dolibarr  13.0.2
ws.lib.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2011 Laurent Destailleur <eldy@users.sourceforge.net>
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 3 of the License, or
7  * (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program. If not, see <https://www.gnu.org/licenses/>.
16  * or see https://www.gnu.org/
17  */
18 
35 function check_authentication($authentication, &$error, &$errorcode, &$errorlabel)
36 {
37  global $db, $conf, $langs;
38  global $dolibarr_main_authentication, $dolibarr_auto_user;
39 
40  $fuser = new User($db);
41 
42  if (!$error && ($authentication['dolibarrkey'] != $conf->global->WEBSERVICES_KEY))
43  {
44  $error++;
45  $errorcode = 'BAD_VALUE_FOR_SECURITY_KEY'; $errorlabel = 'Value provided into dolibarrkey entry field does not match security key defined in Webservice module setup';
46  }
47 
48  if (!$error && !empty($authentication['entity']) && !is_numeric($authentication['entity']))
49  {
50  $error++;
51  $errorcode = 'BAD_PARAMETERS'; $errorlabel = "The entity parameter must be empty (or filled with numeric id of instance if multicompany module is used).";
52  }
53 
54  if (!$error)
55  {
56  $result = $fuser->fetch('', $authentication['login'], '', 0);
57  if ($result < 0)
58  {
59  $error++;
60  $errorcode = 'ERROR_FETCH_USER'; $errorlabel = 'A technical error occurred during fetch of user';
61  } elseif ($result == 0)
62  {
63  $error++;
64  $errorcode = 'BAD_CREDENTIALS'; $errorlabel = 'Bad value for login or password';
65  }
66 
67  if (!$error && $fuser->statut == 0)
68  {
69  $error++;
70  $errorcode = 'ERROR_USER_DISABLED'; $errorlabel = 'This user has been locked or disabled';
71  }
72 
73  // Validation of login
74  if (!$error)
75  {
76  $fuser->getrights(); // Load permission of user
77 
78  // Authentication mode
79  if (empty($dolibarr_main_authentication)) $dolibarr_main_authentication = 'http,dolibarr';
80  // Authentication mode: forceuser
81  if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) $dolibarr_auto_user = 'auto';
82  // Set authmode
83  $authmode = explode(',', $dolibarr_main_authentication);
84 
85  include_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
86  $login = checkLoginPassEntity($authentication['login'], $authentication['password'], $authentication['entity'], $authmode, 'ws');
87  if (empty($login))
88  {
89  $error++;
90  $errorcode = 'BAD_CREDENTIALS'; $errorlabel = 'Bad value for login or password';
91  }
92  }
93  }
94 
95  return $fuser;
96 }
check_authentication
check_authentication($authentication, &$error, &$errorcode, &$errorlabel)
Check authentication array and set error, errorcode, errorlabel.
Definition: ws.lib.php:35
User
Class to manage Dolibarr users.
Definition: user.class.php:44
checkLoginPassEntity
checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode, $context= '')
Return a login if login/pass was successfull.
Definition: security2.lib.php:53
Generated on Sat Aug 23 2025 13:17:21 for dolibarr by Doxygen 1.8.5