Fix: forged select for stats where wrong when filtering on a thirdparty

htdocs/comm/propal/class/propalestats.class.php

 <?php
 /* Copyright (C) 2003      Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (c) 2005      Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (c) 2005-2013 Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2005-2009 Regis Houssin        <regis.houssin@capnetworks.com>
  * Copyright (c) 2011      Juanjo Menent		<jmenent@2byte.es>
  *
@@ -30,8 +30,7 @@ include_once DOL_DOCUMENT_ROOT . '/core/lib/date.lib.php';
 
 
 /**
- *	\class      PropaleStats
- *	\brief      Classe permettant la gestion des stats des propales
+ *	Class to manage proposal statistics
  */
 class PropaleStats extends Stats
 {
@@ -49,7 +48,7 @@ class PropaleStats extends Stats
 	 * Constructor
 	 *
 	 * @param 	DoliDB	$db		   Database handler
-	 * @param 	int		$socid	   Id third party
+	 * @param 	int		$socid	   Id third party for filter
      * @param   int		$userid    Id user for filter (creation user)
 	 */
 	function __construct($db, $socid=0, $userid=0)
@@ -63,13 +62,14 @@ class PropaleStats extends Stats
 		$object=new Propal($this->db);
 
 		$this->from = MAIN_DB_PREFIX.$object->table_element." as p";
-		$this->from.= ", ".MAIN_DB_PREFIX."societe as s";
+		//$this->from.= ", ".MAIN_DB_PREFIX."societe as s";
 
 		$this->field='total_ht';
 
 		$this->where.= " p.fk_statut > 0";
-		$this->where.= " AND p.fk_soc = s.rowid AND p.entity = ".$conf->entity;
-		if (!$user->rights->societe->client->voir && !$user->societe_id) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
+		//$this->where.= " AND p.fk_soc = s.rowid AND p.entity = ".$conf->entity;
+		$this->where.= " AND p.entity = ".$conf->entity;
+		if (!$user->rights->societe->client->voir && !$this->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
 		if($this->socid)
 		{
 			$this->where.=" AND p.fk_soc = ".$this->socid;
@@ -81,14 +81,14 @@ class PropaleStats extends Stats
 	/**
 	 * Return propals number by month for a year
 	 *
-	 * @param	int		$year	year for stats
-	 * @return	array			array with number by month
+	 * @param	int		$year		Year to scan
+	 * @return	array				Array with number by month
 	 */
 	function getNbByMonth($year)
 	{
 		global $user;
 
-		$sql = "SELECT date_format(p.datep,'%m') as dm, count(*)";
+		$sql = "SELECT date_format(p.datep,'%m') as dm, COUNT(*) as nb";
 		$sql.= " FROM ".$this->from;
 		if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 		$sql.= " WHERE p.datep BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
@@ -96,22 +96,23 @@ class PropaleStats extends Stats
 		$sql.= " GROUP BY dm";
         $sql.= $this->db->order('dm','DESC');
 
-		return $this->_getNbByMonth($year, $sql);
+		$res=$this->_getNbByMonth($year, $sql);
+		return $res;
 	}
 
 	/**
-	 * Return propals number by year
+	 * Return propals number per year
 	 *
-	 * @return	array	array with number by year
+	 * @return	array	Array with number by year
 	 *
 	 */
 	function getNbByYear()
 	{
 		global $user;
 
-		$sql = "SELECT date_format(p.datep,'%Y') as dm, count(*)";
+		$sql = "SELECT date_format(p.datep,'%Y') as dm, COUNT(*) as nb, SUM(c.".$this->field.")";
 		$sql.= " FROM ".$this->from;
-		if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
+		if (!$user->rights->societe->client->voir && !$this->socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 		$sql.= " WHERE ".$this->where;
 		$sql.= " GROUP BY dm";
         $sql.= $this->db->order('dm','DESC');
@@ -122,22 +123,23 @@ class PropaleStats extends Stats
 	/**
 	 * Return the propals amount by month for a year
 	 *
-	 * @param	int		$year	year for stats
-	 * @return	array			array with number by month
+	 * @param	int		$year	Year to scan
+	 * @return	array			Array with amount by month
 	 */
 	function getAmountByMonth($year)
 	{
 		global $user;
 
