diff --git a/htdocs/api/class/api_access.class.php b/htdocs/api/class/api_access.class.php index e5cc664fa0e..541682101c6 100644 --- a/htdocs/api/class/api_access.class.php +++ b/htdocs/api/class/api_access.class.php @@ -144,6 +144,7 @@ class DolibarrApiAccess implements iAuthenticate throw new RestException(503, 'Error when searching login user from api key'); } + $genericmessageerroruser = 'Error user not valid (not found or bad status or bad validity dates) (conf->entity='.$conf->entity.')'; $fuser = new User($this->db); @@ -151,21 +152,27 @@ class DolibarrApiAccess implements iAuthenticate if ($result <= 0) { throw new RestException(503, $genericmessageerroruser); } - if ($fuser->statut == 0) { - throw new RestException(503, 'Error when fetching user. This user has been locked or disabled'); - } - $now = dol_now(); - - // Check date start validity - if ($fuser->datestartvalidity && $this->db->jdate($fuser->datestartvalidity) > $now) { - throw new RestException(503, $genericmessageerroruser); - } - // Check date end validity - if ($fuser->dateendvalidity && $this->db->jdate($fuser->dateendvalidity) < dol_get_first_hour($now)) { + // Check if user status is enabled + if ($fuser->statut != $fuser::STATUS_ENABLED) { + // Status is disabled + dol_syslog("The user has been disabled"); throw new RestException(503, $genericmessageerroruser); } + // Check if session was unvalidated by a password change + if (($fuser->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $fuser->flagdelsessionsbefore > $_SESSION["dol_logindate"])) { + // Session is no more valid + dol_syslog("The user has a date for session invalidation = ".$fuser->flagdelsessionsbefore." and a session date = ".$_SESSION["dol_logindate"].". We must invalidate its sessions."); + throw new RestException(503, $genericmessageerroruser); + } + + // Check date validity + if ($fuser->isNotIntoValidityDateRange()) { + // User validity dates are no more valid + dol_syslog("The user login has a validity between [".$fuser->datestartvalidity." and ".$fuser->dateendvalidity."], curren date is ".dol_now()); + throw new RestException(503, $genericmessageerroruser); + } // User seems valid $fuser->getrights(); diff --git a/htdocs/comm/card.php b/htdocs/comm/card.php index 9c848883332..46343919cb6 100644 --- a/htdocs/comm/card.php +++ b/htdocs/comm/card.php @@ -1427,7 +1427,7 @@ if ($object->id > 0) { $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $object->id); $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= ' GROUP BY f.rowid, f.ref, f.type, f.total_ht, f.total_tva, f.total_ttc,'; - $sql .= ' f.entity, f.datef, f.datec, f.paye, f.fk_statut,'; + $sql .= ' f.entity, f.datef, f.date_lim_reglement, f.datec, f.paye, f.fk_statut,'; $sql .= ' s.nom, s.rowid'; $sql .= " ORDER BY f.datef DESC, f.datec DESC"; @@ -1441,7 +1441,7 @@ if ($object->id > 0) { print ''; print ''; - print '
'; + print ''; print ''; @@ -1458,6 +1458,8 @@ if ($object->id > 0) { $facturestatic->total_tva = $objp->total_tva; $facturestatic->total_ttc = $objp->total_ttc; $facturestatic->statut = $objp->status; + $facturestatic->date = $db->jdate($objp->df); + $facturestatic->date_lim_reglement = $db->jdate($objp->dl); print ''; print ''; if ($objp->df > 0) { - print ''; + print ''; } else { - print ''; + print ''; } if ($objp->dl > 0) { - print ''; + print ''; } else { - print ''; + print ''; } print ''; print ''; - print ''; + print ''; print "\n"; } if ($status == 4 && !$bool) { @@ -224,7 +224,7 @@ foreach ($listofstatus as $status) { if (empty($conf->use_javascript_ajax)) { print ''; print ''; - print ''; + print ''; if ($status == 4 && !$bool) { $bool = true; } else { @@ -622,7 +622,7 @@ if ($resql) { print '
'; print '
'.$langs->trans("LastCustomersBills", ($num <= $MAXLIST ? "" : $MAXLIST)).''.$langs->trans("AllBills").''.$num.''; print ''; print '
'.$langs->trans("LastCustomersBills", ($num <= $MAXLIST ? "" : $MAXLIST)).''.$langs->trans("AllBills").''.$num.''.img_picto($langs->trans("Statistics"), 'stats').'
