dolibarr 21.0.0-alpha
server_other.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2006-2016 Laurent Destailleur <eldy@users.sourceforge.net>
3 * Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 3 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <https://www.gnu.org/licenses/>.
17 */
18
24if (!defined('NOCSRFCHECK')) {
25 define('NOCSRFCHECK', '1'); // Do not check anti CSRF attack test
26}
27if (!defined('NOTOKENRENEWAL')) {
28 define('NOTOKENRENEWAL', '1'); // Do not check anti POST attack test
29}
30if (!defined('NOREQUIREMENU')) {
31 define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu
32}
33if (!defined('NOREQUIREHTML')) {
34 define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
35}
36if (!defined('NOREQUIREAJAX')) {
37 define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library
38}
39if (!defined("NOLOGIN")) {
40 define("NOLOGIN", '1'); // If this page is public (can be called outside logged session)
41}
42if (!defined("NOSESSION")) {
43 define("NOSESSION", '1');
44}
45
46require '../main.inc.php';
47require_once NUSOAP_PATH.'/nusoap.php'; // Include SOAP
48require_once DOL_DOCUMENT_ROOT.'/core/lib/ws.lib.php';
49require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
50require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
51require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
52
53
54dol_syslog("Call Dolibarr webservices interfaces");
55
56$langs->load("main");
57
58// Enable and test if module web services is enabled
59if (!getDolGlobalString('MAIN_MODULE_WEBSERVICES')) {
60 $langs->load("admin");
61 dol_syslog("Call Dolibarr webservices interfaces with module webservices disabled");
62 print $langs->trans("WarningModuleNotActive", 'WebServices').'.<br><br>';
63 print $langs->trans("ToActivateModule");
64 exit;
65}
66
67// Create the soap Object
68$server = new nusoap_server();
69$server->soap_defencoding = 'UTF-8';
70$server->decode_utf8 = false;
71$ns = 'http://www.dolibarr.org/ns/';
72$server->configureWSDL('WebServicesDolibarrOther', $ns);
73
74// $server->wsdl is expected to be a nusoap_xmlschema (default = \wsdl)
75// @phan-suppress-next-line PhanUndeclaredProperty
76$server->wsdl->schemaTargetNamespace = $ns;
77
78
79// Define WSDL Authentication object
80$server->wsdl->addComplexType(
81 'authentication',
82 'complexType',
83 'struct',
84 'all',
85 '',
86 array(
87 'dolibarrkey' => array('name' => 'dolibarrkey', 'type' => 'xsd:string'),
88 'sourceapplication' => array('name' => 'sourceapplication', 'type' => 'xsd:string'),
89 'login' => array('name' => 'login', 'type' => 'xsd:string'),
90 'password' => array('name' => 'password', 'type' => 'xsd:string'),
91 'entity' => array('name' => 'entity', 'type' => 'xsd:string'),
92 )
93);
94// Define WSDL Return object
95$server->wsdl->addComplexType(
96 'result',
97 'complexType',
98 'struct',
99 'all',
100 '',
101 array(
102 'result_code' => array('name' => 'result_code', 'type' => 'xsd:string'),
103 'result_label' => array('name' => 'result_label', 'type' => 'xsd:string'),
104 )
105);
106
107// Define WSDL Return object for document
108$server->wsdl->addComplexType(
109 'document',
110 'complexType',
111 'struct',
112 'all',
113 '',
114 array(
115 'filename' => array('name' => 'filename', 'type' => 'xsd:string'),
116 'mimetype' => array('name' => 'mimetype', 'type' => 'xsd:string'),
117 'content' => array('name' => 'content', 'type' => 'xsd:string'),
118 'length' => array('name' => 'length', 'type' => 'xsd:string')
119 )
120);
121
122// Define other specific objects
123// None
124
125
126// 5 styles: RPC/encoded, RPC/literal, Document/encoded (not WS-I compliant), Document/literal, Document/literal wrapped
127// Style merely dictates how to translate a WSDL binding to a SOAP message. Nothing more. You can use either style with any programming model.
