From 326cd8b227522e679adb15ba64b32409acbbc627 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 8 May 2009 01:23:33 +0000 Subject: [PATCH] All data from conf file are stored into conf->file->xxx Multicompany should be ok to logon with no breaking sessions when disabled --- htdocs/actioncomm.class.php | 2 +- htdocs/lib/functions2.lib.php | 8 +-- htdocs/main.inc.php | 57 ++++++++-------- htdocs/master.inc.php | 123 +++++++++++++++++++--------------- htdocs/translate.class.php | 10 +-- htdocs/viewimage.php | 2 +- 6 files changed, 108 insertions(+), 94 deletions(-) diff --git a/htdocs/actioncomm.class.php b/htdocs/actioncomm.class.php index cd05b7fae40..95d5da987a1 100644 --- a/htdocs/actioncomm.class.php +++ b/htdocs/actioncomm.class.php @@ -671,7 +671,7 @@ class ActionComm $resql=$this->db->query($sql); if ($resql) { - // Note: Output of sql request is encoded in $conf->character_set_client + // Note: Output of sql request is encoded in $conf->file->character_set_client while ($obj=$this->db->fetch_object($resql)) { $qualified=true; diff --git a/htdocs/lib/functions2.lib.php b/htdocs/lib/functions2.lib.php index d0c2310a0e4..eceb1a46230 100644 --- a/htdocs/lib/functions2.lib.php +++ b/htdocs/lib/functions2.lib.php @@ -45,8 +45,8 @@ function dol_print_file($langs,$filename,$searchalt=0) { $content=file_get_contents($htmlfile); $isutf8=utf8_check($content); - if (! $isutf8 && $conf->character_set_client == 'UTF-8') print utf8_encode($content); - elseif ($isutf8 && $conf->character_set_client == 'ISO-8859-1') print utf8_decode($content); + if (! $isutf8 && $conf->file->character_set_client == 'UTF-8') print utf8_encode($content); + elseif ($isutf8 && $conf->file->character_set_client == 'ISO-8859-1') print utf8_decode($content); else print $content; return true; } @@ -62,8 +62,8 @@ function dol_print_file($langs,$filename,$searchalt=0) { $content=file_get_contents($htmlfilealt); $isutf8=utf8_check($content); - if (! $isutf8 && $conf->character_set_client == 'UTF-8') print utf8_encode($content); - elseif ($isutf8 && $conf->character_set_client == 'ISO-8859-1') print utf8_decode($content); + if (! $isutf8 && $conf->file->character_set_client == 'UTF-8') print utf8_encode($content); + elseif ($isutf8 && $conf->file->character_set_client == 'ISO-8859-1') print utf8_decode($content); else print $content; return true; } diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index ce9ea2bc9a2..20ac3dc93bb 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -112,17 +112,18 @@ analyse_sql_injection($_POST); // This is to make Dolibarr working with Plesk set_include_path($_SERVER['DOCUMENT_ROOT'].'/htdocs'); -// Retrieve the entity in login form, and after in the cookie -$entityCookieName = "DOLENTITYID_dolibarr"; -if (isset($_POST["entity"])) $_SESSION["dol_entity"] = $_POST["entity"]; -if (isset($_COOKIE[$entityCookieName])) $_SESSION["dol_entity"] = $_COOKIE[$entityCookieName]; +// Retrieve the entity in login form, and after in the cookie +// Removed: The session has not been initialized yet so using SESSION is forbidden here +//$entityCookieName = "DOLENTITYID_dolibarr"; +//if (isset($_POST["entity"])) $_SESSION["dol_entity"] = $_POST["entity"]; +//if (isset($_COOKIE[$entityCookieName])) $_SESSION["dol_entity"] = $_COOKIE[$entityCookieName]; // Set and init common variables -// This include will set $conf, $langs and $mysoc objects +// This include will set: $conf, $langs and $mysoc objects require_once("master.inc.php"); // Check if HTTPS -if ($conf->main_force_https) +if ($conf->file->main_force_https) { if (! empty($_SERVER["SCRIPT_URI"])) // If SCRIPT_URI supported by server { @@ -130,7 +131,7 @@ if ($conf->main_force_https) { $newurl=eregi_replace('^http:','https:',$_SERVER["SCRIPT_URI"]); - dol_syslog("dolibarr_main_force_https is on, we make a redirect to ".