diff --git a/htdocs/accountancy/bookkeeping/balance.php b/htdocs/accountancy/bookkeeping/balance.php
index 35473c6329e..e03790a8995 100644
--- a/htdocs/accountancy/bookkeeping/balance.php
+++ b/htdocs/accountancy/bookkeeping/balance.php
@@ -135,6 +135,18 @@ if (!empty($search_accountancy_code_end)) {
$param .= '&search_accountancy_code_end='.$search_accountancy_code_end;
}
+if (empty($conf->accounting->enabled)) {
+ accessforbidden();
+}
+if ($user->socid > 0) {
+ accessforbidden();
+}
+if (empty($user->rights->accounting->mouvements->lire)) {
+ accessforbidden();
+}
+
+
+
/*
* Action
*/
diff --git a/htdocs/accountancy/bookkeeping/card.php b/htdocs/accountancy/bookkeeping/card.php
index 3ab9ed0a702..60645353976 100644
--- a/htdocs/accountancy/bookkeeping/card.php
+++ b/htdocs/accountancy/bookkeeping/card.php
@@ -44,13 +44,6 @@ $id = GETPOST('id', 'int'); // id of record
$mode = GETPOST('mode', 'aZ09'); // '' or '_tmp'
$piece_num = GETPOST("piece_num", 'int'); // id of transaction (several lines share the same transaction id)
-// Security check
-if ($user->socid > 0) {
- accessforbidden();
-}
-
-$mesg = '';
-
$accountingaccount = new AccountingAccount($db);
$accountingjournal = new AccountingJournal($db);
@@ -83,6 +76,17 @@ if (!empty($update)) {
$object = new BookKeeping($db);
+// Security check
+if (empty($conf->accounting->enabled)) {
+ accessforbidden();
+}
+if ($user->socid > 0) {
+ accessforbidden();
+}
+if (empty($user->rights->accounting->mouvements->lire)) {
+ accessforbidden();
+}
+
/*
* Actions
diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php
index 39906b09bb3..40a8284adc4 100644
--- a/htdocs/accountancy/bookkeeping/list.php
+++ b/htdocs/accountancy/bookkeeping/list.php
@@ -171,6 +171,16 @@ if (empty($listofformat[$formatexportset])) {
$error = 0;
+if (empty($conf->accounting->enabled)) {
+ accessforbidden();
+}
+if ($user->socid > 0) {
+ accessforbidden();
+}
+if (empty($user->rights->accounting->mouvements->lire)) {
+ accessforbidden();
+}
+
/*
* Actions
diff --git a/htdocs/accountancy/bookkeeping/listbyaccount.php b/htdocs/accountancy/bookkeeping/listbyaccount.php
index 99b644d1e0a..24bcc4706c1 100644
--- a/htdocs/accountancy/bookkeeping/listbyaccount.php
+++ b/htdocs/accountancy/bookkeeping/listbyaccount.php
@@ -163,6 +163,16 @@ if ($search_date_end && empty($search_date_endyear)) {
$search_date_endday = $tmparray['mday'];
}
+if (empty($conf->accounting->enabled)) {
+ accessforbidden();
+}
+if ($user->socid > 0) {
+ accessforbidden();
+}
+if (empty($user->rights->accounting->mouvements->lire)) {
+ accessforbidden();
+}
+
/*
* Action
diff --git a/htdocs/accountancy/bookkeeping/listbysubaccount.php b/htdocs/accountancy/bookkeeping/listbysubaccount.php
index 72b6574bea5..129e695de3c 100644
--- a/htdocs/accountancy/bookkeeping/listbysubaccount.php
+++ b/htdocs/accountancy/bookkeeping/listbysubaccount.php
@@ -163,10 +163,21 @@ if ($search_date_end && empty($search_date_endyear)) {
$search_date_endday = $tmparray['mday'];
}
+if (empty($conf->accounting->enabled)) {
+ accessforbidden();
+}
+if ($user->socid > 0) {
+ accessforbidden();
+}
+if (empty($user->rights->accounting->mouvements->lire)) {
+ accessforbidden();
+}
+
/*
* Action
*/
+
if (GETPOST('cancel', 'alpha')) {
$action = 'list'; $massaction = '';
}
diff --git a/htdocs/accountancy/bookkeeping/thirdparty_lettering_customer.php b/htdocs/accountancy/bookkeeping/thirdparty_lettering_customer.php
index fa5302919d5..0064e8c4715 100644
--- a/htdocs/accountancy/bookkeeping/thirdparty_lettering_customer.php
+++ b/htdocs/accountancy/bookkeeping/thirdparty_lettering_customer.php
@@ -94,6 +94,16 @@ if ($result < 0) {
setEventMessages($object->error, $object->errors, 'errors');
}
+if (empty($conf->accounting->enabled)) {
+ accessforbidden();
+}
+if ($user->socid > 0) {
+ accessforbidden();
+}
+if (empty($user->rights->accounting->mouvements->lire)) {
+ accessforbidden();
+}
+
/*
* Action
diff --git a/htdocs/accountancy/bookkeeping/thirdparty_lettering_supplier.php b/htdocs/accountancy/bookkeeping/thirdparty_lettering_supplier.php
