diff --git a/htdocs/user/card.php b/htdocs/user/card.php index dd424a9e0e6..58d87a68c8c 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -3,7 +3,7 @@ * Copyright (C) 2002-2003 Jean-Louis Bergamo * Copyright (C) 2004-2015 Laurent Destailleur * Copyright (C) 2004 Eric Seigne - * Copyright (C) 2005-2015 Regis Houssin + * Copyright (C) 2005-2016 Regis Houssin * Copyright (C) 2005 Lionel Cousteix * Copyright (C) 2011 Herve Prot * Copyright (C) 2012 Juanjo Menent @@ -203,7 +203,7 @@ if (empty($reshook)) { $object->ldap_sid = GETPOST("ldap_sid"); $object->fk_user = GETPOST("fk_user") > 0 ? GETPOST("fk_user") : 0; $object->employee = GETPOST('employee'); - + $object->thm = GETPOST("thm") != '' ? GETPOST("thm") : ''; $object->tjm = GETPOST("tjm") != '' ? GETPOST("tjm") : ''; $object->salary = GETPOST("salary") != '' ? GETPOST("salary") : ''; @@ -249,15 +249,15 @@ if (empty($reshook)) { header("Location: ".$_SERVER['PHP_SELF'].'?id='.$id); exit; - } + } else { $langs->load("errors"); $db->rollback(); - if (is_array($object->errors) && count($object->errors)) + if (is_array($object->errors) && count($object->errors)) { setEventMessages($object->error, $object->errors, 'errors'); - } + } $action = "create"; // Go back to create page } } @@ -283,8 +283,8 @@ if (empty($reshook)) { if ($result > 0) { header("Location: ".$_SERVER['PHP_SELF'].'?id='.$id); exit; - } - else + } + else { setEventMessages($object->error, $object->errors, 'errors'); } @@ -298,220 +298,200 @@ if (empty($reshook)) { { $error = 0; - if (!$_POST["lastname"]) { - setEventMessages($langs->trans("NameNotDefined"), null, 'errors'); - $action = "edit"; // Go back to create page - $error ++; - } - if (!$_POST["login"]) { - setEventMessages($langs->trans("LoginNotDefined"), null, 'errors'); - $action = "edit"; // Go back to create page - $error ++; - } + if (!$_POST["lastname"]) { + setEventMessages($langs->trans("NameNotDefined"), null, 'errors'); + $action = "edit"; // Go back to create page + $error ++; + } + if (!$_POST["login"]) { + setEventMessages($langs->trans("LoginNotDefined"), null, 'errors'); + $action = "edit"; // Go back to create page + $error ++; + } - if (!$error) { - $object->fetch($id); + if (!$error) { + $object->fetch($id); - $object->oldcopy = clone $object; + $object->oldcopy = clone $object; - if (!$error) { - $db->begin(); + if (!$error) { + $db->begin(); - $object->oldcopy = dol_clone($object); + $object->oldcopy = dol_clone($object); - $object->lastname = GETPOST("lastname", 'alpha'); - $object->firstname = GETPOST("firstname", 'alpha'); - $object->login = GETPOST("login", 'alpha'); - $object->gender = GETPOST("gender", 'alpha'); - $object->pass = GETPOST("password"); - $object->api_key = (GETPOST("api_key", 'alpha')) ? GETPOST("api_key", 'alpha') : $object->api_key; - $object->admin = empty($user->admin) ? 0 : GETPOST("admin"); // A user can only be set admin by an admin - $object->address = GETPOST('address', 'alpha'); - $object->zip = GETPOST('zipcode', 'alpha'); - $object->town = GETPOST('town', 'alpha'); - $object->country_id = GETPOST('country_id', 'int'); - $object->state_id = GETPOST('state_id', 'int'); - $object->office_phone = GETPOST("office_phone", 'alpha'); - $object->office_fax = GETPOST("office_fax", 'alpha'); - $object->user_mobile = GETPOST("user_mobile"); - $object->skype = GETPOST("skype", 'alpha'); - $object->email = GETPOST("email", 'alpha'); - $object->job = GETPOST("job", 'alpha'); - $object->signature = GETPOST("signature"); - $object->accountancy_code = GETPOST("accountancy_code"); - $object->openid = GETPOST("openid"); - $object->fk_user = GETPOST("fk_user") > 0 ? GETPOST("fk_user") : 0; - $object->employee = GETPOST('employee'); - - $object->thm = GETPOST("thm") != '' ? GETPOST("thm") : ''; - $object->tjm = GETPOST("tjm") != '' ? GETPOST("tjm") : ''; - $object->salary = GETPOST("salary") != '' ? GETPOST("salary") : ''; - $object->salaryextra = GETPOST("salaryextra") != '' ? GETPOST("salaryextra") : ''; - $object->weeklyhours = GETPOST("weeklyhours") != '' ? GETPOST("weeklyhours") : ''; + $object->lastname = GETPOST("lastname", 'alpha'); + $object->firstname = GETPOST("firstname", 'alpha'); + $object->login = GETPOST("login", 'alpha'); + $object->gender = GETPOST("gender", 'alpha'); + $object->pass = GETPOST("password"); + $object->api_key = (GETPOST("api_key", 'alpha')) ? GETPOST("api_key", 'alpha') : $object->api_key; + $object->admin = empty($user->admin) ? 