diff options
| -rw-r--r-- | LedgerSMB/AA.pm | 10 | ||||
| -rw-r--r-- | LedgerSMB/AM.pm | 52 | ||||
| -rw-r--r-- | LedgerSMB/Form.pm | 186 | ||||
| -rw-r--r-- | LedgerSMB/IC.pm | 22 | ||||
| -rw-r--r-- | LedgerSMB/IR.pm | 14 | ||||
| -rw-r--r-- | LedgerSMB/IS.pm | 41 | ||||
| -rw-r--r-- | LedgerSMB/Locale.pm | 14 | ||||
| -rw-r--r-- | LedgerSMB/Menu.pm | 9 | ||||
| -rw-r--r-- | LedgerSMB/OE.pm | 77 | ||||
| -rw-r--r-- | LedgerSMB/Sysconfig.pm | 13 | ||||
| -rw-r--r-- | LedgerSMB/Tax.pm | 16 | ||||
| -rw-r--r-- | LedgerSMB/User.pm | 74 | ||||
| -rw-r--r-- | bin/aa.pl | 12 | ||||
| -rw-r--r-- | bin/admin.pl | 124 | ||||
| -rw-r--r-- | bin/am.pl | 8 | ||||
| -rw-r--r-- | bin/arapprn.pl | 6 | ||||
| -rw-r--r-- | bin/cp.pl | 34 | ||||
| -rw-r--r-- | bin/ic.pl | 4 | ||||
| -rw-r--r-- | bin/io.pl | 15 | ||||
| -rw-r--r-- | bin/ir.pl | 23 | ||||
| -rw-r--r-- | bin/is.pl | 20 | ||||
| -rw-r--r-- | bin/jc.pl | 17 | ||||
| -rw-r--r-- | bin/login.pl | 6 | ||||
| -rw-r--r-- | bin/oe.pl | 9 | ||||
| -rw-r--r-- | bin/pos.pl | 15 | ||||
| -rwxr-xr-x | menu.pl | 63 |
26 files changed, 402 insertions, 482 deletions
diff --git a/LedgerSMB/AA.pm b/LedgerSMB/AA.pm index e6d7b573..dde35958 100644 --- a/LedgerSMB/AA.pm +++ b/LedgerSMB/AA.pm @@ -394,7 +394,7 @@ sub post_transaction { INSERT INTO acc_trans (trans_id, chart_id, amount, transdate) VALUES (?, (SELECT id FROM chart - WHERE accno = '?'), + WHERE accno = ?), ?, ?)|; @queryargs = ( $form->{id}, $accno, $invamount * -1 * $ml, $form->{transdate} ); @@ -455,7 +455,7 @@ sub post_transaction { ?, ?)|; @queryargs = ( - $form->{id}, + $form->{id}, $accno, $paid{amount}{$i} * $ml, $form->{"datepaid_$i"} ); @@ -480,7 +480,7 @@ sub post_transaction { cleared) VALUES (?, (SELECT id FROM chart WHERE accno = ?), - ? * -1 * $ml, ?, ?, ?, ?)|; + ?, ?, ?, ?, ?)|; @queryargs = ( $form->{id}, $accno, @@ -545,7 +545,8 @@ sub post_transaction { FROM chart WHERE accno = ?), - ?, ?, '1', ?, ?)|; + ?, ?, + '1', ?, ?)|; @queryargs = ( $form->{id}, $accno, @@ -870,7 +871,6 @@ sub transactions { $query .= "WHERE $where ORDER BY $sortorder"; - my $sth = $dbh->prepare($query); $sth->execute(@paidargs) || $form->dberror($query); diff --git a/LedgerSMB/AM.pm b/LedgerSMB/AM.pm index 1219c50c..696b370b 100644 --- a/LedgerSMB/AM.pm +++ b/LedgerSMB/AM.pm @@ -247,7 +247,7 @@ sub delete_account { # set inventory_accno_id, income_accno_id, expense_accno_id to defaults $query = qq| UPDATE parts - SET inventory_accno_id = (SELECT value + SET inventory_accno_id = (SELECT value::int FROM defaults WHERE setting_key = 'inventory_accno_id') @@ -259,7 +259,7 @@ sub delete_account { for (qw(income_accno_id expense_accno_id)) { $query = qq| UPDATE parts - SET $_ = (SELECT value + SET $_ = (SELECT value::int FROM defaults WHERE setting_key = '$_') WHERE $_ = ?|; @@ -1247,12 +1247,12 @@ sub check_template_name { my ( $self, $myconfig, $form ) = @_; my @allowedsuff = qw(css tex txt html xml); - if ( $form->{file} =~ /^(.:)*?\/|\.\.\/|^\// ) { + if ( $form->{file} =~ /^(.:)*?\/|:|\.\.\/|^\// ) { $form->error("Directory transversal not allowed."); } - if ( $form->{file} =~ /^${LedgerSMB::Sysconfig::userspath}\// ) { + if ( $form->{file} =~ /^${LedgerSMB::Sysconfig::backuppath}\// ) { $form->error( -"Not allowed to access ${LedgerSMB::Sysconfig::userspath}/ with this method" +"Not allowed to access ${LedgerSMB::Sysconfig::backuppath}/ with this method" ); } my $whitelisted = 0; @@ -1353,10 +1353,6 @@ sub save_preferences { company menuwidth countrycode address timeout stylesheet printer password); - foreach my $item ( keys %$form ) { - $myconfig->{$item} = $form->{$item}; - } - $myconfig->{password} = $form->{new_password} if ( $form->{old_password} ne $form->{new_password} ); @@ -1614,8 +1610,7 @@ sub backup { my $boundary = time; my $tmpfile = -"${LedgerSMB::Sysconfig::userspath}/$boundary.$myconfig->{dbname}-$form->{dbversion}-$t[5]$t[4]$t[3].sql"; - $tmpfile .= ".gz" if ${LedgerSMB::Sysconfig::gzip}; +"${LedgerSMB::Sysconfig::backuppath}/$boundary.$globalDBname-$form->{dbversion}-$t[5]$t[4]$t[3].sql"; $form->{OUT} = "$tmpfile"; open( OUT, '>', "$form->{OUT}" ) or $form->error("$form->{OUT} : $!"); @@ -1624,24 +1619,12 @@ sub backup { my $today = scalar localtime; - $myconfig->{dbhost} = 'localhost' unless $myconfig->{dbhost}; - - $ENV{PGPASSWD} = $myconfig->{dbpasswd}; - - # drop tables and sequences - # compress backup if gzip defined - my $suffix = ""; + my $suffix = "c"; if ( $form->{media} eq 'email' ) { - if ( ${LedgerSMB::Sysconfig::gzip} ) { - print OUT -`pg_dump -U $myconfig->{dbuser} -h $myconfig->{dbhost} $myconfig->{dbname} | ${LedgerSMB::Sysconfig::gzip}`; - } - else { - print OUT -`pg_dump -U $myconfig->{dbuser} -h $myconfig->{dbhost} $myconfig->{dbname}`; - } + print OUT +qx(PGPASSWORD="$myconfig->{dbpasswd}" pg_dump -U $myconfig->{dbuser} -h $myconfig->{dbhost} -Fc -p $myconfig->{dbport} $myconfig->{dbname}); close OUT; use LedgerSMB::Mailer; $mail = new Mailer; @@ -1649,12 +1632,12 @@ sub backup { $mail->{to} = qq|"$myconfig->{name}" <$myconfig->{email}>|; $mail->{from} = qq|"$myconfig->{name}" <$myconfig->{email}>|; $mail->{subject} = -"LedgerSMB Backup / $myconfig->{dbname}-$form->{dbversion}-$t[5]$t[4]$t[3].sql$suffix"; +"LedgerSMB Backup / $globalDBname-$form->{dbversion}-$t[5]$t[4]$t[3].sql$suffix"; @{ $mail->{attachments} } = ($tmpfile); $mail->{version} = $form->{version}; $mail->{fileid} = "$boundary."; $mail->{format} = "plain"; - $mail->{format} = "octet-stream" if ${LedgerSMB::Sysconfig::gzip}; + $mail->{format} = "octet-stream"; $myconfig->{signature} =~ s/\\n/\n/g; $mail->{message} = "-- \n$myconfig->{signature}"; @@ -1669,15 +1652,8 @@ sub backup { print OUT qq|Content-Type: application/file;\n| . qq|Content-Disposition: attachment; filename="$myconfig->{dbname}-$form->{dbversion}-$t[5]$t[4]$t[3].sql$suffix"\n\n|; - if ( ${LedgerSMB::Sysconfig::gzip} ) { - print OUT -`pg_dump -U $myconfig->{dbuser} -h $myconfig->{dbhost} $myconfig->{dbname} | ${LedgerSMB::Sysconfig::gzip}`; - } - else { - print OUT -`pg_dump -U $myconfig->{dbuser} -h $myconfig->{dbhost} $myconfig->{dbname}`; - } - + print OUT +qx(PGPASSWORD="$myconfig->{dbpasswd}" pg_dump -U $myconfig->{dbuser} -h $myconfig->{dbhost} -Fc -p $myconfig->{dbport} $myconfig->{dbname}); } unlink "$tmpfile"; @@ -1716,7 +1692,7 @@ sub closebooks { for (qw(revtrans closedto audittrail)) { if ( $form->{$_} ) { - $val = 1; + $val = $form->{$_}; } else { $val = 0; diff --git a/LedgerSMB/Form.pm b/LedgerSMB/Form.pm index 76f4877f..a7955240 100644 --- a/LedgerSMB/Form.pm +++ b/LedgerSMB/Form.pm @@ -35,6 +35,11 @@ use Math::BigFloat lib => 'GMP'; use LedgerSMB::Sysconfig; +use List::Util qw(first); +use LedgerSMB::Mailer; +use Time::Local; +use Cwd; +use File::Copy; package Form; @@ -68,35 +73,32 @@ sub new { $self->{nextsub} =~ s/( |-|,|\#|\/|\.