Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #22950 from fboitel/FIX-SECURITY-Fail2ban-public-pages

Browse Source 
SECURITY FIX limit requests public pages
This commit is contained in:
Laurent Destailleur 2022-11-24 21:22:57 +01:00 committed by GitHub
commit 2e57cb1acb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 334 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
htdocs/adherents/class/adherent.class.php
View File

@ -605,7 +605,7 @@ class Adherent extends CommonObject
// Insert member
$sql = "INSERT INTO ".MAIN_DB_PREFIX."adherent";
$sql .= " (ref, datec,login,fk_user_author,fk_user_mod,fk_user_valid,morphy,fk_adherent_type,entity,import_key)";
$sql .= " (ref, datec,login,fk_user_author,fk_user_mod,fk_user_valid,morphy,fk_adherent_type,entity,import_key, ip)";
$sql .= " VALUES (";
$sql .= " '(PROV)'";
$sql .= ", '".$this->db->idate($this->datec)."'";
@ -615,6 +615,7 @@ class Adherent extends CommonObject
$sql .= ", ".((int) $this->typeid);
$sql .= ", ".$conf->entity;
$sql .= ", ".(!empty($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : "null");
$sql .= ", ".(!empty($this->ip) ? "'".$this->db->escape($this->ip)."'" : "null");
$sql .= ")";
dol_syslog(get_class($this)."::create", LOG_DEBUG);

6
htdocs/comm/action/class/actioncomm.class.php
View File

@ -555,7 +555,8 @@ class ActionComm extends CommonObject
$sql .= "recurdateend,";
$sql .= "num_vote,";
$sql .= "event_paid,";
$sql .= "status";
$sql .= "status,";
$sql .= "ip";
$sql .= ") VALUES (";
$sql .= "'(PROV)', ";
$sql .= "'".$this->db->idate($now)."', ";
@ -596,7 +597,8 @@ class ActionComm extends CommonObject
$sql .= (!empty($this->recurdateend) ? "'".$this->db->idate($this->recurdateend)."'" : "null").", ";
$sql .= (!empty($this->num_vote) ? (int) $this->num_vote : "null").", ";
$sql .= (!empty($this->event_paid) ? (int) $this->event_paid : 0).", ";
$sql .= (!empty($this->status) ? (int) $this->status : "0");
$sql .= (!empty($this->status) ? (int) $this->status : "0").", ";
$sql .= (!empty($this->ip) ? "'".$this->db->escape($this->ip)."'" : "null");
$sql .= ")";
dol_syslog(get_class($this)."::add", LOG_DEBUG);

1
htdocs/eventorganization/class/conferenceorboothattendee.class.php
View File

@ -123,6 +123,7 @@ class ConferenceOrBoothAttendee extends CommonObject
'import_key' => array('type'=>'varchar(14)', 'label'=>'ImportId', 'enabled'=>'1', 'position'=>1000, 'notnull'=>-1, 'visible'=>-2,),
'model_pdf' => array('type'=>'varchar(255)', 'label'=>'Model pdf', 'enabled'=>'1', 'position'=>1010, 'notnull'=>-1, 'visible'=>0,),
'status' => array('type'=>'smallint', 'label'=>'Status', 'enabled'=>'1', 'position'=>1000, 'default'=>0, 'notnull'=>1, 'visible'=>1, 'index'=>1, 'arrayofkeyval'=>array('0'=>'Draft', '1'=>'Validated', '9'=>'Canceled'),),
'ip' => array('type'=>'varchar(250)', 'label'=>'Ip', 'enabled'=>'1', 'position'=>1000, 'notnull'=>-1, 'visible'=>-2,),
);
public $rowid;
public $ref;

5
htdocs/install/mysql/migration/16.0.0-17.0.0.sql
View File

@ -66,6 +66,11 @@ UPDATE llx_c_paiement SET code = 'BANCON' WHERE code = 'BAN' AND libelle = 'Banc
ALTER TABLE llx_partnership ADD COLUMN ip varchar(250);
ALTER TABLE llx_adherent ADD COLUMN ip varchar(250);
ALTER TABLE llx_projet ADD COLUMN ip varchar(250);
ALTER TABLE llx_actioncomm ADD COLUMN ip varchar(250);
ALTER TABLE llx_eventorganization_conferenceorboothattendee ADD COLUMN ip varchar(250);
ALTER TABLE llx_opensurvey_user_studs ADD COLUMN ip varchar(250);
ALTER TABLE llx_opensurvey_comments ADD COLUMN ip varchar(250);
ALTER TABLE llx_fichinterdet_rec DROP COLUMN remise;
ALTER TABLE llx_fichinterdet_rec DROP COLUMN fk_export_commpta;

