diff --git a/htdocs/adherents/document.php b/htdocs/adherents/document.php index 59328f24fd5..54e975c2f8c 100644 --- a/htdocs/adherents/document.php +++ b/htdocs/adherents/document.php @@ -42,10 +42,6 @@ $action=GETPOST('action','alpha'); $confirm=GETPOST('confirm','alpha'); // Security check -if ($user->societe_id > 0) -{ - $id = $user->societe_id; -} $result=restrictedArea($user,'adherent',$id); // Get parameters diff --git a/htdocs/admin/website.php b/htdocs/admin/website.php index a6dd48f1947..1ddac653748 100644 --- a/htdocs/admin/website.php +++ b/htdocs/admin/website.php @@ -26,6 +26,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formadmin.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/website.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; require_once DOL_DOCUMENT_ROOT.'/website/class/website.class.php'; @@ -116,6 +117,11 @@ $tabfieldcheck[1] = array(); $elementList = array(); $sourceList=array(); + +/* + * Actions + */ + // Actions add or modify a website if (GETPOST('actionadd','alpha') || GETPOST('actionmodify','alpha')) { @@ -128,19 +134,20 @@ if (GETPOST('actionadd','alpha') || GETPOST('actionmodify','alpha')) $ok=1; foreach ($listfield as $f => $value) { - if ((! isset($_POST[$value]) || $_POST[$value]=='') - && (! in_array($listfield[$f], array('virtualhost')))) // Fields that are not mandatory - { - $ok=0; - $fieldnamekey=$listfield[$f]; - setEventMessages($langs->transnoentities("ErrorFieldRequired", $langs->transnoentities($fieldnamekey)), null, 'errors'); - } - if ($value == 'ref' && ! preg_match('/^[a-z0-9_\-\.]+$/i', $_POST[$value])) - { + if ($value == 'ref' && (! isset($_POST[$value]) || $_POST[$value]=='')) + { + $ok=0; + $fieldnamekey=$listfield[$f]; + setEventMessages($langs->transnoentities("ErrorFieldRequired", $langs->transnoentities($fieldnamekey)), null, 'errors'); + break; + } + elseif ($value == 'ref' && ! preg_match('/^[a-z0-9_\-\.]+$/i', $_POST[$value])) + { $ok=0; - $fieldnamekey=$listfield[$f]; + $fieldnamekey=$listfield[$f]; setEventMessages($langs->transnoentities("ErrorFieldCanNotContainSpecialCharacters", $langs->transnoentities($fieldnamekey)), null, 'errors'); - } + break; + } } // Clean parameters @@ -206,29 +213,6 @@ if (GETPOST('actionadd','alpha') || GETPOST('actionmodify','alpha')) $result = $db->query($sql); if ($result) // Add is ok { - global $dolibarr_main_data_root; - $pathofwebsite=$dolibarr_main_data_root.'/website/'.$websitekey; - $filehtmlheader=$pathofwebsite.'/htmlheader.html'; - $filecss=$pathofwebsite.'/styles.css.php'; - $filetpl=$pathofwebsite.'/page'.$pageid.'.tpl.php'; - $fileindex=$pathofwebsite.'/index.php'; - - // Css file - $csscontent = ''."\n"; - $csscontent.= ''."\n"; - $csscontent.= '"."\n"; - $csscontent.= ''."\n"; - $csscontent.= 'body { margin: 0; }'."\n"; - - dol_syslog("Save file css into ".$filecss); - - dol_mkdir($pathofwebsite); - $result = file_put_contents($filecss, $csscontent); - if (! empty($conf->global->MAIN_UMASK)) - @chmod($filecss, octdec($conf->global->MAIN_UMASK)); - setEventMessages($langs->transnoentities("RecordSaved"), null, 'mesgs'); unset($_POST); // Clean $_POST array, we keep only } @@ -335,21 +319,36 @@ if ($action == 'confirm_delete' && $confirm == 'yes') // delete if ($tabrowid[$id]) { $rowidcol=$tabrowid[$id]; } else { $rowidcol="rowid"; } - $sql = "DELETE from ".MAIN_DB_PREFIX."website_page WHERE fk_website ='".$rowid."'"; - $result = $db->query($sql); + $website = new Website($db); + $website->fetch($rowid); - $sql = "DELETE from ".MAIN_DB_PREFIX."website WHERE rowid ='".$rowid."'"; - $result = $db->query($sql); - if (! $result) + if ($website->id > 0) { - if ($db->errno() == 'DB_ERROR_CHILD_EXISTS') - { - setEventMessages($langs->transnoentities("ErrorRecordIsUsedByChild"), null, 'errors'); - } - else - { - dol_print_error($db); - } + $sql = "DELETE from ".MAIN_DB_PREFIX."website_page WHERE fk_website ='".$rowid."'"; + $result = $db->query($sql); + + $sql = "DELETE from ".MAIN_DB_PREFIX."website WHERE rowid ='".$rowid."'"; + $result = $db->query($sql); + if (! $result) + { + if ($db->errno() == 'DB_ERROR_CHILD_EXISTS') + { + setEventMessages($langs->transnoentities("ErrorRecordIsUsedByChild"), null, 'errors'); + } + else + { + dol_print_error($db); + } + } + + if ($website->ref) + { + dol_delete_dir_recursive($conf->website->dir_output.'/'.$website->ref); + } + } + else + { + dol_print_error($db, 'Failed to load website with id '.$rowid); } } @@ -618,7 +617,8 @@ if ($id) } // Can an entry be erased or disabled ? - $iserasable=1;$isdisable=1; // true by default + $iserasable=1; $isdisable=1; // true by default + if ($obj->status) $iserasable=0; // We can't delete a website on. Disable it first. $url = $_SERVER["PHP_SELF"].'?'.($page?'page='.$page.'&':'').'sortfield='.$sortfield.'&sortorder='.$sortorder.'&rowid='.(! empty($obj->rowid)?$obj->rowid:(! empty($obj->code)?$obj->code:'')).'&code='.(! empty($obj->code)?urlencode($obj->code):'').'&'; @@ -628,12 +628,11 @@ if ($id) print ""; // Modify link - if ($iserasable) print ''.img_edit().''; - else print ' '; + print ''.img_edit().''; // Delete link if ($iserasable) print ''.img_delete().''; - else print ' '; + else print ''.img_delete($langs->trans("DisableSiteFirst"), 'class="opacitymedium"').''; print "\n"; } diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index 39e2f0a98f7..985a50df9ec 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -36,8 +36,17 @@ class ActionComm extends CommonObject public $element='action'; public $table_element = 'actioncomm'; public $table_rowid = 'id'; - public $ismultientitymanaged = 1; // 0=No test on entity, 1=Test with field entity, 2=Test with link by societe public $picto='action'; + /** + * 0=No test on entity, 1=Test with field entity, 2=Test with link by societe + * @var int + */ + public $ismultientitymanaged = 1; + /** + * 0=Default, 1=View may be restricted to sales representative only if no permission to see all or to company of external user if external user, 2=Same than 1 but accept record if fksoc is empty + * @var integer + */ + public $restrictiononfksoc = 2; /** * Id of the event diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index 1b6a98dbdb9..84ad5707fe2 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -48,8 +48,17 @@ class Propal extends CommonObject public $table_element='propal'; public $table_element_line='propaldet'; public $fk_element='fk_propal'; - public $ismultientitymanaged = 1; // 0=No test on entity, 1=Test with field entity, 2=Test with link by societe public $picto='propal'; + /** + * 0=No test on entity, 1=Test with field entity, 2=Test with link by societe + * @var int + */ + public $ismultientitymanaged = 1; + /** + * 0=Default, 1=View may be restricted to sales representative only if no permission to see all or to company of external user if external user + * @var integer + */ + public $restrictiononfksoc = 1; /** * {@inheritdoc} diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index 9474d54b925..63ca86191d3 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -1288,7 +1288,6 @@ if (empty($reshook)) include DOL_DOCUMENT_ROOT.'/core/actions_sendmails.inc.php'; - if (! $error && ! empty($conf->global->MAIN_DISABLE_CONTACTS_TAB) && $user->rights->commande->creer) { if ($action == 'addcontact') diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index 6ebe94c327b..35ead22c32f 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -46,8 +46,17 @@ class Commande extends CommonOrder public $table_element_line = 'commandedet'; public $class_element_line = 'OrderLine'; public $fk_element = 'fk_commande'; - public $ismultientitymanaged = 1; // 0=No test on entity, 1=Test with field entity, 2=Test with link by societe public $picto = 'order'; + /** + * 0=No test on entity, 1=Test with field entity, 2=Test with link by societe + * @var int + */ + public $ismultientitymanaged = 1; + /** + * 0=Default, 1=View may be restricted to sales representative only if no permission to see all or to company of external user if external user + * @var integer + */ + public $restrictiononfksoc = 1; /** * {@inheritdoc} diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 6def698a916..3cccffa2518 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -3730,7 +3730,7 @@ else if ($id > 0 || ! empty($ref)) else { var revenue_type = parseFloat(valselected); - var amount_net = ".round($object->total_ht , 2)."; + var amount_net = ".round($object->total_ht, 2)."; revenue = revenue_type * amount_net / 100; revenue = revenue.toFixed(2); } diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index ac068fb5f6e..0d96236a6ab 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -52,8 +52,17 @@ class Facture extends CommonInvoice public $table_element='facture'; public $table_element_line = 'facturedet'; public $fk_element = 'fk_facture'; - public $ismultientitymanaged = 1; // 0=No test on entity, 1=Test with field entity, 2=Test with link by societe public $picto='bill'; + /** + * 0=No test on entity, 1=Test with field entity, 2=Test with link by societe + * @var int + */ + public $ismultientitymanaged = 1; + /** + * 0=Default, 1=View may be restricted to sales representative only if no permission to see all or to company of external user if external user + * @var integer + */ + public $restrictiononfksoc = 1; /** * {@inheritdoc} diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 48768af5a7a..1b52ac278ec 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -44,8 +44,17 @@ class Contrat extends CommonObject public $table_element='contrat'; public $table_element_line='contratdet'; public $fk_element='fk_contrat'; - public $ismultientitymanaged = 1; // 0=No test on entity, 1=Test with field entity, 2=Test with link by societe public $picto='contract'; + /** + * 0=No test on entity, 1=Test with field entity, 2=Test with link by societe + * @var int + */ + public $ismultientitymanaged = 1; + /** + * 0=Default, 1=View may be restricted to sales representative only if no permission to see all or to company of external user if external user + * @var integer + */ + public $restrictiononfksoc = 1; /** * {@inheritdoc} diff --git a/htdocs/core/actions_fetchobject.inc.php b/htdocs/core/actions_fetchobject.inc.php index b9cefe45306..e42c2e9a83b 100644 --- a/htdocs/core/actions_fetchobject.inc.php +++ b/htdocs/core/actions_fetchobject.inc.php @@ -30,16 +30,19 @@ if (($id > 0 || (! empty($ref) && ! in_array($action, array('create', 'createtask', 'add')))) && (empty($cancel) || $id > 0)) { - $ret = $object->fetch($id, $ref); - if ($ret > 0) - { - $object->fetch_thirdparty(); - $id = $object->id; - } - else - { - if (empty($object->error) && ! count($object->errors)) setEventMessages('Fetch on object return an error without filling $object->error nor $object->errors', null, 'errors'); - else setEventMessages($object->error, $object->errors, 'errors'); - $action=''; - } + if (($id > 0 && is_numeric($id)) || ! empty($ref)) // To discard case when id is list of ids like '1,2,3...' + { + $ret = $object->fetch($id, $ref); + if ($ret > 0) + { + $object->fetch_thirdparty(); + $id = $object->id; + } + else + { + if (empty($object->error) && ! count($object->errors)) setEventMessages('Fetch on object return an error without filling $object->error nor $object->errors', null, 'errors'); + else setEventMessages($object->error, $object->errors, 'errors'); + $action=''; + } + } } diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 37f87ca1da2..25d9f67a219 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -1414,6 +1414,10 @@ abstract class CommonObject } if ($fieldid == 'none') return 1; + // Security on socid + $socid = 0; + if ($user->societe_id > 0) $socid = $user->societe_id; + // this->ismultientitymanaged contains // 0=No test on entity, 1=Test with field entity, 2=Test with link by societe $alias = 's'; @@ -1422,18 +1426,25 @@ abstract class CommonObject $sql = "SELECT MAX(te.".$fieldid.")"; $sql.= " FROM ".(empty($nodbprefix)?MAIN_DB_PREFIX:'').$this->table_element." as te"; if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 2) $sql.= ", ".MAIN_DB_PREFIX."societe as s"; // If we need to link to societe to limit select to entity - if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 2 && !$user->rights->societe->client->voir) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON ".$alias.".rowid = sc.fk_soc"; + else if ($this->restrictiononfksoc == 1 && $this->element != 'societe' && !$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe as s"; // If we need to link to societe to limit select to socid + else if ($this->restrictiononfksoc == 2 && $this->element != 'societe' && !$user->rights->societe->client->voir && !$socid) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON te.fk_soc = s.rowid"; // If we need to link to societe to limit select to socid + if ($this->restrictiononfksoc && !$user->rights->societe->client->voir && !$socid) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON ".$alias.".rowid = sc.fk_soc"; $sql.= " WHERE te.".$fieldid." < '".$this->db->escape($this->ref)."'"; // ->ref must always be defined (set to id if field does not exists) - if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 2 && !$user->rights->societe->client->voir) $sql.= " AND sc.fk_user = " .$user->id; + if ($this->restrictiononfksoc == 1 && !$user->rights->societe->client->voir && !$socid) $sql.= " AND sc.fk_user = " .$user->id; + if ($this->restrictiononfksoc == 2 && !$user->rights->societe->client->voir && !$socid) $sql.= " AND (sc.fk_user = " .$user->id.' OR te.fk_soc IS NULL)'; if (! empty($filter)) { if (! preg_match('/^\s*AND/i', $filter)) $sql.=" AND "; // For backward compatibility $sql.=$filter; } if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 2) $sql.= ' AND te.fk_soc = s.rowid'; // If we need to link to societe to limit select to entity - if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 1) $sql.= ' AND te.entity IN ('.getEntity($this->element, 1).')'; + else if ($this->restrictiononfksoc == 1 && $this->element != 'societe' && !$user->rights->societe->client->voir && !$socid) $sql.= ' AND te.fk_soc = s.rowid'; // If we need to link to societe to limit select to socid + if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 1) $sql.= ' AND te.entity IN ('.getEntity($this->element).')'; + if ($this->restrictiononfksoc == 1 && $socid && $this->element != 'societe') $sql.= ' AND te.fk_soc = ' . $socid; + if ($this->restrictiononfksoc == 2 && $socid && $this->element != 'societe') $sql.= ' AND (te.fk_soc = ' . $socid.' OR te.fk_soc IS NULL)'; + if ($this->restrictiononfksoc && $socid && $this->element == 'societe') $sql.= ' AND te.rowid = ' . $socid; + //print 'socid='.$socid.' restrictiononfksoc='.$this->restrictiononfksoc.' ismultientitymanaged = '.$this->ismultientitymanaged.' filter = '.$filter.' -> '.$sql."
"; - //print 'filter = '.$filter.' -> '.$sql."
"; $result = $this->db->query($sql); if (! $result) { @@ -1447,19 +1458,26 @@ abstract class CommonObject $sql = "SELECT MIN(te.".$fieldid.")"; $sql.= " FROM ".(empty($nodbprefix)?MAIN_DB_PREFIX:'').$this->table_element." as te"; if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 2) $sql.= ", ".MAIN_DB_PREFIX."societe as s"; // If we need to link to societe to limit select to entity - if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 2 && !$user->rights->societe->client->voir) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON ".$alias.".rowid = sc.fk_soc"; + else if ($this->restrictiononfksoc == 1 && $this->element != 'societe' && !$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe as s"; // If we need to link to societe to limit select to socid + else if ($this->restrictiononfksoc == 2 && $this->element != 'societe' && !$user->rights->societe->client->voir && !$socid) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON te.fk_soc = s.rowid"; // If we need to link to societe to limit select to socid + if ($this->restrictiononfksoc && !$user->rights->societe->client->voir && !$socid) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON ".$alias.".rowid = sc.fk_soc"; $sql.= " WHERE te.".$fieldid." > '".$this->db->escape($this->ref)."'"; // ->ref must always be defined (set to id if field does not exists) - if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 2 && !$user->rights->societe->client->voir) $sql.= " AND sc.fk_user = " .$user->id; + if ($this->restrictiononfksoc == 1 && !$user->rights->societe->client->voir && !$socid) $sql.= " AND sc.fk_user = " .$user->id; + if ($this->restrictiononfksoc == 2 && !$user->rights->societe->client->voir && !$socid) $sql.= " AND (sc.fk_user = " .$user->id.' OR te.fk_soc IS NULL)'; if (! empty($filter)) { if (! preg_match('/^\s*AND/i', $filter)) $sql.=" AND "; // For backward compatibility $sql.=$filter; } if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 2) $sql.= ' AND te.fk_soc = s.rowid'; // If we need to link to societe to limit select to entity - if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 1) $sql.= ' AND te.entity IN ('.getEntity($this->element, 1).')'; + else if ($this->restrictiononfksoc == 1 && $this->element != 'societe' && !$user->rights->societe->client->voir && !$socid) $sql.= ' AND te.fk_soc = s.rowid'; // If we need to link to societe to limit select to socid + if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 1) $sql.= ' AND te.entity IN ('.getEntity($this->element).')'; + if ($this->restrictiononfksoc == 1 && $socid && $this->element != 'societe') $sql.= ' AND te.fk_soc = ' . $socid; + if ($this->restrictiononfksoc == 2 && $socid && $this->element != 'societe') $sql.= ' AND (te.fk_soc = ' . $socid.' OR te.fk_soc IS NULL)'; + if ($this->restrictiononfksoc && $socid && $this->element == 'societe') $sql.= ' AND te.rowid = ' . $socid; + //print 'socid='.$socid.' restrictiononfksoc='.$this->restrictiononfksoc.' ismultientitymanaged = '.$this->ismultientitymanaged.' filter = '.$filter.' -> '.$sql."
"; // Rem: Bug in some mysql version: SELECT MIN(rowid) FROM llx_socpeople WHERE rowid > 1 when one row in database with rowid=1, returns 1 instead of null - //print $sql."
