d3/d83/context_8class_8php_source.html

<?php

/* Copyright (C) 2023-2024  Laurent Destailleur         <eldy@users.sourceforge.net>

 * Copyright (C) 2024       Frédéric France             <frederic.france@free.fr>

 * Copyright (C) 2024   MDW             <mdeweerd@users.noreply.github.com>

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

 * the Free Software Foundation; either version 3 of the License, or

 * (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with this program. If not, see <https://www.gnu.org/licenses/>.

 */


require_once __DIR__ . '/controller.class.php';

require_once __DIR__ . '/webPortalTheme.class.php';


class Context

{

  private static $_instance = null;


  public $db;


  public $title;


  public $desc;


  public $meta_title;


  public $meta_desc;


  public $appliName;


  public $controller;


  public $controller_found = false;


  private $controllers = array();


  public $controllerInstance;


  public $error;


  public $errors = array();


  public $action;


  public $tplDir;

  public $tplPath;

  public $topMenu;


  public $rootUrl;


  public $menu_active = array();


  public $eventMessages = array();


  public $tokenKey = 'token';


  public $object;


  public $logged_user = null;


  public $logged_thirdparty = null;


  public $logged_member = null;


  public $logged_partnership = null;


  public $theme;


  private function __construct()

  {

    global $conf, $db;


    $this->db = $db;


    $this->tplDir = __DIR__ . '/../';


    $this->getControllerUrl();


    $this->topMenu = new stdClass();


    $this->tplPath = realpath(__DIR__ . '/../../public/webportal/tpl');


    $this->controller = GETPOST('controller', 'aZ09'); // for security, limited to 'aZ09'

    $this->action = GETPOST('action', 'aZ09');// for security, limited to 'aZ09'


    if (empty($this->controller)) {

      $this->controller = 'default';

    }


    $this->appliName = getDolGlobalString('WEBPORTAL_TITLE', getDolGlobalString('MAIN_INFO_SOCIETE_NOM'));


    //$this->generateNewToken();


    $this->initController();


    // Init de l'url de base

    $this->rootUrl = self::getRootConfigUrl();


    $this->theme = new WebPortalTheme();

  }


  public static function getInstance()

  {

    if (is_null(self::$_instance)) {

      self::$_instance = new Context();

    }


    return self::$_instance;

  }


  public function initController()

  {

    global $db;


    $defaultControllersPath = __DIR__ . '/../controllers/';


    // define controllers definition

    $this->addControllerDefinition('login', $defaultControllersPath . 'login.controller.class.php', 'LoginController');

    $this->addControllerDefinition('default', $defaultControllersPath . 'default.controller.class.php', 'DefaultController');

    $this->addControllerDefinition('document', $defaultControllersPath . 'document.controller.class.php', 'DocumentController');

    $this->addControllerDefinition('propallist', $defaultControllersPath . 'propallist.controller.class.php', 'PropalListController');

    $this->addControllerDefinition('orderlist', $defaultControllersPath . 'orderlist.controller.class.php', 'OrderListController');

    $this->addControllerDefinition('invoicelist', $defaultControllersPath . 'invoicelist.controller.class.php', 'InvoiceListController');

    $this->addControllerDefinition('membercard', $defaultControllersPath . 'membercard.controller.class.php', 'MemberCardController');

    $this->addControllerDefinition('partnershipcard', $defaultControllersPath . 'partnershipcard.controller.class.php', 'PartnershipCardController');


    // call triggers

    //include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';

    //$interface=new Interfaces($db);

    //$interface->run_triggers('WebPortalInitController', $this, $logged_user, $langs, $conf);


    // search for controller

    $this->controllerInstance = new Controller();

    if (isset($this->controllers[$this->controller]) && file_exists($this->controllers[$this->controller]->path)) {

      require_once $this->controllers[$this->controller]->path;


      if (class_exists($this->controllers[$this->controller]->class)) {

        $this->controllerInstance = new $this->controllers[$this->controller]->class();

        $this->setControllerFound();

      }

    }

  }


  public function addControllerDefinition($controller, $path, $className)

  {

    $fileName = basename($path);

    $needle = '.controller.class.php';

    $length = strlen($needle);

    $isControllerFile = $length > 0 ? substr($fileName, -$length) === $needle : true;

    if (!$isControllerFile) {

      $this->setError('Error: controller definition ' . $fileName);

      return false;

    }


    $this->controllers[$controller] = new stdClass();

    $this->controllers[$controller]->path = $path;

    $this->controllers[$controller]->class = $className;


    return true;

  }


  public function setControllerFound()

  {

    $this->controller_found = true;

