dc/d2e/fileserver_8php_source.html

 <?php

 /* Copyright (C) 2018 Destailleur Laurent <eldy@users.sourceforge.net>

  * Copyright (C) 2019 Regis Houssin   <regis.houssin@inodbox.com>

  * Copyright (C) 2024   MDW             <mdeweerd@users.noreply.github.com>

  *

  * This program is free software; you can redistribute it and/or modify

  * it under the terms of the GNU General Public License as published by

  * the Free Software Foundation; either version 3 of the License, or

  * (at your option) any later version.

  *

  * This program is distributed in the hope that it will be useful,

  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  * GNU General Public License for more details.

  *

  * You should have received a copy of the GNU General Public License

  * along with this program. If not, see <https://www.gnu.org/licenses/>.

  *

  * You can test with the WebDav client cadaver:

  * cadaver http://myurl/dav/fileserver.php

  */


 if (!defined('NOTOKENRENEWAL')) {

   define('NOTOKENRENEWAL', '1');

 }

 if (!defined('NOREQUIREMENU')) {

   define('NOREQUIREMENU', '1'); // If there is no menu to show

 }

 if (!defined('NOREQUIREHTML')) {

   define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php

 }

 if (!defined('NOREQUIREAJAX')) {

   define('NOREQUIREAJAX', '1');

 }

 if (!defined('NOLOGIN')) {

   define("NOLOGIN", 1); // This means this output page does not require to be logged.

 }

 if (!defined('NOCSRFCHECK')) {

   define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.

 }


 require "../main.inc.php";

 require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';

 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';

 require_once DOL_DOCUMENT_ROOT.'/dav/dav.class.php';

 require_once DOL_DOCUMENT_ROOT.'/dav/dav.lib.php';


 require_once DOL_DOCUMENT_ROOT.'/includes/sabre/autoload.php';

 //require_once DOL_DOCUMENT_ROOT.'/includes/autoload.php';


 $user = new User($db);

 if (isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_USER'] != '') {

   $user->fetch('', $_SERVER['PHP_AUTH_USER']);

   $user->getrights();

 }


 // Load translation files required by the page

 $langs->loadLangs(array("main", "other"));


 if (empty($conf->dav->enabled)) {

   accessforbidden();

 }


 // Restrict API to some IPs

 if (getDolGlobalString('DAV_RESTRICT_ON_IP')) {

   $allowedip = explode(' ', getDolGlobalString('DAV_RESTRICT_ON_IP'));

   $ipremote = getUserRemoteIP();

   if (!in_array($ipremote, $allowedip)) {

     dol_syslog('Remote ip is '.$ipremote.', not into list ' . getDolGlobalString('DAV_RESTRICT_ON_IP'));

     print 'DAV not allowed from the IP '.$ipremote;

     header('HTTP/1.1 503 DAV not allowed from your IP '.$ipremote);

     exit(0);

   }

 }


 $entity = (GETPOSTINT('entity') ? GETPOSTINT('entity') : (!empty($conf->entity) ? $conf->entity : 1));


 // settings

 $publicDir = $conf->dav->multidir_output[$entity].'/public';

 $privateDir = $conf->dav->multidir_output[$entity].'/private';

 $ecmDir = $conf->ecm->multidir_output[$entity];

 $tmpDir = $conf->dav->multidir_output[$entity]; // We need root dir, not a dir that can be deleted

 //var_dump($tmpDir);mkdir($tmpDir);exit;


 // Authentication callback function

 $authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(

   static function ($username, $password) {

     global $user, $conf;

     global $dolibarr_main_authentication, $dolibarr_auto_user;


     if (empty($user->login)) {

       dol_syslog("Failed to authenticate to DAV, login is not provided", LOG_WARNING);

       return false;

     }

     if ($user->socid > 0) {

       dol_syslog("Failed to authenticate to DAV, user is an external user", LOG_WARNING);

       return false;

     }

     if ($user->login != $username) {

       dol_syslog("Failed to authenticate to DAV, login does not match the login of loaded user", LOG_WARNING);

       return false;

     }


     // Authentication mode

     if (empty($dolibarr_main_authentication)) {

       $dolibarr_main_authentication = 'dolibarr';

     }


     // Authentication mode: forceuser

     if ($dolibarr_main_authentication == 'forceuser') {

       if (empty($dolibarr_auto_user)) {

         $dolibarr_auto_user = 'auto';

       }

       if ($dolibarr_auto_user != $username) {

         dol_syslog("Warning: your instance is set to use the automatic forced login '".$dolibarr_auto_user."' that is not the requested login. DAV usage is forbidden in this mode.");

         return false;

       }

     }


     $authmode = explode(',', $dolibarr_main_authentication);

     $entity = (GETPOSTINT('entity') ? GETPOSTINT('entity') : (!empty($conf->entity) ? $conf->entity : 1));


     if (checkLoginPassEntity($username, $password, $entity, $authmode, 'dav') != $username) {

       return false;

     }


     // Check if user status is enabled

     if ($user->statut != $user::STATUS_ENABLED) {

       // Status is disabled

       dol_syslog("The user has been disabled.");

       return false;

     }


     // Check if session was unvalidated by a password change

     if (($user->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION["dol_logindate"])) {

