dolibarr/htdocs/user/group/index.php

<?php
/* Copyright (C) 2002-2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2004-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2005-2012 Regis Houssin        <regis.houssin@capnetworks.com>
 * Copyright (C) 2011      Herve Prot           <herve.prot@symeos.com>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

/**
 *      \file       htdocs/user/group/index.php
 * 		\ingroup	core
 *      \brief      Page of user groups
 */

require '../../main.inc.php';

if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS))
{
	if (! $user->rights->user->group_advance->read && ! $user->admin)
		accessforbidden();
}

$langs->load("users");

$sall=GETPOST('sall');
$search_group=GETPOST('search_group');

$sortfield = GETPOST('sortfield','alpha');
$sortorder = GETPOST('sortorder','alpha');
$page = GETPOST('page','int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;

if (! $sortfield) $sortfield="g.nom";
if (! $sortorder) $sortorder="ASC";


/*
 * View
 */

llxHeader();

print_fiche_titre($langs->trans("ListOfGroups"));

$sql = "SELECT g.rowid, g.nom, g.entity, g.datec, COUNT(DISTINCT ugu.fk_user) as nb";
$sql.= " FROM ".MAIN_DB_PREFIX."usergroup as g";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."usergroup_user as ugu ON ugu.fk_usergroup = g.rowid";
if (! empty($conf->multicompany->enabled) && $conf->entity == 1 && ($conf->multicompany->transverse_mode || ($user->admin && ! $user->entity)))
{
	$sql.= " WHERE g.entity IS NOT NULL";
}
else
{
	$sql.= " WHERE g.entity IN (0,".$conf->entity.")";
}
if (! empty($search_group))
{
    $sql .= " AND (g.nom LIKE '%".$db->escape($search_group)."%' OR g.note LIKE '%".$db->escape($search_group)."%')";
}
if ($sall) $sql.= " AND (g.nom LIKE '%".$db->escape($sall)."%' OR g.note LIKE '%".$db->escape($sall)."%')";
$sql.= " GROUP BY g.rowid, g.nom, g.entity, g.datec";
$sql.= $db->order($sortfield,$sortorder);

$resql = $db->query($sql);
if ($resql)
{
    $num = $db->num_rows($resql);
    $i = 0;

    $param="&search_group=".urlencode($search_group)."&amp;sall=".urlencode($sall);
    print '<table class="noborder" width="100%">';
    print '<tr class="liste_titre">';
    print_liste_field_titre($langs->trans("Group"),$_SERVER["PHP_SELF"],"g.nom",$param,"","",$sortfield,$sortorder);
    //multicompany
    if(! empty($conf->multicompany->enabled) && empty($conf->multicompany->transverse_mode) && $conf->entity == 1)
    {
    	print_liste_field_titre($langs->trans("Entity"),$_SERVER["PHP_SELF"],"g.entity",$param,"",'align="center"',$sortfield,$sortorder);
    }
    print_liste_field_titre($langs->trans("NbOfUsers"),$_SERVER["PHP_SELF"],"g.nb",$param,"",'align="center"',$sortfield,$sortorder);
    print_liste_field_titre($langs->trans("DateCreation"),$_SERVER["PHP_SELF"],"g.datec",$param,"",'align="right"',$sortfield,$sortorder);
    print "</tr>\n";
    $var=True;
    while ($i < $num)
    {
        $obj = $db->fetch_object($resql);
        $var=!$var;

        print "<tr ".$bc[$var].">";
        print '<td><a href="fiche.php?id='.$obj->rowid.'">'.img_object($langs->trans("ShowGroup"),"group").' '.$obj->nom.'</a>';
        if (! $obj->entity)
        {
        	print img_picto($langs->trans("GlobalGroup"),'redstar');
        }
        print "</td>";
        //multicompany
        if (! empty($conf->multicompany->enabled) && empty($conf->multicompany->transverse_mode) && $conf->entity == 1)
        {
            $mc->getInfo($obj->entity);
            print '<td align="center">'.$mc->label.'</td>';
        }
        print '<td align="center">'.$obj->nb.'</td>';
        print '<td align="right" class="nowrap">'.dol_print_date($db->jdate($obj->datec),"dayhour").'</td>';
        print "</tr>\n";
        $i++;
    }
    print "</table>";
    $db->free();
}
else
{
    dol_print_error($db);
}


