dolibarr  18.0.0-alpha
security.lib.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2008-2021 Laurent Destailleur <eldy@users.sourceforge.net>
3  * Copyright (C) 2008-2021 Regis Houssin <regis.houssin@inodbox.com>
4  * Copyright (C) 2020 Ferran Marcet <fmarcet@2byte.es>
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 3 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program. If not, see <https://www.gnu.org/licenses/>.
18  * or see https://www.gnu.org/
19  */
20 
38 function dol_encode($chain, $key = '1')
39 {
40  if (is_numeric($key) && $key == '1') { // rule 1 is offset of 17 for char
41  $output_tab = array();
42  $strlength = dol_strlen($chain);
43  for ($i = 0; $i < $strlength; $i++) {
44  $output_tab[$i] = chr(ord(substr($chain, $i, 1)) + 17);
45  }
46  $chain = implode("", $output_tab);
47  } elseif ($key) {
48  $result = '';
49  $strlength = dol_strlen($chain);
50  for ($i = 0; $i < $strlength; $i++) {
51  $keychar = substr($key, ($i % strlen($key)) - 1, 1);
52  $result .= chr(ord(substr($chain, $i, 1)) + (ord($keychar) - 65));
53  }
54  $chain = $result;
55  }
56 
57  return base64_encode($chain);
58 }
59 
69 function dol_decode($chain, $key = '1')
70 {
71  $chain = base64_decode($chain);
72 
73  if (is_numeric($key) && $key == '1') { // rule 1 is offset of 17 for char
74  $output_tab = array();
75  $strlength = dol_strlen($chain);
76  for ($i = 0; $i < $strlength; $i++) {
77  $output_tab[$i] = chr(ord(substr($chain, $i, 1)) - 17);
78  }
79 
80  $chain = implode("", $output_tab);
81  } elseif ($key) {
82  $result = '';
83  $strlength = dol_strlen($chain);
84  for ($i = 0; $i < $strlength; $i++) {
85  $keychar = substr($key, ($i % strlen($key)) - 1, 1);
86  $result .= chr(ord(substr($chain, $i, 1)) - (ord($keychar) - 65));
87  }
88  $chain = $result;
89  }
90 
91  return $chain;
92 }
93 
100 function dolGetRandomBytes($length)
101 {
102  if (function_exists('random_bytes')) { // Available with PHP 7 only.
103  return bin2hex(random_bytes((int) floor($length / 2))); // the bin2hex will double the number of bytes so we take length / 2
104  }
105 
106  return bin2hex(openssl_random_pseudo_bytes((int) floor($length / 2))); // the bin2hex will double the number of bytes so we take length / 2. May be very slow on Windows.
107 }
108 
119 function dolEncrypt($chain, $key = '', $ciphering = "AES-256-CTR")
120 {
121  global $dolibarr_main_instance_unique_id;
122  global $dolibarr_disable_dolcrypt_for_debug;
123 
124  if ($chain === '' || is_null($chain)) {
125  return '';
126  }
127 
128  $reg = array();
129  if (preg_match('/^dolcrypt:([^:]+):(.+)$/', $chain, $reg)) {
130  // The $chain is already a crypted string
131  return $chain;
132  }
133 
134  if (empty($key)) {
135  $key = $dolibarr_main_instance_unique_id;
136  }
137 
138  $newchain = $chain;
139 
140  if (function_exists('openssl_encrypt') && empty($dolibarr_disable_dolcrypt_for_debug)) {
141  $ivlen = 16;
142  if (function_exists('openssl_cipher_iv_length')) {
143  $ivlen = openssl_cipher_iv_length($ciphering);
144  }
145  if ($ivlen === false || $ivlen < 1 || $ivlen > 32) {
146  $ivlen = 16;
147  }
148  $ivseed = dolGetRandomBytes($ivlen);
149 
150  $newchain = openssl_encrypt($chain, $ciphering, $key, 0, $ivseed);
151  return 'dolcrypt:'.$ciphering.':'.$ivseed.':'.$newchain;
152  } else {
153  return $chain;
154  }
155 }
156 
166 function dolDecrypt($chain, $key = '')
167 {
168  global $dolibarr_main_instance_unique_id;
169 
170  if ($chain === '' || is_null($chain)) {
171  return '';
172  }
173 
174  if (empty($key)) {
175  $key = $dolibarr_main_instance_unique_id;
176  }
177 
178  $reg = array();
179  if (preg_match('/^dolcrypt:([^:]+):(.+)$/', $chain, $reg)) {
180  $ciphering = $reg[1];
181  if (function_exists('openssl_decrypt')) {
182  if (empty($key)) {
183  return 'Error dolDecrypt decrypt key is empty';
184  }
185  $tmpexplode = explode(':', $reg[2]);
186  if (!empty($tmpexplode[1]) && is_string($tmpexplode[0])) {
187  $newchain = openssl_decrypt($tmpexplode[1], $ciphering, $key, 0, $tmpexplode[0]);
188  } else {
189  $newchain = openssl_decrypt($tmpexplode[0], $ciphering, $key, 0, null);
190  }
191  } else {
192  $newchain = 'Error dolDecrypt function openssl_decrypt() not available';
193  }
194  return $newchain;
195  } else {
196  return $chain;
197  }
198 }
199 
210 function dol_hash($chain, $type = '0')
211 {
212  global $conf;
213 
214  // No need to add salt for password_hash
215  if (($type == '0' || $type == 'auto') && !empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'password_hash' && function_exists('password_hash')) {
216  return password_hash($chain, PASSWORD_DEFAULT);
217  }
218 
219  // Salt value
220  if (!empty($conf->global->MAIN_SECURITY_SALT) && $type != '4' && $type !== 'openldap') {
221  $chain = $conf->global->MAIN_SECURITY_SALT.$chain;
222  }
223 
224  if ($type == '1' || $type == 'sha1') {
225  return sha1($chain);
226  } elseif ($type == '2' || $type == 'sha1md5') {
227  return sha1(md5($chain));
228  } elseif ($type == '3' || $type == 'md5') {
229  return md5($chain);
230  } elseif ($type == '4' || $type == 'openldap') {
231  return dolGetLdapPasswordHash($chain, getDolGlobalString('LDAP_PASSWORD_HASH_TYPE', 'md5'));
