PageRenderTime 92ms CodeModel.GetById 28ms app.highlight 52ms RepoModel.GetById 1ms app.codeStats 1ms

/htdocs/main.inc.php

https://github.com/zeert/dolibarr
PHP | 1702 lines | 1319 code | 149 blank | 234 comment | 237 complexity | 1a800985c8105ea858d67488d8aec5cb MD5 | raw file

Large files files are truncated, but you can click here to view the full file

   1<?php
   2/* Copyright (C) 2002-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
   3 * Copyright (C) 2003      Xavier Dutoit        <doli@sydesy.com>
   4 * Copyright (C) 2004-2012 Laurent Destailleur  <eldy@users.sourceforge.net>
   5 * Copyright (C) 2004      Sebastien Di Cintio  <sdicintio@ressource-toi.org>
   6 * Copyright (C) 2004      Benoit Mortier       <benoit.mortier@opensides.be>
   7 * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
   8 * Copyright (C) 2011      Philippe Grand       <philippe.grand@atoo-net.com>
   9 * Copyright (C) 2008      Matteli
  10 * Copyright (C) 2011      Juanjo Menent		<jmenent@2byte.es>
  11 *
  12 * This program is free software; you can redistribute it and/or modify
  13 * it under the terms of the GNU General Public License as published by
  14 * the Free Software Foundation; either version 2 of the License, or
  15 * (at your option) any later version.
  16 *
  17 * This program is distributed in the hope that it will be useful,
  18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  20 * GNU General Public License for more details.
  21 *
  22 * You should have received a copy of the GNU General Public License
  23 * along with this program. If not, see <http://www.gnu.org/licenses/>.
  24 */
  25
  26/**
  27 *	\file       htdocs/main.inc.php
  28 *	\ingroup	core
  29 *	\brief      File that defines environment for Dolibarr pages only (variables not required by scripts)
  30 */
  31
  32//@ini_set('memory_limit', '64M');	// This may be useless if memory is hard limited by your PHP
  33
  34// For optionnal tuning. Enabled if environment variable DOL_TUNING is defined.
  35// A call first. Is the equivalent function dol_microtime_float not yet loaded.
  36$micro_start_time=0;
  37if (! empty($_SERVER['DOL_TUNING']))
  38{
  39    list($usec, $sec) = explode(" ", microtime());
  40    $micro_start_time=((float) $usec + (float) $sec);
  41    // Add Xdebug code coverage
  42    //define('XDEBUGCOVERAGE',1);
  43    if (defined('XDEBUGCOVERAGE')) {
  44        xdebug_start_code_coverage();
  45    }
  46}
  47
  48// Removed magic_quotes
  49if (function_exists('get_magic_quotes_gpc'))	// magic_quotes_* removed in PHP6
  50{
  51    if (get_magic_quotes_gpc())
  52    {
  53        // Forcing parameter setting magic_quotes_gpc and cleaning parameters
  54        // (Otherwise he would have for each position, condition
  55        // Reading stripslashes variable according to state get_magic_quotes_gpc).
  56        // Off mode recommended (just do $db->escape for insert / update).
  57        function stripslashes_deep($value)
  58        {
  59            return (is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value));
  60        }
  61        $_GET     = array_map('stripslashes_deep', $_GET);
  62        $_POST    = array_map('stripslashes_deep', $_POST);
  63        $_FILES   = array_map('stripslashes_deep', $_FILES);
  64        //$_COOKIE  = array_map('stripslashes_deep', $_COOKIE); // Useless because a cookie should never be outputed on screen nor used into sql
  65        @set_magic_quotes_runtime(0);
  66    }
  67}
  68
  69/**
  70 * Security: SQL Injection and XSS Injection (scripts) protection (Filters on GET, POST, PHP_SELF).
  71 *
  72 * @param		string		$val		Value
  73 * @param		string		$type		1=GET, 0=POST, 2=PHP_SELF
  74 * @return		boolean					true if there is an injection
  75 */
  76function test_sql_and_script_inject($val, $type)
  77{
  78    $sql_inj = 0;
  79    // For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests)
  80    if ($type != 2)
  81    {
  82        $sql_inj += preg_match('/delete[\s]+from/i', $val);
  83        $sql_inj += preg_match('/create[\s]+table/i', $val);
  84        $sql_inj += preg_match('/update.+set.+=/i', $val);
  85        $sql_inj += preg_match('/insert[\s]+into/i', $val);
  86        $sql_inj += preg_match('/select.+from/i', $val);
  87        $sql_inj += preg_match('/union.+select/i', $val);
  88        $sql_inj += preg_match('/(\.\.%2f)+/i', $val);
  89    }
  90    // For XSS Injection done by adding javascript with script
  91    // This is all cases a browser consider text is javascript:
  92    // When it found '<script', 'javascript:', '<style', 'onload\s=' on body tag, '="&' on a tag size with old browsers
  93    // All examples on page: http://ha.ckers.org/xss.html#XSScalc
  94    $sql_inj += preg_match('/<script/i', $val);
  95    $sql_inj += preg_match('/<style/i', $val);
  96    $sql_inj += preg_match('/base[\s]+href/i', $val);
  97    if ($type == 1)
  98    {
  99        $sql_inj += preg_match('/javascript:/i', $val);
 100        $sql_inj += preg_match('/vbscript:/i', $val);
 101    }
 102    // For XSS Injection done by adding javascript closing html tags like with onmousemove, etc... (closing a src or href tag with not cleaned param)
 103    if ($type == 1) $sql_inj += preg_match('/"/i', $val);      // We refused " in GET parameters value
 104    if ($type == 2) $sql_inj += preg_match('/[\s;"]/', $val);    // PHP_SELF is an url and must match url syntax
 105    return $sql_inj;
 106}
 107
 108/**
 109 * Security: Return true if OK, false otherwise.
 110 *
 111 * @param		string		&$var		Variable name
 112 * @param		string		$type		1=GET, 0=POST, 2=PHP_SELF
 113 * @return		boolean					true if ther is an injection
 114 */
 115function analyse_sql_and_script(&$var, $type)
 116{
 117    if (is_array($var))
 118    {
 119        foreach ($var as $key => $value)
 120        {
 121            if (analyse_sql_and_script($value,$type))
 122            {
 123                $var[$key] = $value;
 124            }
 125            else
 126            {
 127                print 'Access refused by SQL/Script injection protection in main.inc.php';
 128                exit;
 129            }
 130        }
 131        return true;
 132    }
 133    else
 134    {
 135        return (test_sql_and_script_inject($var,$type) <= 0);
 136    }
 137}
 138
 139// Sanity check on URL
 140if (! empty($_SERVER["PHP_SELF"]))
 141{
 142    $morevaltochecklikepost=array($_SERVER["PHP_SELF"]);
 143    analyse_sql_and_script($morevaltochecklikepost,2);
 144}
 145// Sanity check on GET parameters
 146if (! empty($_SERVER["QUERY_STRING"]))
 147{
 148    $morevaltochecklikeget=array($_SERVER["QUERY_STRING"]);
 149    analyse_sql_and_script($morevaltochecklikeget,1);
 150}
 151// Sanity check on POST
 152analyse_sql_and_script($_POST,0);
 153
 154// This is to make Dolibarr working with Plesk
 155if (! empty($_SERVER['DOCUMENT_ROOT'])) set_include_path($_SERVER['DOCUMENT_ROOT'].'/htdocs');
 156
 157// Include the conf.php and functions.lib.php
 158require_once("filefunc.inc.php");
 159
 160// Init session. Name of session is specific to Dolibarr instance.
