40 if (is_numeric($key) && $key ==
'1') {
41 $output_tab = array();
43 for ($i = 0; $i < $strlength; $i++) {
44 $output_tab[$i] = chr(ord(substr($chain, $i, 1)) + 17);
46 $chain = implode(
"", $output_tab);
50 for ($i = 0; $i < $strlength; $i++) {
51 $keychar = substr($key, ($i % strlen($key)) - 1, 1);
52 $result .= chr(ord(substr($chain, $i, 1)) + (ord($keychar) - 65));
57 return base64_encode($chain);
71 $chain = base64_decode($chain);
73 if (is_numeric($key) && $key ==
'1') {
74 $output_tab = array();
76 for ($i = 0; $i < $strlength; $i++) {
77 $output_tab[$i] = chr(ord(substr($chain, $i, 1)) - 17);
80 $chain = implode(
"", $output_tab);
84 for ($i = 0; $i < $strlength; $i++) {
85 $keychar = substr($key, ($i % strlen($key)) - 1, 1);
86 $result .= chr(ord(substr($chain, $i, 1)) - (ord($keychar) - 65));
102 if (function_exists(
'random_bytes')) {
103 return bin2hex(random_bytes((
int) floor($length / 2)));
106 return bin2hex(openssl_random_pseudo_bytes((
int) floor($length / 2)));
122 function dolEncrypt($chain, $key =
'', $ciphering =
'AES-256-CTR', $forceseed =
'')
125 global $dolibarr_disable_dolcrypt_for_debug;
127 if ($chain ===
'' || is_null($chain)) {
132 if (preg_match(
'/^dolcrypt:([^:]+):(.+)$/', $chain, $reg)) {
138 $key = $conf->file->instance_unique_id;
140 if (empty($ciphering)) {
141 $ciphering =
'AES-256-CTR';
146 if (function_exists(
'openssl_encrypt') && empty($dolibarr_disable_dolcrypt_for_debug)) {
148 if (function_exists(
'openssl_cipher_iv_length')) {
149 $ivlen = openssl_cipher_iv_length($ciphering);
151 if ($ivlen ===
false || $ivlen < 1 || $ivlen > 32) {
154 if (empty($forceseed)) {
157 $ivseed =
dol_substr(md5($forceseed), 0, $ivlen,
'ascii', 1);
160 $newchain = openssl_encrypt($chain, $ciphering, $key, 0, $ivseed);
161 return 'dolcrypt:'.$ciphering.
':'.$ivseed.
':'.$newchain;
181 if ($chain ===
'' || is_null($chain)) {
186 $key = $conf->file->instance_unique_id;
190 if (preg_match(
'/^dolcrypt:([^:]+):(.+)$/', $chain, $reg)) {
191 $ciphering = $reg[1];
192 if (function_exists(
'openssl_decrypt')) {
194 return 'Error dolDecrypt decrypt key is empty';
196 $tmpexplode = explode(
':', $reg[2]);
197 if (!empty($tmpexplode[1]) && is_string($tmpexplode[0])) {
198 $newchain = openssl_decrypt($tmpexplode[1], $ciphering, $key, 0, $tmpexplode[0]);
200 $newchain = openssl_decrypt($tmpexplode[0], $ciphering, $key, 0,
null);
203 $newchain =
'Error dolDecrypt function openssl_decrypt() not available';
226 if (($type ==
'0' || $type ==
'auto') && !empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'password_hash' && function_exists(
'password_hash')) {
227 return password_hash($chain, PASSWORD_DEFAULT);
231 if (!empty($conf->global->MAIN_SECURITY_SALT) && $type !=
'4' && $type !==
'openldap') {
232 $chain = $conf->global->MAIN_SECURITY_SALT.$chain;
235 if ($type ==
'1' || $type ==
'sha1') {
237 } elseif ($type ==
'2' || $type ==
'sha1md5') {
238 return sha1(md5($chain));
239 } elseif ($type ==
'3' || $type ==
'md5') {
241 } elseif ($type ==
'4' || $type ==
'openldap') {
243 } elseif ($type ==
'5' || $type ==
'sha256') {
244 return hash(
'sha256', $chain);
245 } elseif ($type ==
'6' || $type ==
'password_hash') {
246 return password_hash($chain, PASSWORD_DEFAULT);
247 } elseif (!empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'sha1') {
