| ' . $langs->trans("Account") . ' | '; print '' . $langs->trans("Label") . ' | '; for($i = 1; $i <= 12; $i ++) { - print '' . $langs->trans('MonthShort' . str_pad($i, 2, '0', STR_PAD_LEFT)) . ' | '; + print '' . $langs->trans('MonthShort' . str_pad($i, 2, '0', STR_PAD_LEFT)) . ' | '; } print '' . $langs->trans("Total") . ' |
| ' . length_accountg($row[0]) . ' | '; - print '' . $row[1] . ' | '; - for($i = 2; $i <= 12; $i ++) { - print '' . price($row[$i]) . ' | '; - } - print '' . price($row[13]) . ' | '; - print '' . price($row[14]) . ' | '; - print '
| ' . length_accountg($row[0]) . ' | '; + print '' . $row[1] . ' | '; + for($i = 2; $i <= 12; $i ++) { + print '' . price($row[$i]) . ' | '; + } + print '' . price($row[13]) . ' | '; + print '' . price($row[14]) . ' | '; + print '
'; - print '
'; + print '
'; + print '
'; - print_fiche_titre($langs->trans("OtherInfo"), '', ''); + print_fiche_titre($langs->trans("OtherInfo"), '', ''); - print "
\n"; - print '
| ' . $langs->trans("TotalVente") . ' | '; - for($i = 1; $i <= 12; $i ++) { - print '' . $langs->trans('MonthShort' . str_pad($i, 2, '0', STR_PAD_LEFT)) . ' | '; - } - print '' . $langs->trans("Total") . ' |
| ' . $langs->trans("TotalVente") . ' | '; + for($i = 1; $i <= 12; $i ++) { + print '' . $langs->trans('MonthShort' . str_pad($i, 2, '0', STR_PAD_LEFT)) . ' | '; + } + print '' . $langs->trans("Total") . ' |
| ' . $row[0] . ' | '; - for($i = 1; $i <= 12; $i ++) { - print '' . price($row[$i]) . ' | '; - } - print '' . price($row[13]) . ' | '; - print '
\n"; - print '
| ' . $langs->trans("TotalMarge") . ' | '; - for($i = 1; $i <= 12; $i ++) { - print '' . $langs->trans('MonthShort' . str_pad($i, 2, '0', STR_PAD_LEFT)) . ' | '; - } - print '' . $langs->trans("Total") . ' |
| ' . $langs->trans("TotalMarge") . ' | '; + for($i = 1; $i <= 12; $i ++) { + print '' . $langs->trans('MonthShort' . str_pad($i, 2, '0', STR_PAD_LEFT)) . ' | '; + } + print '' . $langs->trans("Total") . ' |
| ' . $row[0] . ' | '; - for($i = 1; $i <= 12; $i ++) { - print '' . price(price2num($row[$i])) . ' | '; - } - print '' . price(price2num($row[13])) . ' | '; - print '
'.$changelog.'
';
+ else $text.='/class/api_.class.php
- * \file htdocs/api/indexphp
- *
- * @todo User authentication with api_key
+ * \file htdocs/api/index.php
*/
-if (! defined("NOLOGIN")) define("NOLOGIN",'1');
-if (! defined("NOCSRFCHECK")) define("NOCSRFCHECK",'1');
+//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1');
+//if (! defined('NOREQUIREDB')) define('NOREQUIREDB','1');
+//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1');
+//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1');
+if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK','1'); // Do not check anti CSRF attack test
+//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK','1'); // Do not check style html tag into posted data
+if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1'); // Do not check anti POST attack test
+if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1'); // If there is no need to load and show top and left menu
+if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1'); // If we don't need to load the html.form.class.php
+if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1'); // Do not load ajax.lib.php library
+if (! defined("NOLOGIN")) define("NOLOGIN",'1'); // If this page is public (can be called outside logged session)
+
$res=0;
if (! $res && file_exists("../main.inc.php")) $res=include '../main.inc.php';
@@ -67,7 +75,31 @@ if (preg_match('/api\/index\.php\/explorer/', $_SERVER["PHP_SELF"]) && ! empty($
}
-$api = new DolibarrApi($db);
+
+
+// Analyze URLs
+// index.php/explorer do a redirect to index.php/explorer/
+// index.php/explorer/ called by swagger to build explorer page
+// index.php/explorer/.../....png|.css|.js called by swagger for resources to build explorer page
+// index.php/explorer/resources.json called by swagger to get list of all services
+// index.php/explorer/resources.json/xxx called by swagger to get detail of services xxx
+// index.php/xxx called by any REST client to run API
+
+
+preg_match('/index\.php\/([^\/]+)(.*)$/', $_SERVER["PHP_SELF"], $reg);
+// .../index.php/categories?sortfield=t.rowid&sortorder=ASC
+
+
+// Set the flag to say to refresh (when we reload the explorer, production must be for API call only)
+$refreshcache=false;
+if (! empty($reg[1]) && $reg[1] == 'explorer' && ($reg[2] == '/resources.json' || $reg[2] == '/resources.json/root'))
+{
+ $refreshcache=true;
+}
+
+
+$api = new DolibarrApi($db, '', $refreshcache);
+//var_dump($api->r->apiVersionMap);
// Enable the Restler API Explorer.
