40 if (is_numeric($key) && $key ==
'1') {
41 $output_tab = array();
43 for ($i = 0; $i < $strlength; $i++) {
44 $output_tab[$i] = chr(ord(substr($chain, $i, 1)) + 17);
46 $chain = implode(
"", $output_tab);
50 for ($i = 0; $i < $strlength; $i++) {
51 $keychar = substr($key, ($i % strlen($key)) - 1, 1);
52 $result .= chr(ord(substr($chain, $i, 1)) + (ord($keychar) - 65));
57 return base64_encode($chain);
71 $chain = base64_decode($chain);
73 if (is_numeric($key) && $key ==
'1') {
74 $output_tab = array();
76 for ($i = 0; $i < $strlength; $i++) {
77 $output_tab[$i] = chr(ord(substr($chain, $i, 1)) - 17);
80 $chain = implode(
"", $output_tab);
84 for ($i = 0; $i < $strlength; $i++) {
85 $keychar = substr($key, ($i % strlen($key)) - 1, 1);
86 $result .= chr(ord(substr($chain, $i, 1)) - (ord($keychar) - 65));
102 if (function_exists(
'random_bytes')) {
103 return bin2hex(random_bytes((
int) floor($length / 2)));
106 return bin2hex(openssl_random_pseudo_bytes((
int) floor($length / 2)));
120 function dolEncrypt($chain, $key =
'', $ciphering =
'AES-256-CTR', $forceseed =
'')
122 global $dolibarr_main_instance_unique_id;
123 global $dolibarr_disable_dolcrypt_for_debug;
125 if ($chain ===
'' || is_null($chain)) {
130 if (preg_match(
'/^dolcrypt:([^:]+):(.+)$/', $chain, $reg)) {
136 $key = $dolibarr_main_instance_unique_id;
138 if (empty($ciphering)) {
139 $ciphering =
'AES-256-CTR';
144 if (function_exists(
'openssl_encrypt') && empty($dolibarr_disable_dolcrypt_for_debug)) {
146 if (function_exists(
'openssl_cipher_iv_length')) {
147 $ivlen = openssl_cipher_iv_length($ciphering);
149 if ($ivlen ===
false || $ivlen < 1 || $ivlen > 32) {
152 if (empty($forceseed)) {
155 $ivseed =
dol_substr(md5($forceseed), 0, $ivlen,
'ascii', 1);
158 $newchain = openssl_encrypt($chain, $ciphering, $key, 0, $ivseed);
159 return 'dolcrypt:'.$ciphering.
':'.$ivseed.
':'.$newchain;
176 global $dolibarr_main_instance_unique_id;
178 if ($chain ===
'' || is_null($chain)) {
183 $key = $dolibarr_main_instance_unique_id;
187 if (preg_match(
'/^dolcrypt:([^:]+):(.+)$/', $chain, $reg)) {
188 $ciphering = $reg[1];
189 if (function_exists(
'openssl_decrypt')) {
190 $tmpexplode = explode(
':', $reg[2]);
191 if (!empty($tmpexplode[1]) && is_string($tmpexplode[0])) {
192 $newchain = openssl_decrypt($tmpexplode[1], $ciphering, $key, 0, $tmpexplode[0]);
194 $newchain = openssl_decrypt($tmpexplode[0], $ciphering, $key, 0,
null);
197 $newchain =
'Error function openssl_decrypt() not available';
220 if (($type ==
'0' || $type ==
'auto') && !empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'password_hash' && function_exists(
'password_hash')) {
221 return password_hash($chain, PASSWORD_DEFAULT);
225 if (!empty($conf->global->MAIN_SECURITY_SALT) && $type !=
'4' && $type !==
'openldap') {
226 $chain = $conf->global->MAIN_SECURITY_SALT.$chain;
229 if ($type ==
'1' || $type ==
'sha1') {
231 } elseif ($type ==
'2' || $type ==
'sha1md5') {
232 return sha1(md5($chain));
233 } elseif ($type ==
'3' || $type ==
'md5') {
235 } elseif ($type ==
'4' || $type ==
'openldap') {
237 } elseif ($type ==
'5' || $type ==
'sha256') {
238 return hash(
'sha256', $chain);
239 } elseif ($type ==
'6' || $type ==
'password_hash') {
240 return password_hash($chain, PASSWORD_DEFAULT);
241 } elseif (!empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'sha1') {
243 } elseif (!empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'sha1md5') {
244 return sha1(md5($chain));
267 if ($type ==
'0' && !empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'password_hash' && function_exists(
