3,026 Reply by apmuthu

(3 replies, posted in Accounts Payable)

It may be some browser cache. Try to logout, clear cache and open the browser again (with no other browser instances open) and then login to void the delivery order and see what happens.

Also take a backup (1) and then create a delivery order and take a backup (2) and then void the delivery order and take a backup (3) and then compare the backups for what entries came in when the delivery order was created and what got taken out / modified when it was voided. Check as to what differences are there if the invoice too was created and voided and see what database changes exist and how it affects the FA processing.

Go to forum: Accounts Payable

3,027 Reply by apmuthu

(6 replies, posted in Report Bugs here)

This issue is now fully fixed in both versions in the official repo.

Those using the dashboard theme/extension and the dynamic and exclusive themes can make similar changes in the following files for FA 2.3 and where appropriate in the themes in FA 2.4:

Extensions

Line 92 in dashboard/widgets/customers.php - $filename = company_path(). "/pdf_files/". uniqid("").".png";
Line 92 in dashboard/widgets/dimensions.php - $filename = company_path(). "/pdf_files/". uniqid("").".png";
Line 97 in dashboard/widgets/glreturn.php - $filename = company_path(). "/pdf_files/". uniqid("").".png";
Line 98 in dashboard/widgets/items.php - $filename = company_path(). "/pdf_files/". uniqid("").".png";
Line 92 in dashboard/widgets/suppliers.php - $filename = company_path(). "/pdf_files/". uniqid("").".png";

Line 93 in import_transactions/includes/import_sales_cart_class.inc - $this->cart_id = uniqid(''); - Localised, so no change needed

Themes

Lines 306, 405, 506, 560, 623 in dynamic/renderer.php - $filename = company_path(). "/pdf_files/". uniqid("").".png";
Lines 265, 364, 465, 519, 582 in exclusive/renderer.php - $filename = company_path(). "/pdf_files/". uniqid("").".png";

The official repo for extension distribution for FA 2.3 will not be updated since it is EOL and if done will affect those with non-bleeding edge installs.

Go to forum: Report Bugs here

3,028 Reply by apmuthu

(6 replies, posted in Report Bugs here)

Consistent Excel Report download SOLVED!

First we need to include the fix in post 4 of this thread.
The issue of filenames starting with a hyphen or underscore may need to be addressed.
The function clean_file_name() in includes/main.inc can also do the job.

Since we are now allowing underscores(_) and hyphens (-) in the random_id()'s filenames, we need to allow it for excel filenames for download too.

Lines 30 to 55 in FA 2.3's reporting/prn_redirect.php:

if (isset($_GET['xls']))
{
    $filename = $_GET['filename'];
    $unique_name = preg_replace('/[^0-9a-z.]/i', '', $_GET['unique']);
    $path =  company_path(). '/pdf_files/';
    header("Content-type: application/vnd.ms-excel");
    header("Content-Disposition: attachment; filename=$filename" );
    header("Expires: 0");
    header("Cache-Control: must-revalidate, post-check=0,pre-check=0");
    header("Pragma: public");
    echo file_get_contents($path.$unique_name);
    exit();
}
elseif (isset($_GET['xml']))
{
    $filename = $_GET['filename'];
    $unique_name = preg_replace('/[^0-9a-z.]/i', '', $_GET['unique']);
    $path =  company_path(). '/pdf_files/';
    header("content-type: text/xml");
    header("Content-Disposition: attachment; filename=$filename");
    header("Expires: 0");
    header("Cache-Control: must-revalidate, post-check=0,pre-check=0");
    header("Pragma: public");
    echo file_get_contents($path.$unique_name);
    exit();
}

can be replaced with:

if (isset($_GET['xls']) || isset($_GET['xml']))
{
    $filename = $_GET['filename'];
    $unique_name = preg_replace("/[^0-9_a-z.\-]/i", '', $_GET['unique']);
    $path =  company_path(). '/pdf_files/';
    if (isset($_GET['xls'])) header("Content-type: application/vnd.ms-excel");
    else header("content-type: text/xml");
    header("Content-Disposition: attachment; filename=$filename" );
    header("Expires: 0");
    header("Cache-Control: must-revalidate, post-check=0,pre-check=0");
    header("Pragma: public");
    echo file_get_contents($path.$unique_name);
    exit();
}

@joe: please update both repos.

PHP PCRE (Regular Expressions) - CheatSheet | Tutorial.

Go to forum: Report Bugs here

3,029 Reply by apmuthu

(6 replies, posted in Report Bugs here)

The current commits for this issue breaks excel report formation consistency. Zero byte excel file downloads occur frequently and sometimes it works correctly.

The file includes/main.inc is "included" in the includes/session.inc file (apart from during installation in the install/isession.inc). It may have been possible that the file redirection (reporting/prn_redirect.php) to download the excel file did not have this initially - the said session file seems included though.

