/**
     *  Fonction qui donne les droits redacteurs dans spip
     *
     *	@param	Object	$object		Object with data (->firstname, ->lastname, ->email and ->login)
     *  @return	int					=0 if KO, >0 if OK
     */
    function add_to_spip($object)
    {
        dol_syslog(get_class($this)."::add_to_spip");

        if (defined("ADHERENT_USE_SPIP") && ADHERENT_USE_SPIP ==1 &&
        defined('ADHERENT_SPIP_SERVEUR') && ADHERENT_SPIP_SERVEUR != '' &&
        defined('ADHERENT_SPIP_USER') && ADHERENT_SPIP_USER != '' &&
        defined('ADHERENT_SPIP_PASS') && ADHERENT_SPIP_PASS != '' &&
        defined('ADHERENT_SPIP_DB') && ADHERENT_SPIP_DB != ''
        )
        {
            require_once(DOL_DOCUMENT_ROOT."/core/lib/security2.lib.php");
            $mdpass=dol_hash($object->pass);
            $htpass=crypt($object->pass,makesalt());
            $query = "INSERT INTO spip_auteurs (nom, email, login, pass, htpass, alea_futur, statut) VALUES(\"".$object->firstname." ".$object->lastname."\",\"".$object->email."\",\"".$object->login."\",\"$mdpass\",\"$htpass\",FLOOR(32000*RAND()),\"1comite\")";

            $mydb=getDoliDBInstance('mysql',ADHERENT_SPIP_SERVEUR,ADHERENT_SPIP_USER,ADHERENT_SPIP_PASS,ADHERENT_SPIP_DB,ADHERENT_SPIP_PORT);

            if (! $mydb->ok)
            {
                $this->error=$mydb->lasterror();
                return 0;
            }

            $result = $mydb->query($query);
            if ($result)
            {
                $mydb->close();
                return 1;
            }
            else
            {
                $this->error=$mydb->lasterror();
                return 0;
            }
        }
    }
Beispiel #2
0
/**
 *  Return a prefix to use for this Dolibarr instance for session or cookie names.
 *  This prefix is unique for instance and avoid conflict between multi-instances,
 *  even when having two instances with one root dir or two instances in virtual servers
 *
 *  @return	string      		A calculated prefix
 */
function dol_getprefix()
{
    return dol_hash($_SERVER["SERVER_NAME"] . $_SERVER["DOCUMENT_ROOT"] . DOL_DOCUMENT_ROOT . DOL_URL_ROOT);
}
Beispiel #3
0
if (empty($PAYPAL_API_PASSWORD)) {
    dol_print_error('', "Paypal setup param PAYPAL_API_PASSWORD not defined");
    return -1;
}
if (empty($PAYPAL_API_SIGNATURE)) {
    dol_print_error('', "Paypal setup param PAYPAL_API_SIGNATURE not defined");
    return -1;
}
// Check security token
$valid = true;
if (!empty($conf->global->PAYPAL_SECURITY_TOKEN)) {
    if (!empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
        if ($SOURCE && $REF) {
            $token = dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . $SOURCE . $REF, 2);
        } else {
            $token = dol_hash($conf->global->PAYPAL_SECURITY_TOKEN, 2);
        }
    } else {
        $token = $conf->global->PAYPAL_SECURITY_TOKEN;
    }
    if ($SECUREKEY != $token) {
        $valid = false;
    }
    if (!$valid) {
        print '<div class="error">Bad value for key.</div>';
        //print 'SECUREKEY='.$SECUREKEY.' token='.$token.' valid='.$valid;
        exit;
    }
}
/*
 * Actions
 /**
  *  Fonction qui donne les droits redacteurs dans spip
  *
  *	@param	Adherent	$object		Object with data (->firstname, ->lastname, ->email and ->login)
  *  @return	int					=0 if KO, >0 if OK
  */
 function add_to_spip($object)
 {
     dol_syslog(get_class($this) . "::add_to_spip");
     if ($this->isSpipEnabled()) {
         if ($this->checkSpipConfig()) {
             $mydb = $this->connectSpip();
             if ($mydb) {
                 require_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php';
                 $mdpass = dol_hash($object->pass);
                 $htpass = crypt($object->pass, makesalt());
                 $query = "INSERT INTO spip_auteurs (nom, email, login, pass, htpass, alea_futur, statut) VALUES(\"" . dolGetFirstLastname($object->firstname, $object->lastname) . "\",\"" . $object->email . "\",\"" . $object->login . "\",\"{$mdpass}\",\"{$htpass}\",FLOOR(32000*RAND()),\"1comite\")";
                 $result = $mydb->query($query);
                 $mydb->close();
                 if ($result) {
                     return 1;
                 } else {
                     $this->error = $mydb->lasterror();
                 }
             } else {
                 $this->error = 'Failed to connect to SPIP';
             }
         } else {
             $this->error = 'BadSPIPConfiguration';
         }
     } else {
         $this->error = 'SPIPNotEnabled';
     }
     return 0;
 }
Beispiel #5
0
/**
 * Return a generated password using default module
 *
 * @param		boolean		$generic		true=Create generic password (use default crypt function), false=Use the configured password generation module
 * @return		string						New value for password
 */
function getRandomPassword($generic = false)
{
    global $db, $conf, $langs, $user;
    $generated_password = '';
    if ($generic) {
        $generated_password = dol_hash(mt_rand());
    } else {
        if (!empty($conf->global->USER_PASSWORD_GENERATED)) {
            $nomclass = "modGeneratePass" . ucfirst($conf->global->USER_PASSWORD_GENERATED);
            $nomfichier = $nomclass . ".class.php";
            //print DOL_DOCUMENT_ROOT."/core/modules/security/generate/".$nomclass;
            require_once DOL_DOCUMENT_ROOT . "/core/modules/security/generate/" . $nomfichier;
            $genhandler = new $nomclass($db, $conf, $langs, $user);
            $generated_password = $genhandler->getNewGeneratedPassword();
            unset($genhandler);
        }
    }
    return $generated_password;
}
 $tmpfield = explode('=', $other[1], 2);
 $other2 = isset($tmpfield[1]) ? $tmpfield[1] : $tmpfield[0];
 $tmpfield = explode('=', $other[2], 2);
 $other3 = isset($tmpfield[1]) ? $tmpfield[1] : $tmpfield[0];
 $tmpfield = explode('=', $other[3], 2);
 $other4 = isset($tmpfield[1]) ? $tmpfield[1] : $tmpfield[0];
 $tmpfield = explode('=', $other[4], 2);
 $other5 = isset($tmpfield[1]) ? $tmpfield[1] : $tmpfield[0];
 // Array of possible substitutions (See also fie mailing-send.php that should manage same substitutions)
 $substitutionarray = array('__ID__' => $obj->source_id, '__EMAIL__' => $obj->email, '__LASTNAME__' => $obj->lastname, '__FIRSTNAME__' => $obj->firstname, '__MAILTOEMAIL__' => '<a href="mailto:' . $obj->email . '">' . $obj->email . '</a>', '__OTHER1__' => $other1, '__OTHER2__' => $other2, '__OTHER3__' => $other3, '__OTHER4__' => $other4, '__OTHER5__' => $other5, '__CHECK_READ__' => '<img src="' . DOL_MAIN_URL_ROOT . '/public/emailing/mailing-read.php?tag=' . $obj->tag . '&securitykey=' . urlencode($conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY) . '" width="1" height="1" style="width:1px;height:1px" border="0"/>', '__UNSUBSCRIBE__' => '<a href="' . DOL_MAIN_URL_ROOT . '/public/emailing/mailing-unsubscribe.php?tag=' . $obj->tag . '&unsuscrib=1&securitykey=' . urlencode($conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY) . '" target="_blank">' . $langs->trans("MailUnsubcribe") . '</a>');
 if (!empty($conf->paypal->enabled) && !empty($conf->global->PAYPAL_SECURITY_TOKEN)) {
     $substitutionarray['__SECUREKEYPAYPAL__'] = dol_hash($conf->global->PAYPAL_SECURITY_TOKEN, 2);
     if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
         $substitutionarray['__SECUREKEYPAYPAL_MEMBER__'] = dol_hash($conf->global->PAYPAL_SECURITY_TOKEN, 2);
     } else {
         $substitutionarray['__SECUREKEYPAYPAL_MEMBER__'] = dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'membersubscription' . $obj->source_id, 2);
     }
 }
 $substitutionisok = true;
 complete_substitutions_array($substitutionarray, $langs);
 $newsubject = make_substitutions($subject, $substitutionarray);
 $newmessage = make_substitutions($message, $substitutionarray);
 $arr_file = array();
 $arr_mime = array();
 $arr_name = array();
 $arr_css = array();
 $listofpaths = dol_dir_list($upload_dir, 'all', 0, '', '', 'name', SORT_ASC, 0);
 if (count($listofpaths)) {
     foreach ($listofpaths as $key => $val) {
         $arr_file[] = $listofpaths[$key]['fullname'];
         $arr_mime[] = dol_mimetype($listofpaths[$key]['name']);
/**
 * Actions
 */

