40 if (is_numeric($key) && $key ==
'1') {
41 $output_tab = array();
43 for ($i = 0; $i < $strlength; $i++) {
44 $output_tab[$i] = chr(ord(substr($chain, $i, 1)) + 17);
46 $chain = implode(
"", $output_tab);
50 for ($i = 0; $i < $strlength; $i++) {
51 $keychar = substr($key, ($i % strlen($key)) - 1, 1);
52 $result .= chr(ord(substr($chain, $i, 1)) + (ord($keychar) - 65));
57 return base64_encode($chain);
71 $chain = base64_decode($chain);
73 if (is_numeric($key) && $key ==
'1') {
74 $output_tab = array();
76 for ($i = 0; $i < $strlength; $i++) {
77 $output_tab[$i] = chr(ord(substr($chain, $i, 1)) - 17);
80 $chain = implode(
"", $output_tab);
84 for ($i = 0; $i < $strlength; $i++) {
85 $keychar = substr($key, ($i % strlen($key)) - 1, 1);
86 $result .= chr(ord(substr($chain, $i, 1)) - (ord($keychar) - 65));
102 if (function_exists(
'random_bytes')) {
103 return bin2hex(random_bytes((
int) floor($length / 2)));
106 return bin2hex(openssl_random_pseudo_bytes((
int) floor($length / 2)));
122 function dolEncrypt($chain, $key =
'', $ciphering =
'AES-256-CTR', $forceseed =
'')
125 global $dolibarr_disable_dolcrypt_for_debug;
127 if ($chain ===
'' || is_null($chain)) {
132 if (preg_match(
'/^dolcrypt:([^:]+):(.+)$/', $chain, $reg)) {
138 $key = $conf->file->instance_unique_id;
140 if (empty($ciphering)) {
141 $ciphering =
'AES-256-CTR';
146 if (function_exists(
'openssl_encrypt') && empty($dolibarr_disable_dolcrypt_for_debug)) {
148 if (function_exists(
'openssl_cipher_iv_length')) {
149 $ivlen = openssl_cipher_iv_length($ciphering);
151 if ($ivlen ===
false || $ivlen < 1 || $ivlen > 32) {
154 if (empty($forceseed)) {
157 $ivseed =
dol_substr(md5($forceseed), 0, $ivlen,
'ascii', 1);
160 $newchain = openssl_encrypt($chain, $ciphering, $key, 0, $ivseed);
161 return 'dolcrypt:'.$ciphering.
':'.$ivseed.
':'.$newchain;
181 if ($chain ===
'' || is_null($chain)) {
186 $key = $conf->file->instance_unique_id;
190 if (preg_match(
'/^dolcrypt:([^:]+):(.+)$/', $chain, $reg)) {
191 $ciphering = $reg[1];
192 if (function_exists(
'openssl_decrypt')) {
194 return 'Error dolDecrypt decrypt key is empty';
196 $tmpexplode = explode(
':', $reg[2]);
197 if (!empty($tmpexplode[1]) && is_string($tmpexplode[0])) {
198 $newchain = openssl_decrypt($tmpexplode[1], $ciphering, $key, 0, $tmpexplode[0]);
200 $newchain = openssl_decrypt($tmpexplode[0], $ciphering, $key, 0,
null);
203 $newchain =
'Error dolDecrypt function openssl_decrypt() not available';
226 if (($type ==
'0' || $type ==
'auto') && !empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'password_hash' && function_exists(
'password_hash')) {
227 return password_hash($chain, PASSWORD_DEFAULT);
231 if (!empty($conf->global->MAIN_SECURITY_SALT) && $type !=
'4' && $type !==
'openldap') {
232 $chain = $conf->global->MAIN_SECURITY_SALT.$chain;
235 if ($type ==
'1' || $type ==
'sha1') {
237 } elseif ($type ==
'2' || $type ==
'sha1md5') {
238 return sha1(md5($chain));
239 } elseif ($type ==
'3' || $type ==
'md5') {
241 } elseif ($type ==
'4' || $type ==
'openldap') {
243 } elseif ($type ==
'5' || $type ==
'sha256') {
244 return hash(
'sha256', $chain);
245 } elseif ($type ==
'6' || $type ==
'password_hash') {
246 return password_hash($chain, PASSWORD_DEFAULT);
247 } elseif (!empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'sha1') {
249 } elseif (!empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'sha1md5') {
250 return sha1(md5($chain));
273 if ($type ==
'0' && !empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'password_hash' && function_exists(
'password_verify')) {
274 if (! empty($hash[0]) && $hash[0] ==
'$') {
275 return password_verify($chain, $hash);
285 return dol_hash($chain, $type) == $hash;
