b5cb2a38213b8638e6ece671e0c15796177ae3a9 version_2_3_4
bbd75fe337d100a74505913140dd01a7bd925831 version_2_3_7
4a14cd5b8bc8259dcf1cd7cadf90efab060ce11c unstable_2_3_7
+390d9d69797c94d30ff61768485704717a96a9e3 version_2_3_10
+a8b119b77f054c85223eb3a256268a3d5a61b3cb version_2_3_9
+b2ead0b2a3e30c13254288eddf587b5d8140d731 version_2_3_8
</table>
<br>\n";
end_page(false, true);
-session_unset();
-session_destroy();
+@session_destroy();
?>
}
// file name compatible with POSIX
// protect against directory traversal
- $unique_name = preg_replace('/[^a-zA-Z0-9.\-_]/', '', $_POST['unique_name']);
- if ($Mode == 'UPDATE_ITEM' && file_exists($dir."/".$unique_name))
- unlink($dir."/".$unique_name);
-
- $unique_name = uniqid('');
+ if ($Mode == 'UPDATE_ITEM')
+ {
+ $unique_name = preg_replace('/[^a-zA-Z0-9.\-_]/', '', $_POST['unique_name']);
+ if ($Mode == 'UPDATE_ITEM' && file_exists($dir."/".$unique_name))
+ unlink($dir."/".$unique_name);
+ }
+ else
+ $unique_name = uniqid('');
move_uploaded_file($tmpname, $dir."/".$unique_name);
+
//save the file
$filename = basename($_FILES['filename']['name']);
$filesize = $_FILES['filename']['size'];
value is name of foreign key field. For numeric keys $stdkey field name is used.
$stdkey - standard name of foreign key.
*/
-function key_in_foreign_table($id, $tables, $stdkey, $escaped=false)
+function key_in_foreign_table($id, $tables, $stdkey)
{
- if (!$escaped)
- $id = db_escape($id);
if (!is_array($tables))
$tables = array($tables);
* @param $strSortType String containing either asc or desc [default to asc]
* @desc Naturally sorts an array using by the column $strSortBy
*/
+define('EXPORT_MAX_INSERT', 50000);
+
function array_natsort($aryData, $strIndex, $strSortBy, $strSortType=false)
{
// if the parameters are invalid
}
// update per company files
- $cnt = count($db_connections);
+ $cnt = max(1, count($db_connections));
for($i = 0; $i < $cnt; $i++)
{
$newexts = $extensions;
function db_import($filename, $connection, $force=true)
{
- global $db, $go_debug;
+ global $db, $go_debug, $sql_trail;
+
+ $sql_trail = false;
$allowed_commands = array(
"create" => 'table_queries',
// if ($auto_incr[$tablename])
// $out.=" AUTO_INCREMENT=".$auto_incr[$tablename];
$out.=" ;";
- $out.="\n\n\n";
+ $out.="\n\n";
// export data
if (!$error)
{
- $out.="### Data of table `".$tablename."` ###\n\n";
+ $out.="### Data of table `".$tablename."` ###\n";
// check if field types are NULL or NOT NULL
$res3 = db_query("SHOW COLUMNS FROM `" . $tablename . "`");
}
$res2 = db_query("SELECT * FROM `" . $tablename . "`");
+ $maxinsert = 0;
+ $insert = '';
for ($j = 0; $j < db_num_rows($res2); $j++)
{
- $out .= "INSERT INTO `" . $tablename . "` VALUES (";
$row2 = db_fetch_row($res2);
- // run through each field
+ $values = '(';
for ($k = 0; $k < $nf = db_num_fields($res2); $k++)
{
- $out .= db_escape($row2[$k], $field_null[$k]);
+ $values .= db_escape($row2[$k], $field_null[$k]);
if ($k < ($nf - 1))
- $out .= ", ";
+ $values .= ', ';
+ }
+ $values .= ')';
+ $len = strlen($values);
+ if ($maxinsert < $len+1)
+ {
+ $maxinsert = EXPORT_MAX_INSERT;
+ if ($insert)
+ {
+ $out .= $insert .';'; // flush insert query
+ $insert = '';
+ }
}
- $out .= ");\n";
+
+ if ($insert == '')
+ {
+ $insert = "\nINSERT INTO `" . $tablename . "` VALUES\n";
+ $maxinsert -= strlen($insert);
+ } else {
+ $insert .= ",\n";
+ }
+
+ $maxinsert -= $len;
+ $insert .= $values;
// if saving is successful, then empty $out, else set error flag
if (strlen($out) > $max_size && $zip != "zip")
$error = true;
}
}
-
+ if ($insert)
+ $out .= $insert. ';';
// an error occurred! Try to delete file and return error status
}
elseif ($error)
}
//-----------------------------------------------------------------------------------------------
-// This function is necessary for admin prefs update after upgrade from 2.1
-//
+
function get_user_by_login($user_id)
{
$sql = "SELECT * FROM ".TB_PREF."users WHERE user_id=".db_escape($user_id);
function get_user_auth($user_id, $password)
{
- set_global_connection();
$sql = "SELECT * FROM ".TB_PREF."users WHERE user_id = ".db_escape($user_id)." AND"
." password=".db_escape($password);
//-----------------------------------------------------------------------------------------------
function show_users_online()
{
- global $show_users_online, $db;
+ global $show_users_online, $db, $GetText;
if (!isset($show_users_online) || $show_users_online == 0 || !defined('TB_PREF') ||
- !isset($_SESSION['get_text']) || !isset($db))
+ !isset($GetText) || !isset($db))
return "";
$result = db_query("SHOW TABLES LIKE '".TB_PREF."useronline'");
if (db_num_rows($result) == 1)
//
function display_languages()
{
- global $table_style, $installed_languages, $dflt_lang;
+ global $table_style, $installed_languages, $dflt_lang, $GetText;
$th = array(_("Language"), _("Name"), _("Encoding"), _("Right To Left"),
_("Installed"), _("Available"), _("Default"), "", "");
else
alt_table_row_color($k);
- $support = $_SESSION['get_text']->check_support($lang, $charset);
+ $support = $GetText->check_support($lang, $charset);
if (function_exists('gettext') && !$support && !get_post('DisplayAll')) continue;
{
if (!isset($row['type']))
$row['type'] = $_POST['filterType'];
+ if (!is_date_in_fiscalyear($row['trans_date'], true))
+ return _("N/A");
return button('Edit'.$row["trans_no"], _("Select"), _("Select"), ICON_EDIT);
}
$power_by = "FrontAccounting";
$power_url = "http://frontaccounting.com";
+ /* Do not print zero lines amount of 0.00 in Sales Documents if service item. 1 = do not */
+ $no_zero_lines_amount = 1;
+
+ /* Use icon for editkey (=true) righ of combobox. 1 = use, 0 = do not use */
+ $use_icon_for_editkey = 0;
+
+ /* Creates automatic a default branch with contact. Value 0 do not create auto branch */
+ $auto_create_branch = 1;
+
/* Save Report selections (a value > 0 means days to save. 0 = no save) */
$save_report_selections = 0;
$id = db_escape($id);
$sql = "SELECT SUM(amount) FROM ".TB_PREF."gl_trans WHERE tran_date >= '" .