249 } elseif (!empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'sha1md5') {
250 return sha1(md5($chain));
273 if ($type ==
'0' && !empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'password_hash' && function_exists(
'password_verify')) {
274 if (! empty($hash[0]) && $hash[0] ==
'$') {
275 return password_verify($chain, $hash);
285 return dol_hash($chain, $type) == $hash;
301 $salt = substr(sha1(time()), 0, 8);
303 if ($type ===
'md5') {
304 return '{MD5}' . base64_encode(hash(
"md5", $password,
true));
305 } elseif ($type ===
'md5frommd5') {
306 return '{MD5}' . base64_encode(hex2bin($password));
307 } elseif ($type ===
'smd5') {
308 return "{SMD5}" . base64_encode(hash(
"md5", $password . $salt,
true) . $salt);
309 } elseif ($type ===
'sha') {
310 return '{SHA}' . base64_encode(hash(
"sha1", $password,
true));
311 } elseif ($type ===
'ssha') {
312 return "{SSHA}" . base64_encode(hash(
"sha1", $password . $salt,
true) . $salt);
313 } elseif ($type ===
'sha256') {
314 return "{SHA256}" . base64_encode(hash(
"sha256", $password,
true));
315 } elseif ($type ===
'ssha256') {
316 return "{SSHA256}" . base64_encode(hash(
"sha256", $password . $salt,
true) . $salt);
317 } elseif ($type ===
'sha384') {
318 return "{SHA384}" . base64_encode(hash(
"sha384", $password,
true));
319 } elseif ($type ===
'ssha384') {
320 return "{SSHA384}" . base64_encode(hash(
"sha384", $password . $salt,
true) . $salt);
321 } elseif ($type ===
'sha512') {
322 return "{SHA512}" . base64_encode(hash(
"sha512", $password,
true));
323 } elseif ($type ===
'ssha512') {
324 return "{SSHA512}" . base64_encode(hash(
"sha512", $password . $salt,
true) . $salt);
325 } elseif ($type ===
'crypt') {
326 return '{CRYPT}' . crypt($password, $salt);
327 } elseif ($type ===
'clear') {
328 return '{CLEAR}' . $password;
353 function restrictedArea(
User $user, $features, $object = 0, $tableandshare =
'', $feature2 =
'', $dbt_keyfield =
'fk_soc', $dbt_select =
'rowid', $isdraft = 0, $mode = 0)
359 if (is_object($object)) {
360 $objectid = $object->id;
364 if ($objectid ==
"-1") {
368 $objectid = preg_replace(
'/[^0-9\.\,]/',
'', $objectid);
377 $parentfortableentity =
'';
380 $originalfeatures = $features;
381 if ($features ==
'agenda') {
382 $tableandshare =
'actioncomm&societe';
383 $feature2 =
'myactions|allactions';
386 if ($features ==
'bank') {
387 $features =
'banque';
389 if ($features ==
'facturerec') {
390 $features =
'facture';
392 if ($features ==
'mo') {
395 if ($features ==
'member') {
396 $features =
'adherent';
398 if ($features ==
'subscription') {
399 $features =
'adherent';
400 $feature2 =
'cotisation';
402 if ($features ==
'website' && is_object($object) && $object->element ==
'websitepage') {
403 $parentfortableentity =
'fk_website@website';
405 if ($features ==
'project') {
406 $features =
'projet';
408 if ($features ==
'product') {
409 $features =
'produit';
411 if ($features ==
'productbatch') {
412 $features =
'produit';
414 if ($features ==
'tax') {
415 $feature2 =
'charges';
417 if ($features ==
'workstation') {
418 $feature2 =
'workstation';
420 if ($features ==
'fournisseur') {
421 $features =
'fournisseur';
422 if (is_object($object) && $object->element ==
'invoice_supplier') {
423 $feature2 =
'facture';
424 } elseif (is_object($object) && $object->element ==