"; $result = $this->db->query($sql); if (! $result) { diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 085b9874aeb..e69aa485736 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -5281,7 +5281,11 @@ class Form if ($objecttmp->ismultientitymanaged == 2) if (!$user->rights->societe->client->voir && !$user->societe_id) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE t.entity IN (".getEntity($objecttmp->table_element).")"; - if ($objecttmp->ismultientitymanaged == 1 && ! empty($user->societe_id)) $sql.= " AND t.fk_soc = ".$user->societe_id; + if ($objecttmp->ismultientitymanaged == 1 && ! empty($user->societe_id)) + { + if ($objecttmp->element == 'societe') $sql.= " AND t.rowid = ".$user->societe_id; + else $sql.= " AND t.fk_soc = ".$user->societe_id; + } if ($searchkey != '') $sql.=natural_search(explode(',',$fieldstoshow), $searchkey); if ($objecttmp->ismultientitymanaged == 2) if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= " AND t.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index ea71f3e1100..b0b67b2fb8d 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -37,6 +37,7 @@ include_once DOL_DOCUMENT_ROOT .'/core/lib/json.lib.php'; + /** * Function to return value of a static property when class * name is dynamically defined (not hard coded). @@ -595,30 +596,34 @@ function GETPOST($paramname, $check='none', $method=0, $filter=NULL, $options=NU /** * Return a prefix to use for this Dolibarr instance, for session/cookie names or email id. - * This prefix is unique for instance and avoid conflict between multi-instances, - * even when having two instances with one root dir or two instances in virtual servers. + * This prefix is valid in a web context only and is unique for instance and avoid conflict + * between multi-instances, even when having two instances with one root dir or two instances + * in virtual servers. * - * @param string $mode '' (prefix for session name) or 'email' (prefix for email id) - * @return string A calculated prefix + * @param string $mode '' (prefix for session name) or 'email' (prefix for email id) + * @return string A calculated prefix */ -function dol_getprefix($mode='') +if (! function_exists('dol_getprefix')) { - global $conf; - - // If MAIL_PREFIX_FOR_EMAIL_ID is set and prefix is for email - if ($mode == 'email' && ! empty($conf->global->MAIL_PREFIX_FOR_EMAIL_ID)) + function dol_getprefix($mode='') { - if ($conf->global->MAIL_PREFIX_FOR_EMAIL_ID != 'SERVER_NAME') return $conf->global->MAIL_PREFIX_FOR_EMAIL_ID; - else if (isset($_SERVER["SERVER_NAME"])) return $_SERVER["SERVER_NAME"]; - } + global $conf; - if (isset($_SERVER["SERVER_NAME"]) && isset($_SERVER["DOCUMENT_ROOT"])) - { - return dol_hash($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"].DOL_DOCUMENT_ROOT.DOL_URL_ROOT); - // Use this for a "clear" cookie name - //return dol_sanitizeFileName($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"].DOL_DOCUMENT_ROOT.DOL_URL_ROOT); + // If MAIL_PREFIX_FOR_EMAIL_ID is set and prefix is for email + if ($mode == 'email' && ! empty($conf->global->MAIL_PREFIX_FOR_EMAIL_ID)) + { + if ($conf->global->MAIL_PREFIX_FOR_EMAIL_ID != 'SERVER_NAME') return $conf->global->MAIL_PREFIX_FOR_EMAIL_ID; + else if (isset($_SERVER["SERVER_NAME"])) return $_SERVER["SERVER_NAME"]; + } + + if (isset($_SERVER["SERVER_NAME"]) && isset($_SERVER["DOCUMENT_ROOT"])) + { + return dol_hash($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"].DOL_DOCUMENT_ROOT.DOL_URL_ROOT); + // Use this for a "readable" cookie name + //return dol_sanitizeFileName($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"].DOL_DOCUMENT_ROOT.DOL_URL_ROOT); + } + else return dol_hash(DOL_DOCUMENT_ROOT.DOL_URL_ROOT); } - else return dol_hash(DOL_DOCUMENT_ROOT.DOL_URL_ROOT); } /** @@ -6568,7 +6573,7 @@ function dol_getmypid() /** * Generate natural SQL search string for a criteria (this criteria can be tested on one or several fields) * - * @param string|string[] $fields String or array of strings, filled with the name of all fields in the SQL query we must check (combined with a OR) + * @param string|string[] $fields String or array of strings, filled with the name of all fields in the SQL query we must check (combined with a OR). Example: array("p.field1","p.field2") * @param string $value The value to look for. * If param $mode is 0, can contains several keywords separated with a space or | * like "keyword1 keyword2" = We want record field like keyword1 AND field like keyword2 diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index cf37b749b5b..fa624a118f8 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -355,14 +355,14 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu * Check access by user to object. * This function is also called by restrictedArea * - * @param User $user User to check - * @param array $featuresarray Features/modules to check. Example: ('user','service','member','project','task',...) - * @param int $objectid Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional). - * @param string $tableandshare 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity for multicompany modume. Param not used if objectid is null (optional). - * @param string $feature2 Feature to check, second level of permission (optional). Can be or check with 'level1|level2'. - * @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional) - * @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional) - * @return bool True if user has access, False otherwise + * @param User $user User to check + * @param array $featuresarray Features/modules to check. Example: ('user','service','member','project','task',...) + * @param int|string $objectid Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional). + * @param string $tableandshare 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity for multicompany modume. Param not used if objectid is null (optional). + * @param string $feature2 Feature to check, second level of permission (optional). Can be or check with 'level1|level2'. + * @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional) + * @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional) + * @return bool True if user has access, False otherwise * @see restrictedArea */ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandshare='', $feature2='', $dbt_keyfield='', $dbt_select='rowid') @@ -379,16 +379,16 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh $sql=''; // For backward compatibility - if ($feature == 'member') $feature='adherent'; + if ($feature == 'member') $feature='adherent'; if ($feature == 'project') $feature='projet'; - if ($feature == 'task') $feature='projet_task'; + if ($feature == 'task') $feature='projet_task'; $check = array('adherent','banque','user','usergroup','produit','service','produit|service','categorie'); // Test on entity only (Objects with no link to company) $checksoc = array('societe'); // Test for societe object $checkother = array('contact','agenda'); // Test on entity and link to third party. Allowed if link is empty (Ex: contacts...). $checkproject = array('projet','project'); // Test for project object $checktask = array('projet_task'); - $nocheck = array('barcode','stock','fournisseur'); // No test + $nocheck = array('barcode','stock','fournisseur','don'); // No test $checkdefault = 'all other not already defined'; // Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...). // If dbtablename not defined, we use same name for table than module name @@ -401,9 +401,9 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh // Check permission for object with entity if (in_array($feature,$check)) { - $sql = "SELECT dbt.".$dbt_select; + $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb"; $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; - $sql.= " WHERE dbt.".$dbt_select." = ".$objectid; + $sql.= " WHERE dbt.".$dbt_select." IN (".$objectid.")"; if (($feature == 'user' || $feature == 'usergroup') && ! empty($conf->multicompany->enabled) && $conf->entity == 1 && $user->admin && ! $user->entity) { $sql.= " AND dbt.entity IS NOT NULL"; @@ -423,10 +423,10 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh // If internal user: Check permission for internal users that are restricted on their objects else if (! empty($conf->societe->enabled) && ($user->rights->societe->lire && ! $user->rights->societe->client->voir)) { - $sql = "SELECT sc.fk_soc"; + $sql = "SELECT COUNT(sc.fk_soc) as nb"; $sql.= " FROM (".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= ", ".MAIN_DB_PREFIX."societe as s)"; - $sql.= " WHERE sc.fk_soc = ".$objectid; + $sql.= " WHERE sc.fk_soc IN (".$objectid.")"; $sql.= " AND sc.fk_user = ".$user->id; $sql.= " AND sc.fk_soc = s.rowid"; $sql.= " AND s.entity IN (".getEntity($sharedelement, 1).")"; @@ -434,9 +434,9 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh // If multicompany and internal users with all permissions, check user is in correct entity else if (! empty($conf->multicompany->enabled)) { - $sql = "SELECT s.rowid"; + $sql = "SELECT COUNT(s.rowid) as nb"; $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; - $sql.= " WHERE s.rowid = ".$objectid; + $sql.= " WHERE s.rowid IN (".$objectid.")"; $sql.= " AND s.entity IN (".getEntity($sharedelement, 1).")"; } } @@ -445,27 +445,27 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh // If external user: Check permission for external users if ($user->societe_id > 0) { - $sql = "SELECT dbt.".$dbt_select; + $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb"; $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; - $sql.= " WHERE dbt.".$dbt_select." = ".$objectid; + $sql.= " WHERE dbt.".$dbt_select." IN (".$objectid.")"; $sql.= " AND dbt.fk_soc = ".$user->societe_id; } // If internal user: Check permission for internal users that are restricted on their objects else if (! empty($conf->societe->enabled) && ($user->rights->societe->lire && ! $user->rights->societe->client->voir)) { - $sql = "SELECT dbt.".$dbt_select; + $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb"; $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = '".$user->id."'"; - $sql.= " WHERE dbt.".$dbt_select." = ".$objectid; + $sql.= " WHERE dbt.".$dbt_select." IN (".$objectid.")"; $sql.= " AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)"; // Contact not linked to a company or to a company of user $sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; } // If multicompany and internal users with all permissions, check user is in correct entity else if (! empty($conf->multicompany->enabled)) { - $sql = "SELECT dbt.".$dbt_select; + $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb"; $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; - $sql.= " WHERE dbt.".$dbt_select." = ".$objectid; + $sql.= " WHERE dbt.".$dbt_select." IN (".$objectid.")"; $sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; } } @@ -481,9 +481,9 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh } else { - $sql = "SELECT dbt.".$dbt_select; + $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb"; $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; - $sql.= " WHERE dbt.".$dbt_select." = ".$objectid; + $sql.= " WHERE dbt.".$dbt_select." IN (".$objectid.")"; $sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; } } @@ -502,9 +502,9 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh } else { - $sql = "SELECT dbt.".$dbt_select; + $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb"; $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; - $sql.= " WHERE dbt.".$dbt_select." = ".$objectid; + $sql.= " WHERE dbt.".$dbt_select." IN (".$objectid.")"; $sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; } } @@ -514,20 +514,20 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh if ($user->societe_id > 0) { if (empty($dbt_keyfield)) dol_print_error('','Param dbt_keyfield is required but not defined'); - $sql = "SELECT dbt.".$dbt_keyfield; + $sql = "SELECT COUNT(dbt.".$dbt_keyfield.") as nb"; $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; - $sql.= " WHERE dbt.rowid = ".$objectid; + $sql.= " WHERE dbt.rowid IN (".$objectid.")"; $sql.= " AND dbt.".$dbt_keyfield." = ".$user->societe_id; } // If internal user: Check permission for internal users that are restricted on their objects else if (! empty($conf->societe->enabled) && ($user->rights->societe->lire && ! $user->rights->societe->client->voir)) { if (empty($dbt_keyfield)) dol_print_error('','Param dbt_keyfield is required but not defined'); - $sql = "SELECT sc.fk_soc"; + $sql = "SELECT COUNT(sc.fk_soc) as nb"; $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; $sql.= ", ".MAIN_DB_PREFIX."societe as s"; $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql.= " WHERE dbt.".$dbt_select." = ".$objectid; + $sql.= " WHERE dbt.".$dbt_select." IN (".$objectid.")"; $sql.= " AND sc.fk_soc = dbt.".$dbt_keyfield; $sql.= " AND dbt.".$dbt_keyfield." = s.rowid"; $sql.= " AND s.entity IN (".getEntity($sharedelement, 1).")"; @@ -536,20 +536,20 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh // If multicompany and internal users with all permissions, check user is in correct entity else if (! empty($conf->multicompany->enabled)) { - $sql = "SELECT dbt.".$dbt_select; + $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb"; $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; - $sql.= " WHERE dbt.".$dbt_select." = ".$objectid; + $sql.= " WHERE dbt.".$dbt_select." IN (".$objectid.")"; $sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; } } - //print "sql=".$sql."
