dolibarr  19.0.0-dev
filefunc.inc.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2002-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
3  * Copyright (C) 2003 Xavier Dutoit <doli@sydesy.com>
4  * Copyright (C) 2004-2017 Laurent Destailleur <eldy@users.sourceforge.net>
5  * Copyright (C) 2004 Sebastien Di Cintio <sdicintio@ressource-toi.org>
6  * Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
7  * Copyright (C) 2005-2011 Regis Houssin <regis.houssin@inodbox.com>
8  * Copyright (C) 2005 Simon Tosser <simon@kornog-computing.com>
9  * Copyright (C) 2006 Andre Cianfarani <andre.cianfarani@acdeveloppement.net>
10  * Copyright (C) 2010 Juanjo Menent <jmenent@2byte.es>
11  * Copyright (C) 2015 Bahfir Abbes <bafbes@gmail.com>
12  *
13  * This program is free software; you can redistribute it and/or modify
14  * it under the terms of the GNU General Public License as published by
15  * the Free Software Foundation; either version 3 of the License, or
16  * (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program. If not, see <https://www.gnu.org/licenses/>.
25  */
26 
33 if (!defined('DOL_APPLICATION_TITLE')) {
34  define('DOL_APPLICATION_TITLE', 'Dolibarr');
35 }
36 if (!defined('DOL_VERSION')) {
37  define('DOL_VERSION', '19.0.0-dev'); // a.b.c-alpha, a.b.c-beta, a.b.c-rcX or a.b.c
38 }
39 
40 if (!defined('EURO')) {
41  define('EURO', chr(128));
42 }
43 
44 // Define syslog constants
45 if (!defined('LOG_DEBUG')) {
46  if (!function_exists("syslog")) {
47  // For PHP versions without syslog (like running on Windows OS)
48  define('LOG_EMERG', 0);
49  define('LOG_ALERT', 1);
50  define('LOG_CRIT', 2);
51  define('LOG_ERR', 3);
52  define('LOG_WARNING', 4);
53  define('LOG_NOTICE', 5);
54  define('LOG_INFO', 6);
55  define('LOG_DEBUG', 7);
56  }
57 }
58 
59 // End of common declaration part
60 if (defined('DOL_INC_FOR_VERSION_ERROR')) {
61  return;
62 }
63 
64 // Define vars
65 $conffiletoshowshort = "conf.php";
66 // Define localization of conf file
67 // --- Start of part replaced by Dolibarr packager makepack-dolibarr
68 $conffile = "conf/conf.php";
69 $conffiletoshow = "htdocs/conf/conf.php";
70 // For debian/redhat like systems
71 //$conffile = "/etc/dolibarr/conf.php";
72 //$conffiletoshow = "/etc/dolibarr/conf.php";
73 
74 
75 // Include configuration
76 // --- End of part replaced by Dolibarr packager makepack-dolibarr
77 
78 // Include configuration
79 $result = @include_once $conffile; // Keep @ because with some error reporting this break the redirect done when file not found
80 
81 // Disable some not used PHP stream
82 $listofwrappers = stream_get_wrappers();
83 // We need '.phar' for geoip2. TODO Replace phar with explode files so we can disable phar.
84 $arrayofstreamtodisable = array('compress.zlib', 'compress.bzip2', 'ftps', 'glob', 'data', 'expect', 'ftp', 'ogg', 'rar', 'zip', 'zlib');
85 foreach ($arrayofstreamtodisable as $streamtodisable) {
86  if (!empty($listofwrappers) && in_array($streamtodisable, $listofwrappers)) {
87  if (!empty($dolibarr_main_stream_enabled) && is_array($dolibarr_main_stream_enabled) && in_array($streamtodisable, $dolibarr_main_stream_enabled)) {
88  continue; // We do not disable this stream
89  }
90  stream_wrapper_unregister($streamtodisable);
91  }
92 }
93 
94 if (!$result && !empty($_SERVER["GATEWAY_INTERFACE"])) { // If install not done and we are in a web session
95  if (!empty($_SERVER["CONTEXT_PREFIX"])) { // CONTEXT_PREFIX and CONTEXT_DOCUMENT_ROOT are not defined on all apache versions
96  $path = $_SERVER["CONTEXT_PREFIX"]; // example '/dolibarr/' when using an apache alias.
