filefunc.inc.php 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297
  1. <?php
  2. /* Copyright (C) 2002-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
  3. * Copyright (C) 2003 Xavier Dutoit <doli@sydesy.com>
  4. * Copyright (C) 2004-2017 Laurent Destailleur <eldy@users.sourceforge.net>
  5. * Copyright (C) 2004 Sebastien Di Cintio <sdicintio@ressource-toi.org>
  6. * Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
  7. * Copyright (C) 2005-2011 Regis Houssin <regis.houssin@inodbox.com>
  8. * Copyright (C) 2005 Simon Tosser <simon@kornog-computing.com>
  9. * Copyright (C) 2006 Andre Cianfarani <andre.cianfarani@acdeveloppement.net>
  10. * Copyright (C) 2010 Juanjo Menent <jmenent@2byte.es>
  11. * Copyright (C) 2015 Bahfir Abbes <bafbes@gmail.com>
  12. *
  13. * This program is free software; you can redistribute it and/or modify
  14. * it under the terms of the GNU General Public License as published by
  15. * the Free Software Foundation; either version 3 of the License, or
  16. * (at your option) any later version.
  17. *
  18. * This program is distributed in the hope that it will be useful,
  19. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  20. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  21. * GNU General Public License for more details.
  22. *
  23. * You should have received a copy of the GNU General Public License
  24. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  25. */
  26. /**
  27. * \file htdocs/filefunc.inc.php
  28. * \ingroup core
  29. * \brief File that include conf.php file and commons lib like functions.lib.php
  30. */
  31. if (! defined('DOL_APPLICATION_TITLE')) define('DOL_APPLICATION_TITLE','Dolibarr');
  32. if (! defined('DOL_VERSION')) define('DOL_VERSION','10.0.0-alpha'); // a.b.c-alpha, a.b.c-beta, a.b.c-rcX or a.b.c
  33. if (! defined('EURO')) define('EURO',chr(128));
  34. // Define syslog constants
  35. if (! defined('LOG_DEBUG'))
  36. {
  37. if (! function_exists("syslog")) {
  38. // For PHP versions without syslog (like running on Windows OS)
  39. define('LOG_EMERG',0);
  40. define('LOG_ALERT',1);
  41. define('LOG_CRIT',2);
  42. define('LOG_ERR',3);
  43. define('LOG_WARNING',4);
  44. define('LOG_NOTICE',5);
  45. define('LOG_INFO',6);
  46. define('LOG_DEBUG',7);
  47. }
  48. }
  49. // End of common declaration part
  50. if (defined('DOL_INC_FOR_VERSION_ERROR')) return;
  51. // Define vars
  52. $conffiletoshowshort = "conf.php";
  53. // Define localization of conf file
  54. // --- Start of part replaced by Dolibarr packager makepack-dolibarr
  55. $conffile = "conf/conf.php";
  56. $conffiletoshow = "htdocs/conf/conf.php";
  57. // For debian/redhat like systems
  58. //$conffile = "/etc/dolibarr/conf.php";
  59. //$conffiletoshow = "/etc/dolibarr/conf.php";
  60. // Include configuration
  61. // --- End of part replaced by Dolibarr packager makepack-dolibarr
  62. // Include configuration
  63. $result=@include_once $conffile; // Keep @ because with some error reporting this break the redirect done when file not found
  64. if (! $result && ! empty($_SERVER["GATEWAY_INTERFACE"])) // If install not done and we are in a web session
  65. {
  66. if (! empty($_SERVER["CONTEXT_PREFIX"])) // CONTEXT_PREFIX and CONTEXT_DOCUMENT_ROOT are not defined on all apache versions
  67. {
  68. $path=$_SERVER["CONTEXT_PREFIX"]; // example '/dolibarr/' when using an apache alias.
  69. if (! preg_match('/\/$/', $path)) $path.='/';
  70. }
  71. elseif (preg_match('/index\.php/', $_SERVER['PHP_SELF']))
  72. {
  73. // When we ask index.php, we MUST BE SURE that $path is '' at the end. This is required to make install process
  74. // when using apache alias like '/dolibarr/' that point to htdocs.
  75. // Note: If calling page was an index.php not into htdocs (ie comm/index.php, ...), then this redirect will fails,
  76. // but we don't want to change this because when URL is correct, we must be sure the redirect to install/index.php will be correct.
  77. $path='';
  78. }
  79. else
  80. {
  81. // If what we look is not index.php, we can try to guess location of root. May not work all the time.
  82. // There is no real solution, because the only way to know the apache url relative path is to have it into conf file.
