X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fcreate_coy.php;h=ef6c93f8711658f4eeb4943bbfa4f0dfa3bd1ed1;hb=02dd4aefa3e3babb64d61140bb7f7de14e37f755;hp=eec636487124d29189ea3176a75d149372529ad3;hpb=e8ae3516539a520338117f25d401c0fc234973a4;p=fa-stable.git

diff --git a/admin/create_coy.php b/admin/create_coy.php
index eec63648..ef6c93f8 100644
--- a/admin/create_coy.php
+++ b/admin/create_coy.php
@@ -9,7 +9,7 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
-$page_security = 20;
+$page_security = 'SA_CREATECOMPANY';
 $path_to_root="..";
 include_once($path_to_root . "/includes/session.inc");
 
@@ -18,7 +18,7 @@ include_once($path_to_root . "/admin/db/company_db.inc");
 include_once($path_to_root . "/admin/db/maintenance_db.inc");
 include_once($path_to_root . "/includes/ui.inc");
 
-page(_("Create/Update Company"));
+page(_($help_context = "Create/Update Company"));
 
 $comp_subdirs = array('images', 'pdf_files', 'backup','js_cache', 'reporting', 'attachments');
 
@@ -52,7 +52,7 @@ function check_data()
 				display_error(_("This database settings are already used by another company."));
 				return false;
 			}
-			if ($_POST['tbpref'] == 0 || $con['tbpref'] == '')
+			if (($_POST['tbpref'] == 0) ^ ($con['tbpref'] == ''))
 			{
 				display_error(_("You cannot have table set without prefix together with prefixed sets in the same database."));
 				return false;
@@ -80,10 +80,10 @@ function remove_connection($id) {
 function handle_submit()
 {
 	global $db_connections, $def_coy, $tb_pref_counter, $db,
-	    $comp_path, $comp_subdirs;
+	    $comp_path, $comp_subdirs, $path_to_root;
 
 	$new = false;
-
+	$error = false;
 	if (!check_data())
 		return false;
 
@@ -115,25 +115,30 @@ function handle_submit()
 		if (($db = db_create_db($conn)) == 0)
 		{
 			display_error(_("Error creating Database: ") . $conn['dbname'] . _(", Please create it manually"));
-			remove_connection($id);
-			set_global_connection();
-			return false;
-		}
+			$error = true;
+		} else {
 
-		$filename = $_FILES['uploadfile']['tmp_name'];
-		if (is_uploaded_file ($filename))
-		{
-			db_import($filename, $conn, $id);
-			if (isset($_POST['admpassword']) && $_POST['admpassword'] != "")
-				db_query("UPDATE ".$conn['tbpref']."users set password = '".md5($_POST['admpassword']). "' WHERE user_id = 'admin'");
+			$filename = $_FILES['uploadfile']['tmp_name'];
+			if (is_uploaded_file ($filename))
+			{
+				if (!db_import($filename, $conn, $id)) {
+					display_error(_('Cannot create new company due to bugs in sql file.'));
+					$error = true;
+				} else
+				if (isset($_POST['admpassword']) && $_POST['admpassword'] != "")
+					update_admin_password($conn, md5($_POST['admpassword']));
+			}
+			else
+			{
+				display_error(_("Error uploading Database Script, please upload it manually"));
+				$error = true;
+			}
 		}
-		else
-		{
-			display_error(_("Error uploading Database Script, please upload it manually"));
-			set_global_connection();
+		set_global_connection();
+		if ($error) {
+			remove_connection($id);
 			return false;
 		}
-		set_global_connection();
 	}
 	$error = write_config_db($new);
 	if ($error == -1)
@@ -151,6 +156,9 @@ function handle_submit()
 	{
 		create_comp_dirs("$comp_path/$id", $comp_subdirs);
 	}
+	$exts = get_company_extensions();
+	write_extensions($exts, $id);
+	display_notification($new ? _('New company has been created.') : _('Company has been updated.'));
 	return true;
 }
 
@@ -158,22 +166,39 @@ function handle_submit()
 
 function handle_delete()
 {
-	global $comp_path, $def_coy, $db_connections, $comp_subdirs;
+	global $comp_path, $def_coy, $db_connections, $comp_subdirs, $path_to_root;
 
 	$id = $_GET['id'];
 
-	$cdir = $comp_path.'/'.$id;
-	@flush_dir($cdir);
-	if (!rmdir($cdir))
+	// First make sure all company directories from the one under removal are writable. 
+	// Without this after operation we end up with changed per-company owners!
+	for($i = $id; $i < count($db_connections); $i++) {
+		if (!is_dir($comp_path.'/'.$i) || !is_writable($comp_path.'/'.$i)) {
+			display_error(_('Broken company subdirectories system. You have to remove this company manually.'));
+			return;
+		}
+	}
+	// make sure config file is writable
+	if (!is_writeable($path_to_root . "/config_db.php"))
 	{
-		display_error(_("Cannot remove company data directory ") . $cdir);
+		display_error(_("The configuration file ") . $path_to_root . "/config_db.php" . _(" is not writable. Change its permissions so it is, then re-run the operation."));
 		return;
 	}
-	for($i = $id+1; $i < count($db_connections); $i++) {
+	// rename directory to temporary name to ensure all
+	// other subdirectories will have right owners even after
+	// unsuccessfull removal.
+	$cdir = $comp_path.'/'.$id;
+	$tmpname  = $comp_path.'/old_'.$id;
+	if (!@rename($cdir, $tmpname)) {
+		display_error(_('Cannot rename subdirectory to temporary name.'));
+		return;
+	}
+	// 'shift' company directories names
+	for ($i = $id+1; $i < count($db_connections); $i++) {
 		if (!rename($comp_path.'/'.$i, $comp_path.'/'.($i-1))) {
 			display_error(_("Cannot rename company subdirectory"));
 			return;
-		}	
+		}
 	}
 	$err = remove_connection($id);
 	if ($err == 0)
@@ -188,10 +213,18 @@ function handle_delete()
 		display_error(_("Cannot write to the configuration file - ") . $path_to_root . "/config_db.php");
 	else if ($error == -3)
 		display_error(_("The configuration file ") . $path_to_root . "/config_db.php" . _(" is not writable. Change its permissions so it is, then re-run the operation."));
-	if ($error != 0)
+	if ($error != 0) {
+		@rename($tmpname, $cdir);
 		return;
-
-	meta_forward($_SERVER['PHP_SELF']);
+	}
+	// finally remove renamed company directory
+	@flush_dir($tmpname, true);
+	if (!@rmdir($tmpname))
+	{
+		display_error(_("Cannot remove temporary renamed company data directory ") . $tmpname);
+		return;
+	}
+	display_notification(_("Selected company as been deleted"));
 }
 
 //---------------------------------------------------------------------------------------------
@@ -331,19 +364,14 @@ function display_company_edit($selected_id)
 
 //---------------------------------------------------------------------------------------------
 
-if (isset($_GET['c']) && $_GET['c'] == 'df')
-{
-
+if (isset($_GET['c']) && $_GET['c'] == 'df') {
 	handle_delete();
+	$selected_id = -1;
 }
 
 if (isset($_GET['c']) && $_GET['c'] == 'u')
-{
 	if (handle_submit())
-	{
-		meta_forward($_SERVER['PHP_SELF']);
-	}
-}
+		$selected_id = -1;
 
 
 //---------------------------------------------------------------------------------------------