Issues in addFlight.php (master) - Issues in master - laudeco/bbc-dolibarr-flightlog - Measure and Improve Code Quality continuously with Scrutinizer

Issues (188)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

addFlight.php (1 issue)

Labels

Deprecated Code 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

// Load Dolibarr environment
if (false === (@include '../main.inc.php')) {  // From htdocs directory
    require '../../documents/custom/main.inc.php'; // From "custom" directory
}

global $db, $langs, $user, $conf;

dol_include_once('/commande/class/commande.class.php');
dol_include_once('/flightlog/class/bbcvols.class.php');
dol_include_once('/flightlog/class/bbctypes.class.php');
dol_include_once("/flightlog/lib/flightLog.lib.php");
dol_include_once("/flightlog/validators/FlightValidator.php");
dol_include_once("/flightlog/command/CommandInterface.php");
dol_include_once("/flightlog/command/CommandHandlerInterface.php");
dol_include_once("/flightlog/command/CreateFlightCommand.php");
dol_include_once("/flightlog/command/CreateFlightCommandHandler.php");

// Load translation files required by the page
$langs->load("mymodule@flightlog");

$validator = new FlightValidator($langs, $db, $conf->global->BBC_FLIGHT_TYPE_CUSTOMER);
$createFlightHandler = new CreateFlightCommandHandler($db, $conf, $user, $langs, $validator);

if (!$user->rights->flightlog->vol->add) {
    accessforbidden();
}

/* * *****************************************************************
 * ACTIONS
 *
 * Put here all code to do according to value of "action" parameter
 * ****************************************************************** */
$msg = '';
if (GETPOST("action") == 'add') {
    if (!$_POST["cancel"]) {
        $dated = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]);
        $isGroupedFlight = (int) GETPOST('grouped_flight', 'int', 2) === 1;
        $orderId = (int) GETPOST('order_id', 'int', 2);

        $volCommand = new CreateFlightCommand();
        $volCommand->setDate($dated)
            ->setLieuD($_POST['lieuD'])
            ->setLieuA($_POST['lieuA'])
            ->setHeureD($_POST['heureD'])
            ->setHeureA($_POST['heureA'])
            ->setBBCBallonsIdBBCBallons($_POST['ballon'])
            ->setNbrPax($_POST['nbrPax'])
            ->setRemarque($_POST['comm'])
            ->setIncidents($_POST['inci'])
            ->setFkType($_POST['type'])
            ->setFkPilot($_POST['pilot'])
            ->setFkOrganisateur($_POST['orga'])
            ->setKilometers($_POST['kilometers'])
            ->setCost($_POST['cost'])
            ->setFkReceiver($_POST['fk_receiver'])
            ->setJustifKilometers($_POST['justif_kilometers'])
            ->setPassengerNames($_POST['passenger_names'])
            ->setGroupedFlight($isGroupedFlight)
            ->setOrderId($orderId);

        try{
            $vol = $createFlightHandler->handle($volCommand);

            include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
            $interface = new Interfaces($db);
            $triggerResult = $interface->run_triggers('BBC_FLIGHT_LOG_ADD_FLIGHT', $vol, $user, $langs, $conf);

            $msg = '<div class="ok">L\'ajout du vol du : ' . $_POST["reday"] . '/' . $_POST["remonth"] . '/' . $_POST["reyear"] . ' s\'est correctement effectue ! </div>';
            Header("Location: card.php?id=" . $vol->id);
        }catch (\Exception $e){
            $msg = '<div class="error">Erreur lors de l\'ajout du vol : ' . $vol->error . '! </div>';
        }

    }
}


/* * *************************************************
 * PAGE
 *
 * Put here all code to build page
 * ************************************************** */

llxHeader('', 'Carnet de vol', '');

$html = new Form($db);
$commande = new Commande($db);
$datec = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]);
if ($msg) {
    print $msg;
}

?>

    <div class="errors error-messages">
        <?php
        foreach ($validator->getErrors() as $errorMessage) {
            print sprintf('<div class="error"><span>%s</span></div>', $errorMessage);
        }
        ?>
    </div>
    <form class="flight-form js-form" name='add' action="addFlight.php" method="post">
    <input type="hidden" name="action" value="add"/>