date2sql($from) . "' AND
- tran_date <= '" . date2sql($to) . "' AND (dimension_id = " .
- db_escape($id)." OR dimension2_id = " .db_escape($id).")";
+ tran_date <= '" . date2sql($to) . "' AND (dimension_id = $id OR dimension2_id = $id)";
$res = db_query($sql, "Sum of transactions could not be calculated");
$row = db_fetch_row($res);
function gl_account_in_stock_category($acc)
{
+ $acc = db_escape($acc);
+
$sql= "SELECT COUNT(*) FROM ".TB_PREF."stock_category WHERE
dflt_inventory_act=$acc
OR dflt_cogs_act=$acc
function gl_account_in_stock_master($acc)
{
+ $acc = db_escape($acc);
+
$sql= "SELECT COUNT(*) FROM ".TB_PREF."stock_master WHERE
inventory_account=$acc
OR cogs_account=$acc
function gl_account_in_tax_types($acc)
{
+ $acc = db_escape($acc);
+
$sql= "SELECT COUNT(*) FROM ".TB_PREF."tax_types WHERE sales_gl_code=$acc OR purchasing_gl_code=$acc";
$result = db_query($sql,"Couldn't test for existing tax GL codes");
function gl_account_in_cust_branch($acc)
{
+ $acc = db_escape($acc);
+
$sql= "SELECT COUNT(*) FROM ".TB_PREF."cust_branch WHERE
sales_account=$acc
OR sales_discount_account=$acc
function gl_account_in_suppliers($acc)
{
+ $acc = db_escape($acc);
+
$sql= "SELECT COUNT(*) FROM ".TB_PREF."suppliers WHERE
purchase_account=$acc
OR payment_discount_account=$acc
function gl_account_in_quick_entry_lines($acc)
{
+ $acc = db_escape($acc);
+
$sql= "SELECT COUNT(*) FROM ".TB_PREF."quick_entry_lines WHERE
dest_id=$acc AND UPPER(LEFT(action, 1)) <> 'T'";
$result = db_query($sql,"Couldn't test for existing Quick Entry Line GL codes");
/**
* Check account history to find transaction which would exceed authorized overdraft for given account.
-* Returns null or transaction in conflict.
+* Returns null or transaction in conflict. Running balance is checked on daily basis only, to enable ID change after edition.
* $delta_amount - tested change in bank balance at $date.
**/
function check_bank_account_history($delta_amount, $bank_account, $date, $user=null)
$date = date2sql($date);
$balance+= $delta_amount;
- $sql = "SELECT * FROM ".TB_PREF."bank_trans WHERE bank_act=".db_escape($bank_account)." AND trans_date > '$date' ORDER BY trans_date ASC, id ASC";
+ $sql = "SELECT sum(amount) as amount FROM ".TB_PREF."bank_trans WHERE bank_act=".db_escape($bank_account)
+ ." AND trans_date >= '$date' GROUP BY trans_date ORDER BY trans_date ASC";
$history = db_query($sql, "cannot retrieve cash account history");
$args);
hook_db_prewrite($args, $trans_type);
+ $aid = 0;
if ($trans_no) {
- void_transaction($trans_type, $trans_no, Today(), _("Document reentered."));
+ $old_trans = $trans_no;
$Refs->restore_last($trans_type, $trans_no);
+ $aid = has_attachment($trans_type, $trans_no);
}
$currency = get_bank_account_currency($from_account);
// we need to negate it too
$cust_amount = -$cust_amount;
- $trans_no = write_customer_trans($trans_type, $trans_no, $person_id, $person_detail_id, $date_,
+ $trans_no = write_customer_trans($trans_type, 0, $person_id, $person_detail_id, $date_,
$ref, $cust_amount);
}
// we need to negate it too
$supp_amount = -$supp_amount;
- $trans_no = write_supp_trans($trans_type, $trans_no, $person_id, $date_, '',
+ $trans_no = write_supp_trans($trans_type, 0, $person_id, $date_, '',
$ref, "", $supp_amount, 0, 0);
}
else
{
- if (!$trans_no)
- $trans_no = get_next_trans_no($trans_type);
+ $trans_no = get_next_trans_no($trans_type);
$do_exchange_variance = $SysPrefs->auto_currency_revaluation();
if ($do_exchange_variance)
$trans_no1 = get_next_trans_no(ST_JOURNAL);
}
-
+ if ($aid != 0)
+ {
+ $row = get_attachment($aid);
+ update_attachment($aid, $row['type_no'], $trans_no, $row['description'],
+ $row['filename'], $row['unique_name'], $row['filesize'], $row['filetype']);
+ }
// do the source account postings
add_bank_trans($trans_type, $trans_no, $from_account, $ref,
$Refs->save($trans_type, $trans_no, $ref);
add_audit_trail($trans_type, $trans_no, $date_);
+ // old transaction can be voided only after new transaction is entered,
+ // otherwise the operation could fail for cash accounts due to temporary negative balance
+ if (@$old_trans)
+ void_transaction($trans_type, $old_trans, Today(), _("Document reentered."));
+
$args->trans_no = $trans_no;
hook_db_postwrite($args, $trans_type);
if ($use_transaction)
global $Ajax, $Refs;
$payment = $order->trans_type == ST_BANKPAYMENT;
+ $customer_error = false;
div_start('pmt_header');
start_outer_table(TABLESTYLE2, "width=90%"); // outer table
