Menu
▾
▴
[Weberp-cvs] SF.net SVN: web-erp:[3288] trunk
|
From: <tim...@us...> - 2010-01-09 10:24:44
|
Revision: 3288
http://web-erp.svn.sourceforge.net/web-erp/?rev=3288&view=rev
Author: tim_schofield
Date: 2010-01-09 10:24:38 +0000 (Sat, 09 Jan 2010)
Log Message:
-----------
Changes to api session handling.
Modified Paths:
--------------
trunk/api/api_php.php
trunk/api/api_stock.php
trunk/api/api_xml-rpc.php
trunk/doc/Change.log.html
trunk/includes/session.inc
Added Paths:
-----------
trunk/api/api_login.php
trunk/api/api_session.inc
trunk/includes/UserLogin.php
Added: trunk/api/api_login.php
===================================================================
--- trunk/api/api_login.php (rev 0)
+++ trunk/api/api_login.php 2010-01-09 10:24:38 UTC (rev 3288)
@@ -0,0 +1,47 @@
+<?php
+/* $Id$*/
+// Validates user and sets up $_SESSION environment for API users.
+function LoginAPI($databasename, $user, $password) {
+ global $PathPrefix; // For included files
+ include('../config.php');
+ // Include now for the error code values.
+ include '../includes/UserLogin.php'; /* Login checking and setup */
+ $RetCode = array(); // Return result.
+ if (!isset($_SESSION['DatabaseName']) OR $_SESSION['DatabaseName'] == '' ) {
+ // Establish the database connection for this session.
+ $_SESSION['DatabaseName'] = $databasename;
+ /* Drag in the code to connect to the DB, and some other
+ * functions. If the connection is established, the
+ * variable $db will be set as the DB connection id.
+ * NOTE: This is needed here, as the api_session.inc file
+ * does NOT include this if there is no database name set.
+ */
+ include('../includes/ConnectDB.inc');
+ // Need to ensure we have a connection.
+ if (!isset($db)) {
+ $RetCode[0] = NoAuthorisation;
+ $RetCode[1] = UL_CONFIGERR;
+ return $RetCode;
+ }
+ $_SESSION['db'] = $db; // Set in above include
+ }
+ $rc = userLogin($user, $password, $_SESSION['db']);
+ switch ($rc) {
+ case UL_OK:
+ $RetCode[0] = 0; // All is well
+ break;
+ case UL_NOTVALID:
+ case UL_BLOCKED:
+ case UL_CONFIGERR:
+ case UL_SHOWLOGIN:
+ // Following not in use at 18 Nov 09.
+ case UL_MAINTENANCE:
+ /* Just return an error for now */
+ $RetCode[0] = NoAuthorisation;
+ $RetCode[1] = $rc;
+ break;
+ }
+ return $RetCode;
+}
+// ALSO NEED A userLogout FUNCTION
+?>
\ No newline at end of file
Property changes on: trunk/api/api_login.php
___________________________________________________________________
Added: svn:keywords
+ Id
Modified: trunk/api/api_php.php
===================================================================
--- trunk/api/api_php.php 2010-01-08 10:32:55 UTC (rev 3287)
+++ trunk/api/api_php.php 2010-01-09 10:24:38 UTC (rev 3288)
@@ -1,13 +1,12 @@
<?php
-/* $Id$*/
/* Include session.inc, to allow database connection, and access to
miscfunctions, and datefunctions.*/
- $DatabaseName='weberpdemo';
+// $DatabaseName='harlotte';
$AllowAnyone = true;
$PathPrefix=dirname(__FILE__).'/../';
- include($PathPrefix.'includes/session.inc');
- $_SESSION['db']=$db;
+ include('api_session.inc');
+// $_SESSION['db']=$db;
include 'api_errorcodes.php';
/* Include SQL_CommonFunctions.inc, to use GetNextTransNo().*/
@@ -16,36 +15,15 @@
/* Get weberp authentication, and return a valid database
connection */
function db($user, $password) {
- $_SESSION['UserID'] = $user;
- $sql = "SELECT fullaccess
- FROM www_users
- WHERE userid='" . DB_escape_string($user) . "'
- AND (password='" . CryptPass(DB_escape_string($password)) . "'
- OR password='" . DB_escape_string($password) . "')";
- $Auth_Result = DB_query($sql, $_SESSION['db']);
- $myrow=DB_fetch_row($Auth_Result);
- if (DB_num_rows($Auth_Result) > 0) {
- $_SESSION['AccessLevel'] = $myrow[0];
- $sql = 'SELECT tokenid FROM securitygroups
- WHERE secroleid = ' . $_SESSION['AccessLevel'];
- $Sec_Result = DB_query($sql, $_SESSION['db']);
-
- $_SESSION['AllowedPageSecurityTokens'] = array();
- if (DB_num_rows($Sec_Result)==0){
- return NoAuthorisation;
- } else {
- $i=0;
- while ($myrow = DB_fetch_row($Sec_Result)){
- $_SESSION['AllowedPageSecurityTokens'][$i] = $myrow[0];
- $i++;
- }
- }
- return $_SESSION['db'];
- } else {
+ if (!isset($_SESSION['AccessLevel']) OR
+ $_SESSION['AccessLevel'] == '') {
return NoAuthorisation;
+ } else {
+ return $_SESSION['db'];
}
}
+ include 'api_login.php';
include 'api_customers.php';
include 'api_branches.php';
include 'api_currencies.php';
Added: trunk/api/api_session.inc
===================================================================
--- trunk/api/api_session.inc (rev 0)
+++ trunk/api/api_session.inc 2010-01-09 10:24:38 UTC (rev 3288)
@@ -0,0 +1,142 @@
+<?php
+/* $Id$*/
+
+if (!isset($PathPrefix)) {
+ $PathPrefix='';
+}
+if (!file_exists($PathPrefix . 'config.php')){
+ $rootpath = dirname($_SERVER['PHP_SELF']);
+ if ($rootpath == '/' OR $rootpath == "\\") {
+ $rootpath = '';
+ }
+ header('Location:' . $rootpath . '/install/index.php');
+}
+include($PathPrefix . 'config.php');
+
+if (isset($SessionSavePath)){
+ session_save_path($SessionSavePath);
+}
+
+ini_set('session.gc_Maxlifetime',$SessionLifeTime);
+ini_set('max_execution_time',$MaximumExecutionTime);
+
+session_name('webERPapi');
+session_start();
+
+include($PathPrefix . 'includes/LanguageSetup.php');
+// Establish a DB connection, if possible. NOTE that this connection
+// may not have the same 'value' as any previous connection, so
+// save the new one in the session variable.