'password_verify')) {
268 if (! empty($hash[0]) && $hash[0] ==
'$') {
269 return password_verify($chain, $hash);
279 return dol_hash($chain, $type) == $hash;
295 $salt = substr(sha1(time()), 0, 8);
297 if ($type ===
'md5') {
298 return '{MD5}' . base64_encode(hash(
"md5", $password,
true));
299 } elseif ($type ===
'md5frommd5') {
300 return '{MD5}' . base64_encode(hex2bin($password));
301 } elseif ($type ===
'smd5') {
302 return "{SMD5}" . base64_encode(hash(
"md5", $password . $salt,
true) . $salt);
303 } elseif ($type ===
'sha') {
304 return '{SHA}' . base64_encode(hash(
"sha1", $password,
true));
305 } elseif ($type ===
'ssha') {
306 return "{SSHA}" . base64_encode(hash(
"sha1", $password . $salt,
true) . $salt);
307 } elseif ($type ===
'sha256') {
308 return "{SHA256}" . base64_encode(hash(
"sha256", $password,
true));
309 } elseif ($type ===
'ssha256') {
310 return "{SSHA256}" . base64_encode(hash(
"sha256", $password . $salt,
true) . $salt);
311 } elseif ($type ===
'sha384') {
312 return "{SHA384}" . base64_encode(hash(
"sha384", $password,
true));
313 } elseif ($type ===
'ssha384') {
314 return "{SSHA384}" . base64_encode(hash(
"sha384", $password . $salt,
true) . $salt);
315 } elseif ($type ===
'sha512') {
316 return "{SHA512}" . base64_encode(hash(
"sha512", $password,
true));
317 } elseif ($type ===
'ssha512') {
318 return "{SSHA512}" . base64_encode(hash(
"sha512", $password . $salt,
true) . $salt);
319 } elseif ($type ===
'crypt') {
320 return '{CRYPT}' . crypt($password, $salt);
321 } elseif ($type ===
'clear') {
322 return '{CLEAR}' . $password;
346 function restrictedArea(
User $user, $features, $object = 0, $tableandshare =
'', $feature2 =
'', $dbt_keyfield =
'fk_soc', $dbt_select =
'rowid', $isdraft = 0, $mode = 0)
351 if (is_object($object)) {
352 $objectid = $object->id;
356 if ($objectid ==
"-1") {
360 $objectid = preg_replace(
'/[^0-9\.\,]/',
'', $objectid);
368 $parentfortableentity =
'';
371 $originalfeatures = $features;
372 if ($features ==
'facturerec') {
373 $features =
'facture';
375 if ($features ==
'supplier_invoicerec') {
376 $features =
'fournisseur';
377 $feature2 =
'facture';
379 if ($features ==
'mo') {
382 if ($features ==
'member') {
383 $features =
'adherent';
385 if ($features ==
'subscription') {
386 $features =
'adherent';
387 $feature2 =
'cotisation';
389 if ($features ==
'websitepage') {
390 $features =
'website';
391 $tableandshare =
'website_page';
392 $parentfortableentity =
'fk_website@website';
394 if ($features ==
'project') {
395 $features =
'projet';
397 if ($features ==
'product') {
398 $features =
'produit';
400 if ($features ==
'payment_sc') {
401 $tableandshare =
'paiementcharge';
402 $parentfortableentity =
'fk_charge@chargesociales';
406 $parameters = array(
'features'=>$features,
'originalfeatures'=>$originalfeatures,
'objectid'=>$objectid,
'dbt_select'=>$dbt_select,
'idtype'=>$dbt_select,
'isdraft'=>$isdraft);
407 $reshook = $hookmanager->executeHooks(
'restrictedArea', $parameters);
409 if (isset($hookmanager->resArray[
'result'])) {
410 if ($hookmanager->resArray[
'result'] == 0) {
423 $featuresarray = array($features);
424 if (preg_match(
'/&/', $features)) {
425 $featuresarray = explode(
"&", $features);
426 } elseif (preg_match(
'/\|/', $features)) {
427 $featuresarray = explode(
"|", $features);
431 if (!empty($feature2)) {
432 $feature2 = explode(
"|", $feature2);
435 $listofmodules = explode(
',', $conf->global->MAIN_MODULES_FOR_EXTERNAL);
440 foreach ($featuresarray as $feature) {
