40 if (is_numeric($key) && $key ==
'1') {
41 $output_tab = array();
43 for ($i = 0; $i < $strlength; $i++) {
44 $output_tab[$i] = chr(ord(substr($chain, $i, 1)) + 17);
46 $chain = implode(
"", $output_tab);
50 for ($i = 0; $i < $strlength; $i++) {
51 $keychar = substr($key, ($i % strlen($key)) - 1, 1);
52 $result .= chr(ord(substr($chain, $i, 1)) + (ord($keychar) - 65));
57 return base64_encode($chain);
71 $chain = base64_decode($chain);
73 if (is_numeric($key) && $key ==
'1') {
74 $output_tab = array();
76 for ($i = 0; $i < $strlength; $i++) {
77 $output_tab[$i] = chr(ord(substr($chain, $i, 1)) - 17);
80 $chain = implode(
"", $output_tab);
84 for ($i = 0; $i < $strlength; $i++) {
85 $keychar = substr($key, ($i % strlen($key)) - 1, 1);
86 $result .= chr(ord(substr($chain, $i, 1)) - (ord($keychar) - 65));
102 if (function_exists(
'random_bytes')) {
103 return bin2hex(random_bytes((
int) floor($length / 2)));
106 return bin2hex(openssl_random_pseudo_bytes((
int) floor($length / 2)));
119 function dolEncrypt($chain, $key =
'', $ciphering =
"AES-256-CTR")
121 global $dolibarr_main_instance_unique_id;
122 global $dolibarr_disable_dolcrypt_for_debug;
124 if ($chain ===
'' || is_null($chain)) {
129 if (preg_match(
'/^dolcrypt:([^:]+):(.+)$/', $chain, $reg)) {
135 $key = $dolibarr_main_instance_unique_id;
140 if (function_exists(
'openssl_encrypt') && empty($dolibarr_disable_dolcrypt_for_debug)) {
142 if (function_exists(
'openssl_cipher_iv_length')) {
143 $ivlen = openssl_cipher_iv_length($ciphering);
145 if ($ivlen ===
false || $ivlen < 1 || $ivlen > 32) {
150 $newchain = openssl_encrypt($chain, $ciphering, $key, 0, $ivseed);
151 return 'dolcrypt:'.$ciphering.
':'.$ivseed.
':'.$newchain;
168 global $dolibarr_main_instance_unique_id;
170 if ($chain ===
'' || is_null($chain)) {
175 $key = $dolibarr_main_instance_unique_id;
179 if (preg_match(
'/^dolcrypt:([^:]+):(.+)$/', $chain, $reg)) {
180 $ciphering = $reg[1];
181 if (function_exists(
'openssl_decrypt')) {
183 return 'Error dolDecrypt decrypt key is empty';
185 $tmpexplode = explode(
':', $reg[2]);
186 if (!empty($tmpexplode[1]) && is_string($tmpexplode[0])) {
187 $newchain = openssl_decrypt($tmpexplode[1], $ciphering, $key, 0, $tmpexplode[0]);
189 $newchain = openssl_decrypt($tmpexplode[0], $ciphering, $key, 0,
null);
192 $newchain =
'Error dolDecrypt function openssl_decrypt() not available';
215 if (($type ==
'0' || $type ==
'auto') && !empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'password_hash' && function_exists(
'password_hash')) {
216 return password_hash($chain, PASSWORD_DEFAULT);
220 if (!empty($conf->global->MAIN_SECURITY_SALT) && $type !=
'4' && $type !==
'openldap') {
221 $chain = $conf->global->MAIN_SECURITY_SALT.$chain;
224 if ($type ==
'1' || $type ==
'sha1') {
226 } elseif ($type ==
'2' || $type ==
'sha1md5') {
227 return sha1(md5($chain));
228 } elseif ($type ==
'3' || $type ==
'md5') {
230 } elseif ($type ==
'4' || $type ==
'openldap') {
232 } elseif ($type ==
'5' || $type ==
'sha256') {
233 return hash(
'sha256', $chain);
234 } elseif ($type ==
'6' || $type ==
'password_hash') {
235 return password_hash($chain, PASSWORD_DEFAULT);
236 } elseif (!empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'sha1') {
238 } elseif (!empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'sha1md5') {
239 return sha1(md5($chain));
262 if ($type ==
'0' && !empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'password_hash' && function_exists(
'password_verify')) {
263 if ($hash[0] ==
'$') {
264 return password_verify($chain, $hash);
265 } elseif (strlen($hash) == 32) {
267 } elseif (strlen($hash) == 40) {
274 return dol_hash($chain, $type) == $hash;
290 $salt = substr(sha1(time()), 0, 8);
292 if ($type ===
'md5') {