+if (isset($_SESSION['DatabaseName']) AND $_SESSION['DatabaseName'] != '' ) {
+ include($PathPrefix . 'includes/ConnectDB.inc');
+ $_SESSION['db'] = $db;
+}
+include($PathPrefix . 'includes/DateFunctions.inc');
+
+// Un comment to turn off attempts counter
+//$_SESSION['AttemptsCounter'] = 0;
+
+if (!isset($_SESSION['AttemptsCounter'])){
+ $_SESSION['AttemptsCounter'] = 0;
+}
+
+/*User is logged in so get configuration parameters - save in session*/
+if (isset($_SESSION['db']) AND $_SESSION['db'] != '' ) {
+ //include($PathPrefix . 'includes/GetConfig.php');
+}
+
+if(isset($_SESSION['DB_Maintenance'])){
+ if ($_SESSION['DB_Maintenance']!=0) {
+ if (DateDiff(Date($_SESSION['DefaultDateFormat']),
+ ConvertSQLDate($_SESSION['DB_Maintenance_LastRun'])
+ ,'d') > $_SESSION['DB_Maintenance']){
+
+ /*Do the DB maintenance routing for the DB_type selected */
+ DB_Maintenance($db);
+ //purge the audit trail if necessary
+ if (isset($_SESSION['MonthsAuditTrail'])){
+ $sql = "DELETE FROM audittrail
+ WHERE transactiondate <= '" . Date('Y-m-d', mktime(0,0,0, Date('m')-$_SESSION['MonthsAuditTrail'])) . "'";
+ $ErrMsg = _('There was a problem deleting expired audit-trail history');
+ $result = DB_query($sql,$db);
+ }
+ $_SESSION['DB_Maintenance_LastRun'] = Date('Y-m-d');
+ }
+ }
+}
+
+/*Check to see if currency rates need to be updated */
+if (isset($_SESSION['UpdateCurrencyRatesDaily'])){
+ if ($_SESSION['UpdateCurrencyRatesDaily']!=0) {
+ if (DateDiff(Date($_SESSION['DefaultDateFormat']),
+ ConvertSQLDate($_SESSION['UpdateCurrencyRatesDaily'])
+ ,'d')> 0){
+
+ $CurrencyRates = GetECBCurrencyRates(); // gets rates from ECB see includes/MiscFunctions.php
+ /*Loop around the defined currencies and get the rate from ECB */
+ $CurrenciesResult = DB_query('SELECT currabrev FROM currencies',$db);
+ while ($CurrencyRow = DB_fetch_row($CurrenciesResult)){
+ if ($CurrencyRow[0]!=$_SESSION['CompanyRecord']['currencydefault']){
+ $UpdateCurrRateResult = DB_query('UPDATE currencies SET
+ rate=' . GetCurrencyRate ($CurrencyRow[0],$CurrencyRates) . "
+ WHERE currabrev='" . $CurrencyRow[0] . "'",$db);
+ }
+ }
+ $_SESSION['UpdateCurrencyRatesDaily'] = Date('Y-m-d');
+ $UpdateConfigResult = DB_query("UPDATE config SET confvalue = '" . Date('Y-m-d') . "' WHERE confname='UpdateCurrencyRatesDaily'",$db);
+ }
+ }
+}
+// include('../includes/GetConfig.php');
+if ($_SESSION['HTTPS_Only']==1){
+ if ($_SERVER['HTTPS']!='on'){
+ prnMsg(_('webERP is configured to allow only secure socket connections. Pages must be called with https://') . ' .....','error');
+ exit;
+ }
+}
+
+// Now check that the user as logged in has access to the page being called. The $PageSecurity
+// value must be set in the script before header.inc is included. $SecurityGroups is an array of
+// arrays defining access for each group of users. These definitions can be modified by a system admin under setup
+
+
+if (!is_array($_SESSION['AllowedPageSecurityTokens']) AND !isset($AllowAnyone)) {
+ $title = _('Account Error Report');
+ include($PathPrefix . 'includes/header.inc');
+ echo '<br /><br /><br />';
+ prnMsg(_('Security settings have not been defined for your user account. Please advise your system administrator. It could also be that there is a session problem with your PHP web server'),'error');
+ include($PathPrefix . 'includes/footer.inc');
+ exit;
+}
+
+if (!isset($AllowAnyone)){
+ if ((!in_array($PageSecurity, $_SESSION['AllowedPageSecurityTokens']) OR !isset($PageSecurity))) {
+ $title = _('Security Permissions Problem');
+ include($PathPrefix . 'includes/header.inc');
+ echo '<tr>
+ <td class="menu_group_items">
+ <table width="100%" class="table_index">
+ <tr><td class="menu_group_item">';
+ echo '<b><font style="size:+1; text-align:center;">' . _('The security settings on your account do not permit you to access this function') . '</font></b>';
+
+ echo '</td>
+ </tr>
+ </table>
+ </td>';
+
+ include($PathPrefix . 'includes/footer.inc');
+ exit;
+ }
+ }
+
+function CryptPass( $Password ) {
+ global $CryptFunction;