index e31479f10cd..a73f711e15a 100644
--- a/htdocs/accountancy/bookkeeping/thirdparty_lettering_supplier.php
+++ b/htdocs/accountancy/bookkeeping/thirdparty_lettering_supplier.php
@@ -94,10 +94,21 @@ if ($result < 0) {
setEventMessages($object->error, $object->errors, 'errors');
}
+if (empty($conf->accounting->enabled)) {
+ accessforbidden();
+}
+if ($user->socid > 0) {
+ accessforbidden();
+}
+if (empty($user->rights->accounting->mouvements->lire)) {
+ accessforbidden();
+}
+
/*
* Action
*/
+
if ($action == 'lettering') {
$result = $lettering->updateLettering($toselect);
diff --git a/htdocs/accountancy/closure/index.php b/htdocs/accountancy/closure/index.php
index 94e59de1812..3ba552cdfa4 100644
--- a/htdocs/accountancy/closure/index.php
+++ b/htdocs/accountancy/closure/index.php
@@ -35,17 +35,6 @@ $socid = GETPOST('socid', 'int');
$action = GETPOST('action', 'aZ09');
-// Security check
-if (empty($conf->accounting->enabled)) {
- accessforbidden();
-}
-if ($user->socid > 0) {
- accessforbidden();
-}
-if (!$user->rights->accounting->fiscalyear->write) {
- accessforbidden();
-}
-
$object = new BookKeeping($db);
$month_start = ($conf->global->SOCIETE_FISCAL_MONTH_START ? ($conf->global->SOCIETE_FISCAL_MONTH_START) : 1);
@@ -67,10 +56,23 @@ $search_date_start = dol_mktime(0, 0, 0, $month_start, 1, $year_start);
$search_date_end = dol_get_last_day($year_end, $month_end);
$year_current = $year_start;
+// Security check
+if (empty($conf->accounting->enabled)) {
+ accessforbidden();
+}
+if ($user->socid > 0) {
+ accessforbidden();
+}
+if (!$user->rights->accounting->fiscalyear->write) {
+ accessforbidden();
+}
+
+
/*
* Actions
*/
-if ($action == 'validate_movements_confirm' && $user->rights->accounting->fiscalyear->write) {
+
+if ($action == 'validate_movements_confirm' && !empty($user->rights->accounting->fiscalyear->write)) {
$result = $object->fetchAll();
if ($result < 0) {
diff --git a/htdocs/accountancy/customer/card.php b/htdocs/accountancy/customer/card.php
index 1209576ddba..98e9151877e 100644
--- a/htdocs/accountancy/customer/card.php
+++ b/htdocs/accountancy/customer/card.php
@@ -38,9 +38,16 @@ $codeventil = GETPOST('codeventil', 'int');
$id = GETPOST('id', 'int');
// Security check
+if (empty($conf->accounting->enabled)) {
+ accessforbidden();
+}
if ($user->socid > 0) {
accessforbidden();
}
+if (empty($user->rights->accounting->mouvements->lire)) {
+ accessforbidden();
+}
+
/*
diff --git a/htdocs/accountancy/customer/lines.php b/htdocs/accountancy/customer/lines.php
index 983e7957583..3b14450fab1 100644
--- a/htdocs/accountancy/customer/lines.php
+++ b/htdocs/accountancy/customer/lines.php
@@ -80,13 +80,17 @@ if (!$sortorder) {
}
// Security check
+if (empty($conf->accounting->enabled)) {
+ accessforbidden();
+}
if ($user->socid > 0) {
accessforbidden();
}
-if (!$user->rights->accounting->bind->write) {
+if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
+
$formaccounting = new FormAccounting($db);
@@ -112,7 +116,7 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x'
$search_tvaintra = '';
}
-if (is_array($changeaccount) && count($changeaccount) > 0) {
+if (is_array($changeaccount) && count($changeaccount) > 0 && $user->rights->accounting->bind->write) {
$error = 0;
if (!(GETPOST('account_parent', 'int') >= 0)) {
diff --git a/htdocs/accountancy/customer/list.php b/htdocs/accountancy/customer/list.php
index 8d5c2788425..7014474ce4f 100644
--- a/htdocs/accountancy/customer/list.php
+++ b/htdocs/accountancy/customer/list.php
@@ -88,10 +88,13 @@ if (!$sortorder) {
}
// Security check
+if (empty($conf->accounting->enabled)) {
+ accessforbidden();
+}
if ($user->socid > 0) {
accessforbidden();
}
-if (!$user->rights->accounting->bind->write) {
+if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
@@ -148,7 +151,7 @@ if (empty($reshook)) {
}
-if ($massaction == 'ventil') {
+if ($massaction == 'ventil' && $user->rights->accounting->bind->write) {
$msg = '';
//print '' . $langs->trans("Processing") . '...
