40 if (is_numeric($key) && $key ==
'1') {
41 $output_tab = array();
43 for ($i = 0; $i < $strlength; $i++) {
44 $output_tab[$i] = chr(ord(substr($chain, $i, 1)) + 17);
46 $chain = implode(
"", $output_tab);
50 for ($i = 0; $i < $strlength; $i++) {
51 $keychar = substr($key, ($i % strlen($key)) - 1, 1);
52 $result .= chr(ord(substr($chain, $i, 1)) + (ord($keychar) - 65));
57 return base64_encode($chain);
71 $chain = base64_decode($chain);
73 if (is_numeric($key) && $key ==
'1') {
74 $output_tab = array();
76 for ($i = 0; $i < $strlength; $i++) {
77 $output_tab[$i] = chr(ord(substr($chain, $i, 1)) - 17);
80 $chain = implode(
"", $output_tab);
84 for ($i = 0; $i < $strlength; $i++) {
85 $keychar = substr($key, ($i % strlen($key)) - 1, 1);
86 $result .= chr(ord(substr($chain, $i, 1)) - (ord($keychar) - 65));
102 if (function_exists(
'random_bytes')) {
103 return bin2hex(random_bytes((
int) floor($length / 2)));
106 return bin2hex(openssl_random_pseudo_bytes((
int) floor($length / 2)));
119 function dolEncrypt($chain, $key =
'', $ciphering =
"AES-256-CTR")
121 global $dolibarr_main_instance_unique_id;
123 if ($chain ===
'' || is_null($chain)) {
128 if (preg_match(
'/^dolcrypt:([^:]+):(.+)$/', $chain, $reg)) {
134 $key = $dolibarr_main_instance_unique_id;
139 if (function_exists(
'openssl_encrypt')) {
141 if (function_exists(
'openssl_cipher_iv_length')) {
142 $ivlen = openssl_cipher_iv_length($ciphering);
144 if ($ivlen ===
false || $ivlen < 1 || $ivlen > 32) {
149 $newchain = openssl_encrypt($chain, $ciphering, $key, 0, $ivseed);
150 return 'dolcrypt:'.$ciphering.
':'.$ivseed.
':'.$newchain;
167 global $dolibarr_main_instance_unique_id;
169 if ($chain ===
'' || is_null($chain)) {
174 $key = $dolibarr_main_instance_unique_id;
178 if (preg_match(
'/^dolcrypt:([^:]+):(.+)$/', $chain, $reg)) {
179 $ciphering = $reg[1];
180 if (function_exists(
'openssl_decrypt')) {
181 $tmpexplode = explode(
':', $reg[2]);
182 if (!empty($tmpexplode[1]) && is_string($tmpexplode[0])) {
183 $newchain = openssl_decrypt($tmpexplode[1], $ciphering, $key, 0, $tmpexplode[0]);
185 $newchain = openssl_decrypt($tmpexplode[0], $ciphering, $key, 0,
null);
188 $newchain =
'Error function openssl_decrypt() not available';
211 if (($type ==
'0' || $type ==
'auto') && !empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'password_hash' && function_exists(
'password_hash')) {
212 return password_hash($chain, PASSWORD_DEFAULT);
216 if (!empty($conf->global->MAIN_SECURITY_SALT) && $type !=
'4' && $type !==
'openldap') {
217 $chain = $conf->global->MAIN_SECURITY_SALT.$chain;
220 if ($type ==
'1' || $type ==
'sha1') {
222 } elseif ($type ==
'2' || $type ==
'sha1md5') {
223 return sha1(md5($chain));
224 } elseif ($type ==
'3' || $type ==
'md5') {
226 } elseif ($type ==
'4' || $type ==
'openldap') {
228 } elseif ($type ==
'5' || $type ==
'sha256') {
229 return hash(
'sha256', $chain);
230 } elseif ($type ==
'6' || $type ==
'password_hash') {
231 return password_hash($chain, PASSWORD_DEFAULT);
232 } elseif (!empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'sha1') {
234 } elseif (!empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'sha1md5') {
235 return sha1(md5($chain));
258 if ($type ==
'0' && !empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO ==
'password_hash' && function_exists(
'password_verify')) {
259 if ($hash[0] ==
'$') {
