dolibarr  21.0.0-alpha
main.inc.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2002-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
3  * Copyright (C) 2003 Xavier Dutoit <doli@sydesy.com>
4  * Copyright (C) 2004-2021 Laurent Destailleur <eldy@users.sourceforge.net>
5  * Copyright (C) 2004 Sebastien Di Cintio <sdicintio@ressource-toi.org>
6  * Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
7  * Copyright (C) 2005-2021 Regis Houssin <regis.houssin@inodbox.com>
8  * Copyright (C) 2011-2014 Philippe Grand <philippe.grand@atoo-net.com>
9  * Copyright (C) 2008 Matteli
10  * Copyright (C) 2011-2016 Juanjo Menent <jmenent@2byte.es>
11  * Copyright (C) 2012 Christophe Battarel <christophe.battarel@altairis.fr>
12  * Copyright (C) 2014-2015 Marcos García <marcosgdf@gmail.com>
13  * Copyright (C) 2015 Raphaël Doursenaud <rdoursenaud@gpcsolutions.fr>
14  * Copyright (C) 2020 Demarest Maxime <maxime@indelog.fr>
15  * Copyright (C) 2020 Charlene Benke <charlie@patas-monkey.com>
16  * Copyright (C) 2021-2024 Frédéric France <frederic.france@free.fr>
17  * Copyright (C) 2021 Alexandre Spangaro <aspangaro@open-dsi.fr>
18  * Copyright (C) 2023 Joachim Küter <git-jk@bloxera.com>
19  * Copyright (C) 2023 Eric Seigne <eric.seigne@cap-rel.fr>
20  * Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
21  *
22  * This program is free software; you can redistribute it and/or modify
23  * it under the terms of the GNU General Public License as published by
24  * the Free Software Foundation; either version 3 of the License, or
25  * (at your option) any later version.
26  *
27  * This program is distributed in the hope that it will be useful,
28  * but WITHOUT ANY WARRANTY; without even the implied warranty of
29  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
30  * GNU General Public License for more details.
31  *
32  * You should have received a copy of the GNU General Public License
33  * along with this program. If not, see <https://www.gnu.org/licenses/>.
34  */
35 
42 //@ini_set('memory_limit', '128M'); // This may be useless if memory is hard limited by your PHP
43 
44 // For optional tuning. Enabled if environment variable MAIN_SHOW_TUNING_INFO is defined.
45 $micro_start_time = 0;
46 if (!empty($_SERVER['MAIN_SHOW_TUNING_INFO'])) {
47  list($usec, $sec) = explode(" ", microtime());
48  $micro_start_time = ((float) $usec + (float) $sec);
49  // Add Xdebug code coverage
50  //define('XDEBUGCOVERAGE',1);
51  if (defined('XDEBUGCOVERAGE')) {
52  xdebug_start_code_coverage();
53  }
54 }
55 
62 function getArrayOfEmoji()
63 {
64  $arrayofcommonemoji = array(
65  'misc' => array('2600', '26FF'), // Miscellaneous Symbols
66  'ding' => array('2700', '27BF'), // Dingbats
67  '????' => array('9989', '9989'), // Variation Selectors
68  'vars' => array('FE00', 'FE0F'), // Variation Selectors
69  'pict' => array('1F300', '1F5FF'), // Miscellaneous Symbols and Pictographs
70  'emot' => array('1F600', '1F64F'), // Emoticons
71  'tran' => array('1F680', '1F6FF'), // Transport and Map Symbols
72  'flag' => array('1F1E0', '1F1FF'), // Flags (note: may be 1F1E6 instead of 1F1E0)
73  'supp' => array('1F900', '1F9FF'), // Supplemental Symbols and Pictographs
74  );
75 
76  return $arrayofcommonemoji;
77 }
78 
86 function realCharForNumericEntities($matches)
87 {
88  $newstringnumentity = preg_replace('/;$/', '', $matches[1]);
89  //print ' $newstringnumentity='.$newstringnumentity;
90 
91  if (preg_match('/^x/i', $newstringnumentity)) { // if numeric is hexadecimal
92  $newstringnumentity = hexdec(preg_replace('/^x/i', '', $newstringnumentity));
93  } else {
94  $newstringnumentity = (int) $newstringnumentity;
95  }
96 
97  // The numeric values we don't want as entities because they encode ascii char, and why using html entities on ascii except for haking ?
98  if (($newstringnumentity >= 65 && $newstringnumentity <= 90) || ($newstringnumentity >= 97 && $newstringnumentity <= 122)) {
99  return chr((int) $newstringnumentity);
100  }
101 
102  // The numeric values we want in UTF8 instead of entities because it is emoji
103  $arrayofemojis = getArrayOfEmoji();
104  foreach ($arrayofemojis as $valarray) {
105  if ($newstringnumentity >= hexdec($valarray[0]) && $newstringnumentity <= hexdec($valarray[1])) {
106  // This is a known emoji
107  return html_entity_decode($matches[0], ENT_COMPAT | ENT_HTML5, 'UTF-8');
108  }
109  }
110 
111  return '&#'.$matches[1]; // Value will be unchanged because regex was /&#( )/
112 }
113 
123 function testSqlAndScriptInject($val, $type)
124 {
125  // Decode string first because a lot of things are obfuscated by encoding or multiple encoding.
126  // So <svg o&#110;load='console.log(&quot;123&quot;)' become <svg onload='console.log(&quot;123&quot;)'
127  // So "&colon;&apos;" become ":'" (due to ENT_HTML5)
128  // So "&Tab;&NewLine;" become ""
129  // So "&lpar;&rpar;" become "()"
130 
131  // Loop to decode until no more things to decode.
132  //print "before decoding $val\n";
133  do {
134  $oldval = $val;
135  $val = html_entity_decode($val, ENT_QUOTES | ENT_HTML5); // Decode '&colon;', '&apos;', '&Tab;', '&NewLine', ...
136  // Sometimes we have entities without the ; at end so html_entity_decode does not work but entities is still interpreted by browser.
137  $val = preg_replace_callback(
138  '/&#(x?[0-9][0-9a-f]+;?)/i',
143  static function ($m) {
144  // Decode '&#110;', ...
145  return realCharForNumericEntities($m);
146  },
147  $val
148  );
149 
150  // We clean html comments because some hacks try to obfuscate evil strings by inserting HTML comments. Example: on<!-- -->error=alert(1)
151  $val = preg_replace('/<!--[^>]*-->/', '', $val);
152  $val = preg_replace('/[\r\n\t]/', '', $val);
153  } while ($oldval != $val);
154  //print "type = ".$type." after decoding: ".$val."\n";
155 
156  $inj = 0;
157 
158  // We check string because some hacks try to obfuscate evil strings by inserting non printable chars. Example: 'java(ascci09)scr(ascii00)ipt' is processed like 'javascript' (whatever is place of evil ascii char)
159  // We should use dol_string_nounprintableascii but function is not yet loaded/available
160  // Example of valid UTF8 chars:
161  // utf8=utf8mb3: '\x09', '\x0A', '\x0D', '\x7E'
162  // utf8=utf8mb3: '\xE0\xA0\x80'
163  // utf8mb4: '\xF0\x9D\x84\x9E' (but this may be refused by the database insert if pagecode is utf8=utf8mb3)
164  $newval = preg_replace('/[\x00-\x08\x0B-\x0C\x0E-\x1F\x7F]/u', '', $val); // /u operator makes UTF8 valid characters being ignored so are not included into the replace
165 
166  // Note that $newval may also be completely empty '' when non valid UTF8 are found.
167  if ($newval != $val) {
168  // If $val has changed after removing non valid UTF8 chars, it means we have an evil string.
169  $inj += 1;
170  }
171  //print 'inj='.$inj.'-type='.$type.'-val='.$val.'-newval='.$newval."\n";
172 
173  // For SQL Injection (only GET are used to scan for such injection strings)
174  if ($type == 1 || $type == 3) {
175  // Note the \s+ is replaced into \s* because some spaces may have been modified in previous loop
176  $inj += preg_match('/delete\s*from/i', $val);
177  $inj += preg_match('/create\s*table/i', $val);
178  $inj += preg_match('/insert\s*into/i', $val);
179  $inj += preg_match('/select\s*from/i', $val);
180  $inj += preg_match('/into\s*(outfile|dumpfile)/i', $val);
181  $inj += preg_match('/user\s*\‍(/i', $val); // avoid to use function user() or mysql_user() that return current database login
182  $inj += preg_match('/information_schema/i', $val); // avoid to use request that read information_schema database
183  $inj += preg_match('/<svg/i', $val); // <svg can be allowed in POST
184  $inj += preg_match('/update[^&=\w].*set.+=/i', $val); // the [^&=\w] test is to avoid error when request is like action=update&...set... or &updatemodule=...set...
185  $inj += preg_match('/union.+select/i', $val);
186  }
187  if ($type == 3) {
188  // Note the \s+ is replaced into \s* because some spaces may have been modified in previous loop
189  $inj += preg_match('/select|update|delete|truncate|replace|group\s*by|concat|count|from|union/i', $val);
190  }
191  if ($type != 2) { // Not common key strings, so we can check them both on GET and POST
192  $inj += preg_match('/updatexml\‍(/i', $val);
193  $inj += preg_match('/(\.\.%2f)+/i', $val);
194  $inj += preg_match('/\s@@/', $val);
195  }
196  // For XSS Injection done by closing textarea to execute content into a textarea field
197  $inj += preg_match('/<\/textarea/i', $val);
198  // For XSS Injection done by adding javascript with script
199  // This is all cases a browser consider text is javascript:
200  // When it found '<script', 'javascript:', '<style', 'onload\s=' on body tag, '="&' on a tag size with old browsers
201  // All examples on page: http://ha.ckers.org/xss.html#XSScalc
202  // More on https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
203  $inj += preg_match('/<audio/i', $val);
204  $inj += preg_match('/<embed/i', $val);
205  $inj += preg_match('/<iframe/i', $val);
206  $inj += preg_match('/<object/i', $val);
207  $inj += preg_match('/<script/i', $val);
208  $inj += preg_match('/Set\.constructor/i', $val); // ECMA script 6
209  if (!defined('NOSTYLECHECK')) {
210  $inj += preg_match('/<style/i', $val);
211  }
212  $inj += preg_match('/base\s+href/si', $val);
213  $inj += preg_match('/=data:/si', $val);
214  // List of dom events is on https://www.w3schools.com/jsref/dom_obj_event.asp and https://developer.mozilla.org/en-US/docs/Web/Events
215  $inj += preg_match('/on(mouse|drag|key|load|touch|pointer|select|transition)[a-z]*\s*=/i', $val); // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
216  $inj += preg_match('/on(abort|after|animation|auxclick|before|blur|cancel|canplay|canplaythrough|change|click|close|contextmenu|cuechange|copy|cut)[a-z]*\s*=/i', $val);
217  $inj += preg_match('/on(dblclick|drop|durationchange|emptied|end|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)[a-z]*\s*=/i', $val);
218  $inj += preg_match('/on(lostpointercapture|offline|online|pagehide|pageshow)[a-z]*\s*=/i', $val);
219  $inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|reset|resize|scroll|search|seeked|seeking|show|stalled|start|submit|suspend)[a-z]*\s*=/i', $val);
220  $inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting|wheel)[a-z]*\s*=/i', $val);
221  // More not into the previous list
222 
223  $inj += preg_match('/on(repeat|begin|finish|beforeinput)[a-z]*\s*=/i', $val);
224 
225  // We refuse html into html because some hacks try to obfuscate evil strings by inserting HTML into HTML. Example: <img on<a>error=alert(1) to bypass test on onerror
226  $tmpval = preg_replace('/<[^<]+>/', '', $val);
227  // List of dom events is on https://www.w3schools.com/jsref/dom_obj_event.asp and https://developer.mozilla.org/en-US/docs/Web/Events
228  $inj += preg_match('/on(mouse|drag|key|load|touch|pointer|select|transition)[a-z]*\s*=/i', $tmpval); // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
229  $inj += preg_match('/on(abort|after|animation|auxclick|before|blur|cancel|canplay|canplaythrough|change|click|close|contextmenu|cuechange|copy|cut)[a-z]*\s*=/i', $tmpval);
230  $inj += preg_match('/on(dblclick|drop|durationchange|emptied|end|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)[a-z]*\s*=/i', $tmpval);
231  $inj += preg_match('/on(lostpointercapture|offline|online|pagehide|pageshow)[a-z]*\s*=/i', $tmpval);
232  $inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|reset|resize|scroll|search|seeked|seeking|show|stalled|start|submit|suspend)[a-z]*\s*=/i', $tmpval);
233  $inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting|wheel)[a-z]*\s*=/i', $tmpval);
234  // More not into the previous list
235  $inj += preg_match('/on(repeat|begin|finish|beforeinput)[a-z]*\s*=/i', $tmpval);
236 
237  //$inj += preg_match('/on[A-Z][a-z]+\*=/', $val); // To lock event handlers onAbort(), ...
238  $inj += preg_match('/&#58;|&#0000058|&#x3A/i', $val); // refused string ':' encoded (no reason to have it encoded) to lock 'javascript:...'
239  $inj += preg_match('/j\s*a\s*v\s*a\s*s\s*c\s*r\s*i\s*p\s*t\s*:/i', $val);
240  $inj += preg_match('/vbscript\s*:/i', $val);
241  // For XSS Injection done by adding javascript closing html tags like with onmousemove, etc... (closing a src or href tag with not cleaned param)
242  if ($type == 1 || $type == 3) {
243  $val = str_replace('enclosure="', 'enclosure=X', $val); // We accept enclosure=" for the export/import module
244  $inj += preg_match('/"/i', $val); // We refused " in GET parameters value.
245  }
246  if ($type == 2) {
247  $inj += preg_match('/[:;"\'<>\?\‍(\‍){}\$%]/', $val); // PHP_SELF is a file system (or url path without parameters). It can contains spaces.
248  }
249 
250  return $inj;
251 }
252 
261 function analyseVarsForSqlAndScriptsInjection(&$var, $type, $stopcode = 1)
262 {
263  if (is_array($var)) {
264  foreach ($var as $key => $value) { // Warning, $key may also be used for attacks
265  // Exclude check for some variable keys
266  if ($type === 0 && defined('NOSCANPOSTFORINJECTION') && is_array(constant('NOSCANPOSTFORINJECTION')) && in_array($key, constant('NOSCANPOSTFORINJECTION'))) {
267  continue;
268  }
269 
270  if (analyseVarsForSqlAndScriptsInjection($key, $type, $stopcode) && analyseVarsForSqlAndScriptsInjection($value, $type, $stopcode)) {
271  //$var[$key] = $value; // This is useless
272  } else {
273  http_response_code(403);
274 
275  // Get remote IP: PS: We do not use getRemoteIP(), function is not yet loaded and we need a value that can't be spoofed
276  $ip = (empty($_SERVER['REMOTE_ADDR']) ? 'unknown' : $_SERVER['REMOTE_ADDR']);
277 
278  if ($stopcode) {
279  $errormessage = 'Access refused to '.htmlentities($ip, ENT_COMPAT, 'UTF-8').' by SQL or Script injection protection in main.inc.php:analyseVarsForSqlAndScriptsInjection type='.htmlentities((string) $type, ENT_COMPAT, 'UTF-8');
280  //$errormessage .= ' paramkey='.htmlentities($key, ENT_COMPAT, 'UTF-8'); // Disabled to avoid text injection
281 
282  $errormessage2 = 'page='.htmlentities((empty($_SERVER["REQUEST_URI"]) ? '' : $_SERVER["REQUEST_URI"]), ENT_COMPAT, 'UTF-8');
283  $errormessage2 .= ' paramtype='.htmlentities((string) $type, ENT_COMPAT, 'UTF-8');
284  $errormessage2 .= ' paramkey='.htmlentities($key, ENT_COMPAT, 'UTF-8');
285  $errormessage2 .= ' paramvalue='.htmlentities($value, ENT_COMPAT, 'UTF-8');
286 
287  print $errormessage;
288  print "<br>\n";
289  print 'Try to go back, fix data of your form and resubmit it. You can contact also your technical support.';
290 
291  print "\n".'<!--'."\n";
292  print $errormessage2;
293  print "\n".'-->';
294 
295  // Add entry into the PHP server error log
296  if (function_exists('error_log')) {
297  error_log($errormessage.' '.substr($errormessage2, 2000));
298  }
299 
300  // Note: No addition into security audit table is done because we don't want to execute code in such a case.
301  // Detection of too many such requests can be done with a fail2ban rule on 403 error code or into the PHP server error log.
302 
303 
304  if (class_exists('PHPUnit\Framework\TestSuite')) {
305  $message = $errormessage.' '.substr($errormessage2, 2000);
306  throw new Exception("Security injection exception: $message");
307  }
308  exit;
309  } else {
310  return false;
311  }
312  }
313  }
314  return true;
315  } else {
316  return (testSqlAndScriptInject($var, $type) <= 0);
317  }
318 }
319 
320 // To disable the WAF for GET and POST and PHP_SELF, uncomment this
321 //define('NOSCANPHPSELFFORINJECTION', 1);
322 //define('NOSCANGETFORINJECTION', 1);
323 //define('NOSCANPOSTFORINJECTION', 1 or 2);
324 
325 // Check consistency of NOREQUIREXXX DEFINES
326 if ((defined('NOREQUIREDB') || defined('NOREQUIRETRAN')) && !defined('NOREQUIREMENU')) {
327  print 'If define NOREQUIREDB or NOREQUIRETRAN are set, you must also set NOREQUIREMENU or not set them.';
328  exit;
329 }
330 if (defined('NOREQUIREUSER') && !defined('NOREQUIREMENU')) {
331  print 'If define NOREQUIREUSER is set, you must also set NOREQUIREMENU or not set it.';
332  exit;
333 }
334 
335 // Sanity check on URL
336 if (!defined('NOSCANPHPSELFFORINJECTION') && !empty($_SERVER["PHP_SELF"])) {
337  $morevaltochecklikepost = array($_SERVER["PHP_SELF"]);
338  analyseVarsForSqlAndScriptsInjection($morevaltochecklikepost, 2);
339 }
340 // Sanity check on GET parameters
341 if (!defined('NOSCANGETFORINJECTION') && !empty($_SERVER["QUERY_STRING"])) {
342  // Note: QUERY_STRING is url encoded, but $_GET and $_POST are already decoded
343  // Because the analyseVarsForSqlAndScriptsInjection is designed for already url decoded value, we must decode QUERY_STRING
344  // Another solution is to provide $_GET as parameter with analyseVarsForSqlAndScriptsInjection($_GET, 1);
345  $morevaltochecklikeget = array(urldecode($_SERVER["QUERY_STRING"]));
346  analyseVarsForSqlAndScriptsInjection($morevaltochecklikeget, 1);
347 }
348 // Sanity check on POST
349 if (!defined('NOSCANPOSTFORINJECTION') || is_array(constant('NOSCANPOSTFORINJECTION'))) {
351 }
352 
353 // This is to make Dolibarr working with Plesk
354 if (!empty($_SERVER['DOCUMENT_ROOT']) && substr($_SERVER['DOCUMENT_ROOT'], -6) !== 'htdocs') {
355  set_include_path($_SERVER['DOCUMENT_ROOT'].'/htdocs');
356 }
357 
358 // Include the conf.php and functions.lib.php and security.lib.php. This defined the constants like DOL_DOCUMENT_ROOT, DOL_DATA_ROOT, DOL_URL_ROOT...
359 require_once 'filefunc.inc.php';
360 
361 // If there is a POST parameter to tell to save automatically some POST parameters into cookies, we do it.
362 // This is used for example by form of boxes to save personalization of some options.
363 // DOL_AUTOSET_COOKIE=cookiename:val1,val2 and cookiename_val1=aaa cookiename_val2=bbb will set cookie_name with value json_encode(array('val1'=> , ))
364 if (GETPOST("DOL_AUTOSET_COOKIE")) {
365  $tmpautoset = explode(':', GETPOST("DOL_AUTOSET_COOKIE"), 2);
366  $tmplist = explode(',', $tmpautoset[1]);
367  $cookiearrayvalue = array();
368  foreach ($tmplist as $tmpkey) {
369  $postkey = $tmpautoset[0].'_'.$tmpkey;
370  //var_dump('tmpkey='.$tmpkey.' postkey='.$postkey.' value='.GETPOST($postkey);
371  if (GETPOST($postkey)) {
372  $cookiearrayvalue[$tmpkey] = GETPOST($postkey);
373  }
374  }
375  $cookiename = $tmpautoset[0];
376  $cookievalue = json_encode($cookiearrayvalue);
377  //var_dump('setcookie cookiename='.$cookiename.' cookievalue='.$cookievalue);
378  if (PHP_VERSION_ID < 70300) {
379  setcookie($cookiename, empty($cookievalue) ? '' : $cookievalue, empty($cookievalue) ? 0 : (time() + (86400 * 354)), '/', '', ((empty($dolibarr_main_force_https) && isHTTPS() === false) ? false : true), true); // keep cookie 1 year and add tag httponly
380  } else {
381  // Only available for php >= 7.3
382  $cookieparams = array(
383  'expires' => empty($cookievalue) ? 0 : (time() + (86400 * 354)),
384  'path' => '/',
385  //'domain' => '.mywebsite.com', // the dot at the beginning allows compatibility with subdomains
386  'secure' => ((empty($dolibarr_main_force_https) && isHTTPS() === false) ? false : true),
387  'httponly' => true,
388  'samesite' => 'Lax' // None || Lax || Strict
389  );
390  setcookie($cookiename, empty($cookievalue) ? '' : $cookievalue, $cookieparams);
391  }
392  if (empty($cookievalue)) {
393  unset($_COOKIE[$cookiename]);
394  }
395 }
396 
397 // Set the handler of session
398 // if (ini_get('session.save_handler') == 'user')
399 if (!empty($php_session_save_handler) && $php_session_save_handler == 'db') {
400  require_once 'core/lib/phpsessionin'.$php_session_save_handler.'.lib.php';
401 }
402 
403 // Init session. Name of session is specific to Dolibarr instance.
404 // Must be done after the include of filefunc.inc.php so global variables of conf file are defined (like $dolibarr_main_instance_unique_id or $dolibarr_main_force_https).
405 // Note: the function dol_getprefix() is defined into functions.lib.php but may have been defined to return a different key to manage another area to protect.
406 $prefix = dol_getprefix('');
407 $sessionname = 'DOLSESSID_'.$prefix;
408 $sessiontimeout = 'DOLSESSTIMEOUT_'.$prefix;
409 if (!empty($_COOKIE[$sessiontimeout])) {
410  ini_set('session.gc_maxlifetime', $_COOKIE[$sessiontimeout]);
411 }
412 
413 // This create lock, released by session_write_close() or end of page.
414 // We need this lock as long as we read/write $_SESSION ['vars']. We can remove lock when finished.
415 if (!defined('NOSESSION')) {
416  if (PHP_VERSION_ID < 70300) {
417  session_set_cookie_params(0, '/', null, ((empty($dolibarr_main_force_https) && isHTTPS() === false) ? false : true), true); // Add tag secure and httponly on session cookie (same as setting session.cookie_httponly into php.ini). Must be called before the session_start.
418  } else {
419  // Only available for php >= 7.3
420  $sessioncookieparams = array(
421  'lifetime' => 0,
422  'path' => '/',
423  //'domain' => '.mywebsite.com', // the dot at the beginning allows compatibility with subdomains
424  'secure' => ((empty($dolibarr_main_force_https) && isHTTPS() === false) ? false : true),
425  'httponly' => true,
426  'samesite' => 'Lax' // None || Lax || Strict
427  );
428  session_set_cookie_params($sessioncookieparams);
429  }
430  session_name($sessionname);
431  dol_session_start(); // This call the open and read of session handler
432  //exit; // this exist generates a call to write and close
433 }
434 
435 
436 // Init the 6 global objects, this include will make the 'new Xxx()' and set properties for: $conf, $db, $langs, $user, $mysoc, $hookmanager
437 require_once 'master.inc.php';
438 
439 // Uncomment this and set session.save_handler = user to use local session storing
440 // include DOL_DOCUMENT_ROOT.'/core/lib/phpsessionindb.inc.php
441 
442 // If software has been locked. Only login $conf->global->MAIN_ONLY_LOGIN_ALLOWED is allowed.
