From 78d7cfffa8cfeea2f3a8ae4f3309b545ea418ee9 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 29 Mar 2021 15:24:47 +0200 Subject: [PATCH] FIX #yogosha5747 --- htdocs/adherents/card.php | 14 ++--- htdocs/adherents/document.php | 32 ++++++++-- htdocs/adherents/htpasswd.php | 21 +++---- htdocs/adherents/ldap.php | 33 +++++++++-- htdocs/adherents/note.php | 32 +++++++++- htdocs/adherents/subscription.php | 58 +++++++++--------- htdocs/adherents/vcard.php | 99 ++++++++++++++++++++----------- 7 files changed, 196 insertions(+), 93 deletions(-) diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index b75bce38ca9..9b4dbb0203d 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -84,12 +84,10 @@ if (!empty($canvas)) { // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('membercard', 'globalcard')); -// Security check -$result = restrictedArea($user, 'adherent', $id, '', '', 'socid', 'rowid', 0); - -if ($id > 0) { +// Fetch object +if ($id > 0 || !empty($ref)) { // Load member - $result = $object->fetch($id); + $result = $object->fetch($id, $ref); // Define variables to know what current user can do on users $canadduser = ($user->admin || $user->rights->user->user->creer); @@ -97,9 +95,9 @@ if ($id > 0) { if ($object->user_id) { // $User is the user who edits, $object->user_id is the id of the related user in the edited member $caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer) - || (($user->id != $object->user_id) && $user->rights->user->user->creer)); + || (($user->id != $object->user_id) && $user->rights->user->user->creer)); $caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password) - || (($user->id != $object->user_id) && $user->rights->user->user->password)); + || (($user->id != $object->user_id) && $user->rights->user->user->password)); } } @@ -110,6 +108,8 @@ if ($id) { $caneditfieldmember = $user->rights->adherent->creer; } +// Security check +$result = restrictedArea($user, 'adherent', $object->id, '', '', 'socid', 'rowid', 0); /* diff --git a/htdocs/adherents/document.php b/htdocs/adherents/document.php index 88e31ebffb6..c359f539547 100644 --- a/htdocs/adherents/document.php +++ b/htdocs/adherents/document.php @@ -42,9 +42,6 @@ $ref = GETPOST('ref', 'alphanohtml'); $action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); -// Security check -$result = restrictedArea($user, 'adherent', $id); - // Get parameters $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); @@ -63,8 +60,6 @@ if (!$sortfield) { $sortfield = "name"; } - -$form = new Form($db); $object = new Adherent($db); $membert = new AdherentType($db); $result = $object->fetch($id, $ref); @@ -74,6 +69,33 @@ if ($result < 0) { } $upload_dir = $conf->adherent->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'member'); +// Fetch object +if ($id > 0 || !empty($ref)) { + // Load member + $result = $object->fetch($id, $ref); + + // Define variables to know what current user can do on users + $canadduser = ($user->admin || $user->rights->user->user->creer); + // Define variables to know what current user can do on properties of user linked to edited member + if ($object->user_id) { + // $User is the user who edits, $object->user_id is the id of the related user in the edited member + $caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer) + || (($user->id != $object->user_id) && $user->rights->user->user->creer)); + $caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password) + || (($user->id != $object->user_id) && $user->rights->user->user->password)); + } +} + +// Define variables to determine what the current user can do on the members +$canaddmember = $user->rights->adherent->creer; +// Define variables to determine what the current user can do on the properties of a member +if ($id) { + $caneditfieldmember = $user->rights->adherent->creer; +} + +// Security check +$result = restrictedArea($user, 'adherent', $object->id, '', '', 'socid', 'rowid', 0); + /* * Actions diff --git a/htdocs/adherents/htpasswd.php b/htdocs/adherents/htpasswd.php index a1c105bd192..e1f580a3656 100644 --- a/htdocs/adherents/htpasswd.php +++ b/htdocs/adherents/htpasswd.php @@ -26,7 +26,16 @@ require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php'; +$status = GETPOST('status', 'int'); +$cotis = GETPOST('cotis', 'int'); + +$sortfield = GETPOST('sortfield', 'alphanohtml'); +$sortorder = GETPOST('sortorder', 'aZ09'); + // Security check +if (empty($conf->adherent->enabled)) { + accessforbidden(); +} if (!