dolibarr  20.0.0-beta
server_other.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2006-2016 Laurent Destailleur <eldy@users.sourceforge.net>
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 3 of the License, or
7  * (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program. If not, see <https://www.gnu.org/licenses/>.
16  */
17 
23 if (!defined('NOCSRFCHECK')) {
24  define('NOCSRFCHECK', '1'); // Do not check anti CSRF attack test
25 }
26 if (!defined('NOTOKENRENEWAL')) {
27  define('NOTOKENRENEWAL', '1'); // Do not check anti POST attack test
28 }
29 if (!defined('NOREQUIREMENU')) {
30  define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu
31 }
32 if (!defined('NOREQUIREHTML')) {
33  define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
34 }
35 if (!defined('NOREQUIREAJAX')) {
36  define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library
37 }
38 if (!defined("NOLOGIN")) {
39  define("NOLOGIN", '1'); // If this page is public (can be called outside logged session)
40 }
41 if (!defined("NOSESSION")) {
42  define("NOSESSION", '1');
43 }
44 
45 require '../main.inc.php';
46 require_once NUSOAP_PATH.'/nusoap.php'; // Include SOAP
47 require_once DOL_DOCUMENT_ROOT.'/core/lib/ws.lib.php';
48 require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
49 require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
50 require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
51 
52 
53 dol_syslog("Call Dolibarr webservices interfaces");
54 
55 $langs->load("main");
56 
57 // Enable and test if module web services is enabled
58 if (!getDolGlobalString('MAIN_MODULE_WEBSERVICES')) {
59  $langs->load("admin");
60  dol_syslog("Call Dolibarr webservices interfaces with module webservices disabled");
61  print $langs->trans("WarningModuleNotActive", 'WebServices').'.<br><br>';
62  print $langs->trans("ToActivateModule");
63  exit;
64 }
65 
66 // Create the soap Object
67 $server = new nusoap_server();
68 $server->soap_defencoding = 'UTF-8';
69 $server->decode_utf8 = false;
70 $ns = 'http://www.dolibarr.org/ns/';
71 $server->configureWSDL('WebServicesDolibarrOther', $ns);
72 $server->wsdl->schemaTargetNamespace = $ns;
73 
74 
75 // Define WSDL Authentication object
76 $server->wsdl->addComplexType(
77  'authentication',
78  'complexType',
79  'struct',
80  'all',
81  '',
82  array(
83  'dolibarrkey' => array('name'=>'dolibarrkey', 'type'=>'xsd:string'),
84  'sourceapplication' => array('name'=>'sourceapplication', 'type'=>'xsd:string'),
85  'login' => array('name'=>'login', 'type'=>'xsd:string'),
86  'password' => array('name'=>'password', 'type'=>'xsd:string'),
87  'entity' => array('name'=>'entity', 'type'=>'xsd:string'),
88  )
89 );
90 // Define WSDL Return object
91 $server->wsdl->addComplexType(
92  'result',
93  'complexType',
94  'struct',
95  'all',
96  '',
97  array(
98  'result_code' => array('name'=>'result_code', 'type'=>'xsd:string'),
99  'result_label' => array('name'=>'result_label', 'type'=>'xsd:string'),
100  )
101 );
102 
103 // Define WSDL Return object for document
104 $server->wsdl->addComplexType(
105  'document',
106  'complexType',
107  'struct',
108  'all',
109  '',
110  array(
111  'filename' => array('name'=>'filename', 'type'=>'xsd:string'),
112  'mimetype' => array('name'=>'mimetype', 'type'=>'xsd:string'),
113  'content' => array('name'=>'content', 'type'=>'xsd:string'),
114  'length' => array('name'=>'length', 'type'=>'xsd:string')
115  )
116 );
117 
118 // Define other specific objects
119 // None
120 
121 
122 // 5 styles: RPC/encoded, RPC/literal, Document/encoded (not WS-I compliant), Document/literal, Document/literal wrapped
123 // Style merely dictates how to translate a WSDL binding to a SOAP message. Nothing more. You can use either style with any programming model.
