lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/develop' into 14a26

Browse Source
This commit is contained in:
Alexandre SPANGARO 2021-04-10 21:44:23 +02:00
commit 451164ba64
1146 changed files with 21231 additions and 11381 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.gitattributes vendored
View File

@ -11,26 +11,31 @@
*.htm text eol=lf
*.html text eol=lf
*.js text eol=lf
*.json text eol=lf
*.css text eol=lf
*.lang text eol=lf
*.txt text eol=lf
*.md text eol=lf
*.pp text eol=lf
*.sh text eol=lf
*.yml text eol=lf
*.yaml text eol=lf
*.conf text eol=lf
.bash_aliases text eol=lf
# Denote all files that are truly binary and should not be modified.
*.bmp binary
*.ico binary
*.png binary
*.jpg binary
*.odt binary
*.odf binary
*.frm binary
*.ico binary
*.jpeg binary
*.jpg binary
*.MYD binary
*.MYI binary
*.odf binary
*.odt binary
*.png binary
# Export ignores to generate clean production tarballs
/build export-ignore

6
.github/CODE_OF_CONDUCT.md vendored
View File

@ -77,8 +77,8 @@ contact@dolibarr.org
## 10. License and attribution
This Code of Conduct is distributed under a [Creative Commons Attribution-ShareAlike license](http://creativecommons.org/licenses/by-sa/3.0/).
This Code of Conduct is distributed under a [Creative Commons Attribution-ShareAlike license](https://creativecommons.org/licenses/by-sa/3.0/).
Portions of text derived from the [Django Code of Conduct](https://www.djangoproject.com/conduct/) and the [Geek Feminism Anti-Harassment Policy](http://geekfeminism.wikia.com/wiki/Conference_anti-harassment/Policy).
Portions of text derived from the [Django Code of Conduct](https://www.djangoproject.com/conduct/) and the [Geek Feminism Anti-Harassment Policy](https://geekfeminism.wikia.com/wiki/Conference_anti-harassment/Policy).
Retrieved on November 22, 2016 from [http://citizencodeofconduct.org/](http://citizencodeofconduct.org/)
Retrieved on November 22, 2016 from [https://citizencodeofconduct.org/](http://citizencodeofconduct.org/)

2
.travis.yml
View File

@ -1,6 +1,6 @@
# This script is used by Travis CI to run automatically Continuous test integration
# from Dolibarr GitHub repository.
# For syntax, see http://about.travis-ci.org/docs/user/languages/php/
# For syntax, see https://docs.travis-ci.com/user/languages/php/
# We use dist: xenial to have php 5.6+ available
os: linux

2
COPYING
View File

@ -1,7 +1,7 @@
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.

2
COPYRIGHT
View File

@ -23,7 +23,7 @@ PEAR Mail_MIME 1.8.9 BSD Yes
ParseDown 1.6 MIT License Yes Markdown parser
PCLZip 2.8.4 LGPL-3+ Yes Library to zip/unzip files
PHPDebugBar 1.15.1 MIT License Yes Used only by the module "debugbar" for developers
PHPSpreadSheet ? LGPL-2.1+ Yes Read/Write XLS files, read ODS files
PHPSpreadSheet 1.8.2 LGPL-2.1+ Yes Read/Write XLS files, read ODS files
php-iban 1.4.7 LGPL-3+ Yes Parse and validate IBAN (and IIBAN) bank account information in PHP
PHPoAuthLib 0.8.2 MIT License Yes Library to provide oauth1 and oauth2 to different service
PHPPrintIPP 1.3 GPL-2+ Yes Library to send print IPP requests

26
ChangeLog
View File

@ -7,10 +7,13 @@ English Dolibarr ChangeLog
For users:
----------
NEW: Several security issues after a second private bug bounty campaign.
For developers:
---------------
* start new module EventOrganization
@ -19,11 +22,12 @@ WARNING:
Following changes may create regressions for some external modules, but were necessary to make Dolibarr better:
* The ICS value for direct debit or credit transfer is now store on each bank account instead of into the global setup.
* API /setup/shipment_methods has been replaced with API /setup/shipping_methods
* Field "total" renamed into to "total_ht" for table llx_facture, llx_facture_rec for better field name consistency
* Field "tva" renamed into "total_tva" for table llx_propal, llx_supplier_proposal, llx_commande, llx_commande_fournisseur for better field name consistency
* Field "total" renamed into "total_ttc" for table lx_propal, llx_supplier_proposal for better field name consistency
* If your database is PostgreSql, you must use version 9.1.0 or more (Dolibarr need the SQL function CONCAT)
* If your database is MySql or MariaDB, you need at least version 5.1
* Function set_price_level() has been renamed into setPriceLevel() to follow camelcase rules
***** ChangeLog for 13.0.2 compared to 13.0.1 *****
@ -47,21 +51,21 @@ FIX: #16533
FIX: #16629
FIX: #16671 Can not generate zip file of documents in backup tool
FIX: Add "Now" link on social charges creation card
FIX: avoid undefined url and missing token
FIX: avoid undefined URL and missing token
FIX: Bad project filter in ticket list
FIX: Buttons to disable bindings not working
FIX: class not found when creating recuring invoice from invoice+discount
FIX: File attachment on lots
FIX: File attachment on lots/batches
FIX: handling $heightforinfotot when he's superior to a page height on Supplier Invoice
FIX: hourglass and hide button to pay
FIX: massaction validate invoice do not regenerate pdf
FIX: massaction validate invoice do not regenerate PDF
FIX: missing mp4 video mime
FIX: picto on shipment to reset qty to 0. Some quantities were not reset.
FIX: Protection to avoid #16504
FIX: rounding amount on card updating
FIX: Rounding amount on social charges card updating
FIX: rounding amount on social charges card updating
FIX: select list dependencies now work for ModuleBuilder sellist field
FIX: Status in popup of member in widget
FIX: status in popup of member in widget
FIX: status on tooltip on widgets
FIX: Timezone management for datetime on list of events
FIX: Timezone management for datetime with modulebuilder and extrafields
@ -92,9 +96,9 @@ FIX: #16135
FIX: #16143
FIX: #16156
FIX: #16160
FIX: #16165 Create customer discount without vat
FIX: #16165 Create customer discount without VAT
FIX: #16185
FIX: #16189, fix download/see check deposit PDF
FIX: #16189 fix download/see check deposit PDF
FIX: #16215
FIX: Accountancy - label_operation is used instead of label_compte
FIX: Add critical price patch
@ -104,7 +108,7 @@ FIX: cash fence for takepos with multientity
FIX: CSRF errors on margin forms
FIX: encoding status in graph of vendor proposals
FIX: Fix detect dispached product and set to received completely when the supplier order have services (support STOCK_SUPPORTS_SERVICES)
FIX: Hide/Unhide external ICSS calendars
FIX: hide/unhide external ICS calendars
FIX: link to create event when task is in a project with a thirdparty
FIX: Localtax must be converted with price2num
FIX: manage price min for PRODUIT_CUSTOMER_PRICES
@ -125,7 +129,7 @@ FIX: warning when adding a line if $remise_percent is an empty string
FIX: status late on purchase orders
FIX: ODT generation very slow
FIX: amount in summary of report
FIX: vat value when code contains number
FIX: VAT value when code contains number
FIX: payment term label on PDF
FIX: date selector when using reduced year (like on smartphone)
@ -144,7 +148,7 @@ NEW: Accountancy - add options to disable binding on sales, purchases & expense
NEW: Accountancy balance - add a menu entry to show subtotal by group
NEW: Accountancy - change menu disposition
NEW: Accountancy - on transfers, select the periodicity by default
NEW: Accountancy - Add export for Gestinum (v3 & v5) #15180
NEW: Accountancy - add export for Gestinum (v3 & v5) #15180
NEW: new currency rate editor
NEW: Solve blocking feature. Can increase stock of a Kit without changing subproduct stock.
NEW: add a widget to show the customers with outstanding limits reached

5
README.md
View File

@ -98,7 +98,7 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog)
### Main application/modules (all optional)
- Customers, Prospects (Leads) and/or Suppliers directory + Contacts
- Members management
- Members/Membership management
- Products and/or Services catalog
- Commercial proposals management
- Customer & Supplier Orders management
@ -112,6 +112,7 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog)
- Shared calendar/agenda (with ical and vcal export for third party tools integration)
- Opportunities or Leads management
- Projects & Tasks management
- Ticket System
- Contracts management
- Interventions management
- Employee's leave requests management
@ -160,7 +161,7 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog)
- Canadian double taxes (federal/province) and other countries using cumulative VAT
- Tunisian tax stamp
- Argentina invoice numbering using A,B,C...
- Compatible with [European directives](http://europa.eu/legislation_summaries/taxation/l31057_en.htm) (2006/112/CE ... 2010/45/UE)
- Compatible with [European directives] (https://europa.eu/legislation_summaries/taxation/l31057_en.htm) (2006/112/CE ... 2010/45/UE)
- Compatible with European GDPR rules
- ...
- Flexible PDF & ODT generation for invoices, proposals, orders...

10
SECURITY.md
View File

@ -12,7 +12,7 @@ This file contains some policies about the security reports on Dolibarr ERP CRM
## Reporting a Vulnerability
To report a vulnerability, please use GitHub security advisory at https://github.com/Dolibarr/dolibarr/security/advisories/new (or alternatively send an email to security@dolibarr.org)
To report a vulnerability, please use GitHub security advisory at https://github.com/Dolibarr/dolibarr/security/advisories/new (if you have permissions) or alternatively send an email to security@dolibarr.org (for everybody)
## Hunting vulnerabilities on Dolibarr
@ -55,7 +55,7 @@ ONLY vulnerabilities discovered, when the following setup on test platform is us
* $dolibarr_nocsrfcheck must be kept to the value 0 into conf.php (this is the default value)
* $dolibarr_main_force_https must be set to something else than 0.
* The constant MAIN_SECURITY_CSRF_WITH_TOKEN must be set to 1 into backoffice menu Home - Setup - Other (this protection should be set to 1 soon by default)
* The module DebugBar and ModuleBuilder must NOT be enabled (by default, this module is not enabled. This is a developer tool)
* The module DebugBar and ModuleBuilder must NOT be enabled (by default, these modules are not enabled. They are developer tools)
* ONLY security reports on modules provided by default and with the "stable" status are valid (troubles into "experimental", "developement" or external modules are not valid vulnerabilities).
* The root of web server must link to htdocs and the documents directory must be outside of the web server root (this is the default when using the default installer but may differs with external installer).
* The web server setup must be done so only the documents directory is in write mode. The root directory called htdocs must be readonly.
@ -65,12 +65,12 @@ ONLY vulnerabilities discovered, when the following setup on test platform is us
Scope is the web application (back office) and the APIs.
## Qualifying vulnerabilities for Bug bounty programs
## Qualifying vulnerabilities for reporting
* Remote code execution (RCE)
* Local files access and manipulation (LFI, RFI, XXE, SSRF, XSPA)
* Code injections (HTML, JS, SQL, PHP, ...)
* Cross-Site Scripting (XSS)
* Cross-Site Scripting (XSS), except from setup page of module "External web site" (allowing any content here, editable by admin user only, is accepted on purpose or into module "Web site" when permission to edit website content is allowed).
* Cross-Site Requests Forgery (CSRF) with real security impact (when using GET URLs, CSRF are qualified only for creating, updating or deleting data from pages restricted to admin users)
* Open redirect
* Broken authentication & session management
@ -82,7 +82,7 @@ Scope is the web application (back office) and the APIs.
* Stack traces or path disclosure (for non admin users only)
## Non-qualifying vulnerabilities for Bug bounty programs, but qualified for reporting
## Non-qualifying vulnerabilities for reporting
* "Self" XSS
* SSL/TLS best practices

4
build/pdf/htmldoc_en.book
View File

@ -1,4 +1,4 @@
#HTMLDOC 1.8.27
-t pdf14 -f "../../doc/dolibarr_en.pdf" --webpage --no-title --logoimage "../../doc/images/dolibarr_256x256.png" --linkcolor #2200c0 --linkstyle plain --size Universal --left 0.30in --right 0.30in --top 0.40in --bottom 0.30in --header ... --header1 ... --footer c/d --nup 1 --tocheader ... --tocfooter ... --portrait --color --no-pscommands --no-xrxcomments --compression=9 --jpeg=50 --fontsize 10.0 --fontspacing 1.0 --headingfont Helvetica --bodyfont Helvetica --headfootsize 9.0 --headfootfont Helvetica --charset iso-8859-1 --links --no-embedfonts --pagemode document --pagelayout single --firstpage p1 --pageeffect none --pageduration 10 --effectduration 1.0 --no-encryption --permissions all --owner-password "" --user-password "" --browserwidth 680 --no-strict --no-overflow
http://wiki.dolibarr.org/index.php/Main_Page
http://wiki.dolibarr.org/index.php/What_Dolibarr_Do
https://wiki.dolibarr.org/index.php/Home
https://wiki.dolibarr.org/index.php/What_Dolibarr_Does

2
build/sitemap/README
View File

@ -1,5 +1,5 @@
# Format of sitemap file is available at
# http://www.sitemaps.org/protocol.html
# https://www.sitemaps.org/protocol.html
# To build a sitemap from urllist-bing.txt, run
# google-sitemapgen --config=config-bing.xml --testing

2
composer.json
View File

@ -29,7 +29,7 @@
"ckeditor/ckeditor" : "4.12.1",
"mike42/escpos-php" : "2.2",
"mobiledetect/mobiledetectlib" : "2.8.34",
"phpoffice/phpexcel" : "1.8.1",
"phpoffice/phpexcel" : "1.8.2",
"restler/framework" : "3.0.0-RC6",
"tecnickcom/tcpdf" : "6.3.2",
"nnnick/chartjs" : "^2.9",

57
composer.lock generated
View File

@ -328,6 +328,63 @@
},
"time": "2020-03-23T09:12:05+00:00"
},
{
"name": "phpoffice/phpexcel",
"version": "1.8.2",
"source": {
"type": "git",
"url": "https://github.com/PHPOffice/PHPExcel.git",
"reference": "1441011fb7ecdd8cc689878f54f8b58a6805f870"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/PHPOffice/PHPExcel/zipball/1441011fb7ecdd8cc689878f54f8b58a6805f870",
"reference": "1441011fb7ecdd8cc689878f54f8b58a6805f870",
"shasum": ""
},
"require": {
"ext-mbstring": "*",
"ext-xml": "*",
"ext-xmlwriter": "*",
"php": "^5.2|^7.0"
},
"require-dev": {
"squizlabs/php_codesniffer": "2.*"
},
"type": "library",
"autoload": {
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"LGPL-2.1"
],
"authors": [
{
"name": "Maarten Balliauw",
"homepage": "http://blog.maartenballiauw.be"
},
{
"name": "Erik Tilt"
},
{
"name": "Franck Lefevre",
"homepage": "http://rootslabs.net"
},
{
"name": "Mark Baker",
"homepage": "http://markbakeruk.net"
}
],
"description": "PHPExcel - OpenXML - Read, Create and Write Spreadsheet documents in PHP - Spreadsheet engine",
"homepage": "https://github.com/PHPOffice/PHPExcel",
"keywords": [
"OpenXML",
"excel",
"xlsx"
],
"abandoned": "phpoffice/phpspreadsheet",
"time": "2018-11-22T23:07:24+00:00"
},
{
"name": "restler/framework",
"version": "3.0.0-RC6",

4
dev/initdata/generate-product.php
View File

@ -102,8 +102,8 @@ for ($s = 0; $s < GEN_NUMBER_PRODUIT; $s++) {
$produit->ref = ($produit->type?'S':'P').time().$s;
$produit->label = 'Label '.time().$s;
$produit->description = 'Description '.time().$s;
$produit->price = mt_rand(1, 1000);
$produit->tva_tx = "19.6";
$produit->price = mt_rand(1, 999.99);
$produit->tva_tx = "20.0";
$ret=$produit->create($user);
if ($ret < 0) {
print "Error $ret - ".$produit->error."\n";

2
dev/resources/iso-normes/company_ids.txt
View File

@ -1,2 +1,2 @@
Spain https://incwell.eu/en/company-formation-spain/
France https://www.economie.gouv.fr/entreprises/numeros-identification-entreprise

20
dev/setup/fail2ban/filter.d/web-dolibarr-rulesbruteforce.conf Normal file
View File

@ -0,0 +1,20 @@
# Fail2Ban configuration file
#
# Regexp to catch known spambots and software alike. Please verify
# that it is your intent to block IPs which were driven by
# above mentioned bots.
[Definition]
# To test, you can inject this example into log
# echo `date +'%Y-%m-%d %H:%M:%S'`" INFO 1.2.3.4 functions_dolibarr::check_user_password_abcd Authentication KO" >> /mypath/documents/dolibarr.log
#
# then
# fail2ban-client status web-dol-bruteforce
#
# To test rule file on a existing log file
# fail2ban-regex /mypath/documents/dolibarr.log /etc/fail2ban/filter.d/web-dolibarr-rulesbruteforce.conf
failregex = ^ [A-Z\s]+ <HOST>\s+functions_dolibarr::check_user_password_.* Authentication KO
ignoreregex =

20
dev/setup/fail2ban/filter.d/web-dolibarr-rulespassforgotten.conf Normal file
View File

@ -0,0 +1,20 @@
# Fail2Ban configuration file
#
# Regexp to catch known spambots and software alike. Please verify
# that it is your intent to block IPs which were driven by
# above mentioned bots.
[Definition]
# To test, you can inject this example into log
# echo `date +'%Y-%m-%d %H:%M:%S'`" INFO 1.2.3.4 --- Access to GET /passwordforgotten.php - action=buildnewpassword, massaction=" >> /mypath/documents/dolibarr.log
#
# then
# fail2ban-client status web-dol-passforgotten
#
# To test rule file on a existing log file
# fail2ban-regex /mypath/documents/dolibarr.log /etc/fail2ban/filter.d/web-dolibarr-rulespassforgotten.conf
failregex = ^ [A-Z\s]+ <HOST>\s+--- Access to .*/passwordforgotten.php - action=buildnewpassword
ignoreregex =

28
dev/setup/fail2ban/jail.local Normal file
View File

@ -0,0 +1,28 @@
#
# Examle of rule you can add to fail2ban to restrict bruteforce attacks.
#
[web-dol-passforgotten]
; rule against call of passwordforgottenpage
enabled = true
port = http,https
filter = web-dolibarr-rulespassforgotten
logpath = >> /mypath/documents/documents/dolibarr.log
action = %(action_mw)s
bantime = 4320000 ; 50 days
findtime = 86400 ; 1 day
maxretry = 10
[web-dol-bruteforce]
; rule against bruteforce hacking (login + api)
enabled = true
port = http,https
filter = web-dolibarr-rulesbruteforce
logpath = >> /mypath/documents/documents/dolibarr.log
action = %(action_mw)s
bantime = 86400 ; 1 day
findtime = 3600 ; 1 hour
maxretry = 10

11
doc/user/README-DE.md
View File

@ -6,7 +6,10 @@ Benutzeranleitung
--------------------------------
Alle Dolibarr-Informationen sind online verfuegbar ueber die Webseiten:
https://www.dolibarr.de
oder
https://www.dolibarr.org
https://wiki.dolibarr.org
https://www.dolibarr.de (de) oder https://www.dolibarr.org (intl)
https://wiki.dolibarr.org/index.php/Hauptseite (de)

63
htdocs/accountancy/admin/account.php
View File

@ -45,9 +45,14 @@ $search_label = GETPOST('search_label', 'alpha');
$search_labelshort = GETPOST('search_labelshort', 'alpha');
$search_accountparent = GETPOST('search_accountparent', 'alpha');
$search_pcgtype = GETPOST('search_pcgtype', 'alpha');
$toselect = GETPOST('toselect', 'array');
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$confirm = GETPOST('confirm', 'alpha');
$chartofaccounts = GETPOST('chartofaccounts', 'int');
$permissiontodelete = $user->rights->accounting->chartofaccount;
// Security check
if ($user->socid > 0) {
accessforbidden();
@ -104,7 +109,7 @@ if (!GETPOST('confirmmassaction', 'alpha')) {
}
$parameters = array();
$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been monowraponalldified by some hooks
if ($reshook < 0) {
setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
}
@ -113,7 +118,12 @@ if (empty($reshook)) {
if (!empty($cancel)) {
$action = '';
}
$objectclass = 'AccountingAccount';
$uploaddir = $conf->accounting->multidir_output[$conf->entity];
include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php';
if ($action == "delete") {
$action = "";
}
include DOL_DOCUMENT_ROOT.'/core/actions_changeselectedfields.inc.php';
if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) { // All test are required to be compatible with all browsers
@ -218,7 +228,7 @@ if ($db->type == 'pgsql') {
} else {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as a2 ON a2.rowid = aa.account_parent AND a2.entity = ".$conf->entity;
}
$sql .= " WHERE asy.rowid = ".$pcgver;
$sql .= " WHERE asy.rowid = ".((int) $pcgver);
//print $sql;
if (strlen(trim($search_account))) {
$lengthpaddingaccount = 0;
@ -279,6 +289,16 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) {
}
}
// List of mass actions available
if ($user->rights->accounting->chartofaccount) {
$arrayofmassactions['predelete'] = '<span class="fa fa-trash paddingrightonly"></span>'.$langs->trans("Delete");
}
if (in_array($massaction, array('presend', 'predelete', 'closed'))) {
$arrayofmassactions = array();
}
$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
$arrayofselected = is_array($toselect) ? $toselect : array();
$sql .= $db->plimit($limit + 1, $offset);
dol_syslog('accountancy/admin/account.php:: $sql='.$sql);
@ -338,8 +358,8 @@ if ($resql) {
print '<input type="hidden" name="contextpage" value="'.$contextpage.'">';
$newcardbutton .= dolGetButtonTitle($langs->trans("New"), $langs->trans("Addanaccount"), 'fa fa-plus-circle', './card.php?action=create');
print_barre_liste($langs->trans('ListAccounts'), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num, $nbtotalofrecords, 'title_accountancy', 0, $newcardbutton, '', $limit, 0, 0, 1);
include DOL_DOCUMENT_ROOT.'/core/tpl/massactions_pre.tpl.php';
print_barre_liste($langs->trans('ListAccounts'), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'title_accountancy', 0, $newcardbutton, '', $limit, 0, 0, 1);
// Box to select active chart of account
print $langs->trans("Selectchartofaccounts")." : ";
@ -349,7 +369,7 @@ if ($resql) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON a.fk_country = c.rowid AND c.active = 1";
$sql .= " WHERE a.active = 1";
dol_syslog('accountancy/admin/account.php $sql='.$sql);
print $sql;
$resqlchart = $db->query($sql);
if ($resqlchart) {
$numbis = $db->num_rows($resqlchart);
@ -376,9 +396,9 @@ if ($resql) {
$varpage = empty($contextpage) ? $_SERVER["PHP_SELF"] : $contextpage;
$selectedfields = $form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage); // This also change content of $arrayfields
$selectedfields .= (count($arrayofmassactions) ? $form->showCheckAddButtons('checkforselect', 1) : '');
$moreforfilter = '';
$massactionbutton = '';
print '<div class="div-table-responsive">';
print '<table class="tagtable liste'.($moreforfilter ? " listwithfilterbefore" : "").'">'."\n";
@ -411,34 +431,41 @@ if ($resql) {
print '<td class="liste_titre">&nbsp;</td>';
}
print '<td class="liste_titre maxwidthsearch">';
$searchpicto = $form->showFilterAndCheckAddButtons($massactionbutton ? 1 : 0, 'checkforselect', 1);
$searchpicto = $form->showFilterButtons();
print $searchpicto;
print '</td>';
print '</tr>';
$totalarray = array();
print '<tr class="liste_titre">';
if (!empty($arrayfields['aa.account_number']['checked'])) {
print_liste_field_titre($arrayfields['aa.account_number']['label'], $_SERVER["PHP_SELF"], "aa.account_number", "", $param, '', $sortfield, $sortorder);
$totalarray['nbfield']++;
}
if (!empty($arrayfields['aa.label']['checked'])) {
print_liste_field_titre($arrayfields['aa.label']['label'], $_SERVER["PHP_SELF"], "aa.label", "", $param, '', $sortfield, $sortorder);
$totalarray['nbfield']++;
}
if (!empty($arrayfields['aa.labelshort']['checked'])) {
print_liste_field_titre($arrayfields['aa.labelshort']['label'], $_SERVER["PHP_SELF"], "aa.labelshort", "", $param, '', $sortfield, $sortorder);
$totalarray['nbfield']++;
}
if (!empty($arrayfields['aa.account_parent']['checked'])) {
print_liste_field_titre($arrayfields['aa.account_parent']['label'], $_SERVER["PHP_SELF"], "aa.account_parent", "", $param, '', $sortfield, $sortorder, 'left ');
$totalarray['nbfield']++;
}
if (!empty($arrayfields['aa.pcg_type']['checked'])) {
print_liste_field_titre($arrayfields['aa.pcg_type']['label'], $_SERVER["PHP_SELF"], 'aa.pcg_type', '', $param, '', $sortfield, $sortorder, '', $arrayfields['aa.pcg_type']['help']);
print_liste_field_titre($arrayfields['aa.pcg_type']['label'], $_SERVER["PHP_SELF"], 'aa.pcg_type', '', $param, '', $sortfield, $sortorder, '', $arrayfields['aa.pcg_type']['help'], 1);
$totalarray['nbfield']++;
}
if ($conf->global->MAIN_FEATURES_LEVEL >= 2) {
if (!empty($arrayfields['aa.reconcilable']['checked'])) {
print_liste_field_titre($arrayfields['aa.reconcilable']['label'], $_SERVER["PHP_SELF"], 'aa.reconcilable', '', $param, '', $sortfield, $sortorder);
$totalarray['nbfield']++;
}
}
if (!empty($arrayfields['aa.active']['checked'])) {
print_liste_field_titre($arrayfields['aa.active']['label'], $_SERVER["PHP_SELF"], 'aa.active', '', $param, '', $sortfield, $sortorder);
$totalarray['nbfield']++;
}
print_liste_field_titre($selectedfields, $_SERVER["PHP_SELF"], "", '', '', '', $sortfield, $sortorder, 'center maxwidthsearch ');
print "</tr>\n";
@ -446,7 +473,6 @@ if ($resql) {
$accountstatic = new AccountingAccount($db);
$accountparent = new AccountingAccount($db);
$totalarray = array();
$i = 0;
while ($i < min($num, $limit)) {
$obj = $db->fetch_object($resql);
@ -563,7 +589,7 @@ if ($resql) {
}
// Action
print '<td class="center">';
print '<td class="center nowraponall">';
if ($user->rights->accounting->chartofaccount) {
print '<a class="editfielda" href="./card.php?action=update&token='.newToken().'&id='.$obj->rowid.'&backtopage='.urlencode($_SERVER["PHP_SELF"].'?'.$param).'">';
print img_edit();
@ -572,6 +598,14 @@ if ($resql) {
print '<a class="marginleftonly" href="./card.php?action=delete&token='.newToken().'&id='.$obj->rowid.'&backtopage='.urlencode($_SERVER["PHP_SELF"].'?'.$param).'">';
print img_delete();
print '</a>';
print '&nbsp;';
if ($massactionbutton || $massaction) { // If we are in select mode (massactionbutton defined) or if we have already selected and sent an action ($massaction) defined
$selected = 0;
if (in_array($obj->rowid, $arrayofselected)) {
$selected = 1;
}
print '<input id="cb'.$obj->rowid.'" class="flat checkforselect marginleftonly" type="checkbox" name="toselect[]" value="'.$obj->rowid.'"'.($selected ? ' checked="checked"' : '').'>';
}
}
print '</td>'."\n";
if (!$i) {
@ -582,6 +616,11 @@ if ($resql) {
$i++;
}
if ($num == 0) {
$totalarray['nbfield']++;
print '<tr><td colspan="'.$totalarray['nbfield'].'"><span class="opacitymedium">'.$langs->trans("None").'</span></td></tr>';
}
print "</table>";
print "</div>";
print '</form>';

4
htdocs/accountancy/admin/accountmodel.php
View File

@ -180,10 +180,6 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
}
}
// Other checks
if ($tabname[$id] == MAIN_DB_PREFIX."c_actioncomm" && GETPOSTISSET("type") && in_array($_POST["type"], array('system', 'systemauto'))) {
$ok = 0;
setEventMessages($langs->transnoentities('ErrorReservedTypeSystemSystemAuto'), null, 'errors');
}
if (GETPOSTISSET("pcg_version")) {
if (GETPOST("pcg_version") == '0') {
$ok = 0;

2
htdocs/accountancy/admin/categories.php
View File

@ -32,9 +32,7 @@ $error = 0;
// Load translation files required by the page
$langs->loadLangs(array("bills", "accountancy"));
$mesg = '';
$id = GETPOST('id', 'int');
$rowid = GETPOST('rowid', 'int');
$cancel = GETPOST('cancel', 'alpha');
$action = GETPOST('action', 'aZ09');
$cat_id = GETPOST('account_category', 'int');

