From 35c731dab6173ba438f0d217cd13500fde9b29f4 Mon Sep 17 00:00:00 2001 From: Rodolphe Quiedeville Date: Tue, 13 May 2003 14:27:40 +0000 Subject: [PATCH] =?UTF-8?q?Ajout=20s=E9curit=E9=20acc=E9s=20ext=E9rieur?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- htdocs/fourn/contact.php3 | 19 +++- htdocs/fourn/facture/index.php3 | 168 ++++++++++++++++-------------- htdocs/fourn/facture/pre.inc.php3 | 11 +- htdocs/fourn/fiche.php3 | 34 ++++-- htdocs/fourn/pre.inc.php3 | 9 +- 5 files changed, 147 insertions(+), 94 deletions(-) diff --git a/htdocs/fourn/contact.php3 b/htdocs/fourn/contact.php3 index 17e064918b6..d0e3afbd5af 100644 --- a/htdocs/fourn/contact.php3 +++ b/htdocs/fourn/contact.php3 @@ -1,5 +1,5 @@ +/* Copyright (C) 2001-2003 Rodolphe Quiedeville * * $Id$ * $Source$ @@ -22,11 +22,24 @@ require("./pre.inc.php3"); llxHeader(); + +/* + * Sécurité accés client + */ +if ($user->societe_id > 0) +{ + $action = ''; + $socid = $user->societe_id; +} + + $db = new Db(); -if ($sortorder == "") { +if ($sortorder == "") +{ $sortorder="ASC"; } -if ($sortfield == "") { +if ($sortfield == "") + { $sortfield="p.name"; } diff --git a/htdocs/fourn/facture/index.php3 b/htdocs/fourn/facture/index.php3 index 58ad8fe77d9..6681b2e78cf 100644 --- a/htdocs/fourn/facture/index.php3 +++ b/htdocs/fourn/facture/index.php3 @@ -22,44 +22,62 @@ require("./pre.inc.php3"); require("../../contact.class.php3"); - llxHeader(); + +/* + * Sécurité accés client + */ +if ($user->societe_id > 0) +{ + $action = ''; + $socid = $user->societe_id; +} + $db = new Db(); -if ($action == 'note') { +if ($action == 'note') +{ $sql = "UPDATE societe SET note='$note' WHERE idp=$socid"; $result = $db->query($sql); } -if ($action == 'stcomm') { - if ($stcommid <> 'null' && $stcommid <> $oldstcomm) { - $sql = "INSERT INTO socstatutlog (datel, fk_soc, fk_statut, author) "; - $sql .= " VALUES ('$dateaction',$socid,$stcommid,'" . $GLOBALS["REMOTE_USER"] . "')"; - $result = @$db->query($sql); - - if ($result) { - $sql = "UPDATE societe SET fk_stcomm=$stcommid WHERE idp=$socid"; - $result = $db->query($sql); - } else { - $errmesg = "ERREUR DE DATE !"; +if ($action == 'stcomm') +{ + if ($stcommid <> 'null' && $stcommid <> $oldstcomm) + { + $sql = "INSERT INTO socstatutlog (datel, fk_soc, fk_statut, author) "; + $sql .= " VALUES ('$dateaction',$socid,$stcommid,'" . $GLOBALS["REMOTE_USER"] . "')"; + $result = @$db->query($sql); + + if ($result) + { + $sql = "UPDATE societe SET fk_stcomm=$stcommid WHERE idp=$socid"; + $result = $db->query($sql); + } + else + { + $errmesg = "ERREUR DE DATE !"; + } } - } - - if ($actioncommid) { - $sql = "INSERT INTO actioncomm (datea, fk_action, fk_soc, fk_user_author) VALUES ('$dateaction',$actioncommid,$socid,'" . $user->id . "')"; - $result = @$db->query($sql); - - if (!$result) { - $errmesg = "ERREUR DE DATE !"; + + if ($actioncommid) + { + $sql = "INSERT INTO actioncomm (datea, fk_action, fk_soc, fk_user_author) VALUES ('$dateaction',$actioncommid,$socid,'" . $user->id . "')"; + $result = @$db->query($sql); + + if (!