dolibarr  16.0.5
index.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2016-2017 Laurent Destailleur <eldy@users.sourceforge.net>
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 3 of the License, or
7  * (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program. If not, see <https://www.gnu.org/licenses/>.
16  *
17  * Note about $_SERVER:
18  * REQUEST_URI: /test/before_rewrite/script.php/path/info?q=helloword
19  * PHP_SELF: /test/after_rewrite/script.php/path/info
20  * QUERY_STRING: q=helloword
21  * SCRIPT_NAME: /test/after_rewrite/script.php
22  * PATH_INFO: /path/info
23  * SCRIPT_FILENAME: /var/www/test/php/script.php
24  * __FILE__ : /var/www/test/php/script_included.php
25  */
26 
33 if (!defined('NOTOKENRENEWAL')) {
34  define('NOTOKENRENEWAL', 1); // Disables token renewal
35 }
36 if (!defined('NOLOGIN')) {
37  define("NOLOGIN", 1);
38 }
39 if (!defined('NOCSRFCHECK')) {
40  define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.
41 }
42 if (!defined('NOREQUIREMENU')) {
43  define('NOREQUIREMENU', '1');
44 }
45 if (!defined('NOREQUIREHTML')) {
46  define('NOREQUIREHTML', '1');
47 }
48 if (!defined('NOREQUIREAJAX')) {
49  define('NOREQUIREAJAX', '1');
50 }
51 if (!defined('NOIPCHECK')) {
52  define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip
53 }
54 if (!defined('NOBROWSERNOTIF')) {
55  define('NOBROWSERNOTIF', '1');
56 }
57 
63 function llxHeader()
64 {
65 }
71 function llxFooter()
72 {
73 }
74 
75 require '../../master.inc.php';
76 require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
77 
78 
79 $error = 0;
80 $websitekey = GETPOST('website', 'alpha');
81 $pageid = GETPOST('page', 'alpha') ?GETPOST('page', 'alpha') : GETPOST('pageid', 'alpha');
82 $pageref = GETPOST('pageref', 'alphanohtml') ?GETPOST('pageref', 'alphanohtml') : '';
83 
84 $accessallowed = 1;
85 $type = '';
86 
87 
88 if (empty($pageid)) {
89  require_once DOL_DOCUMENT_ROOT.'/website/class/website.class.php';
90  require_once DOL_DOCUMENT_ROOT.'/website/class/websitepage.class.php';
91 
92  $object = new Website($db);
93  $object->fetch(0, $websitekey);
94 
95  if (empty($object->id)) {
96  if (empty($pageid)) {
97  // Return header 404
98  header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found", true, 404);
99 
100  include DOL_DOCUMENT_ROOT.'/public/error-404.php';
101  exit;
102  }
103  }
104 
105  $objectpage = new WebsitePage($db);
106 
107  if ($pageref) {
108  $result = $objectpage->fetch(0, $object->id, $pageref);
109  if ($result > 0) {
110  $pageid = $objectpage->id;
111  } elseif ($result == 0) {
112  // Page not found from ref=pageurl, we try using alternative alias
113  $result = $objectpage->fetch(0, $object->id, null, $pageref);
114  if ($result > 0) {
115  $pageid = $objectpage->id;
116  }
117  }
118  } else {
119  if ($object->fk_default_home > 0) {
120  $result = $objectpage->fetch($object->fk_default_home);
121  if ($result > 0) {
122  $pageid = $objectpage->id;
123  }
124  }
125 
126  if (empty($pageid)) {
127  $array = $objectpage->fetchAll($object->id); // TODO Can filter on container of type pages only ?
128  if (is_array($array) && count($array) > 0) {
129  $firstrep = reset($array);
130  $pageid = $firstrep->id;
131  }
132  }
133  }
134 }
135 if (empty($pageid)) {
136  // Return header 404
137  header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found", true, 404);
138 
139  $langs->load("website");
140 
141  if (!GETPOSTISSET('pageref')) {
142  print $langs->trans("PreviewOfSiteNotYetAvailable", $websitekey);
143  }
144 
145  include DOL_DOCUMENT_ROOT.'/public/error-404.php';
146  exit;
147 }
148 
149 $appli = constant('DOL_APPLICATION_TITLE');
150 if (!empty($conf->global->MAIN_APPLICATION_TITLE)) {
151  $appli = $conf->global->MAIN_APPLICATION_TITLE;
152 }
153 
154 
155 
156 /*
157  * View
158  */
159 
160 //print 'Directory with '.$appli.' websites.<br>';
161 
162 
163 // Security: Delete string ../ into $original_file
164 global $dolibarr_main_data_root;
165 
166 if ($pageid == 'css') { // No more used ?
