diff --git a/htdocs/compta/facture/apercu.php b/htdocs/compta/facture/apercu.php
index 246f0eaac55..9e506ec3f0f 100644
--- a/htdocs/compta/facture/apercu.php
+++ b/htdocs/compta/facture/apercu.php
@@ -147,7 +147,8 @@ if ($_GET["facid"] > 0)
       $filedetail = $conf->facture->dir_output . "/" . $facref . "/" . $facref . "-detail.pdf";
       $relativepath = "${facref}/${facref}.pdf";
       $relativepathdetail = "${facref}/${facref}-detail.pdf";
-
+      $relativepathimage = "${facref}/${facref}.pdf.png";
+      
       $fileimage = $file.".png";
 	
 	  $var=true;
@@ -156,7 +157,7 @@ if ($_GET["facid"] > 0)
       if (file_exists($file))
 	{
         $encfile = urlencode($file);
-        print_titre("Documents");
+        print_titre($langs->trans("Documents"));
         print '<table class="border" width="100%">';
         
         print "<tr $bc[$var]><td>".$langs->trans("Bill")." PDF</td>";
@@ -220,33 +221,32 @@ if ($_GET["facid"] > 0)
       
       print "<tr><td height=\"10\">".$langs->trans("Author")."</td><td colspan=\"3\">$author->fullname</td>";
       
-      print '<tr><td height=\"10\">Remise globale</td>';
+      print '<tr><td height=\"10\">'.$langs->trans("GlobalDiscount").'</td>';
       print '<td align="right" colspan="2">'.$fac->remise_percent.'</td>';
       print '<td>%</td></tr>';
       
       print '<tr><td height=\"10\">'.$langs->trans("AmountHT").'</td>';
       print '<td align="right" colspan="2"><b>'.price($fac->total_ht).'</b></td>';
-      print '<td>'.$conf->monnaie.' HT</td></tr>';
+      print '<td>'.$conf->monnaie.'</td></tr>';
                 
       print "</table><br>";
-	  
-
-      
       
     }
   else
     {
-      /* Facture non trouvée */
+      // Facture non trouvée
       print $langs->trans("ErrorBillNotFound");
     }
 }  
 
+  print 'xxxxxxxxxximg src="'.DOL_URL_ROOT . '/viewimage.php?modulepart=apercufacture&file='.urlencode($relativepathimage).'"';
 if (file_exists($fileimage))
 {	  
-  print '<img src="'.DOL_URL_ROOT . '/viewimage.php?file='.urlencode($fileimage).'">';
+  print '<img src="'.DOL_URL_ROOT . '/viewimage.php?modulepart=apercufacture&file='.urlencode($relativepathimage).'">';
 }
 print '</div>';
 
+
 $db->close();
 
 llxFooter("<em>Derni&egrave;re modification $Date$ r&eacute;vision $Revision$</em>");
diff --git a/htdocs/langs/en_US/users.lang b/htdocs/langs/en_US/users.lang
index e82f112ba11..ad29ecbda84 100755
--- a/htdocs/langs/en_US/users.lang
+++ b/htdocs/langs/en_US/users.lang
@@ -38,4 +38,5 @@ LastUsersCreated=Last %s users created
 ShowGroup=Show group
 ShowUser=Show user
 NonAffectedUsers=Non affected users
-UserModified=User modified successfully
\ No newline at end of file
+UserModified=User modified successfully
+PhotoFile=Fichier photo
\ No newline at end of file
diff --git a/htdocs/langs/fr_FR/users.lang b/htdocs/langs/fr_FR/users.lang
index 8353f5f4073..ceb9d638ff2 100755
--- a/htdocs/langs/fr_FR/users.lang
+++ b/htdocs/langs/fr_FR/users.lang
@@ -40,3 +40,4 @@ ShowGroup=Afficher groupe
 ShowUser=Afficher utilisateur
 NonAffectedUsers=Utilisateurs non affectés au groupe
 UserModified=Utilisateur modifié avec succès
+PhotoFile=Fichier photo
diff --git a/htdocs/master.inc.php b/htdocs/master.inc.php
index 0975e38b02d..f26bb9d51f4 100644
--- a/htdocs/master.inc.php
+++ b/htdocs/master.inc.php
@@ -173,6 +173,8 @@ $langs = new Translate(DOL_DOCUMENT_ROOT ."/langs", $conf->langage);
 