'; @@ -1493,14 +1495,14 @@ if ($object->id > 0) { //print $formfile->getDocumentsLink($facturestatic->element, $filename, $filedir); print ''.$langs->trans('DateInvoice').": ".dol_print_date($db->jdate($objp->df), 'day').''.dol_print_date($db->jdate($objp->df), 'day').'!!!!!!'.$langs->trans('DateMaxPayment').": ".dol_print_date($db->jdate($objp->dl), 'day').''.dol_print_date($db->jdate($objp->dl), 'day').'!!!!!!'; print price($objp->total_ht); diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 0357459052b..ad2cbcea84b 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -243,7 +243,6 @@ class Contrat extends CommonObject 'model_pdf' =>array('type'=>'varchar(255)', 'label'=>'Model pdf', 'enabled'=>1, 'visible'=>0, 'position'=>115), 'import_key' =>array('type'=>'varchar(14)', 'label'=>'ImportId', 'enabled'=>1, 'visible'=>-2, 'position'=>120), 'extraparams' =>array('type'=>'varchar(255)', 'label'=>'Extraparams', 'enabled'=>1, 'visible'=>-1, 'position'=>125), - 'ref_customer' =>array('type'=>'varchar(50)', 'label'=>'Ref customer', 'enabled'=>1, 'visible'=>-1, 'position'=>130), 'fk_user_modif' =>array('type'=>'integer:User:user/class/user.class.php', 'label'=>'UserModif', 'enabled'=>1, 'visible'=>-2, 'notnull'=>-1, 'position'=>135), 'last_main_doc' =>array('type'=>'varchar(255)', 'label'=>'Last main doc', 'enabled'=>1, 'visible'=>-1, 'position'=>140), 'statut' =>array('type'=>'smallint(6)', 'label'=>'Statut', 'enabled'=>1, 'visible'=>-1, 'position'=>500, 'notnull'=>1, 'arrayofkeyval'=>array(0=>'Draft', 1=>'Validated', 2=>'Closed')) @@ -2250,15 +2249,15 @@ class Contrat extends CommonObject $warning_delay = $conf->contrat->services->inactifs->warning_delay; $label = $langs->trans("BoardNotActivatedServices"); $labelShort = $langs->trans("BoardNotActivatedServicesShort"); - $url = DOL_URL_ROOT.'/contrat/services_list.php?mainmenu=commercial&leftmenu=contracts&mode=0&sortfield=cd.date_fin_validite&sortorder=asc'; + $url = DOL_URL_ROOT.'/contrat/services_list.php?mainmenu=commercial&leftmenu=contracts&search_status=0&sortfield=cd.date_fin_validite&sortorder=asc'; } elseif ($mode == 'expired') { $warning_delay = $conf->contrat->services->expires->warning_delay; - $url = DOL_URL_ROOT.'/contrat/services_list.php?mainmenu=commercial&leftmenu=contracts&mode=4&filter=expired&sortfield=cd.date_fin_validite&sortorder=asc'; + $url = DOL_URL_ROOT.'/contrat/services_list.php?mainmenu=commercial&leftmenu=contracts&search_status=4&filter=expired&sortfield=cd.date_fin_validite&sortorder=asc'; $label = $langs->trans("BoardExpiredServices"); $labelShort = $langs->trans("BoardExpiredServicesShort"); } else { $warning_delay = $conf->contrat->services->expires->warning_delay; - $url = DOL_URL_ROOT.'/contrat/services_list.php?mainmenu=commercial&leftmenu=contracts&mode=4&sortfield=cd.date_fin_validite&sortorder=asc'; + $url = DOL_URL_ROOT.'/contrat/services_list.php?mainmenu=commercial&leftmenu=contracts&search_status=4&sortfield=cd.date_fin_validite&sortorder=asc'; //$url.= '&op2day='.$arraydatetouse['mday'].'&op2month='.$arraydatetouse['mon'].'&op2year='.$arraydatetouse['year']; //if ($warning_delay >= 0) $url.='&filter=expired'; $label = $langs->trans("BoardRunningServices"); diff --git a/htdocs/contrat/index.php b/htdocs/contrat/index.php index c14775449c6..c40453ec7af 100644 --- a/htdocs/contrat/index.php +++ b/htdocs/contrat/index.php @@ -194,7 +194,7 @@ foreach ($listofstatus as $status) { if (empty($conf->use_javascript_ajax)) { print '
'.$staticcontratligne->LibStatut($status, 0, ($bool ? 1 : 0)).''.($nb[$status.$bool] ? $nb[$status.$bool] : 0).' '.$staticcontratligne->LibStatut($status, 3, ($bool ? 1 : 0)).''.($nb[$status.$bool] ? $nb[$status.$bool] : 0).' '.$staticcontratligne->LibStatut($status, 3, ($bool ? 1 : 0)).'
'.$staticcontratligne->LibStatut($status, 0, ($bool ? 1 : 0)).''.($nb[$status.$bool] ? $nb[$status.$bool] : 0).' '.$staticcontratligne->LibStatut($status, 3, ($bool ? 1 : 0)).''.($nb[$status.$bool] ? $nb[$status.$bool] : 0).' '.$staticcontratligne->LibStatut($status, 3, ($bool ? 1 : 0)).'
