40 if (is_numeric($key) && $key ==
'1') {
41 $output_tab = array();
43 for ($i = 0; $i < $strlength; $i++) {
44 $output_tab[$i] = chr(ord(substr($chain, $i, 1)) + 17);
46 $chain = implode(
"", $output_tab);
50 for ($i = 0; $i < $strlength; $i++) {
51 $keychar = substr($key, ($i % strlen($key)) - 1, 1);
52 $result .= chr(ord(substr($chain, $i, 1)) + (ord($keychar) - 65));
57 return base64_encode($chain);
71 $chain = base64_decode($chain);
73 if (is_numeric($key) && $key ==
'1') {
74 $output_tab = array();
76 for ($i = 0; $i < $strlength; $i++) {
77 $output_tab[$i] = chr(ord(substr($chain, $i, 1)) - 17);
80 $chain = implode(
"", $output_tab);
84 for ($i = 0; $i < $strlength; $i++) {
85 $keychar = substr($key, ($i % strlen($key)) - 1, 1);
86 $result .= chr(ord(substr($chain, $i, 1)) - (ord($keychar) - 65));
102 if (function_exists(
'random_bytes')) {
103 return bin2hex(random_bytes((
int) floor($length / 2)));
106 return bin2hex(openssl_random_pseudo_bytes((
int) floor($length / 2)));
122 function dolEncrypt($chain, $key =
'', $ciphering =
'AES-256-CTR', $forceseed =
'')
125 global $dolibarr_disable_dolcrypt_for_debug;
127 if ($chain ===
'' || is_null($chain)) {
132 if (preg_match(
'/^dolcrypt:([^:]+):(.+)$/', $chain, $reg)) {
138 $key = $conf->file->instance_unique_id;
140 if (empty($ciphering)) {
141 $ciphering =
'AES-256-CTR';
146 if (function_exists(
'openssl_encrypt') && empty($dolibarr_disable_dolcrypt_for_debug)) {
148 if (function_exists(
'openssl_cipher_iv_length')) {
149 $ivlen = openssl_cipher_iv_length($ciphering);
151 if ($ivlen ===
false || $ivlen < 1 || $ivlen > 32) {
154 if (empty($forceseed)) {
157 $ivseed =
dol_substr(md5($forceseed), 0, $ivlen,
'ascii', 1);
160 $newchain = openssl_encrypt($chain, $ciphering, $key, 0, $ivseed);
161 return 'dolcrypt:'.$ciphering.
':'.$ivseed.
':'.$newchain;
181 if ($chain ===
'' || is_null($chain)) {
186 $key = $conf->file->instance_unique_id;
190 if (preg_match(
'/^dolcrypt:([^:]+):(.+)$/', $chain, $reg)) {
191 $ciphering = $reg[1];
192 if (function_exists(
'openssl_decrypt')) {
194 return 'Error dolDecrypt decrypt key is empty';
196 $tmpexplode = explode(
':', $reg[2]);
197 if (!empty($tmpexplode[1]) && is_string($tmpexplode[0])) {
198 $newchain = openssl_decrypt($tmpexplode[1], $ciphering, $key, 0, $tmpexplode[0]);
200 $newchain = openssl_decrypt($tmpexplode[0], $ciphering, $key, 0,
null);
203 $newchain =
'Error dolDecrypt function openssl_decrypt() not available';
226 if (($type ==
'0' || $type ==
'auto') && !empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'password_hash' && function_exists(
'password_hash')) {
227 return password_hash($chain, PASSWORD_DEFAULT);
231 if (!empty($conf->global->MAIN_SECURITY_SALT) && $type !=
'4' && $type !==
'openldap') {
232 $chain = $conf->global->MAIN_SECURITY_SALT.$chain;
235 if ($type ==
'1' || $type ==
'sha1') {
237 } elseif ($type ==
'2' || $type ==
'sha1md5') {
238 return sha1(md5($chain));
239 } elseif ($type ==
'3' || $type ==
'md5') {
241 } elseif ($type ==
'4' || $type ==
'openldap') {
243 } elseif ($type ==
'5' || $type ==
'sha256') {
244 return hash(
'sha256', $chain);
245 } elseif ($type ==
'6' || $type ==
'password_hash') {
246 return password_hash($chain, PASSWORD_DEFAULT);
247 } elseif (!empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'sha1') {
