1<?php 2/* Copyright (C) 2002-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org> 3 * Copyright (C) 2003 Xavier Dutoit <doli@sydesy.com> 4 * Copyright (C) 2004-2017 Laurent Destailleur <eldy@users.sourceforge.net> 5 * Copyright (C) 2004 Sebastien Di Cintio <sdicintio@ressource-toi.org> 6 * Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be> 7 * Copyright (C) 2005-2011 Regis Houssin <regis.houssin@inodbox.com> 8 * Copyright (C) 2005 Simon Tosser <simon@kornog-computing.com> 9 * Copyright (C) 2006 Andre Cianfarani <andre.cianfarani@acdeveloppement.net> 10 * Copyright (C) 2010 Juanjo Menent <jmenent@2byte.es> 11 * Copyright (C) 2015 Bahfir Abbes <bafbes@gmail.com> 12 * 13 * This program is free software; you can redistribute it and/or modify 14 * it under the terms of the GNU General Public License as published by 15 * the Free Software Foundation; either version 3 of the License, or 16 * (at your option) any later version. 17 * 18 * This program is distributed in the hope that it will be useful, 19 * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 * GNU General Public License for more details. 22 * 23 * You should have received a copy of the GNU General Public License 24 * along with this program. If not, see <https://www.gnu.org/licenses/>. 25 */ 26 27/** 28 * \file htdocs/filefunc.inc.php 29 * \ingroup core 30 * \brief File that include conf.php file and commons lib like functions.lib.php 31 */ 32 33if (!defined('DOL_APPLICATION_TITLE')) { 34 define('DOL_APPLICATION_TITLE', 'Dolibarr'); 35} 36if (!defined('DOL_VERSION')) { 37 define('DOL_VERSION', '14.0.3'); // a.b.c-alpha, a.b.c-beta, a.b.c-rcX or a.b.c 38} 39 40if (!defined('EURO')) { 41 define('EURO', chr(128)); 42} 43 44// Define syslog constants 45if (!defined('LOG_DEBUG')) { 46 if (!function_exists("syslog")) { 47 // For PHP versions without syslog (like running on Windows OS) 48 define('LOG_EMERG', 0); 49 define('LOG_ALERT', 1); 50 define('LOG_CRIT', 2); 51 define('LOG_ERR', 3); 52 define('LOG_WARNING', 4); 53 define('LOG_NOTICE', 5); 54 define('LOG_INFO', 6); 55 define('LOG_DEBUG', 7); 56 } 57} 58 59// End of common declaration part 60if (defined('DOL_INC_FOR_VERSION_ERROR')) { 61 return; 62} 63 64 65// Define vars 66$conffiletoshowshort = "conf.php"; 67// Define localization of conf file 68// --- Start of part replaced by Dolibarr packager makepack-dolibarr 69$conffile = "conf/conf.php"; 70$conffiletoshow = "htdocs/conf/conf.php"; 71// For debian/redhat like systems 72//$conffile = "/etc/dolibarr/conf.php"; 73//$conffiletoshow = "/etc/dolibarr/conf.php"; 74 75 76// Include configuration 77// --- End of part replaced by Dolibarr packager makepack-dolibarr 78 79 80// Include configuration 81$result = @include_once $conffile; // Keep @ because with some error reporting this break the redirect done when file not found 82 83if (!$result && !empty($_SERVER["GATEWAY_INTERFACE"])) { // If install not done and we are in a web session 84 if (!empty($_SERVER["CONTEXT_PREFIX"])) { // CONTEXT_PREFIX and CONTEXT_DOCUMENT_ROOT are not defined on all apache versions 85 $path = $_SERVER["CONTEXT_PREFIX"]; // example '/dolibarr/' when using an apache alias. 86 if (!preg_match('/\/$/', $path)) { 87 $path .= '/'; 88 } 89 } elseif (preg_match('/index\.php/', $_SERVER['PHP_SELF'])) { 90 // When we ask index.php, we MUST BE SURE that $path is '' at the end. This is required to make install process 91 // when using apache alias like '/dolibarr/' that point to htdocs. 