New: add shareds thirparties between entities

2025-12-17 23:11:29 +01:00 · 2012-01-11 00:16:17 +08:00
parent d7022815d0
commit cb286a2449
21 changed files with 186 additions and 193 deletions
--- a/htdocs/comm/fiche.php
+++ b/htdocs/comm/fiche.php
@@ -3,7 +3,7 @@
 * Copyright (C) 2004-2011 Laurent Destailleur         <eldy@users.sourceforge.net>
 * Copyright (C) 2004      Eric Seigne                 <eric.seigne@ryxeo.com>
 * Copyright (C) 2006      Andre Cianfarani            <acianfa@free.fr>
- * Copyright (C) 2005-2011 Regis Houssin               <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin               <regis@dolibarr.fr>
 * Copyright (C) 2008      Raphael Bertrand (Resultic) <raphael.bertrand@resultic.fr>
 * Copyright (C) 2010-2011 Juanjo Menent               <jmenent@2byte.es>
 *
@@ -51,7 +51,7 @@ if (!empty($conf->global->MAIN_MODULE_CHRONODOCS)) $langs->load("chronodocs");
 // Security check
 $id = (GETPOST('socid','int') ? GETPOST('socid','int') : GETPOST('id'));
 if ($user->societe_id > 0) $id=$user->societe_id;
-$result = restrictedArea($user,'societe',$id,'');
+$result = restrictedArea($user,'societe',$id,'&societe');
 $action		= GETPOST('action');
 $mode		= GETPOST("mode");
@@ -478,6 +478,7 @@ if ($id > 0)
 		$sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as p, ".MAIN_DB_PREFIX."c_propalst as c";
 		$sql.= " WHERE p.fk_soc = s.rowid AND p.fk_statut = c.id";
 		$sql.= " AND s.rowid = ".$object->id;
 		$sql.= " AND p.entity = ".$conf->entity;
 		$sql.= " ORDER BY p.datep DESC";
 		$resql=$db->query($sql);
@@ -536,6 +537,7 @@ if ($id > 0)
 		$sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c";
 		$sql.= " WHERE c.fk_soc = s.rowid ";
 		$sql.= " AND s.rowid = ".$object->id;
 		$sql.= " AND c.entity = ".$conf->entity;
 		$sql.= " ORDER BY c.date_commande DESC";
 		$resql=$db->query($sql);
@@ -585,10 +587,11 @@ if ($id > 0)
 		$contratstatic=new Contrat($db);
 		$sql = "SELECT s.nom, s.rowid, c.rowid as id, c.ref as ref, c.statut, c.datec as dc";
-		$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c";
+		$sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c";
-		$sql .= " WHERE c.fk_soc = s.rowid ";
+		$sql.= " WHERE c.fk_soc = s.rowid ";
-		$sql .= " AND s.rowid = ".$object->id;
+		$sql.= " AND s.rowid = ".$object->id;
-		$sql .= " ORDER BY c.datec DESC";
+		$sql.= " AND c.entity = ".$conf->entity;
 		$sql.= " ORDER BY c.datec DESC";
 		$resql=$db->query($sql);
 		if ($resql)
@@ -642,10 +645,11 @@ if ($id > 0)
 	if ($conf->ficheinter->enabled && $user->rights->ficheinter->lire)
 	{
 		$sql = "SELECT s.nom, s.rowid, f.rowid as id, f.ref, f.fk_statut, f.duree as duration, f.datei as startdate";
-		$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."fichinter as f";
+		$sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."fichinter as f";
-		$sql .= " WHERE f.fk_soc = s.rowid";
+		$sql.= " WHERE f.fk_soc = s.rowid";
-		$sql .= " AND s.rowid = ".$object->id;
+		$sql.= " AND s.rowid = ".$object->id;
-		$sql .= " ORDER BY f.tms DESC";
+		$sql.= " AND f.entity = ".$conf->entity;
 		$sql.= " ORDER BY f.tms DESC";
 		$fichinter_static=new Fichinter($db);
@@ -704,6 +708,7 @@ if ($id > 0)
 		$sql.= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture as f";
 		$sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiement_facture as pf ON f.rowid=pf.fk_facture';
 		$sql.= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id;
 		$sql.= " AND f.entity = ".$conf->entity;
 		$sql.= ' GROUP BY f.rowid, f.facnumber, f.type, f.amount, f.total, f.total_ttc,';
 		$sql.= ' f.datef, f.datec, f.paye, f.fk_statut,';
 		$sql.= ' s.nom, s.rowid';
@@ -863,8 +868,8 @@ else
 	dol_print_error($db,'Bad value for socid parameter');
 }
 llxFooter();
 $db->close();
 llxFooter();
 ?>
--- a/htdocs/comm/list.php
+++ b/htdocs/comm/list.php
@@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2001-2006 Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2004-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -99,7 +99,7 @@ if ($search_sale || !$user->rights->societe->client->voir) $sql.= ", ".MAIN_DB_P
 if ($search_categ) $sql.= ", ".MAIN_DB_PREFIX."categorie_societe as cs";
 $sql.= " WHERE s.fk_stcomm = st.id";
 $sql.= " AND s.client IN (1, 3)";
-$sql.= " AND s.entity = ".$conf->entity;
+$sql.= ' AND s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')';
 if (!$user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 if ($socid) $sql.= " AND s.rowid = ".$socid;
 if ($search_sale) $sql.= " AND s.rowid = sc.fk_soc";		// Join for the needed table to filter by sale
--- a/htdocs/comm/prospect/list.php
+++ b/htdocs/comm/prospect/list.php
@@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2001-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2004-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2011 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
