[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 03/12: Task #0001869: Session key : clef de s
|
From: |
Dany De Bontridder |
|
Subject: |
[Noalyss-commit] [noalyss] 03/12: Task #0001869: Session key : clef de session |
|
Date: |
Fri, 15 Jan 2021 09:40:04 -0500 (EST) |
sparkyx pushed a commit to branch master
in repository noalyss.
commit 1f458a4f01ece362ef9a175c78472416b99ae70e
Author: Dany wm De Bontridder <danydb@noalyss.eu>
AuthorDate: Tue Dec 22 20:32:34 2020 +0100
Task #0001869: Session key : clef de session
---
html/ajax.php | 2 +-
html/do.php | 4 +-
html/extension.raw.php | 2 +-
html/fid.php | 2 +-
html/install.php | 2 +-
html/login.php | 4 +-
html/popup.php | 4 +-
html/recherche.php | 6 +--
html/user_login.php | 2 +-
include/admin_repo.inc.php | 2 +-
include/ajax/ajax_history.php | 2 +-
include/ajax/ajax_ledger.php | 8 ++--
include/ajax/ajax_navigator.php | 2 +-
include/ajax/ajax_preference.php | 22 +++++------
include/ajax/ajax_todo_list.php | 4 +-
include/class/acc_ledger.class.php | 8 ++--
include/class/acc_ledger_purchase.class.php | 2 +-
include/class/acc_ledger_search.class.php | 10 ++---
include/class/acc_operation.class.php | 6 +--
include/class/anc_operation.class.php | 2 +-
include/class/calendar.class.php | 4 +-
include/class/contact.class.php | 2 +-
include/class/document.class.php | 2 +-
include/class/extension.class.php | 2 +-
include/class/fiche.class.php | 4 +-
include/class/fiche_def.class.php | 8 ++--
include/class/follow_up.class.php | 20 +++++-----
include/class/stock.class.php | 2 +-
include/class/stock_goods.class.php | 4 +-
include/class/todo_list.class.php | 8 ++--
include/class/user.class.php | 58 ++++++++++++++---------------
include/config.inc.example | 4 +-
include/constant.php | 4 +-
include/extension_choice.inc.php | 2 +-
include/fiche.inc.php | 2 +-
include/history_operation.inc.php | 2 +-
include/lib/ac_common.php | 20 +++++-----
include/lib/icard.class.php | 2 +-
include/lib/idate.class.php | 18 +++++----
include/lib/noalyss_csv.class.php | 6 +--
include/lib/user_common.php | 6 +--
include/template/module.php | 4 +-
include/template/todo_list_display.php | 2 +-
unit-test/global.example.php | 6 +--
unit-test/global.php | 6 +--
45 files changed, 150 insertions(+), 144 deletions(-)
diff --git a/html/ajax.php b/html/ajax.php
index 5bf6266..4219a4c 100644
--- a/html/ajax.php
+++ b/html/ajax.php
@@ -56,7 +56,7 @@ if (isset($_REQUEST['plugin_code']) )
if ( $ext->search($_REQUEST['plugin_code']) != -1)
{
/* security */
- if ( !isset ($_SESSION['g_user']) ||
$ext->can_request($_SESSION['g_user']) == 0 )
+ if ( !isset ($_SESSION[SESSION_KEY.'g_user']) ||
$ext->can_request($_SESSION[SESSION_KEY.'g_user']) == 0 )
{
exit();
}
diff --git a/html/do.php b/html/do.php
index 49a2dcc..9a86412 100644
--- a/html/do.php
+++ b/html/do.php
@@ -42,7 +42,7 @@ if ( ! isset($_REQUEST['gDossier']))
redirect('user_login.php');
exit();
}
-if ( ! isset ($_SESSION['g_theme']))
+if ( ! isset ($_SESSION[SESSION_KEY.'g_theme']))
{
echo "<h2>"._('Vous êtes déconnecté')."</h2>";
$backurl=$_SERVER['REQUEST_URI'];
@@ -68,7 +68,7 @@ if ( ! $cn->exist_table('version')) {
return;
}
-$style_user=$http->post("style_user","string",$_SESSION['g_theme']);
+$style_user=$http->post("style_user","string",$_SESSION[SESSION_KEY.'g_theme']);
html_page_start($style_user);
if ( DEBUG ) {
diff --git a/html/extension.raw.php b/html/extension.raw.php
index d8f8abb..99a5729 100644
--- a/html/extension.raw.php
+++ b/html/extension.raw.php
@@ -45,7 +45,7 @@ $ext=new Extension($cn);
if ( $ext->search($http->request("plugin_code")) != -1 )
{
/* security */
- if ( !isset ($_SESSION['g_user']) ||
$ext->can_request($_SESSION['g_user']) == 0 )
+ if ( !isset ($_SESSION[SESSION_KEY.'g_user']) ||
$ext->can_request($_SESSION[SESSION_KEY.'g_user']) == 0 )
{
exit();
}
diff --git a/html/fid.php b/html/fid.php
index 2b6c389..471a08d 100644
--- a/html/fid.php
+++ b/html/fid.php
@@ -56,7 +56,7 @@ $fTva_id=$hi->request("t","string","none");
$fPrice_sale=$hi->request("p","string","none");
$fPrice_purchase=$hi->request("b","string","none");
-if ( isset($_SESSION['isValid']) && $_SESSION['isValid'] == 1)
+if ( isset($_SESSION[SESSION_KEY.'isValid']) &&
$_SESSION[SESSION_KEY.'isValid'] == 1)
{
$jrn=$hi->get('j', "number",'-1');
$d=$hi->get('d',"string", '');
diff --git a/html/install.php b/html/install.php
index 821df7a..7e4ff5d 100644
--- a/html/install.php
+++ b/html/install.php
@@ -145,7 +145,7 @@ load_all_script();
echo '<div id="info_div"></div>';
if ( $_GET['lang'] == "en_US.utf8" || $_GET['lang']=='fr_FR.utf8')
{
- $_SESSION['g_lang']=$_GET['lang'];
+ $_SESSION[SESSION_KEY.'g_lang']=$_GET['lang'];
set_language();
}
?>
diff --git a/html/login.php b/html/login.php
index 0890408..face7be 100644
--- a/html/login.php
+++ b/html/login.php
@@ -39,8 +39,8 @@ if ( isset ($_POST["p_user"] ) )
{
$g_user=strtolower(sql_string($_POST["p_user"]));
$g_pass=$_POST["p_pass"];
- $_SESSION['g_user']=$g_user;
- $_SESSION['g_pass']=$g_pass;
+ $_SESSION[SESSION_KEY.'g_user']=$g_user;
+ $_SESSION[SESSION_KEY.'g_pass']=$g_pass;
diff --git a/html/popup.php b/html/popup.php
index b985af5..44bfdf5 100644
--- a/html/popup.php
+++ b/html/popup.php
@@ -32,7 +32,7 @@ $http=new HttpInput();
/*
* Check if the user is still connected
*/
-if ( ! isset ($_SESSION['g_user'] ) )
+if ( ! isset ($_SESSION[SESSION_KEY.'g_user'] ) )
{
echo "<h2>"._('Vous êtes déconnecté')."</h2>";
$backurl=$_SERVER['REQUEST_URI'];
@@ -42,7 +42,7 @@ if ( ! isset ($_SESSION['g_user'] ) )
}
-html_page_start($_SESSION['g_theme']);
+html_page_start($_SESSION[SESSION_KEY.'g_theme']);