+ if ( $CryptFunction == 'sha1' ) {
+ return sha1($Password);
+ } elseif ( $CryptFunction == 'md5' ) {
+ return md5($Password);
+ } else {
+ return $Password;
+ }
+ }
+?>
\ No newline at end of file
Property changes on: trunk/api/api_session.inc
___________________________________________________________________
Added: svn:keywords
+ Id
Modified: trunk/api/api_stock.php
===================================================================
--- trunk/api/api_stock.php 2010-01-08 10:32:55 UTC (rev 3287)
+++ trunk/api/api_stock.php 2010-01-09 10:24:38 UTC (rev 3288)
@@ -1,5 +1,4 @@
<?php
-/* $Id$*/
/* Check that the stock code*/
function VerifyStockCode($StockCode, $i, $Errors, $db) {
@@ -282,7 +281,7 @@
return $Errors;
}
$PageSecurity =11; //The authorisation required to go to the stock modification script
- if ((!in_array($PageSecurity, $_SESSION['AllowedPageSecurityTokens']))) {
+ if ((!in_array($PageSecurity, $_SESSION['AllowedPageSecurityTokens']))) {
$Errors[0]=NoAuthorisation;
return $Errors;
}
@@ -550,7 +549,7 @@
}
}
- function GetStockbalance($StockID, $user, $password) {
+ function GetStockBalance($StockID, $user = '', $password = '') {
$Errors = array();
$db = db($user, $password);
if (gettype($db)=='integer') {
@@ -782,16 +781,16 @@
',"api adjustment",'.$Quantity.','.$newqoh.')';
$locstocksql='UPDATE locstock SET quantity = quantity + '.$Quantity.' WHERE loccode="'.
$Location.'" AND stockid="'.$StockID.'"';
- $glupdatesql1="INSERT INTO gltrans (type, typeno, trandate, periodno, account, amount, narrative)
- VALUES (17,".GetNextTransactionNo(17, $db).",'".$TranDate.
- "',".GetPeriodFromTransactionDate($TranDate, sizeof($Errors), $Errors, $db).
- ",".$adjglact.",".$itemdetails['materialcost']*-$Quantity.
- ",'".$StockID." x ".$Quantity." @ ".$itemdetails['materialcost']."')";
- $glupdatesql2="INSERT INTO gltrans (type, typeno, trandate, periodno, account, amount, narrative)
- VALUES (17,".GetNextTransactionNo(17, $db).",'".$TranDate.
- "',".GetPeriodFromTransactionDate($TranDate, sizeof($Errors), $Errors, $db).
- ",".$stockact.",".$itemdetails['materialcost']*$Quantity.
- ",'".$StockID." x ".$Quantity." @ ".$itemdetails['materialcost']."')";
+ $glupdatesql1='INSERT INTO gltrans (type, typeno, trandate, periodno, account, amount, narrative)
+ VALUES (17,'.GetNextTransactionNo(17, $db).',"'.$TranDate.
+ '",'.GetPeriodFromTransactionDate($TranDate, sizeof($Errors), $Errors, $db).
+ ','.$adjglact.','.$itemdetails['materialcost']*-$Quantity.
+ ',"'.$StockID.' x '.$Quantity.' @ '.$itemdetails['materialcost'].'")';
+ $glupdatesql2='INSERT INTO gltrans (type, typeno, trandate, periodno, account, amount, narrative)
+ VALUES (17,'.GetNextTransactionNo(17, $db).',"'.$TranDate.
+ '",'.GetPeriodFromTransactionDate($TranDate, sizeof($Errors), $Errors, $db).
+ ','.$stockact.','.$itemdetails['materialcost']*$Quantity.
+ ',"'.$StockID.' x '.$Quantity.' @ '.$itemdetails['materialcost'].'")';
$systypessql = 'UPDATE systypes set typeno='.GetNextTransactionNo(17, $db).' where typeid=17';
DB_Txn_Begin($db);
Modified: trunk/api/api_xml-rpc.php
===================================================================
--- trunk/api/api_xml-rpc.php 2010-01-08 10:32:55 UTC (rev 3287)
+++ trunk/api/api_xml-rpc.php 2010-01-09 10:24:38 UTC (rev 3288)
@@ -1,13 +1,47 @@
<?php
-/* $Id$*/
include 'api_php.php';
include '../xmlrpc/lib/xmlrpc.inc';
+
include '../xmlrpc/lib/xmlrpcs.inc';
+
unset($Parameter);
unset($ReturnValue);
+ $Description = _('This function is used to login into the API methods for the specified the database.');
+ $Parameter[0]['name'] = _('Database Name');
+ $Parameter[0]['description'] = _('The name of the database to use for the transactions to come. ');
+ $Parameter[1]['name'] = _('User name');
+ $Parameter[1]['description'] = _('A valid weberp username. This user should have security access to this data.');
+ $Parameter[2]['name'] = _('User password');
+ $Parameter[2]['description'] = _('The weberp password associated with this user name. ');
+ $ReturnValue[0] = _('This function returns an integer. ').
