41 if (is_numeric($key) && $key ==
'1') {
42 $output_tab = array();
44 for ($i = 0; $i < $strlength; $i++) {
45 $output_tab[$i] = chr(ord(substr($chain, $i, 1)) + 17);
47 $chain = implode(
"", $output_tab);
51 for ($i = 0; $i < $strlength; $i++) {
52 $keychar = substr($key, ($i % strlen($key)) - 1, 1);
53 $result .= chr(ord(substr($chain, $i, 1)) + (ord($keychar) - 65));
58 return base64_encode($chain);
72 $chain = base64_decode($chain);
74 if (is_numeric($key) && $key ==
'1') {
75 $output_tab = array();
77 for ($i = 0; $i < $strlength; $i++) {
78 $output_tab[$i] = chr(ord(substr($chain, $i, 1)) - 17);
81 $chain = implode(
"", $output_tab);
85 for ($i = 0; $i < $strlength; $i++) {
86 $keychar = substr($key, ($i % strlen($key)) - 1, 1);
87 $result .= chr(ord(substr($chain, $i, 1)) - (ord($keychar) - 65));
103 if (function_exists(
'random_bytes')) {
104 return bin2hex(random_bytes((
int) floor($length / 2)));
107 return bin2hex(openssl_random_pseudo_bytes((
int) floor($length / 2)));
123 function dolEncrypt($chain, $key =
'', $ciphering =
'AES-256-CTR', $forceseed =
'')
126 global $dolibarr_disable_dolcrypt_for_debug;
128 if ($chain ===
'' || is_null($chain)) {
133 if (preg_match(
'/^dolcrypt:([^:]+):(.+)$/', $chain, $reg)) {
139 $key = $conf->file->instance_unique_id;
141 if (empty($ciphering)) {
142 $ciphering =
'AES-256-CTR';
147 if (function_exists(
'openssl_encrypt') && empty($dolibarr_disable_dolcrypt_for_debug)) {
153 if (function_exists(
'openssl_cipher_iv_length')) {
154 $ivlen = openssl_cipher_iv_length($ciphering);
156 if ($ivlen ===
false || $ivlen < 1 || $ivlen > 32) {
159 if (empty($forceseed)) {
162 $ivseed =
dol_substr(md5($forceseed), 0, $ivlen,
'ascii', 1);
165 $newchain = openssl_encrypt($chain, $ciphering, $key, 0, $ivseed);
166 return 'dolcrypt:'.$ciphering.
':'.$ivseed.
':'.$newchain;
186 if ($chain ===
'' || is_null($chain)) {
191 if (!empty($conf->file->dolcrypt_key)) {
193 $key = $conf->file->dolcrypt_key;
196 $key = $conf->file->instance_unique_id;
202 if (preg_match(
'/^dolcrypt:([^:]+):(.+)$/', $chain, $reg)) {
203 $ciphering = $reg[1];
204 if (function_exists(
'openssl_decrypt')) {
206 dol_syslog(
"Error dolDecrypt decrypt key is empty", LOG_WARNING);
209 $tmpexplode = explode(
':', $reg[2]);
210 if (!empty($tmpexplode[1]) && is_string($tmpexplode[0])) {
211 $newchain = openssl_decrypt($tmpexplode[1], $ciphering, $key, 0, $tmpexplode[0]);
213 $newchain = openssl_decrypt((
string) $tmpexplode[0], $ciphering, $key, 0,
'');
216 dol_syslog(
"Error dolDecrypt openssl_decrypt is not available", LOG_ERR);
237 function dol_hash($chain, $type =
'0', $nosalt = 0)
240 if (($type ==
'0' || $type ==
'auto') &&
getDolGlobalString(
'MAIN_SECURITY_HASH_ALGO') &&
getDolGlobalString(
'MAIN_SECURITY_HASH_ALGO') ==
'password_hash' && function_exists(
'password_hash')) {
241 return password_hash($chain, PASSWORD_DEFAULT);
245 if (
getDolGlobalString(
'MAIN_SECURITY_SALT') && $type !=
'4' && $type !==
'openldap' && empty($nosalt)) {
249 if ($type ==
'1' || $type ==
'sha1') {
251 } elseif ($type ==
'2' || $type ==
'sha1md5') {
252 return sha1(md5($chain));
253 } elseif ($type ==
'3' || $type ==
'md5') {
255 } elseif ($type ==
'4' || $type ==
'openldap') {
257 } elseif ($type ==
'5' || $type ==
'sha256') {
258 return hash(
'sha256', $chain);
259 } elseif ($type ==
'6' || $type ==
'password_hash') {
260 return password_hash($chain, PASSWORD_DEFAULT);
264 return sha1(md5($chain));
286 if (! empty($hash[0]) && $hash[0] ==
'$') {
287 return password_verify($chain, $hash);
297 return dol_hash($chain, $type) == $hash;
313 $salt = substr(sha1((
string) time()), 0, 8);
315 if ($type ===
'md5') {
316 return '{MD5}' . base64_encode(hash(
"md5", $password,
true));
