not submited to be saved } } else { if (!GETPOSTISSET($key)) { - continue; // The field was not submited to be edited + continue; // The field was not submited to be saved } } // Ignore special fields @@ -87,7 +87,11 @@ if ($action == 'add' && !empty($permissiontoadd)) { $tmparraykey = array_keys($object->param_list); $value = $tmparraykey[GETPOST($key)].','.GETPOST($key.'2'); } else { - $value = GETPOST($key, 'alphanohtml'); + if ($key == 'lang') { + $value = GETPOST($key, 'aZ09'); + } else { + $value = GETPOST($key, 'alphanohtml'); + } } if (preg_match('/^integer:/i', $object->fields[$key]['type']) && $value == '-1') { $value = ''; // This is an implicit foreign key field @@ -105,6 +109,15 @@ if ($action == 'add' && !empty($permissiontoadd)) { $error++; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv($val['label'])), null, 'errors'); } + + // Validation of fields values + if ($conf->global->MAIN_FEATURE_LEVEL >= 2 || !empty($conf->global->MAIN_ACTIVATE_VALIDATION_RESULT)) { + if (!$error && !empty($val['validate']) && is_callable(array($object, 'validateField'))) { + if (!$object->validateField($object->fields, $key, $value)) { + $error++; + } + } + } } // Fill array 'array_options' with data from add form @@ -143,7 +156,7 @@ if ($action == 'update' && !empty($permissiontoadd)) { // Check if field was submited to be edited if ($object->fields[$key]['type'] == 'duration') { if (!GETPOSTISSET($key.'hour') || !GETPOSTISSET($key.'min')) { - continue; // The field was not submited to be edited + continue; // The field was not submited to be saved } } elseif ($object->fields[$key]['type'] == 'boolean') { if (!GETPOSTISSET($key)) { @@ -152,7 +165,7 @@ if ($action == 'update' && !empty($permissiontoadd)) { } } else { if (!GETPOSTISSET($key)) { - continue; // The field was not submited to be edited + continue; // The field was not submited to be saved } } // Ignore special fields @@ -161,7 +174,7 @@ if ($action == 'update' && !empty($permissiontoadd)) { } if (in_array($key, array('date_creation', 'tms', 'fk_user_creat', 'fk_user_modif'))) { if (!in_array(abs($val['visible']), array(1, 3, 4))) { - continue; // Only 1 and 3 and 4 that are case to update + continue; // Only 1 and 3 and 4, that are cases to update } } @@ -190,7 +203,11 @@ if ($action == 'update' && !empty($permissiontoadd)) { } elseif ($object->fields[$key]['type'] == 'reference') { $value = array_keys($object->param_list)[GETPOST($key)].','.GETPOST($key.'2'); } else { - $value = GETPOST($key, 'alpha'); + if ($key == 'lang') { + $value = GETPOST($key, 'aZ09'); + } else { + $value = GETPOST($key, 'alphanohtml'); + } } if (preg_match('/^integer:/i', $object->fields[$key]['type']) && $value == '-1') { $value = ''; // This is an implicit foreign key field @@ -204,6 +221,15 @@ if ($action == 'update' && !empty($permissiontoadd)) { $error++; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv($val['label'])), null, 'errors'); } + + // Validation of fields values + if ($conf->global->MAIN_FEATURE_LEVEL >= 2 || !empty($conf->global->MAIN_ACTIVATE_VALIDATION_RESULT)) { + if (!$error && !empty($val['validate']) && is_callable(array($object, 'validateField'))) { + if (!$object->validateField($object->fields, $key, $value)) { + $error++; + } + } + } } // Fill array 'array_options' with data from add form @@ -273,6 +299,8 @@ if ($action == 'confirm_delete' && !empty($permissiontodelete)) { setEventMessages($object->error, null, 'errors'); } } + + $action = ''; } // Remove a line @@ -304,11 +332,13 @@ if ($action == 'confirm_deleteline' && $confirm == 'yes' && !empty($permissionto } setEventMessages($langs->trans('RecordDeleted'), null, 'mesgs'); + header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id); exit; } else { setEventMessages($object->error, $object->errors, 'errors'); } + $action = ''; } // Action validate object @@ -344,6 +374,7 @@ if ($action == 'confirm_validate' && $confirm == 'yes' && $permissiontoadd) { } else { setEventMessages($object->error, $object->errors, 'errors'); } + $action = ''; } // Action close object @@ -374,6 +405,7 @@ if ($action == 'confirm_close' && $confirm == 'yes' && $permissiontoadd) { } else { setEventMessages($object->error, $object->errors, 'errors'); } + $action = ''; } // Action setdraft object @@ -384,6 +416,7 @@ if ($action == 'confirm_setdraft' && $confirm == 'yes' && $permissiontoadd) { } else { setEventMessages($object->error, $object->errors, 'errors'); } + $action = ''; } // Action reopen object @@ -414,6 +447,7 @@ if ($action == 'confirm_reopen' && $confirm == 'yes' && $permissiontoadd) { } else { setEventMessages($object->error, $object->errors, 'errors'); } + $action = ''; } // Action clone object @@ -432,6 +466,7 @@ if ($action == 'confirm_clone' && $confirm == 'yes' && !empty($permissiontoadd)) } else { $newid = $result; } + header("Location: ".$_SERVER['PHP_SELF'].'?id='.$newid); // Open record of new object exit; } else { diff --git a/htdocs/core/actions_massactions.inc.php b/htdocs/core/actions_massactions.inc.php index 8d70f7c3042..23851b5e789 100644 --- a/htdocs/core/actions_massactions.inc.php +++ b/htdocs/core/actions_massactions.inc.php @@ -631,6 +631,8 @@ if ($massaction == 'confirm_createbills') { // Create bills from orders. $createbills_onebythird = GETPOST('createbills_onebythird', 'int'); $validate_invoices = GETPOST('validate_invoices', 'int'); + $errors = array(); + $TFact = array(); $TFactThird = array(); @@ -645,18 +647,19 @@ if ($massaction == 'confirm_createbills') { // Create bills from orders. if ($cmd->fetch($id_order) <= 0) { continue; } + $cmd->fetch_thirdparty(); $objecttmp = new Facture($db); if (!empty($createbills_onebythird) && !empty($TFactThird[$cmd->socid])) { - $objecttmp = $TFactThird[$cmd->socid]; // If option "one bill per third" is set, we use already created order. + // If option "one bill per third" is set, and an invoice for this thirdparty was already created, we re-use it. + $objecttmp = $TFactThird[$cmd->socid]; } else { - // Load extrafields of order - $cmd->fetch_optionals(); - + // If we want one invoice per order or if there is no first invoice yet for this thirdparty. $objecttmp->socid = $cmd->socid; $objecttmp->type = $objecttmp::TYPE_STANDARD; - $objecttmp->cond_reglement_id = $cmd->cond_reglement_id; - $objecttmp->mode_reglement_id = $cmd->mode_reglement_id; + $objecttmp->cond_reglement_id = ($cmd->cond_reglement_id || $cmd->thirdparty->cond_reglement_id); + $objecttmp->mode_reglement_id = ($cmd->mode_reglement_id || $cmd->thirdparty->mode_reglement_id); + $objecttmp->fk_project = $cmd->fk_project; $objecttmp->multicurrency_code = $cmd->multicurrency_code; if (empty($createbills_onebythird)) { @@ -680,23 +683,20 @@ if ($massaction == 'confirm_createbills') { // Create bills from orders. $nb_bills_created++; $lastref = $objecttmp->ref; $lastid = $objecttmp->id; + + $TFactThird[$cmd->socid] = $objecttmp; + } else { + $langs->load("errors"); + $errors[] = $cmd->ref.' : '.$langs->trans($objecttmp->error); + $error++; } } if ($objecttmp->id > 0) { - $sql = "INSERT INTO ".MAIN_DB_PREFIX."element_element ("; - $sql .= "fk_source"; - $sql .= ", sourcetype"; - $sql .= ", fk_target"; - $sql .= ", targettype"; - $sql .= ") VALUES ("; - $sql .= $id_order; - $sql .= ", '".$db->escape($objecttmp->origin)."'"; - $sql .= ", ".$objecttmp->id; - $sql .= ", '".$db->escape($objecttmp->element)."'"; - $sql .= ")"; + $res = $objecttmp->add_object_linked($objecttmp->origin, $id_order); - if (!$db->query($sql)) { + if ($res == 0) { + $errors[] = $objecttmp->error; $error++; } @@ -845,7 +845,6 @@ if ($massaction == 'confirm_createbills') { // Create bills from orders. } $id = $objecttmp->id; // For builddoc action - $object = $objecttmp; // Builddoc $donotredirect = 1; @@ -854,7 +853,7 @@ if ($massaction == 'confirm_createbills') { // Create bills from orders. // Call action to build doc $savobject = $object; - $object = $objecttmp; + $object = $objecttmp; include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php'; $object = $savobject; } @@ -949,6 +948,7 @@ if ($massaction == 'confirm_createbills') { // Create bills from orders. exit; } else { $db->rollback(); + $action = 'create'; $_GET["origin"] = $_POST["origin"]; $_GET["originid"] = $_POST["originid"]; @@ -1544,6 +1544,126 @@ if (!$error && ($massaction == 'disable' || ($action == 'disable' && $confirm == } } +if (!$error && ($massaction == 'approveleave' || ($action == 'approveleave' && $confirm == 'yes')) && $permissiontoapprove) { + $db->begin(); + + $objecttmp = new $objectclass($db); + $nbok = 0; + foreach ($toselect as $toselectid) { + $result = $objecttmp->fetch($toselectid); + if ($result>0) { + if ($objecttmp->statut == Holiday::STATUS_VALIDATED && $user->id == $objecttmp->fk_validator) { + $objecttmp->oldcopy = dol_clone($objecttmp); + + $objecttmp->date_valid = dol_now(); + $objecttmp->fk_user_valid = $user->id; + $objecttmp->statut = Holiday::STATUS_APPROVED; + + $db->begin(); + + $verif = $objecttmp->approve($user); + if ($verif <= 0) { + setEventMessages($objecttmp->error, $objecttmp->errors, 'errors'); + $error++; + } + + // If no SQL error, we redirect to the request form + if (!$error) { + // Calculcate number of days consummed + $nbopenedday = num_open_day($objecttmp->date_debut_gmt, $objecttmp->date_fin_gmt, 0, 1, $objecttmp->halfday); + $soldeActuel = $objecttmp->getCpforUser($objecttmp->fk_user, $objecttmp->fk_type); + $newSolde = ($soldeActuel - $nbopenedday); + + // The modification is added to the LOG + $result = $objecttmp->addLogCP($user->id, $objecttmp->fk_user, $langs->transnoentitiesnoconv("Holidays"), $newSolde, $objecttmp->fk_type); + if ($result < 0) { + $error++; + setEventMessages(null, $objecttmp->errors, 'errors'); + } + + // Update balance + $result = $objecttmp->updateSoldeCP($objecttmp->fk_user, $newSolde, $objecttmp->fk_type); + if ($result < 0) { + $error++; + setEventMessages(null, $objecttmp->errors, 'errors'); + } + } + + if (!$error) { + // To + $destinataire = new User($db); + $destinataire->fetch($objecttmp->fk_user); + $emailTo = $destinataire->email; + + if (!$emailTo) { + dol_syslog("User that request leave has no email, so we redirect directly to finished page without sending email"); + } else { + // From + $expediteur = new User($db); + $expediteur->fetch($objecttmp->fk_validator); + //$emailFrom = $expediteur->email; Email of user can be an email into another company. Sending will fails, we must use the generic email. + $emailFrom = $conf->global->MAIN_MAIL_EMAIL_FROM; + + // Subject + $societeName = $conf->global->MAIN_INFO_SOCIETE_NOM; + if (!empty($conf->global->MAIN_APPLICATION_TITLE)) { + $societeName = $conf->global->MAIN_APPLICATION_TITLE; + } + + $subject = $societeName." - ".$langs->transnoentitiesnoconv("HolidaysValidated"); + + // Content + $message = $langs->transnoentitiesnoconv("Hello")." ".$destinataire->firstname.",\n"; + $message .= "\n"; + + $message .= $langs->transnoentities("HolidaysValidatedBody", dol_print_date($objecttmp->date_debut, 'day'), dol_print_date($objecttmp->date_fin, 'day'))."\n"; + + $message .= "- ".$langs->transnoentitiesnoconv("ValidatedBy")." : ".dolGetFirstLastname($expediteur->firstname, $expediteur->lastname)."\n"; + + $message .= "- ".$langs->transnoentitiesnoconv("Link")." : ".$dolibarr_main_url_root."/holiday/card.php?id=".$objecttmp->id."\n\n"; + $message .= "\n"; + + $trackid = 'leav'.$objecttmp->id; + + $mail = new CMailFile($subject, $emailTo, $emailFrom, $message, array(), array(), array(), '', '', 0, 0, '', '', $trackid); + + // Sending email + $result = $mail->sendfile(); + + if (!$result) { + setEventMessages($mail->error, $mail->errors, 'warnings'); // Show error, but do no make rollback, so $error is not set to 1 + $action = ''; + } + } + } + + if (!$error) { + $db->commit(); + $nbok++; + } else { + $db->rollback(); + $action = ''; + } + } + } else { + setEventMessages($objecttmp->error, $objecttmp->errors, 'errors'); + $error++; + break; + } + } + + if (!$error) { + if ($nbok > 1) { + setEventMessages($langs->trans("RecordsApproved", $nbok), null, 'mesgs'); + } else { + setEventMessages($langs->trans("RecordAproved"), null, 'mesgs'); + } + $db->commit(); + } else { + $db->rollback(); + } +} + $parameters['toselect'] = $toselect; $parameters['uploaddir'] = $uploaddir; $parameters['massaction'] = $massaction; diff --git a/htdocs/core/actions_sendmails.inc.php b/htdocs/core/actions_sendmails.inc.php index e5c75a2e7c3..55416354441 100644 --- a/htdocs/core/actions_sendmails.inc.php +++ b/htdocs/core/actions_sendmails.inc.php @@ -316,7 +316,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST $deliveryreceipt = $_POST['deliveryreceipt']; if ($action == 'send' || $action == 'relance') { - $actionmsg2 = $langs->transnoentities('MailSentBy').' '.CMailFile::getValidAddress($from, 4, 0, 1).' '.$langs->transnoentities('at').' '.CMailFile::getValidAddress($sendto, 4, 0, 1); + $actionmsg2 = $langs->transnoentities('MailSentBy').' '.CMailFile::getValidAddress($from, 4, 0, 1).' '.$langs->transnoentities('To').' '.CMailFile::getValidAddress($sendto, 4, 0, 1); if ($message) { $actionmsg = $langs->transnoentities('MailFrom').': '.dol_escape_htmltag($from); $actionmsg = dol_concatdesc($actionmsg, $langs->transnoentities('MailTo').': '.dol_escape_htmltag($sendto)); diff --git a/htdocs/core/ajax/ajaxdirpreview.php b/htdocs/core/ajax/ajaxdirpreview.php index 09292dd4991..810a23957fd 100644 --- a/htdocs/core/ajax/ajaxdirpreview.php +++ b/htdocs/core/ajax/ajaxdirpreview.php @@ -328,7 +328,7 @@ if ($type == 'directory') { if ($section) { $param .= '§ion='.$section; if (isset($search_doc_ref) && $search_doc_ref != '') { - $param .= '&search_doc_ref='.$search_doc_ref; + $param .= '&search_doc_ref='.urlencode($search_doc_ref); } $textifempty = $langs->trans('NoFileFound'); diff --git a/htdocs/core/ajax/check_notifications.php b/htdocs/core/ajax/check_notifications.php index 35d10af49b6..bbbc95a19c5 100644 --- a/htdocs/core/ajax/check_notifications.php +++ b/htdocs/core/ajax/check_notifications.php @@ -75,12 +75,9 @@ if ($action == 'stopreminder') { $listofreminderid = GETPOST('listofreminderids', 'intcomma'); // Set the reminder as done - //foreach ($listofreminderidsarray as $listofreminderid) { - // if (empty($listofreminderid)) continue; - //$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'action_reminder WHERE rowid = '.$listofreminderid.' AND fk_user = '.$user->id; $sql = 'UPDATE '.MAIN_DB_PREFIX.'actioncomm_reminder SET status = 1'; $sql .= ' WHERE status = 0 AND rowid IN ('.$db->sanitize($db->escape($listofreminderid)).')'; - $sql .= ' AND fk_user = '.$user->id.' AND entity = '.$conf->entity; + $sql .= ' AND fk_user = '.((int) $user->id).' AND entity = '.((int) $conf->entity); $resql = $db->query($sql); if (!$resql) { dol_print_error($db); @@ -149,13 +146,13 @@ if (empty($_SESSION['auto_check_events_not_before']) || $time >= $_SESSION['auto $sql = 'SELECT a.id as id_agenda, a.code, a.datep, a.label, a.location, ar.rowid as id_reminder, ar.dateremind, ar.fk_user as id_user_reminder'; $sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm as a'; if (!empty($user->conf->MAIN_USER_WANT_ALL_EVENTS_NOTIFICATIONS)) { - $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'actioncomm_reminder as ar ON a.id = ar.fk_actioncomm AND ar.fk_user = '.$user->id; + $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'actioncomm_reminder as ar ON a.id = ar.fk_actioncomm AND ar.fk_user = '.((int) $user->id); $sql .= ' WHERE a.code <> "AC_OTH_AUTO"'; $sql .= ' AND ('; $sql .= " (ar.typeremind = 'browser' AND ar.dateremind < '".$db->idate(dol_now())."' AND ar.status = 0 AND ar.entity = ".$conf->entity; $sql .= ' )'; } else { - $sql .= ' JOIN '.MAIN_DB_PREFIX.'actioncomm_reminder as ar ON a.id = ar.fk_actioncomm AND ar.fk_user = '.$user->id; + $sql .= ' JOIN '.MAIN_DB_PREFIX.'actioncomm_reminder as ar ON a.id = ar.fk_actioncomm AND ar.fk_user = '.((int) $user->id); $sql .= " AND ar.typeremind = 'browser' AND ar.dateremind < '".$db->idate(dol_now())."' AND ar.status = 0 AND ar.entity = ".$conf->entity; } $sql .= $db->order('datep', 'ASC'); diff --git a/htdocs/core/boxes/box_actions.php b/htdocs/core/boxes/box_actions.php index 121137fd1a6..64a2314560c 100644 --- a/htdocs/core/boxes/box_actions.php +++ b/htdocs/core/boxes/box_actions.php @@ -100,13 +100,13 @@ class box_actions extends ModeleBoxes $sql .= " AND a.entity IN (".getEntity('actioncomm').")"; $sql .= " AND a.percent >= 0 AND a.percent < 100"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!$user->rights->agenda->allactions->read) { - $sql .= " AND (a.fk_user_author = ".$user->id." OR a.fk_user_action = ".$user->id." OR a.fk_user_done = ".$user->id.")"; + $sql .= " AND (a.fk_user_author = ".((int) $user->id)." OR a.fk_user_action = ".((int) $user->id)." OR a.fk_user_done = ".((int) $user->id).")"; } $sql .= " ORDER BY a.datec DESC"; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_activity.php b/htdocs/core/boxes/box_activity.php index 18c1f28c590..a858111d76d 100644 --- a/htdocs/core/boxes/box_activity.php +++ b/htdocs/core/boxes/box_activity.php @@ -120,10 +120,10 @@ class box_activity extends ModeleBoxes $sql .= " WHERE p.entity IN (".getEntity('propal').")"; $sql .= " AND p.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " AND p.datep >= '".$this->db->idate($tmpdate)."'"; $sql .= " AND p.date_cloture IS NULL"; // just unclosed @@ -210,10 +210,10 @@ class box_activity extends ModeleBoxes $sql .= " WHERE c.entity IN (".getEntity('commande').")"; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " AND c.date_commande >= '".$this->db->idate($tmpdate)."'"; $sql .= " GROUP BY c.fk_statut"; @@ -297,10 +297,10 @@ class box_activity extends ModeleBoxes $sql .= ")"; $sql .= " WHERE f.entity IN (".getEntity('invoice').')'; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.datef >= '".$this->db->idate($tmpdate)."' AND f.paye=1"; diff --git a/htdocs/core/boxes/box_clients.php b/htdocs/core/boxes/box_clients.php index 3c83d7521f2..995f017f5f1 100644 --- a/htdocs/core/boxes/box_clients.php +++ b/htdocs/core/boxes/box_clients.php @@ -98,10 +98,10 @@ class box_clients extends ModeleBoxes $sql .= " WHERE s.client IN (1, 3)"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " ORDER BY s.tms DESC"; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_commandes.php b/htdocs/core/boxes/box_commandes.php index 6583673f8ca..4d47f703fff 100644 --- a/htdocs/core/boxes/box_commandes.php +++ b/htdocs/core/boxes/box_commandes.php @@ -110,10 +110,10 @@ class box_commandes extends ModeleBoxes $sql .= " AND c.fk_statut = 1"; } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY c.date_commande DESC, c.ref DESC "; diff --git a/htdocs/core/boxes/box_comptes.php b/htdocs/core/boxes/box_comptes.php index 7166ebb713e..f42b7a2ef7c 100644 --- a/htdocs/core/boxes/box_comptes.php +++ b/htdocs/core/boxes/box_comptes.php @@ -122,7 +122,12 @@ class box_comptes extends ModeleBoxes $account_static->accountancy_journal = $objp->accountancy_journal; $solde = $account_static->solde(0); - $solde_total[$objp->currency_code] += $solde; + if (!array_key_exists($objp->currency_code, $solde_total)) { + $solde_total[$objp->currency_code] = $solde; + } else { + $solde_total[$objp->currency_code] += $solde; + } + $this->info_box_contents[$line][] = array( 'td' => '', diff --git a/htdocs/core/boxes/box_contacts.php b/htdocs/core/boxes/box_contacts.php index fada6a93bfd..6aefc1f2d74 100644 --- a/htdocs/core/boxes/box_contacts.php +++ b/htdocs/core/boxes/box_contacts.php @@ -98,10 +98,10 @@ class box_contacts extends ModeleBoxes } $sql .= " WHERE sp.entity IN (".getEntity('socpeople').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND sp.fk_soc = ".$user->socid; + $sql .= " AND sp.fk_soc = ".((int) $user->socid); } $sql .= " ORDER BY sp.tms DESC"; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_contracts.php b/htdocs/core/boxes/box_contracts.php index 9d7b625db91..9bb794b94fa 100644 --- a/htdocs/core/boxes/box_contracts.php +++ b/htdocs/core/boxes/box_contracts.php @@ -92,10 +92,10 @@ class box_contracts extends ModeleBoxes $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (! empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY c.date_contrat DESC, c.ref DESC "; diff --git a/htdocs/core/boxes/box_customers_outstanding_bill_reached.php b/htdocs/core/boxes/box_customers_outstanding_bill_reached.php index d0117526515..b61fe66f064 100644 --- a/htdocs/core/boxes/box_customers_outstanding_bill_reached.php +++ b/htdocs/core/boxes/box_customers_outstanding_bill_reached.php @@ -99,7 +99,7 @@ class box_customers_outstanding_bill_reached extends ModeleBoxes $sql .= " WHERE s.client IN (1, 3)"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { $sql .= " AND s.rowid = $user->socid"; diff --git a/htdocs/core/boxes/box_factures.php b/htdocs/core/boxes/box_factures.php index 12382ccb583..6bdeabda212 100644 --- a/htdocs/core/boxes/box_factures.php +++ b/htdocs/core/boxes/box_factures.php @@ -107,10 +107,10 @@ class box_factures extends ModeleBoxes $sql .= " WHERE f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY f.datef DESC, f.ref DESC "; diff --git a/htdocs/core/boxes/box_factures_fourn.php b/htdocs/core/boxes/box_factures_fourn.php index a5d63c7b9c3..70640efeb78 100644 --- a/htdocs/core/boxes/box_factures_fourn.php +++ b/htdocs/core/boxes/box_factures_fourn.php @@ -106,10 +106,10 @@ class box_factures_fourn extends ModeleBoxes $sql .= " WHERE f.fk_soc = s.rowid"; $sql .= " AND f.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY f.datef DESC, f.ref DESC "; diff --git a/htdocs/core/boxes/box_factures_fourn_imp.php b/htdocs/core/boxes/box_factures_fourn_imp.php index 9c35055011d..74f9a3a46aa 100644 --- a/htdocs/core/boxes/box_factures_fourn_imp.php +++ b/htdocs/core/boxes/box_factures_fourn_imp.php @@ -92,6 +92,7 @@ class box_factures_fourn_imp extends ModeleBoxes $sql .= ", f.tva as total_tva"; $sql .= ", f.total_ttc"; $sql .= ", f.paye, f.fk_statut as status, f.type"; + $sql .= ", f.tms"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ",".MAIN_DB_PREFIX."facture_fourn as f"; if (!$user->rights->societe->client->voir && !$user->socid) { @@ -102,10 +103,10 @@ class box_factures_fourn_imp extends ModeleBoxes $sql .= " AND f.paye = 0"; $sql .= " AND fk_statut = 1"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " ORDER BY datelimite DESC, f.ref_supplier DESC "; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_factures_imp.php b/htdocs/core/boxes/box_factures_imp.php index 400ae910749..3b6e857b058 100644 --- a/htdocs/core/boxes/box_factures_imp.php +++ b/htdocs/core/boxes/box_factures_imp.php @@ -110,10 +110,10 @@ class box_factures_imp extends ModeleBoxes $sql .= " AND f.paye = 0"; $sql .= " AND fk_statut = 1"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " GROUP BY s.rowid, s.nom, s.name_alias, s.code_client, s.code_compta, s.client, s.logo, s.email, s.entity, s.tva_intra, s.siren, s.siret, s.ape, s.idprof4, s.idprof5, s.idprof6,"; $sql .= " f.ref, f.date_lim_reglement,"; diff --git a/htdocs/core/boxes/box_ficheinter.php b/htdocs/core/boxes/box_ficheinter.php index 7179be0cfbb..3b62361343a 100644 --- a/htdocs/core/boxes/box_ficheinter.php +++ b/htdocs/core/boxes/box_ficheinter.php @@ -96,10 +96,10 @@ class box_ficheinter extends ModeleBoxes $sql .= " WHERE f.fk_soc = s.rowid "; $sql .= " AND f.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " ORDER BY f.tms DESC"; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_fournisseurs.php b/htdocs/core/boxes/box_fournisseurs.php index b0d5a0774fc..c0516c1cf4c 100644 --- a/htdocs/core/boxes/box_fournisseurs.php +++ b/htdocs/core/boxes/box_fournisseurs.php @@ -93,10 +93,10 @@ class box_fournisseurs extends ModeleBoxes $sql .