'order_supplier') {
425 $feature2 =
'commande';
432 $parameters = array(
'features'=>$features,
'originalfeatures'=>$originalfeatures,
'objectid'=>$objectid,
'dbt_select'=>$dbt_select,
'idtype'=>$dbt_select,
'isdraft'=>$isdraft);
433 $reshook = $hookmanager->executeHooks(
'restrictedArea', $parameters);
435 if (isset($hookmanager->resArray[
'result'])) {
436 if ($hookmanager->resArray[
'result'] == 0) {
449 $featuresarray = array($features);
450 if (preg_match(
'/&/', $features)) {
451 $featuresarray = explode(
"&", $features);
452 } elseif (preg_match(
'/\|/', $features)) {
453 $featuresarray = explode(
"|", $features);
457 if (!empty($feature2)) {
458 $feature2 = explode(
"|", $feature2);
461 $listofmodules = explode(
',', $conf->global->MAIN_MODULES_FOR_EXTERNAL);
466 foreach ($featuresarray as $feature) {
467 $featureforlistofmodule = $feature;
468 if ($featureforlistofmodule ==
'produit') {
469 $featureforlistofmodule =
'product';
471 if ($featureforlistofmodule ==
'supplier_proposal') {
472 $featureforlistofmodule =
'supplierproposal';
474 if (!empty($user->socid) && !empty($conf->global->MAIN_MODULES_FOR_EXTERNAL) && !in_array($featureforlistofmodule, $listofmodules)) {
480 if ($feature ==
'societe' && (empty($feature2) || !in_array(
'contact', $feature2))) {
481 if (!$user->hasRight(
'societe',
'lire') && !$user->hasRight(
'fournisseur',
'lire')) {
485 } elseif (($feature ==
'societe' && (!empty($feature2) && in_array(
'contact', $feature2))) || $feature ==
'contact') {
486 if (empty($user->rights->societe->contact->lire)) {
490 } elseif ($feature ==
'produit|service') {
491 if (empty($user->rights->produit->lire) && empty($user->rights->service->lire)) {
495 } elseif ($feature ==
'prelevement') {
496 if (empty($user->rights->prelevement->bons->lire)) {
500 } elseif ($feature ==
'cheque') {
501 if (empty($user->rights->banque->cheque)) {
505 } elseif ($feature ==
'projet') {
506 if (empty($user->rights->projet->lire) && empty($user->rights->projet->all->lire)) {
510 } elseif ($feature ==
'payment') {
511 if (!$user->hasRight(
'facture',
'lire')) {
515 } elseif ($feature ==
'payment_supplier') {
516 if (empty($user->rights->fournisseur->facture->lire)) {
520 } elseif ($feature ==
'payment_sc') {
521 if (empty($user->rights->tax->charges->lire)) {
525 } elseif (!empty($feature2)) {
527 foreach ($feature2 as $subfeature) {
528 if ($subfeature ==
'user' && $user->id == $objectid) {
531 if ($subfeature ==
'fiscalyear' && $user->hasRight(
'accounting',
'fiscalyear',
'write')) {
536 if (!empty($subfeature) && empty($user->rights->$feature->$subfeature->lire) && empty($user->rights->$feature->$subfeature->read)) {
538 } elseif (empty($subfeature) && empty($user->rights->$feature->lire) && empty($user->rights->$feature->read)) {
549 } elseif (!empty($feature) && ($feature !=
'user' && $feature !=
'usergroup')) {
550 if (empty($user->rights->$feature->lire)
551 && empty($user->rights->$feature->read)
552 && empty($user->rights->$feature->run)) {
560 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
576 $wemustcheckpermissionforcreate = (
GETPOST(
'sendit',
'alpha') ||
GETPOST(
'linkit',
'alpha') || in_array(
GETPOST(
'action',
'aZ09'), array(
'create',
'update',
'set',
'upload',
'add_element_resource',
'confirm_deletebank',