441 $featureforlistofmodule = $feature;
442 if ($featureforlistofmodule ==
'produit') {
443 $featureforlistofmodule =
'product';
445 if ($featureforlistofmodule ==
'supplier_proposal') {
446 $featureforlistofmodule =
'supplierproposal';
448 if (!empty($user->socid) && !empty($conf->global->MAIN_MODULES_FOR_EXTERNAL) && !in_array($featureforlistofmodule, $listofmodules)) {
454 if ($feature ==
'societe') {
455 if (!$user->hasRight(
'societe',
'lire') && !$user->hasRight(
'fournisseur',
'lire')) {
459 } elseif ($feature ==
'contact') {
460 if (empty($user->rights->societe->contact->lire)) {
464 } elseif ($feature ==
'produit|service') {
465 if (empty($user->rights->produit->lire) && empty($user->rights->service->lire)) {
469 } elseif ($feature ==
'prelevement') {
470 if (empty($user->rights->prelevement->bons->lire)) {
474 } elseif ($feature ==
'cheque') {
475 if (empty($user->rights->banque->cheque)) {
479 } elseif ($feature ==
'projet') {
480 if (empty($user->rights->projet->lire) && empty($user->rights->projet->all->lire)) {
484 } elseif ($feature ==
'payment') {
485 if (empty($user->rights->facture->lire)) {
489 } elseif ($feature ==
'payment_supplier') {
490 if (empty($user->rights->fournisseur->facture->lire)) {
494 } elseif ($feature ==
'payment_sc') {
495 if (empty($user->rights->tax->charges->lire)) {
499 } elseif (!empty($feature2)) {
501 foreach ($feature2 as $subfeature) {
502 if ($subfeature ==
'user' && $user->id == $objectid) {
505 if (!empty($subfeature) && empty($user->rights->$feature->$subfeature->lire) && empty($user->rights->$feature->$subfeature->read)) {
507 } elseif (empty($subfeature) && empty($user->rights->$feature->lire) && empty($user->rights->$feature->read)) {
518 } elseif (!empty($feature) && ($feature !=
'user' && $feature !=
'usergroup')) {
519 if (empty($user->rights->$feature->lire)
520 && empty($user->rights->$feature->read)
521 && empty($user->rights->$feature->run)) {
529 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
545 $wemustcheckpermissionforcreate = (
GETPOST(
'sendit',
'alpha') ||
GETPOST(
'linkit',
'alpha') || in_array(
GETPOST(
'action',
'aZ09'), array(
'create',
'update',
'add_element_resource',
'confirm_deletebank',
'confirm_delete_linked_resource')) ||
GETPOST(
'roworder',
'alpha', 2));
546 $wemustcheckpermissionfordeletedraft = ((
GETPOST(
"action",
"aZ09") ==
'confirm_delete' &&
GETPOST(
"confirm",
"aZ09") ==
'yes') ||
GETPOST(
"action",
"aZ09") ==
'delete');
548 if ($wemustcheckpermissionforcreate || $wemustcheckpermissionfordeletedraft) {
549 foreach ($featuresarray as $feature) {
550 if ($feature ==
'contact') {
551 if (empty($user->rights->societe->contact->creer)) {
555 } elseif ($feature ==
'produit|service') {
556 if (empty($user->rights->produit->creer) && empty($user->rights->service->creer)) {
560 } elseif ($feature ==
'prelevement') {
561 if (!$user->rights->prelevement->bons->creer) {
565 } elseif ($feature ==
'commande_fournisseur') {
566 if (empty($user->rights->fournisseur->commande->creer) || empty($user->rights->supplier_order->creer)) {
570 } elseif ($feature ==
'banque') {
571 if (empty($user->rights->banque->modifier)) {
575 } elseif ($feature ==
'cheque') {
576 if (empty($user->rights->banque->cheque)) {
580 } elseif ($feature ==
'import') {
581 if (empty($user->rights->import->run)) {
585 } elseif ($feature ==
'ecm') {
586 if (!$user->rights->ecm->upload) {
590 } elseif (!empty($feature2)) {
591 foreach ($feature2 as $subfeature) {
592 if ($subfeature ==
