PageRenderTime 47ms CodeModel.GetById 16ms RepoModel.GetById 0ms app.codeStats 0ms

/htdocs/core/lib/security.lib.php

https://bitbucket.org/speedealing/speedealing
PHP | 443 lines | 311 code | 31 blank | 101 comment | 206 complexity | e73f1be304c561361674c6572f7a5c3d MD5 | raw file
Possible License(s): LGPL-3.0, LGPL-2.1, GPL-3.0, MIT 
    

  1. <?php
    2. 

  2. 

  3. /* Copyright (C) 2008-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
    4. 

  4.  * Copyright (C) 2008-2012 Regis Houssin        <regis.houssin@capnetworks.com>
    5. 

  5.  *
    6. 

  6.  * This program is free software; you can redistribute it and/or modify
    7. 

  7.  * it under the terms of the GNU General Public License as published by
    8. 

  8.  * the Free Software Foundation; either version 3 of the License, or
    9. 

  9.  * (at your option) any later version.
    10. 

  10.  *
    11. 

  11.  * This program is distributed in the hope that it will be useful,
    12. 

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14. 

  14.  * GNU General Public License for more details.
    15. 

  15.  *
    16. 

  16.  * You should have received a copy of the GNU General Public License
    17. 

  17.  * along with this program. If not, see <http://www.gnu.org/licenses/>.
    18. 

  18.  * or see http://www.gnu.org/
    19. 

  19.  */
    20. 

  20. 

  21. /**
    22. 

  22.  *  \file		htdocs/core/lib/security.lib.php
    23. 

  23.  *  \ingroup    core
    24. 

  24.  *  \brief		Set of function used for dolibarr security (common function included into filefunc.inc.php)
    25. 

  25.  *  			Warning, this file must not depends on other library files, except function.lib.php
    26. 

  26.  *  			because it is used at low code level.
    27. 

  27.  */
    28. 

  28. 

  29. /**
    30. 

  30.  * 	Encode a string with base 64 algorithm + specific change
    31. 

  31.  * 	Code of this function is useless and we should use base64_encode only instead
    32. 

  32.  *
    33. 

  33.  * 	@param   string		$chain		string to encode
    34. 

  34.  * 	@return  string					encoded string
    35. 

  35.  */
    36. 

  36. function dol_encode($chain) {
    37. 

  37.     $strlength = dol_strlen($chain);
    38. 

  38.     for ($i = 0; $i < $strlength; $i++) {
    39. 

  39.         $output_tab[$i] = chr(ord(substr($chain, $i, 1)) + 17);
    40. 

  40.     }
    41. 

  41. 

  42.     $string_coded = base64_encode(implode("", $output_tab));
    43. 

  43.     return $string_coded;
    44. 

  44. }
    45. 

  45. 

  46. /**
    47. 

  47.  * 	Decode a base 64 encoded + specific string.
    48. 

  48.  *  This function is called by filefunc.inc.php at each page call.
    49. 

  49.  * 	Code of this function is useless and we should use base64_decode only instead
    50. 

  50.  *
    51. 

  51.  * 	@param   string		$chain		string to decode
    52. 

  52.  * 	@return  string					decoded string
    53. 

  53.  */
    54. 

  54. function dol_decode($chain) {
    55. 

  55.     $chain = base64_decode($chain);
    56. 

  56. 

  57.     $strlength = dol_strlen($chain);
    58. 

  58.     for ($i = 0; $i < $strlength; $i++) {
    59. 

  59.         $output_tab[$i] = chr(ord(substr($chain, $i, 1)) - 17);
    60. 

  60.     }
    61. 

  61. 

  62.     $string_decoded = implode("", $output_tab);
    63. 

  63.     return $string_decoded;
    64. 

  64. }
    65. 

  65. 

  66. /**
    67. 

  67.  * 	Returns a hash of a string
    68. 

  68.  *
    69. 

  69.  * 	@param 		string		$chain		String to hash
    70. 

  70.  * 	@param		int			$type		Type of hash (0:md5, 1:sha1, 2:sha1+md5)
    71. 

  71.  * 	@return		string					Hash of string
    72. 

  72.  */
    73. 

  73. function dol_hash($chain, $type = 0) {
    74. 

  74.     if ($type == 1)
    75. 

  75.         return sha1($chain);
    76. 

  76.     else if ($type == 2)
    77. 

