28 if (!defined(
'NOTOKENRENEWAL')) {
29 define(
'NOTOKENRENEWAL',
'1');
31 if (!defined(
'NOREQUIREMENU')) {
32 define(
'NOREQUIREMENU',
'1');
34 if (!defined(
'NOREQUIREHTML')) {
35 define(
'NOREQUIREHTML',
'1');
37 if (!defined(
'NOREQUIREAJAX')) {
38 define(
'NOREQUIREAJAX',
'1');
40 if (!defined(
'NOLOGIN')) {
43 if (!defined(
'NOCSRFCHECK')) {
44 define(
"NOCSRFCHECK", 1);
47 require
"../main.inc.php";
48 require_once DOL_DOCUMENT_ROOT.
'/core/lib/security2.lib.php';
49 require_once DOL_DOCUMENT_ROOT.
'/core/class/html.formcompany.class.php';
50 require_once DOL_DOCUMENT_ROOT.
'/dav/dav.class.php';
51 require_once DOL_DOCUMENT_ROOT.
'/dav/dav.lib.php';
52 require_once DOL_DOCUMENT_ROOT.
'/includes/sabre/autoload.php';
55 $user =
new User($db);
56 if (isset($_SERVER[
'PHP_AUTH_USER']) && $_SERVER[
'PHP_AUTH_USER'] !=
'') {
57 $user->fetch(
'', $_SERVER[
'PHP_AUTH_USER']);
62 $langs->loadLangs(array(
"main",
"other"));
65 if (empty($conf->dav->enabled)) {
71 if (!empty($conf->global->DAV_RESTRICT_ON_IP)) {
72 $allowedip = explode(
' ', $conf->global->DAV_RESTRICT_ON_IP);
74 if (!in_array($ipremote, $allowedip)) {
75 dol_syslog(
'Remote ip is '.$ipremote.
', not into list '.$conf->global->DAV_RESTRICT_ON_IP);
76 print
'DAV not allowed from the IP '.$ipremote;
77 header(
'HTTP/1.1 503 DAV not allowed from your IP '.$ipremote);
84 $entity = (
GETPOST(
'entity',
'int') ?
GETPOST(
'entity',
'int') : (!empty($conf->entity) ? $conf->entity : 1));
87 $publicDir = $conf->dav->multidir_output[$entity].
'/public';
88 $privateDir = $conf->dav->multidir_output[$entity].
'/private';
89 $ecmDir = $conf->ecm->multidir_output[$entity];
90 $tmpDir = $conf->dav->multidir_output[$entity];
95 $authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(
function ($username, $password) {
98 global $dolibarr_main_authentication, $dolibarr_auto_user;
100 if (empty($user->login)) {
101 dol_syslog(
"Failed to authenticate to DAV, login is not provided", LOG_WARNING);
104 if ($user->socid > 0) {
105 dol_syslog(
"Failed to authenticate to DAV, use is an external user", LOG_WARNING);
108 if ($user->login != $username) {
109 dol_syslog(
"Failed to authenticate to DAV, login does not match the login of loaded user", LOG_WARNING);
114 if (empty($dolibarr_main_authentication)) {
115 $dolibarr_main_authentication =
'dolibarr';
119 if ($dolibarr_main_authentication ==
'forceuser') {
120 if (empty($dolibarr_auto_user)) {
121 $dolibarr_auto_user =
'auto';
123 if ($dolibarr_auto_user != $username) {
124 dol_syslog(
"Warning: your instance is set to use the automatic forced login '".$dolibarr_auto_user.
"' that is not the requested login. DAV usage is forbidden in this mode.");
129 $authmode = explode(
',', $dolibarr_main_authentication);
130 $entity = (
GETPOST(
'entity',
'int') ?
GETPOST(
'entity',
'int') : (!empty($conf->entity) ? $conf->entity : 1));
139 $authBackend->setRealm(constant(
'DOL_APPLICATION_TITLE'));
155 if (!empty($conf->global->DAV_ALLOW_PUBLIC_DIR)) {
156 $nodes[] = new \Sabre\DAV\FS\Directory($publicDir);
159 $nodes[] = new \Sabre\DAV\FS\Directory($privateDir);
161 if (!empty($conf->ecm->enabled) && !empty($conf->global->DAV_ALLOW_ECM_DIR)) {
162 $nodes[] = new \Sabre\DAV\FS\Directory($ecmDir);
181 $server = new \Sabre\DAV\Server($nodes);
185 $baseUri = DOL_URL_ROOT.
'/dav/fileserver.php/';
186 if (isset($baseUri)) {
187 $server->setBaseUri($baseUri);
191 if ((empty($conf->global->DAV_ALLOW_PUBLIC_DIR)
192 || !preg_match(
'/'.preg_quote(DOL_URL_ROOT.
'/dav/fileserver.php/public',
'/').
'/', $_SERVER[
"PHP_SELF"]))
193 && !preg_match(
'/^sabreAction=asset&assetName=[a-zA-Z0-9%\-\/]+\.(png|css|woff|ico|ttf)$/', $_SERVER[
"QUERY_STRING"])
196 $server->addPlugin(
new \Sabre\DAV\Auth\Plugin($authBackend));
199 $lockBackend = new \Sabre\DAV\Locks\Backend\File($tmpDir.
'/.locksdb');
200 $lockPlugin = new \Sabre\DAV\Locks\Plugin($lockBackend);
201 $server->addPlugin($lockPlugin);
204 if (empty($conf->global->DAV_DISABLE_BROWSER)) {
205 $browser = new \Sabre\DAV\Browser\Plugin();
206 $server->addPlugin($browser);
224 if (is_object($db)) {