dolibarr 20.0.2
main.inc.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2002-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
3 * Copyright (C) 2003 Xavier Dutoit <doli@sydesy.com>
4 * Copyright (C) 2004-2021 Laurent Destailleur <eldy@users.sourceforge.net>
5 * Copyright (C) 2004 Sebastien Di Cintio <sdicintio@ressource-toi.org>
6 * Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
7 * Copyright (C) 2005-2021 Regis Houssin <regis.houssin@inodbox.com>
8 * Copyright (C) 2011-2014 Philippe Grand <philippe.grand@atoo-net.com>
9 * Copyright (C) 2008 Matteli
10 * Copyright (C) 2011-2016 Juanjo Menent <jmenent@2byte.es>
11 * Copyright (C) 2012 Christophe Battarel <christophe.battarel@altairis.fr>
12 * Copyright (C) 2014-2015 Marcos García <marcosgdf@gmail.com>
13 * Copyright (C) 2015 Raphaël Doursenaud <rdoursenaud@gpcsolutions.fr>
14 * Copyright (C) 2020 Demarest Maxime <maxime@indelog.fr>
15 * Copyright (C) 2020 Charlene Benke <charlie@patas-monkey.com>
16 * Copyright (C) 2021-2024 Frédéric France <frederic.france@free.fr>
17 * Copyright (C) 2021 Alexandre Spangaro <aspangaro@open-dsi.fr>
18 * Copyright (C) 2023 Joachim Küter <git-jk@bloxera.com>
19 * Copyright (C) 2023 Eric Seigne <eric.seigne@cap-rel.fr>
20 * Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
21 *
22 * This program is free software; you can redistribute it and/or modify
23 * it under the terms of the GNU General Public License as published by
24 * the Free Software Foundation; either version 3 of the License, or
25 * (at your option) any later version.
26 *
27 * This program is distributed in the hope that it will be useful,
28 * but WITHOUT ANY WARRANTY; without even the implied warranty of
29 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
30 * GNU General Public License for more details.
31 *
32 * You should have received a copy of the GNU General Public License
33 * along with this program. If not, see <https://www.gnu.org/licenses/>.
34 */
35
42//@ini_set('memory_limit', '128M'); // This may be useless if memory is hard limited by your PHP
43
44// For optional tuning. Enabled if environment variable MAIN_SHOW_TUNING_INFO is defined.
45$micro_start_time = 0;
46if (!empty($_SERVER['MAIN_SHOW_TUNING_INFO'])) {
47 list($usec, $sec) = explode(" ", microtime());
48 $micro_start_time = ((float) $usec + (float) $sec);
49 // Add Xdebug code coverage
50 //define('XDEBUGCOVERAGE',1);
51 if (defined('XDEBUGCOVERAGE')) {
52 xdebug_start_code_coverage();
53 }
54}
55
63{
64 $arrayofcommonemoji = array(
65 'misc' => array('2600', '26FF'), // Miscellaneous Symbols
66 'ding' => array('2700', '27BF'), // Dingbats
67 '????' => array('9989', '9989'), // Variation Selectors
68 'vars' => array('FE00', 'FE0F'), // Variation Selectors
69 'pict' => array('1F300', '1F5FF'), // Miscellaneous Symbols and Pictographs
70 'emot' => array('1F600', '1F64F'), // Emoticons
71 'tran' => array('1F680', '1F6FF'), // Transport and Map Symbols
72 'flag' => array('1F1E0', '1F1FF'), // Flags (note: may be 1F1E6 instead of 1F1E0)
73 'supp' => array('1F900', '1F9FF'), // Supplemental Symbols and Pictographs
74 );
75
76 return $arrayofcommonemoji;
77}
78
87{
88 $newstringnumentity = preg_replace('/;$/', '', $matches[1]);
89 //print ' $newstringnumentity='.$newstringnumentity;
90
91 if (preg_match('/^x/i', $newstringnumentity)) { // if numeric is hexadecimal
92 $newstringnumentity = hexdec(preg_replace('/^x/i', '', $newstringnumentity));
93 } else {
94 $newstringnumentity = (int) $newstringnumentity;
95 }
96
97 // The numeric values we don't want as entities because they encode ascii char, and why using html entities on ascii except for haking ?
98 if (($newstringnumentity >= 65 && $newstringnumentity <= 90) || ($newstringnumentity >= 97 && $newstringnumentity <= 122)) {
99 return chr((int) $newstringnumentity);
100 }
101
102 // The numeric values we want in UTF8 instead of entities because it is emoji
103 $arrayofemojis = getArrayOfEmoji();
104 foreach ($arrayofemojis as $valarray) {
105 if ($newstringnumentity >= hexdec($valarray[0]) && $newstringnumentity <= hexdec($valarray[1])) {
106 // This is a known emoji
107 return html_entity_decode($matches[0], ENT_COMPAT | ENT_HTML5, 'UTF-8');
108 }
109 }
110
111 return '&#'.$matches[1]; // Value will be unchanged because regex was /&#( )/
112}
113
123function testSqlAndScriptInject($val, $type)
124{
125 // Decode string first because a lot of things are obfuscated by encoding or multiple encoding.
126 // So <svg o&#110;load='console.log(&quot;123&quot;)' become <svg onload='console.log(&quot;123&quot;)'
127 // So "&colon;&apos;" become ":'" (due to ENT_HTML5)
128 // So "&Tab;&NewLine;" become ""
129 // So "&lpar;&rpar;" become "()"
130
131 // Loop to decode until no more things to decode.
132 //print "before decoding $val\n";
133 do {
134 $oldval = $val;
135 $val = html_entity_decode($val, ENT_QUOTES | ENT_HTML5); // Decode '&colon;', '&apos;', '&Tab;', '&NewLine', ...
136 // Sometimes we have entities without the ; at end so html_entity_decode does not work but entities is still interpreted by browser.
137 $val = preg_replace_callback(
138 '/&#(x?[0-9][0-9a-f]+;?)/i',
143 static function ($m) {
144 // Decode '&#110;', ...
146 },
147 $val
148 );
149
150 // We clean html comments because some hacks try to obfuscate evil strings by inserting HTML comments. Example: on<!-- -->error=alert(1)
151 $val = preg_replace('/<!--[^>]*-->/', '', $val);
152 $val = preg_replace('/[\r\n\t]/', '', $val);
153 } while ($oldval != $val);
154 //print "type = ".$type." after decoding: ".$val."\n";
155
156 $inj = 0;
157
158 // We check string because some hacks try to obfuscate evil strings by inserting non printable chars. Example: 'java(ascci09)scr(ascii00)ipt' is processed like 'javascript' (whatever is place of evil ascii char)
159 // We should use dol_string_nounprintableascii but function is not yet loaded/available
160 // Example of valid UTF8 chars:
161 // utf8 or utf8mb3: '\x09', '\x0A', '\x0D', '\x7E'
162 // utf8 or utf8mb3: '\xE0\xA0\x80'
163 // utf8mb4: '\xF0\x9D\x84\x9E' (so this may be refused by the database insert if pagecode is utf8=utf8mb3)
164 $newval = preg_replace('/[\x00-\x08\x0B-\x0C\x0E-\x1F\x7F]/u', '', $val); // /u operator makes UTF8 valid characters being ignored so are not included into the replace
165
166 // Note that $newval may also be completely empty '' when non valid UTF8 are found.
167 if ($newval != $val) {
168 // If $val has changed after removing non valid UTF8 chars, it means we have an evil string.
169 $inj += 1;
170 }
171 //print 'inj='.$inj.'-type='.$type.'-val='.$val.'-newval='.$newval."\n";
172
173 // For SQL Injection (only GET are used to scan for such injection strings)
174 if ($type == 1 || $type == 3) {
175 // Note the \s+ is replaced into \s* because some spaces may have been modified in previous loop
176 $inj += preg_match('/delete\s*from/i', $val);
177 $inj += preg_match('/create\s*table/i', $val);
178 $inj += preg_match('/insert\s*into/i', $val);
179 $inj += preg_match('/select\s*from/i', $val);
180 $inj += preg_match('/into\s*(outfile|dumpfile)/i', $val);
181 $inj += preg_match('/user\s*\‍(/i', $val); // avoid to use function user() or mysql_user() that return current database login
182 $inj += preg_match('/information_schema/i', $val); // avoid to use request that read information_schema database
183 $inj += preg_match('/<svg/i', $val); // <svg can be allowed in POST
184 $inj += preg_match('/update[^&=\w].*set.+=/i', $val); // the [^&=\w] test is to avoid error when request is like action=update&...set... or &updatemodule=...set...
185 $inj += preg_match('/union.+select/i', $val);
186 }
187 if ($type == 3) {
188 // Note the \s+ is replaced into \s* because some spaces may have been modified in previous loop
189 $inj += preg_match('/select|update|delete|truncate|replace|group\s*by|concat|count|from|union/i', $val);
190 }
191 if ($type != 2) { // Not common key strings, so we can check them both on GET and POST
192 $inj += preg_match('/updatexml\‍(/i', $val);
193 $inj += preg_match('/(\.\.%2f)+/i', $val);
194 $inj += preg_match('/\s@@/', $val);
195 }
196 // For XSS Injection done by closing textarea to execute content into a textarea field
197 $inj += preg_match('/<\/textarea/i', $val);
198 // For XSS Injection done by adding javascript with script
199 // This is all cases a browser consider text is javascript:
200 // When it found '<script', 'javascript:', '<style', 'onload\s=' on body tag, '="&' on a tag size with old browsers
201 // All examples on page: http://ha.ckers.org/xss.html#XSScalc
202 // More on https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
203 $inj += preg_match('/<audio/i', $val);
204 $inj += preg_match('/<embed/i', $val);
205 $inj += preg_match('/<iframe/i', $val);
206 $inj += preg_match('/<object/i', $val);
207 $inj += preg_match('/<script/i', $val);
208 $inj += preg_match('/Set\.constructor/i', $val); // ECMA script 6
209 if (!defined('NOSTYLECHECK')) {
210 $inj += preg_match('/<style/i', $val);
211 }
212 $inj += preg_match('/base\s+href/si', $val);
213 $inj += preg_match('/=data:/si', $val);
214
215 // List of dom events is on https://www.w3schools.com/jsref/dom_obj_event.asp and https://developer.mozilla.org/en-US/docs/Web/Events
216 $inj += preg_match('/on(mouse|drag|key|load|touch|pointer|select|transition)[a-z]*\s*=/i', $val); // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
217 $inj += preg_match('/on(abort|after|animation|auxclick|before|blur|cancel|canplay|canplaythrough|change|click|close|contextmenu|cuechange|copy|cut)[a-z]*\s*=/i', $val);
218 $inj += preg_match('/on(dblclick|drop|durationchange|emptied|end|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)[a-z]*\s*=/i', $val);
219 $inj += preg_match('/on(lostpointercapture|offline|online|pagehide|pageshow)[a-z]*\s*=/i', $val);
220 $inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|reset|resize|scroll|search|seeked|seeking|show|stalled|start|submit|suspend)[a-z]*\s*=/i', $val);
221 $inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting|wheel)[a-z]*\s*=/i', $val);
222 // More not into the previous list
223 $inj += preg_match('/on(repeat|begin|finish|beforeinput)[a-z]*\s*=/i', $val);
224
225 // We refuse html into html because some hacks try to obfuscate evil strings by inserting HTML into HTML.
226 // Example: <img on<a>error=alert(1) or <img onerror<>=alert(1) to bypass test on onerror=
227 $tmpval = preg_replace('/<[^<]*>/', '', $val);
228
229 // List of dom events is on https://www.w3schools.com/jsref/dom_obj_event.asp and https://developer.mozilla.org/en-US/docs/Web/Events
230 $inj += preg_match('/on(mouse|drag|key|load|touch|pointer|select|transition)[a-z]*\s*=/i', $tmpval); // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
231 $inj += preg_match('/on(abort|after|animation|auxclick|before|blur|cancel|canplay|canplaythrough|change|click|close|contextmenu|cuechange|copy|cut)[a-z]*\s*=/i', $tmpval);
232 $inj += preg_match('/on(dblclick|drop|durationchange|emptied|end|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)[a-z]*\s*=/i', $tmpval);
233 $inj += preg_match('/on(lostpointercapture|offline|online|pagehide|pageshow)[a-z]*\s*=/i', $tmpval);
234 $inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|reset|resize|scroll|search|seeked|seeking|show|stalled|start|submit|suspend)[a-z]*\s*=/i', $tmpval);
235 $inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting|wheel)[a-z]*\s*=/i', $tmpval);
236 // More not into the previous list
237 $inj += preg_match('/on(repeat|begin|finish|beforeinput)[a-z]*\s*=/i', $tmpval);
238
239 //$inj += preg_match('/on[A-Z][a-z]+\*=/', $val); // To lock event handlers onAbort(), ...
240 $inj += preg_match('/&#58;|&#0000058|&#x3A/i', $val); // refused string ':' encoded (no reason to have it encoded) to lock 'javascript:...'
241 $inj += preg_match('/j\s*a\s*v\s*a\s*s\s*c\s*r\s*i\s*p\s*t\s*:/i', $val);
242 $inj += preg_match('/vbscript\s*:/i', $val);
243 // For XSS Injection done by adding javascript closing html tags like with onmousemove, etc... (closing a src or href tag with not cleaned param)
244 if ($type == 1 || $type == 3) {
245 $val = str_replace('enclosure="', 'enclosure=X', $val); // We accept enclosure=" for the export/import module
246 $inj += preg_match('/"/i', $val); // We refused " in GET parameters value.
247 }
248 if ($type == 2) {
249 $inj += preg_match('/[:;"\'<>\?\‍(\‍){}\$%]/', $val); // PHP_SELF is a file system (or url path without parameters). It can contains spaces.
250 }
251
252 return $inj;
253}
254
263function analyseVarsForSqlAndScriptsInjection(&$var, $type, $stopcode = 1)
264{
265 if (is_array($var)) {
266 foreach ($var as $key => $value) { // Warning, $key may also be used for attacks
267 // Exclude check for some variable keys
268 if ($type === 0 && defined('NOSCANPOSTFORINJECTION') && is_array(constant('NOSCANPOSTFORINJECTION')) && in_array($key, constant('NOSCANPOSTFORINJECTION'))) {
269 continue;
270 }
271
272 if (analyseVarsForSqlAndScriptsInjection($key, $type, $stopcode) && analyseVarsForSqlAndScriptsInjection($value, $type, $stopcode)) {
273 //$var[$key] = $value; // This is useless
274 } else {
275 http_response_code(403);
276
277 // Get remote IP: PS: We do not use getRemoteIP(), function is not yet loaded and we need a value that can't be spoofed
278 $ip = (empty($_SERVER['REMOTE_ADDR']) ? 'unknown' : $_SERVER['REMOTE_ADDR']);
279
280 if ($stopcode) {
281 $errormessage = 'Access refused to '.htmlentities($ip, ENT_COMPAT, 'UTF-8').' by SQL or Script injection protection in main.inc.php:analyseVarsForSqlAndScriptsInjection type='.htmlentities((string) $type, ENT_COMPAT, 'UTF-8');
282 //$errormessage .= ' paramkey='.htmlentities($key, ENT_COMPAT, 'UTF-8'); // Disabled to avoid text injection
283
284 $errormessage2 = 'page='.htmlentities((empty($_SERVER["REQUEST_URI"]) ? '' : $_SERVER["REQUEST_URI"]), ENT_COMPAT, 'UTF-8');
285 $errormessage2 .= ' paramtype='.htmlentities((string) $type, ENT_COMPAT, 'UTF-8');
286 $errormessage2 .= ' paramkey='.htmlentities($key, ENT_COMPAT, 'UTF-8');
287 $errormessage2 .= ' paramvalue='.htmlentities($value, ENT_COMPAT, 'UTF-8');
288
289 print $errormessage;
290 print "<br>\n";
291 print 'Try to go back, fix data of your form and resubmit it. You can contact also your technical support.';
292
293 print "\n".'<!--'."\n";
294 print $errormessage2;
295 print "\n".'-->';
296
297 // Add entry into the PHP server error log
298 if (function_exists('error_log')) {
299 error_log($errormessage.' '.substr($errormessage2, 2000));
300 }
301
302 // Note: No addition into security audit table is done because we don't want to execute code in such a case.
303 // Detection of too many such requests can be done with a fail2ban rule on 403 error code or into the PHP server error log.
304
305
306 if (class_exists('PHPUnit\Framework\TestSuite')) {
307 $message = $errormessage.' '.substr($errormessage2, 2000);
308 throw new Exception("Security injection exception: $message");
309 }
310 exit;
311 } else {
312 return false;
313 }
314 }
315 }
316 return true;
317 } else {
318 return (testSqlAndScriptInject($var, $type) <= 0);
319 }
320}
321
322// To disable the WAF for GET and POST and PHP_SELF, uncomment this
323//define('NOSCANPHPSELFFORINJECTION', 1);
324//define('NOSCANGETFORINJECTION', 1);
325//define('NOSCANPOSTFORINJECTION', 1 or 2);
326
327// Check consistency of NOREQUIREXXX DEFINES
328if ((defined('NOREQUIREDB') || defined('NOREQUIRETRAN')) && !defined('NOREQUIREMENU')) {
329 print 'If define NOREQUIREDB or NOREQUIRETRAN are set, you must also set NOREQUIREMENU or not set them.';
330 exit;
331}
332if (defined('NOREQUIREUSER') && !defined('NOREQUIREMENU')) {
333 print 'If define NOREQUIREUSER is set, you must also set NOREQUIREMENU or not set it.';
334 exit;
335}
336
337// Sanity check on URL
338if (!defined('NOSCANPHPSELFFORINJECTION') && !empty($_SERVER["PHP_SELF"])) {
339 $morevaltochecklikepost = array($_SERVER["PHP_SELF"]);
340 analyseVarsForSqlAndScriptsInjection($morevaltochecklikepost, 2);
341}
342// Sanity check on GET parameters
343if (!defined('NOSCANGETFORINJECTION') && !empty($_SERVER["QUERY_STRING"])) {
344 // Note: QUERY_STRING is url encoded, but $_GET and $_POST are already decoded
345 // Because the analyseVarsForSqlAndScriptsInjection is designed for already url decoded value, we must decode QUERY_STRING
346 // Another solution is to provide $_GET as parameter with analyseVarsForSqlAndScriptsInjection($_GET, 1);
347 $morevaltochecklikeget = array(urldecode($_SERVER["QUERY_STRING"]));
348 analyseVarsForSqlAndScriptsInjection($morevaltochecklikeget, 1);
349}
350// Sanity check on POST
351if (!defined('NOSCANPOSTFORINJECTION') || is_array(constant('NOSCANPOSTFORINJECTION'))) {
353}
354
355// This is to make Dolibarr working with Plesk
356if (!empty($_SERVER['DOCUMENT_ROOT']) && substr($_SERVER['DOCUMENT_ROOT'], -6) !== 'htdocs') {
357 set_include_path($_SERVER['DOCUMENT_ROOT'].'/htdocs');
358}
359
360// Include the conf.php and functions.lib.php and security.lib.php. This defined the constants like DOL_DOCUMENT_ROOT, DOL_DATA_ROOT, DOL_URL_ROOT...
361require_once 'filefunc.inc.php';
362
363// If there is a POST parameter to tell to save automatically some POST parameters into cookies, we do it.
364// This is used for example by form of boxes to save personalization of some options.
365// DOL_AUTOSET_COOKIE=cookiename:val1,val2 and cookiename_val1=aaa cookiename_val2=bbb will set cookie_name with value json_encode(array('val1'=> , ))
366if (GETPOST("DOL_AUTOSET_COOKIE")) {
367 $tmpautoset = explode(':', GETPOST("DOL_AUTOSET_COOKIE"), 2);
368 $tmplist = explode(',', $tmpautoset[1]);
369 $cookiearrayvalue = array();
370 foreach ($tmplist as $tmpkey) {
371 $postkey = $tmpautoset[0].'_'.$tmpkey;
372 //var_dump('tmpkey='.$tmpkey.' postkey='.$postkey.' value='.GETPOST($postkey);
373 if (GETPOST($postkey)) {
374 $cookiearrayvalue[$tmpkey] = GETPOST($postkey);
375 }
376 }
377 $cookiename = $tmpautoset[0];
378 $cookievalue = json_encode($cookiearrayvalue);
379 //var_dump('setcookie cookiename='.$cookiename.' cookievalue='.$cookievalue);
380 if (PHP_VERSION_ID < 70300) {
381 setcookie($cookiename, empty($cookievalue) ? '' : $cookievalue, empty($cookievalue) ? 0 : (time() + (86400 * 354)), '/', '', ((empty($dolibarr_main_force_https) && isHTTPS() === false) ? false : true), true); // keep cookie 1 year and add tag httponly
382 } else {
383 // Only available for php >= 7.3
384 $cookieparams = array(
385 'expires' => empty($cookievalue) ? 0 : (time() + (86400 * 354)),
386 'path' => '/',
387 //'domain' => '.mywebsite.com', // the dot at the beginning allows compatibility with subdomains
388 'secure' => ((empty($dolibarr_main_force_https) && isHTTPS() === false) ? false : true),
389 'httponly' => true,
390 'samesite' => 'Lax' // None || Lax || Strict
391 );
392 setcookie($cookiename, empty($cookievalue) ? '' : $cookievalue, $cookieparams);
393 }
394 if (empty($cookievalue)) {
395 unset($_COOKIE[$cookiename]);
396 }
397}
398
399// Set the handler of session
400// if (ini_get('session.save_handler') == 'user')
401if (!empty($php_session_save_handler) && $php_session_save_handler == 'db') {
402 require_once 'core/lib/phpsessionin'.$php_session_save_handler.'.lib.php';
403}
404
405// Init session. Name of session is specific to Dolibarr instance.
406// Must be done after the include of filefunc.inc.php so global variables of conf file are defined (like $dolibarr_main_instance_unique_id or $dolibarr_main_force_https).
407// Note: the function dol_getprefix() is defined into functions.lib.php but may have been defined to return a different key to manage another area to protect.
408$prefix = dol_getprefix('');
409$sessionname = 'DOLSESSID_'.$prefix;
410$sessiontimeout = 'DOLSESSTIMEOUT_'.$prefix;
411if (!empty($_COOKIE[$sessiontimeout])) {
412 ini_set('session.gc_maxlifetime', $_COOKIE[$sessiontimeout]);
413}
414
415// This create lock, released by session_write_close() or end of page.
416// We need this lock as long as we read/write $_SESSION ['vars']. We can remove lock when finished.
417if (!defined('NOSESSION')) {
418 if (PHP_VERSION_ID < 70300) {
419 session_set_cookie_params(0, '/', null, ((empty($dolibarr_main_force_https) && isHTTPS() === false) ? false : true), true); // Add tag secure and httponly on session cookie (same as setting session.cookie_httponly into php.ini). Must be called before the session_start.
420 } else {
421 // Only available for php >= 7.3
422 $sessioncookieparams = array(
423 'lifetime' => 0,
424 'path' => '/',
425 //'domain' => '.mywebsite.com', // the dot at the beginning allows compatibility with subdomains
426 'secure' => ((empty($dolibarr_main_force_https) && isHTTPS() === false) ? false : true),
427 'httponly' => true,
428 'samesite' => 'Lax' // None || Lax || Strict
429 );
430 session_set_cookie_params($sessioncookieparams);
431 }
432 session_name($sessionname);
433 dol_session_start(); // This call the open and read of session handler
434 //exit; // this exist generates a call to write and close
435}
436
437
438// Init the 6 global objects, this include will make the 'new Xxx()' and set properties for: $conf, $db, $langs, $user, $mysoc, $hookmanager
439require_once 'master.inc.php';
440
441// Uncomment this and set session.save_handler = user to use local session storing
442// include DOL_DOCUMENT_ROOT.'/core/lib/phpsessionindb.inc.php
443
444// If software has been locked. Only login $conf->global->MAIN_ONLY_LOGIN_ALLOWED is allowed.