 161$prefix=dol_getprefix();
 162$sessionname='DOLSESSID_'.$prefix;
 163$sessiontimeout='DOLSESSTIMEOUT_'.$prefix;
 164if (! empty($_COOKIE[$sessiontimeout])) ini_set('session.gc_maxlifetime',$_COOKIE[$sessiontimeout]);
 165session_name($sessionname);
 166session_start();
 167if (ini_get('register_globals'))    // To solve bug in using $_SESSION
 168{
 169    foreach ($_SESSION as $key=>$value)
 170    {
 171        if (isset($GLOBALS[$key])) unset($GLOBALS[$key]);
 172    }
 173}
 174
 175// Init the 5 global objects
 176// This include will set: $conf, $db, $langs, $user, $mysoc objects
 177require_once("master.inc.php");
 178
 179// Activate end of page function
 180register_shutdown_function('dol_shutdown');
 181
 182// Detection browser
 183if (isset($_SERVER["HTTP_USER_AGENT"]))
 184{
 185    $tmp=getBrowserInfo();
 186    $conf->browser->phone=$tmp['phone'];
 187    $conf->browser->name=$tmp['browsername'];
 188    $conf->browser->os=$tmp['browseros'];
 189    $conf->browser->firefox=$tmp['browserfirefox'];
 190    $conf->browser->version=$tmp['browserversion'];
 191}
 192
 193
 194// Force HTTPS if required ($conf->file->main_force_https is 0/1 or https dolibarr root url)
 195if (! empty($conf->file->main_force_https))
 196{
 197    $newurl='';
 198    if ($conf->file->main_force_https == '1')
 199    {
 200        if (! empty($_SERVER["SCRIPT_URI"]))	// If SCRIPT_URI supported by server
 201        {
 202            if (preg_match('/^http:/i',$_SERVER["SCRIPT_URI"]) && ! preg_match('/^https:/i',$_SERVER["SCRIPT_URI"]))	// If link is http
 203            {
 204                $newurl=preg_replace('/^http:/i','https:',$_SERVER["SCRIPT_URI"]);
 205            }
 206        }
 207        else	// Check HTTPS environment variable (Apache/mod_ssl only)
 208        {
 209            // $_SERVER["HTTPS"] is 'on' when link is https, otherwise $_SERVER["HTTPS"] is empty or 'off'
 210            if (empty($_SERVER["HTTPS"]) || $_SERVER["HTTPS"] != 'on')		// If link is http
 211            {
 212                $newurl=preg_replace('/^http:/i','https:',DOL_MAIN_URL_ROOT).$_SERVER["REQUEST_URI"];
 213            }
 214        }
 215    }
 216    else
 217    {
 218        $newurl=$conf->file->main_force_https.$_SERVER["REQUEST_URI"];
 219    }
 220    // Start redirect
 221    if ($newurl)
 222    {
 223        dol_syslog("main.inc: dolibarr_main_force_https is on, we make a redirect to ".$newurl);
 224        header("Location: ".$newurl);
 225        exit;
 226    }
 227    else
 228    {
 229        dol_syslog("main.inc: dolibarr_main_force_https is on but we failed to forge new https url so no redirect is done", LOG_WARNING);
 230    }
 231}
 232
 233
 234// Chargement des includes complementaires de presentation
 235if (! defined('NOREQUIREMENU')) require_once(DOL_DOCUMENT_ROOT ."/core/class/menu.class.php");			// Need 10ko memory (11ko in 2.2)
 236if (! defined('NOREQUIREHTML')) require_once(DOL_DOCUMENT_ROOT ."/core/class/html.form.class.php");	    // Need 660ko memory (800ko in 2.2)
 237if (! defined('NOREQUIREAJAX') && $conf->use_javascript_ajax) require_once(DOL_DOCUMENT_ROOT.'/core/lib/ajax.lib.php');	// Need 22ko memory
 238
 239// If install or upgrade process not done or not completely finished, we call the install page.
 240if (! empty($conf->global->MAIN_NOT_INSTALLED) || ! empty($conf->global->MAIN_NOT_UPGRADED))
 241{
 242    dol_syslog("main.inc: A previous install or upgrade was not complete. Redirect to install page.", LOG_WARNING);
 243    Header("Location: ".DOL_URL_ROOT."/install/index.php");
 244    exit;
 245}
 246// If an upgrade process is required, we call the install page.
 247if ((! empty($conf->global->MAIN_VERSION_LAST_UPGRADE) && ($conf->global->MAIN_VERSION_LAST_UPGRADE != DOL_VERSION))
 248|| (empty($conf->global->MAIN_VERSION_LAST_UPGRADE) && ! empty($conf->global->MAIN_VERSION_LAST_INSTALL) && ($conf->global->MAIN_VERSION_LAST_INSTALL != DOL_VERSION)))
 249{
 250    $versiontocompare=empty($conf->global->MAIN_VERSION_LAST_UPGRADE)?$conf->global->MAIN_VERSION_LAST_INSTALL:$conf->global->MAIN_VERSION_LAST_UPGRADE;
 251    require_once(DOL_DOCUMENT_ROOT ."/core/lib/admin.lib.php");
 252    $dolibarrversionlastupgrade=preg_split('/[.-]/',$versiontocompare);
 253    $dolibarrversionprogram=preg_split('/[.-]/',DOL_VERSION);
 254    $rescomp=versioncompare($dolibarrversionprogram,$dolibarrversionlastupgrade);
 255    if ($rescomp > 0)   // Programs have a version higher than database. We did not add "&& $rescomp < 3" because we want upgrade process for build upgrades
 256    {
 257        dol_syslog("main.inc: database version ".$versiontocompare." is lower than programs version ".DOL_VERSION.". Redirect to install page.", LOG_WARNING);
 258        Header("Location: ".DOL_URL_ROOT."/install/index.php");
 259        exit;
 260    }
 261}
 262
 263// Creation of a token against CSRF vulnerabilities
 264if (! defined('NOTOKENRENEWAL'))
 265{
 266    $token = dol_hash(uniqid(mt_rand(),TRUE)); // Genere un hash d'un nombre aleatoire
 267    // roulement des jetons car cree a chaque appel
 268    if (isset($_SESSION['newtoken'])) $_SESSION['token'] = $_SESSION['newtoken'];
 269    $_SESSION['newtoken'] = $token;
 270}
 271if (! empty($conf->global->MAIN_SECURITY_CSRF))	// Check validity of token, only if option enabled (this option breaks some features sometimes)
 272{
 273    if (isset($_POST['token']) && isset($_SESSION['token']))
 274    {
 275        if (($_POST['token'] != $_SESSION['token']))
 276        {
 277            dol_syslog("Invalid token in ".$_SERVER['HTTP_REFERER'].", action=".GETPOST('action').", _POST['token']=".GETPOST('token').", _SESSION['token']=".$_SESSION['token'],LOG_WARNING);
 278            //print 'Unset POST by CSRF protection in main.inc.php.';	// Do not output anything because this create problems when using the BACK button on browsers.
