diff --git a/htdocs/compta/bank/account.php b/htdocs/compta/bank/account.php index 2a39c68ae91..200257b0be0 100644 --- a/htdocs/compta/bank/account.php +++ b/htdocs/compta/bank/account.php @@ -2,9 +2,9 @@ /* Copyright (C) 2001-2005 Rodolphe Quiedeville * Copyright (C) 2003 Jean-Louis Bergamo * Copyright (C) 2004-2011 Laurent Destailleur - * Copytight (C) 2004 Christophe Combelles - * Copytight (C) 2005-2012 Regis Houssin - * Copytight (C) 2010-2011 Juanjo Menent + * Copyright (C) 2004 Christophe Combelles + * Copyright (C) 2005-2012 Regis Houssin + * Copyright (C) 2010-2011 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/htdocs/compta/bank/ligne.php b/htdocs/compta/bank/ligne.php index f124b035245..41fcf406c8a 100644 --- a/htdocs/compta/bank/ligne.php +++ b/htdocs/compta/bank/ligne.php @@ -3,6 +3,7 @@ * Copyright (C) 2003 Xavier DUTOIT * Copyright (C) 2004-2011 Laurent Destailleur * Copyright (C) 2004 Christophe Combelles + * Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -26,21 +27,25 @@ require("./pre.inc.php"); -if (! $user->rights->banque->lire && ! $user->rights->banque->consolidate) -accessforbidden(); - $langs->load("banks"); $langs->load("compta"); $langs->load("bills"); $langs->load("categories"); if ($conf->adherent->enabled) $langs->load("members"); -$action=GETPOST('action'); -$rowid=GETPOST("rowid"); -$ref=GETPOST("ref"); + +$id = (GETPOST('id','int') ? GETPOST('id','int') : GETPOST('account','int')); +$ref = GETPOST('ref','alpha'); +$action=GETPOST('action','alpha'); +$confirm=GETPOST('confirm','alpha'); +$rowid=GETPOST("rowid",'int'); $orig_account=GETPOST("orig_account"); -$accountid=GETPOST('accountid'); -$confirm=GETPOST('confirm'); + +// Security check +$fieldvalue = (! empty($id) ? $id : (! empty($ref) ? $ref :'')); +$fieldtype = (! empty($ref) ? 'ref' :'rowid'); +if ($user->societe_id) $socid=$user->societe_id; +$result=restrictedArea($user,'banque',$fieldvalue,'bank_account','','',$fieldtype); $form = new Form($db); @@ -48,16 +53,16 @@ $form = new Form($db); * Actions */ -if ($user->rights->banque->consolidate && $_GET["action"] == 'dvnext') +if ($user->rights->banque->consolidate && $action == 'dvnext') { $ac = new Account($db); - $ac->datev_next($_GET["rowid"]); + $ac->datev_next($rowid); } -if ($user->rights->banque->consolidate && $_GET["action"] == 'dvprev') +if ($user->rights->banque->consolidate && $action == 'dvprev') { $ac = new Account($db); - $ac->datev_previous($_GET["rowid"]); + $ac->datev_previous($rowid); } if ($action == 'confirm_delete_categ' && $confirm == "yes" && $user->rights->banque->modifier) @@ -77,7 +82,7 @@ if ($action == 'class') dol_print_error($db); } - $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (lineid, fk_categ) VALUES (".$_GET["rowid"].", ".$_POST["cat1"].")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (lineid, fk_categ) VALUES (".$rowid.", ".$_POST["cat1"].")"; if (! $db->query($sql)) { dol_print_error($db); @@ -86,50 +91,64 @@ if ($action == 'class') if ($action == "update") { - // Avant de modifier la date ou le montant, on controle si ce n'est pas encore rapproche - $conciliated=0; - $sql = "SELECT b.rappro FROM ".MAIN_DB_PREFIX."bank as b WHERE rowid=".$rowid; - $result = $db->query($sql); - if ($result) - { - $objp = $db->fetch_object($result); - $conciliated=$objp->rappro; - } - - $db->begin(); - - $amount = price2num($_POST['amount']); - $dateop = dol_mktime(12,0,0,$_POST["dateomonth"],$_POST["dateoday"],$_POST["dateoyear"]); - $dateval= dol_mktime(12,0,0,$_POST["datevmonth"],$_POST["datevday"],$_POST["datevyear"]); - $sql = "UPDATE ".MAIN_DB_PREFIX."bank"; - $sql.= " SET "; - // Always opened - if (isset($_POST['value'])) $sql.=" fk_type='".$db->escape($_POST['value'])."',"; - if (isset($_POST['num_chq'])) $sql.=" num_chq='".$db->escape($_POST["num_chq"])."',"; - if (isset($_POST['banque'])) $sql.=" banque='".$db->escape($_POST["banque"])."',"; - if (isset($_POST['emetteur'])) $sql.=" emetteur='".$db->escape($_POST["emetteur"])."',"; - // Blocked when conciliated - if (! $conciliated) - { - if (isset($_POST['label'])) $sql.=" label='".$db->escape($_POST["label"])."',"; - if (isset($_POST['amount'])) $sql.=" amount='".$amount."',"; - if (isset($_POST['dateomonth'])) $sql.=" dateo = '".$db->idate($dateop)."',"; - if (isset($_POST['datevmonth'])) $sql.=" datev = '".$db->idate($dateval)."',"; - } - $sql.= " fk_account = ".$accountid; - $sql.= " WHERE rowid = ".$rowid; - - $result = $db->query($sql); - if ($result) - { - $mesg=$langs->trans("RecordSaved"); - $db->commit(); - } - else - { - $db->rollback(); - dol_print_error($db); - } + $error=0; + + $ac = new Account($db); + $ac->fetch($id); + + if ($ac->courant == 2 && $_POST['value'] != 'LIQ') + { + $mesg = '
'.$langs->trans("ErrorCashAccountAcceptsOnlyCashMoney").'
