NEW Add $dolibarr_main_db_readonly in conf.php for readonly access.

htdocs/admin/system/dolibarr.php

@@ -327,6 +327,7 @@
 	'dolibarr_main_db_character_set' => $langs->trans("DBStoringCharset"),
 	'dolibarr_main_db_collation' => $langs->trans("DBSortingCollation"),
 	'?dolibarr_main_db_prefix' => $langs->trans("DatabasePrefix"),
+	'dolibarr_main_db_readonly' => $langs->trans("ReadOnlyMode"),
 	'separator2' => '',
 	'dolibarr_main_authentication' => $langs->trans("AuthenticationMode"),
 	'?multicompany_transverse_mode'=>  $langs->trans("MultiCompanyMode"),
@@ -449,6 +450,13 @@
 				if (!empty($valuetoshow)) {
 					print img_warning($langs->trans('SwitchThisForABetterSecurity', 0));
 				}
+			} elseif ($newkey == 'dolibarr_main_db_readonly') {
+				print ${$newkey};
+
+				$valuetoshow = ${$newkey};
+				if (!empty($valuetoshow)) {
+					print img_warning($langs->trans('ReadOnlyMode', 1));
+				}
 			} else {
 				print (empty(${$newkey}) ? '' : ${$newkey});
 			}

htdocs/conf/conf.php.example

@@ -151,6 +151,15 @@ $dolibarr_main_db_character_set='utf8';
 $dolibarr_main_db_collation='utf8_unicode_ci';
 
 
+// dolibarr_main_db_readonly
+// Set this to 1 to have the application working in readonly mode. All sql access INSERT/UPDATE/DELETE/CREATE/ALTER/TRUNCATE/DROP will be disabled. 
+// Default value: 0
+// Examples:
+// $dolibarr_main_db_readonly='0';
+//
+$dolibarr_main_db_readonly=0;
+
+
 // dolibarr_main_instance_unique_id
 // An secret ID that is unique for each installation.
 // This value is also visible and never propagated outside of Dolibarr, so it can be used as a salt / key for some encryption.

htdocs/core/db/mysqli.class.php

@@ -266,7 +266,7 @@ public function close()
 	 */
 	public function query($query, $usesavepoint = 0, $type = 'auto')
 	{
-		global $conf;
+		global $conf, $dolibarr_main_db_readonly;
 
 		$query = trim($query);
 
@@ -278,6 +278,15 @@ public function query($query, $usesavepoint = 0, $type = 'auto')
 			return false; // Return false = error if empty request
 		}
 
+		if (!empty($dolibarr_main_db_readonly)) {
+			if (preg_match('/^(INSERT|UPDATE|DELETE|CREATE|ALTER|TRUNCATE|DROP)/i', $query)) {
+				$this->lasterror = 'Application in read-only mode';
+				$this->lasterrno = 'APPREADONLY';
+				$this->lastquery = $query;
+				return false;
+			}
+		}
+
 		if (!$this->database_name) {
 			// Ordre SQL ne necessitant pas de connexion a une base (exemple: CREATE DATABASE)
 			$ret = $this->db->query($query);

htdocs/core/db/pgsql.class.php

@@ -498,7 +498,7 @@ public function close()
 	 */
 	public function query($query, $usesavepoint = 0, $type = 'auto')
 	{
-		global $conf;
+		global $conf, $dolibarr_main_db_readonly;
 
 		$query = trim($query);
 
@@ -527,6 +527,18 @@ public function query($query, $usesavepoint = 0, $type = 'auto')
 			$SYSLOG_SQL_LIMIT = 10000; // limit log to 10kb per line to limit DOS attacks
 			dol_syslog('sql='.substr($query, 0, $SYSLOG_SQL_LIMIT), LOG_DEBUG);
 		}
+		if (empty($query)) {
+			return false; // Return false = error if empty request
+		}
+
+		if (!empty($dolibarr_main_db_readonly)) {
+			if (preg_match('/^(INSERT|UPDATE|DELETE|CREATE|ALTER|TRUNCATE|DROP)/i', $query)) {
+				$this->lasterror = 'Application in read-only mode';
+				$this->lasterrno = 'APPREADONLY';
+				$this->lastquery = $query;
+				return false;
+			}
+		}
 