301 $salt = substr(sha1(time()), 0, 8);
303 if ($type ===
'md5') {
304 return '{MD5}' . base64_encode(hash(
"md5", $password,
true));
305 } elseif ($type ===
'md5frommd5') {
306 return '{MD5}' . base64_encode(hex2bin($password));
307 } elseif ($type ===
'smd5') {
308 return "{SMD5}" . base64_encode(hash(
"md5", $password . $salt,
true) . $salt);
309 } elseif ($type ===
'sha') {
310 return '{SHA}' . base64_encode(hash(
"sha1", $password,
true));
311 } elseif ($type ===
'ssha') {
312 return "{SSHA}" . base64_encode(hash(
"sha1", $password . $salt,
true) . $salt);
313 } elseif ($type ===
'sha256') {
314 return "{SHA256}" . base64_encode(hash(
"sha256", $password,
true));
315 } elseif ($type ===
'ssha256') {
316 return "{SSHA256}" . base64_encode(hash(
"sha256", $password . $salt,
true) . $salt);
317 } elseif ($type ===
'sha384') {
318 return "{SHA384}" . base64_encode(hash(
"sha384", $password,
true));
319 } elseif ($type ===
'ssha384') {
320 return "{SSHA384}" . base64_encode(hash(
"sha384", $password . $salt,
true) . $salt);
321 } elseif ($type ===
'sha512') {
322 return "{SHA512}" . base64_encode(hash(
"sha512", $password,
true));
323 } elseif ($type ===
'ssha512') {
324 return "{SSHA512}" . base64_encode(hash(
"sha512", $password . $salt,
true) . $salt);
325 } elseif ($type ===
'crypt') {
326 return '{CRYPT}' . crypt($password, $salt);
327 } elseif ($type ===
'clear') {
328 return '{CLEAR}' . $password;
353 function restrictedArea(
User $user, $features, $object = 0, $tableandshare =
'', $feature2 =
'', $dbt_keyfield =
'fk_soc', $dbt_select =
'rowid', $isdraft = 0, $mode = 0)
359 if (is_object($object)) {
360 $objectid = $object->id;
364 if ($objectid ==
"-1") {
368 $objectid = preg_replace(
'/[^0-9\.\,]/',
'', $objectid);
377 $parentfortableentity =
'';
380 $originalfeatures = $features;
381 if ($features ==
'agenda') {
382 $tableandshare =
'actioncomm&societe';
383 $feature2 =
'myactions|allactions';
386 if ($features ==
'bank') {
387 $features =
'banque';
389 if ($features ==
'facturerec') {
390 $features =
'facture';
392 if ($features ==
'mo') {
395 if ($features ==
'member') {
396 $features =
'adherent';
398 if ($features ==
'subscription') {
399 $features =
'adherent';
400 $feature2 =
'cotisation';
402 if ($features ==
'website' && is_object($object) && $object->element ==
'websitepage') {
403 $parentfortableentity =
'fk_website@website';
405 if ($features ==
'project') {
406 $features =
'projet';
408 if ($features ==
'product') {
409 $features =
'produit';
411 if ($features ==
'productbatch') {
412 $features =
'produit';
414 if ($features ==
'tax') {
415 $feature2 =
'charges';
417 if ($features ==
'workstation') {
418 $feature2 =
'workstation';
420 if ($features ==
'fournisseur') {
421 $features =
'fournisseur';
422 if (is_object($object) && $object->element ==
'invoice_supplier') {
423 $feature2 =
'facture';
424 } elseif (is_object($object) && $object->element ==
'order_supplier') {
425 $feature2 =
'commande';
432 $parameters = array(
'features'=>$features,
'originalfeatures'=>$originalfeatures,
'objectid'=>$objectid,
'dbt_select'=>$dbt_select,
'idtype'=>$dbt_select,
'isdraft'=>$isdraft);
433 $reshook = $hookmanager->executeHooks(
'restrictedArea', $parameters);
435 if (isset($hookmanager->resArray[
'result'])) {
436 if ($hookmanager->resArray[
'result'] == 0) {
449 $featuresarray = array($features);
450 if (preg_match(
'/&/', $features)) {
451 $featuresarray = explode(
"&", $features);
452 } elseif (preg_match(
'/\|/', $features)) {
453 $featuresarray = explode(
"|", $features);
457 if (!empty($feature2)) {
458 $feature2 = explode(
"|", $feature2);
461 $listofmodules = explode(
',', $conf->global->MAIN_MODULES_FOR_EXTERNAL);