';
diff --git a/htdocs/accountancy/expensereport/card.php b/htdocs/accountancy/expensereport/card.php
index f997f666e6e..200a493cfed 100644
--- a/htdocs/accountancy/expensereport/card.php
+++ b/htdocs/accountancy/expensereport/card.php
@@ -42,9 +42,15 @@ $codeventil = GETPOST('codeventil', 'int');
$id = GETPOST('id', 'int');
// Security check
+if (empty($conf->accounting->enabled)) {
+ accessforbidden();
+}
if ($user->socid > 0) {
accessforbidden();
}
+if (empty($user->rights->accounting->mouvements->lire)) {
+ accessforbidden();
+}
/*
diff --git a/htdocs/accountancy/expensereport/index.php b/htdocs/accountancy/expensereport/index.php
index ffa0bfcc07d..38f7f596932 100644
--- a/htdocs/accountancy/expensereport/index.php
+++ b/htdocs/accountancy/expensereport/index.php
@@ -32,17 +32,6 @@ require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
// Load translation files required by the page
$langs->loadLangs(array("compta", "bills", "other", "main", "accountancy"));
-// Security check
-if (empty($conf->accounting->enabled)) {
- accessforbidden();
-}
-if ($user->socid > 0) {
- accessforbidden();
-}
-if (!$user->rights->accounting->bind->write) {
- accessforbidden();
-}
-
$month_start = ($conf->global->SOCIETE_FISCAL_MONTH_START ? ($conf->global->SOCIETE_FISCAL_MONTH_START) : 1);
if (GETPOST("year", 'int')) {
$year_start = GETPOST("year", 'int');
@@ -65,13 +54,23 @@ $year_current = $year_start;
// Validate History
$action = GETPOST('action', 'aZ09');
+// Security check
+if (empty($conf->accounting->enabled)) {
+ accessforbidden();
+}
+if ($user->socid > 0) {
+ accessforbidden();
+}
+if (empty($user->rights->accounting->mouvements->lire)) {
+ accessforbidden();
+}
/*
* Actions
*/
-if ($action == 'clean' || $action == 'validatehistory') {
+if (($action == 'clean' || $action == 'validatehistory') && $user->rights->accounting->bind->write) {
// Clean database
$db->begin();
$sql1 = "UPDATE ".MAIN_DB_PREFIX."expensereport_det as erd";
diff --git a/htdocs/accountancy/expensereport/lines.php b/htdocs/accountancy/expensereport/lines.php
index 3c4760b3730..d29e39d7f37 100644
--- a/htdocs/accountancy/expensereport/lines.php
+++ b/htdocs/accountancy/expensereport/lines.php
@@ -74,13 +74,17 @@ if (!$sortorder) {
}
// Security check
+if (empty($conf->accounting->enabled)) {
+ accessforbidden();
+}
if ($user->socid > 0) {
accessforbidden();
}
-if (!$user->rights->accounting->bind->write) {
+if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
+
$formaccounting = new FormAccounting($db);
@@ -102,7 +106,7 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x'
$search_year = '';
}
-if (is_array($changeaccount) && count($changeaccount) > 0) {
+if (is_array($changeaccount) && count($changeaccount) > 0 && $user->rights->accounting->bind->write) {
$error = 0;
if (!(GETPOST('account_parent', 'int') >= 0)) {
diff --git a/htdocs/accountancy/expensereport/list.php b/htdocs/accountancy/expensereport/list.php
index 05476756531..84cd64bb44f 100644
--- a/htdocs/accountancy/expensereport/list.php
+++ b/htdocs/accountancy/expensereport/list.php
@@ -83,19 +83,22 @@ if (!$sortorder) {
}
}
-// Security check
-if ($user->socid > 0) {
- accessforbidden();
-}
-if (!$user->rights->accounting->bind->write) {
- accessforbidden();
-}
-
$formaccounting = new FormAccounting($db);
$accounting = new AccountingAccount($db);
$chartaccountcode = dol_getIdFromCode($db, $conf->global->CHARTOFACCOUNTS, 'accounting_system', 'rowid', 'pcg_version');
+// Security check
+if (empty($conf->accounting->enabled)) {
+ accessforbidden();
+}
+if ($user->socid > 0) {
+ accessforbidden();
+}
+if (empty($user->rights->accounting->mouvements->lire)) {
+ accessforbidden();
+}
+
/*
* Action
@@ -130,7 +133,7 @@ $permissiontodelete = $user->rights->expensereport->delete;
$uploaddir = $conf->expensereport->dir_output;
include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php';
-if ($massaction == 'ventil') {
+if ($massaction == 'ventil' && $user->rights->accounting->bind->write) {
$msg = '';
//print '' . $langs->trans("Processing") . '...
';
if (!empty($mesCasesCochees)) {
diff --git a/htdocs/accountancy/index.php b/htdocs/accountancy/index.php
index 242fc71d80c..94dc6aa05c9 100644
--- a/htdocs/accountancy/index.php
+++ b/htdocs/accountancy/index.php
@@ -31,13 +31,20 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php';
// Load translation files required by the page
$langs->loadLangs(array("compta", "bills", "other", "accountancy", "loans", "banks", "admin", "dict"));
+// Initialize technical object to manage hooks. Note that conf->hooks_modules contains array of hooks
+$hookmanager->initHooks(array('accountancyindex'));
+
// Security check
+if (empty($conf->accounting->enabled)) {
+ accessforbidden();
+}
if ($user->socid > 0) {
accessforbidden();
}
+if (empty($user->rights->accounting->mouvements->lire)) {
+ accessforbidden();
+}
-// Initialize technical object to manage hooks. Note that conf->hooks_modules contains array of hooks
