forked from Wavyzz/dolibarr
Qual: Fix spelling for crypted and referer (#27408)
# Qual: Fix spelling for crypted and referer. The proper spelling is encrypted and referrer, but the code has some occurences where referer and crypted need to be maintained. To make verification easier, this spelling correction is limited to mostly these corrections and some minor translations and a only a few other corrections. crypted and referer are added as exceptions for spelling after this fix. Co-authored-by: Laurent Destailleur <eldy@destailleur.fr>
This commit is contained in:
MDW
@@ -1118,8 +1118,8 @@ class Adherent extends CommonObject
|
||||
*
|
||||
* @param User $user Object user de l'utilisateur qui fait la modification
|
||||
* @param string $password New password (to generate if empty)
|
||||
* @param int $isencrypted 0 ou 1 si il faut crypter le mot de passe en base (0 par defaut)
|
||||
* @param int $notrigger 1=Ne declenche pas les triggers
|
||||
* @param int $isencrypted 0 ou 1 if the password needs to be encrypted in the DB (default: 0)
|
||||
* @param int $notrigger 1=Does not raise the triggers
|
||||
* @param int $nosyncuser Do not synchronize linked user
|
||||
* @return string If OK return clear password, 0 if no change, < 0 if error
|
||||
*/
|
||||
@@ -2812,7 +2812,7 @@ class Adherent extends CommonObject
|
||||
// When password is modified
|
||||
if (!empty($this->pass)) {
|
||||
if (getDolGlobalString('LDAP_MEMBER_FIELD_PASSWORD')) {
|
||||
$info[getDolGlobalString('LDAP_MEMBER_FIELD_PASSWORD')] = $this->pass; // this->pass = mot de passe non crypte
|
||||
$info[getDolGlobalString('LDAP_MEMBER_FIELD_PASSWORD')] = $this->pass; // this->pass = Unencrypted password
|
||||
}
|
||||
if (getDolGlobalString('LDAP_MEMBER_FIELD_PASSWORD_CRYPTED')) {
|
||||
$info[getDolGlobalString('LDAP_MEMBER_FIELD_PASSWORD_CRYPTED')] = dol_hash($this->pass, 'openldap'); // Create OpenLDAP password (see LDAP_PASSWORD_HASH_TYPE)
|
||||
@@ -2832,7 +2832,7 @@ class Adherent extends CommonObject
|
||||
} elseif (!empty($this->pass_indatabase)) {
|
||||
// Use $this->pass_indatabase value if exists
|
||||
if (getDolGlobalString('LDAP_MEMBER_FIELD_PASSWORD')) {
|
||||
$info[getDolGlobalString('LDAP_MEMBER_FIELD_PASSWORD')] = $this->pass_indatabase; // $this->pass_indatabase = mot de passe non crypte
|
||||
$info[getDolGlobalString('LDAP_MEMBER_FIELD_PASSWORD')] = $this->pass_indatabase; // $this->pass_indatabase = Unencrypted password
|
||||
}
|
||||
if (getDolGlobalString('LDAP_MEMBER_FIELD_PASSWORD_CRYPTED')) {
|
||||
$info[getDolGlobalString('LDAP_MEMBER_FIELD_PASSWORD_CRYPTED')] = dol_hash($this->pass_indatabase, 'openldap'); // Create OpenLDAP password (see LDAP_PASSWORD_HASH_TYPE)
|
||||
|
||||
@@ -122,7 +122,7 @@ print '<table class="border centpercent tableforfield">';
|
||||
// Login
|
||||
print '<tr><td class="titlefield">'.$langs->trans("Login").' / '.$langs->trans("Id").'</td><td class="valeur">'.$object->login.' </td></tr>';
|
||||
|
||||
// If there is a link to password not crypted, we show value in database here so we can compare because it is shown nowhere else
|
||||