+ _('Zero means the function was successful. ').
+ _('Otherwise an error code is returned. ');
+
+ $doc = '<tr><td><b><u>'._('Description').'</u></b></td><td colspan=2>' .$Description.'</td></tr>
+ <tr><td valign="top"><b><u>'._('Parameters').'</u></b></td>';
+ for ($i=0; $i<sizeof($Parameter); $i++) {
+ $doc .= '<tr><td valign="top">'.$Parameter[$i]['name'].'</td><td>'.
+ $Parameter[$i]['description'].'</td></tr>';
+ }
+ $doc .= '<tr><td valign="top"><b><u>'._('Return Value');
+ for ($i=0; $i<sizeof($ReturnValue); $i++) {
+ $doc .= '<td valign="top">'.$ReturnValue[$i].'</td></tr>';
+ }
+ $doc .= '</table>';
+ $Login_sig = array(array($xmlrpcStruct, $xmlrpcString, $xmlrpcString, $xmlrpcString));
+ $Login_doc = $doc;
+
+ function xmlrpc_Login($xmlrpcmsg) {
+ return new xmlrpcresp(php_xmlrpc_encode(LoginAPI($xmlrpcmsg->getParam(0)->scalarval(),
+ $xmlrpcmsg->getParam(1)->scalarval(),
+ $xmlrpcmsg->getParam(2)->scalarval())));
+ }
+
+ unset($Parameter);
+ unset($ReturnValue);
$Description = _('This function is used to insert a new customer into the webERP database.');
$Parameter[0]['name'] = _('Customer Details');
$Parameter[0]['description'] = _('A set of key/value pairs where the key must be identical to the name of the field to be updated. ')
@@ -553,13 +587,12 @@
$doc .= '<td valign="top">'.$ReturnValue[$i].'</td></tr>';
}
$doc .= '</table>';
- $GetStockItem_sig = array(array($xmlrpcStruct, $xmlrpcString, $xmlrpcString, $xmlrpcString));
+ $GetStockItem_sig = array(array($xmlrpcStruct, $xmlrpcString));
$GetStockItem_doc = $doc;
function xmlrpc_GetStockItem($xmlrpcmsg) {
return new xmlrpcresp(php_xmlrpc_encode(GetStockItem($xmlrpcmsg->getParam(0)->scalarval(),
- $xmlrpcmsg->getParam(1)->scalarval(),
- $xmlrpcmsg->getParam(2)->scalarval())));
+ '', '')));
}
unset($Parameter);
@@ -598,7 +631,7 @@
$Parameter[1]['description'] = _('A valid weberp username. This user should have security access to this data.');
$Parameter[2]['name'] = _('User password');
$Parameter[2]['description'] = _('The weberp password associated with this user name. ');
- $ReturnValue[0] = _('This function returns an array of stock quantities by location for this stock item. ').
+ $ReturnValue[0] = _('This function returns an array of stock quantities by location for this stock item. ');
$doc = '<tr><td><b><u>'._('Description').'</u></b></td><td colspan=2>' .$Description.'</td></tr>
<tr><td valign="top"><b><u>'._('Parameters').'</u></b></td>';
for ($i=0; $i<sizeof($Parameter); $i++) {
@@ -610,13 +643,18 @@
$doc .= '<td valign="top">'.$ReturnValue[$i].'</td></tr>';
}
$doc .= '</table>';
- $GetStockBalance_sig = array(array($xmlrpcStruct, $xmlrpcString, $xmlrpcString, $xmlrpcString));
+ $GetStockBalance_sig = array(array($xmlrpcStruct, $xmlrpcString, $xmlrpcString, $xmlrpcString),array($xmlrpcStruct, $xmlrpcString));
$GetStockBalance_doc = $doc;
function xmlrpc_GetStockBalance($xmlrpcmsg) {
- return new xmlrpcresp(php_xmlrpc_encode(GetStockBalance($xmlrpcmsg->getParam(0)->scalarval(),
+ if ($xmlrpcmsg->getNumParams() == 3)
+ {
+ return new xmlrpcresp(php_xmlrpc_encode(GetStockBalance($xmlrpcmsg->getParam(0)->scalarval(),
$xmlrpcmsg->getParam(1)->scalarval(),
$xmlrpcmsg->getParam(2)->scalarval())));
+ } else {
+ return new xmlrpcresp(php_xmlrpc_encode(GetStockBalance($xmlrpcmsg->getParam(0)->scalarval())));
+ }
}
unset($Parameter);
@@ -666,7 +704,7 @@
$Parameter[3]['description'] = _('A valid weberp username. This user should have security access to this data.');
$Parameter[4]['name'] = _('User password');
$Parameter[4]['description'] = _('The weberp password associated with this user name. ');
- $ReturnValue[0] = _('This function returns zero if the transaction was successful or an array of error codes if not. ').
