From 4a1153dc496692b8c2d00e84ea25e026b1dcb4ea Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 23 May 2023 01:35:30 +0200 Subject: [PATCH] Use a dedicated sendcontext when sending email for password reset --- htdocs/core/class/CMailFile.class.php | 4 ++-- htdocs/user/class/user.class.php | 21 ++++++++++++--------- htdocs/user/passwordforgotten.php | 4 ++-- 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/htdocs/core/class/CMailFile.class.php b/htdocs/core/class/CMailFile.class.php index 7b801a78cd0..65494e09e11 100644 --- a/htdocs/core/class/CMailFile.class.php +++ b/htdocs/core/class/CMailFile.class.php @@ -164,7 +164,7 @@ class CMailFile * @param string $css Css option * @param string $trackid Tracking string (contains type and id of related element) * @param string $moreinheader More in header. $moreinheader must contains the "\r\n" (TODO not supported for other MAIL_SEND_MODE different than 'mail' and 'smtps' for the moment) - * @param string $sendcontext 'standard', 'emailing', ... (used to define which sending mode and parameters to use) + * @param string $sendcontext 'standard', 'emailing', 'ticket', 'password', ... (used to define which sending mode and parameters to use) * @param string $replyto Reply-to email (will be set to same value than From by default if not provided) * @param string $upload_dir_tmp Temporary directory (used to convert images embedded as img src=data:image) */ @@ -187,7 +187,7 @@ class CMailFile $this->sendcontext = $sendcontext; - // Define this->sendmode ('mail', 'smtps', 'siwftmailer', ...) according to $sendcontext ('standard', 'emailing', 'ticket') + // Define this->sendmode ('mail', 'smtps', 'swiftmailer', ...) according to $sendcontext ('standard', 'emailing', 'ticket', 'password') $this->sendmode = ''; if (!empty($this->sendcontext)) { $smtpContextKey = strtoupper($this->sendcontext); diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index af624e6b149..1e604f58865 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -2388,7 +2388,7 @@ class User extends CommonObject // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps /** - * Send new password by email + * Send a new password (or instructions to reset it) by email * * @param User $user Object user that send the email (not the user we send to) @todo object $user is not used ! * @param string $password New password @@ -2437,8 +2437,12 @@ class User extends CommonObject if (!$changelater) { $url = $urlwithroot.'/'; - if (!empty($conf->global->URL_REDIRECTION_AFTER_CHANGEPASSWORD)) + if (!empty($conf->global->URL_REDIRECTION_AFTER_CHANGEPASSWORD)) { $url = $conf->global->URL_REDIRECTION_AFTER_CHANGEPASSWORD; + } + + dol_syslog(get_class($this)."::send_password changelater is off, url=".$url); + $mesg .= $outputlangs->transnoentitiesnoconv("RequestToResetPasswordReceived").".\n"; $mesg .= $outputlangs->transnoentitiesnoconv("NewKeyIs")." :\n\n"; $mesg .= $outputlangs->transnoentitiesnoconv("Login")." = ".$this->login."\n"; @@ -2448,11 +2452,7 @@ class User extends CommonObject $mesg .= $outputlangs->transnoentitiesnoconv("ClickHereToGoTo", $appli).': '.$url."\n\n"; $mesg .= "--\n"; $mesg .= $user->getFullName($outputlangs); // Username that send the email (not the user for who we want to reset password) - - dol_syslog(get_class($this)."::send_password changelater is off, url=".$url); } else { - global $conf; - //print $password.'-'.$this->id.'-'.$conf->file->instance_unique_id; $url = $urlwithroot.'/user/passwordforgotten.php?action=validatenewpassword'; $url .= '&username='.urlencode($this->login)."&passworduidhash=".urlencode(dol_hash($password.'-'.$this->id.'-'.$conf->file->instance_unique_id)); @@ -2460,6 +2460,8 @@ class User extends CommonObject $url .= '&entity='.(!empty($this->entity) ? $this->entity : 1); } + dol_syslog(get_class($this)."::send_password changelater is on, url=".$url); + $msgishtml = 1; $mesg .= $outputlangs->transnoentitiesnoconv("RequestToResetPasswordReceived")."
\n"; @@ -2470,11 +2472,10 @@ class User extends CommonObject $mesg .= $outputlangs->transnoentitiesnoconv("YouMustClickToChange")." :
\n"; $mesg .= ''.$outputlangs->transnoentitiesnoconv("ConfirmPasswordChange").''."
\n
\n"; $mesg .= $outputlangs->transnoentitiesnoconv("ForgetIfNothing")."
\n
\n"; - - dol_syslog(get_class($this)."::send_password changelater is on, url=".$url); } $trackid = 'use'.$this->id; + $sendcontext = 'password'; $mailfile = new CMailFile( $subject, @@ -2490,7 +2491,9 @@ class User extends CommonObject $msgishtml, '', '', - $trackid + $trackid, + '', + $sendcontext ); if ($mailfile->sendfile()) { diff --git a/htdocs/user/passwordforgotten.php b/htdocs/user/passwordforgotten.php index c7a132feee2..0298c6614fd 100644 --- a/htdocs/user/passwordforgotten.php +++ b/htdocs/user/passwordforgotten.php @@ -142,12 +142,12 @@ if (empty($reshook)) { $messagewarning .= ''; if ($result <= 0 && $edituser->error == 'USERNOTFOUND') { - usleep(20000); // add delay to simulate setPassword and send_password actions delay (0.02s) + usleep(20000); // add delay to simulate setPassword() and send_password() actions delay (0.02s) $message .= $messagewarning; $username = ''; } else { if (empty($edituser->email)) { - usleep(20000); // add delay to simulate setPassword and send_password actions delay (0.02s) + usleep(20000); // add delay to simulate setPassword() and send_password() actions delay (0.02s) $message .= $messagewarning; } else { $newpassword = $edituser->setPassword($user, '', 1);