dolibarr 21.0.0-beta
webportal.main.inc.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2023-2024 Laurent Destailleur <eldy@users.sourceforge.net>
3 * Copyright (C) 2023-2024 Lionel Vessiller <lvessiller@easya.solutions>
4 * Copyright (C) 2024 Frédéric France <frederic.france@free.fr>
5 * Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
6 *
7 * This program is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <https://www.gnu.org/licenses/>.
19 */
20
27if (!defined('WEBPORTAL')) {
28 define('WEBPORTAL', 1);
29}
30if (!defined('NOLOGIN')) {
31 define('NOLOGIN', 1);
32}
33if (!defined('NOREQUIREUSER')) {
34 define('NOREQUIREUSER', 1);
35}
36if (!defined('NOREQUIREMENU')) {
37 define('NOREQUIREMENU', 1);
38}
39if (!defined('NOREQUIRESOC')) {
40 define('NOREQUIRESOC', 1);
41}
42if (!defined('EVEN_IF_ONLY_LOGIN_ALLOWED')) {
43 define('EVEN_IF_ONLY_LOGIN_ALLOWED', 1);
44}
45if (!defined('NOIPCHECK')) {
46 define('NOIPCHECK', 1);
47}
48
49
50if (!function_exists('dol_getprefix')) {
60 function dol_getprefix($mode = '')
61 {
62 global $dolibarr_main_instance_unique_id,
63 $dolibarr_main_cookie_cryptkey; // This is loaded by filefunc.inc.php
64
65 $tmp_instance_unique_id = empty($dolibarr_main_instance_unique_id) ?
66 (empty($dolibarr_main_cookie_cryptkey) ? '' :
67 $dolibarr_main_cookie_cryptkey) : $dolibarr_main_instance_unique_id;
68 // Unique id of instance
69
70 // The recommended value (may be not defined for old versions)
71 if (!empty($tmp_instance_unique_id)) {
72 return sha1('webportal' . $tmp_instance_unique_id);
73 } else {
74 return sha1('webportal' . $_SERVER['SERVER_NAME'].$_SERVER['DOCUMENT_ROOT'].DOL_DOCUMENT_ROOT);
75 }
76 }
77}
78
79$relDir = '';
80if (defined('MAIN_INC_REL_DIR')) {
81 $relDir = MAIN_INC_REL_DIR;
82}
83include $relDir.'../../main.inc.php';
84
85require_once DOL_DOCUMENT_ROOT . '/user/class/user.class.php';
86require_once DOL_DOCUMENT_ROOT . '/societe/class/societeaccount.class.php';
87require_once DOL_DOCUMENT_ROOT . '/public/webportal/lib/webportal.lib.php';
88require_once DOL_DOCUMENT_ROOT . '/webportal/class/context.class.php';
89require_once DOL_DOCUMENT_ROOT . '/webportal/class/webportalmember.class.php';
90require_once DOL_DOCUMENT_ROOT . '/webportal/class/webportalpartnership.class.php';
91
92// Init session. Name of session is specific to WEBPORTAL instance.
93// Must be done after the include of filefunc.inc.php so global variables of conf file are defined (like $dolibarr_main_instance_unique_id or $dolibarr_main_force_https).
94// Note: the function dol_getprefix is defined into functions.lib.php but may have been defined to return a different key to manage another area to protect.
95$prefix = dol_getprefix('');
96$sessionname = 'WEBPORTAL_SESSID_' . $prefix;
97$sessiontimeout = 'WEBPORTAL_SESSTIMEOUT_' . $prefix;
98if (!empty($_COOKIE[$sessiontimeout]) && session_status() === PHP_SESSION_NONE) {
99 ini_set('session.gc_maxlifetime', $_COOKIE[$sessiontimeout]);
100}
101
103
104
105$hookmanager->initHooks(array('main'));
106
107$logged_user = new User($db);
108$anti_spam_session_key = 'dol_antispam_value';
109
110if (!defined('NOREQUIREDB') && empty($conf->webportal->enabled)) {
111 accessforbidden('Module not activated');
112}
113
114if (!defined('WEBPORTAL_NOREQUIRETRAN') || (!defined('WEBPORTAL_NOLOGIN') && !empty($context->controllerInstance->accessNeedLoggedUser))) {
115 if (!is_object($langs)) { // This can occurs when calling page with NOREQUIRETRAN defined, however we need langs for error messages.