$user->rights->adherent->export) { accessforbidden(); } @@ -46,19 +55,10 @@ if (empty($sortorder)) { if (empty($sortfield)) { $sortfield = "d.login"; } -if (!isset($statut)) { - $statut = 1; -} - -if (!isset($cotis)) { - // by default, members must be up to date of subscription - $cotis = 1; -} - $sql = "SELECT d.login, d.pass, d.datefin"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent as d "; -$sql .= " WHERE d.statut = ".$statut; +$sql .= " WHERE d.statut = ".((int) $status); if ($cotis == 1) { $sql .= " AND datefin > '".$db->idate($now)."'"; } @@ -70,6 +70,7 @@ if ($resql) { $num = $db->num_rows($resql); $i = 0; + $param = ''; print_barre_liste($langs->trans("HTPasswordExport"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', 0); print "
\n"; diff --git a/htdocs/adherents/ldap.php b/htdocs/adherents/ldap.php index 89baf2f5ec5..44d5ee5399b 100644 --- a/htdocs/adherents/ldap.php +++ b/htdocs/adherents/ldap.php @@ -32,7 +32,8 @@ require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent_type.class.php'; // Load translation files required by the page $langs->loadLangs(array("companies", "members", "ldap", "admin")); -$rowid = GETPOST('id', 'int'); +$id = GETPOST('id', 'int'); +$ref = GETPOST('ref', 'alphanohtml'); $action = GETPOST('action', 'aZ09'); // Protection @@ -42,12 +43,34 @@ if ($user->socid > 0) { } $object = new Adherent($db); -$result = $object->fetch($rowid); -if (!$result) { - dol_print_error($db, "Failed to get adherent: ".$object->error); - exit; + +// Fetch object +if ($id > 0 || !empty($ref)) { + // Load member + $result = $object->fetch($id, $ref); + + // Define variables to know what current user can do on users + $canadduser = ($user->admin || $user->rights->user->user->creer); + // Define variables to know what current user can do on properties of user linked to edited member + if ($object->user_id) { + // $User is the user who edits, $object->user_id is the id of the related user in the edited member + $caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer) + || (($user->id != $object->user_id) && $user->rights->user->user->creer)); + $caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password) + || (($user->id != $object->user_id) && $user->rights->user->user->password)); + } } +// Define variables to determine what the current user can do on the members +$canaddmember = $user->rights->adherent->creer; +// Define variables to determine what the current user can do on the properties of a member +if ($id) { + $caneditfieldmember = $user->rights->adherent->creer; +} + +// Security check +$result = restrictedArea($user, 'adherent', $object->id, '', '', 'socid', 'rowid', 0); + /* * Actions diff --git a/htdocs/adherents/note.php b/htdocs/adherents/note.php index 26fec04a5e6..91946094a9a 100644 --- a/htdocs/adherents/note.php +++ b/htdocs/adherents/note.php @@ -33,9 +33,7 @@ $langs->loadLangs(array("companies", "members", "bills")); $action = GETPOST('action', 'aZ09'); $id = GETPOST('id', 'int'); - -// Security check -$result = restrictedArea($user, 'adherent', $id); +$ref = GETPOST('ref', 'alphanohtml'); $object = new Adherent($db); $result = $object->fetch($id); @@ -46,6 +44,34 @@ if ($result > 0) { $permissionnote = $user->rights->adherent->creer; // Used by the include of actions_setnotes.inc.php +// Fetch object +if ($id > 0 || !empty($ref)) { + // Load member + $result = $object->fetch($id, $ref); + + // Define variables to know what current user can do on users + $canadduser = ($user->admin || $user->rights->user->user->creer); + // Define variables to know what current user can do on properties of user linked to edited member + if ($object->user_id) { + // $User is the user who edits, $object->user_id is the id of the related user in the edited member + $caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer) + || (($user->id != $object->user_id) && $user->rights->user->user->creer)); + $caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password) + || (($user->id != $object->user_id) && $user->rights->user->user->password)); + } +} + +// Define variables to determine what the current user can do on the members +$canaddmember = $user->rights->adherent->creer; +// Define variables to determine what the current user can do on the properties of a member +if ($id) { + $caneditfieldmember = $user->rights->adherent->creer; +} + +// Security check +$result = restrictedArea($user, 'adherent', $object->id, '', '', 'socid', 'rowid', 0); + + /* * Actions */ diff --git a/htdocs/adherents/subscription.php b/htdocs/adherents/subscription.php index ecc0e1cfe47..54729e5ba8a 100644 --- a/htdocs/adherents/subscription.php +++ b/htdocs/adherents/subscription.php @@ -42,7 +42,9 @@ $langs->loadLangs(array("companies", "bills", "members", "users", "mails", 'othe $action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); -$rowid = GETPOST('rowid', 'int') ?GETPOST('rowid', 'int') : GETPOST('id', 'int'); +$id = GETPOST('rowid', 'int') ?GETPOST('rowid', 'int') : GETPOST('id', 'int'); +$rowid = $id; +$ref = GETPOST('ref', 'alphanohtml'); $typeid = GETPOST('typeid', 'int'); $cancel = GETPOST('cancel'); @@ -66,10 +68,6 @@ if (!$sortorder) { $sortorder = "DESC"; } - -// Security check -$result = restrictedArea($user, 'adherent', $rowid, '', 'cotisation'); - $object = new Adherent($db); $extrafields = new ExtraFields($db); $adht = new AdherentType($db); @@ -82,29 +80,6 @@ $errmsg = ''; $defaultdelay = 1; $defaultdelayunit = 'y'; -if ($rowid) { - // Load member - $result = $object->fetch($rowid); - - // Define variables to know what current user can do on users - $canadduser = ($user->admin || $user->rights->user->user->creer); - // Define variables to know what current user can do on properties of user linked to edited member - if ($object->user_id) { - // $user is the user editing, $object->user_id is the user's id linked to the edited member - $caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer) - || (($user->id != $object->user_id) && $user->rights->user->user->creer)); - $caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password) - || (($user->id != $object->user_id) && $user->rights->user->user->password)); - } -} - -// Define variables to know what current user can do on members -$canaddmember = $user->rights->adherent->creer; -// Define variables to know what current user can do on properties of a member -if ($rowid) { - $caneditfieldmember = $user->rights->adherent->creer; -} - // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('subscription')); @@ -117,6 +92,33 @@ $datefrom = 0; $dateto = 0; $paymentdate = -1; +// Fetch object +if ($id > 0 || !empty($ref)) { + // Load member + $result = $object->fetch($id, $ref); + + // Define variables to know what current user can do on users + $canadduser = ($user->admin || $user->rights->user->user->creer); + // Define variables to know what current user can do on properties of user linked to edited member + if ($object->user_id) { + // $User is the user who edits, $object->user_id is the id of the related user in the edited member + $caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer) + || (($user->id != $object->user_id) && $user->rights->user->user->creer)); + $caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password) + || (($user->id != $object->user_id) && $user->rights->user->user->password)); + } +} + +// Define variables to determine what the current user can do on the members +$canaddmember = $user->rights->adherent->creer; +// Define variables to determine what the current user can do on the properties of a member +if ($id) { + $caneditfieldmember = $user->rights->adherent->creer; +} + +// Security check +$result = restrictedArea($user, 'adherent', $object->id, '', '', 'socid', 'rowid', 0); + /* * Actions diff --git a/htdocs/adherents/vcard.php b/htdocs/adherents/vcard.php index a53cacd2212..902206c7874 100644 --- a/htdocs/adherents/vcard.php +++ b/htdocs/adherents/vcard.php @@ -30,71 +30,100 @@ require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/vcard.class.php'; -$adherent = new adherent($db); - - $id = GETPOST('id', 'int'); +$ref = GETPOST('ref', 'alphanohtml'); + +$object = new adherent($db); + +// Fetch object +if ($id > 0 || !empty($ref)) { + // Load member + $result = $object->fetch($id, $ref); + + // Define variables to know what current user can do on users + $canadduser = ($user->admin || $user->rights->user->user->creer); + // Define variables to know what current user can do on properties of user linked to edited member + if ($object->user_id) { + // $User is the user who edits, $object->user_id is the id of the related user in the edited member + $caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer) + || (($user->id != $object->user_id) && $user->rights->user->user->creer)); + $caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password) + || (($user->id != $object->user_id) && $user->rights->user->user->password)); + } +} + +// Define