dolibarr 21.0.0-beta
index.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2016-2017 Laurent Destailleur <eldy@users.sourceforge.net>
3 * Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
4 * Copyright (C) 2024 Frédéric France <frederic.france@free.fr>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <https://www.gnu.org/licenses/>.
18 *
19 * Note about $_SERVER:
20 * REQUEST_URI: /test/before_rewrite/script.php/path/info?q=helloword
21 * PHP_SELF: /test/after_rewrite/script.php/path/info
22 * QUERY_STRING: q=helloword
23 * SCRIPT_NAME: /test/after_rewrite/script.php
24 * PATH_INFO: /path/info
25 * SCRIPT_FILENAME: /var/www/test/php/script.php
26 * __FILE__ : /var/www/test/php/script_included.php
27 */
28
35if (!defined('NOTOKENRENEWAL')) {
36 define('NOTOKENRENEWAL', 1); // Disables token renewal
37}
38if (!defined('NOLOGIN')) {
39 define("NOLOGIN", 1);
40}
41if (!defined('NOCSRFCHECK')) {
42 define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.
43}
44if (!defined('NOREQUIREMENU')) {
45 define('NOREQUIREMENU', '1');
46}
47if (!defined('NOREQUIREHTML')) {
48 define('NOREQUIREHTML', '1');
49}
50if (!defined('NOREQUIREAJAX')) {
51 define('NOREQUIREAJAX', '1');
52}
53if (!defined('NOIPCHECK')) {
54 define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip
55}
56if (!defined('NOBROWSERNOTIF')) {
57 define('NOBROWSERNOTIF', '1');
58}
59
80function llxHeader($head = '', $title = '', $help_url = '', $target = '', $disablejs = 0, $disablehead = 0, $arrayofjs = '', $arrayofcss = '', $morequerystring = '', $morecssonbody = '', $replacemainareaby = '', $disablenofollow = 0, $disablenoindex = 0)
81{
82}
91function llxFooter($comment = '', $zone = 'private', $disabledoutputofmessages = 0)
92{
93}
94
95require '../../master.inc.php';
96require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
97
98
99$error = 0;
100$websitekey = GETPOST('website', 'alpha');
101$pageid = GETPOST('page', 'alpha') ? GETPOST('page', 'alpha') : GETPOST('pageid', 'alpha');
102$pageref = GETPOST('pageref', 'alphanohtml') ? GETPOST('pageref', 'alphanohtml') : '';
103// If page is xx/pagename, xx is a language, we set $pageref to pagename
104$reg = array();
105if (preg_match('/^(\w\w)\/(.*)$/', $pageref, $reg)) {
106 $pageref = $reg[2];
107}
108
109$accessallowed = 1;
110$type = '';
111
112
113if (empty($pageid)) {
114 require_once DOL_DOCUMENT_ROOT.'/website/class/website.class.php';
115 require_once DOL_DOCUMENT_ROOT.'/website/class/websitepage.class.php';
116
117 $object = new Website($db);
118 $object->fetch(0, $websitekey);
119
120 if (empty($object->id)) {
121 if (empty($pageid)) {
122 // Return header 404
123 header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found", true, 404);
124
125 include DOL_DOCUMENT_ROOT.'/public/error-404.php';
126 exit;
127 }
128 }
129
130 $objectpage = new WebsitePage($db);
131
132 if ($pageref) {
133 // @phan-suppress-next-line PhanPluginSuspiciousParamPosition
134 $result = $objectpage->fetch(0, $object->id, $pageref);
135 if ($result > 0) {
136 $pageid = $objectpage->id;
137 } elseif ($result == 0) {
138 // Page not found from ref=pageurl, we try using alternative alias
139 // @phan-suppress-next-line PhanPluginSuspiciousParamPosition
140 $result = $objectpage->fetch(0, $object->id, null, $pageref);
141 if ($result > 0) {
142 $pageid = $objectpage->id;
143 }
144 }
145 } else {
146 if ($object->fk_default_home > 0) {
147 $result = $objectpage->fetch($object->fk_default_home);
148 if ($result > 0) {
149 $pageid = $objectpage->id;
150 }
151 }
152
153 if (empty($pageid)) {
154 $array = $objectpage->fetchAll($object->id); // TODO Can filter on container of type pages only ?