llxFooter();
$db->close();
?>
Nouveau fichier 2005-01-27 16:55:40 +01:00			`<?php`
			`/* Copyright (C) 2002-2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>`
New: Date of user and group creation contains hour 2011-05-25 11:51:01 +02:00			`* Copyright (C) 2004-2011 Laurent Destailleur <eldy@users.sourceforge.net>`
Fix: change for a neutral email 2012-12-30 15:13:49 +01:00			`* Copyright (C) 2005-2012 Regis Houssin <regis.houssin@capnetworks.com>`
multi-company module enhancement 2011-08-19 09:22:17 +02:00			`* Copyright (C) 2011 Herve Prot <herve.prot@symeos.com>`
Nouveau fichier 2005-01-27 16:55:40 +01:00			`*`
			`* This program is free software; you can redistribute it and/or modify`
			`* it under the terms of the GNU General Public License as published by`
Prepare move to other licence. For the moment all answers for licence upgrade were not yet received. So we prepare for GPL by uniformizing licence text keys to GPL-3+. Will move later to AGPL if all answers are positive. 2013-01-16 15:36:08 +01:00			`* the Free Software Foundation; either version 3 of the License, or`
Nouveau fichier 2005-01-27 16:55:40 +01:00			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
Fix: Avoid errors into rpm packages 2011-08-01 01:19:04 +02:00			`* along with this program. If not, see <http://www.gnu.org/licenses/>.`
Nouveau fichier 2005-01-27 16:55:40 +01:00			`*/`
Look: Uniformize pages look 2009-03-02 20:07:12 +01:00
Fix: Debuggage et corrections diverses sur la gestion des groupes Trad: Traduction de la gestion des groupes 2005-01-28 21:35:01 +01:00			`/**`
Restore changes after 27 may due to from savannah Crash. 2009-06-04 01:05:52 +02:00			`* \file htdocs/user/group/index.php`
			`* \ingroup core`
New: Date of user and group creation contains hour 2011-05-25 11:51:01 +02:00			`* \brief Page of user groups`
Restore changes after 27 may due to from savannah Crash. 2009-06-04 01:05:52 +02:00			`*/`
Nouveau fichier 2005-01-27 16:55:40 +01:00
Removed parenthesis from all require and replaced with single quotes 2012-08-22 23:24:21 +02:00			`require '../../main.inc.php';`
Nouveau fichier 2005-01-27 16:55:40 +01:00
Fix: add advanced perms option 2010-11-08 12:40:52 +01:00			`if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS))`
			`{`
Fix: prevent XSS and SQL injection 2012-10-09 09:34:12 +02:00			`if (! $user->rights->user->group_advance->read && ! $user->admin)`
			`accessforbidden();`
Fix: add advanced perms option 2010-11-08 12:40:52 +01:00			`}`
La recherche sur les utilisateurs et groupe se fait aussi sur les notes, emails, logins 2005-09-06 21:17:12 +02:00
Nouveau fichier 2005-01-27 16:55:40 +01:00			`$langs->load("users");`

Better security fix: Using GETPOST does not fix all cases, also the real bug (missing escaping information when using it) was not fixed. 2012-10-09 11:42:38 +02:00			`$sall=GETPOST('sall');`
			`$search_group=GETPOST('search_group');`
La recherche sur les utilisateurs et groupe se fait aussi sur les notes, emails, logins 2005-09-06 21:17:12 +02:00
Fix: prevent XSS and SQL injection 2012-10-09 09:34:12 +02:00			`$sortfield = GETPOST('sortfield','alpha');`
			`$sortorder = GETPOST('sortorder','alpha');`
			`$page = GETPOST('page','int');`
Sec: Removed security holes 2010-11-20 14:08:44 +01:00			`if ($page == -1) { $page = 0; }`
			`$offset = $conf->liste_limit * $page;`
			`$pageprev = $page - 1;`
			`$pagenext = $page + 1;`
Look: Uniformize pages look 2009-03-02 20:07:12 +01:00
New: Ajout page accueil de l'espace utilisateurs et groupes 2005-01-31 17:21:47 +01:00			`if (! $sortfield) $sortfield="g.nom";`
			`if (! $sortorder) $sortorder="ASC";`
Fix: Debuggage et corrections diverses sur la gestion des groupes Trad: Traduction de la gestion des groupes 2005-01-28 21:35:01 +01:00