445if (getDolGlobalString('MAIN_ONLY_LOGIN_ALLOWED')) {
446 $ok = 0;
447 if ((!session_id() || !isset($_SESSION["dol_login"])) && !isset($_POST["username"]) && !empty($_SERVER["GATEWAY_INTERFACE"])) {
448 $ok = 1; // We let working pages if not logged and inside a web browser (login form, to allow login by admin)
449 } elseif (isset($_POST["username"]) && $_POST["username"] == $conf->global->MAIN_ONLY_LOGIN_ALLOWED) {
450 $ok = 1; // We let working pages that is a login submission (login submit, to allow login by admin)
451 } elseif (defined('NOREQUIREDB')) {
452 $ok = 1; // We let working pages that don't need database access (xxx.css.php)
453 } elseif (defined('EVEN_IF_ONLY_LOGIN_ALLOWED')) {
454 $ok = 1; // We let working pages that ask to work even if only login enabled (logout.php)
455 } elseif (session_id() && isset($_SESSION["dol_login"]) && $_SESSION["dol_login"] == $conf->global->MAIN_ONLY_LOGIN_ALLOWED) {
456 $ok = 1; // We let working if user is allowed admin
457 }
458 if (!$ok) {
459 if (session_id() && isset($_SESSION["dol_login"]) && $_SESSION["dol_login"] != $conf->global->MAIN_ONLY_LOGIN_ALLOWED) {
460 print 'Sorry, your application is offline.'."\n";
461 print 'You are logged with user "'.$_SESSION["dol_login"].'" and only administrator user "' . getDolGlobalString('MAIN_ONLY_LOGIN_ALLOWED').'" is allowed to connect for the moment.'."\n";
462 $nexturl = DOL_URL_ROOT.'/user/logout.php?token='.newToken();
463 print 'Please try later or <a href="'.$nexturl.'">click here to disconnect and change login user</a>...'."\n";
464 } else {
465 print 'Sorry, your application is offline. Only administrator user "' . getDolGlobalString('MAIN_ONLY_LOGIN_ALLOWED').'" is allowed to connect for the moment.'."\n";
466 $nexturl = DOL_URL_ROOT.'/';
467 print 'Please try later or <a href="'.$nexturl.'">click here to change login user</a>...'."\n";
468 }
469 exit;
470 }
471}
472
473
474// Activate end of page function
475register_shutdown_function('dol_shutdown');
476
477// Load debugbar
478if (isModEnabled('debugbar') && !GETPOST('dol_use_jmobile') && empty($_SESSION['dol_use_jmobile'])) {
479 global $debugbar;
480 include_once DOL_DOCUMENT_ROOT.'/debugbar/class/DebugBar.php';
481 $debugbar = new DolibarrDebugBar();
482 $renderer = $debugbar->getJavascriptRenderer();
483 if (!getDolGlobalString('MAIN_HTML_HEADER')) {
484 $conf->global->MAIN_HTML_HEADER = '';
485 }
486 $conf->global->MAIN_HTML_HEADER .= $renderer->renderHead();
487
488 $debugbar['time']->startMeasure('pageaftermaster', 'Page generation (after environment init)');
489}
490
491// Detection browser
492if (isset($_SERVER["HTTP_USER_AGENT"])) {
493 $tmp = getBrowserInfo($_SERVER["HTTP_USER_AGENT"]);
494 $conf->browser->name = $tmp['browsername'];
495 $conf->browser->os = $tmp['browseros'];
496 $conf->browser->version = $tmp['browserversion'];
497 $conf->browser->ua = $tmp['browserua'];
498 $conf->browser->layout = $tmp['layout']; // 'classic', 'phone', 'tablet'
499 //var_dump($conf->browser);
500
501 if ($conf->browser->layout == 'phone') {
502 $conf->dol_no_mouse_hover = 1;
503 }
504}
505
506// If theme is forced
507if (GETPOST('theme', 'aZ09')) {
508 $conf->theme = GETPOST('theme', 'aZ09');
509 $conf->css = "/theme/".$conf->theme."/style.css.php";
510}
511
512// Set global MAIN_OPTIMIZEFORTEXTBROWSER (must be before login part)
513if (GETPOSTINT('textbrowser') || (!empty($conf->browser->name) && $conf->browser->name == 'textbrowser')) { // If we must enable text browser
514 $conf->global->MAIN_OPTIMIZEFORTEXTBROWSER = 2;
515}
516
517// Force HTTPS if required ($conf->file->main_force_https is 0/1 or 'https dolibarr root url')
518// $_SERVER["HTTPS"] is 'on' when link is https, otherwise $_SERVER["HTTPS"] is empty or 'off'
519if (!empty($conf->file->main_force_https) && !isHTTPS() && !defined('NOHTTPSREDIRECT')) {
520 $newurl = '';
521 if (is_numeric($conf->file->main_force_https)) {
522 if ($conf->file->main_force_https == '1' && !empty($_SERVER["SCRIPT_URI"])) { // If SCRIPT_URI supported by server
523 if (preg_match('/^http:/i', $_SERVER["SCRIPT_URI"]) && !preg_match('/^https:/i', $_SERVER["SCRIPT_URI"])) { // If link is http
524 $newurl = preg_replace('/^http:/i', 'https:', $_SERVER["SCRIPT_URI"]);
525 }
526 } else {
527 // Check HTTPS environment variable (Apache/mod_ssl only)
528 $newurl = preg_replace('/^http:/i', 'https:', DOL_MAIN_URL_ROOT).$_SERVER["REQUEST_URI"];
529 }
530 } else {
531 // Check HTTPS environment variable (Apache/mod_ssl only)
532 $newurl = $conf->file->main_force_https.$_SERVER["REQUEST_URI"];
533 }
534 // Start redirect
535 if ($newurl) {
536 header_remove(); // Clean header already set to be sure to remove any header like "Set-Cookie: DOLSESSID_..." from non HTTPS answers
537 dol_syslog("main.inc: dolibarr_main_force_https is on, we make a redirect to ".$newurl);
538 header("Location: ".$newurl);
539 exit;
540 } else {
541 dol_syslog("main.inc: dolibarr_main_force_https is on but we failed to forge new https url so no redirect is done", LOG_WARNING);
542 }
543}
544
545if (!defined('NOLOGIN') && !defined('NOIPCHECK') && !empty($dolibarr_main_restrict_ip)) {
546 $listofip = explode(',', $dolibarr_main_restrict_ip);
547 $found = false;
548 foreach ($listofip as $ip) {
549 $ip = trim($ip);
550 if ($ip == $_SERVER['REMOTE_ADDR']) {
551 $found = true;
552 break;
553 }
554 }
555 if (!$found) {
556 print 'Access refused by IP protection. Your detected IP is '.$_SERVER['REMOTE_ADDR'];
557 exit;
558 }
559}
560
561// Loading of additional presentation includes
562if (!defined('NOREQUIREHTML')) {
563 require_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php'; // Need 660ko memory (800ko in 2.2)
564}
565if (!defined('NOREQUIREAJAX')) {
566 require_once DOL_DOCUMENT_ROOT.'/core/lib/ajax.lib.php'; // Need 22ko memory
567}
568
569// If install or upgrade process not done or not completely finished, we call the install page.
570if (getDolGlobalString('MAIN_NOT_INSTALLED') || getDolGlobalString('MAIN_NOT_UPGRADED')) {
571 dol_syslog("main.inc: A previous install or upgrade was not complete. Redirect to install page.", LOG_WARNING);
572 header("Location: ".DOL_URL_ROOT."/install/index.php");
573 exit;
574}
575// If an upgrade process is required, we call the install page.
576$checkifupgraderequired = false;
577if (getDolGlobalString('MAIN_VERSION_LAST_UPGRADE') && getDolGlobalString('MAIN_VERSION_LAST_UPGRADE') != DOL_VERSION) {
578 $checkifupgraderequired = true;
579}
580if (!getDolGlobalString('MAIN_VERSION_LAST_UPGRADE') && getDolGlobalString('MAIN_VERSION_LAST_INSTALL') && getDolGlobalString('MAIN_VERSION_LAST_INSTALL') != DOL_VERSION) {
581 $checkifupgraderequired = true;
582}
583if ($checkifupgraderequired) {
584 $versiontocompare = getDolGlobalString('MAIN_VERSION_LAST_UPGRADE', getDolGlobalString('MAIN_VERSION_LAST_INSTALL'));
585 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
586 $dolibarrversionlastupgrade = preg_split('/[.-]/', $versiontocompare);
587 $dolibarrversionprogram = preg_split('/[.-]/', DOL_VERSION);
588 $rescomp = versioncompare($dolibarrversionprogram, $dolibarrversionlastupgrade);
589 if ($rescomp > 0) { // Programs have a version higher than database.
590 if (!getDolGlobalString('MAIN_NO_UPGRADE_REDIRECT_ON_LEVEL_3_CHANGE') || $rescomp < 3) {
591 // We did not add "&& $rescomp < 3" because we want upgrade process for build upgrades
592 dol_syslog("main.inc: database version ".$versiontocompare." is lower than programs version ".DOL_VERSION.". Redirect to install/upgrade page.", LOG_WARNING);
593 if (php_sapi_name() === "cli") {
594 print "main.inc: database version ".$versiontocompare." is lower than programs version ".DOL_VERSION.". Try to run upgrade process.\n";
595 } else {
596 header("Location: ".DOL_URL_ROOT."/install/index.php");
597 }
598 exit;
599 }
600 }
601}
602
603// Creation of a token against CSRF vulnerabilities
604if (!defined('NOTOKENRENEWAL') && !defined('NOSESSION')) {
605 // No token renewal on .css.php, .js.php and .json.php (even if the NOTOKENRENEWAL was not provided)
606 if (!preg_match('/\.(css|js|json)\.php$/', $_SERVER["PHP_SELF"])) {
607 // Rolling token at each call ($_SESSION['token'] contains token of previous page)
608 if (isset($_SESSION['newtoken'])) {
609 $_SESSION['token'] = $_SESSION['newtoken'];
610 }
611
612 if (!isset($_SESSION['newtoken']) || getDolGlobalInt('MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL')) {
613 // Note: Using MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL is not recommended: if a user succeed in entering a data from
614 // a public page with a link that make a token regeneration, it can make use of the backoffice no more possible !
615 // Save in $_SESSION['newtoken'] what will be next token. Into forms, we will add param token = $_SESSION['newtoken']
616 $token = dol_hash(uniqid((string) mt_rand(), false), 'md5'); // Generates a hash of a random number. We don't need a secured hash, just a changing random value.
617 $_SESSION['newtoken'] = $token;
618 dol_syslog("NEW TOKEN generated by : ".$_SERVER['PHP_SELF'], LOG_DEBUG);
619 }
620 }
621}
622
623//dol_syslog("CSRF info: ".defined('NOCSRFCHECK')." - ".$dolibarr_nocsrfcheck." - ".$conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN." - ".$_SERVER['REQUEST_METHOD']." - ".GETPOST('token', 'alpha'));
624
625// Check validity of token, only if option MAIN_SECURITY_CSRF_WITH_TOKEN enabled or if constant CSRFCHECK_WITH_TOKEN is set into page
626if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt('MAIN_SECURITY_CSRF_WITH_TOKEN')) || defined('CSRFCHECK_WITH_TOKEN')) {
627 // Array of action code where CSRFCHECK with token will be forced (so token must be provided on url request)
628 $sensitiveget = false;
629 if ((GETPOSTISSET('massaction') || GETPOST('action', 'aZ09')) && getDolGlobalInt('MAIN_SECURITY_CSRF_WITH_TOKEN') >= 3) {
630 // All GET actions (except the listed exceptions that are usually post for pre-actions and not real action) and mass actions are processed as sensitive.
631 if (GETPOSTISSET('massaction') || !in_array(GETPOST('action', 'aZ09'), array('create', 'createsite', 'createcard', 'edit', 'editcontract', 'editvalidator', 'file_manager', 'presend', 'presend_addmessage', 'preview', 'reconcile', 'specimen'))) { // We exclude some action that are not sensitive so legitimate
632 $sensitiveget = true;
633 }
634 } elseif (getDolGlobalInt('MAIN_SECURITY_CSRF_WITH_TOKEN') >= 2) {
635 // Few GET actions coded with a &token into url are also processed as sensitive.
636 $arrayofactiontoforcetokencheck = array(
637 'activate',
638 'doprev', 'donext', 'dvprev', 'dvnext',
639 'freezone', 'install',
640 'reopen'
641 );
642 if (in_array(GETPOST('action', 'aZ09'), $arrayofactiontoforcetokencheck)) {
643 $sensitiveget = true;
644 }
645 // We also need a valid token for actions matching one of these values
646 if (preg_match('/^(confirm_)?(add|classify|close|confirm|copy|del|disable|enable|remove|set|unset|update|save)/', GETPOST('action', 'aZ09'))) {
647 $sensitiveget = true;
648 }
649 }
650
651 // Check a token is provided for all cases that need a mandatory token
652 // (all POST actions + all sensitive GET actions + all mass actions + all login/actions/logout on pages with CSRFCHECK_WITH_TOKEN set)
653 if (
654 (!empty($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'POST') ||
655 $sensitiveget ||
656 GETPOSTISSET('massaction') ||
657 ((GETPOSTISSET('actionlogin') || GETPOSTISSET('action')) && defined('CSRFCHECK_WITH_TOKEN'))
658 ) {
659 // If token is not provided or empty, error (we are in case it is mandatory)
660 if (!GETPOST('token', 'alpha') || GETPOST('token', 'alpha') == 'notrequired') {
661 top_httphead();
662 if (GETPOSTINT('uploadform')) {
663 dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused. File size too large or not provided.");
664 $langs->loadLangs(array("errors", "install"));
665 print $langs->trans("ErrorFileSizeTooLarge").' ';
666 print $langs->trans("ErrorGoBackAndCorrectParameters");
667 } else {
668 http_response_code(403);
669 if (defined('CSRFCHECK_WITH_TOKEN')) {
670 dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (CSRFCHECK_WITH_TOKEN protection) in main.inc.php. Token not provided.", LOG_WARNING);
671 print "Access to a page that needs a token (constant CSRFCHECK_WITH_TOKEN is defined) is refused by CSRF protection in main.inc.php. Token not provided.\n";
672 } else {
673 dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (POST method or GET with a sensible value for 'action' parameter) in main.inc.php. Token not provided.", LOG_WARNING);
674 print "Access to this page this way (POST method or GET with a sensible value for 'action' parameter) is refused by CSRF protection in main.inc.php. Token not provided.\n";
675 print "If you access your server behind a proxy using url rewriting and the parameter is provided by caller, you might check that all HTTP header are propagated (or add the line \$dolibarr_nocsrfcheck=1 into your conf.php file or MAIN_SECURITY_CSRF_WITH_TOKEN to 0";
676 if (getDolGlobalString('MAIN_SECURITY_CSRF_WITH_TOKEN')) {
677 print " instead of " . getDolGlobalString('MAIN_SECURITY_CSRF_WITH_TOKEN');
678 }
679 print " into setup).\n";
680 }
681 }
682 die;
683 }
684 }
685
686 $sessiontokenforthisurl = (empty($_SESSION['token']) ? '' : $_SESSION['token']);
687 // TODO Get the sessiontokenforthisurl into an array of session token (one array per base URL so we can use the CSRF per page and we keep ability for several tabs per url in a browser)
688 if (GETPOSTISSET('token') && GETPOST('token') != 'notrequired' && GETPOST('token', 'alpha') != $sessiontokenforthisurl) {
689 dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (invalid token), so we disable POST and some GET parameters - referrer=".(empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']).", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha'), LOG_WARNING);
690 //dol_syslog("_SESSION['token']=".$sessiontokenforthisurl, LOG_DEBUG);
691 // Do not output anything on standard output because this create problems when using the BACK button on browsers. So we just set a message into session.
692 if (!defined('NOTOKENRENEWAL')) {
693 // If the page is not a page that disable the token renewal, we report a warning message to explain token has epired.
694 setEventMessages('SecurityTokenHasExpiredSoActionHasBeenCanceledPleaseRetry', null, 'warnings', '', 1);
695 }
696 $savid = null;
697 if (isset($_POST['id'])) {
698 $savid = ((int) $_POST['id']);
699 }
700 unset($_POST);
701 unset($_GET['confirm']);
702 unset($_GET['action']);
703 unset($_GET['confirmmassaction']);
704 unset($_GET['massaction']);
705 unset($_GET['token']); // TODO Make a redirect if we have a token in url to remove it ?
706 if (isset($savid)) {
707 $_POST['id'] = ((int) $savid);
708 }
709 // So rest of code can know something was wrong here
710 $_GET['errorcode'] = 'InvalidToken';
711 }
712
713 // Note: There is another CSRF protection into the filefunc.inc.php
714}
715
716// Disable modules (this must be after session_start and after conf has been loaded)
717if (GETPOSTISSET('disablemodules')) {
718 $_SESSION["disablemodules"] = GETPOST('disablemodules', 'alpha');
719}
720if (!empty($_SESSION["disablemodules"])) {
721 $modulepartkeys = array('css', 'js', 'tabs', 'triggers', 'login', 'substitutions', 'menus', 'theme', 'sms', 'tpl', 'barcode', 'models', 'societe', 'hooks', 'dir', 'syslog', 'tpllinkable', 'contactelement', 'moduleforexternal', 'websitetemplates');
722
723 $disabled_modules = explode(',', $_SESSION["disablemodules"]);
724 foreach ($disabled_modules as $module) {
725 if ($module) {
726 if (empty($conf->$module)) {
727 $conf->$module = new stdClass(); // To avoid warnings
728 }
729 $conf->$module->enabled = false;
730 foreach ($modulepartkeys as $modulepartkey) {
731 unset($conf->modules_parts[$modulepartkey][$module]);
732 }
733 if ($module == 'fournisseur') { // Special case
734 $conf->supplier_order->enabled = 0;
735 $conf->supplier_invoice->enabled = 0;
736 }
737 }
738 }
739}
740
741// Set current modulepart
742$modulepart = explode("/", $_SERVER["PHP_SELF"]);
743if (is_array($modulepart) && count($modulepart) > 0) {
744 foreach ($conf->modules as $module) {
745 if (in_array($module, $modulepart)) {
746 $modulepart = $module;
747 break;
748 }
749 }
750}
751if (is_array($modulepart)) {
752 $modulepart = '';
753}
754
755
756/*
757 * Phase authentication / login
758 */
759
760$login = '';
761$error = 0;
762if (!defined('NOLOGIN')) {
763 // $authmode lists the different method of identification to be tested in order of preference.
764 // Example: 'http', 'dolibarr', 'ldap', 'http,forceuser', '...'
765
766 if (defined('MAIN_AUTHENTICATION_MODE')) {
767 $dolibarr_main_authentication = constant('MAIN_AUTHENTICATION_MODE');
768 } else {
769 // Authentication mode
770 if (empty($dolibarr_main_authentication)) {
771 $dolibarr_main_authentication = 'dolibarr';
772 }
773 // Authentication mode: forceuser
774 if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) {
775 $dolibarr_auto_user = 'auto';
776 }
777 }
778 // Set authmode
779 $authmode = explode(',', $dolibarr_main_authentication);
780
781 // No authentication mode
782 if (!count($authmode)) {
783 $langs->load('main');
784 dol_print_error(null, $langs->trans("ErrorConfigParameterNotDefined", 'dolibarr_main_authentication'));
785 exit;
786 }
787
788 // If login request was already post, we retrieve login from the session
789 // Call module if not realized that his request.
790 // At the end of this phase, the variable $login is defined.
791 $resultFetchUser = '';
792 $test = true;
793 if (!isset($_SESSION["dol_login"])) {
794 // It is not already authenticated and it requests the login / password
795 include_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
796
797 $dol_dst_observed = GETPOSTINT("dst_observed", 3);
798 $dol_dst_first = GETPOSTINT("dst_first", 3);
799 $dol_dst_second = GETPOSTINT("dst_second", 3);
800 $dol_screenwidth = GETPOSTINT("screenwidth", 3);
801 $dol_screenheight = GETPOSTINT("screenheight", 3);
802 $dol_hide_topmenu = GETPOSTINT('dol_hide_topmenu', 3);
803 $dol_hide_leftmenu = GETPOSTINT('dol_hide_leftmenu', 3);
804 $dol_optimize_smallscreen = GETPOSTINT('dol_optimize_smallscreen', 3);
805 $dol_no_mouse_hover = GETPOSTINT('dol_no_mouse_hover', 3);
806 $dol_use_jmobile = GETPOSTINT('dol_use_jmobile', 3); // 0=default, 1=to say we use app from a webview app, 2=to say we use app from a webview app and keep ajax
807
808 // If in demo mode, we check we go to home page through the public/demo/index.php page
809 if (!empty($dolibarr_main_demo) && $_SERVER['PHP_SELF'] == DOL_URL_ROOT.'/index.php') { // We ask index page
810 if (empty($_SERVER['HTTP_REFERER']) || !preg_match('/public/', $_SERVER['HTTP_REFERER'])) {
811 dol_syslog("Call index page from another url than demo page (call is done from page ".(empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFER']).")");
812 $url = '';
813 $url .= ($url ? '&' : '').($dol_hide_topmenu ? 'dol_hide_topmenu='.$dol_hide_topmenu : '');
814 $url .= ($url ? '&' : '').($dol_hide_leftmenu ? 'dol_hide_leftmenu='.$dol_hide_leftmenu : '');
815 $url .= ($url ? '&' : '').($dol_optimize_smallscreen ? 'dol_optimize_smallscreen='.$dol_optimize_smallscreen : '');
816 $url .= ($url ? '&' : '').($dol_no_mouse_hover ? 'dol_no_mouse_hover='.$dol_no_mouse_hover : '');
817 $url .= ($url ? '&' : '').($dol_use_jmobile ? 'dol_use_jmobile='.$dol_use_jmobile : '');
818 $url = DOL_URL_ROOT.'/public/demo/index.php'.($url ? '?'.$url : '');
819 header("Location: ".$url);
820 exit;
821 }
822 }
823
824 // Hooks for security access
825 $action = '';
826 $hookmanager->initHooks(array('login'));
827 $parameters = array();
828 $reshook = $hookmanager->executeHooks('beforeLoginAuthentication', $parameters, $user, $action); // Note that $action and $object may have been modified by some hooks
829 if ($reshook < 0) {
830 $test = false;
831 $error++;
832 }
833
834 // Verification security graphic code
835 if ($test && GETPOST("username", "alpha", 2) && getDolGlobalString('MAIN_SECURITY_ENABLECAPTCHA') && !isset($_SESSION['dol_bypass_antispam'])) {
836 $sessionkey = 'dol_antispam_value';
837 $ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) === strtolower(GETPOST('code', 'restricthtml'))));
838
839 // Check code
840 if (!$ok) {
841 dol_syslog('Bad value for code, connection refused', LOG_NOTICE);
842 // Load translation files required by page
843 $langs->loadLangs(array('main', 'errors'));
844
845 $_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorBadValueForCode");
846 $test = false;
847
848 // Call trigger for the "security events" log
849 $user->context['audit'] = 'ErrorBadValueForCode - login='.GETPOST("username", "alpha", 2);
850
851 // Call trigger
852 $result = $user->call_trigger('USER_LOGIN_FAILED', $user);
853 if ($result < 0) {
854 $error++;
855 }
856 // End call triggers
857
858 // Hooks on failed login
859 $action = '';
860 $hookmanager->initHooks(array('login'));
861 $parameters = array('dol_authmode' => $authmode, 'dol_loginmesg' => $_SESSION["dol_loginmesg"]);
862 $reshook = $hookmanager->executeHooks('afterLoginFailed', $parameters, $user, $action); // Note that $action and $object may have been modified by some hooks
863 if ($reshook < 0) {
864 $error++;
865 }
866
867 // Note: exit is done later
868 }
869 }
870
871 $allowedmethodtopostusername = 3;
872 if (defined('MAIN_AUTHENTICATION_POST_METHOD')) {
873 $allowedmethodtopostusername = constant('MAIN_AUTHENTICATION_POST_METHOD'); // Note a value of 2 is not compatible with some authentication methods that put username as GET parameter
874 }
875 // TODO Remove use of $_COOKIE['login_dolibarr'] ? Replace $usertotest = with $usertotest = GETPOST("username", "alpha", $allowedmethodtopostusername);
876 $usertotest = (!empty($_COOKIE['login_dolibarr']) ? preg_replace('/[^a-zA-Z0-9_@\-\.]/', '', $_COOKIE['login_dolibarr']) : GETPOST("username", "alpha", $allowedmethodtopostusername));
877 $passwordtotest = GETPOST('password', 'none', $allowedmethodtopostusername);
878 $entitytotest = (GETPOSTINT('entity') ? GETPOSTINT('entity') : (!empty($conf->entity) ? $conf->entity : 1));
879
880 // Define if we received the correct data to go into the test of the login with the checkLoginPassEntity().
881 $goontestloop = false;
882 if (isset($_SERVER["REMOTE_USER"]) && in_array('http', $authmode)) { // For http basic login test
883 $goontestloop = true;
884 }
885 if ($dolibarr_main_authentication == 'forceuser' && !empty($dolibarr_auto_user)) { // For automatic login with a forced user
886 $goontestloop = true;
887 }
888 if (GETPOST("username", "alpha", $allowedmethodtopostusername)) { // For posting the login form
889 $goontestloop = true;
890 }
891 if (GETPOST('openid_mode', 'alpha', 1)) { // For openid_connect ?
892 $goontestloop = true;
893 }
894 if (GETPOST('beforeoauthloginredirect') || GETPOST('afteroauthloginreturn')) { // For oauth login
895 $goontestloop = true;
896 }
897 if (!empty($_COOKIE['login_dolibarr'])) { // TODO For ? Remove this ?
898 $goontestloop = true;
899 }
900
901 if (!is_object($langs)) { // This can occurs when calling page with NOREQUIRETRAN defined, however we need langs for error messages.
902 include_once DOL_DOCUMENT_ROOT.'/core/class/translate.class.php';
903 $langs = new Translate("", $conf);
904 $langcode = (GETPOST('lang', 'aZ09', 1) ? GETPOST('lang', 'aZ09', 1) : getDolGlobalString('MAIN_LANG_DEFAULT', 'auto'));
905 if (defined('MAIN_LANG_DEFAULT')) {
906 $langcode = constant('MAIN_LANG_DEFAULT');
907 }
908 $langs->setDefaultLang($langcode);
909 }
910
911 // Validation of login/pass/entity
912 // If ok, the variable login will be returned
913 // If error, we will put error message in session under the name dol_loginmesg
914 if ($test && $goontestloop && (GETPOST('actionlogin', 'aZ09') == 'login' || $dolibarr_main_authentication != 'dolibarr')) {
915 // Loop on each test mode defined into $authmode
916 // $authmode is an array for example: array('0'=>'dolibarr', '1'=>'googleoauth');
917 $oauthmodetotestarray = array('google');
918 foreach ($oauthmodetotestarray as $oauthmodetotest) {
919 if (in_array($oauthmodetotest.'oauth', $authmode)) { // This is an authmode that is currently qualified. Do we have to remove it ?
920 // If we click on the link to use OAuth authentication or if we goes after callback return, we do nothing
921 if (GETPOST('beforeoauthloginredirect') == $oauthmodetotest || GETPOST('afteroauthloginreturn')) {
922 // TODO Use: if (GETPOST('beforeoauthloginredirect') == $oauthmodetotest || GETPOST('afteroauthloginreturn') == $oauthmodetotest) {
923 continue;
924 }
925 dol_syslog("User did not click on link for OAuth or is not on the OAuth return, so we disable check using ".$oauthmodetotest);
926 foreach ($authmode as $tmpkey => $tmpval) {
927 if ($tmpval == $oauthmodetotest.'oauth') {
928 unset($authmode[$tmpkey]);
929 break;
930 }
931 }
932 }
933 }
934
935 // Check login for all qualified modes in array $authmode.
936 $login = checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode);
937 if ($login === '--bad-login-validity--') {
938 $login = '';
939 }
940
941 $dol_authmode = '';
942
943 if ($login) {
944 $dol_authmode = $conf->authmode; // This properties is defined only when logged, to say what mode was successfully used
945 $dol_tz = empty($_POST["tz"]) ? (empty($_SESSION["tz"]) ? '' : $_SESSION["tz"]) : $_POST["tz"];
946 $dol_tz_string = empty($_POST["tz_string"]) ? (empty($_SESSION["tz_string"]) ? '' : $_SESSION["tz_string"]) : $_POST["tz_string"];
947 $dol_tz_string = preg_replace('/\s*\‍(.+\‍)$/', '', $dol_tz_string);
948 $dol_tz_string = preg_replace('/,/', '/', $dol_tz_string);
949 $dol_tz_string = preg_replace('/\s/', '_', $dol_tz_string);
950 $dol_dst = 0;
951 // Keep $_POST here. Do not use GETPOSTISSET
952 $dol_dst_first = empty($_POST["dst_first"]) ? (empty($_SESSION["dst_first"]) ? '' : $_SESSION["dst_first"]) : $_POST["dst_first"];
953 $dol_dst_second = empty($_POST["dst_second"]) ? (empty($_SESSION["dst_second"]) ? '' : $_SESSION["dst_second"]) : $_POST["dst_second"];
954 if ($dol_dst_first && $dol_dst_second) {
955 include_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
956 $datenow = dol_now();
957 $datefirst = dol_stringtotime($dol_dst_first);
958 $datesecond = dol_stringtotime($dol_dst_second);
959 if ($datenow >= $datefirst && $datenow < $datesecond) {
960 $dol_dst = 1;
961 }
962 }
963 $dol_screenheight = empty($_POST["screenheight"]) ? (empty($_SESSION["dol_screenheight"]) ? '' : $_SESSION["dol_screenheight"]) : $_POST["screenheight"];
964 $dol_screenwidth = empty($_POST["screenwidth"]) ? (empty($_SESSION["dol_screenwidth"]) ? '' : $_SESSION["dol_screenwidth"]) : $_POST["screenwidth"];
965 //print $datefirst.'-'.$datesecond.'-'.$datenow.'-'.$dol_tz.'-'.$dol_tzstring.'-'.$dol_dst.'-'.sdol_screenheight.'-'.sdol_screenwidth; exit;
966 }
967
968 if (!$login) {
969 dol_syslog('Bad password, connection refused (see a previous notice message for more info)', LOG_NOTICE);
970 // Load translation files required by page
971 $langs->loadLangs(array('main', 'errors'));
972
973 // Bad password. No authmode has found a good password.
