lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'develop' of https://github.com/Dolibarr/dolibarr into develop-api

Browse Source
This commit is contained in:
Neil Orley 2017-12-19 12:36:46 +01:00
commit fe8fac9577
33 changed files with 734 additions and 582 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/adherents/document.php
View File

@ -42,10 +42,6 @@ $action=GETPOST('action','alpha');
$confirm=GETPOST('confirm','alpha');
// Security check
if ($user->societe_id > 0)
{
$id = $user->societe_id;
}
$result=restrictedArea($user,'adherent',$id);
// Get parameters

101
htdocs/admin/website.php
View File

@ -26,6 +26,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formadmin.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/website.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php';
require_once DOL_DOCUMENT_ROOT.'/website/class/website.class.php';
@ -116,6 +117,11 @@ $tabfieldcheck[1] = array();
$elementList = array();
$sourceList=array();
/*
* Actions
*/
// Actions add or modify a website
if (GETPOST('actionadd','alpha') || GETPOST('actionmodify','alpha'))
{
@ -128,19 +134,20 @@ if (GETPOST('actionadd','alpha') || GETPOST('actionmodify','alpha'))
$ok=1;
foreach ($listfield as $f => $value)
{
if ((! isset($_POST[$value]) || $_POST[$value]=='')
&& (! in_array($listfield[$f], array('virtualhost')))) // Fields that are not mandatory
{
$ok=0;
$fieldnamekey=$listfield[$f];
setEventMessages($langs->transnoentities("ErrorFieldRequired", $langs->transnoentities($fieldnamekey)), null, 'errors');
}
if ($value == 'ref' && ! preg_match('/^[a-z0-9_\-\.]+$/i', $_POST[$value]))
{
if ($value == 'ref' && (! isset($_POST[$value]) || $_POST[$value]==''))
{
$ok=0;
$fieldnamekey=$listfield[$f];
setEventMessages($langs->transnoentities("ErrorFieldRequired", $langs->transnoentities($fieldnamekey)), null, 'errors');
break;
}
elseif ($value == 'ref' && ! preg_match('/^[a-z0-9_\-\.]+$/i', $_POST[$value]))
{
$ok=0;
$fieldnamekey=$listfield[$f];
$fieldnamekey=$listfield[$f];
setEventMessages($langs->transnoentities("ErrorFieldCanNotContainSpecialCharacters", $langs->transnoentities($fieldnamekey)), null, 'errors');
}
break;
}
}
// Clean parameters
@ -206,29 +213,6 @@ if (GETPOST('actionadd','alpha') || GETPOST('actionmodify','alpha'))
$result = $db->query($sql);
if ($result) // Add is ok
{
global $dolibarr_main_data_root;
$pathofwebsite=$dolibarr_main_data_root.'/website/'.$websitekey;
$filehtmlheader=$pathofwebsite.'/htmlheader.html';
$filecss=$pathofwebsite.'/styles.css.php';
$filetpl=$pathofwebsite.'/page'.$pageid.'.tpl.php';
$fileindex=$pathofwebsite.'/index.php';
// Css file
$csscontent = '<!-- BEGIN DOLIBARR-WEBSITE-ADDED-HEADER -->'."\n";
$csscontent.= '<!-- File generated to wrap the css file - YOU CAN MODIFY DIRECTLY THE FILE styles.css.php. Change affects all pages of website. -->'."\n";
$csscontent.= '<?php '."\n";
$csscontent.= "header('Content-type: text/css');\n";
$csscontent.= "?>"."\n";
$csscontent.= '<!-- END -->'."\n";
$csscontent.= 'body { margin: 0; }'."\n";
dol_syslog("Save file css into ".$filecss);
dol_mkdir($pathofwebsite);
$result = file_put_contents($filecss, $csscontent);
if (! empty($conf->global->MAIN_UMASK))
@chmod($filecss, octdec($conf->global->MAIN_UMASK));
setEventMessages($langs->transnoentities("RecordSaved"), null, 'mesgs');
unset($_POST); // Clean $_POST array, we keep only
}
@ -335,21 +319,36 @@ if ($action == 'confirm_delete' && $confirm == 'yes') // delete
if ($tabrowid[$id]) { $rowidcol=$tabrowid[$id]; }
else { $rowidcol="rowid"; }
$sql = "DELETE from ".MAIN_DB_PREFIX."website_page WHERE fk_website ='".$rowid."'";
$result = $db->query($sql);
$website = new Website($db);
$website->fetch($rowid);
$sql = "DELETE from ".MAIN_DB_PREFIX."website WHERE rowid ='".$rowid."'";
$result = $db->query($sql);
if (! $result)
if ($website->id > 0)
{
if ($db->errno() == 'DB_ERROR_CHILD_EXISTS')
{
setEventMessages($langs->transnoentities("ErrorRecordIsUsedByChild"), null, 'errors');
}
else
{
dol_print_error($db);
}
$sql = "DELETE from ".MAIN_DB_PREFIX."website_page WHERE fk_website ='".$rowid."'";
$result = $db->query($sql);
$sql = "DELETE from ".MAIN_DB_PREFIX."website WHERE rowid ='".$rowid."'";
$result = $db->query($sql);
if (! $result)
{
if ($db->errno() == 'DB_ERROR_CHILD_EXISTS')
{
setEventMessages($langs->transnoentities("ErrorRecordIsUsedByChild"), null, 'errors');
}
else
{
dol_print_error($db);
}
}
if ($website->ref)
{
dol_delete_dir_recursive($conf->website->dir_output.'/'.$website->ref);
}
}
else
{
dol_print_error($db, 'Failed to load website with id '.$rowid);
}
}
@ -618,7 +617,8 @@ if ($id)
}
// Can an entry be erased or disabled ?
$iserasable=1;$isdisable=1; // true by default
$iserasable=1; $isdisable=1; // true by default
if ($obj->status) $iserasable=0; // We can't delete a website on. Disable it first.
$url = $_SERVER["PHP_SELF"].'?'.($page?'page='.$page.'&':'').'sortfield='.$sortfield.'&sortorder='.$sortorder.'&rowid='.(! empty($obj->rowid)?$obj->rowid:(! empty($obj->code)?$obj->code:'')).'&amp;code='.(! empty($obj->code)?urlencode($obj->code):'').'&amp;';
@ -628,12 +628,11 @@ if ($id)
print "</td>";
// Modify link
if ($iserasable) print '<td align="center"><a class="reposition" href="'.$url.'action=edit">'.img_edit().'</a></td>';
else print '<td>&nbsp;</td>';
print '<td align="center"><a class="reposition" href="'.$url.'action=edit">'.img_edit().'</a></td>';
// Delete link
if ($iserasable) print '<td align="center"><a href="'.$url.'action=delete">'.img_delete().'</a></td>';
else print '<td>&nbsp;</td>';
else print '<td align="center">'.img_delete($langs->trans("DisableSiteFirst"), 'class="opacitymedium"').'</td>';
print "</tr>\n";
}

11
htdocs/comm/action/class/actioncomm.class.php
View File

@ -36,8 +36,17 @@ class ActionComm extends CommonObject
public $element='action';
public $table_element = 'actioncomm';
public $table_rowid = 'id';
public $ismultientitymanaged = 1; // 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
public $picto='action';
/**
* 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
* @var int
*/
public $ismultientitymanaged = 1;
/**
* 0=Default, 1=View may be restricted to sales representative only if no permission to see all or to company of external user if external user, 2=Same than 1 but accept record if fksoc is empty
* @var integer
*/
public $restrictiononfksoc = 2;
/**
* Id of the event

11
htdocs/comm/propal/class/propal.class.php
View File

@ -48,8 +48,17 @@ class Propal extends CommonObject
public $table_element='propal';
public $table_element_line='propaldet';
public $fk_element='fk_propal';
public $ismultientitymanaged = 1; // 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
public $picto='propal';
/**
* 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
* @var int
*/
public $ismultientitymanaged = 1;
/**
* 0=Default, 1=View may be restricted to sales representative only if no permission to see all or to company of external user if external user
* @var integer
*/
public $restrictiononfksoc = 1;
/**
* {@inheritdoc}

1
htdocs/commande/card.php
View File

@ -1288,7 +1288,6 @@ if (empty($reshook))
include DOL_DOCUMENT_ROOT.'/core/actions_sendmails.inc.php';
if (! $error && ! empty($conf->global->MAIN_DISABLE_CONTACTS_TAB) && $user->rights->commande->creer)
{
if ($action == 'addcontact')

11
htdocs/commande/class/commande.class.php
View File

@ -46,8 +46,17 @@ class Commande extends CommonOrder
public $table_element_line = 'commandedet';
public $class_element_line = 'OrderLine';
public $fk_element = 'fk_commande';
public $ismultientitymanaged = 1; // 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
public $picto = 'order';
/**
* 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
* @var int
*/
public $ismultientitymanaged = 1;
/**
* 0=Default, 1=View may be restricted to sales representative only if no permission to see all or to company of external user if external user
* @var integer
*/
public $restrictiononfksoc = 1;
/**
* {@inheritdoc}

2
htdocs/compta/facture/card.php
View File

@ -3730,7 +3730,7 @@ else if ($id > 0 || ! empty($ref))
else
{
var revenue_type = parseFloat(valselected);
var amount_net = ".round($object->total_ht , 2).";
var amount_net = ".round($object->total_ht, 2).";
revenue = revenue_type * amount_net / 100;
revenue = revenue.toFixed(2);
}

11
htdocs/compta/facture/class/facture.class.php
View File

@ -52,8 +52,17 @@ class Facture extends CommonInvoice
public $table_element='facture';
public $table_element_line = 'facturedet';
public $fk_element = 'fk_facture';
public $ismultientitymanaged = 1; // 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
public $picto='bill';
/**
* 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
* @var int
*/
public $ismultientitymanaged = 1;
/**
* 0=Default, 1=View may be restricted to sales representative only if no permission to see all or to company of external user if external user
* @var integer
*/
public $restrictiononfksoc = 1;
/**
* {@inheritdoc}

11
htdocs/contrat/class/contrat.class.php
View File

@ -44,8 +44,17 @@ class Contrat extends CommonObject
public $table_element='contrat';
public $table_element_line='contratdet';
public $fk_element='fk_contrat';
public $ismultientitymanaged = 1; // 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
public $picto='contract';
/**
* 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
* @var int
*/
public $ismultientitymanaged = 1;
/**
* 0=Default, 1=View may be restricted to sales representative only if no permission to see all or to company of external user if external user
* @var integer
*/
public $restrictiononfksoc = 1;
/**
* {@inheritdoc}