"; if ($sql) { $resql=$db->query($sql); if ($resql) { - if ($db->num_rows($resql) == 0) return false; + $obj = $db->fetch_object($resql); + if (! $obj || $obj->nb < count(explode(',', $objectid))) return false; } else { diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php index 7d305ded7d4..fab2a15b674 100644 --- a/htdocs/core/lib/security2.lib.php +++ b/htdocs/core/lib/security2.lib.php @@ -126,179 +126,182 @@ function checkLoginPassEntity($usertotest,$passwordtotest,$entitytotest,$authmod * @param Societe $mysoc Company object * @return void */ -function dol_loginfunction($langs,$conf,$mysoc) +if (! function_exists('dol_loginfunction')) { - global $dolibarr_main_demo,$db; - global $smartphone,$hookmanager; - - // Instantiate hooks of thirdparty module only if not already define - $hookmanager->initHooks(array('mainloginpage')); - - $langs->load("main"); - $langs->load("other"); - $langs->load("help"); - $langs->load("admin"); - - $main_authentication=$conf->file->main_authentication; - $session_name=session_name(); - - $dol_url_root = DOL_URL_ROOT; - - // Title - $appli=constant('DOL_APPLICATION_TITLE'); - $title=$appli.' '.constant('DOL_VERSION'); - if (! empty($conf->global->MAIN_APPLICATION_TITLE)) $title=$conf->global->MAIN_APPLICATION_TITLE; - $titletruedolibarrversion=constant('DOL_VERSION'); // $title used by login template after the @ to inform of true Dolibarr version - - // Note: $conf->css looks like '/theme/eldy/style.css.php' - $conf->css = "/theme/".(GETPOST('theme','alpha')?GETPOST('theme','alpha'):$conf->theme)."/style.css.php"; - $themepath=dol_buildpath($conf->css,1); - if (! empty($conf->modules_parts['theme'])) // Using this feature slow down application + function dol_loginfunction($langs,$conf,$mysoc) { - foreach($conf->modules_parts['theme'] as $reldir) + global $dolibarr_main_demo,$db; + global $smartphone,$hookmanager; + + $langs->loadLangs(array("main","other","help","admin")); + + // Instantiate hooks of thirdparty module only if not already define + $hookmanager->initHooks(array('mainloginpage')); + + $main_authentication=$conf->file->main_authentication; + + $session_name=session_name(); // Get current session name + + $dol_url_root = DOL_URL_ROOT; + + // Title + $appli=constant('DOL_APPLICATION_TITLE'); + $title=$appli.' '.constant('DOL_VERSION'); + if (! empty($conf->global->MAIN_APPLICATION_TITLE)) $title=$conf->global->MAIN_APPLICATION_TITLE; + $titletruedolibarrversion=constant('DOL_VERSION'); // $title used by login template after the @ to inform of true Dolibarr version + + // Note: $conf->css looks like '/theme/eldy/style.css.php' + /* + $conf->css = "/theme/".(GETPOST('theme','alpha')?GETPOST('theme','alpha'):$conf->theme)."/style.css.php"; + $themepath=dol_buildpath($conf->css,1); + if (! empty($conf->modules_parts['theme'])) // Using this feature slow down application { - if (file_exists(dol_buildpath($reldir.$conf->css, 0))) + foreach($conf->modules_parts['theme'] as $reldir) { - $themepath=dol_buildpath($reldir.$conf->css, 1); - break; + if (file_exists(dol_buildpath($reldir.$conf->css, 0))) + { + $themepath=dol_buildpath($reldir.$conf->css, 1); + break; + } } } - } - $conf_css = $themepath."?lang=".$langs->defaultlang; + $conf_css = $themepath."?lang=".$langs->defaultlang; + */ - // Select templates dir - if (! empty($conf->modules_parts['tpl'])) // Using this feature slow down application - { - $dirtpls=array_merge($conf->modules_parts['tpl'],array('/core/tpl/')); - foreach($dirtpls as $reldir) + // Select templates dir + if (! empty($conf->modules_parts['tpl'])) // Using this feature slow down application { - $tmp=dol_buildpath($reldir.'login.tpl.php'); - if (file_exists($tmp)) { $template_dir=preg_replace('/login\.tpl\.php$/','',$tmp); break; } + $dirtpls=array_merge($conf->modules_parts['tpl'],array('/core/tpl/')); + foreach($dirtpls as $reldir) + { + $tmp=dol_buildpath($reldir.'login.tpl.php'); + if (file_exists($tmp)) { $template_dir=preg_replace('/login\.tpl\.php$/','',$tmp); break; } + } } - } - else - { - $template_dir = DOL_DOCUMENT_ROOT."/core/tpl/"; - } - - // Set cookie for timeout management - $prefix=dol_getprefix(); - $sessiontimeout='DOLSESSTIMEOUT_'.$prefix; - if (! empty($conf->global->MAIN_SESSION_TIMEOUT)) setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", null, false, true); - - if (GETPOST('urlfrom','alpha')) $_SESSION["urlfrom"]=GETPOST('urlfrom','alpha'); - else unset($_SESSION["urlfrom"]); - - if (! GETPOST("username",'alpha')) $focus_element='username'; - else $focus_element='password'; - - $demologin=''; - $demopassword=''; - if (! empty($dolibarr_main_demo)) - { - $tab=explode(',',$dolibarr_main_demo); - $demologin=$tab[0]; - $demopassword=$tab[1]; - } - - // Execute hook getLoginPageOptions (for table) - $parameters=array('entity' => GETPOST('entity','int')); - $reshook = $hookmanager->executeHooks('getLoginPageOptions',$parameters); // Note that $action and $object may have been modified by some hooks. - if (is_array($hookmanager->resArray) && ! empty($hookmanager->resArray)) { - $morelogincontent = $hookmanager->resArray; // (deprecated) For compatibility - } else { - $morelogincontent = $hookmanager->resPrint; - } - - // Execute hook getLoginPageExtraOptions (eg for js) - $parameters=array('entity' => GETPOST('entity','int')); - $reshook = $hookmanager->executeHooks('getLoginPageExtraOptions',$parameters); // Note that $action and $object may have been modified by some hooks. - $moreloginextracontent = $hookmanager->resPrint; - - // Login - $login = (! empty($hookmanager->resArray['username']) ? $hookmanager->resArray['username'] : (GETPOST("username","alpha") ? GETPOST("username","alpha") : $demologin)); - $password = $demopassword; - - // Show logo (search in order: small company logo, large company logo, theme logo, common logo) - $width=0; - $urllogo=DOL_URL_ROOT.'/theme/login_logo.png'; - - if (! empty($mysoc->logo_small) && is_readable($conf->mycompany->dir_output.'/logos/thumbs/'.$mysoc->logo_small)) - { - $urllogo=DOL_URL_ROOT.'/viewimage.php?cache=1&modulepart=mycompany&file='.urlencode('thumbs/'.$mysoc->logo_small); - } - elseif (! empty($mysoc->logo) && is_readable($conf->mycompany->dir_output.'/logos/'.$mysoc->logo)) - { - $urllogo=DOL_URL_ROOT.'/viewimage.php?cache=1&modulepart=mycompany&file='.urlencode($mysoc->logo); - $width=128; - } - elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/img/dolibarr_logo.png')) - { - $urllogo=DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/dolibarr_logo.png'; - } - elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/dolibarr_logo.png')) - { - $urllogo=DOL_URL_ROOT.'/theme/dolibarr_logo.png'; - } - - // Security graphical code - $captcha=0; - $captcha_refresh=''; - if (function_exists("imagecreatefrompng") && ! empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA)) - { - $captcha=1; - $captcha_refresh=img_picto($langs->trans("Refresh"),'refresh','id="captcha_refresh_img"'); - } - - // Extra link - $forgetpasslink=0; - $helpcenterlink=0; - if (empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK) || empty($conf->global->MAIN_HELPCENTER_DISABLELINK)) - { - if (empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK)) + else { - $forgetpasslink=1; + $template_dir = DOL_DOCUMENT_ROOT."/core/tpl/"; } - if (empty($conf->global->MAIN_HELPCENTER_DISABLELINK)) + // Set cookie for timeout management + $prefix=dol_getprefix(''); + $sessiontimeout='DOLSESSTIMEOUT_'.$prefix; + if (! empty($conf->global->MAIN_SESSION_TIMEOUT)) setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", null, false, true); + + if (GETPOST('urlfrom','alpha')) $_SESSION["urlfrom"]=GETPOST('urlfrom','alpha'); + else unset($_SESSION["urlfrom"]); + + if (! GETPOST("username",'alpha')) $focus_element='username'; + else $focus_element='password'; + + $demologin=''; + $demopassword=''; + if (! empty($dolibarr_main_demo)) { - $helpcenterlink=1; + $tab=explode(',',$dolibarr_main_demo); + $demologin=$tab[0]; + $demopassword=$tab[1]; } + + // Execute hook getLoginPageOptions (for table) + $parameters=array('entity' => GETPOST('entity','int')); + $reshook = $hookmanager->executeHooks('getLoginPageOptions',$parameters); // Note that $action and $object may have been modified by some hooks. + if (is_array($hookmanager->resArray) && ! empty($hookmanager->resArray)) { + $morelogincontent = $hookmanager->resArray; // (deprecated) For compatibility + } else { + $morelogincontent = $hookmanager->resPrint; + } + + // Execute hook getLoginPageExtraOptions (eg for js) + $parameters=array('entity' => GETPOST('entity','int')); + $reshook = $hookmanager->executeHooks('getLoginPageExtraOptions',$parameters); // Note that $action and $object may have been modified by some hooks. + $moreloginextracontent = $hookmanager->resPrint; + + // Login + $login = (! empty($hookmanager->resArray['username']) ? $hookmanager->resArray['username'] : (GETPOST("username","alpha") ? GETPOST("username","alpha") : $demologin)); + $password = $demopassword; + + // Show logo (search in order: small company logo, large company logo, theme logo, common logo) + $width=0; + $urllogo=DOL_URL_ROOT.'/theme/login_logo.png'; + + if (! empty($mysoc->logo_small) && is_readable($conf->mycompany->dir_output.'/logos/thumbs/'.$mysoc->logo_small)) + { + $urllogo=DOL_URL_ROOT.'/viewimage.php?cache=1&modulepart=mycompany&file='.urlencode('thumbs/'.$mysoc->logo_small); + } + elseif (! empty($mysoc->logo) && is_readable($conf->mycompany->dir_output.'/logos/'.$mysoc->logo)) + { + $urllogo=DOL_URL_ROOT.'/viewimage.php?cache=1&modulepart=mycompany&file='.urlencode($mysoc->logo); + $width=128; + } + elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/img/dolibarr_logo.png')) + { + $urllogo=DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/dolibarr_logo.png'; + } + elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/dolibarr_logo.png')) + { + $urllogo=DOL_URL_ROOT.'