lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'develop' of github.com:Dolibarr/dolibarr into dev_EventOrganisation

Browse Source
This commit is contained in:
Florian HENRY 2021-03-23 11:45:24 +01:00
commit edf7c02dd6
930 changed files with 3143 additions and 91275 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -19,8 +19,8 @@ WARNING:
Following changes may create regressions for some external modules, but were necessary to make Dolibarr better:
* The ICS value for direct debit or credit transfer is now store on each bank account instead of into the global setup.
* API /setup/shipment_methods has been replaced with API /setup/shipping_methods
* Field "tva" renamed into "total_tva" in llx_propal, llx_supplier_proposal, llx_commande, llx_commande_fournisseur for better field name consistency
* Field "total" renamed into "total_ttc" in llx_propal, llx_supplier_proposal for better field name consistency
* Field "tva" renamed into "total_tva" for table llx_propal, llx_supplier_proposal, llx_commande, llx_commande_fournisseur for better field name consistency
* Field "total" renamed into "total_ttc" for table lx_propal, llx_supplier_proposal for better field name consistency
* If your database is PostgreSql, you must use version 9.1.0 or more (Dolibarr need the SQL function CONCAT)
* If your database is MySql or MariaDB, you need at least version 5.1

2
build/doxygen/doxygen_header.html
View File

@ -2,7 +2,7 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>$title</title>
<title>Dolibarr source code documentation</title>
<!-- from dolibarr.org -->
<meta http-equiv="Content-Type" content="text/html" charset=utf-8 />
<meta name="verify-v1"

66
dev/examples/zapier/README.md
View File

@ -1,68 +1,6 @@
# HOW TO BUILD
Take a look at the dolibarr wiki page of Zapier module:
## ENABLE MODULE ZAPIER ON DOLIBARR
This should also enable the module API (required for authentication by Zapier service and to execute action in Dolibarr by Zapier).
Create the Dolibarr login that will be used by Zapier to call APIs. Give the login the permissions on the action you plan to automate.
## CREATE A ZAPIER DEVELOPPER ACCOUNT
At first, you need to have a Zapier developper acoount, create it here [Zapier Platform](https://developer.zapier.com/)
## INSTALL ZAPIER COMMAND LINE TOOLS WITH LINK TO ZAPIER ONLINE ACCOUNT
### Install Node.js
An easy option to get set up with Node.js is to visit [https://nodejs.org/en/download/](https://nodejs.org/en/download/) and download the official installer for your OS. If you're installing with a package manager it's even easier.
After installation, confirm that Node.js is ready to use:
`node --version`
### Install the Zapier CLI
Next let's install the Zapier CLI tools. The CLI will allow you to build your app, deploy it to the Zapier platform, do local testing, manage users and testers, view remote logs, collaborate with your team, and more:
`cd dev/examples/zapier`
`npm install -g zapier-platform-cli` to install the CLI globally
`zapier --version` to return version of the CLI
### Run Zapier Login
Let's configure authentication between your dev environment and the Zapier platform. You'll use the email address and password you use to log in to the Zapier application.
`zapier login`
This command will set up a .zapierrc file in your home directory.
### Install the Project
In zapier example directory, run:
`cd dev/examples/zapier`
`npm install`
### Deploying your App
Let's deploy it! When you're ready to try your code out on the Zapier platform use the push command. Only you will be able to see the app until you invite testers.
`zapier register` (the first time, choose name for example "Dolibarr")
`zapier push`
After a push, the Application, with the name you defined during the register step, is available when creating a Zap.
You will find original tutorial here : [https://zapier.com/developer/start/introduction](https://zapier.com/developer/start/introduction)
### Create a Zap
Create a ZAP that use the application you registered.
For authentication, you must enter the login / pass of account used by Zapier to call APIs.
https://wiki.dolibarr.org/index.php?title=Module_Zapier

6
htdocs/accountancy/admin/fiscalyear.php
View File

@ -91,8 +91,10 @@ $form = new Form($db);
$fiscalyearstatic = new Fiscalyear($db);
$title = $langs->trans('AccountingPeriods');
$helpurl = "";
llxHeader('', $title, $helpurl);
$help_url = "EN:Module_Double_Entry_Accounting";
llxHeader('', $title, $help_url);
$sql = "SELECT f.rowid, f.label, f.date_start, f.date_end, f.statut, f.entity";
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_fiscalyear as f";

6
htdocs/accountancy/admin/fiscalyear_card.php
View File

@ -149,8 +149,10 @@ if ($action == 'confirm_delete' && $confirm == "yes") {
$form = new Form($db);
$title = $langs->trans("Fiscalyear")." - ".$langs->trans("Card");
$helpurl = "";
llxHeader("", $title, $helpurl);
$help_url = "EN:Module_Double_Entry_Accounting";
llxHeader('', $title, $help_url);
if ($action == 'create') {
print load_fiche_titre($langs->trans("NewFiscalYear"));

8
htdocs/accountancy/admin/fiscalyear_info.php
View File

@ -39,10 +39,14 @@ if (!$user->rights->accounting->fiscalyear->write) {
$id = GETPOST('id', 'int');
// View
$title = $langs->trans("Fiscalyear")." - ".$langs->trans("Info");
$helpurl = "";
llxHeader("", $title, $helpurl);
$help_url = "EN:Module_Double_Entry_Accounting";
llxHeader('', $title, $help_url);
if ($id) {
$object = new Fiscalyear($db);

2
htdocs/accountancy/class/accountancycategory.class.php
View File

@ -743,7 +743,7 @@ class AccountancyCategory // extends CommonObject
}
$listofaccount .= "'".$cptcursor."'";
}
$sql .= " AND t.numero_compte IN (".$listofaccount.")";
$sql .= " AND t.numero_compte IN (".$this->db->sanitize($listofaccount).")";
} else {
$sql .= " AND t.numero_compte = '".$this->db->escape($cpt)."'";
}

8
htdocs/accountancy/class/lettering.class.php
View File

@ -126,7 +126,7 @@ class Lettering extends BookKeeping
if (count($ids_fact)) {
$sql = 'SELECT bk.rowid, facf.ref, facf.ref_supplier ';
$sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn facf ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_bookkeeping as bk ON( bk.fk_doc = facf.rowid AND facf.rowid IN (".implode(',', $ids_fact)."))";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_bookkeeping as bk ON( bk.fk_doc = facf.rowid AND facf.rowid IN (".$this->db->sanitize(implode(',', $ids_fact))."))";
$sql .= " WHERE bk.code_journal IN (SELECT code FROM ".MAIN_DB_PREFIX."accounting_journal WHERE nature=3 AND entity=".$conf->entity.") ";
$sql .= " AND facf.entity = ".$conf->entity;
$sql .= " AND ( ";
@ -185,7 +185,7 @@ class Lettering extends BookKeeping
if (count($ids_fact)) {
$sql = 'SELECT bk.rowid, fac.ref, fac.ref_supplier ';
$sql .= " FROM ".MAIN_DB_PREFIX."facture fac ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_bookkeeping as bk ON( bk.fk_doc = fac.rowid AND fac.rowid IN (".implode(',', $ids_fact)."))";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_bookkeeping as bk ON( bk.fk_doc = fac.rowid AND fac.rowid IN (".$this->db->sanitize(implode(',', $ids_fact))."))";
$sql .= " WHERE code_journal IN (SELECT code FROM ".MAIN_DB_PREFIX."accounting_journal WHERE nature=2 AND entity=".$conf->entity.") ";
$sql .= " AND fac.entity IN (".getEntity('invoice', 0).")"; // We don't share object for accountancy
$sql .= " AND ( ";
@ -255,7 +255,7 @@ class Lettering extends BookKeeping
}
$sql = "SELECT SUM(ABS(debit)) as deb, SUM(ABS(credit)) as cred FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE ";
$sql .= " rowid IN (".implode(',', $ids).") AND date_validated IS NULL";
$sql .= " rowid IN (".$this->db->sanitize(implode(',', $ids)).") AND date_validated IS NULL";
$result = $this->db->query($sql);
if ($result) {
$obj = $this->db->fetch_object($result);
@ -276,7 +276,7 @@ class Lettering extends BookKeeping
$sql = "UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping SET";
$sql .= " lettering_code='".$this->db->escape($lettre)."'";
$sql .= " , date_lettering = '".$this->db->idate($now)."'"; // todo correct date it's false
$sql .= " WHERE rowid IN (".implode(',', $ids).") AND date_validated IS NULL ";
$sql .= " WHERE rowid IN (".$this->db->sanitize(implode(',', $ids)).") AND date_validated IS NULL ";
$this->db->begin();
dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG);

8
htdocs/accountancy/customer/lines.php
View File

@ -129,7 +129,7 @@ if (is_array($changeaccount) && count($changeaccount) > 0 && $user->rights->acco
$sql1 = "UPDATE ".MAIN_DB_PREFIX."facturedet as l";
$sql1 .= " SET l.fk_code_ventilation=".(GETPOST('account_parent', 'int') > 0 ? GETPOST('account_parent', 'int') : '0');
$sql1 .= ' WHERE l.rowid IN ('.implode(',', $changeaccount).')';
$sql1 .= ' WHERE l.rowid IN ('.$db->sanitize(implode(',', $changeaccount)).')';
dol_syslog('accountancy/customer/lines.php::changeaccount sql= '.$sql1);
$resql1 = $db->query($sql1);
@ -246,11 +246,11 @@ if (strlen(trim($search_country))) {
if ($search_country == 'special_allnotme') {
$sql .= " AND co.code <> '".$db->escape($mysoc->country_code)."'";
} elseif ($search_country == 'special_eec') {
$sql .= " AND co.code IN (".$country_code_in_EEC.")";
$sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC).")";
} elseif ($search_country == 'special_eecnotme') {
$sql .= " AND co.code IN (".$country_code_in_EEC_without_me.")";
$sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC_without_me).")";
} elseif ($search_country == 'special_noteec') {
$sql .= " AND co.code NOT IN (".$country_code_in_EEC.")";
$sql .= " AND co.code NOT IN (".$db->sanitize($country_code_in_EEC).")";
} else {
$sql .= natural_search("co.code", $search_country);
}

6
htdocs/accountancy/customer/list.php
View File

@ -283,11 +283,11 @@ if (strlen(trim($search_country))) {
if ($search_country == 'special_allnotme') {
$sql .= " AND co.code <> '".$db->escape($mysoc->country_code)."'";
} elseif ($search_country == 'special_eec') {
$sql .= " AND co.code IN (".$country_code_in_EEC.")";
$sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC).")";
} elseif ($search_country == 'special_eecnotme') {
$sql .= " AND co.code IN (".$country_code_in_EEC_without_me.")";
$sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC_without_me).")";
} elseif ($search_country == 'special_noteec') {
$sql .= " AND co.code NOT IN (".$country_code_in_EEC.")";
$sql .= " AND co.code NOT IN (".$db->sanitize($country_code_in_EEC).")";
} else {
$sql .= natural_search("co.code", $search_country);
}

2
htdocs/accountancy/expensereport/lines.php
View File

@ -119,7 +119,7 @@ if (is_array($changeaccount) && count($changeaccount) > 0 && $user->rights->acco
$sql1 = "UPDATE ".MAIN_DB_PREFIX."expensereport_det as erd";
$sql1 .= " SET erd.fk_code_ventilation=".(GETPOST('account_parent', 'int') > 0 ? GETPOST('account_parent', 'int') : '0');
$sql1 .= ' WHERE erd.rowid IN ('.implode(',', $changeaccount).')';
$sql1 .= ' WHERE erd.rowid IN ('.$db->sanitize(implode(',', $changeaccount)).')';
dol_syslog('accountancy/expensereport/lines.php::changeaccount sql= '.$sql1);
$resql1 = $db->query($sql1);

8
htdocs/accountancy/supplier/lines.php
View File

@ -130,7 +130,7 @@ if (is_array($changeaccount) && count($changeaccount) > 0) {
$sql1 = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det as l";
$sql1 .= " SET l.fk_code_ventilation=".(GETPOST('account_parent', 'int') > 0 ? GETPOST('account_parent', 'int') : '0');
$sql1 .= ' WHERE l.rowid IN ('.implode(',', $changeaccount).')';
$sql1 .= ' WHERE l.rowid IN ('.$db->sanitize(implode(',', $changeaccount)).')';
dol_syslog('accountancy/supplier/lines.php::changeaccount sql= '.$sql1);
$resql1 = $db->query($sql1);
@ -238,11 +238,11 @@ if (strlen(trim($search_country))) {
if ($search_country == 'special_allnotme') {
$sql .= " AND co.code <> '".$db->escape($mysoc->country_code)."'";
} elseif ($search_country == 'special_eec') {
$sql .= " AND co.code IN (".$country_code_in_EEC.")";
$sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC).")";
} elseif ($search_country == 'special_eecnotme') {
$sql .= " AND co.code IN (".$country_code_in_EEC_without_me.")";
$sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC_without_me).")";
} elseif ($search_country == 'special_noteec') {
$sql .= " AND co.code NOT IN (".$country_code_in_EEC.")";
$sql .= " AND co.code NOT IN (".$db->sanitize($country_code_in_EEC).")";
} else {
$sql .= natural_search("co.code", $search_country);
}

6
htdocs/accountancy/supplier/list.php
View File

@ -288,11 +288,11 @@ if (strlen(trim($search_country))) {
if ($search_country == 'special_allnotme') {
$sql .= " AND co.code <> '".$db->escape($mysoc->country_code)."'";
} elseif ($search_country == 'special_eec') {
$sql .= " AND co.code IN (".$country_code_in_EEC.")";
$sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC).")";
} elseif ($search_country == 'special_eecnotme') {
$sql .= " AND co.code IN (".$country_code_in_EEC_without_me.")";
$sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC_without_me).")";
} elseif ($search_country == 'special_noteec') {
$sql .= " AND co.code NOT IN (".$country_code_in_EEC.")";
$sql .= " AND co.code NOT IN (".$db->sanitize($country_code_in_EEC).")";
} else {
$sql .= natural_search("co.code", $search_country);
}

0
htdocs/adherents/admin/adherent.php → htdocs/adherents/admin/member.php
View File

36
htdocs/adherents/admin/adherent_emails.php → htdocs/adherents/admin/member_emails.php
View File

@ -24,7 +24,7 @@
*/
/**
* \file htdocs/adherents/admin/adherent.php
* \file htdocs/adherents/admin/member_emails.php
* \ingroup member
* \brief Page to setup the module Foundation
*/
@ -55,6 +55,7 @@ $constantes = array(
'ADHERENT_EMAIL_TEMPLATE_MEMBER_VALIDATION' =>'emailtemplate:member', /* old was ADHERENT_MAIL_VALID */
'ADHERENT_EMAIL_TEMPLATE_SUBSCRIPTION' =>'emailtemplate:member', /* old was ADHERENT_MAIL_COTIS */
'ADHERENT_EMAIL_TEMPLATE_CANCELATION' =>'emailtemplate:member', /* old was ADHERENT_MAIL_RESIL */
'ADHERENT_EMAIL_TEMPLATE_EXCLUSION' =>'emailtemplate:member',
'ADHERENT_MAIL_FROM'=>'string',
'ADHERENT_AUTOREGISTER_NOTIF_MAIL_SUBJECT'=>'string',
'ADHERENT_AUTOREGISTER_NOTIF_MAIL'=>'html',
@ -69,9 +70,24 @@ $constantes = array(
//
if ($action == 'updateall') {
$db->begin();
$res1 = $res2 = $res3 = $res4 = $res5 = $res6 = 0;
$res1 = dolibarr_set_const($db, 'XXXX', GETPOST('ADHERENT_LOGIN_NOT_REQUIRED', 'alpha'), 'chaine', 0, '', $conf->entity);
if ($res1 < 0 || $res2 < 0 || $res3 < 0 || $res4 < 0 || $res5 < 0 || $res6 < 0) {
$res = 0;
foreach ($constantes as $constname => $value) {
$constvalue = (GETPOSTISSET('constvalue_'.$constname) ? GETPOST('constvalue_'.$constname, 'alphanohtml') : GETPOST('constvalue'));
$consttype = (GETPOSTISSET('consttype_'.$constname) ? GETPOST('consttype_'.$constname, 'alphanohtml') : GETPOST('consttype'));
$constnote = (GETPOSTISSET('constnote_'.$constname) ? GETPOST('constnote_'.$constname, 'restricthtml') : GETPOST('constnote'));
$typetouse = empty($oldtypetonewone[$consttype]) ? $consttype : $oldtypetonewone[$consttype];
$constvalue = preg_replace('/:member$/', '', $constvalue);
$res = dolibarr_set_const($db, $constname, $constvalue, $consttype, 0, $constnote, $conf->entity);
if ($res <= 0) {
$error++;
$action = 'list';
}
}
if ($error > 0) {
setEventMessages('ErrorFailedToSaveDate', null, 'errors');
$db->rollback();
} else {
@ -126,19 +142,19 @@ $head = member_admin_prepare_head();
print dol_get_fiche_head($head, 'emails', $langs->trans("Members"), -1, 'user');
// TODO Use global form
//print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
//print '<input type="hidden" name="token" value="'.newToken().'">';
//print '<input type="hidden" name="action" value="updateall">';
print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="updateall">';
$helptext = '*'.$langs->trans("FollowingConstantsWillBeSubstituted").'<br>';
$helptext .= '__DOL_MAIN_URL_ROOT__, __ID__, __FIRSTNAME__, __LASTNAME__, __FULLNAME__, __LOGIN__, __PASSWORD__, ';
$helptext .= '__COMPANY__, __ADDRESS__, __ZIP__, __TOWN__, __COUNTRY__, __EMAIL__, __BIRTH__, __PHOTO__, __TYPE__, ';
//$helptext.='__YEAR__, __MONTH__, __DAY__'; // Not supported
form_constantes($constantes, 0, $helptext);
form_constantes($constantes, 3, $helptext);
//print '<div class="center"><input type="submit" class="button" value="'.$langs->trans("Update").'" name="update"></div>';
//print '</form>';
print '<div class="center"><input type="submit" class="button" value="'.$langs->trans("Update").'" name="update"></div>';
print '</form>';
print dol_get_fiche_end();

15
htdocs/adherents/admin/adherent_extrafields.php → htdocs/adherents/admin/member_extrafields.php
View File