249 } elseif (!empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'sha1md5') {
250 return sha1(md5($chain));
273 if ($type ==
'0' && !empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'password_hash' && function_exists(
'password_verify')) {
274 if (! empty($hash[0]) && $hash[0] ==
'$') {
275 return password_verify($chain, $hash);
285 return dol_hash($chain, $type) == $hash;
301 $salt = substr(sha1(time()), 0, 8);
303 if ($type ===
'md5') {
304 return '{MD5}' . base64_encode(hash(
"md5", $password,
true));
305 } elseif ($type ===
'md5frommd5') {
306 return '{MD5}' . base64_encode(hex2bin($password));
307 } elseif ($type ===
'smd5') {
308 return "{SMD5}" . base64_encode(hash(
"md5", $password . $salt,
true) . $salt);
309 } elseif ($type ===
'sha') {
310 return '{SHA}' . base64_encode(hash(
"sha1", $password,
true));
311 } elseif ($type ===
'ssha') {
312 return "{SSHA}" . base64_encode(hash(
"sha1", $password . $salt,
true) . $salt);
313 } elseif ($type ===
'sha256') {
314 return "{SHA256}" . base64_encode(hash(
"sha256", $password,
true));
315 } elseif ($type ===
'ssha256') {
316 return "{SSHA256}" . base64_encode(hash(
"sha256", $password . $salt,
true) . $salt);
317 } elseif ($type ===
'sha384') {
318 return "{SHA384}" . base64_encode(hash(
"sha384", $password,
true));
319 } elseif ($type ===
'ssha384') {
320 return "{SSHA384}" . base64_encode(hash(
"sha384", $password . $salt,
true) . $salt);
321 } elseif ($type ===
'sha512') {
322 return "{SHA512}" . base64_encode(hash(
"sha512", $password,
true));
323 } elseif ($type ===
'ssha512') {
324 return "{SSHA512}" . base64_encode(hash(
"sha512", $password . $salt,
true) . $salt);
325 } elseif ($type ===
'crypt') {
326 return '{CRYPT}' . crypt($password, $salt);
327 } elseif ($type ===
'clear') {
328 return '{CLEAR}' . $password;
353 function restrictedArea(
User $user, $features, $object = 0, $tableandshare =
'', $feature2 =
'', $dbt_keyfield =
'fk_soc', $dbt_select =
'rowid', $isdraft = 0, $mode = 0)
359 if (is_object($object)) {
360 $objectid = $object->id;
364 if ($objectid ==
"-1") {
368 $objectid = preg_replace(
'/[^0-9\.\,]/',
'', $objectid);
377 $parentfortableentity =
'';
380 $originalfeatures = $features;
381 if ($features ==
'agenda') {
382 $tableandshare =
'actioncomm&societe';
383 $feature2 =
'myactions|allactions';
386 if ($features ==
'bank') {
387 $features =
'banque';
389 if ($features ==
'facturerec') {
390 $features =
'facture';
392 if ($features ==
'mo') {
395 if ($features ==
'member') {
396 $features =
'adherent';
398 if ($features ==
'subscription') {
399 $features =
'adherent';
400 $feature2 =
'cotisation';
402 if ($features ==
'website' && is_object($object) && $object->element ==
'websitepage') {
403 $parentfortableentity =
'fk_website@website';
405 if ($features ==
'project') {
406 $features =
'projet';
408 if ($features ==
'product') {
409 $features =
'produit';
411 if ($features ==
'productbatch') {
412 $features =
'produit';
414 if ($features ==
'tax') {
415 $feature2 =
'charges';
417 if ($features ==
'workstation') {
418 $feature2 =
'workstation';
420 if ($features ==
'fournisseur') {
421 $features =
'fournisseur';
422 if (is_object($object) && $object->element ==
'invoice_supplier') {
423 $feature2 =
'facture';
