/**
* Check authentication array and set error, errorcode, errorlabel
*
* @param array $authentication Array with authentication informations ('login'=>,'password'=>,'entity'=>,'dolibarrkey'=>)
* @param int &$error Number of errors
* @param string &$errorcode Error string code
* @param string &$errorlabel Error string label
* @return User Return user object identified by login/pass/entity into authentication array
*/
function check_authentication($authentication, &$error, &$errorcode, &$errorlabel)
{
global $db, $conf, $langs;
global $dolibarr_main_authentication, $dolibarr_auto_user;
$fuser = new User($db);
if (!$error && $authentication['dolibarrkey'] != $conf->global->WEBSERVICES_KEY) {
$error++;
$errorcode = 'BAD_VALUE_FOR_SECURITY_KEY';
$errorlabel = 'Value provided into dolibarrkey entry field does not match security key defined in Webservice module setup';
}
if (!$error && !empty($authentication['entity']) && !is_numeric($authentication['entity'])) {
$error++;
$errorcode = 'BAD_PARAMETERS';
$errorlabel = "Parameter entity must be empty (or filled with numeric id of instance if multicompany module is used).";
}
if (!$error) {
$result = $fuser->fetch('', $authentication['login'], '', 0);
if ($result < 0) {
$error++;
$errorcode = 'ERROR_FETCH_USER';
$errorlabel = 'A technical error occurs during fetch of user';
} else {
if ($result == 0) {
$error++;
$errorcode = 'BAD_CREDENTIALS';
$errorlabel = 'Bad value for login or password';
}
}
if (!$error && $fuser->statut == 0) {
$error++;
$errorcode = 'ERROR_USER_DISABLED';
$errorlabel = 'This user has been locked or disabled';
}
// Validation of login
if (!$error) {
$fuser->getrights();
// Load permission of user
// Authentication mode
if (empty($dolibarr_main_authentication)) {
$dolibarr_main_authentication = 'http,dolibarr';
}
// Authentication mode: forceuser
if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) {
$dolibarr_auto_user = '******';
}
// Set authmode
$authmode = explode(',', $dolibarr_main_authentication);
include_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php';
$login = checkLoginPassEntity($authentication['login'], $authentication['password'], $authentication['entity'], $authmode);
if (empty($login)) {
$error++;
$errorcode = 'BAD_CREDENTIALS';
$errorlabel = 'Bad value for login or password';
}
}
}
return $fuser;
}
/**
* Check access
*
* @return bool
* @throws RestException
*/
public function __isAllowed()
{
global $db;
$stored_key = '';
$userClass = Defaults::$userIdentifierClass;
if (isset($_GET['api_key'])) {
$sql = "SELECT u.login, u.datec, u.api_key, ";
$sql .= " u.tms as date_modification, u.entity";
$sql .= " FROM " . MAIN_DB_PREFIX . "user as u";
$sql .= " WHERE u.api_key = '" . $db->escape($_GET['api_key']) . "'";
$result = $db->query($sql);
if ($result) {
if ($db->num_rows($result)) {
$obj = $db->fetch_object($result);
$login = $obj->login;
$stored_key = $obj->api_key;
}
} else {
throw new RestException(503, 'Error when fetching user api_key :' . $db->error_msg);
}
if ($stored_key != $_GET['api_key']) {
$userClass::setCacheIdentifier($_GET['api_key']);
return false;
}
$fuser = new User($db);
if (!$fuser->fetch('', $login)) {
throw new RestException(503, 'Error when fetching user :'******'external';
}
if ($fuser->admin) {
static::$role = 'admin';
}