  }


  public static function getRootConfigUrl()

  {

    global $conf;


    // Init de l'url de base

    if (getDolGlobalString('WEBPORTAL_ROOT_URL')) {

      $rootUrl = getDolGlobalString('WEBPORTAL_ROOT_URL');

      if (substr($rootUrl, -1) !== '/') {

        $rootUrl .= '/';

      }

    } else {

      $rootUrl = dol_buildpath('/public/webportal/', 2);

    }


    return $rootUrl;

  }


  public function getRootUrl($controller = '', $moreParams = '', $addToken = true)

  {

    return self::getControllerUrl($controller, $moreParams, $addToken);

  }


  public function getControllerUrl($controller = '', $moreParams = '', $addToken = true)

  {

    // TODO : addToken parameter on auto to detect (create or edit) action and add token on url

    $url = $this->rootUrl;


    if (empty($controller)) {

      // because can be called without params to get only rootUrl

      return $url;

    }


    $Tparams = array();


    $Tparams['controller'] = $controller;


    if (!empty($addToken)) {

      $Tparams[$this->tokenKey] = $this->newToken();

    }


    return self::getPublicControllerUrl($controller, $moreParams, $Tparams);

  }


  public static function getPublicControllerUrl($controller = '', $moreParams = '', $Tparams = array())

  {

    $url = self::getRootConfigUrl();


    if (empty($controller)) {

      // because can be called without params to get only rootUrl

      return $url;

    }


    $Tparams['controller'] = $controller;


    // if $moreParams is an array

    if (!empty($moreParams) && is_array($moreParams)) {

      if (isset($moreParams['controller'])) {

        unset($moreParams['controller']);

      }

      if (!empty($moreParams)) {

        foreach ($moreParams as $paramKey => $paramVal) {

          $Tparams[$paramKey] = $paramVal;

        }

      }

    }


    if (!empty($Tparams)) {

      $TCompiledAttr = array();

      foreach ($Tparams as $key => $value) {

        $TCompiledAttr[] = $key . '=' . $value;

      }

      $url .= '?' . implode("&", $TCompiledAttr);

    }


    // if $moreParams is a string

    if (!empty($moreParams) && !is_array($moreParams)) {

      if (empty($Tparams)) {

        if ($moreParams[0] !== '?') {

          $url .= '?';

        }

        if ($moreParams[0] === '&') {

          $moreParams = substr($moreParams, 1);

        }

      }

      $url .= $moreParams;

    }


    return $url;

  }


  public static function urlOrigin($withRequestUri = true, $use_forwarded_host = false)

  {

    $s = $_SERVER;


    $ssl = (!empty($s['HTTPS']) && $s['HTTPS'] == 'on');

    $sp = strtolower($s['SERVER_PROTOCOL']);

    $protocol = substr($sp, 0, strpos($sp, '/')) . (($ssl) ? 's' : '');

    $port = $s['SERVER_PORT'];

    $port = ((!$ssl && $port == '80') || ($ssl && $port == '443')) ? '' : ':' . $port;

    $host = ($use_forwarded_host && isset($s['HTTP_X_FORWARDED_HOST'])) ? $s['HTTP_X_FORWARDED_HOST'] : (isset($s['HTTP_HOST']) ? $s['HTTP_HOST'] : null);

    $host = isset($host) ? $host : $s['SERVER_NAME'] . $port;


    $url = $protocol . '://' . $host;


    if ($withRequestUri) {

      $url .= $s['REQUEST_URI'];

    }


    return $url;

  }


  public function userIsLog()

  {

    if (!empty($_SESSION["webportal_logged_thirdparty_account_id"])) {

      return true;

    } else {

      return false;

    }

  }


  public function menuIsActive($menuName)

  {

    return in_array($menuName, $this->menu_active);

  }


  public function setError($errors)

  {

    if (!is_array($errors)) {

      $errors = array($errors);

    }

    if (!isset($_SESSION['webportal_errors'])) {

      $_SESSION['webportal_errors'] = array();

    }

    foreach ($errors as $msg) {

      if (!in_array($msg, $_SESSION['webportal_errors'])) {

        $_SESSION['webportal_errors'][] = $msg;

      }

    }

  }


  public function getErrors()

  {

    if (!empty($_SESSION['webportal_errors'])) {

      $this->errors = array_values($_SESSION['webportal_errors']);

      return count($this->errors);

    }


    return 0;

  }


  public function clearErrors()

  {

    unset($_SESSION['webportal_errors']);

    $this->errors = array();

  }


  public function setEventMessage($mesgs, $style = 'mesgs')