// See https://github.com/Luracast/Restler-API-Explorer for more info.
@@ -79,110 +111,82 @@ $api->r->addAuthenticationClass('DolibarrApiAccess','');
// Define accepted mime types
UploadFormat::$allowedMimeTypes = array('image/jpeg', 'image/png', 'text/plain', 'application/octet-stream');
-$listofapis = array();
-$modulesdir = dolGetModulesDirs();
-foreach ($modulesdir as $dir)
+
+// Call Explorer file for all APIs definitions
+if (! empty($reg[1]) && $reg[1] == 'explorer' && ($reg[2] == '/resources.json' || $reg[2] == '/resources.json/root'))
{
- /*
- * Search available module
- */
- //dol_syslog("Scan directory ".$dir." for API modules");
+ // Scan all API files to load them
- $handle=@opendir(dol_osencode($dir));
- if (is_resource($handle))
+ $listofapis = array();
+
+ $modulesdir = dolGetModulesDirs();
+ foreach ($modulesdir as $dir)
{
- while (($file = readdir($handle))!==false)
+ // Search available module
+ dol_syslog("Scan directory ".$dir." for module descriptor to after search for API files");
+
+ $handle=@opendir(dol_osencode($dir));
+ if (is_resource($handle))
{
- if (is_readable($dir.$file) && preg_match("/^mod(.*)\.class\.php$/i",$file,$reg))
+ while (($file = readdir($handle))!==false)
{
- $module = strtolower($reg[1]);
- $moduledirforclass = $module;
- $moduleforperm = $module;
-
- if ($module == 'propale') {
- $moduledirforclass = 'comm/propal';
- $moduleforperm='propal';
- }
- elseif ($module == 'agenda') {
- $moduledirforclass = 'comm/action';
- }
- elseif ($module == 'adherent') {
- $moduledirforclass = 'adherents';
- }
- elseif ($module == 'banque') {
- $moduledirforclass = 'compta/bank';
- }
- elseif ($module == 'categorie') {
- $moduledirforclass = 'categories';
- }
- elseif ($module == 'facture') {
- $moduledirforclass = 'compta/facture';
- }
- elseif ($module == 'project') {
- $moduledirforclass = 'projet';
- }
- elseif ($module == 'task') {
- $moduledirforclass = 'projet';
- }
- elseif ($module == 'stock') {
- $moduledirforclass = 'product/stock';
- }
- elseif ($module == 'fournisseur') {
- $moduledirforclass = 'fourn';
- }
- //dol_syslog("Found module file ".$file." - module=".$module." - moduledirforclass=".$moduledirforclass);
-
- // Defined if module is enabled
- $enabled=true;
- if (empty($conf->$moduleforperm->enabled)) $enabled=false;
-
- if ($enabled)
+ if (is_readable($dir.$file) && preg_match("/^mod(.*)\.class\.php$/i",$file,$reg))
{
- /*
- * If exists, load the API class for enable module
- *
- * Search files named api_
';
}
}
@@ -636,6 +637,7 @@ if ($resql)
// print ''.$langs->trans("NotAvailable").'