@ -19,7 +19,7 @@
*/
/**
* \file htdocs/adherents/admin/adherent_extrafields.php
* \file htdocs/adherents/admin/member_extrafields.php
* \ingroup member
* \brief Page to setup extra fields of members
*/
@ -89,12 +89,7 @@ if ($action != 'create' && $action != 'edit') {
}
/* ************************************************************************** */
/* */
/* Creation of an optional field */
/* */
/* ************************************************************************** */
// Creation of an optional field
if ($action == 'create') {
print '<div name="topofform"></div><br>';
print load_fiche_titre($langs->trans('NewAttribute'));
@ -102,11 +97,7 @@ if ($action == 'create') {
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition of an optional field */
/* */
/* ************************************************************************** */
// Edition of an optional field
if ($action == 'edit' && !empty($attrname)) {
print '<div name="topofform"></div><br>';
print load_fiche_titre($langs->trans("FieldEdition", $attrname));

15
htdocs/adherents/admin/adherent_type_extrafields.php → htdocs/adherents/admin/member_type_extrafields.php
View File

@ -22,7 +22,7 @@
*/
/**
* \file htdocs/adherents/admin/adherent_type_extrafields.php
* \file htdocs/adherents/admin/member_type_extrafields.php
* \ingroup member
* \brief Page to setup extra fields of members
*/
@ -92,12 +92,7 @@ if ($action != 'create' && $action != 'edit') {
}
/* ************************************************************************** */
/* */
/* Creation of an optional field */
/* */
/* ************************************************************************** */
// Creation of an optional field
if ($action == 'create') {
print "<br>";
print load_fiche_titre($langs->trans('NewAttribute'));
@ -105,11 +100,7 @@ if ($action == 'create') {
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition of an optional field */
/* */
/* ************************************************************************** */
// Edition of an optional field
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));

4
htdocs/adherents/admin/website.php
View File

@ -178,7 +178,7 @@ if (!empty($conf->global->MEMBER_ENABLE_PUBLIC)) {
print '</td><td class="right">';
$listofval = array();
$listofval += $adht->liste_array();
$forcetype = $conf->global->MEMBER_NEWFORM_FORCETYPE ?: -1;
$forcetype = empty($conf->global->MEMBER_NEWFORM_FORCETYPE) ? -1 : $conf->global->MEMBER_NEWFORM_FORCETYPE;
print $form->selectarray("MEMBER_NEWFORM_FORCETYPE", $listofval, $forcetype, count($listofval) > 1 ? 1 : 0);
print "</td></tr>\n";
@ -232,7 +232,7 @@ if (!empty($conf->global->MEMBER_ENABLE_PUBLIC)) {
print '<br>';
//print $langs->trans('FollowingLinksArePublic').'<br>';
print img_picto('', 'globe').' '.$langs->trans('BlankSubscriptionForm').':<br>';
if ($conf->multicompany->enabled) {
if (!empty($conf->multicompany->enabled)) {
$entity_qr = '?entity='.$conf->entity;
} else {
$entity_qr = '';

6
htdocs/adherents/agenda.php
View File

@ -122,8 +122,10 @@ if ($object->id > 0) {
$langs->load("companies");
$title = $langs->trans("Member")." - ".$langs->trans("Agenda");
$helpurl = "EN:Module_Foundations|FR:Module_Adh&eacute;rents|ES:M&oacute;dulo_Miembros";
llxHeader("", $title, $helpurl);
$help_url = "EN:Module_Foundations|FR:Module_Adh&eacute;rents|ES:M&oacute;dulo_Miembros|DE:Modul_Mitglieder";
llxHeader("", $title, $help_url);
if (!empty($conf->notification->enabled)) {
$langs->load("mails");

192
htdocs/adherents/card.php
View File

@ -655,7 +655,7 @@ if (empty($reshook)) {
$action = '';
}
if ($user->rights->adherent->supprimer && $action == 'confirm_resign') {
if ($user->rights->adherent->supprimer && $action == 'confirm_resiliate') {
$error = 0;
if ($confirm == 'yes') {
@ -726,6 +726,77 @@ if (empty($reshook)) {
}
}
if ($user->rights->adherent->supprimer && $action == 'confirm_exclude') {
$error = 0;
if ($confirm == 'yes') {
$adht = new AdherentType($db);
$adht->fetch($object->typeid);
$result = $object->exclude($user);
if ($result >= 0 && !count($object->errors)) {
if ($object->email && GETPOST("send_mail")) {
$subject = '';
$msg = '';
// Send subscription email
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
$formmail = new FormMail($db);
// Set output language
$outputlangs = new Translate('', $conf);
$outputlangs->setDefaultLang(empty($object->thirdparty->default_lang) ? $mysoc->default_lang : $object->thirdparty->default_lang);
// Load traductions files required by page
$outputlangs->loadLangs(array("main", "members"));
// Get email content from template
$arraydefaultmessage = null;
$labeltouse = $conf->global->ADHERENT_EMAIL_TEMPLATE_EXCLUSION;
if (!empty($labeltouse)) {
$arraydefaultmessage = $formmail->getEMailTemplate($db, 'member', $user, $outputlangs, 0, 1, $labeltouse);
}
if (!empty($labeltouse) && is_object($arraydefaultmessage) && $arraydefaultmessage->id > 0) {
$subject = $arraydefaultmessage->topic;
$msg = $arraydefaultmessage->content;
}
if (empty($labeltouse) || (int) $labeltouse === -1) {
//fallback on the old configuration.
setEventMessages('WarningMandatorySetupNotComplete', null, 'errors');
$error++;
} else {
$substitutionarray = getCommonSubstitutionArray($outputlangs, 0, null, $object);
complete_substitutions_array($substitutionarray, $outputlangs, $object);
$subjecttosend = make_substitutions($subject, $substitutionarray, $outputlangs);
$texttosend = make_substitutions(dol_concatdesc($msg, $adht->getMailOnExclude()), $substitutionarray, $outputlangs);
$moreinheader = 'X-Dolibarr-Info: send_an_email by adherents/card.php'."\r\n";
$result = $object->send_an_email($texttosend, $subjecttosend, array(), array(), array(), "", "", 0, -1, '', $moreinheader);
if ($result < 0) {
$error++;
setEventMessages($object->error, $object->errors, 'errors');
}
}
}
} else {
$error++;
if ($object->error) {
setEventMessages($object->error, $object->errors, 'errors');
} else {
setEventMessages($object->error, $object->errors, 'errors');
}
$action = '';
}
}
if (!empty($backtopage) && !$error) {
header("Location: ".$backtopage);
exit;
}
}
// SPIP Management
if ($user->rights->adherent->supprimer && $action == 'confirm_del_spip' && $confirm == 'yes') {
if (!count($object->errors)) {
@ -1434,8 +1505,8 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
print $form->formconfirm("card.php?rowid=".$id, $langs->trans("ValidateMember"), $langs->trans("ConfirmValidateMember"), "confirm_valid", $formquestion, 'yes', 1, 220);
}
// Confirm terminate
if ($action == 'resign') {
// Confirm resiliate
if ($action == 'resiliate') {
$langs->load("mails");
$adht = new AdherentType($db);
@ -1491,7 +1562,67 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
if ($backtopage) {
$formquestion[] = array('type' => 'hidden', 'name' => 'backtopage', 'value' => ($backtopage != '1' ? $backtopage : $_SERVER["HTTP_REFERER"]));
}
print $form->formconfirm("card.php?rowid=".$id, $langs->trans("ResiliateMember"), $langs->trans("ConfirmResiliateMember"), "confirm_resign", $formquestion, 'no', 1, 240);
print $form->formconfirm("card.php?rowid=".$id, $langs->trans("ResiliateMember"), $langs->trans("ConfirmResiliateMember"), "confirm_resiliate", $formquestion, 'no', 1, 240);
}
// Confirm exclude
if ($action == 'exclude') {
$langs->load("mails");
$adht = new AdherentType($db);
$adht->fetch($object->typeid);
$subject = '';
$msg = '';
// Send subscription email
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
$formmail = new FormMail($db);
// Set output language
$outputlangs = new Translate('', $conf);
$outputlangs->setDefaultLang(empty($object->thirdparty->default_lang) ? $mysoc->default_lang : $object->thirdparty->default_lang);
// Load traductions files required by page
$outputlangs->loadLangs(array("main", "members"));
// Get email content from template
$arraydefaultmessage = null;
$labeltouse = $conf->global->ADHERENT_EMAIL_TEMPLATE_EXCLUSION;
if (!empty($labeltouse)) {
$arraydefaultmessage = $formmail->getEMailTemplate($db, 'member', $user, $outputlangs, 0, 1, $labeltouse);
}
if (!empty($labeltouse) && is_object($arraydefaultmessage) && $arraydefaultmessage->id > 0) {
$subject = $arraydefaultmessage->topic;
$msg = $arraydefaultmessage->content;
}
$substitutionarray = getCommonSubstitutionArray($outputlangs, 0, null, $object);
complete_substitutions_array($substitutionarray, $outputlangs, $object);
$subjecttosend = make_substitutions($subject, $substitutionarray, $outputlangs);
$texttosend = make_substitutions(dol_concatdesc($msg, $adht->getMailOnExclude()), $substitutionarray, $outputlangs);
$tmp = $langs->trans("SendingAnEMailToMember");
$tmp .= '<br>('.$langs->trans("MailFrom").': <b>'.$conf->global->ADHERENT_MAIL_FROM.'</b>, ';
$tmp .= $langs->trans("MailRecipient").': <b>'.$object->email.'</b>)';
$helpcontent = '';
$helpcontent .= '<b>'.$langs->trans("MailFrom").'</b>: '.$conf->global->ADHERENT_MAIL_FROM.'<br>'."\n";
$helpcontent .= '<b>'.$langs->trans("MailRecipient").'</b>: '.$object->email.'<br>'."\n";
$helpcontent .= '<b>'.$langs->trans("Subject").'</b>:<br>'."\n";
$helpcontent .= $subjecttosend."\n";
$helpcontent .= "<br>";
$helpcontent .= '<b>'.$langs->trans("Content").'</b>:<br>';
$helpcontent .= dol_htmlentitiesbr($texttosend)."\n";
$label = $form->textwithpicto($tmp, $helpcontent, 1, 'help');
// Create an array
$formquestion = array();
if ($object->email) {
$formquestion[] = array('type' => 'checkbox', 'name' => 'send_mail', 'label' => $label, 'value' => (!empty($conf->global->ADHERENT_DEFAULT_SENDINFOBYMAIL) ? 'true' : 'false'));
}
if ($backtopage) {
$formquestion[] = array('type' => 'hidden', 'name' => 'backtopage', 'value' => ($backtopage != '1' ? $backtopage : $_SERVER["HTTP_REFERER"]));
}
print $form->formconfirm("card.php?rowid=".$id, $langs->trans("ExcludeMember"), $langs->trans("ConfirmExcludeMember"), "confirm_exclude", $formquestion, 'no', 1, 240);
}
// Confirm remove member
@ -1584,12 +1715,12 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
} elseif (!$adht->subscription) {
print $langs->trans("SubscriptionNotRecorded");
if ($object->statut > 0) {
print " ".img_warning($langs->trans("Late")); // displays delay Pictogram only if not a draft and not terminated
print " ".img_warning($langs->trans("Late")); // displays delay Pictogram only if not a draft, not excluded and not resiliated
}
} else {
print $langs->trans("SubscriptionNotReceived");
if ($object->statut > 0) {
print " ".img_warning($langs->trans("Late")); // displays delay Pictogram only if not a draft and not terminated
print " ".img_warning($langs->trans("Late")); // displays delay Pictogram only if not a draft, not excluded and not resiliated
}
}
}
@ -1699,7 +1830,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
// Send
if (empty($user->socid)) {
if ($object->statut == 1) {
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=presend&mode=init#formmailbeforetitle">'.$langs->trans('SendMail').'</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=presend&mode=init#formmailbeforetitle">'.$langs->trans('SendMail').'</a></div>'."\n";
}
}
@ -1725,35 +1856,44 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
// Modify
if ($user->rights->adherent->creer) {
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$id.'&action=edit">'.$langs->trans("Modify")."</a></div>";
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$id.'&action=edit">'.$langs->trans("Modify").'</a></div>'."\n";
} else {
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Modify").'</font></div>';
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Modify").'</font></div>'."\n";
}
// Validate
if ($object->statut == -1) {
if ($user->rights->adherent->creer) {
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$id.'&action=valid">'.$langs->trans("Validate")."</a></div>\n";
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$id.'&action=valid">'.$langs->trans("Validate").'</a></div>'."\n";
} else {
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Validate").'</font></div>';
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Validate").'</font></div>'."\n";
}
}
// Reactivate
if ($object->statut == 0) {
if ($object->statut == 0 || $object->statut == -2) {
if ($user->rights->adherent->creer) {
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$id.'&action=valid">'.$langs->trans("Reenable")."</a></div>\n";
} else {
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Reenable")."</font></div>";
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Reenable").'</font></div>'."\n";
}
}
// Terminate
// Resiliate
if ($object->statut >= 1) {
if ($user->rights->adherent->supprimer) {
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$id.'&action=resign">'.$langs->trans("Resiliate")."</a></div>\n";
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$id.'&action=resiliate">'.$langs->trans("Resiliate")."</a></div>\n";
} else {
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Resiliate")."</font></div>";
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Resiliate").'</font></div>'."\n";
}
}
// Exclude
if ($object->statut >= 1) {
if ($user->rights->adherent->supprimer) {
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$id.'&action=exclude">'.$langs->trans("Exclude")."</a></div>\n";
} else {
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Exclude").'</font></div>'."\n";
}
}
@ -1761,12 +1901,12 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
if (!empty($conf->societe->enabled) && !$object->socid) {
if ($user->rights->societe->creer) {
if ($object->statut != -1) {
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?rowid='.$object->id.'&amp;action=create_thirdparty">'.$langs->trans("CreateDolibarrThirdParty").'</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?rowid='.$object->id.'&amp;action=create_thirdparty">'.$langs->trans("CreateDolibarrThirdParty").'</a></div>'."\n";;
} else {
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("ValidateBefore")).'">'.$langs->trans("CreateDolibarrThirdParty").'</a></div>';
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("ValidateBefore")).'">'.$langs->trans("CreateDolibarrThirdParty").'</a></div>'."\n";
}
} else {
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("CreateDolibarrThirdParty")."</font></div>";
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("CreateDolibarrThirdParty").'</font></div>'."\n";
}
}
@ -1774,12 +1914,12 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
if (!$user->socid && !$object->user_id) {
if ($user->rights->user->user->creer) {
if ($object->statut != -1) {
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?rowid='.$object->id.'&amp;action=create_user">'.$langs->trans("CreateDolibarrLogin").'</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?rowid='.$object->id.'&amp;action=create_user">'.$langs->trans("CreateDolibarrLogin").'</a></div>'."\n";
} else {
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("ValidateBefore")).'">'.$langs->trans("CreateDolibarrLogin").'</a></div>';
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("ValidateBefore")).'">'.$langs->trans("CreateDolibarrLogin").'</a></div>'."\n";
}
} else {
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("CreateDolibarrLogin")."</font></div>";
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("CreateDolibarrLogin").'</font></div>'."\n";
}
}
@ -1788,18 +1928,18 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
$isinspip = $mailmanspip->is_in_spip($object);
if ($isinspip == 1) {
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$object->id.'&action=del_spip">'.$langs->trans("DeleteIntoSpip")."</a></div>\n";
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$object->id.'&action=del_spip">'.$langs->trans("DeleteIntoSpip").'</a></div>'."\n";
}
if ($isinspip == 0) {
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$object->id.'&action=add_spip">'.$langs->trans("AddIntoSpip")."</a></div>\n";
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$object->id.'&action=add_spip">'.$langs->trans("AddIntoSpip").'</a></div>'."\n";
}
}
// Delete
if ($user->rights->adherent->supprimer) {
print '<div class="inline-block divButAction"><a class="butActionDelete" href="card.php?rowid='.$object->id.'&action=delete&token='.newToken().'">'.$langs->trans("Delete")."</a></div>\n";
print '<div class="inline-block divButAction"><a class="butActionDelete" href="card.php?rowid='.$object->id.'&action=delete&token='.newToken().'">'.$langs->trans("Delete").'</a></div>'."\n";
} else {
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Delete")."</font></div>";
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Delete").'</font></div>'."\n";
}
}
}

12
htdocs/adherents/cartes/carte.php
View File

@ -262,7 +262,7 @@ dol_htmloutput_errors($mesg);
print '<br>';
print img_picto('', 'puce').' '.$langs->trans("DocForAllMembersCards", ($conf->global->ADHERENT_CARD_TYPE ? $conf->global->ADHERENT_CARD_TYPE : $langs->transnoentitiesnoconv("None"))).' ';
print img_picto('', 'puce').' '.$langs->trans("DocForAllMembersCards", (!empty($conf->global->ADHERENT_CARD_TYPE) ? $conf->global->ADHERENT_CARD_TYPE : $langs->transnoentitiesnoconv("None"))).' ';
print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="foruserid" value="all">';
@ -275,13 +275,13 @@ foreach (array_keys($_Avery_Labels) as $codecards) {
$arrayoflabels[$codecards] = $_Avery_Labels[$codecards]['name'];
}
asort($arrayoflabels);
print $form->selectarray('model', $arrayoflabels, (GETPOST('model') ?GETPOST('model') : $conf->global->ADHERENT_CARD_TYPE), 1, 0, 0, '', 0, 0, 0, '', '', 1);
print $form->selectarray('model', $arrayoflabels, (GETPOST('model') ? GETPOST('model') : (empty($conf->global->ADHERENT_CARD_TYPE) ? '' : $conf->global->ADHERENT_CARD_TYPE)), 1, 0, 0, '', 0, 0, 0, '', '', 1);
print '<br><input class="button" type="submit" value="'.$langs->trans("BuildDoc").'">';
print '</form>';
print '<br><br>';
print img_picto('', 'puce').' '.$langs->trans("DocForOneMemberCards", ($conf->global->ADHERENT_CARD_TYPE ? $conf->global->ADHERENT_CARD_TYPE : $langs->transnoentitiesnoconv("None"))).' ';
print img_picto('', 'puce').' '.$langs->trans("DocForOneMemberCards", (!empty($conf->global->ADHERENT_CARD_TYPE) ? $conf->global->ADHERENT_CARD_TYPE : $langs->transnoentitiesnoconv("None"))).' ';
print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="mode" value="cardlogin">';
@ -293,14 +293,14 @@ foreach (array_keys($_Avery_Labels) as $codecards) {
$arrayoflabels[$codecards] = $_Avery_Labels[$codecards]['name'];
}
asort($arrayoflabels);
print $form->selectarray('model', $arrayoflabels, (GETPOST('model') ?GETPOST('model') : $conf->global->ADHERENT_CARD_TYPE), 1, 0, 0, '', 0, 0, 0, '', '', 1);
print $form->selectarray('model', $arrayoflabels, (GETPOST('model') ?GETPOST('model') : (empty($conf->global->ADHERENT_CARD_TYPE) ? '' : $conf->global->ADHERENT_CARD_TYPE)), 1, 0, 0, '', 0, 0, 0, '', '', 1);
print '<br>'.$langs->trans("Login").': <input size="10" type="text" name="foruserlogin" value="'.GETPOST('foruserlogin').'">';
print '<br><input class="button" type="submit" value="'.$langs->trans("BuildDoc").'">';
print '</form>';
print '<br><br>';
print img_picto('', 'puce').' '.$langs->trans("DocForLabels", $conf->global->ADHERENT_ETIQUETTE_TYPE).' ';
print img_picto('', 'puce').' '.$langs->trans("DocForLabels", (empty($conf->global->ADHERENT_ETIQUETTE_TYPE) ? '' : $conf->global->ADHERENT_ETIQUETTE_TYPE)).' ';
print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="mode" value="label">';
@ -312,7 +312,7 @@ foreach (array_keys($_Avery_Labels) as $codecards) {
$arrayoflabels[$codecards] = $_Avery_Labels[$codecards]['name'];
}
asort($arrayoflabels);
print $form->selectarray('modellabel', $arrayoflabels, (GETPOST('modellabel') ?GETPOST('modellabel') : $conf->global->ADHERENT_ETIQUETTE_TYPE), 1, 0, 0, '', 0, 0, 0, '', '', 1);
print $form->selectarray('modellabel', $arrayoflabels, (GETPOST('modellabel') ? GETPOST('modellabel') : (empty($conf->global->ADHERENT_ETIQUETTE_TYPE) ? '' : $conf->global->ADHERENT_ETIQUETTE_TYPE)), 1, 0, 0, '', 0, 0, 0, '', '', 1);
print '<br><input class="button" type="submit" value="'.$langs->trans("BuildDoc").'">';
print '</form>';