  77.         return sha1(md5($chain));
    78. 

  78.     else
    79. 

  79.         return md5($chain);
    80. 

  80. }
    81. 

  81. 

  82. /**
    83. 

  83.  * 	Check permissions of a user to show a page and an object. Check read permission.
    84. 

  84.  * 	If GETPOST('action') defined, we also check write and delete permission.
    85. 

  85.  *
    86. 

  86.  * 	@param	User	$user      	  	User to check
    87. 

  87.  * 	@param  string	$features	    Features to check (in most cases, it's module name. Examples: 'societe', 'contact', 'produit|service', ...)
    88. 

  88.  * 	@param  int		$objectid      	Object ID if we want to check a particular record (optionnal) is linked to a owned thirdparty (optionnal).
    89. 

  89.  * 	@param  string	$dbtablename    'TableName&SharedElement' with Tablename is table where object is stored, SharedElement is key to define where to check entity. Not used if objectid is null (optionnal)
    90. 

  90.  * 	@param  string	$feature2		Feature to check, second level of permission (optionnal)
    91. 

  91.  *  @param  string	$dbt_keyfield   Field name for socid foreign key if not fk_soc (optionnal)
    92. 

  92.  *  @param  string	$dbt_select     Field name for select if not rowid (optionnal)
    93. 

  93.  *  @param	Canvas	$objcanvas		Object canvas
    94. 

  94.  * 	@return	int						Always 1, die process if not allowed
    95. 

  95.  */
    96. 

  96. function restrictedArea($user, $features, $objectid = 0, $dbtablename = '', $feature2 = '', $dbt_keyfield = 'fk_soc', $dbt_select = 'rowid', $objcanvas = null) {
    97. 

  97.     global $db, $conf;
    98. 

  98. 

  99.     //dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename,$feature2,$dbt_socfield,$dbt_select");
    100. 

  100.     //print "user_id=".$user->id.", features=".$features.", feature2=".$feature2.", objectid=".$objectid;
    101. 

  101.     //print ", dbtablename=".$dbtablename.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select;
    102. 

  102.     //print ", perm: ".$features."->".$feature2."=".$user->rights->$features->$feature2->lire."<br>";
    103. 

  103.     // If we use canvas, we try to use function that overlod restrictarea if provided with canvas
    104. 

  104.     if (is_object($objcanvas)) {
    105. 

  105.         if (method_exists($objcanvas->control, 'restrictedArea'))
    106. 

  106.             return $objcanvas->control->restrictedArea($user, $features, $objectid, $dbtablename, $feature2, $dbt_keyfield, $dbt_select);
    107. 

  107.     }
    108. 

  108. 

  109.     if ($dbt_select != 'rowid')
    110. 

  110.         $objectid = "'" . $objectid . "'";
    111. 

  111. 

  112.     // More features to check
    113. 

  113.     $features = explode("&", $features);
    114. 

  114. 

  115.     // More parameters
    116. 

  116.     $params = explode('&', $dbtablename);
    117. 

  117.     $dbtablename = (!empty($params[0]) ? $params[0] : '');
    118. 

  118.     $sharedelement = (!empty($params[1]) ? $params[1] : '');
    119. 

  119. 

  120.     // Check read permission from module
    121. 

  121.     // TODO Replace "feature" param into caller by first level of permission
    122. 

  122.     $readok = 1;
    123. 

  123.     foreach ($features as $feature) {
    124. 

  124.         if ($feature == 'societe') {
    125. 

  125.             if (!$user->rights->societe->lire && !$user->rights->fournisseur->lire)
    126. 

  126.                 $readok = 0;
    127. 

  127.         }
    128. 

  128.         else if ($feature == 'contact') {
    129. 

  129.             if (!$user->rights->societe->contact->lire)
    130. 

  130.                 $readok = 0;
    131. 

  131.         }
    132. 

  132.         else if ($feature == 'produit|service') {
    133. 

  133.             if (!$user->rights->produit->lire && !$user->rights->service->lire)
    134. 

  134.                 $readok = 0;
    135. 

  135.         }
    136. 

  136.         else if ($feature == 'prelevement') {
    137. 

  137.             if (!$user->rights->prelevement->bons->lire)
    138. 

  138.                 $readok = 0;
    139. 

  139.         }
    140. 

  140.         else if ($feature == 'commande_fournisseur') {
    141. 