'user' && $user->id == $objectid && $user->rights->user->self->creer) {
595 if ($subfeature ==
'user' && $user->id == $objectid && $user->rights->user->self->password) {
598 if ($subfeature ==
'user' && $user->id != $objectid && $user->rights->user->user->password) {
602 if (empty($user->rights->$feature->$subfeature->creer)
603 && empty($user->rights->$feature->$subfeature->write)
604 && empty($user->rights->$feature->$subfeature->create)) {
613 } elseif (!empty($feature)) {
615 if (empty($user->rights->$feature->creer)
616 && empty($user->rights->$feature->write)
617 && empty($user->rights->$feature->create)) {
625 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
629 if ($wemustcheckpermissionforcreate && !$createok) {
641 if (
GETPOST(
'action',
'aZ09') ==
'confirm_create_user' &&
GETPOST(
"confirm",
'aZ09') ==
'yes') {
642 if (!$user->rights->user->user->creer) {
646 if (!$createuserok) {
659 if ((
GETPOST(
"action",
"aZ09") ==
'confirm_delete' &&
GETPOST(
"confirm",
"aZ09") ==
'yes') ||
GETPOST(
"action",
"aZ09") ==
'delete') {
660 foreach ($featuresarray as $feature) {
661 if ($feature ==
'bookmark') {
662 if (!$user->rights->bookmark->supprimer) {
663 if ($user->id != $object->fk_user || empty($user->rights->bookmark->creer)) {
667 } elseif ($feature ==
'contact') {
668 if (!$user->rights->societe->contact->supprimer) {
671 } elseif ($feature ==
'produit|service') {
672 if (!$user->rights->produit->supprimer && !$user->rights->service->supprimer) {
675 } elseif ($feature ==
'commande_fournisseur') {
676 if (!$user->rights->fournisseur->commande->supprimer) {
679 } elseif ($feature ==
'payment_supplier') {
680 if (!$user->rights->fournisseur->facture->creer) {
683 } elseif ($feature ==
'payment') {
684 if (!$user->rights->facture->paiement) {
687 } elseif ($feature ==
'payment_sc') {
688 if (!$user->rights->tax->charges->creer) {
691 } elseif ($feature ==
'banque') {
692 if (empty($user->rights->banque->modifier)) {
695 } elseif ($feature ==
'cheque') {
696 if (empty($user->rights->banque->cheque)) {
699 } elseif ($feature ==
'ecm') {
700 if (!$user->rights->ecm->upload) {
703 } elseif ($feature ==
'ftp') {
704 if (!$user->rights->ftp->write) {
707 } elseif ($feature ==
'salaries') {
708 if (!$user->rights->salaries->delete) {
711 } elseif ($feature ==
'adherent') {
712 if (empty($user->rights->adherent->supprimer)) {
715 } elseif ($feature ==
'paymentbybanktransfer') {
716 if (empty($user->rights->paymentbybanktransfer->create)) {
719 } elseif ($feature ==
'prelevement') {
720 if (empty($user->rights->prelevement->bons->creer)) {
723 } elseif (!empty($feature2)) {
724 foreach ($feature2 as $subfeature) {
725 if (empty($user->rights->$feature->$subfeature->supprimer) && empty($user->rights->$feature->$subfeature->delete)) {
732 } elseif (!empty($feature)) {
734 if (empty($user->rights->$feature->supprimer)
735 && empty($user->rights->$feature->delete)
736 && empty($user->rights->$feature->run)) {
743 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
747 if (!$deleteok && !($isdraft && $createok)) {
759 if (!empty($objectid) && $objectid > 0) {
760 $ok =
checkUserAccessToObject($user, $featuresarray, $object, $tableandshare, $feature2, $dbt_keyfield, $dbt_select, $parentfortableentity);
761 $params = array(
'objectid' => $objectid,
'features' => join(
',', $featuresarray),
'features2' => $feature2);
792 function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tableandshare =
'', $feature2 =
'', $dbt_keyfield =
'', $dbt_select =
'rowid', $parenttableforentity =
'')
796 if (is_object($object)) {