443 if (getDolGlobalString('MAIN_ONLY_LOGIN_ALLOWED')) {
444  $ok = 0;
445  if ((!session_id() || !isset($_SESSION["dol_login"])) && !isset($_POST["username"]) && !empty($_SERVER["GATEWAY_INTERFACE"])) {
446  $ok = 1; // We let working pages if not logged and inside a web browser (login form, to allow login by admin)
447  } elseif (isset($_POST["username"]) && $_POST["username"] == $conf->global->MAIN_ONLY_LOGIN_ALLOWED) {
448  $ok = 1; // We let working pages that is a login submission (login submit, to allow login by admin)
449  } elseif (defined('NOREQUIREDB')) {
450  $ok = 1; // We let working pages that don't need database access (xxx.css.php)
451  } elseif (defined('EVEN_IF_ONLY_LOGIN_ALLOWED')) {
452  $ok = 1; // We let working pages that ask to work even if only login enabled (logout.php)
453  } elseif (session_id() && isset($_SESSION["dol_login"]) && $_SESSION["dol_login"] == $conf->global->MAIN_ONLY_LOGIN_ALLOWED) {
454  $ok = 1; // We let working if user is allowed admin
455  }
456  if (!$ok) {
457  if (session_id() && isset($_SESSION["dol_login"]) && $_SESSION["dol_login"] != $conf->global->MAIN_ONLY_LOGIN_ALLOWED) {
458  print 'Sorry, your application is offline.'."\n";
459  print 'You are logged with user "'.$_SESSION["dol_login"].'" and only administrator user "' . getDolGlobalString('MAIN_ONLY_LOGIN_ALLOWED').'" is allowed to connect for the moment.'."\n";
460  $nexturl = DOL_URL_ROOT.'/user/logout.php?token='.newToken();
461  print 'Please try later or <a href="'.$nexturl.'">click here to disconnect and change login user</a>...'."\n";
462  } else {
463  print 'Sorry, your application is offline. Only administrator user "' . getDolGlobalString('MAIN_ONLY_LOGIN_ALLOWED').'" is allowed to connect for the moment.'."\n";
464  $nexturl = DOL_URL_ROOT.'/';
465  print 'Please try later or <a href="'.$nexturl.'">click here to change login user</a>...'."\n";
466  }
467  exit;
468  }
469 }
470 
471 
472 // Activate end of page function
473 register_shutdown_function('dol_shutdown');
474 
475 // Load debugbar
476 if (isModEnabled('debugbar') && !GETPOST('dol_use_jmobile') && empty($_SESSION['dol_use_jmobile'])) {
477  global $debugbar;
478  include_once DOL_DOCUMENT_ROOT.'/debugbar/class/DebugBar.php';
479  $debugbar = new DolibarrDebugBar();
480  $renderer = $debugbar->getJavascriptRenderer();
481  if (!getDolGlobalString('MAIN_HTML_HEADER')) {
482  $conf->global->MAIN_HTML_HEADER = '';
483  }
484  $conf->global->MAIN_HTML_HEADER .= $renderer->renderHead();
485 
486  $debugbar['time']->startMeasure('pageaftermaster', 'Page generation (after environment init)');
487 }
488 
489 // Detection browser
490 if (isset($_SERVER["HTTP_USER_AGENT"])) {
491  $tmp = getBrowserInfo($_SERVER["HTTP_USER_AGENT"]);
492  $conf->browser->name = $tmp['browsername'];
493  $conf->browser->os = $tmp['browseros'];
494  $conf->browser->version = $tmp['browserversion'];
495  $conf->browser->ua = $tmp['browserua'];
496  $conf->browser->layout = $tmp['layout']; // 'classic', 'phone', 'tablet'
497  //var_dump($conf->browser);
498 
499  if ($conf->browser->layout == 'phone') {
500  $conf->dol_no_mouse_hover = 1;
501  }
502 }
503 
504 // If theme is forced
505 if (GETPOST('theme', 'aZ09')) {
506  $conf->theme = GETPOST('theme', 'aZ09');
507  $conf->css = "/theme/".$conf->theme."/style.css.php";
508 }
509 
510 // Set global MAIN_OPTIMIZEFORTEXTBROWSER (must be before login part)
511 if (GETPOSTINT('textbrowser') || (!empty($conf->browser->name) && $conf->browser->name == 'lynxlinks')) { // If we must enable text browser
512  $conf->global->MAIN_OPTIMIZEFORTEXTBROWSER = 2;
513 }
514 
515 // Force HTTPS if required ($conf->file->main_force_https is 0/1 or 'https dolibarr root url')
516 // $_SERVER["HTTPS"] is 'on' when link is https, otherwise $_SERVER["HTTPS"] is empty or 'off'
517 if (!empty($conf->file->main_force_https) && !isHTTPS() && !defined('NOHTTPSREDIRECT')) {
518  $newurl = '';
519  if (is_numeric($conf->file->main_force_https)) {
520  if ($conf->file->main_force_https == '1' && !empty($_SERVER["SCRIPT_URI"])) { // If SCRIPT_URI supported by server
521  if (preg_match('/^http:/i', $_SERVER["SCRIPT_URI"]) && !preg_match('/^https:/i', $_SERVER["SCRIPT_URI"])) { // If link is http
522  $newurl = preg_replace('/^http:/i', 'https:', $_SERVER["SCRIPT_URI"]);
523  }
524  } else {
525  // If HTTPS is not defined in DOL_MAIN_URL_ROOT,
526  // Check HTTPS environment variable (Apache/mod_ssl only)
527  $newurl = preg_replace('/^http:/i', 'https:', DOL_MAIN_URL_ROOT).$_SERVER["REQUEST_URI"];
528  }
529  } else {
530  // Check HTTPS environment variable (Apache/mod_ssl only)
531  $newurl = $conf->file->main_force_https.$_SERVER["REQUEST_URI"];
532  }
533  // Start redirect
534  if ($newurl) {
535  header_remove(); // Clean header already set to be sure to remove any header like "Set-Cookie: DOLSESSID_..." from non HTTPS answers
536  dol_syslog("main.inc: dolibarr_main_force_https is on, we make a redirect to ".$newurl);
537  header("Location: ".$newurl);
538  exit;
539  } else {
540  dol_syslog("main.inc: dolibarr_main_force_https is on but we failed to forge new https url so no redirect is done", LOG_WARNING);
541  }
542 }
543 
544 if (!defined('NOLOGIN') && !defined('NOIPCHECK') && !empty($dolibarr_main_restrict_ip)) {
545  $listofip = explode(',', $dolibarr_main_restrict_ip);
546  $found = false;
547  foreach ($listofip as $ip) {
548  $ip = trim($ip);
549  if ($ip == $_SERVER['REMOTE_ADDR']) {
550  $found = true;
551  break;
552  }
553  }
554  if (!$found) {
555  print 'Access refused by IP protection. Your detected IP is '.$_SERVER['REMOTE_ADDR'];
556  exit;
557  }
558 }
559 
560 // Loading of additional presentation includes
561 if (!defined('NOREQUIREHTML')) {
562  require_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php'; // Need 660ko memory (800ko in 2.2)
563 }
564 if (!defined('NOREQUIREAJAX')) {
565  require_once DOL_DOCUMENT_ROOT.'/core/lib/ajax.lib.php'; // Need 22ko memory
566 }
567 
568 // If install or upgrade process not done or not completely finished, we call the install page.
569 if (getDolGlobalString('MAIN_NOT_INSTALLED') || getDolGlobalString('MAIN_NOT_UPGRADED')) {
570  dol_syslog("main.inc: A previous install or upgrade was not complete. Redirect to install page.", LOG_WARNING);
571  header("Location: ".DOL_URL_ROOT."/install/index.php");
572  exit;
573 }
574 // If an upgrade process is required, we call the install page.
575 $checkifupgraderequired = false;
576 if (getDolGlobalString('MAIN_VERSION_LAST_UPGRADE') && getDolGlobalString('MAIN_VERSION_LAST_UPGRADE') != DOL_VERSION) {
577  $checkifupgraderequired = true;
578 }
579 if (!getDolGlobalString('MAIN_VERSION_LAST_UPGRADE') && getDolGlobalString('MAIN_VERSION_LAST_INSTALL') && getDolGlobalString('MAIN_VERSION_LAST_INSTALL') != DOL_VERSION) {
580  $checkifupgraderequired = true;
581 }
582 if ($checkifupgraderequired) {
583  $versiontocompare = getDolGlobalString('MAIN_VERSION_LAST_UPGRADE', getDolGlobalString('MAIN_VERSION_LAST_INSTALL'));
584  require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
585  $dolibarrversionlastupgrade = preg_split('/[.-]/', $versiontocompare);
586  $dolibarrversionprogram = preg_split('/[.-]/', DOL_VERSION);
587  $rescomp = versioncompare($dolibarrversionprogram, $dolibarrversionlastupgrade);
588  if ($rescomp > 0) { // Programs have a version higher than database.
589  if (!getDolGlobalString('MAIN_NO_UPGRADE_REDIRECT_ON_LEVEL_3_CHANGE') || $rescomp < 3) {
590  // We did not add "&& $rescomp < 3" because we want upgrade process for build upgrades
591  dol_syslog("main.inc: database version ".$versiontocompare." is lower than programs version ".DOL_VERSION.". Redirect to install/upgrade page.", LOG_WARNING);
592  if (php_sapi_name() === "cli") {
593  print "main.inc: database version ".$versiontocompare." is lower than programs version ".DOL_VERSION.". Try to run upgrade process.\n";
594  } else {
595  header("Location: ".DOL_URL_ROOT."/install/index.php");
596  }
597  exit;
598  }
599  }
600 }
601 
602 // Creation of a token against CSRF vulnerabilities
603 if (!defined('NOTOKENRENEWAL') && !defined('NOSESSION')) {
604  // No token renewal on .css.php, .js.php and .json.php (even if the NOTOKENRENEWAL was not provided)
605  if (!preg_match('/\.(css|js|json)\.php$/', $_SERVER["PHP_SELF"])) {
606  // Rolling token at each call ($_SESSION['token'] contains token of previous page)
607  if (isset($_SESSION['newtoken'])) {
608  $_SESSION['token'] = $_SESSION['newtoken'];
609  }
610 
611  if (!isset($_SESSION['newtoken']) || getDolGlobalInt('MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL')) {
612  // Note: Using MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL is not recommended: if a user succeed in entering a data from
613  // a public page with a link that make a token regeneration, it can make use of the backoffice no more possible !
614  // Save in $_SESSION['newtoken'] what will be next token. Into forms, we will add param token = $_SESSION['newtoken']
615  $token = dol_hash(uniqid((string) mt_rand(), false), 'md5'); // Generates a hash of a random number. We don't need a secured hash, just a changing random value.
616  $_SESSION['newtoken'] = $token;
617  dol_syslog("NEW TOKEN generated by : ".$_SERVER['PHP_SELF'], LOG_DEBUG);
618  }
619  }
620 }
621 
622 //dol_syslog("CSRF info: ".defined('NOCSRFCHECK')." - ".$dolibarr_nocsrfcheck." - ".$conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN." - ".$_SERVER['REQUEST_METHOD']." - ".GETPOST('token', 'alpha'));
623 
624 // Check validity of token, only if option MAIN_SECURITY_CSRF_WITH_TOKEN enabled or if constant CSRFCHECK_WITH_TOKEN is set into page
625 if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt('MAIN_SECURITY_CSRF_WITH_TOKEN')) || defined('CSRFCHECK_WITH_TOKEN')) {
626  // Array of action code where CSRFCHECK with token will be forced (so token must be provided on url request)
627  $sensitiveget = false;
628  if ((GETPOSTISSET('massaction') || GETPOST('action', 'aZ09')) && getDolGlobalInt('MAIN_SECURITY_CSRF_WITH_TOKEN') >= 3) {
629  // All GET actions (except the listed exceptions that are usually post for pre-actions and not real action) and mass actions are processed as sensitive.
630  if (GETPOSTISSET('massaction') || !in_array(GETPOST('action', 'aZ09'), array('create', 'createsite', 'createcard', 'edit', 'editvalidator', 'file_manager', 'presend', 'presend_addmessage', 'preview', 'specimen'))) { // We exclude some action that are not sensitive so legitimate
631  $sensitiveget = true;
632  }
633  } elseif (getDolGlobalInt('MAIN_SECURITY_CSRF_WITH_TOKEN') >= 2) {
634  // Few GET actions coded with a &token into url are also processed as sensitive.
635  $arrayofactiontoforcetokencheck = array(
636  'activate',
637  'doprev', 'donext', 'dvprev', 'dvnext',
638  'freezone', 'install',
639  'reopen'
640  );
641  if (in_array(GETPOST('action', 'aZ09'), $arrayofactiontoforcetokencheck)) {
642  $sensitiveget = true;
643  }
644  // We also need a valid token for actions matching one of these values
645  if (preg_match('/^(confirm_)?(add|classify|close|confirm|copy|del|disable|enable|remove|set|unset|update|save)/', GETPOST('action', 'aZ09'))) {
646  $sensitiveget = true;
647  }
648  }
649 
650  // Check a token is provided for all cases that need a mandatory token
651  // (all POST actions + all sensitive GET actions + all mass actions + all login/actions/logout on pages with CSRFCHECK_WITH_TOKEN set)
652  if (
653  (!empty($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'POST') ||
654  $sensitiveget ||
655  GETPOSTISSET('massaction') ||
656  ((GETPOSTISSET('actionlogin') || GETPOSTISSET('action')) && defined('CSRFCHECK_WITH_TOKEN'))
657  ) {
658  // If token is not provided or empty, error (we are in case it is mandatory)
659  if (!GETPOST('token', 'alpha') || GETPOST('token', 'alpha') == 'notrequired') {
660  top_httphead();
661  if (GETPOSTINT('uploadform')) {
662  dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused. File size too large or not provided.");
663  $langs->loadLangs(array("errors", "install"));
664  print $langs->trans("ErrorFileSizeTooLarge").' ';
665  print $langs->trans("ErrorGoBackAndCorrectParameters");
666  } else {
667  http_response_code(403);
668  if (defined('CSRFCHECK_WITH_TOKEN')) {
669  dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (CSRFCHECK_WITH_TOKEN protection) in main.inc.php. Token not provided.", LOG_WARNING);
670  print "Access to a page that needs a token (constant CSRFCHECK_WITH_TOKEN is defined) is refused by CSRF protection in main.inc.php. Token not provided.\n";
671  } else {
672  dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (POST method or GET with a sensible value for 'action' parameter) in main.inc.php. Token not provided.", LOG_WARNING);
673  print "Access to this page this way (POST method or GET with a sensible value for 'action' parameter) is refused by CSRF protection in main.inc.php. Token not provided.\n";
674  print "If you access your server behind a proxy using url rewriting and the parameter is provided by caller, you might check that all HTTP header are propagated (or add the line \$dolibarr_nocsrfcheck=1 into your conf.php file or MAIN_SECURITY_CSRF_WITH_TOKEN to 0";
675  if (getDolGlobalString('MAIN_SECURITY_CSRF_WITH_TOKEN')) {
676  print " instead of " . getDolGlobalString('MAIN_SECURITY_CSRF_WITH_TOKEN');
677  }
678  print " into setup).\n";
679  }
680  }
681  die;
682  }
683  }
684 
685  $sessiontokenforthisurl = (empty($_SESSION['token']) ? '' : $_SESSION['token']);
686  // TODO Get the sessiontokenforthisurl into an array of session token (one array per base URL so we can use the CSRF per page and we keep ability for several tabs per url in a browser)
687  if (GETPOSTISSET('token') && GETPOST('token') != 'notrequired' && GETPOST('token', 'alpha') != $sessiontokenforthisurl) {
688  dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (invalid token), so we disable POST and some GET parameters - referrer=".(empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']).", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha'), LOG_WARNING);
689  //dol_syslog("_SESSION['token']=".$sessiontokenforthisurl, LOG_DEBUG);
690  // Do not output anything on standard output because this create problems when using the BACK button on browsers. So we just set a message into session.
691  if (!defined('NOTOKENRENEWAL')) {
692  // If the page is not a page that disable the token renewal, we report a warning message to explain token has epired.
693  setEventMessages('SecurityTokenHasExpiredSoActionHasBeenCanceledPleaseRetry', null, 'warnings', '', 1);
694  }
695  $savid = null;
696  if (isset($_POST['id'])) {
697  $savid = ((int) $_POST['id']);
698  }
699  unset($_POST);
700  unset($_GET['confirm']);
701  unset($_GET['action']);
702  unset($_GET['confirmmassaction']);
703  unset($_GET['massaction']);
704  unset($_GET['token']); // TODO Make a redirect if we have a token in url to remove it ?
705  if (isset($savid)) {
706  $_POST['id'] = ((int) $savid);
707  }
708  // So rest of code can know something was wrong here
709  $_GET['errorcode'] = 'InvalidToken';
710  }
711 
712  // Note: There is another CSRF protection into the filefunc.inc.php
713 }
714 
715 // Disable modules (this must be after session_start and after conf has been loaded)
716 if (GETPOSTISSET('disablemodules')) {
717  $_SESSION["disablemodules"] = GETPOST('disablemodules', 'alpha');
718 }
719 if (!empty($_SESSION["disablemodules"])) {
720  $modulepartkeys = array('css', 'js', 'tabs', 'triggers', 'login', 'substitutions', 'menus', 'theme', 'sms', 'tpl', 'barcode', 'models', 'societe', 'hooks', 'dir', 'syslog', 'tpllinkable', 'contactelement', 'moduleforexternal', 'websitetemplates');
721 
722  $disabled_modules = explode(',', $_SESSION["disablemodules"]);
723  foreach ($disabled_modules as $module) {
724  if ($module) {
725  if (empty($conf->$module)) {
726  $conf->$module = new stdClass(); // To avoid warnings
727  }
728  $conf->$module->enabled = false;
729  foreach ($modulepartkeys as $modulepartkey) {
730  unset($conf->modules_parts[$modulepartkey][$module]);
731  }
732  if ($module == 'fournisseur') { // Special case
733  $conf->supplier_order->enabled = 0;
734  $conf->supplier_invoice->enabled = 0;
735  }
736  }
737  }
738 }
739 
740 // Set current modulepart
741 $modulepart = explode("/", $_SERVER["PHP_SELF"]);
742 if (is_array($modulepart) && count($modulepart) > 0) {
743  foreach ($conf->modules as $module) {
744  if (in_array($module, $modulepart)) {
745  $modulepart = $module;
746  break;
747  }
748  }
749 }
750 if (is_array($modulepart)) {
751  $modulepart = '';
752 }
753 
754 
755 /*
756  * Phase authentication / login
757  */
758 
759 $login = '';
760 $error = 0;
761 if (!defined('NOLOGIN')) {
762  // $authmode lists the different method of identification to be tested in order of preference.
763  // Example: 'http', 'dolibarr', 'ldap', 'http,forceuser', '...'
764 
765  if (defined('MAIN_AUTHENTICATION_MODE')) {
766  $dolibarr_main_authentication = constant('MAIN_AUTHENTICATION_MODE');
767  } else {
768  // Authentication mode
769  if (empty($dolibarr_main_authentication)) {
770  $dolibarr_main_authentication = 'dolibarr';
771  }
772  // Authentication mode: forceuser
773  if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) {
774  $dolibarr_auto_user = 'auto';
775  }
776  }
777  // Set authmode
778  $authmode = explode(',', $dolibarr_main_authentication);
779 
780  // No authentication mode
781  if (!count($authmode)) {
782  $langs->load('main');
783  dol_print_error(null, $langs->trans("ErrorConfigParameterNotDefined", 'dolibarr_main_authentication'));
784  exit;
785  }
786 
787  // If login request was already post, we retrieve login from the session
788  // Call module if not realized that his request.
789  // At the end of this phase, the variable $login is defined.
790  $resultFetchUser = '';
791  $test = true;
792  if (!isset($_SESSION["dol_login"])) {
793  // It is not already authenticated and it requests the login / password
794  include_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
795 
796  $dol_dst_observed = GETPOSTINT("dst_observed", 3);
797  $dol_dst_first = GETPOSTINT("dst_first", 3);
798  $dol_dst_second = GETPOSTINT("dst_second", 3);
799  $dol_screenwidth = GETPOSTINT("screenwidth", 3);
800  $dol_screenheight = GETPOSTINT("screenheight", 3);
801  $dol_hide_topmenu = GETPOSTINT('dol_hide_topmenu', 3);
802  $dol_hide_leftmenu = GETPOSTINT('dol_hide_leftmenu', 3);
803  $dol_optimize_smallscreen = GETPOSTINT('dol_optimize_smallscreen', 3);
804  $dol_no_mouse_hover = GETPOSTINT('dol_no_mouse_hover', 3);
805  $dol_use_jmobile = GETPOSTINT('dol_use_jmobile', 3); // 0=default, 1=to say we use app from a webview app, 2=to say we use app from a webview app and keep ajax
806 
807  // If in demo mode, we check we go to home page through the public/demo/index.php page
808  if (!empty($dolibarr_main_demo) && $_SERVER['PHP_SELF'] == DOL_URL_ROOT.'/index.php') { // We ask index page
809  if (empty($_SERVER['HTTP_REFERER']) || !preg_match('/public/', $_SERVER['HTTP_REFERER'])) {
810  dol_syslog("Call index page from another url than demo page (call is done from page ".(empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFER']).")");
811  $url = '';
812  $url .= ($url ? '&' : '').($dol_hide_topmenu ? 'dol_hide_topmenu='.$dol_hide_topmenu : '');
813  $url .= ($url ? '&' : '').($dol_hide_leftmenu ? 'dol_hide_leftmenu='.$dol_hide_leftmenu : '');
814  $url .= ($url ? '&' : '').($dol_optimize_smallscreen ? 'dol_optimize_smallscreen='.$dol_optimize_smallscreen : '');
815  $url .= ($url ? '&' : '').($dol_no_mouse_hover ? 'dol_no_mouse_hover='.$dol_no_mouse_hover : '');
816  $url .= ($url ? '&' : '').($dol_use_jmobile ? 'dol_use_jmobile='.$dol_use_jmobile : '');
817  $url = DOL_URL_ROOT.'/public/demo/index.php'.($url ? '?'.$url : '');
818  header("Location: ".$url);
819  exit;
820  }
821  }
822 
823  // Hooks for security access
824  $action = '';
825  $hookmanager->initHooks(array('login'));
826  $parameters = array();
827  $reshook = $hookmanager->executeHooks('beforeLoginAuthentication', $parameters, $user, $action); // Note that $action and $object may have been modified by some hooks
828  if ($reshook < 0) {
829  $test = false;
830  $error++;
831  }
832 
833  // Verification security graphic code
834  if ($test && GETPOST("username", "alpha", 2) && getDolGlobalString('MAIN_SECURITY_ENABLECAPTCHA') && !isset($_SESSION['dol_bypass_antispam'])) {
835  $sessionkey = 'dol_antispam_value';
836  $ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) === strtolower(GETPOST('code', 'restricthtml'))));
837 
838  // Check code
839  if (!$ok) {
840  dol_syslog('Bad value for code, connection refused', LOG_NOTICE);
841  // Load translation files required by page
842  $langs->loadLangs(array('main', 'errors'));
843 
844  $_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorBadValueForCode");
845  $test = false;
846 
847  // Call trigger for the "security events" log
848  $user->context['audit'] = 'ErrorBadValueForCode - login='.GETPOST("username", "alpha", 2);
849 
850  // Call trigger
851  $result = $user->call_trigger('USER_LOGIN_FAILED', $user);
852  if ($result < 0) {
853  $error++;
854  }
855  // End call triggers
856 
857  // Hooks on failed login
858  $action = '';
859  $hookmanager->initHooks(array('login'));
860  $parameters = array('dol_authmode' => $authmode, 'dol_loginmesg' => $_SESSION["dol_loginmesg"]);
861  $reshook = $hookmanager->executeHooks('afterLoginFailed', $parameters, $user, $action); // Note that $action and $object may have been modified by some hooks
862  if ($reshook < 0) {
863  $error++;
864  }
865 
866  // Note: exit is done later
867  }
868  }
869 
870  $allowedmethodtopostusername = 3;
871  if (defined('MAIN_AUTHENTICATION_POST_METHOD')) {
872  $allowedmethodtopostusername = constant('MAIN_AUTHENTICATION_POST_METHOD'); // Note a value of 2 is not compatible with some authentication methods that put username as GET parameter
873  }
874  // TODO Remove use of $_COOKIE['login_dolibarr'] ? Replace $usertotest = with $usertotest = GETPOST("username", "alpha", $allowedmethodtopostusername);
875  $usertotest = (!empty($_COOKIE['login_dolibarr']) ? preg_replace('/[^a-zA-Z0-9_@\-\.]/', '', $_COOKIE['login_dolibarr']) : GETPOST("username", "alpha", $allowedmethodtopostusername));
876  $passwordtotest = GETPOST('password', 'none', $allowedmethodtopostusername);
877  $entitytotest = (GETPOSTINT('entity') ? GETPOSTINT('entity') : (!empty($conf->entity) ? $conf->entity : 1));
878 
879  // Define if we received the correct data to go into the test of the login with the checkLoginPassEntity().
880  $goontestloop = false;
881  if (isset($_SERVER["REMOTE_USER"]) && in_array('http', $authmode)) { // For http basic login test
882  $goontestloop = true;
883  }
884  if ($dolibarr_main_authentication == 'forceuser' && !empty($dolibarr_auto_user)) { // For automatic login with a forced user
885  $goontestloop = true;
886  }
887  if (GETPOST("username", "alpha", $allowedmethodtopostusername)) { // For posting the login form
888  $goontestloop = true;
889  }
890  if (GETPOST('openid_mode', 'alpha', 1)) { // For openid_connect ?
891  $goontestloop = true;
892  }
893  if (GETPOST('beforeoauthloginredirect') || GETPOST('afteroauthloginreturn')) { // For oauth login
894  $goontestloop = true;
895  }
896  if (!empty($_COOKIE['login_dolibarr'])) { // TODO For ? Remove this ?
897  $goontestloop = true;
898  }
899 
900  if (!is_object($langs)) { // This can occurs when calling page with NOREQUIRETRAN defined, however we need langs for error messages.
901  include_once DOL_DOCUMENT_ROOT.'/core/class/translate.class.php';
902  $langs = new Translate("", $conf);
903  $langcode = (GETPOST('lang', 'aZ09', 1) ? GETPOST('lang', 'aZ09', 1) : getDolGlobalString('MAIN_LANG_DEFAULT', 'auto'));
904  if (defined('MAIN_LANG_DEFAULT')) {
905  $langcode = constant('MAIN_LANG_DEFAULT');
906  }
907  $langs->setDefaultLang($langcode);
908  }
909 
910  // Validation of login/pass/entity
911  // If ok, the variable login will be returned
912  // If error, we will put error message in session under the name dol_loginmesg
913  if ($test && $goontestloop && (GETPOST('actionlogin', 'aZ09') == 'login' || $dolibarr_main_authentication != 'dolibarr')) {
914  // Loop on each test mode defined into $authmode
915  // $authmode is an array for example: array('0'=>'dolibarr', '1'=>'googleoauth');
916  $oauthmodetotestarray = array('google');
917  foreach ($oauthmodetotestarray as $oauthmodetotest) {
918  if (in_array($oauthmodetotest.'oauth', $authmode)) { // This is an authmode that is currently qualified. Do we have to remove it ?
919  // If we click on the link to use OAuth authentication or if we goes after callback return, we do nothing
920  if (GETPOST('beforeoauthloginredirect') == $oauthmodetotest || GETPOST('afteroauthloginreturn')) {
921  // TODO Use: if (GETPOST('beforeoauthloginredirect') == $oauthmodetotest || GETPOST('afteroauthloginreturn') == $oauthmodetotest) {
922  continue;
923  }
924  dol_syslog("User did not click on link for OAuth or is not on the OAuth return, so we disable check using ".$oauthmodetotest);
925  foreach ($authmode as $tmpkey => $tmpval) {
926  if ($tmpval == $oauthmodetotest.'oauth') {
927  unset($authmode[$tmpkey]);
928  break;
929  }
930  }
931  }
932  }
933 
934  // Check login for all qualified modes in array $authmode.
935  $login = checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode);
936  if ($login === '--bad-login-validity--') {
937  $login = '';
938  }
939 
940  $dol_authmode = '';
941 
942  if ($login) {
943  $dol_authmode = $conf->authmode; // This properties is defined only when logged, to say what mode was successfully used
944  $dol_tz = empty($_POST["tz"]) ? (empty($_SESSION["tz"]) ? '' : $_SESSION["tz"]) : $_POST["tz"];
945  $dol_tz_string = empty($_POST["tz_string"]) ? (empty($_SESSION["tz_string"]) ? '' : $_SESSION["tz_string"]) : $_POST["tz_string"];
946  $dol_tz_string = preg_replace('/\s*\‍(.+\‍)$/', '', $dol_tz_string);
947  $dol_tz_string = preg_replace('/,/', '/', $dol_tz_string);
948  $dol_tz_string = preg_replace('/\s/', '_', $dol_tz_string);
949  $dol_dst = 0;
950  // Keep $_POST here. Do not use GETPOSTISSET
951  $dol_dst_first = empty($_POST["dst_first"]) ? (empty($_SESSION["dst_first"]) ? '' : $_SESSION["dst_first"]) : $_POST["dst_first"];
952  $dol_dst_second = empty($_POST["dst_second"]) ? (empty($_SESSION["dst_second"]) ? '' : $_SESSION["dst_second"]) : $_POST["dst_second"];
953  if ($dol_dst_first && $dol_dst_second) {
954  include_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
955  $datenow = dol_now();
956  $datefirst = dol_stringtotime($dol_dst_first);
957  $datesecond = dol_stringtotime($dol_dst_second);
958  if ($datenow >= $datefirst && $datenow < $datesecond) {
959  $dol_dst = 1;
960  }
961  }
962  $dol_screenheight = empty($_POST["screenheight"]) ? (empty($_SESSION["dol_screenheight"]) ? '' : $_SESSION["dol_screenheight"]) : $_POST["screenheight"];
963  $dol_screenwidth = empty($_POST["screenwidth"]) ? (empty($_SESSION["dol_screenwidth"]) ? '' : $_SESSION["dol_screenwidth"]) : $_POST["screenwidth"];
964  //print $datefirst.'-'.$datesecond.'-'.$datenow.'-'.$dol_tz.'-'.$dol_tzstring.'-'.$dol_dst.'-'.sdol_screenheight.'-'.sdol_screenwidth; exit;
965  }
966 
967  if (!$login) {
968  dol_syslog('Bad password, connection refused (see a previous notice message for more info)', LOG_NOTICE);
969  // Load translation files required by page
970  $langs->loadLangs(array('main', 'errors'));
971 
972  // Bad password. No authmode has found a good password.