8
htdocs/accountancy/admin/categories_list.php
View File

@ -149,7 +149,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
// Check that all fields are filled
$ok = 1;
foreach ($listfield as $f => $value) {
if ($value == 'formula' && empty($_POST['formula'])) {
if ($value == 'formula' && !GETPOST('formula')) {
continue;
}
if ($value == 'range_account' && empty($_POST['range_account'])) {
@ -185,7 +185,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
}
}
if (GETPOSTISSET("code")) {
if ($_POST["code"] == '0') {
if (GETPOST("code") == '0') {
$ok = 0;
setEventMessages($langs->transnoentities('ErrorCodeCantContainZero'), null, 'errors');
}
@ -247,7 +247,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
if ($_POST[$listfieldvalue[$i]] == '' && !$listfieldvalue[$i] == 'formula') {
$sql .= "null"; // For vat, we want/accept code = ''
} else {
$sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'";
$sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'";
}
$i++;
}
@ -787,7 +787,7 @@ if ($id) {
$class = 'tddict';
// Show value for field
if ($showfield) {
print '<!-- '.$fieldlist[$field].' --><td class="'.$class.'">'.$valuetoshow.'</td>';
print '<!-- '.$fieldlist[$field].' --><td class="'.$class.'">'.dol_escape_htmltag($valuetoshow).'</td>';
}
}
}

4
htdocs/accountancy/admin/fiscalyear_card.php
View File

@ -121,8 +121,8 @@ if ($action == 'confirm_delete' && $confirm == "yes") {
if (!GETPOST('cancel', 'alpha')) {
$result = $object->fetch($id);
$object->date_start = empty($_POST["fiscalyear"]) ? '' : $date_start;
$object->date_end = empty($_POST["fiscalyearend"]) ? '' : $date_end;
$object->date_start = GETPOST("fiscalyear") ? $date_start : '';
$object->date_end = GETPOST("fiscalyearend") ? $date_end : '';
$object->label = GETPOST('label', 'alpha');
$object->statut = GETPOST('statut', 'int');

2
htdocs/accountancy/admin/index.php
View File

@ -81,7 +81,7 @@ if ($action == 'update') {
$constvalue = GETPOST($constname, 'alpha');
if ($constname == 'ACCOUNTING_DATE_START_BINDING') {
$constvalue = dol_mktime(12, 0, 0, GETPOST($constname.'month', 'int'), GETPOST($constname.'day', 'int'), GETPOST($constname.'year', 'int'));
$constvalue = dol_mktime(0, 0, 0, GETPOST($constname.'month', 'int'), GETPOST($constname.'day', 'int'), GETPOST($constname.'year', 'int'));
}
if (!dolibarr_set_const($db, $constname, $constvalue, 'chaine', 0, '', $conf->entity)) {

140
htdocs/accountancy/admin/productaccount.php
View File

@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2013-2014 Olivier Geffroy <jeff@jeffinfo.com>
* Copyright (C) 2013-2020 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2013-2021 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2014 Florian Henry <florian.henry@open-concept.pro>
* Copyright (C) 2014 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2015 Ari Elbaz (elarifr) <github@accedinfo.com>
@ -98,6 +98,28 @@ if (empty($action)) {
$arrayfields = array();
$accounting_product_modes = array(
'ACCOUNTANCY_SELL',
'ACCOUNTANCY_SELL_INTRA',
'ACCOUNTANCY_SELL_EXPORT',
'ACCOUNTANCY_BUY',
'ACCOUNTANCY_BUY_INTRA',
'ACCOUNTANCY_BUY_EXPORT'
);
if ($accounting_product_mode == 'ACCOUNTANCY_BUY') {
$accountancy_field_name = "accountancy_code_buy";
} elseif ($accounting_product_mode == 'ACCOUNTANCY_BUY_INTRA') {
$accountancy_field_name = "accountancy_code_buy_intra";
} elseif ($accounting_product_mode == 'ACCOUNTANCY_BUY_EXPORT') {
$accountancy_field_name = "accountancy_code_buy_export";
} elseif ($accounting_product_mode == 'ACCOUNTANCY_SELL') {
$accountancy_field_name = "accountancy_code_sell";
} elseif ($accounting_product_mode == 'ACCOUNTANCY_SELL_INTRA') {
$accountancy_field_name = "accountancy_code_sell_intra";
} else { // $accounting_product_mode == 'ACCOUNTANCY_SELL_EXPORT'
$accountancy_field_name = "accountancy_code_sell_export";
}
/*
* Actions
@ -133,15 +155,6 @@ if ($action == 'update') {
if (!empty($btn_changetype)) {
$error = 0;
$accounting_product_modes = array(
'ACCOUNTANCY_SELL',
'ACCOUNTANCY_SELL_INTRA',
'ACCOUNTANCY_SELL_EXPORT',
'ACCOUNTANCY_BUY',
'ACCOUNTANCY_BUY_INTRA',
'ACCOUNTANCY_BUY_EXPORT'
);
if (in_array($accounting_product_mode, $accounting_product_modes)) {
if (!dolibarr_set_const($db, 'ACCOUNTING_PRODUCT_MODE', $accounting_product_mode, 'chaine', 0, '', $conf->entity)) {
$error++;
@ -153,7 +166,7 @@ if ($action == 'update') {
if (!empty($btn_changeaccount)) {
//$msg = '<div><span class="accountingprocessing">' . $langs->trans("Processing") . '...</span></div>';
if (!empty($chk_prod)) {
if (!empty($chk_prod) && in_array($accounting_product_mode, $accounting_product_modes)) {
$accounting = new AccountingAccount($db);
//$msg .= '<div><span class="accountingprocessing">' . count($chk_prod) . ' ' . $langs->trans("SelectedLines") . '</span></div>';
@ -175,26 +188,15 @@ if ($action == 'update') {
} else {
$db->begin();
$sql = " UPDATE ".MAIN_DB_PREFIX."product";
if ($accounting_product_mode == 'ACCOUNTANCY_BUY') {
$sql .= " SET accountancy_code_buy = ".$accounting->account_number;
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql = "INSERT INTO ".MAIN_DB_PREFIX."product_perentity (fk_product, entity, '".$db->escape($accountancy_field_name)."')";
$sql .= " VALUES (".((int) $productid).", ".((int) $conf->entity).", '".$db->escape($accounting->account_number)."')";
$sql .= " ON DUPLICATE KEY UPDATE ".$accountancy_field_name." = '".$db->escape($accounting->account_number)."'";
} else {
$sql = " UPDATE ".MAIN_DB_PREFIX."product";
$sql .= " SET ".$accountancy_field_name." = '".$db->escape($accounting->account_number)."'";
$sql .= " WHERE rowid = ".((int) $productid);
}
if ($accounting_product_mode == 'ACCOUNTANCY_BUY_INTRA') {
$sql .= " SET accountancy_code_buy_intra = ".$accounting->account_number;
}
if ($accounting_product_mode == 'ACCOUNTANCY_BUY_EXPORT') {
$sql .= " SET accountancy_code_buy_export = ".$accounting->account_number;
}
if ($accounting_product_mode == 'ACCOUNTANCY_SELL') {
$sql .= " SET accountancy_code_sell = ".$accounting->account_number;
}
if ($accounting_product_mode == 'ACCOUNTANCY_SELL_INTRA') {
$sql .= " SET accountancy_code_sell_intra = ".$accounting->account_number;
}
if ($accounting_product_mode == 'ACCOUNTANCY_SELL_EXPORT') {
$sql .= " SET accountancy_code_sell_export = ".$accounting->account_number;
}
$sql .= " WHERE rowid = ".((int) $productid);
dol_syslog("/accountancy/admin/productaccount.php sql=".$sql, LOG_DEBUG);
if ($db->query($sql)) {
@ -267,50 +269,25 @@ if (empty($pcgvercode)) {
}
$sql = "SELECT p.rowid, p.ref, p.label, p.description, p.tosell, p.tobuy, p.tva_tx,";
$sql .= " p.accountancy_code_sell, p.accountancy_code_sell_intra, p.accountancy_code_sell_export,";
$sql .= " p.accountancy_code_buy, p.accountancy_code_buy_intra, p.accountancy_code_buy_export,";
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql .= " pa.accountancy_code_sell, pa.accountancy_code_sell_intra, pa.accountancy_code_sell_export,";
$sql .= " pa.accountancy_code_buy, pa.accountancy_code_buy_intra, pa.accountancy_code_buy_export,";
} else {
$sql .= " p.accountancy_code_sell, p.accountancy_code_sell_intra, p.accountancy_code_sell_export,";
$sql .= " p.accountancy_code_buy, p.accountancy_code_buy_intra, p.accountancy_code_buy_export,";
}
$sql .= " p.tms, p.fk_product_type as product_type,";
$sql .= " aa.rowid as aaid";
$sql .= " FROM ".MAIN_DB_PREFIX."product as p";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON";
if ($accounting_product_mode == 'ACCOUNTANCY_BUY') {
$sql .= " p.accountancy_code_buy = aa.account_number AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'";
} elseif ($accounting_product_mode == 'ACCOUNTANCY_BUY_INTRA') {
$sql .= " p.accountancy_code_buy_intra = aa.account_number AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'";
} elseif ($accounting_product_mode == 'ACCOUNTANCY_BUY_EXPORT') {
$sql .= " p.accountancy_code_buy_export = aa.account_number AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'";
} elseif ($accounting_product_mode == 'ACCOUNTANCY_SELL') {
$sql .= " p.accountancy_code_sell = aa.account_number AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'";
} elseif ($accounting_product_mode == 'ACCOUNTANCY_SELL_INTRA') {
$sql .= " p.accountancy_code_sell_intra = aa.account_number AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'";
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa ON aa.account_number = pa." . $accountancy_field_name . " AND aa.fk_pcg_version = '" . $db->escape($pcgvercode) . "'";
} else {
$sql .= " p.accountancy_code_sell_export = aa.account_number AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'";
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa ON aa.account_number = p." . $accountancy_field_name . " AND aa.fk_pcg_version = '" . $db->escape($pcgvercode) . "'";
}
$sql .= ' WHERE p.entity IN ('.getEntity('product').')';
if ($accounting_product_mode == 'ACCOUNTANCY_BUY') {
if (strlen(trim($search_current_account))) {
$sql .= natural_search("p.accountancy_code_buy", $search_current_account);
}
} elseif ($accounting_product_mode == 'ACCOUNTANCY_BUY_INTRA') {
if (strlen(trim($search_current_account))) {
$sql .= natural_search("p.accountancy_code_buy_intra", $search_current_account);
}
} elseif ($accounting_product_mode == 'ACCOUNTANCY_BUY_EXPORT') {
if (strlen(trim($search_current_account))) {
$sql .= natural_search("p.accountancy_code_buy_export", $search_current_account);
}
} elseif ($accounting_product_mode == 'ACCOUNTANCY_SELL') {
if (strlen(trim($search_current_account))) {
$sql .= natural_search("p.accountancy_code_sell", $search_current_account);
}
} elseif ($accounting_product_mode == 'ACCOUNTANCY_SELL_INTRA') {
if (strlen(trim($search_current_account))) {
$sql .= natural_search("p.accountancy_code_sell_intra", $search_current_account);
}
} else {
if (strlen(trim($search_current_account))) {
$sql .= natural_search("p.accountancy_code_sell_export", $search_current_account);
}
if (strlen(trim($search_current_account))) {
$sql .= natural_search((empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p." : "pa.") . $accountancy_field_name, $search_current_account);
}
if ($search_current_account_valid == 'withoutvalidaccount') {
$sql .= " AND aa.account_number IS NULL";
@ -459,7 +436,7 @@ if ($result) {
// On sell
if ($accounting_product_mode == 'ACCOUNTANCY_SELL' || $accounting_product_mode == 'ACCOUNTANCY_SELL_INTRA' || $accounting_product_mode == 'ACCOUNTANCY_SELL_EXPORT') {
print '<td class="liste_titre center">'.$form->selectyesno('search_onsell', $search_onsell, 1, false, 1).'</td>';
} elseif ($accounting_product_mode == 'ACCOUNTANCY_BUY' || $accounting_product_mode == 'ACCOUNTANCY_BUY_INTRA' || $accounting_product_mode == 'ACCOUNTANCY_BUY_EXPORT') {
} else {
// On buy
print '<td class="liste_titre center">'.$form->selectyesno('search_onpurchase', $search_onpurchase, 1, false, 1).'</td>';
}
@ -484,26 +461,12 @@ if ($result) {
}
print_liste_field_titre("VATRate", $_SERVER["PHP_SELF"], "p.tva_tx", "", $param, '', $sortfield, $sortorder, 'right ');
// On sell / On purchase
if ($accounting_product_mode == 'ACCOUNTANCY_SELL') {
if ($accounting_product_mode == 'ACCOUNTANCY_SELL' || $accounting_product_mode == 'ACCOUNTANCY_SELL_INTRA' || $accounting_product_mode == 'ACCOUNTANCY_SELL_EXPORT') {
print_liste_field_titre("OnSell", $_SERVER["PHP_SELF"], "p.tosell", "", $param, '', $sortfield, $sortorder, 'center ');
$fieldtosortaccount = "p.accountancy_code_sell";
} elseif ($accounting_product_mode == 'ACCOUNTANCY_SELL_INTRA') {
print_liste_field_titre("OnSell", $_SERVER["PHP_SELF"], "p.tosell", "", $param, '', $sortfield, $sortorder, 'center ');
$fieldtosortaccount = "p.accountancy_code_sell_intra";
} elseif ($accounting_product_mode == 'ACCOUNTANCY_SELL_EXPORT') {
print_liste_field_titre("OnSell", $_SERVER["PHP_SELF"], "p.tosell", "", $param, '', $sortfield, $sortorder, 'center ');
$fieldtosortaccount = "p.accountancy_code_sell_export";
} elseif ($accounting_product_mode == 'ACCOUNTANCY_BUY') {
} else {
print_liste_field_titre("OnBuy", $_SERVER["PHP_SELF"], "p.tobuy", "", $param, '', $sortfield, $sortorder, 'center ');
$fieldtosortaccount = "p.accountancy_code_buy";
} elseif ($accounting_product_mode == 'ACCOUNTANCY_BUY_INTRA') {
print_liste_field_titre("OnBuy", $_SERVER["PHP_SELF"], "p.tobuy", "", $param, '', $sortfield, $sortorder, 'center ');
$fieldtosortaccount = "p.accountancy_code_buy_intra";
} elseif ($accounting_product_mode == 'ACCOUNTANCY_BUY_EXPORT') {
print_liste_field_titre("OnBuy", $_SERVER["PHP_SELF"], "p.tobuy", "", $param, '', $sortfield, $sortorder, 'center ');
$fieldtosortaccount = "p.accountancy_code_buy_export";
}
print_liste_field_titre("CurrentDedicatedAccountingAccount", $_SERVER["PHP_SELF"], $fieldtosortaccount, "", $param, '', $sortfield, $sortorder);
print_liste_field_titre("CurrentDedicatedAccountingAccount", $_SERVER["PHP_SELF"], (empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p." : "pa.") . $accountancy_field_name, "", $param, '', $sortfield, $sortorder);
print_liste_field_titre("AssignDedicatedAccountingAccount");
$clickpitco = $form->showCheckAddButtons('checkforselect', 1);
print_liste_field_titre($clickpitco, '', '', '', '', '', '', '', 'center ');
@ -607,11 +570,10 @@ if ($result) {
print vatrate($obj->tva_tx);
print '</td>';
// On sell / On purchase
if ($accounting_product_mode == 'ACCOUNTANCY_SELL' || $accounting_product_mode == 'ACCOUNTANCY_SELL_INTRA' || $accounting_product_mode == 'ACCOUNTANCY_SELL_EXPORT') {
print '<td class="center">'.$product_static->getLibStatut(3, 0).'</td>';
}
if ($accounting_product_mode == 'ACCOUNTANCY_BUY' || $accounting_product_mode == 'ACCOUNTANCY_BUY_INTRA' || $accounting_product_mode == 'ACCOUNTANCY_BUY_EXPORT') {
} else {
print '<td class="center">'.$product_static->getLibStatut(3, 1).'</td>';
}

18
htdocs/accountancy/bookkeeping/list.php
View File

@ -45,12 +45,12 @@ $search_mvt_num = GETPOST('search_mvt_num', 'int');
$search_doc_type = GETPOST("search_doc_type", 'alpha');
$search_doc_ref = GETPOST("search_doc_ref", 'alpha');
$search_date_start = dol_mktime(0, 0, 0, GETPOST('search_date_startmonth', 'int'), GETPOST('search_date_startday', 'int'), GETPOST('search_date_startyear', 'int'));
$search_date_end = dol_mktime(0, 0, 0, GETPOST('search_date_endmonth', 'int'), GETPOST('search_date_endday', 'int'), GETPOST('search_date_endyear', 'int'));
$search_date_end = dol_mktime(23, 59, 59, GETPOST('search_date_endmonth', 'int'), GETPOST('search_date_endday', 'int'), GETPOST('search_date_endyear', 'int'));
$search_doc_date = dol_mktime(0, 0, 0, GETPOST('doc_datemonth', 'int'), GETPOST('doc_dateday', 'int'), GETPOST('doc_dateyear', 'int'));
$search_date_creation_start = dol_mktime(0, 0, 0, GETPOST('date_creation_startmonth', 'int'), GETPOST('date_creation_startday', 'int'), GETPOST('date_creation_startyear', 'int'));
$search_date_creation_end = dol_mktime(0, 0, 0, GETPOST('date_creation_endmonth', 'int'), GETPOST('date_creation_endday', 'int'), GETPOST('date_creation_endyear', 'int'));
$search_date_creation_end = dol_mktime(23, 59, 59, GETPOST('date_creation_endmonth', 'int'), GETPOST('date_creation_endday', 'int'), GETPOST('date_creation_endyear', 'int'));
$search_date_modification_start = dol_mktime(0, 0, 0, GETPOST('date_modification_startmonth', 'int'), GETPOST('date_modification_startday', 'int'), GETPOST('date_modification_startyear', 'int'));
$search_date_modification_end = dol_mktime(0, 0, 0, GETPOST('date_modification_endmonth', 'int'), GETPOST('date_modification_endday', 'int'), GETPOST('date_modification_endyear', 'int'));
$search_date_modification_end = dol_mktime(23, 59, 59, GETPOST('date_modification_endmonth', 'int'), GETPOST('date_modification_endday', 'int'), GETPOST('date_modification_endyear', 'int'));
$search_date_export_start = dol_mktime(0, 0, 0, GETPOST('date_export_startmonth', 'int'), GETPOST('date_export_startday', 'int'), GETPOST('date_export_startyear', 'int'));
$search_date_export_end = dol_mktime(0, 0, 0, GETPOST('date_export_endmonth', 'int'), GETPOST('date_export_endday', 'int'), GETPOST('date_export_endyear', 'int'));
$search_date_validation_start = dol_mktime(0, 0, 0, GETPOST('date_validation_startmonth', 'int'), GETPOST('date_validation_startday', 'int'), GETPOST('date_validation_startyear', 'int'));
@ -538,7 +538,7 @@ if ($action == 'export_fileconfirm' && $user->rights->accounting->mouvements->ex
$sql = " UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping";
$sql .= " SET date_export = '".$db->idate($now)."'";
$sql .= " , date_validated = '".$db->idate($now)."'";
$sql .= " WHERE rowid = ".$movement->id;
$sql .= " WHERE rowid = ".((int) $movement->id);
dol_syslog("/accountancy/bookeeping/list.php Function export_file Specify movements as exported sql=".$sql, LOG_DEBUG);
$result = $db->query($sql);
@ -745,7 +745,9 @@ if (!empty($arrayfields['t.piece_num']['checked'])) {
}
// Code journal
if (!empty($arrayfields['t.code_journal']['checked'])) {
print '<td class="liste_titre center"><input type="text" name="search_ledger_code" size="3" value="'.(is_array($search_ledger_code) ? join('|', $search_ledger_code) : $search_ledger_code).'"></td>';
print '<td class="liste_titre center">';
print $formaccounting->multi_select_journal($search_ledger_code, 'search_ledger_code', 0, 1, 1, 1);
print '</td>';
}
// Date document
if (!empty($arrayfields['t.doc_date']['checked'])) {
@ -766,12 +768,10 @@ if (!empty($arrayfields['t.doc_ref']['checked'])) {
if (!empty($arrayfields['t.numero_compte']['checked'])) {
print '<td class="liste_titre">';
print '<div class="nowrap">';
print $langs->trans('From').' ';
print $formaccounting->select_account($search_accountancy_code_start, 'search_accountancy_code_start', 1, array(), 1, 1, 'maxwidth200');
print $formaccounting->select_account($search_accountancy_code_start, 'search_accountancy_code_start', $langs->trans('From'), array(), 1, 1, 'maxwidth200', 1);
print '</div>';
print '<div class="nowrap">';
print $langs->trans('to').' ';
print $formaccounting->select_account($search_accountancy_code_end, 'search_accountancy_code_end', 1, array(), 1, 1, 'maxwidth200');
print $formaccounting->select_account($search_accountancy_code_end, 'search_accountancy_code_end', $langs->trans('to'), array(), 1, 1, 'maxwidth200', 1);
print '</div>';
print '</td>';
}

2
htdocs/accountancy/bookkeeping/listbyaccount.php
View File

@ -46,7 +46,7 @@ $search_date_endyear = GETPOST('search_date_endyear', 'int');
$search_date_endmonth = GETPOST('search_date_endmonth', 'int');
$search_date_endday = GETPOST('search_date_endday', 'int');
$search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear);
$search_date_end = dol_mktime(0, 0, 0, $search_date_endmonth, $search_date_endday, $search_date_endyear);
$search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear);
$search_doc_date = dol_mktime(0, 0, 0, GETPOST('doc_datemonth', 'int'), GETPOST('doc_dateday', 'int'), GETPOST('doc_dateyear', 'int'));
$search_date_export_startyear = GETPOST('search_date_export_startyear', 'int');
$search_date_export_startmonth = GETPOST('search_date_export_startmonth', 'int');

6
htdocs/accountancy/class/accountancycategory.class.php
View File

@ -428,7 +428,7 @@ class AccountancyCategory // extends CommonObject
global $conf;
$sql = "SELECT t.rowid, t.account_number, t.label";
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as t";
$sql .= " WHERE t.fk_accounting_category = ".$id;
$sql .= " WHERE t.fk_accounting_category = ".((int) $id);
$sql .= " AND t.entity = ".$conf->entity;
$this->lines_display = array();
@ -743,7 +743,7 @@ class AccountancyCategory // extends CommonObject
}
$listofaccount .= "'".$cptcursor."'";
}
$sql .= " AND t.numero_compte IN (".$listofaccount.")";
$sql .= " AND t.numero_compte IN (".$this->db->sanitize($listofaccount).")";
} else {
$sql .= " AND t.numero_compte = '".$this->db->escape($cpt)."'";
}
@ -863,7 +863,7 @@ class AccountancyCategory // extends CommonObject
if (!empty($cat_id)) {
$sql = "SELECT t.rowid, t.account_number, t.label as account_label";
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as t";
$sql .= " WHERE t.fk_accounting_category = ".$cat_id;
$sql .= " WHERE t.fk_accounting_category = ".((int) $cat_id);
$sql .= " AND t.entity = ".$conf->entity;
$sql .= " ORDER BY t.account_number";
} else {

4
htdocs/accountancy/class/accountancyexport.class.php
View File

@ -1644,7 +1644,7 @@ class AccountancyExport
// Get new customer invoice ref and company name
$sql = 'SELECT f.ref, s.nom FROM ' . MAIN_DB_PREFIX . 'facture as f';
$sql .= ' LEFT JOIN ' . MAIN_DB_PREFIX . 'societe AS s ON f.fk_soc = s.rowid';
$sql .= ' WHERE f.rowid = ' . $line->fk_doc;
$sql .= ' WHERE f.rowid = '.((int) $line->fk_doc);
$resql = $this->db->query($sql);
if ($resql) {
if ($obj = $this->db->fetch_object($resql)) {
@ -1658,7 +1658,7 @@ class AccountancyExport
// Get new supplier invoice ref and company name
$sql = 'SELECT ff.ref, s.nom FROM ' . MAIN_DB_PREFIX . 'facture_fourn as ff';
$sql .= ' LEFT JOIN ' . MAIN_DB_PREFIX . 'societe AS s ON ff.fk_soc = s.rowid';
$sql .= ' WHERE ff.rowid = ' . $line->fk_doc;
$sql .= ' WHERE ff.rowid = '.((int) $line->fk_doc);
$resql = $this->db->query($sql);
if ($resql) {
if ($obj = $this->db->fetch_object($resql)) {

101
htdocs/accountancy/class/accountancyimport.class.php Normal file
View File

@ -0,0 +1,101 @@
<?php
/*
* Copyright (C) 2007-2012 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2014 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2015 Florian Henry <florian.henry@open-concept.pro>
* Copyright (C) 2015 Raphaël Doursenaud <rdoursenaud@gpcsolutions.fr>
* Copyright (C) 2016 Pierre-Henry Favre <phf@atm-consulting.fr>
* Copyright (C) 2016-2020 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2013-2017 Olivier Geffroy <jeff@jeffinfo.com>
* Copyright (C) 2017 Elarifr. Ari Elbaz <github@accedinfo.com>
* Copyright (C) 2017-2019 Frédéric France <frederic.france@netlogic.fr>
* Copyright (C) 2017 André Schild <a.schild@aarboard.ch>
* Copyright (C) 2020 Guillaume Alexandre <guillaume@tag-info.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
/**
* \file htdocs/accountancy/class/accountancyimport.class.php
* \ingroup Accountancy (Double entries)
* \brief Class accountancy import
*/
/**
* Manage the different format accountancy import
*/
class AccountancyImport
{
/**
* Compute amount
*
* @param array $arrayrecord Array of read values: [fieldpos] => (['val']=>val, ['type']=>-1=null,0=blank,1=string), [fieldpos+1]...
* @param string $fieldname Field name with alias
* @param array $listfields Fields list to add
* @param array $listvalues Values list to add
* @return int <0 if KO, >0 if OK
*/
public function computeAmount(&$arrayrecord, $fieldname, &$listfields, &$listvalues)
{
$fieldArr = explode('.', $fieldname);
if (count($fieldArr) > 0) {
$fieldname = $fieldArr[1];
}
$debit = trim($arrayrecord[11]['val']);
$credit = trim($arrayrecord[12]['val']);
if (!empty($debit)) {
$amount = $debit;
} else {
$amount = $credit;
}
$listfields[] = $fieldname;
$listvalues[] = "'" . abs($amount) . "'";
return 1;
}
/**
* Compute sens
*
* @param array $arrayrecord Array of read values: [fieldpos] => (['val']=>val, ['type']=>-1=null,0=blank,1=string), [fieldpos+1]...
* @param string $fieldname Field name with alias
* @param array $listfields Fields list to add
* @param array $listvalues Values list to add
* @return int <0 if KO, >0 if OK
*/
public function computeDirection(&$arrayrecord, $fieldname, &$listfields, &$listvalues)
{
$fieldArr = explode('.', $fieldname);
if (count($fieldArr) > 0) {
$fieldname = $fieldArr[1];
}
$debit = trim($arrayrecord[11]['val']);
if (!empty($debit)) {
$sens = 'D';
} else {
$sens = 'C';
}
$listfields[] = $fieldname;
$listvalues[] = "'" . $sens . "'";
return 1;
}
}

7
htdocs/accountancy/class/bookkeeping.class.php
View File

@ -199,7 +199,7 @@ class BookKeeping extends CommonObject
$error = 0;
// Clean parameters
// Clean parameters</center>
if (isset($this->doc_type)) {
$this->doc_type = trim($this->doc_type);
}
@ -294,7 +294,10 @@ class BookKeeping extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element;
$sql .= " WHERE doc_type = '".$this->db->escape($this->doc_type)."'";
$sql .= " AND fk_doc = ".$this->fk_doc;
//$sql .= " AND fk_docdet = " . $this->fk_docdet; // This field can be 0 if record is for several lines
if (!empty($conf->global->ACCOUNTANCY_ENABLE_FKDOCDET)) {
// DO NOT USE THIS IN PRPDUCTION. This will generate a lot of trouble into reports and will corrupt database (by generating duplicate entries.
$sql .= " AND fk_docdet = " . $this->fk_docdet; // This field can be 0 if record is for several lines
}
$sql .= " AND numero_compte = '".$this->db->escape($this->numero_compte)."'";
$sql .= " AND label_operation = '".$this->db->escape($this->label_operation)."'";
$sql .= " AND entity IN (".getEntity('accountancy').")";

