dolibarr 21.0.0-beta
server_other.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2006-2016 Laurent Destailleur <eldy@users.sourceforge.net>
3 * Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
4 * Copyright (C) 2024 Frédéric France <frederic.france@free.fr>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <https://www.gnu.org/licenses/>.
18 */
19
25if (!defined('NOCSRFCHECK')) {
26 define('NOCSRFCHECK', '1'); // Do not check anti CSRF attack test
27}
28if (!defined('NOTOKENRENEWAL')) {
29 define('NOTOKENRENEWAL', '1'); // Do not check anti POST attack test
30}
31if (!defined('NOREQUIREMENU')) {
32 define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu
33}
34if (!defined('NOREQUIREHTML')) {
35 define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
36}
37if (!defined('NOREQUIREAJAX')) {
38 define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library
39}
40if (!defined("NOLOGIN")) {
41 define("NOLOGIN", '1'); // If this page is public (can be called outside logged session)
42}
43if (!defined("NOSESSION")) {
44 define("NOSESSION", '1');
45}
46
47require '../main.inc.php';
48require_once NUSOAP_PATH.'/nusoap.php'; // Include SOAP
49require_once DOL_DOCUMENT_ROOT.'/core/lib/ws.lib.php';
50require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
51require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
52require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
53
59dol_syslog("Call Dolibarr webservices interfaces");
60
61$langs->load("main");
62
63// Enable and test if module web services is enabled
64if (!getDolGlobalString('MAIN_MODULE_WEBSERVICES')) {
65 $langs->load("admin");
66 dol_syslog("Call Dolibarr webservices interfaces with module webservices disabled");
67 print $langs->trans("WarningModuleNotActive", 'WebServices').'.<br><br>';
68 print $langs->trans("ToActivateModule");
69 exit;
70}
71
72// Create the soap Object
73$server = new nusoap_server();
74$server->soap_defencoding = 'UTF-8';
75$server->decode_utf8 = false;
76$ns = 'http://www.dolibarr.org/ns/';
77$server->configureWSDL('WebServicesDolibarrOther', $ns);
78
79// $server->wsdl is expected to be a nusoap_xmlschema (default = \wsdl)
80// @phan-suppress-next-line PhanUndeclaredProperty
81$server->wsdl->schemaTargetNamespace = $ns;
82
83
84// Define WSDL Authentication object
85$server->wsdl->addComplexType(
86 'authentication',
87 'complexType',
88 'struct',
89 'all',
90 '',
91 array(
92 'dolibarrkey' => array('name' => 'dolibarrkey', 'type' => 'xsd:string'),
93 'sourceapplication' => array('name' => 'sourceapplication', 'type' => 'xsd:string'),
94 'login' => array('name' => 'login', 'type' => 'xsd:string'),
95 'password' => array('name' => 'password', 'type' => 'xsd:string'),
96 'entity' => array('name' => 'entity', 'type' => 'xsd:string'),
97 )
98);
99// Define WSDL Return object
100$server->wsdl->addComplexType(
101 'result',
102 'complexType',
103 'struct',
104 'all',
105 '',
106 array(
107 'result_code' => array('name' => 'result_code', 'type' => 'xsd:string'),
108 'result_label' => array('name' => 'result_label', 'type' => 'xsd:string'),
109 )
110);
111
112// Define WSDL Return object for document
113$server->wsdl->addComplexType(
114 'document',
115 'complexType',
116 'struct',
117 'all',
118 '',
119 array(
120 'filename' => array('name' => 'filename', 'type' => 'xsd:string'),
121 'mimetype' => array('name' => 'mimetype', 'type' => 'xsd:string'),
122 'content' => array('name' => 'content', 'type' => 'xsd:string'),
123 'length' => array('name' => 'length', 'type' => 'xsd:string')
124 )
125);
126
127// Define other specific objects
128// None
129
130
131// 5 styles: RPC/encoded, RPC/literal, Document/encoded (not WS-I compliant), Document/literal, Document/literal wrapped
132// Style merely dictates how to translate a WSDL binding to a SOAP message. Nothing more. You can use either style with any programming model.