973  // We set a generic message if not defined inside function checkLoginPassEntity or subfunctions
974  if (empty($_SESSION["dol_loginmesg"])) {
975  $_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorBadLoginPassword");
976  }
977 
978  // Call trigger for the "security events" log
979  $user->context['audit'] = $langs->trans("ErrorBadLoginPassword").' - login='.GETPOST("username", "alpha", 2);
980 
981  // Call trigger
982  $result = $user->call_trigger('USER_LOGIN_FAILED', $user);
983  if ($result < 0) {
984  $error++;
985  }
986  // End call triggers
987 
988  // Hooks on failed login
989  $action = '';
990  $hookmanager->initHooks(array('login'));
991  $parameters = array('dol_authmode' => $dol_authmode, 'dol_loginmesg' => $_SESSION["dol_loginmesg"]);
992  $reshook = $hookmanager->executeHooks('afterLoginFailed', $parameters, $user, $action); // Note that $action and $object may have been modified by some hooks
993  if ($reshook < 0) {
994  $error++;
995  }
996 
997  // Note: exit is done in next chapter
998  }
999  }
1000 
1001  // End test login / passwords
1002  if (!$login || (in_array('ldap', $authmode) && empty($passwordtotest))) { // With LDAP we refused empty password because some LDAP are "opened" for anonymous access so connection is a success.
1003  // No data to test login, so we show the login page.
1004  dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." - action=".GETPOST('action', 'aZ09')." - actionlogin=".GETPOST('actionlogin', 'aZ09')." - showing the login form and exit", LOG_NOTICE);
1005  if (defined('NOREDIRECTBYMAINTOLOGIN')) {
1006  // When used with NOREDIRECTBYMAINTOLOGIN set, the http header must already be set when including the main.
1007  // See example with selectsearchbox.php. This case is reserved for the selectesearchbox.php so we can
1008  // report a message to ask to login when search ajax component is used after a timeout.
1009  //top_httphead();
1010  return 'ERROR_NOT_LOGGED';
1011  } else {
1012  if (!empty($_SERVER["HTTP_USER_AGENT"]) && $_SERVER["HTTP_USER_AGENT"] == 'securitytest') {
1013  http_response_code(401); // It makes easier to understand if session was broken during security tests
1014  }
1015  dol_loginfunction($langs, $conf, (!empty($mysoc) ? $mysoc : '')); // This include http headers
1016  }
1017  exit;
1018  }
1019 
1020  $resultFetchUser = $user->fetch('', $login, '', 1, ($entitytotest > 0 ? $entitytotest : -1)); // value for $login was retrieved previously when checking password.
1021  if ($resultFetchUser <= 0 || $user->isNotIntoValidityDateRange()) {
1022  dol_syslog('User not found or not valid, connection refused');
1023  session_destroy();
1024  session_set_cookie_params(0, '/', null, (empty($dolibarr_main_force_https) ? false : true), true); // Add tag secure and httponly on session cookie
1025  session_name($sessionname);
1027 
1028  if ($resultFetchUser == 0) {
1029  // Load translation files required by page
1030  $langs->loadLangs(array('main', 'errors'));
1031 
1032  $_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorCantLoadUserFromDolibarrDatabase", $login);
1033 
1034  $user->context['audit'] = 'ErrorCantLoadUserFromDolibarrDatabase - login='.$login;
1035  } elseif ($resultFetchUser < 0) {
1036  $_SESSION["dol_loginmesg"] = $user->error;
1037 
1038  $user->context['audit'] = $user->error;
1039  } else {
1040  // Load translation files required by the page
1041  $langs->loadLangs(array('main', 'errors'));
1042 
1043  $_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorLoginDateValidity");
1044 
1045  $user->context['audit'] = $langs->trans("ErrorLoginDateValidity").' - login='.$login;
1046  }
1047 
1048  // Call trigger
1049  $result = $user->call_trigger('USER_LOGIN_FAILED', $user);
1050  if ($result < 0) {
1051  $error++;
1052  }
1053  // End call triggers
1054 
1055 
1056  // Hooks on failed login
1057  $action = '';
1058  $hookmanager->initHooks(array('login'));
1059  $parameters = array('dol_authmode' => $dol_authmode, 'dol_loginmesg' => $_SESSION["dol_loginmesg"]);
1060  $reshook = $hookmanager->executeHooks('afterLoginFailed', $parameters, $user, $action); // Note that $action and $object may have been modified by some hooks
1061  if ($reshook < 0) {
1062  $error++;
1063  }
1064 
1065  $paramsurl = array();
1066  if (GETPOSTINT('textbrowser')) {
1067  $paramsurl[] = 'textbrowser='.GETPOSTINT('textbrowser');
1068  }
1069  if (GETPOSTINT('nojs')) {
1070  $paramsurl[] = 'nojs='.GETPOSTINT('nojs');
1071  }
1072  if (GETPOST('lang', 'aZ09')) {
1073  $paramsurl[] = 'lang='.GETPOST('lang', 'aZ09');
1074  }
1075  header('Location: '.DOL_URL_ROOT.'/index.php'.(count($paramsurl) ? '?'.implode('&', $paramsurl) : ''));
1076  exit;
1077  } else {
1078  // User is loaded, we may need to change language for him according to its choice
1079  if (!empty($user->conf->MAIN_LANG_DEFAULT)) {
1080  $langs->setDefaultLang($user->conf->MAIN_LANG_DEFAULT);
1081  }
1082  }
1083  } else {
1084  // We are already into an authenticated session
1085  $login = $_SESSION["dol_login"];
1086  $entity = isset($_SESSION["dol_entity"]) ? $_SESSION["dol_entity"] : 0;
1087  dol_syslog("- This is an already logged session. _SESSION['dol_login']=".$login." _SESSION['dol_entity']=".$entity, LOG_DEBUG);
1088 
1089  $resultFetchUser = $user->fetch('', $login, '', 1, ($entity > 0 ? $entity : -1));
1090 
1091  //var_dump(dol_print_date($user->flagdelsessionsbefore, 'dayhour', 'gmt')." ".dol_print_date($_SESSION["dol_logindate"], 'dayhour', 'gmt'));
1092 
1093  if ($resultFetchUser <= 0
1094  || ($user->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION["dol_logindate"])
1095  || ($user->status != $user::STATUS_ENABLED)
1096  || ($user->isNotIntoValidityDateRange())) {
1097  if ($resultFetchUser <= 0) {
1098  // Account has been removed after login
1099  dol_syslog("Can't load user even if session logged. _SESSION['dol_login']=".$login, LOG_WARNING);
1100  } elseif ($user->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION["dol_logindate"]) {
1101  // Session is no more valid
1102  dol_syslog("The user has a date for session invalidation = ".$user->flagdelsessionsbefore." and a session date = ".$_SESSION["dol_logindate"].". We must invalidate its sessions.");
1103  } elseif ($user->status != $user::STATUS_ENABLED) {
1104  // User is not enabled
1105  dol_syslog("The user login is disabled");
1106  } else {
1107  // User validity dates are no more valid
1108  dol_syslog("The user login has a validity between [".$user->datestartvalidity." and ".$user->dateendvalidity."], current date is ".dol_now());
1109  }
1110  session_destroy();
1111  session_set_cookie_params(0, '/', null, (empty($dolibarr_main_force_https) ? false : true), true); // Add tag secure and httponly on session cookie
1112  session_name($sessionname);
1114 
1115  if ($resultFetchUser == 0) {
1116  $langs->loadLangs(array('main', 'errors'));
1117 
1118  $_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorCantLoadUserFromDolibarrDatabase", $login);
1119 
1120  $user->context['audit'] = 'ErrorCantLoadUserFromDolibarrDatabase - login='.$login;
1121  } elseif ($resultFetchUser < 0) {
1122  $_SESSION["dol_loginmesg"] = $user->error;
1123 
1124  $user->context['audit'] = $user->error;
1125  } else {
1126  $langs->loadLangs(array('main', 'errors'));
1127 
1128  $_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorSessionInvalidatedAfterPasswordChange");
1129 
1130  $user->context['audit'] = 'ErrorUserSessionWasInvalidated - login='.$login;
1131  }
1132 
1133  // Call trigger
1134  $result = $user->call_trigger('USER_LOGIN_FAILED', $user);
1135  if ($result < 0) {
1136  $error++;
1137  }
1138  // End call triggers
1139 
1140  // Hooks on failed login
1141  $action = '';
1142  $hookmanager->initHooks(array('login'));
1143  $parameters = array('dol_authmode' => (isset($dol_authmode) ? $dol_authmode : ''), 'dol_loginmesg' => $_SESSION["dol_loginmesg"]);
1144  $reshook = $hookmanager->executeHooks('afterLoginFailed', $parameters, $user, $action); // Note that $action and $object may have been modified by some hooks
1145  if ($reshook < 0) {
1146  $error++;
1147  }
1148 
1149  $paramsurl = array();
1150  if (GETPOSTINT('textbrowser')) {
1151  $paramsurl[] = 'textbrowser='.GETPOSTINT('textbrowser');
1152  }
1153  if (GETPOSTINT('nojs')) {
1154  $paramsurl[] = 'nojs='.GETPOSTINT('nojs');
1155  }
1156  if (GETPOST('lang', 'aZ09')) {
1157  $paramsurl[] = 'lang='.GETPOST('lang', 'aZ09');
1158  }
1159 
1160  header('Location: '.DOL_URL_ROOT.'/index.php'.(count($paramsurl) ? '?'.implode('&', $paramsurl) : ''));
1161  exit;
1162  } else {
1163  // Initialize a technical object to manage hooks of page. Note that conf->hooks_modules contains an array of hook context
1164  $hookmanager->initHooks(array('main'));
1165 
1166  // Code for search criteria persistence.
1167  if (!empty($_GET['save_lastsearch_values']) && !empty($_SERVER["HTTP_REFERER"])) { // We must use $_GET here
1168  $relativepathstring = preg_replace('/\?.*$/', '', $_SERVER["HTTP_REFERER"]);
1169  $relativepathstring = preg_replace('/^https?:\/\/[^\/]*/', '', $relativepathstring); // Get full path except host server
1170  // Clean $relativepathstring
1171  if (constant('DOL_URL_ROOT')) {
1172  $relativepathstring = preg_replace('/^'.preg_quote(constant('DOL_URL_ROOT'), '/').'/', '', $relativepathstring);
1173  }
1174  $relativepathstring = preg_replace('/^\//', '', $relativepathstring);
1175  $relativepathstring = preg_replace('/^custom\//', '', $relativepathstring);
1176  //var_dump($relativepathstring);
1177 
1178  // We click on a link that leave a page we have to save search criteria, contextpage, limit and page and mode. We save them from tmp to no tmp
1179  if (!empty($_SESSION['lastsearch_values_tmp_'.$relativepathstring])) {
1180  $_SESSION['lastsearch_values_'.$relativepathstring] = $_SESSION['lastsearch_values_tmp_'.$relativepathstring];
1181  unset($_SESSION['lastsearch_values_tmp_'.$relativepathstring]);
1182  }
1183  if (!empty($_SESSION['lastsearch_contextpage_tmp_'.$relativepathstring])) {
1184  $_SESSION['lastsearch_contextpage_'.$relativepathstring] = $_SESSION['lastsearch_contextpage_tmp_'.$relativepathstring];
1185  unset($_SESSION['lastsearch_contextpage_tmp_'.$relativepathstring]);
1186  }
1187  if (!empty($_SESSION['lastsearch_limit_tmp_'.$relativepathstring]) && $_SESSION['lastsearch_limit_tmp_'.$relativepathstring] != $conf->liste_limit) {
1188  $_SESSION['lastsearch_limit_'.$relativepathstring] = $_SESSION['lastsearch_limit_tmp_'.$relativepathstring];
1189  unset($_SESSION['lastsearch_limit_tmp_'.$relativepathstring]);
1190  }
1191  if (!empty($_SESSION['lastsearch_page_tmp_'.$relativepathstring]) && $_SESSION['lastsearch_page_tmp_'.$relativepathstring] > 0) {
1192  $_SESSION['lastsearch_page_'.$relativepathstring] = $_SESSION['lastsearch_page_tmp_'.$relativepathstring];
1193  unset($_SESSION['lastsearch_page_tmp_'.$relativepathstring]);
1194  }
1195  if (!empty($_SESSION['lastsearch_mode_tmp_'.$relativepathstring])) {
1196  $_SESSION['lastsearch_mode_'.$relativepathstring] = $_SESSION['lastsearch_mode_tmp_'.$relativepathstring];
1197  unset($_SESSION['lastsearch_mode_tmp_'.$relativepathstring]);
1198  }
1199  }
1200  if (!empty($_GET['save_pageforbacktolist']) && !empty($_SERVER["HTTP_REFERER"])) { // We must use $_GET here
1201  if (empty($_SESSION['pageforbacktolist'])) {
1202  $pageforbacktolistarray = array();
1203  } else {
1204  $pageforbacktolistarray = $_SESSION['pageforbacktolist'];
1205  }
1206  $tmparray = explode(':', $_GET['save_pageforbacktolist'], 2);
1207  if (!empty($tmparray[0]) && !empty($tmparray[1])) {
1208  $pageforbacktolistarray[$tmparray[0]] = $tmparray[1];
1209  $_SESSION['pageforbacktolist'] = $pageforbacktolistarray;
1210  }
1211  }
1212 
1213  $action = '';
1214  $parameters = array();
1215  $reshook = $hookmanager->executeHooks('updateSession', $parameters, $user, $action);
1216  if ($reshook < 0) {
1217  setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
1218  }
1219  }
1220  }
1221 
1222  // Is it a new session that has started ?
1223  // If we are here, this means authentication was successful.
1224  if (!isset($_SESSION["dol_login"])) {
1225  // New session for this login has started.
1226  $error = 0;
1227 
1228  // Store value into session (values always stored)
1229  $_SESSION["dol_login"] = $user->login;
1230  $_SESSION["dol_logindate"] = dol_now('gmt');
1231  $_SESSION["dol_authmode"] = isset($dol_authmode) ? $dol_authmode : '';
1232  $_SESSION["dol_tz"] = isset($dol_tz) ? $dol_tz : '';
1233  $_SESSION["dol_tz_string"] = isset($dol_tz_string) ? $dol_tz_string : '';
1234  $_SESSION["dol_dst"] = isset($dol_dst) ? $dol_dst : '';
1235  $_SESSION["dol_dst_observed"] = isset($dol_dst_observed) ? $dol_dst_observed : '';
1236  $_SESSION["dol_dst_first"] = isset($dol_dst_first) ? $dol_dst_first : '';
1237  $_SESSION["dol_dst_second"] = isset($dol_dst_second) ? $dol_dst_second : '';
1238  $_SESSION["dol_screenwidth"] = isset($dol_screenwidth) ? $dol_screenwidth : '';
1239  $_SESSION["dol_screenheight"] = isset($dol_screenheight) ? $dol_screenheight : '';
1240  $_SESSION["dol_company"] = getDolGlobalString("MAIN_INFO_SOCIETE_NOM");
1241  $_SESSION["dol_entity"] = $conf->entity;
1242  // Store value into session (values stored only if defined)
1243  if (!empty($dol_hide_topmenu)) {
1244  $_SESSION['dol_hide_topmenu'] = $dol_hide_topmenu;
1245  }
1246  if (!empty($dol_hide_leftmenu)) {
1247  $_SESSION['dol_hide_leftmenu'] = $dol_hide_leftmenu;
1248  }
1249  if (!empty($dol_optimize_smallscreen)) {
1250  $_SESSION['dol_optimize_smallscreen'] = $dol_optimize_smallscreen;
1251  }
1252  if (!empty($dol_no_mouse_hover)) {
1253  $_SESSION['dol_no_mouse_hover'] = $dol_no_mouse_hover;
1254  }
1255  if (!empty($dol_use_jmobile)) {
1256  $_SESSION['dol_use_jmobile'] = $dol_use_jmobile;
1257  }
1258 
1259  dol_syslog("This is a new started user session. _SESSION['dol_login']=".$_SESSION["dol_login"]." Session id=".session_id());
1260 
1261  $db->begin();
1262 
1263  $user->update_last_login_date();
1264 
1265  $loginfo = 'TZ='.$_SESSION["dol_tz"].';TZString='.$_SESSION["dol_tz_string"].';Screen='.$_SESSION["dol_screenwidth"].'x'.$_SESSION["dol_screenheight"];
1266  $loginfo .= ' - authmode='.$dol_authmode.' - entity='.$conf->entity;
1267 
1268  // Call triggers for the "security events" log
1269  $user->context['audit'] = $loginfo;
1270  $user->context['authentication_method'] = $dol_authmode;
1271 
1272  // Call trigger
1273  $result = $user->call_trigger('USER_LOGIN', $user);
1274  if ($result < 0) {
1275  $error++;
1276  }
1277  // End call triggers
1278 
1279  // Hooks on successful login
1280  $action = '';
1281  $hookmanager->initHooks(array('login'));
1282  $parameters = array('dol_authmode' => $dol_authmode, 'dol_loginfo' => $loginfo);
1283  $reshook = $hookmanager->executeHooks('afterLogin', $parameters, $user, $action); // Note that $action and $object may have been modified by some hooks
1284  if ($reshook < 0) {
1285  $error++;
1286  }
1287 
1288  if ($error) {
1289  $db->rollback();
1290  session_destroy();
1291  dol_print_error($db, 'Error in some triggers USER_LOGIN or in some hooks afterLogin');
1292  exit;
1293  } else {
1294  $db->commit();
1295  }
1296 
1297  // Change landing page if defined.
1298  $landingpage = (empty($user->conf->MAIN_LANDING_PAGE) ? (!getDolGlobalString('MAIN_LANDING_PAGE') ? '' : $conf->global->MAIN_LANDING_PAGE) : $user->conf->MAIN_LANDING_PAGE);
1299  if (!empty($landingpage)) { // Example: /index.php
1300  $newpath = dol_buildpath($landingpage, 1);
1301  if ($_SERVER["PHP_SELF"] != $newpath) { // not already on landing page (avoid infinite loop)
1302  header('Location: '.$newpath);
1303  exit;
1304  }
1305  }
1306  }
1307 
1308 
1309  // If user admin, we force the rights-based modules
1310  if ($user->admin) {
1311  $user->rights->user->user->lire = 1;
1312  $user->rights->user->user->creer = 1;
1313  $user->rights->user->user->password = 1;
1314  $user->rights->user->user->supprimer = 1;
1315  $user->rights->user->self->creer = 1;
1316  $user->rights->user->self->password = 1;
1317 
1318  //Required if advanced permissions are used with MAIN_USE_ADVANCED_PERMS
1319  if (getDolGlobalString('MAIN_USE_ADVANCED_PERMS')) {
1320  if (!$user->hasRight('user', 'user_advance')) {
1321  $user->rights->user->user_advance = new stdClass(); // To avoid warnings
1322  }
1323  if (!$user->hasRight('user', 'self_advance')) {
1324  $user->rights->user->self_advance = new stdClass(); // To avoid warnings
1325  }
1326  if (!$user->hasRight('user', 'group_advance')) {
1327  $user->rights->user->group_advance = new stdClass(); // To avoid warnings
1328  }
1329 
1330  $user->rights->user->user_advance->readperms = 1;
1331  $user->rights->user->user_advance->write = 1;
1332  $user->rights->user->self_advance->readperms = 1;
1333  $user->rights->user->self_advance->writeperms = 1;
1334  $user->rights->user->group_advance->read = 1;
1335  $user->rights->user->group_advance->readperms = 1;
1336  $user->rights->user->group_advance->write = 1;
1337  $user->rights->user->group_advance->delete = 1;
1338  }
1339  }
1340 
1341  /*
1342  * Overwrite some configs globals (try to avoid this and have code to use instead $user->conf->xxx)
1343  */
1344 
1345  // Set liste_limit
1346  if (isset($user->conf->MAIN_SIZE_LISTE_LIMIT)) {
1347  $conf->liste_limit = $user->conf->MAIN_SIZE_LISTE_LIMIT; // Can be 0
1348  }
1349  if (isset($user->conf->PRODUIT_LIMIT_SIZE)) {
1350  $conf->product->limit_size = $user->conf->PRODUIT_LIMIT_SIZE; // Can be 0
1351  }
1352 
1353  // Replace conf->css by personalized value if theme not forced
1354  if (!getDolGlobalString('MAIN_FORCETHEME') && !empty($user->conf->MAIN_THEME)) {
1355  $conf->theme = $user->conf->MAIN_THEME;
1356  $conf->css = "/theme/".$conf->theme."/style.css.php";
1357  }
1358 } else {
1359  // We may have NOLOGIN set, but NOREQUIREUSER not
1360  if (!empty($user) && method_exists($user, 'loadDefaultValues') && !defined('NODEFAULTVALUES')) {
1361  $user->loadDefaultValues(); // Load default values for everybody (works even if $user->id = 0
1362  }
1363 }
1364 
1365 
1366 // Case forcing style from url
1367 if (GETPOST('theme', 'aZ09')) {
1368  $conf->theme = GETPOST('theme', 'aZ09', 1);
1369  $conf->css = "/theme/".$conf->theme."/style.css.php";
1370 }
1371 
1372 // Set javascript option
1373 if (GETPOSTINT('nojs')) { // If javascript was not disabled on URL
1374  $conf->use_javascript_ajax = 0;
1375 } else {
1376  if (!empty($user->conf->MAIN_DISABLE_JAVASCRIPT)) {
1377  $conf->use_javascript_ajax = !$user->conf->MAIN_DISABLE_JAVASCRIPT;
1378  }
1379 }
1380 
1381 // Set MAIN_OPTIMIZEFORTEXTBROWSER for user (must be after login part)
1382 if (!getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER') && !empty($user->conf->MAIN_OPTIMIZEFORTEXTBROWSER)) {
1383  $conf->global->MAIN_OPTIMIZEFORTEXTBROWSER = $user->conf->MAIN_OPTIMIZEFORTEXTBROWSER;
1384  if (getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER') == 1) {
1385  $conf->global->THEME_TOPMENU_DISABLE_IMAGE = 1;
1386  }
1387 }
1388 //var_dump($conf->global->THEME_TOPMENU_DISABLE_IMAGE);
1389 //var_dump($user->conf->THEME_TOPMENU_DISABLE_IMAGE);
1390 
1391 // set MAIN_OPTIMIZEFORCOLORBLIND for user
1392 $conf->global->MAIN_OPTIMIZEFORCOLORBLIND = empty($user->conf->MAIN_OPTIMIZEFORCOLORBLIND) ? '' : $user->conf->MAIN_OPTIMIZEFORCOLORBLIND;
1393 
1394 // Set terminal output option according to conf->browser.
1395 if (GETPOSTINT('dol_hide_leftmenu') || !empty($_SESSION['dol_hide_leftmenu'])) {
1396  $conf->dol_hide_leftmenu = 1;
1397 }
1398 if (GETPOSTINT('dol_hide_topmenu') || !empty($_SESSION['dol_hide_topmenu'])) {
1399  $conf->dol_hide_topmenu = 1;
1400 }
1401 if (GETPOSTINT('dol_optimize_smallscreen') || !empty($_SESSION['dol_optimize_smallscreen'])) {
1402  $conf->dol_optimize_smallscreen = 1;
1403 }
1404 if (GETPOSTINT('dol_no_mouse_hover') || !empty($_SESSION['dol_no_mouse_hover'])) {
1405  $conf->dol_no_mouse_hover = 1;
1406 }
1407 if (GETPOSTINT('dol_use_jmobile') || !empty($_SESSION['dol_use_jmobile'])) {
1408  $conf->dol_use_jmobile = 1;
1409 }
1410 // If not on Desktop
1411 if (!empty($conf->browser->layout) && $conf->browser->layout != 'classic') {
1412  $conf->dol_no_mouse_hover = 1;
1413 }
1414 
1415 // If on smartphone or optimized for small screen
1416 if ((!empty($conf->browser->layout) && $conf->browser->layout == 'phone')
1417  || (!empty($_SESSION['dol_screenwidth']) && $_SESSION['dol_screenwidth'] < 400)
1418  || (!empty($_SESSION['dol_screenheight']) && $_SESSION['dol_screenheight'] < 400
1419  || getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER'))
1420 ) {
1421  $conf->dol_optimize_smallscreen = 1;
1422 
1423  if (getDolGlobalInt('PRODUIT_DESC_IN_FORM') == 1) {
1424  $conf->global->PRODUIT_DESC_IN_FORM_ACCORDING_TO_DEVICE = 0;
1425  }
1426 }
1427 // Replace themes bugged with jmobile with eldy
1428 if (!empty($conf->dol_use_jmobile) && in_array($conf->theme, array('bureau2crea', 'cameleo', 'amarok'))) {
1429  $conf->theme = 'eldy';
1430  $conf->css = "/theme/".$conf->theme."/style.css.php";
1431 }
1432 
1433 if (!defined('NOREQUIRETRAN')) {
1434  if (!GETPOST('lang', 'aZ09')) { // If language was not forced on URL
1435  // If user has chosen its own language
1436  if (!empty($user->conf->MAIN_LANG_DEFAULT)) {
1437  // If different than current language
1438  //print ">>>".$langs->getDefaultLang()."-".$user->conf->MAIN_LANG_DEFAULT;
1439  if ($langs->getDefaultLang() != $user->conf->MAIN_LANG_DEFAULT) {
1440  $langs->setDefaultLang($user->conf->MAIN_LANG_DEFAULT);
1441  }
1442  }
1443  }
1444 }
1445 
1446 if (!defined('NOLOGIN')) {
1447  // If the login is not recovered, it is identified with an account that does not exist.
1448  // Hacking attempt?
