sql/alter2.2.php

   1 <?php
   2 /**********************************************************************
   3     Copyright (C) FrontAccounting, LLC.
   4         Released under the terms of the GNU General Public License, GPL,
   5         as published by the Free Software Foundation, either version 3
   6         of the License, or (at your option) any later version.
   7     This program is distributed in the hope that it will be useful,
   8     but WITHOUT ANY WARRANTY; without even the implied warranty of
   9     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  10     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
  11 ***********************************************************************/
  12
  13 class fa2_2 {
  14         var $version = '2.2';   // version installed
  15         var $description;
  16         var $sql = 'alter2.2.sql';
  17         var $preconf = true;
  18         var $beta = false; // upgrade from 2.1 or 2.2beta; set in pre_check
  19
  20         function fa2_2() {
  21                 global $security_groups;
  22                 $this->beta = !isset($security_groups);
  23                 $this->description = _('Upgrade from version 2.1/2.2beta to 2.2');
  24                 $this->preconf = fix_extensions();
  25         }
  26
  27         //
  28         //      Install procedure. All additional changes
  29         //      not included in sql file should go here.
  30         //
  31         function install($company, $force)
  32         {
  33                 global $db, $systypes_array, $db_connections;
  34
  35                 if (!$this->preconf)
  36                         return false;
  37
  38                 $pref = $db_connections[$company]['tbpref'];
  39                 // Until 2.2 sanitizing text input with db_escape was not
  40                 // consequent enough. To avoid comparision problems we have to
  41                 // fix this now.
  42                 sanitize_database($pref);
  43
  44                 if ($this->beta)        // nothing more to be done on upgrade from 2.2beta
  45                         return true;
  46
  47                 // set item category dflt accounts to values from company GL setup
  48                 $prefs = get_company_prefs();
  49                 $sql = "UPDATE ".TB_PREF."stock_category SET "
  50                         ."dflt_sales_act = '" . $prefs['default_inv_sales_act'] . "',"
  51                         ."dflt_cogs_act = '". $prefs['default_cogs_act'] . "',"
  52                         ."dflt_inventory_act = '" . $prefs['default_inventory_act'] . "',"
  53                         ."dflt_adjustment_act = '" . $prefs['default_adj_act'] . "',"
  54                         ."dflt_assembly_act = '" . $prefs['default_assembly_act']."'";
  55                 if (db_query($sql)==false) {
  56                         display_error("Cannot update category default GL accounts"
  57                         .':<br>'. db_error_msg($db));
  58                         return false;
  59                 }
  60                 // add all references to refs table for easy searching via journal interface
  61                 foreach($systypes_array as $typeno => $typename) {
  62                         $info = get_systype_db_info($typeno);
  63                         if ($info == null || $info[3] == null) continue;
  64                         $tbl = $info[0];
  65                         $sql = "SELECT DISTINCT {$info[2]} as id,{$info[3]} as ref FROM $tbl";
  66                         if ($info[1])
  67                                 $sql .= " WHERE {$info[1]}=$typeno";
  68                         $result = db_query($sql);
  69                         if (db_num_rows($result)) {
  70                                 while ($row = db_fetch($result)) {
  71                                         $res2 = db_query("INSERT INTO ".TB_PREF."refs VALUES("
  72                                                 . $row['id'].",".$typeno.",'".$row['ref']."')");
  73                                         if (!$res2) {
  74                                                 display_error(_("Cannot copy references from $tbl")
  75                                                         .':<br>'. db_error_msg($db));
  76                                                 return false;
  77                                         }
  78                                 }
  79                         }
  80                 }
  81
  82                 if (!($ret = db_query("SELECT MAX(`order_no`) FROM `".TB_PREF."sales_orders`")) ||
  83                         !db_num_rows($ret))
  84                 {
  85                                 display_error(_('Cannot query max sales order number.'));
  86                                 return false;
  87                 }
  88                 $row = db_fetch($ret);
  89                 $max_order = $row[0];
  90                 $next_ref = $max_order+1;
  91                 $sql = "UPDATE `".TB_PREF."sys_types`
  92                         SET `type_no`='$max_order',`next_reference`='$next_ref'
  93                         WHERE `type_id`=30";
  94                 if(!db_query($sql))
  95                 {
  96                         display_error(_('Cannot store next sales order reference.'));
  97                         return false;
  98                 }
  99                 return convert_roles($pref);
 100         }
 101         //
 102         //      Checking before install
 103         //
 104         function pre_check($pref, $force)
 105         {
 106                 global $security_groups;
 107
 108                 if ($this->beta && !$force)
 109                         $this->sql = 'alter2.2rc.sql';
 110                 // return ok when security groups still defined (upgrade from 2.1)
 111                 // or usersonline not defined (upgrade from 2.2 beta)
 112                 return isset($security_groups) || (check_table($pref, 'usersonline')!=0);
 113         }
 114         //
 115         //      Test if patch was applied before.