$)/_/g; } + $self->{login} =~ s/[^a-zA-Z0-9._+@'-]//g; + $self->{menubar} = 1 if $self->{path} =~ /lynx/i; #menubar will be deprecated, replaced with below $self->{lynx} = 1 if $self->{path} =~ /lynx/i; - $self->{version} = "1.3.0 Alpha 0 Pre"; + $self->{version} = "1.2.5"; $self->{dbversion} = "1.2.0"; bless $self, $type; - if ( $self->{path} eq "bin/lynx" ) { - $self->{menubar} = 1; - - #menubar will be deprecated, replaced with below - $self->{lynx} = 1; - $self->{path} = "bin/lynx"; - } - else { - $self->{path} = "bin/mozilla"; + if ( $self->{path} ne 'bin/lynx' ) { $self->{path} = 'bin/mozilla'; } + if ( ( $self->{script} ) + and not List::Util::first { $_ eq $self->{script} } + @{LedgerSMB::Sysconfig::scripts} ) + { + $self->error( 'Access Denied', __line__, __file__ ); } - if ( ( $self->{script} =~ m#(\.\.|\\|/)# ) ) { - $self->error("Access Denied"); + if ( ( $self->{action} =~ /(:|')/ ) || ( $self->{nextsub} =~ /(:|')/ ) ) { + $self->error( "Access Denied", __line__, __file__ ); } - if ( ( $self->{action} =~ /:/ ) || ( $self->{nextsub} =~ /:/ ) ) { - $self->error("Access Denied"); - } + for ( keys %$self ) { $self->{$_} =~ s/\000//g } $self; } @@ -116,6 +118,16 @@ sub debug { } +sub encode_all { + + # TODO; +} + +sub decode_all { + + # TODO +} + sub escape { my ( $self, $str, $beenthere ) = @_; @@ -155,24 +167,6 @@ sub quote { } -sub format_date { - - # takes an iso date in, and converts it to the date for printing - my ( $self, $date ) = @_; - my $datestring; - if ( $date =~ /^\d{4}\D/ ) { # is an ISO date - $datestring = $self->{db_dateformat}; - my ( $yyyy, $mm, $dd ) = split( /\W/, $date ); - $datestring =~ s/y+/$yyyy/; - $datestring =~ s/mm/$mm/; - $datestring =~ s/dd/$dd/; - } - else { # return date - $datestring = $date; - } - $datestring; -} - sub unquote { my ( $self, $str ) = @_; @@ -234,9 +228,7 @@ sub error { if ( $ENV{error_function} ) { &{ $ENV{error_function} }($msg); } - else { - die "Error: $msg\n"; - } + die "Error: $msg\n"; } } @@ -343,7 +335,6 @@ qq|<meta http-equiv="content-type" content="text/html; charset=$self->{charset}" sub redirect { my ( $self, $msg ) = @_; - use List::Util qw(first); if ( $self->{callback} || !$msg ) { @@ -524,8 +515,8 @@ sub parse_amount { my ( $self, $myconfig, $amount ) = @_; - if ( $amount eq '' or $amount == undef ) { - return 0; + if ( ( $amount eq '' ) or ( ! defined $amount ) ) { + $amount = 0; } if ( UNIVERSAL::isa( $amount, 'Math::BigFloat' ) ) @@ -557,7 +548,14 @@ sub parse_amount { $amount = $1 * -1; } $amount =~ s/\s?CR//; + + $amount =~ /(\d*)\.(\d*)/; + + my $decimalplaces = length $1 + length $2; + $amount = new Math::BigFloat($amount); + $amount->accuracy($decimalplaces); + return ( $amount * 1 ); } @@ -661,21 +659,28 @@ sub parse_template { my $fileid = time; my $tmpfile = $self->{IN}; $tmpfile =~ s/\./_$self->{fileid}./ if $self->{fileid}; - $self->{tmpfile} = - "${LedgerSMB::Sysconfig::userspath}/${fileid}_${tmpfile}"; - - my %temphash; + $self->{tmpfile} = "${LedgerSMB::Sysconfig::tempdir}/${fileid}_${tmpfile}"; + my $temphash; if ( $self->{format} =~ /(postscript|pdf)/ || $self->{media} eq 'email' ) { - $temphash{out} = $self->{OUT}; - $self->{OUT} = "$self->{tmpfile}"; + $temphash{out} = $self->{OUT}; + $self->{OUT} = "$self->{tmpfile}"; + File::Copy::copy( + "$self->{templates}/logo.png", + "${LedgerSMB::Sysconfig::tempdir}/" + ); + File::Copy::copy( + "$self->{templates}/logo.eps", + "${LedgerSMB::Sysconfig::tempdir}/" + ); $temphash{printmode} = $self->{printmode}; - $self->{printmode} = '>'; + $self->{printmode} = '>'; } if ( $self->{OUT} ) { open( OUT, $self->{printmode}, "$self->{OUT}" ) or $self->error("$self->{OUT} : $!"); + chmod( 0600, "$self->{OUT}" ); } else { @@ -826,13 +831,19 @@ sub parse_template { chop; s/.*?<\?lsmb if (.+?) \?>/$1/; - if (/\s/) { - @a = split; - $ok = eval "$self->{$a[0]} $a[1] $a[2]"; - } - else { - $ok = $self->{$_}; - } + # commenting this out for security reasons. If needed, + # please uncomment. Functionality below will be in 1.3 + # Chris Travers + #if (/\s/) { + # @args = split; + # if ($args[1] !~ /^(==|eq|>|gt|>|lt|>=|ge|le|<=|ne|!=)$/){ + # $self->error("Unknown/forbidden operator"); + # } + # $ok = eval "$self->{$args[0]} $args[1] $args[2]"; + #} else { + $ok = $self->{$_}; + + #} if ($ok) { while ( $_ = shift ) { @@ -898,19 +909,15 @@ sub parse_template { # Convert the tex file to postscript if ( $self->{format} =~ /(postscript|pdf)/ ) { - use Cwd; - $self->{cwd} = cwd(); - $self->{tmpdir} = "$self->{cwd}/${LedgerSMB::Sysconfig::userspath}"; - $self->{tmpdir} = "${LedgerSMB::Sysconfig::userspath}" - if ${LedgerSMB::Sysconfig::userspath} =~ /^\//; + $self->{tmpdir} = "${LedgerSMB::Sysconfig::tempdir}"; - unless ( chdir("${LedgerSMB::Sysconfig::userspath}") ) { + unless ( chdir( $self->{tmpdir} ) ) { $err = $!; $self->cleanup; - $self->error("chdir : $err"); + $self->error("chdir : $self->{tmpdir} : $err"); } - $self->{tmpfile} =~ s/${LedgerSMB::Sysconfig::userspath}\///g; + $self->{tmpfile} =~ s/$self->{tmpdir}\///g; $self->{errfile} = $self->{tmpfile}; $self->{errfile} =~ s/tex$/err/; @@ -958,8 +965,6 @@ sub parse_template { if ( $self->{media} eq 'email' ) { - use LedgerSMB::Mailer; - my $mail = new Mailer; for (qw(cc bcc subject message version format charset)) { @@ -1017,8 +1022,8 @@ sub parse_template { } else { - $self->{OUT} = $temphash{out}; - $self->{printmode} = $temphash{printmode}; + $self->{OUT} = $temphash{out}; + $self->{printmode} = $temphash{printmode} if $temphash{printmode}; unless ( open( IN, '<', $self->{tmpfile} ) ) { $err = $!; @@ -1040,6 +1045,7 @@ sub parse_template { $self->cleanup; $self->error("$self->{OUT} : $err"); } + chmod( 0600, "$self->{OUT}" ); } else { @@ -1339,8 +1345,6 @@ sub add_date { my ( $self, $myconfig, $date, $repeat, $unit ) = @_; - use Time::Local; - my $diff = 0; my $spc = $myconfig->{dateformat}; $spc =~ s/\w//g; @@ -1435,6 +1439,16 @@ qq|<button class="submit" type="submit" name="action" value="$name" accesskey="$ sub db_init { my ( $self, $myconfig ) = @_; $self->{dbh} = $self->dbconnect_noauto($myconfig) || $self->dberror(); + %date_query = ( + 'mm/dd/yy' => 'set DateStyle to \'SQL, US\'', + 'mm-dd-yy' => 'set DateStyle to \'POSTGRES, US\'', + 'dd/mm/yy' => 'set DateStyle to \'SQL, EUROPEAN\'', + 'dd-mm-yy' => 'set DateStyle to \'POSTGRES, EUROPEAN\'', + 'dd.mm.yy' => 'set DateStyle to \'GERMAN\'' + ); + + $self->{dbh}->do( $date_query{ $myconfig->{dateformat} } ); + $self->{db_dateformat} = $myconfig->{dateformat}; #shim my $query = "SELECT t.extends, coalesce (t.table_name, 'custom_' || extends) @@ -1653,6 +1667,9 @@ sub update_exchangerate { @queryargs = ($sell); } + if ( !