// Validate new password
if ($action == 'validatenewpassword' && $username && $passwordmd5)
{
    $edituser = new User($db);
    $result=$edituser->fetch('',$_GET["username"]);
    if ($result < 0)
    {
        $message = '<div class="error">'.$langs->trans("ErrorLoginDoesNotExists",$username).'</div>';
    }
    else
    {
        if (dol_hash($edituser->pass_temp) == $passwordmd5)
        {
            $newpassword=$edituser->setPassword($user,$edituser->pass_temp,0);
            dol_syslog("passwordforgotten.php new password for user->id=".$edituser->id." validated in database");
            header("Location: ".DOL_URL_ROOT.'/');
            exit;
        }
        else
        {
            $message = '<div class="error">'.$langs->trans("ErrorFailedToValidatePassword").'</div>';
        }
    }
}
// Action modif mot de passe
if ($action == 'buildnewpassword' && $username)
{
Beispiel #8
0
 /**
  *  Send new password by email
  *
  *  @param	User	$user           Object user that send email
  *  @param	string	$password       New password
  *	@param	int		$changelater	1=Change password only after clicking on confirm email
  *  @return int 		            < 0 si erreur, > 0 si ok
  */
 function send_password($user, $password = '', $changelater = 0)
 {
     global $conf, $langs;
     global $dolibarr_main_url_root;
     require_once DOL_DOCUMENT_ROOT . '/core/class/CMailFile.class.php';
     $msgishtml = 0;
     // Define $msg
     $mesg = '';
     $outputlangs = new Translate("", $conf);
     if (isset($this->conf->MAIN_LANG_DEFAULT) && $this->conf->MAIN_LANG_DEFAULT != 'auto') {
         // If user has defined its own language (rare because in most cases, auto is used)
         $outputlangs->getDefaultLang($this->conf->MAIN_LANG_DEFAULT);
     } else {
         // If user has not defined its own language, we used current language
         $outputlangs = $langs;
     }
     $outputlangs->load("main");
     $outputlangs->load("errors");
     $outputlangs->load("users");
     $outputlangs->load("other");
     $subject = $outputlangs->transnoentitiesnoconv("SubjectNewPassword");
     // Define $urlwithroot
     //$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root));
     //$urlwithroot=$urlwithouturlroot.DOL_URL_ROOT;		// This is to use external domain name found into config file
     $urlwithroot = DOL_MAIN_URL_ROOT;
     // This is to use same domain name than current
     if (!$changelater) {
         $mesg .= $outputlangs->transnoentitiesnoconv("RequestToResetPasswordReceived") . ".\n";
         $mesg .= $outputlangs->transnoentitiesnoconv("NewKeyIs") . " :\n\n";
         $mesg .= $outputlangs->transnoentitiesnoconv("Login") . " = " . $this->login . "\n";
         $mesg .= $outputlangs->transnoentitiesnoconv("Password") . " = " . $password . "\n\n";
         $mesg .= "\n";
         $url = $urlwithroot . '/';
         $mesg .= $outputlangs->transnoentitiesnoconv("ClickHereToGoTo", $conf->global->MAIN_APPLICATION_TITLE) . ': ' . $url . "\n\n";
         $mesg .= "--\n";
         $mesg .= $user->getFullName($outputlangs);
         // Username that make then sending
     } else {
         $mesg .= $outputlangs->transnoentitiesnoconv("RequestToResetPasswordReceived") . "\n";
         $mesg .= $outputlangs->transnoentitiesnoconv("NewKeyWillBe") . " :\n\n";
         $mesg .= $outputlangs->transnoentitiesnoconv("Login") . " = " . $this->login . "\n";
         $mesg .= $outputlangs->transnoentitiesnoconv("Password") . " = " . $password . "\n\n";
         $mesg .= "\n";
         $mesg .= $outputlangs->transnoentitiesnoconv("YouMustClickToChange") . " :\n";
         $url = $urlwithroot . '/user/passwordforgotten.php?action=validatenewpassword&username='******'', '', 0, $msgishtml);
     if ($mailfile->sendfile()) {
         return 1;
     } else {
         $langs->trans("errors");
         $this->error = $langs->trans("ErrorFailedToSendPassword") . ' ' . $mailfile->error;
         return -1;
     }
 }
Beispiel #9
0
 /**
  *    	Return HTML code to output a photo
  *
  *    	@param	string		$modulepart		Key to define module concerned ('societe', 'userphoto', 'memberphoto')
  *     	@param  object		$object			Object containing data to retrieve file name
  * 		@param	int			$width			Width of photo
  * 	  	@return string    					HTML code to output photo
  */
 function showphoto($modulepart, $object, $width = 100)
 {
     global $conf;
     $entity = !empty($object->entity) ? $object->entity : $conf->entity;
     $id = !empty($object->id) ? $object->id : $object->rowid;
     $ret = '';
     $dir = '';
     $file = '';
     $altfile = '';
     $email = '';
     if ($modulepart == 'societe') {
         $dir = $conf->societe->multidir_output[$entity];
         $smallfile = $object->logo;
         $smallfile = preg_replace('/(\\.png|\\.gif|\\.jpg|\\.jpeg|\\.bmp)/i', '_small\\1', $smallfile);
         if ($object->logo) {
             $file = $id . '/logos/thumbs/' . $smallfile;
         }
     } else {
         if ($modulepart == 'userphoto') {
             $dir = $conf->user->dir_output;
             if ($object->photo) {
                 $file = get_exdir($id, 2) . $object->photo;
             }
             if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) {
                 $altfile = $object->id . ".jpg";
             }
             // For backward compatibility
             $email = $object->email;
         } else {
             if ($modulepart == 'memberphoto') {
                 $dir = $conf->adherent->dir_output;
                 if ($object->photo) {
                     $file = get_exdir($id, 2) . 'photos/' . $object->photo;
                 }
                 if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) {
                     $altfile = $object->id . ".jpg";
                 }
                 // For backward compatibility
                 $email = $object->email;
             } else {
                 $dir = $conf->{$modulepart}->dir_output;
                 if ($object->photo) {
                     $file = get_exdir($id, 2) . 'photos/' . $object->photo;
                 }
                 if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) {
                     $altfile = $object->id . ".jpg";
                 }
                 // For backward compatibility
                 $email = $object->email;
             }
         }
     }
     if ($dir) {
         $cache = '0';
         if ($file && file_exists($dir . "/" . $file)) {
             // TODO Link to large image
             $ret .= '<a href="' . DOL_URL_ROOT . '/viewimage.php?modulepart=' . $modulepart . '&entity=' . $entity . '&file=' . urlencode($file) . '&cache=' . $cache . '">';
             $ret .= '<img alt="Photo" id="photologo' . preg_replace('/[^a-z]/i', '_', $file) . '" class="photologo" border="0" width="' . $width . '" src="' . DOL_URL_ROOT . '/viewimage.php?modulepart=' . $modulepart . '&entity=' . $entity . '&file=' . urlencode($file) . '&cache=' . $cache . '">';
             $ret .= '</a>';
         } else {
             if ($altfile && file_exists($dir . "/" . $altfile)) {
                 $ret .= '<a href="' . DOL_URL_ROOT . '/viewimage.php?modulepart=' . $modulepart . '&entity=' . $entity . '&file=' . urlencode($file) . '&cache=' . $cache . '">';
                 $ret .= '<img alt="Photo alt" id="photologo' . preg_replace('/[^a-z]/i', '_', $file) . '" class="photologo" border="0" width="' . $width . '" src="' . DOL_URL_ROOT . '/viewimage.php?modulepart=' . $modulepart . '&entity=' . $entity . '&file=' . urlencode($altfile) . '&cache=' . $cache . '">';
                 $ret .= '</a>';
             } else {
                 if (!empty($conf->gravatar->enabled) && $email) {
                     global $dolibarr_main_url_root;
                     $ret .= '<!-- Put link to gravatar -->';
                     $ret .= '<img alt="Photo found on Gravatar" title="Photo Gravatar.com - email ' . $email . '" border="0" width="' . $width . '" src="http://www.gravatar.com/avatar/' . dol_hash($email, 3) . '?s=' . $width . '&d=' . urlencode(dol_buildpath('/theme/common/nophoto.jpg', 2)) . '">';
                     // gravatar need md5 hash
                 } else {
                     $ret .= '<img alt="No photo" border="0" width="' . $width . '" src="' . DOL_URL_ROOT . '/theme/common/nophoto.jpg">';
                 }
             }
         }
     } else {
         dol_print_error('', 'Call of showphoto with wrong parameters');
     }
     return $ret;
 }
Beispiel #10
0
/**
 *
 */
function getPaypalPaymentUrl($source='',$ref='',$amount=0,$freetag='')
{
	global $conf;

	require_once(DOL_DOCUMENT_ROOT."/lib/security.lib.php");

	if (! empty($source) && ! empty($ref))
	{
		$token='';
		if (! empty($conf->global->PAYPAL_SECURITY_TOKEN)) $token='&securekey='.dol_hash($conf->global->PAYPAL_SECURITY_TOKEN.$source.$ref, 2);

		if ($source == 'commande')	$source = 'order';
		if ($source == 'facture')	$source = 'invoice';

		$url = DOL_MAIN_URL_ROOT.'/public/paypal/newpayment.php?source='.$source.'&ref='.$ref.$token;