293 return '{MD5}' . base64_encode(hash(
"md5", $password,
true));
294 } elseif ($type ===
'md5frommd5') {
295 return '{MD5}' . base64_encode(hex2bin($password));
296 } elseif ($type ===
'smd5') {
297 return "{SMD5}" . base64_encode(hash(
"md5", $password . $salt,
true) . $salt);
298 } elseif ($type ===
'sha') {
299 return '{SHA}' . base64_encode(hash(
"sha1", $password,
true));
300 } elseif ($type ===
'ssha') {
301 return "{SSHA}" . base64_encode(hash(
"sha1", $password . $salt,
true) . $salt);
302 } elseif ($type ===
'sha256') {
303 return "{SHA256}" . base64_encode(hash(
"sha256", $password,
true));
304 } elseif ($type ===
'ssha256') {
305 return "{SSHA256}" . base64_encode(hash(
"sha256", $password . $salt,
true) . $salt);
306 } elseif ($type ===
'sha384') {
307 return "{SHA384}" . base64_encode(hash(
"sha384", $password,
true));
308 } elseif ($type ===
'ssha384') {
309 return "{SSHA384}" . base64_encode(hash(
"sha384", $password . $salt,
true) . $salt);
310 } elseif ($type ===
'sha512') {
311 return "{SHA512}" . base64_encode(hash(
"sha512", $password,
true));
312 } elseif ($type ===
'ssha512') {
313 return "{SSHA512}" . base64_encode(hash(
"sha512", $password . $salt,
true) . $salt);
314 } elseif ($type ===
'crypt') {
315 return '{CRYPT}' . crypt($password, $salt);
316 } elseif ($type ===
'clear') {
317 return '{CLEAR}' . $password;
341 function restrictedArea(
User $user, $features, $object = 0, $tableandshare =
'', $feature2 =
'', $dbt_keyfield =
'fk_soc', $dbt_select =
'rowid', $isdraft = 0, $mode = 0)
346 if (is_object($object)) {
347 $objectid = $object->id;
352 $objectid = preg_replace(
'/[^0-9\.\,]/',
'', $objectid);
360 $parentfortableentity =
'';
363 $originalfeatures = $features;
364 if ($features ==
'facturerec') {
365 $features =
'facture';
367 if ($features ==
'mo') {
370 if ($features ==
'member') {
371 $features =
'adherent';
373 if ($features ==
'subscription') {
374 $features =
'adherent';
375 $feature2 =
'cotisation';
377 if ($features ==
'websitepage') {
378 $features =
'website';
379 $tableandshare =
'website_page';
380 $parentfortableentity =
'fk_website@website';
382 if ($features ==
'project') {
383 $features =
'projet';
385 if ($features ==
'product') {
386 $features =
'produit';
390 $parameters = array(
'features'=>$features,
'originalfeatures'=>$originalfeatures,
'objectid'=>$objectid,
'dbt_select'=>$dbt_select,
'idtype'=>$dbt_select,
'isdraft'=>$isdraft);
391 $reshook = $hookmanager->executeHooks(
'restrictedArea', $parameters);
393 if (isset($hookmanager->resArray[
'result'])) {
394 if ($hookmanager->resArray[
'result'] == 0) {
407 $featuresarray = array($features);
408 if (preg_match(
'/&/', $features)) {
409 $featuresarray = explode(
"&", $features);
410 } elseif (preg_match(
'/\|/', $features)) {
411 $featuresarray = explode(
"|", $features);
415 if (!empty($feature2)) {
416 $feature2 = explode(
"|", $feature2);
419 $listofmodules = explode(
',', $conf->global->MAIN_MODULES_FOR_EXTERNAL);
424 foreach ($featuresarray as $feature) {
425 $featureforlistofmodule = $feature;
426 if ($featureforlistofmodule ==
'produit') {
427 $featureforlistofmodule =
'product';
429 if (!empty($user->socid) && !empty($conf->global->MAIN_MODULES_FOR_EXTERNAL) && !in_array($featureforlistofmodule, $listofmodules)) {
435 if ($feature ==
'societe') {
436 if (!$user->hasRight(
'societe',
'lire') && !$user->hasRight(
'fournisseur',
'lire')) {
440 } elseif ($feature ==
'contact') {
441 if (empty($user->rights->societe->contact->lire)) {
445 } elseif ($feature ==
'produit|service') {
446 if (empty($user->rights->produit->lire) && empty($user->rights->service->lire)) {
450 } elseif ($feature ==
'prelevement') {
451 if (empty($user->rights->prelevement->bons->lire)) {