8
htdocs/accountancy/class/lettering.class.php
View File

@ -126,7 +126,7 @@ class Lettering extends BookKeeping
if (count($ids_fact)) {
$sql = 'SELECT bk.rowid, facf.ref, facf.ref_supplier ';
$sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn facf ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_bookkeeping as bk ON( bk.fk_doc = facf.rowid AND facf.rowid IN (".implode(',', $ids_fact)."))";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_bookkeeping as bk ON( bk.fk_doc = facf.rowid AND facf.rowid IN (".$this->db->sanitize(implode(',', $ids_fact))."))";
$sql .= " WHERE bk.code_journal IN (SELECT code FROM ".MAIN_DB_PREFIX."accounting_journal WHERE nature=3 AND entity=".$conf->entity.") ";
$sql .= " AND facf.entity = ".$conf->entity;
$sql .= " AND ( ";
@ -185,7 +185,7 @@ class Lettering extends BookKeeping
if (count($ids_fact)) {
$sql = 'SELECT bk.rowid, fac.ref, fac.ref_supplier ';
$sql .= " FROM ".MAIN_DB_PREFIX."facture fac ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_bookkeeping as bk ON( bk.fk_doc = fac.rowid AND fac.rowid IN (".implode(',', $ids_fact)."))";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_bookkeeping as bk ON( bk.fk_doc = fac.rowid AND fac.rowid IN (".$this->db->sanitize(implode(',', $ids_fact))."))";
$sql .= " WHERE code_journal IN (SELECT code FROM ".MAIN_DB_PREFIX."accounting_journal WHERE nature=2 AND entity=".$conf->entity.") ";
$sql .= " AND fac.entity IN (".getEntity('invoice', 0).")"; // We don't share object for accountancy
$sql .= " AND ( ";
@ -255,7 +255,7 @@ class Lettering extends BookKeeping
}
$sql = "SELECT SUM(ABS(debit)) as deb, SUM(ABS(credit)) as cred FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE ";
$sql .= " rowid IN (".implode(',', $ids).") AND date_validated IS NULL";
$sql .= " rowid IN (".$this->db->sanitize(implode(',', $ids)).") AND date_validated IS NULL";
$result = $this->db->query($sql);
if ($result) {
$obj = $this->db->fetch_object($result);
@ -276,7 +276,7 @@ class Lettering extends BookKeeping
$sql = "UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping SET";
$sql .= " lettering_code='".$this->db->escape($lettre)."'";
$sql .= " , date_lettering = '".$this->db->idate($now)."'"; // todo correct date it's false
$sql .= " WHERE rowid IN (".implode(',', $ids).") AND date_validated IS NULL ";
$sql .= " WHERE rowid IN (".$this->db->sanitize(implode(',', $ids)).") AND date_validated IS NULL ";
$this->db->begin();
dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG);

6
htdocs/accountancy/closure/index.php
View File

@ -91,9 +91,9 @@ if ($action == 'validate_movements_confirm' && !empty($user->rights->accounting-
$sql = " UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping";
$sql .= " SET date_validated = '".$db->idate($now)."'";
$sql .= " WHERE rowid = ".$movement->id;
$sql .= " AND doc_date >= '" . dol_print_date($date_start, 'dayrfc') . "'";
$sql .= " AND doc_date <= '" . dol_print_date($date_end, 'dayrfc') . "'";
$sql .= " WHERE rowid = ".((int) $movement->id);
$sql .= " AND doc_date >= '" . $db->idate($date_start) . "'";
$sql .= " AND doc_date <= '" . $db->idate($date_end) . "'";
dol_syslog("/accountancy/closure/index.php :: Function validate_movement_confirm Specify movements as validated sql=".$sql, LOG_DEBUG);
$result = $db->query($sql);

14
htdocs/accountancy/customer/card.php
View File

@ -1,7 +1,7 @@
<?php
/* Copyright (C) 2013-2014 Olivier Geffroy <jeff@jeffinfo.com>
* Copyright (C) 2013-2014 Florian Henry <florian.henry@open-concept.pro>
* Copyright (C) 2013-2017 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2013-2021 Alexandre Spangaro <aspangaro@open-dsi.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -61,7 +61,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) {
}
$sql = " UPDATE ".MAIN_DB_PREFIX."facturedet";
$sql .= " SET fk_code_ventilation = ".$codeventil;
$sql .= " SET fk_code_ventilation = ".((int) $codeventil);
$sql .= " WHERE rowid = ".((int) $id);
$resql = $db->query($sql);
@ -100,10 +100,18 @@ $formaccounting = new FormAccounting($db);
if (!empty($id)) {
$sql = "SELECT f.ref, f.rowid as facid, l.fk_product, l.description, l.price,";
$sql .= " l.qty, l.rowid, l.tva_tx, l.remise_percent, l.subprice, p.accountancy_code_sell as code_sell,";
$sql .= " l.qty, l.rowid, l.tva_tx, l.remise_percent, l.subprice,";
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql .= " pa.accountancy_code_sell as code_sell,";
} else {
$sql .= " p.accountancy_code_sell as code_sell,";
}
$sql .= " l.fk_code_ventilation, aa.account_number, aa.label";
$sql .= " FROM ".MAIN_DB_PREFIX."facturedet as l";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product";
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
}
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON l.fk_code_ventilation = aa.rowid";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."facture as f ON f.rowid = l.fk_facture";
$sql .= " WHERE f.fk_statut > 0 AND l.rowid = ".((int) $id);

33
htdocs/accountancy/customer/index.php
View File

@ -1,7 +1,7 @@
<?php
/* Copyright (C) 2013 Olivier Geffroy <jeff@jeffinfo.com>
* Copyright (C) 2013-2014 Florian Henry <florian.henry@open-concept.pro>
* Copyright (C) 2013-2020 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2013-2021 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2014 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
*
@ -125,19 +125,34 @@ if ($action == 'validatehistory') {
$sql = "SELECT f.rowid as facid, f.ref as ref, f.datef, f.type as ftype,";
$sql .= " l.rowid, l.fk_product, l.description, l.total_ht, l.fk_code_ventilation, l.product_type as type_l, l.tva_tx as tva_tx_line, l.vat_src_code,";
$sql .= " p.rowid as product_id, p.ref as product_ref, p.label as product_label, p.fk_product_type as type, p.tva_tx as tva_tx_prod,";
$sql .= " p.accountancy_code_sell as code_sell, p.accountancy_code_sell_intra as code_sell_intra, p.accountancy_code_sell_export as code_sell_export,";
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql .= " pa.accountancy_code_sell as code_sell, pa.accountancy_code_sell_intra as code_sell_intra, pa.accountancy_code_sell_export as code_sell_export,";
} else {
$sql .= " p.accountancy_code_sell as code_sell, p.accountancy_code_sell_intra as code_sell_intra, p.accountancy_code_sell_export as code_sell_export,";
}
$sql .= " aa.rowid as aarowid, aa2.rowid as aarowid_intra, aa3.rowid as aarowid_export, aa4.rowid as aarowid_thirdparty,";
$sql .= " co.code as country_code, co.label as country_label,";
$sql .= " s.tva_intra, s.accountancy_code_sell as company_code_sell";
$sql .= " s.tva_intra,";
if (!empty($conf->global->ACCOUNTANCY_COMPANY_SHARED)) {
$sql .= " sa.accountancy_code_sell as company_code_sell";
} else {
$sql .= " s.accountancy_code_sell as company_code_sell";
}
$sql .= " FROM ".MAIN_DB_PREFIX."facture as f";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as co ON co.rowid = s.fk_pays ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."facturedet as l ON f.rowid = l.fk_facture";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON p.accountancy_code_sell = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON p.accountancy_code_sell_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa4 ON s.accountancy_code_sell = aa4.account_number AND aa4.active = 1 AND aa4.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa4.entity = ".$conf->entity;
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
}
$alias_societe_perentity = empty($conf->global->ACCOUNTANCY_COMPANY_SHARED) ? "s" : "sa";
$alias_product_perentity = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p" : "pa";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON " . $alias_product_perentity . ".accountancy_code_sell = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON " . $alias_product_perentity . ".accountancy_code_sell_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON " . $alias_product_perentity . ".accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa4 ON " . $alias_societe_perentity . ".accountancy_code_sell = aa4.account_number AND aa4.active = 1 AND aa4.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa4.entity = ".$conf->entity;
$sql .= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0";
$sql .= " AND l.product_type <= 2";
@ -192,8 +207,8 @@ if ($action == 'validatehistory') {
if ($objp->aarowid_suggest > 0) {
$sqlupdate = "UPDATE ".MAIN_DB_PREFIX."facturedet";
$sqlupdate .= " SET fk_code_ventilation = ".$objp->aarowid_suggest;
$sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".$objp->rowid;
$sqlupdate .= " SET fk_code_ventilation = ".((int) $objp->aarowid_suggest);
$sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".((int) $objp->rowid);
$resqlupdate = $db->query($sqlupdate);
if (!$resqlupdate) {

23
htdocs/accountancy/customer/lines.php
View File

@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2013-2016 Olivier Geffroy <jeff@jeffinfo.com>
* Copyright (C) 2013-2020 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2013-2021 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2014-2015 Ari Elbaz (elarifr) <github@accedinfo.com>
* Copyright (C) 2014-2016 Florian Henry <florian.henry@open-concept.pro>
* Copyright (C) 2014 Juanjo Menent <jmenent@2byte.es>
@ -129,7 +129,7 @@ if (is_array($changeaccount) && count($changeaccount) > 0 && $user->rights->acco
$sql1 = "UPDATE ".MAIN_DB_PREFIX."facturedet as l";
$sql1 .= " SET l.fk_code_ventilation=".(GETPOST('account_parent', 'int') > 0 ? GETPOST('account_parent', 'int') : '0');
$sql1 .= ' WHERE l.rowid IN ('.implode(',', $changeaccount).')';
$sql1 .= ' WHERE l.rowid IN ('.$db->sanitize(implode(',', $changeaccount)).')';
dol_syslog('accountancy/customer/lines.php::changeaccount sql= '.$sql1);
$resql1 = $db->query($sql1);
@ -182,9 +182,13 @@ print '<script type="text/javascript">
$sql = "SELECT f.rowid as facid, f.ref as ref, f.type, f.datef, f.ref_client,";
$sql .= " fd.rowid, fd.description, fd.product_type as line_type, fd.total_ht, fd.total_tva, fd.tva_tx, fd.vat_src_code, fd.total_ttc,";
$sql .= " s.rowid as socid, s.nom as name, s.code_compta, s.code_client,";
$sql .= " p.rowid as product_id, p.fk_product_type as product_type, p.ref as product_ref, p.label as product_label, p.tobuy, p.tosell,";
$sql .= " p.accountancy_code_sell, p.accountancy_code_sell_intra, p.accountancy_code_sell_export,";
$sql .= " aa.rowid as fk_compte, aa.account_number, aa.label, aa.labelshort,";
$sql .= " p.rowid as product_id, p.fk_product_type as product_type, p.ref as product_ref, p.label as product_label,";
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql .= " pa.accountancy_code_sell,";
} else {
$sql .= " p.accountancy_code_sell,";
}
$sql .= " aa.rowid as fk_compte, aa.account_number, aa.label as label_account, aa.labelshort as labelshort_account,";
$sql .= " fd.situation_percent,";
$sql .= " co.code as country_code, co.label as country,";
$sql .= " s.rowid as socid, s.nom as name, s.tva_intra, s.email, s.town, s.zip, s.fk_pays, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta as code_compta_client, s.code_compta_fournisseur";
@ -193,6 +197,9 @@ $reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters); // N
$sql .= $hookmanager->resPrint;
$sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = fd.fk_product";
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
}
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON aa.rowid = fd.fk_code_ventilation";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."facture as f ON f.rowid = fd.fk_facture";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc";
@ -246,11 +253,11 @@ if (strlen(trim($search_country))) {
if ($search_country == 'special_allnotme') {
$sql .= " AND co.code <> '".$db->escape($mysoc->country_code)."'";
} elseif ($search_country == 'special_eec') {
$sql .= " AND co.code IN (".$country_code_in_EEC.")";
$sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC, 1).")";
} elseif ($search_country == 'special_eecnotme') {
$sql .= " AND co.code IN (".$country_code_in_EEC_without_me.")";
$sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC_without_me, 1).")";
} elseif ($search_country == 'special_noteec') {
$sql .= " AND co.code NOT IN (".$country_code_in_EEC.")";
$sql .= " AND co.code NOT IN (".$db->sanitize($country_code_in_EEC, 1).")";
} else {
$sql .= natural_search("co.code", $search_country);
}

39
htdocs/accountancy/customer/list.php
View File

@ -218,24 +218,43 @@ if (empty($chartaccountcode)) {
$sql = "SELECT f.rowid as facid, f.ref as ref, f.datef, f.type as ftype,";
$sql .= " l.rowid, l.fk_product, l.description, l.total_ht, l.fk_code_ventilation, l.product_type as type_l, l.tva_tx as tva_tx_line, l.vat_src_code,";
$sql .= " p.rowid as product_id, p.ref as product_ref, p.label as product_label, p.fk_product_type as type, p.tva_tx as tva_tx_prod,";
$sql .= " p.accountancy_code_sell as code_sell, p.accountancy_code_sell_intra as code_sell_intra, p.accountancy_code_sell_export as code_sell_export,";
$sql .= " p.accountancy_code_buy as code_buy, p.accountancy_code_buy_intra as code_buy_intra, p.accountancy_code_buy_export as code_buy_export,";
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql .= " pa.accountancy_code_sell as code_sell, pa.accountancy_code_sell_intra as code_sell_intra, pa.accountancy_code_sell_export as code_sell_export,";
$sql .= " pa.accountancy_code_buy as code_buy, pa.accountancy_code_buy_intra as code_buy_intra, pa.accountancy_code_buy_export as code_buy_export,";
} else {
$sql .= " p.accountancy_code_sell as code_sell, p.accountancy_code_sell_intra as code_sell_intra, p.accountancy_code_sell_export as code_sell_export,";
$sql .= " p.accountancy_code_buy as code_buy, p.accountancy_code_buy_intra as code_buy_intra, p.accountancy_code_buy_export as code_buy_export,";
}
$sql .= " p.tosell as status, p.tobuy as status_buy,";
$sql .= " aa.rowid as aarowid, aa2.rowid as aarowid_intra, aa3.rowid as aarowid_export, aa4.rowid as aarowid_thirdparty,";
$sql .= " co.code as country_code, co.label as country_label,";
$sql .= " s.rowid as socid, s.nom as name, s.tva_intra, s.email, s.town, s.zip, s.fk_pays, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta as code_compta_client, s.code_compta_fournisseur, s.accountancy_code_sell as company_code_sell";
$sql .= " s.rowid as socid, s.nom as name, s.tva_intra, s.email, s.town, s.zip, s.fk_pays, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta as code_compta_client, s.code_compta_fournisseur,";
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql .= " sa.accountancy_code_sell as company_code_sell";
} else {
$sql .= " s.accountancy_code_sell as company_code_sell";
}
$parameters = array();
$reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters); // Note that $action and $object may have been modified by hook
$sql .= $hookmanager->resPrint;
$sql .= " FROM ".MAIN_DB_PREFIX."facture as f";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc";
if (!empty($conf->global->ACCOUNTANCY_COMPANY_SHARED)) {
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe_perentity as sa ON sa.fk_soc = s.rowid AND sa.entity = " . ((int) $conf->entity);
}
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as co ON co.rowid = s.fk_pays ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."facturedet as l ON f.rowid = l.fk_facture";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON p.accountancy_code_sell = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON p.accountancy_code_sell_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa4 ON s.accountancy_code_sell = aa4.account_number AND aa4.active = 1 AND aa4.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa4.entity = ".$conf->entity;
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
}
$alias_societe_perentity = empty($conf->global->MAIN_COMPANY_PERENTITY_SHARED) ? "s" : "sa";
$alias_product_perentity = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p" : "pa";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON " . $alias_product_perentity . ".accountancy_code_sell = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON " . $alias_product_perentity . ".accountancy_code_sell_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON " . $alias_product_perentity . ".accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa4 ON " . $alias_societe_perentity . ".accountancy_code_sell = aa4.account_number AND aa4.active = 1 AND aa4.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa4.entity = ".$conf->entity;
$sql .= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0";
$sql .= " AND l.product_type <= 2";
// Define begin binding date
@ -283,11 +302,11 @@ if (strlen(trim($search_country))) {
if ($search_country == 'special_allnotme') {
$sql .= " AND co.code <> '".$db->escape($mysoc->country_code)."'";
} elseif ($search_country == 'special_eec') {
$sql .= " AND co.code IN (".$country_code_in_EEC.")";
$sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC, 1).")";
} elseif ($search_country == 'special_eecnotme') {
$sql .= " AND co.code IN (".$country_code_in_EEC_without_me.")";
$sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC_without_me, 1).")";
} elseif ($search_country == 'special_noteec') {
$sql .= " AND co.code NOT IN (".$country_code_in_EEC.")";
$sql .= " AND co.code NOT IN (".$db->sanitize($country_code_in_EEC, 1).")";
} else {
$sql .= natural_search("co.code", $search_country);
}

2
htdocs/accountancy/expensereport/card.php
View File

@ -64,7 +64,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) {
}
$sql = " UPDATE ".MAIN_DB_PREFIX."expensereport_det";
$sql .= " SET fk_code_ventilation = ".$codeventil;
$sql .= " SET fk_code_ventilation = ".((int) $codeventil);
$sql .= " WHERE rowid = ".((int) $id);
$resql = $db->query($sql);

2
htdocs/accountancy/expensereport/lines.php
View File

@ -119,7 +119,7 @@ if (is_array($changeaccount) && count($changeaccount) > 0 && $user->rights->acco
$sql1 = "UPDATE ".MAIN_DB_PREFIX."expensereport_det as erd";
$sql1 .= " SET erd.fk_code_ventilation=".(GETPOST('account_parent', 'int') > 0 ? GETPOST('account_parent', 'int') : '0');
$sql1 .= ' WHERE erd.rowid IN ('.implode(',', $changeaccount).')';
$sql1 .= ' WHERE erd.rowid IN ('.$db->sanitize(implode(',', $changeaccount)).')';
dol_syslog('accountancy/expensereport/lines.php::changeaccount sql= '.$sql1);
$resql1 = $db->query($sql1);

4
htdocs/accountancy/expensereport/list.php
View File

@ -153,8 +153,8 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) {
$ko++;
} else {
$sql = " UPDATE ".MAIN_DB_PREFIX."expensereport_det";
$sql .= " SET fk_code_ventilation = ".$monCompte;
$sql .= " WHERE rowid = ".$monId;
$sql .= " SET fk_code_ventilation = ".((int) $monCompte);
$sql .= " WHERE rowid = ".((int) $monId);
$accountventilated = new AccountingAccount($db);
$accountventilated->fetch($monCompte, '', 1);

9
htdocs/accountancy/journal/bankjournal.php
View File

@ -421,7 +421,7 @@ if ($result) {
//$tabtp[$obj->rowid][$account_pay_loan] += $obj->amount;
$sqlmid = 'SELECT pl.amount_capital, pl.amount_insurance, pl.amount_interest, l.accountancy_account_capital, l.accountancy_account_insurance, l.accountancy_account_interest';
$sqlmid .= ' FROM '.MAIN_DB_PREFIX.'payment_loan as pl, '.MAIN_DB_PREFIX.'loan as l';
$sqlmid .= ' WHERE l.rowid = pl.fk_loan AND pl.fk_bank = '.$obj->rowid;
$sqlmid .= ' WHERE l.rowid = pl.fk_loan AND pl.fk_bank = '.((int) $obj->rowid);
dol_syslog("accountancy/journal/bankjournal.php:: sqlmid=".$sqlmid, LOG_DEBUG);
$resultmid = $db->query($sqlmid);
@ -997,8 +997,11 @@ if (empty($action) || $action == 'view') {
if (($conf->global->ACCOUNTING_ACCOUNT_CUSTOMER == "") || $conf->global->ACCOUNTING_ACCOUNT_CUSTOMER == '-1'
|| ($conf->global->ACCOUNTING_ACCOUNT_SUPPLIER == "") || $conf->global->ACCOUNTING_ACCOUNT_SUPPLIER == '-1'
|| empty($conf->global->SALARIES_ACCOUNTING_ACCOUNT_PAYMENT) || $conf->global->SALARIES_ACCOUNTING_ACCOUNT_PAYMENT == '-1') {
print '<br>'.img_warning().' '.$langs->trans("SomeMandatoryStepsOfSetupWereNotDone");
print ' : '.$langs->trans("AccountancyAreaDescMisc", 4, '<strong>'.$langs->transnoentitiesnoconv("MenuAccountancy").'-'.$langs->transnoentitiesnoconv("Setup")."-".$langs->transnoentitiesnoconv("MenuDefaultAccounts").'</strong>');
print '<br><div class="warning">'.img_warning().' '.$langs->trans("SomeMandatoryStepsOfSetupWereNotDone");
$desc = ' : '.$langs->trans("AccountancyAreaDescMisc", 4, '{link}');
$desc = str_replace('{link}', '<strong>'.$langs->transnoentitiesnoconv("MenuAccountancy").'-'.$langs->transnoentitiesnoconv("Setup")."-".$langs->transnoentitiesnoconv("MenuDefaultAccounts").'</strong>', $desc);
print $desc;
print '</div>';
}

7
htdocs/accountancy/journal/expensereportsjournal.php
View File

@ -506,8 +506,11 @@ if (empty($action) || $action == 'view') {
// Button to write into Ledger
if (empty($conf->global->SALARIES_ACCOUNTING_ACCOUNT_PAYMENT) || $conf->global->SALARIES_ACCOUNTING_ACCOUNT_PAYMENT == '-1') {
print '<br>'.img_warning().' '.$langs->trans("SomeMandatoryStepsOfSetupWereNotDone");
print ' : '.$langs->trans("AccountancyAreaDescMisc", 4, '<strong>'.$langs->transnoentitiesnoconv("MenuAccountancy").'-'.$langs->transnoentitiesnoconv("Setup")."-".$langs->transnoentitiesnoconv("MenuDefaultAccounts").'</strong>');
print '<br><div class="warning">'.img_warning().' '.$langs->trans("SomeMandatoryStepsOfSetupWereNotDone");
$desc = ' : '.$langs->trans("AccountancyAreaDescMisc", 4, '{link}');
$desc = str_replace('{link}', '<strong>'.$langs->transnoentitiesnoconv("MenuAccountancy").'-'.$langs->transnoentitiesnoconv("Setup")."-".$langs->transnoentitiesnoconv("MenuDefaultAccounts").'</strong>', $desc);
print $desc;
print '</div>';
}
print '<div class="tabsAction tabsActionNoBottom">';

8
htdocs/accountancy/journal/purchasesjournal.php
View File

@ -735,9 +735,11 @@ if (empty($action) || $action == 'view') {
// Button to write into Ledger
if (($conf->global->ACCOUNTING_ACCOUNT_SUPPLIER == "") || $conf->global->ACCOUNTING_ACCOUNT_SUPPLIER == '-1') {
print '<br>';
print img_warning().' '.$langs->trans("SomeMandatoryStepsOfSetupWereNotDone");
print ' : '.$langs->trans("AccountancyAreaDescMisc", 4, '<strong>'.$langs->transnoentitiesnoconv("MenuAccountancy").'-'.$langs->transnoentitiesnoconv("Setup")."-".$langs->transnoentitiesnoconv("MenuDefaultAccounts").'</strong>');
print '<br><div class="warning">'.img_warning().' '.$langs->trans("SomeMandatoryStepsOfSetupWereNotDone");
$desc = ' : '.$langs->trans("AccountancyAreaDescMisc", 4, '{link}');
$desc = str_replace('{link}', '<strong>'.$langs->transnoentitiesnoconv("MenuAccountancy").'-'.$langs->transnoentitiesnoconv("Setup")."-".$langs->transnoentitiesnoconv("MenuDefaultAccounts").'</strong>', $desc);
print $desc;
print '</div>';
}
print '<div class="tabsAction tabsActionNoBottom">';
if (!empty($conf->global->ACCOUNTING_ENABLE_EXPORT_DRAFT_JOURNAL) && $in_bookkeeping == 'notyet') {

20
htdocs/accountancy/journal/sellsjournal.php
View File

@ -4,7 +4,7 @@
* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2012 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2013 Christophe Battarel <christophe.battarel@altairis.fr>
* Copyright (C) 2013-2018 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2013-2021 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2013-2016 Florian Henry <florian.henry@open-concept.pro>
* Copyright (C) 2013-2016 Olivier Geffroy <jeff@jeffinfo.com>
* Copyright (C) 2014 Raphaël Doursenaud <rdoursenaud@gpcsolutions.fr>
@ -108,9 +108,17 @@ if (!GETPOSTISSET('date_startmonth') && (empty($date_start) || empty($date_end))
$sql = "SELECT f.rowid, f.ref, f.type, f.datef as df, f.ref_client, f.date_lim_reglement as dlr, f.close_code,";
$sql .= " fd.rowid as fdid, fd.description, fd.product_type, fd.total_ht, fd.total_tva, fd.total_localtax1, fd.total_localtax2, fd.tva_tx, fd.total_ttc, fd.situation_percent, fd.vat_src_code,";
$sql .= " s.rowid as socid, s.nom as name, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur,";
$sql .= " p.rowid as pid, p.ref as pref, p.accountancy_code_sell, aa.rowid as fk_compte, aa.account_number as compte, aa.label as label_compte";
$sql .= " p.rowid as pid, p.ref as pref, aa.rowid as fk_compte, aa.account_number as compte, aa.label as label_compte,";
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql .= " pa.accountancy_code_sell";
} else {
$sql .= " p.accountancy_code_sell";
}
$sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = fd.fk_product";
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
}
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON aa.rowid = fd.fk_code_ventilation";
$sql .= " JOIN ".MAIN_DB_PREFIX."facture as f ON f.rowid = fd.fk_facture";
$sql .= " JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc";
@ -680,9 +688,11 @@ if (empty($action) || $action == 'view') {
// Button to write into Ledger
if (($conf->global->ACCOUNTING_ACCOUNT_CUSTOMER == "") || $conf->global->ACCOUNTING_ACCOUNT_CUSTOMER == '-1') {
print '<br>';
print img_warning().' '.$langs->trans("SomeMandatoryStepsOfSetupWereNotDone");
print ' : '.$langs->trans("AccountancyAreaDescMisc", 4, '<strong>'.$langs->transnoentitiesnoconv("MenuAccountancy").'-'.$langs->transnoentitiesnoconv("Setup")."-".$langs->transnoentitiesnoconv("MenuDefaultAccounts").'</strong>');
print '<br><div class="warning">'.img_warning().' '.$langs->trans("SomeMandatoryStepsOfSetupWereNotDone");
$desc = ' : '.$langs->trans("AccountancyAreaDescMisc", 4, '{link}');
$desc = str_replace('{link}', '<strong>'.$langs->transnoentitiesnoconv("MenuAccountancy").'-'.$langs->transnoentitiesnoconv("Setup")."-".$langs->transnoentitiesnoconv("MenuDefaultAccounts").'</strong>', $desc);
print $desc;
print '</div>';
}
print '<div class="tabsAction tabsActionNoBottom">';
if (!empty($conf->global->ACCOUNTING_ENABLE_EXPORT_DRAFT_JOURNAL) && $in_bookkeeping == 'notyet') {

2
htdocs/accountancy/supplier/card.php
View File

@ -64,7 +64,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) {
}
$sql = " UPDATE ".MAIN_DB_PREFIX."facture_fourn_det";
$sql .= " SET fk_code_ventilation = ".$codeventil;
$sql .= " SET fk_code_ventilation = ".((int) $codeventil);
$sql .= " WHERE rowid = ".((int) $id);
$resql = $db->query($sql);

4
htdocs/accountancy/supplier/index.php
View File

@ -193,8 +193,8 @@ if ($action == 'validatehistory') {
if ($objp->aarowid_suggest > 0) {
$sqlupdate = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det";
$sqlupdate .= " SET fk_code_ventilation = ".$objp->aarowid_suggest;
$sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".$objp->rowid;
$sqlupdate .= " SET fk_code_ventilation = ".((int) $objp->aarowid_suggest);
$sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".((int) $objp->rowid);
$resqlupdate = $db->query($sqlupdate);
if (!$resqlupdate) {

8
htdocs/accountancy/supplier/lines.php
View File

@ -130,7 +130,7 @@ if (is_array($changeaccount) && count($changeaccount) > 0) {
$sql1 = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det as l";
$sql1 .= " SET l.fk_code_ventilation=".(GETPOST('account_parent', 'int') > 0 ? GETPOST('account_parent', 'int') : '0');
$sql1 .= ' WHERE l.rowid IN ('.implode(',', $changeaccount).')';
$sql1 .= ' WHERE l.rowid IN ('.$db->sanitize(implode(',', $changeaccount)).')';
dol_syslog('accountancy/supplier/lines.php::changeaccount sql= '.$sql1);
$resql1 = $db->query($sql1);
@ -238,11 +238,11 @@ if (strlen(trim($search_country))) {
if ($search_country == 'special_allnotme') {
$sql .= " AND co.code <> '".$db->escape($mysoc->country_code)."'";
} elseif ($search_country == 'special_eec') {
$sql .= " AND co.code IN (".$country_code_in_EEC.")";
$sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC, 1).")";
} elseif ($search_country == 'special_eecnotme') {
$sql .= " AND co.code IN (".$country_code_in_EEC_without_me.")";
$sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC_without_me, 1).")";
} elseif ($search_country == 'special_noteec') {
$sql .= " AND co.code NOT IN (".$country_code_in_EEC.")";
$sql .= " AND co.code NOT IN (".$db->sanitize($country_code_in_EEC, 1).")";
} else {
$sql .= natural_search("co.code", $search_country);
}