/theme/dolibarr_logo.png'; + } + + // Security graphical code + $captcha=0; + $captcha_refresh=''; + if (function_exists("imagecreatefrompng") && ! empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA)) + { + $captcha=1; + $captcha_refresh=img_picto($langs->trans("Refresh"),'refresh','id="captcha_refresh_img"'); + } + + // Extra link + $forgetpasslink=0; + $helpcenterlink=0; + if (empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK) || empty($conf->global->MAIN_HELPCENTER_DISABLELINK)) + { + if (empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK)) + { + $forgetpasslink=1; + } + + if (empty($conf->global->MAIN_HELPCENTER_DISABLELINK)) + { + $helpcenterlink=1; + } + } + + // Home message + $main_home=''; + if (! empty($conf->global->MAIN_HOME)) + { + $substitutionarray=getCommonSubstitutionArray($langs); + complete_substitutions_array($substitutionarray, $langs); + $texttoshow = make_substitutions($conf->global->MAIN_HOME, $substitutionarray, $langs); + + $main_home=dol_htmlcleanlastbr($texttoshow); + } + + // Google AD + $main_google_ad_client = ((! empty($conf->global->MAIN_GOOGLE_AD_CLIENT) && ! empty($conf->global->MAIN_GOOGLE_AD_SLOT))?1:0); + + // Set jquery theme + $dol_loginmesg = (! empty($_SESSION["dol_loginmesg"])?$_SESSION["dol_loginmesg"]:''); + $favicon=dol_buildpath('/theme/'.$conf->theme.'/img/favicon.ico',1); + if (! empty($conf->global->MAIN_FAVICON_URL)) $favicon=$conf->global->MAIN_FAVICON_URL; + $jquerytheme = 'smoothness'; + if (! empty($conf->global->MAIN_USE_JQUERY_THEME)) $jquerytheme = $conf->global->MAIN_USE_JQUERY_THEME; + + // Set dol_hide_topmenu, dol_hide_leftmenu, dol_optimize_smallscreen, dol_no_mouse_hover + $dol_hide_topmenu=GETPOST('dol_hide_topmenu','int'); + $dol_hide_leftmenu=GETPOST('dol_hide_leftmenu','int'); + $dol_optimize_smallscreen=GETPOST('dol_optimize_smallscreen','int'); + $dol_no_mouse_hover=GETPOST('dol_no_mouse_hover','int'); + $dol_use_jmobile=GETPOST('dol_use_jmobile','int'); + + // Include login page template + include $template_dir.'login.tpl.php'; + + + $_SESSION["dol_loginmesg"] = ''; } - - // Home message - $main_home=''; - if (! empty($conf->global->MAIN_HOME)) - { - $substitutionarray=getCommonSubstitutionArray($langs); - complete_substitutions_array($substitutionarray, $langs); - $texttoshow = make_substitutions($conf->global->MAIN_HOME, $substitutionarray, $langs); - - $main_home=dol_htmlcleanlastbr($texttoshow); - } - - // Google AD - $main_google_ad_client = ((! empty($conf->global->MAIN_GOOGLE_AD_CLIENT) && ! empty($conf->global->MAIN_GOOGLE_AD_SLOT))?1:0); - - // Set jquery theme - $dol_loginmesg = (! empty($_SESSION["dol_loginmesg"])?$_SESSION["dol_loginmesg"]:''); - $favicon=dol_buildpath('/theme/'.$conf->theme.'/img/favicon.ico',1); - if (! empty($conf->global->MAIN_FAVICON_URL)) $favicon=$conf->global->MAIN_FAVICON_URL; - $jquerytheme = 'smoothness'; - if (! empty($conf->global->MAIN_USE_JQUERY_THEME)) $jquerytheme = $conf->global->MAIN_USE_JQUERY_THEME; - - // Set dol_hide_topmenu, dol_hide_leftmenu, dol_optimize_smallscreen, dol_no_mouse_hover - $dol_hide_topmenu=GETPOST('dol_hide_topmenu','int'); - $dol_hide_leftmenu=GETPOST('dol_hide_leftmenu','int'); - $dol_optimize_smallscreen=GETPOST('dol_optimize_smallscreen','int'); - $dol_no_mouse_hover=GETPOST('dol_no_mouse_hover','int'); - $dol_use_jmobile=GETPOST('dol_use_jmobile','int'); - - // Include login page template - include $template_dir.'login.tpl.php'; - - - $_SESSION["dol_loginmesg"] = ''; } /** diff --git a/htdocs/core/lib/website.lib.php b/htdocs/core/lib/website.lib.php index 9dc1b2c3863..197e050f48a 100644 --- a/htdocs/core/lib/website.lib.php +++ b/htdocs/core/lib/website.lib.php @@ -368,6 +368,238 @@ function getAllImages($object, $objectpage, $urltograb, &$tmp, &$action, $modify $tmp = preg_replace('/'.preg_quote($regs[0][$key],'/').'/i', 'background'.$regs[1][$key].'url("'.DOL_URL_ROOT.'/viewimage.php?modulepart=medias&file='.$filename.'")', $tmp); } } - } + + +/** + * Save content of a page on disk + * + * @param string $filealias Full path of filename to generate + * @param Website $object Object website + * @param WebsitePage $objectpage Object websitepage + * @return boolean True if OK + */ +function dolSavePageAlias($filealias, $object, $objectpage) +{ + global $conf; + + // Now create the .tpl file (duplicate code with actions updatesource or updatecontent but we need this to save new header) + dol_syslog("We regenerate the alias page filealias=".$filealias); + + $aliascontent = 'id.'.tpl.php\'; '; + $aliascontent.= 'else require $dolibarr_main_data_root.\'/website/\'.$website->ref.\'/page'.$objectpage->id.'.tpl.php\';'."\n"; + $aliascontent.= '?>'."\n"; + $result = file_put_contents($filealias, $aliascontent); + if (! empty($conf->global->MAIN_UMASK)) + @chmod($filealias, octdec($conf->global->MAIN_UMASK)); + + return ($result?true:false); +} + + +/** + * Save content of a page on disk + * + * @param string $filetpl Full path of filename to generate + * @param Website $object Object website + * @param WebsitePage $objectpage Object websitepage + * @return boolean True if OK + */ +function dolSavePageContent($filetpl, $object, $objectpage) +{ + global $conf; + + // Now create the .tpl file (duplicate code with actions updatesource or updatecontent but we need this to save new header) + dol_syslog("We regenerate the tpl page filetpl=".$filetpl); + + dol_delete_file($filetpl); + + $shortlangcode = ''; + if ($objectpage->lang) $shortlangcode=preg_replace('/[_-].*$/', '', $objectpage->lang); // en_US or en-US -> en + + $tplcontent =''; + $tplcontent.= "\n"; + $tplcontent.= ''."\n"; + $tplcontent.= ''."\n"; + $tplcontent.= ''.dol_string_nohtmltag($objectpage->title, 0, 'UTF-8').''."\n"; + $tplcontent.= ''."\n"; + $tplcontent.= ''."\n"; + $tplcontent.= ''."\n"; + $tplcontent.= ''."\n"; + $tplcontent.= ''."\n"; + $tplcontent.= ''."\n"; + $tplcontent.= ''."\n"; + $tplcontent.= ''."\n"; + $tplcontent.= ''."\n"; + $tplcontent.= ''."\n"; + $tplcontent.= ''."\n"; + $tplcontent.= 'ref.'/htmlheader.html"); ?>'."\n"; + $tplcontent.= ''."\n"; + $tplcontent.= $objectpage->htmlheader."\n"; + $tplcontent.= ''."\n"; + + $tplcontent.= ''."\n"; + $tplcontent.= ''."\n"; + $tplcontent.= $objectpage->content."\n"; + $tplcontent.= ''."\n"; + $tplcontent.= ''."\n"; + + $tplcontent.= '"."\n"; + + //var_dump($filetpl);exit; + $result = file_put_contents($filetpl, $tplcontent); + if (! empty($conf->global->MAIN_UMASK)) + @chmod($filetpl, octdec($conf->global->MAIN_UMASK)); + + return $result; +} + + +/** + * Save content of a page on disk + * + * @param string $filehtmlheader Full path of filename to generate + * @param string $htmlheadercontent Content of file + * @return boolean True if OK + */ +function dolSaveHtmlHeader($filehtmlheader, $htmlheadercontent) +{ + global $conf, $pathofwebsite; + + dol_syslog("Save html header into ".$filehtmlheader); + + dol_mkdir($pathofwebsite); + $result = file_put_contents($filehtmlheader, $htmlheadercontent); + if (! empty($conf->global->MAIN_UMASK)) + @chmod($filehtmlheader, octdec($conf->global->MAIN_UMASK)); + + if (! $result) + { + setEventMessages('Failed to write file '.$filehtmlheader, null, 'errors'); + return false; + } + + return true; +} + +/** + * Save content of a page on disk + * + * @param string $filecss Full path of filename to generate + * @param string $csscontent Content of file + * @return boolean True if OK + */ +function dolSaveCssFile($filecss, $csscontent) +{ + global $conf, $pathofwebsite; + + dol_syslog("Save css file into ".$filecss); + + dol_mkdir($pathofwebsite); + $result = file_put_contents($filecss, $csscontent); + if (! empty($conf->global->MAIN_UMASK)) + @chmod($filecss, octdec($conf->global->MAIN_UMASK)); + + if (! $result) + { + setEventMessages('Failed to write file '.$filecss, null, 'errors'); + return false; + } + + return true; +} + +/** + * Save content of a page on disk + * + * @param string $filejs Full path of filename to generate + * @param string $jscontent Content of file + * @return boolean True if OK + */ +function dolSaveJsFile($filejs, $jscontent) +{ + global $conf, $pathofwebsite; + + dol_syslog("Save js file into ".$filejs); + + dol_mkdir($pathofwebsite); + $result = file_put_contents($filejs, $jscontent); + if (! empty($conf->global->MAIN_UMASK)) + @chmod($filejs, octdec($conf->global->MAIN_UMASK)); + + if (! $result) + { + setEventMessages('Failed to write file '.$filejs, null, 'errors'); + return false; + } + + return true; +} + +/** + * Save content of a page on disk + * + * @param string $filerobot Full path of filename to generate + * @param string $robotcontent Content of file + * @return boolean True if OK + */ +function dolSaveRobotFile($filerobot, $robotcontent) +{ + global $conf, $pathofwebsite; + + dol_syslog("Save robot file into ".$filerobot); + + dol_mkdir($pathofwebsite); + $result = file_put_contents($filerobot, $robotcontent); + if (! empty($conf->global->MAIN_UMASK)) + @chmod($filerobot, octdec($conf->global->MAIN_UMASK)); + + if (! $result) + { + setEventMessages('Failed to write file '.$filerobot, null, 'errors'); + return false; + } + + return true; +} + +/** + * Save content of a page on disk + * + * @param string $filehtaccess Full path of filename to generate + * @param string $htaccess Content of file + * @return boolean True if OK + */ +function dolSaveHtaccessFile($filehtaccess, $htaccess) +{ + global $conf, $pathofwebsite; + + dol_syslog("Save htaccess file into ".$filehtaccess); + + dol_mkdir($pathofwebsite); + $result = file_put_contents($filehtaccess, $htaccess); + if (! empty($conf->global->MAIN_UMASK)) + @chmod($filehtaccess, octdec($conf->global->MAIN_UMASK)); + + if (! $result) + { + setEventMessages('Failed to write file '.$filehtaccess, null, 'errors'); + return false; + } + + return true; +} + + diff --git a/htdocs/core/modules/rapport/pdf_paiement.class.php b/htdocs/core/modules/rapport/pdf_paiement.class.php index b294d8645eb..2bb784aa578 100644 --- a/htdocs/core/modules/rapport/pdf_paiement.class.php +++ b/htdocs/core/modules/rapport/pdf_paiement.class.php @@ -218,7 +218,7 @@ class pdf_paiement if (! empty($conf->banque->enabled)) $sql.= ", ba.ref as bankaccount"; $sql.= ", p.rowid as prowid"; - $sql.