'confirm_delete_linked_resource')) ||
GETPOST(
'roworder',
'alpha', 2));
577 $wemustcheckpermissionfordeletedraft = ((
GETPOST(
"action",
"aZ09") ==
'confirm_delete' &&
GETPOST(
"confirm",
"aZ09") ==
'yes') ||
GETPOST(
"action",
"aZ09") ==
'delete');
579 if ($wemustcheckpermissionforcreate || $wemustcheckpermissionfordeletedraft) {
580 foreach ($featuresarray as $feature) {
581 if ($feature ==
'contact') {
582 if (empty($user->rights->societe->contact->creer)) {
586 } elseif ($feature ==
'produit|service') {
587 if (empty($user->rights->produit->creer) && empty($user->rights->service->creer)) {
591 } elseif ($feature ==
'prelevement') {
592 if (!$user->rights->prelevement->bons->creer) {
596 } elseif ($feature ==
'commande_fournisseur') {
597 if (empty($user->rights->fournisseur->commande->creer) || empty($user->rights->supplier_order->creer)) {
601 } elseif ($feature ==
'banque') {
602 if (!$user->hasRight(
'banque',
'modifier')) {
606 } elseif ($feature ==
'cheque') {
607 if (empty($user->rights->banque->cheque)) {
611 } elseif ($feature ==
'import') {
612 if (empty($user->rights->import->run)) {
616 } elseif ($feature ==
'ecm') {
617 if (!$user->rights->ecm->upload) {
621 } elseif ($feature ==
'modulebuilder') {
622 if (!$user->hasRight(
'modulebuilder',
'run')) {
626 } elseif (!empty($feature2)) {
627 foreach ($feature2 as $subfeature) {
628 if ($subfeature ==
'user' && $user->id == $objectid && $user->hasRight(
'user',
'self',
'creer')) {
631 if ($subfeature ==
'user' && $user->id == $objectid && $user->hasRight(
'user',
'self',
'password')) {
634 if ($subfeature ==
'user' && $user->id != $objectid && $user->hasRight(
'user',
'user',
'password')) {
638 if (empty($user->rights->$feature->$subfeature->creer)
639 && empty($user->rights->$feature->$subfeature->write)
640 && empty($user->rights->$feature->$subfeature->create)) {
649 } elseif (!empty($feature)) {
651 if (empty($user->rights->$feature->creer)
652 && empty($user->rights->$feature->write)
653 && empty($user->rights->$feature->create)) {
661 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
665 if ($wemustcheckpermissionforcreate && !$createok) {
677 if (
GETPOST(
'action',
'aZ09') ==
'confirm_create_user' &&
GETPOST(
"confirm",
'aZ09') ==
'yes') {
678 if (!$user->hasRight(
'user',
'user',
'creer')) {
682 if (!$createuserok) {
695 if ((
GETPOST(
"action",
"aZ09") ==
'confirm_delete' &&
GETPOST(
"confirm",
"aZ09") ==
'yes') ||
GETPOST(
"action",
"aZ09") ==
'delete') {
696 foreach ($featuresarray as $feature) {
697 if ($feature ==
'bookmark') {
698 if (!$user->rights->bookmark->supprimer) {
699 if ($user->id != $object->fk_user || empty($user->rights->bookmark->creer)) {
703 } elseif ($feature ==
'contact') {
704 if (!$user->rights->societe->contact->supprimer) {
707 } elseif ($feature ==
'produit|service') {
708 if (!$user->hasRight(
'produit',
'supprimer') && !$user->hasRight(
'service',
'supprimer')) {
711 } elseif ($feature ==
'commande_fournisseur') {
712 if (!$user->rights->fournisseur->commande->supprimer) {
715 } elseif ($feature ==
'payment_supplier') {
716 if (!$user->rights->fournisseur->facture->creer) {
719 } elseif ($feature ==
'payment') {
720 if (!$user->rights->facture->paiement) {
723 } elseif ($feature ==
'payment_sc') {
724 if (!$user->rights->tax->charges->creer) {
