/**
* Fonction qui donne les droits redacteurs dans spip
*
* @param Object $object Object with data (->firstname, ->lastname, ->email and ->login)
* @return int =0 if KO, >0 if OK
*/
function add_to_spip($object)
{
dol_syslog(get_class($this)."::add_to_spip");
if (defined("ADHERENT_USE_SPIP") && ADHERENT_USE_SPIP ==1 &&
defined('ADHERENT_SPIP_SERVEUR') && ADHERENT_SPIP_SERVEUR != '' &&
defined('ADHERENT_SPIP_USER') && ADHERENT_SPIP_USER != '' &&
defined('ADHERENT_SPIP_PASS') && ADHERENT_SPIP_PASS != '' &&
defined('ADHERENT_SPIP_DB') && ADHERENT_SPIP_DB != ''
)
{
require_once(DOL_DOCUMENT_ROOT."/core/lib/security2.lib.php");
$mdpass=dol_hash($object->pass);
$htpass=crypt($object->pass,makesalt());
$query = "INSERT INTO spip_auteurs (nom, email, login, pass, htpass, alea_futur, statut) VALUES(\"".$object->firstname." ".$object->lastname."\",\"".$object->email."\",\"".$object->login."\",\"$mdpass\",\"$htpass\",FLOOR(32000*RAND()),\"1comite\")";
$mydb=getDoliDBInstance('mysql',ADHERENT_SPIP_SERVEUR,ADHERENT_SPIP_USER,ADHERENT_SPIP_PASS,ADHERENT_SPIP_DB,ADHERENT_SPIP_PORT);
if (! $mydb->ok)
{
$this->error=$mydb->lasterror();
return 0;
}
$result = $mydb->query($query);
if ($result)
{
$mydb->close();
return 1;
}
else
{
$this->error=$mydb->lasterror();
return 0;
}
}
}
/**
* Return a prefix to use for this Dolibarr instance for session or cookie names.
* This prefix is unique for instance and avoid conflict between multi-instances,
* even when having two instances with one root dir or two instances in virtual servers
*
* @return string A calculated prefix
*/
function dol_getprefix()
{
return dol_hash($_SERVER["SERVER_NAME"] . $_SERVER["DOCUMENT_ROOT"] . DOL_DOCUMENT_ROOT . DOL_URL_ROOT);
}
if (empty($PAYPAL_API_PASSWORD)) {
dol_print_error('', "Paypal setup param PAYPAL_API_PASSWORD not defined");
return -1;
}
if (empty($PAYPAL_API_SIGNATURE)) {
dol_print_error('', "Paypal setup param PAYPAL_API_SIGNATURE not defined");
return -1;
}
// Check security token
$valid = true;
if (!empty($conf->global->PAYPAL_SECURITY_TOKEN)) {
if (!empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
if ($SOURCE && $REF) {
$token = dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . $SOURCE . $REF, 2);
} else {
$token = dol_hash($conf->global->PAYPAL_SECURITY_TOKEN, 2);
}
} else {
$token = $conf->global->PAYPAL_SECURITY_TOKEN;
}
if ($SECUREKEY != $token) {
$valid = false;
}
if (!$valid) {
print '<div class="error">Bad value for key.</div>';
//print 'SECUREKEY='.$SECUREKEY.' token='.$token.' valid='.$valid;
exit;
}
}
/*
* Actions
/**
* Fonction qui donne les droits redacteurs dans spip
*
* @param Adherent $object Object with data (->firstname, ->lastname, ->email and ->login)
* @return int =0 if KO, >0 if OK
*/
function add_to_spip($object)
{
dol_syslog(get_class($this) . "::add_to_spip");
if ($this->isSpipEnabled()) {
if ($this->checkSpipConfig()) {
$mydb = $this->connectSpip();
if ($mydb) {
require_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php';
$mdpass = dol_hash($object->pass);
$htpass = crypt($object->pass, makesalt());
$query = "INSERT INTO spip_auteurs (nom, email, login, pass, htpass, alea_futur, statut) VALUES(\"" . dolGetFirstLastname($object->firstname, $object->lastname) . "\",\"" . $object->email . "\",\"" . $object->login . "\",\"{$mdpass}\",\"{$htpass}\",FLOOR(32000*RAND()),\"1comite\")";
$result = $mydb->query($query);
$mydb->close();
if ($result) {
return 1;
} else {
$this->error = $mydb->lasterror();
}
} else {
$this->error = 'Failed to connect to SPIP';
}
} else {
$this->error = 'BadSPIPConfiguration';
}
} else {
$this->error = 'SPIPNotEnabled';
}
return 0;
}
/**
* Return a generated password using default module
*
* @param boolean $generic true=Create generic password (use default crypt function), false=Use the configured password generation module
* @return string New value for password
*/
function getRandomPassword($generic = false)
{
global $db, $conf, $langs, $user;
$generated_password = '';
if ($generic) {
$generated_password = dol_hash(mt_rand());
} else {
if (!empty($conf->global->USER_PASSWORD_GENERATED)) {
$nomclass = "modGeneratePass" . ucfirst($conf->global->USER_PASSWORD_GENERATED);
$nomfichier = $nomclass . ".class.php";
//print DOL_DOCUMENT_ROOT."/core/modules/security/generate/".$nomclass;
require_once DOL_DOCUMENT_ROOT . "/core/modules/security/generate/" . $nomfichier;
$genhandler = new $nomclass($db, $conf, $langs, $user);
$generated_password = $genhandler->getNewGeneratedPassword();
unset($genhandler);
}
}
return $generated_password;
}
$tmpfield = explode('=', $other[1], 2);
$other2 = isset($tmpfield[1]) ? $tmpfield[1] : $tmpfield[0];
$tmpfield = explode('=', $other[2], 2);
$other3 = isset($tmpfield[1]) ? $tmpfield[1] : $tmpfield[0];
$tmpfield = explode('=', $other[3], 2);
$other4 = isset($tmpfield[1]) ? $tmpfield[1] : $tmpfield[0];
$tmpfield = explode('=', $other[4], 2);
$other5 = isset($tmpfield[1]) ? $tmpfield[1] : $tmpfield[0];
// Array of possible substitutions (See also fie mailing-send.php that should manage same substitutions)
$substitutionarray = array('__ID__' => $obj->source_id, '__EMAIL__' => $obj->email, '__LASTNAME__' => $obj->lastname, '__FIRSTNAME__' => $obj->firstname, '__MAILTOEMAIL__' => '<a href="mailto:' . $obj->email . '">' . $obj->email . '</a>', '__OTHER1__' => $other1, '__OTHER2__' => $other2, '__OTHER3__' => $other3, '__OTHER4__' => $other4, '__OTHER5__' => $other5, '__CHECK_READ__' => '<img src="' . DOL_MAIN_URL_ROOT . '/public/emailing/mailing-read.php?tag=' . $obj->tag . '&securitykey=' . urlencode($conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY) . '" width="1" height="1" style="width:1px;height:1px" border="0"/>', '__UNSUBSCRIBE__' => '<a href="' . DOL_MAIN_URL_ROOT . '/public/emailing/mailing-unsubscribe.php?tag=' . $obj->tag . '&unsuscrib=1&securitykey=' . urlencode($conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY) . '" target="_blank">' . $langs->trans("MailUnsubcribe") . '</a>');
if (!empty($conf->paypal->enabled) && !empty($conf->global->PAYPAL_SECURITY_TOKEN)) {
$substitutionarray['__SECUREKEYPAYPAL__'] = dol_hash($conf->global->PAYPAL_SECURITY_TOKEN, 2);
if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
$substitutionarray['__SECUREKEYPAYPAL_MEMBER__'] = dol_hash($conf->global->PAYPAL_SECURITY_TOKEN, 2);
} else {
$substitutionarray['__SECUREKEYPAYPAL_MEMBER__'] = dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'membersubscription' . $obj->source_id, 2);
}
}
$substitutionisok = true;
complete_substitutions_array($substitutionarray, $langs);
$newsubject = make_substitutions($subject, $substitutionarray);
$newmessage = make_substitutions($message, $substitutionarray);
$arr_file = array();
$arr_mime = array();
$arr_name = array();
$arr_css = array();
$listofpaths = dol_dir_list($upload_dir, 'all', 0, '', '', 'name', SORT_ASC, 0);
if (count($listofpaths)) {
foreach ($listofpaths as $key => $val) {
$arr_file[] = $listofpaths[$key]['fullname'];
$arr_mime[] = dol_mimetype($listofpaths[$key]['name']);
/**
* Actions
*/
// Validate new password
if ($action == 'validatenewpassword' && $username && $passwordmd5)
{
$edituser = new User($db);
$result=$edituser->fetch('',$_GET["username"]);
if ($result < 0)
{
$message = '<div class="error">'.$langs->trans("ErrorLoginDoesNotExists",$username).'</div>';
}
else
{
if (dol_hash($edituser->pass_temp) == $passwordmd5)
{
$newpassword=$edituser->setPassword($user,$edituser->pass_temp,0);
dol_syslog("passwordforgotten.php new password for user->id=".$edituser->id." validated in database");
header("Location: ".DOL_URL_ROOT.'/');
exit;
}
else
{
$message = '<div class="error">'.$langs->trans("ErrorFailedToValidatePassword").'</div>';
}
}
}
// Action modif mot de passe
if ($action == 'buildnewpassword' && $username)
{
/**
* Send new password by email
*
* @param User $user Object user that send email
* @param string $password New password
* @param int $changelater 1=Change password only after clicking on confirm email
* @return int < 0 si erreur, > 0 si ok
*/
function send_password($user, $password = '', $changelater = 0)
{
global $conf, $langs;
global $dolibarr_main_url_root;
require_once DOL_DOCUMENT_ROOT . '/core/class/CMailFile.class.php';
$msgishtml = 0;
// Define $msg
$mesg = '';
$outputlangs = new Translate("", $conf);
if (isset($this->conf->MAIN_LANG_DEFAULT) && $this->conf->MAIN_LANG_DEFAULT != 'auto') {
// If user has defined its own language (rare because in most cases, auto is used)
$outputlangs->getDefaultLang($this->conf->MAIN_LANG_DEFAULT);
} else {
// If user has not defined its own language, we used current language
$outputlangs = $langs;
}
$outputlangs->load("main");
$outputlangs->load("errors");
$outputlangs->load("users");
$outputlangs->load("other");
$subject = $outputlangs->transnoentitiesnoconv("SubjectNewPassword");
// Define $urlwithroot
//$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root));