424 } elseif (is_object($object) && $object->element ==
'order_supplier') {
425 $feature2 =
'commande';
432 $parameters = array(
'features'=>$features,
'originalfeatures'=>$originalfeatures,
'objectid'=>$objectid,
'dbt_select'=>$dbt_select,
'idtype'=>$dbt_select,
'isdraft'=>$isdraft);
433 $reshook = $hookmanager->executeHooks(
'restrictedArea', $parameters);
435 if (isset($hookmanager->resArray[
'result'])) {
436 if ($hookmanager->resArray[
'result'] == 0) {
449 $featuresarray = array($features);
450 if (preg_match(
'/&/', $features)) {
451 $featuresarray = explode(
"&", $features);
452 } elseif (preg_match(
'/\|/', $features)) {
453 $featuresarray = explode(
"|", $features);
457 if (!empty($feature2)) {
458 $feature2 = explode(
"|", $feature2);
461 $listofmodules = explode(
',', $conf->global->MAIN_MODULES_FOR_EXTERNAL);
466 foreach ($featuresarray as $feature) {
467 $featureforlistofmodule = $feature;
468 if ($featureforlistofmodule ==
'produit') {
469 $featureforlistofmodule =
'product';
471 if ($featureforlistofmodule ==
'supplier_proposal') {
472 $featureforlistofmodule =
'supplierproposal';
474 if (!empty($user->socid) && !empty($conf->global->MAIN_MODULES_FOR_EXTERNAL) && !in_array($featureforlistofmodule, $listofmodules)) {
480 if ($feature ==
'societe' && (empty($feature2) || !in_array(
'contact', $feature2))) {
481 if (!$user->hasRight(
'societe',
'lire') && !$user->hasRight(
'fournisseur',
'lire')) {
485 } elseif (($feature ==
'societe' && (!empty($feature2) && in_array(
'contact', $feature2))) || $feature ==
'contact') {
486 if (empty($user->rights->societe->contact->lire)) {
490 } elseif ($feature ==
'produit|service') {
491 if (empty($user->rights->produit->lire) && empty($user->rights->service->lire)) {
495 } elseif ($feature ==
'prelevement') {
496 if (empty($user->rights->prelevement->bons->lire)) {
500 } elseif ($feature ==
'cheque') {
501 if (empty($user->rights->banque->cheque)) {
505 } elseif ($feature ==
'projet') {
506 if (empty($user->rights->projet->lire) && empty($user->rights->projet->all->lire)) {
510 } elseif ($feature ==
'payment') {
511 if (!$user->hasRight(
'facture',
'lire')) {
515 } elseif ($feature ==
'payment_supplier') {
516 if (empty($user->rights->fournisseur->facture->lire)) {
520 } elseif ($feature ==
'payment_sc') {
521 if (empty($user->rights->tax->charges->lire)) {
525 } elseif (!empty($feature2)) {
527 foreach ($feature2 as $subfeature) {
528 if ($subfeature ==
'user' && $user->id == $objectid) {
531 if ($subfeature ==
'fiscalyear' && $user->hasRight(
'accounting',
'fiscalyear',
'write')) {
536 if (!empty($subfeature) && empty($user->rights->$feature->$subfeature->lire) && empty($user->rights->$feature->$subfeature->read)) {
538 } elseif (empty($subfeature) && empty($user->rights->$feature->lire) && empty($user->rights->$feature->read)) {
549 } elseif (!empty($feature) && ($feature !=
'user' && $feature !=
'usergroup')) {
550 if (empty($user->rights->$feature->lire)
551 && empty($user->rights->$feature->read)
552 && empty($user->rights->$feature->run)) {
560 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
576 $wemustcheckpermissionforcreate = (
GETPOST(
'sendit',
'alpha') ||
GETPOST(
'linkit',
'alpha') || in_array(
GETPOST(
'action',
'aZ09'), array(
'create',
'update',
'set',
'upload',