232  } elseif ($type == '5' || $type == 'sha256') {
233  return hash('sha256', $chain);
234  } elseif ($type == '6' || $type == 'password_hash') {
235  return password_hash($chain, PASSWORD_DEFAULT);
236  } elseif (!empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'sha1') {
237  return sha1($chain);
238  } elseif (!empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'sha1md5') {
239  return sha1(md5($chain));
240  }
241 
242  // No particular encoding defined, use default
243  return md5($chain);
244 }
245 
258 function dol_verifyHash($chain, $hash, $type = '0')
259 {
260  global $conf;
261 
262  if ($type == '0' && !empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'password_hash' && function_exists('password_verify')) {
263  if ($hash[0] == '$') {
264  return password_verify($chain, $hash);
265  } elseif (strlen($hash) == 32) {
266  return dol_verifyHash($chain, $hash, '3'); // md5
267  } elseif (strlen($hash) == 40) {
268  return dol_verifyHash($chain, $hash, '2'); // sha1md5
269  }
270 
271  return false;
272  }
273 
274  return dol_hash($chain, $type) == $hash;
275 }
276 
284 function dolGetLdapPasswordHash($password, $type = 'md5')
285 {
286  if (empty($type)) {
287  $type = 'md5';
288  }
289 
290  $salt = substr(sha1(time()), 0, 8);
291 
292  if ($type === 'md5') {
293  return '{MD5}' . base64_encode(hash("md5", $password, true)); //For OpenLdap with md5 (based on an unencrypted password in base)
294  } elseif ($type === 'md5frommd5') {
295  return '{MD5}' . base64_encode(hex2bin($password)); // Create OpenLDAP MD5 password from Dolibarr MD5 password
296  } elseif ($type === 'smd5') {
297  return "{SMD5}" . base64_encode(hash("md5", $password . $salt, true) . $salt);
298  } elseif ($type === 'sha') {
299  return '{SHA}' . base64_encode(hash("sha1", $password, true));
300  } elseif ($type === 'ssha') {
301  return "{SSHA}" . base64_encode(hash("sha1", $password . $salt, true) . $salt);
302  } elseif ($type === 'sha256') {
303  return "{SHA256}" . base64_encode(hash("sha256", $password, true));
304  } elseif ($type === 'ssha256') {
305  return "{SSHA256}" . base64_encode(hash("sha256", $password . $salt, true) . $salt);
306  } elseif ($type === 'sha384') {
307  return "{SHA384}" . base64_encode(hash("sha384", $password, true));
308  } elseif ($type === 'ssha384') {
309  return "{SSHA384}" . base64_encode(hash("sha384", $password . $salt, true) . $salt);
310  } elseif ($type === 'sha512') {
311  return "{SHA512}" . base64_encode(hash("sha512", $password, true));
312  } elseif ($type === 'ssha512') {
313  return "{SSHA512}" . base64_encode(hash("sha512", $password . $salt, true) . $salt);
314  } elseif ($type === 'crypt') {
315  return '{CRYPT}' . crypt($password, $salt);
316  } elseif ($type === 'clear') {
317  return '{CLEAR}' . $password; // Just for test, plain text password is not secured !
318  }
319 }
320 
341 function restrictedArea(User $user, $features, $object = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = 'fk_soc', $dbt_select = 'rowid', $isdraft = 0, $mode = 0)
342 {
343  global $db, $conf;
344  global $hookmanager;
345 
346  if (is_object($object)) {
347  $objectid = $object->id;
348  } else {
349  $objectid = $object; // $objectid can be X or 'X,Y,Z'
350  }
351  if ($objectid) {
352  $objectid = preg_replace('/[^0-9\.\,]/', '', $objectid); // For the case value is coming from a non sanitized user input
353  }
354 
355  //dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename, $feature2, $dbt_socfield, $dbt_select, $isdraft");
356  //print "user_id=".$user->id.", features=".$features.", feature2=".$feature2.", objectid=".$objectid;
357  //print ", dbtablename=".$tableandshare.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select;
358  //print ", perm: ".$features."->".$feature2."=".($user->rights->$features->$feature2->lire)."<br>";
359 
360  $parentfortableentity = '';
361 
362  // Fix syntax of $features param
363  $originalfeatures = $features;
364  if ($features == 'facturerec') {
365  $features = 'facture';
366  }
367  if ($features == 'mo') {
368  $features = 'mrp';
369  }
370  if ($features == 'member') {
371  $features = 'adherent';
372  }
373  if ($features == 'subscription') {
374  $features = 'adherent';
375  $feature2 = 'cotisation';
376  }
377  if ($features == 'websitepage') {
378  $features = 'website';
379  $tableandshare = 'website_page';
380  $parentfortableentity = 'fk_website@website';
381  }
382  if ($features == 'project') {
383  $features = 'projet';
384  }
385  if ($features == 'product') {
386  $features = 'produit';
387  }
388 
389  // Get more permissions checks from hooks
390  $parameters = array('features'=>$features, 'originalfeatures'=>$originalfeatures, 'objectid'=>$objectid, 'dbt_select'=>$dbt_select, 'idtype'=>$dbt_select, 'isdraft'=>$isdraft);
391  $reshook = $hookmanager->executeHooks('restrictedArea', $parameters);
392 
393  if (isset($hookmanager->resArray['result'])) {
394  if ($hookmanager->resArray['result'] == 0) {
395  if ($mode) {
396  return 0;
397  } else {
398  accessforbidden(); // Module returns 0, so access forbidden
399  }
400  }
401  }
402  if ($reshook > 0) { // No other test done.