 		$ret = @pg_query($this->db, $query);
 

htdocs/core/db/sqlite3.class.php

@@ -397,7 +397,7 @@ public function close()
 	 */
 	public function query($query, $usesavepoint = 0, $type = 'auto')
 	{
-		global $conf;
+		global $conf, $dolibarr_main_db_readonly;
 
 		$ret = null;
 
@@ -455,6 +455,15 @@ public function query($query, $usesavepoint = 0, $type = 'auto')
 			return false; // Return false = error if empty request
 		}
 
+		if (!empty($dolibarr_main_db_readonly)) {
+			if (preg_match('/^(INSERT|UPDATE|DELETE|CREATE|ALTER|TRUNCATE|DROP)/i', $query)) {
+				$this->lasterror = 'Application in read-only mode';
+				$this->lasterrno = 'APPREADONLY';
+				$this->lastquery = $query;
+				return false;
+			}
+		}
+
 		// Ordre SQL ne necessitant pas de connexion a une base (exemple: CREATE DATABASE)
 		try {
 			//$ret = $this->db->exec($query);

scripts/accountancy/export-thirdpartyaccount.php

@@ -96,9 +96,12 @@
 		$date_start = dol_get_first_day($year_start, 10, false);
 		$date_end = dol_get_last_day($year_start, 12, false);
 	}
-} else {
 }
 
+/*
+ * Main
+ */
+
 llxHeader();
 
 $form = new Form($db);
@@ -186,9 +189,6 @@ function launch_export()
 		$i++;
 	}
 
-	/*
-	 * View
-	 */
 
 	$thirdpartystatic = new Societe($db);
 

scripts/company/sync_contacts_dolibarr2ldap.php

@@ -69,6 +69,11 @@
 
 $now = $argv[1];
 
+if (!empty($dolibarr_main_db_readonly)) {
+	print "Error: instance in read-onyl mode\n";
+	exit(-1);
+}
+
 print "Mails sending disabled (useless in batch mode)\n";
 $conf->global->MAIN_DISABLE_ALL_MAILS = 1; // On bloque les mails
 print "\n";

scripts/cron/cron_run_jobs.php

@@ -108,6 +108,11 @@
 	exit(-1);
 }
 
+if (!empty($dolibarr_main_db_readonly)) {
+	print "Error: instance in read-only mode\n";
+	exit(-1);
+}
+
 // If param userlogin is reserved word 'firstadmin'
 if ($userlogin == 'firstadmin') {
 	$sql = 'SELECT login, entity from '.MAIN_DB_PREFIX.'user WHERE admin = 1 and statut = 1 ORDER BY entity LIMIT 1';

scripts/emailings/mailing-send.php

@@ -86,6 +86,11 @@
 if ($conf->global->MAILING_LIMIT_SENDBYCLI == '-1') {
 }
 
+if (!empty($dolibarr_main_db_readonly)) {
+	print "Error: instance in read-only mode\n";
+	exit(-1);
+}
+
 $user = new User($db);
 // for signature, we use user send as parameter
 if (!empty($login)) {

scripts/emailings/reset-invalid-emails.php

@@ -57,6 +57,7 @@
 $version = DOL_VERSION;
 $error = 0;
 
+
 /*
  * Main
  */
@@ -71,6 +72,11 @@
 	exit(-1);
 }
 
+if (!empty($dolibarr_main_db_readonly)) {
+	print "Error: instance in read-onyl mode\n";
+	exit(-1);
+}
+
 $db->begin();
 
 

scripts/invoices/email_unpaid_invoices_to_customers.php

@@ -80,6 +80,11 @@
 	$conf->global->MAIN_DISABLE_ALL_MAILS = 1;
 }
 
+if (!empty($dolibarr_main_db_readonly)) {
+	print "Error: instance in read-onyl mode\n";
+	exit(-1);
+}
+
 $sql = "SELECT f.ref, f.total_ttc, f.date_lim_reglement as due_date,";
 $sql .= " s.rowid as sid, s.nom as name, s.email, s.default_lang";
 if ($targettype == 'contacts') {

