dolibarr  19.0.0-dev
security.lib.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2008-2021 Laurent Destailleur <eldy@users.sourceforge.net>
3  * Copyright (C) 2008-2021 Regis Houssin <regis.houssin@inodbox.com>
4  * Copyright (C) 2020 Ferran Marcet <fmarcet@2byte.es>
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 3 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program. If not, see <https://www.gnu.org/licenses/>.
18  * or see https://www.gnu.org/
19  */
20 
38 function dol_encode($chain, $key = '1')
39 {
40  if (is_numeric($key) && $key == '1') { // rule 1 is offset of 17 for char
41  $output_tab = array();
42  $strlength = dol_strlen($chain);
43  for ($i = 0; $i < $strlength; $i++) {
44  $output_tab[$i] = chr(ord(substr($chain, $i, 1)) + 17);
45  }
46  $chain = implode("", $output_tab);
47  } elseif ($key) {
48  $result = '';
49  $strlength = dol_strlen($chain);
50  for ($i = 0; $i < $strlength; $i++) {
51  $keychar = substr($key, ($i % strlen($key)) - 1, 1);
52  $result .= chr(ord(substr($chain, $i, 1)) + (ord($keychar) - 65));
53  }
54  $chain = $result;
55  }
56 
57  return base64_encode($chain);
58 }
59 
69 function dol_decode($chain, $key = '1')
70 {
71  $chain = base64_decode($chain);
72 
73  if (is_numeric($key) && $key == '1') { // rule 1 is offset of 17 for char
74  $output_tab = array();
75  $strlength = dol_strlen($chain);
76  for ($i = 0; $i < $strlength; $i++) {
77  $output_tab[$i] = chr(ord(substr($chain, $i, 1)) - 17);
78  }
79 
80  $chain = implode("", $output_tab);
81  } elseif ($key) {
82  $result = '';
83  $strlength = dol_strlen($chain);
84  for ($i = 0; $i < $strlength; $i++) {
85  $keychar = substr($key, ($i % strlen($key)) - 1, 1);
86  $result .= chr(ord(substr($chain, $i, 1)) - (ord($keychar) - 65));
87  }
88  $chain = $result;
89  }
90 
91  return $chain;
92 }
93 
100 function dolGetRandomBytes($length)
101 {
102  if (function_exists('random_bytes')) { // Available with PHP 7 only.
103  return bin2hex(random_bytes((int) floor($length / 2))); // the bin2hex will double the number of bytes so we take length / 2
104  }
105 
106  return bin2hex(openssl_random_pseudo_bytes((int) floor($length / 2))); // the bin2hex will double the number of bytes so we take length / 2. May be very slow on Windows.
107 }
108 
122 function dolEncrypt($chain, $key = '', $ciphering = 'AES-256-CTR', $forceseed = '')
123 {
124  global $conf;
125  global $dolibarr_disable_dolcrypt_for_debug;
126 
127  if ($chain === '' || is_null($chain)) {
128  return '';
129  }
130 
131  $reg = array();
132  if (preg_match('/^dolcrypt:([^:]+):(.+)$/', $chain, $reg)) {
133  // The $chain is already a crypted string
134  return $chain;
135  }
136 
137  if (empty($key)) {
138  $key = $conf->file->instance_unique_id;
139  }
140  if (empty($ciphering)) {
141  $ciphering = 'AES-256-CTR';
142  }
143 
144  $newchain = $chain;
145 
146  if (function_exists('openssl_encrypt') && empty($dolibarr_disable_dolcrypt_for_debug)) {
147  $ivlen = 16;
148  if (function_exists('openssl_cipher_iv_length')) {
149  $ivlen = openssl_cipher_iv_length($ciphering);
150  }
151  if ($ivlen === false || $ivlen < 1 || $ivlen > 32) {
152  $ivlen = 16;
153  }
154  if (empty($forceseed)) {
155  $ivseed = dolGetRandomBytes($ivlen);
156  } else {
157  $ivseed = dol_substr(md5($forceseed), 0, $ivlen, 'ascii', 1);
158  }
159 
160  $newchain = openssl_encrypt($chain, $ciphering, $key, 0, $ivseed);
161  return 'dolcrypt:'.$ciphering.':'.$ivseed.':'.$newchain;
162  } else {
163  return $chain;
164  }
165 }
166 
177 function dolDecrypt($chain, $key = '')
178 {
179  global $conf;
180 
181  if ($chain === '' || is_null($chain)) {
182  return '';
183  }
184 
185  if (empty($key)) {
186  $key = $conf->file->instance_unique_id;
187  }
188 
189  $reg = array();
190  if (preg_match('/^dolcrypt:([^:]+):(.+)$/', $chain, $reg)) {
191  $ciphering = $reg[1];
192  if (function_exists('openssl_decrypt')) {
193  if (empty($key)) {
194  return 'Error dolDecrypt decrypt key is empty';
195  }
196  $tmpexplode = explode(':', $reg[2]);
197  if (!empty($tmpexplode[1]) && is_string($tmpexplode[0])) {
198  $newchain = openssl_decrypt($tmpexplode[1], $ciphering, $key, 0, $tmpexplode[0]);
199  } else {
200  $newchain = openssl_decrypt($tmpexplode[0], $ciphering, $key, 0, null);
201  }
202  } else {
203  $newchain = 'Error dolDecrypt function openssl_decrypt() not available';
204  }
205  return $newchain;
206  } else {
207  return $chain;
208  }
209 }
210 
221 function dol_hash($chain, $type = '0')
222 {
223  global $conf;
224 
225  // No need to add salt for password_hash
226  if (($type == '0' || $type == 'auto') && !empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'password_hash' && function_exists('password_hash')) {
227  return password_hash($chain, PASSWORD_DEFAULT);
228  }
229 
230  // Salt value
231  if (!empty($conf->global->MAIN_SECURITY_SALT) && $type != '4' && $type !== 'openldap') {
232  $chain = $conf->global->MAIN_SECURITY_SALT.$chain;
233  }
234 
235  if ($type == '1' || $type == 'sha1') {
236  return sha1($chain);
237  } elseif ($type == '2' || $type == 'sha1md5') {
238  return sha1(md5($chain));
239  } elseif ($type == '3' || $type == 'md5') {
240  return md5($chain);
241  } elseif ($type == '4' || $type == 'openldap') {
242  return dolGetLdapPasswordHash($chain, getDolGlobalString('LDAP_PASSWORD_HASH_TYPE', 'md5'));
243  } elseif ($type == '5' || $type == 'sha256') {
244  return hash('sha256', $chain);
245  } elseif ($type == '6' || $type == 'password_hash') {
246  return password_hash($chain, PASSWORD_DEFAULT);
247  } elseif (!empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'sha1') {
248  return sha1($chain);
249  } elseif (!empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'sha1md5') {
250  return sha1(md5($chain));