403  return 1;
404  }
405 
406  // Features/modules to check
407  $featuresarray = array($features);
408  if (preg_match('/&/', $features)) {
409  $featuresarray = explode("&", $features);
410  } elseif (preg_match('/\|/', $features)) {
411  $featuresarray = explode("|", $features);
412  }
413 
414  // More subfeatures to check
415  if (!empty($feature2)) {
416  $feature2 = explode("|", $feature2);
417  }
418 
419  $listofmodules = explode(',', $conf->global->MAIN_MODULES_FOR_EXTERNAL);
420 
421  // Check read permission from module
422  $readok = 1;
423  $nbko = 0;
424  foreach ($featuresarray as $feature) { // first we check nb of test ko
425  $featureforlistofmodule = $feature;
426  if ($featureforlistofmodule == 'produit') {
427  $featureforlistofmodule = 'product';
428  }
429  if (!empty($user->socid) && !empty($conf->global->MAIN_MODULES_FOR_EXTERNAL) && !in_array($featureforlistofmodule, $listofmodules)) { // If limits on modules for external users, module must be into list of modules for external users
430  $readok = 0;
431  $nbko++;
432  continue;
433  }
434 
435  if ($feature == 'societe') {
436  if (!$user->hasRight('societe', 'lire') && !$user->hasRight('fournisseur', 'lire')) {
437  $readok = 0;
438  $nbko++;
439  }
440  } elseif ($feature == 'contact') {
441  if (empty($user->rights->societe->contact->lire)) {
442  $readok = 0;
443  $nbko++;
444  }
445  } elseif ($feature == 'produit|service') {
446  if (empty($user->rights->produit->lire) && empty($user->rights->service->lire)) {
447  $readok = 0;
448  $nbko++;
449  }
450  } elseif ($feature == 'prelevement') {
451  if (empty($user->rights->prelevement->bons->lire)) {
452  $readok = 0;
453  $nbko++;
454  }
455  } elseif ($feature == 'cheque') {
456  if (empty($user->rights->banque->cheque)) {
457  $readok = 0;
458  $nbko++;
459  }
460  } elseif ($feature == 'projet') {
461  if (empty($user->rights->projet->lire) && empty($user->rights->projet->all->lire)) {
462  $readok = 0;
463  $nbko++;
464  }
465  } elseif ($feature == 'payment') {
466  if (empty($user->rights->facture->lire)) {
467  $readok = 0;
468  $nbko++;
469  }
470  } elseif ($feature == 'payment_supplier') {
471  if (empty($user->rights->fournisseur->facture->lire)) {
472  $readok = 0;
473  $nbko++;
474  }
475  } elseif ($feature == 'payment_sc') {
476  if (empty($user->rights->tax->charges->lire)) {
477  $readok = 0;
478  $nbko++;
479  }
480  } elseif (!empty($feature2)) { // This is for permissions on 2 levels
481  $tmpreadok = 1;
482  foreach ($feature2 as $subfeature) {
483  if ($subfeature == 'user' && $user->id == $objectid) {
484  continue; // A user can always read its own card
485  }
486  if (!empty($subfeature) && empty($user->rights->$feature->$subfeature->lire) && empty($user->rights->$feature->$subfeature->read)) {
487  $tmpreadok = 0;
488  } elseif (empty($subfeature) && empty($user->rights->$feature->lire) && empty($user->rights->$feature->read)) {
489  $tmpreadok = 0;
490  } else {
491  $tmpreadok = 1;
492  break;
493  } // Break is to bypass second test if the first is ok
494  }
495  if (!$tmpreadok) { // We found a test on feature that is ko
496  $readok = 0; // All tests are ko (we manage here the and, the or will be managed later using $nbko).
497  $nbko++;
498  }
499  } elseif (!empty($feature) && ($feature != 'user' && $feature != 'usergroup')) { // This is permissions on 1 level
500  if (empty($user->rights->$feature->lire)
501  && empty($user->rights->$feature->read)
502  && empty($user->rights->$feature->run)) {
503  $readok = 0;
504  $nbko++;
505  }
506  }
507  }
508 
509  // If a or and at least one ok
510  if (preg_match('/\|/', $features) && $nbko < count($featuresarray)) {
511  $readok = 1;
512  }
513 
514  if (!$readok) {
515  if ($mode) {
516  return 0;
517  } else {
518  accessforbidden();
519  }
520  }
521  //print "Read access is ok";
522 
523  // Check write permission from module (we need to know write permission to create but also to delete drafts record or to upload files)
524  $createok = 1;
525  $nbko = 0;
526  $wemustcheckpermissionforcreate = (GETPOST('sendit', 'alpha') || GETPOST('linkit', 'alpha') || in_array(GETPOST('action', 'aZ09'), array('create', 'update', 'add_element_resource', 'confirm_delete_linked_resource')) || GETPOST('roworder', 'alpha', 2));
527  $wemustcheckpermissionfordeletedraft = ((GETPOST("action", "aZ09") == 'confirm_delete' && GETPOST("confirm", "aZ09") == 'yes') || GETPOST("action", "aZ09") == 'delete');
528 
529  if ($wemustcheckpermissionforcreate || $wemustcheckpermissionfordeletedraft) {
530  foreach ($featuresarray as $feature) {
531  if ($feature == 'contact') {
532  if (empty($user->rights->societe->contact->creer)) {
533  $createok = 0;
534  $nbko++;
535  }
536  } elseif ($feature == 'produit|service') {
537  if (empty($user->rights->produit->creer) && empty($user->rights->service->creer)) {
538  $createok = 0;
539  $nbko++;
540  }
541  } elseif ($feature == 'prelevement') {
542  if (!$user->rights->prelevement->bons->creer) {
543  $createok = 0;
544  $nbko++;
545  }
546  } elseif ($feature == 'commande_fournisseur') {
547  if (empty($user->rights->fournisseur->commande->creer) || empty($user->rights->supplier_order->creer)) {
548  $createok = 0;
549  $nbko++;
550  }
551  } elseif ($feature == 'banque') {
552  if (empty($user->rights->banque->modifier)) {
553  $createok = 0;
554  $nbko++;
555  }
556  } elseif ($feature == 'cheque') {
557  if (empty($user->rights->banque->cheque)) {
558  $createok = 0;
559  $nbko++;
560  }
561  } elseif ($feature == 'import') {
562  if (empty($user->rights->import->run)) {
563  $createok = 0;
564  $nbko++;
565  }
566  } elseif ($feature == 'ecm') {
567  if (!$user->rights->ecm->upload) {