 
 
+$conf->users->dir_output=DOL_DATA_ROOT."/users";
+
 /*
  * Activation des modules
  * et inclusion de librairies dépendantes
diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php
index b63486b1a71..b567ac87812 100644
--- a/htdocs/user/fiche.php
+++ b/htdocs/user/fiche.php
@@ -108,8 +108,10 @@ if ($_POST["action"] == 'add' && $user->admin)
 
 if ($_POST["action"] == 'update' && $user->admin)
 {
-    $db->begin();
+    $message="";
 
+    $db->begin();
+    
     $edituser = new User($db, $_GET["id"]);
     $edituser->fetch();
 
@@ -124,18 +126,33 @@ if ($_POST["action"] == 'update' && $user->admin)
     $ret=$edituser->update();
     if ($ret < 0)
     {
-        $message='<div class="error">'.$edituser->error.'</div>';
+        $message.='<div class="error">'.$edituser->error.'</div>';
     }
     if ($ret >= 0 && isset($_POST["password"]) && $_POST["password"] !='' )
     {
         $ret=$edituser->password($user,$password,$conf->password_encrypted);
         if ($ret < 0) {
-            $message='<div class="error">'.$edituser->error.'</div>';
+            $message.='<div class="error">'.$edituser->error.'</div>';
+        }
+    }
+
+    if ($_FILES['photo']['tmp_name']) {
+        // Si une photo est fournie avec le formulaire
+        if (! is_dir($conf->users->dir_output))
+        {
+            mkdir($conf->users->dir_output);
+        }
+        if (is_dir($conf->users->dir_output)) {
+            $newfile=$conf->users->dir_output . "/" . $edituser->id . ".jpg";
+            if (! doliMoveFileUpload($_FILES['photo']['tmp_name'],$newfile))
+            {
+            $message .= '<div class="error">'.$langs->trans("ErrorFailedToSaveFile").'</div>';
+            }
         }
     }
 
     if ($ret >= 0) {
-        $message.='<div class="ok">'.$langs->trans("UserModififed").'</div>';
+        $message.='<div class="ok">'.$langs->trans("UserModified").'</div>';
         $db->commit();
     } else {
         $db->rollback;
@@ -170,7 +187,7 @@ if ($action == 'create')
   print "<br>";
   if ($message) { print $message."<br>"; }
 
-  print '<form action="fiche.php" method="post">';
+  print '<form action="fiche.php" method="post" name="createuser>';
   print '<input type="hidden" name="action" value="add">';
 
   print '<table class="border" width="100%">';
@@ -274,7 +291,7 @@ else
 	  print '<td align="center" valign="middle" width="25%" rowspan="8">';
 	  if (file_exists($conf->users->dir_output."/".$fuser->id.".jpg"))
 	    {
-	      print '<img src="'.DOL_URL_ROOT.'/image.php?modulepart=userphoto&file='.$fuser->id.'.jpg">';
+	      print '<img width="100" src="'.DOL_URL_ROOT.'/viewimage.php?modulepart=userphoto&file='.$fuser->id.'.jpg">';
 	    }
 	  else
 	    {
@@ -379,7 +396,7 @@ else
       if ($_GET["action"] == 'edit' && $user->admin)
         {
 
-	  print '<form action="fiche.php?id='.$fuser->id.'" method="post">';
+	  print '<form action="fiche.php?id='.$fuser->id.'" method="post" name="updateuser" enctype="multipart/form-data">';
 	  print '<input type="hidden" name="action" value="update">';
 	  print '<table width="100%" class="border">';
 