//$urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
$urlwithroot = DOL_MAIN_URL_ROOT;
// This is to use same domain name than current
if (!$changelater) {
$mesg .= $outputlangs->transnoentitiesnoconv("RequestToResetPasswordReceived") . ".\n";
$mesg .= $outputlangs->transnoentitiesnoconv("NewKeyIs") . " :\n\n";
$mesg .= $outputlangs->transnoentitiesnoconv("Login") . " = " . $this->login . "\n";
$mesg .= $outputlangs->transnoentitiesnoconv("Password") . " = " . $password . "\n\n";
$mesg .= "\n";
$url = $urlwithroot . '/';
$mesg .= $outputlangs->transnoentitiesnoconv("ClickHereToGoTo", $conf->global->MAIN_APPLICATION_TITLE) . ': ' . $url . "\n\n";
$mesg .= "--\n";
$mesg .= $user->getFullName($outputlangs);
// Username that make then sending
} else {
$mesg .= $outputlangs->transnoentitiesnoconv("RequestToResetPasswordReceived") . "\n";
$mesg .= $outputlangs->transnoentitiesnoconv("NewKeyWillBe") . " :\n\n";
$mesg .= $outputlangs->transnoentitiesnoconv("Login") . " = " . $this->login . "\n";
$mesg .= $outputlangs->transnoentitiesnoconv("Password") . " = " . $password . "\n\n";
$mesg .= "\n";
$mesg .= $outputlangs->transnoentitiesnoconv("YouMustClickToChange") . " :\n";
$url = $urlwithroot . '/user/passwordforgotten.php?action=validatenewpassword&username='******'', '', 0, $msgishtml);
if ($mailfile->sendfile()) {
return 1;
} else {
$langs->trans("errors");
$this->error = $langs->trans("ErrorFailedToSendPassword") . ' ' . $mailfile->error;
return -1;
}
}
/**
* Return HTML code to output a photo
*
* @param string $modulepart Key to define module concerned ('societe', 'userphoto', 'memberphoto')
* @param object $object Object containing data to retrieve file name
* @param int $width Width of photo
* @return string HTML code to output photo
*/
function showphoto($modulepart, $object, $width = 100)
{
global $conf;
$entity = !empty($object->entity) ? $object->entity : $conf->entity;
$id = !empty($object->id) ? $object->id : $object->rowid;
$ret = '';
$dir = '';
$file = '';
$altfile = '';
$email = '';
if ($modulepart == 'societe') {
$dir = $conf->societe->multidir_output[$entity];
$smallfile = $object->logo;
$smallfile = preg_replace('/(\\.png|\\.gif|\\.jpg|\\.jpeg|\\.bmp)/i', '_small\\1', $smallfile);
if ($object->logo) {
$file = $id . '/logos/thumbs/' . $smallfile;
}
} else {
if ($modulepart == 'userphoto') {
$dir = $conf->user->dir_output;
if ($object->photo) {
$file = get_exdir($id, 2) . $object->photo;
}
if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) {
$altfile = $object->id . ".jpg";
}
// For backward compatibility
$email = $object->email;
} else {
if ($modulepart == 'memberphoto') {
$dir = $conf->adherent->dir_output;
if ($object->photo) {
$file = get_exdir($id, 2) . 'photos/' . $object->photo;
}
if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) {
$altfile = $object->id . ".jpg";
}
// For backward compatibility
$email = $object->email;
} else {
$dir = $conf->{$modulepart}->dir_output;
if ($object->photo) {
$file = get_exdir($id, 2) . 'photos/' . $object->photo;
}
if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) {
$altfile = $object->id . ".jpg";
}
// For backward compatibility
$email = $object->email;
}
}
}
if ($dir) {
$cache = '0';
if ($file && file_exists($dir . "/" . $file)) {
// TODO Link to large image
$ret .= '<a href="' . DOL_URL_ROOT . '/viewimage.php?modulepart=' . $modulepart . '&entity=' . $entity . '&file=' . urlencode($file) . '&cache=' . $cache . '">';
$ret .= '<img alt="Photo" id="photologo' . preg_replace('/[^a-z]/i', '_', $file) . '" class="photologo" border="0" width="' . $width . '" src="' . DOL_URL_ROOT . '/viewimage.php?modulepart=' . $modulepart . '&entity=' . $entity . '&file=' . urlencode($file) . '&cache=' . $cache . '">';
$ret .= '</a>';
} else {
if ($altfile && file_exists($dir . "/" . $altfile)) {
$ret .= '<a href="' . DOL_URL_ROOT . '/viewimage.php?modulepart=' . $modulepart . '&entity=' . $entity . '&file=' . urlencode($file) . '&cache=' . $cache . '">';
$ret .= '<img alt="Photo alt" id="photologo' . preg_replace('/[^a-z]/i', '_', $file) . '" class="photologo" border="0" width="' . $width . '" src="' . DOL_URL_ROOT . '/viewimage.php?modulepart=' . $modulepart . '&entity=' . $entity . '&file=' . urlencode($altfile) . '&cache=' . $cache . '">';
$ret .= '</a>';
} else {
if (!empty($conf->gravatar->enabled) && $email) {
global $dolibarr_main_url_root;
$ret .= '<!-- Put link to gravatar -->';
$ret .= '<img alt="Photo found on Gravatar" title="Photo Gravatar.com - email ' . $email . '" border="0" width="' . $width . '" src="http://www.gravatar.com/avatar/' . dol_hash($email, 3) . '?s=' . $width . '&d=' . urlencode(dol_buildpath('/theme/common/nophoto.jpg', 2)) . '">';
// gravatar need md5 hash
} else {
$ret .= '<img alt="No photo" border="0" width="' . $width . '" src="' . DOL_URL_ROOT . '/theme/common/nophoto.jpg">';
}
}
}
} else {
dol_print_error('', 'Call of showphoto with wrong parameters');
}
return $ret;
}
/**
*
*/
function getPaypalPaymentUrl($source='',$ref='',$amount=0,$freetag='')
{
global $conf;
require_once(DOL_DOCUMENT_ROOT."/lib/security.lib.php");
if (! empty($source) && ! empty($ref))
{
$token='';
if (! empty($conf->global->PAYPAL_SECURITY_TOKEN)) $token='&securekey='.dol_hash($conf->global->PAYPAL_SECURITY_TOKEN.$source.$ref, 2);
if ($source == 'commande') $source = 'order';
if ($source == 'facture') $source = 'invoice';
$url = DOL_MAIN_URL_ROOT.'/public/paypal/newpayment.php?source='.$source.'&ref='.$ref.$token;
return $url;
}
}
/**
* Return HTML code to output a photo
*
* @param string $modulepart Key to define module concerned ('societe', 'userphoto', 'memberphoto')
* @param object $object Object containing data to retrieve file name
* @param int $width Width of photo
* @param int $height Height of photo (auto if 0)
* @param int $caneditfield Add edit fields
* @param string $cssclass CSS name to use on img for photo
* @param string $imagesize 'mini', 'small' or '' (original)
* @param int $addlinktofullsize Add link to fullsize image
* @param int $cache 1=Accept to use image in cache
* @return string HTML code to output photo
*/
static function showphoto($modulepart, $object, $width = 100, $height = 0, $caneditfield = 0, $cssclass = 'photowithmargin', $imagesize = '', $addlinktofullsize = 1, $cache = 0)
{
global $conf, $langs;
$entity = !empty($object->entity) ? $object->entity : $conf->entity;
$id = !empty($object->id) ? $object->id : $object->rowid;
$ret = '';
$dir = '';
$file = '';
$originalfile = '';
$altfile = '';
$email = '';
if ($modulepart == 'societe') {
$dir = $conf->societe->multidir_output[$entity];
if (!empty($object->logo)) {
if ((string) $imagesize == 'mini') {
$file = get_exdir(0, 0, 0, 0, $object, 'thirdparty') . '/logos/' . getImageFileNameForSize($object->logo, '_mini');
} else {
if ((string) $imagesize == 'small') {
$file = get_exdir(0, 0, 0, 0, $object, 'thirdparty') . '/logos/' . getImageFileNameForSize($object->logo, '_small');
} else {
$file = get_exdir(0, 0, 0, 0, $object, 'thirdparty') . '/logos/' . $object->logo;
}
}
$originalfile = get_exdir(0, 0, 0, 0, $object, 'thirdparty') . '/logos/' . $object->logo;
}
} else {
if ($modulepart == 'contact') {
$dir = $conf->societe->multidir_output[$entity] . '/contact';
if (!empty($object->photo)) {
if ((string) $imagesize == 'mini') {
$file = get_exdir(0, 0, 0, 0, $object, 'contact') . '/photos/' . getImageFileNameForSize($object->photo, '_mini');
} else {
if ((string) $imagesize == 'small') {
$file = get_exdir(0, 0, 0, 0, $object, 'contact') . '/photos/' . getImageFileNameForSize($object->photo, '_small');
} else {
$file = get_exdir(0, 0, 0, 0, $object, 'contact') . '/photos/' . $object->photo;
}
}
$originalfile = get_exdir(0, 0, 0, 0, $object, 'contact') . '/photos/' . $object->photo;
}
} else {
if ($modulepart == 'userphoto') {
$dir = $conf->user->dir_output;
if (!empty($object->photo)) {
if ((string) $imagesize == 'mini') {
$file = get_exdir($id, 2, 0, 0, $object, 'user') . getImageFileNameForSize($object->photo, '_mini');
} else {
if ((string) $imagesize == 'small') {
$file = get_exdir($id, 2, 0, 0, $object, 'user') . getImageFileNameForSize($object->photo, '_small');
} else {
$file = get_exdir($id, 2, 0, 0, $object, 'user') . $object->photo;
}
}
$originalfile = get_exdir($id, 2, 0, 0, $object, 'user') . $object->photo;
}
if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) {
$altfile = $object->id . ".jpg";
}
// For backward compatibility
$email = $object->email;
} else {
if ($modulepart == 'memberphoto') {
$dir = $conf->adherent->dir_output;
if (!empty($object->photo)) {
if ((string) $imagesize == 'mini') {
$file = get_exdir($id, 2, 0, 0, $object, 'member') . 'photos/' . getImageFileNameForSize($object->photo, '_mini');
} else {
if ((string) $imagesize == 'small') {
$file = get_exdir($id, 2, 0, 0, $object, 'member') . 'photos/' . getImageFileNameForSize($object->photo, '_small');