       // Session is no more valid

       dol_syslog("The user has a date for session invalidation = ".$user->flagdelsessionsbefore." and a session date = ".$_SESSION["dol_logindate"].". We must invalidate its sessions.");

       return false;

     }


     // Check date validity

     if ($user->isNotIntoValidityDateRange()) {

       // User validity dates are no more valid

       dol_syslog("The user login has a validity between [".$user->datestartvalidity." and ".$user->dateendvalidity."], current date is ".dol_now());

       return false;

     }


     return true;

   }

 );


 $authBackend->setRealm(constant('DOL_APPLICATION_TITLE').' - WebDAV');


 /*

  * Actions and View

  */


 // Create the root node

 // Setting up the directory tree //

 $nodes = array();


 // Enable directories and features according to DAV setup

 // Public dir

 if (getDolGlobalString('DAV_ALLOW_PUBLIC_DIR')) {

   $nodes[] = new \Sabre\DAV\FS\Directory($publicDir);

 }

 // Private dir

 $nodes[] = new \Sabre\DAV\FS\Directory($privateDir);

 // ECM dir

 if (isModEnabled('ecm') && getDolGlobalString('DAV_ALLOW_ECM_DIR')) {

   $nodes[] = new \Sabre\DAV\FS\Directory($ecmDir);

 }


 // Principals Backend

 //$principalBackend = new \Sabre\DAVACL\PrincipalBackend\Dolibarr($user,$db);

 // /principals

 //$nodes[] = new \Sabre\DAVACL\PrincipalCollection($principalBackend);

 // CardDav & CalDav Backend

 //$carddavBackend   = new \Sabre\CardDAV\Backend\Dolibarr($user,$db,$langs);

 //$caldavBackend    = new \Sabre\CalDAV\Backend\Dolibarr($user,$db,$langs, $cdavLib);

 // /addressbook

 //$nodes[] = new \Sabre\CardDAV\AddressBookRoot($principalBackend, $carddavBackend);

 // /calendars

 //$nodes[] = new \Sabre\CalDAV\CalendarRoot($principalBackend, $caldavBackend);


 // The rootnode needs in turn to be passed to the server class

 $server = new \Sabre\DAV\Server($nodes);


 // If you want to run the SabreDAV server in a custom location (using mod_rewrite for instance)

 // You can override the baseUri here.

 $baseUri = DOL_URL_ROOT.'/dav/fileserver.php/';

 if (isset($baseUri)) {

   $server->setBaseUri($baseUri);

 }


 // Add authentication function

 if ((!getDolGlobalString('DAV_ALLOW_PUBLIC_DIR')

   || !preg_match('/'.preg_quote(DOL_URL_ROOT.'/dav/fileserver.php/public', '/').'/', $_SERVER["PHP_SELF"]))

   && !preg_match('/^sabreAction=asset&assetName=[a-zA-Z0-9%\-\/]+\.(png|css|woff|ico|ttf)$/', $_SERVER["QUERY_STRING"]) // URL for Sabre browser resources

 ) {

   //var_dump($_SERVER["QUERY_STRING"]);exit;

   $server->addPlugin(new \Sabre\DAV\Auth\Plugin($authBackend));

 }

 // Support for LOCK and UNLOCK

 $lockBackend = new \Sabre\DAV\Locks\Backend\File($tmpDir.'/.locksdb');

 $lockPlugin = new \Sabre\DAV\Locks\Plugin($lockBackend);

 $server->addPlugin($lockPlugin);


 // Support for the html browser

 if (!getDolGlobalString('DAV_DISABLE_BROWSER')) {

   $browser = new \Sabre\DAV\Browser\Plugin();

   $server->addPlugin($browser);

 }


 // Automatically guess (some) contenttypes, based on extension

 //$server->addPlugin(new \Sabre\DAV\Browser\GuessContentType());


 //$server->addPlugin(new \Sabre\CardDAV\Plugin());

 //$server->addPlugin(new \Sabre\CalDAV\Plugin());

 //$server->addPlugin(new \Sabre\DAVACL\Plugin());


 // Temporary file filter

 /*$tempFF = new \Sabre\DAV\TemporaryFileFilterPlugin($tmpDir);

 $server->addPlugin($tempFF);

 */


 // And off we go!

 $server->start();


 if (is_object($db)) {

   $db->close();

 }

User
Class to manage Dolibarr users.
Definition: user.class.php:50

GETPOSTINT
GETPOSTINT($paramname, $method=0)
Return the value of a $_GET or $_POST supervariable, converted into integer.
Definition: functions.lib.php:1068

dol_now
dol_now($mode='auto')
Return date for now.
Definition: functions.lib.php:3571

getDolGlobalString
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
Definition: functions.lib.php:208

getUserRemoteIP
getUserRemoteIP()
Return the IP of remote user.
Definition: functions.lib.php:4322

isModEnabled
isModEnabled($module)
Is Dolibarr module enabled.
Definition: functions.lib.php:305

dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition: functions.lib.php:2085

if
if(!defined( 'CSRFCHECK_WITH_TOKEN'))
Definition: journals_list.php:26

checkLoginPassEntity
checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode, $context='')
Return a login if login/pass was successful.
Definition: security2.lib.php:58

accessforbidden
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.
Definition: security.lib.php:1204