13
htdocs/langs/en_US/errors.lang
View File

@ -97,7 +97,7 @@ ErrorWrongValueForField=Field <b>%s</b>: '<b>%s</b>' does not match regex rule <
ErrorHtmlInjectionForField=Field <b>%s</b>: The value '<b>%s</b>' contains a malicious data not allowed
ErrorFieldValueNotIn=Field <b>%s</b>: '<b>%s</b>' is not a value found in field <b>%s</b> of <b>%s</b>
ErrorFieldRefNotIn=Field <b>%s</b>: '<b>%s</b>' is not a <b>%s</b> existing ref
ErrorMultipleRecordFoundFromRef=Several record found when searching from ref <b>%s</b>. No way to know which ID to use.
ErrorMultipleRecordFoundFromRef=Several record found when searching from ref <b>%s</b>. No way to know which ID to use.
ErrorsOnXLines=%s errors found
ErrorFileIsInfectedWithAVirus=The antivirus program was not able to validate the file (file might be infected by a virus)
ErrorNumRefModel=A reference exists into database (%s) and is not compatible with this numbering rule. Remove record or renamed reference to activate this module.
@ -244,11 +244,12 @@ ErrorObjectMustHaveStatusActiveToBeDisabled=Objects must have status 'Active' to
ErrorObjectMustHaveStatusDraftOrDisabledToBeActivated=Objects must have status 'Draft' or 'Disabled' to be enabled
ErrorNoFieldWithAttributeShowoncombobox=No fields has property 'showoncombobox' into definition of object '%s'. No way to show the combolist.
ErrorFieldRequiredForProduct=Field '%s' is required for product %s
AlreadyTooMuchPostOnThisIPAdress=You have already posted too much on this IP address.
ProblemIsInSetupOfTerminal=Problem is in setup of terminal %s.
ErrorAddAtLeastOneLineFirst=Add at least one line first
ErrorRecordAlreadyInAccountingDeletionNotPossible=Error, record is already transferred in accounting, deletion is not possible.
ErrorLanguageMandatoryIfPageSetAsTranslationOfAnother=Error, language is mandatory if you set the page as a translation of another one.
ErrorLanguageOfTranslatedPageIsSameThanThisPage=Error, language of translated page is same than this one.
ErrorLanguageOfTranslatedPageIsSameThanThisPage=Error, language of translated page is same than this one.
ErrorBatchNoFoundForProductInWarehouse=No lot/serial found for product "%s" in warehouse "%s".
ErrorBatchNoFoundEnoughQuantityForProductInWarehouse=No enough quantity for this lot/serial for product "%s" in warehouse "%s".
ErrorOnlyOneFieldForGroupByIsPossible=Only 1 field for the 'Group by' is possible (others are discarded)
@ -281,11 +282,11 @@ ErrorIsNotADraft=%s is not a draft
ErrorExecIdFailed=Can't execute command "id"
ErrorBadCharIntoLoginName=Unauthorized character in the login name
ErrorRequestTooLarge=Error, request too large
ErrorNotApproverForHoliday=You are not the approver for leave %s
ErrorNotApproverForHoliday=You are not the approver for leave %s
ErrorAttributeIsUsedIntoProduct=This attribute is used in one or more product variants
ErrorAttributeValueIsUsedIntoProduct=This attribute value is used in one or more product variants
ErrorPaymentInBothCurrency=Error, all amounts must be entered in the same column
ErrorYouTryToPayInvoicesInACurrencyFromBankWithAnotherCurrency=You try to pay invoices in the currency %s from an account with the currency %s
ErrorYouTryToPayInvoicesInACurrencyFromBankWithAnotherCurrency=You try to pay invoices in the currency %s from an account with the currency %s
ErrorInvoiceLoadThirdParty=Can't load third-party object for invoice "%s"
ErrorInvoiceLoadThirdPartyKey=Third-party key "%s" no set for invoice "%s"
ErrorDeleteLineNotAllowedByObjectStatus=Delete line is not allowed by current object status
@ -294,9 +295,9 @@ ErrorThirpdartyOrMemberidIsMandatory=Third party or Member of partnership is man
ErrorFailedToWriteInTempDirectory=Failed to write in temp directory
ErrorQuantityIsLimitedTo=Quantity is limited to %s
ErrorFailedToLoadThirdParty=Failed to find/load thirdparty from id=%s, email=%s, name=%s
ErrorThisPaymentModeIsNotSepa=This payment mode is not a bank account
ErrorThisPaymentModeIsNotSepa=This payment mode is not a bank account
ErrorStripeCustomerNotFoundCreateFirst=Stripe customer is not set for this thirdparty (or set to a value deleted on Stripe side). Create (or re-attach) it first.
ErrorCharPlusNotSupportedByImapForSearch=IMAP search is not able to search into sender or recipient for a string containing the character +
ErrorCharPlusNotSupportedByImapForSearch=IMAP search is not able to search into sender or recipient for a string containing the character +
ErrorTableNotFound=Table <b>%s</b> not found
ErrorValueForTooLow=Value for <b>%s</b> is too low
ErrorValueCantBeNull=Value for <b>%s</b> can't be null

