diff --git a/htdocs/admin/eventorganization.php b/htdocs/admin/eventorganization.php index e142acedf8f..1a7e661699a 100644 --- a/htdocs/admin/eventorganization.php +++ b/htdocs/admin/eventorganization.php @@ -60,6 +60,7 @@ $arrayofparameters = array( 'EVENTORGANIZATION_TEMPLATE_EMAIL_AFT_SUBS_EVENT'=>array('type'=>'emailtemplate:eventorganization_send', 'enabled'=>1), 'EVENTORGANIZATION_TEMPLATE_EMAIL_BULK_SPEAKER'=>array('type'=>'emailtemplate:eventorganization_send', 'enabled'=>1), 'EVENTORGANIZATION_TEMPLATE_EMAIL_BULK_ATTENDES'=>array('type'=>'emailtemplate:eventorganization_send', 'enabled'=>1), + 'EVENTORGANIZATION_SECUREKEY'=>array('type'=>'securekey', 'enabled'=>1), ); $error = 0; @@ -74,6 +75,7 @@ if ((float) DOL_VERSION >= 6) { include DOL_DOCUMENT_ROOT.'/core/actions_setmoduleoptions.inc.php'; } + if ($action == 'updateMask') { $maskconstorder = GETPOST('maskconstorder', 'alpha'); $maskorder = GETPOST('maskorder', 'alpha'); @@ -196,7 +198,6 @@ print dol_get_fiche_head($head, 'settings', $langs->trans($page_name), -1, 'even // Setup page goes here echo ''.$langs->trans("EventOrganizationSetupPage").'

'; - if ($action == 'edit') { print '
'; print ''; @@ -255,6 +256,32 @@ if ($action == 'edit') { require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; $formcompany = new FormCompany($db); print $formcompany->selectProspectCustomerType($conf->global->{$constname}, $constname); + } elseif ($val['type'] == 'securekey') {// Security key input field + print ''; + print ''.$langs->trans($constname).""; + print ''; + if (!empty($conf->use_javascript_ajax)) { + print ' '.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_token'.$constname.'" class="linkobject"'); + } + print ''; + print " "; + print ""; + + if (!empty($conf->use_javascript_ajax)) { + print "\n".''; + } } else { print ''; } @@ -391,7 +418,7 @@ foreach ($myTmpObjects as $myTmpObjectKey => $myTmpObjectArray) { } if ($module->isEnabled()) { - dol_include_once('/'.$moduledir.'/class/'.strtolower($myTmpObjectKey).'.class.php'); + generate_tokendol_include_once('/'.$moduledir.'/class/'.strtolower($myTmpObjectKey).'.class.php'); print ''.$module->name."\n"; print $module->info(); diff --git a/htdocs/eventorganization/conferenceorbooth_card.php b/htdocs/eventorganization/conferenceorbooth_card.php index 6110687f587..a27447682bb 100644 --- a/htdocs/eventorganization/conferenceorbooth_card.php +++ b/htdocs/eventorganization/conferenceorbooth_card.php @@ -497,6 +497,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea //$link_subscription .= base64_encode($id); $key = 'DV3PH'; $link_subscription .= openssl_encrypt($id, 'aes-256-ctr', $key); + $link_subscription .= '&securekey='.$conf->global->EVENTORGANIZATION_SECUREKEY; $object->fields['pubregister'] = array('type'=>'url', 'label'=>'Lien public d\'enregistrement à une conférence', 'enabled'=>'1', 'position'=>72, 'notnull'=>0, 'visible'=>1); $object->pubregister = $link_subscription; $keyforbreak='pubregister'; diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 202f11f7f46..567519fdf04 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -1750,6 +1750,7 @@ CREATE_NEW_VAT_WITHOUT_AUTO_PAYMENT=Keep the checkbox “Automatically create th ##### Agenda ##### AgendaSetup=Events and agenda module setup PasswordTogetVCalExport=Key to authorize export link +SecurityKey = Security Key PastDelayVCalExport=Do not export event older than AGENDA_USE_EVENT_TYPE=Use events types (managed in menu Setup -> Dictionaries -> Type of agenda events) AGENDA_USE_EVENT_TYPE_DEFAULT=Automatically set this default value for type of event in event create form diff --git a/htdocs/public/members/attendee_subscription.php b/htdocs/public/members/attendee_subscription.php