-$hookmanager->initHooks(array('accountancyindex'));
/*
diff --git a/htdocs/accountancy/journal/bankjournal.php b/htdocs/accountancy/journal/bankjournal.php
index b79b8433c03..da36a054b08 100644
--- a/htdocs/accountancy/journal/bankjournal.php
+++ b/htdocs/accountancy/journal/bankjournal.php
@@ -83,7 +83,13 @@ $now = dol_now();
$action = GETPOST('action', 'aZ09');
// Security check
-if ($user->socid > 0 && empty($id_journal)) {
+if (empty($conf->accounting->enabled)) {
+ accessforbidden();
+}
+if ($user->socid > 0) {
+ accessforbidden();
+}
+if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
diff --git a/htdocs/accountancy/journal/expensereportsjournal.php b/htdocs/accountancy/journal/expensereportsjournal.php
index 9010261dbe0..2f7569ab152 100644
--- a/htdocs/accountancy/journal/expensereportsjournal.php
+++ b/htdocs/accountancy/journal/expensereportsjournal.php
@@ -58,13 +58,21 @@ if ($in_bookkeeping == '') {
$now = dol_now();
// Security check
+if (empty($conf->accounting->enabled)) {
+ accessforbidden();
+}
if ($user->socid > 0) {
accessforbidden();
}
+if (empty($user->rights->accounting->mouvements->lire)) {
+ accessforbidden();
+}
+
/*
* Actions
*/
+
$accountingaccount = new AccountingAccount($db);
// Get informations of journal
diff --git a/htdocs/accountancy/journal/purchasesjournal.php b/htdocs/accountancy/journal/purchasesjournal.php
index 46363fb3a09..f6fa5c4b76a 100644
--- a/htdocs/accountancy/journal/purchasesjournal.php
+++ b/htdocs/accountancy/journal/purchasesjournal.php
@@ -57,17 +57,25 @@ if ($in_bookkeeping == '') {
$now = dol_now();
+$hookmanager->initHooks(array('purchasesjournal'));
+$parameters = array();
+
// Security check
+if (empty($conf->accounting->enabled)) {
+ accessforbidden();
+}
if ($user->socid > 0) {
accessforbidden();
}
+if (empty($user->rights->accounting->mouvements->lire)) {
+ accessforbidden();
+}
-$hookmanager->initHooks(array('purchasesjournal'));
-$parameters = array();
/*
* Actions
*/
+
$reshook = $hookmanager->executeHooks('doActions', $parameters, $user, $action); // Note that $action and $object may have been modified by some hooks
$accountingaccount = new AccountingAccount($db);
diff --git a/htdocs/accountancy/journal/sellsjournal.php b/htdocs/accountancy/journal/sellsjournal.php
index 16209e1a241..9a00adf3473 100644
--- a/htdocs/accountancy/journal/sellsjournal.php
+++ b/htdocs/accountancy/journal/sellsjournal.php
@@ -59,13 +59,20 @@ if ($in_bookkeeping == '') {
$now = dol_now();
+$hookmanager->initHooks(array('sellsjournal'));
+$parameters = array();
+
// Security check
+if (empty($conf->accounting->enabled)) {
+ accessforbidden();
+}
if ($user->socid > 0) {
accessforbidden();
}
+if (empty($user->rights->accounting->mouvements->lire)) {
+ accessforbidden();
+}
-$hookmanager->initHooks(array('sellsjournal'));
-$parameters = array();
/*
* Actions
diff --git a/htdocs/accountancy/supplier/card.php b/htdocs/accountancy/supplier/card.php
index 0d86b928a26..eee2059c660 100644
--- a/htdocs/accountancy/supplier/card.php
+++ b/htdocs/accountancy/supplier/card.php
@@ -42,9 +42,15 @@ $codeventil = GETPOST('codeventil', 'int');
$id = GETPOST('id', 'int');
// Security check
+if (empty($conf->accounting->enabled)) {
+ accessforbidden();
+}
if ($user->socid > 0) {
accessforbidden();
}
+if (empty($user->rights->accounting->mouvements->lire)) {
+ accessforbidden();
+}
/*
diff --git a/htdocs/accountancy/supplier/index.php b/htdocs/accountancy/supplier/index.php
index 937173fc1e6..7ef09acf91a 100644
--- a/htdocs/accountancy/supplier/index.php
+++ b/htdocs/accountancy/supplier/index.php
@@ -69,12 +69,23 @@ $action = GETPOST('action', 'aZ09');
$chartaccountcode = dol_getIdFromCode($db, $conf->global->CHARTOFACCOUNTS, 'accounting_system', 'rowid', 'pcg_version');
+// Security check
+if (empty($conf->accounting->enabled)) {
+ accessforbidden();
+}
+if ($user->socid > 0) {
+ accessforbidden();
+}
+if (empty($user->rights->accounting->mouvements->lire)) {
+ accessforbidden();
+}
+
/*
* Actions
*/
-if ($action == 'clean' || $action == 'validatehistory') {
+if (($action == 'clean' || $action == 'validatehistory') && $user->rights->accounting->bind->write) {
// Clean database
$db->begin();
$sql1 = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det as fd";
diff --git a/htdocs/accountancy/supplier/lines.php b/htdocs/accountancy/supplier/lines.php
index 6bdc714ec4c..f661ba42ce9 100644
--- a/htdocs/accountancy/supplier/lines.php
+++ b/htdocs/accountancy/supplier/lines.php
@@ -80,16 +80,19 @@ if (!$sortorder) {
}
}
+$formaccounting = new FormAccounting($db);
+
// Security check
+if (empty($conf->accounting->enabled)) {
+ accessforbidden();
+}
if ($user->socid > 0) {
accessforbidden();
}
-if (!$user->rights->accounting->bind->write) {
+if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
-$formaccounting = new FormAccounting($db);
-
/*
* Actions