1
htdocs/langs/fr_FR/main.lang
View File

@ -45,6 +45,7 @@ NoError=Aucune erreur
Error=Erreur
Errors=Erreurs
ErrorFieldRequired=Le champ '%s' est obligatoire
AlreadyTooMuchPostOnThisIPAdress=Vous avez déjà posté trop de messages depuis cette adresse IP.
ErrorFieldFormat=Le champ '%s' a une valeur incorrecte
ErrorFileDoesNotExists=Le fichier %s n'existe pas
ErrorFailedToOpenFile=Impossible d'ouvrir le fichier %s

7
htdocs/opensurvey/class/opensurveysondage.class.php
View File

@ -571,12 +571,13 @@ class Opensurveysondage extends CommonObject
*
* @param string $comment Comment content
* @param string $comment_user Comment author
* @param string $user_ip Comment author IP
* @return boolean False in case of the query fails, true if it was successful
*/
public function addComment($comment, $comment_user)
public function addComment($comment, $comment_user, $user_ip = '')
{
$sql = "INSERT INTO ".MAIN_DB_PREFIX."opensurvey_comments (id_sondage, comment, usercomment)";
$sql .= " VALUES ('".$this->db->escape($this->id_sondage)."','".$this->db->escape($comment)."','".$this->db->escape($comment_user)."')";
$sql = "INSERT INTO ".MAIN_DB_PREFIX."opensurvey_comments (id_sondage, comment, usercomment, ip)";
$sql .= " VALUES ('".$this->db->escape($this->id_sondage)."','".$this->db->escape($comment)."','".$this->db->escape($comment_user)."'".($user_ip ? ",'".$this->db->escape($user_ip)."'" : '').")";
$resql = $this->db->query($sql);
if (!$resql) {

3
htdocs/partnership/class/partnership.class.php
View File

@ -22,6 +22,8 @@
* \brief This file is a CRUD class file for Partnership (Create/Read/Update/Delete)
*/
use Illuminate\Support\Arr;
// Put here all includes required by your class file
require_once DOL_DOCUMENT_ROOT.'/core/class/commonobject.class.php';
//require_once DOL_DOCUMENT_ROOT . '/societe/class/societe.class.php';
@ -124,6 +126,7 @@ class Partnership extends CommonObject
'last_check_backlink' => array('type'=>'datetime', 'label'=>'LastCheckBacklink', 'enabled'=>'1', 'position'=>72, 'notnull'=>0, 'visible'=>-2,),
'reason_decline_or_cancel' => array('type'=>'text', 'label'=>'ReasonDeclineOrCancel', 'enabled'=>'1', 'position'=>73, 'notnull'=>0, 'visible'=>-2,),
'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'ThirdParty', 'picto'=>'company', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'css'=>'maxwidth500', 'csslist'=>'tdoverflowmax150',),
'ip' => array('type'=>'varchar(250)', 'label'=>'Ip', 'enabled'=>'1', 'position'=>74, 'notnull'=>0, 'visible'=>-2,),
);
public $rowid;
public $ref;