+ $ReturnValue[0] = _('This function returns zero if the transaction was successful or an array of error codes if not. ');
$doc = '<tr><td><b><u>'._('Description').'</u></b></td><td colspan=2>' .$Description.'</td></tr>
<tr><td valign="top"><b><u>'._('Parameters').'</u></b></td>';
for ($i=0; $i<sizeof($Parameter); $i++) {
@@ -842,6 +880,18 @@
unset($ReturnValue);
unset($doc);
unset($Description);
+ $Description = 'This function is used to start a new sales order.';
+ $Parameter[0]['name'] = _('Insert Sales Order Header');
+ $Parameter[0]['description'] = _('A set of key/value pairs where the key must be identical to the name of the field to be updated. ')
+ ._('The field names can be found ').'<a href="../../Z_DescribeTable.php?table=salesorders">'._('here ').'</a>'
+ ._('and are case sensitive. ')._('The values should be of the correct type, and the api will check them before updating the database. ')
+ ._('The orderno key is generated by this call, and if a value is supplied, it will be ignored. ')
+ ._('It is not necessary to include all the fields in this parameter, the database default value will be used if the field is not given.');
+ $Parameter[1]['name'] = _('User name');
+ $Parameter[1]['description'] = _('A valid weberp username. This user should have security access to this data.');
+ $Parameter[2]['name'] = _('User password');
+ $Parameter[2]['description'] = _('The weberp password associated with this user name. ');
+ $ReturnValue[0] = _('If successful this function returns a two element array; the first element is 0 for success or an error code, while the second element is the order number.');
$doc = '<tr><td><b><u>'._('Description').'</u></b></td><td colspan=2>' .$Description.'</td></tr>
<tr><td valign="top"><b><u>'._('Parameters').'</u></b></td>';
for ($i=0; $i<sizeof($Parameter); $i++) {
@@ -866,6 +916,17 @@
unset($ReturnValue);
unset($doc);
unset($Description);
+ $Description = 'This function is used to modify the header details of a sales order';
+ $Parameter[0]['name'] = _('Modify Sales Order Header Details');
+ $Parameter[0]['description'] = _('A set of key/value pairs where the key must be identical to the name of the field to be updated. ')
+ ._('The field names can be found ').'<a href="../../Z_DescribeTable.php?table=salesorders">'._('here ').'</a>'
+ ._('and are case sensitive. ')._('The values should be of the correct type, and the api will check them before updating the database. ')
+ ._('It is not necessary to include all the fields in this parameter, the database default value will be used if the field is not given.');
+ $Parameter[1]['name'] = _('User name');
+ $Parameter[1]['description'] = _('A valid weberp username. This user should have security access to this data.');
+ $Parameter[2]['name'] = _('User password');
+ $Parameter[2]['description'] = _('The weberp password associated with this user name. ');
+ $ReturnValue[0] = _('If successful this function returns a single element array with the value 0; otherwise, it contains all error codes encountered during the update.');
$doc = '<tr><td><b><u>'._('Description').'</u></b></td><td colspan=2>' .$Description.'</td></tr>
<tr><td valign="top"><b><u>'._('Parameters').'</u></b></td>';
for ($i=0; $i<sizeof($Parameter); $i++) {
@@ -890,6 +951,18 @@
unset($ReturnValue);
unset($doc);
unset($Description);
+ $Description = 'This function is used to add line items to a sales order.';
+ $Parameter[0]['name'] = _('Insert Sales Order Line');
+ $Parameter[0]['description'] = _('A set of key/value pairs where the key must be identical to the name of the field to be updated. ')
+ ._('The field names can be found ').'<a href="../../Z_DescribeTable.php?table=salesorderdetails">'._('here ').'</a>'
+ ._('and are case sensitive. ')._('The values should be of the correct type, and the api will check them before updating the database. ')
+ ._('The orderno key must be one of these values. ')
+ ._('It is not necessary to include all the fields in this parameter, the database default value will be used if the field is not given.');
+ $Parameter[1]['name'] = _('User name');
+ $Parameter[1]['description'] = _('A valid weberp username. This user should have security access to this data.');
+ $Parameter[2]['name'] = _('User password');
+ $Parameter[2]['description'] = _('The weberp password associated with this user name. ');
+ $ReturnValue[0] = _('This function returns an array; the first element is 0 for success; otherwise the array contains a list of all errors encountered.');
$doc = '<tr><td><b><u>'._('Description').'</u></b></td><td colspan=2>' .$Description.'</td></tr>
<tr><td valign="top"><b><u>'._('Parameters').'</u></b></td>';
for ($i=0; $i<sizeof($Parameter); $i++) {
@@ -914,6 +987,18 @@
unset($ReturnValue);
unset($doc);
unset($Description);
+ $Description = 'This function is used to modify line items on a sales order.';
+ $Parameter[0]['name'] = _('Modify Sales Order Line');
+ $Parameter[0]['description'] = _('A set of key/value pairs where the key must be identical to the name of the field to be updated. ')
+ ._('The field names can be found ').'<a href="../../Z_DescribeTable.php?table=salesorderdetails">'._('here ').'</a>'
+ ._('and are case sensitive. ')._('The values should be of the correct type, and the api will check them before updating the database. ')
+ ._('The orderno and stkcode keys must be one of these values. ')