echo '<div style="float:left;">';
?>
<script>
diff --git a/html/recherche.php b/html/recherche.php
index aa655ca..9392569 100644
--- a/html/recherche.php
+++ b/html/recherche.php
@@ -28,13 +28,13 @@ require_once NOALYSS_INCLUDE.'/class/acc_ledger.class.php';
require_once NOALYSS_INCLUDE.'/class/acc_ledger_search.class.php';
require_once NOALYSS_INCLUDE.'/lib/icon_action.class.php';
require_once NOALYSS_INCLUDE.'/lib/http_input.class.php';
-if ( ! isset ($_SESSION['g_theme']))
+if ( ! isset ($_SESSION[SESSION_KEY.'g_theme']))
{
echo "<h2>"._('Vous êtes déconnecté')."</h2>";
die();
}
-html_page_start($_SESSION['g_theme']);
+html_page_start($_SESSION[SESSION_KEY.'g_theme']);
load_all_script();
@@ -101,7 +101,7 @@ if ( isset ($_GET['viewsearch']))
{
// Navigation bar
- $step=$_SESSION['g_pagesize'];
+ $step=$_SESSION[SESSION_KEY.'g_pagesize'];
$page=$http->get("page","number",1);
$offset=$http->get("offset","number",0);
diff --git a/html/user_login.php b/html/user_login.php
index 0780af7..0b46a27 100644
--- a/html/user_login.php
+++ b/html/user_login.php
@@ -29,7 +29,7 @@ require_once NOALYSS_INCLUDE.'/lib/http_input.class.php';
require_once NOALYSS_INCLUDE.'/lib/function_javascript.php';
require_once NOALYSS_INCLUDE.'/lib/icon_action.class.php';
-@html_page_start($_SESSION['g_theme']);
+@html_page_start($_SESSION[SESSION_KEY.'g_theme']);
$rep=new Database();
require_once NOALYSS_INCLUDE.'/class/user.class.php';
$User=new User($rep);
diff --git a/include/admin_repo.inc.php b/include/admin_repo.inc.php
index a18e4ab..c200360 100644
--- a/include/admin_repo.inc.php
+++ b/include/admin_repo.inc.php
@@ -60,7 +60,7 @@ if ( $action== 'backup') {
require_once NOALYSS_INCLUDE."/backup.inc.php";
exit();
}
-html_page_start($_SESSION['g_theme']);
+html_page_start($_SESSION[SESSION_KEY.'g_theme']);
load_all_script();
echo '<H2 class="info"> '._('Administration').'</H2>';
echo '<div class="topmenu">';
diff --git a/include/ajax/ajax_history.php b/include/ajax/ajax_history.php
index ffdb85a..2951e10 100644
--- a/include/ajax/ajax_history.php
+++ b/include/ajax/ajax_history.php
@@ -36,7 +36,7 @@ $div=$http->request('div');
mb_internal_encoding("UTF-8");
$http=new HttpInput();
/**
- *if $_SESSION['g_user'] is not set : echo a warning
+ *if $_SESSION[SESSION_KEY.'g_user'] is not set : echo a warning
*/
/* security */
if ( $g_user->check_dossier(dossier::id(),true) == 'X' ) exit();
diff --git a/include/ajax/ajax_ledger.php b/include/ajax/ajax_ledger.php
index 6eb4bcb..40cd7c4 100644
--- a/include/ajax/ajax_ledger.php
+++ b/include/ajax/ajax_ledger.php
@@ -66,7 +66,7 @@ catch (Exception $exc)
}
/**
- *if $_SESSION['g_user'] is not set : echo a warning
+ *if $_SESSION[SESSION_KEY.'g_user'] is not set : echo a warning
*/
$cn=Dossier::connect();
@@ -224,7 +224,7 @@ case 'file':
$obj=$op->get_quant(); /* return an obj. ACH / FIN or VEN or null if
nothing is found*/
$repo = new Database();
- $theme = $repo->get_value("select the_filestyle from theme where
the_name=$1", array($_SESSION['g_theme']));
+ $theme = $repo->get_value("select the_filestyle from theme where
the_name=$1", array($_SESSION[SESSION_KEY.'g_theme']));
html_min_page_start($theme);
// if there is a receipt document
@@ -317,7 +317,7 @@ case 'loadfile':
echo "<html><head>";
$repo=new Database();
- $theme=$repo->get_value("select the_filestyle from theme where
the_name=$1",array($_SESSION['g_theme']));
+ $theme=$repo->get_value("select the_filestyle from theme where
the_name=$1",array($_SESSION[SESSION_KEY.'g_theme']));
echo " <LINK REL=\"stylesheet\" type=\"text/css\" href=\"$theme\"
media=\"screen\">";
echo "</head>";
if ( ! isset($_REQUEST['ajax']) ) echo "<body
class=\"op_detail_frame\">"; else echo "<body>";
@@ -347,7 +347,7 @@ case 'rmf':
{
echo "<html><head>";
$repo=new Database();
- $theme=$repo->get_value("select the_filestyle from theme where
the_name=$1",array($_SESSION['g_theme']));
+ $theme=$repo->get_value("select the_filestyle from theme where
the_name=$1",array($_SESSION[SESSION_KEY.'g_theme']));
echo " <LINK REL=\"stylesheet\" type=\"text/css\" href=\"$theme\"
media=\"screen\">";
echo "</head><body class=\"op_detail_frame\">";
echo "<h2>"._("Document")."</h2>";
diff --git a/include/ajax/ajax_navigator.php b/include/ajax/ajax_navigator.php
index 757b370..867c708 100644
--- a/include/ajax/ajax_navigator.php
+++ b/include/ajax/ajax_navigator.php
@@ -34,7 +34,7 @@ $sql="
where user_name=$1
order by 2 ";
-$a_menu=$cn->get_array($sql,array($_SESSION['g_user']));
+$a_menu=$cn->get_array($sql,array($_SESSION[SESSION_KEY.'g_user']));
?>
<div class="content">
diff --git a/include/ajax/ajax_preference.php b/include/ajax/ajax_preference.php
index f2eea83..3f7448b 100644
--- a/include/ajax/ajax_preference.php
+++ b/include/ajax/ajax_preference.php
@@ -59,7 +59,7 @@ if (isset($_REQUEST['gDossier']) &&
$http->request("gDossier","number",0) != 0 )
$style->value = $repo->make_array("select the_name,the_name
from theme
order by the_name");
- $style->selected =$_SESSION['g_theme'];
+ $style->selected =$_SESSION[SESSION_KEY.'g_theme'];
//----------------------------------------------------------------------------------------------
// Display the form
@@ -164,8 +164,8 @@ if ( $action == 'display_form' )
<option value="200">200
<option value="-1"><?php echo _('Illimité');?>
<?php
- $label = ($_SESSION['g_pagesize'] == -1) ?
_('Illimité') : $_SESSION['g_pagesize'];
- echo '<option value="' .
$_SESSION['g_pagesize'] . '" selected>' . $label;
+ $label =
($_SESSION[SESSION_KEY.'g_pagesize'] == -1) ? _('Illimité') :
$_SESSION[SESSION_KEY.'g_pagesize'];
+ echo '<option value="' .