diff --git a/htdocs/accountancy/supplier/list.php b/htdocs/accountancy/supplier/list.php
index d49effd791d..ea61a686883 100644
--- a/htdocs/accountancy/supplier/list.php
+++ b/htdocs/accountancy/supplier/list.php
@@ -88,14 +88,6 @@ if (!$sortorder) {
}
}
-// Security check
-if ($user->socid > 0) {
- accessforbidden();
-}
-if (!$user->rights->accounting->bind->write) {
- accessforbidden();
-}
-
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('accountancysupplierlist'));
@@ -107,6 +99,17 @@ $aarowid_p = $accounting->fetch('', $conf->global->ACCOUNTING_PRODUCT_BUY_ACCOUN
$chartaccountcode = dol_getIdFromCode($db, $conf->global->CHARTOFACCOUNTS, 'accounting_system', 'rowid', 'pcg_version');
+// Security check
+if (empty($conf->accounting->enabled)) {
+ accessforbidden();
+}
+if ($user->socid > 0) {
+ accessforbidden();
+}
+if (empty($user->rights->accounting->mouvements->lire)) {
+ accessforbidden();
+}
+
/*
* Actions
diff --git a/htdocs/compta/resultat/clientfourn.php b/htdocs/compta/resultat/clientfourn.php
index 9c700f509f9..a22c0c51b73 100644
--- a/htdocs/compta/resultat/clientfourn.php
+++ b/htdocs/compta/resultat/clientfourn.php
@@ -49,18 +49,6 @@ $date_endday = GETPOST('date_endday', 'int');
$date_endyear = GETPOST('date_endyear', 'int');
$showaccountdetail = GETPOST('showaccountdetail', 'aZ09') ?GETPOST('showaccountdetail', 'aZ09') : 'no';
-// Security check
-$socid = GETPOST('socid', 'int');
-if ($user->socid > 0) {
- $socid = $user->socid;
-}
-if (!empty($conf->comptabilite->enabled)) {
- $result = restrictedArea($user, 'compta', '', '', 'resultat');
-}
-if (!empty($conf->accounting->enabled)) {
- $result = restrictedArea($user, 'accounting', '', '', 'comptarapport');
-}
-
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST("sortfield", 'alpha');
$sortorder = GETPOST("sortorder", 'alpha');
@@ -151,6 +139,17 @@ if (GETPOST("modecompta", 'alpha')) {
$AccCat = new AccountancyCategory($db);
+// Security check
+$socid = GETPOST('socid', 'int');
+if ($user->socid > 0) {
+ $socid = $user->socid;
+}
+if (!empty($conf->comptabilite->enabled)) {
+ $result = restrictedArea($user, 'compta', '', '', 'resultat');
+}
+if (!empty($conf->accounting->enabled)) {
+ $result = restrictedArea($user, 'accounting', '', '', 'comptarapport');
+}
/*
diff --git a/htdocs/compta/resultat/index.php b/htdocs/compta/resultat/index.php
index 228269d135e..e5b86ba762e 100644
--- a/htdocs/compta/resultat/index.php
+++ b/htdocs/compta/resultat/index.php
@@ -108,6 +108,14 @@ $year_end = $tmpe['year'];
$nbofyear = ($year_end - $year_start) + 1;
//var_dump("year_start=".$year_start." year_end=".$year_end." nbofyear=".$nbofyear." date_start=".dol_print_date($date_start, 'dayhour')." date_end=".dol_print_date($date_end, 'dayhour'));
+// Define modecompta ('CREANCES-DETTES' or 'RECETTES-DEPENSES' or 'BOOKKEEPING')
+$modecompta = $conf->global->ACCOUNTING_MODE;
+if (!empty($conf->accounting->enabled)) {
+ $modecompta = 'BOOKKEEPING';
+}
+if (GETPOST("modecompta", 'alpha')) {
+ $modecompta = GETPOST("modecompta", 'alpha');
+}
// Security check
$socid = GETPOST('socid', 'int');
@@ -121,15 +129,6 @@ if (!empty($conf->accounting->enabled)) {
$result = restrictedArea($user, 'accounting', '', '', 'comptarapport');
}
-// Define modecompta ('CREANCES-DETTES' or 'RECETTES-DEPENSES' or 'BOOKKEEPING')
-$modecompta = $conf->global->ACCOUNTING_MODE;
-if (!empty($conf->accounting->enabled)) {
- $modecompta = 'BOOKKEEPING';
-}
-if (GETPOST("modecompta", 'alpha')) {
- $modecompta = GETPOST("modecompta", 'alpha');
-}
-
/*
* View
diff --git a/htdocs/compta/resultat/result.php b/htdocs/compta/resultat/result.php
index df3a82a4b7f..91932100565 100644
--- a/htdocs/compta/resultat/result.php
+++ b/htdocs/compta/resultat/result.php
@@ -144,16 +144,20 @@ if (GETPOST("modecompta")) {
$modecompta = GETPOST("modecompta", 'alpha');
}
-// Security check
-if ($user->socid > 0) {
- accessforbidden();
-}
-if (!$user->rights->accounting->comptarapport->lire) {
- accessforbidden();
-}
-
$AccCat = new AccountancyCategory($db);
+// Security check
+$socid = GETPOST('socid', 'int');
+if ($user->socid > 0) {
+ $socid = $user->socid;
+}
+if (!empty($conf->comptabilite->enabled)) {
+ $result = restrictedArea($user, 'compta', '', '', 'resultat');
+}
+if (!empty($conf->accounting->enabled)) {
+ $result = restrictedArea($user, 'accounting', '', '', 'comptarapport');
+}
+
/*
* View
diff --git a/htdocs/compta/stats/byratecountry.php b/htdocs/compta/stats/byratecountry.php
index 79379ee0b24..1644a4ee5e3 100644
--- a/htdocs/compta/stats/byratecountry.php
+++ b/htdocs/compta/stats/byratecountry.php
@@ -44,16 +44,16 @@ $modecompta = (GETPOST('modecompta', 'alpha') ? GETPOST('modecompta', 'alpha') :
$year = GETPOST("year", 'int');
$month = GETPOST("month", 'int');
if (empty($year)) {
- $year_current = strftime("%Y", dol_now());
- $month_current = strftime("%m", dol_now());
+ $year_current = dol_print_date(dol_now(), '%Y');
