X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fcreate_coy.php;h=1ee6d4003cd34341573d1a357bad1b0dd3ed4e15;hb=a0a0a0e1318042034fe5652caa69b034200c8a90;hp=eec636487124d29189ea3176a75d149372529ad3;hpb=e8ae3516539a520338117f25d401c0fc234973a4;p=fa-stable.git

diff --git a/admin/create_coy.php b/admin/create_coy.php
index eec63648..1ee6d400 100644
--- a/admin/create_coy.php
+++ b/admin/create_coy.php
@@ -9,7 +9,7 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
-$page_security = 20;
+$page_security = 'SA_CREATECOMPANY';
 $path_to_root="..";
 include_once($path_to_root . "/includes/session.inc");
 
@@ -18,7 +18,7 @@ include_once($path_to_root . "/admin/db/company_db.inc");
 include_once($path_to_root . "/admin/db/maintenance_db.inc");
 include_once($path_to_root . "/includes/ui.inc");
 
-page(_("Create/Update Company"));
+page(_($help_context = "Create/Update Company"));
 
 $comp_subdirs = array('images', 'pdf_files', 'backup','js_cache', 'reporting', 'attachments');
 
@@ -52,7 +52,7 @@ function check_data()
 				display_error(_("This database settings are already used by another company."));
 				return false;
 			}
-			if ($_POST['tbpref'] == 0 || $con['tbpref'] == '')
+			if (($_POST['tbpref'] == 0) ^ ($con['tbpref'] == ''))
 			{
 				display_error(_("You cannot have table set without prefix together with prefixed sets in the same database."));
 				return false;
@@ -80,10 +80,10 @@ function remove_connection($id) {
 function handle_submit()
 {
 	global $db_connections, $def_coy, $tb_pref_counter, $db,
-	    $comp_path, $comp_subdirs;
+	    $comp_subdirs, $path_to_root;
 
 	$new = false;
-
+	$error = false;
 	if (!check_data())
 		return false;
 
@@ -115,25 +115,41 @@ function handle_submit()
 		if (($db = db_create_db($conn)) == 0)
 		{
 			display_error(_("Error creating Database: ") . $conn['dbname'] . _(", Please create it manually"));
+			$error = true;
+		} else {
+
+			$filename = $_FILES['uploadfile']['tmp_name'];
+			if (is_uploaded_file ($filename))
+			{
+				if (!db_import($filename, $conn, $id)) {
+					display_error(_('Cannot create new company due to bugs in sql file.'));
+					$error = true;
+				} else
+				if (isset($_POST['admpassword']) && $_POST['admpassword'] != "")
+					update_admin_password($conn, md5($_POST['admpassword']));
+			}
+			else
+			{
+				display_error(_("Error uploading Database Script, please upload it manually"));
+				$error = true;
+			}
+		}
+		set_global_connection();
+		if ($error) {
 			remove_connection($id);
-			set_global_connection();
 			return false;
 		}
-
-		$filename = $_FILES['uploadfile']['tmp_name'];
-		if (is_uploaded_file ($filename))
-		{
-			db_import($filename, $conn, $id);
-			if (isset($_POST['admpassword']) && $_POST['admpassword'] != "")
+	} else {
+		if ($_GET['c'] = 'u') {
+			$conn = $db_connections[$id];
+			if (($db = db_create_db($conn)) == 0)
+			{
+				display_error(_("Error connecting to Database: ") . $conn['dbname'] . _(", Please correct it"));
+				$error = true;
+			} else {
 				db_query("UPDATE ".$conn['tbpref']."users set password = '".md5($_POST['admpassword']). "' WHERE user_id = 'admin'");
+			}
 		}
-		else
-		{
-			display_error(_("Error uploading Database Script, please upload it manually"));
-			set_global_connection();
-			return false;
-		}
-		set_global_connection();
 	}
 	$error = write_config_db($new);
 	if ($error == -1)
@@ -149,8 +165,11 @@ function handle_submit()
 
 	if ($new)
 	{
-		create_comp_dirs("$comp_path/$id", $comp_subdirs);
+		create_comp_dirs(company_path($id), $comp_subdirs);
 	}
+	$exts = get_company_extensions();
+	write_extensions($exts, $id);
+	display_notification($new ? _('New company has been created.') : _('Company has been updated.'));
 	return true;
 }
 
@@ -158,22 +177,40 @@ function handle_submit()
 
 function handle_delete()
 {
-	global $comp_path, $def_coy, $db_connections, $comp_subdirs;
+	global $def_coy, $db_connections, $comp_subdirs, $path_to_root;
 
 	$id = $_GET['id'];
 
