Menu
▾
▴
[Weberp-cvs] SF.net SVN: web-erp:[4447] trunk
|
From: <dai...@us...> - 2010-12-26 08:33:35
|
Revision: 4447
http://web-erp.svn.sourceforge.net/web-erp/?rev=4447&view=rev
Author: daintree
Date: 2010-12-26 08:33:29 +0000 (Sun, 26 Dec 2010)
Log Message:
-----------
User login fix - SQL
Modified Paths:
--------------
trunk/Logout.php
trunk/UpgradeDatabase.php
trunk/UserSettings.php
trunk/Z_ChangeBranchCode.php
trunk/includes/GetConfig.php
trunk/includes/UserLogin.php
trunk/includes/class.pdf.php
trunk/includes/session.inc
trunk/sql/mysql/upgrade3.11.1-4.00.sql
Modified: trunk/Logout.php
===================================================================
--- trunk/Logout.php 2010-12-24 09:53:30 UTC (rev 4446)
+++ trunk/Logout.php 2010-12-26 08:33:29 UTC (rev 4447)
@@ -2,7 +2,7 @@
/* $Revision: 1.17 $ */
/* $Id$*/
//$PageSecurity =1;
-$AllowAnyone=True; /* Allow all users to log off - needed for autoamted runs */
+$AllowAnyone=True; /* Allow all users to log off */
include('includes/session.inc');
Modified: trunk/UpgradeDatabase.php
===================================================================
--- trunk/UpgradeDatabase.php 2010-12-24 09:53:30 UTC (rev 4446)
+++ trunk/UpgradeDatabase.php 2010-12-26 08:33:29 UTC (rev 4447)
@@ -6,7 +6,7 @@
$title = _('Database Upgrade');
-ob_start();
+//ob_start(); /*what is this for? */
include('includes/header.inc');
@@ -390,7 +390,7 @@
} else {
$StartingUpdate=$_SESSION['DBUpdateNumber']+1;
$EndingUpdate=$DBVersion;
- ob_end_flush();
+ //ob_end_flush();
echo '<table>';
for($UpdateNumber=$StartingUpdate; $UpdateNumber<=$EndingUpdate; $UpdateNumber++) {
ob_start();
Modified: trunk/UserSettings.php
===================================================================
--- trunk/UserSettings.php 2010-12-24 09:53:30 UTC (rev 4446)
+++ trunk/UserSettings.php 2010-12-26 08:33:29 UTC (rev 4447)
@@ -12,13 +12,8 @@
_('User Settings') . '" alt="" />' . ' ' . _('User Settings') . '</p>';
$PDFLanguages = array(_('Latin Western Languages'),
- _('Eastern European Russian Japanese'),
- _('Chinese'),
- _('Korean'),
- _('Vietnamese'),
- _('Hebrew'),
- _('Arabic'),
- _('Thai'));
+ _('Eastern European Russian Japanese Korean Hebrew Arabic Thai'),
+ _('Chinese'));
if (isset($_POST['Modify'])) {
Modified: trunk/Z_ChangeBranchCode.php
===================================================================
--- trunk/Z_ChangeBranchCode.php 2010-12-24 09:53:30 UTC (rev 4446)
+++ trunk/Z_ChangeBranchCode.php 2010-12-26 08:33:29 UTC (rev 4447)
@@ -37,7 +37,7 @@
/*Now check that the new code doesn't already exist */
$result=DB_query("SELECT debtorno FROM custbranch WHERE debtorno='" . $_POST['DebtorNo'] . "' AND branchcode ='" . $_POST['NewBranchCode'] . "'",$db);
if (DB_num_rows($result)!=0){
- prmMsg(_('The replacement customer branch code') . ': ' . $_POST['NewBranchCode'] . ' ' . _('already exists as a branch code for the same customer') . ' - ' . _('a unique branch code must be entered for the new code'),'error');
+ prnMsg(_('The replacement customer branch code') . ': ' . $_POST['NewBranchCode'] . ' ' . _('already exists as a branch code for the same customer') . ' - ' . _('a unique branch code must be entered for the new code'),'error');
include('includes/footer.inc');
exit;
}
Modified: trunk/includes/GetConfig.php
===================================================================
--- trunk/includes/GetConfig.php 2010-12-24 09:53:30 UTC (rev 4446)
+++ trunk/includes/GetConfig.php 2010-12-26 08:33:29 UTC (rev 4447)
@@ -5,8 +5,9 @@
if(isset($ForceConfigReload) and $ForceConfigReload==TRUE OR !isset($_SESSION['CompanyDefaultsLoaded'])) {
global $db; // It is global, we may not be.
