dolibarr 19.0.4
fileserver.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2018 Destailleur Laurent <eldy@users.sourceforge.net>
3 * Copyright (C) 2019 Regis Houssin <regis.houssin@inodbox.com>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 3 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <https://www.gnu.org/licenses/>.
17 *
18 * You can test with the WebDav client cadaver:
19 * cadaver http://myurl/dav/fileserver.php
20 */
21
28if (!defined('NOTOKENRENEWAL')) {
29 define('NOTOKENRENEWAL', '1');
30}
31if (!defined('NOREQUIREMENU')) {
32 define('NOREQUIREMENU', '1'); // If there is no menu to show
33}
34if (!defined('NOREQUIREHTML')) {
35 define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
36}
37if (!defined('NOREQUIREAJAX')) {
38 define('NOREQUIREAJAX', '1');
39}
40if (!defined('NOLOGIN')) {
41 define("NOLOGIN", 1); // This means this output page does not require to be logged.
42}
43if (!defined('NOCSRFCHECK')) {
44 define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.
45}
46
47require "../main.inc.php";
48require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
49require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
50require_once DOL_DOCUMENT_ROOT.'/dav/dav.class.php';
51require_once DOL_DOCUMENT_ROOT.'/dav/dav.lib.php';
52require_once DOL_DOCUMENT_ROOT.'/includes/sabre/autoload.php';
53
54
55$user = new User($db);
56if (isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_USER'] != '') {
57 $user->fetch('', $_SERVER['PHP_AUTH_USER']);
58 $user->getrights();
59}
60
61// Load translation files required by the page
62$langs->loadLangs(array("main", "other"));
63
64
65if (empty($conf->dav->enabled)) {
66 accessforbidden();
67}
68
69// Restrict API to some IPs
70if (getDolGlobalString('DAV_RESTRICT_ON_IP')) {
71 $allowedip = explode(' ', getDolGlobalString('DAV_RESTRICT_ON_IP'));
72 $ipremote = getUserRemoteIP();
73 if (!in_array($ipremote, $allowedip)) {
74 dol_syslog('Remote ip is '.$ipremote.', not into list ' . getDolGlobalString('DAV_RESTRICT_ON_IP'));
75 print 'DAV not allowed from the IP '.$ipremote;
76 header('HTTP/1.1 503 DAV not allowed from your IP '.$ipremote);
77 //print $conf->global->DAV_RESTRICT_ON_IP;
78 exit(0);
79 }
80}
81
82
83$entity = (GETPOST('entity', 'int') ? GETPOST('entity', 'int') : (!empty($conf->entity) ? $conf->entity : 1));
84
85// settings
86$publicDir = $conf->dav->multidir_output[$entity].'/public';
87$privateDir = $conf->dav->multidir_output[$entity].'/private';
88$ecmDir = $conf->ecm->multidir_output[$entity];
89$tmpDir = $conf->dav->multidir_output[$entity]; // We need root dir, not a dir that can be deleted
90//var_dump($tmpDir);mkdir($tmpDir);exit;
91
92
93// Authentication callback function
94$authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(function ($username, $password) {
95 global $user, $conf;
96 global $dolibarr_main_authentication, $dolibarr_auto_user;
97
98 if (empty($user->login)) {
99 dol_syslog("Failed to authenticate to DAV, login is not provided", LOG_WARNING);
100 return false;
101 }
102 if ($user->socid > 0) {
103 dol_syslog("Failed to authenticate to DAV, user is an external user", LOG_WARNING);
104 return false;
105 }
106 if ($user->login != $username) {
107 dol_syslog("Failed to authenticate to DAV, login does not match the login of loaded user", LOG_WARNING);
108 return false;
109 }
110
111 // Authentication mode
112 if (empty($dolibarr_main_authentication)) {
113 $dolibarr_main_authentication = 'dolibarr';
114 }
115
116 // Authentication mode: forceuser
117 if ($dolibarr_main_authentication == 'forceuser') {
118 if (empty($dolibarr_auto_user)) {
119 $dolibarr_auto_user = 'auto';
120 }
121 if ($dolibarr_auto_user != $username) {
122 dol_syslog("Warning: your instance is set to use the automatic forced login '".$dolibarr_auto_user."' that is not the requested login. DAV usage is forbidden in this mode.");
123 return false;
124 }
125 }
126
127 $authmode = explode(',', $dolibarr_main_authentication);
128 $entity = (GETPOST('entity', 'int') ? GETPOST('entity', 'int') : (!empty($conf->entity) ? $conf->entity : 1));
129
130 if (checkLoginPassEntity($username, $password, $entity, $authmode, 'dav') != $username) {
131 return false;
132 }
133
134 // Check if user status is enabled
135 if ($user->statut != $user::STATUS_ENABLED) {
136 // Status is disabled
137 dol_syslog("The user has been disabled.");
138 return false;
139 }
140
141 // Check if session was unvalidated by a password change
142 if (($user->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION["dol_logindate"])) {