= " WHERE s.fournisseur = 1"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " ORDER BY s.tms DESC "; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_last_modified_ticket.php b/htdocs/core/boxes/box_last_modified_ticket.php index 33d2bab0485..57e54594255 100644 --- a/htdocs/core/boxes/box_last_modified_ticket.php +++ b/htdocs/core/boxes/box_last_modified_ticket.php @@ -94,14 +94,14 @@ class box_last_modified_ticket extends ModeleBoxes $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_severity as severity ON severity.code=t.severity_code"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid=t.fk_soc"; - $sql .= " WHERE t.entity = ".$conf->entity; + $sql .= " WHERE t.entity IN (".getEntity('ticket').')'; // $sql.= " AND e.rowid = er.fk_event"; - //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id); if ($user->socid) { - $sql .= " AND t.fk_soc= ".$user->socid; + $sql .= " AND t.fk_soc = ".((int) $user->socid); } - $sql .= " ORDER BY t.tms DESC, t.rowid DESC "; + $sql .= " ORDER BY t.tms DESC, t.rowid DESC"; $sql .= $this->db->plimit($max, 0); $resql = $this->db->query($sql); diff --git a/htdocs/core/boxes/box_last_ticket.php b/htdocs/core/boxes/box_last_ticket.php index e08a54f1c87..39086464f73 100644 --- a/htdocs/core/boxes/box_last_ticket.php +++ b/htdocs/core/boxes/box_last_ticket.php @@ -93,12 +93,11 @@ class box_last_ticket extends ModeleBoxes $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_category as category ON category.code=t.category_code"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_severity as severity ON severity.code=t.severity_code"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid=t.fk_soc"; - - $sql .= " WHERE t.entity = ".$conf->entity; + $sql .= " WHERE t.entity IN (".getEntity('ticket').")"; // $sql.= " AND e.rowid = er.fk_event"; - //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); if ($user->socid) { - $sql .= " AND t.fk_soc= ".$user->socid; + $sql .= " AND t.fk_soc= ".((int) $user->socid); } //$sql.= " AND t.fk_statut > 9"; diff --git a/htdocs/core/boxes/box_produits.php b/htdocs/core/boxes/box_produits.php index dde3b685d25..d039881445e 100644 --- a/htdocs/core/boxes/box_produits.php +++ b/htdocs/core/boxes/box_produits.php @@ -122,8 +122,8 @@ class box_produits extends ModeleBoxes if (!empty($conf->global->MAIN_MULTILANGS)) { // si l'option est active $sqld = "SELECT label"; $sqld .= " FROM ".MAIN_DB_PREFIX."product_lang"; - $sqld .= " WHERE fk_product=".$objp->rowid; - $sqld .= " AND lang='".$this->db->escape($langs->getDefaultLang())."'"; + $sqld .= " WHERE fk_product = ".((int) $objp->rowid); + $sqld .= " AND lang = '".$this->db->escape($langs->getDefaultLang())."'"; $sqld .= " LIMIT 1"; $resultd = $this->db->query($sqld); diff --git a/htdocs/core/boxes/box_produits_alerte_stock.php b/htdocs/core/boxes/box_produits_alerte_stock.php index d7ae1566a44..5e7ec72d0e1 100644 --- a/htdocs/core/boxes/box_produits_alerte_stock.php +++ b/htdocs/core/boxes/box_produits_alerte_stock.php @@ -129,8 +129,8 @@ class box_produits_alerte_stock extends ModeleBoxes if (!empty($conf->global->MAIN_MULTILANGS)) { // si l'option est active $sqld = "SELECT label"; $sqld .= " FROM ".MAIN_DB_PREFIX."product_lang"; - $sqld .= " WHERE fk_product=".$objp->rowid; - $sqld .= " AND lang='".$this->db->escape($langs->getDefaultLang())."'"; + $sqld .= " WHERE fk_product = ".((int) $objp->rowid); + $sqld .= " AND lang = '".$this->db->escape($langs->getDefaultLang())."'"; $sqld .= " LIMIT 1"; $resultd = $this->db->query($sqld); diff --git a/htdocs/core/boxes/box_project.php b/htdocs/core/boxes/box_project.php index 9f1204c4dc4..f14ab699690 100644 --- a/htdocs/core/boxes/box_project.php +++ b/htdocs/core/boxes/box_project.php @@ -136,8 +136,9 @@ class box_project extends ModeleBoxes $sql = "SELECT count(*) as nb, sum(progress) as totprogress"; $sql .= " FROM ".MAIN_DB_PREFIX."projet as p LEFT JOIN ".MAIN_DB_PREFIX."projet_task as pt on pt.fk_projet = p.rowid"; - $sql .= " WHERE p.entity IN (".getEntity('project').')'; - $sql .= " AND p.rowid = ".$objp->rowid; + $sql .= " WHERE p.entity IN (".getEntity('project').')'; + $sql .= " AND p.rowid = ".((int) $objp->rowid); + $resultTask = $this->db->query($sql); if ($resultTask) { $objTask = $this->db->fetch_object($resultTask); diff --git a/htdocs/core/boxes/box_propales.php b/htdocs/core/boxes/box_propales.php index 9c6376351e7..6599116a980 100644 --- a/htdocs/core/boxes/box_propales.php +++ b/htdocs/core/boxes/box_propales.php @@ -96,10 +96,10 @@ class box_propales extends ModeleBoxes $sql .= " WHERE p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('propal').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY p.datep DESC, p.ref DESC "; diff --git a/htdocs/core/boxes/box_prospect.php b/htdocs/core/boxes/box_prospect.php index 7489cc997ea..06d42e34b18 100644 --- a/htdocs/core/boxes/box_prospect.php +++ b/htdocs/core/boxes/box_prospect.php @@ -99,10 +99,10 @@ class box_prospect extends ModeleBoxes $sql .= " WHERE s.client IN (2, 3)"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " ORDER BY s.tms DESC"; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_services_contracts.php b/htdocs/core/boxes/box_services_contracts.php index 98e2b82bb37..320932a0c6f 100644 --- a/htdocs/core/boxes/box_services_contracts.php +++ b/htdocs/core/boxes/box_services_contracts.php @@ -96,12 +96,12 @@ class box_services_contracts extends ModeleBoxes $sql .= " INNER JOIN ".MAIN_DB_PREFIX."contratdet as cd ON c.rowid = cd.fk_contrat"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= ")"; $sql .= " WHERE c.entity = ".$conf->entity; if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= $this->db->order("c.tms", "DESC"); $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_services_expired.php b/htdocs/core/boxes/box_services_expired.php index 75cc1cde413..433c566ad31 100644 --- a/htdocs/core/boxes/box_services_expired.php +++ b/htdocs/core/boxes/box_services_expired.php @@ -93,10 +93,10 @@ class box_services_expired extends ModeleBoxes $sql .= " AND c.entity = ".$conf->entity; $sql .= " AND c.fk_soc=s.rowid AND cd.fk_contrat=c.rowid AND c.statut > 0"; if ($user->socid) { - $sql .= ' AND c.fk_soc = '.$user->socid; + $sql .= ' AND c.fk_soc = '.((int) $user->socid); } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY c.rowid, c.ref, c.statut, c.date_contrat, c.ref_customer, c.ref_supplier, s.nom, s.rowid"; $sql .= ", s.email, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur"; diff --git a/htdocs/core/boxes/box_shipments.php b/htdocs/core/boxes/box_shipments.php index abb639ddb94..2b6adfe3bdc 100644 --- a/htdocs/core/boxes/box_shipments.php +++ b/htdocs/core/boxes/box_shipments.php @@ -109,10 +109,10 @@ class box_shipments extends ModeleBoxes $sql .= " AND e.fk_statut = 1"; } if ($user->socid > 0) { - $sql.= " AND s.rowid = ".$user->socid; + $sql.= " AND s.rowid = ".((int) $user->socid); } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } else { $sql .= " ORDER BY e.date_delivery, e.ref DESC "; } diff --git a/htdocs/core/boxes/box_supplier_orders.php b/htdocs/core/boxes/box_supplier_orders.php index 0c2b97ce6b5..b3451d9b6c3 100644 --- a/htdocs/core/boxes/box_supplier_orders.php +++ b/htdocs/core/boxes/box_supplier_orders.php @@ -98,10 +98,10 @@ class box_supplier_orders extends ModeleBoxes $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('supplier_order').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY c.date_commande DESC, c.ref DESC "; diff --git a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php index 04dabbd0ff3..8125a848fd0 100644 --- a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php +++ b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php @@ -99,10 +99,10 @@ class box_supplier_orders_awaiting_reception extends ModeleBoxes $sql .= " AND c.entity IN (".getEntity('supplier_order').")"; $sql .= " AND c.fk_statut IN (".CommandeFournisseur::STATUS_ORDERSENT.", ".CommandeFournisseur::STATUS_RECEIVED_PARTIALLY.")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY c.date_commande DESC, c.ref DESC"; diff --git a/htdocs/core/boxes/box_validated_projects.php b/htdocs/core/boxes/box_validated_projects.php index 66a4f76f1b3..0c4155da6c7 100644 --- a/htdocs/core/boxes/box_validated_projects.php +++ b/htdocs/core/boxes/box_validated_projects.php @@ -118,7 +118,7 @@ class box_validated_projects extends ModeleBoxes if ($projectsListId) { $sql .= ' AND p.rowid IN ('.$this->db->sanitize($projectsListId).')'; // Only project we ara allowed } - $sql .= " AND t.rowid NOT IN (SELECT fk_task FROM ".MAIN_DB_PREFIX."projet_task_time WHERE fk_user =".$user->id.")"; + $sql .= " AND t.rowid NOT IN (SELECT fk_task FROM ".MAIN_DB_PREFIX."projet_task_time WHERE fk_user = ".((int) $user->id).")"; $sql .= " GROUP BY p.rowid, p.ref, p.fk_soc, p.dateo"; $sql .= " ORDER BY p.dateo ASC"; @@ -157,7 +157,7 @@ class box_validated_projects extends ModeleBoxes ); if ($objp->fk_soc > 0) { - $sql = 'SELECT rowid, nom as name FROM '.MAIN_DB_PREFIX.'societe WHERE rowid ='.$objp->fk_soc; + $sql = 'SELECT rowid, nom as name FROM '.MAIN_DB_PREFIX.'societe WHERE rowid = '.((int) $objp->fk_soc); $resql = $this->db->query($sql); //$socstatic = new Societe($this->db); $obj2 = $this->db->fetch_object($resql); @@ -165,7 +165,7 @@ class box_validated_projects extends ModeleBoxes 'td' => 'class="tdoverflowmax150 maxwidth200onsmartphone"', 'text' => $obj2->name, 'asis' => 1, - 'url' => DOL_URL_ROOT.'/societe/card.php?socid='.$obj2->rowid + 'url' => DOL_URL_ROOT.'/societe/card.php?socid='.urlencode($obj2->rowid) ); } else { $this->info_box_contents[$i][] = array( diff --git a/htdocs/core/class/commondocgenerator.class.php b/htdocs/core/class/commondocgenerator.class.php index 909178d4fb1..18920da3bc2 100644 --- a/htdocs/core/class/commondocgenerator.class.php +++ b/htdocs/core/class/commondocgenerator.class.php @@ -1201,11 +1201,12 @@ abstract class CommonDocGenerator * get extrafield content for pdf writeHtmlCell compatibility * usage for PDF line columns and object note block * - * @param object $object common object - * @param string $extrafieldKey the extrafield key + * @param object $object Common object + * @param string $extrafieldKey The extrafield key + * @param Translate $outputlangs The output langs (if value is __(XXX)__ we use it to translate it). * @return string */ - public function getExtrafieldContent($object, $extrafieldKey) + public function getExtrafieldContent($object, $extrafieldKey, $outputlangs = null) { global $hookmanager; @@ -1341,7 +1342,7 @@ abstract class CommonDocGenerator $field = new stdClass(); $field->rank = intval($extrafields->attributes[$object->table_element]['pos'][$key]); - $field->content = $this->getExtrafieldContent($object, $key); + $field->content = $this->getExtrafieldContent($object, $key, $outputlangs); $field->label = $outputlangs->transnoentities($label); $field->type = $extrafields->attributes[$object->table_element]['type'][$key]; diff --git a/htdocs/core/class/commonincoterm.class.php b/htdocs/core/class/commonincoterm.class.php index 25745bb4c5c..11af43c2914 100644 --- a/htdocs/core/class/commonincoterm.class.php +++ b/htdocs/core/class/commonincoterm.class.php @@ -109,7 +109,7 @@ trait CommonIncoterm $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET fk_incoterms = ".($id_incoterm > 0 ? $id_incoterm : "null"); $sql .= ", location_incoterms = ".($id_incoterm > 0 ? "'".$this->db->escape($location)."'" : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this).'::setIncoterms', LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/core/class/commoninvoice.class.php b/htdocs/core/class/commoninvoice.class.php index 81f2b529f1d..dfabfd24ebe 100644 --- a/htdocs/core/class/commoninvoice.class.php +++ b/htdocs/core/class/commoninvoice.class.php @@ -132,7 +132,7 @@ abstract class CommonInvoice extends CommonObject $sql = 'SELECT sum(amount) as amount, sum(multicurrency_amount) as multicurrency_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.$table; - $sql .= ' WHERE '.$field.' = '.$this->id; + $sql .= " WHERE ".$field." = ".((int) $this->id); dol_syslog(get_class($this)."::getSommePaiement", LOG_DEBUG); $resql = $this->db->query($sql); @@ -227,7 +227,7 @@ abstract class CommonInvoice extends CommonObject $sql = 'SELECT rowid'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE fk_facture_source = '.$this->id; + $sql .= ' WHERE fk_facture_source = '.((int) $this->id); $sql .= ' AND type = 2'; $resql = $this->db->query($sql); if ($resql) { @@ -254,7 +254,7 @@ abstract class CommonInvoice extends CommonObject { $sql = 'SELECT rowid'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE fk_facture_source = '.$this->id; + $sql .= ' WHERE fk_facture_source = '.((int) $this->id); $sql .= ' AND type < 2'; if ($option == 'validated') { $sql .= ' AND fk_statut = 1'; @@ -308,9 +308,8 @@ abstract class CommonInvoice extends CommonObject $sql = 'SELECT p.ref, pf.amount, pf.multicurrency_amount, p.fk_paiement, p.datep, p.num_paiement as num, t.code'.$field3; $sql .= ' FROM '.MAIN_DB_PREFIX.$table.' as pf, '.MAIN_DB_PREFIX.$table2.' as p, '.MAIN_DB_PREFIX.'c_paiement as t'; - $sql .= ' WHERE pf.'.$field.' = '.$this->id; - //$sql.= ' WHERE pf.'.$field.' = 1'; - $sql .= ' AND pf.'.$field2.' = p.rowid'; + $sql .= " WHERE pf.".$field." = ".((int) $this->id); + $sql .= " AND pf.".$field2." = p.rowid"; $sql .= ' AND p.fk_paiement = t.id'; $sql .= ' AND p.entity IN ('.getEntity($sharedentity).')'; if ($filtertype) { @@ -338,12 +337,12 @@ abstract class CommonInvoice extends CommonObject if ($this->element == 'facture' || $this->element == 'invoice') { $sql = 'SELECT rc.amount_ttc as amount, rc.multicurrency_amount_ttc as multicurrency_amount, rc.datec as date, f.ref as ref, rc.description as type'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture as f'; - $sql .= ' WHERE rc.fk_facture_source=f.rowid AND rc.fk_facture = '.$this->id; + $sql .= ' WHERE rc.fk_facture_source=f.rowid AND rc.fk_facture = '.((int) $this->id); $sql .= ' AND (f.type = 2 OR f.type = 0 OR f.type = 3)'; // Find discount coming from credit note or excess received or deposits (payments from deposits are always null except if FACTURE_DEPOSITS_ARE_JUST_PAYMENTS is set) } elseif ($this->element == 'facture_fourn' || $this->element == 'invoice_supplier') { $sql = 'SELECT rc.amount_ttc as amount, rc.multicurrency_amount_ttc as multicurrency_amount, rc.datec as date, f.ref as ref, rc.description as type'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture_fourn as f'; - $sql .= ' WHERE rc.fk_invoice_supplier_source=f.rowid AND rc.fk_invoice_supplier = '.$this->id; + $sql .= ' WHERE rc.fk_invoice_supplier_source=f.rowid AND rc.fk_invoice_supplier = '.((int) $this->id); $sql .= ' AND (f.type = 2 OR f.type = 0 OR f.type = 3)'; // Find discount coming from credit note or excess received or deposits (payments from deposits are always null except if FACTURE_DEPOSITS_ARE_JUST_PAYMENTS is set) } @@ -462,7 +461,7 @@ abstract class CommonInvoice extends CommonObject $type = 'supplier_invoice'; } - $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->id; + $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); @@ -700,9 +699,9 @@ abstract class CommonInvoice extends CommonObject $sql = 'SELECT count(*)'; $sql .= ' FROM '.MAIN_DB_PREFIX.'prelevement_facture_demande'; if ($type == 'bank-transfer') { - $sql .= ' WHERE fk_facture_fourn = '.$this->id; + $sql .= ' WHERE fk_facture_fourn = '.((int) $this->id); } else { - $sql .= ' WHERE fk_facture = '.$this->id; + $sql .= ' WHERE fk_facture = '.((int) $this->id); } $sql .= ' AND ext_payment_id IS NULL'; // To exclude record done for some online payments $sql .= ' AND traite = 0'; @@ -735,16 +734,16 @@ abstract class CommonInvoice extends CommonObject $sql .= 'fk_facture, '; } $sql .= ' amount, date_demande, fk_user_demande, code_banque, code_guichet, number, cle_rib, sourcetype, entity)'; - $sql .= ' VALUES ('.$this->id; - $sql .= ",'".price2num($amount)."'"; - $sql .= ",'".$this->db->idate($now)."'"; - $sql .= ",".$fuser->id; - $sql .= ",'".$this->db->escape($bac->code_banque)."'"; - $sql .= ",'".$this->db->escape($bac->code_guichet)."'"; - $sql .= ",'".$this->db->escape($bac->number)."'"; - $sql .= ",'".$this->db->escape($bac->cle_rib)."'"; - $sql .= ",'".$this->db->escape($sourcetype)."'"; - $sql .= ",".$conf->entity; + $sql .= ' VALUES ('.((int) $this->id); + $sql .= ", ".((float) price2num($amount)); + $sql .= ", '".$this->db->idate($now)."'"; + $sql .= ", ".((int) $fuser->id); + $sql .= ", '".$this->db->escape($bac->code_banque)."'"; + $sql .= ", '".$this->db->escape($bac->code_guichet)."'"; + $sql .= ", '".$this->db->escape($bac->number)."'"; + $sql .= ", '".$this->db->escape($bac->cle_rib)."'"; + $sql .= ", '".$this->db->escape($sourcetype)."'"; + $sql .= ", ".((int) $conf->entity); $sql .= ")"; dol_syslog(get_class($this)."::demande_prelevement", LOG_DEBUG); diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 50d86d17488..fbc755ee87a 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -73,6 +73,11 @@ abstract class CommonObject */ public $errors = array(); + /** + * @var array To store error results of ->validateField() + */ + public $validateFieldsErrors = array(); + /** * @var string ID to identify managed object */ @@ -124,13 +129,11 @@ abstract class CommonObject protected $table_ref_field = ''; /** - * 0=Default, 1=View may be restricted to sales representative only if no permission to see all or to company of external user if external user - * @var integer + * @var integer 0=Default, 1=View may be restricted to sales representative only if no permission to see all or to company of external user if external user */ public $restrictiononfksoc = 0; - // Following vars are used by some objects only. We keep this property here in CommonObject to be able to provide common method using them. /** @@ -1221,7 +1224,7 @@ abstract class CommonObject $listId = implode(",", $temp); $sql = "DELETE FROM ".MAIN_DB_PREFIX."element_contact"; - $sql .= " WHERE element_id = ".$this->id; + $sql .= " WHERE element_id = ".((int) $this->id); if ($listId) { $sql .= " AND fk_c_type_contact IN (".$this->db->sanitize($listId).")"; } @@ -1269,9 +1272,9 @@ abstract class CommonObject if ($source == 'external' || $source == 'thirdparty') { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople t on ec.fk_socpeople = t.rowid"; } - $sql .= " WHERE ec.element_id =".$this->id; + $sql .= " WHERE ec.element_id = ".((int) $this->id); $sql .= " AND ec.fk_c_type_contact=tc.rowid"; - $sql .= " AND tc.element='".$this->db->escape($this->element)."'"; + $sql .= " AND tc.element = '".$this->db->escape($this->element)."'"; if ($code) { $sql .= " AND tc.code = '".$this->db->escape($code)."'"; } @@ -1840,7 +1843,7 @@ abstract class CommonObject if (!empty($element)) { $sql .= " AND entity IN (".getEntity($element).")"; } else { - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); } dol_syslog(get_class($this).'::fetchObjectFrom', LOG_DEBUG); @@ -1989,7 +1992,7 @@ abstract class CommonObject /** * Load properties id_previous and id_next by comparing $fieldid with $this->ref * - * @param string $filter Optional filter. Example: " AND (t.field1 = 'aa' OR t.field2 = 'bb')" + * @param string $filter Optional filter. Example: " AND (t.field1 = 'aa' OR t.field2 = 'bb')". Do not allow user input data here. * @param string $fieldid Name of field to use for the select MAX and MIN * @param int $nodbprefix Do not include DB prefix to forge table name * @return int <0 if KO, >0 if OK @@ -2038,10 +2041,10 @@ abstract class CommonObject } $sql .= " WHERE te.".$fieldid." < '".$this->db->escape($fieldid == 'rowid' ? $this->id : $this->ref)."'"; // ->ref must always be defined (set to id if field does not exists) if ($restrictiononfksoc == 1 && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } if ($restrictiononfksoc == 2 && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (sc.fk_user = ".$user->id.' OR te.fk_soc IS NULL)'; + $sql .= " AND (sc.fk_user = ".((int) $user->id).' OR te.fk_soc IS NULL)'; } if (!empty($filter)) { if (!preg_match('/^\s*AND/i', $filter)) { @@ -2051,7 +2054,7 @@ abstract class CommonObject } if (isset($this->ismultientitymanaged) && !is_numeric($this->ismultientitymanaged)) { $tmparray = explode('@', $this->ismultientitymanaged); - $sql .= ' AND te.'.$tmparray[0].' = '.($tmparray[1] == 'societe' ? 's' : 'parenttable').'.rowid'; // If we need to link to this table to limit select to entity + $sql .= " AND te.".$tmparray[0]." = ".($tmparray[1] == "societe" ? "s" : "parenttable").".rowid"; // If we need to link to this table to limit select to entity } elseif ($restrictiononfksoc == 1 && $this->element != 'societe' && !$user->rights->societe->client->voir && !$socid) { $sql .= ' AND te.fk_soc = s.rowid'; // If we need to link to societe to limit select to socid } @@ -2072,13 +2075,13 @@ abstract class CommonObject $sql .= ' AND parenttable.entity IN ('.getEntity($tmparray[1]).')'; } if ($restrictiononfksoc == 1 && $socid && $this->element != 'societe') { - $sql .= ' AND te.fk_soc = '.$socid; + $sql .= ' AND te.fk_soc = '.((int) $socid); } if ($restrictiononfksoc == 2 && $socid && $this->element != 'societe') { - $sql .= ' AND (te.fk_soc = '.$socid.' OR te.fk_soc IS NULL)'; + $sql .= ' AND (te.fk_soc = '.((int) $socid).' OR te.fk_soc IS NULL)'; } if ($restrictiononfksoc && $socid && $this->element == 'societe') { - $sql .= ' AND te.rowid = '.$socid; + $sql .= ' AND te.rowid = '.((int) $socid); } //print 'socid='.$socid.' restrictiononfksoc='.$restrictiononfksoc.' ismultientitymanaged = '.$this->ismultientitymanaged.' filter = '.$filter.' -> '.$sql."
"; @@ -2108,10 +2111,10 @@ abstract class CommonObject } $sql .= " WHERE te.".$fieldid." > '".$this->db->escape($fieldid == 'rowid' ? $this->id : $this->ref)."'"; // ->ref must always be defined (set to id if field does not exists) if ($restrictiononfksoc == 1 && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } if ($restrictiononfksoc == 2 && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (sc.fk_user = ".$user->id.' OR te.fk_soc IS NULL)'; + $sql .= " AND (sc.fk_user = ".((int) $user->id).' OR te.fk_soc IS NULL)'; } if (!empty($filter)) { if (!preg_match('/^\s*AND/i', $filter)) { @@ -2121,7 +2124,7 @@ abstract class CommonObject } if (isset($this->ismultientitymanaged) && !is_numeric($this->ismultientitymanaged)) { $tmparray = explode('@', $this->ismultientitymanaged); - $sql .= ' AND te.'.$tmparray[0].' = '.($tmparray[1] == 'societe' ? 's' : 'parenttable').'.rowid'; // If we need to link to this table to limit select to entity + $sql .= " AND te.".$tmparray[0]." = ".($tmparray[1] == "societe" ? "s" : "parenttable").".rowid"; // If we need to link to this table to limit select to entity } elseif ($restrictiononfksoc == 1 && $this->element != 'societe' && !$user->rights->societe->client->voir && !$socid) { $sql .= ' AND te.fk_soc = s.rowid'; // If we need to link to societe to limit select to socid } @@ -2142,13 +2145,13 @@ abstract class CommonObject $sql .= ' AND parenttable.entity IN ('.getEntity($tmparray[1]).')'; } if ($restrictiononfksoc == 1 && $socid && $this->element != 'societe') { - $sql .= ' AND te.fk_soc = '.$socid; + $sql .= ' AND te.fk_soc = '.((int) $socid); } if ($restrictiononfksoc == 2 && $socid && $this->element != 'societe') { - $sql .= ' AND (te.fk_soc = '.$socid.' OR te.fk_soc IS NULL)'; + $sql .= ' AND (te.fk_soc = '.((int) $socid).' OR te.fk_soc IS NULL)'; } if ($restrictiononfksoc && $socid && $this->element == 'societe') { - $sql .= ' AND te.rowid = '.$socid; + $sql .= ' AND te.rowid = '.((int) $socid); } //print 'socid='.$socid.' restrictiononfksoc='.$restrictiononfksoc.' ismultientitymanaged = '.$this->ismultientitymanaged.' filter = '.$filter.' -> '.$sql."