251  }
252 
253  // No particular encoding defined, use default
254  return md5($chain);
255 }
256 
269 function dol_verifyHash($chain, $hash, $type = '0')
270 {
271  global $conf;
272 
273  if ($type == '0' && !empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'password_hash' && function_exists('password_verify')) {
274  if (! empty($hash[0]) && $hash[0] == '$') {
275  return password_verify($chain, $hash);
276  } elseif (dol_strlen($hash) == 32) {
277  return dol_verifyHash($chain, $hash, '3'); // md5
278  } elseif (dol_strlen($hash) == 40) {
279  return dol_verifyHash($chain, $hash, '2'); // sha1md5
280  }
281 
282  return false;
283  }
284 
285  return dol_hash($chain, $type) == $hash;
286 }
287 
295 function dolGetLdapPasswordHash($password, $type = 'md5')
296 {
297  if (empty($type)) {
298  $type = 'md5';
299  }
300 
301  $salt = substr(sha1(time()), 0, 8);
302 
303  if ($type === 'md5') {
304  return '{MD5}' . base64_encode(hash("md5", $password, true)); //For OpenLdap with md5 (based on an unencrypted password in base)
305  } elseif ($type === 'md5frommd5') {
306  return '{MD5}' . base64_encode(hex2bin($password)); // Create OpenLDAP MD5 password from Dolibarr MD5 password
307  } elseif ($type === 'smd5') {
308  return "{SMD5}" . base64_encode(hash("md5", $password . $salt, true) . $salt);
309  } elseif ($type === 'sha') {
310  return '{SHA}' . base64_encode(hash("sha1", $password, true));
311  } elseif ($type === 'ssha') {
312  return "{SSHA}" . base64_encode(hash("sha1", $password . $salt, true) . $salt);
313  } elseif ($type === 'sha256') {
314  return "{SHA256}" . base64_encode(hash("sha256", $password, true));
315  } elseif ($type === 'ssha256') {
316  return "{SSHA256}" . base64_encode(hash("sha256", $password . $salt, true) . $salt);
317  } elseif ($type === 'sha384') {
318  return "{SHA384}" . base64_encode(hash("sha384", $password, true));
319  } elseif ($type === 'ssha384') {
320  return "{SSHA384}" . base64_encode(hash("sha384", $password . $salt, true) . $salt);
321  } elseif ($type === 'sha512') {
322  return "{SHA512}" . base64_encode(hash("sha512", $password, true));
323  } elseif ($type === 'ssha512') {
324  return "{SSHA512}" . base64_encode(hash("sha512", $password . $salt, true) . $salt);
325  } elseif ($type === 'crypt') {
326  return '{CRYPT}' . crypt($password, $salt);
327  } elseif ($type === 'clear') {
328  return '{CLEAR}' . $password; // Just for test, plain text password is not secured !
329  }
330  return "";
331 }
332 
353 function restrictedArea(User $user, $features, $object = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = 'fk_soc', $dbt_select = 'rowid', $isdraft = 0, $mode = 0)
354 {
355  global $db, $conf;
356  global $hookmanager;
357 
358  // Define $objectid
359  if (is_object($object)) {
360  $objectid = $object->id;
361  } else {
362  $objectid = $object; // $objectid can be X or 'X,Y,Z'
363  }
364  if ($objectid == "-1") {
365  $objectid = 0;
366  }
367  if ($objectid) {
368  $objectid = preg_replace('/[^0-9\.\,]/', '', $objectid); // For the case value is coming from a non sanitized user input
369  }
370 
371  //dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename, $feature2, $dbt_socfield, $dbt_select, $isdraft");
372  /*print "user_id=".$user->id.", features=".$features.", feature2=".$feature2.", objectid=".$objectid;
373  print ", dbtablename=".$tableandshare.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select;
374  print ", perm: user->right->".$features.($feature2 ? "->".$feature2 : "")."=".($user->hasRight($features, $feature2, 'lire'))."<br>";
375  */
376 
377  $parentfortableentity = '';
378 
379  // Fix syntax of $features param
380  $originalfeatures = $features;
381  if ($features == 'agenda') {
382  $tableandshare = 'actioncomm&societe';
383  $feature2 = 'myactions|allactions';
384  $dbt_select = 'id';
385  }
386  if ($features == 'bank') {
387  $features = 'banque';
388  }
389  if ($features == 'facturerec') {
390  $features = 'facture';
391  }
392  if ($features == 'mo') {
393  $features = 'mrp';
394  }
395  if ($features == 'member') {
396  $features = 'adherent';
397  }
398  if ($features == 'subscription') {
399  $features = 'adherent';
400  $feature2 = 'cotisation';
401  }
402  if ($features == 'website' && is_object($object) && $object->element == 'websitepage') {
403  $parentfortableentity = 'fk_website@website';
404  }
405  if ($features == 'project') {
406  $features = 'projet';
407  }
408  if ($features == 'product') {
409  $features = 'produit';
410  }
411  if ($features == 'productbatch') {
412  $features = 'produit';
413  }
414  if ($features == 'tax') {
415  $feature2 = 'charges';
416  }
417  if ($features == 'workstation') {
418  $feature2 = 'workstation';
419  }
420  if ($features == 'fournisseur') { // When vendor invoice and purchase order are into module 'fournisseur'
421  $features = 'fournisseur';
422  if (is_object($object) && $object->element == 'invoice_supplier') {
423  $feature2 = 'facture';
424  } elseif (is_object($object) && $object->element == 'order_supplier') {
425  $feature2 = 'commande';
426  }
427  }
428 
429  //print $features.' - '.$tableandshare.' - '.$feature2.' - '.$dbt_select."\n";
430 
431  // Get more permissions checks from hooks
432  $parameters = array('features'=>$features, 'originalfeatures'=>$originalfeatures, 'objectid'=>$objectid, 'dbt_select'=>$dbt_select, 'idtype'=>$dbt_select, 'isdraft'=>$isdraft);
433  $reshook = $hookmanager->executeHooks('restrictedArea', $parameters);
434 
435  if (isset($hookmanager->resArray['result'])) {
436  if ($hookmanager->resArray['result'] == 0) {
437  if ($mode) {
438  return 0;
439  } else {
440  accessforbidden(); // Module returns 0, so access forbidden
441  }
442  }
443  }
444  if ($reshook > 0) { // No other test done.