92 // Note: If calling page was an index.php not into htdocs (ie comm/index.php, ...), then this redirect will fails, 93 // but we don't want to change this because when URL is correct, we must be sure the redirect to install/index.php will be correct. 94 $path = ''; 95 } else { 96 // If what we look is not index.php, we can try to guess location of root. May not work all the time. 97 // There is no real solution, because the only way to know the apache url relative path is to have it into conf file. 98 // If it fails to find correct $path, then only solution is to ask user to enter the correct URL to index.php or install/index.php 99 $TDir = explode('/', $_SERVER['PHP_SELF']); 100 $path = ''; 101 $i = count($TDir); 102 while ($i--) { 103 if (empty($TDir[$i]) || $TDir[$i] == 'htdocs') { 104 break; 105 } 106 if ($TDir[$i] == 'dolibarr') { 107 break; 108 } 109 if (substr($TDir[$i], -4, 4) == '.php') { 110 continue; 111 } 112 113 $path .= '../'; 114 } 115 } 116 117 header("Location: ".$path."install/index.php"); 118 exit; 119} 120 121// Force PHP error_reporting setup (Dolibarr may report warning without this) 122if (!empty($dolibarr_strict_mode)) { 123 error_reporting(E_ALL | E_STRICT); 124} else { 125 error_reporting(E_ALL & ~(E_STRICT | E_NOTICE | E_DEPRECATED)); 126} 127 128// Disable php display errors 129if (!empty($dolibarr_main_prod)) { 130 ini_set('display_errors', 'Off'); 131} 132 133// Clean parameters 134$dolibarr_main_data_root = trim($dolibarr_main_data_root); 135$dolibarr_main_url_root = trim(preg_replace('/\/+$/', '', $dolibarr_main_url_root)); 136$dolibarr_main_url_root_alt = (empty($dolibarr_main_url_root_alt) ? '' : trim($dolibarr_main_url_root_alt)); 137$dolibarr_main_document_root = trim($dolibarr_main_document_root); 138$dolibarr_main_document_root_alt = (empty($dolibarr_main_document_root_alt) ? '' : trim($dolibarr_main_document_root_alt)); 139 140if (empty($dolibarr_main_db_port)) { 141 $dolibarr_main_db_port = 3306; // For compatibility with old configs, if not defined, we take 'mysql' type 142} 143if (empty($dolibarr_main_db_type)) { 144 $dolibarr_main_db_type = 'mysqli'; // For compatibility with old configs, if not defined, we take 'mysql' type 145} 146 147// Mysql driver support has been removed in favor of mysqli 148if ($dolibarr_main_db_type == 'mysql') { 149 $dolibarr_main_db_type = 'mysqli'; 150} 151if (empty($dolibarr_main_db_prefix)) { 152 $dolibarr_main_db_prefix = 'llx_'; 153} 154if (empty($dolibarr_main_db_character_set)) { 155 $dolibarr_main_db_character_set = ($dolibarr_main_db_type == 'mysqli' ? 'utf8' : ''); // Old installation 156} 157if (empty($dolibarr_main_db_collation)) { 158 $dolibarr_main_db_collation = ($dolibarr_main_db_type == 'mysqli' ? 'utf8_unicode_ci' : ''); // Old installation 159} 160if (empty($dolibarr_main_db_encryption)) { 161 $dolibarr_main_db_encryption = 0; 162} 163if (empty($dolibarr_main_db_cryptkey)) { 164 $dolibarr_main_db_cryptkey = ''; 165} 166if (empty($dolibarr_main_limit_users)) { 167 $dolibarr_main_limit_users = 0; 168} 169if (empty($dolibarr_mailing_limit_sendbyweb)) { 170 $dolibarr_mailing_limit_sendbyweb = 0; 171} 172if (empty($dolibarr_mailing_limit_sendbycli)) { 173 $dolibarr_mailing_limit_sendbycli = 0; 174} 175if (empty($dolibarr_strict_mode)) { 176 $dolibarr_strict_mode = 0; // For debug in php strict mode 177} 178 179define('DOL_DOCUMENT_ROOT', $dolibarr_main_document_root); // Filesystem core php (htdocs) 180 181// Security: CSRF protection 182// This test check if referrer ($_SERVER['HTTP_REFERER']) is same web site than Dolibarr ($_SERVER['HTTP_HOST']) 183// when we post forms (we allow GET and HEAD to accept direct link from a particular page). 