43
htdocs/accountancy/supplier/list.php
View File

@ -177,8 +177,8 @@ if ($massaction == 'ventil') {
$ko++;
} else {
$sql = " UPDATE ".MAIN_DB_PREFIX."facture_fourn_det";
$sql .= " SET fk_code_ventilation = ".$monCompte;
$sql .= " WHERE rowid = ".$monId;
$sql .= " SET fk_code_ventilation = ".((int) $monCompte);
$sql .= " WHERE rowid = ".((int) $monId);
$accountventilated = new AccountingAccount($db);
$accountventilated->fetch($monCompte, '', 1);
@ -223,24 +223,41 @@ if (empty($chartaccountcode)) {
$sql = "SELECT f.rowid as facid, f.ref, f.ref_supplier, f.libelle as invoice_label, f.datef, f.type as ftype,";
$sql .= " l.rowid, l.fk_product, l.description, l.total_ht, l.fk_code_ventilation, l.product_type as type_l, l.tva_tx as tva_tx_line, l.vat_src_code,";
$sql .= " p.rowid as product_id, p.ref as product_ref, p.label as product_label, p.fk_product_type as type, p.tva_tx as tva_tx_prod,";
$sql .= " p.accountancy_code_sell as code_sell, p.accountancy_code_sell_intra as code_sell_intra, p.accountancy_code_sell_export as code_sell_export,";
$sql .= " p.accountancy_code_buy as code_buy, p.accountancy_code_buy_intra as code_buy_intra, p.accountancy_code_buy_export as code_buy_export,";
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql .= " pa.accountancy_code_sell as code_sell, pa.accountancy_code_sell_intra as code_sell_intra, pa.accountancy_code_sell_export as code_sell_export,";
$sql .= " pa.accountancy_code_buy as code_buy, pa.accountancy_code_buy_intra as code_buy_intra, pa.accountancy_code_buy_export as code_buy_export,";
} else {
$sql .= " p.accountancy_code_sell as code_sell, p.accountancy_code_sell_intra as code_sell_intra, p.accountancy_code_sell_export as code_sell_export,";
$sql .= " p.accountancy_code_buy as code_buy, p.accountancy_code_buy_intra as code_buy_intra, p.accountancy_code_buy_export as code_buy_export,";
}
$sql .= " p.tosell as status, p.tobuy as status_buy,";
$sql .= " aa.rowid as aarowid, aa2.rowid as aarowid_intra, aa3.rowid as aarowid_export, aa4.rowid as aarowid_thirdparty,";
$sql .= " co.code as country_code, co.label as country_label,";
$sql .= " s.rowid as socid, s.nom as name, s.tva_intra, s.email, s.town, s.zip, s.fk_pays, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta as code_compta_client, s.code_compta_fournisseur, s.accountancy_code_buy as company_code_buy";
$sql .= " s.rowid as socid, s.nom as name, s.tva_intra, s.email, s.town, s.zip, s.fk_pays, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta as code_compta_client, s.code_compta_fournisseur,";
if (!empty($conf->global->MAIN_COMPANY_PERENTITY_SHARED)) {
$sql .= " sa.accountancy_code_buy as company_code_buy";
} else {
$sql .= " s.accountancy_code_buy as company_code_buy";
}
$parameters = array();
$reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters); // Note that $action and $object may have been modified by hook
$sql .= $hookmanager->resPrint;
$sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn as f";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc";
if (!empty($conf->global->MAIN_COMPANY_PERENTITY_SHARED)) {
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe_perentity as sa ON sa.fk_soc = s.rowid AND sa.entity = " . ((int) $conf->entity);
}
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as co ON co.rowid = s.fk_pays ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."facture_fourn_det as l ON f.rowid = l.fk_facture_fourn";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON p.accountancy_code_buy = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON p.accountancy_code_buy_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_buy_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa4 ON s.accountancy_code_buy = aa4.account_number AND aa4.active = 1 AND aa4.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa4.entity = ".$conf->entity;
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
}
$alias_societe_perentity = empty($conf->global->MAIN_COMPANY_PERENTITY_SHARED) ? "s" : "sa";
$alias_product_perentity = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p" : "pa";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON " . $alias_product_perentity . ".accountancy_code_buy = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON " . $alias_product_perentity . ".accountancy_code_buy_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON " . $alias_product_perentity . ".accountancy_code_buy_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa4 ON " . $alias_societe_perentity . ".accountancy_code_buy = aa4.account_number AND aa4.active = 1 AND aa4.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa4.entity = ".$conf->entity;
$sql .= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0";
$sql .= " AND l.product_type <= 2";
// Define begin binding date
@ -288,11 +305,11 @@ if (strlen(trim($search_country))) {
if ($search_country == 'special_allnotme') {
$sql .= " AND co.code <> '".$db->escape($mysoc->country_code)."'";
} elseif ($search_country == 'special_eec') {
$sql .= " AND co.code IN (".$country_code_in_EEC.")";
$sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC, 1).")";
} elseif ($search_country == 'special_eecnotme') {
$sql .= " AND co.code IN (".$country_code_in_EEC_without_me.")";
$sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC_without_me, 1).")";
} elseif ($search_country == 'special_noteec') {
$sql .= " AND co.code NOT IN (".$country_code_in_EEC.")";
$sql .= " AND co.code NOT IN (".$db->sanitize($country_code_in_EEC, 1).")";
} else {
$sql .= natural_search("co.code", $search_country);
}

19
htdocs/adherents/admin/member.php
View File

@ -8,7 +8,8 @@
* Copyright (C) 2011-2012 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2012 J. Fernando Lagrange <fernando@demo-tic.org>
* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
* Copyright (C) 2020-2021 Frédéric France <frederic.france@netlogic.fr>
* Copyright (C) 2020-2021 Frédéric France <frederic.france@netlogic.fr>
* Copyright (C) 2021 Waël Almoman <info@almoman.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -33,6 +34,7 @@
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/member.lib.php';
require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent_type.class.php';
// Load translation files required by the page
$langs->loadLangs(array("admin", "members"));
@ -101,11 +103,12 @@ if ($action == 'set_default') {
}
} elseif ($action == 'updateall') {
$db->begin();
$res1 = $res2 = $res3 = $res4 = $res5 = $res6 = 0;
$res1 = $res2 = $res3 = $res4 = $res5 = $res6 = $res7 = 0;
$res1 = dolibarr_set_const($db, 'ADHERENT_LOGIN_NOT_REQUIRED', GETPOST('ADHERENT_LOGIN_NOT_REQUIRED', 'alpha') ? 0 : 1, 'chaine', 0, '', $conf->entity);
$res2 = dolibarr_set_const($db, 'ADHERENT_MAIL_REQUIRED', GETPOST('ADHERENT_MAIL_REQUIRED', 'alpha'), 'chaine', 0, '', $conf->entity);
$res3 = dolibarr_set_const($db, 'ADHERENT_DEFAULT_SENDINFOBYMAIL', GETPOST('ADHERENT_DEFAULT_SENDINFOBYMAIL', 'alpha'), 'chaine', 0, '', $conf->entity);
$res4 = dolibarr_set_const($db, 'ADHERENT_BANK_USE', GETPOST('ADHERENT_BANK_USE', 'alpha'), 'chaine', 0, '', $conf->entity);
$res7 = dolibarr_set_const($db, "MEMBER_SUBSCRIPTION_AMOUNT_BY_TYPE", json_encode(GETPOST('MEMBER_SUBSCRIPTION_AMOUNT_BY_TYPE')), 'array', 0, '', $conf->entity);
// Use vat for invoice creation
if ($conf->facture->enabled) {
$res4 = dolibarr_set_const($db, 'ADHERENT_VAT_FOR_SUBSCRIPTIONS', GETPOST('ADHERENT_VAT_FOR_SUBSCRIPTIONS', 'alpha'), 'chaine', 0, '', $conf->entity);
@ -217,6 +220,18 @@ print '<tr class="oddeven"><td>'.$langs->trans("MemberSendInformationByMailByDef
print $form->selectyesno('ADHERENT_DEFAULT_SENDINFOBYMAIL', (!empty($conf->global->ADHERENT_DEFAULT_SENDINFOBYMAIL) ? $conf->global->ADHERENT_DEFAULT_SENDINFOBYMAIL : 0), 1);
print "</td></tr>\n";
// Amount by member type
$adht = new AdherentType($db);
$amountbytype = empty($conf->global->MEMBER_SUBSCRIPTION_AMOUNT_BY_TYPE) ? -1 : json_decode($conf->global->MEMBER_SUBSCRIPTION_AMOUNT_BY_TYPE, true);
print '<tr class="oddeven"><td>'.$langs->trans("DefineAmountMemberType").'</td><td>';
foreach ($adht->liste_array(1) as $typeid => $type) {
print $type .' : ';
print '<input type="text" id="MEMBER_SUBSCRIPTION_AMOUNT_BY_TYPE['.$typeid.']" name="MEMBER_SUBSCRIPTION_AMOUNT_BY_TYPE['.$typeid.']" " size="5" value="'.(!empty($amountbytype[$typeid]) ? $amountbytype[$typeid] : '').'">';
print '<br>';
}
print "</td></tr>\n";
// Insert subscription into bank account
print '<tr class="oddeven"><td>'.$langs->trans("MoreActionsOnSubscription").'</td>';
$arraychoices = array('0'=>$langs->trans("None"));

2
htdocs/adherents/admin/website.php
View File

@ -177,7 +177,7 @@ if (!empty($conf->global->MEMBER_ENABLE_PUBLIC)) {
print $langs->trans("ForceMemberType");
print '</td><td class="right">';
$listofval = array();
$listofval += $adht->liste_array();
$listofval += $adht->liste_array(1);
$forcetype = empty($conf->global->MEMBER_NEWFORM_FORCETYPE) ? -1 : $conf->global->MEMBER_NEWFORM_FORCETYPE;
print $form->selectarray("MEMBER_NEWFORM_FORCETYPE", $listofval, $forcetype, count($listofval) > 1 ? 1 : 0);
print "</td></tr>\n";

34
htdocs/adherents/canvas/actions_adherentcard_common.class.php
View File

@ -253,27 +253,27 @@ abstract class ActionsAdherentCardCommon
// phpcs:enable
global $langs, $mysoc;
$this->object->old_name = $_POST["old_name"];
$this->object->old_firstname = $_POST["old_firstname"];
$this->object->old_name = GETPOST("old_name");
$this->object->old_firstname = GETPOST("old_firstname");
$this->object->fk_soc = $_POST["fk_soc"];
$this->object->lastname = $_POST["lastname"];
$this->object->firstname = $_POST["firstname"];
$this->object->civility_id = $_POST["civility_id"];
$this->object->address = $_POST["address"];
$this->object->zip = $_POST["zipcode"];
$this->object->town = $_POST["town"];
$this->object->country_id = $_POST["country_id"] ? $_POST["country_id"] : $mysoc->country_id;
$this->object->state_id = $_POST["state_id"];
$this->object->phone_perso = $_POST["phone_perso"];
$this->object->phone_mobile = $_POST["phone_mobile"];
$this->object->email = $_POST["email"];
$this->object->note = $_POST["note"];
$this->object->canvas = $_POST["canvas"];
$this->object->fk_soc = GETPOST("fk_soc");
$this->object->lastname = GETPOST("lastname");
$this->object->firstname = GETPOST("firstname");
$this->object->civility_id = GETPOST("civility_id");
$this->object->address = GETPOST("address");
$this->object->zip = GETPOST("zipcode");
$this->object->town = GETPOST("town");
$this->object->country_id = GETPOST("country_id", 'int') ? GETPOST("country_id", 'int') : $mysoc->country_id;
$this->object->state_id = GETPOST("state_id", 'int');
$this->object->phone_perso = GETPOST("phone_perso");
$this->object->phone_mobile = GETPOST("phone_mobile");
$this->object->email = GETPOST("email", 'alphawithlgt');
$this->object->note = GETPOST("note", 'restricthtml');
$this->object->canvas = GETPOST("canvas");
// We set country_id, and country_code label of the chosen country
if ($this->object->country_id) {
$sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".$this->object->country_id;
$sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".((int) $this->object->country_id);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);

183
htdocs/adherents/card.php
View File

@ -7,6 +7,7 @@
* Copyright (C) 2012-2020 Philippe Grand <philippe.grand@atoo-net.com>
* Copyright (C) 2015-2018 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2018-2020 Frédéric France <frederic.france@netlogic.fr>
* Copyright (C) 2021 Waël Almoman <info@almoman.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -84,12 +85,10 @@ if (!empty($canvas)) {
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('membercard', 'globalcard'));
// Security check
$result = restrictedArea($user, 'adherent', $id, '', '', 'socid', 'rowid', 0);
if ($id > 0) {
// Fetch object
if ($id > 0 || !empty($ref)) {
// Load member
$result = $object->fetch($id);
$result = $object->fetch($id, $ref);
// Define variables to know what current user can do on users
$canadduser = ($user->admin || $user->rights->user->user->creer);
@ -97,9 +96,9 @@ if ($id > 0) {
if ($object->user_id) {
// $User is the user who edits, $object->user_id is the id of the related user in the edited member
$caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer)
|| (($user->id != $object->user_id) && $user->rights->user->user->creer));
|| (($user->id != $object->user_id) && $user->rights->user->user->creer));
$caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password)
|| (($user->id != $object->user_id) && $user->rights->user->user->password));
|| (($user->id != $object->user_id) && $user->rights->user->user->password));
}
}
@ -110,6 +109,8 @@ if ($id) {
$caneditfieldmember = $user->rights->adherent->creer;
}
// Security check
$result = restrictedArea($user, 'adherent', $object->id, '', '', 'socid', 'rowid', 0);
/*
@ -331,62 +332,66 @@ if (empty($reshook)) {
}
}
$result = $object->update($user, 0, $nosyncuser, $nosyncuserpass);
if (!$error) {
$result = $object->update($user, 0, $nosyncuser, $nosyncuserpass);
if ($result >= 0 && !count($object->errors)) {
$categories = GETPOST('memcats', 'array');
$object->setCategories($categories);
if ($result >= 0 && !count($object->errors)) {
$categories = GETPOST('memcats', 'array');
$object->setCategories($categories);
// Logo/Photo save
$dir = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos';
$file_OK = is_uploaded_file($_FILES['photo']['tmp_name']);
if ($file_OK) {
if (GETPOST('deletephoto')) {
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
$fileimg = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos/'.$object->photo;
$dirthumbs = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos/thumbs';
dol_delete_file($fileimg);
dol_delete_dir_recursive($dirthumbs);
}
// Logo/Photo save
$dir = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos';
$file_OK = is_uploaded_file($_FILES['photo']['tmp_name']);
if ($file_OK) {
if (GETPOST('deletephoto')) {
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
$fileimg = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos/'.$object->photo;
$dirthumbs = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos/thumbs';
dol_delete_file($fileimg);
dol_delete_dir_recursive($dirthumbs);
}
if (image_format_supported($_FILES['photo']['name']) > 0) {
dol_mkdir($dir);
if (image_format_supported($_FILES['photo']['name']) > 0) {
dol_mkdir($dir);
if (@is_dir($dir)) {
$newfile = $dir.'/'.dol_sanitizeFileName($_FILES['photo']['name']);
if (!dol_move_uploaded_file($_FILES['photo']['tmp_name'], $newfile, 1, 0, $_FILES['photo']['error']) > 0) {
setEventMessages($langs->trans("ErrorFailedToSaveFile"), null, 'errors');
} else {
// Create thumbs
$object->addThumbs($newfile);
if (@is_dir($dir)) {
$newfile = $dir.'/'.dol_sanitizeFileName($_FILES['photo']['name']);
if (!dol_move_uploaded_file($_FILES['photo']['tmp_name'], $newfile, 1, 0, $_FILES['photo']['error']) > 0) {
setEventMessages($langs->trans("ErrorFailedToSaveFile"), null, 'errors');
} else {
// Create thumbs
$object->addThumbs($newfile);
}
}
} else {
setEventMessages("ErrorBadImageFormat", null, 'errors');
}
} else {
setEventMessages("ErrorBadImageFormat", null, 'errors');
switch ($_FILES['photo']['error']) {
case 1: //uploaded file exceeds the upload_max_filesize directive in php.ini
case 2: //uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the html form
$errors[] = "ErrorFileSizeTooLarge";
break;
case 3: //uploaded file was only partially uploaded
$errors[] = "ErrorFilePartiallyUploaded";
break;
}
}
$rowid = $object->id;
$id = $object->id;
$action = '';
if (!empty($backtopage)) {
header("Location: ".$backtopage);
exit;
}
} else {
switch ($_FILES['photo']['error']) {
case 1: //uploaded file exceeds the upload_max_filesize directive in php.ini
case 2: //uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the html form
$errors[] = "ErrorFileSizeTooLarge";
break;
case 3: //uploaded file was only partially uploaded
$errors[] = "ErrorFilePartiallyUploaded";
break;
}
}
$rowid = $object->id;
$id = $object->id;
$action = '';
if (!empty($backtopage)) {
header("Location: ".$backtopage);
exit;
setEventMessages($object->error, $object->errors, 'errors');
$action = '';
}
} else {
setEventMessages($object->error, $object->errors, 'errors');
$action = '';
$action = 'edit';
}
} else {
$action = 'edit';
@ -550,7 +555,6 @@ if (empty($reshook)) {
$db->commit();
$rowid = $object->id;
$id = $object->id;
$action = '';
} else {
$db->rollback();
@ -559,12 +563,41 @@ if (empty($reshook)) {
} else {
setEventMessages($object->error, $object->errors, 'errors');
}
$action = 'create';
}
} else {
$action = 'create';
// Auto-create thirdparty on member creation
if (!empty($conf->global->ADHERENT_DEFAULT_CREATE_THIRDPARTY)) {
if ($result > 0) {
// User creation
$company = new Societe($db);
$companyalias = '';
$fullname = $object->getFullName($langs);
if ($object->morphy == 'mor') {
$companyname = $object->company;
if (!empty($fullname)) {
$companyalias = $fullname;
}
} else {
$companyname = $fullname;
if (!empty($object->company)) {
$companyalias = $object->company;
}
}
$result = $company->create_from_member($object, $companyname, $companyalias);
if ($result < 0) {
$langs->load("errors");
setEventMessages($langs->trans($company->error), null, 'errors');
setEventMessages($company->error, $company->errors, 'errors');
}
} else {
setEventMessages($object->error, $object->errors, 'errors');
}
}
}
$action = ($result < 0 || !$error) ? '' : 'create';
}
if ($user->rights->adherent->supprimer && $action == 'confirm_delete' && $confirm == 'yes') {
@ -1830,7 +1863,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
// Send
if (empty($user->socid)) {
if ($object->statut == 1) {
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=presend&mode=init#formmailbeforetitle">'.$langs->trans('SendMail').'</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=presend&mode=init#formmailbeforetitle">'.$langs->trans('SendMail').'</a></div>'."\n";
}
}
@ -1856,17 +1889,17 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
// Modify
if ($user->rights->adherent->creer) {
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$id.'&action=edit">'.$langs->trans("Modify")."</a></div>";
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$id.'&action=edit">'.$langs->trans("Modify").'</a></div>'."\n";
} else {
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Modify").'</font></div>';
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Modify").'</font></div>'."\n";
}
// Validate
if ($object->statut == -1) {
if ($user->rights->adherent->creer) {
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$id.'&action=valid">'.$langs->trans("Validate")."</a></div>\n";
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$id.'&action=valid">'.$langs->trans("Validate").'</a></div>'."\n";
} else {
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Validate").'</font></div>';
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Validate").'</font></div>'."\n";
}
}
@ -1875,7 +1908,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
if ($user->rights->adherent->creer) {
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$id.'&action=valid">'.$langs->trans("Reenable")."</a></div>\n";
} else {
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Reenable")."</font></div>";
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Reenable").'</font></div>'."\n";
}
}
@ -1884,7 +1917,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
if ($user->rights->adherent->supprimer) {
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$id.'&action=resiliate">'.$langs->trans("Resiliate")."</a></div>\n";
} else {
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Resiliate")."</font></div>";
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Resiliate").'</font></div>'."\n";
}
}
@ -1893,7 +1926,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
if ($user->rights->adherent->supprimer) {
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$id.'&action=exclude">'.$langs->trans("Exclude")."</a></div>\n";
} else {
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Exclude")."</font></div>";
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Exclude").'</font></div>'."\n";
}
}
@ -1901,12 +1934,12 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
if (!empty($conf->societe->enabled) && !$object->socid) {
if ($user->rights->societe->creer) {
if ($object->statut != -1) {
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?rowid='.$object->id.'&amp;action=create_thirdparty">'.$langs->trans("CreateDolibarrThirdParty").'</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?rowid='.$object->id.'&amp;action=create_thirdparty">'.$langs->trans("CreateDolibarrThirdParty").'</a></div>'."\n";;
} else {
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("ValidateBefore")).'">'.$langs->trans("CreateDolibarrThirdParty").'</a></div>';
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("ValidateBefore")).'">'.$langs->trans("CreateDolibarrThirdParty").'</a></div>'."\n";
}
} else {
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("CreateDolibarrThirdParty")."</font></div>";
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("CreateDolibarrThirdParty").'</font></div>'."\n";
}
}
@ -1914,12 +1947,12 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
if (!$user->socid && !$object->user_id) {
if ($user->rights->user->user->creer) {
if ($object->statut != -1) {
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?rowid='.$object->id.'&amp;action=create_user">'.$langs->trans("CreateDolibarrLogin").'</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?rowid='.$object->id.'&amp;action=create_user">'.$langs->trans("CreateDolibarrLogin").'</a></div>'."\n";
} else {
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("ValidateBefore")).'">'.$langs->trans("CreateDolibarrLogin").'</a></div>';
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("ValidateBefore")).'">'.$langs->trans("CreateDolibarrLogin").'</a></div>'."\n";
}
} else {
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("CreateDolibarrLogin")."</font></div>";
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("CreateDolibarrLogin").'</font></div>'."\n";
}
}
@ -1928,18 +1961,18 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
$isinspip = $mailmanspip->is_in_spip($object);
if ($isinspip == 1) {
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$object->id.'&action=del_spip">'.$langs->trans("DeleteIntoSpip")."</a></div>\n";
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$object->id.'&action=del_spip">'.$langs->trans("DeleteIntoSpip").'</a></div>'."\n";
}
if ($isinspip == 0) {
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$object->id.'&action=add_spip">'.$langs->trans("AddIntoSpip")."</a></div>\n";
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$object->id.'&action=add_spip">'.$langs->trans("AddIntoSpip").'</a></div>'."\n";
}
}
// Delete
if ($user->rights->adherent->supprimer) {
print '<div class="inline-block divButAction"><a class="butActionDelete" href="card.php?rowid='.$object->id.'&action=delete&token='.newToken().'">'.$langs->trans("Delete")."</a></div>\n";
print '<div class="inline-block divButAction"><a class="butActionDelete" href="card.php?rowid='.$object->id.'&action=delete&token='.newToken().'">'.$langs->trans("Delete").'</a></div>'."\n";
} else {
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Delete")."</font></div>";
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Delete").'</font></div>'."\n";
}
}
}

21
htdocs/adherents/class/adherent.class.php
View File

@ -13,6 +13,7 @@
* Copyright (C) 2018-2019 Thibault FOUCART <support@ptibogxiv.net>
* Copyright (C) 2019 Nicolas ZABOURI <info@inovea-conseil.com>
* Copyright (C) 2020 Josep Lluís Amador <joseplluis@lliuretic.cat>
* Copyright (C) 2021 Waël Almoman <info@almoman.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -691,7 +692,7 @@ class Adherent extends CommonObject
$sql .= ", datevalid = '".$this->db->idate($this->datevalid)."'"; // Must be modified only when validating a member
}
$sql .= ", fk_user_mod = ".($user->id > 0 ? $user->id : 'null'); // Can be null because member can be create by a guest
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
// If we change the type of membership, we set also label of new type
if (!empty($this->oldcopy) && $this->typeid != $this->oldcopy->typeid) {
@ -963,7 +964,7 @@ class Adherent extends CommonObject
}
// Remove category
$sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_member WHERE fk_member = ".$rowid;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_member WHERE fk_member = ".((int) $rowid);
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@ -974,7 +975,7 @@ class Adherent extends CommonObject
// Remove subscription
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE fk_adherent = ".$rowid;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE fk_adherent = ".((int) $rowid);
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@ -1006,7 +1007,7 @@ class Adherent extends CommonObject
// Remove adherent
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent WHERE rowid = ".$rowid;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent WHERE rowid = ".((int) $rowid);
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@ -1141,7 +1142,7 @@ class Adherent extends CommonObject
$this->db->begin();
// If user is linked to this member, remove old link to this member
$sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL WHERE fk_member = ".$this->id;
$sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL WHERE fk_member = ".((int) $this->id);
dol_syslog(get_class($this)."::setUserId", LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@ -1152,8 +1153,8 @@ class Adherent extends CommonObject
// Set link to user
if ($userid > 0) {
$sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".$this->id;
$sql .= " WHERE rowid = ".$userid;
$sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".((int) $this->id);
$sql .= " WHERE rowid = ".((int) $userid);
dol_syslog(get_class($this)."::setUserId", LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@ -1489,9 +1490,10 @@ class Adherent extends CommonObject
* @param string $emetteur_nom Name of cheque writer
* @param string $emetteur_banque Name of bank of cheque
* @param int $datesubend Date end subscription
* @param int $fk_type Member type id
* @return int rowid of record added, <0 if KO
*/
public function subscription($date, $amount, $accountid = 0, $operation = '', $label = '', $num_chq = '', $emetteur_nom = '', $emetteur_banque = '', $datesubend = 0)
public function subscription($date, $amount, $accountid = 0, $operation = '', $label = '', $num_chq = '', $emetteur_nom = '', $emetteur_banque = '', $datesubend = 0, $fk_type = null)
{
global $conf, $langs, $user;
@ -1522,6 +1524,7 @@ class Adherent extends CommonObject
$subscription->amount = $amount;
$subscription->note = $label; // deprecated
$subscription->note_public = $label;
$subscription->fk_type = $fk_type;
$rowid = $subscription->create($user);
if ($rowid > 0) {
@ -2279,7 +2282,7 @@ class Adherent extends CommonObject
$labelStatus = $langs->trans("MemberStatusResiliated");
$labelStatusShort = $langs->trans("MemberStatusResiliatedShort");
} elseif ($status == -2) {
$statusType = 'status8';
$statusType = 'status10';
$labelStatus = $langs->trans("MemberStatusExcluded");
$labelStatusShort = $langs->trans("MemberStatusExcludedShort");
}

9
htdocs/adherents/class/adherent_type.class.php
View File

@ -4,6 +4,7 @@
* Copyright (C) 2009-2017 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2016 Charlie Benke <charlie@patas-monkey.com>
* Copyright (C) 2018-2019 Thibault Foucart <support@ptibogxiv.net>
* Copyright (C) 2021 Waël Almoman <info@almoman.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -176,7 +177,7 @@ class AdherentType extends CommonObject
$sql = "SELECT rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."adherent_type_lang";
$sql .= " WHERE fk_type=".$this->id;
$sql .= " AND lang='".$key."'";
$sql .= " AND lang = '".$this->db->escape($key)."'";
$result = $this->db->query($sql);
@ -202,7 +203,7 @@ class AdherentType extends CommonObject
$sql = "SELECT rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."adherent_type_lang";
$sql .= " WHERE fk_type=".$this->id;
$sql .= " AND lang='".$key."'";
$sql .= " AND lang = '".$this->db->escape($key)."'";
$result = $this->db->query($sql);
@ -424,7 +425,7 @@ class AdherentType extends CommonObject
$error = 0;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent_type";
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
@ -552,7 +553,7 @@ class AdherentType extends CommonObject
$sql = "SELECT a.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."adherent as a";
$sql .= " WHERE a.entity IN (".getEntity('member').")";
$sql .= " AND a.fk_adherent_type = ".$this->id;
$sql .= " AND a.fk_adherent_type = ".((int) $this->id);
if (!empty($excludefilter)) {
$sql .= ' AND ('.$excludefilter.')';
}

2
htdocs/adherents/class/adherentstats.class.php
View File

@ -72,7 +72,7 @@ class AdherentStats extends Stats
$this->where .= " AND p.fk_adherent = m.rowid AND m.entity IN (".getEntity('adherent').")";
//if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
if ($this->memberid) {
$this->where .= " AND m.rowid = ".$this->memberid;
$this->where .= " AND m.rowid = ".((int) $this->memberid);
}
//if ($this->userid > 0) $this->where.=' AND fk_user_author = '.$this->userid;
}