568  $createok = 0;
569  $nbko++;
570  }
571  } elseif (!empty($feature2)) { // This is for permissions on one level
572  foreach ($feature2 as $subfeature) {
573  if ($subfeature == 'user' && $user->id == $objectid && $user->rights->user->self->creer) {
574  continue; // User can edit its own card
575  }
576  if ($subfeature == 'user' && $user->id == $objectid && $user->rights->user->self->password) {
577  continue; // User can edit its own password
578  }
579  if ($subfeature == 'user' && $user->id != $objectid && $user->rights->user->user->password) {
580  continue; // User can edit another user's password
581  }
582 
583  if (empty($user->rights->$feature->$subfeature->creer)
584  && empty($user->rights->$feature->$subfeature->write)
585  && empty($user->rights->$feature->$subfeature->create)) {
586  $createok = 0;
587  $nbko++;
588  } else {
589  $createok = 1;
590  // Break to bypass second test if the first is ok
591  break;
592  }
593  }
594  } elseif (!empty($feature)) { // This is for permissions on 2 levels ('creer' or 'write')
595  //print '<br>feature='.$feature.' creer='.$user->rights->$feature->creer.' write='.$user->rights->$feature->write; exit;
596  if (empty($user->rights->$feature->creer)
597  && empty($user->rights->$feature->write)
598  && empty($user->rights->$feature->create)) {
599  $createok = 0;
600  $nbko++;
601  }
602  }
603  }
604 
605  // If a or and at least one ok
606  if (preg_match('/\|/', $features) && $nbko < count($featuresarray)) {
607  $createok = 1;
608  }
609 
610  if ($wemustcheckpermissionforcreate && !$createok) {
611  if ($mode) {
612  return 0;
613  } else {
614  accessforbidden();
615  }
616  }
617  //print "Write access is ok";
618  }
619 
620  // Check create user permission
621  $createuserok = 1;
622  if (GETPOST('action', 'aZ09') == 'confirm_create_user' && GETPOST("confirm", 'aZ09') == 'yes') {
623  if (!$user->rights->user->user->creer) {
624  $createuserok = 0;
625  }
626 
627  if (!$createuserok) {
628  if ($mode) {
629  return 0;
630  } else {
631  accessforbidden();
632  }
633  }
634  //print "Create user access is ok";
635  }
636 
637  // Check delete permission from module
638  $deleteok = 1;
639  $nbko = 0;
640  if ((GETPOST("action", "aZ09") == 'confirm_delete' && GETPOST("confirm", "aZ09") == 'yes') || GETPOST("action", "aZ09") == 'delete') {
641  foreach ($featuresarray as $feature) {
642  if ($feature == 'bookmark') {
643  if (!$user->rights->bookmark->supprimer) {
644  if ($user->id != $object->fk_user || empty($user->rights->bookmark->creer)) {
645  $deleteok = 0;
646  }
647  }
648  } elseif ($feature == 'contact') {
649  if (!$user->rights->societe->contact->supprimer) {
650  $deleteok = 0;
651  }
652  } elseif ($feature == 'produit|service') {
653  if (!$user->rights->produit->supprimer && !$user->rights->service->supprimer) {
654  $deleteok = 0;
655  }
656  } elseif ($feature == 'commande_fournisseur') {
657  if (!$user->rights->fournisseur->commande->supprimer) {
658  $deleteok = 0;
659  }
660  } elseif ($feature == 'payment_supplier') { // Permission to delete a payment of an invoice is permission to edit an invoice.
661  if (!$user->rights->fournisseur->facture->creer) {
662  $deleteok = 0;
663  }
664  } elseif ($feature == 'payment') {
665  if (!$user->rights->facture->paiement) {
666  $deleteok = 0;
667  }
668  } elseif ($feature == 'payment_sc') {
669  if (!$user->rights->tax->charges->creer) {
670  $deleteok = 0;
671  }
672  } elseif ($feature == 'banque') {
673  if (empty($user->rights->banque->modifier)) {
674  $deleteok = 0;
675  }
676  } elseif ($feature == 'cheque') {
677  if (empty($user->rights->banque->cheque)) {
678  $deleteok = 0;
679  }
680  } elseif ($feature == 'ecm') {
681  if (!$user->rights->ecm->upload) {
682  $deleteok = 0;
683  }
684  } elseif ($feature == 'ftp') {
685  if (!$user->rights->ftp->write) {
686  $deleteok = 0;
687  }
688  } elseif ($feature == 'salaries') {
689  if (!$user->rights->salaries->delete) {
690  $deleteok = 0;
691  }
692  } elseif ($feature == 'adherent') {
693  if (empty($user->rights->adherent->supprimer)) {
694  $deleteok = 0;
695  }
696  } elseif ($feature == 'paymentbybanktransfer') {
697  if (empty($user->rights->paymentbybanktransfer->create)) { // There is no delete permission
698  $deleteok = 0;
699  }
700  } elseif ($feature == 'prelevement') {
701  if (empty($user->rights->prelevement->bons->creer)) { // There is no delete permission
702  $deleteok = 0;
703  }
704  } elseif (!empty($feature2)) { // This is for permissions on 2 levels
705  foreach ($feature2 as $subfeature) {
706  if (empty($user->rights->$feature->$subfeature->supprimer) && empty($user->rights->$feature->$subfeature->delete)) {
707  $deleteok = 0;
708  } else {
709  $deleteok = 1;
710  break;
711  } // For bypass the second test if the first is ok
712  }
713  } elseif (!empty($feature)) { // This is used for permissions on 1 level
714  //print '<br>feature='.$feature.' creer='.$user->rights->$feature->supprimer.' write='.$user->rights->$feature->delete;
715  if (empty($user->rights->$feature->supprimer)
716  && empty($user->rights->$feature->delete)
717  && empty($user->rights->$feature->run)) {
718  $deleteok = 0;
719  }
720  }
721  }
722 
723  // If a or and at least one ok
724  if (preg_match('/\|/', $features) && $nbko < count($featuresarray)) {
725  $deleteok = 1;
726  }
727 
728  if (!$deleteok && !($isdraft && $createok)) {
729  if ($mode) {
730  return 0;
731  } else {
732  accessforbidden();
733  }
734  }
735  //print "Delete access is ok";
736  }
737 
738  // If we have a particular object to check permissions on, we check if $user has permission
739  // for this given object (link to company, is contact for project, ...)
