diff --git a/htdocs/asterisk/cidlookup.php b/htdocs/asterisk/cidlookup.php index f3539e672cd..34ee081b5b3 100644 --- a/htdocs/asterisk/cidlookup.php +++ b/htdocs/asterisk/cidlookup.php @@ -42,7 +42,7 @@ if (empty($phone)) $sql = "SELECT nom as name FROM ".MAIN_DB_PREFIX."societe as s"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople as sp ON sp.fk_soc = s.rowid"; -$sql.= " WHERE s.entity IN (".getEntity('societe', 1).")"; +$sql.= " WHERE s.entity IN (".getEntity('societe', 1).")"; $sql.= " AND (s.tel='".$db->escape($phone)."'"; $sql.= " OR sp.phone='".$db->escape($phone)."'"; $sql.= " OR sp.phone_perso='".$db->escape($phone)."'"; diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index 9320ad50c2c..d163e84828f 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -452,7 +452,7 @@ if ($showbirthday) $sql = 'SELECT sp.rowid, sp.name, sp.firstname, sp.birthday'; $sql.= ' FROM '.MAIN_DB_PREFIX.'socpeople as sp'; $sql.= ' WHERE (priv=0 OR (priv=1 AND fk_user_creat='.$user->id.'))'; - $sql.= ' AND sp.entity = '.$conf->entity; + $sql.= " AND sp.entity IN (".getEntity('societe', 1).")"; if ($action == 'show_day') { $sql.= ' AND MONTH(birthday) = '.$month; diff --git a/htdocs/comm/action/listactions.php b/htdocs/comm/action/listactions.php index 76a15422aa1..1c352367159 100644 --- a/htdocs/comm/action/listactions.php +++ b/htdocs/comm/action/listactions.php @@ -153,7 +153,7 @@ $sql.= " ut.login as logintodo, ut.rowid as useridtodo,"; $sql.= " ud.login as logindone, ud.rowid as useriddone,"; $sql.= " sp.name, sp.firstname"; $sql.= " FROM (".MAIN_DB_PREFIX."c_actioncomm as c,"; -if (!$user->rights->societe->client->voir && !$socid) $sql.= " ".MAIN_DB_PREFIX."societe_commerciaux as sc,"; +if (! $user->rights->societe->client->voir && ! $socid) $sql.= " ".MAIN_DB_PREFIX."societe_commerciaux as sc,"; $sql.= " ".MAIN_DB_PREFIX.'user as u,'; $sql.= " ".MAIN_DB_PREFIX."actioncomm as a)"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid"; @@ -166,7 +166,7 @@ $sql.= ' AND a.fk_user_author = u.rowid'; $sql.= ' AND a.entity = '.$conf->entity; // To limit to entity if ($actioncode) $sql.=" AND c.code='".$db->escape($actioncode)."'"; if ($pid) $sql.=" AND a.fk_project=".$db->escape($pid); -if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; +if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; if ($socid) $sql.= " AND s.rowid = ".$socid; if ($_GET["type"]) $sql.= " AND c.id = ".$_GET["type"]; if ($status == 'done') { $sql.= " AND (a.percent = 100 OR (a.percent = -1 AND a.datep2 <= '".$db->idate($now)."'))"; } diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index 76c8dda3775..a1c9418ef8a 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -397,11 +397,11 @@ class Contact extends CommonObject $result=false; // Mis a jour contact - $sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET rowid=".$id; - $sql .= ", birthday=".($this->birthday ? "'".$this->db->idate($this->birthday)."'" : "null"); + $sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET"; + $sql.= " birthday=".($this->birthday ? "'".$this->db->idate($this->birthday)."'" : "null"); if ($user) $sql .= ", fk_user_modif=".$user->id; - $sql .= " WHERE rowid=".$id; - //print "update_perso: ".$this->birthday.'-'.$this->db->idate($this->birthday); + $sql.= " WHERE rowid=".$id; + dol_syslog(get_class($this)."::update_perso this->birthday=".