 116         //
 117         function installed($pref) {
 118                 $n = 1; // number of patches to be installed
 119                 $patchcnt = 0;
 120                 if (!$this->beta) {
 121                         $n = 16;
 122                         if (check_table($pref, 'company')) // skip in 2.3
 123                                 $n -= 3;
 124                         else {
 125                                 if (check_table($pref, 'company', 'custom1_name')) $patchcnt++;
 126                                 if (!check_table($pref, 'company', 'profit_loss_year_act'))     $patchcnt++;
 127                                 if (!check_table($pref, 'company', 'login_tout')) $patchcnt++;
 128                         }
 129                         if (!check_table($pref, 'stock_category', 'dflt_no_sale')) $patchcnt++;
 130                         if (!check_table($pref, 'users', 'sticky_doc_date')) $patchcnt++;
 131                         if (!check_table($pref, 'users', 'startup_tab')) $patchcnt++;
 132                         if (!check_table($pref, 'cust_branch', 'inactive')) $patchcnt++;
 133                         if (!check_table($pref, 'chart_class', 'ctype')) $patchcnt++;
 134                         if (!check_table($pref, 'audit_trail')) $patchcnt++;
 135                         if (!check_table($pref, 'currencies', 'auto_update')) $patchcnt++;
 136                         if (!check_table($pref, 'stock_master','no_sale')) $patchcnt++;
 137                         if (!check_table($pref, 'suppliers', 'supp_ref')) $patchcnt++;
 138                         if (!check_table($pref, 'users', 'role_id')) $patchcnt++;
 139                         if (!check_table($pref, 'sales_orders', 'reference')) $patchcnt++;
 140                         if (!check_table($pref, 'tags')) $patchcnt++;
 141                 }
 142                 if (!check_table($pref, 'useronline')) $patchcnt++;
 143
 144                 $n -= $patchcnt;
 145                 return $n == 0 ? true : $patchcnt;
 146         }
 147 };
 148
 149 /*
 150         Conversion of old security roles stored into $security_groups table
 151 */
 152 function convert_roles($pref)
 153 {
 154                 global $security_groups, $security_headings, $security_areas, $path_to_root;
 155                 include_once($path_to_root."/includes/access_levels.inc");
 156
 157         $trans_sec = array(
 158                 1 => array('SA_CHGPASSWD', 'SA_SETUPDISPLAY', 'SA_BANKTRANSVIEW',
 159                         'SA_ITEMSTRANSVIEW','SA_SUPPTRANSVIEW', 'SA_SALESORDER',
 160                         'SA_SALESALLOC', 'SA_SALESTRANSVIEW'),
 161                 2 => array('SA_DIMTRANSVIEW', 'SA_STANDARDCOST', 'SA_ITEMSTRANSVIEW',
 162                         'SA_ITEMSSTATVIEW', 'SA_SALESPRICE', 'SA_MANUFTRANSVIEW',
 163                         'SA_WORKORDERANALYTIC', 'SA_WORKORDERCOST', 'SA_SUPPTRANSVIEW',
 164                         'SA_SUPPLIERALLOC', 'SA_STEMPLATE', 'SA_SALESTRANSVIEW',
 165                         'SA_SALESINVOICE', 'SA_SALESDELIVERY', 'SA_CUSTPAYMREP',
 166                         'SA_CUSTBULKREP', 'SA_PRICEREP', 'SA_SALESBULKREP', 'SA_SALESMANREP',
 167                         'SA_SALESBULKREP', 'SA_CUSTSTATREP', 'SA_SUPPLIERANALYTIC',
 168                         'SA_SUPPPAYMREP', 'SA_SUPPBULKREP', 'SA_ITEMSVALREP', 'SA_ITEMSANALYTIC',
 169                         'SA_BOMREP', 'SA_MANUFBULKREP', 'SA_DIMENSIONREP', 'SA_BANKREP', 'SA_GLREP',
 170                         'SA_GLANALYTIC', 'SA_TAXREP', 'SA_SALESANALYTIC', 'SA_SALESQUOTE'),
 171                 3 => array('SA_GLACCOUNTGROUP', 'SA_GLACCOUNTCLASS','SA_PAYMENT',