974 // We set a generic message if not defined inside function checkLoginPassEntity or subfunctions
975 if (empty($_SESSION["dol_loginmesg"])) {
976 $_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorBadLoginPassword");
977 }
978
979 // Call trigger for the "security events" log
980 $user->context['audit'] = $langs->trans("ErrorBadLoginPassword").' - login='.GETPOST("username", "alpha", 2);
981
982 // Call trigger
983 $result = $user->call_trigger('USER_LOGIN_FAILED', $user);
984 if ($result < 0) {
985 $error++;
986 }
987 // End call triggers
988
989 // Hooks on failed login
990 $action = '';
991 $hookmanager->initHooks(array('login'));
992 $parameters = array('dol_authmode' => $dol_authmode, 'dol_loginmesg' => $_SESSION["dol_loginmesg"]);
993 $reshook = $hookmanager->executeHooks('afterLoginFailed', $parameters, $user, $action); // Note that $action and $object may have been modified by some hooks
994 if ($reshook < 0) {
995 $error++;
996 }
997
998 // Note: exit is done in next chapter
999 }
1000 }
1001
1002 // End test login / passwords
1003 if (!$login || (in_array('ldap', $authmode) && empty($passwordtotest))) { // With LDAP we refused empty password because some LDAP are "opened" for anonymous access so connection is a success.
1004 // No data to test login, so we show the login page.
1005 dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." - action=".GETPOST('action', 'aZ09')." - actionlogin=".GETPOST('actionlogin', 'aZ09')." - showing the login form and exit", LOG_NOTICE);
1006 if (defined('NOREDIRECTBYMAINTOLOGIN')) {
1007 // When used with NOREDIRECTBYMAINTOLOGIN set, the http header must already be set when including the main.
1008 // See example with selectsearchbox.php. This case is reserved for the selectesearchbox.php so we can
1009 // report a message to ask to login when search ajax component is used after a timeout.
1010 //top_httphead();
1011 return 'ERROR_NOT_LOGGED';
1012 } else {
1013 if (!empty($_SERVER["HTTP_USER_AGENT"]) && $_SERVER["HTTP_USER_AGENT"] == 'securitytest') {
1014 http_response_code(401); // It makes easier to understand if session was broken during security tests
1015 }
1016 dol_loginfunction($langs, $conf, (!empty($mysoc) ? $mysoc : '')); // This include http headers
1017 }
1018 exit;
1019 }
1020
1021 $resultFetchUser = $user->fetch('', $login, '', 1, ($entitytotest > 0 ? $entitytotest : -1)); // value for $login was retrieved previously when checking password.
1022 if ($resultFetchUser <= 0 || $user->isNotIntoValidityDateRange()) {
1023 dol_syslog('User not found or not valid, connection refused');
1024 session_destroy();
1025 session_set_cookie_params(0, '/', null, (empty($dolibarr_main_force_https) ? false : true), true); // Add tag secure and httponly on session cookie
1026 session_name($sessionname);
1028
1029 if ($resultFetchUser == 0) {
1030 // Load translation files required by page
1031 $langs->loadLangs(array('main', 'errors'));
1032
1033 $_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorCantLoadUserFromDolibarrDatabase", $login);
1034
1035 $user->context['audit'] = 'ErrorCantLoadUserFromDolibarrDatabase - login='.$login;
1036 } elseif ($resultFetchUser < 0) {
1037 $_SESSION["dol_loginmesg"] = $user->error;
1038
1039 $user->context['audit'] = $user->error;
1040 } else {
1041 // Load translation files required by the page
1042 $langs->loadLangs(array('main', 'errors'));
1043
1044 $_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorLoginDateValidity");
1045
1046 $user->context['audit'] = $langs->trans("ErrorLoginDateValidity").' - login='.$login;
1047 }
1048
1049 // Call trigger
1050 $result = $user->call_trigger('USER_LOGIN_FAILED', $user);
1051 if ($result < 0) {
1052 $error++;
1053 }
1054 // End call triggers
1055
1056
1057 // Hooks on failed login
1058 $action = '';
1059 $hookmanager->initHooks(array('login'));
1060 $parameters = array('dol_authmode' => $dol_authmode, 'dol_loginmesg' => $_SESSION["dol_loginmesg"]);
1061 $reshook = $hookmanager->executeHooks('afterLoginFailed', $parameters, $user, $action); // Note that $action and $object may have been modified by some hooks
1062 if ($reshook < 0) {
1063 $error++;
1064 }
1065
1066 $paramsurl = array();
1067 if (GETPOSTINT('textbrowser')) {
1068 $paramsurl[] = 'textbrowser='.GETPOSTINT('textbrowser');
1069 }
1070 if (GETPOSTINT('nojs')) {
1071 $paramsurl[] = 'nojs='.GETPOSTINT('nojs');
1072 }
1073 if (GETPOST('lang', 'aZ09')) {
1074 $paramsurl[] = 'lang='.GETPOST('lang', 'aZ09');
1075 }
1076 header('Location: '.DOL_URL_ROOT.'/index.php'.(count($paramsurl) ? '?'.implode('&', $paramsurl) : ''));
1077 exit;
1078 } else {
1079 // User is loaded, we may need to change language for him according to its choice
1080 if (!empty($user->conf->MAIN_LANG_DEFAULT)) {
1081 $langs->setDefaultLang($user->conf->MAIN_LANG_DEFAULT);
1082 }
1083 }
1084 } else {
1085 // We are already into an authenticated session
1086 $login = $_SESSION["dol_login"];
1087 $entity = isset($_SESSION["dol_entity"]) ? $_SESSION["dol_entity"] : 0;
1088 dol_syslog("- This is an already logged session. _SESSION['dol_login']=".$login." _SESSION['dol_entity']=".$entity, LOG_DEBUG);
1089
1090 $resultFetchUser = $user->fetch('', $login, '', 1, ($entity > 0 ? $entity : -1));
1091
1092 //var_dump(dol_print_date($user->flagdelsessionsbefore, 'dayhour', 'gmt')." ".dol_print_date($_SESSION["dol_logindate"], 'dayhour', 'gmt'));
1093
1094 if ($resultFetchUser <= 0
1095 || ($user->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION["dol_logindate"])
1096 || ($user->status != $user::STATUS_ENABLED)
1097 || ($user->isNotIntoValidityDateRange())) {
1098 if ($resultFetchUser <= 0) {
1099 // Account has been removed after login
1100 dol_syslog("Can't load user even if session logged. _SESSION['dol_login']=".$login, LOG_WARNING);
1101 } elseif ($user->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION["dol_logindate"]) {
1102 // Session is no more valid
1103 dol_syslog("The user has a date for session invalidation = ".$user->flagdelsessionsbefore." and a session date = ".$_SESSION["dol_logindate"].". We must invalidate its sessions.");
1104 } elseif ($user->status != $user::STATUS_ENABLED) {
1105 // User is not enabled
1106 dol_syslog("The user login is disabled");
1107 } else {
1108 // User validity dates are no more valid
1109 dol_syslog("The user login has a validity between [".$user->datestartvalidity." and ".$user->dateendvalidity."], current date is ".dol_now());
1110 }
1111 session_destroy();
1112 session_set_cookie_params(0, '/', null, (empty($dolibarr_main_force_https) ? false : true), true); // Add tag secure and httponly on session cookie
1113 session_name($sessionname);
1115
1116 if ($resultFetchUser == 0) {
1117 $langs->loadLangs(array('main', 'errors'));
1118
1119 $_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorCantLoadUserFromDolibarrDatabase", $login);
1120
1121 $user->context['audit'] = 'ErrorCantLoadUserFromDolibarrDatabase - login='.$login;
1122 } elseif ($resultFetchUser < 0) {
1123 $_SESSION["dol_loginmesg"] = $user->error;
1124
1125 $user->context['audit'] = $user->error;
1126 } else {
1127 $langs->loadLangs(array('main', 'errors'));
1128
1129 $_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorSessionInvalidatedAfterPasswordChange");
1130
1131 $user->context['audit'] = 'ErrorUserSessionWasInvalidated - login='.$login;
1132 }
1133
1134 // Call trigger
1135 $result = $user->call_trigger('USER_LOGIN_FAILED', $user);
1136 if ($result < 0) {
1137 $error++;
1138 }
1139 // End call triggers
1140
1141 // Hooks on failed login
1142 $action = '';
1143 $hookmanager->initHooks(array('login'));
1144 $parameters = array('dol_authmode' => (isset($dol_authmode) ? $dol_authmode : ''), 'dol_loginmesg' => $_SESSION["dol_loginmesg"]);
1145 $reshook = $hookmanager->executeHooks('afterLoginFailed', $parameters, $user, $action); // Note that $action and $object may have been modified by some hooks
1146 if ($reshook < 0) {
1147 $error++;
1148 }
1149
1150 $paramsurl = array();
1151 if (GETPOSTINT('textbrowser')) {
1152 $paramsurl[] = 'textbrowser='.GETPOSTINT('textbrowser');
1153 }
1154 if (GETPOSTINT('nojs')) {
1155 $paramsurl[] = 'nojs='.GETPOSTINT('nojs');
1156 }
1157 if (GETPOST('lang', 'aZ09')) {
1158 $paramsurl[] = 'lang='.GETPOST('lang', 'aZ09');
1159 }
1160
1161 header('Location: '.DOL_URL_ROOT.'/index.php'.(count($paramsurl) ? '?'.implode('&', $paramsurl) : ''));
1162 exit;
1163 } else {
1164 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
1165 $hookmanager->initHooks(array('main'));
1166
1167 // Code for search criteria persistence.
1168 if (!empty($_GET['save_lastsearch_values']) && !empty($_SERVER["HTTP_REFERER"])) { // We must use $_GET here
1169 $relativepathstring = preg_replace('/\?.*$/', '', $_SERVER["HTTP_REFERER"]);
1170 $relativepathstring = preg_replace('/^https?:\/\/[^\/]*/', '', $relativepathstring); // Get full path except host server
1171 // Clean $relativepathstring
1172 if (constant('DOL_URL_ROOT')) {
1173 $relativepathstring = preg_replace('/^'.preg_quote(constant('DOL_URL_ROOT'), '/').'/', '', $relativepathstring);
1174 }
1175 $relativepathstring = preg_replace('/^\//', '', $relativepathstring);
1176 $relativepathstring = preg_replace('/^custom\//', '', $relativepathstring);
1177 //var_dump($relativepathstring);
1178
1179 // We click on a link that leave a page we have to save search criteria, contextpage, limit and page and mode. We save them from tmp to no tmp
1180 if (!empty($_SESSION['lastsearch_values_tmp_'.$relativepathstring])) {
1181 $_SESSION['lastsearch_values_'.$relativepathstring] = $_SESSION['lastsearch_values_tmp_'.$relativepathstring];
1182 unset($_SESSION['lastsearch_values_tmp_'.$relativepathstring]);
1183 }
1184 if (!empty($_SESSION['lastsearch_contextpage_tmp_'.$relativepathstring])) {
1185 $_SESSION['lastsearch_contextpage_'.$relativepathstring] = $_SESSION['lastsearch_contextpage_tmp_'.$relativepathstring];
1186 unset($_SESSION['lastsearch_contextpage_tmp_'.$relativepathstring]);
1187 }
1188 if (!empty($_SESSION['lastsearch_limit_tmp_'.$relativepathstring]) && $_SESSION['lastsearch_limit_tmp_'.$relativepathstring] != $conf->liste_limit) {
1189 $_SESSION['lastsearch_limit_'.$relativepathstring] = $_SESSION['lastsearch_limit_tmp_'.$relativepathstring];
1190 unset($_SESSION['lastsearch_limit_tmp_'.$relativepathstring]);
1191 }
1192 if (!empty($_SESSION['lastsearch_page_tmp_'.$relativepathstring]) && $_SESSION['lastsearch_page_tmp_'.$relativepathstring] > 0) {
1193 $_SESSION['lastsearch_page_'.$relativepathstring] = $_SESSION['lastsearch_page_tmp_'.$relativepathstring];
1194 unset($_SESSION['lastsearch_page_tmp_'.$relativepathstring]);
1195 }
1196 if (!empty($_SESSION['lastsearch_mode_tmp_'.$relativepathstring])) {
1197 $_SESSION['lastsearch_mode_'.$relativepathstring] = $_SESSION['lastsearch_mode_tmp_'.$relativepathstring];
1198 unset($_SESSION['lastsearch_mode_tmp_'.$relativepathstring]);
1199 }
1200 }
1201 if (!empty($_GET['save_pageforbacktolist']) && !empty($_SERVER["HTTP_REFERER"])) { // We must use $_GET here
1202 if (empty($_SESSION['pageforbacktolist'])) {
1203 $pageforbacktolistarray = array();
1204 } else {
1205 $pageforbacktolistarray = $_SESSION['pageforbacktolist'];
1206 }
1207 $tmparray = explode(':', $_GET['save_pageforbacktolist'], 2);
1208 if (!empty($tmparray[0]) && !empty($tmparray[1])) {
1209 $pageforbacktolistarray[$tmparray[0]] = $tmparray[1];
1210 $_SESSION['pageforbacktolist'] = $pageforbacktolistarray;
1211 }
1212 }
1213
1214 $action = '';
1215 $parameters = array();
1216 $reshook = $hookmanager->executeHooks('updateSession', $parameters, $user, $action);
1217 if ($reshook < 0) {
1218 setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
1219 }
1220 }
1221 }
1222
1223 // Is it a new session that has started ?
1224 // If we are here, this means authentication was successful.
1225 if (!isset($_SESSION["dol_login"])) {
1226 // New session for this login has started.
1227 $error = 0;
1228
1229 // Store value into session (values always stored)
1230 $_SESSION["dol_login"] = $user->login;
1231 $_SESSION["dol_logindate"] = dol_now('gmt');
1232 $_SESSION["dol_authmode"] = isset($dol_authmode) ? $dol_authmode : '';
1233 $_SESSION["dol_tz"] = isset($dol_tz) ? $dol_tz : '';
1234 $_SESSION["dol_tz_string"] = isset($dol_tz_string) ? $dol_tz_string : '';
1235 $_SESSION["dol_dst"] = isset($dol_dst) ? $dol_dst : '';
1236 $_SESSION["dol_dst_observed"] = isset($dol_dst_observed) ? $dol_dst_observed : '';
1237 $_SESSION["dol_dst_first"] = isset($dol_dst_first) ? $dol_dst_first : '';
1238 $_SESSION["dol_dst_second"] = isset($dol_dst_second) ? $dol_dst_second : '';
1239 $_SESSION["dol_screenwidth"] = isset($dol_screenwidth) ? $dol_screenwidth : '';
1240 $_SESSION["dol_screenheight"] = isset($dol_screenheight) ? $dol_screenheight : '';
1241 $_SESSION["dol_company"] = getDolGlobalString("MAIN_INFO_SOCIETE_NOM");
1242 $_SESSION["dol_entity"] = $conf->entity;
1243 // Store value into session (values stored only if defined)
1244 if (!empty($dol_hide_topmenu)) {
1245 $_SESSION['dol_hide_topmenu'] = $dol_hide_topmenu;
1246 }
1247 if (!empty($dol_hide_leftmenu)) {
1248 $_SESSION['dol_hide_leftmenu'] = $dol_hide_leftmenu;
1249 }
1250 if (!empty($dol_optimize_smallscreen)) {
1251 $_SESSION['dol_optimize_smallscreen'] = $dol_optimize_smallscreen;
1252 }
1253 if (!empty($dol_no_mouse_hover)) {
1254 $_SESSION['dol_no_mouse_hover'] = $dol_no_mouse_hover;
1255 }
1256 if (!empty($dol_use_jmobile)) {
1257 $_SESSION['dol_use_jmobile'] = $dol_use_jmobile;
1258 }
1259
1260 dol_syslog("This is a new started user session. _SESSION['dol_login']=".$_SESSION["dol_login"]." Session id=".session_id());
1261
1262 $db->begin();
1263
1264 $user->update_last_login_date();
1265
1266 $loginfo = 'TZ='.$_SESSION["dol_tz"].';TZString='.$_SESSION["dol_tz_string"].';Screen='.$_SESSION["dol_screenwidth"].'x'.$_SESSION["dol_screenheight"];
1267 $loginfo .= ' - authmode='.$dol_authmode.' - entity='.$conf->entity;
1268
1269 // Call triggers for the "security events" log
1270 $user->context['audit'] = $loginfo;
1271 $user->context['authentication_method'] = $dol_authmode;
1272
1273 // Call trigger
1274 $result = $user->call_trigger('USER_LOGIN', $user);
1275 if ($result < 0) {
1276 $error++;
1277 }
1278 // End call triggers
1279
1280 // Hooks on successful login
1281 $action = '';
1282 $hookmanager->initHooks(array('login'));
1283 $parameters = array('dol_authmode' => $dol_authmode, 'dol_loginfo' => $loginfo);
1284 $reshook = $hookmanager->executeHooks('afterLogin', $parameters, $user, $action); // Note that $action and $object may have been modified by some hooks
1285 if ($reshook < 0) {
1286 $error++;
1287 }
1288
1289 if ($error) {
1290 $db->rollback();
1291 session_destroy();
1292 dol_print_error($db, 'Error in some triggers USER_LOGIN or in some hooks afterLogin');
1293 exit;
1294 } else {
1295 $db->commit();
1296 }
1297
1298 // Change landing page if defined.
1299 $landingpage = (empty($user->conf->MAIN_LANDING_PAGE) ? (!getDolGlobalString('MAIN_LANDING_PAGE') ? '' : $conf->global->MAIN_LANDING_PAGE) : $user->conf->MAIN_LANDING_PAGE);
1300 if (!empty($landingpage)) { // Example: /index.php
1301 $newpath = dol_buildpath($landingpage, 1);
1302 if ($_SERVER["PHP_SELF"] != $newpath) { // not already on landing page (avoid infinite loop)
1303 header('Location: '.$newpath);
1304 exit;
1305 }
1306 }
1307 }
1308
1309
1310 // If user admin, we force the rights-based modules
1311 if ($user->admin) {
1312 $user->rights->user->user->lire = 1;
1313 $user->rights->user->user->creer = 1;
1314 $user->rights->user->user->password = 1;
1315 $user->rights->user->user->supprimer = 1;
1316 $user->rights->user->self->creer = 1;
1317 $user->rights->user->self->password = 1;
1318
1319 //Required if advanced permissions are used with MAIN_USE_ADVANCED_PERMS
1320 if (getDolGlobalString('MAIN_USE_ADVANCED_PERMS')) {
1321 if (!$user->hasRight('user', 'user_advance')) {
1322 $user->rights->user->user_advance = new stdClass(); // To avoid warnings
1323 }
1324 if (!$user->hasRight('user', 'self_advance')) {
1325 $user->rights->user->self_advance = new stdClass(); // To avoid warnings
1326 }
1327 if (!$user->hasRight('user', 'group_advance')) {
1328 $user->rights->user->group_advance = new stdClass(); // To avoid warnings
1329 }
1330
1331 $user->rights->user->user_advance->readperms = 1;
1332 $user->rights->user->user_advance->write = 1;
1333 $user->rights->user->self_advance->readperms = 1;
1334 $user->rights->user->self_advance->writeperms = 1;
1335 $user->rights->user->group_advance->read = 1;
1336 $user->rights->user->group_advance->readperms = 1;
1337 $user->rights->user->group_advance->write = 1;
1338 $user->rights->user->group_advance->delete = 1;
1339 }
1340 }
1341
1342 /*
1343 * Overwrite some configs globals (try to avoid this and have code to use instead $user->conf->xxx)
1344 */
1345
1346 // Set liste_limit
1347 if (isset($user->conf->MAIN_SIZE_LISTE_LIMIT)) {
1348 $conf->liste_limit = $user->conf->MAIN_SIZE_LISTE_LIMIT; // Can be 0
1349 }
1350 if (isset($user->conf->PRODUIT_LIMIT_SIZE)) {
1351 $conf->product->limit_size = $user->conf->PRODUIT_LIMIT_SIZE; // Can be 0
1352 }
1353
1354 // Replace conf->css by personalized value if theme not forced
1355 if (!getDolGlobalString('MAIN_FORCETHEME') && !empty($user->conf->MAIN_THEME)) {
1356 $conf->theme = $user->conf->MAIN_THEME;
1357 $conf->css = "/theme/".$conf->theme."/style.css.php";
1358 }
1359} else {
1360 // We may have NOLOGIN set, but NOREQUIREUSER not
1361 if (!empty($user) && method_exists($user, 'loadDefaultValues') && !defined('NODEFAULTVALUES')) {
1362 $user->loadDefaultValues(); // Load default values for everybody (works even if $user->id = 0
1363 }
1364}
1365
1366
1367// Case forcing style from url
1368if (GETPOST('theme', 'aZ09')) {
1369 $conf->theme = GETPOST('theme', 'aZ09', 1);
1370 $conf->css = "/theme/".$conf->theme."/style.css.php";
1371}
1372
1373// Set javascript option
1374if (GETPOSTINT('nojs')) { // If javascript was not disabled on URL
1375 $conf->use_javascript_ajax = 0;
1376} else {
1377 if (!empty($user->conf->MAIN_DISABLE_JAVASCRIPT)) {
1378 $conf->use_javascript_ajax = !$user->conf->MAIN_DISABLE_JAVASCRIPT;
1379 }
1380}
1381
1382// Set MAIN_OPTIMIZEFORTEXTBROWSER for user (must be after login part)
1383if (!getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER') && !empty($user->conf->MAIN_OPTIMIZEFORTEXTBROWSER)) {
1384 $conf->global->MAIN_OPTIMIZEFORTEXTBROWSER = $user->conf->MAIN_OPTIMIZEFORTEXTBROWSER;
1385 if (getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER') == 1) {
1386 $conf->global->THEME_TOPMENU_DISABLE_IMAGE = 1;
1387 }
1388}
1389//var_dump($conf->global->THEME_TOPMENU_DISABLE_IMAGE);
1390//var_dump($user->conf->THEME_TOPMENU_DISABLE_IMAGE);
1391
1392// set MAIN_OPTIMIZEFORCOLORBLIND for user
1393$conf->global->MAIN_OPTIMIZEFORCOLORBLIND = empty($user->conf->MAIN_OPTIMIZEFORCOLORBLIND) ? '' : $user->conf->MAIN_OPTIMIZEFORCOLORBLIND;
1394
1395// Set terminal output option according to conf->browser.
1396if (GETPOSTINT('dol_hide_leftmenu') || !empty($_SESSION['dol_hide_leftmenu'])) {
1397 $conf->dol_hide_leftmenu = 1;
1398}
1399if (GETPOSTINT('dol_hide_topmenu') || !empty($_SESSION['dol_hide_topmenu'])) {
1400 $conf->dol_hide_topmenu = 1;
1401}
1402if (GETPOSTINT('dol_optimize_smallscreen') || !empty($_SESSION['dol_optimize_smallscreen'])) {
1403 $conf->dol_optimize_smallscreen = 1;
1404}
1405if (GETPOSTINT('dol_no_mouse_hover') || !empty($_SESSION['dol_no_mouse_hover'])) {
1406 $conf->dol_no_mouse_hover = 1;
1407}
1408if (GETPOSTINT('dol_use_jmobile') || !empty($_SESSION['dol_use_jmobile'])) {
1409 $conf->dol_use_jmobile = 1;
1410}
1411// If not on Desktop
1412if (!empty($conf->browser->layout) && $conf->browser->layout != 'classic') {
1413 $conf->dol_no_mouse_hover = 1;
1414}
1415
1416// If on smartphone or optimized for small screen
1417if ((!empty($conf->browser->layout) && $conf->browser->layout == 'phone')
1418 || (!empty($_SESSION['dol_screenwidth']) && $_SESSION['dol_screenwidth'] < 400)
1419 || (!empty($_SESSION['dol_screenheight']) && $_SESSION['dol_screenheight'] < 400
1420 || getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER'))
1421) {
1422 $conf->dol_optimize_smallscreen = 1;
1423
1424 if (getDolGlobalInt('PRODUIT_DESC_IN_FORM') == 1) {
1425 $conf->global->PRODUIT_DESC_IN_FORM_ACCORDING_TO_DEVICE = 0;
1426 }
1427}
1428// Replace themes bugged with jmobile with eldy
1429if (!empty($conf->dol_use_jmobile) && in_array($conf->theme, array('bureau2crea', 'cameleo', 'amarok'))) {
1430 $conf->theme = 'eldy';
1431 $conf->css = "/theme/".$conf->theme."/style.css.php";
1432}
1433
1434if (!defined('NOREQUIRETRAN')) {
1435 if (!GETPOST('lang', 'aZ09')) { // If language was not forced on URL
1436 // If user has chosen its own language
1437 if (!empty($user->conf->MAIN_LANG_DEFAULT)) {
1438 // If different than current language
1439 //print ">>>".$langs->getDefaultLang()."-".$user->conf->MAIN_LANG_DEFAULT;
1440 if ($langs->getDefaultLang() != $user->conf->MAIN_LANG_DEFAULT) {
1441 $langs->setDefaultLang($user->conf->MAIN_LANG_DEFAULT);
1442 }
1443 }
1444 }
1445}
1446
1447if (!defined('NOLOGIN')) {
1448 // If the login is not recovered, it is identified with an account that does not exist.
1449 // Hacking attempt?