740  if (!empty($objectid) && $objectid > 0) {
741  $ok = checkUserAccessToObject($user, $featuresarray, $object, $tableandshare, $feature2, $dbt_keyfield, $dbt_select, $parentfortableentity);
742  $params = array('objectid' => $objectid, 'features' => join(',', $featuresarray), 'features2' => $feature2);
743  //print 'checkUserAccessToObject ok='.$ok;
744  if ($mode) {
745  return $ok ? 1 : 0;
746  } else {
747  if ($ok) {
748  return 1;
749  } else {
750  accessforbidden('', 1, 1, 0, $params);
751  }
752  }
753  }
754 
755  return 1;
756 }
757 
773 function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = '', $dbt_select = 'rowid', $parenttableforentity = '')
774 {
775  global $db, $conf;
776 
777  if (is_object($object)) {
778  $objectid = $object->id;
779  } else {
780  $objectid = $object; // $objectid can be X or 'X,Y,Z'
781  }
782  $objectid = preg_replace('/[^0-9\.\,]/', '', $objectid); // For the case value is coming from a non sanitized user input
783 
784  //dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename, $feature2, $dbt_socfield, $dbt_select, $isdraft");
785  //print "user_id=".$user->id.", features=".join(',', $featuresarray).", objectid=".$objectid;
786  //print ", tableandshare=".$tableandshare.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select."<br>";
787 
788  // More parameters
789  $params = explode('&', $tableandshare);
790  $dbtablename = (!empty($params[0]) ? $params[0] : '');
791  $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename);
792 
793  foreach ($featuresarray as $feature) {
794  $sql = '';
795 
796  //var_dump($feature);exit;
797 
798  // For backward compatibility
799  if ($feature == 'member') {
800  $feature = 'adherent';
801  }
802  if ($feature == 'project') {
803  $feature = 'projet';
804  }
805  if ($feature == 'task') {
806  $feature = 'projet_task';
807  }
808 
809  $checkonentitydone = 0;
810 
811  // Array to define rules of checks to do
812  $check = array('adherent', 'banque', 'bom', 'don', 'mrp', 'user', 'usergroup', 'payment', 'payment_supplier', 'product', 'produit', 'service', 'produit|service', 'categorie', 'resource', 'expensereport', 'holiday', 'salaries', 'website', 'recruitment'); // Test on entity only (Objects with no link to company)
813  $checksoc = array('societe'); // Test for object Societe
814  $checkother = array('contact', 'agenda', 'contrat'); // Test on entity + link to third party on field $dbt_keyfield. Allowed if link is empty (Ex: contacts...).
815  $checkproject = array('projet', 'project'); // Test for project object
816  $checktask = array('projet_task'); // Test for task object
817  $checkhierarchy = array('expensereport', 'holiday'); // check permission among the hierarchy of user
818  $checkuser = array('bookmark'); // check permission among the fk_user (must be myself or null)
819  $nocheck = array('barcode', 'stock'); // No test
820 
821  //$checkdefault = 'all other not already defined'; // Test on entity + link to third party on field $dbt_keyfield. Not allowed if link is empty (Ex: invoice, orders...).
822 
823  // If dbtablename not defined, we use same name for table than module name
824  if (empty($dbtablename)) {
825  $dbtablename = $feature;
826  $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename); // We change dbtablename, so we set sharedelement too.
827  }
828 
829  // To avoid an access forbidden with a numeric ref
830  if ($dbt_select != 'rowid' && $dbt_select != 'id') {
831  $objectid = "'".$objectid."'"; // Note: $objectid was already cast into int at begin of this method.
832  }
833 
834  // Check permission for objectid on entity only
835  if (in_array($feature, $check) && $objectid > 0) { // For $objectid = 0, no check
836  $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
837  $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
838  if (($feature == 'user' || $feature == 'usergroup') && isModEnabled('multicompany')) { // Special for multicompany
839  if (!empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) {
840  if ($conf->entity == 1 && $user->admin && !$user->entity) {
841  $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
842  $sql .= " AND dbt.entity IS NOT NULL";
843  } else {
844  $sql .= ",".MAIN_DB_PREFIX."usergroup_user as ug";
845  $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
846  $sql .= " AND ((ug.fk_user = dbt.rowid";
847  $sql .= " AND ug.entity IN (".getEntity('usergroup')."))";
848  $sql .= " OR dbt.entity = 0)"; // Show always superadmin
849  }
850  } else {
851  $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
852  $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
853  }
854  } else {
855  $reg = array();
856  if ($parenttableforentity && preg_match('/(.*)@(.*)/', $parenttableforentity, $reg)) {
857  $sql .= ", ".MAIN_DB_PREFIX.$reg[2]." as dbtp";
858  $sql .= " WHERE dbt.".$reg[1]." = dbtp.rowid AND dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
859  $sql .= " AND dbtp.entity IN (".getEntity($sharedelement, 1).")";
860  } else {
861  $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
862  $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
863  }
864  }
865  $checkonentitydone = 1;
866  }
867  if (in_array($feature, $checksoc) && $objectid > 0) { // We check feature = checksoc. For $objectid = 0, no check
868  // If external user: Check permission for external users
869  if ($user->socid > 0) {
870  if ($user->socid != $objectid) {
871  return false;
872  }
873  } elseif (isModEnabled("societe") && ($user->hasRight('societe', 'lire') && empty($user->rights->societe->client->voir))) {
874  // If internal user: Check permission for internal users that are restricted on their objects
875  $sql = "SELECT COUNT(sc.fk_soc) as nb";
876  $sql .= " FROM (".MAIN_DB_PREFIX."societe_commerciaux as sc";
877  $sql .= ", ".MAIN_DB_PREFIX."societe as s)";
878  $sql .= " WHERE sc.fk_soc IN (".$db->sanitize($objectid, 1).")";
879  $sql .= " AND sc.fk_user = ".((int) $user->id);
880  $sql .= " AND sc.fk_soc = s.rowid";
881  $sql .= " AND s.entity IN (".getEntity($sharedelement, 1).")";
882  } elseif (isModEnabled('multicompany')) {
883  // If multicompany and internal users with all permissions, check user is in correct entity
884  $sql = "SELECT COUNT(s.rowid) as nb";
885  $sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
886  $sql .= " WHERE s.rowid IN (".$db->sanitize($objectid, 1).")";
887  $sql .= " AND s.entity IN (".getEntity($sharedelement, 1).")";
888  }
889 
890  $checkonentitydone = 1;
891  }
892  if (in_array($feature, $checkother) && $objectid > 0) { // Test on entity + link to thirdparty. Allowed if link is empty (Ex: contacts...).
