server_other.php 8.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318
  1. <?php
  2. /* Copyright (C) 2006-2016 Laurent Destailleur <eldy@users.sourceforge.net>
  3. *
  4. * This program is free software; you can redistribute it and/or modify
  5. * it under the terms of the GNU General Public License as published by
  6. * the Free Software Foundation; either version 3 of the License, or
  7. * (at your option) any later version.
  8. *
  9. * This program is distributed in the hope that it will be useful,
  10. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  12. * GNU General Public License for more details.
  13. *
  14. * You should have received a copy of the GNU General Public License
  15. * along with this program. If not, see <https://www.gnu.org/licenses/>.
  16. */
  17. /**
  18. * \file htdocs/webservices/server_other.php
  19. * \brief File that is entry point to call Dolibarr WebServices
  20. */
  21. if (!defined("NOCSRFCHECK")) {
  22. define("NOCSRFCHECK", '1');
  23. }
  24. require '../master.inc.php';
  25. require_once NUSOAP_PATH.'/nusoap.php'; // Include SOAP
  26. require_once DOL_DOCUMENT_ROOT.'/core/lib/ws.lib.php';
  27. require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
  28. require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
  29. require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
  30. dol_syslog("Call Dolibarr webservices interfaces");
  31. $langs->load("main");
  32. // Enable and test if module web services is enabled
  33. if (empty($conf->global->MAIN_MODULE_WEBSERVICES)) {
  34. $langs->load("admin");
  35. dol_syslog("Call Dolibarr webservices interfaces with module webservices disabled");
  36. print $langs->trans("WarningModuleNotActive", 'WebServices').'.<br><br>';
  37. print $langs->trans("ToActivateModule");
  38. exit;
  39. }
  40. // Create the soap Object
  41. $server = new nusoap_server();
  42. $server->soap_defencoding = 'UTF-8';
  43. $server->decode_utf8 = false;
  44. $ns = 'http://www.dolibarr.org/ns/';
  45. $server->configureWSDL('WebServicesDolibarrOther', $ns);
  46. $server->wsdl->schemaTargetNamespace = $ns;
  47. // Define WSDL Authentication object
  48. $server->wsdl->addComplexType(
  49. 'authentication',
  50. 'complexType',
  51. 'struct',
  52. 'all',
  53. '',
  54. array(
  55. 'dolibarrkey' => array('name'=>'dolibarrkey', 'type'=>'xsd:string'),
  56. 'sourceapplication' => array('name'=>'sourceapplication', 'type'=>'xsd:string'),
  57. 'login' => array('name'=>'login', 'type'=>'xsd:string'),
  58. 'password' => array('name'=>'password', 'type'=>'xsd:string'),
  59. 'entity' => array('name'=>'entity', 'type'=>'xsd:string'),
  60. )
  61. );
  62. // Define WSDL Return object
  63. $server->wsdl->addComplexType(
  64. 'result',
  65. 'complexType',
  66. 'struct',
  67. 'all',
  68. '',
  69. array(
  70. 'result_code' => array('name'=>'result_code', 'type'=>'xsd:string'),
  71. 'result_label' => array('name'=>'result_label', 'type'=>'xsd:string'),
  72. )
  73. );
  74. // Define WSDL Return object for document
  75. $server->wsdl->addComplexType(
  76. 'document',
  77. 'complexType',
  78. 'struct',
  79. 'all',
  80. '',
  81. array(
  82. 'filename' => array('name'=>'filename', 'type'=>'xsd:string'),
  83. 'mimetype' => array('name'=>'mimetype', 'type'=>'xsd:string'),
  84. 'content' => array('name'=>'content', 'type'=>'xsd:string'),
  85. 'length' => array('name'=>'length', 'type'=>'xsd:string')
  86. )
  87. );
  88. // Define other specific objects
  89. // None
  90. // 5 styles: RPC/encoded, RPC/literal, Document/encoded (not WS-I compliant), Document/literal, Document/literal wrapped
  91. // Style merely dictates how to translate a WSDL binding to a SOAP message. Nothing more. You can use either style with any programming model.
  92. // http://www.ibm.com/developerworks/webservices/library/ws-whichwsdl/
  93. $styledoc = 'rpc'; // rpc/document (document is an extend into SOAP 1.0 to support unstructured messages)
  94. $styleuse = 'encoded'; // encoded/literal/literal wrapped
  95. // Better choice is document/literal wrapped but literal wrapped not supported by nusoap.