// If there is a link to the unencrypted password, we show the value in database here so we can compare because it is shown nowhere else
|
||||
if (getDolGlobalString('LDAP_MEMBER_FIELD_PASSWORD')) {
|
||||
print '<tr><td>'.$langs->trans("LDAPFieldPasswordNotCrypted").'</td>';
|
||||
print '<td class="valeur">'.$object->pass.'</td>';
|
||||
|
||||
@@ -268,14 +268,14 @@ print '</td><td>'.$langs->trans("LDAPFieldLoginSambaExample").'</td>';
|
||||
print '<td class="right"><input type="radio" name="key" value="LDAP_MEMBER_FIELD_LOGIN_SAMBA"'.(($conf->global->LDAP_KEY_MEMBERS && $conf->global->LDAP_KEY_MEMBERS == $conf->global->LDAP_MEMBER_FIELD_LOGIN_SAMBA) ? ' checked' : '')."></td>";
|
||||
print '</tr>';
|
||||
|
||||
// Password not crypted
|
||||
// Password not encrypted
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("LDAPFieldPasswordNotCrypted").'</td><td>';
|
||||
print '<input size="25" type="text" name="fieldpassword" value="' . getDolGlobalString('LDAP_MEMBER_FIELD_PASSWORD').'">';
|
||||
print '</td><td>'.$langs->trans("LDAPFieldPasswordExample").'</td>';
|
||||
print '<td class="right"> </td>';
|
||||
print '</tr>';
|
||||
|
||||
// Password crypted
|
||||
// Password encrypted
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("LDAPFieldPasswordCrypted").'</td><td>';
|
||||
print '<input size="25" type="text" name="fieldpasswordcrypted" value="' . getDolGlobalString('LDAP_MEMBER_FIELD_PASSWORD_CRYPTED').'">';
|
||||
print '</td><td>'.$langs->trans("LDAPFieldPasswordExample").'</td>';
|
||||
|
||||
@@ -256,14 +256,14 @@ print '</td><td>'.$langs->trans("LDAPFieldLoginSambaExample").'</td>';
|
||||
print '<td class="right"><input type="radio" name="key" value="LDAP_FIELD_LOGIN_SAMBA"'.(getDolGlobalString('LDAP_KEY_USERS') == getDolGlobalString('LDAP_FIELD_LOGIN_SAMBA') ? ' checked' : '')."></td>";
|
||||
print '</tr>';
|
||||
|
||||
// Password not crypted
|
||||
// Password not encrypted
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("LDAPFieldPasswordNotCrypted").'</td><td>';
|
||||
print '<input size="25" type="text" name="fieldpassword" value="'.getDolGlobalString('LDAP_FIELD_PASSWORD').'">';
|
||||
print '</td><td>'.$langs->trans("LDAPFieldPasswordExample").'</td>';
|
||||
print '<td class="right"> </td>';
|
||||
print '</tr>';
|
||||
|
||||
// Password crypted
|
||||
// Password encrypted
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("LDAPFieldPasswordCrypted").'</td><td>';
|
||||
print '<input size="25" type="text" name="fieldpasswordcrypted" value="'.getDolGlobalString('LDAP_FIELD_PASSWORD_CRYPTED').'">';
|
||||
print '</td><td>'.$langs->trans("LDAPFieldPasswordExample").'</td>';
|
||||
|
||||
@@ -37,7 +37,7 @@ if (!$user->admin) {
|
||||
accessforbidden();
|
||||
}
|
||||
|
||||
// Allow/Disallow change to clear passwords once passwords are crypted
|
||||
// Allow/Disallow change to clear passwords once passwords are encrypted
|
||||
$allow_disable_encryption = true;
|
||||
|
||||
|
||||
|
||||
@@ -319,7 +319,7 @@ $dolibarr_main_restrict_ip='';
|
||||
// This might be required if you access Dolibarr behind a proxy that make bad URL rewriting, to avoid false alarms.
|
||||
// In most cases, you should always keep this to 0.