260 return password_verify($chain, $hash);
261 } elseif (strlen($hash) == 32) {
263 } elseif (strlen($hash) == 40) {
270 return dol_hash($chain, $type) == $hash;
286 $salt = substr(sha1(time()), 0, 8);
288 if ($type ===
'md5') {
289 return '{MD5}' . base64_encode(hash(
"md5", $password,
true));
290 } elseif ($type ===
'md5frommd5') {
291 return '{MD5}' . base64_encode(hex2bin($password));
292 } elseif ($type ===
'smd5') {
293 return "{SMD5}" . base64_encode(hash(
"md5", $password . $salt,
true) . $salt);
294 } elseif ($type ===
'sha') {
295 return '{SHA}' . base64_encode(hash(
"sha1", $password,
true));
296 } elseif ($type ===
'ssha') {
297 return "{SSHA}" . base64_encode(hash(
"sha1", $password . $salt,
true) . $salt);
298 } elseif ($type ===
'sha256') {
299 return "{SHA256}" . base64_encode(hash(
"sha256", $password,
true));
300 } elseif ($type ===
'ssha256') {
301 return "{SSHA256}" . base64_encode(hash(
"sha256", $password . $salt,
true) . $salt);
302 } elseif ($type ===
'sha384') {
303 return "{SHA384}" . base64_encode(hash(
"sha384", $password,
true));
304 } elseif ($type ===
'ssha384') {
305 return "{SSHA384}" . base64_encode(hash(
"sha384", $password . $salt,
true) . $salt);
306 } elseif ($type ===
'sha512') {
307 return "{SHA512}" . base64_encode(hash(
"sha512", $password,
true));
308 } elseif ($type ===
'ssha512') {
309 return "{SSHA512}" . base64_encode(hash(
"sha512", $password . $salt,
true) . $salt);
310 } elseif ($type ===
'crypt') {
311 return '{CRYPT}' . crypt($password, $salt);
312 } elseif ($type ===
'clear') {
313 return '{CLEAR}' . $password;
337 function restrictedArea(
User $user, $features, $object = 0, $tableandshare =
'', $feature2 =
'', $dbt_keyfield =
'fk_soc', $dbt_select =
'rowid', $isdraft = 0, $mode = 0)
342 if (is_object($object)) {
343 $objectid = $object->id;
347 $objectid = preg_replace(
'/[^0-9\.\,]/',
'', $objectid);
354 $parentfortableentity =
'';
357 $originalfeatures = $features;
358 if ($features ==
'facturerec') {
359 $features =
'facture';
361 if ($features ==
'mo') {
364 if ($features ==
'member') {
365 $features =
'adherent';
367 if ($features ==
'subscription') {
368 $features =
'adherent';
369 $feature2 =
'cotisation';
371 if ($features ==
'websitepage') {
372 $features =
'website';
373 $tableandshare =
'website_page';
374 $parentfortableentity =
'fk_website@website';
376 if ($features ==
'project') {
377 $features =
'projet';
379 if ($features ==
'product') {
380 $features =
'produit';
384 $parameters = array(
'features'=>$features,
'originalfeatures'=>$originalfeatures,
'objectid'=>$objectid,
'dbt_select'=>$dbt_select,
'idtype'=>$dbt_select,
'isdraft'=>$isdraft);
385 $reshook = $hookmanager->executeHooks(
'restrictedArea', $parameters);
387 if (isset($hookmanager->resArray[
'result'])) {
388 if ($hookmanager->resArray[
'result'] == 0) {
401 $featuresarray = array($features);
402 if (preg_match(
'/&/', $features)) {
403 $featuresarray = explode(
"&", $features);
404 } elseif (preg_match(
'/\|/', $features)) {
405 $featuresarray = explode(
"|", $features);
409 if (!empty($feature2)) {
410 $feature2 = explode(
"|", $feature2);
413 $listofmodules = explode(
',', $conf->global->MAIN_MODULES_FOR_EXTERNAL);
418 foreach ($featuresarray as $feature) {
419 $featureforlistofmodule = $feature;
420 if ($featureforlistofmodule ==
'produit') {
421 $featureforlistofmodule =