59
htdocs/adherents/class/adherent.class.php
View File

@ -206,7 +206,7 @@ class Adherent extends CommonObject
public $public;
// -1:brouillon, 0:resilie, >=1:valide,paye
// -2:exclu, -1:brouillon, 0:resilie, >=1:valide,paye
// def in common object
//public $status;
@ -326,7 +326,7 @@ class Adherent extends CommonObject
'fk_user_valid' => array('type' => 'integer:User:user/class/user.class.php', 'label' => 'UserValidation', 'enabled' => 1, 'visible' => -1, 'position' => 190),
'canvas' => array('type' => 'varchar(32)', 'label' => 'Canvas', 'enabled' => 1, 'visible' => -1, 'position' => 195),
'statut' => array('type' => 'smallint(6)', 'label' => 'Statut', 'enabled' => 1, 'visible' => -1, 'notnull' => 1, 'position' => 500,
'arrayofkeyval' => array(0 => 'Draft', 1 => 'Validated', -1 => 'MemberStatusResiliatedShort')),
'arrayofkeyval' => array(0 => 'Draft', 1 => 'Validated', -1 => 'MemberStatusResiliatedShort', -2 => 'MemberStatusExcludedShort')),
'model_pdf' => array('type' => 'varchar(255)', 'label' => 'Model pdf', 'enabled' => 1, 'visible' => 0, 'position' => 800),
'import_key' => array('type' => 'varchar(14)', 'label' => 'ImportId', 'enabled' => 1, 'visible' => -2, 'position' => 805)
);
@ -1917,6 +1917,55 @@ class Adherent extends CommonObject
}
}
/**
* Functiun to exlude (set adherent.status to -2) a member
* TODO
* A private note should be added to know why the member has been excluded
* For historical purpose it add an "extra-subscription" type excluded
*
* @param User $user User making change
* @return int <0 if KO, >0 if OK
*/
public function exclude($user)
{
global $langs, $conf;
$error = 0;
// Check parameters
if ($this->statut == 0) {
dol_syslog(get_class($this)."::resiliate statut of member does not allow this", LOG_WARNING);
return 0;
}
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET";
$sql .= " statut = -2";
$sql .= ", fk_user_valid=".$user->id;
$sql .= " WHERE rowid = ".$this->id;
$result = $this->db->query($sql);
if ($result) {
$this->statut = 0;
// Call trigger
$result = $this->call_trigger('MEMBER_EXCLUDE', $user);
if ($result < 0) {
$error++;
$this->db->rollback();
return -1;
}
// End call triggers
$this->db->commit();
return 1;
} else {
$this->error = $this->db->error();
$this->db->rollback();
return -1;
}
}
// phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
/**
@ -2173,7 +2222,7 @@ class Adherent extends CommonObject
}
/**
* Retourne le libelle du statut d'un adherent (brouillon, valide, resilie)
* Retourne le libelle du statut d'un adherent (brouillon, valide, resilie, exclu)
*
* @param int $mode 0=libelle long, 1=libelle court, 2=Picto + Libelle court, 3=Picto, 4=Picto + Libelle long, 5=Libelle court + Picto
* @return string Label
@ -2229,6 +2278,10 @@ class Adherent extends CommonObject
$statusType = 'status6';
$labelStatus = $langs->trans("MemberStatusResiliated");
$labelStatusShort = $langs->trans("MemberStatusResiliatedShort");
} elseif ($status == -2) {
$statusType = 'status10';
$labelStatus = $langs->trans("MemberStatusExcluded");
$labelStatusShort = $langs->trans("MemberStatusExcludedShort");
}
return dolGetStatus($labelStatus, $labelStatusShort, '', $statusType, $mode);

27
htdocs/adherents/class/adherent_type.class.php
View File

@ -103,6 +103,9 @@ class AdherentType extends CommonObject
/** @var string Email sent after resiliation */
public $mail_resiliate = '';
/** @var string Email sent after exclude */
public $mail_exclude = '';
/** @var array Array of members */
public $members = array();
@ -173,7 +176,7 @@ class AdherentType extends CommonObject
$sql = "SELECT rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."adherent_type_lang";
$sql .= " WHERE fk_type=".$this->id;
$sql .= " AND lang='".$key."'";
$sql .= " AND lang = '".$this->db->escape($key)."'";
$result = $this->db->query($sql);
@ -199,7 +202,7 @@ class AdherentType extends CommonObject
$sql = "SELECT rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."adherent_type_lang";
$sql .= " WHERE fk_type=".$this->id;
$sql .= " AND lang='".$key."'";
$sql .= " AND lang = '".$this->db->escape($key)."'";
$result = $this->db->query($sql);
@ -479,6 +482,9 @@ class AdherentType extends CommonObject
if (!empty($conf->global->MAIN_MULTILANGS)) {
$this->getMultiLangs();
}
// fetch optionals attributes and labels
$this->fetch_optionals();
}
return 1;
@ -546,7 +552,7 @@ class AdherentType extends CommonObject
$sql = "SELECT a.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."adherent as a";
$sql .= " WHERE a.entity IN (".getEntity('member').")";
$sql .= " AND a.fk_adherent_type = ".$this->id;
$sql .= " AND a.fk_adherent_type = ".((int) $this->id);
if (!empty($excludefilter)) {
$sql .= ' AND ('.$excludefilter.')';
}
@ -817,4 +823,19 @@ class AdherentType extends CommonObject
return '';
}
/**
* getMailOnExclude
*
* @return string Return mail model content of type or empty
*/
public function getMailOnExclude()
{
// NOTE mail_exclude not defined so never used
if (!empty($this->mail_exclude) && trim(dol_htmlentitiesbr_decode($this->mail_exclude))) { // Property not yet defined
return $this->mail_exclude;
}
return '';
}
}

7
htdocs/adherents/class/api_members.class.php
View File

@ -329,7 +329,7 @@ class Members extends DolibarrApi
continue;
}
// Process the status separately because it must be updated using
// the validate() and resiliate() methods of the class Adherent.
// the validate(), resiliate() and exclude() methods of the class Adherent.
if ($field == 'statut') {
if ($value == '0') {
$result = $member->resiliate(DolibarrApiAccess::$user);
@ -341,6 +341,11 @@ class Members extends DolibarrApi
if ($result < 0) {
throw new RestException(500, 'Error when validating member: '.$member->error);
}
} elseif ($value == '-2') {
$result = $member->exclude(DolibarrApiAccess::$user);
if ($result < 0) {
throw new RestException(500, 'Error when excluding member: '.$member->error);
}
}
} else {
$member->$field = $value;

2
htdocs/adherents/class/api_memberstypes.class.php
View File

@ -194,7 +194,7 @@ class MembersTypes extends DolibarrApi
continue;
}
// Process the status separately because it must be updated using
// the validate() and resiliate() methods of the class AdherentType.
// the validate(), resiliate() and exclude() methods of the class AdherentType.
$membertype->$field = $value;
}

6
htdocs/adherents/document.php
View File

@ -89,8 +89,10 @@ include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php';
$form = new Form($db);
$title = $langs->trans("Member")." - ".$langs->trans("Documents");
$helpurl = "EN:Module_Foundations|FR:Module_Adh&eacute;rents|ES:M&oacute;dulo_Miembros";
llxHeader("", $title, $helpurl);
$help_url = "EN:Module_Foundations|FR:Module_Adh&eacute;rents|ES:M&oacute;dulo_Miembros|DE:Modul_Mitglieder";
llxHeader("", $title, $help_url);
if ($id > 0) {
$result = $membert->fetch($object->typeid);

283
htdocs/adherents/index.php
View File

@ -1,8 +1,8 @@
<?php
/* Copyright (C) 2001-2002 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2003 Jean-Louis Bergamo <jlb@j1b.org>
* Copyright (C) 2004-2020 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2012 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2003 Jean-Louis Bergamo <jlb@j1b.org>
* Copyright (C) 2004-2020 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2012 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2019 Nicolas ZABOURI <info@inovea-conseil.com>
* Copyright (C) 2021 Frédéric France <frederic.france@netlgic.fr>
*
@ -82,6 +82,7 @@ print load_fiche_titre($langs->trans("MembersArea"), $resultboxes['selectboxlist
$MembersValidated = array();
$MembersToValidate = array();
$MembersUpToDate = array();
$MembersExcluded = array();
$MembersResiliated = array();
$AdherentType = array();
@ -116,6 +117,9 @@ if ($result) {
if ($objp->statut == 1) {
$MembersValidated[$objp->rowid] = $objp->somme;
}
if ($objp->statut == -2) {
$MembersExcluded[$objp->rowid] = $objp->somme;
}
if ($objp->statut == 0) {
$MembersResiliated[$objp->rowid] = $objp->somme;
}
@ -193,11 +197,12 @@ if ($conf->use_javascript_ajax) {
$boxgraph .='<tr class="liste_titre"><th colspan="2">'.$langs->trans("Statistics").'</th></tr>';
$boxgraph .='<tr><td class="center" colspan="2">';
$SommeA = 0;
$SommeB = 0;
$SumToValidate = 0;
$SumValidated = 0;
$SumUpToDate = 0;
$SumResiliated = 0;
$SumExcluded = 0;
$SommeC = 0;
$SommeD = 0;
$total = 0;
$dataval = array();
$i = 0;
@ -205,26 +210,30 @@ if ($conf->use_javascript_ajax) {
$dataval['draft'][] = array($i, isset($MembersToValidate[$key]) ? $MembersToValidate[$key] : 0);
$dataval['notuptodate'][] = array($i, isset($MembersValidated[$key]) ? $MembersValidated[$key] - (isset($MembersUpToDate[$key]) ? $MembersUpToDate[$key] : 0) : 0);
$dataval['uptodate'][] = array($i, isset($MembersUpToDate[$key]) ? $MembersUpToDate[$key] : 0);
$dataval['excluded'][] = array($i, isset($MembersExcluded[$key]) ? $MembersExcluded[$key] : 0);
$dataval['resiliated'][] = array($i, isset($MembersResiliated[$key]) ? $MembersResiliated[$key] : 0);
$SommeA += isset($MembersToValidate[$key]) ? $MembersToValidate[$key] : 0;
$SommeB += isset($MembersValidated[$key]) ? $MembersValidated[$key] - (isset($MembersUpToDate[$key]) ? $MembersUpToDate[$key] : 0) : 0;
$SommeC += isset($MembersUpToDate[$key]) ? $MembersUpToDate[$key] : 0;
$SommeD += isset($MembersResiliated[$key]) ? $MembersResiliated[$key] : 0;
$SumToValidate += isset($MembersToValidate[$key]) ? $MembersToValidate[$key] : 0;
$SumValidated += isset($MembersValidated[$key]) ? $MembersValidated[$key] - (isset($MembersUpToDate[$key]) ? $MembersUpToDate[$key] : 0) : 0;
$SumUpToDate += isset($MembersUpToDate[$key]) ? $MembersUpToDate[$key] : 0;
$SumExcluded += isset($MembersExcluded[$key]) ? $MembersExcluded [$key] : 0;
$SumResiliated += isset($MembersResiliated[$key]) ? $MembersResiliated[$key] : 0;
$i++;
}
$total = $SommeA + $SommeB + $SommeC + $SommeD;
$total = $SumToValidate + $SumValidated + $SumUpToDate + $SumExcluded + $SumResiliated;
$dataseries = array();
$dataseries[] = array($langs->transnoentitiesnoconv("OutOfDate"), round($SommeB));
$dataseries[] = array($langs->transnoentitiesnoconv("UpToDate"), round($SommeC));
$dataseries[] = array($langs->transnoentitiesnoconv("MembersStatusResiliated"), round($SommeD));
$dataseries[] = array($langs->transnoentitiesnoconv("MembersStatusToValid"), round($SommeA));
$dataseries[] = array($langs->transnoentitiesnoconv("OutOfDate"), round($SumValidated));
$dataseries[] = array($langs->transnoentitiesnoconv("UpToDate"), round($SumUpToDate));
$dataseries[] = array($langs->transnoentitiesnoconv("MembersStatusExcluded"), round($SumExcluded));
$dataseries[] = array($langs->transnoentitiesnoconv("MembersStatusResiliated"), round($SumResiliated));
$dataseries[] = array($langs->transnoentitiesnoconv("MembersStatusToValid"), round($SumToValidate));
include DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/theme_vars.inc.php';
include_once DOL_DOCUMENT_ROOT.'/core/class/dolgraph.class.php';
$dolgraph = new DolGraph();
$dolgraph->SetData($dataseries);
$dolgraph->SetDataColor(array($badgeStatus1, $badgeStatus4, $badgeStatus6, '-'.$badgeStatus0));
$dolgraph->SetDataColor(array($badgeStatus1, $badgeStatus4, '-'.$badgeStatus8, $badgeStatus6, '-'.$badgeStatus0));
$dolgraph->setShowLegend(2);
$dolgraph->setShowPercent(1);
$dolgraph->SetType(array('pie'));
@ -234,7 +243,7 @@ if ($conf->use_javascript_ajax) {
$boxgraph .= '</td></tr>';
$boxgraph .= '<tr class="liste_total"><td>'.$langs->trans("Total").'</td><td class="right">';
$boxgraph .= $SommeA + $SommeB + $SommeC + $SommeD;
$boxgraph .= $SumToValidate + $SumValidated + $SumUpToDate + $SumExcluded + $SumResiliated;
$boxgraph .= '</td></tr>';
$boxgraph .= '</table>';
$boxgraph .= '</div>';
@ -251,250 +260,12 @@ print '<div class="firstcolumn fichehalfleft boxhalfleft" id="boxhalfleft">';
print $searchbox;
print $boxgraph;
// List of subscription by year
$Total = array();
$Number = array();
$tot = 0;
$numb = 0;
$sql = "SELECT c.subscription, c.dateadh as dateh";
$sql .= " FROM ".MAIN_DB_PREFIX."adherent as d, ".MAIN_DB_PREFIX."subscription as c";
$sql .= " WHERE d.entity IN (".getEntity('adherent').")";
$sql .= " AND d.rowid = c.fk_adherent";
$result = $db->query($sql);
if ($result) {
$num = $db->num_rows($result);
$i = 0;
while ($i < $num) {
$objp = $db->fetch_object($result);
$year = dol_print_date($db->jdate($objp->dateh), "%Y");
$Total[$year] = (isset($Total[$year]) ? $Total[$year] : 0) + $objp->subscription;
$Number[$year] = (isset($Number[$year]) ? $Number[$year] : 0) + 1;
$tot += $objp->subscription;
$numb += 1;
$i++;
}
}
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre">';
print '<th>'.$langs->trans("Year").'</th>';
print '<th class="right">'.$langs->trans("Subscriptions").'</th>';
print '<th class="right">'.$langs->trans("AmountTotal").'</th>';
print '<th class="right">'.$langs->trans("AmountAverage").'</th>';
print "</tr>\n";
krsort($Total);
$i = 0;
foreach ($Total as $key=>$value) {
if ($i >= 8) {
print '<tr class="oddeven">';
print "<td>...</td>";
print "<td class=\"right\"></td>";
print "<td class=\"right\"></td>";
print "<td class=\"right\"></td>";
print "</tr>\n";
break;
}
print '<tr class="oddeven">';
print "<td><a href=\"./subscription/list.php?date_select=$key\">$key</a></td>";
print "<td class=\"right\">".$Number[$key]."</td>";
print "<td class=\"right\">".price($value)."</td>";
print "<td class=\"right\">".price(price2num($value / $Number[$key], 'MT'))."</td>";
print "</tr>\n";
$i++;
}
// Total
print '<tr class="liste_total">';
print '<td>'.$langs->trans("Total").'</td>';
print "<td class=\"right\">".$numb."</td>";
print '<td class="right">'.price($tot)."</td>";
print "<td class=\"right\">".price(price2num($numb > 0 ? ($tot / $numb) : 0, 'MT'))."</td>";
print "</tr>\n";
print "</table></div>";
print "<br>\n";
print $resultboxes['boxlista'];
print '</div>'."\n";
print '<div class="secondcolumn fichehalfright boxhalfright" id="boxhalfright">';
/*
* Latest modified members
*/
$max = $conf->global->MAIN_SIZE_SHORTLIST_LIMIT;
$sql = "SELECT a.rowid, a.statut as status, a.lastname, a.firstname, a.societe as company, a.fk_soc,";
$sql .= " a.gender, a.email, a.photo, a.morphy,";
$sql .= " a.tms as datem, a.datefin as date_end_subscription,";
$sql .= " ta.rowid as typeid, ta.libelle as label, ta.subscription as need_subscription";
$sql .= " FROM ".MAIN_DB_PREFIX."adherent as a, ".MAIN_DB_PREFIX."adherent_type as ta";
$sql .= " WHERE a.entity IN (".getEntity('adherent').")";
$sql .= " AND a.fk_adherent_type = ta.rowid";
$sql .= $db->order("a.tms", "DESC");
$sql .= $db->plimit($max, 0);
$resql = $db->query($sql);
if ($resql) {
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre">';
print '<th colspan="4">'.$langs->trans("LastMembersModified", $max).'</th></tr>';
$num = $db->num_rows($resql);
if ($num) {
$i = 0;
while ($i < $num) {
$obj = $db->fetch_object($resql);
$staticmember->id = $obj->rowid;
$staticmember->ref = $obj->rowid;
$staticmember->lastname = $obj->lastname;
$staticmember->firstname = $obj->firstname;
$staticmember->gender = $obj->gender;
$staticmember->email = $obj->email;
$staticmember->photo = $obj->photo;
$staticmember->morphy = $obj->morphy;
$staticmember->statut = $obj->status;
$staticmember->need_subscription = $obj->need_subscription;
$staticmember->datefin = $db->jdate($obj->date_end_subscription);
if (!empty($obj->fk_soc)) {
$staticmember->fk_soc = $obj->fk_soc;
$staticmember->fetch_thirdparty();
$staticmember->name = $staticmember->thirdparty->name;
} else {
$staticmember->name = $obj->company;
}
$statictype->id = $obj->typeid;
$statictype->label = $obj->label;
$statictype->subscription = $obj->need_subscription;
print '<tr class="oddeven">';
print '<td class="nowraponall">'.$staticmember->getNomUrl(-1, 32).'</td>';
print '<td>'.$statictype->getNomUrl(1, 32).'</td>';
print '<td>'.dol_print_date($db->jdate($obj->datem), 'dayhour').'</td>';
print '<td class="right">'.$staticmember->getLibStatut(3).'</td>';
print '</tr>';
$i++;
}
}
print "</table></div>";
print "<br>";
} else {
dol_print_error($db);
}
/*
* Last modified subscriptions
*/
$max = $conf->global->MAIN_SIZE_SHORTLIST_LIMIT;
$sql = "SELECT a.rowid, a.statut as status, a.lastname, a.firstname, a.societe as company, a.fk_soc,";
$sql .= " a.gender, a.email, a.photo, a.morphy,";
$sql .= " a.datefin as date_end_subscription,";
$sql .= " ta.rowid as typeid, ta.libelle as label, ta.subscription as need_subscription,";
$sql .= " c.rowid as cid, c.tms as datem, c.datec as datec, c.dateadh as date_start, c.datef as date_end, c.subscription";
$sql .= " FROM ".MAIN_DB_PREFIX."adherent as a, ".MAIN_DB_PREFIX."adherent_type as ta, ".MAIN_DB_PREFIX."subscription as c";
$sql .= " WHERE a.entity IN (".getEntity('adherent').")";
$sql .= " AND a.fk_adherent_type = ta.rowid";
$sql .= " AND c.fk_adherent = a.rowid";
$sql .= $db->order("c.tms", "DESC");
$sql .= $db->plimit($max, 0);
$resql = $db->query($sql);
if ($resql) {
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre">';
print '<th colspan="5">'.$langs->trans("LastSubscriptionsModified", $max).'</th></tr>';
$num = $db->num_rows($resql);
if ($num) {
$i = 0;
while ($i < $num) {
$obj = $db->fetch_object($resql);
$staticmember->id = $obj->rowid;
$staticmember->ref = $obj->rowid;
$staticmember->lastname = $obj->lastname;
$staticmember->firstname = $obj->firstname;
$staticmember->gender = $obj->gender;
$staticmember->email = $obj->email;
$staticmember->photo = $obj->photo;
$staticmember->morphy = $obj->morphy;
$staticmember->statut = $obj->status;
$staticmember->need_subscription = $obj->need_subscription;
$staticmember->datefin = $db->jdate($obj->date_end_subscription);
if (!empty($obj->fk_soc)) {
$staticmember->fk_soc = $obj->fk_soc;
$staticmember->fetch_thirdparty();
$staticmember->name = $staticmember->thirdparty->name;
} else {
$staticmember->name = $obj->company;
}
$subscriptionstatic->id = $obj->cid;
$subscriptionstatic->ref = $obj->cid;
print '<tr class="oddeven">';
print '<td class="nowraponall">'.$subscriptionstatic->getNomUrl(1).'</td>';
print '<td class="nowraponall">'.$staticmember->getNomUrl(-1, 32, 'subscription').'</td>';
print '<td class="nowraponall">'.get_date_range($db->jdate($obj->date_start), $db->jdate($obj->date_end)).'</td>';
print '<td class="right">'.price($obj->subscription).'</td>';
//print '<td class="right">'.$staticmember->LibStatut($obj->statut,($obj->subscription=='yes'?1:0),$db->jdate($obj->date_end_subscription),5).'</td>';
print '<td class="right nowraponall">'.dol_print_date($db->jdate($obj->datem ? $obj->datem : $obj->datec), 'dayhour').'</td>';
print '</tr>';
$i++;
}
}
print "</table></div>";
print "<br>";
} else {
dol_print_error($db);
}
// Summary of members by type
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre">';
print '<th>'.$langs->trans("MembersTypes").'</th>';
print '<th class=right>'.$langs->trans("MembersStatusToValid").'</th>';
print '<th class=right>'.$langs->trans("OutOfDate").'</th>';
print '<th class=right>'.$langs->trans("UpToDate").'</th>';
print '<th class=right>'.$langs->trans("MembersStatusResiliated").'</th>';
print "</tr>\n";
foreach ($AdherentType as $key => $adhtype) {
print '<tr class="oddeven">';
print '<td>'.$adhtype->getNomUrl(1, dol_size(32)).'</td>';
print '<td class="right">'.(isset($MembersToValidate[$key]) && $MembersToValidate[$key] > 0 ? $MembersToValidate[$key] : '').' '.$staticmember->LibStatut(-1, $adhtype->subscription, 0, 3).'</td>';
print '<td class="right">'.(isset($MembersValidated[$key]) && ($MembersValidated[$key] - (isset($MembersUpToDate[$key]) ? $MembersUpToDate[$key] : 0) > 0) ? $MembersValidated[$key] - (isset($MembersUpToDate[$key]) ? $MembersUpToDate[$key] : 0) : '').' '.$staticmember->LibStatut(1, $adhtype->subscription, 0, 3).'</td>';
print '<td class="right">'.(isset($MembersUpToDate[$key]) && $MembersUpToDate[$key] > 0 ? $MembersUpToDate[$key] : '').' '.$staticmember->LibStatut(1, $adhtype->subscription, $now, 3).'</td>';
print '<td class="right">'.(isset($MembersResiliated[$key]) && $MembersResiliated[$key] > 0 ? $MembersResiliated[$key] : '').' '.$staticmember->LibStatut(0, $adhtype->subscription, 0, 3).'</td>';
print "</tr>\n";
}
print '<tr class="liste_total">';
print '<td class="liste_total">'.$langs->trans("Total").'</td>';
print '<td class="liste_total right">'.$SommeA.' '.$staticmember->LibStatut(-1, $adhtype->subscription, 0, 3).'</td>';
print '<td class="liste_total right">'.$SommeB.' '.$staticmember->LibStatut(1, $adhtype->subscription, 0, 3).'</td>';
print '<td class="liste_total right">'.$SommeC.' '.$staticmember->LibStatut(1, $adhtype->subscription, $now, 3).'</td>';
print '<td class="liste_total right">'.$SommeD.' '.$staticmember->LibStatut(0, $adhtype->subscription, 0, 3).'</td>';
print '</tr>';
print "</table>\n";
print "</div>";
print '<br>';
print $resultboxes['boxlistb'];
print '</div>'."\n";

