40 if (is_numeric($key) && $key ==
'1') {
41 $output_tab = array();
43 for ($i = 0; $i < $strlength; $i++) {
44 $output_tab[$i] = chr(ord(substr($chain, $i, 1)) + 17);
46 $chain = implode(
"", $output_tab);
50 for ($i = 0; $i < $strlength; $i++) {
51 $keychar = substr($key, ($i % strlen($key)) - 1, 1);
52 $result .= chr(ord(substr($chain, $i, 1)) + (ord($keychar) - 65));
57 return base64_encode($chain);
71 $chain = base64_decode($chain);
73 if (is_numeric($key) && $key ==
'1') {
74 $output_tab = array();
76 for ($i = 0; $i < $strlength; $i++) {
77 $output_tab[$i] = chr(ord(substr($chain, $i, 1)) - 17);
80 $chain = implode(
"", $output_tab);
84 for ($i = 0; $i < $strlength; $i++) {
85 $keychar = substr($key, ($i % strlen($key)) - 1, 1);
86 $result .= chr(ord(substr($chain, $i, 1)) - (ord($keychar) - 65));
102 if (function_exists(
'random_bytes')) {
103 return bin2hex(random_bytes((
int) floor($length / 2)));
106 return bin2hex(openssl_random_pseudo_bytes((
int) floor($length / 2)));
122 function dolEncrypt($chain, $key =
'', $ciphering =
'AES-256-CTR', $forceseed =
'')
125 global $dolibarr_disable_dolcrypt_for_debug;
127 if ($chain ===
'' || is_null($chain)) {
132 if (preg_match(
'/^dolcrypt:([^:]+):(.+)$/', $chain, $reg)) {
138 $key = $conf->file->instance_unique_id;
140 if (empty($ciphering)) {
141 $ciphering =
'AES-256-CTR';
146 if (function_exists(
'openssl_encrypt') && empty($dolibarr_disable_dolcrypt_for_debug)) {
152 if (function_exists(
'openssl_cipher_iv_length')) {
153 $ivlen = openssl_cipher_iv_length($ciphering);
155 if ($ivlen ===
false || $ivlen < 1 || $ivlen > 32) {
158 if (empty($forceseed)) {
161 $ivseed =
dol_substr(md5($forceseed), 0, $ivlen,
'ascii', 1);
164 $newchain = openssl_encrypt($chain, $ciphering, $key, 0, $ivseed);
165 return 'dolcrypt:'.$ciphering.
':'.$ivseed.
':'.$newchain;
185 if ($chain ===
'' || is_null($chain)) {
190 if (!empty($conf->file->dolcrypt_key)) {
192 $key = $conf->file->dolcrypt_key;
195 $key = $conf->file->instance_unique_id;
201 if (preg_match(
'/^dolcrypt:([^:]+):(.+)$/', $chain, $reg)) {
202 $ciphering = $reg[1];
203 if (function_exists(
'openssl_decrypt')) {
205 dol_syslog(
"Error dolDecrypt decrypt key is empty", LOG_WARNING);
208 $tmpexplode = explode(
':', $reg[2]);
209 if (!empty($tmpexplode[1]) && is_string($tmpexplode[0])) {
210 $newchain = openssl_decrypt($tmpexplode[1], $ciphering, $key, 0, $tmpexplode[0]);
212 $newchain = openssl_decrypt($tmpexplode[0], $ciphering, $key, 0,
null);
215 dol_syslog(
"Error dolDecrypt openssl_decrypt is not available", LOG_ERR);
239 if (($type ==
'0' || $type ==
'auto') && !empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'password_hash' && function_exists(
'password_hash')) {
240 return password_hash($chain, PASSWORD_DEFAULT);
244 if (!empty($conf->global->MAIN_SECURITY_SALT) && $type !=
'4' && $type !==
'openldap') {
245 $chain = $conf->global->MAIN_SECURITY_SALT.$chain;
248 if ($type ==
'1' || $type ==
'sha1') {
250 } elseif ($type ==
'2' || $type ==
'sha1md5') {
251 return sha1(md5($chain));
252 } elseif ($type ==
'3' || $type ==
'md5') {
254 } elseif ($type ==
'4' || $type ==
'openldap') {
256 } elseif ($type ==
'5' || $type ==
'sha256') {
257 return hash(
'sha256', $chain);
258 } elseif ($type ==
'6' || $type ==
'password_hash') {
259 return password_hash($chain, PASSWORD_DEFAULT);
260 } elseif (!empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'sha1') {
262 } elseif (!empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'sha1md5') {
263 return sha1(md5($chain));
286 if ($type ==
'0' && !empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'password_hash' && function_exists(
'password_verify')) {
287 if (! empty($hash[0]) && $hash[0] ==
'$') {
288 return password_verify($chain, $hash);