1449  if (!$user->login) {
1450  accessforbidden();
1451  }
1452 
1453  // Check if user is active
1454  if ($user->statut < 1) {
1455  // If not active, we refuse the user
1456  $langs->loadLangs(array("errors", "other"));
1457  dol_syslog("Authentication KO as login is disabled", LOG_NOTICE);
1458  accessforbidden("ErrorLoginDisabled");
1459  }
1460 
1461  // Load permissions
1462  $user->getrights();
1463 }
1464 
1465 dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"].' - action='.GETPOST('action', 'aZ09').', massaction='.GETPOST('massaction', 'aZ09').(defined('NOTOKENRENEWAL') ? ' NOTOKENRENEWAL='.constant('NOTOKENRENEWAL') : ''), LOG_NOTICE);
1466 //Another call for easy debug
1467 //dol_syslog("Access to ".$_SERVER["PHP_SELF"].' '.$_SERVER["HTTP_REFERER"].' GET='.join(',',array_keys($_GET)).'->'.join(',',$_GET).' POST:'.join(',',array_keys($_POST)).'->'.join(',',$_POST));
1468 
1469 // Load main languages files
1470 if (!defined('NOREQUIRETRAN')) {
1471  // Load translation files required by page
1472  $langs->loadLangs(array('main', 'dict'));
1473 }
1474 
1475 // Define some constants used for style of arrays
1476 $bc = array(0 => 'class="impair"', 1 => 'class="pair"');
1477 $bcdd = array(0 => 'class="drag drop oddeven"', 1 => 'class="drag drop oddeven"');
1478 $bcnd = array(0 => 'class="nodrag nodrop nohover"', 1 => 'class="nodrag nodrop nohoverpair"'); // Used for tr to add new lines
1479 $bctag = array(0 => 'class="impair tagtr"', 1 => 'class="pair tagtr"');
1480 
1481 // Define messages variables
1482 $mesg = '';
1483 $warning = '';
1484 $error = 0;
1485 // deprecated, see setEventMessages() and dol_htmloutput_events()
1486 $mesgs = array();
1487 $warnings = array();
1488 $errors = array();
1489 
1490 // Constants used to defined number of lines in textarea
1491 if (empty($conf->browser->firefox)) {
1492  define('ROWS_1', 1);
1493  define('ROWS_2', 2);
1494  define('ROWS_3', 3);
1495  define('ROWS_4', 4);
1496  define('ROWS_5', 5);
1497  define('ROWS_6', 6);
1498  define('ROWS_7', 7);
1499  define('ROWS_8', 8);
1500  define('ROWS_9', 9);
1501 } else {
1502  define('ROWS_1', 0);
1503  define('ROWS_2', 1);
1504  define('ROWS_3', 2);
1505  define('ROWS_4', 3);
1506  define('ROWS_5', 4);
1507  define('ROWS_6', 5);
1508  define('ROWS_7', 6);
1509  define('ROWS_8', 7);
1510  define('ROWS_9', 8);
1511 }
1512 
1513 $heightforframes = 50;
1514 
1515 // Init menu manager
1516 if (!defined('NOREQUIREMENU')) {
1517  if (empty($user->socid)) { // If internal user or not defined
1518  $conf->standard_menu = (!getDolGlobalString('MAIN_MENU_STANDARD_FORCED') ? (!getDolGlobalString('MAIN_MENU_STANDARD') ? 'eldy_menu.php' : $conf->global->MAIN_MENU_STANDARD) : $conf->global->MAIN_MENU_STANDARD_FORCED);
1519  } else {
1520  // If external user
1521  $conf->standard_menu = (!getDolGlobalString('MAIN_MENUFRONT_STANDARD_FORCED') ? (!getDolGlobalString('MAIN_MENUFRONT_STANDARD') ? 'eldy_menu.php' : $conf->global->MAIN_MENUFRONT_STANDARD) : $conf->global->MAIN_MENUFRONT_STANDARD_FORCED);
1522  }
1523 
1524  // Load the menu manager (only if not already done)
1525  $file_menu = $conf->standard_menu;
1526  if (GETPOST('menu', 'alpha')) {
1527  $file_menu = GETPOST('menu', 'alpha'); // example: menu=eldy_menu.php
1528  }
1529  if (!class_exists('MenuManager')) {
1530  $menufound = 0;
1531  $dirmenus = array_merge(array("/core/menus/"), (array) $conf->modules_parts['menus']);
1532  foreach ($dirmenus as $dirmenu) {
1533  $menufound = dol_include_once($dirmenu."standard/".$file_menu);
1534  if (class_exists('MenuManager')) {
1535  break;
1536  }
1537  }
1538  if (!class_exists('MenuManager')) { // If failed to include, we try with standard eldy_menu.php
1539  dol_syslog("You define a menu manager '".$file_menu."' that can not be loaded.", LOG_WARNING);
1540  $file_menu = 'eldy_menu.php';
1541  include_once DOL_DOCUMENT_ROOT."/core/menus/standard/".$file_menu;
1542  }
1543  }
1544  $menumanager = new MenuManager($db, empty($user->socid) ? 0 : 1);
1545  $menumanager->loadMenu();
1546 }
1547 
1548 if (!empty(GETPOST('seteventmessages', 'alpha'))) {
1549  $message = GETPOST('seteventmessages', 'alpha');
1550  $messages = explode(',', $message);
1551  foreach ($messages as $key => $msg) {
1552  $tmp = explode(':', $msg);
1553  setEventMessages($tmp[0], null, !empty($tmp[1]) ? $tmp[1] : 'mesgs');
1554  }
1555 }
1556 
1557 // Functions
1558 
1559 if (!function_exists("llxHeader")) {
1580  function llxHeader($head = '', $title = '', $help_url = '', $target = '', $disablejs = 0, $disablehead = 0, $arrayofjs = '', $arrayofcss = '', $morequerystring = '', $morecssonbody = '', $replacemainareaby = '', $disablenofollow = 0, $disablenoindex = 0)
1581  {
1582  global $conf, $hookmanager;
1583 
1584  $parameters = array(
1585  'head' => & $head,
1586  'title' => & $title,
1587  'help_url' => & $help_url,
1588  'target' => & $target,
1589  'disablejs' => & $disablejs,
1590  'disablehead' => & $disablehead,
1591  'arrayofjs' => & $arrayofjs,
1592  'arrayofcss' => & $arrayofcss,
1593  'morequerystring' => & $morequerystring,
1594  'morecssonbody' => & $morecssonbody,
1595  'replacemainareaby' => & $replacemainareaby,
1596  'disablenofollow' => & $disablenofollow,
1597  'disablenoindex' => & $disablenoindex
1598 
1599  );
1600  $reshook = $hookmanager->executeHooks('llxHeader', $parameters);
1601  if ($reshook > 0) {
1602  print $hookmanager->resPrint;
1603  return;
1604  }
1605 
1606  // html header
1607  top_htmlhead($head, $title, $disablejs, $disablehead, $arrayofjs, $arrayofcss, 0, $disablenofollow, $disablenoindex);
1608 
1609  $tmpcsstouse = 'sidebar-collapse'.($morecssonbody ? ' '.$morecssonbody : '');
1610  // If theme MD and classic layer, we open the menulayer by default.
1611  if ($conf->theme == 'md' && !in_array($conf->browser->layout, array('phone', 'tablet')) && !getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {
1612  global $mainmenu;
1613  if ($mainmenu != 'website') {
1614  $tmpcsstouse = $morecssonbody; // We do not use sidebar-collpase by default to have menuhider open by default.
1615  }
1616  }
1617 
1618  if (getDolGlobalString('MAIN_OPTIMIZEFORCOLORBLIND')) {
1619  $tmpcsstouse .= ' colorblind-'.strip_tags($conf->global->MAIN_OPTIMIZEFORCOLORBLIND);
1620  }
1621 
1622  print '<body id="mainbody" class="'.$tmpcsstouse.'">'."\n";
1623 
1624  // top menu and left menu area
1625  if ((empty($conf->dol_hide_topmenu) || GETPOSTINT('dol_invisible_topmenu')) && !GETPOSTINT('dol_openinpopup')) {
1626  top_menu($head, $title, $target, $disablejs, $disablehead, $arrayofjs, $arrayofcss, $morequerystring, $help_url);
1627  }
1628 
1629  if (empty($conf->dol_hide_leftmenu) && !GETPOST('dol_openinpopup', 'aZ09')) {
1630  left_menu(array(), $help_url, '', '', 1, $title, 1); // $menumanager is retrieved with a global $menumanager inside this function
1631  }
1632 
1633  // main area
1634  if ($replacemainareaby) {
1635  print $replacemainareaby;
1636  return;
1637  }
1638  main_area($title);
1639  }
1640 }
1641 
1642 
1650 function top_httphead($contenttype = 'text/html', $forcenocache = 0)
1651 {
1652  global $db, $conf, $hookmanager;
1653 
1654  if ($contenttype == 'text/html') {
1655  header("Content-Type: text/html; charset=".$conf->file->character_set_client);
1656  } else {
1657  header("Content-Type: ".$contenttype);
1658  }
1659 
1660  // Security options
1661 
1662  // X-Content-Type-Options
1663  header("X-Content-Type-Options: nosniff"); // With the nosniff option, if the server says the content is text/html, the browser will render it as text/html (note that most browsers now force this option to on)
1664 
1665  // X-Frame-Options
1666  if (!defined('XFRAMEOPTIONS_ALLOWALL')) {
1667  header("X-Frame-Options: SAMEORIGIN"); // By default, frames allowed only if on same domain (stop some XSS attacks)
1668  } else {
1669  header("X-Frame-Options: ALLOWALL");
1670  }
1671 
1672  if (getDolGlobalString('MAIN_SECURITY_FORCE_ACCESS_CONTROL_ALLOW_ORIGIN')) {
1673  $tmpurl = constant('DOL_MAIN_URL_ROOT');
1674  $tmpurl = preg_replace('/^(https?:\/\/[^\/]+)\/.*$/', '\1', $tmpurl);
1675  header('Access-Control-Allow-Origin: '.$tmpurl);
1676  header('Vary: Origin');
1677  }
1678 
1679  // X-XSS-Protection
1680  //header("X-XSS-Protection: 1"); // XSS filtering protection of some browsers (note: use of Content-Security-Policy is more efficient). Disabled as deprecated.
1681 
1682  // Content-Security-Policy-Report-Only
1683  if (!defined('MAIN_SECURITY_FORCECSPRO')) {
1684  // If CSP not forced from the page
1685 
1686  // A default security policy that keep usage of js external component like ckeditor, stripe, google, working
1687  // For example: to restrict to only local resources, except for css (cloudflare+google), and js (transifex + google tags) and object/iframe (youtube)
1688  // default-src 'self'; style-src: https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src: https://cdn.transifex.com https://www.googletagmanager.com; object-src https://youtube.com; frame-src https://youtube.com; img-src: *;
1689  // For example, to restrict everything to itself except img that can be on other servers:
1690  // default-src 'self'; img-src *;
1691  // Pre-existing site that uses too much js code to fix but wants to ensure resources are loaded only over https and disable plugins:
1692  // default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'
1693  //
1694  // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;";
1695  // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';";
1696  $contentsecuritypolicy = getDolGlobalString('MAIN_SECURITY_FORCECSPRO');
1697 
1698  if (!is_object($hookmanager)) {
1699  include_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php';
1700  $hookmanager = new HookManager($db);
1701  }
1702  $hookmanager->initHooks(array("main"));
1703 
1704  $parameters = array('contentsecuritypolicy' => $contentsecuritypolicy, 'mode' => 'reportonly');
1705  $result = $hookmanager->executeHooks('setContentSecurityPolicy', $parameters); // Note that $action and $object may have been modified by some hooks
1706  if ($result > 0) {
1707  $contentsecuritypolicy = $hookmanager->resPrint; // Replace CSP
1708  } else {
1709  $contentsecuritypolicy .= $hookmanager->resPrint; // Concat CSP
1710  }
1711 
1712  if (!empty($contentsecuritypolicy)) {
1713  header("Content-Security-Policy-Report-Only: ".$contentsecuritypolicy);
1714  }
1715  } else {
1716  header("Content-Security-Policy: ".constant('MAIN_SECURITY_FORCECSPRO'));
1717  }
1718 
1719  // Content-Security-Policy
1720  if (!defined('MAIN_SECURITY_FORCECSP')) {
1721  // If CSP not forced from the page
1722 
1723  // A default security policy that keep usage of js external component like ckeditor, stripe, google, working
1724  // For example: to restrict to only local resources, except for css (cloudflare+google), and js (transifex + google tags) and object/iframe (youtube)
1725  // default-src 'self'; style-src: https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src: https://cdn.transifex.com https://www.googletagmanager.com; object-src https://youtube.com; frame-src https://youtube.com; img-src: *;
1726  // For example, to restrict everything to itself except img that can be on other servers:
1727  // default-src 'self'; img-src *;
1728  // Pre-existing site that uses too much js code to fix but wants to ensure resources are loaded only over https and disable plugins:
1729  // default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'
1730  //
1731  // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;";
1732  // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';";
1733  $contentsecuritypolicy = getDolGlobalString('MAIN_SECURITY_FORCECSP');
1734 
1735  if (!is_object($hookmanager)) {
1736  include_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php';
1737  $hookmanager = new HookManager($db);
1738  }
1739  $hookmanager->initHooks(array("main"));
1740 
1741  $parameters = array('contentsecuritypolicy' => $contentsecuritypolicy, 'mode' => 'active');
1742  $result = $hookmanager->executeHooks('setContentSecurityPolicy', $parameters); // Note that $action and $object may have been modified by some hooks
1743  if ($result > 0) {
1744  $contentsecuritypolicy = $hookmanager->resPrint; // Replace CSP
1745  } else {
1746  $contentsecuritypolicy .= $hookmanager->resPrint; // Concat CSP
1747  }
1748 
1749  if (!empty($contentsecuritypolicy)) {
1750  header("Content-Security-Policy: ".$contentsecuritypolicy);
1751  }
1752  } else {
1753  header("Content-Security-Policy: ".constant('MAIN_SECURITY_FORCECSP'));
1754  }
1755 
1756  // Referrer-Policy
1757  // Say if we must provide the referrer when we jump onto another web page.
1758  // Default browser are 'strict-origin-when-cross-origin' (only domain is sent on other domain switching), we want more so we use 'same-origin' so browser doesn't send any referrer at all when going into another web site domain.
1759  // Note that we do not use 'strict-origin' as this breaks feature to restore filters when clicking on "back to page" link on some cases.
1760  if (!defined('MAIN_SECURITY_FORCERP')) {
1761  $referrerpolicy = getDolGlobalString('MAIN_SECURITY_FORCERP', "same-origin");
1762 
1763  header("Referrer-Policy: ".$referrerpolicy);
1764  }
1765 
1766  if ($forcenocache) {
1767  header("Cache-Control: no-cache, no-store, must-revalidate, max-age=0");
1768  }
1769 
1770  // No need to add this token in header, we use instead the one into the forms.
1771  //header("anti-csrf-token: ".newToken());
1772 }
1773 
1789 function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arrayofjs = array(), $arrayofcss = array(), $disableforlogin = 0, $disablenofollow = 0, $disablenoindex = 0)
1790 {
1791  global $db, $conf, $langs, $user, $mysoc, $hookmanager;
1792 
1793  top_httphead();
1794 
1795  if (empty($conf->css)) {
1796  $conf->css = '/theme/eldy/style.css.php'; // If not defined, eldy by default
1797  }
1798 
1799  print '<!doctype html>'."\n";
1800 
1801  print '<html lang="'.substr($langs->defaultlang, 0, 2).'">'."\n";
1802 
1803  //print '<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr">'."\n";
1804  if (empty($disablehead)) {
1805  if (!is_object($hookmanager)) {
1806  include_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php';
1807  $hookmanager = new HookManager($db);
1808  }
1809  $hookmanager->initHooks(array("main"));
1810 
1811  $ext = 'layout='.(empty($conf->browser->layout) ? '' : $conf->browser->layout).'&amp;version='.urlencode(DOL_VERSION);
1812 
1813  print "<head>\n";
1814 
1815  if (GETPOST('dol_basehref', 'alpha')) {
1816  print '<base href="'.dol_escape_htmltag(GETPOST('dol_basehref', 'alpha')).'">'."\n";
1817  }
1818 
1819  // Displays meta
1820  print '<meta charset="utf-8">'."\n";
1821  print '<meta name="robots" content="'.($disablenoindex ? 'index' : 'noindex').($disablenofollow ? ',follow' : ',nofollow').'">'."\n"; // Do not index
1822  print '<meta name="viewport" content="width=device-width, initial-scale=1.0">'."\n"; // Scale for mobile device
1823  print '<meta name="author" content="Dolibarr Development Team">'."\n";
1824  print '<meta name="anti-csrf-newtoken" content="'.newToken().'">'."\n";
1825  print '<meta name="anti-csrf-currenttoken" content="'.currentToken().'">'."\n";
1826  if (getDolGlobalInt('MAIN_FEATURES_LEVEL')) {
1827  print '<meta name="MAIN_FEATURES_LEVEL" content="'.getDolGlobalInt('MAIN_FEATURES_LEVEL').'">'."\n";
1828  }
1829  // Favicon
1830  $favicon = DOL_URL_ROOT.'/theme/dolibarr_256x256_color.png';
1831  if (!empty($mysoc->logo_squarred_mini)) {
1832  $favicon = DOL_URL_ROOT.'/viewimage.php?cache=1&modulepart=mycompany&file='.urlencode('logos/thumbs/'.$mysoc->logo_squarred_mini);
1833  }
1834  if (getDolGlobalString('MAIN_FAVICON_URL')) {
1835  $favicon = getDolGlobalString('MAIN_FAVICON_URL');
1836  }
1837  if (empty($conf->dol_use_jmobile)) {
1838  print '<link rel="shortcut icon" type="image/x-icon" href="'.$favicon.'"/>'."\n"; // Not required into an Android webview
1839  }
1840 
1841  // Mobile appli like icon
1842  $manifest = DOL_URL_ROOT.'/theme/'.$conf->theme.'/manifest.json.php';
1843  $parameters = array('manifest' => $manifest);
1844  $resHook = $hookmanager->executeHooks('hookSetManifest', $parameters); // Note that $action and $object may have been modified by some hooks
1845  if ($resHook > 0) {
1846  $manifest = $hookmanager->resPrint; // Replace manifest.json
1847  } else {
1848  $manifest .= $hookmanager->resPrint; // Concat to actual manifest declaration
1849  }
1850  if (!empty($manifest)) {
1851  print '<link rel="manifest" href="'.$manifest.'" />'."\n";
1852  }
1853 
1854  if (getDolGlobalString('THEME_ELDY_TOPMENU_BACK1')) {
1855  // TODO: use auto theme color switch
1856  print '<meta name="theme-color" content="rgb(' . getDolGlobalString('THEME_ELDY_TOPMENU_BACK1').')">'."\n";
1857  }
1858 
1859  // Auto refresh page
1860  if (GETPOSTINT('autorefresh') > 0) {
1861  print '<meta http-equiv="refresh" content="'.GETPOSTINT('autorefresh').'">';
1862  }
1863 
1864  // Displays title
1865  $appli = constant('DOL_APPLICATION_TITLE');
1866  if (getDolGlobalString('MAIN_APPLICATION_TITLE')) {
1867  $appli = getDolGlobalString('MAIN_APPLICATION_TITLE');
1868  }
1869 
1870  print '<title>';
1871  $titletoshow = '';
1872  if ($title && preg_match('/showapp/', getDolGlobalString('MAIN_HTML_TITLE'))) {
1873  $titletoshow = dol_htmlentities($appli.' - '.$title);
1874  } elseif ($title) {
1875  $titletoshow = dol_htmlentities($title);
1876  } else {
1877  $titletoshow = dol_htmlentities($appli);
1878  }
1879 
1880  $parameters = array('title' => $titletoshow);
1881  $result = $hookmanager->executeHooks('setHtmlTitle', $parameters); // Note that $action and $object may have been modified by some hooks
1882  if ($result > 0) {
1883  $titletoshow = $hookmanager->resPrint; // Replace Title to show
1884  } else {
1885  $titletoshow .= $hookmanager->resPrint; // Concat to Title to show
1886  }
1887 
1888  print $titletoshow;
1889  print '</title>';
1890 
1891  print "\n";
1892 
1893  if (GETPOSTINT('version')) {
1894  $ext = 'version='.GETPOSTINT('version'); // useful to force no cache on css/js
1895  }
1896  // Refresh value of MAIN_IHM_PARAMS_REV before forging the parameter line.
1897  if (GETPOST('dol_resetcache')) {
1898  dolibarr_set_const($db, "MAIN_IHM_PARAMS_REV", getDolGlobalInt('MAIN_IHM_PARAMS_REV') + 1, 'chaine', 0, '', $conf->entity);
1899  }
1900 
1901  $themeparam = '?lang='.$langs->defaultlang.'&amp;theme='.$conf->theme.(GETPOST('optioncss', 'aZ09') ? '&amp;optioncss='.GETPOST('optioncss', 'aZ09', 1) : '').(empty($user->id) ? '' : ('&amp;userid='.$user->id)).'&amp;entity='.$conf->entity;
1902 
1903  $themeparam .= ($ext ? '&amp;'.$ext : '').'&amp;revision='.getDolGlobalInt("MAIN_IHM_PARAMS_REV");
1904  if (GETPOSTISSET('dol_hide_topmenu')) {
1905  $themeparam .= '&amp;dol_hide_topmenu='.GETPOSTINT('dol_hide_topmenu');
1906  }
1907  if (GETPOSTISSET('dol_hide_leftmenu')) {
1908  $themeparam .= '&amp;dol_hide_leftmenu='.GETPOSTINT('dol_hide_leftmenu');
1909  }
1910  if (GETPOSTISSET('dol_optimize_smallscreen')) {
1911  $themeparam .= '&amp;dol_optimize_smallscreen='.GETPOSTINT('dol_optimize_smallscreen');
1912  }
1913  if (GETPOSTISSET('dol_no_mouse_hover')) {
1914  $themeparam .= '&amp;dol_no_mouse_hover='.GETPOSTINT('dol_no_mouse_hover');
1915  }
1916  if (GETPOSTISSET('dol_use_jmobile')) {
1917  $themeparam .= '&amp;dol_use_jmobile='.GETPOSTINT('dol_use_jmobile');
1918  $conf->dol_use_jmobile = GETPOSTINT('dol_use_jmobile');
1919  }
1920  if (GETPOSTISSET('THEME_DARKMODEENABLED')) {
1921  $themeparam .= '&amp;THEME_DARKMODEENABLED='.GETPOSTINT('THEME_DARKMODEENABLED');
1922  }
1923  if (GETPOSTISSET('THEME_SATURATE_RATIO')) {
1924  $themeparam .= '&amp;THEME_SATURATE_RATIO='.GETPOSTINT('THEME_SATURATE_RATIO');
1925  }
1926 
1927  if (getDolGlobalString('MAIN_ENABLE_FONT_ROBOTO')) {
1928  print '<link rel="preconnect" href="https://fonts.gstatic.com">'."\n";
1929  print '<link href="https://fonts.googleapis.com/css2?family=Roboto:wght@200;300;400;500;600&display=swap" rel="stylesheet">'."\n";
1930  }
1931 
1932  if (!defined('DISABLE_JQUERY') && !$disablejs && $conf->use_javascript_ajax) {
1933  print '<!-- Includes CSS for JQuery (Ajax library) -->'."\n";
1934  $jquerytheme = 'base';
1935  if (getDolGlobalString('MAIN_USE_JQUERY_THEME')) {
1936  $jquerytheme = getDolGlobalString('MAIN_USE_JQUERY_THEME');
1937  }
1938  if (constant('JS_JQUERY_UI')) {
1939  print '<link rel="stylesheet" type="text/css" href="'.JS_JQUERY_UI.'css/'.$jquerytheme.'/jquery-ui.min.css'.($ext ? '?'.$ext : '').'">'."\n"; // Forced JQuery
1940  } else {
1941  print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/includes/jquery/css/'.$jquerytheme.'/jquery-ui.css'.($ext ? '?'.$ext : '').'">'."\n"; // JQuery
1942  }
1943  if (!defined('DISABLE_JQUERY_JNOTIFY')) {
1944  print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/includes/jquery/plugins/jnotify/jquery.jnotify-alt.min.css'.($ext ? '?'.$ext : '').'">'."\n"; // JNotify
1945  }
1946  if (!defined('DISABLE_SELECT2') && (getDolGlobalString('MAIN_USE_JQUERY_MULTISELECT') || defined('REQUIRE_JQUERY_MULTISELECT'))) { // jQuery plugin "mutiselect", "multiple-select", "select2"...
1947  $tmpplugin = !getDolGlobalString('MAIN_USE_JQUERY_MULTISELECT') ? constant('REQUIRE_JQUERY_MULTISELECT') : $conf->global->MAIN_USE_JQUERY_MULTISELECT;
1948  print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/includes/jquery/plugins/'.$tmpplugin.'/dist/css/'.$tmpplugin.'.css'.($ext ? '?'.$ext : '').'">'."\n";
1949  }
1950  }
1951 
1952  if (!defined('DISABLE_FONT_AWSOME')) {
1953  print '<!-- Includes CSS for font awesome -->'."\n";
1954  $fontawesome_directory = getDolGlobalString('MAIN_FONTAWESOME_DIRECTORY', '/theme/common/fontawesome-5');
1955  print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.$fontawesome_directory.'/css/all.min.css'.($ext ? '?'.$ext : '').'">'."\n";
1956  }
1957 
1958  print '<!-- Includes CSS for Dolibarr theme -->'."\n";
1959  // Output style sheets (optioncss='print' or ''). Note: $conf->css looks like '/theme/eldy/style.css.php'
1960  $themepath = dol_buildpath($conf->css, 1);
1961  $themesubdir = '';
1962  if (!empty($conf->modules_parts['theme'])) { // This slow down
1963  foreach ($conf->modules_parts['theme'] as $reldir) {
1964  if (file_exists(dol_buildpath($reldir.$conf->css, 0))) {
1965  $themepath = dol_buildpath($reldir.$conf->css, 1);
1966  $themesubdir = $reldir;
1967  break;
1968  }
1969  }
1970  }
1971 
1972  //print 'themepath='.$themepath.' themeparam='.$themeparam;exit;
1973  print '<link rel="stylesheet" type="text/css" href="'.$themepath.$themeparam.'">'."\n";
1974  if (getDolGlobalString('MAIN_FIX_FLASH_ON_CHROME')) {
1975  print '<!-- Includes CSS that does not exists as a workaround of flash bug of chrome -->'."\n".'<link rel="stylesheet" type="text/css" href="filethatdoesnotexiststosolvechromeflashbug">'."\n";
1976  }
1977 
1978  // LEAFLET AND GEOMAN
1979  if (getDolGlobalString('MAIN_USE_GEOPHP')) {
1980  print '<link rel="stylesheet" href="'.DOL_URL_ROOT.'/includes/leaflet/leaflet.css'.($ext ? '?'.$ext : '')."\">\n";
1981  print '<link rel="stylesheet" href="'.DOL_URL_ROOT.'/includes/leaflet/leaflet-geoman.css'.($ext ? '?'.$ext : '')."\">\n";
1982  }
1983 
1984  // CSS forced by modules (relative url starting with /)
1985  if (!empty($conf->modules_parts['css'])) {
1986  $arraycss = (array) $conf->modules_parts['css'];
1987  foreach ($arraycss as $modcss => $filescss) {
1988  $filescss = (array) $filescss; // To be sure filecss is an array
1989  foreach ($filescss as $cssfile) {
1990  if (empty($cssfile)) {
1991  dol_syslog("Warning: module ".$modcss." declared a css path file into its descriptor that is empty.", LOG_WARNING);
1992  }
1993  // cssfile is a relative path
1994  $urlforcss = dol_buildpath($cssfile, 1);
1995  if ($urlforcss && $urlforcss != '/') {
1996  print '<!-- Includes CSS added by module '.$modcss.' -->'."\n".'<link rel="stylesheet" type="text/css" href="'.$urlforcss;
1997  // We add params only if page is not static, because some web server setup does not return content type text/css if url has parameters, so browser cache is not used.