16
htdocs/adherents/list.php
View File

@ -76,7 +76,7 @@ if ($statut != '') {
$sall = trim((GETPOST('search_all', 'alphanohtml') != '') ?GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml'));
if ($search_status < -1) {
if ($search_status < -2) {
$search_status = '';
}
@ -302,13 +302,13 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s on (s.rowid = d.fk_soc)";
$sql .= ", ".MAIN_DB_PREFIX."adherent_type as t";
$sql .= " WHERE d.fk_adherent_type = t.rowid ";
if ($catid > 0) {
$sql .= " AND cm.fk_categorie = ".$db->escape($catid);
$sql .= " AND cm.fk_categorie = ".((int) $catid);
}
if ($catid == -2) {
$sql .= " AND cm.fk_categorie IS NULL";
}
if ($search_categ > 0) {
$sql .= " AND cm.fk_categorie = ".$db->escape($search_categ);
$sql .= " AND cm.fk_categorie = ".((int) $search_categ);
}
if ($search_categ == -2) {
$sql .= " AND cm.fk_categorie IS NULL";
@ -379,7 +379,7 @@ if ($search_phone_mobile) {
$sql .= natural_search("d.phone_mobile", $search_phone_mobile);
}
if ($search_country) {
$sql .= " AND d.country IN (".$search_country.')';
$sql .= " AND d.country IN (".$db->sanitize($search_country).')';
}
// Add where from extra fields
@ -452,6 +452,9 @@ if (GETPOSTISSET("search_status")) {
if ($search_status == '0') {
$titre = $langs->trans("MembersListResiliated");
}
if ($search_status == '-2') {
$titre = $langs->trans("MembersListExcluded");
}
} elseif ($action == 'search') {
$titre = $langs->trans("MembersListQualified");
}
@ -750,9 +753,10 @@ if (!empty($arrayfields['d.statut']['checked'])) {
$liststatus = array(
'-1'=>$langs->trans("Draft"),
'1'=>$langs->trans("Validated"),
'0'=>$langs->trans("Resiliated")
'0'=>$langs->trans("Resiliated"),
'-2'=>$langs->trans("Excluded")
);
print $form->selectarray('search_status', $liststatus, $search_status, -2);
print $form->selectarray('search_status', $liststatus, $search_status, -3);
print '</td>';
}
// Action column

7
htdocs/adherents/note.php
View File

@ -57,9 +57,12 @@ include DOL_DOCUMENT_ROOT.'/core/actions_setnotes.inc.php'; // Must be include,
/*
* View
*/
$title = $langs->trans("Member")." - ".$langs->trans("Note");
$helpurl = "EN:Module_Foundations|FR:Module_Adh&eacute;rents|ES:M&oacute;dulo_Miembros";
llxHeader("", $title, $helpurl);
$help_url = "EN:Module_Foundations|FR:Module_Adh&eacute;rents|ES:M&oacute;dulo_Miembros|DE:Modul_Mitglieder";
llxHeader("", $title, $help_url);
$form = new Form($db);

9
htdocs/adherents/subscription.php
View File

@ -121,6 +121,7 @@ $paymentdate = -1;
* Actions
*/
$parameters = array();
$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action);
if ($reshook < 0) {
setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
@ -428,8 +429,10 @@ $form = new Form($db);
$now = dol_now();
$title = $langs->trans("Member")." - ".$langs->trans("Subscriptions");
$helpurl = "EN:Module_Foundations|FR:Module_Adh&eacute;rents|ES:M&oacute;dulo_Miembros";
llxHeader("", $title, $helpurl);
$help_url = "EN:Module_Foundations|FR:Module_Adh&eacute;rents|ES:M&oacute;dulo_Miembros|DE:Modul_Mitglieder";
llxHeader("", $title, $help_url);
$param = '';
@ -642,7 +645,7 @@ if ($rowid > 0) {
* Action bar
*/
// Button to create a new subscription if member no draft neither resiliated
// Button to create a new subscription if member no draft (-1) neither resiliated (0) neither excluded (-2)
if ($user->rights->adherent->cotisation->creer) {
if ($action != 'addsubscription' && $action != 'create_thirdparty') {
print '<div class="tabsAction">';

2
htdocs/adherents/subscription/list.php
View File

@ -191,7 +191,7 @@ if ($search_note) {
$sql .= natural_search('c.note', $search_note);
}
if ($search_account > 0) {
$sql .= " AND b.fk_account = ".urldecode($search_account);
$sql .= " AND b.fk_account = ".((int) $search_account);
}
if ($search_amount) {
$sql .= natural_search('c.subscription', $search_amount, 1);

11
htdocs/adherents/type.php
View File

@ -43,12 +43,13 @@ $cancel = GETPOST('cancel', 'alpha');
$backtopage = GETPOST('backtopage', 'alpha');
$search_lastname = GETPOST('search_lastname', 'alpha');
$search_login = GETPOST('search_login', 'alpha');
$search_email = GETPOST('search_email', 'alpha');
$search_login = GETPOST('search_login', 'alpha');
$search_email = GETPOST('search_email', 'alpha');
$type = GETPOST('type', 'intcomma');
$status = GETPOST('status', 'alpha');
$status = GETPOST('status', 'alpha');
$optioncss = GETPOST('optioncss', 'alpha');
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST("sortfield", 'alpha');
$sortorder = GETPOST("sortorder", 'alpha');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
@ -565,6 +566,8 @@ if ($rowid > 0) {
$titre = $langs->trans("MembersListNotUpToDate");
} elseif ($status == '0') {
$titre = $langs->trans("MembersListResiliated");
} elseif ($status == '-2') {
$titre = $langs->trans("MembersListExcluded");
}
} elseif ($action == 'search') {
$titre = $langs->trans("MembersListQualified");

9
htdocs/adherents/type_translation.php
View File

@ -142,13 +142,16 @@ $result = $object->fetch($id);
*/
$title = $langs->trans('MemberTypeCard');
$helpurl = '';
$help_url = '';
$shortlabel = dol_trunc($object->label, 16);
$title = $langs->trans('MemberType')." ".$shortlabel." - ".$langs->trans('Translation');
$helpurl = 'EN:Module_Services_En|FR:Module_Services|ES:M&oacute;dulo_Servicios';
llxHeader('', $title, $helpurl);
$help_url = 'EN:Module_Services_En|FR:Module_Services|ES:M&oacute;dulo_Servicios|DE:Modul_Mitglieder';
llxHeader('', $title, $help_url);
$form = new Form($db);
$formadmin = new FormAdmin($db);

6
htdocs/adherents/vcard.php
View File

@ -3,7 +3,7 @@
* Copyright (C) 2004-2010 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2012 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2020 Tobias Sekan <tobias.sekan@startmail.com>
* Copyright (C) 2020 Frédéric France <frederic.france@netlogic.fr>
* Copyright (C) 2020-2021 Frédéric France <frederic.france@netlogic.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -20,9 +20,9 @@
*/
/**
* \file htdocs/adherent/vcard.php
* \file htdocs/adherents/vcard.php
* \ingroup societe
* \brief Onglet vcard d'un adherent
* \brief Vcard tab of a member
*/
require '../main.inc.php';

13
htdocs/admin/agenda_extrafields.php
View File

@ -94,12 +94,8 @@ if ($action != 'create' && $action != 'edit') {
}
/* ************************************************************************** */
/* */
/* Creation of an optional field */
/* */
/* ************************************************************************** */
// Creation of an optional field
if ($action == 'create') {
print '<br><div id="newattrib"></div>';
print load_fiche_titre($langs->trans('NewAttribute'));
@ -107,11 +103,8 @@ if ($action == 'create') {
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition of an optional field */
/* */
/* ************************************************************************** */
// Edition of an optional field
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));

48
htdocs/admin/commande.php
View File

@ -9,6 +9,7 @@
* Copyright (C) 2011-2013 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2011-2016 Philippe Grand <philippe.grand@atoo-net.com>
* Copyright (C) 2013 Florian Henry <florian.henry@open-concept.pro>
* Copyright (C) 2021 Frédéric France <frederic.france@netlogic.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -642,7 +643,7 @@ print '</form>';
// Shippable Icon in List
/* Kept as hidden feature for the moment, result seems bugged.
Whet is definition of "shippable" according to all different STOCK_CALCULATE_... options ?
Where is definition of "shippable" according to all different STOCK_CALCULATE_... options ?
print '<tr class="oddeven">';
print '<td>'.$langs->trans("ShippableOrderIconInList").'</td>';
@ -657,65 +658,46 @@ if (!empty($conf->global->SHIPPABLE_ORDER_ICON_IN_LIST)) {
}
print '</a></td>';
print '</tr>';
*/
/*
// Seems to be not so used. So kept hidden for the moment to avoid dangerous options inflation.
// Ask for payment bank during order
if ($conf->banque->enabled)
{
if ($conf->banque->enabled) {
print '<tr class="oddeven"><td>';
print $langs->trans("BANK_ASK_PAYMENT_BANK_DURING_ORDER").'</td><td>&nbsp;</td><td class="center">';
if (! empty($conf->use_javascript_ajax))
{
if (! empty($conf->use_javascript_ajax)) {
print ajax_constantonoff('BANK_ASK_PAYMENT_BANK_DURING_ORDER');
}
else
{
if (empty($conf->global->BANK_ASK_PAYMENT_BANK_DURING_ORDER))
{
} else {
if (empty($conf->global->BANK_ASK_PAYMENT_BANK_DURING_ORDER)) {
print '<a href="'.$_SERVER['PHP_SELF'].'?action=set_BANK_ASK_PAYMENT_BANK_DURING_ORDER&amp;token='.newToken().'&amp;value=1">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
}
else
{
} else {
print '<a href="'.$_SERVER['PHP_SELF'].'?action=set_BANK_ASK_PAYMENT_BANK_DURING_ORDER&amp;token='.newToken().'&amp;value=0">'.img_picto($langs->trans("Enabled"),'switch_on').'</a>';
}
}
print '</td></tr>';
}
else
{
} else {
print '<tr class="oddeven"><td>';
print $langs->trans("BANK_ASK_PAYMENT_BANK_DURING_ORDER").'</td><td>&nbsp;</td><td class="center">'.$langs->trans('NotAvailable').'</td></tr>';
}
// Ask for warehouse during order
if ($conf->stock->enabled)
{
if ($conf->stock->enabled) {
print '<tr class="oddeven"><td>';
print $langs->trans("WAREHOUSE_ASK_WAREHOUSE_DURING_ORDER").'</td><td>&nbsp;</td><td class="center">';
if (! empty($conf->use_javascript_ajax))
{
if (! empty($conf->use_javascript_ajax)) {
print ajax_constantonoff('WAREHOUSE_ASK_WAREHOUSE_DURING_ORDER');
}
else
{
if (empty($conf->global->WAREHOUSE_ASK_WAREHOUSE_DURING_ORDER))
{
} else {
if (empty($conf->global->WAREHOUSE_ASK_WAREHOUSE_DURING_ORDER)) {
print '<a href="'.$_SERVER['PHP_SELF'].'?action=set_WAREHOUSE_ASK_WAREHOUSE_DURING_ORDER&amp;token='.newToken().'&amp;value=1">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
}
else
{
} else {
print '<a href="'.$_SERVER['PHP_SELF'].'?action=set_WAREHOUSE_ASK_WAREHOUSE_DURING_ORDER&amp;token='.newToken().'&amp;value=0">'.img_picto($langs->trans("Enabled"),'switch_on').'</a>';
}
}
print '</td></tr>';
}
else
{
} else {
print '<tr class="oddeven"><td>';
print $langs->trans("WAREHOUSE_ASK_WAREHOUSE_DURING_ORDER").'</td><td>&nbsp;</td><td class="center">'.$langs->trans('NotAvailable').'</td></tr>';
}