298 return dol_hash($chain, $type) == $hash;
314 $salt = substr(sha1(time()), 0, 8);
316 if ($type ===
'md5') {
317 return '{MD5}' . base64_encode(hash(
"md5", $password,
true));
318 } elseif ($type ===
'md5frommd5') {
319 return '{MD5}' . base64_encode(hex2bin($password));
320 } elseif ($type ===
'smd5') {
321 return "{SMD5}" . base64_encode(hash(
"md5", $password . $salt,
true) . $salt);
322 } elseif ($type ===
'sha') {
323 return '{SHA}' . base64_encode(hash(
"sha1", $password,
true));
324 } elseif ($type ===
'ssha') {
325 return "{SSHA}" . base64_encode(hash(
"sha1", $password . $salt,
true) . $salt);
326 } elseif ($type ===
'sha256') {
327 return "{SHA256}" . base64_encode(hash(
"sha256", $password,
true));
328 } elseif ($type ===
'ssha256') {
329 return "{SSHA256}" . base64_encode(hash(
"sha256", $password . $salt,
true) . $salt);
330 } elseif ($type ===
'sha384') {
331 return "{SHA384}" . base64_encode(hash(
"sha384", $password,
true));
332 } elseif ($type ===
'ssha384') {
333 return "{SSHA384}" . base64_encode(hash(
"sha384", $password . $salt,
true) . $salt);
334 } elseif ($type ===
'sha512') {
335 return "{SHA512}" . base64_encode(hash(
"sha512", $password,
true));
336 } elseif ($type ===
'ssha512') {
337 return "{SSHA512}" . base64_encode(hash(
"sha512", $password . $salt,
true) . $salt);
338 } elseif ($type ===
'crypt') {
339 return '{CRYPT}' . crypt($password, $salt);
340 } elseif ($type ===
'clear') {
341 return '{CLEAR}' . $password;
366 function restrictedArea(
User $user, $features, $object = 0, $tableandshare =
'', $feature2 =
'', $dbt_keyfield =
'fk_soc', $dbt_select =
'rowid', $isdraft = 0, $mode = 0)
372 if (is_object($object)) {
373 $objectid = $object->id;
377 if ($objectid ==
"-1") {
381 $objectid = preg_replace(
'/[^0-9\.\,]/',
'', $objectid);
390 $parentfortableentity =
'';
393 $originalfeatures = $features;
394 if ($features ==
'agenda') {
395 $tableandshare =
'actioncomm&societe';
396 $feature2 =
'myactions|allactions';
399 if ($features ==
'bank') {
400 $features =
'banque';
402 if ($features ==
'facturerec') {
403 $features =
'facture';
405 if ($features ==
'supplier_invoicerec') {
406 $features =
'fournisseur';
407 $feature2 =
'facture';
409 if ($features ==
'mo') {
412 if ($features ==
'member') {
413 $features =
'adherent';
415 if ($features ==
'subscription') {
416 $features =
'adherent';
417 $feature2 =
'cotisation';
419 if ($features ==
'website' && is_object($object) && $object->element ==
'websitepage') {
420 $parentfortableentity =
'fk_website@website';
422 if ($features ==
'project') {
423 $features =
'projet';
425 if ($features ==
'product') {
426 $features =
'produit';
428 if ($features ==
'productbatch') {
429 $features =
'produit';
431 if ($features ==
'tax') {
432 $feature2 =
'charges';
434 if ($features ==
'workstation') {
435 $feature2 =
'workstation';
437 if ($features ==
'fournisseur') {
438 $features =
'fournisseur';
439 if (is_object($object) && $object->element ==
'invoice_supplier') {
440 $feature2 =
'facture';
441 } elseif (is_object($object) && $object->element ==
'order_supplier') {
442 $feature2 =
'commande';
445 if ($features ==
'payment_sc') {
446 $tableandshare =
'paiementcharge';
447 $parentfortableentity =
'fk_charge@chargesociales';
453 $parameters = array(
'features'=>$features,
'originalfeatures'=>$originalfeatures,
'objectid'=>$objectid,
'dbt_select'=>$dbt_select,
'idtype'=>$dbt_select,
'isdraft'=>$isdraft);
454 $reshook = $hookmanager->executeHooks(
'restrictedArea', $parameters);
456 if (isset($hookmanager->resArray[
'result'])) {
457 if ($hookmanager->resArray[
'result'] == 0) {
470 $featuresarray = array($features);
471 if (preg_match(
'/&/', $features)) {
472 $featuresarray = explode(
"&", $features);