155 if (is_array($array) && count($array) > 0) {
156 $firstrep = reset($array);
157 $pageid = $firstrep->id;
158 }
159 }
160 }
161}
162if (empty($pageid)) {
163 // Return header 404
164 header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found", true, 404);
165
166 $langs->load("website");
167
168 if (!GETPOSTISSET('pageref')) {
169 print $langs->trans("PreviewOfSiteNotYetAvailable", $websitekey);
170 }
171
172 include DOL_DOCUMENT_ROOT.'/public/error-404.php';
173 exit;
174}
175if (empty($pageref)) {
176 $objectpage = new WebsitePage($db);
177 $result = $objectpage->fetch($pageid);
178 if ($result > 0) {
179 $pageref = $objectpage->ref;
180 }
181}
182if (preg_match('/^_(library|service)_page_/', $pageref)) {
183 $originalcontentonly = 1;
184}
185
186$appli = constant('DOL_APPLICATION_TITLE');
187if (getDolGlobalString('MAIN_APPLICATION_TITLE')) {
188 $appli = getDolGlobalString('MAIN_APPLICATION_TITLE');
189}
190
191
192
193/*
194 * View
195 */
196
197//print 'Directory with '.$appli.' websites.<br>';
198
199
200// Security: Delete string ../ into $original_file
201global $dolibarr_main_data_root;
202
203if ($pageid == 'css') { // No more used ?
204 header('Content-type: text/css');
205 // Important: Following code is to avoid page request by browser and PHP CPU at each Dolibarr page access.
206 //if (empty($dolibarr_nocache)) header('Cache-Control: max-age=3600, public, must-revalidate');
207 //else
208 header('Cache-Control: no-cache');
209 $original_file = $dolibarr_main_data_root.($conf->entity > 1 ? '/'.$conf->entity : '').'/website/'.$websitekey.'/styles.css.php';
210} else {
211 $original_file = $dolibarr_main_data_root.($conf->entity > 1 ? '/'.$conf->entity : '').'/website/'.$websitekey.'/page'.$pageid.'.tpl.php';
212}
213
214// Find the subdirectory name as the reference
215$refname = basename(dirname($original_file)."/");
216
217// Security:
218// Limit access if permissions are insufficient
219if (!$accessallowed) {
221}
222
223// Security:
224// On interdit les remontees de repertoire ainsi que les pipe dans
225// les noms de fichiers.
226if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) {
227 dol_syslog("Refused to deliver file ".$original_file);
228 $file = basename($original_file); // Do no show plain path of original_file in shown error message
229 dol_print_error(null, $langs->trans("ErrorFileNameInvalid", $file));
230 exit;
231}
232
233clearstatcache();
234
235$filename = basename($original_file);
236
237// Output file on browser
238dol_syslog("index.php include $original_file $filename content-type=$type");
239$original_file_osencoded = dol_osencode($original_file); // New file name encoded in OS encoding charset
240
241// This test if file exists should be useless. We keep it to find bug more easily
242if (!file_exists($original_file_osencoded)) {
243 // Return header 404
244 header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found", true, 404);
245
246 $langs->load("website");
247 print $langs->trans("RequestedPageHasNoContentYet", $pageid);
248
249 include DOL_DOCUMENT_ROOT.'/public/error-404.php';
250 exit;
251}
252
253
254// Output page content
255define('USEDOLIBARRSERVER', 1);
256if (!isset($originalcontentonly)) {
257 print '<!-- Page content '.$original_file.' rendered with DOLIBARR SERVER : Html with CSS link and html header + Body that was saved into tpl dir -->'."\n";
258}
259include_once $original_file_osencoded; // Note: The pageXXX.tpl.php showed here contains a formatage with dolWebsiteOutput() at end of page.
260
261if (is_object($db)) {
262 $db->close();
263}
if( $user->socid > 0) if(! $user->hasRight('accounting', 'chartofaccount')) $object
Definition card.php:66
if(!defined('NOREQUIRESOC')) if(!defined( 'NOREQUIRETRAN')) if(!defined('NOTOKENRENEWAL')) if(!defined( 'NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined( 'NOREQUIREAJAX')) llxHeader($head='', $title='', $help_url='', $target='', $disablejs=0, $disablehead=0, $arrayofjs='', $arrayofcss='', $morequerystring='', $morecssonbody='', $replacemainareaby='', $disablenofollow=0, $disablenoindex=0)
Empty header.
Definition wrapper.php:71
Class Website.
Class Websitepage.
llxFooter()
Footer empty.
Definition document.php:107
dol_osencode($str)
Return a string encoded into OS filesystem encoding.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
dol_print_error($db=null, $error='', $errors=null)
Displays error message system with all the information to facilitate the diagnosis and the escalation...
getDolGlobalString($key, $default='')
Return a Dolibarr global constant string value.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.