13
htdocs/admin/commande_fournisseur_dispatch_extrafields.php
View File

@ -99,12 +99,7 @@ if ($action != 'create' && $action != 'edit') {
}
/* ************************************************************************** */
/* */
/* Creation of an optional field */
/* */
/* ************************************************************************** */
// Creation of an optional field
if ($action == 'create') {
print "<br>";
print load_fiche_titre($langs->trans('NewAttribute'));
@ -112,11 +107,7 @@ if ($action == 'create') {
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition of an optional field */
/* */
/* ************************************************************************** */
// Edition of an optional field
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));

2
htdocs/admin/const.php
View File

@ -237,7 +237,7 @@ $sql .= ", note";
$sql .= ", tms";
$sql .= ", entity";
$sql .= " FROM ".MAIN_DB_PREFIX."const";
$sql .= " WHERE entity IN (".$user->entity.",".$conf->entity.")";
$sql .= " WHERE entity IN (".$db->sanitize($user->entity.",".$conf->entity).")";
if ((empty($user->entity) || $user->admin) && $debug) {
} elseif (!GETPOST('visible') || GETPOST('visible') != 'all') {
// to force for superadmin to debug

13
htdocs/admin/delivery_extrafields.php
View File

@ -96,12 +96,7 @@ if ($action != 'create' && $action != 'edit') {
}
/* ************************************************************************** */
/* */
/* Creation of an optional field */
/* */
/* ************************************************************************** */
// Creation of an optional field
if ($action == 'create') {
print '<br><div id="newattrib"></div>';
print load_fiche_titre($langs->trans('NewAttribute'));
@ -109,11 +104,7 @@ if ($action == 'create') {
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition of an optional field */
/* */
/* ************************************************************************** */
// Edition of an optional field
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));

13
htdocs/admin/deliverydet_extrafields.php
View File

@ -97,12 +97,7 @@ if ($action != 'create' && $action != 'edit') {
}
/* ************************************************************************** */
/* */
/* Creation of an optional field */
/* */
/* ************************************************************************** */
// Creation of an optional field
if ($action == 'create') {
print '<br><div id="newattrib"></div>';
print load_fiche_titre($langs->trans('NewAttribute'));
@ -110,11 +105,7 @@ if ($action == 'create') {
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition of an optional field */
/* */
/* ************************************************************************** */
// Edition of an optional field
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));

13
htdocs/admin/ecm_directories_extrafields.php
View File

@ -96,23 +96,14 @@ if ($action != 'create' && $action != 'edit') {
}
/* ************************************************************************** */
/* */
/* Creation of an optional field */
/* */
/* ************************************************************************** */
// Creation of an optional field
if ($action == 'create') {
print '<br><div id="newattrib"></div>';
print load_fiche_titre($langs->trans('NewAttribute'));
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition of an optional field */
/* */
/* ************************************************************************** */
// Edition of an optional field
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));

13
htdocs/admin/ecm_files_extrafields.php
View File

@ -96,23 +96,14 @@ if ($action != 'create' && $action != 'edit') {
}
/* ************************************************************************** */
/* */
/* Creation of an optional field */
/* */
/* ************************************************************************** */
// Creation of an optional field
if ($action == 'create') {
print '<br><div id="newattrib"></div>';
print load_fiche_titre($langs->trans('NewAttribute'));
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition of an optional field */
/* */
/* ************************************************************************** */
// Edition of an optional field
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));

4
htdocs/admin/eventorganization.php
View File

@ -201,7 +201,7 @@ if ($action == 'edit') {
print '<input type="hidden" name="action" value="update">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre"><td class="titlefield">'.$langs->trans("Parameter").'</td><td>'.$langs->trans("Value").'</td></tr>';
print '<tr class="liste_titre"><td class="titlefieldcreate">'.$langs->trans("Parameter").'</td><td>'.$langs->trans("Value").'</td></tr>';
foreach ($arrayofparameters as $constname => $val) {
if ($val['enabled']==1) {
@ -266,7 +266,7 @@ if ($action == 'edit') {
} else {
if (!empty($arrayofparameters)) {
print '<table class="noborder centpercent">';
print '<tr class="liste_titre"><td class="titlefield">'.$langs->trans("Parameter").'</td><td>'.$langs->trans("Value").'</td></tr>';
print '<tr class="liste_titre"><td class="titlefieldcreate">'.$langs->trans("Parameter").'</td><td>'.$langs->trans("Value").'</td></tr>';
foreach ($arrayofparameters as $constname => $val) {
if ($val['enabled']==1) {

14
htdocs/admin/expedition_extrafields.php
View File

@ -95,13 +95,7 @@ if ($action != 'create' && $action != 'edit') {
print "</div>";
}
/* ************************************************************************** */
/* */
/* Creation of an optional field */
/* */
/* ************************************************************************** */
// Creation of an optional field
if ($action == 'create') {
print '<br><div id="newattrib"></div>';
print load_fiche_titre($langs->trans('NewAttribute'));
@ -109,11 +103,7 @@ if ($action == 'create') {
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition of an optional field */
/* */
/* ************************************************************************** */
// Edition of an optional field
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));

13
htdocs/admin/expeditiondet_extrafields.php
View File

@ -97,12 +97,7 @@ if ($action != 'create' && $action != 'edit') {
}
/* ************************************************************************** */
/* */
/* Creation of an optional field */
/* */
/* ************************************************************************** */
// Creation of an optional field
if ($action == 'create') {
print '<br><div id="newattrib"></div>';
print load_fiche_titre($langs->trans('NewAttribute'));
@ -110,11 +105,7 @@ if ($action == 'create') {
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition of an optional field */
/* */
/* ************************************************************************** */
// Edition of an optional field
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));

12
htdocs/admin/expensereport_extrafields.php
View File

@ -90,12 +90,8 @@ if ($action != 'create' && $action != 'edit') {
}
/* ************************************************************************** */
/* */
/* Creation of an optional field */
/* */
/* ************************************************************************** */
// Creation of an optional field
if ($action == 'create') {
print '<br><div id="newattrib"></div>';
print load_fiche_titre($langs->trans('NewAttribute'));
@ -103,11 +99,7 @@ if ($action == 'create') {
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition of an optional field */
/* */
/* ************************************************************************** */
// Edition of an optional field
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));

14
htdocs/admin/holiday_extrafields.php
View File

@ -90,12 +90,7 @@ if ($action != 'create' && $action != 'edit') {
}
/* ************************************************************************** */
/* */
/* Creation of an optional field */
/* */
/* ************************************************************************** */
// Creation of an optional field
if ($action == 'create') {
print '<br><div id="newattrib"></div>';
print load_fiche_titre($langs->trans('NewAttribute'));
@ -103,11 +98,8 @@ if ($action == 'create') {
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition of an optional field */
/* */
/* ************************************************************************** */
// Edition of an optional field
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));

12
htdocs/admin/mails.php
View File

@ -562,9 +562,9 @@ if ($action == 'edit') {
if (empty($conf->global->MAIN_DISABLE_ALL_MAILS)) {
// Force e-mail recipient
print '<tr class="oddeven"><td>'.$langs->trans("MAIN_MAIL_FORCE_SENDTO").'</td><td>'.$conf->global->MAIN_MAIL_FORCE_SENDTO;
if (!empty($conf->global->MAIN_MAIL_FORCE_SENDTO)) {
if (!isValidEmail($conf->global->MAIN_MAIL_FORCE_SENDTO)) {
print '<tr class="oddeven"><td>'.$langs->trans("MAIN_MAIL_FORCE_SENDTO").'</td><td>'.getDolGlobalString('MAIN_MAIL_FORCE_SENDTO');
if (!empty(getDolGlobalString('MAIN_MAIL_FORCE_SENDTO'))) {
if (!isValidEmail(getDolGlobalString('MAIN_MAIL_FORCE_SENDTO'))) {
print img_warning($langs->trans("ErrorBadEMail"));
} else {
print img_warning($langs->trans("RecipientEmailsWillBeReplacedWithThisValue"));
@ -677,17 +677,17 @@ if ($action == 'edit') {
// Domain
print '<tr class="oddeven"><td>'.$langs->trans("MAIN_MAIL_EMAIL_DKIM_DOMAIN").'</td>';
print '<td>'.$conf->global->MAIN_MAIL_EMAIL_DKIM_DOMAIN;
print '<td>'.getDolGlobalString('MAIN_MAIL_EMAIL_DKIM_DOMAIN');
print '</td></tr>';
// Selector
print '<tr class="oddeven"><td>'.$langs->trans("MAIN_MAIL_EMAIL_DKIM_SELECTOR").'</td>';
print '<td>'.$conf->global->MAIN_MAIL_EMAIL_DKIM_SELECTOR;
print '<td>'.getDolGlobalString('MAIN_MAIL_EMAIL_DKIM_SELECTOR');
print '</td></tr>';
// PRIVATE KEY
print '<tr class="oddeven"><td>'.$langs->trans("MAIN_MAIL_EMAIL_DKIM_PRIVATE_KEY").'</td>';
print '<td>'.$conf->global->MAIN_MAIL_EMAIL_DKIM_PRIVATE_KEY;
print '<td>'.getDolGlobalString('MAIN_MAIL_EMAIL_DKIM_PRIVATE_KEY');
print '</td></tr>';
}

12
htdocs/admin/mails_emailing.php
View File

@ -446,12 +446,12 @@ if ($action == 'edit') {
// SMTPS ID
if (isset($conf->global->MAIN_MAIL_SENDMODE_EMAILING) && in_array($conf->global->MAIN_MAIL_SENDMODE_EMAILING, array('smtps', 'swiftmailer'))) {
print '<tr class="oddeven hideifdefault"><td>'.$langs->trans("MAIN_MAIL_SMTPS_ID").'</td><td>'.$conf->global->MAIN_MAIL_SMTPS_ID_EMAILING.'</td></tr>';
print '<tr class="oddeven hideifdefault"><td>'.$langs->trans("MAIN_MAIL_SMTPS_ID").'</td><td>'.getDolGlobalString('MAIN_MAIL_SMTPS_ID_EMAILING').'</td></tr>';
}
// SMTPS PW
if (isset($conf->global->MAIN_MAIL_SENDMODE_EMAILING) && in_array($conf->global->MAIN_MAIL_SENDMODE_EMAILING, array('smtps', 'swiftmailer'))) {
print '<tr class="oddeven hideifdefault"><td>'.$langs->trans("MAIN_MAIL_SMTPS_PW").'</td><td>'.preg_replace('/./', '*', $conf->global->MAIN_MAIL_SMTPS_PW_EMAILING).'</td></tr>';
print '<tr class="oddeven hideifdefault"><td>'.$langs->trans("MAIN_MAIL_SMTPS_PW").'</td><td>'.preg_replace('/./', '*', getDolGlobalString('MAIN_MAIL_SMTPS_PW_EMAILING')).'</td></tr>';
}
// TLS
@ -484,7 +484,7 @@ if ($action == 'edit') {
print '<tr class="oddeven hideifdefault"><td>'.$langs->trans("MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED").'</td><td>';
if (isset($conf->global->MAIN_MAIL_SENDMODE_EMAILING) && in_array($conf->global->MAIN_MAIL_SENDMODE_EMAILING, array('smtps', 'swiftmailer'))) {
if (function_exists('openssl_open')) {
print yn($conf->global->MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED_EMAILING);
print yn(getDolGlobalInt('MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED_EMAILING'));
} else {
print yn(0).' ('.$langs->trans("YourPHPDoesNotHaveSSLSupport").')';
}
@ -503,11 +503,9 @@ if ($action == 'edit') {
print '<br>';
/*
// Warning 1
if ($linuxlike)
{
if ($linuxlike) {
$sendmailoption=ini_get('mail.force_extra_parameters');
if (empty($sendmailoption) || ! preg_match('/ba/',$sendmailoption))
{
if (empty($sendmailoption) || ! preg_match('/ba/',$sendmailoption)) {
print info_admin($langs->trans("SendmailOptionNotComplete"));
}
}*/

4
htdocs/admin/notification.php
View File

@ -92,7 +92,7 @@ if ($action == 'settemplates') {
if ($action == 'setvalue' && $user->admin) {
$db->begin();
$result = dolibarr_set_const($db, "NOTIFICATION_EMAIL_FROM", GETPOST("email_from", "restricthtml"), 'chaine', 0, '', $conf->entity);
$result = dolibarr_set_const($db, "NOTIFICATION_EMAIL_FROM", GETPOST("email_from", "alphawithlgt"), 'chaine', 0, '', $conf->entity);
if ($result < 0) {
$error++;
}
@ -270,7 +270,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL >= 2) {
}
$helptext = '';
form_constantes($constantes, 2, $helptext);
form_constantes($constantes, 3, $helptext);
} else {
print '<table class="noborder centpercent">';
print '<tr class="liste_titre">';

13
htdocs/admin/order_extrafields.php
View File

@ -93,12 +93,7 @@ if ($action != 'create' && $action != 'edit') {
}
/* ************************************************************************** */
/* */
/* Creation of an optional field */
/* */
/* ************************************************************************** */
// Creation of an optional field
if ($action == 'create') {
print '<br><div id="newattrib"></div>';
print load_fiche_titre($langs->trans('NewAttribute'));
@ -106,11 +101,7 @@ if ($action == 'create') {
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition of an optional field */
/* */
/* ************************************************************************** */
// Edition of an optional field
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));

13
htdocs/admin/orderdet_extrafields.php
View File

@ -94,12 +94,7 @@ if ($action != 'create' && $action != 'edit') {
}
/* ************************************************************************** */
/* */
/* Creation of an optional field */
/* */
/* ************************************************************************** */
// Creation of an optional field
if ($action == 'create') {
print '<br><div id="newattrib"></div>';
print load_fiche_titre($langs->trans('NewAttribute'));
@ -107,11 +102,7 @@ if ($action == 'create') {
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition of an optional field */
/* */
/* ************************************************************************** */
// Edition of an optional field
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));

2
htdocs/admin/perms.php
View File

@ -132,7 +132,7 @@ print '</tr>'."\n";
$sql = "SELECT r.id, r.libelle as label, r.module, r.module_position, r.perms, r.subperms, r.bydefault";
$sql .= " FROM ".MAIN_DB_PREFIX."rights_def as r";
$sql .= " WHERE r.libelle NOT LIKE 'tou%'"; // On ignore droits "tous"
$sql .= " AND r.entity = ".$entity;
$sql .= " AND r.entity = ".((int) $entity);
if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) {
$sql .= " AND r.perms NOT LIKE '%_advance'"; // Hide advanced perms if option is not enabled
}

13
htdocs/admin/reception_extrafields.php
View File

@ -99,12 +99,7 @@ if ($action != 'create' && $action != 'edit') {
}
/* ************************************************************************** */
/* */
/* Creation of an optional field */
/* */
/* ************************************************************************** */
// Creation of an optional field
if ($action == 'create') {
print "<br>";
print load_fiche_titre($langs->trans('NewAttribute'));
@ -112,11 +107,7 @@ if ($action == 'create') {
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition of an optional field */
/* */
/* ************************************************************************** */
// Edition of an optional field
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));

14
htdocs/admin/resource_extrafields.php
View File

@ -92,13 +92,7 @@ if ($action != 'create' && $action != 'edit') {
print "</div>";
}
/* ************************************************************************** */
/* */
/* Creation of an optional field */
/* */
/* ************************************************************************** */
// Creation of an optional field
if ($action == 'create') {
print '<br><div id="newattrib"></div>';
print load_fiche_titre($langs->trans('NewAttribute'));
@ -106,11 +100,7 @@ if ($action == 'create') {
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition of an optional field */
/* */
/* ************************************************************************** */
// Edition of an optional field
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));

14
htdocs/admin/supplierinvoice_extrafields.php
View File

@ -93,13 +93,7 @@ if ($action != 'create' && $action != 'edit') {
print "</div>";
}
/* ************************************************************************** */
/* */
/* Creation of an optional field */
/* */
/* ************************************************************************** */
// Creation of an optional field
if ($action == 'create') {
print '<br><div id="newattrib"></div>';
print load_fiche_titre($langs->trans('NewAttribute'));
@ -107,11 +101,7 @@ if ($action == 'create') {
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition of an optional field */
/* */
/* ************************************************************************** */
// Edition of an optional field
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));

14
htdocs/admin/supplierinvoicedet_extrafields.php
View File

@ -95,13 +95,7 @@ if ($action != 'create' && $action != 'edit') {
print "</div>";
}
/* ************************************************************************** */
/* */
/* Creation of an optional field */
/* */
/* ************************************************************************** */
// Creation of an optional field
if ($action == 'create') {
print '<br><div id="newattrib"></div>';
print load_fiche_titre($langs->trans('NewAttribute'));
@ -109,11 +103,7 @@ if ($action == 'create') {
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition of an optional field */
/* */
/* ************************************************************************** */
// Edition of an optional field
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));

14
htdocs/admin/supplierorder_extrafields.php
View File

@ -93,13 +93,7 @@ if ($action != 'create' && $action != 'edit') {
print "</div>";
}
/* ************************************************************************** */
/* */
/* Creation of an optional field */
/* */
/* ************************************************************************** */
// Creation of an optional field
if ($action == 'create') {
print '<br><div id="newattrib"></div>';
print load_fiche_titre($langs->trans('NewAttribute'));
@ -107,11 +101,7 @@ if ($action == 'create') {
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition of an optional field */
/* */
/* ************************************************************************** */
// Edition of an optional field
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));