    <!-- Date et heures -->
    <section class="form-section">
        <h1 class="form-section-title"><?php echo $langs->trans('Date & heures'); ?></h1>
        <table class="border" width="100%">
            <?php
            //type du vol
            print "<tr>";
            print '<td class="fieldrequired"> Type du vol</td><td colspan="3">';
            select_flight_type($_POST['type']);

            print '</td></tr>';

            //date du vol
            print "<tr>";
            print '<td class="fieldrequired"> Date du vol</td><td>';
            print $html->select_date($datec ? $datec : -1, '', '', '', '', 'add', 1, 1);
            print '</td></tr>';

            //Hour start
            print '<tr><td class="fieldrequired">Heure de d&#233;part (format autorise XXXX)</td><td width="25%" >'; ?>
            <input type="text"
                   name="heureD"
                   class="flat <?php echo($validator->hasError('heureD') ? 'error' : '') ?>"
                   value="<?php echo $_POST['heureD'] ?>"/>
            </td>

            <?php
            //Hour end
            print '<td class="fieldrequired">Heure d\'arriv&#233;e (format autorise XXXX)</td><td>'; ?>
            <input type="text"
                   name="heureA"
                   class="flat <?php echo($validator->hasError('heureA') ? 'error' : '') ?>"
                   value="<?php echo $_POST['heureA'] ?>"/>
            </td>
            </tr>

        </table>
    </section>

    <section class="form-section">
        <h1 class="form-section-title"><?php echo $langs->trans('Pilote & ballon') ?></h1>
        <table class="border" width="50%">
            <?php
            //Pilote
            print "<tr>";
            print '<td class="fieldrequired"> Pilote </td><td >';
            print $html->select_dolusers($_POST["pilot"] ? $_POST["pilot"] : $user->id, 'pilot', 0, null, 0, '', '', 0,0,0,'',0,'','', true);
            print '</td></tr>';

            //Ballon
            print "<tr>";
            print '<td width="25%" class="fieldrequired">Ballon</td><td>';
            select_balloons($_POST['ballon'], 'ballon', 0, 0);
            print '</td></tr>';
            ?>

            <tr>
                <td>Il y'avait-il plusieurs ballons ?</td>
                <td colspan="3"><input type="checkbox" value="1" name="grouped_flight"/> - Oui</td>
            </tr>
        </table>
    </section>

    <section class="form-section">
        <h1 class="form-section-title"><?php echo $langs->trans('Lieux') ?></h1>
        <table class="border" width="100%">
            <?php

            //place start
            print "<tr>";
            print '<td class="fieldrequired">Lieu de d&#233;part </td><td width="25%" >';
            print '<input type="text" name="lieuD" class="flat" value="' . $_POST['lieuD'] . '"/>';
            print '</td>';

            //place end
            print '<td class="fieldrequired">Lieu d\'arriv&#233;e </td><td>';
            print '<input type="text" name="lieuA" class="flat" value="' . $_POST['lieuA'] . '"/>';
            print '</td></tr>';

            ?>

        </table>
    </section>

    <section class="form-section">
        <h1 class="form-section-title"><span class="js-organisator-field">Organisateur</span><span class="js-instructor-field">Instructeur</span></h1>
        <table class="border" width="50%">
            <tr>
                <td class="fieldrequired"><span class="js-organisator-field">Organisateur</span><span class="js-instructor-field">Instructeur</span></td>
                <td>
                <?php
                    //organisateur
                    print $html->select_dolusers($_POST["orga"] ? $_POST["orga"] : $user->id, 'orga', 0, null, 0, '', '', 0,0,0,'',0,'','', true);
                ?>
                </td>
            </tr>
        </table>
    </section>


    <section class="form-section js-expensable-field">
        <h1 class="form-section-title"><?php echo $langs->trans('Déplacements') ?></h1>
        <table class="border" width="50%">
            <!-- number of kilometers done for the flight -->
            <tr>
                <td class="fieldrequired">Nombre de kilometres effectués pour le vol</td>
                <td>
                    <input type="number" name="kilometers" class="flat <?php echo($validator->hasError('kilometers') ? 'error' : '') ?>" value="<?php echo $_POST['kilometers'] ?>"/>
                </td>
            </tr>

            <!-- Justif Kilometers -->
            <tr>

                <td width="25%" class="fieldrequired">Justificatif des KM </td>
                <td>
                    <textarea rows="2" cols="60" class="flat <?php echo($validator->hasError('justif_kilometers') ? 'error' : '') ?>" name="justif_kilometers"><?php echo $_POST['justif_kilometers'] ?>
                    </textarea>
                </td>
            </tr>
        </table>
    </section>