97  if (!preg_match('/\/$/', $path)) {
98  $path .= '/';
99  }
100  } elseif (preg_match('/index\.php/', $_SERVER['PHP_SELF'])) {
101  // When we ask index.php, we MUST BE SURE that $path is '' at the end. This is required to make install process
102  // when using apache alias like '/dolibarr/' that point to htdocs.
103  // Note: If calling page was an index.php not into htdocs (ie comm/index.php, ...), then this redirect will fails,
104  // but we don't want to change this because when URL is correct, we must be sure the redirect to install/index.php will be correct.
105  $path = '';
106  } else {
107  // If what we look is not index.php, we can try to guess location of root. May not work all the time.
108  // There is no real solution, because the only way to know the apache url relative path is to have it into conf file.
109  // If it fails to find correct $path, then only solution is to ask user to enter the correct URL to index.php or install/index.php
110  $TDir = explode('/', $_SERVER['PHP_SELF']);
111  $path = '';
112  $i = count($TDir);
113  while ($i--) {
114  if (empty($TDir[$i]) || $TDir[$i] == 'htdocs') {
115  break;
116  }
117  if ($TDir[$i] == 'dolibarr') {
118  break;
119  }
120  if (substr($TDir[$i], -4, 4) == '.php') {
121  continue;
122  }
123 
124  $path .= '../';
125  }
126  }
127 
128  header("Location: ".$path."install/index.php");
129 
130  /*
131  print '<br><center>';
132  print 'The conf/conf.php file was not found or is not readable by the web server. If this is your first access, <a href="'.$path.'install/index.php">click here to start the Dolibarr installation process</a> to create it...';
133  print '</center><br>';
134  */
135 
136  exit;
137 }
138 
139 // Force PHP error_reporting setup (Dolibarr may report warning without this)
140 if (!empty($dolibarr_strict_mode)) {
141  error_reporting(E_ALL | E_STRICT);
142 } else {
143  error_reporting(E_ALL & ~(E_STRICT | E_NOTICE | E_DEPRECATED));
144 }
145 
146 // Disable php display errors
147 if (!empty($dolibarr_main_prod)) {
148  ini_set('display_errors', 'Off');
149 }
150 
151 // Clean parameters
152 $dolibarr_main_data_root = (empty($dolibarr_main_data_root) ? '' : trim($dolibarr_main_data_root));
153 $dolibarr_main_url_root = trim(preg_replace('/\/+$/', '', empty($dolibarr_main_url_root) ? '' : $dolibarr_main_url_root));
154 $dolibarr_main_url_root_alt = (empty($dolibarr_main_url_root_alt) ? '' : trim($dolibarr_main_url_root_alt));
155 $dolibarr_main_document_root = (empty($dolibarr_main_document_root) ? '' : trim($dolibarr_main_document_root));
156 $dolibarr_main_document_root_alt = (empty($dolibarr_main_document_root_alt) ? '' : trim($dolibarr_main_document_root_alt));
157 
158 if (empty($dolibarr_main_db_port)) {
159  $dolibarr_main_db_port = 3306; // For compatibility with old configs, if not defined, we take 'mysql' type
160 }
161 if (empty($dolibarr_main_db_type)) {
162  $dolibarr_main_db_type = 'mysqli'; // For compatibility with old configs, if not defined, we take 'mysql' type
163 }
164 
165 // Mysql driver support has been removed in favor of mysqli
166 if ($dolibarr_main_db_type == 'mysql') {
167  $dolibarr_main_db_type = 'mysqli';
168 }