		return $url;
	}
}
Beispiel #11
0
 /**
  *    	Return HTML code to output a photo
  *
  *    	@param	string		$modulepart			Key to define module concerned ('societe', 'userphoto', 'memberphoto')
  *     	@param  object		$object				Object containing data to retrieve file name
  * 		@param	int			$width				Width of photo
  * 		@param	int			$height				Height of photo (auto if 0)
  * 		@param	int			$caneditfield		Add edit fields
  * 		@param	string		$cssclass			CSS name to use on img for photo
  * 		@param	string		$imagesize		    'mini', 'small' or '' (original)
  *      @param  int         $addlinktofullsize  Add link to fullsize image
  *      @param  int         $cache              1=Accept to use image in cache
  * 	  	@return string    						HTML code to output photo
  */
 static function showphoto($modulepart, $object, $width = 100, $height = 0, $caneditfield = 0, $cssclass = 'photowithmargin', $imagesize = '', $addlinktofullsize = 1, $cache = 0)
 {
     global $conf, $langs;
     $entity = !empty($object->entity) ? $object->entity : $conf->entity;
     $id = !empty($object->id) ? $object->id : $object->rowid;
     $ret = '';
     $dir = '';
     $file = '';
     $originalfile = '';
     $altfile = '';
     $email = '';
     if ($modulepart == 'societe') {
         $dir = $conf->societe->multidir_output[$entity];
         if (!empty($object->logo)) {
             if ((string) $imagesize == 'mini') {
                 $file = get_exdir(0, 0, 0, 0, $object, 'thirdparty') . '/logos/' . getImageFileNameForSize($object->logo, '_mini');
             } else {
                 if ((string) $imagesize == 'small') {
                     $file = get_exdir(0, 0, 0, 0, $object, 'thirdparty') . '/logos/' . getImageFileNameForSize($object->logo, '_small');
                 } else {
                     $file = get_exdir(0, 0, 0, 0, $object, 'thirdparty') . '/logos/' . $object->logo;
                 }
             }
             $originalfile = get_exdir(0, 0, 0, 0, $object, 'thirdparty') . '/logos/' . $object->logo;
         }
     } else {
         if ($modulepart == 'contact') {
             $dir = $conf->societe->multidir_output[$entity] . '/contact';
             if (!empty($object->photo)) {
                 if ((string) $imagesize == 'mini') {
                     $file = get_exdir(0, 0, 0, 0, $object, 'contact') . '/photos/' . getImageFileNameForSize($object->photo, '_mini');
                 } else {
                     if ((string) $imagesize == 'small') {
                         $file = get_exdir(0, 0, 0, 0, $object, 'contact') . '/photos/' . getImageFileNameForSize($object->photo, '_small');
                     } else {
                         $file = get_exdir(0, 0, 0, 0, $object, 'contact') . '/photos/' . $object->photo;
                     }
                 }
                 $originalfile = get_exdir(0, 0, 0, 0, $object, 'contact') . '/photos/' . $object->photo;
             }
         } else {
             if ($modulepart == 'userphoto') {
                 $dir = $conf->user->dir_output;
                 if (!empty($object->photo)) {
                     if ((string) $imagesize == 'mini') {
                         $file = get_exdir($id, 2, 0, 0, $object, 'user') . getImageFileNameForSize($object->photo, '_mini');
                     } else {
                         if ((string) $imagesize == 'small') {
                             $file = get_exdir($id, 2, 0, 0, $object, 'user') . getImageFileNameForSize($object->photo, '_small');
                         } else {
                             $file = get_exdir($id, 2, 0, 0, $object, 'user') . $object->photo;
                         }
                     }
                     $originalfile = get_exdir($id, 2, 0, 0, $object, 'user') . $object->photo;
                 }
                 if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) {
                     $altfile = $object->id . ".jpg";
                 }
                 // For backward compatibility
                 $email = $object->email;
             } else {
                 if ($modulepart == 'memberphoto') {
                     $dir = $conf->adherent->dir_output;
                     if (!empty($object->photo)) {
                         if ((string) $imagesize == 'mini') {
                             $file = get_exdir($id, 2, 0, 0, $object, 'member') . 'photos/' . getImageFileNameForSize($object->photo, '_mini');
                         } else {
                             if ((string) $imagesize == 'small') {
                                 $file = get_exdir($id, 2, 0, 0, $object, 'member') . 'photos/' . getImageFileNameForSize($object->photo, '_small');
                             } else {
                                 $file = get_exdir($id, 2, 0, 0, $object, 'member') . 'photos/' . $object->photo;
                             }
                         }
                         $originalfile = get_exdir($id, 2, 0, 0, $object, 'member') . 'photos/' . $object->photo;
                     }
                     if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) {
                         $altfile = $object->id . ".jpg";
                     }
                     // For backward compatibility
                     $email = $object->email;
                 } else {
                     $dir = $conf->{$modulepart}->dir_output;
                     if (!empty($object->photo)) {
                         if ((string) $imagesize == 'mini') {
                             $file = get_exdir($id, 2, 0, 0, $object, $modulepart) . 'photos/' . getImageFileNameForSize($object->photo, '_mini');
                         } else {
                             if ((string) $imagesize == 'small') {
                                 $file = get_exdir($id, 2, 0, 0, $object, $modulepart) . 'photos/' . getImageFileNameForSize($object->photo, '_small');
                             } else {
                                 $file = get_exdir($id, 2, 0, 0, $object, $modulepart) . 'photos/' . $object->photo;
                             }
                         }
                         $originalfile = get_exdir($id, 2, 0, 0, $object, $modulepart) . 'photos/' . $object->photo;
                     }
                     if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) {
                         $altfile = $object->id . ".jpg";
                     }
                     // For backward compatibility
                     $email = $object->email;
                 }
             }
         }
     }
     if ($dir) {
         if ($file && file_exists($dir . "/" . $file)) {
             if ($addlinktofullsize) {
                 $ret .= '<a href="' . DOL_URL_ROOT . '/viewimage.php?modulepart=' . $modulepart . '&entity=' . $entity . '&file=' . urlencode($originalfile) . '&cache=' . $cache . '">';
             }
             $ret .= '<img alt="Photo" id="photologo' . preg_replace('/[^a-z]/i', '_', $file) . '" class="' . $cssclass . '" ' . ($width ? ' width="' . $width . '"' : '') . ($height ? ' height="' . $height . '"' : '') . ' src="' . DOL_URL_ROOT . '/viewimage.php?modulepart=' . $modulepart . '&entity=' . $entity . '&file=' . urlencode($file) . '&cache=' . $cache . '">';
             if ($addlinktofullsize) {
                 $ret .= '</a>';
             }
         } else {
             if ($altfile && file_exists($dir . "/" . $altfile)) {
                 if ($addlinktofullsize) {
                     $ret .= '<a href="' . DOL_URL_ROOT . '/viewimage.php?modulepart=' . $modulepart . '&entity=' . $entity . '&file=' . urlencode($originalfile) . '&cache=' . $cache . '">';
                 }
                 $ret .= '<img alt="Photo alt" id="photologo' . preg_replace('/[^a-z]/i', '_', $file) . '" class="' . $cssclass . '" ' . ($width ? ' width="' . $width . '"' : '') . ($height ? ' height="' . $height . '"' : '') . ' src="' . DOL_URL_ROOT . '/viewimage.php?modulepart=' . $modulepart . '&entity=' . $entity . '&file=' . urlencode($altfile) . '&cache=' . $cache . '">';
                 if ($addlinktofullsize) {
                     $ret .= '</a>';
                 }
             } else {
                 $nophoto = '/public/theme/common/nophoto.png';
                 if (in_array($modulepart, array('userphoto', 'contact'))) {
                     $nophoto = '/public/theme/common/user_anonymous.png';
                     if ($object->gender == 'man') {
                         $nophoto = '/public/theme/common/user_man.png';
                     }
                     if ($object->gender == 'woman') {
                         $nophoto = '/public/theme/common/user_woman.png';
                     }
                 }
                 if (!empty($conf->gravatar->enabled) && $email) {
                     /**
                      * @see https://gravatar.com/site/implement/images/php/
                      */
                     global $dolibarr_main_url_root;
                     $ret .= '<!-- Put link to gravatar -->';
                     $ret .= '<img class="photo' . $modulepart . ($cssclass ? ' ' . $cssclass : '') . '" alt="Gravatar avatar" title="' . $email . ' Gravatar avatar" border="0"' . ($width ? ' width="' . $width . '"' : '') . ($height ? ' height="' . $height . '"' : '') . ' src="https://www.gravatar.com/avatar/' . dol_hash(strtolower(trim($email)), 3) . '?s=' . $width . '&d=' . urlencode(dol_buildpath($nophoto, 2)) . '">';
                     // gravatar need md5 hash
                 } else {
                     $ret .= '<img class="photo' . $modulepart . ($cssclass ? ' ' . $cssclass : '') . '" alt="No photo" border="0"' . ($width ? ' width="' . $width . '"' : '') . ($height ? ' height="' . $height . '"' : '') . ' src="' . DOL_URL_ROOT . $nophoto . '">';
                 }
             }
         }
         if ($caneditfield) {
             if ($object->photo) {
                 $ret .= "<br>\n";
             }
             $ret .= '<table class="nobordernopadding hideonsmartphone">';
             if ($object->photo) {
                 $ret .= '<tr><td align="center"><input type="checkbox" class="flat photodelete" name="deletephoto" id="photodelete"> ' . $langs->trans("Delete") . '<br><br></td></tr>';
             }
             $ret .= '<tr><td>' . $langs->trans("PhotoFile") . '</td></tr>';
             $ret .= '<tr><td><input type="file" class="flat" name="photo" id="photoinput"></td></tr>';
             $ret .= '</table>';
         }
     } else {
         dol_print_error('', 'Call of showphoto with wrong parameters');
     }
     return $ret;
 }
Beispiel #12
0
/**
 * Return string with full Url
 *
 * @param   int		$mode		0=True url, 1=Url formated with colors
 * @param   string	$type		Type of URL ('free', 'order', 'invoice', 'contractline', 'membersubscription' ...)
 * @param	string	$ref		Ref of object
 * @param	int		$amount		Amount
 * @param	string	$freetag	Free tag
 * @return	string				Url string
 */
function getPaypalPaymentUrl($mode,$type,$ref='',$amount='9.99',$freetag='your_free_tag')
{
	global $conf;

    if ($type == 'free')
    {
	    $out=DOL_MAIN_URL_ROOT.'/public/paypal/newpayment.php?amount='.($mode?'<font color="#666666">':'').$amount.($mode?'</font>':'').'&tag='.($mode?'<font color="#666666">':'').$freetag.($mode?'</font>':'');
	    if (! empty($conf->global->PAYPAL_SECURITY_TOKEN))
	    {
	    	if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) $out.='&securekey='.$conf->global->PAYPAL_SECURITY_TOKEN;
	    	else $out.='&securekey='.dol_hash($conf->global->PAYPAL_SECURITY_TOKEN, 2);
	    }
    }
    if ($type == 'order')
    {
        $out=DOL_MAIN_URL_ROOT.'/public/paypal/newpayment.php?source=order&ref='.($mode?'<font color="#666666">':'');
        if ($mode == 1) $out.='order_ref';
        if ($mode == 0) $out.=urlencode($ref);
	    $out.=($mode?'</font>':'');
        if (! empty($conf->global->PAYPAL_SECURITY_TOKEN))
        {
    	    if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) $out.='&securekey='.$conf->global->PAYPAL_SECURITY_TOKEN;
            else
            {
                $out.='&securekey='.($mode?'<font color="#666666">':'');
                if ($mode == 1) $out.="hash('".$conf->global->PAYPAL_SECURITY_TOKEN."' + order + order_ref)";
                if ($mode == 0) $out.= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'order' . $ref, 2);
                $out.=($mode?'</font>':'');
            }
        }
    }
    if ($type == 'invoice')
    {
        $out=DOL_MAIN_URL_ROOT.'/public/paypal/newpayment.php?source=invoice&ref='.($mode?'<font color="#666666">':'');
        if ($mode == 1) $out.='invoice_ref';
        if ($mode == 0) $out.=urlencode($ref);
	    $out.=($mode?'</font>':'');
        if (! empty($conf->global->PAYPAL_SECURITY_TOKEN))
        {
    	    if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) $out.='&securekey='.$conf->global->PAYPAL_SECURITY_TOKEN;
            else
            {
                $out.='&securekey='.($mode?'<font color="#666666">':'');
                if ($mode == 1) $out.="hash('".$conf->global->PAYPAL_SECURITY_TOKEN."' + invoice + invoice_ref)";
                if ($mode == 0) $out.= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'invoice' . $ref, 2);
                $out.=($mode?'</font>':'');
            }
        }
    }
    if ($type == 'contractline')
    {
        $out=DOL_MAIN_URL_ROOT.'/public/paypal/newpayment.php?source=contractline&ref='.($mode?'<font color="#666666">':'');
        if ($mode == 1) $out.='contractline_ref';
        if ($mode == 0) $out.=urlencode($ref);
	    $out.=($mode?'</font>':'');
        if (! empty($conf->global->PAYPAL_SECURITY_TOKEN))
        {
    	    if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) $out.='&securekey='.$conf->global->PAYPAL_SECURITY_TOKEN;
            else
            {
                $out.='&securekey='.($mode?'<font color="#666666">':'');
                if ($mode == 1) $out.="hash('".$conf->global->PAYPAL_SECURITY_TOKEN."' + contactline + contractline_ref)";
                if ($mode == 0) $out.= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'contractline' . $ref, 2);
                $out.=($mode?'</font>':'');
            }
        }
    }
    if ($type == 'membersubscription')
    {
        $out=DOL_MAIN_URL_ROOT.'/public/paypal/newpayment.php?source=membersubscription&ref='.($mode?'<font color="#666666">':'');
        if ($mode == 1) $out.='member_ref';
        if ($mode == 0) $out.=urlencode($ref);
	    $out.=($mode?'</font>':'');
        if (! empty($conf->global->PAYPAL_SECURITY_TOKEN))
        {
    	    if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) $out.='&securekey='.$conf->global->PAYPAL_SECURITY_TOKEN;
            else
            {
                $out.='&securekey='.($mode?'<font color="#666666">':'');
                if ($mode == 1) $out.="hash('".$conf->global->PAYPAL_SECURITY_TOKEN."' + membersubscription + member_ref)";
                if ($mode == 0) $out.= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'membersubscription' . $ref, 2);
                $out.=($mode?'</font>':'');
            }
        }
    }
    return $out;
}
Beispiel #13
0
 $error = 0;
 $db->begin();
 dolibarr_set_const($db, "DATABASE_PWD_ENCRYPTED", "1", 'chaine', 0, '', $conf->entity);
 $sql = "SELECT u.rowid, u.pass, u.pass_crypted";
 $sql .= " FROM " . MAIN_DB_PREFIX . "user as u";
 $sql .= " WHERE u.pass IS NOT NULL AND LENGTH(u.pass) < 32";
 // Not a MD5 value
 $resql = $db->query($sql);
 if ($resql) {
     $numrows = $db->num_rows($resql);
     $i = 0;
     while ($i < $numrows) {
         $obj = $db->fetch_object($resql);
         if (dol_hash($obj->pass)) {
             $sql = "UPDATE " . MAIN_DB_PREFIX . "user";
             $sql .= " SET pass_crypted = '" . dol_hash($obj->pass) . "', pass = NULL";
             $sql .= " WHERE rowid=" . $obj->rowid;
             //print $sql;
             $resql2 = $db->query($sql);
             if (!$resql2) {
                 dol_print_error($db);
                 $error++;
                 break;
             }
             $i++;
         }
     }
 } else {
     dol_print_error($db);
 }
 //print $error." ".$sql;
Beispiel #14
0
/**
 *  Return a prefix to use for this Dolibarr instance for session or cookie names.
 *  This prefix is unique for instance and avoid conflict between multi-instances,
 *  even when having two instances with one root dir or two instances in virtual servers
 *
 *  @return	string      		A calculated prefix
 */
function dol_getprefix()
{
    if (isset($_SERVER["SERVER_NAME"]) && isset($_SERVER["DOCUMENT_ROOT"])) {
        return dol_hash($_SERVER["SERVER_NAME"] . $_SERVER["DOCUMENT_ROOT"] . DOL_DOCUMENT_ROOT . DOL_URL_ROOT);
        // Use this for a "clear" cookie name
        //return dol_sanitizeFileName($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"].DOL_DOCUMENT_ROOT.DOL_URL_ROOT);
    } else {
        return dol_hash(DOL_DOCUMENT_ROOT . DOL_URL_ROOT);
    }
}
Beispiel #15
0
 /**
  *    	Return HTML code to output a photo
  *
  *    	@param	string		$modulepart		Key to define module concerned ('societe', 'userphoto', 'memberphoto')
  *     	@param  Object		$object			Object containing data to retrieve file name
  * 		@param	int			$width			Width of photo
  * 	  	@return string    					HTML code to output photo
  */
 function showphoto($modulepart, $object, $width = 100)
 {
     global $conf;
     $ret = '';
     $dir = '';
     $file = '';
     $altfile = '';
     $email = '';
     if ($modulepart == 'societe') {
         $dir = $conf->societe->multidir_output[$object->entity];
         $smallfile = $object->logo;
         $smallfile = preg_replace('/(\\.png|\\.gif|\\.jpg|\\.jpeg|\\.bmp)/i', '_small\\1', $smallfile);
         if ($object->logo) {
             $file = $object->id . '/logos/thumbs/' . $smallfile;
         }
     } else {
         if ($modulepart == 'userphoto') {
             $dir = $conf->user->dir_output;
             if ($object->photo) {
                 $file = get_exdir($object->id, 2) . $object->photo;
             }
             if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) {
                 $altfile = $object->id . ".jpg";
             }
             // For backward compatibility
             $email = $object->email;
         } else {
             if ($modulepart == 'memberphoto') {
                 if ($object->photo) {
                     $file = $object->photo;
                 }
                 $email = $object->email;
             }
         }
     }
     if ($object->class) {
         // Photo in the database
         if ($file) {
             $ret .= '<img alt="Photo" id="photologo' . preg_replace('/[^a-z]/i', '_', $file) . '" class="photologo" border="0" width="' . $width . '" src="' . $object->getFile($file) . '">';
         } else {
             $ret .= '<img alt="No photo" border="0" width="' . $width . '" src="' . DOL_URL_ROOT . '/theme/common/nophoto.jpg">';
         }
     } elseif ($dir) {
         $cache = '0';
         if ($file && file_exists($dir . "/" . $file)) {
             // TODO Link to large image
             $ret .= '<a href="' . DOL_URL_ROOT . '/viewimage.php?modulepart=' . $modulepart . '&entity=' . $object->entity . '&file=' . urlencode($file) . '&cache=' . $cache . '">';
             $ret .= '<img alt="Photo" id="photologo' . preg_replace('/[^a-z]/i', '_', $file) . '" class="photologo" border="0" width="' . $width . '" src="' . DOL_URL_ROOT . '/viewimage.php?modulepart=' . $modulepart . '&entity=' . $object->entity . '&file=' . urlencode($file) . '&cache=' . $cache . '">';
             $ret .= '</a>';
         } elseif ($altfile && file_exists($dir . "/" . $altfile)) {
             $ret .= '<a href="' . DOL_URL_ROOT . '/viewimage.php?modulepart=' . $modulepart . '&entity=' . $object->entity . '&file=' . urlencode($file) . '&cache=' . $cache . '">';
             $ret .= '<img alt="Photo alt" id="photologo' . preg_replace('/[^a-z]/i', '_', $file) . '" class="photologo" border="0" width="' . $width . '" src="' . DOL_URL_ROOT . '/viewimage.php?modulepart=' . $modulepart . '&entity=' . $object->entity . '&file=' . urlencode($altfile) . '&cache=' . $cache . '">';
             $ret .= '</a>';
         } else {
             if (!empty($conf->gravatar->enabled) && $email) {
                 global $dolibarr_main_url_root;
                 $ret .= '<!-- Put link to gravatar -->';
                 $ret .= '<img alt="Photo found on Gravatar" title="Photo Gravatar.com - email ' . $email . '" border="0" width="' . $width . '" src="http://www.gravatar.com/avatar/' . dol_hash($email) . '?s=' . $width . '&d=' . urlencode(dol_buildpath('/theme/common/nophoto.jpg', 2)) . '">';
             } else {
                 $ret .= '<img alt="No photo" border="0" width="' . $width . '" src="' . DOL_URL_ROOT . '/theme/common/nophoto.jpg">';
             }
         }
     } else {
         dol_print_error('', 'Call of showphoto with wrong parameters');
     }
     /* Disabled. lightbox seems to not work. I don't know why.
     		  $ret.="\n<script type=\"text/javascript\">
     		  jQuery(function() {
     		  jQuery('.photologo').lightBox();
     		  });
     		  </script>\n";
     