445  return 1;
446  }
447 
448  // Features/modules to check
449  $featuresarray = array($features);
450  if (preg_match('/&/', $features)) {
451  $featuresarray = explode("&", $features);
452  } elseif (preg_match('/\|/', $features)) {
453  $featuresarray = explode("|", $features);
454  }
455 
456  // More subfeatures to check
457  if (!empty($feature2)) {
458  $feature2 = explode("|", $feature2);
459  }
460 
461  $listofmodules = explode(',', $conf->global->MAIN_MODULES_FOR_EXTERNAL);
462 
463  // Check read permission from module
464  $readok = 1;
465  $nbko = 0;
466  foreach ($featuresarray as $feature) { // first we check nb of test ko
467  $featureforlistofmodule = $feature;
468  if ($featureforlistofmodule == 'produit') {
469  $featureforlistofmodule = 'product';
470  }
471  if ($featureforlistofmodule == 'supplier_proposal') {
472  $featureforlistofmodule = 'supplierproposal';
473  }
474  if (!empty($user->socid) && !empty($conf->global->MAIN_MODULES_FOR_EXTERNAL) && !in_array($featureforlistofmodule, $listofmodules)) { // If limits on modules for external users, module must be into list of modules for external users
475  $readok = 0;
476  $nbko++;
477  continue;
478  }
479 
480  if ($feature == 'societe' && (empty($feature2) || !in_array('contact', $feature2))) {
481  if (!$user->hasRight('societe', 'lire') && !$user->hasRight('fournisseur', 'lire')) {
482  $readok = 0;
483  $nbko++;
484  }
485  } elseif (($feature == 'societe' && (!empty($feature2) && in_array('contact', $feature2))) || $feature == 'contact') {
486  if (empty($user->rights->societe->contact->lire)) {
487  $readok = 0;
488  $nbko++;
489  }
490  } elseif ($feature == 'produit|service') {
491  if (empty($user->rights->produit->lire) && empty($user->rights->service->lire)) {
492  $readok = 0;
493  $nbko++;
494  }
495  } elseif ($feature == 'prelevement') {
496  if (empty($user->rights->prelevement->bons->lire)) {
497  $readok = 0;
498  $nbko++;
499  }
500  } elseif ($feature == 'cheque') {
501  if (empty($user->rights->banque->cheque)) {
502  $readok = 0;
503  $nbko++;
504  }
505  } elseif ($feature == 'projet') {
506  if (empty($user->rights->projet->lire) && empty($user->rights->projet->all->lire)) {
507  $readok = 0;
508  $nbko++;
509  }
510  } elseif ($feature == 'payment') {
511  if (!$user->hasRight('facture', 'lire')) {
512  $readok = 0;
513  $nbko++;
514  }
515  } elseif ($feature == 'payment_supplier') {
516  if (empty($user->rights->fournisseur->facture->lire)) {
517  $readok = 0;
518  $nbko++;
519  }
520  } elseif ($feature == 'payment_sc') {
521  if (empty($user->rights->tax->charges->lire)) {
522  $readok = 0;
523  $nbko++;
524  }
525  } elseif (!empty($feature2)) { // This is for permissions on 2 levels (module->object->read)
526  $tmpreadok = 1;
527  foreach ($feature2 as $subfeature) {
528  if ($subfeature == 'user' && $user->id == $objectid) {
529  continue; // A user can always read its own card
530  }
531  if ($subfeature == 'fiscalyear' && $user->hasRight('accounting', 'fiscalyear', 'write')) {
532  // only one right for fiscalyear
533  $tmpreadok = 1;
534  continue;
535  }
536  if (!empty($subfeature) && empty($user->rights->$feature->$subfeature->lire) && empty($user->rights->$feature->$subfeature->read)) {
537  $tmpreadok = 0;
538  } elseif (empty($subfeature) && empty($user->rights->$feature->lire) && empty($user->rights->$feature->read)) {
539  $tmpreadok = 0;
540  } else {
541  $tmpreadok = 1;
542  break;
543  } // Break is to bypass second test if the first is ok
544  }
545  if (!$tmpreadok) { // We found a test on feature that is ko
546  $readok = 0; // All tests are ko (we manage here the and, the or will be managed later using $nbko).