} else {
$file = get_exdir($id, 2, 0, 0, $object, 'member') . 'photos/' . $object->photo;
}
}
$originalfile = get_exdir($id, 2, 0, 0, $object, 'member') . 'photos/' . $object->photo;
}
if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) {
$altfile = $object->id . ".jpg";
}
// For backward compatibility
$email = $object->email;
} else {
$dir = $conf->{$modulepart}->dir_output;
if (!empty($object->photo)) {
if ((string) $imagesize == 'mini') {
$file = get_exdir($id, 2, 0, 0, $object, $modulepart) . 'photos/' . getImageFileNameForSize($object->photo, '_mini');
} else {
if ((string) $imagesize == 'small') {
$file = get_exdir($id, 2, 0, 0, $object, $modulepart) . 'photos/' . getImageFileNameForSize($object->photo, '_small');
} else {
$file = get_exdir($id, 2, 0, 0, $object, $modulepart) . 'photos/' . $object->photo;
}
}
$originalfile = get_exdir($id, 2, 0, 0, $object, $modulepart) . 'photos/' . $object->photo;
}
if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) {
$altfile = $object->id . ".jpg";
}
// For backward compatibility
$email = $object->email;
}
}
}
}
if ($dir) {
if ($file && file_exists($dir . "/" . $file)) {
if ($addlinktofullsize) {
$ret .= '<a href="' . DOL_URL_ROOT . '/viewimage.php?modulepart=' . $modulepart . '&entity=' . $entity . '&file=' . urlencode($originalfile) . '&cache=' . $cache . '">';
}
$ret .= '<img alt="Photo" id="photologo' . preg_replace('/[^a-z]/i', '_', $file) . '" class="' . $cssclass . '" ' . ($width ? ' width="' . $width . '"' : '') . ($height ? ' height="' . $height . '"' : '') . ' src="' . DOL_URL_ROOT . '/viewimage.php?modulepart=' . $modulepart . '&entity=' . $entity . '&file=' . urlencode($file) . '&cache=' . $cache . '">';
if ($addlinktofullsize) {
$ret .= '</a>';
}
} else {
if ($altfile && file_exists($dir . "/" . $altfile)) {
if ($addlinktofullsize) {
$ret .= '<a href="' . DOL_URL_ROOT . '/viewimage.php?modulepart=' . $modulepart . '&entity=' . $entity . '&file=' . urlencode($originalfile) . '&cache=' . $cache . '">';
}
$ret .= '<img alt="Photo alt" id="photologo' . preg_replace('/[^a-z]/i', '_', $file) . '" class="' . $cssclass . '" ' . ($width ? ' width="' . $width . '"' : '') . ($height ? ' height="' . $height . '"' : '') . ' src="' . DOL_URL_ROOT . '/viewimage.php?modulepart=' . $modulepart . '&entity=' . $entity . '&file=' . urlencode($altfile) . '&cache=' . $cache . '">';
if ($addlinktofullsize) {
$ret .= '</a>';
}
} else {
$nophoto = '/public/theme/common/nophoto.png';
if (in_array($modulepart, array('userphoto', 'contact'))) {
$nophoto = '/public/theme/common/user_anonymous.png';
if ($object->gender == 'man') {
$nophoto = '/public/theme/common/user_man.png';
}
if ($object->gender == 'woman') {
$nophoto = '/public/theme/common/user_woman.png';
}
}
if (!empty($conf->gravatar->enabled) && $email) {
/**
* @see https://gravatar.com/site/implement/images/php/
*/
global $dolibarr_main_url_root;
$ret .= '<!-- Put link to gravatar -->';
$ret .= '<img class="photo' . $modulepart . ($cssclass ? ' ' . $cssclass : '') . '" alt="Gravatar avatar" title="' . $email . ' Gravatar avatar" border="0"' . ($width ? ' width="' . $width . '"' : '') . ($height ? ' height="' . $height . '"' : '') . ' src="https://www.gravatar.com/avatar/' . dol_hash(strtolower(trim($email)), 3) . '?s=' . $width . '&d=' . urlencode(dol_buildpath($nophoto, 2)) . '">';
// gravatar need md5 hash
} else {
$ret .= '<img class="photo' . $modulepart . ($cssclass ? ' ' . $cssclass : '') . '" alt="No photo" border="0"' . ($width ? ' width="' . $width . '"' : '') . ($height ? ' height="' . $height . '"' : '') . ' src="' . DOL_URL_ROOT . $nophoto . '">';
}
}
}
if ($caneditfield) {
if ($object->photo) {
$ret .= "<br>\n";
}
$ret .= '<table class="nobordernopadding hideonsmartphone">';
if ($object->photo) {
$ret .= '<tr><td align="center"><input type="checkbox" class="flat photodelete" name="deletephoto" id="photodelete"> ' . $langs->trans("Delete") . '<br><br></td></tr>';
}
$ret .= '<tr><td>' . $langs->trans("PhotoFile") . '</td></tr>';
$ret .= '<tr><td><input type="file" class="flat" name="photo" id="photoinput"></td></tr>';
$ret .= '</table>';
}
} else {
dol_print_error('', 'Call of showphoto with wrong parameters');
}
return $ret;
}
/**
* Return string with full Url
*
* @param int $mode 0=True url, 1=Url formated with colors
* @param string $type Type of URL ('free', 'order', 'invoice', 'contractline', 'membersubscription' ...)
* @param string $ref Ref of object
* @param int $amount Amount
* @param string $freetag Free tag
* @return string Url string
*/
function getPaypalPaymentUrl($mode,$type,$ref='',$amount='9.99',$freetag='your_free_tag')
{
global $conf;
if ($type == 'free')
{
$out=DOL_MAIN_URL_ROOT.'/public/paypal/newpayment.php?amount='.($mode?'<font color="#666666">':'').$amount.($mode?'</font>':'').'&tag='.($mode?'<font color="#666666">':'').$freetag.($mode?'</font>':'');
if (! empty($conf->global->PAYPAL_SECURITY_TOKEN))
{
if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) $out.='&securekey='.$conf->global->PAYPAL_SECURITY_TOKEN;
else $out.='&securekey='.dol_hash($conf->global->PAYPAL_SECURITY_TOKEN, 2);
}
}
if ($type == 'order')
{
$out=DOL_MAIN_URL_ROOT.'/public/paypal/newpayment.php?source=order&ref='.($mode?'<font color="#666666">':'');
if ($mode == 1) $out.='order_ref';
if ($mode == 0) $out.=urlencode($ref);
$out.=($mode?'</font>':'');
if (! empty($conf->global->PAYPAL_SECURITY_TOKEN))
{
if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) $out.='&securekey='.$conf->global->PAYPAL_SECURITY_TOKEN;
else
{
$out.='&securekey='.($mode?'<font color="#666666">':'');
if ($mode == 1) $out.="hash('".$conf->global->PAYPAL_SECURITY_TOKEN."' + order + order_ref)";
if ($mode == 0) $out.= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'order' . $ref, 2);
$out.=($mode?'</font>':'');
}
}
}
if ($type == 'invoice')
{
$out=DOL_MAIN_URL_ROOT.'/public/paypal/newpayment.php?source=invoice&ref='.($mode?'<font color="#666666">':'');
if ($mode == 1) $out.='invoice_ref';
if ($mode == 0) $out.=urlencode($ref);
$out.=($mode?'</font>':'');
if (! empty($conf->global->PAYPAL_SECURITY_TOKEN))
{
if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) $out.='&securekey='.$conf->global->PAYPAL_SECURITY_TOKEN;
else
{
$out.='&securekey='.($mode?'<font color="#666666">':'');
if ($mode == 1) $out.="hash('".$conf->global->PAYPAL_SECURITY_TOKEN."' + invoice + invoice_ref)";
if ($mode == 0) $out.= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'invoice' . $ref, 2);
$out.=($mode?'</font>':'');
}
}
}
if ($type == 'contractline')
{
$out=DOL_MAIN_URL_ROOT.'/public/paypal/newpayment.php?source=contractline&ref='.($mode?'<font color="#666666">':'');
if ($mode == 1) $out.='contractline_ref';
if ($mode == 0) $out.=urlencode($ref);
$out.=($mode?'</font>':'');
if (! empty($conf->global->PAYPAL_SECURITY_TOKEN))
{
if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) $out.='&securekey='.$conf->global->PAYPAL_SECURITY_TOKEN;
else
{
$out.='&securekey='.($mode?'<font color="#666666">':'');
if ($mode == 1) $out.="hash('".$conf->global->PAYPAL_SECURITY_TOKEN."' + contactline + contractline_ref)";
if ($mode == 0) $out.= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'contractline' . $ref, 2);
$out.=($mode?'</font>':'');
}
}
}
if ($type == 'membersubscription')
{
$out=DOL_MAIN_URL_ROOT.'/public/paypal/newpayment.php?source=membersubscription&ref='.($mode?'<font color="#666666">':'');
if ($mode == 1) $out.='member_ref';
if ($mode == 0) $out.=urlencode($ref);
$out.=($mode?'</font>':'');
if (! empty($conf->global->PAYPAL_SECURITY_TOKEN))
{
if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) $out.='&securekey='.$conf->global->PAYPAL_SECURITY_TOKEN;
else
{
$out.='&securekey='.($mode?'<font color="#666666">':'');
if ($mode == 1) $out.="hash('".$conf->global->PAYPAL_SECURITY_TOKEN."' + membersubscription + member_ref)";
if ($mode == 0) $out.= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'membersubscription' . $ref, 2);
$out.=($mode?'</font>':'');
}
}
}
return $out;
}
$error = 0;
$db->begin();
dolibarr_set_const($db, "DATABASE_PWD_ENCRYPTED", "1", 'chaine', 0, '', $conf->entity);
$sql = "SELECT u.rowid, u.pass, u.pass_crypted";
$sql .= " FROM " . MAIN_DB_PREFIX . "user as u";
$sql .= " WHERE u.pass IS NOT NULL AND LENGTH(u.pass) < 32";
// Not a MD5 value
$resql = $db->query($sql);
if ($resql) {
$numrows = $db->num_rows($resql);
$i = 0;
while ($i < $numrows) {
$obj = $db->fetch_object($resql);
if (dol_hash($obj->pass)) {
$sql = "UPDATE " . MAIN_DB_PREFIX . "user";
$sql .= " SET pass_crypted = '" . dol_hash($obj->pass) . "', pass = NULL";
$sql .= " WHERE rowid=" . $obj->rowid;
//print $sql;
$resql2 = $db->query($sql);
if (!$resql2) {
dol_print_error($db);
$error++;
break;
}
$i++;
}
}
} else {
dol_print_error($db);
}
//print $error." ".$sql;
/**
* Return a prefix to use for this Dolibarr instance for session or cookie names.