     		  $ret.="\n<script type=\"text/javascript\">
     		  jQuery(function() {
     		  jQuery('.photologo').lightBox({
     		  overlayBgColor: '#FFF',
     		  overlayOpacity: 0.6,
     		  imageLoading: '".DOL_URL_ROOT."/includes/jquery/plugins/lightbox/images/lightbox-ico-loading.gif',
     		  imageBtnClose: '".DOL_URL_ROOT."/includes/jquery/plugins/lightbox/images/lightbox-btn-close.gif',
     		  imageBtnPrev: '".DOL_URL_ROOT."/includes/jquery/plugins/lightbox/images/lightbox-btn-prev.gif',
     		  imageBtnNext: '".DOL_URL_ROOT."/includes/jquery/plugins/lightbox/images/lightbox-btn-next.gif',
     		  containerResizeSpeed: 350,
     		  txtImage: 'Imagem',
     		  txtOf: 'de'
     		  });
     		  });
     		  </script>\n";
     		 */
     return $ret;
 }
Beispiel #16
0
// If an upgrade process is required, we call the install page.
if (!empty($conf->global->MAIN_VERSION_LAST_UPGRADE) && $conf->global->MAIN_VERSION_LAST_UPGRADE != DOL_VERSION || empty($conf->global->MAIN_VERSION_LAST_UPGRADE) && !empty($conf->global->MAIN_VERSION_LAST_INSTALL) && $conf->global->MAIN_VERSION_LAST_INSTALL != DOL_VERSION) {
    $versiontocompare = empty($conf->global->MAIN_VERSION_LAST_UPGRADE) ? $conf->global->MAIN_VERSION_LAST_INSTALL : $conf->global->MAIN_VERSION_LAST_UPGRADE;
    require_once DOL_DOCUMENT_ROOT . '/core/lib/admin.lib.php';
    $dolibarrversionlastupgrade = preg_split('/[.-]/', $versiontocompare);
    $dolibarrversionprogram = preg_split('/[.-]/', DOL_VERSION);
    $rescomp = versioncompare($dolibarrversionprogram, $dolibarrversionlastupgrade);
    if ($rescomp > 0) {
        dol_syslog("main.inc: database version " . $versiontocompare . " is lower than programs version " . DOL_VERSION . ". Redirect to install page.", LOG_WARNING);
        header("Location: " . DOL_URL_ROOT . "/install/index.php");
        exit;
    }
}
// Creation of a token against CSRF vulnerabilities
if (!defined('NOTOKENRENEWAL')) {
    $token = dol_hash(uniqid(mt_rand(), TRUE));
    // Generates a hash of a random number
    // roulement des jetons car cree a chaque appel
    if (isset($_SESSION['newtoken'])) {
        $_SESSION['token'] = $_SESSION['newtoken'];
    }
    $_SESSION['newtoken'] = $token;
}
if (!empty($conf->global->MAIN_SECURITY_CSRF)) {
    if (isset($_POST['token']) && isset($_SESSION['token'])) {
        if ($_POST['token'] != $_SESSION['token']) {
            dol_syslog("Invalid token in " . $_SERVER['HTTP_REFERER'] . ", action=" . GETPOST('action') . ", _POST['token']=" . GETPOST('token') . ", _SESSION['token']=" . $_SESSION['token'], LOG_WARNING);
            //print 'Unset POST by CSRF protection in main.inc.php.';	// Do not output anything because this create problems when using the BACK button on browsers.
            unset($_POST);
        }
    }
Beispiel #17
0
/**
 * Return string with full Url
 *
 * @param   int		$mode		0=True url, 1=Url formated with colors
 * @param   string	$type		Type of URL ('free', 'order', 'invoice', 'contractline', 'membersubscription' ...)
 * @param	string	$ref		Ref of object
 * @param	int		$amount		Amount
 * @param	string	$freetag	Free tag
 * @return	string				Url string
 */
function getPaypalPaymentUrl($mode, $type, $ref = '', $amount = '9.99', $freetag = 'your_free_tag')
{
    global $conf;
    if ($type == 'free') {
        $out = DOL_MAIN_URL_ROOT . '/public/paypal/newpayment.php?amount=' . ($mode ? '<font color="#666666">' : '') . $amount . ($mode ? '</font>' : '') . '&tag=' . ($mode ? '<font color="#666666">' : '') . $freetag . ($mode ? '</font>' : '');
        if (!empty($conf->global->PAYPAL_SECURITY_TOKEN)) {
            if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
                $out .= '&securekey=' . $conf->global->PAYPAL_SECURITY_TOKEN;
            } else {
                $out .= '&securekey=' . dol_hash($conf->global->PAYPAL_SECURITY_TOKEN, 2);
            }
        }
    }
    if ($type == 'order') {
        $out = DOL_MAIN_URL_ROOT . '/public/paypal/newpayment.php?source=order&ref=' . ($mode ? '<font color="#666666">' : '');
        if ($mode == 1) {
            $out .= 'order_ref';
        }
        if ($mode == 0) {
            $out .= urlencode($ref);
        }
        $out .= $mode ? '</font>' : '';
        if (!empty($conf->global->PAYPAL_SECURITY_TOKEN)) {
            if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
                $out .= '&securekey=' . $conf->global->PAYPAL_SECURITY_TOKEN;
            } else {
                $out .= '&securekey=' . ($mode ? '<font color="#666666">' : '');
                if ($mode == 1) {
                    $out .= "hash('" . $conf->global->PAYPAL_SECURITY_TOKEN . "' + 'order' + order_ref)";
                }
                if ($mode == 0) {
                    $out .= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'order' . $ref, 2);
                }
                $out .= $mode ? '</font>' : '';
            }
        }
    }
    if ($type == 'invoice') {
        $out = DOL_MAIN_URL_ROOT . '/public/paypal/newpayment.php?source=invoice&ref=' . ($mode ? '<font color="#666666">' : '');
        if ($mode == 1) {
            $out .= 'invoice_ref';
        }
        if ($mode == 0) {
            $out .= urlencode($ref);
        }
        $out .= $mode ? '</font>' : '';
        if (!empty($conf->global->PAYPAL_SECURITY_TOKEN)) {
            if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
                $out .= '&securekey=' . $conf->global->PAYPAL_SECURITY_TOKEN;
            } else {
                $out .= '&securekey=' . ($mode ? '<font color="#666666">' : '');
                if ($mode == 1) {
                    $out .= "hash('" . $conf->global->PAYPAL_SECURITY_TOKEN . "' + 'invoice' + invoice_ref)";
                }
                if ($mode == 0) {
                    $out .= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'invoice' . $ref, 2);
                }
                $out .= $mode ? '</font>' : '';
            }
        }
    }
    if ($type == 'contractline') {
        $out = DOL_MAIN_URL_ROOT . '/public/paypal/newpayment.php?source=contractline&ref=' . ($mode ? '<font color="#666666">' : '');
        if ($mode == 1) {
            $out .= 'contractline_ref';
        }
        if ($mode == 0) {
            $out .= urlencode($ref);
        }
        $out .= $mode ? '</font>' : '';
        if (!empty($conf->global->PAYPAL_SECURITY_TOKEN)) {
            if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
                $out .= '&securekey=' . $conf->global->PAYPAL_SECURITY_TOKEN;
            } else {
                $out .= '&securekey=' . ($mode ? '<font color="#666666">' : '');
                if ($mode == 1) {
                    $out .= "hash('" . $conf->global->PAYPAL_SECURITY_TOKEN . "' + 'contactline' + contractline_ref)";
                }
                if ($mode == 0) {
                    $out .= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'contractline' . $ref, 2);
                }
                $out .= $mode ? '</font>' : '';
            }
        }
    }
    if ($type == 'membersubscription') {
        $out = DOL_MAIN_URL_ROOT . '/public/paypal/newpayment.php?source=membersubscription&ref=' . ($mode ? '<font color="#666666">' : '');
        if ($mode == 1) {
            $out .= 'member_ref';
        }
        if ($mode == 0) {
            $out .= urlencode($ref);
        }
        $out .= $mode ? '</font>' : '';
        if (!empty($conf->global->PAYPAL_SECURITY_TOKEN)) {
            if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
                $out .= '&securekey=' . $conf->global->PAYPAL_SECURITY_TOKEN;
            } else {
                $out .= '&securekey=' . ($mode ? '<font color="#666666">' : '');
                if ($mode == 1) {
                    $out .= "hash('" . $conf->global->PAYPAL_SECURITY_TOKEN . "' + 'membersubscription' + member_ref)";
                }
                if ($mode == 0) {
                    $out .= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'membersubscription' . $ref, 2);
                }
                $out .= $mode ? '</font>' : '';
            }
        }
    }
    // For multicompany
    //$out.="&entity=".$conf->entity; // This should not be into link. Link contains already a ref of an object that allow to retreive entity
    return $out;
}
 /**
  * Generates Random string for MIME message Boundary
  *
  * @return void
  */
 function _setBoundary()
 {
     $this->_smtpsBoundary = "multipart_x." . time() . ".x_boundary";
     $this->_smtpsRelatedBoundary = 'mul_' . dol_hash(uniqid("dolibarr2"), 3);
     $this->_smtpsAlternativeBoundary = 'mul_' . dol_hash(uniqid("dolibarr3"), 3);
 }
 /**
  *    Change password of a user
  *
  *    @param	User	$user           Object user de l'utilisateur qui fait la modification
  *    @param 	string	$password       New password (to generate if empty)
  *    @param    int		$isencrypted    0 ou 1 si il faut crypter le mot de passe en base (0 par defaut)
  *	  @param	int		$notrigger		1=Ne declenche pas les triggers
  *    @param	int		$nosyncuser		Do not synchronize linked user
  *    @return   string           		If OK return clear password, 0 if no change, < 0 if error
  */
 function setPassword($user, $password = '', $isencrypted = 0, $notrigger = 0, $nosyncuser = 0)
 {
     global $conf, $langs;
     $error = 0;
     dol_syslog(get_class($this) . "::setPassword user="******" password="******" isencrypted=" . $isencrypted);
     // If new password not provided, we generate one
     if (!$password) {
         require_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php';
         $password = getRandomPassword(false);
     }
     // Cryptage mot de passe
     if ($isencrypted) {
         // Encryption
         $password_indatabase = dol_hash($password);
     } else {
         $password_indatabase = $password;
     }
     $this->db->begin();
     // Mise a jour
     $sql = "UPDATE " . MAIN_DB_PREFIX . "adherent SET pass = '******'";
     $sql .= " WHERE rowid = " . $this->id;
     //dol_syslog("Adherent::Password sql=hidden");
     dol_syslog(get_class($this) . "::setPassword", LOG_DEBUG);
     $result = $this->db->query($sql);
     if ($result) {
         $nbaffectedrows = $this->db->affected_rows($result);
         if ($nbaffectedrows) {
             $this->pass = $password;
             $this->pass_indatabase = $password_indatabase;
             if ($this->user_id && !$nosyncuser) {
                 require_once DOL_DOCUMENT_ROOT . '/user/class/user.class.php';
                 // This member is linked with a user, so we also update users informations
                 // if this is an update.
                 $luser = new User($this->db);
                 $result = $luser->fetch($this->user_id);
                 if ($result >= 0) {
                     $result = $luser->setPassword($user, $this->pass, 0, 0, 1);
                     if ($result < 0) {
                         $this->error = $luser->error;
                         dol_syslog(get_class($this) . "::setPassword " . $this->error, LOG_ERR);
                         $error++;
                     }
                 } else {
                     $this->error = $luser->error;
                     $error++;
                 }
             }
             if (!$error && !$notrigger) {
                 // Call trigger
                 $result = $this->call_trigger('MEMBER_NEW_PASSWORD', $user);
                 if ($result < 0) {
                     $error++;
                     $this->db->rollback();
                     return -1;
                 }
                 // End call triggers
             }
             $this->db->commit();
             return $this->pass;
         } else {
             $this->db->rollback();
             return 0;
         }
     } else {
         $this->db->rollback();
         dol_print_error($this->db);
         return -1;
     }
 }
 /**
  * Ajoute destinataires dans table des cibles
  *
  * @param	int		$mailing_id    Id of emailing
  * @param   array	$cibles        Array with targets
  * @return  int      			   < 0 si erreur, nb ajout si ok
  */
 function add_to_target($mailing_id, $cibles)
 {
     global $conf;
     $this->db->begin();
     // Insert emailing targest from array into database
     $j = 0;
     $num = count($cibles);
     foreach ($cibles as $targetarray) {
         if (!empty($targetarray['email'])) {
             $sql = "INSERT INTO " . MAIN_DB_PREFIX . "mailing_cibles";
             $sql .= " (fk_mailing,";
             $sql .= " fk_contact,";
             $sql .= " lastname, firstname, email, other, source_url, source_id,";
             $sql .= " tag,";
             $sql .= " source_type)";
             $sql .= " VALUES (" . $mailing_id . ",";
             $sql .= (empty($targetarray['fk_contact']) ? '0' : "'" . $targetarray['fk_contact'] . "'") . ",";
             $sql .= "'" . $this->db->escape($targetarray['lastname']) . "',";
             $sql .= "'" . $this->db->escape($targetarray['firstname']) . "',";
             $sql .= "'" . $this->db->escape($targetarray['email']) . "',";
             $sql .= "'" . $this->db->escape($targetarray['other']) . "',";
             $sql .= "'" . $this->db->escape($targetarray['source_url']) . "',";
             $sql .= (empty($targetarray['source_id']) ? 'null' : "'" . $this->db->escape($targetarray['source_id']) . "'") . ",";
             $sql .= "'" . $this->db->escape(dol_hash($targetarray['email'] . ';' . $targetarray['lastname'] . ';' . $mailing_id . ';' . $conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY)) . "',";
             $sql .= "'" . $this->db->escape($targetarray['source_type']) . "')";
             $result = $this->db->query($sql);
             if ($result) {
                 $j++;
             } else {
                 if ($this->db->errno() != 'DB_ERROR_RECORD_ALREADY_EXISTS') {
                     // Si erreur autre que doublon
                     dol_syslog($this->db->error());
                     $this->error = $this->db->error();
                     $this->db->rollback();
                     return -1;
                 }
             }
         }
     }
     dol_syslog(get_class($this) . "::add_to_target: sql " . $sql, LOG_DEBUG);
     dol_syslog(get_class($this) . "::add_to_target: mailing " . $j . " targets added");
     //Update the status to show thirdparty mail that don't want to be contacted anymore'
     $sql = "UPDATE " . MAIN_DB_PREFIX . "mailing_cibles";
     $sql .= " SET statut=3";
     $sql .= " WHERE fk_mailing=" . $mailing_id . " AND email in (SELECT email FROM " . MAIN_DB_PREFIX . "societe where fk_stcomm=-1)";
     $sql .= " AND source_type='thirdparty'";
     $result = $this->db->query($sql);
     dol_syslog(get_class($this) . "::add_to_target: mailing update status to display thirdparty mail that do not want to be contacted sql:" . $sql);
     //Update the status to show contact mail that don't want to be contacted anymore'
     $sql = "UPDATE " . MAIN_DB_PREFIX . "mailing_cibles";
     $sql .= " SET statut=3";
     $sql .= " WHERE fk_mailing=" . $mailing_id . " AND email in (SELECT sc.email FROM " . MAIN_DB_PREFIX . "socpeople AS sc ";
     $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe s ON s.fk_stcomm=-1 AND s.rowid=sc.fk_soc)";
     $sql .= " AND source_type='contact'";
     $result = $this->db->query($sql);
     dol_syslog(get_class($this) . "::add_to_target: mailing update status to display contact mail that do not want to be contacted sql:" . $sql);
     $this->update_nb($mailing_id);
     $this->db->commit();
     return $j;
 }
Beispiel #21
0
 /**
  * 	Parse rss URL
  *
  * 	@param	string	$urlRSS		Url to parse
  * 	@param	int		$maxNb		Max nb of records to get (0 for no limit)
  * 	@param	int		$cachedelay	0=No cache, nb of seconds we accept cache files (cachedir must also be defined)
  * 	@param	string	$cachedir	Directory where to save cache file
  *	@return	int					<0 if KO, >0 if OK
  */
 public function parser($urlRSS, $maxNb = 0, $cachedelay = 60, $cachedir = '')
 {
     global $conf;
     include_once DOL_DOCUMENT_ROOT . '/core/lib/files.lib.php';
     $rss = '';
     $str = '';
     // This will contain content of feed
     // Check parameters
     if (!dol_is_url($urlRSS)) {
         $this->error = "ErrorBadUrl";
         return -1;
     }
     $this->_urlRSS = $urlRSS;
     $newpathofdestfile = $cachedir . '/' . dol_hash($this->_urlRSS, 3);
     // Force md5 hash (does not contains special chars)
     $newmask = '0644';
     //dol_syslog("RssPArser::parser parse url=".$urlRSS." => cache file=".$newpathofdestfile);
     $nowgmt = dol_now();
     // Search into cache
     $foundintocache = 0;
     if ($cachedelay > 0 && $cachedir) {
         $filedate = dol_filemtime($newpathofdestfile);
         if ($filedate >= $nowgmt - $cachedelay) {
             //dol_syslog("RssParser::parser cache file ".$newpathofdestfile." is not older than now - cachedelay (".$nowgmt." - ".$cachedelay.") so we use it.");
             $foundintocache = 1;
             $this->_lastfetchdate = $filedate;
         } else {
             dol_syslog(get_class($this) . "::parser cache file " . $newpathofdestfile . " is not found or older than now - cachedelay (" . $nowgmt . " - " . $cachedelay . ") so we can't use it.");
         }
     }
     // Load file into $str
     if ($foundintocache) {
         $str = file_get_contents($newpathofdestfile);
     } else {
         try {
             ini_set("user_agent", "Dolibarr ERP-CRM RSS reader");
             ini_set("max_execution_time", $conf->global->MAIN_USE_RESPONSE_TIMEOUT);
             ini_set("default_socket_timeout", $conf->global->MAIN_USE_RESPONSE_TIMEOUT);
             $opts = array('http' => array('method' => "GET"));
             if (!empty($conf->global->MAIN_USE_CONNECT_TIMEOUT)) {
                 $opts['http']['timeout'] = $conf->global->MAIN_USE_CONNECT_TIMEOUT;
             }
             if (!empty($conf->global->MAIN_PROXY_USE)) {
                 $opts['http']['proxy'] = 'tcp://' . $conf->global->MAIN_PROXY_HOST . ':' . $conf->global->MAIN_PROXY_PORT;
             }
             //var_dump($opts);exit;
             $context = stream_context_create($opts);
             $str = file_get_contents($this->_urlRSS, false, $context);
         } catch (Exception $e) {
             print 'Error retrieving URL ' . $this->urlRSS . ' - ' . $e->getMessage();
         }
     }
     if ($str !== false) {
         // Convert $str into xml
         if (!empty($conf->global->EXTERNALRSS_USE_SIMPLEXML)) {
             //print 'xx'.LIBXML_NOCDATA;
             libxml_use_internal_errors(false);
             $rss = simplexml_load_string($str, "SimpleXMLElement", LIBXML_NOCDATA);
         } else {
             $xmlparser = xml_parser_create('');
             if (!is_resource($xmlparser)) {
                 $this->error = "ErrorFailedToCreateParser";
                 return -1;
             }
             xml_set_object($xmlparser, $this);
             xml_set_element_handler($xmlparser, 'feed_start_element', 'feed_end_element');
             xml_set_character_data_handler($xmlparser, 'feed_cdata');
             $status = xml_parse($xmlparser, $str);
             xml_parser_free($xmlparser);
             $rss = $this;
             //var_dump($rss->_format);exit;
         }
     }
     // If $rss loaded
     if ($rss) {
         // Save file into cache
         if (empty($foundintocache) && $cachedir) {
             dol_syslog(get_class($this) . "::parser cache file " . $newpathofdestfile . " is saved onto disk.");
             if (!dol_is_dir($cachedir)) {
                 dol_mkdir($cachedir);
             }
             $fp = fopen($newpathofdestfile, 'w');
             fwrite($fp, $str);
             fclose($fp);
             if (!empty($conf->global->MAIN_UMASK)) {
                 $newmask = $conf->global->MAIN_UMASK;
             }
             @chmod($newpathofdestfile, octdec($newmask));
             $this->_lastfetchdate = $nowgmt;
         }