797 $objectid = $object->id;
801 $objectid = preg_replace(
'/[^0-9\.\,]/',
'', $objectid);
808 $params = explode(
'&', $tableandshare);
809 $dbtablename = (!empty($params[0]) ? $params[0] :
'');
810 $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename);
811 foreach ($featuresarray as $feature) {
817 if ($feature ==
'member') {
818 $feature =
'adherent';
820 if ($feature ==
'project') {
823 if ($feature ==
'task') {
824 $feature =
'projet_task';
826 if ($feature ==
'payment_sc') {
827 $feature =
'paiementcharge';
829 $checkonentitydone = 0;
832 $check = array(
'adherent',
'banque',
'bom',
'don',
'mrp',
'user',
'usergroup',
'payment',
'payment_supplier',
'product',
'produit',
'service',
'produit|service',
'categorie',
'resource',
'expensereport',
'holiday',
'salaries',
'website',
'recruitment',
'chargesociales',
'paiementcharge');
833 $checksoc = array(
'societe');
834 $checkother = array(
'contact',
'agenda',
'contrat');
835 $checkproject = array(
'projet',
'project');
836 $checktask = array(
'projet_task');
837 $checkhierarchy = array(
'expensereport',
'holiday');
838 $checkuser = array(
'bookmark');
839 $nocheck = array(
'barcode',
'stock');
844 if (empty($dbtablename)) {
845 $dbtablename = $feature;
846 $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename);
850 if ($dbt_select !=
'rowid' && $dbt_select !=
'id') {
851 $objectid =
"'".$objectid.
"'";
854 if (in_array($feature, $check) && $objectid > 0) {
855 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
856 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
857 if (($feature ==
'user' || $feature ==
'usergroup') &&
isModEnabled(
'multicompany')) {
858 if (!empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) {
859 if ($conf->entity == 1 && $user->admin && !$user->entity) {
860 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
861 $sql .=
" AND dbt.entity IS NOT NULL";
863 $sql .=
",".MAIN_DB_PREFIX.
"usergroup_user as ug";
864 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
865 $sql .=
" AND ((ug.fk_user = dbt.rowid";
866 $sql .=
" AND ug.entity IN (".getEntity(
'usergroup').
"))";
867 $sql .=
" OR dbt.entity = 0)";
870 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
871 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
875 if ($parenttableforentity && preg_match(
'/(.*)@(.*)/', $parenttableforentity, $reg)) {
876 $sql .=
", ".MAIN_DB_PREFIX.$reg[2].
" as dbtp";
877 $sql .=
" WHERE dbt.".$reg[1].
" = dbtp.rowid AND dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
878 $sql .=
" AND dbtp.entity IN (".getEntity($sharedelement, 1).
")";
880 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
881 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
884 $checkonentitydone = 1;
886 if (in_array($feature, $checksoc) && $objectid > 0) {
888 if ($user->socid > 0) {
889 if ($user->socid != $objectid) {
892 } elseif (
isModEnabled(
"societe") && ($user->hasRight(
'societe',
'lire') && empty($user->rights->societe->client->voir))) {
894 $sql =
"SELECT COUNT(sc.fk_soc) as nb";
895 $sql .=
" FROM (".MAIN_DB_PREFIX.
"societe_commerciaux as sc";
896 $sql .=
", ".MAIN_DB_PREFIX.
"societe as s)";
897 $sql .=
" WHERE sc.fk_soc IN (".$db->sanitize($objectid, 1).
")";
898 $sql .=
" AND sc.fk_user = ".((int) $user->id);
899 $sql .=
" AND sc.fk_soc = s.rowid";
900 $sql .=
" AND s.entity IN (".getEntity($sharedelement, 1).
")";
903 $sql =
"SELECT COUNT(s.rowid) as nb";
904 $sql .=
" FROM ".MAIN_DB_PREFIX.
"societe as s";
905 $sql .=
" WHERE s.rowid IN (".$db->sanitize($objectid, 1).