  83. // If it fails to find correct $path, then only solution is to ask user to enter the correct URL to index.php or install/index.php
  84. $TDir = explode('/', $_SERVER['PHP_SELF']);
  85. $path = '';
  86. $i = count($TDir);
  87. while ($i--)
  88. {
  89. if (empty($TDir[$i]) || $TDir[$i] == 'htdocs') break;
  90. if ($TDir[$i] == 'dolibarr') break;
  91. if (substr($TDir[$i], -4, 4) == '.php') continue;
  92. $path .= '../';
  93. }
  94. }
  95. header("Location: ".$path."install/index.php");
  96. exit;
  97. }
  98. // Force PHP error_reporting setup (Dolibarr may report warning without this)
  99. if (! empty($dolibarr_strict_mode))
  100. {
  101. error_reporting(E_ALL | E_STRICT);
  102. }
  103. else
  104. {
  105. error_reporting(E_ALL & ~(E_STRICT|E_NOTICE|E_DEPRECATED));
  106. }
  107. // Disable php display errors
  108. if (! empty($dolibarr_main_prod)) ini_set('display_errors','Off');
  109. // Clean parameters
  110. $dolibarr_main_data_root=trim($dolibarr_main_data_root);
  111. $dolibarr_main_url_root=trim(preg_replace('/\/+$/','',$dolibarr_main_url_root));
  112. $dolibarr_main_url_root_alt=(empty($dolibarr_main_url_root_alt)?'':trim($dolibarr_main_url_root_alt));
  113. $dolibarr_main_document_root=trim($dolibarr_main_document_root);
  114. $dolibarr_main_document_root_alt=(empty($dolibarr_main_document_root_alt)?'':trim($dolibarr_main_document_root_alt));
  115. if (empty($dolibarr_main_db_port)) $dolibarr_main_db_port=3306; // For compatibility with old configs, if not defined, we take 'mysql' type
  116. if (empty($dolibarr_main_db_type)) $dolibarr_main_db_type='mysqli'; // For compatibility with old configs, if not defined, we take 'mysql' type
  117. // Mysql driver support has been removed in favor of mysqli
  118. if ($dolibarr_main_db_type == 'mysql') $dolibarr_main_db_type = 'mysqli';
  119. if (empty($dolibarr_main_db_prefix)) $dolibarr_main_db_prefix='llx_';
  120. if (empty($dolibarr_main_db_character_set)) $dolibarr_main_db_character_set=($dolibarr_main_db_type=='mysqli'?'utf8':''); // Old installation
  121. if (empty($dolibarr_main_db_collation)) $dolibarr_main_db_collation=($dolibarr_main_db_type=='mysqli'?'utf8_unicode_ci':''); // Old installation
  122. if (empty($dolibarr_main_db_encryption)) $dolibarr_main_db_encryption=0;
  123. if (empty($dolibarr_main_db_cryptkey)) $dolibarr_main_db_cryptkey='';
  124. if (empty($dolibarr_main_limit_users)) $dolibarr_main_limit_users=0;
  125. if (empty($dolibarr_mailing_limit_sendbyweb)) $dolibarr_mailing_limit_sendbyweb=0;
  126. if (empty($dolibarr_mailing_limit_sendbycli)) $dolibarr_mailing_limit_sendbycli=0;
  127. if (empty($dolibarr_strict_mode)) $dolibarr_strict_mode=0; // For debug in php strict mode
  128. // Security: CSRF protection
  129. // This test check if referrer ($_SERVER['HTTP_REFERER']) is same web site than Dolibarr ($_SERVER['HTTP_HOST'])
  130. // when we post forms (we allow GET to allow direct link to access a particular page).
  131. // Note about $_SERVER[HTTP_HOST/SERVER_NAME]: http://shiflett.org/blog/2006/mar/server-name-versus-http-host
  132. if (! defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck))
  133. {
  134. if (! empty($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] != 'GET' && ! empty($_SERVER['HTTP_HOST']))
  135. {
  136. $csrfattack=false;
  137. if (empty($_SERVER['HTTP_REFERER'])) $csrfattack=true; // An evil browser was used
  138. else
  139. {
  140. $tmpa=parse_url($_SERVER['HTTP_HOST']);
  141. $tmpb=parse_url($_SERVER['HTTP_REFERER']);
  142. if ((empty($tmpa['host'])?$tmpa['path']:$tmpa['host']) != (empty($tmpb['host'])?$tmpb['path']:$tmpb['host'])) $csrfattack=true;
  143. }
  144. if ($csrfattack)
  145. {
  146. //print 'NOCSRFCHECK='.defined('NOCSRFCHECK').' REQUEST_METHOD='.$_SERVER['REQUEST_METHOD'].' HTTP_HOST='.$_SERVER['HTTP_HOST'].' HTTP_REFERER='.$_SERVER['HTTP_REFERER'];
  147. print "Access refused by CSRF protection in main.inc.php. Referer of form is outside server that serve the POST.\n";
  148. print "If you access your server behind a proxy using url rewriting, you might check that all HTTP header is propagated (or add the line \$dolibarr_nocsrfcheck=1 into your conf.php file).\n";
  149. die;
  150. }
  151. }
  152. // Another test is done later on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on.
