dolibarr  20.0.0-beta
webportal.main.inc.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2023-2024 Laurent Destailleur <eldy@users.sourceforge.net>
3  * Copyright (C) 2023-2024 Lionel Vessiller <lvessiller@easya.solutions>
4  * Copyright (C) 2024 Frédéric France <frederic.france@free.fr>
5  * Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
6  *
7  * This program is free software: you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation, either version 3 of the License, or
10  * (at your option) any later version.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program. If not, see <https://www.gnu.org/licenses/>.
19  */
20 
27 if (!defined('WEBPORTAL')) {
28  define('WEBPORTAL', 1);
29 }
30 if (!defined('NOLOGIN')) {
31  define('NOLOGIN', 1);
32 }
33 if (!defined('NOREQUIREUSER')) {
34  define('NOREQUIREUSER', 1);
35 }
36 if (!defined('NOREQUIREMENU')) {
37  define('NOREQUIREMENU', 1);
38 }
39 if (!defined('NOREQUIRESOC')) {
40  define('NOREQUIRESOC', 1);
41 }
42 if (!defined('EVEN_IF_ONLY_LOGIN_ALLOWED')) {
43  define('EVEN_IF_ONLY_LOGIN_ALLOWED', 1);
44 }
45 if (!defined('NOIPCHECK')) {
46  define('NOIPCHECK', 1);
47 }
48 
49 
50 if (!function_exists('dol_getprefix')) {
60  function dol_getprefix($mode = '')
61  {
62  global $dolibarr_main_instance_unique_id,
63  $dolibarr_main_cookie_cryptkey; // This is loaded by filefunc.inc.php
64 
65  $tmp_instance_unique_id = empty($dolibarr_main_instance_unique_id) ?
66  (empty($dolibarr_main_cookie_cryptkey) ? '' :
67  $dolibarr_main_cookie_cryptkey) : $dolibarr_main_instance_unique_id;
68  // Unique id of instance
69 
70  // The recommended value (may be not defined for old versions)
71  if (!empty($tmp_instance_unique_id)) {
72  return sha1('webportal' . $tmp_instance_unique_id);
73  } else {
74  return sha1('webportal' . $_SERVER['SERVER_NAME'].$_SERVER['DOCUMENT_ROOT'].DOL_DOCUMENT_ROOT);
75  }
76  }
77 }
78 
79 
80 include '../../main.inc.php';
81 
82 require_once DOL_DOCUMENT_ROOT . '/user/class/user.class.php';
83 require_once DOL_DOCUMENT_ROOT . '/societe/class/societeaccount.class.php';
84 require_once DOL_DOCUMENT_ROOT . '/public/webportal/lib/webportal.lib.php';
85 require_once DOL_DOCUMENT_ROOT . '/webportal/class/context.class.php';
86 require_once DOL_DOCUMENT_ROOT . '/webportal/class/webportalmember.class.php';
87 require_once DOL_DOCUMENT_ROOT . '/webportal/class/webportalpartnership.class.php';
88 
89 // Init session. Name of session is specific to WEBPORTAL instance.
90 // Must be done after the include of filefunc.inc.php so global variables of conf file are defined (like $dolibarr_main_instance_unique_id or $dolibarr_main_force_https).
91 // Note: the function dol_getprefix is defined into functions.lib.php but may have been defined to return a different key to manage another area to protect.
92 $prefix = dol_getprefix('');
93 $sessionname = 'WEBPORTAL_SESSID_' . $prefix;
94 $sessiontimeout = 'WEBPORTAL_SESSTIMEOUT_' . $prefix;
95 if (!empty($_COOKIE[$sessiontimeout]) && session_status() === PHP_SESSION_NONE) {
96  ini_set('session.gc_maxlifetime', $_COOKIE[$sessiontimeout]);
97 }
98 
99 $context = Context::getInstance();
100 
101 
102 $hookmanager->initHooks(array('main'));
103 
104 $logged_user = new User($db);
105 $anti_spam_session_key = 'dol_antispam_value';
106 
107 if (!defined('NOREQUIREDB') && empty($conf->webportal->enabled)) {
108  accessforbidden('Module not activated');
109 }
110 
111 if (!defined('WEBPORTAL_NOREQUIRETRAN') || (!defined('WEBPORTAL_NOLOGIN') && !empty($context->controllerInstance->accessNeedLoggedUser))) {
112  if (!is_object($langs)) { // This can occurs when calling page with NOREQUIRETRAN defined, however we need langs for error messages.