+ ._('It is not necessary to include all the fields in this parameter, the database default value will be used if the field is not given.');
+ $Parameter[1]['name'] = _('User name');
+ $Parameter[1]['description'] = _('A valid weberp username. This user should have security access to this data.');
+ $Parameter[2]['name'] = _('User password');
+ $Parameter[2]['description'] = _('The weberp password associated with this user name. ');
+ $ReturnValue[0] = _('This function returns an array; the first element is 0 for success; otherwise the array contains a list of all errors encountered.');
$doc = '<tr><td><b><u>'._('Description').'</u></b></td><td colspan=2>' .$Description.'</td></tr>
<tr><td valign="top"><b><u>'._('Parameters').'</u></b></td>';
for ($i=0; $i<sizeof($Parameter); $i++) {
@@ -1602,7 +1687,7 @@
}
$doc .= '<tr><td valign="top"><b><u>'._('Return Value');
for ($i=0; $i<sizeof($ReturnValue); $i++) {
- $doc .= '<tr><td></td><td valign="top">'.$ReturnValue[$i].'</td></tr>';
+ $doc .= '<td valign="top">'.$ReturnValue[$i].'</td></tr>';
}
$doc .= '</table>';
$InsertSupplier_sig = array(array($xmlrpcStruct, $xmlrpcStruct, $xmlrpcString, $xmlrpcString));
@@ -2190,6 +2275,10 @@
}
$s = new xmlrpc_server( array(
+ "weberp.xmlrpc_Login" => array(
+ "function" => "xmlrpc_Login",
+ "signature" => $Login_sig,
+ "docstring" => $Login_doc),
"weberp.xmlrpc_InsertCustomer" => array(
"function" => "xmlrpc_InsertCustomer",
"signature" => $InsertCustomer_sig,
@@ -2418,7 +2507,7 @@
"function" => "xmlrpc_StockCatPropertyList",
"signature" => $StockCatPropertyList_sig,
"docstring" => $StockCatPropertyList_doc),
- "weberp.xmlrpc_GetGLAccountList" => array(
+ "weberp.xmlrpc_GetGLAccountList" => array(
"function" => "xmlrpc_GetGLAccountList",
"signature" => $GetGLAccountList_sig,
"docstring" => $GetGLAccountList_doc),
@@ -2501,4 +2590,4 @@
)
);
-?>
\ No newline at end of file
+?>
Modified: trunk/doc/Change.log.html
===================================================================
--- trunk/doc/Change.log.html 2010-01-08 10:32:55 UTC (rev 3287)
+++ trunk/doc/Change.log.html 2010-01-09 10:24:38 UTC (rev 3288)
@@ -1,5 +1,6 @@
<p><font SIZE=4 COLOR=BLUE><b>webERP Change Log</b></font></p>
<p>
+<p>09/01/10 Lindsay: Changes to api session handling.
<p>08/01/10 Tim: PrintCustTrans.php - Correct errors preventing invoice from printing
<p>08/01/10 Tim: Put a supplier invoice on hold when outside the bounds set up in the config
<p>07/01/10 Tim: Payments.php - Enforce numbers only in input boxes
Added: trunk/includes/UserLogin.php
===================================================================
--- trunk/includes/UserLogin.php (rev 0)
+++ trunk/includes/UserLogin.php 2010-01-09 10:24:38 UTC (rev 3288)
@@ -0,0 +1,124 @@
+<?php
+
+/* Performs login checks and $_SESSION initialisation */
+/* $Id$*/
+
+define('UL_OK', 0); /* User verified, session initialised */
+define('UL_NOTVALID', 1); /* User/password do not agree */
+define('UL_BLOCKED', 2); /* Account locked, too many failed logins */
+define('UL_CONFIGERR', 3); /* Configuration error in webERP or server */
+define('UL_SHOWLOGIN', 4); /* Can this happen? */
+// Following not in use at 18 Nov 09.
+define('UL_MAINTENANCE', 5); /* Maintenance mode - no user logins */
+
+/* UserLogin
+ * Function to validate user name, perform validity checks and initialise
+ * $_SESSION data.
+ * Returns:
+ * See define() statements above.
+ */
+
+function userLogin($Name, $Password, $db) {
+ if (!isset($_SESSION['AccessLevel']) OR $_SESSION['AccessLevel'] == '' OR
+ (isset($Name) AND $Name != '')) {
+ /* if not logged in */
+ $_SESSION['AccessLevel'] = '';
+ $_SESSION['CustomerID'] = '';
+ $_SESSION['UserBranch'] = '';
+ $_SESSION['SalesmanLogin'] = '';
+ $_SESSION['Module'] = '';
+ $_SESSION['PageSize'] = '';
+ $_SESSION['UserStockLocation'] = '';
+ $_SESSION['AttemptsCounter']++;
+ // Show login screen
+ if (!isset($Name) or $Name == '') {
+ return UL_SHOWLOGIN;
+ }
+ $sql = "SELECT www_users.fullaccess,
+ www_users.customerid,
+ www_users.lastvisitdate,
+ www_users.pagesize,
+ www_users.defaultlocation,
+ www_users.branchcode,
+ www_users.modulesallowed,
+ www_users.blocked,
+ www_users.realname,
+ www_users.theme,
+ www_users.displayrecordsmax,
+ www_users.userid,
+ www_users.language,
+ www_users.salesman
+ FROM www_users
+ WHERE www_users.userid='" . $Name . "'
+ AND (www_users.password='" . CryptPass($Password) . "'
+ OR www_users.password='" . $Password . "')";
+ $Auth_Result = DB_query($sql, $db);
+ // Populate session variables with data base results
+ if (DB_num_rows($Auth_Result) > 0) {
+ $myrow = DB_fetch_row($Auth_Result);
+ if ($myrow[7]==1){
+ //the account is blocked
+ return UL_BLOCKED;
+ }
+ /*reset the attempts counter on successful login */
+ $_SESSION['AttemptsCounter'] = 0;
+ $_SESSION['AccessLevel'] = $myrow[0];
+ $_SESSION['CustomerID'] = $myrow[1];
+ $_SESSION['UserBranch'] = $myrow[5];
+ $_SESSION['DefaultPageSize'] = $myrow[3];
+ $_SESSION['UserStockLocation'] = $myrow[4];
+ $_SESSION['ModulesEnabled'] = explode(",", $myrow[6]);
+ $_SESSION['UsersRealName'] = $myrow[8];
+ $_SESSION['Theme'] = $myrow[9];
+// $_SESSION['UserID'] = $myrow[11];
+ $_SESSION['Language'] = $myrow[12];
+ $_SESSION['SalesmanLogin'] = $myrow[13];
+ if ($myrow[10] > 0) {
+ $_SESSION['DisplayRecordsMax'] = $myrow[10];
+ } else {
+ $_SESSION['DisplayRecordsMax'] = $_SESSION['DefaultDisplayRecordsMax']; // default comes from config.php
+ }
+ $sql = "UPDATE www_users SET lastvisitdate='". date("Y-m-d H:i:s") ."'