32
htdocs/adherents/document.php
View File

@ -42,9 +42,6 @@ $ref = GETPOST('ref', 'alphanohtml');
$action = GETPOST('action', 'aZ09');
$confirm = GETPOST('confirm', 'alpha');
// Security check
$result = restrictedArea($user, 'adherent', $id);
// Get parameters
$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST("sortfield", 'alpha');
@ -63,8 +60,6 @@ if (!$sortfield) {
$sortfield = "name";
}
$form = new Form($db);
$object = new Adherent($db);
$membert = new AdherentType($db);
$result = $object->fetch($id, $ref);
@ -74,6 +69,33 @@ if ($result < 0) {
}
$upload_dir = $conf->adherent->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'member');
// Fetch object
if ($id > 0 || !empty($ref)) {
// Load member
$result = $object->fetch($id, $ref);
// Define variables to know what current user can do on users
$canadduser = ($user->admin || $user->rights->user->user->creer);
// Define variables to know what current user can do on properties of user linked to edited member
if ($object->user_id) {
// $User is the user who edits, $object->user_id is the id of the related user in the edited member
$caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer)
|| (($user->id != $object->user_id) && $user->rights->user->user->creer));
$caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password)
|| (($user->id != $object->user_id) && $user->rights->user->user->password));
}
}
// Define variables to determine what the current user can do on the members
$canaddmember = $user->rights->adherent->creer;
// Define variables to determine what the current user can do on the properties of a member
if ($id) {
$caneditfieldmember = $user->rights->adherent->creer;
}
// Security check
$result = restrictedArea($user, 'adherent', $object->id, '', '', 'socid', 'rowid', 0);
/*
* Actions

21
htdocs/adherents/htpasswd.php
View File

@ -26,7 +26,16 @@
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
$status = GETPOST('status', 'int');
$cotis = GETPOST('cotis', 'int');
$sortfield = GETPOST('sortfield', 'alphanohtml');
$sortorder = GETPOST('sortorder', 'aZ09');
// Security check
if (empty($conf->adherent->enabled)) {
accessforbidden();
}
if (!$user->rights->adherent->export) {
accessforbidden();
}
@ -46,19 +55,10 @@ if (empty($sortorder)) {
if (empty($sortfield)) {
$sortfield = "d.login";
}
if (!isset($statut)) {
$statut = 1;
}
if (!isset($cotis)) {
// by default, members must be up to date of subscription
$cotis = 1;
}
$sql = "SELECT d.login, d.pass, d.datefin";
$sql .= " FROM ".MAIN_DB_PREFIX."adherent as d ";
$sql .= " WHERE d.statut = ".$statut;
$sql .= " WHERE d.statut = ".((int) $status);
if ($cotis == 1) {
$sql .= " AND datefin > '".$db->idate($now)."'";
}
@ -70,6 +70,7 @@ if ($resql) {
$num = $db->num_rows($resql);
$i = 0;
$param = '';
print_barre_liste($langs->trans("HTPasswordExport"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', 0);
print "<hr>\n";

3
htdocs/adherents/index.php
View File

@ -5,6 +5,7 @@
* Copyright (C) 2005-2012 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2019 Nicolas ZABOURI <info@inovea-conseil.com>
* Copyright (C) 2021 Frédéric France <frederic.france@netlgic.fr>
* Copyright (C) 2021 Waël Almoman <info@almoman.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -233,7 +234,7 @@ if ($conf->use_javascript_ajax) {
include_once DOL_DOCUMENT_ROOT.'/core/class/dolgraph.class.php';
$dolgraph = new DolGraph();
$dolgraph->SetData($dataseries);
$dolgraph->SetDataColor(array($badgeStatus1, $badgeStatus4, $badgeStatus8, $badgeStatus6, '-'.$badgeStatus0));
$dolgraph->SetDataColor(array($badgeStatus1, $badgeStatus4, '-'.$badgeStatus8, $badgeStatus6, '-'.$badgeStatus0));
$dolgraph->setShowLegend(2);
$dolgraph->setShowPercent(1);
$dolgraph->SetType(array('pie'));

33
htdocs/adherents/ldap.php
View File

@ -32,7 +32,8 @@ require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent_type.class.php';
// Load translation files required by the page
$langs->loadLangs(array("companies", "members", "ldap", "admin"));
$rowid = GETPOST('id', 'int');
$id = GETPOST('id', 'int');
$ref = GETPOST('ref', 'alphanohtml');
$action = GETPOST('action', 'aZ09');
// Protection
@ -42,12 +43,34 @@ if ($user->socid > 0) {
}
$object = new Adherent($db);
$result = $object->fetch($rowid);
if (!$result) {
dol_print_error($db, "Failed to get adherent: ".$object->error);
exit;
// Fetch object
if ($id > 0 || !empty($ref)) {
// Load member
$result = $object->fetch($id, $ref);
// Define variables to know what current user can do on users
$canadduser = ($user->admin || $user->rights->user->user->creer);
// Define variables to know what current user can do on properties of user linked to edited member
if ($object->user_id) {
// $User is the user who edits, $object->user_id is the id of the related user in the edited member
$caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer)
|| (($user->id != $object->user_id) && $user->rights->user->user->creer));
$caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password)
|| (($user->id != $object->user_id) && $user->rights->user->user->password));
}
}
// Define variables to determine what the current user can do on the members
$canaddmember = $user->rights->adherent->creer;
// Define variables to determine what the current user can do on the properties of a member
if ($id) {
$caneditfieldmember = $user->rights->adherent->creer;
}
// Security check
$result = restrictedArea($user, 'adherent', $object->id, '', '', 'socid', 'rowid', 0);
/*
* Actions

6
htdocs/adherents/list.php
View File

@ -302,13 +302,13 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s on (s.rowid = d.fk_soc)";
$sql .= ", ".MAIN_DB_PREFIX."adherent_type as t";
$sql .= " WHERE d.fk_adherent_type = t.rowid ";
if ($catid > 0) {
$sql .= " AND cm.fk_categorie = ".$db->escape($catid);
$sql .= " AND cm.fk_categorie = ".((int) $catid);
}
if ($catid == -2) {
$sql .= " AND cm.fk_categorie IS NULL";
}
if ($search_categ > 0) {
$sql .= " AND cm.fk_categorie = ".$db->escape($search_categ);
$sql .= " AND cm.fk_categorie = ".((int) $search_categ);
}
if ($search_categ == -2) {
$sql .= " AND cm.fk_categorie IS NULL";
@ -379,7 +379,7 @@ if ($search_phone_mobile) {
$sql .= natural_search("d.phone_mobile", $search_phone_mobile);
}
if ($search_country) {
$sql .= " AND d.country IN (".$search_country.')';
$sql .= " AND d.country IN (".$db->sanitize($search_country).')';
}
// Add where from extra fields

34
htdocs/adherents/note.php
View File

@ -33,9 +33,7 @@ $langs->loadLangs(array("companies", "members", "bills"));
$action = GETPOST('action', 'aZ09');
$id = GETPOST('id', 'int');
// Security check
$result = restrictedArea($user, 'adherent', $id);
$ref = GETPOST('ref', 'alphanohtml');
$object = new Adherent($db);
$result = $object->fetch($id);
@ -46,6 +44,34 @@ if ($result > 0) {
$permissionnote = $user->rights->adherent->creer; // Used by the include of actions_setnotes.inc.php
// Fetch object
if ($id > 0 || !empty($ref)) {
// Load member
$result = $object->fetch($id, $ref);
// Define variables to know what current user can do on users
$canadduser = ($user->admin || $user->rights->user->user->creer);
// Define variables to know what current user can do on properties of user linked to edited member
if ($object->user_id) {
// $User is the user who edits, $object->user_id is the id of the related user in the edited member
$caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer)
|| (($user->id != $object->user_id) && $user->rights->user->user->creer));
$caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password)
|| (($user->id != $object->user_id) && $user->rights->user->user->password));
}
}
// Define variables to determine what the current user can do on the members
$canaddmember = $user->rights->adherent->creer;
// Define variables to determine what the current user can do on the properties of a member
if ($id) {
$caneditfieldmember = $user->rights->adherent->creer;
}
// Security check
$result = restrictedArea($user, 'adherent', $object->id, '', '', 'socid', 'rowid', 0);
/*
* Actions
*/
@ -71,7 +97,7 @@ if ($id) {
print dol_get_fiche_head($head, 'note', $langs->trans("Member"), -1, 'user');
print "<form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\">";
print '<form method="POST" action="'.$_SERVER['PHP_SELF'].'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
$linkback = '<a href="'.DOL_URL_ROOT.'/adherents/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';

2
htdocs/adherents/stats/geo.php
View File

@ -244,7 +244,7 @@ if ($mode && !count($data)) {
if (count($arrayjs) && $mode == 'memberbycountry') {
$color_file = DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/theme_vars.inc.php';
if (is_readable($color_file)) {
include_once $color_file;
include $color_file;
}
// Assume we've already included the proper headers so just call our script inline

111
htdocs/adherents/subscription.php
View File

@ -42,8 +42,11 @@ $langs->loadLangs(array("companies", "bills", "members", "users", "mails", 'othe
$action = GETPOST('action', 'aZ09');
$confirm = GETPOST('confirm', 'alpha');
$rowid = GETPOST('rowid', 'int') ?GETPOST('rowid', 'int') : GETPOST('id', 'int');
$id = GETPOST('rowid', 'int') ?GETPOST('rowid', 'int') : GETPOST('id', 'int');
$rowid = $id;
$ref = GETPOST('ref', 'alphanohtml');
$typeid = GETPOST('typeid', 'int');
$cancel = GETPOST('cancel');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
@ -65,10 +68,6 @@ if (!$sortorder) {
$sortorder = "DESC";
}
// Security check
$result = restrictedArea($user, 'adherent', $rowid, '', 'cotisation');
$object = new Adherent($db);
$extrafields = new ExtraFields($db);
$adht = new AdherentType($db);
@ -81,29 +80,6 @@ $errmsg = '';
$defaultdelay = 1;
$defaultdelayunit = 'y';
if ($rowid) {
// Load member
$result = $object->fetch($rowid);
// Define variables to know what current user can do on users
$canadduser = ($user->admin || $user->rights->user->user->creer);
// Define variables to know what current user can do on properties of user linked to edited member
if ($object->user_id) {
// $user is the user editing, $object->user_id is the user's id linked to the edited member
$caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer)
|| (($user->id != $object->user_id) && $user->rights->user->user->creer));
$caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password)
|| (($user->id != $object->user_id) && $user->rights->user->user->password));
}
}
// Define variables to know what current user can do on members
$canaddmember = $user->rights->adherent->creer;
// Define variables to know what current user can do on properties of a member
if ($rowid) {
$caneditfieldmember = $user->rights->adherent->creer;
}
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('subscription'));
@ -116,6 +92,33 @@ $datefrom = 0;
$dateto = 0;
$paymentdate = -1;
// Fetch object
if ($id > 0 || !empty($ref)) {
// Load member
$result = $object->fetch($id, $ref);
// Define variables to know what current user can do on users
$canadduser = ($user->admin || $user->rights->user->user->creer);
// Define variables to know what current user can do on properties of user linked to edited member
if ($object->user_id) {
// $User is the user who edits, $object->user_id is the id of the related user in the edited member
$caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer)
|| (($user->id != $object->user_id) && $user->rights->user->user->creer));
$caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password)
|| (($user->id != $object->user_id) && $user->rights->user->user->password));
}
}
// Define variables to determine what the current user can do on the members
$canaddmember = $user->rights->adherent->creer;
// Define variables to determine what the current user can do on the properties of a member
if ($id) {
$caneditfieldmember = $user->rights->adherent->creer;
}
// Security check
$result = restrictedArea($user, 'adherent', $object->id, '', '', 'socid', 'rowid', 0);
/*
* Actions
@ -148,19 +151,18 @@ if (empty($reshook) && $action == 'confirm_create_thirdparty' && $confirm == 'ye
if (empty($reshook) && $action == 'setuserid' && ($user->rights->user->self->creer || $user->rights->user->user->creer)) {
$error = 0;
if (empty($user->rights->user->user->creer)) { // If can edit only itself user, we can link to itself only
if ($_POST["userid"] != $user->id && $_POST["userid"] != $object->user_id) {
if (GETPOST("userid", 'int') != $user->id && GETPOST("userid", 'int') != $object->user_id) {
$error++;
setEventMessages($langs->trans("ErrorUserPermissionAllowsToLinksToItselfOnly"), null, 'errors');
}
}
if (!$error) {
if ($_POST["userid"] != $object->user_id) { // If link differs from currently in database
$result = $object->setUserId($_POST["userid"]);
if (GETPOST("userid", 'int') != $object->user_id) { // If link differs from currently in database
$result = $object->setUserId(GETPOST("userid", 'int'));
if ($result < 0) {
dol_print_error('', $object->error);
}
$_POST['action'] = '';
$action = '';
}
}
@ -190,14 +192,13 @@ if (empty($reshook) && $action == 'setsocid') {
if ($result < 0) {
dol_print_error('', $object->error);
}
$_POST['action'] = '';
$action = '';
}
}
}
}
if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !$_POST["cancel"]) {
if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !$cancel) {
$error = 0;
$langs->load("banks");
@ -209,25 +210,25 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
$datesubscription = 0;
$datesubend = 0;
$paymentdate = 0;
if ($_POST["reyear"] && $_POST["remonth"] && $_POST["reday"]) {
$datesubscription = dol_mktime(0, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]);
if (GETPOST("reyear", "int") && GETPOST("remonth", "int") && GETPOST("reday", "int")) {
$datesubscription = dol_mktime(0, 0, 0, GETPOST("remonth", "int"), GETPOST("reday", "int"), GETPOST("reyear", "int"));
}
if ($_POST["endyear"] && $_POST["endmonth"] && $_POST["endday"]) {
$datesubend = dol_mktime(0, 0, 0, $_POST["endmonth"], $_POST["endday"], $_POST["endyear"]);
if (GETPOST("endyear", 'int') && GETPOST("endmonth", 'int') && GETPOST("endday", 'int')) {
$datesubend = dol_mktime(0, 0, 0, GETPOST("endmonth", 'int'), GETPOST("endday", 'int'), GETPOST("endyear", 'int'));
}
if ($_POST["paymentyear"] && $_POST["paymentmonth"] && $_POST["paymentday"]) {
$paymentdate = dol_mktime(0, 0, 0, $_POST["paymentmonth"], $_POST["paymentday"], $_POST["paymentyear"]);
if (GETPOST("paymentyear", 'int') && GETPOST("paymentmonth", 'int') && GETPOST("paymentday", 'int')) {
$paymentdate = dol_mktime(0, 0, 0, GETPOST("paymentmonth", 'int'), GETPOST("paymentday", 'int'), GETPOST("paymentyear", 'int'));
}
$amount = price2num(GETPOST("subscription", 'alpha')); // Amount of subscription
$label = $_POST["label"];
$label = GETPOST("label");
// Payment informations
$accountid = $_POST["accountid"];
$operation = $_POST["operation"]; // Payment mode
$accountid = GETPOST("accountid", 'int');
$operation = GETPOST("operation", "alphanohtml"); // Payment mode
$num_chq = GETPOST("num_chq", "alphanohtml");
$emetteur_nom = $_POST["chqemetteur"];
$emetteur_banque = $_POST["chqbank"];
$option = $_POST["paymentsave"];
$emetteur_nom = GETPOST("chqemetteur");
$emetteur_banque = GETPOST("chqbank");
$option = GETPOST("paymentsave");
if (empty($option)) {
$option = 'none';
}
@ -267,19 +268,19 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
$error++;
$action = 'addsubscription';
} else {
if (!empty($conf->banque->enabled) && $_POST["paymentsave"] != 'none') {
if ($_POST["subscription"]) {
if (!$_POST["label"]) {
if (!empty($conf->banque->enabled) && GETPOST("paymentsave") != 'none') {
if (GETPOST("subscription")) {
if (!GETPOST("label")) {
$errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("Label"));
}
if ($_POST["paymentsave"] != 'invoiceonly' && !$_POST["operation"]) {
if (GETPOST("paymentsave") != 'invoiceonly' && !GETPOST("operation")) {
$errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode"));
}
if ($_POST["paymentsave"] != 'invoiceonly' && !($_POST["accountid"] > 0)) {
if (GETPOST("paymentsave") != 'invoiceonly' && !(GETPOST("accountid", 'int') > 0)) {
$errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("FinancialAccount"));
}
} else {
if ($_POST["accountid"]) {
if (GETPOST("accountid")) {
$errmsg = $langs->trans("ErrorDoNotProvideAccountsIfNullAmount");
}
}
@ -453,7 +454,8 @@ if ($optioncss != '') {
if ($rowid > 0) {
$res = $object->fetch($rowid);
if ($res < 0) {
dol_print_error($db, $object->error); exit;
dol_print_error($db, $object->error);
exit;
}
$adht->fetch($object->typeid);
@ -847,7 +849,7 @@ if ($rowid > 0) {
});
';
if (GETPOST('paymentsave')) {
print '$("#'.GETPOST('paymentsave').'").prop("checked",true);';
print '$("#'.GETPOST('paymentsave', 'aZ09').'").prop("checked", true);';
}
print '});';
print '</script>'."\n";
@ -1038,6 +1040,7 @@ if ($rowid > 0) {
// Bank account
print '<tr class="bankswitchclass"><td class="fieldrequired">'.$langs->trans("FinancialAccount").'</td><td>';
print img_picto('', 'bank_account');
$form->select_comptes(GETPOST('accountid'), 'accountid', 0, '', 2);
print "</td></tr>\n";

11
htdocs/adherents/subscription/list.php
View File

@ -191,7 +191,7 @@ if ($search_note) {
$sql .= natural_search('c.note', $search_note);
}
if ($search_account > 0) {
$sql .= " AND b.fk_account = ".urldecode($search_account);
$sql .= " AND b.fk_account = ".((int) $search_account);
}
if ($search_amount) {
$sql .= natural_search('c.subscription', $search_amount, 1);
@ -496,11 +496,14 @@ while ($i < min($num, $limit)) {
$adherent->morphy = $obj->morphy;
$adherent->email = $obj->email;
$adherent->typeid = $obj->type;
$adherent->datefin = $db->jdate($obj->datef);
$typeid = ($obj->fk_type > 0 ? $obj->fk_type : $adherent->typeid);
$adht = new AdherentType($db);
$adht->fetch($typeid);
$adherent->need_subscription = $adht->subscription;
print '<tr class="oddeven">';
// Ref
@ -547,8 +550,8 @@ while ($i < min($num, $limit)) {
// Label
if (!empty($arrayfields['t.libelle']['checked'])) {
print '<td>';
print dol_trunc($obj->note, 128);
print '<td class="tdoverflowmax500" title="'.dol_escape_htmltag($obj->note).'">';
print $obj->note;
print '</td>';
if (!$i) {
$totalarray['nbfield']++;
@ -586,7 +589,7 @@ while ($i < min($num, $limit)) {
}
// Price
if (!empty($arrayfields['d.amount']['checked'])) {
print '<td class="right">'.price($obj->subscription).'</td>';
print '<td class="right amount">'.price($obj->subscription).'</td>';
if (!$i) {
$totalarray['nbfield']++;
}

4
htdocs/adherents/type_translation.php
View File

@ -15,8 +15,8 @@
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
* or see http://www.gnu.org/
* along with this program. If not, see <https://www.gnu.org/licenses/>.
* or see https://www.gnu.org/
*/
/**

99
htdocs/adherents/vcard.php
View File

@ -30,71 +30,100 @@ require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php';
require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/vcard.class.php';
$adherent = new adherent($db);
$id = GETPOST('id', 'int');
$ref = GETPOST('ref', 'alphanohtml');
$object = new adherent($db);
// Fetch object
if ($id > 0 || !empty($ref)) {
// Load member
$result = $object->fetch($id, $ref);
// Define variables to know what current user can do on users
$canadduser = ($user->admin || $user->rights->user->user->creer);
// Define variables to know what current user can do on properties of user linked to edited member
if ($object->user_id) {
// $User is the user who edits, $object->user_id is the id of the related user in the edited member
$caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer)
|| (($user->id != $object->user_id) && $user->rights->user->user->creer));
$caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password)
|| (($user->id != $object->user_id) && $user->rights->user->user->password));
}
}
// Define variables to determine what the current user can do on the members
$canaddmember = $user->rights->adherent->creer;
// Define variables to determine what the current user can do on the properties of a member
if ($id) {
$caneditfieldmember = $user->rights->adherent->creer;
}
// Security check
$result = restrictedArea($user, 'adherent', $id, '', '', 'socid', 'rowid', $objcanvas);
$result = restrictedArea($user, 'adherent', $object->id, '', '', 'socid', 'rowid', 0);
$result = $adherent->fetch($id);
if ($result <= 0) {
dol_print_error($adherent->error);
exit;
}
/*
* Actions
*/
$physicalperson = 1;
// None
/*
* View
*/
$company = new Societe($db);
if ($adherent->socid) {
$result = $company->fetch($adherent->socid);
if ($object->socid) {
$result = $company->fetch($object->socid);
}
// We create VCard
$v = new vCard();
$v->setProdId('Dolibarr '.DOL_VERSION);
$v->setUid('DOLIBARR-ADHERENTID-'.$adherent->id);
$v->setName($adherent->lastname, $adherent->firstname, "", $adherent->civility, "");
$v->setFormattedName($adherent->getFullName($langs, 1));
$v->setUid('DOLIBARR-ADHERENTID-'.$object->id);
$v->setName($object->lastname, $object->firstname, "", $object->civility, "");
$v->setFormattedName($object->getFullName($langs, 1));
$v->setPhoneNumber($adherent->phone_pro, "TYPE=WORK;VOICE");
//$v->setPhoneNumber($adherent->phone_perso,"TYPE=HOME;VOICE");
$v->setPhoneNumber($adherent->phone_mobile, "TYPE=CELL;VOICE");
$v->setPhoneNumber($adherent->fax, "TYPE=WORK;FAX");
$v->setPhoneNumber($object->phone_pro, "TYPE=WORK;VOICE");
//$v->setPhoneNumber($object->phone_perso,"TYPE=HOME;VOICE");
$v->setPhoneNumber($object->phone_mobile, "TYPE=CELL;VOICE");
$v->setPhoneNumber($object->fax, "TYPE=WORK;FAX");
$country = $adherent->country_code ? $adherent->country : '';
$country = $object->country_code ? $object->country : '';
$v->setAddress("", "", $adherent->address, $adherent->town, $adherent->state, $adherent->zip, $country, "TYPE=WORK;POSTAL");
$v->setLabel("", "", $adherent->address, $adherent->town, $adherent->state, $adherent->zip, $country, "TYPE=WORK");
$v->setAddress("", "", $object->address, $object->town, $object->state, $object->zip, $country, "TYPE=WORK;POSTAL");
$v->setLabel("", "", $object->address, $object->town, $object->state, $object->zip, $country, "TYPE=WORK");
$v->setEmail($adherent->email);
$v->setNote($adherent->note_public);
$v->setTitle($adherent->poste);
$v->setEmail($object->email);
$v->setNote($object->note_public);
$v->setTitle($object->poste);
// Data from linked company
if ($company->id) {
$v->setURL($company->url, "TYPE=WORK");
if (!$adherent->phone_pro) {
if (!$object->phone_pro) {
$v->setPhoneNumber($company->phone, "TYPE=WORK;VOICE");
}
if (!$adherent->fax) {
if (!$object->fax) {
$v->setPhoneNumber($company->fax, "TYPE=WORK;FAX");
}
if (!$adherent->zip) {
if (!$object->zip) {
$v->setAddress("", "", $company->address, $company->town, $company->state, $company->zip, $company->country, "TYPE=WORK;POSTAL");
}
// when company e-mail is empty, use only adherent e-mail
if (empty(trim($company->email))) {
// was set before, don't set twice
} elseif (empty(trim($adherent->email))) {
} elseif (empty(trim($object->email))) {
// when adherent e-mail is empty, use only company e-mail
$v->setEmail($company->email);
} elseif (strtolower(end(explode("@", $adherent->email))) == strtolower(end(explode("@", $company->email)))) {
} elseif (strtolower(end(explode("@", $object->email))) == strtolower(end(explode("@", $company->email)))) {
// when e-mail domain of adherent and company are the same, use adherent e-mail at first (and company e-mail at second)
$v->setEmail($adherent->email);
$v->setEmail($object->email);
// support by Microsoft Outlook (2019 and possible earlier)
$v->setEmail($company->email, 'INTERNET');
@ -103,7 +132,7 @@ if ($company->id) {
$v->setEmail($company->email);
// support by Microsoft Outlook (2019 and possible earlier)
$v->setEmail($adherent->email, 'INTERNET');
$v->setEmail($object->email, 'INTERNET');
}
// Si adherent lie a un tiers non de type "particulier"
@ -113,9 +142,9 @@ if ($company->id) {
}
// Personal informations
$v->setPhoneNumber($adherent->phone_perso, "TYPE=HOME;VOICE");
if ($adherent->birth) {
$v->setBirthday($adherent->birth);
$v->setPhoneNumber($object->phone_perso, "TYPE=HOME;VOICE");
if ($object->birth) {
$v->setBirthday($object->birth);
}
$db->close();

6
htdocs/admin/boxes.php
View File

@ -49,8 +49,8 @@ $boxes = array();
*/
if ($action == 'addconst') {
dolibarr_set_const($db, "MAIN_BOXES_MAXLINES", $_POST["MAIN_BOXES_MAXLINES"], '', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_ACTIVATE_FILECACHE", $_POST["MAIN_ACTIVATE_FILECACHE"], 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_BOXES_MAXLINES", GETPOST("MAIN_BOXES_MAXLINES", 'int'), '', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_ACTIVATE_FILECACHE", GETPOST("MAIN_ACTIVATE_FILECACHE", 'alpha'), 'chaine', 0, '', $conf->entity);
}
if ($action == 'add') {
@ -93,7 +93,7 @@ if ($action == 'add') {
$arrayofexistingboxid = array();
$nbboxonleft = $nbboxonright = 0;
$sql = "SELECT box_id, box_order FROM ".MAIN_DB_PREFIX."boxes";
$sql .= " WHERE position = ".$pos." AND fk_user = ".$fk_user." AND entity = ".$conf->entity;
$sql .= " WHERE position = ".((int) $pos)." AND fk_user = ".((int) $fk_user)." AND entity = ".((int) $conf->entity);
dol_syslog("boxes.php activate box", LOG_DEBUG);
$resql = $db->query($sql);
if ($resql) {

8
htdocs/admin/company.php
View File

@ -211,7 +211,7 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha'))
dolibarr_set_const($db, "FACTURE_LOCAL_TAX1_OPTION", $uselocaltax1, 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "FACTURE_LOCAL_TAX2_OPTION", $uselocaltax2, 'chaine', 0, '', $conf->entity);
if ($_POST["optionlocaltax1"] == "localtax1on") {
if (GETPOST("optionlocaltax1") == "localtax1on") {
if (!GETPOSTISSET('lt1')) {
dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX1", 0, 'chaine', 0, '', $conf->entity);
} else {
@ -219,7 +219,7 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha'))
}
dolibarr_set_const($db, "MAIN_INFO_LOCALTAX_CALC1", GETPOST("clt1", 'aZ09'), 'chaine', 0, '', $conf->entity);
}
if ($_POST["optionlocaltax2"] == "localtax2on") {
if (GETPOST("optionlocaltax2") == "localtax2on") {
if (!GETPOSTISSET('lt2')) {
dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX2", 0, 'chaine', 0, '', $conf->entity);
} else {
@ -288,8 +288,8 @@ if ($action == 'addthumb' || $action == 'addthumbsquarred') { // Regenerate thu
} else {
$error++;
$langs->load("errors");
setEventMessages($langs->trans("ErrorFileDoesNotExists", $_GET["file"]), null, 'errors');
dol_syslog($langs->transnoentities("ErrorFileDoesNotExists", $_GET["file"]), LOG_WARNING);
setEventMessages($langs->trans("ErrorFileDoesNotExists", GETPOST("file")), null, 'errors');
dol_syslog($langs->transnoentities("ErrorFileDoesNotExists", GETPOST("file")), LOG_WARNING);
}
}

2
htdocs/admin/const.php
View File

@ -237,7 +237,7 @@ $sql .= ", note";
$sql .= ", tms";
$sql .= ", entity";
$sql .= " FROM ".MAIN_DB_PREFIX."const";
$sql .= " WHERE entity IN (".$user->entity.",".$conf->entity.")";
$sql .= " WHERE entity IN (".$db->sanitize($user->entity.",".$conf->entity).")";
if ((empty($user->entity) || $user->admin) && $debug) {
} elseif (!GETPOST('visible') || GETPOST('visible') != 'all') {
// to force for superadmin to debug

2
htdocs/admin/delais.php
View File

@ -181,7 +181,7 @@ if ($action == 'update') {
}
}
dolibarr_set_const($db, "MAIN_DISABLE_METEO", $_POST["MAIN_DISABLE_METEO"], 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_DISABLE_METEO", GETPOST("MAIN_DISABLE_METEO"), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_USE_METEO_WITH_PERCENTAGE", GETPOST("MAIN_USE_METEO_WITH_PERCENTAGE"), 'chaine', 0, '', $conf->entity);
// For update value with percentage

