lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

securekey added

Browse Source
This commit is contained in:
Dorian Vabre 2021-04-08 16:32:50 +02:00
parent 2f005db4a5
commit af5b623b59
4 changed files with 54 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
htdocs/admin/eventorganization.php
View File

@ -60,6 +60,7 @@ $arrayofparameters = array(
'EVENTORGANIZATION_TEMPLATE_EMAIL_AFT_SUBS_EVENT'=>array('type'=>'emailtemplate:eventorganization_send', 'enabled'=>1),
'EVENTORGANIZATION_TEMPLATE_EMAIL_BULK_SPEAKER'=>array('type'=>'emailtemplate:eventorganization_send', 'enabled'=>1),
'EVENTORGANIZATION_TEMPLATE_EMAIL_BULK_ATTENDES'=>array('type'=>'emailtemplate:eventorganization_send', 'enabled'=>1),
'EVENTORGANIZATION_SECUREKEY'=>array('type'=>'securekey', 'enabled'=>1),
);
$error = 0;
@ -74,6 +75,7 @@ if ((float) DOL_VERSION >= 6) {
include DOL_DOCUMENT_ROOT.'/core/actions_setmoduleoptions.inc.php';
}
if ($action == 'updateMask') {
$maskconstorder = GETPOST('maskconstorder', 'alpha');
$maskorder = GETPOST('maskorder', 'alpha');
@ -196,7 +198,6 @@ print dol_get_fiche_head($head, 'settings', $langs->trans($page_name), -1, 'even
// Setup page goes here
echo '<span class="opacitymedium">'.$langs->trans("EventOrganizationSetupPage").'</span><br><br>';
if ($action == 'edit') {
print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
@ -255,6 +256,32 @@ if ($action == 'edit') {
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
$formcompany = new FormCompany($db);
print $formcompany->selectProspectCustomerType($conf->global->{$constname}, $constname);
} elseif ($val['type'] == 'securekey') {// Security key input field
print '<tr class="oddeven">';
print '<td class="fieldrequired">'.$langs->trans($constname)."</td>";
print '<td><input required="required" type="text" class="flat" id="'.$constname.'" name="'.$constname.'" value="'.(GETPOST($constname, 'alpha') ?GETPOST($constname, 'alpha') : $conf->global->{$constname}).'" size="40">';
if (!empty($conf->use_javascript_ajax)) {
print '&nbsp;'.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_token'.$constname.'" class="linkobject"');
}
print '</td>';
print "<td>&nbsp;</td>";
print "</tr>";
if (!empty($conf->use_javascript_ajax)) {
print "\n".'<script type="text/javascript">';
print '$(document).ready(function () {
$("#generate_token'.$constname.'").click(function() {
$.get( "'.DOL_URL_ROOT.'/core/ajax/security.php", {
action: \'getrandompassword\',
generic: true
},
function(token) {
$("#'.$constname.'").val(token);
});
});
});';
print '</script>';
}
} else {
print '<input name="'.$constname.'" class="flat '.(empty($val['css']) ? 'minwidth200' : $val['css']).'" value="'.$conf->global->{$constname}.'">';
}
@ -391,7 +418,7 @@ foreach ($myTmpObjects as $myTmpObjectKey => $myTmpObjectArray) {
}
if ($module->isEnabled()) {
dol_include_once('/'.$moduledir.'/class/'.strtolower($myTmpObjectKey).'.class.php');
generate_tokendol_include_once('/'.$moduledir.'/class/'.strtolower($myTmpObjectKey).'.class.php');
print '<tr class="oddeven"><td>'.$module->name."</td><td>\n";
print $module->info();

