common.php 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324
  1. <?php
  2. session_name ('erp-core');
  3. session_start();
  4. //Activation du ssl a travers un reverse proxy
  5. if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) $_SERVER['HTTPS'] = 'https' === $_SERVER['HTTP_X_FORWARDED_PROTO'] ? 'on' : 'off';
  6. $start_time = microtime(TRUE);
  7. mb_internal_encoding('UTF-8');
  8. if(!file_exists(__DIR__.DIRECTORY_SEPARATOR.'constant.php'))
  9. header('location:install.php');
  10. require_once(__DIR__.DIRECTORY_SEPARATOR.'constant.php');
  11. require_once(__ROOT__.'function.php');
  12. date_default_timezone_set(TIME_ZONE);
  13. //set_error_handler('errorToException');
  14. set_exception_handler('unhandledException');
  15. spl_autoload_register('app_autoloader');
  16. global $myUser,$conf,$_,$success,$myFirm;
  17. $_ = array_map('secure_user_vars', array_merge($_POST, $_GET));
  18. $page = isset($_SERVER['REQUEST_URI'])? basename($_SERVER['REQUEST_URI']):'';
  19. $myUser = isset($_SESSION['currentUser']) ? unserialize($_SESSION['currentUser']) : new User();
  20. $myFirm = isset($_SESSION['firm']) ? unserialize($_SESSION['firm']): new Firm();
  21. $conf = new Configuration();
  22. $conf->getAll();
  23. //CONFS GÉNÉRALES
  24. Configuration::setting('configuration-global',array(
  25. "Gestion des configurations générales :",
  26. 'home_page' => array("label"=>"Page d'accueil","type"=>"text","legend"=>"Laisser vide pour gérer en automatique","placeholder"=>"eg : index.php?module=example"),
  27. 'logo_website_header' => array("label"=>"Site web cible au clic sur le logo","type"=>"text","legend"=>"Dans le menu de navigation, laisser vide pour pointer vers l'Accueil du projet", "placeholder"=>"eg : https://example.com"),
  28. 'show_application_name' => array("label"=>"Afficher le nom du programme","type"=>"checkbox","legend"=>"Dans le menu de navigation"),
  29. 'show_application_name_footer' => array("label"=>"Afficher le nom du programme", "legend"=>"Dans le pied de page", "type"=>"checkbox"),
  30. 'show_application_author_footer' => array("label"=>"Afficher le nom de l'éditeur", "legend"=>"Dans le pied de page", "type"=>"checkbox"),
  31. 'application_author_website_footer' => array("label"=>"Lien vers le site de l'éditeur", "legend"=>"Dans le pied de page, laisser vide pour ne rien afficher", "type"=>"text", "placeholder"=>"eg : https://example.com"),
  32. 'show_application_documentation_footer' => array("label"=>"Lien vers la documentation utilisateur", "legend"=>"Dans le pied de page, laisser vide pour ne rien afficher", "type"=>"text"),
  33. 'show_process_time_footer' => array("label"=>"Afficher le temps de traitement", "legend"=>"Dans le pied de page", "type"=>"checkbox"),
  34. 'hide_header_login' => array("label"=>"Masquer le formulaire de connexion dans le header","type"=>"checkbox","legend"=>"(Barre de menu en haut à droite)","placeholder"=>"6"),
  35. "Gestion des clés API du composant <code>location</code> :",
  36. 'maps_api_suggest_url' => array("label"=>"URL de l'API de Suggestion","type"=>"text","legend"=>"URL de l'API à attaquer pour autocomplétion des adresses","placeholder"=>"eg. http://autocomplete.suggest.api.example.com/..."),
  37. 'maps_api_geocode_url' => array("label"=>"URL de l'API Geocoder","type"=>"text","legend"=>"URL de l'API à attaquer pour récupérer les détails d'une localisation","placeholder"=>"eg. http://autocomplete.geocoder.api.example.com/..."),
  38. 'maps_api_id' => array("label"=>"ID de l'application","type"=>"text","legend"=>"Identifiant de l'application API pour le composant location","placeholder"=>"eg. pl0749TULNDW..."),