 * Copyright (C) 2011      Philippe Grand       <philippe.grand@atoo-net.com>
 *
 * This program is free software; you can redistribute it and/or modify
@@ -178,7 +178,7 @@ $sql.= ", ".MAIN_DB_PREFIX."societe as s";
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_departements as d on (d.rowid = s.fk_departement)";
 $sql.= " WHERE s.fk_stcomm = st.id";
 $sql.= " AND s.client IN (2, 3)";
-$sql.= " AND s.entity = ".$conf->entity;
+$sql.= ' AND s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')';
 if ($user->societe_id) $sql.= " AND s.rowid = " .$user->societe_id;
 if ($search_sale) $sql.= " AND s.rowid = sc.fk_soc";		// Join for the needed table to filter by sale
 if ($search_categ) $sql.= " AND s.rowid = cs.fk_societe";	// Join for the needed table to filter by categ
--- a/htdocs/contact/exportimport.php
+++ b/htdocs/contact/exportimport.php
@@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2006-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2006      Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2006-2012 Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -31,7 +31,7 @@ $langs->load("companies");
 // Security check
 $contactid = isset($_GET["id"])?$_GET["id"]:'';
 if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'contact', $contactid, 'socpeople');
+$result = restrictedArea($user, 'contact', $contactid, 'socpeople&societe');
 /*
--- a/htdocs/contact/fiche.php
+++ b/htdocs/contact/fiche.php
@@ -2,7 +2,7 @@
 /* Copyright (C) 2004-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2004-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2004      Benoit Mortier       <benoit.mortier@opensides.be>
- * Copyright (C) 2005-2011 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
 * Copyright (C) 2007      Franky Van Liedekerke <franky.van.liedekerke@telenet.be>
 *
 * This program is free software; you can redistribute it and/or modify
@@ -58,7 +58,7 @@ if (! empty($canvas))
 }
 // Security check
-$result = restrictedArea($user, 'contact', $id, 'socpeople', '', '', '', $objcanvas); // If we create a contact with no company (shared contacts), no check on write permission
+$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', '', $objcanvas); // If we create a contact with no company (shared contacts), no check on write permission
 // Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array
 include_once(DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php');
--- a/htdocs/contact/info.php
+++ b/htdocs/contact/info.php
@@ -1,6 +1,7 @@
 <?php
 /* Copyright (C) 2004      Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2004-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -32,7 +33,7 @@ $langs->load("companies");
 // Security check
 $contactid = isset($_GET["id"])?$_GET["id"]:'';
 if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'contact',$contactid,'socpeople');
+$result = restrictedArea($user, 'contact', $contactid, 'socpeople&societe');
@@ -60,7 +61,8 @@ dol_print_object_info($contact);
 print "</div>";
 llxFooter();
 $db->close();
 llxFooter();
 ?>
--- a/htdocs/contact/ldap.php
+++ b/htdocs/contact/ldap.php
@@ -1,6 +1,6 @@
 <?php
-/* Copyright (C) 2006-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
+/* Copyright (C) 2006-2010	Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2006      Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2006-2012	Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -35,7 +35,7 @@ $langs->load("admin");
 // Security check
 $contactid = isset($_GET["id"])?$_GET["id"]:'';
 if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'contact', $contactid, 'socpeople');
+$result = restrictedArea($user, 'contact', $contactid, 'socpeople&societe');
 $contact = new Contact($db);
 $contact->fetch($_GET["id"], $user);
--- a/htdocs/contact/list.php
+++ b/htdocs/contact/list.php
@@ -2,7 +2,7 @@
 /* Copyright (C) 2001-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2003      Eric Seigne          <erics@rycks.com>
 * Copyright (C) 2004-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2011 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -115,14 +115,13 @@ $form=new Form($db);
 $sql = "SELECT s.rowid as socid, s.nom,";
 $sql.= " p.rowid as cidp, p.name, p.firstname, p.poste, p.email,";
-$sql.= " p.phone, p.phone_mobile, p.fax, p.fk_pays, p.priv,";
+$sql.= " p.phone, p.phone_mobile, p.fax, p.fk_pays, p.priv, p.tms,";
 $sql.= " p.tms,";
 $sql.= " cp.code as pays_code";
 $sql.= " FROM ".MAIN_DB_PREFIX."socpeople as p";
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_pays as cp ON cp.rowid = p.fk_pays";
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = p.fk_soc";
 if (!$user->rights->societe->client->voir && !$socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