$_SESSION[SESSION_KEY.'g_pagesize'] . '" selected>' . $label;
?>
</SELECT>
@@ -180,7 +180,7 @@ if ( $action == 'display_form' )
<legend><?=_("Format Export CSV")?></legend>
<p>
<?php
- if ( $_SESSION['csv_fieldsep']==1 &&
$_SESSION['csv_decimal']==1)
+ if ( $_SESSION[SESSION_KEY.'csv_fieldsep']==1 &&
$_SESSION[SESSION_KEY.'csv_decimal']==1)
{
echo_warning(_("N'utilisez pas le même séparateur pour les
champs et les décimales"));
}
@@ -198,7 +198,7 @@ if ( $action == 'display_form' )
["label"=>_("Point-virgule"),"value"=>0],
["label"=>_("virgule"),"value"=>1]
];
- $csv_fieldsep->selected=$_SESSION['csv_fieldsep'];
+
$csv_fieldsep->selected=$_SESSION[SESSION_KEY.'csv_fieldsep'];
echo $csv_fieldsep->input();
?>
</td>
@@ -214,7 +214,7 @@ if ( $action == 'display_form' )
["label"=>_("point"),"value"=>0],
["label"=>_("virgule"),"value"=>1]
];
- $csv_decimal->selected=$_SESSION['csv_decimal'];
+
$csv_decimal->selected=$_SESSION[SESSION_KEY.'csv_decimal'];
echo $csv_decimal->input();
?>
</td>
@@ -230,7 +230,7 @@ if ( $action == 'display_form' )
["label"=>_("utf8"),"value"=>'utf8'],
["label"=>_("latin1"),"value"=>'latin1']
];
- $csv_encoding->selected=$_SESSION['csv_encoding'];
+
$csv_encoding->selected=$_SESSION[SESSION_KEY.'csv_encoding'];
echo $csv_encoding->input();
?>
</td>
@@ -268,7 +268,7 @@ if ( $action == 'display_form' )
for ($i = 0; $i < count($aLang); $i++)
{
$sel = "";
- if ($aLang[$i][1] == $_SESSION['g_lang'])
+ if ($aLang[$i][1] == $_SESSION[SESSION_KEY.'g_lang'])
$sel = " selected ";
printf('<option value="%s" %s>%s</option>', $aLang[$i][1], $sel,
$aLang[$i][0]);
}
@@ -324,9 +324,9 @@ if ($action == 'save')
$g_user->save_global_preference('csv_encoding', $csv_encoding);
$g_user->save_email($p_email);
- $_SESSION['g_theme']=$style_user;
- $_SESSION['g_pagesize']=$p_size;
- $_SESSION['g_lang']=$lang;
+ $_SESSION[SESSION_KEY.'g_theme']=$style_user;
+ $_SESSION[SESSION_KEY.'g_pagesize']=$p_size;
+ $_SESSION[SESSION_KEY.'g_lang']=$lang;
// find the right CSS theme
$style= $repo->get_value("select the_filestyle from theme
diff --git a/include/ajax/ajax_todo_list.php b/include/ajax/ajax_todo_list.php
index 3b129bb..0805569 100644
--- a/include/ajax/ajax_todo_list.php
+++ b/include/ajax/ajax_todo_list.php
@@ -102,7 +102,7 @@ if ($ac == 'save')
if ($id <> 0 ) { $todo->load(); }
else
{
- $todo->set_parameter("owner", $_SESSION['g_user']);
+ $todo->set_parameter("owner", $_SESSION[SESSION_KEY.'g_user']);
}
$todo->set_parameter("date",$http->post("p_date_todo","string", ""));
@@ -111,7 +111,7 @@ if ($ac == 'save')
$todo->set_is_public($http->post("p_public", "string","N"));
ob_start();
- if ( $todo->get_parameter('owner') == $_SESSION['g_user'] ) $todo->save();
+ if ( $todo->get_parameter('owner') == $_SESSION[SESSION_KEY.'g_user'] )
$todo->save();
ob_end_clean();
$dom=new DOMDocument('1.0','UTF-8');
diff --git a/include/class/acc_ledger.class.php
b/include/class/acc_ledger.class.php
index 003513b..995423a 100644
--- a/include/class/acc_ledger.class.php
+++ b/include/class/acc_ledger.class.php
@@ -2016,8 +2016,8 @@ class Acc_Ledger extends jrn_def_sql
echo Acc_Reconciliation::$javascript;
html_page_start();
$cn=Dossier::connect();
- $_SESSION['g_user']=NOALYSS_ADMINISTRATOR;
- $_SESSION['g_pass']='phpcompta';
+ $_SESSION[SESSION_KEY.'g_user']=NOALYSS_ADMINISTRATOR;
+ $_SESSION[SESSION_KEY.'g_pass']='phpcompta';
$id=(isset($_REQUEST['p_jrn']))?$_REQUEST['p_jrn']:-1;
$a=new Acc_Ledger($cn, $id);
@@ -2109,8 +2109,8 @@ class Acc_Ledger extends jrn_def_sql
html_page_start();
$cn=Dossier::connect();
$ledger=new Acc_Ledger($cn, 0);
- $_SESSION['g_user']=NOALYSS_ADMINISTRATOR;
- $_SESSION['g_pass']='phpcompta';
+ $_SESSION[SESSION_KEY.'g_user']=NOALYSS_ADMINISTRATOR;
+ $_SESSION[SESSION_KEY.'g_pass']='phpcompta';
echo $ledger->search_form('ALL');
}
///////////////////////////////////////////////////////////////////////////
diff --git a/include/class/acc_ledger_purchase.class.php
b/include/class/acc_ledger_purchase.class.php
index 2417446..39f3c55 100644
--- a/include/class/acc_ledger_purchase.class.php
+++ b/include/class/acc_ledger_purchase.class.php
@@ -1788,7 +1788,7 @@ EOF;
// Show list of unpaid sell
// Date - date of payment - Customer - amount
// Nav. bar
- $step=$_SESSION['g_pagesize'];
+ $step=$_SESSION[SESSION_KEY.'g_pagesize'];
$page=(isset($_GET['offset']))?$_GET['page']:1;
$offset=(isset($_GET['offset']))?$_GET['offset']:0;
diff --git a/include/class/acc_ledger_search.class.php
b/include/class/acc_ledger_search.class.php
index 4989f61..b435c8d 100644
--- a/include/class/acc_ledger_search.class.php
+++ b/include/class/acc_ledger_search.class.php
@@ -639,7 +639,7 @@ class Acc_Ledger_Search
$fil_sec=$and." jr_def_id in ( select uj_jrn_id ".
" from user_sec_jrn where ".
- " uj_login='".sql_string($_SESSION['g_user'])."'".
+ "
uj_login='".sql_string($_SESSION[SESSION_KEY.'g_user'])."'".
" and uj_priv in ('R','W'))";
}
$where=$fil_ledger.$fil_amount.$fil_date.$fil_desc.$fil_sec.$fil_amount.
@@ -712,7 +712,7 @@ class Acc_Ledger_Search
// Count nb of line
$max_line=$cn->count_sql($sql);
- $step=$_SESSION['g_pagesize'];
+ $step=$_SESSION[SESSION_KEY.'g_pagesize'];
$page=(isset($_GET['offset']))?$_GET['page']:1;
$offset=(isset($_GET['offset']))?$_GET['offset']:0;
// create the nav. bar
@@ -738,8 +738,8 @@ class Acc_Ledger_Search
$gDossier=dossier::id();
$amount_paid=0.0;
$amount_unpaid=0.0;
- $limit=($_SESSION['g_pagesize']!=-1)?" LIMIT
".$_SESSION['g_pagesize']:"";
- $offset=($_SESSION['g_pagesize']!=-1)?" OFFSET
".Database::escape_string($offset):"";
+ $limit=($_SESSION[SESSION_KEY.'g_pagesize']!=-1)?" LIMIT
".$_SESSION[SESSION_KEY.'g_pagesize']:"";
+ $offset=($_SESSION[SESSION_KEY.'g_pagesize']!=-1)?" OFFSET
".Database::escape_string($offset):"";
$order=" order by jr_date_order asc,jr_internal asc";
// Sort
$url="?".CleanUrl();
@@ -1011,7 +1011,7 @@ class Acc_Ledger_Search
// Count nb of line
$max_line=$this->cn->count_sql($sql);
- $step=$_SESSION['g_pagesize'];
+ $step=$_SESSION[SESSION_KEY.'g_pagesize'];
$page=(isset($_GET['offset']))?$_GET['page']:1;
$offset=(isset($_GET['offset']))?$_GET['offset']:0;
// create the nav. bar
diff --git a/include/class/acc_operation.class.php
b/include/class/acc_operation.class.php
index 06946c7..fd30cf6 100644
--- a/include/class/acc_operation.class.php
+++ b/include/class/acc_operation.class.php
@@ -56,7 +56,7 @@ class Acc_Operation
global $g_user;
$this->db=$p_cn;
$this->qcode="";
- $this->user=$_SESSION['g_user'];
+ $this->user=$_SESSION[SESSION_KEY.'g_user'];
$this->periode=$g_user->get_periode();
$this->jr_id=0;
$this->jr_optype="NOR";
@@ -700,8 +700,8 @@ class Acc_Operation
}
static function test_me()
{
- $_SESSION['g_user']=NOALYSS_ADMINISTRATOR;
- $_SESSION['g_pass']='dany';
+ $_SESSION[SESSION_KEY.'g_user']=NOALYSS_ADMINISTRATOR;
+ $_SESSION[SESSION_KEY.'g_pass']='dany';
global $g_user;
$cn=Dossier::connect();
$g_user=new User($cn);
diff --git a/include/class/anc_operation.class.php
b/include/class/anc_operation.class.php
index f8c2ea8..35b8f4e 100644
--- a/include/class/anc_operation.class.php
+++ b/include/class/anc_operation.class.php
@@ -274,7 +274,7 @@ class Anc_Operation
return _("Pas d'enregistrement trouvé");
// navigation_bar
- $step=$_SESSION['g_pagesize'];
+ $step=$_SESSION[SESSION_KEY.'g_pagesize'];
$page=(isset($_GET['offset']))?$_GET['page']:1;
$offset=(isset($_GET['offset']))?$_GET['offset']:0;
$bar=navigation_bar($offset+1,count($array),$step,$page);
diff --git a/include/class/calendar.class.php b/include/class/calendar.class.php
index 643e5e2..58aa9e1 100644
--- a/include/class/calendar.class.php
+++ b/include/class/calendar.class.php
@@ -129,7 +129,7 @@ class Calendar
" to_char(tl_date,'MM')::integer=$1 ".