Look: Uniformize pages look 2009-03-02 20:07:12 +01:00			`/*`
			`* View`
			`*/`

Nouveau fichier 2005-01-27 16:55:40 +01:00			`llxHeader();`

Look: Uniformize pages look 2009-03-02 20:07:12 +01:00			`print_fiche_titre($langs->trans("ListOfGroups"));`
Nouveau fichier 2005-01-27 16:55:40 +01:00
Fix: compatibility with multicompany and transverse mode 2012-07-07 15:11:58 +02:00			`$sql = "SELECT g.rowid, g.nom, g.entity, g.datec, COUNT(DISTINCT ugu.fk_user) as nb";`
New: Show number of users in groups 2011-02-12 00:39:21 +01:00			`$sql.= " FROM ".MAIN_DB_PREFIX."usergroup as g";`
			`$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."usergroup_user as ugu ON ugu.fk_usergroup = g.rowid";`
Fix: compatibility with multicompany and transverse mode 2012-07-07 15:11:58 +02:00			`if (! empty($conf->multicompany->enabled) && $conf->entity == 1 && ($conf->multicompany->transverse_mode \|\| ($user->admin && ! $user->entity)))`
multicompany enhancement (in progress) 2011-08-20 00:15:22 +02:00			`{`
			`$sql.= " WHERE g.entity IS NOT NULL";`
			`}`
			`else`
			`{`
			`$sql.= " WHERE g.entity IN (0,".$conf->entity.")";`
			`}`
Fix: prevent XSS and SQL injection 2012-10-09 09:34:12 +02:00			`if (! empty($search_group))`
La recherche sur les utilisateurs et groupe se fait aussi sur les notes, emails, logins 2005-09-06 21:17:12 +02:00			`{`
Fix: prevent XSS and SQL injection 2012-10-09 09:34:12 +02:00			`$sql .= " AND (g.nom LIKE '%".$db->escape($search_group)."%' OR g.note LIKE '%".$db->escape($search_group)."%')";`
New: Ajout page accueil de l'espace utilisateurs et groupes 2005-01-31 17:21:47 +01:00			`}`
Security: Fix more security holes 2011-11-02 22:15:59 +01:00			`if ($sall) $sql.= " AND (g.nom LIKE '%".$db->escape($sall)."%' OR g.note LIKE '%".$db->escape($sall)."%')";`
New: Show number of users in groups 2011-02-12 00:39:21 +01:00			`$sql.= " GROUP BY g.rowid, g.nom, g.entity, g.datec";`
			`$sql.= $db->order($sortfield,$sortorder);`

La recherche sur les utilisateurs et groupe se fait aussi sur les notes, emails, logins 2005-09-06 21:17:12 +02:00			`$resql = $db->query($sql);`
			`if ($resql)`
Nouveau fichier 2005-01-27 16:55:40 +01:00			`{`
La recherche sur les utilisateurs et groupe se fait aussi sur les notes, emails, logins 2005-09-06 21:17:12 +02:00			`$num = $db->num_rows($resql);`
			`$i = 0;`