'add_element_resource',
'confirm_deletebank',
'confirm_delete_linked_resource')) ||
GETPOST(
'roworder',
'alpha', 2));
577 $wemustcheckpermissionfordeletedraft = ((
GETPOST(
"action",
"aZ09") ==
'confirm_delete' &&
GETPOST(
"confirm",
"aZ09") ==
'yes') ||
GETPOST(
"action",
"aZ09") ==
'delete');
579 if ($wemustcheckpermissionforcreate || $wemustcheckpermissionfordeletedraft) {
580 foreach ($featuresarray as $feature) {
581 if ($feature ==
'contact') {
582 if (empty($user->rights->societe->contact->creer)) {
586 } elseif ($feature ==
'produit|service') {
587 if (empty($user->rights->produit->creer) && empty($user->rights->service->creer)) {
591 } elseif ($feature ==
'prelevement') {
592 if (!$user->rights->prelevement->bons->creer) {
596 } elseif ($feature ==
'commande_fournisseur') {
597 if (empty($user->rights->fournisseur->commande->creer) || empty($user->rights->supplier_order->creer)) {
601 } elseif ($feature ==
'banque') {
602 if (!$user->hasRight(
'banque',
'modifier')) {
606 } elseif ($feature ==
'cheque') {
607 if (empty($user->rights->banque->cheque)) {
611 } elseif ($feature ==
'import') {
612 if (empty($user->rights->import->run)) {
616 } elseif ($feature ==
'ecm') {
617 if (!$user->rights->ecm->upload) {
621 } elseif (!empty($feature2)) {
622 foreach ($feature2 as $subfeature) {
623 if ($subfeature ==
'user' && $user->id == $objectid && $user->hasRight(
'user',
'self',
'creer')) {
626 if ($subfeature ==
'user' && $user->id == $objectid && $user->hasRight(
'user',
'self',
'password')) {
629 if ($subfeature ==
'user' && $user->id != $objectid && $user->hasRight(
'user',
'user',
'password')) {
633 if (empty($user->rights->$feature->$subfeature->creer)
634 && empty($user->rights->$feature->$subfeature->write)
635 && empty($user->rights->$feature->$subfeature->create)) {
644 } elseif (!empty($feature)) {
646 if (empty($user->rights->$feature->creer)
647 && empty($user->rights->$feature->write)
648 && empty($user->rights->$feature->create)) {
656 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
660 if ($wemustcheckpermissionforcreate && !$createok) {
672 if (
GETPOST(
'action',
'aZ09') ==
'confirm_create_user' &&
GETPOST(
"confirm",
'aZ09') ==
'yes') {
673 if (!$user->hasRight(
'user',
'user',
'creer')) {
677 if (!$createuserok) {
690 if ((
GETPOST(
"action",
"aZ09") ==
'confirm_delete' &&
GETPOST(
"confirm",
"aZ09") ==
'yes') ||
GETPOST(
"action",
"aZ09") ==
'delete') {
691 foreach ($featuresarray as $feature) {
692 if ($feature ==
'bookmark') {
693 if (!$user->rights->bookmark->supprimer) {
694 if ($user->id != $object->fk_user || empty($user->rights->bookmark->creer)) {
698 } elseif ($feature ==
'contact') {
699 if (!$user->rights->societe->contact->supprimer) {
702 } elseif ($feature ==
'produit|service') {
703 if (!$user->hasRight(
'produit',
'supprimer') && !$user->hasRight(
'service',
'supprimer')) {
706 } elseif ($feature ==
'commande_fournisseur') {
707 if (!$user->rights->fournisseur->commande->supprimer) {
710 } elseif ($feature ==
'payment_supplier') {
711 if (!$user->rights->fournisseur->facture->creer) {
714 } elseif ($feature ==
'payment') {
715 if (!$user->rights->facture->paiement) {
718 } elseif ($feature ==
'payment_sc') {
719 if (!$user->rights->tax->charges->creer) {
722 } elseif ($feature ==