$result) + { + $errmesg = "ERREUR DE DATE !"; + } } - } } -if ($action == 'delete') { +if ($action == 'delete') +{ $fac = new FactureFourn($db); $fac->delete($facid); - + $facid = 0 ; } @@ -94,68 +112,64 @@ if ($mode == 'search') $db->free(); } } + /* + * Mode Liste * - * Mode fiche - * - * - */ -if ($socid > 0) -{ + */ +print_barre_liste("Liste des factures fournisseurs", $page, $PHP_SELF); +if ($sortorder == "") +{ + $sortorder="DESC"; } -else +if ($sortfield == "") { - /* - * Mode Liste - * - * - * - */ - print_barre_liste("Liste des factures fournisseurs", $page, $PHP_SELF); + $sortfield="fac.paye ASC, fac.datef"; +} - if ($sortorder == "") + +$sql = "SELECT s.idp as socid, s.nom, ".$db->pdate("s.datec")." as datec, ".$db->pdate("s.datea")." as datea, s.prefix_comm, fac.total_ht, fac.paye, fac.libelle, ".$db->pdate("fac.datef")." as datef, fac.rowid as facid, fac.facnumber"; +$sql .= " FROM societe as s, llx_facture_fourn as fac "; +$sql .= " WHERE fac.fk_soc = s.idp"; + +if ($socid) +{ + $sql .= " AND s.idp = $socid"; +} + +$sql .= " ORDER BY $sortfield $sortorder " . $db->plimit( $limit, $offset); + +$result = $db->query($sql); + +if ($result) +{ + $num = $db->num_rows(); + $i = 0; + + if ($sortorder == "DESC") + { + $sortorder="ASC"; + } + else { $sortorder="DESC"; } - if ($sortfield == "") + print "

"; + print ''; + print ''; + print ''; + print ''; + print "\n"; + $var=True; + while ($i < $num) { - $sortfield="fac.paye ASC, fac.datef"; - } - - - $sql = "SELECT s.idp as socid, s.nom, ".$db->pdate("s.datec")." as datec, ".$db->pdate("s.datea")." as datea, s.prefix_comm, fac.total_ht, fac.paye, fac.libelle, ".$db->pdate("fac.datef")." as datef, fac.rowid as facid, fac.facnumber"; - $sql .= " FROM societe as s, llx_facture_fourn as fac "; - $sql .= " WHERE fac.fk_soc = s.idp"; - - $sql .= " ORDER BY $sortfield $sortorder " . $db->plimit( $limit, $offset); - - $result = $db->query($sql); - - if ($result) { - $num = $db->num_rows(); - $i = 0; - - if ($sortorder == "DESC") - { - $sortorder="ASC"; - } else { - $sortorder="DESC"; - } - print "

NuméroLibellé'; + print_liste_field_titre("Société",$PHP_SELF,"s.nom"); + print 'MontantPayé
"; - print ''; - print ''; - print ''; - print ''; - print "\n"; - $var=True; - while ($i < $num) { $obj = $db->fetch_object( $i); $var=!$var; - + print ""; print "\n"; print "\n"; @@ -170,10 +184,12 @@ else } print "
NuméroLibellé'; - print_liste_field_titre("Société",$PHP_SELF,"s.nom"); - print 'MontantPayé
facid\">$obj->facnumberfacid\">$obj->libelle