-$sql.= " WHERE p.entity = ".$conf->entity;
+$sql.= ' WHERE p.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')';
 if (!$user->rights->societe->client->voir && !$socid) //restriction
 {
 	$sql .= " AND (sc.fk_user = " .$user->id." OR p.fk_soc IS NULL)";
@@ -145,63 +144,63 @@ else
 if ($search_nom)        // filtre sur le nom
 {
-    $sql .= " AND p.name like '%".$db->escape($search_nom)."%'";
+    $sql .= " AND p.name LIKE '%".$db->escape($search_nom)."%'";
 }
 if ($search_prenom)     // filtre sur le prenom
 {
-    $sql .= " AND p.firstname like '%".$db->escape($search_prenom)."%'";
+    $sql .= " AND p.firstname LIKE '%".$db->escape($search_prenom)."%'";
 }
 if ($search_societe)    // filtre sur la societe
 {
-    $sql .= " AND s.nom like '%".$db->escape($search_societe)."%'";
+    $sql .= " AND s.nom LIKE '%".$db->escape($search_societe)."%'";
 }
 if (strlen($search_poste))    // filtre sur la societe
 {
-    $sql .= " AND p.poste like '%".$db->escape($search_poste)."%'";
+    $sql .= " AND p.poste LIKE '%".$db->escape($search_poste)."%'";
 }
 if (strlen($search_phone))
 {
-    $sql .= " AND (p.phone like '%".$db->escape($search_phone)."%' OR p.phone_perso like '%".$db->escape($search_phone)."%' OR p.phone_mobile like '%".$db->escape($search_phone)."%')";
+    $sql .= " AND (p.phone LIKE '%".$db->escape($search_phone)."%' OR p.phone_perso LIKE '%".$db->escape($search_phone)."%' OR p.phone_mobile LIKE '%".$db->escape($search_phone)."%')";
 }
 if (strlen($search_phoneper))
 {
-    $sql .= " AND p.phone like '%".$db->escape($search_phoneper)."%'";
+    $sql .= " AND p.phone LIKE '%".$db->escape($search_phoneper)."%'";
 }
 if (strlen($search_phonepro))
 {
-    $sql .= " AND p.phone_perso like '%".$db->escape($search_phonepro)."%'";
+    $sql .= " AND p.phone_perso LIKE '%".$db->escape($search_phonepro)."%'";
 }
 if (strlen($search_phonemob))
 {
-    $sql .= " AND p.phone_mobile like '%".$db->escape($search_phonemob)."%'";
+    $sql .= " AND p.phone_mobile LIKE '%".$db->escape($search_phonemob)."%'";
 }
 if (strlen($search_fax))
 {
-    $sql .= " AND p.fax like '%".$db->escape($search_fax)."%'";
+    $sql .= " AND p.fax LIKE '%".$db->escape($search_fax)."%'";
 }
 if (strlen($search_email))      // filtre sur l'email
 {
-    $sql .= " AND p.email like '%".$db->escape($search_email)."%'";
+    $sql .= " AND p.email LIKE '%".$db->escape($search_email)."%'";
 }
 if ($type == "o")        // filtre sur type
 {
    $sql .= " AND p.fk_soc IS NULL";
 }
-if ($type == "f")        // filtre sur type
+else if ($type == "f")        // filtre sur type
 {
-    $sql .= " AND fournisseur = 1";
+    $sql .= " AND s.fournisseur = 1";
 }
-if ($type == "c")        // filtre sur type
+else if ($type == "c")        // filtre sur type
 {
-    $sql .= " AND client IN (1, 3)";
+    $sql .= " AND s.client IN (1, 3)";
 }
-if ($type == "p")        // filtre sur type
+else if ($type == "p")        // filtre sur type
 {
-    $sql .= " AND client IN (2, 3)";
+    $sql .= " AND s.client IN (2, 3)";
 }
 if ($sall)
 {
-    $sql .= " AND (p.name like '%".$db->escape($sall)."%' OR p.firstname like '%".$db->escape($sall)."%' OR p.email like '%".$db->escape($sall)."%') ";
+    $sql .= " AND (p.name LIKE '%".$db->escape($sall)."%' OR p.firstname LIKE '%".$db->escape($sall)."%' OR p.email LIKE '%".$db->escape($sall)."%')";
 }
 if ($socid)
 {
--- a/htdocs/contact/perso.php
+++ b/htdocs/contact/perso.php
@@ -1,6 +1,7 @@
 <?php
 /* Copyright (C) 2004      Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2004-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -29,39 +30,36 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/contact.lib.php");
 $langs->load("companies");
 $langs->load("other");
-// Security check
+$id		= GETPOST('id','int');
-$contactid = isset($_GET["id"])?$_GET["id"]:'';
+$action	= GETPOST('action','alpha');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'contact', $contactid, 'socpeople');
 // Security check
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'contact', $id, 'socpeople&societe');
 $object = new Contact($db);
 /*
 * Action
 */
-if ($user->rights->societe->contact->creer)
+if ($action == 'update' && ! $_POST["cancel"] && $user->rights->societe->contact->creer)
 {
-    if ($_POST["action"] == 'update' && ! $_POST["cancel"])
+	$ret = $object->fetch($id);
-    {
+	
-        $contact = new Contact($db);
+	// Note: Correct date should be completed with location to have exact GM time of birth.
-        $contact->fetch($_POST["contactid"]);
+	$object->birthday = dol_mktime(0,0,0,$_POST["birthdaymonth"],$_POST["birthdayday"],$_POST["birthdayyear"]);
-
+	$object->birthday_alert = $_POST["birthday_alert"];
-        // Note: Correct date should be completed with location to have exact GM time of birth.
