/** * Check authentication array and set error, errorcode, errorlabel * * @param array $authentication Array with authentication informations ('login'=>,'password'=>,'entity'=>,'dolibarrkey'=>) * @param int &$error Number of errors * @param string &$errorcode Error string code * @param string &$errorlabel Error string label * @return User Return user object identified by login/pass/entity into authentication array */ function check_authentication($authentication, &$error, &$errorcode, &$errorlabel) { global $db, $conf, $langs; global $dolibarr_main_authentication, $dolibarr_auto_user; $fuser = new User($db); if (!$error && $authentication['dolibarrkey'] != $conf->global->WEBSERVICES_KEY) { $error++; $errorcode = 'BAD_VALUE_FOR_SECURITY_KEY'; $errorlabel = 'Value provided into dolibarrkey entry field does not match security key defined in Webservice module setup'; } if (!$error && !empty($authentication['entity']) && !is_numeric($authentication['entity'])) { $error++; $errorcode = 'BAD_PARAMETERS'; $errorlabel = "Parameter entity must be empty (or filled with numeric id of instance if multicompany module is used)."; } if (!$error) { $result = $fuser->fetch('', $authentication['login'], '', 0); if ($result < 0) { $error++; $errorcode = 'ERROR_FETCH_USER'; $errorlabel = 'A technical error occurs during fetch of user'; } else { if ($result == 0) { $error++; $errorcode = 'BAD_CREDENTIALS'; $errorlabel = 'Bad value for login or password'; } } if (!$error && $fuser->statut == 0) { $error++; $errorcode = 'ERROR_USER_DISABLED'; $errorlabel = 'This user has been locked or disabled'; } // Validation of login if (!$error) { $fuser->getrights(); // Load permission of user // Authentication mode if (empty($dolibarr_main_authentication)) { $dolibarr_main_authentication = 'http,dolibarr'; } // Authentication mode: forceuser if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) { $dolibarr_auto_user = '******'; } // Set authmode $authmode = explode(',', $dolibarr_main_authentication); include_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php'; $login = checkLoginPassEntity($authentication['login'], $authentication['password'], $authentication['entity'], $authmode); if (empty($login)) { $error++; $errorcode = 'BAD_CREDENTIALS'; $errorlabel = 'Bad value for login or password'; } } } return $fuser; }
/** * Check access * * @return bool * @throws RestException */ public function __isAllowed() { global $db; $stored_key = ''; $userClass = Defaults::$userIdentifierClass; if (isset($_GET['api_key'])) { $sql = "SELECT u.login, u.datec, u.api_key, "; $sql .= " u.tms as date_modification, u.entity"; $sql .= " FROM " . MAIN_DB_PREFIX . "user as u"; $sql .= " WHERE u.api_key = '" . $db->escape($_GET['api_key']) . "'"; $result = $db->query($sql); if ($result) { if ($db->num_rows($result)) { $obj = $db->fetch_object($result); $login = $obj->login; $stored_key = $obj->api_key; } } else { throw new RestException(503, 'Error when fetching user api_key :' . $db->error_msg); } if ($stored_key != $_GET['api_key']) { $userClass::setCacheIdentifier($_GET['api_key']); return false; } $fuser = new User($db); if (!$fuser->fetch('', $login)) { throw new RestException(503, 'Error when fetching user :'******'external'; } if ($fuser->admin) { static::$role = 'admin'; } } else { return false; } $userClass::setCacheIdentifier(static::$role); Resources::$accessControlFunction = 'DolibarrApiAccess::verifyAccess'; return in_array(static::$role, (array) static::$requires) || static::$role == 'admin'; }
if (!empty($search_valideur) && $search_valideur != -1) { $filter .= " AND cp.fk_validator = '" . $db->escape($search_valideur) . "'\n"; } // STATUT if (!empty($search_statut) && $search_statut != -1) { $filter .= " AND cp.statut = '" . $db->escape($search_statut) . "'\n"; } /************************************* * Fin des filtres de recherche *************************************/ // Récupération de l'ID de l'utilisateur $user_id = $user->id; if ($id > 0) { // Charge utilisateur edite $fuser->fetch($id); $fuser->getrights(); $user_id = $fuser->id; } // Récupération des congés payés de l'utilisateur ou de tous les users if (!$user->rights->holiday->write_all || $id > 0) { $holiday_payes = $holiday->fetchByUser($user_id, $order, $filter); } else { $holiday_payes = $holiday->fetchAll($order, $filter); } // Si erreur SQL if ($holiday_payes == '-1') { print_fiche_titre($langs->trans('CPTitreMenu')); dol_print_error($db, $langs->trans('Error') . ' ' . $holiday->error); exit; } /*************************************