 172                         'SA_DEPOSIT', 'SA_JOURNALENTRY', 'SA_INVENTORYMOVETYPE',
 173                         'SA_LOCATIONTRANSFER', 'SA_INVENTORYADJUSTMENT', 'SA_WORKCENTRES',
 174                         'SA_MANUFISSUE', 'SA_SUPPLIERALLOC', 'SA_CUSTOMER', 'SA_CRSTATUS',
 175                         'SA_SALESMAN', 'SA_SALESAREA', 'SA_SALESALLOC', 'SA_SALESCREDITINV',
 176                         'SA_SALESPAYMNT', 'SA_SALESCREDIT', 'SA_SALESGROUP', 'SA_SRECURRENT',
 177                         'SA_TAXRATES', 'SA_ITEMTAXTYPE', 'SA_TAXGROUPS', 'SA_QUICKENTRY'),
 178                 4 => array('SA_REORDER', 'SA_PURCHASEPRICING', 'SA_PURCHASEORDER'),
 179                 5 => array('SA_VIEWPRINTTRANSACTION', 'SA_BANKTRANSFER', 'SA_SUPPLIER',
 180                         'SA_SUPPLIERINVOICE', 'SA_SUPPLIERPAYMNT', 'SA_SUPPLIERCREDIT'),
 181                 8 => array('SA_ATTACHDOCUMENT', 'SA_RECONCILE', 'SA_GLANALYTIC',
 182                         'SA_TAXREP', 'SA_BANKTRANSVIEW', 'SA_GLTRANSVIEW'),
 183                 9 => array('SA_FISCALYEARS', 'SA_CURRENCY', 'SA_EXCHANGERATE',
 184                         'SA_BOM'),
 185                 10 => array('SA_PAYTERMS', 'SA_GLSETUP', 'SA_SETUPCOMPANY',
 186                         'SA_FORMSETUP', 'SA_DIMTRANSVIEW', 'SA_DIMENSION', 'SA_BANKACCOUNT',
 187                         'SA_GLACCOUNT', 'SA_BUDGETENTRY', 'SA_MANUFRECEIVE',
 188                         'SA_MANUFRELEASE', 'SA_WORKORDERENTRY', 'SA_MANUFTRANSVIEW',
 189                         'SA_WORKORDERCOST'),
 190                 11 => array('SA_ITEMCATEGORY', 'SA_ITEM', 'SA_UOM', 'SA_INVENTORYLOCATION',
 191                          'SA_GRN', 'SA_FORITEMCODE', 'SA_SALESKIT'),
 192                 14 => array('SA_SHIPPING', 'SA_VOIDTRANSACTION', 'SA_SALESTYPES'),
 193                 15 => array('SA_PRINTERS', 'SA_PRINTPROFILE', 'SA_BACKUP', 'SA_USERS',
 194                         'SA_POSSETUP'),
 195                 20 => array('SA_CREATECOMPANY', 'SA_CREATELANGUAGE', 'SA_CREATEMODULES',
 196                         'SA_SOFTWAREUPGRADE', 'SA_SECROLES', 'SA_DIMTAGS', 'SA_GLACCOUNTTAGS')
 197                 );
 198                 $new_ids = array();
 199                 foreach ($security_groups as $role_id => $areas) {
 200                         $area_set = array();
 201                         $sections = array();
 202                         foreach ($areas as $a) {
 203                          if (isset($trans_sec[$a]))
 204                                 foreach ($trans_sec[$a] as $id) {
 205                                  if ($security_areas[$id][0] != 0)
 206 //                                      error_log('invalid area id: '.$a.':'.$id);
 207                                         $area_set[] = $security_areas[$id][0];
 208                                         $sections[$security_areas[$id][0]&~0xff] = 1;
 209                                 }
 210                         }
 211                         $sections  = array_keys($sections);
 212                         sort($sections); sort($area_set);
 213                         import_security_role($security_headings[$role_id], $sections, $area_set);
 214                         $new_ids[$role_id] = db_insert_id();
 215                 }
 216                 $result = get_users(true);
 217                 $users = array();
 218                 while($row = db_fetch($result)) { // complete old user ids and roles
 219                         $users[$row['role_id']][] = $row['id'];
 220                 }
 221                 foreach($users as $old_id => $uids)
 222                         foreach( $uids as $id) {
 223                                 $sql = "UPDATE ".TB_PREF."users set role_id=".$new_ids[$old_id].