466 foreach ($featuresarray as $feature) {
467 $featureforlistofmodule = $feature;
468 if ($featureforlistofmodule ==
'produit') {
469 $featureforlistofmodule =
'product';
471 if ($featureforlistofmodule ==
'supplier_proposal') {
472 $featureforlistofmodule =
'supplierproposal';
474 if (!empty($user->socid) && !empty($conf->global->MAIN_MODULES_FOR_EXTERNAL) && !in_array($featureforlistofmodule, $listofmodules)) {
480 if ($feature ==
'societe' && (empty($feature2) || !in_array(
'contact', $feature2))) {
481 if (!$user->hasRight(
'societe',
'lire') && !$user->hasRight(
'fournisseur',
'lire')) {
485 } elseif (($feature ==
'societe' && (!empty($feature2) && in_array(
'contact', $feature2))) || $feature ==
'contact') {
486 if (empty($user->rights->societe->contact->lire)) {
490 } elseif ($feature ==
'produit|service') {
491 if (empty($user->rights->produit->lire) && empty($user->rights->service->lire)) {
495 } elseif ($feature ==
'prelevement') {
496 if (empty($user->rights->prelevement->bons->lire)) {
500 } elseif ($feature ==
'cheque') {
501 if (empty($user->rights->banque->cheque)) {
505 } elseif ($feature ==
'projet') {
506 if (empty($user->rights->projet->lire) && empty($user->rights->projet->all->lire)) {
510 } elseif ($feature ==
'payment') {
511 if (!$user->hasRight(
'facture',
'lire')) {
515 } elseif ($feature ==
'payment_supplier') {
516 if (empty($user->rights->fournisseur->facture->lire)) {
520 } elseif ($feature ==
'payment_sc') {
521 if (empty($user->rights->tax->charges->lire)) {
525 } elseif (!empty($feature2)) {
527 foreach ($feature2 as $subfeature) {
528 if ($subfeature ==
'user' && $user->id == $objectid) {
531 if ($subfeature ==
'fiscalyear' && $user->hasRight(
'accounting',
'fiscalyear',
'write')) {
536 if (!empty($subfeature) && empty($user->rights->$feature->$subfeature->lire) && empty($user->rights->$feature->$subfeature->read)) {
538 } elseif (empty($subfeature) && empty($user->rights->$feature->lire) && empty($user->rights->$feature->read)) {
549 } elseif (!empty($feature) && ($feature !=
'user' && $feature !=
'usergroup')) {
550 if (empty($user->rights->$feature->lire)
551 && empty($user->rights->$feature->read)
552 && empty($user->rights->$feature->run)) {
560 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
576 $wemustcheckpermissionforcreate = (
GETPOST(
'sendit',
'alpha') ||
GETPOST(
'linkit',
'alpha') || in_array(
GETPOST(
'action',
'aZ09'), array(
'create',
'update',
'set',
'upload',
'add_element_resource',
'confirm_deletebank',
'confirm_delete_linked_resource')) ||
GETPOST(
'roworder',
'alpha', 2));
577 $wemustcheckpermissionfordeletedraft = ((
GETPOST(
"action",
"aZ09") ==
'confirm_delete' &&
GETPOST(
"confirm",
"aZ09") ==
'yes') ||
GETPOST(
"action",
"aZ09") ==
'delete');
579 if ($wemustcheckpermissionforcreate || $wemustcheckpermissionfordeletedraft) {
580 foreach ($featuresarray as $feature) {
581 if ($feature ==
'contact') {
582 if (empty($user->rights->societe->contact->creer)) {
586 } elseif ($feature ==
'produit|service') {
587 if (empty($user->rights->produit->creer) && empty($user->rights->service->creer)) {
591 } elseif ($feature ==
'prelevement') {
592 if (!$user->rights->prelevement->bons->creer) {
596 } elseif ($feature ==
'commande_fournisseur') {
597 if (empty($user->rights->fournisseur->commande->creer) || empty($user->rights->supplier_order->creer)) {
601 } elseif ($feature ==
'banque') {
602 if (!$user->hasRight(
'banque',
'modifier')) {
606 } elseif ($feature ==
'cheque') {
607 if (empty($user->rights->banque->cheque)) {
611 } elseif ($feature ==
'import') {
612 if (empty($user->rights->import->run)) {
616 } elseif ($feature ==
'ecm') {
617 if (!$user->rights->ecm->upload) {
