server_user.php 24 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741
  1. <?php
  2. /* Copyright (C) 2006-2016 Laurent Destailleur <eldy@users.sourceforge.net>
  3. *
  4. * This program is free software; you can redistribute it and/or modify
  5. * it under the terms of the GNU General Public License as published by
  6. * the Free Software Foundation; either version 3 of the License, or
  7. * (at your option) any later version.
  8. *
  9. * This program is distributed in the hope that it will be useful,
  10. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  12. * GNU General Public License for more details.
  13. *
  14. * You should have received a copy of the GNU General Public License
  15. * along with this program. If not, see <https://www.gnu.org/licenses/>.
  16. */
  17. /**
  18. * \file htdocs/webservices/server_user.php
  19. * \brief File that is entry point to call Dolibarr WebServices
  20. */
  21. if (!defined('NOCSRFCHECK')) {
  22. define('NOCSRFCHECK', '1'); // Do not check anti CSRF attack test
  23. }
  24. if (!defined('NOTOKENRENEWAL')) {
  25. define('NOTOKENRENEWAL', '1'); // Do not check anti POST attack test
  26. }
  27. if (!defined('NOREQUIREMENU')) {
  28. define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu
  29. }
  30. if (!defined('NOREQUIREHTML')) {
  31. define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
  32. }
  33. if (!defined('NOREQUIREAJAX')) {
  34. define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library
  35. }
  36. if (!defined("NOLOGIN")) {
  37. define("NOLOGIN", '1'); // If this page is public (can be called outside logged session)
  38. }
  39. if (!defined("NOSESSION")) {
  40. define("NOSESSION", '1');
  41. }
  42. require '../main.inc.php';
  43. require_once NUSOAP_PATH.'/nusoap.php'; // Include SOAP
  44. require_once DOL_DOCUMENT_ROOT.'/core/lib/ws.lib.php';
  45. require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
  46. require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
  47. require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
  48. require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php';
  49. dol_syslog("Call User webservices interfaces");
  50. $langs->load("main");
  51. // Enable and test if module web services is enabled
  52. if (empty($conf->global->MAIN_MODULE_WEBSERVICES)) {
  53. $langs->load("admin");
  54. dol_syslog("Call Dolibarr webservices interfaces with module webservices disabled");
  55. print $langs->trans("WarningModuleNotActive", 'WebServices').'.<br><br>';
  56. print $langs->trans("ToActivateModule");
  57. exit;
  58. }
  59. // Create the soap Object
  60. $server = new nusoap_server();
  61. $server->soap_defencoding = 'UTF-8';
  62. $server->decode_utf8 = false;
  63. $ns = 'http://www.dolibarr.org/ns/';
  64. $server->configureWSDL('WebServicesDolibarrUser', $ns);
  65. $server->wsdl->schemaTargetNamespace = $ns;
  66. // Define WSDL Authentication object
  67. $server->wsdl->addComplexType(
  68. 'authentication',
  69. 'complexType',
  70. 'struct',
  71. 'all',
  72. '',
  73. array(
  74. 'dolibarrkey' => array('name'=>'dolibarrkey', 'type'=>'xsd:string'),
  75. 'sourceapplication' => array('name'=>'sourceapplication', 'type'=>'xsd:string'),
  76. 'login' => array('name'=>'login', 'type'=>'xsd:string'),
  77. 'password' => array('name'=>'password', 'type'=>'xsd:string'),
  78. 'entity' => array('name'=>'entity', 'type'=>'xsd:string'),
  79. )
  80. );
  81. // Define WSDL Return object
  82. $server->wsdl->addComplexType(
  83. 'result',