    <!-- Passagers -->
    <section class="form-section">
        <h1 class="form-section-title"><?php echo $langs->trans('Passager') ?></h1>
        <table class="border" width="50%">
            <tr>
                <td class="fieldrequired"><?php echo $langs->trans('Nombre de passagers'); ?></td>
                <td>
                    <input type="number"
                           name="nbrPax"
                           class="flat <?php echo $validator->hasError('nbrPax') ? 'error' : '' ?>"
                           value="<?php echo $_POST['nbrPax']?: 0 ?>"/>
                </td>
            </tr>

            <!-- passenger names -->
            <tr>
                <td width="25%" class="fieldrequired"><?php echo $langs->trans('Noms des passagers'); ?><br/>(Séparé par des ; )</td>
                <td>
                    <textarea name="passenger_names" cols="60" rows="2" class="flat <?php echo $validator->hasError('passenger_names') ? 'error' : '' ?>"><?php echo $_POST['passenger_names'] ?></textarea>
                </td>
            </tr>
        </table>
    </section>

    <!-- billing information -->
    <section class="form-section">
        <h1 class="form-section-title js-billable-field"><?php echo $langs->trans('Facturation') ?></h1>
        <table class="border" width="50%">

            <!-- Order -->
            <tr class=" js-billable-field">
                <td class="fieldrequired"><?php echo $langs->trans('Commande du vol')?></td>
                <td class="js-order">
                    <?php
                     echo $html->selectarray('order_id',$commande->liste_array(2),$_POST['order_id'], 1,0,0,'',0,0,0,'','minwidth200',1);
                    ?>
                </td>
            </tr>

            <!-- Money receiver -->
            <tr class="js-hide-order js-billable-field">
                <td class="fieldrequired"><?php echo $langs->trans('Qui a perçu l\'argent')?></td><td>
                    <?php print $html->select_dolusers($_POST["fk_receiver"] ? $_POST["fk_receiver"] : $user->id,
                        'fk_receiver', true, null, 0, '', '', 0,0,0,'',0,'','', true); ?>
                </td>
            </tr>

            <!-- Flight cost -->
            <tr class="js-hide-order js-billable-field">
                <td class="fieldrequired">Montant perçu</td>
                <td>
                    <input type="text" name="cost" class="flat  <?php echo $validator->hasError('cost') ? 'error' : '' ?>" value="<?php echo $_POST['cost'] ?> "/>
                    &euro;
                </td>
            </tr>
        </table>
    </section>

    <!-- comments -->
    <section class="form-section">
        <h1 class="form-section-title"><?php echo $langs->trans('Commentaires') ?></h1>
        <table class="border" width="50%">
            <!-- commentaires -->
            <tr class="">
                <td class="fieldrequired"> Commentaire </td><td>
                    <textarea rows="2" cols="60" class="flat" name="comm" placeholder="RAS"><?php print $_POST['comm']; ?></textarea>
                </td>
            </tr>

            <!-- incidents -->
            <tr class="">
                <td class="fieldrequired"> incidents </td><td>
                    <textarea rows="2" cols="60" class="flat" name="inci" placeholder="RAS"><?php print $_POST['inci']; ?></textarea>
                </td>
            </tr>
        </table>
    </section>
<?php

print '<br><input class="button" type="submit" value="' . $langs->trans("Save") . '"> &nbsp; &nbsp; ';
print '<input class="button" type="submit" name="cancel" value="' . $langs->trans("Cancel") . '">';

print '</form>';

$db->close();
?>

<script type="application/javascript">

    function hideOrderInformation (){
        var $this = $(this);

        if($this.val() > -1){
            $('input, select', '.js-hide-order').attr('disabled', 'disabled');
        }else{
            $('input, select', '.js-hide-order').removeAttr('disabled');
        }
    }

