lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX #yogosha5747

Browse Source
This commit is contained in:
Laurent Destailleur 2021-03-29 15:24:47 +02:00
parent ce1f8289a4
commit 78d7cfffa8
7 changed files with 196 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
htdocs/adherents/card.php
View File

@ -84,12 +84,10 @@ if (!empty($canvas)) {
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('membercard', 'globalcard')); $hookmanager->initHooks(array('membercard', 'globalcard'));
// Security check // Fetch object
$result = restrictedArea($user, 'adherent', $id, '', '', 'socid', 'rowid', 0); if ($id > 0 || !empty($ref)) {
if ($id > 0) {
// Load member // Load member
$result = $object->fetch($id); $result = $object->fetch($id, $ref);
// Define variables to know what current user can do on users // Define variables to know what current user can do on users
$canadduser = ($user->admin || $user->rights->user->user->creer); $canadduser = ($user->admin || $user->rights->user->user->creer);
@ -97,9 +95,9 @@ if ($id > 0) {
if ($object->user_id) { if ($object->user_id) {
// $User is the user who edits, $object->user_id is the id of the related user in the edited member // $User is the user who edits, $object->user_id is the id of the related user in the edited member
$caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer) $caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer)
|| (($user->id != $object->user_id) && $user->rights->user->user->creer)); || (($user->id != $object->user_id) && $user->rights->user->user->creer));
$caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password) $caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password)
|| (($user->id != $object->user_id) && $user->rights->user->user->password)); || (($user->id != $object->user_id) && $user->rights->user->user->password));
} }
} }
@ -110,6 +108,8 @@ if ($id) {
$caneditfieldmember = $user->rights->adherent->creer; $caneditfieldmember = $user->rights->adherent->creer;
} }
// Security check
$result = restrictedArea($user, 'adherent', $object->id, '', '', 'socid', 'rowid', 0);
/* /*

32
htdocs/adherents/document.php
View File

@ -42,9 +42,6 @@ $ref = GETPOST('ref', 'alphanohtml');
$action = GETPOST('action', 'aZ09'); $action = GETPOST('action', 'aZ09');
$confirm = GETPOST('confirm', 'alpha'); $confirm = GETPOST('confirm', 'alpha');
// Security check
$result = restrictedArea($user, 'adherent', $id);
// Get parameters // Get parameters
$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST("sortfield", 'alpha'); $sortfield = GETPOST("sortfield", 'alpha');
@ -63,8 +60,6 @@ if (!$sortfield) {
$sortfield = "name"; $sortfield = "name";
} }
$form = new Form($db);
$object = new Adherent($db); $object = new Adherent($db);
$membert = new AdherentType($db); $membert = new AdherentType($db);
$result = $object->fetch($id, $ref); $result = $object->fetch($id, $ref);
@ -74,6 +69,33 @@ if ($result < 0) {
} }
$upload_dir = $conf->adherent->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'member'); $upload_dir = $conf->adherent->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'member');
// Fetch object
if ($id > 0 || !empty($ref)) {
// Load member
$result = $object->fetch($id, $ref);
// Define variables to know what current user can do on users
$canadduser = ($user->admin || $user->rights->user->user->creer);
// Define variables to know what current user can do on properties of user linked to edited member
if ($object->user_id) {
// $User is the user who edits, $object->user_id is the id of the related user in the edited member
$caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer)
|| (($user->id != $object->user_id) && $user->rights->user->user->creer));
$caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password)
|| (($user->id != $object->user_id) && $user->rights->user->user->password));
}
}
// Define variables to determine what the current user can do on the members
$canaddmember = $user->rights->adherent->creer;
// Define variables to determine what the current user can do on the properties of a member
if ($id) {
$caneditfieldmember = $user->rights->adherent->creer;
}
// Security check
$result = restrictedArea($user, 'adherent', $object->id, '', '', 'socid', 'rowid', 0);
/* /*
* Actions * Actions