variables to determine what the current user can do on the members +$canaddmember = $user->rights->adherent->creer; +// Define variables to determine what the current user can do on the properties of a member +if ($id) { + $caneditfieldmember = $user->rights->adherent->creer; +} // Security check -$result = restrictedArea($user, 'adherent', $id, '', '', 'socid', 'rowid', $objcanvas); +$result = restrictedArea($user, 'adherent', $object->id, '', '', 'socid', 'rowid', 0); -$result = $adherent->fetch($id); -if ($result <= 0) { - dol_print_error($adherent->error); - exit; -} +/* + * Actions + */ -$physicalperson = 1; +// None + + +/* + * View + */ $company = new Societe($db); -if ($adherent->socid) { - $result = $company->fetch($adherent->socid); +if ($object->socid) { + $result = $company->fetch($object->socid); } + + // We create VCard $v = new vCard(); $v->setProdId('Dolibarr '.DOL_VERSION); -$v->setUid('DOLIBARR-ADHERENTID-'.$adherent->id); -$v->setName($adherent->lastname, $adherent->firstname, "", $adherent->civility, ""); -$v->setFormattedName($adherent->getFullName($langs, 1)); +$v->setUid('DOLIBARR-ADHERENTID-'.$object->id); +$v->setName($object->lastname, $object->firstname, "", $object->civility, ""); +$v->setFormattedName($object->getFullName($langs, 1)); -$v->setPhoneNumber($adherent->phone_pro, "TYPE=WORK;VOICE"); -//$v->setPhoneNumber($adherent->phone_perso,"TYPE=HOME;VOICE"); -$v->setPhoneNumber($adherent->phone_mobile, "TYPE=CELL;VOICE"); -$v->setPhoneNumber($adherent->fax, "TYPE=WORK;FAX"); +$v->setPhoneNumber($object->phone_pro, "TYPE=WORK;VOICE"); +//$v->setPhoneNumber($object->phone_perso,"TYPE=HOME;VOICE"); +$v->setPhoneNumber($object->phone_mobile, "TYPE=CELL;VOICE"); +$v->setPhoneNumber($object->fax, "TYPE=WORK;FAX"); -$country = $adherent->country_code ? $adherent->country : ''; +$country = $object->country_code ? $object->country : ''; -$v->setAddress("", "", $adherent->address, $adherent->town, $adherent->state, $adherent->zip, $country, "TYPE=WORK;POSTAL"); -$v->setLabel("", "", $adherent->address, $adherent->town, $adherent->state, $adherent->zip, $country, "TYPE=WORK"); +$v->setAddress("", "", $object->address, $object->town, $object->state, $object->zip, $country, "TYPE=WORK;POSTAL"); +$v->setLabel("", "", $object->address, $object->town, $object->state, $object->zip, $country, "TYPE=WORK"); -$v->setEmail($adherent->email); -$v->setNote($adherent->note_public); -$v->setTitle($adherent->poste); +$v->setEmail($object->email); +$v->setNote($object->note_public); +$v->setTitle($object->poste); // Data from linked company if ($company->id) { $v->setURL($company->url, "TYPE=WORK"); - if (!$adherent->phone_pro) { + if (!$object->phone_pro) { $v->setPhoneNumber($company->phone, "TYPE=WORK;VOICE"); } - if (!$adherent->fax) { + if (!$object->fax) { $v->setPhoneNumber($company->fax, "TYPE=WORK;FAX"); } - if (!$adherent->zip) { + if (!$object->zip) { $v->setAddress("", "", $company->address, $company->town, $company->state, $company->zip, $company->country, "TYPE=WORK;POSTAL"); } // when company e-mail is empty, use only adherent e-mail if (empty(trim($company->email))) { // was set before, don't set twice - } elseif (empty(trim($adherent->email))) { + } elseif (empty(trim($object->email))) { // when adherent e-mail is empty, use only company e-mail $v->setEmail($company->email); - } elseif (strtolower(end(explode("@", $adherent->email))) == strtolower(end(explode("@", $company->email)))) { + } elseif (strtolower(end(explode("@", $object->email))) == strtolower(end(explode("@", $company->email)))) { // when e-mail domain of adherent and company are the same, use adherent e-mail at first (and company e-mail at second) - $v->setEmail($adherent->email); + $v->setEmail($object->email); // support by Microsoft Outlook (2019 and possible earlier) $v->setEmail($company->email, 'INTERNET'); @@ -103,7 +132,7 @@ if ($company->id) { $v->setEmail($company->email); // support by Microsoft Outlook (2019 and possible earlier) - $v->setEmail($adherent->email, 'INTERNET'); + $v->setEmail($object->email, 'INTERNET'); } // Si adherent lie a un tiers non de type "particulier" @@ -113,9 +142,9 @@ if ($company->id) { } // Personal informations -$v->setPhoneNumber($adherent->phone_perso, "TYPE=HOME;VOICE"); -if ($adherent->birth) { - $v->setBirthday($adherent->birth); +$v->setPhoneNumber($object->phone_perso, "TYPE=HOME;VOICE"); +if ($object->birth) { + $v->setBirthday($object->birth); } $db->close();