'banque') {
723 if (!$user->hasRight(
'banque',
'modifier')) {
726 } elseif ($feature ==
'cheque') {
727 if (empty($user->rights->banque->cheque)) {
730 } elseif ($feature ==
'ecm') {
731 if (!$user->rights->ecm->upload) {
734 } elseif ($feature ==
'ftp') {
735 if (!$user->rights->ftp->write) {
738 } elseif ($feature ==
'salaries') {
739 if (!$user->rights->salaries->delete) {
742 } elseif ($feature ==
'adherent') {
743 if (empty($user->rights->adherent->supprimer)) {
746 } elseif ($feature ==
'paymentbybanktransfer') {
747 if (empty($user->rights->paymentbybanktransfer->create)) {
750 } elseif ($feature ==
'prelevement') {
751 if (empty($user->rights->prelevement->bons->creer)) {
754 } elseif (!empty($feature2)) {
755 foreach ($feature2 as $subfeature) {
756 if (empty($user->rights->$feature->$subfeature->supprimer) && empty($user->rights->$feature->$subfeature->delete)) {
763 } elseif (!empty($feature)) {
765 if (empty($user->rights->$feature->supprimer)
766 && empty($user->rights->$feature->delete)
767 && empty($user->rights->$feature->run)) {
774 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
778 if (!$deleteok && !($isdraft && $createok)) {
790 if (!empty($objectid) && $objectid > 0) {
791 $ok =
checkUserAccessToObject($user, $featuresarray, $object, $tableandshare, $feature2, $dbt_keyfield, $dbt_select, $parentfortableentity);
792 $params = array(
'objectid' => $objectid,
'features' => join(
',', $featuresarray),
'features2' => $feature2);
823 function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tableandshare =
'', $feature2 =
'', $dbt_keyfield =
'', $dbt_select =
'rowid', $parenttableforentity =
'')
827 if (is_object($object)) {
828 $objectid = $object->id;
832 $objectid = preg_replace(
'/[^0-9\.\,]/',
'', $objectid);
839 $params = explode(
'&', $tableandshare);
840 $dbtablename = (!empty($params[0]) ? $params[0] :
'');
841 $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename);
843 foreach ($featuresarray as $feature) {
849 if ($feature ==
'societe' && !empty($feature2) && is_array($feature2) && in_array(
'contact', $feature2)) {
850 $feature =
'contact';
853 if ($feature ==
'member') {
854 $feature =
'adherent';
856 if ($feature ==
'project') {
859 if ($feature ==
'task') {
860 $feature =
'projet_task';
862 if ($feature ==
'eventorganization') {
864 $dbtablename =
'actioncomm';
866 if ($feature ==
'payment_sc') {
867 $feature =
"chargesociales";
868 $objectid = $object->fk_charge;
871 $checkonentitydone = 0;
874 $check = array(
'adherent',
'banque',
'bom',
'don',
'mrp',
'user',
'usergroup',
'payment',
'payment_supplier',
'product',
'produit',
'service',
'produit|service',
'categorie',
'resource',
'expensereport',
'holiday',
'salaries',
'website',
'recruitment',
'chargesociales');
875 $checksoc = array(
'societe');
876 $checkparentsoc = array(
'agenda',
'contact',
'contrat');
877 $checkproject = array(
'projet',
'project');
878 $checktask = array(
'projet_task');
879 $checkhierarchy = array(
'expensereport',
'holiday');
880 $checkuser = array(
'bookmark');
881 $nocheck = array(
'barcode',
'stock');
886 if (empty($dbtablename)) {
887 $dbtablename = $feature;
888 $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename);
892 if ($dbt_select !=
'rowid' && $dbt_select !=
'id') {
893 $objectid =
"'".$objectid.