4
htdocs/projet/class/project.class.php
View File

@ -308,7 +308,7 @@ class Project extends CommonObject
'fk_user_modif' =>array('type'=>'integer', 'label'=>'UserModification', 'enabled'=>1, 'visible'=>0, 'position'=>415),
'import_key' =>array('type'=>'varchar(14)', 'label'=>'ImportId', 'enabled'=>1, 'visible'=>0, 'position'=>420),
'email_msgid'=>array('type'=>'varchar(255)', 'label'=>'EmailMsgID', 'enabled'=>1, 'visible'=>-1, 'position'=>450, 'help'=>'EmailMsgIDWhenSourceisEmail'),
'fk_statut' =>array('type'=>'smallint(6)', 'label'=>'Status', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'position'=>500)
'fk_statut' =>array('type'=>'smallint(6)', 'label'=>'Status', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'position'=>500),
);
// END MODULEBUILDER PROPERTIES
@ -435,6 +435,7 @@ class Project extends CommonObject
$sql .= ", note_private";
$sql .= ", note_public";
$sql .= ", entity";
$sql .= ", ip";
$sql .= ") VALUES (";
$sql .= "'".$this->db->escape($this->ref)."'";
$sql .= ", '".$this->db->escape($this->title)."'";
@ -466,6 +467,7 @@ class Project extends CommonObject
$sql .= ", ".($this->note_private ? "'".$this->db->escape($this->note_private)."'" : 'null');
$sql .= ", ".($this->note_public ? "'".$this->db->escape($this->note_public)."'" : 'null');
$sql .= ", ".((int) $conf->entity);
$sql .= ", ".(!isset($this->ip) ? 'NULL' : "'".$this->db->escape($this->ip)."'");
$sql .= ")";
dol_syslog(get_class($this)."::create", LOG_DEBUG);

38
htdocs/public/eventorganization/attendee_new.php
View File

@ -229,7 +229,7 @@ if ($reshook < 0) {
}
// Action called when page is submitted
if (empty($reshook) && $action == 'add' && (!empty($conference->id) && $conference->status!=2 || !empty($project->id) && $project->status == Project::STATUS_VALIDATED)) {
if (empty($reshook) && $action == 'add' && (!empty($conference->id) && $conference->status==2 || !empty($project->id) && $project->status == Project::STATUS_VALIDATED)) {
$error = 0;
$urlback = '';
@ -259,10 +259,12 @@ if (empty($reshook) && $action == 'add' && (!empty($conference->id) && $conferen
// Check if attendee already exists (by email and for this event)
$confattendee = new ConferenceOrBoothAttendee($db);
$filter = array();
if ($type == 'global') {
$filter = array('t.fk_project'=>((int) $id), 'customsql'=>'t.email="'.$db->escape($email).'"');
}
if ($action == 'conf') {
if ($type == 'conf') {
$filter = array('t.fk_actioncomm'=>((int) $id), 'customsql'=>'t.email="'.$db->escape($email).'"');
}
@ -281,7 +283,37 @@ if (empty($reshook) && $action == 'add' && (!empty($conference->id) && $conferen
$confattendee->fk_actioncomm = $id;
$confattendee->note_public = $note_public;
$resultconfattendee = $confattendee->create($user);
$confattendee->ip = getUserRemoteIP();
$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
// Calculate nb of post for IP
$nb_post_ip = 0;
if ($nb_post_max > 0) { // Calculate only if there is a limit to check
$sql = "SELECT COUNT(ref) as nb_attendee";
$sql .= " FROM ".MAIN_DB_PREFIX."eventorganization_conferenceorboothattendee";
$sql .= " WHERE ip = '".$db->escape($confattendee->ip)."'";
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);
$i = 0;
while ($i < $num) {
$i++;
$obj = $db->fetch_object($resql);
$nb_post_ip = $obj->nb_attendee;
}
}
}
$resultconforbooth = -1;
if ($nb_post_max > 0 && $nb_post_ip >= $nb_post_max) {
$error++;
$errmsg .= $langs->trans("AlreadyTooMuchPostOnThisIPAdress");
array_push($confattendee->errors, $langs->trans("AlreadyTooMuchPostOnThisIPAdress"));
setEventMessage($errmsg, 'errors');
} else {
$resultconfattendee = $confattendee->create($user);
}
if ($resultconfattendee < 0) {
$error++;
$errmsg .= $confattendee->error;