0 : GETPOST("admin"); // A user can only be set admin by an admin + $object->address = GETPOST('address', 'alpha'); + $object->zip = GETPOST('zipcode', 'alpha'); + $object->town = GETPOST('town', 'alpha'); + $object->country_id = GETPOST('country_id', 'int'); + $object->state_id = GETPOST('state_id', 'int'); + $object->office_phone = GETPOST("office_phone", 'alpha'); + $object->office_fax = GETPOST("office_fax", 'alpha'); + $object->user_mobile = GETPOST("user_mobile"); + $object->skype = GETPOST("skype", 'alpha'); + $object->email = GETPOST("email", 'alpha'); + $object->job = GETPOST("job", 'alpha'); + $object->signature = GETPOST("signature"); + $object->accountancy_code = GETPOST("accountancy_code"); + $object->openid = GETPOST("openid"); + $object->fk_user = GETPOST("fk_user") > 0 ? GETPOST("fk_user") : 0; + $object->employee = GETPOST('employee'); - if (! empty($conf->multicompany->enabled)) - { - if (! empty($_POST["superadmin"])) - { - $object->entity = 0; - } - else if ($conf->multicompany->transverse_mode) - { - $object->entity = 1; // all users in master entity - } - else - { - $object->entity = (! GETPOST('entity', 'int') ? 0 : GETPOST('entity', 'int')); - } - } - else - { - $object->entity = (! GETPOST('entity', 'int') ? 0 : GETPOST('entity', 'int')); - } + $object->thm = GETPOST("thm") != '' ? GETPOST("thm") : ''; + $object->tjm = GETPOST("tjm") != '' ? GETPOST("tjm") : ''; + $object->salary = GETPOST("salary") != '' ? GETPOST("salary") : ''; + $object->salaryextra = GETPOST("salaryextra") != '' ? GETPOST("salaryextra") : ''; + $object->weeklyhours = GETPOST("weeklyhours") != '' ? GETPOST("weeklyhours") : ''; - // Fill array 'array_options' with data from add form - $ret = $extrafields->setOptionalsFromPost($extralabels, $object); - if ($ret < 0) { - $error ++; - } + $object->color = GETPOST("color") != '' ? GETPOST("color") : ''; - if (!empty($conf->multicompany->enabled)) { - if (!empty($_POST["superadmin"])) { - $object->entity = 0; - } else { - if ($conf->multicompany->transverse_mode) { - $object->entity = 1; // all users in master entity - } else { - $object->entity = (empty($_POST["entity"]) ? 0 : $_POST["entity"]); - } - } - } else { - $object->entity = (empty($_POST["entity"]) ? 0 : $_POST["entity"]); - } + if (! empty($conf->multicompany->enabled)) + { + if (! empty($_POST["superadmin"])) + { + $object->entity = 0; + } + else if ($conf->multicompany->transverse_mode) + { + $object->entity = 1; // all users in master entity + } + else + { + $object->entity = (! GETPOST('entity', 'int') ? 0 : GETPOST('entity', 'int')); + } + } + else + { + $object->entity = (! GETPOST('entity', 'int') ? 0 : GETPOST('entity', 'int')); + } - if (GETPOST('deletephoto')) { - $object->photo = ''; - } - if (!empty($_FILES['photo']['name'])) { - $object->photo = dol_sanitizeFileName($_FILES['photo']['name']); - } + // Fill array 'array_options' with data from add form + $ret = $extrafields->setOptionalsFromPost($extralabels, $object); + if ($ret < 0) { + $error ++; + } - if (!$error) { - $ret = $object->update($user); - if ($ret < 0) { - $error ++; - if ($db->errno() == 'DB_ERROR_RECORD_ALREADY_EXISTS') { - $langs->load("errors"); - setEventMessages($langs->trans("ErrorLoginAlreadyExists", $object->login), null, 'errors'); - } - else - { - setEventMessages($object->error, $object->errors, 'errors'); - } - } - } + if (GETPOST('deletephoto')) { + $object->photo = ''; + } + if (!empty($_FILES['photo']['name'])) { + $object->photo = dol_sanitizeFileName($_FILES['photo']['name']); + } - if (!