dolibarr 18.0.6
server_other.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2006-2016 Laurent Destailleur <eldy@users.sourceforge.net>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 3 of the License, or
7 * (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <https://www.gnu.org/licenses/>.
16 */
17
23if (!defined('NOCSRFCHECK')) {
24 define('NOCSRFCHECK', '1'); // Do not check anti CSRF attack test
25}
26if (!defined('NOTOKENRENEWAL')) {
27 define('NOTOKENRENEWAL', '1'); // Do not check anti POST attack test
28}
29if (!defined('NOREQUIREMENU')) {
30 define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu
31}
32if (!defined('NOREQUIREHTML')) {
33 define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
34}
35if (!defined('NOREQUIREAJAX')) {
36 define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library
37}
38if (!defined("NOLOGIN")) {
39 define("NOLOGIN", '1'); // If this page is public (can be called outside logged session)
40}
41if (!defined("NOSESSION")) {
42 define("NOSESSION", '1');
43}
44
45require '../main.inc.php';
46require_once NUSOAP_PATH.'/nusoap.php'; // Include SOAP
47require_once DOL_DOCUMENT_ROOT.'/core/lib/ws.lib.php';
48require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
49require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
50require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
51
52
53dol_syslog("Call Dolibarr webservices interfaces");
54
55$langs->load("main");
56
57// Enable and test if module web services is enabled
58if (empty($conf->global->MAIN_MODULE_WEBSERVICES)) {
59 $langs->load("admin");
60 dol_syslog("Call Dolibarr webservices interfaces with module webservices disabled");
61 print $langs->trans("WarningModuleNotActive", 'WebServices').'.<br><br>';
62 print $langs->trans("ToActivateModule");
63 exit;
64}
65
66// Create the soap Object
67$server = new nusoap_server();
68$server->soap_defencoding = 'UTF-8';
69$server->decode_utf8 = false;
70$ns = 'http://www.dolibarr.org/ns/';
71$server->configureWSDL('WebServicesDolibarrOther', $ns);
72$server->wsdl->schemaTargetNamespace = $ns;
73
74
75// Define WSDL Authentication object
76$server->wsdl->addComplexType(
77 'authentication',
78 'complexType',
79 'struct',
80 'all',
81 '',
82 array(
83 'dolibarrkey' => array('name'=>'dolibarrkey', 'type'=>'xsd:string'),
84 'sourceapplication' => array('name'=>'sourceapplication', 'type'=>'xsd:string'),
85 'login' => array('name'=>'login', 'type'=>'xsd:string'),
86 'password' => array('name'=>'password', 'type'=>'xsd:string'),
87 'entity' => array('name'=>'entity', 'type'=>'xsd:string'),
88 )
89);
90// Define WSDL Return object
91$server->wsdl->addComplexType(
92 'result',
93 'complexType',
94 'struct',
95 'all',
96 '',
97 array(
98 'result_code' => array('name'=>'result_code', 'type'=>'xsd:string'),
99 'result_label' => array('name'=>'result_label', 'type'=>'xsd:string'),
100 )
101);
102
103// Define WSDL Return object for document
104$server->wsdl->addComplexType(
105 'document',
106 'complexType',
107 'struct',
108 'all',
109 '',
110 array(
111 'filename' => array('name'=>'filename', 'type'=>'xsd:string'),
112 'mimetype' => array('name'=>'mimetype', 'type'=>'xsd:string'),
113 'content' => array('name'=>'content', 'type'=>'xsd:string'),
114 'length' => array('name'=>'length', 'type'=>'xsd:string')
115 )
116);
117
118// Define other specific objects
119// None
120
121
122// 5 styles: RPC/encoded, RPC/literal, Document/encoded (not WS-I compliant), Document/literal, Document/literal wrapped
123// Style merely dictates how to translate a WSDL binding to a SOAP message. Nothing more. You can use either style with any programming model.
124// http://www.ibm.com/developerworks/webservices/library/ws-whichwsdl/
125$styledoc = 'rpc'; // rpc/document (document is an extend into SOAP 1.0 to support unstructured messages)
126$styleuse = 'encoded'; // encoded/literal/literal wrapped
127// Better choice is document/literal wrapped but literal wrapped not supported by nusoap.