621 } elseif ($feature ==
'modulebuilder') {
622 if (!$user->hasRight(
'modulebuilder',
'run')) {
626 } elseif (!empty($feature2)) {
627 foreach ($feature2 as $subfeature) {
628 if ($subfeature ==
'user' && $user->id == $objectid && $user->hasRight(
'user',
'self',
'creer')) {
631 if ($subfeature ==
'user' && $user->id == $objectid && $user->hasRight(
'user',
'self',
'password')) {
634 if ($subfeature ==
'user' && $user->id != $objectid && $user->hasRight(
'user',
'user',
'password')) {
638 if (empty($user->rights->$feature->$subfeature->creer)
639 && empty($user->rights->$feature->$subfeature->write)
640 && empty($user->rights->$feature->$subfeature->create)) {
649 } elseif (!empty($feature)) {
651 if (empty($user->rights->$feature->creer)
652 && empty($user->rights->$feature->write)
653 && empty($user->rights->$feature->create)) {
661 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
665 if ($wemustcheckpermissionforcreate && !$createok) {
677 if (
GETPOST(
'action',
'aZ09') ==
'confirm_create_user' &&
GETPOST(
"confirm",
'aZ09') ==
'yes') {
678 if (!$user->hasRight(
'user',
'user',
'creer')) {
682 if (!$createuserok) {
695 if ((
GETPOST(
"action",
"aZ09") ==
'confirm_delete' &&
GETPOST(
"confirm",
"aZ09") ==
'yes') ||
GETPOST(
"action",
"aZ09") ==
'delete') {
696 foreach ($featuresarray as $feature) {
697 if ($feature ==
'bookmark') {
698 if (!$user->rights->bookmark->supprimer) {
699 if ($user->id != $object->fk_user || empty($user->rights->bookmark->creer)) {
703 } elseif ($feature ==
'contact') {
704 if (!$user->rights->societe->contact->supprimer) {
707 } elseif ($feature ==
'produit|service') {
708 if (!$user->hasRight(
'produit',
'supprimer') && !$user->hasRight(
'service',
'supprimer')) {
711 } elseif ($feature ==
'commande_fournisseur') {
712 if (!$user->rights->fournisseur->commande->supprimer) {
715 } elseif ($feature ==
'payment_supplier') {
716 if (!$user->rights->fournisseur->facture->creer) {
719 } elseif ($feature ==
'payment') {
720 if (!$user->rights->facture->paiement) {
723 } elseif ($feature ==
'payment_sc') {
724 if (!$user->rights->tax->charges->creer) {
727 } elseif ($feature ==
'banque') {
728 if (!$user->hasRight(
'banque',
'modifier')) {
731 } elseif ($feature ==
'cheque') {
732 if (empty($user->rights->banque->cheque)) {
735 } elseif ($feature ==
'ecm') {
736 if (!$user->rights->ecm->upload) {
739 } elseif ($feature ==
'ftp') {
740 if (!$user->rights->ftp->write) {
743 } elseif ($feature ==
'salaries') {
744 if (!$user->rights->salaries->delete) {
747 } elseif ($feature ==
'adherent') {
748 if (empty($user->rights->adherent->supprimer)) {
751 } elseif ($feature ==
'paymentbybanktransfer') {
752 if (empty($user->rights->paymentbybanktransfer->create)) {
755 } elseif ($feature ==
'prelevement') {
756 if (empty($user->rights->prelevement->bons->creer)) {
759 } elseif (!empty($feature2)) {
760 foreach ($feature2 as $subfeature) {
761 if (empty($user->rights->$feature->$subfeature->supprimer) && empty($user->rights->$feature->$subfeature->delete)) {
768 } elseif (!empty($feature)) {
770 if (empty($user->rights->$feature->supprimer)
771 && empty($user->rights->$feature->delete)
772 && empty($user->rights->$feature->run)) {
779 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
783 if (!$deleteok && !($isdraft && $createok)) {
795 if (!empty($objectid) && $objectid > 0) {
796 $ok =
checkUserAccessToObject($user, $featuresarray, $object, $tableandshare, $feature2, $dbt_keyfield, $dbt_select, $parentfortableentity);
797 $params = array(
'objectid' => $objectid,
'features' => join(
',', $featuresarray),
'features2' => $feature2);
828 function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tableandshare =
'', $feature2 =