  {

    $TAcceptedStyle = array('mesgs', 'warnings', 'errors');


    if (!in_array($style, $TAcceptedStyle)) {

      $style = 'mesgs';

    }


    if (!is_array($mesgs)) {

      $mesgs = array($mesgs);

    }

    if (!isset($_SESSION['webportal_events'])) {

      $_SESSION['webportal_events'] = array(

        'mesgs' => array(), 'warnings' => array(), 'errors' => array()

      );

    }


    foreach ($mesgs as $msg) {

      if (!in_array($msg, $_SESSION['webportal_events'][$style])) {

        $_SESSION['webportal_events'][$style][] = $msg;

      }

    }

  }


  public function setEventMessages($mesg, $mesgs, $style = 'mesgs')

  {

    if (empty($mesg) && empty($mesgs)) {

      dol_syslog(__METHOD__ . ' Try to add a message in stack, but value to add is empty message', LOG_WARNING);

    } else {

      if (!in_array((string) $style, array('mesgs', 'warnings', 'errors'))) {

        dol_print_error('', 'Bad parameter style=' . $style . ' for setEventMessages');

      }

      if (empty($mesgs)) {

        $this->setEventMessage($mesg, $style);

      } else {

        if (!empty($mesg) && !in_array($mesg, $mesgs)) {

          $this->setEventMessage($mesg, $style); // Add message string if not already into array

        }

        $this->setEventMessage($mesgs, $style);

      }

    }

  }


  public function loadEventMessages()

  {

    if (!empty($_SESSION['webportal_events'])) {

      $this->eventMessages = $_SESSION['webportal_events'];

      return 1;

    }


    return 0;

  }


  public function clearEventMessages()

  {

    unset($_SESSION['webportal_events']);

    $this->eventMessages = array();

  }


  public function newToken()

  {

    return newToken();

  }


  protected function generateNewToken()

  {

    $currentToken = $this->newToken();

    // Creation of a token against CSRF vulnerabilities

    if (!defined('NOTOKENRENEWAL') || empty($currentToken)) {

      // Rolling token at each call ($_SESSION['token'] contains token of previous page)

      if (isset($_SESSION['newtoken'])) {

        $_SESSION['token'] = $_SESSION['newtoken'];

      }


      // Save what will be next token. Into forms, we will add param $context->newToken();

      $token = dol_hash(uniqid((string) mt_rand(), true)); // Generate

      $_SESSION['newtoken'] = $token;


      return $token;

    } else {

      return $this->newToken();

    }

  }


  public function getUrlToken()

  {

    $token = $this->newToken();

    if ($token) {

      return '&' . $this->tokenKey . '=' . $this->newToken();

    }


    return null;

  }


  public function getFormToken()

  {

    $token = $this->newToken();

    if ($token) {

      return '<input type="hidden" name="' . $this->tokenKey . '" value="' . $this->newToken() . '" />';

    }


    return null;

  }


  public function getThirdPartyAccountFromLogin($login, $pass)

  {

    $id = 0;


    $sql = "SELECT sa.rowid as id, sa.pass_crypted";

    $sql .= " FROM " . $this->db->prefix() . "societe_account as sa";

    $sql .= " WHERE BINARY sa.login = '" . $this->db->escape($login) . "'"; // case sensitive

    //$sql .= " AND BINARY sa.pass_crypted = '" . $this->db->escape($pass) . "'"; // case sensitive

    $sql .= " AND sa.site = 'dolibarr_portal'";

    $sql .= " AND sa.status = 1";

    $sql .= " AND sa.entity IN (" . getEntity('societe') . ")";


    dol_syslog(__METHOD__ . ' Try to find the third-party account id for login"' . $login . '" and site="dolibarr_portal"', LOG_DEBUG);

    $result = $this->db->query($sql);

    if ($result) {

      if ($this->db->num_rows($result) == 1) {

        $passok = false;

        $obj = $this->db->fetch_object($result);

        if ($obj) {

          $passcrypted = $obj->pass_crypted;


          // Check crypted password

          $cryptType = '';

          if (getDolGlobalString('DATABASE_PWD_ENCRYPTED')) {

            $cryptType = getDolGlobalString('DATABASE_PWD_ENCRYPTED');

          }


          // By default, we use default setup for encryption rule

          if (!in_array($cryptType, array('auto'))) {

            $cryptType = 'auto';

          }


          // Check crypted password according to crypt algorithm

          if ($cryptType == 'auto') {

            if ($passcrypted && dol_verifyHash($pass, $passcrypted, '0')) {

              $passok = true;

            }

          }


          // Password ok ?