$error && isset($_POST['contactid'])) { - $contactid = GETPOST('contactid'); + if (!$error) { + $ret = $object->update($user); + if ($ret < 0) { + $error ++; + if ($db->errno() == 'DB_ERROR_RECORD_ALREADY_EXISTS') { + $langs->load("errors"); + setEventMessages($langs->trans("ErrorLoginAlreadyExists", $object->login), null, 'errors'); + } + else + { + setEventMessages($object->error, $object->errors, 'errors'); + } + } + } - if ($contactid > 0) { - $contact = new Contact($db); - $contact->fetch($contactid); + if (!$error && isset($_POST['contactid'])) { + $contactid = GETPOST('contactid', 'int'); - $sql = "UPDATE ".MAIN_DB_PREFIX."user"; - $sql .= " SET fk_socpeople=".$db->escape($contactid); - if ($contact->socid) { - $sql .= ", fk_soc=".$db->escape($contact->socid); - } - $sql .= " WHERE rowid=".$object->id; - } else { - $sql = "UPDATE ".MAIN_DB_PREFIX."user"; - $sql .= " SET fk_socpeople=NULL, fk_soc=NULL"; - $sql .= " WHERE rowid=".$object->id; - } - dol_syslog("fiche::update", LOG_DEBUG); - $resql = $db->query($sql); - if (!$resql) { - $error ++; - setEventMessages($db->lasterror(), null, 'errors'); - } - } + if ($contactid > 0) { + $contact = new Contact($db); + $contact->fetch($contactid); - if (!$error && !count($object->errors)) { - if (GETPOST('deletephoto') && $object->photo) { - $fileimg = $conf->user->dir_output.'/'.get_exdir($object->id, 2, 0, 1, $object, 'user').'/logos/'.$object->photo; - $dirthumbs = $conf->user->dir_output.'/'.get_exdir($object->id, 2, 0, 1, $object, 'user').'/logos/thumbs'; - dol_delete_file($fileimg); - dol_delete_dir_recursive($dirthumbs); - } + $sql = "UPDATE ".MAIN_DB_PREFIX."user"; + $sql .= " SET fk_socpeople=".$db->escape($contactid); + if (!empty($contact->socid)) { + $sql .= ", fk_soc=".$db->escape($contact->socid); + } + $sql .= " WHERE rowid=".$object->id; + } else { + $sql = "UPDATE ".MAIN_DB_PREFIX."user"; + $sql .= " SET fk_socpeople=NULL, fk_soc=NULL"; + $sql .= " WHERE rowid=".$object->id; + } + dol_syslog("usercard::update", LOG_DEBUG); + $resql = $db->query($sql); + if (!$resql) { + $error ++; + setEventMessages($db->lasterror(), null, 'errors'); + } + } - if (isset($_FILES['photo']['tmp_name']) && trim($_FILES['photo']['tmp_name'])) { - $dir = $conf->user->dir_output.'/'.get_exdir($object->id, 2, 0, 1, $object, 'user'); + if (!$error && !count($object->errors)) { + if (GETPOST('deletephoto') && $object->photo) { + $fileimg = $conf->user->dir_output.'/'.get_exdir($object->id, 2, 0, 1, $object, 'user').'/logos/'.$object->photo; + $dirthumbs = $conf->user->dir_output.'/'.get_exdir($object->id, 2, 0, 1, $object, 'user').'/logos/thumbs'; + dol_delete_file($fileimg); + dol_delete_dir_recursive($dirthumbs); + } - dol_mkdir($dir); + if (isset($_FILES['photo']['tmp_name']) && trim($_FILES['photo']['tmp_name'])) { + $dir = $conf->user->dir_output.'/'.get_exdir($object->id, 2, 0, 1, $object, 'user'); - if (@is_dir($dir)) { - $newfile = $dir.'/'.dol_sanitizeFileName($_FILES['photo']['name']); - $result = dol_move_uploaded_file($_FILES['photo']['tmp_name'], $newfile, 1, 0, $_FILES['photo']['error']); + dol_mkdir($dir); - if (!$result > 0) { - setEventMessages($langs->trans("ErrorFailedToSaveFile"), null, 'errors'); - } else { - // Create small thumbs for company (Ratio is near 16/9) - // Used on logon for example - $imgThumbSmall = vignette($newfile, $maxwidthsmall, $maxheightsmall, '_small', $quality); + if (@is_dir($dir)) { + $newfile = $dir.'