29
htdocs/public/members/new.php
View File

@ -284,12 +284,41 @@ if (empty($reshook) && $action == 'add') {
$adh->morphy = getDolGlobalString("MEMBER_NEWFORM_FORCEMORPHY", GETPOST('morphy'));
$adh->birth = $birthday;
$adh->ip = getUserRemoteIP();
$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
// Calculate nb of post for IP
$nb_post_ip = 0;
if ($nb_post_max > 0) { // Calculate only if there is a limit to check
$sql = "SELECT COUNT(ref) as nb_adh";
$sql .= " FROM ".MAIN_DB_PREFIX."adherent";
$sql .= " WHERE ip = '".$db->escape($adh->ip)."'";
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);
$i = 0;
while ($i < $num) {
$i++;
$obj = $db->fetch_object($resql);
$nb_post_ip = $obj->nb_adh;
}
}
}
// Fill array 'array_options' with data from add form
$extrafields->fetch_name_optionals_label($adh->table_element);
$ret = $extrafields->setOptionalsFromPost(null, $adh);
if ($ret < 0) {
$error++;
$errmsg .= $adh->error;
}
if ($nb_post_max > 0 && $nb_post_ip >= $nb_post_max) {
$error++;
$errmsg .= $langs->trans("AlreadyTooMuchPostOnThisIPAdress");
array_push($adh->errors, $langs->trans("AlreadyTooMuchPostOnThisIPAdress"));
}
if (!$error) {

58
htdocs/public/opensurvey/studs.php
View File

@ -97,8 +97,34 @@ if (GETPOST('ajoutcomment', 'alpha')) {
$error++;
}
$user_ip = getUserRemoteIP();
$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
// Calculate nb of post for IP
$nb_post_ip = 0;
if ($nb_post_max > 0) { // Calculate only if there is a limit to check
$sql = "SELECT COUNT(id_comment) as nb_comments";
$sql .= " FROM ".MAIN_DB_PREFIX."opensurvey_comments";
$sql .= " WHERE ip = '".$db->escape($user_ip)."'";
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);
$i = 0;
while ($i < $num) {
$i++;
$obj = $db->fetch_object($resql);
$nb_post_ip = $obj->nb_comments;
}
}
}
if ($nb_post_max > 0 && $nb_post_ip >= $nb_post_max) {
setEventMessages($langs->trans("AlreadyTooMuchPostOnThisIPAdress"), null, 'errors');
$error++;
}
if (!$error) {
$resql = $object->addComment($comment, $comment_user);
$resql = $object->addComment($comment, $comment_user, $user_ip);
if (!$resql) {
dol_print_error($db);
@ -125,6 +151,28 @@ if (GETPOST("boutonp") || GETPOST("boutonp.x") || GETPOST("boutonp_x")) { // bo
}
}
$user_ip = getUserRemoteIP();
$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
// Calculate nb of post for IP
$nb_post_ip = 0;
if ($nb_post_max > 0) { // Calculate only if there is a limit to check
$sql = "SELECT COUNT(id_users) as nb_records";
$sql .= " FROM ".MAIN_DB_PREFIX."opensurvey_user_studs";
$sql .= " WHERE ip = '".$db->escape($user_ip)."'";
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);
$i = 0;
while ($i < $num) {
$i++;
$obj = $db->fetch_object($resql);
$nb_post_ip = $obj->nb_records;
}
}
}
$nom = substr(GETPOST("nom", 'alphanohtml'), 0, 64);
// Check if vote already exists
@ -137,12 +185,16 @@ if (GETPOST("boutonp") || GETPOST("boutonp.x") || GETPOST("boutonp_x")) { // bo
}
$num_rows = $db->num_rows($resql);
if ($num_rows > 0) {
setEventMessages($langs->trans("VoteNameAlreadyExists"), null, 'errors');
$error++;
} elseif ($nb_post_max > 0 && $nb_post_ip >= $nb_post_max) {
setEventMessages($langs->trans("AlreadyTooMuchPostOnThisIPAdress"), null, 'errors');
$error++;
} else {
$sql = 'INSERT INTO '.MAIN_DB_PREFIX.'opensurvey_user_studs (nom, id_sondage, reponses)';
$sql .= " VALUES ('".$db->escape($nom)."', '".$db->escape($numsondage)."','".$db->escape($nouveauchoix)."')";
$sql = 'INSERT INTO '.MAIN_DB_PREFIX.'opensurvey_user_studs (nom, id_sondage, reponses, ip)';
$sql .= " VALUES ('".$db->escape($nom)."', '".$db->escape($numsondage)."','".$db->escape($nouveauchoix)."', '".$db->escape($user_ip)."')";
$resql = $db->query($sql);
if ($resql) {