" and to_char(tl_date,'YYYY')::integer=$2 ".
" and use_login=$3 group by to_char(tl_date,'DD')::integer ";
-
$array=$cn->get_array($sql,array($this->month,$this->year,$_SESSION['g_user']));
+
$array=$cn->get_array($sql,array($this->month,$this->year,$_SESSION[SESSION_KEY.'g_user']));
for ($i=0;$i<count($array);$i++)
{
$ind=$array[$i]['tl_date_day'];
@@ -143,7 +143,7 @@ class Calendar
" to_char(tl_date,'MM')::integer=$1 ".
" and to_char(tl_date,'YYYY')::integer=$2 ".
" and use_login=$3 ";
-
$array=$cn->get_array($sql,array($this->month,$this->year,$_SESSION['g_user']));
+
$array=$cn->get_array($sql,array($this->month,$this->year,$_SESSION[SESSION_KEY.'g_user']));
for ($i=0;$i<count($array);$i++)
{
$ind=$array[$i]['tl_date_day'];
diff --git a/include/class/contact.class.php b/include/class/contact.class.php
index 39bf449..9efb993 100644
--- a/include/class/contact.class.php
+++ b/include/class/contact.class.php
@@ -63,7 +63,7 @@ class contact extends Fiche
// Get offset and page variable
$offset=( isset ($_REQUEST['offset'] )) ?$_REQUEST['offset']:0;
$page=(isset($_REQUEST['page']))?$_REQUEST['page']:1;
-
$bar=navigation_bar($offset,$all_contact,$_SESSION['g_pagesize'],$page);
+
$bar=navigation_bar($offset,$all_contact,$_SESSION[SESSION_KEY.'g_pagesize'],$page);
// set a filter ?
$search="";
if ( trim($p_search) != "" )
diff --git a/include/class/document.class.php b/include/class/document.class.php
index d7b7f87..e75d090 100644
--- a/include/class/document.class.php
+++ b/include/class/document.class.php
@@ -822,7 +822,7 @@ class Document
break;
case 'USER' :
- return $_SESSION['use_name'].', '.$_SESSION['use_first_name'];
+ return $_SESSION[SESSION_KEY.'use_name'].',
'.$_SESSION[SESSION_KEY.'use_first_name'];
break;
case 'REFERENCE':
diff --git a/include/class/extension.class.php
b/include/class/extension.class.php
index 1b321fe..31961e4 100644
--- a/include/class/extension.class.php
+++ b/include/class/extension.class.php
@@ -97,7 +97,7 @@ class Extension extends Menu_Ref_sql
" menu_ref join profile_menu using (me_code)
join profile_user using (p_id) where ".
" user_name=$1 and me_type='PL' ORDER BY ME_MENU";
- $a=$cn->get_array($sql, array($_SESSION['g_user']));
+ $a=$cn->get_array($sql, array($_SESSION[SESSION_KEY.'g_user']));
return $a;
}
diff --git a/include/class/fiche.class.php b/include/class/fiche.class.php
index 5bbd6fe..631e24c 100644
--- a/include/class/fiche.class.php
+++ b/include/class/fiche.class.php
@@ -303,7 +303,7 @@ class Fiche
}
else
{
- $limit=($_SESSION['g_pagesize']!=-1)?"limit
".$_SESSION['g_pagesize']:"";
+ $limit=($_SESSION[SESSION_KEY.'g_pagesize']!=-1)?"limit
".$_SESSION[SESSION_KEY.'g_pagesize']:"";
$sql="select *
from
fiche join fiche_Def using (fd_id) join vw_fiche_name
using(f_id)
@@ -1776,7 +1776,7 @@ class Fiche
// Get offset and page variable
$offset=( isset ($_REQUEST['offset'] )) ?$_REQUEST['offset']:0;
$page=(isset($_REQUEST['page']))?$_REQUEST['page']:1;
- $bar=navigation_bar($offset,$all_tiers,$_SESSION['g_pagesize'],$page);
+
$bar=navigation_bar($offset,$all_tiers,$_SESSION[SESSION_KEY.'g_pagesize'],$page);
// set a filter ?
$search=$p_sql;
diff --git a/include/class/fiche_def.class.php
b/include/class/fiche_def.class.php
index a06ee60..ddae639 100644
--- a/include/class/fiche_def.class.php
+++ b/include/class/fiche_def.class.php
@@ -324,10 +324,10 @@ $order
where ad_id=1 and fd_id=$1 order by 2";
// we use navigation_bar
- if ($step == 1 && $_SESSION['g_pagesize'] != -1 )
+ if ($step == 1 && $_SESSION[SESSION_KEY.'g_pagesize'] != -1 )
{
$offset=(isset($_GET['offset']))?$_GET['offset']:0;
- $step=$_SESSION['g_pagesize'];
+ $step=$_SESSION[SESSION_KEY.'g_pagesize'];
$sql.=" offset $offset limit $step";
}
@@ -370,7 +370,7 @@ $order
$this->get();
echo '<H2 class="info">'.$this->id." ".$this->label.'</H2>';
- $step=$_SESSION['g_pagesize'];
+ $step=$_SESSION[SESSION_KEY.'g_pagesize'];
$sql_limit="";
$sql_offset="";
$bar="";
@@ -398,7 +398,7 @@ $order
$str="";
// save the url
// with offet &offset=15&step=15&page=2&size=15
- if ( $_SESSION['g_pagesize'] != -1)
+ if ( $_SESSION[SESSION_KEY.'g_pagesize'] != -1)
{
$str=sprintf("&offset=%s&step=%s&page=%s&size=%s",
$offset,
diff --git a/include/class/follow_up.class.php
b/include/class/follow_up.class.php
index 9c78f71..7a57316 100644
--- a/include/class/follow_up.class.php
+++ b/include/class/follow_up.class.php
@@ -577,7 +577,7 @@ class Follow_Up
$this->ag_dest, /* 7 */
$this->ag_hour, /* 8 */
$this->ag_priority, /* 9 */
- $_SESSION['g_user'], /* 10 */
+ $_SESSION[SESSION_KEY.'g_user'], /* 10 */
$contact->id, /* 11 */
$this->ag_state, /* 12 */
$this->ag_remind_date /* 13 */
@@ -602,12 +602,12 @@ class Follow_Up
if (trim($this->ag_comment)!='' &&
Document_Option::can_add_comment($this->ag_id))
{
$this->db->exec_sql("insert into action_gestion_comment
(ag_id,tech_user,agc_comment) values ($1,$2,$3)"
- , array($this->ag_id, $_SESSION['g_user'], $this->ag_comment));
+ , array($this->ag_id, $_SESSION[SESSION_KEY.'g_user'],
$this->ag_comment));
}
if (trim($this->ag_description)!='' &&
Document_Option::can_add_comment($this->ag_id))
{
$this->db->exec_sql("insert into action_gestion_comment
(ag_id,tech_user,agc_comment) values ($1,$2,$3)"
- , array($this->ag_id, $_SESSION['g_user'],
$this->ag_description));
+ , array($this->ag_id, $_SESSION[SESSION_KEY.'g_user'],
$this->ag_description));
}
$this->insert_operation();
$this->insert_action();
@@ -672,7 +672,7 @@ class Follow_Up
join document_state on (ag_state=s_id)
where $p_filter_doc $p_search $sort";
$max_line=$this->db->count_sql($sql);
- $step=$_SESSION['g_pagesize'];
+ $step=$_SESSION[SESSION_KEY.'g_pagesize'];
$page=(isset($_GET['offset']))?$_GET['page']:1;
$offset=(isset($_GET['offset']))?Database::escape_string($_GET['offset']):0;
if ($step!=-1)
@@ -925,12 +925,12 @@ class Follow_Up
if (trim($this->ag_comment)!='')
{
$this->db->exec_sql("insert into action_gestion_comment
(ag_id,tech_user,agc_comment) values ($1,$2,$3)"
- , array($this->ag_id, $_SESSION['g_user'],
$this->ag_comment));
+ , array($this->ag_id, $_SESSION[SESSION_KEY.'g_user'],
$this->ag_comment));
}
if (trim($this->ag_description)!='')
{
$this->db->exec_sql("insert into action_gestion_comment
(ag_id,tech_user,agc_comment) values ($1,$2,$3)"
- , array($this->ag_id, $_SESSION['g_user'],
$this->ag_description));
+ , array($this->ag_id, $_SESSION[SESSION_KEY.'g_user'],
$this->ag_description));
}
$this->insert_operation();
$this->insert_action();
@@ -1355,11 +1355,11 @@ class Follow_Up
{
$action_query.= " and ((ag_dest =
".sql_string($p_array['ag_dest_query'])." and ".self::sql_security_filter($cn,
"R").") or ".