* This prefix is unique for instance and avoid conflict between multi-instances,
* even when having two instances with one root dir or two instances in virtual servers
*
* @return string A calculated prefix
*/
function dol_getprefix()
{
if (isset($_SERVER["SERVER_NAME"]) && isset($_SERVER["DOCUMENT_ROOT"])) {
return dol_hash($_SERVER["SERVER_NAME"] . $_SERVER["DOCUMENT_ROOT"] . DOL_DOCUMENT_ROOT . DOL_URL_ROOT);
// Use this for a "clear" cookie name
//return dol_sanitizeFileName($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"].DOL_DOCUMENT_ROOT.DOL_URL_ROOT);
} else {
return dol_hash(DOL_DOCUMENT_ROOT . DOL_URL_ROOT);
}
}
/**
* Return HTML code to output a photo
*
* @param string $modulepart Key to define module concerned ('societe', 'userphoto', 'memberphoto')
* @param Object $object Object containing data to retrieve file name
* @param int $width Width of photo
* @return string HTML code to output photo
*/
function showphoto($modulepart, $object, $width = 100)
{
global $conf;
$ret = '';
$dir = '';
$file = '';
$altfile = '';
$email = '';
if ($modulepart == 'societe') {
$dir = $conf->societe->multidir_output[$object->entity];
$smallfile = $object->logo;
$smallfile = preg_replace('/(\\.png|\\.gif|\\.jpg|\\.jpeg|\\.bmp)/i', '_small\\1', $smallfile);
if ($object->logo) {
$file = $object->id . '/logos/thumbs/' . $smallfile;
}
} else {
if ($modulepart == 'userphoto') {
$dir = $conf->user->dir_output;
if ($object->photo) {
$file = get_exdir($object->id, 2) . $object->photo;
}
if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) {
$altfile = $object->id . ".jpg";
}
// For backward compatibility
$email = $object->email;
} else {
if ($modulepart == 'memberphoto') {
if ($object->photo) {
$file = $object->photo;
}
$email = $object->email;
}
}
}
if ($object->class) {
// Photo in the database
if ($file) {
$ret .= '<img alt="Photo" id="photologo' . preg_replace('/[^a-z]/i', '_', $file) . '" class="photologo" border="0" width="' . $width . '" src="' . $object->getFile($file) . '">';
} else {
$ret .= '<img alt="No photo" border="0" width="' . $width . '" src="' . DOL_URL_ROOT . '/theme/common/nophoto.jpg">';
}
} elseif ($dir) {
$cache = '0';
if ($file && file_exists($dir . "/" . $file)) {
// TODO Link to large image
$ret .= '<a href="' . DOL_URL_ROOT . '/viewimage.php?modulepart=' . $modulepart . '&entity=' . $object->entity . '&file=' . urlencode($file) . '&cache=' . $cache . '">';
$ret .= '<img alt="Photo" id="photologo' . preg_replace('/[^a-z]/i', '_', $file) . '" class="photologo" border="0" width="' . $width . '" src="' . DOL_URL_ROOT . '/viewimage.php?modulepart=' . $modulepart . '&entity=' . $object->entity . '&file=' . urlencode($file) . '&cache=' . $cache . '">';
$ret .= '</a>';
} elseif ($altfile && file_exists($dir . "/" . $altfile)) {
$ret .= '<a href="' . DOL_URL_ROOT . '/viewimage.php?modulepart=' . $modulepart . '&entity=' . $object->entity . '&file=' . urlencode($file) . '&cache=' . $cache . '">';
$ret .= '<img alt="Photo alt" id="photologo' . preg_replace('/[^a-z]/i', '_', $file) . '" class="photologo" border="0" width="' . $width . '" src="' . DOL_URL_ROOT . '/viewimage.php?modulepart=' . $modulepart . '&entity=' . $object->entity . '&file=' . urlencode($altfile) . '&cache=' . $cache . '">';
$ret .= '</a>';
} else {
if (!empty($conf->gravatar->enabled) && $email) {
global $dolibarr_main_url_root;
$ret .= '<!-- Put link to gravatar -->';
$ret .= '<img alt="Photo found on Gravatar" title="Photo Gravatar.com - email ' . $email . '" border="0" width="' . $width . '" src="http://www.gravatar.com/avatar/' . dol_hash($email) . '?s=' . $width . '&d=' . urlencode(dol_buildpath('/theme/common/nophoto.jpg', 2)) . '">';
} else {
$ret .= '<img alt="No photo" border="0" width="' . $width . '" src="' . DOL_URL_ROOT . '/theme/common/nophoto.jpg">';
}
}
} else {
dol_print_error('', 'Call of showphoto with wrong parameters');
}
/* Disabled. lightbox seems to not work. I don't know why.
$ret.="\n<script type=\"text/javascript\">
jQuery(function() {
jQuery('.photologo').lightBox();
});
</script>\n";
$ret.="\n<script type=\"text/javascript\">
jQuery(function() {
jQuery('.photologo').lightBox({
overlayBgColor: '#FFF',
overlayOpacity: 0.6,
imageLoading: '".DOL_URL_ROOT."/includes/jquery/plugins/lightbox/images/lightbox-ico-loading.gif',
imageBtnClose: '".DOL_URL_ROOT."/includes/jquery/plugins/lightbox/images/lightbox-btn-close.gif',
imageBtnPrev: '".DOL_URL_ROOT."/includes/jquery/plugins/lightbox/images/lightbox-btn-prev.gif',
imageBtnNext: '".DOL_URL_ROOT."/includes/jquery/plugins/lightbox/images/lightbox-btn-next.gif',
containerResizeSpeed: 350,
txtImage: 'Imagem',
txtOf: 'de'
});
});
</script>\n";
*/
return $ret;
}
// If an upgrade process is required, we call the install page.
if (!empty($conf->global->MAIN_VERSION_LAST_UPGRADE) && $conf->global->MAIN_VERSION_LAST_UPGRADE != DOL_VERSION || empty($conf->global->MAIN_VERSION_LAST_UPGRADE) && !empty($conf->global->MAIN_VERSION_LAST_INSTALL) && $conf->global->MAIN_VERSION_LAST_INSTALL != DOL_VERSION) {
$versiontocompare = empty($conf->global->MAIN_VERSION_LAST_UPGRADE) ? $conf->global->MAIN_VERSION_LAST_INSTALL : $conf->global->MAIN_VERSION_LAST_UPGRADE;
require_once DOL_DOCUMENT_ROOT . '/core/lib/admin.lib.php';
$dolibarrversionlastupgrade = preg_split('/[.-]/', $versiontocompare);
$dolibarrversionprogram = preg_split('/[.-]/', DOL_VERSION);
$rescomp = versioncompare($dolibarrversionprogram, $dolibarrversionlastupgrade);
if ($rescomp > 0) {
dol_syslog("main.inc: database version " . $versiontocompare . " is lower than programs version " . DOL_VERSION . ". Redirect to install page.", LOG_WARNING);
header("Location: " . DOL_URL_ROOT . "/install/index.php");
exit;
}
}
// Creation of a token against CSRF vulnerabilities
if (!defined('NOTOKENRENEWAL')) {
$token = dol_hash(uniqid(mt_rand(), TRUE));
// Generates a hash of a random number
// roulement des jetons car cree a chaque appel
if (isset($_SESSION['newtoken'])) {
$_SESSION['token'] = $_SESSION['newtoken'];
}
$_SESSION['newtoken'] = $token;
}
if (!empty($conf->global->MAIN_SECURITY_CSRF)) {
if (isset($_POST['token']) && isset($_SESSION['token'])) {
if ($_POST['token'] != $_SESSION['token']) {
dol_syslog("Invalid token in " . $_SERVER['HTTP_REFERER'] . ", action=" . GETPOST('action') . ", _POST['token']=" . GETPOST('token') . ", _SESSION['token']=" . $_SESSION['token'], LOG_WARNING);
//print 'Unset POST by CSRF protection in main.inc.php.'; // Do not output anything because this create problems when using the BACK button on browsers.
unset($_POST);
}
}
/**
* Return string with full Url
*
* @param int $mode 0=True url, 1=Url formated with colors
* @param string $type Type of URL ('free', 'order', 'invoice', 'contractline', 'membersubscription' ...)