27
htdocs/public/partnership/new.php
View File

@ -223,7 +223,27 @@ if (empty($reshook) && $action == 'add') {
$partnership->fk_user_creat = 0;
$partnership->fk_type = GETPOST('partnershiptype', 'int');
//$partnership->typeid = $conf->global->PARTNERSHIP_NEWFORM_FORCETYPE ? $conf->global->PARTNERSHIP_NEWFORM_FORCETYPE : GETPOST('typeid', 'int');
$partnership->ip = getUserRemoteIP();
$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
// Calculate nb of post for IP
$nb_post_ip = 0;
if ($nb_post_max > 0) { // Calculate only if there is a limit to check
$sql = "SELECT COUNT(ref) as nb_partnerships";
$sql .= " FROM ".MAIN_DB_PREFIX."partnership";
$sql .= " WHERE ip = '".$db->escape($partnership->ip)."'";
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);
$i = 0;
while ($i < $num) {
$i++;
$obj = $db->fetch_object($resql);
$nb_post_ip = $obj->nb_partnerships;
}
}
}
// test if societe already exist
$company = new Societe($db);
$result = $company->fetch(0, GETPOST('societe'));
@ -290,6 +310,11 @@ if (empty($reshook) && $action == 'add') {
$error++;
}
if ($nb_post_max > 0 && $nb_post_ip >= $nb_post_max) {
$error++;
$errmsg = $langs->trans("AlreadyTooMuchPostOnThisIPAdress");
array_push($partnership->errors, $langs->trans("AlreadyTooMuchPostOnThisIPAdress"));
}
if (!$error) {
$result = $partnership->create($user);
if ($result > 0) {
@ -464,6 +489,8 @@ if (empty($reshook) && $action == 'add') {
$error++;
$errmsg .= join('<br>', $partnership->errors);
}
} else {
setEventMessage($errmsg, 'errors');
}
}