455 } elseif ($feature ==
'cheque') {
456 if (empty($user->rights->banque->cheque)) {
460 } elseif ($feature ==
'projet') {
461 if (empty($user->rights->projet->lire) && empty($user->rights->projet->all->lire)) {
465 } elseif ($feature ==
'payment') {
466 if (empty($user->rights->facture->lire)) {
470 } elseif ($feature ==
'payment_supplier') {
471 if (empty($user->rights->fournisseur->facture->lire)) {
475 } elseif ($feature ==
'payment_sc') {
476 if (empty($user->rights->tax->charges->lire)) {
480 } elseif (!empty($feature2)) {
482 foreach ($feature2 as $subfeature) {
483 if ($subfeature ==
'user' && $user->id == $objectid) {
486 if (!empty($subfeature) && empty($user->rights->$feature->$subfeature->lire) && empty($user->rights->$feature->$subfeature->read)) {
488 } elseif (empty($subfeature) && empty($user->rights->$feature->lire) && empty($user->rights->$feature->read)) {
499 } elseif (!empty($feature) && ($feature !=
'user' && $feature !=
'usergroup')) {
500 if (empty($user->rights->$feature->lire)
501 && empty($user->rights->$feature->read)
502 && empty($user->rights->$feature->run)) {
510 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
526 $wemustcheckpermissionforcreate = (
GETPOST(
'sendit',
'alpha') ||
GETPOST(
'linkit',
'alpha') || in_array(
GETPOST(
'action',
'aZ09'), array(
'create',
'update',
'add_element_resource',
'confirm_delete_linked_resource')) ||
GETPOST(
'roworder',
'alpha', 2));
527 $wemustcheckpermissionfordeletedraft = ((
GETPOST(
"action",
"aZ09") ==
'confirm_delete' &&
GETPOST(
"confirm",
"aZ09") ==
'yes') ||
GETPOST(
"action",
"aZ09") ==
'delete');
529 if ($wemustcheckpermissionforcreate || $wemustcheckpermissionfordeletedraft) {
530 foreach ($featuresarray as $feature) {
531 if ($feature ==
'contact') {
532 if (empty($user->rights->societe->contact->creer)) {
536 } elseif ($feature ==
'produit|service') {
537 if (empty($user->rights->produit->creer) && empty($user->rights->service->creer)) {
541 } elseif ($feature ==
'prelevement') {
542 if (!$user->rights->prelevement->bons->creer) {
546 } elseif ($feature ==
'commande_fournisseur') {
547 if (empty($user->rights->fournisseur->commande->creer) || empty($user->rights->supplier_order->creer)) {
551 } elseif ($feature ==
'banque') {
552 if (empty($user->rights->banque->modifier)) {
556 } elseif ($feature ==
'cheque') {
557 if (empty($user->rights->banque->cheque)) {
561 } elseif ($feature ==
'import') {
562 if (empty($user->rights->import->run)) {
566 } elseif ($feature ==
'ecm') {
567 if (!$user->rights->ecm->upload) {
571 } elseif (!empty($feature2)) {
572 foreach ($feature2 as $subfeature) {
573 if ($subfeature ==
'user' && $user->id == $objectid && $user->rights->user->self->creer) {
576 if ($subfeature ==
'user' && $user->id == $objectid && $user->rights->user->self->password) {
579 if ($subfeature ==
'user' && $user->id != $objectid && $user->rights->user->user->password) {
583 if (empty($user->rights->$feature->$subfeature->creer)
584 && empty($user->rights->$feature->$subfeature->write)
585 && empty($user->rights->$feature->$subfeature->create)) {
594 } elseif (!empty($feature)) {
596 if (empty($user->rights->$feature->creer)
597 && empty($user->rights->$feature->write)
598 && empty($user->rights->$feature->create)) {
606 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
610 if ($wemustcheckpermissionforcreate && !$createok) {
622 if (
GETPOST(
'action',
'aZ09') ==
'confirm_create_user' &&
GETPOST(
"confirm",
'aZ09') ==
'yes') {
623 if (!$user->rights->user->user->creer) {
627 if (!$createuserok) {
640 if ((
GETPOST(
"action",
"aZ09") ==
'confirm_delete' &&
GETPOST(
"confirm",
"aZ09") ==
'yes') ||
GETPOST(
"action",
"aZ09") ==
'delete') {
641 foreach ($featuresarray as $feature) {
