diff --git a/README.md b/README.md index 85cf85ece96..64faedeb8b6 100644 --- a/README.md +++ b/README.md @@ -81,14 +81,15 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog) - Standing orders management (European SEPA) - Bank accounts management - Shared calendar/agenda (with ical and vcal export for third party tools integration) -- Opportunities and/or project management (following project benefit including invoices, expense reports, time spent, ...) +- Opportunities and/or project management - Projects management - Contracts management - Stock management - Shipping management - Interventions management - Employee's leave requests management -- Expense report management +- Expense reports +- Timesheets - Electronic Document Management (EDM) - Foundations members management - Mass emailing diff --git a/htdocs/accountancy/admin/categories_list.php b/htdocs/accountancy/admin/categories_list.php index 696475720ec..3a775149987 100644 --- a/htdocs/accountancy/admin/categories_list.php +++ b/htdocs/accountancy/admin/categories_list.php @@ -628,12 +628,6 @@ if ($id) if ($fieldlist[$field]=='delay') { $valuetoshow=$langs->trans("NoticePeriod"); } if ($fieldlist[$field]=='newbymonth') { $valuetoshow=$langs->trans("NewByMonth"); } - if ($id == 2) // Special cas for state page - { - if ($fieldlist[$field]=='region_id') { $valuetoshow=' '; $showfield=1; } - if ($fieldlist[$field]=='region') { $valuetoshow=$langs->trans("Country").'/'.$langs->trans("Region"); $showfield=1; } - } - if ($valuetoshow != '') { print ''; @@ -675,36 +669,15 @@ if ($id) if (empty($reshook)) { - if ($tabname[$id] == MAIN_DB_PREFIX.'c_email_templates' && $action == 'edit') - { - fieldList($fieldlist,$obj,$tabname[$id],'hide'); - } - else - { - fieldList($fieldlist,$obj,$tabname[$id],'add'); - } + fieldList($fieldlist,$obj,$tabname[$id],'add'); } print ''; - if ($tabname[$id] != MAIN_DB_PREFIX.'c_email_templates' || $action != 'edit') - { - print ''; - } + print ''; print ''; print ""; - if ($tabname[$id] == MAIN_DB_PREFIX.'c_email_templates') - { - print '* '.$langs->trans("AvailableVariables").": "; - require_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php'; - $formmail=new FormMail($db); - $tmp=$formmail->getAvailableSubstitKey('form'); - print implode(', ', $tmp); - print ''; - } - $colspan=count($fieldlist)+3; - if ($id == 4) $colspan++; if (! empty($alabelisused)) // If there is one label among fields, we show legend of * { @@ -1175,7 +1148,7 @@ $db->close(); function fieldList($fieldlist, $obj='', $tabname='', $context='') { global $conf,$langs,$db; - global $form; + global $form, $mysoc; global $region_id; global $elementList,$sourceList,$localtax_typeList; global $bc; @@ -1197,7 +1170,7 @@ function fieldList($fieldlist, $obj='', $tabname='', $context='') } // For state page, we do not show the country input (we link to region, not country) print ''; $fieldname='country'; - print $form->select_country((! empty($obj->country_code)?$obj->country_code:(! empty($obj->country)?$obj->country:'')), $fieldname, '', 28, 'maxwidth200 maxwidthonsmartphone'); + print $form->select_country((! empty($obj->country_code)?$obj->country_code:(! empty($obj->country)?$obj->country:$mysoc->country_code)), $fieldname, '', 28, 'maxwidth200 maxwidthonsmartphone'); print ''; } elseif ($fieldlist[$field] == 'country_id') diff --git a/htdocs/accountancy/admin/index.php b/htdocs/accountancy/admin/index.php index 8f023432727..74479a9d39f 100644 --- a/htdocs/accountancy/admin/index.php +++ b/htdocs/accountancy/admin/index.php @@ -1,7 +1,7 @@ * Copyright (C) 2013-2014 Florian Henry - * Copyright (C) 2013-2016 Alexandre Spangaro + * Copyright (C) 2013-2017 Alexandre Spangaro * Copyright (C) 2014-2015 Ari Elbaz (elarifr) * Copyright (C) 2014 Marcos García * Copyright (C) 2014 Juanjo Menent @@ -87,7 +87,8 @@ if ($action == 'update') { setEventMessages($langs->trans("Error"), null, 'errors'); } - foreach ($list as $constname) { + foreach ($list as $constname) + { $constvalue = GETPOST($constname, 'alpha'); if (! dolibarr_set_const($db, $constname, $constvalue, 'chaine', 0, '', $conf->entity)) { @@ -278,13 +279,17 @@ foreach ($list as $key) $var = ! $var; print ''; + + if (! empty($conf->global->ACCOUNTING_MANAGE_ZERO) && ($key == 'ACCOUNTING_LENGTH_GACCOUNT' || $key == 'ACCOUNTING_LENGTH_AACCOUNT')) continue; + // Param $label = $langs->trans($key); print ''.$label.''; // Value print ''; - print ''; + print ''; print ''; + print ''; } @@ -301,7 +306,7 @@ print '
transnoentitiesnoconv("Home").'-'.$langs->transnoentitiesnoconv("Financial").'-'.$langs->transnoentitiesnoconv("Accountancy")); +print $langs->trans("AccountancySetupDoneFromAccountancyMenu", $langs->transnoentitiesnoconv("Home").'-'.$langs->transnoentitiesnoconv("MenuFinancial").'-'.$langs->transnoentitiesnoconv("MenuAccountancy")); print '
'; print ''; diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 945ed849f57..a709e07f3ff 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -4,7 +4,7 @@ * Copyright (C) 2004-2012 Laurent Destailleur * Copyright (C) 2004 Sebastien Di Cintio * Copyright (C) 2004 Benoit Mortier - * Copyright (C) 2009-2012 Regis Houssin + * Copyright (C) 2009-2017 Regis Houssin * Copyright (C) 2014-2016 Alexandre Spangaro * Copyright (C) 2015 Marcos García * Copyright (C) 2015 Frederic France @@ -496,7 +496,7 @@ class Adherent extends CommonObject if ($this->pass != $this->pass_indatabase && $this->pass != $this->pass_indatabase_crypted) { $isencrypted = empty($conf->global->DATABASE_PWD_ENCRYPTED)?0:1; - + // If password to set differs from the one found into database $result=$this->setPassword($user,$this->pass,$isencrypted,$notrigger,$nosyncuserpass); if (! $nbrowsaffected) $nbrowsaffected++; @@ -862,7 +862,7 @@ class Adherent extends CommonObject $this->pass=$password; $this->pass_indatabase=$password_indatabase; $this->pass_indatabase_crypted=$password_crypted; - + if ($this->user_id && ! $nosyncuser) { require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php'; @@ -1122,7 +1122,7 @@ class Adherent extends CommonObject $this->pass = $obj->pass; $this->pass_indatabase = $obj->pass; $this->pass_indatabase_crypted = $obj->pass_crypted; - + $this->state_id = $obj->state_id; $this->state_code = $obj->state_id?$obj->state_code:''; $this->state = $obj->state_id?$obj->state:''; @@ -1160,7 +1160,7 @@ class Adherent extends CommonObject $this->user_id = $obj->user_id; $this->user_login = $obj->user_login; - + $this->model_pdf = $obj->model_pdf; // Retreive all extrafield for thirdparty @@ -1456,7 +1456,7 @@ class Adherent extends CommonObject if (! empty($conf->global->ADHERENT_USE_MAILMAN) && ! empty($conf->mailmanspip->enabled)) { $result=$mailmanspip->add_to_mailman($this); - + if ($result < 0) { if (! empty($mailmanspip->error)) $this->errors[]=$mailmanspip->error; @@ -1815,9 +1815,9 @@ class Adherent extends CommonObject public function generateDocument($modele, $outputlangs, $hidedetails=0, $hidedesc=0, $hideref=0) { global $conf,$langs; - + $langs->load("orders"); - + // Positionne le modele sur le nom du modele a utiliser if (! dol_strlen($modele)) { @@ -1830,13 +1830,13 @@ class Adherent extends CommonObject $modele = 'standard'; } } - + $modelpath = "core/modules/member/doc/"; - + return $this->commonGenerateDocument($modelpath, $modele, $outputlangs, $hidedetails, $hidedesc, $hideref); } - - + + /** * Initialise an instance with random values. * Used to build previews or test instances. @@ -1926,27 +1926,28 @@ class Adherent extends CommonObject $this->fullname=$this->getFullName($langs); // Member - if ($this->fullname && ! empty($conf->global->LDAP_MEMBER_FIELD_FULLNAME)) $info[$conf->global->LDAP_MEMBER_FIELD_FULLNAME] = $this->fullname; - if ($this->lastname && ! empty($conf->global->LDAP_MEMBER_FIELD_NAME)) $info[$conf->global->LDAP_MEMBER_FIELD_NAME] = $this->lastname; - if ($this->firstname && ! empty($conf->global->LDAP_MEMBER_FIELD_FIRSTNAME)) $info[$conf->global->LDAP_MEMBER_FIELD_FIRSTNAME] = $this->firstname; - if ($this->login && ! empty($conf->global->LDAP_MEMBER_FIELD_LOGIN)) $info[$conf->global->LDAP_MEMBER_FIELD_LOGIN] = $this->login; - if ($this->pass && ! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte - if ($this->poste && ! empty($conf->global->LDAP_MEMBER_FIELD_TITLE)) $info[$conf->global->LDAP_MEMBER_FIELD_TITLE] = $this->poste; - if ($this->address && ! empty($conf->global->LDAP_MEMBER_FIELD_ADDRESS)) $info[$conf->global->LDAP_MEMBER_FIELD_ADDRESS] = $this->address; - if ($this->zip && ! empty($conf->global->LDAP_MEMBER_FIELD_ZIP)) $info[$conf->global->LDAP_MEMBER_FIELD_ZIP] = $this->zip; - if ($this->town && ! empty($conf->global->LDAP_MEMBER_FIELD_TOWN)) $info[$conf->global->LDAP_MEMBER_FIELD_TOWN] = $this->town; - if ($this->country_code && ! empty($conf->global->LDAP_MEMBER_FIELD_COUNTRY)) $info[$conf->global->LDAP_MEMBER_FIELD_COUNTRY] = $this->country_code; - if ($this->email && ! empty($conf->global->LDAP_MEMBER_FIELD_MAIL)) $info[$conf->global->LDAP_MEMBER_FIELD_MAIL] = $this->email; - if ($this->skype && ! empty($conf->global->LDAP_MEMBER_FIELD_SKYPE)) $info[$conf->global->LDAP_MEMBER_FIELD_SKYPE] = $this->skype; - if ($this->phone && ! empty($conf->global->LDAP_MEMBER_FIELD_PHONE)) $info[$conf->global->LDAP_MEMBER_FIELD_PHONE] = $this->phone; - if ($this->phone_perso && ! empty($conf->global->LDAP_MEMBER_FIELD_PHONE_PERSO)) $info[$conf->global->LDAP_MEMBER_FIELD_PHONE_PERSO] = $this->phone_perso; - if ($this->phone_mobile && ! empty($conf->global->LDAP_MEMBER_FIELD_MOBILE)) $info[$conf->global->LDAP_MEMBER_FIELD_MOBILE] = $this->phone_mobile; - if ($this->fax && ! empty($conf->global->LDAP_MEMBER_FIELD_FAX)) $info[$conf->global->LDAP_MEMBER_FIELD_FAX] = $this->fax; - if ($this->note_private && ! empty($conf->global->LDAP_MEMBER_FIELD_DESCRIPTION)) $info[$conf->global->LDAP_MEMBER_FIELD_DESCRIPTION] = $this->note_private; - if ($this->note_public && ! empty($conf->global->LDAP_MEMBER_FIELD_NOTE_PUBLIC)) $info[$conf->global->LDAP_MEMBER_FIELD_NOTE_PUBLIC] = $this->note_public; - if ($this->birth && ! empty($conf->global->LDAP_MEMBER_FIELD_BIRTHDATE)) $info[$conf->global->LDAP_MEMBER_FIELD_BIRTHDATE] = dol_print_date($this->birth,'dayhourldap'); - if (isset($this->statut) && ! empty($conf->global->LDAP_FIELD_MEMBER_STATUS)) $info[$conf->global->LDAP_FIELD_MEMBER_STATUS] = $this->statut; - if ($this->datefin && ! empty($conf->global->LDAP_FIELD_MEMBER_END_LASTSUBSCRIPTION)) $info[$conf->global->LDAP_FIELD_MEMBER_END_LASTSUBSCRIPTION] = dol_print_date($this->datefin,'dayhourldap'); + if ($this->fullname && ! empty($conf->global->LDAP_MEMBER_FIELD_FULLNAME)) $info[$conf->global->LDAP_MEMBER_FIELD_FULLNAME] = $this->fullname; + if ($this->lastname && ! empty($conf->global->LDAP_MEMBER_FIELD_NAME)) $info[$conf->global->LDAP_MEMBER_FIELD_NAME] = $this->lastname; + if ($this->firstname && ! empty($conf->global->LDAP_MEMBER_FIELD_FIRSTNAME)) $info[$conf->global->LDAP_MEMBER_FIELD_FIRSTNAME] = $this->firstname; + if ($this->login && ! empty($conf->global->LDAP_MEMBER_FIELD_LOGIN)) $info[$conf->global->LDAP_MEMBER_FIELD_LOGIN] = $this->login; + if ($this->pass && ! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte + if ($this->pass && ! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // md5 for OpenLdap TODO add type of encryption + if ($this->poste && ! empty($conf->global->LDAP_MEMBER_FIELD_TITLE)) $info[$conf->global->LDAP_MEMBER_FIELD_TITLE] = $this->poste; + if ($this->address && ! empty($conf->global->LDAP_MEMBER_FIELD_ADDRESS)) $info[$conf->global->LDAP_MEMBER_FIELD_ADDRESS] = $this->address; + if ($this->zip && ! empty($conf->global->LDAP_MEMBER_FIELD_ZIP)) $info[$conf->global->LDAP_MEMBER_FIELD_ZIP] = $this->zip; + if ($this->town && ! empty($conf->global->LDAP_MEMBER_FIELD_TOWN)) $info[$conf->global->LDAP_MEMBER_FIELD_TOWN] = $this->town; + if ($this->country_code && ! empty($conf->global->LDAP_MEMBER_FIELD_COUNTRY)) $info[$conf->global->LDAP_MEMBER_FIELD_COUNTRY] = $this->country_code; + if ($this->email && ! empty($conf->global->LDAP_MEMBER_FIELD_MAIL)) $info[$conf->global->LDAP_MEMBER_FIELD_MAIL] = $this->email; + if ($this->skype && ! empty($conf->global->LDAP_MEMBER_FIELD_SKYPE)) $info[$conf->global->LDAP_MEMBER_FIELD_SKYPE] = $this->skype; + if ($this->phone && ! empty($conf->global->LDAP_MEMBER_FIELD_PHONE)) $info[$conf->global->LDAP_MEMBER_FIELD_PHONE] = $this->phone; + if ($this->phone_perso && ! empty($conf->global->LDAP_MEMBER_FIELD_PHONE_PERSO)) $info[$conf->global->LDAP_MEMBER_FIELD_PHONE_PERSO] = $this->phone_perso; + if ($this->phone_mobile && ! empty($conf->global->LDAP_MEMBER_FIELD_MOBILE)) $info[$conf->global->LDAP_MEMBER_FIELD_MOBILE] = $this->phone_mobile; + if ($this->fax && ! empty($conf->global->LDAP_MEMBER_FIELD_FAX)) $info[$conf->global->LDAP_MEMBER_FIELD_FAX] = $this->fax; + if ($this->note_private && ! empty($conf->global->LDAP_MEMBER_FIELD_DESCRIPTION)) $info[$conf->global->LDAP_MEMBER_FIELD_DESCRIPTION] = $this->note_private; + if ($this->note_public && ! empty($conf->global->LDAP_MEMBER_FIELD_NOTE_PUBLIC)) $info[$conf->global->LDAP_MEMBER_FIELD_NOTE_PUBLIC] = $this->note_public; + if ($this->birth && ! empty($conf->global->LDAP_MEMBER_FIELD_BIRTHDATE)) $info[$conf->global->LDAP_MEMBER_FIELD_BIRTHDATE] = dol_print_date($this->birth,'dayhourldap'); + if (isset($this->statut) && ! empty($conf->global->LDAP_FIELD_MEMBER_STATUS)) $info[$conf->global->LDAP_FIELD_MEMBER_STATUS] = $this->statut; + if ($this->datefin && ! empty($conf->global->LDAP_FIELD_MEMBER_END_LASTSUBSCRIPTION)) $info[$conf->global->LDAP_FIELD_MEMBER_END_LASTSUBSCRIPTION] = dol_print_date($this->datefin,'dayhourldap'); // Subscriptions if ($this->first_subscription_date && ! empty($conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_DATE)) $info[$conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_DATE] = dol_print_date($this->first_subscription_date,'dayhourldap'); @@ -2080,7 +2081,7 @@ class Adherent extends CommonObject /** * Return if a member is late (subscription late) or not - * + * * @return boolean True if late, False if not late */ public function hasDelay() diff --git a/htdocs/admin/index.php b/htdocs/admin/index.php index 6778f618265..e9d38ad3776 100644 --- a/htdocs/admin/index.php +++ b/htdocs/admin/index.php @@ -1,7 +1,7 @@ * Copyright (C) 2004-2012 Laurent Destailleur - * Copyright (C) 2015 Jean-François Ferry + * Copyright (C) 2015 Jean-François Ferry * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php index 341cdd00ebc..d4e9b8b7ea0 100644 --- a/htdocs/admin/modules.php +++ b/htdocs/admin/modules.php @@ -390,6 +390,7 @@ if ($mode != 'marketplace') // Check filters $modulename=$objMod->getName(); + $moduletechnicalname=$objMod->name; $moduledesc=$objMod->getDesc(); $moduledesclong=$objMod->getDescLong(); $moduleauthor=$objMod->getPublisher(); @@ -399,6 +400,7 @@ if ($mode != 'marketplace') { $qualified=0; if (preg_match('/'.preg_quote($search_keyword).'/i', $modulename) + || preg_match('/'.preg_quote($search_keyword).'/i', $moduletechnicalname) || preg_match('/'.preg_quote($search_keyword).'/i', $moduledesc) || preg_match('/'.preg_quote($search_keyword).'/i', $moduledesclong) || preg_match('/'.preg_quote($search_keyword).'/i', $moduleauthor) diff --git a/htdocs/comm/remise.php b/htdocs/comm/remise.php index 82269434638..cf93c87dabb 100644 --- a/htdocs/comm/remise.php +++ b/htdocs/comm/remise.php @@ -125,6 +125,8 @@ if ($socid > 0) print load_fiche_titre($langs->trans("NewRelativeDiscount"),'',''); + print '
'; + print ''; // New value diff --git a/htdocs/core/boxes/box_services_expired.php b/htdocs/core/boxes/box_services_expired.php index f2bc86cdac5..90f36ef6d30 100644 --- a/htdocs/core/boxes/box_services_expired.php +++ b/htdocs/core/boxes/box_services_expired.php @@ -83,6 +83,8 @@ class box_services_expired extends ModeleBoxes $i = 0; + $thirdpartytmp = new Societe($this->db); + while ($i < $num) { $late=''; @@ -100,13 +102,13 @@ class box_services_expired extends ModeleBoxes 'text' => ($objp->ref?$objp->ref:$objp->rowid), // Some contracts have no ref 'url' => DOL_URL_ROOT."/contrat/card.php?id=".$objp->rowid); - $this->info_box_contents[$i][2] = array('td' => 'align="left" width="16"', - 'logo' => 'company', - 'url' => DOL_URL_ROOT."/comm/card.php?socid=".$objp->socid); + $thirdpartytmp->id = $objp->socid; + $thirdpartytmp->name = $objp->name; - $this->info_box_contents[$i][3] = array('td' => 'class="tdoverflow maxwidth100onsmartphone" align="left"', - 'text' => $objp->name, - 'url' => DOL_URL_ROOT."/comm/card.php?socid=".$objp->socid); + $this->info_box_contents[$i][2] = array('td' => 'class="tdoverflowmax100 maxwidth100onsmartphone" align="left"', + 'text' => $thirdpartytmp->getNomUrl(1, 'customer'), + 'asis' => 1 + ); $this->info_box_contents[$i][4] = array('td' => 'align="center"', 'text' => dol_print_date($dateline,'day'), diff --git a/htdocs/core/boxes/modules_boxes.php b/htdocs/core/boxes/modules_boxes.php index 0f754682925..566da25aad3 100644 --- a/htdocs/core/boxes/modules_boxes.php +++ b/htdocs/core/boxes/modules_boxes.php @@ -243,7 +243,7 @@ class ModeleBoxes // Can't be abtract as it is instantiated to build "empty" $out.= '>'; if ($conf->use_javascript_ajax) { - $out.= '
'; + print ''; } print '
'; + $out.= ''; + $resteapayer = $object->total_ttc - $totalpaye; $resteapayeraffiche = $resteapayer; $cssforamountpaymentcomplete = 'amountpaymentcomplete'; diff --git a/htdocs/langs/en_US/accountancy.lang b/htdocs/langs/en_US/accountancy.lang index 1b1032804f6..5a9e63ef4d9 100644 --- a/htdocs/langs/en_US/accountancy.lang +++ b/htdocs/langs/en_US/accountancy.lang @@ -105,9 +105,9 @@ ACCOUNTING_LIST_SORT_VENTILATION_DONE=Begin the sorting of the page "Binding don ACCOUNTING_LENGTH_DESCRIPTION=Truncate product & services description in listings after x chars (Best = 50) ACCOUNTING_LENGTH_DESCRIPTION_ACCOUNT=Truncate product & services account description form in listings after x chars (Best = 50) -ACCOUNTING_LENGTH_GACCOUNT=Length of the general accounting accounts -ACCOUNTING_LENGTH_AACCOUNT=Length of the third party accounting accounts -ACCOUNTING_MANAGE_ZERO=Manage the zero at the end of an accounting account. Needed by some countries. Disabled by default. If set to on, you must also set the 2 following parameters (or it is ignored) +ACCOUNTING_LENGTH_GACCOUNT=Length of the general accounting accounts (If you set value to 6 here, the account '706' will appear like '706000' on screen) +ACCOUNTING_LENGTH_AACCOUNT=Length of the third party accounting accounts (If you set value to 6 here, the account '401' will appear like '401000' on screen) +ACCOUNTING_MANAGE_ZERO=Allow to manage different number of zero at the end of an accounting account. Needed by some countries (like switzerland). If keep to off (default), you can set the 2 following parameters to ask application to add virtual zero. BANK_DISABLE_DIRECT_INPUT=Disable direct recording of transaction in bank account ACCOUNTING_SELL_JOURNAL=Sell journal diff --git a/htdocs/langs/en_US/companies.lang b/htdocs/langs/en_US/companies.lang index ea1c2e805a0..355f9f3f31c 100644 --- a/htdocs/langs/en_US/companies.lang +++ b/htdocs/langs/en_US/companies.lang @@ -13,7 +13,7 @@ MenuNewPrivateIndividual=New private individual NewCompany=New company (prospect, customer, supplier) NewThirdParty=New third party (prospect, customer, supplier) CreateDolibarrThirdPartySupplier=Create a third party (supplier) -CreateThirdPartyOnly=Create thirdpary +CreateThirdPartyOnly=Create third party CreateThirdPartyAndContact=Create a third party + a child contact ProspectionArea=Prospection area IdThirdParty=Id third party @@ -397,7 +397,7 @@ LeopardNumRefModelDesc=The code is free. This code can be modified at any time. ManagingDirectors=Manager(s) name (CEO, director, president...) MergeOriginThirdparty=Duplicate third party (third party you want to delete) MergeThirdparties=Merge third parties -ConfirmMergeThirdparties=Are you sure you want to merge this third party into the current one? All linked objects (invoices, orders, ...) will be moved to current third party so you will be able to delete the duplicate one. +ConfirmMergeThirdparties=Are you sure you want to merge this third party into the current one? All linked objects (invoices, orders, ...) will be moved to current third party, then the thirdparty will be deleted. ThirdpartiesMergeSuccess=Thirdparties have been merged SaleRepresentativeLogin=Login of sales representative SaleRepresentativeFirstname=First name of sales representative diff --git a/htdocs/langs/en_US/loan.lang b/htdocs/langs/en_US/loan.lang index de0a6fd0295..a26e23bbbc2 100644 --- a/htdocs/langs/en_US/loan.lang +++ b/htdocs/langs/en_US/loan.lang @@ -43,6 +43,7 @@ LoanCalcDesc=This mortgage calculator can be used to figure out monthly p GoToInterest=%s will go towards INTEREST GoToPrincipal=%s will go towards PRINCIPAL YouWillSpend=You will spend %s in year %s +AddLoan=Create loan # Admin ConfigLoan=Configuration of the module loan LOAN_ACCOUNTING_ACCOUNT_CAPITAL=Accounting account capital by default diff --git a/htdocs/langs/en_US/stocks.lang b/htdocs/langs/en_US/stocks.lang index 1448ec061a2..58a71b08857 100644 --- a/htdocs/langs/en_US/stocks.lang +++ b/htdocs/langs/en_US/stocks.lang @@ -60,16 +60,19 @@ DeStockOnShipment=Decrease real stocks on shipping validation DeStockOnShipmentOnClosing=Decrease real stocks on shipping classification closed ReStockOnBill=Increase real stocks on suppliers invoices/credit notes validation ReStockOnValidateOrder=Increase real stocks on suppliers orders approbation -ReStockOnDispatchOrder=Increase real stocks on manual dispatching into warehouses, after supplier order receiving +ReStockOnDispatchOrder=Increase real stocks on manual dispatching into warehouses, after supplier order receipt of goods OrderStatusNotReadyToDispatch=Order has not yet or no more a status that allows dispatching of products in stock warehouses. -StockDiffPhysicTeoric=Explanation for difference between physical and theoretical stock +StockDiffPhysicTeoric=Explanation for difference between physical and virtual stock NoPredefinedProductToDispatch=No predefined products for this object. So no dispatching in stock is required. DispatchVerb=Dispatch StockLimitShort=Limit for alert StockLimit=Stock limit for alert PhysicalStock=Physical stock RealStock=Real Stock +RealStockDesc=Physical or real stock is the stock you currently have into your internal warehouses/emplacements. +RealStockWillAutomaticallyWhen=The real stock will automatically change according to this rules (see stock module setup to change this): VirtualStock=Virtual stock +VirtualStockDesc=Virtual stock is the stock you will get once all opened pending actions that affect stocks will be closed (supplier order received, customer order shipped, ...) IdWarehouse=Id warehouse DescWareHouse=Description warehouse LieuWareHouse=Localisation warehouse diff --git a/htdocs/product/reassortlot.php b/htdocs/product/reassortlot.php index 471aa7e3e6d..01285f09417 100644 --- a/htdocs/product/reassortlot.php +++ b/htdocs/product/reassortlot.php @@ -126,10 +126,7 @@ $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'product_lot as pl on pl.fk_product = p.rowi if ($search_categ) $sql.= ", ".MAIN_DB_PREFIX."categorie_product as cp"; $sql.= " WHERE p.entity IN (".getEntity('product', 1).")"; if ($search_categ) $sql.= " AND p.rowid = cp.fk_product"; // Join for the needed table to filter by categ -if ($sall) -{ - $sql.= " AND (p.ref LIKE '%".$db->escape($sall)."%' OR p.label LIKE '%".$db->escape($sall)."%' OR p.description LIKE '%".$db->escape($sall)."%' OR p.note LIKE '%".$db->escape($sall)."%')"; -} +if ($sall) $sql.=natural_search(array('p.ref','p.label','p.description','p.note'), $sall); // if the type is not 1, we show all products (type = 0,2,3) if (dol_strlen($type)) { @@ -163,6 +160,12 @@ $sql.= " pb.batch, pb.eatby, pb.sellby,"; $sql.= " pl.eatby, pl.sellby"; if ($toolowstock) $sql.= " HAVING SUM(".$db->ifsql('ps.reel IS NULL', '0', 'ps.reel').") < p.seuil_stock_alerte"; // Not used yet $sql.= $db->order($sortfield,$sortorder); +$nbtotalofrecords = ''; +if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) +{ + $result = $db->query($sql); + $nbtotalofrecords = $db->num_rows($result); +} $sql.