'product';
423 if (!empty($user->socid) && !empty($conf->global->MAIN_MODULES_FOR_EXTERNAL) && !in_array($featureforlistofmodule, $listofmodules)) {
429 if ($feature ==
'societe') {
430 if (!$user->hasRight(
'societe',
'lire') && !$user->hasRight(
'fournisseur',
'lire')) {
434 } elseif ($feature ==
'contact') {
435 if (empty($user->rights->societe->contact->lire)) {
439 } elseif ($feature ==
'produit|service') {
440 if (empty($user->rights->produit->lire) && empty($user->rights->service->lire)) {
444 } elseif ($feature ==
'prelevement') {
445 if (empty($user->rights->prelevement->bons->lire)) {
449 } elseif ($feature ==
'cheque') {
450 if (empty($user->rights->banque->cheque)) {
454 } elseif ($feature ==
'projet') {
455 if (empty($user->rights->projet->lire) && empty($user->rights->projet->all->lire)) {
459 } elseif ($feature ==
'payment') {
460 if (empty($user->rights->facture->lire)) {
464 } elseif ($feature ==
'payment_supplier') {
465 if (empty($user->rights->fournisseur->facture->lire)) {
469 } elseif ($feature ==
'payment_sc') {
470 if (empty($user->rights->tax->charges->lire)) {
474 } elseif (!empty($feature2)) {
476 foreach ($feature2 as $subfeature) {
477 if ($subfeature ==
'user' && $user->id == $objectid) {
480 if (!empty($subfeature) && empty($user->rights->$feature->$subfeature->lire) && empty($user->rights->$feature->$subfeature->read)) {
482 } elseif (empty($subfeature) && empty($user->rights->$feature->lire) && empty($user->rights->$feature->read)) {
493 } elseif (!empty($feature) && ($feature !=
'user' && $feature !=
'usergroup')) {
494 if (empty($user->rights->$feature->lire)
495 && empty($user->rights->$feature->read)
496 && empty($user->rights->$feature->run)) {
504 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
520 $wemustcheckpermissionforcreate = (
GETPOST(
'sendit',
'alpha') ||
GETPOST(
'linkit',
'alpha') || in_array(
GETPOST(
'action',
'aZ09'), array(
'create',
'update',
'add_element_resource',
'confirm_delete_linked_resource')) ||
GETPOST(
'roworder',
'alpha', 2));
521 $wemustcheckpermissionfordeletedraft = ((
GETPOST(
"action",
"aZ09") ==
'confirm_delete' &&
GETPOST(
"confirm",
"aZ09") ==
'yes') ||
GETPOST(
"action",
"aZ09") ==
'delete');
523 if ($wemustcheckpermissionforcreate || $wemustcheckpermissionfordeletedraft) {
524 foreach ($featuresarray as $feature) {
525 if ($feature ==
'contact') {
526 if (empty($user->rights->societe->contact->creer)) {
530 } elseif ($feature ==
'produit|service') {
531 if (empty($user->rights->produit->creer) && empty($user->rights->service->creer)) {
535 } elseif ($feature ==
'prelevement') {
536 if (!$user->rights->prelevement->bons->creer) {
540 } elseif ($feature ==
'commande_fournisseur') {
541 if (empty($user->rights->fournisseur->commande->creer) || empty($user->rights->supplier_order->creer)) {
545 } elseif ($feature ==
'banque') {
546 if (empty($user->rights->banque->modifier)) {
550 } elseif ($feature ==
'cheque') {
551 if (empty($user->rights->banque->cheque)) {
555 } elseif ($feature ==
'import') {
556 if (empty($user->rights->import->run)) {
560 } elseif ($feature ==
'ecm') {
561 if (!$user->rights->ecm->upload) {
565 } elseif (!empty($feature2)) {
566 foreach ($feature2 as $subfeature) {
567 if ($subfeature ==
'user' && $user->id == $objectid && $user->rights->user->self->creer) {
570 if ($subfeature ==