-		$sql = "SELECT date_format(p.datep,'%m') as dm, sum(p.".$this->field.")";
+		$sql = "SELECT date_format(p.datep,'%m') as dm, SUM(p.".$this->field.")";
 		$sql.= " FROM ".$this->from;
-		if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
+		if (!$user->rights->societe->client->voir && !$this->socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 		$sql.= " WHERE p.datep BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
 		$sql.= " AND ".$this->where;
 		$sql.= " GROUP BY dm";
         $sql.= $this->db->order('dm','DESC');
 
-		return $this->_getAmountByMonth($year, $sql);
+		$res=$this->_getAmountByMonth($year, $sql);
+		return $res;
 	}
 
 	/**
@@ -150,7 +152,7 @@ class PropaleStats extends Stats
 	{
 		global $user;
 
-		$sql = "SELECT date_format(p.datep,'%m') as dm, avg(p.".$this->field.")";
+		$sql = "SELECT date_format(p.datep,'%m') as dm, AVG(p.".$this->field.")";
 		$sql.= " FROM ".$this->from;
 		if (!$user->rights->societe->client->voir && !$this->socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 		$sql.= " WHERE p.datep BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
@@ -170,7 +172,7 @@ class PropaleStats extends Stats
 	{
 		global $user;
 
-		$sql = "SELECT date_format(p.datep,'%Y') as year, count(*) as nb, sum(".$this->field.") as total, avg(".$this->field.") as avg";
+		$sql = "SELECT date_format(p.datep,'%Y') as year, COUNT(*) as nb, SUM(".$this->field.") as total, AVG(".$this->field.") as avg";
 		$sql.= " FROM ".$this->from;
 		if (!$user->rights->societe->client->voir && !$this->socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 		$sql.= " WHERE ".$this->where;

htdocs/commande/class/commandestats.class.php

 <?php
 /* Copyright (C) 2003      Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (c) 2005      Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (c) 2005-2013 Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2005-2012 Regis Houssin        <regis.houssin@capnetworks.com>
  * Copyright (C) 2012      Marcos García        <marcosgdf@gmail.com>
  *
@@ -30,7 +30,7 @@ include_once DOL_DOCUMENT_ROOT . '/core/lib/date.lib.php';
 
 
 /**
- *    Class to manage order statistics
+ *    Class to manage order statistics (customer and supplier)
  */
 class CommandeStats extends Stats
 {
@@ -49,7 +49,7 @@ class CommandeStats extends Stats
 	 *
 	 * @param 	DoliDB	$db		   Database handler
 	 * @param 	int		$socid	   Id third party for filter
-	 * @param 	string	$mode	   Option
+	 * @param 	string	$mode	   Option ('customer', 'supplier')
 	 * @param   int		$userid    Id user for filter (creation user)
 	 */
 	function __construct($db, $socid, $mode, $userid=0)
@@ -60,12 +60,13 @@ class CommandeStats extends Stats
 
 		$this->socid = ($socid > 0 ? $socid : 0);
         $this->userid = $userid;
+		$this->cachefilesuffix = $mode; 
         
 		if ($mode == 'customer')
 		{
 			$object=new Commande($this->db);
 			$this->from = MAIN_DB_PREFIX.$object->table_element." as c";
-			$this->from.= ", ".MAIN_DB_PREFIX."societe as s";
+			//$this->from.= ", ".MAIN_DB_PREFIX."societe as s";
 			$this->field='total_ht';
 			$this->where.= " c.fk_statut > 0";    // Not draft and not cancelled
 		}
@@ -73,12 +74,12 @@ class CommandeStats extends Stats
 		{
 			$object=new CommandeFournisseur($this->db);
 			$this->from = MAIN_DB_PREFIX.$object->table_element." as c";
-			$this->from.= ", ".MAIN_DB_PREFIX."societe as s";
+			//$this->from.= ", ".MAIN_DB_PREFIX."societe as s";
 			$this->field='total_ht';
 			$this->where.= " c.fk_statut > 2";    // Only approved & ordered
 		}
-		$this->where.= " AND c.fk_soc = s.rowid AND c.entity = ".$conf->entity;
-
+		//$this->where.= " AND c.fk_soc = s.rowid AND c.entity = ".$conf->entity;
+		$this->where.= " AND c.entity = ".$conf->entity;
 		if (!$user->rights->societe->client->voir && !$this->socid) $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
 		if ($this->socid)
 		{
@@ -90,14 +91,14 @@ class CommandeStats extends Stats
 	/**
 	 * Return orders number by month for a year
 	 *
-	 * @param	int		$year	year for stats
-	 * @return	array			array with number by month
+	 * @param	int		$year		Year to scan
+	 * @return	array				Array with number by month
 	 */
 	function getNbByMonth($year)
 	{
 		global $user;
 