893  // If external user: Check permission for external users
894  if ($user->socid > 0) {
895  $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
896  $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
897  $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
898  $sql .= " AND dbt.fk_soc = ".((int) $user->socid);
899  } elseif (isModEnabled("societe") && ($user->hasRight('societe', 'lire') && empty($user->rights->societe->client->voir))) {
900  // If internal user: Check permission for internal users that are restricted on their objects
901  $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
902  $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
903  $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
904  $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
905  $sql .= " AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)"; // Contact not linked to a company or to a company of user
906  $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
907  } elseif (isModEnabled('multicompany')) {
908  // If multicompany and internal users with all permissions, check user is in correct entity
909  $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
910  $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
911  $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
912  $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
913  }
914 
915  $checkonentitydone = 1;
916  }
917  if (in_array($feature, $checkproject) && $objectid > 0) {
918  if (isModEnabled('project') && empty($user->rights->projet->all->lire)) {
919  $projectid = $objectid;
920 
921  include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
922  $projectstatic = new Project($db);
923  $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
924 
925  $tmparray = explode(',', $tmps);
926  if (!in_array($projectid, $tmparray)) {
927  return false;
928  }
929  } else {
930  $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
931  $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
932  $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
933  $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
934  }
935 
936  $checkonentitydone = 1;
937  }
938  if (in_array($feature, $checktask) && $objectid > 0) {
939  if (isModEnabled('project') && empty($user->rights->projet->all->lire)) {
940  $task = new Task($db);
941  $task->fetch($objectid);
942  $projectid = $task->fk_project;
943 
944  include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
945  $projectstatic = new Project($db);
946  $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
947 
948  $tmparray = explode(',', $tmps);
949  if (!in_array($projectid, $tmparray)) {
950  return false;
951  }
952  } else {
953  $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
954  $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
955  $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
956  $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
957  }
958 
959  $checkonentitydone = 1;
960  }
961  if (!$checkonentitydone && !in_array($feature, $nocheck) && $objectid > 0) { // By default (case of $checkdefault), we check on object entity + link to third party on field $dbt_keyfield
962  // If external user: Check permission for external users
963  if ($user->socid > 0) {
964  if (empty($dbt_keyfield)) {
965  dol_print_error('', 'Param dbt_keyfield is required but not defined');
966  }
967  $sql = "SELECT COUNT(dbt.".$dbt_keyfield.") as nb";
968  $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
969  $sql .= " WHERE dbt.rowid IN (".$db->sanitize($objectid, 1).")";
970  $sql .= " AND dbt.".$dbt_keyfield." = ".((int) $user->socid);
971  } elseif (isModEnabled("societe") && empty($user->rights->societe->client->voir)) {
972  // If internal user: Check permission for internal users that are restricted on their objects
973  if ($feature != 'ticket') {
974  if (empty($dbt_keyfield)) {
975  dol_print_error('', 'Param dbt_keyfield is required but not defined');
976  }
977  $sql = "SELECT COUNT(sc.fk_soc) as nb";
978  $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
979  $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
980  $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
981  $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
982  $sql .= " AND sc.fk_soc = dbt.".$dbt_keyfield;
983  $sql .= " AND sc.fk_user = ".((int) $user->id);
984  } else {
985  // On ticket, the thirdparty is not mandatory, so we need a special test to accept record with no thirdparties.
986  $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
987  $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
988  $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = dbt.".$dbt_keyfield." AND sc.fk_user = ".((int) $user->id);
989  $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
990  $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
991  $sql .= " AND (sc.fk_user = ".((int) $user->id)." OR sc.fk_user IS NULL)";
992  }
993  } elseif (isModEnabled('multicompany')) {
994  // If multicompany and internal users with all permissions, check user is in correct entity
995  $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
996  $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
997  $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
998  $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
999  }
1000  }
1001  //print $sql;
1002 
1003  // For events, check on users assigned to event
1004  if ($feature === 'agenda' && $objectid > 0) {
1005  // Also check owner or attendee for users without allactions->read
1006  if ($objectid > 0 && empty($user->rights->agenda->allactions->read)) {
1007  require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php';
1008  $action = new ActionComm($db);
1009  $action->fetch($objectid);
1010  if ($action->authorid != $user->id && $action->userownerid != $user->id && !(array_key_exists($user->id, $action->userassigned))) {
1011  return false;
1012  }
1013  }
1014  }
1015 
1016  // For some object, we also have to check it is in the user hierarchy
1017  // Param $object must be the full object and not a simple id to have this test possible.