         unset($str);
         // Free memory
         if (empty($rss->_format)) {
             $rss->_format = 'rss';
             if (empty($rss->channel)) {
                 $rss->_format = 'atom';
             }
         }
         $items = array();
         // Save description entries
         if ($rss->_format == 'rss') {
             //var_dump($rss);
             if (!empty($conf->global->EXTERNALRSS_USE_SIMPLEXML)) {
                 if (!empty($rss->channel->language)) {
                     $this->_language = (string) $rss->channel->language;
                 }
                 if (!empty($rss->channel->generator)) {
                     $this->_generator = (string) $rss->channel->generator;
                 }
                 if (!empty($rss->channel->copyright)) {
                     $this->_copyright = (string) $rss->channel->copyright;
                 }
                 if (!empty($rss->channel->lastbuilddate)) {
                     $this->_lastbuilddate = (string) $rss->channel->lastbuilddate;
                 }
                 if (!empty($rss->channel->image->url[0])) {
                     $this->_imageurl = (string) $rss->channel->image->url[0];
                 }
                 if (!empty($rss->channel->link)) {
                     $this->_link = (string) $rss->channel->link;
                 }
                 if (!empty($rss->channel->title)) {
                     $this->_title = (string) $rss->channel->title;
                 }
                 if (!empty($rss->channel->description)) {
                     $this->_description = (string) $rss->channel->description;
                 }
             } else {
                 //var_dump($rss->channel);
                 if (!empty($rss->channel['language'])) {
                     $this->_language = (string) $rss->channel['language'];
                 }
                 if (!empty($rss->channel['generator'])) {
                     $this->_generator = (string) $rss->channel['generator'];
                 }
                 if (!empty($rss->channel['copyright'])) {
                     $this->_copyright = (string) $rss->channel['copyright'];
                 }
                 if (!empty($rss->channel['lastbuilddate'])) {
                     $this->_lastbuilddate = (string) $rss->channel['lastbuilddate'];
                 }
                 if (!empty($rss->image['url'])) {
                     $this->_imageurl = (string) $rss->image['url'];
                 }
                 if (!empty($rss->channel['link'])) {
                     $this->_link = (string) $rss->channel['link'];
                 }
                 if (!empty($rss->channel['title'])) {
                     $this->_title = (string) $rss->channel['title'];
                 }
                 if (!empty($rss->channel['description'])) {
                     $this->_description = (string) $rss->channel['description'];
                 }
             }
             if (!empty($conf->global->EXTERNALRSS_USE_SIMPLEXML)) {
                 $items = $rss->channel->item;
             } else {
                 $items = $rss->items;
             }
             // With xmlparse
             //var_dump($items);exit;
         } else {
             if ($rss->_format == 'atom') {
                 //var_dump($rss);
                 if (!empty($conf->global->EXTERNALRSS_USE_SIMPLEXML)) {
                     if (!empty($rss->generator)) {
                         $this->_generator = (string) $rss->generator;
                     }
                     if (!empty($rss->lastbuilddate)) {
                         $this->_lastbuilddate = (string) $rss->modified;
                     }
                     if (!empty($rss->link->href)) {
                         $this->_link = (string) $rss->link->href;
                     }
                     if (!empty($rss->title)) {
                         $this->_title = (string) $rss->title;
                     }
                     if (!empty($rss->description)) {
                         $this->_description = (string) $rss->description;
                     }
                 } else {
                     //if (!empty($rss->channel['rss_language']))      $this->_language = (string) $rss->channel['rss_language'];
                     if (!empty($rss->channel['generator'])) {
                         $this->_generator = (string) $rss->channel['generator'];
                     }
                     //if (!empty($rss->channel['rss_copyright']))     $this->_copyright = (string) $rss->channel['rss_copyright'];
                     if (!empty($rss->channel['modified'])) {
                         $this->_lastbuilddate = (string) $rss->channel['modified'];
                     }
                     //if (!empty($rss->image['rss_url']))             $this->_imageurl = (string) $rss->image['rss_url'];
                     if (!empty($rss->channel['link'])) {
                         $this->_link = (string) $rss->channel['link'];
                     }
                     if (!empty($rss->channel['title'])) {
                         $this->_title = (string) $rss->channel['title'];
                     }
                     //if (!empty($rss->channel['rss_description']))   $this->_description = (string) $rss->channel['rss_description'];
                 }
                 if (!empty($conf->global->EXTERNALRSS_USE_SIMPLEXML)) {
                     $tmprss = xml2php($rss);
                     $items = $tmprss['entry'];
                 } else {
                     $items = $rss->items;
                 }
                 // With xmlparse
                 //var_dump($items);exit;
             }
         }
         $i = 0;
         // Loop on each record
         if (is_array($items)) {
             foreach ($items as $item) {
                 //var_dump($item);exit;
                 if ($rss->_format == 'rss') {
                     if (!empty($conf->global->EXTERNALRSS_USE_SIMPLEXML)) {
                         $itemLink = (string) $item->link;
                         $itemTitle = (string) $item->title;
                         $itemDescription = (string) $item->description;
                         $itemPubDate = (string) $item->pubDate;
                         $itemId = '';
                         $itemAuthor = '';
                     } else {
                         $itemLink = (string) $item['link'];
                         $itemTitle = (string) $item['title'];
                         $itemDescription = (string) $item['description'];
                         $itemPubDate = (string) $item['pubdate'];
                         $itemId = (string) $item['guid'];
                         $itemAuthor = (string) $item['author'];
                     }
                     // Loop on each category
                     $itemCategory = array();
                     if (is_array($item->category)) {
                         foreach ($item->category as $cat) {
                             $itemCategory[] = (string) $cat;
                         }
                     }
                 } else {
                     if ($rss->_format == 'atom') {
                         if (!empty($conf->global->EXTERNALRSS_USE_SIMPLEXML)) {
                             $itemLink = isset($item['link']['href']) ? (string) $item['link']['href'] : '';
                             $itemTitle = (string) $item['title'];
                             $itemDescription = (string) $item['summary'];
                             $itemPubDate = (string) $item['created'];
                             $itemId = (string) $item['id'];
                             $itemAuthor = (string) ($item['author'] ? $item['author'] : $item['author_name']);
                         } else {
                             $itemLink = isset($item['link']['href']) ? (string) $item['link']['href'] : '';
                             $itemTitle = (string) $item['title'];
                             $itemDescription = (string) $item['summary'];
                             $itemPubDate = (string) $item['created'];
                             $itemId = (string) $item['id'];
                             $itemAuthor = (string) ($item['author'] ? $item['author'] : $item['author_name']);
                         }
                     } else {
                         print 'ErrorBadFeedFormat';
                     }
                 }
                 // Add record to result array
                 $this->_rssarray[$i] = array('link' => $itemLink, 'title' => $itemTitle, 'description' => $itemDescription, 'pubDate' => $itemPubDate, 'category' => $itemCategory, 'id' => $itemId, 'author' => $itemAuthor);
                 //var_dump($this->_rssarray);
                 $i++;
                 if ($i > $maxNb) {
                     break;
                 }
                 // We get all records we want
             }
         }
         return 1;
     } else {
         $this->error = 'ErrorFailedToLoadRSSFile';
         return -1;
     }
 }
/**
 * Check validity of user/password/entity
 * If test is ko, reason must be filled into $_SESSION["dol_loginmesg"]
 *
 * @param	string	$usertotest		Login
 * @param	string	$passwordtotest	Password
 * @param   int		$entitytotest   Number of instance (always 1 if module multicompany not enabled)
 * @return	string					Login if OK, '' if KO
 */
function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotest = 1)
{
    global $db, $conf, $langs;
    // Force master entity in transversal mode
    $entity = $entitytotest;
    if (!empty($conf->multicompany->enabled) && !empty($conf->multicompany->transverse_mode)) {
        $entity = 1;
    }
    $login = '';
    if (!empty($usertotest)) {
        dol_syslog("functions_dolibarr::check_user_password_dolibarr usertotest=" . $usertotest . " passwordtotest=" . preg_replace('/./', '*', $passwordtotest) . " entitytotest=" . $entitytotest);
        // If test username/password asked, we define $test=false and $login var if ok, set $_SESSION["dol_loginmesg"] if ko
        $table = MAIN_DB_PREFIX . "user";
        $usernamecol1 = 'login';
        $usernamecol2 = 'email';
        $entitycol = 'entity';
        $sql = 'SELECT rowid, login, entity, pass, pass_crypted';
        $sql .= ' FROM ' . $table;
        $sql .= ' WHERE (' . $usernamecol1 . " = '" . $db->escape($usertotest) . "'";
        if (preg_match('/@/', $usertotest)) {
            $sql .= ' OR ' . $usernamecol2 . " = '" . $db->escape($usertotest) . "'";
        }
        $sql .= ') AND ' . $entitycol . " IN (0," . ($entity ? $entity : 1) . ")";
        $sql .= ' AND statut = 1';
        $resql = $db->query($sql);
        if ($resql) {
            $obj = $db->fetch_object($resql);
            if ($obj) {
                $passclear = $obj->pass;
                $passcrypted = $obj->pass_crypted;
                $passtyped = $passwordtotest;
                $passok = false;
                // Check crypted password
                $cryptType = '';
                if (!empty($conf->global->DATABASE_PWD_ENCRYPTED)) {
                    $cryptType = $conf->global->DATABASE_PWD_ENCRYPTED;
                }
                // By default, we used MD5
                if (!in_array($cryptType, array('md5'))) {
                    $cryptType = 'md5';
                }
                // Check crypted password according to crypt algorithm
                if ($cryptType == 'md5') {
                    if (dol_hash($passtyped) == $passcrypted) {
                        $passok = true;
                        dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - " . $cryptType . " of pass is ok");
                    }
                }
                // For compatibility with old versions
                if (!$passok) {
                    if ((!$passcrypted || $passtyped) && ($passclear && $passtyped == $passclear)) {
                        $passok = true;
                        dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - found pass in database");
                    }
                }
                // Password ok ?
                if ($passok) {
                    $login = $obj->login;
                } else {
                    dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko bad password for '" . $usertotest . "'");
                    sleep(1);
                    $langs->load('main');
                    $langs->load('errors');
                    $_SESSION["dol_loginmesg"] = $langs->trans("ErrorBadLoginPassword");
                }
                // We must check entity
                if ($passok && !empty($conf->multicompany->enabled)) {
                    global $mc;
                    if (!isset($mc)) {
                        $conf->multicompany->enabled = false;
                    } else {
                        $ret = $mc->checkRight($obj->rowid, $entitytotest);
                        if ($ret < 0) {
                            dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko entity '" . $entitytotest . "' not allowed for user '" . $obj->rowid . "'");
                            $login = '';
                            // force authentication failure
                        }
                    }
                }
            } else {
                dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko user not found for '" . $usertotest . "'");
                sleep(1);
                $langs->load('main');
                $langs->load('errors');
                $_SESSION["dol_loginmesg"] = $langs->trans("ErrorBadLoginPassword");
            }
        } else {
            dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko db error for '" . $usertotest . "' error=" . $db->lasterror());
            sleep(1);
            $_SESSION["dol_loginmesg"] = $db->lasterror();
        }
    }
    return $login;
}
Beispiel #23
0
/**
 * Return string with full Url
 *
 * @param   int		$mode		0=True url, 1=Url formated with colors
 * @param   string	$type		Type of URL ('free', 'order', 'invoice', 'contractline', 'membersubscription' ...)
 * @param	string	$ref		Ref of object
 * @param	int		$amount		Amount
 * @param	string	$freetag	Free tag
 * @return	string				Url string
 */
function getPaypalPaymentUrl($mode, $type, $ref = '', $amount = '9.99', $freetag = 'your_free_tag')
{
    global $conf;
    if ($type == 'free') {
        $out = DOL_MAIN_URL_ROOT . '/public/paypal/newpayment.php?amount=' . ($mode ? '<font color="#666666">' : '') . $amount . ($mode ? '</font>' : '') . '&tag=' . ($mode ? '<font color="#666666">' : '') . $freetag . ($mode ? '</font>' : '');
        if (!empty($conf->global->PAYPAL_SECURITY_TOKEN)) {
            if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
                $out .= '&securekey=' . $conf->global->PAYPAL_SECURITY_TOKEN;
            } else {
                $out .= '&securekey=' . dol_hash($conf->global->PAYPAL_SECURITY_TOKEN, 2);
            }
        }
    }
    if ($type == 'order') {
        $out = DOL_MAIN_URL_ROOT . '/public/paypal/newpayment.php?source=order&ref=' . ($mode ? '<font color="#666666">' : '');
        if ($mode == 1) {
            $out .= 'order_ref';
        }
        if ($mode == 0) {
            $out .= urlencode($ref);
        }
        $out .= $mode ? '</font>' : '';
        if (!empty($conf->global->PAYPAL_SECURITY_TOKEN)) {
            if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
                $out .= '&securekey=' . $conf->global->PAYPAL_SECURITY_TOKEN;
            } else {
                $out .= '&securekey=' . ($mode ? '<font color="#666666">' : '');
                if ($mode == 1) {
                    $out .= "hash('" . $conf->global->PAYPAL_SECURITY_TOKEN . "' + 'order' + order_ref)";
                }
                if ($mode == 0) {
                    $out .= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'order' . $ref, 2);
                }
                $out .= $mode ? '</font>' : '';
            }
        }
    }
    if ($type == 'invoice') {
        $out = DOL_MAIN_URL_ROOT . '/public/paypal/newpayment.php?source=invoice&ref=' . ($mode ? '<font color="#666666">' : '');
        if ($mode == 1) {
            $out .= 'invoice_ref';
        }
        if ($mode == 0) {
            $out .= urlencode($ref);
        }
        $out .= $mode ? '</font>' : '';
        if (!empty($conf->global->PAYPAL_SECURITY_TOKEN)) {
            if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
                $out .= '&securekey=' . $conf->global->PAYPAL_SECURITY_TOKEN;
            } else {
                $out .= '&securekey=' . ($mode ? '<font color="#666666">' : '');
                if ($mode == 1) {
                    $out .= "hash('" . $conf->global->PAYPAL_SECURITY_TOKEN . "' + 'invoice' + invoice_ref)";
                }
                if ($mode == 0) {
                    $out .= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'invoice' . $ref, 2);
                }
                $out .= $mode ? '</font>' : '';
            }
        }
    }
    if ($type == 'contractline') {
        $out = DOL_MAIN_URL_ROOT . '/public/paypal/newpayment.php?source=contractline&ref=' . ($mode ? '<font color="#666666">' : '');
        if ($mode == 1) {
            $out .= 'contractline_ref';
        }
        if ($mode == 0) {
            $out .= urlencode($ref);
        }
        $out .= $mode ? '</font>' : '';
        if (!empty($conf->global->PAYPAL_SECURITY_TOKEN)) {
            if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
                $out .= '&securekey=' . $conf->global->PAYPAL_SECURITY_TOKEN;
            } else {
                $out .= '&securekey=' . ($mode ? '<font color="#666666">' : '');
                if ($mode == 1) {
                    $out .= "hash('" . $conf->global->PAYPAL_SECURITY_TOKEN . "' + 'contactline' + contractline_ref)";
                }
                if ($mode == 0) {
                    $out .= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'contractline' . $ref, 2);
                }
                $out .= $mode ? '</font>' : '';
            }
        }
    }
    if ($type == 'membersubscription') {
        $out = DOL_MAIN_URL_ROOT . '/public/paypal/newpayment.php?source=membersubscription&ref=' . ($mode ? '<font color="#666666">' : '');
        if ($mode == 1) {
            $out .= 'member_ref';
        }
        if ($mode == 0) {
            $out .= urlencode($ref);
        }
        $out .= $mode ? '</font>' : '';
        if (!empty($conf->global->PAYPAL_SECURITY_TOKEN)) {
            if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
                $out .= '&securekey=' . $conf->global->PAYPAL_SECURITY_TOKEN;
            } else {
                $out .= '&securekey=' . ($mode ? '<font color="#666666">' : '');
                if ($mode == 1) {
                    $out .= "hash('" . $conf->global->PAYPAL_SECURITY_TOKEN . "' + 'membersubscription' + member_ref)";
                }
                if ($mode == 0) {
                    $out .= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'membersubscription' . $ref, 2);
                }
                $out .= $mode ? '</font>' : '';
            }
        }
    }
    // For multicompany
    $out .= "&entity=" . $conf->entity;
    // Check the entity because He may be the same reference in several entities
    return $out;
}
Beispiel #24
0
    require_once DOL_DOCUMENT_ROOT .'/core/lib/admin.lib.php';
    $dolibarrversionlastupgrade=preg_split('/[.-]/',$versiontocompare);
    $dolibarrversionprogram=preg_split('/[.-]/',DOL_VERSION);
    $rescomp=versioncompare($dolibarrversionprogram,$dolibarrversionlastupgrade);
    if ($rescomp > 0)   // Programs have a version higher than database. We did not add "&& $rescomp < 3" because we want upgrade process for build upgrades
    {
        dol_syslog("main.inc: database version ".$versiontocompare." is lower than programs version ".DOL_VERSION.". Redirect to install page.", LOG_WARNING);
        header("Location: ".DOL_URL_ROOT."/install/index.php");
        exit;
    }
}