21
htdocs/adherents/htpasswd.php
View File

@ -26,7 +26,16 @@
require '../main.inc.php'; require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
$status = GETPOST('status', 'int');
$cotis = GETPOST('cotis', 'int');
$sortfield = GETPOST('sortfield', 'alphanohtml');
$sortorder = GETPOST('sortorder', 'aZ09');
// Security check // Security check
if (empty($conf->adherent->enabled)) {
accessforbidden();
}
if (!$user->rights->adherent->export) { if (!$user->rights->adherent->export) {
accessforbidden(); accessforbidden();
} }
@ -46,19 +55,10 @@ if (empty($sortorder)) {
if (empty($sortfield)) { if (empty($sortfield)) {
$sortfield = "d.login"; $sortfield = "d.login";
} }
if (!isset($statut)) {
$statut = 1;
}
if (!isset($cotis)) {
// by default, members must be up to date of subscription
$cotis = 1;
}
$sql = "SELECT d.login, d.pass, d.datefin"; $sql = "SELECT d.login, d.pass, d.datefin";
$sql .= " FROM ".MAIN_DB_PREFIX."adherent as d "; $sql .= " FROM ".MAIN_DB_PREFIX."adherent as d ";
$sql .= " WHERE d.statut = ".$statut; $sql .= " WHERE d.statut = ".((int) $status);
if ($cotis == 1) { if ($cotis == 1) {
$sql .= " AND datefin > '".$db->idate($now)."'"; $sql .= " AND datefin > '".$db->idate($now)."'";
} }
@ -70,6 +70,7 @@ if ($resql) {
$num = $db->num_rows($resql); $num = $db->num_rows($resql);
$i = 0; $i = 0;
$param = '';
print_barre_liste($langs->trans("HTPasswordExport"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', 0); print_barre_liste($langs->trans("HTPasswordExport"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', 0);
print "<hr>\n"; print "<hr>\n";

33
htdocs/adherents/ldap.php
View File

@ -32,7 +32,8 @@ require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent_type.class.php';
// Load translation files required by the page // Load translation files required by the page
$langs->loadLangs(array("companies", "members", "ldap", "admin")); $langs->loadLangs(array("companies", "members", "ldap", "admin"));
$rowid = GETPOST('id', 'int'); $id = GETPOST('id', 'int');
$ref = GETPOST('ref', 'alphanohtml');
$action = GETPOST('action', 'aZ09'); $action = GETPOST('action', 'aZ09');
// Protection // Protection
@ -42,12 +43,34 @@ if ($user->socid > 0) {
} }
$object = new Adherent($db); $object = new Adherent($db);
$result = $object->fetch($rowid);
if (!$result) { // Fetch object
dol_print_error($db, "Failed to get adherent: ".$object->error); if ($id > 0 || !empty($ref)) {
exit; // Load member
$result = $object->fetch($id, $ref);
// Define variables to know what current user can do on users
$canadduser = ($user->admin || $user->rights->user->user->creer);
// Define variables to know what current user can do on properties of user linked to edited member
if ($object->user_id) {
// $User is the user who edits, $object->user_id is the id of the related user in the edited member
$caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer)
|| (($user->id != $object->user_id) && $user->rights->user->user->creer));
$caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password)
|| (($user->id != $object->user_id) && $user->rights->user->user->password));
}
} }
// Define variables to determine what the current user can do on the members
$canaddmember = $user->rights->adherent->creer;
// Define variables to determine what the current user can do on the properties of a member
if ($id) {
$caneditfieldmember = $user->rights->adherent->creer;
}
// Security check
$result = restrictedArea($user, 'adherent', $object->id, '', '', 'socid', 'rowid', 0);
/* /*
* Actions * Actions

