dolibarr 21.0.0-beta
ws.lib.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2011 Laurent Destailleur <eldy@users.sourceforge.net>
3 * Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
4 * Copyright (C) 2024 Frédéric France <frederic.france@free.fr>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <https://www.gnu.org/licenses/>.
18 * or see https://www.gnu.org/
19 */
20
37function check_authentication($authentication, &$error, &$errorcode, &$errorlabel)
38{
39 global $db, $conf, $langs;
40 global $dolibarr_main_authentication, $dolibarr_auto_user;
41
42 $fuser = new User($db);
43
44 if (!$error && ($authentication['dolibarrkey'] != $conf->global->WEBSERVICES_KEY)) {
45 $error++;
46 $errorcode = 'BAD_VALUE_FOR_SECURITY_KEY';
47 $errorlabel = 'Value provided into dolibarrkey entry field does not match security key defined in Webservice module setup';
48 }
49
50 if (!$error && !empty($authentication['entity']) && !is_numeric($authentication['entity'])) {
51 $error++;
52 $errorcode = 'BAD_PARAMETERS';
53 $errorlabel = "The entity parameter must be empty (or filled with numeric id of instance if multicompany module is used).";
54 }
55
56 if (!$error) {
57 $result = $fuser->fetch(0, $authentication['login'], '', 0);
58 if ($result < 0) {
59 $error++;
60 $errorcode = 'ERROR_FETCH_USER';
61 $errorlabel = 'A technical error occurred during fetch of user';
62 } elseif ($result == 0) {
63 $error++;
64 $errorcode = 'BAD_CREDENTIALS';
65 $errorlabel = 'Bad value for login or password';
66 }
67
68 if (!$error && $fuser->statut == 0) {
69 $error++;
70 $errorcode = 'ERROR_USER_DISABLED';
71 $errorlabel = 'This user has been locked or disabled';
72 }
73
74 // Validation of login
75 if (!$error) {
76 $fuser->loadRights(); // Load permission of user
77
78 // Authentication mode
79 if (empty($dolibarr_main_authentication) || $dolibarr_main_authentication == 'openid_connect') {
80 $dolibarr_main_authentication = 'http,dolibarr';
81 }
82 // Authentication mode: forceuser
83 if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) {
84 $dolibarr_auto_user = 'auto';
85 }
86 // Set authmode
87 $authmode = explode(',', $dolibarr_main_authentication);
88
89 include_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
90 $login = checkLoginPassEntity($authentication['login'], $authentication['password'], (string) $authentication['entity'], $authmode, 'ws');
91 if ($login === '--bad-login-validity--') {
92 $login = '';
93 }
94
95 if (empty($login)) {
96 $error++;
97 $errorcode = 'BAD_CREDENTIALS';
98 $errorlabel = 'Bad value for login or password';
99 }
100 }
101 }
102
103 return $fuser;
104}
Class to manage Dolibarr users.
global $conf
The following vars must be defined: $type2label $form $conf, $lang, The following vars may also be de...
Definition member.php:79
checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode, $context='')
Return a login if login/pass was successful.
check_authentication($authentication, &$error, &$errorcode, &$errorlabel)
Check authentication array and set error, errorcode, errorlabel.
Definition ws.lib.php:37