'', $dbt_keyfield =
'', $dbt_select =
'rowid', $parenttableforentity =
'')
832 if (is_object($object)) {
833 $objectid = $object->id;
837 $objectid = preg_replace(
'/[^0-9\.\,]/',
'', $objectid);
844 $params = explode(
'&', $tableandshare);
845 $dbtablename = (!empty($params[0]) ? $params[0] :
'');
846 $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename);
848 foreach ($featuresarray as $feature) {
854 if ($feature ==
'societe' && !empty($feature2) && is_array($feature2) && in_array(
'contact', $feature2)) {
855 $feature =
'contact';
858 if ($feature ==
'member') {
859 $feature =
'adherent';
861 if ($feature ==
'project') {
864 if ($feature ==
'task') {
865 $feature =
'projet_task';
867 if ($feature ==
'eventorganization') {
869 $dbtablename =
'actioncomm';
871 if ($feature ==
'payment_sc') {
872 $feature =
"chargesociales";
873 $objectid = $object->fk_charge;
876 $checkonentitydone = 0;
879 $check = array(
'adherent',
'banque',
'bom',
'don',
'mrp',
'user',
'usergroup',
'payment',
'payment_supplier',
'product',
'produit',
'service',
'produit|service',
'categorie',
'resource',
'expensereport',
'holiday',
'salaries',
'website',
'recruitment',
'chargesociales');
880 $checksoc = array(
'societe');
881 $checkparentsoc = array(
'agenda',
'contact',
'contrat');
882 $checkproject = array(
'projet',
'project');
883 $checktask = array(
'projet_task');
884 $checkhierarchy = array(
'expensereport',
'holiday');
885 $checkuser = array(
'bookmark');
886 $nocheck = array(
'barcode',
'stock');
891 if (empty($dbtablename)) {
892 $dbtablename = $feature;
893 $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename);
897 if ($dbt_select !=
'rowid' && $dbt_select !=
'id') {
898 $objectid =
"'".$objectid.
"'";
902 if (in_array($feature, $check) && $objectid > 0) {
903 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
904 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
905 if (($feature ==
'user' || $feature ==
'usergroup') &&
isModEnabled(
'multicompany')) {
906 if (!empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) {
907 if ($conf->entity == 1 && $user->admin && !$user->entity) {
908 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
909 $sql .=
" AND dbt.entity IS NOT NULL";
911 $sql .=
",".MAIN_DB_PREFIX.
"usergroup_user as ug";
912 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
913 $sql .=
" AND ((ug.fk_user = dbt.rowid";
914 $sql .=
" AND ug.entity IN (".getEntity(
'usergroup').
"))";
915 $sql .=
" OR dbt.entity = 0)";
918 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
919 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
923 if ($parenttableforentity && preg_match(
'/(.*)@(.*)/', $parenttableforentity, $reg)) {
924 $sql .=
", ".MAIN_DB_PREFIX.$reg[2].
" as dbtp";
925 $sql .=
" WHERE dbt.".$reg[1].
" = dbtp.rowid AND dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
926 $sql .=
" AND dbtp.entity IN (".getEntity($sharedelement, 1).
")";
928 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
929 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
932 $checkonentitydone = 1;
934 if (in_array($feature, $checksoc) && $objectid > 0) {
936 if ($user->socid > 0) {
937 if ($user->socid != $objectid) {
940 } elseif (
isModEnabled(
"societe") && ($user->hasRight(
'societe',
'lire') && empty($user->rights->societe->client->voir))) {
942 $sql =
"SELECT COUNT(sc.fk_soc) as nb";
943 $sql .=
" FROM (".MAIN_DB_PREFIX.
"societe_commerciaux as sc";
944 $sql .=
", ".MAIN_DB_PREFIX.
"societe as s)";
945 $sql .=
" WHERE sc.fk_soc IN (".$db->sanitize($objectid, 1).
")";
946 $sql .=
" AND sc.fk_user = ".((int) $user->id);
947 $sql .=
" AND sc.fk_soc = s.rowid";
948 $sql .=
" AND s.entity IN (".getEntity($sharedelement, 1).