* @param string $ref Ref of object
* @param int $amount Amount
* @param string $freetag Free tag
* @return string Url string
*/
function getPaypalPaymentUrl($mode, $type, $ref = '', $amount = '9.99', $freetag = 'your_free_tag')
{
global $conf;
if ($type == 'free') {
$out = DOL_MAIN_URL_ROOT . '/public/paypal/newpayment.php?amount=' . ($mode ? '<font color="#666666">' : '') . $amount . ($mode ? '</font>' : '') . '&tag=' . ($mode ? '<font color="#666666">' : '') . $freetag . ($mode ? '</font>' : '');
if (!empty($conf->global->PAYPAL_SECURITY_TOKEN)) {
if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
$out .= '&securekey=' . $conf->global->PAYPAL_SECURITY_TOKEN;
} else {
$out .= '&securekey=' . dol_hash($conf->global->PAYPAL_SECURITY_TOKEN, 2);
}
}
}
if ($type == 'order') {
$out = DOL_MAIN_URL_ROOT . '/public/paypal/newpayment.php?source=order&ref=' . ($mode ? '<font color="#666666">' : '');
if ($mode == 1) {
$out .= 'order_ref';
}
if ($mode == 0) {
$out .= urlencode($ref);
}
$out .= $mode ? '</font>' : '';
if (!empty($conf->global->PAYPAL_SECURITY_TOKEN)) {
if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
$out .= '&securekey=' . $conf->global->PAYPAL_SECURITY_TOKEN;
} else {
$out .= '&securekey=' . ($mode ? '<font color="#666666">' : '');
if ($mode == 1) {
$out .= "hash('" . $conf->global->PAYPAL_SECURITY_TOKEN . "' + 'order' + order_ref)";
}
if ($mode == 0) {
$out .= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'order' . $ref, 2);
}
$out .= $mode ? '</font>' : '';
}
}
}
if ($type == 'invoice') {
$out = DOL_MAIN_URL_ROOT . '/public/paypal/newpayment.php?source=invoice&ref=' . ($mode ? '<font color="#666666">' : '');
if ($mode == 1) {
$out .= 'invoice_ref';
}
if ($mode == 0) {
$out .= urlencode($ref);
}
$out .= $mode ? '</font>' : '';
if (!empty($conf->global->PAYPAL_SECURITY_TOKEN)) {
if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
$out .= '&securekey=' . $conf->global->PAYPAL_SECURITY_TOKEN;
} else {
$out .= '&securekey=' . ($mode ? '<font color="#666666">' : '');
if ($mode == 1) {
$out .= "hash('" . $conf->global->PAYPAL_SECURITY_TOKEN . "' + 'invoice' + invoice_ref)";
}
if ($mode == 0) {
$out .= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'invoice' . $ref, 2);
}
$out .= $mode ? '</font>' : '';
}
}
}
if ($type == 'contractline') {
$out = DOL_MAIN_URL_ROOT . '/public/paypal/newpayment.php?source=contractline&ref=' . ($mode ? '<font color="#666666">' : '');
if ($mode == 1) {
$out .= 'contractline_ref';
}
if ($mode == 0) {
$out .= urlencode($ref);
}
$out .= $mode ? '</font>' : '';
if (!empty($conf->global->PAYPAL_SECURITY_TOKEN)) {
if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
$out .= '&securekey=' . $conf->global->PAYPAL_SECURITY_TOKEN;
} else {
$out .= '&securekey=' . ($mode ? '<font color="#666666">' : '');
if ($mode == 1) {
$out .= "hash('" . $conf->global->PAYPAL_SECURITY_TOKEN . "' + 'contactline' + contractline_ref)";
}
if ($mode == 0) {
$out .= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'contractline' . $ref, 2);
}
$out .= $mode ? '</font>' : '';
}
}
}
if ($type == 'membersubscription') {
$out = DOL_MAIN_URL_ROOT . '/public/paypal/newpayment.php?source=membersubscription&ref=' . ($mode ? '<font color="#666666">' : '');
if ($mode == 1) {
$out .= 'member_ref';
}
if ($mode == 0) {
$out .= urlencode($ref);
}
$out .= $mode ? '</font>' : '';
if (!empty($conf->global->PAYPAL_SECURITY_TOKEN)) {
if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
$out .= '&securekey=' . $conf->global->PAYPAL_SECURITY_TOKEN;
} else {
$out .= '&securekey=' . ($mode ? '<font color="#666666">' : '');
if ($mode == 1) {
$out .= "hash('" . $conf->global->PAYPAL_SECURITY_TOKEN . "' + 'membersubscription' + member_ref)";
}
if ($mode == 0) {
$out .= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'membersubscription' . $ref, 2);
}
$out .= $mode ? '</font>' : '';
}
}
}
// For multicompany
//$out.="&entity=".$conf->entity; // This should not be into link. Link contains already a ref of an object that allow to retreive entity
return $out;
}
/**
* Generates Random string for MIME message Boundary
*
* @return void
*/
function _setBoundary()
{
$this->_smtpsBoundary = "multipart_x." . time() . ".x_boundary";
$this->_smtpsRelatedBoundary = 'mul_' . dol_hash(uniqid("dolibarr2"), 3);
$this->_smtpsAlternativeBoundary = 'mul_' . dol_hash(uniqid("dolibarr3"), 3);
}
/**
* Change password of a user
*
* @param User $user Object user de l'utilisateur qui fait la modification
* @param string $password New password (to generate if empty)
* @param int $isencrypted 0 ou 1 si il faut crypter le mot de passe en base (0 par defaut)
* @param int $notrigger 1=Ne declenche pas les triggers
* @param int $nosyncuser Do not synchronize linked user
* @return string If OK return clear password, 0 if no change, < 0 if error
*/
function setPassword($user, $password = '', $isencrypted = 0, $notrigger = 0, $nosyncuser = 0)
{
global $conf, $langs;
$error = 0;
dol_syslog(get_class($this) . "::setPassword user="******" password="******" isencrypted=" . $isencrypted);
// If new password not provided, we generate one
if (!$password) {
require_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php';
$password = getRandomPassword(false);
}
// Cryptage mot de passe
if ($isencrypted) {
// Encryption
$password_indatabase = dol_hash($password);
} else {
$password_indatabase = $password;
}
$this->db->begin();
// Mise a jour
$sql = "UPDATE " . MAIN_DB_PREFIX . "adherent SET pass = '******'";
$sql .= " WHERE rowid = " . $this->id;
//dol_syslog("Adherent::Password sql=hidden");
dol_syslog(get_class($this) . "::setPassword", LOG_DEBUG);
$result = $this->db->query($sql);
if ($result) {
$nbaffectedrows = $this->db->affected_rows($result);
if ($nbaffectedrows) {
$this->pass = $password;
$this->pass_indatabase = $password_indatabase;
if ($this->user_id && !$nosyncuser) {
require_once DOL_DOCUMENT_ROOT . '/user/class/user.class.php';
// This member is linked with a user, so we also update users informations
// if this is an update.
$luser = new User($this->db);
$result = $luser->fetch($this->user_id);
if ($result >= 0) {
$result = $luser->setPassword($user, $this->pass, 0, 0, 1);
if ($result < 0) {
$this->error = $luser->error;
dol_syslog(get_class($this) . "::setPassword " . $this->error, LOG_ERR);
$error++;
}
} else {
$this->error = $luser->error;
$error++;
}
}
if (!$error && !$notrigger) {
// Call trigger
$result = $this->call_trigger('MEMBER_NEW_PASSWORD', $user);
if ($result < 0) {
$error++;
$this->db->rollback();
return -1;
}
// End call triggers
}
$this->db->commit();
return $this->pass;
} else {
$this->db->rollback();
return 0;
}
} else {
$this->db->rollback();
dol_print_error($this->db);
return -1;
}
}
/**
* Ajoute destinataires dans table des cibles
*
* @param int $mailing_id Id of emailing
* @param array $cibles Array with targets
* @return int < 0 si erreur, nb ajout si ok
*/
function add_to_target($mailing_id, $cibles)
{
global $conf;
$this->db->begin();
// Insert emailing targest from array into database
$j = 0;
$num = count($cibles);
foreach ($cibles as $targetarray) {
if (!empty($targetarray['email'])) {
$sql = "INSERT INTO " . MAIN_DB_PREFIX . "mailing_cibles";
$sql .= " (fk_mailing,";
$sql .= " fk_contact,";
$sql .= " lastname, firstname, email, other, source_url, source_id,";
$sql .= " tag,";
$sql .= " source_type)";
$sql .= " VALUES (" . $mailing_id . ",";
$sql .= (empty($targetarray['fk_contact']) ? '0' : "'" . $targetarray['fk_contact'] . "'") . ",";
$sql .= "'" . $this->db->escape($targetarray['lastname']) . "',";
$sql .= "'" . $this->db->escape($targetarray['firstname']) . "',";
$sql .= "'" . $this->db->escape($targetarray['email']) . "',";
$sql .= "'" . $this->db->escape($targetarray['other']) . "',";
$sql .= "'" . $this->db->escape($targetarray['source_url']) . "',";
$sql .= (empty($targetarray['source_id']) ? 'null' : "'" . $this->db->escape($targetarray['source_id']) . "'") . ",";
$sql .= "'" . $this->db->escape(dol_hash($targetarray['email'] . ';' . $targetarray['lastname'] . ';' . $mailing_id . ';' . $conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY)) . "',";
$sql .= "'" . $this->db->escape($targetarray['source_type']) . "')";
$result = $this->db->query($sql);
if ($result) {
$j++;
} else {
if ($this->db->errno() != 'DB_ERROR_RECORD_ALREADY_EXISTS') {
// Si erreur autre que doublon
dol_syslog($this->db->error());
$this->error = $this->db->error();
$this->db->rollback();
return -1;
}
}
}
}
dol_syslog(get_class($this) . "::add_to_target: sql " . $sql, LOG_DEBUG);
dol_syslog(get_class($this) . "::add_to_target: mailing " . $j . " targets added");
//Update the status to show thirdparty mail that don't want to be contacted anymore'
$sql = "UPDATE " . MAIN_DB_PREFIX . "mailing_cibles";
$sql .= " SET statut=3";
$sql .= " WHERE fk_mailing=" . $mailing_id . " AND email in (SELECT email FROM " . MAIN_DB_PREFIX . "societe where fk_stcomm=-1)";
$sql .= " AND source_type='thirdparty'";
$result = $this->db->query($sql);
dol_syslog(get_class($this) . "::add_to_target: mailing update status to display thirdparty mail that do not want to be contacted sql:" . $sql);
//Update the status to show contact mail that don't want to be contacted anymore'
$sql = "UPDATE " . MAIN_DB_PREFIX . "mailing_cibles";
$sql .= " SET statut=3";
$sql .= " WHERE fk_mailing=" . $mailing_id . " AND email in (SELECT sc.email FROM " . MAIN_DB_PREFIX . "socpeople AS sc ";
$sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe s ON s.fk_stcomm=-1 AND s.rowid=sc.fk_soc)";
$sql .= " AND source_type='contact'";
$result = $this->db->query($sql);
dol_syslog(get_class($this) . "::add_to_target: mailing update status to display contact mail that do not want to be contacted sql:" . $sql);
$this->update_nb($mailing_id);
$this->db->commit();
return $j;
}
/**
* Parse rss URL
*
* @param string $urlRSS Url to parse
* @param int $maxNb Max nb of records to get (0 for no limit)
* @param int $cachedelay 0=No cache, nb of seconds we accept cache files (cachedir must also be defined)
* @param string $cachedir Directory where to save cache file
* @return int <0 if KO, >0 if OK
*/
public function parser($urlRSS, $maxNb = 0, $cachedelay = 60, $cachedir = '')
{
global $conf;
include_once DOL_DOCUMENT_ROOT . '/core/lib/files.lib.php';
$rss = '';
$str = '';
// This will contain content of feed
// Check parameters
if (!dol_is_url($urlRSS)) {
$this->error = "ErrorBadUrl";
return -1;
}
$this->_urlRSS = $urlRSS;
$newpathofdestfile = $cachedir . '/' . dol_hash($this->_urlRSS, 3);
// Force md5 hash (does not contains special chars)
$newmask = '0644';
