Thanks Joe, - Changeset 3069.
5,926 10/01/2012 09:15:53 am
Re: Difference between "Purchase order" and "Our order" (11 replies, posted in Accounts Payable)
5,927 10/01/2012 09:12:16 am
Re: Direct Invoice for Services (5 replies, posted in Setup)
Hope BugFix on ChangeSet 3069 solves your issue.
5,928 10/01/2012 09:09:08 am
Re: HR and Payroll Module (66 replies, posted in Modules Add-on's)
In the Google code page for the payroll module, no code commits are there after May 7th 2012. Also no download of any source file is provided. Hence has the development page gone elsewhere?
The 2 clones are also of same vintage.
5,929 09/25/2012 07:10:35 pm
Re: Different Database for Every Company (9 replies, posted in FA Modifications)
The same would apply to different databases (assuming db names too are sequential / guessable) if permitted for the same db user. That is why the db user too must be different for each company's different database.
A config variable can be introduced to decide if the session variables (db user, db name, db pwd) should be allowed to pre-populate the create company form with initial values. Each company should have their own db user with privileges for their company's prefix only.
Thankyou for pointing out the vulnerability with fine clarity. In the meanwhile, we should not give restore functionality to the company admins and keep it with the Super Admin only.
Another possible solution (may not apply to limited hosting accounts) would be to auto generate the db name, db username, and db password for the company using a non displayed privileged db user.
One more solution would be to parse the sqls for create / insert (no select or update) statements only and pertaining to the current user's company prefix alone during a restore. Beware of compound insert cum select statements.
5,930 09/25/2012 06:52:22 pm
Re: Release 2.3 - Creating Extensions and Modules. How to? (16 replies, posted in Modules Add-on's)
After the release of FA v2.3.12 (Mercurial Changeset 3061), important changes have been made (in Mercurial Changeset 3068) to the all default themes' renderer.php files that need to be backported to the existing non default themes to make them compatible for use in future releases.
In Mercurial Changeset 3068 certain rendering functions viz.,
check_application_access
check_module_access
hide_inaccessible_menu_itemshave been shifted from
themes/*/renderer.php filesto
includes/current_user.incHence in the hitherto non-default themes, the renderer.php files must get rid of the said functions and replace the following calls:
$this->check_application_access($app)
$this->check_application_access($selected_app)
$this->check_module_access($module)
$this->hide_inaccessible_menu_items()with
$_SESSION["wa_current_user"]->check_application_access($app)
$_SESSION["wa_current_user"]->check_application_access($selected_app)
$_SESSION["wa_current_user"]->check_module_access($module)
$_SESSION["wa_current_user"]->hide_inaccessible_menu_items()respectively.
Consequently, the function menu_header in the themes/*/renderer.php file will no longer need access to the variable $show_inaccessible_menu_items from the global context as it now has access to it's SESSION variable instead.
ie.,
global $path_to_root, $help_base_url, $db_connections, $show_inaccessible_menu_items;will now be:
global $path_to_root, $help_base_url, $db_connections;5,931 09/25/2012 01:35:53 pm
Re: Different Database for Every Company (9 replies, posted in FA Modifications)
Disable rights for the dbuser for the said default db in question!
Anyway, only the default admin company (0) gets to use the Create/Add New Company Meny Item - so where's the security vulnerability?
5,932 09/21/2012 12:16:20 pm
Re: The POS (22 replies, posted in Accounts Receivable)
Web ERP's lead developer Phil Daintree's company LogicWorks provides a compiled POS connector and desktop application (Win, Lin, Mac - Counter-Logic Point of Sale System) for an annual fee of USD 75/-. There is no such equivalent in FA - AFAIK. It is based on Python and compiled and uses the Zadig USB Driver Installer from the libwdi project on Sourceforge and Python esc/pos project at Googlecode.
With rich HTML5 capabilities, it shouldn't be long before a completely free POS becomes available for FA. Chris Muench's PHP Point of Sale was free till they went closed source (USD 99/- per install with 1yr free upgrades), the last free version with all features are available as a WebApp for the BlueQuartz/BlueOnyx project (BQBO-webapp-phpos-11.3.pkg) and is privately available with a few developers.