$_POST['PersonDetailID'] = ANY_NUMERIC;
hidden('PersonDetailID');
}
+ $trans = get_customer_habit($_POST['person_id']); // take care of customers on hold
+ if ($trans['dissallow_invoices'] != 0)
+ {
+ if ($payment)
+ {
+ $customer_error = true;
+ display_error(_("This customer account is on hold."));
+ }
+ else
+ display_warning(_("This customer account is on hold."));
+ }
break;
case PT_QUICKENTRY :
end_outer_table(1); // outer table
div_end();
+ if ($customer_error)
+ {
+ end_form();
+ end_page();
+ exit;
+ }
}
//---------------------------------------------------------------------------------
{
global $editors;
- return isset($editors[$row["type"]]) && !is_closed_trans($row["type"], $row["type_no"]) ?
+ $ok = true;
+ if ($row['type'] == ST_SALESINVOICE)
+ {
+ $myrow = get_customer_trans($row["type_no"], $row["type"]);
+ if ($myrow['alloc'] != 0 || get_voided_entry(ST_SALESINVOICE, $row["type_no"]) !== false)
+ $ok = false;
+ }
+ return isset($editors[$row["type"]]) && !is_closed_trans($row["type"], $row["type_no"]) && $ok ?
pager_link(_("Edit"),
sprintf($editors[$row["type"]], $row["type_no"], $row["type"]),
ICON_EDIT) : '';
$cols = array(
_("#") => array('fun'=>'journal_pos', 'align'=>'center'),
- _("Date") =>array('name'=>'tran_date','type'=>'date', 'ord' => check_value('AlsoClosed') ? 'asc' : 'desc'),
+ _("Date") =>array('name'=>'tran_date','type'=>'date','ord'=>'desc'),
_("Type") => array('fun'=>'systype_name'),
_("Trans #") => array('fun'=>'view_link'),
_("Reference"),
set_focus('bank_account_name');
}
if ($Mode=='ADD_ITEM' && (gl_account_in_bank_accounts(get_post('account_code'))
- || key_in_foreign_table(get_post('account_code'), 'gl_trans', 'account', true))) {
+ || key_in_foreign_table(get_post('account_code'), 'gl_trans', 'account'))) {
$input_error = 1;
display_error(_("The GL account selected is already in use. Select another GL account."));
set_focus('account_code');
$cancel_delete = 0;
// PREVENT DELETES IF DEPENDENT RECORDS IN 'bank_trans'
- if (key_in_foreign_table($selected_id, 'bank_trans', 'bank_act', true) || key_in_foreign_table(get_post('account_code'), 'gl_trans', 'account', true))
+ if (key_in_foreign_table($selected_id, 'bank_trans', 'bank_act') || key_in_foreign_table(get_post('account_code'), 'gl_trans', 'account'))
{
$cancel_delete = 1;
display_error(_("Cannot delete this bank account because transactions have been created using this account."));
}
- if (key_in_foreign_table($selected_id, 'sales_pos', 'pos_account', true))
+ if (key_in_foreign_table($selected_id, 'sales_pos', 'pos_account'))
{
$cancel_delete = 1;
display_error(_("Cannot delete this bank account because POS definitions have been created using this account."));
inactive_control_row($th);
end_table(1);
-$is_used = $selected_id != -1 && key_in_foreign_table($selected_id, 'bank_trans', 'bank_act', true);
+$is_used = $selected_id != -1 && key_in_foreign_table($selected_id, 'bank_trans', 'bank_act');
start_table(TABLESTYLE2);
//---------------------------------------------------------------------------------------------
-function check_can_delete()
+function check_can_delete($curr)
{
- global $selected_id;
-
- if ($selected_id == "")
+
+ if ($curr == "")
return false;
- $curr = db_escape($selected_id);
// PREVENT DELETES IF DEPENDENT RECORDS IN debtors_master
- if (key_in_foreign_table($curr, 'debtors_master', 'curr_code', true))
+ if (key_in_foreign_table($curr, 'debtors_master', 'curr_code'))
{
display_error(_("Cannot delete this currency, because customer accounts have been created referring to this currency."));
return false;
}
- if (key_in_foreign_table($curr, 'suppliers', 'curr_code', true))
+ if (key_in_foreign_table($curr, 'suppliers', 'curr_code'))
{
display_error(_("Cannot delete this currency, because supplier accounts have been created referring to this currency."));
return false;
}
// see if there are any bank accounts that use this currency
- if (key_in_foreign_table($curr, 'bank_accounts', 'bank_curr_code', true))
+ if (key_in_foreign_table($curr, 'bank_accounts', 'bank_curr_code'))
{
display_error(_("Cannot delete this currency, because thre are bank accounts that use this currency."));
return false;
function handle_delete()
{
global $selected_id, $Mode;
- if (check_can_delete()) {
+ if (check_can_delete($selected_id)) {
//only delete if used in neither customer or supplier, comp prefs, bank trans accounts
delete_currency($selected_id);