-		$sql = "SELECT date_format(c.date_commande,'%m') as dm, count(*) nb";
+		$sql = "SELECT date_format(c.date_commande,'%m') as dm, COUNT(*) as nb";
 		$sql.= " FROM ".$this->from;
 		if (!$user->rights->societe->client->voir && !$this->socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 		$sql.= " WHERE c.date_commande BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
@@ -105,20 +106,21 @@ class CommandeStats extends Stats
 		$sql.= " GROUP BY dm";
         $sql.= $this->db->order('dm','DESC');
 
-		return $this->_getNbByMonth($year, $sql);
+		$res=$this->_getNbByMonth($year, $sql);
+		return $res;
 	}
 
 	/**
-	 * Return orders number by year
+	 * Return orders number per year
 	 *
-	 * @return	array	array with number by year
+	 * @return	array	Array with number by year
 	 *
 	 */
 	function getNbByYear()
 	{
 		global $user;
 
-		$sql = "SELECT date_format(c.date_commande,'%Y') as dm, count(*), sum(c.".$this->field.")";
+		$sql = "SELECT date_format(c.date_commande,'%Y') as dm, COUNT(*) as nb, SUM(c.".$this->field.")";
 		$sql.= " FROM ".$this->from;
 		if (!$user->rights->societe->client->voir && !$this->socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 		$sql.= " WHERE ".$this->where;
@@ -131,14 +133,14 @@ class CommandeStats extends Stats
 	/**
 	 * Return the orders amount by month for a year
 	 *
-	 * @param	int		$year	year for stats
-	 * @return	array			array with number by month
+	 * @param	int		$year	Year to scan
+	 * @return	array			Array with amount by month
 	 */
 	function getAmountByMonth($year)
 	{
 		global $user;
 
-		$sql = "SELECT date_format(c.date_commande,'%m') as dm, sum(c.".$this->field.")";
+		$sql = "SELECT date_format(c.date_commande,'%m') as dm, SUM(c.".$this->field.")";
 		$sql.= " FROM ".$this->from;
 		if (!$user->rights->societe->client->voir && !$this->socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 		$sql.= " WHERE c.date_commande BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
@@ -146,7 +148,8 @@ class CommandeStats extends Stats
 		$sql.= " GROUP BY dm";
         $sql.= $this->db->order('dm','DESC');
 
-		return $this->_getAmountByMonth($year, $sql);
+		$res=$this->_getAmountByMonth($year, $sql);
+		return $res;
 	}
 
 	/**
@@ -159,7 +162,7 @@ class CommandeStats extends Stats
 	{
 		global $user;
 
-		$sql = "SELECT date_format(c.date_commande,'%m') as dm, avg(c.".$this->field.")";
+		$sql = "SELECT date_format(c.date_commande,'%m') as dm, AVG(c.".$this->field.")";
 		$sql.= " FROM ".$this->from;
 		if (!$user->rights->societe->client->voir && !$this->socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 		$sql.= " WHERE c.date_commande BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
@@ -179,7 +182,7 @@ class CommandeStats extends Stats
 	{
 		global $user;
 
