diff --git a/htdocs/user/card.php b/htdocs/user/card.php index 7c923b6f9efdcfdac90a10b8252d6e150acb147d..10c3d433c2c6607bb46d0c93abf00666b35095f6 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -318,178 +318,175 @@ if (empty($reshook)) { $error ++; } - if (!$error) { + if (!$error) + { $object->fetch($id); $object->oldcopy = clone $object; - if (!$error) { - $db->begin(); - - $object->oldcopy = clone $object; - - $object->lastname = GETPOST("lastname", 'alpha'); - $object->firstname = GETPOST("firstname", 'alpha'); - $object->login = GETPOST("login", 'alpha'); - $object->gender = GETPOST("gender", 'alpha'); - $object->pass = GETPOST("password"); - $object->api_key = (GETPOST("api_key", 'alpha')) ? GETPOST("api_key", 'alpha') : $object->api_key; - if (! empty($user->admin)) $object->admin = GETPOST("admin"); // admin flag can only be set/unset by an admin user. A test is also done later when forging sql request - $object->address = GETPOST('address', 'alpha'); - $object->zip = GETPOST('zipcode', 'alpha'); - $object->town = GETPOST('town', 'alpha'); - $object->country_id = GETPOST('country_id', 'int'); - $object->state_id = GETPOST('state_id', 'int'); - $object->office_phone = GETPOST("office_phone", 'alpha'); - $object->office_fax = GETPOST("office_fax", 'alpha'); - $object->user_mobile = GETPOST("user_mobile"); - $object->skype = GETPOST("skype", 'alpha'); - $object->email = GETPOST("email", 'alpha'); - $object->job = GETPOST("job", 'alpha'); - $object->signature = GETPOST("signature"); - $object->accountancy_code = GETPOST("accountancy_code"); - $object->openid = GETPOST("openid"); - $object->fk_user = GETPOST("fk_user") > 0 ? GETPOST("fk_user") : 0; - $object->employee = GETPOST('employee'); - - $object->thm = GETPOST("thm") != '' ? GETPOST("thm") : ''; - $object->tjm = GETPOST("tjm") != '' ? GETPOST("tjm") : ''; - $object->salary = GETPOST("salary") != '' ? GETPOST("salary") : ''; - $object->salaryextra = GETPOST("salaryextra") != '' ? GETPOST("salaryextra") : ''; - $object->weeklyhours = GETPOST("weeklyhours") != '' ? GETPOST("weeklyhours") : ''; - - $object->color = GETPOST("color") != '' ? GETPOST("color") : ''; - $dateemployment = dol_mktime(0, 0, 0, GETPOST('dateemploymentmonth'), GETPOST('dateemploymentday'), GETPOST('dateemploymentyear')); - $object->dateemployment = $dateemployment; - - if (! empty($conf->multicompany->enabled)) + $db->begin(); + + $object->lastname = GETPOST("lastname", 'alpha'); + $object->firstname = GETPOST("firstname", 'alpha'); + $object->login = GETPOST("login", 'alpha'); + $object->gender = GETPOST("gender", 'alpha'); + $object->pass = GETPOST("password"); + $object->api_key = (GETPOST("api_key", 'alpha')) ? GETPOST("api_key", 'alpha') : $object->api_key; + if (! empty($user->admin)) $object->admin = GETPOST("admin"); // admin flag can only be set/unset by an admin user. A test is also done later when forging sql request + $object->address = GETPOST('address', 'alpha'); + $object->zip = GETPOST('zipcode', 'alpha'); + $object->town = GETPOST('town', 'alpha'); + $object->country_id = GETPOST('country_id', 'int'); + $object->state_id = GETPOST('state_id', 'int'); + $object->office_phone = GETPOST("office_phone", 'alpha'); + $object->office_fax = GETPOST("office_fax", 'alpha'); + $object->user_mobile = GETPOST("user_mobile"); + $object->skype = GETPOST("skype", 'alpha'); + $object->email = GETPOST("email", 'alpha'); + $object->job = GETPOST("job", 'alpha'); + $object->signature = GETPOST("signature"); + $object->accountancy_code = GETPOST("accountancy_code"); + $object->openid = GETPOST("openid"); + $object->fk_user = GETPOST("fk_user") > 0 ? GETPOST("fk_user") : 0; + $object->employee = GETPOST('employee'); + + $object->thm = GETPOST("thm") != '' ? GETPOST("thm") : ''; + $object->tjm = GETPOST("tjm") != '' ? GETPOST("tjm") : ''; + $object->salary = GETPOST("salary") != '' ? GETPOST("salary") : ''; + $object->salaryextra = GETPOST("salaryextra") != '' ? GETPOST("salaryextra") : ''; + $object->weeklyhours = GETPOST("weeklyhours") != '' ? GETPOST("weeklyhours") : ''; + + $object->color = GETPOST("color") != '' ? GETPOST("color") : ''; + $dateemployment = dol_mktime(0, 0, 0, GETPOST('dateemploymentmonth'), GETPOST('dateemploymentday'), GETPOST('dateemploymentyear')); + $object->dateemployment = $dateemployment; + + if (! empty($conf->multicompany->enabled)) + { + if (! empty($_POST["superadmin"])) { - if (! empty($_POST["superadmin"])) - { - $object->entity = 0; - } - else if ($conf->multicompany->transverse_mode) - { - $object->entity = 1; // all users in master entity - } - else - { - $object->entity = (! GETPOST('entity', 'int') ? 0 : GETPOST('entity', 'int')); - } + $object->entity = 0; + } + else if ($conf->multicompany->transverse_mode) + { + $object->entity = 1; // all users in master entity } else { $object->entity = (! GETPOST('entity', 'int') ? 0 : GETPOST('entity', 'int')); } + } + else + { + $object->entity = (! GETPOST('entity', 'int') ? 0 : GETPOST('entity', 'int')); + } - // Fill array 'array_options' with data from add form - $ret = $extrafields->setOptionalsFromPost($extralabels, $object); - if ($ret < 0) { - $error ++; - } + // Fill array 'array_options' with data from add form + $ret = $extrafields->setOptionalsFromPost($extralabels, $object); + if ($ret < 0) { + $error ++; + } - if (GETPOST('deletephoto')) { - $object->photo = ''; - } - if (!empty($_FILES['photo']['name'])) { - $object->photo = dol_sanitizeFileName($_FILES['photo']['name']); - } + if (GETPOST('deletephoto')) { + $object->photo = ''; + } + if (!empty($_FILES['photo']['name'])) { + $object->photo = dol_sanitizeFileName($_FILES['photo']['name']); + } - if (!$error) { - $ret = $object->update($user); - if ($ret < 0) { - $error++; - if ($db->errno() == 'DB_ERROR_RECORD_ALREADY_EXISTS') { - $langs->load("errors"); - setEventMessages($langs->trans("ErrorLoginAlreadyExists", $object->login), null, 'errors'); - } - else - { - setEventMessages($object->error, $object->errors, 'errors'); - } + if (!$error) { + $ret = $object->update($user); + if ($ret < 0) { + $error++; + if ($db->errno() == 'DB_ERROR_RECORD_ALREADY_EXISTS') { + $langs->load("errors"); + setEventMessages($langs->trans("ErrorLoginAlreadyExists", $object->login), null, 'errors'); + } + else + { + setEventMessages($object->error, $object->errors, 'errors'); } } + } - if (!$error && isset($_POST['contactid'])) { - $contactid = GETPOST('contactid', 'int'); + if (!$error && isset($_POST['contactid'])) { + $contactid = GETPOST('contactid', 'int'); - if ($contactid > 0) { - $contact = new Contact($db); - $contact->fetch($contactid); + if ($contactid > 0) { + $contact = new Contact($db); + $contact->fetch($contactid); - $sql = "UPDATE ".MAIN_DB_PREFIX."user"; - $sql .= " SET fk_socpeople=".$db->escape($contactid); - if (!empty($contact->socid)) { - $sql .= ", fk_soc=".$db->escape($contact->socid); - } - $sql .= " WHERE rowid=".$object->id; - } else { - $sql = "UPDATE ".MAIN_DB_PREFIX."user"; - $sql .= " SET fk_socpeople=NULL, fk_soc=NULL"; - $sql .= " WHERE rowid=".$object->id; - } - dol_syslog("usercard::update", LOG_DEBUG); - $resql = $db->query($sql); - if (!$resql) { - $error ++; - setEventMessages($db->lasterror(), null, 'errors'); + $sql = "UPDATE ".MAIN_DB_PREFIX."user"; + $sql .= " SET fk_socpeople=".$db->escape($contactid); + if (!empty($contact->socid)) { + $sql .= ", fk_soc=".$db->escape($contact->socid); } + $sql .= " WHERE rowid=".$object->id; + } else { + $sql = "UPDATE ".MAIN_DB_PREFIX."user"; + $sql .