= $db->plimit($limit + 1, $offset); $resql = $db->query($sql); @@ -193,11 +196,11 @@ if ($resql) if ($sref || $snom || $sall || GETPOST('search')) { - print_barre_liste($texte, $page, $_SERVER["PHP_SELF"], "&sref=".$sref."&snom=".$snom."&sall=".$sall."&tosell=".$tosell."&tobuy=".$tobuy, $sortfield, $sortorder,'',$num, 0, 'title_products'); + print_barre_liste($texte, $page, $_SERVER["PHP_SELF"], "&sref=".$sref."&snom=".$snom."&sall=".$sall."&tosell=".$tosell."&tobuy=".$tobuy, $sortfield, $sortorder,'',$num, $nbtotalofrecords, 'title_products'); } else { - print_barre_liste($texte, $page, $_SERVER["PHP_SELF"], "&sref=$sref&snom=$snom&fourn_id=$fourn_id".(isset($type)?"&type=$type":""), $sortfield, $sortorder,'',$num, 0, 'title_products'); + print_barre_liste($texte, $page, $_SERVER["PHP_SELF"], "&sref=$sref&snom=$snom&fourn_id=$fourn_id".(isset($type)?"&type=$type":""), $sortfield, $sortorder,'',$num, $nbtotalofrecords, 'title_products'); } if (! empty($catid)) diff --git a/htdocs/product/stock/class/productlot.class.php b/htdocs/product/stock/class/productlot.class.php index 6128f8dcf17..1f97fa3f4d7 100644 --- a/htdocs/product/stock/class/productlot.class.php +++ b/htdocs/product/stock/class/productlot.class.php @@ -524,6 +524,35 @@ class Productlot extends CommonObject } } + + /** + * Return label of status of object + * + * @param int $mode 0=long label, 1=short label, 2=Picto + short label, 3=Picto, 4=Picto + long label, 5=Short label + Picto + * @return string Label of status + */ + function getLibStatut($mode=0) + { + return $this->LibStatut(0,$mode); + } + + /** + * Return label of a given status + * + * @param int $statut Status + * @param int $mode 0=long label, 1=short label, 2=Picto + short label, 3=Picto, 4=Picto + long label, 5=Short label + Picto + * @return string Label of status + */ + function LibStatut($statut,$mode=0) + { + global $langs; + + //$langs->load('stocks'); + + return ''; + } + + /** * Return a link to the a lot card (with optionaly the picto) * Use this->id,this->lastname, this->firstname diff --git a/htdocs/product/stock/mouvement.php b/htdocs/product/stock/mouvement.php index 8e6775e2e6e..de46538a037 100644 --- a/htdocs/product/stock/mouvement.php +++ b/htdocs/product/stock/mouvement.php @@ -89,7 +89,7 @@ $arrayfields=array( 'm.batch'=>array('label'=>$langs->trans("BatchNumberShort"), 'checked'=>1, 'enabled'=>(! empty($conf->productbatch->enabled))), 'pl.eatby'=>array('label'=>$langs->trans("EatByDate"), 'checked'=>0, 'enabled'=>(! empty($conf->productbatch->enabled))), 'pl.sellby'=>array('label'=>$langs->trans("SellByDate"), 'checked'=>0, 'position'=>10, 'enabled'=>(! empty($conf->productbatch->enabled))), - 'm.warehouse'=>array('label'=>$langs->trans("Warehouse"), 'checked'=>1, 'enabled'=>(! $id > 0)), // If we are on specific warehouse, we hide it + 'e.label'=>array('label'=>$langs->trans("Warehouse"), 'checked'=>1, 'enabled'=>(! $id > 0)), // If we are on specific warehouse, we hide it 'm.fk_user_author'=>array('label'=>$langs->trans("Author"), 'checked'=>0), 'm.inventorycode'=>array('label'=>$langs->trans("InventoryCodeShort"), 'checked'=>1), 'm.label'=>array('label'=>$langs->trans("LabelMovement"), 'checked'=>1), @@ -640,6 +640,7 @@ if ($resql) if ($search_inventorycode) $param.='&search_inventorycode='.urlencode($search_inventorycode); if ($search_product_ref) $param.='&search_product_ref='.urlencode($search_product_ref); if ($search_product) $param.='&search_product='.urlencode($search_product); + if ($search_batch) $param.='&search_batch='.urlencode($search_batch); if ($search_warehouse > 0) $param.='&search_warehouse='.urlencode($search_warehouse); if (!empty($sref)) $param.='&sref='.urlencode($sref); // FIXME $sref is not defined if (!empty($snom)) $param.='&snom='.urlencode($snom); // FIXME $snom is not defined @@ -710,7 +711,7 @@ if ($resql) if (! empty($arrayfields['m.batch']['checked'])) print_liste_field_titre($arrayfields['m.batch']['label'],$_SERVER["PHP_SELF"],'m.batch','',$param,'align="center"',$sortfield,$sortorder); if (! empty($arrayfields['pl.eatby']['checked'])) print_liste_field_titre($arrayfields['pl.eatby']['label'],$_SERVER["PHP_SELF"],'pl.eatby','',$param,'align="center"',$sortfield,$sortorder); if (! empty($arrayfields['pl.sellby']['checked'])) print_liste_field_titre($arrayfields['pl.sellby']['label'],$_SERVER["PHP_SELF"],'pl.sellby','',$param,'align="center"',$sortfield,$sortorder); - if (! empty($arrayfields['m.warehouse']['checked'])) print_liste_field_titre($arrayfields['m.warehouse']['label'],$_SERVER["PHP_SELF"], "","",$param,"",$sortfield,$sortorder); // We are on a specific warehouse card, no filter on other should be possible + if (! empty($arrayfields['e.label']['checked'])) print_liste_field_titre($arrayfields['e.label']['label'],$_SERVER["PHP_SELF"], "e.label","",$param,"",$sortfield,$sortorder); // We are on a specific warehouse card, no filter on other should be possible if (! empty($arrayfields['m.fk_user_author']['checked'])) print_liste_field_titre($arrayfields['m.fk_user_author']['label'],$_SERVER["PHP_SELF"], "m.fk_user_author","",$param,"",$sortfield,$sortorder); if (! empty($arrayfields['m.inventorycode']['checked'])) print_liste_field_titre($arrayfields['m.inventorycode']['label'],$_SERVER["PHP_SELF"], "m.inventorycode","",$param,"",$sortfield,$sortorder); if (! empty($arrayfields['m.label']['checked'])) print_liste_field_titre($arrayfields['m.label']['label'],$_SERVER["PHP_SELF"], "m.label","",$param,"",$sortfield,$sortorder); @@ -774,7 +775,7 @@ if ($resql) // Batch if (! empty($arrayfields['m.batch']['checked'])) { - print ''; + print ''; } if (! empty($arrayfields['pl.eatby']['checked'])) { @@ -787,7 +788,7 @@ if ($resql) print ''; } // Warehouse - if (! empty($arrayfields['m.warehouse']['checked'])) + if (! empty($arrayfields['e.label']['checked'])) { print ''; } // Warehouse - if (! empty($arrayfields['m.warehouse']['checked'])) + if (! empty($arrayfields['e.label']['checked'])) { print '"; } diff --git a/htdocs/societe/rib.php b/htdocs/societe/rib.php index 4d3e32e326f..122c5282a40 100644 --- a/htdocs/societe/rib.php +++ b/htdocs/societe/rib.php @@ -358,14 +358,16 @@ if ($socid && $action != 'edit' && $action != "create") print load_fiche_titre($langs->trans("DefaultRIB"), '', ''); + print '
'; print '
'; + print '
'; } if (! empty($head['text'])) { diff --git a/htdocs/core/class/commondocgenerator.class.php b/htdocs/core/class/commondocgenerator.class.php index 75336e2a291..f338aca7be8 100644 --- a/htdocs/core/class/commondocgenerator.class.php +++ b/htdocs/core/class/commondocgenerator.class.php @@ -304,11 +304,13 @@ abstract class CommonDocGenerator $now=dol_now('gmt'); // gmt $array_other = array( - 'current_date'=>dol_print_date($now,'day','tzuser'), - 'current_datehour'=>dol_print_date($now,'dayhour','tzuser'), + // Date in default language + 'current_date'=>dol_print_date($now,'day','tzuser'), + 'current_datehour'=>dol_print_date($now,'dayhour','tzuser'), 'current_server_date'=>dol_print_date($now,'day','tzserver'), 'current_server_datehour'=>dol_print_date($now,'dayhour','tzserver'), - 'current_date_locale'=>dol_print_date($now,'day','tzuser',$outputlangs), + // Date in requested output language + 'current_date_locale'=>dol_print_date($now,'day','tzuser',$outputlangs), 'current_datehour_locale'=>dol_print_date($now,'dayhour','tzuser',$outputlangs), 'current_server_date_locale'=>dol_print_date($now,'day','tzserver',$outputlangs), 'current_server_datehour_locale'=>dol_print_date($now,'dayhour','tzserver',$outputlangs), @@ -350,6 +352,7 @@ abstract class CommonDocGenerator $array_key.'_ref_customer'=>$object->ref_client, $array_key.'_ref_supplier'=>(! empty($object->ref_fournisseur)?$object->ref_fournisseur:''), $array_key.'_source_invoice_ref'=>$invoice_source->ref, + // Dates $array_key.'_hour'=>dol_print_date($object->date,'hour'), $array_key.'_date'=>dol_print_date($object->date,'day'), $array_key.'_date_rfc'=>dol_print_date($object->date,'dayrfc'), @@ -360,6 +363,7 @@ abstract class CommonDocGenerator $array_key.'_date_validation'=>(! empty($object->date_validation)?dol_print_date($object->date_validation,'dayhour'):''), $array_key.'_date_delivery_planed'=>(! empty($object->date_livraison)?dol_print_date($object->date_livraison,'day'):''), $array_key.'_date_close'=>(! empty($object->date_cloture)?dol_print_date($object->date_cloture,'dayhour'):''), + $array_key.'_payment_mode_code'=>$object->mode_reglement_code, $array_key.'_payment_mode'=>($outputlangs->transnoentitiesnoconv('PaymentType'.$object->mode_reglement_code)!='PaymentType'.$object->mode_reglement_code?$outputlangs->transnoentitiesnoconv('PaymentType'.$object->mode_reglement_code):$object->mode_reglement), $array_key.'_payment_term_code'=>$object->cond_reglement_code, @@ -444,10 +448,13 @@ abstract class CommonDocGenerator 'line_price_ht_locale'=>price($line->total_ht, 0, $outputlangs), 'line_price_ttc_locale'=>price($line->total_ttc, 0, $outputlangs), 'line_price_vat_locale'=>price($line->total_tva, 0, $outputlangs), - 'line_date_start'=>$line->date_start, - 'line_date_start_rfc'=>dol_print_date($line->date_start,'dayrfc'), - 'line_date_end'=>$line->date_end, - 'line_date_end_rfc'=>dol_print_date($line->date_end,'dayrfc') + // Dates + 'line_date_start'=>dol_print_date($line->date_start, 'day', 'tzuser'), + 'line_date_start_locale'=>dol_print_date($line->date_start, 'day', 'tzuser', $outputlangs), + 'line_date_start_rfc'=>dol_print_date($line->date_start, 'dayrfc', 'tzuser'), + 'line_date_end'=>dol_print_date($line->date_end, 'day', 'tzuser'), + 'line_date_end_locale'=>dol_print_date($line->date_end, 'day', 'tzuser', $outputlangs), + 'line_date_end_rfc'=>dol_print_date($line->date_end, 'dayrfc', 'tzuser'), ); // Retrieve extrafields diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 6340facf31a..7b812e7ee36 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -1223,11 +1223,11 @@ abstract class CommonObject * @param int $id To force other object id (should not be used) * @param string $format Data format ('text', 'date'). 'text' is used if not defined * @param string $id_field To force rowid field name. 'rowid' is used if not defined - * @param User|string $user Update last update fields also if user object provided + * @param User|string $fuser Update the user of last update field with this user. If not provided, current user is used except if value is 'none' * @param string $trigkey Trigger key to run (in most cases something like 'XXX_MODIFY') * @return int <0 if KO, >0 if OK */ - function setValueFrom($field, $value, $table='', $id=null, $format='', $id_field='', $user='', $trigkey='') + function setValueFrom($field, $value, $table='', $id=null, $format='', $id_field='', $fuser=null, $trigkey='') { global $user,$langs,$conf; @@ -1247,7 +1247,8 @@ abstract class CommonObject if ($format == 'text') $sql.= $field." = '".$this->db->escape($value)."'"; else if ($format == 'int') $sql.= $field." = ".$this->db->escape($value); else if ($format == 'date') $sql.= $field." = ".($value ? "'".$this->db->idate($value)."'" : "null"); - if (is_object($user)) $sql.=", fk_user_modif = ".$user->id; + if (! empty($fuser) && is_object($fuser)) $sql.=", fk_user_modif = ".$fuser->id; + elseif (empty($fuser) || $fuser != 'none') $sql.=", fk_user_modif = ".$user->id; $sql.= " WHERE ".$id_field." = ".$id; dol_syslog(get_class($this)."::".__FUNCTION__."", LOG_DEBUG); @@ -1256,7 +1257,7 @@ abstract class CommonObject { if ($trigkey) { - $result=$this->call_trigger($trigkey, $user); // This may set this->errors + $result=$this->call_trigger($trigkey, (! empty($fuser) && is_object($fuser)) ? $fuser : $user); // This may set this->errors if ($result < 0) $error++; } diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 51d24f7c729..60ff30c6433 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -5745,7 +5745,13 @@ class Form { $ret.=dol_htmlentities($object->getFullName($langs)); } + else if (in_array($object->element, array('action', 'agenda'))) + { + $ret.=$object->ref.'
