server_other.php 9.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339
  1. <?php
  2. /* Copyright (C) 2006-2016 Laurent Destailleur <eldy@users.sourceforge.net>
  3. *
  4. * This program is free software; you can redistribute it and/or modify
  5. * it under the terms of the GNU General Public License as published by
  6. * the Free Software Foundation; either version 3 of the License, or
  7. * (at your option) any later version.
  8. *
  9. * This program is distributed in the hope that it will be useful,
  10. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  12. * GNU General Public License for more details.
  13. *
  14. * You should have received a copy of the GNU General Public License
  15. * along with this program. If not, see <https://www.gnu.org/licenses/>.
  16. */
  17. /**
  18. * \file htdocs/webservices/server_other.php
  19. * \brief File that is entry point to call Dolibarr WebServices
  20. */
  21. if (!defined('NOCSRFCHECK')) {
  22. define('NOCSRFCHECK', '1'); // Do not check anti CSRF attack test
  23. }
  24. if (!defined('NOTOKENRENEWAL')) {
  25. define('NOTOKENRENEWAL', '1'); // Do not check anti POST attack test
  26. }
  27. if (!defined('NOREQUIREMENU')) {
  28. define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu
  29. }
  30. if (!defined('NOREQUIREHTML')) {
  31. define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
  32. }
  33. if (!defined('NOREQUIREAJAX')) {
  34. define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library
  35. }
  36. if (!defined("NOLOGIN")) {
  37. define("NOLOGIN", '1'); // If this page is public (can be called outside logged session)
  38. }
  39. if (!defined("NOSESSION")) {
  40. define("NOSESSION", '1');
  41. }
  42. require '../main.inc.php';
  43. require_once NUSOAP_PATH.'/nusoap.php'; // Include SOAP
  44. require_once DOL_DOCUMENT_ROOT.'/core/lib/ws.lib.php';
  45. require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
  46. require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
  47. require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
  48. dol_syslog("Call Dolibarr webservices interfaces");
  49. $langs->load("main");
  50. // Enable and test if module web services is enabled
  51. if (!getDolGlobalString('MAIN_MODULE_WEBSERVICES')) {
  52. $langs->load("admin");
  53. dol_syslog("Call Dolibarr webservices interfaces with module webservices disabled");
  54. print $langs->trans("WarningModuleNotActive", 'WebServices').'.<br><br>';
  55. print $langs->trans("ToActivateModule");
  56. exit;
  57. }
  58. // Create the soap Object
  59. $server = new nusoap_server();
  60. $server->soap_defencoding = 'UTF-8';
  61. $server->decode_utf8 = false;
  62. $ns = 'http://www.dolibarr.org/ns/';
  63. $server->configureWSDL('WebServicesDolibarrOther', $ns);
  64. $server->wsdl->schemaTargetNamespace = $ns;
  65. // Define WSDL Authentication object
  66. $server->wsdl->addComplexType(
  67. 'authentication',
  68. 'complexType',
  69. 'struct',
  70. 'all',
  71. '',
  72. array(
  73. 'dolibarrkey' => array('name'=>'dolibarrkey', 'type'=>'xsd:string'),
  74. 'sourceapplication' => array('name'=>'sourceapplication', 'type'=>'xsd:string'),
  75. 'login' => array('name'=>'login', 'type'=>'xsd:string'),
  76. 'password' => array('name'=>'password', 'type'=>'xsd:string'),
  77. 'entity' => array('name'=>'entity', 'type'=>'xsd:string'),
  78. )
  79. );
  80. // Define WSDL Return object
  81. $server->wsdl->addComplexType(
  82. 'result',
  83. 'complexType',
  84. 'struct',
  85. 'all',
  86. '',
  87. array(
  88. 'result_code' => array('name'=>'result_code', 'type'=>'xsd:string'),
  89. 'result_label' => array('name'=>'result_label', 'type'=>'xsd:string'),
  90. )
  91. );
  92. // Define WSDL Return object for document
  93. $server->wsdl->addComplexType(
  94. 'document',
  95. 'complexType',
  96. 'struct',
  97. 'all',
  98. '',
  99. array(
  100. 'filename' => array('name'=>'filename', 'type'=>'xsd:string'),
  101. 'mimetype' => array('name'=>'mimetype', 'type'=>'xsd:string'),
  102. 'content' => array('name'=>'content', 'type'=>'xsd:string'),
  103. 'length' => array('name'=>'length', 'type'=>'xsd:string')
  104. )
  105. );
  106. // Define other specific objects
  107. // None
  108. // 5 styles: RPC/encoded, RPC/literal, Document/encoded (not WS-I compliant), Document/literal, Document/literal wrapped
  109. // Style merely dictates how to translate a WSDL binding to a SOAP message. Nothing more. You can use either style with any programming model.
