dolibarr 20.0.0
fileserver.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2018 Destailleur Laurent <eldy@users.sourceforge.net>
3 * Copyright (C) 2019 Regis Houssin <regis.houssin@inodbox.com>
4 * Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <https://www.gnu.org/licenses/>.
18 *
19 * You can test with the WebDav client cadaver:
20 * cadaver http://myurl/dav/fileserver.php
21 */
22
29if (!defined('NOTOKENRENEWAL')) {
30 define('NOTOKENRENEWAL', '1');
31}
32if (!defined('NOREQUIREMENU')) {
33 define('NOREQUIREMENU', '1'); // If there is no menu to show
34}
35if (!defined('NOREQUIREHTML')) {
36 define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
37}
38if (!defined('NOREQUIREAJAX')) {
39 define('NOREQUIREAJAX', '1');
40}
41if (!defined('NOLOGIN')) {
42 define("NOLOGIN", 1); // This means this output page does not require to be logged.
43}
44if (!defined('NOCSRFCHECK')) {
45 define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.
46}
47
48require "../main.inc.php";
49require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
50require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
51require_once DOL_DOCUMENT_ROOT.'/dav/dav.class.php';
52require_once DOL_DOCUMENT_ROOT.'/dav/dav.lib.php';
53
54require_once DOL_DOCUMENT_ROOT.'/includes/sabre/autoload.php';
55//require_once DOL_DOCUMENT_ROOT.'/includes/autoload.php';
56
57
58$user = new User($db);
59if (isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_USER'] != '') {
60 $user->fetch('', $_SERVER['PHP_AUTH_USER']);
61 $user->getrights();
62}
63
64// Load translation files required by the page
65$langs->loadLangs(array("main", "other"));
66
67
68if (empty($conf->dav->enabled)) {
70}
71
72// Restrict API to some IPs
73if (getDolGlobalString('DAV_RESTRICT_ON_IP')) {
74 $allowedip = explode(' ', getDolGlobalString('DAV_RESTRICT_ON_IP'));
75 $ipremote = getUserRemoteIP();
76 if (!in_array($ipremote, $allowedip)) {
77 dol_syslog('Remote ip is '.$ipremote.', not into list ' . getDolGlobalString('DAV_RESTRICT_ON_IP'));
78 print 'DAV not allowed from the IP '.$ipremote;
79 header('HTTP/1.1 503 DAV not allowed from your IP '.$ipremote);
80 exit(0);
81 }
82}
83
84
85$entity = (GETPOSTINT('entity') ? GETPOSTINT('entity') : (!empty($conf->entity) ? $conf->entity : 1));
86
87// settings
88$publicDir = DOL_DATA_ROOT.'/dav/public';
89$privateDir = DOL_DATA_ROOT.'/dav/private';
90$ecmDir = DOL_DATA_ROOT.'/ecm';
91$tmpDir = DOL_DATA_ROOT.'/ecm/temp';
92if (isModEnabled('dav')) {
93 $publicDir = $conf->dav->multidir_output[$entity].'/public';
94 $privateDir = $conf->dav->multidir_output[$entity].'/private';
95}
96if (isModEnabled('ecm')) {
97 $ecmDir = $conf->ecm->multidir_output[$entity];
98 $tmpDir = $conf->ecm->multidir_output[$entity]; // We need root dir, not a dir that can be deleted, so we use multidir_output
99}
100//var_dump($tmpDir);mkdir($tmpDir);exit;
101
102
103// Authentication callback function
104$authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(
110 static function ($username, $password) {
111 global $user, $conf;
112 global $dolibarr_main_authentication, $dolibarr_auto_user;
113
114 if (empty($user->login)) {
115 dol_syslog("Failed to authenticate to DAV, login is not provided", LOG_WARNING);
116 return false;
117 }
118 if ($user->socid > 0) {
119 dol_syslog("Failed to authenticate to DAV, user is an external user", LOG_WARNING);
120 return false;
121 }
122 if ($user->login != $username) {
123 dol_syslog("Failed to authenticate to DAV, login does not match the login of loaded user", LOG_WARNING);
124 return false;
125 }
126
127 // Authentication mode
128 if (empty($dolibarr_main_authentication)) {
129 $dolibarr_main_authentication = 'dolibarr';
130 }
131
132 // Authentication mode: forceuser
133 if ($dolibarr_main_authentication == 'forceuser') {
134 if (empty($dolibarr_auto_user)) {
135 $dolibarr_auto_user = 'auto';
136 }
137 if ($dolibarr_auto_user != $username) {
138 dol_syslog("Warning: your instance is set to use the automatic forced login '".$dolibarr_auto_user."' that is not the requested login. DAV usage is forbidden in this mode.");
139 return false;
140 }
141 }
142
143 $authmode = explode(',', $dolibarr_main_authentication);
144 $entity = (GETPOSTINT('entity') ? GETPOSTINT('entity') : (!empty($conf->entity) ? $conf->entity : 1));
145
146 if (checkLoginPassEntity($username, $password, $entity, $authmode, 'dav') != $username) {
147 return false;
148 }
149
150 // Check if user status is enabled