128// http://www.ibm.com/developerworks/webservices/library/ws-whichwsdl/
129$styledoc = 'rpc'; // rpc/document (document is an extend into SOAP 1.0 to support unstructured messages)
130$styleuse = 'encoded'; // encoded/literal/literal wrapped
131// Better choice is document/literal wrapped but literal wrapped not supported by nusoap.
132
133// Register WSDL
134$server->register(
135 'getVersions',
136 // Entry values
137 array('authentication' => 'tns:authentication'),
138 // Exit values
139 array('result' => 'tns:result', 'dolibarr' => 'xsd:string', 'os' => 'xsd:string', 'php' => 'xsd:string', 'webserver' => 'xsd:string'),
140 $ns,
141 $ns.'#getVersions',
142 $styledoc,
143 $styleuse,
144 'WS to get Versions'
145);
146
147// Register WSDL
148$server->register(
149 'getDocument',
150 // Entry values
151 array('authentication' => 'tns:authentication', 'modulepart' => 'xsd:string', 'file' => 'xsd:string'),
152 // Exit values
153 array('result' => 'tns:result', 'document' => 'tns:document'),
154 $ns,
155 $ns.'#getDocument',
156 $styledoc,
157 $styleuse,
158 'WS to get document'
159);
160
161
162
169function getVersions($authentication)
170{
171 global $conf;
172
173 dol_syslog("Function: getVersions login=".$authentication['login']);
174
175 if ($authentication['entity']) {
176 $conf->entity = $authentication['entity'];
177 }
178
179 // Init and check authentication
180 $objectresp = array();
181 $errorcode = '';
182 $errorlabel = '';
183 $error = 0;
184 $fuser = check_authentication($authentication, $error, $errorcode, $errorlabel);
185 // Check parameters
186
187
188 if (!$error) {
189 $objectresp['result'] = array('result_code' => 'OK', 'result_label' => '');
190 $objectresp['dolibarr'] = version_dolibarr();
191 $objectresp['os'] = version_os();
192 $objectresp['php'] = version_php();
193 $objectresp['webserver'] = version_webserver();
194 }
195
196 if ($error) {
197 $objectresp = array('result' => array('result_code' => $errorcode, 'result_label' => $errorlabel));
198 }
199
200
201 return $objectresp;
202}
203
204
214function getDocument($authentication, $modulepart, $file, $refname = '')
215{
216 global $db, $conf;
217
218 dol_syslog("Function: getDocument login=".$authentication['login'].' - modulepart='.$modulepart.' - file='.$file);
219
220 if ($authentication['entity']) {
221 $conf->entity = $authentication['entity'];
222 }
223
224 $objectresp = array();
225 $errorcode = '';
226 $errorlabel = '';
227 $error = 0;
228
229 // Properties of doc
230 $original_file = $file;
231 $type = dol_mimetype($original_file);
232 //$relativefilepath = $ref . "/";
233 //$relativepath = $relativefilepath . $ref.'.pdf';
234
235 $accessallowed = 0;
236
237 $fuser = check_authentication($authentication, $error, $errorcode, $errorlabel);
238
239 if ($fuser->socid) {
240 $socid = $fuser->socid;
241 }
242
243 // Check parameters
244 if (!$error && (!$file || !$modulepart)) {
245 $error++;
246 $errorcode = 'BAD_PARAMETERS';
247 $errorlabel = "Parameter file and modulepart must be both provided.";
248 }
249
250 if (!$error) {
251 $fuser->loadRights();
252
253 // Suppression de la chaine de character ../ dans $original_file
254 $original_file = str_replace("../", "/", $original_file);
255
256 // find the subdirectory name as the reference
257 if (empty($refname)) {
258 $refname = basename(dirname($original_file)."/");
259 }
260
261 // Security check
262 $check_access = dol_check_secure_access_document($modulepart, $original_file, $conf->entity, $fuser, $refname);
263 $accessallowed = $check_access['accessallowed'];
