diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 47b3955e617..ad7d7cecfa5 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -2527,14 +2527,37 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, $accessallowed = 1; $original_file = $conf->mycompany->dir_output.'/'.$original_file; } elseif ($modulepart == 'userphoto' && !empty($conf->user->dir_output)) { - // Wrapping for users photos + // Wrapping for users photos (user photos are allowed to any connected users) $accessallowed = 0; if (preg_match('/^\d+\/photos\//', $original_file)) { $accessallowed = 1; } $original_file = $conf->user->dir_output.'/'.$original_file; + } elseif ($modulepart == 'userphotopublic' && !empty($conf->user->dir_output)) { + // Wrapping for users photos that were set to public by their owner (public user photos can be read with the public link and securekey) + $accessok = false; + $reg = array(); + if (preg_match('/^(\d+)\/photos\//', $original_file, $reg)) { + if ($reg[0]) { + $tmpobject = new User($db); + $tmpobject->fetch($reg[0], '', '', 1); + if (getDolUserInt('USER_ENABLE_PUBLIC', 0, $tmpobject)) { + $securekey = GETPOST('securekey', 'alpha', 1); + // Security check + global $dolibarr_main_instance_unique_id; + $encodedsecurekey = dol_hash($dolibarr_main_instance_unique_id.'uservirtualcard'.$tmpobject->id.'-'.$tmpobject->login, 'md5'); + if ($encodedsecurekey == $securekey) { + $accessok = true; + } + } + } + } + if ($accessok) { + $accessallowed = 1; + } + $original_file = $conf->user->dir_output.'/'.$original_file; } elseif (($modulepart == 'companylogo') && !empty($conf->mycompany->dir_output)) { - // Wrapping for users logos + // Wrapping for company logos (company logos are allowed to anyboby, they are public) $accessallowed = 1; $original_file = $conf->mycompany->dir_output.'/logos/'.$original_file; } elseif ($modulepart == 'memberphoto' && !empty($conf->adherent->dir_output)) { @@ -2545,7 +2568,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, } $original_file = $conf->adherent->dir_output.'/'.$original_file; } elseif ($modulepart == 'apercufacture' && !empty($conf->facture->multidir_output[$entity])) { - // Wrapping pour les apercu factures + // Wrapping for invoices (user need permission to read invoices) if ($fuser->rights->facture->{$lire}) { $accessallowed = 1; } @@ -2698,11 +2721,11 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, } $original_file = $conf->agenda->dir_output.'/'.$original_file; } elseif ($modulepart == 'category' && !empty($conf->categorie->multidir_output[$entity])) { - // Wrapping for categories + // Wrapping for categories (categories are allowed if user has permission to read categories or to work on TakePos) if (empty($entity) || empty($conf->categorie->multidir_output[$entity])) { return array('accessallowed'=>0, 'error'=>'Value entity must be provided'); } - if ($fuser->rights->categorie->{$lire} || $fuser->rights->takepos->run) { + if ($fuser->hasRight("categorie", $lire) || $fuser->hasRight("takepos", "run")) { $accessallowed = 1; } $original_file = $conf->categorie->multidir_output[$entity].'/'.$original_file; diff --git a/htdocs/public/users/view.php b/htdocs/public/users/view.php index 7a843a0b597..511e7b93604 100644 --- a/htdocs/public/users/view.php +++ b/htdocs/public/users/view.php @@ -146,7 +146,7 @@ print ''; print "\n"; print ''."\n"; -$modulepart = 'user'; +$modulepart = 'userphotopublic'; $imagesize = 'small'; $dir = $conf->user->dir_output; $email = $object->email; @@ -167,11 +167,11 @@ if (!empty($object->photo)) { $urllogo = ''; $urllogofull = ''; if (!empty($logosmall) && is_readable($conf->user->dir_output.'/'.$logosmall)) { - $urllogo = DOL_URL_ROOT.'/viewimage.php?modulepart='.$modulepart.'&entity='.$conf->entity.'