473 } elseif (preg_match(
'/\|/', $features)) {
474 $featuresarray = explode(
"|", $features);
478 if (!empty($feature2)) {
479 $feature2 = explode(
"|", $feature2);
482 $listofmodules = explode(
',', $conf->global->MAIN_MODULES_FOR_EXTERNAL);
487 foreach ($featuresarray as $feature) {
488 $featureforlistofmodule = $feature;
489 if ($featureforlistofmodule ==
'produit') {
490 $featureforlistofmodule =
'product';
492 if ($featureforlistofmodule ==
'supplier_proposal') {
493 $featureforlistofmodule =
'supplierproposal';
495 if (!empty($user->socid) && !empty($conf->global->MAIN_MODULES_FOR_EXTERNAL) && !in_array($featureforlistofmodule, $listofmodules)) {
501 if ($feature ==
'societe' && (empty($feature2) || !in_array(
'contact', $feature2))) {
502 if (!$user->hasRight(
'societe',
'lire') && !$user->hasRight(
'fournisseur',
'lire')) {
506 } elseif (($feature ==
'societe' && (!empty($feature2) && in_array(
'contact', $feature2))) || $feature ==
'contact') {
507 if (empty($user->rights->societe->contact->lire)) {
511 } elseif ($feature ==
'produit|service') {
512 if (empty($user->rights->produit->lire) && empty($user->rights->service->lire)) {
516 } elseif ($feature ==
'prelevement') {
517 if (empty($user->rights->prelevement->bons->lire)) {
521 } elseif ($feature ==
'cheque') {
522 if (empty($user->rights->banque->cheque)) {
526 } elseif ($feature ==
'projet') {
527 if (empty($user->rights->projet->lire) && empty($user->rights->projet->all->lire)) {
531 } elseif ($feature ==
'payment') {
532 if (!$user->hasRight(
'facture',
'lire')) {
536 } elseif ($feature ==
'payment_supplier') {
537 if (empty($user->rights->fournisseur->facture->lire)) {
541 } elseif ($feature ==
'payment_sc') {
542 if (empty($user->rights->tax->charges->lire)) {
546 } elseif (!empty($feature2)) {
548 foreach ($feature2 as $subfeature) {
549 if ($subfeature ==
'user' && $user->id == $objectid) {
552 if ($subfeature ==
'fiscalyear' && $user->hasRight(
'accounting',
'fiscalyear',
'write')) {
557 if (!empty($subfeature) && empty($user->rights->$feature->$subfeature->lire) && empty($user->rights->$feature->$subfeature->read)) {
559 } elseif (empty($subfeature) && empty($user->rights->$feature->lire) && empty($user->rights->$feature->read)) {
570 } elseif (!empty($feature) && ($feature !=
'user' && $feature !=
'usergroup')) {
571 if (empty($user->rights->$feature->lire)
572 && empty($user->rights->$feature->read)
573 && empty($user->rights->$feature->run)) {
581 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
597 $wemustcheckpermissionforcreate = (
GETPOST(
'sendit',
'alpha') ||
GETPOST(
'linkit',
'alpha') || in_array(
GETPOST(
'action',
'aZ09'), array(
'create',
'update',
'set',
'upload',
'add_element_resource',
'confirm_deletebank',
'confirm_delete_linked_resource')) ||
GETPOST(
'roworder',
'alpha', 2));
598 $wemustcheckpermissionfordeletedraft = ((
GETPOST(
"action",
"aZ09") ==
'confirm_delete' &&
GETPOST(
"confirm",
"aZ09") ==
'yes') ||
GETPOST(
"action",
"aZ09") ==
'delete');
600 if ($wemustcheckpermissionforcreate || $wemustcheckpermissionfordeletedraft) {
601 foreach ($featuresarray as $feature) {
602 if ($feature ==
'contact') {
603 if (empty($user->rights->societe->contact->creer)) {
607 } elseif ($feature ==
'produit|service') {
608 if (empty($user->rights->produit->creer) && empty($user->rights->service->creer)) {
612 } elseif ($feature ==
'prelevement') {
613 if (!$user->rights->prelevement->bons->creer) {
617 } elseif ($feature ==
'commande_fournisseur') {
618 if (empty($user->rights->fournisseur->commande->creer) || empty($user->rights->supplier_order->creer)) {
622 } elseif ($feature ==
'banque') {
623 if (!$user->hasRight(
'banque',
'modifier')) {
627 } elseif ($feature ==
'cheque') {