169 if (empty($dolibarr_main_db_prefix)) {
170  $dolibarr_main_db_prefix = 'llx_';
171 }
172 if (empty($dolibarr_main_db_character_set)) {
173  $dolibarr_main_db_character_set = ($dolibarr_main_db_type == 'mysqli' ? 'utf8' : ''); // Old installation
174 }
175 if (empty($dolibarr_main_db_collation)) {
176  $dolibarr_main_db_collation = ($dolibarr_main_db_type == 'mysqli' ? 'utf8_unicode_ci' : ''); // Old installation
177 }
178 if (empty($dolibarr_main_db_encryption)) {
179  $dolibarr_main_db_encryption = 0;
180 }
181 if (empty($dolibarr_main_db_cryptkey)) {
182  $dolibarr_main_db_cryptkey = '';
183 }
184 if (empty($dolibarr_main_limit_users)) {
185  $dolibarr_main_limit_users = 0;
186 }
187 if (empty($dolibarr_mailing_limit_sendbyweb)) {
188  $dolibarr_mailing_limit_sendbyweb = 0;
189 }
190 if (empty($dolibarr_mailing_limit_sendbycli)) {
191  $dolibarr_mailing_limit_sendbycli = 0;
192 }
193 if (empty($dolibarr_mailing_limit_sendbyday)) {
194  $dolibarr_mailing_limit_sendbyday = 0;
195 }
196 if (empty($dolibarr_strict_mode)) {
197  $dolibarr_strict_mode = 0; // For debug in php strict mode
198 }
199 
200 define('DOL_DOCUMENT_ROOT', $dolibarr_main_document_root); // Filesystem core php (htdocs)
201 
202 if (!file_exists(DOL_DOCUMENT_ROOT."/core/lib/functions.lib.php")) {
203  print "Error: Dolibarr config file content seems to be not correctly defined.<br>\n";
204  print "Please run dolibarr setup by calling page <b>/install</b>.<br>\n";
205  exit;
206 }
207 
208 
209 // Included by default (must be before the CSRF check so wa can use the dol_syslog)
210 include_once DOL_DOCUMENT_ROOT.'/core/lib/functions.lib.php';
211 include_once DOL_DOCUMENT_ROOT.'/core/lib/security.lib.php';
212 //print memory_get_usage();
213 
214 
215 // Security: CSRF protection
216 // This test check if referrer ($_SERVER['HTTP_REFERER']) is same web site than Dolibarr ($_SERVER['HTTP_HOST'])
217 // when we post forms (we allow GET and HEAD to accept direct link from a particular page).
218 // Note about $_SERVER[HTTP_HOST/SERVER_NAME]: http://shiflett.org/blog/2006/mar/server-name-versus-http-host
219 // See also CSRF protections done into main.inc.php
220 if (!defined('NOCSRFCHECK') && isset($dolibarr_nocsrfcheck) && $dolibarr_nocsrfcheck == 1) { // If $dolibarr_nocsrfcheck is 0, there is a strict CSRF test with token in main
221  if (!empty($_SERVER['REQUEST_METHOD']) && !in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD')) && !empty($_SERVER['HTTP_HOST'])) {
222  $csrfattack = false;
223  if (empty($_SERVER['HTTP_REFERER'])) {
224  $csrfattack = true; // An evil browser was used
225  } else {
226  $tmpa = parse_url($_SERVER['HTTP_HOST']);
227  $tmpb = parse_url($_SERVER['HTTP_REFERER']);
228  if ((empty($tmpa['host']) ? $tmpa['path'] : $tmpa['host']) != (empty($tmpb['host']) ? $tmpb['path'] : $tmpb['host'])) {
229  $csrfattack = true;
230  }
231  }
232  if ($csrfattack) {
233  //print 'NOCSRFCHECK='.defined('NOCSRFCHECK').' REQUEST_METHOD='.$_SERVER['REQUEST_METHOD'].' HTTP_HOST='.$_SERVER['HTTP_HOST'].' HTTP_REFERER='.$_SERVER['HTTP_REFERER'];
234  // Note: We can't use dol_escape_htmltag here to escape output because lib functions.lib.ph is not yet loaded.
