dolibarr  16.0.5
server_other.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2006-2016 Laurent Destailleur <eldy@users.sourceforge.net>
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 3 of the License, or
7  * (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program. If not, see <https://www.gnu.org/licenses/>.
16  */
17 
23 if (!defined("NOCSRFCHECK")) {
24  define("NOCSRFCHECK", '1');
25 }
26 
27 require '../master.inc.php';
28 require_once NUSOAP_PATH.'/nusoap.php'; // Include SOAP
29 require_once DOL_DOCUMENT_ROOT.'/core/lib/ws.lib.php';
30 require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
31 require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
32 require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
33 
34 
35 dol_syslog("Call Dolibarr webservices interfaces");
36 
37 $langs->load("main");
38 
39 // Enable and test if module web services is enabled
40 if (empty($conf->global->MAIN_MODULE_WEBSERVICES)) {
41  $langs->load("admin");
42  dol_syslog("Call Dolibarr webservices interfaces with module webservices disabled");
43  print $langs->trans("WarningModuleNotActive", 'WebServices').'.<br><br>';
44  print $langs->trans("ToActivateModule");
45  exit;
46 }
47 
48 // Create the soap Object
49 $server = new nusoap_server();
50 $server->soap_defencoding = 'UTF-8';
51 $server->decode_utf8 = false;
52 $ns = 'http://www.dolibarr.org/ns/';
53 $server->configureWSDL('WebServicesDolibarrOther', $ns);
54 $server->wsdl->schemaTargetNamespace = $ns;
55 
56 
57 // Define WSDL Authentication object
58 $server->wsdl->addComplexType(
59  'authentication',
60  'complexType',
61  'struct',
62  'all',
63  '',
64  array(
65  'dolibarrkey' => array('name'=>'dolibarrkey', 'type'=>'xsd:string'),
66  'sourceapplication' => array('name'=>'sourceapplication', 'type'=>'xsd:string'),
67  'login' => array('name'=>'login', 'type'=>'xsd:string'),
68  'password' => array('name'=>'password', 'type'=>'xsd:string'),
69  'entity' => array('name'=>'entity', 'type'=>'xsd:string'),
70  )
71 );
72 // Define WSDL Return object
73 $server->wsdl->addComplexType(
74  'result',
75  'complexType',
76  'struct',
77  'all',
78  '',
79  array(
80  'result_code' => array('name'=>'result_code', 'type'=>'xsd:string'),
81  'result_label' => array('name'=>'result_label', 'type'=>'xsd:string'),
82  )
83 );
84 
85 // Define WSDL Return object for document
86 $server->wsdl->addComplexType(
87  'document',
88  'complexType',
89  'struct',
90  'all',
91  '',
92  array(
93  'filename' => array('name'=>'filename', 'type'=>'xsd:string'),
94  'mimetype' => array('name'=>'mimetype', 'type'=>'xsd:string'),
95  'content' => array('name'=>'content', 'type'=>'xsd:string'),
96  'length' => array('name'=>'length', 'type'=>'xsd:string')
97  )
98 );
99 
100 // Define other specific objects
101 // None
102 
103 
104 // 5 styles: RPC/encoded, RPC/literal, Document/encoded (not WS-I compliant), Document/literal, Document/literal wrapped
105 // Style merely dictates how to translate a WSDL binding to a SOAP message. Nothing more. You can use either style with any programming model.
106 // http://www.ibm.com/developerworks/webservices/library/ws-whichwsdl/
107 $styledoc = 'rpc'; // rpc/document (document is an extend into SOAP 1.0 to support unstructured messages)
108 $styleuse = 'encoded'; // encoded/literal/literal wrapped
109 // Better choice is document/literal wrapped but literal wrapped not supported by nusoap.