"'";
897 if (in_array($feature, $check) && $objectid > 0) {
898 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
899 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
900 if (($feature ==
'user' || $feature ==
'usergroup') &&
isModEnabled(
'multicompany')) {
901 if (!empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) {
902 if ($conf->entity == 1 && $user->admin && !$user->entity) {
903 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
904 $sql .=
" AND dbt.entity IS NOT NULL";
906 $sql .=
",".MAIN_DB_PREFIX.
"usergroup_user as ug";
907 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
908 $sql .=
" AND ((ug.fk_user = dbt.rowid";
909 $sql .=
" AND ug.entity IN (".getEntity(
'usergroup').
"))";
910 $sql .=
" OR dbt.entity = 0)";
913 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
914 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
918 if ($parenttableforentity && preg_match(
'/(.*)@(.*)/', $parenttableforentity, $reg)) {
919 $sql .=
", ".MAIN_DB_PREFIX.$reg[2].
" as dbtp";
920 $sql .=
" WHERE dbt.".$reg[1].
" = dbtp.rowid AND dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
921 $sql .=
" AND dbtp.entity IN (".getEntity($sharedelement, 1).
")";
923 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
924 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
927 $checkonentitydone = 1;
929 if (in_array($feature, $checksoc) && $objectid > 0) {
931 if ($user->socid > 0) {
932 if ($user->socid != $objectid) {
935 } elseif (
isModEnabled(
"societe") && ($user->hasRight(
'societe',
'lire') && empty($user->rights->societe->client->voir))) {
937 $sql =
"SELECT COUNT(sc.fk_soc) as nb";
938 $sql .=
" FROM (".MAIN_DB_PREFIX.
"societe_commerciaux as sc";
939 $sql .=
", ".MAIN_DB_PREFIX.
"societe as s)";
940 $sql .=
" WHERE sc.fk_soc IN (".$db->sanitize($objectid, 1).
")";
941 $sql .=
" AND sc.fk_user = ".((int) $user->id);
942 $sql .=
" AND sc.fk_soc = s.rowid";
943 $sql .=
" AND s.entity IN (".getEntity($sharedelement, 1).
")";
946 $sql =
"SELECT COUNT(s.rowid) as nb";
947 $sql .=
" FROM ".MAIN_DB_PREFIX.
"societe as s";
948 $sql .=
" WHERE s.rowid IN (".$db->sanitize($objectid, 1).
")";
949 $sql .=
" AND s.entity IN (".getEntity($sharedelement, 1).
")";
952 $checkonentitydone = 1;
954 if (in_array($feature, $checkparentsoc) && $objectid > 0) {
956 if ($user->socid > 0) {
957 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
958 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
959 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
960 $sql .=
" AND dbt.fk_soc = ".((int) $user->socid);
961 } elseif (
isModEnabled(
"societe") && ($user->hasRight(
'societe',
'lire') && empty($user->rights->societe->client->voir))) {
963 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
964 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
965 $sql .=
" LEFT JOIN ".MAIN_DB_PREFIX.
"societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
966 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
967 $sql .=
" AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)";
968 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
971 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
972 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
973 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
974 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
977 $checkonentitydone = 1;
979 if (in_array($feature, $checkproject) && $objectid > 0) {
980 if (
isModEnabled(
'project') && empty($user->rights->projet->all->lire)) {
981 $projectid = $objectid;
983 include_once DOL_DOCUMENT_ROOT.
'/projet/class/project.class.php';
984 $projectstatic =
new Project($db);
985 $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
987 $tmparray = explode(
',', $tmps);
988 if (!in_array($projectid, $tmparray)) {
992 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
993 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
994 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
995 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
997 $checkonentitydone = 1;
999 if (in_array($feature, $checktask) && $objectid > 0) {
1000 if (
isModEnabled(
'project') && empty($user->rights->projet->all->lire)) {
1001 $task =
new Task($db);
1002 $task->fetch($objectid);
1003 $projectid = $task->fk_project;
1005 include_once DOL_DOCUMENT_ROOT.