'user' && $user->id == $objectid && $user->rights->user->self->password) {
573 if ($subfeature ==
'user' && $user->id != $objectid && $user->rights->user->user->password) {
577 if (empty($user->rights->$feature->$subfeature->creer)
578 && empty($user->rights->$feature->$subfeature->write)
579 && empty($user->rights->$feature->$subfeature->create)) {
588 } elseif (!empty($feature)) {
590 if (empty($user->rights->$feature->creer)
591 && empty($user->rights->$feature->write)
592 && empty($user->rights->$feature->create)) {
600 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
604 if ($wemustcheckpermissionforcreate && !$createok) {
616 if (
GETPOST(
'action',
'aZ09') ==
'confirm_create_user' &&
GETPOST(
"confirm",
'aZ09') ==
'yes') {
617 if (!$user->rights->user->user->creer) {
621 if (!$createuserok) {
634 if ((
GETPOST(
"action",
"aZ09") ==
'confirm_delete' &&
GETPOST(
"confirm",
"aZ09") ==
'yes') ||
GETPOST(
"action",
"aZ09") ==
'delete') {
635 foreach ($featuresarray as $feature) {
636 if ($feature ==
'contact') {
637 if (!$user->rights->societe->contact->supprimer) {
640 } elseif ($feature ==
'produit|service') {
641 if (!$user->rights->produit->supprimer && !$user->rights->service->supprimer) {
644 } elseif ($feature ==
'commande_fournisseur') {
645 if (!$user->rights->fournisseur->commande->supprimer) {
648 } elseif ($feature ==
'payment_supplier') {
649 if (!$user->rights->fournisseur->facture->creer) {
652 } elseif ($feature ==
'payment') {
653 if (!$user->rights->facture->paiement) {
656 } elseif ($feature ==
'payment_sc') {
657 if (!$user->rights->tax->charges->creer) {
660 } elseif ($feature ==
'banque') {
661 if (empty($user->rights->banque->modifier)) {
664 } elseif ($feature ==
'cheque') {
665 if (empty($user->rights->banque->cheque)) {
668 } elseif ($feature ==
'ecm') {
669 if (!$user->rights->ecm->upload) {
672 } elseif ($feature ==
'ftp') {
673 if (!$user->rights->ftp->write) {
676 } elseif ($feature ==
'salaries') {
677 if (!$user->rights->salaries->delete) {
680 } elseif ($feature ==
'adherent') {
681 if (empty($user->rights->adherent->supprimer)) {
684 } elseif ($feature ==
'paymentbybanktransfer') {
685 if (empty($user->rights->paymentbybanktransfer->create)) {
688 } elseif ($feature ==
'prelevement') {
689 if (empty($user->rights->prelevement->bons->creer)) {
692 } elseif (!empty($feature2)) {
693 foreach ($feature2 as $subfeature) {
694 if (empty($user->rights->$feature->$subfeature->supprimer) && empty($user->rights->$feature->$subfeature->delete)) {
701 } elseif (!empty($feature)) {
703 if (empty($user->rights->$feature->supprimer)
704 && empty($user->rights->$feature->delete)
705 && empty($user->rights->$feature->run)) {
712 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
716 if (!$deleteok && !($isdraft && $createok)) {
728 if (!empty($objectid) && $objectid > 0) {
729 $ok =
checkUserAccessToObject($user, $featuresarray, $object, $tableandshare, $feature2, $dbt_keyfield, $dbt_select, $parentfortableentity);
730 $params = array(
'objectid' => $objectid,
'features' => join(
',', $featuresarray),
'features2' => $feature2);
761 function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tableandshare =
'', $feature2 =
'', $dbt_keyfield =
'', $dbt_select =
'rowid', $parenttableforentity =
'')
765 if (is_object($object)) {
766 $objectid = $object->id;
770 $objectid = preg_replace(
'/[^0-9\.\,]/',