'.$object->label; + } else if ($fieldref != 'none') $ret.=dol_htmlentities($object->$fieldref); + + if ($morehtmlref) { $ret.=' '.$morehtmlref; diff --git a/htdocs/core/class/html.formprojet.class.php b/htdocs/core/class/html.formprojet.class.php index ffce8300a0c..b85c485e681 100644 --- a/htdocs/core/class/html.formprojet.class.php +++ b/htdocs/core/class/html.formprojet.class.php @@ -153,7 +153,14 @@ class FormProjets $sql.= " WHERE p.entity IN (".getEntity('project', 1).")"; if ($projectsListId !== false) $sql.= " AND p.rowid IN (".$projectsListId.")"; if ($socid == 0) $sql.= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)"; - if ($socid > 0 && empty($conf->global->PROJECT_ALLOW_TO_LINK_FROM_OTHER_COMPANY)) $sql.= " AND (p.fk_soc=".$socid." OR p.fk_soc IS NULL)"; + if ($socid > 0) + { + if (empty($conf->global->PROJECT_ALLOW_TO_LINK_FROM_OTHER_COMPANY)) $sql.= " AND (p.fk_soc=".$socid." OR p.fk_soc IS NULL)"; + else if ($conf->global->PROJECT_ALLOW_TO_LINK_FROM_OTHER_COMPANY != 'all') // PROJECT_ALLOW_TO_LINK_FROM_OTHER_COMPANY is 'all' or a list of ids separated by coma. + { + $sql.= " AND (p.fk_soc IN (".$socid.", ".$conf->global->PROJECT_ALLOW_TO_LINK_FROM_OTHER_COMPANY.") OR p.fk_soc IS NULL)"; + } + } if (!empty($filterkey)) { $sql .= ' AND ('; $sql .= ' p.title LIKE "%'.$this->db->escape($filterkey).'%"'; @@ -586,7 +593,7 @@ class FormProjets if ($num > 0) { $sellist = ''; $sql = "SELECT p.rowid as id, p.title, p.ref, p.public, p.dateo as do, p.datee as de, p.fk_statut as status"; @@ -597,7 +598,8 @@ function show_projects($conf, $langs, $db, $object, $backtopage='', $nocreatelin dol_print_error($db); } print "
"; - + print ''; + print "
\n"; } diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 33fa6e8b09f..59e5a3426a2 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -634,7 +634,7 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable } // Security: - // On interdit fichiers caches, remontees de repertoire ainsi que les pipes dans les noms de fichiers. + // We refuse cache files/dirs, upload using .. and pipes into filenames. if (preg_match('/^\./',$src_file) || preg_match('/\.\./',$src_file) || preg_match('/[<>|]/',$src_file)) { dol_syslog("Refused to deliver file ".$src_file, LOG_WARNING); @@ -707,6 +707,7 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable * @param int $nohook Disable all hooks * @param object $object Current object in use * @return boolean True if no error (file is deleted or if glob is used and there's nothing to delete), False if error + * @see dol_delete_dir */ function dol_delete_file($file,$disableglob=0,$nophperrors=0,$nohook=0,$object=null) { @@ -718,6 +719,14 @@ function dol_delete_file($file,$disableglob=0,$nophperrors=0,$nohook=0,$object=n dol_syslog("dol_delete_file file=".$file." disableglob=".$disableglob." nophperrors=".$nophperrors." nohook=".$nohook); + // Security: + // We refuse transversal using .. and pipes into filenames. + if (preg_match('/\.\./',$file) || preg_match('/[<>|]/',$file)) + { + dol_syslog("Refused to delete file ".$file, LOG_WARNING); + return False; + } + if (empty($nohook)) { $hookmanager->initHooks(array('fileslib')); @@ -782,9 +791,18 @@ function dol_delete_file($file,$disableglob=0,$nophperrors=0,$nohook=0,$object=n * @param string $dir Directory to delete * @param int $nophperrors Disable all PHP output errors * @return boolean True if success, false if error + * @see dol_delete_file */ function dol_delete_dir($dir,$nophperrors=0) { + // Security: + // We refuse transversal using .. and pipes into filenames. + if (preg_match('/\.\./',$dir) || preg_match('/[<>|]/',$dir)) + { + dol_syslog("Refused to delete dir ".$dir, LOG_WARNING); + return False; + } + $dir_osencoded=dol_osencode($dir); return ($nophperrors?@rmdir($dir_osencoded):rmdir($dir_osencoded)); } @@ -1355,7 +1373,8 @@ function dol_most_recent_file($dir,$regexfilter='',$excludefilter=array('(\.meta function dol_check_secure_access_document($modulepart,$original_file,$entity,$fuser='',$refname='') { global $user, $conf, $db; - + global $dolibarr_main_data_root; + if (! is_object($fuser)) $fuser=$user; if (empty($modulepart)) return 'ErrorBadParameter'; @@ -1369,141 +1388,140 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // find the subdirectory name as the reference if (empty($refname)) $refname=basename(dirname($original_file)."/"); + $relative_original_file = $original_file; + // Wrapping for some images - if ($modulepart == 'companylogo') + if ($modulepart == 'companylogo' && !empty($conf->mycompany->dir_output)) { $accessallowed=1; $original_file=$conf->mycompany->dir_output.'/logos/'.$original_file; } // Wrapping for users photos - elseif ($modulepart == 'userphoto') + elseif ($modulepart == 'userphoto' && !empty($conf->user->dir_output)) { $accessallowed=1; $original_file=$conf->user->dir_output.'/'.$original_file; } // Wrapping for members photos - elseif ($modulepart == 'memberphoto') + elseif ($modulepart == 'memberphoto' && !empty($conf->adherent->dir_output)) { $accessallowed=1; $original_file=$conf->adherent->dir_output.'/'.$original_file; } // Wrapping pour les apercu factures - elseif ($modulepart == 'apercufacture') + elseif ($modulepart == 'apercufacture' && !empty($conf->facture->dir_output)) { if ($fuser->rights->facture->lire) $accessallowed=1; $original_file=$conf->facture->dir_output.'/'.$original_file; } // Wrapping pour les apercu propal - elseif ($modulepart == 'apercupropal') + elseif ($modulepart == 'apercupropal' && !empty($conf->propal->dir_output)) { if ($fuser->rights->propale->lire) $accessallowed=1; $original_file=$conf->propal->dir_output.'/'.$original_file; } // Wrapping pour les apercu commande - elseif ($modulepart == 'apercucommande') + elseif ($modulepart == 'apercucommande' && !empty($conf->commande->dir_output)) { if ($fuser->rights->commande->lire) $accessallowed=1; $original_file=$conf->commande->dir_output.'/'.$original_file; } // Wrapping pour les apercu intervention - elseif ($modulepart == 'apercufichinter') + elseif ($modulepart == 'apercufichinter' && !empty($conf->ficheinter->dir_output)) { if ($fuser->rights->ficheinter->lire) $accessallowed=1; $original_file=$conf->ficheinter->dir_output.'/'.$original_file; } // Wrapping pour les images des stats propales - elseif ($modulepart == 'propalstats') + elseif ($modulepart == 'propalstats' && !empty($conf->propal->dir_temp)) { if ($fuser->rights->propale->lire) $accessallowed=1; $original_file=$conf->propal->dir_temp.'/'.$original_file; } // Wrapping pour les images des stats commandes - elseif ($modulepart == 'orderstats') + elseif ($modulepart == 'orderstats' && !empty($conf->commande->dir_temp)) { if ($fuser->rights->commande->lire) $accessallowed=1; $original_file=$conf->commande->dir_temp.'/'.$original_file; } - elseif ($modulepart == 'orderstatssupplier') + elseif ($modulepart == 'orderstatssupplier' && !empty($conf->fournisseur->dir_output)) { if ($fuser->rights->fournisseur->commande->lire) $accessallowed=1; $original_file=$conf->fournisseur->dir_output.'/commande/temp/'.$original_file; } // Wrapping pour les images des stats factures - elseif ($modulepart == 'billstats') + elseif ($modulepart == 'billstats' && !empty($conf->facture->dir_temp)) { if ($fuser->rights->facture->lire) $accessallowed=1; $original_file=$conf->facture->dir_temp.'/'.$original_file; } - elseif ($modulepart == 'billstatssupplier') + elseif ($modulepart == 'billstatssupplier' && !empty($conf->fournisseur->dir_output)) { if ($fuser->rights->fournisseur->facture->lire) $accessallowed=1; $original_file=$conf->fournisseur->dir_output.'/facture/temp/'.$original_file; } // Wrapping pour les images des stats expeditions - elseif ($modulepart == 'expeditionstats') + elseif ($modulepart == 'expeditionstats' && !empty($conf->expedition->dir_temp)) { if ($fuser->rights->expedition->lire) $accessallowed=1; $original_file=$conf->expedition->dir_temp.'/'.$original_file; } // Wrapping pour les images des stats expeditions - elseif ($modulepart == 'tripsexpensesstats') + elseif ($modulepart == 'tripsexpensesstats' && !empty($conf->deplacement->dir_temp)) { if ($fuser->rights->deplacement->lire) $accessallowed=1; $original_file=$conf->deplacement->dir_temp.'/'.$original_file; } // Wrapping pour les images des stats expeditions - elseif ($modulepart == 'memberstats') + elseif ($modulepart == 'memberstats' && !empty($conf->adherent->dir_temp)) { if ($fuser->rights->adherent->lire) $accessallowed=1; $original_file=$conf->adherent->dir_temp.'/'.$original_file; } // Wrapping pour les images des stats produits - elseif (preg_match('/^productstats_/i',$modulepart)) + elseif (preg_match('/^productstats_/i',$modulepart) && !empty($conf->product->dir_temp)) { if ($fuser->rights->produit->lire || $fuser->rights->service->lire) $accessallowed=1; $original_file=(!empty($conf->product->multidir_temp[$entity])?$conf->product->multidir_temp[$entity]:$conf->service->multidir_temp[$entity]).'/'.$original_file; } // Wrapping for products or services - elseif ($modulepart == 'tax') + elseif ($modulepart == 'tax' && !empty($conf->tax->dir_output)) { if ($fuser->rights->tax->charges->lire) $accessallowed=1; $original_file=$conf->tax->dir_output.'/'.$original_file; } // Wrapping for products or services - elseif ($modulepart == 'actions') + elseif ($modulepart == 'actions' && !empty($conf->agenda->dir_output)) { if ($fuser->rights->agenda->myactions->read) $accessallowed=1; $original_file=$conf->agenda->dir_output.'/'.$original_file; } // Wrapping for categories - elseif ($modulepart == 'category') + elseif ($modulepart == 'category' && !empty($conf->categorie->dir_output)) { if ($fuser->rights->categorie->lire) $accessallowed=1; $original_file=$conf->categorie->multidir_output[$entity].'/'.$original_file; } // Wrapping pour les prelevements - elseif ($modulepart == 'prelevement') + elseif ($modulepart == 'prelevement' && !empty($conf->prelevement->dir_output)) { - if ($fuser->rights->prelevement->bons->lire || preg_match('/^specimen/i',$original_file)) - { - $accessallowed=1; - } + if ($fuser->rights->prelevement->bons->lire || preg_match('/^specimen/i',$original_file)) $accessallowed=1; $original_file=$conf->prelevement->dir_output.'/'.$original_file; } // Wrapping pour les graph energie - elseif ($modulepart == 'graph_stock') + elseif ($modulepart == 'graph_stock' && !empty($conf->stock->dir_temp)) { $accessallowed=1; $original_file=$conf->stock->dir_temp.'/'.$original_file; } // Wrapping pour les graph fournisseurs - elseif ($modulepart == 'graph_fourn') + elseif ($modulepart == 'graph_fourn' && !empty($conf->fournisseur->dir_temp)) { $accessallowed=1; $original_file=$conf->fournisseur->dir_temp.'/'.$original_file; } // Wrapping pour les graph des produits - elseif ($modulepart == 'graph_product') + elseif ($modulepart == 'graph_product' && !empty($conf->product->dir_temp)) { $accessallowed=1; $original_file=$conf->product->multidir_temp[$entity].'/'.$original_file; @@ -1512,32 +1530,31 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu elseif ($modulepart == 'barcode') { $accessallowed=1; - // If viewimage is called for barcode, we try to output an image on the fly, - // with not build of file on disk. + // If viewimage is called for barcode, we try to output an image on the fly, with no build of file on disk. //$original_file=$conf->barcode->dir_temp.'/'.$original_file; $original_file=''; } // Wrapping pour les icones de background des mailings - elseif ($modulepart == 'iconmailing') + elseif ($modulepart == 'iconmailing' && !empty($conf->mailing->dir_temp)) { $accessallowed=1; $original_file=$conf->mailing->dir_temp.'/'.