1450 if (!$user->login) {
1452 }
1453
1454 // Check if user is active
1455 if ($user->statut < 1) {
1456 // If not active, we refuse the user
1457 $langs->loadLangs(array("errors", "other"));
1458 dol_syslog("Authentication KO as login is disabled", LOG_NOTICE);
1459 accessforbidden("ErrorLoginDisabled");
1460 }
1461
1462 // Load permissions
1463 $user->getrights();
1464}
1465
1466dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"].' - action='.GETPOST('action', 'aZ09').', massaction='.GETPOST('massaction', 'aZ09').(defined('NOTOKENRENEWAL') ? ' NOTOKENRENEWAL='.constant('NOTOKENRENEWAL') : ''), LOG_NOTICE);
1467//Another call for easy debug
1468//dol_syslog("Access to ".$_SERVER["PHP_SELF"].' '.$_SERVER["HTTP_REFERER"].' GET='.join(',',array_keys($_GET)).'->'.join(',',$_GET).' POST:'.join(',',array_keys($_POST)).'->'.join(',',$_POST));
1469
1470// Load main languages files
1471if (!defined('NOREQUIRETRAN')) {
1472 // Load translation files required by page
1473 $langs->loadLangs(array('main', 'dict'));
1474}
1475
1476// Define some constants used for style of arrays
1477$bc = array(0 => 'class="impair"', 1 => 'class="pair"');
1478$bcdd = array(0 => 'class="drag drop oddeven"', 1 => 'class="drag drop oddeven"');
1479$bcnd = array(0 => 'class="nodrag nodrop nohover"', 1 => 'class="nodrag nodrop nohoverpair"'); // Used for tr to add new lines
1480$bctag = array(0 => 'class="impair tagtr"', 1 => 'class="pair tagtr"');
1481
1482// Define messages variables
1483$mesg = '';
1484$warning = '';
1485$error = 0;
1486// deprecated, see setEventMessages() and dol_htmloutput_events()
1487$mesgs = array();
1488$warnings = array();
1489$errors = array();
1490
1491// Constants used to defined number of lines in textarea
1492if (empty($conf->browser->firefox)) {
1493 define('ROWS_1', 1);
1494 define('ROWS_2', 2);
1495 define('ROWS_3', 3);
1496 define('ROWS_4', 4);
1497 define('ROWS_5', 5);
1498 define('ROWS_6', 6);
1499 define('ROWS_7', 7);
1500 define('ROWS_8', 8);
1501 define('ROWS_9', 9);
1502} else {
1503 define('ROWS_1', 0);
1504 define('ROWS_2', 1);
1505 define('ROWS_3', 2);
1506 define('ROWS_4', 3);
1507 define('ROWS_5', 4);
1508 define('ROWS_6', 5);
1509 define('ROWS_7', 6);
1510 define('ROWS_8', 7);
1511 define('ROWS_9', 8);
1512}
1513
1514$heightforframes = 50;
1515
1516// Init menu manager
1517if (!defined('NOREQUIREMENU')) {
1518 if (empty($user->socid)) { // If internal user or not defined
1519 $conf->standard_menu = (!getDolGlobalString('MAIN_MENU_STANDARD_FORCED') ? (!getDolGlobalString('MAIN_MENU_STANDARD') ? 'eldy_menu.php' : $conf->global->MAIN_MENU_STANDARD) : $conf->global->MAIN_MENU_STANDARD_FORCED);
1520 } else {
1521 // If external user
1522 $conf->standard_menu = (!getDolGlobalString('MAIN_MENUFRONT_STANDARD_FORCED') ? (!getDolGlobalString('MAIN_MENUFRONT_STANDARD') ? 'eldy_menu.php' : $conf->global->MAIN_MENUFRONT_STANDARD) : $conf->global->MAIN_MENUFRONT_STANDARD_FORCED);
1523 }
1524
1525 // Load the menu manager (only if not already done)
1526 $file_menu = $conf->standard_menu;
1527 if (GETPOST('menu', 'alpha')) {
1528 $file_menu = GETPOST('menu', 'alpha'); // example: menu=eldy_menu.php
1529 }
1530 if (!class_exists('MenuManager')) {
1531 $menufound = 0;
1532 $dirmenus = array_merge(array("/core/menus/"), (array) $conf->modules_parts['menus']);
1533 foreach ($dirmenus as $dirmenu) {
1534 $menufound = dol_include_once($dirmenu."standard/".$file_menu);
1535 if (class_exists('MenuManager')) {
1536 break;
1537 }
1538 }
1539 if (!class_exists('MenuManager')) { // If failed to include, we try with standard eldy_menu.php
1540 dol_syslog("You define a menu manager '".$file_menu."' that can not be loaded.", LOG_WARNING);
1541 $file_menu = 'eldy_menu.php';
1542 include_once DOL_DOCUMENT_ROOT."/core/menus/standard/".$file_menu;
1543 }
1544 }
1545 $menumanager = new MenuManager($db, empty($user->socid) ? 0 : 1);
1546 $menumanager->loadMenu();
1547}
1548
1549if (!empty(GETPOST('seteventmessages', 'alpha'))) {
1550 $message = GETPOST('seteventmessages', 'alpha');
1551 $messages = explode(',', $message);
1552 foreach ($messages as $key => $msg) {
1553 $tmp = explode(':', $msg);
1554 setEventMessages($tmp[0], null, !empty($tmp[1]) ? $tmp[1] : 'mesgs');
1555 }
1556}
1557
1558// Functions
1559
1560if (!function_exists("llxHeader")) {
1581 function llxHeader($head = '', $title = '', $help_url = '', $target = '', $disablejs = 0, $disablehead = 0, $arrayofjs = '', $arrayofcss = '', $morequerystring = '', $morecssonbody = '', $replacemainareaby = '', $disablenofollow = 0, $disablenoindex = 0)
1582 {
1583 global $conf, $hookmanager;
1584
1585 $parameters = array(
1586 'head' => & $head,
1587 'title' => & $title,
1588 'help_url' => & $help_url,
1589 'target' => & $target,
1590 'disablejs' => & $disablejs,
1591 'disablehead' => & $disablehead,
1592 'arrayofjs' => & $arrayofjs,
1593 'arrayofcss' => & $arrayofcss,
1594 'morequerystring' => & $morequerystring,
1595 'morecssonbody' => & $morecssonbody,
1596 'replacemainareaby' => & $replacemainareaby,
1597 'disablenofollow' => & $disablenofollow,
1598 'disablenoindex' => & $disablenoindex
1599
1600 );
1601 $reshook = $hookmanager->executeHooks('llxHeader', $parameters);
1602 if ($reshook > 0) {
1603 print $hookmanager->resPrint;
1604 return;
1605 }
1606
1607 // html header
1608 top_htmlhead($head, $title, $disablejs, $disablehead, $arrayofjs, $arrayofcss, 0, $disablenofollow, $disablenoindex);
1609
1610 $tmpcsstouse = 'sidebar-collapse'.($morecssonbody ? ' '.$morecssonbody : '');
1611 // If theme MD and classic layer, we open the menulayer by default.
1612 if ($conf->theme == 'md' && !in_array($conf->browser->layout, array('phone', 'tablet')) && !getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {
1613 global $mainmenu;
1614 if ($mainmenu != 'website') {
1615 $tmpcsstouse = $morecssonbody; // We do not use sidebar-collpase by default to have menuhider open by default.
1616 }
1617 }
1618
1619 if (getDolGlobalString('MAIN_OPTIMIZEFORCOLORBLIND')) {
1620 $tmpcsstouse .= ' colorblind-'.strip_tags(getDolGlobalString('MAIN_OPTIMIZEFORCOLORBLIND'));
1621 }
1622
1623 print '<body id="mainbody" class="'.$tmpcsstouse.'">'."\n";
1624
1625 // top menu and left menu area
1626 if ((empty($conf->dol_hide_topmenu) || GETPOSTINT('dol_invisible_topmenu')) && !GETPOST('dol_openinpopup', 'aZ09')) {
1627 top_menu($head, $title, $target, $disablejs, $disablehead, $arrayofjs, $arrayofcss, $morequerystring, $help_url);
1628 }
1629
1630 if (empty($conf->dol_hide_leftmenu) && !GETPOST('dol_openinpopup', 'aZ09')) {
1631 left_menu(array(), $help_url, '', '', 1, $title, 1); // $menumanager is retrieved with a global $menumanager inside this function
1632 }
1633
1634 // main area
1635 if ($replacemainareaby) {
1636 print $replacemainareaby;
1637 return;
1638 }
1639 main_area($title);
1640 }
1641}
1642
1643
1651function top_httphead($contenttype = 'text/html', $forcenocache = 0)
1652{
1653 global $db, $conf, $hookmanager;
1654
1655 if ($contenttype == 'text/html') {
1656 header("Content-Type: text/html; charset=".$conf->file->character_set_client);
1657 } else {
1658 header("Content-Type: ".$contenttype);
1659 }
1660
1661 // Security options
1662
1663 // X-Content-Type-Options
1664 header("X-Content-Type-Options: nosniff"); // With the nosniff option, if the server says the content is text/html, the browser will render it as text/html (note that most browsers now force this option to on)
1665
1666 // X-Frame-Options
1667 if (!defined('XFRAMEOPTIONS_ALLOWALL')) {
1668 header("X-Frame-Options: SAMEORIGIN"); // By default, frames allowed only if on same domain (stop some XSS attacks)
1669 } else {
1670 header("X-Frame-Options: ALLOWALL");
1671 }
1672
1673 if (getDolGlobalString('MAIN_SECURITY_FORCE_ACCESS_CONTROL_ALLOW_ORIGIN')) {
1674 $tmpurl = constant('DOL_MAIN_URL_ROOT');
1675 $tmpurl = preg_replace('/^(https?:\/\/[^\/]+)\/.*$/', '\1', $tmpurl);
1676 header('Access-Control-Allow-Origin: '.$tmpurl);
1677 header('Vary: Origin');
1678 }
1679
1680 // X-XSS-Protection
1681 //header("X-XSS-Protection: 1"); // XSS filtering protection of some browsers (note: use of Content-Security-Policy is more efficient). Disabled as deprecated.
1682
1683 // Content-Security-Policy-Report-Only
1684 if (!defined('MAIN_SECURITY_FORCECSPRO')) {
1685 // If CSP not forced from the page
1686
1687 // A default security policy that keep usage of js external component like ckeditor, stripe, google, working
1688 // For example: to restrict to only local resources, except for css (cloudflare+google), and js (transifex + google tags) and object/iframe (youtube)
1689 // default-src 'self'; style-src: https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src: https://cdn.transifex.com https://www.googletagmanager.com; object-src https://youtube.com; frame-src https://youtube.com; img-src: *;
1690 // For example, to restrict everything to itself except img that can be on other servers:
1691 // default-src 'self'; img-src *;
1692 // Pre-existing site that uses too much js code to fix but wants to ensure resources are loaded only over https and disable plugins:
1693 // default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'
1694 //
1695 // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;";
1696 // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';";
1697 $contentsecuritypolicy = getDolGlobalString('MAIN_SECURITY_FORCECSPRO');
1698
1699 if (!is_object($hookmanager)) {
1700 include_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php';
1701 $hookmanager = new HookManager($db);
1702 }
1703 $hookmanager->initHooks(array("main"));
1704
1705 $parameters = array('contentsecuritypolicy' => $contentsecuritypolicy, 'mode' => 'reportonly');
1706 $result = $hookmanager->executeHooks('setContentSecurityPolicy', $parameters); // Note that $action and $object may have been modified by some hooks
1707 if ($result > 0) {
1708 $contentsecuritypolicy = $hookmanager->resPrint; // Replace CSP
1709 } else {
1710 $contentsecuritypolicy .= $hookmanager->resPrint; // Concat CSP
1711 }
1712
1713 if (!empty($contentsecuritypolicy)) {
1714 header("Content-Security-Policy-Report-Only: ".$contentsecuritypolicy);
1715 }
1716 } else {
1717 header("Content-Security-Policy: ".constant('MAIN_SECURITY_FORCECSPRO'));
1718 }
1719
1720 // Content-Security-Policy
1721 if (!defined('MAIN_SECURITY_FORCECSP')) {
1722 // If CSP not forced from the page
1723
1724 // A default security policy that keep usage of js external component like ckeditor, stripe, google, working
1725 // For example: to restrict to only local resources, except for css (cloudflare+google), and js (transifex + google tags) and object/iframe (youtube)
1726 // default-src 'self'; style-src: https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src: https://cdn.transifex.com https://www.googletagmanager.com; object-src https://youtube.com; frame-src https://youtube.com; img-src: *;
1727 // For example, to restrict everything to itself except img that can be on other servers:
1728 // default-src 'self'; img-src *;
1729 // Pre-existing site that uses too much js code to fix but wants to ensure resources are loaded only over https and disable plugins:
1730 // default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'
1731 //
1732 // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;";
1733 // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';";
1734 $contentsecuritypolicy = getDolGlobalString('MAIN_SECURITY_FORCECSP');
1735
1736 if (!is_object($hookmanager)) {
1737 include_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php';
1738 $hookmanager = new HookManager($db);
1739 }
1740 $hookmanager->initHooks(array("main"));
1741
1742 $parameters = array('contentsecuritypolicy' => $contentsecuritypolicy, 'mode' => 'active');
1743 $result = $hookmanager->executeHooks('setContentSecurityPolicy', $parameters); // Note that $action and $object may have been modified by some hooks
1744 if ($result > 0) {
1745 $contentsecuritypolicy = $hookmanager->resPrint; // Replace CSP
1746 } else {
1747 $contentsecuritypolicy .= $hookmanager->resPrint; // Concat CSP
1748 }
1749
1750 if (!empty($contentsecuritypolicy)) {
1751 header("Content-Security-Policy: ".$contentsecuritypolicy);
1752 }
1753 } else {
1754 header("Content-Security-Policy: ".constant('MAIN_SECURITY_FORCECSP'));
1755 }
1756
1757 // Referrer-Policy
1758 // Say if we must provide the referrer when we jump onto another web page.
1759 // Default browser are 'strict-origin-when-cross-origin' (only domain is sent on other domain switching), we want more so we use 'same-origin' so browser doesn't send any referrer at all when going into another web site domain.
1760 // Note that we do not use 'strict-origin' as this breaks feature to restore filters when clicking on "back to page" link on some cases.
1761 if (!defined('MAIN_SECURITY_FORCERP')) {
1762 $referrerpolicy = getDolGlobalString('MAIN_SECURITY_FORCERP', "same-origin");
1763
1764 header("Referrer-Policy: ".$referrerpolicy);
1765 }
1766
1767 if ($forcenocache) {
1768 header("Cache-Control: no-cache, no-store, must-revalidate, max-age=0");
1769 }
1770
1771 // No need to add this token in header, we use instead the one into the forms.
1772 //header("anti-csrf-token: ".newToken());
1773}
1774
1790function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arrayofjs = array(), $arrayofcss = array(), $disableforlogin = 0, $disablenofollow = 0, $disablenoindex = 0)
1791{
1792 global $db, $conf, $langs, $user, $mysoc, $hookmanager;
1793
1794 top_httphead();
1795
1796 if (empty($conf->css)) {
1797 $conf->css = '/theme/eldy/style.css.php'; // If not defined, eldy by default
1798 }
1799
1800 print '<!doctype html>'."\n";
1801
1802 print '<html lang="'.substr($langs->defaultlang, 0, 2).'">'."\n";
1803
1804 //print '<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr">'."\n";
1805 if (empty($disablehead)) {
1806 if (!is_object($hookmanager)) {
1807 include_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php';
1808 $hookmanager = new HookManager($db);
1809 }
1810 $hookmanager->initHooks(array("main"));
1811
1812 $ext = 'layout='.(empty($conf->browser->layout) ? '' : $conf->browser->layout).'&amp;version='.urlencode(DOL_VERSION);
1813
1814 print "<head>\n";
1815
1816 if (GETPOST('dol_basehref', 'alpha')) {
1817 print '<base href="'.dol_escape_htmltag(GETPOST('dol_basehref', 'alpha')).'">'."\n";
1818 }
1819
1820 // Displays meta
1821 print '<meta charset="utf-8">'."\n";
1822 print '<meta name="robots" content="'.($disablenoindex ? 'index' : 'noindex').($disablenofollow ? ',follow' : ',nofollow').'">'."\n"; // Do not index
1823 print '<meta name="viewport" content="width=device-width, initial-scale=1.0">'."\n"; // Scale for mobile device
1824 print '<meta name="author" content="Dolibarr Development Team">'."\n";
1825 print '<meta name="anti-csrf-newtoken" content="'.newToken().'">'."\n";
1826 print '<meta name="anti-csrf-currenttoken" content="'.currentToken().'">'."\n";
1827 if (getDolGlobalInt('MAIN_FEATURES_LEVEL')) {
1828 print '<meta name="MAIN_FEATURES_LEVEL" content="'.getDolGlobalInt('MAIN_FEATURES_LEVEL').'">'."\n";
1829 }
1830 // Favicon
1831 $favicon = DOL_URL_ROOT.'/theme/dolibarr_256x256_color.png';
1832 if (!empty($mysoc->logo_squarred_mini)) {
1833 $favicon = DOL_URL_ROOT.'/viewimage.php?cache=1&modulepart=mycompany&file='.urlencode('logos/thumbs/'.$mysoc->logo_squarred_mini);
1834 }
1835 if (getDolGlobalString('MAIN_FAVICON_URL')) {
1836 $favicon = getDolGlobalString('MAIN_FAVICON_URL');
1837 }
1838 if (empty($conf->dol_use_jmobile)) {
1839 print '<link rel="shortcut icon" type="image/x-icon" href="'.$favicon.'"/>'."\n"; // Not required into an Android webview
1840 }
1841
1842 // Mobile appli like icon
1843 $manifest = DOL_URL_ROOT.'/theme/'.$conf->theme.'/manifest.json.php';
1844 $parameters = array('manifest' => $manifest);
1845 $resHook = $hookmanager->executeHooks('hookSetManifest', $parameters); // Note that $action and $object may have been modified by some hooks
1846 if ($resHook > 0) {
1847 $manifest = $hookmanager->resPrint; // Replace manifest.json
1848 } else {
1849 $manifest .= $hookmanager->resPrint; // Concat to actual manifest declaration
1850 }
1851 if (!empty($manifest)) {
1852 print '<link rel="manifest" href="'.$manifest.'" />'."\n";
1853 }
1854
1855 if (getDolGlobalString('THEME_ELDY_TOPMENU_BACK1')) {
1856 // TODO: use auto theme color switch
1857 print '<meta name="theme-color" content="rgb(' . getDolGlobalString('THEME_ELDY_TOPMENU_BACK1').')">'."\n";
1858 }
1859
1860 // Auto refresh page
1861 if (GETPOSTINT('autorefresh') > 0) {
1862 print '<meta http-equiv="refresh" content="'.GETPOSTINT('autorefresh').'">';
1863 }
1864
1865 // Displays title
1866 $appli = constant('DOL_APPLICATION_TITLE');
1867 if (getDolGlobalString('MAIN_APPLICATION_TITLE')) {
1868 $appli = getDolGlobalString('MAIN_APPLICATION_TITLE');
1869 }
1870
1871 print '<title>';
1872 $titletoshow = '';
1873 if ($title && preg_match('/showapp/', getDolGlobalString('MAIN_HTML_TITLE'))) {
1874 $titletoshow = dol_htmlentities($appli.' - '.$title);
1875 } elseif ($title) {
1876 $titletoshow = dol_htmlentities($title);
1877 } else {
1878 $titletoshow = dol_htmlentities($appli);
1879 }
1880
1881 $parameters = array('title' => $titletoshow);
1882 $result = $hookmanager->executeHooks('setHtmlTitle', $parameters); // Note that $action and $object may have been modified by some hooks
1883 if ($result > 0) {
1884 $titletoshow = $hookmanager->resPrint; // Replace Title to show
1885 } else {
1886 $titletoshow .= $hookmanager->resPrint; // Concat to Title to show
1887 }
1888
1889 print $titletoshow;
1890 print '</title>';
1891
1892 print "\n";
1893
1894 if (GETPOSTINT('version')) {
1895 $ext = 'version='.GETPOSTINT('version'); // useful to force no cache on css/js
1896 }
1897 // Refresh value of MAIN_IHM_PARAMS_REV before forging the parameter line.
1898 if (GETPOST('dol_resetcache')) {
1899 include_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
1900 dolibarr_set_const($db, "MAIN_IHM_PARAMS_REV", getDolGlobalInt('MAIN_IHM_PARAMS_REV') + 1, 'chaine', 0, '', $conf->entity);
1901 }
1902
1903 $themeparam = '?lang='.$langs->defaultlang.'&amp;theme='.$conf->theme.(GETPOST('optioncss', 'aZ09') ? '&amp;optioncss='.GETPOST('optioncss', 'aZ09', 1) : '').(empty($user->id) ? '' : ('&amp;userid='.$user->id)).'&amp;entity='.$conf->entity;
1904
1905 $themeparam .= ($ext ? '&amp;'.$ext : '').'&amp;revision='.getDolGlobalInt("MAIN_IHM_PARAMS_REV");
1906 if (GETPOSTISSET('dol_hide_topmenu')) {
1907 $themeparam .= '&amp;dol_hide_topmenu='.GETPOSTINT('dol_hide_topmenu');
1908 }
1909 if (GETPOSTISSET('dol_hide_leftmenu')) {
1910 $themeparam .= '&amp;dol_hide_leftmenu='.GETPOSTINT('dol_hide_leftmenu');
1911 }
1912 if (GETPOSTISSET('dol_openinpopup')) {
1913 $themeparam .= '&amp;dol_openinpopup='.GETPOST('dol_openinpopup', 'aZ09');
1914 }
1915 if (GETPOSTISSET('dol_optimize_smallscreen')) {
1916 $themeparam .= '&amp;dol_optimize_smallscreen='.GETPOSTINT('dol_optimize_smallscreen');
1917 }
1918 if (GETPOSTISSET('dol_no_mouse_hover')) {
1919 $themeparam .= '&amp;dol_no_mouse_hover='.GETPOSTINT('dol_no_mouse_hover');
1920 }
1921 if (GETPOSTISSET('dol_use_jmobile')) {
1922 $themeparam .= '&amp;dol_use_jmobile='.GETPOSTINT('dol_use_jmobile');
1923 $conf->dol_use_jmobile = GETPOSTINT('dol_use_jmobile');
1924 }
1925 if (GETPOSTISSET('THEME_DARKMODEENABLED')) {
1926 $themeparam .= '&amp;THEME_DARKMODEENABLED='.GETPOSTINT('THEME_DARKMODEENABLED');
1927 }
1928 if (GETPOSTISSET('THEME_SATURATE_RATIO')) {
1929 $themeparam .= '&amp;THEME_SATURATE_RATIO='.GETPOSTINT('THEME_SATURATE_RATIO');
1930 }
1931
1932 if (getDolGlobalString('MAIN_ENABLE_FONT_ROBOTO')) {
1933 print '<link rel="preconnect" href="https://fonts.gstatic.com">'."\n";
1934 print '<link href="https://fonts.googleapis.com/css2?family=Roboto:wght@200;300;400;500;600&display=swap" rel="stylesheet">'."\n";
1935 }
1936
1937 if (!defined('DISABLE_JQUERY') && !$disablejs && $conf->use_javascript_ajax) {
1938 print '<!-- Includes CSS for JQuery (Ajax library) -->'."\n";
1939 $jquerytheme = 'base';
1940 if (getDolGlobalString('MAIN_USE_JQUERY_THEME')) {
1941 $jquerytheme = getDolGlobalString('MAIN_USE_JQUERY_THEME');
1942 }
1943 if (constant('JS_JQUERY_UI')) {
1944 print '<link rel="stylesheet" type="text/css" href="'.JS_JQUERY_UI.'css/'.$jquerytheme.'/jquery-ui.min.css'.($ext ? '?'.$ext : '').'">'."\n"; // Forced JQuery
1945 } else {
1946 print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/includes/jquery/css/'.$jquerytheme.'/jquery-ui.css'.($ext ? '?'.$ext : '').'">'."\n"; // JQuery
1947 }
1948 if (!defined('DISABLE_JQUERY_JNOTIFY')) {
1949 print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/includes/jquery/plugins/jnotify/jquery.jnotify-alt.min.css'.($ext ? '?'.$ext : '').'">'."\n"; // JNotify
1950 }
1951 if (!defined('DISABLE_SELECT2') && (getDolGlobalString('MAIN_USE_JQUERY_MULTISELECT') || defined('REQUIRE_JQUERY_MULTISELECT'))) { // jQuery plugin "mutiselect", "multiple-select", "select2"...
1952 $tmpplugin = !getDolGlobalString('MAIN_USE_JQUERY_MULTISELECT') ? constant('REQUIRE_JQUERY_MULTISELECT') : $conf->global->MAIN_USE_JQUERY_MULTISELECT;
1953 print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/includes/jquery/plugins/'.$tmpplugin.'/dist/css/'.$tmpplugin.'.css'.($ext ? '?'.$ext : '').'">'."\n";
1954 }
1955 }
1956
1957 if (!defined('DISABLE_FONT_AWSOME')) {
1958 print '<!-- Includes CSS for font awesome -->'."\n";
1959 $fontawesome_directory = getDolGlobalString('MAIN_FONTAWESOME_DIRECTORY', '/theme/common/fontawesome-5');
1960 print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.$fontawesome_directory.'/css/all.min.css'.($ext ? '?'.$ext : '').'">'."\n";
1961 }
1962
1963 print '<!-- Includes CSS for Dolibarr theme -->'."\n";
1964 // Output style sheets (optioncss='print' or ''). Note: $conf->css looks like '/theme/eldy/style.css.php'
1965 $themepath = dol_buildpath($conf->css, 1);
1966 $themesubdir = '';
1967 if (!empty($conf->modules_parts['theme'])) { // This slow down
1968 foreach ($conf->modules_parts['theme'] as $reldir) {
1969 if (file_exists(dol_buildpath($reldir.$conf->css, 0))) {
1970 $themepath = dol_buildpath($reldir.$conf->css, 1);
1971 $themesubdir = $reldir;
1972 break;
1973 }
1974 }
1975 }
1976
1977 //print 'themepath='.$themepath.' themeparam='.$themeparam;exit;
1978 print '<link rel="stylesheet" type="text/css" href="'.$themepath.$themeparam.'">'."\n";
1979 if (getDolGlobalString('MAIN_FIX_FLASH_ON_CHROME')) {
1980 print '<!-- Includes CSS that does not exists as a workaround of flash bug of chrome -->'."\n".'<link rel="stylesheet" type="text/css" href="filethatdoesnotexiststosolvechromeflashbug">'."\n";
1981 }
1982
1983 // LEAFLET AND GEOMAN
1984 if (getDolGlobalString('MAIN_USE_GEOPHP')) {
1985 print '<link rel="stylesheet" href="'.DOL_URL_ROOT.'/includes/leaflet/leaflet.css'.($ext ? '?'.$ext : '')."\">\n";
1986 print '<link rel="stylesheet" href="'.DOL_URL_ROOT.'/includes/leaflet/leaflet-geoman.css'.($ext ? '?'.$ext : '')."\">\n";
1987 }
1988
1989 // CSS forced by modules (relative url starting with /)
1990 if (!empty($conf->modules_parts['css'])) {
1991 $arraycss = (array) $conf->modules_parts['css'];
1992 foreach ($arraycss as $modcss => $filescss) {
1993 $filescss = (array) $filescss; // To be sure filecss is an array
1994 foreach ($filescss as $cssfile) {
1995 if (empty($cssfile)) {
1996 dol_syslog("Warning: module ".$modcss." declared a css path file into its descriptor that is empty.", LOG_WARNING);
1997 }
1998 // cssfile is a relative path
1999 $urlforcss = dol_buildpath($cssfile, 1);
2000 if ($urlforcss && $urlforcss != '/') {
2001 print '<!-- Includes CSS added by module '.$modcss.' -->'."\n".'<link rel="stylesheet" type="text/css" href="'.$urlforcss;
2002 // We add params only if page is not static, because some web server setup does not return content type text/css if url has parameters, so browser cache is not used.