")";
951 $sql =
"SELECT COUNT(s.rowid) as nb";
952 $sql .=
" FROM ".MAIN_DB_PREFIX.
"societe as s";
953 $sql .=
" WHERE s.rowid IN (".$db->sanitize($objectid, 1).
")";
954 $sql .=
" AND s.entity IN (".getEntity($sharedelement, 1).
")";
957 $checkonentitydone = 1;
959 if (in_array($feature, $checkparentsoc) && $objectid > 0) {
961 if ($user->socid > 0) {
962 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
963 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
964 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
965 $sql .=
" AND dbt.fk_soc = ".((int) $user->socid);
966 } elseif (
isModEnabled(
"societe") && ($user->hasRight(
'societe',
'lire') && empty($user->rights->societe->client->voir))) {
968 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
969 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
970 $sql .=
" LEFT JOIN ".MAIN_DB_PREFIX.
"societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
971 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
972 $sql .=
" AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)";
973 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
976 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
977 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
978 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
979 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
982 $checkonentitydone = 1;
984 if (in_array($feature, $checkproject) && $objectid > 0) {
985 if (
isModEnabled(
'project') && empty($user->rights->projet->all->lire)) {
986 $projectid = $objectid;
988 include_once DOL_DOCUMENT_ROOT.
'/projet/class/project.class.php';
989 $projectstatic =
new Project($db);
990 $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
992 $tmparray = explode(
',', $tmps);
993 if (!in_array($projectid, $tmparray)) {
997 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
998 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
999 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1000 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1002 $checkonentitydone = 1;
1004 if (in_array($feature, $checktask) && $objectid > 0) {
1005 if (
isModEnabled(
'project') && empty($user->rights->projet->all->lire)) {
1006 $task =
new Task($db);
1007 $task->fetch($objectid);
1008 $projectid = $task->fk_project;
1010 include_once DOL_DOCUMENT_ROOT.
'/projet/class/project.class.php';
1011 $projectstatic =
new Project($db);
1012 $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
1014 $tmparray = explode(
',', $tmps);
1015 if (!in_array($projectid, $tmparray)) {
1019 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1020 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1021 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1022 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1025 $checkonentitydone = 1;
1029 if (!$checkonentitydone && !in_array($feature, $nocheck) && $objectid > 0) {
1031 if ($user->socid > 0) {
1032 if (empty($dbt_keyfield)) {
1033 dol_print_error(
'',
'Param dbt_keyfield is required but not defined');
1035 $sql =
"SELECT COUNT(dbt.".$dbt_keyfield.
") as nb";
1036 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1037 $sql .=
" WHERE dbt.rowid IN (".$db->sanitize($objectid, 1).
")";
1038 $sql .=
" AND dbt.".$dbt_keyfield.
" = ".((int) $user->socid);
1039 } elseif (
isModEnabled(
"societe") && empty($user->rights->societe->client->voir)) {
1041 if ($feature !=
'ticket') {
1042 if (empty($dbt_keyfield)) {
1043 dol_print_error(
'',
'Param dbt_keyfield is required but not defined');
1045 $sql =
"SELECT COUNT(sc.fk_soc) as nb";
1046 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1047 $sql .=
", ".MAIN_DB_PREFIX.
"societe_commerciaux as sc";
1048 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1049 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1050 $sql .=
" AND sc.fk_soc = dbt.".$dbt_keyfield;
1051 $sql .=
" AND sc.fk_user = ".((int) $user->id);
1054 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1055 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1056 $sql .=
" LEFT JOIN ".MAIN_DB_PREFIX.
"societe_commerciaux as sc ON sc.fk_soc = dbt.".$dbt_keyfield.
" AND sc.fk_user = ".((int) $user->id);
1057 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1058 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1059 $sql .=
" AND (sc.fk_user = ".((int) $user->id).
" OR sc.fk_user IS NULL)";
1063 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1064 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1065 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1066 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1071 if ($feature ===
'agenda' && $objectid > 0) {
1073 if ($objectid > 0 && empty($user->rights->agenda->allactions->read)) {
1074 require_once DOL_DOCUMENT_ROOT.