= " FROM ".MAIN_DB_PREFIX."paiementfourn as p LEFT JOIN ON ".MAIN_DB_PREFIX."c_paiement as c ON p.fk_paiement = c.id AND c.entity IN (".getEntity('c_paiement').")"; + $sql.= " FROM ".MAIN_DB_PREFIX."paiementfourn as p LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c ON p.fk_paiement = c.id AND c.entity IN (".getEntity('c_paiement').")"; $sql.= ", ".MAIN_DB_PREFIX."facture_fourn as f,"; $sql.= " ".MAIN_DB_PREFIX."paiementfourn_facturefourn as pf,"; if (! empty($conf->banque->enabled)) diff --git a/htdocs/core/tpl/login.tpl.php b/htdocs/core/tpl/login.tpl.php index 62200405c60..35145db8320 100644 --- a/htdocs/core/tpl/login.tpl.php +++ b/htdocs/core/tpl/login.tpl.php @@ -46,6 +46,7 @@ $disablenofollow=1; if (! preg_match('/'.constant('DOL_APPLICATION_TITLE').'/', $title)) $disablenofollow=0; print top_htmlhead('', $titleofloginpage, 0, 0, $arrayofjs, array(), 0, $disablenofollow); + ?> diff --git a/htdocs/don/card.php b/htdocs/don/card.php index 539bae26e48..5081e32dd0e 100644 --- a/htdocs/don/card.php +++ b/htdocs/don/card.php @@ -1,6 +1,6 @@ - * Copyright (C) 2004-2015 Laurent Destailleur + * Copyright (C) 2004-2017 Laurent Destailleur * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2013 Florian Henry * Copyright (C) 2015-2016 Alexandre Spangaro @@ -630,8 +630,8 @@ if (! empty($id) && $action != 'edit') * Payments */ $sql = "SELECT p.rowid, p.num_payment, p.datep as dp, p.amount,"; - $sql.= "c.code as type_code,c.libelle as paiement_type"; - $sql.= " FROM ".MAIN_DB_PREFIX."payment_donation as p LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c AND c.entity IN (".getEntity('c_paiement').")"; + $sql.= " c.code as type_code,c.libelle as paiement_type"; + $sql.= " FROM ".MAIN_DB_PREFIX."payment_donation as p LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c ON c.entity IN (".getEntity('c_paiement').")"; $sql.= ", ".MAIN_DB_PREFIX."don as d"; $sql.= " WHERE d.rowid = '".$id."'"; $sql.= " AND p.fk_donation = d.rowid"; diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index 868014ea618..e6e309c2239 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -43,8 +43,17 @@ class CommandeFournisseur extends CommonOrder public $table_element='commande_fournisseur'; public $table_element_line = 'commande_fournisseurdet'; public $fk_element = 'fk_commande'; - public $ismultientitymanaged = 1; // 0=No test on entity, 1=Test with field entity, 2=Test with link by societe public $picto='order'; + /** + * 0=No test on entity, 1=Test with field entity, 2=Test with link by societe + * @var int + */ + public $ismultientitymanaged = 1; + /** + * 0=Default, 1=View may be restricted to sales representative only if no permission to see all or to company of external user if external user + * @var integer + */ + public $restrictiononfksoc = 1; /** * {@inheritdoc} diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index 2be366cfc46..995745b4faa 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -44,8 +44,17 @@ class FactureFournisseur extends CommonInvoice public $table_element='facture_fourn'; public $table_element_line='facture_fourn_det'; public $fk_element='fk_facture_fourn'; - public $ismultientitymanaged = 1; // 0=No test on entity, 1=Test with field entity, 2=Test with link by societe public $picto='bill'; + /** + * 0=No test on entity, 1=Test with field entity, 2=Test with link by societe + * @var int + */ + public $ismultientitymanaged = 1; + /** + * 0=Default, 1=View may be restricted to sales representative only if no permission to see all or to company of external user if external user + * @var integer + */ + public $restrictiononfksoc = 1; /** * {@inheritdoc} diff --git a/htdocs/fourn/facture/rapport.php b/htdocs/fourn/facture/rapport.php index d0a0c5f0aea..ee7f5f99769 100644 --- a/htdocs/fourn/facture/rapport.php +++ b/htdocs/fourn/facture/rapport.php @@ -85,9 +85,10 @@ if ($action == 'builddoc') $formother=new FormOther($db); -llxHeader(); - $titre=($year?$langs->trans("PaymentsReportsForYear",$year):$langs->trans("PaymentsReports")); + +llxHeader('', $titre); + print load_fiche_titre($titre,'','title_accountancy.png'); // Formulaire de generation @@ -152,7 +153,7 @@ if ($year) { if (preg_match('/^supplier_payment/i',$file)) { - + $tfile = $dir . '/'.$year.'/'.$file; $relativepath = $year.'/'.$file; print "".''.img_pdf().' '.$file.''; diff --git a/htdocs/langs/en_US/website.lang b/htdocs/langs/en_US/website.lang index 326228b7e45..5b50bcc7ad3 100644 --- a/htdocs/langs/en_US/website.lang +++ b/htdocs/langs/en_US/website.lang @@ -5,14 +5,15 @@ DeleteWebsite=Delete website ConfirmDeleteWebsite=Are you sure you want to delete this web site. All its pages and content will also be removed. WEBSITE_TYPE_CONTAINER=Type of page/container WEBSITE_PAGENAME=Page name/alias -HtmlHeaderPage=HTML specific header for page WEBSITE_CSS_URL=URL of external CSS file WEBSITE_CSS_INLINE=CSS file content (common to all pages) WEBSITE_JS_INLINE=Javascript file content (common to all pages) WEBSITE_HTML_HEADER=Addition at bottom of HTML Header (common to all pages) WEBSITE_ROBOT=Robot file (robots.txt) WEBSITE_HTACCESS=Web site .htaccess file -PageNameAliasHelp=Name or alias of the page.
This alias is also used to forge a SEO URL when website is ran from a Virtual host of a Web server (like Apacke, Nginx, ...). Use the button "%s" to edit this alias. +HtmlHeaderPage=HTML header (specific to this page only) +PageNameAliasHelp=Name or alias of the page.
This alias is also used to forge a SEO URL when website is ran from a Virtual host of a Web server (like Apacke, Nginx, ...). Use the button "%s" to edit this alias. +EditTheWebSiteForACommonHeader=Note: If you want to define a personalized header for all pages, edit the header on the site level instead of on the page/container. MediaFiles=Media library EditCss=Edit Style/CSS or HTML header EditMenu=Edit menu @@ -59,4 +60,5 @@ BlogPost=Blog post WebsiteAccount=Web site account WebsiteAccounts=Web site accounts AddWebsiteAccount=Create web site account -BackToListOfThirdParty=Back to list for Third Party \ No newline at end of file +BackToListOfThirdParty=Back to list for Third Party +DisableSiteFirst=Disable website first \ No newline at end of file diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 1cf0a18e3a1..6d71c35a4df 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -153,7 +153,11 @@ function analyseVarsForSqlAndScriptsInjection(&$var, $type) // Check consistency of NOREQUIREXXX DEFINES -if ((defined('NOREQUIREDB') || defined('NOREQUIRETRAN')) && ! defined('NOREQUIREMENU')) dol_print_error('','If define NOREQUIREDB or NOREQUIRETRAN are set, you must also set NOREQUIREMENU or not use them'); +if ((defined('NOREQUIREDB') || defined('NOREQUIRETRAN')) && ! defined('NOREQUIREMENU')) +{ + print 'If define NOREQUIREDB or NOREQUIRETRAN are set, you must also set NOREQUIREMENU or not set them'; + exit; +} // Sanity check on URL if (! empty($_SERVER["PHP_SELF"])) @@ -204,7 +208,7 @@ if (! empty($_POST["DOL_AUTOSET_COOKIE"])) } // Init session. Name of session is specific to Dolibarr instance. -$prefix=dol_getprefix(); +$prefix=dol_getprefix(''); $sessionname='DOLSESSID_'.$prefix; $sessiontimeout='DOLSESSTIMEOUT_'.$prefix; if (! empty($_COOKIE[$sessiontimeout])) ini_set('session.gc_maxlifetime',$_COOKIE[$sessiontimeout]); @@ -361,7 +365,6 @@ if (! empty($_SESSION["disablemodules"])) } } - /* * Phase authentication / login */ @@ -479,6 +482,7 @@ if (! defined('NOLOGIN')) include_once DOL_DOCUMENT_ROOT.'/core/class/translate.class.php'; $langs=new Translate("",$conf); $langcode=(GETPOST('lang','aZ09',1)?GETPOST('lang','aZ09',1):(empty($conf->global->MAIN_LANG_DEFAULT)?'auto':$conf->global->MAIN_LANG_DEFAULT)); + if (defined('MAIN_LANG_DEFAULT')) $langcode=constant('MAIN_LANG_DEFAULT'); $langs->setDefaultLang($langcode); } @@ -1164,6 +1168,7 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs } } } + //print 'themepath='.$themepath.' themeparam='.$themeparam;exit; print ''."\n"; if (! empty($conf->global->MAIN_FIX_FLASH_ON_CHROME)) print ''."\n".''."\n"; diff --git a/htdocs/master.inc.php b/htdocs/master.inc.php index ce3080e32e4..52c4c9780c7 100644 --- a/htdocs/master.inc.php +++ b/htdocs/master.inc.php @@ -235,7 +235,8 @@ if (! defined('NOREQUIREDB') && ! defined('NOREQUIRESOC')) if (! defined('NOREQUIRETRAN')) { $langcode=(GETPOST('lang','aZ09')?GETPOST('lang','aZ09',1):(empty($conf->global->MAIN_LANG_DEFAULT)?'auto':$conf->global->MAIN_LANG_DEFAULT)); - $langs->setDefaultLang($langcode); + if (defined('MAIN_LANG_DEFAULT')) $langcode=constant('MAIN_LANG_DEFAULT'); + $langs->setDefaultLang($langcode); } diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index 14f3c7e37d4..2a77de4f552 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -754,8 +754,8 @@ class Task extends CommonObject } if ($socid) $sql.= " AND p.fk_soc = ".$socid; if ($projectid) $sql.= " AND p.rowid in (".$projectid.")"; - if ($filteronproj) $sql.= " AND (p.ref LIKE '%".$this->db->escape($filteronproj)."%' OR p.title LIKE '%".$this->db->escape($filteronproj)."%')"; - if ($filteronprojstatus > -1) $sql.= " AND p.fk_statut = ".$filteronprojstatus; + if ($filteronproj) $sql.= natural_search(array("p.ref", "p.title"), $filteronproj); + if ($filteronprojstatus > -1) $sql.= " AND p.fk_statut IN (".$filteronprojstatus.")"; if ($morewherefilter) $sql.=$morewherefilter; $sql.= " ORDER BY p.ref, t.rang, t.dateo"; diff --git a/htdocs/projet/ganttview.php b/htdocs/projet/ganttview.php index d63f2d2bb62..c3552d714f2 100644 --- a/htdocs/projet/ganttview.php +++ b/htdocs/projet/ganttview.php @@ -1,6 +1,6 @@ - * Copyright (C) 2004-2012 Laurent Destailleur + * Copyright (C) 2004-2017 Laurent Destailleur * Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify @@ -32,7 +32,7 @@ require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; -$id=GETPOST('id','int'); +$id=GETPOST('id','intcomma'); $ref=GETPOST('ref','alpha'); $mode = GETPOST('mode', 'alpha'); @@ -46,7 +46,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be inclu // Security check $socid=0; //if ($user->societe_id > 0) $socid = $user->societe_id; // For external user, no check is done on company because readability is managed by public status of project and assignement. -$result = restrictedArea($user, 'projet', $id,'projet&project'); +$result = restrictedArea($user, 'projet', $id, 'projet&project'); $langs->load("users"); $langs->load("projects"); @@ -80,12 +80,12 @@ if (! empty($conf->use_javascript_ajax)) ); } -$title=$langs->trans("Project").' - '.