// Creation of a token against CSRF vulnerabilities
if (! defined('NOTOKENRENEWAL'))
{
    $token = dol_hash(uniqid(mt_rand(),TRUE)); // Generates a hash of a random number
    // roulement des jetons car cree a chaque appel
    if (isset($_SESSION['newtoken'])) $_SESSION['token'] = $_SESSION['newtoken'];
    $_SESSION['newtoken'] = $token;
}
if (! empty($conf->global->MAIN_SECURITY_CSRF))	// Check validity of token, only if option enabled (this option breaks some features sometimes)
{
    if (isset($_POST['token']) && isset($_SESSION['token']))
    {
        if (($_POST['token'] != $_SESSION['token']))
        {
            dol_syslog("Invalid token in ".$_SERVER['HTTP_REFERER'].", action=".GETPOST('action').", _POST['token']=".GETPOST('token').", _SESSION['token']=".$_SESSION['token'],LOG_WARNING);
            //print 'Unset POST by CSRF protection in main.inc.php.';	// Do not output anything because this create problems when using the BACK button on browsers.
            unset($_POST);
        }
    }
Beispiel #25
0
    $user->getrights();
}
$cdavLib = new CdavLib($user, $db, $langs);
// Authentication
$authBackend = new DAV\Auth\Backend\BasicCallBack(function ($username, $password) {
    global $user;
    if (!isset($user->login) || $user->login == '') {
        return false;
    }
    if ($user->societe_id != 0) {
        return false;
    }
    if ($user->login != $username) {
        return false;
    }
    if ($user->pass_indatabase_crypted == '' || dol_hash($password) != $user->pass_indatabase_crypted) {
        return false;
    }
    return true;
});
$authBackend->setRealm('Dolibarr');
// The lock manager is reponsible for making sure users don't overwrite
// each others changes.
$lockBackend = new DAV\Locks\Backend\File($dolibarr_main_data_root . '/cdav/.locks');
// Principals Backend
$principalBackend = new DAVACL\PrincipalBackend\Dolibarr($user, $db);
// CardDav & CalDav Backend
$carddavBackend = new Sabre\CardDAV\Backend\Dolibarr($user, $db, $langs);
$caldavBackend = new Sabre\CalDAV\Backend\Dolibarr($user, $db, $langs, $cdavLib);
// Setting up the directory tree //
$nodes = array(new DAVACL\PrincipalCollection($principalBackend), new \Sabre\CardDAV\AddressBookRoot($principalBackend, $carddavBackend), new \Sabre\CalDAV\CalendarRoot($principalBackend, $caldavBackend), new DAV\FS\Directory($dolibarr_main_data_root . '/cdav/public'));
Beispiel #26
0
 /**
  * Login
  *
  * Log user with username and password
  *
  * @param   string  $login			Username
  * @param   string  $password		User password
  * @param   int     $entity			User entity
  * @return  array   Response status and user token
  *
  * @throws RestException
  */
 public function login($login, $password, $entity = 0)
 {
     // Authentication mode
     if (empty($dolibarr_main_authentication)) {
         $dolibarr_main_authentication = 'http,dolibarr';
     }
     // Authentication mode: forceuser
     if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) {
         $dolibarr_auto_user = '******';
     }
     // Set authmode
     $authmode = explode(',', $dolibarr_main_authentication);
     include_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php';
     $login = checkLoginPassEntity($login, $password, $entity, $authmode);
     if (empty($login)) {
         throw new RestException(403, 'Access denied');
     }
     // Generate token for user
     $token = dol_hash($login . uniqid() . $conf->global->MAIN_API_KEY, 1);
     // We store API token into database
     $sql = "UPDATE " . MAIN_DB_PREFIX . "user";
     $sql .= " SET api_key = '" . $this->db->escape($token) . "'";
     $sql .= " WHERE login = '******'";
     dol_syslog(get_class($this) . "::login", LOG_DEBUG);
     // No log
     $result = $this->db->query($sql);
     if (!$result) {
         throw new RestException(500, 'Error when updating user :'******'success' => array('code' => 200, 'token' => $token, 'message' => 'Welcome ' . $login));
 }
 /**
  * Seearch images into html message and init array this->images_encoded if found
  *
  * @param	string	$images_dir		Location of physical images files
  * @return	int 		        	>0 if OK, <0 if KO
  */
 function findHtmlImages($images_dir)
 {
     // Build the list of image extensions
     $extensions = array_keys($this->image_types);
     preg_match_all('/(?:"|\')([^"\']+\\.(' . implode('|', $extensions) . '))(?:"|\')/Ui', $this->html, $matches);
     if ($matches) {
         $i = 0;
         foreach ($matches[1] as $full) {
             if (preg_match('/file=([A-Za-z0-9_\\-\\/]+[\\.]?[A-Za-z0-9]+)?$/i', $full, $regs)) {
                 $img = $regs[1];
                 if (file_exists($images_dir . '/' . $img)) {
                     // Image path in src
                     $src = preg_quote($full, '/');
                     // Image full path
                     $this->html_images[$i]["fullpath"] = $images_dir . '/' . $img;
                     // Image name
                     $this->html_images[$i]["name"] = $img;
                     // Content type
                     if (preg_match('/^.+\\.(\\w{3,4})$/', $img, $reg)) {
                         $ext = strtolower($reg[1]);
                         $this->html_images[$i]["content_type"] = $this->image_types[$ext];
                     }
                     // cid
                     $this->html_images[$i]["cid"] = dol_hash(uniqid(time()));
                     $this->html = preg_replace("/src=\"{$src}\"|src='{$src}'/i", "src=\"cid:" . $this->html_images[$i]["cid"] . "\"", $this->html);
                 }
                 $i++;
             }
         }
         if (!empty($this->html_images)) {
             $inline = array();
             $i = 0;
             foreach ($this->html_images as $img) {
                 $fullpath = $images_dir . '/' . $img["name"];
                 // If duplicate images are embedded, they may show up as attachments, so remove them.
                 if (!in_array($fullpath, $inline)) {
                     // Read image file
                     if ($image = file_get_contents($fullpath)) {
                         // On garde que le nom de l'image
                         preg_match('/([A-Za-z0-9_-]+[\\.]?[A-Za-z0-9]+)?$/i', $img["name"], $regs);
                         $imgName = $regs[1];
                         $this->images_encoded[$i]['name'] = $imgName;
                         $this->images_encoded[$i]['content_type'] = $img["content_type"];
                         $this->images_encoded[$i]['cid'] = $img["cid"];
                         // Encodage de l'image
                         $this->images_encoded[$i]["image_encoded"] = chunk_split(base64_encode($image), 68, $this->eol);
                         $inline[] = $fullpath;
                     }
                 }
                 $i++;
             }
         } else {
             return -1;
         }
         return 1;
     } else {
         return 0;
     }
 }
Beispiel #28
0
        || (empty($conf->global->MAIN_VERSION_LAST_UPGRADE) && !empty($conf->global->MAIN_VERSION_LAST_INSTALL) && ($conf->global->MAIN_VERSION_LAST_INSTALL != DOL_VERSION))) {
    $versiontocompare = empty($conf->global->MAIN_VERSION_LAST_UPGRADE) ? $conf->global->MAIN_VERSION_LAST_INSTALL : $conf->global->MAIN_VERSION_LAST_UPGRADE;
    require_once(DOL_DOCUMENT_ROOT . "/core/lib/admin.lib.php");
    $dolibarrversionlastupgrade = preg_split('/[.-]/', $versiontocompare);
    $dolibarrversionprogram = preg_split('/[.-]/', DOL_VERSION);
    $rescomp = versioncompare($dolibarrversionprogram, $dolibarrversionlastupgrade);
    if ($rescomp > 0) {   // Programs have a version higher than database. We did not add "&& $rescomp < 3" because we want upgrade process for build upgrades
        dol_syslog("main.inc: database version " . $versiontocompare . " is lower than programs version " . DOL_VERSION . ". Redirect to install page.", LOG_WARNING);
        Header("Location: " . DOL_URL_ROOT . "/install/index.php");
        exit;
    }
}

