dolibarr 19.0.4
index.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2016-2017 Laurent Destailleur <eldy@users.sourceforge.net>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 3 of the License, or
7 * (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <https://www.gnu.org/licenses/>.
16 *
17 * Note about $_SERVER:
18 * REQUEST_URI: /test/before_rewrite/script.php/path/info?q=helloword
19 * PHP_SELF: /test/after_rewrite/script.php/path/info
20 * QUERY_STRING: q=helloword
21 * SCRIPT_NAME: /test/after_rewrite/script.php
22 * PATH_INFO: /path/info
23 * SCRIPT_FILENAME: /var/www/test/php/script.php
24 * __FILE__ : /var/www/test/php/script_included.php
25 */
26
33if (!defined('NOTOKENRENEWAL')) {
34 define('NOTOKENRENEWAL', 1); // Disables token renewal
35}
36if (!defined('NOLOGIN')) {
37 define("NOLOGIN", 1);
38}
39if (!defined('NOCSRFCHECK')) {
40 define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.
41}
42if (!defined('NOREQUIREMENU')) {
43 define('NOREQUIREMENU', '1');
44}
45if (!defined('NOREQUIREHTML')) {
46 define('NOREQUIREHTML', '1');
47}
48if (!defined('NOREQUIREAJAX')) {
49 define('NOREQUIREAJAX', '1');
50}
51if (!defined('NOIPCHECK')) {
52 define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip
53}
54if (!defined('NOBROWSERNOTIF')) {
55 define('NOBROWSERNOTIF', '1');
56}
57
63function llxHeader()
64{
65}
71function llxFooter()
72{
73}
74
75require '../../master.inc.php';
76require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
77
78
79$error = 0;
80$websitekey = GETPOST('website', 'alpha');
81$pageid = GETPOST('page', 'alpha') ? GETPOST('page', 'alpha') : GETPOST('pageid', 'alpha');
82$pageref = GETPOST('pageref', 'alphanohtml') ? GETPOST('pageref', 'alphanohtml') : '';
83
84$accessallowed = 1;
85$type = '';
86
87
88if (empty($pageid)) {
89 require_once DOL_DOCUMENT_ROOT.'/website/class/website.class.php';
90 require_once DOL_DOCUMENT_ROOT.'/website/class/websitepage.class.php';
91
92 $object = new Website($db);
93 $object->fetch(0, $websitekey);
94
95 if (empty($object->id)) {
96 if (empty($pageid)) {
97 // Return header 404
98 header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found", true, 404);
99
100 include DOL_DOCUMENT_ROOT.'/public/error-404.php';
101 exit;
102 }
103 }
104
105 $objectpage = new WebsitePage($db);
106
107 if ($pageref) {
108 $result = $objectpage->fetch(0, $object->id, $pageref);
109 if ($result > 0) {
110 $pageid = $objectpage->id;
111 } elseif ($result == 0) {
112 // Page not found from ref=pageurl, we try using alternative alias
113 $result = $objectpage->fetch(0, $object->id, null, $pageref);
114 if ($result > 0) {
115 $pageid = $objectpage->id;
116 }
117 }
118 } else {
119 if ($object->fk_default_home > 0) {
120 $result = $objectpage->fetch($object->fk_default_home);
121 if ($result > 0) {
122 $pageid = $objectpage->id;
123 }
124 }
125
126 if (empty($pageid)) {
127 $array = $objectpage->fetchAll($object->id); // TODO Can filter on container of type pages only ?
128 if (is_array($array) && count($array) > 0) {
129 $firstrep = reset($array);
130 $pageid = $firstrep->id;
131 }
132 }
133 }
134}
135if (empty($pageid)) {
136 // Return header 404
137 header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found", true, 404);
138
139 $langs->load("website");
140
141 if (!GETPOSTISSET('pageref')) {
142 print $langs->trans("PreviewOfSiteNotYetAvailable", $websitekey);
143 }
144
145 include DOL_DOCUMENT_ROOT.'/public/error-404.php';
146 exit;
147}
148
149$appli = constant('DOL_APPLICATION_TITLE');
150if (getDolGlobalString('MAIN_APPLICATION_TITLE')) {
151 $appli = $conf->global->MAIN_APPLICATION_TITLE;
152}
153
154
155
156/*
157 * View
158 */
159
160//print 'Directory with '.$appli.' websites.<br>';
161
162
163// Security: Delete string ../ into $original_file
164global $dolibarr_main_data_root;
165
166if ($pageid == 'css') { // No more used ?
167 header('Content-type: text/css');
168 // Important: Following code is to avoid page request by browser and PHP CPU at each Dolibarr page access.
169 //if (empty($dolibarr_nocache)) header('Cache-Control: max-age=3600, public, must-revalidate');
170 //else
171 header('Cache-Control: no-cache');
172 $original_file = $dolibarr_main_data_root.($conf->entity > 1 ? '/'.$conf->entity : '').'/website/'.$websitekey.'/styles.css.php';
173} else {
174 $original_file = $dolibarr_main_data_root.($conf->entity > 1 ? '/'.$conf->entity : '').'/website/'.$websitekey.'/page'.$pageid.'.tpl.php';
175}
176
177// Find the subdirectory name as the reference
178$refname = basename(dirname($original_file)."/");
179
180// Security:
181// Limite acces si droits non corrects
182if (!$accessallowed) {
184}
185
186// Security:
187// On interdit les remontees de repertoire ainsi que les pipe dans
188// les noms de fichiers.
189if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) {
190 dol_syslog("Refused to deliver file ".$original_file);
191 $file = basename($original_file); // Do no show plain path of original_file in shown error message
192 dol_print_error(0, $langs->trans("ErrorFileNameInvalid", $file));
193 exit;
194}
195
196clearstatcache();
197
198$filename = basename($original_file);
199
200// Output file on browser
201dol_syslog("index.php include $original_file $filename content-type=$type");
202$original_file_osencoded = dol_osencode($original_file); // New file name encoded in OS encoding charset
203
204// This test if file exists should be useless. We keep it to find bug more easily
205if (!file_exists($original_file_osencoded)) {
206 // Return header 404
207 header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found", true, 404);
208
209 $langs->load("website");
210 print $langs->trans("RequestedPageHasNoContentYet", $pageid);
211
212 include DOL_DOCUMENT_ROOT.'/public/error-404.php';
213 exit;
214}
215
216
217// Output page content
218define('USEDOLIBARRSERVER', 1);
219print '<!-- Page content '.$original_file.' rendered with DOLIBARR SERVER : Html with CSS link and html header + Body that was saved into tpl dir -->'."\n";
220include_once $original_file_osencoded; // Note: The pageXXX.tpl.php showed here contains a formatage with dolWebsiteOutput() at end of page.
221
222if (is_object($db)) {
223 $db->close();
224}
if(!defined('NOREQUIRESOC')) if(!defined( 'NOREQUIRETRAN')) if(!defined('NOTOKENRENEWAL')) if(!defined( 'NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined( 'NOREQUIREAJAX')) llxHeader()
Empty header.
Definition wrapper.php:55
llxFooter()
Empty footer.
Definition wrapper.php:69
Class Website.
Class Websitepage.
dol_osencode($str)
Return a string encoded into OS filesystem encoding.
dol_print_error($db='', $error='', $errors=null)
Displays error message system with all the information to facilitate the diagnosis and the escalation...
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.