727 } elseif ($feature ==
'banque') {
728 if (!$user->hasRight(
'banque',
'modifier')) {
731 } elseif ($feature ==
'cheque') {
732 if (empty($user->rights->banque->cheque)) {
735 } elseif ($feature ==
'ecm') {
736 if (!$user->rights->ecm->upload) {
739 } elseif ($feature ==
'ftp') {
740 if (!$user->rights->ftp->write) {
743 } elseif ($feature ==
'salaries') {
744 if (!$user->rights->salaries->delete) {
747 } elseif ($feature ==
'adherent') {
748 if (empty($user->rights->adherent->supprimer)) {
751 } elseif ($feature ==
'paymentbybanktransfer') {
752 if (empty($user->rights->paymentbybanktransfer->create)) {
755 } elseif ($feature ==
'prelevement') {
756 if (empty($user->rights->prelevement->bons->creer)) {
759 } elseif (!empty($feature2)) {
760 foreach ($feature2 as $subfeature) {
761 if (empty($user->rights->$feature->$subfeature->supprimer) && empty($user->rights->$feature->$subfeature->delete)) {
768 } elseif (!empty($feature)) {
770 if (empty($user->rights->$feature->supprimer)
771 && empty($user->rights->$feature->delete)
772 && empty($user->rights->$feature->run)) {
779 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
783 if (!$deleteok && !($isdraft && $createok)) {
795 if (!empty($objectid) && $objectid > 0) {
796 $ok =
checkUserAccessToObject($user, $featuresarray, $object, $tableandshare, $feature2, $dbt_keyfield, $dbt_select, $parentfortableentity);
797 $params = array(
'objectid' => $objectid,
'features' => join(
',', $featuresarray),
'features2' => $feature2);
828 function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tableandshare =
'', $feature2 =
'', $dbt_keyfield =
'', $dbt_select =
'rowid', $parenttableforentity =
'')
832 if (is_object($object)) {
833 $objectid = $object->id;
837 $objectid = preg_replace(
'/[^0-9\.\,]/',
'', $objectid);
844 $params = explode(
'&', $tableandshare);
845 $dbtablename = (!empty($params[0]) ? $params[0] :
'');
846 $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename);
848 foreach ($featuresarray as $feature) {
854 if ($feature ==
'societe' && !empty($feature2) && is_array($feature2) && in_array(
'contact', $feature2)) {
855 $feature =
'contact';
858 if ($feature ==
'member') {
859 $feature =
'adherent';
861 if ($feature ==
'project') {
864 if ($feature ==
'task') {
865 $feature =
'projet_task';
867 if ($feature ==
'eventorganization') {
869 $dbtablename =
'actioncomm';
871 if ($feature ==
'payment_sc') {
872 $feature =
"chargesociales";
873 $objectid = $object->fk_charge;
876 $checkonentitydone = 0;
879 $check = array(
'adherent',
'banque',
'bom',
'don',
'mrp',
'user',
'usergroup',
'payment',
'payment_supplier',
'product',
'produit',
'service',
'produit|service',
'categorie',
'resource',
'expensereport',
'holiday',
'salaries',
'website',
'recruitment',
'chargesociales');
880 $checksoc = array(
'societe');
881 $checkparentsoc = array(
'agenda',
'contact',
'contrat');
882 $checkproject = array(
'projet',
'project');
883 $checktask = array(
'projet_task');
884 $checkhierarchy = array(
'expensereport',
'holiday');
885 $checkuser = array(
'bookmark');
886 $nocheck = array(
'barcode',
'stock');
891 if (empty($dbtablename)) {
892 $dbtablename = $feature;
893 $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename);
897 if ($dbt_select !=
'rowid' && $dbt_select !=
'id') {
898 $objectid =
"'".$objectid.