14
htdocs/admin/supplierorderdet_extrafields.php
View File

@ -94,13 +94,7 @@ if ($action != 'create' && $action != 'edit') {
print "</div>";
}
/* ************************************************************************** */
/* */
/* Creation of an optional field */
/* */
/* ************************************************************************** */
// Creation of an optional field
if ($action == 'create') {
print '<br><div id="newattrib"></div>';
print load_fiche_titre($langs->trans('NewAttribute'));
@ -108,11 +102,7 @@ if ($action == 'create') {
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition of an optional field */
/* */
/* ************************************************************************** */
// Edition of an optional field
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));

2
htdocs/admin/system/constall.php
View File

@ -223,7 +223,7 @@ if (empty($conf->multicompany->enabled)) {
} else {
// If multicompany mode, superadmin (user->entity=0) can see everything, admin are limited to their entities.
if ($user->entity) {
$sql .= " WHERE entity IN (".$user->entity.",".$conf->entity.")";
$sql .= " WHERE entity IN (".$db->sanitize($user->entity.",".$conf->entity).")";
}
}
$sql .= " ORDER BY entity, name ASC";

2
htdocs/admin/system/dolibarr.php
View File

@ -484,7 +484,7 @@ if (empty($conf->multicompany->enabled)) {
} else {
// If multicompany mode, superadmin (user->entity=0) can see everything, admin are limited to their entities.
if ($user->entity) {
$sql .= " WHERE entity IN (".$user->entity.",".$conf->entity.")";
$sql .= " WHERE entity IN (".$db->sanitize($user->entity.",".$conf->entity).")";
}
}
$sql .= " ORDER BY entity, name ASC";

13
htdocs/admin/ticket_extrafields.php
View File

@ -84,12 +84,7 @@ if ($action != 'create' && $action != 'edit') {
print "</div>";
}
/* ************************************************************************** */
/* */
/* Creation d'un champ optionnel */
/* */
/* ************************************************************************** */
// Creation of an optional field
if ($action == 'create') {
print "<br>";
print load_fiche_titre($langs->trans('NewAttribute'));
@ -97,11 +92,7 @@ if ($action == 'create') {
include DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition d'un champ optionnel */
/* */
/* ************************************************************************** */
// Edition of an optional field
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));

14
htdocs/asset/admin/assets_type_extrafields.php
View File

@ -82,13 +82,7 @@ if ($action != 'create' && $action != 'edit') {
print "</div>";
}
/* ************************************************************************** */
/* */
/* Creation of an optional field */
/* */
/* ************************************************************************** */
// Creation of an optional field
if ($action == 'create') {
print "<br>";
print load_fiche_titre($langs->trans('NewAttribute'));
@ -96,11 +90,7 @@ if ($action == 'create') {
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition of an optional field */
/* */
/* ************************************************************************** */
// Edition of an optional field
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));

2
htdocs/asset/class/asset_type.class.php
View File

@ -332,7 +332,7 @@ class AssetType extends CommonObject
/**
* Return array of Asset objects for asset type this->id (or all if this->id not defined)
*
* @param string $excludefilter Filter to exclude
* @param string $excludefilter Filter to exclude. This parameter must not be provided by input of users
* @param int $mode 0=Return array of asset instance
* 1=Return array of asset instance without extra data
* 2=Return array of asset id only

6
htdocs/asset/document.php
View File

@ -82,8 +82,10 @@ include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php';
*/
$title = $langs->trans('Assets')." - ".$langs->trans('Documents');
$helpurl = '';
llxHeader('', $title, $helpurl);
$help_url = '';
llxHeader('', $title, $help_url);
$form = new Form($db);

6
htdocs/asset/info.php
View File

@ -57,8 +57,10 @@ $object->fetch($id);
$form = new Form($db);
$title = $langs->trans('Asset')." - ".$langs->trans('Info');
$helpurl = "";
llxHeader('', $title, $helpurl);
$help_url = "";
llxHeader('', $title, $help_url);
$object->info($id);

5
htdocs/asset/type.php
View File

@ -196,8 +196,9 @@ if ($action == 'confirm_delete' && $user->rights->asset->write) {
$form = new Form($db);
$helpurl = '';
llxHeader('', $langs->trans("AssetsTypeSetup"), $helpurl);
$help_url = '';
llxHeader('', $langs->trans("AssetsTypeSetup"), $help_url);
// List of asset type

4
htdocs/barcode/printsheet.php
View File

@ -286,7 +286,7 @@ print '<div class="tagtable">';
// Sheet format
print ' <div class="tagtr">';
print ' <div class="tagtd" style="overflow: hidden; white-space: nowrap; max-width: 300px;">';
print ' <div class="tagtd">';
print $langs->trans("DescADHERENT_ETIQUETTE_TYPE").' &nbsp; ';
print '</div><div class="tagtd maxwidthonsmartphone" style="overflow: hidden; white-space: nowrap;">';
// List of possible labels (defined into $_Avery_Labels variable set into core/lib/format_cards.lib.php)
@ -302,7 +302,7 @@ print '</div></div>';
// Number of stickers to print
print ' <div class="tagtr">';
print ' <div class="tagtd" style="overflow: hidden; white-space: nowrap; max-width: 300px;">';
print ' <div class="tagtd">';
print $langs->trans("NumberOfStickers").' &nbsp; ';
print '</div><div class="tagtd maxwidthonsmartphone" style="overflow: hidden; white-space: nowrap;">';
print '<input size="4" type="text" name="numberofsticker" value="'.(GETPOST('numberofsticker') ?GETPOST('numberofsticker', 'int') : 10).'">';

19
htdocs/bom/bom_list.php
View File

@ -76,18 +76,6 @@ if (!$sortorder) {
$sortorder = "ASC";
}
// Security check
if (empty($conf->bom->enabled)) {
accessforbidden('Module not enabled');
}
$socid = 0;
if ($user->socid > 0) {
// Protection if external user
//$socid = $user->socid;
accessforbidden();
}
//$result = restrictedArea($user, 'bom', $id, '');
// Initialize array of search criterias
$search_all = GETPOST("search_all", 'alpha');
$search = array();
@ -133,6 +121,13 @@ $permissiontoread = $user->rights->bom->read;
$permissiontoadd = $user->rights->bom->write;
$permissiontodelete = $user->rights->bom->delete;
// Security check
if ($user->socid > 0) {
// Protection if external user
accessforbidden();
}
$result = restrictedArea($user, 'bom');
/*
* Actions

4
htdocs/bom/class/api_boms.class.php
View File

@ -134,14 +134,14 @@ class Boms extends DolibarrApi
$sql .= " AND t.fk_soc = sc.fk_soc";
}
if ($restrictonsocid && $socid) {
$sql .= " AND t.fk_soc = ".$socid;
$sql .= " AND t.fk_soc = ".((int) $socid);
}
if ($restrictonsocid && $search_sale > 0) {
$sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
}
// Insert sale filter
if ($restrictonsocid && $search_sale > 0) {
$sql .= " AND sc.fk_user = ".$search_sale;
$sql .= " AND sc.fk_user = ".((int) $search_sale);
}
if ($sqlfilters) {
if (!DolibarrApi::_checkFilters($sqlfilters)) {

14
htdocs/categories/admin/categorie_extrafields.php
View File

@ -86,13 +86,7 @@ if ($action != 'create' && $action != 'edit') {
print "</div>";
}
/* ************************************************************************** */
/* */
/* Creation of an optional field */
/* */
/* ************************************************************************** */
// Creation of an optional field
if ($action == 'create') {
print '<br><div id="newattrib"></div>';
print load_fiche_titre($langs->trans('NewAttribute'));
@ -100,11 +94,7 @@ if ($action == 'create') {
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition of an optional field */
/* */
/* ************************************************************************** */
// Edition of an optional field
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));

5
htdocs/categories/card.php
View File

@ -208,8 +208,9 @@ if (($action == 'add' || $action == 'confirmed') && $user->rights->categorie->cr
$form = new Form($db);
$formother = new FormOther($db);
$helpurl = 'EN:Module_Categories|FR:Module_Catégories';
llxHeader("", $langs->trans("Categories"), $helpurl);
$help_url = 'EN:Module_Categories|FR:Module_Catégories|DE:Modul_Kategorien';
llxHeader("", $langs->trans("Categories"), $help_url);
if ($user->rights->categorie->creer) {
// Create or add

4
htdocs/categories/class/categorie.class.php
View File

@ -1300,7 +1300,7 @@ class Categorie extends CommonObject
$sql = "SELECT c.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."categorie as c ";
$sql .= " WHERE c.entity IN (".getEntity('category').")";
$sql .= " AND c.type = ".$type;
$sql .= " AND c.type = ".((int) $type);
$sql .= " AND c.fk_parent = ".$this->fk_parent;
$sql .= " AND c.label = '".$this->db->escape($this->label)."'";
@ -1792,7 +1792,7 @@ class Categorie extends CommonObject
$sql = "SELECT rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."categorie_lang";
$sql .= " WHERE fk_category=".$this->id;
$sql .= " AND lang='".$key."'";
$sql .= " AND lang = '".$this->db->escape($key)."'";
$result = $this->db->query($sql);

6
htdocs/categories/viewcat.php
View File

@ -207,8 +207,10 @@ $formother = new FormOther($db);
$arrayofjs = array('/includes/jquery/plugins/jquerytreeview/jquery.treeview.js', '/includes/jquery/plugins/jquerytreeview/lib/jquery.cookie.js');
$arrayofcss = array('/includes/jquery/plugins/jquerytreeview/jquery.treeview.css');
$helpurl = '';
llxHeader("", $langs->trans("Categories"), $helpurl, '', 0, 0, $arrayofjs, $arrayofcss);
$help_url = '';
llxHeader("", $langs->trans("Categories"), $help_url, '', 0, 0, $arrayofjs, $arrayofcss);
$title = Categorie::$MAP_TYPE_TITLE_AREA[$type];

3
htdocs/comm/action/card.php
View File

@ -1896,7 +1896,8 @@ if ($id > 0) {
if (!empty($conf->global->AGENDA_USE_EVENT_TYPE)) {
print '<tr><td class="titlefield">'.$langs->trans("Type").'</td><td>';
print $object->getTypePicto();
print $langs->trans($object->type).'</td></tr>';
print $langs->trans("Action".$object->type_code);
print '</td></tr>';
}
// Full day event

8
htdocs/comm/action/class/actioncomm.class.php
View File

@ -1227,17 +1227,17 @@ class ActionComm extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."actioncomm as a";
$sql .= " WHERE a.entity IN (".getEntity('agenda').")";
if (!empty($socid)) {
$sql .= " AND a.fk_soc = ".$socid;
$sql .= " AND a.fk_soc = ".((int) $socid);
}
if (!empty($elementtype)) {
if ($elementtype == 'project') {
$sql .= ' AND a.fk_project = '.$fk_element;
$sql .= ' AND a.fk_project = '.((int) $fk_element);
} elseif ($elementtype == 'contact') {
$sql .= ' AND a.id IN';
$sql .= " (SELECT fk_actioncomm FROM ".MAIN_DB_PREFIX."actioncomm_resources WHERE";
$sql .= " element_type = 'socpeople' AND fk_element = ".$fk_element.')';
$sql .= " element_type = 'socpeople' AND fk_element = ".((int) $fk_element).')';
} else {
$sql .= " AND a.fk_element = ".(int) $fk_element." AND a.elementtype = '".$db->escape($elementtype)."'";
$sql .= " AND a.fk_element = ".((int) $fk_element)." AND a.elementtype = '".$db->escape($elementtype)."'";
}
}
if (!empty($filter)) {

6
htdocs/comm/action/class/api_agendaevents.class.php
View File

@ -147,14 +147,14 @@ class AgendaEvents extends DolibarrApi
}
}
if ($user_ids) {
$sql .= " AND t.fk_user_action IN (".$user_ids.")";
$sql .= " AND t.fk_user_action IN (".$this->db->sanitize($user_ids).")";
}
if ($socid > 0) {
$sql .= " AND t.fk_soc = ".$socid;
$sql .= " AND t.fk_soc = ".((int) $socid);
}
// Insert sale filter
if ($search_sale > 0) {
$sql .= " AND sc.fk_user = ".$search_sale;
$sql .= " AND sc.fk_user = ".((int) $search_sale);
}
// Add sql filters
if ($sqlfilters) {

12
htdocs/comm/action/index.php
View File

@ -115,8 +115,8 @@ if ($dateselect > 0) {
}
// Set actioncode (this code must be same for setting actioncode into peruser, listacton and index)
if (GETPOST('search_actioncode', 'array')) {
$actioncode = GETPOST('search_actioncode', 'array', 3);
if (GETPOST('search_actioncode', 'array:aZ09')) {
$actioncode = GETPOST('search_actioncode', 'array:aZ09', 3);
if (!count($actioncode)) {
$actioncode = '0';
}
@ -669,18 +669,18 @@ if (!empty($actioncode)) {
$sql .= " AND ca.type = 'systemauto'";
} else {
if (is_array($actioncode)) {
$sql .= " AND ca.code IN ('".implode("','", $actioncode)."')";
$sql .= " AND ca.code IN (".$db->sanitize("'".implode("','", $actioncode)."'", 1).")";
} else {
$sql .= " AND ca.code IN ('".implode("','", explode(',', $actioncode))."')";
$sql .= " AND ca.code IN (".$db->sanitize("'".implode("','", explode(',', $actioncode))."'", 1).")";
}
}
}
}
if ($resourceid > 0) {
$sql .= " AND r.element_type = 'action' AND r.element_id = a.id AND r.resource_id = ".$db->escape($resourceid);
$sql .= " AND r.element_type = 'action' AND r.element_id = a.id AND r.resource_id = ".((int) $resourceid);
}
if ($pid) {
$sql .= " AND a.fk_project=".$db->escape($pid);
$sql .= " AND a.fk_project=".((int) $pid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";

16
htdocs/comm/action/list.php
View File

@ -429,31 +429,31 @@ if (!empty($actioncode)) {
$sql .= " AND c.type = 'systemauto'";
} else {
if (is_array($actioncode)) {
$sql .= " AND c.code IN ('".implode("','", $actioncode)."')";
$sql .= " AND c.code IN (".$db->sanitize("'".implode("','", $actioncode)."'", 1).")";
} else {
$sql .= " AND c.code IN ('".implode("','", explode(',', $actioncode))."')";
$sql .= " AND c.code IN (".$db->sanitize("'".implode("','", explode(',', $actioncode))."'", 1).")";
}
}
}
}
if ($resourceid > 0) {
$sql .= " AND r.element_type = 'action' AND r.element_id = a.id AND r.resource_id = ".$db->escape($resourceid);
$sql .= " AND r.element_type = 'action' AND r.element_id = a.id AND r.resource_id = ".((int) $resourceid);
}
if ($pid) {
$sql .= " AND a.fk_project=".$db->escape($pid);
$sql .= " AND a.fk_project=".((int) $pid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
}
if ($socid > 0) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
// We must filter on assignement table
if ($filtert > 0 || $usergroup > 0) {
$sql .= " AND ar.fk_actioncomm = a.id AND ar.element_type='user'";
}
if ($type) {
$sql .= " AND c.id = ".(int) $type;
$sql .= " AND c.id = ".((int) $type);
}
if ($search_status == '0') {
$sql .= " AND a.percent = 0";
@ -486,10 +486,10 @@ if ($search_note) {
if ($filtert > 0 || $usergroup > 0) {
$sql .= " AND (";
if ($filtert > 0) {
$sql .= "(ar.fk_element = ".$filtert." OR (ar.fk_element IS NULL AND a.fk_user_action=".$filtert."))"; // The OR is for backward compatibility
$sql .= "(ar.fk_element = ".((int) $filtert)." OR (ar.fk_element IS NULL AND a.fk_user_action = ".((int) $filtert)."))"; // The OR is for backward compatibility
}
if ($usergroup > 0) {
$sql .= ($filtert > 0 ? " OR " : "")." ugu.fk_usergroup = ".$usergroup;
$sql .= ($filtert > 0 ? " OR " : "")." ugu.fk_usergroup = ".((int) $usergroup);
}
$sql .= ")";
}

10
htdocs/comm/action/pertype.php
View File

@ -540,24 +540,24 @@ if (!empty($actioncode)) {
$sql .= " AND ca.type = 'systemauto'";
} else {
if (is_array($actioncode)) {
$sql .= " AND ca.code IN ('".implode("','", $actioncode)."')";
$sql .= " AND ca.code IN (".$db->sanitize("'".implode("','", $actioncode)."'", 1).")";
} else {
$sql .= " AND ca.code IN ('".implode("','", explode(',', $actioncode))."')";
$sql .= " AND ca.code IN (".$db->sanitize("'".implode("','", explode(',', $actioncode))."'", 1).")";
}
}
}
}
if ($resourceid > 0) {
$sql .= " AND r.element_type = 'action' AND r.element_id = a.id AND r.resource_id = ".$db->escape($resourceid);
$sql .= " AND r.element_type = 'action' AND r.element_id = a.id AND r.resource_id = ".((int) $resourceid);
}
if ($pid) {
$sql .= " AND a.fk_project=".$db->escape($pid);
$sql .= " AND a.fk_project=".((int) $pid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
}
if ($socid > 0) {
$sql .= ' AND a.fk_soc = '.$socid;
$sql .= ' AND a.fk_soc = '.((int) $socid);
}
// We must filter on assignement table
if ($filtert > 0 || $usergroup > 0) {