1
htdocs/eventorganization/conferenceorbooth_card.php
View File

@ -497,6 +497,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
//$link_subscription .= base64_encode($id);
$key = 'DV3PH';
$link_subscription .= openssl_encrypt($id, 'aes-256-ctr', $key);
$link_subscription .= '&securekey='.$conf->global->EVENTORGANIZATION_SECUREKEY;
$object->fields['pubregister'] = array('type'=>'url', 'label'=>'Lien public d\'enregistrement à une conférence', 'enabled'=>'1', 'position'=>72, 'notnull'=>0, 'visible'=>1);
$object->pubregister = $link_subscription;
$keyforbreak='pubregister';

1
htdocs/langs/en_US/admin.lang
View File

@ -1750,6 +1750,7 @@ CREATE_NEW_VAT_WITHOUT_AUTO_PAYMENT=Keep the checkbox “Automatically create th
##### Agenda #####
AgendaSetup=Events and agenda module setup
PasswordTogetVCalExport=Key to authorize export link
SecurityKey = Security Key
PastDelayVCalExport=Do not export event older than
AGENDA_USE_EVENT_TYPE=Use events types (managed in menu Setup -> Dictionaries -> Type of agenda events)
AGENDA_USE_EVENT_TYPE_DEFAULT=Automatically set this default value for type of event in event create form