|
||||
// Default value: 0
|
||||
// Possible values: 0 or 1 (no strict CSRF test, only test on referer) or 2 (no CSRF test at all)
|
||||
// Possible values: 0 or 1 (no strict CSRF test, only test on referrer) or 2 (no CSRF test at all)
|
||||
// Examples:
|
||||
// $dolibarr_nocsrfcheck='0';
|
||||
//
|
||||
|
||||
@@ -158,7 +158,7 @@ print '<div class="underbanner clearboth"></div>';
|
||||
|
||||
|
||||
/*
|
||||
* Referers types
|
||||
* Referrers types
|
||||
*/
|
||||
|
||||
$title=$langs->trans("ListTicketsLinkToContract");
|
||||
|
||||
@@ -6469,7 +6469,7 @@ abstract class CommonObject
|
||||
case 'password':
|
||||
$algo = '';
|
||||
if ($this->array_options[$key] != '' && is_array($extrafields->attributes[$this->table_element]['param'][$attributeKey]['options'])) {
|
||||
// If there is an encryption choice, we use it to crypt data before insert
|
||||
// If there is an encryption choice, we use it to encrypt data before insert
|
||||
$tmparrays = array_keys($extrafields->attributes[$this->table_element]['param'][$attributeKey]['options']);
|
||||
$algo = reset($tmparrays);
|
||||
if ($algo != '') {
|
||||
@@ -6479,7 +6479,7 @@ abstract class CommonObject
|
||||
if (is_object($this->oldcopy)) { // If this->oldcopy is not defined, we can't know if we change attribute or not, so we must keep value
|
||||
//var_dump('iii'.$algo.' '.$this->oldcopy->array_options[$key].' -> '.$this->array_options[$key]);
|
||||
if (isset($this->oldcopy->array_options[$key]) && $this->array_options[$key] == $this->oldcopy->array_options[$key]) {
|
||||
// If old value crypted in database is same than submitted new value, it means we don't change it, so we don't update.
|
||||
// If old value encrypted in database is same than submited new value, it means we don't change it, so we don't update.
|
||||
if ($algo == 'dolcrypt') { // dolibarr reversible encryption
|
||||
if (!preg_match('/^dolcrypt:/', $this->array_options[$key])) {
|
||||
$new_array_options[$key] = dolEncrypt($this->array_options[$key]); // warning, must be called when on the master
|
||||
@@ -6893,7 +6893,7 @@ abstract class CommonObject
|
||||
case 'password':
|
||||
$algo = '';
|
||||
if ($this->array_options["options_".$key] != '' && is_array($extrafields->attributes[$this->table_element]['param'][$attributeKey]['options'])) {
|
||||
// If there is an encryption choice, we use it to crypt data before insert
|
||||
// If there is an encryption choice, we use it to encrypt data before insert
|
||||
$tmparrays = array_keys($extrafields->attributes[$this->table_element]['param'][$attributeKey]['options']);
|
||||
$algo = reset($tmparrays);
|
||||
if ($algo != '') {
|
||||
@@ -6903,7 +6903,7 @@ abstract class CommonObject
|
||||
//var_dump($key.' '.$this->array_options["options_".$key].' '.$algo);
|
||||
if (is_object($this->oldcopy)) { // If this->oldcopy is not defined, we can't know if we change attribute or not, so we must keep value
|
||||
//var_dump($this->oldcopy->array_options["options_".$key]); var_dump($this->array_options["options_".$key]);
|
||||
if (isset($this->oldcopy->array_options["options_".$key]) && $this->array_options["options_".$key] == $this->oldcopy->array_options["options_".$key]) { // If old value crypted in database is same than submitted new value, it means we don't change it, so we don't update.
|
||||
if (isset($this->oldcopy->array_options["options_".$key]) && $this->array_options["options_".$key] == $this->oldcopy->array_options["options_".$key]) { // If old value encrypted in database is same than submited new value, it means we don't change it, so we don't update.
|
||||
if ($algo == 'dolcrypt') { // dolibarr reversible encryption
|
||||
if (!preg_match('/^dolcrypt:/', $this->array_options["options_".$key])) {
|
||||
$new_array_options["options_".$key] = dolEncrypt($this->array_options["options_".$key]); // warning, must be called when on the master
|
||||
|
||||
@@ -92,7 +92,7 @@ function dol_decode($chain, $key = '1')
|
||||
}
|
||||
|
||||
/**
|
||||
* Return a string of random bytes (hexa string) with length = $length fro cryptographic purposes.
|
||||
* Return a string of random bytes (hexa string) with length = $length for cryptographic purposes.
|
||||
*
|
||||
* @param int $length Length of random string
|
||||
* @return string Random string
|
||||
@@ -130,7 +130,7 @@ function dolEncrypt($chain, $key = '', $ciphering = 'AES-256-CTR', $forceseed =
|
||||
|
||||
$reg = array();
|
||||
if (preg_match('/^dolcrypt:([^:]+):(.+)$/', $chain, $reg)) {
|
||||
// The $chain is already a crypted string
|
||||
// The $chain is already a encrypted string
|
||||
return $chain;
|
||||
}
|
||||
|
||||
|
||||
@@ -335,11 +335,11 @@ if (!function_exists('dol_loginfunction')) {
|
||||
}
|
||||
|
||||
/**
|
||||
* Fonction pour initialiser un salt pour la fonction crypt.
