Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix: Identification par code securite sur logon.

Browse Source 
Utilisation du bon nom de session PHP.
This commit is contained in:
Laurent Destailleur
2007-12-29 17:06:53 +00:00
parent 7f39b78fa7
commit 7401316f40
4 changed files with 171 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

139
htdocs/lib/ajax.lib.php Normal file
View File

@@ -0,0 +1,139 @@
<?php
/* Copyright (C) 2007 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2007 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* or see http://www.gnu.org/
*
* $Id$
*/
function ajax_indicator($htmlname,$indicator='working')
{
$script.='<span id="indicator'.$htmlname.'" style="display: none">'.img_picto('Working...',$indicator.'.gif').'</span>';
return $script;
}
/**
\brief Récupére la valeur d'un champ, effectue un traitement Ajax et affiche le résultat
\param htmlname nom et id du champ
\param keysearch nom et id complémentaire du champ de collecte
\param url chemin du fichier de réponse : /chemin/fichier.php
\param option champ supplémentaire de recherche dans les paramétres
\param indicator Nom de l'image gif sans l'extension
\return script script complet
*/
function ajax_updater($htmlname,$keysearch,$url,$option='',$indicator='working')
{
$script = '<input type="hidden" name="'.$htmlname.'" id="'.$htmlname.'" value="">';
if ($indicator) $script.=ajax_indicator($htmlname,$indicator);
$script.='<script type="text/javascript">';
$script.='var myIndicator'.$htmlname.' = {
onCreate: function(){
if($F("'.$keysearch.$htmlname.'")){
Element.show(\'indicator'.$htmlname.'\');
}
},
onComplete: function() {
if(Ajax.activeRequestCount == 0){
Element.hide(\'indicator'.$htmlname.'\');
}
}
};';
$script.='Ajax.Responders.register(myIndicator'.$htmlname.');';
$script.='new Form.Element.Observer($("'.$keysearch.$htmlname.'"), 1,
function(){
var myAjax = new Ajax.Updater( {
success: \'ajdynfield'.$htmlname.'\'},
\''.DOL_URL_ROOT.$url.'\', {
method: \'get\',
parameters: "'.$keysearch.'="+$F("'.$keysearch.$htmlname.'")+"&htmlname='.$htmlname.$option.'"
});
});';
$script.='</script>';
$script.='<div class="nocellnopadd" id="ajdynfield'.$htmlname.'"></div>';
return $script;
}
/**
\brief Récupére la valeur d'un champ, effectue un traitement Ajax et affiche le résultat
\param htmlname nom et id du champ
\param keysearch nom et id complémentaire du champ de collecte
\param id ID du champ a modifier
\param url chemin du fichier de réponse : /chemin/fichier.php
\param option champ supplémentaire de recherche dans les paramétres
\param indicator Nom de l'image gif sans l'extension
\return script script complet
*/
function ajax_updaterWithID($htmlname,$keysearch,$id,$url,$option='',$indicator='working')
{
$script = '<input type="hidden" name="'.$htmlname.'" id="'.$htmlname.'" value="">';
if ($indicator) $script.=ajax_indicator($htmlname,$indicator);
$script.='<script type="text/javascript">';
$script.='var myIndicator'.$htmlname.' = {
onCreate: function(){
if($F("'.$keysearch.$htmlname.'")){
Element.show(\'indicator'.$htmlname.'\');
}
},
onComplete: function() {
if(Ajax.activeRequestCount == 0){
Element.hide(\'indicator'.$htmlname.'\');
}
}
};';
$script.='Ajax.Responders.register(myIndicator'.$htmlname.');';
$script.='new Form.Element.DelayedObserver($("'.$keysearch.$htmlname.'"), 1,
function(){
var elementHTML = $(\''.$id.'\');
var url = \''.DOL_URL_ROOT.$url.'\';
o_options = new Object();
o_options = {method: \'get\',parameters: "'.$keysearch.'="+$F("'.$keysearch.$htmlname.'")+"'.$option.'"};
var myAjax = new Ajax.Updater(elementHTML,url,o_options);
});';
$script.='</script>';
return $script;
}
/**
\brief Récupére la valeur d'un champ, effectue un traitement Ajax et affiche le résultat
\param htmlname nom et id du champ
\param url chemin du fichier de réponse : /chemin/fichier.php
\param indicator nom de l'image gif sans l'extension
\return script script complet
*/
function ajax_autocompleter($selected='',$htmlname,$url,$indicator='working')
{
if ($indicator) $script.= ajax_indicator($htmlname,$indicator);
$script.= '<input type="hidden" name="'.$htmlname.'_id" id="'.$htmlname.'_id" value="'.$selected.'" />';
$script.= '</div>';
$script.= '<div id="result'.$htmlname.'" class="autocomplete"></div>';
$script.= '<script type="text/javascript">';
$script.= 'new Ajax.Autocompleter(\''.$htmlname.'\',\'result'.$htmlname.'\',\''.DOL_URL_ROOT.$url.'\',{
method: \'post\',
paramName: \''.$htmlname.'\',
indicator: \'indicator'.$htmlname.'\',
afterUpdateElement: ac_return
});';
$script.= '</script>';
return $script;
}
?>