'', $objectid);
777 $params = explode(
'&', $tableandshare);
778 $dbtablename = (!empty($params[0]) ? $params[0] :
'');
779 $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename);
781 foreach ($featuresarray as $feature) {
787 if ($feature ==
'member') {
788 $feature =
'adherent';
790 if ($feature ==
'project') {
793 if ($feature ==
'task') {
794 $feature =
'projet_task';
797 $checkonentitydone = 0;
800 $check = array(
'adherent',
'banque',
'bom',
'don',
'mrp',
'user',
'usergroup',
'payment',
'payment_supplier',
'product',
'produit',
'service',
'produit|service',
'categorie',
'resource',
'expensereport',
'holiday',
'salaries',
'website',
'recruitment');
801 $checksoc = array(
'societe');
802 $checkother = array(
'contact',
'agenda');
803 $checkproject = array(
'projet',
'project');
804 $checktask = array(
'projet_task');
805 $checkhierarchy = array(
'expensereport',
'holiday');
806 $nocheck = array(
'barcode',
'stock');
811 if (empty($dbtablename)) {
812 $dbtablename = $feature;
813 $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename);
817 if ($dbt_select !=
'rowid' && $dbt_select !=
'id') {
818 $objectid =
"'".$objectid.
"'";
822 if (in_array($feature, $check) && $objectid > 0) {
823 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
824 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
825 if (($feature ==
'user' || $feature ==
'usergroup') &&
isModEnabled(
'multicompany')) {
826 if (!empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) {
827 if ($conf->entity == 1 && $user->admin && !$user->entity) {
828 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
829 $sql .=
" AND dbt.entity IS NOT NULL";
831 $sql .=
",".MAIN_DB_PREFIX.
"usergroup_user as ug";
832 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
833 $sql .=
" AND ((ug.fk_user = dbt.rowid";
834 $sql .=
" AND ug.entity IN (".getEntity(
'usergroup').
"))";
835 $sql .=
" OR dbt.entity = 0)";
838 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
839 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
843 if ($parenttableforentity && preg_match(
'/(.*)@(.*)/', $parenttableforentity, $reg)) {
844 $sql .=
", ".MAIN_DB_PREFIX.$reg[2].
" as dbtp";
845 $sql .=
" WHERE dbt.".$reg[1].
" = dbtp.rowid AND dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
846 $sql .=
" AND dbtp.entity IN (".getEntity($sharedelement, 1).
")";
848 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
849 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
852 $checkonentitydone = 1;
854 if (in_array($feature, $checksoc) && $objectid > 0) {
856 if ($user->socid > 0) {
857 if ($user->socid != $objectid) {
860 } elseif (
isModEnabled(
"societe") && ($user->hasRight(
'societe',
'lire') && empty($user->rights->societe->client->voir))) {
862 $sql =
"SELECT COUNT(sc.fk_soc) as nb";
863 $sql .=
" FROM (".MAIN_DB_PREFIX.
"societe_commerciaux as sc";
864 $sql .=
", ".MAIN_DB_PREFIX.
"societe as s)";
865 $sql .=
" WHERE sc.fk_soc IN (".$db->sanitize($objectid, 1).
")";
866 $sql .=
" AND sc.fk_user = ".((int) $user->id);
867 $sql .=
" AND sc.fk_soc = s.rowid";
868 $sql .=
" AND s.entity IN (".getEntity($sharedelement, 1).
")";
871 $sql =
"SELECT COUNT(s.rowid) as nb";
872 $sql .=
" FROM ".MAIN_DB_PREFIX.
"societe as s";
873 $sql .=
" WHERE s.rowid IN (".$db->sanitize($objectid, 1).
")";
874 $sql .=
" AND s.entity IN (".getEntity($sharedelement, 1).