$newurl,LOG_DEBUG); + dol_syslog("dolibarr_main_force_https is on, we make a redirect to ".$newurl); header("Location: ".$newurl); exit; } @@ -146,7 +147,7 @@ if ($conf->main_force_https) $newurl='https://'.$domaineport.$_SERVER["REQUEST_URI"]; //print 'eee'.$newurl; exit; - dol_syslog("dolibarr_main_force_https is on, we make a redirect to ".$newurl,LOG_DEBUG); + dol_syslog("dolibarr_main_force_https is on, we make a redirect to ".$newurl); header("Location: ".$newurl); exit; } @@ -166,27 +167,20 @@ if (! empty($conf->global->MAIN_SESSION_TIMEOUT)) ini_set('session.gc_maxlifetim session_name($sessionname); session_start(); dol_syslog("Start session name=".$sessionname." Session id()=".session_id().", _SESSION['dol_login']=".(isset($_SESSION["dol_login"])?$_SESSION["dol_login"]:'').", ".ini_get("session.gc_maxlifetime")); -/* -// Retrieve the entity in login form and in the cookie. + +// Retrieve the entity in login form or in the cookie. // This must be after the init of session (session_start) or this create serious pb of corrupted session. -$entityCookieName = "DOLENTITYID_dolibarr"; -if (isset($_POST["loginfunction"]) && isset($_POST["entity"])) +/* + $entityCookieName = "DOLENTITYID_dolibarr"; +if ((isset($_POST["loginfunction"]) && isset($_POST["entity"])) || isset($_COOKIE[$entityCookieName])) { - $_SESSION["dol_entity"] = $_POST["entity"]; + $_SESSION["dol_entity"] = isset($_POST["entity"])?$_POST["entity"]:$_COOKIE[$entityCookieName]; $conf->entity=$_SESSION["dol_entity"]; - dol_syslog("Will work on entity ".$conf->entity); + dol_syslog("We work on entity ".$conf->entity); // Now we need to reload the conf with the choosed entity - $conf->setValues($db); -} -elseif (isset($_COOKIE[$entityCookieName])) -{ - $_SESSION["dol_entity"] = $_COOKIE[$entityCookieName]; - $conf->entity=$_SESSION["dol_entity"]; - dol_syslog("Will work on entity ".$conf->entity); - // Now we need to reload the conf with the choosed entity - $conf->setValues($db); } */ + // Disable modules (this must be after session_start and after conf has been reloaded) if (! empty($_REQUEST["disablemodules"])) $_SESSION["disablemodules"]=$_REQUEST["disablemodules"]; if (! empty($_SESSION["disablemodules"])) @@ -198,8 +192,9 @@ if (! empty($_SESSION["disablemodules"])) } } + /* - * Phase identification + * Phase authentication / login */ // $authmode contient la liste des differents modes d'identification a tester par ordre de preference. @@ -396,7 +391,7 @@ else // Appel des triggers include_once(DOL_DOCUMENT_ROOT . "/interfaces.class.php"); $interface=new Interfaces($db); - $result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf,$_POST["entity"]); + $result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf,(isset($_POST["entity"])?$_POST["entity"]:0)); if ($result < 0) { $error++; } // Fin appel triggers @@ -413,6 +408,7 @@ if (! isset($_SESSION["dol_login"])) // New session for this login $_SESSION["dol_login"]=$user->login; $_SESSION["dol_authmode"]=$conf->authmode; + if ($conf->multicompany->enabled) $_SESSION["dol_entity"]=$conf->entity; dol_syslog("This is a new started user session. _SESSION['dol_login']=".