$langs->trans("Gantt").' - '.$object->ref.' '.$object->name; -if (! empty($conf->global->MAIN_HTML_TITLE) && preg_match('/projectnameonly/',$conf->global->MAIN_HTML_TITLE) && $object->name) $title=$object->ref.' '.$object->name.' - '.$langs->trans("Gantt"); +$title=$langs->trans("Project").' - '.$langs->trans("Gantt").($object->ref?' - '.$object->ref.' '.$object->name:''); +if (! empty($conf->global->MAIN_HTML_TITLE) && preg_match('/projectnameonly/',$conf->global->MAIN_HTML_TITLE) && $object->name) $title=($object->ref?$object->ref.' '.$object->name.' - ':'').$langs->trans("Gantt"); $help_url="EN:Module_Projects|FR:Module_Projets|ES:Módulo_Proyectos"; llxHeader("",$title,$help_url,'',0,0,$arrayofjs,$arrayofcss); -if ($id > 0 || ! empty($ref)) +if (($id > 0 && is_numeric($id)) || ! empty($ref)) { // To verify role of users //$userAccess = $object->restrictedProjectArea($user,'read'); @@ -93,7 +93,6 @@ if ($id > 0 || ! empty($ref)) //$userDelete = $object->restrictedProjectArea($user,'delete'); //print "userAccess=".$userAccess." userWrite=".$userWrite." userDelete=".$userDelete; - $tab='gantt'; $head=project_prepare_head($object); @@ -195,7 +194,7 @@ if ($id > 0 || ! empty($ref)) * Buttons actions */ -if ($id > 0) +if ($id > 0 && is_numeric($id)) { print '
'; @@ -229,7 +228,7 @@ else // Get list of tasks in tasksarray and taskarrayfiltered // We need all tasks (even not limited to a user because a task to user // can have a parent that is not affected to him). -$tasksarray=$task->getTasksArray(0, 0, $object->id, $socid, 0); +$tasksarray=$task->getTasksArray(0, 0, ($object->id ? $object->id : $id), $socid, 0); // We load also tasks limited to a particular user //$tasksrole=($_REQUEST["mode"]=='mine' ? $task->getUserRolesForProjectsOrTasks(0,$user,$object->id,0) : ''); //var_dump($tasksarray); diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index f8fe4a80123..4a37699e6c6 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -53,6 +53,11 @@ class Societe extends CommonObject * @var int */ public $ismultientitymanaged = 1; + /** + * 0=Default, 1=View may be restricted to sales representative only if no permission to see all or to company of external user if external user + * @var integer + */ + public $restrictiononfksoc = 1; // BEGIN MODULEBUILDER PROPERTIES diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index 5b830f6e37c..4fa0c8fad6e 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -48,8 +48,17 @@ class SupplierProposal extends CommonObject public $table_element='supplier_proposal'; public $table_element_line='supplier_proposaldet'; public $fk_element='fk_supplier_proposal'; - public $ismultientitymanaged = 1; // 0=No test on entity, 1=Test with field entity, 2=Test with link by societe public $picto='propal'; + /** + * 0=No test on entity, 1=Test with field entity, 2=Test with link by societe + * @var int + */ + public $ismultientitymanaged = 1; + /** + * 0=Default, 1=View may be restricted to sales representative only if no permission to see all or to company of external user if external user + * @var integer + */ + public $restrictiononfksoc = 1; /** * {@inheritdoc} diff --git a/htdocs/user/logout.php b/htdocs/user/logout.php index 8aac6037f65..5958c71f295 100644 --- a/htdocs/user/logout.php +++ b/htdocs/user/logout.php @@ -63,7 +63,7 @@ if (GETPOST('dol_no_mouse_hover')) $url.=(preg_match('/\?/',$url)?'&':'?') if (GETPOST('dol_use_jmobile')) $url.=(preg_match('/\?/',$url)?'&':'?').'dol_use_jmobile=1'; // Destroy session -$prefix=dol_getprefix(); +$prefix=dol_getprefix(''); $sessionname='DOLSESSID_'.$prefix; $sessiontimeout='DOLSESSTIMEOUT_'.$prefix; if (! empty($_COOKIE[$sessiontimeout])) ini_set('session.gc_maxlifetime',$_COOKIE[$sessiontimeout]); diff --git a/htdocs/user/passwordforgotten.php b/htdocs/user/passwordforgotten.php index 43cb5097bba..4f93a0d2401 100644 --- a/htdocs/user/passwordforgotten.php +++ b/htdocs/user/passwordforgotten.php @@ -169,6 +169,7 @@ else } // Note: $conf->css looks like '/theme/eldy/style.css.php' +/* $conf->css = "/theme/".(GETPOST('theme','alpha')?GETPOST('theme','alpha'):$conf->theme)."/style.css.php"; $themepath=dol_buildpath($conf->css,1); if (! empty($conf->modules_parts['theme'])) // This slow down @@ -183,6 +184,7 @@ if (! empty($conf->modules_parts['theme'])) // This slow down } } $conf_css = $themepath."?lang=".$langs->defaultlang; +*/ $jquerytheme = 'smoothness'; if (! empty($conf->global->MAIN_USE_JQUERY_THEME)) $jquerytheme = $conf->global->MAIN_USE_JQUERY_THEME; diff --git a/htdocs/website/class/website.class.php b/htdocs/website/class/website.class.php index 2a1af0f2a80..1291e54840c 100644 --- a/htdocs/website/class/website.class.php +++ b/htdocs/website/class/website.class.php @@ -107,6 +107,8 @@ class Website extends CommonObject */ public function create(User $user, $notrigger = false) { + global $conf; + dol_syslog(__METHOD__, LOG_DEBUG); $error = 0; @@ -129,7 +131,7 @@ class Website extends CommonObject if (empty($this->date_modification)) $this->date_modification = $now; // Check parameters - // Put here code to add control on parameters values + if (empty($this->entity)) { $this->entity = $conf->entity; } // Insert request $sql = 'INSERT INTO ' . MAIN_DB_PREFIX . $this->table_element . '('; diff --git a/htdocs/website/index.php b/htdocs/website/index.php index d716fd4a9ad..3f50b9e9b4f 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -605,7 +605,7 @@ if ($action == 'addcontainer') if (! dol_is_file($filehtmlheader)) { - $htmlheadercontent = ""; + $htmlheadercontent = "\n\n"; $result=dolSaveHtmlHeader($filehtmlheader, $htmlheadercontent); } @@ -1616,7 +1616,7 @@ $head = array(); /* - * Edit mode + * Edit Site HTML header of CSS */ if ($action == 'editcss') @@ -1624,28 +1624,53 @@ if ($action == 'editcss') print '
'; print '
'; - - $csscontent = @file_get_contents($filecss); - // Clean the php css file to remove php code and get only css part - $csscontent = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP \?>\n*/ims', '', $csscontent); - $csscontent.= GETPOST('WEBSITE_CSS_INLINE'); + if (GETPOST('editcss','alpha') || GETPOST('refreshpage','alpha')) + { + $csscontent = @file_get_contents($filecss); + // Clean the php css file to remove php code and get only css part + $csscontent = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP \?>\n*/ims', '', $csscontent); + } + else + { + $csscontent = GETPOST('WEBSITE_CSS_INLINE'); + } if (! trim($csscontent)) $csscontent='/* CSS content (all pages) */'."\n".'body.bodywebsite { margin: 0; }'; - $jscontent = @file_get_contents($filejs); - // Clean the php js file to remove php code and get only js part - $jscontent = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP \?>\n*/ims', '', $jscontent); - $jscontent.= GETPOST('WEBSITE_JS_INLINE'); + if (GETPOST('editcss','alpha') || GETPOST('refreshpage','alpha')) + { + $jscontent = @file_get_contents($filejs); + // Clean the php js file to remove php code and get only js part + $jscontent = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP \?>\n*/ims', '', $jscontent); + } + else + { + $jscontent = GETPOST('WEBSITE_JS_INLINE'); + } if (! trim($jscontent)) $jscontent='/* JS content (all pages) */'."\n"; - $htmlheader = @file_get_contents($filehtmlheader); - // Clean the php htmlheader file to remove php code and get only html part - $htmlheader = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP \?>\n*/ims', '', $htmlheader); - if (! trim($htmlheader)) $htmlheader=''; + if (GETPOST('editcss','alpha') || GETPOST('refreshpage','alpha')) + { + $htmlheader = @file_get_contents($filehtmlheader); + // Clean the php htmlheader file to remove php code and get only html part + $htmlheader = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP \?>\n*/ims', '', $htmlheader); + } + else + { + $htmlheader = GETPOST('WEBSITE_HTML_HEADER'); + } + if (! trim($htmlheader)) $htmlheader="\n\n"; else $htmlheader=''."\n".trim($htmlheader)."\n".''; - $robotcontent = @file_get_contents($filerobot); - // Clean the php htmlheader file to remove php code and get only html part - $robotcontent = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP \?>\n*/ims', '', $robotcontent); + if (GETPOST('editcss','alpha') || GETPOST('refreshpage','alpha')) + { + $robotcontent = @file_get_contents($filerobot); + // Clean the php htmlheader file to remove php code and get only html part + $robotcontent = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP \?>\n*/ims', '', $robotcontent); + } + else + { + $robotcontent = GETPOST('WEBSITE_ROBOT'); + } if (! trim($robotcontent)) { $robotcontent.="# Robot file. Generated with ".DOL_APPLICATION_TITLE."\n"; @@ -1654,9 +1679,16 @@ if ($action == 'editcss') $robotcontent.="Disallow: /administrator/\n"; } - $htaccesscontent = @file_get_contents($filehtaccess); - // Clean the php htaccesscontent file to remove php code and get only html part - $htaccesscontent = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP \?>\n*/ims', '', $htaccesscontent); + if (GETPOST('editcss','alpha') || GETPOST('refreshpage','alpha')) + { + $htaccesscontent = @file_get_contents($filehtaccess); + // Clean the php htaccesscontent file to remove php code and get only html part + $htaccesscontent = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP \?>\n*/ims', '', $htaccesscontent); + } + else + { + $htaccesscontent = GETPOST('WEBSITE_HTACCESS'); + } if (! trim($htaccesscontent)) { $htaccesscontent.="# Order allow,deny\n"; @@ -1926,7 +1958,12 @@ if ($action == 'editmeta' || $action == 'createcontainer') print ''; print ''; - print $langs->trans('HtmlHeaderPage'); + $htmlhelp=$langs->trans("EditTheWebSiteForACommonHeader").'