$original_file; } - // Wrapping pour les icones de background des mailings - elseif ($modulepart == 'scanner_user_temp') + // Wrapping pour le scanner + elseif ($modulepart == 'scanner_user_temp' && !empty($conf->scanner->dir_temp)) { $accessallowed=1; $original_file=$conf->scanner->dir_temp.'/'.$fuser->id.'/'.$original_file; } // Wrapping pour les images fckeditor - elseif ($modulepart == 'fckeditor') + elseif ($modulepart == 'fckeditor' && !empty($conf->fckeditor->dir_output)) { $accessallowed=1; $original_file=$conf->fckeditor->dir_output.'/'.$original_file; } // Wrapping for third parties - else if ($modulepart == 'company' || $modulepart == 'societe') + else if (($modulepart == 'company' || $modulepart == 'societe') && !empty($conf->societe->dir_output)) { if ($fuser->rights->societe->lire || preg_match('/^specimen/i',$original_file)) { @@ -1548,7 +1565,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } // Wrapping for contact - else if ($modulepart == 'contact') + else if ($modulepart == 'contact' && !empty($conf->societe->dir_output)) { if ($fuser->rights->societe->lire) { @@ -1558,7 +1575,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } // Wrapping for invoices - else if ($modulepart == 'facture' || $modulepart == 'invoice') + else if (($modulepart == 'facture' || $modulepart == 'invoice') && !empty($conf->facture->dir_output)) { if ($fuser->rights->facture->lire || preg_match('/^specimen/i',$original_file)) { @@ -1567,7 +1584,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu $original_file=$conf->facture->dir_output.'/'.$original_file; $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."facture WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity; } - else if ($modulepart == 'massfilesarea_proposals') + else if ($modulepart == 'massfilesarea_proposals' && !empty($conf->propal->dir_output)) { if ($fuser->rights->propal->lire || preg_match('/^specimen/i',$original_file)) { @@ -1592,8 +1609,8 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu $original_file=$conf->facture->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file; } - // Wrapping pour les fiches intervention - else if ($modulepart == 'ficheinter') + // Wrapping for interventions + else if (($modulepart == 'fichinter' || $modulepart == 'ficheinter') && !empty($conf->ficheinter->dir_output)) { if ($fuser->rights->ficheinter->lire || preg_match('/^specimen/i',$original_file)) { @@ -1604,7 +1621,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } // Wrapping pour les deplacements et notes de frais - else if ($modulepart == 'deplacement') + else if ($modulepart == 'deplacement' && !empty($conf->deplacement->dir_output)) { if ($fuser->rights->deplacement->lire || preg_match('/^specimen/i',$original_file)) { @@ -1614,7 +1631,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu //$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity; } // Wrapping pour les propales - else if ($modulepart == 'propal') + else if ($modulepart == 'propal' && !empty($conf->propal->dir_output)) { if ($fuser->rights->propale->lire || preg_match('/^specimen/i',$original_file)) { @@ -1626,7 +1643,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } // Wrapping pour les commandes - else if ($modulepart == 'commande' || $modulepart == 'order') + else if (($modulepart == 'commande' || $modulepart == 'order') && !empty($conf->commande->dir_output)) { if ($fuser->rights->commande->lire || preg_match('/^specimen/i',$original_file)) { @@ -1637,7 +1654,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } // Wrapping pour les projets - else if ($modulepart == 'project') + else if ($modulepart == 'project' && !empty($conf->projet->dir_output)) { if ($fuser->rights->projet->lire || preg_match('/^specimen/i',$original_file)) { @@ -1646,7 +1663,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu $original_file=$conf->projet->dir_output.'/'.$original_file; $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."projet WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity; } - else if ($modulepart == 'project_task') + else if ($modulepart == 'project_task' && !empty($conf->projet->dir_output)) { if ($fuser->rights->projet->lire || preg_match('/^specimen/i',$original_file)) { @@ -1655,19 +1672,9 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu $original_file=$conf->projet->dir_output.'/'.$original_file; $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."projet WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity; } - // Wrapping for interventions - else if ($modulepart == 'fichinter') - { - if ($fuser->rights->ficheinter->lire || preg_match('/^specimen/i',$original_file)) - { - $accessallowed=1; - } - $original_file=$conf->ficheinter->dir_output.'/'.$original_file; - $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity; - } // Wrapping pour les commandes fournisseurs - else if ($modulepart == 'commande_fournisseur' || $modulepart == 'order_supplier') + else if (($modulepart == 'commande_fournisseur' || $modulepart == 'order_supplier') && !empty($conf->fournisseur->commande->dir_output)) { if ($fuser->rights->fournisseur->commande->lire || preg_match('/^specimen/i',$original_file)) { @@ -1678,7 +1685,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } // Wrapping pour les factures fournisseurs - else if ($modulepart == 'facture_fournisseur' || $modulepart == 'invoice_supplier') + else if (($modulepart == 'facture_fournisseur' || $modulepart == 'invoice_supplier') && !empty($conf->fournisseur->facture->dir_output)) { if ($fuser->rights->fournisseur->facture->lire || preg_match('/^specimen/i',$original_file)) { @@ -1689,7 +1696,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } // Wrapping pour les rapport de paiements - else if ($modulepart == 'facture_paiement') + else if ($modulepart == 'facture_paiement' && !empty($conf->facture->dir_output)) { if ($fuser->rights->facture->lire || preg_match('/^specimen/i',$original_file)) { @@ -1700,7 +1707,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } // Wrapping for accounting exports - else if ($modulepart == 'export_compta') + else if ($modulepart == 'export_compta' && !empty($conf->accounting->dir_output)) { if ($fuser->rights->accounting->bind->write || preg_match('/^specimen/i',$original_file)) { @@ -1710,7 +1717,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } // Wrapping pour les expedition - else if ($modulepart == 'expedition') + else if ($modulepart == 'expedition' && !empty($conf->expedition->dir_output)) { if ($fuser->rights->expedition->lire || preg_match('/^specimen/i',$original_file)) { @@ -1720,7 +1727,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } // Wrapping pour les bons de livraison - else if ($modulepart == 'livraison') + else if ($modulepart == 'livraison' && !empty($conf->livraison->dir_output)) { if ($fuser->rights->expedition->livraison->lire || preg_match('/^specimen/i',$original_file)) { @@ -1730,7 +1737,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } // Wrapping pour les actions - else if ($modulepart == 'actions') + else if ($modulepart == 'actions' && !empty($conf->agenda->dir_output)) { if ($fuser->rights->agenda->myactions->read || preg_match('/^specimen/i',$original_file)) { @@ -1740,7 +1747,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } // Wrapping pour les actions - else if ($modulepart == 'actionsreport') + else if ($modulepart == 'actionsreport' && !empty($conf->agenda->dir_temp)) { if ($fuser->rights->agenda->allactions->read || preg_match('/^specimen/i',$original_file)) { @@ -1761,7 +1768,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } // Wrapping pour les contrats - else if ($modulepart == 'contract') + else if ($modulepart == 'contract' && !empty($conf->contrat->dir_output)) { if ($fuser->rights->contrat->lire || preg_match('/^specimen/i',$original_file)) { @@ -1771,7 +1778,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } // Wrapping pour les dons - else if ($modulepart == 'donation') + else if ($modulepart == 'donation' && !empty($conf->donation->dir_output)) { if ($fuser->rights->don->lire || preg_match('/^specimen/i',$original_file)) { @@ -1781,7 +1788,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } // Wrapping pour les remises de cheques - else if ($modulepart == 'remisecheque') + else if ($modulepart == 'remisecheque' && !empty($conf->banque->dir_output)) { if ($fuser->rights->banque->lire || preg_match('/^specimen/i',$original_file)) { @@ -1792,7 +1799,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } // Wrapping for bank - else if ($modulepart == 'bank') + else if ($modulepart == 'bank' && !empty($conf->bank->dir_output)) { if ($fuser->rights->banque->lire) { @@ -1802,7 +1809,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } // Wrapping for export module - else if ($modulepart == 'export') + else if ($modulepart == 'export' && !empty($conf->export->dir_temp)) { // Aucun test necessaire car on force le rep de download sur // le rep export qui est propre a l'utilisateur @@ -1811,47 +1818,42 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } // Wrapping for import module - else if ($modulepart == 'import') + else if ($modulepart == 'import' && !empty($conf->import->dir_temp)) { $accessallowed=1; $original_file=$conf->import->dir_temp.'/'.$original_file; } // Wrapping pour l'editeur wysiwyg - else if ($modulepart == 'editor') + else if ($modulepart == 'editor' && !empty($conf->fckeditor->dir_output)) { $accessallowed=1; $original_file=$conf->fckeditor->dir_output.'/'.$original_file; } // Wrapping for miscellaneous medias files - elseif ($modulepart == 'medias') + elseif ($modulepart == 'medias' && !empty($dolibarr_main_data_root)) { $accessallowed=1; - global $dolibarr_main_data_root; $original_file=$dolibarr_main_data_root.'/medias/'.$original_file; } // Wrapping for backups - else if ($modulepart == 'systemtools') + else if ($modulepart == 'systemtools' && !empty($conf->admin->dir_output)) { - if ($fuser->admin) - { - $accessallowed=1; - } + if ($fuser->admin) $accessallowed=1; $original_file=$conf->admin->dir_output.'/'.$original_file; } // Wrapping for upload file test - else if ($modulepart == 'admin_temp') + else if ($modulepart == 'admin_temp' && !empty($conf->admin->dir_temp)) { - if ($fuser->admin) - $accessallowed=1; + if ($fuser->admin) $accessallowed=1; $original_file=$conf->admin->dir_temp.'/'.$original_file; } // Wrapping pour BitTorrent - else if ($modulepart == 'bittorrent') + else if ($modulepart == 'bittorrent' && !empty($conf->bittorrent->dir_output)) { $accessallowed=1; $dir='files'; @@ -1860,7 +1862,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } // Wrapping pour Foundation module - else if ($modulepart == 'member') + else if ($modulepart == 'member' && !empty($conf->adherent->dir_output)) { if ($fuser->rights->adherent->lire || preg_match('/^specimen/i',$original_file)) { @@ -1870,7 +1872,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } // Wrapping for Scanner - else if ($modulepart == 'scanner_user_temp') + else if ($modulepart == 'scanner_user_temp' && !empty($conf->scanner->dir_temp)) { $accessallowed=1; $original_file=$conf->scanner->dir_temp.'/'.$fuser->id.'/'.$original_file; @@ -1883,20 +1885,38 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // If modulepart=module Allows any module to open a file if file is in directory called DOL_DATA_ROOT/modulepart else { + if (preg_match('/^specimen/i',$original_file)) $accessallowed=1; // If link to a file called specimen. Test must be done before changing $original_file int full path. + if ($fuser->admin) $accessallowed=1; // If user is admin + // Define $accessallowed if (preg_match('/^([a-z]+)_user_temp$/i',$modulepart,$reg)) { - if ($fuser->rights->{$reg[1]}->lire || $fuser->rights->{$reg[1]}->read || ($fuser->rights->{$reg[1]}->download)) $accessallowed=1; + if (empty($conf->{$reg[1]}->dir_temp)) // modulepart not supported + { + dol_print_error('','Error call dol_check_secure_access_document with not supported value for modulepart parameter ('.