  84. 'complexType',
  85. 'struct',
  86. 'all',
  87. '',
  88. array(
  89. 'result_code' => array('name'=>'result_code', 'type'=>'xsd:string'),
  90. 'result_label' => array('name'=>'result_label', 'type'=>'xsd:string'),
  91. )
  92. );
  93. // Define other specific objects
  94. $server->wsdl->addComplexType(
  95. 'user',
  96. 'complexType',
  97. 'struct',
  98. 'all',
  99. '',
  100. array(
  101. 'element' => array('name'=>'element', 'type'=>'xsd:string'),
  102. 'id' => array('name'=>'id', 'type'=>'xsd:string'),
  103. 'lastname' => array('name'=>'lastname', 'type'=>'xsd:string'),
  104. 'firstname' => array('name'=>'firstname', 'type'=>'xsd:string'),
  105. 'note' => array('name'=>'note', 'type'=>'xsd:string'),
  106. 'email' => array('name'=>'email', 'type'=>'xsd:string'),
  107. 'signature' => array('name'=>'signature', 'type'=>'xsd:string'),
  108. 'office_phone' => array('name'=>'office_phone', 'type'=>'xsd:string'),
  109. 'office_fax' => array('name'=>'office_fax', 'type'=>'xsd:string'),
  110. 'user_mobile' => array('name'=>'user_mobile', 'type'=>'xsd:string'),
  111. 'admin' => array('name'=>'admin', 'type'=>'xsd:string'),
  112. 'login' => array('name'=>'login', 'type'=>'xsd:string'),
  113. 'entity' => array('name'=>'entity', 'type'=>'xsd:string'),
  114. 'pass_indatabase' => array('name'=>'pass_indatabase', 'type'=>'xsd:string'),
  115. 'pass_indatabase_crypted' => array('name'=>'pass_indatabase_crypted', 'type'=>'xsd:string'),
  116. 'datec' => array('name'=>'datec', 'type'=>'xsd:dateTime'),
  117. 'datem' => array('name'=>'datem', 'type'=>'xsd:dateTime'),
  118. 'fk_thirdparty' => array('name'=>'fk_thirdparty', 'type'=>'xsd:string'),
  119. 'fk_contact' => array('name'=>'fk_contact', 'type'=>'xsd:string'),
  120. 'fk_member' => array('name'=>'fk_member', 'type'=>'xsd:string'),
  121. 'datelastlogin' => array('name'=>'datelastlogin', 'type'=>'xsd:dateTime'),
  122. 'datepreviouslogin' => array('name'=>'datepreviouslogin', 'type'=>'xsd:dateTime'),
  123. 'statut' => array('name'=>'statut', 'type'=>'xsd:string'),
  124. 'photo' => array('name'=>'photo', 'type'=>'xsd:string'),
  125. 'lang' => array('name'=>'lang', 'type'=>'xsd:string'),
  126. 'entrepots' => array('name'=>'entrepots', 'type'=>'xsd:string'),
  127. //'rights' => array('name'=>'rights','type'=>'xsd:string'),
  128. 'canvas' => array('name'=>'canvas', 'type'=>'xsd:string')
  129. )
  130. );
  131. // Define other specific objects
  132. $server->wsdl->addComplexType(
  133. 'group',
  134. 'complexType',
  135. 'struct',
  136. 'all',
  137. '',
  138. array(
  139. 'name' => array('name'=>'name', 'type'=>'xsd:string'),
  140. 'id' => array('name'=>'id', 'type'=>'xsd:string'),
  141. 'datec' => array('name'=>'datec', 'type'=>'xsd:string'),
  142. 'nb' => array('name'=>'nb', 'type'=>'xsd:string')
  143. )
  144. );
  145. $server->wsdl->addComplexType(
  146. 'GroupsArray',
  147. 'complexType',
  148. 'array',
  149. '',
  150. 'SOAP-ENC:Array',
  151. array(),
  152. array(
  153. array('ref'=>'SOAP-ENC:arrayType', 'wsdl:arrayType'=>'tns:group[]')
  154. ),
  155. 'tns:group'
  156. );
  157. $thirdpartywithuser_fields = array(
  158. // For thirdparty and contact
  159. 'name' => array('name'=>'name', 'type'=>'xsd:string'),
  160. 'firstname' => array('name'=>'firstname', 'type'=>'xsd:string'),
  161. 'name_thirdparty' => array('name'=>'name_thirdparty', 'type'=>'xsd:string'),
  162. 'ref_ext' => array('name'=>'ref_ext', 'type'=>'xsd:string'),
  163. 'client' => array('name'=>'client', 'type'=>'xsd:string'),