2003 if (!preg_match('/\.css$/i', $cssfile)) {
2004 print $themeparam;
2005 }
2006 print '">'."\n";
2007 } else {
2008 dol_syslog("Warning: module ".$modcss." declared a css path file for a file we can't find.", LOG_WARNING);
2009 }
2010 }
2011 }
2012 }
2013 // CSS forced by page in top_htmlhead call (relative url starting with /)
2014 if (is_array($arrayofcss)) {
2015 foreach ($arrayofcss as $cssfile) {
2016 if (preg_match('/^(http|\/\/)/i', $cssfile)) {
2017 $urltofile = $cssfile;
2018 } else {
2019 $urltofile = dol_buildpath($cssfile, 1);
2020 }
2021 print '<!-- Includes CSS added by page -->'."\n".'<link rel="stylesheet" type="text/css" title="default" href="'.$urltofile;
2022 // We add params only if page is not static, because some web server setup does not return content type text/css if url has parameters and browser cache is not used.
2023 if (!preg_match('/\.css$/i', $cssfile)) {
2024 print $themeparam;
2025 }
2026 print '">'."\n";
2027 }
2028 }
2029
2030 // Custom CSS
2031 if (getDolGlobalString('MAIN_IHM_CUSTOM_CSS')) {
2032 // If a custom CSS was set, we add link to the custom css php file
2033 print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/theme/custom.css.php'.($ext ? '?'.$ext : '').'&amp;revision='.getDolGlobalInt("MAIN_IHM_PARAMS_REV").'">'."\n";
2034 }
2035
2036 // Output standard javascript links
2037 if (!defined('DISABLE_JQUERY') && !$disablejs && !empty($conf->use_javascript_ajax)) {
2038 // JQuery. Must be before other includes
2039 print '<!-- Includes JS for JQuery -->'."\n";
2040 if (defined('JS_JQUERY') && constant('JS_JQUERY')) {
2041 print '<script nonce="'.getNonce().'" src="'.JS_JQUERY.'jquery.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2042 } else {
2043 print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/js/jquery.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2044 }
2045 if (defined('JS_JQUERY_UI') && constant('JS_JQUERY_UI')) {
2046 print '<script nonce="'.getNonce().'" src="'.JS_JQUERY_UI.'jquery-ui.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2047 } else {
2048 print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/js/jquery-ui.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2049 }
2050 // jQuery jnotify
2051 if (!getDolGlobalString('MAIN_DISABLE_JQUERY_JNOTIFY') && !defined('DISABLE_JQUERY_JNOTIFY')) {
2052 print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jnotify/jquery.jnotify.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2053 }
2054 // Table drag and drop lines
2055 if (empty($disableforlogin) && !defined('DISABLE_JQUERY_TABLEDND')) {
2056 print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/tablednd/jquery.tablednd.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2057 }
2058 // Chart
2059 if (empty($disableforlogin) && (!getDolGlobalString('MAIN_JS_GRAPH') || getDolGlobalString('MAIN_JS_GRAPH') == 'chart') && !defined('DISABLE_JS_GRAPH')) {
2060 print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/nnnick/chartjs/dist/chart.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2061 }
2062
2063 // jQuery jeditable for Edit In Place features
2064 if (getDolGlobalString('MAIN_USE_JQUERY_JEDITABLE') && !defined('DISABLE_JQUERY_JEDITABLE')) {
2065 print '<!-- JS to manage editInPlace feature -->'."\n";
2066 print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2067 print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.ui-datepicker.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2068 print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.ui-autocomplete.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2069 print '<script>'."\n";
2070 print 'var urlSaveInPlace = \''.DOL_URL_ROOT.'/core/ajax/saveinplace.php\';'."\n";
2071 print 'var urlLoadInPlace = \''.DOL_URL_ROOT.'/core/ajax/loadinplace.php\';'."\n";
2072 print 'var tooltipInPlace = \''.$langs->transnoentities('ClickToEdit').'\';'."\n"; // Added in title attribute of span
2073 print 'var placeholderInPlace = \'&nbsp;\';'."\n"; // If we put another string than $langs->trans("ClickToEdit") here, nothing is shown. If we put empty string, there is error, Why ?
2074 print 'var cancelInPlace = \''.$langs->trans("Cancel").'\';'."\n";
2075 print 'var submitInPlace = \''.$langs->trans('Ok').'\';'."\n";
2076 print 'var indicatorInPlace = \'<img src="'.DOL_URL_ROOT."/theme/".$conf->theme."/img/working.gif".'">\';'."\n";
2077 print 'var withInPlace = 300;'; // width in pixel for default string edit
2078 print '</script>'."\n";
2079 print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/core/js/editinplace.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2080 print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.ckeditor.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2081 }
2082 // jQuery Timepicker
2083 if (getDolGlobalString('MAIN_USE_JQUERY_TIMEPICKER') || defined('REQUIRE_JQUERY_TIMEPICKER')) {
2084 print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/timepicker/jquery-ui-timepicker-addon.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2085 print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/core/js/timepicker.js.php?lang='.$langs->defaultlang.($ext ? '&amp;'.$ext : '').'"></script>'."\n";
2086 }
2087 if (!defined('DISABLE_SELECT2') && (getDolGlobalString('MAIN_USE_JQUERY_MULTISELECT') || defined('REQUIRE_JQUERY_MULTISELECT'))) {
2088 // jQuery plugin "mutiselect", "multiple-select", "select2", ...
2089 $tmpplugin = !getDolGlobalString('MAIN_USE_JQUERY_MULTISELECT') ? constant('REQUIRE_JQUERY_MULTISELECT') : $conf->global->MAIN_USE_JQUERY_MULTISELECT;
2090 print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/'.$tmpplugin.'/dist/js/'.$tmpplugin.'.full.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n"; // We include full because we need the support of containerCssClass
2091 }
2092 if (!defined('DISABLE_MULTISELECT')) { // jQuery plugin "mutiselect" to select with checkboxes. Can be removed once we have an enhanced search tool
2093 print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/multiselect/jquery.multi-select.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2094 }
2095 }
2096
2097 if (!$disablejs && !empty($conf->use_javascript_ajax)) {
2098 // CKEditor
2099 if (empty($disableforlogin) && (isModEnabled('fckeditor') && (!getDolGlobalString('FCKEDITOR_EDITORNAME') || getDolGlobalString('FCKEDITOR_EDITORNAME') == 'ckeditor') && !defined('DISABLE_CKEDITOR')) || defined('FORCE_CKEDITOR')) {
2100 print '<!-- Includes JS for CKEditor -->'."\n";
2101 $pathckeditor = DOL_URL_ROOT.'/includes/ckeditor/ckeditor/';
2102 $jsckeditor = 'ckeditor.js';
2103 if (constant('JS_CKEDITOR')) {
2104 // To use external ckeditor 4 js lib
2105 $pathckeditor = constant('JS_CKEDITOR');
2106 }
2107 print '<script nonce="'.getNonce().'">';
2108 print '/* enable ckeditor by main.inc.php */';
2109 print 'var CKEDITOR_BASEPATH = \''.dol_escape_js($pathckeditor).'\';'."\n";
2110 print 'var ckeditorConfig = \''.dol_escape_js(dol_buildpath($themesubdir.'/theme/'.$conf->theme.'/ckeditor/config.js'.($ext ? '?'.$ext : ''), 1)).'\';'."\n"; // $themesubdir='' in standard usage
2111 print 'var ckeditorFilebrowserBrowseUrl = \''.DOL_URL_ROOT.'/core/filemanagerdol/browser/default/browser.php?Connector='.DOL_URL_ROOT.'/core/filemanagerdol/connectors/php/connector.php\';'."\n";
2112 print 'var ckeditorFilebrowserImageBrowseUrl = \''.DOL_URL_ROOT.'/core/filemanagerdol/browser/default/browser.php?Type=Image&Connector='.DOL_URL_ROOT.'/core/filemanagerdol/connectors/php/connector.php\';'."\n";
2113 print '</script>'."\n";
2114 print '<script src="'.$pathckeditor.$jsckeditor.($ext ? '?'.$ext : '').'"></script>'."\n";
2115 print '<script>';
2116 if (GETPOST('mode', 'aZ09') == 'Full_inline') {
2117 print 'CKEDITOR.disableAutoInline = false;'."\n";
2118 } else {
2119 print 'CKEDITOR.disableAutoInline = true;'."\n";
2120 }
2121 print '</script>'."\n";
2122 }
2123
2124 // Browser notifications (if NOREQUIREMENU is on, it is mostly a page for popup, so we do not enable notif too. We hide also for public pages).
2125 if (!defined('NOBROWSERNOTIF') && !defined('NOREQUIREMENU') && !defined('NOLOGIN')) {
2126 $enablebrowsernotif = false;
2127 if (isModEnabled('agenda') && getDolGlobalString('AGENDA_REMINDER_BROWSER')) {
2128 $enablebrowsernotif = true;
2129 }
2130 if ($conf->browser->layout == 'phone') {
2131 $enablebrowsernotif = false;
2132 }
2133 if ($enablebrowsernotif) {
2134 print '<!-- Includes JS of Dolibarr (browser layout = '.$conf->browser->layout.')-->'."\n";
2135 print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/core/js/lib_notification.js.php'.($ext ? '?'.$ext : '').'"></script>'."\n";
2136 }
2137 }
2138
2139 // Global js function
2140 print '<!-- Includes JS of Dolibarr -->'."\n";
2141 print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/core/js/lib_head.js.php?lang='.$langs->defaultlang.($ext ? '&amp;'.$ext : '').'"></script>'."\n";
2142
2143 // Leaflet TODO use dolibarr files
2144 if (getDolGlobalString('MAIN_USE_GEOPHP')) {
2145 print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/leaflet/leaflet.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2146 print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/leaflet/leaflet-geoman.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2147 }
2148
2149 // JS forced by modules (relative url starting with /)
2150 if (!empty($conf->modules_parts['js'])) { // $conf->modules_parts['js'] is array('module'=>array('file1','file2'))
2151 $arrayjs = (array) $conf->modules_parts['js'];
2152 foreach ($arrayjs as $modjs => $filesjs) {
2153 $filesjs = (array) $filesjs; // To be sure filejs is an array
2154 foreach ($filesjs as $jsfile) {
2155 // jsfile is a relative path
2156 $urlforjs = dol_buildpath($jsfile, 1);
2157 if ($urlforjs && $urlforjs != '/') {
2158 print '<!-- Include JS added by module '.$modjs.'-->'."\n";
2159 print '<script nonce="'.getNonce().'" src="'.$urlforjs.((strpos($jsfile, '?') === false) ? '?' : '&amp;').'lang='.$langs->defaultlang.'"></script>'."\n";
2160 } else {
2161 dol_syslog("Warning: module ".$modjs." declared a js path file for a file we can't find.", LOG_WARNING);
2162 }
2163 }
2164 }
2165 }
2166 // JS forced by page in top_htmlhead (relative url starting with /)
2167 if (is_array($arrayofjs)) {
2168 print '<!-- Includes JS added by page -->'."\n";
2169 foreach ($arrayofjs as $jsfile) {
2170 if (preg_match('/^(http|\/\/)/i', $jsfile)) {
2171 print '<script nonce="'.getNonce().'" src="'.$jsfile.((strpos($jsfile, '?') === false) ? '?' : '&amp;').'lang='.$langs->defaultlang.'"></script>'."\n";
2172 } else {
2173 print '<script nonce="'.getNonce().'" src="'.dol_buildpath($jsfile, 1).((strpos($jsfile, '?') === false) ? '?' : '&amp;').'lang='.$langs->defaultlang.'"></script>'."\n";
2174 }
2175 }
2176 }
2177 }
2178
2179 //If you want to load custom javascript file from your selected theme directory
2180 if (getDolGlobalString('ALLOW_THEME_JS')) {
2181 $theme_js = dol_buildpath('/theme/'.$conf->theme.'/'.$conf->theme.'.js', 0);
2182 if (file_exists($theme_js)) {
2183 print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/'.$conf->theme.'.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2184 }
2185 }
2186
2187 if (!empty($head)) {
2188 print $head."\n";
2189 }
2190 if (getDolGlobalString('MAIN_HTML_HEADER')) {
2191 print getDolGlobalString('MAIN_HTML_HEADER') . "\n";
2192 }
2193
2194 $parameters = array();
2195 $result = $hookmanager->executeHooks('addHtmlHeader', $parameters); // Note that $action and $object may have been modified by some hooks
2196 print $hookmanager->resPrint; // Replace Title to show
2197
2198 print "</head>\n\n";
2199 }
2200
2201 $conf->headerdone = 1; // To tell header was output
2202}
2203
2204
2221function top_menu($head, $title = '', $target = '', $disablejs = 0, $disablehead = 0, $arrayofjs = array(), $arrayofcss = array(), $morequerystring = '', $helppagename = '')
2222{
2223 global $user, $conf, $langs, $db, $form;
2224 global $dolibarr_main_authentication, $dolibarr_main_demo;
2225 global $hookmanager, $menumanager;
2226
2227 $searchform = '';
2228
2229 // Instantiate hooks for external modules
2230 $hookmanager->initHooks(array('toprightmenu'));
2231
2232 $toprightmenu = '';
2233
2234 // For backward compatibility with old modules
2235 if (empty($conf->headerdone)) {
2236 $disablenofollow = 0;
2237 top_htmlhead($head, $title, $disablejs, $disablehead, $arrayofjs, $arrayofcss, 0, $disablenofollow);
2238 print '<body id="mainbody">';
2239 }
2240
2241 /*
2242 * Top menu
2243 */
2244 if ((empty($conf->dol_hide_topmenu) || GETPOSTINT('dol_invisible_topmenu')) && (!defined('NOREQUIREMENU') || !constant('NOREQUIREMENU'))) {
2245 if (!isset($form) || !is_object($form)) {
2246 include_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php';
2247 $form = new Form($db);
2248 }
2249
2250 print "\n".'<!-- Start top horizontal -->'."\n";
2251
2252 print '<header id="id-top" class="side-nav-vert'.(GETPOSTINT('dol_invisible_topmenu') ? ' hidden' : '').'">'; // dol_invisible_topmenu differs from dol_hide_topmenu: dol_invisible_topmenu means we output menu but we make it invisible.
2253
2254 // Show menu entries
2255 print '<div id="tmenu_tooltip'.(!getDolGlobalString('MAIN_MENU_INVERT') ? '' : 'invert').'" class="tmenu">'."\n";
2256 $menumanager->atarget = $target;
2257 $menumanager->showmenu('top', array('searchform' => $searchform)); // This contains a \n
2258 print "</div>\n";
2259
2260 // Define link to login card
2261 $appli = constant('DOL_APPLICATION_TITLE');
2262 if (getDolGlobalString('MAIN_APPLICATION_TITLE')) {
2263 $appli = getDolGlobalString('MAIN_APPLICATION_TITLE');
2264 if (preg_match('/\d\.\d/', $appli)) {
2265 if (!preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) {
2266 $appli .= " (".DOL_VERSION.")"; // If new title contains a version that is different than core
2267 }
2268 } else {
2269 $appli .= " ".DOL_VERSION;
2270 }
2271 } else {
2272 $appli .= " ".DOL_VERSION;
2273 }
2274
2275 if (getDolGlobalInt('MAIN_FEATURES_LEVEL')) {
2276 $appli .= "<br>".$langs->trans("LevelOfFeature").': '.getDolGlobalInt('MAIN_FEATURES_LEVEL');
2277 }
2278
2279 $logouttext = '';
2280 $logouthtmltext = '';
2281 if (!getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {
2282 //$logouthtmltext=$appli.'<br>';
2283 $stringforfirstkey = $langs->trans("KeyboardShortcut");
2284 if ($conf->browser->name == 'chrome') {
2285 $stringforfirstkey .= ' ALT +';
2286 } elseif ($conf->browser->name == 'firefox') {
2287 $stringforfirstkey .= ' ALT + SHIFT +';
2288 } else {
2289 $stringforfirstkey .= ' CTL +';
2290 }
2291 if ($_SESSION["dol_authmode"] != 'forceuser' && $_SESSION["dol_authmode"] != 'http') {
2292 $logouthtmltext .= $langs->trans("Logout").'<br>';
2293 $logouttext .= '<a accesskey="l" href="'.DOL_URL_ROOT.'/user/logout.php?token='.newToken().'">';
2294 $logouttext .= img_picto($langs->trans('Logout').' ('.$stringforfirstkey.' l)', 'sign-out', '', false, 0, 0, '', 'atoplogin valignmiddle');
2295 $logouttext .= '</a>';
2296 } else {
2297 $logouthtmltext .= $langs->trans("NoLogoutProcessWithAuthMode", $_SESSION["dol_authmode"]);
2298 $logouttext .= img_picto($langs->trans('Logout').' ('.$stringforfirstkey.' l)', 'sign-out', '', false, 0, 0, '', 'atoplogin valignmiddle opacitymedium');
2299 }
2300 }
2301
2302 print '<div class="login_block usedropdown">'."\n";
2303
2304 $toprightmenu .= '<div class="login_block_other">';
2305
2306 // Execute hook printTopRightMenu (hooks should output string like '<div class="login"><a href="">mylink</a></div>')
2307 $parameters = array();
2308 $result = $hookmanager->executeHooks('printTopRightMenu', $parameters); // Note that $action and $object may have been modified by some hooks
2309 if (is_numeric($result)) {
2310 if ($result == 0) {
2311 $toprightmenu .= $hookmanager->resPrint; // add
2312 } else {
2313 $toprightmenu = $hookmanager->resPrint; // replace
2314 }
2315 } else {
2316 $toprightmenu .= $result; // For backward compatibility
2317 }
2318
2319 // Link to module builder
2320 if (isModEnabled('modulebuilder')) {
2321 $text = '<a href="'.DOL_URL_ROOT.'/modulebuilder/index.php?mainmenu=home&leftmenu=admintools" target="modulebuilder">';
2322 //$text.= img_picto(":".$langs->trans("ModuleBuilder"), 'printer_top.png', 'class="printer"');
2323 $text .= '<span class="fa fa-bug atoplogin valignmiddle"></span>';
2324 $text .= '</a>';
2325 // @phan-suppress-next-line PhanPluginSuspiciousParamPosition
2326 $toprightmenu .= $form->textwithtooltip('', $langs->trans("ModuleBuilder"), 2, 1, $text, 'login_block_elem', 2);
2327 }
2328
2329 // Link to print main content area (optioncss=print)
2330 if (!getDolGlobalString('MAIN_PRINT_DISABLELINK') && !getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {
2331 $qs = dol_escape_htmltag($_SERVER["QUERY_STRING"]);
2332
2333 if (isset($_POST) && is_array($_POST)) {
2334 foreach ($_POST as $key => $value) {
2335 $key = preg_replace('/[^a-z0-9_\.\-\[\]]/i', '', $key);
2336 if (in_array($key, array('action', 'massaction', 'password'))) {
2337 continue;
2338 }
2339 if (!is_array($value)) {
2340 if ($value !== '') {
2341 $qs .= '&'.urlencode($key).'='.urlencode($value);
2342 }
2343 } else {
2344 foreach ($value as $value2) {
2345 if (($value2 !== '') && (!is_array($value2))) {
2346 $qs .= '&'.urlencode($key).'[]='.urlencode($value2);
2347 }
2348 }
2349 }
2350 }
2351 }
2352 $qs .= (($qs && $morequerystring) ? '&' : '').$morequerystring;
2353 $text = '<a href="'.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.$qs.($qs ? '&' : '').'optioncss=print" target="_blank" rel="noopener noreferrer">';
2354 //$text.= img_picto(":".$langs->trans("PrintContentArea"), 'printer_top.png', 'class="printer"');
2355 $text .= '<span class="fa fa-print atoplogin valignmiddle"></span>';
2356 $text .= '</a>';
2357 // @phan-suppress-next-line PhanPluginSuspiciousParamPosition
2358 $toprightmenu .= $form->textwithtooltip('', $langs->trans("PrintContentArea"), 2, 1, $text, 'login_block_elem', 2);
2359 }
2360
2361 // Link to Dolibarr wiki pages
2362 if (!getDolGlobalString('MAIN_HELP_DISABLELINK') && !getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {
2363 $langs->load("help");
2364
2365 $helpbaseurl = '';
2366 $helppage = '';
2367 $mode = '';
2368 $helppresent = '';
2369
2370 if (empty($helppagename)) {
2371 $helppagename = 'EN:User_documentation|FR:Documentation_utilisateur|ES:Documentación_usuarios|DE:Benutzerdokumentation';
2372 } else {
2373 $helppresent = 'helppresent';
2374 }
2375
2376 // Get helpbaseurl, helppage and mode from helppagename and langs
2377 $arrayres = getHelpParamFor($helppagename, $langs);
2378 $helpbaseurl = $arrayres['helpbaseurl'];
2379 $helppage = $arrayres['helppage'];
2380 $mode = $arrayres['mode'];
2381
2382 // Link to help pages
2383 if ($helpbaseurl && $helppage) {
2384 $text = '';
2385 $title = $langs->trans($mode == 'wiki' ? 'GoToWikiHelpPage' : 'GoToHelpPage').', ';
2386 if ($mode == 'wiki') {
2387 $title .= '<br>'.img_picto('', 'globe', 'class="pictofixedwidth"').$langs->trans("PageWiki").' '.dol_escape_htmltag('"'.strtr($helppage, '_', ' ').'"');
2388 if ($helppresent) {
2389 $title .= ' <span class="opacitymedium">('.$langs->trans("DedicatedPageAvailable").')</span>';
2390 } else {
2391 $title .= ' <span class="opacitymedium">('.$langs->trans("HomePage").')</span>';
2392 }
2393 }
2394 $text .= '<a class="help" target="_blank" rel="noopener noreferrer" href="';
2395 if ($mode == 'wiki') {
2396 // @phan-suppress-next-line PhanPluginPrintfVariableFormatString
2397 $text .= sprintf($helpbaseurl, urlencode(html_entity_decode($helppage)));
2398 } else {
2399 // @phan-suppress-next-line PhanPluginPrintfVariableFormatString
2400 $text .= sprintf($helpbaseurl, $helppage);
2401 }
2402 $text .= '">';
2403 $text .= '<span class="fa fa-question-circle atoplogin valignmiddle'.($helppresent ? ' '.$helppresent : '').'"></span>';
2404 $text .= '<span class="fa fa-long-arrow-alt-up helppresentcircle'.($helppresent ? '' : ' unvisible').'"></span>';
2405 $text .= '</a>';
2406 // @phan-suppress-next-line PhanPluginSuspiciousParamPosition
2407 $toprightmenu .= $form->textwithtooltip('', $title, 2, 1, $text, 'login_block_elem', 2);
2408 }
2409
2410 // Version
2411 if (getDolGlobalString('MAIN_SHOWDATABASENAMEINHELPPAGESLINK')) {
2412 $langs->load('admin');
2413 $appli .= '<br>'.$langs->trans("Database").': '.$db->database_name;
2414 }
2415 }
2416
2417 if (!getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {
2418 $text = '<span class="aversion"><span class="hideonsmartphone small">'.DOL_VERSION.'</span></span>';
2419 // @phan-suppress-next-line PhanPluginSuspiciousParamPosition
2420 $toprightmenu .= $form->textwithtooltip('', $appli, 2, 1, $text, 'login_block_elem', 2);
2421 }
2422
2423 // Logout link
2424 $toprightmenu .= $form->textwithtooltip('', $logouthtmltext, 2, 1, $logouttext, 'login_block_elem logout-btn', 2);
2425
2426 $toprightmenu .= '</div>'; // end div class="login_block_other"
2427
2428
2429 // Add login user link
2430 $toprightmenu .= '<div class="login_block_user">';
2431
2432 // Login name with photo and tooltip
2433 $mode = -1;
2434 $toprightmenu .= '<div class="inline-block login_block_elem login_block_elem_name nowrap centpercent" style="padding: 0px;">';
2435
2436 if (getDolGlobalString('MAIN_USE_TOP_MENU_SEARCH_DROPDOWN')) {
2437 // Add search dropdown
2438 $toprightmenu .= top_menu_search();
2439 }
2440
2441 if (getDolGlobalString('MAIN_USE_TOP_MENU_QUICKADD_DROPDOWN')) {
2442 // Add search dropdown
2443 $toprightmenu .= top_menu_quickadd();
2444 }
2445
2446 // Add bookmark dropdown
2447 $toprightmenu .= top_menu_bookmark();
2448
2449 // Add user dropdown
2450 $toprightmenu .= top_menu_user();
2451
2452 $toprightmenu .= '</div>';
2453
2454 $toprightmenu .= '</div>'."\n";
2455
2456
2457 print $toprightmenu;
2458
2459 print "</div>\n"; // end div class="login_block"
2460
2461 print '</header>';
2462 //print '<header class="header2">&nbsp;</header>';
2463
2464 print '<div style="clear: both;"></div>';
2465 print "<!-- End top horizontal menu -->\n\n";
2466 }
2467
2468 if (empty($conf->dol_hide_leftmenu) && empty($conf->dol_use_jmobile)) {
2469 print '<!-- Begin div id-container --><div id="id-container" class="id-container">';
2470 }
2471}
2472
2473
2481function top_menu_user($hideloginname = 0, $urllogout = '')
2482{
2483 global $langs, $conf, $db, $hookmanager, $user, $mysoc;
2484 global $dolibarr_main_authentication, $dolibarr_main_demo;
2485 global $menumanager;
2486
2487 $langs->load('companies');
2488
2489 $userImage = $userDropDownImage = '';
2490 if (!empty($user->photo)) {
2491 $userImage = Form::showphoto('userphoto', $user, 0, 0, 0, 'photouserphoto userphoto', 'small', 0, 1);
2492 $userDropDownImage = Form::showphoto('userphoto', $user, 0, 0, 0, 'dropdown-user-image', 'small', 0, 1);
2493 } else {
2494 $nophoto = '/public/theme/common/user_anonymous.png';
2495 if ($user->gender == 'man') {
2496 $nophoto = '/public/theme/common/user_man.png';
2497 }
2498 if ($user->gender == 'woman') {
2499 $nophoto = '/public/theme/common/user_woman.png';
2500 }
2501
2502 $userImage = '<img class="photo photouserphoto userphoto" alt="" src="'.DOL_URL_ROOT.$nophoto.'">';
2503 $userDropDownImage = '<img class="photo dropdown-user-image" alt="" src="'.DOL_URL_ROOT.$nophoto.'">';
2504 }
2505
2506 $dropdownBody = '';
2507 $dropdownBody .= '<span id="topmenulogincompanyinfo-btn"><i class="fa fa-caret-right"></i> '.$langs->trans("ShowCompanyInfos").'</span>';
2508 $dropdownBody .= '<div id="topmenulogincompanyinfo" >';
2509
2510 $dropdownBody .= '<br><b>'.$langs->trans("Company").'</b>: <span>'.dol_escape_htmltag($mysoc->name).'</span>';
2511 $idprofcursor = 0;
2512 while ($idprofcursor < 10) {
2513 $idprofcursor++;
2514 $constkeyforprofid = 'MAIN_INFO_PROFID'.$idprofcursor;