$modulepart.')'); + exit; + } + if ($fuser->rights->{$reg[1]}->lire || $fuser->rights->{$reg[1]}->read || ($fuser->rights->{$reg[1]}->download)) $accessallowed=1; $original_file=$conf->{$reg[1]}->dir_temp.'/'.$fuser->id.'/'.$original_file; } else if (preg_match('/^([a-z]+)_temp$/i',$modulepart,$reg)) { - if ($fuser->rights->{$reg[1]}->lire || $fuser->rights->{$reg[1]}->read || ($fuser->rights->{$reg[1]}->download)) $accessallowed=1; + if (empty($conf->{$reg[1]}->dir_temp)) // modulepart not supported + { + dol_print_error('','Error call dol_check_secure_access_document with not supported value for modulepart parameter ('.$modulepart.')'); + exit; + } + if ($fuser->rights->{$reg[1]}->lire || $fuser->rights->{$reg[1]}->read || ($fuser->rights->{$reg[1]}->download)) $accessallowed=1; $original_file=$conf->{$reg[1]}->dir_temp.'/'.$original_file; } else if (preg_match('/^([a-z]+)_user$/i',$modulepart,$reg)) { - if ($fuser->rights->{$reg[1]}->lire || $fuser->rights->{$reg[1]}->read || ($fuser->rights->{$reg[1]}->download)) $accessallowed=1; + if (empty($conf->{$reg[1]}->dir_output)) // modulepart not supported + { + dol_print_error('','Error call dol_check_secure_access_document with not supported value for modulepart parameter ('.$modulepart.')'); + exit; + } + if ($fuser->rights->{$reg[1]}->lire || $fuser->rights->{$reg[1]}->read || ($fuser->rights->{$reg[1]}->download)) $accessallowed=1; $original_file=$conf->{$reg[1]}->dir_output.'/'.$fuser->id.'/'.$original_file; } else @@ -1920,8 +1940,6 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu $original_file=$conf->$modulepart->dir_output.'/'.$original_file; } } - if (preg_match('/^specimen/i',$original_file)) $accessallowed=1; // If link to a specimen - if ($fuser->admin) $accessallowed=1; // If user is admin // For modules who wants to manage different levels of permissions for documents $subPermCategoryConstName = strtoupper($modulepart).'_SUBPERMCATEGORY_FOR_DOCUMENTS'; @@ -1953,7 +1971,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } /** - * Store object in file + * Store object in file. * * @param string $directory Directory of cache * @param string $filename Name of filecache @@ -1969,7 +1987,7 @@ function dol_filecache($directory, $filename, $object) } /** - * Test if Refresh needed + * Test if Refresh needed. * * @param string $directory Directory of cache * @param string $filename Name of filecache @@ -1985,7 +2003,7 @@ function dol_cache_refresh($directory, $filename, $cachetime) } /** - * Read object from cachefile + * Read object from cachefile. * * @param string $directory Directory of cache * @param string $filename Name of filecache diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index c20169270bf..7870824285a 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -1,6 +1,6 @@ - * Copyright (C) 2008-2012 Regis Houssin + * Copyright (C) 2008-2017 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -74,7 +74,7 @@ function dol_decode($chain) * If constant MAIN_SECURITY_SALT is defined, we use it as a salt. * * @param string $chain String to hash - * @param int $type Type of hash (0:auto, 1:sha1, 2:sha1+md5, 3:md5). Use 3 here, if hash is not needed for security purpose, for security need, prefer 0. + * @param int $type Type of hash (0:auto, 1:sha1, 2:sha1+md5, 3:md5, 4:md5 for OpenLdap). Use 3 here, if hash is not needed for security purpose, for security need, prefer 0. * @return string Hash of string */ function dol_hash($chain,$type=0) @@ -87,6 +87,7 @@ function dol_hash($chain,$type=0) if ($type == 1) return sha1($chain); else if ($type == 2) return sha1(md5($chain)); else if ($type == 3) return md5($chain); + else if ($type == 4) return '{md5}'.base64_encode(mhash(MHASH_MD5,$chain)); // For OpenLdap with md5 else if (! empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'sha1') return sha1($chain); else if (! empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'sha1md5') return sha1(md5($chain)); @@ -343,7 +344,7 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu * This function is also called by restrictedArea * * @param User $user User to check - * @param array $featuresarray Features/modules to check. Example: ('user','service') + * @param array $featuresarray Features/modules to check. Example: ('user','service') * @param int $objectid Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional). * @param string $tableandshare 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity for multicompany modume. Param not used if objectid is null (optional). * @param string $feature2 Feature to check, second level of permission (optional). Can be or check with 'level1|level2'. @@ -367,7 +368,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh // For backward compatibility if ($feature == 'member') $feature='adherent'; - + $check = array('adherent','banque','user','usergroup','produit','service','produit|service','categorie'); // Test on entity only (Objects with no link to company) $checksoc = array('societe'); // Test for societe object $checkother = array('contact'); // Test on entity and link to societe. Allowed if link is empty (Ex: contacts...). diff --git a/htdocs/core/login/functions_dolibarr.php b/htdocs/core/login/functions_dolibarr.php index ee162bd9cc8..daf82b2f995 100644 --- a/htdocs/core/login/functions_dolibarr.php +++ b/htdocs/core/login/functions_dolibarr.php @@ -47,7 +47,7 @@ function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest= { dol_syslog("functions_dolibarr::check_user_password_dolibarr usertotest=".$usertotest." passwordtotest=".preg_replace('/./','*',$passwordtotest)." entitytotest=".$entitytotest); - // If test username/password asked, we define $test=false and $login var if ok, set $_SESSION["dol_loginmesg"] if ko + // If test username/password asked, we define $test=false if ko and $login var to login if ok, set also $_SESSION["dol_loginmesg"] if ko $table = MAIN_DB_PREFIX."user"; $usernamecol1 = 'login'; $usernamecol2 = 'email'; @@ -59,6 +59,9 @@ function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest= if (preg_match('/@/',$usertotest)) $sql.=' OR '.$usernamecol2." = '".$db->escape($usertotest)."'"; $sql.=') AND '.$entitycol." IN (0," . ($entity ? $entity : 1) . ")"; $sql.=' AND statut = 1'; + // Required to first found the user into entity, then the superadmin. + // For the case (TODO and that we must avoid) a user has renamed its login with same value than a user in entity 0. + $sql.=' ORDER BY entity DESC'; $resql=$db->query($sql); if ($resql) diff --git a/htdocs/core/modules/import/import_csv.modules.php b/htdocs/core/modules/import/import_csv.modules.php index 3e3ec91dd60..96f0dca04fa 100644 --- a/htdocs/core/modules/import/import_csv.modules.php +++ b/htdocs/core/modules/import/import_csv.modules.php @@ -588,9 +588,9 @@ class ImportCsv extends ModeleImports { $updatedone = false; $insertdone = false; - if(!empty($updatekeys)) { + if (!empty($updatekeys)) { // We do SELECT to get the rowid, if we already have the rowid, it's to be used below for related tables (extrafields) - if(empty($lastinsertid)) { + if (empty($lastinsertid)) { $sqlSelect = 'SELECT rowid FROM '.$tablename; $data = array_combine($listfields, $listvalues); @@ -627,7 +627,7 @@ class ImportCsv extends ModeleImports } } - if(!empty($lastinsertid)) { + if (!empty($lastinsertid)) { // Build SQL UPDATE request $sqlstart = 'UPDATE '.$tablename; @@ -660,7 +660,7 @@ class ImportCsv extends ModeleImports } // Update not done, we do insert - if(!$error && !$updatedone) { + if (!$error && !$updatedone) { // Build SQL INSERT request $sqlstart = 'INSERT INTO '.$tablename.'('.implode(', ', $listfields).', import_key'; $sqlend = ') VALUES('.implode(', ', $listvalues).", '".$importid."'"; @@ -679,10 +679,10 @@ class ImportCsv extends ModeleImports if ($sql) { $resql=$this->db->query($sql); - $last_insert_id_array[$tablename] = $this->db->last_insert_id($tablename); // store the last inserted auto_increment id for each table, so that dependent tables can be inserted with the appropriate id. This must be done just after the INSERT request, else we risk losing the id (because another sql query will be issued somewhere in Dolibarr). if ($resql) { - $insertdone = true; + $last_insert_id_array[$tablename] = $this->db->last_insert_id($tablename); // store the last inserted auto_increment id for each table, so that child tables can be inserted with the appropriate id. This must be done just after the INSERT request, else we risk losing the id (because another sql query will be issued somewhere in Dolibarr). + $insertdone = true; } else { diff --git a/htdocs/core/modules/modNotification.class.php b/htdocs/core/modules/modNotification.class.php index c29c77b8f24..72c90ca7a6d 100644 --- a/htdocs/core/modules/modNotification.class.php +++ b/htdocs/core/modules/modNotification.class.php @@ -44,7 +44,7 @@ class modNotification extends DolibarrModules $this->family = "technic"; // Module label (no space allowed), used if translation string 'ModuleXXXName' not found (where XXX is value of numeric property 'numero' of module) $this->name = preg_replace('/^mod/i','',get_class($this)); - $this->description = "Gestion des notifications (par mail) sur evenement Dolibarr"; + $this->description = "EMail notifications (push) on business Dolibarr events"; $this->version = 'dolibarr'; // 'experimental' or 'dolibarr' or version $this->const_name = 'MAIN_MODULE_'.strtoupper($this->name); $this->special = 1; diff --git a/htdocs/core/tpl/resource_add.tpl.php b/htdocs/core/tpl/resource_add.tpl.php index 97cb933bcf7..b521445701b 100644 --- a/htdocs/core/tpl/resource_add.tpl.php +++ b/htdocs/core/tpl/resource_add.tpl.php @@ -6,9 +6,9 @@ require_once(DOL_DOCUMENT_ROOT.'/resource/class/html.formresource.class.php'); $form = new Form($db); $formresources = new FormResource($db); -$out = '
'; +$out = '
'; -$out .= '
'; +$out .= ''; $out .= ''; $out .= ''; $out .= ''; diff --git a/htdocs/filefunc.inc.php b/htdocs/filefunc.inc.php index bea82d34bb9..f385fa2a524 100644 --- a/htdocs/filefunc.inc.php +++ b/htdocs/filefunc.inc.php @@ -31,7 +31,7 @@ */ if (! defined('DOL_APPLICATION_TITLE')) define('DOL_APPLICATION_TITLE','Dolibarr'); -if (! defined('DOL_VERSION')) define('DOL_VERSION','5.0.0'); // a.b.c-alpha, a.b.c-beta, a.b.c-rcX or a.b.c +if (! defined('DOL_VERSION')) define('DOL_VERSION','5.0.1'); // a.b.c-alpha, a.b.c-beta, a.b.c-rcX or a.b.c if (! defined('EURO')) define('EURO',chr(128)); diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index a4c18986fe4..7d1d5fbdf1d 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -2950,7 +2950,8 @@ class CommandeFournisseurLigne extends CommonOrderLine $sql.= ' cd.info_bits, cd.total_ht, cd.total_tva, cd.total_ttc,'; $sql.= ' cd.total_localtax1, cd.total_localtax2,'; $sql.= ' p.ref as product_ref, p.label as product_libelle, p.description as product_desc,'; - $sql.= ' cd.date_start, cd.date_end, cd.fk_unit'; + $sql.= ' cd.date_start, cd.date_end, cd.fk_unit,'; + $sql.= ' cd.multicurrency_subprice, cd.multicurrency_total_ht, cd.multicurrency_total_tva, cd.multicurrency_total_ttc'; $sql.= ' FROM '.MAIN_DB_PREFIX.'commande_fournisseurdet as cd'; $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON cd.fk_product = p.rowid'; $sql.= ' WHERE cd.rowid = '.