317 } elseif ($type ===
'md5frommd5') {
318 return '{MD5}' . base64_encode(hex2bin($password));
319 } elseif ($type ===
'smd5') {
320 return "{SMD5}" . base64_encode(hash(
"md5", $password . $salt,
true) . $salt);
321 } elseif ($type ===
'sha') {
322 return '{SHA}' . base64_encode(hash(
"sha1", $password,
true));
323 } elseif ($type ===
'ssha') {
324 return "{SSHA}" . base64_encode(hash(
"sha1", $password . $salt,
true) . $salt);
325 } elseif ($type ===
'sha256') {
326 return "{SHA256}" . base64_encode(hash(
"sha256", $password,
true));
327 } elseif ($type ===
'ssha256') {
328 return "{SSHA256}" . base64_encode(hash(
"sha256", $password . $salt,
true) . $salt);
329 } elseif ($type ===
'sha384') {
330 return "{SHA384}" . base64_encode(hash(
"sha384", $password,
true));
331 } elseif ($type ===
'ssha384') {
332 return "{SSHA384}" . base64_encode(hash(
"sha384", $password . $salt,
true) . $salt);
333 } elseif ($type ===
'sha512') {
334 return "{SHA512}" . base64_encode(hash(
"sha512", $password,
true));
335 } elseif ($type ===
'ssha512') {
336 return "{SSHA512}" . base64_encode(hash(
"sha512", $password . $salt,
true) . $salt);
337 } elseif ($type ===
'crypt') {
338 return '{CRYPT}' . crypt($password, $salt);
339 } elseif ($type ===
'clear') {
340 return '{CLEAR}' . $password;
365 function restrictedArea(
User $user, $features,
$object = 0, $tableandshare =
'', $feature2 =
'', $dbt_keyfield =
'fk_soc', $dbt_select =
'rowid', $isdraft = 0, $mode = 0)
375 if ($objectid ==
"-1") {
379 $objectid = preg_replace(
'/[^0-9\.\,]/',
'', (
string) $objectid);
388 $parentfortableentity =
'';
391 $originalfeatures = $features;
392 if ($features ==
'agenda') {
393 $tableandshare =
'actioncomm&societe';
394 $feature2 =
'myactions|allactions';
397 if ($features ==
'bank') {
398 $features =
'banque';
400 if ($features ==
'facturerec') {
401 $features =
'facture';
403 if ($features ==
'supplier_invoicerec') {
404 $features =
'fournisseur';
405 $feature2 =
'facture';
407 if ($features ==
'mo') {
410 if ($features ==
'member') {
411 $features =
'adherent';
413 if ($features ==
'subscription') {
414 $features =
'adherent';
415 $feature2 =
'cotisation';
417 if ($features ==
'website' && is_object(
$object) &&
$object->element ==
'websitepage') {
418 $parentfortableentity =
'fk_website@website';
420 if ($features ==
'project') {
421 $features =
'projet';
423 if ($features ==
'product') {
424 $features =
'produit';
426 if ($features ==
'productbatch') {
427 $features =
'produit';
429 if ($features ==
'tax') {
430 $feature2 =
'charges';
432 if ($features ==
'workstation') {
433 $feature2 =
'workstation';
435 if ($features ==
'fournisseur') {
436 $features =
'fournisseur';
437 if (is_object(
$object) &&
$object->element ==
'invoice_supplier') {
438 $feature2 =
'facture';
439 } elseif (is_object(
$object) &&
$object->element ==
'order_supplier') {
440 $feature2 =
'commande';
443 if ($features ==
'payment_sc') {
444 $tableandshare =
'paiementcharge';
445 $parentfortableentity =
'fk_charge@chargesociales';
451 $parameters = array(
'features' => $features,
'originalfeatures' => $originalfeatures,
'objectid' => $objectid,
'dbt_select' => $dbt_select,
'idtype' => $dbt_select,
'isdraft' => $isdraft);
452 if (!empty($hookmanager)) {
453 $reshook = $hookmanager->executeHooks(
'restrictedArea', $parameters);
455 if (isset($hookmanager->resArray[
'result'])) {
456 if ($hookmanager->resArray[
'result'] == 0) {
470 $featuresarray = array($features);
471 if (preg_match(
'/&/', $features)) {
472 $featuresarray = explode(
"&", $features);
473 } elseif (preg_match(
'/\|/', $features)) {
474 $featuresarray = explode(
"|", $features);
478 if (!empty($feature2)) {
479 $feature2 = explode(
"|", $feature2);
487 foreach ($featuresarray as $feature) {
