Home Explore Help
Sign In
iProspective
/
dolibarr
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: eea8ddbe24
Branches Tags
dolibarr
/
htdocs
/
core
/
ajax
/
onlineSign.php

onlineSign.php 7.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241 
  1. <?php
    2. 

  2. /*
    3. 

  3.  * This program is free software; you can redistribute it and/or modify
    4. 

  4.  * it under the terms of the GNU General Public License as published by
    5. 

  5.  * the Free Software Foundation; either version 3 of the License, or
    6. 

  6.  * (at your option) any later version.
    7. 

  7.  *
    8. 

  8.  * This program is distributed in the hope that it will be useful,
    9. 

  9.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    10. 

  10.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    11. 

  11.  * GNU General Public License for more details.
    12. 

  12.  *
    13. 

  13.  * You should have received a copy of the GNU General Public License
    14. 

  14.  * along with this program. If not, see <https://www.gnu.org/licenses/>.
    15. 

  15.  */
    16. 

  16. 

  17. /**
    18. 

  18.  *	\file       /htdocs/core/ajax/onlineSign.php
    19. 

  19.  *	\brief      File to make Ajax action on Knowledge Management
    20. 

  20.  */
    21. 

  21. 

  22. if (!defined('NOTOKENRENEWAL')) {
    23. 

  23. 	define('NOTOKENRENEWAL', '1'); // Disables token renewal
    24. 

  24. }
    25. 

  25. if (!defined('NOREQUIREHTML')) {
    26. 

  26. 	define('NOREQUIREHTML', '1');
    27. 

  27. }
    28. 

  28. if (!defined('NOREQUIREAJAX')) {
    29. 

  29. 	define('NOREQUIREAJAX', '1');
    30. 

  30. }
    31. 

  31. if (!defined('NOREQUIRESOC')) {
    32. 

  32. 	define('NOREQUIRESOC', '1');
    33. 

  33. }
    34. 

  34. if (!defined('NOCSRFCHECK')) {
    35. 

  35. 	define('NOCSRFCHECK', '1');
    36. 

  36. }
    37. 

  37. // Do not check anti CSRF attack test
    38. 

  38. if (!defined('NOREQUIREMENU')) {
    39. 

  39. 	define('NOREQUIREMENU', '1');
    40. 

  40. }
    41. 

  41. // If there is no need to load and show top and left menu
    42. 

  42. if (!defined("NOLOGIN")) {
    43. 

  43. 	define("NOLOGIN", '1');
    44. 

  44. }
    45. 

  45. if (!defined('NOIPCHECK')) {
    46. 

  46. 	define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip
    47. 

  47. }
    48. 

  48. if (!defined('NOBROWSERNOTIF')) {
    49. 

  49. 	define('NOBROWSERNOTIF', '1');
    50. 

  50. }
    51. 

  51. $entity = (!empty($_GET['entity']) ? (int) $_GET['entity'] : (!empty($_POST['entity']) ? (int) $_POST['entity'] : 1));
    52. 

  52. if (is_numeric($entity)) {
    53. 

  53. 	define("DOLENTITY", $entity);
    54. 

  54. }
    55. 

  55. include '../../main.inc.php';
    56. 

  56. require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
    57. 

  57. 

  58. $action = GETPOST('action', 'aZ09');
    59. 

  59. 

  60. $signature = GETPOST('signaturebase64');
    61. 

  61. $ref = GETPOST('ref', 'aZ09');
    62. 

  62. $mode = GETPOST('mode', 'aZ09');	// 'proposal', ...
    63. 

  63. $SECUREKEY = GETPOST("securekey"); // Secure key
    64. 

  64. 

  65. $error = 0;
    66. 

  66. $response = "";
    67. 

  67. 

  68. $type = $mode;
    69. 

  69. 

  70. // Check securitykey
    71. 

  71. $securekeyseed = '';
    72. 

  72. if ($type == 'proposal') {
    73. 

  73. 	$securekeyseed = getDolGlobalString('PROPOSAL_ONLINE_SIGNATURE_SECURITY_TOKEN');
    74. 

  74. }
    75. 

  75. 

  76. if (empty($SECUREKEY) || !dol_verifyHash($securekeyseed.$type.$ref.(!isModEnabled('multicompany') ? '' : $entity), $SECUREKEY, '0')) {
    77. 

  77. 	httponly_accessforbidden('Bad value for securitykey. Value provided '.dol_escape_htmltag($SECUREKEY).' does not match expected value for ref='.dol_escape_htmltag($ref), 403);
    78. 