1998  if (!preg_match('/\.css$/i', $cssfile)) {
1999  print $themeparam;
2000  }
2001  print '">'."\n";
2002  } else {
2003  dol_syslog("Warning: module ".$modcss." declared a css path file for a file we can't find.", LOG_WARNING);
2004  }
2005  }
2006  }
2007  }
2008  // CSS forced by page in top_htmlhead call (relative url starting with /)
2009  if (is_array($arrayofcss)) {
2010  foreach ($arrayofcss as $cssfile) {
2011  if (preg_match('/^(http|\/\/)/i', $cssfile)) {
2012  $urltofile = $cssfile;
2013  } else {
2014  $urltofile = dol_buildpath($cssfile, 1);
2015  }
2016  print '<!-- Includes CSS added by page -->'."\n".'<link rel="stylesheet" type="text/css" title="default" href="'.$urltofile;
2017  // We add params only if page is not static, because some web server setup does not return content type text/css if url has parameters and browser cache is not used.
2018  if (!preg_match('/\.css$/i', $cssfile)) {
2019  print $themeparam;
2020  }
2021  print '">'."\n";
2022  }
2023  }
2024 
2025  // Custom CSS
2026  if (getDolGlobalString('MAIN_IHM_CUSTOM_CSS')) {
2027  // If a custom CSS was set, we add link to the custom css php file
2028  print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/theme/custom.css.php'.($ext ? '?'.$ext : '').'&amp;revision='.getDolGlobalInt("MAIN_IHM_PARAMS_REV").'">'."\n";
2029  }
2030 
2031  // Output standard javascript links
2032  if (!defined('DISABLE_JQUERY') && !$disablejs && !empty($conf->use_javascript_ajax)) {
2033  // JQuery. Must be before other includes
2034  print '<!-- Includes JS for JQuery -->'."\n";
2035  if (defined('JS_JQUERY') && constant('JS_JQUERY')) {
2036  print '<script nonce="'.getNonce().'" src="'.JS_JQUERY.'jquery.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2037  } else {
2038  print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/js/jquery.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2039  }
2040  if (defined('JS_JQUERY_UI') && constant('JS_JQUERY_UI')) {
2041  print '<script nonce="'.getNonce().'" src="'.JS_JQUERY_UI.'jquery-ui.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2042  } else {
2043  print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/js/jquery-ui.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2044  }
2045  // jQuery jnotify
2046  if (!getDolGlobalString('MAIN_DISABLE_JQUERY_JNOTIFY') && !defined('DISABLE_JQUERY_JNOTIFY')) {
2047  print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jnotify/jquery.jnotify.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2048  }
2049  // Table drag and drop lines
2050  if (empty($disableforlogin) && !defined('DISABLE_JQUERY_TABLEDND')) {
2051  print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/tablednd/jquery.tablednd.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2052  }
2053  // Chart
2054  if (empty($disableforlogin) && (!getDolGlobalString('MAIN_JS_GRAPH') || getDolGlobalString('MAIN_JS_GRAPH') == 'chart') && !defined('DISABLE_JS_GRAPH')) {
2055  print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/nnnick/chartjs/dist/chart.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2056  }
2057 
2058  // jQuery jeditable for Edit In Place features
2059  if (getDolGlobalString('MAIN_USE_JQUERY_JEDITABLE') && !defined('DISABLE_JQUERY_JEDITABLE')) {
2060  print '<!-- JS to manage editInPlace feature -->'."\n";
2061  print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2062  print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.ui-datepicker.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2063  print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.ui-autocomplete.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2064  print '<script>'."\n";
2065  print 'var urlSaveInPlace = \''.DOL_URL_ROOT.'/core/ajax/saveinplace.php\';'."\n";
2066  print 'var urlLoadInPlace = \''.DOL_URL_ROOT.'/core/ajax/loadinplace.php\';'."\n";
2067  print 'var tooltipInPlace = \''.$langs->transnoentities('ClickToEdit').'\';'."\n"; // Added in title attribute of span
2068  print 'var placeholderInPlace = \'&nbsp;\';'."\n"; // If we put another string than $langs->trans("ClickToEdit") here, nothing is shown. If we put empty string, there is error, Why ?
2069  print 'var cancelInPlace = \''.$langs->trans("Cancel").'\';'."\n";
2070  print 'var submitInPlace = \''.$langs->trans('Ok').'\';'."\n";
2071  print 'var indicatorInPlace = \'<img src="'.DOL_URL_ROOT."/theme/".$conf->theme."/img/working.gif".'">\';'."\n";
2072  print 'var withInPlace = 300;'; // width in pixel for default string edit
2073  print '</script>'."\n";
2074  print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/core/js/editinplace.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2075  print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.ckeditor.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2076  }
2077  // jQuery Timepicker
2078  if (getDolGlobalString('MAIN_USE_JQUERY_TIMEPICKER') || defined('REQUIRE_JQUERY_TIMEPICKER')) {
2079  print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/timepicker/jquery-ui-timepicker-addon.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2080  print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/core/js/timepicker.js.php?lang='.$langs->defaultlang.($ext ? '&amp;'.$ext : '').'"></script>'."\n";
2081  }
2082  if (!defined('DISABLE_SELECT2') && (getDolGlobalString('MAIN_USE_JQUERY_MULTISELECT') || defined('REQUIRE_JQUERY_MULTISELECT'))) {
2083  // jQuery plugin "mutiselect", "multiple-select", "select2", ...
2084  $tmpplugin = !getDolGlobalString('MAIN_USE_JQUERY_MULTISELECT') ? constant('REQUIRE_JQUERY_MULTISELECT') : $conf->global->MAIN_USE_JQUERY_MULTISELECT;
2085  print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/'.$tmpplugin.'/dist/js/'.$tmpplugin.'.full.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n"; // We include full because we need the support of containerCssClass
2086  }
2087  if (!defined('DISABLE_MULTISELECT')) { // jQuery plugin "mutiselect" to select with checkboxes. Can be removed once we have an enhanced search tool
2088  print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/multiselect/jquery.multi-select.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2089  }
2090  }
2091 
2092  if (!$disablejs && !empty($conf->use_javascript_ajax)) {
2093  // CKEditor
2094  if (empty($disableforlogin) && (isModEnabled('fckeditor') && (!getDolGlobalString('FCKEDITOR_EDITORNAME') || getDolGlobalString('FCKEDITOR_EDITORNAME') == 'ckeditor') && !defined('DISABLE_CKEDITOR')) || defined('FORCE_CKEDITOR')) {
2095  print '<!-- Includes JS for CKEditor -->'."\n";
2096  $pathckeditor = DOL_URL_ROOT.'/includes/ckeditor/ckeditor/';
2097  $jsckeditor = 'ckeditor.js';
2098  if (constant('JS_CKEDITOR')) {
2099  // To use external ckeditor 4 js lib
2100  $pathckeditor = constant('JS_CKEDITOR');
2101  }
2102  print '<script nonce="'.getNonce().'">';
2103  print '/* enable ckeditor by main.inc.php */';
2104  print 'var CKEDITOR_BASEPATH = \''.dol_escape_js($pathckeditor).'\';'."\n";
2105  print 'var ckeditorConfig = \''.dol_escape_js(dol_buildpath($themesubdir.'/theme/'.$conf->theme.'/ckeditor/config.js'.($ext ? '?'.$ext : ''), 1)).'\';'."\n"; // $themesubdir='' in standard usage
2106  print 'var ckeditorFilebrowserBrowseUrl = \''.DOL_URL_ROOT.'/core/filemanagerdol/browser/default/browser.php?Connector='.DOL_URL_ROOT.'/core/filemanagerdol/connectors/php/connector.php\';'."\n";
2107  print 'var ckeditorFilebrowserImageBrowseUrl = \''.DOL_URL_ROOT.'/core/filemanagerdol/browser/default/browser.php?Type=Image&Connector='.DOL_URL_ROOT.'/core/filemanagerdol/connectors/php/connector.php\';'."\n";
2108  print '</script>'."\n";
2109  print '<script src="'.$pathckeditor.$jsckeditor.($ext ? '?'.$ext : '').'"></script>'."\n";
2110  print '<script>';
2111  if (GETPOST('mode', 'aZ09') == 'Full_inline') {
2112  print 'CKEDITOR.disableAutoInline = false;'."\n";
2113  } else {
2114  print 'CKEDITOR.disableAutoInline = true;'."\n";
2115  }
2116  print '</script>'."\n";
2117  }
2118 
2119  // Browser notifications (if NOREQUIREMENU is on, it is mostly a page for popup, so we do not enable notif too. We hide also for public pages).
2120  if (!defined('NOBROWSERNOTIF') && !defined('NOREQUIREMENU') && !defined('NOLOGIN')) {
2121  $enablebrowsernotif = false;
2122  if (isModEnabled('agenda') && getDolGlobalString('AGENDA_REMINDER_BROWSER')) {
2123  $enablebrowsernotif = true;
2124  }
2125  if ($conf->browser->layout == 'phone') {
2126  $enablebrowsernotif = false;
2127  }
2128  if ($enablebrowsernotif) {
2129  print '<!-- Includes JS of Dolibarr (browser layout = '.$conf->browser->layout.')-->'."\n";
2130  print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/core/js/lib_notification.js.php'.($ext ? '?'.$ext : '').'"></script>'."\n";
2131  }
2132  }
2133 
2134  // Global js function
2135  print '<!-- Includes JS of Dolibarr -->'."\n";
2136  print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/core/js/lib_head.js.php?lang='.$langs->defaultlang.($ext ? '&amp;'.$ext : '').'"></script>'."\n";
2137 
2138  // Leaflet TODO use dolibarr files
2139  if (getDolGlobalString('MAIN_USE_GEOPHP')) {
2140  print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/leaflet/leaflet.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2141  print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/leaflet/leaflet-geoman.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2142  }
2143 
2144  // JS forced by modules (relative url starting with /)
2145  if (!empty($conf->modules_parts['js'])) { // $conf->modules_parts['js'] is array('module'=>array('file1','file2'))
2146  $arrayjs = (array) $conf->modules_parts['js'];
2147  foreach ($arrayjs as $modjs => $filesjs) {
2148  $filesjs = (array) $filesjs; // To be sure filejs is an array
2149  foreach ($filesjs as $jsfile) {
2150  // jsfile is a relative path
2151  $urlforjs = dol_buildpath($jsfile, 1);
2152  if ($urlforjs && $urlforjs != '/') {
2153  print '<!-- Include JS added by module '.$modjs.'-->'."\n";
2154  print '<script nonce="'.getNonce().'" src="'.$urlforjs.((strpos($jsfile, '?') === false) ? '?' : '&amp;').'lang='.$langs->defaultlang.'"></script>'."\n";
2155  } else {
2156  dol_syslog("Warning: module ".$modjs." declared a js path file for a file we can't find.", LOG_WARNING);
2157  }
2158  }
2159  }
2160  }
2161  // JS forced by page in top_htmlhead (relative url starting with /)
2162  if (is_array($arrayofjs)) {
2163  print '<!-- Includes JS added by page -->'."\n";
2164  foreach ($arrayofjs as $jsfile) {
2165  if (preg_match('/^(http|\/\/)/i', $jsfile)) {
2166  print '<script nonce="'.getNonce().'" src="'.$jsfile.((strpos($jsfile, '?') === false) ? '?' : '&amp;').'lang='.$langs->defaultlang.'"></script>'."\n";
2167  } else {
2168  print '<script nonce="'.getNonce().'" src="'.dol_buildpath($jsfile, 1).((strpos($jsfile, '?') === false) ? '?' : '&amp;').'lang='.$langs->defaultlang.'"></script>'."\n";
2169  }
2170  }
2171  }
2172  }
2173 
2174  //If you want to load custom javascript file from your selected theme directory
2175  if (getDolGlobalString('ALLOW_THEME_JS')) {
2176  $theme_js = dol_buildpath('/theme/'.$conf->theme.'/'.$conf->theme.'.js', 0);
2177  if (file_exists($theme_js)) {
2178  print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/'.$conf->theme.'.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
2179  }
2180  }
2181 
2182  if (!empty($head)) {
2183  print $head."\n";
2184  }
2185  if (getDolGlobalString('MAIN_HTML_HEADER')) {
2186  print getDolGlobalString('MAIN_HTML_HEADER') . "\n";
2187  }
2188 
2189  $parameters = array();
2190  $result = $hookmanager->executeHooks('addHtmlHeader', $parameters); // Note that $action and $object may have been modified by some hooks
2191  print $hookmanager->resPrint; // Replace Title to show
2192 
2193  print "</head>\n\n";
2194  }
2195 
2196  $conf->headerdone = 1; // To tell header was output
2197 }
2198 
2199 
2216 function top_menu($head, $title = '', $target = '', $disablejs = 0, $disablehead = 0, $arrayofjs = array(), $arrayofcss = array(), $morequerystring = '', $helppagename = '')
2217 {
2218  global $user, $conf, $langs, $db, $form;
2219  global $dolibarr_main_authentication, $dolibarr_main_demo;
2220  global $hookmanager, $menumanager;
2221 
2222  $searchform = '';
2223 
2224  // Instantiate hooks for external modules
2225  $hookmanager->initHooks(array('toprightmenu'));
2226 
2227  $toprightmenu = '';
2228 
2229  // For backward compatibility with old modules
2230  if (empty($conf->headerdone)) {
2231  $disablenofollow = 0;
2232  top_htmlhead($head, $title, $disablejs, $disablehead, $arrayofjs, $arrayofcss, 0, $disablenofollow);
2233  print '<body id="mainbody">';
2234  }
2235 
2236  /*
2237  * Top menu
2238  */
2239  if ((empty($conf->dol_hide_topmenu) || GETPOSTINT('dol_invisible_topmenu')) && (!defined('NOREQUIREMENU') || !constant('NOREQUIREMENU'))) {
2240  if (!isset($form) || !is_object($form)) {
2241  include_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php';
2242  $form = new Form($db);
2243  }
2244 
2245  print "\n".'<!-- Start top horizontal -->'."\n";
2246 
2247  print '<header id="id-top" class="side-nav-vert'.(GETPOSTINT('dol_invisible_topmenu') ? ' hidden' : '').'">'; // dol_invisible_topmenu differs from dol_hide_topmenu: dol_invisible_topmenu means we output menu but we make it invisible.
2248 
2249  // Show menu entries
2250  print '<div id="tmenu_tooltip'.(!getDolGlobalString('MAIN_MENU_INVERT') ? '' : 'invert').'" class="tmenu">'."\n";
2251  $menumanager->atarget = $target;
2252  $menumanager->showmenu('top', array('searchform' => $searchform)); // This contains a \n
2253  print "</div>\n";
2254 
2255  // Define link to login card
2256  $appli = constant('DOL_APPLICATION_TITLE');
2257  if (getDolGlobalString('MAIN_APPLICATION_TITLE')) {
2258  $appli = getDolGlobalString('MAIN_APPLICATION_TITLE');
2259  if (preg_match('/\d\.\d/', $appli)) {
2260  if (!preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) {
2261  $appli .= " (".DOL_VERSION.")"; // If new title contains a version that is different than core
2262  }
2263  } else {
2264  $appli .= " ".DOL_VERSION;
2265  }
2266  } else {
2267  $appli .= " ".DOL_VERSION;
2268  }
2269 
2270  if (getDolGlobalInt('MAIN_FEATURES_LEVEL')) {
2271  $appli .= "<br>".$langs->trans("LevelOfFeature").': '.getDolGlobalInt('MAIN_FEATURES_LEVEL');
2272  }
2273 
2274  $logouttext = '';
2275  $logouthtmltext = '';
2276  if (!getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {
2277  //$logouthtmltext=$appli.'<br>';
2278  $stringforfirstkey = $langs->trans("KeyboardShortcut");
2279  if ($conf->browser->name == 'chrome') {
2280  $stringforfirstkey .= ' ALT +';
2281  } elseif ($conf->browser->name == 'firefox') {
2282  $stringforfirstkey .= ' ALT + SHIFT +';
2283  } else {
2284  $stringforfirstkey .= ' CTL +';
2285  }
2286  if ($_SESSION["dol_authmode"] != 'forceuser' && $_SESSION["dol_authmode"] != 'http') {
2287  $logouthtmltext .= $langs->trans("Logout").'<br>';
2288  $logouttext .= '<a accesskey="l" href="'.DOL_URL_ROOT.'/user/logout.php?token='.newToken().'">';
2289  $logouttext .= img_picto($langs->trans('Logout').' ('.$stringforfirstkey.' l)', 'sign-out', '', false, 0, 0, '', 'atoplogin valignmiddle');
2290  $logouttext .= '</a>';
2291  } else {
2292  $logouthtmltext .= $langs->trans("NoLogoutProcessWithAuthMode", $_SESSION["dol_authmode"]);
2293  $logouttext .= img_picto($langs->trans('Logout').' ('.$stringforfirstkey.' l)', 'sign-out', '', false, 0, 0, '', 'atoplogin valignmiddle opacitymedium');
2294  }
2295  }
2296 
2297  print '<div class="login_block usedropdown">'."\n";
2298 
2299  $toprightmenu .= '<div class="login_block_other">';
2300 
2301  // Execute hook printTopRightMenu (hooks should output string like '<div class="login"><a href="">mylink</a></div>')
2302  $parameters = array();
2303  $result = $hookmanager->executeHooks('printTopRightMenu', $parameters); // Note that $action and $object may have been modified by some hooks
2304  if (is_numeric($result)) {
2305  if ($result == 0) {
2306  $toprightmenu .= $hookmanager->resPrint; // add
2307  } else {
2308  $toprightmenu = $hookmanager->resPrint; // replace
2309  }
2310  } else {
2311  $toprightmenu .= $result; // For backward compatibility
2312  }
2313 
2314  // Link to module builder
2315  if (isModEnabled('modulebuilder')) {
2316  $text = '<a href="'.DOL_URL_ROOT.'/modulebuilder/index.php?mainmenu=home&leftmenu=admintools" target="modulebuilder">';
2317  //$text.= img_picto(":".$langs->trans("ModuleBuilder"), 'printer_top.png', 'class="printer"');
2318  $text .= '<span class="fa fa-bug atoplogin valignmiddle"></span>';
2319  $text .= '</a>';
2320  // @phan-suppress-next-line PhanPluginSuspiciousParamPosition
2321  $toprightmenu .= $form->textwithtooltip('', $langs->trans("ModuleBuilder"), 2, 1, $text, 'login_block_elem', 2);
2322  }
2323 
2324  // Link to print main content area (optioncss=print)
2325  if (!getDolGlobalString('MAIN_PRINT_DISABLELINK') && !getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {
2326  $qs = dol_escape_htmltag($_SERVER["QUERY_STRING"]);
2327 
2328  if (isset($_POST) && is_array($_POST)) {
2329  foreach ($_POST as $key => $value) {
2330  $key = preg_replace('/[^a-z0-9_\.\-\[\]]/i', '', $key);
2331  if (in_array($key, array('action', 'massaction', 'password'))) {
2332  continue;
2333  }
2334  if (!is_array($value)) {
2335  if ($value !== '') {
2336  $qs .= '&'.urlencode($key).'='.urlencode($value);
2337  }
2338  } else {
2339  foreach ($value as $value2) {
2340  if (($value2 !== '') && (!is_array($value2))) {
2341  $qs .= '&'.urlencode($key).'[]='.urlencode($value2);
2342  }
2343  }
2344  }
2345  }
2346  }
2347  $qs .= (($qs && $morequerystring) ? '&' : '').$morequerystring;
2348  $text = '<a href="'.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.$qs.($qs ? '&' : '').'optioncss=print" target="_blank" rel="noopener noreferrer">';
2349  //$text.= img_picto(":".$langs->trans("PrintContentArea"), 'printer_top.png', 'class="printer"');
2350  $text .= '<span class="fa fa-print atoplogin valignmiddle"></span>';
2351  $text .= '</a>';
2352  // @phan-suppress-next-line PhanPluginSuspiciousParamPosition
2353  $toprightmenu .= $form->textwithtooltip('', $langs->trans("PrintContentArea"), 2, 1, $text, 'login_block_elem', 2);
2354  }
2355 
2356  // Link to Dolibarr wiki pages
2357  if (!getDolGlobalString('MAIN_HELP_DISABLELINK') && !getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {
2358  $langs->load("help");
2359 
2360  $helpbaseurl = '';
2361  $helppage = '';
2362  $mode = '';
2363  $helppresent = '';
2364 
2365  if (empty($helppagename)) {
2366  $helppagename = 'EN:User_documentation|FR:Documentation_utilisateur|ES:Documentación_usuarios|DE:Benutzerdokumentation';
2367  } else {
2368  $helppresent = 'helppresent';
2369  }
2370 
2371  // Get helpbaseurl, helppage and mode from helppagename and langs
2372  $arrayres = getHelpParamFor($helppagename, $langs);
2373  $helpbaseurl = $arrayres['helpbaseurl'];
2374  $helppage = $arrayres['helppage'];
2375  $mode = $arrayres['mode'];
2376 
2377  // Link to help pages
2378  if ($helpbaseurl && $helppage) {
2379  $text = '';
2380  $title = $langs->trans($mode == 'wiki' ? 'GoToWikiHelpPage' : 'GoToHelpPage').', ';
2381  if ($mode == 'wiki') {
2382  $title .= '<br>'.img_picto('', 'globe', 'class="pictofixedwidth"').$langs->trans("PageWiki").' '.dol_escape_htmltag('"'.strtr($helppage, '_', ' ').'"');
2383  if ($helppresent) {
2384  $title .= ' <span class="opacitymedium">('.$langs->trans("DedicatedPageAvailable").')</span>';
2385  } else {
2386  $title .= ' <span class="opacitymedium">('.$langs->trans("HomePage").')</span>';
2387  }
2388  }
2389  $text .= '<a class="help" target="_blank" rel="noopener noreferrer" href="';
2390  if ($mode == 'wiki') {
2391  // @phan-suppress-next-line PhanPluginPrintfVariableFormatString
2392  $text .= sprintf($helpbaseurl, urlencode(html_entity_decode($helppage)));
2393  } else {
2394  // @phan-suppress-next-line PhanPluginPrintfVariableFormatString
2395  $text .= sprintf($helpbaseurl, $helppage);
2396  }
2397  $text .= '">';
2398  $text .= '<span class="fa fa-question-circle atoplogin valignmiddle'.($helppresent ? ' '.$helppresent : '').'"></span>';
2399  $text .= '<span class="fa fa-long-arrow-alt-up helppresentcircle'.($helppresent ? '' : ' unvisible').'"></span>';
2400  $text .= '</a>';
2401  // @phan-suppress-next-line PhanPluginSuspiciousParamPosition
2402  $toprightmenu .= $form->textwithtooltip('', $title, 2, 1, $text, 'login_block_elem', 2);
2403  }
2404 
2405  // Version
2406  if (getDolGlobalString('MAIN_SHOWDATABASENAMEINHELPPAGESLINK')) {
2407  $langs->load('admin');
2408  $appli .= '<br>'.$langs->trans("Database").': '.$db->database_name;
2409  }
2410  }
2411 
2412  if (!getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {
2413  $text = '<span class="aversion"><span class="hideonsmartphone small">'.DOL_VERSION.'</span></span>';
2414  // @phan-suppress-next-line PhanPluginSuspiciousParamPosition
2415  $toprightmenu .= $form->textwithtooltip('', $appli, 2, 1, $text, 'login_block_elem', 2);
2416  }
2417 
2418  // Logout link
2419  $toprightmenu .= $form->textwithtooltip('', $logouthtmltext, 2, 1, $logouttext, 'login_block_elem logout-btn', 2);
2420 
2421  $toprightmenu .= '</div>'; // end div class="login_block_other"
2422 
2423 
2424  // Add login user link
2425  $toprightmenu .= '<div class="login_block_user">';
2426 
2427  // Login name with photo and tooltip
2428  $mode = -1;
2429  $toprightmenu .= '<div class="inline-block login_block_elem login_block_elem_name nowrap centpercent" style="padding: 0px;">';
2430 
2431  if (getDolGlobalString('MAIN_USE_TOP_MENU_SEARCH_DROPDOWN')) {
2432  // Add search dropdown
2433  $toprightmenu .= top_menu_search();
2434  }
2435 
2436  if (getDolGlobalString('MAIN_USE_TOP_MENU_QUICKADD_DROPDOWN')) {
2437  // Add search dropdown
2438  $toprightmenu .= top_menu_quickadd();
2439  }
2440 
2441  // Add bookmark dropdown
2442  $toprightmenu .= top_menu_bookmark();
2443 
2444  // Add user dropdown
2445  $toprightmenu .= top_menu_user();
2446 
2447  $toprightmenu .= '</div>';
2448 
2449  $toprightmenu .= '</div>'."\n";
2450 
2451 
2452  print $toprightmenu;
2453 
2454  print "</div>\n"; // end div class="login_block"
2455 
2456  print '</header>';
2457  //print '<header class="header2">&nbsp;</header>';
2458 
2459  print '<div style="clear: both;"></div>';
2460  print "<!-- End top horizontal menu -->\n\n";
2461  }
2462 
2463  if (empty($conf->dol_hide_leftmenu) && empty($conf->dol_use_jmobile)) {
2464  print '<!-- Begin div id-container --><div id="id-container" class="id-container">';
2465  }
2466 }
2467 
2468 
2476 function top_menu_user($hideloginname = 0, $urllogout = '')
2477 {
2478  global $langs, $conf, $db, $hookmanager, $user, $mysoc;
2479  global $dolibarr_main_authentication, $dolibarr_main_demo;
2480  global $menumanager;
2481 
2482  $langs->load('companies');
2483 
2484  $userImage = $userDropDownImage = '';
2485  if (!empty($user->photo)) {
2486  $userImage = Form::showphoto('userphoto', $user, 0, 0, 0, 'photouserphoto userphoto', 'small', 0, 1);
2487  $userDropDownImage = Form::showphoto('userphoto', $user, 0, 0, 0, 'dropdown-user-image', 'small', 0, 1);
2488  } else {
2489  $nophoto = '/public/theme/common/user_anonymous.png';
2490  if ($user->gender == 'man') {
2491  $nophoto = '/public/theme/common/user_man.png';
2492  }
2493  if ($user->gender == 'woman') {
2494  $nophoto = '/public/theme/common/user_woman.png';
2495  }
2496 
2497  $userImage = '<img class="photo photouserphoto userphoto" alt="" src="'.DOL_URL_ROOT.$nophoto.'">';
2498  $userDropDownImage = '<img class="photo dropdown-user-image" alt="" src="'.DOL_URL_ROOT.$nophoto.'">';
2499  }
2500 
2501  $dropdownBody = '';
2502  $dropdownBody .= '<span id="topmenulogincompanyinfo-btn"><i class="fa fa-caret-right"></i> '.$langs->trans("ShowCompanyInfos").'</span>';
2503  $dropdownBody .= '<div id="topmenulogincompanyinfo" >';
2504 
2505  $dropdownBody .= '<br><b>'.$langs->trans("Company").'</b>: <span>'.dol_escape_htmltag($mysoc->name).'</span>';
2506  if ($langs->transcountry("ProfId1", $mysoc->country_code) != '-') {
2507  $dropdownBody .= '<br><b>'.$langs->transcountry("ProfId1", $mysoc->country_code).'</b>: <span>'.dol_print_profids(getDolGlobalString("MAIN_INFO_SIREN"), 1).'</span>';
2508  }
2509  if ($langs->transcountry("ProfId2", $mysoc->country_code) != '-') {
2510  $dropdownBody .= '<br><b>'.$langs->transcountry("ProfId2", $mysoc->country_code).'</b>: <span>'.dol_print_profids(getDolGlobalString("MAIN_INFO_SIRET"), 2).'</span>';