  164. 'fournisseur' => array('name'=>'fournisseur', 'type'=>'xsd:string'),
  165. 'address' => array('name'=>'address', 'type'=>'xsd:string'),
  166. 'zip' => array('name'=>'zip', 'type'=>'xsd:string'),
  167. 'town' => array('name'=>'town', 'type'=>'xsd:string'),
  168. 'country_id' => array('name'=>'country_id', 'type'=>'xsd:string'),
  169. 'country_code' => array('name'=>'country_code', 'type'=>'xsd:string'),
  170. 'phone' => array('name'=>'phone', 'type'=>'xsd:string'),
  171. 'phone_mobile' => array('name'=>'phone_mobile', 'type'=>'xsd:string'),
  172. 'fax' => array('name'=>'fax', 'type'=>'xsd:string'),
  173. 'email' => array('name'=>'email', 'type'=>'xsd:string'),
  174. 'url' => array('name'=>'url', 'type'=>'xsd:string'),
  175. 'profid1' => array('name'=>'profid1', 'type'=>'xsd:string'),
  176. 'profid2' => array('name'=>'profid2', 'type'=>'xsd:string'),
  177. 'profid3' => array('name'=>'profid3', 'type'=>'xsd:string'),
  178. 'profid4' => array('name'=>'profid4', 'type'=>'xsd:string'),
  179. 'profid5' => array('name'=>'profid5', 'type'=>'xsd:string'),
  180. 'profid6' => array('name'=>'profid6', 'type'=>'xsd:string'),
  181. 'capital' => array('name'=>'capital', 'type'=>'xsd:string'),
  182. 'tva_assuj' => array('name'=>'tva_assuj', 'type'=>'xsd:string'),
  183. 'tva_intra' => array('name'=>'tva_intra', 'type'=>'xsd:string'),
  184. // For user
  185. 'login' => array('name'=>'login', 'type'=>'xsd:string'),
  186. 'password' => array('name'=>'password', 'type'=>'xsd:string'),
  187. 'group_id' => array('name'=>'group_id', 'type'=>'xsd:string')
  188. );
  189. $elementtype = 'socpeople';
  190. //Retrieve all extrafield for contact
  191. // fetch optionals attributes and labels
  192. $extrafields = new ExtraFields($db);
  193. $extrafields->fetch_name_optionals_label($elementtype, true);
  194. $extrafield_array = null;
  195. if (is_array($extrafields) && count($extrafields) > 0) {
  196. $extrafield_array = array();
  197. }
  198. if (isset($extrafields->attributes[$elementtype]['label']) && is_array($extrafields->attributes[$elementtype]['label']) && count($extrafields->attributes[$elementtype]['label'])) {
  199. foreach ($extrafields->attributes[$elementtype]['label'] as $key => $label) {
  200. $type = $extrafields->attributes[$elementtype]['type'][$key];
  201. if ($type == 'date' || $type == 'datetime') {
  202. $type = 'xsd:dateTime';
  203. } else {
  204. $type = 'xsd:string';
  205. }
  206. $extrafield_array['contact_options_'.$key] = array('name'=>'contact_options_'.$key, 'type'=>$type);
  207. }
  208. }
  209. if (is_array($extrafield_array)) {
  210. $thirdpartywithuser_fields = array_merge($thirdpartywithuser_fields, $extrafield_array);
  211. }
  212. $server->wsdl->addComplexType(
  213. 'thirdpartywithuser',
  214. 'complexType',
  215. 'struct',
  216. 'all',
  217. '',
  218. $thirdpartywithuser_fields
  219. );
  220. // Define WSDL user short object
  221. $server->wsdl->addComplexType(
  222. 'shortuser',
  223. 'complexType',
  224. 'struct',
  225. 'all',
  226. '',
  227. array(
  228. 'login' => array('name'=>'login', 'type'=>'xsd:string'),
  229. 'password' => array('name'=>'password', 'type'=>'xsd:string'),
  230. 'entity' => array('name'=>'entity', 'type'=>'xsd:string'),
  231. )
  232. );
  233. // 5 styles: RPC/encoded, RPC/literal, Document/encoded (not WS-I compliant), Document/literal, Document/literal wrapped
  234. // Style merely dictates how to translate a WSDL binding to a SOAP message. Nothing more. You can use either style with any programming model.