"; $db->free(); - } else { - print $db->error(); - } } +else +{ + print $db->error(); +} + $db->close(); llxFooter("Dernière modification $Date$ révision $Revision$"); diff --git a/htdocs/fourn/facture/pre.inc.php3 b/htdocs/fourn/facture/pre.inc.php3 index d60f1067b81..067861049f7 100644 --- a/htdocs/fourn/facture/pre.inc.php3 +++ b/htdocs/fourn/facture/pre.inc.php3 @@ -38,12 +38,19 @@ function llxHeader($head = "", $urlp = "") { $menu->add("/fourn/index.php3", "Fournisseurs"); + if ($user->societe_id == 0) + { + $menu->add_submenu("/soc.php3?&action=create","Nouvelle société"); + } - $menu->add_submenu("/soc.php3?&action=create","Nouvelle sociétée"); $menu->add_submenu("contact.php3","Contacts"); $menu->add("/fourn/facture/index.php3", "Factures"); - $menu->add_submenu("fiche.php3?action=create","Nouvelle"); + + if ($user->societe_id == 0) + { + $menu->add_submenu("fiche.php3?action=create","Nouvelle"); + } left_menu($menu->liste); } diff --git a/htdocs/fourn/fiche.php3 b/htdocs/fourn/fiche.php3 index e5df634eac9..c91b48c7ead 100644 --- a/htdocs/fourn/fiche.php3 +++ b/htdocs/fourn/fiche.php3 @@ -23,20 +23,35 @@ require("./pre.inc.php3"); require("../contact.class.php3"); llxHeader(); + $db = new Db(); -if ($sortorder == "") { + +/* + * Sécurité accés client + */ +if ($user->societe_id > 0) +{ + $action = ''; + $socid = $user->societe_id; +} + +if ($sortorder == "") +{ $sortorder="ASC"; } -if ($sortfield == "") { +if ($sortfield == "") +{ $sortfield="nom"; } -if ($action == 'attribute_prefix') { +if ($action == 'attribute_prefix') +{ $societe = new Societe($db, $socid); $societe->attribute_prefix($db, $socid); } -if ($action == 'recontact') { +if ($action == 'recontact') +{ $dr = mktime(0, 0, 0, $remonth, $reday, $reyear); $sql = "INSERT INTO llx_soc_recontact (fk_soc, datere, author) VALUES ($socid, $dr,'". $GLOBALS["REMOTE_USER"]."')"; $result = $db->query($sql); @@ -99,7 +114,6 @@ if ($mode == 'search') { if ($socid > 0) { $societe = new Societe($db, $socid); - $sql = "SELECT s.idp, s.nom, ".$db->pdate("s.datec")." as dc, s.tel, s.fax, st.libelle as stcomm, s.fk_stcomm, s.url,s.address,s.cp,s.ville, s.note, t.libelle as typent, e.libelle as effectif, s.siren, s.prefix_comm, s.services,s.parent, s.description FROM societe as s, c_stcomm as st, c_typent as t, c_effectif as e "; $sql .= " WHERE s.fk_stcomm=st.id AND s.fk_typent = t.id AND s.fk_effectif = e.id"; @@ -362,14 +376,14 @@ if ($socid > 0) { print ''; print ""; print "
".nl2br($objsoc->note)."
"; - - - } - } else { + } + else { print $db->error() . "
" . $sql; } -} else { +} +else +{ print "Erreur"; } $db->close(); diff --git a/htdocs/fourn/pre.inc.php3 b/htdocs/fourn/pre.inc.php3 index 828d01afc3c..6afd10094b8 100644 --- a/htdocs/fourn/pre.inc.php3 +++ b/htdocs/fourn/pre.inc.php3 @@ -42,12 +42,15 @@ function llxHeader($head = "", $urlp = "") { */ if ($user->societe_id == 0) { - $menu->add_submenu("/soc.php3?&action=create","Nouvelle société"); - $menu->add_submenu("contact.php3","Contacts"); + } + $menu->add_submenu("contact.php3","Contacts"); - $menu->add("/fourn/facture/index.php3", "Factures"); + $menu->add("/fourn/facture/index.php3", "Factures"); + + if ($user->societe_id == 0) + { $menu->add_submenu("/fourn/facture/fiche.php3?action=create","Nouvelle"); } left_menu($menu->liste);