"; // Rem: Bug in some mysql version: SELECT MIN(rowid) FROM llx_socpeople WHERE rowid > 1 when one row in database with rowid=1, returns 1 instead of null @@ -2203,19 +2206,19 @@ abstract class CommonObject return -1; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; if (!empty($this->fields['fk_project'])) { // Common case if ($projectid) { - $sql .= ' SET fk_project = '.((int) $projectid); + $sql .= " SET fk_project = ".((int) $projectid); } else { - $sql .= ' SET fk_project = NULL'; + $sql .= " SET fk_project = NULL"; } $sql .= ' WHERE rowid = '.((int) $this->id); } elseif ($this->table_element == 'actioncomm') { // Special case for actioncomm if ($projectid) { - $sql .= ' SET fk_project = '.((int) $projectid); + $sql .= " SET fk_project = ".((int) $projectid); } else { - $sql .= ' SET fk_project = NULL'; + $sql .= " SET fk_project = NULL"; } $sql .= ' WHERE id = '.((int) $this->id); } else // Special case for old architecture objects @@ -2225,7 +2228,7 @@ abstract class CommonObject } else { $sql .= ' SET fk_projet = NULL'; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); } dol_syslog(get_class($this)."::setProject", LOG_DEBUG); @@ -2263,8 +2266,8 @@ abstract class CommonObject $fieldname = 'fk_typepayment'; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.(($id > 0 || $id == '0') ? $id : 'NULL'); + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; + $sql .= " SET ".$fieldname." = ".(($id > 0 || $id == '0') ? ((int) $id) : 'NULL'); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -2275,7 +2278,7 @@ abstract class CommonObject } return 1; } else { - dol_syslog(get_class($this).'::setPaymentMethods Error '.$sql.' - '.$this->db->error()); + dol_syslog(get_class($this).'::setPaymentMethods Error '.$this->db->error()); $this->error = $this->db->error(); return -1; } @@ -2299,7 +2302,7 @@ abstract class CommonObject $fieldname = 'multicurrency_code'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname." = '".$this->db->escape($code)."'"; + $sql .= " SET ".$fieldname." = '".$this->db->escape($code)."'"; $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -2337,7 +2340,7 @@ abstract class CommonObject $fieldname = 'multicurrency_tx'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.((float) $rate); + $sql .= " SET ".$fieldname." = ".((float) $rate); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -2545,7 +2548,7 @@ abstract class CommonObject } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.(($id > 0 || $id == '0') ? $id : 'NULL'); + $sql .= " SET ".$fieldname." = ".(($id > 0 || $id == '0') ? ((int) $id) : 'NULL'); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -2587,7 +2590,7 @@ abstract class CommonObject } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.(($id > 0 || $id == '0') ? $id : 'NULL'); + $sql .= " SET ".$fieldname." = ".(($id > 0 || $id == '0') ? ((int) $id) : 'NULL'); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -2622,7 +2625,7 @@ abstract class CommonObject $fieldname = 'retained_warranty_fk_cond_reglement'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.((int) $id); + $sql .= " SET ".$fieldname." = ".((int) $id); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -2655,14 +2658,14 @@ abstract class CommonObject } $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET ".$fieldname." = ".((int) $id); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0"; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = 0"; if ($this->db->query($sql)) { $this->fk_delivery_address = $id; return 1; } else { $this->error = $this->db->error(); - dol_syslog(get_class($this).'::setDeliveryAddress Error '.$sql.' - '.$this->error); + dol_syslog(get_class($this).'::setDeliveryAddress Error '.$this->error); return -1; } } @@ -2779,7 +2782,7 @@ abstract class CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET model_pdf = '".$this->db->escape($newmodelpdf)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setDocModel", LOG_DEBUG); $resql = $this->db->query($sql); @@ -2881,7 +2884,7 @@ abstract class CommonObject // Count number of lines to reorder (according to choice $renum) $nl = 0; $sql = 'SELECT count(rowid) FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.'='.$this->id; + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); if (!$renum) { $sql .= ' AND rang = 0'; } @@ -2903,11 +2906,11 @@ abstract class CommonObject // We first search all lines that are parent lines (for multilevel details lines) $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); if ($fk_parent_line) { $sql .= ' AND fk_parent_line IS NULL'; } - $sql .= ' ORDER BY rang ASC, rowid '.$rowidorder; + $sql .= " ORDER BY rang ASC, rowid ".$rowidorder; dol_syslog(get_class($this)."::line_order search all parent lines", LOG_DEBUG); $resql = $this->db->query($sql); @@ -2951,11 +2954,11 @@ abstract class CommonObject $rows = array(); $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; - $sql .= ' AND fk_parent_line = '.$id; + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); + $sql .= ' AND fk_parent_line = '.((int) $id); $sql .= ' ORDER BY rang ASC'; - dol_syslog(get_class($this)."::getChildrenOfLine search children lines for line ".$id."", LOG_DEBUG); + dol_syslog(get_class($this)."::getChildrenOfLine search children lines for line ".$id, LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { if ($this->db->num_rows($resql) > 0) { @@ -3022,18 +3025,22 @@ abstract class CommonObject */ public function updateRangOfLine($rowid, $rang) { + global $hookmanager; $fieldposition = 'rang'; // @todo Rename 'rang' into 'position' if (in_array($this->table_element_line, array('bom_bomline', 'ecm_files', 'emailcollector_emailcollectoraction'))) { $fieldposition = 'position'; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang); + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldposition." = ".((int) $rang); $sql .= ' WHERE rowid = '.((int) $rowid); dol_syslog(get_class($this)."::updateRangOfLine", LOG_DEBUG); if (!$this->db->query($sql)) { dol_print_error($this->db); } + $parameters=array('rowid'=>$rowid, 'rang'=>$rang, 'fieldposition' => $fieldposition); + $action=''; + $reshook = $hookmanager->executeHooks('afterRankOfLineUpdate', $parameters, $this, $action); } // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps @@ -3067,11 +3074,11 @@ abstract class CommonObject $fieldposition = 'position'; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang); - $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; - $sql .= ' AND rang = '.($rang - 1); + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldposition." = ".((int) $rang); + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); + $sql .= ' AND rang = '.((int) ($rang - 1)); if ($this->db->query($sql)) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang - 1)); + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldposition." = ".((int) ($rang - 1)); $sql .= ' WHERE rowid = '.((int) $rowid); if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -3098,11 +3105,11 @@ abstract class CommonObject $fieldposition = 'position'; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang); - $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldposition." = ".((int) $rang); + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); $sql .= ' AND rang = '.((int) ($rang + 1)); if ($this->db->query($sql)) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang + 1)); + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldposition." = ".((int) ($rang + 1)); $sql .= ' WHERE rowid = '.((int) $rowid); if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -3141,7 +3148,7 @@ abstract class CommonObject public function getIdOfLine($rang) { $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); $sql .= ' AND rang = '.((int) $rang); $resql = $this->db->query($sql); if ($resql) { @@ -3167,9 +3174,9 @@ abstract class CommonObject // Search the last rang with fk_parent_line if ($fk_parent_line) { - $sql = 'SELECT max('.$positionfield.') FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; - $sql .= ' AND fk_parent_line = '.$fk_parent_line; + $sql = "SELECT max(".$positionfield.") FROM ".MAIN_DB_PREFIX.$this->table_element_line; + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); + $sql .= ' AND fk_parent_line = '.((int) $fk_parent_line); dol_syslog(get_class($this)."::line_max", LOG_DEBUG); $resql = $this->db->query($sql); @@ -3183,8 +3190,8 @@ abstract class CommonObject } } else { // If not, search the last rang of element - $sql = 'SELECT max('.$positionfield.') FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; + $sql = "SELECT max(".$positionfield.") FROM ".MAIN_DB_PREFIX.$this->table_element_line; + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); dol_syslog(get_class($this)."::line_max", LOG_DEBUG); $resql = $this->db->query($sql); @@ -3210,9 +3217,9 @@ abstract class CommonObject return -1; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET ref_ext = '".$this->db->escape($ref_ext)."'"; - $sql .= " WHERE ".(isset($this->table_rowid) ? $this->table_rowid : 'rowid')." = ".$this->id; + $sql .= " WHERE ".(isset($this->table_rowid) ? $this->table_rowid : 'rowid')." = ".((int) $this->id); dol_syslog(get_class($this)."::update_ref_ext", LOG_DEBUG); if ($this->db->query($sql)) { @@ -3261,10 +3268,10 @@ abstract class CommonObject } else { $fieldusermod = "fk_user_modif"; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET note".$newsuffix." = ".(!empty($note) ? ("'".$this->db->escape($note)."'") : "NULL"); - $sql .= " ,".$fieldusermod." = ".$user->id; - $sql .= " WHERE rowid =".$this->id; + $sql .= ", ".$fieldusermod." = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_note", LOG_DEBUG); if ($this->db->query($sql)) { @@ -3379,21 +3386,21 @@ abstract class CommonObject $fieldup = 'value_unit'; } - $sql = 'SELECT rowid, qty, '.$fieldup.' as up, remise_percent, total_ht, '.$fieldtva.' as total_tva, total_ttc, '.$fieldlocaltax1.' as total_localtax1, '.$fieldlocaltax2.' as total_localtax2,'; + $sql = "SELECT rowid, qty, ".$fieldup." as up, remise_percent, total_ht, ".$fieldtva." as total_tva, total_ttc, ".$fieldlocaltax1." as total_localtax1, ".$fieldlocaltax2." as total_localtax2,"; $sql .= ' tva_tx as vatrate, localtax1_tx, localtax2_tx, localtax1_type, localtax2_type, info_bits, product_type'; if ($this->table_element_line == 'facturedet') { $sql .= ', situation_percent'; } $sql .= ', multicurrency_total_ht, multicurrency_total_tva, multicurrency_total_ttc'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); if ($exclspec) { $product_field = 'product_type'; if ($this->table_element_line == 'contratdet') { $product_field = ''; // contratdet table has no product_type field } if ($product_field) { - $sql .= ' AND '.$product_field.' <> 9'; + $sql .= " AND ".$product_field." <> 9"; } } $sql .= ' ORDER by rowid'; // We want to be sure to always use same order of line to not change lines differently when option MAIN_ROUNDOFTOTAL_NOT_TOTALOFROUND is used @@ -3433,7 +3440,7 @@ abstract class CommonObject //var_dump($diff_when_using_price_ht.' '.$diff_on_current_total); if ($diff_when_using_price_ht && $diff_on_current_total) { - $sqlfix = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldtva." = ".$tmpcal[1].", total_ttc = ".$tmpcal[2]." WHERE rowid = ".$obj->rowid; + $sqlfix = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldtva." = ".price2num((float) $tmpcal[1]).", total_ttc = ".price2num((float) $tmpcal[2])." WHERE rowid = ".((int) $obj->rowid); dol_syslog('We found unconsistent data into detailed line (diff_when_using_price_ht = '.$diff_when_using_price_ht.' and diff_on_current_total = '.$diff_on_current_total.') for line rowid = '.$obj->rowid." (total vat of line calculated=".$tmpcal[1].", database=".$obj->total_tva."). We fix the total_vat and total_ttc of line by running sqlfix = ".$sqlfix, LOG_WARNING); $resqlfix = $this->db->query($sqlfix); if (!$resqlfix) { @@ -3477,7 +3484,7 @@ abstract class CommonObject dol_print_error('', $errmsg); exit; } - $sqlfix = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldtva." = ".($obj->total_tva - $diff).", total_ttc = ".($obj->total_ttc - $diff)." WHERE rowid = ".$obj->rowid; + $sqlfix = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldtva." = ".price2num($obj->total_tva - $diff).", total_ttc = ".price2num($obj->total_ttc - $diff)." WHERE rowid = ".((int) $obj->rowid); dol_syslog('We found a difference of '.$diff.' for line rowid = '.$obj->rowid.". We fix the total_vat and total_ttc of line by running sqlfix = ".$sqlfix); $resqlfix = $this->db->query($sqlfix); if (!$resqlfix) { @@ -3546,15 +3553,15 @@ abstract class CommonObject if (empty($nodatabaseupdate)) { $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET'; - $sql .= " ".$fieldht." = ".price2num($this->total_ht).","; - $sql .= " ".$fieldtva." = ".price2num($this->total_tva).","; - $sql .= " ".$fieldlocaltax1." = ".price2num($this->total_localtax1).","; - $sql .= " ".$fieldlocaltax2." = ".price2num($this->total_localtax2).","; - $sql .= " ".$fieldttc." = ".price2num($this->total_ttc); - $sql .= ", multicurrency_total_ht = ".price2num($this->multicurrency_total_ht, 'MT', 1); - $sql .= ", multicurrency_total_tva = ".price2num($this->multicurrency_total_tva, 'MT', 1); - $sql .= ", multicurrency_total_ttc = ".price2num($this->multicurrency_total_ttc, 'MT', 1); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " ".$fieldht." = ".((float) price2num($this->total_ht)).","; + $sql .= " ".$fieldtva." = ".((float) price2num($this->total_tva)).","; + $sql .= " ".$fieldlocaltax1." = ".((float) price2num($this->total_localtax1)).","; + $sql .= " ".$fieldlocaltax2." = ".((float) price2num($this->total_localtax2)).","; + $sql .= " ".$fieldttc." = ".((float) price2num($this->total_ttc)); + $sql .= ", multicurrency_total_ht = ".((float) price2num($this->multicurrency_total_ht, 'MT', 1)); + $sql .= ", multicurrency_total_tva = ".((float) price2num($this->multicurrency_total_tva, 'MT', 1)); + $sql .= ", multicurrency_total_ttc = ".((float) price2num($this->multicurrency_total_ttc, 'MT', 1)); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_price", LOG_DEBUG); $resql = $this->db->query($sql); @@ -3583,7 +3590,7 @@ abstract class CommonObject * @param string $origin Linked element type * @param int $origin_id Linked element id * @param User $f_user User that create - * @param int $notrigger 1=Does not execute triggers, 0= execute triggers + * @param int $notrigger 1=Does not execute triggers, 0=execute triggers * @return int <=0 if KO, >0 if OK * @see fetchObjectLinked(), updateObjectLinked(), deleteObjectLinked() */ @@ -3617,9 +3624,9 @@ abstract class CommonObject $sql .= ", fk_target"; $sql .= ", targettype"; $sql .= ") VALUES ("; - $sql .= $origin_id; + $sql .= ((int) $origin_id); $sql .= ", '" . $this->db->escape($origin) . "'"; - $sql .= ", " . $this->id; + $sql .= ", " . ((int) $this->id); $sql .= ", '" . $this->db->escape($this->element) . "'"; $sql .= ")"; @@ -3892,14 +3899,14 @@ abstract class CommonObject $sql = "UPDATE " . MAIN_DB_PREFIX . "element_element SET "; if ($updatesource) { - $sql .= "fk_source = " . $sourceid; + $sql .= "fk_source = " . ((int) $sourceid); $sql .= ", sourcetype = '" . $this->db->escape($sourcetype) . "'"; - $sql .= " WHERE fk_target = " . $this->id; + $sql .= " WHERE fk_target = " . ((int) $this->id); $sql .= " AND targettype = '" . $this->db->escape($this->element) . "'"; } elseif ($updatetarget) { - $sql .= "fk_target = " . $targetid; + $sql .= "fk_target = " . ((int) $targetid); $sql .= ", targettype = '" . $this->db->escape($targettype) . "'"; - $sql .= " WHERE fk_source = " . $this->id; + $sql .= " WHERE fk_source = " . ((int) $this->id); $sql .= " AND sourcetype = '" . $this->db->escape($this->element) . "'"; } @@ -3985,15 +3992,15 @@ abstract class CommonObject $sql .= " rowid = " . ((int) $rowid); } else { if ($deletesource) { - $sql .= " fk_source = " . $sourceid . " AND sourcetype = '" . $this->db->escape($sourcetype) . "'"; - $sql .= " AND fk_target = " . $this->id . " AND targettype = '" . $this->db->escape($this->element) . "'"; + $sql .= " fk_source = " . ((int) $sourceid) . " AND sourcetype = '" . $this->db->escape($sourcetype) . "'"; + $sql .= " AND fk_target = " . ((int) $this->id) . " AND targettype = '" . $this->db->escape($this->element) . "'"; } elseif ($deletetarget) { - $sql .= " fk_target = " . $targetid . " AND targettype = '" . $this->db->escape($targettype) . "'"; - $sql .= " AND fk_source = " . $this->id . " AND sourcetype = '" . $this->db->escape($this->element) . "'"; + $sql .= " fk_target = " . ((int) $targetid) . " AND targettype = '" . $this->db->escape($targettype) . "'"; + $sql .= " AND fk_source = " . ((int) $this->id) . " AND sourcetype = '" . $this->db->escape($this->element) . "'"; } else { - $sql .= " (fk_source = " . $this->id . " AND sourcetype = '" . $this->db->escape($this->element) . "')"; + $sql .= " (fk_source = " . ((int) $this->id) . " AND sourcetype = '" . $this->db->escape($this->element) . "')"; $sql .= " OR"; - $sql .= " (fk_target = " . $this->id . " AND targettype = '" . $this->db->escape($this->element) . "')"; + $sql .= " (fk_target = " . ((int) $this->id) . " AND targettype = '" . $this->db->escape($this->element) . "')"; } } @@ -4031,7 +4038,7 @@ abstract class CommonObject global $db; - $sql = 'SELECT '.$field_select.' FROM '.MAIN_DB_PREFIX.$table_element.' WHERE '.$field_where.' = '.((int) $fk_object_where); + $sql = "SELECT ".$field_select." FROM ".MAIN_DB_PREFIX.$table_element." WHERE ".$field_where." = ".((int) $fk_object_where); $resql = $db->query($sql); $TRes = array(); @@ -4060,7 +4067,7 @@ abstract class CommonObject global $db; - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table_element.' WHERE '.$field_where.' = '.((int) $fk_object_where); + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$table_element." WHERE ".$field_where." = ".((int) $fk_object_where); $resql = $db->query($sql); if (empty($resql)) { @@ -4352,7 +4359,7 @@ abstract class CommonObject $sql = "SELECT subprice as pu_ht, qty, remise_percent, total_ht"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element_line; - $sql .= " WHERE ".$this->fk_element." = ".$this->id; + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); dol_syslog(get_class($this).'::getTotalDiscount', LOG_DEBUG); $resql = $this->db->query($sql); @@ -4493,7 +4500,7 @@ abstract class CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET extraparams = ".(!empty($extraparams) ? "'".$this->db->escape($extraparams)."'" : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setExtraParameters", LOG_DEBUG); $resql = $this->db->query($sql); @@ -5310,8 +5317,8 @@ abstract class CommonObject $update_main_doc_field = 1; } if ($update_main_doc_field && !empty($this->table_element)) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element." SET last_main_doc = '".$this->db->escape($ecmfile->filepath.'/'.$ecmfile->filename)."'"; - $sql .= ' WHERE rowid = '.$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET last_main_doc = '".$this->db->escape($ecmfile->filepath."/".$ecmfile->filename)."'"; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -5499,7 +5506,7 @@ abstract class CommonObject $sql = "SELECT rowid, property, lang , value"; $sql .= " FROM ".MAIN_DB_PREFIX."object_lang"; $sql .= " WHERE type_object = '".$this->db->escape($element)."'"; - $sql .= " AND fk_object = ".$this->id; + $sql .= " AND fk_object = ".((int) $this->id); //dol_syslog(get_class($this)."::fetch_optionals get extrafields data for ".$this->table_element, LOG_DEBUG); // Too verbose $resql = $this->db->query($sql); @@ -5776,7 +5783,7 @@ abstract class CommonObject dol_syslog(get_class($this)."::deleteExtraFields delete", LOG_DEBUG); - $sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".$this->id; + $sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".((int) $this->id); $resql = $this->db->query($sql_del); if (!$resql) { @@ -5976,7 +5983,7 @@ abstract class CommonObject dol_syslog(get_class($this)."::insertExtraFields delete then insert", LOG_DEBUG); - $sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".$this->id; + $sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".((int) $this->id); $this->db->query($sql_del); $sql = "INSERT INTO ".MAIN_DB_PREFIX.$table_element."_extrafields (fk_object"; @@ -6128,7 +6135,7 @@ abstract class CommonObject foreach ($new_array_languages as $key => $langcodearray) { // $key = 'name', 'town', ... foreach ($langcodearray as $langcode => $value) { $sql_del = "DELETE FROM ".MAIN_DB_PREFIX."object_lang"; - $sql_del .= " WHERE fk_object = ".$this->id." AND property = '".$this->db->escape($key)."' AND type_object = '".$this->db->escape($table_element)."'"; + $sql_del .= " WHERE fk_object = ".((int) $this->id)." AND property = '".$this->db->escape($key)."' AND type_object = '".$this->db->escape($table_element)."'"; $sql_del .= " AND lang = '".$this->db->escape($langcode)."'"; $this->db->query($sql_del); @@ -6312,7 +6319,7 @@ abstract class CommonObject $linealreadyfound = 0; // Check if there is already a line for this object (in most cases, it is, but sometimes it is not, for example when extra field has been created after), so we must keep this overload) - $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX.$this->table_element."_extrafields WHERE fk_object = ".$this->id; + $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX.$this->table_element."_extrafields WHERE fk_object = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $tmpobj = $this->db->fetch_object($resql); @@ -6327,7 +6334,7 @@ abstract class CommonObject } else { $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element."_extrafields SET ".$key." = '".$this->db->escape($this->array_options["options_".$key])."'"; } - $sql .= " WHERE fk_object = ".$this->id; + $sql .= " WHERE fk_object = ".((int) $this->id); } else { $result = $this->insertExtraFields('', $user); if ($result < 0) { @@ -6418,6 +6425,16 @@ abstract class CommonObject $val = $this->fields[$key]; } + // Validation tests and output + $fieldValidationErrorMsg = ''; + $validationClass = ''; + $fieldValidationErrorMsg = $this->getFieldError($key); + if (!empty($fieldValidationErrorMsg)) { + $validationClass = ' --error'; // the -- is use as class state in css : .--error can't be be defined alone it must be define with another class like .my-class.--error or input.--error + } else { + $validationClass = ' --success'; // the -- is use as class state in css : .--success can't be be defined alone it must be define with another class like .my-class.--success or input.--success + } + $out = ''; $type = ''; $isDependList=0; @@ -6509,6 +6526,11 @@ abstract class CommonObject } } + // Add validation state class + if (!empty($validationClass)) { + $morecss.= ' '.$validationClass; + } + if (in_array($type, array('date'))) { $tmp = explode(',', $size); $newsize = $tmp[0]; @@ -6655,17 +6677,17 @@ abstract class CommonObject //We have to join on extrafield table if (strpos($InfoFieldList[4], 'extra') !== false) { - $sql .= ' as main, '.MAIN_DB_PREFIX.$InfoFieldList[0].'_extrafields as extra'; - $sqlwhere .= ' WHERE extra.fk_object=main.'.$InfoFieldList[2].' AND '.$InfoFieldList[4]; + $sql .= " as main, ".MAIN_DB_PREFIX.$InfoFieldList[0]."_extrafields as extra"; + $sqlwhere .= " WHERE extra.fk_object=main.".$InfoFieldList[2]." AND ".$InfoFieldList[4]; } else { - $sqlwhere .= ' WHERE '.$InfoFieldList[4]; + $sqlwhere .= " WHERE ".$InfoFieldList[4]; } } else { $sqlwhere .= ' WHERE 1=1'; } // Some tables may have field, some other not. For the moment we disable it. if (in_array($InfoFieldList[0], array('tablewithentity'))) { - $sqlwhere .= ' AND entity = '.$conf->entity; + $sqlwhere .= " AND entity = ".((int) $conf->entity); } $sql .= $sqlwhere; //print $sql; @@ -6808,16 +6830,16 @@ abstract class CommonObject // We have to join on extrafield table if (strpos($InfoFieldList[4], 'extra') !== false) { $sql .= ' as main, '.MAIN_DB_PREFIX.$InfoFieldList[0].'_extrafields as extra'; - $sqlwhere .= ' WHERE extra.fk_object=main.'.$InfoFieldList[2].' AND '.$InfoFieldList[4]; + $sqlwhere .= " WHERE extra.fk_object=main.".$InfoFieldList[2]." AND ".$InfoFieldList[4]; } else { - $sqlwhere .= ' WHERE '.$InfoFieldList[4]; + $sqlwhere .= " WHERE ".$InfoFieldList[4]; } } else { $sqlwhere .= ' WHERE 1=1'; } // Some tables may have field, some other not. For the moment we disable it. if (in_array($InfoFieldList[0], array('tablewithentity'))) { - $sqlwhere .= ' AND entity = '.$conf->entity; + $sqlwhere .= " AND entity = ".((int) $conf->entity); } // $sql.=preg_replace('/^ AND /','',$sqlwhere); // print $sql; @@ -6975,6 +6997,12 @@ abstract class CommonObject if ($type == 'date') $out.=' (YYYY-MM-DD)'; elseif ($type == 'datetime') $out.=' (YYYY-MM-DD HH:MM:SS)'; */ + + // Display error message for field + if (!empty($fieldValidationErrorMsg) && function_exists('getFieldErrorIcon')) { + $out .