93
htdocs/public/members/attendee_subscription.php
View File

@ -77,7 +77,12 @@ $action = GETPOST('action', 'aZ09');
//$id = base64_decode(GETPOST("id"));
$key = 'DV3PH';
$id = openssl_decrypt(GETPOST('id'), 'aes-256-ctr', $key);
var_dump($id);
// Securekey check
$securekey = GETPOST('securekey', 'alpha');
if ($securekey != $conf->global->EVENTORGANIZATION_SECUREKEY) {
exit;
}
// Load translation files
$langs->loadLangs(array("main", "companies", "install", "other", "eventorganization"));
@ -205,8 +210,9 @@ if (empty($reshook) && $action == 'add') {
$thirdparty->fournisseur = 0;
$thirdparty->country_id = GETPOST("country_id", 'int');
$thirdparty->state_id = GETPOST("state_id", 'int');
//$thirdparty->code_client = -1;
//$thirdparty->code_fournisseur = -1;
//@todo jusqu'à la ligne 223 : pas sûr
// Load object modCodeTiers
$module = (!empty($conf->global->SOCIETE_CODECLIENT_ADDON) ? $conf->global->SOCIETE_CODECLIENT_ADDON : 'mod_codeclient_leopard');
if (substr($module, 0, 15) == 'mod_codeclient_' && substr($module, -3) == 'php') {
@ -220,9 +226,20 @@ if (empty($reshook) && $action == 'add') {
}
}
$modCodeClient = new $module($db);
$tmpcode = $object->code_client;
if (empty($tmpcode) && !empty($modCodeClient->code_auto)) {
$tmpcode = $modCodeClient->getNextValue($object, 0);
// We verified if the tag prefix is used
if ($modCodeClient->code_auto) {
$prefixCustomerIsUsed = $modCodeClient->verif_prefixIsUsed();
}
$module = $conf->global->SOCIETE_CODECLIENT_ADDON;
if (substr($module, 0, 15) == 'mod_codeclient_' && substr($module, -3) == 'php') {
$module = substr($module, 0, dol_strlen($module) - 4);
}
$dirsociete = array_merge(array('/core/modules/societe/'), $conf->modules_parts['societe']);
foreach ($dirsociete as $dirroot) {
$res = dol_include_once($dirroot.$module.'.php');
if ($res) {
break;
}
}
$res = $thirdparty->create($user);
@ -232,7 +249,7 @@ if (empty($reshook) && $action == 'add') {
$error++;
$errmsg .= $thirdparty->error;
} else {
// @todo creation of an attendee
// creation of an attendee
$confattendee = new ConferenceOrBoothAttendee($db);
$confattendee->fk_soc = $thirdparty->id;
$confattendee->date_subscription = dol_now();
@ -372,70 +389,6 @@ if (empty($conf->global->SOCIETE_DISABLE_STATE)) {
// Email
print '<tr><td>'.$langs->trans("Email").' <FONT COLOR="red">*</FONT></td><td><input type="text" name="email" maxlength="255" class="minwidth150" value="'.dol_escape_htmltag(GETPOST('email')).'"></td></tr>'."\n";
// Add specific fields used by Dolibarr foundation for example
if (!empty($conf->global->MEMBER_NEWFORM_DOLIBARRTURNOVER)) {
$arraybudget = array('50'=>'<= 100 000', '100'=>'<= 200 000', '200'=>'<= 500 000', '300'=>'<= 1 500 000', '600'=>'<= 3 000 000', '1000'=>'<= 5 000 000', '2000'=>'5 000 000+');
print '<tr id="trbudget" class="trcompany"><td>'.$langs->trans("TurnoverOrBudget").' <FONT COLOR="red">*</FONT></td><td>';
print $form->selectarray('budget', $arraybudget, GETPOST('budget'), 1);
print ' € or $';
print '<script type="text/javascript">
jQuery(document).ready(function () {
initturnover();
jQuery("#morphy").click(function() {
initturnover();
});
jQuery("#budget").change(function() {
if (jQuery("#budget").val() > 0) { jQuery(".amount").val(jQuery("#budget").val()); }
else { jQuery("#budget").val(\'\'); }
});
/*jQuery("#type").change(function() {
if (jQuery("#type").val()==1) { jQuery("#morphy").val(\'mor\'); }
if (jQuery("#type").val()==2) { jQuery("#morphy").val(\'phy\'); }
if (jQuery("#type").val()==3) { jQuery("#morphy").val(\'mor\'); }
if (jQuery("#type").val()==4) { jQuery("#morphy").val(\'mor\'); }
initturnover();
});*/
function initturnover() {
if (jQuery("#morphy").val()==\'phy\') {
jQuery(".amount").val(20);
jQuery("#trbudget").hide();
jQuery("#trcompany").hide();
}
if (jQuery("#morphy").val()==\'mor\') {
jQuery(".amount").val(\'\');
jQuery("#trcompany").show();
jQuery("#trbirth").hide();
jQuery("#trbudget").show();
if (jQuery("#budget").val() > 0) { jQuery(".amount").val(jQuery("#budget").val()); }
else { jQuery("#budget").val(\'\'); }
}
}
});
</script>';
print '</td></tr>'."\n";
}
if (!empty($conf->global->MEMBER_NEWFORM_AMOUNT) || !empty($conf->global->MEMBER_NEWFORM_PAYONLINE)) {
// $conf->global->MEMBER_NEWFORM_SHOWAMOUNT is an amount
$amount = 0;
if (!empty($conf->global->MEMBER_NEWFORM_AMOUNT)) {
$amount = $conf->global->MEMBER_NEWFORM_AMOUNT;
}
if (!empty($conf->global->MEMBER_NEWFORM_PAYONLINE)) {
$amount = GETPOST('amount') ?GETPOST('amount') : $conf->global->MEMBER_NEWFORM_AMOUNT;
}
// $conf->global->MEMBER_NEWFORM_PAYONLINE is 'paypal', 'paybox' or 'stripe'
print '<tr><td>'.$langs->trans("Subscription").'</td><td class="nowrap">';
if (!empty($conf->global->MEMBER_NEWFORM_EDITAMOUNT)) {
print '<input type="text" name="amount" id="amount" class="flat amount" size="6" value="'.$amount.'">';
} else {
print '<input type="text" name="amount" id="amounthidden" class="flat amount" disabled size="6" value="'.$amount.'">';
print '<input type="hidden" name="amount" id="amount" class="flat amount" size="6" value="'.$amount.'">';
}
print ' '.$langs->trans("Currency".$conf->currency);
print '</td></tr>';
}
print "</table>\n";
print dol_get_fiche_end();