    /**
     * get the flight type object from an id.
     */
    function getFlightType(flightTypeId){
        var types = {
            1:{
                'billable' : 1,
                'expensable' : 1,
                'id' : 1
            },
            2:{
                'billable' : 1,
                'expensable' : 1,
                'id' : 2
            },
            3:{
                'billable' : 0,
                'expensable' : 0,
                'id' : 3
            },
            4:{
                'billable' : 0,
                'expensable' : 0,
                'id' : 4
            },
            5:{
                'billable' : 0,
                'expensable' : 0,
                'id' : 5
            },
            6:{
                'billable' : 0,
                'expensable' : 0,
                'id' : 6
            },
            7:{
                'billable' : 0,
                'expensable' : 0,
                'id' : 7
            }
        };

        var flightTypeNull = {
            'billable' : 0,
            'expensable' : 0,
            'id' : 0
        };

        return typeof types[flightTypeId] === 'undefined' ? flightTypeNull : types[flightTypeId];
    }

    function flightTypeChanged(){
        var $this = $(this);
        var typeId = $this.val();
        var flightType = getFlightType(typeId);

        if(flightType.billable === 1){
            $('.js-form .js-billable-field').removeClass('hidden');
        }else{
            $('.js-form .js-billable-field').addClass('hidden');
        }

        if(flightType.expensable === 1){
            $('.js-form .js-expensable-field').removeClass('hidden');
        }else{
            $('.js-form .js-expensable-field').addClass('hidden');
        }

        if(flightType.id === 6){
            //instruction flight
            $('.js-form .js-instructor-field').removeClass('hidden');
            $('.js-form .js-organisator-field').addClass('hidden');
        }else{
            $('.js-form .js-instructor-field').addClass('hidden');
            $('.js-form .js-organisator-field').removeClass('hidden');
        }

    }

    $(function(){
        $('.js-order select').on('change', hideOrderInformation);
        $('.js-order select').each(hideOrderInformation);

        $('.js-flight-type').on('change', flightTypeChanged);
        $('.js-flight-type').each(flightTypeChanged);
    });
</script>