27
htdocs/core/actions_fetchobject.inc.php
View File

@ -30,16 +30,19 @@
if (($id > 0 || (! empty($ref) && ! in_array($action, array('create', 'createtask', 'add')))) && (empty($cancel) || $id > 0))
{
$ret = $object->fetch($id, $ref);
if ($ret > 0)
{
$object->fetch_thirdparty();
$id = $object->id;
}
else
{
if (empty($object->error) && ! count($object->errors)) setEventMessages('Fetch on object return an error without filling $object->error nor $object->errors', null, 'errors');
else setEventMessages($object->error, $object->errors, 'errors');
$action='';
}
if (($id > 0 && is_numeric($id)) || ! empty($ref)) // To discard case when id is list of ids like '1,2,3...'
{
$ret = $object->fetch($id, $ref);
if ($ret > 0)
{
$object->fetch_thirdparty();
$id = $object->id;
}
else
{
if (empty($object->error) && ! count($object->errors)) setEventMessages('Fetch on object return an error without filling $object->error nor $object->errors', null, 'errors');
else setEventMessages($object->error, $object->errors, 'errors');
$action='';
}
}
}

34
htdocs/core/class/commonobject.class.php
View File

@ -1414,6 +1414,10 @@ abstract class CommonObject
}
if ($fieldid == 'none') return 1;
// Security on socid
$socid = 0;
if ($user->societe_id > 0) $socid = $user->societe_id;
// this->ismultientitymanaged contains
// 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
$alias = 's';
@ -1422,18 +1426,25 @@ abstract class CommonObject
$sql = "SELECT MAX(te.".$fieldid.")";
$sql.= " FROM ".(empty($nodbprefix)?MAIN_DB_PREFIX:'').$this->table_element." as te";
if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 2) $sql.= ", ".MAIN_DB_PREFIX."societe as s"; // If we need to link to societe to limit select to entity
if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 2 && !$user->rights->societe->client->voir) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON ".$alias.".rowid = sc.fk_soc";
else if ($this->restrictiononfksoc == 1 && $this->element != 'societe' && !$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe as s"; // If we need to link to societe to limit select to socid
else if ($this->restrictiononfksoc == 2 && $this->element != 'societe' && !$user->rights->societe->client->voir && !$socid) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON te.fk_soc = s.rowid"; // If we need to link to societe to limit select to socid
if ($this->restrictiononfksoc && !$user->rights->societe->client->voir && !$socid) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON ".$alias.".rowid = sc.fk_soc";
$sql.= " WHERE te.".$fieldid." < '".$this->db->escape($this->ref)."'"; // ->ref must always be defined (set to id if field does not exists)
if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 2 && !$user->rights->societe->client->voir) $sql.= " AND sc.fk_user = " .$user->id;
if ($this->restrictiononfksoc == 1 && !$user->rights->societe->client->voir && !$socid) $sql.= " AND sc.fk_user = " .$user->id;
if ($this->restrictiononfksoc == 2 && !$user->rights->societe->client->voir && !$socid) $sql.= " AND (sc.fk_user = " .$user->id.' OR te.fk_soc IS NULL)';
if (! empty($filter))
{
if (! preg_match('/^\s*AND/i', $filter)) $sql.=" AND "; // For backward compatibility
$sql.=$filter;
}
if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 2) $sql.= ' AND te.fk_soc = s.rowid'; // If we need to link to societe to limit select to entity
if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 1) $sql.= ' AND te.entity IN ('.getEntity($this->element, 1).')';
else if ($this->restrictiononfksoc == 1 && $this->element != 'societe' && !$user->rights->societe->client->voir && !$socid) $sql.= ' AND te.fk_soc = s.rowid'; // If we need to link to societe to limit select to socid
if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 1) $sql.= ' AND te.entity IN ('.getEntity($this->element).')';
if ($this->restrictiononfksoc == 1 && $socid && $this->element != 'societe') $sql.= ' AND te.fk_soc = ' . $socid;
if ($this->restrictiononfksoc == 2 && $socid && $this->element != 'societe') $sql.= ' AND (te.fk_soc = ' . $socid.' OR te.fk_soc IS NULL)';
if ($this->restrictiononfksoc && $socid && $this->element == 'societe') $sql.= ' AND te.rowid = ' . $socid;
//print 'socid='.$socid.' restrictiononfksoc='.$this->restrictiononfksoc.' ismultientitymanaged = '.$this->ismultientitymanaged.' filter = '.$filter.' -> '.$sql."<br>";
//print 'filter = '.$filter.' -> '.$sql."<br>";
$result = $this->db->query($sql);
if (! $result)
{
@ -1447,19 +1458,26 @@ abstract class CommonObject
$sql = "SELECT MIN(te.".$fieldid.")";
$sql.= " FROM ".(empty($nodbprefix)?MAIN_DB_PREFIX:'').$this->table_element." as te";
if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 2) $sql.= ", ".MAIN_DB_PREFIX."societe as s"; // If we need to link to societe to limit select to entity
if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 2 && !$user->rights->societe->client->voir) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON ".$alias.".rowid = sc.fk_soc";
else if ($this->restrictiononfksoc == 1 && $this->element != 'societe' && !$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe as s"; // If we need to link to societe to limit select to socid
else if ($this->restrictiononfksoc == 2 && $this->element != 'societe' && !$user->rights->societe->client->voir && !$socid) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON te.fk_soc = s.rowid"; // If we need to link to societe to limit select to socid
if ($this->restrictiononfksoc && !$user->rights->societe->client->voir && !$socid) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON ".$alias.".rowid = sc.fk_soc";
$sql.= " WHERE te.".$fieldid." > '".$this->db->escape($this->ref)."'"; // ->ref must always be defined (set to id if field does not exists)
if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 2 && !$user->rights->societe->client->voir) $sql.= " AND sc.fk_user = " .$user->id;
if ($this->restrictiononfksoc == 1 && !$user->rights->societe->client->voir && !$socid) $sql.= " AND sc.fk_user = " .$user->id;
if ($this->restrictiononfksoc == 2 && !$user->rights->societe->client->voir && !$socid) $sql.= " AND (sc.fk_user = " .$user->id.' OR te.fk_soc IS NULL)';
if (! empty($filter))
{
if (! preg_match('/^\s*AND/i', $filter)) $sql.=" AND "; // For backward compatibility
$sql.=$filter;
}
if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 2) $sql.= ' AND te.fk_soc = s.rowid'; // If we need to link to societe to limit select to entity
if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 1) $sql.= ' AND te.entity IN ('.getEntity($this->element, 1).')';
else if ($this->restrictiononfksoc == 1 && $this->element != 'societe' && !$user->rights->societe->client->voir && !$socid) $sql.= ' AND te.fk_soc = s.rowid'; // If we need to link to societe to limit select to socid
if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 1) $sql.= ' AND te.entity IN ('.getEntity($this->element).')';
if ($this->restrictiononfksoc == 1 && $socid && $this->element != 'societe') $sql.= ' AND te.fk_soc = ' . $socid;
if ($this->restrictiononfksoc == 2 && $socid && $this->element != 'societe') $sql.= ' AND (te.fk_soc = ' . $socid.' OR te.fk_soc IS NULL)';
if ($this->restrictiononfksoc && $socid && $this->element == 'societe') $sql.= ' AND te.rowid = ' . $socid;
//print 'socid='.$socid.' restrictiononfksoc='.$this->restrictiononfksoc.' ismultientitymanaged = '.$this->ismultientitymanaged.' filter = '.$filter.' -> '.$sql."<br>";
// Rem: Bug in some mysql version: SELECT MIN(rowid) FROM llx_socpeople WHERE rowid > 1 when one row in database with rowid=1, returns 1 instead of null
//print $sql."<br>";
$result = $this->db->query($sql);
if (! $result)
{

6
htdocs/core/class/html.form.class.php
View File

@ -5281,7 +5281,11 @@ class Form
if ($objecttmp->ismultientitymanaged == 2)
if (!$user->rights->societe->client->voir && !$user->societe_id) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE t.entity IN (".getEntity($objecttmp->table_element).")";
if ($objecttmp->ismultientitymanaged == 1 && ! empty($user->societe_id)) $sql.= " AND t.fk_soc = ".$user->societe_id;
if ($objecttmp->ismultientitymanaged == 1 && ! empty($user->societe_id))
{
if ($objecttmp->element == 'societe') $sql.= " AND t.rowid = ".$user->societe_id;
else $sql.= " AND t.fk_soc = ".$user->societe_id;
}
if ($searchkey != '') $sql.=natural_search(explode(',',$fieldstoshow), $searchkey);
if ($objecttmp->ismultientitymanaged == 2)
if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= " AND t.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;

43
htdocs/core/lib/functions.lib.php
View File

@ -37,6 +37,7 @@
include_once DOL_DOCUMENT_ROOT .'/core/lib/json.lib.php';
/**
* Function to return value of a static property when class
* name is dynamically defined (not hard coded).
@ -595,30 +596,34 @@ function GETPOST($paramname, $check='none', $method=0, $filter=NULL, $options=NU
/**
* Return a prefix to use for this Dolibarr instance, for session/cookie names or email id.
* This prefix is unique for instance and avoid conflict between multi-instances,
* even when having two instances with one root dir or two instances in virtual servers.
* This prefix is valid in a web context only and is unique for instance and avoid conflict
* between multi-instances, even when having two instances with one root dir or two instances
* in virtual servers.
*
* @param string $mode '' (prefix for session name) or 'email' (prefix for email id)
* @return string A calculated prefix
* @param string $mode '' (prefix for session name) or 'email' (prefix for email id)
* @return string A calculated prefix
*/
function dol_getprefix($mode='')
if (! function_exists('dol_getprefix'))
{
global $conf;
// If MAIL_PREFIX_FOR_EMAIL_ID is set and prefix is for email
if ($mode == 'email' && ! empty($conf->global->MAIL_PREFIX_FOR_EMAIL_ID))
function dol_getprefix($mode='')
{
if ($conf->global->MAIL_PREFIX_FOR_EMAIL_ID != 'SERVER_NAME') return $conf->global->MAIL_PREFIX_FOR_EMAIL_ID;
else if (isset($_SERVER["SERVER_NAME"])) return $_SERVER["SERVER_NAME"];
}
global $conf;
if (isset($_SERVER["SERVER_NAME"]) && isset($_SERVER["DOCUMENT_ROOT"]))
{
return dol_hash($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"].DOL_DOCUMENT_ROOT.DOL_URL_ROOT);
// Use this for a "clear" cookie name
//return dol_sanitizeFileName($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"].DOL_DOCUMENT_ROOT.DOL_URL_ROOT);
// If MAIL_PREFIX_FOR_EMAIL_ID is set and prefix is for email
if ($mode == 'email' && ! empty($conf->global->MAIL_PREFIX_FOR_EMAIL_ID))
{
if ($conf->global->MAIL_PREFIX_FOR_EMAIL_ID != 'SERVER_NAME') return $conf->global->MAIL_PREFIX_FOR_EMAIL_ID;
else if (isset($_SERVER["SERVER_NAME"])) return $_SERVER["SERVER_NAME"];
}
if (isset($_SERVER["SERVER_NAME"]) && isset($_SERVER["DOCUMENT_ROOT"]))
{
return dol_hash($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"].DOL_DOCUMENT_ROOT.DOL_URL_ROOT);
// Use this for a "readable" cookie name
//return dol_sanitizeFileName($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"].DOL_DOCUMENT_ROOT.DOL_URL_ROOT);
}
else return dol_hash(DOL_DOCUMENT_ROOT.DOL_URL_ROOT);
}
else return dol_hash(DOL_DOCUMENT_ROOT.DOL_URL_ROOT);
}
/**
@ -6568,7 +6573,7 @@ function dol_getmypid()
/**
* Generate natural SQL search string for a criteria (this criteria can be tested on one or several fields)
*
* @param string|string[] $fields String or array of strings, filled with the name of all fields in the SQL query we must check (combined with a OR)
* @param string|string[] $fields String or array of strings, filled with the name of all fields in the SQL query we must check (combined with a OR). Example: array("p.field1","p.field2")
* @param string $value The value to look for.
* If param $mode is 0, can contains several keywords separated with a space or |
* like "keyword1 keyword2" = We want record field like keyword1 AND field like keyword2