  153. }
  154. if (empty($dolibarr_main_db_host))
  155. {
  156. print '<div align="center">Dolibarr setup is not yet complete.<br><br>'."\n";
  157. print '<a href="install/index.php">Click here to finish Dolibarr install process</a> ...</div>'."\n";
  158. die;
  159. }
  160. if (empty($dolibarr_main_url_root))
  161. {
  162. print 'Value for parameter \'dolibarr_main_url_root\' is not defined in your \'htdocs\conf\conf.php\' file.<br>'."\n";
  163. print 'You must add this parameter with your full Dolibarr root Url (Example: http://myvirtualdomain/ or http://mydomain/mydolibarrurl/)'."\n";
  164. die;
  165. }
  166. if (empty($dolibarr_main_data_root))
  167. {
  168. // Si repertoire documents non defini, on utilise celui par defaut
  169. $dolibarr_main_data_root=str_replace("/htdocs","",$dolibarr_main_document_root);
  170. $dolibarr_main_data_root.="/documents";
  171. }
  172. // Define some constants
  173. define('DOL_CLASS_PATH', 'class/'); // Filesystem path to class dir (defined only for some code that want to be compatible with old versions without this parameter)
  174. define('DOL_DATA_ROOT', $dolibarr_main_data_root); // Filesystem data (documents)
  175. define('DOL_DOCUMENT_ROOT', $dolibarr_main_document_root); // Filesystem core php (htdocs)
  176. // Try to autodetect DOL_MAIN_URL_ROOT and DOL_URL_ROOT.
  177. // Note: autodetect works only in case 1, 2, 3 and 4 of phpunit test CoreTest.php. For case 5, 6, only setting value into conf.php will works.
  178. $tmp='';
  179. $found=0;
  180. $real_dolibarr_main_document_root=str_replace('\\','/',realpath($dolibarr_main_document_root)); // A) Value found into config file, to say where are store htdocs files. Ex: C:/xxx/dolibarr, C:/xxx/dolibarr/htdocs
  181. if (!empty($_SERVER["DOCUMENT_ROOT"])) {
  182. $pathroot = $_SERVER["DOCUMENT_ROOT"]; // B) Value reported by web server setup (not defined on CLI mode), to say where is root of web server instance. Ex: C:/xxx/dolibarr, C:/xxx/dolibarr/htdocs
  183. } else {
  184. $pathroot = 'NOTDEFINED';
  185. }
  186. $paths=explode('/',str_replace('\\','/',$_SERVER["SCRIPT_NAME"])); // C) Value reported by web server, to say full path on filesystem of a file. Ex: /dolibarr/htdocs/admin/system/phpinfo.php
  187. // Try to detect if $_SERVER["DOCUMENT_ROOT"]+start of $_SERVER["SCRIPT_NAME"] is $dolibarr_main_document_root. If yes, relative url to add before dol files is this start part.
  188. $concatpath='';
  189. foreach($paths as $tmppath) // We check to find (B+start of C)=A
  190. {
  191. if (empty($tmppath)) continue;
  192. $concatpath.='/'.$tmppath;
  193. //if ($tmppath) $concatpath.='/'.$tmppath;
  194. //print $_SERVER["SCRIPT_NAME"].'-'.$pathroot.'-'.$concatpath.'-'.$real_dolibarr_main_document_root.'-'.realpath($pathroot.$concatpath).'<br>';
  195. if ($real_dolibarr_main_document_root == @realpath($pathroot.$concatpath)) // @ avoid warning when safe_mode is on.
  196. {
  197. //print "Found relative url = ".$concatpath;
  198. $tmp3=$concatpath;
  199. $found=1;
  200. break;
  201. }
  202. //else print "Not found yet for concatpath=".$concatpath."<br>\n";
  203. }
  204. //print "found=".$found." dolibarr_main_url_root=".$dolibarr_main_url_root."\n";
  205. if (! $found) $tmp=$dolibarr_main_url_root; // If autodetect fails (Ie: when using apache alias that point outside default DOCUMENT_ROOT).