display_notification(_('Selected currency has been deleted'));
//-----------------------------------------------------------------------------------
-function can_delete($selected_id)
+function can_delete($type)
{
- if ($selected_id == "")
+ if ($type == "")
return false;
- $type = db_escape($selected_id);
- if (key_in_foreign_table($type, 'chart_master', 'account_type', true))
+ if (key_in_foreign_table($type, 'chart_master', 'account_type'))
{
display_error(_("Cannot delete this account group because GL accounts have been created referring to it."));
return false;
}
- if (key_in_foreign_table($type, 'chart_types', 'parent', true))
+ if (key_in_foreign_table($type, 'chart_types', 'parent'))
{
display_error(_("Cannot delete this account group because GL account groups have been created referring to it."));
return false;
if ($selected_account == "")
return false;
- if (key_in_foreign_table($selected_account, 'gl_trans', 'account', true))
+ if (key_in_foreign_table($selected_account, 'gl_trans', 'account'))
{
display_error(_("Cannot delete this account because transactions have been created using this account."));
return false;
return false;
}
- if (key_in_foreign_table($selected_account, 'bank_accounts', 'account_code', true))
+ if (key_in_foreign_table($selected_account, 'bank_accounts', 'account_code'))
{
display_error(_("Cannot delete this account because it is used by a bank account."));
return false;
return $decimals==='max' ? rtrim($num, '0') : $num;
}
+
+/* price/float comparision helper to be used in any suspicious place for zero values?
+usage:
+if (!floatcmp($value1, $value2))
+ compare value is 0
+*/
+
+define('FLOAT_COMP_DELTA', 0.004);
+
+function floatcmp($a, $b)
+{
+ return $a - $b > FLOAT_COMP_DELTA ? 1 : $b - $a > FLOAT_COMP_DELTA ? -1 : 0;
+}
+
//
// Current ui mode.
//
function get_deliveries_from_trans($stock_id, $from)
{
// -ve qty is delivery either by ST_CUSTDELIVERY or inventory adjustment
- $sql = "SELECT SUM(-qty), SUM(-qty*standard_cost) FROM ".TB_PREF."stock_moves
- WHERE stock_id=".db_escape($stock_id)." AND qty < 0 AND
- trans_id>='$from' GROUP BY stock_id";
+ //Price for GRN and SUPPCREDIT and std_cost for other trans_types
+ $sql = "SELECT SUM(-qty), SUM(-qty*IF(type=".ST_SUPPRECEIVE." OR type=".ST_SUPPCREDIT.", price, standard_cost))
+ FROM ".TB_PREF."stock_moves
+ WHERE stock_id=".db_escape($stock_id)." AND qty < 0 AND
+ trans_id>='$from' GROUP BY stock_id";
$result = db_query($sql, "The deliveries could not be updated");
$row = db_fetch_row($result);
-
- $sql = "SELECT standard_cost FROM ".TB_PREF."stock_moves
- WHERE stock_id=".db_escape($stock_id)
- ." AND trans_id ='$from'";
- $result = db_query($sql, "The deliveries could not be updated");
- $cost = db_fetch_row($result);
-
+
+ $sql = "SELECT IF(type=".ST_SUPPRECEIVE." OR type=".ST_SUPPCREDIT.", price, standard_cost)
+ FROM ".TB_PREF."stock_moves
+ WHERE stock_id=".db_escape($stock_id)
+ ." AND trans_id ='$from'";
+ $result = db_query($sql, "The deliveries could not be updated");
+ $cost = db_fetch_row($result);
+
// Adjusting QOH valuation
$sql = "SELECT SUM(qty) FROM ".TB_PREF."stock_moves
WHERE stock_id=".db_escape($stock_id)." AND
$result = db_query($sql, "The deliveries could not be updated");
$qoh = db_fetch_row($result);
- $qty = $row[0] - $qoh[0]; //QOH prior to -ve stock is subtracted\r
+ $qty = $row[0] - $qoh[0]; //QOH prior to -ve stock is subtracted
$final_cost = $row[1] - $qoh[0]*$cost[0];
return array($qty,$final_cost);
function handle_negative_inventory($stock_id, $quantity, $standard_cost, $date_)
{
- //If negative adjustment result in negative or zero inventory \r
+ //If negative adjustment result in negative or zero inventory
//then difference should be adjusted
$qoh = get_qoh_on_date($stock_id);
function void_stock_move($type, $type_no)
{
+ $sql = "SELECT stock_id, standard_cost, loc_code, tran_date, reference, person_id, visible, discount_percent, price,
+ sum(qty) qty FROM ".TB_PREF."stock_moves WHERE type=".db_escape($type)." AND trans_no=".db_escape($type_no)."
+ GROUP BY stock_id, standard_cost, loc_code, tran_date, reference, person_id, visible, discount_percent, price HAVING sum(qty) <> 0";
- $sql = "SELECT * from ".TB_PREF."stock_moves WHERE type=".db_escape($type)." AND trans_no=".db_escape($type_no);
$result = db_query($sql, "Could not void stock moves");
while ($row = db_fetch($result))
{
{
// The cost has to be adjusted.