"'";
902 if (in_array($feature, $check) && $objectid > 0) {
903 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
904 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
905 if (($feature ==
'user' || $feature ==
'usergroup') &&
isModEnabled(
'multicompany')) {
906 if (!empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) {
907 if ($conf->entity == 1 && $user->admin && !$user->entity) {
908 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
909 $sql .=
" AND dbt.entity IS NOT NULL";
911 $sql .=
",".MAIN_DB_PREFIX.
"usergroup_user as ug";
912 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
913 $sql .=
" AND ((ug.fk_user = dbt.rowid";
914 $sql .=
" AND ug.entity IN (".getEntity(
'usergroup').
"))";
915 $sql .=
" OR dbt.entity = 0)";
918 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
919 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
923 if ($parenttableforentity && preg_match(
'/(.*)@(.*)/', $parenttableforentity, $reg)) {
924 $sql .=
", ".MAIN_DB_PREFIX.$reg[2].
" as dbtp";
925 $sql .=
" WHERE dbt.".$reg[1].
" = dbtp.rowid AND dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
926 $sql .=
" AND dbtp.entity IN (".getEntity($sharedelement, 1).
")";
928 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
929 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
932 $checkonentitydone = 1;
934 if (in_array($feature, $checksoc) && $objectid > 0) {
936 if ($user->socid > 0) {
937 if ($user->socid != $objectid) {
940 } elseif (
isModEnabled(
"societe") && ($user->hasRight(
'societe',
'lire') && empty($user->rights->societe->client->voir))) {
942 $sql =
"SELECT COUNT(sc.fk_soc) as nb";
943 $sql .=
" FROM (".MAIN_DB_PREFIX.
"societe_commerciaux as sc";
944 $sql .=
", ".MAIN_DB_PREFIX.
"societe as s)";
945 $sql .=
" WHERE sc.fk_soc IN (".$db->sanitize($objectid, 1).
")";
946 $sql .=
" AND sc.fk_user = ".((int) $user->id);
947 $sql .=
" AND sc.fk_soc = s.rowid";
948 $sql .=
" AND s.entity IN (".getEntity($sharedelement, 1).
")";
951 $sql =
"SELECT COUNT(s.rowid) as nb";
952 $sql .=
" FROM ".MAIN_DB_PREFIX.
"societe as s";
953 $sql .=
" WHERE s.rowid IN (".$db->sanitize($objectid, 1).
")";
954 $sql .=
" AND s.entity IN (".getEntity($sharedelement, 1).
")";
957 $checkonentitydone = 1;
959 if (in_array($feature, $checkparentsoc) && $objectid > 0) {
961 if ($user->socid > 0) {
962 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
963 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
964 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
965 $sql .=
" AND dbt.fk_soc = ".((int) $user->socid);
966 } elseif (
isModEnabled(
"societe") && ($user->hasRight(
'societe',
'lire') && empty($user->rights->societe->client->voir))) {
968 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
969 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
970 $sql .=
" LEFT JOIN ".MAIN_DB_PREFIX.
"societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
971 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
972 $sql .=
" AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)";
973 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
976 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
977 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
978 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
979 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
982 $checkonentitydone = 1;
984 if (in_array($feature, $checkproject) && $objectid > 0) {
985 if (
isModEnabled(
'project') && empty($user->rights->projet->all->lire)) {
986 $projectid = $objectid;
988 include_once DOL_DOCUMENT_ROOT.
'/projet/class/project.class.php';
989 $projectstatic =
new Project($db);
990 $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
992 $tmparray = explode(
',', $tmps);
993 if (!in_array($projectid, $tmparray)) {
997 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
998 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
999 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1000 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1002 $checkonentitydone = 1;
1004 if (in_array($feature, $checktask) && $objectid > 0) {
1005 if (
isModEnabled(
'project') && empty($user->rights->projet->all->lire)) {
1006 $task =
new Task($db);
1007 $task->fetch($objectid);
1008 $projectid = $task->fk_project;
1010 include_once DOL_DOCUMENT_ROOT.