547  $nbko++;
548  }
549  } elseif (!empty($feature) && ($feature != 'user' && $feature != 'usergroup')) { // This is permissions on 1 level (module->read)
550  if (empty($user->rights->$feature->lire)
551  && empty($user->rights->$feature->read)
552  && empty($user->rights->$feature->run)) {
553  $readok = 0;
554  $nbko++;
555  }
556  }
557  }
558 
559  // If a or and at least one ok
560  if (preg_match('/\|/', $features) && $nbko < count($featuresarray)) {
561  $readok = 1;
562  }
563 
564  if (!$readok) {
565  if ($mode) {
566  return 0;
567  } else {
568  accessforbidden();
569  }
570  }
571  //print "Read access is ok";
572 
573  // Check write permission from module (we need to know write permission to create but also to delete drafts record or to upload files)
574  $createok = 1;
575  $nbko = 0;
576  $wemustcheckpermissionforcreate = (GETPOST('sendit', 'alpha') || GETPOST('linkit', 'alpha') || in_array(GETPOST('action', 'aZ09'), array('create', 'update', 'set', 'upload', 'add_element_resource', 'confirm_deletebank', 'confirm_delete_linked_resource')) || GETPOST('roworder', 'alpha', 2));
577  $wemustcheckpermissionfordeletedraft = ((GETPOST("action", "aZ09") == 'confirm_delete' && GETPOST("confirm", "aZ09") == 'yes') || GETPOST("action", "aZ09") == 'delete');
578 
579  if ($wemustcheckpermissionforcreate || $wemustcheckpermissionfordeletedraft) {
580  foreach ($featuresarray as $feature) {
581  if ($feature == 'contact') {
582  if (empty($user->rights->societe->contact->creer)) {
583  $createok = 0;
584  $nbko++;
585  }
586  } elseif ($feature == 'produit|service') {
587  if (empty($user->rights->produit->creer) && empty($user->rights->service->creer)) {
588  $createok = 0;
589  $nbko++;
590  }
591  } elseif ($feature == 'prelevement') {
592  if (!$user->rights->prelevement->bons->creer) {
593  $createok = 0;
594  $nbko++;
595  }
596  } elseif ($feature == 'commande_fournisseur') {
597  if (empty($user->rights->fournisseur->commande->creer) || empty($user->rights->supplier_order->creer)) {
598  $createok = 0;
599  $nbko++;
600  }
601  } elseif ($feature == 'banque') {
602  if (!$user->hasRight('banque', 'modifier')) {
603  $createok = 0;
604  $nbko++;
605  }
606  } elseif ($feature == 'cheque') {
607  if (empty($user->rights->banque->cheque)) {
608  $createok = 0;
609  $nbko++;
610  }
611  } elseif ($feature == 'import') {
612  if (empty($user->rights->import->run)) {
613  $createok = 0;
614  $nbko++;
615  }
616  } elseif ($feature == 'ecm') {
617  if (!$user->rights->ecm->upload) {
618  $createok = 0;
619  $nbko++;
620  }
621  } elseif ($feature == 'modulebuilder') {
622  if (!$user->hasRight('modulebuilder', 'run')) {
623  $createok = 0;
624  $nbko++;
625  }
626  } elseif (!empty($feature2)) { // This is for permissions on 2 levels (module->object->write)
627  foreach ($feature2 as $subfeature) {
628  if ($subfeature == 'user' && $user->id == $objectid && $user->hasRight('user', 'self', 'creer')) {
629  continue; // User can edit its own card
630  }
631  if ($subfeature == 'user' && $user->id == $objectid && $user->hasRight('user', 'self', 'password')) {
632  continue; // User can edit its own password
633  }
634  if ($subfeature == 'user' && $user->id != $objectid && $user->hasRight('user', 'user', 'password')) {
635  continue; // User can edit another user's password
636  }
637 
638  if (empty($user->rights->$feature->$subfeature->creer)
639  && empty($user->rights->$feature->$subfeature->write)
640  && empty($user->rights->$feature->$subfeature->create)) {
641  $createok = 0;
642  $nbko++;
643  } else {
644  $createok = 1;
645  // Break to bypass second test if the first is ok
646  break;
647  }
648  }
649  } elseif (!empty($feature)) { // This is for permissions on 1 levels (module->write)
650  //print '<br>feature='.$feature.' creer='.$user->rights->$feature->creer.' write='.$user->rights->$feature->write; exit;
651  if (empty($user->rights->$feature->creer)
652  && empty($user->rights->$feature->write)
653  && empty($user->rights->$feature->create)) {
654  $createok = 0;
655  $nbko++;
656  }
657  }
658  }
659 
660  // If a or and at least one ok
661  if (preg_match('/\|/', $features) && $nbko < count($featuresarray)) {
662  $createok = 1;
663  }
664 
665  if ($wemustcheckpermissionforcreate && !$createok) {
666  if ($mode) {
667  return 0;
668  } else {
669  accessforbidden();
670  }
671  }
672  //print "Write access is ok";
673  }
674 
675  // Check create user permission
676  $createuserok = 1;
677  if (GETPOST('action', 'aZ09') == 'confirm_create_user' && GETPOST("confirm", 'aZ09') == 'yes') {
678  if (!$user->hasRight('user', 'user', 'creer')) {
679  $createuserok = 0;
680  }
681 
682  if (!$createuserok) {
683  if ($mode) {
684  return 0;
685  } else {
686  accessforbidden();
687  }
688  }
689  //print "Create user access is ok";
690  }
691 
692  // Check delete permission from module
693  $deleteok = 1;
694  $nbko = 0;
695  if ((GETPOST("action", "aZ09") == 'confirm_delete' && GETPOST("confirm", "aZ09") == 'yes') || GETPOST("action", "aZ09") == 'delete') {
696  foreach ($featuresarray as $feature) {
697  if ($feature == 'bookmark') {
698  if (!$user->rights->bookmark->supprimer) {
699  if ($user->id != $object->fk_user || empty($user->rights->bookmark->creer)) {
700  $deleteok = 0;
701  }
702  }
703  } elseif ($feature == 'contact') {
704  if (!$user->rights->societe->contact->supprimer) {
705  $deleteok = 0;
706  }
707  } elseif ($feature == 'produit|service') {
708  if (!$user->hasRight('produit', 'supprimer') && !$user->hasRight('service', 'supprimer')) {
709  $deleteok = 0;
710  }
711  } elseif ($feature == 'commande_fournisseur') {
712  if (!$user->rights->fournisseur->commande->supprimer) {
713  $deleteok = 0;
714  }
715  } elseif ($feature == 'payment_supplier') { // Permission to delete a payment of an invoice is permission to edit an invoice.