+	
-        $contact->birthday = dol_mktime(0,0,0,$_POST["birthdaymonth"],$_POST["birthdayday"],$_POST["birthdayyear"]);
+	$result = $object->update_perso($id, $user);
-        $contact->birthday_alert = $_POST["birthday_alert"];
+	if ($result > 0)
-
+	{
-        $result = $contact->update_perso($_POST["contactid"], $user);
+		$object->old_name='';
-
+		$object->old_firstname='';
-        if ($result > 0)
+	}
-        {
+	else
-            $contact->old_name='';
+	{
-            $contact->old_firstname='';
+		$error = $object->error;
-        }
+	}
        else
        {
            $error = $contact->error;
        }
    }
 }
@@ -75,44 +73,40 @@ llxHeader('',$langs->trans("ContactsAddresses"),'EN:Module_Third_Parties|FR:Modu
 $form = new Form($db);
-$contact = new Contact($db);
+$object->fetch($id, $user);
 $contact->fetch($_GET["id"], $user);
-$head = contact_prepare_head($contact);
+$head = contact_prepare_head($object);
 dol_fiche_head($head, 'perso', $langs->trans("ContactsAddresses"), 0, 'contact');
-
+if ($action == 'edit')
 if ($_GET["action"] == 'edit')
 {
-    /*
+	/*
-     * Fiche en mode edition
+	 * Fiche en mode edition
-     */
+	 */
    print '<table class="border" width="100%">';
-    print '<form name="perso" method="post" action="perso.php?id='.$_GET["id"].'">';
+    print '<form name="perso" method="POST" action="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'">';
    print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
    print '<input type="hidden" name="action" value="update">';
-    print '<input type="hidden" name="contactid" value="'.$contact->id.'">';
+    print '<input type="hidden" name="id" value="'.$object->id.'">';
    // Ref
    print '<tr><td width="20%">'.$langs->trans("Ref").'</td><td colspan="3">';
-    print $contact->id;
+    print $object->id;
    print '</td></tr>';
    // Name
-    print '<tr><td width="20%">'.$langs->trans("Lastname").' / '.$langs->trans("Label").'</td><td width="30%">'.$contact->nom.'</td>';
+    print '<tr><td width="20%">'.$langs->trans("Lastname").' / '.$langs->trans("Label").'</td><td width="30%">'.$object->lastname.'</td>';
-    print '<td width="20%">'.$langs->trans("Firstname").'</td><td width="30%">'.$contact->prenom.'</td>';
+    print '<td width="20%">'.$langs->trans("Firstname").'</td><td width="30%">'.$object->firstname.'</td>';
    // Company
    if (empty($conf->global->SOCIETE_DISABLE_CONTACTS))
    {
-        if ($contact->socid > 0)
+        if ($object->socid > 0)
        {
            $objsoc = new Societe($db);
-            $objsoc->fetch($contact->socid);
+            $objsoc->fetch($object->socid);
            print '<tr><td>'.$langs->trans("Company").'</td><td colspan="3">'.$objsoc->getNomUrl(1).'</td>';
        }
@@ -126,17 +120,17 @@ if ($_GET["action"] == 'edit')
    // Civility
    print '<tr><td>'.$langs->trans("UserTitle").'</td><td colspan="3">';
-    print $contact->getCivilityLabel();
+    print $object->getCivilityLabel();
    print '</td></tr>';
    // Date To Birth
    print '<tr><td>'.$langs->trans("DateToBirth").'</td><td>';
    $form=new Form($db);
-    print $form->select_date($contact->birthday,'birthday',0,0,1,"perso");
+    print $form->select_date($object->birthday,'birthday',0,0,1,"perso");
    print '</td>';
    print '<td colspan="2">'.$langs->trans("Alert").': ';
-    if ($contact->birthday_alert)
+    if ($object->birthday_alert)
    {
        print '<input type="checkbox" name="birthday_alert" checked="checked"></td>';
    }
@@ -165,20 +159,20 @@ else
    // Ref
    print '<tr><td width="20%">'.$langs->trans("Ref").'</td><td colspan="3">';
-    print $form->showrefnav($contact,'id');
+    print $form->showrefnav($object,'id');
    print '</td></tr>';
    // Name
-    print '<tr><td width="20%">'.$langs->trans("Lastname").' / '.$langs->trans("Label").'</td><td width="30%">'.$contact->name.'</td>';
+    print '<tr><td width="20%">'.$langs->trans("Lastname").' / '.$langs->trans("Label").'</td><td width="30%">'.$object->lastname.'</td>';
-    print '<td width="20%">'.$langs->trans("Firstname").'</td><td width="30%">'.$contact->firstname.'</td></tr>';
+    print '<td width="20%">'.$langs->trans("Firstname").'</td><td width="30%">'.$object->firstname.'</td></tr>';
    // Company
    if (empty($conf->global->SOCIETE_DISABLE_CONTACTS))
    {
-        if ($contact->socid > 0)
+        if ($object->socid > 0)
        {
            $objsoc = new Societe($db);
-            $objsoc->fetch($contact->socid);
+            $objsoc->fetch($object->socid);
            print '<tr><td>'.$langs->trans("Company").'</td><td colspan="3">'.$objsoc->getNomUrl(1).'</td></tr>';
        }
@@ -193,28 +187,28 @@ else
    // Civility
    print '<tr><td>'.$langs->trans("UserTitle").'</td><td colspan="3">';
-    print $contact->getCivilityLabel();
+    print $object->getCivilityLabel();
    print '</td></tr>';
    // Date To Birth
-    if ($contact->birthday != '')
+    if ($object->birthday != '')
    {
        include_once(DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php');
-        print '<tr><td>'.$langs->trans("DateToBirth").'</td><td colspan="3">'.dol_print_date($contact->birthday,"day");
+        print '<tr><td>'.$langs->trans("DateToBirth").'</td><td colspan="3">'.dol_print_date($object->birthday,"day");
        print ' &nbsp; ';
        //var_dump($birthdatearray);