  141.             if (!$user->rights->fournisseur->commande->lire)
    142. 

  142.                 $readok = 0;
    143. 

  143.         }
    144. 

  144.         else if ($feature == 'cheque') {
    145. 

  145.             if (!$user->rights->banque->cheque)
    146. 

  146.                 $readok = 0;
    147. 

  147.         }
    148. 

  148.         else if ($feature == 'projet') {
    149. 

  149.             if (!$user->rights->projet->lire && !$user->rights->projet->all->lire)
    150. 

  150.                 $readok = 0;
    151. 

  151.         }
    152. 

  152.         else if (!empty($feature2)) { // This should be used for future changes
    153. 

  153.             if (empty($user->rights->$feature->$feature2->lire)
    154. 

  154.                     && empty($user->rights->$feature->$feature2->read))
    155. 

  155.                 $readok = 0;
    156. 

  156.         }
    157. 

  157.         else if (!empty($feature) && ($feature != 'user' && $feature != 'usergroup')) {  // This is for old permissions
    158. 

  158.             if (empty($user->rights->$feature->lire)
    159. 

  159.                     && empty($user->rights->$feature->read)
    160. 

  160.                     && empty($user->rights->$feature->run))
    161. 

  161.                 $readok = 0;
    162. 

  162.         }
    163. 

  163.     }
    164. 

  164. 

  165.     if ($user->admin)
    166. 

  166.         return 1;
    167. 

  167.     //print $readok;
    168. 

  168. 

  169.     if (!$readok)
    170. 

  170.         accessforbidden();
    171. 

  171.     //print "Read access is ok";
    172. 

  172.     // Check write permission from module
    173. 

  173.     $createok = 1;
    174. 

  174.     if (GETPOST("action") == 'create') {
    175. 

  175.         foreach ($features as $feature) {
    176. 

  176.             if ($feature == 'contact') {
    177. 

  177.                 if (!$user->rights->societe->contact->creer)
    178. 

  178.                     $createok = 0;
    179. 

  179.             }
    180. 

  180.             else if ($feature == 'produit|service') {
    181. 

  181.                 if (!$user->rights->produit->creer && !$user->rights->service->creer)
    182. 

  182.                     $createok = 0;
    183. 

  183.             }
    184. 

  184.             else if ($feature == 'prelevement') {
    185. 

  185.                 if (!$user->rights->prelevement->bons->creer)
    186. 

  186.                     $createok = 0;
    187. 

  187.             }
    188. 

  188.             else if ($feature == 'commande_fournisseur') {
    189. 

  189.                 if (!$user->rights->fournisseur->commande->creer)
    190. 

  190.                     $createok = 0;
    191. 

  191.             }
    192. 

  192.             else if ($feature == 'banque') {
    193. 

  193.                 if (!$user->rights->banque->modifier)
    194. 

  194.                     $createok = 0;
    195. 

  195.             }
    196. 

  196.             else if ($feature == 'cheque') {
    197. 

  197.                 if (!$user->rights->banque->cheque)
    198. 

  198.                     $createok = 0;
    199. 

  199.             }
    200. 

  200.             else if (!empty($feature2)) { // This should be used for future changes
    201. 

  201.                 if (empty($user->rights->$feature->$feature2->creer)
    202. 

  202.                         && empty($user->rights->$feature->$feature2->write))
    203. 

  203.                     $createok = 0;
    204. 

  204.             }
    205. 

  205.             else if (!empty($feature)) {  // This is for old permissions
    206. 

  206.                 //print '<br>feature='.$feature.' creer='.$user->rights->$feature->creer.' write='.$user->rights->$feature->write;
    207. 

  207.                 if (empty($user->rights->$feature->creer)
    208. 

  208.                         && empty($user->rights->$feature->write))
    209. 

  209.                     $createok = 0;
    210. 

  210.             }
    211. 

  211.         }
    212. 

  212. 

  213.         if ($user->admin)
    214. 

  214.             $createok = 1;
    215. 

  215. 

  216.         if (!$createok)
    217. 

  217.             accessforbidden();
    218. 

  218.         //print "Write access is ok";
    219. 

  219.     }
    220. 

  220. 

  221.     // Check create user permission
    222. 

  222.     $createuserok = 1;
    223. 

  223.     if (GETPOST("action") == 'confirm_create_user' && GETPOST("confirm") == 'yes') {
    224. 

