Home Explore Help
Sign In
iProspective
/
dolibarr
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: develop
Branches Tags
dolibarr
/
htdocs
/
dav
/
fileserver.php

fileserver.php 8.1 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245 
  1. <?php
    2. 

  2. /* Copyright (C) 2018	Destailleur Laurent	<eldy@users.sourceforge.net>
    3. 

  3.  * Copyright (C) 2019	Regis Houssin		<regis.houssin@inodbox.com>
    4. 

  4.  *
    5. 

  5.  * This program is free software; you can redistribute it and/or modify
    6. 

  6.  * it under the terms of the GNU General Public License as published by
    7. 

  7.  * the Free Software Foundation; either version 3 of the License, or
    8. 

  8.  * (at your option) any later version.
    9. 

  9.  *
    10. 

  10.  * This program is distributed in the hope that it will be useful,
    11. 

  11.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12. 

  12.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13. 

  13.  * GNU General Public License for more details.
    14. 

  14.  *
    15. 

  15.  * You should have received a copy of the GNU General Public License
    16. 

  16.  * along with this program. If not, see <https://www.gnu.org/licenses/>.
    17. 

  17.  *
    18. 

  18.  * You can test with the WebDav client cadaver:
    19. 

  19.  * cadaver http://myurl/dav/fileserver.php
    20. 

  20.  */
    21. 

  21. 

  22. /**
    23. 

  23.  *      \file       htdocs/dav/fileserver.php
    24. 

  24.  *      \ingroup    dav
    25. 

  25.  *      \brief      Server DAV
    26. 

  26.  */
    27. 

  27. 

  28. if (!defined('NOTOKENRENEWAL')) {
    29. 

  29. 	define('NOTOKENRENEWAL', '1');
    30. 

  30. }
    31. 

  31. if (!defined('NOREQUIREMENU')) {
    32. 

  32. 	define('NOREQUIREMENU', '1'); // If there is no menu to show
    33. 

  33. }
    34. 

  34. if (!defined('NOREQUIREHTML')) {
    35. 

  35. 	define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
    36. 

  36. }
    37. 

  37. if (!defined('NOREQUIREAJAX')) {
    38. 

  38. 	define('NOREQUIREAJAX', '1');
    39. 

  39. }
    40. 

  40. if (!defined('NOLOGIN')) {
    41. 

  41. 	define("NOLOGIN", 1); // This means this output page does not require to be logged.
    42. 

  42. }
    43. 

  43. if (!defined('NOCSRFCHECK')) {
    44. 

  44. 	define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.
    45. 

  45. }
    46. 

  46. 

  47. require "../main.inc.php";
    48. 

  48. require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
    49. 

  49. require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
    50. 

  50. require_once DOL_DOCUMENT_ROOT.'/dav/dav.class.php';
    51. 

  51. require_once DOL_DOCUMENT_ROOT.'/dav/dav.lib.php';
    52. 

  52. require_once DOL_DOCUMENT_ROOT.'/includes/sabre/autoload.php';
    53. 

  53. 

  54. 

  55. $user = new User($db);
    56. 

  56. if (isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_USER'] != '') {
    57. 

  57. 	$user->fetch('', $_SERVER['PHP_AUTH_USER']);
    58. 

  58. 	$user->getrights();
    59. 

  59. }
    60. 

  60. 

  61. // Load translation files required by the page
    62. 

  62. $langs->loadLangs(array("main", "other"));
    63. 

  63. 

  64. 

  65. if (empty($conf->dav->enabled)) {
    66. 

  66. 	accessforbidden();
    67. 

  67. }
    68. 

  68. 

  69. // Restrict API to some IPs
    70. 

  70. if (!empty($conf->global->DAV_RESTRICT_ON_IP)) {
    71. 

  71. 	$allowedip = explode(' ', $conf->global->DAV_RESTRICT_ON_IP);
    72. 

  72. 	$ipremote = getUserRemoteIP();
    73. 

  73. 	if (!in_array($ipremote, $allowedip)) {
    74. 

  74. 		dol_syslog('Remote ip is '.$ipremote.', not into list ' . getDolGlobalString('DAV_RESTRICT_ON_IP'));
    75. 

  75. 		print 'DAV not allowed from the IP '.$ipremote;
    76. 

  76. 		header('HTTP/1.1 503 DAV not allowed from your IP '.$ipremote);
    77. 

  77. 		//print $conf->global->DAV_RESTRICT_ON_IP;
    78. 

  78. 		exit(0);
    79. 

  79. 	}
    80. 

  80. }
    81. 

  81. 

  82. 

  83. $entity = (GETPOST('entity', 'int') ? GETPOST('entity', 'int') : (!empty($conf->entity) ? $conf->entity : 1));
    84. 

  84. 