        //print ($now-$birthdate).' - '.ConvertSecondToTime($now-$birthdate,'year').'<br>';
-        $ageyear=ConvertSecondToTime($now-$contact->birthday,'year')-1970;
+        $ageyear=ConvertSecondToTime($now-$object->birthday,'year')-1970;
-        $agemonth=ConvertSecondToTime($now-$contact->birthday,'month')-1;
+        $agemonth=ConvertSecondToTime($now-$object->birthday,'month')-1;
        if ($ageyear >= 2) print '('.$ageyear.' '.$langs->trans("DurationYears").')';
        else if ($agemonth >= 2) print '('.$agemonth.' '.$langs->trans("DurationMonths").')';
        else print '('.$agemonth.' '.$langs->trans("DurationMonth").')';
        print ' &nbsp; - &nbsp; ';
-        if ($contact->birthday_alert) print $langs->trans("BirthdayAlertOn");
+        if ($object->birthday_alert) print $langs->trans("BirthdayAlertOn");
        else print $langs->trans("BirthdayAlertOff");
        print '</td>';
    }
@@ -236,7 +230,7 @@ else
        if ($user->rights->societe->contact->creer)
        {
-            print '<a class="butAction" href="perso.php?id='.$_GET["id"].'&amp;action=edit">'.$langs->trans('Modify').'</a>';
+            print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&amp;action=edit">'.$langs->trans('Modify').'</a>';
        }
        print "</div>";
@@ -244,7 +238,8 @@ else
 }
 llxFooter();
 $db->close();
 llxFooter();
 ?>
--- a/htdocs/contact/vcard.php
+++ b/htdocs/contact/vcard.php
@@ -1,6 +1,7 @@
 <?php
 /* Copyright (C) 2004      Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2004-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
--- a/htdocs/core/class/commonobject.class.php
+++ b/htdocs/core/class/commonobject.class.php
@@ -1,21 +1,21 @@
 <?php
 /* Copyright (C) 2006-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2011 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
-* Copyright (C) 2010-2011 Juanjo Menent        <jmenent@2byte.es>
+ * Copyright (C) 2010-2011 Juanjo Menent        <jmenent@2byte.es>
-*
+ *
-* This program is free software; you can redistribute it and/or modify
+ * This program is free software; you can redistribute it and/or modify
-* it under the terms of the GNU General Public License as published by
+ * it under the terms of the GNU General Public License as published by
-* the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation; either version 2 of the License, or
-* (at your option) any later version.
+ * (at your option) any later version.
-*
+ * 
-* This program is distributed in the hope that it will be useful,
+ * This program is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-* GNU General Public License for more details.
+ * GNU General Public License for more details.
-*
+ * 
-* You should have received a copy of the GNU General Public License
+ * You should have received a copy of the GNU General Public License
-* along with this program. If not, see <http://www.gnu.org/licenses/>.
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
+ */
 /**
 *	\file       htdocs/core/class/commonobject.class.php
--- a/htdocs/core/class/conf.class.php
+++ b/htdocs/core/class/conf.class.php
@@ -2,7 +2,7 @@
 /* Copyright (C) 2003-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2003      Xavier Dutoit        <doli@sydesy.com>
 * Copyright (C) 2004-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2011 Regis Houssin      	<regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin      	<regis@dolibarr.fr>
 * Copyright (C) 2006 	   Jean Heimburger    	<jean@tiaris.info>
 *
 * This program is free software; you can redistribute it and/or modify
@@ -123,9 +123,7 @@ class Conf
 		$resql = $db->query($sql);
 		if ($resql)
-		{
+		{	
 			$multicompany_sharing=array();
 			$i = 0;
 			$numr = $db->num_rows($resql);
 			while ($i < $numr)
@@ -195,15 +193,14 @@ class Conf
 				$i++;
 			}
-			// Load shared elements between entities
+			// Load multicompany configuration
 			if (! empty($this->multicompany->enabled))
 			{
 				$ret = @dol_include_once('/multicompany/class/actions_multicompany.class.php');
 				if ($ret)
 				{
 					$mc = new ActionsMulticompany($db);
-					$this->multicompany->entity = $mc->loadEntity();
+					$mc->setValues($this);
 					$this->entities = $mc->loadSharedElements();
 				}
 			}
 		}
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -2196,7 +2196,9 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
    // More features to check
    $features = explode("&",$features);
-    //var_dump($features);
+    
    // More parameters
    list($dbtablename, $sharedelement) = explode('&', $dbtablename);
    // Check read permission from module
    // TODO Replace "feature" param into caller by first level of permission
@@ -2390,7 +2392,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
                }
                else
                {
-                	$sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
+                	$sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
                }
            }
            else if (in_array($feature,$checksoc))
@@ -2409,7 +2411,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
                    $sql.= " WHERE sc.fk_soc = ".$objectid;
                    $sql.= " AND sc.fk_user = ".$user->id;
                    $sql.= " AND sc.fk_soc = s.rowid";
-                    $sql.= " AND s.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
+                    $sql.= " AND s.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