642 if ($feature ==
'bookmark') {
643 if (!$user->rights->bookmark->supprimer) {
644 if ($user->id != $object->fk_user || empty($user->rights->bookmark->creer)) {
648 } elseif ($feature ==
'contact') {
649 if (!$user->rights->societe->contact->supprimer) {
652 } elseif ($feature ==
'produit|service') {
653 if (!$user->rights->produit->supprimer && !$user->rights->service->supprimer) {
656 } elseif ($feature ==
'commande_fournisseur') {
657 if (!$user->rights->fournisseur->commande->supprimer) {
660 } elseif ($feature ==
'payment_supplier') {
661 if (!$user->rights->fournisseur->facture->creer) {
664 } elseif ($feature ==
'payment') {
665 if (!$user->rights->facture->paiement) {
668 } elseif ($feature ==
'payment_sc') {
669 if (!$user->rights->tax->charges->creer) {
672 } elseif ($feature ==
'banque') {
673 if (empty($user->rights->banque->modifier)) {
676 } elseif ($feature ==
'cheque') {
677 if (empty($user->rights->banque->cheque)) {
680 } elseif ($feature ==
'ecm') {
681 if (!$user->rights->ecm->upload) {
684 } elseif ($feature ==
'ftp') {
685 if (!$user->rights->ftp->write) {
688 } elseif ($feature ==
'salaries') {
689 if (!$user->rights->salaries->delete) {
692 } elseif ($feature ==
'adherent') {
693 if (empty($user->rights->adherent->supprimer)) {
696 } elseif ($feature ==
'paymentbybanktransfer') {
697 if (empty($user->rights->paymentbybanktransfer->create)) {
700 } elseif ($feature ==
'prelevement') {
701 if (empty($user->rights->prelevement->bons->creer)) {
704 } elseif (!empty($feature2)) {
705 foreach ($feature2 as $subfeature) {
706 if (empty($user->rights->$feature->$subfeature->supprimer) && empty($user->rights->$feature->$subfeature->delete)) {
713 } elseif (!empty($feature)) {
715 if (empty($user->rights->$feature->supprimer)
716 && empty($user->rights->$feature->delete)
717 && empty($user->rights->$feature->run)) {
724 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
728 if (!$deleteok && !($isdraft && $createok)) {
740 if (!empty($objectid) && $objectid > 0) {
741 $ok =
checkUserAccessToObject($user, $featuresarray, $object, $tableandshare, $feature2, $dbt_keyfield, $dbt_select, $parentfortableentity);
742 $params = array(
'objectid' => $objectid,
'features' => join(
',', $featuresarray),
'features2' => $feature2);
773 function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tableandshare =
'', $feature2 =
'', $dbt_keyfield =
'', $dbt_select =
'rowid', $parenttableforentity =
'')
777 if (is_object($object)) {
778 $objectid = $object->id;
782 $objectid = preg_replace(
'/[^0-9\.\,]/',
'', $objectid);
789 $params = explode(
'&', $tableandshare);
790 $dbtablename = (!empty($params[0]) ? $params[0] :
'');
791 $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename);
793 foreach ($featuresarray as $feature) {
799 if ($feature ==
'member') {
800 $feature =
'adherent';
802 if ($feature ==
'project') {
805 if ($feature ==
'task') {
806 $feature =
'projet_task';
809 $checkonentitydone = 0;
812 $check = array(
'adherent',
'banque',
'bom',
'don',
'mrp',
'user',
'usergroup',
'payment',
'payment_supplier',
'product',
'produit',
'service',
'produit|service',
'categorie',
'resource',
'expensereport',
'holiday',
'salaries',
'website',
'recruitment');
813 $checksoc = array(
'societe');
814 $checkother = array(
'contact',
'agenda',
'contrat');
815 $checkproject = array(
'projet',
'project');
816 $checktask = array(
'projet_task');
817 $checkhierarchy = array(
'expensereport',
'holiday');
818 $checkuser = array(
'bookmark');
819 $nocheck = array(
'barcode',
'stock');
824 if (empty($dbtablename)) {
825 $dbtablename = $feature;
826 $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename);
830 if ($dbt_select !=
'rowid' && $dbt_select !=
'id') {
831 $objectid =
"'".$objectid.