116 include_once DOL_DOCUMENT_ROOT . '/core/class/translate.class.php';
117 $langs = new Translate("", $conf);
118 $langcode = (GETPOST('lang', 'aZ09', 1) ? GETPOST('lang', 'aZ09', 1) : (empty($logged_user->conf->MAIN_LANG_DEFAULT) ? (!getDolGlobalString('MAIN_LANG_DEFAULT') ? 'auto' : $conf->global->MAIN_LANG_DEFAULT) : $logged_user->conf->MAIN_LANG_DEFAULT));
119 if (defined('MAIN_LANG_DEFAULT')) {
120 $langcode = constant('MAIN_LANG_DEFAULT');
121 }
122 $langs->setDefaultLang($langcode);
123 }
124 $langs->loadLangs(array('website', 'main'));
125}
126
127/*
128 * Phase authentication / login
129 */
130if (!defined('WEBPORTAL_NOLOGIN') && !empty($context->controllerInstance->accessNeedLoggedUser)) {
131 $admin_error_messages = array();
132 $webportal_logged_thirdparty_account_id = isset($_SESSION["webportal_logged_thirdparty_account_id"]) && $_SESSION["webportal_logged_thirdparty_account_id"] > 0 ? $_SESSION["webportal_logged_thirdparty_account_id"] : 0;
133
134 if (empty($webportal_logged_thirdparty_account_id)) {
135 // It is not already authenticated and it requests the login / password
136 $langs->loadLangs(array("other", "help", "admin"));
137
138 $error = 0;
139 $action = GETPOST('action_login', 'alphanohtml');
140
141 if ($action == 'login') {
142 $login = GETPOST('login', 'alphanohtml');
143 $password = GETPOST('password', 'password');
144 // $security_code = GETPOST('security_code', 'alphanohtml');
145
146 if (empty($login)) {
147 $context->setEventMessage($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Login")), 'errors');
148 $focus_element = 'login';
149 $error++;
150 }
151 if (empty($password)) {
152 $context->setEventMessage($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Password")), 'errors');
153 if (empty($focus_element)) {
154 $focus_element = 'password';
155 }
156 $error++;
157 }
158 // check security graphic code
159 //if (!$error && (array_key_exists($anti_spam_session_key, $_SESSION) === false ||
160 // (strtolower($_SESSION[$anti_spam_session_key]) !== strtolower($security_code)))
161 //) {
162 // $context->setEventMessage($langs->trans("ErrorBadValueForCode"), 'errors');
163 // if (empty($focus_element)) $focus_element = 'security_code';
164 // $error++;
165 //}
166
167 if (!$error) {
168 // fetch third-party account from login and account type
169 $thirdparty_account_id = $context->getThirdPartyAccountFromLogin($login, $password);
170 if ($thirdparty_account_id <= 0) {
171 $error++;
172 dol_syslog($langs->transnoentitiesnoconv('WebPortalErrorFetchThirdPartyAccountFromLogin', $login), LOG_WARNING);
173 $context->setEventMessage($langs->transnoentitiesnoconv('WebPortalErrorAuthentication'), 'errors');
174 } else {
175 $_SESSION["webportal_logged_thirdparty_account_id"] = $thirdparty_account_id;
176 $webportal_logged_thirdparty_account_id = $thirdparty_account_id;
177 $context->controller = 'default';
178 $context->initController();
179 }
180 }
181 }
182
183 if (empty($webportal_logged_thirdparty_account_id)) {
184 // Set cookie for timeout management
185 if (getDolGlobalString('MAIN_SESSION_TIMEOUT')) {
186 setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", '', !empty($dolibarr_main_force_https), true);
187 }
188
189 $context->controller = 'login';
190 $context->initController();
191 }
192 }
193
194 if ($webportal_logged_thirdparty_account_id > 0) {
195 $error = 0;
196
197 // We are already into an authenticated session
198 $websiteaccount = new SocieteAccount($db);
199 $result = $websiteaccount->fetch($webportal_logged_thirdparty_account_id);
200
201 if ($result <= 0) {
202 $error++;
203
204 // Account has been removed after login
205 dol_syslog("Can't load third-party account (ID: $webportal_logged_thirdparty_account_id) even if session logged.", LOG_WARNING);
206 session_destroy();
207 session_set_cookie_params(0, '/', null, !empty($dolibarr_main_force_https), true); // Add tag secure and httponly on session cookie
208 session_name($sessionname);
209 session_start();
210