The current open source version fork of the PHPPOS is available as Open Source POS. Their latest v2.01 released a few days ago is here.
5,933 09/21/2012 12:03:08 pm
Re: Different Database for Every Company (9 replies, posted in FA Modifications)
Even without this, one can still change the database name before submitting the form to add a new company. Infact, the new different database may already have been created outside of FA and that is what v2.3.12 actually solves.
5,934 09/21/2012 07:47:20 am
Topic: BLOOMBERG Added to list of XCHG Rate Providers and config fix (0 replies, posted in FA Modifications)
Check out the Bug Fix 1792 and control the default exchange rate provider in config.php file.....
Download Xchg_Rate_Fix.zip.
Works wonderfully on v2.3.12.
Hope this and the earlier BugFix 1785 make it to the core code base of v2.3.12 soon.....
Is the development work to be exclusively shifted to the v2.4 branch for now?
5,935 09/21/2012 07:40:40 am
Re: redirecting to login page again and again (19 replies, posted in Installation)
check permissions of the /var/php_sessions/ folder and ask godaddy to fix it.
5,936 09/20/2012 11:02:39 am
Re: Remove Drop Down Company (6 replies, posted in FA Modifications)
In what way is your login screen different from the standard one? Check the diffs of the login.php and see what has changed....
5,937 09/19/2012 07:44:59 am
Re: HR and Payroll Module (66 replies, posted in Modules Add-on's)
Awaiting module for testing.
Looks great.
Will it be availabe for v2.4 only?
Tried out the project (not working) on google code - looks like the install functions do not match the current v2.3.12 module install specs.
Have created a tarball of the latest google repo at:
To get it, had to install Git on Lenny and update it thus:
apt-get update
apt-get install git git-core
cd /usr/src
wget http://ftp.us.debian.org/debian/pool/main/g/git/git_1.7.2.5-3_amd64.deb
dpkg -i git_1.7.2.5-3_amd64.deb
wget http://ftp.us.debian.org/debian/pool/main/g/git/git-core_1.7.2.5-3_all.deb
dpkg -i git-core_1.7.2.5-3_all.debGoogle code repo accepts only Git v1.6.6+ and Lenny had v1.5.6+ only.
Then did a clone:
git clone https://code.google.com/p/fa-payroll-module/
tar -czf FA_Payroll_Module_Git_`date +%Y-%m-%d`.tar.gz fa-payroll-module5,938 09/19/2012 04:39:46 am
Re: Payroll Module Development (34 replies, posted in Modules Add-on's)
Attempting a git clone of the fa payroll module from google results in an error:
# git clone https://code.google.com/p/fa-payroll-module/
Initialized empty Git repository in /var/lib/vz/Repos/Git/fa-payroll-module/.git/
warning: remote HEAD refers to nonexistent ref, unable to checkout.5,939 09/18/2012 03:20:41 pm
Re: no Config.php (3 replies, posted in Installation)
Windows or Linux - generally permissions affect all linux boxes and the newer windows server boxes.
In linux, chmod / chown are your friends.
5,940 09/17/2012 11:33:15 am
Re: Securimage CAPTCHA Integration into FA (9 replies, posted in FA Modifications)
Thanks Janusz, no hurry. Meanwhile, have posted updated LoginDelay Fix for BugPost 1785
5,941 09/16/2012 07:21:00 am
Topic: FA v2.3.12 released (7 replies, posted in Announcements)
FrontAccounting v2.3.12 has been released over the weekend and since the primary site is not fully updated, the links are as follows:
Please note that the forum post on CAPTCHA integration needs to be modified to suit the new login failed attempts delay feature in this version.
Please see this forum post on same database usage vulnerability and fixes.
Snapshots as on 14th Nov 2012 (Mercurial Build 3099) are available: v2.3.12+ and v2.4a. Please test them extensively to obtain a bug free next release. Those who want to install only the 46 files that have changed in Mercurial Build 3099 since the release of v2.3.12 can take them from the attachment herein. The changes in config.default.php need to be made in the existing config.php file.