  235. // http://www.ibm.com/developerworks/webservices/library/ws-whichwsdl/
  236. $styledoc = 'rpc'; // rpc/document (document is an extend into SOAP 1.0 to support unstructured messages)
  237. $styleuse = 'encoded'; // encoded/literal/literal wrapped
  238. // Better choice is document/literal wrapped but literal wrapped not supported by nusoap.
  239. // Register WSDL
  240. $server->register(
  241. 'getUser',
  242. // Entry values
  243. array('authentication'=>'tns:authentication', 'id'=>'xsd:string', 'ref'=>'xsd:string', 'ref_ext'=>'xsd:string'),
  244. // Exit values
  245. array('result'=>'tns:result', 'user'=>'tns:user'),
  246. $ns,
  247. $ns.'#getUser',
  248. $styledoc,
  249. $styleuse,
  250. 'WS to get user'
  251. );
  252. $server->register(
  253. 'getListOfGroups',
  254. // Entry values
  255. array('authentication'=>'tns:authentication'),
  256. // Exit values
  257. array('result'=>'tns:result', 'groups'=>'tns:GroupsArray'),
  258. $ns,
  259. $ns.'#getListOfGroups',
  260. $styledoc,
  261. $styleuse,
  262. 'WS to get list of groups'
  263. );
  264. $server->register(
  265. 'createUserFromThirdparty',
  266. // Entry values
  267. array('authentication'=>'tns:authentication', 'thirdpartywithuser'=>'tns:thirdpartywithuser'),
  268. // Exit values
  269. array('result'=>'tns:result', 'id'=>'xsd:string'),
  270. $ns,
  271. $ns.'#createUserFromThirdparty',
  272. $styledoc,
  273. $styleuse,
  274. 'WS to create an external user with thirdparty and contact'
  275. );
  276. $server->register(
  277. 'setUserPassword',
  278. // Entry values
  279. array('authentication'=>'tns:authentication', 'shortuser'=>'tns:shortuser'),
  280. // Exit values
  281. array('result'=>'tns:result', 'id'=>'xsd:string'),
  282. $ns,
  283. $ns.'#setUserPassword',
  284. $styledoc,
  285. $styleuse,
  286. 'WS to change password of an user'
  287. );
  288. /**
  289. * Get produt or service
  290. *
  291. * @param array $authentication Array of authentication information
  292. * @param int $id Id of object
  293. * @param string $ref Ref of object
  294. * @param string $ref_ext Ref external of object
  295. * @return mixed
  296. */
  297. function getUser($authentication, $id, $ref = '', $ref_ext = '')
  298. {
  299. global $db, $conf;
  300. dol_syslog("Function: getUser login=".$authentication['login']." id=".$id." ref=".$ref." ref_ext=".$ref_ext);
  301. if ($authentication['entity']) {
  302. $conf->entity = $authentication['entity'];
  303. }
  304. // Init and check authentication
  305. $objectresp = array();
  306. $errorcode = ''; $errorlabel = '';
  307. $error = 0;
  308. $fuser = check_authentication($authentication, $error, $errorcode, $errorlabel);
  309. // Check parameters
  310. if (!$error && (($id && $ref) || ($id && $ref_ext) || ($ref && $ref_ext))) {
  311. $error++;
  312. $errorcode = 'BAD_PARAMETERS'; $errorlabel = "Parameter id, ref and ref_ext can't be both provided. You must choose one or other but not both.";
  313. }
  314. if (!$error) {
  315. $fuser->getrights();
  316. if ($fuser->hasRight('user', 'user', 'lire')
  317. || ($fuser->hasRight('user', 'self', 'creer') && $id && $id == $fuser->id)
  318. || ($fuser->hasRight('user', 'self', 'creer') && $ref && $ref == $fuser->login)