  110. // http://www.ibm.com/developerworks/webservices/library/ws-whichwsdl/
  111. $styledoc = 'rpc'; // rpc/document (document is an extend into SOAP 1.0 to support unstructured messages)
  112. $styleuse = 'encoded'; // encoded/literal/literal wrapped
  113. // Better choice is document/literal wrapped but literal wrapped not supported by nusoap.
  114. // Register WSDL
  115. $server->register(
  116. 'getVersions',
  117. // Entry values
  118. array('authentication'=>'tns:authentication'),
  119. // Exit values
  120. array('result'=>'tns:result', 'dolibarr'=>'xsd:string', 'os'=>'xsd:string', 'php'=>'xsd:string', 'webserver'=>'xsd:string'),
  121. $ns,
  122. $ns.'#getVersions',
  123. $styledoc,
  124. $styleuse,
  125. 'WS to get Versions'
  126. );
  127. // Register WSDL
  128. $server->register(
  129. 'getDocument',
  130. // Entry values
  131. array('authentication'=>'tns:authentication', 'modulepart'=>'xsd:string', 'file'=>'xsd:string'),
  132. // Exit values
  133. array('result'=>'tns:result', 'document'=>'tns:document'),
  134. $ns,
  135. $ns.'#getDocument',
  136. $styledoc,
  137. $styleuse,
  138. 'WS to get document'
  139. );
  140. /**
  141. * Full methods code
  142. *
  143. * @param string $authentication Authentication string
  144. * @return array Array of data
  145. */
  146. function getVersions($authentication)
  147. {
  148. global $conf;
  149. dol_syslog("Function: getVersions login=".$authentication['login']);
  150. if ($authentication['entity']) {
  151. $conf->entity = $authentication['entity'];
  152. }
  153. // Init and check authentication
  154. $objectresp = array();
  155. $errorcode = '';
  156. $errorlabel = '';
  157. $error = 0;
  158. $fuser = check_authentication($authentication, $error, $errorcode, $errorlabel);
  159. // Check parameters
  160. if (!$error) {
  161. $objectresp['result'] = array('result_code'=>'OK', 'result_label'=>'');
  162. $objectresp['dolibarr'] = version_dolibarr();
  163. $objectresp['os'] = version_os();
  164. $objectresp['php'] = version_php();
  165. $objectresp['webserver'] = version_webserver();
  166. }
  167. if ($error) {
  168. $objectresp = array('result'=>array('result_code' => $errorcode, 'result_label' => $errorlabel));
  169. }
  170. return $objectresp;
  171. }
  172. /**
  173. * Method to get a document by webservice
  174. *
  175. * @param array $authentication Array with permissions
  176. * @param string $modulepart Properties of document
  177. * @param string $file Relative path
  178. * @param string $refname Ref of object to check permission for external users (autodetect if not provided)
  179. * @return array
  180. */
  181. function getDocument($authentication, $modulepart, $file, $refname = '')
  182. {
  183. global $db, $conf;
  184. dol_syslog("Function: getDocument login=".$authentication['login'].' - modulepart='.$modulepart.' - file='.$file);
  185. if ($authentication['entity']) {
  186. $conf->entity = $authentication['entity'];
  187. }
  188. $objectresp = array();
  189. $errorcode = '';
  190. $errorlabel = '';
  191. $error = 0;
  192. // Properties of doc
  193. $original_file = $file;
  194. $type = dol_mimetype($original_file);
  195. //$relativefilepath = $ref . "/";