//dol_syslog("RssPArser::parser parse url=".$urlRSS." => cache file=".$newpathofdestfile);
$nowgmt = dol_now();
// Search into cache
$foundintocache = 0;
if ($cachedelay > 0 && $cachedir) {
$filedate = dol_filemtime($newpathofdestfile);
if ($filedate >= $nowgmt - $cachedelay) {
//dol_syslog("RssParser::parser cache file ".$newpathofdestfile." is not older than now - cachedelay (".$nowgmt." - ".$cachedelay.") so we use it.");
$foundintocache = 1;
$this->_lastfetchdate = $filedate;
} else {
dol_syslog(get_class($this) . "::parser cache file " . $newpathofdestfile . " is not found or older than now - cachedelay (" . $nowgmt . " - " . $cachedelay . ") so we can't use it.");
}
}
// Load file into $str
if ($foundintocache) {
$str = file_get_contents($newpathofdestfile);
} else {
try {
ini_set("user_agent", "Dolibarr ERP-CRM RSS reader");
ini_set("max_execution_time", $conf->global->MAIN_USE_RESPONSE_TIMEOUT);
ini_set("default_socket_timeout", $conf->global->MAIN_USE_RESPONSE_TIMEOUT);
$opts = array('http' => array('method' => "GET"));
if (!empty($conf->global->MAIN_USE_CONNECT_TIMEOUT)) {
$opts['http']['timeout'] = $conf->global->MAIN_USE_CONNECT_TIMEOUT;
}
if (!empty($conf->global->MAIN_PROXY_USE)) {
$opts['http']['proxy'] = 'tcp://' . $conf->global->MAIN_PROXY_HOST . ':' . $conf->global->MAIN_PROXY_PORT;
}
//var_dump($opts);exit;
$context = stream_context_create($opts);
$str = file_get_contents($this->_urlRSS, false, $context);
} catch (Exception $e) {
print 'Error retrieving URL ' . $this->urlRSS . ' - ' . $e->getMessage();
}
}
if ($str !== false) {
// Convert $str into xml
if (!empty($conf->global->EXTERNALRSS_USE_SIMPLEXML)) {
//print 'xx'.LIBXML_NOCDATA;
libxml_use_internal_errors(false);
$rss = simplexml_load_string($str, "SimpleXMLElement", LIBXML_NOCDATA);
} else {
$xmlparser = xml_parser_create('');
if (!is_resource($xmlparser)) {
$this->error = "ErrorFailedToCreateParser";
return -1;
}
xml_set_object($xmlparser, $this);
xml_set_element_handler($xmlparser, 'feed_start_element', 'feed_end_element');
xml_set_character_data_handler($xmlparser, 'feed_cdata');
$status = xml_parse($xmlparser, $str);
xml_parser_free($xmlparser);
$rss = $this;
//var_dump($rss->_format);exit;
}
}
// If $rss loaded
if ($rss) {
// Save file into cache
if (empty($foundintocache) && $cachedir) {
dol_syslog(get_class($this) . "::parser cache file " . $newpathofdestfile . " is saved onto disk.");
if (!dol_is_dir($cachedir)) {
dol_mkdir($cachedir);
}
$fp = fopen($newpathofdestfile, 'w');
fwrite($fp, $str);
fclose($fp);
if (!empty($conf->global->MAIN_UMASK)) {
$newmask = $conf->global->MAIN_UMASK;
}
@chmod($newpathofdestfile, octdec($newmask));
$this->_lastfetchdate = $nowgmt;
}
unset($str);
// Free memory
if (empty($rss->_format)) {
$rss->_format = 'rss';
if (empty($rss->channel)) {
$rss->_format = 'atom';
}
}
$items = array();
// Save description entries
if ($rss->_format == 'rss') {
//var_dump($rss);
if (!empty($conf->global->EXTERNALRSS_USE_SIMPLEXML)) {
if (!empty($rss->channel->language)) {
$this->_language = (string) $rss->channel->language;
}
if (!empty($rss->channel->generator)) {
$this->_generator = (string) $rss->channel->generator;
}
if (!empty($rss->channel->copyright)) {
$this->_copyright = (string) $rss->channel->copyright;
}
if (!empty($rss->channel->lastbuilddate)) {
$this->_lastbuilddate = (string) $rss->channel->lastbuilddate;
}
if (!empty($rss->channel->image->url[0])) {
$this->_imageurl = (string) $rss->channel->image->url[0];
}
if (!empty($rss->channel->link)) {
$this->_link = (string) $rss->channel->link;
}
if (!empty($rss->channel->title)) {
$this->_title = (string) $rss->channel->title;
}
if (!empty($rss->channel->description)) {
$this->_description = (string) $rss->channel->description;
}
} else {
//var_dump($rss->channel);
if (!empty($rss->channel['language'])) {
$this->_language = (string) $rss->channel['language'];
}
if (!empty($rss->channel['generator'])) {
$this->_generator = (string) $rss->channel['generator'];
}
if (!empty($rss->channel['copyright'])) {
$this->_copyright = (string) $rss->channel['copyright'];
}
if (!empty($rss->channel['lastbuilddate'])) {
$this->_lastbuilddate = (string) $rss->channel['lastbuilddate'];
}
if (!empty($rss->image['url'])) {
$this->_imageurl = (string) $rss->image['url'];
}
if (!empty($rss->channel['link'])) {
$this->_link = (string) $rss->channel['link'];
}
if (!empty($rss->channel['title'])) {
$this->_title = (string) $rss->channel['title'];
}
if (!empty($rss->channel['description'])) {
$this->_description = (string) $rss->channel['description'];
}
}
if (!empty($conf->global->EXTERNALRSS_USE_SIMPLEXML)) {
$items = $rss->channel->item;
} else {
$items = $rss->items;
}
// With xmlparse
//var_dump($items);exit;
} else {
if ($rss->_format == 'atom') {
//var_dump($rss);
if (!empty($conf->global->EXTERNALRSS_USE_SIMPLEXML)) {
if (!empty($rss->generator)) {
$this->_generator = (string) $rss->generator;
}
if (!empty($rss->lastbuilddate)) {
$this->_lastbuilddate = (string) $rss->modified;
}
if (!empty($rss->link->href)) {
$this->_link = (string) $rss->link->href;
}
if (!empty($rss->title)) {
$this->_title = (string) $rss->title;
}
if (!empty($rss->description)) {
$this->_description = (string) $rss->description;
}
} else {
//if (!empty($rss->channel['rss_language'])) $this->_language = (string) $rss->channel['rss_language'];
if (!empty($rss->channel['generator'])) {
$this->_generator = (string) $rss->channel['generator'];
}
//if (!empty($rss->channel['rss_copyright'])) $this->_copyright = (string) $rss->channel['rss_copyright'];
if (!empty($rss->channel['modified'])) {
$this->_lastbuilddate = (string) $rss->channel['modified'];
}
//if (!empty($rss->image['rss_url'])) $this->_imageurl = (string) $rss->image['rss_url'];
if (!empty($rss->channel['link'])) {
$this->_link = (string) $rss->channel['link'];
}
if (!empty($rss->channel['title'])) {
$this->_title = (string) $rss->channel['title'];
}
//if (!empty($rss->channel['rss_description'])) $this->_description = (string) $rss->channel['rss_description'];
}
if (!empty($conf->global->EXTERNALRSS_USE_SIMPLEXML)) {
$tmprss = xml2php($rss);
$items = $tmprss['entry'];
} else {
$items = $rss->items;
}
// With xmlparse
//var_dump($items);exit;
}
}
$i = 0;
// Loop on each record
if (is_array($items)) {
foreach ($items as $item) {
//var_dump($item);exit;
if ($rss->_format == 'rss') {
if (!empty($conf->global->EXTERNALRSS_USE_SIMPLEXML)) {
$itemLink = (string) $item->link;
$itemTitle = (string) $item->title;
$itemDescription = (string) $item->description;
$itemPubDate = (string) $item->pubDate;
$itemId = '';
$itemAuthor = '';
} else {
$itemLink = (string) $item['link'];
$itemTitle = (string) $item['title'];
$itemDescription = (string) $item['description'];
$itemPubDate = (string) $item['pubdate'];
$itemId = (string) $item['guid'];
$itemAuthor = (string) $item['author'];
}
// Loop on each category
$itemCategory = array();
if (is_array($item->category)) {
foreach ($item->category as $cat) {
$itemCategory[] = (string) $cat;
}
}
} else {
if ($rss->_format == 'atom') {
if (!empty($conf->global->EXTERNALRSS_USE_SIMPLEXML)) {
$itemLink = isset($item['link']['href']) ? (string) $item['link']['href'] : '';
$itemTitle = (string) $item['title'];
$itemDescription = (string) $item['summary'];
$itemPubDate = (string) $item['created'];
$itemId = (string) $item['id'];
$itemAuthor = (string) ($item['author'] ? $item['author'] : $item['author_name']);
} else {
$itemLink = isset($item['link']['href']) ? (string) $item['link']['href'] : '';
$itemTitle = (string) $item['title'];
$itemDescription = (string) $item['summary'];
$itemPubDate = (string) $item['created'];
$itemId = (string) $item['id'];
$itemAuthor = (string) ($item['author'] ? $item['author'] : $item['author_name']);
}
} else {
print 'ErrorBadFeedFormat';
}
}
// Add record to result array
$this->_rssarray[$i] = array('link' => $itemLink, 'title' => $itemTitle, 'description' => $itemDescription, 'pubDate' => $itemPubDate, 'category' => $itemCategory, 'id' => $itemId, 'author' => $itemAuthor);
//var_dump($this->_rssarray);
$i++;
if ($i > $maxNb) {
break;
}
// We get all records we want
}
}
return 1;
} else {
$this->error = 'ErrorFailedToLoadRSSFile';
return -1;
}
}
/**
* Check validity of user/password/entity
* If test is ko, reason must be filled into $_SESSION["dol_loginmesg"]
*
* @param string $usertotest Login
* @param string $passwordtotest Password
* @param int $entitytotest Number of instance (always 1 if module multicompany not enabled)
* @return string Login if OK, '' if KO
*/
function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotest = 1)
{
global $db, $conf, $langs;
// Force master entity in transversal mode
$entity = $entitytotest;
if (!empty($conf->multicompany->enabled) && !empty($conf->multicompany->transverse_mode)) {
$entity = 1;
}
$login = '';
if (!empty($usertotest)) {
dol_syslog("functions_dolibarr::check_user_password_dolibarr usertotest=" . $usertotest . " passwordtotest=" . preg_replace('/./', '*', $passwordtotest) . " entitytotest=" . $entitytotest);
// If test username/password asked, we define $test=false and $login var if ok, set $_SESSION["dol_loginmesg"] if ko
$table = MAIN_DB_PREFIX . "user";
$usernamecol1 = 'login';
$usernamecol2 = 'email';
$entitycol = 'entity';
$sql = 'SELECT rowid, login, entity, pass, pass_crypted';
$sql .= ' FROM ' . $table;
$sql .= ' WHERE (' . $usernamecol1 . " = '" . $db->escape($usertotest) . "'";
if (preg_match('/@/', $usertotest)) {
$sql .= ' OR ' . $usernamecol2 . " = '" . $db->escape($usertotest) . "'";
}
$sql .= ') AND ' . $entitycol . " IN (0," . ($entity ? $entity : 1) . ")";
$sql .= ' AND statut = 1';
$resql = $db->query($sql);
if ($resql) {
$obj = $db->fetch_object($resql);
if ($obj) {
$passclear = $obj->pass;
$passcrypted = $obj->pass_crypted;
$passtyped = $passwordtotest;
$passok = false;
// Check crypted password
$cryptType = '';
if (!empty($conf->global->DATABASE_PWD_ENCRYPTED)) {
$cryptType = $conf->global->DATABASE_PWD_ENCRYPTED;
}
// By default, we used MD5
if (!in_array($cryptType, array('md5'))) {
$cryptType = 'md5';
}
// Check crypted password according to crypt algorithm
if ($cryptType == 'md5') {
if (dol_hash($passtyped) == $passcrypted) {
$passok = true;
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - " . $cryptType . " of pass is ok");
}
}
// For compatibility with old versions
if (!$passok) {
if ((!$passcrypted || $passtyped) && ($passclear && $passtyped == $passclear)) {
$passok = true;
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - found pass in database");
}
}
// Password ok ?