= ' '.getFieldErrorIcon($fieldValidationErrorMsg); + } + return $out; } @@ -7314,6 +7342,228 @@ abstract class CommonObject return $out; } + /** + * clear validation message result for a field + * + * @param string $fieldKey Key of attribute to clear + * @return null + */ + public function clearFieldError($fieldKey) + { + $this->error = ''; + unset($this->validateFieldsErrors[$fieldKey]); + } + + /** + * set validation error message a field + * + * @param string $fieldKey Key of attribute + * @param string $msg the field error message + * @return null + */ + public function setFieldError($fieldKey, $msg = '') + { + global $langs; + if (empty($msg)) { $msg = $langs->trans("UnknowError"); } + + $this->error = $this->validateFieldsErrors[$fieldKey] = $msg; + } + + /** + * get field error message + * + * @param string $fieldKey Key of attribute + * @return string + */ + public function getFieldError($fieldKey) + { + if (!empty($this->validateFieldsErrors[$fieldKey])) { + return $this->validateFieldsErrors[$fieldKey]; + } + return ''; + } + + /** + * Return validation test result for a field + * + * @param array $val Array of properties of field to show + * @param string $fieldKey Key of attribute + * @param string $fieldValue value of attribute + * @return bool return false if fail true on success, see $this->error for error message + */ + public function validateField($val, $fieldKey, $fieldValue) + { + global $langs; + + if (!class_exists('Validate')) { require_once DOL_DOCUMENT_ROOT . '/core/class/validate.class.php'; } + + $this->clearFieldError($fieldKey); + + if (!isset($val[$fieldKey])) { + $this->setFieldError($fieldKey, $langs->trans('FieldNotFoundInObject')); + return false; + } + + $param = array(); + $param['options'] = array(); + $type = $val[$fieldKey]['type']; + + $required = false; + if (isset($val[$fieldKey]['notnull']) && $val[$fieldKey]['notnull'] === 1) { + // 'notnull' is set to 1 if not null in database. Set to -1 if we must set data to null if empty ('' or 0). + $required = true; + } + + $maxSize = 0; + $minSize = 0; + + // + // PREPARE Elements + // + + // Convert var to be able to share same code than showOutputField of extrafields + if (preg_match('/varchar\((\d+)\)/', $type, $reg)) { + $type = 'varchar'; // convert varchar(xx) int varchar + $maxSize = $reg[1]; + } elseif (preg_match('/varchar/', $type)) { + $type = 'varchar'; // convert varchar(xx) int varchar + } + + if (!empty($val['arrayofkeyval']) && is_array($val['arrayofkeyval'])) { + $type = 'select'; + } + + if (preg_match('/^integer:(.*):(.*)/i', $val['type'], $reg)) { + $type = 'link'; + } + + if (!empty($val['arrayofkeyval']) && is_array($val['arrayofkeyval'])) { + $param['options'] = $val['arrayofkeyval']; + } + + if (preg_match('/^integer:(.*):(.*)/i', $val['type'], $reg)) { + $type = 'link'; + $param['options'] = array($reg[1].':'.$reg[2]=>$reg[1].':'.$reg[2]); + } elseif (preg_match('/^sellist:(.*):(.*):(.*):(.*)/i', $val['type'], $reg)) { + $param['options'] = array($reg[1].':'.$reg[2].':'.$reg[3].':'.$reg[4] => 'N'); + $type = 'sellist'; + } elseif (preg_match('/^sellist:(.*):(.*):(.*)/i', $val['type'], $reg)) { + $param['options'] = array($reg[1].':'.$reg[2].':'.$reg[3] => 'N'); + $type = 'sellist'; + } elseif (preg_match('/^sellist:(.*):(.*)/i', $val['type'], $reg)) { + $param['options'] = array($reg[1].':'.$reg[2] => 'N'); + $type = 'sellist'; + } + + // + // TEST Value + // + + // Use Validate class to allow external Modules to use data validation part instead of concentrate all test here (factoring) or just for reuse + $validate = new Validate($this->db, $langs); + + + // little trick : to perform tests with good performances sort tests by quick to low + + // + // COMMON TESTS + // + + // Required test and empty value + if ($required && !$validate->isNotEmptyString($fieldValue)) { + $this->setFieldError($fieldKey, $validate->error); + return false; + } elseif (!$required && !$validate->isNotEmptyString($fieldValue)) { + // if no value sent and the field is not mandatory, no need to perform tests + return true; + } + + // MAX Size test + if (!empty($maxSize) && !$validate->isMaxLength($fieldValue, $maxSize)) { + $this->setFieldError($fieldKey, $validate->error); + return false; + } + + // MIN Size test + if (!empty($minSize) && !$validate->isMinLength($fieldValue, $minSize)) { + $this->setFieldError($fieldKey, $validate->error); + return false; + } + + // + // TESTS for TYPE + // + + if (in_array($type, array('date', 'datetime', 'timestamp'))) { + if (!$validate->isTimestamp($fieldValue)) { + $this->setFieldError($fieldKey, $validate->error); + return false; + } else { return true; } + } elseif ($type == 'duration') { + if (!$validate->isDuration($fieldValue)) { + $this->setFieldError($fieldKey, $validate->error); + return false; + } else { return true; } + } elseif (in_array($type, array('double', 'real', 'price'))) { + // is numeric + if (!$validate->isDuration($fieldValue)) { + $this->setFieldError($fieldKey, $validate->error); + return false; + } else { return true; } + } elseif ($type == 'boolean') { + if (!$validate->isBool($fieldValue)) { + $this->setFieldError($fieldKey, $validate->error); + return false; + } else { return true; } + } elseif ($type == 'mail') { + if (!$validate->isEmail($fieldValue)) { + $this->setFieldError($fieldKey, $validate->error); + return false; + } + } elseif ($type == 'url') { + if (!$validate->isUrl($fieldValue)) { + $this->setFieldError($fieldKey, $validate->error); + return false; + } else { return true; } + } elseif ($type == 'phone') { + if (!$validate->isPhone($fieldValue)) { + $this->setFieldError($fieldKey, $validate->error); + return false; + } else { return true; } + } elseif ($type == 'select' || $type == 'radio') { + if (!isset($param['options'][$fieldValue])) { + $this->error = $langs->trans('RequireValidValue'); + return false; + } else { return true; } + } elseif ($type == 'sellist' || $type == 'chkbxlst') { + $param_list = array_keys($param['options']); + $InfoFieldList = explode(":", $param_list[0]); + $value_arr = explode(',', $fieldValue); + $value_arr = array_map(array($this->db, 'escape'), $value_arr); + + $selectkey = "rowid"; + if (count($InfoFieldList) > 4 && !empty($InfoFieldList[4])) { + $selectkey = $InfoFieldList[2]; + } + + if (!isInDb($value_arr, $InfoFieldList[0], $selectkey)) { + $this->setFieldError($fieldKey, $validate->error); + return false; + } else { return true; } + } elseif ($type == 'link') { + $param_list = array_keys($param['options']); // $param_list='ObjectName:classPath' + $InfoFieldList = explode(":", $param_list[0]); + $classname = $InfoFieldList[0]; + $classpath = $InfoFieldList[1]; + if (!$validate->isFetchable($fieldValue, $classname, $classpath)) { + $this->setFieldError($fieldKey, $validate->error); + return false; + } else { return true; } + } + + // if no test failled all is ok + return true; + } /** * Function to show lines of extrafields with output datas. @@ -7920,7 +8170,7 @@ abstract class CommonObject } else { if (empty($maxHeight) || $photo_vignette && $imgarray['height'] > $maxHeight) { $return .= ''; - $return .= ''; + $return .= ''; } else { $return .= ''; $return .= ''; @@ -8326,7 +8576,7 @@ abstract class CommonObject if (is_null($value)) { return 'NULL'; } elseif (preg_match('/^(int|double|real|price)/i', $fieldsentry['type'])) { - return $this->db->escape("$value"); + return price2num("$value"); } elseif ($fieldsentry['type'] == 'boolean') { if ($value) { return 'true'; @@ -8520,13 +8770,13 @@ abstract class CommonObject return 0; } - $sql = 'SELECT '.$fieldlist; - $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; + $sql = "SELECT ".$fieldlist; + $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element.' as t'; if (!empty($id)) { $sql .= ' WHERE t.rowid = '.((int) $id); } elseif (!empty($ref)) { - $sql .= " WHERE t.ref = ".$this->quote($ref, $this->fields['ref']); + $sql .= " WHERE t.ref = '".$this->db->escape($ref)."'"; } else { $sql .= ' WHERE 1 = 1'; // usage with empty id and empty ref is very rare } @@ -8575,9 +8825,9 @@ abstract class CommonObject $objectline = new $objectlineclassname($this->db); - $sql = 'SELECT '.$objectline->getFieldList('l'); - $sql .= ' FROM '.MAIN_DB_PREFIX.$objectline->table_element.' as l'; - $sql .= ' WHERE l.fk_'.$this->element.' = '.$this->id; + $sql = "SELECT ".$objectline->getFieldList('l'); + $sql .= " FROM ".MAIN_DB_PREFIX.$objectline->table_element." as l"; + $sql .= " WHERE l.fk_".$this->element." = ".((int) $this->id); if ($morewhere) { $sql .= $morewhere; } @@ -8723,7 +8973,7 @@ abstract class CommonObject if ($forcechilddeletion) { // Force also delete of childtables that should lock deletion in standard case when option force is off foreach ($this->childtables as $table) { - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table.' WHERE '.$this->fk_element.' = '.$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$table." WHERE ".$this->fk_element." = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); @@ -8772,7 +9022,7 @@ abstract class CommonObject } } else { // Delete record in child table - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table.' WHERE '.$this->fk_element.' = '.$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$table." WHERE ".$this->fk_element." = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -8850,7 +9100,7 @@ abstract class CommonObject $this->db->begin(); $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE '.$parentField.' = '.(int) $parentId; + $sql .= " WHERE ".$parentField." = ".(int) $parentId; $resql = $this->db->query($sql); if (!$resql) { @@ -8973,7 +9223,7 @@ abstract class CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET ".$statusfield." = ".((int) $status); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { if (!$error) { @@ -9259,7 +9509,7 @@ abstract class CommonObject // Delete ecm_files extrafields $sql = "DELETE FROM ".MAIN_DB_PREFIX."ecm_files_extrafields WHERE fk_object IN ("; $sql .= " SELECT rowid FROM ".MAIN_DB_PREFIX."ecm_files WHERE filename LIKE '".$this->db->escape($this->ref)."%'"; - $sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".$conf->entity; // No need of getEntity here + $sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".((int) $conf->entity); // No need of getEntity here $sql .= ")"; if (!$this->db->query($sql)) { @@ -9271,7 +9521,7 @@ abstract class CommonObject // Delete ecm_files $sql = "DELETE FROM ".MAIN_DB_PREFIX."ecm_files"; $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%'"; - $sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".$conf->entity; // No need of getEntity here + $sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".((int) $conf->entity); // No need of getEntity here if (!$this->db->query($sql)) { $this->error = $this->db->lasterror(); @@ -9283,7 +9533,7 @@ abstract class CommonObject // Delete in database with mode 1 if ($mode == 1) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files_extrafields"; - $sql .= " WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".$this->id.")"; + $sql .= " WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? "" : "@".$this->module))."' AND src_object_id = ".((int) $this->id).")"; $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); @@ -9292,7 +9542,7 @@ abstract class CommonObject } $sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files"; - $sql .= " WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".((int) $this->id); + $sql .= " WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? "" : "@".$this->module))."' AND src_object_id = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); diff --git a/htdocs/core/class/commonobjectline.class.php b/htdocs/core/class/commonobjectline.class.php index f821e5050b1..6d5573b9d76 100644 --- a/htdocs/core/class/commonobjectline.class.php +++ b/htdocs/core/class/commonobjectline.class.php @@ -86,7 +86,7 @@ abstract class CommonObjectLine extends CommonObject $label_type = 'code'; } - $sql = 'select '.$label_type.', code from '.MAIN_DB_PREFIX.'c_units where rowid='.$this->fk_unit; + $sql = "SELECT ".$label_type.", code from ".MAIN_DB_PREFIX."c_units where rowid = ".((int) $this->fk_unit); $resql = $this->db->query($sql); if ($resql && $this->db->num_rows($resql) > 0) { $res = $this->db->fetch_array($resql); @@ -98,7 +98,7 @@ abstract class CommonObjectLine extends CommonObject $this->db->free($resql); return $label; } else { - $this->error = $this->db->error().' sql='.$sql; + $this->error = $this->db->lasterror(); dol_syslog(get_class($this)."::getLabelOfUnit Error ".$this->error, LOG_ERR); return -1; } diff --git a/htdocs/core/class/coreobject.class.php b/htdocs/core/class/coreobject.class.php index 45018cb1d8f..33510186646 100644 --- a/htdocs/core/class/coreobject.class.php +++ b/htdocs/core/class/coreobject.class.php @@ -183,7 +183,7 @@ class CoreObject extends CommonObject $this->{$className} = array(); - $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$childTable.' WHERE '.$this->fk_element.' = '.$this->id; + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX.$childTable." WHERE ".$this->fk_element." = ".((int) $this->id); $res = $this->db->query($sql); if ($res) { diff --git a/htdocs/core/class/cproductnature.class.php b/htdocs/core/class/cproductnature.class.php index 6c3a1f7bb9d..2f523d4cda7 100644 --- a/htdocs/core/class/cproductnature.class.php +++ b/htdocs/core/class/cproductnature.class.php @@ -208,13 +208,13 @@ class CProductNature // extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid' || $key == 't.active' || $key == 't.code') { - $sqlwhere[] = $key.'='.(int) $value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 't.label') { - $sqlwhere[] = $key.' = \''.$this->db->escape($value).'\''; + $sqlwhere[] = $key." = '".$this->db->escape($value)."'"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -226,7 +226,7 @@ class CProductNature // extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/core/class/ctyperesource.class.php b/htdocs/core/class/ctyperesource.class.php index b0a604e9e28..5b22e4e2033 100644 --- a/htdocs/core/class/ctyperesource.class.php +++ b/htdocs/core/class/ctyperesource.class.php @@ -230,19 +230,16 @@ class Ctyperesource $sql = 'SELECT'; $sql .= ' t.rowid,'; - $sql .= " t.code,"; $sql .= " t.label,"; $sql .= " t.active"; - - $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; // Manage filter $sqlwhere = array(); if (count($filter) > 0) { foreach ($filter as $key => $value) { - $sqlwhere [] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere [] = $key." LIKE '%".$this->db->escape($value)."%'"; } } @@ -253,7 +250,7 @@ class Ctyperesource $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/core/class/cunits.class.php b/htdocs/core/class/cunits.class.php index 364565af3aa..6fd9b7a05cf 100644 --- a/htdocs/core/class/cunits.class.php +++ b/htdocs/core/class/cunits.class.php @@ -251,13 +251,13 @@ class CUnits // extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid' || $key == 't.active' || $key == 't.scale') { - $sqlwhere[] = $key.'='.(int) $value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 't.unit_type' || $key == 't.code' || $key == 't.short_label') { - $sqlwhere[] = $key.' = \''.$this->db->escape($value).'\''; + $sqlwhere[] = $key." = '".$this->db->escape($value)."'"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -269,7 +269,7 @@ class CUnits // extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/core/class/defaultvalues.class.php b/htdocs/core/class/defaultvalues.class.php index 5b49254b275..bad30901594 100644 --- a/htdocs/core/class/defaultvalues.class.php +++ b/htdocs/core/class/defaultvalues.class.php @@ -264,17 +264,17 @@ class DefaultValues extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid' || ($key == 't.entity' && !is_array($value)) || ($key == 't.user_id' && !is_array($value))) { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (isset($this->fields[$key]) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 't.page' || $key == 't.param' || $key == 't.type') { - $sqlwhere[] = $key.' = \''.$this->db->escape($value).'\''; + $sqlwhere[] = $key." = '".$this->db->escape($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (is_array($value)) { - $sqlwhere[] = $key.' IN ('.$this->db->sanitize(implode(',', $value)).')'; + $sqlwhere[] = $key." IN (".$this->db->sanitize(implode(',', $value)).")"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -286,7 +286,7 @@ class DefaultValues extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/core/class/discount.class.php b/htdocs/core/class/discount.class.php index 2aa829f4090..46789352bd7 100644 --- a/htdocs/core/class/discount.class.php +++ b/htdocs/core/class/discount.class.php @@ -144,7 +144,7 @@ class DiscountAbsolute $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture_fourn as fsup ON sr.fk_invoice_supplier_source = fsup.rowid"; $sql .= " WHERE sr.entity IN (".getEntity('invoice').")"; if ($rowid) { - $sql .= " AND sr.rowid=".((int) $rowid); + $sql .= " AND sr.rowid = ".((int) $rowid); } if ($fk_facture_source) { $sql .= " AND sr.fk_facture_source = ".((int) $fk_facture_source); @@ -315,7 +315,7 @@ class DiscountAbsolute $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except"; $sql .= " WHERE (fk_invoice_supplier_line IS NOT NULL"; // Not used as absolute simple discount $sql .= " OR fk_invoice_supplier IS NOT NULL)"; // Not used as credit note and not used as deposit - $sql .= " AND fk_invoice_supplier_source = ".$this->fk_invoice_supplier_source; + $sql .= " AND fk_invoice_supplier_source = ".((int) $this->fk_invoice_supplier_source); //$sql.=" AND rowid != ".$this->id; dol_syslog(get_class($this)."::delete Check if we can remove discount", LOG_DEBUG); @@ -355,7 +355,7 @@ class DiscountAbsolute if ($this->fk_facture_source) { $sql = "UPDATE ".MAIN_DB_PREFIX."facture"; $sql .= " set paye=0, fk_statut=1"; - $sql .= " WHERE (type = 2 or type = 3) AND rowid=".$this->fk_facture_source; + $sql .= " WHERE (type = 2 or type = 3) AND rowid = ".((int) $this->fk_facture_source); dol_syslog(get_class($this)."::delete Update credit note or deposit invoice statut", LOG_DEBUG); $result = $this->db->query($sql); @@ -370,7 +370,7 @@ class DiscountAbsolute } elseif ($this->fk_invoice_supplier_source) { $sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn"; $sql .= " set paye=0, fk_statut=1"; - $sql .= " WHERE (type = 2 or type = 3) AND rowid=".$this->fk_invoice_supplier_source; + $sql .= " WHERE (type = 2 or type = 3) AND rowid = ".((int) $this->fk_invoice_supplier_source); dol_syslog(get_class($this)."::delete Update credit note or deposit invoice statut", LOG_DEBUG); $result = $this->db->query($sql); @@ -434,7 +434,7 @@ class DiscountAbsolute $sql .= " SET fk_facture = ".((int) $rowidinvoice); } } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::link_to_invoice", LOG_DEBUG); $resql = $this->db->query($sql); @@ -470,7 +470,7 @@ class DiscountAbsolute } else { $sql .= " SET fk_facture_line = NULL, fk_facture = NULL"; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::unlink_invoice", LOG_DEBUG); $resql = $this->db->query($sql); @@ -488,7 +488,7 @@ class DiscountAbsolute * * @param Societe $company Object third party for filter * @param User $user Filtre sur un user auteur des remises - * @param string $filter Filtre autre + * @param string $filter Filter other. Warning: Do not use a user input value here. * @param int $maxvalue Filter on max value for discount * @param int $discount_type 0 => customer discount, 1 => supplier discount * @param int $multicurrency Return multicurrency_amount instead of amount @@ -503,23 +503,23 @@ class DiscountAbsolute $sql = "SELECT SUM(rc.amount_ttc) as amount, SUM(rc.multicurrency_amount_ttc) as multicurrency_amount"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql .= " WHERE rc.entity = ".$conf->entity; - $sql .= " AND rc.discount_type=".intval($discount_type); + $sql .= " AND rc.discount_type=".((int) $discount_type); if (!empty($discount_type)) { $sql .= " AND (rc.fk_invoice_supplier IS NULL AND rc.fk_invoice_supplier_line IS NULL)"; // Available from supplier } else { $sql .= " AND (rc.fk_facture IS NULL AND rc.fk_facture_line IS NULL)"; // Available to customer } if (is_object($company)) { - $sql .= " AND rc.fk_soc = ".$company->id; + $sql .= " AND rc.fk_soc = ".((int) $company->id); } if (is_object($user)) { - $sql .= " AND rc.fk_user = ".$user->id; + $sql .= " AND rc.fk_user = ".((int) $user->id); } if ($filter) { - $sql .= ' AND ('.$filter.')'; + $sql .= " AND (".$filter.")"; } if ($maxvalue) { - $sql .= ' AND rc.amount_ttc <= '.price2num($maxvalue); + $sql .= ' AND rc.amount_ttc <= '.((float) price2num($maxvalue)); } $resql = $this->db->query($sql); @@ -555,12 +555,12 @@ class DiscountAbsolute if ($invoice->element == 'facture' || $invoice->element == 'invoice') { $sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture as f'; - $sql .= ' WHERE rc.fk_facture_source=f.rowid AND rc.fk_facture = '.$invoice->id; + $sql .= ' WHERE rc.fk_facture_source=f.rowid AND rc.fk_facture = '.((int) $invoice->id); $sql .= ' AND f.type = 3'; } elseif ($invoice->element == 'invoice_supplier') { $sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture_fourn as f'; - $sql .= ' WHERE rc.fk_invoice_supplier_source=f.rowid AND rc.fk_invoice_supplier = '.$invoice->id; + $sql .= ' WHERE rc.fk_invoice_supplier_source=f.rowid AND rc.fk_invoice_supplier = '.((int) $invoice->id); $sql .= ' AND f.type = 3'; } else { $this->error = get_class($this)."::getSumDepositsUsed was called with a bad object as a first parameter"; @@ -596,13 +596,13 @@ class DiscountAbsolute if ($invoice->element == 'facture' || $invoice->element == 'invoice') { $sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture as f'; - $sql .= ' WHERE rc.fk_facture_source=f.rowid AND rc.fk_facture = '.$invoice->id; - $sql .= ' AND f.type IN ('.$this->db->sanitize($invoice::TYPE_STANDARD.', '.$invoice::TYPE_CREDIT_NOTE.', '.$invoice::TYPE_SITUATION).')'; // Find discount coming from credit note or excess received + $sql .= ' WHERE rc.fk_facture_source=f.rowid AND rc.fk_facture = '.((int) $invoice->id); + $sql .= " AND f.type IN (".$this->db->sanitize($invoice::TYPE_STANDARD.", ".$invoice::TYPE_CREDIT_NOTE.", ".$invoice::TYPE_SITUATION).')'; // Find discount coming from credit note or excess received } elseif ($invoice->element == 'invoice_supplier') { $sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture_fourn as f'; - $sql .= ' WHERE rc.fk_invoice_supplier_source=f.rowid AND rc.fk_invoice_supplier = '.$invoice->id; - $sql .= ' AND f.type IN ('.$this->db->sanitize($invoice::TYPE_STANDARD.', '.$invoice::TYPE_CREDIT_NOTE).')'; // Find discount coming from credit note or excess paid + $sql .= ' WHERE rc.fk_invoice_supplier_source=f.rowid AND rc.fk_invoice_supplier = '.((int) $invoice->id); + $sql .= " AND f.type IN (".$this->db->sanitize($invoice::TYPE_STANDARD.", ".$invoice::TYPE_CREDIT_NOTE).')'; // Find discount coming from credit note or excess paid } else { $this->error = get_class($this)."::getSumCreditNotesUsed was called with a bad object as a first parameter"; dol_print_error($this->error); @@ -636,11 +636,11 @@ class DiscountAbsolute if ($invoice->element == 'facture' || $invoice->element == 'invoice') { $sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc'; - $sql .= ' WHERE rc.fk_facture IS NULL AND rc.fk_facture_source = '.$invoice->id; + $sql .= ' WHERE rc.fk_facture IS NULL AND rc.fk_facture_source = '.((int) $invoice->id); } elseif ($invoice->element == 'invoice_supplier') { $sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc'; - $sql .= ' WHERE rc.fk_invoice_supplier IS NULL AND rc.fk_invoice_supplier_source = '.$invoice->id; + $sql .= ' WHERE rc.fk_invoice_supplier IS NULL AND rc.fk_invoice_supplier_source = '.((int) $invoice->id); } else { $this->error = get_class($this)."::getSumCreditNotesUsed was called with a bad object as a first parameter"; dol_print_error($this->error); diff --git a/htdocs/core/class/dolreceiptprinter.class.php b/htdocs/core/class/dolreceiptprinter.class.php index a3ddb3d7c7f..9813876c031 100644 --- a/htdocs/core/class/dolreceiptprinter.class.php +++ b/htdocs/core/class/dolreceiptprinter.class.php @@ -867,7 +867,7 @@ class dolReceiptPrinter extends Printer $error = 0; $sql = 'SELECT template'; $sql .= ' FROM '.MAIN_DB_PREFIX.'printer_receipt_template'; - $sql .= ' WHERE rowid='.$templateid; + $sql .= ' WHERE rowid = '.((int) $templateid); $sql .= ' AND entity = '.$conf->entity; $resql = $this->db->query($sql); if ($resql) { @@ -905,7 +905,7 @@ class dolReceiptPrinter extends Printer $sql = 'SELECT rowid, name, fk_type, fk_profile, parameter'; $sql .= ' FROM '.MAIN_DB_PREFIX.'printer_receipt'; $sql .= ' WHERE rowid = '.((int) $printerid); - $sql .= ' AND entity = '.$conf->entity; + $sql .= ' AND entity = '.((int) $conf->entity); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_array($resql); diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index f6a5ba93d61..4e4a199600f 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -1273,16 +1273,16 @@ class ExtraFields //We have to join on extrafield table if (strpos($InfoFieldList[4], 'extra') !== false) { $sql .= ' as main, '.MAIN_DB_PREFIX.$InfoFieldList[0].'_extrafields as extra'; - $sqlwhere .= ' WHERE extra.fk_object=main.'.$InfoFieldList[2].' AND '.$InfoFieldList[4]; + $sqlwhere .= " WHERE extra.fk_object=main.".$InfoFieldList[2]." AND ".$InfoFieldList[4]; } else { - $sqlwhere .= ' WHERE '.$InfoFieldList[4]; + $sqlwhere .= " WHERE ".$InfoFieldList[4]; } } else { $sqlwhere .= ' WHERE 1=1'; } // Some tables may have field, some other not. For the moment we disable it. if (in_array($InfoFieldList[0], array('tablewithentity'))) { - $sqlwhere .= ' AND entity = '.$conf->entity; + $sqlwhere .= ' AND entity = '.((int) $conf->entity); } $sql .= $sqlwhere; //print $sql; @@ -1485,16 +1485,16 @@ class ExtraFields // We have to join on extrafield table if (strpos($InfoFieldList[4], 'extra.') !== false) { $sql .= ' as main, '.MAIN_DB_PREFIX.$InfoFieldList[0].'_extrafields as extra'; - $sqlwhere .= ' WHERE extra.fk_object=main.'.$InfoFieldList[2].' AND '.$InfoFieldList[4]; + $sqlwhere .= " WHERE extra.fk_object=main.".$InfoFieldList[2]." AND ".$InfoFieldList[4]; } else { - $sqlwhere .= ' WHERE '.$InfoFieldList[4]; + $sqlwhere .= " WHERE ".$InfoFieldList[4]; } } else { $sqlwhere .= ' WHERE 1=1'; } // Some tables may have field, some other not. For the moment we disable it. if (in_array($InfoFieldList[0], array('tablewithentity'))) { - $sqlwhere .= ' AND entity = '.$conf->entity; + $sqlwhere .= " AND entity = ".((int) $conf->entity); } // $sql.=preg_replace('/^ AND /','',$sqlwhere); // print $sql; diff --git a/htdocs/core/class/google.class.php b/htdocs/core/class/google.class.php index ee122ff7cb5..4a91d548122 100644 --- a/htdocs/core/class/google.class.php +++ b/htdocs/core/class/google.class.php @@ -66,10 +66,12 @@ class GoogleAPI $i = 0; // Desired address - $urladdress = "https://maps.google.com/maps/geo?q=".urlencode($address)."&output=xml&key=".$this->key; + $urladdress = "https://maps.google.com/maps/geo?q=".urlencode($address)."