2515 if ($idprofcursor == 1) {
2516 $constkeyforprofid = 'MAIN_INFO_SIREN';
2517 }
2518 if ($idprofcursor == 2) {
2519 $constkeyforprofid = 'MAIN_INFO_SIRET';
2520 }
2521 if ($idprofcursor == 3) {
2522 $constkeyforprofid = 'MAIN_INFO_APE';
2523 }
2524 if ($idprofcursor == 4) {
2525 $constkeyforprofid = 'MAIN_INFO_RCS';
2526 }
2527 $showprofid = (($idprofcursor <= 6) && $langs->transcountry("ProfId".$idprofcursor, $mysoc->country_code) != '-');
2528 if ($idprofcursor > 6 && getDolGlobalString($constkeyforprofid)) {
2529 $showprofid = true;
2530 }
2531 if ($showprofid) {
2532 $dropdownBody .= '<br><b>'.$langs->transcountry("ProfId".$idprofcursor, $mysoc->country_code).'</b>: <span>'.dol_print_profids(getDolGlobalString($constkeyforprofid), 1).'</span>';
2533 }
2534 }
2535 $dropdownBody .= '<br><b>'.$langs->trans("VATIntraShort").'</b>: <span>'.dol_print_profids(getDolGlobalString("MAIN_INFO_TVAINTRA"), 'VAT').'</span>';
2536 $dropdownBody .= '<br><b>'.$langs->trans("Country").'</b>: <span>'.($mysoc->country_code ? $langs->trans("Country".$mysoc->country_code) : '').'</span>';
2537 if (isModEnabled('multicurrency')) {
2538 $dropdownBody .= '<br><b>'.$langs->trans("Currency").'</b>: <span>'.$conf->currency.'</span>';
2539 }
2540 $dropdownBody .= '</div>';
2541
2542 $dropdownBody .= '<br>';
2543 $dropdownBody .= '<span id="topmenuloginmoreinfo-btn"><i class="fa fa-caret-right"></i> '.$langs->trans("ShowMoreInfos").'</span>';
2544 $dropdownBody .= '<div id="topmenuloginmoreinfo" >';
2545
2546 // login infos
2547 if (!empty($user->admin)) {
2548 $dropdownBody .= '<br><b>'.$langs->trans("Administrator").'</b>: '.yn($user->admin);
2549 }
2550 if (!empty($user->socid)) { // Add thirdparty for external users
2551 $thirdpartystatic = new Societe($db);
2552 $thirdpartystatic->fetch($user->socid);
2553 $companylink = ' '.$thirdpartystatic->getNomUrl(2); // picto only of company
2554 $company = ' ('.$langs->trans("Company").': '.$thirdpartystatic->name.')';
2555 }
2556 $type = ($user->socid ? $langs->trans("External").$company : $langs->trans("Internal"));
2557 $dropdownBody .= '<br><b>'.$langs->trans("Type").':</b> '.$type;
2558 $dropdownBody .= '<br><b>'.$langs->trans("Status").'</b>: '.$user->getLibStatut(0);
2559 $dropdownBody .= '<br>';
2560
2561 $dropdownBody .= '<br><u>'.$langs->trans("Session").'</u>';
2562 $dropdownBody .= '<br><b>'.$langs->trans("IPAddress").'</b>: '.dol_escape_htmltag($_SERVER["REMOTE_ADDR"]);
2563 if (getDolGlobalString('MAIN_MODULE_MULTICOMPANY')) {
2564 $dropdownBody .= '<br><b>'.$langs->trans("ConnectedOnMultiCompany").':</b> '.$conf->entity.' (user entity '.$user->entity.')';
2565 }
2566 $dropdownBody .= '<br><b>'.$langs->trans("AuthenticationMode").':</b> '.$_SESSION["dol_authmode"].(empty($dolibarr_main_demo) ? '' : ' (demo)');
2567 $dropdownBody .= '<br><b>'.$langs->trans("ConnectedSince").':</b> '.dol_print_date($user->datelastlogin, "dayhour", 'tzuser');
2568 $dropdownBody .= '<br><b>'.$langs->trans("PreviousConnexion").':</b> '.dol_print_date($user->datepreviouslogin, "dayhour", 'tzuser');
2569 $dropdownBody .= '<br><b>'.$langs->trans("CurrentTheme").':</b> '.$conf->theme;
2570 $dropdownBody .= '<br><b>'.$langs->trans("CurrentMenuManager").':</b> '.(isset($menumanager) ? $menumanager->name : 'unknown');
2571 $langFlag = picto_from_langcode($langs->getDefaultLang());
2572 $dropdownBody .= '<br><b>'.$langs->trans("CurrentUserLanguage").':</b> '.($langFlag ? $langFlag.' ' : '').$langs->getDefaultLang();
2573
2574 $tz = (int) $_SESSION['dol_tz'] + (int) $_SESSION['dol_dst'];
2575 $dropdownBody .= '<br><b>'.$langs->trans("ClientTZ").':</b> '.($tz ? ($tz >= 0 ? '+' : '').$tz : '');
2576 $dropdownBody .= ' ('.$_SESSION['dol_tz_string'].')';
2577 //$dropdownBody .= ' &nbsp; &nbsp; &nbsp; '.$langs->trans("DaylingSavingTime").': ';
2578 //if ($_SESSION['dol_dst'] > 0) $dropdownBody .= yn(1);
2579 //else $dropdownBody .= yn(0);
2580
2581 $dropdownBody .= '<br><b>'.$langs->trans("Browser").':</b> '.$conf->browser->name.($conf->browser->version ? ' '.$conf->browser->version : '').' <small class="opacitymedium">('.dol_escape_htmltag($_SERVER['HTTP_USER_AGENT']).')</small>';
2582 $dropdownBody .= '<br><b>'.$langs->trans("Layout").':</b> '.$conf->browser->layout;
2583 $dropdownBody .= '<br><b>'.$langs->trans("Screen").':</b> '.$_SESSION['dol_screenwidth'].' x '.$_SESSION['dol_screenheight'];
2584 if ($conf->browser->layout == 'phone') {
2585 $dropdownBody .= '<br><b>'.$langs->trans("Phone").':</b> '.$langs->trans("Yes");
2586 }
2587 if (!empty($_SESSION["disablemodules"])) {
2588 $dropdownBody .= '<br><b>'.$langs->trans("DisabledModules").':</b> <br>'.implode(', ', explode(',', $_SESSION["disablemodules"]));
2589 }
2590 $dropdownBody .= '</div>';
2591
2592 // Execute hook
2593 $parameters = array('user' => $user, 'langs' => $langs);
2594 $result = $hookmanager->executeHooks('printTopRightMenuLoginDropdownBody', $parameters); // Note that $action and $object may have been modified by some hooks
2595 if (is_numeric($result)) {
2596 if ($result == 0) {
2597 $dropdownBody .= $hookmanager->resPrint; // add
2598 } else {
2599 $dropdownBody = $hookmanager->resPrint; // replace
2600 }
2601 }
2602
2603 if (empty($urllogout)) {
2604 $urllogout = DOL_URL_ROOT.'/user/logout.php?token='.newToken();
2605 }
2606
2607 // accesskey is for Windows or Linux: ALT + key for chrome, ALT + SHIFT + KEY for firefox
2608 // accesskey is for Mac: CTRL + key for all browsers
2609 $stringforfirstkey = $langs->trans("KeyboardShortcut");
2610 if ($conf->browser->name == 'chrome') {
2611 $stringforfirstkey .= ' ALT +';
2612 } elseif ($conf->browser->name == 'firefox') {
2613 $stringforfirstkey .= ' ALT + SHIFT +';
2614 } else {
2615 $stringforfirstkey .= ' CTL +';
2616 }
2617
2618 // Defined the links for bottom of card
2619 $profilLink = '<a accesskey="u" href="'.DOL_URL_ROOT.'/user/card.php?id='.$user->id.'" class="button-top-menu-dropdown" title="'.dol_escape_htmltag($langs->trans("YourUserFile").' ('.$stringforfirstkey.' u)').'"><i class="fa fa-user"></i> '.$langs->trans("Card").'</a>';
2620 $urltovirtualcard = '/user/virtualcard.php?id='.((int) $user->id);
2621 $virtuelcardLink = dolButtonToOpenUrlInDialogPopup('publicvirtualcardmenu', $langs->transnoentitiesnoconv("PublicVirtualCardUrl").(is_object($user) ? ' - '.$user->getFullName($langs) : '').' ('.$stringforfirstkey.' v)', img_picto($langs->trans("PublicVirtualCardUrl").' ('.$stringforfirstkey.' v)', 'card', ''), $urltovirtualcard, '', 'button-top-menu-dropdown marginleftonly nohover', "closeTopMenuLoginDropdown()", '', 'v');
2622 $logoutLink = '<a accesskey="l" href="'.$urllogout.'" class="button-top-menu-dropdown" title="'.dol_escape_htmltag($langs->trans("Logout").' ('.$stringforfirstkey.' l)').'"><i class="fa fa-sign-out-alt padingright"></i><span class="hideonsmartphone">'.$langs->trans("Logout").'</span></a>';
2623
2624 $profilName = $user->getFullName($langs).' ('.$user->login.')';
2625 if (!empty($user->admin)) {
2626 $profilName = '<i class="far fa-star classfortooltip" title="'.$langs->trans("Administrator").'" ></i> '.$profilName;
2627 }
2628
2629 // Define version to show
2630 $appli = constant('DOL_APPLICATION_TITLE');
2631 if (getDolGlobalString('MAIN_APPLICATION_TITLE')) {
2632 $appli = getDolGlobalString('MAIN_APPLICATION_TITLE');
2633 if (preg_match('/\d\.\d/', $appli)) {
2634 if (!preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) {
2635 $appli .= " (".DOL_VERSION.")"; // If new title contains a version that is different than core
2636 }
2637 } else {
2638 $appli .= " ".DOL_VERSION;
2639 }
2640 } else {
2641 $appli .= " ".DOL_VERSION;
2642 }
2643
2644 if (!getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {
2645 $btnUser = '<!-- div for user link -->
2646 <div id="topmenu-login-dropdown" class="userimg atoplogin dropdown user user-menu inline-block">
2647 <a href="'.DOL_URL_ROOT.'/user/card.php?id='.$user->id.'" class="dropdown-toggle login-dropdown-a valignmiddle" data-toggle="dropdown">
2648 '.$userImage.(empty($user->photo) ? '<!-- no photo so show also the login --><span class="hidden-xs maxwidth200 atoploginusername hideonsmartphone paddingleft valignmiddle small">'.dol_trunc($user->firstname ? $user->firstname : $user->login, 10).'</span>' : '').'
2649 </a>
2650 <div class="dropdown-menu">
2651 <!-- User image -->
2652 <div class="user-header">
2653 '.$userDropDownImage.'
2654 <p>
2655 '.$profilName.'<br>';
2656 if ($user->datelastlogin) {
2657 $title = $langs->trans("ConnectedSince").' : '.dol_print_date($user->datelastlogin, "dayhour", 'tzuser');
2658 if ($user->datepreviouslogin) {
2659 $title .= '<br>'.$langs->trans("PreviousConnexion").' : '.dol_print_date($user->datepreviouslogin, "dayhour", 'tzuser');
2660 }
2661 }
2662 $btnUser .= '<small class="classfortooltip" title="'.dol_escape_htmltag($title).'" ><i class="fa fa-user-clock"></i> '.dol_print_date($user->datelastlogin, "dayhour", 'tzuser').'</small><br>';
2663 if ($user->datepreviouslogin) {
2664 $btnUser .= '<small class="classfortooltip" title="'.dol_escape_htmltag($title).'" ><i class="fa fa-user-clock opacitymedium"></i> '.dol_print_date($user->datepreviouslogin, "dayhour", 'tzuser').'</small><br>';
2665 }
2666
2667 //$btnUser .= '<small class="classfortooltip"><i class="fa fa-cog"></i> '.$langs->trans("Version").' '.$appli.'</small>';
2668 $btnUser .= '
2669 </p>
2670 </div>
2671
2672 <!-- Menu Body user-->
2673 <div class="user-body">'.$dropdownBody.'</div>
2674
2675 <!-- Menu Footer-->
2676 <div class="user-footer">
2677 <div class="pull-left">
2678 '.$profilLink.'
2679 </div>
2680 <div class="pull-left">
2681 '.$virtuelcardLink.'
2682 </div>
2683 <div class="pull-right">
2684 '.$logoutLink.'
2685 </div>
2686 <div class="clearboth"></div>
2687 </div>
2688
2689 </div>
2690 </div>';
2691 } else {
2692 $btnUser = '<!-- div for user link text browser -->
2693 <div id="topmenu-login-dropdown" class="userimg atoplogin dropdown user user-menu inline-block">
2694 <a href="'.DOL_URL_ROOT.'/user/card.php?id='.$user->id.'" class="valignmiddle" alt="'.$langs->trans("MyUserCard").'">
2695 '.$userImage.(empty($user->photo) ? '<span class="hidden-xs maxwidth200 atoploginusername hideonsmartphone paddingleft small valignmiddle">'.dol_trunc($user->firstname ? $user->firstname : $user->login, 10).'</span>' : '').'
2696 </a>
2697 </div>';
2698 }
2699
2700 if (!defined('JS_JQUERY_DISABLE_DROPDOWN') && !empty($conf->use_javascript_ajax)) { // This may be set by some pages that use different jquery version to avoid errors
2701 $btnUser .= '
2702 <!-- Code to show/hide the user drop-down -->
2703 <script>
2704 function closeTopMenuLoginDropdown() {
2705 //console.log("close login dropdown"); // This is call at each click on page, so we disable the log
2706 // Hide the menus.
2707 jQuery("#topmenu-login-dropdown").removeClass("open");
2708 }
2709 jQuery(document).ready(function() {
2710 jQuery(document).on("click", function(event) {
2711 // console.log("Click somewhere on screen");
2712 if (!$(event.target).closest("#topmenu-login-dropdown").length) {
2713 closeTopMenuLoginDropdown();
2714 }
2715 });
2716 ';
2717
2718
2719 //if ($conf->theme != 'md') {
2720 $btnUser .= '
2721 jQuery("#topmenu-login-dropdown .dropdown-toggle").on("click", function(event) {
2722 console.log("Click on #topmenu-login-dropdown .dropdown-toggle");
2723 event.preventDefault();
2724 jQuery("#topmenu-login-dropdown").toggleClass("open");
2725 });
2726
2727 jQuery("#topmenulogincompanyinfo-btn").on("click", function() {
2728 console.log("Click on #topmenulogincompanyinfo-btn");
2729 jQuery("#topmenulogincompanyinfo").slideToggle();
2730 });
2731
2732 jQuery("#topmenuloginmoreinfo-btn").on("click", function() {
2733 console.log("Click on #topmenuloginmoreinfo-btn");
2734 jQuery("#topmenuloginmoreinfo").slideToggle();
2735 });';
2736 //}
2737
2738 $btnUser .= '
2739 });
2740 </script>
2741 ';
2742 }
2743
2744 return $btnUser;
2745}
2746
2753{
2754 global $conf, $langs;
2755
2756 // Button disabled on text browser
2757 if (getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {
2758 return '';
2759 }
2760
2761 $html = '';
2762
2763 // accesskey is for Windows or Linux: ALT + key for chrome, ALT + SHIFT + KEY for firefox
2764 // accesskey is for Mac: CTRL + key for all browsers
2765 $stringforfirstkey = $langs->trans("KeyboardShortcut");
2766 if ($conf->browser->os === 'macintosh') {
2767 $stringforfirstkey .= ' CTL +';
2768 } else {
2769 if ($conf->browser->name == 'chrome') {
2770 $stringforfirstkey .= ' ALT +';
2771 } elseif ($conf->browser->name == 'firefox') {
2772 $stringforfirstkey .= ' ALT + SHIFT +';
2773 } else {
2774 $stringforfirstkey .= ' CTL +';
2775 }
2776 }
2777
2778 if (!empty($conf->use_javascript_ajax)) {
2779 $html .= '<!-- div for quick add link -->
2780 <div id="topmenu-quickadd-dropdown" class="atoplogin dropdown inline-block">
2781 <a accesskey="a" class="dropdown-toggle login-dropdown-a nofocusvisible" data-toggle="dropdown" href="#" title="'.$langs->trans('QuickAdd').' ('.$stringforfirstkey.' a)"><i class="fa fa-plus-circle"></i></a>
2782 <div class="dropdown-menu">'.printDropdownQuickadd().'</div>
2783 </div>';
2784 if (!defined('JS_JQUERY_DISABLE_DROPDOWN')) { // This may be set by some pages that use different jquery version to avoid errors
2785 $html .= '
2786 <!-- Code to show/hide the user drop-down for the quick add -->
2787 <script>
2788 jQuery(document).ready(function() {
2789 jQuery(document).on("click", function(event) {
2790 if (!$(event.target).closest("#topmenu-quickadd-dropdown").length) {
2791 // Hide the menus.
2792 $("#topmenu-quickadd-dropdown").removeClass("open");
2793 }
2794 });
2795 $("#topmenu-quickadd-dropdown .dropdown-toggle").on("click", function(event) {
2796 console.log("Click on #topmenu-quickadd-dropdown .dropdown-toggle");
2797 openQuickAddDropDown(event);
2798 });
2799
2800 // Key map shortcut
2801 $(document).keydown(function(event){
2802 var ostype = \''.dol_escape_js($conf->browser->os).'\';
2803 if (ostype === "macintosh") {
2804 if ( event.which === 65 && event.ctrlKey ) {
2805 console.log(\'control + a : trigger open quick add dropdown\');
2806 openQuickAddDropDown(event);
2807 }
2808 } else {
2809 if ( event.which === 65 && event.ctrlKey && event.shiftKey ) {
2810 console.log(\'control + shift + a : trigger open quick add dropdown\');
2811 openQuickAddDropDown(event);
2812 }
2813 }
2814 });
2815
2816 var openQuickAddDropDown = function(event) {
2817 event.preventDefault();
2818 $("#topmenu-quickadd-dropdown").toggleClass("open");
2819 //$("#top-quickadd-search-input").focus();
2820 }
2821 });
2822 </script>
2823 ';
2824 }
2825 }
2826
2827 return $html;
2828}
2829
2836{
2837 global $user, $langs, $hookmanager;
2838
2839 $items = array(
2840 'items' => array(
2841 array(
2842 "url" => "/adherents/card.php?action=create&amp;mainmenu=members",
2843 "title" => "MenuNewMember@members",
2844 "name" => "Adherent@members",
2845 "picto" => "object_member",
2846 "activation" => isModEnabled('member') && $user->hasRight("adherent", "write"), // vs hooking
2847 "position" => 5,
2848 ),
2849 array(
2850 "url" => "/societe/card.php?action=create&amp;mainmenu=companies",
2851 "title" => "MenuNewThirdParty@companies",
2852 "name" => "ThirdParty@companies",
2853 "picto" => "object_company",
2854 "activation" => isModEnabled("societe") && $user->hasRight("societe", "write"), // vs hooking
2855 "position" => 10,
2856 ),
2857 array(
2858 "url" => "/contact/card.php?action=create&amp;mainmenu=companies",
2859 "title" => "NewContactAddress@companies",
2860 "name" => "Contact@companies",
2861 "picto" => "object_contact",
2862 "activation" => isModEnabled("societe") && $user->hasRight("societe", "contact", "write"), // vs hooking
2863 "position" => 20,
2864 ),
2865 array(
2866 "url" => "/comm/propal/card.php?action=create&amp;mainmenu=commercial",
2867 "title" => "NewPropal@propal",
2868 "name" => "Proposal@propal",
2869 "picto" => "object_propal",
2870 "activation" => isModEnabled("propal") && $user->hasRight("propal", "write"), // vs hooking
2871 "position" => 30,
2872 ),
2873
2874 array(
2875 "url" => "/commande/card.php?action=create&amp;mainmenu=commercial",
2876 "title" => "NewOrder@orders",
2877 "name" => "Order@orders",
2878 "picto" => "object_order",
2879 "activation" => isModEnabled('order') && $user->hasRight("commande", "write"), // vs hooking
2880 "position" => 40,
2881 ),
2882 array(
2883 "url" => "/compta/facture/card.php?action=create&amp;mainmenu=billing",
2884 "title" => "NewBill@bills",
2885 "name" => "Bill@bills",
2886 "picto" => "object_bill",
2887 "activation" => isModEnabled('invoice') && $user->hasRight("facture", "write"), // vs hooking
2888 "position" => 50,
2889 ),
2890 array(
2891 "url" => "/contrat/card.php?action=create&amp;mainmenu=commercial",
2892 "title" => "NewContractSubscription@contracts",
2893 "name" => "Contract@contracts",
2894 "picto" => "object_contract",
2895 "activation" => isModEnabled('contract') && $user->hasRight("contrat", "write"), // vs hooking
2896 "position" => 60,
2897 ),
2898 array(
2899 "url" => "/supplier_proposal/card.php?action=create&amp;mainmenu=commercial",
2900 "title" => "SupplierProposalNew@supplier_proposal",
2901 "name" => "SupplierProposal@supplier_proposal",
2902 "picto" => "supplier_proposal",
2903 "activation" => isModEnabled('supplier_proposal') && $user->hasRight("supplier_invoice", "write"), // vs hooking
2904 "position" => 70,
2905 ),
2906 array(
2907 "url" => "/fourn/commande/card.php?action=create&amp;mainmenu=commercial",
2908 "title" => "NewSupplierOrderShort@orders",
2909 "name" => "SupplierOrder@orders",
2910 "picto" => "supplier_order",
2911 "activation" => (isModEnabled("fournisseur") && !getDolGlobalString('MAIN_USE_NEW_SUPPLIERMOD') && $user->hasRight("fournisseur", "commande", "write")) || (isModEnabled("supplier_order") && $user->hasRight("supplier_invoice", "write")), // vs hooking
2912 "position" => 80,
2913 ),
2914 array(
2915 "url" => "/fourn/facture/card.php?action=create&amp;mainmenu=billing",
2916 "title" => "NewBill@bills",
2917 "name" => "SupplierBill@bills",
2918 "picto" => "supplier_invoice",
2919 "activation" => (isModEnabled("fournisseur") && !getDolGlobalString('MAIN_USE_NEW_SUPPLIERMOD') && $user->hasRight("fournisseur", "facture", "write")) || (isModEnabled("supplier_invoice") && $user->hasRight("supplier_invoice", "write")), // vs hooking
2920 "position" => 90,
2921 ),
2922 array(
2923 "url" => "/ticket/card.php?action=create&amp;mainmenu=ticket",
2924 "title" => "NewTicket@ticket",
2925 "name" => "Ticket@ticket",
2926 "picto" => "ticket",
2927 "activation" => isModEnabled('ticket') && $user->hasRight("ticket", "write"), // vs hooking
2928 "position" => 100,
2929 ),
2930 array(
2931 "url" => "/fichinter/card.php?action=create&mainmenu=commercial",
2932 "title" => "NewIntervention@interventions",
2933 "name" => "Intervention@interventions",
2934 "picto" => "intervention",
2935 "activation" => isModEnabled('intervention') && $user->hasRight("ficheinter", "creer"), // vs hooking
2936 "position" => 110,
2937 ),
2938 array(
2939 "url" => "/product/card.php?action=create&amp;type=0&amp;mainmenu=products",
2940 "title" => "NewProduct@products",
2941 "name" => "Product@products",
2942 "picto" => "object_product",
2943 "activation" => isModEnabled("product") && $user->hasRight("produit", "write"), // vs hooking
2944 "position" => 400,
2945 ),
2946 array(
2947 "url" => "/product/card.php?action=create&amp;type=1&amp;mainmenu=products",
2948 "title" => "NewService@products",
2949 "name" => "Service@products",
2950 "picto" => "object_service",
2951 "activation" => isModEnabled("service") && $user->hasRight("service", "write"), // vs hooking
2952 "position" => 410,
2953 ),
2954 array(
2955 "url" => "/user/card.php?action=create&amp;type=1&amp;mainmenu=home",
2956 "title" => "AddUser@users",
2957 "name" => "User@users",
2958 "picto" => "user",
2959 "activation" => $user->hasRight("user", "user", "write"), // vs hooking
2960 "position" => 500,
2961 ),
2962 ),
2963 );
2964
2965 $dropDownQuickAddHtml = '';
2966
2967 // Define $dropDownQuickAddHtml
2968 $dropDownQuickAddHtml .= '<div class="quickadd-body dropdown-body">';
2969 $dropDownQuickAddHtml .= '<div class="dropdown-quickadd-list">';
2970
2971 // Allow the $items of the menu to be manipulated by modules
2972 $parameters = array();
2973 $hook_items = $items;
2974 $reshook = $hookmanager->executeHooks('menuDropdownQuickaddItems', $parameters, $hook_items); // Note that $action and $object may have been modified by some hooks
2975 if (is_numeric($reshook) && !empty($hookmanager->resArray) && is_array($hookmanager->resArray)) {
2976 if ($reshook == 0) {
2977 $items['items'] = array_merge($items['items'], $hookmanager->resArray); // add
2978 } else {
2979 $items = $hookmanager->resArray; // replace
2980 }
2981
2982 // Sort menu items by 'position' value
2983 $position = array();
2984 foreach ($items['items'] as $key => $row) {
2985 $position[$key] = $row['position'];
2986 }
2987 $array1_sort_order = SORT_ASC;
2988 array_multisort($position, $array1_sort_order, $items['items']);
2989 }
2990
2991 foreach ($items['items'] as $item) {
2992 if (!$item['activation']) {
2993 continue;
2994 }
2995 $langs->load(explode('@', $item['title'])[1]);
2996 $langs->load(explode('@', $item['name'])[1]);
2997 $dropDownQuickAddHtml .= '
2998 <a class="dropdown-item quickadd-item" href="'.DOL_URL_ROOT.$item['url'].'" title="'.$langs->trans(explode('@', $item['title'])[0]).'">
2999 '. img_picto('', $item['picto'], 'style="width:18px;"') . ' ' . $langs->trans(explode('@', $item['name'])[0]) . '</a>
3000 ';
3001 }
3002
3003 $dropDownQuickAddHtml .= '</div>';
3004 $dropDownQuickAddHtml .= '</div>';
3005
3006 return $dropDownQuickAddHtml;
3007}
3008
3015{
3016 global $langs, $conf, $db, $user;
3017
3018 $html = '';
3019
3020 // Define $bookmarks
3021 if (!isModEnabled('bookmark') || !$user->hasRight('bookmark', 'lire')) {
3022 return $html;
3023 }
3024
3025 // accesskey is for Windows or Linux: ALT + key for chrome, ALT + SHIFT + KEY for firefox
3026 // accesskey is for Mac: CTRL + key for all browsers
3027 $stringforfirstkey = $langs->trans("KeyboardShortcut");
3028 if ($conf->browser->os === 'macintosh') {
3029 $stringforfirstkey .= ' CTL +';
3030 } else {
3031 if ($conf->browser->name == 'chrome') {
3032 $stringforfirstkey .= ' ALT +';
3033 } elseif ($conf->browser->name == 'firefox') {
3034 $stringforfirstkey .= ' ALT + SHIFT +';
3035 } else {
3036 $stringforfirstkey .= ' CTL +';
3037 }
3038 }
3039
3040 if (!defined('JS_JQUERY_DISABLE_DROPDOWN') && !empty($conf->use_javascript_ajax)) { // This may be set by some pages that use different jquery version to avoid errors
3041 include_once DOL_DOCUMENT_ROOT.'/bookmarks/bookmarks.lib.php';
3042 $langs->load("bookmarks");
3043
3044 if (getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {
3045 $html .= '<div id="topmenu-bookmark-dropdown" class="dropdown inline-block">';
3046 $html .= printDropdownBookmarksList();
3047 $html .= '</div>';
3048 } else {
3049 $html .= '<!-- div for bookmark link -->
3050 <div id="topmenu-bookmark-dropdown" class="dropdown inline-block">
3051 <a accesskey="b" class="dropdown-toggle login-dropdown-a nofocusvisible" data-toggle="dropdown" href="#" title="'.$langs->trans('Bookmarks').' ('.$stringforfirstkey.' b)"><i class="fa fa-star"></i></a>
3052 <div class="dropdown-menu">
3054 </div>
3055 </div>';
3056
3057 $html .= '
3058 <!-- Code to show/hide the bookmark drop-down -->
3059 <script>
3060 jQuery(document).ready(function() {
3061 jQuery(document).on("click", function(event) {
3062 if (!$(event.target).closest("#topmenu-bookmark-dropdown").length) {
3063 //console.log("close bookmark dropdown - we click outside");
3064 // Hide the menus.