'; - print ''; + print ''; print "\n"; while ($i < $num) { diff --git a/htdocs/contrat/services_list.php b/htdocs/contrat/services_list.php index d42dc70f49a..47818081448 100644 --- a/htdocs/contrat/services_list.php +++ b/htdocs/contrat/services_list.php @@ -36,6 +36,7 @@ require_once DOL_DOCUMENT_ROOT."/societe/class/societe.class.php"; $langs->loadLangs(array('products', 'contracts', 'companies')); $optioncss = GETPOST('optioncss', 'aZ09'); +$mode = GETPOST("mode"); $massaction = GETPOST('massaction', 'alpha'); $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; @@ -55,11 +56,10 @@ if (!$sortorder) { $sortorder = "ASC"; } -$mode = GETPOST("mode"); -$filter = GETPOST("filter"); +$filter = GETPOST("filter", 'alpha'); $search_name = GETPOST("search_name", 'alpha'); $search_subprice = GETPOST("search_subprice", 'alpha'); -$search_qty = GETPOST("search_name", 'alpha'); +$search_qty = GETPOST("search_qty", 'alpha'); $search_total_ht = GETPOST("search_total_ht", 'alpha'); $search_total_tva = GETPOST("search_total_tva", 'alpha'); $search_total_ttc = GETPOST("search_total_ttc", 'alpha'); @@ -110,7 +110,6 @@ $result = restrictedArea($user, 'contrat', $contratid); if ($search_status != '') { $tmp = explode('&', $search_status); - $mode = $tmp[0]; if (empty($tmp[1])) { $filter = ''; } else { @@ -121,14 +120,6 @@ if ($search_status != '') { $filter = 'expired'; } } -} else { - $search_status = $mode; - if ($filter == 'expired') { - $search_status .= '&filter=expired'; - } - if ($filter == 'notexpired') { - $search_status .= '&filter=notexpired'; - } } $staticcontrat = new Contrat($db); @@ -144,10 +135,10 @@ $arrayfields = array( 'cd.qty'=>array('label'=>"Qty", 'checked'=>1, 'position'=>108), 'cd.total_ht'=>array('label'=>"TotalHT", 'checked'=>-1, 'position'=>109, 'isameasure'=>1), 'cd.total_tva'=>array('label'=>"TotalVAT", 'checked'=>-1, 'position'=>110), - 'cd.date_ouverture_prevue'=>array('label'=>"DateStartPlannedShort", 'checked'=>(($mode == "" || $mode == -1) || $mode == "0"), 'position'=>150), - 'cd.date_ouverture'=>array('label'=>"DateStartRealShort", 'checked'=>(($mode == "" || $mode == -1) || $mode > 0), 'position'=>160), - 'cd.date_fin_validite'=>array('label'=>"DateEndPlannedShort", 'checked'=>(($mode == "" || $mode == -1) || $mode < 5), 'position'=>170), - 'cd.date_cloture'=>array('label'=>"DateEndRealShort", 'checked'=>(($mode == "" || $mode == -1) || $mode >= 5), 'position'=>180), + 'cd.date_ouverture_prevue'=>array('label'=>"DateStartPlannedShort", 'checked'=>1, 'position'=>150), + 'cd.date_ouverture'=>array('label'=>"DateStartRealShort", 'checked'=>1, 'position'=>160), + 'cd.date_fin_validite'=>array('label'=>"DateEndPlannedShort", 'checked'=>1, 'position'=>170), + 'cd.date_cloture'=>array('label'=>"DateEndRealShort", 'checked'=>1, 'position'=>180), //'cd.datec'=>array('label'=>$langs->trans("DateCreation"), 'checked'=>0, 'position'=>500), 'cd.tms'=>array('label'=>"DateModificationShort", 'checked'=>0, 'position'=>500), 'status'=>array('label'=>"Status", 'checked'=>1, 'position'=>1000) @@ -209,7 +200,6 @@ if (empty($reshook)) { $opclotureday = ""; $opclotureyear = ""; $filter_opcloture = ""; - $mode = ''; $filter = ''; $toselect = array(); $search_array_options = array(); @@ -275,13 +265,13 @@ $sql .= " AND c.fk_soc = s.rowid"; if (empty($user->rights->societe->client->voir) && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } -if ($mode == "0") { +if ($search_status == "0") { $sql .= " AND cd.statut = 0"; } -if ($mode == "4") { +if ($search_status == "4") { $sql .= " AND cd.statut = 4"; } -if ($mode == "5") { +if ($search_status == "5") { $sql .= " AND cd.statut = 5"; } if ($filter == "expired") { @@ -294,7 +284,7 @@ if ($search_subprice) { $sql .= natural_search("cd.subprice", $search_subprice, 1); } if ($search_qty) { - $sql .= natural_search("cd.total_qty", $search_qty, 1); + $sql .= natural_search("cd.qty", $search_qty, 1); } if ($search_total_ht) { $sql .= natural_search("cd.total_ht", $search_total_ht, 1); @@ -417,6 +407,9 @@ if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) { if ($limit > 0 && $limit != $conf->liste_limit) { $param .= '&limit='.$limit; } +if ($mode) { + $param .= '&mode='.urlencode($mode); +} if ($search_contract) { $param .