38
htdocs/admin/dict.php
View File

@ -44,7 +44,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/accounting.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php';
// Load translation files required by the page
$langs->loadLangs(array("errors", "admin", "main", "companies", "resource", "holiday", "accountancy", "hrm", "orders", "contracts", "projects", "propal", "bills", "interventions"));
$langs->loadLangs(array("errors", "admin", "main", "companies", "resource", "holiday", "accountancy", "hrm", "orders", "contracts", "projects", "propal", "bills", "interventions", "ticket"));
$action = GETPOST('action', 'alpha') ?GETPOST('action', 'alpha') : 'view';
$confirm = GETPOST('confirm', 'alpha');
@ -788,7 +788,7 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) {
$msg .= $langs->transnoentities('ErrorFieldFormat', $langs->transnoentities('Code')).'<br>';
}*/
}
if (GETPOSTISSET("country") && ($_POST["country"] == '0') && ($id != 2)) {
if (GETPOSTISSET("country") && (GETPOST("country") == '0') && ($id != 2)) {
if (in_array($tablib[$id], array('DictionaryCompanyType', 'DictionaryHolidayTypes'))) { // Field country is no mandatory for such dictionaries
$_POST["country"] = '';
} else {
@ -796,25 +796,25 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) {
setEventMessages($langs->transnoentities("ErrorFieldRequired", $langs->transnoentities("Country")), null, 'errors');
}
}
if (($id == 3 || $id == 42) && !is_numeric($_POST["code"])) {
if (($id == 3 || $id == 42) && !is_numeric(GETPOST("code"))) {
$ok = 0;
setEventMessages($langs->transnoentities("ErrorFieldMustBeANumeric", $langs->transnoentities("Code")), null, 'errors');
}
// Clean some parameters
if ((!empty($_POST["localtax1_type"]) || ($_POST['localtax1_type'] == '0')) && empty($_POST["localtax1"])) {
if ((GETPOST("localtax1_type") || (GETPOST('localtax1_type') == '0')) && !GETPOST("localtax1")) {
$_POST["localtax1"] = '0'; // If empty, we force to 0
}
if ((!empty($_POST["localtax2_type"]) || ($_POST['localtax2_type'] == '0')) && empty($_POST["localtax2"])) {
if ((GETPOST("localtax2_type") || (GETPOST('localtax2_type') == '0')) && !GETPOST("localtax2")) {
$_POST["localtax2"] = '0'; // If empty, we force to 0
}
if ($_POST["accountancy_code"] <= 0) {
if (GETPOST("accountancy_code") <= 0) {
$_POST["accountancy_code"] = ''; // If empty, we force to null
}
if ($_POST["accountancy_code_sell"] <= 0) {
if (GETPOST("accountancy_code_sell") <= 0) {
$_POST["accountancy_code_sell"] = ''; // If empty, we force to null
}
if ($_POST["accountancy_code_buy"] <= 0) {
if (GETPOST("accountancy_code_buy") <= 0) {
$_POST["accountancy_code_buy"] = ''; // If empty, we force to null
}
if ($id == 10 && GETPOSTISSET("code")) { // Spaces are not allowed into code for tax dictionary
@ -1139,6 +1139,7 @@ if ($action == 'delete') {
}
//var_dump($elementList);
/*
* Show a dictionary
*/
@ -1397,6 +1398,9 @@ if ($id) {
if ($fieldlist[$field] == 'unit_type') {
$valuetoshow = $langs->trans('TypeOfUnit');
}
if ($fieldlist[$field] == 'public' && $tablib[$id] == 'TicketDictCategory') {
$valuetoshow = $langs->trans('TicketGroupIsPublic'); $class = 'center';
}
if ($id == 2) { // Special case for state page
if ($fieldlist[$field] == 'region_id') {
@ -1738,6 +1742,9 @@ if ($id) {
if ($fieldlist[$field] == 'unit_type') {
$valuetoshow = $langs->trans('TypeOfUnit');
}
if ($fieldlist[$field] == 'public' && $tablib[$id] == 'TicketDictCategory') {
$valuetoshow = $langs->trans('TicketGroupIsPublic'); $cssprefix = 'center ';
}
if ($fieldlist[$field] == 'region_id' || $fieldlist[$field] == 'country_id') {
$showfield = 0;
@ -1908,10 +1915,10 @@ if ($id) {
$showfield = 0;
} elseif ($fieldlist[$field] == 'unicode') {
$valuetoshow = $langs->getCurrencySymbol($obj->code, 1);
} elseif ($fieldlist[$field] == 'label' && $tabname[$_GET["id"]] == MAIN_DB_PREFIX.'c_units') {
} elseif ($fieldlist[$field] == 'label' && $tabname[GETPOST("id", 'int')] == MAIN_DB_PREFIX.'c_units') {
$langs->load("products");
$valuetoshow = $langs->trans($obj->{$fieldlist[$field]});
} elseif ($fieldlist[$field] == 'short_label' && $tabname[$_GET["id"]] == MAIN_DB_PREFIX.'c_units') {
} elseif ($fieldlist[$field] == 'short_label' && $tabname[GETPOST("id", 'int')] == MAIN_DB_PREFIX.'c_units') {
$langs->load("products");
$valuetoshow = $langs->trans($obj->{$fieldlist[$field]});
} elseif (($fieldlist[$field] == 'unit') && ($tabname[$id] == MAIN_DB_PREFIX.'c_paper_format')) {
@ -1984,6 +1991,9 @@ if ($id) {
if ($fieldlist[$field] == 'use_default') {
$class .= ' center';
}
if ($fieldlist[$field] == 'public') {
$class .= ' center';
}
// Show value for field
if ($showfield) {
print '<!-- '.$fieldlist[$field].' --><td class="'.$class.'">'.$valuetoshow.'</td>';
@ -2046,7 +2056,7 @@ if ($id) {
if ($id == 4) {
print '<td class="nowrap center">';
if ($iserasable) {
print '<a class="reposition" href="'.$url.'action='.$acts[$obj->favorite].'_favorite">'.$actl[$obj->favorite].'</a>';
print '<a class="reposition" href="'.$url.'action='.$acts[$obj->favorite].'_favorite&token='.newToken().'">'.$actl[$obj->favorite].'</a>';
} else {
print $langs->trans("AlwaysActive");
}
@ -2056,7 +2066,7 @@ if ($id) {
// Active
print '<td class="nowrap center">';
if ($canbedisabled) {
print '<a class="reposition" href="'.$url.'action='.$acts[$obj->active].'">'.$actl[$obj->active].'</a>';
print '<a class="reposition" href="'.$url.'action='.$acts[$obj->active].'&token='.newToken().'">'.$actl[$obj->active].'</a>';
} else {
if (in_array($obj->code, array('AC_OTH', 'AC_OTH_AUTO'))) {
print $langs->trans("AlwaysActive");
@ -2343,10 +2353,10 @@ function fieldList($fieldlist, $obj = '', $tabname = '', $context = '')
if ($fieldlist[$field] == 'code') {
$class = 'maxwidth100';
}
if (in_array($fieldlist[$field], array('dayrule', 'day', 'month', 'year', 'pos', 'use_default', 'affect', 'delay', 'position', 'sortorder', 'sens', 'category_type'))) {
if (in_array($fieldlist[$field], array('dayrule', 'day', 'month', 'year', 'pos', 'use_default', 'affect', 'delay', 'position', 'public', 'sortorder', 'sens', 'category_type'))) {
$class = 'maxwidth50 center';
}
if (in_array($fieldlist[$field], array('use_default'))) {
if (in_array($fieldlist[$field], array('use_default', 'public'))) {
$classtd = 'center';
}
if (in_array($fieldlist[$field], array('libelle', 'label', 'tracking'))) {

1
htdocs/admin/dolistore/ajax/index.html Normal file
View File

@ -0,0 +1 @@

6
htdocs/admin/dolistore/class/PSWebServiceLibrary.class.php
View File

@ -7,7 +7,7 @@
* This source file is subject to the Open Software License (OSL 3.0)
* that is bundled with this package in the file LICENSE.txt.
* It is also available through the world-wide-web at this URL:
* http://opensource.org/licenses/osl-3.0.php
* https://opensource.org/licenses/osl-3.0.php
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@prestashop.com so we can send you a copy immediately.
@ -16,11 +16,11 @@
*
* Do not edit or add to this file if you wish to upgrade PrestaShop to newer
* versions in the future. If you wish to customize PrestaShop for your
* needs please refer to http://www.prestashop.com for more information.
* needs please refer to https://www.prestashop.com for more information.
*
* @author PrestaShop SA <contact@prestashop.com>
* @copyright 2007-2013 PrestaShop SA
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
* @license https://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
* International Registered Trademark & Property of PrestaShop SA
* PrestaShop Webservice Library
* @package PrestaShopWebservice

75
htdocs/admin/eventorganization.php
View File

@ -52,12 +52,15 @@ $arrayofparameters = array(
'EVENTORGANIZATION_TASK_LABEL'=>array('type'=>'textarea','enabled'=>1),
'EVENTORGANIZATION_CATEG_THIRDPARTY_CONF'=>array('type'=>'category:'.Categorie::TYPE_CUSTOMER, 'enabled'=>1),
'EVENTORGANIZATION_CATEG_THIRDPARTY_BOOTH'=>array('type'=>'category:'.Categorie::TYPE_CUSTOMER, 'enabled'=>1),
//'EVENTORGANIZATION_FILTERATTENDEES_CAT'=>array('type'=>'category:'.Categorie::TYPE_CUSTOMER, 'enabled'=>1),
//'EVENTORGANIZATION_FILTERATTENDEES_TYPE'=>array('type'=>'thirdparty_type:', 'enabled'=>1),
'EVENTORGANIZATION_TEMPLATE_EMAIL_ASK_CONF'=>array('type'=>'emailtemplate:eventorganization_send', 'enabled'=>1),
'EVENTORGANIZATION_TEMPLATE_EMAIL_ASK_BOOTH'=>array('type'=>'emailtemplate:eventorganization_send', 'enabled'=>1),
'EVENTORGANIZATION_TEMPLATE_EMAIL_AFT_SUBS_BOOTH'=>array('type'=>'emailtemplate:eventorganization_send', 'enabled'=>1),
'EVENTORGANIZATION_TEMPLATE_EMAIL_AFT_SUBS_EVENT'=>array('type'=>'emailtemplate:eventorganization_send', 'enabled'=>1),
'EVENTORGANIZATION_TEMPLATE_EMAIL_BULK_SPEAKER'=>array('type'=>'emailtemplate:eventorganization_send', 'enabled'=>1),
'EVENTORGANIZATION_TEMPLATE_EMAIL_BULK_ATTENDES'=>array('type'=>'emailtemplate:eventorganization_send', 'enabled'=>1),
'EVENTORGANIZATION_SECUREKEY'=>array('type'=>'securekey', 'enabled'=>1),
);
$error = 0;
@ -72,6 +75,7 @@ if ((float) DOL_VERSION >= 6) {
include DOL_DOCUMENT_ROOT.'/core/actions_setmoduleoptions.inc.php';
}
if ($action == 'updateMask') {
$maskconstorder = GETPOST('maskconstorder', 'alpha');
$maskorder = GETPOST('maskorder', 'alpha');
@ -144,7 +148,7 @@ if ($action == 'updateMask') {
}
}
}
} elseif ($action == 'setdoc') {
}/* elseif ($action == 'setdoc') {
// Set or unset default model
$tmpobjectkey = GETPOST('object');
if (!empty($tmpobjectkey)) {
@ -167,7 +171,7 @@ if ($action == 'updateMask') {
$constforval = 'EVENTORGANIZATION_'.strtoupper($tmpobjectkey).'_ADDON_PDF';
dolibarr_del_const($db, $constforval, $conf->entity);
}
}
}*/
@ -177,7 +181,7 @@ if ($action == 'updateMask') {
$form = new Form($db);
$dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']);
//$dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']);
$page_name = "EventOrganizationSetup";
llxHeader('', $langs->trans($page_name));
@ -194,22 +198,21 @@ print dol_get_fiche_head($head, 'settings', $langs->trans($page_name), -1, 'even
// Setup page goes here
echo '<span class="opacitymedium">'.$langs->trans("EventOrganizationSetupPage").'</span><br><br>';
if ($action == 'edit') {
print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="update">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre"><td class="titlefield">'.$langs->trans("Parameter").'</td><td>'.$langs->trans("Value").'</td></tr>';
print '<tr class="liste_titre"><td class="titlefieldcreate">'.$langs->trans("Parameter").'</td><td>'.$langs->trans("Value").'</td></tr>';
foreach ($arrayofparameters as $constname => $val) {
if ($val['enabled']==1) {
$setupnotempty++;
print '<tr class="oddeven"><td>';
$tooltiphelp = (($langs->trans($constname . 'Tooltip') != $constname . 'Tooltip') ? $langs->trans($constname . 'Tooltip') : '');
print '<span id="helplink'.$constname.'" class="spanforparamtooltip">'.$form->textwithpicto($langs->trans($constname), $tooltiphelp, 1, 'info', '', 0, 3, 'tootips'.$constname).'</span>';
print '</td><td>';
if ($val['enabled']==1) {
$setupnotempty++;
print '<tr class="oddeven"><td>';
$tooltiphelp = (($langs->trans($constname . 'Tooltip') != $constname . 'Tooltip') ? $langs->trans($constname . 'Tooltip') : '');
print '<span id="helplink'.$constname.'" class="spanforparamtooltip">'.$form->textwithpicto($langs->trans($constname), $tooltiphelp, 1, 'info', '', 0, 3, 'tootips'.$constname).'</span>';
print '</td><td>';
if ($val['type'] == 'textarea') {
print '<textarea class="flat" name="'.$constname.'" id="'.$constname.'" cols="50" rows="5" wrap="soft">' . "\n";
@ -249,6 +252,30 @@ if ($action == 'edit') {
$tmp = explode(':', $val['type']);
print img_picto('', 'category', 'class="pictofixedwidth"');
print $formother->select_categories($tmp[1], $conf->global->{$constname}, $constname, 0, $langs->trans('CustomersProspectsCategoriesShort'));
} elseif (preg_match('/thirdparty_type/', $val['type'])) {
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
$formcompany = new FormCompany($db);
print $formcompany->selectProspectCustomerType($conf->global->{$constname}, $constname);
} elseif ($val['type'] == 'securekey') {
print '<input required="required" type="text" class="flat" id="'.$constname.'" name="'.$constname.'" value="'.(GETPOST($constname, 'alpha') ?GETPOST($constname, 'alpha') : $conf->global->{$constname}).'" size="40">';
if (!empty($conf->use_javascript_ajax)) {
print '&nbsp;'.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_token'.$constname.'" class="linkobject"');
}
if (!empty($conf->use_javascript_ajax)) {
print "\n".'<script type="text/javascript">';
print '$(document).ready(function () {
$("#generate_token'.$constname.'").click(function() {
$.get( "'.DOL_URL_ROOT.'/core/ajax/security.php", {
action: \'getrandompassword\',
generic: true
},
function(token) {
$("#'.$constname.'").val(token);
});
});
});';
print '</script>';
}
} else {
print '<input name="'.$constname.'" class="flat '.(empty($val['css']) ? 'minwidth200' : $val['css']).'" value="'.$conf->global->{$constname}.'">';
}
@ -266,7 +293,7 @@ if ($action == 'edit') {
} else {
if (!empty($arrayofparameters)) {
print '<table class="noborder centpercent">';
print '<tr class="liste_titre"><td class="titlefield">'.$langs->trans("Parameter").'</td><td>'.$langs->trans("Value").'</td></tr>';
print '<tr class="liste_titre"><td class="titlefieldcreate">'.$langs->trans("Parameter").'</td><td>'.$langs->trans("Value").'</td></tr>';
foreach ($arrayofparameters as $constname => $val) {
if ($val['enabled']==1) {
@ -309,6 +336,16 @@ if ($action == 'edit') {
}
print '<div class="select2-container-multi-dolibarr" style="width: 90%;"><ul class="select2-choices-dolibarr">' . implode(' ', $toprint) . '</ul></div>';
}
} elseif (preg_match('/thirdparty_type/', $val['type'])) {
if ($conf->global->{$constname}==2) {
print $langs->trans("Prospect");
} elseif ($conf->global->{$constname}==3) {
print $langs->trans("ProspectCustomer");
} elseif ($conf->global->{$constname}==1) {
print $langs->trans("Customer");
} elseif ($conf->global->{$constname}==0) {
print $langs->trans("NorProspectNorCustomer");
}
} else {
print $conf->global->{$constname};
}
@ -327,7 +364,7 @@ if ($action == 'edit') {
}
$moduledir = 'eventorganization';
/*$moduledir = 'eventorganization';
$myTmpObjects = array();
$myTmpObjects['MyObject'] = array('includerefgeneration'=>0, 'includedocgeneration'=>0);
@ -337,9 +374,6 @@ foreach ($myTmpObjects as $myTmpObjectKey => $myTmpObjectArray) {
continue;
}
if ($myTmpObjectArray['includerefgeneration']) {
/*
* Orders Numbering model
*/
$setupnotempty++;
print load_fiche_titre($langs->trans("NumberingModules", $myTmpObjectKey), '', '');
@ -444,9 +478,7 @@ foreach ($myTmpObjects as $myTmpObjectKey => $myTmpObjectArray) {
}
if ($myTmpObjectArray['includedocgeneration']) {
/*
* Document templates generators
*/
$setupnotempty++;
$type = strtolower($myTmpObjectKey);
@ -588,10 +620,7 @@ foreach ($myTmpObjects as $myTmpObjectKey => $myTmpObjectArray) {
print '</table>';
}
}
if (empty($setupnotempty)) {
print '<br>'.$langs->trans("NothingToSetup");
}
*/
// Page end
print dol_get_fiche_end();

113
htdocs/admin/eventorganization_confboothattendee_extrafields.php Normal file
View File

@ -0,0 +1,113 @@
<?php
/* Copyright (C) 2001-2002 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2003 Jean-Louis Bergamo <jlb@j1b.org>
* Copyright (C) 2004-2011 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2012 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2014 Florian Henry <florian.henry@open-concept.pro>
* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
/**
* \file admin/conferenceorboothattendee_extrafields.php
* \ingroup eventorganization
* \brief Page to setup extra fields of conferenceorboothattendee
*/
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/eventorganization.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php';
// Load translation files required by the page
$langs->loadLangs(array('eventorganization', 'admin'));
$extrafields = new ExtraFields($db);
$form = new Form($db);
// List of supported format
$tmptype2label = ExtraFields::$type2label;
$type2label = array('');
foreach ($tmptype2label as $key => $val) {
$type2label[$key] = $langs->transnoentitiesnoconv($val);
}
$action = GETPOST('action', 'aZ09');
$attrname = GETPOST('attrname', 'alpha');
$elementtype = 'eventorganization_conferenceorboothattendee'; //Must be the $table_element of the class that manage extrafield
if (!$user->admin) {
accessforbidden();
}
/*
* Actions
*/
require DOL_DOCUMENT_ROOT.'/core/actions_extrafields.inc.php';
/*
* View
*/
llxHeader('', $langs->trans("EventOrganizationSetup"), $help_url);
$linkback = '<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_values=1">'.$langs->trans("BackToModuleList").'</a>';
print load_fiche_titre($langs->trans("EventOrganizationSetup"), $linkback, 'title_setup');
$head = eventorganizationAdminPrepareHead();
print dol_get_fiche_head($head, 'conferenceorboothattendee_extrafields', $langs->trans("ConferenceOrBoothAttendeeExtraFields"), -1, 'account');
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_view.tpl.php';
print dol_get_fiche_end();
// Buttons
if ($action != 'create' && $action != 'edit') {
print '<div class="tabsAction">';
print "<a class=\"butAction\" href=\"".$_SERVER["PHP_SELF"]."?action=create#newattrib\">".$langs->trans("NewAttribute")."</a>";
print "</div>";
}
/*
* Creation of an optional field
*/
if ($action == 'create') {
print '<br><div id="newattrib"></div>';
print load_fiche_titre($langs->trans('NewAttribute'));
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/*
* Edition of an optional field
*/
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_edit.tpl.php';
}
// End of page
llxFooter();
$db->close();

30
htdocs/admin/external_rss.php
View File

@ -41,7 +41,6 @@ if (!$user->admin) {
accessforbidden();
}
$def = array();
$lastexternalrss = 0;
$action = GETPOST('action', 'aZ09');
@ -56,6 +55,7 @@ $sql .= " WHERE ".$db->decrypt('name')." LIKE 'EXTERNAL_RSS_URLRSS_%'";
//print $sql;
$result = $db->query($sql); // We can't use SELECT MAX() because EXTERNAL_RSS_URLRSS_10 is lower than EXTERNAL_RSS_URLRSS_9
if ($result) {
$reg = array();
while ($obj = $db->fetch_object($result)) {
preg_match('/([0-9]+)$/i', $obj->name, $reg);
if ($reg[1] && $reg[1] > $lastexternalrss) {
@ -70,17 +70,17 @@ if ($action == 'add' || GETPOST("modify")) {
$external_rss_title = "external_rss_title_".GETPOST("norss", 'int');
$external_rss_urlrss = "external_rss_urlrss_".GETPOST("norss", 'int');
if (!empty($_POST[$external_rss_urlrss])) {
if (GETPOST($external_rss_urlrss, 'alpha')) {
$boxlabel = '(ExternalRSSInformations)';
//$external_rss_url = "external_rss_url_" . $_POST["norss"];
//$external_rss_url = "external_rss_url_" . GETPOST("norss");
$db->begin();
if ($_POST["modify"]) {
if (GETPOST("modify")) {
// Supprime boite box_external_rss de definition des boites
/* $sql = "UPDATE ".MAIN_DB_PREFIX."boxes_def";
$sql.= " SET name = '".$db->escape($boxlabel)."'";
$sql.= " WHERE file ='box_external_rss.php' AND note like '".$db->escape($_POST["norss"])." %'";
$sql.= " WHERE file ='box_external_rss.php' AND note like '".$db->escape(GETPOST("norss"))." %'";
$resql=$db->query($sql);
if (! $resql)
@ -95,13 +95,17 @@ if ($action == 'add' || GETPOST("modify")) {
$sql .= " VALUES ('box_external_rss.php','".$db->escape(GETPOST("norss", 'int').' ('.GETPOST($external_rss_title, 'alpha')).")')";
if (!$db->query($sql)) {
dol_print_error($db);
$err++;
$error++;
}
//print $sql;exit;
}
$result1 = dolibarr_set_const($db, "EXTERNAL_RSS_TITLE_".GETPOST("norss", 'int'), GETPOST($external_rss_title, 'alpha'), 'chaine', 0, '', $conf->entity);
if ($result1) {
$result2 = dolibarr_set_const($db, "EXTERNAL_RSS_URLRSS_".GETPOST("norss", 'int'), GETPOST($external_rss_urlrss, 'alpha'), 'chaine', 0, '', $conf->entity);
$consttosave = "EXTERNAL_RSS_URLRSS_".GETPOST("norss", 'int');
$urltosave = GETPOST($external_rss_urlrss, 'alpha');
$result2 = dolibarr_set_const($db, $consttosave, $urltosave, 'chaine', 0, '', $conf->entity);
//var_dump($result2);exit;
}
if ($result1 && $result2) {
@ -115,7 +119,7 @@ if ($action == 'add' || GETPOST("modify")) {
}
}
if ($_POST["delete"]) {
if (GETPOST("delete")) {
if (GETPOST("norss", 'int')) {
$db->begin();
@ -136,7 +140,7 @@ if ($_POST["delete"]) {
$resql = $db->query($sql);
$sql = "DELETE FROM ".MAIN_DB_PREFIX."boxes_def";
$sql .= " WHERE rowid = ".$obj->rowid;
$sql .= " WHERE rowid = ".((int) $obj->rowid);
$resql = $db->query($sql);
if (!$resql) {
@ -258,14 +262,14 @@ if ($resql) {
print '<tr class="oddeven">';
print "<td width=\"100px\">".$langs->trans("Title")."</td>";
print "<td><input type=\"text\" class=\"flat minwidth300\" name=\"external_rss_title_".$idrss."\" value=\"".dol_escape_htmltag($conf->global->$keyrsstitle)."\"></td>";
print '<td class="titlefield">'.$langs->trans("Title")."</td>";
print '<td><input type="text" class="flat minwidth300" name="external_rss_title_'.$idrss.'" value="'.dol_escape_htmltag($conf->global->$keyrsstitle).'"></td>';
print '</tr>'."\n";
print '<tr class="oddeven">';
print "<td>".$langs->trans("URL")."</td>";
print "<td><input type=\"text\" class=\"flat minwidth300\" name=\"external_rss_urlrss_".$idrss."\" value=\"".dol_escape_htmltag($conf->global->$keyrssurl)."\"></td>";
print '<td><input type="text" class="flat minwidth300" name="external_rss_urlrss_'.$idrss.'" value="'.dol_escape_htmltag($conf->global->$keyrssurl).'"></td>';
print '</tr>'."\n";
@ -307,7 +311,7 @@ if ($resql) {
// Active
$active = _isInBoxList($idrss, $boxlist) ? 'yes' : 'no';
print '<tr class="oddeven">';
print '<td>'.$langs->trans('WidgetEnabled').'</td>';
print '<td>'.$langs->trans('WidgetAvailable').'</td>';
print '<td>'.yn($active).'</td>';
print '</tr>'."\n";

2
htdocs/admin/ihm.php
View File

@ -96,7 +96,7 @@ if ($action == 'removebackgroundlogin' && !empty($conf->global->MAIN_LOGIN_BACKG
if ($action == 'update') {
dolibarr_set_const($db, "MAIN_LANG_DEFAULT", GETPOST("MAIN_LANG_DEFAULT", 'aZ09'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_IHM_PARAMS_REV", (int) $conf->global->MAIN_IHM_PARAMS_REV + 1, 'chaine', 0, '', $conf->entity);
//dolibarr_set_const($db, "MAIN_MULTILANGS", $_POST["MAIN_MULTILANGS"], 'chaine', 0, '', $conf->entity);
//dolibarr_set_const($db, "MAIN_MULTILANGS", GETPOST("MAIN_MULTILANGS"), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_THEME", GETPOST("main_theme", 'aZ09'), 'chaine', 0, '', $conf->entity);

2
htdocs/admin/index.php
View File

@ -93,7 +93,7 @@ print '<br>';
// Show info setup module
print img_picto('', 'cog', 'class="paddingright"').' '.$langs->trans("SetupDescription4", DOL_URL_ROOT.'/admin/modules.php?mainmenu=home', $langs->transnoentities("Setup"), $langs->transnoentities("Modules"));
if (count($conf->modules) <= (empty($conf->global->MAIN_MIN_NB_ENABLED_MODULE_FOR_WARNING) ? 1 : $conf->global->MAIN_MIN_NB_ENABLED_MODULE_FOR_WARNING)) { // If only user module enabled
if (count($conf->modules) <= (empty($conf->global->MAIN_MIN_NB_ENABLED_MODULE_FOR_WARNING) ? 1 : $conf->global->MAIN_MIN_NB_ENABLED_MODULE_FOR_WARNING)) { // If only minimal initial modules enabled
$langs->load("errors");
$warnpicto = img_warning($langs->trans("WarningEnableYourModulesApplications"), 'style="padding-right: 6px;"');
print '<br><div class="warning"><a href="'.DOL_URL_ROOT.'/admin/modules.php?mainmenu=home">'.$warnpicto.$langs->trans("WarningEnableYourModulesApplications").'</a></div>';

22
htdocs/admin/mailman.php
View File

@ -46,21 +46,27 @@ $action = GETPOST('action', 'aZ09');
$testsubscribeemail = GETPOST("testsubscribeemail");
$testunsubscribeemail = GETPOST("testunsubscribeemail");
$error = 0;
/*
* Actions
*/
// Action updated or added a constant
if ($action == 'update' || $action == 'add') {
foreach ($_POST['constname'] as $key => $val) {
$constname = $_POST["constname"][$key];
$constvalue = $_POST["constvalue"][$key];
$consttype = $_POST["consttype"][$key];
$constnote = $_POST["constnote"][$key];
$res = dolibarr_set_const($db, $constname, $constvalue, $type[$consttype], 0, $constnote, $conf->entity);
$tmparray = GETPOST('constname', 'array');
if (is_array($tmparray)) {
foreach ($tmparray as $key => $val) {
$constname = $tmparray[$key];
$constvalue = $tmparray[$key];
$consttype = $tmparray[$key];
$constnote = $tmparray[$key];
$res = dolibarr_set_const($db, $constname, $constvalue, $type[$consttype], 0, $constnote, $conf->entity);
if (!($res > 0)) {
$error++;
if (!($res > 0)) {
$error++;
}
}
}

3
htdocs/admin/mails_emailing.php
View File

@ -31,6 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
$langs->loadLangs(array('companies', 'products', 'admin', 'mails', 'other', 'errors'));
$action = GETPOST('action', 'aZ09');
$cancel = GETPOST('cancel', 'alpha');
if (!$user->admin) {
accessforbidden();
@ -59,7 +60,7 @@ complete_substitutions_array($substitutionarrayfortest, $langs);
* Actions
*/
if ($action == 'update' && empty($_POST["cancel"])) {
if ($action == 'update' && !$cancel) {
// Send mode parameters
dolibarr_set_const($db, "MAIN_MAIL_SENDMODE_EMAILING", GETPOST("MAIN_MAIL_SENDMODE_EMAILING"), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MAIL_SMTP_PORT_EMAILING", GETPOST("MAIN_MAIL_SMTP_PORT_EMAILING"), 'chaine', 0, '', $conf->entity);