// Creation of a token against CSRF vulnerabilities
if (!defined('NOTOKENRENEWAL')) {
    $token = dol_hash(uniqid(mt_rand(), TRUE)); // Genere un hash d'un nombre aleatoire
    // roulement des jetons car cree a chaque appel
    if (isset($_SESSION['newtoken']))
        $_SESSION['token'] = $_SESSION['newtoken'];
    $_SESSION['newtoken'] = $token;
}
if (!empty($conf->global->MAIN_SECURITY_CSRF)) { // Check validity of token, only if option enabled (this option breaks some features sometimes)
    if (isset($_POST['token']) && isset($_SESSION['token'])) {
        if (($_POST['token'] != $_SESSION['token'])) {
            dol_syslog("Invalid token in " . $_SERVER['HTTP_REFERER'] . ", action=" . $_POST['action'] . ", _POST['token']=" . $_POST['token'] . ", _SESSION['token']=" . $_SESSION['token'], LOG_WARNING);
            //print 'Unset POST by CSRF protection in main.inc.php.';	// Do not output anything because this create problems when using the BACK button on browsers.
            unset($_POST);
        }
    }
}
                 $urlback .= '&email=' . urlencode(GETPOST('email'));
             }
             if (!empty($entity)) {
                 $urlback .= '&entity=' . $entity;
             }
         } else {
             if ($conf->global->MEMBER_NEWFORM_PAYONLINE == 'paypal') {
                 $urlback = DOL_MAIN_URL_ROOT . '/public/paypal/newpayment.php?from=membernewform&source=membersubscription&ref=' . $adh->ref;
                 if (price2num(GETPOST('amount'))) {
                     $urlback .= '&amount=' . price2num(GETPOST('amount'));
                 }
                 if (GETPOST('email')) {
                     $urlback .= '&email=' . urlencode(GETPOST('email'));
                 }
                 if (!empty($conf->global->PAYPAL_SECURITY_TOKEN) && !empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
                     $urlback .= '&securekey=' . dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'membersubscription' . $adh->ref, 2);
                 }
                 if (!empty($entity)) {
                     $urlback .= '&entity=' . $entity;
                 }
             } else {
                 dol_print_error('', "Autosubscribe form is setup to ask an online payment for a not managed online payment");
                 exit;
             }
         }
     }
     dol_syslog("member " . $adh->ref . " was created, we redirect to " . $urlback);
     Header("Location: " . $urlback);
     exit;
 } else {
     $errmsg .= join('<br>', $adh->errors);
Beispiel #30
0
    /**
     *  Envoie mot de passe par mail
     *
     *  @param	User	$user           Object user de l'utilisateur qui fait l'envoi
     *  @param	string	$password       Nouveau mot de passe
     * 	@param	int		$changelater	1=Change password only after clicking on confirm email
     *  @return int 		            < 0 si erreur, > 0 si ok
     */
    function send_password($user, $password = '', $changelater = 0) {
        global $conf, $langs;
        global $dolibarr_main_url_root;