$set ) { + $self->error("Exchange rate missing!"); + } if ( $sth->fetchrow_array ) { $query = qq|UPDATE exchangerate SET $set @@ -2326,9 +2343,8 @@ sub lastname_used { my ( $self, $myconfig, $dbh2, $vc, $module ) = @_; - $vc ||= $self->{vc}; my $dbh = $self->{dbh}; - + $vc ||= $self->{vc}; # add default to correct for improper passing my $arap = ( $vc eq 'customer' ) ? "ar" : "ap"; my $where = "1 = 1"; my $sth; @@ -2395,8 +2411,8 @@ sub current_date { $dateformat = 'yyyymmdd'; } - $query = qq|SELECT to_date(?, ?) - + ?::interval AS thisdate|; + $query = qq|SELECT (to_date(?, ?) + + ?::interval)::date AS thisdate|; @queryargs = ( $thisdate, $dateformat, $days ); } @@ -2415,6 +2431,7 @@ sub current_date { sub like { my ( $self, $str ) = @_; + "%$str%"; } @@ -2523,7 +2540,9 @@ sub update_status { my %queued = split / +/, $self->{queued}; my $spoolfile = - ( $queued{ $self->{formname} } ) ? "'$queued{$self->{formname}}'" : undef; + ( $queued{ $self->{formname} } ) + ? "'$queued{$self->{formname}}'" + : 'NULL'; my $query = qq|DELETE FROM status WHERE formname = ? @@ -2706,9 +2725,10 @@ sub save_recurring { $s{print}, $s{email}, $s{message} ) = split /,/, $self->{recurring}; - if ( $s{howmany} == 0 ) { + if ($s{howmany} == 0){ $self->error("Cannot set to recur 0 times"); } + for (qw(reference message)) { $s{$_} = $self->unescape( $s{$_} ) } for (qw(repeat howmany payment)) { $s{$_} *= 1 } @@ -2840,7 +2860,7 @@ sub save_intnotes { # no id return return unless $self->{id}; - my $dbh = $self->dbconnect($myconfig); + my $dbh = $self->{dbh}; my $query = qq|UPDATE $vc SET intnotes = ? WHERE id = ?|; @@ -3093,6 +3113,24 @@ sub split_date { ( $rv, $yy, $mm, $dd ); } +sub format_date { + + # takes an iso date in, and converts it to the date for printing + my ( $self, $date ) = @_; + my $datestring; + if ( $date =~ /^\d{4}\D/ ) { # is an ISO date + $datestring = $self->{db_dateformat}; + my ( $yyyy, $mm, $dd ) = split( /\W/, $date ); + $datestring =~ s/y+/$yyyy/; + $datestring =~ s/mm/$mm/; + $datestring =~ s/dd/$dd/; + } + else { # return date + $datestring = $date; + } + $datestring; +} + sub from_to { my ( $self, $yyyy, $mm, $interval ) = @_; diff --git a/LedgerSMB/IC.pm b/LedgerSMB/IC.pm index 943f6b36..89f7d1cd 100644 --- a/LedgerSMB/IC.pm +++ b/LedgerSMB/IC.pm @@ -485,8 +485,8 @@ sub save { if ( $form->{"id_$i"} && $form->{"qty_$i"} ) { $sth->execute( - $form->{id}, $form->{"id_$i"}, - $form->{"qty_$i"}, $form->{"bom_$i"}, + $form->{id}, $form->{"id_$i"}, + $form->{"qty_$i"}, $form->{"bom_$i"} || 0, $form->{"adj_$i"} ) || $form->dberror($query); } @@ -603,24 +603,22 @@ sub update_assembly { } $sth->finish; $qty = $dbh->quote($qty); - $formlistprice = $dbh->quote($formlistprice); - $listprice = $dbh->quote($listprice); - $formsellprice = $dbh->quote($formsellprice); - $formlastcost = $dbh->quote( $form->{lastcost} ); - $lastcost = $dbh->quote($lastcost); - $weight = $dbh->quote($weight); + $formlistprice = $dbh->quote( $formlistprice - $listprice ); + $formsellprice = $dbh->quote( $formsellprice - $sellprice ); + $formlastcost = $dbh->quote( $form->{lastcost} - $lastcost ); + $weight = $dbh->quote( $form->{weight} - $weight ); $id = $dbh->quote($id); $query = qq| UPDATE parts SET listprice = listprice + - $qty * ($formlistprice - $listprice), + $qty * cast($formlistprice AS numeric), sellprice = sellprice + - $qty * ($formsellprice - $sellprice), + $qty * cast($formsellprice AS numeric), lastcost = lastcost + - $qty * ($form->{lastcost} - $lastcost), + $qty * cast($formlastcost AS numeric), weight = weight + - $qty * ($form->{weight} - $weight) + $qty * cast($weight AS numeric) WHERE id = $id|; $dbh->do($query) || $form->dberror($query); diff --git a/LedgerSMB/IR.pm b/LedgerSMB/IR.pm index 1dab91d7..8523b870 100644 --- a/LedgerSMB/IR.pm +++ b/LedgerSMB/IR.pm @@ -213,7 +213,11 @@ sub post_invoice { my $linetotal = $form->round_amount( $amount, 2 ); $fxdiff += $amount - $linetotal; - @taxaccounts = Tax::init_taxes( $form, $form->{"taxaccounts_$i"} ); + @taxaccounts = Tax::init_taxes( + $form, + $form->{"taxaccounts_$i"}, + $form->{'taxaccounts'} + ); $tax = Math::BigFloat->bzero(); $fxtax = Math::BigFloat->bzero(); @@ -265,8 +269,6 @@ sub post_invoice { WHERE description = '$uid'|; ($invoice_id) = $dbh->selectrow_array($query); - $form->debug; - $query = qq| UPDATE invoice SET trans_id = ?, @@ -721,8 +723,6 @@ sub post_invoice { $form->audittrail( $dbh, "", \%audittrail ); - my $rc = $dbh->commit; - foreach $item ( keys %updparts ) { $item = $dbh->quote($item); $query = qq| @@ -731,8 +731,8 @@ sub post_invoice { lastcost = lastcost($item) WHERE id = $item|; $dbh->prepare($query) || $form->dberror($query); - $dbh->commit; } + my $rc = $dbh->commit; $rc; @@ -1244,7 +1244,6 @@ sub retrieve_item { } $sth->finish; - $dbh->commit; } @@ -1321,7 +1320,6 @@ sub vendor_details { } $sth->finish; - $dbh->commit; } diff --git a/LedgerSMB/IS.pm b/LedgerSMB/IS.pm index be4cbcb1..13f83793 100644 --- a/LedgerSMB/IS.pm +++ b/LedgerSMB/IS.pm @@ -333,7 +333,6 @@ sub invoice_details { ? $form->format_amount( $myconfig, $discount * -1, $decimalplaces ) : " "; - $linetotal = ($linetotal) ? $linetotal : " "; push( @{ $form->{discount} }, $discount ); push( @@ -348,10 +347,15 @@ sub invoice_details { $form->{"linetotal_$i"} = $form->format_amount( $myconfig, $linetotal, 2 ); + $form->{"linetotal_$i"} = '0.00' unless $form->{"linetotal_$i"}; push( @{ $form->{linetotal} }, $form->{"linetotal_$i"} ); - @taxaccounts = Tax::init_taxes( $form, $form->{"taxaccounts_$i"} ); + @taxaccounts = Tax::init_taxes( + $form, + $form->{"taxaccounts_$i"}, + $form->{"taxaccounts"} + ); my $ml = 1; my @taxrates = (); @@ -598,6 +602,7 @@ sub invoice_details { $form->{$_} = $form->format_amount( $myconfig, $form->{$_} ); } $form->{subtotal} = $form->format_amount( $myconfig, $form->{total}, 2 ); + $form->{subtotal} = '0.00' unless $form->{subtotal}; $form->{invtotal} = ( $form->{taxincluded} ) ? $form->{total} : $form->{total} + $tax; @@ -794,7 +799,6 @@ sub customer_details { for ( keys %$ref ) { $form->{$_} = $ref->{$_} } $sth->finish; - $dbh->commit; } @@ -947,11 +951,14 @@ sub post_invoice { $amount = $fxlinetotal * $form->{exchangerate}; my $linetotal = $form->round_amount( $amount, 2 ); $fxdiff += $amount - $linetotal; - - @taxaccounts = Tax::init_taxes( $form, $form->{"taxaccounts_$i"} ); - $ml = 1; - $tax = 0; - $fxtax = 0; + @taxaccounts = Tax::init_taxes( + $form, + $form->{"taxaccounts_$i"}, + $form->{"taxaccounts"} + ); + $ml = 1; + $tax = Math::BigFloat->bzero(); + $fxtax = Math::BigFloat->bzero(); if ( $form->{taxincluded} ) { $tax += $amount = @@ -964,10 +971,13 @@ sub post_invoice { else { $tax += $amount = Tax::calculate_taxes( \@taxaccounts, $form, $linetotal, 0 ); - $fxtax += Tax::calculate_taxes( \@taxaccounts, $form, $linetotal, 0 ); } + for (@taxaccounts) { + $form->{acc_trans}{ $form->{id} }{ $_->account }{amount} += + $_->value; + } $grossamount = $form->round_amount( $linetotal, 2 ); @@ -1115,7 +1125,6 @@ sub post_invoice { $invnetamount = $amount; $amount = 0; - for ( split / /, $form->{taxaccounts} ) { $amount += $form->{acc_trans}{ $form->{id} }{$_}{amount} = $form->round_amount( $form->{acc_trans}{ $form->{id} }{$_}{amount}, @@ -1400,7 +1409,7 @@ sub post_invoice { $form->{terms}, $form->{notes}, $form->{intnotes}, $form->{taxincluded}, $form->{currency}, $form->{department_id}, - $form->{employee_id}, $till, + $form->{employee_id}, $form->{till}, $form->{language_code}, $form->{ponumber}, $form->{id} ) || $form->dberror($query); @@ -1547,7 +1556,6 @@ sub cogs { $sth->finish; $allocated; - $dbh->commit; } sub reverse_invoice { @@ -1666,7 +1674,7 @@ sub delete_invoice { # delete spool files $query = qq| SELECT spoolfile FROM status - WHERE trans_id = $form->{id} AND spoolfile IS NOT NULL|; + WHERE trans_id = ? AND spoolfile IS NOT NULL|; $sth = $dbh->prepare($query); $sth->execute( $form->{id} ) || $form->dberror($query); @@ -1692,8 +1700,6 @@ sub delete_invoice { } } - $dbh->commit; - $rc; } @@ -1869,8 +1875,7 @@ sub retrieve_item { if ( $form->{"partsgroup_$i"} ne "" ) { ( $null, $var ) = split /--/, $form->{"partsgroup_$i"}; - $var = $dbh->quote($var); - if ( $var == 0 ) { + if ( ! $var ) { # search by partsgroup, this is for the POS $where .= @@ -1878,6 +1883,7 @@ sub retrieve_item { . $dbh->quote( $form->{"partsgroup_$i"} ); } else { + $var = $dbh->quote($var); $where .= qq| AND p.partsgroup_id = $var|; } } @@ -1960,7 +1966,6 @@ sub retrieve_item { } $sth->finish; - $dbh->commit; } diff --git a/LedgerSMB/Locale.pm b/LedgerSMB/Locale.pm index 122794b4..c89fbef0 100644 --- a/LedgerSMB/Locale.pm +++ b/LedgerSMB/Locale.pm @@ -27,6 +27,7 @@ package LedgerSMB::Locale; use base 'Locale::Maketext'; use Locale::Maketext::Lexicon; +use HTML::Entities; use Encode; Locale::Maketext::Lexicon->import( @@ -39,7 +40,7 @@ Locale::Maketext::Lexicon->import( sub text { my ( $self, $text, @params ) = @_; - return $self->maketext( $text, @params ); + return encode_entities( $self->maketext( $text, @params ) ); } ##sub date { @@ -119,10 +120,6 @@ sub date { $mm = substr( "0$mm", -2 ); $longdate = "$yy$spc$mm$spc$dd"; - if ( defined $longformat ) { - $longdate = &text( $self, $longmonth[ --$mm ] ) . " $dd $yy"; - } - } else { @@ -131,10 +128,11 @@ sub date { $mm = substr( "0$mm", -2 ); $longdate = "$mm$spc$dd$spc$yy"; - if ( defined $longformat ) { - $longdate = &text( $self, $longmonth[ --$mm ] ) . " $dd $yy"; - } } + if ( defined $longformat ) { + $longdate = &text( $self, $longmonth[ --$mm ] ) . " $dd $yy"; + } + $longdate; } 1; diff --git a/LedgerSMB/Menu.pm b/LedgerSMB/Menu.pm index d8aad77c..57c83245 100644 --- a/LedgerSMB/Menu.pm +++ b/LedgerSMB/Menu.pm @@ -46,8 +46,15 @@ sub menuitem { my $target = ( $self->{$item}{target} ) ? $self->{$item}{target} : ""; my $level = $form->escape($item); + my $style; + if ( $form->{menubar} ) { + $style = ""; + } + else { + $style = "display:block;"; + } my $str = - qq|<a style="display:block;"| + qq|<a style="$style"| . qq|href="$module?path=$form->{path}&action=$action&| . qq|level=$level&login=$form->{login}&| . qq|timeout=$form->{timeout}&sessionid=$form->{sessionid}| diff --git a/LedgerSMB/OE.pm b/LedgerSMB/OE.pm index 9dc7cea3..ab431769 100644 --- a/LedgerSMB/OE.pm +++ b/LedgerSMB/OE.pm @@ -387,11 +387,9 @@ sub save { my $rowcount = $form->{rowcount}; for my $i ( 1 .. $rowcount ) { - $form->db_prepare_vars( - "orderitems_id_$i", "id_$i", - "description_$i", "project_id_$i", - "ship_$i" - ); + $form->{"ship_$i"} = 0 unless $form->{"ship_$i"}; + $form->db_prepare_vars( "orderitems_id_$i", "id_$i", "description_$i", + "project_id_$i" ); for (qw(qty ship)) { $form->{"${_}_$i"} = @@ -428,7 +426,8 @@ sub save { $form->round_amount( $form->{"sellprice_$i"} * $form->{"qty_$i"}, 2 ); - @taxaccounts = Tax::init_taxes( $form, $form->{"taxaccounts_$i"} ); + @taxaccounts = Tax::init_taxes( $form, $form->{"taxaccounts_$i"}, + $form->{taxaccounts} ); if ( $form->{taxincluded} ) { $taxamount = Tax::calculate_taxes( \@taxaccounts, $form, $linetotal, 1 ); @@ -485,18 +484,11 @@ sub save { # save detail record in orderitems table $query = qq|INSERT INTO orderitems (|; - if ( $form->{"orderitems_id_$i"} ) { - $query .= "id, "; - } $query .= qq| trans_id, parts_id, description, qty, sellprice, discount, unit, reqdate, project_id, ship, serialnumber, notes) VALUES (|; - if ( $form->{"orderitems_id_$i"} ) { - $query .= "?, "; - push @queryargs, $form->{"orderitems_id_$i"}; - } $query .= qq| ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)|; $sth = $dbh->prepare($query); push( @queryargs, @@ -905,7 +897,6 @@ sub retrieve { $form->get_recurring; @queries = $form->run_custom_queries( 'oe', 'SELECT' ); - $form->{dbh}->commit; } else { @@ -1735,8 +1726,6 @@ sub get_warehouses { } $sth->finish; - $dbh->commit; - } sub save_inventory { @@ -1825,11 +1814,11 @@ sub save_inventory { $query = qq| UPDATE orderitems SET - serialnumber = '$serialnumber', - ship = $ship, - reqdate = '$form->{shippingdate}' - WHERE trans_id = $form->{id} - AND id = $form->{"orderitems_id_$i"}|; + serialnumber = ?, + ship = ?, + reqdate = ? + WHERE trans_id = ? + AND id = ?|; $sth2 = $dbh->prepare($query); $sth2->execute( $serialnumber, $ship, $form->{shippingdate}, $form->{id}, $form->{"orderitems_id_$i"} ) @@ -2134,7 +2123,6 @@ sub transfer { } my $rc = $dbh->commit; - $dbh->commit; $rc; @@ -2521,7 +2509,7 @@ sub consolidate_orders { $amount += $ref->{amount}; $netamount += $ref->{netamount}; - $id = $dbh->quore($id); + $id = $dbh->quote($id); foreach $item ( @{ $oe{orderitems}{$curr}{$id} } ) { push @orderitems, $item; @@ -2562,33 +2550,24 @@ sub consolidate_orders { UPDATE oe SET ordnumber = | . $dbh->quote($ordnumber) . qq|, transdate = current_date, - vendor_id = ?, - customer_id = ?, - amount = ?, - netamount = ?, - reqdate = ?, - taxincluded = ?, - shippingpoint = ?, - notes = ?, - curr = ?, - employee_id = ?, - intnotes = ?, - shipvia = ?, - language_code = ?, - ponumber = ?, - department_id = ? - WHERE id = ?