5,942 09/15/2012 08:23:41 am
Re: Securimage CAPTCHA Integration into FA (9 replies, posted in FA Modifications)
If it doesn't make it to the code base, can it find a place in the Wiki? (Placed in Wiki)
Now that the failed login delay feature has been introduced in v2.3.12, the above code needs to modified carefully in the light of changes to login.php and other files listed above.
5,943 09/15/2012 08:22:08 am
Re: Securimage CAPTCHA Integration into FA (9 replies, posted in FA Modifications)
Configurable Delay after specified login attempts is quite nice. May need to store login attempts somewhere or stale failed logins would false trigger.
Since the captcha is only on initial login (not for timeouts) and is configurable in the config.php would it's integration into the base code prove troublesome? The download size would become huge due tot he audio scripts - maybe another config variable for controlling audio enablement on captcha would be desirable. Yes the CAPTCHA proved very tiresome during repetitive testing....
Can it be encapsulated as an optional plugin (bundled with securimage code) ?
5,944 09/14/2012 03:56:34 pm
Topic: Securimage CAPTCHA Integration into FA (9 replies, posted in FA Modifications)
Would you like the Securimage CAPTCHA integration to get into the code base for the current v2.3.11+ in mercurial repo?
Details at:
Feature Posted At Bugs (#1783) Site
Download in debian with:
cd /var/www
wget -O securimage.tar.gz https://github.com/dapphp/securimage/tarball/master
mkdir -p /var/www/frontac/securimage
tar -xzf securimage.tar.gz -C /var/www/frontac/securimage --strip-components=1FA Securimage Integration notes:
FA uses it's own session name computed using the domain / uri string it was installed at.
FA's JavaScripts for Ajax and other HttpRequests use the default PHPSESSID session name.
The Securimage SQLite DB is not being used by default andonly SESSION variables are used.
The Audio files account for over 95% of the securimage download size.
CAPTCHA Session variables used:
$_SESSION = Array (
......
[securimage_code_disp] => Array ( [default] => bnGp24 )
[securimage_code_value] => Array ( [default] => bngp24 )
[securimage_code_ctime] => Array ( [default] => 1347630909)
) The files:
Place the securimage library in the securimage folder at the webroot.
Copy the securimage/securimage_show.php to securimage/securimage_show_n.php
File: securimage/securimage_show_n.php
Insert at the very top after the opening PHP tag:
$sn = (isset($_GET['sn']) ? trim($_GET['sn']) : 'PHPSESSID');
$oldsess = session_name($sn);Append at the very last:
session_name($oldsess);File: config.default.php
Append before last closing PHP tag:
/* Should FA use CAPTCHA for login form?
false for no true for yes
Get the securimage code at https://github.com/dapphp/securimage/zipball/master
Extract the contents into the securimage folder under the webroot.
*/
$use_captcha_for_login = false;The above variable must be set to true for CAPTCHA use.
It defaults to false for backwards compatibility.
File: access/login.php
Insert at Line 102:
// Use CAPTCHA only for fresh login and not for timeouts
if ($use_captcha_for_login && !($login_timeout))
{
start_row();
?>
<td colspan="2">
<img id="siimage"
style="border: 1px solid #000; margin-right: 15px"
src="securimage/securimage_show_n.php?sn=<?php echo session_name(); ?>&sid=<?php echo md5(uniqid()) ?>"
alt="CAPTCHA Image" align="left">
<object type="application/x-shockwave-flash"
data="securimage/securimage_play.swf?bgcol=#ffffff&icon_file=securimage/images/audio_icon.png&audio_file=securimage/securimage_play.php"
height="32" width="32">
<param name="movie"
value="securimage/securimage_play.swf?bgcol=#ffffff&icon_file=securimage/images/audio_icon.png&audio_file=securimage/securimage_play.php" />
</object>