- $sql = 'SELECT confname, confvalue FROM config'; // dont care about the order by
- $ConfigResult = DB_query($sql,$db);
+ $sql = 'SELECT confname, confvalue FROM config';
+ $ErrMsg = _('Could not get the configuration parameters from the database because');
+ $ConfigResult = DB_query($sql,$db,$ErrMsg);
while( $myrow = DB_fetch_row($ConfigResult) ) {
if (is_numeric($myrow[1]) and $myrow[0]!='DefaultPriceList'){
//the variable name is given by $myrow[0]
@@ -14,64 +15,60 @@
} else {
$_SESSION[$myrow[0]] = $myrow[1];
}
-
} //end loop through all config variables
$_SESSION['CompanyDefaultsLoaded'] = true;
+ if (!isset($_SESSION['DBUpdateNumber'])){ // the config record for DBUpdateNumber is not yet added
+ $_SESSION['DBUpdateNumber']=-1;
+ header('Location: UpgradeDatabase.php'); //divert to the db upgrade if the DBUpdateNumber is not in the config table
+ }
+
DB_free_result($ConfigResult); // no longer needed
/*Maybe we should check config directories exist and try to create if not */
- $sql="SHOW tables WHERE Tables_in_".$_SESSION['DatabaseName']."='pagesecurity'";
- $result=DB_query($sql, $db);
+ $sql='SHOW tables WHERE Tables_in_'.$_SESSION['DatabaseName']."='pagesecurity'";
+ $ErrMsg = _('Could not determine if the pagesecurity table is in the database');
+ $result=DB_query($sql, $db,$ErrMsg);
if (DB_num_rows($result)>0) {
- $sql="SELECT script, security FROM pagesecurity";
+ $sql='SELECT script, security FROM pagesecurity';
+ $ErrMsg = _('Could not get the page security details from the database because');
$result=DB_query($sql, $db);
- } else if (basename($_SERVER['SCRIPT_NAME'])!='UpgradeDatabase.php') {
- header("Location: UpgradeDatabase.php");
+ } else if (basename($_SERVER['SCRIPT_NAME'])!='UpgradeDatabase.php') {
+ header('Location: UpgradeDatabase.php'); //divert to upgrade database if the pagesecurity table does not exist
}
while ($myrow=DB_fetch_array($result)) {
$_SESSION[$myrow['script']]=$myrow['security'];
}
-
- $sql="SELECT confvalue FROM config WHERE confname='DBUpdateNumber'";
- $result=DB_query($sql, $db);
- if (DB_num_rows($result)==0) {
- $_SESSION['DBUpdateNumber']=-1;
- } else {
- $myrow=DB_fetch_array($result);
- $_SESSION['DBUpdateNumber']=$myrow['confvalue'];
- }
-
+
/* Also reads all the company data set up in the company record and returns an array */
- $sql= 'SELECT
- coyname,
- gstno,
- regoffice1,
- regoffice2,
- regoffice3,
- regoffice4,
- regoffice5,
- regoffice6,
- telephone,
- fax,
- email,
- currencydefault,
- debtorsact,
- pytdiscountact,
- creditorsact,
- payrollact,
- grnact,
- exchangediffact,
- purchasesexchangediffact,
- retainedearnings,
- freightact,
- gllink_debtors,
- gllink_creditors,
- gllink_stock
- FROM companies
- WHERE coycode=1';
-
+ $sql= 'SELECT coyname,