|; + vendor_id = $form->{vendor_id}, + customer_id = $form->{customer_id}, + amount = $amount, + netamount = $netamount, + reqdate = | . $form->dbquote( $ref->{reqdate}, SQL_DATE ) . qq|, + taxincluded = '$ref->{taxincluded}', + shippingpoint = | . $dbh->quote( $ref->{shippingpoint} ) . qq|, + notes = | . $dbh->quote( $ref->{notes} ) . qq|, + curr = '$curr', + employee_id = $ref->{employee_id}, + intnotes = | . $dbh->quote( $ref->{intnotes} ) . qq|, + shipvia = | . $dbh->quote( $ref->{shipvia} ) . qq|, + language_code = '$ref->{language_code}', + ponumber = | . $dbh->quote( $form->{ponumber} ) . qq|, + department_id = $department_id + WHERE id = $id|; $sth = $dbh->prepare($query); - $sth->execute( - $form->{vendor_id}, $form->{customer_id}, - $amount, $netamount, - $form->{reqdate}, $form->{taxincluded}, - $form->{shippingpoint}, $form->{notes}, - $curr, $ref->{employee_id}, - $form->{intnotes}, $form->{shipvia}, - $ref->{language_code}, $form->{po_number}, - $department_id, $id - ) || $form->dberror($query); + $sth->execute() || $form->dberror($query); # add items foreach $item (@orderitems) { diff --git a/LedgerSMB/Sysconfig.pm b/LedgerSMB/Sysconfig.pm index 361f3c6b..f8e1145f 100644 --- a/LedgerSMB/Sysconfig.pm +++ b/LedgerSMB/Sysconfig.pm @@ -1,6 +1,6 @@ # This is the new configuration file for LedgerSMB. Eventually all system # configuration directives will go here, This will probably not fully replace -# the ledger-smb.conf until 1.3, however. +# the ledgersmb.conf until 1.3, however. package LedgerSMB::Sysconfig; @@ -8,8 +8,6 @@ use LedgerSMB::Form; use Config::Std; use DBI qw(:sql_types); -binmode STDOUT, ':utf8'; - # For Win32, change $pathsep to ';'; $pathsep = ':'; @@ -38,12 +36,15 @@ $spool = "spool"; # path to user configuration files $userspath = "users"; -# images base directory -$images = "images"; - # templates base directory $templates = "templates"; +# Temporary files stored at" +$tempdir = ( $ENV{TEMP} || '/tmp' ); + +# Backup path +$backuppath = $tempdir; + # member file $memberfile = "users/members"; diff --git a/LedgerSMB/Tax.pm b/LedgerSMB/Tax.pm index edf3bccc..01bff4d4 100644 --- a/LedgerSMB/Tax.pm +++ b/LedgerSMB/Tax.pm @@ -30,10 +30,20 @@ package Tax; use Math::BigFloat; sub init_taxes { - my ( $form, $taxaccounts ) = @_; + my ( $form, $taxaccounts, $taxaccounts2 ) = @_; my $dbh = $form->{dbh}; @taxes = (); my @accounts = split / /, $taxaccounts; + if ( defined $taxaccounts2 ) { + my @tmpaccounts = @accounts; + $#accounts = -1; + for my $acct ( split / /, $taxaccounts2 ) { + if ( $taxaccounts =~ /\b$acct\b/ ) { + push @accounts, $acct; + } + } + + } my $query = qq|SELECT t.taxnumber, c.description, t.rate, t.chart_id, t.pass, m.taxmodulename FROM tax t INNER JOIN chart c ON (t.chart_id = c.id) @@ -41,6 +51,10 @@ sub init_taxes { WHERE c.accno = ?|; my $sth = $dbh->prepare($query); foreach $taxaccount (@accounts) { + next if ( !defined $taxaccount ); + if ( defined $taxaccounts2 ) { + next if $taxaccounts2 !~ /\b$taxaccount\b/; + } $sth->execute($taxaccount) || $form->dberror($query); my $ref = $sth->fetchrow_hashref; diff --git a/LedgerSMB/User.pm b/LedgerSMB/User.pm index 914bdfb9..c24eb98f 100644 --- a/LedgerSMB/User.pm +++ b/LedgerSMB/User.pm @@ -121,47 +121,51 @@ sub fetch_config { my ( $self, $login ) = @_; - if ( $login ne "" ) { + if ( !$login ) { + &error( $self, "Access Denied" ); + } - # use central db - my $dbh = ${LedgerSMB::Sysconfig::GLOBALDBH}; + # use central db + my $dbh = ${LedgerSMB::Sysconfig::GLOBALDBH}; - # for now, this is querying the table directly... ugly - my $fetchUserPrefs = $dbh->prepare( - "SELECT acs, address, businessnumber, - company, countrycode, currency, - dateformat, dbdriver, dbhost, dbname, - dboptions, dbpasswd, dbport, dbuser, - email, fax, menuwidth, name, numberformat, - password, print, printer, role, sid, - signature, stylesheet, tel, templates, - timeout, vclimit, u.username - FROM users_conf as uc, users as u - WHERE u.username = ? - AND u.id = uc.id;" - ); + # for now, this is querying the table directly... ugly + my $fetchUserPrefs = $dbh->prepare( + "SELECT acs, address, businessnumber, + company, countrycode, currency, + dateformat, dbdriver, dbhost, dbname, + dboptions, dbpasswd, dbport, dbuser, + email, fax, menuwidth, name, numberformat, + password, print, printer, role, sid, + signature, stylesheet, tel, templates, + timeout, vclimit, u.username + FROM users_conf as uc, users as u + WHERE u.username = ? + AND u.id = uc.id;" + ); - $fetchUserPrefs->execute($login); + $fetchUserPrefs->execute($login); - my $userHashRef = $fetchUserPrefs->fetchrow_hashref; + my $userHashRef = $fetchUserPrefs->fetchrow_hashref; + if ( !$userHashRef ) { + &error( $self, "Access Denied" ); + } - while ( my ( $key, $value ) = each( %{$userHashRef} ) ) { - $myconfig{$key} = $value; - } + while ( my ( $key, $value ) = each( %{$userHashRef} ) ) { + $myconfig{$key} = $value; + } - chomp( $myconfig{'dbport'} ); - chomp( $myconfig{'dbname'} ); - chomp( $myconfig{'dbhost'} ); + chomp( $myconfig{'dbport'} ); + chomp( $myconfig{'dbname'} ); + chomp( $myconfig{'dbhost'} ); - $myconfig{'login'} = $login; - $myconfig{'dbconnect'} = - 'dbi:Pg:dbname=' - . $myconfig{'dbname'} - . ';host=' - . $myconfig{'dbhost'} - . ';port=' - . $myconfig{'dbport'}; - } + $myconfig{'login'} = $login; + $myconfig{'dbconnect'} = + 'dbi:Pg:dbname=' + . $myconfig{'dbname'} + . ';host=' + . $myconfig{'dbhost'} + . ';port=' + . $myconfig{'dbport'}; return \%myconfig; } @@ -447,7 +451,7 @@ sub process_query { $ENV{PGUSER} = $form->{dbuser}; $ENV{PGDATABASE} = $form->{db}; $ENV{PGHOST} = $form->{dbhost}; - $ENV{PGPORT} = $form->{pgport}; + $ENV{PGPORT} = $form->{dbport}; $results = `psql -f $filename 2>&1`; if ($?) { @@ -117,6 +117,14 @@ sub display_form { } sub create_links { + if ( $form->{script} eq 'ap.pl' ) { + $form->{ARAP} = 'AP'; + $form->{vc} = 'vendor'; + } + elsif ( $form->{script} eq 'ar.pl' ) { + $form->{ARAP} = 'AR'; + $form->{vc} = 'customer'; + } $form->create_links( $form->{ARAP}, \%myconfig, $form->{vc} ); @@ -1481,13 +1489,12 @@ qq|<input name="l_transdate" class=checkbox type=checkbox value=Y checked> | } sub transactions { - if ( $form->{ $form->{vc} } ) { $form->{ $form->{vc} } = $form->unescape( $form->{ $form->{vc} } ); ( $form->{ $form->{vc} }, $form->{"$form->{vc}_id"} ) = split( /--/, $form->{ $form->{vc} } ); } - + my @column_index; AA->transactions( \%myconfig, \%$form ); $href = "$form->{script}?action=transactions"; @@ -1640,7 +1647,6 @@ sub transactions { $href .= "&l_$item=Y"; } } - if ( !