// Transaction rates are stored either as price or standard_cost depending on types
- $types = array(ST_SUPPCREDIT);
+ $types = array(ST_SUPPCREDIT, ST_SUPPRECEIVE);
if (in_array($type,$types))
$trans_rate = $row["price"];
else
update_average_material_cost(0, $row["stock_id"],
$trans_rate, -$row["qty"], sql2date($row["tran_date"]));
}
-
+
//Post stock move for service items also
add_stock_move($type, $row["stock_id"], $type_no, $row["loc_code"],
sql2date($row["tran_date"]), $row["reference"], -$row["qty"]
$content = ''; // clean other messages
}
}
+
$str = $msg[1];
if (!in_array($msg[0], array(E_USER_NOTICE, E_USER_ERROR, E_USER_WARNING)) && $msg[2] != null)
$str .= ' '._('in file').': '.$msg[2].' '._('at line ').$msg[3];
Helper to avoid sparse log notices.
*/
function end_flush() {
- global $Ajax, $transaction_level;
+ global $Ajax;
if (isset($Ajax))
$Ajax->run();
- // flush all output buffers (works also with exit inside any div levels)
- while(ob_get_level()) ob_end_flush();
+
+ // on some (but not all) php versions zlib extension adds 1 additional level of buffering,
+ // so flush the last buffer outside the loop to be on safe side
+ while(ob_get_level() > 1)
+ ob_end_flush();
+ @ob_end_flush();
// if any transaction was aborted unexpectedly rollback changes
cancel_transaction();
} else if (isset($result)) {
$return[] = $result;
}
+ set_ext_domain();
}
- set_ext_domain();
return $return;
}
/*
$result = $hook->$method($data, $opts);
if (isset($result))
break;
+ set_ext_domain();
}
}
- set_ext_domain();
return $result;
}
/*
$result = $hook->$method($data, $opts);
if (isset($result))
break;
+ set_ext_domain();
}
}
- set_ext_domain();
return $result;
}
//------------------------------------------------------------------------------------------
define('GETTEXT_PHP', 2);
function get_text_init($managerType = GETTEXT_NATIVE) {
-
- if (!isset($_SESSION['get_text'])) {
+ global $GetText;
+ if (!isset($GetText)) {
if ($managerType == GETTEXT_NATIVE)
{
if (function_exists('gettext'))
{
- $_SESSION['get_text'] = new gettext_native_support();
+ $GetText = new gettext_native_support();
return;
}
}
// fail back to php support
- $_SESSION['get_text'] = new gettext_php_support();
+ $GetText = new gettext_php_support();
}
}
*/
function gettext($key)
{
- $value = $this->_get_translation($key);
+ $value = $this->_get_translation($key);
if ($value === false) {
$str = sprintf('Unable to locate gettext key "%s"', $key);
//$err = new GetText_Error($str);
$this->_jobs[] = array($domain, $path);
return;
}
-
+ // Don't fill the domains with false data, it increased the error.log
+ if (strpos($domain, $this->_lang_code) === false)
+ return;
+
$err = $this->_load_domain($domain, $path);
if ($err != 0)
{
$d = new gettext_domain();
$d->name = $domain;
$d->path = $path;
-
if (!file_exists($php_domain) || (filemtime($php_domain) < filemtime($src_domain)))
{
*/
function _parse_line($line, $nbr)
{
+ $line = str_replace("\\\"", "'", $line); // Should be inside preg_match, but I couldn't find the solution. This works.
if (preg_match('/^\s*?#/', $line)) { return; }
if (preg_match('/^\s*?msgid \"(.*?)(?!<\\\)\"/', $line, $m)) {
$this->_store_key();
Set current gettext domain path
*/
function set_ext_domain($path='') {
- global $path_to_root;
+ global $path_to_root, $GetText;
+ static $domain_stack = array('');
+
+ if ($path) // save path on domain stack
+ array_unshift($domain_stack, $path);
+ else
+ {
+ array_shift($domain_stack);
+ $path = $domain_stack[0];
+ }
$lang_path = $path_to_root . ($path ? '/' : '') .$path.'/lang';
- // ignore change when extension does not provide translation structure
- if (file_exists($lang_path))
- $_SESSION['get_text']->add_domain($_SESSION['language']->code,
+ // ignore change when extension does not provide translation structure and test for valid gettext.
+ if (file_exists($lang_path) && isset($GetText))
+ $GetText->add_domain($_SESSION['language']->code,
$lang_path, $path ? '' : $_SESSION['language']->version);
}
?>
function set_language($code)
{
- global $path_to_root, $installed_languages;
+ global $path_to_root, $installed_languages, $GetText;
$lang = array_search_value($code, $installed_languages, 'code');
$changed = $this->code != $code || $this->version != @$lang['version'];
$this->is_locale_file = file_exists($locale);
}
- $_SESSION['get_text']->set_language($this->code, $this->encoding);
- $_SESSION['get_text']->add_domain($this->code, $path_to_root . "/lang", $this->version);
+ $GetText->set_language($this->code, $this->encoding);
+ $GetText->add_domain($this->code, $path_to_root . "/lang", $this->version);
// Necessary for ajax calls. Due to bug in php 4.3.10 for this
// version set globally in php.ini
}
}
-function _set($key,$value)
-{
- $_SESSION['get_text']->set_var($key,$value);
-}
-
if (!function_exists("_"))
{
function _($text)
{
- $retVal = $_SESSION['get_text']->gettext($text);
+ global $GetText;
+ if (!isset($GetText)) // Don't allow using gettext if not is net.