  39. 'maps_api_key' => array("label"=>"Clé publique de l'application","type"=>"password","legend"=>"Code / Clé de l'application API pour le composant location","placeholder"=>"eg. db678804676..."),
  40. 'google_maps_api_key' => array("label"=>"Google Maps API","type"=>"text","legend"=>"Clé API de la console Google Cloud Platform","placeholder"=>"eg. AIzaSyAcnOX3qYl-Fzq..."),
  41. "Authentification :",
  42. 'account_block' => array("label"=>"Activer le blocage de compte au bout de N essais","legend"=>"Tous les utilisateurs seront soumis à la règle","type"=>"checkbox"),
  43. 'account_block_try' => array("label"=>"Nombre d'essais avant blocage du compte","legend"=>"L'utilisateur aura N tentatives pour se connecter avant d'être bloqué","type"=>"number", "placeholder"=>"eg. 10"),
  44. 'account_block_delay' => array("label"=>"Durée de blocage", "legend"=>"(en minutes)", "type"=>"number", "placeholder"=>"eg. 30"),
  45. "Identifiant :",
  46. 'login_forbidden_char' => array("label"=>"Caractères interdits","type"=>"text","legend"=>"<small class='text-danger'> La virgule ','' est par défaut interdite pour tout identifiant</small>","placeholder"=>"eg. <>&!?"),
  47. 'Mots de passe : <div class="btn btn-warning btn-small float-right" onclick="general_reset_password_delay()"><i class="fas fa-exclamation-triangle"></i> Forcer le renouvellement</div>',
  48. 'password_forbidden_char' => array("label"=>"Caractères interdits","type"=>"text","legend"=>"<small class='text-danger'> Aucun caractère n'est par défaut interdit</small>","placeholder"=>"eg. <>&!?"),
  49. 'password_delay'=>array("label"=>"Renouvellement", "legend"=>"Forcer l'utilisateur a renouveller son mot de passe tous les X jours (laisser vide pour désactiver)", "type"=>"number", "placeholder"=>"eg. 30"),
  50. 'password_allow_lost'=>array("label"=>"Oubli de mot de passe", "legend"=>"Proposer la récuperation du mot de passe oublié", "type"=>"checkbox"),
  51. "Connectivité :",
  52. 'offline_mode' => array("label"=>"Activer le mode hors ligne","legend"=>"(Désactive toutes les fonctionnalités ayant besoin d'un accès internet depuis le poste client cdn...)","type"=>"checkbox"),
  53. ));
  54. //CACHE CSS & JS
  55. $cacheVersion = SOURCE_VERSION;
  56. if(file_exists(__DIR__.SLASH.'.git'.SLASH.'HEAD')){
  57. $versionFile = str_replace(array('ref: ',PHP_EOL,"\r","\n"),'',file_get_contents(__DIR__.SLASH.'.git'.SLASH.'HEAD'));
  58. if(file_exists(__DIR__.SLASH.'.git'.SLASH.$versionFile)){
  59. $cacheVersion = str_replace(array("\r","\n"),'',file_get_contents(__DIR__.SLASH.'.git'.SLASH.$versionFile));
  60. }
  61. }
  62. if($myUser->login==null && isset($_COOKIE[COOKIE_NAME])){
  63. $cookie = UserPreference::load(array('key'=>'cookie','value'=>$_COOKIE[COOKIE_NAME]));
  64. if($cookie!=false){
  65. if(Plugin::is_active('fr.sys1.activedirectory'))
  66. require_once(PLUGIN_PATH.'activedirectory'.SLASH.'activedirectory.plugin.php');
  67. $myUser = User::byLogin($cookie->user);
  68. if(empty($myUser->origin)){
  69. $myUser->ranks = array();
  70. $myUser->firms = array();
  71. $myUser->loadRanks();
  72. $myUser->loadPreferences();
  73. }
  74. if($myUser->superadmin == 1){
  75. foreach(Firm::loadAll() as $firm)
  76. $firms[$firm->id] = $firm;
  77. $myUser->setFirms($firms);
  78. }
  79. $defaultFirm = !empty($myUser->preference('default_firm')) ? $myUser->preferences['default_firm'] : key($myUser->firms);
  80. $myFirm = isset($myUser->firms[$defaultFirm]) ? $myUser->firms[$defaultFirm]:key($myUser->firms);
  81. $myUser->loadRights();
  82. $_SESSION['currentUser'] = serialize($myUser);
  83. $_SESSION['firm'] = serialize($myFirm);
  84. }
  85. }
  86. $myFirm = isset($_SESSION['firm']) ? unserialize($_SESSION['firm']) : new Firm();