-	$cdir = $comp_path.'/'.$id;
-	@flush_dir($cdir);
-	if (!rmdir($cdir))
+	// First make sure all company directories from the one under removal are writable. 
+	// Without this after operation we end up with changed per-company owners!
+	for($i = $id; $i < count($db_connections); $i++) {
+			$comp_path = company_path($i);
+		if (!is_dir($comp_path.'/'.$i) || !is_writable($comp_path.'/'.$i)) {
+			display_error(_('Broken company subdirectories system. You have to remove this company manually.'));
+			return;
+		}
+	}
+	// make sure config file is writable
+	if (!is_writeable($path_to_root . "/config_db.php"))
 	{
-		display_error(_("Cannot remove company data directory ") . $cdir);
+		display_error(_("The configuration file ") . $path_to_root . "/config_db.php" . _(" is not writable. Change its permissions so it is, then re-run the operation."));
 		return;
 	}
-	for($i = $id+1; $i < count($db_connections); $i++) {
-		if (!rename($comp_path.'/'.$i, $comp_path.'/'.($i-1))) {
+	// rename directory to temporary name to ensure all
+	// other subdirectories will have right owners even after
+	// unsuccessfull removal.
+	$cdir = company_path($id);
+	$tmpname  = company_path('/old_'.$id);
+	if (!@rename($cdir, $tmpname)) {
+		display_error(_('Cannot rename subdirectory to temporary name.'));
+		return;
+	}
+	// 'shift' company directories names
+	for ($i = $id+1; $i < count($db_connections); $i++) {
+		if (!rename(company_path($i), company_path($i-1))) {
 			display_error(_("Cannot rename company subdirectory"));
 			return;
-		}	
+		}
 	}
 	$err = remove_connection($id);
 	if ($err == 0)
@@ -188,17 +225,25 @@ function handle_delete()
 		display_error(_("Cannot write to the configuration file - ") . $path_to_root . "/config_db.php");
 	else if ($error == -3)
 		display_error(_("The configuration file ") . $path_to_root . "/config_db.php" . _(" is not writable. Change its permissions so it is, then re-run the operation."));
-	if ($error != 0)
+	if ($error != 0) {
+		@rename($tmpname, $cdir);
 		return;
-
-	meta_forward($_SERVER['PHP_SELF']);
+	}
+	// finally remove renamed company directory
+	@flush_dir($tmpname, true);
+	if (!@rmdir($tmpname))
+	{
+		display_error(_("Cannot remove temporary renamed company data directory ") . $tmpname);
+		return;
+	}
+	display_notification(_("Selected company as been deleted"));
 }
 
 //---------------------------------------------------------------------------------------------
 
 function display_companies()
 {
-	global $table_style, $def_coy, $db_connections;
+	global $def_coy, $db_connections;
 
 	$coyno = $_SESSION["wa_current_user"]->company;
 
@@ -210,7 +255,7 @@ function display_companies()
 			document.location.replace('create_coy.php?c=df&id='+id)
 		}
 		</script>";
-	start_table($table_style);
+	start_table(TABLESTYLE);
 
 	$th = array(_("Company"), _("Database Host"), _("Database User"),
 		_("Database Name"), _("Table Pref"), _("Default"), "", "");
@@ -257,7 +302,7 @@ function display_companies()
 
 function display_company_edit($selected_id)
 {
-	global $def_coy, $db_connections, $tb_pref_counter, $table_style2;
+	global $def_coy, $db_connections, $tb_pref_counter;
 
 	if ($selected_id != -1)
 		$n = $selected_id;
@@ -273,13 +318,13 @@ function display_company_edit($selected_id)
 				document.forms[0].action='create_coy.php?c=u&ul=1&id=" . $n . "&fn=' + document.forms[0].uploadfile.value
 			}
 			else {
-				document.forms[0].action='create_coy.php?c=u&id=" . $n . "&fn=' + document.forms[0].uploadfile.value
+				document.forms[0].action='create_coy.php?c=u&id=" . $n . "'
 			}
 			document.forms[0].submit()
 		}
 		</script>";
 
-	start_table($table_style2);
+	start_table(TABLESTYLE2);
 
 	if ($selected_id != -1)
 	{
@@ -313,10 +358,7 @@ function display_company_edit($selected_id)
 		label_row(_("Table Pref"), $_POST['tbpref']);
 	yesno_list_row(_("Default"), 'def', null, "", "", false);
 
-	start_row();
-	label_cell(_("Database Script"));
-	label_cell("<input name='uploadfile' type='file'>");
-	end_row();
+	file_row(_("Database Script"), "uploadfile");
 
 	text_row_ex(_("New script Admin Password"), 'admpassword', 20);
 
@@ -331,19 +373,14 @@ function display_company_edit($selected_id)
 
 //---------------------------------------------------------------------------------------------
 
-if (isset($_GET['c']) && $_GET['c'] == 'df')
-{
-
+if (isset($_GET['c']) && $_GET['c'] == 'df') {
 	handle_delete();
+	$selected_id = -1;
 }
 
 if (isset($_GET['c']) && $_GET['c'] == 'u')
-{
 	if (handle_submit())
-	{
-		meta_forward($_SERVER['PHP_SELF']);
-	}
-}
+		$selected_id = -1;
 
 
 //---------------------------------------------------------------------------------------------