scripts/invoices/email_unpaid_invoices_to_representatives.php

@@ -76,6 +76,11 @@
 	$conf->global->MAIN_DISABLE_ALL_MAILS = 1;
 }
 
+if (!empty($dolibarr_main_db_readonly)) {
+	print "Error: instance in read-onyl mode\n";
+	exit(-1);
+}
+
 $sql = "SELECT f.ref, f.total_ttc, f.date_lim_reglement as due_date, s.nom as name, s.email, s.default_lang,";
 $sql .= " u.rowid as uid, u.lastname, u.firstname, u.email, u.lang";
 $sql .= " FROM ".MAIN_DB_PREFIX."facture as f";

scripts/invoices/rebuild_merge_pdf.php

@@ -52,6 +52,7 @@
 $version = DOL_VERSION;
 $error = 0;
 
+
 /*
  * Main
  */
@@ -66,6 +67,11 @@
 	exit(-1);
 }
 
+if (!empty($dolibarr_main_db_readonly)) {
+	print "Error: instance in read-onyl mode\n";
+	exit(-1);
+}
+
 $diroutputpdf = $conf->facture->dir_output.'/temp';
 $newlangid = 'en_EN'; // To force a new lang id
 $filter = array();

scripts/members/sync_members_dolibarr2ldap.php

@@ -68,6 +68,11 @@
 	}
 }
 
+if (!empty($dolibarr_main_db_readonly)) {
+	print "Error: instance in read-onyl mode\n";
+	exit(-1);
+}
+
 $now = $argv[1];
 
 print "Mails sending disabled (useless in batch mode)\n";

scripts/members/sync_members_ldap2dolibarr.php

@@ -146,6 +146,11 @@
 	exit(-2);
 }
 
+if (!empty($dolibarr_main_db_readonly)) {
+	print "Error: instance in read-onyl mode\n";
+	exit(-1);
+}
+
 if (!$confirmed) {
 	print "Hit Enter to continue or CTRL+C to stop...\n";
 	$input = trim(fgets(STDIN));

scripts/members/sync_members_types_dolibarr2ldap.php

@@ -70,6 +70,12 @@
  * }
  */
 
+if (!empty($dolibarr_main_db_readonly)) {
+	print "Error: instance in read-onyl mode\n";
+	exit(-1);
+}
+
+
 $sql = "SELECT rowid";
 $sql .= " FROM ".MAIN_DB_PREFIX."adherent_type";
 

scripts/members/sync_members_types_ldap2dolibarr.php

@@ -88,6 +88,11 @@
 	}
 }
 
+if (!empty($dolibarr_main_db_readonly)) {
+	print "Error: instance in read-onyl mode\n";
+	exit(-1);
+}
+
 print "Mails sending disabled (useless in batch mode)\n";
 $conf->global->MAIN_DISABLE_ALL_MAILS = 1; // On bloque les mails
 print "\n";

scripts/website/migrate-news-joomla2dolibarr.php

@@ -63,8 +63,18 @@
 include_once DOL_DOCUMENT_ROOT.'/website/class/websitepage.class.php';
 include_once DOL_DOCUMENT_ROOT.'/core/lib/website2.lib.php';
 
+
+/*
+ * Main
+ */
+
 $langs->load('main');
 
+if (!empty($dolibarr_main_db_readonly)) {
+	print "Error: instance in read-onyl mode\n";
+	exit(-1);
+}
+
 $joomlaserverinfoarray = preg_split('/(:|@|\/)/', $joomlaserverinfo);
 $joomlalogin = $joomlaserverinfoarray[0];
 $joomlapass = $joomlaserverinfoarray[1];

scripts/website/regenerate-pages.php

@@ -58,8 +58,18 @@
 include_once DOL_DOCUMENT_ROOT.'/website/class/websitepage.class.php';
 include_once DOL_DOCUMENT_ROOT.'/core/lib/website2.lib.php';
 
+
+/*
+ * Main
+ */
+
 $langs->load('main');
 
+if (!empty($dolibarr_main_db_readonly)) {
+	print "Error: instance in read-onyl mode\n";
+	exit(-1);
+}
+
 $website = new Website($db);
 $result = $website->fetch(0, $websiteref);
 if ($result <= 0) {