70
htdocs/core/lib/security.lib.php
View File

@ -355,14 +355,14 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu
* Check access by user to object.
* This function is also called by restrictedArea
*
* @param User $user User to check
* @param array $featuresarray Features/modules to check. Example: ('user','service','member','project','task',...)
* @param int $objectid Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
* @param string $tableandshare 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity for multicompany modume. Param not used if objectid is null (optional).
* @param string $feature2 Feature to check, second level of permission (optional). Can be or check with 'level1|level2'.
* @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional)
* @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional)
* @return bool True if user has access, False otherwise
* @param User $user User to check
* @param array $featuresarray Features/modules to check. Example: ('user','service','member','project','task',...)
* @param int|string $objectid Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
* @param string $tableandshare 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity for multicompany modume. Param not used if objectid is null (optional).
* @param string $feature2 Feature to check, second level of permission (optional). Can be or check with 'level1|level2'.
* @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional)
* @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional)
* @return bool True if user has access, False otherwise
* @see restrictedArea
*/
function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandshare='', $feature2='', $dbt_keyfield='', $dbt_select='rowid')
@ -379,16 +379,16 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh
$sql='';
// For backward compatibility
if ($feature == 'member') $feature='adherent';
if ($feature == 'member') $feature='adherent';
if ($feature == 'project') $feature='projet';
if ($feature == 'task') $feature='projet_task';
if ($feature == 'task') $feature='projet_task';
$check = array('adherent','banque','user','usergroup','produit','service','produit|service','categorie'); // Test on entity only (Objects with no link to company)
$checksoc = array('societe'); // Test for societe object
$checkother = array('contact','agenda'); // Test on entity and link to third party. Allowed if link is empty (Ex: contacts...).
$checkproject = array('projet','project'); // Test for project object
$checktask = array('projet_task');
$nocheck = array('barcode','stock','fournisseur'); // No test
$nocheck = array('barcode','stock','fournisseur','don'); // No test
$checkdefault = 'all other not already defined'; // Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...).
// If dbtablename not defined, we use same name for table than module name
@ -401,9 +401,9 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh
// Check permission for object with entity
if (in_array($feature,$check))
{
$sql = "SELECT dbt.".$dbt_select;
$sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
$sql.= " WHERE dbt.".$dbt_select." IN (".$objectid.")";
if (($feature == 'user' || $feature == 'usergroup') && ! empty($conf->multicompany->enabled) && $conf->entity == 1 && $user->admin && ! $user->entity)
{
$sql.= " AND dbt.entity IS NOT NULL";
@ -423,10 +423,10 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh
// If internal user: Check permission for internal users that are restricted on their objects
else if (! empty($conf->societe->enabled) && ($user->rights->societe->lire && ! $user->rights->societe->client->voir))
{
$sql = "SELECT sc.fk_soc";
$sql = "SELECT COUNT(sc.fk_soc) as nb";
$sql.= " FROM (".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= ", ".MAIN_DB_PREFIX."societe as s)";
$sql.= " WHERE sc.fk_soc = ".$objectid;
$sql.= " WHERE sc.fk_soc IN (".$objectid.")";
$sql.= " AND sc.fk_user = ".$user->id;
$sql.= " AND sc.fk_soc = s.rowid";
$sql.= " AND s.entity IN (".getEntity($sharedelement, 1).")";
@ -434,9 +434,9 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh
// If multicompany and internal users with all permissions, check user is in correct entity
else if (! empty($conf->multicompany->enabled))
{
$sql = "SELECT s.rowid";
$sql = "SELECT COUNT(s.rowid) as nb";
$sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql.= " WHERE s.rowid = ".$objectid;
$sql.= " WHERE s.rowid IN (".$objectid.")";
$sql.= " AND s.entity IN (".getEntity($sharedelement, 1).")";
}
}
@ -445,27 +445,27 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh
// If external user: Check permission for external users
if ($user->societe_id > 0)
{
$sql = "SELECT dbt.".$dbt_select;
$sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
$sql.= " WHERE dbt.".$dbt_select." IN (".$objectid.")";
$sql.= " AND dbt.fk_soc = ".$user->societe_id;
}
// If internal user: Check permission for internal users that are restricted on their objects
else if (! empty($conf->societe->enabled) && ($user->rights->societe->lire && ! $user->rights->societe->client->voir))
{
$sql = "SELECT dbt.".$dbt_select;
$sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = '".$user->id."'";
$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
$sql.= " WHERE dbt.".$dbt_select." IN (".$objectid.")";
$sql.= " AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)"; // Contact not linked to a company or to a company of user
$sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
}
// If multicompany and internal users with all permissions, check user is in correct entity
else if (! empty($conf->multicompany->enabled))
{
$sql = "SELECT dbt.".$dbt_select;
$sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
$sql.= " WHERE dbt.".$dbt_select." IN (".$objectid.")";
$sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
}
}
@ -481,9 +481,9 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh
}
else
{
$sql = "SELECT dbt.".$dbt_select;
$sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
$sql.= " WHERE dbt.".$dbt_select." IN (".$objectid.")";
$sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
}
}
@ -502,9 +502,9 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh
}
else
{
$sql = "SELECT dbt.".$dbt_select;
$sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
$sql.= " WHERE dbt.".$dbt_select." IN (".$objectid.")";
$sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
}
}
@ -514,20 +514,20 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh
if ($user->societe_id > 0)
{
if (empty($dbt_keyfield)) dol_print_error('','Param dbt_keyfield is required but not defined');
$sql = "SELECT dbt.".$dbt_keyfield;
$sql = "SELECT COUNT(dbt.".$dbt_keyfield.") as nb";
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.rowid = ".$objectid;
$sql.= " WHERE dbt.rowid IN (".$objectid.")";
$sql.= " AND dbt.".$dbt_keyfield." = ".$user->societe_id;
}
// If internal user: Check permission for internal users that are restricted on their objects
else if (! empty($conf->societe->enabled) && ($user->rights->societe->lire && ! $user->rights->societe->client->voir))
{
if (empty($dbt_keyfield)) dol_print_error('','Param dbt_keyfield is required but not defined');
$sql = "SELECT sc.fk_soc";
$sql = "SELECT COUNT(sc.fk_soc) as nb";
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= ", ".MAIN_DB_PREFIX."societe as s";
$sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
$sql.= " WHERE dbt.".$dbt_select." IN (".$objectid.")";
$sql.= " AND sc.fk_soc = dbt.".$dbt_keyfield;
$sql.= " AND dbt.".$dbt_keyfield." = s.rowid";
$sql.= " AND s.entity IN (".getEntity($sharedelement, 1).")";
@ -536,20 +536,20 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh
// If multicompany and internal users with all permissions, check user is in correct entity
else if (! empty($conf->multicompany->enabled))
{
$sql = "SELECT dbt.".$dbt_select;
$sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
$sql.= " WHERE dbt.".$dbt_select." IN (".$objectid.")";
$sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
}
}
//print "sql=".$sql."<br>";
if ($sql)
{
$resql=$db->query($sql);
if ($resql)
{
if ($db->num_rows($resql) == 0) return false;
$obj = $db->fetch_object($resql);
if (! $obj || $obj->nb < count(explode(',', $objectid))) return false;
}
else
{