488 $featureforlistofmodule = $feature;
489 if ($featureforlistofmodule ==
'produit') {
490 $featureforlistofmodule =
'product';
492 if ($featureforlistofmodule ==
'supplier_proposal') {
493 $featureforlistofmodule =
'supplierproposal';
495 if (!empty($user->socid) &&
getDolGlobalString(
'MAIN_MODULES_FOR_EXTERNAL') && !in_array($featureforlistofmodule, $listofmodules)) {
501 if ($feature ==
'societe' && (empty($feature2) || !in_array(
'contact', $feature2))) {
502 if (!$user->hasRight(
'societe',
'lire') && !$user->hasRight(
'fournisseur',
'lire')) {
506 } elseif (($feature ==
'societe' && (!empty($feature2) && in_array(
'contact', $feature2))) || $feature ==
'contact') {
507 if (!$user->hasRight(
'societe',
'contact',
'lire')) {
511 } elseif ($feature ==
'produit|service') {
512 if (!$user->hasRight(
'produit',
'lire') && !$user->hasRight(
'service',
'lire')) {
516 } elseif ($feature ==
'prelevement') {
517 if (!$user->hasRight(
'prelevement',
'bons',
'lire')) {
521 } elseif ($feature ==
'cheque') {
522 if (!$user->hasRight(
'banque',
'cheque')) {
526 } elseif ($feature ==
'projet') {
527 if (!$user->hasRight(
'projet',
'lire') && !$user->hasRight(
'projet',
'all',
'lire')) {
531 } elseif ($feature ==
'payment') {
532 if (!$user->hasRight(
'facture',
'lire')) {
536 } elseif ($feature ==
'payment_supplier') {
537 if (!$user->hasRight(
'fournisseur',
'facture',
'lire')) {
541 } elseif ($feature ==
'payment_sc') {
542 if (!$user->hasRight(
'tax',
'charges',
'lire')) {
546 } elseif (!empty($feature2)) {
548 foreach ($feature2 as $subfeature) {
549 if ($subfeature ==
'user' && $user->id == $objectid) {
552 if ($subfeature ==
'fiscalyear' && $user->hasRight(
'accounting',
'fiscalyear',
'write')) {
557 if (!empty($subfeature) && !$user->hasRight($feature, $subfeature,
'lire') && !$user->hasRight($feature, $subfeature,
'read')) {
559 } elseif (empty($subfeature) && !$user->hasRight($feature,
'lire') && !$user->hasRight($feature,
'read')) {
570 } elseif (!empty($feature) && ($feature !=
'user' && $feature !=
'usergroup')) {
571 if (!$user->hasRight($feature,
'lire')
572 && !$user->hasRight($feature,
'read')
573 && !$user->hasRight($feature,
'run')) {
581 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
597 $wemustcheckpermissionforcreate = (
GETPOST(
'sendit',
'alpha') ||
GETPOST(
'linkit',
'alpha') || in_array(
GETPOST(
'action',
'aZ09'), array(
'create',
'update',
'set',
'upload',
'add_element_resource',
'confirm_deletebank',
'confirm_delete_linked_resource')) ||
GETPOST(
'roworder',
'alpha', 2));
598 $wemustcheckpermissionfordeletedraft = ((
GETPOST(
"action",
"aZ09") ==
'confirm_delete' &&
GETPOST(
"confirm",
"aZ09") ==
'yes') ||
GETPOST(
"action",
"aZ09") ==
'delete');
600 if ($wemustcheckpermissionforcreate || $wemustcheckpermissionfordeletedraft) {
601 foreach ($featuresarray as $feature) {
602 if ($feature ==
'contact') {
603 if (!$user->hasRight(
'societe',
'contact',
'creer')) {
607 } elseif ($feature ==
'produit|service') {
608 if (!$user->hasRight(
'produit',
'creer') && !$user->hasRight(
'service',
'creer')) {
612 } elseif ($feature ==
'prelevement') {
613 if (!$user->hasRight(
'prelevement',
'bons',
'creer')) {
617 } elseif ($feature ==
'commande_fournisseur') {
618 if (!$user->hasRight(
'fournisseur',
'commande',
'creer') || !$user->hasRight(
'supplier_order',
'creer')) {
622 } elseif ($feature ==
'banque') {
623 if (!$user->hasRight(
'banque',
'modifier')) {
627 } elseif ($feature ==
'cheque') {
628 if (!$user->hasRight(
'banque',
'cheque')) {
632 } elseif ($feature ==
'import') {
633 if (!$user->hasRight(
'import',
'run')) {
637 } elseif ($feature ==
'ecm') {
638 if (!$user->hasRight(
'ecm',
'upload')) {
642 } elseif ($feature ==