  87. //MENUS
  88. Plugin::addHook("menu_account", function(&$accountMenu){
  89. global $myUser;
  90. if(!$myUser->connected()) throw new Exception('Vous devez être connecté pour accéder à cette fonctionnalité');
  91. $accountMenu[]= array(
  92. 'sort' =>0,
  93. 'url' => 'account.php?section=global',
  94. 'icon' => 'fas fa-angle-right',
  95. 'label' => 'Général',
  96. );
  97. });
  98. Plugin::addHook("menu_setting", function(&$settingMenu){
  99. global $myUser;
  100. $settingMenu[]= array(
  101. 'sort' =>0,
  102. 'url' => 'setting.php?section=global',
  103. 'icon' => 'fas fa-angle-right',
  104. 'label' => 'Général',
  105. );
  106. if($myUser->can('plugin','configure'))
  107. $settingMenu[]= array(
  108. 'sort' =>18,
  109. 'url' => 'setting.php?section=plugin',
  110. 'icon' => 'fas fa-angle-right',
  111. 'label' => 'Plugins',
  112. 'category' => 'administration'
  113. );
  114. if($myUser->can('user','configure'))
  115. $settingMenu[]= array(
  116. 'sort' =>20,
  117. 'url' => 'setting.php?section=user',
  118. 'icon' => 'fas fa-angle-right',
  119. 'label' => 'Utilisateurs',
  120. 'category' => 'administration'
  121. );
  122. if($myUser->can('rank','configure'))
  123. $settingMenu[]= array(
  124. 'sort' =>21,
  125. 'url' => 'setting.php?section=rank',
  126. 'icon' => 'fas fa-angle-right',
  127. 'label' => 'Rangs & Accès',
  128. 'category' => 'administration'
  129. );
  130. if($myUser->can('firm','configure'))
  131. $settingMenu[]= array(
  132. 'sort' =>22,
  133. 'url' => 'setting.php?section=firm',
  134. 'icon' => 'fas fa-angle-right',
  135. 'label' => 'Établissements',
  136. 'category' => 'administration'
  137. );
  138. if($myUser->can('user','configure'))
  139. $settingMenu[]= array(
  140. 'sort' =>23,
  141. 'url' => 'setting.php?section=userfirmrank',
  142. 'icon' => 'fas fa-angle-right',
  143. 'label' => 'Établissement / Utilisateur / Rang',
  144. 'category' => 'administration'
  145. );
  146. if($myUser->can('plugin','configure'))
  147. $settingMenu[]= array(
  148. 'sort' =>24,
  149. 'url' => 'setting.php?section=firmPlugin',
  150. 'icon' => 'fas fa-angle-right',
  151. 'label' => 'Établissement / Plugins',
  152. 'category' => 'administration'
  153. );
  154. if($myUser->can('dictionnary','configure'))
  155. $settingMenu[]= array(
  156. 'sort' =>20,
  157. 'url' => 'setting.php?section=dictionnary',
  158. 'icon' => 'fas fa-angle-right',
  159. 'label' => 'Listes de valeur'
  160. );
  161. if($myUser->can('log','read'))
  162. $settingMenu[]= array(
  163. 'sort' =>16,
  164. 'url' => 'setting.php?section=log',
  165. 'icon' => 'fas fa-angle-right',
  166. 'label' => 'Logs',
  167. 'category' => 'administration'
  168. );
  169. if($myUser->login!='')
  170. $settingMenu[]= array(
  171. 'sort' =>16,
  172. 'url' => 'setting.php?section=update',
  173. 'icon' => 'fas fa-angle-right',
  174. 'label' => 'Mises à jour',
  175. 'category' => 'administration'
  176. );
  177. });
  178. Plugin::addHook("menu_main", function(&$mainMenu) {
  179. global $myUser;
  180. if(!$myUser->connected()) return;
  181. $mainMenu[] = array(
  182. 'sort' =>0,
  183. 'icon' => 'fas fa-fw fa-home',
  184. 'label' => 'Accueil',
  185. 'url' => 'index.php',
  186. 'color' => '#383838'
  187. );
  188. $settingMenu = array();
  189. Plugin::callHook("menu_setting", array(&$settingMenu));
  190. });
  191. Plugin::addHook("menu_user", function(&$userMenu){
  192. global $myUser,$myFirm;
  193. $rankLabels = array();
  194. if($myUser->superadmin){
  195. $rankLabels[] = 'Super Admin';
  196. } else {
  197. if(isset($myUser->ranks[$myFirm->id])){
  198. foreach($myUser->ranks[$myFirm->id] as $rank){