 279            unset($_POST);
 280        }
 281    }
 282}
 283
 284// Disable modules (this must be after session_start and after conf has been loaded)
 285if (GETPOST('disablemodules'))  $_SESSION["disablemodules"]=GETPOST('disablemodules');
 286if (! empty($_SESSION["disablemodules"]))
 287{
 288    $disabled_modules=explode(',',$_SESSION["disablemodules"]);
 289    foreach($disabled_modules as $module)
 290    {
 291        if ($module) $conf->$module->enabled=false;
 292    }
 293}
 294
 295
 296/*
 297 * Phase authentication / login
 298*/
 299$login='';
 300if (! defined('NOLOGIN'))
 301{
 302    // $authmode lists the different means of identification to be tested in order of preference.
 303    // Example: 'http', 'dolibarr', 'ldap', 'http,forceuser'
 304
 305    // Authentication mode
 306    if (empty($dolibarr_main_authentication)) $dolibarr_main_authentication='http,dolibarr';
 307    // Authentication mode: forceuser
 308    if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) $dolibarr_auto_user='auto';
 309    // Set authmode
 310    $authmode=explode(',',$dolibarr_main_authentication);
 311
 312    // No authentication mode
 313    if (! count($authmode))
 314    {
 315        $langs->load('main');
 316        dol_print_error('',$langs->trans("ErrorConfigParameterNotDefined",'dolibarr_main_authentication'));
 317        exit;
 318    }
 319
 320    // If requested by the login has already occurred, it is retrieved from the session
 321    // Call module if not realized that his request.
 322    // At the end of this phase, the variable $login is defined.
 323    $resultFetchUser='';
 324    $test=true;
 325    if (! isset($_SESSION["dol_login"]))
 326    {
 327        // It is not already authenticated and it requests the login / password
 328        include_once(DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php');
 329
 330        // If in demo mode, we check we go to home page through the public/demo/index.php page
 331        if (! empty($dolibarr_main_demo) && $_SERVER['PHP_SELF'] == DOL_URL_ROOT.'/index.php')  // We ask index page
 332        {
 333            if (! preg_match('/public/',$_SERVER['HTTP_REFERER']))
 334            {
 335                dol_syslog("Call index page from another url than demo page");
 336                header("Location: ".DOL_URL_ROOT.'/public/demo/index.php');
 337                exit;
 338            }
 339        }
 340
 341        // Verification security graphic code
 342        if (GETPOST("username","alpha",2) && ! empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA))
 343        {
 344            $sessionkey = 'dol_antispam_value';
 345            $ok=(array_key_exists($sessionkey, $_SESSION) === TRUE && (strtolower($_SESSION[$sessionkey]) == strtolower($_POST['code'])));
 346
 347            // Verifie code
 348            if (! $ok)
 349            {
 350                dol_syslog('Bad value for code, connexion refused');
 351                $langs->load('main');
 352                $langs->load('errors');
 353
 354                $user->trigger_mesg='ErrorBadValueForCode - login='.GETPOST("username","alpha",2);
 355                $_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadValueForCode");
 356                $test=false;
 357
 358                // Appel des triggers
 359                include_once(DOL_DOCUMENT_ROOT . "/core/class/interfaces.class.php");
 360                $interface=new Interfaces($db);
 361                $result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf,GETPOST('entity','int'));
 362                if ($result < 0) {
 363                    $error++;
 364                }
 365                // Fin appel triggers
 366            }
 367        }
 368
 369        $usertotest		= (! empty($_COOKIE['login_dolibarr']) ? $_COOKIE['login_dolibarr'] : GETPOST("username","alpha",2));
 370        $passwordtotest	= (! empty($_COOKIE['password_dolibarr']) ? $_COOKIE['password_dolibarr'] : GETPOST('password'));
 371        $entitytotest	= (GETPOST('entity','int') ? GETPOST('entity','int') : 1);
 372
 373        // Validation of login/pass/entity
 374        // If ok, the variable login will be returned
 375        // If error, we will put error message in session under the name dol_loginmesg
 376        $goontestloop=false;
 377        if (isset($_SERVER["REMOTE_USER"]) && in_array('http',$authmode)) $goontestloop=true;
 378        if (GETPOST("username","alpha",2) || ! empty($_COOKIE['login_dolibarr']) || GETPOST('openid_mode','alpha',1)) $goontestloop=true;
 379
 380        if ($test && $goontestloop)
 381        {
 382            $login = checkLoginPassEntity($usertotest,$passwordtotest,$entitytotest,$authmode);
 383            if ($login)
 384            {
 385                $dol_authmode=$conf->authmode;	// This properties is defined only when logged to say what mode was successfully used
 386                $dol_tz=$_POST["tz"];
 387                $dol_tz_string=$_POST["tz_string"];
 388                $dol_dst=0;
 389                if (isset($_POST["dst_first"]) && isset($_POST["dst_second"]))
 390                {
 391                    include_once(DOL_DOCUMENT_ROOT."/core/lib/date.lib.php");
 392                    $datenow=dol_now();
 393                    $datefirst=dol_stringtotime($_POST["dst_first"]);
 394                    $datesecond=dol_stringtotime($_POST["dst_second"]);
 395                    if ($datenow >= $datefirst && $datenow < $datesecond) $dol_dst=1;
 396                }
 397                //print $datefirst.'-'.$datesecond.'-'.$datenow; exit;
 398                $dol_dst_observed=$_POST["dst_observed"];
 399                $dol_dst_first=$_POST["dst_first"];
 400                $dol_dst_second=$_POST["dst_second"];
 401                $dol_screenwidth=$_POST["screenwidth"];
 402                $dol_screenheight=$_POST["screenheight"];
 403            }
 404
 405            if (! $login)
 406            {
 407                dol_syslog('Bad password, connexion refused',LOG_DEBUG);
 408                $langs->load('main');
 409                $langs->load('errors');
 410
 411                // Bad password. No authmode has found a good password.