Line 719 in reporting/excel_report.inc:

        meta_forward($path_to_root.'/reporting/prn_redirect.php', "xls=1&filename=$this->filename&unique=$this->unique_name");

causes the redirection to download the excel file.

Line 33 in reporting/prn_redirect.php:

    $unique_name = preg_replace('/[^0-9a-z.]/i', '', $_GET['unique']);

seems to do some replacements that affect the downloaded filename.

@itronics / @joe: Is this necessary in the light of the current commits?

Go to forum: Report Bugs here

3,030 Reply by apmuthu

(6 replies, posted in Report Bugs here)

@itronics: please replace line 372 in FA 2.3's includes/main.inc:

    $id = strtr(base64_encode($bin), '+/', '-_');    // see RFC 4648 Section 5

with

    $id = strtr(base64_encode($bin), '+/=', '-_x');    // see RFC 4648 Section 5

and likewise in FA 2.4. The pad character "=" can be got rid off this way.
Before your commit, it was a 13 character file base name and it is now 24 (multiples of 8).
The original filename was like:
    dLPhO1A-K5vj5Dq4NxBA7w==.pdf
and the new file name will be like:
    4vuNUMXvAVsQVuHEVzlrdwxx.pdf

** Fixed in FA 2.3 and FA 2.4 commits.

Go to forum: Report Bugs here

3,031 Reply by apmuthu

(6 replies, posted in Report Bugs here)

As of 2015: PHP bug #70014 affects the reliability of openssl_random_pseudo_bytes(). paragonie/random_compat, backports random_bytes() from PHP 7 into PHP 5. One of the fallbacks it supports is openssl_random_pseudo_bytes(), but if it can read directly from /dev/urandom it will prefer that instead.

As of 2016: There's another bug with openssl_random_pseudo_bytes() (71915), which can result in duplicate values when you run it multiple times with the same process ID. Looks like it's fixed in 5.6.24.

Go to forum: Report Bugs here

3,032 Reply by apmuthu

(6 replies, posted in Report Bugs here)

@itronics: Thanks for the quick commits in FA 2.3 and FA 2.4. There seem to be some files left out.

The file includes/main.inc is expected to be included in every instance where it is used as the new function random_id() is defined there and it refers to a variable $cstrong which is not assigned yet. This is mostly okay as it is a return diagnostics value only. If there are any errors then just assign it a blank string before invocation as it is passed by reference.

The following files too use uniqid still and no changes in them yet in the commit done now:
1. includes/ui/ui_view.inc - $name = uniqid('_el',true);
2. reporting/includes/class.mail.inc - $this->boundary = md5(uniqid(time()));
3. reporting/includes/tcpdf.inc - $owner_pass = uniqid(rand());

4. sales/includes/cart_class.inc - $this->cart_id = uniqid(''); - This is just temporary cart id used to avoid erroneous concurrent edition inside single user session. This is not used in urls, so the security problem does not apply here.

In FA 2.4 additionally:
1. includes/dashboard.inc - $filename = company_path(). "/pdf_files/". uniqid("").".png"; - Fixed in this commit.

When changes are made to the files above, we need to make sure that the said new function random_id() is available therein. Those using it in extensions and using SOAP / RESTful APIs too need to take care by defining the function if it dows not exists at the point of invocation.

Go to forum: Report Bugs here

3,033 Topic by apmuthu

(6 replies, posted in Report Bugs here)

SecurityMaverick.com has listed a few and one such code that limits entropy is here.

Line 973 in reporting/includes/pdf_report.inc:

                $fname = $dir.'/'.uniqid('').'.pdf';

can be changed to

                $fname = $dir.'/'.md5(uniqid(mt_rand(), true)).'.pdf';

This improves the entropy from 10 to 29 bits but is still not good enough and is used in line 69 of includes/ui/ui_controls.inc.

Other places like this are in some repXXX.php files:

$filename = company_path(). "/pdf_files/". uniqid("").".png";

that need similar changes. Several others files in FA use uniqid too and will need some changes like this.

With or without the more_entropy option, uniqid(), as represented in the PHP sample code and documentation, results in poor entropy and should not be used.

@joe: can we include this in both repos?

Go to forum: Report Bugs here

3,034 Reply by apmuthu

(6 replies, posted in Setup)

Check whether the expected value is 'visible' and is used as needed in the included file in your error.

Go to forum: Setup

3,035 Reply by apmuthu

(3 replies, posted in Reporting)

PM access details - let us have a look.

Go to forum: Reporting

3,036 Reply by apmuthu

(3 replies, posted in Reporting)

Make sure you have the php GD libs installed and the files are readable by the webserver user. Try to save the jpg file from some other graphics program.

Go to forum: Reporting

3,037 Reply by apmuthu

(6 replies, posted in Setup)

When arithmetic computations occur whether in the sql statement or in the php expressions, there is room for additional decimal places. These are rounded off and discarded if the DELTA is below a threshold. Search for the constant FLOAT_COMP_DELTA in the FA files and see what gives.