  319. || ($fuser->hasRight('user', 'self', 'creer') && $ref_ext && $ref_ext == $fuser->ref_ext)) {
  320. $user = new User($db);
  321. $result = $user->fetch($id, $ref, $ref_ext);
  322. if ($result > 0) {
  323. // Create
  324. $objectresp = array(
  325. 'result'=>array('result_code'=>'OK', 'result_label'=>''),
  326. 'user'=>array(
  327. 'id' => $user->id,
  328. 'lastname' => $user->lastname,
  329. 'firstname' => $user->firstname,
  330. 'note' => $user->note,
  331. 'email' => $user->email,
  332. 'signature' => $user->signature,
  333. 'office_phone' => $user->office_phone,
  334. 'office_fax' => $user->office_fax,
  335. 'user_mobile' => $user->user_mobile,
  336. 'admin' => $user->admin,
  337. 'login' => $user->login,
  338. 'entity' => $user->entity,
  339. 'pass_indatabase' => $user->pass_indatabase,
  340. 'pass_indatabase_crypted' => $user->pass_indatabase_crypted,
  341. 'datec' => dol_print_date($user->datec, 'dayhourrfc'),
  342. 'datem' => dol_print_date($user->datem, 'dayhourrfc'),
  343. 'fk_thirdparty' => $user->socid,
  344. 'fk_contact' => $user->contact_id,
  345. 'fk_member' => $user->fk_member,
  346. 'datelastlogin' => dol_print_date($user->datelastlogin, 'dayhourrfc'),
  347. 'datepreviouslogin' => dol_print_date($user->datepreviouslogin, 'dayhourrfc'),
  348. 'statut' => $user->statut,
  349. 'photo' => $user->photo,
  350. 'lang' => $user->lang,
  351. //'rights' => $user->rights,
  352. 'canvas' => $user->canvas
  353. )
  354. );
  355. } else {
  356. $error++;
  357. $errorcode = 'NOT_FOUND'; $errorlabel = 'Object not found for id='.$id.' nor ref='.$ref.' nor ref_ext='.$ref_ext;
  358. }
  359. } else {
  360. $error++;
  361. $errorcode = 'PERMISSION_DENIED'; $errorlabel = 'User does not have permission for this request';
  362. }
  363. }
  364. if ($error) {
  365. $objectresp = array('result'=>array('result_code' => $errorcode, 'result_label' => $errorlabel));
  366. }
  367. return $objectresp;
  368. }
  369. /**
  370. * getListOfGroups
  371. *
  372. * @param array $authentication Array of authentication information
  373. * @return array Array result
  374. */
  375. function getListOfGroups($authentication)
  376. {
  377. global $db, $conf, $user;
  378. dol_syslog("Function: getListOfGroups login=".$authentication['login']);
  379. if ($authentication['entity']) {
  380. $conf->entity = $authentication['entity'];
  381. }
  382. // Init and check authentication
  383. $objectresp = array();
  384. $arraygroups = array();
  385. $errorcode = ''; $errorlabel = '';
  386. $error = 0;
  387. $fuser = check_authentication($authentication, $error, $errorcode, $errorlabel);
  388. // Check parameters
  389. if (!$error) {
  390. $sql = "SELECT g.rowid, g.nom as name, g.entity, g.datec, COUNT(DISTINCT ugu.fk_user) as nb";
  391. $sql .= " FROM ".MAIN_DB_PREFIX."usergroup as g";
  392. $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."usergroup_user as ugu ON ugu.fk_usergroup = g.rowid";
  393. if (isModEnabled('multicompany') && $conf->entity == 1 && (getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE') || ($user->admin && !$user->entity))) {
  394. $sql .= " WHERE g.entity IS NOT NULL";
  395. } else {
  396. $sql .= " WHERE g.entity IN (0,".$conf->entity.")";