")";
877 $checkonentitydone = 1;
879 if (in_array($feature, $checkother) && $objectid > 0) {
881 if ($user->socid > 0) {
882 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
883 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
884 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
885 $sql .=
" AND dbt.fk_soc = ".((int) $user->socid);
886 } elseif (
isModEnabled(
"societe") && ($user->hasRight(
'societe',
'lire') && empty($user->rights->societe->client->voir))) {
888 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
889 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
890 $sql .=
" LEFT JOIN ".MAIN_DB_PREFIX.
"societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
891 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
892 $sql .=
" AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)";
893 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
896 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
897 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
898 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
899 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
902 $checkonentitydone = 1;
904 if (in_array($feature, $checkproject) && $objectid > 0) {
905 if (
isModEnabled(
'project') && empty($user->rights->projet->all->lire)) {
906 $projectid = $objectid;
908 include_once DOL_DOCUMENT_ROOT.
'/projet/class/project.class.php';
909 $projectstatic =
new Project($db);
910 $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
912 $tmparray = explode(
',', $tmps);
913 if (!in_array($projectid, $tmparray)) {
917 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
918 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
919 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
920 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
923 $checkonentitydone = 1;
925 if (in_array($feature, $checktask) && $objectid > 0) {
926 if (
isModEnabled(
'project') && empty($user->rights->projet->all->lire)) {
927 $task =
new Task($db);
928 $task->fetch($objectid);
929 $projectid = $task->fk_project;
931 include_once DOL_DOCUMENT_ROOT.
'/projet/class/project.class.php';
932 $projectstatic =
new Project($db);
933 $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
935 $tmparray = explode(
',', $tmps);
936 if (!in_array($projectid, $tmparray)) {
940 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
941 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
942 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
943 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
946 $checkonentitydone = 1;
948 if (!$checkonentitydone && !in_array($feature, $nocheck) && $objectid > 0) {
950 if ($user->socid > 0) {
951 if (empty($dbt_keyfield)) {
954 $sql =
"SELECT COUNT(dbt.".$dbt_keyfield.
") as nb";
955 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
956 $sql .=
" WHERE dbt.rowid IN (".$db->sanitize($objectid, 1).
")";
957 $sql .=
" AND dbt.".$dbt_keyfield.
" = ".((int) $user->socid);
958 } elseif (
isModEnabled(
"societe") && empty($user->rights->societe->client->voir)) {
960 if ($feature !=
'ticket') {
961 if (empty($dbt_keyfield)) {
964 $sql =
"SELECT COUNT(sc.fk_soc) as nb";
965 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
966 $sql .=
", ".MAIN_DB_PREFIX.
"societe_commerciaux as sc";
967 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
968 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
969 $sql .=
" AND sc.fk_soc = dbt.".$dbt_keyfield;
970 $sql .=
" AND sc.fk_user = ".((int) $user->id);
973 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
974 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
975 $sql .=
" LEFT JOIN ".MAIN_DB_PREFIX.
"societe_commerciaux as sc ON sc.fk_soc = dbt.".$dbt_keyfield.
" AND sc.fk_user = ".((int) $user->id);
976 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
977 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
978 $sql .=
" AND (sc.fk_user = ".((int) $user->id).
" OR sc.fk_user IS NULL)";
982 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
983 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
984 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
985 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
991 if ($feature ===
'agenda' && $objectid > 0) {
993 if ($objectid > 0 && empty($user->rights->agenda->allactions->read)) {
994 require_once DOL_DOCUMENT_ROOT.