/'.dol_sanitizeFileName($_FILES['photo']['name']); + $result = dol_move_uploaded_file($_FILES['photo']['tmp_name'], $newfile, 1, 0, $_FILES['photo']['error']); - // Create mini thumbs for company (Ratio is near 16/9) - // Used on menu or for setup page for example - $imgThumbMini = vignette($newfile, $maxwidthmini, $maxheightmini, '_mini', $quality); - } - } else { - $error ++; - $langs->load("errors"); - setEventMessages($langs->trans("ErrorFailedToCreateDir", $dir), $mesgs, 'errors'); - } - } - } + if (!$result > 0) { + setEventMessages($langs->trans("ErrorFailedToSaveFile"), null, 'errors'); + } else { + // Create small thumbs for company (Ratio is near 16/9) + // Used on logon for example + $imgThumbSmall = vignette($newfile, $maxwidthsmall, $maxheightsmall, '_small', $quality); - if (!$error && !count($object->errors)) { - setEventMessages($langs->trans("UserModified"), null, 'mesgs'); - $db->commit(); + // Create mini thumbs for company (Ratio is near 16/9) + // Used on menu or for setup page for example + $imgThumbMini = vignette($newfile, $maxwidthmini, $maxheightmini, '_mini', $quality); + } + } else { + $error ++; + $langs->load("errors"); + setEventMessages($langs->trans("ErrorFailedToCreateDir", $dir), $mesgs, 'errors'); + } + } + } - $login = $_SESSION["dol_login"]; - if ($login && $login == $object->oldcopy->login && $object->oldcopy->login != $object->login) // Current user has changed its login - { - $error++; - $langs->load("errors"); - setEventMessages($langs->transnoentitiesnoconv("ErrorFailedToCreateDir", $dir), $mesgs, 'errors'); - } - } else { - $db->rollback(); - } - } - } else { - if ($caneditpassword) // Case we can edit only password - { - $object->fetch($id); + if (!$error && !count($object->errors)) { + setEventMessages($langs->trans("UserModified"), null, 'mesgs'); + $db->commit(); - $object->oldcopy = dol_clone($object); + $login = $_SESSION["dol_login"]; + if ($login && $login == $object->oldcopy->login && $object->oldcopy->login != $object->login) // Current user has changed its login + { + $error++; + $langs->load("errors"); + setEventMessages($langs->transnoentitiesnoconv("ErrorFailedToCreateDir", $dir), $mesgs, 'errors'); + } + } else { + $db->rollback(); + } + } + } else { + if ($caneditpassword) // Case we can edit only password + { + $object->fetch($id); - $ret = $object->setPassword($user, $_POST["password"]); - if ($ret < 0) - { - setEventMessages($object->error, $object->errors, 'errors'); - } - } - } - } + $object->oldcopy = clone $object; - $object->oldcopy = clone $object; - - $ret=$object->setPassword($user,$_POST["password"]); - if ($ret < 0) - { - setEventMessages($object->error, $object->errors, 'errors'); - } - } + $ret = $object->setPassword($user, $_POST["password"]); + if ($ret < 0) + { + setEventMessages($object->error, $object->errors, 'errors'); + } + } + } + } + } // Change password with a new generated one if ((($action == 'confirm_password' && $confirm == 'yes') @@ -526,16 +506,16 @@ if (empty($reshook)) { } else { // Succes if ($action == 'confirm_passwordsend' && $confirm == 'yes') { - if ($object->send_password($user, $newpassword) > 0) + if ($object->send_password($user, $newpassword) > 0) { setEventMessages($langs->trans("PasswordChangedAndSentTo", $object->email), null, 'mesgs'); - } - else + } + else { setEventMessages($object->error, $object->errors, 'errors'); } - } - else + } + else { setEventMessages($langs->trans("PasswordChangedTo", $newpassword), null, 'errors'); } @@ -589,8 +569,8 @@ if (empty($reshook)) { $ldap_sid = $attribute[$conf->global->LDAP_FIELD_SID]; } } - } - else + } + else { setEventMessages($ldap->error, $ldap->errors, 'errors'); } @@ -921,7 +901,7 @@ if (($action == 'create') || ($action == 'adduserldap')) print $formcompany->select_state($object->state_id,$object->country_code, 'state_id'); print ''; } - + // Tel print ''.