  199. $rankLabels[] = $rank->label;
  200. }
  201. }
  202. }
  203. $ranksHtml = count($rankLabels)!=0 ? '<div class="firm-ranks mt-1"><ul><li>'.implode('</li><li>',$rankLabels).'</li></ul></div>' : '';
  204. $userMenu[]= array(
  205. 'sort' => -2,
  206. 'custom' => "<div class='firm-item' onclick='event.stopPropagation();'><small>Rang : ".$ranksHtml."</small></div><div class='dropdown-divider'></div>",
  207. );
  208. if(count($myUser->firms)>1){
  209. $userIcon = 'far fa-fw fa-user';
  210. $options = '';
  211. foreach ($myUser->firms as $firm)
  212. $options .= '<option '.($myFirm->id == $firm->id ? "selected='selected'":"").' value="'.$firm->id.'">'.$firm->label.'</option>';
  213. $userMenu[]= array(
  214. 'sort' => 1,
  215. 'custom' => "<div class='firm-item mt-2' onclick='event.stopPropagation();'><small class='mb-1'>Établissement : </small><select class=\"form-control form-control-sm\" onchange=\"window.location='action.php?action=select_firm&firm='+$(this).val();\">".$options."</select></div><div class='dropdown-divider'></div>",
  216. );
  217. } else {
  218. $userIcon = 'fas fa-fw fa-user';
  219. $userMenu[]= array(
  220. 'sort' => -1,
  221. 'custom' => "<div class='firm-item' onclick='event.stopPropagation();'><small>Établissement : ".$myFirm->label."</small></div><div class='dropdown-divider'></div>",
  222. );
  223. }
  224. if($myUser->can('account','read'))
  225. $userMenu[]= array(
  226. 'sort' => 0,
  227. 'label' => 'Mon compte',
  228. 'icon' => $userIcon,
  229. 'url' => 'account.php'
  230. );
  231. if($myUser->can('setting_global', 'read'))
  232. $userMenu[]= array(
  233. 'sort' => 1,
  234. 'icon' => 'fas fa-fw fa-cog',
  235. 'label' => 'Réglages',
  236. 'url' => 'setting.php'
  237. );
  238. $userMenu[]= array(
  239. 'sort' => 100,
  240. 'icon' => 'fas fa-fw fa-sign-out-alt',
  241. 'label' => 'Déconnexion',
  242. 'url' => 'action.php?action=logout'
  243. );
  244. });
  245. Plugin::addHook("content_setting", function(){
  246. global $_;
  247. $_['section'] = !isset($_['section']) ? 'global': $_['section'];
  248. if(in_array($_['section'],array('global','plugin','rank','right','user','firm','userfirmrank','firmPlugin','log','dictionnary','update')) && file_exists('setting.'.$_['section'].'.php'))
  249. require_once('setting.'.$_['section'].'.php');
  250. });
  251. Plugin::addHook("content_account", function(){
  252. global $_;
  253. $_['section'] = !isset($_['section']) ? 'global': $_['section'];
  254. if(in_array($_['section'],array('global')) && file_exists('account.'.$_['section'].'.php'))
  255. require_once('account.'.$_['section'].'.php');
  256. });
  257. Plugin::addHook("section",function(&$sections){
  258. $sections['setting_global'] = 'Gestion des parametres globaux';
  259. $sections['user'] = 'Gestion des utilisateurs';
  260. $sections['firm'] = 'Gestion des établissements';
  261. $sections['plugin'] = 'Gestion des plugins';
  262. $sections['rank'] = 'Gestion des rangs et droits';
  263. $sections['log'] = 'Gestion des logs programme';
  264. $sections['dictionnary'] = 'Gestion des listes programme';
  265. $sections['file'] = 'Gestion des fichiers';
  266. $sections['account'] = 'Gestion du compte courant';
  267. });
  268. Plugin::addHook("cron",function(){
  269. if(date('H:i')!='01:00') return;
  270. //Clear automatique des logs
  271. global $conf;
  272. foreach(Log::staticQuery('SELECT DISTINCT category FROM {{table}}',array(),true) as $log):
  273. $slug = slugify($log->category);
  274. $key = 'log_retention_time_'.$slug;
  275. if($conf->get($key)=='') continue;
  276. Log::clear($conf->get($key));
  277. endforeach;
  278. });
  279. Plugin::includeAll();
  280. ?>