';
+}
+
print $text;
diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php
index 23d87791103..a59d6fca3bb 100644
--- a/htdocs/admin/modules.php
+++ b/htdocs/admin/modules.php
@@ -207,8 +207,19 @@ if ($action == 'set' && $user->admin)
//var_dump($resarray);exit;
if ($resarray['nbperms'] > 0)
{
- $msg = $langs->trans('ModuleEnabledAdminMustCheckRights');
- setEventMessages($msg, null, 'warnings');
+ $tmpsql="SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."user WHERE admin <> 1";
+ $resqltmp=$db->query($tmpsql);
+ if ($resqltmp)
+ {
+ $obj=$db->fetch_object($resqltmp);
+ //var_dump($obj->nb);exit;
+ if ($obj && $obj->nb > 1)
+ {
+ $msg = $langs->trans('ModuleEnabledAdminMustCheckRights');
+ setEventMessages($msg, null, 'warnings');
+ }
+ }
+ else dol_print_error($db);
}
}
header("Location: ".$_SERVER["PHP_SELF"]."?mode=".$mode.$param.($page_y?'&page_y='.$page_y:''));
diff --git a/htdocs/admin/tools/listsessions.php b/htdocs/admin/tools/listsessions.php
index 56db6eb2ad7..c57a78974ed 100644
--- a/htdocs/admin/tools/listsessions.php
+++ b/htdocs/admin/tools/listsessions.php
@@ -47,7 +47,7 @@ $langs->load("other");
$sortfield = GETPOST("sortfield",'alpha');
$sortorder = GETPOST("sortorder",'alpha');
$page = GETPOST("page",'int');
-if ($page == -1) { $page = 0 ; }
+if ($page == -1 || $page == null) { $page = 0 ; }
$offset = $conf->liste_limit * $page ;
$pageprev = $page - 1;
$pagenext = $page + 1;
diff --git a/htdocs/admin/websites.php b/htdocs/admin/websites.php
index 1dc91786ada..4dbd154096f 100644
--- a/htdocs/admin/websites.php
+++ b/htdocs/admin/websites.php
@@ -54,7 +54,7 @@ $status = 1;
$sortfield = GETPOST("sortfield",'alpha');
$sortorder = GETPOST("sortorder",'alpha');
$page = GETPOST("page",'int');
-if ($page == -1) { $page = 0 ; }
+if ($page == -1 || $page == null) { $page = 0 ; }
$offset = $listlimit * $page ;
$pageprev = $page - 1;
$pagenext = $page + 1;
diff --git a/htdocs/api/README.md b/htdocs/api/README.md
index b4ff7a89f7b..0b773888882 100644
--- a/htdocs/api/README.md
+++ b/htdocs/api/README.md
@@ -1,41 +1,54 @@
-API REST howto
-==============
+API REST
+========
-This directory contains files to make Dolibarr a server of REST Web Services.
-It depends on external library Restler.
+## Integrate your ERP with any other applications using Dolibarr APIs
+
+This module provides the service to make Dolibarr a server of REST Web Services. It depends on external library Restler.
+
+Extract any data or push insert, update or delete record using our new REST APIs. Using standard HTTP and Json format, it is compatible with any language (PHP, Java, Ruby, Python, C#, C++, JavaScript, JQuery, Basic, ...). Use the embedded APIs explorer tool to test APIs or get generated URLs to use in your own code.
-Explore the api
----------------
+
+ 
+
-You can explore API method by using web interface : https://**yourdolibarr.tld**/mydolibarr/api/admin/explorer.php (replace **yourdolibarr.tld** by real hostname of your Dolibarr installation)
-Access to the API
+
+Explore the APIs
+----------------
+
+You can explore all available APIs by using the API explorer : [**yourdolibarr.tld**/api/index.php/explorer](../api/index.php/explorer) (replace **yourdolibarr.tld** by real hostname of your Dolibarr installation)
+
+
+Access to an API
-----------------
-> **Warning : access to the API should (or better : must!) be secured with SSL connection**
+> **Warning : access to any API should (or better : must!) be secured with SSL connection**
-To access to the API you need a token to identify. When you access the API for the first time, you need to log in with user name and password to get a token. **Only** this token will allow to access API with.
+To access to the API you need a token to identify. **Only** this token will allow to access API with.
+The token is dedicated to a user and it **must** be put into requests as **DOLAPIKEY** parameter in HTTP header (or among URL parameters, but this is less secured).
-To log in with the API, use this uri : https://**yourdolibarr.tld**/mydolibarr/api/index.php/login?login=**username**&password=**password** (replace bold strings with real values)
+To get a token you can:
-The token will be saved by Dolibarr for next user accesses to the API and it **must** be put into request uri as **api_key** parameter.