  78. }
    79. 

  79. 

  80. 

  81. /*
    82. 

  82.  * Actions
    83. 

  83.  */
    84. 

  84. 

  85. // None
    86. 

  86. 

  87. 

  88. /*
    89. 

  89.  * View
    90. 

  90.  */
    91. 

  91. 

  92. top_httphead();
    93. 

  93. 

  94. if ($action == "importSignature") {
    95. 

  95. 	if (!empty($signature) && $signature[0] == "image/png;base64") {
    96. 

  96. 		$signature = $signature[1];
    97. 

  97. 		$data = base64_decode($signature);
    98. 

  98. 

  99. 		if ($mode == "propale" || $mode == 'proposal') {
    100. 

  100. 			require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';
    101. 

  101. 			require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
    102. 

  102. 			$object = new Propal($db);
    103. 

  103. 			$object->fetch(0, $ref);
    104. 

  104. 

  105. 			$upload_dir = !empty($conf->propal->multidir_output[$object->entity])?$conf->propal->multidir_output[$object->entity]:$conf->propal->dir_output;
    106. 

  106. 			$upload_dir .= '/'.dol_sanitizeFileName($object->ref).'/';
    107. 

  107. 

  108. 			$date = dol_print_date(dol_now(), "%Y%m%d%H%M%S");
    109. 

  109. 			$filename = "signatures/".$date."_signature.png";
    110. 

  110. 			if (!is_dir($upload_dir."signatures/")) {
    111. 

  111. 				if (!dol_mkdir($upload_dir."signatures/")) {
    112. 

  112. 					$response ="Error mkdir. Failed to create dir ".$upload_dir."signatures/";
    113. 

  113. 					$error++;
    114. 

  114. 				}
    115. 

  115. 			}
    116. 

  116. 

  117. 			if (!$error) {
    118. 

  118. 				$return = file_put_contents($upload_dir.$filename, $data);
    119. 

  119. 				if ($return == false) {
    120. 

  120. 					$error++;
    121. 

  121. 					$response = 'Error file_put_content: failed to create signature file.';
    122. 

  122. 				}
    123. 

  123. 			}
    124. 

  124. 

  125. 			if (!$error) {
    126. 

  126. 				// Defined modele of doc
    127. 

  127. 				$last_main_doc_file = $object->last_main_doc;
    128. 

  128. 				$directdownloadlink = $object->getLastMainDocLink('proposal');	// url to download the $object->last_main_doc
    129. 

  129. 

  130. 				if (preg_match('/\.pdf/i', $last_main_doc_file)) {
    131. 

  131. 					// TODO Use the $last_main_doc_file to defined the $newpdffilename and $sourcefile
    132. 

  132. 					$newpdffilename = $upload_dir.$ref."_signed-".$date.".pdf";
    133. 

  133. 					$sourcefile = $upload_dir.$ref.".pdf";
    134. 

  134. 

  135. 					if (dol_is_file($sourcefile)) {
    136. 

  136. 						// We build the new PDF
    137. 

  137. 						$pdf = pdf_getInstance();
    138. 

  138. 						if (class_exists('TCPDF')) {
    139. 

  139. 							$pdf->setPrintHeader(false);
    140. 

  140. 							$pdf->setPrintFooter(false);
    141. 

  141. 						}
    142. 

  142. 						$pdf->SetFont(pdf_getPDFFont($langs));
    143. 

  143. 

  144. 						if (getDolGlobalString('MAIN_DISABLE_PDF_COMPRESSION')) {
    145. 

  145. 							$pdf->SetCompression(false);
    146. 

  146. 						}
    147. 

  147. 

  148. 

  149. 						//$pdf->Open();
    150. 

  150. 						$pagecount = $pdf->setSourceFile($sourcefile);		// original PDF
    151. 

  151. 

  152. 						$s = array(); 	// Array with size of each page. Exemple array(w'=>210, 'h'=>297);
    153. 

  153. 						for ($i=1; $i<($pagecount+1); $i++) {
    154. 

  154. 							try {
    155. 

  155. 								$tppl = $pdf->importPage($i);
    156. 

  156. 								$s = $pdf->getTemplatesize($tppl);
    157. 

  157. 								$pdf->AddPage($s['h'] > $s['w'] ? 'P' : 'L');
    158. 

  158. 								$pdf->useTemplate($tppl);
    159. 

  159. 							} catch (Exception $e) {
    160. 