  85. // settings
    86. 

  86. $publicDir = $conf->dav->multidir_output[$entity].'/public';
    87. 

  87. $privateDir = $conf->dav->multidir_output[$entity].'/private';
    88. 

  88. $ecmDir = $conf->ecm->multidir_output[$entity];
    89. 

  89. $tmpDir = $conf->dav->multidir_output[$entity]; // We need root dir, not a dir that can be deleted
    90. 

  90. //var_dump($tmpDir);mkdir($tmpDir);exit;
    91. 

  91. 

  92. 

  93. // Authentication callback function
    94. 

  94. $authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(function ($username, $password) {
    95. 

  95. 	global $user, $conf;
    96. 

  96. 	global $dolibarr_main_authentication, $dolibarr_auto_user;
    97. 

  97. 

  98. 	if (empty($user->login)) {
    99. 

  99. 		dol_syslog("Failed to authenticate to DAV, login is not provided", LOG_WARNING);
    100. 

  100. 		return false;
    101. 

  101. 	}
    102. 

  102. 	if ($user->socid > 0) {
    103. 

  103. 		dol_syslog("Failed to authenticate to DAV, user is an external user", LOG_WARNING);
    104. 

  104. 		return false;
    105. 

  105. 	}
    106. 

  106. 	if ($user->login != $username) {
    107. 

  107. 		dol_syslog("Failed to authenticate to DAV, login does not match the login of loaded user", LOG_WARNING);
    108. 

  108. 		return false;
    109. 

  109. 	}
    110. 

  110. 

  111. 	// Authentication mode
    112. 

  112. 	if (empty($dolibarr_main_authentication)) {
    113. 

  113. 		$dolibarr_main_authentication = 'dolibarr';
    114. 

  114. 	}
    115. 

  115. 

  116. 	// Authentication mode: forceuser
    117. 

  117. 	if ($dolibarr_main_authentication == 'forceuser') {
    118. 

  118. 		if (empty($dolibarr_auto_user)) {
    119. 

  119. 			$dolibarr_auto_user = 'auto';
    120. 

  120. 		}
    121. 

  121. 		if ($dolibarr_auto_user != $username) {
    122. 

  122. 			dol_syslog("Warning: your instance is set to use the automatic forced login '".$dolibarr_auto_user."' that is not the requested login. DAV usage is forbidden in this mode.");
    123. 

  123. 			return false;
    124. 

  124. 		}
    125. 

  125. 	}
    126. 

  126. 

  127. 	$authmode = explode(',', $dolibarr_main_authentication);
    128. 

  128. 	$entity = (GETPOST('entity', 'int') ? GETPOST('entity', 'int') : (!empty($conf->entity) ? $conf->entity : 1));
    129. 

  129. 

  130. 	if (checkLoginPassEntity($username, $password, $entity, $authmode, 'dav') != $username) {
    131. 

  131. 		return false;
    132. 

  132. 	}
    133. 

  133. 

  134. 	// Check if user status is enabled
    135. 

  135. 	if ($user->statut != $user::STATUS_ENABLED) {
    136. 

  136. 		// Status is disabled
    137. 

  137. 		dol_syslog("The user has been disabled.");
    138. 

  138. 		return false;
    139. 

  139. 	}
    140. 

  140. 

  141. 	// Check if session was unvalidated by a password change
    142. 

  142. 	if (($user->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION["dol_logindate"])) {
    143. 

  143. 		// Session is no more valid
    144. 

  144. 		dol_syslog("The user has a date for session invalidation = ".$user->flagdelsessionsbefore." and a session date = ".$_SESSION["dol_logindate"].". We must invalidate its sessions.");
    145. 

  145. 		return false;
    146. 

  146. 	}
    147. 

  147. 

  148. 	// Check date validity
    149. 

  149. 	if ($user->isNotIntoValidityDateRange()) {
    150. 

  150. 		// User validity dates are no more valid
    151. 

  151. 		dol_syslog("The user login has a validity between [".$user->datestartvalidity." and ".$user->dateendvalidity."], curren date is ".dol_now());
    152. 

  152. 		return false;
    153. 

  153. 	}
    154. 

  154. 

  155. 	return true;
    156. 

  156. });
    157. 

  157. 

  158. $authBackend->setRealm(constant('DOL_APPLICATION_TITLE').' - WebDAV');
    159. 

  159. 

  160. 

  161. 

  162. 

  163. 

  164. /*
    165. 

  165.  * Actions and View
    166. 

  166.  */
    167. 

  167. 

  168. // Create the root node
    169. 

  169. // Setting up the directory tree //
    170. 

  170. $nodes = array();
    171. 

  171. 

  172. // Enable directories and features according to DAV setup
    173. 

  173. // Public dir
    174. 