+ gstno,
+ regoffice1,
+ regoffice2,
+ regoffice3,
+ regoffice4,
+ regoffice5,
+ regoffice6,
+ telephone,
+ fax,
+ email,
+ currencydefault,
+ debtorsact,
+ pytdiscountact,
+ creditorsact,
+ payrollact,
+ grnact,
+ exchangediffact,
+ purchasesexchangediffact,
+ retainedearnings,
+ freightact,
+ gllink_debtors,
+ gllink_creditors,
+ gllink_stock
+ FROM companies
+ WHERE coycode=1';
+
$ErrMsg = _('An error occurred accessing the database to retrieve the company information');
$ReadCoyResult = DB_query($sql,$db,$ErrMsg);
@@ -84,41 +81,32 @@
}
} //end if force reload or not set already
-$sql="SHOW tables WHERE Tables_in_".$_SESSION['DatabaseName']."='emailsettings'";
+$sql='SELECT id,
+ host,
+ port,
+ heloaddress,
+ username,
+ password,
+ timeout,
+ auth
+ FROM emailsettings';
$result=DB_query($sql, $db);
-if (DB_num_rows($result)>0) {
- $sql='SELECT id,
- host,
- port,
- heloaddress,
- username,
- password,
- timeout,
- auth
- FROM emailsettings';
- $result=DB_query($sql, $db);
- $myrow=DB_fetch_array($result);
+$myrow=DB_fetch_array($result);
- $_SESSION['SMTPSettings']['host']=$myrow['host'];
- $_SESSION['SMTPSettings']['port']=$myrow['port'];
- $_SESSION['SMTPSettings']['heloaddress']=$myrow['heloaddress'];
- $_SESSION['SMTPSettings']['username']=$myrow['username'];
- $_SESSION['SMTPSettings']['password']=$myrow['password'];
- $_SESSION['SMTPSettings']['timeout']=$myrow['timeout'];
- $_SESSION['SMTPSettings']['auth']=$myrow['auth'];
-} else if (basename($_SERVER['SCRIPT_NAME'])!='UpgradeDatabase.php') {
- header("Location: UpgradeDatabase.php");
-}
+$_SESSION['SMTPSettings']['host']=$myrow['host'];
+$_SESSION['SMTPSettings']['port']=$myrow['port'];
+$_SESSION['SMTPSettings']['heloaddress']=$myrow['heloaddress'];
+$_SESSION['SMTPSettings']['username']=$myrow['username'];
+$_SESSION['SMTPSettings']['password']=$myrow['password'];
+$_SESSION['SMTPSettings']['timeout']=$myrow['timeout'];
+$_SESSION['SMTPSettings']['auth']=$myrow['auth'];
- /*
+/*
+These variable if required are in config.php
-
-Stay in config.php
$DefaultLanguage = en_GB
$allow_demo_mode = 1
-
-
$EDIHeaderMsgId = D:01B:UN:EAN010
$EDIReference = WEBERP
$EDI_MsgPending = EDI_Pending
Modified: trunk/includes/UserLogin.php
===================================================================
--- trunk/includes/UserLogin.php 2010-12-24 09:53:30 UTC (rev 4446)
+++ trunk/includes/UserLogin.php 2010-12-26 08:33:29 UTC (rev 4447)
@@ -7,9 +7,8 @@
define('UL_NOTVALID', 1); /* User/password do not agree */
define('UL_BLOCKED', 2); /* Account locked, too many failed logins */
define('UL_CONFIGERR', 3); /* Configuration error in webERP or server */
-define('UL_SHOWLOGIN', 4); /* Can this happen? */
-// Following not in use at 18 Nov 09.