} else {
return false;
}
$userClass::setCacheIdentifier(static::$role);
Resources::$accessControlFunction = 'DolibarrApiAccess::verifyAccess';
return in_array(static::$role, (array) static::$requires) || static::$role == 'admin';
}
if (!empty($search_valideur) && $search_valideur != -1) {
$filter .= " AND cp.fk_validator = '" . $db->escape($search_valideur) . "'\n";
}
// STATUT
if (!empty($search_statut) && $search_statut != -1) {
$filter .= " AND cp.statut = '" . $db->escape($search_statut) . "'\n";
}
/*************************************
* Fin des filtres de recherche
*************************************/
// Récupération de l'ID de l'utilisateur
$user_id = $user->id;
if ($id > 0) {
// Charge utilisateur edite
$fuser->fetch($id);
$fuser->getrights();
$user_id = $fuser->id;
}
// Récupération des congés payés de l'utilisateur ou de tous les users
if (!$user->rights->holiday->write_all || $id > 0) {
$holiday_payes = $holiday->fetchByUser($user_id, $order, $filter);
} else {
$holiday_payes = $holiday->fetchAll($order, $filter);
}
// Si erreur SQL
if ($holiday_payes == '-1') {
print_fiche_titre($langs->trans('CPTitreMenu'));
dol_print_error($db, $langs->trans('Error') . ' ' . $holiday->error);
exit;
}
/*************************************
if (!($thirdpartyid > 0)) {
$retour = $langs->trans("ErrorFieldRequired", $langs->transnoentities("CashDeskThirdPartyForSell"));
header('Location: ' . DOL_URL_ROOT . '/cashdesk/index.php?err=' . urlencode($retour) . '&user='******'&socid=' . $thirdpartyid . '&warehouseid=' . $warehouseid . '&bankid_cash=' . $bankid_cash . '&bankid_cheque=' . $bankid_cheque . '&bankid_cb=' . $bankid_cb);
exit;
}
// If we setup stock module to ask movement on invoices, we must not allow access if required setup not finished.
if (!empty($conf->stock->enabled) && empty($conf->global->CASHDESK_NO_DECREASE_STOCK) && !($warehouseid > 0)) {
$retour = $langs->trans("CashDeskYouDidNotDisableStockDecease");
header('Location: ' . DOL_URL_ROOT . '/cashdesk/index.php?err=' . urlencode($retour) . '&user='******'&socid=' . $thirdpartyid . '&warehouseid=' . $warehouseid . '&bankid_cash=' . $bankid_cash . '&bankid_cheque=' . $bankid_cheque . '&bankid_cb=' . $bankid_cb);
exit;
}
// If stock decrease on bill validation, check user has stock edit permissions
if (!empty($conf->stock->enabled) && empty($conf->global->CASHDESK_NO_DECREASE_STOCK) && !empty($username)) {
$testuser = new User($db);
$testuser->fetch(0, $username);
$testuser->getrights('stock');
if (empty($testuser->rights->stock->creer)) {
$retour = $langs->trans("UserNeedPermissionToEditStockToUsePos");
header('Location: ' . DOL_URL_ROOT . '/cashdesk/index.php?err=' . urlencode($retour) . '&user='******'&socid=' . $thirdpartyid . '&warehouseid=' . $warehouseid . '&bankid_cash=' . $bankid_cash . '&bankid_cheque=' . $bankid_cheque . '&bankid_cb=' . $bankid_cb);
exit;
}
}
/*
if (! empty($_POST['txtUsername']) && ! empty($conf->banque->enabled) && (empty($conf_fkaccount_cash) && empty($conf_fkaccount_cheque) && empty($conf_fkaccount_cb)))
{
$langs->load("errors");
$retour=$langs->trans("ErrorModuleSetupNotComplete");
header('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='******'&socid='.$thirdpartyid.'&warehouseid='.$warehouseid);
exit;
}
*/
/**
*
* Enter description here ...