&output=xml&key=".urlencode($this->key); // Retrieve the URL contents - $page = file_get_contents($urladdress); + require_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php'; + $pagearray = getURLContent($urladdress, 'GET'); + $page = $pagearray['content']; $code = strstr($page, ''); $code = strstr($code, '>'); diff --git a/htdocs/core/class/hookmanager.class.php b/htdocs/core/class/hookmanager.class.php index 45643e26e4c..40610ce5d6f 100644 --- a/htdocs/core/class/hookmanager.class.php +++ b/htdocs/core/class/hookmanager.class.php @@ -160,7 +160,7 @@ class HookManager //dol_syslog(get_class($this).'::executeHooks method='.$method." action=".$action." context=".$parameters['context']); // Define type of hook ('output' or 'addreplace'). - // TODO Remove hooks with type 'output'. All hooks must be converted into 'addreplace' hooks. + // TODO Remove hooks with type 'output' (exemple getNomUrl). All hooks must be converted into 'addreplace' hooks. $hooktype = 'output'; if (in_array( $method, @@ -172,6 +172,7 @@ class HookManager 'addSearchEntry', 'addStatisticLine', 'addSectionECMAuto', + 'checkSecureAccess', 'createDictionaryFieldlist', 'editDictionaryFieldlist', 'getFormMail', @@ -188,6 +189,7 @@ class HookManager 'formConfirm', 'getAccessForbiddenMessage', 'getDirList', + 'hookGetEntity', 'getFormMail', 'getFormatedCustomerRef', 'getFormatedSupplierRef', @@ -267,7 +269,7 @@ class HookManager $actionclassinstance->error = 0; $actionclassinstance->errors = array(); - dol_syslog(get_class($this)."::executeHooks Qualified hook found (hooktype=".$hooktype."). We call method ".get_class($actionclassinstance).'->'.$method.", context=".$context.", module=".$module.", action=".$action.((is_object($object) && property_exists($object, 'id')) ? ', objectid='.$object->id : ''), LOG_DEBUG); + dol_syslog(get_class($this)."::executeHooks Qualified hook found (hooktype=".$hooktype."). We call method ".get_class($actionclassinstance).'->'.$method.", context=".$context.", module=".$module.", action=".$action.((is_object($object) && property_exists($object, 'id')) ? ', object id='.$object->id : '').((is_object($object) && property_exists($object, 'element')) ? ', object element='.$object->element : ''), LOG_DEBUG); // Add current context to avoid method execution in bad context, you can add this test in your method : eg if($currentcontext != 'formfile') return; $parameters['currentcontext'] = $context; diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 8e69a4b49df..74f6ed83ee2 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -1347,13 +1347,13 @@ class Form } $sql .= " WHERE s.entity IN (".getEntity('societe').")"; if (!empty($user->socid)) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if ($filter) { $sql .= " AND (".$filter.")"; } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (!empty($conf->global->COMPANY_HIDE_INACTIVE_IN_COMBOBOX)) { $sql .= " AND s.status <> 0"; @@ -1664,7 +1664,7 @@ class Form } $sql .= " WHERE sp.entity IN (".getEntity('socpeople').")"; if ($socid > 0 || $socid == -1) { - $sql .= " AND sp.fk_soc=".$socid; + $sql .= " AND sp.fk_soc = ".((int) $socid); } if (!empty($conf->global->CONTACT_HIDE_INACTIVE_IN_COMBOBOX)) { $sql .= " AND sp.statut <> 0"; @@ -2446,13 +2446,13 @@ class Form if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY) || !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES)) { $sql .= ", (SELECT pp.rowid FROM ".MAIN_DB_PREFIX."product_price as pp WHERE pp.fk_product = p.rowid"; if ($price_level >= 1 && !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES)) { - $sql .= " AND price_level=".$price_level; + $sql .= " AND price_level = ".((int) $price_level); } $sql .= " ORDER BY date_price"; $sql .= " DESC LIMIT 1) as price_rowid"; $sql .= ", (SELECT pp.price_by_qty FROM ".MAIN_DB_PREFIX."product_price as pp WHERE pp.fk_product = p.rowid"; // price_by_qty is 1 if some prices by qty exists in subtable if ($price_level >= 1 && !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES)) { - $sql .= " AND price_level=".$price_level; + $sql .= " AND price_level = ".((int) $price_level); } $sql .= " ORDER BY date_price"; $sql .= " DESC LIMIT 1) as price_by_qty"; @@ -2472,7 +2472,7 @@ class Form //Price by customer if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES) && !empty($socid)) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_customer_price as pcp ON pcp.fk_soc=".$socid." AND pcp.fk_product=p.rowid"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_customer_price as pcp ON pcp.fk_soc=".((int) $socid)." AND pcp.fk_product=p.rowid"; } // Units if (!empty($conf->global->PRODUCT_USE_UNITS)) { @@ -2565,7 +2565,7 @@ class Form $sql .= ')'; } if (count($warehouseStatusArray)) { - $sql .= ' GROUP BY'.$selectFields; + $sql .= " GROUP BY ".$selectFields; } //Sort by category @@ -2625,7 +2625,7 @@ class Form if ((!empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY) || !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES)) && !empty($objp->price_by_qty) && $objp->price_by_qty == 1) { // Price by quantity will return many prices for the same product $sql = "SELECT rowid, quantity, price, unitprice, remise_percent, remise, price_base_type"; $sql .= " FROM ".MAIN_DB_PREFIX."product_price_by_qty"; - $sql .= " WHERE fk_product_price=".$objp->price_rowid; + $sql .= " WHERE fk_product_price = ".((int) $objp->price_rowid); $sql .= " ORDER BY quantity ASC"; dol_syslog(get_class($this)."::select_produits_list search prices by qty", LOG_DEBUG); @@ -3462,7 +3462,7 @@ class Form $sql .= " WHERE pfp.entity IN (".getEntity('productsupplierprice').")"; $sql .= " AND p.tobuy = 1"; $sql .= " AND s.fournisseur = 1"; - $sql .= " AND p.rowid = ".$productid; + $sql .= " AND p.rowid = ".((int) $productid); $sql .= " ORDER BY s.nom, pfp.ref_fourn DESC"; dol_syslog(get_class($this)."::select_product_fourn_price", LOG_DEBUG); @@ -3928,13 +3928,16 @@ class Form * @param int $maxlength Max length of label * @param int $active Active or not, -1 = all * @param string $morecss Add more CSS on select tag + * @param int $nooutput 1=Return string, do not send to output * @return void */ - public function select_types_paiements($selected = '', $htmlname = 'paiementtype', $filtertype = '', $format = 0, $empty = 1, $noadmininfo = 0, $maxlength = 0, $active = 1, $morecss = '') + public function select_types_paiements($selected = '', $htmlname = 'paiementtype', $filtertype = '', $format = 0, $empty = 1, $noadmininfo = 0, $maxlength = 0, $active = 1, $morecss = '', $nooutput = 0) { // phpcs:enable global $langs, $user, $conf; + $out = ''; + dol_syslog(__METHOD__." ".$selected.", ".$htmlname.", ".$filtertype.", ".$format, LOG_DEBUG); $filterarray = array(); @@ -3953,9 +3956,9 @@ class Form $selected = $conf->global->MAIN_DEFAULT_PAYMENT_TYPE_ID; } - print ''; if ($empty) { - print ''; + $out .= ''; } foreach ($this->cache_types_paiements as $id => $arraytypes) { // If not good status @@ -3974,25 +3977,25 @@ class Form } if ($format == 0) { - print ''; + $out .= $value ? $value : ' '; + $out .= ''; } - print ''; + $out .= ''; if ($user->admin && !$noadmininfo) { - print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"), 1); + $out .= info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"), 1); + } + $out .= ajax_combobox('select'.$htmlname); + + if (empty($nooutput)) { + print $out; + } else { + return $out; } - print ajax_combobox('select'.$htmlname); } @@ -6979,7 +6988,7 @@ class Form if (isset($objecttmp->ismultientitymanaged)) { if (!is_numeric($objecttmp->ismultientitymanaged)) { $tmparray = explode('@', $objecttmp->ismultientitymanaged); - $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.$tmparray[1].' as parenttable ON parenttable.rowid = t.'.$tmparray[0]; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX.$tmparray[1]." as parenttable ON parenttable.rowid = t.".$tmparray[0]; } if ($objecttmp->ismultientitymanaged == 'fk_soc@societe') { if (!$user->rights->societe->client->voir && !$user->socid) { @@ -7000,18 +7009,18 @@ class Form $sql .= " AND t.entity IN (".getEntity($objecttmp->table_element).")"; } if (!is_numeric($objecttmp->ismultientitymanaged)) { - $sql .= ' AND parenttable.entity = t.'.$tmparray[0]; + $sql .= " AND parenttable.entity = t.".$tmparray[0]; } if ($objecttmp->ismultientitymanaged == 1 && !empty($user->socid)) { if ($objecttmp->element == 'societe') { - $sql .= " AND t.rowid = ".$user->socid; + $sql .= " AND t.rowid = ".((int) $user->socid); } else { - $sql .= " AND t.fk_soc = ".$user->socid; + $sql .= " AND t.fk_soc = ".((int) $user->socid); } } if ($objecttmp->ismultientitymanaged == 'fk_soc@societe') { if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND t.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND t.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } } } @@ -9040,7 +9049,7 @@ class Form $sql .= " AND f.fk_projet = p.rowid AND f.fk_statut=0"; //Brouillons seulement //if ($projectsListId) $sql.= " AND p.rowid IN (".$this->db->sanitize($projectsListId).")"; //if ($socid == 0) $sql.= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)"; - //if ($socid > 0) $sql.= " AND (p.fk_soc=".$socid." OR p.fk_soc IS NULL)"; + //if ($socid > 0) $sql.= " AND (p.fk_soc=".((int) $socid)." OR p.fk_soc IS NULL)"; $sql .= " ORDER BY p.ref, f.ref ASC"; $resql = $this->db->query($sql); @@ -9241,4 +9250,52 @@ class Form return $retstring; } + + /** + * Output the buttons to submit a creation/edit form + * + * @param string $save_label Alternative label for save button + * @param string $cancel_label Alternative label for cancel button + * @param array $morefields Add additional buttons between save and cancel + * @param bool $withoutdiv Option to remove enclosing centered div + * @return string Html code with the buttons + */ + public function buttonsSaveCancel($save_label = 'Save', $cancel_label = 'Cancel', $morefields = array(), $withoutdiv = 0) + { + global $langs; + + $buttons = array(); + + $save = array( + 'name' => 'save', + 'label_key' => $save_label, + ); + + if ($save_label == 'Create' || $save_label == 'Add' ) { + $save['name'] = 'add'; + $save['label_key'] = $save_label; + } + + $cancel = array( + 'name' => 'cancel', + 'label_key' => 'Cancel', + ); + + !empty($save_label) ? $buttons[] = $save : ''; + + if (!empty($morefields)) { + $buttons[] = $morefields; + } + + !empty($cancel_label) ? $buttons[] = $cancel : ''; + + $retstring = $withoutdiv ? '': '
'; + + foreach ($buttons as $button) { + $retstring .= ''; + } + $retstring .= $withoutdiv ? '': '
'; + + return $retstring; + } } diff --git a/htdocs/core/class/html.formcompany.class.php b/htdocs/core/class/html.formcompany.class.php index bb99b2a32e9..57bedd2807a 100644 --- a/htdocs/core/class/html.formcompany.class.php +++ b/htdocs/core/class/html.formcompany.class.php @@ -1077,7 +1077,7 @@ class FormCompany extends Form $out .= ''; $out .= ''; } else { - if ($selected) { + if ($selected > 0) { $arr = $this->typent_array(0); $typent = $arr[$selected]; $out .= $typent; diff --git a/htdocs/core/class/html.formcontract.class.php b/htdocs/core/class/html.formcontract.class.php index eb0f1baaef1..5db615f4654 100644 --- a/htdocs/core/class/html.formcontract.class.php +++ b/htdocs/core/class/html.formcontract.class.php @@ -80,7 +80,7 @@ class FormContract if ($socid > 0) { // CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY is 'all' or a list of ids separated by coma. if (empty($conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY)) { - $sql .= " AND (c.fk_soc=".$socid." OR c.fk_soc IS NULL)"; + $sql .= " AND (c.fk_soc=".((int) $socid)." OR c.fk_soc IS NULL)"; } elseif ($conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY != 'all') { $sql .= " AND (c.fk_soc IN (".$this->db->sanitize($socid.", ".$conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY).") "; $sql .= " OR c.fk_soc IS NULL)"; diff --git a/htdocs/core/class/html.formmail.class.php b/htdocs/core/class/html.formmail.class.php index 9da814f3369..f5b13671a44 100644 --- a/htdocs/core/class/html.formmail.class.php +++ b/htdocs/core/class/html.formmail.class.php @@ -601,7 +601,7 @@ class FormMail extends Form // Add also email aliases from the c_email_senderprofile table $sql = 'SELECT rowid, label, email FROM '.MAIN_DB_PREFIX.'c_email_senderprofile'; - $sql .= ' WHERE active = 1 AND (private = 0 OR private = '.$user->id.')'; + $sql .= ' WHERE active = 1 AND (private = 0 OR private = '.((int) $user->id).')'; $sql .= ' ORDER BY position'; $resql = $this->db->query($sql); if ($resql) { @@ -1276,7 +1276,7 @@ class FormMail extends Form $sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates'; $sql .= " WHERE (type_template='".$db->escape($type_template)."' OR type_template='all')"; $sql .= " AND entity IN (".getEntity('c_email_templates').")"; - $sql .= " AND (private = 0 OR fk_user = ".$user->id.")"; // Get all public or private owned + $sql .= " AND (private = 0 OR fk_user = ".((int) $user->id).")"; // Get all public or private owned if ($active >= 0) { $sql .= " AND active = ".((int) $active); } @@ -1399,7 +1399,7 @@ class FormMail extends Form $sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates'; $sql .= " WHERE type_template='".$this->db->escape($type_template)."'"; $sql .= " AND entity IN (".getEntity('c_email_templates').")"; - $sql .= " AND (fk_user is NULL or fk_user = 0 or fk_user = ".$user->id.")"; + $sql .= " AND (fk_user is NULL or fk_user = 0 or fk_user = ".((int) $user->id).")"; if (is_object($outputlangs)) { $sql .= " AND (lang = '".$this->db->escape($outputlangs->defaultlang)."' OR lang IS NULL OR lang = '')"; } @@ -1435,7 +1435,7 @@ class FormMail extends Form $sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates'; $sql .= " WHERE type_template IN ('".$this->db->escape($type_template)."', 'all')"; $sql .= " AND entity IN (".getEntity('c_email_templates').")"; - $sql .= " AND (private = 0 OR fk_user = ".$user->id.")"; // See all public templates or templates I own. + $sql .= " AND (private = 0 OR fk_user = ".((int) $user->id).")"; // See all public templates or templates I own. if ($active >= 0) { $sql .= " AND active = ".((int) $active); } diff --git a/htdocs/core/class/html.formmargin.class.php b/htdocs/core/class/html.formmargin.class.php index f951a3dc198..02972f39630 100644 --- a/htdocs/core/class/html.formmargin.class.php +++ b/htdocs/core/class/html.formmargin.class.php @@ -99,7 +99,8 @@ class FormMargin $pv = $line->total_ht; $pa_ht = ($pv < 0 ? -$line->pa_ht : $line->pa_ht); // We choosed to have line->pa_ht always positive in database, so we guess the correct sign - if ($object->element == 'facture' && $object->type == $object::TYPE_SITUATION) { + if (($object->element == 'facture' && $object->type == $object::TYPE_SITUATION) + || ($object->element == 'facture' && $object->type == $object::TYPE_CREDIT_NOTE && $conf->global->INVOICE_USE_SITUATION_CREDIT_NOTE && $object->situation_counter > 0)) { $pa = $line->qty * $pa_ht * ($line->situation_percent / 100); } else { $pa = $line->qty * $pa_ht; diff --git a/htdocs/core/class/html.formother.class.php b/htdocs/core/class/html.formother.class.php index 5f00ed6877b..f0fdfaadd02 100644 --- a/htdocs/core/class/html.formother.class.php +++ b/htdocs/core/class/html.formother.class.php @@ -497,10 +497,10 @@ class FormOther } if (empty($user->rights->user->user->lire)) { - $sql_usr .= " AND u.rowid = ".$user->id; + $sql_usr .= " AND u.rowid = ".((int) $user->id); } if (!empty($user->socid)) { - $sql_usr .= " AND u.fk_soc = ".$user->socid; + $sql_usr .= " AND u.fk_soc = ".((int) $user->socid); } //Add hook to filter on user (for exemple on usergroup define in custom modules) @@ -524,7 +524,7 @@ class FormOther $sql_usr .= " WHERE u2.entity IN (".getEntity('user').")"; } - $sql_usr .= " AND u2.rowid = sc.fk_user AND sc.fk_soc=".$user->socid; + $sql_usr .= " AND u2.rowid = sc.fk_user AND sc.fk_soc = ".((int) $user->socid); //Add hook to filter on user (for exemple on usergroup define in custom modules) if (!empty($reshook)) { diff --git a/htdocs/core/class/html.formprojet.class.php b/htdocs/core/class/html.formprojet.class.php index 4177c4237b8..9696dca7183 100644 --- a/htdocs/core/class/html.formprojet.class.php +++ b/htdocs/core/class/html.formprojet.class.php @@ -350,7 +350,7 @@ class FormProjets $sql .= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)"; } if ($socid > 0) { - $sql .= " AND (p.fk_soc=".$socid." OR p.fk_soc IS NULL)"; + $sql .= " AND (p.fk_soc=".((int) $socid)." OR p.fk_soc IS NULL)"; } $sql .= " ORDER BY p.ref, t.ref ASC"; diff --git a/htdocs/core/class/html.formticket.class.php b/htdocs/core/class/html.formticket.class.php index 259e5a3a19a..5f2ed3c8055 100644 --- a/htdocs/core/class/html.formticket.class.php +++ b/htdocs/core/class/html.formticket.class.php @@ -272,7 +272,7 @@ class FormTicket print ''; } - //Categories + // Categories if ($conf->categorie->enabled) { // Categories print ''.$langs->trans("Categories").''; @@ -441,6 +441,7 @@ class FormTicket print ''; print $langs->trans("AssignedTo"); print ''; + print img_picto('', 'user', 'class="pictofixedwidth"'); print $form->select_dolusers(GETPOST('fk_user_assign', 'int'), 'fk_user_assign', 1); print ''; print ''; @@ -1146,7 +1147,7 @@ class FormTicket } // Subject - print ''.$langs->trans('Subject').''; + print ''.$langs->trans('Subject').''; print 'ref.'] '.$langs->trans('TicketNewMessage').'" />'; print ''; diff --git a/htdocs/core/class/link.class.php b/htdocs/core/class/link.class.php index be81c1e2737..5e008a1e1ac 100644 --- a/htdocs/core/class/link.class.php +++ b/htdocs/core/class/link.class.php @@ -182,7 +182,7 @@ class Link extends CommonObject $sql .= ", label = '".$this->db->escape($this->label)."'"; $sql .= ", objecttype = '".$this->db->escape($this->objecttype)."'"; $sql .= ", objectid = ".$this->objectid; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update sql = ".$sql); $resql = $this->db->query($sql); @@ -365,7 +365,7 @@ class Link extends CommonObject // Remove link $sql = "DELETE FROM ".MAIN_DB_PREFIX."links"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); if (!$this->db->query($sql)) { diff --git a/htdocs/core/class/notify.class.php b/htdocs/core/class/notify.class.php index 2e0a71460ba..019618366d1 100644 --- a/htdocs/core/class/notify.class.php +++ b/htdocs/core/class/notify.class.php @@ -398,7 +398,7 @@ class Notify $sql .= " WHERE n.fk_user = c.rowid AND a.rowid = n.fk_action"; $sql .= " AND c.statut = 1"; if (is_numeric($notifcode)) { - $sql .= " AND n.fk_action = ".$notifcode; // Old usage + $sql .= " AND n.fk_action = ".((int) $notifcode); // Old usage } else { $sql .= " AND a.code = '".$this->db->escape($notifcode)."'"; // New usage } @@ -515,7 +515,7 @@ class Notify case 'SHIPPING_VALIDATE': $link = ''.$newref.''; $dir_output = $conf->expedition->dir_output."/sending/".get_exdir(0, 0, 0, 1, $object, 'shipment'); - $object_type = 'expedition'; + $object_type = 'shipping'; $labeltouse = $conf->global->SHIPPING_VALIDATE_TEMPLATE; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextExpeditionValidated", $link); break; @@ -622,10 +622,10 @@ class Notify if ($mailfile->sendfile()) { if ($obj->type_target == 'touserid') { $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify (daten, fk_action, fk_soc, fk_user, type, objet_type, type_target, objet_id, email)"; - $sql .= " VALUES ('".$this->db->idate(dol_now())."', ".$notifcodedefid.", ".($object->socid ? $object->socid : 'null').", ".$obj->cid.", '".$obj->type."', '".$object_type."', '".$obj->type_target."', ".$object->id.", '".$this->db->escape($obj->email)."')"; + $sql .= " VALUES ('".$this->db->idate(dol_now())."', ".((int) $notifcodedefid).", ".($object->socid > 0 ? ((int) $object->socid) : 'null').", ".((int) $obj->cid).", '".$this->db->escape($obj->type)."', '".$this->db->escape($object_type)."', '".$this->db->escape($obj->type_target)."', ".((int) $object->id).", '".$this->db->escape($obj->email)."')"; } else { $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify (daten, fk_action, fk_soc, fk_contact, type, objet_type, type_target, objet_id, email)"; - $sql .= " VALUES ('".$this->db->idate(dol_now())."', ".$notifcodedefid.", ".($object->socid ? $object->socid : 'null').", ".$obj->cid.", '".$obj->type."', '".$object_type."', '".$obj->type_target."', ".$object->id.", '".$this->db->escape($obj->email)."')"; + $sql .= " VALUES ('".$this->db->idate(dol_now())."', ".((int) $notifcodedefid).", ".($object->socid > 0 ? ((int) $object->socid) : 'null').", ".((int) $obj->cid).", '".$this->db->escape($obj->type)."', '".$this->db->escape($object_type)."', '".$this->db->escape($obj->type_target)."', ".((int) $object->id).", '".$this->db->escape($obj->email)."')"; } if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -857,7 +857,7 @@ class Notify if ($mailfile->sendfile()) { $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify (daten, fk_action, fk_soc, fk_contact, type, type_target, objet_type, objet_id, email)"; - $sql .= " VALUES ('".$this->db->idate(dol_now())."', ".$notifcodedefid.", ".($object->socid ? $object->socid : 'null').", null, 'email', 'tofixedemail', '".$object_type."', ".$object->id.", '".$this->db->escape($conf->global->$param)."')"; + $sql .= " VALUES ('".$this->db->idate(dol_now())."', ".((int) $notifcodedefid).", ".($object->socid > 0 ? ((int) $object->socid) : 'null').", null, 'email', 'tofixedemail', '".$this->db->escape($object_type)."', ".((int) $object->id).", '".$this->db->escape($conf->global->$param)."')"; if (!$this->db->query($sql)) { dol_print_error($this->db); } diff --git a/htdocs/core/class/utils.class.php b/htdocs/core/class/utils.class.php index bdd6cc2b83a..fd89a00a810 100644 --- a/htdocs/core/class/utils.class.php +++ b/htdocs/core/class/utils.class.php @@ -593,12 +593,16 @@ class Utils /** * Execute a CLI command. * - * @param string $command Command line to execute. - * @param string $outputfile A path for an output file (used only when method is 2). For example: $conf->admin->dir_temp.'/out.tmp'; - * @param int $execmethod 0=Use default method (that is 1 by default), 1=Use the PHP 'exec', 2=Use the 'popen' method - * @return array array('result'=>...,'output'=>...,'error'=>...). result = 0 means OK. + * @param string $command Command line to execute. + * Warning: The command line is sanitize so can't contains any redirection char '>'. Use param $redirectionfile if you need it. + * @param string $outputfile A path for an output file (used only when method is 2). For example: $conf->admin->dir_temp.'/out.tmp'; + * @param int $execmethod 0=Use default method (that is 1 by default), 1=Use the PHP 'exec', 2=Use the 'popen' method + * @param string $redirectionfile If defined, a redirection of output to this files is added. + * @param int $noescapecommand 1=Do not escape command. Warning: Using this parameter need you alreay sanitized the command. if not, it will lead to security vulnerability. + * This parameter is provided for backward compatibility with external modules. Always use 0 in core. + * @return array array('result'=>...,'output'=>...,'error'=>...). result = 0 means OK. */ - public function executeCLI($command, $outputfile, $execmethod = 0) + public function executeCLI($command, $outputfile, $execmethod = 0, $redirectionfile = null, $noescapecommand = 0) { global $conf, $langs; @@ -606,7 +610,12 @@ class Utils $output = ''; $error = ''; - $command = escapeshellcmd($command); + if (empty($noescapecommand)) { + $command = escapeshellcmd($command); + } + if ($redirectionfile) { + $command .= " > ".dol_sanitizePathName($redirectionfile); + } $command .= " 2>&1"; if (!empty($conf->global->MAIN_EXEC_USE_POPEN)) { @@ -1079,11 +1088,11 @@ class Utils fwrite($handle, "/*!40000 ALTER TABLE `".$table."` DISABLE KEYS */;\n"); } - $sql = 'SELECT * FROM '.$table; // Here SELECT * is allowed because we don't have definition of columns to take + $sql = "SELECT * FROM ".$table; // Here SELECT * is allowed because we don't have definition of columns to take $result = $db->query($sql); while ($row = $db->fetch_row($result)) { // For each row of data we print a line of INSERT - fwrite($handle, 'INSERT '.$delayed.$ignore.'INTO `'.$table.'` VALUES ('); + fwrite($handle, "INSERT ".$delayed.$ignore."INTO ".$table." VALUES ("); $columns = count($row); for ($j = 0; $j < $columns; $j++) { // Processing each columns of the row to ensure that we correctly save the value (eg: add quotes for string - in fact we add quotes for everything, it's easier) diff --git a/htdocs/core/class/validate.class.php b/htdocs/core/class/validate.class.php new file mode 100644 index 00000000000..61b8931179e --- /dev/null +++ b/htdocs/core/class/validate.class.php @@ -0,0 +1,309 @@ + + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/** + * \file htdocs/core/class/validate.class.php + * \ingroup core + * \brief File for Utils class + */ + + +/** + * Class toolbox to validate values + */ +class Validate +{ + + /** + * @var DoliDb Database handler (result of a new DoliDB) + */ + public $db; + + /** + * @var Translate $outputLang + */ + public $outputLang; + + /** + * @var string Error string + * @see $errors + */ + public $error; + + + /** + * Constructor + * + * @param DoliDB $db Database handler + * @param Translate $outputLang output lang for error + * @return null + */ + public function __construct($db, $outputLang = false) + { + global $langs; + + if ($outputLang) { + $this->outputLang = $langs; + } else { + $this->outputLang = $outputLang; + } + + $outputLang->load('validate'); + + $this->db = $db; + } + + /** + * Use to clear errors msg or other ghost vars + * @return null + */ + protected function clear() + { + $this->error = ''; + } + + /** + * Use to clear errors msg or other ghost vars + * + * @param string $errMsg your error message + * @return null + */ + protected function setError($errMsg) + { + $this->error = $errMsg; + } + + /** + * Check for e-mail validity + * + * @param string $email e-mail address to validate + * @param int $maxLength string max length + * @return boolean Validity is ok or not + */ + public function isEmail($email, $maxLength = false) + { + if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { + $this->error = $this->outputLang->trans('RequireValidEmail'); + return false; + } + return true; + } + + /** + * Check for price validity + * + * @param string $price Price to validate + * @return boolean Validity is ok or not + */ + public function isPrice($price) + { + if (!preg_match('/^[0-9]{1,10}(\.