+ WHERE www_users.userid='" . $Name . "'";
+ $Auth_Result = DB_query($sql, $db);
+ /*get the security tokens that the user has access to */
+ $sql = 'SELECT tokenid FROM securitygroups
+ WHERE secroleid = ' . $_SESSION['AccessLevel'];
+ $Sec_Result = DB_query($sql, $db);
+ $_SESSION['AllowedPageSecurityTokens'] = array();
+ if (DB_num_rows($Sec_Result)==0){
+ return UL_CONFIGERR;
+ } else {
+ $i=0;
+ while ($myrow = DB_fetch_row($Sec_Result)){
+ $_SESSION['AllowedPageSecurityTokens'][$i] = $myrow[0];
+ $i++;
+ }
+ }
+ // Temporary shift - disable log messages.
+ $_SESSION['UserID'] = $myrow[11];
+ } else { // Incorrect password
+ // 5 login attempts, show failed login screen
+ if (!isset($_SESSION['AttemptsCounter'])) {
+ $_SESSION['AttemptsCounter'] = 0;
+ } elseif ($_SESSION['AttemptsCounter'] >= 5 AND isset($Name)) {
+ /*User blocked from future accesses until sysadmin releases */
+ $sql = "UPDATE www_users
+ SET blocked=1
+ WHERE www_users.userid='" . $Name . "'";
+ $Auth_Result = DB_query($sql, $db);
+ return UL_BLOCKED;
+ }
+ return UL_NOTVALID;
+ }
+ } // End of userid/password check
+ // Run with debugging messages for the system administrator(s) but not anyone else
+ if (in_array(15, $_SESSION['AllowedPageSecurityTokens'])) {
+ $debug = 1;
+ } else {
+ $debug = 0;
+ }
+ return UL_OK; /* All is well */
+}
+
+?>
\ No newline at end of file
Property changes on: trunk/includes/UserLogin.php
___________________________________________________________________
Added: svn:keywords
+ Id
Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc 2010-01-08 10:32:55 UTC (rev 3287)
+++ trunk/includes/session.inc 2010-01-09 10:24:38 UTC (rev 3288)
@@ -1,7 +1,6 @@
<?php
+/* $Revision: 1.67 $ */
-/* $Id$ */
-
if (!isset($PathPrefix)) {
$PathPrefix='';
}
@@ -61,132 +60,46 @@
if (!isset($AllowAnyone)){ /* only do security checks if AllowAnyone is not true */
- if (!isset($_SESSION['AccessLevel']) OR $_SESSION['AccessLevel'] == ''){
-
-// (isset($_POST['UserNameEntryField']) AND $_POST['UserNameEntryField'] != '')) {
+ include $PathPrefix . 'includes/UserLogin.php'; /* Login checking and setup */
- /* if not logged in */
+ if (isset($_POST['UserNameEntryField']) and isset($_POST['Password'])) {
+ $rc = userLogin($_POST['UserNameEntryField'], $_POST['Password'], $db);
+ } else if (empty($_SESSION['DatabaseName'])) {
+ $rc = UL_SHOWLOGIN;
+ } else {
+ $rc = UL_OK;
+ }
- $_SESSION['AccessLevel'] = '';
- $_SESSION['CustomerID'] = '';
- $_SESSION['UserBranch'] = '';
- $_SESSION['SalesmanLogin'] = '';
- $_SESSION['Module'] = '';
- $_SESSION['PageSize'] = '';
- $_SESSION['UserStockLocation'] = '';
- $_SESSION['PDFLanguage']= '';
- $_SESSION['AttemptsCounter']++;
+ /* Need to set the theme to make login screen nice */
+ $theme = (isset($_SESSION['Theme'])) ? $_SESSION['Theme'] : 'silverwolf';
+ switch ($rc) {
+ case UL_OK;
+ break;
+ case UL_SHOWLOGIN:
+ include($PathPrefix . 'includes/Login.php');
+ exit;
- $theme = 'silverwolf';
+ case UL_BLOCKED:
+ die(include($PathPrefix . 'includes/FailedLogin.php'));
- // Show login screen
- if (!isset($_POST['UserNameEntryField']) or $_POST['UserNameEntryField'] == '') {
- include($PathPrefix . 'includes/Login.php');
- exit;
- }
+ case UL_CONFIGERR:
+ $title = _('Account Error Report');
+ include($PathPrefix . 'includes/header.inc');
+ echo '<br /><br /><br />';
+ prnMsg(_('Your user role does not have any access defined for webERP. There is an error in the security setup for this user account'),'error');
+ include($PathPrefix . 'includes/footer.inc');
+ exit;
+ case UL_NOTVALID:
+ $demo_text = '<font size="3" color="red"><b>' . _('incorrect password') . '</b></font><br /><b>' . _('The user/password combination') . '<br />' . _('is not a valid user of the system') . '</b>';
+ die(include($PathPrefix . 'includes/Login.php'));
- $sql = "SELECT www_users.fullaccess,
- www_users.customerid,
- www_users.lastvisitdate,
- www_users.pagesize,
- www_users.defaultlocation,
- www_users.branchcode,
- www_users.modulesallowed,
- www_users.blocked,
- www_users.realname,
- www_users.theme,
- www_users.displayrecordsmax,
- www_users.userid,
- www_users.language,
- www_users.salesman,
- www_users.pdflanguage
- FROM www_users
