Ajout s�curit� acc�s ext�rieur

2003-05-13 14:27:40 +00:00 · 2003-05-13 14:27:40 +00:00 · 35c731dab6
commit 35c731dab6
parent deb542f6a6
5 changed files with 147 additions and 94 deletions
--- a/htdocs/fourn/contact.php3
+++ b/htdocs/fourn/contact.php3
@ -1,5 +1,5 @@
 <?PHP
-/* Copyright (C) 2001-2002 Rodolphe Quiedeville <rodolphe@quiedeville.org>
+/* Copyright (C) 2001-2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
 *
 * $Id$
 * $Source$
@ -22,11 +22,24 @@
 require("./pre.inc.php3");

 llxHeader();
+
+/*
+ * Sécurité accés client
+ */
+if ($user->societe_id > 0) 
+{
+  $action = '';
+  $socid = $user->societe_id;
+}
+
+
 $db = new Db();
-if ($sortorder == "") {
+if ($sortorder == "")
+{
  $sortorder="ASC";
 }
-if ($sortfield == "") {
+if ($sortfield == "")
+ {
  $sortfield="p.name";
 }

--- a/htdocs/fourn/facture/index.php3
+++ b/htdocs/fourn/facture/index.php3
@ -22,44 +22,62 @@
 require("./pre.inc.php3");
 require("../../contact.class.php3");

-
 llxHeader();
+
+/*
+ * Sécurité accés client
+ */
+if ($user->societe_id > 0) 
+{
+  $action = '';
+  $socid = $user->societe_id;
+}
+
 $db = new Db();

-if ($action == 'note') {
+if ($action == 'note')
+{
  $sql = "UPDATE societe SET note='$note' WHERE idp=$socid";
  $result = $db->query($sql);
 }

-if ($action == 'stcomm') {
-  if ($stcommid <> 'null' && $stcommid <> $oldstcomm) {
-    $sql = "INSERT INTO socstatutlog (datel, fk_soc, fk_statut, author) ";
-    $sql .= " VALUES ('$dateaction',$socid,$stcommid,'" . $GLOBALS["REMOTE_USER"] . "')";
-    $result = @$db->query($sql);
-
-    if ($result) {
-      $sql = "UPDATE societe SET fk_stcomm=$stcommid WHERE idp=$socid";
-      $result = $db->query($sql);
-    } else {
-      $errmesg = "ERREUR DE DATE !";
+if ($action == 'stcomm')
+{
+  if ($stcommid <> 'null' && $stcommid <> $oldstcomm)
+    {
+      $sql = "INSERT INTO socstatutlog (datel, fk_soc, fk_statut, author) ";
+      $sql .= " VALUES ('$dateaction',$socid,$stcommid,'" . $GLOBALS["REMOTE_USER"] . "')";
+      $result = @$db->query($sql);
+      
+      if ($result)
+	{
+	  $sql = "UPDATE societe SET fk_stcomm=$stcommid WHERE idp=$socid";
+	  $result = $db->query($sql);
+	}
+      else
+	{
+	  $errmesg = "ERREUR DE DATE !";
+	}
    }
-  }
-
-  if ($actioncommid) {
-    $sql = "INSERT INTO actioncomm (datea, fk_action, fk_soc, fk_user_author) VALUES ('$dateaction',$actioncommid,$socid,'" . $user->id . "')";
-    $result = @$db->query($sql);
-
-    if (!$result) {
-      $errmesg = "ERREUR DE DATE !";
+  
+  if ($actioncommid)
+    {
+      $sql = "INSERT INTO actioncomm (datea, fk_action, fk_soc, fk_user_author) VALUES ('$dateaction',$actioncommid,$socid,'" . $user->id . "')";
+      $result = @$db->query($sql);
+      
+      if (!$result)
+	{
+	  $errmesg = "ERREUR DE DATE !";
+	}
    }
-  }
 }


-if ($action == 'delete') {
+if ($action == 'delete')
+{
  $fac = new FactureFourn($db);
  $fac->delete($facid);
-
+  
  $facid = 0 ;
 }