          if ($passok) {

            $id = $obj->id;

          } else {

            dol_syslog(__METHOD__ .' Authentication KO bad password for ' . $login . ', cryptType=' . $cryptType, LOG_NOTICE);

            sleep(1); // Brut force protection. Must be same delay when login is not valid

            return -3;

          }

        }

      } else {

        dol_syslog(__METHOD__ . ' Many third-party account found for login"' . $login . '" and site="dolibarr_portal"', LOG_ERR);

        return -2;

      }

    } else {

      $this->error = $this->db->lasterror();

      return -1;

    }


    return $id;

  }


}


Context
Class Context.
Definition context.class.php:33

Context\urlOrigin
static urlOrigin($withRequestUri=true, $use_forwarded_host=false)
Url origin.
Definition context.class.php:409

Context\generateNewToken
generateNewToken()
Generate new token.
Definition context.class.php:605

Context\menuIsActive
menuIsActive($menuName)
Is menu enabled ?
Definition context.class.php:450

Context\getErrors
getErrors()
Get errors.
Definition context.class.php:481

Context\getInstance
static getInstance()
Singleton method to create one instance of this object.
Definition context.class.php:197

Context\$object
$object
Current object of page.
Definition context.class.php:124

Context\clearEventMessages
clearEventMessages()
Clear event messages.
Definition context.class.php:582

Context\getFormToken
getFormToken()
Get token input for form.
Definition context.class.php:645

Context\newToken
newToken()
Return the value of token currently saved into session with name 'newToken'.
Definition context.class.php:595

Context\setError
setError($errors)
Set errors.
Definition context.class.php:461

Context\userIsLog
userIsLog()
Check if user is logged.
Definition context.class.php:435

Context\getUrlToken
getUrlToken()
Get token url.
Definition context.class.php:630

Context\addControllerDefinition
addControllerDefinition($controller, $path, $className)
Add controller definition.
Definition context.class.php:252

Context\initController
initController()
Init controller.
Definition context.class.php:211

Context\getRootUrl
getRootUrl($controller='', $moreParams='', $addToken=true)
Get root url.
Definition context.class.php:311

Context\getPublicControllerUrl
static getPublicControllerUrl($controller='', $moreParams='', $Tparams=array())
Generate public controller URL Used for external link (like email or web page) so remove token and co...
Definition context.class.php:355

Context\setEventMessages
setEventMessages($mesg, $mesgs, $style='mesgs')
Set event messages in dol_events session object.
Definition context.class.php:543

Context\getThirdPartyAccountFromLogin
getThirdPartyAccountFromLogin($login, $pass)
Try to find the third-party account id from.
Definition context.class.php:662

Context\setControllerFound
setControllerFound()
Set controller found.
Definition context.class.php:275

Context\getControllerUrl
getControllerUrl($controller='', $moreParams='', $addToken=true)
Get controller url according to context.
Definition context.class.php:324

Context\getRootConfigUrl
static getRootConfigUrl()
Get WebPortal root url.
Definition context.class.php:285

Context\$appliName
$appliName
The application name.
Definition context.class.php:70

Context\setEventMessage
setEventMessage($mesgs, $style='mesgs')
Set event messages in dol_events session object.
Definition context.class.php:510

Context\__construct
__construct()
Constructor.
Definition context.class.php:158

Context\loadEventMessages
loadEventMessages()
Load event messages.
Definition context.class.php:567

Context\clearErrors
clearErrors()
Clear errors.
Definition context.class.php:496

Controller
Class to manage pages.
Definition controller.class.php:29

WebPortalTheme
Class WebPortalTheme.
Definition webPortalTheme.class.php:33

stdClass

GETPOST
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
Definition functions.lib.php:760

dol_buildpath
dol_buildpath($path, $type=0, $returnemptyifnotfound=0)
Return path of url or filesystem.
Definition functions.lib.php:1352

dol_print_error
dol_print_error($db=null, $error='', $errors=null)
Displays error message system with all the information to facilitate the diagnosis and the escalation...
Definition functions.lib.php:5842

getDolGlobalString
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
Definition functions.lib.php:215

dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition functions.lib.php:2138

getEntity
getEntity($element, $shared=1, $currentobject=null)
Get list of entity id to use.
Definition functions.lib.php:406

dol_verifyHash
dol_verifyHash($chain, $hash, $type='0')
Compute a hash and compare it to the given one For backward compatibility reasons,...
Definition security.lib.php:286

dol_hash
dol_hash($chain, $type='0', $nosalt=0)
Returns a hash (non reversible encryption) of a string.
Definition security.lib.php:240