'/comm/action/class/actioncomm.class.php';
1076 $action->fetch($objectid);
1077 if ($action->authorid != $user->id && $action->userownerid != $user->id && !(array_key_exists($user->id, $action->userassigned))) {
1085 if (in_array($feature, $checkhierarchy) && is_object($object) && $objectid > 0) {
1086 $childids = $user->getAllChildIds(1);
1088 if ($feature ==
'holiday') {
1089 $useridtocheck = $object->fk_user;
1090 if (!in_array($object->fk_user, $childids) && !in_array($object->fk_validator, $childids)) {
1094 if ($feature ==
'expensereport') {
1095 $useridtocheck = $object->fk_user_author;
1096 if (!$user->rights->expensereport->readall) {
1097 if (!in_array($useridtocheck, $childids)) {
1106 if (in_array($feature, $checkuser) && is_object($object) && $objectid > 0) {
1107 $useridtocheck = $object->fk_user;
1108 if (!empty($useridtocheck) && $useridtocheck > 0 && $useridtocheck != $user->id && empty($user->admin)) {
1114 $resql = $db->query(
$sql);
1116 $obj = $db->fetch_object($resql);
1117 if (!$obj || $obj->nb < count(explode(
',', $objectid))) {
1121 dol_syslog(
"Bad forged sql in checkUserAccessToObject", LOG_WARNING);
1145 http_response_code($http_response_code);
1147 if ($stringalreadysanitized) {
1150 print htmlentities($message);
1169 function accessforbidden($message =
'', $printheader = 1, $printfooter = 1, $showonlymessage = 0, $params =
null)
1171 global $conf, $db, $user, $langs, $hookmanager;
1172 global $action, $object;
1174 if (!is_object($langs)) {
1175 include_once DOL_DOCUMENT_ROOT.
'/core/class/translate.class.php';
1177 $langs->setDefaultLang();
1180 $langs->load(
"errors");
1183 if (function_exists(
"llxHeader")) {
1185 } elseif (function_exists(
"llxHeaderVierge")) {
1189 print
'<div class="error">';
1190 if (empty($message)) {
1191 print $langs->trans(
"ErrorForbidden");
1193 print $langs->trans($message);
1197 if (empty($showonlymessage)) {
1198 if (empty($hookmanager)) {
1199 include_once DOL_DOCUMENT_ROOT.
'/core/class/hookmanager.class.php';
1202 $hookmanager->initHooks(array(
'main'));
1205 $parameters = array(
'message'=>$message,
'params'=>$params);
1206 $reshook = $hookmanager->executeHooks(
'getAccessForbiddenMessage', $parameters, $object, $action);
1207 print $hookmanager->resPrint;
1208 if (empty($reshook)) {
1209 $langs->loadLangs(array(
"errors"));
1211 print $langs->trans(
"CurrentLogin").
': <span class="error">'.$user->login.
'</span><br>';
1212 print $langs->trans(
"ErrorForbidden2", $langs->transnoentitiesnoconv(
"Home"), $langs->transnoentitiesnoconv(
"Users"));
1213 print $langs->trans(
"ErrorForbidden4");
1215 print $langs->trans(
"ErrorForbidden3");
1219 if ($printfooter && function_exists(
"llxFooter")) {
1237 $max = $conf->global->MAIN_UPLOAD_DOC;
1238 $maxphp = @ini_get(
'upload_max_filesize');
1239 if (preg_match(
'/k$/i', $maxphp)) {
1240 $maxphp = preg_replace(
'/k$/i',
'', $maxphp);
1241 $maxphp = $maxphp * 1;
1243 if (preg_match(
'/m$/i', $maxphp)) {
1244 $maxphp = preg_replace(
'/m$/i',
'', $maxphp);
1245 $maxphp = $maxphp * 1024;
1247 if (preg_match(
'/g$/i', $maxphp)) {
1248 $maxphp = preg_replace(
'/g$/i',
'', $maxphp);
1249 $maxphp = $maxphp * 1024 * 1024;
1251 if (preg_match(
'/t$/i', $maxphp)) {
1252 $maxphp = preg_replace(
'/t$/i',
'', $maxphp);
1253 $maxphp = $maxphp * 1024 * 1024 * 1024;
1255 $maxphp2 = @ini_get(
'post_max_size');
1256 if (preg_match(
'/k$/i', $maxphp2)) {
1257 $maxphp2 = preg_replace(
'/k$/i',
'', $maxphp2);
1258 $maxphp2 = $maxphp2 * 1;
1260 if (preg_match(
'/m$/i', $maxphp2)) {
1261 $maxphp2 = preg_replace(
'/m$/i',
'', $maxphp2);
1262 $maxphp2 = $maxphp2 * 1024;
1264 if (preg_match(
'/g$/i', $maxphp2)) {
1265 $maxphp2 = preg_replace(
'/g$/i',
'', $maxphp2);
1266 $maxphp2 = $maxphp2 * 1024 * 1024;
1268 if (preg_match(
'/t$/i', $maxphp2)) {