        require_once DOL_DOCUMENT_ROOT . "/core/class/CMailFile.class.php";

        $subject = $langs->trans("SubjectNewPassword");
        $msgishtml = 0;

        // Define $msg
        $mesg = '';

        $outputlangs = new Translate("", $conf);
        if (isset($this->conf->MAIN_LANG_DEFAULT)
                && $this->conf->MAIN_LANG_DEFAULT != 'auto') { // If user has defined its own language (rare because in most cases, auto is used)
            $outputlangs->getDefaultLang($this->conf->MAIN_LANG_DEFAULT);
        } else { // If user has not defined its own language, we used current language
            $outputlangs = $langs;
        }

        // Define urlwithouturlroot
        if (!empty($_SERVER["HTTP_HOST"])) { // Autodetect main url root
            $urlwithouturlroot = 'http://' . preg_replace('/' . preg_quote(DOL_URL_ROOT, '/') . '$/i', '', $_SERVER["HTTP_HOST"]);
        } else {
            $urlwithouturlroot = preg_replace('/' . preg_quote(DOL_URL_ROOT, '/') . '$/i', '', $dolibarr_main_url_root);
        }
        if (!empty($dolibarr_main_force_https))
            $urlwithouturlroot = preg_replace('/http:/i', 'https:', $urlwithouturlroot);

        // TODO Use outputlangs to translate messages
        if (!$changelater) {
            $mesg.= "A request to change your Dolibarr password has been received.\n";
            $mesg.= "This is your new keys to login:\n\n";
            $mesg.= $langs->trans("Login") . " : $this->login\n";
            $mesg.= $langs->trans("Password") . " : $password\n\n";
            $mesg.= "\n";
            $url = $urlwithouturlroot . DOL_URL_ROOT;
            $mesg.= 'Click here to go to Dolibarr: ' . $url . "\n\n";
            $mesg.= "--\n";
            $mesg.= $user->getFullName($langs); // Username that make then sending
        } else {
            $mesg.= "A request to change your Dolibarr password has been received.\n";
            $mesg.= "Your new key to login will be:\n\n";
            $mesg.= $langs->trans("Login") . " : $this->login\n";
            $mesg.= $langs->trans("Password") . " : $password\n\n";
            $mesg.= "\n";
            $mesg.= "You must click on the folowing link to validate its change.\n";
            $url = $urlwithouturlroot . DOL_URL_ROOT . '/user/passwordforgotten.php?action=validatenewpassword&username='******'t ask anything, just forget this email\n\n";
            dol_syslog(get_class($this) . "::send_password url=" . $url);
        }
        $mailfile = new CMailFile(
                        $subject,
                        $this->email,
                        $conf->notification->email_from,
                        $mesg,
                        array(),
                        array(),
                        array(),
                        '',
                        '',
                        0,
                        $msgishtml
        );

        if ($mailfile->sendfile()) {
            return 1;
        } else {
            $langs->trans("errors");
            $this->error = $langs->trans("ErrorFailedToSendPassword") . ' ' . $mailfile->error;
            return -1;
        }
    }