 224                                         " WHERE id=$id";
 225                                 $ret = db_query($sql, 'cannot update users roles');
 226                                 if(!$ret) return false;
 227                         }
 228                 return true;
 229 }
 230
 231 function import_security_role($name, $sections, $areas)
 232 {
 233         $sql = "INSERT INTO ".TB_PREF."security_roles (role, description, sections, areas)
 234         VALUES (".db_escape('FA 2.1 '.$name).",".db_escape($name).","
 235         .db_escape(implode(';',$sections)).",".db_escape(implode(';',$areas)).")";
 236
 237         db_query($sql, "could not add new security role");
 238 }
 239
 240 /*
 241         Changes in extensions system.
 242         This function is executed once on first Upgrade System display.
 243 */
 244 function fix_extensions() {
 245         global $path_to_root, $db_connections;
 246
 247         if (!file_exists($path_to_root.'/modules/installed_modules.php'))
 248                 return true; // already converted
 249
 250         if (!is_writable($path_to_root.'/modules/installed_modules.php')) {
 251                 display_error(_('Cannot upgrade extensions system: file /modules/installed_modules.php is not writeable'));
 252                 return false;
 253         }
 254
 255         $exts = array();
 256         include($path_to_root.'/installed_extensions.php');
 257         foreach($installed_extensions as $ext) {
 258                 $ext['filename'] = $ext['app_file']; unset($ext['app_file']);
 259                 $ext['tab'] = $ext['name'];
 260                 $ext['name'] = access_string($ext['title'], true);
 261                 $ext['path'] = $ext['folder']; unset($ext['folder']);
 262                 $ext['type'] = 'extension';
 263                 $ext['active'] = '1';
 264                 $exts[] = $ext;
 265         }
 266
 267         if (!write_extensions($exts))
 268                 return false;
 269
 270         $cnt = count($db_connections);
 271         for ($i = 0; $i < $cnt; $i++)
 272                 write_extensions($exts, $i);
 273
 274         unlink($path_to_root.'/modules/installed_modules.php');
 275         return true;
 276 }
 277
 278 /*
 279         Find and update all database records with special chars in text fields
 280         to ensure all of them are changed to html entites.
 281 */
 282 function sanitize_database($pref, $test = false) {
 283
 284          if ($test)
 285                 error_log('Sanitizing database ...');
 286
 287          $tsql = "SHOW TABLES LIKE '".($pref=='' ? '' : substr($pref,0,-1).'\\_')."%'";
 288          $tresult = db_query($tsql, "Cannot select all tables with prefix '$pref'");
 289          while($tbl = db_fetch($tresult)) {
 290                 $table = $tbl[0];
 291                 $csql = "SHOW COLUMNS FROM $table";
 292                 $cresult = db_query($csql, "Cannot select column names for table '$table'");
 293                 $textcols = $keys = array();
 294                 while($col = db_fetch($cresult)) {
 295                         if (strpos($col['Type'], 'char')!==false
 296                                         || strpos($col['Type'], 'text')!==false)
 297                                 $textcols[] = '`'.$col['Field'].'`';
 298                         if ($col['Key'] == 'PRI') {
 299                                 $keys[] = '`'.$col['Field'].'`';
 300                         }
 301                 }
 302
 303                 if (empty($keys)) { // comments table have no primary key, so give up
 304                         continue;
 305                 }
 306                 if ($test)
 307                         error_log("Table $table (".implode(',',$keys)."):(".implode(',',$textcols)."):");
 308
 309                 if (!count($textcols)) continue;
 310
 311                 // fetch all records containing special characters in text fields
 312                 $sql = "SELECT ".implode(',', array_unique(array_merge($keys,$textcols)))
 313                         ." FROM {$table} WHERE
 314                         CONCAT(".implode(',', $textcols).") REGEXP '[\\'\"><&]'";
 315                 $result = db_query($sql, "Cannot select all suspicious fields in $table");
 316
 317                 // and fix them
 318                 while($rec= db_fetch($result)) {
 319                         $sql = "UPDATE {$table} SET ";
 320                         $val = $key = array();
 321                         foreach ($textcols as $f) {
 322                                 $val[] = $f.'='.db_escape($rec[substr($f,1,-1)]);
 323                         }
 324                         $sql .= implode(',', $val). ' WHERE ';
 325                         foreach ($keys as $k) {
 326                                 $key[] = $k.'=\''.$rec[substr($k,1,-1)].'\'';
 327                         }
 328                         $sql .= implode( ' AND ', $key);
 329                         if ($test)
 330                                 error_log("\t(".implode(',',$val).") updated");
 331                         else
 332                                 db_query($sql, 'cannot update record');
 333                 }
 334         }
 335          if ($test)
 336                 error_log('Sanitizing done.');
 337 }
 338
 339 $install = new fa2_2;