628 if (empty($user->rights->banque->cheque)) {
632 } elseif ($feature ==
'import') {
633 if (empty($user->rights->import->run)) {
637 } elseif ($feature ==
'ecm') {
638 if (!$user->rights->ecm->upload) {
642 } elseif (!empty($feature2)) {
643 foreach ($feature2 as $subfeature) {
644 if ($subfeature ==
'user' && $user->id == $objectid && $user->hasRight(
'user',
'self',
'creer')) {
647 if ($subfeature ==
'user' && $user->id == $objectid && $user->hasRight(
'user',
'self',
'password')) {
650 if ($subfeature ==
'user' && $user->id != $objectid && $user->hasRight(
'user',
'user',
'password')) {
654 if (empty($user->rights->$feature->$subfeature->creer)
655 && empty($user->rights->$feature->$subfeature->write)
656 && empty($user->rights->$feature->$subfeature->create)) {
665 } elseif (!empty($feature)) {
667 if (empty($user->rights->$feature->creer)
668 && empty($user->rights->$feature->write)
669 && empty($user->rights->$feature->create)) {
677 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
681 if ($wemustcheckpermissionforcreate && !$createok) {
693 if (
GETPOST(
'action',
'aZ09') ==
'confirm_create_user' &&
GETPOST(
"confirm",
'aZ09') ==
'yes') {
694 if (!$user->hasRight(
'user',
'user',
'creer')) {
698 if (!$createuserok) {
711 if ((
GETPOST(
"action",
"aZ09") ==
'confirm_delete' &&
GETPOST(
"confirm",
"aZ09") ==
'yes') ||
GETPOST(
"action",
"aZ09") ==
'delete') {
712 foreach ($featuresarray as $feature) {
713 if ($feature ==
'bookmark') {
714 if (!$user->rights->bookmark->supprimer) {
715 if ($user->id != $object->fk_user || empty($user->rights->bookmark->creer)) {
719 } elseif ($feature ==
'contact') {
720 if (!$user->rights->societe->contact->supprimer) {
723 } elseif ($feature ==
'produit|service') {
724 if (!$user->hasRight(
'produit',
'supprimer') && !$user->hasRight(
'service',
'supprimer')) {
727 } elseif ($feature ==
'commande_fournisseur') {
728 if (!$user->rights->fournisseur->commande->supprimer) {
731 } elseif ($feature ==
'payment_supplier') {
732 if (!$user->rights->fournisseur->facture->creer) {
735 } elseif ($feature ==
'payment') {
736 if (!$user->rights->facture->paiement) {
739 } elseif ($feature ==
'payment_sc') {
740 if (!$user->rights->tax->charges->creer) {
743 } elseif ($feature ==
'banque') {
744 if (!$user->hasRight(
'banque',
'modifier')) {
747 } elseif ($feature ==
'cheque') {
748 if (empty($user->rights->banque->cheque)) {
751 } elseif ($feature ==
'ecm') {
752 if (!$user->rights->ecm->upload) {
755 } elseif ($feature ==
'ftp') {
756 if (!$user->rights->ftp->write) {
759 } elseif ($feature ==
'salaries') {
760 if (!$user->rights->salaries->delete) {
763 } elseif ($feature ==
'adherent') {
764 if (empty($user->rights->adherent->supprimer)) {
767 } elseif ($feature ==
'paymentbybanktransfer') {
768 if (empty($user->rights->paymentbybanktransfer->create)) {
771 } elseif ($feature ==
'prelevement') {
772 if (empty($user->rights->prelevement->bons->creer)) {
775 } elseif (!empty($feature2)) {
776 foreach ($feature2 as $subfeature) {
777 if (empty($user->rights->$feature->$subfeature->supprimer) && empty($user->rights->$feature->$subfeature->delete)) {
784 } elseif (!empty($feature)) {
786 if (empty($user->rights->$feature->supprimer)
787 && empty($user->rights->$feature->delete)
788 && empty($user->rights->$feature->run)) {
795 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
799 if (!$deleteok && !($isdraft && $createok)) {
811 if (!empty($objectid) && $objectid > 0) {
812 $ok =
checkUserAccessToObject($user, $featuresarray, $object, $tableandshare, $feature2, $dbt_keyfield, $dbt_select, $parentfortableentity);
813 $params = array(
'objectid' => $objectid,
'features' => join(
',', $featuresarray),
'features2' => $feature2);
