diff --git a/htdocs/contact/index.php b/htdocs/contact/index.php index 130503a619a..a89550b456b 100644 --- a/htdocs/contact/index.php +++ b/htdocs/contact/index.php @@ -1,7 +1,7 @@ * Copyright (C) 2003 Éric Seigne - * Copyright (C) 2004-2005 Laurent Destailleur + * Copyright (C) 2004-2006 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -34,16 +34,13 @@ $langs->load("companies"); $langs->load("suppliers"); -/* - * Sécurité accés client - */ +// Sécurité accés client if ($user->societe_id > 0) { - $action = ''; - $socid = $user->societe_id; + $action = ''; + $socid = $user->societe_id; } -llxHeader(); $search_nom=isset($_GET["search_nom"])?$_GET["search_nom"]:$_POST["search_nom"]; @@ -83,25 +80,29 @@ if ($_POST["button_removefilter"]) } + + /* - * Mode liste + * Affichage liste * */ + +llxHeader(); if ($user->rights->commercial->client->voir) { -$sql = "SELECT s.idp, s.nom, p.idp as cidp, p.name, p.firstname, p.email, p.phone, p.phone_mobile, p.fax "; -$sql .= "FROM ".MAIN_DB_PREFIX."socpeople as p "; -$sql .= "LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON (s.idp = p.fk_soc) "; -$sql .= "WHERE 1=1 "; + $sql = "SELECT s.idp, s.nom, p.idp as cidp, p.name, p.firstname, p.email, p.phone, p.phone_mobile, p.fax "; + $sql .= "FROM ".MAIN_DB_PREFIX."socpeople as p "; + $sql .= "LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.idp = p.fk_soc "; + $sql .= "WHERE 1=1 "; } else { -$sql = "SELECT s.idp, s.nom, p.idp as cidp, p.name, p.firstname, p.email, p.phone, p.phone_mobile, p.fax, "; -$sql .= "sc.fk_soc, sc.fk_user "; -$sql .= "FROM ".MAIN_DB_PREFIX."socpeople as p, ".MAIN_DB_PREFIX."societe_commerciaux as sc "; -$sql .= "LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON (s.idp = p.fk_soc) "; -$sql .= "WHERE 1=1 "; + $sql = "SELECT s.idp, s.nom, p.idp as cidp, p.name, p.firstname, p.email, p.phone, p.phone_mobile, p.fax, "; + $sql .= "sc.fk_soc, sc.fk_user "; + $sql .= "FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc,".MAIN_DB_PREFIX."socpeople as p "; + $sql .= "LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.idp = p.fk_soc "; + $sql .= "WHERE 1=1 "; } if ($_GET["userid"]) // statut commercial @@ -110,23 +111,23 @@ if ($_GET["userid"]) // statut commercial } if (!$user->rights->commercial->client->voir) //restriction { -$sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; + $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; } if ($search_nom) // filtre sur le nom { - $sql .= " AND p.name like '%".$search_nom."%'"; + $sql .= " AND p.name like '%".addslashes($search_nom)."%'"; } if ($search_prenom) // filtre sur le prenom { - $sql .= " AND p.firstname like '%".$search_prenom."%'"; + $sql .= " AND p.firstname like '%".addslashes($search_prenom)."%'"; } if ($search_societe) // filtre sur la societe { - $sql .= " AND s.nom like '%".$search_societe."%'"; + $sql .= " AND s.nom like '%".addslashes($search_societe)."%'"; } if ($search_email) // filtre sur l'email { - $sql .= " AND p.email like '%".$search_email."%'"; + $sql .= " AND p.email like '%".addslashes($search_email)."%'"; } if ($type == "f") // filtre sur type { @@ -138,7 +139,7 @@ if ($type == "c") // filtre sur type } if ($sall) { - $sql .= " AND (p.name like '%".$sall."%' OR p.firstname like '%".$sall."%' OR p.email like '%".$sall."%') "; + $sql .= " AND (p.name like '%".addslashes($sall)."%' OR p.firstname like '%".addslashes($sall)."%' OR p.email like '%".addslashes($sall)."%') "; } if ($socid) { @@ -298,105 +299,6 @@ else print '
'; - -/* - * TODO A virer ? - * PhProjekt - */ - -if (2==1 && (strlen($_GET["search_nom"]) OR strlen($_GET["search_prenom"]))) -{ - - - $sortfield = "p.nachname"; - $sortorder = "ASC"; - - $sql = "SELECT p.vorname, p.nachname, p.firma, p.email"; - $sql .= " FROM phprojekt.contacts as p"; - $sql .= " WHERE upper(p.nachname) like '%".$_GET["search_nom"]."%'"; - - $sql .= " ORDER BY $sortfield $sortorder " . $db->plimit( $limit + 1, $offset); - - - $result = $db->query($sql); - - if ($result) - { - $num = $db->num_rows($result); - $i = 0; - - print ''; - print ''; - print ''; - - if ($_GET["view"] == 'phone') - { - print ''; - print ''; - } - else - { - print ''; - } - - print "\n"; - $var=True; - while ($i < min($num,$limit)) - { - $obj = $db->fetch_object( $i); - - $var=!$var; - - print ""; - - // Nom - print ''; - print ''; - - print '\n"; - - - print ''; - - if ($_GET["view"] == 'phone') - { - print ''; - - print ''; - } - else - { - print ''; - } - - print "\n"; - $i++; - } - print "
'; - print_liste_field_titre($langs->trans("Name"),"projekt.php","lower(p.name)", $begin); - print ""; - print_liste_field_titre($langs->trans("Fristname"),"projekt.php","lower(p.firstname)", $begin); - print ""; - print_liste_field_titre($langs->trans("Company"),"projekt.php","lower(s.nom)", $begin); - print ''.$langs->trans("Phone").''.$langs->trans("Mobile").''.$langs->trans("Fax").''.$langs->trans("Email").'
'; - print ''.img_file().' '.$obj->nachname.''.$obj->vorname.''; - print "idp\">$obj->firma'.dolibarr_print_phone($obj->phone).' '.dolibarr_print_phone($obj->phone_mobile).' '.dolibarr_print_phone($obj->fax).' '.$obj->email.' '; - if (!valid_email($obj->email)) - { - print "Email Invalide !"; - } - print '
"; - $db->free(); - } - else - { - dolibarr_print_error($db); - } - -} - - - $db->close(); llxFooter('$Date$ - $Revision$');