-		$sql = "SELECT date_format(c.date_commande,'%Y') as year, count(*) as nb, sum(c.".$this->field.") as total, avg(".$this->field.") as avg";
+		$sql = "SELECT date_format(c.date_commande,'%Y') as year, COUNT(*) as nb, SUM(c.".$this->field.") as total, AVG(".$this->field.") as avg";
 		$sql.= " FROM ".$this->from;
 		if (!$user->rights->societe->client->voir && !$this->socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 		$sql.= " WHERE ".$this->where;

htdocs/compta/facture/class/facturestats.class.php

 <?php
 /* Copyright (C) 2003      Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (c) 2005-2012 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (c) 2005-2013 Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2005-2009 Regis Houssin        <regis.houssin@capnetworks.com>
  *
  * This program is free software; you can redistribute it and/or modify
@@ -45,10 +45,9 @@ class FactureStats extends Stats
      * 	Constructor
      *
 	 * 	@param	DoliDB		$db			Database handler
-	 * 	@param 	int			$socid		Id third party
+	 * 	@param 	int			$socid		Id third party for filter
 	 * 	@param 	string		$mode	   	Option ('customer', 'supplier')
      * 	@param	int			$userid    	Id user for filter (creation user)
-	 * 	@return FactureStats
 	 */
 	function __construct($db, $socid, $mode, $userid=0)
 	{
@@ -74,7 +73,7 @@ class FactureStats extends Stats
 
 		$this->where = " f.fk_statut > 0";
 		$this->where.= " AND f.entity = ".$conf->entity;
-		if (!$user->rights->societe->client->voir && !$user->societe_id) $this->where .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
+		if (!$user->rights->societe->client->voir && !$this->socid) $this->where .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
 		if ($mode == 'customer') $this->where.=" AND (f.fk_statut <> 3 OR f.close_code <> 'replaced')";	// Exclude replaced invoices as they are duplicated (we count closed invoices for other reasons)
 		if ($this->socid)
 		{
@@ -85,7 +84,7 @@ class FactureStats extends Stats
 
 
 	/**
-	 * 	Renvoie le nombre de facture par mois pour une annee donnee
+	 * 	Return orders number by month for a year
 	 *
 	 *	@param	int		$year		Year to scan
 	 *	@return	array				Array of values
@@ -94,7 +93,7 @@ class FactureStats extends Stats
 	{
 		global $user;
 
-		$sql = "SELECT MONTH(f.datef) as dm, COUNT(*)";
+		$sql = "SELECT date_format(f.datef,'%m') as dm, COUNT(*) as nb";
 		$sql.= " FROM ".$this->from;
 		if (!$user->rights->societe->client->voir && !$this->socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 		$sql.= " WHERE f.datef BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
@@ -109,15 +108,15 @@ class FactureStats extends Stats
 
 
 	/**
-	 * 	Renvoie le nombre de facture par annee
+	 * 	Return invoices number per year
 	 *
-	 *	@return		array	Array of values
+	 *	@return		array	Array with number by year
 	 */
 	function getNbByYear()
 	{
 		global $user;
 
-		$sql = "SELECT YEAR(f.datef) as dm, COUNT(*)";
+		$sql = "SELECT date_format(f.datef,'%Y') as dm, COUNT(*), SUM(c.".$this->field.")";
 		$sql.= " FROM ".$this->from;
 		if (!$user->rights->societe->client->voir && !$this->socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 		$sql.= " WHERE ".$this->where;
@@ -129,10 +128,10 @@ class FactureStats extends Stats
 
 
 	/**
-	 * 	Renvoie le montant de facture par mois pour une annee donnee
+	 * 	Return the invoices amount by month for a year
 	 *
 	 *	@param	int		$year	Year to scan
-	 *	@return	array			Array of values
+	 *	@return	array			Array with amount by month
 	 */
 	function getAmountByMonth($year)
 	{
@@ -140,7 +139,7 @@ class FactureStats extends Stats
 
 		$sql = "SELECT date_format(datef,'%m') as dm, SUM(f.".$this->field.")";
 		$sql.= " FROM ".$this->from;
-		if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
+		if (!$user->rights->societe->client->voir && !$this->socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 		$sql.= " WHERE f.datef BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
 		$sql.= " AND ".$this->where;
         $sql.= " GROUP BY dm";