133// http://www.ibm.com/developerworks/webservices/library/ws-whichwsdl/
134$styledoc = 'rpc'; // rpc/document (document is an extend into SOAP 1.0 to support unstructured messages)
135$styleuse = 'encoded'; // encoded/literal/literal wrapped
136// Better choice is document/literal wrapped but literal wrapped not supported by nusoap.
137
138// Register WSDL
139$server->register(
140 'getVersions',
141 // Entry values
142 array('authentication' => 'tns:authentication'),
143 // Exit values
144 array('result' => 'tns:result', 'dolibarr' => 'xsd:string', 'os' => 'xsd:string', 'php' => 'xsd:string', 'webserver' => 'xsd:string'),
145 $ns,
146 $ns.'#getVersions',
147 $styledoc,
148 $styleuse,
149 'WS to get Versions'
150);
151
152// Register WSDL
153$server->register(
154 'getDocument',
155 // Entry values
156 array('authentication' => 'tns:authentication', 'modulepart' => 'xsd:string', 'file' => 'xsd:string'),
157 // Exit values
158 array('result' => 'tns:result', 'document' => 'tns:document'),
159 $ns,
160 $ns.'#getDocument',
161 $styledoc,
162 $styleuse,
163 'WS to get document'
164);
165
166
167
174function getVersions($authentication)
175{
176 global $conf;
177
178 dol_syslog("Function: getVersions login=".$authentication['login']);
179
180 if ($authentication['entity']) {
181 $conf->entity = $authentication['entity'];
182 }
183
184 // Init and check authentication
185 $objectresp = array();
186 $errorcode = '';
187 $errorlabel = '';
188 $error = 0;
189 $fuser = check_authentication($authentication, $error, $errorcode, $errorlabel);
190 // Check parameters
191
192
193 if (!$error) {
194 $objectresp['result'] = array('result_code' => 'OK', 'result_label' => '');
195 $objectresp['dolibarr'] = version_dolibarr();
196 $objectresp['os'] = version_os();
197 $objectresp['php'] = version_php();
198 $objectresp['webserver'] = version_webserver();
199 }
200
201 if ($error) {
202 $objectresp = array('result' => array('result_code' => $errorcode, 'result_label' => $errorlabel));
203 }
204
205
206 return $objectresp;
207}
208
209
219function getDocument($authentication, $modulepart, $file, $refname = '')
220{
221 global $db, $conf;
222
223 dol_syslog("Function: getDocument login=".$authentication['login'].' - modulepart='.$modulepart.' - file='.$file);
224
225 if ($authentication['entity']) {
226 $conf->entity = $authentication['entity'];
227 }
228
229 $objectresp = array();
230 $errorcode = '';
231 $errorlabel = '';
232 $error = 0;
233
234 // Properties of doc
235 $original_file = $file;
236 $type = dol_mimetype($original_file);
237 //$relativefilepath = $ref . "/";
238 //$relativepath = $relativefilepath . $ref.'.pdf';
239
240 $accessallowed = 0;
241
242 $fuser = check_authentication($authentication, $error, $errorcode, $errorlabel);
243
244 if ($fuser->socid) {
245 $socid = $fuser->socid;
246 }
247
248 // Check parameters
249 if (!$error && (!$file || !$modulepart)) {
250 $error++;
251 $errorcode = 'BAD_PARAMETERS';
252 $errorlabel = "Parameter file and modulepart must be both provided.";
253 }
254
255 if (!$error) {
256 $fuser->loadRights();
257
258 // Suppression de la chaine de character ../ dans $original_file
259 $original_file = str_replace("../", "/", $original_file);
260
261 // find the subdirectory name as the reference
262 if (empty($refname)) {
263 $refname = basename(dirname($original_file)."/");
264 }
265
266 // Security check
267 $check_access = dol_check_secure_access_document($modulepart, $original_file, $conf->entity, $fuser, $refname);
268 $accessallowed = $check_access['accessallowed'];
269 $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
270 $original_file = $check_access['original_file'];
271
272 // Basic protection (against external users only)
273 if ($fuser->socid > 0) {
274 if ($sqlprotectagainstexternals) {
275 $resql = $db->query($sqlprotectagainstexternals);
276 if ($resql) {
277 $num = $db->num_rows($resql);
278 $i = 0;
279 while ($i < $num) {
280 $obj = $db->fetch_object($resql);
281 if ($fuser->socid != $obj->fk_soc) {
282 $accessallowed = 0;
283 break;
284 }
285 $i++;
286 }
287 }
288 }
289 }
290
291 // Security:
292 // Limit access si droits non corrects
293 if (!$accessallowed) {
294 $errorcode = 'NOT_PERMITTED';
295 $errorlabel = 'Access not allowed';
296 $error++;
297 }
298
299 // Security:
300 // On interdit les remontees de repertoire ainsi que les pipe dans
301 // les noms de fichiers.