319
htdocs/core/lib/security2.lib.php
View File

@ -126,179 +126,182 @@ function checkLoginPassEntity($usertotest,$passwordtotest,$entitytotest,$authmod
* @param Societe $mysoc Company object
* @return void
*/
function dol_loginfunction($langs,$conf,$mysoc)
if (! function_exists('dol_loginfunction'))
{
global $dolibarr_main_demo,$db;
global $smartphone,$hookmanager;
// Instantiate hooks of thirdparty module only if not already define
$hookmanager->initHooks(array('mainloginpage'));
$langs->load("main");
$langs->load("other");
$langs->load("help");
$langs->load("admin");
$main_authentication=$conf->file->main_authentication;
$session_name=session_name();
$dol_url_root = DOL_URL_ROOT;
// Title
$appli=constant('DOL_APPLICATION_TITLE');
$title=$appli.' '.constant('DOL_VERSION');
if (! empty($conf->global->MAIN_APPLICATION_TITLE)) $title=$conf->global->MAIN_APPLICATION_TITLE;
$titletruedolibarrversion=constant('DOL_VERSION'); // $title used by login template after the @ to inform of true Dolibarr version
// Note: $conf->css looks like '/theme/eldy/style.css.php'
$conf->css = "/theme/".(GETPOST('theme','alpha')?GETPOST('theme','alpha'):$conf->theme)."/style.css.php";
$themepath=dol_buildpath($conf->css,1);
if (! empty($conf->modules_parts['theme'])) // Using this feature slow down application
function dol_loginfunction($langs,$conf,$mysoc)
{
foreach($conf->modules_parts['theme'] as $reldir)
global $dolibarr_main_demo,$db;
global $smartphone,$hookmanager;
$langs->loadLangs(array("main","other","help","admin"));
// Instantiate hooks of thirdparty module only if not already define
$hookmanager->initHooks(array('mainloginpage'));
$main_authentication=$conf->file->main_authentication;
$session_name=session_name(); // Get current session name
$dol_url_root = DOL_URL_ROOT;
// Title
$appli=constant('DOL_APPLICATION_TITLE');
$title=$appli.' '.constant('DOL_VERSION');
if (! empty($conf->global->MAIN_APPLICATION_TITLE)) $title=$conf->global->MAIN_APPLICATION_TITLE;
$titletruedolibarrversion=constant('DOL_VERSION'); // $title used by login template after the @ to inform of true Dolibarr version
// Note: $conf->css looks like '/theme/eldy/style.css.php'
/*
$conf->css = "/theme/".(GETPOST('theme','alpha')?GETPOST('theme','alpha'):$conf->theme)."/style.css.php";
$themepath=dol_buildpath($conf->css,1);
if (! empty($conf->modules_parts['theme'])) // Using this feature slow down application
{
if (file_exists(dol_buildpath($reldir.$conf->css, 0)))
foreach($conf->modules_parts['theme'] as $reldir)
{
$themepath=dol_buildpath($reldir.$conf->css, 1);
break;
if (file_exists(dol_buildpath($reldir.$conf->css, 0)))
{
$themepath=dol_buildpath($reldir.$conf->css, 1);
break;
}
}
}
}
$conf_css = $themepath."?lang=".$langs->defaultlang;
$conf_css = $themepath."?lang=".$langs->defaultlang;
*/
// Select templates dir
if (! empty($conf->modules_parts['tpl'])) // Using this feature slow down application
{
$dirtpls=array_merge($conf->modules_parts['tpl'],array('/core/tpl/'));
foreach($dirtpls as $reldir)
// Select templates dir
if (! empty($conf->modules_parts['tpl'])) // Using this feature slow down application
{
$tmp=dol_buildpath($reldir.'login.tpl.php');
if (file_exists($tmp)) { $template_dir=preg_replace('/login\.tpl\.php$/','',$tmp); break; }
$dirtpls=array_merge($conf->modules_parts['tpl'],array('/core/tpl/'));
foreach($dirtpls as $reldir)
{
$tmp=dol_buildpath($reldir.'login.tpl.php');
if (file_exists($tmp)) { $template_dir=preg_replace('/login\.tpl\.php$/','',$tmp); break; }
}
}
}
else
{
$template_dir = DOL_DOCUMENT_ROOT."/core/tpl/";
}
// Set cookie for timeout management
$prefix=dol_getprefix();
$sessiontimeout='DOLSESSTIMEOUT_'.$prefix;
if (! empty($conf->global->MAIN_SESSION_TIMEOUT)) setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", null, false, true);
if (GETPOST('urlfrom','alpha')) $_SESSION["urlfrom"]=GETPOST('urlfrom','alpha');
else unset($_SESSION["urlfrom"]);
if (! GETPOST("username",'alpha')) $focus_element='username';
else $focus_element='password';
$demologin='';
$demopassword='';
if (! empty($dolibarr_main_demo))
{
$tab=explode(',',$dolibarr_main_demo);
$demologin=$tab[0];
$demopassword=$tab[1];
}
// Execute hook getLoginPageOptions (for table)
$parameters=array('entity' => GETPOST('entity','int'));
$reshook = $hookmanager->executeHooks('getLoginPageOptions',$parameters); // Note that $action and $object may have been modified by some hooks.
if (is_array($hookmanager->resArray) && ! empty($hookmanager->resArray)) {
$morelogincontent = $hookmanager->resArray; // (deprecated) For compatibility
} else {
$morelogincontent = $hookmanager->resPrint;
}
// Execute hook getLoginPageExtraOptions (eg for js)
$parameters=array('entity' => GETPOST('entity','int'));
$reshook = $hookmanager->executeHooks('getLoginPageExtraOptions',$parameters); // Note that $action and $object may have been modified by some hooks.
$moreloginextracontent = $hookmanager->resPrint;
// Login
$login = (! empty($hookmanager->resArray['username']) ? $hookmanager->resArray['username'] : (GETPOST("username","alpha") ? GETPOST("username","alpha") : $demologin));
$password = $demopassword;
// Show logo (search in order: small company logo, large company logo, theme logo, common logo)
$width=0;
$urllogo=DOL_URL_ROOT.'/theme/login_logo.png';
if (! empty($mysoc->logo_small) && is_readable($conf->mycompany->dir_output.'/logos/thumbs/'.$mysoc->logo_small))
{
$urllogo=DOL_URL_ROOT.'/viewimage.php?cache=1&amp;modulepart=mycompany&amp;file='.urlencode('thumbs/'.$mysoc->logo_small);
}
elseif (! empty($mysoc->logo) && is_readable($conf->mycompany->dir_output.'/logos/'.$mysoc->logo))
{
$urllogo=DOL_URL_ROOT.'/viewimage.php?cache=1&amp;modulepart=mycompany&amp;file='.urlencode($mysoc->logo);
$width=128;
}
elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/img/dolibarr_logo.png'))
{
$urllogo=DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/dolibarr_logo.png';
}
elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/dolibarr_logo.png'))
{
$urllogo=DOL_URL_ROOT.'/theme/dolibarr_logo.png';
}
// Security graphical code
$captcha=0;
$captcha_refresh='';
if (function_exists("imagecreatefrompng") && ! empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA))
{
$captcha=1;
$captcha_refresh=img_picto($langs->trans("Refresh"),'refresh','id="captcha_refresh_img"');
}
// Extra link
$forgetpasslink=0;
$helpcenterlink=0;
if (empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK) || empty($conf->global->MAIN_HELPCENTER_DISABLELINK))
{
if (empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK))
else
{
$forgetpasslink=1;
$template_dir = DOL_DOCUMENT_ROOT."/core/tpl/";
}
if (empty($conf->global->MAIN_HELPCENTER_DISABLELINK))
// Set cookie for timeout management
$prefix=dol_getprefix('');
$sessiontimeout='DOLSESSTIMEOUT_'.$prefix;
if (! empty($conf->global->MAIN_SESSION_TIMEOUT)) setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", null, false, true);
if (GETPOST('urlfrom','alpha')) $_SESSION["urlfrom"]=GETPOST('urlfrom','alpha');
else unset($_SESSION["urlfrom"]);
if (! GETPOST("username",'alpha')) $focus_element='username';
else $focus_element='password';
$demologin='';
$demopassword='';
if (! empty($dolibarr_main_demo))
{
$helpcenterlink=1;
$tab=explode(',',$dolibarr_main_demo);
$demologin=$tab[0];
$demopassword=$tab[1];
}
// Execute hook getLoginPageOptions (for table)
$parameters=array('entity' => GETPOST('entity','int'));
$reshook = $hookmanager->executeHooks('getLoginPageOptions',$parameters); // Note that $action and $object may have been modified by some hooks.
if (is_array($hookmanager->resArray) && ! empty($hookmanager->resArray)) {
$morelogincontent = $hookmanager->resArray; // (deprecated) For compatibility
} else {
$morelogincontent = $hookmanager->resPrint;
}
// Execute hook getLoginPageExtraOptions (eg for js)
$parameters=array('entity' => GETPOST('entity','int'));
$reshook = $hookmanager->executeHooks('getLoginPageExtraOptions',$parameters); // Note that $action and $object may have been modified by some hooks.
$moreloginextracontent = $hookmanager->resPrint;
// Login
$login = (! empty($hookmanager->resArray['username']) ? $hookmanager->resArray['username'] : (GETPOST("username","alpha") ? GETPOST("username","alpha") : $demologin));
$password = $demopassword;
// Show logo (search in order: small company logo, large company logo, theme logo, common logo)
$width=0;
$urllogo=DOL_URL_ROOT.'/theme/login_logo.png';
if (! empty($mysoc->logo_small) && is_readable($conf->mycompany->dir_output.'/logos/thumbs/'.$mysoc->logo_small))
{
$urllogo=DOL_URL_ROOT.'/viewimage.php?cache=1&amp;modulepart=mycompany&amp;file='.urlencode('thumbs/'.$mysoc->logo_small);
}
elseif (! empty($mysoc->logo) && is_readable($conf->mycompany->dir_output.'/logos/'.$mysoc->logo))
{
$urllogo=DOL_URL_ROOT.'/viewimage.php?cache=1&amp;modulepart=mycompany&amp;file='.urlencode($mysoc->logo);
$width=128;
}
elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/img/dolibarr_logo.png'))
{
$urllogo=DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/dolibarr_logo.png';
}
elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/dolibarr_logo.png'))
{
$urllogo=DOL_URL_ROOT.'/theme/dolibarr_logo.png';
}
// Security graphical code
$captcha=0;
$captcha_refresh='';
if (function_exists("imagecreatefrompng") && ! empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA))
{
$captcha=1;
$captcha_refresh=img_picto($langs->trans("Refresh"),'refresh','id="captcha_refresh_img"');
}
// Extra link
$forgetpasslink=0;
$helpcenterlink=0;
if (empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK) || empty($conf->global->MAIN_HELPCENTER_DISABLELINK))
{
if (empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK))
{
$forgetpasslink=1;
}
if (empty($conf->global->MAIN_HELPCENTER_DISABLELINK))
{
$helpcenterlink=1;
}
}
// Home message
$main_home='';
if (! empty($conf->global->MAIN_HOME))
{
$substitutionarray=getCommonSubstitutionArray($langs);
complete_substitutions_array($substitutionarray, $langs);
$texttoshow = make_substitutions($conf->global->MAIN_HOME, $substitutionarray, $langs);
$main_home=dol_htmlcleanlastbr($texttoshow);
}
// Google AD
$main_google_ad_client = ((! empty($conf->global->MAIN_GOOGLE_AD_CLIENT) && ! empty($conf->global->MAIN_GOOGLE_AD_SLOT))?1:0);
// Set jquery theme
$dol_loginmesg = (! empty($_SESSION["dol_loginmesg"])?$_SESSION["dol_loginmesg"]:'');
$favicon=dol_buildpath('/theme/'.$conf->theme.'/img/favicon.ico',1);
if (! empty($conf->global->MAIN_FAVICON_URL)) $favicon=$conf->global->MAIN_FAVICON_URL;
$jquerytheme = 'smoothness';
if (! empty($conf->global->MAIN_USE_JQUERY_THEME)) $jquerytheme = $conf->global->MAIN_USE_JQUERY_THEME;
// Set dol_hide_topmenu, dol_hide_leftmenu, dol_optimize_smallscreen, dol_no_mouse_hover
$dol_hide_topmenu=GETPOST('dol_hide_topmenu','int');
$dol_hide_leftmenu=GETPOST('dol_hide_leftmenu','int');
$dol_optimize_smallscreen=GETPOST('dol_optimize_smallscreen','int');
$dol_no_mouse_hover=GETPOST('dol_no_mouse_hover','int');
$dol_use_jmobile=GETPOST('dol_use_jmobile','int');
// Include login page template
include $template_dir.'login.tpl.php';
$_SESSION["dol_loginmesg"] = '';
}
// Home message
$main_home='';
if (! empty($conf->global->MAIN_HOME))
{
$substitutionarray=getCommonSubstitutionArray($langs);
complete_substitutions_array($substitutionarray, $langs);
$texttoshow = make_substitutions($conf->global->MAIN_HOME, $substitutionarray, $langs);
$main_home=dol_htmlcleanlastbr($texttoshow);
}
// Google AD
$main_google_ad_client = ((! empty($conf->global->MAIN_GOOGLE_AD_CLIENT) && ! empty($conf->global->MAIN_GOOGLE_AD_SLOT))?1:0);
// Set jquery theme
$dol_loginmesg = (! empty($_SESSION["dol_loginmesg"])?$_SESSION["dol_loginmesg"]:'');
$favicon=dol_buildpath('/theme/'.$conf->theme.'/img/favicon.ico',1);
if (! empty($conf->global->MAIN_FAVICON_URL)) $favicon=$conf->global->MAIN_FAVICON_URL;
$jquerytheme = 'smoothness';
if (! empty($conf->global->MAIN_USE_JQUERY_THEME)) $jquerytheme = $conf->global->MAIN_USE_JQUERY_THEME;
// Set dol_hide_topmenu, dol_hide_leftmenu, dol_optimize_smallscreen, dol_no_mouse_hover
$dol_hide_topmenu=GETPOST('dol_hide_topmenu','int');
$dol_hide_leftmenu=GETPOST('dol_hide_leftmenu','int');
$dol_optimize_smallscreen=GETPOST('dol_optimize_smallscreen','int');
$dol_no_mouse_hover=GETPOST('dol_no_mouse_hover','int');
$dol_use_jmobile=GETPOST('dol_use_jmobile','int');
// Include login page template
include $template_dir.'login.tpl.php';
$_SESSION["dol_loginmesg"] = '';
}
/**