- WHERE www_users.userid='" . DB_escape_string($_POST['UserNameEntryField']) . "'
- AND (www_users.password='" . CryptPass(DB_escape_string($_POST['Password'])) . "'
- OR www_users.password='" . DB_escape_string($_POST['Password']) . "')";
- $Auth_Result = DB_query($sql, $db);
+ case UL_MAINTENANCE:
+ $demo_text = '<font size="3" color="red"><b>' . _('system maintenance') . '</b></font><br /><b>' . _('webERP is not available right now') . '<br />' . _('during maintenance of the system') . '</b>';
+ die(include($PathPrefix . 'includes/Login.php'));
- // Populate session variables with data base results
- if (DB_num_rows($Auth_Result) > 0) {
-
- $myrow = DB_fetch_row($Auth_Result);
- if ($myrow[7]==1){
- //the account is blocked
- die(include($PathPrefix . 'includes/FailedLogin.php'));
- }
- /*reset the attempts counter on successful login */
- $_SESSION['AttemptsCounter'] = 0;
- $_SESSION['AccessLevel'] = $myrow[0];
- $_SESSION['CustomerID'] = $myrow[1];
- $_SESSION['UserBranch'] = $myrow[5];
- $_SESSION['DefaultPageSize'] = $myrow[3];
- $_SESSION['UserStockLocation'] = $myrow[4];
- $_SESSION['ModulesEnabled'] = explode(",", $myrow[6]);
- $_SESSION['UsersRealName'] = $myrow[8];
- $_SESSION['Theme'] = $myrow[9];
- $_SESSION['UserID'] = $myrow[11];
- $_SESSION['Language'] = $myrow[12];
- $_SESSION['SalesmanLogin'] = $myrow[13];
- $_SESSION['PDFLanguage']= $myrow[14];
- if ($myrow[10] > 0) {
- $_SESSION['DisplayRecordsMax'] = $myrow[10];
- } else {
- $_SESSION['DisplayRecordsMax'] = $_SESSION['DefaultDisplayRecordsMax']; // default comes from config.php
- }
-
- $sql = "UPDATE www_users SET lastvisitdate='". date("Y-m-d H:i:s") ."'
- WHERE www_users.userid='" . DB_escape_string($_POST['UserNameEntryField']) . "'";
- $Auth_Result = DB_query($sql, $db);
-
- /*get the security tokens that the user has access to */
- $sql = 'SELECT tokenid FROM securitygroups
- WHERE secroleid = ' . $_SESSION['AccessLevel'];
- $Sec_Result = DB_query($sql, $db);
-
- $_SESSION['AllowedPageSecurityTokens'] = array();
- if (DB_num_rows($Sec_Result)==0){
- $title = _('Account Error Report');
- include($PathPrefix . 'includes/header.inc');
- echo '<br /><br /><br />';
- prnMsg(_('Your user role does not have any access defined for webERP. There is an error in the security setup for this user account'),'error');
- include($PathPrefix . 'includes/footer.inc');
- exit;
- } else {
- $i=0;
- while ($myrow = DB_fetch_row($Sec_Result)){
- $_SESSION['AllowedPageSecurityTokens'][$i] = $myrow[0];
- $i++;
- }
- }
-
- //echo '<meta http-equiv="refresh" content="0" url="' . $_SERVER['PHP_SELF'] . '?' . SID . '">';
- //exit;
- } else { // Incorrect password
- // 5 login attempts, show failed login screen
- if (!isset($_SESSION['AttemptsCounter'])) {
- $_SESSION['AttemptsCounter'] = 0;
- } elseif ($_SESSION['AttemptsCounter'] >= 5 AND isset($_POST['UserNameEntryField'])) {
- /*User blocked from future accesses until sysadmin releases */
- $sql = "UPDATE www_users
- SET blocked=1
- WHERE www_users.userid='" . $_POST['UserNameEntryField'] . "'";
- $Auth_Result = DB_query($sql, $db);
- die(include($PathPrefix . 'includes/FailedLogin.php'));
- }
- $demo_text = '<font size="3" color="red"><b>' . _('incorrect password') . '</b></font><br /><b>' . _('The user/password combination') . '<br />' . _('is not a valid user of the system') . '</b>';
- die(include($PathPrefix . 'includes/Login.php'));
- }
- } // End of userid/password check
- // Run with debugging messages for the system administrator(s) but not anyone else
-
- if (in_array(15, $_SESSION['AllowedPageSecurityTokens'])) {
- $debug = 1;
- } else {
- $debug = 0;
}
-
} /* only do security checks if AllowAnyone is not true */
/*User is logged in so get configuration parameters - save in session*/
@@ -265,7 +178,7 @@
if ($DirEntry != '.' AND $DirEntry !='..'){
$InCompanyDir[] = $DirEntry; //make an array of all files under company directory
}
- } //loop through list of files in the company directory
+ } //loop through list of files in the company directory
if ($InCompanyDir !== FALSE) {
foreach($InCompanyDir as $logofilename)
if (strncasecmp($logofilename,'logo.jpg',8) === 0 AND
@@ -345,4 +258,4 @@
return $Password;
}
}
-?>
+?>
\ No newline at end of file
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