'modulebuilder') {
643 if (!$user->hasRight(
'modulebuilder',
'run')) {
647 } elseif (!empty($feature2)) {
648 foreach ($feature2 as $subfeature) {
649 if ($subfeature ==
'user' && $user->id == $objectid && $user->hasRight(
'user',
'self',
'creer')) {
652 if ($subfeature ==
'user' && $user->id == $objectid && $user->hasRight(
'user',
'self',
'password')) {
655 if ($subfeature ==
'user' && $user->id != $objectid && $user->hasRight(
'user',
'user',
'password')) {
659 if (!$user->hasRight($feature, $subfeature,
'creer')
660 && !$user->hasRight($feature, $subfeature,
'write')
661 && !$user->hasRight($feature, $subfeature,
'create')) {
670 } elseif (!empty($feature)) {
672 if (!$user->hasRight($feature,
'creer')
673 && !$user->hasRight($feature,
'write')
674 && !$user->hasRight($feature,
'create')) {
682 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
686 if ($wemustcheckpermissionforcreate && !$createok) {
698 if (
GETPOST(
'action',
'aZ09') ==
'confirm_create_user' &&
GETPOST(
"confirm",
'aZ09') ==
'yes') {
699 if (!$user->hasRight(
'user',
'user',
'creer')) {
703 if (!$createuserok) {
716 if ((
GETPOST(
"action",
"aZ09") ==
'confirm_delete' &&
GETPOST(
"confirm",
"aZ09") ==
'yes') ||
GETPOST(
"action",
"aZ09") ==
'delete') {
717 foreach ($featuresarray as $feature) {
718 if ($feature ==
'bookmark') {
719 if (!$user->hasRight(
'bookmark',
'supprimer')) {
720 if ($user->id !=
$object->fk_user || !$user->hasRight(
'bookmark',
'creer')) {
724 } elseif ($feature ==
'contact') {
725 if (!$user->hasRight(
'societe',
'contact',
'supprimer')) {
728 } elseif ($feature ==
'produit|service') {
729 if (!$user->hasRight(
'produit',
'supprimer') && !$user->hasRight(
'service',
'supprimer')) {
732 } elseif ($feature ==
'commande_fournisseur') {
733 if (!$user->hasRight(
'fournisseur',
'commande',
'supprimer')) {
736 } elseif ($feature ==
'payment_supplier') {
737 if (!$user->hasRight(
'fournisseur',
'facture',
'creer')) {
740 } elseif ($feature ==
'payment') {
741 if (!$user->hasRight(
'facture',
'paiement')) {
744 } elseif ($feature ==
'payment_sc') {
745 if (!$user->hasRight(
'tax',
'charges',
'creer')) {
748 } elseif ($feature ==
'banque') {
749 if (!$user->hasRight(
'banque',
'modifier')) {
752 } elseif ($feature ==
'cheque') {
753 if (!$user->hasRight(
'banque',
'cheque')) {
756 } elseif ($feature ==
'ecm') {
757 if (!$user->hasRight(
'ecm',
'upload')) {
760 } elseif ($feature ==
'ftp') {
761 if (!$user->hasRight(
'ftp',
'write')) {
764 } elseif ($feature ==
'salaries') {
765 if (!$user->hasRight(
'salaries',
'delete')) {
768 } elseif ($feature ==
'adherent') {
769 if (!$user->hasRight(
'adherent',
'supprimer')) {
772 } elseif ($feature ==
'paymentbybanktransfer') {
773 if (!$user->hasRight(
'paymentbybanktransfer',
'create')) {
776 } elseif ($feature ==
'prelevement') {
777 if (!$user->hasRight(
'prelevement',
'bons',
'creer')) {
780 } elseif (!empty($feature2)) {
781 foreach ($feature2 as $subfeature) {
782 if (!$user->hasRight($feature, $subfeature,
'supprimer') && !$user->hasRight($feature, $subfeature,
'delete')) {
789 } elseif (!empty($feature)) {
791 if (!$user->hasRight($feature,
'supprimer')
792 && !$user->hasRight($feature,
'delete')
793 && !$user->hasRight($feature,
'run')) {
800 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
804 if (!$deleteok && !($isdraft && $createok)) {
816 if (!empty($objectid) && $objectid > 0) {
818 $params = array(
'objectid' => $objectid,
'features' => implode(
',', $featuresarray),
'features2' => $feature2);
849 function checkUserAccessToObject($user, array $featuresarray,
$object = 0, $tableandshare =
'', $feature2 =
'', $dbt_keyfield =
'', $dbt_select =
'rowid', $parenttableforentity =
'')
858 $objectid = preg_replace(
'/[^0-9\.\,]/',