'; + $htmlhelp.=$langs->trans("Example").' :
'; + $htmlhelp.='<script src="https://code.jquery.com/jquery-3.2.1.min.js" integrity="sha256-hwg4gsxgFZhOsEEamdOYGBf13FyQuiTwlAQgxVSNgt4=" crossorigin="anonymous" ></script>
'; + $htmlhelp.='<script src="https://code.jquery.com/ui/1.12.1/jquery-ui.js" integrity="sha256-T0Vest3yCU7pafRw9r+settMBX6JkKN06dqBnpQ8d30=" crossorigin="anonymous" ></script>
'; + $htmlhelp.='<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" />
'; + print $form->textwithpicto($langs->trans('HtmlHeaderPage'), $htmlhelp, 1, 'help', '', 0, 2, 'htmlheadertooltip'); print ''; $doleditor=new DolEditor('htmlheader', $pagehtmlheader, '', '220', 'ace', 'In', true, false, 'ace', 0, '100%', ''); print $doleditor->Create(1, '', true, 'HTML Header', 'html'); @@ -2101,237 +2138,3 @@ if ($action == 'preview' || $action == 'createfromclone' || $action == 'createpa llxFooter(); $db->close(); - - - - -/** - * Save content of a page on disk - * - * @param string $filealias Full path of filename to generate - * @param Website $object Object website - * @param WebsitePage $objectpage Object websitepage - * @return boolean True if OK - */ -function dolSavePageAlias($filealias, $object, $objectpage) -{ - global $conf; - - // Now create the .tpl file (duplicate code with actions updatesource or updatecontent but we need this to save new header) - dol_syslog("We regenerate the alias page filealias=".$filealias); - - $aliascontent = 'id.'.tpl.php\'; '; - $aliascontent.= 'else require $dolibarr_main_data_root.\'/website/\'.$website->ref.\'/page'.$objectpage->id.'.tpl.php\';'."\n"; - $aliascontent.= '?>'."\n"; - $result = file_put_contents($filealias, $aliascontent); - if (! empty($conf->global->MAIN_UMASK)) - @chmod($filealias, octdec($conf->global->MAIN_UMASK)); - - return ($result?true:false); -} - - -/** - * Save content of a page on disk - * - * @param string $filetpl Full path of filename to generate - * @param Website $object Object website - * @param WebsitePage $objectpage Object websitepage - * @return boolean True if OK - */ -function dolSavePageContent($filetpl, $object, $objectpage) -{ - global $conf; - - // Now create the .tpl file (duplicate code with actions updatesource or updatecontent but we need this to save new header) - dol_syslog("We regenerate the tpl page filetpl=".$filetpl); - - dol_delete_file($filetpl); - - $shortlangcode = ''; - if ($objectpage->lang) $shortlangcode=preg_replace('/[_-].*$/', '', $objectpage->lang); // en_US or en-US -> en - - $tplcontent =''; - $tplcontent.= "\n"; - $tplcontent.= ''."\n"; - $tplcontent.= ''."\n"; - $tplcontent.= ''.dol_string_nohtmltag($objectpage->title, 0, 'UTF-8').''."\n"; - $tplcontent.= ''."\n"; - $tplcontent.= ''."\n"; - $tplcontent.= ''."\n"; - $tplcontent.= ''."\n"; - $tplcontent.= ''."\n"; - $tplcontent.= ''."\n"; - $tplcontent.= ''."\n"; - $tplcontent.= ''."\n"; - $tplcontent.= ''."\n"; - $tplcontent.= ''."\n"; - $tplcontent.= ''."\n"; - $tplcontent.= 'ref.'/htmlheader.html"); ?>'."\n"; - $tplcontent.= ''."\n"; - $tplcontent.= $objectpage->htmlheader."\n"; - $tplcontent.= ''."\n"; - - $tplcontent.= ''."\n"; - $tplcontent.= ''."\n"; - $tplcontent.= $objectpage->content."\n"; - $tplcontent.= ''."\n"; - $tplcontent.= ''."\n"; - - $tplcontent.= '"."\n"; - - //var_dump($filetpl);exit; - $result = file_put_contents($filetpl, $tplcontent); - if (! empty($conf->global->MAIN_UMASK)) - @chmod($filetpl, octdec($conf->global->MAIN_UMASK)); - - return $result; -} - - -/** - * Save content of a page on disk - * - * @param string $filehtmlheader Full path of filename to generate - * @param string $htmlheadercontent Content of file - * @return boolean True if OK - */ -function dolSaveHtmlHeader($filehtmlheader, $htmlheadercontent) -{ - global $conf, $pathofwebsite; - - dol_syslog("Save html header into ".$filehtmlheader); - - dol_mkdir($pathofwebsite); - $result = file_put_contents($filehtmlheader, $htmlheadercontent); - if (! empty($conf->global->MAIN_UMASK)) - @chmod($filehtmlheader, octdec($conf->global->MAIN_UMASK)); - - if (! $result) - { - setEventMessages('Failed to write file '.$filehtmlheader, null, 'errors'); - return false; - } - - return true; -} - -/** - * Save content of a page on disk - * - * @param string $filecss Full path of filename to generate - * @param string $csscontent Content of file - * @return boolean True if OK - */ -function dolSaveCssFile($filecss, $csscontent) -{ - global $conf, $pathofwebsite; - - dol_syslog("Save html header into ".$filecss); - - dol_mkdir($pathofwebsite); - $result = file_put_contents($filecss, $csscontent); - if (! empty($conf->global->MAIN_UMASK)) - @chmod($filecss, octdec($conf->global->MAIN_UMASK)); - - if (! $result) - { - setEventMessages('Failed to write file '.$filecss, null, 'errors'); - return false; - } - - return true; -} - -/** - * Save content of a page on disk - * - * @param string $filejs Full path of filename to generate - * @param string $jscontent Content of file - * @return boolean True if OK - */ -function dolSaveJsFile($filejs, $jscontent) -{ - global $conf, $pathofwebsite; - - dol_syslog("Save html header into ".$filejs); - - dol_mkdir($pathofwebsite); - $result = file_put_contents($filejs, $jscontent); - if (! empty($conf->global->MAIN_UMASK)) - @chmod($filejs, octdec($conf->global->MAIN_UMASK)); - - if (! $result) - { - setEventMessages('Failed to write file '.$filejs, null, 'errors'); - return false; - } - - return true; -} - -/** - * Save content of a page on disk - * - * @param string $filerobot Full path of filename to generate - * @param string $robotcontent Content of file - * @return boolean True if OK - */ -function dolSaveRobotFile($filerobot, $robotcontent) -{ - global $conf, $pathofwebsite; - - dol_syslog("Save html header into ".$filerobot); - - dol_mkdir($pathofwebsite); - $result = file_put_contents($filerobot, $robotcontent); - if (! empty($conf->global->MAIN_UMASK)) - @chmod($filerobot, octdec($conf->global->MAIN_UMASK)); - - if (! $result) - { - setEventMessages('Failed to write file '.$filerobot, null, 'errors'); - return false; - } - - return true; -} - -/** - * Save content of a page on disk - * - * @param string $filehtaccess Full path of filename to generate - * @param string $htaccess Content of file - * @return boolean True if OK - */ -function dolSaveHtaccessFile($filehtaccess, $htaccess) -{ - global $conf, $pathofwebsite; - - dol_syslog("Save html header into ".$filehtaccess); - - dol_mkdir($pathofwebsite); - $result = file_put_contents($filehtaccess, $htaccess); - if (! empty($conf->global->MAIN_UMASK)) - @chmod($filehtaccess, octdec($conf->global->MAIN_UMASK)); - - if (! $result) - { - setEventMessages('Failed to write file '.$filehtaccess, null, 'errors'); - return false; - } - - return true; -} -