1269 $maxphp2 = preg_replace(
'/t$/i',
'', $maxphp2);
1270 $maxphp2 = $maxphp2 * 1024 * 1024 * 1024;
1274 $maxphptoshow = $maxphptoshowparam =
'';
1276 $maxmin = min($maxmin, $maxphp);
1277 $maxphptoshow = $maxphp;
1278 $maxphptoshowparam =
'upload_max_filesize';
1281 $maxmin = min($maxmin, $maxphp2);
1282 if ($maxphp2 < $maxphp) {
1283 $maxphptoshow = $maxphp2;
1284 $maxphptoshowparam =
'post_max_size';
1290 return array(
'max'=>$max,
'maxmin'=>$maxmin,
'maxphptoshow'=>$maxphptoshow,
'maxphptoshowparam'=>$maxphptoshowparam);
if(!defined('NOTOKENRENEWAL')) if(!defined('NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined('NOREQUIREAJAX')) if(!defined('NOLOGIN')) if(!defined('NOCSRFCHECK')) if(!defined('NOIPCHECK')) llxHeaderVierge()
Header function.
if(!defined('NOREQUIRESOC')) if(!defined('NOREQUIRETRAN')) if(!defined('NOTOKENRENEWAL')) if(!defined('NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined('NOREQUIREAJAX')) llxHeader()
Empty header.
Class to manage agenda events (actions)
Class to manage projects.
Class to manage translations.
Class to manage Dolibarr users.
if(isModEnabled('facture') && $user->hasRight('facture', 'lire')) if((isModEnabled('fournisseur') &&empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD) && $user->hasRight("fournisseur", "facture", "lire"))||(isModEnabled('supplier_invoice') && $user->hasRight("supplier_invoice", "lire"))) if(isModEnabled('don') && $user->hasRight('don', 'lire')) if(isModEnabled('tax') &&!empty($user->rights->tax->charges->lire)) if(isModEnabled('facture') &&isModEnabled('commande') && $user->hasRight("commande", "lire") &&empty($conf->global->WORKFLOW_DISABLE_CREATE_INVOICE_FROM_ORDER)) $sql
Social contributions to pay.
dol_print_error($db='', $error='', $errors=null)
Displays error message system with all the information to facilitate the diagnosis and the escalation...
dol_strlen($string, $stringencoding='UTF-8')
Make a strlen call.
dol_substr($string, $start, $length=null, $stringencoding='', $trunconbytes=0)
Make a substring.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
isModEnabled($module)
Is Dolibarr module enabled.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
if(!defined('NOREQUIREMENU')) if(!empty(GETPOST('seteventmessages', 'alpha'))) if(!function_exists("llxHeader")) top_httphead($contenttype='text/html', $forcenocache=0)
Show HTTP header.
dolEncrypt($chain, $key='', $ciphering='AES-256-CTR', $forceseed='')
Encode a string with a symetric encryption.
dolGetRandomBytes($length)
Return a string of random bytes (hexa string) with length = $length fro cryptographic purposes.
dol_encode($chain, $key='1')
Encode a string with base 64 algorithm + specific delta change.
checkUserAccessToObject($user, array $featuresarray, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='', $dbt_select='rowid', $parenttableforentity='')
Check that access by a given user to an object is ok.
dol_verifyHash($chain, $hash, $type='0')
Compute a hash and compare it to the given one For backward compatibility reasons,...
getMaxFileSizeArray()
Return the max allowed for file upload.
restrictedArea(User $user, $features, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid', $isdraft=0, $mode=0)
Check permissions of a user to show a page and an object.
dol_decode($chain, $key='1')
Decode a base 64 encoded + specific delta change.
dolGetLdapPasswordHash($password, $type='md5')
Returns a specific ldap hash of a password.
httponly_accessforbidden($message=1, $http_response_code=403, $stringalreadysanitized=0)
Show a message to say access is forbidden and stop program.
dolDecrypt($chain, $key='')
Decode a string with a symetric encryption.
dol_hash($chain, $type='0')
Returns a hash (non reversible encryption) of a string.
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.