167  header('Content-type: text/css');
168  // Important: Following code is to avoid page request by browser and PHP CPU at each Dolibarr page access.
169  //if (empty($dolibarr_nocache)) header('Cache-Control: max-age=3600, public, must-revalidate');
170  //else
171  header('Cache-Control: no-cache');
172  $original_file = $dolibarr_main_data_root.($conf->entity > 1 ? '/'.$conf->entity : '').'/website/'.$websitekey.'/styles.css.php';
173 } else {
174  $original_file = $dolibarr_main_data_root.($conf->entity > 1 ? '/'.$conf->entity : '').'/website/'.$websitekey.'/page'.$pageid.'.tpl.php';
175 }
176 
177 // Find the subdirectory name as the reference
178 $refname = basename(dirname($original_file)."/");
179 
180 // Security:
181 // Limite acces si droits non corrects
182 if (!$accessallowed) {
183  accessforbidden();
184 }
185 
186 // Security:
187 // On interdit les remontees de repertoire ainsi que les pipe dans
188 // les noms de fichiers.
189 if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) {
190  dol_syslog("Refused to deliver file ".$original_file);
191  $file = basename($original_file); // Do no show plain path of original_file in shown error message
192  dol_print_error(0, $langs->trans("ErrorFileNameInvalid", $file));
193  exit;
194 }
195 
196 clearstatcache();
197 
198 $filename = basename($original_file);
199 
200 // Output file on browser
201 dol_syslog("index.php include $original_file $filename content-type=$type");
202 $original_file_osencoded = dol_osencode($original_file); // New file name encoded in OS encoding charset
203 
204 // This test if file exists should be useless. We keep it to find bug more easily
205 if (!file_exists($original_file_osencoded)) {
206  // Return header 404
207  header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found", true, 404);
208 
209  $langs->load("website");
210  print $langs->trans("RequestedPageHasNoContentYet", $pageid);
211 
212  include DOL_DOCUMENT_ROOT.'/public/error-404.php';
213  exit;
214 }
215 
216 
217 // Output page content
218 define('USEDOLIBARRSERVER', 1);
219 print '<!-- Page content '.$original_file.' rendered with DOLIBARR SERVER : Html with CSS link and html header + Body that was saved into tpl dir -->'."\n";
220 include_once $original_file_osencoded; // Note: The pageXXX.tpl.php showed here contains a formatage with dolWebsiteOutput() at end of page.
221 
222 if (is_object($db)) {
223  $db->close();
224 }
WebsitePage
Class Websitepage.
Definition: websitepage.class.php:36
dol_osencode
dol_osencode($str)
Return a string encoded into OS filesystem encoding.
Definition: functions.lib.php:8499
GETPOST
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
Definition: functions.lib.php:484
dol_print_error
dol_print_error($db='', $error='', $errors=null)
Displays error message system with all the information to facilitate the diagnosis and the escalation...
Definition: functions.lib.php:4844
llxFooter
llxFooter()
Footer empty.
Definition: index.php:71
dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition: functions.lib.php:1603
llxHeader
if(!defined('NOTOKENRENEWAL')) if(!defined('NOLOGIN')) if(!defined('NOCSRFCHECK')) if(!defined('NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined('NOREQUIREAJAX')) if(!defined('NOIPCHECK')) if(!defined('NOBROWSERNOTIF')) llxHeader()
Header empty.
Definition: index.php:63
Website
Class Website.
Definition: website.class.php:36
GETPOSTISSET
GETPOSTISSET($paramname)
Return true if we are in a context of submitting the parameter $paramname from a POST of a form.
Definition: functions.lib.php:386
accessforbidden
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program Calling this function terminate execution ...
Definition: security.lib.php:933