+ return $text;
+
+ $retVal = $GetText->gettext($text);
if ($retVal == "")
return $text;
return $retVal;
}
}
-function end_page($no_menu=false, $is_index=false, $hide_back_link=false, $type_no=0, $trans_no=0)
+function end_page($no_menu=false, $is_index=false, $final_screen=false, $type_no=0, $trans_no=0)
{
global $path_to_root;
- if (!$is_index && !$hide_back_link && function_exists('hyperlink_back'))
- hyperlink_back(true, $no_menu, $type_no, $trans_no);
+ if (!$is_index && function_exists('hyperlink_back'))
+ hyperlink_back(true, $no_menu, $type_no, $trans_no, $final_screen);
div_end(); // end of _page_body section
include($path_to_root . "/includes/page/footer.inc");
- page_footer($no_menu, $is_index, $hide_back_link);
+ page_footer($no_menu, $is_index);
}
function cache_js_file($fpath, $text)
$data = file_get_contents($loclist);
$cert = file_get_contents(PUBKEY_PATH.'/FA.pem');
if (!openssl_verify($data, $sig, $cert)) {
- if ($refresh)
- @unlink($loclist);
- else {
+ if ($refresh) {
+ if (!@unlink($loclist))
+ {
+ display_error(sprintf(_("Cannot delete outdated '%s' file."), $loclist));
+ return null;
+ }
+ } else {
display_error(_('Release file in repository is invalid, or public key is outdated.'));
return null;
}
$refresh = false;
}
if ($parms['SHA1sum'] != sha1_file($locindex)) { // check subdir index consistency
- if ($refresh)
- @unlink($locindex);
- else {
+ if ($refresh) {
+ if (!@unlink($locindex)) {
+ display_error(sprintf(_("Cannot delete outdated '%s' file."), $locindex));
+ return null;
+ }
+ } else {
display_error(sprintf( _("Security alert: broken index file in repository '%s'. Please inform repository administrator about this issue."),
$fname));
return null;
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
-function page_footer($no_menu=false, $is_index=false, $hide_back_link=false)
+function page_footer($no_menu=false, $is_index=false)
{
global $path_to_root, $js_lib, $Validate, $Editors, $Ajax, $sql_queries;
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
+
+class SessionManager
+{
+ function sessionStart($name, $limit = 0, $path = '/', $domain = null, $secure = null)
+ {
+ // Set the cookie name
+ session_name($name);
+
+ // Set SSL level
+ $https = isset($secure) ? $secure : isset($_SERVER['HTTPS']);
+
+ // Set session cookie options
+ session_set_cookie_params($limit, $path, $domain, $https, true);
+ session_start();
+
+ // Make sure the session hasn't expired, and destroy it if it has
+ if ($this->validateSession())
+ {
+ // Check to see if the session is new or a hijacking attempt
+ if(!$this->preventHijacking())
+ {
+ // Reset session data and regenerate id
+ $_SESSION = array();
+ $_SESSION['IPaddress'] = $_SERVER['REMOTE_ADDR'];
+ $_SESSION['userAgent'] = $_SERVER['HTTP_USER_AGENT'];
+ $this->regenerateSession();
+
+ // Give a 5% chance of the session id changing on any request
+ }
+ elseif (rand(1, 100) <= 5)
+ {
+ $this->regenerateSession();
+ }
+ }
+ else
+ {
+ $_SESSION = array();
+ session_destroy();
+ session_start();
+ }
+ }
+
+ function preventHijacking()
+ {
+ if (!isset($_SESSION['IPaddress']) || !isset($_SESSION['userAgent']))
+ return false;
+
+ if ($_SESSION['IPaddress'] != $_SERVER['REMOTE_ADDR'])
+ return false;
+
+ if ( $_SESSION['userAgent'] != $_SERVER['HTTP_USER_AGENT'])
+ return false;
+
+ return true;
+ }
+
+ function regenerateSession()
+ {
+ // If this session is obsolete it means there already is a new id
+ if (isset($_SESSION['OBSOLETE']) && ($_SESSION['OBSOLETE'] == true))
+ return;
+
+ // Set current session to expire in 10 seconds
+ $_SESSION['OBSOLETE'] = true;
+ $_SESSION['EXPIRES'] = time() + 10;
+
+ // Create new session without destroying the old one
+ session_regenerate_id();
+
+ // Grab current session ID and close both sessions to allow other scripts to use them
+ $newSession = session_id();
+ session_write_close();
+ // Set session ID to the new one, and start it back up again
+
+ session_id($newSession);
+ session_start();
+
+ // Now we unset the obsolete and expiration values for the session we want to keep
+ unset($_SESSION['OBSOLETE']);
+ unset($_SESSION['EXPIRES']);
+ }
+
+ function validateSession()
+ {
+ if (isset($_SESSION['OBSOLETE']) && !isset($_SESSION['EXPIRES']) )
+ return false;
+
+ if (isset($_SESSION['EXPIRES']) && $_SESSION['EXPIRES'] < time())
+ return false;
+
+ return true;
+ }
+}
function output_html($text)
{
global $before_box, $Ajax, $messages;
if ($msg){
display_error($msg);
- end_page();
+ end_page(@$_REQUEST['popup']);
kill_login();
exit;
}
echo _("The security settings on your account do not permit you to access this function");
echo "</b>";
echo "<br><br><br><br></center>";
- end_page();
+ end_page(@$_REQUEST['popup']);
exit;
}
if (!$_SESSION['SysPrefs']->db_ok
include_once($path_to_root.'/'.$ext['path'].'/hooks.php');
}
-
/*
Uncomment the setting below when using FA on shared hosting
to avoid unexpeced session timeouts.
Make sure this directory exists and is writable!
*/
-//ini_set('session.save_path', dirname(__FILE__).'/../tmp/');
+// ini_set('session.save_path', dirname(__FILE__).'/../tmp/');
ini_set('session.gc_maxlifetime', 36000); // 10hrs
hook_session_start(@$_POST["company_login_name"]);
-session_name('FA'.md5(dirname(__FILE__)));
-
-session_start();
-session_regenerate_id();
+$Session_manager = new SessionManager();
+$Session_manager->sessionStart('FA'.md5(dirname(__FILE__)));
// this is to fix the "back-do-you-want-to-refresh" issue - thanx PHPFreaks
header("Cache-control: private");
// POST vars cleanup needed for direct reuse.
