dolibarr 19.0.4
ws.lib.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2011 Laurent Destailleur <eldy@users.sourceforge.net>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 3 of the License, or
7 * (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <https://www.gnu.org/licenses/>.
16 * or see https://www.gnu.org/
17 */
18
35function check_authentication($authentication, &$error, &$errorcode, &$errorlabel)
36{
37 global $db, $conf, $langs;
38 global $dolibarr_main_authentication, $dolibarr_auto_user;
39
40 $fuser = new User($db);
41
42 if (!$error && ($authentication['dolibarrkey'] != $conf->global->WEBSERVICES_KEY)) {
43 $error++;
44 $errorcode = 'BAD_VALUE_FOR_SECURITY_KEY';
45 $errorlabel = 'Value provided into dolibarrkey entry field does not match security key defined in Webservice module setup';
46 }
47
48 if (!$error && !empty($authentication['entity']) && !is_numeric($authentication['entity'])) {
49 $error++;
50 $errorcode = 'BAD_PARAMETERS';
51 $errorlabel = "The entity parameter must be empty (or filled with numeric id of instance if multicompany module is used).";
52 }
53
54 if (!$error) {
55 $result = $fuser->fetch('', $authentication['login'], '', 0);
56 if ($result < 0) {
57 $error++;
58 $errorcode = 'ERROR_FETCH_USER';
59 $errorlabel = 'A technical error occurred during fetch of user';
60 } elseif ($result == 0) {
61 $error++;
62 $errorcode = 'BAD_CREDENTIALS';
63 $errorlabel = 'Bad value for login or password';
64 }
65
66 if (!$error && $fuser->statut == 0) {
67 $error++;
68 $errorcode = 'ERROR_USER_DISABLED';
69 $errorlabel = 'This user has been locked or disabled';
70 }
71
72 // Validation of login
73 if (!$error) {
74 $fuser->getrights(); // Load permission of user
75
76 // Authentication mode
77 if (empty($dolibarr_main_authentication)) {
78 $dolibarr_main_authentication = 'http,dolibarr';
79 }
80 // Authentication mode: forceuser
81 if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) {
82 $dolibarr_auto_user = 'auto';
83 }
84 // Set authmode
85 $authmode = explode(',', $dolibarr_main_authentication);
86
87 include_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
88 $login = checkLoginPassEntity($authentication['login'], $authentication['password'], $authentication['entity'], $authmode, 'ws');
89 if ($login === '--bad-login-validity--') {
90 $login = '';
91 }
92
93 if (empty($login)) {
94 $error++;
95 $errorcode = 'BAD_CREDENTIALS';
96 $errorlabel = 'Bad value for login or password';
97 }
98 }
99 }
100
101 return $fuser;
102}
Class to manage Dolibarr users.
checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode, $context='')
Return a login if login/pass was successfull.
check_authentication($authentication, &$error, &$errorcode, &$errorlabel)
Check authentication array and set error, errorcode, errorlabel.
Definition ws.lib.php:35