716  if (!$user->rights->fournisseur->facture->creer) {
717  $deleteok = 0;
718  }
719  } elseif ($feature == 'payment') {
720  if (!$user->rights->facture->paiement) {
721  $deleteok = 0;
722  }
723  } elseif ($feature == 'payment_sc') {
724  if (!$user->rights->tax->charges->creer) {
725  $deleteok = 0;
726  }
727  } elseif ($feature == 'banque') {
728  if (!$user->hasRight('banque', 'modifier')) {
729  $deleteok = 0;
730  }
731  } elseif ($feature == 'cheque') {
732  if (empty($user->rights->banque->cheque)) {
733  $deleteok = 0;
734  }
735  } elseif ($feature == 'ecm') {
736  if (!$user->rights->ecm->upload) {
737  $deleteok = 0;
738  }
739  } elseif ($feature == 'ftp') {
740  if (!$user->rights->ftp->write) {
741  $deleteok = 0;
742  }
743  } elseif ($feature == 'salaries') {
744  if (!$user->rights->salaries->delete) {
745  $deleteok = 0;
746  }
747  } elseif ($feature == 'adherent') {
748  if (empty($user->rights->adherent->supprimer)) {
749  $deleteok = 0;
750  }
751  } elseif ($feature == 'paymentbybanktransfer') {
752  if (empty($user->rights->paymentbybanktransfer->create)) { // There is no delete permission
753  $deleteok = 0;
754  }
755  } elseif ($feature == 'prelevement') {
756  if (empty($user->rights->prelevement->bons->creer)) { // There is no delete permission
757  $deleteok = 0;
758  }
759  } elseif (!empty($feature2)) { // This is for permissions on 2 levels
760  foreach ($feature2 as $subfeature) {
761  if (empty($user->rights->$feature->$subfeature->supprimer) && empty($user->rights->$feature->$subfeature->delete)) {
762  $deleteok = 0;
763  } else {
764  $deleteok = 1;
765  break;
766  } // For bypass the second test if the first is ok
767  }
768  } elseif (!empty($feature)) { // This is used for permissions on 1 level
769  //print '<br>feature='.$feature.' creer='.$user->rights->$feature->supprimer.' write='.$user->rights->$feature->delete;
770  if (empty($user->rights->$feature->supprimer)
771  && empty($user->rights->$feature->delete)
772  && empty($user->rights->$feature->run)) {
773  $deleteok = 0;
774  }
775  }
776  }
777 
778  // If a or and at least one ok
779  if (preg_match('/\|/', $features) && $nbko < count($featuresarray)) {
780  $deleteok = 1;
781  }
782 
783  if (!$deleteok && !($isdraft && $createok)) {
784  if ($mode) {
785  return 0;
786  } else {
787  accessforbidden();
788  }
789  }
790  //print "Delete access is ok";
791  }
792 
793  // If we have a particular object to check permissions on, we check if $user has permission
794  // for this given object (link to company, is contact for project, ...)
795  if (!empty($objectid) && $objectid > 0) {
796  $ok = checkUserAccessToObject($user, $featuresarray, $object, $tableandshare, $feature2, $dbt_keyfield, $dbt_select, $parentfortableentity);
797  $params = array('objectid' => $objectid, 'features' => join(',', $featuresarray), 'features2' => $feature2);
798  //print 'checkUserAccessToObject ok='.$ok;
799  if ($mode) {
800  return $ok ? 1 : 0;
801  } else {
802  if ($ok) {
803  return 1;
804  } else {
805  accessforbidden('', 1, 1, 0, $params);
806  }
807  }
808  }
809 
810  return 1;
811 }
812 
828 function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = '', $dbt_select = 'rowid', $parenttableforentity = '')
829 {
830  global $db, $conf;
831 
832  if (is_object($object)) {
833  $objectid = $object->id;
834  } else {
835  $objectid = $object; // $objectid can be X or 'X,Y,Z'
836  }
837  $objectid = preg_replace('/[^0-9\.\,]/', '', $objectid); // For the case value is coming from a non sanitized user input
838 
839  //dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename, $feature2, $dbt_socfield, $dbt_select, $isdraft");
840  //print "user_id=".$user->id.", features=".join(',', $featuresarray).", objectid=".$objectid;
841  //print ", tableandshare=".$tableandshare.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select."<br>";
842 
843  // More parameters
844  $params = explode('&', $tableandshare);
845  $dbtablename = (!empty($params[0]) ? $params[0] : '');
846  $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename);
847 
848  foreach ($featuresarray as $feature) {
849  $sql = '';
850 
851  //var_dump($feature);exit;
852 
853  // For backward compatibility
854  if ($feature == 'societe' && !empty($feature2) && is_array($feature2) && in_array('contact', $feature2)) {
855  $feature = 'contact';
856  $feature2 = '';
857  }
858  if ($feature == 'member') {
859  $feature = 'adherent';
860  }
861  if ($feature == 'project') {
862  $feature = 'projet';
863  }
864  if ($feature == 'task') {
865  $feature = 'projet_task';
866  }
867  if ($feature == 'eventorganization') {
868  $feature = 'agenda';
869  $dbtablename = 'actioncomm';
870  }
871  if ($feature == 'payment_sc') {
872  $feature = "chargesociales";
873  $objectid = $object->fk_charge;
874  }
875 
876  $checkonentitydone = 0;
877 
878  // Array to define rules of checks to do
879  $check = array('adherent', 'banque', 'bom', 'don', 'mrp', 'user', 'usergroup', 'payment', 'payment_supplier', 'product', 'produit', 'service', 'produit|service', 'categorie', 'resource', 'expensereport', 'holiday', 'salaries', 'website', 'recruitment', 'chargesociales'); // Test on entity only (Objects with no link to company)
880  $checksoc = array('societe'); // Test for object Societe
881  $checkparentsoc = array('agenda', 'contact', 'contrat'); // Test on entity + link to third party on field $dbt_keyfield. Allowed if link is empty (Ex: contacts...).
882  $checkproject = array('projet', 'project'); // Test for project object
883  $checktask = array('projet_task'); // Test for task object
884  $checkhierarchy = array('expensereport', 'holiday'); // check permission among the hierarchy of user
885  $checkuser = array('bookmark'); // check permission among the fk_user (must be myself or null)
886  $nocheck = array('barcode', 'stock'); // No test
887 
888  //$checkdefault = 'all other not already defined'; // Test on entity + link to third party on field $dbt_keyfield. Not allowed if link is empty (Ex: invoice, orders...).
889 
890  // If dbtablename not defined, we use same name for table than module name
891  if (empty($dbtablename)) {
892  $dbtablename = $feature;
893  $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename); // We change dbtablename, so we set sharedelement too.
894  }
895 
896  // To avoid an access forbidden with a numeric ref
897  if ($dbt_select != 'rowid' && $dbt_select != 'id') {
898  $objectid = "'".$objectid."'"; // Note: $objectid was already cast into int at begin of this method.