2511  }
2512  if ($langs->transcountry("ProfId3", $mysoc->country_code) != '-') {
2513  $dropdownBody .= '<br><b>'.$langs->transcountry("ProfId3", $mysoc->country_code).'</b>: <span>'.dol_print_profids(getDolGlobalString("MAIN_INFO_APE"), 3).'</span>';
2514  }
2515  if ($langs->transcountry("ProfId4", $mysoc->country_code) != '-') {
2516  $dropdownBody .= '<br><b>'.$langs->transcountry("ProfId4", $mysoc->country_code).'</b>: <span>'.dol_print_profids(getDolGlobalString("MAIN_INFO_RCS"), 4).'</span>';
2517  }
2518  if ($langs->transcountry("ProfId5", $mysoc->country_code) != '-') {
2519  $dropdownBody .= '<br><b>'.$langs->transcountry("ProfId5", $mysoc->country_code).'</b>: <span>'.dol_print_profids(getDolGlobalString("MAIN_INFO_PROFID5"), 5).'</span>';
2520  }
2521  if ($langs->transcountry("ProfId6", $mysoc->country_code) != '-') {
2522  $dropdownBody .= '<br><b>'.$langs->transcountry("ProfId6", $mysoc->country_code).'</b>: <span>'.dol_print_profids(getDolGlobalString("MAIN_INFO_PROFID6"), 6).'</span>';
2523  }
2524  $dropdownBody .= '<br><b>'.$langs->trans("VATIntraShort").'</b>: <span>'.dol_print_profids(getDolGlobalString("MAIN_INFO_TVAINTRA"), 'VAT').'</span>';
2525  $dropdownBody .= '<br><b>'.$langs->trans("Country").'</b>: <span>'.($mysoc->country_code ? $langs->trans("Country".$mysoc->country_code) : '').'</span>';
2526  if (isModEnabled('multicurrency')) {
2527  $dropdownBody .= '<br><b>'.$langs->trans("Currency").'</b>: <span>'.$conf->currency.'</span>';
2528  }
2529  $dropdownBody .= '</div>';
2530 
2531  $dropdownBody .= '<br>';
2532  $dropdownBody .= '<span id="topmenuloginmoreinfo-btn"><i class="fa fa-caret-right"></i> '.$langs->trans("ShowMoreInfos").'</span>';
2533  $dropdownBody .= '<div id="topmenuloginmoreinfo" >';
2534 
2535  // login infos
2536  if (!empty($user->admin)) {
2537  $dropdownBody .= '<br><b>'.$langs->trans("Administrator").'</b>: '.yn($user->admin);
2538  }
2539  if (!empty($user->socid)) { // Add thirdparty for external users
2540  $thirdpartystatic = new Societe($db);
2541  $thirdpartystatic->fetch($user->socid);
2542  $companylink = ' '.$thirdpartystatic->getNomUrl(2); // picto only of company
2543  $company = ' ('.$langs->trans("Company").': '.$thirdpartystatic->name.')';
2544  }
2545  $type = ($user->socid ? $langs->trans("External").$company : $langs->trans("Internal"));
2546  $dropdownBody .= '<br><b>'.$langs->trans("Type").':</b> '.$type;
2547  $dropdownBody .= '<br><b>'.$langs->trans("Status").'</b>: '.$user->getLibStatut(0);
2548  $dropdownBody .= '<br>';
2549 
2550  $dropdownBody .= '<br><u>'.$langs->trans("Session").'</u>';
2551  $dropdownBody .= '<br><b>'.$langs->trans("IPAddress").'</b>: '.dol_escape_htmltag($_SERVER["REMOTE_ADDR"]);
2552  if (getDolGlobalString('MAIN_MODULE_MULTICOMPANY')) {
2553  $dropdownBody .= '<br><b>'.$langs->trans("ConnectedOnMultiCompany").':</b> '.$conf->entity.' (user entity '.$user->entity.')';
2554  }
2555  $dropdownBody .= '<br><b>'.$langs->trans("AuthenticationMode").':</b> '.$_SESSION["dol_authmode"].(empty($dolibarr_main_demo) ? '' : ' (demo)');
2556  $dropdownBody .= '<br><b>'.$langs->trans("ConnectedSince").':</b> '.dol_print_date($user->datelastlogin, "dayhour", 'tzuser');
2557  $dropdownBody .= '<br><b>'.$langs->trans("PreviousConnexion").':</b> '.dol_print_date($user->datepreviouslogin, "dayhour", 'tzuser');
2558  $dropdownBody .= '<br><b>'.$langs->trans("CurrentTheme").':</b> '.$conf->theme;
2559  $dropdownBody .= '<br><b>'.$langs->trans("CurrentMenuManager").':</b> '.(isset($menumanager) ? $menumanager->name : 'unknown');
2560  $langFlag = picto_from_langcode($langs->getDefaultLang());
2561  $dropdownBody .= '<br><b>'.$langs->trans("CurrentUserLanguage").':</b> '.($langFlag ? $langFlag.' ' : '').$langs->getDefaultLang();
2562 
2563  $tz = (int) $_SESSION['dol_tz'] + (int) $_SESSION['dol_dst'];
2564  $dropdownBody .= '<br><b>'.$langs->trans("ClientTZ").':</b> '.($tz ? ($tz >= 0 ? '+' : '').$tz : '');
2565  $dropdownBody .= ' ('.$_SESSION['dol_tz_string'].')';
2566  //$dropdownBody .= ' &nbsp; &nbsp; &nbsp; '.$langs->trans("DaylingSavingTime").': ';
2567  //if ($_SESSION['dol_dst'] > 0) $dropdownBody .= yn(1);
2568  //else $dropdownBody .= yn(0);
2569 
2570  $dropdownBody .= '<br><b>'.$langs->trans("Browser").':</b> '.$conf->browser->name.($conf->browser->version ? ' '.$conf->browser->version : '').' <small class="opacitymedium">('.dol_escape_htmltag($_SERVER['HTTP_USER_AGENT']).')</small>';
2571  $dropdownBody .= '<br><b>'.$langs->trans("Layout").':</b> '.$conf->browser->layout;
2572  $dropdownBody .= '<br><b>'.$langs->trans("Screen").':</b> '.$_SESSION['dol_screenwidth'].' x '.$_SESSION['dol_screenheight'];
2573  if ($conf->browser->layout == 'phone') {
2574  $dropdownBody .= '<br><b>'.$langs->trans("Phone").':</b> '.$langs->trans("Yes");
2575  }
2576  if (!empty($_SESSION["disablemodules"])) {
2577  $dropdownBody .= '<br><b>'.$langs->trans("DisabledModules").':</b> <br>'.implode(', ', explode(',', $_SESSION["disablemodules"]));
2578  }
2579  $dropdownBody .= '</div>';
2580 
2581  // Execute hook
2582  $parameters = array('user' => $user, 'langs' => $langs);
2583  $result = $hookmanager->executeHooks('printTopRightMenuLoginDropdownBody', $parameters); // Note that $action and $object may have been modified by some hooks
2584  if (is_numeric($result)) {
2585  if ($result == 0) {
2586  $dropdownBody .= $hookmanager->resPrint; // add
2587  } else {
2588  $dropdownBody = $hookmanager->resPrint; // replace
2589  }
2590  }
2591 
2592  if (empty($urllogout)) {
2593  $urllogout = DOL_URL_ROOT.'/user/logout.php?token='.newToken();
2594  }
2595 
2596  // accesskey is for Windows or Linux: ALT + key for chrome, ALT + SHIFT + KEY for firefox
2597  // accesskey is for Mac: CTRL + key for all browsers
2598  $stringforfirstkey = $langs->trans("KeyboardShortcut");
2599  if ($conf->browser->name == 'chrome') {
2600  $stringforfirstkey .= ' ALT +';
2601  } elseif ($conf->browser->name == 'firefox') {
2602  $stringforfirstkey .= ' ALT + SHIFT +';
2603  } else {
2604  $stringforfirstkey .= ' CTL +';
2605  }
2606 
2607  // Defined the links for bottom of card
2608  $profilLink = '<a accesskey="u" href="'.DOL_URL_ROOT.'/user/card.php?id='.$user->id.'" class="button-top-menu-dropdown" title="'.dol_escape_htmltag($langs->trans("YourUserFile").' ('.$stringforfirstkey.' u)').'"><i class="fa fa-user"></i> '.$langs->trans("Card").'</a>';
2609  $urltovirtualcard = '/user/virtualcard.php?id='.((int) $user->id);
2610  $virtuelcardLink = dolButtonToOpenUrlInDialogPopup('publicvirtualcardmenu', $langs->transnoentitiesnoconv("PublicVirtualCardUrl").(is_object($user) ? ' - '.$user->getFullName($langs) : '').' ('.$stringforfirstkey.' v)', img_picto($langs->trans("PublicVirtualCardUrl").' ('.$stringforfirstkey.' v)', 'card', ''), $urltovirtualcard, '', 'button-top-menu-dropdown marginleftonly nohover', "closeTopMenuLoginDropdown()", '', 'v');
2611  $logoutLink = '<a accesskey="l" href="'.$urllogout.'" class="button-top-menu-dropdown" title="'.dol_escape_htmltag($langs->trans("Logout").' ('.$stringforfirstkey.' l)').'"><i class="fa fa-sign-out-alt padingright"></i><span class="hideonsmartphone">'.$langs->trans("Logout").'</span></a>';
2612 
2613  $profilName = $user->getFullName($langs).' ('.$user->login.')';
2614  if (!empty($user->admin)) {
2615  $profilName = '<i class="far fa-star classfortooltip" title="'.$langs->trans("Administrator").'" ></i> '.$profilName;
2616  }
2617 
2618  // Define version to show
2619  $appli = constant('DOL_APPLICATION_TITLE');
2620  if (getDolGlobalString('MAIN_APPLICATION_TITLE')) {
2621  $appli = getDolGlobalString('MAIN_APPLICATION_TITLE');
2622  if (preg_match('/\d\.\d/', $appli)) {
2623  if (!preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) {
2624  $appli .= " (".DOL_VERSION.")"; // If new title contains a version that is different than core
2625  }
2626  } else {
2627  $appli .= " ".DOL_VERSION;
2628  }
2629  } else {
2630  $appli .= " ".DOL_VERSION;
2631  }
2632 
2633  if (!getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {
2634  $btnUser = '<!-- div for user link -->
2635  <div id="topmenu-login-dropdown" class="userimg atoplogin dropdown user user-menu inline-block">
2636  <a href="'.DOL_URL_ROOT.'/user/card.php?id='.$user->id.'" class="dropdown-toggle login-dropdown-a valignmiddle" data-toggle="dropdown">
2637  '.$userImage.(empty($user->photo) ? '<!-- no photo so show also the login --><span class="hidden-xs maxwidth200 atoploginusername hideonsmartphone paddingleft valignmiddle small">'.dol_trunc($user->firstname ? $user->firstname : $user->login, 10).'</span>' : '').'
2638  </a>
2639  <div class="dropdown-menu">
2640  <!-- User image -->
2641  <div class="user-header">
2642  '.$userDropDownImage.'
2643  <p>
2644  '.$profilName.'<br>';
2645  if ($user->datelastlogin) {
2646  $title = $langs->trans("ConnectedSince").' : '.dol_print_date($user->datelastlogin, "dayhour", 'tzuser');
2647  if ($user->datepreviouslogin) {
2648  $title .= '<br>'.$langs->trans("PreviousConnexion").' : '.dol_print_date($user->datepreviouslogin, "dayhour", 'tzuser');
2649  }
2650  }
2651  $btnUser .= '<small class="classfortooltip" title="'.dol_escape_htmltag($title).'" ><i class="fa fa-user-clock"></i> '.dol_print_date($user->datelastlogin, "dayhour", 'tzuser').'</small><br>';
2652  if ($user->datepreviouslogin) {
2653  $btnUser .= '<small class="classfortooltip" title="'.dol_escape_htmltag($title).'" ><i class="fa fa-user-clock opacitymedium"></i> '.dol_print_date($user->datepreviouslogin, "dayhour", 'tzuser').'</small><br>';
2654  }
2655 
2656  //$btnUser .= '<small class="classfortooltip"><i class="fa fa-cog"></i> '.$langs->trans("Version").' '.$appli.'</small>';
2657  $btnUser .= '
2658  </p>
2659  </div>
2660 
2661  <!-- Menu Body user-->
2662  <div class="user-body">'.$dropdownBody.'</div>
2663 
2664  <!-- Menu Footer-->
2665  <div class="user-footer">
2666  <div class="pull-left">
2667  '.$profilLink.'
2668  </div>
2669  <div class="pull-left">
2670  '.$virtuelcardLink.'
2671  </div>
2672  <div class="pull-right">
2673  '.$logoutLink.'
2674  </div>
2675  <div class="clearboth"></div>
2676  </div>
2677 
2678  </div>
2679  </div>';
2680  } else {
2681  $btnUser = '<!-- div for user link text browser -->
2682  <div id="topmenu-login-dropdown" class="userimg atoplogin dropdown user user-menu inline-block">
2683  <a href="'.DOL_URL_ROOT.'/user/card.php?id='.$user->id.'" class="valignmiddle" alt="'.$langs->trans("MyUserCard").'">
2684  '.$userImage.(empty($user->photo) ? '<span class="hidden-xs maxwidth200 atoploginusername hideonsmartphone paddingleft small">'.dol_trunc($user->firstname ? $user->firstname : $user->login, 10).'</span>' : '').'
2685  </a>
2686  </div>';
2687  }
2688 
2689  if (!defined('JS_JQUERY_DISABLE_DROPDOWN') && !empty($conf->use_javascript_ajax)) { // This may be set by some pages that use different jquery version to avoid errors
2690  $btnUser .= '
2691  <!-- Code to show/hide the user drop-down -->
2692  <script>
2693  function closeTopMenuLoginDropdown() {
2694  //console.log("close login dropdown"); // This is call at each click on page, so we disable the log
2695  // Hide the menus.
2696  jQuery("#topmenu-login-dropdown").removeClass("open");
2697  }
2698  jQuery(document).ready(function() {
2699  jQuery(document).on("click", function(event) {
2700  // console.log("Click somewhere on screen");
2701  if (!$(event.target).closest("#topmenu-login-dropdown").length) {
2702  closeTopMenuLoginDropdown();
2703  }
2704  });
2705  ';
2706 
2707 
2708  //if ($conf->theme != 'md') {
2709  $btnUser .= '
2710  jQuery("#topmenu-login-dropdown .dropdown-toggle").on("click", function(event) {
2711  console.log("Click on #topmenu-login-dropdown .dropdown-toggle");
2712  event.preventDefault();
2713  jQuery("#topmenu-login-dropdown").toggleClass("open");
2714  });
2715 
2716  jQuery("#topmenulogincompanyinfo-btn").on("click", function() {
2717  console.log("Click on #topmenulogincompanyinfo-btn");
2718  jQuery("#topmenulogincompanyinfo").slideToggle();
2719  });
2720 
2721  jQuery("#topmenuloginmoreinfo-btn").on("click", function() {
2722  console.log("Click on #topmenuloginmoreinfo-btn");
2723  jQuery("#topmenuloginmoreinfo").slideToggle();
2724  });';
2725  //}
2726 
2727  $btnUser .= '
2728  });
2729  </script>
2730  ';
2731  }
2732 
2733  return $btnUser;
2734 }
2735 
2742 {
2743  global $conf, $langs;
2744 
2745  // Button disabled on text browser
2746  if (getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {
2747  return '';
2748  }
2749 
2750  $html = '';
2751 
2752  // accesskey is for Windows or Linux: ALT + key for chrome, ALT + SHIFT + KEY for firefox
2753  // accesskey is for Mac: CTRL + key for all browsers
2754  $stringforfirstkey = $langs->trans("KeyboardShortcut");
2755  if ($conf->browser->os === 'macintosh') {
2756  $stringforfirstkey .= ' CTL +';
2757  } else {
2758  if ($conf->browser->name == 'chrome') {
2759  $stringforfirstkey .= ' ALT +';
2760  } elseif ($conf->browser->name == 'firefox') {
2761  $stringforfirstkey .= ' ALT + SHIFT +';
2762  } else {
2763  $stringforfirstkey .= ' CTL +';
2764  }
2765  }
2766 
2767  if (!empty($conf->use_javascript_ajax)) {
2768  $html .= '<!-- div for quick add link -->
2769  <div id="topmenu-quickadd-dropdown" class="atoplogin dropdown inline-block">
2770  <a accesskey="a" class="dropdown-toggle login-dropdown-a nofocusvisible" data-toggle="dropdown" href="#" title="'.$langs->trans('QuickAdd').' ('.$stringforfirstkey.' a)"><i class="fa fa-plus-circle"></i></a>
2771  <div class="dropdown-menu">'.printDropdownQuickadd().'</div>
2772  </div>';
2773  if (!defined('JS_JQUERY_DISABLE_DROPDOWN')) { // This may be set by some pages that use different jquery version to avoid errors
2774  $html .= '
2775  <!-- Code to show/hide the user drop-down for the quick add -->
2776  <script>
2777  jQuery(document).ready(function() {
2778  jQuery(document).on("click", function(event) {
2779  if (!$(event.target).closest("#topmenu-quickadd-dropdown").length) {
2780  // Hide the menus.
2781  $("#topmenu-quickadd-dropdown").removeClass("open");
2782  }
2783  });
2784  $("#topmenu-quickadd-dropdown .dropdown-toggle").on("click", function(event) {
2785  console.log("Click on #topmenu-quickadd-dropdown .dropdown-toggle");
2786  openQuickAddDropDown(event);
2787  });
2788 
2789  // Key map shortcut
2790  $(document).keydown(function(event){
2791  var ostype = \''.dol_escape_js($conf->browser->os).'\';
2792  if (ostype === "macintosh") {
2793  if ( event.which === 65 && event.ctrlKey ) {
2794  console.log(\'control + a : trigger open quick add dropdown\');
2795  openQuickAddDropDown(event);
2796  }
2797  } else {
2798  if ( event.which === 65 && event.ctrlKey && event.shiftKey ) {
2799  console.log(\'control + shift + a : trigger open quick add dropdown\');
2800  openQuickAddDropDown(event);
2801  }
2802  }
2803  });
2804 
2805  var openQuickAddDropDown = function(event) {
2806  event.preventDefault();
2807  $("#topmenu-quickadd-dropdown").toggleClass("open");
2808  //$("#top-quickadd-search-input").focus();
2809  }
2810  });
2811  </script>
2812  ';
2813  }
2814  }
2815 
2816  return $html;
2817 }
2818 
2825 {
2826  global $user, $langs, $hookmanager;
2827 
2828  $items = array(
2829  'items' => array(
2830  array(
2831  "url" => "/adherents/card.php?action=create&amp;mainmenu=members",
2832  "title" => "MenuNewMember@members",
2833  "name" => "Adherent@members",
2834  "picto" => "object_member",
2835  "activation" => isModEnabled('member') && $user->hasRight("adherent", "write"), // vs hooking
2836  "position" => 5,
2837  ),
2838  array(
2839  "url" => "/societe/card.php?action=create&amp;mainmenu=companies",
2840  "title" => "MenuNewThirdParty@companies",
2841  "name" => "ThirdParty@companies",
2842  "picto" => "object_company",
2843  "activation" => isModEnabled("societe") && $user->hasRight("societe", "write"), // vs hooking
2844  "position" => 10,
2845  ),
2846  array(
2847  "url" => "/contact/card.php?action=create&amp;mainmenu=companies",
2848  "title" => "NewContactAddress@companies",
2849  "name" => "Contact@companies",
2850  "picto" => "object_contact",
2851  "activation" => isModEnabled("societe") && $user->hasRight("societe", "contact", "write"), // vs hooking
2852  "position" => 20,
2853  ),
2854  array(
2855  "url" => "/comm/propal/card.php?action=create&amp;mainmenu=commercial",
2856  "title" => "NewPropal@propal",
2857  "name" => "Proposal@propal",
2858  "picto" => "object_propal",
2859  "activation" => isModEnabled("propal") && $user->hasRight("propal", "write"), // vs hooking
2860  "position" => 30,
2861  ),
2862 
2863  array(
2864  "url" => "/commande/card.php?action=create&amp;mainmenu=commercial",
2865  "title" => "NewOrder@orders",
2866  "name" => "Order@orders",
2867  "picto" => "object_order",
2868  "activation" => isModEnabled('order') && $user->hasRight("commande", "write"), // vs hooking
2869  "position" => 40,
2870  ),
2871  array(
2872  "url" => "/compta/facture/card.php?action=create&amp;mainmenu=billing",
2873  "title" => "NewBill@bills",
2874  "name" => "Bill@bills",
2875  "picto" => "object_bill",
2876  "activation" => isModEnabled('invoice') && $user->hasRight("facture", "write"), // vs hooking
2877  "position" => 50,
2878  ),
2879  array(
2880  "url" => "/contrat/card.php?action=create&amp;mainmenu=commercial",
2881  "title" => "NewContractSubscription@contracts",
2882  "name" => "Contract@contracts",
2883  "picto" => "object_contract",
2884  "activation" => isModEnabled('contract') && $user->hasRight("contrat", "write"), // vs hooking
2885  "position" => 60,
2886  ),
2887  array(
2888  "url" => "/supplier_proposal/card.php?action=create&amp;mainmenu=commercial",
2889  "title" => "SupplierProposalNew@supplier_proposal",
2890  "name" => "SupplierProposal@supplier_proposal",
2891  "picto" => "supplier_proposal",
2892  "activation" => isModEnabled('supplier_proposal') && $user->hasRight("supplier_invoice", "write"), // vs hooking
2893  "position" => 70,
2894  ),
2895  array(
2896  "url" => "/fourn/commande/card.php?action=create&amp;mainmenu=commercial",
2897  "title" => "NewSupplierOrderShort@orders",
2898  "name" => "SupplierOrder@orders",
2899  "picto" => "supplier_order",
2900  "activation" => (isModEnabled("fournisseur") && !getDolGlobalString('MAIN_USE_NEW_SUPPLIERMOD') && $user->hasRight("fournisseur", "commande", "write")) || (isModEnabled("supplier_order") && $user->hasRight("supplier_invoice", "write")), // vs hooking
2901  "position" => 80,
2902  ),
2903  array(
2904  "url" => "/fourn/facture/card.php?action=create&amp;mainmenu=billing",
2905  "title" => "NewBill@bills",
2906  "name" => "SupplierBill@bills",
2907  "picto" => "supplier_invoice",
2908  "activation" => (isModEnabled("fournisseur") && !getDolGlobalString('MAIN_USE_NEW_SUPPLIERMOD') && $user->hasRight("fournisseur", "facture", "write")) || (isModEnabled("supplier_invoice") && $user->hasRight("supplier_invoice", "write")), // vs hooking
2909  "position" => 90,
2910  ),
2911  array(
2912  "url" => "/ticket/card.php?action=create&amp;mainmenu=ticket",
2913  "title" => "NewTicket@ticket",
2914  "name" => "Ticket@ticket",
2915  "picto" => "ticket",
2916  "activation" => isModEnabled('ticket') && $user->hasRight("ticket", "write"), // vs hooking
2917  "position" => 100,
2918  ),
2919  array(
2920  "url" => "/fichinter/card.php?action=create&mainmenu=commercial",
2921  "title" => "NewIntervention@interventions",
2922  "name" => "Intervention@interventions",
2923  "picto" => "intervention",
2924  "activation" => isModEnabled('intervention') && $user->hasRight("ficheinter", "creer"), // vs hooking
2925  "position" => 110,
2926  ),
2927  array(
2928  "url" => "/product/card.php?action=create&amp;type=0&amp;mainmenu=products",
2929  "title" => "NewProduct@products",
2930  "name" => "Product@products",
2931  "picto" => "object_product",
2932  "activation" => isModEnabled("product") && $user->hasRight("produit", "write"), // vs hooking
2933  "position" => 400,
2934  ),
2935  array(
2936  "url" => "/product/card.php?action=create&amp;type=1&amp;mainmenu=products",
2937  "title" => "NewService@products",
2938  "name" => "Service@products",
2939  "picto" => "object_service",
2940  "activation" => isModEnabled("service") && $user->hasRight("service", "write"), // vs hooking
2941  "position" => 410,
2942  ),
2943  array(
2944  "url" => "/user/card.php?action=create&amp;type=1&amp;mainmenu=home",
2945  "title" => "AddUser@users",
2946  "name" => "User@users",
2947  "picto" => "user",
2948  "activation" => $user->hasRight("user", "user", "write"), // vs hooking
2949  "position" => 500,
2950  ),
2951  ),
2952  );
2953 
2954  $dropDownQuickAddHtml = '';
2955 
2956  // Define $dropDownQuickAddHtml
2957  $dropDownQuickAddHtml .= '<div class="quickadd-body dropdown-body">';
2958  $dropDownQuickAddHtml .= '<div class="dropdown-quickadd-list">';
2959 
2960  // Allow the $items of the menu to be manipulated by modules
2961  $parameters = array();
2962  $hook_items = $items;
2963  $reshook = $hookmanager->executeHooks('menuDropdownQuickaddItems', $parameters, $hook_items); // Note that $action and $object may have been modified by some hooks
2964  if (is_numeric($reshook) && !empty($hookmanager->resArray) && is_array($hookmanager->resArray)) {
2965  if ($reshook == 0) {
2966  $items['items'] = array_merge($items['items'], $hookmanager->resArray); // add
2967  } else {
2968  $items = $hookmanager->resArray; // replace
2969  }
2970 
2971  // Sort menu items by 'position' value
2972  $position = array();
2973  foreach ($items['items'] as $key => $row) {
2974  $position[$key] = $row['position'];
2975  }
2976  $array1_sort_order = SORT_ASC;
2977  array_multisort($position, $array1_sort_order, $items['items']);
2978  }
2979 
2980  foreach ($items['items'] as $item) {
2981  if (!$item['activation']) {
2982  continue;
2983  }
2984  $langs->load(explode('@', $item['title'])[1]);
2985  $langs->load(explode('@', $item['name'])[1]);
2986  $dropDownQuickAddHtml .= '
2987  <a class="dropdown-item quickadd-item" href="'.DOL_URL_ROOT.$item['url'].'" title="'.$langs->trans(explode('@', $item['title'])[0]).'">
2988  '. img_picto('', $item['picto'], 'style="width:18px;"') . ' ' . $langs->trans(explode('@', $item['name'])[0]) . '</a>
2989  ';
2990  }
2991 
2992  $dropDownQuickAddHtml .= '</div>';
2993  $dropDownQuickAddHtml .= '</div>';
2994 
2995  return $dropDownQuickAddHtml;
2996 }
2997 
3004 {
3005  global $langs, $conf, $db, $user;
3006 
3007  $html = '';
3008 
3009  // Define $bookmarks
3010  if (!isModEnabled('bookmark') || !$user->hasRight('bookmark', 'lire')) {
3011  return $html;
3012  }
3013 
3014  // accesskey is for Windows or Linux: ALT + key for chrome, ALT + SHIFT + KEY for firefox
3015  // accesskey is for Mac: CTRL + key for all browsers
3016  $stringforfirstkey = $langs->trans("KeyboardShortcut");
3017  if ($conf->browser->os === 'macintosh') {
3018  $stringforfirstkey .= ' CTL +';
3019  } else {
3020  if ($conf->browser->name == 'chrome') {
3021  $stringforfirstkey .= ' ALT +';
3022  } elseif ($conf->browser->name == 'firefox') {
3023  $stringforfirstkey .= ' ALT + SHIFT +';
3024  } else {
3025  $stringforfirstkey .= ' CTL +';
3026  }
3027  }
3028 
3029  if (!defined('JS_JQUERY_DISABLE_DROPDOWN') && !empty($conf->use_javascript_ajax)) { // This may be set by some pages that use different jquery version to avoid errors
3030  include_once DOL_DOCUMENT_ROOT.'/bookmarks/bookmarks.lib.php';
3031  $langs->load("bookmarks");
3032 
3033  if (getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {
3034  $html .= '<div id="topmenu-bookmark-dropdown" class="dropdown inline-block">';
3035  $html .= printDropdownBookmarksList();
3036  $html .= '</div>';
3037  } else {
3038  $html .= '<!-- div for bookmark link -->
3039  <div id="topmenu-bookmark-dropdown" class="dropdown inline-block">
3040  <a accesskey="b" class="dropdown-toggle login-dropdown-a nofocusvisible" data-toggle="dropdown" href="#" title="'.$langs->trans('Bookmarks').' ('.$stringforfirstkey.' b)"><i class="fa fa-star"></i></a>
3041  <div class="dropdown-menu">
3043  </div>
3044  </div>';
3045 
3046  $html .= '
3047  <!-- Code to show/hide the bookmark drop-down -->
3048  <script>
3049  jQuery(document).ready(function() {
3050  jQuery(document).on("click", function(event) {
3051  if (!$(event.target).closest("#topmenu-bookmark-dropdown").length) {
3052  //console.log("close bookmark dropdown - we click outside");
3053  // Hide the menus.
