29if (!defined(
'NOTOKENRENEWAL')) {
30 define(
'NOTOKENRENEWAL',
'1');
32if (!defined(
'NOREQUIREMENU')) {
33 define(
'NOREQUIREMENU',
'1');
35if (!defined(
'NOREQUIREHTML')) {
36 define(
'NOREQUIREHTML',
'1');
38if (!defined(
'NOREQUIREAJAX')) {
39 define(
'NOREQUIREAJAX',
'1');
41if (!defined(
'NOLOGIN')) {
44if (!defined(
'NOCSRFCHECK')) {
45 define(
"NOCSRFCHECK", 1);
48require
"../main.inc.php";
49require_once DOL_DOCUMENT_ROOT.
'/core/lib/security2.lib.php';
50require_once DOL_DOCUMENT_ROOT.
'/core/class/html.formcompany.class.php';
51require_once DOL_DOCUMENT_ROOT.
'/dav/dav.class.php';
52require_once DOL_DOCUMENT_ROOT.
'/dav/dav.lib.php';
54require_once DOL_DOCUMENT_ROOT.
'/includes/sabre/autoload.php';
59if (isset($_SERVER[
'PHP_AUTH_USER']) && $_SERVER[
'PHP_AUTH_USER'] !=
'') {
60 $user->fetch(
'', $_SERVER[
'PHP_AUTH_USER']);
65$langs->loadLangs(array(
"main",
"other"));
68if (empty($conf->dav->enabled)) {
76 if (!in_array($ipremote, $allowedip)) {
78 print
'DAV not allowed from the IP '.$ipremote;
79 header(
'HTTP/1.1 503 DAV not allowed from your IP '.$ipremote);
85$entity = (
GETPOSTINT(
'entity') ?
GETPOSTINT(
'entity') : (!empty($conf->entity) ? $conf->entity : 1));
88$publicDir = DOL_DATA_ROOT.
'/dav/public';
89$privateDir = DOL_DATA_ROOT.
'/dav/private';
90$ecmDir = DOL_DATA_ROOT.
'/ecm';
91$tmpDir = DOL_DATA_ROOT.
'/ecm/temp';
92if (isModEnabled(
'dav')) {
93 $publicDir = $conf->dav->multidir_output[$entity].
'/public';
94 $privateDir = $conf->dav->multidir_output[$entity].
'/private';
96if (isModEnabled(
'ecm')) {
97 $ecmDir = $conf->ecm->multidir_output[$entity];
98 $tmpDir = $conf->ecm->multidir_output[$entity];
104$authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(
110 static function ($username, $password) {
112 global $dolibarr_main_authentication, $dolibarr_auto_user;
114 if (empty($user->login)) {
115 dol_syslog(
"Failed to authenticate to DAV, login is not provided", LOG_WARNING);
118 if ($user->socid > 0) {
119 dol_syslog(
"Failed to authenticate to DAV, user is an external user", LOG_WARNING);
122 if ($user->login != $username) {
123 dol_syslog(
"Failed to authenticate to DAV, login does not match the login of loaded user", LOG_WARNING);
128 if (empty($dolibarr_main_authentication)) {
129 $dolibarr_main_authentication =
'dolibarr';
133 if ($dolibarr_main_authentication ==
'forceuser') {
134 if (empty($dolibarr_auto_user)) {
135 $dolibarr_auto_user =
'auto';
137 if ($dolibarr_auto_user != $username) {
138 dol_syslog(
"Warning: your instance is set to use the automatic forced login '".$dolibarr_auto_user.
"' that is not the requested login. DAV usage is forbidden in this mode.");
143 $authmode = explode(
',', $dolibarr_main_authentication);
144 $entity = (
GETPOSTINT(
'entity') ?
GETPOSTINT(
'entity') : (!empty($conf->entity) ? $conf->entity : 1));
151 if ($user->statut != $user::STATUS_ENABLED) {
158 if (($user->flagdelsessionsbefore && !empty($_SESSION[
"dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION[
"dol_logindate"])) {
160 dol_syslog(
"The user has a date for session invalidation = ".$user->flagdelsessionsbefore.
" and a session date = ".$_SESSION[
"dol_logindate"].
". We must invalidate its sessions.");
165 if ($user->isNotIntoValidityDateRange()) {
167 dol_syslog(
"The user login has a validity between [".$user->datestartvalidity.
" and ".$user->dateendvalidity.
"], current date is ".
dol_now());
175$authBackend->setRealm(constant(
'DOL_APPLICATION_TITLE').
' - WebDAV');
192 $nodes[] = new \Sabre\DAV\FS\Directory($publicDir);
195$nodes[] = new \Sabre\DAV\FS\Directory($privateDir);
198 $nodes[] = new \Sabre\DAV\FS\Directory($ecmDir);
217$server = new \Sabre\DAV\Server($nodes);
221$baseUri = DOL_URL_ROOT.
'/dav/fileserver.php/';
222if (isset($baseUri)) {
223 $server->setBaseUri($baseUri);
228 || !preg_match(
'/'.preg_quote(DOL_URL_ROOT.
'/dav/fileserver.php/public',
'/').
'/', $_SERVER[
"PHP_SELF"]))
229 && !preg_match(
'/^sabreAction=asset&assetName=[a-zA-Z0-9%\-\/]+\.(png|css|woff|ico|ttf)$/', $_SERVER[
"QUERY_STRING"])
232 $server->addPlugin(
new \Sabre\DAV\Auth\Plugin($authBackend));
235$lockBackend = new \Sabre\DAV\Locks\Backend\File($tmpDir.
'/.locksdb');
236$lockPlugin = new \Sabre\DAV\Locks\Plugin($lockBackend);
237$server->addPlugin($lockPlugin);
241 $browser = new \Sabre\DAV\Browser\Plugin();
242 $server->addPlugin($browser);
Class to manage Dolibarr users.
GETPOSTINT($paramname, $method=0)
Return the value of a $_GET or $_POST supervariable, converted into integer.
dol_now($mode='auto')
Return date for now.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
getUserRemoteIP()
Return the IP of remote user.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
if(!defined( 'CSRFCHECK_WITH_TOKEN'))
checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode, $context='')
Return a login if login/pass was successful.
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.