21
htdocs/lib/antispamimage.php
View File

@@ -25,17 +25,23 @@
\version $Revision$ \version $Revision$
*/ */
if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1');
if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1'); if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1');
if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1');
if (! defined('NOREQUIREDB')) define('NOREQUIREDB','1');
// C'est un wrapper, donc header vierge if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1');
function llxHeader() { } if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1');
require_once("../master.inc.php"); require_once("../master.inc.php");
require_once DOL_DOCUMENT_ROOT.'/../external-libs/Artichow/Artichow.cfg.php'; require_once DOL_DOCUMENT_ROOT.'/../external-libs/Artichow/Artichow.cfg.php';
require_once ARTICHOW."/AntiSpam.class.php"; require_once ARTICHOW."/AntiSpam.class.php";
// Init session
$sessionname="DOLSESSID_".$dolibarr_main_db_name;
session_name($sessionname);
session_start();
// On créé l'objet anti-spam // On créé l'objet anti-spam
$object = new AntiSpam(); $object = new AntiSpam();
@@ -60,4 +66,9 @@ $object->border->setColor($colorbr);
// On affiche l'image à l'écran // On affiche l'image à l'écran
$object->draw(); $object->draw();
// C'est un wrapper, donc header vierge
function llxHeader() { }
?> ?>