234
htdocs/core/lib/website.lib.php
View File

@ -368,6 +368,238 @@ function getAllImages($object, $objectpage, $urltograb, &$tmp, &$action, $modify
$tmp = preg_replace('/'.preg_quote($regs[0][$key],'/').'/i', 'background'.$regs[1][$key].'url("'.DOL_URL_ROOT.'/viewimage.php?modulepart=medias&file='.$filename.'")', $tmp);
}
}
}
/**
* Save content of a page on disk
*
* @param string $filealias Full path of filename to generate
* @param Website $object Object website
* @param WebsitePage $objectpage Object websitepage
* @return boolean True if OK
*/
function dolSavePageAlias($filealias, $object, $objectpage)
{
global $conf;
// Now create the .tpl file (duplicate code with actions updatesource or updatecontent but we need this to save new header)
dol_syslog("We regenerate the alias page filealias=".$filealias);
$aliascontent = '<?php'."\n";
$aliascontent.= "// File generated to wrap the alias page - DO NOT MODIFY - It is just a wrapper to real page\n";
$aliascontent.= 'global $dolibarr_main_data_root;'."\n";
$aliascontent.= 'if (empty($dolibarr_main_data_root)) require \'./page'.$objectpage->id.'.tpl.php\'; ';
$aliascontent.= 'else require $dolibarr_main_data_root.\'/website/\'.$website->ref.\'/page'.$objectpage->id.'.tpl.php\';'."\n";
$aliascontent.= '?>'."\n";
$result = file_put_contents($filealias, $aliascontent);
if (! empty($conf->global->MAIN_UMASK))
@chmod($filealias, octdec($conf->global->MAIN_UMASK));
return ($result?true:false);
}
/**
* Save content of a page on disk
*
* @param string $filetpl Full path of filename to generate
* @param Website $object Object website
* @param WebsitePage $objectpage Object websitepage
* @return boolean True if OK
*/
function dolSavePageContent($filetpl, $object, $objectpage)
{
global $conf;
// Now create the .tpl file (duplicate code with actions updatesource or updatecontent but we need this to save new header)
dol_syslog("We regenerate the tpl page filetpl=".$filetpl);
dol_delete_file($filetpl);
$shortlangcode = '';
if ($objectpage->lang) $shortlangcode=preg_replace('/[_-].*$/', '', $objectpage->lang); // en_US or en-US -> en
$tplcontent ='';
$tplcontent.= "<?php // BEGIN PHP\n";
$tplcontent.= '$websitekey=basename(dirname(__FILE__));'."\n";
$tplcontent.= "if (! defined('USEDOLIBARRSERVER')) { require_once './master.inc.php'; } // Not already loaded"."\n";
$tplcontent.= "require_once DOL_DOCUMENT_ROOT.'/core/lib/website.lib.php';\n";
$tplcontent.= "require_once DOL_DOCUMENT_ROOT.'/core/website.inc.php';\n";
$tplcontent.= "ob_start();\n";
$tplcontent.= "// END PHP ?>\n";
$tplcontent.= '<html'.($shortlangcode ? ' lang="'.$shortlangcode.'"':'').'>'."\n";
$tplcontent.= '<head>'."\n";
$tplcontent.= '<title>'.dol_string_nohtmltag($objectpage->title, 0, 'UTF-8').'</title>'."\n";
$tplcontent.= '<meta charset="UTF-8">'."\n";
$tplcontent.= '<meta http-equiv="content-type" content="text/html; charset=utf-8" />'."\n";
$tplcontent.= '<meta name="robots" content="index, follow" />'."\n";
$tplcontent.= '<meta name="viewport" content="width=device-width, initial-scale=1.0">'."\n";
$tplcontent.= '<meta name="keywords" content="'.dol_string_nohtmltag($objectpage->keywords).'" />'."\n";
$tplcontent.= '<meta name="title" content="'.dol_string_nohtmltag($objectpage->title, 0, 'UTF-8').'" />'."\n";
$tplcontent.= '<meta name="description" content="'.dol_string_nohtmltag($objectpage->description, 0, 'UTF-8').'" />'."\n";
$tplcontent.= '<meta name="generator" content="'.DOL_APPLICATION_TITLE.' '.DOL_VERSION.'" />'."\n";
$tplcontent.= '<!-- Include link to CSS file -->'."\n";
$tplcontent.= '<link rel="stylesheet" href="styles.css.php?websiteid='.$object->id.'" type="text/css" />'."\n";
$tplcontent.= '<!-- Include HTML header from common file -->'."\n";
$tplcontent.= '<?php print file_get_contents(DOL_DATA_ROOT."/website/'.$object->ref.'/htmlheader.html"); ?>'."\n";
$tplcontent.= '<!-- Include HTML header from page inline block -->'."\n";
$tplcontent.= $objectpage->htmlheader."\n";
$tplcontent.= '</head>'."\n";
$tplcontent.= '<!-- File generated by Dolibarr website module editor -->'."\n";
$tplcontent.= '<body id="bodywebsite" class="bodywebsite">'."\n";
$tplcontent.= $objectpage->content."\n";
$tplcontent.= '</body>'."\n";
$tplcontent.= '</html>'."\n";
$tplcontent.= '<?php // BEGIN PHP'."\n";
$tplcontent.= '$tmp = ob_get_contents(); ob_end_clean(); dolWebsiteOutput($tmp);'."\n";
$tplcontent.= "// END PHP ?>"."\n";
//var_dump($filetpl);exit;
$result = file_put_contents($filetpl, $tplcontent);
if (! empty($conf->global->MAIN_UMASK))
@chmod($filetpl, octdec($conf->global->MAIN_UMASK));
return $result;
}
/**
* Save content of a page on disk
*
* @param string $filehtmlheader Full path of filename to generate
* @param string $htmlheadercontent Content of file
* @return boolean True if OK
*/
function dolSaveHtmlHeader($filehtmlheader, $htmlheadercontent)
{
global $conf, $pathofwebsite;
dol_syslog("Save html header into ".$filehtmlheader);
dol_mkdir($pathofwebsite);
$result = file_put_contents($filehtmlheader, $htmlheadercontent);
if (! empty($conf->global->MAIN_UMASK))
@chmod($filehtmlheader, octdec($conf->global->MAIN_UMASK));
if (! $result)
{
setEventMessages('Failed to write file '.$filehtmlheader, null, 'errors');
return false;
}
return true;
}
/**
* Save content of a page on disk
*
* @param string $filecss Full path of filename to generate
* @param string $csscontent Content of file
* @return boolean True if OK
*/
function dolSaveCssFile($filecss, $csscontent)
{
global $conf, $pathofwebsite;
dol_syslog("Save css file into ".$filecss);
dol_mkdir($pathofwebsite);
$result = file_put_contents($filecss, $csscontent);
if (! empty($conf->global->MAIN_UMASK))
@chmod($filecss, octdec($conf->global->MAIN_UMASK));
if (! $result)
{
setEventMessages('Failed to write file '.$filecss, null, 'errors');
return false;
}
return true;
}
/**
* Save content of a page on disk
*
* @param string $filejs Full path of filename to generate
* @param string $jscontent Content of file
* @return boolean True if OK
*/
function dolSaveJsFile($filejs, $jscontent)
{
global $conf, $pathofwebsite;
dol_syslog("Save js file into ".$filejs);
dol_mkdir($pathofwebsite);
$result = file_put_contents($filejs, $jscontent);
if (! empty($conf->global->MAIN_UMASK))
@chmod($filejs, octdec($conf->global->MAIN_UMASK));
if (! $result)
{
setEventMessages('Failed to write file '.$filejs, null, 'errors');
return false;
}
return true;
}
/**
* Save content of a page on disk
*
* @param string $filerobot Full path of filename to generate
* @param string $robotcontent Content of file
* @return boolean True if OK
*/
function dolSaveRobotFile($filerobot, $robotcontent)
{
global $conf, $pathofwebsite;
dol_syslog("Save robot file into ".$filerobot);
dol_mkdir($pathofwebsite);
$result = file_put_contents($filerobot, $robotcontent);
if (! empty($conf->global->MAIN_UMASK))
@chmod($filerobot, octdec($conf->global->MAIN_UMASK));
if (! $result)
{
setEventMessages('Failed to write file '.$filerobot, null, 'errors');
return false;
}
return true;
}
/**
* Save content of a page on disk
*
* @param string $filehtaccess Full path of filename to generate
* @param string $htaccess Content of file
* @return boolean True if OK
*/
function dolSaveHtaccessFile($filehtaccess, $htaccess)
{
global $conf, $pathofwebsite;
dol_syslog("Save htaccess file into ".$filehtaccess);
dol_mkdir($pathofwebsite);
$result = file_put_contents($filehtaccess, $htaccess);
if (! empty($conf->global->MAIN_UMASK))
@chmod($filehtaccess, octdec($conf->global->MAIN_UMASK));
if (! $result)
{
setEventMessages('Failed to write file '.$filehtaccess, null, 'errors');
return false;
}
return true;
}