163
htdocs/public/project/new.php
View File

@ -296,6 +296,26 @@ if (empty($reshook) && $action == 'add') {
$proj->opp_status = $defaultoppstatus;
$proj->fk_opp_status = $defaultoppstatus;
$proj->ip = getUserRemoteIP();
$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
// Calculate nb of post for IP
$nb_post_ip = 0;
if ($nb_post_max > 0) { // Calculate only if there is a limit to check
$sql = "SELECT COUNT(rowid) as nb_projets";
$sql .= " FROM ".MAIN_DB_PREFIX."projet";
$sql .= " WHERE ip = '".$db->escape($proj->ip)."'";
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);
$i = 0;
while ($i < $num) {
$i++;
$obj = $db->fetch_object($resql);
$nb_post_ip = $obj->nb_projets;
}
}
}
// Fill array 'array_options' with data from the form
$extrafields->fetch_name_optionals_label($proj->table_element);
$ret = $extrafields->setOptionalsFromPost(null, $proj);
@ -303,74 +323,83 @@ if (empty($reshook) && $action == 'add') {
$error++;
}
// Create the project
$result = $proj->create($user);
if ($result > 0) {
require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
$object = $proj;
if ($object->email) {
$subject = '';
$msg = '';
// Send subscription email
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
$formmail = new FormMail($db);
// Set output language
$outputlangs = new Translate('', $conf);
$outputlangs->setDefaultLang(empty($object->thirdparty->default_lang) ? $mysoc->default_lang : $object->thirdparty->default_lang);
// Load traductions files required by page
$outputlangs->loadLangs(array("main", "members", "projects"));
// Get email content from template
$arraydefaultmessage = null;
$labeltouse = $conf->global->PROJECT_EMAIL_TEMPLATE_AUTOLEAD;
if (!empty($labeltouse)) {
$arraydefaultmessage = $formmail->getEMailTemplate($db, 'project', $user, $outputlangs, 0, 1, $labeltouse);
}
if (!empty($labeltouse) && is_object($arraydefaultmessage) && $arraydefaultmessage->id > 0) {
$subject = $arraydefaultmessage->topic;
$msg = $arraydefaultmessage->content;
}
if (empty($labeltosue)) {
$labeltouse = '['.$mysoc->name.'] '.$langs->trans("YourMessage");
$msg = $langs->trans("YourMessageHasBeenReceived");
}
$substitutionarray = getCommonSubstitutionArray($outputlangs, 0, null, $object);
complete_substitutions_array($substitutionarray, $outputlangs, $object);
$subjecttosend = make_substitutions($subject, $substitutionarray, $outputlangs);
$texttosend = make_substitutions($msg, $substitutionarray, $outputlangs);
if ($subjecttosend && $texttosend) {
$moreinheader = 'X-Dolibarr-Info: send_an_email by public/lead/new.php'."\r\n";
$result = $object->send_an_email($texttosend, $subjecttosend, array(), array(), array(), "", "", 0, -1, '', $moreinheader);
}
/*if ($result < 0) {
$error++;
setEventMessages($object->error, $object->errors, 'errors');
}*/
}
if (!empty($backtopage)) {
$urlback = $backtopage;
} elseif (!empty($conf->global->PROJECT_URL_REDIRECT_LEAD)) {
$urlback = $conf->global->PROJECT_URL_REDIRECT_LEAD;
// TODO Make replacement of __AMOUNT__, etc...
} else {
$urlback = $_SERVER["PHP_SELF"]."?action=added&token=".newToken();
}
if (!empty($entity)) {
$urlback .= '&entity='.$entity;
}
dol_syslog("project lead ".$proj->ref." has been created, we redirect to ".$urlback);
} else {
if ($nb_post_max > 0 && $nb_post_ip >= $nb_post_max) {
$error++;
$errmsg .= $proj->error.'<br>'.join('<br>', $proj->errors);
$errmsg = $langs->trans("AlreadyTooMuchPostOnThisIPAdress");
array_push($proj->errors, $langs->trans("AlreadyTooMuchPostOnThisIPAdress"));
}
// Create the project
if (!$error) {
$result = $proj->create($user);
if ($result > 0) {
require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
$object = $proj;
if ($object->email) {
$subject = '';
$msg = '';
// Send subscription email
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
$formmail = new FormMail($db);
// Set output language
$outputlangs = new Translate('', $conf);
$outputlangs->setDefaultLang(empty($object->thirdparty->default_lang) ? $mysoc->default_lang : $object->thirdparty->default_lang);
// Load traductions files required by page
$outputlangs->loadLangs(array("main", "members", "projects"));
// Get email content from template
$arraydefaultmessage = null;
$labeltouse = $conf->global->PROJECT_EMAIL_TEMPLATE_AUTOLEAD;
if (!empty($labeltouse)) {
$arraydefaultmessage = $formmail->getEMailTemplate($db, 'project', $user, $outputlangs, 0, 1, $labeltouse);
}
if (!empty($labeltouse) && is_object($arraydefaultmessage) && $arraydefaultmessage->id > 0) {
$subject = $arraydefaultmessage->topic;
$msg = $arraydefaultmessage->content;
}
if (empty($labeltosue)) {
$labeltouse = '['.$mysoc->name.'] '.$langs->trans("YourMessage");
$msg = $langs->trans("YourMessageHasBeenReceived");
}
$substitutionarray = getCommonSubstitutionArray($outputlangs, 0, null, $object);
complete_substitutions_array($substitutionarray, $outputlangs, $object);
$subjecttosend = make_substitutions($subject, $substitutionarray, $outputlangs);
$texttosend = make_substitutions($msg, $substitutionarray, $outputlangs);
if ($subjecttosend && $texttosend) {
$moreinheader = 'X-Dolibarr-Info: send_an_email by public/lead/new.php'."\r\n";
$result = $object->send_an_email($texttosend, $subjecttosend, array(), array(), array(), "", "", 0, -1, '', $moreinheader);
}
/*if ($result < 0) {
$error++;
setEventMessages($object->error, $object->errors, 'errors');
}*/
}
if (!empty($backtopage)) {
$urlback = $backtopage;
} elseif (!empty($conf->global->PROJECT_URL_REDIRECT_LEAD)) {
$urlback = $conf->global->PROJECT_URL_REDIRECT_LEAD;
// TODO Make replacement of __AMOUNT__, etc...
} else {
$urlback = $_SERVER["PHP_SELF"]."?action=added&token=".newToken();
}
if (!empty($entity)) {
$urlback .= '&entity='.$entity;
}
dol_syslog("project lead ".$proj->ref." has been created, we redirect to ".$urlback);
} else {
$error++;
$errmsg .= $proj->error.'<br>'.join('<br>', $proj->errors);
}
} else {
setEventMessage($errmsg, 'errors');
}
}