143 // Session is no more valid
144 dol_syslog("The user has a date for session invalidation = ".$user->flagdelsessionsbefore." and a session date = ".$_SESSION["dol_logindate"].". We must invalidate its sessions.");
145 return false;
146 }
147
148 // Check date validity
149 if ($user->isNotIntoValidityDateRange()) {
150 // User validity dates are no more valid
151 dol_syslog("The user login has a validity between [".$user->datestartvalidity." and ".$user->dateendvalidity."], curren date is ".dol_now());
152 return false;
153 }
154
155 return true;
156});
157
158$authBackend->setRealm(constant('DOL_APPLICATION_TITLE').' - WebDAV');
159
160
161
162
163
164/*
165 * Actions and View
166 */
167
168// Create the root node
169// Setting up the directory tree //
170$nodes = array();
171
172// Enable directories and features according to DAV setup
173// Public dir
174if (getDolGlobalString('DAV_ALLOW_PUBLIC_DIR')) {
175 $nodes[] = new \Sabre\DAV\FS\Directory($publicDir);
176}
177// Private dir
178$nodes[] = new \Sabre\DAV\FS\Directory($privateDir);
179// ECM dir
180if (isModEnabled('ecm') && getDolGlobalString('DAV_ALLOW_ECM_DIR')) {
181 $nodes[] = new \Sabre\DAV\FS\Directory($ecmDir);
182}
183
184
185
186// Principals Backend
187//$principalBackend = new \Sabre\DAVACL\PrincipalBackend\Dolibarr($user,$db);
188// /principals
189//$nodes[] = new \Sabre\DAVACL\PrincipalCollection($principalBackend);
190// CardDav & CalDav Backend
191//$carddavBackend = new \Sabre\CardDAV\Backend\Dolibarr($user,$db,$langs);
192//$caldavBackend = new \Sabre\CalDAV\Backend\Dolibarr($user,$db,$langs, $cdavLib);
193// /addressbook
194//$nodes[] = new \Sabre\CardDAV\AddressBookRoot($principalBackend, $carddavBackend);
195// /calendars
196//$nodes[] = new \Sabre\CalDAV\CalendarRoot($principalBackend, $caldavBackend);
197
198
199// The rootnode needs in turn to be passed to the server class
200$server = new \Sabre\DAV\Server($nodes);
201
202// If you want to run the SabreDAV server in a custom location (using mod_rewrite for instance)
203// You can override the baseUri here.
204$baseUri = DOL_URL_ROOT.'/dav/fileserver.php/';
205if (isset($baseUri)) {
206 $server->setBaseUri($baseUri);
207}
208
209// Add authentication function
210if ((!getDolGlobalString('DAV_ALLOW_PUBLIC_DIR')
211 || !preg_match('/'.preg_quote(DOL_URL_ROOT.'/dav/fileserver.php/public', '/').'/', $_SERVER["PHP_SELF"]))
212 && !preg_match('/^sabreAction=asset&assetName=[a-zA-Z0-9%\-\/]+\.(png|css|woff|ico|ttf)$/', $_SERVER["QUERY_STRING"]) // URL for Sabre browser resources
213 ) {
214 //var_dump($_SERVER["QUERY_STRING"]);exit;
215 $server->addPlugin(new \Sabre\DAV\Auth\Plugin($authBackend));
216}
217// Support for LOCK and UNLOCK
218$lockBackend = new \Sabre\DAV\Locks\Backend\File($tmpDir.'/.locksdb');
219$lockPlugin = new \Sabre\DAV\Locks\Plugin($lockBackend);
220$server->addPlugin($lockPlugin);
221
222// Support for the html browser
223if (!getDolGlobalString('DAV_DISABLE_BROWSER')) {
224 $browser = new \Sabre\DAV\Browser\Plugin();
225 $server->addPlugin($browser);
226}
227
228// Automatically guess (some) contenttypes, based on extension
229//$server->addPlugin(new \Sabre\DAV\Browser\GuessContentType());
230
231//$server->addPlugin(new \Sabre\CardDAV\Plugin());
232//$server->addPlugin(new \Sabre\CalDAV\Plugin());
233//$server->addPlugin(new \Sabre\DAVACL\Plugin());
234
235// Temporary file filter
236/*$tempFF = new \Sabre\DAV\TemporaryFileFilterPlugin($tmpDir);
237$server->addPlugin($tempFF);
238*/
239
240// And off we go!
241$server->exec();
242
243if (is_object($db)) {
244 $db->close();
245}
User
Class to manage Dolibarr users.
Definition user.class.php:48
dol_now
dol_now($mode='auto')
Return date for now.
Definition functions.lib.php:3212
GETPOST
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
Definition functions.lib.php:621
getDolGlobalString
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
Definition functions.lib.php:151
getUserRemoteIP
getUserRemoteIP()
Return the IP of remote user.
Definition functions.lib.php:3944
dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition functions.lib.php:1873
if
if(!defined( 'CSRFCHECK_WITH_TOKEN'))
Definition journals_list.php:25
checkLoginPassEntity
checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode, $context='')
Return a login if login/pass was successfull.
Definition security2.lib.php:57
accessforbidden
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.
Definition security.lib.php:1192
Generated on Tue Nov 4 2025 01:00:24 for dolibarr by Doxygen 1.11.0