302 if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) {
303 dol_syslog("Refused to deliver file ".$original_file);
304 $errorcode = 'REFUSED';
305 $errorlabel = '';
306 $error++;
307 }
308
309 clearstatcache();
310
311 if (!$error) {
312 if (file_exists($original_file)) {
313 dol_syslog("Function: getDocument $original_file content-type=$type");
314
315 $f = fopen($original_file, 'r');
316 $content_file = fread($f, filesize($original_file));
317
318 $objectret = array(
319 'filename' => basename($original_file),
320 'mimetype' => dol_mimetype($original_file),
321 'content' => base64_encode($content_file),
322 'length' => filesize($original_file)
323 );
324
325 // Create return object
326 $objectresp = array(
327 'result' => array('result_code' => 'OK', 'result_label' => ''),
328 'document' => $objectret
329 );
330 } else {
331 dol_syslog("File doesn't exist ".$original_file);
332 $errorcode = 'NOT_FOUND';
333 $errorlabel = '';
334 $error++;
335 }
336 }
337 }
338
339 if ($error) {
340 $objectresp = array(
341 'result' => array('result_code' => $errorcode, 'result_label' => $errorlabel)
342 );
343 }
344
345 return $objectresp;
346}
347
348// Return the results.
349$server->service(file_get_contents("php://input"));
dol_check_secure_access_document
dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser=null, $refname='', $mode='read')
Security check when accessing to a document (used by document.php, viewimage.php and webservices to g...
Definition files.lib.php:2819
version_webserver
version_webserver()
Return web server version.
Definition functions2.lib.php:1909
version_dolibarr
version_dolibarr()
Return Dolibarr version.
Definition functions2.lib.php:1899
version_php
version_php()
Return PHP version.
Definition functions2.lib.php:1874
version_os
version_os($option='')
Return OS version.
Definition functions2.lib.php:1858
dol_mimetype
dol_mimetype($file, $default='application/octet-stream', $mode=0)
Return MIME type of a file from its name with extension.
Definition functions.lib.php:11897
getDolGlobalString
getDolGlobalString($key, $default='')
Return a Dolibarr global constant string value.
Definition functions.lib.php:217
dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition functions.lib.php:2253
$conf
global $conf
The following vars must be defined: $type2label $form $conf, $lang, The following vars may also be de...
Definition member.php:79
getDocument
getDocument($authentication, $modulepart, $file, $refname='')
Method to get a document by webservice.
Definition server_other.php:219
getVersions
getVersions($authentication)
Full methods code.
Definition server_other.php:174
check_authentication
check_authentication($authentication, &$error, &$errorcode, &$errorlabel)
Check authentication array and set error, errorcode, errorlabel.
Definition ws.lib.php:37
Generated on Sun Dec 1 2024 01:00:34 for dolibarr by Doxygen 1.11.0