-define('UL_MAINTENANCE', 5); /* Maintenance mode - no user logins */
+define('UL_SHOWLOGIN', 4);
+define('UL_MAINTENANCE', 5);
/* UserLogin
* Function to validate user name, perform validity checks and initialise
@@ -19,7 +18,9 @@
*/
function userLogin($Name, $Password, $db) {
-
+
+ global $debug;
+
if (!isset($_SESSION['AccessLevel']) OR $_SESSION['AccessLevel'] == '' OR
(isset($Name) AND $Name != '')) {
/* if not logged in */
@@ -35,16 +36,32 @@
if (!isset($Name) or $Name == '') {
return UL_SHOWLOGIN;
}
- $sql = "SELECT *
+ $sql = "SELECT customerid,
+- lastvisitdate,
+- pagesize,
+- defaultlocation,
+- branchcode,
+- modulesallowed,
+- blocked,
+- realname,
+- theme,
+- displayrecordsmax,
+- userid,
+- language,
+- salesman,
+- pdflanguage,
+ fullaccess
FROM www_users
WHERE www_users.userid='" . $Name . "'
AND (www_users.password='" . CryptPass($Password) . "'
OR www_users.password='" . $Password . "')";
- $Auth_Result = DB_query($sql, $db);
+ $ErrMsg = _('Could not retrieve user details on login because');
+ $debug =1;
+ $Auth_Result = DB_query($sql, $db,$ErrMsg);
// Populate session variables with data base results
if (DB_num_rows($Auth_Result) > 0) {
$myrow = DB_fetch_array($Auth_Result);
- if ($myrow[7]==1){
+ if ($myrow['blocked']==1){
//the account is blocked
return UL_BLOCKED;
}
@@ -64,7 +81,7 @@
if (isset($myrow['pdflanguage'])) {
$_SESSION['PDFLanguage'] = $myrow['pdflanguage'];
} else {
- $_SESSION['PDFLanguage'] = '';
+ $_SESSION['PDFLanguage'] = '0'; //default to latin western languages
}
if ($myrow[10] > 0) {
@@ -73,12 +90,12 @@
$_SESSION['DisplayRecordsMax'] = $_SESSION['DefaultDisplayRecordsMax']; // default comes from config.php
}
$_SESSION['UserID'] = $myrow['userid'];
- $sql = "UPDATE www_users SET lastvisitdate='". date("Y-m-d H:i:s") ."'
- WHERE www_users.userid='" . $Name . "'";
+ $sql = "UPDATE www_users SET lastvisitdate='". date('Y-m-d H:i:s') ."'
+ WHERE www_users.userid='" . $Name . "'";
$Auth_Result = DB_query($sql, $db);
/*get the security tokens that the user has access to */
$sql = 'SELECT tokenid FROM securitygroups
- WHERE secroleid = ' . $_SESSION['AccessLevel'];
+ WHERE secroleid = ' . $_SESSION['AccessLevel'];
$Sec_Result = DB_query($sql, $db);
$_SESSION['AllowedPageSecurityTokens'] = array();
if (DB_num_rows($Sec_Result)==0){
@@ -98,8 +115,8 @@
} elseif ($_SESSION['AttemptsCounter'] >= 5 AND isset($Name)) {
/*User blocked from future accesses until sysadmin releases */
$sql = "UPDATE www_users
- SET blocked=1
- WHERE www_users.userid='" . $Name . "'";
+ SET blocked=1
+ WHERE www_users.userid='" . $Name . "'";
$Auth_Result = DB_query($sql, $db);
return UL_BLOCKED;
}
Modified: trunk/includes/class.pdf.php
===================================================================
--- trunk/includes/class.pdf.php 2010-12-24 09:53:30 UTC (rev 4446)
+++ trunk/includes/class.pdf.php 2010-12-26 08:33:29 UTC (rev 4447)
@@ -36,24 +36,19 @@
if (isset($_SESSION['PDFLanguage'])) {
- $userpdflang = $_SESSION['PDFLanguage'];
+ $UserPdfLang = $_SESSION['PDFLanguage'];
- switch ($userpdflang) {
- case 0: $userpdffont = 'times'; break;
- case 1: $userpdffont = 'javierjp'; break;
- case 2: $userpdffont = 'javiergb'; break;
- case 3: $userpdffont = 'javierjp'; break;