844 function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tableandshare =
'', $feature2 =
'', $dbt_keyfield =
'', $dbt_select =
'rowid', $parenttableforentity =
'')
848 if (is_object($object)) {
849 $objectid = $object->id;
853 $objectid = preg_replace(
'/[^0-9\.\,]/',
'', $objectid);
860 $params = explode(
'&', $tableandshare);
861 $dbtablename = (!empty($params[0]) ? $params[0] :
'');
862 $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename);
864 foreach ($featuresarray as $feature) {
870 if ($feature ==
'societe' && !empty($feature2) && is_array($feature2) && in_array(
'contact', $feature2)) {
871 $feature =
'contact';
874 if ($feature ==
'member') {
875 $feature =
'adherent';
877 if ($feature ==
'project') {
880 if ($feature ==
'task') {
881 $feature =
'projet_task';
883 if ($feature ==
'eventorganization') {
885 $dbtablename =
'actioncomm';
887 if ($feature ==
'payment_sc' && empty($parenttableforentity)) {
889 $parenttableforentity =
'';
890 $dbtablename =
"chargesociales";
891 $feature =
"chargesociales";
892 $objectid = $object->fk_charge;
895 $checkonentitydone = 0;
898 $check = array(
'adherent',
'banque',
'bom',
'don',
'mrp',
'user',
'usergroup',
'payment',
'payment_supplier',
'payment_sc',
'product',
'produit',
'service',
'produit|service',
'categorie',
'resource',
'expensereport',
'holiday',
'salaries',
'website',
'recruitment',
'chargesociales',
'knowledgemanagement');
899 $checksoc = array(
'societe');
900 $checkparentsoc = array(
'agenda',
'contact',
'contrat');
901 $checkproject = array(
'projet',
'project');
902 $checktask = array(
'projet_task');
903 $checkhierarchy = array(
'expensereport',
'holiday');
904 $checkuser = array(
'bookmark');
905 $nocheck = array(
'barcode',
'stock');
910 if (empty($dbtablename)) {
911 $dbtablename = $feature;
912 $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename);
916 if ($dbt_select !=
'rowid' && $dbt_select !=
'id') {
917 $objectid =
"'".$objectid.
"'";
920 if (in_array($feature, $check) && $objectid > 0) {
921 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
922 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
923 if (($feature ==
'user' || $feature ==
'usergroup') &&
isModEnabled(
'multicompany')) {
924 if (!empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) {
925 if ($conf->entity == 1 && $user->admin && !$user->entity) {
926 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
927 $sql .=
" AND dbt.entity IS NOT NULL";
929 $sql .=
",".MAIN_DB_PREFIX.
"usergroup_user as ug";
930 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
931 $sql .=
" AND ((ug.fk_user = dbt.rowid";
932 $sql .=
" AND ug.entity IN (".getEntity(
'usergroup').
"))";
933 $sql .=
" OR dbt.entity = 0)";
936 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
937 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
941 if ($parenttableforentity && preg_match(
'/(.*)@(.*)/', $parenttableforentity, $reg)) {
942 $sql .=
", ".MAIN_DB_PREFIX.$reg[2].
" as dbtp";
943 $sql .=
" WHERE dbt.".$reg[1].
" = dbtp.rowid AND dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
944 $sql .=
" AND dbtp.entity IN (".getEntity($sharedelement, 1).
")";
946 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
947 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
950 $checkonentitydone = 1;
952 if (in_array($feature, $checksoc) && $objectid > 0) {
954 if ($user->socid > 0) {
955 if ($user->socid != $objectid) {
958 } elseif (
isModEnabled(
"societe") && ($user->hasRight(
'societe',
'lire') && empty($user->rights->societe->client->voir))) {
960 $sql =
"SELECT COUNT(sc.fk_soc) as nb";
961 $sql .=
" FROM (".MAIN_DB_PREFIX.
"societe_commerciaux as sc";
962 $sql .=
", ".MAIN_DB_PREFIX.
"societe as s)";
963 $sql .=
" WHERE sc.fk_soc IN (".$db->sanitize($objectid, 1).