3
htdocs/admin/mails_ticket.php
View File

@ -31,6 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
$langs->loadLangs(array('companies', 'products', 'admin', 'mails', 'other', 'errors'));
$action = GETPOST('action', 'aZ09');
$cancel = GETPOST('cancel', 'alpha');
$usersignature = $user->signature;
// For action = test or send, we ensure that content is not html, even for signature, because this we want a test with NO html.
@ -59,7 +60,7 @@ if (!$user->admin) {
* Actions
*/
if ($action == 'update' && empty($_POST["cancel"])) {
if ($action == 'update' && !$cancel) {
// Send mode parameters
dolibarr_set_const($db, "MAIN_MAIL_SENDMODE_TICKET", GETPOST("MAIN_MAIL_SENDMODE_TICKET"), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MAIL_SMTP_PORT_TICKET", GETPOST("MAIN_MAIL_SMTP_PORT_TICKET"), 'chaine', 0, '', $conf->entity);

4
htdocs/admin/menus/edit.php
View File

@ -333,8 +333,8 @@ if ($action == 'create') {
} else {
print '<select name="type" class="flat" id="topleft">';
print '<option value="">&nbsp;</option>';
print '<option value="top"'.(!empty($_POST["type"]) && $_POST["type"] == 'top' ? ' selected' : '').'>'.$langs->trans('Top').'</option>';
print '<option value="left"'.(!empty($_POST["type"]) && $_POST["type"] == 'left' ? ' selected' : '').'>'.$langs->trans('Left').'</option>';
print '<option value="top"'.(GETPOST("type") == 'top' ? ' selected' : '').'>'.$langs->trans('Top').'</option>';
print '<option value="left"'.(GETPOST("type") == 'left' ? ' selected' : '').'>'.$langs->trans('Left').'</option>';
print '</select>';
}
print '</td><td>'.$langs->trans('DetailType').'</td></tr>';

16
htdocs/admin/menus/index.php
View File

@ -111,13 +111,13 @@ if ($action == 'up') {
}
$sql = "UPDATE ".MAIN_DB_PREFIX."menu as m";
$sql .= " SET m.position = ".$previous['order'];
$sql .= " WHERE m.rowid = ".$current['rowid']; // Up the selected entry
$sql .= " SET m.position = ".((int) $previous['order']);
$sql .= " WHERE m.rowid = ".((int) $current['rowid']); // Up the selected entry
dol_syslog("admin/menus/index.php ".$sql);
$db->query($sql);
$sql = "UPDATE ".MAIN_DB_PREFIX."menu as m";
$sql .= " SET m.position = ".($current['order'] != $previous['order'] ? $current['order'] : $current['order'] + 1);
$sql .= " WHERE m.rowid = ".$previous['rowid']; // Descend celui du dessus
$sql .= " SET m.position = ".((int) ($current['order'] != $previous['order'] ? $current['order'] : $current['order'] + 1));
$sql .= " WHERE m.rowid = ".((int) $previous['rowid']); // Descend celui du dessus
dol_syslog("admin/menus/index.php ".$sql);
$db->query($sql);
} elseif ($action == 'down') {
@ -162,13 +162,13 @@ if ($action == 'up') {
}
$sql = "UPDATE ".MAIN_DB_PREFIX."menu as m";
$sql .= " SET m.position = ".($current['order'] != $next['order'] ? $next['order'] : $current['order'] + 1); // Down the selected entry
$sql .= " WHERE m.rowid = ".$current['rowid'];
$sql .= " SET m.position = ".((int) ($current['order'] != $next['order'] ? $next['order'] : $current['order'] + 1)); // Down the selected entry
$sql .= " WHERE m.rowid = ".((int) $current['rowid']);
dol_syslog("admin/menus/index.php ".$sql);
$db->query($sql);
$sql = "UPDATE ".MAIN_DB_PREFIX."menu as m"; // Up the next entry
$sql .= " SET m.position = ".$current['order'];
$sql .= " WHERE m.rowid = ".$next['rowid'];
$sql .= " SET m.position = ".((int) $current['order']);
$sql .= " WHERE m.rowid = ".((int) $next['rowid']);
dol_syslog("admin/menus/index.php ".$sql);
$db->query($sql);
} elseif ($action == 'confirm_delete' && $confirm == 'yes') {

18
htdocs/admin/modules.php
View File

@ -463,11 +463,13 @@ asort($orders);
//var_dump($modules);
$nbofactivatedmodules = count($conf->modules);
$moreinfo = $langs->trans("TitleNumberOfActivatedModules");
//$conf->global->MAIN_MIN_NB_ENABLED_MODULE_FOR_WARNING = 1000;
/*$moreinfo = $langs->trans("TitleNumberOfActivatedModules");
$moreinfo2 = '<b class="largenumber">'.($nbofactivatedmodules - 1).'</b> / <b class="largenumber">'.count($modules).'</b>';
if ($nbofactivatedmodules <= 1) {
if ($nbofactivatedmodules <= (empty($conf->global->MAIN_MIN_NB_ENABLED_MODULE_FOR_WARNING) ? 1 : $conf->global->MAIN_MIN_NB_ENABLED_MODULE_FOR_WARNING)) {
$moreinfo2 .= ' '.img_warning($langs->trans("YouMustEnableOneModule"));
}
}*/
print load_fiche_titre($langs->trans("ModulesSetup"), '', 'title_setup');
@ -476,7 +478,9 @@ $deschelp = '';
if ($mode == 'common' || $mode == 'commonkanban') {
$desc = $langs->trans("ModulesDesc", '{picto}');
$desc = str_replace('{picto}', img_picto('', 'switch_off'), $desc);
$deschelp = '<div class="info hideonsmartphone">'.$desc."<br></div><br>\n";
if (count($conf->modules) <= (empty($conf->global->MAIN_MIN_NB_ENABLED_MODULE_FOR_WARNING) ? 1 : $conf->global->MAIN_MIN_NB_ENABLED_MODULE_FOR_WARNING)) { // If only minimal initial modules enabled
$deschelp = '<div class="info hideonsmartphone">'.$desc."<br></div><br>\n";
}
}
if ($mode == 'marketplace') {
//$deschelp = '<div class="info hideonsmartphone">'.$langs->trans("ModulesMarketPlaceDesc")."<br></div><br>\n";
@ -488,7 +492,7 @@ if ($mode == 'develop') {
$deschelp = '<div class="info hideonsmartphone">'.$langs->trans("ModulesDevelopDesc")."<br></div><br>\n";
}
$head = modules_prepare_head();
$head = modules_prepare_head($nbofactivatedmodules, count($modules));
if ($mode == 'common' || $mode == 'commonkanban') {
@ -521,7 +525,7 @@ if ($mode == 'common' || $mode == 'commonkanban') {
$moreforfilter .= dolGetButtonTitle($langs->trans('ViewList'), '', 'fa fa-list-alt imgforviewmode', $_SERVER["PHP_SELF"].'?mode=common'.$param, '', 1, array('morecss'=>'reposition'.($mode == 'commonkanban' ? '' : ' btnTitleSelected')));
$moreforfilter .= '</li></ul></div>';
$moreforfilter .= '<div class="floatright center marginrightonly hideonsmartphone" style="padding-top: 3px"><span class="paddingright">'.$moreinfo.'</span> '.$moreinfo2.'</div>';
//$moreforfilter .= '<div class="floatright center marginrightonly hideonsmartphone" style="padding-top: 3px"><span class="paddingright">'.$moreinfo.'</span> '.$moreinfo2.'</div>';
$moreforfilter .= '<div class="colorbacktimesheet float valignmiddle">';
$moreforfilter .= '<div class="divsearchfield paddingtop">';
@ -893,7 +897,7 @@ if ($mode == 'common' || $mode == 'commonkanban') {
if (!empty($conf->global->CHECKLASTVERSION_EXTERNALMODULE)) { // This is a bad practice to activate a synch external access during building of a page. 1 external module can hang the application.
require_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php';
if (!empty($objMod->url_last_version)) {
$newversion = getURLContent($objMod->url_last_version);
$newversion = getURLContent($objMod->url_last_version, 'GET', '', 1, array(), array('http', 'https'), 0); // Accept http or https links on external remote server only
if (isset($newversion['content'])) {
if (version_compare($newversion['content'], $versiontrans) > 0) {
print "&nbsp;<span class='butAction' title='".$langs->trans('LastStableVersion')."'>".$newversion['content']."</span>";

4
htdocs/admin/multicurrency.php
View File

@ -33,7 +33,7 @@ require_once DOL_DOCUMENT_ROOT.'/multicurrency/class/multicurrency.class.php';
$langs->loadLangs(array('admin', 'multicurrency'));
// Access control
if (!$user->admin) {
if (!$user->admin || empty($conf->multicurrency->enabled)) {
accessforbidden();
}
@ -45,7 +45,7 @@ $action = GETPOST('action', 'aZ09');
* Actions
*/
$reg = array();
if (preg_match('/set_([a-z0-9_\-]+)/i', $action, $reg)) {
$code = $reg[1];
$value = GETPOST($code, 'alpha');

76
htdocs/admin/pdf.php
View File

@ -68,6 +68,20 @@ if ($action == 'update') {
dolibarr_set_const($db, "MAIN_GENERATE_DOCUMENTS_WITHOUT_VAT", GETPOST("MAIN_GENERATE_DOCUMENTS_WITHOUT_VAT"), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_TVAINTRA_NOT_IN_ADDRESS", GETPOST("MAIN_TVAINTRA_NOT_IN_ADDRESS"), 'chaine', 0, '', $conf->entity);
if (!empty($conf->projet->enabled)) {
if (GETPOST('PDF_SHOW_PROJECT_REF_OR_LABEL') == 'no') {
dolibarr_del_const($db, "PDF_SHOW_PROJECT", $conf->entity);
dolibarr_del_const($db, "PDF_SHOW_PROJECT_TITLE", $conf->entity);
} elseif (GETPOST('PDF_SHOW_PROJECT_REF_OR_LABEL') == 'showprojectref') {
dolibarr_set_const($db, "PDF_SHOW_PROJECT", GETPOST("PDF_SHOW_PROJECT_REF_OR_LABEL"), 'chaine', 0, '', $conf->entity);
dolibarr_del_const($db, "PDF_SHOW_PROJECT_TITLE", $conf->entity);
} elseif (GETPOST('PDF_SHOW_PROJECT_REF_OR_LABEL') == 'showprojectlabel') {
dolibarr_del_const($db, "PDF_SHOW_PROJECT", $conf->entity);
dolibarr_set_const($db, "PDF_SHOW_PROJECT_TITLE", GETPOST("PDF_SHOW_PROJECT_REF_OR_LABEL"), 'chaine', 0, '', $conf->entity);
}
}
dolibarr_set_const($db, "MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS", GETPOST("MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS"), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_GENERATE_DOCUMENTS_HIDE_DESC", GETPOST("MAIN_GENERATE_DOCUMENTS_HIDE_DESC"), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_GENERATE_DOCUMENTS_HIDE_REF", GETPOST("MAIN_GENERATE_DOCUMENTS_HIDE_REF"), 'chaine', 0, '', $conf->entity);
@ -290,6 +304,40 @@ print '<tr class="oddeven"><td>'.$langs->trans("MAIN_DOCUMENTS_LOGO_HEIGHT").'</
print '<input type="text" class="maxwidth50" name="MAIN_DOCUMENTS_LOGO_HEIGHT" value="'.(!empty($conf->global->MAIN_DOCUMENTS_LOGO_HEIGHT) ? $conf->global->MAIN_DOCUMENTS_LOGO_HEIGHT : 20).'">';
print '</td></tr>';
// Show project
if (!empty($conf->projet->enabled)) {
print '<tr class="oddeven"><td>'.$langs->trans("PDF_SHOW_PROJECT").'</td><td>';
$tmparray = array('no' => 'No', 'showprojectref' => 'RefProject', 'showprojectlabel' => 'ShowProjectLabel');
$showprojectref = empty($conf->global->PDF_SHOW_PROJECT) ? (empty($conf->global->PDF_SHOW_PROJECT_TITLE) ? 'no' : 'showprojectlabel') : 'showprojectref';
print $form->selectarray('PDF_SHOW_PROJECT_REF_OR_LABEL', $tmparray, $showprojectref, 0, 0, 0, '', 1);
print '</td></tr>';
}
//Invert sender and recipient
print '<tr class="oddeven"><td>'.$langs->trans("SwapSenderAndRecipientOnPDF").'</td><td>';
print $form->selectyesno('MAIN_INVERT_SENDER_RECIPIENT', (!empty($conf->global->MAIN_INVERT_SENDER_RECIPIENT)) ? $conf->global->MAIN_INVERT_SENDER_RECIPIENT : 0, 1);
print '</td></tr>';
// Place customer adress to the ISO location
print '<tr class="oddeven"><td>'.$langs->trans("PlaceCustomerAddressToIsoLocation").'</td><td>';
print $form->selectyesno('MAIN_PDF_USE_ISO_LOCATION', (!empty($conf->global->MAIN_PDF_USE_ISO_LOCATION)) ? $conf->global->MAIN_PDF_USE_ISO_LOCATION : 0, 1);
print '</td></tr>';
// Use 2 languages into PDF
print '<tr class="oddeven"><td>'.$langs->trans("PDF_USE_ALSO_LANGUAGE_CODE").'</td><td>';
//if (! empty($conf->global->MAIN_MULTILANGS))
//{
$selected = GETPOSTISSET('PDF_USE_ALSO_LANGUAGE_CODE') ? GETPOST('PDF_USE_ALSO_LANGUAGE_CODE') : (!empty($conf->global->PDF_USE_ALSO_LANGUAGE_CODE) ? $conf->global->PDF_USE_ALSO_LANGUAGE_CODE : 0);
print $formadmin->select_language($selected, 'PDF_USE_ALSO_LANGUAGE_CODE', 0, null, 1);
//} else {
// print '<span class="opacitymedium">'.$langs->trans("MultiLangNotEnabled").'</span>';
//}
print '</td></tr>';
//Desc
print '<tr class="oddeven"><td>'.$langs->trans("HideDescOnPDF").'</td><td>';
@ -308,38 +356,18 @@ print '<tr class="oddeven"><td>'.$langs->trans("HideDetailsOnPDF").'</td><td>';
print $form->selectyesno('MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS', (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS)) ? $conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS : 0, 1);
print '</td></tr>';
//Invert sender and recipient
// SHOW_SUBPRODUCT_REF_IN_PDF - Option to show the detail of product ref for kits.
print '<tr class="oddeven"><td>'.$langs->trans("SwapSenderAndRecipientOnPDF").'</td><td>';
print $form->selectyesno('MAIN_INVERT_SENDER_RECIPIENT', (!empty($conf->global->MAIN_INVERT_SENDER_RECIPIENT)) ? $conf->global->MAIN_INVERT_SENDER_RECIPIENT : 0, 1);
print '</td></tr>';
// Place customer adress to the ISO location
print '<tr class="oddeven"><td>'.$langs->trans("PlaceCustomerAddressToIsoLocation").'</td><td>';
print $form->selectyesno('MAIN_PDF_USE_ISO_LOCATION', (!empty($conf->global->MAIN_PDF_USE_ISO_LOCATION)) ? $conf->global->MAIN_PDF_USE_ISO_LOCATION : 0, 1);
print '<tr class="oddeven"><td>'.$langs->trans("SHOW_SUBPRODUCT_REF_IN_PDF", $langs->transnoentitiesnoconv("AssociatedProductsAbility"), $langs->transnoentitiesnoconv("Products")).'</td><td>';
print $form->selectyesno('SHOW_SUBPRODUCT_REF_IN_PDF', (!empty($conf->global->SHOW_SUBPRODUCT_REF_IN_PDF)) ? $conf->global->SHOW_SUBPRODUCT_REF_IN_PDF : 0, 1);
print '</td></tr>';
// Show more details in footer
print '<tr class="oddeven"><td>'.$langs->trans("ShowDetailsInPDFPageFoot").'</td><td>';
print $form->selectarray('MAIN_GENERATE_DOCUMENTS_SHOW_FOOT_DETAILS', $arraydetailsforpdffoot, (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_SHOW_FOOT_DETAILS) ? $conf->global->MAIN_GENERATE_DOCUMENTS_SHOW_FOOT_DETAILS : 0));
print '</td></tr>';
print '<tr class="oddeven"><td>'.$langs->trans("PDF_USE_ALSO_LANGUAGE_CODE").'</td><td>';
//if (! empty($conf->global->MAIN_MULTILANGS))
//{
$selected = GETPOSTISSET('PDF_USE_ALSO_LANGUAGE_CODE') ? GETPOST('PDF_USE_ALSO_LANGUAGE_CODE') : (!empty($conf->global->PDF_USE_ALSO_LANGUAGE_CODE) ? $conf->global->PDF_USE_ALSO_LANGUAGE_CODE : 0);
print $formadmin->select_language($selected, 'PDF_USE_ALSO_LANGUAGE_CODE', 0, null, 1);
//} else {
// print '<span class="opacitymedium">'.$langs->trans("MultiLangNotEnabled").'</span>';
//}
print '</td></tr>';
// SHOW_SUBPRODUCT_REF_IN_PDF - Option to show the detail of product ref for kits.
print '<tr class="oddeven"><td>'.$langs->trans("SHOW_SUBPRODUCT_REF_IN_PDF", $langs->transnoentitiesnoconv("AssociatedProductsAbility"), $langs->transnoentitiesnoconv("Products")).'</td><td>';
print $form->selectyesno('SHOW_SUBPRODUCT_REF_IN_PDF', (!empty($conf->global->SHOW_SUBPRODUCT_REF_IN_PDF)) ? $conf->global->SHOW_SUBPRODUCT_REF_IN_PDF : 0, 1);
print '</td></tr>';
print '</table>';
print '</div>';

6
htdocs/admin/perms.php
View File

@ -132,7 +132,7 @@ print '</tr>'."\n";
$sql = "SELECT r.id, r.libelle as label, r.module, r.module_position, r.perms, r.subperms, r.bydefault";
$sql .= " FROM ".MAIN_DB_PREFIX."rights_def as r";
$sql .= " WHERE r.libelle NOT LIKE 'tou%'"; // On ignore droits "tous"
$sql .= " AND r.entity = ".$entity;
$sql .= " AND r.entity = ".((int) $entity);
if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) {
$sql .= " AND r.perms NOT LIKE '%_advance'"; // Hide advanced perms if option is not enabled
}
@ -159,8 +159,8 @@ if ($result) {
// TODO Define familyposition
$family = (!empty($modules[$obj->module]->family_position) ? $modules[$obj->module]->family_position : '');
$familyposition = 0;
$sqlupdate = 'UPDATE '.MAIN_DB_PREFIX."rights_def SET module_position = ".$modules[$obj->module]->module_position.",";
$sqlupdate .= " family_position = ".$familyposition;
$sqlupdate = 'UPDATE '.MAIN_DB_PREFIX."rights_def SET module_position = ".((int) $modules[$obj->module]->module_position).",";
$sqlupdate .= " family_position = ".((int) $familyposition);
$sqlupdate .= " WHERE module_position = 0 AND module = '".$db->escape($obj->module)."'";
$db->query($sqlupdate);
}

4
htdocs/admin/sms.php
View File

@ -66,7 +66,7 @@ if ($action == 'send' && !$_POST['cancel']) {
$error = 0;
$smsfrom = '';
if (!empty($_POST["fromsms"])) {
if (GETPOST("fromsms", 'alphanohtml')) {
$smsfrom = GETPOST("fromsms", 'alphanohtml');
}
if (empty($smsfrom)) {
@ -156,7 +156,7 @@ asort($listofmethods);
if (!count($listofmethods)) {
$descnosms = $langs->trans("NoSmsEngine", '{Dolistore}');
$descnosms = str_replace('{Dolistore}', '<a href="http://www.dolistore.com/search.php?orderby=position&orderway=desc&search_query=smsmanager">DoliStore</a>', $descnosms);
$descnosms = str_replace('{Dolistore}', '<a href="https://www.dolistore.com/search.php?orderby=position&orderway=desc&search_query=smsmanager">DoliStore</a>', $descnosms);
print '<div class="warning">'.$descnosms.'</div>';
}

11
htdocs/admin/stock.php
View File

@ -673,6 +673,17 @@ if (!empty($conf->global->MAIN_DEFAULT_WAREHOUSE_USER)) {
print "</td>\n";
print "</tr>\n";
}
print '<tr class="oddeven">';
print '<td>'.$langs->trans("WarehouseAskWarehouseOnThirparty").'</td>';
print '<td class="right">';
if ($conf->use_javascript_ajax) {
print ajax_constantonoff('SOCIETE_ASK_FOR_WAREHOUSE');
} else {
$arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes"));
print $form->selectarray("SOCIETE_ASK_FOR_WAREHOUSE", $arrval, $conf->global->SOCIETE_ASK_FOR_WAREHOUSE);
}
print '<tr class="oddeven">';
print '<td>'.$langs->trans("WarehouseAskWarehouseDuringPropal").'</td>';
print '<td class="right">';

2
htdocs/admin/system/constall.php
View File

@ -223,7 +223,7 @@ if (empty($conf->multicompany->enabled)) {
} else {
// If multicompany mode, superadmin (user->entity=0) can see everything, admin are limited to their entities.
if ($user->entity) {
$sql .= " WHERE entity IN (".$user->entity.",".$conf->entity.")";
$sql .= " WHERE entity IN (".$db->sanitize($user->entity.",".$conf->entity).")";
}
}
$sql .= " ORDER BY entity, name ASC";

2
htdocs/admin/system/dolibarr.php
View File

@ -484,7 +484,7 @@ if (empty($conf->multicompany->enabled)) {
} else {
// If multicompany mode, superadmin (user->entity=0) can see everything, admin are limited to their entities.
if ($user->entity) {
$sql .= " WHERE entity IN (".$user->entity.",".$conf->entity.")";
$sql .= " WHERE entity IN (".$db->sanitize($user->entity.",".$conf->entity).")";
}
}
$sql .= " ORDER BY entity, name ASC";

16
htdocs/admin/system/filecheck.php
View File

@ -78,10 +78,10 @@ print '<br>';
$file_list = array('missing' => array(), 'updated' => array());
// Local file to compare to
$xmlshortfile = GETPOST('xmlshortfile', 'alpha') ?GETPOST('xmlshortfile', 'alpha') : '/install/filelist-'.DOL_VERSION.(empty($conf->global->MAIN_FILECHECK_LOCAL_SUFFIX) ? '' : $conf->global->MAIN_FILECHECK_LOCAL_SUFFIX).'.xml'.(empty($conf->global->MAIN_FILECHECK_LOCAL_EXT) ? '' : $conf->global->MAIN_FILECHECK_LOCAL_EXT);
$xmlfile = DOL_DOCUMENT_ROOT.$xmlshortfile;
$xmlshortfile = dol_sanitizeFileName(GETPOST('xmlshortfile', 'alpha') ? GETPOST('xmlshortfile', 'alpha') : 'filelist-'.DOL_VERSION.(empty($conf->global->MAIN_FILECHECK_LOCAL_SUFFIX) ? '' : $conf->global->MAIN_FILECHECK_LOCAL_SUFFIX).'.xml'.(empty($conf->global->MAIN_FILECHECK_LOCAL_EXT) ? '' : $conf->global->MAIN_FILECHECK_LOCAL_EXT));
$xmlfile = DOL_DOCUMENT_ROOT.'/install/'.$xmlshortfile;
// Remote file to compare to
$xmlremote = GETPOST('xmlremote');
$xmlremote = GETPOST('xmlremote', 'alphanohtml');
if (empty($xmlremote) && !empty($conf->global->MAIN_FILECHECK_URL)) {
$xmlremote = $conf->global->MAIN_FILECHECK_URL;
}
@ -92,7 +92,11 @@ if (empty($xmlremote) && !empty($conf->global->$param)) {
if (empty($xmlremote)) {
$xmlremote = 'https://www.dolibarr.org/files/stable/signatures/filelist-'.DOL_VERSION.'.xml';
}
if ($xmlremote && !preg_match('/^https?:\/\//', $xmlremote)) {
$langs->load("errors");
setEventMessages($langs->trans("ErrorURLMustStartWithHttp", $xmlremote), '', 'errors');
$error++;
}
// Test if remote test is ok
$enableremotecheck = true;
@ -147,12 +151,12 @@ if (GETPOST('target') == 'local') {
}
$xml = simplexml_load_file($xmlfile);
} else {
print $langs->trans('XmlNotFound').': '.$xmlfile;
print '<div class="warning">'.$langs->trans('XmlNotFound').': '.$xmlfile.'</span>';
$error++;
}
}
if (GETPOST('target') == 'remote') {
$xmlarray = getURLContent($xmlremote);
$xmlarray = getURLContent($xmlremote, 'GET', '', 1, array(), array('http', 'https'), 0); // Accept http or https links on external remote server only
// Return array('content'=>response,'curl_error_no'=>errno,'curl_error_msg'=>errmsg...)
if (!$xmlarray['curl_error_no'] && $xmlarray['http_code'] != '400' && $xmlarray['http_code'] != '404') {

71
htdocs/admin/system/modules.php
View File

@ -228,26 +228,26 @@ print '<tr class="liste_titre_filter">';
if ($arrayfields['name']['checked']) {
print '<td class="liste_titre left">';
print '<input class="flat" type="text" name="search_name" size="8" value="'.$search_name.'">';
print '<input class="flat" type="text" name="search_name" size="8" value="'.dol_escape_htmltag($search_name).'">';
print '</td>';
}
if ($arrayfields['version']['checked']) {
print '<td class="liste_titre left">';
print '<input class="flat" type="text" name="search_version" size="8" value="'.$search_version.'">';
print '<input class="flat" type="text" name="search_version" size="6" value="'.dol_escape_htmltag($search_version).'">';
print '</td>';
}
if ($arrayfields['id']['checked']) {
print '<td class="liste_titre left">';
print '<input class="flat" type="text" name="search_id" size="8" value="'.$search_id.'">';
print '</td>';
}
if ($arrayfields['module_position']['checked']) {
print '<td class="liste_titre left">';
print '<input class="flat" type="text" name="search_id" size="6 value="'.dol_escape_htmltag($search_id).'">';
print '</td>';
}
if ($arrayfields['permission']['checked']) {
print '<td class="liste_titre left">';
print '<input class="flat" type="text" name="search_permission" size="8" value="'.$search_permission.'">';
print '<input class="flat" type="text" name="search_permission" size="8" value="'.dol_escape_htmltag($search_permission).'">';
print '</td>';
}
if ($arrayfields['module_position']['checked']) {
print '<td class="liste_titre left">';
print '</td>';
}
@ -267,14 +267,14 @@ if ($arrayfields['version']['checked']) {
print_liste_field_titre($arrayfields['version']['label'], $_SERVER["PHP_SELF"], "version", "", "", "", $sortfield, $sortorder);
}
if ($arrayfields['id']['checked']) {
print_liste_field_titre($arrayfields['id']['label'], $_SERVER["PHP_SELF"], "id", "", "", "", $sortfield, $sortorder);
}
if ($arrayfields['module_position']['checked']) {
print_liste_field_titre($arrayfields['module_position']['label'], $_SERVER["PHP_SELF"], "module_position", "", "", "", $sortfield, $sortorder);
print_liste_field_titre($arrayfields['id']['label'], $_SERVER["PHP_SELF"], "id", "", "", "", $sortfield, $sortorder, 'nowraponall ');
}
if ($arrayfields['permission']['checked']) {
print_liste_field_titre($arrayfields['permission']['label'], $_SERVER["PHP_SELF"], "permission", "", "", "", $sortfield, $sortorder);
}
if ($arrayfields['module_position']['checked']) {
print_liste_field_titre($arrayfields['module_position']['label'], $_SERVER["PHP_SELF"], "module_position", "", "", "", $sortfield, $sortorder);
}
// Fields from hook
$parameters = array('arrayfields'=>$arrayfields, 'param'=>$param, 'sortfield'=>$sortfield, 'sortorder'=>$sortorder);
@ -289,37 +289,30 @@ if ($sortfield == "name" && $sortorder == "asc") {
usort($moduleList, function (stdClass $a, stdClass $b) {
return strcasecmp($a->name, $b->name);
});
}
if ($sortfield == "name" && $sortorder == "desc") {
} elseif ($sortfield == "name" && $sortorder == "desc") {
usort($moduleList, function (stdClass $a, stdClass $b) {
return strcasecmp($b->name, $a->name);
});
}
if ($sortfield == "version" && $sortorder == "asc") {
} elseif ($sortfield == "version" && $sortorder == "asc") {
usort($moduleList, function (stdClass $a, stdClass $b) {
return strcasecmp($a->version, $b->version);
});
}
if ($sortfield == "version" && $sortorder == "desc") {
} elseif ($sortfield == "version" && $sortorder == "desc") {
usort($moduleList, function (stdClass $a, stdClass $b) {
return strcasecmp($b->version, $a->version);
});
}
if ($sortfield == "id" && $sortorder == "asc") {
} elseif ($sortfield == "id" && $sortorder == "asc") {
usort($moduleList, "compareIdAsc");
}
if ($sortfield == "id" && $sortorder == "desc") {
} elseif ($sortfield == "id" && $sortorder == "desc") {
usort($moduleList, "compareIdDesc");
}
if ($sortfield == "permission" && $sortorder == "asc") {
} elseif ($sortfield == "permission" && $sortorder == "asc") {
usort($moduleList, "comparePermissionIdsAsc");
}
if ($sortfield == "permission" && $sortorder == "desc") {
} elseif ($sortfield == "permission" && $sortorder == "desc") {
usort($moduleList, "comparePermissionIdsDesc");
} else {
$moduleList = dol_sort_array($moduleList, 'module_position');
}
$moduleList = dol_sort_array($moduleList, 'module_position');
foreach ($moduleList as $module) {
print '<tr class="oddeven">';
@ -338,10 +331,6 @@ foreach ($moduleList as $module) {
print '<td class="center">'.$module->id.'</td>';
}
if ($arrayfields['module_position']['checked']) {
print '<td class="center">'.$module->module_position.'</td>';
}
if ($arrayfields['permission']['checked']) {
$idperms = '';
@ -357,7 +346,11 @@ foreach ($moduleList as $module) {
}
}
print '<td>'.($idperms ? $idperms : "&nbsp;").'</td>';
print '<td><span class="opacitymedium">'.($idperms ? $idperms : "&nbsp;").'</span></td>';
}
if ($arrayfields['module_position']['checked']) {
print '<td class="center">'.$module->module_position.'</td>';
}
print '<td></td>';
@ -394,11 +387,11 @@ $db->close();
*/
function compareIdAsc(stdClass $a, stdClass $b)
{
if ($a->id == $b->id) {
if ((int) $a->id == (int) $b->id) {
return 0;
}
return $a->id > $b->id ? -1 : 1;
return ((int) $a->id < (int) $b->id) ? -1 : 1;
}
/**
@ -410,11 +403,11 @@ function compareIdAsc(stdClass $a, stdClass $b)
*/
function compareIdDesc(stdClass $a, stdClass $b)
{
if ($a->id == $b->id) {
if ((int) $a->id == (int) $b->id) {
return 0;
}
return $b->id > $a->id ? -1 : 1;
return ((int) $b->id < (int) $a->id) ? -1 : 1;
}
/**
@ -441,7 +434,7 @@ function comparePermissionIdsAsc(stdClass $a, stdClass $b)
return 0;
}
return $a->permission[0] > $b->permission[0] ? -1 : 1;
return $a->permission[0] < $b->permission[0] ? -1 : 1;
}
/**
@ -468,5 +461,5 @@ function comparePermissionIdsDesc(stdClass $a, stdClass $b)
return 0;
}
return $a->permission[0] > $b->permission[0] ? 1 : -1;
return $b->permission[0] < $a->permission[0] ? -1 : 1;
}