|
||||
* Initialise the salt for the crypt function.
|
||||
*
|
||||
* @param int $type 2=>renvoi un salt pour cryptage DES
|
||||
* 12=>renvoi un salt pour cryptage MD5
|
||||
* non defini=>renvoi un salt pour cryptage par defaut
|
||||
* @param int $type 2 =>Return a salt for DES encryption
|
||||
* 12=>Return a salt for MD5 encryption
|
||||
* Undefined=>Return a salt for default encryption
|
||||
* @return string Salt string
|
||||
*/
|
||||
function makesalt($type = CRYPT_SALT_LENGTH)
|
||||
@@ -351,7 +351,7 @@ function makesalt($type = CRYPT_SALT_LENGTH)
|
||||
$saltprefix = '$1$';
|
||||
$saltsuffix = '$';
|
||||
break;
|
||||
case 8: // 8 (Pour compatibilite, ne devrait pas etre utilise)
|
||||
case 8: // 8 (For compatibility, do not use this)
|
||||
$saltlen = 8;
|
||||
$saltprefix = '$1$';
|
||||
$saltsuffix = '$';
|
||||
@@ -393,7 +393,7 @@ function encodedecode_dbpassconf($level = 0)
|
||||
$lineofpass = 0;
|
||||
|
||||
$reg = array();
|
||||
if (preg_match('/^[^#]*dolibarr_main_db_encrypted_pass[\s]*=[\s]*(.*)/i', $buffer, $reg)) { // Old way to save crypted value
|
||||
if (preg_match('/^[^#]*dolibarr_main_db_encrypted_pass[\s]*=[\s]*(.*)/i', $buffer, $reg)) { // Old way to save encrypted value
|
||||
$val = trim($reg[1]); // This also remove CR/LF
|
||||
$val = preg_replace('/^["\']/', '', $val);
|
||||
$val = preg_replace('/["\'][\s;]*$/', '', $val);
|
||||
|
||||
@@ -110,7 +110,7 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes
|
||||
if (!in_array($cryptType, array('auto'))) {
|
||||
$cryptType = 'auto';
|
||||
}
|
||||
// Check crypted password according to crypt algorithm
|
||||
// Check encrypted password according to encryption algorithm
|
||||
if ($cryptType == 'auto') {
|
||||
if ($passcrypted && dol_verifyHash($passtyped, $passcrypted, '0')) {
|
||||
$passok = true;
|
||||
|
||||
@@ -236,8 +236,8 @@ if (!defined('NOCSRFCHECK') && isset($dolibarr_nocsrfcheck) && $dolibarr_nocsrfc
|
||||
if ($csrfattack) {
|
||||
//print 'NOCSRFCHECK='.defined('NOCSRFCHECK').' REQUEST_METHOD='.$_SERVER['REQUEST_METHOD'].' HTTP_HOST='.$_SERVER['HTTP_HOST'].' HTTP_REFERER='.$_SERVER['HTTP_REFERER'];
|
||||
// Note: We can't use dol_escape_htmltag here to escape output because lib functions.lib.ph is not yet loaded.