  160. 								dol_syslog("Error when manipulating some PDF by onlineSign: ".$e->getMessage(), LOG_ERR);
    161. 

  161. 								$response = $e->getMessage();
    162. 

  162. 								$error++;
    163. 

  163. 							}
    164. 

  164. 						}
    165. 

  165. 

  166. 						// A signature image file is 720 x 180 (ratio 1/4) but we use only the size into PDF
    167. 

  167. 						// TODO Get position of box from PDF template
    168. 

  168. 						$xforimgstart = (empty($s['w']) ? 120 : round($s['w'] / 2) + 15);
    169. 

  169. 						$yforimgstart = (empty($s['h']) ? 240 : $s['h'] - 60);
    170. 

  170. 						$wforimg = $s['w'] - 20 - $xforimgstart;
    171. 

  171. 

  172. 						$pdf->Image($upload_dir.$filename, $xforimgstart, $yforimgstart, $wforimg, round($wforimg / 4));
    173. 

  173. 						//$pdf->Close();
    174. 

  174. 						$pdf->Output($newpdffilename, "F");
    175. 

  175. 

  176. 						// Index the new file and update the last_main_doc property of object.
    177. 

  177. 						$object->indexFile($newpdffilename, 1);
    178. 

  178. 					}
    179. 

  179. 				} elseif (preg_match('/\.odt/i', $last_main_doc_file)) {
    180. 

  180. 					// Adding signature on .ODT not yet supported
    181. 

  181. 					// TODO
    182. 

  182. 				} else {
    183. 

  183. 					// Document format not supported to insert online signature.
    184. 

  184. 					// We should just create an image file with the signature.
    185. 

  185. 				}
    186. 

  186. 			}
    187. 

  187. 

  188. 			if (!$error) {
    189. 

  189. 				$db->begin();
    190. 

  190. 

  191. 				$online_sign_ip = getUserRemoteIP();
    192. 

  192. 				$online_sign_name = '';		// TODO Ask name on form to sign
    193. 

  193. 

  194. 				$sql  = "UPDATE ".MAIN_DB_PREFIX."propal";
    195. 

  195. 				$sql .= " SET fk_statut = ".((int) $object::STATUS_SIGNED).", note_private = '".$db->escape($object->note_private)."',";
    196. 

  196. 				$sql .= " date_signature = '".$db->idate(dol_now())."',";
    197. 

  197. 				$sql .= " online_sign_ip = '".$db->escape($online_sign_ip)."'";
    198. 

  198. 				if ($online_sign_name) {
    199. 

  199. 					$sql .= ", online_sign_name = '".$db->escape($online_sign_name)."'";
    200. 

  200. 				}
    201. 

  201. 				$sql .= " WHERE rowid = ".((int) $object->id);
    202. 

  202. 

  203. 				dol_syslog(__METHOD__, LOG_DEBUG);
    204. 

  204. 				$resql = $db->query($sql);
    205. 

  205. 				if (!$resql) {
    206. 

  206. 					$error++;
    207. 

  207. 				} else {
    208. 

  208. 					$num = $db->affected_rows($resql);
    209. 

  209. 				}
    210. 

  210. 

  211. 				if (!$error) {
    212. 

  212. 					$db->commit();
    213. 

  213. 					$response = "success";
    214. 

  214. 					setEventMessages("PropalSigned", null, 'warnings');
    215. 

  215. 					if (method_exists($object, 'call_trigger')) {
    216. 

  216. 						//customer is not a user !?! so could we use same user as validation ?
    217. 

  217. 						$user = new User($db);
    218. 

  218. 						$user->fetch($object->user_valid_id);
    219. 

  219. 						$result = $object->call_trigger('PROPAL_CLOSE_SIGNED', $user);
    220. 

  220. 						if ($result < 0) {
    221. 

  221. 							$error++;
    222. 

  222. 						}
    223. 

  223. 					}
    224. 

  224. 				} else {
    225. 

  225. 					$db->rollback();
    226. 

  226. 					$error++;
    227. 

  227. 					$response = "error sql";
    228. 

  228. 				}
    229. 

  229. 			}
    230. 

  230. 		}
    231. 

  231. 	} else {
    232. 

  232. 		$error++;
    233. 

  233. 		$response = 'error signature_not_found';
    234. 

  234. 	}
    235. 

  235. }
    236. 

  236. 

  237. if ($error) {
    238. 

  238. 	http_response_code(501);
    239. 

  239. }
    240. 

  240. 

  241. echo $response;
    242.