"'";
835 if (in_array($feature, $check) && $objectid > 0) {
836 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
837 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
838 if (($feature ==
'user' || $feature ==
'usergroup') &&
isModEnabled(
'multicompany')) {
839 if (!empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) {
840 if ($conf->entity == 1 && $user->admin && !$user->entity) {
841 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
842 $sql .=
" AND dbt.entity IS NOT NULL";
844 $sql .=
",".MAIN_DB_PREFIX.
"usergroup_user as ug";
845 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
846 $sql .=
" AND ((ug.fk_user = dbt.rowid";
847 $sql .=
" AND ug.entity IN (".getEntity(
'usergroup').
"))";
848 $sql .=
" OR dbt.entity = 0)";
851 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
852 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
856 if ($parenttableforentity && preg_match(
'/(.*)@(.*)/', $parenttableforentity, $reg)) {
857 $sql .=
", ".MAIN_DB_PREFIX.$reg[2].
" as dbtp";
858 $sql .=
" WHERE dbt.".$reg[1].
" = dbtp.rowid AND dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
859 $sql .=
" AND dbtp.entity IN (".getEntity($sharedelement, 1).
")";
861 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
862 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
865 $checkonentitydone = 1;
867 if (in_array($feature, $checksoc) && $objectid > 0) {
869 if ($user->socid > 0) {
870 if ($user->socid != $objectid) {
873 } elseif (
isModEnabled(
"societe") && ($user->hasRight(
'societe',
'lire') && empty($user->rights->societe->client->voir))) {
875 $sql =
"SELECT COUNT(sc.fk_soc) as nb";
876 $sql .=
" FROM (".MAIN_DB_PREFIX.
"societe_commerciaux as sc";
877 $sql .=
", ".MAIN_DB_PREFIX.
"societe as s)";
878 $sql .=
" WHERE sc.fk_soc IN (".$db->sanitize($objectid, 1).
")";
879 $sql .=
" AND sc.fk_user = ".((int) $user->id);
880 $sql .=
" AND sc.fk_soc = s.rowid";
881 $sql .=
" AND s.entity IN (".getEntity($sharedelement, 1).
")";
884 $sql =
"SELECT COUNT(s.rowid) as nb";
885 $sql .=
" FROM ".MAIN_DB_PREFIX.
"societe as s";
886 $sql .=
" WHERE s.rowid IN (".$db->sanitize($objectid, 1).
")";
887 $sql .=
" AND s.entity IN (".getEntity($sharedelement, 1).
")";
890 $checkonentitydone = 1;
892 if (in_array($feature, $checkother) && $objectid > 0) {
894 if ($user->socid > 0) {
895 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
896 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
897 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
898 $sql .=
" AND dbt.fk_soc = ".((int) $user->socid);
899 } elseif (
isModEnabled(
"societe") && ($user->hasRight(
'societe',
'lire') && empty($user->rights->societe->client->voir))) {
901 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
902 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
903 $sql .=
" LEFT JOIN ".MAIN_DB_PREFIX.
"societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
904 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
905 $sql .=
" AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)";
906 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
909 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
910 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
911 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
912 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
915 $checkonentitydone = 1;
917 if (in_array($feature, $checkproject) && $objectid > 0) {
918 if (
isModEnabled(
'project') && empty($user->rights->projet->all->lire)) {
919 $projectid = $objectid;
921 include_once DOL_DOCUMENT_ROOT.