$this->birthday." - sql=".$sql); $resql = $this->db->query($sql); if (! $resql) diff --git a/htdocs/core/boxes/box_contacts.php b/htdocs/core/boxes/box_contacts.php index 15f7a77b9cb..996b7b9ad55 100755 --- a/htdocs/core/boxes/box_contacts.php +++ b/htdocs/core/boxes/box_contacts.php @@ -72,13 +72,13 @@ include_once(DOL_DOCUMENT_ROOT."/contact/class/contact.class.php"); if ($user->rights->societe->lire) { - $sql = "SELECT s.rowid, s.name, s.firstname, s.civilite, s.datec, s.tms"; - $sql.= " FROM ".MAIN_DB_PREFIX."socpeople as s"; - if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql.= " WHERE s.entity IN (".getEntity('societe', 1).")"; - if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; - if ($user->societe_id) $sql.= " AND s.rowid = $user->societe_id"; - $sql.= " ORDER BY s.tms DESC"; + $sql = "SELECT sp.rowid, sp.name, sp.firstname, sp.civilite, sp.datec, sp.tms"; + $sql.= " FROM ".MAIN_DB_PREFIX."socpeople as sp"; + if (! $user->rights->societe->client->voir && ! $user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; + $sql.= " WHERE sp.entity IN (".getEntity('societe', 1).")"; + if (! $user->rights->societe->client->voir && ! $user->societe_id) $sql.= " AND sp.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + if ($user->societe_id) $sql.= " AND sp.rowid = $user->societe_id"; + $sql.= " ORDER BY sp.tms DESC"; $sql.= $db->plimit($max, 0); $result = $db->query($sql); diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index cf9c09b70d6..bd05cf29889 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -483,7 +483,8 @@ abstract class CommonObject $sql.= " ".MAIN_DB_PREFIX."c_type_contact as tc"; $sql.= " WHERE ec.element_id = ".$this->id; $sql.= " AND ec.fk_socpeople = c.rowid"; - $sql.= " AND c.entity IN (0,".$conf->entity.")"; + if ($source == 'internal') $sql.= " AND c.entity IN (0,".$conf->entity.")"; + if ($source == 'external') $sql.= " AND c.entity IN (".getEntity('societe', 1).")"; $sql.= " AND ec.fk_c_type_contact = tc.rowid"; $sql.= " AND tc.element = '".$this->element."'"; $sql.= " AND tc.source = '".$source."'"; diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index d85bbcef9dc..2e7ec3c8282 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -885,11 +885,11 @@ class Form global $conf,$langs; // On recherche les societes - $sql = "SELECT s.rowid, s.name as name, s.firstname, s.poste FROM"; - $sql.= " ".MAIN_DB_PREFIX ."socpeople as s"; - $sql.= " WHERE entity = ".$conf->entity; - if ($socid > 0) $sql.= " AND fk_soc=".$socid; - $sql.= " ORDER BY s.name ASC"; + $sql = "SELECT sp.rowid, sp.name as name, sp.firstname, sp.poste"; + $sql.= " FROM ".MAIN_DB_PREFIX ."socpeople as sp"; + $sql.= " WHERE sp.entity IN (".getEntity('societe', 1).")"; + if ($socid > 0) $sql.= " AND sp.fk_soc=".$socid; + $sql.= " ORDER BY sp.name ASC"; dol_syslog(get_class($this)."::select_contacts sql=".$sql); $resql=$this->db->query($sql); diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php index 67bdefa6fc9..2029537ab5e 100644 --- a/htdocs/core/lib/company.lib.php +++ b/htdocs/core/lib/company.lib.php @@ -650,6 +650,7 @@ function show_actions_todo($conf,$langs,$db,$object,$objcon='',$noprint=0) $sql.= " FROM ".MAIN_DB_PREFIX."c_actioncomm as c, ".MAIN_DB_PREFIX."user as u, ".MAIN_DB_PREFIX."actioncomm as a"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople as sp ON a.fk_contact = sp.rowid"; $sql.