= '&search_contract='.urlencode($search_contract); } @@ -441,8 +434,8 @@ if ($search_total_ttc) { if ($search_service) { $param .= '&search_service='.urlencode($search_service); } -if ($mode) { - $param .= '&mode='.urlencode($mode); +if ($search_status) { + $param .= '&search_status='.urlencode($search_status); } if ($filter) { $param .= '&filter='.urlencode($filter); @@ -500,16 +493,16 @@ print ''; print ''; $title = $langs->trans("ListOfServices"); -if ($mode == "0") { +if ($search_status == "0") { $title = $langs->trans("ListOfInactiveServices"); // Must use == "0" } -if ($mode == "4" && $filter != "expired") { +if ($search_status == "4" && $filter != "expired") { $title = $langs->trans("ListOfRunningServices"); } -if ($mode == "4" && $filter == "expired") { +if ($search_status == "4" && $filter == "expired") { $title = $langs->trans("ListOfExpiredServices"); } -if ($mode == "5") { +if ($search_status == "5") { $title = $langs->trans("ListOfClosedServices"); } @@ -563,7 +556,7 @@ if (!empty($arrayfields['c.ref']['checked'])) { print ''; } // Service label @@ -964,6 +957,17 @@ while ($i < min($num, $limit)) { // Show total line include DOL_DOCUMENT_ROOT.'/core/tpl/list_print_total.tpl.php'; +// If no record found +if ($num == 0) { + $colspan = 1; + foreach ($arrayfields as $key => $val) { + if (!empty($val['checked'])) { + $colspan++; + } + } + print ''; +} + $db->free($resql); $parameters = array('sql' => $sql); diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php index f450d390dff..93da106aebd 100644 --- a/htdocs/core/lib/security2.lib.php +++ b/htdocs/core/lib/security2.lib.php @@ -96,7 +96,8 @@ function checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $auth // Call function to check user/password $function = 'check_user_password_'.$mode; $login = call_user_func($function, $usertotest, $passwordtotest, $entitytotest, $context); - if ($login && $login != '--bad-login-validity--') { // Login is successfull + if ($login && $login != '--bad-login-validity--') { + // Login is successfull with this method $test = false; // To stop once at first login success $conf->authmode = $mode; // This properties is defined only when logged to say what mode was successfully used /*$dol_tz = GETPOST('tz'); diff --git a/htdocs/core/login/functions_dolibarr.php b/htdocs/core/login/functions_dolibarr.php index 5f4b722ea1c..9b65bf4d877 100644 --- a/htdocs/core/login/functions_dolibarr.php +++ b/htdocs/core/login/functions_dolibarr.php @@ -74,24 +74,6 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes if ($resql) { $obj = $db->fetch_object($resql); if ($obj) { - $now = dol_now(); - // Check date start validity - if ($obj->datestartvalidity && $db->jdate($obj->datestartvalidity) > $now) { - // Load translation files required by the page - $langs->loadLangs(array('main', 'errors')); - $_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorLoginDateValidity"); - dol_syslog("functions_dolibarr::check_user_password_dolibarr bad datestart validity", LOG_WARNING); - return '--bad-login-validity--'; - } - // Check date end validity - if ($obj->dateendvalidity && $db->jdate($obj->dateendvalidity) < dol_get_first_hour($now)) { - // Load translation files required by the page - $langs->loadLangs(array('main', 'errors')); - $_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorLoginDateValidity"); - dol_syslog("functions_dolibarr::check_user_password_dolibarr bad date end validity", LOG_WARNING); - return '--bad-login-validity--'; - } - $passclear = $obj->pass; $passcrypted = $obj->pass_crypted; $passtyped = $passwordtotest; @@ -121,7 +103,7 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes if ((!