3054  $("#topmenu-bookmark-dropdown").removeClass("open");
3055  }
3056  });
3057 
3058  jQuery("#topmenu-bookmark-dropdown .dropdown-toggle").on("click", function(event) {
3059  console.log("Click on #topmenu-bookmark-dropdown .dropdown-toggle");
3060  openBookMarkDropDown(event);
3061  });
3062 
3063  // Key map shortcut
3064  jQuery(document).keydown(function(event) {
3065  var ostype = \''.dol_escape_js($conf->browser->os).'\';
3066  if (ostype === "macintosh") {
3067  if ( event.which === 66 && event.ctrlKey ) {
3068  console.log("Click on control + b : trigger open bookmark dropdown");
3069  openBookMarkDropDown(event);
3070  }
3071  } else {
3072  if ( event.which === 66 && event.ctrlKey && event.shiftKey ) {
3073  console.log("Click on control + shift + b : trigger open bookmark dropdown");
3074  openBookMarkDropDown(event);
3075  }
3076  }
3077  });
3078 
3079  var openBookMarkDropDown = function(event) {
3080  event.preventDefault();
3081  jQuery("#topmenu-bookmark-dropdown").toggleClass("open");
3082  jQuery("#top-bookmark-search-input").focus();
3083  }
3084 
3085  });
3086  </script>
3087  ';
3088  }
3089  }
3090  return $html;
3091 }
3092 
3098 function top_menu_search()
3099 {
3100  global $langs, $conf, $db, $user, $hookmanager;
3101 
3102  $html = '';
3103 
3104  $usedbyinclude = 1;
3105  $arrayresult = array();
3106  include DOL_DOCUMENT_ROOT.'/core/ajax/selectsearchbox.php'; // This sets $arrayresult
3107 
3108  // accesskey is for Windows or Linux: ALT + key for chrome, ALT + SHIFT + KEY for firefox
3109  // accesskey is for Mac: CTRL + key for all browsers
3110  $stringforfirstkey = $langs->trans("KeyboardShortcut");
3111  if ($conf->browser->name == 'chrome') {
3112  $stringforfirstkey .= ' ALT +';
3113  } elseif ($conf->browser->name == 'firefox') {
3114  $stringforfirstkey .= ' ALT + SHIFT +';
3115  } else {
3116  $stringforfirstkey .= ' CTL +';
3117  }
3118 
3119  $searchInput = '<input type="search" name="search_all"'.($stringforfirstkey ? ' title="'.dol_escape_htmltag($stringforfirstkey.' s').'"' : '').' id="top-global-search-input" class="dropdown-search-input search_component_input" placeholder="'.$langs->trans('Search').'" autocomplete="off">';
3120 
3121  $defaultAction = '';
3122  $buttonList = '<div class="dropdown-global-search-button-list" >';
3123  // Menu with all searchable items
3124  foreach ($arrayresult as $keyItem => $item) {
3125  if (empty($defaultAction)) {
3126  $defaultAction = $item['url'];
3127  }
3128  $buttonList .= '<button class="dropdown-item global-search-item tdoverflowmax300" data-target="'.dol_escape_htmltag($item['url']).'" >';
3129  $buttonList .= $item['text'];
3130  $buttonList .= '</button>';
3131  }
3132  $buttonList .= '</div>';
3133 
3134  $dropDownHtml = '<form role="search" id="top-menu-action-search" name="actionsearch" method="GET" action="'.$defaultAction.'">';
3135 
3136  $dropDownHtml .= '
3137  <!-- search input -->
3138  <div class="dropdown-header search-dropdown-header">
3139  ' . $searchInput.'
3140  </div>
3141  ';
3142 
3143  $dropDownHtml .= '
3144  <!-- Menu Body search -->
3145  <div class="dropdown-body search-dropdown-body">
3146  '.$buttonList.'
3147  </div>
3148  ';
3149 
3150  $dropDownHtml .= '</form>';
3151 
3152  // accesskey is for Windows or Linux: ALT + key for chrome, ALT + SHIFT + KEY for firefox
3153  // accesskey is for Mac: CTRL + key for all browsers
3154  $stringforfirstkey = $langs->trans("KeyboardShortcut");
3155  if ($conf->browser->name == 'chrome') {
3156  $stringforfirstkey .= ' ALT +';
3157  } elseif ($conf->browser->name == 'firefox') {
3158  $stringforfirstkey .= ' ALT + SHIFT +';
3159  } else {
3160  $stringforfirstkey .= ' CTL +';
3161  }
3162 
3163  $html .= '<!-- div for Global Search -->
3164  <div id="topmenu-global-search-dropdown" class="atoplogin dropdown inline-block">
3165  <a accesskey="s" class="dropdown-toggle login-dropdown-a nofocusvisible" data-toggle="dropdown" href="#" title="'.$langs->trans('Search').' ('.$stringforfirstkey.' s)">
3166  <i class="fa fa-search" aria-hidden="true" ></i>
3167  </a>
3168  <div class="dropdown-menu dropdown-search">
3169  '.$dropDownHtml.'
3170  </div>
3171  </div>';
3172 
3173  $html .= '
3174  <!-- Code to show/hide the user drop-down -->
3175  <script>
3176  jQuery(document).ready(function() {
3177 
3178  // prevent submitting form on press ENTER
3179  jQuery("#top-global-search-input").keydown(function (e) {
3180  if (e.keyCode == 13 || e.keyCode == 40) {
3181  var inputs = $(this).parents("form").eq(0).find(":button");
3182  if (inputs[inputs.index(this) + 1] != null) {
3183  inputs[inputs.index(this) + 1].focus();
3184  if (e.keyCode == 13){
3185  inputs[inputs.index(this) + 1].trigger("click");
3186  }
3187 
3188  }
3189  e.preventDefault();
3190  return false;
3191  }
3192  });
3193 
3194  // arrow key nav
3195  jQuery(document).keydown(function(e) {
3196  // Get the focused element:
3197  var $focused = $(":focus");
3198  if($focused.length && $focused.hasClass("global-search-item")){
3199 
3200  // UP - move to the previous line
3201  if (e.keyCode == 38) {
3202  e.preventDefault();
3203  $focused.prev().focus();
3204  }
3205 
3206  // DOWN - move to the next line
3207  if (e.keyCode == 40) {
3208  e.preventDefault();
3209  $focused.next().focus();
3210  }
3211  }
3212  });
3213 
3214 
3215  // submit form action
3216  jQuery(".dropdown-global-search-button-list .global-search-item").on("click", function(event) {
3217  jQuery("#top-menu-action-search").attr("action", $(this).data("target"));
3218  jQuery("#top-menu-action-search").submit();
3219  });
3220 
3221  // close drop down
3222  jQuery(document).on("click", function(event) {
3223  if (!$(event.target).closest("#topmenu-global-search-dropdown").length) {
3224  console.log("click close search - we click outside");
3225  // Hide the menus.
3226  jQuery("#topmenu-global-search-dropdown").removeClass("open");
3227  }
3228  });
3229 
3230  // Open drop down
3231  jQuery("#topmenu-global-search-dropdown .dropdown-toggle").on("click", function(event) {
3232  console.log("click on toggle #topmenu-global-search-dropdown .dropdown-toggle");
3233  openGlobalSearchDropDown();
3234  });
3235 
3236  // Key map shortcut
3237  jQuery(document).keydown(function(e){
3238  if ( e.which === 70 && e.ctrlKey && e.shiftKey ) {
3239  console.log(\'control + shift + f : trigger open global-search dropdown\');
3240  openGlobalSearchDropDown();
3241  }
3242  if ( e.which === 70 && e.alKey ) {
3243  console.log(\'alt + f : trigger open global-search dropdown\');
3244  openGlobalSearchDropDown();
3245  }
3246  });
3247 
3248  var openGlobalSearchDropDown = function() {
3249  jQuery("#topmenu-global-search-dropdown").toggleClass("open");
3250  jQuery("#top-global-search-input").focus();
3251  }
3252 
3253  });
3254  </script>
3255  ';
3256 
3257  return $html;
3258 }
3259 
3274 function left_menu($menu_array_before, $helppagename = '', $notused = '', $menu_array_after = array(), $leftmenuwithoutmainarea = 0, $title = '', $acceptdelayedhtml = 0)
3275 {
3276  global $user, $conf, $langs, $db, $form;
3277  global $hookmanager, $menumanager;
3278 
3279  $searchform = '';
3280 
3281  if (!empty($menu_array_before)) {
3282  dol_syslog("Deprecated parameter menu_array_before was used when calling main::left_menu function. Menu entries of module should now be defined into module descriptor and not provided when calling left_menu.", LOG_WARNING);
3283  }
3284 
3285  if (empty($conf->dol_hide_leftmenu) && (!defined('NOREQUIREMENU') || !constant('NOREQUIREMENU'))) {
3286  // Instantiate hooks for external modules
3287  $hookmanager->initHooks(array('leftblock'));
3288 
3289  print "\n".'<!-- Begin side-nav id-left -->'."\n".'<div class="side-nav"><div id="id-left">'."\n";
3290  print "\n";
3291 
3292  if (!is_object($form)) {
3293  $form = new Form($db);
3294  }
3295  $selected = -1;
3296  if (!getDolGlobalString('MAIN_USE_TOP_MENU_SEARCH_DROPDOWN')) {
3297  // Select with select2 is awful on smartphone. TODO Is this still true with select2 v4 ?
3298  if ($conf->browser->layout == 'phone') {
3299  $conf->global->MAIN_USE_OLD_SEARCH_FORM = 1;
3300  }
3301 
3302  $usedbyinclude = 1;
3303  $arrayresult = array();
3304  include DOL_DOCUMENT_ROOT.'/core/ajax/selectsearchbox.php'; // This make initHooks('searchform') then set $arrayresult
3305 
3306  if ($conf->use_javascript_ajax && !getDolGlobalString('MAIN_USE_OLD_SEARCH_FORM')) {
3307  // accesskey is for Windows or Linux: ALT + key for chrome, ALT + SHIFT + KEY for firefox
3308  // accesskey is for Mac: CTRL + key for all browsers
3309  $stringforfirstkey = $langs->trans("KeyboardShortcut");
3310  if ($conf->browser->name == 'chrome') {
3311  $stringforfirstkey .= ' ALT +';
3312  } elseif ($conf->browser->name == 'firefox') {
3313  $stringforfirstkey .= ' ALT + SHIFT +';
3314  } else {
3315  $stringforfirstkey .= ' CTL +';
3316  }
3317 
3318  //$textsearch = $langs->trans("Search");
3319  $textsearch = '<span class="fa fa-search paddingright pictofixedwidth"></span>'.$langs->trans("Search");
3320  $searchform .= $form->selectArrayFilter('searchselectcombo', $arrayresult, $selected, 'accesskey="s"', 1, 0, (!getDolGlobalString('MAIN_SEARCHBOX_CONTENT_LOADED_BEFORE_KEY') ? 1 : 0), 'vmenusearchselectcombo', 1, $textsearch, 1, $stringforfirstkey.' s');
3321  } else {
3322  if (is_array($arrayresult)) {
3323  foreach ($arrayresult as $key => $val) {
3324  $searchform .= printSearchForm($val['url'], $val['url'], $val['label'], 'maxwidth125', 'search_all', (empty($val['shortcut']) ? '' : $val['shortcut']), 'searchleft'.$key, $val['img']);
3325  }
3326  }
3327  }
3328 
3329  // Execute hook printSearchForm
3330  $parameters = array('searchform' => $searchform);
3331  $reshook = $hookmanager->executeHooks('printSearchForm', $parameters); // Note that $action and $object may have been modified by some hooks
3332  if (empty($reshook)) {
3333  $searchform .= $hookmanager->resPrint;
3334  } else {
3335  $searchform = $hookmanager->resPrint;
3336  }
3337 
3338  // Force special value for $searchform for text browsers or very old search form
3339  if (getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER') || empty($conf->use_javascript_ajax)) {
3340  $urltosearch = DOL_URL_ROOT.'/core/search_page.php?showtitlebefore=1';
3341  $searchform = '<div class="blockvmenuimpair blockvmenusearchphone"><div id="divsearchforms1"><a href="'.$urltosearch.'" accesskey="s" alt="'.dol_escape_htmltag($langs->trans("ShowSearchFields")).'">'.$langs->trans("Search").'...</a></div></div>';
3342  } elseif ($conf->use_javascript_ajax && getDolGlobalString('MAIN_USE_OLD_SEARCH_FORM')) {
3343  $searchform = '<div class="blockvmenuimpair blockvmenusearchphone"><div id="divsearchforms1"><a href="#" alt="'.dol_escape_htmltag($langs->trans("ShowSearchFields")).'">'.$langs->trans("Search").'...</a></div><div id="divsearchforms2" style="display: none">'.$searchform.'</div>';
3344  $searchform .= '<script>
3345  jQuery(document).ready(function () {
3346  jQuery("#divsearchforms1").click(function(){
3347  jQuery("#divsearchforms2").toggle();
3348  });
3349  });
3350  </script>' . "\n";
3351  $searchform .= '</div>';
3352  }
3353 
3354  // Key map shortcut
3355  $searchform .= '<script>
3356  jQuery(document).keydown(function(e){
3357  if( e.which === 70 && e.ctrlKey && e.shiftKey ){
3358  console.log(\'control + shift + f : trigger open global-search dropdown\');
3359  openGlobalSearchDropDown();
3360  }
3361  if( (e.which === 83 || e.which === 115) && e.altKey ){
3362  console.log(\'alt + s : trigger open global-search dropdown\');
3363  openGlobalSearchDropDown();
3364  }
3365  });
3366 
3367  var openGlobalSearchDropDown = function() {
3368  jQuery("#searchselectcombo").select2(\'open\');
3369  }
3370  </script>';
3371  }
3372 
3373  // Left column
3374  print '<!-- Begin left menu -->'."\n";
3375 
3376  print '<div class="vmenu"'.(getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER') ? ' alt="Left menu"' : '').'>'."\n\n";
3377 
3378  // Show left menu with other forms
3379  $menumanager->menu_array = $menu_array_before;
3380  $menumanager->menu_array_after = $menu_array_after;
3381  $menumanager->showmenu('left', array('searchform' => $searchform)); // output menu_array and menu found in database
3382 
3383  // Dolibarr version + help + bug report link
3384  print "\n";
3385  print "<!-- Begin Help Block-->\n";
3386  print '<div id="blockvmenuhelp" class="blockvmenuhelp">'."\n";
3387 
3388  // Version
3389  if (getDolGlobalString('MAIN_SHOW_VERSION')) { // Version is already on help picto and on login page.
3390  $doliurl = 'https://www.dolibarr.org';
3391  //local communities
3392  if (preg_match('/fr/i', $langs->defaultlang)) {
3393  $doliurl = 'https://www.dolibarr.fr';
3394  }
3395  if (preg_match('/es/i', $langs->defaultlang)) {
3396  $doliurl = 'https://www.dolibarr.es';
3397  }
3398  if (preg_match('/de/i', $langs->defaultlang)) {
3399  $doliurl = 'https://www.dolibarr.de';
3400  }
3401  if (preg_match('/it/i', $langs->defaultlang)) {
3402  $doliurl = 'https://www.dolibarr.it';
3403  }
3404  if (preg_match('/gr/i', $langs->defaultlang)) {
3405  $doliurl = 'https://www.dolibarr.gr';
3406  }
3407 
3408  $appli = constant('DOL_APPLICATION_TITLE');
3409  if (getDolGlobalString('MAIN_APPLICATION_TITLE')) {
3410  $appli = getDolGlobalString('MAIN_APPLICATION_TITLE');
3411  $doliurl = '';
3412  if (preg_match('/\d\.\d/', $appli)) {
3413  if (!preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) {
3414  $appli .= " (".DOL_VERSION.")"; // If new title contains a version that is different than core
3415  }
3416  } else {
3417  $appli .= " ".DOL_VERSION;
3418  }
3419  } else {
3420  $appli .= " ".DOL_VERSION;
3421  }
3422  print '<div id="blockvmenuhelpapp" class="blockvmenuhelp">';
3423  if ($doliurl) {
3424  print '<a class="help" target="_blank" rel="noopener noreferrer" href="'.$doliurl.'">';
3425  } else {
3426  print '<span class="help">';
3427  }
3428  print $appli;
3429  if ($doliurl) {
3430  print '</a>';
3431  } else {
3432  print '</span>';
3433  }
3434  print '</div>'."\n";
3435  }
3436 
3437  // Link to bugtrack
3438  if (getDolGlobalString('MAIN_BUGTRACK_ENABLELINK')) {
3439  require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
3440 
3441  if (getDolGlobalString('MAIN_BUGTRACK_ENABLELINK') == 'github') {
3442  $bugbaseurl = 'https://github.com/Dolibarr/dolibarr/issues/new?labels=Bug';
3443  $bugbaseurl .= '&title=';
3444  $bugbaseurl .= urlencode("Bug: ");
3445  $bugbaseurl .= '&body=';
3446  $bugbaseurl .= urlencode("# Instructions\n");
3447  $bugbaseurl .= urlencode("*This is a template to help you report good issues. You may use [Github Markdown](https://help.github.com/articles/getting-started-with-writing-and-formatting-on-github/) syntax to format your issue report.*\n");
3448  $bugbaseurl .= urlencode("*Please:*\n");
3449  $bugbaseurl .= urlencode("- *replace the bracket enclosed texts with meaningful information*\n");
3450  $bugbaseurl .= urlencode("- *remove any unused sub-section*\n");
3451  $bugbaseurl .= urlencode("\n");
3452  $bugbaseurl .= urlencode("\n");
3453  $bugbaseurl .= urlencode("# Bug\n");
3454  $bugbaseurl .= urlencode("[*Short description*]\n");
3455  $bugbaseurl .= urlencode("\n");
3456  $bugbaseurl .= urlencode("## Environment\n");
3457  $bugbaseurl .= urlencode("- **Version**: ".DOL_VERSION."\n");
3458  $bugbaseurl .= urlencode("- **OS**: ".php_uname('s')."\n");
3459  $bugbaseurl .= urlencode("- **Web server**: ".$_SERVER["SERVER_SOFTWARE"]."\n");
3460  $bugbaseurl .= urlencode("- **PHP**: ".php_sapi_name().' '.phpversion()."\n");
3461  $bugbaseurl .= urlencode("- **Database**: ".$db::LABEL.' '.$db->getVersion()."\n");
3462  $bugbaseurl .= urlencode("- **URL(s)**: ".$_SERVER["REQUEST_URI"]."\n");
3463  $bugbaseurl .= urlencode("\n");
3464  $bugbaseurl .= urlencode("## Expected and actual behavior\n");
3465  $bugbaseurl .= urlencode("[*Verbose description*]\n");
3466  $bugbaseurl .= urlencode("\n");
3467  $bugbaseurl .= urlencode("## Steps to reproduce the behavior\n");
3468  $bugbaseurl .= urlencode("[*Verbose description*]\n");
3469  $bugbaseurl .= urlencode("\n");
3470  $bugbaseurl .= urlencode("## [Attached files](https://help.github.com/articles/issue-attachments) (Screenshots, screencasts, dolibarr.log, debugging information…)\n");
3471  $bugbaseurl .= urlencode("[*Files*]\n");
3472  $bugbaseurl .= urlencode("\n");
3473 
3474  $bugbaseurl .= urlencode("\n");
3475  $bugbaseurl .= urlencode("## Report\n");
3476  } elseif (getDolGlobalString('MAIN_BUGTRACK_ENABLELINK')) {
3477  $bugbaseurl = getDolGlobalString('MAIN_BUGTRACK_ENABLELINK');
3478  } else {
3479  $bugbaseurl = "";
3480  }
3481 
3482  // Execute hook printBugtrackInfo
3483  $parameters = array('bugbaseurl' => $bugbaseurl);
3484  $reshook = $hookmanager->executeHooks('printBugtrackInfo', $parameters); // Note that $action and $object may have been modified by some hooks
3485  if (empty($reshook)) {
3486  $bugbaseurl .= $hookmanager->resPrint;
3487  } else {
3488  $bugbaseurl = $hookmanager->resPrint;
3489  }
3490 
3491  print '<div id="blockvmenuhelpbugreport" class="blockvmenuhelp">';
3492  print '<a class="help" target="_blank" rel="noopener noreferrer" href="'.$bugbaseurl.'"><i class="fas fa-bug"></i> '.$langs->trans("FindBug").'</a>';
3493  print '</div>';
3494  }
3495 
3496  print "</div>\n";
3497  print "<!-- End Help Block-->\n";
3498  print "\n";
3499 
3500  print "</div>\n";
3501  print "<!-- End left menu -->\n";
3502  print "\n";
3503 
3504  // Execute hook printLeftBlock
3505  $parameters = array();
3506  $reshook = $hookmanager->executeHooks('printLeftBlock', $parameters); // Note that $action and $object may have been modified by some hooks
3507  print $hookmanager->resPrint;
3508 
3509  print '</div></div> <!-- End side-nav id-left -->'; // End div id="side-nav" div id="id-left"
3510  }
3511 
3512  print "\n";
3513  print '<!-- Begin right area -->'."\n";
3514 
3515  if (empty($leftmenuwithoutmainarea)) {
3516  main_area($title);
3517  }
3518 }
3519 
3520 
3527 function main_area($title = '')
3528 {
3529  global $conf, $langs, $hookmanager;
3530 
3531  if (empty($conf->dol_hide_leftmenu) && !GETPOST('dol_openinpopup')) {
3532  print '<div id="id-right">';
3533  }
3534 
3535  print "\n";
3536 
3537  print '<!-- Begin div class="fiche" -->'."\n".'<div class="fiche">'."\n";
3538 
3539  $hookmanager->initHooks(array('main'));
3540  $parameters = array();
3541  $reshook = $hookmanager->executeHooks('printMainArea', $parameters); // Note that $action and $object may have been modified by some hooks
3542  print $hookmanager->resPrint;
3543 
3544  if (getDolGlobalString('MAIN_ONLY_LOGIN_ALLOWED')) {
3545  print info_admin($langs->trans("WarningYouAreInMaintenanceMode", getDolGlobalString('MAIN_ONLY_LOGIN_ALLOWED')), 0, 0, 1, 'warning maintenancemode');
3546  }
3547 
3548  // Permit to add user company information on each printed document by setting SHOW_SOCINFO_ON_PRINT
3549  if (getDolGlobalString('SHOW_SOCINFO_ON_PRINT') && GETPOST('optioncss', 'aZ09') == 'print' && empty(GETPOST('disable_show_socinfo_on_print', 'aZ09'))) {
3550  $parameters = array();
3551  $reshook = $hookmanager->executeHooks('showSocinfoOnPrint', $parameters);
3552  if (empty($reshook)) {
3553  print '<!-- Begin show mysoc info header -->'."\n";
3554  print '<div id="mysoc-info-header">'."\n";
3555  print '<table class="centpercent div-table-responsive">'."\n";
3556  print '<tbody>';
3557  print '<tr><td rowspan="0" class="width20p">';
3558  if (getDolGlobalString('MAIN_SHOW_LOGO') && !getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER') && getDolGlobalString('MAIN_INFO_SOCIETE_LOGO')) {
3559  print '<img id="mysoc-info-header-logo" style="max-width:100%" alt="" src="'.DOL_URL_ROOT.'/viewimage.php?cache=1&modulepart=mycompany&file='.urlencode('logos/'.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SOCIETE_LOGO'))).'">';
3560  }
3561  print '</td><td rowspan="0" class="width50p"></td></tr>'."\n";
3562  print '<tr><td class="titre bold">'.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SOCIETE_NOM')).'</td></tr>'."\n";
3563  print '<tr><td>'.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SOCIETE_ADDRESS')).'<br>'.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SOCIETE_ZIP')).' '.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SOCIETE_TOWN')).'</td></tr>'."\n";
3564  if (getDolGlobalString('MAIN_INFO_SOCIETE_TEL')) {
3565  print '<tr><td style="padding-left: 1em" class="small">'.$langs->trans("Phone").' : '.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SOCIETE_TEL')).'</td></tr>';
3566  }
3567  if (getDolGlobalString('MAIN_INFO_SOCIETE_MAIL')) {
3568  print '<tr><td style="padding-left: 1em" class="small">'.$langs->trans("Email").' : '.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SOCIETE_MAIL')).'</td></tr>';
3569  }
3570  if (getDolGlobalString('MAIN_INFO_SOCIETE_WEB')) {
3571  print '<tr><td style="padding-left: 1em" class="small">'.$langs->trans("Web").' : '.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SOCIETE_WEB')).'</td></tr>';
3572  }
3573  print '</tbody>';
3574  print '</table>'."\n";
3575  print '</div>'."\n";
3576  print '<!-- End show mysoc info header -->'."\n";
3577  }
3578  }
3579 }
3580 
3581 
3589 function getHelpParamFor($helppagename, $langs)
3590 {
3591  $helpbaseurl = '';
3592  $helppage = '';
3593  $mode = '';
3594 
3595  if (preg_match('/^http/i', $helppagename)) {
3596  // If complete URL
3597  $helpbaseurl = '%s';
3598  $helppage = $helppagename;
3599  $mode = 'local';
3600  } else {
3601  // If WIKI URL
3602  $reg = array();
3603  if (preg_match('/^es/i', $langs->defaultlang)) {
3604  $helpbaseurl = 'http://wiki.dolibarr.org/index.php/%s';
3605  if (preg_match('/ES:([^|]+)/i', $helppagename, $reg)) {
3606  $helppage = $reg[1];
3607  }
3608  }
3609  if (preg_match('/^fr/i', $langs->defaultlang)) {
3610  $helpbaseurl = 'http://wiki.dolibarr.org/index.php/%s';
3611  if (preg_match('/FR:([^|]+)/i', $helppagename, $reg)) {
3612  $helppage = $reg[1];
3613  }
3614  }
3615  if (preg_match('/^de/i', $langs->defaultlang)) {
3616  $helpbaseurl = 'http://wiki.dolibarr.org/index.php/%s';
3617  if (preg_match('/DE:([^|]+)/i', $helppagename, $reg)) {
3618  $helppage = $reg[1];
3619  }
3620  }
3621  if (empty($helppage)) { // If help page not already found
3622  $helpbaseurl = 'http://wiki.dolibarr.org/index.php/%s';
3623  if (preg_match('/EN:([^|]+)/i', $helppagename, $reg)) {
3624  $helppage = $reg[1];
3625  }
3626  }
3627  $mode = 'wiki';
3628  }
3629  return array('helpbaseurl' => $helpbaseurl, 'helppage' => $helppage, 'mode' => $mode);
3630 }
3631 
3632 
3649 function printSearchForm($urlaction, $urlobject, $title, $htmlmorecss, $htmlinputname, $accesskey = '', $prefhtmlinputname = '', $img = '', $showtitlebefore = 0, $autofocus = 0)
3650 {
3651  global $langs, $user;
3652 
3653  $ret = '';
3654  $ret .= '<form action="'.$urlaction.'" method="post" class="searchform nowraponall tagtr">';
3655  $ret .= '<input type="hidden" name="token" value="'.newToken().'">';
3656  $ret .= '<input type="hidden" name="savelogin" value="'.dol_escape_htmltag($user->login).'">';
3657  if ($showtitlebefore) {
3658  $ret .= '<div class="tagtd left">'.$title.'</div> ';
3659  }
3660  $ret .= '<div class="tagtd">';
3661  $ret .= img_picto('', $img, '', false, 0, 0, '', 'paddingright width20');
3662  $ret .= '<input type="text" class="flat '.$htmlmorecss.'"';
3663  $ret .= ' style="background-repeat: no-repeat; background-position: 3px;"';
3664  $ret .= ($accesskey ? ' accesskey="'.$accesskey.'"' : '');
3665  $ret .= ' placeholder="'.strip_tags($title).'"';
3666  $ret .= ($autofocus ? ' autofocus' : '');
3667  $ret .= ' name="'.$htmlinputname.'" id="'.$prefhtmlinputname.$htmlinputname.'" />';
3668  $ret .= '<button type="submit" class="button bordertransp" style="padding-top: 4px; padding-bottom: 4px; padding-left: 6px; padding-right: 6px">';
3669  $ret .= '<span class="fa fa-search"></span>';
3670  $ret .= '</button>';
3671  $ret .= '</div>';
3672  $ret .= "</form>\n";
3673  return $ret;
3674 }
3675 
3676 
3677 if (!function_exists("llxFooter")) {
3688  function llxFooter($comment = '', $zone = 'private', $disabledoutputofmessages = 0)
3689  {
3690  global $conf, $db, $langs, $user, $mysoc, $object, $hookmanager, $action;
3691  global $delayedhtmlcontent;
3692  global $contextpage, $page, $limit, $mode;
3693  global $dolibarr_distrib;
3694 
3695  $ext = 'layout='.urlencode($conf->browser->layout).'&version='.urlencode(DOL_VERSION);
3696 
3697  // Hook to add more things on all pages within fiche DIV
3698  $llxfooter = '';
3699  $parameters = array();
3700  $reshook = $hookmanager->executeHooks('llxFooter', $parameters, $object, $action); // Note that $action and $object may have been modified by hook
3701  if (empty($reshook)) {
3702  $llxfooter .= $hookmanager->resPrint;
3703  } elseif ($reshook > 0) {
3704  $llxfooter = $hookmanager->resPrint;
3705  }
3706  if ($llxfooter) {
3707  print $llxfooter;
3708  }
3709 
3710  // Global html output events ($mesgs, $errors, $warnings)
3711  dol_htmloutput_events($disabledoutputofmessages);
3712 
3713  // Code for search criteria persistence.