")";
964 $sql .=
" AND sc.fk_user = ".((int) $user->id);
965 $sql .=
" AND sc.fk_soc = s.rowid";
966 $sql .=
" AND s.entity IN (".getEntity($sharedelement, 1).
")";
969 $sql =
"SELECT COUNT(s.rowid) as nb";
970 $sql .=
" FROM ".MAIN_DB_PREFIX.
"societe as s";
971 $sql .=
" WHERE s.rowid IN (".$db->sanitize($objectid, 1).
")";
972 $sql .=
" AND s.entity IN (".getEntity($sharedelement, 1).
")";
975 $checkonentitydone = 1;
977 if (in_array($feature, $checkparentsoc) && $objectid > 0) {
979 if ($user->socid > 0) {
980 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
981 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
982 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
983 $sql .=
" AND dbt.fk_soc = ".((int) $user->socid);
984 } elseif (
isModEnabled(
"societe") && ($user->hasRight(
'societe',
'lire') && empty($user->rights->societe->client->voir))) {
986 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
987 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
988 $sql .=
" LEFT JOIN ".MAIN_DB_PREFIX.
"societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
989 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
990 $sql .=
" AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)";
991 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
994 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
995 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
996 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
997 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1000 $checkonentitydone = 1;
1002 if (in_array($feature, $checkproject) && $objectid > 0) {
1003 if (
isModEnabled(
'project') && empty($user->rights->projet->all->lire)) {
1004 $projectid = $objectid;
1006 include_once DOL_DOCUMENT_ROOT.
'/projet/class/project.class.php';
1007 $projectstatic =
new Project($db);
1008 $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
1010 $tmparray = explode(
',', $tmps);
1011 if (!in_array($projectid, $tmparray)) {
1015 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1016 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1017 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1018 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1020 $checkonentitydone = 1;
1022 if (in_array($feature, $checktask) && $objectid > 0) {
1023 if (
isModEnabled(
'project') && empty($user->rights->projet->all->lire)) {
1024 $task =
new Task($db);
1025 $task->fetch($objectid);
1026 $projectid = $task->fk_project;
1028 include_once DOL_DOCUMENT_ROOT.
'/projet/class/project.class.php';
1029 $projectstatic =
new Project($db);
1030 $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
1032 $tmparray = explode(
',', $tmps);
1033 if (!in_array($projectid, $tmparray)) {
1037 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1038 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1039 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1040 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1043 $checkonentitydone = 1;
1047 if (!$checkonentitydone && !in_array($feature, $nocheck) && $objectid > 0) {
1049 if ($user->socid > 0) {
1050 if (empty($dbt_keyfield)) {
1051 dol_print_error(
'',
'Param dbt_keyfield is required but not defined');
1053 $sql =
"SELECT COUNT(dbt.".$dbt_keyfield.
") as nb";
1054 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1055 $sql .=
" WHERE dbt.rowid IN (".$db->sanitize($objectid, 1).
")";
1056 $sql .=
" AND dbt.".$dbt_keyfield.
" = ".((int) $user->socid);
1057 } elseif (
isModEnabled(
"societe") && empty($user->rights->societe->client->voir)) {
1059 if ($feature !=
'ticket') {
1060 if (empty($dbt_keyfield)) {
1061 dol_print_error(
'',
'Param dbt_keyfield is required but not defined');
1063 $sql =
"SELECT COUNT(sc.fk_soc) as nb";
1064 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1065 $sql .=
", ".MAIN_DB_PREFIX.
"societe_commerciaux as sc";
1066 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1067 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1068 $sql .=
" AND sc.fk_soc = dbt.".$dbt_keyfield;
1069 $sql .=
" AND sc.fk_user = ".((int) $user->id);
1072 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1073 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1074 $sql .=
" LEFT JOIN ".MAIN_DB_PREFIX.
"societe_commerciaux as sc ON sc.fk_soc = dbt.".$dbt_keyfield.
" AND sc.fk_user = ".((int) $user->id);
1075 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1076 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1077 $sql .=
" AND (sc.fk_user = ".((int) $user->id).
" OR sc.fk_user IS NULL)";
1081 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1082 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1083 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1084 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1089 if ($feature ===
'agenda' && $objectid > 0) {
1091 if ($objectid > 0 && empty($user->rights->agenda->allactions->read)) {
1092 require_once DOL_DOCUMENT_ROOT.