'', $objectid);
865 $params = explode(
'&', $tableandshare);
866 $dbtablename = (!empty($params[0]) ? $params[0] :
'');
867 $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename);
869 foreach ($featuresarray as $feature) {
875 if ($feature ==
'societe' && !empty($feature2) && is_array($feature2) && in_array(
'contact', $feature2)) {
876 $feature =
'contact';
879 if ($feature ==
'member') {
880 $feature =
'adherent';
882 if ($feature ==
'project') {
885 if ($feature ==
'task') {
886 $feature =
'projet_task';
888 if ($feature ==
'eventorganization') {
890 $dbtablename =
'actioncomm';
892 if ($feature ==
'payment_sc' && empty($parenttableforentity)) {
894 $parenttableforentity =
'';
895 $dbtablename =
"chargesociales";
896 $feature =
"chargesociales";
897 $objectid =
$object->fk_charge;
900 $checkonentitydone = 0;
903 $check = array(
'adherent',
'banque',
'bom',
'don',
'mrp',
'user',
'usergroup',
'payment',
'payment_supplier',
'payment_sc',
'product',
'produit',
'service',
'produit|service',
'categorie',
'resource',
'expensereport',
'holiday',
'salaries',
'website',
'recruitment',
'chargesociales',
'knowledgemanagement');
904 $checksoc = array(
'societe');
905 $checkparentsoc = array(
'agenda',
'contact',
'contrat');
906 $checkproject = array(
'projet',
'project');
907 $checktask = array(
'projet_task');
908 $checkhierarchy = array(
'expensereport',
'holiday');
909 $checkuser = array(
'bookmark');
910 $nocheck = array(
'barcode',
'stock');
915 if (empty($dbtablename)) {
916 $dbtablename = $feature;
917 $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename);
921 if ($dbt_select !=
'rowid' && $dbt_select !=
'id') {
922 $objectid =
"'".$objectid.
"'";
925 if (in_array($feature, $check) && $objectid > 0) {
926 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
927 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
928 if (($feature ==
'user' || $feature ==
'usergroup') &&
isModEnabled(
'multicompany')) {
930 if ($conf->entity == 1 && $user->admin && !$user->entity) {
931 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
932 $sql .=
" AND dbt.entity IS NOT NULL";
934 $sql .=
",".MAIN_DB_PREFIX.
"usergroup_user as ug";
935 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
936 $sql .=
" AND ((ug.fk_user = dbt.rowid";
937 $sql .=
" AND ug.entity IN (".getEntity(
'usergroup').
"))";
938 $sql .=
" OR dbt.entity = 0)";
941 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
942 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
946 if ($parenttableforentity && preg_match(
'/(.*)@(.*)/', $parenttableforentity, $reg)) {
947 $sql .=
", ".MAIN_DB_PREFIX.$reg[2].
" as dbtp";
948 $sql .=
" WHERE dbt.".$reg[1].
" = dbtp.rowid AND dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
949 $sql .=
" AND dbtp.entity IN (".getEntity($sharedelement, 1).
")";
951 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
952 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
955 $checkonentitydone = 1;
957 if (in_array($feature, $checksoc) && $objectid > 0) {
959 if ($user->socid > 0) {
960 if ($user->socid != $objectid) {
963 } elseif (
isModEnabled(
"societe") && ($user->hasRight(
'societe',
'lire') && !$user->hasRight(
'societe',
'client',
'voir'))) {
965 $sql =
"SELECT COUNT(sc.fk_soc) as nb";
966 $sql .=
" FROM (".MAIN_DB_PREFIX.
"societe_commerciaux as sc";
967 $sql .=
", ".MAIN_DB_PREFIX.
"societe as s)";
968 $sql .=
" WHERE sc.fk_soc IN (".$db->sanitize($objectid, 1).
")";
969 $sql .=
" AND (sc.fk_user = ".((int) $user->id);
971 $userschilds = $user->getAllChildIds();
972 $sql .=
" OR sc.fk_user IN (".$db->sanitize(implode(
',', $userschilds)).
")";
975 $sql .=
" AND sc.fk_soc = s.rowid";
976 $sql .=
" AND s.entity IN (".getEntity($sharedelement, 1).