"(ag_dest = ".sql_string($p_array['ag_dest_query'])." and
".self::sql_security_filter($cn, "R")." and ".
- " ag_owner='".$_SESSION['g_user']."'))";
+ " ag_owner='".$_SESSION[SESSION_KEY.'g_user']."'))";
}
else
{
- $action_query .=" and (ag_owner='".$_SESSION['g_user']."' or
".self::sql_security_filter($cn, "R")." or ag_dest=-1 )";
+ $action_query .=" and
(ag_owner='".$_SESSION[SESSION_KEY.'g_user']."' or
".self::sql_security_filter($cn, "R")." or ag_dest=-1 )";
}
@@ -1744,7 +1744,7 @@ class Follow_Up
$ag_ref, /* 6 */
$this->ag_dest, /* 7 */
$this->ag_priority, /* 8 */
- $_SESSION['g_user'], /* 9 */
+ $_SESSION[SESSION_KEY.'g_user'], /* 9 */
$this->ag_state, /* 10 */
$this->ag_remind_date, /* 11 */
$this->ag_hour /* 12 */
@@ -1754,7 +1754,7 @@ class Follow_Up
if (trim($this->ag_comment)!='')
{
$this->db->exec_sql("insert into action_gestion_comment
(ag_id,tech_user,agc_comment) values ($1,$2,$3)"
- , array($this->ag_id, $_SESSION['g_user'],
$this->ag_comment));
+ , array($this->ag_id, $_SESSION[SESSION_KEY.'g_user'],
$this->ag_comment));
}
}
/**
diff --git a/include/class/stock.class.php b/include/class/stock.class.php
index dcd58ad..e4ceb8d 100644
--- a/include/class/stock.class.php
+++ b/include/class/stock.class.php
@@ -55,7 +55,7 @@ class Stock extends Stock_Sql
$order = (isset($p_array['ord'])) ? $p_array['ord'] : 'da';
$sql.=$tb->get_sql_order($order);
- $step = $_SESSION['g_pagesize'];
+ $step = $_SESSION[SESSION_KEY.'g_pagesize'];
$page = (isset($_GET['offset'])) ? $_GET['page'] : 1;
$offset = (isset($_GET['offset'])) ? $_GET['offset'] : 0;
diff --git a/include/class/stock_goods.class.php
b/include/class/stock_goods.class.php
index 8ffd0b4..899eecf 100644
--- a/include/class/stock_goods.class.php
+++ b/include/class/stock_goods.class.php
@@ -126,7 +126,7 @@ class Stock_Goods extends Stock_Goods_Sql
$ch->setp("c_comment", $p_array['p_motif']);
$ch->setp("r_id", $p_array['p_depot']);
$ch->setp("c_date", $p_array['p_date']);
- $ch->setp('tech_user', $_SESSION['g_user']);
+ $ch->setp('tech_user', $_SESSION[SESSION_KEY.'g_user']);
$ch->insert();
$per = new Periode($cn);
$periode = $per->find_periode($p_array['p_date']);
@@ -154,7 +154,7 @@ class Stock_Goods extends Stock_Goods_Sql
$a->sg_quantity =
abs($p_array['sg_quantity' . $i]);
$a->sg_type = ($p_array['sg_quantity' .
$i] > 0) ? 'd' : 'c';
$a->sg_comment = $p_array['p_motif'];
- $a->tech_user = $_SESSION['g_user'];
+ $a->tech_user =
$_SESSION[SESSION_KEY.'g_user'];
$a->r_id = $p_array['p_depot'];
$a->sg_exercice = $exercice;
$a->c_id = $ch->c_id;
diff --git a/include/class/todo_list.class.php
b/include/class/todo_list.class.php
index e759a3a..d42747e 100644
--- a/include/class/todo_list.class.php
+++ b/include/class/todo_list.class.php
@@ -57,7 +57,7 @@ class Todo_List
$this->cn=$p_init;
$this->tl_id=0;
$this->tl_desc="";
- $this->use_login=$_SESSION['g_user'];
+ $this->use_login=$_SESSION[SESSION_KEY.'g_user'];
$this->is_public="N";
}
@@ -228,7 +228,7 @@ class Todo_List
public function delete()
{
global $g_user;
- if ( $this->use_login != $_SESSION['g_user'] &&
$g_user->check_action(SHARENOTEREMOVE)==0) return;
+ if ( $this->use_login != $_SESSION[SESSION_KEY.'g_user'] &&
$g_user->check_action(SHARENOTEREMOVE)==0) return;
$sql="delete from todo_list_shared where todo_list_id=$1 ";
$res=$this->cn->exec_sql($sql,array($this->tl_id));
@@ -329,11 +329,11 @@ class Todo_List
htmlspecialchars($this->tl_title).
'</a>'.
'</td>';
- if ( $this->is_public == 'Y' && $this->use_login !=
$_SESSION['g_user'] )
+ if ( $this->is_public == 'Y' && $this->use_login !=
$_SESSION[SESSION_KEY.'g_user'] )
{ // This is a public note, cannot be removed
$r.= '<td></td>';
}
- elseif ($this->use_login == $_SESSION['g_user'] )
+ elseif ($this->use_login == $_SESSION[SESSION_KEY.'g_user'] )
{
// This a note the user owns
$r.= '<td>'.
diff --git a/include/class/user.class.php b/include/class/user.class.php
index 7ea928d..2190bb0 100644
--- a/include/class/user.class.php
+++ b/include/class/user.class.php
@@ -53,28 +53,28 @@ class User
// if p_id is not set then check the connected user
if ($p_id == -1)
{
- if (!isset($_SESSION['g_user']))
+ if (!isset($_SESSION[SESSION_KEY.'g_user']))
{
echo '<h2 class="error">' . _('Session
expirée<br>Utilisateur déconnecté') . '</h2>';
redirect('index.php', 1);
exit();
}
- $this->login =strtolower($_SESSION['g_user']);
- $this->pass = $_SESSION['g_pass'];
- $this->lang = (isset($_SESSION['g_lang'])) ?