211 $context->setEventMessage($langs->transnoentitiesnoconv('WebPortalErrorFetchLoggedThirdPartyAccount', $webportal_logged_thirdparty_account_id), 'errors');
212 }
213
214 if (!$error) {
215 $user_id = getDolGlobalInt('WEBPORTAL_USER_LOGGED');
216
217 if ($user_id <= 0) {
218 $error++;
219 $error_msg = $langs->transnoentitiesnoconv('WebPortalSetupNotComplete');
220 dol_syslog($error_msg, LOG_WARNING);
221 $context->setEventMessages($error_msg, null, 'errors');
222 }
223
224 if (!$error) {
225 $result = $logged_user->fetch($user_id);
226 if ($result <= 0) {
227 $error++;
228 $error_msg = $langs->transnoentitiesnoconv('WebPortalErrorFetchLoggedUser', $user_id);
229 dol_syslog($error_msg, LOG_ERR);
230 $context->setEventMessages($error_msg, null, 'errors');
231 }
232 }
233
234 if (!$error) {
235 // get third-party
236 $logged_thirdparty = $websiteaccount->thirdparty;
237 if (!$logged_thirdparty || !($logged_thirdparty->id > 0)) {
238 $result = $websiteaccount->fetch_thirdparty();
239 if ($result < 0) {
240 $error_msg = $langs->transnoentitiesnoconv('WebPortalErrorFetchLoggedThirdParty', $websiteaccount->fk_soc);
241 //dol_syslog("Can't load third-party (ID: ".$websiteaccount->fk_soc.") even if session logged.", LOG_ERR);
242 dol_syslog($error_msg, LOG_ERR);
243 $context->setEventMessage($error_msg, 'errors');
244 $error++;
245 }
246 }
247
248 if (!$error) {
249 $logged_thirdparty = $websiteaccount->thirdparty;
250
251 // get member
252 $logged_member = new WebPortalMember($db);
253 $result = $logged_member->fetch(0, '', $websiteaccount->thirdparty->id);
254 if ($result < 0) {
255 $error++;
256 $error_msg = $langs->transnoentitiesnoconv('WebPortalErrorFetchLoggedMember', $websiteaccount->thirdparty->id);
257 dol_syslog($error_msg, LOG_ERR);
258 $context->setEventMessage($error_msg, 'errors');
259 }
260
261 if (!$error && $logged_member->id > 0) {
262 // get partnership
263 $logged_partnership = new WebPortalPartnership($db);
264 // @phan-suppress-next-line PhanPluginSuspiciousParamPosition
265 $result = $logged_partnership->fetch(0, '', $logged_member->id, $websiteaccount->thirdparty->id);
266 if ($result < 0) {
267 $error++;
268 $error_msg = $langs->transnoentitiesnoconv('WebPortalErrorFetchLoggedPartnership', $websiteaccount->thirdparty->id, $logged_member->id);
269 dol_syslog($error_msg, LOG_ERR);
270 $context->setEventMessage($error_msg, 'errors');
271 }
272 }
273
274 if (!$error) {
275 if ($logged_thirdparty->default_lang != $langs->defaultlang && !defined('WEBPORTAL_NOREQUIRETRAN')) {
276 if (!is_object($langs)) { // This can occurs when calling page with NOREQUIRETRAN defined, however we need langs for error messages.
277 include_once DOL_DOCUMENT_ROOT . '/core/class/translate.class.php';
278 $langs = new Translate("", $conf);
279 $langs->setDefaultLang($logged_thirdparty->default_lang);
280 }
281 $langs->loadLangs(array('website', 'main'));
282 }
283
284 $context->logged_user = $logged_user;
285 $context->logged_thirdparty = $logged_thirdparty;
286 $context->logged_member = $logged_member;
287 $context->logged_partnership = $logged_partnership;
288 }
289 }
290 }
291 }
292 }
293}
static getInstance()
Singleton method to create one instance of this object.
Class for SocieteAccount.
Class to manage translations.
Class to manage Dolibarr users.
Class for WebPortalMember.
Class for WebPortalPartnership.
getDolGlobalInt($key, $default=0)
Return a Dolibarr global constant int value.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
getDolGlobalString($key, $default='')
Return a Dolibarr global constant string value.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
conf($dolibarr_main_document_root)
Load conf file (file must exists)
Definition inc.php:420
global $conf
The following vars must be defined: $type2label $form $conf, $lang, The following vars may also be de...
Definition member.php:79
$context
@method int call_trigger(string $triggerName, User $user)
Definition logout.php:42
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.