&file='.urlencode($logosmall); - $urllogofull = $dolibarr_main_url_root.'/viewimage.php?modulepart='.$modulepart.'&entity='.$conf->entity.'&file='.urlencode($logosmall); + $urllogo = DOL_URL_ROOT.'/viewimage.php?modulepart='.$modulepart.'&entity='.$conf->entity.'&securekey='.urlencode($securekey).'&file='.urlencode($logosmall); + $urllogofull = $dolibarr_main_url_root.'/viewimage.php?modulepart='.$modulepart.'&entity='.$conf->entity.'&securekey='.urlencode($securekey).'&file='.urlencode($logosmall); } elseif (!empty($logo) && is_readable($conf->user->dir_output.'/'.$logo)) { - $urllogo = DOL_URL_ROOT.'/viewimage.php?modulepart='.$modulepart.'&entity='.$conf->entity.'&file='.urlencode($logo); - $urllogofull = $dolibarr_main_url_root.'/viewimage.php?modulepart='.$modulepart.'&entity='.$conf->entity.'&file='.urlencode($logo); + $urllogo = DOL_URL_ROOT.'/viewimage.php?modulepart='.$modulepart.'&entity='.$conf->entity.'&securekey='.urlencode($securekey).'&file='.urlencode($logo); + $urllogofull = $dolibarr_main_url_root.'/viewimage.php?modulepart='.$modulepart.'&entity='.$conf->entity.'&securekey='.urlencode($securekey).'&file='.urlencode($logo); } // Output html code for logo @@ -223,40 +223,43 @@ if ($showbarcode) { if ($urllogo) { print ''; } -print ''."\n"; -// Output payment summary form -print ''."\n"; + + print '
'; -print '
'; +$usersection = ''; // User email if ($object->email && !getDolUserInt('USER_PUBLIC_HIDE_EMAIL', 0, $object)) { - print '
'; - print dol_print_email($object->email, 0, 0, 1, 0, 1, 1); - print '
'; + $usersection .= '
'; + $usersection .= dol_print_email($object->email, 0, 0, 1, 0, 1, 1); + $usersection .= '
'; } // User url if ($object->url && !getDolUserInt('USER_PUBLIC_HIDE_URL', 0, $object)) { - print '
'; - print img_picto('', 'globe', 'class="pictofixedwidth"'); - print dol_print_url($object->url, '_blank', 0, 0, ''); - print '
'; + $usersection .= '
'; + $usersection .= img_picto('', 'globe', 'class="pictofixedwidth"'); + $usersection .= dol_print_url($object->url, '_blank', 0, 0, ''); + $usersection .= '
'; } // User phone if ($object->office_phone && !getDolUserInt('USER_PUBLIC_HIDE_OFFICE_PHONE', 0, $object)) { - print '
'; - print img_picto('', 'phone', 'class="pictofixedwidth"'); - print dol_print_phone($object->office_phone, $object->country_code, 0, $mysoc->id, 'tel', ' ', 0, ''); - print '
'; + $usersection .= '
'; + $usersection .= img_picto('', 'phone', 'class="pictofixedwidth"'); + $usersection .= dol_print_phone($object->office_phone, $object->country_code, 0, $mysoc->id, 'tel', ' ', 0, ''); + $usersection .= '
'; +} +if ($object->office_fax && !getDolUserInt('USER_PUBLIC_HIDE_OFFICE_FAX', 0, $object)) { + $usersection .= '
'; + $usersection .= img_picto('', 'phoning_fax', 'class="pictofixedwidth"'); + $usersection .= dol_print_phone($object->office_fax, $object->country_code, 0, $mysoc->id, 'fax', ' ', 0, ''); + $usersection .= '
'; } if ($object->user_mobile && !getDolUserInt('USER_PUBLIC_HIDE_USER_MOBILE', 0, $object)) { - print '
'; - print img_picto('', 'phone', 'class="pictofixedwidth"'); - print dol_print_phone($object->user_mobile, $object->country_code, 0, $mysoc->id, 'tel', ' ', 0, ''); - print '
'; + $usersection .= '
'; + $usersection .= img_picto('', 'phone', 'class="pictofixedwidth"'); + $usersection .= dol_print_phone($object->user_mobile, $object->country_code, 0, $mysoc->id, 'tel', ' ', 0, ''); + $usersection .= '
'; } // Social networks @@ -264,20 +267,29 @@ if (!empty($object->socialnetworks) && is_array($object->socialnetworks) && coun if (!getDolUserInt('USER_PUBLIC_HIDE_SOCIALNETWORKS', 0, $object)) { foreach ($object->socialnetworks as $key => $value) { if ($value) { - print '
'.dol_print_socialnetworks($value, 0, $mysoc->id, $key, $socialnetworksdict).'