124 // http://www.ibm.com/developerworks/webservices/library/ws-whichwsdl/
125 $styledoc = 'rpc'; // rpc/document (document is an extend into SOAP 1.0 to support unstructured messages)
126 $styleuse = 'encoded'; // encoded/literal/literal wrapped
127 // Better choice is document/literal wrapped but literal wrapped not supported by nusoap.
128 
129 // Register WSDL
130 $server->register(
131  'getVersions',
132  // Entry values
133  array('authentication'=>'tns:authentication'),
134  // Exit values
135  array('result'=>'tns:result', 'dolibarr'=>'xsd:string', 'os'=>'xsd:string', 'php'=>'xsd:string', 'webserver'=>'xsd:string'),
136  $ns,
137  $ns.'#getVersions',
138  $styledoc,
139  $styleuse,
140  'WS to get Versions'
141 );
142 
143 // Register WSDL
144 $server->register(
145  'getDocument',
146  // Entry values
147  array('authentication'=>'tns:authentication', 'modulepart'=>'xsd:string', 'file'=>'xsd:string'),
148  // Exit values
149  array('result'=>'tns:result', 'document'=>'tns:document'),
150  $ns,
151  $ns.'#getDocument',
152  $styledoc,
153  $styleuse,
154  'WS to get document'
155 );
156 
157 
158 
165 function getVersions($authentication)
166 {
167  global $conf;
168 
169  dol_syslog("Function: getVersions login=".$authentication['login']);
170 
171  if ($authentication['entity']) {
172  $conf->entity = $authentication['entity'];
173  }
174 
175  // Init and check authentication
176  $objectresp = array();
177  $errorcode = '';
178  $errorlabel = '';
179  $error = 0;
180  $fuser = check_authentication($authentication, $error, $errorcode, $errorlabel);
181  // Check parameters
182 
183 
184  if (!$error) {
185  $objectresp['result'] = array('result_code'=>'OK', 'result_label'=>'');
186  $objectresp['dolibarr'] = version_dolibarr();
187  $objectresp['os'] = version_os();
188  $objectresp['php'] = version_php();
189  $objectresp['webserver'] = version_webserver();
190  }
191 
192  if ($error) {
193  $objectresp = array('result'=>array('result_code' => $errorcode, 'result_label' => $errorlabel));
194  }
195 
196  return $objectresp;
197 }
198 
199 
209 function getDocument($authentication, $modulepart, $file, $refname = '')
210 {
211  global $db, $conf;
212 
213  dol_syslog("Function: getDocument login=".$authentication['login'].' - modulepart='.$modulepart.' - file='.$file);
214 
215  if ($authentication['entity']) {
216  $conf->entity = $authentication['entity'];
217  }
218 
219  $objectresp = array();
220  $errorcode = '';
221  $errorlabel = '';
222  $error = 0;
223 
224  // Properties of doc
225  $original_file = $file;
226  $type = dol_mimetype($original_file);
227  //$relativefilepath = $ref . "/";
228  //$relativepath = $relativefilepath . $ref.'.pdf';
229 
230  $accessallowed = 0;
231 
232  $fuser = check_authentication($authentication, $error, $errorcode, $errorlabel);
233 
234  if ($fuser->socid) {
235  $socid = $fuser->socid;
236  }
237 
238  // Check parameters
239  if (!$error && (!$file || !$modulepart)) {
240  $error++;
241  $errorcode = 'BAD_PARAMETERS';
242  $errorlabel = "Parameter file and modulepart must be both provided.";
243  }
244 
245  if (!$error) {
246  $fuser->getrights();
247 
248  // Suppression de la chaine de character ../ dans $original_file
249  $original_file = str_replace("../", "/", $original_file);
250 
251  // find the subdirectory name as the reference
252  if (empty($refname)) {
253  $refname = basename(dirname($original_file)."/");
254  }
255 
256  // Security check
257  $check_access = dol_check_secure_access_document($modulepart, $original_file, $conf->entity, $fuser, $refname);
258  $accessallowed = $check_access['accessallowed'];