$form->{summary} ) { foreach $item (qw(source debit credit accno description projectnumber)) { diff --git a/bin/admin.pl b/bin/admin.pl index 2754dac4..187235b3 100644 --- a/bin/admin.pl +++ b/bin/admin.pl @@ -155,7 +155,7 @@ sub login { } sub logout { - + $form->{login} = 'admin'; $form->{callback} = "admin.pl?action=adminlogin"; Session::session_destroy($form); $form->redirect( $locale->text('You are logged out') ); @@ -224,11 +224,13 @@ sub list_users { my $dbh = ${LedgerSMB::Sysconfig::GLOBALDBH}; my $fetchMembers = $dbh->selectall_arrayref( -"SELECT uc.name, uc.company, uc.templates, uc.dbuser, uc.dbdriver, uc.dbname, uc.dbhost, u.username - FROM users as u, users_conf as uc - WHERE u.id = uc.id - AND u.id > 1 - ORDER BY u.username;", { Slice => {} } + "SELECT uc.name, uc.company, uc.templates, + uc.dbuser, uc.dbdriver, uc.dbname, + uc.dbhost, u.username + FROM users as u, users_conf as uc + WHERE u.id = uc.id + AND u.id > 1 + ORDER BY u.username;", { Slice => {} } ); my @memberArray = (); @@ -327,7 +329,6 @@ sub list_users { . qq|</button> $dbdrivers - $nologin <button type="submit" class="submit" name="action" value="logout">| . $locale->text('Logout') @@ -407,7 +408,7 @@ sub form_header { opendir TEMPLATEDIR, "${LedgerSMB::Sysconfig::templates}/." or $form->error( __FILE__ . ':' . __LINE__ . ': ' . "$templates : $!" ); - @all = grep !/(^\.\.?|^\.svn)/, readdir TEMPLATEDIR; + @all = grep !/(^\.\.?$|^\.svn)/, readdir TEMPLATEDIR; closedir TEMPLATEDIR; @allhtml = sort grep /\.html/, @all; @@ -820,8 +821,7 @@ sub save { $form->{templates} = "${LedgerSMB::Sysconfig::templates}/$form->{templates}"; - $myconfig = LedgerSMB::User->new( "${LedgerSMB::Sysconfig::memberfile}", - "$form->{login}" ); + $myconfig = LedgerSMB::User->new("$form->{login}"); # redo acs variable and delete all the acs codes @acs = split /;/, $form->{acs}; @@ -1044,7 +1044,8 @@ sub check_password { exit; } else { - Session::session_create($root); + $form->{login} = 'admin'; + Session::session_create($form); } } else { @@ -1323,107 +1324,6 @@ sub dbcreate { |; } -sub delete_dataset { - - if ( @dbsources = LedgerSMB::User->dbsources_unused( \%$form ) ) { - - foreach $item ( sort @dbsources ) { - $dbsources .= -qq|<input name="db" class="radio" type="radio" value="$item" /> $item |; - } - - } - else { - $form->error( __FILE__ . ':' . __LINE__ . ': ' - . $locale->text('Nothing to delete!') ); - } - - $form->{title} = - "LedgerSMB " - . $locale->text('Accounting') . " " - . $locale->text('Database Administration') . " / " - . $locale->text('Delete Dataset'); - - $form->{login} = "admin"; - $form->header; - - print qq| - <body class="admin"> - <h2>$form->{title}</h2> - <form method="post" action="$form->{script}" /> - <input type="hidden" name="dbdriver" value="$form->{dbdriver}" /> - <input type="hidden" name="dbuser" value="$form->{dbuser}" /> - <input type="hidden" name="dbhost" value="$form->{dbhost}" /> - <input type="hidden" name="dbport" value="$form->{dbport}" /> - <input type="hidden" name="dbpasswd" value="$form->{dbpasswd}" /> - <input type="hidden" name="dbdefault" value="$form->{dbdefault}" /> - <input name=callback type="hidden" value="$form->{script}?action=list_users&path=$form->{path}"> - <input type="hidden" name="path" value="$form->{path}" /> - <input type="hidden" name="nextsub" value="dbdelete" /> - <table width="100%"> - <tr class="listheading"> - <th>| - . $locale->text( - 'The following Datasets are not in use and can be deleted') - . qq|</th> - </tr> - <tr> - <td> - $dbsources - </td> - </tr> - <tr> - <td> - <hr size="3" noshade /> - <br /> - <button type="submit" class="submit" name="action" value="continue">| - . $locale->text('Continue') - . qq|</button> - </td> - </tr> - </table> - </form> - </body> - </html> - |; - -} - -sub dbdelete { - - if ( !$form->{db} ) { - $form->error( __FILE__ . ':' . __LINE__ . ': ' - . $locale->text('No Dataset selected!') ); - } - - LedgerSMB::User->dbdelete( \%$form ); - - $form->{title} = - "LedgerSMB " - . $locale->text('Accounting') . " " - . $locale->text('Database Administration') . " / " - . $locale->text('Delete Dataset'); - - $form->{login} = "admin"; - $form->header; - - print qq| - <body class="admin"> - <center> - <h2>$form->{title}</h2> - $form->{db} | . $locale->text('successfully deleted!') . qq| - <form method="post" action="$form->{script}" /> - <input type="hidden" name="path" value="$form->{path}" /> - <input type="hidden" name="nextsub" value="list_users" /> - <p><button type="submit" class="submit" name="action" value="continue">| - . $locale->text('Continue') - . qq|</button></p> - </form> - </body> - </html> - |; -} - sub unlock_system { # This needs to be done with a db tool @@ -1527,7 +1527,7 @@ sub save_language { foreach $file (@templates) { if ( -f "$myconfig{templates}/$file" ) { - open( TEMP, '<', "$myconfig{templates}/$file" ) + open( TEMP, '<,', "$myconfig{templates}/$file" ) or $form->error("$myconfig{templates}/$file : $!"); open( NEW, '>', "$myconfig{templates}/$form->{code}/$file" ) @@ -2291,9 +2291,9 @@ sub config { <form method=post action=$form->{script}> -<input type=hidden name=old_password value=$myconfig{password}> +<input type=hidden name=old_password value="$myconfig{password}"> <input type=hidden name=type value=preferences> -<input type=hidden name=role value=$myconfig{role}> +<input type=hidden name=role value="$myconfig{role}"> <table width=100%> <tr><th class=listtop>$form->{title}</th></tr> @@ -2337,7 +2337,7 @@ sub config { <table> <tr> <th align="right">| . $locale->text('Password') . qq|</th> - <td><input type=password name=new_password size=10 value=$myconfig{password}></td> + <td><input type=password name=new_password size=10 value="$myconfig{password}"></td> </tr> <tr> <th align="right">| . $locale->text('Confirm') . qq|</th> diff --git a/bin/arapprn.pl b/bin/arapprn.pl index ceae64be..223518d0 100644 --- a/bin/arapprn.pl +++ b/bin/arapprn.pl @@ -256,9 +256,8 @@ sub print_check { %queued = split / /, $form->{queued}; - $form->{OUT} = "| ${LedgerSMB::Sysconfig::printer}{$form->{media}}"; + $form->{OUT} = ${LedgerSMB::Sysconfig::printer}{ $form->{media} }; $form->{printmode} = '|-'; - if ( $form->{printed} !~ /$form->{formname}/ ) { $form->{printed} .= " $form->{formname}"; @@ -381,7 +380,6 @@ sub print_transaction { $form->parse_amount( \%myconfig, $form->{"amount_$i"} ); } - foreach $accno ( split / /, $form->{taxaccounts} ) { if ( $form->{"tax_$accno"} ) { $form->format_string("${accno}_description"); @@ -530,7 +528,7 @@ sub print_transaction { } if ( $form->{media} !~ /(queue|screen)/ ) { - $form->{OUT} = "${LedgerSMB::Sysconfig::printer}{$form->{media}}"; + $form->{OUT} = ${LedgerSMB::Sysconfig::printer}{ $form->{media} }; $form->{printmode} = '|-'; if ( $form->{printed} !~ /$form->{formname}/ ) { @@ -45,9 +45,6 @@ # #====================================================================== -use Error qw(:try); - -use LedgerSMB::Template; use LedgerSMB::CP; use LedgerSMB::OP; use LedgerSMB::IS; @@ -59,6 +56,12 @@ require "bin/arap.pl"; # end of main +# This may need to get more sophisticated in the future +# Anyway, it provides one point of control for date handling. +sub default_date { + $form->{date} ||= 'current_date'; +} + sub payment { if ( $form->{type} eq 'receipt' ) { @@ -420,12 +423,13 @@ sub invoices_due { $totalamount += $form->{"amount_$i"}; $totaldue += $form->{"due_$i"}; - if ( $form->{"paid_$i"} !