14
htdocs/comm/action/peruser.php
View File

@ -105,8 +105,8 @@ $type = GETPOST("search_type", 'alpha') ?GETPOST("search_type", 'alpha') : GETPO
$maxprint = ((GETPOST("maxprint", 'int') != '') ?GETPOST("maxprint", 'int') : $conf->global->AGENDA_MAX_EVENTS_DAY_VIEW);
$optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print')
// Set actioncode (this code must be same for setting actioncode into peruser, listacton and index)
if (GETPOST('search_actioncode', 'array')) {
$actioncode = GETPOST('search_actioncode', 'array', 3);
if (GETPOST('search_actioncode', 'array:aZ09')) {
$actioncode = GETPOST('search_actioncode', 'array:aZ09', 3);
if (!count($actioncode)) {
$actioncode = '0';
}
@ -562,24 +562,24 @@ if (!empty($actioncode)) {
$sql .= " AND ca.type = 'systemauto'";
} else {
if (is_array($actioncode)) {
$sql .= " AND ca.code IN ('".implode("','", $actioncode)."')";
$sql .= " AND ca.code IN (".$db->sanitize("'".implode("','", $actioncode)."'", 1).")";
} else {
$sql .= " AND ca.code IN ('".implode("','", explode(',', $actioncode))."')";
$sql .= " AND ca.code IN (".$db->sanitize("'".implode("','", explode(',', $actioncode))."'", 1).")";
}
}
}
}
if ($resourceid > 0) {
$sql .= " AND r.element_type = 'action' AND r.element_id = a.id AND r.resource_id = ".$db->escape($resourceid);
$sql .= " AND r.element_type = 'action' AND r.element_id = a.id AND r.resource_id = ".((int) $resourceid);
}
if ($pid) {
$sql .= " AND a.fk_project=".$db->escape($pid);
$sql .= " AND a.fk_project = ".((int) $pid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
}
if ($socid > 0) {
$sql .= ' AND a.fk_soc = '.$socid;
$sql .= ' AND a.fk_soc = '.((int) $socid);
}
// We must filter on assignement table
if ($filtert > 0 || $usergroup > 0) {

14
htdocs/comm/admin/propal_extrafields.php
View File

@ -86,13 +86,7 @@ if ($action != 'create' && $action != 'edit') {
print "</div>";
}
/* ************************************************************************** */
/* */
/* Creation of an optional field */
/* */
/* ************************************************************************** */
// Creation of an optional field
if ($action == 'create') {
print "<br>";
print load_fiche_titre($langs->trans('NewAttribute'));
@ -100,11 +94,7 @@ if ($action == 'create') {
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition of an optional field */
/* */
/* ************************************************************************** */
// Edition of an optional field
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));

14
htdocs/comm/admin/propaldet_extrafields.php
View File

@ -94,13 +94,7 @@ if ($action != 'create' && $action != 'edit') {
print "</div>";
}
/* ************************************************************************** */
/* */
/* Creation of an optional field */
/* */
/* ************************************************************************** */
// Creation of an optional field
if ($action == 'create') {
print '<br><div id="newattrib"></div>';
print load_fiche_titre($langs->trans('NewAttribute'));
@ -108,11 +102,7 @@ if ($action == 'create') {
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition of an optional field */
/* */
/* ************************************************************************** */
// Edition of an optional field
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));

2
htdocs/comm/contact.php
View File

@ -101,7 +101,7 @@ if ($type == "f") {
$sql .= " AND s.fournisseur = 1";
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
if (dol_strlen($stcomm)) {

2
htdocs/comm/index.php
View File

@ -169,7 +169,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$resql = $db->query($sql);

48
htdocs/comm/mailing/class/advtargetemailing.class.php
View File

@ -559,34 +559,34 @@ class AdvanceTargetingMailing extends CommonObject
$sqlwhere[] = " (t.parent IN (SELECT rowid FROM ".MAIN_DB_PREFIX."societe WHERE (".$str.")))";
}
if (!empty($arrayquery['cust_status']) && count($arrayquery['cust_status']) > 0) {
$sqlwhere[] = " (t.status IN (".implode(',', $arrayquery['cust_status'])."))";
$sqlwhere[] = " (t.status IN (".$this->db->sanitize(implode(',', $arrayquery['cust_status']))."))";
}
if (!empty($arrayquery['cust_typecust']) && count($arrayquery['cust_typecust']) > 0) {
$sqlwhere[] = " (t.client IN (".implode(',', $arrayquery['cust_typecust'])."))";
$sqlwhere[] = " (t.client IN (".$this->db->sanitize(implode(',', $arrayquery['cust_typecust']))."))";
}
if (!empty($arrayquery['cust_comm_status']) && count($arrayquery['cust_comm_status'] > 0)) {
$sqlwhere[] = " (t.fk_stcomm IN (".implode(',', $arrayquery['cust_comm_status'])."))";
$sqlwhere[] = " (t.fk_stcomm IN (".$this->db->sanitize(implode(',', $arrayquery['cust_comm_status']))."))";
}
if (!empty($arrayquery['cust_prospect_status']) && count($arrayquery['cust_prospect_status']) > 0) {
$sqlwhere[] = " (t.fk_prospectlevel IN ('".implode("','", $arrayquery['cust_prospect_status'])."'))";
$sqlwhere[] = " (t.fk_prospectlevel IN (".$this->db->sanitize("'".implode("','", $arrayquery['cust_prospect_status'])."'", 1)."))";
}
if (!empty($arrayquery['cust_typeent']) && count($arrayquery['cust_typeent']) > 0) {
$sqlwhere[] = " (t.fk_typent IN (".implode(',', $arrayquery['cust_typeent'])."))";
$sqlwhere[] = " (t.fk_typent IN (".$this->db->sanitize(implode(',', $arrayquery['cust_typeent']))."))";
}
if (!empty($arrayquery['cust_saleman']) && count($arrayquery['cust_saleman']) > 0) {
$sqlwhere[] = " (saleman.fk_user IN (".implode(',', $arrayquery['cust_saleman'])."))";
$sqlwhere[] = " (saleman.fk_user IN (".$this->db->sanitize(implode(',', $arrayquery['cust_saleman']))."))";
}
if (!empty($arrayquery['cust_country']) && count($arrayquery['cust_country']) > 0) {
$sqlwhere[] = " (t.fk_pays IN (".implode(',', $arrayquery['cust_country'])."))";
$sqlwhere[] = " (t.fk_pays IN (".$this->db->sanitize(implode(',', $arrayquery['cust_country']))."))";
}
if (!empty($arrayquery['cust_effectif_id']) && count($arrayquery['cust_effectif_id']) > 0) {
$sqlwhere[] = " (t.fk_effectif IN (".implode(',', $arrayquery['cust_effectif_id'])."))";
$sqlwhere[] = " (t.fk_effectif IN (".$this->db->sanitize(implode(',', $arrayquery['cust_effectif_id']))."))";
}
if (!empty($arrayquery['cust_categ']) && count($arrayquery['cust_categ']) > 0) {
$sqlwhere[] = " (custcateg.fk_categorie IN (".implode(',', $arrayquery['cust_categ'])."))";
$sqlwhere[] = " (custcateg.fk_categorie IN (".$this->db->sanitize(implode(',', $arrayquery['cust_categ']))."))";
}
if (!empty($arrayquery['cust_language']) && count($arrayquery['cust_language']) > 0) {
$sqlwhere[] = " (t.default_lang IN ('".implode("','", $arrayquery['cust_language'])."'))";
$sqlwhere[] = " (t.default_lang IN (".$this->db->sanitize("'".implode("','", $arrayquery['cust_language'])."'", 1)."))";
}
//Standard Extrafield feature
@ -618,7 +618,7 @@ class AdvanceTargetingMailing extends CommonObject
}
} else {
if (is_array($arrayquery['options_'.$key])) {
$sqlwhere[] = " (te.".$key." IN ('".implode("','", $arrayquery['options_'.$key])."'))";
$sqlwhere[] = " (te.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery['options_'.$key])."'", 1)."))";
} elseif (!empty($arrayquery['options_'.$key])) {
$sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key])."')";
}
@ -703,7 +703,7 @@ class AdvanceTargetingMailing extends CommonObject
$sqlwhere[] = " (t.statut IN (".$this->db->sanitize($this->db->escape(implode(',', $arrayquery['contact_status'])))."))";
}
if (!empty($arrayquery['contact_civility']) && count($arrayquery['contact_civility']) > 0) {
$sqlwhere[] = " (t.civility IN ('".$this->db->sanitize($this->db->escape(implode("','", $arrayquery['contact_civility'])))."'))";
$sqlwhere[] = " (t.civility IN (".$this->db->sanitize("'".implode("','", $arrayquery['contact_civility'])."'", 1)."))";
}
if ($arrayquery['contact_no_email'] != '') {
$tmpwhere = '';
@ -762,7 +762,7 @@ class AdvanceTargetingMailing extends CommonObject
}
} else {
if (is_array($arrayquery['options_'.$key.'_cnct'])) {
$sqlwhere[] = " (te.".$key." IN ('".implode("','", $arrayquery['options_'.$key.'_cnct'])."'))";
$sqlwhere[] = " (te.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery['options_'.$key.'_cnct'])."'", 1)."))";
} elseif (!empty($arrayquery['options_'.$key.'_cnct'])) {
$sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key.'_cnct'])."')";
}
@ -797,34 +797,34 @@ class AdvanceTargetingMailing extends CommonObject
$sqlwhere[] = " (ts.parent IN (SELECT rowid FROM ".MAIN_DB_PREFIX."societe WHERE (".$str.")))";
}
if (!empty($arrayquery['cust_status']) && count($arrayquery['cust_status']) > 0) {
$sqlwhere[] = " (ts.status IN (".implode(',', $arrayquery['cust_status'])."))";
$sqlwhere[] = " (ts.status IN (".$this->db->sanitize(implode(',', $arrayquery['cust_status']))."))";
}
if (!empty($arrayquery['cust_typecust']) && count($arrayquery['cust_typecust']) > 0) {
$sqlwhere[] = " (ts.client IN (".implode(',', $arrayquery['cust_typecust'])."))";
$sqlwhere[] = " (ts.client IN (".$this->db->sanitize(implode(',', $arrayquery['cust_typecust']))."))";
}
if (!empty($arrayquery['cust_comm_status']) && count($arrayquery['cust_comm_status'] > 0)) {
$sqlwhere[] = " (ts.fk_stcomm IN (".implode(',', $arrayquery['cust_comm_status'])."))";
$sqlwhere[] = " (ts.fk_stcomm IN (".$this->db->sanitize(implode(',', $arrayquery['cust_comm_status']))."))";
}
if (!empty($arrayquery['cust_prospect_status']) && count($arrayquery['cust_prospect_status']) > 0) {
$sqlwhere[] = " (ts.fk_prospectlevel IN ('".implode("','", $arrayquery['cust_prospect_status'])."'))";
$sqlwhere[] = " (ts.fk_prospectlevel IN ('".$this->db->sanitize(implode("','", $arrayquery['cust_prospect_status']))."'))";
}
if (!empty($arrayquery['cust_typeent']) && count($arrayquery['cust_typeent']) > 0) {
$sqlwhere[] = " (ts.fk_typent IN (".implode(',', $arrayquery['cust_typeent'])."))";
$sqlwhere[] = " (ts.fk_typent IN (".$this->db->sanitize(implode(',', $arrayquery['cust_typeent']))."))";
}
if (!empty($arrayquery['cust_saleman']) && count($arrayquery['cust_saleman']) > 0) {
$sqlwhere[] = " (saleman.fk_user IN (".implode(',', $arrayquery['cust_saleman'])."))";
$sqlwhere[] = " (saleman.fk_user IN (".$this->db->sanitize(implode(',', $arrayquery['cust_saleman']))."))";
}
if (!empty($arrayquery['cust_country']) && count($arrayquery['cust_country']) > 0) {
$sqlwhere[] = " (ts.fk_pays IN (".implode(',', $arrayquery['cust_country'])."))";
$sqlwhere[] = " (ts.fk_pays IN (".$this->db->sanitize(implode(',', $arrayquery['cust_country']))."))";
}
if (!empty($arrayquery['cust_effectif_id']) && count($arrayquery['cust_effectif_id']) > 0) {
$sqlwhere[] = " (ts.fk_effectif IN (".implode(',', $arrayquery['cust_effectif_id'])."))";
$sqlwhere[] = " (ts.fk_effectif IN (".$this->db->sanitize(implode(',', $arrayquery['cust_effectif_id']))."))";
}
if (!empty($arrayquery['cust_categ']) && count($arrayquery['cust_categ']) > 0) {
$sqlwhere[] = " (custcateg.fk_categorie IN (".implode(',', $arrayquery['cust_categ'])."))";
$sqlwhere[] = " (custcateg.fk_categorie IN (".$this->db->sanitize(implode(',', $arrayquery['cust_categ']))."))";
}
if (!empty($arrayquery['cust_language']) && count($arrayquery['cust_language']) > 0) {
$sqlwhere[] = " (ts.default_lang IN ('".implode("','", $arrayquery['cust_language'])."'))";
$sqlwhere[] = " (ts.default_lang IN ('".$this->db->sanitize(implode("','", $arrayquery['cust_language']))."'))";
}
//Standard Extrafield feature
@ -860,7 +860,7 @@ class AdvanceTargetingMailing extends CommonObject
}
} else {
if (is_array($arrayquery['options_'.$key])) {
$sqlwhere[] = " (tse.".$key." IN ('".implode("','", $arrayquery['options_'.$key])."'))";
$sqlwhere[] = " (tse.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery['options_'.$key])."'", 1)."))";
} elseif (!empty($arrayquery['options_'.$key])) {
$sqlwhere[] = " (tse.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key])."')";
}

1
htdocs/comm/propal/card.php
View File

@ -300,6 +300,7 @@ if (empty($reshook)) {
}
} elseif ($action == 'setecheance' && $usercancreate) {
$result = $object->set_echeance($user, dol_mktime(12, 0, 0, $_POST['echmonth'], $_POST['echday'], $_POST['echyear']));
$result = $object->generateDocument($model, $outputlangs, $hidedetails, $hidedesc, $hideref);
if ($result < 0) {
dol_print_error($db, $object->error);
}

4
htdocs/comm/propal/class/api_proposals.class.php
View File

@ -181,14 +181,14 @@ class Proposals extends DolibarrApi
$sql .= " AND t.fk_soc = sc.fk_soc";
}
if ($socids) {
$sql .= " AND t.fk_soc IN (".$socids.")";
$sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")";
}
if ($search_sale > 0) {
$sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
}
// Insert sale filter
if ($search_sale > 0) {
$sql .= " AND sc.fk_user = ".$search_sale;
$sql .= " AND sc.fk_user = ".((int) $search_sale);
}
// Add sql filters
if ($sqlfilters) {

4
htdocs/comm/propal/class/propal.class.php
View File

@ -2734,7 +2734,7 @@ class Propal extends CommonObject
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
if ($draft) {
$sql .= " AND p.fk_statut = ".self::STATUS_DRAFT;
@ -2821,7 +2821,7 @@ class Propal extends CommonObject
if (count($linkedInvoices) > 0) {
$sql = "SELECT rowid as facid, ref, total, datef as df, fk_user_author, fk_statut, paye";
$sql .= " FROM ".MAIN_DB_PREFIX."facture";
$sql .= " WHERE rowid IN (".implode(',', $linkedInvoices).")";
$sql .= " WHERE rowid IN (".$this->db->sanitize(implode(',', $linkedInvoices)).")";
dol_syslog(get_class($this)."::InvoiceArrayList", LOG_DEBUG);
$resql = $this->db->query($sql);

4
htdocs/comm/propal/index.php
View File

@ -106,7 +106,7 @@ if ($user->socid) {
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
$sql .= " AND p.fk_statut IN (".implode(" ,", $listofstatus).")";
$sql .= " AND p.fk_statut IN (".$db->sanitize(implode(" ,", $listofstatus)).")";
$sql .= " GROUP BY p.fk_statut";
$resql = $db->query($sql);
if ($resql) {
@ -372,7 +372,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " ORDER BY p.rowid DESC";

2
htdocs/comm/propal/list.php
View File

@ -565,7 +565,7 @@ if ($socid > 0) {
$sql .= ' AND s.rowid = '.$socid;
}
if ($search_status != '' && $search_status != '-1') {
$sql .= ' AND p.fk_statut IN ('.$db->sanitize($db->escape($search_status)).')';
$sql .= ' AND p.fk_statut IN ('.$db->sanitize($search_status).')';
}
if ($search_date_start) {
$sql .= " AND p.datep >= '".$db->idate($search_date_start)."'";

2
htdocs/comm/propal/stats/index.php
View File

@ -103,7 +103,7 @@ dol_mkdir($dir);
$stats = new PropaleStats($db, $socid, ($userid > 0 ? $userid : 0), $mode, ($typent_id > 0 ? $typent_id : 0), ($categ_id > 0 ? $categ_id : 0));
if ($object_status != '' && $object_status >= 0) {
$stats->where .= ' AND p.fk_statut IN ('.$db->sanitize($db->escape($object_status)).')';
$stats->where .= ' AND p.fk_statut IN ('.$db->sanitize($object_status).')';
}
// Build graphic number of object

4
htdocs/commande/class/api_orders.class.php
View File

@ -184,14 +184,14 @@ class Orders extends DolibarrApi
$sql .= " AND t.fk_soc = sc.fk_soc";
}
if ($socids) {
$sql .= " AND t.fk_soc IN (".$socids.")";
$sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")";
}
if ($search_sale > 0) {
$sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
}
// Insert sale filter
if ($search_sale > 0) {
$sql .= " AND sc.fk_user = ".$search_sale;
$sql .= " AND sc.fk_user = ".((int) $search_sale);
}
// Add sql filters
if ($sqlfilters) {

4
htdocs/commande/class/commande.class.php
View File

@ -2300,8 +2300,8 @@ class Commande extends CommonOrder
if (count($array_of_product)) {
$sql = "SELECT fk_product, sum(ps.reel) as total";
$sql .= " FROM ".MAIN_DB_PREFIX."product_stock as ps";
$sql .= " WHERE ps.fk_product IN (".join(',', $array_of_product).")";
$sql .= ' GROUP BY fk_product ';
$sql .= " WHERE ps.fk_product IN (".$this->db->sanitize(join(',', $array_of_product)).")";
$sql .= ' GROUP BY fk_product';
$resql = $this->db->query($sql);
if ($resql) {
$num = $this->db->num_rows($resql);

2
htdocs/commande/index.php
View File

@ -209,7 +209,7 @@ if (!empty($conf->commande->enabled)) {
$sql .= " AND c.entity IN (".getEntity('commande').")";
$sql .= " AND c.fk_statut = 0";
if ($socid) {
$sql .= " AND c.fk_soc = ".$socid;
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;

4
htdocs/commande/list.php
View File

@ -426,10 +426,10 @@ if ($search_state) {
$sql .= natural_search("state.nom", $search_state);
}
if ($search_country) {
$sql .= " AND s.fk_pays IN (".$search_country.')';
$sql .= " AND s.fk_pays IN (".$db->sanitize($search_country).')';
}
if ($search_type_thirdparty) {
$sql .= " AND s.fk_typent IN (".$search_type_thirdparty.')';
$sql .= " AND s.fk_typent IN (".$db->sanitize($search_type_thirdparty).')';
}
if ($search_company) {
$sql .= natural_search('s.nom', $search_company);