'/projet/class/project.class.php';
922 $projectstatic =
new Project($db);
923 $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
925 $tmparray = explode(
',', $tmps);
926 if (!in_array($projectid, $tmparray)) {
930 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
931 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
932 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
933 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
936 $checkonentitydone = 1;
938 if (in_array($feature, $checktask) && $objectid > 0) {
939 if (
isModEnabled(
'project') && empty($user->rights->projet->all->lire)) {
940 $task =
new Task($db);
941 $task->fetch($objectid);
942 $projectid = $task->fk_project;
944 include_once DOL_DOCUMENT_ROOT.
'/projet/class/project.class.php';
945 $projectstatic =
new Project($db);
946 $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
948 $tmparray = explode(
',', $tmps);
949 if (!in_array($projectid, $tmparray)) {
953 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
954 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
955 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
956 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
959 $checkonentitydone = 1;
961 if (!$checkonentitydone && !in_array($feature, $nocheck) && $objectid > 0) {
963 if ($user->socid > 0) {
964 if (empty($dbt_keyfield)) {
967 $sql =
"SELECT COUNT(dbt.".$dbt_keyfield.
") as nb";
968 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
969 $sql .=
" WHERE dbt.rowid IN (".$db->sanitize($objectid, 1).
")";
970 $sql .=
" AND dbt.".$dbt_keyfield.
" = ".((int) $user->socid);
971 } elseif (
isModEnabled(
"societe") && empty($user->rights->societe->client->voir)) {
973 if ($feature !=
'ticket') {
974 if (empty($dbt_keyfield)) {
977 $sql =
"SELECT COUNT(sc.fk_soc) as nb";
978 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
979 $sql .=
", ".MAIN_DB_PREFIX.
"societe_commerciaux as sc";
980 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
981 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
982 $sql .=
" AND sc.fk_soc = dbt.".$dbt_keyfield;
983 $sql .=
" AND sc.fk_user = ".((int) $user->id);
986 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
987 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
988 $sql .=
" LEFT JOIN ".MAIN_DB_PREFIX.
"societe_commerciaux as sc ON sc.fk_soc = dbt.".$dbt_keyfield.
" AND sc.fk_user = ".((int) $user->id);
989 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
990 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
991 $sql .=
" AND (sc.fk_user = ".((int) $user->id).
" OR sc.fk_user IS NULL)";
995 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
996 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
997 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
998 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1004 if ($feature ===
'agenda' && $objectid > 0) {
1006 if ($objectid > 0 && empty($user->rights->agenda->allactions->read)) {
1007 require_once DOL_DOCUMENT_ROOT.
'/comm/action/class/actioncomm.class.php';
1009 $action->fetch($objectid);
1010 if ($action->authorid != $user->id && $action->userownerid != $user->id && !(array_key_exists($user->id, $action->userassigned))) {
1018 if (in_array($feature, $checkhierarchy) && is_object($object) && $objectid > 0) {
1019 $childids = $user->getAllChildIds(1);
1021 if ($feature ==
'holiday') {
1022 $useridtocheck = $object->fk_user;
1023 if (!in_array($useridtocheck, $childids)) {
1026 $useridtocheck = $object->fk_validator;
1027 if (!in_array($useridtocheck, $childids)) {
1031 if ($feature ==
'expensereport') {
1032 $useridtocheck = $object->fk_user_author;
1033 if (!$user->rights->expensereport->readall) {
1034 if (!in_array($useridtocheck, $childids)) {
1043 if (in_array($feature, $checkuser) && is_object($object) && $objectid > 0) {
1044 $useridtocheck = $object->fk_user;
1045 if (!empty($useridtocheck) && $useridtocheck > 0 && $useridtocheck != $user->id && empty($user->admin)) {
1051 $resql = $db->query(
$sql);
1053 $obj = $db->fetch_object($resql);
1054 if (!$obj || $obj->nb < count(explode(
',', $objectid))) {
1058 dol_syslog(
"Bad forged sql in checkUserAccessToObject", LOG_WARNING);
1082 http_response_code($http_response_code);
1084 if ($stringalreadysanitized) {
1087 print htmlentities($message);
1106 function accessforbidden($message =
'', $printheader = 1, $printfooter = 1, $showonlymessage = 0, $params =
null)
1108 global $conf, $db, $user, $langs, $hookmanager;
1110 if (!is_object($langs)) {
1111 include_once DOL_DOCUMENT_ROOT.