")";
906 $sql .=
" AND s.entity IN (".getEntity($sharedelement, 1).
")";
909 $checkonentitydone = 1;
911 if (in_array($feature, $checkother) && $objectid > 0) {
913 if ($user->socid > 0) {
914 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
915 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
916 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
917 $sql .=
" AND dbt.fk_soc = ".((int) $user->socid);
918 } elseif (
isModEnabled(
"societe") && ($user->hasRight(
'societe',
'lire') && empty($user->rights->societe->client->voir))) {
920 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
921 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
922 $sql .=
" LEFT JOIN ".MAIN_DB_PREFIX.
"societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
923 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
924 $sql .=
" AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)";
925 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
928 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
929 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
930 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
931 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
934 $checkonentitydone = 1;
936 if (in_array($feature, $checkproject) && $objectid > 0) {
937 if (
isModEnabled(
'project') && empty($user->rights->projet->all->lire)) {
938 $projectid = $objectid;
940 include_once DOL_DOCUMENT_ROOT.
'/projet/class/project.class.php';
941 $projectstatic =
new Project($db);
942 $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
944 $tmparray = explode(
',', $tmps);
945 if (!in_array($projectid, $tmparray)) {
949 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
950 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
951 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
952 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
955 $checkonentitydone = 1;
957 if (in_array($feature, $checktask) && $objectid > 0) {
958 if (
isModEnabled(
'project') && empty($user->rights->projet->all->lire)) {
959 $task =
new Task($db);
960 $task->fetch($objectid);
961 $projectid = $task->fk_project;
963 include_once DOL_DOCUMENT_ROOT.
'/projet/class/project.class.php';
964 $projectstatic =
new Project($db);
965 $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
967 $tmparray = explode(
',', $tmps);
968 if (!in_array($projectid, $tmparray)) {
972 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
973 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
974 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
975 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
978 $checkonentitydone = 1;
980 if (!$checkonentitydone && !in_array($feature, $nocheck) && $objectid > 0) {
982 if ($user->socid > 0) {
983 if (empty($dbt_keyfield)) {
986 $sql =
"SELECT COUNT(dbt.".$dbt_keyfield.
") as nb";
987 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
988 $sql .=
" WHERE dbt.rowid IN (".$db->sanitize($objectid, 1).
")";
989 $sql .=
" AND dbt.".$dbt_keyfield.
" = ".((int) $user->socid);
990 } elseif (
isModEnabled(
"societe") && empty($user->rights->societe->client->voir)) {
992 if ($feature !=
'ticket') {
993 if (empty($dbt_keyfield)) {
996 $sql =
"SELECT COUNT(sc.fk_soc) as nb";
997 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
998 $sql .=
", ".MAIN_DB_PREFIX.
"societe_commerciaux as sc";
999 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1000 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1001 $sql .=
" AND sc.fk_soc = dbt.".$dbt_keyfield;
1002 $sql .=
" AND sc.fk_user = ".((int) $user->id);
1005 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1006 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1007 $sql .=
" LEFT JOIN ".MAIN_DB_PREFIX.
"societe_commerciaux as sc ON sc.fk_soc = dbt.".$dbt_keyfield.
" AND sc.fk_user = ".((int) $user->id);
1008 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1009 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1010 $sql .=
" AND (sc.fk_user = ".((int) $user->id).
" OR sc.fk_user IS NULL)";
1014 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1015 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1016 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1017 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1023 if ($feature ===
'agenda' && $objectid > 0) {
1025 if ($objectid > 0 && empty($user->rights->agenda->allactions->read)) {
1026 require_once DOL_DOCUMENT_ROOT.