'/comm/action/class/actioncomm.class.php';
1094 $action->fetch($objectid);
1095 if ($action->authorid != $user->id && $action->userownerid != $user->id && !(array_key_exists($user->id, $action->userassigned))) {
1103 if (in_array($feature, $checkhierarchy) && is_object($object) && $objectid > 0) {
1104 $childids = $user->getAllChildIds(1);
1106 if ($feature ==
'holiday') {
1107 $useridtocheck = $object->fk_user;
1108 if (!$user->hasRight(
'holiday',
'readall') && !in_array($useridtocheck, $childids) && !in_array($object->fk_validator, $childids)) {
1112 if ($feature ==
'expensereport') {
1113 $useridtocheck = $object->fk_user_author;
1114 if (!$user->hasRight(
'expensereport',
'readall') && !in_array($useridtocheck, $childids)) {
1122 if (in_array($feature, $checkuser) && is_object($object) && $objectid > 0) {
1123 $useridtocheck = $object->fk_user;
1124 if (!empty($useridtocheck) && $useridtocheck > 0 && $useridtocheck != $user->id && empty($user->admin)) {
1130 $resql = $db->query(
$sql);
1132 $obj = $db->fetch_object($resql);
1133 if (!$obj || $obj->nb < count(explode(
',', $objectid))) {
1137 dol_syslog(
"Bad forged sql in checkUserAccessToObject", LOG_WARNING);
1161 http_response_code($http_response_code);
1163 if ($stringalreadysanitized) {
1166 print htmlentities($message);
1185 function accessforbidden($message =
'', $printheader = 1, $printfooter = 1, $showonlymessage = 0, $params =
null)
1187 global $conf, $db, $user, $langs, $hookmanager;
1188 global $action, $object;
1190 if (!is_object($langs)) {
1191 include_once DOL_DOCUMENT_ROOT.
'/core/class/translate.class.php';
1193 $langs->setDefaultLang();
1196 $langs->load(
"errors");
1199 if (function_exists(
"llxHeader")) {
1201 } elseif (function_exists(
"llxHeaderVierge")) {
1205 print
'<div class="error">';
1206 if (empty($message)) {
1207 print $langs->trans(
"ErrorForbidden");
1209 print $langs->trans($message);
1213 if (empty($showonlymessage)) {
1214 if (empty($hookmanager)) {
1215 include_once DOL_DOCUMENT_ROOT.
'/core/class/hookmanager.class.php';
1218 $hookmanager->initHooks(array(
'main'));
1221 $parameters = array(
'message'=>$message,
'params'=>$params);
1222 $reshook = $hookmanager->executeHooks(
'getAccessForbiddenMessage', $parameters, $object, $action);
1223 print $hookmanager->resPrint;
1224 if (empty($reshook)) {
1225 $langs->loadLangs(array(
"errors"));
1227 print $langs->trans(
"CurrentLogin").
': <span class="error">'.$user->login.
'</span><br>';
1228 print $langs->trans(
"ErrorForbidden2", $langs->transnoentitiesnoconv(
"Home"), $langs->transnoentitiesnoconv(
"Users"));
1229 print $langs->trans(
"ErrorForbidden4");
1231 print $langs->trans(
"ErrorForbidden3");
1235 if ($printfooter && function_exists(
"llxFooter")) {
1253 $max = $conf->global->MAIN_UPLOAD_DOC;
1254 $maxphp = @ini_get(
'upload_max_filesize');
1255 if (preg_match(
'/k$/i', $maxphp)) {
1256 $maxphp = preg_replace(
'/k$/i',
'', $maxphp);
1257 $maxphp = $maxphp * 1;
1259 if (preg_match(
'/m$/i', $maxphp)) {
1260 $maxphp = preg_replace(
'/m$/i',
'', $maxphp);
1261 $maxphp = $maxphp * 1024;
1263 if (preg_match(
'/g$/i', $maxphp)) {
1264 $maxphp = preg_replace(
'/g$/i',
'', $maxphp);
1265 $maxphp = $maxphp * 1024 * 1024;
1267 if (preg_match(
'/t$/i', $maxphp)) {
1268 $maxphp = preg_replace(
'/t$/i',
'', $maxphp);
1269 $maxphp = $maxphp * 1024 * 1024 * 1024;
1271 $maxphp2 = @ini_get(
'post_max_size');
1272 if (preg_match(
'/k$/i', $maxphp2)) {
1273 $maxphp2 = preg_replace(
'/k$/i',
'', $maxphp2);
1274 $maxphp2 = $maxphp2 * 1;
1276 if (preg_match(
'/m$/i', $maxphp2)) {
1277 $maxphp2 = preg_replace(
'/m$/i',
'', $maxphp2);
1278 $maxphp2 = $maxphp2 * 1024;
1280 if (preg_match(
'/g$/i', $maxphp2)) {
1281 $maxphp2 = preg_replace(
'/g$/i',
'', $maxphp2);
1282 $maxphp2 = $maxphp2 * 1024 * 1024;
1284 if (preg_match(