'; + $usersection .= '
'.dol_print_socialnetworks($value, 0, $mysoc->id, $key, $socialnetworksdict).'
'; } } } } +if ($usersection) { + print ''."\n"; -print ''."\n"; -print "\n"; + // Output payment summary form + print ''."\n"; + print '
'; -print '
'; -print '
'."\n"; + print $usersection; + print '
'."\n"; + print "\n"; + + print '
'."\n"; +} if (!getDolUserInt('USER_PUBLIC_HIDE_COMPANY', 0, $object)) { @@ -303,6 +315,12 @@ if (!getDolUserInt('USER_PUBLIC_HIDE_COMPANY', 0, $object)) { $companysection .= dol_print_phone($mysoc->phone, $mysoc->country_code, 0, $mysoc->id, 'tel', ' ', 0, ''); $companysection .= '
'; } + if ($mysoc->fax) { + $companysection .= '
'; + $companysection .= img_picto('', 'phoning_fax', 'class="pictofixedwidth"'); + $companysection .= dol_print_phone($mysoc->fax, $mysoc->country_code, 0, $mysoc->id, 'fax', ' ', 0, ''); + $companysection .= '
'; + } // Social networks if (!empty($mysoc->socialnetworks) && is_array($mysoc->socialnetworks) && count($mysoc->socialnetworks) > 0) { diff --git a/htdocs/user/card.php b/htdocs/user/card.php index 05c831fcf04..d535492406a 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -1438,9 +1438,6 @@ if ($action == 'create' || $action == 'adduserldap') { $urltovirtualcard = '/user/virtualcard.php?id='.((int) $object->id); $morehtmlref .= dolButtonToOpenUrlInDialogPopup('publicvirtualcard', $langs->trans("PublicVirtualCardUrl"), img_picto($langs->trans("PublicVirtualCardUrl"), 'card', 'class="valignmiddle marginleftonly paddingrightonly"'), $urltovirtualcard, '', 'nohover'); - /*$morehtmlref .= ''; - $morehtmlref .= img_picto($langs->trans("PublicVirtualCardUrl"), 'id-card', 'class="valignmiddle marginleftonly paddingrightonly"'); - $morehtmlref .= '';*/ dol_banner_tab($object, 'id', $linkback, $user->hasRight("user", "user", "read") || $user->admin, 'rowid', 'ref', $morehtmlref); diff --git a/htdocs/user/virtualcard.php b/htdocs/user/virtualcard.php index 69ecb2a9503..59d30e4e575 100644 --- a/htdocs/user/virtualcard.php +++ b/htdocs/user/virtualcard.php @@ -35,6 +35,7 @@ $langs->loadLangs(array("users", "companies")); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); +$dol_openinpopup = GETPOST('dol_openinpopup', 'aZ09'); $object = new User($db); if ($id > 0 || !empty($ref)) { @@ -62,9 +63,11 @@ if (($object->id != $user->id) && empty($user->rights->user->user->lire)) { if ($action == 'update') { $tmparray = array(); + $tmparray['USER_PUBLIC_HIDE_PHOTO'] = (GETPOST('USER_PUBLIC_HIDE_PHOTO') ? 1 : 0); $tmparray['USER_PUBLIC_HIDE_JOBPOSITION'] = (GETPOST('USER_PUBLIC_HIDE_JOBPOSITION') ? 1 : 0); $tmparray['USER_PUBLIC_HIDE_EMAIL'] = (GETPOST('USER_PUBLIC_HIDE_EMAIL') ? 1 : 0); $tmparray['USER_PUBLIC_HIDE_OFFICE_PHONE'] = (GETPOST('USER_PUBLIC_HIDE_OFFICE_PHONE') ? 1 : 0); + $tmparray['USER_PUBLIC_HIDE_OFFICE_FAX'] = (GETPOST('USER_PUBLIC_HIDE_OFFICE_FAX') ? 