32
htdocs/adherents/note.php
View File

@ -33,9 +33,7 @@ $langs->loadLangs(array("companies", "members", "bills"));
$action = GETPOST('action', 'aZ09'); $action = GETPOST('action', 'aZ09');
$id = GETPOST('id', 'int'); $id = GETPOST('id', 'int');
$ref = GETPOST('ref', 'alphanohtml');
// Security check
$result = restrictedArea($user, 'adherent', $id);
$object = new Adherent($db); $object = new Adherent($db);
$result = $object->fetch($id); $result = $object->fetch($id);
@ -46,6 +44,34 @@ if ($result > 0) {
$permissionnote = $user->rights->adherent->creer; // Used by the include of actions_setnotes.inc.php $permissionnote = $user->rights->adherent->creer; // Used by the include of actions_setnotes.inc.php
// Fetch object
if ($id > 0 || !empty($ref)) {
// Load member
$result = $object->fetch($id, $ref);
// Define variables to know what current user can do on users
$canadduser = ($user->admin || $user->rights->user->user->creer);
// Define variables to know what current user can do on properties of user linked to edited member
if ($object->user_id) {
// $User is the user who edits, $object->user_id is the id of the related user in the edited member
$caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer)
|| (($user->id != $object->user_id) && $user->rights->user->user->creer));
$caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password)
|| (($user->id != $object->user_id) && $user->rights->user->user->password));
}
}
// Define variables to determine what the current user can do on the members
$canaddmember = $user->rights->adherent->creer;
// Define variables to determine what the current user can do on the properties of a member
if ($id) {
$caneditfieldmember = $user->rights->adherent->creer;
}
// Security check
$result = restrictedArea($user, 'adherent', $object->id, '', '', 'socid', 'rowid', 0);
/* /*
* Actions * Actions
*/ */

58
htdocs/adherents/subscription.php
View File

@ -42,7 +42,9 @@ $langs->loadLangs(array("companies", "bills", "members", "users", "mails", 'othe
$action = GETPOST('action', 'aZ09'); $action = GETPOST('action', 'aZ09');
$confirm = GETPOST('confirm', 'alpha'); $confirm = GETPOST('confirm', 'alpha');
$rowid = GETPOST('rowid', 'int') ?GETPOST('rowid', 'int') : GETPOST('id', 'int'); $id = GETPOST('rowid', 'int') ?GETPOST('rowid', 'int') : GETPOST('id', 'int');
$rowid = $id;
$ref = GETPOST('ref', 'alphanohtml');
$typeid = GETPOST('typeid', 'int'); $typeid = GETPOST('typeid', 'int');
$cancel = GETPOST('cancel'); $cancel = GETPOST('cancel');
@ -66,10 +68,6 @@ if (!$sortorder) {
$sortorder = "DESC"; $sortorder = "DESC";
} }
// Security check
$result = restrictedArea($user, 'adherent', $rowid, '', 'cotisation');
$object = new Adherent($db); $object = new Adherent($db);
$extrafields = new ExtraFields($db); $extrafields = new ExtraFields($db);
$adht = new AdherentType($db); $adht = new AdherentType($db);
@ -82,29 +80,6 @@ $errmsg = '';
$defaultdelay = 1; $defaultdelay = 1;
$defaultdelayunit = 'y'; $defaultdelayunit = 'y';
if ($rowid) {
// Load member
$result = $object->fetch($rowid);
// Define variables to know what current user can do on users
$canadduser = ($user->admin || $user->rights->user->user->creer);
// Define variables to know what current user can do on properties of user linked to edited member
if ($object->user_id) {
// $user is the user editing, $object->user_id is the user's id linked to the edited member
$caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer)
|| (($user->id != $object->user_id) && $user->rights->user->user->creer));
$caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password)
|| (($user->id != $object->user_id) && $user->rights->user->user->password));
}
}
// Define variables to know what current user can do on members
$canaddmember = $user->rights->adherent->creer;
// Define variables to know what current user can do on properties of a member
if ($rowid) {
$caneditfieldmember = $user->rights->adherent->creer;
}
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('subscription')); $hookmanager->initHooks(array('subscription'));
@ -117,6 +92,33 @@ $datefrom = 0;
$dateto = 0; $dateto = 0;
$paymentdate = -1; $paymentdate = -1;
// Fetch object
if ($id > 0 || !empty($ref)) {
// Load member
$result = $object->fetch($id, $ref);
// Define variables to know what current user can do on users
$canadduser = ($user->admin || $user->rights->user->user->creer);
// Define variables to know what current user can do on properties of user linked to edited member
if ($object->user_id) {
// $User is the user who edits, $object->user_id is the id of the related user in the edited member
$caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer)
|| (($user->id != $object->user_id) && $user->rights->user->user->creer));
$caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password)
|| (($user->id != $object->user_id) && $user->rights->user->user->password));
}
}
// Define variables to determine what the current user can do on the members
$canaddmember = $user->rights->adherent->creer;
// Define variables to determine what the current user can do on the properties of a member
if ($id) {
$caneditfieldmember = $user->rights->adherent->creer;
}
// Security check
$result = restrictedArea($user, 'adherent', $object->id, '', '', 'socid', 'rowid', 0);
/* /*
* Actions * Actions