  397. }
  398. $sql .= " GROUP BY g.rowid, g.nom, g.entity, g.datec";
  399. $resql = $db->query($sql);
  400. if ($resql) {
  401. $num = $db->num_rows($resql);
  402. $i = 0;
  403. while ($i < $num) {
  404. $obj = $db->fetch_object($resql);
  405. $arraygroups[] = array('id'=>$obj->rowid, 'name'=>$obj->name, 'datec'=>$obj->datec, 'nb'=>$obj->nb);
  406. $i++;
  407. }
  408. } else {
  409. $error++;
  410. $errorcode = $db->lasterrno();
  411. $errorlabel = $db->lasterror();
  412. }
  413. }
  414. if ($error) {
  415. $objectresp = array(
  416. 'result'=>array('result_code' => $errorcode, 'result_label' => $errorlabel),
  417. 'groups'=>$arraygroups
  418. );
  419. } else {
  420. $objectresp = array(
  421. 'result'=>array('result_code' => 'OK', 'result_label' => ''),
  422. 'groups'=>$arraygroups
  423. );
  424. }
  425. return $objectresp;
  426. }
  427. /**
  428. * Create an external user with thirdparty and contact
  429. *
  430. * @param array $authentication Array of authentication information
  431. * @param array $thirdpartywithuser Datas
  432. * @return mixed
  433. */
  434. function createUserFromThirdparty($authentication, $thirdpartywithuser)
  435. {
  436. global $db, $conf, $langs;
  437. dol_syslog("Function: createUserFromThirdparty login=".$authentication['login']);
  438. if ($authentication['entity']) {
  439. $conf->entity = $authentication['entity'];
  440. }
  441. $objectresp = array();
  442. $errorcode = ''; $errorlabel = '';
  443. $error = 0;
  444. $fuser = check_authentication($authentication, $error, $errorcode, $errorlabel);
  445. if ($fuser->socid) {
  446. $socid = $fuser->socid;
  447. }
  448. if (!$error && !$thirdpartywithuser) {
  449. $error++;
  450. $errorcode = 'BAD_PARAMETERS'; $errorlabel = "Parameter thirdparty must be provided.";
  451. }
  452. if (!$error) {
  453. $fuser->getrights();
  454. if ($fuser->hasRight('societe', 'creer')) {
  455. $thirdparty = new Societe($db);
  456. // If a contact / company already exists with the email, return the corresponding socid
  457. $sql = "SELECT s.rowid as socid FROM ".MAIN_DB_PREFIX."societe as s";
  458. $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople as sp ON sp.fk_soc = s.rowid";
  459. $sql .= " WHERE s.entity=".$conf->entity;
  460. $sql .= " AND s.email='".$db->escape($thirdpartywithuser['email'])."'";
  461. $sql .= " OR sp.email='".$db->escape($thirdpartywithuser['email'])."'";
  462. $sql .= $db->plimit(1);
  463. $resql = $db->query($sql);
  464. if ($resql) {
  465. // If a company or contact is found with the same email we return an error
  466. $row = $db->fetch_object($resql);
  467. if ($row) {
  468. $error++;
  469. $errorcode = 'ALREADY_EXIST'; $errorlabel = 'Object not create : company or contact exists '.$thirdpartywithuser['email'];
  470. } else {
  471. $db->begin();
  472. /*
  473. * Company creation
  474. */
  475. $thirdparty->name = $thirdpartywithuser['name_thirdparty'];
  476. $thirdparty->ref_ext = $thirdpartywithuser['ref_ext'];
  477. $thirdparty->address = $thirdpartywithuser['address'];
  478. $thirdparty->zip = $thirdpartywithuser['zip'];
  479. $thirdparty->town = $thirdpartywithuser['town'];
  480. $thirdparty->country_id = $thirdpartywithuser['country_id'];
