صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
iProspective
/
dolibarr
3
0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
درخت: 7d5d242da0
شاخه‌ها تگ‌ها
dolibarr
/
htdocs
/
dav
/
fileserver.php

fileserver.php 7.2 KB
تاريخچه خام

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226 
  1. <?php
    2. 

  2. /* Copyright (C) 2018	Destailleur Laurent	<eldy@users.sourceforge.net>
    3. 

  3.  * Copyright (C) 2019	Regis Houssin		<regis.houssin@inodbox.com>
    4. 

  4.  *
    5. 

  5.  * This program is free software; you can redistribute it and/or modify
    6. 

  6.  * it under the terms of the GNU General Public License as published by
    7. 

  7.  * the Free Software Foundation; either version 3 of the License, or
    8. 

  8.  * (at your option) any later version.
    9. 

  9.  *
    10. 

  10.  * This program is distributed in the hope that it will be useful,
    11. 

  11.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12. 

  12.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13. 

  13.  * GNU General Public License for more details.
    14. 

  14.  *
    15. 

  15.  * You should have received a copy of the GNU General Public License
    16. 

  16.  * along with this program. If not, see <https://www.gnu.org/licenses/>.
    17. 

  17.  *
    18. 

  18.  * You can test with the WebDav client cadaver:
    19. 

  19.  * cadaver http://myurl/dav/fileserver.php
    20. 

  20.  */
    21. 

  21. 

  22. /**
    23. 

  23.  *      \file       htdocs/dav/fileserver.php
    24. 

  24.  *      \ingroup    dav
    25. 

  25.  *      \brief      Server DAV
    26. 

  26.  */
    27. 

  27. 

  28. if (!defined('NOTOKENRENEWAL')) {
    29. 

  29. 	define('NOTOKENRENEWAL', '1');
    30. 

  30. }
    31. 

  31. if (!defined('NOREQUIREMENU')) {
    32. 

  32. 	define('NOREQUIREMENU', '1'); // If there is no menu to show
    33. 

  33. }
    34. 

  34. if (!defined('NOREQUIREHTML')) {
    35. 

  35. 	define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
    36. 

  36. }
    37. 

  37. if (!defined('NOREQUIREAJAX')) {
    38. 

  38. 	define('NOREQUIREAJAX', '1');
    39. 

  39. }
    40. 

  40. if (!defined('NOLOGIN')) {
    41. 

  41. 	define("NOLOGIN", 1); // This means this output page does not require to be logged.
    42. 

  42. }
    43. 

  43. if (!defined('NOCSRFCHECK')) {
    44. 

  44. 	define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.
    45. 

  45. }
    46. 

  46. 

  47. require "../main.inc.php";
    48. 

  48. require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
    49. 

  49. require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
    50. 

  50. require_once DOL_DOCUMENT_ROOT.'/dav/dav.class.php';
    51. 

  51. require_once DOL_DOCUMENT_ROOT.'/dav/dav.lib.php';
    52. 

  52. require_once DOL_DOCUMENT_ROOT.'/includes/sabre/autoload.php';
    53. 

  53. 

  54. 

  55. $user = new User($db);
    56. 

  56. if (isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_USER'] != '') {
    57. 

  57. 	$user->fetch('', $_SERVER['PHP_AUTH_USER']);
    58. 

  58. 	$user->getrights();
    59. 

  59. }
    60. 

  60. 

  61. // Load translation files required by the page
    62. 

  62. $langs->loadLangs(array("main", "other"));
    63. 

  63. 

  64. 

  65. if (empty($conf->dav->enabled)) {
    66. 

  66. 	accessforbidden();
    67. 

  67. }
    68. 

  68. 

  69. 

  70. // Restrict API to some IPs
    71. 

  71. if (!empty($conf->global->DAV_RESTRICT_ON_IP)) {
    72. 

  72. 	$allowedip = explode(' ', $conf->global->DAV_RESTRICT_ON_IP);
    73. 

  73. 	$ipremote = getUserRemoteIP();
    74. 

  74. 	if (!in_array($ipremote, $allowedip)) {
    75. 

  75. 		dol_syslog('Remote ip is '.$ipremote.', not into list '.$conf->global->DAV_RESTRICT_ON_IP);
    76. 

  76. 		print 'DAV not allowed from the IP '.$ipremote;
    77. 

  77. 		header('HTTP/1.1 503 DAV not allowed from your IP '.$ipremote);
    78. 