$_SESSION['g_lang'] : 'fr_FR.utf8';
- $this->valid = (isset($_SESSION['isValid'])) ? 1 : 0;
+ $this->login
=strtolower($_SESSION[SESSION_KEY.'g_user']);
+ $this->pass = $_SESSION[SESSION_KEY.'g_pass'];
+ $this->lang = (isset($_SESSION[SESSION_KEY.'g_lang']))
? $_SESSION[SESSION_KEY.'g_lang'] : 'fr_FR.utf8';
+ $this->valid =
(isset($_SESSION[SESSION_KEY.'isValid'])) ? 1 : 0;
$this->db = $p_cn;
$this->id = -1;
- if (isset($_SESSION['g_theme']))
- $this->theme = $_SESSION['g_theme'];
+ if (isset($_SESSION[SESSION_KEY.'g_theme']))
+ $this->theme = $_SESSION[SESSION_KEY.'g_theme'];
- $this->admin = ( isset($_SESSION['use_admin']) ) ?
$_SESSION['use_admin'] : 0;
+ $this->admin = (
isset($_SESSION[SESSION_KEY.'use_admin']) ) ?
$_SESSION[SESSION_KEY.'use_admin'] : 0;
- if (isset($_SESSION['use_name']))
- $this->name = $_SESSION['use_name'];
- if (isset($_SESSION['use_first_name']))
- $this->first_name = $_SESSION['use_first_name'];
+ if (isset($_SESSION[SESSION_KEY.'use_name']))
+ $this->name = $_SESSION[SESSION_KEY.'use_name'];
+ if (isset($_SESSION[SESSION_KEY.'use_first_name']))
+ $this->first_name =
$_SESSION[SESSION_KEY.'use_first_name'];
$this->load();
}
else // if p_id is set get data of another user
@@ -176,21 +176,21 @@ class User
if ($res > 0)
{
$r = Database::fetch_array($ret, 0);
- $_SESSION['use_admin'] = $r['use_admin'];
- $_SESSION['use_name'] = $r['use_name'];
- $_SESSION['use_first_name'] = $r['use_first_name'];
- $_SESSION['isValid'] = 1;
-
- $this->admin = $_SESSION['use_admin'];
- $this->name = $_SESSION['use_name'];
- $this->first_name = $_SESSION['use_first_name'];
+ $_SESSION[SESSION_KEY.'use_admin'] = $r['use_admin'];
+ $_SESSION[SESSION_KEY.'use_name'] = $r['use_name'];
+ $_SESSION[SESSION_KEY.'use_first_name'] =
$r['use_first_name'];
+ $_SESSION[SESSION_KEY.'isValid'] = 1;
+
+ $this->admin = $_SESSION[SESSION_KEY.'use_admin'];
+ $this->name = $_SESSION[SESSION_KEY.'use_name'];
+ $this->first_name =
$_SESSION[SESSION_KEY.'use_first_name'];
$this->load_global_pref();
}
$sql = "insert into audit_connect
(ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
if ($res == 0)
{
- $cn->exec_sql($sql, array($_SESSION['g_user'],
$_SERVER["REMOTE_ADDR"], $from, $_SERVER['REQUEST_URI'], 'FAIL'));
+ $cn->exec_sql($sql,
array($_SESSION[SESSION_KEY.'g_user'], $_SERVER["REMOTE_ADDR"], $from,
$_SERVER['REQUEST_URI'], 'FAIL'));
if (!$silent)
{
echo '<script> alert(\''._('Utilisateur ou mot
de passe incorrect').'\')</script>';
@@ -203,7 +203,7 @@ class User
else
{
if ($from == 'LOGIN')
- $cn->exec_sql($sql, array($_SESSION['g_user'],
$_SERVER["REMOTE_ADDR"], $from, $_SERVER['REQUEST_URI'], 'SUCCESS'));
+ $cn->exec_sql($sql,
array($_SESSION[SESSION_KEY.'g_user'], $_SERVER["REMOTE_ADDR"], $from,
$_SERVER['REQUEST_URI'], 'SUCCESS'));
$this->valid = 1;
}
@@ -597,7 +597,7 @@ class User
{
$cn = new Database();
$sql = "insert into audit_connect
(ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
- $cn->exec_sql($sql, array($_SESSION['g_user'],
$_SERVER["REMOTE_ADDR"], $p_action_id, $_SERVER['REQUEST_URI'], 'FAIL'));
+ $cn->exec_sql($sql,
array($_SESSION[SESSION_KEY.'g_user'], $_SERVER["REMOTE_ADDR"], $p_action_id,
$_SERVER['REQUEST_URI'], 'FAIL'));
}
return 0;
}
@@ -654,7 +654,7 @@ class User
$this->load_global_pref();
return;
}
- $_SESSION[$name] = $line[$parameter];
+ $_SESSION[SESSION_KEY.$name] = $line[$parameter];
}
}
@@ -1094,7 +1094,7 @@ class User
$sql = "insert into audit_connect
(ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
$cn->exec_sql($sql, array(
- $_SESSION['g_user'],
+ $_SESSION[SESSION_KEY.'g_user'],
$_SERVER["REMOTE_ADDR"],
$p_module,
$_SERVER['REQUEST_URI'],
@@ -1115,7 +1115,7 @@ class User
$sql = "insert into audit_connect
(ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
$cn->exec_sql($sql, array(
- $_SESSION['g_user'],
+ $_SESSION[SESSION_KEY.'g_user'],
$_SERVER["REMOTE_ADDR"],
$p_module,
$_SERVER['REQUEST_URI'],
@@ -1293,8 +1293,8 @@ class User
if ($p_pass1 == $p_pass2) {
$repo = new Database();
$l_pass = md5($_POST['pass_1']);
- $repo->exec_sql("update ac_users set use_pass=$1 where
use_login=$2", array($l_pass, $_SESSION['g_user']));
- $_SESSION['g_pass'] = $_POST['pass_1'];
+ $repo->exec_sql("update ac_users set use_pass=$1 where
use_login=$2", array($l_pass, $_SESSION[SESSION_KEY.'g_user']));
+ $_SESSION[SESSION_KEY.'g_pass'] = $_POST['pass_1'];
} else {
alert(_("Les mots de passe ne correspondent pas. Mot de passe
inchangé"));
}
@@ -1306,7 +1306,7 @@ class User
function save_email($p_email)
{
$repo=new Database();
- $repo->exec_sql("update ac_users set use_email=$1 where use_login=$2",
array($p_email, $_SESSION['g_user']));
+ $repo->exec_sql("update ac_users set use_email=$1 where use_login=$2",
array($p_email, $_SESSION[SESSION_KEY.'g_user']));
}
/**
* Remove a user and all his privileges
diff --git a/include/config.inc.example b/include/config.inc.example
index 65650be..e1be7d1 100644
--- a/include/config.inc.example
+++ b/include/config.inc.example
@@ -69,4 +69,6 @@ define ("dbname","");
// In recent distribution linux, pdftk is a snap, you should set the path
// for exporting document in PDF
// $pdftk = /usr/bin/pdftk
-// $pdftk = /snap/bin/pdftk
+// $pdftk = /snap/bin/pdftk
+// Define a random session key if you work with different version of NOALYSS
+// define ('SESSION_KEY','abcde');
diff --git a/include/constant.php b/include/constant.php
index 5aa3a4d..feaf081 100644
--- a/include/constant.php
+++ b/include/constant.php
@@ -51,7 +51,9 @@ if ( !defined("FIX_BROKEN_PDF")) define
("FIX_BROKEN_PDF",'NO');
if ( !defined('NOALYSS_ADMINISTRATOR')) {
define ('NOALYSS_ADMINISTRATOR','phpcompta');
}
-
+if (!defined ("SESSION_KEY")) {
+ define ("SESSION_KEY","RtYu0uu");
+}
require_once NOALYSS_INCLUDE.'/constant.security.php';
if ( strpos($inc_path,";") != 0 ) {