1			<?php
2
3			// Load Dolibarr environment
4			if (false === (@include '../main.inc.php')) { // From htdocs directory
5			require '../../documents/custom/main.inc.php'; // From "custom" directory
6			}
7
8			global $db, $langs, $user, $conf;
9
10			dol_include_once('/commande/class/commande.class.php');
11			dol_include_once('/flightlog/class/bbcvols.class.php');
12			dol_include_once('/flightlog/class/bbctypes.class.php');
13			dol_include_once("/flightlog/lib/flightLog.lib.php");
14			dol_include_once("/flightlog/validators/FlightValidator.php");
15			dol_include_once("/flightlog/command/CommandInterface.php");
16			dol_include_once("/flightlog/command/CommandHandlerInterface.php");
17			dol_include_once("/flightlog/command/CreateFlightCommand.php");
18			dol_include_once("/flightlog/command/CreateFlightCommandHandler.php");
19
20			// Load translation files required by the page
21			$langs->load("mymodule@flightlog");
22
23			$validator = new FlightValidator($langs, $db, $conf->global->BBC_FLIGHT_TYPE_CUSTOMER);
24			$createFlightHandler = new CreateFlightCommandHandler($db, $conf, $user, $langs, $validator);
25
26			if (!$user->rights->flightlog->vol->add) {
27			accessforbidden();
28			}
29
30			/* * *****************************************************************
31			* ACTIONS
32			*
33			* Put here all code to do according to value of "action" parameter
34			* ****************************************************************** */
35			$msg = '';
36			if (GETPOST("action") == 'add') {
37			if (!$_POST["cancel"]) {
38			$dated = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]);
39			$isGroupedFlight = (int) GETPOST('grouped_flight', 'int', 2) === 1;
40			$orderId = (int) GETPOST('order_id', 'int', 2);
41
42			$volCommand = new CreateFlightCommand();
43			$volCommand->setDate($dated)
44			->setLieuD($_POST['lieuD'])
45			->setLieuA($_POST['lieuA'])
46			->setHeureD($_POST['heureD'])
47			->setHeureA($_POST['heureA'])
48			->setBBCBallonsIdBBCBallons($_POST['ballon'])
49			->setNbrPax($_POST['nbrPax'])
50			->setRemarque($_POST['comm'])
51			->setIncidents($_POST['inci'])
52			->setFkType($_POST['type'])
53			->setFkPilot($_POST['pilot'])
54			->setFkOrganisateur($_POST['orga'])
55			->setKilometers($_POST['kilometers'])
56			->setCost($_POST['cost'])
57			->setFkReceiver($_POST['fk_receiver'])
58			->setJustifKilometers($_POST['justif_kilometers'])
59			->setPassengerNames($_POST['passenger_names'])
60			->setGroupedFlight($isGroupedFlight)
61			->setOrderId($orderId);
62
63			try{
64			$vol = $createFlightHandler->handle($volCommand);
65
66			include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
67			$interface = new Interfaces($db);
68			$triggerResult = $interface->run_triggers('BBC_FLIGHT_LOG_ADD_FLIGHT', $vol, $user, $langs, $conf);
69
70			$msg = '<div class="ok">L\'ajout du vol du : ' . $_POST["reday"] . '/' . $_POST["remonth"] . '/' . $_POST["reyear"] . ' s\'est correctement effectue ! </div>';
71			Header("Location: card.php?id=" . $vol->id);
72			}catch (\Exception $e){
73			$msg = '<div class="error">Erreur lors de l\'ajout du vol : ' . $vol->error . '! </div>';
74			}
75
76			}
77			}
78
79
80			/* * *************************************************
81			* PAGE
82			*
83			* Put here all code to build page
84			* ************************************************** */
85
86			llxHeader('', 'Carnet de vol', '');
87
88			$html = new Form($db);
89			$commande = new Commande($db);
90			$datec = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]);
91			if ($msg) {
92			print $msg;
93			}
94
95			?>
96
97			<div class="errors error-messages">
98			<?php
99			foreach ($validator->getErrors() as $errorMessage) {
100			print sprintf('<div class="error"><span>%s</span></div>', $errorMessage);
101			}
102			?>
103			</div>
104			<form class="flight-form js-form" name='add' action="addFlight.php" method="post">
105			<input type="hidden" name="action" value="add"/>
106
107			<!-- Date et heures -->
108			<section class="form-section">
109			<h1 class="form-section-title"><?php echo $langs->trans('Date & heures'); ?></h1>
110			<table class="border" width="100%">
111			<?php
112			//type du vol
113			print "<tr>";
114			print '<td class="fieldrequired"> Type du vol</td><td colspan="3">';
115			select_flight_type($_POST['type']);
			0 ignored issues – show Deprecated Code introduced 2018-09-16 10:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function `select_flight_type()` has been deprecated with message: should use the form instead. Return list of flight type This function has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead. Loading history...
116			print '</td></tr>';
117
118			//date du vol
119			print "<tr>";
120			print '<td class="fieldrequired"> Date du vol</td><td>';