'/t$/i', $maxphp2)) {
1285 $maxphp2 = preg_replace(
'/t$/i',
'', $maxphp2);
1286 $maxphp2 = $maxphp2 * 1024 * 1024 * 1024;
1290 $maxphptoshow = $maxphptoshowparam =
'';
1292 $maxmin = min($maxmin, $maxphp);
1293 $maxphptoshow = $maxphp;
1294 $maxphptoshowparam =
'upload_max_filesize';
1297 $maxmin = min($maxmin, $maxphp2);
1298 if ($maxphp2 < $maxphp) {
1299 $maxphptoshow = $maxphp2;
1300 $maxphptoshowparam =
'post_max_size';
1306 return array(
'max'=>$max,
'maxmin'=>$maxmin,
'maxphptoshow'=>$maxphptoshow,
'maxphptoshowparam'=>$maxphptoshowparam);
if(!defined('NOTOKENRENEWAL')) if(!defined('NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined('NOREQUIREAJAX')) if(!defined('NOLOGIN')) if(!defined('NOCSRFCHECK')) if(!defined('NOIPCHECK')) llxHeaderVierge()
Header function.
if(!defined('NOREQUIRESOC')) if(!defined('NOREQUIRETRAN')) if(!defined('NOTOKENRENEWAL')) if(!defined('NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined('NOREQUIREAJAX')) llxHeader()
Empty header.
Class to manage agenda events (actions)
Class to manage projects.
Class to manage translations.
Class to manage Dolibarr users.
if(isModEnabled('facture') && $user->hasRight('facture', 'lire')) if((isModEnabled('fournisseur') &&empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD) && $user->hasRight("fournisseur", "facture", "lire"))||(isModEnabled('supplier_invoice') && $user->hasRight("supplier_invoice", "lire"))) if(isModEnabled('don') && $user->hasRight('don', 'lire')) if(isModEnabled('tax') &&!empty($user->rights->tax->charges->lire)) if(isModEnabled('facture') &&isModEnabled('commande') && $user->hasRight("commande", "lire") &&empty($conf->global->WORKFLOW_DISABLE_CREATE_INVOICE_FROM_ORDER)) $sql
Social contributions to pay.
dol_print_error($db='', $error='', $errors=null)
Displays error message system with all the information to facilitate the diagnosis and the escalation...
dol_strlen($string, $stringencoding='UTF-8')
Make a strlen call.
dol_substr($string, $start, $length=null, $stringencoding='', $trunconbytes=0)
Make a substring.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
isModEnabled($module)
Is Dolibarr module enabled.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
if(!defined('NOREQUIREMENU')) if(!empty(GETPOST('seteventmessages', 'alpha'))) if(!function_exists("llxHeader")) top_httphead($contenttype='text/html', $forcenocache=0)
Show HTTP header.
dolEncrypt($chain, $key='', $ciphering='AES-256-CTR', $forceseed='')
Encode a string with a symetric encryption.
dolGetRandomBytes($length)
Return a string of random bytes (hexa string) with length = $length fro cryptographic purposes.
dol_encode($chain, $key='1')
Encode a string with base 64 algorithm + specific delta change.
checkUserAccessToObject($user, array $featuresarray, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='', $dbt_select='rowid', $parenttableforentity='')
Check that access by a given user to an object is ok.
dol_verifyHash($chain, $hash, $type='0')
Compute a hash and compare it to the given one For backward compatibility reasons,...
getMaxFileSizeArray()
Return the max allowed for file upload.
restrictedArea(User $user, $features, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid', $isdraft=0, $mode=0)
Check permissions of a user to show a page and an object.
dol_decode($chain, $key='1')
Decode a base 64 encoded + specific delta change.
dolGetLdapPasswordHash($password, $type='md5')
Returns a specific ldap hash of a password.
httponly_accessforbidden($message=1, $http_response_code=403, $stringalreadysanitized=0)
Show a message to say access is forbidden and stop program.
dolDecrypt($chain, $key='')
Decode a string with a symetric encryption.
dol_hash($chain, $type='0')
Returns a hash (non reversible encryption) of a string.
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.