  206. else $tmp='http'.(((empty($_SERVER["HTTPS"]) || $_SERVER["HTTPS"] != 'on') && (empty($_SERVER["SERVER_PORT"])||$_SERVER["SERVER_PORT"]!=443))?'':'s').'://'.$_SERVER["SERVER_NAME"].((empty($_SERVER["SERVER_PORT"])||$_SERVER["SERVER_PORT"]==80||$_SERVER["SERVER_PORT"]==443)?'':':'.$_SERVER["SERVER_PORT"]).($tmp3?(preg_match('/^\//',$tmp3)?'':'/').$tmp3:'');
  207. //print "tmp1=".$tmp1." tmp2=".$tmp2." tmp3=".$tmp3." tmp=".$tmp."\n";
  208. if (! empty($dolibarr_main_force_https)) $tmp=preg_replace('/^http:/i','https:',$tmp);
  209. define('DOL_MAIN_URL_ROOT', $tmp); // URL absolute root (https://sss/dolibarr, ...)
  210. $uri=preg_replace('/^http(s?):\/\//i','',constant('DOL_MAIN_URL_ROOT')); // $uri contains url without http*
  211. $suburi = strstr($uri, '/'); // $suburi contains url without domain:port
  212. if ($suburi == '/') $suburi = ''; // If $suburi is /, it is now ''
  213. define('DOL_URL_ROOT', $suburi); // URL relative root ('', '/dolibarr', ...)
  214. //print DOL_MAIN_URL_ROOT.'-'.DOL_URL_ROOT."\n";
  215. // Define prefix MAIN_DB_PREFIX
  216. define('MAIN_DB_PREFIX',$dolibarr_main_db_prefix);
  217. /*
  218. * Define PATH to external libraries
  219. * To use other version than embeded libraries, define here constant to path. Use '' to use include class path autodetect.
  220. */
  221. // Path to root libraries
  222. if (! defined('ADODB_PATH')) { define('ADODB_PATH', (!isset($dolibarr_lib_ADODB_PATH))?DOL_DOCUMENT_ROOT.'/includes/adodbtime/':(empty($dolibarr_lib_ADODB_PATH)?'':$dolibarr_lib_ADODB_PATH.'/')); }
  223. if (! defined('FPDF_PATH')) { define('FPDF_PATH', (empty($dolibarr_lib_FPDF_PATH))?DOL_DOCUMENT_ROOT.'/includes/fpdf/':$dolibarr_lib_FPDF_PATH.'/'); } // Used only for package that can't include tcpdf
  224. if (! defined('TCPDF_PATH')) { define('TCPDF_PATH', (empty($dolibarr_lib_TCPDF_PATH))?DOL_DOCUMENT_ROOT.'/includes/tecnickcom/tcpdf/':$dolibarr_lib_TCPDF_PATH.'/'); }
  225. if (! defined('FPDI_PATH')) { define('FPDI_PATH', (empty($dolibarr_lib_FPDI_PATH))?DOL_DOCUMENT_ROOT.'/includes/fpdfi/':$dolibarr_lib_FPDI_PATH.'/'); }
  226. if (! defined('TCPDI_PATH')) { define('TCPDI_PATH', (empty($dolibarr_lib_TCPDI_PATH))?DOL_DOCUMENT_ROOT.'/includes/tcpdi/':$dolibarr_lib_TCPDI_PATH.'/'); }
  227. if (! defined('NUSOAP_PATH')) { define('NUSOAP_PATH', (!isset($dolibarr_lib_NUSOAP_PATH))?DOL_DOCUMENT_ROOT.'/includes/nusoap/lib/':(empty($dolibarr_lib_NUSOAP_PATH)?'':$dolibarr_lib_NUSOAP_PATH.'/')); }
  228. if (! defined('PHPEXCEL_PATH')) { define('PHPEXCEL_PATH', (!isset($dolibarr_lib_PHPEXCEL_PATH))?DOL_DOCUMENT_ROOT.'/includes/phpoffice/phpexcel/Classes/':(empty($dolibarr_lib_PHPEXCEL_PATH)?'':$dolibarr_lib_PHPEXCEL_PATH.'/')); }
  229. if (! defined('PHPEXCELNEW_PATH')) { define('PHPEXCELNEW_PATH', (!isset($dolibarr_lib_PHPEXCELNEW_PATH))?DOL_DOCUMENT_ROOT.'/includes/phpoffice/PhpSpreadsheet/':(empty($dolibarr_lib_PHPEXCELNEW_PATH)?'':$dolibarr_lib_PHPEXCELNEW_PATH.'/')); }