 412                $user->trigger_mesg=$langs->trans("ErrorBadLoginPassword").' - login='.GETPOST("username","alpha",2);
 413                $_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadLoginPassword");
 414
 415                // Appel des triggers
 416                include_once(DOL_DOCUMENT_ROOT."/core/class/interfaces.class.php");
 417                $interface=new Interfaces($db);
 418                $result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf,GETPOST("username","alpha",2));
 419                if ($result < 0) {
 420                    $error++;
 421                }
 422                // Fin appel triggers
 423            }
 424        }
 425
 426        // End test login / passwords
 427        if (! $login)
 428        {
 429            // We show login page
 430            if (! is_object($langs)) // This can occurs when calling page with NOREQUIRETRAN defined
 431            {
 432                include_once(DOL_DOCUMENT_ROOT."/core/class/translate.class.php");
 433                $langs=new Translate("",$conf);
 434            }
 435            dol_loginfunction($langs,$conf,$mysoc);
 436            exit;
 437        }
 438
 439        $resultFetchUser=$user->fetch('',$login);
 440        if ($resultFetchUser <= 0)
 441        {
 442            dol_syslog('User not found, connexion refused');
 443            session_destroy();
 444            session_name($sessionname);
 445            session_start();    // Fixing the bug of register_globals here is useless since session is empty
 446
 447            if ($resultFetchUser == 0)
 448            {
 449                $langs->load('main');
 450                $langs->load('errors');
 451
 452                $user->trigger_mesg='ErrorCantLoadUserFromDolibarrDatabase - login='.$login;
 453                $_SESSION["dol_loginmesg"]=$langs->trans("ErrorCantLoadUserFromDolibarrDatabase",$login);
 454            }
 455            if ($resultFetchUser < 0)
 456            {
 457                $user->trigger_mesg=$user->error;
 458                $_SESSION["dol_loginmesg"]=$user->error;
 459            }
 460
 461            // Call triggers
 462            include_once(DOL_DOCUMENT_ROOT . "/core/class/interfaces.class.php");
 463            $interface=new Interfaces($db);
 464            $result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf,$_POST["entity"]);
 465            if ($result < 0) {
 466                $error++;
 467            }
 468            // End call triggers
 469
 470            header('Location: '.DOL_URL_ROOT.'/index.php');
 471            exit;
 472        }
 473    }
 474    else
 475    {
 476        // We are already into an authenticated session
 477        $login=$_SESSION["dol_login"];
 478        dol_syslog("This is an already logged session. _SESSION['dol_login']=".$login);
 479
 480        $resultFetchUser=$user->fetch('',$login);
 481        if ($resultFetchUser <= 0)
 482        {
 483            // Account has been removed after login
 484            dol_syslog("Can't load user even if session logged. _SESSION['dol_login']=".$login, LOG_WARNING);
 485            session_destroy();
 486            session_name($sessionname);
 487            session_start();    // Fixing the bug of register_globals here is useless since session is empty
 488
 489            if ($resultFetchUser == 0)
 490            {
 491                $langs->load('main');
 492                $langs->load('errors');
 493
 494                $user->trigger_mesg='ErrorCantLoadUserFromDolibarrDatabase - login='.$login;
 495                $_SESSION["dol_loginmesg"]=$langs->trans("ErrorCantLoadUserFromDolibarrDatabase",$login);
 496            }
 497            if ($resultFetchUser < 0)
 498            {
 499                $user->trigger_mesg=$user->error;
 500                $_SESSION["dol_loginmesg"]=$user->error;
 501            }
 502
 503            // Call triggers
 504            include_once(DOL_DOCUMENT_ROOT . "/core/class/interfaces.class.php");
 505            $interface=new Interfaces($db);
 506            $result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf,(isset($_POST["entity"])?$_POST["entity"]:0));
 507            if ($result < 0) {
 508                $error++;
 509            }
 510            // End call triggers
 511
 512            header('Location: '.DOL_URL_ROOT.'/index.php');
 513            exit;
 514        }
 515        else
 516        {
 517            if (! empty($conf->global->MAIN_ACTIVATE_UPDATESESSIONTRIGGER))	// We do not execute such trigger at each page load by default
 518            {
 519                // Call triggers
 520                include_once(DOL_DOCUMENT_ROOT . "/core/class/interfaces.class.php");
 521                $interface=new Interfaces($db);
 522                $result=$interface->run_triggers('USER_UPDATE_SESSION',$user,$user,$langs,$conf,$conf->entity);
 523                if ($result < 0) {
 524                    $error++;
 525                }
 526                // End call triggers
 527            }
 528        }
 529    }
 530
 531    // Is it a new session that has started ?
 532    // If we are here, this means authentication was successfull.