1018  if (in_array($feature, $checkhierarchy) && is_object($object) && $objectid > 0) {
1019  $childids = $user->getAllChildIds(1);
1020  $useridtocheck = 0;
1021  if ($feature == 'holiday') {
1022  $useridtocheck = $object->fk_user;
1023  if (!in_array($useridtocheck, $childids)) {
1024  return false;
1025  }
1026  $useridtocheck = $object->fk_validator;
1027  if (!in_array($useridtocheck, $childids)) {
1028  return false;
1029  }
1030  }
1031  if ($feature == 'expensereport') {
1032  $useridtocheck = $object->fk_user_author;
1033  if (!$user->rights->expensereport->readall) {
1034  if (!in_array($useridtocheck, $childids)) {
1035  return false;
1036  }
1037  }
1038  }
1039  }
1040 
1041  // For some object, we also have to check it is public or owned by user
1042  // Param $object must be the full object and not a simple id to have this test possible.
1043  if (in_array($feature, $checkuser) && is_object($object) && $objectid > 0) {
1044  $useridtocheck = $object->fk_user;
1045  if (!empty($useridtocheck) && $useridtocheck > 0 && $useridtocheck != $user->id && empty($user->admin)) {
1046  return false;
1047  }
1048  }
1049 
1050  if ($sql) {
1051  $resql = $db->query($sql);
1052  if ($resql) {
1053  $obj = $db->fetch_object($resql);
1054  if (!$obj || $obj->nb < count(explode(',', $objectid))) { // error if we found 0 or less record than nb of id provided
1055  return false;
1056  }
1057  } else {
1058  dol_syslog("Bad forged sql in checkUserAccessToObject", LOG_WARNING);
1059  return false;
1060  }
1061  }
1062  }
1063 
1064  return true;
1065 }
1066 
1067 
1079 function httponly_accessforbidden($message = 1, $http_response_code = 403, $stringalreadysanitized = 0)
1080 {
1081  top_httphead();
1082  http_response_code($http_response_code);
1083 
1084  if ($stringalreadysanitized) {
1085  print $message;
1086  } else {
1087  print htmlentities($message);
1088  }
1089 
1090  exit(1);
1091 }
1092 
1106 function accessforbidden($message = '', $printheader = 1, $printfooter = 1, $showonlymessage = 0, $params = null)
1107 {
1108  global $conf, $db, $user, $langs, $hookmanager;
1109 
1110  if (!is_object($langs)) {
1111  include_once DOL_DOCUMENT_ROOT.'/core/class/translate.class.php';
1112  $langs = new Translate('', $conf);
1113  $langs->setDefaultLang();
1114  }
1115 
1116  $langs->load("errors");
1117 
1118  if ($printheader) {
1119  if (function_exists("llxHeader")) {
1120  llxHeader('');
1121  } elseif (function_exists("llxHeaderVierge")) {
1122  llxHeaderVierge('');
1123  }
1124  }
1125  print '<div class="error">';
1126  if (empty($message)) {
1127  print $langs->trans("ErrorForbidden");
1128  } else {
1129  print $langs->trans($message);
1130  }
1131  print '</div>';
1132  print '<br>';
1133  if (empty($showonlymessage)) {
1134  global $action, $object;
1135  if (empty($hookmanager)) {
1136  $hookmanager = new HookManager($db);
1137  // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
1138  $hookmanager->initHooks(array('main'));
1139  }
1140  $parameters = array('message'=>$message, 'params'=>$params);
1141  $reshook = $hookmanager->executeHooks('getAccessForbiddenMessage', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
1142  print $hookmanager->resPrint;
1143  if (empty($reshook)) {
1144  $langs->loadLangs(array("errors"));
1145  if ($user->login) {
1146  print $langs->trans("CurrentLogin").': <span class="error">'.$user->login.'</span><br>';
1147  print $langs->trans("ErrorForbidden2", $langs->transnoentitiesnoconv("Home"), $langs->transnoentitiesnoconv("Users"));
1148  print $langs->trans("ErrorForbidden4");
1149  } else {
1150  print $langs->trans("ErrorForbidden3");
1151  }
1152  }
1153  }
1154  if ($printfooter && function_exists("llxFooter")) {
1155  llxFooter();
1156  }
1157 
1158  exit(0);
1159 }
1160 
1161 
1169 {
1170  global $conf;
1171 
1172  $max = $conf->global->MAIN_UPLOAD_DOC; // In Kb
1173  $maxphp = @ini_get('upload_max_filesize'); // In unknown
1174  if (preg_match('/k$/i', $maxphp)) {
1175  $maxphp = preg_replace('/k$/i', '', $maxphp);
1176  $maxphp = $maxphp * 1;
1177  }
1178  if (preg_match('/m$/i', $maxphp)) {
1179  $maxphp = preg_replace('/m$/i', '', $maxphp);
1180  $maxphp = $maxphp * 1024;
1181  }
1182  if (preg_match('/g$/i', $maxphp)) {
1183  $maxphp = preg_replace('/g$/i', '', $maxphp);
1184  $maxphp = $maxphp * 1024 * 1024;
1185  }
1186  if (preg_match('/t$/i', $maxphp)) {
1187  $maxphp = preg_replace('/t$/i', '', $maxphp);
1188  $maxphp = $maxphp * 1024 * 1024 * 1024;
1189  }
1190  $maxphp2 = @ini_get('post_max_size'); // In unknown
1191  if (preg_match('/k$/i', $maxphp2)) {
1192  $maxphp2 = preg_replace('/k$/i', '', $maxphp2);
1193  $maxphp2 = $maxphp2 * 1;
1194  }
1195  if (preg_match('/m$/i', $maxphp2)) {
1196  $maxphp2 = preg_replace('/m$/i', '', $maxphp2);
1197  $maxphp2 = $maxphp2 * 1024;
1198  }
1199  if (preg_match('/g$/i', $maxphp2)) {
1200  $maxphp2 = preg_replace('/g$/i', '', $maxphp2);
1201  $maxphp2 = $maxphp2 * 1024 * 1024;
1202  }
1203  if (preg_match('/t$/i', $maxphp2)) {
1204  $maxphp2 = preg_replace('/t$/i', '', $maxphp2);
1205  $maxphp2 = $maxphp2 * 1024 * 1024 * 1024;
1206  }
1207  // Now $max and $maxphp and $maxphp2 are in Kb
1208  $maxmin = $max;
1209  $maxphptoshow = $maxphptoshowparam = '';
1210  if ($maxphp > 0) {
1211  $maxmin = min($maxmin, $maxphp);
1212  $maxphptoshow = $maxphp;
1213  $maxphptoshowparam = 'upload_max_filesize';
1214  }
1215  if ($maxphp2 > 0) {
1216  $maxmin = min($maxmin, $maxphp2);
1217  if ($maxphp2 < $maxphp) {
1218  $maxphptoshow = $maxphp2;
1219  $maxphptoshowparam = 'post_max_size';
1220  }
1221  }
1222  //var_dump($maxphp.'-'.$maxphp2);
1223  //var_dump($maxmin);
1224 
1225  return array('max'=>$max, 'maxmin'=>$maxmin, 'maxphptoshow'=>$maxphptoshow, 'maxphptoshowparam'=>$maxphptoshowparam);
1226 }
httponly_accessforbidden
httponly_accessforbidden($message=1, $http_response_code=403, $stringalreadysanitized=0)
Show a message to say access is forbidden and stop program.