- case 4: $userpdffont = 'javierjp'; break;
- case 5: $userpdffont = 'javierjp'; break;
- case 6: $userpdffont = 'javierjp'; break;
- case 7: $userpdffont = 'javierjp'; break;
+ switch ($UserPdfLang) {
+ case 0: $UserPdfFont = 'times'; break;
+ case 1: $UserPdfFont = 'javierjp'; break;
+ case 2: $UserPdfFont = 'javiergb'; break;
}
} else {
- $userpdffont = 'helvetica';
+ $UserPdfFont = 'helvetica';
}
- $this->SetFont($userpdffont, '', 11);
+ $this->SetFont($UserPdfFont, '', 11);
// SetFont($family, $style='', $size=0, $fontfile='')
}
Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc 2010-12-24 09:53:30 UTC (rev 4446)
+++ trunk/includes/session.inc 2010-12-26 08:33:29 UTC (rev 4447)
@@ -4,6 +4,7 @@
if (!isset($PathPrefix)) {
$PathPrefix='';
}
+
if (!file_exists($PathPrefix . 'config.php')){
$rootpath = dirname($_SERVER['PHP_SELF']);
if ($rootpath == '/' OR $rootpath == "\\") {
@@ -110,13 +111,14 @@
}
} /* only do security checks if AllowAnyone is not true */
+
/*User is logged in so get configuration parameters - save in session*/
include($PathPrefix . 'includes/GetConfig.php');
if (isset($_SESSION[basename($_SERVER['SCRIPT_NAME'])])) {
$PageSecurity = $_SESSION[basename($_SERVER['SCRIPT_NAME'])];
}
-
+
if (($DBVersion>$_SESSION['DBUpdateNumber']) and (basename($_SERVER['SCRIPT_NAME'])!='UpgradeDatabase.php')) {
header("Location: UpgradeDatabase.php");
}
@@ -264,7 +266,12 @@
} else {
$SupplierLogin=0;
}
+/* Nasty kludge to allow Supplier only logins as well as Customer logins - .... hmmmmm */
+if ($SupplierLogin==1) {
+ $_SESSION['AllowedPageSecurityTokens'][0]=9;
+}
+
if (!isset($AllowAnyone)){
if ((!in_array($PageSecurity, $_SESSION['AllowedPageSecurityTokens']) OR !isset($PageSecurity))) {
$title = _('Security Permissions Problem');
@@ -276,24 +283,20 @@
echo '<b><font style="size:+1; text-align:center;">' . _('The security settings on your account do not permit you to access this function') . '</font></b>';
echo '</td>
- </tr>
- </table>
- </td>';
-
+ </tr>
+ </table>
+ </td>';
+
include($PathPrefix . 'includes/footer.inc');
exit;
}
}
-/* Nasty kludge to allow Supplier only logins as well as Customer logins */
-if ($SupplierLogin==1) {
- $_SESSION['AllowedPageSecurityTokens'][0]=9;
-}
-if (in_array(15, $_SESSION['AllowedPageSecurityTokens'])) {
- $debug = 1;
+if (in_array(15, $_SESSION['AllowedPageSecurityTokens'])) { /*System administrator login */
+ $debug = 1; //allow debug messages
} else {
- $debug = 0;
+ $debug = 0; //don't allow debug messages
}
function CryptPass( $Password ) {
global $CryptFunction;
Modified: trunk/sql/mysql/upgrade3.11.1-4.00.sql
===================================================================
--- trunk/sql/mysql/upgrade3.11.1-4.00.sql 2010-12-24 09:53:30 UTC (rev 4446)
+++ trunk/sql/mysql/upgrade3.11.1-4.00.sql 2010-12-26 08:33:29 UTC (rev 4447)
@@ -474,5 +474,6 @@
ALTER TABLE purchorderdetails ADD COLUMN assetid int NOT NULL DEFAULT 0;
INSERT INTO `systypes` (`typeid` ,`typename` ,`typeno`) VALUES ('49', 'Import Fixed Assets', '1');
+ALTER TABLE `debtortrans` DROP FOREIGN KEY `debtortrans_ibfk_1`
UPDATE config SET confvalue='4.0-RC2' WHERE confname='VersionName';
\ No newline at end of file
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