 533    if (! isset($_SESSION["dol_login"]))
 534    {
 535        $error=0;
 536
 537        // New session for this login
 538        $_SESSION["dol_login"]=$user->login;
 539        $_SESSION["dol_authmode"]=isset($dol_authmode)?$dol_authmode:'';
 540        $_SESSION["dol_tz"]=isset($dol_tz)?$dol_tz:'';
 541        $_SESSION["dol_tz_string"]=isset($dol_tz_string)?$dol_tz_string:'';
 542        $_SESSION["dol_dst"]=isset($dol_dst)?$dol_dst:'';
 543        $_SESSION["dol_dst_observed"]=isset($dol_dst_observed)?$dol_dst_observed:'';
 544        $_SESSION["dol_dst_first"]=isset($dol_dst_first)?$dol_dst_first:'';
 545        $_SESSION["dol_dst_second"]=isset($dol_dst_second)?$dol_dst_second:'';
 546        $_SESSION["dol_screenwidth"]=isset($dol_screenwidth)?$dol_screenwidth:'';
 547        $_SESSION["dol_screenheight"]=isset($dol_screenheight)?$dol_screenheight:'';
 548        $_SESSION["dol_company"]=$conf->global->MAIN_INFO_SOCIETE_NOM;
 549        $_SESSION["dol_entity"]=$conf->entity;
 550        dol_syslog("This is a new started user session. _SESSION['dol_login']=".$_SESSION["dol_login"].' Session id='.session_id());
 551
 552        $db->begin();
 553
 554        $user->update_last_login_date();
 555
 556        // Call triggers
 557        include_once(DOL_DOCUMENT_ROOT . "/core/class/interfaces.class.php");
 558        $interface=new Interfaces($db);
 559        $result=$interface->run_triggers('USER_LOGIN',$user,$user,$langs,$conf,GETPOST('entity','int'));
 560        if ($result < 0) {
 561            $error++;
 562        }
 563        // End call triggers
 564
 565        if ($error)
 566        {
 567            $db->rollback();
 568            session_destroy();
 569            dol_print_error($db,'Error in some triggers on action USER_LOGIN',LOG_ERR);
 570            exit;
 571        }
 572        else
 573        {
 574            $db->commit();
 575        }
 576
 577        // Create entity cookie, just used for login page
 578        if (! empty($conf->multicompany->enabled) && ! empty($conf->global->MULTICOMPANY_COOKIE_ENABLED) && isset($_POST["entity"]))
 579        {
 580            include_once(DOL_DOCUMENT_ROOT."/core/class/cookie.class.php");
 581
 582            $entity = $_SESSION["dol_login"].'|'.$_POST["entity"];
 583
 584            $prefix=dol_getprefix();
 585            $entityCookieName = 'DOLENTITYID_'.$prefix;
 586            // TTL : is defined in the config page multicompany
 587            $ttl = (! empty($conf->global->MULTICOMPANY_COOKIE_TTL) ? dol_now()+$conf->global->MULTICOMPANY_COOKIE_TTL : dol_now()+60*60*8 );
 588            // Cryptkey : will be created randomly in the config page multicompany
 589            $cryptkey = (! empty($conf->file->cookie_cryptkey) ? $conf->file->cookie_cryptkey : '' );
 590
 591            $entityCookie = new DolCookie($cryptkey);
 592            $entityCookie->_setCookie($entityCookieName, $entity, $ttl);
 593        }
 594
 595        // Hooks on successfull login
 596        $action='';
 597        include_once(DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php');
 598        $hookmanager=new HookManager($db);
 599        $hookmanager->initHooks(array('login'));
 600        $parameters=array('dol_authmode'=>$dol_authmode);
 601        $reshook=$hookmanager->executeHooks('afterLogin',$parameters,$user,$action);    // Note that $action and $object may have been modified by some hooks
 602        if ($reshook < 0) $error++;
 603    }
 604
 605
 606    // If user admin, we force the rights-based modules
 607    if ($user->admin)
 608    {
 609        $user->rights->user->user->lire=1;
 610        $user->rights->user->user->creer=1;
 611        $user->rights->user->user->password=1;
 612        $user->rights->user->user->supprimer=1;
 613        $user->rights->user->self->creer=1;
 614        $user->rights->user->self->password=1;
 615    }
 616
 617    /*
 618     * Overwrite configs global by personal configs
 619    */
 620    // Set liste_limit
 621    if (isset($user->conf->MAIN_SIZE_LISTE_LIMIT))	// Can be 0
 622    {
 623        $conf->liste_limit = $user->conf->MAIN_SIZE_LISTE_LIMIT;
 624    }
 625    if (isset($user->conf->PRODUIT_LIMIT_SIZE))		// Can be 0
 626    {
 627        $conf->product->limit_size = $user->conf->PRODUIT_LIMIT_SIZE;
 628    }
 629    // Replace conf->css by personalized value
 630    if (isset($user->conf->MAIN_THEME) && $user->conf->MAIN_THEME)
 631    {
 632        $conf->theme=$user->conf->MAIN_THEME;
 633        $conf->css  = "/theme/".$conf->theme."/style.css.php";
 634    }
 635
 636    // If theme support option like flip-hide left menu and we use a smartphone, we force it
 637    if (! empty($conf->global->MAIN_SMARTPHONE_OPTIM) && $conf->browser->phone && $conf->theme == 'eldy') $conf->global->MAIN_MENU_USE_JQUERY_LAYOUT='forced';
 638
 639    // Set javascript option
 640    if (! GETPOST('nojs'))   // If javascript was not disabled on URL
 641    {
 642        if (! empty($user->conf->MAIN_DISABLE_JAVASCRIPT))
 643        {
 644            $conf->use_javascript_ajax=! $user->conf->MAIN_DISABLE_JAVASCRIPT;
 645        }
 646    }
 647    else $conf->use_javascript_ajax=0;
 648}
 649
 650if (! defined('NOREQUIRETRAN'))
 651{
 652    if (! GETPOST('lang'))	// If language was not forced on URL
 653    {
 654        // If user has chosen its own language
 655        if (! empty($user->conf->MAIN_LANG_DEFAULT))
 656        {
 657            // If different than current language
 658            //print ">>>".$langs->getDefaultLang()."-".$user->conf->MAIN_LANG_DEFAULT;
 659            if ($langs->getDefaultLang() != $user->conf->MAIN_LANG_DEFAULT)
 660            {
 661                $langs->setDefaultLang($user->conf->MAIN_LANG_DEFAULT);
 662            }
 663        }
 664    }
 665    else	// If language was forced on URL
 666    {
 667        $langs->setDefaultLang(GETPOST('lang','alpha',1));
 668    }
 669}
 670
 671// Use php template engine
 672if (! empty($conf->global->MAIN_USE_TEMPLATE_ENGINE) && ! defined('NOTEMPLATEENGINE'))
 673{
 674	require_once(DOL_DOCUMENT_ROOT.'/includes/savant/Savant3.php');
 675
 676	$tpl = new Savant3();
 677}
 678
 679// Case forcing style from url
 680if (GETPOST('theme'))
 681{
 682    $conf->theme=GETPOST('theme','alpha',1);
 683    $conf->css  = "/theme/".$conf->theme."/style.css.php";
 684}
 685
 686
 687if (! defined('NOLOGIN'))
 688{
 689    // If the login is not recovered, it is identified with an account that does not exist.
 690    // Hacking attempt?