113  include_once DOL_DOCUMENT_ROOT . '/core/class/translate.class.php';
114  $langs = new Translate("", $conf);
115  $langcode = (GETPOST('lang', 'aZ09', 1) ? GETPOST('lang', 'aZ09', 1) : (empty($logged_user->conf->MAIN_LANG_DEFAULT) ? (!getDolGlobalString('MAIN_LANG_DEFAULT') ? 'auto' : $conf->global->MAIN_LANG_DEFAULT) : $logged_user->conf->MAIN_LANG_DEFAULT));
116  if (defined('MAIN_LANG_DEFAULT')) {
117  $langcode = constant('MAIN_LANG_DEFAULT');
118  }
119  $langs->setDefaultLang($langcode);
120  }
121  $langs->loadLangs(array('website', 'main'));
122 }
123 
124 /*
125  * Phase authentication / login
126  */
127 if (!defined('WEBPORTAL_NOLOGIN') && !empty($context->controllerInstance->accessNeedLoggedUser)) {
128  $admin_error_messages = array();
129  $webportal_logged_thirdparty_account_id = isset($_SESSION["webportal_logged_thirdparty_account_id"]) && $_SESSION["webportal_logged_thirdparty_account_id"] > 0 ? $_SESSION["webportal_logged_thirdparty_account_id"] : 0;
130  if (empty($webportal_logged_thirdparty_account_id)) {
131  // It is not already authenticated and it requests the login / password
132  $langs->loadLangs(array("other", "help", "admin"));
133 
134  $error = 0;
135  $action = GETPOST('action_login', 'alphanohtml');
136 
137  if ($action == 'login') {
138  $login = GETPOST('login', 'alphanohtml');
139  $password = GETPOST('password', 'none');
140  // $security_code = GETPOST('security_code', 'alphanohtml');
141 
142  if (empty($login)) {
143  $context->setEventMessage($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Login")), 'errors');
144  $focus_element = 'login';
145  $error++;
146  }
147  if (empty($password)) {
148  $context->setEventMessage($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Password")), 'errors');
149  if (empty($focus_element)) {
150  $focus_element = 'password';
151  }
152  $error++;
153  }
154  // check security graphic code
155  //if (!$error && (array_key_exists($anti_spam_session_key, $_SESSION) === false ||
156  // (strtolower($_SESSION[$anti_spam_session_key]) !== strtolower($security_code)))
157  //) {
158  // $context->setEventMessage($langs->trans("ErrorBadValueForCode"), 'errors');
159  // if (empty($focus_element)) $focus_element = 'security_code';
160  // $error++;
161  //}
162 
163  if (!$error) {
164  // fetch third-party account from login and account type
165  $thirdparty_account_id = $context->getThirdPartyAccountFromLogin($login, $password);
166  if ($thirdparty_account_id <= 0) {
167  $error++;
168  dol_syslog($langs->transnoentitiesnoconv('WebPortalErrorFetchThirdPartyAccountFromLogin', $login), LOG_WARNING);
169  $context->setEventMessage($langs->transnoentitiesnoconv('WebPortalErrorAuthentication'), 'errors');
170  } else {
171  $_SESSION["webportal_logged_thirdparty_account_id"] = $thirdparty_account_id;
172  $webportal_logged_thirdparty_account_id = $thirdparty_account_id;
173  $context->controller = 'default';
174  $context->initController();
175  }
176  }
177  }
178 
179  if (empty($webportal_logged_thirdparty_account_id)) {
180  // Set cookie for timeout management
181  if (getDolGlobalString('MAIN_SESSION_TIMEOUT')) {
182  setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", '', (empty($dolibarr_main_force_https) ? false : true), true);
183  }
184 
185  $context->controller = 'login';
186  $context->initController();
187  }
188  }
189 
190  if ($webportal_logged_thirdparty_account_id > 0) {
191  $error = 0;
192 
193  // We are already into an authenticated session
194  $websiteaccount = new SocieteAccount($db);
195  $result = $websiteaccount->fetch($webportal_logged_thirdparty_account_id);
196  if ($result <= 0) {
197  $error++;
198 
199  // Account has been removed after login
200  dol_syslog("Can't load third-party account (ID: $webportal_logged_thirdparty_account_id) even if session logged.", LOG_WARNING);
201  session_destroy();
202  session_set_cookie_params(0, '/', null, (empty($dolibarr_main_force_https) ? false : true), true); // Add tag secure and httponly on session cookie
203  session_name($sessionname);
204  session_start();
205 
