dolibarr 20.0.2
ws.lib.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2011 Laurent Destailleur <eldy@users.sourceforge.net>
3 * Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 3 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <https://www.gnu.org/licenses/>.
17 * or see https://www.gnu.org/
18 */
19
36function check_authentication($authentication, &$error, &$errorcode, &$errorlabel)
37{
38 global $db, $conf, $langs;
39 global $dolibarr_main_authentication, $dolibarr_auto_user;
40
41 $fuser = new User($db);
42
43 if (!$error && ($authentication['dolibarrkey'] != $conf->global->WEBSERVICES_KEY)) {
44 $error++;
45 $errorcode = 'BAD_VALUE_FOR_SECURITY_KEY';
46 $errorlabel = 'Value provided into dolibarrkey entry field does not match security key defined in Webservice module setup';
47 }
48
49 if (!$error && !empty($authentication['entity']) && !is_numeric($authentication['entity'])) {
50 $error++;
51 $errorcode = 'BAD_PARAMETERS';
52 $errorlabel = "The entity parameter must be empty (or filled with numeric id of instance if multicompany module is used).";
53 }
54
55 if (!$error) {
56 $result = $fuser->fetch('', $authentication['login'], '', 0);
57 if ($result < 0) {
58 $error++;
59 $errorcode = 'ERROR_FETCH_USER';
60 $errorlabel = 'A technical error occurred during fetch of user';
61 } elseif ($result == 0) {
62 $error++;
63 $errorcode = 'BAD_CREDENTIALS';
64 $errorlabel = 'Bad value for login or password';
65 }
66
67 if (!$error && $fuser->statut == 0) {
68 $error++;
69 $errorcode = 'ERROR_USER_DISABLED';
70 $errorlabel = 'This user has been locked or disabled';
71 }
72
73 // Validation of login
74 if (!$error) {
75 $fuser->getrights(); // Load permission of user
76
77 // Authentication mode
78 if (empty($dolibarr_main_authentication)) {
79 $dolibarr_main_authentication = 'http,dolibarr';
80 }
81 // Authentication mode: forceuser
82 if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) {
83 $dolibarr_auto_user = 'auto';
84 }
85 // Set authmode
86 $authmode = explode(',', $dolibarr_main_authentication);
87
88 include_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
89 $login = checkLoginPassEntity($authentication['login'], $authentication['password'], $authentication['entity'], $authmode, 'ws');
90 if ($login === '--bad-login-validity--') {
91 $login = '';
92 }
93
94 if (empty($login)) {
95 $error++;
96 $errorcode = 'BAD_CREDENTIALS';
97 $errorlabel = 'Bad value for login or password';
98 }
99 }
100 }
101
102 return $fuser;
103}
User
Class to manage Dolibarr users.
Definition user.class.php:50
checkLoginPassEntity
checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode, $context='')
Return a login if login/pass was successful.
Definition security2.lib.php:58
check_authentication
check_authentication($authentication, &$error, &$errorcode, &$errorlabel)
Check authentication array and set error, errorcode, errorlabel.
Definition ws.lib.php:36
Generated on Thu Dec 5 2024 01:00:21 for dolibarr by Doxygen 1.11.0