 691    if (! $user->login) accessforbidden();
 692
 693    // Check if user is active
 694    if ($user->statut < 1)
 695    {
 696        // If not active, we refuse the user
 697        $langs->load("other");
 698        dol_syslog("Authentification ko as login is disabled");
 699        accessforbidden($langs->trans("ErrorLoginDisabled"));
 700        exit;
 701    }
 702
 703    // Load permissions
 704    $user->getrights();
 705}
 706
 707
 708dol_syslog("--- Access to ".$_SERVER["PHP_SELF"]);
 709//Another call for easy debugg
 710//dol_syslog("Access to ".$_SERVER["PHP_SELF"].' GET='.join(',',array_keys($_GET)).'->'.join(',',$_GET).' POST:'.join(',',array_keys($_POST)).'->'.join(',',$_POST));
 711
 712// Load main languages files
 713if (! defined('NOREQUIRETRAN'))
 714{
 715    $langs->load("main");
 716    $langs->load("dict");
 717}
 718
 719// Define some constants used for style of arrays
 720$bc=array(0=>'class="impair"',1=>'class="pair"');
 721$bcdd=array(0=>'class="impair drag drop"',1=>'class="pair drag drop"');
 722$bcnd=array(0=>'class="impair nodrag nodrop"',1=>'class="pair nodrag nodrop"');
 723
 724// Define messages variables
 725$mesg=''; $warning=''; $error=0;
 726// deprecated, see setEventMessage() and dol_htmloutput_events()
 727$mesgs=array(); $warnings=array(); $errors=array();
 728
 729// Constants used to defined number of lines in textarea
 730if (empty($conf->browser->firefox))
 731{
 732    define('ROWS_1',1);
 733    define('ROWS_2',2);
 734    define('ROWS_3',3);
 735    define('ROWS_4',4);
 736    define('ROWS_5',5);
 737    define('ROWS_6',6);
 738    define('ROWS_7',7);
 739    define('ROWS_8',8);
 740    define('ROWS_9',9);
 741}
 742else
 743{
 744    define('ROWS_1',0);
 745    define('ROWS_2',1);
 746    define('ROWS_3',2);
 747    define('ROWS_4',3);
 748    define('ROWS_5',4);
 749    define('ROWS_6',5);
 750    define('ROWS_7',6);
 751    define('ROWS_8',7);
 752    define('ROWS_9',8);
 753}
 754
 755$heightforframes=52;
 756
 757// Switch to another entity
 758if (! empty($conf->multicompany->enabled) && GETPOST('action') == 'switchentity')
 759{
 760    if ($mc->switchEntity(GETPOST('entity','int')) > 0)
 761    {
 762        Header("Location: ".DOL_URL_ROOT.'/');
 763        exit;
 764    }
 765}
 766
 767
 768// Functions
 769
 770if (! function_exists("llxHeader"))
 771{
 772    /**
 773     *	Show HTML header HTML + BODY + Top menu + left menu + DIV
 774     *
 775     * @param 	string 	$head				Optionnal head lines
 776     * @param 	string 	$title				HTML title
 777     * @param	string	$help_url			Url links to help page
 778     * 		                            	Syntax is: For a wiki page: EN:EnglishPage|FR:FrenchPage|ES:SpanishPage
 779     *                                  	For other external page: http://server/url
 780     * @param	string	$target				Target to use on links
 781     * @param 	int    	$disablejs			More content into html header
 782     * @param 	int    	$disablehead		More content into html header
 783     * @param 	array  	$arrayofjs			Array of complementary js files
 784     * @param 	array  	$arrayofcss			Array of complementary css files
 785     * @param	string	$morequerystring	Query string to add to the link "print" to get same parameters (use only if autodetect fails)
 786     * @return	void
 787     */
 788	function llxHeader($head = '', $title='', $help_url='', $target='', $disablejs=0, $disablehead=0, $arrayofjs='', $arrayofcss='', $morequerystring='')
 789	{
 790		top_htmlhead($head, $title, $disablejs, $disablehead, $arrayofjs, $arrayofcss);	// Show html headers
 791		top_menu($head, $title, $target, $disablejs, $disablehead, $arrayofjs, $arrayofcss, $morequerystring);
 792		if (empty($conf->global->MAIN_HIDE_LEFT_MENU)) {
 793			left_menu('', $help_url, '', '', 1, $title);
 794		}
 795		main_area($title);
 796	}
 797}
 798
 799
 800/**
 801 *  Show HTTP header
 802 *
 803 *  @return	void
 804 */
 805function top_httphead()
 806{
 807    global $conf;
 808
 809    //header("Content-type: text/html; charset=UTF-8");
 810    header("Content-type: text/html; charset=".$conf->file->character_set_client);
 811
 812    // On the fly GZIP compression for all pages (if browser support it). Must set the bit 3 of constant to 1.
 813    if (isset($conf->global->MAIN_OPTIMIZE_SPEED) && ($conf->global->MAIN_OPTIMIZE_SPEED & 0x04)) {
 814        ob_start("ob_gzhandler");
 815    }
 816}
 817
 818/**
 819 * Ouput html header of a page.
 820 * This code is also duplicated into security2.lib.php::dol_loginfunction
 821 *
 822 * @param 	string 	$head			Optionnal head lines
 823 * @param 	string 	$title			HTML title
 824 * @param 	int    	$disablejs		More content into html header
 825 * @param 	int    	$disablehead	More content into html header
 826 * @param 	array  	$arrayofjs		Array of complementary js files
 827 * @param 	array  	$arrayofcss		Array of complementary css files
 828 * @return	void
 829 */
 830function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs='', $arrayofcss='')
 831{
 832    global $user, $conf, $langs, $db;
 833
 834    top_httphead();
 835
 836    if (empty($conf->css)) $conf->css = '/theme/eldy/style.css.php';	// If not defined, eldy by default
 837
 838    print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">';
 839    //print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/strict.dtd">';
 840    //print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">';
 841    //print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">';
 842    //print '<!DOCTYPE HTML>';
 843    print "\n";
 844    if (! empty($conf->global->MAIN_USE_CACHE_MANIFEST)) print '<html manifest="cache.manifest">'."\n";
 845    else print '<html>'."\n";
 846    //print '<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr">'."\n";
 847    if (empty($disablehead))
 848    {
 849        print "<head>\n";
 850
 851        // Displays meta
 852        print '<meta name="robots" content="noindex,nofollow">'."\n";      // Evite indexation par robots
 853        print '<meta name="author" content="Dolibarr Development Team">'."\n";
 854        $favicon=DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/favicon.ico';
 855        print '<link rel="shortcut icon" type="image/x-icon" href="'.$favicon.'"/>'."\n";
 856        // Displays title
 857        $appli='Dolibarr';
 858        if (!empty($conf->global->MAIN_APPLICATION_TITLE)) $appli=$conf->global->MAIN_APPLICATION_TITLE;
 859
 860        if ($title) print '<title>'.$appli.' - '.$title.'</title>';
 861        else print "<title>".$appli."</title>";
 862        print "\n";
 863
 864        if (! defined('DISABLE_JQUERY') && ! $disablejs && $conf->use_javascript_ajax)
 865        {
 866            print '<!-- Includes for JQuery (Ajax library) -->'."\n";
 867            $jquerytheme = 'smoothness';
 868            if (!empty($conf->global->MAIN_USE_JQUERY_THEME)) $jquerytheme = $conf->global->MAIN_USE_JQUERY_THEME;
 869            if (constant('JS_JQUERY_UI')) print '<link rel="stylesheet" type="text/css" href="'.JS_JQUERY_UI.'css/'.$jquerytheme.'/jquery-ui.min.css" />'."\n";  // JQuery
 870            else print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/includes/jquery/css/'.$jquerytheme.'/jquery-ui-latest.custom.css" />'."\n";    // JQuery
 871            print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/includes/jquery/plugins/tiptip/tipTip.css" />'."\n";                           // Tooltip