Definition: security.lib.php:1079
llxFooter
llxFooter()
Empty footer.
Definition: wrapper.php:70
Project
Class to manage projects.
Definition: project.class.php:35
ActionComm
Class to manage agenda events (actions)
Definition: actioncomm.class.php:38
$sql
if(isModEnabled('facture') &&!empty($user->rights->facture->lire)) if((isModEnabled('fournisseur') &&empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD) && $user->hasRight("fournisseur", "facture", "lire"))||(isModEnabled('supplier_invoice') && $user->hasRight("supplier_invoice", "lire"))) if(isModEnabled('don') &&!empty($user->rights->don->lire)) if(isModEnabled('tax') &&!empty($user->rights->tax->charges->lire)) if(isModEnabled('facture') &&isModEnabled('commande') && $user->hasRight("commande", "lire") &&empty($conf->global->WORKFLOW_DISABLE_CREATE_INVOICE_FROM_ORDER)) $sql
Social contributions to pay.
Definition: index.php:745
GETPOST
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
Definition: functions.lib.php:530
dol_print_error
dol_print_error($db='', $error='', $errors=null)
Displays error message system with all the information to facilitate the diagnosis and the escalation...
Definition: functions.lib.php:4994
dol_verifyHash
dol_verifyHash($chain, $hash, $type='0')
Compute a hash and compare it to the given one For backward compatibility reasons,...
Definition: security.lib.php:258
Translate
Class to manage translations.
Definition: translate.class.php:30
Task
Class to manage tasks.
Definition: task.class.php:37
top_httphead
if(!defined('NOREQUIREMENU')) if(!function_exists("llxHeader")) top_httphead($contenttype='text/html', $forcenocache=0)
Show HTTP header.
Definition: main.inc.php:1470
llxHeaderVierge
if(!defined('NOTOKENRENEWAL')) if(!defined('NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined('NOREQUIREAJAX')) if(!defined('NOLOGIN')) if(!defined('NOCSRFCHECK')) if(!defined('NOIPCHECK')) llxHeaderVierge()
Header function.
Definition: agendaexport.php:61
llxHeader
if(!defined('NOREQUIRESOC')) if(!defined('NOREQUIRETRAN')) if(!defined('NOTOKENRENEWAL')) if(!defined('NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined('NOREQUIREAJAX')) llxHeader()
Empty header.
Definition: wrapper.php:56
dolGetLdapPasswordHash
dolGetLdapPasswordHash($password, $type='md5')
Returns a specific ldap hash of a password.
Definition: security.lib.php:284
dol_hash
dol_hash($chain, $type='0')
Returns a hash (non reversible encryption) of a string.
Definition: security.lib.php:210
getMaxFileSizeArray
getMaxFileSizeArray()
Return the max allowed for file upload.
Definition: security.lib.php:1168
dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition: functions.lib.php:1639
getDolGlobalString
if(!function_exists('utf8_encode')) if(!function_exists('utf8_decode')) getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
Definition: functions.lib.php:82
dol_strlen
dol_strlen($string, $stringencoding='UTF-8')
Make a strlen call.
Definition: functions.lib.php:3888
restrictedArea
restrictedArea(User $user, $features, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid', $isdraft=0, $mode=0)
Check permissions of a user to show a page and an object.
Definition: security.lib.php:341
isModEnabled
isModEnabled($module)
Is Dolibarr module enabled.
Definition: functions.lib.php:147
dol_encode
dol_encode($chain, $key='1')
Encode a string with base 64 algorithm + specific delta change.
Definition: security.lib.php:38
dolGetRandomBytes
dolGetRandomBytes($length)
Return a string of random bytes (hexa string) with length = $length fro cryptographic purposes.
Definition: security.lib.php:100
User
Class to manage Dolibarr users.
Definition: user.class.php:44
dolDecrypt
dolDecrypt($chain, $key='')
Decode a string with a symetric encryption.
Definition: security.lib.php:166
checkUserAccessToObject
checkUserAccessToObject($user, array $featuresarray, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='', $dbt_select='rowid', $parenttableforentity='')
Check that access by a given user to an object is ok.
Definition: security.lib.php:773
dolEncrypt
dolEncrypt($chain, $key='', $ciphering="AES-256-CTR")
Encode a string with a symetric encryption.
Definition: security.lib.php:119
accessforbidden
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.
Definition: security.lib.php:1106
HookManager
Class to manage hooks.
Definition: hookmanager.class.php:30
dol_decode
dol_decode($chain, $key='1')
Decode a base 64 encoded + specific delta change.
Definition: security.lib.php:69