~ /NaN/ ) { - $totalpaid += $form->{"paid_$i"}; + if ( $form->{"paid_$i"} =~ /NaN/ ) { + $form->{"paid_$i"} = ''; } else { - $form->{"paid_$i"} = ''; + $totalpaid += $form->{"paid_$i"}; } + for (qw(amount due paid)) { $form->{"${_}_$i"} = $form->format_amount( \%myconfig, $form->{"${_}_$i"}, 2 ); @@ -441,6 +445,9 @@ sub invoices_due { $column_data{due} = qq|<td align=right>$form->{"due_$i"}</td> <input type=hidden name="due_$i" value=$form->{"due_$i"}>|; + if ( $form->{"paid_$i"} =~ /NaN/ ) { + $form->{"paid_$i"} = ''; + } $column_data{paid} = qq|<td align=right><input name="paid_$i" size=10 value=$form->{"paid_$i"}></td>|; @@ -1147,10 +1154,7 @@ sub list_invoices { $totalamount += $form->{"amount_$i"}; $totaldue += $form->{"due_$i"}; - if ( $form->{"paid_$i"} =~ /NaN/ ) { - $form->{"paid_$i"} = ''; - } - else { + if ( $form->{"paid_$i"} !~ /NaN/ ) { $totalpaid += $form->{"paid_$i"}; } @@ -1170,6 +1174,10 @@ sub list_invoices { $column_data{due} = qq|<td align=right width=15%>$form->{"due_$i"}</td> <input type=hidden name="due_$i" value=$form->{"due_$i"}>|; + if ( $form->{"paid_$i"} =~ /NaN/ ) { + $form->{"paid_$i"} = ''; + } + $column_data{paid} = qq|<td align=right width=15%><input name="paid_$i" size=10 value=$form->{"paid_$i"}></td>|; @@ -1307,7 +1315,10 @@ sub payment_footer { } -sub post { &{"post_$form->{payment}"} } +sub post { + &default_date; + &{"post_$form->{payment}"}; +} sub post_payments { @@ -1533,7 +1544,6 @@ sub check_form { $form->error( $locale->text('Cannot post payment for a closed period!') ) if ( $datepaid <= $closedto ); - # this is just to format the year $form->{datepaid} = $locale->date( \%myconfig, $form->{datepaid} ); $amount = $form->parse_amount( \%myconfig, $form->{amount} ); @@ -3642,8 +3642,8 @@ sub save { $form->{"${_}_base"} += $amount; } if ( !$form->{taxincluded} ) { - my @taxlist = - Tax::init_taxes( $form, $form->{"taxaccounts_$i"} ); + my @taxlist = Tax::init_taxes( $form, $form->{"taxaccounts_$i"}, + $form->{taxaccounts} ); $amount += Tax::calculate_taxes( \@taxlist, $form, $amount, 0 ); } @@ -576,7 +576,7 @@ sub item_selected { $form->{"${_}_$i"} = $form->{"new_${_}_$j"}; } $form->{"sellprice_$i"} = $form->{"new_sellprice_$j"} - unless $form->{"sellprice_$i"}; + if not $form->{"sellprice_$i"}; $form->{"partsgroup_$i"} = qq|$form->{"new_partsgroup_$j"}--$form->{"new_partsgroup_id_$j"}|; @@ -622,8 +622,8 @@ sub item_selected { $form->{"${_}_base"} += $amount; } if ( !$form->{taxincluded} ) { - my @taxlist = - Tax::init_taxes( $form, $form->{"taxaccounts_$i"} ); + my @taxlist = Tax::init_taxes( $form, $form->{"taxaccounts_$i"}, + $form->{taxaccounts} ); $amount += Tax::calculate_taxes( \@taxlist, $form, $amount, 0 ); } @@ -696,7 +696,7 @@ sub new_item { } $i = $form->{rowcount}; - for (qw(partnumber description sellprice unit)) { + for (qw(partnumber description)) { $form->{"${_}_$i"} = $form->quote( $form->{"${_}_$i"} ); } @@ -1366,8 +1366,8 @@ sub print_options { <input name=grouppartsgroup type=checkbox class=checkbox $form->{grouppartsgroup}> | . $locale->text('Group') . qq| </td> - </tr> + <tr> <td colspan=6>| . $locale->text('Sort by') . qq| -> <input name=sortby type=radio class=radio value=runningnumber $sortby{runningnumber}> @@ -1404,7 +1404,6 @@ sub print { sub print_form { my ($old_form) = @_; - $inv = "inv"; $due = "due"; @@ -1569,7 +1568,6 @@ sub print_form { else { IS->invoice_details( \%myconfig, \%$form ); } - if ( exists $form->{longformat} ) { $form->{"${due}date"} = $duedate; for ( "${inv}date", "${due}date", "shippingdate", "transdate" ) { @@ -1640,9 +1638,8 @@ sub print_form { $form->{pre} = "<body bgcolor=#ffffff>\n<pre>" if $form->{format} eq 'txt'; if ( $form->{media} !~ /(screen|queue|email)/ ) { - $form->{OUT} = "${LedgerSMB::SysConfig::printer}{$form->{media}}"; + $form->{OUT} = ${LedgerSMB::Sysconfig::printer}{ $form->{media} }; $form->{printmode} = '|-'; - $form->{OUT} =~ s/<%(fax)%>/<%$form->{vc}$1%>/; $form->{OUT} =~ s/<%(.*?)%>/$form->{$1}/g; @@ -484,12 +484,13 @@ qq|<textarea name=intnotes rows=$rows cols=35 wrap=soft>$form->{intnotes}</texta if ( !$form->{taxincluded} ) { my @taxset = Tax::init_taxes( $form, $form->{taxaccounts} ); - $form->{invtotal} += - $form->round_amount( - Tax::calculate_taxes( \@taxset, $form, $form->{invsubtotal}, 0 ), - 2 ); foreach $taxobj (@taxset) { $item = $taxobj->account; + $form->{invtotal} += $form->round_amount( + $form->{"${item}_rate"} * $form->{"${item}_base"}, 2); + $form->{"${item}_total"} = + $form->format_amount( \%myconfig, + $form->{"${item}_rate"} * $form->{"${item}_base"}, 2 ); if ( $form->{"${item}_base"} ) { $form->{"${item}_total"} = $form->format_amount( \%myconfig, @@ -692,9 +693,12 @@ qq|<td align=center><input name="memo_$i" size=11 value="$form->{"memo_$i"}"></t else { if ( $transdate > $closedto ) { - for ( 'update', 'post', 'schedule' ) { $a{$_} = 1 } + for ( 'update', 'post', 'schedule' ) { $allowed{$_} = 1 } + for ( keys %button ) { delete $button{$_} if !$allowed{$_} } + } + elsif ($closedto) { + %buttons = (); } - for ( keys %button ) { delete $button{$_} if !$a{$_} } } for ( sort { $button{$a}->{ndx} <=> $button{$b}->{ndx} } keys %button ) @@ -963,8 +967,11 @@ sub update { $form->{"${_}_base"} += $amount; } if ( !$form->{taxincluded} ) { - my @taxes = - Tax::init_taxes( $form, $form->{"taxaccounts_$i"} ); + my @taxes = Tax::init_taxes( + $form, + $form->{"taxaccounts_$i"}, + $form->{"taxaccounts"} + ); $amount += ( Tax::calculate_taxes( \@taxes, $form, $amount, 0 ) ); } @@ -539,20 +539,20 @@ qq|<textarea name=intnotes rows=$rows cols=35 wrap=soft>$form->{intnotes}</texta } if ( !$form->{taxincluded} ) { - my @taxes = Tax::init_taxes( $form, $form->{taxaccounts} ); - $form->{invtotal} += - Tax::calculate_taxes( \@taxes, $form, $form->{invsubtotal}, 0 ); foreach $item (@taxes) { my $taccno = $item->account; + $form->{invtotal} += $form->round_amount( + $form->{"${taccno}_rate"} * $form->{"${taccno}_base"}, 2); $form->{"${taccno}_total"} = - $form->format_amount( \%myconfig, $item->value, 2 ); + $form->format_amount( \%myconfig, + $form->{"${taccno}_rate"} * $form->{"${taccno}_base"}, 2 ); $tax .= qq| <tr> <th align=right>$form->{"${taccno}_description"}</th> <td align=right>$form->{"${taccno}_total"}</td> </tr> - | if $item->value; + | if $form->{"${taccno}_base"}; } $form->{invsubtotal} = @@ -777,12 +777,15 @@ qq|<td align=center><input name="memo_$i" size=11 value="$form->{"memo_$i"}"></t for ( "update", "ship_to", "print", "e_mail", "post", "schedule" ) { - $a{$_} = 1; + $allowed{$_} = 1; } $a{'print_and_post'} = 1 if ${LedgerSMB::Sysconfig::latex}; + for ( keys %button ) { delete $button{$_} if !