'/comm/action/class/actioncomm.class.php';
1028 $action->fetch($objectid);
1029 if ($action->authorid != $user->id && $action->userownerid != $user->id && !(array_key_exists($user->id, $action->userassigned))) {
1037 if (in_array($feature, $checkhierarchy) && is_object($object) && $objectid > 0) {
1038 $childids = $user->getAllChildIds(1);
1040 if ($feature ==
'holiday') {
1041 $useridtocheck = $object->fk_user;
1042 if (!in_array($useridtocheck, $childids)) {
1045 $useridtocheck = $object->fk_validator;
1046 if (!in_array($useridtocheck, $childids)) {
1050 if ($feature ==
'expensereport') {
1051 $useridtocheck = $object->fk_user_author;
1052 if (!$user->rights->expensereport->readall) {
1053 if (!in_array($useridtocheck, $childids)) {
1062 if (in_array($feature, $checkuser) && is_object($object) && $objectid > 0) {
1063 $useridtocheck = $object->fk_user;
1064 if (!empty($useridtocheck) && $useridtocheck > 0 && $useridtocheck != $user->id && empty($user->admin)) {
1070 $resql = $db->query($sql);
1072 $obj = $db->fetch_object(
$resql);
1073 if (!$obj || $obj->nb < count(explode(
',', $objectid))) {
1077 dol_syslog(
"Bad forged sql in checkUserAccessToObject", LOG_WARNING);
1101 http_response_code($http_response_code);
1103 if ($stringalreadysanitized) {
1106 print htmlentities($message);
1125 function accessforbidden($message =
'', $printheader = 1, $printfooter = 1, $showonlymessage = 0, $params =
null)
1127 global $conf, $db, $user, $langs, $hookmanager;
1129 if (!is_object($langs)) {
1130 include_once DOL_DOCUMENT_ROOT.
'/core/class/translate.class.php';
1132 $langs->setDefaultLang();
1135 $langs->load(
"errors");
1138 if (function_exists(
"llxHeader")) {
1140 } elseif (function_exists(
"llxHeaderVierge")) {
1144 print
'<div class="error">';
1145 if (empty($message)) {
1146 print $langs->trans(
"ErrorForbidden");
1148 print $langs->trans($message);
1152 if (empty($showonlymessage)) {
1153 global $action, $object;
1154 if (empty($hookmanager)) {
1157 $hookmanager->initHooks(array(
'main'));
1159 $parameters = array(
'message'=>$message,
'params'=>$params);
1160 $reshook = $hookmanager->executeHooks(
'getAccessForbiddenMessage', $parameters, $object, $action);
1161 print $hookmanager->resPrint;
1162 if (empty($reshook)) {
1163 $langs->loadLangs(array(
"errors"));
1165 print $langs->trans(
"CurrentLogin").
': <span class="error">'.$user->login.
'</span><br>';
1166 print $langs->trans(
"ErrorForbidden2", $langs->transnoentitiesnoconv(
"Home"), $langs->transnoentitiesnoconv(
"Users"));
1167 print $langs->trans(
"ErrorForbidden4");
1169 print $langs->trans(
"ErrorForbidden3");
1173 if ($printfooter && function_exists(
"llxFooter")) {
1191 $max = $conf->global->MAIN_UPLOAD_DOC;
1192 $maxphp = @ini_get(
'upload_max_filesize');
1193 if (preg_match(
'/k$/i', $maxphp)) {
1194 $maxphp = preg_replace(
'/k$/i',
'', $maxphp);
1195 $maxphp = $maxphp * 1;
1197 if (preg_match(
'/m$/i', $maxphp)) {
1198 $maxphp = preg_replace(
'/m$/i',
'', $maxphp);
1199 $maxphp = $maxphp * 1024;
1201 if (preg_match(
'/g$/i', $maxphp)) {
1202 $maxphp = preg_replace(
'/g$/i',
'', $maxphp);
1203 $maxphp = $maxphp * 1024 * 1024;
1205 if (preg_match(
'/t$/i', $maxphp)) {
1206 $maxphp = preg_replace(
'/t$/i',
'', $maxphp);
1207 $maxphp = $maxphp * 1024 * 1024 * 1024;
1209 $maxphp2 = @ini_get(
'post_max_size');
1210 if (preg_match(
'/k$/i', $maxphp2)) {
1211 $maxphp2 = preg_replace(
'/k$/i',
'', $maxphp2);
1212 $maxphp2 = $maxphp2 * 1;
1214 if (preg_match(
'/m$/i', $maxphp2)) {
1215 $maxphp2 = preg_replace(
'/m$/i',
'', $maxphp2);
1216 $maxphp2 = $maxphp2 * 1024;
1218 if (preg_match(
'/g$/i', $maxphp2)) {
1219 $maxphp2 = preg_replace(
'/g$/i',
'', $maxphp2);
1220 $maxphp2 = $maxphp2 * 1024 * 1024;
1222 if (preg_match(
'/t$/i', $maxphp2)) {
1223 $maxphp2 = preg_replace(
'/t$/i',
'', $maxphp2);
1224 $maxphp2 = $maxphp2 * 1024 * 1024 * 1024;
1228 $maxphptoshow = $maxphptoshowparam =
'';
1230 $maxmin = min($maxmin, $maxphp);
1231 $maxphptoshow = $maxphp;
1232 $maxphptoshowparam =
'upload_max_filesize';
1235 $maxmin = min($maxmin, $maxphp2);
1236 if ($maxphp2 < $maxphp) {
1237 $maxphptoshow = $maxphp2;
1238 $maxphptoshowparam =
'post_max_size';
1244 return array(
'max'=>$max,
'maxmin'=>$maxmin,
'maxphptoshow'=>$maxphptoshow,
'maxphptoshowparam'=>$maxphptoshowparam);
if(!defined('NOTOKENRENEWAL')) if(!defined('NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined('NOREQUIREAJAX')) if(!defined('NOLOGIN')) if(!defined('NOCSRFCHECK')) if(!defined('NOIPCHECK')) llxHeaderVierge()
Header function.