 872            print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/includes/jquery/plugins/jnotify/jquery.jnotify-alt.min.css" />'."\n";          // JNotify
 873            //print '<link rel="stylesheet" href="'.DOL_URL_ROOT.'/includes/jquery/plugins/lightbox/css/jquery.lightbox-0.5.css" media="screen" />'."\n";       // Lightbox
 874            if (! empty($conf->global->MAIN_USE_JQUERY_FILEUPLOAD))     // jQuery fileupload
 875            {
 876                print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/includes/jquery/plugins/fileupload/css/jquery.fileupload-ui.css" />'."\n";
 877            }
 878            if (! empty($conf->global->MAIN_USE_JQUERY_DATATABLES))     // jQuery datatables
 879            {
 880                //print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/includes/jquery/plugins/datatables/css/jquery.dataTables.css" />'."\n";
 881                print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/includes/jquery/plugins/datatables/css/jquery.dataTables_jui.css" />'."\n";
 882                print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/includes/jquery/plugins/datatables/extras/ColReorder/css/ColReorder.css" />'."\n";
 883                print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/includes/jquery/plugins/datatables/extras/ColVis/css/ColVis.css" />'."\n";
 884                //print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/includes/jquery/plugins/datatables/extras/ColVis/css/ColVisAlt.css" />'."\n";
 885                print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/includes/jquery/plugins/datatables/extras/TableTools/css/TableTools.css" />'."\n";
 886            }
 887            if (! empty($conf->global->MAIN_USE_JQUERY_MULTISELECT))     // jQuery multiselect
 888            {
 889            	print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/includes/jquery/plugins/multiselect/css/ui.multiselect.css" />'."\n";
 890            }
 891        }
 892
 893        print '<!-- Includes for Dolibarr, modules or specific pages-->'."\n";
 894        // Output style sheets (optioncss='print' or '')
 895        $themepath=dol_buildpath((empty($conf->global->MAIN_FORCETHEMEDIR)?'':$conf->global->MAIN_FORCETHEMEDIR).$conf->css,1);
 896        $themeparam='?lang='.$langs->defaultlang.'&amp;theme='.$conf->theme.(GETPOST('optioncss')?'&amp;optioncss='.GETPOST('optioncss','alpha',1):'');
 897        if (! empty($_SESSION['dol_resetcache'])) $themeparam.='&amp;dol_resetcache='.$_SESSION['dol_resetcache'];
 898        //print 'themepath='.$themepath.' themeparam='.$themeparam;exit;
 899        print '<link rel="stylesheet" type="text/css" title="default" href="'.$themepath.$themeparam.'">'."\n";
 900        // CSS forced by modules (relative url starting with /)
 901        if (isset($conf->modules_parts['css']))
 902        {
 903        	$dircss=(array) $conf->modules_parts['css'];
 904        	foreach($dircss as $key => $cssfile)
 905        	{
 906        		// cssfile is a relative path
 907        		print '<link rel="stylesheet" type="text/css" title="default" href="'.dol_buildpath($cssfile,1);
 908        		// We add params only if page is not static, because some web server setup does not return content type text/css if url has parameters, so browser cache is not used.
 909        		if (!preg_match('/\.css$/i',$cssfile)) print $themeparam;
 910        		print '"><!-- Added by module '.$key. '-->'."\n";
 911        	}
 912        }
 913        // CSS forced by page in top_htmlhead call (relative url starting with /)
 914        if (is_array($arrayofcss))
 915        {
 916            foreach($arrayofcss as $cssfile)
 917            {
 918                print '<link rel="stylesheet" type="text/css" title="default" href="'.dol_buildpath($cssfile,1);
 919                // We add params only if page is not static, because some web server setup does not return content type text/css if url has parameters and browser cache is not used.
 920                if (!preg_match('/\.css$/i',$cssfile)) print $themeparam;
 921                print '"><!-- Added by page -->'."\n";
 922            }
 923        }
 924
 925        if (empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) print '<link rel="top" title="'.$langs->trans("Home").'" href="'.(DOL_URL_ROOT?DOL_URL_ROOT:'/').'">'."\n";
 926        if (empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) print '<link rel="copyright" title="GNU General Public License" href="http://www.gnu.org/copyleft/gpl.html#SEC1">'."\n";
 927        if (empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) print '<link rel="author" title="Dolibarr Development Team" href="http://www.dolibarr.org">'."\n";
 928
 929        // Output standard javascript links
 930        if (! $disablejs && $conf->use_javascript_ajax)
 931        {
 932            $ext='.js';
 933            if (isset($conf->global->MAIN_OPTIMIZE_SPEED) && ($conf->global->MAIN_OPTIMIZE_SPEED & 0x01)) {
 934                $ext='.jgz';
 935            }	// mini='_mini', ext='.gz'
 936
 937            // JQuery. Must be before other includes
 938            print '<!-- Includes JS for JQuery -->'."\n";
 939            if (constant('JS_JQUERY')) print '<script type="text/javascript" src="'.JS_JQUERY.'jquery.min.js"></script>'."\n";
 940            else print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/js/jquery-latest.min'.$ext.'"></script>'."\n";
 941            if (constant('JS_JQUERY_UI')) print '<script type="text/javascript" src="'.JS_JQUERY_UI.'jquery-ui.min.js"></script>'."\n";
 942            else print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/js/jquery-ui-latest.custom.min'.$ext.'"></script>'."\n";
 943            print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/tablednd/jquery.tablednd_0_5'.$ext.'"></script>'."\n";
 944            print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/tiptip/jquery.tipTip.min'.$ext.'"></script>'."\n";
 945            //print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/lightbox/js/jquery.lightbox-0.5.min'.$ext.'"></script>'."\n";
 946            // jQuery Layout
 947            if (! empty($conf->global->MAIN_MENU_USE_JQUERY_LAYOUT) || defined('REQUIRE_JQUERY_LAYOUT'))
 948            {
 949                print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/layout/jquery.layout-latest'.$ext.'"></script>'."\n";
 950            }
 951            // jQuery jnotify
 952            if (empty($conf->global->MAIN_DISABLE_JQUERY_JNOTIFY))
 953            {
 954                print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jnotify/jquery.jnotify.min.js"></script>'."\n";
 955                print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/core/js/jnotify.js"></script>'."\n";
 956            }
 957            // Flot
 958            if (empty($conf->global->MAIN_DISABLE_JQUERY_FLOT))
 959            {
 960                if (constant('JS_JQUERY_FLOT'))
 961                {
 962                    print '<!--[if lte IE 8]><script language="javascript" type="text/javascript" src="/javascript/excanvas/excanvas.min.js"></script><![endif]-->'."\n";
 963                    print '<script type="text/javascript" src="'.JS_JQUERY_FLOT.'jquery.flot.js"></script>'."\n";
 964                    print '<script type="text/javascript" src="'.JS_JQUERY_FLOT.'jquery.flot.pie.js"></script>'."\n";