= " WHERE u.rowid = a.fk_user_author"; + $sql.= " AND u.entity = ".$conf->entity; if ($object->id) $sql.= " AND a.fk_soc = ".$object->id; if (is_object($objcon) && $objcon->id) $sql.= " AND a.fk_contact = ".$objcon->id; $sql.= " AND c.id=a.fk_action"; @@ -777,6 +778,7 @@ function show_actions_done($conf,$langs,$db,$object,$objcon='',$noprint=0) $sql.= " FROM ".MAIN_DB_PREFIX."c_actioncomm as c, ".MAIN_DB_PREFIX."user as u, ".MAIN_DB_PREFIX."actioncomm as a"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople as sp ON a.fk_contact = sp.rowid"; $sql.= " WHERE u.rowid = a.fk_user_author"; + $sql.= " AND u.entity = ".$conf->entity; if ($object->id) $sql.= " AND a.fk_soc = ".$object->id; if (is_object($objcon) && $objcon->id) $sql.= " AND a.fk_contact = ".$objcon->id; $sql.= " AND c.id=a.fk_action"; diff --git a/htdocs/core/modules/mailings/contacts2.modules.php b/htdocs/core/modules/mailings/contacts2.modules.php index 21fd42c95ec..e862004d0c1 100755 --- a/htdocs/core/modules/mailings/contacts2.modules.php +++ b/htdocs/core/modules/mailings/contacts2.modules.php @@ -85,7 +85,7 @@ class mailing_contacts2 extends MailingTargets $sql.= " WHERE s.rowid = sp.fk_soc"; $sql.= " AND sp.email != ''"; // Note that null != '' is false //$sql.= " AND sp.poste != ''"; - $sql.= " AND sp.entity = ".$conf->entity; + $sql.= " AND sp.entity IN (".getEntity('societe', 1).")"; if ($filtersarray[0]<>'all') $sql.= " AND sp.poste ='".$filtersarray[0]."'"; $sql.= " ORDER BY sp.name, sp.firstname"; $resql = $this->db->query($sql); @@ -137,7 +137,7 @@ class mailing_contacts2 extends MailingTargets $statssql[$i].= " WHERE s.rowid = sp.fk_soc"; $statssql[$i].= " AND sp.email != ''"; // Note that null != '' is false $statssql[$i].= " AND (sp.poste IS NOT NULL AND sp.poste != '')"; - $statssql[$i].= " AND sp.entity = ".$conf->entity; + $statssql[$i].= " AND sp.entity IN (".getEntity('societe', 1).")"; $statssql[$i].= " GROUP BY label"; $statssql[$i].= " ORDER BY nb DESC"; $statssql[$i].= " LIMIT $i,1"; @@ -187,7 +187,7 @@ class mailing_contacts2 extends MailingTargets $sql.= " FROM ".MAIN_DB_PREFIX."socpeople as sp,"; $sql.= " ".MAIN_DB_PREFIX."societe as s"; $sql.= " WHERE s.rowid = sp.fk_soc"; - $sql.= " AND sp.entity = ".$conf->entity; + $sql.= " AND sp.entity IN (".getEntity('societe', 1).")"; $sql.= " AND sp.email != ''"; // Note that null != '' is false $sql.= " AND (sp.poste IS NOT NULL AND sp.poste != '')"; $sql.= " GROUP BY sp.poste"; diff --git a/htdocs/core/modules/mailings/contacts3.modules.php b/htdocs/core/modules/mailings/contacts3.modules.php index 228961fe990..9457ec43bdc 100755 --- a/htdocs/core/modules/mailings/contacts3.modules.php +++ b/htdocs/core/modules/mailings/contacts3.modules.php @@ -85,7 +85,7 @@ class mailing_contacts3 extends MailingTargets if ($filtersarray[0] <> 'all') $sql.= " ".MAIN_DB_PREFIX."categorie_societe as cs"; $sql.= " WHERE s.rowid = sp.fk_soc"; $sql.= " AND sp.email != ''"; // Note that null != '' is false - $sql.= " AND sp.entity = ".$conf->entity; + $sql.= " AND sp.entity IN (".getEntity('societe', 1).")"; if ($filtersarray[0] <> 'all') $sql.= " AND cs.fk_categorie = c.rowid"; if ($filtersarray[0] <> 'all') $sql.= " AND cs.fk_societe = sp.fk_soc"; if ($filtersarray[0] <> 'all') $sql.= " AND c.label = '".