// We quote all values later with db_escape() before db update.
$_POST = strip_quotes($_POST);
-
-?>
\ No newline at end of file
PTT_DAYS => _("After No. of Days"),
PTT_FOLLOWING => _("Day In Following Month")
);
-//----------------------------------------------------------------------------------
$tax_algorithms = array(
TCA_LINES => _("Sum per line taxes"),
function tst_langs($install)
{
- global $installed_languages, $path_to_root;
-
+ global $installed_languages, $path_to_root, $GetText;
+
$test['descr'] = _('Language configuration consistency');
$test['type'] = 3;
$test['result'] = true;
$test['result'] = false;
$test['comments'][] = sprintf( _('Missing %s translation file.'), $file);
}
- if (!$_SESSION['get_text']->check_support($lang['code'], $lang['encoding']))
+ if (!$GetText->check_support($lang['code'], $lang['encoding']))
{
$test['result'] = false;
$test['comments'][] = sprintf(_('Missing system locale: %s'), $lang['code'].".".$lang['encoding']);
return $clean ? $label : array($label, $access);
}
-function hyperlink_back($center=true, $no_menu=true, $type_no=0, $trans_no=0)
+function hyperlink_back($center=true, $no_menu=true, $type_no=0, $trans_no=0, $final=false)
{
global $path_to_root;
if ($id != 0)
echo "<td align=center><a href='$path_to_root/admin/attachments.php?vw=$id' target='blanc_'>"._("View Attachment")."</a></td>\n";
echo "<td align=center><a href='javascript:window.print();'>"._("Print")."</a></td>\n";
- }
- echo "<td align=center><a href='javascript:goBack();'>".($no_menu ? _("Close") : _("Back"))."</a></td>\n";
+ }
+ echo "<td align=center><a href='javascript:goBack(".($final ? '-2' : '').");'>".($no_menu ? _("Close") : _("Back"))."</a></td>\n";
end_row();
end_table();
if ($center)
'selector' - ditto with closing current popup editor window
'cancel' - cancel form entry on Escape press; dflt ICON_CANCEL
'process' - displays progress bar during call; optional icon
+ 'nonajax' - ditto, non-ajax submit
$atype can contain also multiply type selectors separated by space,
however make sense only combination of 'process' and one of defualt/selector/cancel
case 'cancel':
if ($icon===false) $icon=ICON_ESCAPE; break;
+
+ case 'nonajax':
+ $atype = false;
}
}
}
}
//-----------------------------------------------------------------------------------
-function radio($label, $name, $value, $selected, $submit_on_change=false) {
+function radio($label, $name, $value, $selected=null, $submit_on_change=false)
+{
+ if (!isset($selected))
+ $selected = get_post($name) == $value;
if ($submit_on_change === true)
$submit_on_change =
function bank_balance_row($bank_acc, $parms='')
{
global $path_to_root;
-
+
$to = add_days(Today(), 1);
$bal = get_balance_before_for_bank_account($bank_acc, $to);
label_row( _("Bank Balance:"),
'' : (" - " . $row[2]));
}
+function add_edit_combo($type)
+{
+ global $path_to_root, $popup_editors, $use_icon_for_editkey;
+
+ if (!isset($use_icon_for_editkey) || $use_icon_for_editkey==0)
+ return "";
+ // Derive theme path
+ $theme_path = $path_to_root . '/themes/' . user_theme();
+
+ $key = $popup_editors[$type][1];
+ $onclick = "onclick=\"javascript:callEditor($key); return false;\"";
+ $img = "<img width='12' height='12' border='0' alt='Add/Edit' title='Add/Edit' src='$theme_path/images/".ICON_EDIT."'>";
+ return "<a target = '_blank' href='#' $onclick tabindex='-1'>$img</a>";
+}
+
function supplier_list($name, $selected_id=null, $spec_option=false, $submit_on_change=false,
$all=false, $editkey = false)
{
if ($editkey)
set_editor('supplier', $name, $editkey);
-
- return combo_input($name, $selected_id, $sql, 'supplier_id', 'supp_name',
+
+ $ret = combo_input($name, $selected_id, $sql, 'supplier_id', 'supp_name',
array(
'format' => '_format_add_curr',
'order' => array('supp_ref'),
_('Select supplier'),
'show_inactive'=>$all
));
+ if ($editkey)
+ $ret .= add_edit_combo('supplier');
+ return $ret;
}
function supplier_list_cells($label, $name, $selected_id=null, $all_option=false,
if ($editkey)
set_editor('customer', $name, $editkey);
- return combo_input($name, $selected_id, $sql, 'debtor_no', 'debtor_ref',
+ $ret = combo_input($name, $selected_id, $sql, 'debtor_no', 'debtor_ref',
array(
'format' => '_format_add_curr',
'order' => array('debtor_ref'),
_('Select customer'),
'show_inactive' => $show_inactive
) );
+ if ($editkey)
+ $ret .= add_edit_combo('customer');
+ return $ret;
}
function customer_list_cells($label, $name, $selected_id=null, $all_option=false,
function customer_list_row($label, $name, $selected_id=null, $all_option = false,
$submit_on_change=false, $show_inactive=false, $editkey = false)
{
+
echo "<tr><td class='label'>$label</td><td nowrap>";
echo customer_list($name, $selected_id, $all_option, $submit_on_change,
$show_inactive, $editkey);
set_editor('branch', $name, $editkey);
$where = $enabled ? array("disable_trans = 0") : array();