$_SESSION["dol_login"].' Session id='.session_id()); $db->begin(); @@ -439,6 +435,7 @@ if (! isset($_SESSION["dol_login"])) } // Create entity cookie + // TODO Remove this as it is a security hole if ($conf->multicompany->enabled && isset($_POST["entity"])) { $entity = $_POST["entity"]; @@ -615,7 +612,6 @@ if (defined("MAIN_NOT_INSTALLED")) // On charge les fichiers lang principaux -// TODO Optimisation a faire ici $langs->load("main"); $langs->load("dict"); @@ -626,6 +622,10 @@ $user->getrights(); $bc[0]="class=\"impair\""; $bc[1]="class=\"pair\""; +// Sert uniquement dans module telephonie +$yesno[0]="no"; +$yesno[1]="yes"; + // Constantes utilisees pour definir le nombre de lignes des textarea if (! eregi("firefox",$_SERVER["HTTP_USER_AGENT"])) { @@ -668,7 +668,7 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs if (empty($conf->css)) $conf->css ='/theme/eldy/eldy.css.php'; //header("Content-type: text/html; charset=UTF-8"); - header("Content-type: text/html; charset=".$conf->character_set_client); + header("Content-type: text/html; charset=".$conf->file->character_set_client); print ''; //print ''; @@ -678,7 +678,7 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs { print "\n"; - print "\n"; + print "\n"; // Affiche meta print ''."\n"; // Evite indexation par robots @@ -848,6 +848,7 @@ function top_menu($head, $title='', $target='') $htmltext.='
'.$langs->trans("Type").': '.($user->societe_id?$langs->trans("External"):$langs->trans("Internal")); $htmltext.='
'; $htmltext.='
'.$langs->trans("Connection").''; + if ($conf->global->MAIN_MODULE_MULTICOMPANY) $htmltext.='
'.$langs->trans("ConnectedOnMultiCompany").': '.$conf->entity.' (user entity '.$user->entity.')'; $htmltext.='
'.$langs->trans("ConnectedSince").': '.dol_print_date($user->datelastlogin,"dayhour"); $htmltext.='
'.$langs->trans("PreviousConnexion").': '.dol_print_date($user->datepreviouslogin,"dayhour"); $htmltext.='
'.$langs->trans("AuthenticationMode").': '.$_SESSION["dol_authmode"]; diff --git a/htdocs/master.inc.php b/htdocs/master.inc.php index b4459bb5c24..7696e84ae06 100644 --- a/htdocs/master.inc.php +++ b/htdocs/master.inc.php @@ -114,10 +114,6 @@ require_once(DOL_DOCUMENT_ROOT."/core/conf.class.php"); $conf = new Conf(); -// Retrieve the entity -// Removed: The session has not been initialized yet so using SESSION is forbidden here -if (isset($_SESSION["dol_entity"])) $conf->entity = $_SESSION["dol_entity"]; - // Identifiant propres au serveur base de donnee $conf->db->host = $dolibarr_main_db_host; if (empty($dolibarr_main_db_port)) $dolibarr_main_db_port=0; // Pour compatibilite avec anciennes configs, si non defini, on prend 'mysql' @@ -134,22 +130,22 @@ $conf->db->prefix = $dolibarr_main_db_prefix; if (empty($dolibarr_main_db_collation)) $dolibarr_main_db_collation='latin1_swedish_ci'; $conf->db->dolibarr_main_db_collation=$dolibarr_main_db_collation; // Identifiant autres -$conf->main_authentication = empty($dolibarr_main_authentication)?'':$dolibarr_main_authentication; +$conf->file->main_authentication = empty($dolibarr_main_authentication)?'':$dolibarr_main_authentication; // Force https -$conf->main_force_https = empty($dolibarr_main_force_https)?'':$dolibarr_main_force_https; +$conf->file->main_force_https = empty($dolibarr_main_force_https)?'':$dolibarr_main_force_https; // Define charset for HTML Output (can set hidden value force_charset in conf.php file) if (empty($force_charset_do_notuse)) $force_charset_do_notuse='UTF-8'; -$conf->character_set_client=strtoupper($force_charset_do_notuse); +$conf->file->character_set_client=strtoupper($force_charset_do_notuse); // Define array of document root directories -$conf->dol_document_root=array(DOL_DOCUMENT_ROOT); +$conf->file->dol_document_root=array(DOL_DOCUMENT_ROOT); if (! empty($dolibarr_main_document_root_alt)) { // dolibarr_main_document_root_alt contains several directories $values=split(';',$dolibarr_main_document_root_alt); foreach($values as $value) { - $conf->dol_document_root[]=$value; + $conf->file->dol_document_root[]=$value; } } @@ -191,9 +187,9 @@ if (! defined('NOREQUIREDB')) exit; } } -// Now database connexion is known we can forget password -//$dolibarr_main_db_pass=''; // Comment this because pass is used in a lot of pages -$conf->db->pass=''; // This is to avoir password to be shown in dump +// Now database connexion is known, so we can forget password +//$dolibarr_main_db_pass=''; // Comment this because this constant is used in a lot of pages +$conf->db->pass=''; // This is to avoid password to be shown in dump /* * Creation objet $user @@ -204,56 +200,43 @@ if (! defined('NOREQUIREUSER')) } /* - * Chargement objet $conf + * Load object $conf * After this, all parameters conf->global->CONSTANTS are loaded */ if (! defined('NOREQUIREDB')) { + $entityCookieName="DOLENTITYID_dolibarr"; + // Retrieve the entity + if (isset($_POST["loginfunction"]) && isset($_POST["entity"])) // Just after a login page + { + $conf->entity = $_POST["entity"]; + } + else if (isset($_COOKIE[$entityCookieName])) // Inside a browser navigation + { + // TODO See to remove this later as it is a security hole + $conf->entity = $_COOKIE[$entityCookieName]; + } + elseif (session_id() && isset($_SESSION["dol_entity"])) // Inside an opened session + { + // TODO This is not used for the moment as session is started after for the moment + $conf->entity = $_SESSION["dol_entity"]; + } + elseif (isset($_ENV["dol_entity"])) // If inside a CLI script + { + $conf->entity = $_ENV["dol_entity"]; + } $conf->setValues($db); } /* - * Set default language (must be after the setValues of $conf) + * Creation objet $mysoc + * Objet Societe qui contient carac de l'institution gérée par Dolibarr. */ -if (! defined('NOREQUIRETRAN')) -{ - $langs->setDefaultLang($conf->global->MAIN_LANG_DEFAULT); - $langs->setPhpLang(); -} - -/* - * Pour utiliser d'autres versions des librairies externes que les - * versions embarquées dans Dolibarr, définir les constantes adequates: - * Pour FPDF: FPDF_PATH - * Pour PHP_WriteExcel: PHP_WRITEEXCEL_PATH - * Pour MagpieRss: MAGPIERSS_PATH - * Pour PHPlot: PHPLOT_PATH - * Pour JPGraph: JPGRAPH_PATH - * Pour NuSOAP: NUSOAP_PATH - * Pour TCPDF: TCPDF_PATH - */ -// Les path racines -if (! defined('FPDF_PATH')) { define('FPDF_PATH', DOL_DOCUMENT_ROOT .'/includes/fpdf/fpdf/'); } -if (! defined('FPDFI_PATH')) { define('FPDFI_PATH', DOL_DOCUMENT_ROOT .'/includes/fpdf/fpdfi/'); } -if (! defined('MAGPIERSS_PATH')) { define('MAGPIERSS_PATH', DOL_DOCUMENT_ROOT .'/includes/magpierss/'); } -if (! defined('JPGRAPH_PATH')) { define('JPGRAPH_PATH', DOL_DOCUMENT_ROOT .'/includes/jpgraph/'); } -if (! defined('NUSOAP_PATH')) { define('NUSOAP_PATH', DOL_DOCUMENT_ROOT .'/includes/nusoap/lib/'); } -if (! defined('PHP_WRITEEXCEL_PATH')) { define('PHP_WRITEEXCEL_PATH',DOL_DOCUMENT_ROOT .'/includes/php_writeexcel/'); } -if (! defined('PHPEXCELREADER')) { define('PHPEXCELREADER', DOL_DOCUMENT_ROOT .'/includes/phpexcelreader/'); } -// Les autres path -if (! defined('FPDF_FONTPATH')) { define('FPDF_FONTPATH', FPDF_PATH . 'font/'); } -if (! defined('MAGPIE_DIR')) { define('MAGPIE_DIR', MAGPIERSS_PATH); } -if (! defined('MAGPIE_CACHE_DIR')) { define('MAGPIE_CACHE_DIR', $conf->externalrss->dir_temp); } - - - -/* - * Creation objet mysoc - * Objet Societe qui contient carac de l'institution géré par Dolibarr. - */ -if (! defined('NOREQUIRESOC')) +if (! defined('NOREQUIREDB') && ! defined('NOREQUIRESOC')) { + require_once(DOL_DOCUMENT_ROOT ."