32
htdocs/public/project/suggestbooth.php
View File

@ -361,7 +361,37 @@ if (empty($reshook) && $action == 'add') {
$conforbooth->datep2 = $dateend;
$conforbooth->datec = dol_now();
$conforbooth->tms = dol_now();
$resultconforbooth = $conforbooth->create($user);
$conforbooth->ip = getUserRemoteIP();
$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
// Calculate nb of post for IP
$nb_post_ip = 0;
if ($nb_post_max > 0) { // Calculate only if there is a limit to check
$sql = "SELECT COUNT(ref) as nb_confs";
$sql .= " FROM ".MAIN_DB_PREFIX."actioncomm";
$sql .= " WHERE ip = '".$db->escape($conforbooth->ip)."'";
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);
$i = 0;
while ($i < $num) {
$i++;
$obj = $db->fetch_object($resql);
$nb_post_ip = $obj->nb_confs;
}
}
}
$resultconforbooth = 0;
if ($nb_post_max > 0 && $nb_post_ip >= $nb_post_max) {
$error++;
$errmsg .= $langs->trans("AlreadyTooMuchPostOnThisIPAdress");
array_push($conforbooth->errors, $langs->trans("AlreadyTooMuchPostOnThisIPAdress"));
setEventMessage($errmsg, 'errors');
} else {
$resultconforbooth = $conforbooth->create($user);
}
if ($resultconforbooth<=0) {
$error++;
$errmsg .= $conforbooth->error;

32
htdocs/public/project/suggestconference.php
View File

@ -359,7 +359,37 @@ if (empty($reshook) && $action == 'add') {
$conforbooth->tms = dol_now();
$conforbooth->firstname = $contact->firstname;
$conforbooth->lastname = $contact->lastname;
$resultconforbooth = $conforbooth->create($user);
$conforbooth->ip = getUserRemoteIP();
$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
// Calculate nb of post for IP
$nb_post_ip = 0;
if ($nb_post_max > 0) { // Calculate only if there is a limit to check
$sql = "SELECT COUNT(ref) as nb_confs";
$sql .= " FROM ".MAIN_DB_PREFIX."actioncomm";
$sql .= " WHERE ip = '".$db->escape($conforbooth->ip)."'";
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);
$i = 0;
while ($i < $num) {
$i++;
$obj = $db->fetch_object($resql);
$nb_post_ip = $obj->nb_confs;
}
}
}
$resultconforbooth = 0;
if ($nb_post_max > 0 && $nb_post_ip >= $nb_post_max) {
$error++;
$errmsg .= $langs->trans("AlreadyTooMuchPostOnThisIPAdress");
array_push($conforbooth->errors, $langs->trans("AlreadyTooMuchPostOnThisIPAdress"));
setEventMessage($errmsg, 'errors');
} else {
$resultconforbooth = $conforbooth->create($user);
}
if ($resultconforbooth<=0) {
$error++;
$errmsg .= $conforbooth->error;