28if (!defined(
'NOTOKENRENEWAL')) {
29 define(
'NOTOKENRENEWAL',
'1');
31if (!defined(
'NOREQUIREMENU')) {
32 define(
'NOREQUIREMENU',
'1');
34if (!defined(
'NOREQUIREHTML')) {
35 define(
'NOREQUIREHTML',
'1');
37if (!defined(
'NOREQUIREAJAX')) {
38 define(
'NOREQUIREAJAX',
'1');
40if (!defined(
'NOLOGIN')) {
43if (!defined(
'NOCSRFCHECK')) {
44 define(
"NOCSRFCHECK", 1);
47require
"../main.inc.php";
48require_once DOL_DOCUMENT_ROOT.
'/core/lib/security2.lib.php';
49require_once DOL_DOCUMENT_ROOT.
'/core/class/html.formcompany.class.php';
50require_once DOL_DOCUMENT_ROOT.
'/dav/dav.class.php';
51require_once DOL_DOCUMENT_ROOT.
'/dav/dav.lib.php';
52require_once DOL_DOCUMENT_ROOT.
'/includes/sabre/autoload.php';
56if (isset($_SERVER[
'PHP_AUTH_USER']) && $_SERVER[
'PHP_AUTH_USER'] !=
'') {
57 $user->fetch(
'', $_SERVER[
'PHP_AUTH_USER']);
62$langs->loadLangs(array(
"main",
"other"));
65if (empty($conf->dav->enabled)) {
73 if (!in_array($ipremote, $allowedip)) {
75 print
'DAV not allowed from the IP '.$ipremote;
76 header(
'HTTP/1.1 503 DAV not allowed from your IP '.$ipremote);
83$entity = (
GETPOST(
'entity',
'int') ?
GETPOST(
'entity',
'int') : (!empty($conf->entity) ? $conf->entity : 1));
86$publicDir = $conf->dav->multidir_output[$entity].
'/public';
87$privateDir = $conf->dav->multidir_output[$entity].
'/private';
88$ecmDir = $conf->ecm->multidir_output[$entity];
89$tmpDir = $conf->dav->multidir_output[$entity];
94$authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(
function ($username, $password) {
96 global $dolibarr_main_authentication, $dolibarr_auto_user;
98 if (empty($user->login)) {
99 dol_syslog(
"Failed to authenticate to DAV, login is not provided", LOG_WARNING);
102 if ($user->socid > 0) {
103 dol_syslog(
"Failed to authenticate to DAV, user is an external user", LOG_WARNING);
106 if ($user->login != $username) {
107 dol_syslog(
"Failed to authenticate to DAV, login does not match the login of loaded user", LOG_WARNING);
112 if (empty($dolibarr_main_authentication)) {
113 $dolibarr_main_authentication =
'dolibarr';
117 if ($dolibarr_main_authentication ==
'forceuser') {
118 if (empty($dolibarr_auto_user)) {
119 $dolibarr_auto_user =
'auto';
121 if ($dolibarr_auto_user != $username) {
122 dol_syslog(
"Warning: your instance is set to use the automatic forced login '".$dolibarr_auto_user.
"' that is not the requested login. DAV usage is forbidden in this mode.");
127 $authmode = explode(
',', $dolibarr_main_authentication);
128 $entity = (
GETPOST(
'entity',
'int') ?
GETPOST(
'entity',
'int') : (!empty($conf->entity) ? $conf->entity : 1));
135 if ($user->statut != $user::STATUS_ENABLED) {
142 if (($user->flagdelsessionsbefore && !empty($_SESSION[
"dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION[
"dol_logindate"])) {
144 dol_syslog(
"The user has a date for session invalidation = ".$user->flagdelsessionsbefore.
" and a session date = ".$_SESSION[
"dol_logindate"].
". We must invalidate its sessions.");
149 if ($user->isNotIntoValidityDateRange()) {
151 dol_syslog(
"The user login has a validity between [".$user->datestartvalidity.
" and ".$user->dateendvalidity.
"], curren date is ".
dol_now());
158$authBackend->setRealm(constant(
'DOL_APPLICATION_TITLE').
' - WebDAV');
175 $nodes[] = new \Sabre\DAV\FS\Directory($publicDir);
178$nodes[] = new \Sabre\DAV\FS\Directory($privateDir);
181 $nodes[] = new \Sabre\DAV\FS\Directory($ecmDir);
200$server = new \Sabre\DAV\Server($nodes);
204$baseUri = DOL_URL_ROOT.
'/dav/fileserver.php/';
205if (isset($baseUri)) {
206 $server->setBaseUri($baseUri);
211 || !preg_match(
'/'.preg_quote(DOL_URL_ROOT.
'/dav/fileserver.php/public',
'/').
'/', $_SERVER[
"PHP_SELF"]))
212 && !preg_match(
'/^sabreAction=asset&assetName=[a-zA-Z0-9%\-\/]+\.(png|css|woff|ico|ttf)$/', $_SERVER[
"QUERY_STRING"])
215 $server->addPlugin(
new \Sabre\DAV\Auth\Plugin($authBackend));
218$lockBackend = new \Sabre\DAV\Locks\Backend\File($tmpDir.
'/.locksdb');
219$lockPlugin = new \Sabre\DAV\Locks\Plugin($lockBackend);
220$server->addPlugin($lockPlugin);
224 $browser = new \Sabre\DAV\Browser\Plugin();
225 $server->addPlugin($browser);
Class to manage Dolibarr users.
dol_now($mode='auto')
Return date for now.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
getUserRemoteIP()
Return the IP of remote user.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
if(!defined( 'CSRFCHECK_WITH_TOKEN'))
checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode, $context='')
Return a login if login/pass was successfull.
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.