= " SET fk_socpeople=NULL, fk_soc=NULL"; + $sql .= " WHERE rowid=".$object->id; + } + dol_syslog("usercard::update", LOG_DEBUG); + $resql = $db->query($sql); + if (!$resql) { + $error ++; + setEventMessages($db->lasterror(), null, 'errors'); } + } - if (!$error && !count($object->errors)) { - if (GETPOST('deletephoto') && $object->photo) { - $fileimg = $conf->user->dir_output.'/'.get_exdir($object->id, 2, 0, 1, $object, 'user').'/logos/'.$object->photo; - $dirthumbs = $conf->user->dir_output.'/'.get_exdir($object->id, 2, 0, 1, $object, 'user').'/logos/thumbs'; - dol_delete_file($fileimg); - dol_delete_dir_recursive($dirthumbs); - } + if (!$error && !count($object->errors)) { + if (GETPOST('deletephoto') && $object->photo) { + $fileimg = $conf->user->dir_output.'/'.get_exdir($object->id, 2, 0, 1, $object, 'user').'/logos/'.$object->photo; + $dirthumbs = $conf->user->dir_output.'/'.get_exdir($object->id, 2, 0, 1, $object, 'user').'/logos/thumbs'; + dol_delete_file($fileimg); + dol_delete_dir_recursive($dirthumbs); + } - if (isset($_FILES['photo']['tmp_name']) && trim($_FILES['photo']['tmp_name'])) { - $dir = $conf->user->dir_output.'/'.get_exdir($object->id, 2, 0, 1, $object, 'user'); + if (isset($_FILES['photo']['tmp_name']) && trim($_FILES['photo']['tmp_name'])) { + $dir = $conf->user->dir_output.'/'.get_exdir($object->id, 2, 0, 1, $object, 'user'); - dol_mkdir($dir); + dol_mkdir($dir); - if (@is_dir($dir)) { - $newfile = $dir.'/'.dol_sanitizeFileName($_FILES['photo']['name']); - $result = dol_move_uploaded_file($_FILES['photo']['tmp_name'], $newfile, 1, 0, $_FILES['photo']['error']); + if (@is_dir($dir)) { + $newfile = $dir.'/'.dol_sanitizeFileName($_FILES['photo']['name']); + $result = dol_move_uploaded_file($_FILES['photo']['tmp_name'], $newfile, 1, 0, $_FILES['photo']['error']); - if (!$result > 0) { - setEventMessages($langs->trans("ErrorFailedToSaveFile"), null, 'errors'); - } else { - // Create thumbs - $object->addThumbs($newfile); - } + if (!$result > 0) { + setEventMessages($langs->trans("ErrorFailedToSaveFile"), null, 'errors'); } else { - $error ++; - $langs->load("errors"); - setEventMessages($langs->trans("ErrorFailedToCreateDir", $dir), $mesgs, 'errors'); + // Create thumbs + $object->addThumbs($newfile); } - } - } - - if (! $error && ! count($object->errors)) - { - // Then we add the associated categories - $categories = GETPOST( 'usercats', 'array' ); - $object->setCategories($categories); - } - - if (!$error && !count($object->errors)) { - setEventMessages($langs->trans("UserModified"), null, 'mesgs'); - $db->commit(); - - $login = $_SESSION["dol_login"]; - if ($login && $login == $object->oldcopy->login && $object->oldcopy->login != $object->login) // Current user has changed its login - { - $error++; + } else { + $error ++; $langs->load("errors"); - setEventMessages($langs->transnoentitiesnoconv("WarningYourLoginWasModifiedPleaseLogin"), null, 'warnings'); + setEventMessages($langs->trans("ErrorFailedToCreateDir", $dir), $mesgs, 'errors'); } } - else { - $db->rollback(); + } + + if (! $error && ! count($object->errors)) + { + // Then we add the associated categories + $categories = GETPOST( 'usercats', 'array' ); + $object->setCategories($categories); + } + + if (!$error && !count($object->errors)) { + setEventMessages($langs->trans("UserModified"), null, 'mesgs'); + $db->commit(); + + $login = $_SESSION["dol_login"]; + if ($login && $login == $object->oldcopy->login && $object->oldcopy->login != $object->login) // Current user has changed its login + { + $error++; + $langs->load("errors"); + setEventMessages($langs->transnoentitiesnoconv("WarningYourLoginWasModifiedPleaseLogin"), null, 'warnings'); } - } + } + else { + $db->rollback(); + } } } else