235  dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"])?'':$_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (Bad referer).", LOG_WARNING);
236  print "Access refused by CSRF protection in main.inc.php. Referer of form (".htmlentities($_SERVER['HTTP_REFERER'], ENT_COMPAT, 'UTF-8').") is outside the server that serve this page (with method = ".htmlentities($_SERVER['REQUEST_METHOD'], ENT_COMPAT, 'UTF-8').").\n";
237  print "If you access your server behind a proxy using url rewriting, you might check that all HTTP headers are propagated (or add the line \$dolibarr_nocsrfcheck=1 into your conf.php file to remove this security check).\n";
238  die;
239  }
240  }
241  // Another test is done later on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on.
242 }
243 if (empty($dolibarr_main_db_host) && !defined('NOREQUIREDB')) {
244  print '<div class="center">Dolibarr setup is not yet complete.<br><br>'."\n";
245  print '<a href="install/index.php">Click here to finish Dolibarr install process</a> ...</div>'."\n";
246  die;
247 }
248 if (empty($dolibarr_main_url_root) && !defined('NOREQUIREVIRTUALURL')) {
249  print 'Value for parameter \'dolibarr_main_url_root\' is not defined in your \'htdocs\conf\conf.php\' file.<br>'."\n";
250  print 'You must add this parameter with your full Dolibarr root Url (Example: http://myvirtualdomain/ or http://mydomain/mydolibarrurl/)'."\n";
251  die;
252 }
253 
254 if (empty($dolibarr_main_document_root_alt)) {
255  $dolibarr_main_document_root_alt = $dolibarr_main_document_root.'/custom';
256 }
257 
258 if (empty($dolibarr_main_data_root)) {
259  // If directory not defined, we use the default hardcoded value
260  $dolibarr_main_data_root = str_replace("/htdocs", "", $dolibarr_main_document_root);
261  $dolibarr_main_data_root .= "/documents";
262 }
263 
264 // Define some constants
265 define('DOL_CLASS_PATH', 'class/'); // Filesystem path to class dir (defined only for some code that want to be compatible with old versions without this parameter)
266 define('DOL_DATA_ROOT', $dolibarr_main_data_root); // Filesystem data (documents)
267 // Try to autodetect DOL_MAIN_URL_ROOT and DOL_URL_ROOT when root is not directly the main domain.
268 // Note: autodetect works only in case 1, 2, 3 and 4 of phpunit test CoreTest.php. For case 5, 6, only setting value into conf.php will works.
269 $tmp = '';
270 $found = 0;
271 $real_dolibarr_main_document_root = str_replace('\\', '/', realpath($dolibarr_main_document_root)); // A) Value found into config file, to say where are store htdocs files. Ex: C:/xxx/dolibarr, C:/xxx/dolibarr/htdocs
272 if (!empty($_SERVER["DOCUMENT_ROOT"])) {
273  $pathroot = $_SERVER["DOCUMENT_ROOT"]; // B) Value reported by web server setup (not defined on CLI mode), to say where is root of web server instance. Ex: C:/xxx/dolibarr, C:/xxx/dolibarr/htdocs
274 } else {
275  $pathroot = 'NOTDEFINED';
276 }
277 $paths = explode('/', str_replace('\\', '/', $_SERVER["SCRIPT_NAME"])); // C) Value reported by web server, to say full path on filesystem of a file. Ex: /dolibarr/htdocs/admin/system/phpinfo.php
278 // Try to detect if $_SERVER["DOCUMENT_ROOT"]+start of $_SERVER["SCRIPT_NAME"] is $dolibarr_main_document_root. If yes, relative url to add before dol files is this start part.
279 $concatpath = '';
280 foreach ($paths as $tmppath) { // We check to find (B+start of C)=A
281  if (empty($tmppath)) {
282  continue;
283  }
284  $concatpath .= '/'.$tmppath;
285  //if ($tmppath) $concatpath.='/'.$tmppath;
286  //print $_SERVER["SCRIPT_NAME"].'-'.$pathroot.'-'.$concatpath.'-'.$real_dolibarr_main_document_root.'-'.realpath($pathroot.$concatpath).'<br>';
287  if ($real_dolibarr_main_document_root == @realpath($pathroot.$concatpath)) { // @ avoid warning when safe_mode is on.
