dolibarr  9.0.0
Functions
security.lib.php File Reference

Set of function used for dolibarr security (common function included into filefunc.inc.php) Warning, this file must not depends on other library files, except function.lib.php because it is used at low code level. More...

Go to the source code of this file.

Functions

 dol_encode ($chain, $key='1')
 Encode a string with base 64 algorithm + specific delta change. More...
 
 dol_decode ($chain, $key='1')
 Decode a base 64 encoded + specific delta change. More...
 
 dol_hash ($chain, $type='0')
 Returns a hash of a string. More...
 
 dol_verifyHash ($chain, $hash, $type='0')
 Compute a hash and compare it to the given one For backward compatibility reasons, if the hash is not in the password_hash format, we will try to match against md5 and sha1md5 If constant MAIN_SECURITY_HASH_ALGO is defined, we use this function as hashing function. More...
 
 restrictedArea ($user, $features, $objectid=0, $tableandshare='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid', $isdraft=0)
 Check permissions of a user to show a page and an object. More...
 
 checkUserAccessToObject ($user, $featuresarray, $objectid=0, $tableandshare='', $feature2='', $dbt_keyfield='', $dbt_select='rowid')
 Check access by user to object. More...
 
 accessforbidden ($message='', $printheader=1, $printfooter=1, $showonlymessage=0)
 Show a message to say access is forbidden and stop program Calling this function terminate execution of PHP. More...
 

Detailed Description

Set of function used for dolibarr security (common function included into filefunc.inc.php) Warning, this file must not depends on other library files, except function.lib.php because it is used at low code level.

Definition in file security.lib.php.

Function Documentation

◆ accessforbidden()

accessforbidden (   $message = '',
  $printheader = 1,
  $printfooter = 1,
  $showonlymessage = 0 
)

Show a message to say access is forbidden and stop program Calling this function terminate execution of PHP.

Parameters
string$messageForce error message
int$printheaderShow header before
int$printfooterShow footer after
int$showonlymessageShow only message parameter. Otherwise add more information.
Returns
void

Definition at line 659 of file security.lib.php.

◆ checkUserAccessToObject()

checkUserAccessToObject (   $user,
  $featuresarray,
  $objectid = 0,
  $tableandshare = '',
  $feature2 = '',
  $dbt_keyfield = '',
  $dbt_select = 'rowid' 
)

Check access by user to object.

This function is also called by restrictedArea

Parameters
User$userUser to check
array$featuresarrayFeatures/modules to check. Example: ('user','service','member','project','task',...)
int | string$objectidObject ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
string$tableandshare'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity for multicompany modume. Param not used if objectid is null (optional).
string$feature2Feature to check, second level of permission (optional). Can be or check with 'level1|level2'.
string$dbt_keyfieldField name for socid foreign key if not fk_soc. Not used if objectid is null (optional)
string$dbt_selectField name for select if not rowid. Not used if objectid is null (optional)
Returns
bool True if user has access, False otherwise
See also
restrictedArea

Definition at line 435 of file security.lib.php.

◆ dol_decode()

dol_decode (   $chain,
  $key = '1' 
)

Decode a base 64 encoded + specific delta change.

This function is called by filefunc.inc.php at each page call.

Parameters
string$chainstring to decode
string$keyrule to use for delta ('0', '1' or 'myownkey')
Returns
string decoded string
See also
dol_encode

Definition at line 73 of file security.lib.php.

◆ dol_encode()

dol_encode (   $chain,
  $key = '1' 
)

Encode a string with base 64 algorithm + specific delta change.

Parameters
string$chainstring to encode
string$keyrule to use for delta ('0', '1' or 'myownkey')
Returns
string encoded string
See also
dol_decode

Definition at line 37 of file security.lib.php.

◆ dol_hash()

dol_hash (   $chain,
  $type = '0' 
)

Returns a hash of a string.

If constant MAIN_SECURITY_HASH_ALGO is defined, we use this function as hashing function (recommanded value is 'password_hash') If constant MAIN_SECURITY_SALT is defined, we use it as a salt (used only if hashing algorightm is something else than 'password_hash').

Parameters
string$chainString to hash
string$typeType of hash ('0':auto will use MAIN_SECURITY_HASH_ALGO else md5, '1':sha1, '2':sha1+md5, '3':md5, '4':md5 for OpenLdap, '5':sha256). Use '3' here, if hash is not needed for security purpose, for security need, prefer '0'.
Returns
string Hash of string

Definition at line 114 of file security.lib.php.

Referenced by BlockedLog\checkSignature(), SMTPs\setAttachment(), SMTPs\setBodyContent(), and SMTPs\setImageInline().

◆ dol_verifyHash()

dol_verifyHash (   $chain,
  $hash,
  $type = '0' 
)

Compute a hash and compare it to the given one For backward compatibility reasons, if the hash is not in the password_hash format, we will try to match against md5 and sha1md5 If constant MAIN_SECURITY_HASH_ALGO is defined, we use this function as hashing function.

If constant MAIN_SECURITY_SALT is defined, we use it as a salt.

Parameters
string$chainString to hash
string$hashhash to compare
string$typeType of hash ('0':auto, '1':sha1, '2':sha1+md5, '3':md5, '4':md5 for OpenLdap, '5':sha256). Use '3' here, if hash is not needed for security purpose, for security need, prefer '0'.
Returns
bool True if the computed hash is the same as the given one

Definition at line 150 of file security.lib.php.

◆ restrictedArea()

restrictedArea (   $user,
  $features,
  $objectid = 0,
  $tableandshare = '',
  $feature2 = '',
  $dbt_keyfield = 'fk_soc',
  $dbt_select = 'rowid',
  $isdraft = 0 
)

Check permissions of a user to show a page and an object.

Check read permission. If GETPOST('action','aZ09') defined, we also check write and delete permission.

Parameters
User$userUser to check
string$featuresFeatures to check (it must be module name. Examples: 'societe', 'contact', 'produit&service', 'produit|service', ...)
int$objectidObject ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
string$tableandshare'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity for multicompany modume. Param not used if objectid is null (optional).
string$feature2Feature to check, second level of permission (optional). Can be a 'or' check with 'level1|level2'.
string$dbt_keyfieldField name for socid foreign key if not fk_soc. Not used if objectid is null (optional)
string$dbt_selectField name for select if not rowid. Not used if objectid is null (optional)
int$isdraft1=The object with id=$objectid is a draft
Returns
int Always 1, die process if not allowed
See also
dol_check_secure_access_document

Definition at line 181 of file security.lib.php.