  481. $thirdparty->country_code = $thirdpartywithuser['country_code'];
  482. // find the country id by code
  483. $langs->load("dict");
  484. $sql = "SELECT rowid";
  485. $sql .= " FROM ".MAIN_DB_PREFIX."c_country";
  486. $sql .= " WHERE active = 1";
  487. $sql .= " AND code='".$db->escape($thirdparty->country_code)."'";
  488. $resql = $db->query($sql);
  489. if ($resql) {
  490. $num = $db->num_rows($resql);
  491. if ($num) {
  492. $obj = $db->fetch_object($resql);
  493. $thirdparty->country_id = $obj->rowid;
  494. }
  495. }
  496. $thirdparty->phone = $thirdpartywithuser['phone'];
  497. $thirdparty->fax = $thirdpartywithuser['fax'];
  498. $thirdparty->email = $thirdpartywithuser['email'];
  499. $thirdparty->url = $thirdpartywithuser['url'];
  500. $thirdparty->ape = $thirdpartywithuser['ape'];
  501. $thirdparty->idprof1 = $thirdpartywithuser['prof1'];
  502. $thirdparty->idprof2 = $thirdpartywithuser['prof2'];
  503. $thirdparty->idprof3 = $thirdpartywithuser['prof3'];
  504. $thirdparty->idprof4 = $thirdpartywithuser['prof4'];
  505. $thirdparty->idprof5 = $thirdpartywithuser['prof5'];
  506. $thirdparty->idprof6 = $thirdpartywithuser['prof6'];
  507. $thirdparty->client = $thirdpartywithuser['client'];
  508. $thirdparty->fournisseur = $thirdpartywithuser['fournisseur'];
  509. $socid_return = $thirdparty->create($fuser);
  510. if ($socid_return > 0) {
  511. $thirdparty->fetch($socid_return);
  512. /*
  513. * Contact creation
  514. *
  515. */
  516. $contact = new Contact($db);
  517. $contact->socid = $thirdparty->id;
  518. $contact->lastname = $thirdpartywithuser['name'];
  519. $contact->firstname = $thirdpartywithuser['firstname'];
  520. $contact->civility_id = $thirdparty->civility_id;
  521. $contact->address = $thirdparty->address;
  522. $contact->zip = $thirdparty->zip;
  523. $contact->town = $thirdparty->town;
  524. $contact->email = $thirdparty->email;
  525. $contact->phone_pro = $thirdparty->phone;
  526. $contact->phone_mobile = $thirdpartywithuser['phone_mobile'];
  527. $contact->fax = $thirdparty->fax;
  528. $contact->statut = 1;
  529. $contact->country_id = $thirdparty->country_id;
  530. $contact->country_code = $thirdparty->country_code;
  531. $elementtype = 'socpeople';
  532. //Retrieve all extrafield for thirdsparty
  533. // fetch optionals attributes and labels
  534. $extrafields = new ExtraFields($db);
  535. $extrafields->fetch_name_optionals_label($elementtype, true);
  536. if (isset($extrafields->attributes[$elementtype]['label']) && is_array($extrafields->attributes[$elementtype]['label']) && count($extrafields->attributes[$elementtype]['label'])) {
  537. foreach ($extrafields->attributes[$elementtype]['label'] as $key => $label) {
  538. $key = 'contact_options_'.$key;
  539. $key = substr($key, 8); // Remove 'contact_' prefix
  540. $contact->array_options[$key] = $thirdpartywithuser[$key];
  541. }
  542. }
  543. $contact_id = $contact->create($fuser);
  544. if ($contact_id > 0) {
  545. /*
  546. * User creation
  547. *
  548. */
  549. $edituser = new User($db);
  550. $id = $edituser->create_from_contact($contact, $thirdpartywithuser["login"]);
  551. if ($id > 0) {
  552. $edituser->setPassword($fuser, trim($thirdpartywithuser['password']));