3065 $("#topmenu-bookmark-dropdown").removeClass("open");
3066 }
3067 });
3068
3069 jQuery("#topmenu-bookmark-dropdown .dropdown-toggle").on("click", function(event) {
3070 console.log("Click on #topmenu-bookmark-dropdown .dropdown-toggle");
3071 openBookMarkDropDown(event);
3072 });
3073
3074 // Key map shortcut
3075 jQuery(document).keydown(function(event) {
3076 var ostype = \''.dol_escape_js($conf->browser->os).'\';
3077 if (ostype === "macintosh") {
3078 if ( event.which === 66 && event.ctrlKey ) {
3079 console.log("Click on control + b : trigger open bookmark dropdown");
3080 openBookMarkDropDown(event);
3081 }
3082 } else {
3083 if ( event.which === 66 && event.ctrlKey && event.shiftKey ) {
3084 console.log("Click on control + shift + b : trigger open bookmark dropdown");
3085 openBookMarkDropDown(event);
3086 }
3087 }
3088 });
3089
3090 var openBookMarkDropDown = function(event) {
3091 event.preventDefault();
3092 jQuery("#topmenu-bookmark-dropdown").toggleClass("open");
3093 jQuery("#top-bookmark-search-input").focus();
3094 }
3095
3096 });
3097 </script>
3098 ';
3099 }
3100 }
3101 return $html;
3102}
3103
3109function top_menu_search()
3110{
3111 global $langs, $conf, $db, $user, $hookmanager;
3112
3113 $html = '';
3114
3115 $usedbyinclude = 1;
3116 $arrayresult = array();
3117 include DOL_DOCUMENT_ROOT.'/core/ajax/selectsearchbox.php'; // This sets $arrayresult
3118
3119 // accesskey is for Windows or Linux: ALT + key for chrome, ALT + SHIFT + KEY for firefox
3120 // accesskey is for Mac: CTRL + key for all browsers
3121 $stringforfirstkey = $langs->trans("KeyboardShortcut");
3122 if ($conf->browser->name == 'chrome') {
3123 $stringforfirstkey .= ' ALT +';
3124 } elseif ($conf->browser->name == 'firefox') {
3125 $stringforfirstkey .= ' ALT + SHIFT +';
3126 } else {
3127 $stringforfirstkey .= ' CTL +';
3128 }
3129
3130 $searchInput = '<input type="search" name="search_all"'.($stringforfirstkey ? ' title="'.dol_escape_htmltag($stringforfirstkey.' s').'"' : '').' id="top-global-search-input" class="dropdown-search-input search_component_input" placeholder="'.$langs->trans('Search').'" autocomplete="off">';
3131
3132 $defaultAction = '';
3133 $buttonList = '<div class="dropdown-global-search-button-list" >';
3134 // Menu with all searchable items
3135 foreach ($arrayresult as $keyItem => $item) {
3136 if (empty($defaultAction)) {
3137 $defaultAction = $item['url'];
3138 }
3139 $buttonList .= '<button class="dropdown-item global-search-item tdoverflowmax300" data-target="'.dol_escape_htmltag($item['url']).'" >';
3140 $buttonList .= $item['text'];
3141 $buttonList .= '</button>';
3142 }
3143 $buttonList .= '</div>';
3144
3145 $dropDownHtml = '<form role="search" id="top-menu-action-search" name="actionsearch" method="GET" action="'.$defaultAction.'">';
3146
3147 $dropDownHtml .= '
3148 <!-- search input -->
3149 <div class="dropdown-header search-dropdown-header">
3150 ' . $searchInput.'
3151 </div>
3152 ';
3153
3154 $dropDownHtml .= '
3155 <!-- Menu Body search -->
3156 <div class="dropdown-body search-dropdown-body">
3157 '.$buttonList.'
3158 </div>
3159 ';
3160
3161 $dropDownHtml .= '</form>';
3162
3163 // accesskey is for Windows or Linux: ALT + key for chrome, ALT + SHIFT + KEY for firefox
3164 // accesskey is for Mac: CTRL + key for all browsers
3165 $stringforfirstkey = $langs->trans("KeyboardShortcut");
3166 if ($conf->browser->name == 'chrome') {
3167 $stringforfirstkey .= ' ALT +';
3168 } elseif ($conf->browser->name == 'firefox') {
3169 $stringforfirstkey .= ' ALT + SHIFT +';
3170 } else {
3171 $stringforfirstkey .= ' CTL +';
3172 }
3173
3174 $html .= '<!-- div for Global Search -->
3175 <div id="topmenu-global-search-dropdown" class="atoplogin dropdown inline-block">
3176 <a accesskey="s" class="dropdown-toggle login-dropdown-a nofocusvisible" data-toggle="dropdown" href="#" title="'.$langs->trans('Search').' ('.$stringforfirstkey.' s)">
3177 <i class="fa fa-search" aria-hidden="true" ></i>
3178 </a>
3179 <div class="dropdown-menu dropdown-search">
3180 '.$dropDownHtml.'
3181 </div>
3182 </div>';
3183
3184 $html .= '
3185 <!-- Code to show/hide the user drop-down -->
3186 <script>
3187 jQuery(document).ready(function() {
3188
3189 // prevent submitting form on press ENTER
3190 jQuery("#top-global-search-input").keydown(function (e) {
3191 if (e.keyCode == 13 || e.keyCode == 40) {
3192 var inputs = $(this).parents("form").eq(0).find(":button");
3193 if (inputs[inputs.index(this) + 1] != null) {
3194 inputs[inputs.index(this) + 1].focus();
3195 if (e.keyCode == 13){
3196 inputs[inputs.index(this) + 1].trigger("click");
3197 }
3198
3199 }
3200 e.preventDefault();
3201 return false;
3202 }
3203 });
3204
3205 // arrow key nav
3206 jQuery(document).keydown(function(e) {
3207 // Get the focused element:
3208 var $focused = $(":focus");
3209 if($focused.length && $focused.hasClass("global-search-item")){
3210
3211 // UP - move to the previous line
3212 if (e.keyCode == 38) {
3213 e.preventDefault();
3214 $focused.prev().focus();
3215 }
3216
3217 // DOWN - move to the next line
3218 if (e.keyCode == 40) {
3219 e.preventDefault();
3220 $focused.next().focus();
3221 }
3222 }
3223 });
3224
3225
3226 // submit form action
3227 jQuery(".dropdown-global-search-button-list .global-search-item").on("click", function(event) {
3228 jQuery("#top-menu-action-search").attr("action", $(this).data("target"));
3229 jQuery("#top-menu-action-search").submit();
3230 });
3231
3232 // close drop down
3233 jQuery(document).on("click", function(event) {
3234 if (!$(event.target).closest("#topmenu-global-search-dropdown").length) {
3235 console.log("click close search - we click outside");
3236 // Hide the menus.
3237 jQuery("#topmenu-global-search-dropdown").removeClass("open");
3238 }
3239 });
3240
3241 // Open drop down
3242 jQuery("#topmenu-global-search-dropdown .dropdown-toggle").on("click", function(event) {
3243 console.log("click on toggle #topmenu-global-search-dropdown .dropdown-toggle");
3244 openGlobalSearchDropDown();
3245 });
3246
3247 // Key map shortcut
3248 jQuery(document).keydown(function(e){
3249 if ( e.which === 70 && e.ctrlKey && e.shiftKey ) {
3250 console.log(\'control + shift + f : trigger open global-search dropdown\');
3251 openGlobalSearchDropDown();
3252 }
3253 if ( e.which === 70 && e.alKey ) {
3254 console.log(\'alt + f : trigger open global-search dropdown\');
3255 openGlobalSearchDropDown();
3256 }
3257 });
3258
3259 var openGlobalSearchDropDown = function() {
3260 jQuery("#topmenu-global-search-dropdown").toggleClass("open");
3261 jQuery("#top-global-search-input").focus();
3262 }
3263
3264 });
3265 </script>
3266 ';
3267
3268 return $html;
3269}
3270
3285function left_menu($menu_array_before, $helppagename = '', $notused = '', $menu_array_after = array(), $leftmenuwithoutmainarea = 0, $title = '', $acceptdelayedhtml = 0)
3286{
3287 global $user, $conf, $langs, $db, $form;
3288 global $hookmanager, $menumanager;
3289
3290 $searchform = '';
3291
3292 if (!empty($menu_array_before)) {
3293 dol_syslog("Deprecated parameter menu_array_before was used when calling main::left_menu function. Menu entries of module should now be defined into module descriptor and not provided when calling left_menu.", LOG_WARNING);
3294 }
3295
3296 if (empty($conf->dol_hide_leftmenu) && (!defined('NOREQUIREMENU') || !constant('NOREQUIREMENU'))) {
3297 // Instantiate hooks for external modules
3298 $hookmanager->initHooks(array('leftblock'));
3299
3300 print "\n".'<!-- Begin side-nav id-left -->'."\n".'<div class="side-nav"><div id="id-left">'."\n";
3301 print "\n";
3302
3303 if (!is_object($form)) {
3304 $form = new Form($db);
3305 }
3306 $selected = -1;
3307 if (!getDolGlobalString('MAIN_USE_TOP_MENU_SEARCH_DROPDOWN')) {
3308 // Select with select2 is awful on smartphone. TODO Is this still true with select2 v4 ?
3309 if ($conf->browser->layout == 'phone') {
3310 $conf->global->MAIN_USE_OLD_SEARCH_FORM = 1;
3311 }
3312
3313 $usedbyinclude = 1;
3314 $arrayresult = array();
3315 include DOL_DOCUMENT_ROOT.'/core/ajax/selectsearchbox.php'; // This make initHooks('searchform') then set $arrayresult
3316
3317 if ($conf->use_javascript_ajax && !getDolGlobalString('MAIN_USE_OLD_SEARCH_FORM')) {
3318 // accesskey is for Windows or Linux: ALT + key for chrome, ALT + SHIFT + KEY for firefox
3319 // accesskey is for Mac: CTRL + key for all browsers
3320 $stringforfirstkey = $langs->trans("KeyboardShortcut");
3321 if ($conf->browser->name == 'chrome') {
3322 $stringforfirstkey .= ' ALT +';
3323 } elseif ($conf->browser->name == 'firefox') {
3324 $stringforfirstkey .= ' ALT + SHIFT +';
3325 } else {
3326 $stringforfirstkey .= ' CTL +';
3327 }
3328
3329 //$textsearch = $langs->trans("Search");
3330 $textsearch = '<span class="fa fa-search paddingright pictofixedwidth"></span>'.$langs->trans("Search");
3331 $searchform .= $form->selectArrayFilter('searchselectcombo', $arrayresult, $selected, 'accesskey="s"', 1, 0, (!getDolGlobalString('MAIN_SEARCHBOX_CONTENT_LOADED_BEFORE_KEY') ? 1 : 0), 'vmenusearchselectcombo', 1, $textsearch, 1, $stringforfirstkey.' s');
3332 } else {
3333 if (is_array($arrayresult)) {
3334 foreach ($arrayresult as $key => $val) {
3335 $searchform .= printSearchForm($val['url'], $val['url'], $val['label'], 'maxwidth125', 'search_all', (empty($val['shortcut']) ? '' : $val['shortcut']), 'searchleft'.$key, $val['img']);
3336 }
3337 }
3338 }
3339
3340 // Execute hook printSearchForm
3341 $parameters = array('searchform' => $searchform);
3342 $reshook = $hookmanager->executeHooks('printSearchForm', $parameters); // Note that $action and $object may have been modified by some hooks
3343 if (empty($reshook)) {
3344 $searchform .= $hookmanager->resPrint;
3345 } else {
3346 $searchform = $hookmanager->resPrint;
3347 }
3348
3349 // Force special value for $searchform for text browsers or very old search form
3350 if (getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER') || empty($conf->use_javascript_ajax)) {
3351 $urltosearch = DOL_URL_ROOT.'/core/search_page.php?showtitlebefore=1';
3352 $searchform = '<div class="blockvmenuimpair blockvmenusearchphone"><div id="divsearchforms1"><a href="'.$urltosearch.'" accesskey="s" alt="'.dol_escape_htmltag($langs->trans("ShowSearchFields")).'">'.$langs->trans("Search").'...</a></div></div>';
3353 } elseif ($conf->use_javascript_ajax && getDolGlobalString('MAIN_USE_OLD_SEARCH_FORM')) {
3354 $searchform = '<div class="blockvmenuimpair blockvmenusearchphone"><div id="divsearchforms1"><a href="#" alt="'.dol_escape_htmltag($langs->trans("ShowSearchFields")).'">'.$langs->trans("Search").'...</a></div><div id="divsearchforms2" style="display: none">'.$searchform.'</div>';
3355 $searchform .= '<script>
3356 jQuery(document).ready(function () {
3357 jQuery("#divsearchforms1").click(function(){
3358 jQuery("#divsearchforms2").toggle();
3359 });
3360 });
3361 </script>' . "\n";
3362 $searchform .= '</div>';
3363 }
3364
3365 // Key map shortcut
3366 $searchform .= '<script>
3367 jQuery(document).keydown(function(e){
3368 if( e.which === 70 && e.ctrlKey && e.shiftKey ){
3369 console.log(\'control + shift + f : trigger open global-search dropdown\');
3370 openGlobalSearchDropDown();
3371 }
3372 if( (e.which === 83 || e.which === 115) && e.altKey ){
3373 console.log(\'alt + s : trigger open global-search dropdown\');
3374 openGlobalSearchDropDown();
3375 }
3376 });
3377
3378 var openGlobalSearchDropDown = function() {
3379 jQuery("#searchselectcombo").select2(\'open\');
3380 }
3381 </script>';
3382 }
3383
3384 // Left column
3385 print '<!-- Begin left menu -->'."\n";
3386
3387 print '<div class="vmenu"'.(getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER') ? ' alt="Left menu"' : '').'>'."\n\n";
3388
3389 // Show left menu with other forms
3390 $menumanager->menu_array = $menu_array_before;
3391 $menumanager->menu_array_after = $menu_array_after;
3392 $menumanager->showmenu('left', array('searchform' => $searchform)); // output menu_array and menu found in database
3393
3394 // Dolibarr version + help + bug report link
3395 print "\n";
3396 print "<!-- Begin Help Block-->\n";
3397 print '<div id="blockvmenuhelp" class="blockvmenuhelp">'."\n";
3398
3399 // Version
3400 if (getDolGlobalString('MAIN_SHOW_VERSION')) { // Version is already on help picto and on login page.
3401 $doliurl = 'https://www.dolibarr.org';
3402 //local communities
3403 if (preg_match('/fr/i', $langs->defaultlang)) {
3404 $doliurl = 'https://www.dolibarr.fr';
3405 }
3406 if (preg_match('/es/i', $langs->defaultlang)) {
3407 $doliurl = 'https://www.dolibarr.es';
3408 }
3409 if (preg_match('/de/i', $langs->defaultlang)) {
3410 $doliurl = 'https://www.dolibarr.de';
3411 }
3412 if (preg_match('/it/i', $langs->defaultlang)) {
3413 $doliurl = 'https://www.dolibarr.it';
3414 }
3415 if (preg_match('/gr/i', $langs->defaultlang)) {
3416 $doliurl = 'https://www.dolibarr.gr';
3417 }
3418
3419 $appli = constant('DOL_APPLICATION_TITLE');
3420 if (getDolGlobalString('MAIN_APPLICATION_TITLE')) {
3421 $appli = getDolGlobalString('MAIN_APPLICATION_TITLE');
3422 $doliurl = '';
3423 if (preg_match('/\d\.\d/', $appli)) {
3424 if (!preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) {
3425 $appli .= " (".DOL_VERSION.")"; // If new title contains a version that is different than core
3426 }
3427 } else {
3428 $appli .= " ".DOL_VERSION;
3429 }
3430 } else {
3431 $appli .= " ".DOL_VERSION;
3432 }
3433 print '<div id="blockvmenuhelpapp" class="blockvmenuhelp">';
3434 if ($doliurl) {
3435 print '<a class="help" target="_blank" rel="noopener noreferrer" href="'.$doliurl.'">';
3436 } else {
3437 print '<span class="help">';
3438 }
3439 print $appli;
3440 if ($doliurl) {
3441 print '</a>';
3442 } else {
3443 print '</span>';
3444 }
3445 print '</div>'."\n";
3446 }
3447
3448 // Link to bugtrack
3449 if (getDolGlobalString('MAIN_BUGTRACK_ENABLELINK')) {
3450 require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
3451
3452 if (getDolGlobalString('MAIN_BUGTRACK_ENABLELINK') == 'github') {
3453 $bugbaseurl = 'https://github.com/Dolibarr/dolibarr/issues/new?labels=Bug';
3454 $bugbaseurl .= '&title=';
3455 $bugbaseurl .= urlencode("Bug: ");
3456 $bugbaseurl .= '&body=';
3457 $bugbaseurl .= urlencode("# Instructions\n");
3458 $bugbaseurl .= urlencode("*This is a template to help you report good issues. You may use [Github Markdown](https://help.github.com/articles/getting-started-with-writing-and-formatting-on-github/) syntax to format your issue report.*\n");
3459 $bugbaseurl .= urlencode("*Please:*\n");
3460 $bugbaseurl .= urlencode("- *replace the bracket enclosed texts with meaningful information*\n");
3461 $bugbaseurl .= urlencode("- *remove any unused sub-section*\n");
3462 $bugbaseurl .= urlencode("\n");
3463 $bugbaseurl .= urlencode("\n");
3464 $bugbaseurl .= urlencode("# Bug\n");
3465 $bugbaseurl .= urlencode("[*Short description*]\n");
3466 $bugbaseurl .= urlencode("\n");
3467 $bugbaseurl .= urlencode("## Environment\n");
3468 $bugbaseurl .= urlencode("- **Version**: ".DOL_VERSION."\n");
3469 $bugbaseurl .= urlencode("- **OS**: ".php_uname('s')."\n");
3470 $bugbaseurl .= urlencode("- **Web server**: ".$_SERVER["SERVER_SOFTWARE"]."\n");
3471 $bugbaseurl .= urlencode("- **PHP**: ".php_sapi_name().' '.phpversion()."\n");
3472 $bugbaseurl .= urlencode("- **Database**: ".$db::LABEL.' '.$db->getVersion()."\n");
3473 $bugbaseurl .= urlencode("- **URL(s)**: ".$_SERVER["REQUEST_URI"]."\n");
3474 $bugbaseurl .= urlencode("\n");
3475 $bugbaseurl .= urlencode("## Expected and actual behavior\n");
3476 $bugbaseurl .= urlencode("[*Verbose description*]\n");
3477 $bugbaseurl .= urlencode("\n");
3478 $bugbaseurl .= urlencode("## Steps to reproduce the behavior\n");
3479 $bugbaseurl .= urlencode("[*Verbose description*]\n");
3480 $bugbaseurl .= urlencode("\n");
3481 $bugbaseurl .= urlencode("## [Attached files](https://help.github.com/articles/issue-attachments) (Screenshots, screencasts, dolibarr.log, debugging information…)\n");
3482 $bugbaseurl .= urlencode("[*Files*]\n");
3483 $bugbaseurl .= urlencode("\n");
3484
3485 $bugbaseurl .= urlencode("\n");
3486 $bugbaseurl .= urlencode("## Report\n");
3487 } elseif (getDolGlobalString('MAIN_BUGTRACK_ENABLELINK')) {
3488 $bugbaseurl = getDolGlobalString('MAIN_BUGTRACK_ENABLELINK');
3489 } else {
3490 $bugbaseurl = "";
3491 }
3492
3493 // Execute hook printBugtrackInfo
3494 $parameters = array('bugbaseurl' => $bugbaseurl);
3495 $reshook = $hookmanager->executeHooks('printBugtrackInfo', $parameters); // Note that $action and $object may have been modified by some hooks
3496 if (empty($reshook)) {
3497 $bugbaseurl .= $hookmanager->resPrint;
3498 } else {
3499 $bugbaseurl = $hookmanager->resPrint;
3500 }
3501
3502 print '<div id="blockvmenuhelpbugreport" class="blockvmenuhelp">';
3503 print '<a class="help" target="_blank" rel="noopener noreferrer" href="'.$bugbaseurl.'"><i class="fas fa-bug"></i> '.$langs->trans("FindBug").'</a>';
3504 print '</div>';
3505 }
3506
3507 print "</div>\n";
3508 print "<!-- End Help Block-->\n";
3509 print "\n";
3510
3511 print "</div>\n";
3512 print "<!-- End left menu -->\n";
3513 print "\n";
3514
3515 // Execute hook printLeftBlock
3516 $parameters = array();
3517 $reshook = $hookmanager->executeHooks('printLeftBlock', $parameters); // Note that $action and $object may have been modified by some hooks
3518 print $hookmanager->resPrint;
3519
3520 print '</div></div> <!-- End side-nav id-left -->'; // End div id="side-nav" div id="id-left"
3521 }
3522
3523 print "\n";
3524 print '<!-- Begin right area -->'."\n";
3525
3526 if (empty($leftmenuwithoutmainarea)) {
3527 main_area($title);
3528 }
3529}
3530
3531
3538function main_area($title = '')
3539{
3540 global $conf, $langs, $hookmanager;
3541
3542 if (empty($conf->dol_hide_leftmenu) && !GETPOST('dol_openinpopup', 'aZ09')) {
3543 print '<div id="id-right">';
3544 }
3545
3546 print "\n";
3547
3548 print '<!-- Begin div class="fiche" -->'."\n".'<div class="fiche">'."\n";
3549
3550 $hookmanager->initHooks(array('main'));
3551 $parameters = array();
3552 $reshook = $hookmanager->executeHooks('printMainArea', $parameters); // Note that $action and $object may have been modified by some hooks
3553 print $hookmanager->resPrint;
3554
3555 if (getDolGlobalString('MAIN_ONLY_LOGIN_ALLOWED')) {
3556 print info_admin($langs->trans("WarningYouAreInMaintenanceMode", getDolGlobalString('MAIN_ONLY_LOGIN_ALLOWED')), 0, 0, 1, 'warning maintenancemode');
3557 }
3558
3559 // Permit to add user company information on each printed document by setting SHOW_SOCINFO_ON_PRINT
3560 if (getDolGlobalString('SHOW_SOCINFO_ON_PRINT') && GETPOST('optioncss', 'aZ09') == 'print' && empty(GETPOST('disable_show_socinfo_on_print', 'aZ09'))) {
3561 $parameters = array();
3562 $reshook = $hookmanager->executeHooks('showSocinfoOnPrint', $parameters);
3563 if (empty($reshook)) {
3564 print '<!-- Begin show mysoc info header -->'."\n";
3565 print '<div id="mysoc-info-header">'."\n";
3566 print '<table class="centpercent div-table-responsive">'."\n";
3567 print '<tbody>';
3568 print '<tr><td rowspan="0" class="width20p">';
3569 if (getDolGlobalString('MAIN_SHOW_LOGO') && !getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER') && getDolGlobalString('MAIN_INFO_SOCIETE_LOGO')) {
3570 print '<img id="mysoc-info-header-logo" style="max-width:100%" alt="" src="'.DOL_URL_ROOT.'/viewimage.php?cache=1&modulepart=mycompany&file='.urlencode('logos/'.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SOCIETE_LOGO'))).'">';
3571 }
3572 print '</td><td rowspan="0" class="width50p"></td></tr>'."\n";
3573 print '<tr><td class="titre bold">'.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SOCIETE_NOM')).'</td></tr>'."\n";
3574 print '<tr><td>'.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SOCIETE_ADDRESS')).'<br>'.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SOCIETE_ZIP')).' '.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SOCIETE_TOWN')).'</td></tr>'."\n";
3575 if (getDolGlobalString('MAIN_INFO_SOCIETE_TEL')) {
3576 print '<tr><td style="padding-left: 1em" class="small">'.$langs->trans("Phone").' : '.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SOCIETE_TEL')).'</td></tr>';
3577 }
3578 if (getDolGlobalString('MAIN_INFO_SOCIETE_MAIL')) {
3579 print '<tr><td style="padding-left: 1em" class="small">'.$langs->trans("Email").' : '.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SOCIETE_MAIL')).'</td></tr>';
3580 }
3581 if (getDolGlobalString('MAIN_INFO_SOCIETE_WEB')) {
3582 print '<tr><td style="padding-left: 1em" class="small">'.$langs->trans("Web").' : '.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SOCIETE_WEB')).'</td></tr>';
3583 }
3584 print '</tbody>';
3585 print '</table>'."\n";
3586 print '</div>'."\n";
3587 print '<!-- End show mysoc info header -->'."\n";
3588 }
3589 }
3590}
3591
3592
3600function getHelpParamFor($helppagename, $langs)
3601{
3602 $helpbaseurl = '';
3603 $helppage = '';
3604 $mode = '';
3605
3606 if (preg_match('/^http/i', $helppagename)) {
3607 // If complete URL
3608 $helpbaseurl = '%s';
3609 $helppage = $helppagename;
3610 $mode = 'local';
3611 } else {
3612 // If WIKI URL
3613 $reg = array();
3614 if (preg_match('/^es/i', $langs->defaultlang)) {
3615 $helpbaseurl = 'http://wiki.dolibarr.org/index.php/%s';
3616 if (preg_match('/ES:([^|]+)/i', $helppagename, $reg)) {
3617 $helppage = $reg[1];
3618 }
3619 }
3620 if (preg_match('/^fr/i', $langs->defaultlang)) {
3621 $helpbaseurl = 'http://wiki.dolibarr.org/index.php/%s';
3622 if (preg_match('/FR:([^|]+)/i', $helppagename, $reg)) {
3623 $helppage = $reg[1];
3624 }
3625 }
3626 if (preg_match('/^de/i', $langs->defaultlang)) {
3627 $helpbaseurl = 'http://wiki.dolibarr.org/index.php/%s';
3628 if (preg_match('/DE:([^|]+)/i', $helppagename, $reg)) {
3629 $helppage = $reg[1];
3630 }
3631 }
3632 if (empty($helppage)) { // If help page not already found
3633 $helpbaseurl = 'http://wiki.dolibarr.org/index.php/%s';
3634 if (preg_match('/EN:([^|]+)/i', $helppagename, $reg)) {
3635 $helppage = $reg[1];
3636 }
3637 }
3638 $mode = 'wiki';
3639 }
3640 return array('helpbaseurl' => $helpbaseurl, 'helppage' => $helppage, 'mode' => $mode);
3641}
3642
3643
3660function printSearchForm($urlaction, $urlobject, $title, $htmlmorecss, $htmlinputname, $accesskey = '', $prefhtmlinputname = '', $img = '', $showtitlebefore = 0, $autofocus = 0)
3661{
3662 global $langs, $user;
3663
3664 $ret = '';
3665 $ret .= '<form action="'.$urlaction.'" method="post" class="searchform nowraponall tagtr">';
3666 $ret .= '<input type="hidden" name="token" value="'.newToken().'">';
3667 $ret .= '<input type="hidden" name="savelogin" value="'.dol_escape_htmltag($user->login).'">';
3668 if ($showtitlebefore) {
3669 $ret .= '<div class="tagtd left">'.$title.'</div> ';
3670 }
3671 $ret .= '<div class="tagtd">';
3672 $ret .= img_picto('', $img, '', false, 0, 0, '', 'paddingright width20');
3673 $ret .= '<input type="text" class="flat '.$htmlmorecss.'"';
3674 $ret .= ' style="background-repeat: no-repeat; background-position: 3px;"';
3675 $ret .= ($accesskey ? ' accesskey="'.$accesskey.'"' : '');
3676 $ret .= ' placeholder="'.strip_tags($title).'"';
3677 $ret .= ($autofocus ? ' autofocus' : '');
3678 $ret .= ' name="'.$htmlinputname.'" id="'.$prefhtmlinputname.$htmlinputname.'" />';
3679 $ret .= '<button type="submit" class="button bordertransp" style="padding-top: 4px; padding-bottom: 4px; padding-left: 6px; padding-right: 6px">';
3680 $ret .= '<span class="fa fa-search"></span>';
3681 $ret .= '</button>';
3682 $ret .= '</div>';
3683 $ret .= "</form>\n";
3684 return $ret;
3685}
3686
3687
3688if (!function_exists("llxFooter")) {
3699 function llxFooter($comment = '', $zone = 'private', $disabledoutputofmessages = 0)
3700 {
3701 global $conf, $db, $langs, $user, $mysoc, $object, $hookmanager, $action;
3702 global $delayedhtmlcontent;
3703 global $contextpage, $page, $limit, $mode;
3704 global $dolibarr_distrib;
3705
3706 $ext = 'layout='.urlencode($conf->browser->layout).'&version='.urlencode(DOL_VERSION);
3707
3708 // Hook to add more things on all pages within fiche DIV
3709 $llxfooter = '';
3710 $parameters = array();
3711 $reshook = $hookmanager->executeHooks('llxFooter', $parameters, $object, $action); // Note that $action and $object may have been modified by hook
3712 if (empty($reshook)) {
3713 $llxfooter .= $hookmanager->resPrint;
3714 } elseif ($reshook > 0) {
3715 $llxfooter = $hookmanager->resPrint;
3716 }
3717 if ($llxfooter) {
3718 print $llxfooter;
3719 }
3720
3721 // Global html output events ($mesgs, $errors, $warnings)
3722 dol_htmloutput_events($disabledoutputofmessages);
3723
3724 // Code for search criteria persistence.