2
htdocs/core/modules/rapport/pdf_paiement.class.php
View File

@ -218,7 +218,7 @@ class pdf_paiement
if (! empty($conf->banque->enabled))
$sql.= ", ba.ref as bankaccount";
$sql.= ", p.rowid as prowid";
$sql.= " FROM ".MAIN_DB_PREFIX."paiementfourn as p LEFT JOIN ON ".MAIN_DB_PREFIX."c_paiement as c ON p.fk_paiement = c.id AND c.entity IN (".getEntity('c_paiement').")";
$sql.= " FROM ".MAIN_DB_PREFIX."paiementfourn as p LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c ON p.fk_paiement = c.id AND c.entity IN (".getEntity('c_paiement').")";
$sql.= ", ".MAIN_DB_PREFIX."facture_fourn as f,";
$sql.= " ".MAIN_DB_PREFIX."paiementfourn_facturefourn as pf,";
if (! empty($conf->banque->enabled))

1
htdocs/core/tpl/login.tpl.php
View File

@ -46,6 +46,7 @@ $disablenofollow=1;
if (! preg_match('/'.constant('DOL_APPLICATION_TITLE').'/', $title)) $disablenofollow=0;
print top_htmlhead('', $titleofloginpage, 0, 0, $arrayofjs, array(), 0, $disablenofollow);
?>
<!-- BEGIN PHP TEMPLATE LOGIN.TPL.PHP -->

6
htdocs/don/card.php
View File

@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2001-2002 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2015 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004-2017 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2012 Regis Houssin <regis.houssin@capnetworks.com>
* Copyright (C) 2013 Florian Henry <florian.henry@open-concept.pro>
* Copyright (C) 2015-2016 Alexandre Spangaro <aspangaro.dolibarr@gmail.com>
@ -630,8 +630,8 @@ if (! empty($id) && $action != 'edit')
* Payments
*/
$sql = "SELECT p.rowid, p.num_payment, p.datep as dp, p.amount,";
$sql.= "c.code as type_code,c.libelle as paiement_type";
$sql.= " FROM ".MAIN_DB_PREFIX."payment_donation as p LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c AND c.entity IN (".getEntity('c_paiement').")";
$sql.= " c.code as type_code,c.libelle as paiement_type";
$sql.= " FROM ".MAIN_DB_PREFIX."payment_donation as p LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c ON c.entity IN (".getEntity('c_paiement').")";
$sql.= ", ".MAIN_DB_PREFIX."don as d";
$sql.= " WHERE d.rowid = '".$id."'";
$sql.= " AND p.fk_donation = d.rowid";

11
htdocs/fourn/class/fournisseur.commande.class.php
View File

@ -43,8 +43,17 @@ class CommandeFournisseur extends CommonOrder
public $table_element='commande_fournisseur';
public $table_element_line = 'commande_fournisseurdet';
public $fk_element = 'fk_commande';
public $ismultientitymanaged = 1; // 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
public $picto='order';
/**
* 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
* @var int
*/
public $ismultientitymanaged = 1;
/**
* 0=Default, 1=View may be restricted to sales representative only if no permission to see all or to company of external user if external user
* @var integer
*/
public $restrictiononfksoc = 1;
/**
* {@inheritdoc}

11
htdocs/fourn/class/fournisseur.facture.class.php
View File

@ -44,8 +44,17 @@ class FactureFournisseur extends CommonInvoice
public $table_element='facture_fourn';
public $table_element_line='facture_fourn_det';
public $fk_element='fk_facture_fourn';
public $ismultientitymanaged = 1; // 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
public $picto='bill';
/**
* 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
* @var int
*/
public $ismultientitymanaged = 1;
/**
* 0=Default, 1=View may be restricted to sales representative only if no permission to see all or to company of external user if external user
* @var integer
*/
public $restrictiononfksoc = 1;
/**
* {@inheritdoc}

7
htdocs/fourn/facture/rapport.php
View File

@ -85,9 +85,10 @@ if ($action == 'builddoc')
$formother=new FormOther($db);
llxHeader();
$titre=($year?$langs->trans("PaymentsReportsForYear",$year):$langs->trans("PaymentsReports"));
llxHeader('', $titre);
print load_fiche_titre($titre,'','title_accountancy.png');
// Formulaire de generation
@ -152,7 +153,7 @@ if ($year)
{
if (preg_match('/^supplier_payment/i',$file))
{
$tfile = $dir . '/'.$year.'/'.$file;
$relativepath = $year.'/'.$file;
print "<tr ".$bc[$var].">".'<td><a data-ajax="false" href="'.DOL_URL_ROOT . '/document.php?modulepart=facture_fournisseur&amp;file=payments/'.urlencode($relativepath).'">'.img_pdf().' '.$file.'</a></td>';

8
htdocs/langs/en_US/website.lang
View File

@ -5,14 +5,15 @@ DeleteWebsite=Delete website
ConfirmDeleteWebsite=Are you sure you want to delete this web site. All its pages and content will also be removed.
WEBSITE_TYPE_CONTAINER=Type of page/container
WEBSITE_PAGENAME=Page name/alias
HtmlHeaderPage=HTML specific header for page
WEBSITE_CSS_URL=URL of external CSS file
WEBSITE_CSS_INLINE=CSS file content (common to all pages)
WEBSITE_JS_INLINE=Javascript file content (common to all pages)
WEBSITE_HTML_HEADER=Addition at bottom of HTML Header (common to all pages)
WEBSITE_ROBOT=Robot file (robots.txt)
WEBSITE_HTACCESS=Web site .htaccess file
PageNameAliasHelp=Name or alias of the page.<br>This alias is also used to forge a SEO URL when website is ran from a Virtual host of a Web server (like Apacke, Nginx, ...). Use the button "<strong>%s</strong>" to edit this alias.
HtmlHeaderPage=HTML header (specific to this page only)
PageNameAliasHelp=Name or alias of the page.<br>This alias is also used to forge a SEO URL when website is ran from a Virtual host of a Web server (like Apacke, Nginx, ...). Use the button "<strong>%s</strong>" to edit this alias.
EditTheWebSiteForACommonHeader=Note: If you want to define a personalized header for all pages, edit the header on the site level instead of on the page/container.
MediaFiles=Media library
EditCss=Edit Style/CSS or HTML header
EditMenu=Edit menu
@ -59,4 +60,5 @@ BlogPost=Blog post
WebsiteAccount=Web site account
WebsiteAccounts=Web site accounts
AddWebsiteAccount=Create web site account
BackToListOfThirdParty=Back to list for Third Party
BackToListOfThirdParty=Back to list for Third Party
DisableSiteFirst=Disable website first

11
htdocs/main.inc.php
View File

@ -153,7 +153,11 @@ function analyseVarsForSqlAndScriptsInjection(&$var, $type)
// Check consistency of NOREQUIREXXX DEFINES
if ((defined('NOREQUIREDB') || defined('NOREQUIRETRAN')) && ! defined('NOREQUIREMENU')) dol_print_error('','If define NOREQUIREDB or NOREQUIRETRAN are set, you must also set NOREQUIREMENU or not use them');
if ((defined('NOREQUIREDB') || defined('NOREQUIRETRAN')) && ! defined('NOREQUIREMENU'))
{
print 'If define NOREQUIREDB or NOREQUIRETRAN are set, you must also set NOREQUIREMENU or not set them';
exit;
}
// Sanity check on URL
if (! empty($_SERVER["PHP_SELF"]))
@ -204,7 +208,7 @@ if (! empty($_POST["DOL_AUTOSET_COOKIE"]))
}
// Init session. Name of session is specific to Dolibarr instance.
$prefix=dol_getprefix();
$prefix=dol_getprefix('');
$sessionname='DOLSESSID_'.$prefix;
$sessiontimeout='DOLSESSTIMEOUT_'.$prefix;
if (! empty($_COOKIE[$sessiontimeout])) ini_set('session.gc_maxlifetime',$_COOKIE[$sessiontimeout]);
@ -361,7 +365,6 @@ if (! empty($_SESSION["disablemodules"]))
}
}
/*
* Phase authentication / login
*/
@ -479,6 +482,7 @@ if (! defined('NOLOGIN'))
include_once DOL_DOCUMENT_ROOT.'/core/class/translate.class.php';
$langs=new Translate("",$conf);
$langcode=(GETPOST('lang','aZ09',1)?GETPOST('lang','aZ09',1):(empty($conf->global->MAIN_LANG_DEFAULT)?'auto':$conf->global->MAIN_LANG_DEFAULT));
if (defined('MAIN_LANG_DEFAULT')) $langcode=constant('MAIN_LANG_DEFAULT');
$langs->setDefaultLang($langcode);
}
@ -1164,6 +1168,7 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs
}
}
}
//print 'themepath='.$themepath.' themeparam='.$themeparam;exit;
print '<link rel="stylesheet" type="text/css" href="'.$themepath.$themeparam.'">'."\n";
if (! empty($conf->global->MAIN_FIX_FLASH_ON_CHROME)) print '<!-- Includes CSS that does not exists as a workaround of flash bug of chrome -->'."\n".'<link rel="stylesheet" type="text/css" href="filethatdoesnotexiststosolvechromeflashbug">'."\n";

3
htdocs/master.inc.php
View File

@ -235,7 +235,8 @@ if (! defined('NOREQUIREDB') && ! defined('NOREQUIRESOC'))
if (! defined('NOREQUIRETRAN'))
{
$langcode=(GETPOST('lang','aZ09')?GETPOST('lang','aZ09',1):(empty($conf->global->MAIN_LANG_DEFAULT)?'auto':$conf->global->MAIN_LANG_DEFAULT));
$langs->setDefaultLang($langcode);
if (defined('MAIN_LANG_DEFAULT')) $langcode=constant('MAIN_LANG_DEFAULT');
$langs->setDefaultLang($langcode);
}

4
htdocs/projet/class/task.class.php
View File

@ -754,8 +754,8 @@ class Task extends CommonObject
}
if ($socid) $sql.= " AND p.fk_soc = ".$socid;
if ($projectid) $sql.= " AND p.rowid in (".$projectid.")";
if ($filteronproj) $sql.= " AND (p.ref LIKE '%".$this->db->escape($filteronproj)."%' OR p.title LIKE '%".$this->db->escape($filteronproj)."%')";
if ($filteronprojstatus > -1) $sql.= " AND p.fk_statut = ".$filteronprojstatus;
if ($filteronproj) $sql.= natural_search(array("p.ref", "p.title"), $filteronproj);
if ($filteronprojstatus > -1) $sql.= " AND p.fk_statut IN (".$filteronprojstatus.")";
if ($morewherefilter) $sql.=$morewherefilter;
$sql.= " ORDER BY p.ref, t.rang, t.dateo";