99
htdocs/adherents/vcard.php
View File

@ -30,71 +30,100 @@ require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php';
require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/vcard.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/vcard.class.php';
$adherent = new adherent($db);
$id = GETPOST('id', 'int'); $id = GETPOST('id', 'int');
$ref = GETPOST('ref', 'alphanohtml');
$object = new adherent($db);
// Fetch object
if ($id > 0 || !empty($ref)) {
// Load member
$result = $object->fetch($id, $ref);
// Define variables to know what current user can do on users
$canadduser = ($user->admin || $user->rights->user->user->creer);
// Define variables to know what current user can do on properties of user linked to edited member
if ($object->user_id) {
// $User is the user who edits, $object->user_id is the id of the related user in the edited member
$caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer)
|| (($user->id != $object->user_id) && $user->rights->user->user->creer));
$caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password)
|| (($user->id != $object->user_id) && $user->rights->user->user->password));
}
}
// Define variables to determine what the current user can do on the members
$canaddmember = $user->rights->adherent->creer;
// Define variables to determine what the current user can do on the properties of a member
if ($id) {
$caneditfieldmember = $user->rights->adherent->creer;
}
// Security check // Security check
$result = restrictedArea($user, 'adherent', $id, '', '', 'socid', 'rowid', $objcanvas); $result = restrictedArea($user, 'adherent', $object->id, '', '', 'socid', 'rowid', 0);
$result = $adherent->fetch($id); /*
if ($result <= 0) { * Actions
dol_print_error($adherent->error); */
exit;
}
$physicalperson = 1; // None
/*
* View
*/
$company = new Societe($db); $company = new Societe($db);
if ($adherent->socid) { if ($object->socid) {
$result = $company->fetch($adherent->socid); $result = $company->fetch($object->socid);
} }
// We create VCard // We create VCard
$v = new vCard(); $v = new vCard();
$v->setProdId('Dolibarr '.DOL_VERSION); $v->setProdId('Dolibarr '.DOL_VERSION);
$v->setUid('DOLIBARR-ADHERENTID-'.$adherent->id); $v->setUid('DOLIBARR-ADHERENTID-'.$object->id);
$v->setName($adherent->lastname, $adherent->firstname, "", $adherent->civility, ""); $v->setName($object->lastname, $object->firstname, "", $object->civility, "");
$v->setFormattedName($adherent->getFullName($langs, 1)); $v->setFormattedName($object->getFullName($langs, 1));
$v->setPhoneNumber($adherent->phone_pro, "TYPE=WORK;VOICE"); $v->setPhoneNumber($object->phone_pro, "TYPE=WORK;VOICE");
//$v->setPhoneNumber($adherent->phone_perso,"TYPE=HOME;VOICE"); //$v->setPhoneNumber($object->phone_perso,"TYPE=HOME;VOICE");
$v->setPhoneNumber($adherent->phone_mobile, "TYPE=CELL;VOICE"); $v->setPhoneNumber($object->phone_mobile, "TYPE=CELL;VOICE");
$v->setPhoneNumber($adherent->fax, "TYPE=WORK;FAX"); $v->setPhoneNumber($object->fax, "TYPE=WORK;FAX");
$country = $adherent->country_code ? $adherent->country : ''; $country = $object->country_code ? $object->country : '';
$v->setAddress("", "", $adherent->address, $adherent->town, $adherent->state, $adherent->zip, $country, "TYPE=WORK;POSTAL"); $v->setAddress("", "", $object->address, $object->town, $object->state, $object->zip, $country, "TYPE=WORK;POSTAL");