  174. if (!empty($conf->global->DAV_ALLOW_PUBLIC_DIR)) {
    175. 

  175. 	$nodes[] = new \Sabre\DAV\FS\Directory($publicDir);
    176. 

  176. }
    177. 

  177. // Private dir
    178. 

  178. $nodes[] = new \Sabre\DAV\FS\Directory($privateDir);
    179. 

  179. // ECM dir
    180. 

  180. if (isModEnabled('ecm') && !empty($conf->global->DAV_ALLOW_ECM_DIR)) {
    181. 

  181. 	$nodes[] = new \Sabre\DAV\FS\Directory($ecmDir);
    182. 

  182. }
    183. 

  183. 

  184. 

  185. 

  186. // Principals Backend
    187. 

  187. //$principalBackend = new \Sabre\DAVACL\PrincipalBackend\Dolibarr($user,$db);
    188. 

  188. // /principals
    189. 

  189. //$nodes[] = new \Sabre\DAVACL\PrincipalCollection($principalBackend);
    190. 

  190. // CardDav & CalDav Backend
    191. 

  191. //$carddavBackend   = new \Sabre\CardDAV\Backend\Dolibarr($user,$db,$langs);
    192. 

  192. //$caldavBackend    = new \Sabre\CalDAV\Backend\Dolibarr($user,$db,$langs, $cdavLib);
    193. 

  193. // /addressbook
    194. 

  194. //$nodes[] = new \Sabre\CardDAV\AddressBookRoot($principalBackend, $carddavBackend);
    195. 

  195. // /calendars
    196. 

  196. //$nodes[] = new \Sabre\CalDAV\CalendarRoot($principalBackend, $caldavBackend);
    197. 

  197. 

  198. 

  199. // The rootnode needs in turn to be passed to the server class
    200. 

  200. $server = new \Sabre\DAV\Server($nodes);
    201. 

  201. 

  202. // If you want to run the SabreDAV server in a custom location (using mod_rewrite for instance)
    203. 

  203. // You can override the baseUri here.
    204. 

  204. $baseUri = DOL_URL_ROOT.'/dav/fileserver.php/';
    205. 

  205. if (isset($baseUri)) {
    206. 

  206. 	$server->setBaseUri($baseUri);
    207. 

  207. }
    208. 

  208. 

  209. // Add authentication function
    210. 

  210. if ((empty($conf->global->DAV_ALLOW_PUBLIC_DIR)
    211. 

  211. 	|| !preg_match('/'.preg_quote(DOL_URL_ROOT.'/dav/fileserver.php/public', '/').'/', $_SERVER["PHP_SELF"]))
    212. 

  212. 	&& !preg_match('/^sabreAction=asset&assetName=[a-zA-Z0-9%\-\/]+\.(png|css|woff|ico|ttf)$/', $_SERVER["QUERY_STRING"])	// URL for Sabre browser resources
    213. 

  213. 	) {
    214. 

  214. 	//var_dump($_SERVER["QUERY_STRING"]);exit;
    215. 

  215. 	$server->addPlugin(new \Sabre\DAV\Auth\Plugin($authBackend));
    216. 

  216. }
    217. 

  217. // Support for LOCK and UNLOCK
    218. 

  218. $lockBackend = new \Sabre\DAV\Locks\Backend\File($tmpDir.'/.locksdb');
    219. 

  219. $lockPlugin = new \Sabre\DAV\Locks\Plugin($lockBackend);
    220. 

  220. $server->addPlugin($lockPlugin);
    221. 

  221. 

  222. // Support for the html browser
    223. 

  223. if (empty($conf->global->DAV_DISABLE_BROWSER)) {
    224. 

  224. 	$browser = new \Sabre\DAV\Browser\Plugin();
    225. 

  225. 	$server->addPlugin($browser);
    226. 

  226. }
    227. 

  227. 

  228. // Automatically guess (some) contenttypes, based on extension
    229. 

  229. //$server->addPlugin(new \Sabre\DAV\Browser\GuessContentType());
    230. 

  230. 

  231. //$server->addPlugin(new \Sabre\CardDAV\Plugin());
    232. 

  232. //$server->addPlugin(new \Sabre\CalDAV\Plugin());
    233. 

  233. //$server->addPlugin(new \Sabre\DAVACL\Plugin());
    234. 

  234. 

  235. // Temporary file filter
    236. 

  236. /*$tempFF = new \Sabre\DAV\TemporaryFileFilterPlugin($tmpDir);
    237. 

  237. $server->addPlugin($tempFF);
    238. 

  238. */
    239. 

  239. 

  240. // And off we go!
    241. 

  241. $server->exec();
    242. 

  242. 

  243. if (is_object($db)) {
    244. 

  244. 	$db->close();
    245. 

  245. }
    246.