4
htdocs/commande/stats/index.php
View File

@ -96,12 +96,12 @@ dol_mkdir($dir);
$stats = new CommandeStats($db, $socid, $mode, ($userid > 0 ? $userid : 0), ($typent_id > 0 ? $typent_id : 0), ($categ_id > 0 ? $categ_id : 0));
if ($mode == 'customer') {
if ($object_status != '' && $object_status >= -1) {
$stats->where .= ' AND c.fk_statut IN ('.$db->sanitize($db->escape($object_status)).')';
$stats->where .= ' AND c.fk_statut IN ('.$db->sanitize($object_status).')';
}
}
if ($mode == 'supplier') {
if ($object_status != '' && $object_status >= 0) {
$stats->where .= ' AND c.fk_statut IN ('.$db->sanitize($db->escape($object_status)).')';
$stats->where .= ' AND c.fk_statut IN ('.$db->sanitize($object_status).')';
}
}

72
htdocs/compta/accounting-files.php
View File

@ -34,6 +34,7 @@ if ((array_key_exists('action', $_GET) && $_GET['action'] == 'dl') || (array_key
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
require_once DOL_DOCUMENT_ROOT.'/compta/paiement/class/paiement.class.php';
require_once DOL_DOCUMENT_ROOT.'/salaries/class/paymentsalary.class.php';
@ -56,13 +57,12 @@ $date_start = GETPOST('date_start', 'alpha');
$date_startDay = GETPOST('date_startday', 'int');
$date_startMonth = GETPOST('date_startmonth', 'int');
$date_startYear = GETPOST('date_startyear', 'int');
$date_start = ($date_startDay) ?dol_mktime(0, 0, 0, $date_startMonth, $date_startDay, $date_startYear) : strtotime($date_start);
$date_start = ($date_startDay ? dol_mktime(0, 0, 0, $date_startMonth, $date_startDay, $date_startYear, 'tzuserrel') : dol_stringtotime($date_start));
$date_stop = GETPOST('date_stop', 'alpha');
$date_stopDay = GETPOST('date_stopday', 'int');
$date_stopMonth = GETPOST('date_stopmonth', 'int');
$date_stopYear = GETPOST('date_stopyear', 'int');
//FIXME doldate
$date_stop = ($date_stopDay) ?dol_mktime(23, 59, 59, $date_stopMonth, $date_stopDay, $date_stopYear) : strtotime($date_stop);
$date_stop = ($date_stopDay ? dol_mktime(23, 59, 59, $date_stopMonth, $date_stopDay, $date_stopYear, 'tzuserrel') : dol_stringtotime($date_stop));
$action = GETPOST('action', 'aZ09');
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
@ -126,6 +126,17 @@ if (empty($entity)) {
$error = 0;
$listofchoices = array(
'selectinvoices'=>array('label'=>'Invoices', 'lang'=>'bills', 'enabled' => !empty($conf->facture->enabled), 'perms' => !empty($user->rights->facture->lire)),
'selectsupplierinvoices'=>array('label'=>'BillsSuppliers', 'lang'=>'bills', 'enabled' => !empty($conf->supplier_invoice->enabled), 'perms' => !empty($user->rights->fournisseur->facture->lire)),
'selectexpensereports'=>array('label'=>'ExpenseReports', 'lang'=>'trips', 'enabled' => !empty($conf->expensereport->enabled), 'perms' => !empty($user->rights->expensereport->lire)),
'selectdonations'=>array('label'=>'Donations', 'lang'=>'donation', 'enabled' => !empty($conf->don->enabled), 'perms' => !empty($user->rights->don->lire)),
'selectsocialcontributions'=>array('label'=>'SocialContributions', 'enabled' => !empty($conf->tax->enabled), 'perms' => !empty($user->rights->tax->charges->lire)),
'selectpaymentsofsalaries'=>array('label'=>'SalariesPayments', 'lang'=>'salaries', 'enabled' => !empty($conf->salaries->enabled), 'perms' => !empty($user->rights->salaries->read)),
'selectvariouspayment'=>array('label'=>'VariousPayment', 'enabled' => !empty($conf->banque->enabled), 'perms' => !empty($user->rights->banque->lire)),
'selectloanspayment'=>array('label'=>'PaymentLoan', 'enabled' => !empty($conf->loan->enabled), 'perms' => !empty($user->rights->loan->read)),
);
/*
@ -155,90 +166,90 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$wheretail = " '".$db->idate($date_start)."' AND '".$db->idate($date_stop)."'";
// Customer invoices
if (GETPOST('selectinvoices')) {
if (GETPOST('selectinvoices') && !empty($listofchoices['selectinvoices']['perms'])) {
if (!empty($sql)) {
$sql .= " UNION ALL";
}
$sql .= "SELECT t.rowid as id, t.entity, t.ref, t.paye as paid, t.total as total_ht, t.total_ttc, t.tva as total_vat, t.multicurrency_code as currency, t.fk_soc, t.datef as date, t.date_lim_reglement as date_due, 'Invoice' as item, s.nom as thirdparty_name, s.code_client as thirdparty_code, c.code as country_code, s.tva_intra as vatnum, ".PAY_CREDIT." as sens";
$sql .= " FROM ".MAIN_DB_PREFIX."facture as t LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = t.fk_soc LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON c.rowid = s.fk_pays";
$sql .= " WHERE datef between ".$wheretail;
$sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND t.fk_statut <> ".Facture::STATUS_DRAFT;
}
// Vendor invoices
if (GETPOST('selectsupplierinvoices')) {
if (GETPOST('selectsupplierinvoices') && !empty($listofchoices['selectsupplierinvoices']['perms'])) {
if (!empty($sql)) {
$sql .= " UNION ALL";
}
$sql .= " SELECT t.rowid as id, t.entity, t.ref, t.paye as paid, t.total_ht, t.total_ttc, t.total_tva as total_vat, t.multicurrency_code as currency, t.fk_soc, t.datef as date, t.date_lim_reglement as date_due, 'SupplierInvoice' as item, s.nom as thirdparty_name, s.code_fournisseur as thirdparty_code, c.code as country_code, s.tva_intra as vatnum, ".PAY_DEBIT." as sens";
$sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn as t LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = t.fk_soc LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON c.rowid = s.fk_pays";
$sql .= " WHERE datef between ".$wheretail;
$sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND t.fk_statut <> ".FactureFournisseur::STATUS_DRAFT;
}
// Expense reports
if (GETPOST('selectexpensereports')) {
if (GETPOST('selectexpensereports') && !empty($listofchoices['selectexpensereports']['perms'])) {
if (!empty($sql)) {
$sql .= " UNION ALL";
}
$sql .= " SELECT t.rowid as id, t.entity, t.ref, t.paid, t.total_ht, t.total_ttc, t.total_tva as total_vat, t.multicurrency_code as currency, t.fk_user_author as fk_soc, t.date_fin as date, t.date_fin as date_due, 'ExpenseReport' as item, CONCAT(CONCAT(u.lastname, ' '), u.firstname) as thirdparty_name, '' as thirdparty_code, c.code as country_code, '' as vatnum, ".PAY_DEBIT." as sens";
$sql .= " FROM ".MAIN_DB_PREFIX."expensereport as t LEFT JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid = t.fk_user_author LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON c.rowid = u.fk_country";
$sql .= " WHERE date_fin between ".$wheretail;
$sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND t.fk_statut <> ".ExpenseReport::STATUS_DRAFT;
}
// Donations
if (GETPOST('selectdonations')) {
if (GETPOST('selectdonations') && !empty($listofchoices['selectdonations']['perms'])) {
if (!empty($sql)) {
$sql .= " UNION ALL";
}
$sql .= " SELECT t.rowid as id, t.entity, t.ref, paid, amount as total_ht, amount as total_ttc, 0 as total_vat, '".$db->escape($conf->currency)."' as currency, 0 as fk_soc, t.datedon as date, t.datedon as date_due, 'Donation' as item, t.societe as thirdparty_name, '' as thirdparty_code, c.code as country_code, '' as vatnum, ".PAY_CREDIT." as sens";
$sql .= " FROM ".MAIN_DB_PREFIX."don as t LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON c.rowid = t.fk_country";
$sql .= " WHERE datedon between ".$wheretail;
$sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND t.fk_statut <> ".Don::STATUS_DRAFT;
}
// Payments of salaries
if (GETPOST('selectpaymentsofsalaries')) {
if (GETPOST('selectpaymentsofsalaries') && !empty($listofchoices['selectpaymentsofsalaries']['perms'])) {
if (!empty($sql)) {
$sql .= " UNION ALL";
}
$sql .= " SELECT t.rowid as id, t.entity, t.label as ref, 1 as paid, amount as total_ht, amount as total_ttc, 0 as total_vat, '".$db->escape($conf->currency)."' as currency, t.fk_user as fk_soc, t.datep as date, t.dateep as date_due, 'SalaryPayment' as item, CONCAT(CONCAT(u.lastname, ' '), u.firstname) as thirdparty_name, '' as thirdparty_code, c.code as country_code, '' as vatnum, ".PAY_DEBIT." as sens";
$sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as t LEFT JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid = t.fk_user LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON c.rowid = u.fk_country";
$sql .= " WHERE datep between ".$wheretail;
$sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')';
//$sql.=" AND fk_statut <> ".PaymentSalary::STATUS_DRAFT;
}
// Social contributions
if (GETPOST('selectsocialcontributions')) {
if (GETPOST('selectsocialcontributions') && !empty($listofchoices['selectsocialcontributions']['perms'])) {
if (!empty($sql)) {
$sql .= " UNION ALL";
}
$sql .= " SELECT t.rowid as id, t.entity, t.libelle as ref, t.paye as paid, t.amount as total_ht, t.amount as total_ttc, 0 as total_vat, '".$db->escape($conf->currency)."' as currency, 0 as fk_soc, t.date_ech as date, t.periode as date_due, 'SocialContributions' as item, '' as thirdparty_name, '' as thirdparty_code, '' as country_code, '' as vatnum, ".PAY_DEBIT." as sens";
$sql .= " FROM ".MAIN_DB_PREFIX."chargesociales as t";
$sql .= " WHERE t.date_ech between ".$wheretail;
$sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')';
//$sql.=" AND fk_statut <> ".ChargeSociales::STATUS_DRAFT;
}
// Various payments
if (GETPOST('selectvariouspayment')) {
if (GETPOST('selectvariouspayment') && !empty($listofchoices['selectvariouspayment']['perms'])) {
if (!empty($sql)) {
$sql .= " UNION ALL";
}
$sql .= " SELECT t.rowid as id, t.entity, t.ref, 1 as paid, t.amount as total_ht, t.amount as total_ttc, 0 as total_vat, '".$db->escape($conf->currency)."' as currency, 0 as fk_soc, t.datep as date, t.datep as date_due, 'VariousPayment' as item, '' as thirdparty_name, '' as thirdparty_code, '' as country_code, '' as vatnum, sens";
$sql .= " FROM ".MAIN_DB_PREFIX."payment_various as t";
$sql .= " WHERE datep between ".$wheretail;
$sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')';
}
// Loan payments
if (GETPOST('selectloanspayment')) {
if (GETPOST('selectloanspayment') && !empty($listofchoices['selectloanspayment']['perms'])) {
if (!empty($sql)) {
$sql .= " UNION ALL";
}
$sql .= " SELECT t.rowid as id, l.entity, l.label as ref, 1 as paid, (t.amount_capital+t.amount_insurance+t.amount_interest) as total_ht, (t.amount_capital+t.amount_insurance+t.amount_interest) as total_ttc, 0 as total_vat, '".$db->escape($conf->currency)."' as currency, 0 as fk_soc, t.datep as date, t.datep as date_due, 'LoanPayment' as item, '' as thirdparty_name, '' as thirdparty_code, '' as country_code, '' as vatnum, ".PAY_DEBIT." as sens";
$sql .= " FROM ".MAIN_DB_PREFIX."payment_loan as t LEFT JOIN ".MAIN_DB_PREFIX."loan as l ON l.rowid = t.fk_loan";
$sql .= " WHERE datep between ".$wheretail;
$sql .= " AND l.entity IN (".($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND l.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')';
}
if ($sql) {
@ -539,8 +550,11 @@ print '<input type="hidden" name="token" value="'.newToken().'">';
print '<span class="opacitymedium">'.$langs->trans("ExportAccountingSourceDocHelp", $langs->transnoentitiesnoconv("Accounting"), $langs->transnoentitiesnoconv("Journals")).'</span><br>';
print '<br>';
print $langs->trans("ReportPeriod").': '.$form->selectDate($date_start, 'date_start', 0, 0, 0, "", 1, 1, 0);
print ' - '.$form->selectDate($date_stop, 'date_stop', 0, 0, 0, "", 1, 1, 0)."\n";
print $langs->trans("ReportPeriod").': ';
print $form->selectDate($date_start, 'date_start', 0, 0, 0, "", 1, 1, 0, '', '', '', '', 1, '', '', 'tzuserrel');
print ' - ';
print $form->selectDate($date_stop, 'date_stop', 0, 0, 0, "", 1, 1, 0, '', '', '', '', 1, '', '', 'tzuserrel');
print "\n";
// Export is for current company only
if (!empty($conf->multicompany->enabled) && is_object($mc)) {
@ -558,22 +572,16 @@ if (!empty($conf->multicompany->enabled) && is_object($mc)) {
print '<br>';
$listofchoices = array(
'selectinvoices'=>array('label'=>'Invoices', 'lang'=>'bills', 'enabled' => !empty($conf->facture->enabled)),
'selectsupplierinvoices'=>array('label'=>'BillsSuppliers', 'lang'=>'bills', 'enabled' => !empty($conf->supplier_invoice->enabled)),
'selectexpensereports'=>array('label'=>'ExpenseReports', 'lang'=>'trips', 'enabled' => !empty($conf->expensereport->enabled)),
'selectdonations'=>array('label'=>'Donations', 'lang'=>'donation', 'enabled' => !empty($conf->don->enabled)),
'selectsocialcontributions'=>array('label'=>'SocialContributions', 'enabled' => !empty($conf->tax->enabled)),
'selectpaymentsofsalaries'=>array('label'=>'SalariesPayments', 'lang'=>'salaries', 'enabled' => !empty($conf->salaries->enabled)),
'selectvariouspayment'=>array('label'=>'VariousPayment', 'enabled' => !empty($conf->banque->enabled)),
'selectloanspayment'=>array('label'=>'PaymentLoan', 'enabled' => !empty($conf->loan->enabled)),
);
foreach ($listofchoices as $choice => $val) {
if (empty($val['enabled'])) {
continue; // list not qualified
}
$disabled = '';
if (empty($val['perms'])) {
$disabled = ' disabled';
}
$checked = (((!GETPOSTISSET('search') && $action != 'searchfiles') || GETPOST($choice)) ? ' checked="checked"' : '');
print '<div class="paddingleft inline-block marginrightonly"><input type="checkbox" id="'.$choice.'" name="'.$choice.'" value="1"'.$checked.'> <label for="'.$choice.'">'.$langs->trans($val['label']).'</label></div>';
print '<div class="paddingleft inline-block marginrightonly"><input type="checkbox" id="'.$choice.'" name="'.$choice.'" value="1"'.$checked.$disabled.'> <label for="'.$choice.'">'.$langs->trans($val['label']).'</label></div>';
}
print '<input class="button" type="submit" name="search" value="'.$langs->trans("Search").'">';

8
htdocs/compta/bank/account_statement_document.php
View File

@ -79,12 +79,12 @@ $result = restrictedArea($user, 'banque', $object->id, 'bank_account', '', '');
// Define number of receipt to show (current, previous or next one ?)
$found = false;
if ($_GET["rel"] == 'prev') {
if (GETPOST("rel") == 'prev') {
// Recherche valeur pour num = numero releve precedent
$sql = "SELECT DISTINCT(b.num_releve) as num";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE b.num_releve < '".$db->escape($numref)."'";
$sql .= " AND b.fk_account = ".$id;
$sql .= " AND b.fk_account = ".((int) $id);
$sql .= " ORDER BY b.num_releve DESC";
dol_syslog("htdocs/compta/bank/releve.php", LOG_DEBUG);
@ -97,12 +97,12 @@ if ($_GET["rel"] == 'prev') {
$found = true;
}
}
} elseif ($_GET["rel"] == 'next') {
} elseif (GETPOST("rel") == 'next') {
// Recherche valeur pour num = numero releve precedent
$sql = "SELECT DISTINCT(b.num_releve) as num";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE b.num_releve > '".$db->escape($numref)."'";
$sql .= " AND b.fk_account = ".$id;
$sql .= " AND b.fk_account = ".((int) $id);
$sql .= " ORDER BY b.num_releve ASC";
dol_syslog("htdocs/compta/bank/releve.php", LOG_DEBUG);

6
htdocs/compta/bank/annuel.php
View File

@ -267,7 +267,7 @@ if ($result < 0) {
$sql .= " WHERE b.fk_account = ba.rowid";
$sql .= " AND ba.entity IN (".getEntity('bank_account').")";
if ($id && $_GET["option"] != 'all') {
$sql .= " AND b.fk_account IN (".$id.")";
$sql .= " AND b.fk_account IN (".$db->sanitize($id).")";
}
$resql = $db->query($sql);
@ -299,7 +299,7 @@ if ($result < 0) {
$sql .= " AND b.datev <= '".($year - $annee)."-12-31 23:59:59'";
$sql .= " AND b.amount > 0";
if ($id && $_GET["option"] != 'all') {
$sql .= " AND b.fk_account IN (".$id.")";
$sql .= " AND b.fk_account IN (".$db->sanitize($id).")";
}
$sql .= " GROUP BY date_format(b.datev,'%m');";
@ -381,7 +381,7 @@ if ($result < 0) {
$sql .= " AND b.datev <= '".($year - $annee)."-12-31 23:59:59'";
$sql .= " AND b.amount < 0";
if ($id && $_GET["option"] != 'all') {
$sql .= " AND b.fk_account IN (".$id.")";
$sql .= " AND b.fk_account IN (".$db->sanitize($id).")";
}
$sql .= " GROUP BY date_format(b.datev,'%m');";

Some files were not shown because too many files have changed in this diff Show More