+ $month_current = dol_print_date(dol_now(), '%m');
$year_start = $year_current;
} else {
$year_current = $year;
- $month_current = strftime("%m", dol_now());
+ $month_current = dol_print_date(dol_now(), '%m');
$year_start = $year;
}
-$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"));
-$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"));
+$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel');
+$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel');
// Quarter
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
$q = GETPOST("q", "int");
diff --git a/htdocs/compta/stats/cabyprodserv.php b/htdocs/compta/stats/cabyprodserv.php
index c6c0e8e0816..25d9d4b9460 100644
--- a/htdocs/compta/stats/cabyprodserv.php
+++ b/htdocs/compta/stats/cabyprodserv.php
@@ -52,8 +52,8 @@ if (GETPOST("modecompta")) {
$modecompta = GETPOST("modecompta");
}
-$sortorder = isset($_GET["sortorder"]) ? $_GET["sortorder"] : $_POST["sortorder"];
-$sortfield = isset($_GET["sortfield"]) ? $_GET["sortfield"] : $_POST["sortfield"];
+$sortorder = GETPOST("sortorder", 'aZ09');
+$sortfield = GETPOST("sortfield", 'aZ09');
if (!$sortorder) {
$sortorder = "asc";
}
@@ -89,16 +89,16 @@ $date_endyear = GETPOST("date_endyear");
$date_endmonth = GETPOST("date_endmonth");
$date_endday = GETPOST("date_endday");
if (empty($year)) {
- $year_current = strftime("%Y", dol_now());
- $month_current = strftime("%m", dol_now());
+ $year_current = dol_print_date(dol_now(), '%Y');
+ $month_current = dol_print_date(dol_now(), '%m');
$year_start = $year_current;
} else {
$year_current = $year;
- $month_current = strftime("%m", dol_now());
+ $month_current = dol_print_date(dol_now(), '%m');
$year_start = $year;
}
-$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"));
-$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"));
+$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel');
+$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel');
// Quarter
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
$q = GETPOST("q", "int");
diff --git a/htdocs/compta/stats/cabyuser.php b/htdocs/compta/stats/cabyuser.php
index 62e6fb3135d..feae1f83594 100644
--- a/htdocs/compta/stats/cabyuser.php
+++ b/htdocs/compta/stats/cabyuser.php
@@ -51,8 +51,8 @@ if (GETPOST("modecompta")) {
$modecompta = GETPOST("modecompta");
}
-$sortorder = isset($_GET["sortorder"]) ? $_GET["sortorder"] : $_POST["sortorder"];
-$sortfield = isset($_GET["sortfield"]) ? $_GET["sortfield"] : $_POST["sortfield"];
+$sortorder = GETPOST("sortorder", 'aZ09');
+$sortfield = GETPOST("sortfield", 'aZ09');
if (!$sortorder) {
$sortorder = "asc";
}
@@ -61,25 +61,25 @@ if (!$sortfield) {
}
// Date range
-$year = GETPOST("year");
-$month = GETPOST("month");
-$date_startyear = GETPOST("date_startyear");
-$date_startmonth = GETPOST("date_startmonth");
-$date_startday = GETPOST("date_startday");
-$date_endyear = GETPOST("date_endyear");
-$date_endmonth = GETPOST("date_endmonth");
-$date_endday = GETPOST("date_endday");
+$year = GETPOST("year", 'int');
+$month = GETPOST("month", 'int');
+$date_startyear = GETPOST("date_startyear", 'int');
+$date_startmonth = GETPOST("date_startmonth", 'int');
+$date_startday = GETPOST("date_startday", 'int');
+$date_endyear = GETPOST("date_endyear", 'int');
+$date_endmonth = GETPOST("date_endmonth", 'int');
+$date_endday = GETPOST("date_endday", 'int');
if (empty($year)) {
- $year_current = strftime("%Y", dol_now());
- $month_current = strftime("%m", dol_now());
+ $year_current = dol_print_date(dol_now(), '%Y');
+ $month_current = dol_print_date(dol_now(), '%m');
$year_start = $year_current;
} else {
$year_current = $year;
- $month_current = strftime("%m", dol_now());
+ $month_current = dol_print_date(dol_now(), '%m');
$year_start = $year;
}
-$date_start = dol_mktime(0, 0, 0, $_REQUEST["date_startmonth"], $_REQUEST["date_startday"], $_REQUEST["date_startyear"]);
-$date_end = dol_mktime(23, 59, 59, $_REQUEST["date_endmonth"], $_REQUEST["date_endday"], $_REQUEST["date_endyear"]);
+$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel');
+$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel');
// Quarter
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
$q = GETPOST("q") ?GETPOST("q") : 0;
diff --git a/htdocs/compta/stats/casoc.php b/htdocs/compta/stats/casoc.php
index c8c13ca8b27..aedae20b8f0 100644
--- a/htdocs/compta/stats/casoc.php
+++ b/htdocs/compta/stats/casoc.php
@@ -44,8 +44,8 @@ if (GETPOST("modecompta")) {
$modecompta = GETPOST("modecompta");
}
-$sortorder = isset($_GET["sortorder"]) ? $_GET["sortorder"] : $_POST["sortorder"];
-$sortfield = isset($_GET["sortfield"]) ? $_GET["sortfield"] : $_POST["sortfield"];
+$sortorder = GETPOST("sortorder", 'aZ09');
+$sortfield = GETPOST("sortfield", 'aZ09');
if (!$sortorder) {
$sortorder = "asc";
}
@@ -83,23 +83,23 @@ $search_societe = GETPOST("search_societe", 'alpha');
$search_zip = GETPOST("search_zip", 'alpha');