[0-9]{1,9})?$/ui', $price)) { + $this->error = $this->outputLang->trans('RequireValidValue'); + return false; + } + return true; + } + + /** + * Check for timestamp validity + * + * @param string|int $stamp timestamp to validate + * @return boolean Validity is ok or not + */ + public function isTimestamp($stamp) + { + if (!is_numeric($stamp) && (int) $stamp == $stamp) { + $this->error = $this->outputLang->trans('RequireValidDate'); + return false; + } + return true; + } + + /** + * Check for phone validity + * + * @param string $phone Phone string to validate + * @return boolean Validity is ok or not + */ + public function isPhone($phone) + { + if (!preg_match('/^[+0-9. ()-]*$/ui', $phone)) { + $this->error = $this->outputLang->trans('RequireValidPhone'); + return false; + } + return true; + } + + /** + * Check for string max length validity + * + * @param string $string to validate + * @param int $length max length + * @return boolean Validity is ok or not + */ + public function isMaxLength($string, $length) + { + if (strlen($string) > $length) { + $this->error = $this->outputLang->trans('RequireMaxLength', $length); + return false; + } + return true; + } + + /** + * Check for string not empty + * + * @param string $string to validate + * @return boolean Validity is ok or not + */ + public function isNotEmptyString($string) + { + if (!strlen($string)) { + $this->error = $this->outputLang->trans('RequireANotEmptyValue'); + return false; + } + return true; + } + + /** + * Check for string min length validity + * + * @param string $string to validate + * @param int $length max length + * @return boolean Validity is ok or not + */ + public function isMinLength($string, $length) + { + if (!strlen($string) < $length) { + $this->error = $this->outputLang->trans('RequireMinLength', $length); + return false; + } + return true; + } + + /** + * Check url validity + * + * @param string $url to validate + * @return boolean Validity is ok or not + */ + public function isUrl($url) + { + if (!filter_var($url, FILTER_VALIDATE_URL)) { + $this->error = $this->outputLang->trans('RequireValidUrl'); + return false; + } + return true; + } + + /** + * Check Duration validity + * + * @param string $duration to validate + * @return boolean Validity is ok or not + */ + public function isDuration($duration) + { + if (!is_int($duration) && $duration >= 0) { + $this->error = $this->outputLang->trans('RequireValidDuration'); + return false; + } + return true; + } + + /** + * Check for boolean validity + * + * @param boolean $bool Boolean to validate + * @return boolean Validity is ok or not + */ + public function isBool($bool) + { + if (!(is_null($bool) || is_bool($bool) || preg_match('/^[0|1]{1}$/ui', $bool))) { + $this->error = $this->outputLang->trans('RequireValidBool'); + return false; + } + return true; + } + + /** + * Check for all values in db + * + * @param array $values Boolean to validate + * @param string $table the db table name without MAIN_DB_PREFIX + * @param string $col the target col + * @return boolean Validity is ok or not + * @throws Exception + */ + public function isInDb($values, $table, $col) + { + if (!is_array($values)) { + $value_arr = array($values); + } else { + $value_arr = $values; + } + + if (!count($value_arr)) { + $this->error = $this->outputLang->trans('RequireValue'); + return false; + } + + foreach ($value_arr as $val) { + $sql = "SELECT ".$col." FROM ".MAIN_DB_PREFIX.$table." WHERE ".$col." = '".$this->db->escape($val)."'"; // nore quick than count(*) to check existing of a row + $resql = $this->db->getRow($sql); + if ($resql) { + continue; + } else { + $this->error = $this->outputLang->trans('RequireValidExistingElement'); + return false; + } + } + + return true; + } + + /** + * Check for all values in db + * + * @param array $values Boolean to validate + * @param string $classname the class name + * @param string $classpath the class path + * @return boolean Validity is ok or not + * @throws Exception + */ + public function isFetchable($values, $classname, $classpath) + { + if (!empty($classpath)) { + if (dol_include_once($classpath)) { + if ($classname && class_exists($classname)) { + /** @var CommonObject $object */ + $object = new $classname($this->db); + + if (!is_callable(array($object, 'fetch')) || !is_callable(array($object, 'isExistingObject'))) { + $this->error = $this->outputLang->trans('BadSetupOfFieldFetchNotCallable'); + return false; + } + + if (!empty($object->table_element) && $object->isExistingObject($object->table_element, $values)) { + return true; + } else { $this->error = $this->outputLang->trans('RequireValidExistingElement'); } + } else { $this->error = $this->outputLang->trans('BadSetupOfFieldClassNotFoundForValidation'); } + } else { $this->error = $this->outputLang->trans('BadSetupOfFieldFileNotFound'); } + } else { $this->error = $this->outputLang->trans('BadSetupOfField'); } + return false; + } +} diff --git a/htdocs/core/customreports.php b/htdocs/core/customreports.php index ca6e61e3b1c..3693b52cc74 100644 --- a/htdocs/core/customreports.php +++ b/htdocs/core/customreports.php @@ -239,13 +239,14 @@ if (is_array($search_groupby) && count($search_groupby)) { $fieldtocount = $search_groupby[$gkey]; } - $sql = 'SELECT DISTINCT '.$fieldtocount.' as val'; + $sql = "SELECT DISTINCT ".$fieldtocount." as val"; if (strpos($fieldtocount, 'te.') === 0) { $sql .= ' FROM '.MAIN_DB_PREFIX.$object->table_element.'_extrafields as te'; } else { $sql .= ' FROM '.MAIN_DB_PREFIX.$object->table_element.' as t'; } // TODO Add the where here + // ... $sql .= ' LIMIT '.($MAXUNIQUEVALFORGROUP + 1); @@ -469,60 +470,60 @@ if (!empty($search_measures) && !empty($search_xaxis)) { foreach ($search_xaxis as $key => $val) { if (preg_match('/\-year$/', $val)) { $tmpval = preg_replace('/\-year$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y') as x_".$key.', '; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y') as x_".$key.', '; } elseif (preg_match('/\-month$/', $val)) { $tmpval = preg_replace('/\-month$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m') as x_".$key.', '; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m') as x_".$key.', '; } elseif (preg_match('/\-day$/', $val)) { $tmpval = preg_replace('/\-day$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m-%d') as x_".$key.', '; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m-%d') as x_".$key.', '; } else { - $sql .= $val.' as x_'.$key.', '; + $sql .= $val." as x_".$key.", "; } } foreach ($search_groupby as $key => $val) { if (preg_match('/\-year$/', $val)) { $tmpval = preg_replace('/\-year$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y') as g_".$key.', '; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y') as g_".$key.', '; } elseif (preg_match('/\-month$/', $val)) { $tmpval = preg_replace('/\-month$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m') as g_".$key.', '; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m') as g_".$key.', '; } elseif (preg_match('/\-day$/', $val)) { $tmpval = preg_replace('/\-day$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m-%d') as g_".$key.', '; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m-%d') as g_".$key.', '; } else { - $sql .= $val.' as g_'.$key.', '; + $sql .= $val." as g_".$key.", "; } } foreach ($search_measures as $key => $val) { if ($val == 't.count') { - $sql .= 'COUNT(t.'.$fieldid.') as y_'.$key.', '; + $sql .= "COUNT(t.".$fieldid.") as y_".$key.', '; } elseif (preg_match('/\-sum$/', $val)) { $tmpval = preg_replace('/\-sum$/', '', $val); - $sql .= 'SUM('.$db->ifsql($tmpval.' IS NULL', '0', $tmpval).') as y_'.$key.', '; + $sql .= "SUM(".$db->ifsql($tmpval.' IS NULL', '0', $tmpval).") as y_".$key.", "; } elseif (preg_match('/\-average$/', $val)) { $tmpval = preg_replace('/\-average$/', '', $val); - $sql .= 'AVG('.$db->ifsql($tmpval.' IS NULL', '0', $tmpval).') as y_'.$key.', '; + $sql .= "AVG(".$db->ifsql($tmpval.' IS NULL', '0', $tmpval).") as y_".$key.", "; } elseif (preg_match('/\-min$/', $val)) { $tmpval = preg_replace('/\-min$/', '', $val); - $sql .= 'MIN('.$db->ifsql($tmpval.' IS NULL', '0', $tmpval).') as y_'.$key.', '; + $sql .= "MIN(".$db->ifsql($tmpval.' IS NULL', '0', $tmpval).") as y_".$key.", "; } elseif (preg_match('/\-max$/', $val)) { $tmpval = preg_replace('/\-max$/', '', $val); - $sql .= 'MAX('.$db->ifsql($tmpval.' IS NULL', '0', $tmpval).') as y_'.$key.', '; + $sql .= "MAX(".$db->ifsql($tmpval.' IS NULL', '0', $tmpval).") as y_".$key.", "; } } $sql = preg_replace('/,\s*$/', '', $sql); $sql .= ' FROM '.MAIN_DB_PREFIX.$object->table_element.' as t'; // Add measure from extrafields if ($object->isextrafieldmanaged) { - $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.$object->table_element.'_extrafields as te ON te.fk_object = t.'.$fieldid; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX.$object->table_element."_extrafields as te ON te.fk_object = t.".$fieldid; } if ($object->ismultientitymanaged) { if ($object->ismultientitymanaged == 1) { // Nothing here } else { $tmparray = explode('@', $object->ismultientitymanaged); - $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.$tmparray[1].' as parenttable ON t.'.$tmparray[0].' = parenttable.rowid'; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX.$tmparray[1]." as parenttable ON t.".$tmparray[0]." = parenttable.rowid"; $sql .= ' AND parenttable.entity IN ('.getEntity($tmparray[1]).')'; } } @@ -537,27 +538,27 @@ if (!empty($search_measures) && !empty($search_xaxis)) { foreach ($search_xaxis as $key => $val) { if (preg_match('/\-year$/', $val)) { $tmpval = preg_replace('/\-year$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y'), "; } elseif (preg_match('/\-month$/', $val)) { $tmpval = preg_replace('/\-month$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m'), "; } elseif (preg_match('/\-day$/', $val)) { $tmpval = preg_replace('/\-day$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m-%d'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m-%d'), "; } else { - $sql .= $val.', '; + $sql .= $val.", "; } } foreach ($search_groupby as $key => $val) { if (preg_match('/\-year$/', $val)) { $tmpval = preg_replace('/\-year$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y'), "; } elseif (preg_match('/\-month$/', $val)) { $tmpval = preg_replace('/\-month$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m'), "; } elseif (preg_match('/\-day$/', $val)) { $tmpval = preg_replace('/\-day$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m-%d'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m-%d'), "; } else { $sql .= $val.', '; } @@ -567,13 +568,13 @@ if (!empty($search_measures) && !empty($search_xaxis)) { foreach ($search_xaxis as $key => $val) { if (preg_match('/\-year$/', $val)) { $tmpval = preg_replace('/\-year$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y'), "; } elseif (preg_match('/\-month$/', $val)) { $tmpval = preg_replace('/\-month$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m'), "; } elseif (preg_match('/\-day$/', $val)) { $tmpval = preg_replace('/\-day$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m-%d'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m-%d'), "; } else { $sql .= $val.', '; } @@ -581,13 +582,13 @@ if (!empty($search_measures) && !empty($search_xaxis)) { foreach ($search_groupby as $key => $val) { if (preg_match('/\-year$/', $val)) { $tmpval = preg_replace('/\-year$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y'), "; } elseif (preg_match('/\-month$/', $val)) { $tmpval = preg_replace('/\-month$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m'), "; } elseif (preg_match('/\-day$/', $val)) { $tmpval = preg_replace('/\-day$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m-%d'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m-%d'), "; } else { $sql .= $val.', '; } diff --git a/htdocs/core/db/Database.interface.php b/htdocs/core/db/Database.interface.php index 9996d09f036..50e013ce8b7 100644 --- a/htdocs/core/db/Database.interface.php +++ b/htdocs/core/db/Database.interface.php @@ -214,13 +214,14 @@ interface Database /** * Execute a SQL request and return the resultset * - * @param string $query SQL query string - * @param int $usesavepoint 0=Default mode, 1=Run a savepoint before and a rollback to savepoint if error (this allow to have some request with errors inside global transactions). - * Note that with Mysql, this parameter is not used as Myssql can already commit a transaction even if one request is in error, without using savepoints. - * @param string $type Type of SQL order ('ddl' for insert, update, select, delete or 'dml' for create, alter...) + * @param string $query SQL query string + * @param int $usesavepoint 0=Default mode, 1=Run a savepoint before and a rollback to savepoint if error (this allow to have some request with errors inside global transactions). + * Note that with Mysql, this parameter is not used as Myssql can already commit a transaction even if one request is in error, without using savepoints. + * @param string $type Type of SQL order ('ddl' for insert, update, select, delete or 'dml' for create, alter...) + * @param int $result_mode Result mode * @return resource Resultset of answer */ - public function query($query, $usesavepoint = 0, $type = 'auto'); + public function query($query, $usesavepoint = 0, $type = 'auto', $result_mode = 0); /** * Connexion to server @@ -493,8 +494,8 @@ interface Database /** * Returns the current line (as an object) for the resultset cursor * - * @param resource $resultset Cursor of the desired request - * @return Object Object result line or false if KO or end of cursor + * @param resource $resultset Cursor of the desired request + * @return Object Object result line or false if KO or end of cursor */ public function fetch_object($resultset); // phpcs:enable diff --git a/htdocs/core/db/DoliDB.class.php b/htdocs/core/db/DoliDB.class.php index b93a3f40cea..29ced10dc35 100644 --- a/htdocs/core/db/DoliDB.class.php +++ b/htdocs/core/db/DoliDB.class.php @@ -203,9 +203,9 @@ abstract class DoliDB implements Database $limit = $conf->liste_limit; } if ($offset > 0) { - return " LIMIT $offset,$limit "; + return " LIMIT ".((int) $offset).",".((int) $limit)." "; } else { - return " LIMIT $limit "; + return " LIMIT ".((int) $limit)." "; } } @@ -321,6 +321,7 @@ abstract class DoliDB implements Database * Dont add LIMIT to your query, it will be added by this method * @param string $sql the sql query string * @return bool| object + * @deprecated */ public function getRow($sql) { @@ -338,8 +339,9 @@ abstract class DoliDB implements Database * return all results from query as an array of objects * Note : This method executes a given SQL query and retrieves all row of results as an array of objects. It should only be used with SELECT queries * be carefull with this method use it only with some limit of results to avoid performences loss - * @param string $sql the sql query string - * @return bool| array + * @param string $sql the sql query string + * @return bool| array + * @deprecated */ public function getRows($sql) { diff --git a/htdocs/core/db/mysqli.class.php b/htdocs/core/db/mysqli.class.php index 36974d29218..bef1209dd84 100644 --- a/htdocs/core/db/mysqli.class.php +++ b/htdocs/core/db/mysqli.class.php @@ -262,9 +262,10 @@ class DoliDBMysqli extends DoliDB * @param int $usesavepoint 0=Default mode, 1=Run a savepoint before and a rollback to savepoint if error (this allow to have some request with errors inside global transactions). * Note that with Mysql, this parameter is not used as Myssql can already commit a transaction even if one request is in error, without using savepoints. * @param string $type Type of SQL order ('ddl' for insert, update, select, delete or 'dml' for create, alter...) + * @param int $result_mode Result mode * @return bool|mysqli_result Resultset of answer */ - public function query($query, $usesavepoint = 0, $type = 'auto') + public function query($query, $usesavepoint = 0, $type = 'auto', $result_mode = 0) { global $conf, $dolibarr_main_db_readonly; @@ -289,9 +290,9 @@ class DoliDBMysqli extends DoliDB if (!$this->database_name) { // Ordre SQL ne necessitant pas de connexion a une base (exemple: CREATE DATABASE) - $ret = $this->db->query($query); + $ret = $this->db->query($query, $result_mode); } else { - $ret = $this->db->query($query); + $ret = $this->db->query($query, $result_mode); } if (!preg_match("/^COMMIT/i", $query) && !preg_match("/^ROLLBACK/i", $query)) { @@ -316,7 +317,7 @@ class DoliDBMysqli extends DoliDB // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps /** - * Renvoie la ligne courante (comme un objet) pour le curseur resultset + * Returns the current line (as an object) for the resultset cursor * * @param mysqli_result $resultset Curseur de la requete voulue * @return object|null Object result line or null if KO or end of cursor diff --git a/htdocs/core/db/pgsql.class.php b/htdocs/core/db/pgsql.class.php index 0513226ac31..55d5f18dd00 100644 --- a/htdocs/core/db/pgsql.class.php +++ b/htdocs/core/db/pgsql.class.php @@ -494,9 +494,10 @@ class DoliDBPgsql extends DoliDB * @param string $query SQL query string * @param int $usesavepoint 0=Default mode, 1=Run a savepoint before and a rollback to savepoint if error (this allow to have some request with errors inside global transactions). * @param string $type Type of SQL order ('ddl' for insert, update, select, delete or 'dml' for create, alter...) + * @param int $result_mode Result mode (not used with pgsql) * @return false|resource Resultset of answer */ - public function query($query, $usesavepoint = 0, $type = 'auto') + public function query($query, $usesavepoint = 0, $type = 'auto', $result_mode = 0) { global $conf, $dolibarr_main_db_readonly; @@ -570,7 +571,7 @@ class DoliDBPgsql extends DoliDB // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps /** - * Renvoie la ligne courante (comme un objet) pour le curseur resultset + * Returns the current line (as an object) for the resultset cursor * * @param resource $resultset Curseur de la requete voulue * @return false|object Object result line or false if KO or end of cursor @@ -904,7 +905,7 @@ class DoliDBPgsql extends DoliDB // Test charset match LC_TYPE (pgsql error otherwise) //print $charset.' '.setlocale(LC_CTYPE,'0'); exit; - $sql = 'CREATE DATABASE "'.$database.'" OWNER "'.$owner.'" ENCODING \''.$charset.'\''; + $sql = "CREATE DATABASE '".$this->escape($database)."' OWNER '".$this->escape($owner)."' ENCODING '".$this->escape($charset)."'"; dol_syslog($sql, LOG_DEBUG); $ret = $this->query($sql); return $ret; @@ -923,11 +924,11 @@ class DoliDBPgsql extends DoliDB // phpcs:enable $listtables = array(); - $like = ''; + $escapedlike = ''; if ($table) { - $like = " AND table_name LIKE '".$this->escape($table)."'"; + $escapedlike = " AND table_name LIKE '".$this->escape($table)."'"; } - $result = pg_query($this->db, "SELECT table_name FROM information_schema.tables WHERE table_schema = 'public'".$like." ORDER BY table_name"); + $result = pg_query($this->db, "SELECT table_name FROM information_schema.tables WHERE table_schema = 'public'".$escapedlike." ORDER BY table_name"); if ($result) { while ($row = $this->fetch_row($result)) { $listtables[] = $row[0]; diff --git a/htdocs/core/db/sqlite3.class.php b/htdocs/core/db/sqlite3.class.php index 395155973be..072d5f0c4b3 100644 --- a/htdocs/core/db/sqlite3.class.php +++ b/htdocs/core/db/sqlite3.class.php @@ -393,9 +393,10 @@ class DoliDBSqlite3 extends DoliDB * @param int $usesavepoint 0=Default mode, 1=Run a savepoint before and a rollbock to savepoint if error (this allow to have some request with errors inside global transactions). * Note that with Mysql, this parameter is not used as Myssql can already commit a transaction even if one request is in error, without using savepoints. * @param string $type Type of SQL order ('ddl' for insert, update, select, delete or 'dml' for create, alter...) + * @param int $result_mode Result mode (not used with sqlite) * @return SQLite3Result Resultset of answer */ - public function query($query, $usesavepoint = 0, $type = 'auto') + public function query($query, $usesavepoint = 0, $type = 'auto', $result_mode = 0) { global $conf, $dolibarr_main_db_readonly; @@ -420,7 +421,7 @@ class DoliDBSqlite3 extends DoliDB $descTable = $this->db->querySingle("SELECT sql FROM sqlite_master WHERE name='".$this->escape($tablename)."'"); // 1- Renommer la table avec un nom temporaire - $this->query('ALTER TABLE '.$tablename.' RENAME TO tmp_'.$tablename); + $this->query("ALTER TABLE ".$tablename." RENAME TO tmp_".$tablename); // 2- Recréer la table avec la contrainte ajoutée @@ -435,10 +436,10 @@ class DoliDBSqlite3 extends DoliDB $this->query($descTable); // 3- Transférer les données - $this->query('INSERT INTO '.$tablename.' SELECT * FROM tmp_'.$tablename); + $this->query("INSERT INTO ".$tablename." SELECT * FROM tmp_".$tablename); // 4- Supprimer la table temporaire - $this->query('DROP TABLE tmp_'.$tablename); + $this->query("DROP TABLE tmp_".$tablename); // dummy statement $query = "SELECT 0"; @@ -504,7 +505,7 @@ class DoliDBSqlite3 extends DoliDB // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps /** - * Renvoie la ligne courante (comme un objet) pour le curseur resultset + * Returns the current line (as an object) for the resultset cursor * * @param SQLite3Result $resultset Curseur de la requete voulue * @return false|object Object result line or false if KO or end of cursor @@ -839,17 +840,12 @@ class DoliDBSqlite3 extends DoliDB } // ALTER DATABASE dolibarr_db DEFAULT CHARACTER SET latin DEFAULT COLLATE latin1_swedish_ci - $sql = 'CREATE DATABASE '.$database; - $sql .= ' DEFAULT CHARACTER SET '.$charset.' DEFAULT COLLATE '.$collation; + $sql = "CREATE DATABASE ".$this->escape($database); + $sql .= " DEFAULT CHARACTER SET ".$this->escape($charset)." DEFAULT COLLATE ".$this->escape($collation); dol_syslog($sql, LOG_DEBUG); $ret = $this->query($sql); - if (!$ret) { - // We try again for compatibility with Mysql < 4.1.1 - $sql = 'CREATE DATABASE '.$database; - $ret = $this->query($sql); - dol_syslog($sql, LOG_DEBUG); - } + return $ret; } diff --git a/htdocs/core/js/lib_foot.js.php b/htdocs/core/js/lib_foot.js.php index 74a7f543bfc..1de4fef0176 100644 --- a/htdocs/core/js/lib_foot.js.php +++ b/htdocs/core/js/lib_foot.js.php @@ -232,23 +232,39 @@ print ' jQuery(\'.clipboardCPButton, .clipboardCPValueToPrint\').click(function() { /* console.log(this.parentNode); */ - console.log("We click on a clipboardCPButton or clipboardCPValueToPrint class"); - if (window.getSelection) { - selection = window.getSelection(); + console.log("We click on a clipboardCPButton or clipboardCPValueToPrint class and we want to copy content of clipboardCPValue class"); + if (window.getSelection) { range = document.createRange(); + + /* We select value to print using the parent. */ + /* We should use the class clipboardCPValue but it may have several element with copy/paste so class to select is not enough */ range.selectNodeContents(this.parentNode.firstChild); - selection.removeAllRanges(); - selection.addRange( range ); + selection = window.getSelection(); /* get the object used for selection */ + selection.removeAllRanges(); /* clear current selection */ + selection.addRange(range); /* make the new selection with the value to copy */ } - document.execCommand( \'copy\' ); + + /* copy selection into clipboard */ + var succeed; + try { + succeed = document.execCommand(\'copy\'); + } catch(e) { + succeed = false; + } + + /* Remove the selection to avoid to see the hidden field to copy selected */ window.getSelection().removeAllRanges(); /* Show message */ var lastchild = this.parentNode.lastChild; var tmp = lastchild.innerHTML - lastchild.innerHTML = \''.dol_escape_js($langs->trans('CopiedToClipboard')).'\'; + if (succeed) { + lastchild.innerHTML = \''.dol_escape_js($langs->trans('CopiedToClipboard')).'\'; + } else { + lastchild.innerHTML = \''.dol_escape_js($langs->trans('Error')).'\'; + } setTimeout(() => { lastchild.innerHTML = tmp; }, 1000); }); });'."\n"; diff --git a/htdocs/core/lib/admin.lib.php b/htdocs/core/lib/admin.lib.php index 683b92fb8d9..531af9017b3 100644 --- a/htdocs/core/lib/admin.lib.php +++ b/htdocs/core/lib/admin.lib.php @@ -160,9 +160,10 @@ function versiondolibarrarray() * @param int $linelengthlimit Limit for length of each line (Use 0 if unknown, may be faster if defined) * @param int $nocommentremoval Do no try to remove comments (in such a case, we consider that each line is a request, so use also $linelengthlimit=0) * @param int $offsetforchartofaccount Offset to use to load chart of account table to update sql on the fly to add offset to rowid and account_parent value + * @param int $colspan 2=Add a colspan=2 on td * @return int <=0 if KO, >0 if OK */ -function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handler = '', $okerror = 'default', $linelengthlimit = 32768, $nocommentremoval = 0, $offsetforchartofaccount = 0) +function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handler = '', $okerror = 'default', $linelengthlimit = 32768, $nocommentremoval = 0, $offsetforchartofaccount = 0, $colspan = 0) { global $db, $conf, $langs, $user; @@ -282,13 +283,9 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle } } else { if (!$silent) { - print ''; - } - if (!$silent) { - print '
'.$langs->trans("Failed to get max rowid for ".$table)."
"; - } - if (!$silent) { - print ''; + print ''; + print '
'.$langs->trans("Failed to get max rowid for ".$table)."