'/comm/action/class/actioncomm.class.php';
996 $action->fetch($objectid);
997 if ($action->authorid != $user->id && $action->userownerid != $user->id && !(array_key_exists($user->id, $action->userassigned))) {
1005 if (in_array($feature, $checkhierarchy) && is_object($object) && $objectid > 0) {
1006 $childids = $user->getAllChildIds(1);
1008 if ($feature ==
'holiday') {
1009 $useridtocheck = $object->fk_user;
1010 if (!in_array($useridtocheck, $childids)) {
1013 $useridtocheck = $object->fk_validator;
1014 if (!in_array($useridtocheck, $childids)) {
1018 if ($feature ==
'expensereport') {
1019 $useridtocheck = $object->fk_user_author;
1020 if (!$user->rights->expensereport->readall) {
1021 if (!in_array($useridtocheck, $childids)) {
1029 $resql = $db->query($sql);
1031 $obj = $db->fetch_object(
$resql);
1032 if (!$obj || $obj->nb < count(explode(
',', $objectid))) {
1036 dol_syslog(
"Bad forged sql in checkUserAccessToObject", LOG_WARNING);
1060 http_response_code($http_response_code);
1062 if ($stringalreadysanitized) {
1065 print htmlentities($message);
1084 function accessforbidden($message =
'', $printheader = 1, $printfooter = 1, $showonlymessage = 0, $params =
null)
1086 global $conf, $db, $user, $langs, $hookmanager;
1088 if (!is_object($langs)) {
1089 include_once DOL_DOCUMENT_ROOT.
'/core/class/translate.class.php';
1091 $langs->setDefaultLang();
1094 $langs->load(
"errors");
1097 if (function_exists(
"llxHeader")) {
1099 } elseif (function_exists(
"llxHeaderVierge")) {
1103 print
'<div class="error">';
1104 if (empty($message)) {
1105 print $langs->trans(
"ErrorForbidden");
1107 print $langs->trans($message);
1111 if (empty($showonlymessage)) {
1112 global $action, $object;
1113 if (empty($hookmanager)) {
1116 $hookmanager->initHooks(array(
'main'));
1118 $parameters = array(
'message'=>$message,
'params'=>$params);
1119 $reshook = $hookmanager->executeHooks(
'getAccessForbiddenMessage', $parameters, $object, $action);
1120 print $hookmanager->resPrint;
1121 if (empty($reshook)) {
1122 $langs->loadLangs(array(
"errors"));
1124 print $langs->trans(
"CurrentLogin").
': <span class="error">'.$user->login.
'</span><br>';
1125 print $langs->trans(
"ErrorForbidden2", $langs->transnoentitiesnoconv(
"Home"), $langs->transnoentitiesnoconv(
"Users"));
1126 print $langs->trans(
"ErrorForbidden4");
1128 print $langs->trans(
"ErrorForbidden3");
1132 if ($printfooter && function_exists(
"llxFooter")) {
1150 $max = $conf->global->MAIN_UPLOAD_DOC;
1151 $maxphp = @ini_get(
'upload_max_filesize');
1152 if (preg_match(
'/k$/i', $maxphp)) {
1153 $maxphp = preg_replace(
'/k$/i',
'', $maxphp);
1154 $maxphp = $maxphp * 1;
1156 if (preg_match(
'/m$/i', $maxphp)) {
1157 $maxphp = preg_replace(
'/m$/i',
'', $maxphp);
1158 $maxphp = $maxphp * 1024;
1160 if (preg_match(
'/g$/i', $maxphp)) {
1161 $maxphp = preg_replace(
'/g$/i',
'', $maxphp);
1162 $maxphp = $maxphp * 1024 * 1024;
1164 if (preg_match(
'/t$/i', $maxphp)) {
1165 $maxphp = preg_replace(
'/t$/i',
'', $maxphp);
1166 $maxphp = $maxphp * 1024 * 1024 * 1024;
1168 $maxphp2 = @ini_get(
'post_max_size');
1169 if (preg_match(
'/k$/i', $maxphp2)) {
1170 $maxphp2 = preg_replace(
'/k$/i',
'', $maxphp2);
1171 $maxphp2 = $maxphp2 * 1;
1173 if (preg_match(
'/m$/i', $maxphp2)) {
1174 $maxphp2 = preg_replace(
'/m$/i',
'', $maxphp2);
1175 $maxphp2 = $maxphp2 * 1024;
1177 if (preg_match(
'/g$/i', $maxphp2)) {
1178 $maxphp2 = preg_replace(
'/g$/i',
'', $maxphp2);
1179 $maxphp2 = $maxphp2 * 1024 * 1024;
1181 if (preg_match(
'/t$/i', $maxphp2)) {
1182 $maxphp2 = preg_replace(
'/t$/i',
'', $maxphp2);
1183 $maxphp2 = $maxphp2 * 1024 * 1024 * 1024;
1187 $maxphptoshow = $maxphptoshowparam =
'';
1189 $maxmin = min($maxmin, $maxphp);
1190 $maxphptoshow = $maxphp;
1191 $maxphptoshowparam =
'upload_max_filesize';
1194 $maxmin = min($maxmin, $maxphp2);
1195 if ($maxphp2 < $maxphp) {
1196 $maxphptoshow = $maxphp2;
1197 $maxphptoshowparam =
'post_max_size';
1203 return array(
'max'=>$max,
'maxmin'=>$maxmin,
'maxphptoshow'=>$maxphptoshow,
'maxphptoshowparam'=>$maxphptoshowparam);
if(!defined('NOTOKENRENEWAL')) if(!defined('NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined('NOREQUIREAJAX')) if(!defined('NOLOGIN')) if(!defined('NOCSRFCHECK')) if(!defined('NOIPCHECK')) llxHeaderVierge()
Header function.