  224.         if (!$user->rights->user->user->creer)
    225. 

  225.             $createuserok = 0;
    226. 

  226. 

  227.         if (!$createuserok)
    228. 

  228.             accessforbidden();
    229. 

  229.         //print "Create user access is ok";
    230. 

  230.     }
    231. 

  231. 

  232.     // Check delete permission from module
    233. 

  233.     $deleteok = 1;
    234. 

  234.     if ((GETPOST("action") == 'confirm_delete' && GETPOST("confirm") == 'yes') || GETPOST("action") == 'delete') {
    235. 

  235.         foreach ($features as $feature) {
    236. 

  236.             if ($feature == 'contact') {
    237. 

  237.                 if (!$user->rights->societe->contact->supprimer)
    238. 

  238.                     $deleteok = 0;
    239. 

  239.             }
    240. 

  240.             else if ($feature == 'produit|service') {
    241. 

  241.                 if (!$user->rights->produit->supprimer && !$user->rights->service->supprimer)
    242. 

  242.                     $deleteok = 0;
    243. 

  243.             }
    244. 

  244.             else if ($feature == 'commande_fournisseur') {
    245. 

  245.                 if (!$user->rights->fournisseur->commande->supprimer)
    246. 

  246.                     $deleteok = 0;
    247. 

  247.             }
    248. 

  248.             else if ($feature == 'banque') {
    249. 

  249.                 if (!$user->rights->banque->modifier)
    250. 

  250.                     $deleteok = 0;
    251. 

  251.             }
    252. 

  252.             else if ($feature == 'cheque') {
    253. 

  253.                 if (!$user->rights->banque->cheque)
    254. 

  254.                     $deleteok = 0;
    255. 

  255.             }
    256. 

  256.             else if ($feature == 'ecm') {
    257. 

  257.                 if (!$user->rights->ecm->upload)
    258. 

  258.                     $deleteok = 0;
    259. 

  259.             }
    260. 

  260.             else if ($feature == 'ftp') {
    261. 

  261.                 if (!$user->rights->ftp->write)
    262. 

  262.                     $deleteok = 0;
    263. 

  263.             }
    264. 

  264.             else if (!empty($feature2)) { // This should be used for future changes
    265. 

  265.                 if (empty($user->rights->$feature->$feature2->supprimer)
    266. 

  266.                         && empty($user->rights->$feature->$feature2->delete))
    267. 

  267.                     $deleteok = 0;
    268. 

  268.             }
    269. 

  269.             else if (!empty($feature)) {  // This is for old permissions
    270. 

  270.                 //print '<br>feature='.$feature.' creer='.$user->rights->$feature->supprimer.' write='.$user->rights->$feature->delete;
    271. 

  271.                 if (empty($user->rights->$feature->supprimer)
    272. 

  272.                         && empty($user->rights->$feature->delete)
    273. 

  273.                         && empty($user->rights->$feature->run))
    274. 

  274.                     $deleteok = 0;
    275. 

  275.             }
    276. 

  276.         }
    277. 

  277. 

  278.         //print "Delete access is ko";
    279. 

  279.         if (!$deleteok)
    280. 

  280.             accessforbidden();
    281. 

  281.         //print "Delete access is ok";
    282. 

  282.     }
    283. 

  283. 

  284.     // If we have a particular object to check permissions on, we check this object
    285. 

  285.     // is linked to a company allowed to $user.
    286. 

  286.     if (!empty($objectid) && $objectid > 0) {
    287. 

  287.         foreach ($features as $feature) {
    288. 

  288.             $sql = '';
    289. 

  289. 

  290.             $check = array('adherent', 'banque', 'user', 'usergroup', 'produit', 'service', 'produit|service', 'categorie'); // Test on entity only (Objects with no link to company)
    291. 

  291.             $checksoc = array('societe');  // Test for societe object
    292. 

  292.             $checkother = array('contact');  // Test on entity and link to societe. Allowed if link is empty (Ex: contacts...).
    293. 

  293.             $checkproject = array('projet'); // Test for project object
    294. 

  294.             $nocheck = array('barcode', 'stock', 'fournisseur'); // No test
    295. 

  295.             $checkdefault = 'all other not already defined'; // Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...).
    296. 

  296.             // If dbtable not defined, we use same name for table than module name
    297. 

  297.             if (empty($dbtablename))
    298. 

