2 /**********************************************************************
3 Copyright (C) FrontAccounting, LLC.
4 Released under the terms of the GNU General Public License, GPL,
5 as published by the Free Software Foundation, either version 3
6 of the License, or (at your option) any later version.
7 This program is distributed in the hope that it will be useful,
8 but WITHOUT ANY WARRANTY; without even the implied warranty of
9 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10 See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
11 ***********************************************************************/
14 var $version = '2.2'; // version installed
16 var $sql = 'alter2.2.sql';
18 var $beta = false; // upgrade from 2.1 or 2.2beta; set in pre_check
21 global $security_groups;
22 $this->beta = !isset($security_groups);
23 $this->description = _('Upgrade from version 2.1/2.2beta to 2.2');
24 $this->preconf = fix_extensions();
28 // Install procedure. All additional changes
29 // not included in sql file should go here.
31 function install($company, $force)
33 global $db, $systypes_array, $db_connections;
38 $pref = $db_connections[$company]['tbpref'];
39 // Until 2.2 sanitizing text input with db_escape was not
40 // consequent enough. To avoid comparision problems we have to
42 sanitize_database($pref);
44 if ($this->beta) // nothing more to be done on upgrade from 2.2beta
47 // set item category dflt accounts to values from company GL setup
48 $prefs = get_company_prefs();
49 $sql = "UPDATE ".TB_PREF."stock_category SET "
50 ."dflt_sales_act = '" . $prefs['default_inv_sales_act'] . "',"
51 ."dflt_cogs_act = '". $prefs['default_cogs_act'] . "',"
52 ."dflt_inventory_act = '" . $prefs['default_inventory_act'] . "',"
53 ."dflt_adjustment_act = '" . $prefs['default_adj_act'] . "',"
54 ."dflt_assembly_act = '" . $prefs['default_assembly_act']."'";
55 if (db_query($sql)==false) {
56 display_error("Cannot update category default GL accounts"
57 .':<br>'. db_error_msg($db));
60 // add all references to refs table for easy searching via journal interface
61 foreach($systypes_array as $typeno => $typename) {
62 $info = get_systype_db_info($typeno);
63 if ($info == null || $info[3] == null) continue;
65 $sql = "SELECT DISTINCT {$info[2]} as id,{$info[3]} as ref FROM $tbl";
67 $sql .= " WHERE {$info[1]}=$typeno";
68 $result = db_query($sql);
69 if (db_num_rows($result)) {
70 while ($row = db_fetch($result)) {
71 $res2 = db_query("INSERT INTO ".TB_PREF."refs VALUES("
72 . $row['id'].",".$typeno.",'".$row['ref']."')");
74 display_error(_("Cannot copy references from $tbl")
75 .':<br>'. db_error_msg($db));
82 if (!($ret = db_query("SELECT MAX(`order_no`) FROM `".TB_PREF."sales_orders`")) ||
85 display_error(_('Cannot query max sales order number.'));
88 $row = db_fetch($ret);
90 $next_ref = $max_order+1;
91 $sql = "UPDATE `".TB_PREF."sys_types`
92 SET `type_no`='$max_order',`next_reference`='$next_ref'
96 display_error(_('Cannot store next sales order reference.'));
99 return convert_roles($pref);
102 // Checking before install
104 function pre_check($pref, $force)
106 global $security_groups;
108 if ($this->beta && !$force)
109 $this->sql = 'alter2.2rc.sql';
110 // return ok when security groups still defined (upgrade from 2.1)
111 // or usersonline not defined (upgrade from 2.2 beta)
112 return isset($security_groups) || (check_table($pref, 'usersonline')!=0);
115 // Test if patch was applied before.