")";
979 $sql =
"SELECT COUNT(s.rowid) as nb";
980 $sql .=
" FROM ".MAIN_DB_PREFIX.
"societe as s";
981 $sql .=
" WHERE s.rowid IN (".$db->sanitize($objectid, 1).
")";
982 $sql .=
" AND s.entity IN (".getEntity($sharedelement, 1).
")";
985 $checkonentitydone = 1;
987 if (in_array($feature, $checkparentsoc) && $objectid > 0) {
989 if ($user->socid > 0) {
990 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
991 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
992 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
993 $sql .=
" AND dbt.fk_soc = ".((int) $user->socid);
994 } elseif (
isModEnabled(
"societe") && ($user->hasRight(
'societe',
'lire') && !$user->hasRight(
'societe',
'client',
'voir'))) {
996 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
997 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
998 $sql .=
" LEFT JOIN ".MAIN_DB_PREFIX.
"societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
999 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1000 $sql .=
" AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)";
1001 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1004 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1005 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1006 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1007 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1010 $checkonentitydone = 1;
1012 if (in_array($feature, $checkproject) && $objectid > 0) {
1013 if (
isModEnabled(
'project') && !$user->hasRight(
'projet',
'all',
'lire')) {
1014 $projectid = $objectid;
1016 include_once DOL_DOCUMENT_ROOT.
'/projet/class/project.class.php';
1017 $projectstatic =
new Project($db);
1018 $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
1020 $tmparray = explode(
',', $tmps);
1021 if (!in_array($projectid, $tmparray)) {
1025 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1026 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1027 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1028 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1030 $checkonentitydone = 1;
1032 if (in_array($feature, $checktask) && $objectid > 0) {
1033 if (
isModEnabled(
'project') && !$user->hasRight(
'projet',
'all',
'lire')) {
1034 $task =
new Task($db);
1035 $task->fetch($objectid);
1036 $projectid = $task->fk_project;
1038 include_once DOL_DOCUMENT_ROOT.
'/projet/class/project.class.php';
1039 $projectstatic =
new Project($db);
1040 $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
1042 $tmparray = explode(
',', $tmps);
1043 if (!in_array($projectid, $tmparray)) {
1047 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1048 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1049 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1050 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1053 $checkonentitydone = 1;
1057 if (!$checkonentitydone && !in_array($feature, $nocheck) && $objectid > 0) {
1059 if ($user->socid > 0) {
1060 if (empty($dbt_keyfield)) {
1061 dol_print_error(
null,
'Param dbt_keyfield is required but not defined');
1063 $sql =
"SELECT COUNT(dbt.".$dbt_keyfield.
") as nb";
1064 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1065 $sql .=
" WHERE dbt.rowid IN (".$db->sanitize($objectid, 1).
")";
1066 $sql .=
" AND dbt.".$dbt_keyfield.
" = ".((int) $user->socid);
1067 } elseif (
isModEnabled(
"societe") && !$user->hasRight(
'societe',
'client',
'voir')) {
1069 if ($feature !=
'ticket') {
1070 if (empty($dbt_keyfield)) {
1071 dol_print_error(
null,
'Param dbt_keyfield is required but not defined');
1073 $sql =
"SELECT COUNT(sc.fk_soc) as nb";
1074 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1075 $sql .=
", ".MAIN_DB_PREFIX.
"societe_commerciaux as sc";
1076 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1077 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1078 $sql .=
" AND sc.fk_soc = dbt.".$dbt_keyfield;
1079 $sql .=
" AND (sc.fk_user = ".((int) $user->id);
1081 $userschilds = $user->getAllChildIds();
1082 foreach ($userschilds as $key => $value) {
1083 $sql .=
' OR sc.fk_user = '.((int) $value);
1089 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1090 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1091 $sql .=
" LEFT JOIN ".MAIN_DB_PREFIX.
"societe_commerciaux as sc ON sc.fk_soc = dbt.".$dbt_keyfield.
" AND sc.fk_user = ".((int) $user->id);
1092 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1093 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1094 $sql .=
" AND (sc.fk_user = ".((int) $user->id).
" OR sc.fk_user IS NULL)";
1098 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1099 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1100 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1101 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1106 if ($feature ===
'agenda' && $objectid > 0) {
1108 if ($objectid > 0 && !$user->hasRight(
'agenda',
'allactions',
'read')) {
1109 require_once DOL_DOCUMENT_ROOT.