$passcrypted || $passtyped) && ($passclear && ($passtyped == $passclear))) { $passok = true; - dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - found pass in database"); + dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - found old pass in database", LOG_WARNING); } } diff --git a/htdocs/core/menus/init_menu_auguria.sql b/htdocs/core/menus/init_menu_auguria.sql index cef586ad1da..5c819488971 100644 --- a/htdocs/core/menus/init_menu_auguria.sql +++ b/htdocs/core/menus/init_menu_auguria.sql @@ -205,10 +205,10 @@ insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, left insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->contrat->enabled', __HANDLER__, 'left', 1401__+MAX_llx_menu__, 'commercial', '', 1400__+MAX_llx_menu__, '/contrat/card.php?mainmenu=commercial&action=create&leftmenu=contracts', 'NewContract', 1, 'contracts', '$user->rights->contrat->creer', '', 2, 0, __ENTITY__); insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->contrat->enabled', __HANDLER__, 'left', 1402__+MAX_llx_menu__, 'commercial', '', 1400__+MAX_llx_menu__, '/contrat/list.php?mainmenu=commercial&leftmenu=contracts', 'List', 1, 'contracts', '$user->rights->contrat->lire', '', 2, 1, __ENTITY__); insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->contrat->enabled', __HANDLER__, 'left', 1403__+MAX_llx_menu__, 'commercial', '', 1400__+MAX_llx_menu__, '/contrat/services_list.php?mainmenu=commercial&leftmenu=contracts', 'MenuServices', 1, 'contracts', '$user->rights->contrat->lire', '', 2, 2, __ENTITY__); -insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->contrat->enabled && $leftmenu=="contracts"', __HANDLER__, 'left', 1404__+MAX_llx_menu__, 'commercial', '', 1403__+MAX_llx_menu__, '/contrat/services_list.php?mainmenu=commercial&leftmenu=contracts&mode=0', 'MenuInactiveServices', 2, 'contracts', '$user->rights->contrat->lire', '', 2, 0, __ENTITY__); -insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->contrat->enabled && $leftmenu=="contracts"', __HANDLER__, 'left', 1405__+MAX_llx_menu__, 'commercial', '', 1403__+MAX_llx_menu__, '/contrat/services_list.php?mainmenu=commercial&leftmenu=contracts&mode=4', 'MenuRunningServices', 2, 'contracts', '$user->rights->contrat->lire', '', 2, 1, __ENTITY__); -insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->contrat->enabled && $leftmenu=="contracts"', __HANDLER__, 'left', 1406__+MAX_llx_menu__, 'commercial', '', 1403__+MAX_llx_menu__, '/contrat/services_list.php?mainmenu=commercial&leftmenu=contracts&mode=4&filter=expired', 'MenuExpiredServices', 2, 'contracts', '$user->rights->contrat->lire', '', 2, 2, __ENTITY__); -insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->contrat->enabled && $leftmenu=="contracts"', __HANDLER__, 'left', 1407__+MAX_llx_menu__, 'commercial', '', 1403__+MAX_llx_menu__, '/contrat/services_list.php?mainmenu=commercial&leftmenu=contracts&mode=5', 'MenuClosedServices', 2, 'contracts', '$user->rights->contrat->lire', '', 2, 3, __ENTITY__); +insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->contrat->enabled && $leftmenu=="contracts"', __HANDLER__, 'left', 1404__+MAX_llx_menu__, 'commercial', '', 1403__+MAX_llx_menu__, '/contrat/services_list.php?mainmenu=commercial&leftmenu=contracts&search_status=0', 'MenuInactiveServices', 2, 'contracts', '$user->rights->contrat->lire', '', 2, 0, __ENTITY__); +insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->contrat->enabled && $leftmenu=="contracts"', __HANDLER__, 'left', 1405__+MAX_llx_menu__, 'commercial', '', 1403__+MAX_llx_menu__, '/contrat/services_list.php?mainmenu=commercial&leftmenu=contracts&search_status=4', 'MenuRunningServices', 2, 'contracts', '$user->rights->contrat->lire', '', 2, 1, __ENTITY__); +insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->contrat->enabled && $leftmenu=="contracts"', __HANDLER__, 'left', 1406__+MAX_llx_menu__, 'commercial', '', 1403__+MAX_llx_menu__, '/contrat/services_list.php?mainmenu=commercial&leftmenu=contracts&search_status=4&filter=expired', 'MenuExpiredServices', 2, 'contracts', '$user->rights->contrat->lire', '', 2, 2, __ENTITY__); +insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->contrat->enabled && $leftmenu=="contracts"', __HANDLER__, 'left', 1407__+MAX_llx_menu__, 'commercial', '', 1403__+MAX_llx_menu__, '/contrat/services_list.php?mainmenu=commercial&leftmenu=contracts&search_status=5', 'MenuClosedServices', 2, 'contracts', '$user->rights->contrat->lire', '', 2, 3, __ENTITY__); -- Commercial - Interventions insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->ficheinter->enabled', __HANDLER__, 'left', 1500__+MAX_llx_menu__, 'commercial', 'ficheinter', 5__+MAX_llx_menu__, '/fichinter/list.php?mainmenu=commercial&leftmenu=ficheinter', 'Interventions', 0, 'interventions', '$user->rights->ficheinter->lire', '', 2, 