3714  // $user->lastsearch_values was set by the GETPOST when form field search_xxx exists
3715  if (is_object($user) && !empty($user->lastsearch_values_tmp) && is_array($user->lastsearch_values_tmp)) {
3716  // Clean and save data
3717  foreach ($user->lastsearch_values_tmp as $key => $val) {
3718  unset($_SESSION['lastsearch_values_tmp_'.$key]); // Clean array to rebuild it just after
3719  if (count($val) && empty($_POST['button_removefilter']) && empty($_POST['button_removefilter_x'])) {
3720  if (empty($val['sortfield'])) {
3721  unset($val['sortfield']);
3722  }
3723  if (empty($val['sortorder'])) {
3724  unset($val['sortorder']);
3725  }
3726  dol_syslog('Save lastsearch_values_tmp_'.$key.'='.json_encode($val, 0)." (systematic recording of last search criteria)");
3727  $_SESSION['lastsearch_values_tmp_'.$key] = json_encode($val);
3728  unset($_SESSION['lastsearch_values_'.$key]);
3729  }
3730  }
3731  }
3732 
3733 
3734  $relativepathstring = $_SERVER["PHP_SELF"];
3735  // Clean $relativepathstring
3736  if (constant('DOL_URL_ROOT')) {
3737  $relativepathstring = preg_replace('/^'.preg_quote(constant('DOL_URL_ROOT'), '/').'/', '', $relativepathstring);
3738  }
3739  $relativepathstring = preg_replace('/^\//', '', $relativepathstring);
3740  $relativepathstring = preg_replace('/^custom\//', '', $relativepathstring);
3741  if (preg_match('/list\.php$/', $relativepathstring)) {
3742  unset($_SESSION['lastsearch_contextpage_tmp_'.$relativepathstring]);
3743  unset($_SESSION['lastsearch_page_tmp_'.$relativepathstring]);
3744  unset($_SESSION['lastsearch_limit_tmp_'.$relativepathstring]);
3745  unset($_SESSION['lastsearch_mode_tmp_'.$relativepathstring]);
3746 
3747  if (!empty($contextpage)) {
3748  $_SESSION['lastsearch_contextpage_tmp_'.$relativepathstring] = $contextpage;
3749  }
3750  if (!empty($page) && $page > 0) {
3751  $_SESSION['lastsearch_page_tmp_'.$relativepathstring] = $page;
3752  }
3753  if (!empty($limit) && $limit != $conf->liste_limit) {
3754  $_SESSION['lastsearch_limit_tmp_'.$relativepathstring] = $limit;
3755  }
3756  if (!empty($mode)) {
3757  $_SESSION['lastsearch_mode_tmp_'.$relativepathstring] = $mode;
3758  }
3759 
3760  unset($_SESSION['lastsearch_contextpage_'.$relativepathstring]);
3761  unset($_SESSION['lastsearch_page_'.$relativepathstring]);
3762  unset($_SESSION['lastsearch_limit_'.$relativepathstring]);
3763  unset($_SESSION['lastsearch_mode_'.$relativepathstring]);
3764  }
3765 
3766  // Core error message
3767  if (getDolGlobalString('MAIN_CORE_ERROR')) {
3768  // Ajax version
3769  if ($conf->use_javascript_ajax) {
3770  $title = img_warning().' '.$langs->trans('CoreErrorTitle');
3771  print ajax_dialog($title, $langs->trans('CoreErrorMessage'));
3772  } else {
3773  // html version
3774  $msg = img_warning().' '.$langs->trans('CoreErrorMessage');
3775  print '<div class="error">'.$msg.'</div>';
3776  }
3777 
3778  //define("MAIN_CORE_ERROR",0); // Constant was defined and we can't change value of a constant
3779  }
3780 
3781  print "\n\n";
3782 
3783  print '</div> <!-- End div class="fiche" -->'."\n"; // End div fiche
3784 
3785  if (empty($conf->dol_hide_leftmenu) && !GETPOST('dol_openinpopup')) {
3786  print '</div> <!-- End div id-right -->'."\n"; // End div id-right
3787  }
3788 
3789  if (empty($conf->dol_hide_leftmenu) && empty($conf->dol_use_jmobile)) {
3790  print '</div> <!-- End div id-container -->'."\n"; // End div container
3791  }
3792 
3793  print "\n";
3794  if ($comment) {
3795  print '<!-- '.$comment.' -->'."\n";
3796  }
3797 
3798  printCommonFooter($zone);
3799 
3800  if (!empty($delayedhtmlcontent)) {
3801  print $delayedhtmlcontent;
3802  }
3803 
3804  if (!empty($conf->use_javascript_ajax)) {
3805  print "\n".'<!-- Includes JS Footer of Dolibarr -->'."\n";
3806  print '<script src="'.DOL_URL_ROOT.'/core/js/lib_foot.js.php?lang='.$langs->defaultlang.($ext ? '&'.$ext : '').'"></script>'."\n";
3807  }
3808 
3809  // Wrapper to add log when clicking on download or preview
3810  if (isModEnabled('blockedlog') && is_object($object) && !empty($object->id) && $object->id > 0) {
3811  if (in_array($object->element, array('facture')) && $object->statut > 0) { // Restrict for the moment to element 'facture'
3812  print "\n<!-- JS CODE TO ENABLE log when making a download or a preview of a document -->\n";
3813  ?>
3814  <script>
3815  jQuery(document).ready(function () {
3816  $('a.documentpreview').click(function() {
3817  console.log("Call /blockedlog/ajax/block-add on a.documentpreview");
3818  $.post('<?php echo DOL_URL_ROOT."/blockedlog/ajax/block-add.php" ?>'
3819  , {
3820  id:<?php echo $object->id; ?>
3821  , element:'<?php echo dol_escape_js($object->element) ?>'
3822  , action:'DOC_PREVIEW'
3823  , token: '<?php echo currentToken(); ?>'
3824  }
3825  );
3826  });
3827  $('a.documentdownload').click(function() {
3828  console.log("Call /blockedlog/ajax/block-add a.documentdownload");
3829  $.post('<?php echo DOL_URL_ROOT."/blockedlog/ajax/block-add.php" ?>'
3830  , {
3831  id:<?php echo $object->id; ?>
3832  , element:'<?php echo dol_escape_js($object->element) ?>'
3833  , action:'DOC_DOWNLOAD'
3834  , token: '<?php echo currentToken(); ?>'
3835  }
3836  );
3837  });
3838  });
3839  </script>
3840  <?php
3841  }
3842  }
3843 
3844  // A div for the address popup
3845  print "\n<!-- A div to allow dialog popup by jQuery('#dialogforpopup').dialog() -->\n";
3846  print '<div id="dialogforpopup" style="display: none;"></div>'."\n";
3847 
3848  // Add code for the asynchronous anonymous first ping (for telemetry)
3849  // You can use &forceping=1 in parameters to force the ping if the ping was already sent.
3850  $forceping = GETPOST('forceping', 'alpha');
3851  if (($_SERVER["PHP_SELF"] == DOL_URL_ROOT.'/index.php') || $forceping) {
3852  //print '<!-- instance_unique_id='.$conf->file->instance_unique_id.' MAIN_FIRST_PING_OK_ID='.$conf->global->MAIN_FIRST_PING_OK_ID.' -->';
3853  $hash_unique_id = dol_hash('dolibarr'.$conf->file->instance_unique_id, 'sha256'); // Note: if the global salt changes, this hash changes too so ping may be counted twice. We don't mind. It is for statistics purpose only.
3854 
3855  if (!getDolGlobalString('MAIN_FIRST_PING_OK_DATE')
3856  || (!empty($conf->file->instance_unique_id) && ($hash_unique_id != $conf->global->MAIN_FIRST_PING_OK_ID) && (getDolGlobalString('MAIN_FIRST_PING_OK_ID') != 'disabled'))
3857  || $forceping) {
3858  // No ping done if we are into an alpha version
3859  if (strpos('alpha', DOL_VERSION) > 0 && !$forceping) {
3860  print "\n<!-- NO JS CODE TO ENABLE the anonymous Ping. It is an alpha version -->\n";
3861  } elseif (empty($_COOKIE['DOLINSTALLNOPING_'.$hash_unique_id]) || $forceping) { // Cookie is set when we uncheck the checkbox in the installation wizard.
3862  // MAIN_LAST_PING_KO_DATE
3863  // Disable ping if MAIN_LAST_PING_KO_DATE is set and is recent (this month)
3864  if (getDolGlobalString('MAIN_LAST_PING_KO_DATE') && substr($conf->global->MAIN_LAST_PING_KO_DATE, 0, 6) == dol_print_date(dol_now(), '%Y%m') && !$forceping) {
3865  print "\n<!-- NO JS CODE TO ENABLE the anonymous Ping. An error already occurred this month, we will try later. -->\n";
3866  } else {
3867  include_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
3868 
3869  print "\n".'<!-- Includes JS for Ping of Dolibarr forceping='.$forceping.' MAIN_FIRST_PING_OK_DATE='.getDolGlobalString("MAIN_FIRST_PING_OK_DATE").' MAIN_FIRST_PING_OK_ID='.getDolGlobalString("MAIN_FIRST_PING_OK_ID").' MAIN_LAST_PING_KO_DATE='.getDolGlobalString("MAIN_LAST_PING_KO_DATE").' -->'."\n";
3870  print "\n<!-- JS CODE TO ENABLE the anonymous Ping -->\n";
3871  $url_for_ping = getDolGlobalString('MAIN_URL_FOR_PING', "https://ping.dolibarr.org/");
3872  // Try to guess the distrib used
3873  $distrib = 'standard';
3874  if ($_SERVER["SERVER_ADMIN"] == 'doliwamp@localhost') {
3875  $distrib = 'doliwamp';
3876  }
3877  if (!empty($dolibarr_distrib)) {
3878  $distrib = $dolibarr_distrib;
3879  }
3880  ?>
3881  <script>
3882  jQuery(document).ready(function (tmp) {
3883  console.log("Try Ping with hash_unique_id is dol_hash('dolibarr'+instance_unique_id, 'sha256')");
3884  $.ajax({
3885  method: "POST",
3886  url: "<?php echo $url_for_ping ?>",
3887  timeout: 500, // timeout milliseconds
3888  cache: false,
3889  data: {
3890  hash_algo: 'dol_hash-sha256',
3891  hash_unique_id: '<?php echo dol_escape_js($hash_unique_id); ?>',
3892  action: 'dolibarrping',
3893  version: '<?php echo (float) DOL_VERSION; ?>',
3894  entity: '<?php echo (int) $conf->entity; ?>',
3895  dbtype: '<?php echo dol_escape_js($db->type); ?>',
3896  country_code: '<?php echo $mysoc->country_code ? dol_escape_js($mysoc->country_code) : 'unknown'; ?>',
3897  php_version: '<?php echo dol_escape_js(phpversion()); ?>',
3898  os_version: '<?php echo dol_escape_js(version_os('smr')); ?>',
3899  db_version: '<?php echo dol_escape_js(version_db()); ?>',
3900  distrib: '<?php echo $distrib ? dol_escape_js($distrib) : 'unknown'; ?>',
3901  token: 'notrequired'
3902  },
3903  success: function (data, status, xhr) { // success callback function (data contains body of response)
3904  console.log("Ping ok");
3905  $.ajax({
3906  method: 'GET',
3907  url: '<?php echo DOL_URL_ROOT.'/core/ajax/pingresult.php'; ?>',
3908  timeout: 500, // timeout milliseconds
3909  cache: false,
3910  data: { hash_algo: 'dol_hash-sha256', hash_unique_id: '<?php echo dol_escape_js($hash_unique_id); ?>', action: 'firstpingok', token: '<?php echo currentToken(); ?>' }, // for update
3911  });
3912  },
3913  error: function (data,status,xhr) { // error callback function
3914  console.log("Ping ko: " + data);
3915  $.ajax({
3916  method: 'GET',
3917  url: '<?php echo DOL_URL_ROOT.'/core/ajax/pingresult.php'; ?>',
3918  timeout: 500, // timeout milliseconds
3919  cache: false,
3920  data: { hash_algo: 'dol_hash-sha256', hash_unique_id: '<?php echo dol_escape_js($hash_unique_id); ?>', action: 'firstpingko', token: '<?php echo currentToken(); ?>' },
3921  });
3922  }
3923  });
3924  });
3925  </script>
3926  <?php
3927  }
3928  } else {
3929  $now = dol_now();
3930  print "\n<!-- NO JS CODE TO ENABLE the anonymous Ping. It was disabled -->\n";
3931  include_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
3932  dolibarr_set_const($db, 'MAIN_FIRST_PING_OK_DATE', dol_print_date($now, 'dayhourlog', 'gmt'), 'chaine', 0, '', $conf->entity);
3933  dolibarr_set_const($db, 'MAIN_FIRST_PING_OK_ID', 'disabled', 'chaine', 0, '', $conf->entity);
3934  }
3935  }
3936  }
3937 
3938  $parameters = array();
3939  $reshook = $hookmanager->executeHooks('beforeBodyClose', $parameters); // Note that $action and $object may have been modified by some hooks
3940  if ($reshook > 0) {
3941  print $hookmanager->resPrint;
3942  }
3943 
3944  print "</body>\n";
3945  print "</html>\n";
3946  }
3947 }
if($user->socid > 0) if(! $user->hasRight('accounting', 'chartofaccount')) $object
Definition: card.php:58
print $langs trans("AuditedSecurityEvents").'</strong >< span class="opacitymedium"></span >< br > status
Or an array listing all the potential status of the object: array: int of the status => translated la...
Definition: security.php:624
dolibarr_set_const($db, $name, $value, $type='chaine', $visible=0, $note='', $entity=1)
Insert a parameter (key,value) into database (delete old key then insert it again).
Definition: admin.lib.php:656
versioncompare($versionarray1, $versionarray2)
Compare 2 versions (stored into 2 arrays).
Definition: admin.lib.php:68
ajax_dialog($title, $message, $w=350, $h=150)
Show an ajax dialog.
Definition: ajax.lib.php:413
if(!defined('NOREQUIRESOC')) if(!defined('NOREQUIRETRAN')) if(!defined('NOTOKENRENEWAL')) if(!defined('NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined('NOREQUIREAJAX')) llxHeader()
Empty header.
Definition: wrapper.php:55
llxFooter()
Empty footer.
Definition: wrapper.php:69
printDropdownBookmarksList()
Add area with bookmarks in top menu.
DolibarrDebugBar class.
Definition: DebugBar.php:47
Class to manage generation of HTML components Only common components must be here.
static showphoto($modulepart, $object, $width=100, $height=0, $caneditfield=0, $cssclass='photowithmargin', $imagesize='', $addlinktofullsize=1, $cache=0, $forcecapture='', $noexternsourceoverwrite=0)
Return HTML code to output a photo.
Class to manage hooks.
Class to manage left menus.
Definition: menu.class.php:31
Class to manage menu Auguria.
Class to manage third parties objects (customers, suppliers, prospects...)
Class to manage translations.
dol_stringtotime($string, $gm=1)
Convert a string date into a GM Timestamps date Warning: YYYY-MM-DDTHH:MM:SS+02:00 (RFC3339) is not s...
Definition: date.lib.php:426
if(!defined('DOL_APPLICATION_TITLE')) if(!defined('DOL_VERSION')) if(!defined('EURO')) if(!defined('LOG_DEBUG')) if(defined('DOL_INC_FOR_VERSION_ERROR')) dol_session_start()
Replace session_start()
picto_from_langcode($codelang, $moreatt='', $notitlealt=0)
Return img flag of country for a language code or country code.
img_warning($titlealt='default', $moreatt='', $morecss='pictowarning')
Show warning logo.
img_picto($titlealt, $picto, $moreatt='', $pictoisfullpath=0, $srconly=0, $notitle=0, $alt='', $morecss='', $marginleftonlyshort=2)
Show picto whatever it's its name (generic function)
GETPOSTINT($paramname, $method=0)
Return the value of a $_GET or $_POST supervariable, converted into integer.
yn($yesno, $case=1, $color=0)
Return yes or no in current language.
dolButtonToOpenUrlInDialogPopup($name, $label, $buttonstring, $url, $disabled='', $morecss='classlink button bordertransp', $jsonopen='', $backtopagejsfields='', $accesskey='')
Return HTML code to output a button to open a dialog popup box.
isHTTPS()
Return if we are using a HTTPS connection Check HTTPS (no way to be modified by user but may be empty...
printCommonFooter($zone='private')
Print common footer : conf->global->MAIN_HTML_FOOTER js for switch of menu hider js for conf->global-...
if(!function_exists('dol_getprefix')) dol_include_once($relpath, $classname='')
Make an include_once using default root and alternate root if it fails.
dol_now($mode='auto')
Return date for now.
getDolGlobalInt($key, $default=0)
Return a Dolibarr global constant int value.
dol_print_date($time, $format='', $tzoutput='auto', $outputlangs=null, $encodetooutput=false)
Output date in a string format according to outputlangs (or langs if not defined).
newToken()
Return the value of token currently saved into session with name 'newtoken'.
dol_htmlentities($string, $flags=ENT_QUOTES|ENT_SUBSTITUTE, $encoding='UTF-8', $double_encode=false)
Replace htmlentities functions.
getBrowserInfo($user_agent)
Return information about user browser.
dol_htmloutput_events($disabledoutputofmessages=0)
Print formatted messages to output (Used to show messages on html output).
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
info_admin($text, $infoonimgalt=0, $nodiv=0, $admin='1', $morecss='hideonsmartphone', $textfordropdown='')
Show information in HTML for admin users or standard users.
setEventMessages($mesg, $mesgs, $style='mesgs', $messagekey='', $noduplicate=0)
Set event messages in dol_events session object.
dol_print_profids($profID, $profIDtype, $countrycode='', $addcpButton=1)
Format professional IDs according to their country.
dol_buildpath($path, $type=0, $returnemptyifnotfound=0)
Return path of url or filesystem.
dol_print_error($db=null, $error='', $errors=null)
Displays error message system with all the information to facilitate the diagnosis and the escalation...
GETPOSTISSET($paramname)
Return true if we are in a context of submitting the parameter $paramname from a POST of a form.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
isModEnabled($module)
Is Dolibarr module enabled.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
dol_escape_htmltag($stringtoescape, $keepb=0, $keepn=0, $noescapetags='', $escapeonlyhtmltags=0, $cleanalsojavascript=0)
Returns text escaped for inclusion in HTML alt or title or value tags, or into values of HTML input f...
ui state ui widget content ui state ui widget header ui state a ui button
0 = Do not include form tag and submit button -1 = Do not include form tag but include submit button
if(!defined( 'CSRFCHECK_WITH_TOKEN'))
if(!empty($_SERVER['MAIN_SHOW_TUNING_INFO'])) getArrayOfEmoji()
Return array of Emojis.
Definition: main.inc.php:62
top_menu_quickadd()
Build the tooltip on top menu quick add.
Definition: main.inc.php:2741
top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs=array(), $arrayofcss=array(), $disableforlogin=0, $disablenofollow=0, $disablenoindex=0)
Output html header of a page.
Definition: main.inc.php:1789
top_menu_user($hideloginname=0, $urllogout='')
Build the tooltip on user login.
Definition: main.inc.php:2476
testSqlAndScriptInject($val, $type)
Security: WAF layer for SQL Injection and XSS Injection (scripts) protection (Filters on GET,...
Definition: main.inc.php:123
left_menu($menu_array_before, $helppagename='', $notused='', $menu_array_after=array(), $leftmenuwithoutmainarea=0, $title='', $acceptdelayedhtml=0)
Show left menu bar.
Definition: main.inc.php:3274
main_area($title='')
Begin main area.
Definition: main.inc.php:3527
if(!defined('NOREQUIREMENU')) if(!empty(GETPOST('seteventmessages', 'alpha'))) if(!function_exists("llxHeader")) top_httphead($contenttype='text/html', $forcenocache=0)
Show HTTP header.
Definition: main.inc.php:1650
realCharForNumericEntities($matches)
Return the real char for a numeric entities.
Definition: main.inc.php:86
getHelpParamFor($helppagename, $langs)
Return helpbaseurl, helppage and mode.
Definition: main.inc.php:3589
printSearchForm($urlaction, $urlobject, $title, $htmlmorecss, $htmlinputname, $accesskey='', $prefhtmlinputname='', $img='', $showtitlebefore=0, $autofocus=0)
Show a search area.
Definition: main.inc.php:3649
top_menu($head, $title='', $target='', $disablejs=0, $disablehead=0, $arrayofjs=array(), $arrayofcss=array(), $morequerystring='', $helppagename='')
Show an HTML header + a BODY + The top menu bar.
Definition: main.inc.php:2216
top_menu_search()
Build the tooltip on top menu tsearch.
Definition: main.inc.php:3098
printDropdownQuickadd()
Generate list of quickadd items.
Definition: main.inc.php:2824
analyseVarsForSqlAndScriptsInjection(&$var, $type, $stopcode=1)
Return true if security check on parameters are OK, false otherwise.
Definition: main.inc.php:261
top_menu_bookmark()
Build the tooltip on top menu bookmark.
Definition: main.inc.php:3003
div float
Unit price before taxes.
Definition: style.css.php:963
if(preg_match('/crypted:/i', $dolibarr_main_db_pass)||!empty($dolibarr_main_db_encrypted_pass)) $conf db type
Definition: repair.php:139
$conf db name
Only used if Module[ID]Name translation string is not found.
Definition: repair.php:142
$conf db user
Active Directory does not allow anonymous connections.
Definition: repair.php:143
checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode, $context='')
Return a login if login/pass was successful.
dol_hash($chain, $type='0', $nosalt=0)
Returns a hash (non reversible encryption) of a string.
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.