It is defined in includes/current_user.inc and is used in the suppliers and customers "_db.inc" files.

define('FLOAT_COMP_DELTA', 0.004);

Go to forum: Setup

3,038 Reply by apmuthu

(6 replies, posted in Setup)

Have a look at the value 0.00 in the database tables and see if there is some 3rd decimal place error. If so, we may need to incorporate the DELTA difference makeover in the formula that computes it before triggering the red font. Provide the url part after the webroot that caused the error.

Go to forum: Setup

3,039 Reply by apmuthu

(1 replies, posted in FA Modifications)

The links are generated later after all lapp and rapp functions populate the menu array. If you need to open the link in a new tab/window you will either need to use the right click menu in your browser or create and use a new method in the application menu class.

Go to forum: FA Modifications

3,040 Reply by apmuthu

(1 replies, posted in Report Bugs here)

Which version of PHP / FA are you using?

Go to forum: Report Bugs here

3,041 Topic by apmuthu

(1 replies, posted in Translations)

Thanks to @tuananh88c25, Vietnamese Install language files are now committed in my unofficial GitHub Repo and are available at:
https://github.com/apmuthu/frontaccounting/tree/master/FAMods/install/lang/vi_VN

Transifex now has Vietnamese added for FrontAccounting v2.3.x with 1% of the strings translated for now and @tuananh88c25 has been added as a translator at:
https://www.transifex.com/gnuacademy/frontaccounting-1/language/vi_VN/

The Vietnamese core translation files are available at:
https://github.com/apmuthu/frontaccounting/tree/master/extensions/Languages/vi_VN

These files can now be added to the official translation as a pkg file.

Go to forum: Translations

3,042 Reply by apmuthu

(9 replies, posted in Announcements)

Approximtely 250 downloads a week for FA 2.3.25 on SourceForge still.

FA is becoming most popular in Germany in the last year and a half - home of SAP!

Go to forum: Announcements

3,043 Reply by apmuthu

(25 replies, posted in Reporting)

Replace line 201 in the new file:

    $sql .= " ORDER BY name";

with

    $sql .= " GROUP BY debtors_master.debtor_no ORDER BY name";

Go to forum: Reporting

3,044 Reply by apmuthu

(25 replies, posted in Reporting)

The said error occurs because you have the same salesman in 2 or more branches and the debtors_master does not specify a particular branch since it should be taken from the transaction itself....

Go to forum: Reporting

3,045 Reply by apmuthu

(2 replies, posted in Wish List)

This "licence" to mess up is actually a "feature" to make adjustments that might otherwise mess up standard reports by popping up there.

Anyway, you are right about trackable transactions need to be posted from their respective modules. Thanks for both your workarounds that will surely help others should they traverse the path you did. FA's open database structure saved the day even if taking it's pound of flesh in time and effort.

Go to forum: Wish List

3,046 Reply by apmuthu

(20 replies, posted in Announcements)

Upgrade 2.3.12 to 2.3.25+ first.
Then upgrade to FA 2.4RC1.

Otherwise close current accounting year in 2.3.12 and start the next accounting year in 2.4RC1.

Issues like what extensions are installed and need migration / updation, etc will need to be addressed.
This is apart from local customisation / extra fields and external linkages that need to be dealt with as well.

Go to forum: Announcements

3,047 Reply by apmuthu

(20 replies, posted in Announcements)

Enable / Activate the Fixed Assets Configuration permissions for your user role (System Administrator) for your company and make sure you have edit rights when you want to make such critical changes as it is disabled by default.

fixed_assets/includes/fa_classes_db.inc defines the function update_fixed_asset_class() which operates on the fields of the stock_fa_class table whose inactive field is not used for now in this file.

Go to forum: Announcements

3,048 Reply by apmuthu

(5 replies, posted in Setup)

Compare the schemas and see if there are any other changes.
Is there any upgrade sql in the "sql" folder that drops the auto_increment attribute?

The only PHP file that refers to the AUTO_INCREMENT attribute is admin/db/maintenance_db.inc in both versions.

Whilst "inactive' is not needed unless it's default / NULL property has changed, the primary key is needed if the AUTO_INCREMENT is absent.

Go to forum: Setup

3,049 Reply by apmuthu

(9 replies, posted in Reporting)

PM access info to check on other system.

Go to forum: Reporting

3,050 Reply by apmuthu

(5 replies, posted in Setup)

Logout, clear your browser cache, login again and then see if you get the same error. You may have used the browser's back button instead of the "back" link on the web page.

It is also possible that your sys_types table may be corrupted or inconsistent. The next_reference field is your target to investigate. This is generally used for transactions and may not apply to new customer creation.

The function add_customer() is defined in sales/includes/db/customers_db.inc - check out the sql in it and manually execute it in some mysql client and see what gives.

Go to forum: Setup