  553. if ($thirdpartywithuser['group_id'] > 0) {
  554. $edituser->SetInGroup($thirdpartywithuser['group_id'], $conf->entity);
  555. }
  556. } else {
  557. $error++;
  558. $errorcode = 'NOT_CREATE'; $errorlabel = 'Object not create : '.$edituser->error;
  559. }
  560. } else {
  561. $error++;
  562. $errorcode = 'NOT_CREATE'; $errorlabel = 'Object not create : '.$contact->error;
  563. }
  564. if (!$error) {
  565. $db->commit();
  566. $objectresp = array('result'=>array('result_code'=>'OK', 'result_label'=>'SUCCESS'), 'id'=>$socid_return);
  567. $error = 0;
  568. }
  569. } else {
  570. $error++;
  571. $errorcode = join(', ', ($thirdparty->error ? array($thirdparty->error) : $thirdparty->errors));
  572. }
  573. }
  574. } else {
  575. // retour creation KO
  576. $error++;
  577. $errorcode = 'NOT_CREATE'; $errorlabel = 'Object not create';
  578. }
  579. } else {
  580. $error++;
  581. $errorcode = 'PERMISSION_DENIED'; $errorlabel = 'User does not have permission for this request';
  582. }
  583. }
  584. if ($error) {
  585. $db->rollback();
  586. $objectresp = array(
  587. 'result'=>array('result_code' => $errorcode, 'result_label' => $errorlabel)
  588. );
  589. }
  590. return $objectresp;
  591. }
  592. /**
  593. * Set password of an user
  594. *
  595. * @param array $authentication Array of authentication information
  596. * @param array $shortuser Array of login/password info
  597. * @return mixed
  598. */
  599. function setUserPassword($authentication, $shortuser)
  600. {
  601. global $db, $conf;
  602. dol_syslog("Function: setUserPassword login=".$authentication['login']);
  603. if ($authentication['entity']) {
  604. $conf->entity = $authentication['entity'];
  605. }
  606. $objectresp = array();
  607. $errorcode = ''; $errorlabel = '';
  608. $error = 0;
  609. $fuser = check_authentication($authentication, $error, $errorcode, $errorlabel);
  610. if ($fuser->socid) {
  611. $socid = $fuser->socid;
  612. }
  613. if (!$error && !$shortuser) {
  614. $error++;
  615. $errorcode = 'BAD_PARAMETERS'; $errorlabel = "Parameter shortuser must be provided.";
  616. }
  617. if (!$error) {
  618. $fuser->getrights();
  619. if ($fuser->hasRight('user', 'user', 'password') || $fuser->hasRight('user', 'self', 'password')) {
  620. $userstat = new User($db);
  621. $res = $userstat->fetch('', $shortuser['login']);
  622. if ($res) {
  623. $res = $userstat->setPassword($userstat, $shortuser['password']);
  624. if (is_int($res) && $res < 0) {
  625. $error++;
  626. $errorcode = 'NOT_MODIFIED'; $errorlabel = 'Error when changing password';
  627. } else {
  628. $objectresp = array(
  629. 'result'=>array('result_code' => 'OK', 'result_label' => ''),
  630. );
  631. }
  632. } else {
  633. $error++;
  634. $errorcode = 'NOT_FOUND'; $errorlabel = 'User not found';
  635. }
  636. } else {
  637. $error++;
  638. $errorcode = 'PERMISSION_DENIED'; $errorlabel = 'User does not have permission for this request';
  639. }
  640. }
  641. if ($error) {
  642. $objectresp = array(
  643. 'result'=>array('result_code' => $errorcode, 'result_label' => $errorlabel)
  644. );
  645. }
  646. return $objectresp;
  647. }
  648. // Return the results.
  649. $server->service(file_get_contents("php://input"));