index 33034be7019..95eee72785a 100644 --- a/htdocs/public/members/attendee_subscription.php +++ b/htdocs/public/members/attendee_subscription.php @@ -77,7 +77,12 @@ $action = GETPOST('action', 'aZ09'); //$id = base64_decode(GETPOST("id")); $key = 'DV3PH'; $id = openssl_decrypt(GETPOST('id'), 'aes-256-ctr', $key); -var_dump($id); + +// Securekey check +$securekey = GETPOST('securekey', 'alpha'); +if ($securekey != $conf->global->EVENTORGANIZATION_SECUREKEY) { + exit; +} // Load translation files $langs->loadLangs(array("main", "companies", "install", "other", "eventorganization")); @@ -205,8 +210,9 @@ if (empty($reshook) && $action == 'add') { $thirdparty->fournisseur = 0; $thirdparty->country_id = GETPOST("country_id", 'int'); $thirdparty->state_id = GETPOST("state_id", 'int'); + //$thirdparty->code_client = -1; + //$thirdparty->code_fournisseur = -1; - //@todo jusqu'à la ligne 223 : pas sûr // Load object modCodeTiers $module = (!empty($conf->global->SOCIETE_CODECLIENT_ADDON) ? $conf->global->SOCIETE_CODECLIENT_ADDON : 'mod_codeclient_leopard'); if (substr($module, 0, 15) == 'mod_codeclient_' && substr($module, -3) == 'php') { @@ -220,9 +226,20 @@ if (empty($reshook) && $action == 'add') { } } $modCodeClient = new $module($db); - $tmpcode = $object->code_client; - if (empty($tmpcode) && !empty($modCodeClient->code_auto)) { - $tmpcode = $modCodeClient->getNextValue($object, 0); + // We verified if the tag prefix is used + if ($modCodeClient->code_auto) { + $prefixCustomerIsUsed = $modCodeClient->verif_prefixIsUsed(); + } + $module = $conf->global->SOCIETE_CODECLIENT_ADDON; + if (substr($module, 0, 15) == 'mod_codeclient_' && substr($module, -3) == 'php') { + $module = substr($module, 0, dol_strlen($module) - 4); + } + $dirsociete = array_merge(array('/core/modules/societe/'), $conf->modules_parts['societe']); + foreach ($dirsociete as $dirroot) { + $res = dol_include_once($dirroot.$module.'.php'); + if ($res) { + break; + } } $res = $thirdparty->create($user); @@ -232,7 +249,7 @@ if (empty($reshook) && $action == 'add') { $error++; $errmsg .= $thirdparty->error; } else { - // @todo creation of an attendee + // creation of an attendee $confattendee = new ConferenceOrBoothAttendee($db); $confattendee->fk_soc = $thirdparty->id; $confattendee->date_subscription = dol_now(); @@ -372,70 +389,6 @@ if (empty($conf->global->SOCIETE_DISABLE_STATE)) { // Email print ''.$langs->trans("Email").' *'."\n"; -// Add specific fields used by Dolibarr foundation for example -if (!empty($conf->global->MEMBER_NEWFORM_DOLIBARRTURNOVER)) { - $arraybudget = array('50'=>'<= 100 000', '100'=>'<= 200 000', '200'=>'<= 500 000', '300'=>'<= 1 500 000', '600'=>'<= 3 000 000', '1000'=>'<= 5 000 000', '2000'=>'5 000 000+'); - print ''.$langs->trans("TurnoverOrBudget").' *'; - print $form->selectarray('budget', $arraybudget, GETPOST('budget'), 1); - print ' € or $'; - - print ''; - print ''."\n"; -} -if (!empty($conf->global->MEMBER_NEWFORM_AMOUNT) || !empty($conf->global->MEMBER_NEWFORM_PAYONLINE)) { - // $conf->global->MEMBER_NEWFORM_SHOWAMOUNT is an amount - $amount = 0; - if (!empty($conf->global->MEMBER_NEWFORM_AMOUNT)) { - $amount = $conf->global->MEMBER_NEWFORM_AMOUNT; - } - - if (!empty($conf->global->MEMBER_NEWFORM_PAYONLINE)) { - $amount = GETPOST('amount') ?GETPOST('amount') : $conf->global->MEMBER_NEWFORM_AMOUNT; - } - // $conf->global->MEMBER_NEWFORM_PAYONLINE is 'paypal', 'paybox' or 'stripe' - print ''.$langs->trans("Subscription").''; - if (!empty($conf->global->MEMBER_NEWFORM_EDITAMOUNT)) { - print ''; - } else { - print ''; - print ''; - } - print ' '.$langs->trans("Currency".$conf->currency); - print ''; -} print "\n"; print dol_get_fiche_end();