onlineSign.php 5.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188
  1. <?php
  2. /*
  3. * This program is free software; you can redistribute it and/or modify
  4. * it under the terms of the GNU General Public License as published by
  5. * the Free Software Foundation; either version 3 of the License, or
  6. * (at your option) any later version.
  7. *
  8. * This program is distributed in the hope that it will be useful,
  9. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  10. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  11. * GNU General Public License for more details.
  12. *
  13. * You should have received a copy of the GNU General Public License
  14. * along with this program. If not, see <https://www.gnu.org/licenses/>.
  15. */
  16. /**
  17. * \file /htdocs/core/ajax/onlineSign.php
  18. * \brief File to make Ajax action on Knowledge Management
  19. */
  20. if (!defined('NOTOKENRENEWAL')) {
  21. define('NOTOKENRENEWAL', '1'); // Disables token renewal
  22. }
  23. if (!defined('NOREQUIREHTML')) {
  24. define('NOREQUIREHTML', '1');
  25. }
  26. if (!defined('NOREQUIREAJAX')) {
  27. define('NOREQUIREAJAX', '1');
  28. }
  29. if (!defined('NOREQUIRESOC')) {
  30. define('NOREQUIRESOC', '1');
  31. }
  32. if (!defined('NOCSRFCHECK')) {
  33. define('NOCSRFCHECK', '1');
  34. }
  35. // Do not check anti CSRF attack test
  36. if (!defined('NOREQUIREMENU')) {
  37. define('NOREQUIREMENU', '1');
  38. }
  39. // If there is no need to load and show top and left menu
  40. if (!defined("NOLOGIN")) {
  41. define("NOLOGIN", '1');
  42. }
  43. if (!defined('NOIPCHECK')) {
  44. define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip
  45. }
  46. if (!defined('NOBROWSERNOTIF')) {
  47. define('NOBROWSERNOTIF', '1');
  48. }
  49. $entity = (!empty($_GET['entity']) ? (int) $_GET['entity'] : (!empty($_POST['entity']) ? (int) $_POST['entity'] : 1));
  50. if (is_numeric($entity)) {
  51. define("DOLENTITY", $entity);
  52. }
  53. include '../../main.inc.php';
  54. $action = GETPOST('action', 'aZ09');
  55. $signature = GETPOST('signaturebase64');
  56. $ref = GETPOST('ref', 'aZ09');
  57. $mode = GETPOST('mode', 'aZ09');
  58. $SECUREKEY = GETPOST("securekey"); // Secure key
  59. $error = 0;
  60. $response = "";
  61. $type = $mode;
  62. // Check securitykey
  63. $securekeyseed = '';
  64. if ($type == 'proposal') {
  65. $securekeyseed = $conf->global->PROPOSAL_ONLINE_SIGNATURE_SECURITY_TOKEN;
  66. }
  67. if (!dol_verifyHash($securekeyseed.$type.$ref, $SECUREKEY, '0')) {
  68. http_response_code(403);
  69. print 'Bad value for securitykey. Value provided '.dol_escape_htmltag($SECUREKEY).' does not match expected value for ref='.dol_escape_htmltag($ref);
  70. exit(-1);
  71. }
  72. /*
  73. * Actions
  74. */
  75. // None
  76. /*
  77. * View
  78. */
  79. if ($action == "importSignature") {
  80. if (!empty($signature) && $signature[0] == "image/png;base64") {
  81. $signature = $signature[1];
  82. $data = base64_decode($signature);
  83. if ($mode == "propale" || $mode == 'proposal') {
  84. require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';
  85. require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
  86. $object = new Propal($db);
  87. $object->fetch(0, $ref);
  88. $upload_dir = !empty($conf->propal->multidir_output[$object->entity])?$conf->propal->multidir_output[$object->entity]:$conf->propal->dir_output;
  89. $upload_dir .= '/'.dol_sanitizeFileName($object->ref).'/';
  90. $date = dol_print_date(dol_now(), "%Y%m%d%H%M%S");
  91. $filename = "signatures/".$date."_signature.png";
  92. if (!is_dir($upload_dir."signatures/")) {
  93. if (!dol_mkdir($upload_dir."signatures/")) {
  94. $response ="Error mkdir. Failed to create dir ".$upload_dir."signatures/";
  95. $error++;
  96. }
  97. }
  98. if (!$error) {
  99. $return = file_put_contents($upload_dir.$filename, $data);
  100. if ($return == false) {
  101. $error++;
  102. $response = 'Error file_put_content: failed to create signature file.';
  103. }
  104. }
  105. if (!$error) {
  106. $newpdffilename = $upload_dir.$ref."_signed-".$date.".pdf";
  107. $pdf = pdf_getInstance();
  108. $pdf->Open();
  109. $pdf->AddPage();
  110. $pagecount = $pdf->setSourceFile($upload_dir.$ref.".pdf"); // original PDF
  111. for ($i=1;$i<($pagecount+1);$i++) {
  112. if ($i>1) $pdf->AddPage();
  113. $tppl=$pdf->importPage($i);
  114. $pdf->useTemplate($tppl);
  115. }
  116. $pdf->Image($upload_dir.$filename, 129, 239.6, 60, 15); // FIXME Position will be wrong with non A4 format. Use a value from width and height of page minus relative offset.
  117. $pdf->Close();
  118. $pdf->Output($newpdffilename, "F");
  119. $db->begin();
  120. // Index the new file and update the last_main_doc property of object.
  121. $object->indexFile($newpdffilename, 1);
  122. $online_sign_ip = getUserRemoteIP();
  123. $online_sign_name = ''; // TODO Ask name on form to sign
  124. $sql = "UPDATE ".MAIN_DB_PREFIX."propal";
  125. $sql .= " SET fk_statut = ".((int) $object::STATUS_SIGNED).", note_private = '".$db->escape($object->note_private)."',";
  126. $sql .= " date_signature = '".$db->idate(dol_now())."',";
  127. $sql .= " online_sign_ip = '".$db->escape($online_sign_ip)."'";
  128. if ($online_sign_name) {
  129. $sql .= ", online_sign_name = '".$db->escape($online_sign_name)."'";
  130. }
  131. $sql .= " WHERE rowid = ".((int) $object->id);
  132. dol_syslog(__METHOD__, LOG_DEBUG);
  133. $resql = $db->query($sql);
  134. if (!$resql) {
  135. $error++;
  136. } else {
  137. $num = $db->affected_rows($resql);
  138. }
  139. if (!$error) {
  140. $db->commit();
  141. $response = "success";
  142. setEventMessages("PropalSigned", null, 'warnings');
  143. } else {
  144. $db->rollback();
  145. $error++;
  146. $response = "error sql";
  147. }
  148. }
  149. }
  150. } else {
  151. $error++;
  152. $response = 'error signature_not_found';
  153. }
  154. }
  155. if ($error) {
  156. http_response_code(501);
  157. }
  158. echo $response;