+* Edit the user card to set the value of token. Each user can have a different token.
+* or Call the *login* API with login and password. This will return the value of token for the user used to login.
Then call other services with
-https://**yourdolibarr.tld**/mydolibarr/api/index.php/otherservice?api_key=**api_key**
+https://**yourdolibarr.tld**/mydolibarr/api/index.php/otherservice?DOLAPIKEY=**api_key**
-Develop the API
----------------
+Develop an API
+--------------
The API uses Lucarast Restler framework. Please check documentation https://www.luracast.com/products/restler and examples http://help.luracast.com/restler/examples/
+
Github contains also usefull informations : https://github.com/Luracast/Restler
-To implement it into Dolibarr, we need to create a specific class for object we want to use. A skeleton file is available into /dev directory : *skeleton_api_class.class.php*
+To implement it into Dolibarr, you need to create a specific class for object we want to use. A skeleton file is available into /modulebuilder/class directory : *api_mymodule_class.class.php*
The API class file must be put into object class directory, with specific file name. By example, API class file for '*myobject*' must be put as : /htdocs/*myobject*/class/api_*myobject*.class.php. Class must be named **MyobjectApi**.
-If a module provide several object, use a different name for '*myobject*' and put the file into the same directory.
+If a module provide several object, use a different name for *'myobject'* and put the file into the same directory.
**Define url for methods**
diff --git a/htdocs/api/class/api.class.php b/htdocs/api/class/api.class.php
index 190e24d326c..40e00d01ffd 100644
--- a/htdocs/api/class/api.class.php
+++ b/htdocs/api/class/api.class.php
@@ -42,10 +42,11 @@ class DolibarrApi
/**
* Constructor
*
- * @param DoliDb $db Database handler
- * @param string $cachedir Cache dir
+ * @param DoliDb $db Database handler
+ * @param string $cachedir Cache dir
+ * @param boolean $refreshCache Update cache
*/
- function __construct($db, $cachedir='')
+ function __construct($db, $cachedir='', $refreshCache=false)
{
global $conf;
@@ -54,7 +55,7 @@ class DolibarrApi
$this->db = $db;
$production_mode = ( empty($conf->global->API_PRODUCTION_MODE) ? false : true );
- $this->r = new Restler($production_mode);
+ $this->r = new Restler($production_mode, $refreshCache);
$this->r->setAPIVersion(1);
}
@@ -66,7 +67,7 @@ class DolibarrApi
*
* @return array
*/
- /* Disabled, most APIs does not share same signature for method index
+ /* Disabled, most APIs does not share same signature for method index
function index()
{
return array(
@@ -93,9 +94,9 @@ class DolibarrApi
unset($object->linkedObjects);
unset($object->lines); // should be ->lines
-
+
unset($object->fields);
-
+
unset($object->oldline);
unset($object->error);
@@ -175,7 +176,7 @@ class DolibarrApi
* @throws RestException
*/
static function _checkAccessToResource($resource, $resource_id=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid') {
-
+
// Features/modules to check
$featuresarray = array($resource);
if (preg_match('/&/', $resource)) {
diff --git a/htdocs/api/class/api_access.class.php b/htdocs/api/class/api_access.class.php
index 407f94ac915..b2dcfefa49f 100644
--- a/htdocs/api/class/api_access.class.php
+++ b/htdocs/api/class/api_access.class.php
@@ -80,25 +80,25 @@ class DolibarrApiAccess implements iAuthenticate
{
dol_syslog($key.' - '.$val);
}*/
-
+
// api key can be provided in url with parameter api_key=xxx or ni header with header DOLAPIKEY:xxx
$api_key = '';
- if (isset($_GET['api_key']))
+ if (isset($_GET['api_key']))
{
// TODO Add option to disable use of api key on url. Return errors if used.
$api_key = $_GET['api_key']; // For backward compatibility
}
- if (isset($_GET['DOLAPIKEY']))
+ if (isset($_GET['DOLAPIKEY']))
{
// TODO Add option to disable use of api key on url. Return errors if used.