if ($passok) {
$login = $obj->login;
} else {
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko bad password for '" . $usertotest . "'");
sleep(1);
$langs->load('main');
$langs->load('errors');
$_SESSION["dol_loginmesg"] = $langs->trans("ErrorBadLoginPassword");
}
// We must check entity
if ($passok && !empty($conf->multicompany->enabled)) {
global $mc;
if (!isset($mc)) {
$conf->multicompany->enabled = false;
} else {
$ret = $mc->checkRight($obj->rowid, $entitytotest);
if ($ret < 0) {
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko entity '" . $entitytotest . "' not allowed for user '" . $obj->rowid . "'");
$login = '';
// force authentication failure
}
}
}
} else {
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko user not found for '" . $usertotest . "'");
sleep(1);
$langs->load('main');
$langs->load('errors');
$_SESSION["dol_loginmesg"] = $langs->trans("ErrorBadLoginPassword");
}
} else {
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko db error for '" . $usertotest . "' error=" . $db->lasterror());
sleep(1);
$_SESSION["dol_loginmesg"] = $db->lasterror();
}
}
return $login;
}
/**
* Return string with full Url
*
* @param int $mode 0=True url, 1=Url formated with colors
* @param string $type Type of URL ('free', 'order', 'invoice', 'contractline', 'membersubscription' ...)
* @param string $ref Ref of object
* @param int $amount Amount
* @param string $freetag Free tag
* @return string Url string
*/
function getPaypalPaymentUrl($mode, $type, $ref = '', $amount = '9.99', $freetag = 'your_free_tag')
{
global $conf;
if ($type == 'free') {
$out = DOL_MAIN_URL_ROOT . '/public/paypal/newpayment.php?amount=' . ($mode ? '<font color="#666666">' : '') . $amount . ($mode ? '</font>' : '') . '&tag=' . ($mode ? '<font color="#666666">' : '') . $freetag . ($mode ? '</font>' : '');
if (!empty($conf->global->PAYPAL_SECURITY_TOKEN)) {
if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
$out .= '&securekey=' . $conf->global->PAYPAL_SECURITY_TOKEN;
} else {
$out .= '&securekey=' . dol_hash($conf->global->PAYPAL_SECURITY_TOKEN, 2);
}
}
}
if ($type == 'order') {
$out = DOL_MAIN_URL_ROOT . '/public/paypal/newpayment.php?source=order&ref=' . ($mode ? '<font color="#666666">' : '');
if ($mode == 1) {
$out .= 'order_ref';
}
if ($mode == 0) {
$out .= urlencode($ref);
}
$out .= $mode ? '</font>' : '';
if (!empty($conf->global->PAYPAL_SECURITY_TOKEN)) {
if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
$out .= '&securekey=' . $conf->global->PAYPAL_SECURITY_TOKEN;
} else {
$out .= '&securekey=' . ($mode ? '<font color="#666666">' : '');
if ($mode == 1) {
$out .= "hash('" . $conf->global->PAYPAL_SECURITY_TOKEN . "' + 'order' + order_ref)";
}
if ($mode == 0) {
$out .= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'order' . $ref, 2);
}
$out .= $mode ? '</font>' : '';
}
}
}
if ($type == 'invoice') {
$out = DOL_MAIN_URL_ROOT . '/public/paypal/newpayment.php?source=invoice&ref=' . ($mode ? '<font color="#666666">' : '');
if ($mode == 1) {
$out .= 'invoice_ref';
}
if ($mode == 0) {
$out .= urlencode($ref);
}
$out .= $mode ? '</font>' : '';
if (!empty($conf->global->PAYPAL_SECURITY_TOKEN)) {
if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
$out .= '&securekey=' . $conf->global->PAYPAL_SECURITY_TOKEN;
} else {
$out .= '&securekey=' . ($mode ? '<font color="#666666">' : '');
if ($mode == 1) {
$out .= "hash('" . $conf->global->PAYPAL_SECURITY_TOKEN . "' + 'invoice' + invoice_ref)";
}
if ($mode == 0) {
$out .= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'invoice' . $ref, 2);
}
$out .= $mode ? '</font>' : '';
}
}
}
if ($type == 'contractline') {
$out = DOL_MAIN_URL_ROOT . '/public/paypal/newpayment.php?source=contractline&ref=' . ($mode ? '<font color="#666666">' : '');
if ($mode == 1) {
$out .= 'contractline_ref';
}
if ($mode == 0) {
$out .= urlencode($ref);
}
$out .= $mode ? '</font>' : '';
if (!empty($conf->global->PAYPAL_SECURITY_TOKEN)) {
if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
$out .= '&securekey=' . $conf->global->PAYPAL_SECURITY_TOKEN;
} else {
$out .= '&securekey=' . ($mode ? '<font color="#666666">' : '');
if ($mode == 1) {
$out .= "hash('" . $conf->global->PAYPAL_SECURITY_TOKEN . "' + 'contactline' + contractline_ref)";
}
if ($mode == 0) {
$out .= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'contractline' . $ref, 2);
}
$out .= $mode ? '</font>' : '';
}
}
}
if ($type == 'membersubscription') {
$out = DOL_MAIN_URL_ROOT . '/public/paypal/newpayment.php?source=membersubscription&ref=' . ($mode ? '<font color="#666666">' : '');
if ($mode == 1) {
$out .= 'member_ref';
}
if ($mode == 0) {
$out .= urlencode($ref);
}
$out .= $mode ? '</font>' : '';
if (!empty($conf->global->PAYPAL_SECURITY_TOKEN)) {
if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
$out .= '&securekey=' . $conf->global->PAYPAL_SECURITY_TOKEN;
} else {
$out .= '&securekey=' . ($mode ? '<font color="#666666">' : '');
if ($mode == 1) {
$out .= "hash('" . $conf->global->PAYPAL_SECURITY_TOKEN . "' + 'membersubscription' + member_ref)";
}
if ($mode == 0) {
$out .= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'membersubscription' . $ref, 2);
}
$out .= $mode ? '</font>' : '';
}
}
}
// For multicompany
$out .= "&entity=" . $conf->entity;
// Check the entity because He may be the same reference in several entities
return $out;
}
require_once DOL_DOCUMENT_ROOT .'/core/lib/admin.lib.php';
$dolibarrversionlastupgrade=preg_split('/[.-]/',$versiontocompare);
$dolibarrversionprogram=preg_split('/[.-]/',DOL_VERSION);
$rescomp=versioncompare($dolibarrversionprogram,$dolibarrversionlastupgrade);
if ($rescomp > 0) // Programs have a version higher than database. We did not add "&& $rescomp < 3" because we want upgrade process for build upgrades
{
dol_syslog("main.inc: database version ".$versiontocompare." is lower than programs version ".DOL_VERSION.". Redirect to install page.", LOG_WARNING);
header("Location: ".DOL_URL_ROOT."/install/index.php");
exit;
}
}
// Creation of a token against CSRF vulnerabilities
if (! defined('NOTOKENRENEWAL'))
{
$token = dol_hash(uniqid(mt_rand(),TRUE)); // Generates a hash of a random number
// roulement des jetons car cree a chaque appel
if (isset($_SESSION['newtoken'])) $_SESSION['token'] = $_SESSION['newtoken'];
$_SESSION['newtoken'] = $token;
}
if (! empty($conf->global->MAIN_SECURITY_CSRF)) // Check validity of token, only if option enabled (this option breaks some features sometimes)
{
if (isset($_POST['token']) && isset($_SESSION['token']))
{
if (($_POST['token'] != $_SESSION['token']))
{
dol_syslog("Invalid token in ".$_SERVER['HTTP_REFERER'].", action=".GETPOST('action').", _POST['token']=".GETPOST('token').", _SESSION['token']=".$_SESSION['token'],LOG_WARNING);
//print 'Unset POST by CSRF protection in main.inc.php.'; // Do not output anything because this create problems when using the BACK button on browsers.
unset($_POST);
}
}
$user->getrights();
}
$cdavLib = new CdavLib($user, $db, $langs);
// Authentication
$authBackend = new DAV\Auth\Backend\BasicCallBack(function ($username, $password) {
global $user;
if (!isset($user->login) || $user->login == '') {
return false;
}
if ($user->societe_id != 0) {
return false;
}
if ($user->login != $username) {
return false;
}
if ($user->pass_indatabase_crypted == '' || dol_hash($password) != $user->pass_indatabase_crypted) {
return false;
}
return true;
});
$authBackend->setRealm('Dolibarr');
// The lock manager is reponsible for making sure users don't overwrite
// each others changes.