899  }
900 
901  // Check permission for objectid on entity only
902  if (in_array($feature, $check) && $objectid > 0) { // For $objectid = 0, no check
903  $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
904  $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
905  if (($feature == 'user' || $feature == 'usergroup') && isModEnabled('multicompany')) { // Special for multicompany
906  if (!empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) {
907  if ($conf->entity == 1 && $user->admin && !$user->entity) {
908  $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
909  $sql .= " AND dbt.entity IS NOT NULL";
910  } else {
911  $sql .= ",".MAIN_DB_PREFIX."usergroup_user as ug";
912  $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
913  $sql .= " AND ((ug.fk_user = dbt.rowid";
914  $sql .= " AND ug.entity IN (".getEntity('usergroup')."))";
915  $sql .= " OR dbt.entity = 0)"; // Show always superadmin
916  }
917  } else {
918  $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
919  $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
920  }
921  } else {
922  $reg = array();
923  if ($parenttableforentity && preg_match('/(.*)@(.*)/', $parenttableforentity, $reg)) {
924  $sql .= ", ".MAIN_DB_PREFIX.$reg[2]." as dbtp";
925  $sql .= " WHERE dbt.".$reg[1]." = dbtp.rowid AND dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
926  $sql .= " AND dbtp.entity IN (".getEntity($sharedelement, 1).")";
927  } else {
928  $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
929  $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
930  }
931  }
932  $checkonentitydone = 1;
933  }
934  if (in_array($feature, $checksoc) && $objectid > 0) { // We check feature = checksoc. For $objectid = 0, no check
935  // If external user: Check permission for external users
936  if ($user->socid > 0) {
937  if ($user->socid != $objectid) {
938  return false;
939  }
940  } elseif (isModEnabled("societe") && ($user->hasRight('societe', 'lire') && empty($user->rights->societe->client->voir))) {
941  // If internal user: Check permission for internal users that are restricted on their objects
942  $sql = "SELECT COUNT(sc.fk_soc) as nb";
943  $sql .= " FROM (".MAIN_DB_PREFIX."societe_commerciaux as sc";
944  $sql .= ", ".MAIN_DB_PREFIX."societe as s)";
945  $sql .= " WHERE sc.fk_soc IN (".$db->sanitize($objectid, 1).")";
946  $sql .= " AND sc.fk_user = ".((int) $user->id);
947  $sql .= " AND sc.fk_soc = s.rowid";
948  $sql .= " AND s.entity IN (".getEntity($sharedelement, 1).")";
949  } elseif (isModEnabled('multicompany')) {
950  // If multicompany and internal users with all permissions, check user is in correct entity
951  $sql = "SELECT COUNT(s.rowid) as nb";
952  $sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
953  $sql .= " WHERE s.rowid IN (".$db->sanitize($objectid, 1).")";
954  $sql .= " AND s.entity IN (".getEntity($sharedelement, 1).")";
955  }
956 
957  $checkonentitydone = 1;
958  }
959  if (in_array($feature, $checkparentsoc) && $objectid > 0) { // Test on entity + link to thirdparty. Allowed if link is empty (Ex: contacts...).
960  // If external user: Check permission for external users
961  if ($user->socid > 0) {
962  $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
963  $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
964  $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
965  $sql .= " AND dbt.fk_soc = ".((int) $user->socid);
966  } elseif (isModEnabled("societe") && ($user->hasRight('societe', 'lire') && empty($user->rights->societe->client->voir))) {
967  // If internal user: Check permission for internal users that are restricted on their objects
968  $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
969  $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
970  $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
971  $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
972  $sql .= " AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)"; // Contact not linked to a company or to a company of user
973  $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
974  } elseif (isModEnabled('multicompany')) {
975  // If multicompany and internal users with all permissions, check user is in correct entity
976  $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
977  $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
978  $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
979  $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
980  }
981 
982  $checkonentitydone = 1;
983  }
984  if (in_array($feature, $checkproject) && $objectid > 0) {
985  if (isModEnabled('project') && empty($user->rights->projet->all->lire)) {
986  $projectid = $objectid;
987 
988  include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
989  $projectstatic = new Project($db);
990  $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
991 
992  $tmparray = explode(',', $tmps);
993  if (!in_array($projectid, $tmparray)) {
994  return false;
995  }
996  } else {
997  $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
998  $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
999  $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
1000  $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
1001  }
1002  $checkonentitydone = 1;
1003  }
1004  if (in_array($feature, $checktask) && $objectid > 0) {
1005  if (isModEnabled('project') && empty($user->rights->projet->all->lire)) {
1006  $task = new Task($db);
1007  $task->fetch($objectid);
1008  $projectid = $task->fk_project;
1009 
1010  include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
1011  $projectstatic = new Project($db);
1012  $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
1013 
1014  $tmparray = explode(',', $tmps);
1015  if (!in_array($projectid, $tmparray)) {
1016  return false;
1017  }
1018  } else {
1019  $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
1020  $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
1021  $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
1022  $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
1023  }
1024 
1025  $checkonentitydone = 1;
1026  }
1027  //var_dump($sql);
1028 
1029  if (!$checkonentitydone && !in_array($feature, $nocheck) && $objectid > 0) { // By default (case of $checkdefault), we check on object entity + link to third party on field $dbt_keyfield
1030  // If external user: Check permission for external users
1031  if ($user->socid > 0) {
1032  if (empty($dbt_keyfield)) {
1033  dol_print_error('', 'Param dbt_keyfield is required but not defined');
1034  }
1035  $sql = "SELECT COUNT(dbt.".$dbt_keyfield.") as nb";
1036  $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
1037  $sql .= " WHERE dbt.rowid IN (".$db->sanitize($objectid, 1).")";
1038  $sql .= " AND dbt.".$dbt_keyfield." = ".((int) $user->socid);
1039  } elseif (isModEnabled("societe") && empty($user->rights->societe->client->voir)) {
1040  // If internal user without permission to see all thirdparties: Check permission for internal users that are restricted on their objects
1041  if ($feature != 'ticket') {
1042  if (empty($dbt_keyfield)) {
1043  dol_print_error('', 'Param dbt_keyfield is required but not defined');
1044  }
1045  $sql = "SELECT COUNT(sc.fk_soc) as nb";
1046  $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
1047  $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
1048  $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
1049  $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
1050  $sql .= " AND sc.fk_soc = dbt.".$dbt_keyfield;
1051  $sql .= " AND sc.fk_user = ".((int) $user->id);
1052  } else {
1053  // On ticket, the thirdparty is not mandatory, so we need a special test to accept record with no thirdparties.
1054  $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
1055  $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
1056  $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = dbt.".$dbt_keyfield." AND sc.fk_user = ".((int) $user->id);
1057  $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
1058  $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
1059  $sql .= " AND (sc.fk_user = ".((int) $user->id)." OR sc.fk_user IS NULL)";
1060  }
1061  } elseif (isModEnabled('multicompany')) {
1062  // If multicompany, and user is an internal user with all permissions, check that object is in correct entity
1063  $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
1064  $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
1065  $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
1066  $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
1067  }
1068  }
1069 
1070  // For events, check on users assigned to event
1071  if ($feature === 'agenda' && $objectid > 0) {
1072  // Also check owner or attendee for users without allactions->read
1073  if ($objectid > 0 && empty($user->rights->agenda->allactions->read)) {
1074  require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php';
1075  $action = new ActionComm($db);
1076  $action->fetch($objectid);
1077  if ($action->authorid != $user->id && $action->userownerid != $user->id && !(array_key_exists($user->id, $action->userassigned))) {
1078  return false;
1079  }
1080  }
1081  }
1082 
1083  // For some object, we also have to check it is in the user hierarchy
1084  // Param $object must be the full object and not a simple id to have this test possible.