117 function installed($pref) {
118 $n = 1; // number of patches to be installed
122 if (check_table($pref, 'company')) // skip in 2.3
125 if (check_table($pref, 'company', 'custom1_name')) $patchcnt++;
126 if (!check_table($pref, 'company', 'profit_loss_year_act')) $patchcnt++;
127 if (!check_table($pref, 'company', 'login_tout')) $patchcnt++;
129 if (!check_table($pref, 'stock_category', 'dflt_no_sale')) $patchcnt++;
130 if (!check_table($pref, 'users', 'sticky_doc_date')) $patchcnt++;
131 if (!check_table($pref, 'users', 'startup_tab')) $patchcnt++;
132 if (!check_table($pref, 'cust_branch', 'inactive')) $patchcnt++;
133 if (!check_table($pref, 'chart_class', 'ctype')) $patchcnt++;
134 if (!check_table($pref, 'audit_trail')) $patchcnt++;
135 if (!check_table($pref, 'currencies', 'auto_update')) $patchcnt++;
136 if (!check_table($pref, 'stock_master','no_sale')) $patchcnt++;
137 if (!check_table($pref, 'suppliers', 'supp_ref')) $patchcnt++;
138 if (!check_table($pref, 'users', 'role_id')) $patchcnt++;
139 if (!check_table($pref, 'sales_orders', 'reference')) $patchcnt++;
140 if (!check_table($pref, 'tags')) $patchcnt++;
142 if (!check_table($pref, 'useronline')) $patchcnt++;
145 return $n == 0 ? true : $patchcnt;
150 Conversion of old security roles stored into $security_groups table
152 function convert_roles($pref)
154 global $security_groups, $security_headings, $security_areas, $path_to_root;
155 include_once($path_to_root."/includes/access_levels.inc");
158 1 => array('SA_CHGPASSWD', 'SA_SETUPDISPLAY', 'SA_BANKTRANSVIEW',
159 'SA_ITEMSTRANSVIEW','SA_SUPPTRANSVIEW', 'SA_SALESORDER',
160 'SA_SALESALLOC', 'SA_SALESTRANSVIEW'),
161 2 => array('SA_DIMTRANSVIEW', 'SA_STANDARDCOST', 'SA_ITEMSTRANSVIEW',
162 'SA_ITEMSSTATVIEW', 'SA_SALESPRICE', 'SA_MANUFTRANSVIEW',
163 'SA_WORKORDERANALYTIC', 'SA_WORKORDERCOST', 'SA_SUPPTRANSVIEW',
164 'SA_SUPPLIERALLOC', 'SA_STEMPLATE', 'SA_SALESTRANSVIEW',
165 'SA_SALESINVOICE', 'SA_SALESDELIVERY', 'SA_CUSTPAYMREP',
166 'SA_CUSTBULKREP', 'SA_PRICEREP', 'SA_SALESBULKREP', 'SA_SALESMANREP',
167 'SA_SALESBULKREP', 'SA_CUSTSTATREP', 'SA_SUPPLIERANALYTIC',
168 'SA_SUPPPAYMREP', 'SA_SUPPBULKREP', 'SA_ITEMSVALREP', 'SA_ITEMSANALYTIC',
169 'SA_BOMREP', 'SA_MANUFBULKREP', 'SA_DIMENSIONREP', 'SA_BANKREP', 'SA_GLREP',
170 'SA_GLANALYTIC', 'SA_TAXREP', 'SA_SALESANALYTIC', 'SA_SALESQUOTE'),
171 3 => array('SA_GLACCOUNTGROUP', 'SA_GLACCOUNTCLASS','SA_PAYMENT',
172 'SA_DEPOSIT', 'SA_JOURNALENTRY', 'SA_INVENTORYMOVETYPE',
173 'SA_LOCATIONTRANSFER', 'SA_INVENTORYADJUSTMENT', 'SA_WORKCENTRES',
174 'SA_MANUFISSUE', 'SA_SUPPLIERALLOC', 'SA_CUSTOMER', 'SA_CRSTATUS',
175 'SA_SALESMAN', 'SA_SALESAREA', 'SA_SALESALLOC', 'SA_SALESCREDITINV',
176 'SA_SALESPAYMNT', 'SA_SALESCREDIT', 'SA_SALESGROUP', 'SA_SRECURRENT',
177 'SA_TAXRATES', 'SA_ITEMTAXTYPE', 'SA_TAXGROUPS', 'SA_QUICKENTRY'),
178 4 => array('SA_REORDER', 'SA_PURCHASEPRICING', 'SA_PURCHASEORDER'),
179 5 => array('SA_VIEWPRINTTRANSACTION', 'SA_BANKTRANSFER', 'SA_SUPPLIER',
180 'SA_SUPPLIERINVOICE', 'SA_SUPPLIERPAYMNT', 'SA_SUPPLIERCREDIT'),
181 8 => array('SA_ATTACHDOCUMENT', 'SA_RECONCILE', 'SA_GLANALYTIC',
182 'SA_TAXREP', 'SA_BANKTRANSVIEW', 'SA_GLTRANSVIEW'),
183 9 => array('SA_FISCALYEARS', 'SA_CURRENCY', 'SA_EXCHANGERATE',
185 10 => array('SA_PAYTERMS', 'SA_GLSETUP', 'SA_SETUPCOMPANY',
186 'SA_FORMSETUP', 'SA_DIMTRANSVIEW', 'SA_DIMENSION', 'SA_BANKACCOUNT',
187 'SA_GLACCOUNT', 'SA_BUDGETENTRY', 'SA_MANUFRECEIVE',
188 'SA_MANUFRELEASE', 'SA_WORKORDERENTRY', 'SA_MANUFTRANSVIEW',
190 11 => array('SA_ITEMCATEGORY', 'SA_ITEM', 'SA_UOM', 'SA_INVENTORYLOCATION',
191 'SA_GRN', 'SA_FORITEMCODE', 'SA_SALESKIT'),
192 14 => array('SA_SHIPPING', 'SA_VOIDTRANSACTION', 'SA_SALESTYPES'),
193 15 => array('SA_PRINTERS', 'SA_PRINTPROFILE', 'SA_BACKUP', 'SA_USERS',
195 20 => array('SA_CREATECOMPANY', 'SA_CREATELANGUAGE', 'SA_CREATEMODULES',
196 'SA_SOFTWAREUPGRADE', 'SA_SECROLES', 'SA_DIMTAGS', 'SA_GLACCOUNTTAGS')
199 foreach ($security_groups as $role_id => $areas) {
202 foreach ($areas as $a) {
203 if (isset($trans_sec[$a]))
204 foreach ($trans_sec[$a] as $id) {
205 if ($security_areas[$id][0] != 0)
206 // error_log('invalid area id: '.$a.':'.$id);
207 $area_set[] = $security_areas[$id][0];
208 $sections[$security_areas[$id][0]&~0xff] = 1;
211 $sections = array_keys($sections);
212 sort($sections); sort($area_set);
213 import_security_role($security_headings[$role_id], $sections, $area_set);
214 $new_ids[$role_id] = db_insert_id();
216 $result = get_users(true);
218 while($row = db_fetch($result)) { // complete old user ids and roles
219 $users[$row['role_id']][] = $row['id'];
221 foreach($users as $old_id => $uids)
222 foreach( $uids as $id) {
223 $sql = "UPDATE ".TB_PREF."users set role_id=".$new_ids[$old_id].