206  $context->setEventMessage($langs->transnoentitiesnoconv('WebPortalErrorFetchLoggedThirdPartyAccount', $webportal_logged_thirdparty_account_id), 'errors');
207  }
208 
209  if (!$error) {
210  $user_id = getDolGlobalInt('WEBPORTAL_USER_LOGGED');
211  $result = $logged_user->fetch($user_id);
212  if ($result <= 0) {
213  $error++;
214  $error_msg = $langs->transnoentitiesnoconv('WebPortalErrorFetchLoggedUser', $user_id);
215  dol_syslog($error_msg, LOG_ERR);
216  $context->setEventMessage($error_msg, 'errors');
217  }
218 
219  if (!$error) {
220  // get third-party
221  $logged_thirdparty = $websiteaccount->thirdparty;
222  if (!$logged_thirdparty || !($logged_thirdparty->id > 0)) {
223  $result = $websiteaccount->fetch_thirdparty();
224  if ($result < 0) {
225  $error_msg = $langs->transnoentitiesnoconv('WebPortalErrorFetchLoggedThirdParty', $websiteaccount->fk_soc);
226  //dol_syslog("Can't load third-party (ID: ".$websiteaccount->fk_soc.") even if session logged.", LOG_ERR);
227  dol_syslog($error_msg, LOG_ERR);
228  $context->setEventMessage($error_msg, 'errors');
229  $error++;
230  }
231  }
232 
233  if (!$error) {
234  $logged_thirdparty = $websiteaccount->thirdparty;
235 
236  // get member
237  $logged_member = new WebPortalMember($db);
238  $result = $logged_member->fetch(0, '', $websiteaccount->thirdparty->id);
239  if ($result < 0) {
240  $error++;
241  $error_msg = $langs->transnoentitiesnoconv('WebPortalErrorFetchLoggedMember', $websiteaccount->thirdparty->id);
242  dol_syslog($error_msg, LOG_ERR);
243  $context->setEventMessage($error_msg, 'errors');
244  }
245 
246  if (!$error) {
247  // get partnership
248  $logged_partnership = new WebPortalPartnership($db);
249  // @phan-suppress-next-line PhanPluginSuspiciousParamPosition
250  $result = $logged_partnership->fetch(0, '', $logged_member->id, $websiteaccount->thirdparty->id);
251  if ($result < 0) {
252  $error++;
253  $error_msg = $langs->transnoentitiesnoconv('WebPortalErrorFetchLoggedPartnership', $websiteaccount->thirdparty->id, $logged_member->id);
254  dol_syslog($error_msg, LOG_ERR);
255  $context->setEventMessage($error_msg, 'errors');
256  }
257  }
258 
259  if (!$error) {
260  if ($logged_thirdparty->default_lang != $langs->defaultlang && !defined('WEBPORTAL_NOREQUIRETRAN')) {
261  if (!is_object($langs)) { // This can occurs when calling page with NOREQUIRETRAN defined, however we need langs for error messages.
262  include_once DOL_DOCUMENT_ROOT . '/core/class/translate.class.php';
263  $langs = new Translate("", $conf);
264  $langs->setDefaultLang($logged_thirdparty->default_lang);
265  }
266  $langs->loadLangs(array('website', 'main'));
267  }
268 
269  $context->logged_user = $logged_user;
270  $context->logged_thirdparty = $logged_thirdparty;
271  $context->logged_member = $logged_member;
272  $context->logged_partnership = $logged_partnership;
273  }
274  }
275  }
276  }
277  }
278 }
Context\getInstance
static getInstance()
Singleton method to create one instance of this object.
Definition: context.class.php:197
SocieteAccount
Class for SocieteAccount.
Definition: societeaccount.class.php:38
Translate
Class to manage translations.
Definition: translate.class.php:32
User
Class to manage Dolibarr users.
Definition: user.class.php:50
WebPortalMember
Class for WebPortalMember.
Definition: webportalmember.class.php:34
WebPortalPartnership
Class for WebPortalPartnership.
Definition: webportalpartnership.class.php:34
getDolGlobalInt
getDolGlobalInt($key, $default=0)
Return a Dolibarr global constant int value.
Definition: functions.lib.php:223
GETPOST
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
Definition: functions.lib.php:745
getDolGlobalString
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
Definition: functions.lib.php:208
dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition: functions.lib.php:2085
conf
conf($dolibarr_main_document_root)
Load conf file (file must exists)
Definition: inc.php:419
accessforbidden
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.
Definition: security.lib.php:1204
Generated on Sat Jun 1 2024 01:01:21 for dolibarr by Doxygen 1.9.1