 965                    print '<script type="text/javascript" src="'.JS_JQUERY_FLOT.'jquery.flot.stack.js"></script>'."\n";
 966                }
 967                else
 968                {
 969                    print '<!--[if lte IE 8]><script language="javascript" type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/flot/excanvas.min.js"></script><![endif]-->'."\n";
 970                    print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/flot/jquery.flot.min.js"></script>'."\n";
 971                    print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/flot/jquery.flot.pie.min.js"></script>'."\n";
 972                    print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/flot/jquery.flot.stack.min.js"></script>'."\n";
 973                }
 974            }
 975            // jQuery jeditable
 976            if (! empty($conf->global->MAIN_USE_JQUERY_JEDITABLE))
 977            {
 978                print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.min'.$ext.'"></script>'."\n";
 979                print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.ui-datepicker.js"></script>'."\n";
 980                print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.ui-autocomplete.js"></script>'."\n";
 981                print '<script type="text/javascript">'."\n";
 982                print 'var urlSaveInPlace = \''.DOL_URL_ROOT.'/core/ajax/saveinplace.php\';'."\n";
 983                print 'var urlLoadInPlace = \''.DOL_URL_ROOT.'/core/ajax/loadinplace.php\';'."\n";
 984                print 'var tooltipInPlace = \''.$langs->transnoentities('ClickToEdit').'\';'."\n";
 985                print 'var placeholderInPlace = \''.$langs->trans('ClickToEdit').'\';'."\n";
 986                print 'var cancelInPlace = \''.$langs->trans('Cancel').'\';'."\n";
 987                print 'var submitInPlace = \''.$langs->trans('Ok').'\';'."\n";
 988                print 'var indicatorInPlace = \'<img src="'.DOL_URL_ROOT."/theme/".$conf->theme."/img/working.gif".'">\';'."\n";
 989                print '</script>'."\n";
 990                print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/core/js/editinplace.js"></script>'."\n";
 991                print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.ckeditor.js"></script>'."\n";
 992            }
 993            // jQuery File Upload
 994            if (! empty($conf->global->MAIN_USE_JQUERY_FILEUPLOAD))
 995            {
 996                print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/template/tmpl.min.js"></script>'."\n";
 997                print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/fileupload/js/jquery.iframe-transport.js"></script>'."\n";
 998                print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/fileupload/js/jquery.fileupload.js"></script>'."\n";
 999                print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/fileupload/js/jquery.fileupload-fp.js"></script>'."\n";
1000                print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/fileupload/js/jquery.fileupload-ui.js"></script>'."\n";
1001                print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/fileupload/js/jquery.fileupload-jui.js"></script>'."\n";
1002                print '<!-- The XDomainRequest Transport is included for cross-domain file deletion for IE8+ -->'."\n";
1003                '<!--[if gte IE 8]><script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/fileupload/js/cors/jquery.xdr-transport.js"></script><![endif]-->'."\n";
1004            }
1005            // jQuery DataTables
1006            if (! empty($conf->global->MAIN_USE_JQUERY_DATATABLES))
1007            {
1008                print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/datatables/js/jquery.dataTables.min'.$ext.'"></script>'."\n";
1009                print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/datatables/extras/ColReorder/js/ColReorder.min'.$ext.'"></script>'."\n";
1010                print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/datatables/extras/ColVis/js/ColVis.min'.$ext.'"></script>'."\n";
1011                print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/datatables/extras/TableTools/js/TableTools.min'.$ext.'"></script>'."\n";
1012            }
1013            // jQuery Multiselect
1014            if (! empty($conf->global->MAIN_USE_JQUERY_MULTISELECT))
1015            {
1016            	print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/multiselect/js/ui.multiselect.js"></script>'."\n";
1017            }
1018            // CKEditor
1019            if (! empty($conf->fckeditor->enabled) && (empty($conf->global->FCKEDITOR_EDITORNAME) || $conf->global->FCKEDITOR_EDITORNAME == 'ckeditor'))
1020            {
1021                print '<!-- Includes JS for CKEditor -->'."\n";
1022                $pathckeditor=DOL_URL_ROOT.'/includes/ckeditor/';
1023                if (constant('JS_CKEDITOR')) $pathckeditor=JS_CKEDITOR;    // To use external ckeditor js lib
1024                print '<script type="text/javascript">';
1025                print 'var CKEDITOR_BASEPATH = \''.$pathckeditor.'\';'."\n";
1026                print 'var ckeditorConfig = \''.dol_buildpath('/theme/'.$conf->theme.'/ckeditor/config.js',1).'\';'."\n";
1027                print 'var ckeditorFilebrowserBrowseUrl = \''.DOL_URL_ROOT.'/core/filemanagerdol/browser/default/browser.php?Connector='.DOL_URL_ROOT.'/core/filemanagerdol/connectors/php/connector.php\';'."\n";
1028                print 'var ckeditorFilebrowserImageBrowseUrl = \''.DOL_URL_ROOT.'/core/filemanagerdol/browser/default/browser.php?Type=Image&Connector='.DOL_URL_ROOT.'/core/filemanagerdol/connectors/php/connector.php\';'."\n";
1029                print '</script>'."\n";
1030                print '<script type="text/javascript" src="'.$pathckeditor.'ckeditor_basic.js"></script>'."\n";
1031            }
1032
1033            // Global js function
1034            print '<!-- Includes JS of Dolibarr -->'."\n";
1035            print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/core/js/lib_head.js"></script>'."\n";
1036
1037            // Add datepicker default options
1038            print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/core/js/datepicker.js.php?lang='.$langs->defaultlang.'"></script>'."\n";
1039
1040            // JS forced by modules (relative url starting with /)
1041            $dirjs=(array) $conf->modules_parts['js'];
1042            foreach($dirjs as $key => $jsfile)
1043            {
1044            	// jsfile is a relative path
1045            	print '<script type="text/javascript" src="'.dol_buildpath($jsfile,1).'"></script><!-- Added by module '.$key. '-->'."\n";
1046            }
1047            // JS forced by page in top_htmlhead (relative url starting with /)
1048            if (is_array($arrayofjs))
1049            {
1050                print '<!-- Includes JS specific to page -->'."\n";
1051                foreach($arrayofjs as $jsfile)
1052                {
1053                    if (preg_match('/^http/i',$jsfile))
1054                    {
1055                        print '<script type="text/javascript" src="'.$jsfile.'"></script>'."\n";
1056                    }
1057                    else
1058                    {
1059                        if (! preg_match('/^\//',$jsfile)) $jsfile='/'.$jsfile;	// For b…

Large files files are truncated, but you can click here to view the full file