$lockBackend = new DAV\Locks\Backend\File($dolibarr_main_data_root . '/cdav/.locks');
// Principals Backend
$principalBackend = new DAVACL\PrincipalBackend\Dolibarr($user, $db);
// CardDav & CalDav Backend
$carddavBackend = new Sabre\CardDAV\Backend\Dolibarr($user, $db, $langs);
$caldavBackend = new Sabre\CalDAV\Backend\Dolibarr($user, $db, $langs, $cdavLib);
// Setting up the directory tree //
$nodes = array(new DAVACL\PrincipalCollection($principalBackend), new \Sabre\CardDAV\AddressBookRoot($principalBackend, $carddavBackend), new \Sabre\CalDAV\CalendarRoot($principalBackend, $caldavBackend), new DAV\FS\Directory($dolibarr_main_data_root . '/cdav/public'));
/**
* Login
*
* Log user with username and password
*
* @param string $login Username
* @param string $password User password
* @param int $entity User entity
* @return array Response status and user token
*
* @throws RestException
*/
public function login($login, $password, $entity = 0)
{
// Authentication mode
if (empty($dolibarr_main_authentication)) {
$dolibarr_main_authentication = 'http,dolibarr';
}
// Authentication mode: forceuser
if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) {
$dolibarr_auto_user = '******';
}
// Set authmode
$authmode = explode(',', $dolibarr_main_authentication);
include_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php';
$login = checkLoginPassEntity($login, $password, $entity, $authmode);
if (empty($login)) {
throw new RestException(403, 'Access denied');
}
// Generate token for user
$token = dol_hash($login . uniqid() . $conf->global->MAIN_API_KEY, 1);
// We store API token into database
$sql = "UPDATE " . MAIN_DB_PREFIX . "user";
$sql .= " SET api_key = '" . $this->db->escape($token) . "'";
$sql .= " WHERE login = '******'";
dol_syslog(get_class($this) . "::login", LOG_DEBUG);
// No log
$result = $this->db->query($sql);
if (!$result) {
throw new RestException(500, 'Error when updating user :'******'success' => array('code' => 200, 'token' => $token, 'message' => 'Welcome ' . $login));
}
/**
* Seearch images into html message and init array this->images_encoded if found
*
* @param string $images_dir Location of physical images files
* @return int >0 if OK, <0 if KO
*/
function findHtmlImages($images_dir)
{
// Build the list of image extensions
$extensions = array_keys($this->image_types);
preg_match_all('/(?:"|\')([^"\']+\\.(' . implode('|', $extensions) . '))(?:"|\')/Ui', $this->html, $matches);
if ($matches) {
$i = 0;
foreach ($matches[1] as $full) {
if (preg_match('/file=([A-Za-z0-9_\\-\\/]+[\\.]?[A-Za-z0-9]+)?$/i', $full, $regs)) {
$img = $regs[1];
if (file_exists($images_dir . '/' . $img)) {
// Image path in src
$src = preg_quote($full, '/');
// Image full path
$this->html_images[$i]["fullpath"] = $images_dir . '/' . $img;
// Image name
$this->html_images[$i]["name"] = $img;
// Content type
if (preg_match('/^.+\\.(\\w{3,4})$/', $img, $reg)) {
$ext = strtolower($reg[1]);
$this->html_images[$i]["content_type"] = $this->image_types[$ext];
}
// cid
$this->html_images[$i]["cid"] = dol_hash(uniqid(time()));
$this->html = preg_replace("/src=\"{$src}\"|src='{$src}'/i", "src=\"cid:" . $this->html_images[$i]["cid"] . "\"", $this->html);
}
$i++;
}
}
if (!empty($this->html_images)) {
$inline = array();
$i = 0;
foreach ($this->html_images as $img) {
$fullpath = $images_dir . '/' . $img["name"];
// If duplicate images are embedded, they may show up as attachments, so remove them.
if (!in_array($fullpath, $inline)) {
// Read image file
if ($image = file_get_contents($fullpath)) {
// On garde que le nom de l'image
preg_match('/([A-Za-z0-9_-]+[\\.]?[A-Za-z0-9]+)?$/i', $img["name"], $regs);
$imgName = $regs[1];
$this->images_encoded[$i]['name'] = $imgName;
$this->images_encoded[$i]['content_type'] = $img["content_type"];
$this->images_encoded[$i]['cid'] = $img["cid"];
// Encodage de l'image
$this->images_encoded[$i]["image_encoded"] = chunk_split(base64_encode($image), 68, $this->eol);
$inline[] = $fullpath;
}
}
$i++;
}
} else {
return -1;
}
return 1;
} else {
return 0;
}
}
|| (empty($conf->global->MAIN_VERSION_LAST_UPGRADE) && !empty($conf->global->MAIN_VERSION_LAST_INSTALL) && ($conf->global->MAIN_VERSION_LAST_INSTALL != DOL_VERSION))) {
$versiontocompare = empty($conf->global->MAIN_VERSION_LAST_UPGRADE) ? $conf->global->MAIN_VERSION_LAST_INSTALL : $conf->global->MAIN_VERSION_LAST_UPGRADE;
require_once(DOL_DOCUMENT_ROOT . "/core/lib/admin.lib.php");
$dolibarrversionlastupgrade = preg_split('/[.-]/', $versiontocompare);
$dolibarrversionprogram = preg_split('/[.-]/', DOL_VERSION);
$rescomp = versioncompare($dolibarrversionprogram, $dolibarrversionlastupgrade);
if ($rescomp > 0) { // Programs have a version higher than database. We did not add "&& $rescomp < 3" because we want upgrade process for build upgrades
dol_syslog("main.inc: database version " . $versiontocompare . " is lower than programs version " . DOL_VERSION . ". Redirect to install page.", LOG_WARNING);
Header("Location: " . DOL_URL_ROOT . "/install/index.php");
exit;
}
}
// Creation of a token against CSRF vulnerabilities
if (!defined('NOTOKENRENEWAL')) {
$token = dol_hash(uniqid(mt_rand(), TRUE)); // Genere un hash d'un nombre aleatoire
// roulement des jetons car cree a chaque appel
if (isset($_SESSION['newtoken']))
$_SESSION['token'] = $_SESSION['newtoken'];
$_SESSION['newtoken'] = $token;
}
if (!empty($conf->global->MAIN_SECURITY_CSRF)) { // Check validity of token, only if option enabled (this option breaks some features sometimes)
if (isset($_POST['token']) && isset($_SESSION['token'])) {
if (($_POST['token'] != $_SESSION['token'])) {
dol_syslog("Invalid token in " . $_SERVER['HTTP_REFERER'] . ", action=" . $_POST['action'] . ", _POST['token']=" . $_POST['token'] . ", _SESSION['token']=" . $_SESSION['token'], LOG_WARNING);
//print 'Unset POST by CSRF protection in main.inc.php.'; // Do not output anything because this create problems when using the BACK button on browsers.
unset($_POST);
}
}
}
$urlback .= '&email=' . urlencode(GETPOST('email'));
}
if (!empty($entity)) {
$urlback .= '&entity=' . $entity;
}
} else {
if ($conf->global->MEMBER_NEWFORM_PAYONLINE == 'paypal') {
$urlback = DOL_MAIN_URL_ROOT . '/public/paypal/newpayment.php?from=membernewform&source=membersubscription&ref=' . $adh->ref;
if (price2num(GETPOST('amount'))) {
$urlback .= '&amount=' . price2num(GETPOST('amount'));
}
if (GETPOST('email')) {
$urlback .= '&email=' . urlencode(GETPOST('email'));
}
if (!empty($conf->global->PAYPAL_SECURITY_TOKEN) && !empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) {
$urlback .= '&securekey=' . dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'membersubscription' . $adh->ref, 2);
}
if (!empty($entity)) {
$urlback .= '&entity=' . $entity;
}
} else {
dol_print_error('', "Autosubscribe form is setup to ask an online payment for a not managed online payment");
exit;
}
}
}
dol_syslog("member " . $adh->ref . " was created, we redirect to " . $urlback);
Header("Location: " . $urlback);
exit;
} else {
$errmsg .= join('<br>', $adh->errors);
/**
* Envoie mot de passe par mail
*
* @param User $user Object user de l'utilisateur qui fait l'envoi
* @param string $password Nouveau mot de passe
* @param int $changelater 1=Change password only after clicking on confirm email
* @return int < 0 si erreur, > 0 si ok
*/
function send_password($user, $password = '', $changelater = 0) {
global $conf, $langs;
global $dolibarr_main_url_root;
require_once DOL_DOCUMENT_ROOT . "/core/class/CMailFile.class.php";
$subject = $langs->trans("SubjectNewPassword");
$msgishtml = 0;
// Define $msg
$mesg = '';
$outputlangs = new Translate("", $conf);
if (isset($this->conf->MAIN_LANG_DEFAULT)
&& $this->conf->MAIN_LANG_DEFAULT != 'auto') { // If user has defined its own language (rare because in most cases, auto is used)
$outputlangs->getDefaultLang($this->conf->MAIN_LANG_DEFAULT);
} else { // If user has not defined its own language, we used current language
$outputlangs = $langs;
}
// Define urlwithouturlroot
if (!empty($_SERVER["HTTP_HOST"])) { // Autodetect main url root
$urlwithouturlroot = 'http://' . preg_replace('/' . preg_quote(DOL_URL_ROOT, '/') . '$/i', '', $_SERVER["HTTP_HOST"]);
} else {
$urlwithouturlroot = preg_replace('/' . preg_quote(DOL_URL_ROOT, '/') . '$/i', '', $dolibarr_main_url_root);
}
if (!empty($dolibarr_main_force_https))
$urlwithouturlroot = preg_replace('/http:/i', 'https:', $urlwithouturlroot);
// TODO Use outputlangs to translate messages
if (!$changelater) {
$mesg.= "A request to change your Dolibarr password has been received.\n";
$mesg.= "This is your new keys to login:\n\n";
$mesg.= $langs->trans("Login") . " : $this->login\n";
$mesg.= $langs->trans("Password") . " : $password\n\n";
$mesg.= "\n";
$url = $urlwithouturlroot . DOL_URL_ROOT;
$mesg.= 'Click here to go to Dolibarr: ' . $url . "\n\n";
$mesg.= "--\n";
$mesg.= $user->getFullName($langs); // Username that make then sending
} else {
$mesg.= "A request to change your Dolibarr password has been received.\n";
$mesg.= "Your new key to login will be:\n\n";
$mesg.= $langs->trans("Login") . " : $this->login\n";
$mesg.= $langs->trans("Password") . " : $password\n\n";
$mesg.= "\n";
$mesg.= "You must click on the folowing link to validate its change.\n";
$url = $urlwithouturlroot . DOL_URL_ROOT . '/user/passwordforgotten.php?action=validatenewpassword&username='******'t ask anything, just forget this email\n\n";
dol_syslog(get_class($this) . "::send_password url=" . $url);
}
$mailfile = new CMailFile(
$subject,
$this->email,
$conf->notification->email_from,
$mesg,
array(),
array(),
array(),
'',
'',
0,
$msgishtml
);
if ($mailfile->sendfile()) {
return 1;
} else {
$langs->trans("errors");
$this->error = $langs->trans("ErrorFailedToSendPassword") . ' ' . $mailfile->error;
return -1;
}
}