  230. if (! defined('GEOIP_PATH')) { define('GEOIP_PATH', (!isset($dolibarr_lib_GEOIP_PATH))?DOL_DOCUMENT_ROOT.'/includes/geoip/':(empty($dolibarr_lib_GEOIP_PATH)?'':$dolibarr_lib_GEOIP_PATH.'/')); }
  231. if (! defined('ODTPHP_PATH')) { define('ODTPHP_PATH', (!isset($dolibarr_lib_ODTPHP_PATH))?DOL_DOCUMENT_ROOT.'/includes/odtphp/':(empty($dolibarr_lib_ODTPHP_PATH)?'':$dolibarr_lib_ODTPHP_PATH.'/')); }
  232. if (! defined('ODTPHP_PATHTOPCLZIP')) { define('ODTPHP_PATHTOPCLZIP', (!isset($dolibarr_lib_ODTPHP_PATHTOPCLZIP))?DOL_DOCUMENT_ROOT.'/includes/odtphp/zip/pclzip/':(empty($dolibarr_lib_ODTPHP_PATHTOPCLZIP)?'':$dolibarr_lib_ODTPHP_PATHTOPCLZIP.'/')); }
  233. if (! defined('JS_CKEDITOR')) { define('JS_CKEDITOR', (!isset($dolibarr_js_CKEDITOR))?'':(empty($dolibarr_js_CKEDITOR)?'':$dolibarr_js_CKEDITOR.'/')); }
  234. if (! defined('JS_JQUERY')) { define('JS_JQUERY', (!isset($dolibarr_js_JQUERY))?'':(empty($dolibarr_js_JQUERY)?'':$dolibarr_js_JQUERY.'/')); }
  235. if (! defined('JS_JQUERY_UI')) { define('JS_JQUERY_UI', (!isset($dolibarr_js_JQUERY_UI))?'':(empty($dolibarr_js_JQUERY_UI)?'':$dolibarr_js_JQUERY_UI.'/')); }
  236. if (! defined('JS_JQUERY_FLOT')) { define('JS_JQUERY_FLOT', (!isset($dolibarr_js_JQUERY_FLOT))?'':(empty($dolibarr_js_JQUERY_FLOT)?'':$dolibarr_js_JQUERY_FLOT.'/')); }
  237. // Other required path
  238. if (! defined('DOL_DEFAULT_TTF')) { define('DOL_DEFAULT_TTF', (!isset($dolibarr_font_DOL_DEFAULT_TTF))?DOL_DOCUMENT_ROOT.'/includes/fonts/Aerial.ttf':(empty($dolibarr_font_DOL_DEFAULT_TTF)?'':$dolibarr_font_DOL_DEFAULT_TTF)); }
  239. if (! defined('DOL_DEFAULT_TTF_BOLD')) { define('DOL_DEFAULT_TTF_BOLD', (!isset($dolibarr_font_DOL_DEFAULT_TTF_BOLD))?DOL_DOCUMENT_ROOT.'/includes/fonts/AerialBd.ttf':(empty($dolibarr_font_DOL_DEFAULT_TTF_BOLD)?'':$dolibarr_font_DOL_DEFAULT_TTF_BOLD)); }
  240. /*
  241. * Include functions
  242. */
  243. if (! defined('ADODB_DATE_VERSION')) include_once ADODB_PATH.'adodb-time.inc.php';
  244. if (! file_exists(DOL_DOCUMENT_ROOT ."/core/lib/functions.lib.php"))
  245. {
  246. print "Error: Dolibarr config file content seems to be not correctly defined.<br>\n";
  247. print "Please run dolibarr setup by calling page <b>/install</b>.<br>\n";
  248. exit;
  249. }
  250. // Included by default
  251. include_once DOL_DOCUMENT_ROOT .'/core/lib/functions.lib.php';
  252. include_once DOL_DOCUMENT_ROOT .'/core/lib/security.lib.php';
  253. //print memory_get_usage();
  254. // If password is encoded, we decode it
  255. if (preg_match('/crypted:/i',$dolibarr_main_db_pass) || ! empty($dolibarr_main_db_encrypted_pass))
  256. {
  257. if (preg_match('/crypted:/i',$dolibarr_main_db_pass))
  258. {
  259. $dolibarr_main_db_pass = preg_replace('/crypted:/i', '', $dolibarr_main_db_pass);
  260. $dolibarr_main_db_pass = dol_decode($dolibarr_main_db_pass);
  261. $dolibarr_main_db_encrypted_pass = $dolibarr_main_db_pass; // We need to set this as it is used to know the password was initially crypted
  262. }
  263. else $dolibarr_main_db_pass = dol_decode($dolibarr_main_db_encrypted_pass);
  264. }