288  //print "Found relative url = ".$concatpath;
289  $tmp3 = $concatpath;
290  $found = 1;
291  break;
292  }
293  //else print "Not found yet for concatpath=".$concatpath."<br>\n";
294 }
295 //print "found=".$found." dolibarr_main_url_root=".$dolibarr_main_url_root."\n";
296 if (!$found) {
297  // There is no subdir that compose the main url root or autodetect fails (Ie: when using apache alias that point outside default DOCUMENT_ROOT).
298  $tmp = $dolibarr_main_url_root;
299 } else {
300  $tmp = 'http'.(((empty($_SERVER["HTTPS"]) || $_SERVER["HTTPS"] != 'on') && (empty($_SERVER["SERVER_PORT"]) || $_SERVER["SERVER_PORT"] != 443)) ? '' : 's').'://'.$_SERVER["SERVER_NAME"].((empty($_SERVER["SERVER_PORT"]) || $_SERVER["SERVER_PORT"] == 80 || $_SERVER["SERVER_PORT"] == 443) ? '' : ':'.$_SERVER["SERVER_PORT"]).($tmp3 ? (preg_match('/^\//', $tmp3) ? '' : '/').$tmp3 : '');
301 }
302 //print "tmp1=".$tmp1." tmp2=".$tmp2." tmp3=".$tmp3." tmp=".$tmp."\n";
303 if (!empty($dolibarr_main_force_https)) {
304  $tmp = preg_replace('/^http:/i', 'https:', $tmp);
305 }
306 define('DOL_MAIN_URL_ROOT', $tmp); // URL absolute root (https://sss/dolibarr, ...)
307 $uri = preg_replace('/^http(s?):\/\//i', '', constant('DOL_MAIN_URL_ROOT')); // $uri contains url without http*
308 $suburi = strstr($uri, '/'); // $suburi contains url without domain:port
309 if (empty($suburi) || $suburi === '/') {
310  $suburi = ''; // If $suburi is null or /, it is now ''
311 }
312 if (!defined('DOL_URL_ROOT')) {
313  define('DOL_URL_ROOT', $suburi); // URL relative root ('', '/dolibarr', ...)
314 }
315 //print DOL_MAIN_URL_ROOT.'-'.DOL_URL_ROOT."\n";
316 
317 // Define prefix MAIN_DB_PREFIX
318 define('MAIN_DB_PREFIX', $dolibarr_main_db_prefix);
319 
320 
321 /*
322  * Define PATH to external libraries
323  * To use other version than embeded libraries, define here constant to path. Use '' to use include class path autodetect.