8, __ENTITY__); diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index dbc2be872eb..a0b8be128c4 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -1385,10 +1385,10 @@ function get_left_menu_commercial($mainmenu, &$newmenu, $usemenuhider = 1, $left $newmenu->add("/contrat/list.php?leftmenu=contracts", $langs->trans("List"), 1, $user->hasRight('contrat', 'lire')); $newmenu->add("/contrat/services_list.php?leftmenu=contracts", $langs->trans("MenuServices"), 1, $user->hasRight('contrat', 'lire')); if ($usemenuhider || empty($leftmenu) || $leftmenu == "contracts") { - $newmenu->add("/contrat/services_list.php?leftmenu=contracts&mode=0", $langs->trans("MenuInactiveServices"), 2, $user->hasRight('contrat', 'lire')); - $newmenu->add("/contrat/services_list.php?leftmenu=contracts&mode=4", $langs->trans("MenuRunningServices"), 2, $user->hasRight('contrat', 'lire')); - $newmenu->add("/contrat/services_list.php?leftmenu=contracts&mode=4&filter=expired", $langs->trans("MenuExpiredServices"), 2, $user->hasRight('contrat', 'lire')); - $newmenu->add("/contrat/services_list.php?leftmenu=contracts&mode=5", $langs->trans("MenuClosedServices"), 2, $user->hasRight('contrat', 'lire')); + $newmenu->add("/contrat/services_list.php?leftmenu=contracts&search_status=0", $langs->trans("MenuInactiveServices"), 2, $user->hasRight('contrat', 'lire')); + $newmenu->add("/contrat/services_list.php?leftmenu=contracts&search_status=4", $langs->trans("MenuRunningServices"), 2, $user->hasRight('contrat', 'lire')); + $newmenu->add("/contrat/services_list.php?leftmenu=contracts&search_status=4&filter=expired", $langs->trans("MenuExpiredServices"), 2, $user->hasRight('contrat', 'lire')); + $newmenu->add("/contrat/services_list.php?leftmenu=contracts&search_status=5", $langs->trans("MenuClosedServices"), 2, $user->hasRight('contrat', 'lire')); } } diff --git a/htdocs/dav/fileserver.php b/htdocs/dav/fileserver.php index 7abe3f2bacf..af23fde5fff 100644 --- a/htdocs/dav/fileserver.php +++ b/htdocs/dav/fileserver.php @@ -92,8 +92,7 @@ $tmpDir = $conf->dav->multidir_output[$entity]; // We need root dir, not a dir t // Authentication callback function $authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(function ($username, $password) { - global $user; - global $conf; + global $user, $conf; global $dolibarr_main_authentication, $dolibarr_auto_user; if (empty($user->login)) { @@ -101,7 +100,7 @@ $authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(function ($username, $p return false; } if ($user->socid > 0) { - dol_syslog("Failed to authenticate to DAV, use is an external user", LOG_WARNING); + dol_syslog("Failed to authenticate to DAV, user is an external user", LOG_WARNING); return false; } if ($user->login != $username) { @@ -132,6 +131,27 @@ $authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(function ($username, $p return false; } + // Check if user status is enabled + if ($user->statut != $user::STATUS_ENABLED) { + // Status is disabled + dol_syslog("The user has been disabled."); + return false; + } + + // Check if session was unvalidated by a password change + if (($user->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION["dol_logindate"])) { + // Session is no more valid + dol_syslog("The user has a date for session invalidation = ".$user->flagdelsessionsbefore." and a session date = ".$_SESSION["dol_logindate"].". We must invalidate its sessions."); + return false; + } + + // Check date validity + if ($user->isNotIntoValidityDateRange()) { + // User validity dates are no more valid + dol_syslog("The user login has a validity between [".$user->datestartvalidity." and ".$user->dateendvalidity."], curren date is ".dol_now()); + return false; + } + return true; }); diff --git a/htdocs/install/step5.php b/htdocs/install/step5.php index 31b086636f2..c516cc70aef 100644 --- a/htdocs/install/step5.php +++ b/htdocs/install/step5.php @@ -368,13 +368,16 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i', $action)) { if ($action == "set") { if ($success) { if (empty($conf->global->MAIN_VERSION_LAST_UPGRADE) || ($conf->global->MAIN_VERSION_LAST_UPGRADE == DOL_VERSION)) { - // Install is finished + // Install is finished (database is on same version than files) print '
'.$langs->trans("SystemIsInstalled")."