'/comm/action/class/actioncomm.class.php';
1111 $action->fetch($objectid);
1112 if ($action->authorid != $user->id && $action->userownerid != $user->id && !(array_key_exists($user->id, $action->userassigned))) {
1120 if (in_array($feature, $checkhierarchy) && is_object(
$object) && $objectid > 0) {
1121 $childids = $user->getAllChildIds(1);
1123 if ($feature ==
'holiday') {
1124 $useridtocheck =
$object->fk_user;
1125 if (!$user->hasRight(
'holiday',
'readall') && !in_array($useridtocheck, $childids) && !in_array(
$object->fk_validator, $childids)) {
1129 if ($feature ==
'expensereport') {
1130 $useridtocheck =
$object->fk_user_author;
1131 if (!$user->hasRight(
'expensereport',
'readall')) {
1132 if (!in_array($useridtocheck, $childids)) {
1141 if (in_array($feature, $checkuser) && is_object(
$object) && $objectid > 0) {
1142 $useridtocheck =
$object->fk_user;
1143 if (!empty($useridtocheck) && $useridtocheck > 0 && $useridtocheck != $user->id && empty($user->admin)) {
1149 $resql = $db->query(
$sql);
1151 $obj = $db->fetch_object($resql);
1152 if (!$obj || $obj->nb < count(explode(
',', $objectid))) {
1156 dol_syslog(
"Bad forged sql in checkUserAccessToObject", LOG_WARNING);
1180 http_response_code($http_response_code);
1182 if ($stringalreadysanitized) {
1185 print htmlentities($message);
1204 function accessforbidden($message =
'', $printheader = 1, $printfooter = 1, $showonlymessage = 0, $params =
null)
1206 global $conf, $db, $user, $langs, $hookmanager;
1209 if (!is_object($langs)) {
1210 include_once DOL_DOCUMENT_ROOT.
'/core/class/translate.class.php';
1212 $langs->setDefaultLang();
1215 $langs->loadLangs(array(
"main",
"errors"));
1217 if ($printheader && !defined(
'NOHEADERNOFOOTER')) {
1218 if (function_exists(
"llxHeader")) {
1220 } elseif (function_exists(
"llxHeaderVierge")) {
1223 print
'<div style="padding: 20px">';
1225 print
'<div class="error">';
1226 if (empty($message)) {
1227 print $langs->trans(
"ErrorForbidden");
1229 print $langs->trans($message);
1233 if (empty($showonlymessage)) {
1234 if (empty($hookmanager)) {
1235 include_once DOL_DOCUMENT_ROOT.
'/core/class/hookmanager.class.php';
1238 $hookmanager->initHooks(array(
'main'));
1241 $parameters = array(
'message' => $message,
'params' => $params);
1242 $reshook = $hookmanager->executeHooks(
'getAccessForbiddenMessage', $parameters,
$object, $action);
1243 print $hookmanager->resPrint;
1244 if (empty($reshook)) {
1245 $langs->loadLangs(array(
"errors"));
1247 print $langs->trans(
"CurrentLogin").
': <span class="error">'.$user->login.
'</span><br>';
1248 print $langs->trans(
"ErrorForbidden2", $langs->transnoentitiesnoconv(
"Home"), $langs->transnoentitiesnoconv(
"Users"));
1249 print $langs->trans(
"ErrorForbidden4");
1251 print $langs->trans(
"ErrorForbidden3");
1255 if ($printfooter && !defined(
'NOHEADERNOFOOTER') && function_exists(
"llxFooter")) {
1274 $maxphp = @ini_get(
'upload_max_filesize');
1275 if (preg_match(
'/k$/i', $maxphp)) {
1276 $maxphp = preg_replace(
'/k$/i',
'', $maxphp);
1277 $maxphp = $maxphp * 1;
1279 if (preg_match(
'/m$/i', $maxphp)) {
1280 $maxphp = preg_replace(
'/m$/i',
'', $maxphp);
1281 $maxphp = $maxphp * 1024;
1283 if (preg_match(
'/g$/i', $maxphp)) {
1284 $maxphp = preg_replace(
'/g$/i',
'', $maxphp);
1285 $maxphp = $maxphp * 1024 * 1024;
1287 if (preg_match(
'/t$/i', $maxphp)) {
1288 $maxphp = preg_replace(
'/t$/i',
'', $maxphp);
1289 $maxphp = $maxphp * 1024 * 1024 * 1024;
1291 $maxphp2 = @ini_get(
'post_max_size');
1292 if (preg_match(
'/k$/i', $maxphp2)) {
1293 $maxphp2 = preg_replace(
'/k$/i',
'', $maxphp2);
1294 $maxphp2 = $maxphp2 * 1;
1296 if (preg_match(
'/m$/i', $maxphp2)) {
1297 $maxphp2 = preg_replace(
'/m$/i',
'', $maxphp2);
1298 $maxphp2 = $maxphp2 * 1024;
1300 if (preg_match(
'/g$/i', $maxphp2)) {
1301 $maxphp2 = preg_replace(
'/g$/i',
'', $maxphp2);
1302 $maxphp2 = $maxphp2 * 1024 * 1024;
1304 if (preg_match(
'/t$/i', $maxphp2)) {
1305 $maxphp2 = preg_replace(
'/t$/i',
'', $maxphp2);
