dc/d2e/fileserver_8php_source.html

 <?php

 /* Copyright (C) 2018 Destailleur Laurent <eldy@users.sourceforge.net>

  * Copyright (C) 2019 Regis Houssin   <regis.houssin@inodbox.com>

  *

  * This program is free software; you can redistribute it and/or modify

  * it under the terms of the GNU General Public License as published by

  * the Free Software Foundation; either version 3 of the License, or

  * (at your option) any later version.

  *

  * This program is distributed in the hope that it will be useful,

  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  * GNU General Public License for more details.

  *

  * You should have received a copy of the GNU General Public License

  * along with this program. If not, see <https://www.gnu.org/licenses/>.

  *

  * You can test with the WebDav client cadaver:

  * cadaver http://myurl/dav/fileserver.php

  */


 if (!defined('NOTOKENRENEWAL')) {

   define('NOTOKENRENEWAL', '1');

 }

 if (!defined('NOREQUIREMENU')) {

   define('NOREQUIREMENU', '1'); // If there is no menu to show

 }

 if (!defined('NOREQUIREHTML')) {

   define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php

 }

 if (!defined('NOREQUIREAJAX')) {

   define('NOREQUIREAJAX', '1');

 }

 if (!defined('NOLOGIN')) {

   define("NOLOGIN", 1); // This means this output page does not require to be logged.

 }

 if (!defined('NOCSRFCHECK')) {

   define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.

 }


 require "../main.inc.php";

 require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';

 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';

 require_once DOL_DOCUMENT_ROOT.'/dav/dav.class.php';

 require_once DOL_DOCUMENT_ROOT.'/dav/dav.lib.php';

 require_once DOL_DOCUMENT_ROOT.'/includes/sabre/autoload.php';


 $user = new User($db);

 if (isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_USER'] != '') {

   $user->fetch('', $_SERVER['PHP_AUTH_USER']);

   $user->getrights();

 }


 // Load translation files required by the page

 $langs->loadLangs(array("main", "other"));


 if (empty($conf->dav->enabled)) {

   accessforbidden();

 }


 // Restrict API to some IPs

 if (!empty($conf->global->DAV_RESTRICT_ON_IP)) {

   $allowedip = explode(' ', $conf->global->DAV_RESTRICT_ON_IP);

   $ipremote = getUserRemoteIP();

   if (!in_array($ipremote, $allowedip)) {

     dol_syslog('Remote ip is '.$ipremote.', not into list '.$conf->global->DAV_RESTRICT_ON_IP);

     print 'DAV not allowed from the IP '.$ipremote;

     header('HTTP/1.1 503 DAV not allowed from your IP '.$ipremote);

     //print $conf->global->DAV_RESTRICT_ON_IP;

     exit(0);

   }

 }


 $entity = (GETPOST('entity', 'int') ? GETPOST('entity', 'int') : (!empty($conf->entity) ? $conf->entity : 1));


 // settings

 $publicDir = $conf->dav->multidir_output[$entity].'/public';

 $privateDir = $conf->dav->multidir_output[$entity].'/private';

 $ecmDir = $conf->ecm->multidir_output[$entity];

 $tmpDir = $conf->dav->multidir_output[$entity]; // We need root dir, not a dir that can be deleted

 //var_dump($tmpDir);mkdir($tmpDir);exit;


 // Authentication callback function

 $authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(function ($username, $password) {

   global $user, $conf;

   global $dolibarr_main_authentication, $dolibarr_auto_user;


   if (empty($user->login)) {

     dol_syslog("Failed to authenticate to DAV, login is not provided", LOG_WARNING);

     return false;

   }

   if ($user->socid > 0) {

     dol_syslog("Failed to authenticate to DAV, user is an external user", LOG_WARNING);

     return false;

   }

   if ($user->login != $username) {

     dol_syslog("Failed to authenticate to DAV, login does not match the login of loaded user", LOG_WARNING);

     return false;

   }


   // Authentication mode

   if (empty($dolibarr_main_authentication)) {

     $dolibarr_main_authentication = 'dolibarr';

   }


   // Authentication mode: forceuser

   if ($dolibarr_main_authentication == 'forceuser') {

     if (empty($dolibarr_auto_user)) {

       $dolibarr_auto_user = 'auto';

     }

     if ($dolibarr_auto_user != $username) {

       dol_syslog("Warning: your instance is set to use the automatic forced login '".$dolibarr_auto_user."' that is not the requested login. DAV usage is forbidden in this mode.");

       return false;

     }

   }


   $authmode = explode(',', $dolibarr_main_authentication);

   $entity = (GETPOST('entity', 'int') ? GETPOST('entity', 'int') : (!empty($conf->entity) ? $conf->entity : 1));


   if (checkLoginPassEntity($username, $password, $entity, $authmode, 'dav') != $username) {

     return false;

   }


   // Check if user status is enabled

   if ($user->statut != $user::STATUS_ENABLED) {

     // Status is disabled

     dol_syslog("The user has been disabled.");

     return false;

   }


   // Check if session was unvalidated by a password change

   if (($user->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION["dol_logindate"])) {