184// Note about $_SERVER[HTTP_HOST/SERVER_NAME]: http://shiflett.org/blog/2006/mar/server-name-versus-http-host 185// See also CSRF protections done into main.inc.php 186if (!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck)) { 187 if (!empty($_SERVER['REQUEST_METHOD']) && !in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD')) && !empty($_SERVER['HTTP_HOST'])) { 188 $csrfattack = false; 189 if (empty($_SERVER['HTTP_REFERER'])) { 190 $csrfattack = true; // An evil browser was used 191 } else { 192 $tmpa = parse_url($_SERVER['HTTP_HOST']); 193 $tmpb = parse_url($_SERVER['HTTP_REFERER']); 194 if ((empty($tmpa['host']) ? $tmpa['path'] : $tmpa['host']) != (empty($tmpb['host']) ? $tmpb['path'] : $tmpb['host'])) { 195 $csrfattack = true; 196 } 197 } 198 if ($csrfattack) { 199 //print 'NOCSRFCHECK='.defined('NOCSRFCHECK').' REQUEST_METHOD='.$_SERVER['REQUEST_METHOD'].' HTTP_HOST='.$_SERVER['HTTP_HOST'].' HTTP_REFERER='.$_SERVER['HTTP_REFERER']; 200 // Note: We can't use dol_escape_htmltag here to escape output because lib functions.lib.ph is not yet loaded. 201 include_once DOL_DOCUMENT_ROOT.'/core/lib/functions.lib.php'; 202 dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"])?'':$_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (Bad referer).", LOG_WARNING); 203 print "Access refused by CSRF protection in main.inc.php. Referer of form (".htmlentities($_SERVER['HTTP_REFERER'], ENT_COMPAT, 'UTF-8').") is outside the server that serve this page (with method = ".htmlentities($_SERVER['REQUEST_METHOD'], ENT_COMPAT, 'UTF-8').").\n"; 204 print "If you access your server behind a proxy using url rewriting, you might check that all HTTP headers are propagated (or add the line \$dolibarr_nocsrfcheck=1 into your conf.php file to remove this security check).\n"; 205 die; 206 } 207 } 208 // Another test is done later on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on. 209} 210if (empty($dolibarr_main_db_host) && !defined('NOREQUIREDB')) { 211 print '<div class="center">Dolibarr setup is not yet complete.<br><br>'."\n"; 212 print '<a href="install/index.php">Click here to finish Dolibarr install process</a> ...</div>'."\n"; 213 die; 214} 215if (empty($dolibarr_main_url_root) && !defined('NOREQUIREVIRTUALURL')) { 216 print 'Value for parameter \'dolibarr_main_url_root\' is not defined in your \'htdocs\conf\conf.php\' file.<br>'."\n"; 217 print 'You must add this parameter with your full Dolibarr root Url (Example: http://myvirtualdomain/ or http://mydomain/mydolibarrurl/)'."\n"; 218 die; 219} 220 221if (empty($dolibarr_main_document_root_alt)) { 222 $dolibarr_main_document_root_alt = $dolibarr_main_document_root.'/custom'; 223} 224 225if (empty($dolibarr_main_data_root)) { 226 // If directory not defined, we use the default hardcoded value 227 $dolibarr_main_data_root = str_replace("/htdocs", "", $dolibarr_main_document_root); 228 $dolibarr_main_data_root .= "/documents"; 229} 230 231// Define some constants 232define('DOL_CLASS_PATH', 'class/'); // Filesystem path to class dir (defined only for some code that want to be compatible with old versions without this parameter) 233define('DOL_DATA_ROOT', $dolibarr_main_data_root); // Filesystem data (documents) 234// Try to autodetect DOL_MAIN_URL_ROOT and DOL_URL_ROOT. 235// Note: autodetect works only in case 1, 2, 3 and 4 of phpunit test CoreTest.php. For case 5, 6, only setting value into conf.php will works. 