1306 $maxphp2 = $maxphp2 * 1024 * 1024 * 1024;
1310 $maxphptoshow = $maxphptoshowparam =
'';
1312 $maxmin = min($maxmin, $maxphp);
1313 $maxphptoshow = $maxphp;
1314 $maxphptoshowparam =
'upload_max_filesize';
1317 $maxmin = min($maxmin, $maxphp2);
1318 if ($maxphp2 < $maxphp) {
1319 $maxphptoshow = $maxphp2;
1320 $maxphptoshowparam =
'post_max_size';
1326 return array(
'max' => $max,
'maxmin' => $maxmin,
'maxphptoshow' => $maxphptoshow,
'maxphptoshowparam' => $maxphptoshowparam);
if($user->socid > 0) if(! $user->hasRight('accounting', 'chartofaccount')) $object
if(!defined('NOTOKENRENEWAL')) if(!defined('NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined('NOREQUIREAJAX')) if(!defined('NOLOGIN')) if(!defined('NOCSRFCHECK')) if(!defined('NOIPCHECK')) llxHeaderVierge()
Header function.
if(!defined('NOREQUIRESOC')) if(!defined('NOREQUIRETRAN')) if(!defined('NOTOKENRENEWAL')) if(!defined('NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined('NOREQUIREAJAX')) llxHeader()
Empty header.
Class to manage agenda events (actions)
Class to manage projects.
Class to manage translations.
Class to manage Dolibarr users.
if(isModEnabled('invoice') && $user->hasRight('facture', 'lire')) if((isModEnabled('fournisseur') &&!getDolGlobalString('MAIN_USE_NEW_SUPPLIERMOD') && $user->hasRight("fournisseur", "facture", "lire"))||(isModEnabled('supplier_invoice') && $user->hasRight("supplier_invoice", "lire"))) if(isModEnabled('don') && $user->hasRight('don', 'lire')) if(isModEnabled('tax') && $user->hasRight('tax', 'charges', 'lire')) if(isModEnabled('invoice') &&isModEnabled('order') && $user->hasRight("commande", "lire") &&!getDolGlobalString('WORKFLOW_DISABLE_CREATE_INVOICE_FROM_ORDER')) $sql
Social contributions to pay.
dol_strlen($string, $stringencoding='UTF-8')
Make a strlen call.
getDolGlobalInt($key, $default=0)
Return a Dolibarr global constant int value.
dol_substr($string, $start, $length=null, $stringencoding='', $trunconbytes=0)
Make a substring.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
dol_print_error($db=null, $error='', $errors=null)
Displays error message system with all the information to facilitate the diagnosis and the escalation...
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
isModEnabled($module)
Is Dolibarr module enabled.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
if(!defined('NOREQUIREMENU')) if(!empty(GETPOST('seteventmessages', 'alpha'))) if(!function_exists("llxHeader")) top_httphead($contenttype='text/html', $forcenocache=0)
Show HTTP header.
dolEncrypt($chain, $key='', $ciphering='AES-256-CTR', $forceseed='')
Encode a string with a symmetric encryption.
dolGetRandomBytes($length)
Return a string of random bytes (hexa string) with length = $length for cryptographic purposes.
httponly_accessforbidden($message='1', $http_response_code=403, $stringalreadysanitized=0)
Show a message to say access is forbidden and stop program.
dol_encode($chain, $key='1')
Encode a string with base 64 algorithm + specific delta change.
checkUserAccessToObject($user, array $featuresarray, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='', $dbt_select='rowid', $parenttableforentity='')
Check that access by a given user to an object is ok.
dol_verifyHash($chain, $hash, $type='0')
Compute a hash and compare it to the given one For backward compatibility reasons,...
getMaxFileSizeArray()
Return the max allowed for file upload.
restrictedArea(User $user, $features, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid', $isdraft=0, $mode=0)
Check permissions of a user to show a page and an object.
dol_decode($chain, $key='1')
Decode a base 64 encoded + specific delta change.
dolGetLdapPasswordHash($password, $type='md5')
Returns a specific ldap hash of a password.
dolDecrypt($chain, $key='')
Decode a string with a symmetric encryption.
dol_hash($chain, $type='0', $nosalt=0)
Returns a hash (non reversible encryption) of a string.
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.