if (!($thirdpartyid > 0)) { $retour = $langs->trans("ErrorFieldRequired", $langs->transnoentities("CashDeskThirdPartyForSell")); header('Location: ' . DOL_URL_ROOT . '/cashdesk/index.php?err=' . urlencode($retour) . '&user='******'&socid=' . $thirdpartyid . '&warehouseid=' . $warehouseid . '&bankid_cash=' . $bankid_cash . '&bankid_cheque=' . $bankid_cheque . '&bankid_cb=' . $bankid_cb); exit; } // If we setup stock module to ask movement on invoices, we must not allow access if required setup not finished. if (!empty($conf->stock->enabled) && empty($conf->global->CASHDESK_NO_DECREASE_STOCK) && !($warehouseid > 0)) { $retour = $langs->trans("CashDeskYouDidNotDisableStockDecease"); header('Location: ' . DOL_URL_ROOT . '/cashdesk/index.php?err=' . urlencode($retour) . '&user='******'&socid=' . $thirdpartyid . '&warehouseid=' . $warehouseid . '&bankid_cash=' . $bankid_cash . '&bankid_cheque=' . $bankid_cheque . '&bankid_cb=' . $bankid_cb); exit; } // If stock decrease on bill validation, check user has stock edit permissions if (!empty($conf->stock->enabled) && empty($conf->global->CASHDESK_NO_DECREASE_STOCK) && !empty($username)) { $testuser = new User($db); $testuser->fetch(0, $username); $testuser->getrights('stock'); if (empty($testuser->rights->stock->creer)) { $retour = $langs->trans("UserNeedPermissionToEditStockToUsePos"); header('Location: ' . DOL_URL_ROOT . '/cashdesk/index.php?err=' . urlencode($retour) . '&user='******'&socid=' . $thirdpartyid . '&warehouseid=' . $warehouseid . '&bankid_cash=' . $bankid_cash . '&bankid_cheque=' . $bankid_cheque . '&bankid_cb=' . $bankid_cb); exit; } } /* if (! empty($_POST['txtUsername']) && ! empty($conf->banque->enabled) && (empty($conf_fkaccount_cash) && empty($conf_fkaccount_cheque) && empty($conf_fkaccount_cb))) { $langs->load("errors"); $retour=$langs->trans("ErrorModuleSetupNotComplete"); header('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='******'&socid='.$thirdpartyid.'&warehouseid='.$warehouseid); exit; } */
/** * * Enter description here ... * @param $aryClose */ public static function setControlCash($aryClose) { global $db, $user; $function = "closeCash"; $error = 0; $terminalid = $_SESSION['TERMINAL_ID']; $userpos = new User($db); $userpos->fetch($aryClose['employeeId']); $userpos->getrights('pos'); if ($userpos->rights->pos->closecash || !$aryClose['type']) { $cash = new ControlCash($db, $terminalid); $data['userid'] = $aryClose['employeeId']; $data['amount_reel'] = $aryClose['moneyincash']; $data['amount_teoric'] = $cash->getMoneyCash(); $data['amount_diff'] = $data['amount_reel'] - $data['amount_teoric']; $data['type_control'] = $aryClose['type']; $data['print'] = $aryClose['print']; $res = $cash->create($data); if ($res > 0) { $terminal = new Cash($db); $userstatic = new User($db); $userstatic->fetch($id); $terminal->fetch($terminalid); if ($aryClose['type'] == 1) { if (!$terminal->set_closed($userstatic)) { $error++; } } elseif ($aryClose['type'] == 2) { if (!$terminal->set_open($userstatic)) { $error++; } } } else { $error++; } } else { $error = 2; } if ($error == 0) { $error = $res; } else { $error = $error * -1; } return ErrorControl($error, $function); }
} $feature2 = $socid && $user->rights->user->self->creer ? '' : 'user'; if ($user->id == $id) { $feature2 = ''; $canreaduser = 1; } $result = restrictedArea($user, 'user', $id, 'user&user', $feature2); if ($user->id != $id && !$canreaduser) { accessforbidden(); } $dirtop = "../core/menus/standard"; $dirleft = "../core/menus/standard"; // Charge utilisateur edite $object = new User($db); $object->fetch($id); $object->getrights(); // Liste des zone de recherche permanentes supportees $searchform = array("main_searchform_societe", "main_searchform_contact", "main_searchform_produitservice"); $searchformconst = array($conf->global->MAIN_SEARCHFORM_SOCIETE, $conf->global->MAIN_SEARCHFORM_CONTACT, $conf->global->MAIN_SEARCHFORM_PRODUITSERVICE); $searchformtitle = array($langs->trans("Companies"), $langs->trans("Contacts"), $langs->trans("ProductsAndServices")); $form = new Form($db); $formadmin = new FormAdmin($db); /* * Actions */ if ($action == 'update' && ($caneditfield || !empty($user->admin))) { if (!$_POST["cancel"]) { $tabparam = array(); if ($_POST["check_MAIN_LANG_DEFAULT"] == "on") { $tabparam["MAIN_LANG_DEFAULT"] = $_POST["main_lang_default"]; } else {
<?php require 'config.php'; dol_include_once('/dolidacticiel/class/dolidacticiel.class.php'); dol_include_once('/core/lib/usergroups.lib.php'); $id = GETPOST('id'); $u = new User($db); $u->fetch($id); $u->getrights(); if ($u->id <= 0) { exit('ErrorUser'); } llxHeader(); $head = user_prepare_head($u); $title = $langs->trans("Achievements"); dol_fiche_head($head, 'achievements', $title); $PDOdb = new TPDOdb(); $Tab = TDolidacticiel::getAll($PDOdb, $u, $conf); print '<table class="border" width="100%">'; foreach ($Tab as &$d) { print '<tr><td width="50%"><strong>' . $d->title . '</strong><br />' . $d->description . '</td><td>' . ($d->currentUserAchievement ? img_picto('Ok', 'star') : '') . '</td></tr>'; } print '</table>'; dol_fiche_end(); llxFooter();
static function getAllUser(&$PDOdb, &$db, &$conf) { if (!class_exists('User')) { dol_include_once('/user/class/user.class.php'); } $TRes = array(); $TUserId = $PDOdb->ExecuteAsArray('SELECT rowid FROM ' . MAIN_DB_PREFIX . 'user WHERE statut = 1'); foreach ($TUserId as $obj) { $user = new User($db); $user->fetch($obj->rowid); $user->getrights(); $TRes[] = array('user' => $user, 'dolidacticiel' => TDolidacticiel::getAll($PDOdb, $user, $conf)); } return $TRes; }