     // Session is no more valid

     dol_syslog("The user has a date for session invalidation = ".$user->flagdelsessionsbefore." and a session date = ".$_SESSION["dol_logindate"].". We must invalidate its sessions.");

     return false;

   }


   // Check date validity

   if ($user->isNotIntoValidityDateRange()) {

     // User validity dates are no more valid

     dol_syslog("The user login has a validity between [".$user->datestartvalidity." and ".$user->dateendvalidity."], curren date is ".dol_now());

     return false;

   }


   return true;

 });


 $authBackend->setRealm(constant('DOL_APPLICATION_TITLE').' - WebDAV');


 /*

  * Actions and View

  */


 // Create the root node

 // Setting up the directory tree //

 $nodes = array();


 // Enable directories and features according to DAV setup

 // Public dir

 if (!empty($conf->global->DAV_ALLOW_PUBLIC_DIR)) {

   $nodes[] = new \Sabre\DAV\FS\Directory($publicDir);

 }

 // Private dir

 $nodes[] = new \Sabre\DAV\FS\Directory($privateDir);

 // ECM dir

 if (isModEnabled('ecm') && !empty($conf->global->DAV_ALLOW_ECM_DIR)) {

   $nodes[] = new \Sabre\DAV\FS\Directory($ecmDir);

 }


 // Principals Backend

 //$principalBackend = new \Sabre\DAVACL\PrincipalBackend\Dolibarr($user,$db);

 // /principals

 //$nodes[] = new \Sabre\DAVACL\PrincipalCollection($principalBackend);

 // CardDav & CalDav Backend

 //$carddavBackend   = new \Sabre\CardDAV\Backend\Dolibarr($user,$db,$langs);

 //$caldavBackend    = new \Sabre\CalDAV\Backend\Dolibarr($user,$db,$langs, $cdavLib);

 // /addressbook

 //$nodes[] = new \Sabre\CardDAV\AddressBookRoot($principalBackend, $carddavBackend);

 // /calendars

 //$nodes[] = new \Sabre\CalDAV\CalendarRoot($principalBackend, $caldavBackend);


 // The rootnode needs in turn to be passed to the server class

 $server = new \Sabre\DAV\Server($nodes);


 // If you want to run the SabreDAV server in a custom location (using mod_rewrite for instance)

 // You can override the baseUri here.

 $baseUri = DOL_URL_ROOT.'/dav/fileserver.php/';

 if (isset($baseUri)) {

   $server->setBaseUri($baseUri);

 }


 // Add authentication function

 if ((empty($conf->global->DAV_ALLOW_PUBLIC_DIR)

   || !preg_match('/'.preg_quote(DOL_URL_ROOT.'/dav/fileserver.php/public', '/').'/', $_SERVER["PHP_SELF"]))

   && !preg_match('/^sabreAction=asset&assetName=[a-zA-Z0-9%\-\/]+\.(png|css|woff|ico|ttf)$/', $_SERVER["QUERY_STRING"]) // URL for Sabre browser resources

   ) {

   //var_dump($_SERVER["QUERY_STRING"]);exit;

   $server->addPlugin(new \Sabre\DAV\Auth\Plugin($authBackend));

 }

 // Support for LOCK and UNLOCK

 $lockBackend = new \Sabre\DAV\Locks\Backend\File($tmpDir.'/.locksdb');

 $lockPlugin = new \Sabre\DAV\Locks\Plugin($lockBackend);

 $server->addPlugin($lockPlugin);


 // Support for the html browser

 if (empty($conf->global->DAV_DISABLE_BROWSER)) {

   $browser = new \Sabre\DAV\Browser\Plugin();

   $server->addPlugin($browser);

 }


 // Automatically guess (some) contenttypes, based on extension

 //$server->addPlugin(new \Sabre\DAV\Browser\GuessContentType());


 //$server->addPlugin(new \Sabre\CardDAV\Plugin());

 //$server->addPlugin(new \Sabre\CalDAV\Plugin());

 //$server->addPlugin(new \Sabre\DAVACL\Plugin());


 // Temporary file filter

 /*$tempFF = new \Sabre\DAV\TemporaryFileFilterPlugin($tmpDir);

 $server->addPlugin($tempFF);

 */


 // And off we go!

 $server->exec();


 if (is_object($db)) {

   $db->close();

 }

User
Class to manage Dolibarr users.
Definition: user.class.php:48

dol_now
dol_now($mode='auto')
Return date for now.
Definition: functions.lib.php:3056

GETPOST
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
Definition: functions.lib.php:609

getUserRemoteIP
getUserRemoteIP()
Return the IP of remote user.
Definition: functions.lib.php:3742

isModEnabled
isModEnabled($module)
Is Dolibarr module enabled.
Definition: functions.lib.php:207

dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition: functions.lib.php:1741

if
if(!defined( 'CSRFCHECK_WITH_TOKEN'))
Definition: journals_list.php:25

checkLoginPassEntity
checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode, $context='')
Return a login if login/pass was successfull.
Definition: security2.lib.php:57

accessforbidden
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.
Definition: security.lib.php:1169