  298.                 $dbtablename = $feature;
    299. 

  299. 

  300.             // Check permission for object with entity
    301. 

  301.             if (in_array($feature, $check)) {
    302. 

  302.                 $sql = "SELECT dbt." . $dbt_select;
    303. 

  303.                 $sql.= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
    304. 

  304.                 $sql.= " WHERE dbt." . $dbt_select . " = " . $objectid;
    305. 

  305.                 if (($feature == 'user' || $feature == 'usergroup') && !empty($conf->multicompany->enabled) && $conf->entity == 1 && $user->admin && !$user->entity) {
    306. 

  306.                     $sql.= " AND dbt.entity IS NOT NULL";
    307. 

  307.                 } else {
    308. 

  308.                     $sql.= " AND dbt.entity IN (" . getEntity($sharedelement, 1) . ")";
    309. 

  309.                 }
    310. 

  310.             } else if (in_array($feature, $checksoc)) {
    311. 

  311.                 // If external user: Check permission for external users
    312. 

  312.                 if ($user->societe_id > 0) {
    313. 

  313.                     if ($user->societe_id <> $objectid)
    314. 

  314.                         accessforbidden();
    315. 

  315.                 }
    316. 

  316.                 // If internal user: Check permission for internal users that are restricted on their objects
    317. 

  317.                 else if (!empty($conf->societe->enabled) && ($user->rights->societe->lire && !$user->rights->societe->client->voir)) {
    318. 

  318.                     $object = new Societe($db);
    319. 

  319.                     $object->load($objectid);
    320. 

  320.                     if ($object->commercial_id->id == $user->id)
    321. 

  321.                         $readok = true;
    322. 

  322.                     else
    323. 

  323.                         $readok = false;
    324. 

  324.                 }
    325. 

  325.             } else if (in_array($feature, $checkother)) {
    326. 

  326.                 // If external user: Check permission for external users
    327. 

  327.                 if ($user->societe_id > 0) {
    328. 

  328.                     $sql = "SELECT dbt.rowid";
    329. 

  329.                     $sql.= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
    330. 

  330.                     $sql.= " WHERE dbt.rowid = " . $objectid;
    331. 

  331.                     $sql.= " AND dbt.fk_soc = " . $user->societe_id;
    332. 

  332.                 }
    333. 

  333.                 // If internal user: Check permission for internal users that are restricted on their objects
    334. 

  334.                 else if (!empty($conf->societe->enabled) && ($user->rights->societe->lire && !$user->rights->societe->client->voir)) {
    335. 

  335.                     $object = new Societe($db);
    336. 

  336.                     $object->load($objectid);
    337. 

  337.                     if ($object->commercial_id->id == $user->id)
    338. 

  338.                         $readok = true;
    339. 

  339.                     else
    340. 

  340.                         $readok = false;
    341. 

  341.                 }
    342. 

  342.             } else if (in_array($feature, $checkproject)) {
    343. 

  343.                 if (!empty($conf->projet->enabled) && !$user->rights->projet->all->lire) {
    344. 

  344.                     include_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
    345. 

  345.                     $projectstatic = new Project($db);
    346. 

  346.                     $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
    347. 

  347.                     $tmparray = explode(',', $tmps);
    348. 

  348.                     if (!in_array($objectid, $tmparray))
    349. 

  349.                         accessforbidden();
    350. 

  350.                 }
    351. 

  351.                 else {
    352. 

  352.                     $sql = "SELECT dbt." . $dbt_select;
    353. 

  353.                     $sql.= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
    354. 

  354.                     $sql.= " WHERE dbt." . $dbt_select . " = " . $objectid;
    355. 

  355.                     $sql.= " AND dbt.entity IN (" . getEntity($sharedelement, 1) . ")";
    356. 

  356.                 }
    357. 

  357.             } else if (!in_array($feature, $nocheck)) { // By default we check with link to third party
    358. 

  358.                 // If external user: Check permission for external users
    359. 

  359.                 if ($user->societe_id > 0) {
    360. 

  360.                     $sql = "SELECT dbt." . $dbt_keyfield;
    361. 

  361.                     $sql.= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
    362. 

  362.                     $sql.= " WHERE dbt.rowid = " . $objectid;
    363. 

  363.                     $sql.= " AND dbt." . $dbt_keyfield . " = " . $user->societe_id;
    364. 

  364.                 }
    365. 