if(!defined('NOREQUIRESOC')) if(!defined('NOREQUIRETRAN')) if(!defined('NOTOKENRENEWAL')) if(!defined('NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined('NOREQUIREAJAX')) llxHeader()
Empty header.
Class to manage agenda events (actions)
Class to manage projects.
Class to manage translations.
Class to manage Dolibarr users.
if(isModEnabled('facture') &&!empty($user->rights->facture->lire)) if((isModEnabled('fournisseur') &&empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD) && $user->hasRight("fournisseur", "facture", "lire"))||(isModEnabled('supplier_invoice') && $user->hasRight("supplier_invoice", "lire"))) if(isModEnabled('don') &&!empty($user->rights->don->lire)) if(isModEnabled('tax') &&!empty($user->rights->tax->charges->lire)) if(isModEnabled('facture') &&isModEnabled('commande') && $user->hasRight("commande", "lire") &&empty($conf->global->WORKFLOW_DISABLE_CREATE_INVOICE_FROM_ORDER)) $resql
Social contributions to pay.
dol_print_error($db='', $error='', $errors=null)
Displays error message system with all the information to facilitate the diagnosis and the escalation...
dol_strlen($string, $stringencoding='UTF-8')
Make a strlen call.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
dol_substr($string, $start, $length, $stringencoding='', $trunconbytes=0)
Make a substring.
if(!function_exists('utf8_encode')) if(!function_exists('utf8_decode')) getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
isModEnabled($module)
Is Dolibarr module enabled.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
if(!defined('NOREQUIREMENU')) if(!function_exists("llxHeader")) top_httphead($contenttype='text/html', $forcenocache=0)
Show HTTP header.
dolEncrypt($chain, $key='', $ciphering='AES-256-CTR', $forceseed='')
Encode a string with a symetric encryption.
dolGetRandomBytes($length)
Return a string of random bytes (hexa string) with length = $length fro cryptographic purposes.
dol_encode($chain, $key='1')
Encode a string with base 64 algorithm + specific delta change.
checkUserAccessToObject($user, array $featuresarray, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='', $dbt_select='rowid', $parenttableforentity='')
Check that access by a given user to an object is ok.
dol_verifyHash($chain, $hash, $type='0')
Compute a hash and compare it to the given one For backward compatibility reasons,...
getMaxFileSizeArray()
Return the max allowed for file upload.
restrictedArea(User $user, $features, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid', $isdraft=0, $mode=0)
Check permissions of a user to show a page and an object.
dol_decode($chain, $key='1')
Decode a base 64 encoded + specific delta change.
dolGetLdapPasswordHash($password, $type='md5')
Returns a specific ldap hash of a password.
httponly_accessforbidden($message=1, $http_response_code=403, $stringalreadysanitized=0)
Show a message to say access is forbidden and stop program.
dolDecrypt($chain, $key='')
Decode a string with a symetric encryption.
dol_hash($chain, $type='0')
Returns a hash (non reversible encryption) of a string.
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.