324  */
325 // Path to root libraries
326 if (!defined('TCPDF_PATH')) {
327  define('TCPDF_PATH', (empty($dolibarr_lib_TCPDF_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/tecnickcom/tcpdf/' : $dolibarr_lib_TCPDF_PATH.'/');
328 }
329 if (!defined('TCPDI_PATH')) {
330  define('TCPDI_PATH', (empty($dolibarr_lib_TCPDI_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/tcpdi/' : $dolibarr_lib_TCPDI_PATH.'/');
331 }
332 if (!defined('NUSOAP_PATH')) {
333  define('NUSOAP_PATH', (!isset($dolibarr_lib_NUSOAP_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/nusoap/lib/' : (empty($dolibarr_lib_NUSOAP_PATH) ? '' : $dolibarr_lib_NUSOAP_PATH.'/'));
334 }
335 if (!defined('PHPEXCELNEW_PATH')) {
336  define('PHPEXCELNEW_PATH', (!isset($dolibarr_lib_PHPEXCELNEW_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/phpoffice/phpspreadsheet/src/PhpSpreadsheet/' : (empty($dolibarr_lib_PHPEXCELNEW_PATH) ? '' : $dolibarr_lib_PHPEXCELNEW_PATH.'/'));
337 }
338 if (!defined('ODTPHP_PATH')) {
339  define('ODTPHP_PATH', (!isset($dolibarr_lib_ODTPHP_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/odtphp/' : (empty($dolibarr_lib_ODTPHP_PATH) ? '' : $dolibarr_lib_ODTPHP_PATH.'/'));
340 }
341 if (!defined('ODTPHP_PATHTOPCLZIP')) {
342  define('ODTPHP_PATHTOPCLZIP', (!isset($dolibarr_lib_ODTPHP_PATHTOPCLZIP)) ?DOL_DOCUMENT_ROOT.'/includes/odtphp/zip/pclzip/' : (empty($dolibarr_lib_ODTPHP_PATHTOPCLZIP) ? '' : $dolibarr_lib_ODTPHP_PATHTOPCLZIP.'/'));
343 }
344 if (!defined('JS_CKEDITOR')) {
345  define('JS_CKEDITOR', (!isset($dolibarr_js_CKEDITOR)) ? '' : (empty($dolibarr_js_CKEDITOR) ? '' : $dolibarr_js_CKEDITOR.'/'));
346 }
347 if (!defined('JS_JQUERY')) {
348  define('JS_JQUERY', (!isset($dolibarr_js_JQUERY)) ? '' : (empty($dolibarr_js_JQUERY) ? '' : $dolibarr_js_JQUERY.'/'));
349 }
350 if (!defined('JS_JQUERY_UI')) {
351  define('JS_JQUERY_UI', (!isset($dolibarr_js_JQUERY_UI)) ? '' : (empty($dolibarr_js_JQUERY_UI) ? '' : $dolibarr_js_JQUERY_UI.'/'));
352 }
353 // Other required path
354 if (!defined('DOL_DEFAULT_TTF')) {
355  define('DOL_DEFAULT_TTF', (!isset($dolibarr_font_DOL_DEFAULT_TTF)) ?DOL_DOCUMENT_ROOT.'/includes/fonts/Aerial.ttf' : (empty($dolibarr_font_DOL_DEFAULT_TTF) ? '' : $dolibarr_font_DOL_DEFAULT_TTF));
356 }
357 if (!defined('DOL_DEFAULT_TTF_BOLD')) {
358  define('DOL_DEFAULT_TTF_BOLD', (!isset($dolibarr_font_DOL_DEFAULT_TTF_BOLD)) ?DOL_DOCUMENT_ROOT.'/includes/fonts/AerialBd.ttf' : (empty($dolibarr_font_DOL_DEFAULT_TTF_BOLD) ? '' : $dolibarr_font_DOL_DEFAULT_TTF_BOLD));
359 }
360 
361 
362 /*
363  * Include functions
364  */
365 
366 // If password is encoded, we decode it. Note: When page is called for install, $dolibarr_main_db_pass may not be defined yet.
367 if ((!empty($dolibarr_main_db_pass) && preg_match('/crypted:/i', $dolibarr_main_db_pass)) || !empty($dolibarr_main_db_encrypted_pass)) {
368  if (!empty($dolibarr_main_db_pass) && preg_match('/crypted:/i', $dolibarr_main_db_pass)) {
369  $dolibarr_main_db_pass = preg_replace('/crypted:/i', '', $dolibarr_main_db_pass);
370  $dolibarr_main_db_pass = dol_decode($dolibarr_main_db_pass);
371  $dolibarr_main_db_encrypted_pass = $dolibarr_main_db_pass; // We need to set this so we can use it later to know the password was initially crypted
372  } else {
373  $dolibarr_main_db_pass = dol_decode($dolibarr_main_db_encrypted_pass);
374  }
375 }
dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition: functions.lib.php:1741
dol_decode
dol_decode($chain, $key='1')
Decode a base 64 encoded + specific delta change.
Definition: security.lib.php:69
Generated on Fri Dec 1 2023 01:01:30 for dolibarr by Doxygen 1.8.17