  78. 		//print $conf->global->DAV_RESTRICT_ON_IP;
    79. 

  79. 		exit(0);
    80. 

  80. 	}
    81. 

  81. }
    82. 

  82. 

  83. 

  84. $entity = (GETPOST('entity', 'int') ? GETPOST('entity', 'int') : (!empty($conf->entity) ? $conf->entity : 1));
    85. 

  85. 

  86. // settings
    87. 

  87. $publicDir = $conf->dav->multidir_output[$entity].'/public';
    88. 

  88. $privateDir = $conf->dav->multidir_output[$entity].'/private';
    89. 

  89. $ecmDir = $conf->ecm->multidir_output[$entity];
    90. 

  90. $tmpDir = $conf->dav->multidir_output[$entity]; // We need root dir, not a dir that can be deleted
    91. 

  91. //var_dump($tmpDir);mkdir($tmpDir);exit;
    92. 

  92. 

  93. 

  94. // Authentication callback function
    95. 

  95. $authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(function ($username, $password) {
    96. 

  96. 	global $user;
    97. 

  97. 	global $conf;
    98. 

  98. 	global $dolibarr_main_authentication, $dolibarr_auto_user;
    99. 

  99. 

  100. 	if (empty($user->login)) {
    101. 

  101. 		dol_syslog("Failed to authenticate to DAV, login is not provided", LOG_WARNING);
    102. 

  102. 		return false;
    103. 

  103. 	}
    104. 

  104. 	if ($user->socid > 0) {
    105. 

  105. 		dol_syslog("Failed to authenticate to DAV, use is an external user", LOG_WARNING);
    106. 

  106. 		return false;
    107. 

  107. 	}
    108. 

  108. 	if ($user->login != $username) {
    109. 

  109. 		dol_syslog("Failed to authenticate to DAV, login does not match the login of loaded user", LOG_WARNING);
    110. 

  110. 		return false;
    111. 

  111. 	}
    112. 

  112. 

  113. 	// Authentication mode
    114. 

  114. 	if (empty($dolibarr_main_authentication)) {
    115. 

  115. 		$dolibarr_main_authentication = 'dolibarr';
    116. 

  116. 	}
    117. 

  117. 

  118. 	// Authentication mode: forceuser
    119. 

  119. 	if ($dolibarr_main_authentication == 'forceuser') {
    120. 

  120. 		if (empty($dolibarr_auto_user)) {
    121. 

  121. 			$dolibarr_auto_user = 'auto';
    122. 

  122. 		}
    123. 

  123. 		if ($dolibarr_auto_user != $username) {
    124. 

  124. 			dol_syslog("Warning: your instance is set to use the automatic forced login '".$dolibarr_auto_user."' that is not the requested login. DAV usage is forbidden in this mode.");
    125. 

  125. 			return false;
    126. 

  126. 		}
    127. 

  127. 	}
    128. 

  128. 

  129. 	$authmode = explode(',', $dolibarr_main_authentication);
    130. 

  130. 	$entity = (GETPOST('entity', 'int') ? GETPOST('entity', 'int') : (!empty($conf->entity) ? $conf->entity : 1));
    131. 

  131. 

  132. 	if (checkLoginPassEntity($username, $password, $entity, $authmode, 'dav') != $username) {
    133. 

  133. 		return false;
    134. 

  134. 	}
    135. 

  135. 

  136. 	return true;
    137. 

  137. });
    138. 

  138. 

  139. $authBackend->setRealm(constant('DOL_APPLICATION_TITLE'));
    140. 

  140. 

  141. 

  142. 

  143. 

  144. 

  145. /*
    146. 

  146.  * Actions and View
    147. 

  147.  */
    148. 

  148. 

  149. // Create the root node
    150. 

  150. // Setting up the directory tree //
    151. 

  151. $nodes = array();
    152. 

  152. 

  153. // Enable directories and features according to DAV setup
    154. 

  154. // Public dir
    155. 

  155. if (!empty($conf->global->DAV_ALLOW_PUBLIC_DIR)) {
    156. 

  156. 	$nodes[] = new \Sabre\DAV\FS\Directory($publicDir);
    157. 

  157. }
    158. 

  158. // Private dir
    159. 

  159. $nodes[] = new \Sabre\DAV\FS\Directory($privateDir);
    160. 

  160. // ECM dir
    161. 