* @param $aryClose
*/
public static function setControlCash($aryClose)
{
global $db, $user;
$function = "closeCash";
$error = 0;
$terminalid = $_SESSION['TERMINAL_ID'];
$userpos = new User($db);
$userpos->fetch($aryClose['employeeId']);
$userpos->getrights('pos');
if ($userpos->rights->pos->closecash || !$aryClose['type']) {
$cash = new ControlCash($db, $terminalid);
$data['userid'] = $aryClose['employeeId'];
$data['amount_reel'] = $aryClose['moneyincash'];
$data['amount_teoric'] = $cash->getMoneyCash();
$data['amount_diff'] = $data['amount_reel'] - $data['amount_teoric'];
$data['type_control'] = $aryClose['type'];
$data['print'] = $aryClose['print'];
$res = $cash->create($data);
if ($res > 0) {
$terminal = new Cash($db);
$userstatic = new User($db);
$userstatic->fetch($id);
$terminal->fetch($terminalid);
if ($aryClose['type'] == 1) {
if (!$terminal->set_closed($userstatic)) {
$error++;
}
} elseif ($aryClose['type'] == 2) {
if (!$terminal->set_open($userstatic)) {
$error++;
}
}
} else {
$error++;
}
} else {
$error = 2;
}
if ($error == 0) {
$error = $res;
} else {
$error = $error * -1;
}
return ErrorControl($error, $function);
}
}
$feature2 = $socid && $user->rights->user->self->creer ? '' : 'user';
if ($user->id == $id) {
$feature2 = '';
$canreaduser = 1;
}
$result = restrictedArea($user, 'user', $id, 'user&user', $feature2);
if ($user->id != $id && !$canreaduser) {
accessforbidden();
}
$dirtop = "../core/menus/standard";
$dirleft = "../core/menus/standard";
// Charge utilisateur edite
$object = new User($db);
$object->fetch($id);
$object->getrights();
// Liste des zone de recherche permanentes supportees
$searchform = array("main_searchform_societe", "main_searchform_contact", "main_searchform_produitservice");
$searchformconst = array($conf->global->MAIN_SEARCHFORM_SOCIETE, $conf->global->MAIN_SEARCHFORM_CONTACT, $conf->global->MAIN_SEARCHFORM_PRODUITSERVICE);
$searchformtitle = array($langs->trans("Companies"), $langs->trans("Contacts"), $langs->trans("ProductsAndServices"));
$form = new Form($db);
$formadmin = new FormAdmin($db);
/*
* Actions
*/
if ($action == 'update' && ($caneditfield || !empty($user->admin))) {
if (!$_POST["cancel"]) {
$tabparam = array();
if ($_POST["check_MAIN_LANG_DEFAULT"] == "on") {
$tabparam["MAIN_LANG_DEFAULT"] = $_POST["main_lang_default"];
} else {
<?php
require 'config.php';
dol_include_once('/dolidacticiel/class/dolidacticiel.class.php');
dol_include_once('/core/lib/usergroups.lib.php');
$id = GETPOST('id');
$u = new User($db);
$u->fetch($id);
$u->getrights();
if ($u->id <= 0) {
exit('ErrorUser');
}
llxHeader();
$head = user_prepare_head($u);
$title = $langs->trans("Achievements");
dol_fiche_head($head, 'achievements', $title);
$PDOdb = new TPDOdb();
$Tab = TDolidacticiel::getAll($PDOdb, $u, $conf);
print '<table class="border" width="100%">';
foreach ($Tab as &$d) {
print '<tr><td width="50%"><strong>' . $d->title . '</strong><br />' . $d->description . '</td><td>' . ($d->currentUserAchievement ? img_picto('Ok', 'star') : '') . '</td></tr>';
}
print '</table>';
dol_fiche_end();
llxFooter();
static function getAllUser(&$PDOdb, &$db, &$conf)
{
if (!class_exists('User')) {
dol_include_once('/user/class/user.class.php');
}
$TRes = array();
$TUserId = $PDOdb->ExecuteAsArray('SELECT rowid FROM ' . MAIN_DB_PREFIX . 'user WHERE statut = 1');
foreach ($TUserId as $obj) {
$user = new User($db);
$user->fetch($obj->rowid);
$user->getrights();
$TRes[] = array('user' => $user, 'dolidacticiel' => TDolidacticiel::getAll($PDOdb, $user, $conf));
}
return $TRes;
}
