dolibarr  16.0.5
ws.lib.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2011 Laurent Destailleur <eldy@users.sourceforge.net>
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 3 of the License, or
7  * (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program. If not, see <https://www.gnu.org/licenses/>.
16  * or see https://www.gnu.org/
17  */
18 
35 function check_authentication($authentication, &$error, &$errorcode, &$errorlabel)
36 {
37  global $db, $conf, $langs;
38  global $dolibarr_main_authentication, $dolibarr_auto_user;
39 
40  $fuser = new User($db);
41 
42  if (!$error && ($authentication['dolibarrkey'] != $conf->global->WEBSERVICES_KEY)) {
43  $error++;
44  $errorcode = 'BAD_VALUE_FOR_SECURITY_KEY';
45  $errorlabel = 'Value provided into dolibarrkey entry field does not match security key defined in Webservice module setup';
46  }
47 
48  if (!$error && !empty($authentication['entity']) && !is_numeric($authentication['entity'])) {
49  $error++;
50  $errorcode = 'BAD_PARAMETERS';
51  $errorlabel = "The entity parameter must be empty (or filled with numeric id of instance if multicompany module is used).";
52  }
53 
54  if (!$error) {
55  $result = $fuser->fetch('', $authentication['login'], '', 0);
56  if ($result < 0) {
57  $error++;
58  $errorcode = 'ERROR_FETCH_USER';
59  $errorlabel = 'A technical error occurred during fetch of user';
60  } elseif ($result == 0) {
61  $error++;
62  $errorcode = 'BAD_CREDENTIALS';
63  $errorlabel = 'Bad value for login or password';
64  }
65 
66  if (!$error && $fuser->statut == 0) {
67  $error++;
68  $errorcode = 'ERROR_USER_DISABLED';
69  $errorlabel = 'This user has been locked or disabled';
70  }
71 
72  // Validation of login
73  if (!$error) {
74  $fuser->getrights(); // Load permission of user
75 
76  // Authentication mode
77  if (empty($dolibarr_main_authentication)) {
78  $dolibarr_main_authentication = 'http,dolibarr';
79  }
80  // Authentication mode: forceuser
81  if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) {
82  $dolibarr_auto_user = 'auto';
83  }
84  // Set authmode
85  $authmode = explode(',', $dolibarr_main_authentication);
86 
87  include_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
88  $login = checkLoginPassEntity($authentication['login'], $authentication['password'], $authentication['entity'], $authmode, 'ws');
89  if (empty($login)) {
90  $error++;
91  $errorcode = 'BAD_CREDENTIALS';
92  $errorlabel = 'Bad value for login or password';
93  }
94  }
95  }
96 
97  return $fuser;
98 }
checkLoginPassEntity
checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode, $context='')
Return a login if login/pass was successfull.
Definition: security2.lib.php:57
User
Class to manage Dolibarr users.
Definition: user.class.php:44
check_authentication
check_authentication($authentication, &$error, &$errorcode, &$errorlabel)
Check authentication array and set error, errorcode, errorlabel.
Definition: ws.lib.php:35