2011-06-01 20:19:40 +02:00
|
|
|
<?php
|
|
|
|
|
/* Copyright (C) 2011 Laurent Destailleur <eldy@users.sourceforge.net>
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
2013-01-16 15:36:08 +01:00
|
|
|
* the Free Software Foundation; either version 3 of the License, or
|
2011-06-01 20:19:40 +02:00
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
2019-09-23 21:55:30 +02:00
|
|
|
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
|
* or see https://www.gnu.org/
|
2011-06-01 20:19:40 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/**
|
2011-10-24 12:59:44 +02:00
|
|
|
* \file htdocs/core/lib/ws.lib.php
|
2011-09-24 15:44:04 +02:00
|
|
|
* \ingroup webservices
|
2011-06-01 20:19:40 +02:00
|
|
|
* \brief Set of function for manipulating web services
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check authentication array and set error, errorcode, errorlabel
|
2011-09-23 13:46:16 +02:00
|
|
|
*
|
2011-09-24 16:17:46 +02:00
|
|
|
* @param array $authentication Array with authentication informations ('login'=>,'password'=>,'entity'=>,'dolibarrkey'=>)
|
2014-09-27 16:00:11 +02:00
|
|
|
* @param int $error Number of errors
|
|
|
|
|
* @param string $errorcode Error string code
|
2020-12-28 12:30:59 +01:00
|
|
|
* @param string $errorlabel Error string label
|
2012-07-22 02:33:21 +02:00
|
|
|
* @return User Return user object identified by login/pass/entity into authentication array
|
2011-06-01 20:19:40 +02:00
|
|
|
*/
|
2019-01-27 15:20:16 +01:00
|
|
|
function check_authentication($authentication, &$error, &$errorcode, &$errorlabel)
|
2011-06-01 20:19:40 +02:00
|
|
|
{
|
2020-10-31 14:32:18 +01:00
|
|
|
global $db, $conf, $langs;
|
|
|
|
|
global $dolibarr_main_authentication, $dolibarr_auto_user;
|
2011-06-01 20:19:40 +02:00
|
|
|
|
2020-10-31 14:32:18 +01:00
|
|
|
$fuser = new User($db);
|
2011-06-01 20:19:40 +02:00
|
|
|
|
2021-02-23 22:03:23 +01:00
|
|
|
if (!$error && ($authentication['dolibarrkey'] != $conf->global->WEBSERVICES_KEY)) {
|
2020-10-31 14:32:18 +01:00
|
|
|
$error++;
|
2021-03-01 20:37:16 +01:00
|
|
|
$errorcode = 'BAD_VALUE_FOR_SECURITY_KEY';
|
|
|
|
|
$errorlabel = 'Value provided into dolibarrkey entry field does not match security key defined in Webservice module setup';
|
2020-10-31 14:32:18 +01:00
|
|
|
}
|
2011-09-21 16:13:10 +02:00
|
|
|
|
2021-02-23 22:03:23 +01:00
|
|
|
if (!$error && !empty($authentication['entity']) && !is_numeric($authentication['entity'])) {
|
2020-10-31 14:32:18 +01:00
|
|
|
$error++;
|
2021-03-01 20:37:16 +01:00
|
|
|
$errorcode = 'BAD_PARAMETERS';
|
|
|
|
|
$errorlabel = "The entity parameter must be empty (or filled with numeric id of instance if multicompany module is used).";
|
2020-10-31 14:32:18 +01:00
|
|
|
}
|
2011-09-21 16:13:10 +02:00
|
|
|
|
2021-02-23 22:03:23 +01:00
|
|
|
if (!$error) {
|
2020-10-31 14:32:18 +01:00
|
|
|
$result = $fuser->fetch('', $authentication['login'], '', 0);
|
2021-02-23 22:03:23 +01:00
|
|
|
if ($result < 0) {
|
2020-10-31 14:32:18 +01:00
|
|
|
$error++;
|
2021-03-01 20:37:16 +01:00
|
|
|
$errorcode = 'ERROR_FETCH_USER';
|
|
|
|
|
$errorlabel = 'A technical error occurred during fetch of user';
|
2021-02-23 22:03:23 +01:00
|
|
|
} elseif ($result == 0) {
|
2020-10-31 14:32:18 +01:00
|
|
|
$error++;
|
2021-03-01 20:37:16 +01:00
|
|
|
$errorcode = 'BAD_CREDENTIALS';
|
|
|
|
|
$errorlabel = 'Bad value for login or password';
|
2020-10-31 14:32:18 +01:00
|
|
|
}
|
2011-06-01 20:19:40 +02:00
|
|
|
|
2021-02-23 22:03:23 +01:00
|
|
|
if (!$error && $fuser->statut == 0) {
|
2012-03-20 17:18:20 +01:00
|
|
|
$error++;
|
2021-03-01 20:37:16 +01:00
|
|
|
$errorcode = 'ERROR_USER_DISABLED';
|
|
|
|
|
$errorlabel = 'This user has been locked or disabled';
|
2012-03-20 17:18:20 +01:00
|
|
|
}
|
2012-07-22 02:33:21 +02:00
|
|
|
|
2020-10-31 14:32:18 +01:00
|
|
|
// Validation of login
|
2021-02-23 22:03:23 +01:00
|
|
|
if (!$error) {
|
2020-04-10 10:59:32 +02:00
|
|
|
$fuser->getrights(); // Load permission of user
|
2012-07-22 02:33:21 +02:00
|
|
|
|
2020-10-31 14:32:18 +01:00
|
|
|
// Authentication mode
|
2021-02-23 22:03:23 +01:00
|
|
|
if (empty($dolibarr_main_authentication)) {
|
|
|
|
|
$dolibarr_main_authentication = 'http,dolibarr';
|
|
|
|
|
}
|
2020-10-31 14:32:18 +01:00
|
|
|
// Authentication mode: forceuser
|
2021-02-23 22:03:23 +01:00
|
|
|
if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) {
|
|
|
|
|
$dolibarr_auto_user = 'auto';
|
|
|
|
|
}
|
2020-10-31 14:32:18 +01:00
|
|
|
// Set authmode
|
|
|
|
|
$authmode = explode(',', $dolibarr_main_authentication);
|
2011-06-01 20:19:40 +02:00
|
|
|
|
2020-10-31 14:32:18 +01:00
|
|
|
include_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
|
|
|
|
|
$login = checkLoginPassEntity($authentication['login'], $authentication['password'], $authentication['entity'], $authmode, 'ws');
|
2021-02-23 22:03:23 +01:00
|
|
|
if (empty($login)) {
|
2020-10-31 14:32:18 +01:00
|
|
|
$error++;
|
2021-03-01 20:37:16 +01:00
|
|
|
$errorcode = 'BAD_CREDENTIALS';
|
|
|
|
|
$errorlabel = 'Bad value for login or password';
|
2011-09-23 13:46:16 +02:00
|
|
|
}
|
|
|
|
|
}
|
2020-10-31 14:32:18 +01:00
|
|
|
}
|
2011-06-01 20:19:40 +02:00
|
|
|
|
2020-10-31 14:32:18 +01:00
|
|
|
return $fuser;
|
2011-06-01 20:19:40 +02:00
|
|
|
}
|