1 : 0); $tmparray['USER_PUBLIC_HIDE_USER_MOBILE'] = (GETPOST('USER_PUBLIC_HIDE_USER_MOBILE') ? 1 : 0); $tmparray['USER_PUBLIC_HIDE_SOCIALNETWORKS'] = (GETPOST('USER_PUBLIC_HIDE_SOCIALNETWORKS') ? 1 : 0); $tmparray['USER_PUBLIC_HIDE_COMPANY'] = (GETPOST('USER_PUBLIC_HIDE_COMPANY') ? 1 : 0); @@ -177,10 +180,17 @@ if (getDolUserInt('USER_ENABLE_PUBLIC', 0, $object)) { print ''; print ''; - print ''; + print ''; print ''; print "\n"; + // User photo + print '\n"; + // Job position print '\n"; - // Office phone + // Office fax + print '\n"; + + // User mobile print '
'.$langs->trans("Parameter").''.$langs->trans("Options").''.$langs->trans("Value").'
'; + print $langs->trans("HideOnVCard", $langs->transnoentitiesnoconv("Photo")); + print ''; + print $form->selectyesno("USER_PUBLIC_HIDE_PHOTO", (getDolUserInt('USER_PUBLIC_HIDE_PHOTO', 0, $object) ? getDolUserInt('USER_PUBLIC_HIDE_PHOTO', 0, $object) : 0), 1); + print "
'; print $langs->trans("HideOnVCard", $langs->transnoentitiesnoconv("PostOrFunction")); @@ -202,7 +212,14 @@ if (getDolUserInt('USER_ENABLE_PUBLIC', 0, $object)) { print $form->selectyesno("USER_PUBLIC_HIDE_OFFICE_PHONE", (getDolUserInt('USER_PUBLIC_HIDE_OFFICE_PHONE', 0, $object) ? getDolUserInt('USER_PUBLIC_HIDE_OFFICE_PHONE', 0, $object) : 0), 1); print "
'; + print $langs->trans("HideOnVCard", $langs->transnoentitiesnoconv("OfficeFax")); + print ''; + print $form->selectyesno("USER_PUBLIC_HIDE_OFFICE_FAX", (getDolUserInt('USER_PUBLIC_HIDE_OFFICE_FAX', 0, $object) ? getDolUserInt('USER_PUBLIC_HIDE_OFFICE_FAX', 0, $object) : 0), 1); + print "
'; print $langs->trans("HideOnVCard", $langs->transnoentitiesnoconv("UserMobile")); print ''; @@ -225,7 +242,7 @@ if (getDolUserInt('USER_ENABLE_PUBLIC', 0, $object)) { // More print '
'; - print $langs->trans("More"); + print $langs->trans("Text"); print ''; require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; $doleditor = new DolEditor('USER_PUBLIC_MORE', getDolUserString('USER_PUBLIC_MORE', '', $object), '', 160, 'dolibarr_notes', '', false, false, isModEnabled('fckeditor'), ROWS_5, '90%'); @@ -236,7 +253,7 @@ if (getDolUserInt('USER_ENABLE_PUBLIC', 0, $object)) { print ''; print '
'; - print ''; + print $form->buttonsSaveCancel("Save", "Cancel", array(), 0, '', $dol_openinpopup); print '
'; } diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index ed5afe72f21..2c2c93acbca 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -66,6 +66,9 @@ if (isset($_GET["modulepart"])) { if ($_GET["modulepart"] == 'medias') { $needlogin = 0; } + if ($_GET["modulepart"] == 'userphotopublic') { + $needlogin = 0; + } // Used by TakePOS Auto Order if ($_GET["modulepart"] == 'product' && isset($_GET["publictakepos"])) { $needlogin = 0; @@ -135,7 +138,6 @@ if ($modulepart == 'fckeditor') { } - /* * Actions */