'/projet/class/project.class.php';
1011 $projectstatic =
new Project($db);
1012 $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
1014 $tmparray = explode(
',', $tmps);
1015 if (!in_array($projectid, $tmparray)) {
1019 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1020 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1021 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1022 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1025 $checkonentitydone = 1;
1029 if (!$checkonentitydone && !in_array($feature, $nocheck) && $objectid > 0) {
1031 if ($user->socid > 0) {
1032 if (empty($dbt_keyfield)) {
1033 dol_print_error(
'',
'Param dbt_keyfield is required but not defined');
1035 $sql =
"SELECT COUNT(dbt.".$dbt_keyfield.
") as nb";
1036 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1037 $sql .=
" WHERE dbt.rowid IN (".$db->sanitize($objectid, 1).
")";
1038 $sql .=
" AND dbt.".$dbt_keyfield.
" = ".((int) $user->socid);
1039 } elseif (
isModEnabled(
"societe") && empty($user->rights->societe->client->voir)) {
1041 if ($feature !=
'ticket') {
1042 if (empty($dbt_keyfield)) {
1043 dol_print_error(
'',
'Param dbt_keyfield is required but not defined');
1045 $sql =
"SELECT COUNT(sc.fk_soc) as nb";
1046 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1047 $sql .=
", ".MAIN_DB_PREFIX.
"societe_commerciaux as sc";
1048 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1049 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1050 $sql .=
" AND sc.fk_soc = dbt.".$dbt_keyfield;
1051 $sql .=
" AND sc.fk_user = ".((int) $user->id);
1054 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1055 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1056 $sql .=
" LEFT JOIN ".MAIN_DB_PREFIX.
"societe_commerciaux as sc ON sc.fk_soc = dbt.".$dbt_keyfield.
" AND sc.fk_user = ".((int) $user->id);
1057 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1058 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1059 $sql .=
" AND (sc.fk_user = ".((int) $user->id).
" OR sc.fk_user IS NULL)";
1063 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1064 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1065 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1066 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1071 if ($feature ===
'agenda' && $objectid > 0) {
1073 if ($objectid > 0 && empty($user->rights->agenda->allactions->read)) {
1074 require_once DOL_DOCUMENT_ROOT.
'/comm/action/class/actioncomm.class.php';
1076 $action->fetch($objectid);
1077 if ($action->authorid != $user->id && $action->userownerid != $user->id && !(array_key_exists($user->id, $action->userassigned))) {
1085 if (in_array($feature, $checkhierarchy) && is_object($object) && $objectid > 0) {
1086 $childids = $user->getAllChildIds(1);
1088 if ($feature ==
'holiday') {
1089 $useridtocheck = $object->fk_user;
1090 if (!in_array($object->fk_user, $childids) && !in_array($object->fk_validator, $childids)) {
1094 if ($feature ==
'expensereport') {
1095 $useridtocheck = $object->fk_user_author;
1096 if (!$user->rights->expensereport->readall) {
1097 if (!in_array($useridtocheck, $childids)) {
1106 if (in_array($feature, $checkuser) && is_object($object) && $objectid > 0) {
1107 $useridtocheck = $object->fk_user;
1108 if (!empty($useridtocheck) && $useridtocheck > 0 && $useridtocheck != $user->id && empty($user->admin)) {
1114 $resql = $db->query(
$sql);
1116 $obj = $db->fetch_object($resql);
1117 if (!$obj || $obj->nb < count(explode(
',', $objectid))) {
1121 dol_syslog(
"Bad forged sql in checkUserAccessToObject", LOG_WARNING);
1145 http_response_code($http_response_code);
1147 if ($stringalreadysanitized) {
1150 print htmlentities($message);
1169 function accessforbidden($message =
'', $printheader = 1, $printfooter = 1, $showonlymessage = 0, $params =
null)
1171 global $conf, $db, $user, $langs, $hookmanager;
1172 global $action, $object;
1174 if (!is_object($langs)) {
1175 include_once DOL_DOCUMENT_ROOT.
