diff --git a/htdocs/api/class/api_access.class.php b/htdocs/api/class/api_access.class.php
index 6874d3faaed..541682101c6 100644
--- a/htdocs/api/class/api_access.class.php
+++ b/htdocs/api/class/api_access.class.php
@@ -144,6 +144,7 @@ class DolibarrApiAccess implements iAuthenticate
throw new RestException(503, 'Error when searching login user from api key');
}
+
$genericmessageerroruser = 'Error user not valid (not found or bad status or bad validity dates) (conf->entity='.$conf->entity.')';
$fuser = new User($this->db);
@@ -151,8 +152,12 @@ class DolibarrApiAccess implements iAuthenticate
if ($result <= 0) {
throw new RestException(503, $genericmessageerroruser);
}
- if ($fuser->statut == 0) {
- throw new RestException(503, 'Error when fetching user. This user has been locked or disabled');
+
+ // Check if user status is enabled
+ if ($fuser->statut != $fuser::STATUS_ENABLED) {
+ // Status is disabled
+ dol_syslog("The user has been disabled");
+ throw new RestException(503, $genericmessageerroruser);
}
// Check if session was unvalidated by a password change
diff --git a/htdocs/dav/fileserver.php b/htdocs/dav/fileserver.php
index 15d9cd1764f..af23fde5fff 100644
--- a/htdocs/dav/fileserver.php
+++ b/htdocs/dav/fileserver.php
@@ -131,6 +131,13 @@ $authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(function ($username, $p
return false;
}
+ // Check if user status is enabled
+ if ($user->statut != $user::STATUS_ENABLED) {
+ // Status is disabled
+ dol_syslog("The user has been disabled.");
+ return false;
+ }
+
// Check if session was unvalidated by a password change
if (($user->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION["dol_logindate"])) {
// Session is no more valid
diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang
index b779c901b54..240dd7c4c41 100644
--- a/htdocs/langs/en_US/errors.lang
+++ b/htdocs/langs/en_US/errors.lang
@@ -303,7 +303,7 @@ ErrorValueForTooLow=Value for %s is too low
ErrorValueCantBeNull=Value for %s can't be null
ErrorDateOfMovementLowerThanDateOfFileTransmission=The date of the bank transaction can't be lower than the date of the file transmission
ErrorTooMuchFileInForm=Too much files in form, the maximum number is %s file(s)
-ErrorSessionInvalidatedAfterPasswordChange=The session was invalidated after a password change. Please relogin.
+ErrorSessionInvalidatedAfterPasswordChange=The session was invalidated after a password or dates of validity change. Please relogin.
# Warnings
WarningParamUploadMaxFileSizeHigherThanPostMaxSize=Your PHP parameter upload_max_filesize (%s) is higher than PHP parameter post_max_size (%s). This is not a consistent setup.
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 24ce10ea7c1..8a4efc8466b 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -881,7 +881,7 @@ if (!defined('NOLOGIN')) {
$resultFetchUser = $user->fetch('', $login, '', 1, ($entitytotest > 0 ? $entitytotest : -1)); // value for $login was retrieved previously when checking password.
if ($resultFetchUser <= 0 || $user->isNotIntoValidityDateRange()) {
- dol_syslog('User not found, connexion refused');
+ dol_syslog('User not found or not valid, connexion refused');
session_destroy();
session_set_cookie_params(0, '/', null, (empty($dolibarr_main_force_https) ? false : true), true); // Add tag secure and httponly on session cookie
session_name($sessionname);
@@ -949,15 +949,22 @@ if (!defined('NOLOGIN')) {
dol_syslog("- This is an already logged session. _SESSION['dol_login']=".$login." _SESSION['dol_entity']=".$entity, LOG_DEBUG);
$resultFetchUser = $user->fetch('', $login, '', 1, ($entity > 0 ? $entity : -1));
+
+ //var_dump(dol_print_date($user->flagdelsessionsbefore, 'dayhour', 'gmt')." ".dol_print_date($_SESSION["dol_logindate"], 'dayhour', 'gmt'));
+
if ($resultFetchUser <= 0
|| ($user->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION["dol_logindate"])
- || ($user->isNotIntoValidtyDateRange())) {
+ || ($user->status != $user::STATUS_ENABLED)
+ || ($user->isNotIntoValidityDateRange())) {
if ($resultFetchUser <= 0) {
// Account has been removed after login
dol_syslog("Can't load user even if session logged. _SESSION['dol_login']=".$login, LOG_WARNING);
} elseif ($user->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION["dol_logindate"]) {
// Session is no more valid
dol_syslog("The user has a date for session invalidation = ".$user->flagdelsessionsbefore." and a session date = ".$_SESSION["dol_logindate"].". We must invalidate its sessions.");
+ } elseif ($user->status != $user::STATUS_ENABLED) {
+ // User is not enabled
+ dol_syslog("The user login is disabled");
} else {
// User validity dates are no more valid
dol_syslog("The user login has a validity between [".$user->datestartvalidity." and ".$user->dateendvalidity."], curren date is ".dol_now());
diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index f8d437d4fa0..2893378bdd9 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -2702,24 +2702,26 @@ class User extends CommonObject
* Return a link with photo
* Use this->id,this->photo
*
- * @return int 0=No more valid, >0 if OK
+ * @return int 0=Valid, >0 if not valid
*/
- public function isNotIntoValidtyDateRange()
+ public function isNotIntoValidityDateRange()
{
include_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
$now = dol_now();
+ //dol_syslog("isNotIntoValidityDateRange ".$this->datestartvalidity);
+
// Check date start validity
if ($this->datestartvalidity && $this->datestartvalidity > dol_get_last_hour($now)) {
- return 0;
+ return 1;
}
// Check date end validity
if ($this->dateendvalidity && $this->dateendvalidity < dol_get_first_hour($now)) {
- return 0;
+ return 1;
}
- return 1;
+ return 0;
}