110 
111 // Register WSDL
112 $server->register(
113  'getVersions',
114  // Entry values
115  array('authentication'=>'tns:authentication'),
116  // Exit values
117  array('result'=>'tns:result', 'dolibarr'=>'xsd:string', 'os'=>'xsd:string', 'php'=>'xsd:string', 'webserver'=>'xsd:string'),
118  $ns,
119  $ns.'#getVersions',
120  $styledoc,
121  $styleuse,
122  'WS to get Versions'
123 );
124 
125 // Register WSDL
126 $server->register(
127  'getDocument',
128  // Entry values
129  array('authentication'=>'tns:authentication', 'modulepart'=>'xsd:string', 'file'=>'xsd:string'),
130  // Exit values
131  array('result'=>'tns:result', 'document'=>'tns:document'),
132  $ns,
133  $ns.'#getDocument',
134  $styledoc,
135  $styleuse,
136  'WS to get document'
137 );
138 
139 
140 
147 function getVersions($authentication)
148 {
149  global $conf;
150 
151  dol_syslog("Function: getVersions login=".$authentication['login']);
152 
153  if ($authentication['entity']) {
154  $conf->entity = $authentication['entity'];
155  }
156 
157  // Init and check authentication
158  $objectresp = array();
159  $errorcode = ''; $errorlabel = '';
160  $error = 0;
161  $fuser = check_authentication($authentication, $error, $errorcode, $errorlabel);
162  // Check parameters
163 
164 
165  if (!$error) {
166  $objectresp['result'] = array('result_code'=>'OK', 'result_label'=>'');
167  $objectresp['dolibarr'] = version_dolibarr();
168  $objectresp['os'] = version_os();
169  $objectresp['php'] = version_php();
170  $objectresp['webserver'] = version_webserver();
171  }
172 
173  if ($error) {
174  $objectresp = array('result'=>array('result_code' => $errorcode, 'result_label' => $errorlabel));
175  }
176 
177  return $objectresp;
178 }
179 
180 
190 function getDocument($authentication, $modulepart, $file, $refname = '')
191 {
192  global $db, $conf;
193 
194  dol_syslog("Function: getDocument login=".$authentication['login'].' - modulepart='.$modulepart.' - file='.$file);
195 
196  if ($authentication['entity']) {
197  $conf->entity = $authentication['entity'];
198  }
199 
200  $objectresp = array();
201  $errorcode = ''; $errorlabel = '';
202  $error = 0;
203 
204  // Properties of doc
205  $original_file = $file;
206  $type = dol_mimetype($original_file);
207  //$relativefilepath = $ref . "/";
208  //$relativepath = $relativefilepath . $ref.'.pdf';
209 
210  $accessallowed = 0;
211 
212  $fuser = check_authentication($authentication, $error, $errorcode, $errorlabel);
213 
214  if ($fuser->socid) {
215  $socid = $fuser->socid;
216  }
217 
218  // Check parameters
219  if (!$error && (!$file || !$modulepart)) {
220  $error++;
221  $errorcode = 'BAD_PARAMETERS'; $errorlabel = "Parameter file and modulepart must be both provided.";
222  }
223 
224  if (!$error) {
225  $fuser->getrights();
226 
227  // Suppression de la chaine de caractere ../ dans $original_file
228  $original_file = str_replace("../", "/", $original_file);
229 
230  // find the subdirectory name as the reference
231  if (empty($refname)) {
232  $refname = basename(dirname($original_file)."/");
233  }
234 
235  // Security check
236  $check_access = dol_check_secure_access_document($modulepart, $original_file, $conf->entity, $fuser, $refname);
237  $accessallowed = $check_access['accessallowed'];
238  $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
239  $original_file = $check_access['original_file'];
240 
241  // Basic protection (against external users only)
242  if ($fuser->socid > 0) {
243  if ($sqlprotectagainstexternals) {
244  $resql = $db->query($sqlprotectagainstexternals);
245  if ($resql) {
246  $num = $db->num_rows($resql);
247  $i = 0;
248  while ($i < $num) {
249  $obj = $db->fetch_object($resql);
250  if ($fuser->socid != $obj->fk_soc) {
251  $accessallowed = 0;
252  break;
253  }
254  $i++;
255  }
256  }
257  }
258  }
259 
260  // Security:
261  // Limite acces si droits non corrects
262  if (!$accessallowed) {
263  $errorcode = 'NOT_PERMITTED';
264  $errorlabel = 'Access not allowed';
265  $error++;
266  }
267 
268  // Security:
269  // On interdit les remontees de repertoire ainsi que les pipe dans
270  // les noms de fichiers.