  196. //$relativepath = $relativefilepath . $ref.'.pdf';
  197. $accessallowed = 0;
  198. $fuser = check_authentication($authentication, $error, $errorcode, $errorlabel);
  199. if ($fuser->socid) {
  200. $socid = $fuser->socid;
  201. }
  202. // Check parameters
  203. if (!$error && (!$file || !$modulepart)) {
  204. $error++;
  205. $errorcode = 'BAD_PARAMETERS';
  206. $errorlabel = "Parameter file and modulepart must be both provided.";
  207. }
  208. if (!$error) {
  209. $fuser->getrights();
  210. // Suppression de la chaine de caractere ../ dans $original_file
  211. $original_file = str_replace("../", "/", $original_file);
  212. // find the subdirectory name as the reference
  213. if (empty($refname)) {
  214. $refname = basename(dirname($original_file)."/");
  215. }
  216. // Security check
  217. $check_access = dol_check_secure_access_document($modulepart, $original_file, $conf->entity, $fuser, $refname);
  218. $accessallowed = $check_access['accessallowed'];
  219. $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
  220. $original_file = $check_access['original_file'];
  221. // Basic protection (against external users only)
  222. if ($fuser->socid > 0) {
  223. if ($sqlprotectagainstexternals) {
  224. $resql = $db->query($sqlprotectagainstexternals);
  225. if ($resql) {
  226. $num = $db->num_rows($resql);
  227. $i = 0;
  228. while ($i < $num) {
  229. $obj = $db->fetch_object($resql);
  230. if ($fuser->socid != $obj->fk_soc) {
  231. $accessallowed = 0;
  232. break;
  233. }
  234. $i++;
  235. }
  236. }
  237. }
  238. }
  239. // Security:
  240. // Limite acces si droits non corrects
  241. if (!$accessallowed) {
  242. $errorcode = 'NOT_PERMITTED';
  243. $errorlabel = 'Access not allowed';
  244. $error++;
  245. }
  246. // Security:
  247. // On interdit les remontees de repertoire ainsi que les pipe dans
  248. // les noms de fichiers.
  249. if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) {
  250. dol_syslog("Refused to deliver file ".$original_file);
  251. $errorcode = 'REFUSED';
  252. $errorlabel = '';
  253. $error++;
  254. }
  255. clearstatcache();
  256. if (!$error) {
  257. if (file_exists($original_file)) {
  258. dol_syslog("Function: getDocument $original_file content-type=$type");
  259. $f = fopen($original_file, 'r');
  260. $content_file = fread($f, filesize($original_file));
  261. $objectret = array(
  262. 'filename' => basename($original_file),
  263. 'mimetype' => dol_mimetype($original_file),
  264. 'content' => base64_encode($content_file),
  265. 'length' => filesize($original_file)
  266. );
  267. // Create return object
  268. $objectresp = array(
  269. 'result'=>array('result_code'=>'OK', 'result_label'=>''),
  270. 'document'=>$objectret
  271. );
  272. } else {
  273. dol_syslog("File doesn't exist ".$original_file);
  274. $errorcode = 'NOT_FOUND';
  275. $errorlabel = '';
  276. $error++;
  277. }
  278. }
  279. }
  280. if ($error) {
  281. $objectresp = array(
  282. 'result'=>array('result_code' => $errorcode, 'result_label' => $errorlabel)
  283. );
  284. }
  285. return $objectresp;
  286. }
  287. // Return the results.
  288. $server->service(file_get_contents("php://input"));