dolibarr  9.0.0
index.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2016-2017 Laurent Destailleur <eldy@users.sourceforge.net>
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 3 of the License, or
7  * (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program. If not, see <http://www.gnu.org/licenses/>.
16  */
17 
24 if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL',1); // Disables token renewal
25 if (! defined('NOLOGIN')) define("NOLOGIN",1);
26 if (! defined('NOCSRFCHECK')) define("NOCSRFCHECK",1); // We accept to go on this page from external web site.
27 if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1');
28 if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1');
29 if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1');
30 
36 function llxHeader()
37 {
38 }
44 function llxFooter()
45 {
46 }
47 
48 require '../../master.inc.php';
49 require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
50 
51 
52 $error=0;
53 $websitekey=GETPOST('website', 'alpha');
54 $pageid=GETPOST('page', 'alpha')?GETPOST('page', 'alpha'):GETPOST('pageid', 'alpha');
55 $pageref=GETPOST('pageref', 'aZ09')?GETPOST('pageref', 'aZ09'):'';
56 
57 $accessallowed = 1;
58 $type='';
59 
60 
61 if (empty($pageid))
62 {
63  require_once DOL_DOCUMENT_ROOT.'/website/class/website.class.php';
64  require_once DOL_DOCUMENT_ROOT.'/website/class/websitepage.class.php';
65 
66  $object=new Website($db);
67  $object->fetch(0, $websitekey);
68 
69  if (empty($object->id))
70  {
71  if (empty($pageid))
72  {
73  // Return header 404
74  header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found", true, 404);
75 
76  include DOL_DOCUMENT_ROOT.'/public/error-404.php';
77  exit;
78  }
79  }
80 
81  $objectpage=new WebsitePage($db);
82 
83  if ($pageref)
84  {
85  $result=$objectpage->fetch(0, $object->id, $pageref);
86  if ($result > 0)
87  {
88  $pageid = $objectpage->id;
89  }
90  elseif($result == 0)
91  {
92  // Page not found from ref=pageurl, we try using alternative alias
93  $result=$objectpage->fetch(0, $object->id, null, $pageref);
94  if ($result > 0)
95  {
96  $pageid = $objectpage->id;
97  }
98  }
99  }
100  else
101  {
102  if ($object->fk_default_home > 0)
103  {
104  $result=$objectpage->fetch($object->fk_default_home);
105  if ($result > 0)
106  {
107  $pageid = $objectpage->id;
108  }
109  }
110 
111  if (empty($pageid))
112  {
113  $array=$objectpage->fetchAll($object->id);
114  if (is_array($array) && count($array) > 0)
115  {
116  $firstrep=reset($array);
117  $pageid=$firstrep->id;
118  }
119  }
120  }
121 }
122 if (empty($pageid))
123 {
124  // Return header 404
125  header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found", true, 404);
126 
127  $langs->load("website");
128 
129  if (! GETPOSTISSET('pageref')) print $langs->trans("PreviewOfSiteNotYetAvailable", $websitekey);
130 
131  include DOL_DOCUMENT_ROOT.'/public/error-404.php';
132  exit;
133 }
134 
135 $appli=constant('DOL_APPLICATION_TITLE');
136 if (!empty($conf->global->MAIN_APPLICATION_TITLE)) $appli=$conf->global->MAIN_APPLICATION_TITLE;
137 
138 
139 
140 /*
141  * View
142  */
143 
144 //print 'Directory with '.$appli.' websites.<br>';
145 
146 
147 // Security: Delete string ../ into $original_file
148 global $dolibarr_main_data_root;
149 
150 if ($pageid == 'css') // No more used ?
151 {
152  header('Content-type: text/css');
153  // Important: Following code is to avoid page request by browser and PHP CPU at each Dolibarr page access.
154  //if (empty($dolibarr_nocache)) header('Cache-Control: max-age=3600, public, must-revalidate');
155  //else
156  header('Cache-Control: no-cache');
157  $original_file=$dolibarr_main_data_root.'/website/'.$websitekey.'/styles.css.php';
158 }
159 else
160 {
161  $original_file=$dolibarr_main_data_root.'/website/'.$websitekey.'/page'.$pageid.'.tpl.php';
162 }
163 
164 // Find the subdirectory name as the reference
165 $refname=basename(dirname($original_file)."/");
166 
167 // Security:
168 // Limite acces si droits non corrects
169 if (! $accessallowed)
170 {
171  accessforbidden();
172 }
173 
174 // Security:
175 // On interdit les remontees de repertoire ainsi que les pipe dans
176 // les noms de fichiers.
177 if (preg_match('/\.\./',$original_file) || preg_match('/[<>|]/',$original_file))
178 {
179  dol_syslog("Refused to deliver file ".$original_file);
180  $file=basename($original_file); // Do no show plain path of original_file in shown error message
181  dol_print_error(0,$langs->trans("ErrorFileNameInvalid",$file));
182  exit;
183 }
184 
185 clearstatcache();
186 
187 $filename = basename($original_file);
188 
189 // Output file on browser
190 dol_syslog("index.php include $original_file $filename content-type=$type");
191 $original_file_osencoded=dol_osencode($original_file); // New file name encoded in OS encoding charset
192 
193 // This test if file exists should be useless. We keep it to find bug more easily
194 if (! file_exists($original_file_osencoded))
195 {
196  // Return header 404
197  header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found", true, 404);
198 
199  $langs->load("website");
200  print $langs->trans("RequestedPageHasNoContentYet", $pageid);
201 
202  include DOL_DOCUMENT_ROOT.'/public/error-404.php';
203  exit;
204 }
205 
206 
207 // Output page content
208 define('USEDOLIBARRSERVER', 1);
209 print '<!-- Page content '.$original_file.' rendered with DOLIBARR SERVER : Html with CSS link and html header + Body that was saved into tpl dir -->'."\n";
210 include_once $original_file_osencoded; // Note: The pageXXX.tpl.php showed here contains a formatage with dolWebsiteOutput() at end of page.
211 
212 if (is_object($db)) $db->close();
dol_osencode($str)
Return a string encoded into OS filesystem encoding.
llxFooter()
Footer empty.
Definition: index.php:44
GETPOST($paramname, $check='none', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
print
Draft customers invoices.
Definition: index.php:91
Class Website.
dol_print_error($db='', $error='', $errors=null)
Affiche message erreur system avec toutes les informations pour faciliter le diagnostic et la remonte...
Class Websitepage.
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0)
Show a message to say access is forbidden and stop program Calling this function terminate execution ...
GETPOSTISSET($paramname)
Return true if we are in a context of submitting a parameter.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='')
Write log message into outputs.
llxHeader()
Header empty.
Definition: index.php:36