diff --git a/include/extension_choice.inc.php b/include/extension_choice.inc.php
index afca411..ba5a248 100644
--- a/include/extension_choice.inc.php
+++ b/include/extension_choice.inc.php
@@ -14,7 +14,7 @@ require_once NOALYSS_INCLUDE.'/lib/iselect.class.php';
require_once NOALYSS_INCLUDE.'/constant.security.php';
require_once NOALYSS_INCLUDE.'/class/user.class.php';
echo '<div class="topmenu">';
-@html_page_start($_SESSION['g_theme']);
+@html_page_start($_SESSION[SESSION_KEY.'g_theme']);
$cn=Dossier::connect();
global $g_user;
diff --git a/include/fiche.inc.php b/include/fiche.inc.php
index 91fa20b..39f1189 100644
--- a/include/fiche.inc.php
+++ b/include/fiche.inc.php
@@ -206,7 +206,7 @@ if ($histo->selected == -1)
// Create nav bar
$max = $cn->get_value("select count(*) from fiche as f " . $cond);
- $step = $_SESSION['g_pagesize'];
+ $step = $_SESSION[SESSION_KEY.'g_pagesize'];
$page = (isset($_GET['offset'])) ? $_GET['page'] : 1;
$offset = (isset($_GET['offset'])) ? $_GET['offset'] : 0;
$bar = navigation_bar($offset, $max, $step, $page);
diff --git a/include/history_operation.inc.php
b/include/history_operation.inc.php
index d61658e..ed6f516 100644
--- a/include/history_operation.inc.php
+++ b/include/history_operation.inc.php
@@ -107,7 +107,7 @@ else
list($sql, $where) = $Ledger->build_search_sql($p_array);
$max_line = $cn->count_sql($sql);
-$step = $_SESSION['g_pagesize'];
+$step = $_SESSION[SESSION_KEY.'g_pagesize'];
$page = (isset($_GET['offset'])) ? $http->get('page') : 1;
$offset = (isset($_GET['offset'])) ? $http->get('offset') : 0;
diff --git a/include/lib/ac_common.php b/include/lib/ac_common.php
index c6c30e7..71e85fb 100644
--- a/include/lib/ac_common.php
+++ b/include/lib/ac_common.php
@@ -344,11 +344,11 @@ function html_page_start($p_theme="", $p_script="",
$p_script2="")
echo '<script language="javascript" src="js/calendar.js"></script>
<script type="text/javascript" src="js/lang/calendar-en.js"></script>';
- if (isset($_SESSION['g_lang']) && $_SESSION['g_lang']=='fr_FR.utf8' )
+ if (isset($_SESSION[SESSION_KEY.'g_lang']) &&
$_SESSION[SESSION_KEY.'g_lang']=='fr_FR.utf8' )
{
echo '<script type="text/javascript"
src="js/lang/calendar-fr.js"></script>';
}
- if (isset($_SESSION['g_lang']) && $_SESSION['g_lang']=='nl_NL.utf8' )
+ if (isset($_SESSION[SESSION_KEY.'g_lang']) &&
$_SESSION[SESSION_KEY.'g_lang']=='nl_NL.utf8' )
{
echo '<script type="text/javascript"
src="js/lang/calendar-nl.js"></script>';
}
@@ -357,7 +357,7 @@ function html_page_start($p_theme="", $p_script="",
$p_script2="")
<LINK REL="stylesheet" type="text/css" href="calendar-blue.css"
media="screen">
';
// language
- if (isset($_SESSION['g_lang']))
+ if (isset($_SESSION[SESSION_KEY.'g_lang']))
{
set_language();
}
@@ -710,7 +710,7 @@ function set_language()
{
// desactivate local check
if ( defined("LOCALE") && LOCALE==0 ) return;
- if ( ! isset ($_SESSION['g_lang'])) return;
+ if ( ! isset ($_SESSION[SESSION_KEY.'g_lang'])) return;
/*
* If translation is not supported by current
@@ -721,12 +721,12 @@ function set_language()
// set differently the language depending of the operating system
if (what_os() == 1)
{
- $dir = setlocale(LC_MESSAGES, $_SESSION['g_lang']);
+ $dir = setlocale(LC_MESSAGES, $_SESSION[SESSION_KEY.'g_lang']);
if ($dir == "")
{
$g_lang = 'fr_FR.utf8';
$dir = setlocale(LC_MESSAGES, $g_lang);
- // echo '<span class="notice">' . $_SESSION['g_lang'] . ' domaine
non supporté</h2>';
+ // echo '<span class="notice">' . $_SESSION[SESSION_KEY.'g_lang'] .
' domaine non supporté</h2>';
}
bindtextdomain('messages', NOALYSS_HOME.'/lang');
textdomain('messages');
@@ -735,8 +735,8 @@ function set_language()
return;
}
// for windows
- putenv('LANG=' . $_SESSION['g_lang']);
- $dir = setlocale(LC_ALL, $_SESSION['g_lang']);
+ putenv('LANG=' . $_SESSION[SESSION_KEY.'g_lang']);
+ $dir = setlocale(LC_ALL, $_SESSION[SESSION_KEY.'g_lang']);
bindtextdomain('messages', '.\\lang');
textdomain('messages');
bind_textdomain_codeset('messages', 'UTF8');
@@ -851,9 +851,9 @@ function format_date($p_date, $p_from_format =
'YYYY-MM-DD',$p_to_format='DD.MM.
function ajax_disconnected($div)
{
/**
- * if $_SESSION['g_user'] is not set : echo a warning
+ * if $_SESSION[SESSION_KEY.'g_user'] is not set : echo a warning
*/
- if (!isset($_SESSION['g_user']))
+ if (!isset($_SESSION[SESSION_KEY.'g_user']))
{
$script = 'var a=$("' . $div .
'");a.style.height="70%";a.style.width="60%";';
$script.='a.style.top=posY-20+offsetY;a.style.left=posX+offsetX;';
diff --git a/include/lib/icard.class.php b/include/lib/icard.class.php
index 9fbb741..f1dc236 100644
--- a/include/lib/icard.class.php
+++ b/include/lib/icard.class.php
@@ -344,7 +344,7 @@ class ICard extends HtmlInput
static public function test_me()
{
require_once NOALYSS_INCLUDE.'/lib/itext.class.php';
- $_SESSION['isValid']=1;
+ $_SESSION[SESSION_KEY.'isValid']=1;
$a=new ICard('testme');
$a->extra="all";
$a->set_attribute('label', 'ctl_label');
diff --git a/include/lib/idate.class.php b/include/lib/idate.class.php
index ea1a105..3deb069 100644
--- a/include/lib/idate.class.php
+++ b/include/lib/idate.class.php
@@ -18,16 +18,17 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
-// Copyright Author Dany De Bontridder danydb@aevalys.eu
+// Copyright Author Dany De Bontridder danydb@noalyss.eu
/**
*\file
- \brief Html Input
+ \brief Html Input Date type
*/
/// Html Input : Input a date format dd.mm.yyyy
/// The property title should be set to indicate what it is expected
+/// @see calendar-setup.js
require_once NOALYSS_INCLUDE.'/lib/html_input.class.php';
class IDate extends HtmlInput
@@ -74,14 +75,15 @@ class IDate extends HtmlInput
</span>
',$this->name,$this->id,$this->value,$this->placeholder,$this->title,$this->id
);
-
+ // @see calendar-setup.js
$r.=sprintf('<script type="text/javascript">
Calendar.setup({'.