225 $ret = db_query($sql, 'cannot update users roles');
226 if(!$ret) return false;
231 function import_security_role($name, $sections, $areas)
233 $sql = "INSERT INTO ".TB_PREF."security_roles (role, description, sections, areas)
234 VALUES (".db_escape('FA 2.1 '.$name).",".db_escape($name).","
235 .db_escape(implode(';',$sections)).",".db_escape(implode(';',$areas)).")";
237 db_query($sql, "could not add new security role");
241 Changes in extensions system.
242 This function is executed once on first Upgrade System display.
244 function fix_extensions() {
245 global $path_to_root, $db_connections;
247 if (!file_exists($path_to_root.'/modules/installed_modules.php'))
248 return true; // already converted
250 if (!is_writable($path_to_root.'/modules/installed_modules.php')) {
251 display_error(_('Cannot upgrade extensions system: file /modules/installed_modules.php is not writeable'));
256 include($path_to_root.'/installed_extensions.php');
257 foreach($installed_extensions as $ext) {
258 $ext['filename'] = $ext['app_file']; unset($ext['app_file']);
259 $ext['tab'] = $ext['name'];
260 $ext['name'] = access_string($ext['title'], true);
261 $ext['path'] = $ext['folder']; unset($ext['folder']);
262 $ext['type'] = 'module';
263 $ext['active'] = '1';
267 include($path_to_root.'/modules/installed_modules.php');
268 foreach($installed_modules as $mod) {
269 $mod['title'] = $mod['name'];
270 $mod['name'] = access_string($mod['name'], true);
271 $mod['type'] = 'plugin';
272 $ext['active'] = '1';
275 if (!write_extensions($exts))
278 $cnt = count($db_connections);
279 for ($i = 0; $i < $cnt; $i++)
280 write_extensions($exts, $i);
282 unlink($path_to_root.'/modules/installed_modules.php');
287 Find and update all database records with special chars in text fields
288 to ensure all of them are changed to html entites.
290 function sanitize_database($pref, $test = false) {
293 error_log('Sanitizing database ...');
295 $tsql = "SHOW TABLES LIKE '".($pref=='' ? '' : substr($pref,0,-1).'\\_')."%'";
296 $tresult = db_query($tsql, "Cannot select all tables with prefix '$pref'");
297 while($tbl = db_fetch($tresult)) {
299 $csql = "SHOW COLUMNS FROM $table";
300 $cresult = db_query($csql, "Cannot select column names for table '$table'");
301 $textcols = $keys = array();
302 while($col = db_fetch($cresult)) {
303 if (strpos($col['Type'], 'char')!==false
304 || strpos($col['Type'], 'text')!==false)
305 $textcols[] = '`'.$col['Field'].'`';
306 if ($col['Key'] == 'PRI') {
307 $keys[] = '`'.$col['Field'].'`';
311 if (empty($keys)) { // comments table have no primary key, so give up
315 error_log("Table $table (".implode(',',$keys)."):(".implode(',',$textcols)."):");
317 if (!count($textcols)) continue;
319 // fetch all records containing special characters in text fields
320 $sql = "SELECT ".implode(',', array_unique(array_merge($keys,$textcols)))
321 ." FROM {$table} WHERE
322 CONCAT(".implode(',', $textcols).") REGEXP '[\\'\"><&]'";
323 $result = db_query($sql, "Cannot select all suspicious fields in $table");
326 while($rec= db_fetch($result)) {
327 $sql = "UPDATE {$table} SET ";
328 $val = $key = array();
329 foreach ($textcols as $f) {
330 $val[] = $f.'='.db_escape($rec[substr($f,1,-1)]);
332 $sql .= implode(',', $val). ' WHERE ';
333 foreach ($keys as $k) {
334 $key[] = $k.'=\''.$rec[substr($k,1,-1)].'\'';
336 $sql .= implode( ' AND ', $key);
338 error_log("\t(".implode(',',$val).") updated");
340 db_query($sql, 'cannot update record');
344 error_log('Sanitizing done.');
347 $install = new fa2_2;