236$tmp = ''; 237$found = 0; 238$real_dolibarr_main_document_root = str_replace('\\', '/', realpath($dolibarr_main_document_root)); // A) Value found into config file, to say where are store htdocs files. Ex: C:/xxx/dolibarr, C:/xxx/dolibarr/htdocs 239if (!empty($_SERVER["DOCUMENT_ROOT"])) { 240 $pathroot = $_SERVER["DOCUMENT_ROOT"]; // B) Value reported by web server setup (not defined on CLI mode), to say where is root of web server instance. Ex: C:/xxx/dolibarr, C:/xxx/dolibarr/htdocs 241} else { 242 $pathroot = 'NOTDEFINED'; 243} 244$paths = explode('/', str_replace('\\', '/', $_SERVER["SCRIPT_NAME"])); // C) Value reported by web server, to say full path on filesystem of a file. Ex: /dolibarr/htdocs/admin/system/phpinfo.php 245// Try to detect if $_SERVER["DOCUMENT_ROOT"]+start of $_SERVER["SCRIPT_NAME"] is $dolibarr_main_document_root. If yes, relative url to add before dol files is this start part. 246$concatpath = ''; 247foreach ($paths as $tmppath) { // We check to find (B+start of C)=A 248 if (empty($tmppath)) { 249 continue; 250 } 251 $concatpath .= '/'.$tmppath; 252 //if ($tmppath) $concatpath.='/'.$tmppath; 253 //print $_SERVER["SCRIPT_NAME"].'-'.$pathroot.'-'.$concatpath.'-'.$real_dolibarr_main_document_root.'-'.realpath($pathroot.$concatpath).'<br>'; 254 if ($real_dolibarr_main_document_root == @realpath($pathroot.$concatpath)) { // @ avoid warning when safe_mode is on. 255 //print "Found relative url = ".$concatpath; 256 $tmp3 = $concatpath; 257 $found = 1; 258 break; 259 } 260 //else print "Not found yet for concatpath=".$concatpath."<br>\n"; 261} 262//print "found=".$found." dolibarr_main_url_root=".$dolibarr_main_url_root."\n"; 263if (!$found) { 264 $tmp = $dolibarr_main_url_root; // If autodetect fails (Ie: when using apache alias that point outside default DOCUMENT_ROOT). 265} else { 266 $tmp = 'http'.(((empty($_SERVER["HTTPS"]) || $_SERVER["HTTPS"] != 'on') && (empty($_SERVER["SERVER_PORT"]) || $_SERVER["SERVER_PORT"] != 443)) ? '' : 's').'://'.$_SERVER["SERVER_NAME"].((empty($_SERVER["SERVER_PORT"]) || $_SERVER["SERVER_PORT"] == 80 || $_SERVER["SERVER_PORT"] == 443) ? '' : ':'.$_SERVER["SERVER_PORT"]).($tmp3 ? (preg_match('/^\//', $tmp3) ? '' : '/').$tmp3 : ''); 267} 268//print "tmp1=".$tmp1." tmp2=".$tmp2." tmp3=".$tmp3." tmp=".$tmp."\n"; 269if (!empty($dolibarr_main_force_https)) { 270 $tmp = preg_replace('/^http:/i', 'https:', $tmp); 271} 272define('DOL_MAIN_URL_ROOT', $tmp); // URL absolute root (https://sss/dolibarr, ...) 273$uri = preg_replace('/^http(s?):\/\//i', '', constant('DOL_MAIN_URL_ROOT')); // $uri contains url without http* 274$suburi = strstr($uri, '/'); // $suburi contains url without domain:port 275if ($suburi == '/') { 276 $suburi = ''; // If $suburi is /, it is now '' 277} 278define('DOL_URL_ROOT', $suburi); // URL relative root ('', '/dolibarr', ...) 279 280//print DOL_MAIN_URL_ROOT.'-'.DOL_URL_ROOT."\n"; 281 282// Define prefix MAIN_DB_PREFIX 283define('MAIN_DB_PREFIX', $dolibarr_main_db_prefix); 284 285 286/* 287 * Define PATH to external libraries 288 * To use other version than embeded libraries, define here constant to path. Use '' to use include class path autodetect. 289 */ 290// Path to root libraries 291if (!defined('ADODB_PATH')) { 292 define('ADODB_PATH', (!isset($dolibarr_lib_ADODB_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/adodbtime/' : (empty($dolibarr_lib_ADODB_PATH) ? '' : $dolibarr_lib_ADODB_PATH.'/')); 293} 294if (!defined('TCPDF_PATH')) { 295 define('TCPDF_PATH', (empty($dolibarr_lib_TCPDF_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/tecnickcom/tcpdf/' : $dolibarr_lib_TCPDF_PATH.'