am�lioration de la s�curit�

2006-03-10 09:30:09 +00:00 · 2006-03-10 09:30:09 +00:00 · ebb5696fde
commit ebb5696fde
parent 7b11d865b6
2 changed files with 6 additions and 6 deletions
--- a/htdocs/comm/fiche.php
+++ b/htdocs/comm/fiche.php
@ -58,9 +58,9 @@ if ($user->societe_id > 0)
 // Protection restriction commercial
 if (!$user->rights->commercial->client->voir && $socidp && !$user->societe_id > 0)
 {
-        $sql = "SELECT fk_soc";
-        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux";
-        $sql .= " WHERE fk_soc = ".$socidp." AND fk_user = ".$user->id;
+        $sql = "SELECT sc.fk_soc, s.client";
+        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
+        $sql .= " WHERE fk_soc = ".$socidp." AND fk_user = ".$user->id." AND s.client = 1";

        if ( $db->query($sql) )
        {
--- a/htdocs/comm/prospect/fiche.php
+++ b/htdocs/comm/prospect/fiche.php
@ -63,9 +63,9 @@ if ($user->societe_id > 0)
 // Protection restriction commercial
 if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
 {
-        $sql = "SELECT fk_soc";
-        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux";
-        $sql .= " WHERE fk_soc = ".$socid." AND fk_user = ".$user->id;
+        $sql = "SELECT sc.fk_soc, s.client";
+        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
+        $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id." AND s.client = 2";

        if ( $db->query($sql) )
        {