3725 // $user->lastsearch_values was set by the GETPOST when form field search_xxx exists
3726 if (is_object($user) && !empty($user->lastsearch_values_tmp) && is_array($user->lastsearch_values_tmp)) {
3727 // Clean and save data
3728 foreach ($user->lastsearch_values_tmp as $key => $val) {
3729 unset($_SESSION['lastsearch_values_tmp_'.$key]); // Clean array to rebuild it just after
3730 if (count($val) && empty($_POST['button_removefilter']) && empty($_POST['button_removefilter_x'])) {
3731 if (empty($val['sortfield'])) {
3732 unset($val['sortfield']);
3733 }
3734 if (empty($val['sortorder'])) {
3735 unset($val['sortorder']);
3736 }
3737 dol_syslog('Save lastsearch_values_tmp_'.$key.'='.json_encode($val, 0)." (systematic recording of last search criteria)");
3738 $_SESSION['lastsearch_values_tmp_'.$key] = json_encode($val);
3739 unset($_SESSION['lastsearch_values_'.$key]);
3740 }
3741 }
3742 }
3743
3744
3745 $relativepathstring = $_SERVER["PHP_SELF"];
3746 // Clean $relativepathstring
3747 if (constant('DOL_URL_ROOT')) {
3748 $relativepathstring = preg_replace('/^'.preg_quote(constant('DOL_URL_ROOT'), '/').'/', '', $relativepathstring);
3749 }
3750 $relativepathstring = preg_replace('/^\//', '', $relativepathstring);
3751 $relativepathstring = preg_replace('/^custom\//', '', $relativepathstring);
3752 if (preg_match('/list\.php$/', $relativepathstring)) {
3753 unset($_SESSION['lastsearch_contextpage_tmp_'.$relativepathstring]);
3754 unset($_SESSION['lastsearch_page_tmp_'.$relativepathstring]);
3755 unset($_SESSION['lastsearch_limit_tmp_'.$relativepathstring]);
3756 unset($_SESSION['lastsearch_mode_tmp_'.$relativepathstring]);
3757
3758 if (!empty($contextpage)) {
3759 $_SESSION['lastsearch_contextpage_tmp_'.$relativepathstring] = $contextpage;
3760 }
3761 if (!empty($page) && $page > 0) {
3762 $_SESSION['lastsearch_page_tmp_'.$relativepathstring] = $page;
3763 }
3764 if (!empty($limit) && $limit != $conf->liste_limit) {
3765 $_SESSION['lastsearch_limit_tmp_'.$relativepathstring] = $limit;
3766 }
3767 if (!empty($mode)) {
3768 $_SESSION['lastsearch_mode_tmp_'.$relativepathstring] = $mode;
3769 }
3770
3771 unset($_SESSION['lastsearch_contextpage_'.$relativepathstring]);
3772 unset($_SESSION['lastsearch_page_'.$relativepathstring]);
3773 unset($_SESSION['lastsearch_limit_'.$relativepathstring]);
3774 unset($_SESSION['lastsearch_mode_'.$relativepathstring]);
3775 }
3776
3777 // Core error message
3778 if (getDolGlobalString('MAIN_CORE_ERROR')) {
3779 // Ajax version
3780 if ($conf->use_javascript_ajax) {
3781 $title = img_warning().' '.$langs->trans('CoreErrorTitle');
3782 print ajax_dialog($title, $langs->trans('CoreErrorMessage'));
3783 } else {
3784 // html version
3785 $msg = img_warning().' '.$langs->trans('CoreErrorMessage');
3786 print '<div class="error">'.$msg.'</div>';
3787 }
3788
3789 //define("MAIN_CORE_ERROR",0); // Constant was defined and we can't change value of a constant
3790 }
3791
3792 print "\n\n";
3793
3794 print '</div> <!-- End div class="fiche" -->'."\n"; // End div fiche
3795
3796 if (empty($conf->dol_hide_leftmenu) && !GETPOST('dol_openinpopup', 'aZ09')) {
3797 print '</div> <!-- End div id-right -->'."\n"; // End div id-right
3798 }
3799
3800 if (empty($conf->dol_hide_leftmenu) && empty($conf->dol_use_jmobile)) {
3801 print '</div> <!-- End div id-container -->'."\n"; // End div container
3802 }
3803
3804 print "\n";
3805 if ($comment) {
3806 print '<!-- '.$comment.' -->'."\n";
3807 }
3808
3809 printCommonFooter($zone);
3810
3811 if (!empty($delayedhtmlcontent)) {
3812 print $delayedhtmlcontent;
3813 }
3814
3815 if (!empty($conf->use_javascript_ajax)) {
3816 print "\n".'<!-- Includes JS Footer of Dolibarr -->'."\n";
3817 print '<script src="'.DOL_URL_ROOT.'/core/js/lib_foot.js.php?lang='.$langs->defaultlang.($ext ? '&'.$ext : '').'"></script>'."\n";
3818 }
3819
3820 // Wrapper to add log when clicking on download or preview
3821 if (isModEnabled('blockedlog') && is_object($object) && !empty($object->id) && $object->id > 0) {
3822 if (in_array($object->element, array('facture')) && $object->statut > 0) { // Restrict for the moment to element 'facture'
3823 print "\n<!-- JS CODE TO ENABLE log when making a download or a preview of a document -->\n";
3824 ?>
3825 <script>
3826 jQuery(document).ready(function () {
3827 $('a.documentpreview').click(function() {
3828 console.log("Call /blockedlog/ajax/block-add on a.documentpreview");
3829 $.post('<?php echo DOL_URL_ROOT."/blockedlog/ajax/block-add.php" ?>'
3830 , {
3831 id:<?php echo $object->id; ?>
3832 , element:'<?php echo dol_escape_js($object->element) ?>'
3833 , action:'DOC_PREVIEW'
3834 , token: '<?php echo currentToken(); ?>'
3835 }
3836 );
3837 });
3838 $('a.documentdownload').click(function() {
3839 console.log("Call /blockedlog/ajax/block-add a.documentdownload");
3840 $.post('<?php echo DOL_URL_ROOT."/blockedlog/ajax/block-add.php" ?>'
3841 , {
3842 id:<?php echo $object->id; ?>
3843 , element:'<?php echo dol_escape_js($object->element) ?>'
3844 , action:'DOC_DOWNLOAD'
3845 , token: '<?php echo currentToken(); ?>'
3846 }
3847 );
3848 });
3849 });
3850 </script>
3851 <?php
3852 }
3853 }
3854
3855 // A div for the address popup
3856 print "\n<!-- A div to allow dialog popup by jQuery('#dialogforpopup').dialog() -->\n";
3857 print '<div id="dialogforpopup" style="display: none;"></div>'."\n";
3858
3859 // Add code for the asynchronous anonymous first ping (for telemetry)
3860 // You can use &forceping=1 in parameters to force the ping if the ping was already sent.
3861 $forceping = GETPOST('forceping', 'alpha');
3862 if (($_SERVER["PHP_SELF"] == DOL_URL_ROOT.'/index.php') || $forceping) {
3863 //print '<!-- instance_unique_id='.$conf->file->instance_unique_id.' MAIN_FIRST_PING_OK_ID='.$conf->global->MAIN_FIRST_PING_OK_ID.' -->';
3864 $hash_unique_id = dol_hash('dolibarr'.$conf->file->instance_unique_id, 'sha256'); // Note: if the global salt changes, this hash changes too so ping may be counted twice. We don't mind. It is for statistics purpose only.
3865
3866 if (!getDolGlobalString('MAIN_FIRST_PING_OK_DATE')
3867 || (!empty($conf->file->instance_unique_id) && ($hash_unique_id != $conf->global->MAIN_FIRST_PING_OK_ID) && (getDolGlobalString('MAIN_FIRST_PING_OK_ID') != 'disabled'))
3868 || $forceping) {
3869 // No ping done if we are into an alpha version
3870 if (strpos('alpha', DOL_VERSION) > 0 && !$forceping) {
3871 print "\n<!-- NO JS CODE TO ENABLE the anonymous Ping. It is an alpha version -->\n";
3872 } elseif (empty($_COOKIE['DOLINSTALLNOPING_'.$hash_unique_id]) || $forceping) { // Cookie is set when we uncheck the checkbox in the installation wizard.
3873 // MAIN_LAST_PING_KO_DATE
3874 // Disable ping if MAIN_LAST_PING_KO_DATE is set and is recent (this month)
3875 if (getDolGlobalString('MAIN_LAST_PING_KO_DATE') && substr($conf->global->MAIN_LAST_PING_KO_DATE, 0, 6) == dol_print_date(dol_now(), '%Y%m') && !$forceping) {
3876 print "\n<!-- NO JS CODE TO ENABLE the anonymous Ping. An error already occurred this month, we will try later. -->\n";
3877 } else {
3878 include_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
3879
3880 print "\n".'<!-- Includes JS for Ping of Dolibarr forceping='.$forceping.' MAIN_FIRST_PING_OK_DATE='.getDolGlobalString("MAIN_FIRST_PING_OK_DATE").' MAIN_FIRST_PING_OK_ID='.getDolGlobalString("MAIN_FIRST_PING_OK_ID").' MAIN_LAST_PING_KO_DATE='.getDolGlobalString("MAIN_LAST_PING_KO_DATE").' -->'."\n";
3881 print "\n<!-- JS CODE TO ENABLE the anonymous Ping -->\n";
3882 $url_for_ping = getDolGlobalString('MAIN_URL_FOR_PING', "https://ping.dolibarr.org/");
3883 // Try to guess the distrib used
3884 $distrib = 'standard';
3885 if ($_SERVER["SERVER_ADMIN"] == 'doliwamp@localhost') {
3886 $distrib = 'doliwamp';
3887 }
3888 if (!empty($dolibarr_distrib)) {
3889 $distrib = $dolibarr_distrib;
3890 }
3891 ?>
3892 <script>
3893 jQuery(document).ready(function (tmp) {
3894 console.log("Try Ping with hash_unique_id is dol_hash('dolibarr'+instance_unique_id, 'sha256')");
3895 $.ajax({
3896 method: "POST",
3897 url: "<?php echo $url_for_ping ?>",
3898 timeout: 500, // timeout milliseconds
3899 cache: false,
3900 data: {
3901 hash_algo: 'dol_hash-sha256',
3902 hash_unique_id: '<?php echo dol_escape_js($hash_unique_id); ?>',
3903 action: 'dolibarrping',
3904 version: '<?php echo (float) DOL_VERSION; ?>',
3905 entity: '<?php echo (int) $conf->entity; ?>',
3906 dbtype: '<?php echo dol_escape_js($db->type); ?>',
3907 country_code: '<?php echo $mysoc->country_code ? dol_escape_js($mysoc->country_code) : 'unknown'; ?>',
3908 php_version: '<?php echo dol_escape_js(phpversion()); ?>',
3909 os_version: '<?php echo dol_escape_js(version_os('smr')); ?>',
3910 db_version: '<?php echo dol_escape_js(version_db()); ?>',
3911 distrib: '<?php echo $distrib ? dol_escape_js($distrib) : 'unknown'; ?>',
3912 token: 'notrequired'
3913 },
3914 success: function (data, status, xhr) { // success callback function (data contains body of response)
3915 console.log("Ping ok");
3916 $.ajax({
3917 method: 'GET',
3918 url: '<?php echo DOL_URL_ROOT.'/core/ajax/pingresult.php'; ?>',
3919 timeout: 500, // timeout milliseconds
3920 cache: false,
3921 data: { hash_algo: 'dol_hash-sha256', hash_unique_id: '<?php echo dol_escape_js($hash_unique_id); ?>', action: 'firstpingok', token: '<?php echo currentToken(); ?>' }, // for update
3922 });
3923 },
3924 error: function (data,status,xhr) { // error callback function
3925 console.log("Ping ko: " + data);
3926 $.ajax({
3927 method: 'GET',
3928 url: '<?php echo DOL_URL_ROOT.'/core/ajax/pingresult.php'; ?>',
3929 timeout: 500, // timeout milliseconds
3930 cache: false,
3931 data: { hash_algo: 'dol_hash-sha256', hash_unique_id: '<?php echo dol_escape_js($hash_unique_id); ?>', action: 'firstpingko', token: '<?php echo currentToken(); ?>' },
3932 });
3933 }
3934 });
3935 });
3936 </script>
3937 <?php
3938 }
3939 } else {
3940 $now = dol_now();
3941 print "\n<!-- NO JS CODE TO ENABLE the anonymous Ping. It was disabled -->\n";
3942 include_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
3943 dolibarr_set_const($db, 'MAIN_FIRST_PING_OK_DATE', dol_print_date($now, 'dayhourlog', 'gmt'), 'chaine', 0, '', $conf->entity);
3944 dolibarr_set_const($db, 'MAIN_FIRST_PING_OK_ID', 'disabled', 'chaine', 0, '', $conf->entity);
3945 }
3946 }
3947 }
3948
3949 $parameters = array();
3950 $reshook = $hookmanager->executeHooks('beforeBodyClose', $parameters); // Note that $action and $object may have been modified by some hooks
3951 if ($reshook > 0) {
3952 print $hookmanager->resPrint;
3953 }
3954
3955 print "</body>\n";
3956 print "</html>\n";
3957 }
3958}
if( $user->socid > 0) if(! $user->hasRight('accounting', 'chartofaccount')) $object
Definition card.php:58
print $langs trans("AuditedSecurityEvents").'</strong >< span class="opacitymedium"></span >< br > status
Or an array listing all the potential status of the object: array: int of the status => translated la...
Definition security.php:637
dolibarr_set_const($db, $name, $value, $type='chaine', $visible=0, $note='', $entity=1)
Insert a parameter (key,value) into database (delete old key then insert it again).
versioncompare($versionarray1, $versionarray2)
Compare 2 versions (stored into 2 arrays).
Definition admin.lib.php:68
ajax_dialog($title, $message, $w=350, $h=150)
Show an ajax dialog.
Definition ajax.lib.php:413
if(!defined('NOREQUIRESOC')) if(!defined( 'NOREQUIRETRAN')) if(!defined('NOTOKENRENEWAL')) if(!defined( 'NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined( 'NOREQUIREAJAX')) llxHeader()
Empty header.
Definition wrapper.php:55
llxFooter()
Empty footer.
Definition wrapper.php:69
printDropdownBookmarksList()
Add area with bookmarks in top menu.
DolibarrDebugBar class.
Definition DebugBar.php:47
Class to manage generation of HTML components Only common components must be here.
static showphoto($modulepart, $object, $width=100, $height=0, $caneditfield=0, $cssclass='photowithmargin', $imagesize='', $addlinktofullsize=1, $cache=0, $forcecapture='', $noexternsourceoverwrite=0)
Return HTML code to output a photo.
Class to manage hooks.
Class to manage left menus.
Class to manage menu Auguria.
loadMenu($forcemainmenu='', $forceleftmenu='')
Load this->tabMenu.
Class to manage third parties objects (customers, suppliers, prospects...)
Class to manage translations.
dol_stringtotime($string, $gm=1)
Convert a string date into a GM Timestamps date Warning: YYYY-MM-DDTHH:MM:SS+02:00 (RFC3339) is not s...
Definition date.lib.php:427
if(!defined( 'DOL_APPLICATION_TITLE')) if(!defined('DOL_VERSION')) if(!defined( 'EURO')) if(!defined('LOG_DEBUG')) if(defined( 'DOL_INC_FOR_VERSION_ERROR')) dol_session_start()
Replace session_start()
picto_from_langcode($codelang, $moreatt='', $notitlealt=0)
Return img flag of country for a language code or country code.
img_warning($titlealt='default', $moreatt='', $morecss='pictowarning')
Show warning logo.
img_picto($titlealt, $picto, $moreatt='', $pictoisfullpath=0, $srconly=0, $notitle=0, $alt='', $morecss='', $marginleftonlyshort=2)
Show picto whatever it's its name (generic function)
GETPOSTINT($paramname, $method=0)
Return the value of a $_GET or $_POST supervariable, converted into integer.
yn($yesno, $case=1, $color=0)
Return yes or no in current language.
dolButtonToOpenUrlInDialogPopup($name, $label, $buttonstring, $url, $disabled='', $morecss='classlink button bordertransp', $jsonopen='', $backtopagejsfields='', $accesskey='')
Return HTML code to output a button to open a dialog popup box.
isHTTPS()
Return if we are using a HTTPS connection Check HTTPS (no way to be modified by user but may be empty...
printCommonFooter($zone='private')
Print common footer : conf->global->MAIN_HTML_FOOTER js for switch of menu hider js for conf->global-...
dol_now($mode='auto')
Return date for now.
getDolGlobalInt($key, $default=0)
Return a Dolibarr global constant int value.
dol_print_date($time, $format='', $tzoutput='auto', $outputlangs=null, $encodetooutput=false)
Output date in a string format according to outputlangs (or langs if not defined).
if(!function_exists( 'dol_getprefix')) dol_include_once($relpath, $classname='')
Make an include_once using default root and alternate root if it fails.
newToken()
Return the value of token currently saved into session with name 'newtoken'.
dol_htmlentities($string, $flags=ENT_QUOTES|ENT_SUBSTITUTE, $encoding='UTF-8', $double_encode=false)
Replace htmlentities functions.
getBrowserInfo($user_agent)
Return information about user browser.
dol_htmloutput_events($disabledoutputofmessages=0)
Print formatted messages to output (Used to show messages on html output).
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
setEventMessages($mesg, $mesgs, $style='mesgs', $messagekey='', $noduplicate=0)
Set event messages in dol_events session object.
dol_print_profids($profID, $profIDtype, $countrycode='', $addcpButton=1)
Format professional IDs according to their country.
dol_buildpath($path, $type=0, $returnemptyifnotfound=0)
Return path of url or filesystem.
dol_print_error($db=null, $error='', $errors=null)
Displays error message system with all the information to facilitate the diagnosis and the escalation...
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
info_admin($text, $infoonimgalt=0, $nodiv=0, $admin='1', $morecss='hideonsmartphone', $textfordropdown='', $picto='')
Show information in HTML for admin users or standard users.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
dol_escape_htmltag($stringtoescape, $keepb=0, $keepn=0, $noescapetags='', $escapeonlyhtmltags=0, $cleanalsojavascript=0)
Returns text escaped for inclusion in HTML alt or title or value tags, or into values of HTML input f...
ui state ui widget content ui state ui widget header ui state a ui button
0 = Do not include form tag and submit button -1 = Do not include form tag but include submit button
conf($dolibarr_main_document_root)
Load conf file (file must exists)
Definition inc.php:420
if(!empty( $_SERVER[ 'MAIN_SHOW_TUNING_INFO'])) getArrayOfEmoji()
Return array of Emojis.
Definition main.inc.php:62
top_menu_quickadd()
Build the tooltip on top menu quick add.
top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs=array(), $arrayofcss=array(), $disableforlogin=0, $disablenofollow=0, $disablenoindex=0)
Output html header of a page.
top_menu_user($hideloginname=0, $urllogout='')
Build the tooltip on user login.
testSqlAndScriptInject($val, $type)
Security: WAF layer for SQL Injection and XSS Injection (scripts) protection (Filters on GET,...
Definition main.inc.php:123
left_menu($menu_array_before, $helppagename='', $notused='', $menu_array_after=array(), $leftmenuwithoutmainarea=0, $title='', $acceptdelayedhtml=0)
Show left menu bar.
if(!defined( 'NOREQUIREMENU')) if(!empty(GETPOST('seteventmessages', 'alpha'))) if(!function_exists("llxHeader")) top_httphead($contenttype='text/html', $forcenocache=0)
Show HTTP header.
main_area($title='')
Begin main area.
realCharForNumericEntities($matches)
Return the real char for a numeric entities.
Definition main.inc.php:86
getHelpParamFor($helppagename, $langs)
Return helpbaseurl, helppage and mode.
printSearchForm($urlaction, $urlobject, $title, $htmlmorecss, $htmlinputname, $accesskey='', $prefhtmlinputname='', $img='', $showtitlebefore=0, $autofocus=0)
Show a search area.
top_menu($head, $title='', $target='', $disablejs=0, $disablehead=0, $arrayofjs=array(), $arrayofcss=array(), $morequerystring='', $helppagename='')
Show an HTML header + a BODY + The top menu bar.
top_menu_search()
Build the tooltip on top menu search.
printDropdownQuickadd()
Generate list of quickadd items.
analyseVarsForSqlAndScriptsInjection(&$var, $type, $stopcode=1)
Return true if security check on parameters are OK, false otherwise.
Definition main.inc.php:263
top_menu_bookmark()
Build the tooltip on top menu bookmark.
$conf db user
Active Directory does not allow anonymous connections.
Definition repair.php:141
if(preg_match('/crypted:/i', $dolibarr_main_db_pass)||!empty($dolibarr_main_db_encrypted_pass)) $conf db type
Definition repair.php:137
$conf db name
Only used if Module[ID]Name translation string is not found.
Definition repair.php:140
checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode, $context='')
Return a login if login/pass was successful.
dol_hash($chain, $type='0', $nosalt=0)
Returns a hash (non reversible encryption) of a string.
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.