271  if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) {
272  dol_syslog("Refused to deliver file ".$original_file);
273  $errorcode = 'REFUSED';
274  $errorlabel = '';
275  $error++;
276  }
277 
278  clearstatcache();
279 
280  if (!$error) {
281  if (file_exists($original_file)) {
282  dol_syslog("Function: getDocument $original_file content-type=$type");
283 
284  $f = fopen($original_file, 'r');
285  $content_file = fread($f, filesize($original_file));
286 
287  $objectret = array(
288  'filename' => basename($original_file),
289  'mimetype' => dol_mimetype($original_file),
290  'content' => base64_encode($content_file),
291  'length' => filesize($original_file)
292  );
293 
294  // Create return object
295  $objectresp = array(
296  'result'=>array('result_code'=>'OK', 'result_label'=>''),
297  'document'=>$objectret
298  );
299  } else {
300  dol_syslog("File doesn't exist ".$original_file);
301  $errorcode = 'NOT_FOUND';
302  $errorlabel = '';
303  $error++;
304  }
305  }
306  }
307 
308  if ($error) {
309  $objectresp = array(
310  'result'=>array('result_code' => $errorcode, 'result_label' => $errorlabel)
311  );
312  }
313 
314  return $objectresp;
315 }
316 
317 // Return the results.
318 $server->service(file_get_contents("php://input"));
version_dolibarr
version_dolibarr()
Return Dolibarr version.
Definition: functions2.lib.php:1896
dol_mimetype
dol_mimetype($file, $default='application/octet-stream', $mode=0)
Return MIME type of a file from its name with extension.
Definition: functions.lib.php:9741
getVersions
getVersions($authentication)
Full methods code.
Definition: server_other.php:147
version_webserver
version_webserver()
Return web server version.
Definition: functions2.lib.php:1906
version_os
version_os($option='')
Return OS version.
Definition: functions2.lib.php:1869
dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition: functions.lib.php:1603
dol_check_secure_access_document
dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser='', $refname='', $mode='read')
Security check when accessing to a document (used by document.php, viewimage.php and webservices to g...
Definition: files.lib.php:2405
version_php
version_php()
Return PHP version.
Definition: functions2.lib.php:1885
check_authentication
check_authentication($authentication, &$error, &$errorcode, &$errorlabel)
Check authentication array and set error, errorcode, errorlabel.
Definition: ws.lib.php:35
$resql
if(isModEnabled('facture') &&!empty($user->rights->facture->lire)) if((isModEnabled('fournisseur') &&empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD) && $user->rights->fournisseur->facture->lire)||(isModEnabled('supplier_invoice') && $user->rights->supplier_invoice->lire)) if(isModEnabled('don') &&!empty($user->rights->don->lire)) if(isModEnabled('tax') &&!empty($user->rights->tax->charges->lire)) if(isModEnabled('facture') &&isModEnabled('commande') && $user->rights->commande->lire &&empty($conf->global->WORKFLOW_DISABLE_CREATE_INVOICE_FROM_ORDER)) $resql
Social contributions to pay.
Definition: index.php:742
getDocument
getDocument($authentication, $modulepart, $file, $refname='')
Method to get a document by webservice.
Definition: server_other.php:190
Generated on Sun Feb 4 2024 01:01:40 for dolibarr by Doxygen 1.8.17