'/core/class/translate.class.php';
1177 $langs->setDefaultLang();
1180 $langs->load(
"errors");
1183 if (function_exists(
"llxHeader")) {
1185 } elseif (function_exists(
"llxHeaderVierge")) {
1189 print
'<div class="error">';
1190 if (empty($message)) {
1191 print $langs->trans(
"ErrorForbidden");
1193 print $langs->trans($message);
1197 if (empty($showonlymessage)) {
1198 if (empty($hookmanager)) {
1199 include_once DOL_DOCUMENT_ROOT.
'/core/class/hookmanager.class.php';
1202 $hookmanager->initHooks(array(
'main'));
1205 $parameters = array(
'message'=>$message,
'params'=>$params);
1206 $reshook = $hookmanager->executeHooks(
'getAccessForbiddenMessage', $parameters, $object, $action);
1207 print $hookmanager->resPrint;
1208 if (empty($reshook)) {
1209 $langs->loadLangs(array(
"errors"));
1211 print $langs->trans(
"CurrentLogin").
': <span class="error">'.$user->login.
'</span><br>';
1212 print $langs->trans(
"ErrorForbidden2", $langs->transnoentitiesnoconv(
"Home"), $langs->transnoentitiesnoconv(
"Users"));
1213 print $langs->trans(
"ErrorForbidden4");
1215 print $langs->trans(
"ErrorForbidden3");
1219 if ($printfooter && function_exists(
"llxFooter")) {
1237 $max = $conf->global->MAIN_UPLOAD_DOC;
1238 $maxphp = @ini_get(
'upload_max_filesize');
1239 if (preg_match(
'/k$/i', $maxphp)) {
1240 $maxphp = preg_replace(
'/k$/i',
'', $maxphp);
1241 $maxphp = $maxphp * 1;
1243 if (preg_match(
'/m$/i', $maxphp)) {
1244 $maxphp = preg_replace(
'/m$/i',
'', $maxphp);
1245 $maxphp = $maxphp * 1024;
1247 if (preg_match(
'/g$/i', $maxphp)) {
1248 $maxphp = preg_replace(
'/g$/i',
'', $maxphp);
1249 $maxphp = $maxphp * 1024 * 1024;
1251 if (preg_match(
'/t$/i', $maxphp)) {
1252 $maxphp = preg_replace(
'/t$/i',
'', $maxphp);
1253 $maxphp = $maxphp * 1024 * 1024 * 1024;
1255 $maxphp2 = @ini_get(
'post_max_size');
1256 if (preg_match(
'/k$/i', $maxphp2)) {
1257 $maxphp2 = preg_replace(
'/k$/i',
'', $maxphp2);
1258 $maxphp2 = $maxphp2 * 1;
1260 if (preg_match(
'/m$/i', $maxphp2)) {
1261 $maxphp2 = preg_replace(
'/m$/i',
'', $maxphp2);
1262 $maxphp2 = $maxphp2 * 1024;
1264 if (preg_match(
'/g$/i', $maxphp2)) {
1265 $maxphp2 = preg_replace(
'/g$/i',
'', $maxphp2);
1266 $maxphp2 = $maxphp2 * 1024 * 1024;
1268 if (preg_match(
'/t$/i', $maxphp2)) {
1269 $maxphp2 = preg_replace(
'/t$/i',
'', $maxphp2);
1270 $maxphp2 = $maxphp2 * 1024 * 1024 * 1024;
1274 $maxphptoshow = $maxphptoshowparam =
'';
1276 $maxmin = min($maxmin, $maxphp);
1277 $maxphptoshow = $maxphp;
1278 $maxphptoshowparam =
'upload_max_filesize';
1281 $maxmin = min($maxmin, $maxphp2);
1282 if ($maxphp2 < $maxphp) {
1283 $maxphptoshow = $maxphp2;
1284 $maxphptoshowparam =
'post_max_size';
1290 return array(
'max'=>$max,
'maxmin'=>$maxmin,
'maxphptoshow'=>$maxphptoshow,
'maxphptoshowparam'=>$maxphptoshowparam);