|
||||
dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"])?'':$_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (Bad referer).", LOG_WARNING);
|
||||
print "Access refused by CSRF protection in main.inc.php. Referer of form (".htmlentities($_SERVER['HTTP_REFERER'], ENT_COMPAT, 'UTF-8').") is outside the server that serve this page (with method = ".htmlentities($_SERVER['REQUEST_METHOD'], ENT_COMPAT, 'UTF-8').").\n";
|
||||
dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"])?'':$_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (Bad referrer).", LOG_WARNING);
|
||||
print "Access refused by CSRF protection in main.inc.php. Referrer of form (".htmlentities($_SERVER['HTTP_REFERER'], ENT_COMPAT, 'UTF-8').") is outside the server that serve this page (with method = ".htmlentities($_SERVER['REQUEST_METHOD'], ENT_COMPAT, 'UTF-8').").\n";
|
||||
print "If you access your server behind a proxy using url rewriting, you might check that all HTTP headers are propagated (or add the line \$dolibarr_nocsrfcheck=1 into your conf.php file to remove this security check).\n";
|
||||
die;
|
||||
}
|
||||
@@ -372,7 +372,7 @@ if ((!empty($dolibarr_main_db_pass) && preg_match('/crypted:/i', $dolibarr_main_
|
||||
if (!empty($dolibarr_main_db_pass) && preg_match('/crypted:/i', $dolibarr_main_db_pass)) {
|
||||
$dolibarr_main_db_pass = preg_replace('/crypted:/i', '', $dolibarr_main_db_pass);
|
||||
$dolibarr_main_db_pass = dol_decode($dolibarr_main_db_pass);
|
||||
$dolibarr_main_db_encrypted_pass = $dolibarr_main_db_pass; // We need to set this so we can use it later to know the password was initially crypted
|
||||
$dolibarr_main_db_encrypted_pass = $dolibarr_main_db_pass; // We need to set this so we can use it later to know the password was initially encrypted
|
||||
} else {
|
||||
$dolibarr_main_db_pass = dol_decode($dolibarr_main_db_encrypted_pass);
|
||||
}
|
||||
|
||||
@@ -187,7 +187,7 @@ if (!function_exists('ftp_connect')) {
|
||||
print '<tr class="oddeven">';
|
||||
print '<td width="100">'.$langs->trans("Port").'</td>';
|
||||
print '<td><input type="text" name="FTP_PORT_'.($lastftpentry + 1).'" value="'.GETPOST("FTP_PORT_".($lastftpentry + 1)).'" size="64"></td>';
|
||||
print '<td>21 for pure non crypted FTP or if option FTP_CONNECT_WITH_SSL (See Home-Setup-Other) is on (FTPS)<br>22 if option FTP_CONNECT_WITH_SFTP (See Home-Setup-Other) is on (SFTP)</td>';
|
||||
print '<td>21 for pure non encrypted FTP or if option FTP_CONNECT_WITH_SSL (See Home-Setup-Other) is on (FTPS)<br>22 if option FTP_CONNECT_WITH_SFTP (See Home-Setup-Other) is on (SFTP)</td>';
|
||||
print '</tr>';
|
||||
|
||||
print '<tr class="oddeven">';
|
||||
|
||||
@@ -347,7 +347,7 @@ if (!file_exists($conffile)) {
|
||||
if (preg_match('/crypted:/i', $dolibarr_main_db_pass) || !empty($dolibarr_main_db_encrypted_pass)) {
|
||||
require_once $dolibarr_main_document_root.'/core/lib/security.lib.php';
|
||||
if (preg_match('/crypted:/i', $dolibarr_main_db_pass)) {
|
||||
$dolibarr_main_db_encrypted_pass = preg_replace('/crypted:/i', '', $dolibarr_main_db_pass); // We need to set this as it is used to know the password was initially crypted
|
||||
$dolibarr_main_db_encrypted_pass = preg_replace('/crypted:/i', '', $dolibarr_main_db_pass); // We need to set this as it is used to know the password was initially encrypted
|
||||
$dolibarr_main_db_pass = dol_decode($dolibarr_main_db_encrypted_pass);
|
||||
} else {
|
||||
$dolibarr_main_db_pass = dol_decode($dolibarr_main_db_encrypted_pass);
|
||||
|
||||
@@ -111,7 +111,7 @@ if (preg_match('/crypted:/i', $dolibarr_main_db_pass) || !empty($dolibarr_main_d
|
||||
if (preg_match('/crypted:/i', $dolibarr_main_db_pass)) {
|
||||
$dolibarr_main_db_pass = preg_replace('/crypted:/i', '', $dolibarr_main_db_pass);
|
||||
$dolibarr_main_db_pass = dol_decode($dolibarr_main_db_pass);
|
||||
$dolibarr_main_db_encrypted_pass = $dolibarr_main_db_pass; // We need to set this as it is used to know the password was initially crypted
|
||||
$dolibarr_main_db_encrypted_pass = $dolibarr_main_db_pass; // We need to set this as it is used to know the password was initially encrypted