@@ -388,12 +405,13 @@ else
 	  print '<td align="center" valign="middle" width="25%" rowspan="6">';
 	  if (file_exists($conf->users->dir_output."/".$fuser->id.".jpg"))
 	    {
-	      print '<img src="'.DOL_URL_ROOT.'/image.php?modulepart=userphoto&file='.$fuser->id.'.jpg">';
+	      print '<img width="100" src="'.DOL_URL_ROOT.'/viewimage.php?modulepart=userphoto&file='.$fuser->id.'.jpg">';
 	    }
 	  else
 	    {
 	      print '<img src="'.DOL_URL_ROOT.'/theme/nophoto.jpg">';
 	    }
+	  print '<br><br><table class="noborder"><tr><td>'.$langs->trans("PhotoFile").'</td></tr><tr><td><input type="file" name="photo" class="flat"></td></tr></table>';
 	  print '</td></tr>';
 	  
 	  print "<tr>".'<td valign="top">'.$langs->trans("Firstname").'</td>';
diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php
index 9b823476891..aef7fef6b76 100644
--- a/htdocs/viewimage.php
+++ b/htdocs/viewimage.php
@@ -1,5 +1,6 @@
 <?php
 /* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
+ * Copyright (C) 2005 Laurent Destailleur  <eldy@users.sourceforge.net>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -21,25 +22,67 @@
  *
  */
 
+
+require_once("main.inc.php");
+
+
+// C'est un wrapper, donc header vierge
+function llxHeader() { }
+
+
+
 $original_file = urldecode($_GET["file"]);
+$modulepart = urldecode($_GET["modulepart"]);
+$type = urldecode($_GET["type"]);
 
 $filename = basename ($original_file);
 
-//$filename = "/home/www/dolibarr/documents/facture/297459847084/297459847084.pdf.png";
 
+$accessallowed=0;
+if ($modulepart)
+{
+    // On fait une vérification des droits et on définit le répertoire concerné
 
-header('Content-type: image/png');
-
-//header('Content-Disposition: attachment; filename="'.$filename.'"');
-
-// The PDF source is in original.pdf
-//readfile($filename);
-
-
-if ($fh = @fopen($original_file, "rb")) {
-  
-  fpassthru($fh);
-  fclose($fh);
+    // Wrapping pour les photo utilisateurs
+    if ($modulepart == 'userphoto')
+    {
+        //$user->getrights('facture');
+        //if ($user->rights->facture->lire)
+        //{
+            $accessallowed=1;
+        //}
+        $original_file=$conf->users->dir_output.'/'.$original_file;
+    }
+    
+    // Wrapping pour les apercu factures
+    if ($modulepart == 'apercufacture')
+    {
+        $user->getrights('facture');
+        if ($user->rights->facture->lire)
+        {
+            $accessallowed=1;
+        }
+        $original_file=$conf->facture->dir_output.'/'.$original_file;
+    }
 }
 
+// Limite accès si droits non corrects
+if (! $accessallowed) { accessforbidden(); }
+
+
+$filename = basename($original_file);
+if (! file_exists($original_file)) { dolibarr_print_error(0,$langs->trans("FileDoesNotExist",$original_file)); exit; }
+
+// Les drois sont ok et fichier trouvé
+if ($type)
+{
+  header('Content-type: '.$type);
+}
+else
+{
+  header('Content-type: image/png');
+}
+
+readfile($original_file);
+
 ?>

".$langs->trans("Bill")." PDF
".$langs->trans("Author")."	$author->fullname
Remise globale
'.$langs->trans("GlobalDiscount").'	'.$fac->remise_percent.'	%
'.$langs->trans("AmountHT").'	'.price($fac->total_ht).'	'.$conf->monnaie.' HT
'.$conf->monnaie.'