"; + print ''; } $error++; break; @@ -309,8 +306,8 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle // with // 'INSERT INTO llx_accounting_account (entity, rowid, fk_pcg_version, pcg_type, account_number, account_parent, label, active) VALUES (__ENTITY__, 1401 + 200100000, 'PCG99-ABREGE','CAPIT', '1234', 1400 + 200100000,...' // Note: string with 'PCG99-ABREGE','CAPIT', 1234 instead of 'PCG99-ABREGE','CAPIT', '1234' is also supported - $newsql = preg_replace('/VALUES\s*\(__ENTITY__, \s*(\d+)\s*,(\s*\'[^\',]*\'\s*,\s*\'[^\',]*\'\s*,\s*\'?[^\',]*\'?\s*),\s*\'?([^\',]*)\'?/ims', 'VALUES (__ENTITY__, \1 + '.$offsetforchartofaccount.', \2, \3 + '.$offsetforchartofaccount, $newsql); - $newsql = preg_replace('/([,\s])0 \+ '.$offsetforchartofaccount.'/ims', '\1 0', $newsql); + $newsql = preg_replace('/VALUES\s*\(__ENTITY__, \s*(\d+)\s*,(\s*\'[^\',]*\'\s*,\s*\'[^\',]*\'\s*,\s*\'?[^\',]*\'?\s*),\s*\'?([^\',]*)\'?/ims', 'VALUES (__ENTITY__, \1 + '.((int) $offsetforchartofaccount).', \2, \3 + '.((int) $offsetforchartofaccount), $newsql); + $newsql = preg_replace('/([,\s])0 \+ '.((int) $offsetforchartofaccount).'/ims', '\1 0', $newsql); //var_dump($newsql); $arraysql[$i] = $newsql; @@ -337,7 +334,7 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle // Add log of request if (!$silent) { - print ''.$langs->trans("Request").' '.($i + 1)." sql='".dol_htmlentities($newsql, ENT_NOQUOTES)."'\n"; + print ''.$langs->trans("Request").' '.($i + 1)." sql='".dol_htmlentities($newsql, ENT_NOQUOTES)."'\n"; } dol_syslog('Admin.lib::run_sql Request '.($i + 1), LOG_DEBUG); $sqlmodified = 0; @@ -371,13 +368,9 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle $cursor = $reg[1]; if (empty($listofinsertedrowid[$cursor])) { if (!$silent) { - print ''; - } - if (!$silent) { - print '
'.$langs->trans("FileIsNotCorrect")."
"; - } - if (!$silent) { - print ''; + print ''; + print '
'.$langs->trans("FileIsNotCorrect")."
"; + print ''; } $error++; break; @@ -437,22 +430,14 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle // Is it an error we accept if (!in_array($errno, $okerrors)) { if (!$silent) { - print ''; - } - if (!$silent) { - print '
'.$langs->trans("Error")." ".$db->errno().": ".$newsql."
".$db->error()."
"; - } - if (!$silent) { - print ''."\n"; + print ''; + print '
'.$langs->trans("Error")." ".$db->errno().": ".$newsql."
".$db->error()."
"; + print ''."\n"; } dol_syslog('Admin.lib::run_sql Request '.($i + 1)." Error ".$db->errno()." ".$newsql."
".$db->error(), LOG_ERR); $error++; } } - - if (!$silent) { - print ''."\n"; - } } } @@ -551,7 +536,7 @@ function dolibarr_get_const($db, $name, $entity = 1) $sql = "SELECT ".$db->decrypt('value')." as value"; $sql .= " FROM ".MAIN_DB_PREFIX."const"; - $sql .= " WHERE name = ".$db->encrypt($name, 1); + $sql .= " WHERE name = '".$db->escape($db->encrypt($name))."'"; $sql .= " AND entity = ".((int) $entity); dol_syslog("admin.lib::dolibarr_get_const", LOG_DEBUG); @@ -598,7 +583,7 @@ function dolibarr_set_const($db, $name, $value, $type = 'chaine', $visible = 0, $db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."const"; - $sql .= " WHERE name = ".$db->encrypt($name, 1); + $sql .= " WHERE name = '".$db->escape($db->encrypt($name))."'"; if ($entity >= 0) { $sql .= " AND entity = ".((int) $entity); } @@ -636,7 +621,7 @@ function dolibarr_set_const($db, $name, $value, $type = 'chaine', $visible = 0, /** * Prepare array with list of tabs * - * @param int $nbofactivatedmodules Number f oactivated modules + * @param int $nbofactivatedmodules Number if activated modules * @param int $nboftotalmodules Nb of total modules * @return array Array of tabs to show */ @@ -679,6 +664,45 @@ function modules_prepare_head($nbofactivatedmodules, $nboftotalmodules) return $head; } +/** + * Prepare array with list of tabs + * + * @return array Array of tabs to show + */ +function ihm_prepare_head() +{ + global $langs, $conf, $user; + $h = 0; + $head = array(); + + $head[$h][0] = DOL_URL_ROOT."/admin/ihm.php?mode=language"; + $head[$h][1] = $langs->trans("DefaultLanguage"); + $head[$h][2] = 'language'; + $h++; + + $head[$h][0] = DOL_URL_ROOT."/admin/ihm.php?mode=template"; + $head[$h][1] = $langs->trans("DefaultSkin"); + $head[$h][2] = 'template'; + $h++; + + $head[$h][0] = DOL_URL_ROOT."/admin/ihm.php?mode=login"; + $head[$h][1] = $langs->trans("LoginPage"); + $head[$h][2] = 'login'; + $h++; + + $head[$h][0] = DOL_URL_ROOT."/admin/ihm.php?mode=other"; + $head[$h][1] = $langs->trans("Miscellaneous"); + $head[$h][2] = 'other'; + $h++; + + complete_head_from_modules($conf, $langs, null, $head, $h, 'ihm_admin'); + + complete_head_from_modules($conf, $langs, null, $head, $h, 'ihm_admin', 'remove'); + + + return $head; +} + /** * Prepare array with list of tabs @@ -1528,10 +1552,11 @@ function complete_elementList_with_modules(&$elementList) * @param array $tableau Array of constants array('key'=>array('type'=>type, 'label'=>label) * where type can be 'string', 'text', 'textarea', 'html', 'yesno', 'emailtemplate:xxx', ... * @param int $strictw3c 0=Include form into table (deprecated), 1=Form is outside table to respect W3C (deprecated), 2=No form nor button at all, 3=No form nor button at all and each field has a unique name (form is output by caller, recommended) - * @param string $helptext Help + * @param string $helptext Tooltip help to use for the column name of values + * @param string $text Text to use for the column name of values * @return void */ -function form_constantes($tableau, $strictw3c = 0, $helptext = '') +function form_constantes($tableau, $strictw3c = 0, $helptext = '', $text = 'Value') { global $db, $langs, $conf, $user; global $_Avery_Labels; @@ -1552,7 +1577,7 @@ function form_constantes($tableau, $strictw3c = 0, $helptext = '') print ''; print ''.$langs->trans("Description").''; print ''; - $text = $langs->trans("Value"); + $text = $langs->trans($text); print $form->textwithpicto($text, $helptext, 1, 'help', '', 0, 2, 'idhelptext'); print ''; if (empty($strictw3c)) { @@ -1781,7 +1806,7 @@ function addDocumentModel($name, $type, $label = '', $description = '') $db->begin(); $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)"; - $sql .= " VALUES ('".$db->escape($name)."','".$db->escape($type)."',".$conf->entity.", "; + $sql .= " VALUES ('".$db->escape($name)."','".$db->escape($type)."',".((int) $conf->entity).", "; $sql .= ($label ? "'".$db->escape($label)."'" : 'null').", "; $sql .= (!empty($description) ? "'".$db->escape($description)."'" : "null"); $sql .= ")"; diff --git a/htdocs/core/lib/agenda.lib.php b/htdocs/core/lib/agenda.lib.php index 9796c49cf59..048335201ee 100644 --- a/htdocs/core/lib/agenda.lib.php +++ b/htdocs/core/lib/agenda.lib.php @@ -168,7 +168,7 @@ function show_array_actions_to_do($max = 5) $sql .= " WHERE a.entity IN (".getEntity('agenda').")"; $sql .= " AND ((a.percent >= 0 AND a.percent < 100) OR (a.percent = -1 AND a.datep2 > '".$db->idate($now)."'))"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -284,7 +284,7 @@ function show_array_last_actions_done($max = 5) $sql .= " WHERE a.entity IN (".getEntity('agenda').")"; $sql .= " AND (a.percent >= 100 OR (a.percent = -1 AND a.datep2 <= '".$db->idate($now)."'))"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/core/lib/barcode.lib.php b/htdocs/core/lib/barcode.lib.php index 54bbc0a7666..12022ed178c 100644 --- a/htdocs/core/lib/barcode.lib.php +++ b/htdocs/core/lib/barcode.lib.php @@ -20,7 +20,7 @@ /** * \file htdocs/core/lib/barcode.lib.php - * \brief Set of functions used for barcode generation + * \brief Set of functions used for barcode generation (internal lib, also code 'phpbarcode') * \ingroup core */ @@ -69,7 +69,7 @@ if (defined('PHP-BARCODE_PATH_COMMAND')) { * Print barcode * * @param string $code Code - * @param string $encoding Encoding + * @param string $encoding Encoding ('EAN13', 'ISBN', 'C128', 'UPC', 'CBR', 'QRCODE', 'DATAMATRIX', 'ANY'...) * @param integer $scale Scale * @param string $mode 'png' or 'jpg' ... * @return array|string $bars array('encoding': the encoding which has been used, 'bars': the bars, 'text': text-positioning info) or string with error message @@ -149,12 +149,10 @@ function barcode_encode($code, $encoding) dol_syslog("barcode.lib.php::barcode_encode Use genbarcode ".$genbarcode_loc." code=".$code." encoding=".$encoding); $bars = barcode_encode_genbarcode($code, $encoding); } else { - print "barcode_encode needs an external programm for encodings other then EAN/ISBN (code=".$code.", encoding=".$encoding.")
\n"; + print "barcode_encode needs an external program for encodings other then EAN/ISBN (code=".dol_escape_htmltag($code).", encoding=".dol_escape_htmltag($encoding).")
\n"; print "
    \n"; print "
  • download gnu-barcode from www.gnu.org/software/barcode/\n"; print "
  • compile and install them\n"; - print "
  • download genbarcode from www.ashberg.de/bar/\n"; - print "
  • compile and install them\n"; print "
  • specify path the genbarcode in barcode module setup\n"; print "
\n"; print "
\n"; diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php index 7d261f2d5ab..7a10d2d4ff8 100644 --- a/htdocs/core/lib/company.lib.php +++ b/htdocs/core/lib/company.lib.php @@ -64,7 +64,7 @@ function societe_prepare_head(Societe $object) } else { $sql = "SELECT COUNT(p.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."socpeople as p"; - $sql .= " WHERE p.fk_soc = ".$object->id; + $sql .= " WHERE p.fk_soc = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -140,7 +140,7 @@ function societe_prepare_head(Societe $object) } else { $sql = "SELECT COUNT(n.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."projet as n"; - $sql .= " WHERE fk_soc = ".$object->id; + $sql .= " WHERE fk_soc = ".((int) $object->id); $sql .= " AND entity IN (".getEntity('project').")"; $resql = $db->query($sql); if ($resql) { @@ -223,7 +223,7 @@ function societe_prepare_head(Societe $object) $sql = "SELECT COUNT(n.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_rib as n"; - $sql .= " WHERE n.fk_soc = ".$object->id; + $sql .= " WHERE n.fk_soc = ".((int) $object->id); if (empty($conf->stripe->enabled)) { $sql .= " AND n.stripe_card_ref IS NULL"; } else { @@ -240,7 +240,7 @@ function societe_prepare_head(Societe $object) //if (! empty($conf->stripe->enabled) && $nbBankAccount > 0) $nbBankAccount = '...'; // No way to know exact number - $head[$h][0] = DOL_URL_ROOT.'/societe/paymentmodes.php?socid='.$object->id; + $head[$h][0] = DOL_URL_ROOT.'/societe/paymentmodes.php?socid='.urlencode($object->id); $head[$h][1] = $title; if ($foundonexternalonlinesystem) { $head[$h][1] .= '...'; @@ -252,12 +252,12 @@ function societe_prepare_head(Societe $object) } if (!empty($conf->website->enabled) && (!empty($conf->global->WEBSITE_USE_WEBSITE_ACCOUNTS)) && (!empty($user->rights->societe->lire))) { - $head[$h][0] = DOL_URL_ROOT.'/societe/website.php?id='.$object->id; + $head[$h][0] = DOL_URL_ROOT.'/societe/website.php?id='.urlencode($object->id); $head[$h][1] = $langs->trans("WebSiteAccounts"); $nbNote = 0; $sql = "SELECT COUNT(n.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_account as n"; - $sql .= " WHERE fk_soc = ".$object->id.' AND fk_website > 0'; + $sql .= " WHERE fk_soc = ".((int) $object->id).' AND fk_website > 0'; $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -272,6 +272,19 @@ function societe_prepare_head(Societe $object) $h++; } + if (getDolGlobalString('PARTNERSHIP_IS_MANAGED_FOR') == 'thirdparty') { + if (!empty($user->rights->partnership->read)) { + $nbPartnership = is_array($object->partnerships) ? count($object->partnerships) : 0; + $head[$h][0] = DOL_URL_ROOT.'/societe/partnership.php?socid='.$object->id; + $head[$h][1] = $langs->trans("Partnership"); + $head[$h][2] = 'partnership'; + if ($nbPartnership > 0) { + $head[$h][1] .= ''.$nbPartnership.''; + } + $h++; + } + } + // Show more tabs from modules // Entries must be declared in modules descriptor with line // $this->tabs = array('entity:+tabname:Title:@mymodule:/mymodule/mypage.php?id=__ID__'); to add new tab @@ -291,7 +304,7 @@ function societe_prepare_head(Societe $object) } else { $sql = "SELECT COUNT(n.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."notify_def as n"; - $sql .= " WHERE fk_soc = ".$object->id; + $sql .= " WHERE fk_soc = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -302,7 +315,7 @@ function societe_prepare_head(Societe $object) dol_setcache($cachekey, $nbNotif, 120); // If setting cache fails, this is not a problem, so we do not test result. } - $head[$h][0] = DOL_URL_ROOT.'/societe/notify/card.php?socid='.$object->id; + $head[$h][0] = DOL_URL_ROOT.'/societe/notify/card.php?socid='.urlencode($object->id); $head[$h][1] = $langs->trans("Notifications"); if ($nbNotif > 0) { $head[$h][1] .= ''.$nbNotif.''; @@ -319,7 +332,7 @@ function societe_prepare_head(Societe $object) if (!empty($object->note_public)) { $nbNote++; } - $head[$h][0] = DOL_URL_ROOT.'/societe/note.php?id='.$object->id; + $head[$h][0] = DOL_URL_ROOT.'/societe/note.php?id='.urlencode($object->id); $head[$h][1] = $langs->trans("Notes"); if ($nbNote > 0) { $head[$h][1] .= ''.$nbNote.''; @@ -367,7 +380,7 @@ function societe_prepare_head(Societe $object) } else { $sql = "SELECT COUNT(id) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm"; - $sql .= " WHERE fk_soc = ".$object->id; + $sql .= " WHERE fk_soc = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -793,7 +806,7 @@ function show_projects($conf, $langs, $db, $object, $backtopage = '', $nocreatel $sql .= ", cls.code as opp_status_code"; $sql .= " FROM ".MAIN_DB_PREFIX."projet as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_lead_status as cls on p.fk_opp_status = cls.rowid"; - $sql .= " WHERE p.fk_soc = ".$object->id; + $sql .= " WHERE p.fk_soc = ".((int) $object->id); $sql .= " AND p.entity IN (".getEntity('project').")"; $sql .= " ORDER BY p.dateo DESC"; @@ -1070,9 +1083,9 @@ function show_contacts($conf, $langs, $db, $object, $backtopage = '') $sql .= " t.civility as civility_id, t.address, t.zip, t.town"; $sql .= " FROM ".MAIN_DB_PREFIX."socpeople as t"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople_extrafields as ef on (t.rowid = ef.fk_object)"; - $sql .= " WHERE t.fk_soc = ".$object->id; + $sql .= " WHERE t.fk_soc = ".((int) $object->id); if ($search_status != '' && $search_status != '-1') { - $sql .= " AND t.statut = ".$db->escape($search_status); + $sql .= " AND t.statut = ".((int) $search_status); } if ($search_name) { $sql .= natural_search(array('t.lastname', 't.firstname'), $search_name); @@ -1476,46 +1489,46 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon = '', $noprin $sql .= " WHERE a.entity IN (".getEntity('agenda').")"; if ($force_filter_contact === false) { if (is_object($filterobj) && in_array(get_class($filterobj), array('Societe', 'Client', 'Fournisseur')) && $filterobj->id) { - $sql .= " AND a.fk_soc = ".$filterobj->id; + $sql .= " AND a.fk_soc = ".((int) $filterobj->id); } elseif (is_object($filterobj) && get_class($filterobj) == 'Dolresource') { /* Nothing */ } elseif (is_object($filterobj) && get_class($filterobj) == 'Project' && $filterobj->id) { - $sql .= " AND a.fk_project = ".$filterobj->id; + $sql .= " AND a.fk_project = ".((int) $filterobj->id); } elseif (is_object($filterobj) && get_class($filterobj) == 'Adherent') { $sql .= " AND a.fk_element = m.rowid AND a.elementtype = 'member'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'CommandeFournisseur') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'order_supplier'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'Product') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'product'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'Ticket') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'ticket'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'BOM') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'bom'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'Contrat') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'contract'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && is_array($filterobj->fields) && is_array($filterobj->fields['rowid']) && is_array($filterobj->fields['ref']) && $filterobj->table_element && $filterobj->element) { // Generic case - $sql .= " AND a.fk_element = o.rowid AND a.elementtype = '".$db->escape($filterobj->element).($module ? '@'.$module : '')."'"; + $sql .= " AND a.fk_element = o.rowid AND a.elementtype = '".$db->escape($filterobj->element).($module ? "@".$module : "")."'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } } diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 766d7cdb763..350c2334915 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -1159,10 +1159,11 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable * @param object $object Current object in use * @param boolean $allowdotdot Allow to delete file path with .. inside. Never use this, it is reserved for migration purpose. * @param int $indexdatabase Try to remove also index entries. + * @param int $nolog Disable log file * @return boolean True if no error (file is deleted or if glob is used and there's nothing to delete), False if error * @see dol_delete_dir() */ -function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, $object = null, $allowdotdot = false, $indexdatabase = 1) +function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, $object = null, $allowdotdot = false, $indexdatabase = 1, $nolog = 0) { global $db, $conf, $user, $langs; global $hookmanager; @@ -1170,7 +1171,9 @@ function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, // Load translation files required by the page $langs->loadLangs(array('other', 'errors')); - dol_syslog("dol_delete_file file=".$file." disableglob=".$disableglob." nophperrors=".$nophperrors." nohook=".$nohook); + if (empty($nolog)) { + dol_syslog("dol_delete_file file=".$file." disableglob=".$disableglob." nophperrors=".$nophperrors." nohook=".$nohook); + } // Security: // We refuse transversal using .. and pipes into filenames. @@ -1226,7 +1229,9 @@ function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, } if ($ok) { - dol_syslog("Removed file ".$filename, LOG_DEBUG); + if (empty($nolog)) { + dol_syslog("Removed file ".$filename, LOG_DEBUG); + } // Delete entry into ecm database $rel_filetodelete = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $filename); @@ -1264,7 +1269,9 @@ function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, $ok = unlink($file_osencoded); } if ($ok) { - dol_syslog("Removed file ".$file_osencoded, LOG_DEBUG); + if (empty($nolog)) { + dol_syslog("Removed file ".$file_osencoded, LOG_DEBUG); + } } else { dol_syslog("Failed to remove file ".$file_osencoded, LOG_WARNING); } @@ -1304,11 +1311,15 @@ function dol_delete_dir($dir, $nophperrors = 0) * @param int $nophperrors Disable all PHP output errors * @param int $onlysub Delete only files and subdir, not main directory * @param int $countdeleted Counter to count nb of elements found really deleted + * @param int $indexdatabase Try to remove also index entries. + * @param int $nolog Disable log files (too verbose when making recursive directories) * @return int Number of files and directory we try to remove. NB really removed is returned into var by reference $countdeleted. */ -function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub = 0, &$countdeleted = 0) +function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub = 0, &$countdeleted = 0, $indexdatabase = 1, $nolog = 0) { - dol_syslog("functions.lib:dol_delete_dir_recursive ".$dir, LOG_DEBUG); + if (empty($nolog)) { + dol_syslog("functions.lib:dol_delete_dir_recursive ".$dir, LOG_DEBUG); + } if (dol_is_dir($dir)) { $dir_osencoded = dol_osencode($dir); if ($handle = opendir("$dir_osencoded")) { @@ -1319,9 +1330,9 @@ function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub = if ($item != "." && $item != "..") { if (is_dir(dol_osencode("$dir/$item")) && !is_link(dol_osencode("$dir/$item"))) { - $count = dol_delete_dir_recursive("$dir/$item", $count, $nophperrors, 0, $countdeleted); + $count = dol_delete_dir_recursive("$dir/$item", $count, $nophperrors, 0, $countdeleted, $indexdatabase, $nolog); } else { - $result = dol_delete_file("$dir/$item", 1, $nophperrors); + $result = dol_delete_file("$dir/$item", 1, $nophperrors, 0, null, false, $indexdatabase, $nolog); $count++; if ($result) { $countdeleted++; @@ -1332,6 +1343,7 @@ function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub = } closedir($handle); + // Delete also the main directory if (empty($onlysub)) { $result = dol_delete_dir($dir, $nophperrors); $count++; @@ -1766,7 +1778,7 @@ function dol_remove_file_process($filenb, $donotupdatesession = 0, $donotdeletef */ function addFileIntoDatabaseIndex($dir, $file, $fullpathorig = '', $mode = 'uploaded', $setsharekey = 0, $object = null) { - global $db, $user; + global $db, $user, $conf; $result = 0; @@ -1799,6 +1811,10 @@ function addFileIntoDatabaseIndex($dir, $file, $fullpathorig = '', $mode = 'uplo if (isset($object->src_object_keywords)) $ecmfile->keywords = $object->src_object_keywords; } + if (!empty($conf->global->MAIN_FORCE_SHARING_ON_ANY_UPLOADED_FILE)) { + $setsharekey = 1; + } + if ($setsharekey) { require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php'; $ecmfile->share = getRandomPassword(true); @@ -2253,8 +2269,9 @@ function dol_most_recent_file($dir, $regexfilter = '', $excludefilter = array('( */ function dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser = '', $refname = '', $mode = 'read') { - global $conf, $db, $user; + global $conf, $db, $user, $hookmanager; global $dolibarr_main_data_root, $dolibarr_main_document_root_alt; + global $object; if (!is_object($fuser)) { $fuser = $user; @@ -2911,20 +2928,22 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, } } - // For modules who wants to manage different levels of permissions for documents - $subPermCategoryConstName = strtoupper($modulepart).'_SUBPERMCATEGORY_FOR_DOCUMENTS'; - if (!empty($conf->global->$subPermCategoryConstName)) { - $subPermCategory = $conf->global->$subPermCategoryConstName; - if (!empty($subPermCategory) && (($fuser->rights->$modulepart->$subPermCategory->{$lire}) || ($fuser->rights->$modulepart->$subPermCategory->{$read}) || ($fuser->rights->$modulepart->$subPermCategory->{$download}))) { - $accessallowed = 1; + $parameters = array( + 'modulepart' => $modulepart, + 'original_file' => $original_file, + 'entity' => $entity, + 'fuser' => $fuser, + 'refname' => '', + 'mode' => $mode + ); + $reshook = $hookmanager->executeHooks('checkSecureAccess', $parameters, $object); + if ($reshook > 0) { + if (!empty($hookmanager->resArray['accessallowed'])) { + $accessallowed = $hookmanager->resArray['accessallowed']; + } + if (!empty($hookmanager->resArray['sqlprotectagainstexternals'])) { + $sqlprotectagainstexternals = $hookmanager->resArray['sqlprotectagainstexternals']; } - } - - // Define $sqlprotectagainstexternals for modules who want to protect access using a SQL query. - $sqlProtectConstName = strtoupper($modulepart).'_SQLPROTECTAGAINSTEXTERNALS_FOR_DOCUMENTS'; - if (!empty($conf->global->$sqlProtectConstName)) { // If module want to define its own $sqlprotectagainstexternals - // Example: mymodule__SQLPROTECTAGAINSTEXTERNALS_FOR_DOCUMENTS = "SELECT fk_soc FROM ".MAIN_DB_PREFIX.$modulepart." WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity; - eval('$sqlprotectagainstexternals = "'.$conf->global->$sqlProtectConstName.'";'); } } diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index a9cb45e06fb..483e890e369 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -104,7 +104,7 @@ function getDoliDBInstance($type, $host, $user, $pass, $name, $port) */ function getEntity($element, $shared = 1, $currentobject = null) { - global $conf, $mc; + global $conf, $mc, $hookmanager, $object, $action; // fix different element names (France to English) switch ($element) { @@ -117,7 +117,7 @@ function getEntity($element, $shared = 1, $currentobject = null) } if (is_object($mc)) { - return $mc->getEntity($element, $shared, $currentobject); + $out = $mc->getEntity($element, $shared, $currentobject); } else { $out = ''; $addzero = array('user', 'usergroup', 'c_email_templates', 'email_template', 'default_values'); @@ -125,8 +125,27 @@ function getEntity($element, $shared = 1, $currentobject = null) $out .= '0,'; } $out .= ((int) $conf->entity); - return $out; } + + // Manipulate entities to query on the fly + $parameters = array( + 'element' => $element, + 'shared' => $shared, + 'object' => $object, + 'currentobject' => $currentobject, + 'out' => $out + ); + $reshook = $hookmanager->executeHooks('hookGetEntity', $parameters, $currentobject, $action); // Note that $action and $object may have been modified by some hooks + + if (is_numeric($reshook)) { + if ($reshook == 0 && !empty($hookmanager->resprints)) { + $out .= ','.$hookmanager->resprints; // add + } elseif ($reshook == 1) { + $out = $hookmanager->resprints; // replace + } + } + + return $out; } /** @@ -753,9 +772,9 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = $out = dol_string_nohtmltag($out, 0); // Remove also other dangerous string sequences // '"' is dangerous because param in url can close the href= or src= and add javascript functions. - // '../' is dangerous because it allows dir transversals + // '../' or '..\' is dangerous because it allows dir transversals // Note &, '&', '&'... is a simple char like '&' alone but there is no reason to accept such way to encode input data. - $out = str_ireplace(array('&', '&', '&', '"', '"', '"', '"', '"', '/', '/', '/', '../'), '', $out); + $out = str_ireplace(array('&', '&', '&', '"', '"', '"', '"', '"', '/', '/', '\', '\', '/', '../', '..