$v->setLabel("", "", $adherent->address, $adherent->town, $adherent->state, $adherent->zip, $country, "TYPE=WORK"); $v->setLabel("", "", $object->address, $object->town, $object->state, $object->zip, $country, "TYPE=WORK");
$v->setEmail($adherent->email); $v->setEmail($object->email);
$v->setNote($adherent->note_public); $v->setNote($object->note_public);
$v->setTitle($adherent->poste); $v->setTitle($object->poste);
// Data from linked company // Data from linked company
if ($company->id) { if ($company->id) {
$v->setURL($company->url, "TYPE=WORK"); $v->setURL($company->url, "TYPE=WORK");
if (!$adherent->phone_pro) { if (!$object->phone_pro) {
$v->setPhoneNumber($company->phone, "TYPE=WORK;VOICE"); $v->setPhoneNumber($company->phone, "TYPE=WORK;VOICE");
} }
if (!$adherent->fax) { if (!$object->fax) {
$v->setPhoneNumber($company->fax, "TYPE=WORK;FAX"); $v->setPhoneNumber($company->fax, "TYPE=WORK;FAX");
} }
if (!$adherent->zip) { if (!$object->zip) {
$v->setAddress("", "", $company->address, $company->town, $company->state, $company->zip, $company->country, "TYPE=WORK;POSTAL"); $v->setAddress("", "", $company->address, $company->town, $company->state, $company->zip, $company->country, "TYPE=WORK;POSTAL");
} }
// when company e-mail is empty, use only adherent e-mail // when company e-mail is empty, use only adherent e-mail
if (empty(trim($company->email))) { if (empty(trim($company->email))) {
// was set before, don't set twice // was set before, don't set twice
} elseif (empty(trim($adherent->email))) { } elseif (empty(trim($object->email))) {
// when adherent e-mail is empty, use only company e-mail // when adherent e-mail is empty, use only company e-mail
$v->setEmail($company->email); $v->setEmail($company->email);
} elseif (strtolower(end(explode("@", $adherent->email))) == strtolower(end(explode("@", $company->email)))) { } elseif (strtolower(end(explode("@", $object->email))) == strtolower(end(explode("@", $company->email)))) {
// when e-mail domain of adherent and company are the same, use adherent e-mail at first (and company e-mail at second) // when e-mail domain of adherent and company are the same, use adherent e-mail at first (and company e-mail at second)
$v->setEmail($adherent->email); $v->setEmail($object->email);
// support by Microsoft Outlook (2019 and possible earlier) // support by Microsoft Outlook (2019 and possible earlier)
$v->setEmail($company->email, 'INTERNET'); $v->setEmail($company->email, 'INTERNET');
@ -103,7 +132,7 @@ if ($company->id) {
$v->setEmail($company->email); $v->setEmail($company->email);
// support by Microsoft Outlook (2019 and possible earlier) // support by Microsoft Outlook (2019 and possible earlier)
$v->setEmail($adherent->email, 'INTERNET'); $v->setEmail($object->email, 'INTERNET');
} }
// Si adherent lie a un tiers non de type "particulier" // Si adherent lie a un tiers non de type "particulier"
@ -113,9 +142,9 @@ if ($company->id) {
} }
// Personal informations // Personal informations
$v->setPhoneNumber($adherent->phone_perso, "TYPE=HOME;VOICE"); $v->setPhoneNumber($object->phone_perso, "TYPE=HOME;VOICE");
if ($adherent->birth) { if ($object->birth) {
$v->setBirthday($adherent->birth); $v->setBirthday($object->birth);
} }
$db->close(); $db->close();