@ -94,68 +112,64 @@ if ($mode == 'search')
      $db->free();
    }
 }
+  
 /*
+ * Mode Liste
 *
- * Mode fiche
- *
- *
- */  
-if ($socid > 0)
-{
+ */
+print_barre_liste("Liste des factures fournisseurs", $page, $PHP_SELF);

+if ($sortorder == "")
+{
+  $sortorder="DESC";
 }
-else
+if ($sortfield == "")
 {
-  /*
-   * Mode Liste
-   *
-   *
-   *
-   */
-  print_barre_liste("Liste des factures fournisseurs", $page, $PHP_SELF);
+  $sortfield="fac.paye ASC, fac.datef";
+}

-  if ($sortorder == "")
+
+$sql = "SELECT s.idp as socid, s.nom, ".$db->pdate("s.datec")." as datec, ".$db->pdate("s.datea")." as datea,  s.prefix_comm, fac.total_ht, fac.paye, fac.libelle, ".$db->pdate("fac.datef")." as datef, fac.rowid as facid, fac.facnumber";
+$sql .= " FROM societe as s, llx_facture_fourn as fac ";
+$sql .= " WHERE fac.fk_soc = s.idp";
+
+if ($socid)
+{
+  $sql .= " AND s.idp = $socid";
+}
+
+$sql .= " ORDER BY $sortfield $sortorder " . $db->plimit( $limit, $offset);
+
+$result = $db->query($sql);
+
+if ($result)
+{
+  $num = $db->num_rows();
+  $i = 0;
+  
+  if ($sortorder == "DESC")
+    {
+      $sortorder="ASC";
+    }
+  else
    {
      $sortorder="DESC";
    }
-  if ($sortfield == "")
+  print "<p><TABLE border=\"0\" width=\"100%\" cellspacing=\"0\" cellpadding=\"4\">";
+  print '<TR class="liste_titre">';
+  print '<TD>Numéro</TD>';
+  print '<TD>Libellé</TD><td>';
+  print_liste_field_titre("Société",$PHP_SELF,"s.nom");
+  print '</td><TD align="right">Montant</TD>';
+  print '<td align="center">Payé</td>';
+  print "</TR>\n";
+  $var=True;
+  while ($i < $num)
    {
-      $sortfield="fac.paye ASC, fac.datef";
-    }
-
-
-  $sql = "SELECT s.idp as socid, s.nom, ".$db->pdate("s.datec")." as datec, ".$db->pdate("s.datea")." as datea,  s.prefix_comm, fac.total_ht, fac.paye, fac.libelle, ".$db->pdate("fac.datef")." as datef, fac.rowid as facid, fac.facnumber";
-  $sql .= " FROM societe as s, llx_facture_fourn as fac ";
-  $sql .= " WHERE fac.fk_soc = s.idp";
-
-  $sql .= " ORDER BY $sortfield $sortorder " . $db->plimit( $limit, $offset);
-
-  $result = $db->query($sql);
-
-  if ($result) {
-    $num = $db->num_rows();
-    $i = 0;
-
-    if ($sortorder == "DESC")
-      {
-	$sortorder="ASC";
-      } else {
-	$sortorder="DESC";
-      }
-    print "<p><TABLE border=\"0\" width=\"100%\" cellspacing=\"0\" cellpadding=\"4\">";
-    print '<TR class="liste_titre">';
-    print '<TD>Numéro</TD>';
-    print '<TD>Libellé</TD><td>';
-    print_liste_field_titre("Société",$PHP_SELF,"s.nom");
-    print '</td><TD align="right">Montant</TD>';
-    print '<td align="center">Payé</td>';
-    print "</TR>\n";
-    $var=True;
-    while ($i < $num) {
      $obj = $db->fetch_object( $i);
      
      $var=!$var;
-
+      
      print "<TR $bc[$var]>";
      print "<TD><a href=\"fiche.php3?facid=$obj->facid\">$obj->facnumber</A></td>\n";
      print "<TD><a href=\"fiche.php3?facid=$obj->facid\">$obj->libelle</A></td>\n";
@ -170,10 +184,12 @@ else
    }
    print "</TABLE>";
    $db->free();
-  } else {
-    print $db->error();
-  }
 }
+else
+{
+  print $db->error();
+}
+
 $db->close();

 llxFooter("<em>Derni&egrave;re modification $Date$ r&eacute;vision $Revision$</em>");
--- a/htdocs/fourn/facture/pre.inc.php3
+++ b/htdocs/fourn/facture/pre.inc.php3
@ -38,12 +38,19 @@ function llxHeader($head = "", $urlp = "") {