264 $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
265 $original_file = $check_access['original_file'];
266
267 // Basic protection (against external users only)
268 if ($fuser->socid > 0) {
269 if ($sqlprotectagainstexternals) {
270 $resql = $db->query($sqlprotectagainstexternals);
271 if ($resql) {
272 $num = $db->num_rows($resql);
273 $i = 0;
274 while ($i < $num) {
275 $obj = $db->fetch_object($resql);
276 if ($fuser->socid != $obj->fk_soc) {
277 $accessallowed = 0;
278 break;
279 }
280 $i++;
281 }
282 }
283 }
284 }
285
286 // Security:
287 // Limit access si droits non corrects
288 if (!$accessallowed) {
289 $errorcode = 'NOT_PERMITTED';
290 $errorlabel = 'Access not allowed';
291 $error++;
292 }
293
294 // Security:
295 // On interdit les remontees de repertoire ainsi que les pipe dans
296 // les noms de fichiers.
297 if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) {
298 dol_syslog("Refused to deliver file ".$original_file);
299 $errorcode = 'REFUSED';
300 $errorlabel = '';
301 $error++;
302 }
303
304 clearstatcache();
305
306 if (!$error) {
307 if (file_exists($original_file)) {
308 dol_syslog("Function: getDocument $original_file content-type=$type");
309
310 $f = fopen($original_file, 'r');
311 $content_file = fread($f, filesize($original_file));
312
313 $objectret = array(
314 'filename' => basename($original_file),
315 'mimetype' => dol_mimetype($original_file),
316 'content' => base64_encode($content_file),
317 'length' => filesize($original_file)
318 );
319
320 // Create return object
321 $objectresp = array(
322 'result' => array('result_code' => 'OK', 'result_label' => ''),
323 'document' => $objectret
324 );
325 } else {
326 dol_syslog("File doesn't exist ".$original_file);
327 $errorcode = 'NOT_FOUND';
328 $errorlabel = '';
329 $error++;
330 }
331 }
332 }
333
334 if ($error) {
335 $objectresp = array(
336 'result' => array('result_code' => $errorcode, 'result_label' => $errorlabel)
337 );
338 }
339
340 return $objectresp;
341}
342
343// Return the results.
344$server->service(file_get_contents("php://input"));
dol_check_secure_access_document
dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser=null, $refname='', $mode='read')
Security check when accessing to a document (used by document.php, viewimage.php and webservices to g...
Definition files.lib.php:2759
version_webserver
version_webserver()
Return web server version.
Definition functions2.lib.php:1909
version_dolibarr
version_dolibarr()
Return Dolibarr version.
Definition functions2.lib.php:1899
version_php
version_php()
Return PHP version.
Definition functions2.lib.php:1874
version_os
version_os($option='')
Return OS version.
Definition functions2.lib.php:1858
dol_mimetype
dol_mimetype($file, $default='application/octet-stream', $mode=0)
Return MIME type of a file from its name with extension.
Definition functions.lib.php:11869
getDolGlobalString
getDolGlobalString($key, $default='')
Return a Dolibarr global constant string value.
Definition functions.lib.php:217
dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition functions.lib.php:2251
getDocument
getDocument($authentication, $modulepart, $file, $refname='')
Method to get a document by webservice.
Definition server_other.php:214
getVersions
getVersions($authentication)
Full methods code.
Definition server_other.php:169
check_authentication
check_authentication($authentication, &$error, &$errorcode, &$errorlabel)
Check authentication array and set error, errorcode, errorlabel.
Definition ws.lib.php:37
Generated on Fri Nov 1 2024 01:00:34 for dolibarr by Doxygen 1.11.0