128
129// Register WSDL
130$server->register(
131 'getVersions',
132 // Entry values
133 array('authentication'=>'tns:authentication'),
134 // Exit values
135 array('result'=>'tns:result', 'dolibarr'=>'xsd:string', 'os'=>'xsd:string', 'php'=>'xsd:string', 'webserver'=>'xsd:string'),
136 $ns,
137 $ns.'#getVersions',
138 $styledoc,
139 $styleuse,
140 'WS to get Versions'
141);
142
143// Register WSDL
144$server->register(
145 'getDocument',
146 // Entry values
147 array('authentication'=>'tns:authentication', 'modulepart'=>'xsd:string', 'file'=>'xsd:string'),
148 // Exit values
149 array('result'=>'tns:result', 'document'=>'tns:document'),
150 $ns,
151 $ns.'#getDocument',
152 $styledoc,
153 $styleuse,
154 'WS to get document'
155);
156
157
158
165function getVersions($authentication)
166{
167 global $conf;
168
169 dol_syslog("Function: getVersions login=".$authentication['login']);
170
171 if ($authentication['entity']) {
172 $conf->entity = $authentication['entity'];
173 }
174
175 // Init and check authentication
176 $objectresp = array();
177 $errorcode = ''; $errorlabel = '';
178 $error = 0;
179 $fuser = check_authentication($authentication, $error, $errorcode, $errorlabel);
180 // Check parameters
181
182
183 if (!$error) {
184 $objectresp['result'] = array('result_code'=>'OK', 'result_label'=>'');
185 $objectresp['dolibarr'] = version_dolibarr();
186 $objectresp['os'] = version_os();
187 $objectresp['php'] = version_php();
188 $objectresp['webserver'] = version_webserver();
189 }
190
191 if ($error) {
192 $objectresp = array('result'=>array('result_code' => $errorcode, 'result_label' => $errorlabel));
193 }
194
195 return $objectresp;
196}
197
198
208function getDocument($authentication, $modulepart, $file, $refname = '')
209{
210 global $db, $conf;
211
212 dol_syslog("Function: getDocument login=".$authentication['login'].' - modulepart='.$modulepart.' - file='.$file);
213
214 if ($authentication['entity']) {
215 $conf->entity = $authentication['entity'];
216 }
217
218 $objectresp = array();
219 $errorcode = ''; $errorlabel = '';
220 $error = 0;
221
222 // Properties of doc
223 $original_file = $file;
224 $type = dol_mimetype($original_file);
225 //$relativefilepath = $ref . "/";
226 //$relativepath = $relativefilepath . $ref.'.pdf';
227
228 $accessallowed = 0;
229
230 $fuser = check_authentication($authentication, $error, $errorcode, $errorlabel);
231
232 if ($fuser->socid) {
233 $socid = $fuser->socid;
234 }
235
236 // Check parameters
237 if (!$error && (!$file || !$modulepart)) {
238 $error++;
239 $errorcode = 'BAD_PARAMETERS'; $errorlabel = "Parameter file and modulepart must be both provided.";
240 }
241
242 if (!$error) {
243 $fuser->getrights();
244
245 // Suppression de la chaine de caractere ../ dans $original_file
246 $original_file = str_replace("../", "/", $original_file);
247
248 // find the subdirectory name as the reference
249 if (empty($refname)) {
250 $refname = basename(dirname($original_file)."/");
251 }
252
253 // Security check
254 $check_access = dol_check_secure_access_document($modulepart, $original_file, $conf->entity, $fuser, $refname);
255 $accessallowed = $check_access['accessallowed'];
256 $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
257 $original_file = $check_access['original_file'];
258
259 // Basic protection (against external users only)
260 if ($fuser->socid > 0) {
261 if ($sqlprotectagainstexternals) {
262 $resql = $db->query($sqlprotectagainstexternals);
263 if ($resql) {
264 $num = $db->num_rows($resql);
265 $i = 0;
266 while ($i < $num) {
267 $obj = $db->fetch_object($resql);
268 if ($fuser->socid != $obj->fk_soc) {
269 $accessallowed = 0;
270 break;
271 }
272 $i++;
273 }
274 }
275 }
276 }
277
278 // Security:
279 // Limite acces si droits non corrects
280 if (!$accessallowed) {
281 $errorcode = 'NOT_PERMITTED';
282 $errorlabel = 'Access not allowed';
283 $error++;
284 }
285
286 // Security:
287 // On interdit les remontees de repertoire ainsi que les pipe dans
288 // les noms de fichiers.
289 if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) {
290 dol_syslog("Refused to deliver file ".$original_file);
291 $errorcode = 'REFUSED';
292 $errorlabel = '';
293 $error++;
294 }
295
296 clearstatcache();
297
298 if (!$error) {
299 if (file_exists($original_file)) {
300 dol_syslog("Function: getDocument $original_file content-type=$type");
301
302 $f = fopen($original_file, 'r');
303 $content_file = fread($f, filesize($original_file));
304
305 $objectret = array(
306 'filename' => basename($original_file),
307 'mimetype' => dol_mimetype($original_file),
308 'content' => base64_encode($content_file),
309 'length' => filesize($original_file)
310 );
311
312 // Create return object
313 $objectresp = array(
314 'result'=>array('result_code'=>'OK', 'result_label'=>''),
315 'document'=>$objectret
316 );
317 } else {
318 dol_syslog("File doesn't exist ".$original_file);
319 $errorcode = 'NOT_FOUND';
320 $errorlabel = '';
321 $error++;
322 }
323 }
324 }
325
326 if ($error) {
327 $objectresp = array(
328 'result'=>array('result_code' => $errorcode, 'result_label' => $errorlabel)
329 );
330 }
331
332 return $objectresp;
333}
334
335// Return the results.
336$server->service(file_get_contents("php://input"));
dol_check_secure_access_document
dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser='', $refname='', $mode='read')
Security check when accessing to a document (used by document.php, viewimage.php and webservices to g...
Definition files.lib.php:2565
version_webserver
version_webserver()
Return web server version.
Definition functions2.lib.php:1912
version_dolibarr
version_dolibarr()
Return Dolibarr version.
Definition functions2.lib.php:1902
version_php
version_php()
Return PHP version.
Definition functions2.lib.php:1891
version_os
version_os($option='')
Return OS version.
Definition functions2.lib.php:1875
dol_mimetype
dol_mimetype($file, $default='application/octet-stream', $mode=0)
Return MIME type of a file from its name with extension.
Definition functions.lib.php:10435
dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition functions.lib.php:1788
getDocument
getDocument($authentication, $modulepart, $file, $refname='')
Method to get a document by webservice.
Definition server_other.php:208
getVersions
getVersions($authentication)
Full methods code.
Definition server_other.php:165
check_authentication
check_authentication($authentication, &$error, &$errorcode, &$errorlabel)
Check authentication array and set error, errorcode, errorlabel.
Definition ws.lib.php:35
Generated on Mon Sep 2 2024 01:00:32 for dolibarr by Doxygen 1.11.0