  $menu->add("/fourn/index.php3", "Fournisseurs");

+  if ($user->societe_id == 0) 
+    {
+      $menu->add_submenu("/soc.php3?&action=create","Nouvelle société");
+    }

-  $menu->add_submenu("/soc.php3?&action=create","Nouvelle sociétée");
  $menu->add_submenu("contact.php3","Contacts");

  $menu->add("/fourn/facture/index.php3", "Factures");
-  $menu->add_submenu("fiche.php3?action=create","Nouvelle");
+
+  if ($user->societe_id == 0) 
+    {
+      $menu->add_submenu("fiche.php3?action=create","Nouvelle");
+    }

  left_menu($menu->liste);
 }
--- a/htdocs/fourn/fiche.php3
+++ b/htdocs/fourn/fiche.php3
@ -23,20 +23,35 @@ require("./pre.inc.php3");
 require("../contact.class.php3");

 llxHeader();
+
 $db = new Db();
-if ($sortorder == "") {
+
+/*
+ * Sécurité accés client
+ */
+if ($user->societe_id > 0) 
+{
+  $action = '';
+  $socid = $user->societe_id;
+}
+
+if ($sortorder == "")
+{
  $sortorder="ASC";
 }
-if ($sortfield == "") {
+if ($sortfield == "")
+{
  $sortfield="nom";
 }

-if ($action == 'attribute_prefix') {
+if ($action == 'attribute_prefix')
+{
  $societe = new Societe($db, $socid);
  $societe->attribute_prefix($db, $socid);
 }

-if ($action == 'recontact') {
+if ($action == 'recontact')
+{
  $dr = mktime(0, 0, 0, $remonth, $reday, $reyear);
  $sql = "INSERT INTO llx_soc_recontact (fk_soc, datere, author) VALUES ($socid, $dr,'". $GLOBALS["REMOTE_USER"]."')";
  $result = $db->query($sql);
@ -99,7 +114,6 @@ if ($mode == 'search') {
 if ($socid > 0) {
  $societe = new Societe($db, $socid);
  
-
  $sql = "SELECT s.idp, s.nom, ".$db->pdate("s.datec")." as dc, s.tel, s.fax, st.libelle as stcomm, s.fk_stcomm, s.url,s.address,s.cp,s.ville, s.note, t.libelle as typent, e.libelle as effectif, s.siren, s.prefix_comm, s.services,s.parent, s.description FROM societe as s, c_stcomm as st, c_typent as t, c_effectif as e ";
  $sql .= " WHERE s.fk_stcomm=st.id AND s.fk_typent = t.id AND s.fk_effectif = e.id";

@ -362,14 +376,14 @@ if ($socid > 0) {
      print '<table border="1" width="100%" cellspacing="0" bgcolor="#e0e0e0">';
      print "<tr><td>".nl2br($objsoc->note)."</td></tr>";
      print "</table>";
-
-
-
    }
-  } else {
+  }
+  else {
    print $db->error() . "<br>" . $sql;
  }
-} else {
+}
+else
+{
  print "Erreur";
 }
 $db->close();
--- a/htdocs/fourn/pre.inc.php3
+++ b/htdocs/fourn/pre.inc.php3
@ -42,12 +42,15 @@ function llxHeader($head = "", $urlp = "") {
   */
  if ($user->societe_id == 0) 
    {
-
      $menu->add_submenu("/soc.php3?&action=create","Nouvelle société");
-      $menu->add_submenu("contact.php3","Contacts");
+    }

+  $menu->add_submenu("contact.php3","Contacts");

-      $menu->add("/fourn/facture/index.php3", "Factures");
+  $menu->add("/fourn/facture/index.php3", "Factures");
+
+  if ($user->societe_id == 0) 
+    {
      $menu->add_submenu("/fourn/facture/fiche.php3?action=create","Nouvelle");
    }
  left_menu($menu->liste);