'/core/class/translate.class.php';
1113 $langs->setDefaultLang();
1116 $langs->load(
"errors");
1119 if (function_exists(
"llxHeader")) {
1121 } elseif (function_exists(
"llxHeaderVierge")) {
1125 print
'<div class="error">';
1126 if (empty($message)) {
1127 print $langs->trans(
"ErrorForbidden");
1129 print $langs->trans($message);
1133 if (empty($showonlymessage)) {
1134 global $action, $object;
1135 if (empty($hookmanager)) {
1138 $hookmanager->initHooks(array(
'main'));
1140 $parameters = array(
'message'=>$message,
'params'=>$params);
1141 $reshook = $hookmanager->executeHooks(
'getAccessForbiddenMessage', $parameters, $object, $action);
1142 print $hookmanager->resPrint;
1143 if (empty($reshook)) {
1144 $langs->loadLangs(array(
"errors"));
1146 print $langs->trans(
"CurrentLogin").
': <span class="error">'.$user->login.
'</span><br>';
1147 print $langs->trans(
"ErrorForbidden2", $langs->transnoentitiesnoconv(
"Home"), $langs->transnoentitiesnoconv(
"Users"));
1148 print $langs->trans(
"ErrorForbidden4");
1150 print $langs->trans(
"ErrorForbidden3");
1154 if ($printfooter && function_exists(
"llxFooter")) {
1172 $max = $conf->global->MAIN_UPLOAD_DOC;
1173 $maxphp = @ini_get(
'upload_max_filesize');
1174 if (preg_match(
'/k$/i', $maxphp)) {
1175 $maxphp = preg_replace(
'/k$/i',
'', $maxphp);
1176 $maxphp = $maxphp * 1;
1178 if (preg_match(
'/m$/i', $maxphp)) {
1179 $maxphp = preg_replace(
'/m$/i',
'', $maxphp);
1180 $maxphp = $maxphp * 1024;
1182 if (preg_match(
'/g$/i', $maxphp)) {
1183 $maxphp = preg_replace(
'/g$/i',
'', $maxphp);
1184 $maxphp = $maxphp * 1024 * 1024;
1186 if (preg_match(
'/t$/i', $maxphp)) {
1187 $maxphp = preg_replace(
'/t$/i',
'', $maxphp);
1188 $maxphp = $maxphp * 1024 * 1024 * 1024;
1190 $maxphp2 = @ini_get(
'post_max_size');
1191 if (preg_match(
'/k$/i', $maxphp2)) {
1192 $maxphp2 = preg_replace(
'/k$/i',
'', $maxphp2);
1193 $maxphp2 = $maxphp2 * 1;
1195 if (preg_match(
'/m$/i', $maxphp2)) {
1196 $maxphp2 = preg_replace(
'/m$/i',
'', $maxphp2);
1197 $maxphp2 = $maxphp2 * 1024;
1199 if (preg_match(
'/g$/i', $maxphp2)) {
1200 $maxphp2 = preg_replace(
'/g$/i',
'', $maxphp2);
1201 $maxphp2 = $maxphp2 * 1024 * 1024;
1203 if (preg_match(
'/t$/i', $maxphp2)) {
1204 $maxphp2 = preg_replace(
'/t$/i',
'', $maxphp2);
1205 $maxphp2 = $maxphp2 * 1024 * 1024 * 1024;
1209 $maxphptoshow = $maxphptoshowparam =
'';
1211 $maxmin = min($maxmin, $maxphp);
1212 $maxphptoshow = $maxphp;
1213 $maxphptoshowparam =
'upload_max_filesize';
1216 $maxmin = min($maxmin, $maxphp2);
1217 if ($maxphp2 < $maxphp) {
1218 $maxphptoshow = $maxphp2;
1219 $maxphptoshowparam =
'post_max_size';
1225 return array(
'max'=>$max,
'maxmin'=>$maxmin,
'maxphptoshow'=>$maxphptoshow,
'maxphptoshowparam'=>$maxphptoshowparam);