|
||||
} else {
|
||||
$dolibarr_main_db_pass = dol_decode($dolibarr_main_db_encrypted_pass);
|
||||
}
|
||||
|
||||
@@ -145,7 +145,7 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i', $action)) {
|
||||
if (!empty($dolibarr_main_db_pass) && preg_match('/crypted:/i', $dolibarr_main_db_pass)) {
|
||||
$dolibarr_main_db_pass = preg_replace('/crypted:/i', '', $dolibarr_main_db_pass);
|
||||
$dolibarr_main_db_pass = dol_decode($dolibarr_main_db_pass);
|
||||
$dolibarr_main_db_encrypted_pass = $dolibarr_main_db_pass; // We need to set this as it is used to know the password was initially crypted
|
||||
$dolibarr_main_db_encrypted_pass = $dolibarr_main_db_pass; // We need to set this as it is used to know the password was initially encrypted
|
||||
} else {
|
||||
$dolibarr_main_db_pass = dol_decode($dolibarr_main_db_encrypted_pass);
|
||||
}
|
||||
|
||||
@@ -123,13 +123,13 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
|
||||
if (!empty($dolibarr_main_db_pass) && preg_match('/crypted:/i', $dolibarr_main_db_pass)) {
|
||||
$dolibarr_main_db_pass = preg_replace('/crypted:/i', '', $dolibarr_main_db_pass);
|
||||
$dolibarr_main_db_pass = dol_decode($dolibarr_main_db_pass);
|
||||
$dolibarr_main_db_encrypted_pass = $dolibarr_main_db_pass; // We need to set this as it is used to know the password was initially crypted
|
||||
$dolibarr_main_db_encrypted_pass = $dolibarr_main_db_pass; // We need to set this as it is used to know the password was initially encrypted
|
||||
} else {
|
||||
$dolibarr_main_db_pass = dol_decode($dolibarr_main_db_encrypted_pass);
|
||||
}
|
||||
}
|
||||
|
||||
// $conf is already instancied inside inc.php
|
||||
// $conf is already instantiated inside inc.php
|
||||
$conf->db->type = $dolibarr_main_db_type;
|
||||
$conf->db->host = $dolibarr_main_db_host;
|
||||
$conf->db->port = $dolibarr_main_db_port;
|
||||
|
||||
@@ -130,13 +130,13 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
|
||||
if (!empty($dolibarr_main_db_pass) && preg_match('/crypted:/i', $dolibarr_main_db_pass)) {
|
||||
$dolibarr_main_db_pass = preg_replace('/crypted:/i', '', $dolibarr_main_db_pass);
|
||||
$dolibarr_main_db_pass = dol_decode($dolibarr_main_db_pass);
|
||||
$dolibarr_main_db_encrypted_pass = $dolibarr_main_db_pass; // We need to set this as it is used to know the password was initially crypted
|
||||
$dolibarr_main_db_encrypted_pass = $dolibarr_main_db_pass; // We need to set this as it is used to know the password was initially encrypted
|
||||
} else {
|
||||
$dolibarr_main_db_pass = dol_decode($dolibarr_main_db_encrypted_pass);
|
||||
}
|
||||
}
|
||||
|
||||
// $conf is already instancied inside inc.php
|
||||
// $conf is already instanciated inside inc.php
|
||||
$conf->db->type = $dolibarr_main_db_type;
|
||||
$conf->db->host = $dolibarr_main_db_host;
|
||||
$conf->db->port = $dolibarr_main_db_port;
|
||||
|
||||
@@ -595,7 +595,7 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt(
|
||||
$sessiontokenforthisurl = (empty($_SESSION['token']) ? '' : $_SESSION['token']);
|
||||
// TODO Get the sessiontokenforthisurl into an array of session token (one array per base URL so we can use the CSRF per page and we keep ability for several tabs per url in a browser)
|
||||
if (GETPOSTISSET('token') && GETPOST('token') != 'notrequired' && GETPOST('token', 'alpha') != $sessiontokenforthisurl) {
|
||||
dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (invalid token), so we disable POST and some GET parameters - referer=".(empty($_SERVER['HTTP_REFERER'])?'':$_SERVER['HTTP_REFERER']).", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha'), LOG_WARNING);
|
||||
dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (invalid token), so we disable POST and some GET parameters - referrer=".(empty($_SERVER['HTTP_REFERER'])?'':$_SERVER['HTTP_REFERER']).", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha'), LOG_WARNING);
|
||||
//dol_syslog("_SESSION['token']=".$sessiontokenforthisurl, LOG_DEBUG);
|
||||
// Do not output anything on standard output because this create problems when using the BACK button on browsers. So we just set a message into session.