\\'), '', $out); } while ($oldstringtoclean != $out); // keep lines feed } @@ -768,9 +787,9 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = // Remove html tags $out = dol_html_entity_decode($out, ENT_COMPAT | ENT_HTML5, 'UTF-8'); // '"' is dangerous because param in url can close the href= or src= and add javascript functions. - // '../' is dangerous because it allows dir transversals + // '../' or '..\' is dangerous because it allows dir transversals // Note &, '&', '&'... is a simple char like '&' alone but there is no reason to accept such way to encode input data. - $out = str_ireplace(array('&', '&', '&', '"', '"', '"', '"', '"', '/', '/', '/', '../'), '', $out); + $out = str_ireplace(array('&', '&', '&', '"', '"', '"', '"', '"', '/', '/', '\', '\', '/', '../', '..\\'), '', $out); } while ($oldstringtoclean != $out); } break; @@ -799,11 +818,11 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = } } - // Ckeditor use the numeric entitic for apostrophe so we force it to text entity (all other special chars are correctly - // encoded using text entities). This is a fix for CKeditor (CKeditor still encode in HTML4 instead of HTML5). + // Ckeditor use the numeric entitic for apostrophe so we force it to text entity (all other special chars are + // encoded using text entities) so we can then exclude all numeric entities. $out = preg_replace('/'/i', ''', $out); - // We replace chars from a/A to z/Z encoded with numeric HTML entities with the real char so we won't loose the chars at the next step. + // We replace chars from a/A to z/Z encoded with numeric HTML entities with the real char so we won't loose the chars at the next step (preg_replace). // No need to use a loop here, this step is not to sanitize (this is done at next step, this is to try to save chars, even if they are // using a non coventionnel way to be encoded, to not have them sanitized just after) $out = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', 'realCharForNumericEntities', $out); @@ -818,6 +837,9 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = // Warning, the function may add a LF so we are forced to trim to compare with old $out without having always a difference and an infinit loop. $out = trim(dol_string_onlythesehtmlattributes($out)); } + + // Restore entity ' into ' (restricthtml is for html content so we can use html entity) + $out = preg_replace('/'/i', "'", $out); } while ($oldstringtoclean != $out); break; case 'custom': @@ -1066,7 +1088,7 @@ function dol_sanitizeFileName($str, $newstr = '_', $unaccent = 1) // List of special chars for filenames in windows are defined on page https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file // Char '>' '<' '|' '$' and ';' are special chars for shells. // Char '/' and '\' are file delimiters. - // -- car can be used into filename to inject special paramaters like --use-compress-program to make command with file as parameter making remote execution of command + // Chars '--' can be used into filename to inject special paramaters like --use-compress-program to make command with file as parameter making remote execution of command $filesystem_forbidden_chars = array('<', '>', '/', '\\', '?', '*', '|', '"', ':', '°', '$', ';'); $tmp = dol_string_nospecial($unaccent ? dol_string_unaccent($str) : $str, $newstr, $filesystem_forbidden_chars); $tmp = preg_replace('/\-\-+/', '_', $tmp); @@ -1087,7 +1109,10 @@ function dol_sanitizeFileName($str, $newstr = '_', $unaccent = 1) */ function dol_sanitizePathName($str, $newstr = '_', $unaccent = 1) { - $filesystem_forbidden_chars = array('<', '>', '?', '*', '|', '"', '°'); + // List of special chars for filenames in windows are defined on page https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file + // Char '>' '<' '|' '$' and ';' are special chars for shells. + // Chars '--' can be used into filename to inject special paramaters like --use-compress-program to make command with file as parameter making remote execution of command + $filesystem_forbidden_chars = array('<', '>', '?', '*', '|', '"', '°', '$', ';'); $tmp = dol_string_nospecial($unaccent ? dol_string_unaccent($str) : $str, $newstr, $filesystem_forbidden_chars); $tmp = preg_replace('/\-\-+/', '_', $tmp); $tmp = preg_replace('/\s+\-/', ' _', $tmp); @@ -1280,19 +1305,18 @@ function dol_escape_json($stringtoescape) * Returns text escaped for inclusion in HTML alt or title tags, or into values of HTML input fields. * * @param string $stringtoescape String to escape - * @param int $keepb 1=Keep b tags and escape them, 0=remove them + * @param int $keepb 1=Keep b tags, 0=remove them completely * @param int $keepn 1=Preserve \r\n strings (otherwise, replace them with escaped value). Set to 1 when escaping for a '; $form_close .= ''; - $form_close .= '
'; - $form_close .= ''; - $form_close .= '   '; - $form_close .= ' '; - $form_close .= '
'; + $form_close .= $form->buttonsSaveCancel();; + $form_close .= ' '; $form_close .= ''; print $form_close; diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index 6d43222bcf2..e35051829cb 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -1294,7 +1294,7 @@ class SupplierProposal extends CommonObject $sql .= ' d.fk_multicurrency, d.multicurrency_code, d.multicurrency_subprice, d.multicurrency_total_ht, d.multicurrency_total_tva, d.multicurrency_total_ttc, d.fk_unit'; $sql .= " FROM ".MAIN_DB_PREFIX."supplier_proposaldet as d"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON d.fk_product = p.rowid"; - $sql .= " WHERE d.fk_supplier_proposal = ".$this->id; + $sql .= " WHERE d.fk_supplier_proposal = ".((int) $this->id); $sql .= " ORDER by d.rang"; $result = $this->db->query($sql); @@ -1417,8 +1417,8 @@ class SupplierProposal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal"; $sql .= " SET ref = '".$this->db->escape($num)."',"; - $sql .= " fk_statut = 1, date_valid='".$this->db->idate($now)."', fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0"; + $sql .= " fk_statut = 1, date_valid='".$this->db->idate($now)."', fk_user_valid=".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = 0"; dol_syslog(get_class($this)."::valid", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1517,7 +1517,7 @@ class SupplierProposal extends CommonObject if (!empty($user->rights->supplier_proposal->creer)) { $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal "; $sql .= " SET date_livraison = ".($delivery_date != '' ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { $this->date_livraison = $delivery_date; @@ -1549,7 +1549,7 @@ class SupplierProposal extends CommonObject $remise = price2num($remise, 2); $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal SET remise_percent = ".((float) $remise); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0"; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = 0"; if ($this->db->query($sql)) { $this->remise_percent = ((float) $remise); @@ -1584,7 +1584,7 @@ class SupplierProposal extends CommonObject if (!empty($user->rights->supplier_proposal->creer)) { $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal "; $sql .= " SET remise_absolue = ".((float) $remise); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0"; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = 0"; if ($this->db->query($sql)) { $this->remise_absolue = $remise; @@ -1622,7 +1622,7 @@ class SupplierProposal extends CommonObject $sql .= " note_private = '".$this->db->escape($note)."',"; } $sql .= " date_cloture=NULL, fk_user_cloture=NULL"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); @@ -1681,7 +1681,7 @@ class SupplierProposal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal"; $sql .= " SET fk_statut = ".((int) $status).", note_private = '".$this->db->escape($note)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -1881,7 +1881,7 @@ class SupplierProposal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { if (!$error) { @@ -1946,7 +1946,7 @@ class SupplierProposal extends CommonObject $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut = c.id"; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -2016,10 +2016,10 @@ class SupplierProposal extends CommonObject if (!$error) { $main = MAIN_DB_PREFIX.'supplier_proposaldet'; $ef = $main."_extrafields"; - $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_supplier_proposal = ".$this->id.")"; - $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposaldet WHERE fk_supplier_proposal = ".$this->id; + $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_supplier_proposal = ".((int) $this->id).")"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposaldet WHERE fk_supplier_proposal = ".((int) $this->id); if ($this->db->query($sql)) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposal WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposal WHERE rowid = ".((int) $this->id); if ($this->db->query($sqlef) && $this->db->query($sql)) { // Delete linked object $res = $this->deleteObjectLinked(); @@ -2220,7 +2220,7 @@ class SupplierProposal extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."supplier_proposal as p"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." p.entity IN (".getEntity('supplier_proposal').")"; @@ -2231,7 +2231,7 @@ class SupplierProposal extends CommonObject $sql .= " AND p.fk_statut = 2"; } if ($user->socid) { - $sql .= " AND p.fk_soc = ".$user->socid; + $sql .= " AND p.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -2377,7 +2377,7 @@ class SupplierProposal extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." p.entity IN (".getEntity('supplier_proposal').")"; @@ -2565,7 +2565,7 @@ class SupplierProposal extends CommonObject $sql .= ' pt.fk_multicurrency, pt.multicurrency_code, pt.multicurrency_subprice, pt.multicurrency_total_ht, pt.multicurrency_total_tva, pt.multicurrency_total_ttc, pt.fk_unit'; $sql .= ' FROM '.MAIN_DB_PREFIX.'supplier_proposaldet as pt'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON pt.fk_product=p.rowid'; - $sql .= ' WHERE pt.fk_supplier_proposal = '.$this->id; + $sql .= ' WHERE pt.fk_supplier_proposal = '.((int) $this->id); $sql .= ' ORDER BY pt.rang ASC, pt.rowid'; dol_syslog(get_class($this).'::getLinesArray', LOG_DEBUG); @@ -3045,8 +3045,8 @@ class SupplierProposalLine extends CommonObjectLine $sql .= " ".price2num($this->total_ttc).","; $sql .= " ".(!empty($this->fk_fournprice) ? "'".$this->db->escape($this->fk_fournprice)."'" : "null").","; $sql .= " ".(isset($this->pa_ht) ? "'".price2num($this->pa_ht)."'" : "null").","; - $sql .= ' '.$this->special_code.','; - $sql .= ' '.$this->rang.','; + $sql .= ' '.((int) $this->special_code).','; + $sql .= ' '.((int) $this->rang).','; $sql .= " '".$this->db->escape($this->ref_fourn)."'"; $sql .= ", ".($this->fk_multicurrency > 0 ? $this->fk_multicurrency : 'null'); $sql .= ", '".$this->db->escape($this->multicurrency_code)."'"; @@ -3100,7 +3100,7 @@ class SupplierProposalLine extends CommonObjectLine $error = 0; $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposaldet WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposaldet WHERE rowid = ".((int) $this->id); dol_syslog("SupplierProposalLine::delete", LOG_DEBUG); if ($this->db->query($sql)) { // Remove extrafields @@ -3248,7 +3248,7 @@ class SupplierProposalLine extends CommonObjectLine $sql .= " , multicurrency_total_tva=".price2num($this->multicurrency_total_tva).""; $sql .= " , multicurrency_total_ttc=".price2num($this->multicurrency_total_ttc).""; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -3296,7 +3296,7 @@ class SupplierProposalLine extends CommonObjectLine $sql .= " total_ht=".price2num($this->total_ht, 'MT'); $sql .= ",total_tva=".price2num($this->total_tva, 'MT'); $sql .= ",total_ttc=".price2num($this->total_ttc, 'MT'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("SupplierProposalLine::update_total", LOG_DEBUG); diff --git a/htdocs/supplier_proposal/index.php b/htdocs/supplier_proposal/index.php index 85f5f96c1af..ac937fe480d 100644 --- a/htdocs/supplier_proposal/index.php +++ b/htdocs/supplier_proposal/index.php @@ -72,10 +72,10 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('supplier_proposal').")"; if ($user->socid) { - $sql .= ' AND p.fk_soc = '.$user->socid; + $sql .= ' AND p.fk_soc = '.((int) $user->socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " AND p.fk_statut IN (0,1,2,3,4)"; $sql .= " GROUP BY p.fk_statut"; @@ -176,7 +176,7 @@ if (!empty($conf->supplier_proposal->enabled)) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $db->query($sql); @@ -234,7 +234,7 @@ if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.tms DESC"; $sql .= $db->plimit($max, 0); @@ -312,7 +312,7 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa $sql .= " AND p.entity IN (".getEntity('supplier_proposal').")"; $sql .= " AND p.fk_statut = 1"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/supplier_proposal/list.php b/htdocs/supplier_proposal/list.php index 3c89be6bfe4..71cd1c1fa69 100644 --- a/htdocs/supplier_proposal/list.php +++ b/htdocs/supplier_proposal/list.php @@ -1,16 +1,17 @@ - * Copyright (C) 2004-2017 Laurent Destailleur - * Copyright (C) 2004 Eric Seigne - * Copyright (C) 2005 Marc Barilley / Ocebo - * Copyright (C) 2005-2013 Regis Houssin - * Copyright (C) 2006 Andre Cianfarani - * Copyright (C) 2010-2011 Juanjo Menent - * Copyright (C) 2010-2019 Philippe Grand - * Copyright (C) 2012 Christophe Battarel - * Copyright (C) 2013 Cédric Salvador - * Copyright (C) 2016 Ferran Marcet - * Copyright (C) 2018 Charlene Benke +/* Copyright (C) 2001-2007 Rodolphe Quiedeville + * Copyright (C) 2004-2017 Laurent Destailleur + * Copyright (C) 2004 Eric Seigne + * Copyright (C) 2005 Marc Barilley / Ocebo + * Copyright (C) 2005-2013 Regis Houssin + * Copyright (C) 2006 Andre Cianfarani + * Copyright (C) 2010-2011 Juanjo Menent + * Copyright (C) 2010-2019 Philippe Grand + * Copyright (C) 2012 Christophe Battarel + * Copyright (C) 2013 Cédric Salvador + * Copyright (C) 2016 Ferran Marcet + * Copyright (C) 2018 Charlene Benke + * Copyright (C) 2021 Alexandre Spangaro * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -65,6 +66,22 @@ $search_town = GETPOST('search_town', 'alpha'); $search_zip = GETPOST('search_zip', 'alpha'); $search_state = GETPOST("search_state"); $search_country = GETPOST("search_country", 'int'); +$search_date_startday = GETPOST('search_date_startday', 'int'); +$search_date_startmonth = GETPOST('search_date_startmonth', 'int'); +$search_date_startyear = GETPOST('search_date_startyear', 'int'); +$search_date_endday = GETPOST('search_date_endday', 'int'); +$search_date_endmonth = GETPOST('search_date_endmonth', 'int'); +$search_date_endyear = GETPOST('search_date_endyear', 'int'); +$search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear); // Use tzserver +$search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear); +$search_date_valid_startday = GETPOST('search_date_valid_startday', 'int'); +$search_date_valid_startmonth = GETPOST('search_date_valid_startmonth', 'int'); +$search_date_valid_startyear = GETPOST('search_date_valid_startyear', 'int'); +$search_date_valid_endday = GETPOST('search_date_valid_endday', 'int'); +$search_date_valid_endmonth = GETPOST('search_date_valid_endmonth', 'int'); +$search_date_valid_endyear = GETPOST('search_date_valid_endyear', 'int'); +$search_date_valid_start = dol_mktime(0, 0, 0, $search_date_valid_startmonth, $search_date_valid_startday, $search_date_valid_startyear); // Use tzserver +$search_date_valid_end = dol_mktime(23, 59, 59, $search_date_valid_endmonth, $search_date_valid_endday, $search_date_valid_endyear); $search_type_thirdparty = GETPOST("search_type_thirdparty", 'int'); $search_montant_ht = GETPOST('search_montant_ht', 'alpha'); $search_montant_vat = GETPOST('search_montant_vat', 'alpha'); @@ -83,12 +100,6 @@ $search_remove_btn = GETPOST('button_removefilter', 'alpha'); $sall = trim((GETPOST('search_all', 'alphanohtml') != '') ?GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml')); $mesg = (GETPOST("msg") ? GETPOST("msg") : GETPOST("mesg")); -$year = GETPOST("year"); -$month = GETPOST("month"); -$day = GETPOST("day"); -$yearvalid = GETPOST("yearvalid"); -$monthvalid = GETPOST("monthvalid"); -$dayvalid = GETPOST("dayvalid"); $optioncss = GETPOST('optioncss', 'alpha'); $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; @@ -202,6 +213,8 @@ if ($reshook < 0) { setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); } +$search_product_category = 0; + include DOL_DOCUMENT_ROOT.'/core/actions_changeselectedfields.inc.php'; // Do we click on purge search criteria ? @@ -227,12 +240,22 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x' $search_type = ''; $search_country = ''; $search_type_thirdparty = ''; - $yearvalid = ''; - $monthvalid = ''; - $dayvalid = ''; - $year = ''; - $month = ''; - $day = ''; + $search_date_startday = ''; + $search_date_startmonth = ''; + $search_date_startyear = ''; + $search_date_endday = ''; + $search_date_endmonth = ''; + $search_date_endyear = ''; + $search_date_start = ''; + $search_date_end = ''; + $search_date_valid_startday = ''; + $search_date_valid_startmonth = ''; + $search_date_valid_startyear = ''; + $search_date_valid_endday = ''; + $search_date_valid_endmonth = ''; + $search_date_valid_endyear = ''; + $search_date_valid_start = ''; + $search_date_valid_end = ''; $search_status = ''; $object_statut = ''; } @@ -283,7 +306,7 @@ $sql .= " u.firstname, u.lastname, u.photo, u.login"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -317,7 +340,7 @@ if ($search_user > 0) { $sql .= ' WHERE sp.fk_soc = s.rowid'; $sql .= ' AND sp.entity IN ('.getEntity('supplier_proposal').')'; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_town) { $sql .= natural_search('s.town', $search_town); @@ -353,7 +376,7 @@ if ($search_montant_ttc != '') { $sql .= natural_search("sp.total_ttc", $search_montant_ttc, 1); } if ($search_multicurrency_code != '') { - $sql .= ' AND sp.multicurrency_code = "'.$db->escape($search_multicurrency_code).'"'; + $sql .= " AND sp.multicurrency_code = '".$db->escape($search_multicurrency_code)."'"; } if ($search_multicurrency_tx != '') { $sql .= natural_search('sp.multicurrency_tx', $search_multicurrency_tx, 1); @@ -376,8 +399,18 @@ if ($socid) { if ($search_status >= 0 && $search_status != '') { $sql .= ' AND sp.fk_statut IN ('.$db->sanitize($db->escape($search_status)).')'; } -$sql .= dolSqlDateFilter("sp.date_livraison", $day, $month, $year); -$sql .= dolSqlDateFilter("sp.date_valid", $dayvalid, $monthvalid, $yearvalid); +if ($search_date_start) { + $sql .= " AND sp.date_livraison >= '".$db->idate($search_date_start)."'"; +} +if ($search_date_end) { + $sql .= " AND sp.date_livraison <= '".$db->idate($search_date_end)."'"; +} +if ($search_date_valid_start) { + $sql .= " AND sp.date_valid >= '".$db->idate($search_date_valid_start)."'"; +} +if ($search_date_valid_end) { + $sql .= " AND sp.date_valid <= '".$db->idate($search_date_valid_end)."'"; +} if ($search_sale > 0) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale); } @@ -446,11 +479,41 @@ if ($resql) { if ($sall) { $param .= '&sall='.urlencode($sall); } - if ($month) { - $param .= '&month='.urlencode($month); + if ($search_date_startday) { + $param .= '&search_date_startday='.urlencode($search_date_startday); } - if ($year) { - $param .= '&year='.urlencode($year); + if ($search_date_startmonth) { + $param .= '&search_date_startmonth='.urlencode($search_date_startmonth); + } + if ($search_date_startyear) { + $param .= '&search_date_startyear='.urlencode($search_date_startyear); + } + if ($search_date_endday) { + $param .= '&search_date_endday='.urlencode($search_date_endday); + } + if ($search_date_endmonth) { + $param .= '&search_date_endmonth='.urlencode($search_date_endmonth); + } + if ($search_date_endyear) { + $param .= '&search_date_endyear='.urlencode($search_date_endyear); + } + if ($search_date_valid_startday) { + $param .= '&search_date_valid_startday='.urlencode($search_date_valid_startday); + } + if ($search_date_valid_startmonth) { + $param .= '&search_date_valid_startmonth='.urlencode($search_date_valid_startmonth); + } + if ($search_date_valid_startyear) { + $param .= '&search_date_valid_startyear='.urlencode($search_date_valid_startyear); + } + if ($search_date_valid_endday) { + $param .= '&search_date_valid_endday='.urlencode($search_date_valid_endday); + } + if ($search_date_valid_endmonth) { + $param .= '&search_date_valid_endmonth='.urlencode($search_date_valid_endmonth); + } + if ($search_date_valid_endyear) { + $param .= '&search_date_valid_endyear='.urlencode($search_date_valid_endyear); } if ($search_ref) { $param .= '&search_ref='.urlencode($search_ref); @@ -641,21 +704,23 @@ if ($resql) { // Date if (!empty($arrayfields['sp.date_valid']['checked'])) { print ''; - //print $langs->trans('Month').': '; - print ''; - //print ' '.$langs->trans('Year').': '; - $syearvalid = $yearvalid; - $formother->select_year($syearvalid, 'yearvalid', 1, 20, 5); + print '
'; + print $form->selectDate($search_date_valid_start ? $search_date_valid_start : -1, 'search_date_valid_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')); + print '
'; + print '
'; + print $form->selectDate($search_date_valid_end ? $search_date_valid_end : -1, 'search_date_valid_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')); + print '
'; print ''; } // Date if (!empty($arrayfields['sp.date_livraison']['checked'])) { print ''; - //print $langs->trans('Month').': '; - print ''; - //print ' '.$langs->trans('Year').': '; - $syear = $year; - $formother->select_year($syear, 'year', 1, 20, 5); + print '
'; + print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')); + print '
'; + print '
'; + print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')); + print '
'; print ''; } diff --git a/htdocs/support/default.css b/htdocs/support/default.css deleted file mode 100644 index 735224254d3..00000000000 --- a/htdocs/support/default.css +++ /dev/null @@ -1,191 +0,0 @@ -/* Copyright (C) 2004 Rodolphe Quiedeville - * Copyright (C) 2009 Laurent Destailleur - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -body { -font-size:14px; -font-family: Verdana, Tahoma, Arial, Helvetica, sans-serif; -background: #f9f9f9; -/* background-color: #F4F4F4; */ -margin: 5px 5px; -} - -.center { - text-align: center; -} - -.centpercent { - width: 100%; -} - -.valignmiddle { - vertical-align: middle; -} - -inline-block { - display: inline-block; -} - -div.titre { -padding: 5px 5px 5px 5px; -margin: 0 0 0 0; -} - -span.titre { -font-size: 15px; -font-weight: bold; -background: #FFFFFF; -color: #4965B3; -padding: 5px 5px 5px 5px; -margin: 0 0 0 0; -border: 1px solid #AAAAAA; -} - -div.soustitre { -font-size: 15px; -font-weight: bold; -color: #4965B3; -padding: 0 1.2em 0.5em 2em; -margin: 1.2em 1.2em 1.2em 1.2em; -border-bottom: 1px solid #8CACBB; -border-right: 1px solid #8CACBB; -text-align: right; -} - -input:disabled -{ -background: #FDFDFD; -border: 1px solid #ACBCBB; -padding: 0 0 0 0; -margin: 0 0 0 0; -} - -table.main { -background: #dcdcd3; -text-align: left; -border: 1px solid #8CACBB; -} - -table.tablesupport { - min-height: 250px; -} - -div.ok { -color: #114466; -} - -div.warning { -color: #777711; -} - -div.error { -color: #550000; font-weight: bold; -padding: 0.2em 0.2em 0.2em 0.2em; -margin: 0.5em 0 0.5em 0; -border: 1px solid #6C7C8B; -} - -font.error { -color: #550000; -} - -div.header { -background-color: #dcdff4; -border-bottom: solid black 1px; -padding-left: 5px; -text-align: center; -} - -a:link,a:visited,a:active { - color: #2266DD; - text-decoration:none; -} -a:hover { - color: #2266DD; - text-decoration:underline; -} - -a.titre { -text-decoration:none; -} - - -div.main-inside h2 { -font-size:18px; -font-weight: bold; -color: #4965B3; -} - -tr.bg1 { -background-color: #E5E5E5; -} - -tr.bg2 { -background-color: #B5C5C5; -} - -td.label { -background: #dcdcd3; -color: #5945A3; -padding: 5px 5px 5px 5px; -margin: 0 0 0 0; -border-bottom: 1px solid #8CACBB; -} - -td.comment { -background: #dcdcd3; -color: black; -padding: 5px 5px 5px 5px; -margin: 0 0 0 0; -text-decoration:none; -font-size: 13px; -border-bottom: 1px solid #8CACBB; -} - -.install -{ -border: 1px solid #8CACBB; -padding: 4px 4px 4px 4px; -} - -tr.title -{ -background: #EEEEEE; -} - -table.login { border: 1px solid #E0E0E0; background: #FFF; } - -.tablesupport { - padding: 6px; -} - -.blocksupport { - padding: 12px; - /* width: 90%; */ -} -/* Force values for small screen 570 */ -@media only screen and (max-width: 570px) -{ - .blocksupport { - width: 90%; - } -} - -.inline-block -{ - display:inline-block; - vertical-align: top; -} diff --git a/htdocs/support/inc.php b/htdocs/support/inc.php index 31236ab5fa9..2836650fe71 100644 --- a/htdocs/support/inc.php +++ b/htdocs/support/inc.php @@ -229,10 +229,9 @@ function conf($dolibarr_main_document_root) */ function pHeader($soutitre, $next, $action = 'none') { - global $conf; - global $langs; - $langs->load("main"); - $langs->load("admin"); + global $conf, $langs; + + $langs->loadLangs(array("main", "admin")); // On force contenu dans format sortie header("Content-type: text/html; charset=".$conf->file->character_set_client); @@ -246,7 +245,7 @@ function pHeader($soutitre, $next, $action = 'none') print ''."\n"; print ''."\n"; print ''."\n"; - print ''."\n"; + print ''."\n"; print ''.$langs->trans("DolibarrHelpCenter").''."\n"; print ''."\n"; diff --git a/htdocs/support/index.php b/htdocs/support/index.php index 220da1290ac..4c80445865b 100644 --- a/htdocs/support/index.php +++ b/htdocs/support/index.php @@ -40,14 +40,15 @@ if (!defined('DOL_URL_ROOT')) { $langs->loadLangs(array("other", $langs->load("help"))); + /* * View */ pHeader($langs->trans("DolibarrHelpCenter"), $_SERVER["PHP_SELF"]); -print '
'.$langs->trans("HelpCenterDesc1")."
\n"; -print $langs->trans("HelpCenterDesc2")."
\n"; +print '
'.$langs->trans("HelpCenterDesc1")."
\n"; +print $langs->trans("HelpCenterDesc2")."
\n"; print '
'; @@ -80,12 +81,14 @@ print ''; print ''; print '