  96. // Register WSDL
  97. $server->register(
  98. 'getVersions',
  99. // Entry values
  100. array('authentication'=>'tns:authentication'),
  101. // Exit values
  102. array('result'=>'tns:result', 'dolibarr'=>'xsd:string', 'os'=>'xsd:string', 'php'=>'xsd:string', 'webserver'=>'xsd:string'),
  103. $ns,
  104. $ns.'#getVersions',
  105. $styledoc,
  106. $styleuse,
  107. 'WS to get Versions'
  108. );
  109. // Register WSDL
  110. $server->register(
  111. 'getDocument',
  112. // Entry values
  113. array('authentication'=>'tns:authentication', 'modulepart'=>'xsd:string', 'file'=>'xsd:string'),
  114. // Exit values
  115. array('result'=>'tns:result', 'document'=>'tns:document'),
  116. $ns,
  117. $ns.'#getDocument',
  118. $styledoc,
  119. $styleuse,
  120. 'WS to get document'
  121. );
  122. /**
  123. * Full methods code
  124. *
  125. * @param string $authentication Authentication string
  126. * @return array Array of data
  127. */
  128. function getVersions($authentication)
  129. {
  130. global $conf;
  131. dol_syslog("Function: getVersions login=".$authentication['login']);
  132. if ($authentication['entity']) {
  133. $conf->entity = $authentication['entity'];
  134. }
  135. // Init and check authentication
  136. $objectresp = array();
  137. $errorcode = ''; $errorlabel = '';
  138. $error = 0;
  139. $fuser = check_authentication($authentication, $error, $errorcode, $errorlabel);
  140. // Check parameters
  141. if (!$error) {
  142. $objectresp['result'] = array('result_code'=>'OK', 'result_label'=>'');
  143. $objectresp['dolibarr'] = version_dolibarr();
  144. $objectresp['os'] = version_os();
  145. $objectresp['php'] = version_php();
  146. $objectresp['webserver'] = version_webserver();
  147. }
  148. if ($error) {
  149. $objectresp = array('result'=>array('result_code' => $errorcode, 'result_label' => $errorlabel));
  150. }
  151. return $objectresp;
  152. }
  153. /**
  154. * Method to get a document by webservice
  155. *
  156. * @param array $authentication Array with permissions
  157. * @param string $modulepart Properties of document
  158. * @param string $file Relative path
  159. * @param string $refname Ref of object to check permission for external users (autodetect if not provided)
  160. * @return void
  161. */
  162. function getDocument($authentication, $modulepart, $file, $refname = '')
  163. {
  164. global $db, $conf;
  165. dol_syslog("Function: getDocument login=".$authentication['login'].' - modulepart='.$modulepart.' - file='.$file);
  166. if ($authentication['entity']) {
  167. $conf->entity = $authentication['entity'];
  168. }
  169. $objectresp = array();
  170. $errorcode = ''; $errorlabel = '';
  171. $error = 0;
  172. // Properties of doc
  173. $original_file = $file;
  174. $type = dol_mimetype($original_file);
  175. //$relativefilepath = $ref . "/";
  176. //$relativepath = $relativefilepath . $ref.'.pdf';
  177. $accessallowed = 0;
  178. $fuser = check_authentication($authentication, $error, $errorcode, $errorlabel);
  179. if ($fuser->socid) {
  180. $socid = $fuser->socid;
  181. }
  182. // Check parameters
  183. if (!$error && (!$file || !$modulepart)) {
  184. $error++;
  185. $errorcode = 'BAD_PARAMETERS'; $errorlabel = "Parameter file and modulepart must be both provided.";
  186. }
  187. if (!$error) {
  188. $fuser->getrights();
  189. // Suppression de la chaine de caractere ../ dans $original_file
  190. $original_file = str_replace("../", "/", $original_file);
  191. // find the subdirectory name as the reference
  192. if (empty($refname)) {
  193. $refname = basename(dirname($original_file)."/");
  194. }
  195. // Security check
  196. $check_access = dol_check_secure_access_document($modulepart, $original_file, $conf->entity, $fuser, $refname);
  197. $accessallowed = $check_access['accessallowed'];
  198. $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
  199. $original_file = $check_access['original_file'];
  200. // Basic protection (against external users only)
  201. if ($fuser->socid > 0) {
  202. if ($sqlprotectagainstexternals) {
  203. $resql = $db->query($sqlprotectagainstexternals);
  204. if ($resql) {
  205. $num = $db->num_rows($resql);
  206. $i = 0;
  207. while ($i < $num) {
  208. $obj = $db->fetch_object($resql);
  209. if ($fuser->socid != $obj->fk_soc) {
  210. $accessallowed = 0;
  211. break;
  212. }
  213. $i++;
  214. }
  215. }
  216. }
  217. }
  218. // Security:
  219. // Limite acces si droits non corrects
  220. if (!$accessallowed) {
  221. $errorcode = 'NOT_PERMITTED';
  222. $errorlabel = 'Access not allowed';
  223. $error++;
  224. }
  225. // Security:
  226. // On interdit les remontees de repertoire ainsi que les pipe dans
  227. // les noms de fichiers.
  228. if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) {
  229. dol_syslog("Refused to deliver file ".$original_file);
  230. $errorcode = 'REFUSED';
  231. $errorlabel = '';
  232. $error++;
  233. }
  234. clearstatcache();
  235. if (!$error) {
  236. if (file_exists($original_file)) {
  237. dol_syslog("Function: getDocument $original_file content-type=$type");
  238. $f = fopen($original_file, 'r');
  239. $content_file = fread($f, filesize($original_file));
  240. $objectret = array(
  241. 'filename' => basename($original_file),
  242. 'mimetype' => dol_mimetype($original_file),
  243. 'content' => base64_encode($content_file),
  244. 'length' => filesize($original_file)
  245. );
  246. // Create return object
  247. $objectresp = array(
  248. 'result'=>array('result_code'=>'OK', 'result_label'=>''),
  249. 'document'=>$objectret
  250. );
  251. } else {
  252. dol_syslog("File doesn't exist ".$original_file);
  253. $errorcode = 'NOT_FOUND';
  254. $errorlabel = '';
  255. $error++;
  256. }
  257. }
  258. }
  259. if ($error) {
  260. $objectresp = array(
  261. 'result'=>array('result_code' => $errorcode, 'result_label' => $errorlabel)
  262. );
  263. }
  264. return $objectresp;
  265. }
  266. // Return the results.
  267. $server->service(file_get_contents("php://input"));