121			print $html->select_date($datec ? $datec : -1, '', '', '', '', 'add', 1, 1);
122			print '</td></tr>';
123
124			//Hour start
125			print '<tr><td class="fieldrequired">Heure de départ (format autorise XXXX)</td><td width="25%" >'; ?>
126			<input type="text"
127			name="heureD"
128			class="flat <?php echo($validator->hasError('heureD') ? 'error' : '') ?>"
129			value="<?php echo $_POST['heureD'] ?>"/>
130			</td>
131
132			<?php
133			//Hour end
134			print '<td class="fieldrequired">Heure d\'arrivée (format autorise XXXX)</td><td>'; ?>
135			<input type="text"
136			name="heureA"
137			class="flat <?php echo($validator->hasError('heureA') ? 'error' : '') ?>"
138			value="<?php echo $_POST['heureA'] ?>"/>
139			</td>
140			</tr>
141
142			</table>
143			</section>
144
145			<section class="form-section">
146			<h1 class="form-section-title"><?php echo $langs->trans('Pilote & ballon') ?></h1>
147			<table class="border" width="50%">
148			<?php
149			//Pilote
150			print "<tr>";
151			print '<td class="fieldrequired"> Pilote </td><td >';
152			print $html->select_dolusers($_POST["pilot"] ? $_POST["pilot"] : $user->id, 'pilot', 0, null, 0, '', '', 0,0,0,'',0,'','', true);
153			print '</td></tr>';
154
155			//Ballon
156			print "<tr>";
157			print '<td width="25%" class="fieldrequired">Ballon</td><td>';
158			select_balloons($_POST['ballon'], 'ballon', 0, 0);
159			print '</td></tr>';
160			?>
161
162			<tr>
163			<td>Il y'avait-il plusieurs ballons ?</td>
164			<td colspan="3"><input type="checkbox" value="1" name="grouped_flight"/> - Oui</td>
165			</tr>
166			</table>
167			</section>
168
169			<section class="form-section">
170			<h1 class="form-section-title"><?php echo $langs->trans('Lieux') ?></h1>
171			<table class="border" width="100%">
172			<?php
173
174			//place start
175			print "<tr>";
176			print '<td class="fieldrequired">Lieu de départ </td><td width="25%" >';
177			print '<input type="text" name="lieuD" class="flat" value="' . $_POST['lieuD'] . '"/>';
178			print '</td>';
179
180			//place end
181			print '<td class="fieldrequired">Lieu d\'arrivée </td><td>';
182			print '<input type="text" name="lieuA" class="flat" value="' . $_POST['lieuA'] . '"/>';
183			print '</td></tr>';
184
185			?>
186
187			</table>
188			</section>
189
190			<section class="form-section">
191			<h1 class="form-section-title"><span class="js-organisator-field">Organisateur</span><span class="js-instructor-field">Instructeur</span></h1>
192			<table class="border" width="50%">
193			<tr>
194			<td class="fieldrequired"><span class="js-organisator-field">Organisateur</span><span class="js-instructor-field">Instructeur</span></td>
195			<td>
196			<?php
197			//organisateur
198			print $html->select_dolusers($_POST["orga"] ? $_POST["orga"] : $user->id, 'orga', 0, null, 0, '', '', 0,0,0,'',0,'','', true);
199			?>
200			</td>
201			</tr>
202			</table>
203			</section>
204
205
206			<section class="form-section js-expensable-field">
207			<h1 class="form-section-title"><?php echo $langs->trans('Déplacements') ?></h1>
208			<table class="border" width="50%">
209			<!-- number of kilometers done for the flight -->
210			<tr>
211			<td class="fieldrequired">Nombre de kilometres effectués pour le vol</td>
212			<td>
213			<input type="number" name="kilometers" class="flat <?php echo($validator->hasError('kilometers') ? 'error' : '') ?>" value="<?php echo $_POST['kilometers'] ?>"/>
214			</td>
215			</tr>
216
217			<!-- Justif Kilometers -->
218			<tr>
219
220			<td width="25%" class="fieldrequired">Justificatif des KM </td>
221			<td>
222			<textarea rows="2" cols="60" class="flat <?php echo($validator->hasError('justif_kilometers') ? 'error' : '') ?>" name="justif_kilometers"><?php echo $_POST['justif_kilometers'] ?>
223			</textarea>
224			</td>
225			</tr>
226			</table>
227			</section>
228
229			<!-- Passagers -->
230			<section class="form-section">
231			<h1 class="form-section-title"><?php echo $langs->trans('Passager') ?></h1>
232			<table class="border" width="50%">
233			<tr>
234			<td class="fieldrequired"><?php echo $langs->trans('Nombre de passagers'); ?></td>
235			<td>
236			<input type="number"
237			name="nbrPax"
238			class="flat <?php echo $validator->hasError('nbrPax') ? 'error' : '' ?>"
239			value="<?php echo $_POST['nbrPax']?: 0 ?>"/>
240			</td>
241			</tr>
242
243			<!-- passenger names -->
244			<tr>
245			<td width="25%" class="fieldrequired"><?php echo $langs->trans('Noms des passagers'); ?><br/>(Séparé par des ; )</td>
246			<td>
247			<textarea name="passenger_names" cols="60" rows="2" class="flat <?php echo $validator->hasError('passenger_names') ? 'error' : '' ?>"><?php echo $_POST['passenger_names'] ?></textarea>
248			</td>
249			</tr>
250			</table>
251			</section>
252
253			<!-- billing information -->