Another better fix. 2012-10-09 11:56:39 +02:00			`$param="&search_group=".urlencode($search_group)."&sall=".urlencode($sall);`
multicompany enhancement (in progress) 2011-08-20 11:03:38 +02:00			`print '<table class="noborder" width="100%">';`
La recherche sur les utilisateurs et groupe se fait aussi sur les notes, emails, logins 2005-09-06 21:17:12 +02:00			`print '<tr class="liste_titre">';`
New: Show number of users in groups 2011-02-12 00:39:21 +01:00			`print_liste_field_titre($langs->trans("Group"),$_SERVER["PHP_SELF"],"g.nom",$param,"","",$sortfield,$sortorder);`
multi-company module enhancement 2011-08-19 09:22:17 +02:00			`//multicompany`
Fix: move transverse mode parameters in conf.php 2011-11-04 09:09:53 +01:00			`if(! empty($conf->multicompany->enabled) && empty($conf->multicompany->transverse_mode) && $conf->entity == 1)`
multicompany enhancement (in progress) 2011-08-20 00:15:22 +02:00			`{`
			`print_liste_field_titre($langs->trans("Entity"),$_SERVER["PHP_SELF"],"g.entity",$param,"",'align="center"',$sortfield,$sortorder);`
			`}`
New: Show number of users in groups 2011-02-12 00:39:21 +01:00			`print_liste_field_titre($langs->trans("NbOfUsers"),$_SERVER["PHP_SELF"],"g.nb",$param,"",'align="center"',$sortfield,$sortorder);`
New: Date of user and group creation contains hour 2011-05-25 11:51:01 +02:00			`print_liste_field_titre($langs->trans("DateCreation"),$_SERVER["PHP_SELF"],"g.datec",$param,"",'align="right"',$sortfield,$sortorder);`
La recherche sur les utilisateurs et groupe se fait aussi sur les notes, emails, logins 2005-09-06 21:17:12 +02:00			`print "</tr>\n";`
			`$var=True;`
			`while ($i < $num)`
Nouveau fichier 2005-01-27 16:55:40 +01:00			`{`
La recherche sur les utilisateurs et groupe se fait aussi sur les notes, emails, logins 2005-09-06 21:17:12 +02:00			`$obj = $db->fetch_object($resql);`
			`$var=!$var;`

standardize code 2013-06-20 09:18:12 +02:00			`print "<tr ".$bc[$var].">";`
New: early development of multi-company module 2009-04-27 22:37:50 +02:00			`print '<td><a href="fiche.php?id='.$obj->rowid.'">'.img_object($langs->trans("ShowGroup"),"group").' '.$obj->nom.'</a>';`
Fix: compatibility with multicompany and transverse mode 2012-07-07 15:11:58 +02:00			`if (! $obj->entity)`
New: early development of multi-company module 2009-04-27 22:37:50 +02:00			`{`
Qual: Mutualize a lot of duplicate functions into functions.lib.php 2011-08-17 17:56:22 +02:00			`print img_picto($langs->trans("GlobalGroup"),'redstar');`
New: early development of multi-company module 2009-04-27 22:37:50 +02:00			`}`
			`print "</td>";`
multi-company module enhancement 2011-08-19 09:22:17 +02:00			`//multicompany`
Fix: compatibility with multicompany and transverse mode 2012-07-07 15:11:58 +02:00			`if (! empty($conf->multicompany->enabled) && empty($conf->multicompany->transverse_mode) && $conf->entity == 1)`
multi-company module enhancement 2011-08-19 09:22:17 +02:00			`{`
			`$mc->getInfo($obj->entity);`
			`print '<td align="center">'.$mc->label.'</td>';`
			`}`
New: Show number of users in groups 2011-02-12 00:39:21 +01:00			`print '<td align="center">'.$obj->nb.'</td>';`
Qual: nowrap="nowrap" is replaced with a CSS class style .nowrap 2013-04-25 01:13:13 +02:00			`print '<td align="right" class="nowrap">'.dol_print_date($db->jdate($obj->datec),"dayhour").'</td>';`
La recherche sur les utilisateurs et groupe se fait aussi sur les notes, emails, logins 2005-09-06 21:17:12 +02:00			`print "</tr>\n";`
			`$i++;`
Nouveau fichier 2005-01-27 16:55:40 +01:00			`}`
			`print "</table>";`
			`$db->free();`
			`}`
			`else`
			`{`
Qual: All call to dolibarr_ functions are made on dol_ functions. 2009-02-20 23:53:15 +01:00			`dol_print_error($db);`
Nouveau fichier 2005-01-27 16:55:40 +01:00			`}`


Fix: remove obsolete tags (in progress) 2011-08-27 16:24:16 +02:00			`llxFooter();`
Fix: and again, and again, and again... (strict mode) 2012-07-10 13:20:53 +02:00			`$db->close();`
Nouveau fichier 2005-01-27 16:55:40 +01:00			`?>`