  365.                 // If internal user: Check permission for internal users that are restricted on their objects
    366. 

  366.                 else if (!empty($conf->societe->enabled) && ($user->rights->societe->lire && !$user->rights->societe->client->voir)) {
    367. 

  367.                     $sql = "SELECT sc.fk_soc";
    368. 

  368.                     $sql.= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
    369. 

  369.                     $sql.= ", " . MAIN_DB_PREFIX . "societe as s";
    370. 

  370.                     $sql.= ", " . MAIN_DB_PREFIX . "societe_commerciaux as sc";
    371. 

  371.                     $sql.= " WHERE dbt." . $dbt_select . " = " . $objectid;
    372. 

  372.                     $sql.= " AND sc.fk_soc = dbt." . $dbt_keyfield;
    373. 

  373.                     $sql.= " AND dbt." . $dbt_keyfield . " = s.rowid";
    374. 

  374.                     $sql.= " AND s.entity IN (" . getEntity($sharedelement, 1) . ")";
    375. 

  375.                     $sql.= " AND sc.fk_user = " . $user->id;
    376. 

  376.                 }
    377. 

  377.             }
    378. 

  378. 

  379.             //print $sql."<br>";
    380. 

  380.             if ($sql) {
    381. 

  381.                 $resql = $db->query($sql);
    382. 

  382.                 if ($resql) {
    383. 

  383.                     if ($db->num_rows($resql) == 0)
    384. 

  384.                         accessforbidden();
    385. 

  385.                 }
    386. 

  386.                 else {
    387. 

  387.                     dol_syslog("security.lib:restrictedArea sql=" . $sql, LOG_ERR);
    388. 

  388.                     accessforbidden();
    389. 

  389.                 }
    390. 

  390.             } else if (!$readok)
    391. 

  391.                 accessforbidden();
    392. 

  392.         }
    393. 

  393.     }
    394. 

  394. 

  395.     return 1;
    396. 

  396. }
    397. 

  397. 

  398. /**
    399. 

  399.  * 	Show a message to say access is forbidden and stop program
    400. 

  400.  * 	Calling this function terminate execution of PHP.
    401. 

  401.  *
    402. 

  402.  * 	@param	string	$message			    Force error message
    403. 

  403.  * 	@param	int		$printheader		    Show header before
    404. 

  404.  *  @param  int		$printfooter         Show footer after
    405. 

  405.  *  @param  int		$showonlymessage     Show only message parameter. Otherwise add more information.
    406. 

  406.  *  @return	void
    407. 

  407.  */
    408. 

  408. function accessforbidden($message = '', $printheader = 1, $printfooter = 1, $showonlymessage = 0) {
    409. 

  409.     global $conf, $db, $user, $langs;
    410. 

  410.     if (!is_object($langs)) {
    411. 

  411.         include_once DOL_DOCUMENT_ROOT . '/core/class/translate.class.php';
    412. 

  412.         $langs = new Translate();
    413. 

  413.     }
    414. 

  414. 

  415.     $langs->load("errors");
    416. 

  416. 

  417.     if ($printheader) {
    418. 

  418.         if (function_exists("llxHeader"))
    419. 

  419.             llxHeader('');
    420. 

  420.         else if (function_exists("llxHeaderVierge"))
    421. 

  421.             llxHeaderVierge('');
    422. 

  422.     }
    423. 

  423.     print '<div class="error">';
    424. 

  424.     if (!$message)
    425. 

  425.         print $langs->trans("ErrorForbidden");
    426. 

  426.     else
    427. 

  427.         print $message;
    428. 

  428.     print '</div>';
    429. 

  429.     print '<br>';
    430. 

  430.     if (empty($showonlymessage)) {
    431. 

  431.         if ($user->name) {
    432. 

  432.             print $langs->trans("CurrentLogin") . ': <font class="error">' . $user->login . '</font><br>';
    433. 

  433.             print $langs->trans("ErrorForbidden2", $langs->trans("Home"), $langs->trans("Users"));
    434. 

  434.         } else {
    435. 

  435.             print $langs->trans("ErrorForbidden3");
    436. 

  436.         }
    437. 

  437.     }
    438. 

  438.     if ($printfooter && function_exists("llxFooter"))
    439. 

  439.         llxFooter();
    440. 

  440.     exit;
    441. 

  441. }
    442. 

  442. 

  443. ?>
    444. 

  444.