if(!defined('NOREQUIRESOC')) if(!defined('NOREQUIRETRAN')) if(!defined('NOTOKENRENEWAL')) if(!defined('NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined('NOREQUIREAJAX')) llxHeader()
Empty header.
Class to manage agenda events (actions)
Class to manage projects.
Class to manage translations.
Class to manage Dolibarr users.
if(isModEnabled('facture') &&!empty($user->rights->facture->lire)) if((isModEnabled('fournisseur') &&empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD) && $user->hasRight("fournisseur", "facture", "lire"))||(isModEnabled('supplier_invoice') && $user->hasRight("supplier_invoice", "lire"))) if(isModEnabled('don') &&!empty($user->rights->don->lire)) if(isModEnabled('tax') &&!empty($user->rights->tax->charges->lire)) if(isModEnabled('facture') &&isModEnabled('commande') && $user->hasRight("commande", "lire") &&empty($conf->global->WORKFLOW_DISABLE_CREATE_INVOICE_FROM_ORDER)) $resql
Social contributions to pay.
dol_print_error($db='', $error='', $errors=null)
Displays error message system with all the information to facilitate the diagnosis and the escalation...
dol_strlen($string, $stringencoding='UTF-8')
Make a strlen call.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
if(!function_exists('utf8_encode')) if(!function_exists('utf8_decode')) getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
isModEnabled($module)
Is Dolibarr module enabled.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
if(!defined('NOREQUIREMENU')) if(!function_exists("llxHeader")) top_httphead($contenttype='text/html', $forcenocache=0)
Show HTTP header.
dolGetRandomBytes($length)
Return a string of random bytes (hexa string) with length = $length fro cryptographic purposes.
dol_encode($chain, $key='1')
Encode a string with base 64 algorithm + specific delta change.
checkUserAccessToObject($user, array $featuresarray, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='', $dbt_select='rowid', $parenttableforentity='')
Check that access by a given user to an object is ok.
dol_verifyHash($chain, $hash, $type='0')
Compute a hash and compare it to the given one For backward compatibility reasons,...
getMaxFileSizeArray()
Return the max allowed for file upload.
restrictedArea(User $user, $features, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid', $isdraft=0, $mode=0)
Check permissions of a user to show a page and an object.
dol_decode($chain, $key='1')
Decode a base 64 encoded + specific delta change.
dolEncrypt($chain, $key='', $ciphering="AES-256-CTR")
Encode a string with a symetric encryption.
dolGetLdapPasswordHash($password, $type='md5')
Returns a specific ldap hash of a password.
httponly_accessforbidden($message=1, $http_response_code=403, $stringalreadysanitized=0)
Show a message to say access is forbidden and stop program.
dolDecrypt($chain, $key='')
Decode a string with a symetric encryption.
dol_hash($chain, $type='0')
Returns a hash (non reversible encryption) of a string.
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.