                }
                // If multicompany and internal users with all permissions, check user is in correct entity
                else if (! empty($conf->multicompany->enabled))
@@ -2417,7 +2419,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
                    $sql = "SELECT s.rowid";
                    $sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
                    $sql.= " WHERE s.rowid = ".$objectid;
-                    $sql.= " AND s.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
+                    $sql.= " AND s.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
                }
            }
            else if (in_array($feature,$checkother))
@@ -2438,7 +2440,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
                    $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = '".$user->id."'";
                    $sql.= " WHERE dbt.rowid = ".$objectid;
                    $sql.= " AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)";	// Contact not linked to a company or to a company of user
-                    $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
+                    $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
                }
                // If multicompany and internal users with all permissions, check user is in correct entity
                else if (! empty($conf->multicompany->enabled))
@@ -2446,7 +2448,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
                    $sql = "SELECT dbt.rowid";
                    $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
                    $sql.= " WHERE dbt.rowid = ".$objectid;
-                    $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
+                    $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
                }
            }
            else if (in_array($feature,$checkproject))
@@ -2480,7 +2482,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
                    $sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
                    $sql.= " AND sc.fk_soc = dbt.".$dbt_keyfield;
                    $sql.= " AND dbt.".$dbt_keyfield." = s.rowid";
-                    $sql.= " AND s.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
+                    $sql.= " AND s.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
                    $sql.= " AND sc.fk_user = ".$user->id;
                }
                // If multicompany and internal users with all permissions, check user is in correct entity
@@ -2489,7 +2491,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
                    $sql = "SELECT dbt.".$dbt_select;
                    $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
                    $sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
-                    $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
+                    $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
                }
            }
--- a/htdocs/core/modules/societe/mod_codeclient_monkey.php
+++ b/htdocs/core/modules/societe/mod_codeclient_monkey.php
@@ -1,6 +1,7 @@
 <?php
-/* Copyright (C) 2004      Rodolphe Quiedeville <rodolphe@quiedeville.org>
+/* Copyright (C) 2004		Rodolphe Quiedeville	<rodolphe@quiedeville.org>
- * Copyright (C) 2006-2007 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2006-2007	Laurent Destailleur		<eldy@users.sourceforge.net>
 * Copyright (C) 2006-2012	Regis Houssin			<regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -116,6 +117,7 @@ class mod_codeclient_monkey extends ModeleThirdPartyCode
        $sql = "SELECT MAX(SUBSTRING(".$field." FROM ".$posindice.")) as max";   // This is standard SQL
 		$sql.= " FROM ".MAIN_DB_PREFIX."societe";
 		$sql.= " WHERE ".$field." LIKE '".$prefix."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 		$resql=$db->query($sql);
 		if ($resql)
@@ -126,7 +128,7 @@ class mod_codeclient_monkey extends ModeleThirdPartyCode
 		}
 		else
 		{
-			dol_syslog("mod_codeclient_monkey::getNextValue sql=".$sql);
+			dol_syslog(get_class($this)."::getNextValue sql=".$sql, LOG_ERR);
 			return -1;
 		}
@@ -135,7 +137,7 @@ class mod_codeclient_monkey extends ModeleThirdPartyCode
 		$yymm = strftime("%y%m",$date);
 		$num = sprintf("%04s",$max+1);
-		dol_syslog("mod_codeclient_monkey::getNextValue return ".$prefix.$yymm."-".$num);
+		dol_syslog(get_class($this)."::getNextValue return ".$prefix.$yymm."-".$num);
 		return $prefix.$yymm."-".$num;
 	}
@@ -195,7 +197,7 @@ class mod_codeclient_monkey extends ModeleThirdPartyCode
 			}
 		}
-		dol_syslog("mod_codeclient_monkey::verif type=".$type." result=".$result);
+		dol_syslog(get_class($this)."::verif type=".$type." result=".$result);
 		return $result;
 	}
@@ -213,7 +215,8 @@ class mod_codeclient_monkey extends ModeleThirdPartyCode
 		$sql = "SELECT code_client FROM ".MAIN_DB_PREFIX."societe";
 		$sql.= " WHERE code_client = '".$code."'";
 		if ($soc->id > 0) $sql.= " AND rowid != ".$soc->id;
-
+		
 		dol_syslog(get_class($this)."::verif_dispo sql=".$sql, LOG_DEBUG);
 		$resql=$db->query($sql);
 		if ($resql)
 		{
--- a/htdocs/product/liste.php
+++ b/htdocs/product/liste.php
@@ -136,7 +136,7 @@ else
    	//$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur as pf ON p.rowid = pf.fk_product";