"; + // Create install.lock file + // No need for the moment to create it automatically, creation by web assistant means permissions are given + // to the web user, it is better to show a warning to say to create it manually with correct user/permission (not erasable by a web process) $createlock = 0; - if (!empty($force_install_lockinstall) || !empty($conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE)) { - // Install is finished, we create the lock file + // Install is finished, we create the "install.lock" file, so install won't be possible anymore. + // TODO Upgrade will be still be possible if a file "upgrade.unlock" is present $lockfile = DOL_DATA_ROOT.'/install.lock'; $fp = @fopen($lockfile, "w"); if ($fp) { @@ -413,13 +416,14 @@ if ($action == "set") { } elseif (empty($action) || preg_match('/upgrade/i', $action)) { // If upgrade if (empty($conf->global->MAIN_VERSION_LAST_UPGRADE) || ($conf->global->MAIN_VERSION_LAST_UPGRADE == DOL_VERSION)) { - // Upgrade is finished + // Upgrade is finished (database is on same version than files) print 'Configuration'.$langs->trans("SystemIsUpgraded")."
"; + // Create install.lock file if it does not exists. + // Note: it should always exists. A better solution to allow upgrade will be to add an upgrade.unlock file $createlock = 0; - if (!empty($force_install_lockinstall) || !empty($conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE)) { - // Upgrade is finished, we create the lock file + // Upgrade is finished, we modify the lock file $lockfile = DOL_DATA_ROOT.'/install.lock'; $fp = @fopen($lockfile, "w"); if ($fp) { @@ -436,6 +440,10 @@ if ($action == "set") { print '
'.$langs->trans("WarningRemoveInstallDir")."
"; } + // Delete the upgrade.unlock file it it exists + $unlockupgradefile = DOL_DATA_ROOT.'/upgrade.unlock'; + dol_delete_file($unlockupgradefile, 0, 0, 0, null, false, 0); + print "
"; $morehtml = '
'; diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang index b779c901b54..50d5c0e90d7 100644 --- a/htdocs/langs/en_US/errors.lang +++ b/htdocs/langs/en_US/errors.lang @@ -303,7 +303,7 @@ ErrorValueForTooLow=Value for %s is too low ErrorValueCantBeNull=Value for %s can't be null ErrorDateOfMovementLowerThanDateOfFileTransmission=The date of the bank transaction can't be lower than the date of the file transmission ErrorTooMuchFileInForm=Too much files in form, the maximum number is %s file(s) -ErrorSessionInvalidatedAfterPasswordChange=The session was invalidated after a password change. Please relogin. +ErrorSessionInvalidatedAfterPasswordChange=The session was been invalidated following a change of password, status or dates of validity. Please relogin. # Warnings WarningParamUploadMaxFileSizeHigherThanPostMaxSize=Your PHP parameter upload_max_filesize (%s) is higher than PHP parameter post_max_size (%s). This is not a consistent setup. diff --git a/htdocs/langs/en_US/main.lang b/htdocs/langs/en_US/main.lang index 405417d7da6..f22666c4197 100644 --- a/htdocs/langs/en_US/main.lang +++ b/htdocs/langs/en_US/main.lang @@ -1220,4 +1220,5 @@ NoSpecificContactAddressBis=This tab is dedicated to force specific contacts or HideOnVCard=Hide %s AddToContacts=Add address to my contacts LastAccess=Last access -UploadAnImageToSeeAPhotoHere=Upload an image from the tab %s to see a photo here \ No newline at end of file +UploadAnImageToSeeAPhotoHere=Upload an image from the tab %s to see a photo here +LastPasswordChangeDate=Last password change date \ No newline at end of file diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 115be3cf0cf..8a4efc8466b 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -879,9 +879,9 @@ if (!defined('NOLOGIN')) { exit; } - $resultFetchUser = $user->fetch('', $login, '', 1, ($entitytotest > 0 ? $entitytotest : -1)); // login was retrieved previously when checking password. - if ($resultFetchUser <= 0) { - dol_syslog('User not found, connexion refused'); + $resultFetchUser = $user->fetch('', $login, '', 1, ($entitytotest > 0 ? $entitytotest : -1)); // value for $login was retrieved previously when checking password. + if ($resultFetchUser <= 0 || $user->isNotIntoValidityDateRange()) { + dol_syslog('User not found or not valid, connexion refused'); session_destroy(); session_set_cookie_params(0, '/', null, (empty($dolibarr_main_force_https) ? false : true), true); // Add tag secure and httponly on session cookie session_name($sessionname); @@ -894,11 +894,17 @@ if (!defined('NOLOGIN')) { $_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorCantLoadUserFromDolibarrDatabase", $login); $user->trigger_mesg = 'ErrorCantLoadUserFromDolibarrDatabase - login='.