<a tabindex="-1" style="border-style: none;" href="#" title="Refresh Image"
onclick="document.getElementById('siimage').src = 'securimage/securimage_show_n.php?sn=<?php echo session_name(); ?>&sid=' + Math.random(); this.blur(); return false">
<img src="securimage/images/refresh.png" alt="Reload Image"
height="32" width="32"
onclick="this.blur()" align="bottom" border="0"></a>
<br />
<strong>Enter Code*:</strong><br />
<input type="text" name="ct_captcha" size="12" maxlength="8" />
</td>
<?php
end_row();
}File: includes/current_user.inc
Insert at Line 78:
if (!($this->timeout)) captchacheck();Append following function before last closing PHP tag:
function captchacheck() {
global $use_captcha_for_login;
if ($use_captcha_for_login) {
// make sure that login_timeout is not affected
if (isset($_POST['ct_captcha'])) $_SESSION['ct_captcha'] = $_POST['ct_captcha'];
// Check CAPTCHA
require_once 'securimage/securimage.php';
$securimage = new Securimage();
$usrcaptcha = $_SESSION['ct_captcha'];
if ($securimage->check($usrcaptcha) == false) {
// CAPTCHA Failed
echo "The security code entered was incorrect.<br /><br />";
echo "Please go <a href='javascript:history.go(-1)'>back</a> and try again.";
// captcha session variables used - unset still cannot prevent cached image
// unset($_SESSION['securimage_code_disp']);
// unset($_SESSION['securimage_code_value']);
// unset($_SESSION['securimage_code_ctime']);
exit;
// return false;
} else {
// CAPTCHA OK
return true;
}
} else return true;
}5,945 09/13/2012 04:10:56 am
Re: Customer Payment not updated (11 replies, posted in Report Bugs here)
Just check if the following changeset 3055 in Mercurial does the job:
5,946 09/12/2012 05:29:55 pm
Re: Date Format Modification to dd-Mmm-YYYY (18 replies, posted in FA Modifications)
The above does NOT WORK at all. There is no question of including it for now. I am in the process of digging into what all code is getting affected.
The date picker does not work at all correctly for this feature choice as of now.
This is only a preliminary delving into the mire that the code currently is.
5,947 09/11/2012 05:19:32 pm
Re: Date Format Modification to dd-Mmm-YYYY (18 replies, posted in FA Modifications)
Anyone wishing to carry on this development can take the modified and unmodified files (based on FA v2.3.11+ Mercurial changeset 3053) altered here from:
http://www.apmuthu.com/bugfixes/fac-dev … format.zip
No way to upload files here!
includes/ui/simple_crud_class.inc has some functions with no change in formatting dates - maybe need to use them - _format_output and _format_input
5,948 09/11/2012 04:34:34 pm
Re: Date Format Modification to dd-Mmm-YYYY (18 replies, posted in FA Modifications)
Ref Code:
date_cells(_("From:"), 'AfterDate', '', null, -30);
The html output in FF 15.0.1 for an incorrect display for this format that now shows for one field is:
<input
autocomplete="off"
_last_val="2012-07-13"
name="AfterDate"
class="date"
size="10"
maxlength="12"
value="2012-07-13"
type="text">
<a
tabindex="-1"
href="javascript:date_picker(document.getElementsByName('AfterDate')[0]);">
<img
src="../../themes/default/images/cal.gif"
alt="Click Here to Pick up the date"
border="0"
height="16"
width="16">
</a>Ref Code:
date_cells(_("To:"), 'BeforeDate');
The html output in FF 15.0.1 for a correct initial display field (but not working input function) would be like:
<input
autocomplete="off"
_last_val="12-Aug-2012"
name="BeforeDate"
class="date"
size="10"
maxlength="12"
value="12-Aug-2012"
type="text">
<a
tabindex="-1"
href="javascript:date_picker(document.getElementsByName('BeforeDate')[0]);">
<img
src="../../themes/default/images/cal.gif"
alt="Click Here to Pick up the date"
border="0"
height="16"
width="16">
</a>The initial input size value of 10 may need to become 11 for this format....