  161. if (!empty($conf->ecm->enabled) && !empty($conf->global->DAV_ALLOW_ECM_DIR)) {
    162. 

  162. 	$nodes[] = new \Sabre\DAV\FS\Directory($ecmDir);
    163. 

  163. }
    164. 

  164. 

  165. 

  166. 

  167. // Principals Backend
    168. 

  168. //$principalBackend = new \Sabre\DAVACL\PrincipalBackend\Dolibarr($user,$db);
    169. 

  169. // /principals
    170. 

  170. //$nodes[] = new \Sabre\DAVACL\PrincipalCollection($principalBackend);
    171. 

  171. // CardDav & CalDav Backend
    172. 

  172. //$carddavBackend   = new \Sabre\CardDAV\Backend\Dolibarr($user,$db,$langs);
    173. 

  173. //$caldavBackend    = new \Sabre\CalDAV\Backend\Dolibarr($user,$db,$langs, $cdavLib);
    174. 

  174. // /addressbook
    175. 

  175. //$nodes[] = new \Sabre\CardDAV\AddressBookRoot($principalBackend, $carddavBackend);
    176. 

  176. // /calendars
    177. 

  177. //$nodes[] = new \Sabre\CalDAV\CalendarRoot($principalBackend, $caldavBackend);
    178. 

  178. 

  179. 

  180. // The rootnode needs in turn to be passed to the server class
    181. 

  181. $server = new \Sabre\DAV\Server($nodes);
    182. 

  182. 

  183. // If you want to run the SabreDAV server in a custom location (using mod_rewrite for instance)
    184. 

  184. // You can override the baseUri here.
    185. 

  185. $baseUri = DOL_URL_ROOT.'/dav/fileserver.php/';
    186. 

  186. if (isset($baseUri)) {
    187. 

  187. 	$server->setBaseUri($baseUri);
    188. 

  188. }
    189. 

  189. 

  190. // Add authentication function
    191. 

  191. if ((empty($conf->global->DAV_ALLOW_PUBLIC_DIR)
    192. 

  192. 	|| !preg_match('/'.preg_quote(DOL_URL_ROOT.'/dav/fileserver.php/public', '/').'/', $_SERVER["PHP_SELF"]))
    193. 

  193. 	&& !preg_match('/^sabreAction=asset&assetName=[a-zA-Z0-9%\-\/]+\.(png|css|woff|ico|ttf)$/', $_SERVER["QUERY_STRING"])	// URL for Sabre browser resources
    194. 

  194. 	) {
    195. 

  195. 	//var_dump($_SERVER["QUERY_STRING"]);exit;
    196. 

  196. 	$server->addPlugin(new \Sabre\DAV\Auth\Plugin($authBackend));
    197. 

  197. }
    198. 

  198. // Support for LOCK and UNLOCK
    199. 

  199. $lockBackend = new \Sabre\DAV\Locks\Backend\File($tmpDir.'/.locksdb');
    200. 

  200. $lockPlugin = new \Sabre\DAV\Locks\Plugin($lockBackend);
    201. 

  201. $server->addPlugin($lockPlugin);
    202. 

  202. 

  203. // Support for html frontend
    204. 

  204. if (empty($conf->global->DAV_DISABLE_BROWSER)) {
    205. 

  205. 	$browser = new \Sabre\DAV\Browser\Plugin();
    206. 

  206. 	$server->addPlugin($browser);
    207. 

  207. }
    208. 

  208. 

  209. // Automatically guess (some) contenttypes, based on extension
    210. 

  210. //$server->addPlugin(new \Sabre\DAV\Browser\GuessContentType());
    211. 

  211. 

  212. //$server->addPlugin(new \Sabre\CardDAV\Plugin());
    213. 

  213. //$server->addPlugin(new \Sabre\CalDAV\Plugin());
    214. 

  214. //$server->addPlugin(new \Sabre\DAVACL\Plugin());
    215. 

  215. 

  216. // Temporary file filter
    217. 

  217. /*$tempFF = new \Sabre\DAV\TemporaryFileFilterPlugin($tmpDir);
    218. 

  218. $server->addPlugin($tempFF);
    219. 

  219. */
    220. 

  220. 

  221. // And off we go!
    222. 

  222. $server->exec();
    223. 

  223. 

  224. if (is_object($db)) {
    225. 

  225. 	$db->close();
    226. 

  226. }
    227.