17
htdocs/projet/ganttview.php
View File

@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2012 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004-2017 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2012 Regis Houssin <regis.houssin@capnetworks.com>
*
* This program is free software; you can redistribute it and/or modify
@ -32,7 +32,7 @@ require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';
require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php';
$id=GETPOST('id','int');
$id=GETPOST('id','intcomma');
$ref=GETPOST('ref','alpha');
$mode = GETPOST('mode', 'alpha');
@ -46,7 +46,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be inclu
// Security check
$socid=0;
//if ($user->societe_id > 0) $socid = $user->societe_id; // For external user, no check is done on company because readability is managed by public status of project and assignement.
$result = restrictedArea($user, 'projet', $id,'projet&project');
$result = restrictedArea($user, 'projet', $id, 'projet&project');
$langs->load("users");
$langs->load("projects");
@ -80,12 +80,12 @@ if (! empty($conf->use_javascript_ajax))
);
}
$title=$langs->trans("Project").' - '.$langs->trans("Gantt").' - '.$object->ref.' '.$object->name;
if (! empty($conf->global->MAIN_HTML_TITLE) && preg_match('/projectnameonly/',$conf->global->MAIN_HTML_TITLE) && $object->name) $title=$object->ref.' '.$object->name.' - '.$langs->trans("Gantt");
$title=$langs->trans("Project").' - '.$langs->trans("Gantt").($object->ref?' - '.$object->ref.' '.$object->name:'');
if (! empty($conf->global->MAIN_HTML_TITLE) && preg_match('/projectnameonly/',$conf->global->MAIN_HTML_TITLE) && $object->name) $title=($object->ref?$object->ref.' '.$object->name.' - ':'').$langs->trans("Gantt");
$help_url="EN:Module_Projects|FR:Module_Projets|ES:M&oacute;dulo_Proyectos";
llxHeader("",$title,$help_url,'',0,0,$arrayofjs,$arrayofcss);
if ($id > 0 || ! empty($ref))
if (($id > 0 && is_numeric($id)) || ! empty($ref))
{
// To verify role of users
//$userAccess = $object->restrictedProjectArea($user,'read');
@ -93,7 +93,6 @@ if ($id > 0 || ! empty($ref))
//$userDelete = $object->restrictedProjectArea($user,'delete');
//print "userAccess=".$userAccess." userWrite=".$userWrite." userDelete=".$userDelete;
$tab='gantt';
$head=project_prepare_head($object);
@ -195,7 +194,7 @@ if ($id > 0 || ! empty($ref))
* Buttons actions
*/
if ($id > 0)
if ($id > 0 && is_numeric($id))
{
print '<div class="tabsAction">';
@ -229,7 +228,7 @@ else
// Get list of tasks in tasksarray and taskarrayfiltered
// We need all tasks (even not limited to a user because a task to user
// can have a parent that is not affected to him).
$tasksarray=$task->getTasksArray(0, 0, $object->id, $socid, 0);
$tasksarray=$task->getTasksArray(0, 0, ($object->id ? $object->id : $id), $socid, 0);
// We load also tasks limited to a particular user
//$tasksrole=($_REQUEST["mode"]=='mine' ? $task->getUserRolesForProjectsOrTasks(0,$user,$object->id,0) : '');
//var_dump($tasksarray);

5
htdocs/societe/class/societe.class.php
View File

@ -53,6 +53,11 @@ class Societe extends CommonObject
* @var int
*/
public $ismultientitymanaged = 1;
/**
* 0=Default, 1=View may be restricted to sales representative only if no permission to see all or to company of external user if external user
* @var integer
*/
public $restrictiononfksoc = 1;
// BEGIN MODULEBUILDER PROPERTIES

11
htdocs/supplier_proposal/class/supplier_proposal.class.php
View File

@ -48,8 +48,17 @@ class SupplierProposal extends CommonObject
public $table_element='supplier_proposal';
public $table_element_line='supplier_proposaldet';
public $fk_element='fk_supplier_proposal';
public $ismultientitymanaged = 1; // 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
public $picto='propal';
/**
* 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
* @var int
*/
public $ismultientitymanaged = 1;
/**
* 0=Default, 1=View may be restricted to sales representative only if no permission to see all or to company of external user if external user
* @var integer
*/
public $restrictiononfksoc = 1;
/**
* {@inheritdoc}

2
htdocs/user/logout.php
View File

@ -63,7 +63,7 @@ if (GETPOST('dol_no_mouse_hover')) $url.=(preg_match('/\?/',$url)?'&':'?')
if (GETPOST('dol_use_jmobile')) $url.=(preg_match('/\?/',$url)?'&':'?').'dol_use_jmobile=1';
// Destroy session
$prefix=dol_getprefix();
$prefix=dol_getprefix('');
$sessionname='DOLSESSID_'.$prefix;
$sessiontimeout='DOLSESSTIMEOUT_'.$prefix;
if (! empty($_COOKIE[$sessiontimeout])) ini_set('session.gc_maxlifetime',$_COOKIE[$sessiontimeout]);

2
htdocs/user/passwordforgotten.php
View File

@ -169,6 +169,7 @@ else
}
// Note: $conf->css looks like '/theme/eldy/style.css.php'
/*
$conf->css = "/theme/".(GETPOST('theme','alpha')?GETPOST('theme','alpha'):$conf->theme)."/style.css.php";
$themepath=dol_buildpath($conf->css,1);
if (! empty($conf->modules_parts['theme'])) // This slow down
@ -183,6 +184,7 @@ if (! empty($conf->modules_parts['theme'])) // This slow down
}
}
$conf_css = $themepath."?lang=".$langs->defaultlang;
*/
$jquerytheme = 'smoothness';
if (! empty($conf->global->MAIN_USE_JQUERY_THEME)) $jquerytheme = $conf->global->MAIN_USE_JQUERY_THEME;

4
htdocs/website/class/website.class.php
View File

@ -107,6 +107,8 @@ class Website extends CommonObject
*/
public function create(User $user, $notrigger = false)
{
global $conf;
dol_syslog(__METHOD__, LOG_DEBUG);
$error = 0;
@ -129,7 +131,7 @@ class Website extends CommonObject
if (empty($this->date_modification)) $this->date_modification = $now;
// Check parameters
// Put here code to add control on parameters values
if (empty($this->entity)) { $this->entity = $conf->entity; }
// Insert request
$sql = 'INSERT INTO ' . MAIN_DB_PREFIX . $this->table_element . '(';