/societe.class.php"); $mysoc=new Societe($db); + $mysoc->id=0; $mysoc->nom=$conf->global->MAIN_INFO_SOCIETE_NOM; $mysoc->adresse=$conf->global->MAIN_INFO_SOCIETE_ADRESSE; @@ -304,10 +287,40 @@ if (! defined('NOREQUIRESOC')) $mysoc->logo_mini=$conf->global->MAIN_INFO_SOCIETE_LOGO_MINI; } -// Sert uniquement dans module telephonie -$yesno[0]="no"; -$yesno[1]="yes"; -if ( ! defined('MAIN_LABEL_MENTION_NPR') ) define('MAIN_LABEL_MENTION_NPR','NPR'); +/* + * Set default language (must be after the setValues of $conf) + */ +if (! defined('NOREQUIRETRAN')) +{ + $langs->setDefaultLang($conf->global->MAIN_LANG_DEFAULT); + $langs->setPhpLang(); +} +/* + * Pour utiliser d'autres versions des librairies externes que les + * versions embarquées dans Dolibarr, définir les constantes adequates: + * Pour FPDF: FPDF_PATH + * Pour PHP_WriteExcel: PHP_WRITEEXCEL_PATH + * Pour MagpieRss: MAGPIERSS_PATH + * Pour PHPlot: PHPLOT_PATH + * Pour JPGraph: JPGRAPH_PATH + * Pour NuSOAP: NUSOAP_PATH + * Pour TCPDF: TCPDF_PATH + */ +// Les path racines +if (! defined('FPDF_PATH')) { define('FPDF_PATH', DOL_DOCUMENT_ROOT .'/includes/fpdf/fpdf/'); } +if (! defined('FPDFI_PATH')) { define('FPDFI_PATH', DOL_DOCUMENT_ROOT .'/includes/fpdf/fpdfi/'); } +if (! defined('MAGPIERSS_PATH')) { define('MAGPIERSS_PATH', DOL_DOCUMENT_ROOT .'/includes/magpierss/'); } +if (! defined('JPGRAPH_PATH')) { define('JPGRAPH_PATH', DOL_DOCUMENT_ROOT .'/includes/jpgraph/'); } +if (! defined('NUSOAP_PATH')) { define('NUSOAP_PATH', DOL_DOCUMENT_ROOT .'/includes/nusoap/lib/'); } +if (! defined('PHP_WRITEEXCEL_PATH')) { define('PHP_WRITEEXCEL_PATH',DOL_DOCUMENT_ROOT .'/includes/php_writeexcel/'); } +if (! defined('PHPEXCELREADER')) { define('PHPEXCELREADER', DOL_DOCUMENT_ROOT .'/includes/phpexcelreader/'); } +// Les autres path +if (! defined('FPDF_FONTPATH')) { define('FPDF_FONTPATH', FPDF_PATH . 'font/'); } +if (! defined('MAGPIE_DIR')) { define('MAGPIE_DIR', MAGPIERSS_PATH); } +if (! defined('MAGPIE_CACHE_DIR')) { define('MAGPIE_CACHE_DIR', $conf->externalrss->dir_temp); } + + +if (! defined('MAIN_LABEL_MENTION_NPR') ) define('MAIN_LABEL_MENTION_NPR','NPR'); ?> diff --git a/htdocs/translate.class.php b/htdocs/translate.class.php index 91a553a5078..baa25f1a39b 100644 --- a/htdocs/translate.class.php +++ b/htdocs/translate.class.php @@ -54,12 +54,12 @@ class Translate { function Translate($dir = "",$conf) { // If charset output is forced - if (! empty($conf->character_set_client)) + if (! empty($conf->file->character_set_client)) { - $this->charset_output=$conf->character_set_client; + $this->charset_output=$conf->file->character_set_client; } if ($dir) $this->dir=array($dir); - else $this->dir=$conf->dol_document_root; + else $this->dir=$conf->file->dol_document_root; } @@ -356,7 +356,7 @@ class Translate { $newstr=ereg_replace('<','__lt__',$str); $newstr=ereg_replace('>','__gt__',$newstr); $newstr=ereg_replace('"','__quot__',$newstr); - + $newstr=$this->convToOutputCharset($newstr); // Convert string to $this->charset_output // Cryptage en html de la chaine @@ -470,7 +470,7 @@ class Translate { /** - * \brief Convert a string into output charset (this->charset_output that should be defined to conf->character_set_client) + * \brief Convert a string into output charset (this->charset_output that should be defined to conf->file->character_set_client) * \param str String to convert * \param pagecodefrom Page code of src string * \return string Converted string diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index 23aa9959251..7c6428ef57f 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -336,7 +336,7 @@ if ($modulepart == 'barcode') $readable=$_GET["readable"]?$_GET["readable"]:"Y"; // Output files with barcode generators - foreach ($conf->dol_document_root as $dirroot) + foreach ($conf->file->dol_document_root as $dirroot) { $dir=$dirroot . "/includes/modules/barcode/"; $result=@include_once($dir.$generator.".modules.php");