    	$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON p.rowid = pfp.fk_product";
    //}
-    $sql.= ' WHERE p.entity IN (0,'.(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).')';
+    $sql.= ' WHERE p.entity IN ('.(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).')';
    if ($search_categ) $sql.= " AND p.rowid = cp.fk_product";	// Join for the needed table to filter by categ
    if ($sall)
    {
--- a/htdocs/societe/class/client.class.php
+++ b/htdocs/societe/class/client.class.php
@@ -35,13 +35,11 @@ class Client extends Societe
    /**
     *  Constructor
     *
-     *  @param	DoliDB	$DB		Database handler
+     *  @param	DoliDB	$db		Database handler
     */
-    function Client($DB)
+    function __construct($db)
    {
-        global $config;
+        $this->db = $db;
        $this->db = $DB;
    }
    /**
@@ -64,8 +62,8 @@ class Client extends Societe
        	$sql.= " WHERE sc.fk_user = " .$user->id;
        	$clause = "AND";
        }
-        $sql.= " ".$clause." s.client in (1,2,3)";
+        $sql.= " ".$clause." s.client IN (1,2,3)";
-        $sql.= " AND s.entity = ".$conf->entity;
+        $sql.= ' AND s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')';
        $sql.= " GROUP BY s.client";
        $resql=$this->db->query($sql);
--- a/htdocs/societe/class/societe.class.php
+++ b/htdocs/societe/class/societe.class.php
@@ -380,12 +380,7 @@ class Societe extends CommonObject
        dol_syslog(get_class($this)."::Update id=".$id." call_trigger=".$call_trigger." allowmodcodeclient=".$allowmodcodeclient." allowmodcodefournisseur=".$allowmodcodefournisseur);
        // For triggers
-        if ($call_trigger)
+        if ($call_trigger) $this->oldobject = dol_clone($this);
        {
        	$objectstatic=new Societe($this->db);
        	$objectstatic->fetch($id);
        	$this->oldobject = $objectstatic;
        }
        $now=dol_now();
--- a/htdocs/societe/document.php
+++ b/htdocs/societe/document.php
@@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2002-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2004-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2011 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
 * Copyright (C) 2010      Juanjo Menent        <jmenent@2byte.es>
 *
 * This program is free software; you can redistribute it and/or modify
@@ -46,7 +46,7 @@ if ($user->societe_id > 0)
 	$action='';
 	$socid = $user->societe_id;
 }
-$result = restrictedArea($user, 'societe', $socid);
+$result = restrictedArea($user, 'societe', $socid, '&societe');
 // Get parameters
 $sortfield = GETPOST("sortfield",'alpha');
--- a/htdocs/societe/index.php
+++ b/htdocs/societe/index.php
@@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2001-2006 Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2004-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2011 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -37,8 +37,6 @@ $result=restrictedArea($user,'societe',0,'','','','');
 $thirdparty_static = new Societe($db);
 /*
 * View
 */
@@ -61,7 +59,7 @@ $rowspan=2;
 print '<form method="post" action="'.DOL_URL_ROOT.'/societe/societe.php">';
 print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
 print '<table class="noborder" width="100%">';
-print "<tr class=\"liste_titre\">";
+print '<tr class="liste_titre">';
 print '<th colspan="3">'.$langs->trans("Search").'</th></tr>';
 print "<tr $bc[0]><td>";
 print $langs->trans("Name").':</td><td><input class="flat" type="text" size="14" name="search_nom_only"></td>';
@@ -83,7 +81,7 @@ $total=0;
 $sql = "SELECT s.rowid, s.client, s.fournisseur";
 $sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
 if (! $user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
-$sql.= " WHERE s.entity = ".$conf->entity;
+$sql.= ' WHERE s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')';
 if (! $user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 if ($socid)	$sql.= " AND s.rowid = ".$socid;
@@ -152,7 +150,7 @@ $max=15;
 $sql = "SELECT s.rowid, s.nom as name, s.client, s.fournisseur, s.canvas, s.tms as datem, s.status as status";
 $sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
 if (! $user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
-$sql.= " WHERE s.entity = ".$conf->entity;
+$sql.= ' WHERE s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')';
 if (! $user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 if ($socid)	$sql.= " AND s.rowid = ".$socid;
 $sql.= " AND (";
@@ -243,7 +241,8 @@ else
 print '</td></tr></table>';
 llxFooter();
 $db->close();
 llxFooter();
 ?>
--- a/htdocs/societe/soc.php
+++ b/htdocs/societe/soc.php
@@ -3,7 +3,7 @@
 * Copyright (C) 2003      Brian Fraval         <brian@fraval.org>
 * Copyright (C) 2004-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2005      Eric Seigne          <eric.seigne@ryxeo.com>
- * Copyright (C) 2005-2011 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
 * Copyright (C) 2008	   Patrick Raguin       <patrick.raguin@auguria.net>
 * Copyright (C) 2010-2011 Juanjo Menent        <jmenent@2byte.es>
 *
@@ -66,7 +66,7 @@ if (! empty($canvas))
 }
 // Security check
-$result = restrictedArea($user, 'societe', $socid, '', '', '', '', $objcanvas);
+$result = restrictedArea($user, 'societe', $socid, '&societe', '', '', '', $objcanvas);
 // Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array
 include_once(DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php');