- return combo_input($name, $selected_id, $sql, 'branch_code', 'branch_ref',
+ $ret = combo_input($name, $selected_id, $sql, 'branch_code', 'branch_ref',
array(
'where' => $where,
'order' => array('branch_ref'),
'select_submit'=> $submit_on_change,
'sel_hint' => _('Select customer branch')
) );
+ if ($editkey)
+ {
+ $ret .= add_edit_combo('branch');
+ }
+ return $ret;
}
//------------------------------------------------------------------------------------------------
if ($editkey)
set_editor('item', $name, $editkey);
- return combo_input($name, $selected_id, $sql, 'stock_id', 's.description',
+ $ret = combo_input($name, $selected_id, $sql, 'stock_id', 's.description',
array_merge(
array(
'format' => '_format_stock_items',
'category' => 2,
'order' => array('c.description','stock_id')
), $opts) );
+ if ($editkey)
+ $ret .= add_edit_combo('item');
+ return $ret;
}
function _format_stock_items($row)
echo subledger_list($name, $account, $selected_id);
echo "</td>\n</tr>\n";
}
-
{
$label = _("GL");
$icon = ICON_GL;
- }
+ }
$url = ($type == ST_WORKORDER && !work_order_is_closed($trans_no)) ? "manufacturing/view/wo_costs_view.php?trans_no=$trans_no"
: "gl/view/gl_trans_view.php?type_id=$type&trans_no=$trans_no";
$begin = "";
else
$begin = begin_fiscalyear(); // from fiscalyear begin
- }
+ }
$base = get_gl_trans_from_to($begin, $cart->tran_date, $qe['base_desc']);
-
+
}
if ($descr != '') $qe['description'] .= ': '.$descr;
$result = get_quick_entry_lines($id);
$ones = array("", "One", "Two", "Three", "Four", "Five", "Six",
"Seven", "Eight", "Nine", "Ten", "Eleven", "Twelve", "Thirteen",
- "Fourteen", "Fifteen", "Sixteen", "Seventeen", "Eightteen",
+ "Fourteen", "Fifteen", "Sixteen", "Seventeen", "Eighteen",
"Nineteen");
$tens = array("", "", "Twenty", "Thirty", "Fourty", "Fifty", "Sixty",
- "Seventy", "Eigthy", "Ninety");
+ "Seventy", "Eighty", "Ninety");
if ($Dn || $n)
{
$dec = user_price_dec();
if ($dec > 0)
{
- $divisor = pow(10, $dec);
- $frac = round2($amount - floor($amount), $dec) * $divisor;
- $frac = sprintf("%0{$dec}d", $frac);
+ $divisor = pow(10, $dec);
+ $frac = round2($amount - floor($amount), $dec) * $divisor;
+ $frac = sprintf("%0{$dec}d", round2($frac, 0));
$and = _("and");
$frac = " $and $frac/$divisor";
}
else
$frac = "";
return _number_to_words(intval($amount)) . $frac;
-}
+}
function get_js_open_window($width, $height)
{
include($path_to_root . "/includes/system_tests.inc");
include($path_to_root . "/admin/db/maintenance_db.inc");
include($path_to_root . "/includes/packages.inc");
-@include($path_to_root . "/installed_extensions.php");
+if (file_exists($path_to_root . "/installed_extensions.php"))
+ include($path_to_root . "/installed_extensions.php");
//-------------------------------------------------------------------------------------------------
function subpage_title($txt)
return false;
}
// update default language
- include_once($path_to_root . "/lang/installed_languages.inc");
+ if (file_exists($path_to_root . "/lang/installed_languages.inc"))
+ include_once($path_to_root . "/lang/installed_languages.inc");
$dflt_lang = $_POST['lang'];
write_lang();
- if (!isset($installed_extensions))
- update_extensions(array());
return true;
}
return false;
$ret &= install_extension($package);
}
if ($ret) {
- @include($path_to_root.'/installed_extensions.php');
+ if (file_exists($path_to_root . '/installed_extensions.php'))
+ include($path_to_root.'/installed_extensions.php');
$_POST['Page'] = 5;
}
-}
-elseif (isset($_POST['set_admin'])) {
+} elseif (isset($_POST['set_admin'])) {
// check company settings
if (get_post('name')=='') {
display_error(_('Company name cannot be empty.'));
$_POST[$name] = $val;
set_focus('name');
}
+ if (!isset($installed_extensions)) {
+ $installed_extensions = array();
+ update_extensions($installed_extensions);
+ }
+
subpage_title(_('Company Settings'));
start_table(TABLESTYLE);
text_row_ex(_("Company Name:"), 'name', 30);
get_text_init();
$i_lang = isset($_POST['inst_lang']) ? $_POST['inst_lang'] :
- (isset($_SESSION['inst_set']['inst_lang']) ? $_SESSION['inst_set']['inst_lang'] : 'C');
+ (isset($_SESSION['inst_set']['inst_lang']) ? $_SESSION['inst_set']['inst_lang'] : array('C'));
// Page Initialisation
if (!isset($_SESSION['language']) || !method_exists($_SESSION['language'], 'set_language')
$_SESSION['language'] = new language($l['name'], $l['code'], $l['encoding'],
isset($l['rtl']) ? 'rtl' : 'ltr');
}
+if (!isset($installed_languages))
+ $installed_languages = array();
$_SESSION['language']->set_language($_SESSION['language']->code);
-$_SESSION['get_text']->add_domain( $_SESSION['language']->code, $path_to_root."/install/lang");
+$GetText->add_domain( $_SESSION['language']->code, $path_to_root."/install/lang");
include_once($path_to_root . "/version.php");
include_once($path_to_root . "/includes/main.inc");
projects / fa-stable.git / commitdiff