$api_key = $_GET['DOLAPIKEY']; // With GET method
}
- if (isset($_SERVER['HTTP_DOLAPIKEY']))
+ if (isset($_SERVER['HTTP_DOLAPIKEY'])) // Param DOLAPIKEY in header can be read with HTTP_DOLAPIKEY
{
$api_key = $_SERVER['HTTP_DOLAPIKEY']; // With header method (recommanded)
}
-
- if ($api_key)
+
+ if ($api_key)
{
$sql = "SELECT u.login, u.datec, u.api_key, ";
$sql.= " u.tms as date_modification, u.entity";
diff --git a/htdocs/api/class/api_login.class.php b/htdocs/api/class/api_login.class.php
index 9b965e24c33..c6b71e8b25c 100644
--- a/htdocs/api/class/api_login.class.php
+++ b/htdocs/api/class/api_login.class.php
@@ -34,25 +34,25 @@ class Login
/**
* Login
*
- * Request the API token for a couple username / password.
+ * Request the API token for a couple username / password.
* Using method POST is recommanded for security reasons (method GET is often logged by default by web servers with parameters so with login and pass into server log file).
- * Both methods are provided for developer conveniance. Best is to not use at all the login API method and enter directly the "api_key" into field at the top right of page (Note: "api_key" can be found/set on the user page).
- *
+ * Both methods are provided for developer conveniance. Best is to not use at all the login API method and enter directly the "api_key" into field at the top right of page (Note: "api_key" can be found/set on the user page).
+ *
* @param string $login User login
* @param string $password User password
- * @param int $entity Entity (when multicompany module is used). Empty means 1=first company.
+ * @param string $entity Entity (when multicompany module is used). '' means 1=first company.
* @param int $reset Reset token (0=get current token, 1=ask a new token and canceled old token. This means access using current existing API token of user will fails: new token will be required for new access)
* @return array Response status and user token
*
* @throws RestException
- *
+ *
* @url GET /
* @url POST /
*/
- public function index($login, $password, $entity=0, $reset=0) {
+ public function index($login, $password, $entity='', $reset=0) {
global $conf, $dolibarr_main_authentication, $dolibarr_auto_user;
-
+
// Authentication mode
if (empty($dolibarr_main_authentication))
$dolibarr_main_authentication = 'http,dolibarr';
@@ -62,6 +62,8 @@ class Login
// Set authmode
$authmode = explode(',', $dolibarr_main_authentication);
+ if ($entity == '') $entity=1;
+
include_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php';
$login = checkLoginPassEntity($login, $password, $entity, $authmode);
if (empty($login))
@@ -70,21 +72,21 @@ class Login
}
$token = 'failedtogenerateorgettoken';
-
+
$tmpuser=new User($this->db);
- $tmpuser->fetch(0, $login);
-
+ $tmpuser->fetch(0, $login, 0, 0, $entity);
+
// Renew the hash
if (empty($tmpuser->api_key) || $reset)
{
// Generate token for user
$token = dol_hash($login.uniqid().$conf->global->MAIN_API_KEY,1);
-
+
// We store API token into database
$sql = "UPDATE ".MAIN_DB_PREFIX."user";
$sql.= " SET api_key = '".$this->db->escape($token)."'";
$sql.= " WHERE login = '".$this->db->escape($login)."'";
-
+
dol_syslog(get_class($this)."::login", LOG_DEBUG); // No log
$result = $this->db->query($sql);
if (!$result)
@@ -96,13 +98,14 @@ class Login
{
$token = $tmpuser->api_key;
}
-
+
//return token
return array(
'success' => array(
'code' => 200,
'token' => $token,
- 'message' => 'Welcome ' . $login.($reset?' - Token is new':' - This is your token (generated by a previous call). You can use it to make any REST API call, or enter it into the DOLAPIKEY field to use the Dolibarr API explorer.')
+ 'entity' => $tmpuser->entity,
+ 'message' => 'Welcome ' . $login.($reset?' - Token is new':' - This is your token (generated by a previous call). You can use it to make any REST API call, or enter it into the DOLAPIKEY field to use the Dolibarr API explorer.')
)
);
}
diff --git a/htdocs/api/index.php b/htdocs/api/index.php
index 1e04590da14..0e54d0cb8af 100644
--- a/htdocs/api/index.php
+++ b/htdocs/api/index.php
@@ -21,13 +21,21 @@
* \defgroup api Module DolibarrApi
* \brief API loader
* Search files htdocs/
+