'/projet/class/project.class.php';
1006 $projectstatic =
new Project($db);
1007 $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
1009 $tmparray = explode(
',', $tmps);
1010 if (!in_array($projectid, $tmparray)) {
1014 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1015 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1016 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1017 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1020 $checkonentitydone = 1;
1024 if (!$checkonentitydone && !in_array($feature, $nocheck) && $objectid > 0) {
1026 if ($user->socid > 0) {
1027 if (empty($dbt_keyfield)) {
1028 dol_print_error(
'',
'Param dbt_keyfield is required but not defined');
1030 $sql =
"SELECT COUNT(dbt.".$dbt_keyfield.
") as nb";
1031 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1032 $sql .=
" WHERE dbt.rowid IN (".$db->sanitize($objectid, 1).
")";
1033 $sql .=
" AND dbt.".$dbt_keyfield.
" = ".((int) $user->socid);
1034 } elseif (
isModEnabled(
"societe") && empty($user->rights->societe->client->voir)) {
1036 if ($feature !=
'ticket') {
1037 if (empty($dbt_keyfield)) {
1038 dol_print_error(
'',
'Param dbt_keyfield is required but not defined');
1040 $sql =
"SELECT COUNT(sc.fk_soc) as nb";
1041 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1042 $sql .=
", ".MAIN_DB_PREFIX.
"societe_commerciaux as sc";
1043 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1044 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1045 $sql .=
" AND sc.fk_soc = dbt.".$dbt_keyfield;
1046 $sql .=
" AND sc.fk_user = ".((int) $user->id);
1049 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1050 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1051 $sql .=
" LEFT JOIN ".MAIN_DB_PREFIX.
"societe_commerciaux as sc ON sc.fk_soc = dbt.".$dbt_keyfield.
" AND sc.fk_user = ".((int) $user->id);
1052 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1053 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1054 $sql .=
" AND (sc.fk_user = ".((int) $user->id).
" OR sc.fk_user IS NULL)";
1058 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1059 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1060 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1061 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1066 if ($feature ===
'agenda' && $objectid > 0) {
1068 if ($objectid > 0 && empty($user->rights->agenda->allactions->read)) {
1069 require_once DOL_DOCUMENT_ROOT.
'/comm/action/class/actioncomm.class.php';
1071 $action->fetch($objectid);
1072 if ($action->authorid != $user->id && $action->userownerid != $user->id && !(array_key_exists($user->id, $action->userassigned))) {
1080 if (in_array($feature, $checkhierarchy) && is_object($object) && $objectid > 0) {
1081 $childids = $user->getAllChildIds(1);
1083 if ($feature ==
'holiday') {
1084 $useridtocheck = $object->fk_user;
1085 if (!in_array($object->fk_user, $childids) && !in_array($object->fk_validator, $childids)) {
1089 if ($feature ==
'expensereport') {
1090 $useridtocheck = $object->fk_user_author;
1091 if (!$user->rights->expensereport->readall) {
1092 if (!in_array($useridtocheck, $childids)) {
1101 if (in_array($feature, $checkuser) && is_object($object) && $objectid > 0) {
1102 $useridtocheck = $object->fk_user;
1103 if (!empty($useridtocheck) && $useridtocheck > 0 && $useridtocheck != $user->id && empty($user->admin)) {
1109 $resql = $db->query(
$sql);
1111 $obj = $db->fetch_object($resql);
1112 if (!$obj || $obj->nb < count(explode(
',', $objectid))) {
1116 dol_syslog(
"Bad forged sql in checkUserAccessToObject", LOG_WARNING);
1140 http_response_code($http_response_code);
1142 if ($stringalreadysanitized) {
1145 print htmlentities($message);
1164 function accessforbidden($message =
'', $printheader = 1, $printfooter = 1, $showonlymessage = 0, $params =
null)
1166 global $conf, $db, $user, $langs, $hookmanager;
1167 global $action, $object;
1169 if (!is_object($langs)) {
1170 include_once DOL_DOCUMENT_ROOT.