1085  if (in_array($feature, $checkhierarchy) && is_object($object) && $objectid > 0) {
1086  $childids = $user->getAllChildIds(1);
1087  $useridtocheck = 0;
1088  if ($feature == 'holiday') {
1089  $useridtocheck = $object->fk_user;
1090  if (!in_array($object->fk_user, $childids) && !in_array($object->fk_validator, $childids)) {
1091  return false;
1092  }
1093  }
1094  if ($feature == 'expensereport') {
1095  $useridtocheck = $object->fk_user_author;
1096  if (!$user->rights->expensereport->readall) {
1097  if (!in_array($useridtocheck, $childids)) {
1098  return false;
1099  }
1100  }
1101  }
1102  }
1103 
1104  // For some object, we also have to check it is public or owned by user
1105  // Param $object must be the full object and not a simple id to have this test possible.
1106  if (in_array($feature, $checkuser) && is_object($object) && $objectid > 0) {
1107  $useridtocheck = $object->fk_user;
1108  if (!empty($useridtocheck) && $useridtocheck > 0 && $useridtocheck != $user->id && empty($user->admin)) {
1109  return false;
1110  }
1111  }
1112 
1113  if ($sql) {
1114  $resql = $db->query($sql);
1115  if ($resql) {
1116  $obj = $db->fetch_object($resql);
1117  if (!$obj || $obj->nb < count(explode(',', $objectid))) { // error if we found 0 or less record than nb of id provided
1118  return false;
1119  }
1120  } else {
1121  dol_syslog("Bad forged sql in checkUserAccessToObject", LOG_WARNING);
1122  return false;
1123  }
1124  }
1125  }
1126 
1127  return true;
1128 }
1129 
1130 
1142 function httponly_accessforbidden($message = 1, $http_response_code = 403, $stringalreadysanitized = 0)
1143 {
1144  top_httphead();
1145  http_response_code($http_response_code);
1146 
1147  if ($stringalreadysanitized) {
1148  print $message;
1149  } else {
1150  print htmlentities($message);
1151  }
1152 
1153  exit(1);
1154 }
1155 
1169 function accessforbidden($message = '', $printheader = 1, $printfooter = 1, $showonlymessage = 0, $params = null)
1170 {
1171  global $conf, $db, $user, $langs, $hookmanager;
1172  global $action, $object;
1173 
1174  if (!is_object($langs)) {
1175  include_once DOL_DOCUMENT_ROOT.'/core/class/translate.class.php';
1176  $langs = new Translate('', $conf);
1177  $langs->setDefaultLang();
1178  }
1179 
1180  $langs->load("errors");
1181 
1182  if ($printheader) {
1183  if (function_exists("llxHeader")) {
1184  llxHeader('');
1185  } elseif (function_exists("llxHeaderVierge")) {
1186  llxHeaderVierge('');
1187  }
1188  }
1189  print '<div class="error">';
1190  if (empty($message)) {
1191  print $langs->trans("ErrorForbidden");
1192  } else {
1193  print $langs->trans($message);
1194  }
1195  print '</div>';
1196  print '<br>';
1197  if (empty($showonlymessage)) {
1198  if (empty($hookmanager)) {
1199  include_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php';
1200  $hookmanager = new HookManager($db);
1201  // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
1202  $hookmanager->initHooks(array('main'));
1203  }
1204 
1205  $parameters = array('message'=>$message, 'params'=>$params);
1206  $reshook = $hookmanager->executeHooks('getAccessForbiddenMessage', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
1207  print $hookmanager->resPrint;
1208  if (empty($reshook)) {
1209  $langs->loadLangs(array("errors"));
1210  if ($user->login) {
1211  print $langs->trans("CurrentLogin").': <span class="error">'.$user->login.'</span><br>';
1212  print $langs->trans("ErrorForbidden2", $langs->transnoentitiesnoconv("Home"), $langs->transnoentitiesnoconv("Users"));
1213  print $langs->trans("ErrorForbidden4");
1214  } else {
1215  print $langs->trans("ErrorForbidden3");
1216  }
1217  }
1218  }
1219  if ($printfooter && function_exists("llxFooter")) {
1220  llxFooter();
1221  }
1222 
1223  exit(0);
1224 }
1225 
1226 
1233 function getMaxFileSizeArray()
1234 {
1235  global $conf;
1236 
1237  $max = $conf->global->MAIN_UPLOAD_DOC; // In Kb
1238  $maxphp = @ini_get('upload_max_filesize'); // In unknown
1239  if (preg_match('/k$/i', $maxphp)) {
1240  $maxphp = preg_replace('/k$/i', '', $maxphp);
1241  $maxphp = $maxphp * 1;
1242  }
1243  if (preg_match('/m$/i', $maxphp)) {
1244  $maxphp = preg_replace('/m$/i', '', $maxphp);
1245  $maxphp = $maxphp * 1024;
1246  }
1247  if (preg_match('/g$/i', $maxphp)) {
1248  $maxphp = preg_replace('/g$/i', '', $maxphp);
1249  $maxphp = $maxphp * 1024 * 1024;
1250  }
1251  if (preg_match('/t$/i', $maxphp)) {
1252  $maxphp = preg_replace('/t$/i', '', $maxphp);
1253  $maxphp = $maxphp * 1024 * 1024 * 1024;
1254  }
1255  $maxphp2 = @ini_get('post_max_size'); // In unknown
1256  if (preg_match('/k$/i', $maxphp2)) {
1257  $maxphp2 = preg_replace('/k$/i', '', $maxphp2);
1258  $maxphp2 = $maxphp2 * 1;
1259  }
1260  if (preg_match('/m$/i', $maxphp2)) {
1261  $maxphp2 = preg_replace('/m$/i', '', $maxphp2);
1262  $maxphp2 = $maxphp2 * 1024;
1263  }
1264  if (preg_match('/g$/i', $maxphp2)) {
1265  $maxphp2 = preg_replace('/g$/i', '', $maxphp2);
1266  $maxphp2 = $maxphp2 * 1024 * 1024;
1267  }
1268  if (preg_match('/t$/i', $maxphp2)) {
1269  $maxphp2 = preg_replace('/t$/i', '', $maxphp2);
1270  $maxphp2 = $maxphp2 * 1024 * 1024 * 1024;
1271  }
1272  // Now $max and $maxphp and $maxphp2 are in Kb
1273  $maxmin = $max;
1274  $maxphptoshow = $maxphptoshowparam = '';
1275  if ($maxphp > 0) {
1276  $maxmin = min($maxmin, $maxphp);
1277  $maxphptoshow = $maxphp;
1278  $maxphptoshowparam = 'upload_max_filesize';
1279  }
1280  if ($maxphp2 > 0) {
1281  $maxmin = min($maxmin, $maxphp2);
1282  if ($maxphp2 < $maxphp) {
1283  $maxphptoshow = $maxphp2;
1284  $maxphptoshowparam = 'post_max_size';
1285  }
1286  }
1287  //var_dump($maxphp.'-'.$maxphp2);
1288  //var_dump($maxmin);
1289 
1290  return array('max'=>$max, 'maxmin'=>$maxmin, 'maxphptoshow'=>$maxphptoshow, 'maxphptoshowparam'=>$maxphptoshowparam);
1291 }
httponly_accessforbidden
httponly_accessforbidden($message=1, $http_response_code=403, $stringalreadysanitized=0)
Show a message to say access is forbidden and stop program.