|
||||
if (!defined('NOTOKENRENEWAL')) {
|
||||
@@ -1347,7 +1347,7 @@ if (!defined('NOLOGIN')) {
|
||||
}
|
||||
|
||||
dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"].' - action='.GETPOST('action', 'aZ09').', massaction='.GETPOST('massaction', 'aZ09').(defined('NOTOKENRENEWAL') ? ' NOTOKENRENEWAL='.constant('NOTOKENRENEWAL') : ''), LOG_NOTICE);
|
||||
//Another call for easy debugg
|
||||
//Another call for easy debug
|
||||
//dol_syslog("Access to ".$_SERVER["PHP_SELF"].' '.$_SERVER["HTTP_REFERER"].' GET='.join(',',array_keys($_GET)).'->'.join(',',$_GET).' POST:'.join(',',array_keys($_POST)).'->'.join(',',$_POST));
|
||||
|
||||
// Load main languages files
|
||||
|
||||
@@ -376,7 +376,7 @@ print dol_get_fiche_end();
|
||||
print '<br>';
|
||||
|
||||
/*
|
||||
* Referers types
|
||||
* Referrer types
|
||||
*/
|
||||
|
||||
$listofreferent = array(
|
||||
|
||||
@@ -1886,7 +1886,7 @@ if ($action == 'create' || $action == 'adduserldap') {
|
||||
if ($user->admin && $user->id == $object->id) {
|
||||
$valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '');
|
||||
$valuetoshow .= '<span class="opacitymedium">'.$langs->trans("Hidden").'</span>';
|
||||
$valuetoshow .= '<!-- Crypted into '.$object->pass_indatabase_crypted.' -->';
|
||||
$valuetoshow .= '<!-- Encrypted into '.$object->pass_indatabase_crypted.' -->';
|
||||
} else {
|
||||
$valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '');
|
||||
$valuetoshow .= '<span class="opacitymedium">'.$langs->trans("Hidden").'</span>';
|
||||
|
||||
@@ -193,7 +193,7 @@ class User extends CommonObject
|
||||
public $pass;
|
||||
|
||||
/**
|
||||
* @var string Crypted password in memory
|
||||
* @var string Encrypted password in memory
|
||||
*/
|
||||
public $pass_crypted;
|
||||
|
||||
@@ -1842,7 +1842,7 @@ class User extends CommonObject
|
||||
if (is_int($newpass) && $newpass < 0) {
|
||||
$result = -2;
|
||||
}
|
||||
} elseif (!empty($this->pass_crypted)) { // If a crypted password is already known, we save it directly into database because the previous create did not save it.
|
||||
} elseif (!empty($this->pass_crypted)) { // If an encrypted password is already known, we save it directly into database because the previous create did not save it.
|
||||
$sql = "UPDATE ".$this->db->prefix()."user";
|
||||
$sql .= " SET pass_crypted = '".$this->db->escape($this->pass_crypted)."'";
|
||||
$sql .= " WHERE rowid=".((int) $this->id);
|
||||
@@ -2112,7 +2112,7 @@ class User extends CommonObject
|
||||
// Update password
|
||||
if (!empty($this->pass)) {
|
||||
if ($this->pass != $this->pass_indatabase && !dol_verifyHash($this->pass, $this->pass_indatabase_crypted)) {
|
||||
// If a new value for password is set and different than the one crypted into database
|
||||
// If a new value for password is set and different than the one encrypted into database
|
||||
$result = $this->setPassword($user, $this->pass, 0, $notrigger, $nosyncmemberpass, 0, 1);
|
||||
if (is_int($result) && $result < 0) {
|
||||
return -5;
|
||||
@@ -2326,7 +2326,7 @@ class User extends CommonObject
|
||||
* @param int $changelater 0=Default, 1=Save password into pass_temp to change password only after clicking on confirm email
|
||||
* @param int $notrigger 1=Does not launch triggers
|
||||
* @param int $nosyncmember Do not synchronize linked member
|
||||
* @param int $passwordalreadycrypted 0=Value is cleartext password, 1=Value is crypted value.
|
||||
* @param int $passwordalreadycrypted 0=Value is cleartext password, 1=Value is encrypted value.
|
||||
* @param int $flagdelsessionsbefore 1=Save also the current date to ask to invalidate all other session before this date.
|
||||
* @return string If OK return clear password, 0 if no change (warning, you may retrieve 1 instead of 0 even if password was same), < 0 if error
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user