254			<section class="form-section">
255			<h1 class="form-section-title js-billable-field"><?php echo $langs->trans('Facturation') ?></h1>
256			<table class="border" width="50%">
257
258			<!-- Order -->
259			<tr class=" js-billable-field">
260			<td class="fieldrequired"><?php echo $langs->trans('Commande du vol')?></td>
261			<td class="js-order">
262			<?php
263			echo $html->selectarray('order_id',$commande->liste_array(2),$_POST['order_id'], 1,0,0,'',0,0,0,'','minwidth200',1);
264			?>
265			</td>
266			</tr>
267
268			<!-- Money receiver -->
269			<tr class="js-hide-order js-billable-field">
270			<td class="fieldrequired"><?php echo $langs->trans('Qui a perçu l\'argent')?></td><td>
271			<?php print $html->select_dolusers($_POST["fk_receiver"] ? $_POST["fk_receiver"] : $user->id,
272			'fk_receiver', true, null, 0, '', '', 0,0,0,'',0,'','', true); ?>
273			</td>
274			</tr>
275
276			<!-- Flight cost -->
277			<tr class="js-hide-order js-billable-field">
278			<td class="fieldrequired">Montant perçu</td>
279			<td>
280			<input type="text" name="cost" class="flat <?php echo $validator->hasError('cost') ? 'error' : '' ?>" value="<?php echo $_POST['cost'] ?> "/>
281			€
282			</td>
283			</tr>
284			</table>
285			</section>
286
287			<!-- comments -->
288			<section class="form-section">
289			<h1 class="form-section-title"><?php echo $langs->trans('Commentaires') ?></h1>
290			<table class="border" width="50%">
291			<!-- commentaires -->
292			<tr class="">
293			<td class="fieldrequired"> Commentaire </td><td>
294			<textarea rows="2" cols="60" class="flat" name="comm" placeholder="RAS"><?php print $_POST['comm']; ?></textarea>
295			</td>
296			</tr>
297
298			<!-- incidents -->
299			<tr class="">
300			<td class="fieldrequired"> incidents </td><td>
301			<textarea rows="2" cols="60" class="flat" name="inci" placeholder="RAS"><?php print $_POST['inci']; ?></textarea>
302			</td>
303			</tr>
304			</table>
305			</section>
306			<?php
307
308			print '<br><input class="button" type="submit" value="' . $langs->trans("Save") . '">     ';
309			print '<input class="button" type="submit" name="cancel" value="' . $langs->trans("Cancel") . '">';
310
311			print '</form>';
312
313			$db->close();
314			?>
315
316			<script type="application/javascript">
317
318			function hideOrderInformation (){
319			var $this = $(this);
320
321			if($this.val() > -1){
322			$('input, select', '.js-hide-order').attr('disabled', 'disabled');
323			}else{
324			$('input, select', '.js-hide-order').removeAttr('disabled');
325			}
326			}
327
328			/**
329			* get the flight type object from an id.
330			*/
331			function getFlightType(flightTypeId){
332			var types = {
333			1:{
334			'billable' : 1,
335			'expensable' : 1,
336			'id' : 1
337			},
338			2:{
339			'billable' : 1,
340			'expensable' : 1,
341			'id' : 2
342			},
343			3:{
344			'billable' : 0,
345			'expensable' : 0,
346			'id' : 3
347			},
348			4:{
349			'billable' : 0,
350			'expensable' : 0,
351			'id' : 4
352			},
353			5:{
354			'billable' : 0,
355			'expensable' : 0,
356			'id' : 5
357			},
358			6:{
359			'billable' : 0,
360			'expensable' : 0,
361			'id' : 6
362			},
363			7:{
364			'billable' : 0,
365			'expensable' : 0,
366			'id' : 7
367			}
368			};
369
370			var flightTypeNull = {
371			'billable' : 0,
372			'expensable' : 0,
373			'id' : 0
374			};
375
376			return typeof types[flightTypeId] === 'undefined' ? flightTypeNull : types[flightTypeId];
377			}
378
379			function flightTypeChanged(){
380			var $this = $(this);
381			var typeId = $this.val();
382			var flightType = getFlightType(typeId);
383
384			if(flightType.billable === 1){
385			$('.js-form .js-billable-field').removeClass('hidden');
386			}else{
387			$('.js-form .js-billable-field').addClass('hidden');
388			}
389
390			if(flightType.expensable === 1){
391			$('.js-form .js-expensable-field').removeClass('hidden');
392			}else{
393			$('.js-form .js-expensable-field').addClass('hidden');
394			}
395
396			if(flightType.id === 6){
397			//instruction flight
398			$('.js-form .js-instructor-field').removeClass('hidden');
399			$('.js-form .js-organisator-field').addClass('hidden');
400			}else{
401			$('.js-form .js-instructor-field').addClass('hidden');
402			$('.js-form .js-organisator-field').removeClass('hidden');
403			}
404
405			}
406
407			$(function(){
408			$('.js-order select').on('change', hideOrderInformation);
409			$('.js-order select').each(hideOrderInformation);
410
411			$('.js-flight-type').on('change', flightTypeChanged);
412			$('.js-flight-type').each(flightTypeChanged);
413			});
414			</script>
415

laudeco / bbc-dolibarr-flightlog

Issues (188)

Security Analysis not enabled

addFlight.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like