$login; - } - if ($resultFetchUser < 0) { + } elseif ($resultFetchUser < 0) { $_SESSION["dol_loginmesg"] = $user->error; $user->trigger_mesg = $user->error; + } else { + // Load translation files required by the page + $langs->loadLangs(array('main', 'errors')); + + $_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorLoginDateValidity"); + + $user->trigger_mesg = $langs->trans("ErrorLoginDateValidity").' - login='.$login; } // Call trigger @@ -943,13 +949,25 @@ if (!defined('NOLOGIN')) { dol_syslog("- This is an already logged session. _SESSION['dol_login']=".$login." _SESSION['dol_entity']=".$entity, LOG_DEBUG); $resultFetchUser = $user->fetch('', $login, '', 1, ($entity > 0 ? $entity : -1)); - if ($resultFetchUser <= 0 || ($user->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION["dol_logindate"])) { + + //var_dump(dol_print_date($user->flagdelsessionsbefore, 'dayhour', 'gmt')." ".dol_print_date($_SESSION["dol_logindate"], 'dayhour', 'gmt')); + + if ($resultFetchUser <= 0 + || ($user->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION["dol_logindate"]) + || ($user->status != $user::STATUS_ENABLED) + || ($user->isNotIntoValidityDateRange())) { if ($resultFetchUser <= 0) { // Account has been removed after login dol_syslog("Can't load user even if session logged. _SESSION['dol_login']=".$login, LOG_WARNING); - } else { + } elseif ($user->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION["dol_logindate"]) { // Session is no more valid dol_syslog("The user has a date for session invalidation = ".$user->flagdelsessionsbefore." and a session date = ".$_SESSION["dol_logindate"].". We must invalidate its sessions."); + } elseif ($user->status != $user::STATUS_ENABLED) { + // User is not enabled + dol_syslog("The user login is disabled"); + } else { + // User validity dates are no more valid + dol_syslog("The user login has a validity between [".$user->datestartvalidity." and ".$user->dateendvalidity."], curren date is ".dol_now()); } session_destroy(); session_set_cookie_params(0, '/', null, (empty($dolibarr_main_force_https) ? false : true), true); // Add tag secure and httponly on session cookie diff --git a/htdocs/product/list.php b/htdocs/product/list.php index f9a353b81b0..3b911a4c2c7 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -1456,7 +1456,7 @@ while ($i < $imaxinloop) { // Ref if (!empty($arrayfields['p.ref']['checked'])) { - print '
\n"; if (!$i) { diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index b32c23ab7fc..2893378bdd9 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -1885,8 +1885,12 @@ class User extends CommonObject $this->employee = ($this->employee > 0 ? $this->employee : 0); $this->login = trim((string) $this->login); $this->gender = trim((string) $this->gender); + $this->pass = trim((string) $this->pass); $this->api_key = trim((string) $this->api_key); + $this->datestartvalidity = empty($this->datestartvalidity) ? '' : $this->datestartvalidity; + $this->dateendvalidity = empty($this->dateendvalidity) ? '' : $this->dateendvalidity; + $this->address = trim((string) $this->address); $this->zip = trim((string) $this->zip); $this->town = trim((string) $this->town); @@ -1911,8 +1915,7 @@ class User extends CommonObject $this->color = trim((string) $this->color); $this->dateemployment = empty($this->dateemployment) ? '' : $this->dateemployment; $this->dateemploymentend = empty($this->dateemploymentend) ? '' : $this->dateemploymentend; - $this->datestartvalidity = empty($this->datestartvalidity) ? '' : $this->datestartvalidity; - $this->dateendvalidity = empty($this->dateendvalidity) ? '' : $this->dateendvalidity; + $this->birth = empty($this->birth) ? '' : $this->birth; $this->fk_warehouse = (int) $this->fk_warehouse; @@ -2695,6 +2698,33 @@ class User extends CommonObject } + /** + * Return a link with photo + * Use this->id,this->photo + * + * @return int 0=Valid, >0 if not valid + */ + public function isNotIntoValidityDateRange() + { + include_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; + + $now = dol_now(); + + //dol_syslog("isNotIntoValidityDateRange ".$this->datestartvalidity); + + // Check date start validity + if ($this->datestartvalidity && $this->datestartvalidity > dol_get_last_hour($now)) { + return 1; + } + // Check date end validity + if ($this->dateendvalidity && $this->dateendvalidity < dol_get_first_hour($now)) { + return 1; + } + + return 0; + } + + /** * Return a link with photo * Use this->id,this->photo
'.$langs->trans("ListOfExpiredServices").' '.$num.'
'.$langs->trans("ListOfExpiredServices").' '.$num.'
'; print ''; print ''; - print ''; + print ''; print '
'.$langs->trans("NoRecordFound").'
'; + print ''; print $product_static->getNomUrl(1); print "