'/core/class/translate.class.php';
1172 $langs->setDefaultLang();
1175 $langs->load(
"errors");
1178 if (function_exists(
"llxHeader")) {
1180 } elseif (function_exists(
"llxHeaderVierge")) {
1184 print
'<div class="error">';
1185 if (empty($message)) {
1186 print $langs->trans(
"ErrorForbidden");
1188 print $langs->trans($message);
1192 if (empty($showonlymessage)) {
1193 if (empty($hookmanager)) {
1194 include_once DOL_DOCUMENT_ROOT.
'/core/class/hookmanager.class.php';
1197 $hookmanager->initHooks(array(
'main'));
1200 $parameters = array(
'message'=>$message,
'params'=>$params);
1201 $reshook = $hookmanager->executeHooks(
'getAccessForbiddenMessage', $parameters, $object, $action);
1202 print $hookmanager->resPrint;
1203 if (empty($reshook)) {
1204 $langs->loadLangs(array(
"errors"));
1206 print $langs->trans(
"CurrentLogin").
': <span class="error">'.$user->login.
'</span><br>';
1207 print $langs->trans(
"ErrorForbidden2", $langs->transnoentitiesnoconv(
"Home"), $langs->transnoentitiesnoconv(
"Users"));
1208 print $langs->trans(
"ErrorForbidden4");
1210 print $langs->trans(
"ErrorForbidden3");
1214 if ($printfooter && function_exists(
"llxFooter")) {
1232 $max = $conf->global->MAIN_UPLOAD_DOC;
1233 $maxphp = @ini_get(
'upload_max_filesize');
1234 if (preg_match(
'/k$/i', $maxphp)) {
1235 $maxphp = preg_replace(
'/k$/i',
'', $maxphp);
1236 $maxphp = $maxphp * 1;
1238 if (preg_match(
'/m$/i', $maxphp)) {
1239 $maxphp = preg_replace(
'/m$/i',
'', $maxphp);
1240 $maxphp = $maxphp * 1024;
1242 if (preg_match(
'/g$/i', $maxphp)) {
1243 $maxphp = preg_replace(
'/g$/i',
'', $maxphp);
1244 $maxphp = $maxphp * 1024 * 1024;
1246 if (preg_match(
'/t$/i', $maxphp)) {
1247 $maxphp = preg_replace(
'/t$/i',
'', $maxphp);
1248 $maxphp = $maxphp * 1024 * 1024 * 1024;
1250 $maxphp2 = @ini_get(
'post_max_size');
1251 if (preg_match(
'/k$/i', $maxphp2)) {
1252 $maxphp2 = preg_replace(
'/k$/i',
'', $maxphp2);
1253 $maxphp2 = $maxphp2 * 1;
1255 if (preg_match(
'/m$/i', $maxphp2)) {
1256 $maxphp2 = preg_replace(
'/m$/i',
'', $maxphp2);
1257 $maxphp2 = $maxphp2 * 1024;
1259 if (preg_match(
'/g$/i', $maxphp2)) {
1260 $maxphp2 = preg_replace(
'/g$/i',
'', $maxphp2);
1261 $maxphp2 = $maxphp2 * 1024 * 1024;
1263 if (preg_match(
'/t$/i', $maxphp2)) {
1264 $maxphp2 = preg_replace(
'/t$/i',
'', $maxphp2);
1265 $maxphp2 = $maxphp2 * 1024 * 1024 * 1024;
1269 $maxphptoshow = $maxphptoshowparam =
'';
1271 $maxmin = min($maxmin, $maxphp);
1272 $maxphptoshow = $maxphp;
1273 $maxphptoshowparam =
'upload_max_filesize';
1276 $maxmin = min($maxmin, $maxphp2);
1277 if ($maxphp2 < $maxphp) {
1278 $maxphptoshow = $maxphp2;
1279 $maxphptoshowparam =
'post_max_size';
1285 return array(
'max'=>$max,
'maxmin'=>$maxmin,
'maxphptoshow'=>$maxphptoshow,
'maxphptoshowparam'=>$maxphptoshowparam);