$allowed{$_} } + } + elsif ($closedto) { + %button = (); } - for ( keys %button ) { delete $button{$_} if !$a{$_} } } for ( sort { $button{$a}->{ndx} <=> $button{$b}->{ndx} } keys %button ) @@ -988,7 +991,8 @@ sub update { } if ( !$form->{taxincluded} ) { my @taxes = - Tax::init_taxes( $form, $form->{"taxaccounts_$i"} ); + Tax::init_taxes( $form, $form->{"taxaccounts_$i"}, + $form->{taxaccounts} ); $amount += Tax::calculate_taxes( \@taxes, $form, $amount, 0 ); } @@ -2144,7 +2144,7 @@ qq|$form->{"${item}hour"}:$form->{"${item}min"}:$form->{"${item}sec"}|; } if ( $form->{media} !~ /(screen|queue)/ ) { - $form->{OUT} = "${LedgerSMB::Sysconfig::printer}{$form->{media}}"; + $form->{OUT} = ${LedgerSMB::Sysconfig::printer}{ $form->{media} }; $form->{printmode} = '|-'; if ( $form->{printed} !~ /$form->{formname}/ ) { @@ -2205,21 +2205,6 @@ qq|$form->{"${item}hour"}:$form->{"${item}min"}:$form->{"${item}sec"}|; $form->audittrail( "", \%myconfig, \%audittrail ); } - if ( ( $form->{'media'} eq 'screen' ) and ( $form->{'format'} eq 'html' ) ) - { - my $template = - LedgerSMB::Template->new( \%myconfig, $form->{'formname'}, 'HTML' ); - try { - $template->render($form); - $form->header; - print $template->{'output'}; - exit; - } - catch Error::Simple with { - my $E = shift; - $form->error( $E->stacktrace ); - }; - } $form->parse_template( \%myconfig, ${LedgerSMB::Sysconfig::userspath} ); if ( defined %$old_form ) { diff --git a/bin/login.pl b/bin/login.pl index b9cfd65c..3d0e99b7 100644 --- a/bin/login.pl +++ b/bin/login.pl @@ -59,12 +59,6 @@ if ( -f "bin/custom/$form->{script}" ) { $form->error( __FILE__ . ':' . __LINE__ . ': ' . $@ ) if ($@); } -# per login customization -if ( -f "bin/custom/$form->{login}_$form->{script}" ) { - eval { require "bin/custom/$form->{login}_$form->{script}"; }; - $form->error( __FILE__ . ':' . __LINE__ . ': ' . $@ ) if ($@); -} - # window title bar, user info $form->{titlebar} = "LedgerSMB " . $locale->text('Version') . " $form->{version}"; @@ -682,19 +682,20 @@ qq|<textarea name=intnotes rows=$rows cols=35 wrap=soft>$form->{intnotes}</texta if ( !$form->{taxincluded} ) { my @taxes = Tax::init_taxes( $form, $form->{taxaccounts} ); - $form->{invtotal} += - Tax::calculate_taxes( \@taxes, $form, $form->{invsubtotal}, 0 ); foreach my $item (@taxes) { my $taccno = $item->account; + $form->{invtotal} += $form->round_amount( + $form->{"${taccno}_rate"} * $form->{"${taccno}_base"}, 2); $form->{"${taccno}_total"} = - $form->format_amount( \%myconfig, $item->value, 2 ); + $form->format_amount( \%myconfig, + $form->{"${taccno}_rate"} * $form->{"${taccno}_base"}, 2 ); $tax .= qq| <tr> <th align=right>$form->{"${taccno}_description"}</th> <td align=right>$form->{"${taccno}_total"}</td> </tr> - | if $item->value; + | if $form->{"${taccno}_base"}; } $form->{invsubtotal} = @@ -127,18 +127,19 @@ sub add { } sub openinvoices { - undef $column_data; - undef $column_heading; + undef %column_data; + undef %column_heading; + $form->{customer} = ""; + $form->{customer_id} = 0; + delete $form->{l_subtotal}; + delete $form->{subtotal}; $ENV{REMOTE_ADDR} =~ /(\d+)\.(\d+)\.(\d+)\.(\d+)/; $form->{till} = $4; $form->{sort} = 'transdate'; - for ( - qw(open l_invnumber l_transdate l_name l_amount l_curr l_till l_subtotal) - ) - { + for (qw(open l_invnumber l_transdate l_name l_amount l_curr l_till)) { $form->{$_} = 'Y'; } @@ -994,7 +995,7 @@ sub print_form { } if ( $form->{media} ne 'screen' ) { - $form->{OUT} = "${LedgerSMB::Sysconfig::printer}{$form->{media}}"; + $form->{OUT} = ${LedgerSMB::Sysconfig::printer}{ $form->{media} }; $form->{printmode} = '|-'; } @@ -69,6 +69,9 @@ $0 =~ tr/\\/\//; $pos = rindex $0, '/'; $script = substr( $0, $pos + 1 ); +$locale = LedgerSMB::Locale->get_handle( ${LedgerSMB::Sysconfig::language} ) + or $form->error( __FILE__ . ':' . __LINE__ . ": Locale not loaded: $!\n" ); + # we use $script for the language module $form->{script} = $script; @@ -78,18 +81,38 @@ $script =~ s/\.pl//; # pull in DBI use DBI qw(:sql_types); +# send warnings to browser +$SIG{__WARN__} = sub { $form->info( $_[0] ) }; + +# send errors to browser +$SIG{__DIE__} = + sub { $form->error( __FILE__ . ':' . __LINE__ . ': ' . $_[0] ) }; + +## did sysadmin lock us out +#if (-f "${LedgerSMB::Sysconfig::userspath}/nologin") { +# $locale = LedgerSMB::Locale->get_handle(${LedgerSMB::Sysconfig::language}) or +# $form->error(__FILE__.':'.__LINE__.": Locale not loaded: $!\n"); +# $form->{charset} = 'UTF-8'; +# $locale->encoding('UTF-8'); +# +# $form->{callback} = ""; +# $form->error(__FILE__.':'.__LINE__.': '.$locale->text('System currently down for maintenance!')); +#} + +&check_password; + # grab user config. This is ugly and unecessary if/when # we get rid of myconfig and use User as a real object %myconfig = %{ LedgerSMB::User->fetch_config( $form->{login} ) }; +$locale = LedgerSMB::Locale->get_handle( $myconfig{countrycode} ) + or $form->error( __FILE__ . ':' . __LINE__ . ": Locale not loaded: $!\n" ); -if ($@) { - $locale = LedgerSMB::Locale->get_handle( $myconfig{countrycode} ) - or - $form->error( __FILE__ . ':' . __LINE__ . ": Locale not loaded: $!\n" ); - $form->{charset} = $locale->encoding; - $form->{charset} = 'UTF-8'; - $locale->encoding('UTF-8'); +# locale messages +#$form->{charset} = $locale->encoding; +$form->{charset} = 'UTF-8'; +$locale->encoding('UTF-8'); +if ($@) { $form->{callback} = ""; $msg1 = $locale->text('You are logged out!'); $msg2 = $locale->text('Login'); @@ -97,32 +120,10 @@ if ($@) { "$msg1 <p><a href=\"login.pl\" target=\"_top\">$msg2</a></p>"); } -# locale messages -$locale = LedgerSMB::Locale->get_handle( $myconfig{countrycode} ) - or $form->error( __FILE__ . ':' . __LINE__ . ": Locale not loaded: $!\n" ); - -#$form->{charset} = $locale->encoding; -$form->{charset} = 'UTF-8'; -$locale->encoding('UTF-8'); - -# send warnings to browser -$SIG{__WARN__} = sub { $form->info( $_[0] ) }; - -# send errors to browser -$SIG{__DIE__} = - sub { $form->error( __FILE__ . ':' . __LINE__ . ': ' . $_[0] ) }; - map { $form->{$_} = $myconfig{$_} } qw(stylesheet timeout) unless ( $form->{type} eq 'preferences' ); -$form->db_init( \%myconfig ); - -if ( $form->{path} ne 'bin/lynx' ) { $form->{path} = 'bin/mozilla'; } -# did sysadmin lock us out -if ( -f "${LedgerSMB::Sysconfig::userspath}/nologin" ) { - $form->error( __FILE__ . ':' . __LINE__ . ': ' - . $locale->text('System currently down for maintenance!') ); -} +$form->db_init( \%myconfig ); # pull in the main code require "bin/$form->{script}"; @@ -145,8 +146,6 @@ if ( $form->{action} ) { . $locale->text('Version') . " $form->{version} - $myconfig{name} - $myconfig{dbname}"; - &check_password; - &{ $form->{action} }; } |