315
htdocs/website/index.php
View File

@ -605,7 +605,7 @@ if ($action == 'addcontainer')
if (! dol_is_file($filehtmlheader))
{
$htmlheadercontent = "<!-- HTML header content (common for all pages) -->";
$htmlheadercontent = "<html>\n<!-- HTML header content (common for all pages) -->\n</html>";
$result=dolSaveHtmlHeader($filehtmlheader, $htmlheadercontent);
}
@ -1616,7 +1616,7 @@ $head = array();
/*
* Edit mode
* Edit Site HTML header of CSS
*/
if ($action == 'editcss')
@ -1624,28 +1624,53 @@ if ($action == 'editcss')
print '<div class="fiche">';
print '<br>';
$csscontent = @file_get_contents($filecss);
// Clean the php css file to remove php code and get only css part
$csscontent = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP \?>\n*/ims', '', $csscontent);
$csscontent.= GETPOST('WEBSITE_CSS_INLINE');
if (GETPOST('editcss','alpha') || GETPOST('refreshpage','alpha'))
{
$csscontent = @file_get_contents($filecss);
// Clean the php css file to remove php code and get only css part
$csscontent = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP \?>\n*/ims', '', $csscontent);
}
else
{
$csscontent = GETPOST('WEBSITE_CSS_INLINE');
}
if (! trim($csscontent)) $csscontent='/* CSS content (all pages) */'."\n".'body.bodywebsite { margin: 0; }';
$jscontent = @file_get_contents($filejs);
// Clean the php js file to remove php code and get only js part
$jscontent = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP \?>\n*/ims', '', $jscontent);
$jscontent.= GETPOST('WEBSITE_JS_INLINE');
if (GETPOST('editcss','alpha') || GETPOST('refreshpage','alpha'))
{
$jscontent = @file_get_contents($filejs);
// Clean the php js file to remove php code and get only js part
$jscontent = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP \?>\n*/ims', '', $jscontent);
}
else
{
$jscontent = GETPOST('WEBSITE_JS_INLINE');
}
if (! trim($jscontent)) $jscontent='/* JS content (all pages) */'."\n";
$htmlheader = @file_get_contents($filehtmlheader);
// Clean the php htmlheader file to remove php code and get only html part
$htmlheader = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP \?>\n*/ims', '', $htmlheader);
if (! trim($htmlheader)) $htmlheader='<!-- HTML header content (common for all pages) -->';
if (GETPOST('editcss','alpha') || GETPOST('refreshpage','alpha'))
{
$htmlheader = @file_get_contents($filehtmlheader);
// Clean the php htmlheader file to remove php code and get only html part
$htmlheader = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP \?>\n*/ims', '', $htmlheader);
}
else
{
$htmlheader = GETPOST('WEBSITE_HTML_HEADER');
}
if (! trim($htmlheader)) $htmlheader="<html>\n<!-- HTML header content (common for all pages) -->\n</html>";
else $htmlheader='<html>'."\n".trim($htmlheader)."\n".'</html>';
$robotcontent = @file_get_contents($filerobot);
// Clean the php htmlheader file to remove php code and get only html part
$robotcontent = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP \?>\n*/ims', '', $robotcontent);
if (GETPOST('editcss','alpha') || GETPOST('refreshpage','alpha'))
{
$robotcontent = @file_get_contents($filerobot);
// Clean the php htmlheader file to remove php code and get only html part
$robotcontent = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP \?>\n*/ims', '', $robotcontent);
}
else
{
$robotcontent = GETPOST('WEBSITE_ROBOT');
}
if (! trim($robotcontent))
{
$robotcontent.="# Robot file. Generated with ".DOL_APPLICATION_TITLE."\n";
@ -1654,9 +1679,16 @@ if ($action == 'editcss')
$robotcontent.="Disallow: /administrator/\n";
}
$htaccesscontent = @file_get_contents($filehtaccess);
// Clean the php htaccesscontent file to remove php code and get only html part
$htaccesscontent = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP \?>\n*/ims', '', $htaccesscontent);
if (GETPOST('editcss','alpha') || GETPOST('refreshpage','alpha'))
{
$htaccesscontent = @file_get_contents($filehtaccess);
// Clean the php htaccesscontent file to remove php code and get only html part
$htaccesscontent = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP \?>\n*/ims', '', $htaccesscontent);
}
else
{
$htaccesscontent = GETPOST('WEBSITE_HTACCESS');
}
if (! trim($htaccesscontent))
{
$htaccesscontent.="# Order allow,deny\n";
@ -1926,7 +1958,12 @@ if ($action == 'editmeta' || $action == 'createcontainer')
print '</td></tr>';
print '<tr><td class="tdhtmlheader tdtop">';
print $langs->trans('HtmlHeaderPage');
$htmlhelp=$langs->trans("EditTheWebSiteForACommonHeader").'<br><br>';
$htmlhelp.=$langs->trans("Example").' :<br>';
$htmlhelp.='&lt;script src="https://code.jquery.com/jquery-3.2.1.min.js" integrity="sha256-hwg4gsxgFZhOsEEamdOYGBf13FyQuiTwlAQgxVSNgt4=" crossorigin="anonymous" &gt;&lt;/script&gt;<br>';
$htmlhelp.='&lt;script src="https://code.jquery.com/ui/1.12.1/jquery-ui.js" integrity="sha256-T0Vest3yCU7pafRw9r+settMBX6JkKN06dqBnpQ8d30=" crossorigin="anonymous" &gt;&lt;/script&gt;<br>';
$htmlhelp.='&lt;link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" /&gt;<br>';
print $form->textwithpicto($langs->trans('HtmlHeaderPage'), $htmlhelp, 1, 'help', '', 0, 2, 'htmlheadertooltip');
print '</td><td>';
$doleditor=new DolEditor('htmlheader', $pagehtmlheader, '', '220', 'ace', 'In', true, false, 'ace', 0, '100%', '');
print $doleditor->Create(1, '', true, 'HTML Header', 'html');
@ -2101,237 +2138,3 @@ if ($action == 'preview' || $action == 'createfromclone' || $action == 'createpa
llxFooter();
$db->close();
/**
* Save content of a page on disk
*
* @param string $filealias Full path of filename to generate
* @param Website $object Object website
* @param WebsitePage $objectpage Object websitepage
* @return boolean True if OK
*/
function dolSavePageAlias($filealias, $object, $objectpage)
{
global $conf;
// Now create the .tpl file (duplicate code with actions updatesource or updatecontent but we need this to save new header)
dol_syslog("We regenerate the alias page filealias=".$filealias);
$aliascontent = '<?php'."\n";
$aliascontent.= "// File generated to wrap the alias page - DO NOT MODIFY - It is just a wrapper to real page\n";
$aliascontent.= 'global $dolibarr_main_data_root;'."\n";
$aliascontent.= 'if (empty($dolibarr_main_data_root)) require \'./page'.$objectpage->id.'.tpl.php\'; ';
$aliascontent.= 'else require $dolibarr_main_data_root.\'/website/\'.$website->ref.\'/page'.$objectpage->id.'.tpl.php\';'."\n";
$aliascontent.= '?>'."\n";
$result = file_put_contents($filealias, $aliascontent);
if (! empty($conf->global->MAIN_UMASK))
@chmod($filealias, octdec($conf->global->MAIN_UMASK));
return ($result?true:false);
}
/**
* Save content of a page on disk
*
* @param string $filetpl Full path of filename to generate
* @param Website $object Object website
* @param WebsitePage $objectpage Object websitepage
* @return boolean True if OK
*/
function dolSavePageContent($filetpl, $object, $objectpage)
{
global $conf;
// Now create the .tpl file (duplicate code with actions updatesource or updatecontent but we need this to save new header)
dol_syslog("We regenerate the tpl page filetpl=".$filetpl);
dol_delete_file($filetpl);
$shortlangcode = '';
if ($objectpage->lang) $shortlangcode=preg_replace('/[_-].*$/', '', $objectpage->lang); // en_US or en-US -> en
$tplcontent ='';
$tplcontent.= "<?php // BEGIN PHP\n";
$tplcontent.= '$websitekey=basename(dirname(__FILE__));'."\n";
$tplcontent.= "if (! defined('USEDOLIBARRSERVER')) { require_once './master.inc.php'; } // Not already loaded"."\n";
$tplcontent.= "require_once DOL_DOCUMENT_ROOT.'/core/lib/website.lib.php';\n";
$tplcontent.= "require_once DOL_DOCUMENT_ROOT.'/core/website.inc.php';\n";
$tplcontent.= "ob_start();\n";
$tplcontent.= "// END PHP ?>\n";
$tplcontent.= '<html'.($shortlangcode ? ' lang="'.$shortlangcode.'"':'').'>'."\n";
$tplcontent.= '<head>'."\n";
$tplcontent.= '<title>'.dol_string_nohtmltag($objectpage->title, 0, 'UTF-8').'</title>'."\n";
$tplcontent.= '<meta charset="UTF-8">'."\n";
$tplcontent.= '<meta http-equiv="content-type" content="text/html; charset=utf-8" />'."\n";
$tplcontent.= '<meta name="robots" content="index, follow" />'."\n";
$tplcontent.= '<meta name="viewport" content="width=device-width, initial-scale=1.0">'."\n";
$tplcontent.= '<meta name="keywords" content="'.dol_string_nohtmltag($objectpage->keywords).'" />'."\n";
$tplcontent.= '<meta name="title" content="'.dol_string_nohtmltag($objectpage->title, 0, 'UTF-8').'" />'."\n";
$tplcontent.= '<meta name="description" content="'.dol_string_nohtmltag($objectpage->description, 0, 'UTF-8').'" />'."\n";
$tplcontent.= '<meta name="generator" content="'.DOL_APPLICATION_TITLE.' '.DOL_VERSION.'" />'."\n";
$tplcontent.= '<!-- Include link to CSS file -->'."\n";
$tplcontent.= '<link rel="stylesheet" href="styles.css.php?websiteid='.$object->id.'" type="text/css" />'."\n";
$tplcontent.= '<!-- Include HTML header from common file -->'."\n";
$tplcontent.= '<?php print file_get_contents(DOL_DATA_ROOT."/website/'.$object->ref.'/htmlheader.html"); ?>'."\n";
$tplcontent.= '<!-- Include HTML header from page inline block -->'."\n";
$tplcontent.= $objectpage->htmlheader."\n";
$tplcontent.= '</head>'."\n";
$tplcontent.= '<!-- File generated by Dolibarr website module editor -->'."\n";
$tplcontent.= '<body id="bodywebsite" class="bodywebsite">'."\n";
$tplcontent.= $objectpage->content."\n";
$tplcontent.= '</body>'."\n";
$tplcontent.= '</html>'."\n";
$tplcontent.= '<?php // BEGIN PHP'."\n";
$tplcontent.= '$tmp = ob_get_contents(); ob_end_clean(); dolWebsiteOutput($tmp);'."\n";
$tplcontent.= "// END PHP ?>"."\n";
//var_dump($filetpl);exit;
$result = file_put_contents($filetpl, $tplcontent);
if (! empty($conf->global->MAIN_UMASK))
@chmod($filetpl, octdec($conf->global->MAIN_UMASK));
return $result;
}
/**
* Save content of a page on disk
*
* @param string $filehtmlheader Full path of filename to generate
* @param string $htmlheadercontent Content of file
* @return boolean True if OK
*/
function dolSaveHtmlHeader($filehtmlheader, $htmlheadercontent)
{
global $conf, $pathofwebsite;
dol_syslog("Save html header into ".$filehtmlheader);
dol_mkdir($pathofwebsite);
$result = file_put_contents($filehtmlheader, $htmlheadercontent);
if (! empty($conf->global->MAIN_UMASK))
@chmod($filehtmlheader, octdec($conf->global->MAIN_UMASK));
if (! $result)
{
setEventMessages('Failed to write file '.$filehtmlheader, null, 'errors');
return false;
}
return true;
}
/**
* Save content of a page on disk
*
* @param string $filecss Full path of filename to generate
* @param string $csscontent Content of file
* @return boolean True if OK
*/
function dolSaveCssFile($filecss, $csscontent)
{
global $conf, $pathofwebsite;
dol_syslog("Save html header into ".$filecss);
dol_mkdir($pathofwebsite);
$result = file_put_contents($filecss, $csscontent);
if (! empty($conf->global->MAIN_UMASK))
@chmod($filecss, octdec($conf->global->MAIN_UMASK));
if (! $result)
{
setEventMessages('Failed to write file '.$filecss, null, 'errors');
return false;
}
return true;
}
/**
* Save content of a page on disk
*
* @param string $filejs Full path of filename to generate
* @param string $jscontent Content of file
* @return boolean True if OK
*/
function dolSaveJsFile($filejs, $jscontent)
{
global $conf, $pathofwebsite;
dol_syslog("Save html header into ".$filejs);
dol_mkdir($pathofwebsite);
$result = file_put_contents($filejs, $jscontent);
if (! empty($conf->global->MAIN_UMASK))
@chmod($filejs, octdec($conf->global->MAIN_UMASK));
if (! $result)
{
setEventMessages('Failed to write file '.$filejs, null, 'errors');
return false;
}
return true;
}
/**
* Save content of a page on disk
*
* @param string $filerobot Full path of filename to generate
* @param string $robotcontent Content of file
* @return boolean True if OK
*/
function dolSaveRobotFile($filerobot, $robotcontent)
{
global $conf, $pathofwebsite;
dol_syslog("Save html header into ".$filerobot);
dol_mkdir($pathofwebsite);
$result = file_put_contents($filerobot, $robotcontent);
if (! empty($conf->global->MAIN_UMASK))
@chmod($filerobot, octdec($conf->global->MAIN_UMASK));
if (! $result)
{
setEventMessages('Failed to write file '.$filerobot, null, 'errors');
return false;
}
return true;
}
/**
* Save content of a page on disk
*
* @param string $filehtaccess Full path of filename to generate
* @param string $htaccess Content of file
* @return boolean True if OK
*/
function dolSaveHtaccessFile($filehtaccess, $htaccess)
{
global $conf, $pathofwebsite;
dol_syslog("Save html header into ".$filehtaccess);
dol_mkdir($pathofwebsite);
$result = file_put_contents($filehtaccess, $htaccess);
if (! empty($conf->global->MAIN_UMASK))
@chmod($filehtaccess, octdec($conf->global->MAIN_UMASK));
if (! $result)
{
setEventMessages('Failed to write file '.$filehtaccess, null, 'errors');
return false;
}
return true;
}