$search_town = GETPOST("search_town", 'alpha');
$search_country = GETPOST("search_country", 'alpha');
-$date_startyear = GETPOST("date_startyear", 'alpha');
-$date_startmonth = GETPOST("date_startmonth", 'alpha');
-$date_startday = GETPOST("date_startday", 'alpha');
-$date_endyear = GETPOST("date_endyear", 'alpha');
-$date_endmonth = GETPOST("date_endmonth", 'alpha');
-$date_endday = GETPOST("date_endday", 'alpha');
+$date_startyear = GETPOST("date_startyear", 'int');
+$date_startmonth = GETPOST("date_startmonth", 'int');
+$date_startday = GETPOST("date_startday", 'int');
+$date_endyear = GETPOST("date_endyear", 'int');
+$date_endmonth = GETPOST("date_endmonth", 'int');
+$date_endday = GETPOST("date_endday", 'int');
if (empty($year)) {
- $year_current = strftime("%Y", dol_now());
- $month_current = strftime("%m", dol_now());
+ $year_current = dol_print_date(dol_now(), '%Y');
+ $month_current = dol_print_date(dol_now(), '%m');
$year_start = $year_current;
} else {
$year_current = $year;
- $month_current = strftime("%m", dol_now());
+ $month_current = dol_print_date(dol_now(), '%m');
$year_start = $year;
}
-$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"));
-$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"));
+$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel');
+$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel');
// Quarter
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
$q = GETPOST("q", "int") ?GETPOST("q", "int") : 0;
diff --git a/htdocs/compta/stats/index.php b/htdocs/compta/stats/index.php
index 083230da668..74589d2e391 100644
--- a/htdocs/compta/stats/index.php
+++ b/htdocs/compta/stats/index.php
@@ -51,8 +51,8 @@ if (empty($year)) {
$month_current = dol_print_date(dol_now(), "%m");
$year_start = $year - ($nbofyear - 1);
}
-$date_start = dol_mktime(0, 0, 0, $date_startmonth, $date_startday, $date_startyear);
-$date_end = dol_mktime(23, 59, 59, $date_endmonth, $date_endday, $date_endyear);
+$date_start = dol_mktime(0, 0, 0, $date_startmonth, $date_startday, $date_startyear, 'tzuserrel');
+$date_end = dol_mktime(23, 59, 59, $date_endmonth, $date_endday, $date_endyear, 'tzuserrel');
// We define date_start and date_end
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
diff --git a/htdocs/compta/stats/supplier_turnover.php b/htdocs/compta/stats/supplier_turnover.php
index b199dcbeb9c..141db21b73e 100644
--- a/htdocs/compta/stats/supplier_turnover.php
+++ b/htdocs/compta/stats/supplier_turnover.php
@@ -47,8 +47,8 @@ if (empty($year)) {
$month_current = strftime("%m", dol_now());
$year_start = $year - ($nbofyear - 1);
}
-$date_start = dol_mktime(0, 0, 0, $date_startmonth, $date_startday, $date_startyear);
-$date_end = dol_mktime(23, 59, 59, $date_endmonth, $date_endday, $date_endyear);
+$date_start = dol_mktime(0, 0, 0, $date_startmonth, $date_startday, $date_startyear, 'tzuserrel');
+$date_end = dol_mktime(23, 59, 59, $date_endmonth, $date_endday, $date_endyear, 'tzuserrel');
// We define date_start and date_end
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
@@ -120,8 +120,6 @@ if (!empty($conf->accounting->enabled)) {
}
-
-
/*
* View
*/
diff --git a/htdocs/compta/stats/supplier_turnover_by_prodserv.php b/htdocs/compta/stats/supplier_turnover_by_prodserv.php
index bdf4e5e0f85..26659c851f9 100644
--- a/htdocs/compta/stats/supplier_turnover_by_prodserv.php
+++ b/htdocs/compta/stats/supplier_turnover_by_prodserv.php
@@ -30,27 +30,14 @@ require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
// Load translation files required by the page
$langs->loadLangs(array("products", "categories", "errors", 'accountancy'));
-// Security pack (data & check)
-$socid = GETPOST('socid', 'int');
-
-if ($user->socid > 0) {
- $socid = $user->socid;
-}
-if (!empty($conf->comptabilite->enabled)) {
- $result = restrictedArea($user, 'compta', '', '', 'resultat');
-}
-if (!empty($conf->accounting->enabled)) {
- $result = restrictedArea($user, 'accounting', '', '', 'comptarapport');
-}
-
// Define modecompta ('CREANCES-DETTES' or 'RECETTES-DEPENSES')
$modecompta = $conf->global->ACCOUNTING_MODE;
if (GETPOST("modecompta")) {
$modecompta = GETPOST("modecompta");
}
-$sortorder = isset($_GET["sortorder"]) ? $_GET["sortorder"] : $_POST["sortorder"];
-$sortfield = isset($_GET["sortfield"]) ? $_GET["sortfield"] : $_POST["sortfield"];
+$sortorder = GETPOST("sortorder", 'aZ09');
+$sortfield = GETPOST("sortfield", 'aZ09');
if (!$sortorder) {
$sortorder = "asc";
}
@@ -84,16 +71,16 @@ $date_endyear = GETPOST("date_endyear");
$date_endmonth = GETPOST("date_endmonth");
$date_endday = GETPOST("date_endday");
if (empty($year)) {
- $year_current = strftime("%Y", dol_now());
- $month_current = strftime("%m", dol_now());
+ $year_current = dol_print_date(dol_now(), '%Y');
+ $month_current = dol_print_date(dol_now(), '%m');
$year_start = $year_current;
} else {
$year_current = $year;
- $month_current = strftime("%m", dol_now());