$langs->trans("PhonePro").''; print ''; diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 7307590016a..3470fb6b434 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -4,7 +4,7 @@ * Copyright (c) 2004-2012 Laurent Destailleur * Copyright (C) 2004 Sebastien Di Cintio * Copyright (C) 2004 Benoit Mortier - * Copyright (C) 2005-2015 Regis Houssin + * Copyright (C) 2005-2016 Regis Houssin * Copyright (C) 2005 Lionel Cousteix * Copyright (C) 2011 Herve Prot * Copyright (C) 2013-2014 Philippe Grand @@ -138,11 +138,11 @@ class User extends CommonObject // For cache usage $this->all_permissions_are_loaded = 0; - - // Force some default values + + // Force some default values $this->admin = 0; $this->employee = 1; - + $this->conf = new stdClass(); $this->rights = new stdClass(); $this->rights->user = new stdClass(); @@ -202,14 +202,14 @@ class User extends CommonObject } else { - $sql.= " WHERE u.entity IS NOT NULL"; // multicompany is on in transverse mode or user making fetch is on entity 0, so user is allowed to fetch anywhere into database + $sql.= " WHERE u.entity IS NOT NULL"; // multicompany is on in transverse mode or user making fetch is on entity 0, so user is allowed to fetch anywhere into database } } else // The fetch was forced on an entity { $sql.= " WHERE u.entity IN (0, ".$conf->entity.")"; } - + if ($sid) // permet une recherche du user par son SID ActiveDirectory ou Samba { $sql.= " AND (u.ldap_sid = '".$this->db->escape($sid)."' OR u.login = '".$this->db->escape($login)."') LIMIT 1"; @@ -239,7 +239,7 @@ class User extends CommonObject $this->ldap_sid = $obj->ldap_sid; $this->lastname = $obj->lastname; $this->firstname = $obj->firstname; - + $this->employee = $obj->employee; $this->login = $obj->login; @@ -298,8 +298,8 @@ class User extends CommonObject // Protection when module multicompany was set, admin was set to first entity and the module disabled, // then this admin user must be admin for all entities. - if (empty($conf->multicompany->enabled) && $this->admin && $this->entity == 1) $this->entity = 0; - + if (empty($conf->multicompany->enabled) && $this->admin && $this->entity == 1) $this->entity = 0; + // Retreive all extrafield for thirdparty // fetch optionals attributes and labels require_once(DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'); @@ -1227,7 +1227,7 @@ class User extends CommonObject $this->error = $langs->trans("ErrorFieldRequired",$this->login); return -1; } - + $this->db->begin(); // Update datas @@ -1272,7 +1272,7 @@ class User extends CommonObject $nbrowsaffected+=$this->db->affected_rows($resql); // Update password - if ($this->pass) + if (!empty($this->pass)) { if ($this->pass != $this->pass_indatabase && $this->pass != $this->pass_indatabase_crypted) { @@ -1893,7 +1893,7 @@ class User extends CommonObject global $menumanager; if (! empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER) && $withpictoimg) $withpictoimg=0; - + $result = ''; $companylink = ''; $link = ''; @@ -1947,11 +1947,11 @@ class User extends CommonObject $link.= 'global->MAIN_OPTIMIZEFORTEXTBROWSER)) + if (! empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) { $langs->load("users"); $label=$langs->trans("ShowUser"); - $link.=' alt="'.dol_escape_htmltag($label, 1).'"'; + $link.=' alt="'.dol_escape_htmltag($label, 1).'"'; } $link.= ' title="'.dol_escape_htmltag($label, 1).'"'; $link.= ' class="classfortooltip'.($morecss?' '.$morecss:'').'"'; @@ -1969,7 +1969,7 @@ class User extends CommonObject else $picto='
'.Form::showphoto('userphoto', $this, 0, 0, 0, 'loginphoto', 'mini', 0, 1).'
'; $result.=$picto; } - if (abs($withpictoimg) != 2) + if (abs($withpictoimg) != 2) { if (empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) $result.='
'; if ($mode == 'login') $result.=dol_trunc($this->login, $maxlen); @@ -2582,8 +2582,8 @@ class User extends CommonObject return CommonObject::commonReplaceThirdparty($db, $origin_id, $dest_id, $tables); } - - + + /** * Charge indicateurs this->nb pour le tableau de bord * @@ -2618,6 +2618,6 @@ class User extends CommonObject return -1; } } - + }