$rowid; @@ -2958,6 +2959,7 @@ class CommandeFournisseurLigne extends CommonOrderLine if ($result) { $objp = $this->db->fetch_object($result); + $this->rowid = $objp->rowid; $this->id = $objp->rowid; $this->fk_commande = $objp->fk_commande; @@ -2985,10 +2987,15 @@ class CommandeFournisseurLigne extends CommonOrderLine $this->product_libelle = $objp->product_libelle; $this->product_desc = $objp->product_desc; - $this->date_start = $this->db->jdate($objp->date_start); - $this->date_end = $this->db->jdate($objp->date_end); - $this->fk_unit = $objp->fk_unit; - + $this->date_start = $this->db->jdate($objp->date_start); + $this->date_end = $this->db->jdate($objp->date_end); + $this->fk_unit = $objp->fk_unit; + + $this->multicurrency_subprice = $objp->multicurrency_subprice; + $this->multicurrency_total_ht = $objp->multicurrency_total_ht; + $this->multicurrency_total_tva = $objp->multicurrency_total_tva; + $this->multicurrency_total_ttc = $objp->multicurrency_total_ttc; + $this->db->free($result); return 1; } diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index 5602f573e90..009f765e5cd 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -2385,8 +2385,9 @@ class SupplierInvoiceLine extends CommonObjectLine { $sql = 'SELECT f.rowid, f.ref as ref_supplier, f.description, f.pu_ht, f.pu_ttc, f.qty, f.remise_percent, f.tva_tx'; $sql.= ', f.localtax1_type, f.localtax2_type, f.localtax1_tx, f.localtax2_tx, f.total_localtax1, f.total_localtax2 '; - $sql.= ', f.total_ht, f.tva as total_tva, f.total_ttc, f.fk_product, f.product_type, f.info_bits, f.rang, f.special_code, f.fk_parent_line, f.fk_unit'; + $sql.= ', f.total_ht, f.tva as total_tva, f.total_ttc, f.fk_facture_fourn, f.fk_product, f.product_type, f.info_bits, f.rang, f.special_code, f.fk_parent_line, f.fk_unit'; $sql.= ', p.rowid as product_id, p.ref as product_ref, p.label as label, p.description as product_desc'; + $sql.= ', f.multicurrency_subprice, f.multicurrency_total_ht, f.multicurrency_total_tva, multicurrency_total_ttc'; $sql.= ' FROM '.MAIN_DB_PREFIX.'facture_fourn_det as f'; $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON f.fk_product = p.rowid'; $sql.= ' WHERE f.rowid = '.$rowid; @@ -2407,6 +2408,7 @@ class SupplierInvoiceLine extends CommonObjectLine $this->id = $obj->rowid; $this->rowid = $obj->rowid; + $this->fk_facture_fourn = $obj->fk_facture_fourn; $this->description = $obj->description; $this->product_ref = $obj->product_ref; $this->ref = $obj->product_ref; @@ -2439,6 +2441,11 @@ class SupplierInvoiceLine extends CommonObjectLine $this->rang = $obj->rang; $this->fk_unit = $obj->fk_unit; + $this->multicurrency_subprice = $obj->multicurrency_subprice; + $this->multicurrency_total_ht = $obj->multicurrency_total_ht; + $this->multicurrency_total_tva = $obj->multicurrency_total_tva; + $this->multicurrency_total_ttc = $obj->multicurrency_total_ttc; + return 1; } diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index 4bb3346b375..09ce7ef46aa 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -2411,6 +2411,7 @@ else print $langs->trans('AlreadyPaid'); print ' :
 0)?' class="amountalreadypaid"':'').'>' . price($totalpaye) . ' 
'; //print ''; @@ -949,7 +950,7 @@ if ($resql) print ''. dol_print_date($objp->sellby,'day') .''; print $warehousestatic->getNomUrl(1); diff --git a/htdocs/product/stock/productlot_card.php b/htdocs/product/stock/productlot_card.php index 3407c75a6f5..4d1b82307f8 100644 --- a/htdocs/product/stock/productlot_card.php +++ b/htdocs/product/stock/productlot_card.php @@ -270,24 +270,6 @@ llxHeader('','ProductLot',''); $form=new Form($db); -// Put here content of your page - -// Example : Adding jquery code -print ''; - - // Part to create if ($action == 'create') { @@ -335,19 +317,18 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea print $formconfirm; } - print ''."\n"; $linkback = '' . $langs->trans("BackToList") . ''; - // Ref - print ''; - print ''; - print ''; + dol_banner_tab($object, 'id', $linkback, 1, 'rowid', 'batch'); + + print '
'; + print '
'; + + print '
' . $langs->trans('Batch') . ''; - print $form->showrefnav($object, 'id', $linkback, 1, 'rowid', 'batch'); - print '
'."\n"; // Product - print ''; print ''; @@ -364,7 +345,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea // Sell by print ''; print ''; @@ -375,6 +356,8 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea print '
'.$langs->trans("Product").''; + print '
'.$langs->trans("Product").''; $producttmp = new Product($db); $producttmp->fetch($object->fk_product); print $producttmp->getNomUrl(1, 'stock'); @@ -356,7 +337,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea // Eat by print '
'; print $form->editfieldkey($langs->trans('Eatby'), 'eatby', $object->eatby, $object, $user->rights->stock->creer, 'datepicker'); - print ''; + print ''; print $form->editfieldval($langs->trans('Eatby'), 'eatby', $object->eatby, $object, $user->rights->stock->creer, 'datepicker'); print '
'; print $form->editfieldkey($langs->trans('Sellby'), 'sellby', $object->sellby, $object, $user->rights->stock->creer, 'datepicker'); - print ''; + print ''; print $form->editfieldval($langs->trans('Sellby'), 'sellby', $object->sellby, $object, $user->rights->stock->creer, 'datepicker'); print '
'; + print ''; + dol_fiche_end(); diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php index 661272631bc..f69b54cffdc 100644 --- a/htdocs/projet/card.php +++ b/htdocs/projet/card.php @@ -591,6 +591,7 @@ if ($action == 'create' && $user->rights->projet->creer) // Categories print '
'.$langs->trans("Categories").''; $cate_arbo = $form->select_all_categories(Categorie::TYPE_PROJECT, '', 'parent', 64, 0, 1); + $arrayselected=GETPOST('categories', 'array'); print $form->multiselectarray('categories', $cate_arbo, $arrayselected, '', 0, '', 0, '100%'); print "
'; print ''; - print ''; + print ''; print ''; - print ''; + print ''; // Show fields of bank account foreach($account->getFieldsToShow(1) as $val) @@ -406,24 +408,24 @@ if ($socid && $action != 'edit' && $action != "create") } print ''; - print ''; + print ''; print ''; } - print '\n"; - print '\n"; - print '\n"; print '
'.$langs->trans("LabelRIB").''.$account->label.'
'.$account->label.'
'.$langs->trans("BankName").''.$account->bank.'
'.$account->bank.'
'.$langs->trans($val).''.$content.''.$content.'
'.$langs->trans("BankAccountDomiciliation").''; + print '
'.$langs->trans("BankAccountDomiciliation").''; print $account->domiciliation; print "
'.$langs->trans("BankAccountOwner").''; + print '
'.$langs->trans("BankAccountOwner").''; print $account->proprio; print "
'.$langs->trans("BankAccountOwnerAddress").''; + print '
'.$langs->trans("BankAccountOwnerAddress").''; print $account->owner_address; print "
'; - + print ''; print '
'; @@ -610,7 +612,7 @@ if ($socid && $action != 'edit' && $action != "create") { $colspan=8; if (! empty($conf->prelevement->enabled)) $colspan+=2; - print '
'.$langs->trans("NoBANRecord").'
'.$langs->trans("NoBANRecord").'
'; diff --git a/htdocs/societe/soc.php b/htdocs/societe/soc.php index 3da099390ac..b5bda51b4ba 100644 --- a/htdocs/societe/soc.php +++ b/htdocs/societe/soc.php @@ -123,15 +123,14 @@ if (empty($reshook)) $soc_origin_id = GETPOST('soc_origin', 'int'); $soc_origin = new Societe($db); - if ($soc_origin_id < 1) + if ($soc_origin_id <= 0) { $langs->load('errors'); $langs->load('companies'); - setEventMessages($langs->trans('ErrorProdIdIsMandatory', $langs->trans('MergeOriginThirdparty')), null, 'errors'); + setEventMessages($langs->trans('ErrorThirdPartyIdIsMandatory', $langs->trans('MergeOriginThirdparty')), null, 'errors'); } else { - if (!$errors && $soc_origin->fetch($soc_origin_id) < 1) { setEventMessages($langs->trans('ErrorRecordNotFound'), null, 'errors'); @@ -140,8 +139,44 @@ if (empty($reshook)) if (!$errors) { + // TODO Move the merge function into class of object. + $db->begin(); + // Recopy some data + $object->client = $object->client | $soc_origin->client; + $object->fournisseur = $object->fournisseur | $soc_origin->fournisseur; + $listofproperties=array( + 'address', 'zip', 'town', 'state_id', 'country_id', 'phone', 'phone_pro', 'fax', 'email', 'skype', 'url', 'barcode', 'idprof1', 'idprof2', 'idprof3', 'idprof4', 'idprof5', 'idprof6', + 'tva_intra', 'effectif_id', 'forme_juridique', 'remise_percent', 'mode_reglement_supplier_id', 'cond_reglement_supplier_id', 'name_bis', + 'stcomm_id', 'outstanding_limit', 'price_level', 'parent', 'default_lang', 'ref', 'ref_ext', 'import_key', 'fk_incoterms', 'fk_multicurrency', + 'code_client', 'code_fournisseur', 'code_compta', 'code_compta_fournisseur', + 'model_pdf', 'fk_projet' + ); + foreach ($listofproperties as $property) + { + if (empty($object->$property)) $object->$property = $soc_origin->$property; + } + + // Concat some data + $listofproperties=array( + 'note_public', 'note_private' + ); + foreach ($listofproperties as $property) + { + $object->$property = dol_concatdesc($object->$property, $soc_origin->$property); + } + + // Merge extrafields + foreach ($soc_origin->array_options as $key => $val) + { + if (empty($object->array_options[$key])) $object->array_options[$key] = $val; + } + + // TODO Merge categories + $object->update($object->id, $user); + + // Move links $objects = array( 'Adherent' => '/adherents/class/adherent.class.php', 'Societe' => '/societe/class/societe.class.php', @@ -159,6 +194,7 @@ if (empty($reshook)) 'Fichinter' => '/fichinter/class/fichinter.class.php', 'CommandeFournisseur' => '/fourn/class/fournisseur.commande.class.php', 'FactureFournisseur' => '/fourn/class/fournisseur.facture.class.php', + 'SupplierProposal' => '/supplier_proposal/class/supplier_proposal.class.php', 'ProductFournisseur' => '/fourn/class/fournisseur.product.class.php', 'Livraison' => '/livraison/class/livraison.class.php', 'Product' => '/product/class/product.class.php', @@ -451,6 +487,7 @@ if (empty($reshook)) if (empty($object->fournisseur)) $object->code_fournisseur=''; $result = $object->create($user); + if ($result >= 0) { if ($object->particulier) diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index 53e7bf8ad34..d666f421cdb 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -2532,6 +2532,24 @@ class SupplierProposal extends CommonObject return $this->commonGenerateDocument($modelpath, $modele, $outputlangs, $hidedetails, $hidedesc, $hideref); } + + /** + * Function used to replace a thirdparty id with another one. + * + * @param DoliDB $db Database handler + * @param int $origin_id Old thirdparty id + * @param int $dest_id New thirdparty id + * @return bool + */ + public static function replaceThirdparty(DoliDB $db, $origin_id, $dest_id) + { + $tables = array( + 'supplier_proposal' + ); + + return CommonObject::commonReplaceThirdparty($db, $origin_id, $dest_id, $tables); + } + } diff --git a/htdocs/theme/eldy/img/object_bookmark.png b/htdocs/theme/eldy/img/object_bookmark.png index 39109ef5ee6..42f702a584c 100644 Binary files a/htdocs/theme/eldy/img/object_bookmark.png and b/htdocs/theme/eldy/img/object_bookmark.png differ diff --git a/htdocs/theme/eldy/style.css.php b/htdocs/theme/eldy/style.css.php index 0a802475f01..7c699c31e7f 100644 --- a/htdocs/theme/eldy/style.css.php +++ b/htdocs/theme/eldy/style.css.php @@ -577,13 +577,13 @@ div.myavailability { text-overflow: ellipsis; white-space: nowrap; } -.tdoverflowmax100 { +.tdoverflowmax100 { /* For tdoverflow, the max-midth become a minimum ! */ max-width: 100px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap; } -.tdoverflowmax300 { +.tdoverflowmax300 { /* For tdoverflow, the max-midth become a minimum ! */ max-width: 300px; overflow: hidden; text-overflow: ellipsis; @@ -2742,11 +2742,12 @@ div.pagination li.paginationafterarrows { } */ + /* Set the color for hover lines */ .odd:hover, .impair:hover, .even:hover, .pair:hover, .even:hover, .pair:hover, table.dataTable tr.even:hover, table.dataTable tr.odd:hover, .box_pair:hover, .box_impair:hover { - background: rgb() !important; + background-color: rgb() !important; } @@ -2757,10 +2758,10 @@ div.pagination li.paginationafterarrows { color: #202020; min-height: 18px; /* seems to not be used */ - background: #; + background-color: #; } #GanttChartDIV { - background: #; + background-color: #; } .even, .pair, .nohover .even:hover, .nohover .pair:hover, tr.even td.nohover, tr.pair td.nohover { @@ -2776,13 +2777,14 @@ table.dataTable tr.odd { } /* For no hover style */ -table.nohover tr.impair, table.nohover tr.pair, table.nohover tr.impair td, table.nohover tr.pair td, tr.nohover td { +table.nohover tr.impair, table.nohover tr.pair, table.nohover tr.impair td, table.nohover tr.pair td, tr.nohover td, form.nohover, form.nohover:hover { background-color: # !important; } tr.nohoverpair td { background-color: # !important; } + table.dataTable td { padding: 5px 2px 5px 3px !important; } diff --git a/htdocs/theme/md/img/object_bookmark.png b/htdocs/theme/md/img/object_bookmark.png index 39109ef5ee6..42f702a584c 100644 Binary files a/htdocs/theme/md/img/object_bookmark.png and b/htdocs/theme/md/img/object_bookmark.png differ diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index df3e374b565..4c5016268a8 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -2648,7 +2648,7 @@ table.dataTable tr.odd { } /* For no hover style */ -table.nohover tr.impair, table.nohover tr.pair, table.nohover tr.impair td, table.nohover tr.pair td, tr.nohover td { +table.nohover tr.impair, table.nohover tr.pair, table.nohover tr.impair td, table.nohover tr.pair td, tr.nohover td, form.nohover, form.nohover:hover { background-color: # !important; } tr.nohoverpair td { diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 9715abfd77b..af411045533 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -4,7 +4,7 @@ * Copyright (c) 2004-2012 Laurent Destailleur * Copyright (C) 2004 Sebastien Di Cintio * Copyright (C) 2004 Benoit Mortier - * Copyright (C) 2005-2016 Regis Houssin + * Copyright (C) 2005-2017 Regis Houssin * Copyright (C) 2005 Lionel Cousteix * Copyright (C) 2011 Herve Prot * Copyright (C) 2013-2014 Philippe Grand @@ -115,21 +115,21 @@ class User extends CommonObject public $parentof; // To store an array of all parents for all ids. public $accountancy_code; // Accountancy code in prevision of the complete accountancy module - + public $thm; // Average cost of employee - Used for valuation of time spent public $tjm; // Average cost of employee - - public $salary; // Monthly salary - Denormalized value from llx_user_employment + + public $salary; // Monthly salary - Denormalized value from llx_user_employment public $salaryextra; // Monthly salary extra - Denormalized value from llx_user_employment public $weeklyhours; // Weekly hours - Denormalized value from llx_user_employment public $color; // Define background color for user in agenda - + public $dateemployment; // Define date of employment by company private $cache_childids; - - + + /** * Constructor de la classe * @@ -462,13 +462,13 @@ class User extends CommonObject if (! $error && ! $notrigger) { $this->context = array('audit'=>$langs->trans("PermissionsAdd")); - + // Call trigger $result=$this->call_trigger('USER_MODIFY',$user); if ($result < 0) { $error++; } // End call triggers } - + if ($error) { $this->db->rollback(); return -$error; @@ -571,13 +571,13 @@ class User extends CommonObject if (! $error && ! $notrigger) { $this->context = array('audit'=>$langs->trans("PermissionsDelete")); - + // Call trigger $result=$this->call_trigger('USER_MODIFY',$user); if ($result < 0) { $error++; } // End call triggers } - + if ($error) { $this->db->rollback(); return -$error; @@ -965,7 +965,7 @@ class User extends CommonObject $sql = "SELECT login FROM ".MAIN_DB_PREFIX."user"; $sql.= " WHERE login ='".$this->db->escape($this->login)."'"; $sql.= " AND entity IN (0,".$this->db->escape($conf->entity).")"; - + dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql=$this->db->query($sql); if ($resql) @@ -998,7 +998,7 @@ class User extends CommonObject $this->db->rollback(); return -5; } - + // Update minor fields $result = $this->update($user,1,1); if ($result < 0) @@ -1018,7 +1018,7 @@ class User extends CommonObject $entrepot->country_id = $mysoc->country_id; $entrepot->create($user); } - + if (! $notrigger) { // Call trigger @@ -1087,7 +1087,7 @@ class User extends CommonObject $this->state_id = $contact->state_id; $this->country_id = $contact->country_id; $this->employee = 0; - + if (empty($login)) $login=strtolower(substr($contact->firstname, 0, 4)) . strtolower(substr($contact->lastname, 0, 4)); $this->login = $login; @@ -1350,7 +1350,7 @@ class User extends CommonObject $sql.= ", weeklyhours= ".($this->weeklyhours != ''?"'".$this->db->escape($this->weeklyhours)."'":"null"); $sql.= ", entity = '".$this->db->escape($this->entity)."'"; $sql.= " WHERE rowid = ".$this->id; - + dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) @@ -1387,7 +1387,7 @@ class User extends CommonObject if ($this->fk_member > 0 && ! $nosyncmember) { dol_syslog(get_class($this)."::update user is linked with a member. We try to update member too.", LOG_DEBUG); - + require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; // This user is linked with a member, so we also update members informations @@ -1401,9 +1401,9 @@ class User extends CommonObject $adh->lastname=$this->lastname; $adh->login=$this->login; $adh->gender=$this->gender; - + $adh->pass=$this->pass; - + $adh->societe=(empty($adh->societe) && $this->societe_id ? $this->societe_id : $adh->societe); $adh->email=$this->email; @@ -1686,7 +1686,7 @@ class User extends CommonObject $appli=constant('DOL_APPLICATION_TITLE'); if (!empty($conf->global->MAIN_APPLICATION_TITLE)) $appli=$conf->global->MAIN_APPLICATION_TITLE; - + $subject = $outputlangs->transnoentitiesnoconv("SubjectNewPassword", $appli); // Define $urlwithroot @@ -1696,23 +1696,23 @@ class User extends CommonObject if (! $changelater) { $url = $urlwithroot.'/'; - + $mesg.= $outputlangs->transnoentitiesnoconv("RequestToResetPasswordReceived").".\n"; $mesg.= $outputlangs->transnoentitiesnoconv("NewKeyIs")." :\n\n"; $mesg.= $outputlangs->transnoentitiesnoconv("Login")." = ".$this->login."\n"; $mesg.= $outputlangs->transnoentitiesnoconv("Password")." = ".$password."\n\n"; $mesg.= "\n"; - + $mesg.= $outputlangs->transnoentitiesnoconv("ClickHereToGoTo", $appli).': '.$url."\n\n"; $mesg.= "--\n"; $mesg.= $user->getFullName($outputlangs); // Username that make then sending - + dol_syslog(get_class($this)."::send_password changelater is off, url=".$url); } else { $url = $urlwithroot.'/user/passwordforgotten.php?action=validatenewpassword&username='.$this->login."&passwordhash=".dol_hash($password); - + $mesg.= $outputlangs->transnoentitiesnoconv("RequestToResetPasswordReceived")."\n"; $mesg.= $outputlangs->transnoentitiesnoconv("NewKeyWillBe")." :\n\n"; $mesg.= $outputlangs->transnoentitiesnoconv("Login")." = ".$this->login."\n"; @@ -1721,7 +1721,7 @@ class User extends CommonObject $mesg.= $outputlangs->transnoentitiesnoconv("YouMustClickToChange")." :\n"; $mesg.= $url."\n\n"; $mesg.= $outputlangs->transnoentitiesnoconv("ForgetIfNothing")."\n\n"; - + dol_syslog(get_class($this)."::send_password changelater is on, url=".$url); } @@ -1870,7 +1870,7 @@ class User extends CommonObject { $this->newgroupid=$group; // deprecated. Remove this. $this->context = array('audit'=>$langs->trans("UserSetInGroup"), 'newgroupid'=>$group); - + // Call trigger $result=$this->call_trigger('USER_SETINGROUP',$user); if ($result < 0) { $error++; } @@ -1925,7 +1925,7 @@ class User extends CommonObject { $this->oldgroupid=$group; // deprecated. Remove this. $this->context = array('audit'=>$langs->trans("UserRemovedFromGroup"), 'oldgroupid'=>$group); - + // Call trigger $result=$this->call_trigger('USER_REMOVEFROMGROUP',$user); if ($result < 0) { $error++; } @@ -2000,7 +2000,7 @@ class User extends CommonObject $result = ''; $companylink = ''; $link = ''; - + $label = '' . $langs->trans("User") . ''; $label.= '
'; $label.= '' . $langs->trans('Name') . ': ' . $this->getFullName($langs,'',''); @@ -2047,10 +2047,10 @@ class User extends CommonObject if (! empty($_SESSION["disablemodules"])) $label.= '
'.$langs->trans("DisabledModules").':
'.join(', ',explode(',',$_SESSION["disablemodules"])); } - + if ($option == 'leave') $link.= 'fullname=$this->getFullName($langs); // Champs - if ($this->fullname && ! empty($conf->global->LDAP_FIELD_FULLNAME)) $info[$conf->global->LDAP_FIELD_FULLNAME] = $this->fullname; - if ($this->lastname && ! empty($conf->global->LDAP_FIELD_NAME)) $info[$conf->global->LDAP_FIELD_NAME] = $this->lastname; - if ($this->firstname && ! empty($conf->global->LDAP_FIELD_FIRSTNAME)) $info[$conf->global->LDAP_FIELD_FIRSTNAME] = $this->firstname; - if ($this->login && ! empty($conf->global->LDAP_FIELD_LOGIN)) $info[$conf->global->LDAP_FIELD_LOGIN] = $this->login; - if ($this->login && ! empty($conf->global->LDAP_FIELD_LOGIN_SAMBA)) $info[$conf->global->LDAP_FIELD_LOGIN_SAMBA] = $this->login; - if ($this->pass && ! empty($conf->global->LDAP_FIELD_PASSWORD)) $info[$conf->global->LDAP_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte - if ($this->ldap_sid && ! empty($conf->global->LDAP_FIELD_SID)) $info[$conf->global->LDAP_FIELD_SID] = $this->ldap_sid; + if ($this->fullname && ! empty($conf->global->LDAP_FIELD_FULLNAME)) $info[$conf->global->LDAP_FIELD_FULLNAME] = $this->fullname; + if ($this->lastname && ! empty($conf->global->LDAP_FIELD_NAME)) $info[$conf->global->LDAP_FIELD_NAME] = $this->lastname; + if ($this->firstname && ! empty($conf->global->LDAP_FIELD_FIRSTNAME)) $info[$conf->global->LDAP_FIELD_FIRSTNAME] = $this->firstname; + if ($this->login && ! empty($conf->global->LDAP_FIELD_LOGIN)) $info[$conf->global->LDAP_FIELD_LOGIN] = $this->login; + if ($this->login && ! empty($conf->global->LDAP_FIELD_LOGIN_SAMBA)) $info[$conf->global->LDAP_FIELD_LOGIN_SAMBA] = $this->login; + if ($this->pass && ! empty($conf->global->LDAP_FIELD_PASSWORD)) $info[$conf->global->LDAP_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte + if ($this->pass && ! empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // md5 for OpenLdap TODO add type of encryption + if ($this->ldap_sid && ! empty($conf->global->LDAP_FIELD_SID)) $info[$conf->global->LDAP_FIELD_SID] = $this->ldap_sid; if ($this->societe_id > 0) { $soc = new Societe($this->db); @@ -2466,7 +2467,7 @@ class User extends CommonObject * Return and array with all instanciated first level children users of current user * * @return void - * @see getAllChildIds + * @see getAllChildIds */ function get_children() { @@ -2597,7 +2598,7 @@ class User extends CommonObject foreach($this->users as $key => $val) { $result = $this->build_path_from_id_user($key,0); // Process a branch from the root user key (this user has no parent) - if ($result < 0) + if ($result < 0) { $this->error='ErrorLoopInHierarchy'; return -1; @@ -2640,7 +2641,7 @@ class User extends CommonObject function getAllChildIds($addcurrentuser=0) { $childids=array(); - + if (isset($this->cache_childids[$this->id])) { $childids = $this->cache_childids[$this->id]; @@ -2649,20 +2650,20 @@ class User extends CommonObject { // Init this->users $this->get_full_tree(); - + $idtoscan=$this->id; - + dol_syslog("Build childid for id = ".$idtoscan); foreach($this->users as $id => $val) { //var_dump($val['fullpath']); if (preg_match('/_'.$idtoscan.'_/', $val['fullpath'])) $childids[$val['id']]=$val['id']; } - } + } $this->cache_childids[$this->id] = $childids; - + if ($addcurrentuser) $childids[$this->id]=$this->id; - + return $childids; } @@ -2693,7 +2694,7 @@ class User extends CommonObject $useridfound=array($id_user); while (! empty($this->parentof[$cursor_user])) { - if (in_array($this->parentof[$cursor_user], $useridfound)) + if (in_array($this->parentof[$cursor_user], $useridfound)) { dol_syslog("The hierarchy of user has a recursive loop", LOG_WARNING); return -1; // Should not happen. Protection against looping hierarchy