The parameters for the functions date_cells and date_row are same and for reference are:
$label,
$name,
$title = null,
$check=null,
$inc_days=0,
$inc_months=0,
$inc_years=0,
$params=null,
$submit_on_change=false5,949 09/11/2012 04:25:43 pm
Re: Date Format Modification to dd-Mmm-YYYY (18 replies, posted in FA Modifications)
Additional places that need to be modified will be the date picker in the files
includes/ui/ui_input.inc (function date_cells)
and
includes/ui/ui_view.inc (function get_js_date_picker)
The insertion places in function get_js_date_picker would be:
At line 842
$monthst = array(_("Jan"),_("Feb"),_("Mar"),_("Apr"),_("May"),_("Jun"),_("Jul"),_("Aug"),_("Sep"),_("Oct"),_("Nov"),_("Dec"));and in the js string at line 922
var monthst = ['$monthst[0]','$monthst[1]','$monthst[2]','$monthst[3]','$monthst[4]','$monthst[5]','$monthst[6]','$monthst[7]','$monthst[8]','$monthst[9]','$monthst[10]','$monthst[11]'];Lines around 1043 can now be altered to:
if ($how == 0)
$js .= "
var dateString = month+'$sep'+day+'$sep'+year;
";
else if ($how == 1)
$js .= "
var dateString = day+'$sep'+month+'$sep'+year;
";
else if ($how == 2)
$js .= "
var dateString = year+'$sep'+month+'$sep'+day;
";
else // ($how == 3)
$js .= "
var dateString = year+'$sep'+monthst[month-1]+'$sep'+day;
";Lines around 1180 can now be altered to:
if ($how == 3)
$js .= "
selectedDay = parseInt(dateParts[0],10);
selectedMonth = monthst.indexOf(dateParts[1])+1;
selectedYear = parseInt(dateParts[2],10);
";
else if ($how == 0)
$js .= "
selectedMonth = parseInt(dateParts[0],10);
selectedDay = parseInt(dateParts[1],10);
selectedYear = parseInt(dateParts[2],10);
";
else if ($how == 1)
$js .= "
selectedDay = parseInt(dateParts[0],10);
selectedMonth = parseInt(dateParts[1],10);
selectedYear = parseInt(dateParts[2],10);
";
else
$js .= "
selectedYear = parseInt(dateParts[0],10);
selectedMonth = parseInt(dateParts[1],10);
selectedDay = parseInt(dateParts[2],10);
";It still does not work fully........
5,950 09/11/2012 02:57:38 pm
Re: Date Format Modification to dd-Mmm-YYYY (18 replies, posted in FA Modifications)
Proposed changes for additional date format.
File: config.php / config.default.php
Replace Line 139:
$dateformats = array("MMDDYYYY", "DDMMYYYY", "YYYYMMDD");
With:
$dateformats = array("MMDDYYYY", "DDMMYYYY", "YYYYMMDD", "DDMmmYYYY");
Correct "defalt" to "default" in commented line 143.
File: includes/date_functions.inc
1.
Replace lines 38-39:
else
return $year.$sep.$month.$sep.$day;
With:
elseif ($how == 2)
return $year.$sep.$month.$sep.$day;
else
return $day.$sep.date('M', $year.$month.$day).$sep.$year;
2. Altered fragment in function is_date($date_)
elseif (strlen($date_) == 8)
{
if ($how == 3) // So as not to affect Jalali processing
{
$day = substr($date_,0,1);
$month = date('m', strtotime(substr($date_,1,3)));
$year = substr($date_,4,4);
}
elseif ($how == 0)
{
$day = substr($date_,2,2);
$month = substr($date_,0,2);
$year = substr($date_,4,4);
}
elseif ($how == 1)
{
$day = substr($date_,0,2);
$month = substr($date_,2,2);
$year = substr($date_,4,4);
}
else
{
$day = substr($date_,6,2);
$month = substr($date_,4,2);
$year = substr($date_,0,4);
}
}
elseif (strlen($date_) == 9)
{
if ($how == 3)
{
$day = substr($date_,0,2);
$month = date('m', strtotime(substr($date_,2,3)));
$year = substr($date_,5,4);
}
else
return 0;
}3. Altered fragment in function sql2date[$date_)
// Split up the date by the separator based on "how" to split it
if ($how == 0) // MMDDYYYY
list($month, $day, $year) = explode($sep, $date_);
elseif ($how == 1) // DDMMYYYY
list($day, $month, $year) = explode($sep, $date_);
elseif ($how == 2) // YYYYMMDD
list($year, $month, $day) = explode($sep, $date_);
elseif ($how == 3) // DDMmmYYYY
list($year, $month, $day) = explode($sep, date('Y-m-d', strtotime($date_)));
else
return "";