--- a/htdocs/societe/socnote.php
+++ b/htdocs/societe/socnote.php
@@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2001-2003,2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2004-2011      Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2006      Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012      Regis Houssin        <regis@dolibarr.fr>
 * Copyright (C) 2010           Juanjo Menent        <jmenent@2byte.es>
 *
 * This program is free software; you can redistribute it and/or modify
@@ -32,11 +32,11 @@ $action = isset($_GET["action"])?$_GET["action"]:$_POST["action"];
 $langs->load("companies");
 // Security check
-$socid = isset($_GET["socid"])?$_GET["socid"]:$_POST["socid"];
+$socid = GETPOST('socid','int');
 if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'societe', $socid);
+$result = restrictedArea($user, 'societe', $socid, '&societe');
 $object = new Societe($db);
 /*
 * Actions
@@ -44,11 +44,9 @@ $result = restrictedArea($user, 'societe', $socid);
 if ($action == 'add' && ! GETPOST('cancel'))
 {
-    $sql = "UPDATE ".MAIN_DB_PREFIX."societe SET note='".$db->escape($_POST["note"])."' WHERE rowid=".$_POST["socid"];
+    // TODO move to DAO class
 	$sql = "UPDATE ".MAIN_DB_PREFIX."societe SET note='".$db->escape($_POST["note"])."' WHERE rowid=".$socid;
    $result = $db->query($sql);
    $_GET["socid"]=$_POST["socid"];   // Pour retour sur fiche
    $socid = $_GET["socid"];
 }
@@ -65,49 +63,48 @@ llxHeader('',$langs->trans("ThirdParty").' - '.$langs->trans("Notes"),$help_url)
 if ($socid > 0)
 {
-    $societe = new Societe($db);
+	$object->fetch($socid);
    $societe->fetch($socid);
    /*
     * Affichage onglets
     */
    if ($conf->notification->enabled) $langs->load("mails");
-    $head = societe_prepare_head($societe);
+    $head = societe_prepare_head($object);
    dol_fiche_head($head, 'note', $langs->trans("ThirdParty"),0,'company');
-    print "<form method=\"post\" action=\"".DOL_URL_ROOT."/societe/socnote.php\">";
+    print '<form method="POST" action="'.$_SERVER['PHP_SELF'].'">';
    print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
    print '<table class="border" width="100%">';
    print '<tr><td width="20%">'.$langs->trans('ThirdPartyName').'</td>';
    print '<td colspan="3">';
-    print $form->showrefnav($societe,'socid','',($user->societe_id?0:1),'rowid','nom');
+    print $form->showrefnav($object,'socid','',($user->societe_id?0:1),'rowid','nom');
    print '</td></tr>';
    if (! empty($conf->global->SOCIETE_USEPREFIX))  // Old not used prefix field
    {
-        print '<tr><td>'.$langs->trans('Prefix').'</td><td colspan="3">'.$societe->prefix_comm.'</td></tr>';
+        print '<tr><td>'.$langs->trans('Prefix').'</td><td colspan="3">'.$object->prefix_comm.'</td></tr>';
    }
-    if ($societe->client)
+    if ($object->client)
    {
        print '<tr><td>';
        print $langs->trans('CustomerCode').'</td><td colspan="3">';
-        print $societe->code_client;
+        print $object->code_client;
-        if ($societe->check_codeclient() <> 0) print ' <font class="error">('.$langs->trans("WrongCustomerCode").')</font>';
+        if ($object->check_codeclient() <> 0) print ' <font class="error">('.$langs->trans("WrongCustomerCode").')</font>';
        print '</td></tr>';
    }
-    if ($societe->fournisseur)
+    if ($object->fournisseur)
    {
        print '<tr><td>';
        print $langs->trans('SupplierCode').'</td><td colspan="3">';
-        print $societe->code_fournisseur;
+        print $object->code_fournisseur;
-        if ($societe->check_codefournisseur() <> 0) print ' <font class="error">('.$langs->trans("WrongSupplierCode").')</font>';
+        if ($object->check_codefournisseur() <> 0) print ' <font class="error">('.$langs->trans("WrongSupplierCode").')</font>';
        print '</td></tr>';
    }
@@ -115,17 +112,17 @@ if ($socid > 0)
    print '<td valign="top">';
    if ($action == 'edit' && $user->rights->societe->creer)
    {
-        print "<input type=\"hidden\" name=\"action\" value=\"add\">";
+        print '<input type="hidden" name="action" value="add" />';
-        print "<input type=\"hidden\" name=\"socid\" value=\"".$societe->id."\">";
+        print '<input type="hidden" name="socid" value="'.$object->id.'" />';
        // Editeur wysiwyg
        require_once(DOL_DOCUMENT_ROOT."/core/class/doleditor.class.php");
-        $doleditor=new DolEditor('note',$societe->note,'',360,'dolibarr_notes','In',true,false,$conf->global->FCKEDITOR_ENABLE_SOCIETE,20,70);
+        $doleditor=new DolEditor('note',$object->note,'',360,'dolibarr_notes','In',true,false,$conf->global->FCKEDITOR_ENABLE_SOCIETE,20,70);
        $doleditor->Create();
    }
    else
    {
-        print dol_textishtml($societe->note)?$societe->note:dol_nl2br($societe->note,1,true);
+        print dol_textishtml($object->note)?$object->note:dol_nl2br($object->note,1,true);
    }
    print "</td></tr>";
@@ -156,14 +153,14 @@ if ($action != 'edit')
    if ($user->rights->societe->creer)
    {
-        print '<a class="butAction" href="'.DOL_URL_ROOT.'/societe/socnote.php?socid='.$societe->id.'&amp;action=edit">'.$langs->trans("Modify").'</a>';
+        print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?socid='.$object->id.'&amp;action=edit">'.$langs->trans("Modify").'</a>';
    }
    print '</div>';
 }
 llxFooter();
 $db->close();
 llxFooter();
 ?>