- 'inputField : "%s", // id of the input field
- ifFormat : "%%d.%%m.%%Y", // format of the input
field
- button : "%s_trigger", // trigger for the calendar
(button ID)
- align : "Bl", // alignment (defaults to "Bl")
- singleClick : true
+ 'inputField : "%s",
+ ifFormat : "%%d.%%m.%%Y",
+ button : "%s_trigger",
+ align : "Bl",
+ singleClick : true,
+ firstDay:0
});
</script>'
,$this->id,$this->id);
diff --git a/include/lib/noalyss_csv.class.php
b/include/lib/noalyss_csv.class.php
index 6694034..7e56757 100644
--- a/include/lib/noalyss_csv.class.php
+++ b/include/lib/noalyss_csv.class.php
@@ -46,10 +46,10 @@ class Noalyss_Csv
$this->size=0;
$a_field=[';',','];
- $this->sep_field=$a_field[$_SESSION['csv_fieldsep']];
+ $this->sep_field=$a_field[$_SESSION[SESSION_KEY.'csv_fieldsep']];
$a_field=['.',','];
- $this->sep_dec=$a_field[$_SESSION['csv_decimal']];
- $this->encoding=$_SESSION['csv_encoding'];
+ $this->sep_dec=$a_field[$_SESSION[SESSION_KEY.'csv_decimal']];
+ $this->encoding=$_SESSION[SESSION_KEY.'csv_encoding'];
}
diff --git a/include/lib/user_common.php b/include/lib/user_common.php
index 5c77c61..5a2be36 100644
--- a/include/lib/user_common.php
+++ b/include/lib/user_common.php
@@ -69,7 +69,7 @@ function isValid_deprecrated ($p_cn,$p_grpt_id)
* \param $p_javascript javascript code to add
* \note example :
\verbatim
- $step=$_SESSION['g_pagesize'];
+ $step=$_SESSION[SESSION_KEY.'g_pagesize'];
$page=(isset($_GET['offset']))?$_GET['page']:1;
$offset=(isset($_GET['offset']))?$_GET['offset']:0;
@@ -82,10 +82,10 @@ function
navigation_bar($p_offset,$p_line,$p_size=0,$p_page=1,$p_javascript="")
{
// if the pagesize is unlimited return ""
// in that case there is no nav. bar
- if ( $_SESSION['g_pagesize'] == -1 ) return "";
+ if ( $_SESSION[SESSION_KEY.'g_pagesize'] == -1 ) return "";
if ( $p_size==0)
{
- $p_size= $_SESSION['g_pagesize'];
+ $p_size= $_SESSION[SESSION_KEY.'g_pagesize'];
}
// if there is no row return an empty string
if ( $p_line == 0 ) return "";
diff --git a/include/template/module.php b/include/template/module.php
index 2f79243..09e635b 100644
--- a/include/template/module.php
+++ b/include/template/module.php
@@ -11,14 +11,14 @@
<?php
$http=new HttpInput();
if ( $cn->get_value("select count(*) from profile join profile_user using
(p_id)
- where user_name=$1 and
with_calc=true",array($_SESSION['g_user'])) ==1):
+ where user_name=$1 and
with_calc=true",array($_SESSION[SESSION_KEY.'g_user'])) ==1):
echo '<div id="calc">';
echo IButton::show_calc();
echo '</div>';
endif;
if ( $cn->get_value("select count(*) from profile join profile_user using
(p_id)
- where user_name=$1 and
with_direct_form=true",array($_SESSION['g_user'])) ==1):
+ where user_name=$1 and
with_direct_form=true",array($_SESSION[SESSION_KEY.'g_user'])) ==1):
?>
<div id="direct">
<form method="get">
diff --git a/include/template/todo_list_display.php
b/include/template/todo_list_display.php
index ea4844e..3171c18 100644
--- a/include/template/todo_list_display.php
+++ b/include/template/todo_list_display.php
@@ -100,7 +100,7 @@ echo
HtmlInput::title_box("Note","todo_list_div".$this->tl_id,'close',$close_sha
<?php echo HtmlInput::hidden('id',$this->tl_id) ?>
<p style='text-align: center'>
<ol style="list-style: none;">
- <?php if ($this->use_login == $_SESSION['g_user']) : ?>
+ <?php if ($this->use_login == $_SESSION[SESSION_KEY.'g_user']) : ?>
<li style="display:inline">
<input type="submit" class="smallbutton" value="<?php echo
_('Sauve');?>" onclick="todo_list_save(<?php echo $this->tl_id?>);return false">
</li>
diff --git a/unit-test/global.example.php b/unit-test/global.example.php
index 70f4ab1..69e2a51 100644
--- a/unit-test/global.example.php
+++ b/unit-test/global.example.php
@@ -28,7 +28,7 @@ define ("DOSSIER",48);
$_REQUEST['gDossier'] = DOSSIER;
$g_connection=new Database(DOSSIER);
$g_parameter = new Noalyss_Parameter_Folder($g_connection);
-$_SESSION['g_user']='phpcompta';
-$_SESSION['g_pass']='dany';
-$_SESSION['g_pagesize']='50';
+$_SESSION[SESSION_KEY.'g_user']='phpcompta';
+$_SESSION[SESSION_KEY.'g_pass']='dany';
+$_SESSION[SESSION_KEY.'g_pagesize']='50';
$g_user=new User($g_connection);
diff --git a/unit-test/global.php b/unit-test/global.php
index e2271a2..0d4a005 100644
--- a/unit-test/global.php
+++ b/unit-test/global.php
@@ -29,9 +29,9 @@ if (!defined("DOSSIER"))define ("DOSSIER",25);
$_REQUEST['gDossier'] = DOSSIER;
$g_connection=new Database(DOSSIER);
$g_parameter = new Noalyss_Parameter_Folder($g_connection);
-$_SESSION['g_user']='admin';
-$_SESSION['g_pass']='phpcompta';
-$_SESSION['g_pagesize']='50';
+$_SESSION[SESSION_KEY.'g_user']='admin';
+$_SESSION[SESSION_KEY.'g_pass']='phpcompta';
+$_SESSION[SESSION_KEY.'g_pagesize']='50';
$g_user=new User($g_connection);
require_once __DIR__.'/facility.class.php';
\ No newline at end of file
- [Noalyss-commit] [noalyss] branch master updated (a723604 -> 9e40622), Dany De Bontridder, 2021/01/15
- [Noalyss-commit] [noalyss] 02/12: SQL : improve vw_fiche_attr with index, Dany De Bontridder, 2021/01/15
- [Noalyss-commit] [noalyss] 03/12: Task #0001869: Session key : clef de session,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 01/12: Export GL PDF : no row found for an accounting, Dany De Bontridder, 2021/01/15
- [Noalyss-commit] [noalyss] 04/12: Bug : if all the quantity are NULL, then we have only one row in jrn, Dany De Bontridder, 2021/01/15
- [Noalyss-commit] [noalyss] 05/12: Generate document : DESCRIPTION for invoice (e_comm), Dany De Bontridder, 2021/01/15
- [Noalyss-commit] [noalyss] 08/12: code cleaning and replace $_SERVER['SCRIPT_FILENAME'] by $_SERVER['PHP_SELF'] SCRIPT_FILENAME in a FPM environment is the CGI script, Dany De Bontridder, 2021/01/15
- [Noalyss-commit] [noalyss] 09/12: Card : attribute 54 is now a column for each card, Dany De Bontridder, 2021/01/15
- [Noalyss-commit] [noalyss] 10/12: javascript message , use function htmlspecialchar instead of escape_xml, Dany De Bontridder, 2021/01/15
- [Noalyss-commit] [noalyss] 06/12: Bug : DESCRIPTION tag, Dany De Bontridder, 2021/01/15
- [Noalyss-commit] [noalyss] 12/12: Tache #1844 Menu : ouverture menu par défaut, Dany De Bontridder, 2021/01/15
- [Noalyss-commit] [noalyss] 11/12: Correct bug #0001882: predefined operation ODS not visible, Dany De Bontridder, 2021/01/15
- [Noalyss-commit] [noalyss] 07/12: Card : attribute 54 is now a column for each card, Dany De Bontridder, 2021/01/15