259  $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
260  $original_file = $check_access['original_file'];
261 
262  // Basic protection (against external users only)
263  if ($fuser->socid > 0) {
264  if ($sqlprotectagainstexternals) {
265  $resql = $db->query($sqlprotectagainstexternals);
266  if ($resql) {
267  $num = $db->num_rows($resql);
268  $i = 0;
269  while ($i < $num) {
270  $obj = $db->fetch_object($resql);
271  if ($fuser->socid != $obj->fk_soc) {
272  $accessallowed = 0;
273  break;
274  }
275  $i++;
276  }
277  }
278  }
279  }
280 
281  // Security:
282  // Limit access si droits non corrects
283  if (!$accessallowed) {
284  $errorcode = 'NOT_PERMITTED';
285  $errorlabel = 'Access not allowed';
286  $error++;
287  }
288 
289  // Security:
290  // On interdit les remontees de repertoire ainsi que les pipe dans
291  // les noms de fichiers.
292  if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) {
293  dol_syslog("Refused to deliver file ".$original_file);
294  $errorcode = 'REFUSED';
295  $errorlabel = '';
296  $error++;
297  }
298 
299  clearstatcache();
300 
301  if (!$error) {
302  if (file_exists($original_file)) {
303  dol_syslog("Function: getDocument $original_file content-type=$type");
304 
305  $f = fopen($original_file, 'r');
306  $content_file = fread($f, filesize($original_file));
307 
308  $objectret = array(
309  'filename' => basename($original_file),
310  'mimetype' => dol_mimetype($original_file),
311  'content' => base64_encode($content_file),
312  'length' => filesize($original_file)
313  );
314 
315  // Create return object
316  $objectresp = array(
317  'result'=>array('result_code'=>'OK', 'result_label'=>''),
318  'document'=>$objectret
319  );
320  } else {
321  dol_syslog("File doesn't exist ".$original_file);
322  $errorcode = 'NOT_FOUND';
323  $errorlabel = '';
324  $error++;
325  }
326  }
327  }
328 
329  if ($error) {
330  $objectresp = array(
331  'result'=>array('result_code' => $errorcode, 'result_label' => $errorlabel)
332  );
333  }
334 
335  return $objectresp;
336 }
337 
338 // Return the results.
339 $server->service(file_get_contents("php://input"));
dol_check_secure_access_document
dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser=null, $refname='', $mode='read')
Security check when accessing to a document (used by document.php, viewimage.php and webservices to g...
Definition: files.lib.php:2725
version_webserver
version_webserver()
Return web server version.
Definition: functions2.lib.php:1880
version_dolibarr
version_dolibarr()
Return Dolibarr version.
Definition: functions2.lib.php:1870
version_php
version_php()
Return PHP version.
Definition: functions2.lib.php:1845
version_os
version_os($option='')
Return OS version.
Definition: functions2.lib.php:1829
dol_mimetype
dol_mimetype($file, $default='application/octet-stream', $mode=0)
Return MIME type of a file from its name with extension.
Definition: functions.lib.php:11470
getDolGlobalString
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
Definition: functions.lib.php:208
dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition: functions.lib.php:2085
getDocument
getDocument($authentication, $modulepart, $file, $refname='')
Method to get a document by webservice.
Definition: server_other.php:209
getVersions
getVersions($authentication)
Full methods code.
Definition: server_other.php:165
check_authentication
check_authentication($authentication, &$error, &$errorcode, &$errorlabel)
Check authentication array and set error, errorcode, errorlabel.
Definition: ws.lib.php:36
Generated on Sat Jun 1 2024 01:01:26 for dolibarr by Doxygen 1.9.1