$this->db->escape($filtersarray[0])."'"; @@ -141,7 +141,7 @@ class mailing_contacts3 extends MailingTargets $statssql[$i].= " ".MAIN_DB_PREFIX."categorie_societe as cs"; $statssql[$i].= " WHERE s.rowid = sp.fk_soc"; $statssql[$i].= " AND sp.email != ''"; // Note that null != '' is false - $statssql[$i].= " AND sp.entity = ".$conf->entity; + $statssql[$i].= " AND sp.entity IN (".getEntity('societe', 1).")"; $statssql[$i].= " AND cs.fk_categorie = c.rowid"; $statssql[$i].= " AND cs.fk_societe = sp.fk_soc"; $statssql[$i].= " GROUP BY c.label"; @@ -207,7 +207,7 @@ class mailing_contacts3 extends MailingTargets $sql.= " ".MAIN_DB_PREFIX."categorie_societe as cs"; $sql.= " WHERE s.rowid = sp.fk_soc"; $sql.= " AND sp.email != ''"; // Note that null != '' is false - $sql.= " AND sp.entity = ".$conf->entity; + $sql.= " AND sp.entity IN (".getEntity('societe', 1).")"; $sql.= " AND cs.fk_categorie = c.rowid"; $sql.= " AND cs.fk_societe = sp.fk_soc"; $sql.= " GROUP BY c.label"; diff --git a/htdocs/core/modules/modSociete.class.php b/htdocs/core/modules/modSociete.class.php index 224e23d67f1..0c6161a54cb 100644 --- a/htdocs/core/modules/modSociete.class.php +++ b/htdocs/core/modules/modSociete.class.php @@ -255,7 +255,7 @@ class modSociete extends DolibarrModules $this->export_sql_end[$r] =' FROM '.MAIN_DB_PREFIX.'socpeople as c'; $this->export_sql_end[$r] .=' LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON c.fk_soc = s.rowid'; $this->export_sql_end[$r] .=' LEFT JOIN '.MAIN_DB_PREFIX.'c_pays as p ON c.fk_pays = p.rowid'; - $this->export_sql_end[$r] .=' WHERE c.entity = '.$conf->entity; + $this->export_sql_end[$r] .=' WHERE c.entity IN ('.getEntity("societe", 1).')'; // Imports diff --git a/htdocs/fourn/contact.php b/htdocs/fourn/contact.php index 9008587ec4e..68eb0bcbb3f 100644 --- a/htdocs/fourn/contact.php +++ b/htdocs/fourn/contact.php @@ -58,22 +58,25 @@ $limit = $conf->liste_limit; */ $sql = "SELECT s.rowid as socid, s.nom, st.libelle as stcomm, p.rowid as cidp, p.name, p.firstname, p.email, p.phone"; -if (!$user->rights->societe->client->voir && !$socid) $sql .= ", sc.fk_soc, sc.fk_user "; -$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."socpeople as p, ".MAIN_DB_PREFIX."c_stcomm as st"; -if (!$user->rights->societe->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; -$sql .= " WHERE s.fk_stcomm = st.id AND s.fournisseur = 1 AND s.rowid = p.fk_soc"; -if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; +if (! $user->rights->societe->client->voir && ! $socid) $sql .= ", sc.fk_soc, sc.fk_user "; +$sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."socpeople as p, ".MAIN_DB_PREFIX."c_stcomm as st"; +if (! $user->rights->societe->client->voir && ! $socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; +$sql.= " WHERE s.fk_stcomm = st.id"; +$sql.= " AND s.fournisseur = 1"; +$sql.= " AND s.rowid = p.fk_soc"; +$sql.= " AND s.entity IN (".getEntity('societe', 1).")"; +if (! $user->rights->societe->client->voir && ! $socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; if (dol_strlen($stcomm)) { $sql .= " AND s.fk_stcomm=$stcomm"; } if (dol_strlen($begin)) { - $sql .= " AND p.name like '$begin%'"; + $sql .= " AND p.name LIKE '$begin%'"; } if ($contactname) { - $sql .= " AND p.name like '%".strtolower($contactname)."%'"; + $sql .= " AND p.name LIKE '%".strtolower($contactname)."%'"; $sortfield = "p.name"; $sortorder = "ASC"; }