98
htdocs/admin/system/security.php
View File

@ -23,6 +23,7 @@
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/memory.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
@ -74,12 +75,24 @@ print "<strong>PHP disable_functions</strong> = ";
$arrayoffunctionsdisabled = explode(',', ini_get('disable_functions'));
$arrayoffunctionstodisable = explode(',', 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals');
$arrayoffunctionstodisable2 = explode(',', 'exec,passthru,shell_exec,system,proc_open,popen');
print join(', ', $arrayoffunctionsdisabled);
$i = 0;
foreach ($arrayoffunctionsdisabled as $functionkey) {
if ($i > 0) {
print ', ';
}
print '<span class="opacitymedium">'.$functionkey.'</span>';
$i++;
}
print "<br>\n";
$todisabletext = '';
$i = 0;
foreach ($arrayoffunctionstodisable as $functiontodisable) {
if (! in_array($functiontodisable, $arrayoffunctionsdisabled)) {
$todisabletext .= img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.$functiontodisable;
if ($i > 0) {
$todisabletext .= ', ';
}
$todisabletext .= img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' <span class="opacitymedium">'.$functiontodisable.'</span>';
$i++;
}
}
if ($todisabletext) {
@ -87,9 +100,14 @@ if ($todisabletext) {
print '<br>';
}
$todisabletext = '';
$i = 0;
foreach ($arrayoffunctionstodisable2 as $functiontodisable) {
if (! in_array($functiontodisable, $arrayoffunctionsdisabled)) {
$todisabletext .= img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.$functiontodisable;
if ($i > 0) {
$todisabletext .= ', ';
}
$todisabletext .= img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' <span class="opacitymedium">'.$functiontodisable.'</span>';
$i++;
}
}
if ($todisabletext) {
@ -110,6 +128,7 @@ if ($test) {
}
print '<br>';
print '<br>';
print '<br>';
print load_fiche_titre($langs->trans("ConfigurationFile").' ('.$conffile.')', '', 'folder');
@ -131,13 +150,38 @@ print '<strong>'.$langs->trans("dolibarr_main_restrict_ip").'</strong>: '.$dolib
}*/
print '<br>';
print '<br>';
print '<br>';
print '<br>';
print load_fiche_titre($langs->trans("PermissionsOnFiles"), '', 'folder');
print '<strong>'.$langs->trans("PermissionsOnFilesInWebRoot").'</strong>: ';
// TODO Check permission are read only except for custom dir
print 'TODO';
$arrayoffilesinroot = dol_dir_list(DOL_DOCUMENT_ROOT, 'all', 1, '', array('custom\/'), 'name', SORT_ASC, 4, 1, '', 1);
$fileswithwritepermission = array();
foreach ($arrayoffilesinroot as $fileinroot) {
// Test permission on file
if ($fileinroot['perm'] & 0222) {
$fileswithwritepermission[] = $fileinroot['relativename'];
}
}
if (empty($fileswithwritepermission)) {
print img_picto('', 'tick').' '.$langs->trans("NoWritableFilesFoundIntoRootDir");
} else {
print img_warning().' '.$langs->trans("SomeFilesOrDirInRootAreWritable");
print '<br>'.$langs->trans("Example").': ';
$i = 0;
foreach ($fileswithwritepermission as $filewithwritepermission) {
if ($i > 0) {
print ', ';
}
print '<span class="opacitymedium">'.$filewithwritepermission.'</span>';
if ($i > 20) {
print ' ...';
break;
}
$i++;
}
}
print '<br>';
print '<strong>'.$langs->trans("PermissionsOnFile", $conffile).'</strong>: '; // $conffile is defined into filefunc.inc.php
@ -163,6 +207,7 @@ print '<br>';
print '<br>';
print '<br>';
print '<br>';
print load_fiche_titre($langs->trans("Modules"), '', 'folder');
@ -172,7 +217,11 @@ $test = empty($conf->syslog->enabled);
if ($test) {
print img_picto('', 'tick.png').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis");
} else {
print img_picto('', 'warning').' '.$langs->trans("ModuleActivatedMayExposeInformation", $langs->transnoentities("Syslog"));
if ($conf->global->SYSLOG_LEVEL > LOG_NOTICE) {
print img_picto('', 'warning').' '.$langs->trans("ModuleActivatedMayExposeInformation", $langs->transnoentities("Syslog"));
} else {
print img_picto('', 'tick.png').' '.$langs->trans("ModuleSyslogActivatedButLevelNotTooVerbose", $langs->transnoentities("Syslog"), $conf->global->SYSLOG_LEVEL);
}
//print ' '.$langs->trans("MoreInformation").' <a href="'.DOL_URL_ROOT.'/admin/system/xdebug.php'.'">XDebug admin page</a>';
}
print '<br>';
@ -188,6 +237,7 @@ if ($test) {
}
print '<br>';
print '<br>';
print '<br>';
print '<br>';
print load_fiche_titre($langs->trans("Menu").' '.$langs->trans("SecuritySetup"), '', 'folder');
@ -199,15 +249,14 @@ if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') {
print '<strong>MAIN_SECURITY_SALT</strong> = '.(empty($conf->global->MAIN_SECURITY_SALT) ? $langs->trans("Undefined") : $conf->global->MAIN_SECURITY_SALT).'<br>';
}
if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') {
print '<span class="opacitymedium">The recommanded value for MAIN_SECURITY_HASH_ALGO is now \'password_hash\' but setting it now will make ALL existing passwords of all users not valid, so update is not possible.<br>';
print '<div class="info">The recommanded value for MAIN_SECURITY_HASH_ALGO is now \'password_hash\' but setting it now will make ALL existing passwords of all users not valid, so update is not possible.<br>';
print 'If you really want to switch, you must:<br>';
print '- Go on home - setup - other and add constant MAIN_SECURITY_HASH_ALGO to value \'password_hash\'<br>';
print '- In same session, WITHOUT LOGGING OUT, go into your admin user record and set a new password<br>';
print '- You can now logout and login with this new password. You must now reset password of all other users.<br>';
print '</span><br>';
print '</div><br>';
}
print '<br>';
// TODO
print '<strong>'.$langs->trans("AntivirusEnabledOnUpload").'</strong>: ';
print empty($conf->global->MAIN_ANTIVIRUS_COMMAND) ? '' : img_picto('', 'tick').' ';
@ -225,25 +274,28 @@ print '<br>';
$securityevent = new Events($db);
$eventstolog = $securityevent->eventstolog;
print '<strong>'.$langs->trans("LogEvents").'</strong>: ';
// Loop on each event type
foreach ($eventstolog as $key => $arr) {
if ($arr['id']) {
$key = 'MAIN_LOGEVENTS_'.$arr['id'];
$value = empty($conf->global->$key) ? '' : $conf->global->$key;
if ($value) {
print $key.', ';
print '<strong>'.$langs->trans("AuditedSecurityEvents").'</strong>: ';
if (!empty($eventstolog) && is_array($eventstolog)) {
// Loop on each event type
$i = 0;
foreach ($eventstolog as $key => $arr) {
if ($arr['id']) {
$key = 'MAIN_LOGEVENTS_'.$arr['id'];
$value = empty($conf->global->$key) ? '' : $conf->global->$key;
if ($value) {
if ($i > 0) {
print ', ';
}
print '<span class="opacitymedium">'.$key.'</span>';
$i++;
}
}
}
} else {
print img_warning().' '.$langs->trans("NoSecurityEventsAreAduited", $langs->transnoentities("Home").' - '.$langs->transnoentities("Setup").' - '.$langs->transnoentities("Audit"));
}
// End of page
llxFooter();
$db->close();

100
htdocs/admin/ticket_public.php
View File

@ -59,6 +59,38 @@ if ($action == 'setTICKET_ENABLE_PUBLIC_INTERFACE') {
if ($action == 'setvar') {
include_once DOL_DOCUMENT_ROOT."/core/lib/files.lib.php";
if (GETPOSTISSET('TICKET_ENABLE_PUBLIC_INTERFACE')) { // only for no js case
$param_enable_public_interface = GETPOST('TICKET_ENABLE_PUBLIC_INTERFACE', 'alpha');
$res = dolibarr_set_const($db, 'TICKET_ENABLE_PUBLIC_INTERFACE', $param_enable_public_interface, 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {
$error++;
}
}
if (GETPOSTISSET('TICKET_EMAIL_MUST_EXISTS')) { // only for no js case
$param_must_exists = GETPOST('TICKET_EMAIL_MUST_EXISTS', 'alpha');
$res = dolibarr_set_const($db, 'TICKET_EMAIL_MUST_EXISTS', $param_must_exists, 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {
$error++;
}
}
if (GETPOSTISSET('TICKET_DISABLE_CUSTOMER_MAILS')) { // only for no js case
$param_disable_email = GETPOST('TICKET_DISABLE_CUSTOMER_MAILS', 'alpha');
$res = dolibarr_set_const($db, 'TICKET_DISABLE_CUSTOMER_MAILS', $param_disable_email, 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {
$error++;
}
}
if (GETPOSTISSET('TICKET_SHOW_COMPANY_LOGO')) { // only for no js case
$param_show_module_logo = GETPOST('TICKET_SHOW_COMPANY_LOGO', 'alpha');
$res = dolibarr_set_const($db, 'TICKET_SHOW_COMPANY_LOGO', $param_show_module_logo, 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {
$error++;
}
}
$topic_interface = GETPOST('TICKET_PUBLIC_INTERFACE_TOPIC', 'nohtml');
if (!empty($topic_interface)) {
$res = dolibarr_set_const($db, 'TICKET_PUBLIC_INTERFACE_TOPIC', $topic_interface, 'chaine', 0, '', $conf->entity);
@ -114,32 +146,6 @@ if ($action == 'setvar') {
if (!($res > 0)) {
$error++;
}
}
if ($action == 'setvarother') {
$param_enable_public_interface = GETPOST('TICKET_ENABLE_PUBLIC_INTERFACE', 'alpha');
$res = dolibarr_set_const($db, 'TICKET_ENABLE_PUBLIC_INTERFACE', $param_enable_public_interface, 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {
$error++;
}
$param_must_exists = GETPOST('TICKET_EMAIL_MUST_EXISTS', 'alpha');
$res = dolibarr_set_const($db, 'TICKET_EMAIL_MUST_EXISTS', $param_must_exists, 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {
$error++;
}
$param_disable_email = GETPOST('TICKET_DISABLE_CUSTOMER_MAILS', 'alpha');
$res = dolibarr_set_const($db, 'TICKET_DISABLE_CUSTOMER_MAILS', $param_disable_email, 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {
$error++;
}
$param_show_module_logo = GETPOST('TICKET_SHOW_COMPANY_LOGO', 'alpha');
$res = dolibarr_set_const($db, 'TICKET_SHOW_COMPANY_LOGO', $param_show_module_logo, 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {
$error++;
}
if ($conf->global->MAIN_FEATURES_LEVEL >= 2) {
$param_notification_also_main_addressemail = GETPOST('TICKET_NOTIFICATION_ALSO_MAIN_ADDRESS', 'alpha');
@ -197,18 +203,16 @@ print '<input type="hidden" id="TICKET_ENABLE_PUBLIC_INTERFACE" name="TICKET_ENA
print '<br><br>';
if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) {
if (empty($conf->use_javascript_ajax)) {
print '<form method="post" action="'.$_SERVER['PHP_SELF'].'" enctype="multipart/form-data" >';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="setvarother">';
}
print '<form method="post" action="'.$_SERVER['PHP_SELF'].'" enctype="multipart/form-data" >';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="setvar">';
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre"><td>'.$langs->trans("Parameters").'</td>';
print '<td class="left">';
print '</td>';
print '<td class="center">';
print '<td class="center width75">';
print '</td>';
print '</tr>';
@ -222,7 +226,7 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) {
print $form->selectarray("TICKET_EMAIL_MUST_EXISTS", $arrval, $conf->global->TICKET_EMAIL_MUST_EXISTS);
}
print '</td>';
print '<td class="center">';
print '<td class="center width75">';
print $form->textwithpicto('', $langs->trans("TicketsEmailMustExistHelp"), 1, 'help');
print '</td>';
print '</tr>';
@ -255,7 +259,7 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) {
print $form->selectarray("TICKET_SHOW_COMPANY_LOGO", $arrval, $conf->global->TICKET_SHOW_COMPANY_LOGO);
}
print '</td>';
print '<td class="center">';
print '<td class="center width75">';
print $form->textwithpicto('', $langs->trans("TicketsShowCompanyLogoHelp"), 1, 'help');
print '</td>';
print '</tr>';
@ -271,8 +275,8 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) {
print $form->selectarray("TICKET_NOTIFICATION_ALSO_MAIN_ADDRESS", $arrval, $conf->global->TICKET_NOTIFICATION_ALSO_MAIN_ADDRESS);
}
print '</td>';
print '<td class="center">';
print $form->textwithpicto('', $langs->trans("TicketsEmailAlsoSendToMainAddressHelp"), 1, 'help');
print '<td class="center width75">';
print $form->textwithpicto('', $langs->trans("TicketsEmailAlsoSendToMainAddressHelp", $langs->transnoentitiesnoconv("TicketEmailNotificationTo").' ('.$langs->transnoentitiesnoconv("Creation").')', $langs->trans("Settings")), 1, 'help');
print '</td>';
print '</tr>';
}
@ -282,28 +286,6 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) {
print '</tr>';
}
print '</table>';
print '</div>';
print '<br>';
if (!$conf->use_javascript_ajax) {
print '</form>';
}
// Admin var of module
print load_fiche_titre($langs->trans("TicketParamMail"));
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
print '<form method="post" action="'.$_SERVER['PHP_SELF'].'" enctype="multipart/form-data" >';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="setvar">';
print '<tr class="liste_titre">';
print '<td colspan="3">'.$langs->trans("Parameter").'</td>';
print "</tr>\n";
if (empty($conf->global->FCKEDITOR_ENABLE_MAIL)) {
print '<tr>';
print '<td colspan="3"><div class="info">'.$langs->trans("TicketCkEditorEmailNotActivated").'</div></td>';
@ -316,7 +298,7 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) {
print '</td><td>';
print '<input type="text" name="TICKET_PUBLIC_INTERFACE_TOPIC" value="'.$conf->global->TICKET_PUBLIC_INTERFACE_TOPIC.'" size="40" ></td>';
print '</td>';
print '<td class="center">';
print '<td class="center width75">';
print $form->textwithpicto('', $langs->trans("TicketPublicInterfaceTopicHelp"), 1, 'help');
print '</td></tr>';

2
htdocs/admin/translation.php
View File

@ -168,7 +168,7 @@ if ($action == 'add') {
// Delete line from delete picto
if ($action == 'delete') {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."overwrite_trans WHERE rowid = ".$db->escape($id);
$sql = "DELETE FROM ".MAIN_DB_PREFIX."overwrite_trans WHERE rowid = ".((int) $id);
$result = $db->query($sql);
if ($result >= 0) {
setEventMessages($langs->trans("RecordDeleted"), null, 'mesgs');

216
htdocs/api/admin/explorer.php
View File

@ -1,216 +0,0 @@
<?php
/* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
* Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* @deprecated Old explorer. Not using Swagger. See instead explorer in htdocs/api/index.php.
*/
/**
* \defgroup api Module DolibarrApi
* \brief API loader
* Search files htdocs/<module>/class/api_<module>.class.php
* \file htdocs/api/admin/explorer.php
*/
use Luracast\Restler\Routes;
require_once '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
require_once DOL_DOCUMENT_ROOT.'/api/class/api.class.php';
require_once DOL_DOCUMENT_ROOT.'/api/class/api_access.class.php';
// Load translation files required by the page
$langs->load("admin");
/*
* View
*/
// Enable and test if module Api is enabled
if (empty($conf->global->MAIN_MODULE_API)) {
dol_syslog("Call Dolibarr API interfaces with module REST disabled");
print $langs->trans("WarningModuleNotActive", 'Api').'.<br><br>';
print $langs->trans("ToActivateModule");
exit;
}
$api = new DolibarrApi($db);
$api->r->addAPIClass('Luracast\\Restler\\Resources'); //this creates resources.json at API Root
$api->r->setSupportedFormats('JsonFormat', 'XmlFormat');
$api->r->addAuthenticationClass('DolibarrApiAccess', '');
$listofapis = array();
$modulesdir = dolGetModulesDirs();
foreach ($modulesdir as $dir) {
/*
* Search available module
*/
//dol_syslog("Scan directory ".$dir." for API modules");
$handle = @opendir(dol_osencode($dir));
if (is_resource($handle)) {
while (($file = readdir($handle)) !== false) {
if (is_readable($dir.$file) && preg_match("/^(mod.*)\.class\.php$/i", $file, $reg)) {
$modulename = $reg[1];
// Defined if module is enabled
$enabled = true;
$module = $part = $obj = strtolower(preg_replace('/^mod/i', '', $modulename));
//if ($part == 'propale') $part='propal';
if ($module == 'societe') {
$obj = 'thirdparty';
}
if ($module == 'categorie') {
$part = 'categories';
$obj = 'category';
}
if ($module == 'facture') {
$part = 'compta/facture';
$obj = 'facture';
}
if ($module == 'ficheinter') {
$obj = 'fichinter';
$part = 'fichinter';
$module = 'fichinter';
}
if (empty($conf->$module->enabled)) {
$enabled = false;
}
if ($enabled) {
/*
* If exists, load the API class for enable module
*
* Search files named api_<object>.class.php into /htdocs/<module>/class directory
*
* @todo : take care of externals module!
* @todo : use getElementProperties() function ?
*/
$dir_part = DOL_DOCUMENT_ROOT.'/'.$part.'/class/';
$handle_part = @opendir(dol_osencode($dir_part));
if (is_resource($handle_part)) {
while (($file_searched = readdir($handle_part)) !== false) {
if (is_readable($dir_part.$file_searched) && preg_match("/^api_(.*)\.class\.php$/i", $file_searched, $reg)) {
$classname = ucwords($reg[1]);
require_once $dir_part.$file_searched;
if (class_exists($classname)) {
dol_syslog("Found API classname=".$classname." into ".$dir);
$listofapis[] = $classname;
}
}
/*
if (is_readable($dir_part.$file_searched) && preg_match("/^(api_.*)\.class\.php$/i",$file_searched,$reg))
{
$classname=$reg[1];
$classname = str_replace('Api_','',ucwords($reg[1])).'Api';
//$classname = str_replace('Api_','',ucwords($reg[1]));
$classname = ucfirst($classname);
require_once $dir_part.$file_searched;
// if (class_exists($classname))
// {
// dol_syslog("Found API classname=".$classname);
// $api->r->addAPIClass($classname,'');
// require_once DOL_DOCUMENT_ROOT.'/includes/restler/framework/Luracast/Restler/Routes.php';
// $tmpclass = new ReflectionClass($classname);
// try {
// $classMetadata = CommentParser::parse($tmpclass->getDocComment());
// } catch (Exception $e) {
// throw new RestException(500, "Error while parsing comments of `$classname` class. " . $e->getMessage());
// }
// //$listofapis[]=array('classname'=>$classname, 'fullpath'=>$file_searched);
// }
}*/
}
}
}
}
}
}
}
//var_dump($listofapis);
$listofapis = Routes::toArray(); // @todo api for "status" is lost here
//var_dump($listofapis);
llxHeader();
$linkback = '<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_values=1">'.$langs->trans("BackToModuleList").'</a>';
print load_fiche_titre($langs->trans("ApiSetup"), $linkback, 'title_setup');
// Define $urlwithroot
$urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
$urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
//$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current
// Show message
print '<br>';
$message = '';
$url = '<a href="'.$urlwithroot.'/api/index.php/login?login='.urlencode($user->login).'&password=yourpassword" target="_blank">'.$urlwithroot.'/api/index.php/login?login='.urlencode($user->login).'&password=yourpassword[&reset=1]</a>';
$message .= $langs->trans("UrlToGetKeyToUseAPIs").':<br>';
$message .= img_picto('', 'globe').' '.$url;
print $message;
print '<br>';
print '<br>';
$oldclass = '';
print $langs->trans("ListOfAvailableAPIs").':<br>';
foreach ($listofapis['v1'] as $key => $val) {
if ($key == 'login') {
continue;
}
if ($key == 'index') {
continue;
}
if ($key) {
foreach ($val as $method => $val2) {
$newclass = $val2['className'];
if (preg_match('/restler/i', $newclass)) {
continue;
}
if ($oldclass != $newclass) {
print "\n<br>\n".$langs->trans("Class").': '.$newclass.'<br>'."\n";
$oldclass = $newclass;
}
//print $key.' - '.$val['classname'].' - '.$val['fullpath']." - ".DOL_MAIN_URL_ROOT.'/api/index.php/'.strtolower(preg_replace('/Api$/','',$val['classname']))."/xxx<br>\n";
$url = $urlwithroot.'/api/index.php/'.$key;
$url .= '?api_key=token';
print img_picto('', 'globe').' '.$method.' <a href="'.$url.'" target="_blank">'.$url."</a><br>\n";
}
}
}
print '<br>';
print '<br>';
print $langs->trans("OnlyActiveElementsAreExposed", DOL_URL_ROOT.'/admin/modules.php');
llxFooter();
$db->close();

87
htdocs/api/admin/explorer_withredoc.php Normal file
View File

@ -0,0 +1,87 @@
<?php
/* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
* Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* @deprecated Old explorer. Not using Swagger. See instead explorer in htdocs/api/index.php.
*/
/**
* \defgroup api Module DolibarrApi
* \brief API explorer using the swagger.json file
* \file htdocs/api/admin/explorer_withredoc.php
*/
require_once '../../main.inc.php';
// Enable and test if module Api is enabled
if (empty($conf->global->MAIN_MODULE_API)) {
$langs->load("admin");
dol_syslog("Call of Dolibarr API interfaces with module API REST are disabled");
print $langs->trans("WarningModuleNotActive", 'Api').'.<br><br>';
print $langs->trans("ToActivateModule");
//session_destroy();
exit(0);
}
// Test if explorer is not disabled
if (!empty($conf->global->API_EXPLORER_DISABLED)) {
$langs->load("admin");
dol_syslog("Call Dolibarr API interfaces with module REST disabled");
print $langs->trans("WarningAPIExplorerDisabled").'.<br><br>';
//session_destroy();
exit(0);
}
// Restrict API to some IPs
if (!empty($conf->global->API_RESTRICT_ON_IP)) {
$allowedip = explode(' ', $conf->global->API_RESTRICT_ON_IP);
$ipremote = getUserRemoteIP();
if (!in_array($ipremote, $allowedip)) {
dol_syslog('Remote ip is '.$ipremote.', not into list '.$conf->global->API_RESTRICT_ON_IP);
print 'APIs are not allowed from the IP '.$ipremote;
header('HTTP/1.1 503 API not allowed from your IP '.$ipremote);
//session_destroy();
exit(0);
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>ReDoc</title>
<!-- needed for adaptive design -->
<meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="https://fonts.googleapis.com/css?family=Montserrat:300,400,700|Roboto:300,400,700" rel="stylesheet">
<!--
ReDoc doesn't change outer page styles
-->
<style>
body {
margin: 0;
padding: 0;
}
</style>
</head>
<body>
<redoc spec-url='<?php echo DOL_MAIN_URL_ROOT.'/api/index.php/explorer/swagger.json?DOLAPIKEY='.GETPOST('DOLAPIKEY', 'aZ09'); ?>'></redoc>
<!--<redoc spec-url='https://demo.dolibarr.org/api/index.php/explorer/swagger.json'></redoc>-->
<!--<redoc spec-url='http://petstore.swagger.io/v2/swagger.json'></redoc>-->
<script src="https://cdn.jsdelivr.net/npm/redoc/bundles/redoc.standalone.js"> </script>
</body>
</html>

15
htdocs/api/admin/index.php
View File

@ -139,18 +139,25 @@ $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domai
// Show message
$message = '';
$url = $urlwithroot.'/api/index.php/login?login=<strong>auserlogin</strong>&password=<strong>thepassword</strong>[&reset=1]';
//$url = $urlwithroot.'/api/index.php/login?login=<strong>auserlogin</strong>&password=<strong>thepassword</strong>[&reset=1]';
$url = $urlwithroot.'/api/index.php/login?login=auserlogin&password=thepassword[&reset=1]';
$message .= '<span class="opacitymedium">'.$langs->trans("UrlToGetKeyToUseAPIs").':</span><br>';
$message .= img_picto('', 'globe').' '.$url;
$message .= '<div class="urllink soixantepercent">'.img_picto('', 'globe').' <input type="text" class="quatrevingtpercent" id="urltogettoken" value="'.$url.'"></div>';
print $message;
print ajax_autoselect("urltogettoken");
print '<br>';
print '<br>';
// Explorer
print '<u>'.$langs->trans("ApiExporerIs").':</u><br>';
print '<span class="opacitymedium">'.$langs->trans("ApiExporerIs").':</span><br>';
if (dol_is_dir(DOL_DOCUMENT_ROOT.'/includes/restler/framework/Luracast/Restler/explorer')) {
$url = DOL_MAIN_URL_ROOT.'/api/index.php/explorer';
print img_picto('', 'globe').' <a href="'.$url.'" target="_blank">'.$url."</a><br>\n";
print '<div class="urllink soixantepercent">'.img_picto('', 'globe').' <a href="'.$url.'" target="_blank">'.$url."</a></div><br>\n";
print '<div class="opacitymediumxxx"><br><span class="opacitymedium">'.$langs->trans("SwaggerDescriptionFile").':</span><br>';
$urlswagger = DOL_MAIN_URL_ROOT.'/api/index.php/explorer/swagger.json?DOLAPIKEY=youruserapikey';
//$urlswaggerreal = DOL_MAIN_URL_ROOT.'/api/index.php/explorer/swagger.json?DOLAPIKEY='.$user->api_key;
print '<div class="urllink soixantepercent">'.img_picto('', 'globe').' <a href="'.$urlswagger.'" target="_blank">'.$urlswagger."</a></div><br>\n";
print '</div>';
} else {
$langs->load("errors");
print info_admin($langs->trans("ErrorNotAvailableWithThisDistribution"), 0, 0, 'error');

2
htdocs/api/class/api.class.php
View File

@ -237,8 +237,6 @@ class DolibarrApi
// phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
/**
* Check user access to a resource
*
* Check access by user to a given resource
*
* @param string $resource element to check

Some files were not shown because too many files have changed in this diff Show More