Definition: security.lib.php:1142
top_httphead
if(!defined('NOREQUIREMENU')) if(!empty(GETPOST('seteventmessages', 'alpha'))) if(!function_exists("llxHeader")) top_httphead($contenttype='text/html', $forcenocache=0)
Show HTTP header.
Definition: main.inc.php:1494
llxFooter
llxFooter()
Empty footer.
Definition: wrapper.php:70
Project
Class to manage projects.
Definition: project.class.php:36
ActionComm
Class to manage agenda events (actions)
Definition: actioncomm.class.php:38
GETPOST
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
Definition: functions.lib.php:609
dol_print_error
dol_print_error($db='', $error='', $errors=null)
Displays error message system with all the information to facilitate the diagnosis and the escalation...
Definition: functions.lib.php:5107
dol_verifyHash
dol_verifyHash($chain, $hash, $type='0')
Compute a hash and compare it to the given one For backward compatibility reasons,...
Definition: security.lib.php:269
Translate
Class to manage translations.
Definition: translate.class.php:30
Task
Class to manage tasks.
Definition: task.class.php:39
llxHeaderVierge
if(!defined('NOTOKENRENEWAL')) if(!defined('NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined('NOREQUIREAJAX')) if(!defined('NOLOGIN')) if(!defined('NOCSRFCHECK')) if(!defined('NOIPCHECK')) llxHeaderVierge()
Header function.
Definition: agendaexport.php:61
llxHeader
if(!defined('NOREQUIRESOC')) if(!defined('NOREQUIRETRAN')) if(!defined('NOTOKENRENEWAL')) if(!defined('NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined('NOREQUIREAJAX')) llxHeader()
Empty header.
Definition: wrapper.php:56
dolGetLdapPasswordHash
dolGetLdapPasswordHash($password, $type='md5')
Returns a specific ldap hash of a password.
Definition: security.lib.php:295
dol_hash
dol_hash($chain, $type='0')
Returns a hash (non reversible encryption) of a string.
Definition: security.lib.php:221
getMaxFileSizeArray
getMaxFileSizeArray()
Return the max allowed for file upload.
Definition: security.lib.php:1233
dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition: functions.lib.php:1741
dolEncrypt
dolEncrypt($chain, $key='', $ciphering='AES-256-CTR', $forceseed='')
Encode a string with a symetric encryption.
Definition: security.lib.php:122
$sql
if(isModEnabled('facture') && $user->hasRight('facture', 'lire')) if((isModEnabled('fournisseur') &&empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD) && $user->hasRight("fournisseur", "facture", "lire"))||(isModEnabled('supplier_invoice') && $user->hasRight("supplier_invoice", "lire"))) if(isModEnabled('don') && $user->hasRight('don', 'lire')) if(isModEnabled('tax') &&!empty($user->rights->tax->charges->lire)) if(isModEnabled('facture') &&isModEnabled('commande') && $user->hasRight("commande", "lire") &&empty($conf->global->WORKFLOW_DISABLE_CREATE_INVOICE_FROM_ORDER)) $sql
Social contributions to pay.
Definition: index.php:746
dol_substr
dol_substr($string, $start, $length=null, $stringencoding='', $trunconbytes=0)
Make a substring.
Definition: functions.lib.php:4020
dol_strlen
dol_strlen($string, $stringencoding='UTF-8')
Make a strlen call.
Definition: functions.lib.php:3997
restrictedArea
restrictedArea(User $user, $features, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid', $isdraft=0, $mode=0)
Check permissions of a user to show a page and an object.
Definition: security.lib.php:353
isModEnabled
isModEnabled($module)
Is Dolibarr module enabled.
Definition: functions.lib.php:207
dol_encode
dol_encode($chain, $key='1')
Encode a string with base 64 algorithm + specific delta change.
Definition: security.lib.php:38
dolGetRandomBytes
dolGetRandomBytes($length)
Return a string of random bytes (hexa string) with length = $length fro cryptographic purposes.
Definition: security.lib.php:100
getDolGlobalString
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
Definition: functions.lib.php:142
User
Class to manage Dolibarr users.
Definition: user.class.php:47
dolDecrypt
dolDecrypt($chain, $key='')
Decode a string with a symetric encryption.
Definition: security.lib.php:177
checkUserAccessToObject
checkUserAccessToObject($user, array $featuresarray, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='', $dbt_select='rowid', $parenttableforentity='')
Check that access by a given user to an object is ok.
Definition: security.lib.php:828
accessforbidden
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.
Definition: security.lib.php:1169
HookManager
Class to manage hooks.
Definition: hookmanager.class.php:30
dol_decode
dol_decode($chain, $key='1')
Decode a base 64 encoded + specific delta change.
Definition: security.lib.php:69
Generated on Fri Dec 1 2023 01:01:18 for dolibarr by Doxygen 1.8.17