/'); 296} 297if (!defined('TCPDI_PATH')) { 298 define('TCPDI_PATH', (empty($dolibarr_lib_TCPDI_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/tcpdi/' : $dolibarr_lib_TCPDI_PATH.'/'); 299} 300if (!defined('NUSOAP_PATH')) { 301 define('NUSOAP_PATH', (!isset($dolibarr_lib_NUSOAP_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/nusoap/lib/' : (empty($dolibarr_lib_NUSOAP_PATH) ? '' : $dolibarr_lib_NUSOAP_PATH.'/')); 302} 303if (!defined('PHPEXCELNEW_PATH')) { 304 define('PHPEXCELNEW_PATH', (!isset($dolibarr_lib_PHPEXCELNEW_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/phpoffice/phpspreadsheet/src/PhpSpreadsheet/' : (empty($dolibarr_lib_PHPEXCELNEW_PATH) ? '' : $dolibarr_lib_PHPEXCELNEW_PATH.'/')); 305} 306if (!defined('ODTPHP_PATH')) { 307 define('ODTPHP_PATH', (!isset($dolibarr_lib_ODTPHP_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/odtphp/' : (empty($dolibarr_lib_ODTPHP_PATH) ? '' : $dolibarr_lib_ODTPHP_PATH.'/')); 308} 309if (!defined('ODTPHP_PATHTOPCLZIP')) { 310 define('ODTPHP_PATHTOPCLZIP', (!isset($dolibarr_lib_ODTPHP_PATHTOPCLZIP)) ?DOL_DOCUMENT_ROOT.'/includes/odtphp/zip/pclzip/' : (empty($dolibarr_lib_ODTPHP_PATHTOPCLZIP) ? '' : $dolibarr_lib_ODTPHP_PATHTOPCLZIP.'/')); 311} 312if (!defined('JS_CKEDITOR')) { 313 define('JS_CKEDITOR', (!isset($dolibarr_js_CKEDITOR)) ? '' : (empty($dolibarr_js_CKEDITOR) ? '' : $dolibarr_js_CKEDITOR.'/')); 314} 315if (!defined('JS_JQUERY')) { 316 define('JS_JQUERY', (!isset($dolibarr_js_JQUERY)) ? '' : (empty($dolibarr_js_JQUERY) ? '' : $dolibarr_js_JQUERY.'/')); 317} 318if (!defined('JS_JQUERY_UI')) { 319 define('JS_JQUERY_UI', (!isset($dolibarr_js_JQUERY_UI)) ? '' : (empty($dolibarr_js_JQUERY_UI) ? '' : $dolibarr_js_JQUERY_UI.'/')); 320} 321// Other required path 322if (!defined('DOL_DEFAULT_TTF')) { 323 define('DOL_DEFAULT_TTF', (!isset($dolibarr_font_DOL_DEFAULT_TTF)) ?DOL_DOCUMENT_ROOT.'/includes/fonts/Aerial.ttf' : (empty($dolibarr_font_DOL_DEFAULT_TTF) ? '' : $dolibarr_font_DOL_DEFAULT_TTF)); 324} 325if (!defined('DOL_DEFAULT_TTF_BOLD')) { 326 define('DOL_DEFAULT_TTF_BOLD', (!isset($dolibarr_font_DOL_DEFAULT_TTF_BOLD)) ?DOL_DOCUMENT_ROOT.'/includes/fonts/AerialBd.ttf' : (empty($dolibarr_font_DOL_DEFAULT_TTF_BOLD) ? '' : $dolibarr_font_DOL_DEFAULT_TTF_BOLD)); 327} 328 329 330/* 331 * Include functions 332 */ 333 334if (!defined('ADODB_DATE_VERSION')) { 335 include_once ADODB_PATH.'adodb-time.inc.php'; 336} 337 338if (!file_exists(DOL_DOCUMENT_ROOT."/core/lib/functions.lib.php")) { 339 print "Error: Dolibarr config file content seems to be not correctly defined.<br>\n"; 340 print "Please run dolibarr setup by calling page <b>/install</b>.<br>\n"; 341 exit; 342} 343 344 345// Included by default 346include_once DOL_DOCUMENT_ROOT.'/core/lib/functions.lib.php'; 347include_once DOL_DOCUMENT_ROOT.'/core/lib/security.lib.php'; 348//print memory_get_usage(); 349 350// If password is encoded, we decode it. Note: When page is called for install, $dolibarr_main_db_pass may not be defined yet. 351if ((!empty($dolibarr_main_db_pass) && preg_match('/crypted:/i', $dolibarr_main_db_pass)) || !empty($dolibarr_main_db_encrypted_pass)) { 352 if (!empty($dolibarr_main_db_pass) && preg_match('/crypted:/i', $dolibarr_main_db_pass)) { 353 $dolibarr_main_db_pass = preg_replace('/crypted:/i', '', $dolibarr_main_db_pass); 354 $dolibarr_main_db_pass = dol_decode($dolibarr_main_db_pass); 355 $dolibarr_main_db_encrypted_pass = $dolibarr_main_db_pass; // We need to set this so we can use it later to know the password was initially crypted 356 } else { 357 $dolibarr_main_db_pass = dol_decode($dolibarr_main_db_encrypted_pass); 358 } 359} 360