'; + $error++; + } + + if (! $error) + { + // Avant de modifier la date ou le montant, on controle si ce n'est pas encore rapproche + $conciliated=0; + $sql = "SELECT b.rappro FROM ".MAIN_DB_PREFIX."bank as b WHERE rowid=".$rowid; + $result = $db->query($sql); + if ($result) + { + $objp = $db->fetch_object($result); + $conciliated=$objp->rappro; + } + + $db->begin(); + + $amount = price2num($_POST['amount']); + $dateop = dol_mktime(12,0,0,$_POST["dateomonth"],$_POST["dateoday"],$_POST["dateoyear"]); + $dateval= dol_mktime(12,0,0,$_POST["datevmonth"],$_POST["datevday"],$_POST["datevyear"]); + $sql = "UPDATE ".MAIN_DB_PREFIX."bank"; + $sql.= " SET "; + // Always opened + if (isset($_POST['value'])) $sql.=" fk_type='".$db->escape($_POST['value'])."',"; + if (isset($_POST['num_chq'])) $sql.=" num_chq='".$db->escape($_POST["num_chq"])."',"; + if (isset($_POST['banque'])) $sql.=" banque='".$db->escape($_POST["banque"])."',"; + if (isset($_POST['emetteur'])) $sql.=" emetteur='".$db->escape($_POST["emetteur"])."',"; + // Blocked when conciliated + if (! $conciliated) + { + if (isset($_POST['label'])) $sql.=" label='".$db->escape($_POST["label"])."',"; + if (isset($_POST['amount'])) $sql.=" amount='".$amount."',"; + if (isset($_POST['dateomonth'])) $sql.=" dateo = '".$db->idate($dateop)."',"; + if (isset($_POST['datevmonth'])) $sql.=" datev = '".$db->idate($dateval)."',"; + } + $sql.= " fk_account = ".$id; + $sql.= " WHERE rowid = ".$rowid; + + $result = $db->query($sql); + if ($result) + { + $mesg=$langs->trans("RecordSaved"); + $db->commit(); + } + else + { + $db->rollback(); + dol_print_error($db); + } + } } // Reconcile @@ -202,12 +221,12 @@ $var=False; $h=0; -$head[$h][0] = DOL_URL_ROOT.'/compta/bank/ligne.php?rowid='.$_GET["rowid"]; +$head[$h][0] = $_SERVER['PHP_SELF'].'?rowid='.$rowid; $head[$h][1] = $langs->trans('Card'); $hselected=$h; $h++; -$head[$h][0] = DOL_URL_ROOT.'/compta/bank/info.php?rowid='.$_GET["rowid"]; +$head[$h][0] = DOL_URL_ROOT.'/compta/bank/info.php?rowid='.$rowid; $head[$h][1] = $langs->trans("Info"); $h++; @@ -244,15 +263,15 @@ if ($result) // Confirmations if ($action == 'delete_categ') { - $ret=$form->form_confirm("ligne.php?rowid=".$rowid."&cat1=".GETPOST("fk_categ")."&orig_account=".$orig_account, $langs->trans("RemoveFromRubrique"), $langs->trans("RemoveFromRubriqueConfirm"), "confirm_delete_categ", '', 'yes', 1); + $ret=$form->form_confirm($_SERVER['PHP_SELF']."?rowid=".$rowid."&cat1=".GETPOST("fk_categ")."&orig_account=".$orig_account, $langs->trans("RemoveFromRubrique"), $langs->trans("RemoveFromRubriqueConfirm"), "confirm_delete_categ", '', 'yes', 1); if ($ret == 'html') print '
'; } - print '
'; + print ''; print ''; print ''; print ''; - print ''; + print ''; print ''; @@ -424,9 +443,9 @@ if ($result) if (! $objp->rappro) { print '   '; - print ''; + print ''; print img_edit_remove() . " "; - print ''; + print ''; print img_edit_add() .""; } print ''; @@ -497,10 +516,10 @@ if ($result) { print '
'."\n"; print_fiche_titre($langs->trans("Reconciliation"),'',''); - print "rowid\">"; + print ''; print ''; print ''; - print ""; + print ''; print '
'; @@ -556,12 +575,12 @@ print ''; print '
'; print '
'; -print ""; +print ''; print ''; -print ""; -print ""; -print "'; print ""; print ""; @@ -587,7 +606,7 @@ if ($result) print ""; if ($user->rights->banque->modifier) { - print ""; + print ''; } print ""; @@ -597,7 +616,7 @@ if ($result) } print "
".$langs->trans("Rubriques").""; -print " "; +print ''; +print ''; +print '
'.$langs->trans("Rubriques").''; +print ' '; print '
rowid."\">".$langs->trans("ListBankTransactions")."rowid\">".img_delete($langs->trans("Remove"))."'.img_delete($langs->trans("Remove")).'
"; -$db->close(); - llxFooter(); + +$db->close(); ?>