+ $month_current = dol_print_date(dol_now(), '%m');
$year_start = $year;
}
-$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"));
-$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"));
+$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel');
+$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel');
// Quarter
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
$q = GETPOST("q", "int");
@@ -204,6 +191,19 @@ foreach ($allparams as $key => $value) {
$paramslink .= '&'.$key.'='.$value;
}
+// Security pack (data & check)
+$socid = GETPOST('socid', 'int');
+
+if ($user->socid > 0) {
+ $socid = $user->socid;
+}
+if (!empty($conf->comptabilite->enabled)) {
+ $result = restrictedArea($user, 'compta', '', '', 'resultat');
+}
+if (!empty($conf->accounting->enabled)) {
+ $result = restrictedArea($user, 'accounting', '', '', 'comptarapport');
+}
+
/*
* View
diff --git a/htdocs/compta/stats/supplier_turnover_by_thirdparty.php b/htdocs/compta/stats/supplier_turnover_by_thirdparty.php
index fbfb0994e4a..0530d58ee87 100644
--- a/htdocs/compta/stats/supplier_turnover_by_thirdparty.php
+++ b/htdocs/compta/stats/supplier_turnover_by_thirdparty.php
@@ -38,8 +38,8 @@ if (GETPOST("modecompta")) {
$modecompta = GETPOST("modecompta");
}
-$sortorder = isset($_GET["sortorder"]) ? $_GET["sortorder"] : $_POST["sortorder"];
-$sortfield = isset($_GET["sortfield"]) ? $_GET["sortfield"] : $_POST["sortfield"];
+$sortorder = GETPOST("sortorder", 'aZ09');
+$sortfield = GETPOST("sortfield", 'aZ09');
if (!$sortorder) {
$sortorder = "asc";
}
@@ -59,17 +59,6 @@ if (GETPOST('subcat', 'alpha') === 'yes') {
// Hook
$hookmanager->initHooks(array('supplierturnoverbythirdpartylist'));
-// Security check
-if ($user->socid > 0) {
- $socid = $user->socid;
-}
-if (!empty($conf->comptabilite->enabled)) {
- $result = restrictedArea($user, 'compta', '', '', 'resultat');
-}
-if (!empty($conf->accounting->enabled)) {
- $result = restrictedArea($user, 'accounting', '', '', 'comptarapport');
-}
-
// Date range
$year = GETPOST("year", 'int');
$month = GETPOST("month", 'int');
@@ -84,16 +73,16 @@ $date_endyear = GETPOST("date_endyear", 'alpha');
$date_endmonth = GETPOST("date_endmonth", 'alpha');
$date_endday = GETPOST("date_endday", 'alpha');
if (empty($year)) {
- $year_current = strftime("%Y", dol_now());
- $month_current = strftime("%m", dol_now());
+ $year_current = dol_print_date(dol_now(), '%Y');
+ $month_current = dol_print_date(dol_now(), '%m');
$year_start = $year_current;
} else {
$year_current = $year;
- $month_current = strftime("%m", dol_now());
+ $month_current = dol_print_date(dol_now(), '%m');
$year_start = $year;
}
-$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"));
-$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"));
+$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel');
+$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel');
// Quarter
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
$q = GETPOST("q", "int") ?GETPOST("q", "int") : 0;
@@ -175,6 +164,17 @@ foreach ($allparams as $key => $value) {
$paramslink .= '&'.$key.'='.$value;
}
+// Security check
+if ($user->socid > 0) {
+ $socid = $user->socid;
+}
+if (!empty($conf->comptabilite->enabled)) {
+ $result = restrictedArea($user, 'compta', '', '', 'resultat');
+}
+if (!empty($conf->accounting->enabled)) {
+ $result = restrictedArea($user, 'accounting', '', '', 'comptarapport');
+}
+
/*
* View
diff --git a/htdocs/langs/en_US/users.lang b/htdocs/langs/en_US/users.lang
index 996ba20ab7d..d4326fc08c9 100644
--- a/htdocs/langs/en_US/users.lang
+++ b/htdocs/langs/en_US/users.lang
@@ -72,7 +72,7 @@ ExportDataset_user_1=Users and their properties
DomainUser=Domain user %s
Reactivate=Reactivate
CreateInternalUserDesc=This form allows you to create an internal user in your company/organization. To create an external user (customer, vendor etc. ..), use the button 'Create Dolibarr User' from that third-party's contact card.
-InternalExternalDesc=An internal user is a user that is part of your company/organization.
An external user is a customer, vendor or other (Creating an external user for a third-party can be done from the contact record of the third-party).
In both cases, permissions defines rights on Dolibarr, also external user can have a different menu manager than internal user (See Home - Setup - Display)
+InternalExternalDesc=An internal user is a user that is part of your company/organization.
An external user is a customer, vendor or other that must view only data related to himself (Creating an external user for a third-party can be done from the contact record of the third-party).
In both cases, permissions defines rights on Dolibarr, also external user can have a different menu manager than internal user (See Home - Setup - Display)
PermissionInheritedFromAGroup=Permission granted because inherited from one of a user's group.
Inherited=Inherited
UserWillBe=Created user will be