151 if ($user->statut != $user::STATUS_ENABLED) {
152 // Status is disabled
153 dol_syslog("The user has been disabled.");
154 return false;
155 }
156
157 // Check if session was unvalidated by a password change
158 if (($user->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION["dol_logindate"])) {
159 // Session is no more valid
160 dol_syslog("The user has a date for session invalidation = ".$user->flagdelsessionsbefore." and a session date = ".$_SESSION["dol_logindate"].". We must invalidate its sessions.");
161 return false;
162 }
163
164 // Check date validity
165 if ($user->isNotIntoValidityDateRange()) {
166 // User validity dates are no more valid
167 dol_syslog("The user login has a validity between [".$user->datestartvalidity." and ".$user->dateendvalidity."], current date is ".dol_now());
168 return false;
169 }
170
171 return true;
172 }
173);
174
175$authBackend->setRealm(constant('DOL_APPLICATION_TITLE').' - WebDAV');
176
177
178
179
180
181/*
182 * Actions and View
183 */
184
185// Create the root node
186// Setting up the directory tree //
187$nodes = array();
188
189// Enable directories and features according to DAV setup
190// Public dir
191if (getDolGlobalString('DAV_ALLOW_PUBLIC_DIR')) {
192 $nodes[] = new \Sabre\DAV\FS\Directory($publicDir);
193}
194// Private dir
195$nodes[] = new \Sabre\DAV\FS\Directory($privateDir);
196// ECM dir
197if (isModEnabled('ecm') && getDolGlobalString('DAV_ALLOW_ECM_DIR')) {
198 $nodes[] = new \Sabre\DAV\FS\Directory($ecmDir);
199}
200
201
202
203// Principals Backend
204//$principalBackend = new \Sabre\DAVACL\PrincipalBackend\Dolibarr($user,$db);
205// /principals
206//$nodes[] = new \Sabre\DAVACL\PrincipalCollection($principalBackend);
207// CardDav & CalDav Backend
208//$carddavBackend = new \Sabre\CardDAV\Backend\Dolibarr($user,$db,$langs);
209//$caldavBackend = new \Sabre\CalDAV\Backend\Dolibarr($user,$db,$langs, $cdavLib);
210// /addressbook
211//$nodes[] = new \Sabre\CardDAV\AddressBookRoot($principalBackend, $carddavBackend);
212// /calendars
213//$nodes[] = new \Sabre\CalDAV\CalendarRoot($principalBackend, $caldavBackend);
214
215
216// The rootnode needs in turn to be passed to the server class
217$server = new \Sabre\DAV\Server($nodes);
218
219// If you want to run the SabreDAV server in a custom location (using mod_rewrite for instance)
220// You can override the baseUri here.
221$baseUri = DOL_URL_ROOT.'/dav/fileserver.php/';
222if (isset($baseUri)) {
223 $server->setBaseUri($baseUri);
224}
225
226// Add authentication function
227if ((!getDolGlobalString('DAV_ALLOW_PUBLIC_DIR')
228 || !preg_match('/'.preg_quote(DOL_URL_ROOT.'/dav/fileserver.php/public', '/').'/', $_SERVER["PHP_SELF"]))
229 && !preg_match('/^sabreAction=asset&assetName=[a-zA-Z0-9%\-\/]+\.(png|css|woff|ico|ttf)$/', $_SERVER["QUERY_STRING"]) // URL for Sabre browser resources
230) {
231 //var_dump($_SERVER["QUERY_STRING"]);exit;
232 $server->addPlugin(new \Sabre\DAV\Auth\Plugin($authBackend));
233}
234// Support for LOCK and UNLOCK
235$lockBackend = new \Sabre\DAV\Locks\Backend\File($tmpDir.'/.locksdb');
236$lockPlugin = new \Sabre\DAV\Locks\Plugin($lockBackend);
237$server->addPlugin($lockPlugin);
238
239// Support for the html browser
240if (!getDolGlobalString('DAV_DISABLE_BROWSER')) {
241 $browser = new \Sabre\DAV\Browser\Plugin();
242 $server->addPlugin($browser);
243}
244
245// Automatically guess (some) contenttypes, based on extension
246//$server->addPlugin(new \Sabre\DAV\Browser\GuessContentType());
247
248//$server->addPlugin(new \Sabre\CardDAV\Plugin());
249//$server->addPlugin(new \Sabre\CalDAV\Plugin());
250//$server->addPlugin(new \Sabre\DAVACL\Plugin());
251
252// Temporary file filter
253/*$tempFF = new \Sabre\DAV\TemporaryFileFilterPlugin($tmpDir);
254$server->addPlugin($tempFF);
255*/
256
257// And off we go!
258$server->start();
259
260if (is_object($db)) {
261 $db->close();
262}
Class to manage Dolibarr users.
GETPOSTINT($paramname, $method=0)
Return the value of a $_GET or $_POST supervariable, converted into integer.
dol_now($mode='auto')
Return date for now.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
getUserRemoteIP()
Return the IP of remote user.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
if(!defined( 'CSRFCHECK_WITH_TOKEN'))
checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode, $context='')
Return a login if login/pass was successful.
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.