130
htdocs/lib/functions.inc.php
View File

@@ -1425,8 +1425,9 @@ function dol_loginfunction($notused,$pearstatus)
print '<td align="left" valign="top"><br> &nbsp; <b>'.$langs->trans("Login").'</b> &nbsp;</td>'; print '<td align="left" valign="top"><br> &nbsp; <b>'.$langs->trans("Login").'</b> &nbsp;</td>';
print '<td><input type="text" id="username" name="username" class="flat" size="15" maxlength="25" value="'.(isset($_REQUEST["username"])?$_REQUEST["username"]:'').'" tabindex="1" /></td>'; print '<td><input type="text" id="username" name="username" class="flat" size="15" maxlength="25" value="'.(isset($_REQUEST["username"])?$_REQUEST["username"]:'').'" tabindex="1" /></td>';
if ($conf->main_authentication) $title.=$langs->trans("AuthenticationMode").': '.$conf->main_authentication; $title.=$langs->trans("SessionName").': '.session_name();
if ($conf->main_authentication) $title.=", ".$langs->trans("AuthenticationMode").': '.$conf->main_authentication;
// Show logo (search in order: small company logo, large company logo, theme logo, common logo) // Show logo (search in order: small company logo, large company logo, theme logo, common logo)
$width=0; $width=0;
$urllogo=DOL_URL_ROOT.'/theme/login_logo.png'; $urllogo=DOL_URL_ROOT.'/theme/login_logo.png';
@@ -1462,10 +1463,11 @@ function dol_loginfunction($notused,$pearstatus)
print '<tr><td align="left" valign="middle" nowrap="nowrap"> &nbsp; <b>'.$langs->trans("SecurityCode").'</b></td>'; print '<tr><td align="left" valign="middle" nowrap="nowrap"> &nbsp; <b>'.$langs->trans("SecurityCode").'</b></td>';
print '<td valign="top" nowrap="nowrap" align="left" class="e">'; print '<td valign="top" nowrap="nowrap" align="left" class="e">';
print '<table><tr><td>'; print '<table><tr>';
print '<input id="securitycode" class="flat" type="text" size="6" maxlength="5" name="code" tabindex="3">'; print '<td><input id="securitycode" class="flat" type="text" size="6" maxlength="5" name="code" tabindex="3"></td>';
print '</td><td><img src="'.DOL_URL_ROOT.'/lib/antispamimage.php" border="0" width="128" height="36">'; print '<td><img src="'.DOL_URL_ROOT.'/lib/antispamimage.php" border="0" width="128" height="36"></td>';
print '</td></tr></table>'; print '<td><a href="'.$_SERVER["PHP_SELF"].'">'.img_refresh().'</a></td>';
print '</tr></table>';
print '</td>'; print '</td>';
print '</tr>'; print '</tr>';
@@ -3145,122 +3147,6 @@ function num_lines($texte)
return $nblines; return $nblines;
} }
function ajax_indicator($htmlname,$indicator='working')
{
$script.='<span id="indicator'.$htmlname.'" style="display: none">'.img_picto('Working...',$indicator.'.gif').'</span>';
return $script;
}
/**
\brief R<>cup<75>re la valeur d'un champ, effectue un traitement Ajax et affiche le r<>sultat
\param htmlname nom et id du champ
\param keysearch nom et id compl<70>mentaire du champ de collecte
\param url chemin du fichier de r<>ponse : /chemin/fichier.php
\param option champ suppl<70>mentaire de recherche dans les param<61>tres
\param indicator Nom de l'image gif sans l'extension
\return script script complet
*/
function ajax_updater($htmlname,$keysearch,$url,$option='',$indicator='working')
{
$script = '<input type="hidden" name="'.$htmlname.'" id="'.$htmlname.'" value="">';
if ($indicator) $script.=ajax_indicator($htmlname,$indicator);
$script.='<script type="text/javascript">';
$script.='var myIndicator'.$htmlname.' = {
onCreate: function(){
if($F("'.$keysearch.$htmlname.'")){
Element.show(\'indicator'.$htmlname.'\');
}
},
onComplete: function() {
if(Ajax.activeRequestCount == 0){
Element.hide(\'indicator'.$htmlname.'\');
}
}
};';
$script.='Ajax.Responders.register(myIndicator'.$htmlname.');';
$script.='new Form.Element.Observer($("'.$keysearch.$htmlname.'"), 1,
function(){
var myAjax = new Ajax.Updater( {
success: \'ajdynfield'.$htmlname.'\'},
\''.DOL_URL_ROOT.$url.'\', {
method: \'get\',
parameters: "'.$keysearch.'="+$F("'.$keysearch.$htmlname.'")+"&htmlname='.$htmlname.$option.'"
});
});';
$script.='</script>';
$script.='<div class="nocellnopadd" id="ajdynfield'.$htmlname.'"></div>';
return $script;
}
/**
\brief R<>cup<75>re la valeur d'un champ, effectue un traitement Ajax et affiche le r<>sultat
\param htmlname nom et id du champ
\param keysearch nom et id compl<70>mentaire du champ de collecte
\param id ID du champ a modifier
\param url chemin du fichier de r<>ponse : /chemin/fichier.php
\param option champ suppl<70>mentaire de recherche dans les param<61>tres
\param indicator Nom de l'image gif sans l'extension
\return script script complet
*/
function ajax_updaterWithID($htmlname,$keysearch,$id,$url,$option='',$indicator='working')
{
$script = '<input type="hidden" name="'.$htmlname.'" id="'.$htmlname.'" value="">';
if ($indicator) $script.=ajax_indicator($htmlname,$indicator);
$script.='<script type="text/javascript">';
$script.='var myIndicator'.$htmlname.' = {
onCreate: function(){
if($F("'.$keysearch.$htmlname.'")){
Element.show(\'indicator'.$htmlname.'\');
}
},
onComplete: function() {
if(Ajax.activeRequestCount == 0){
Element.hide(\'indicator'.$htmlname.'\');
}
}
};';
$script.='Ajax.Responders.register(myIndicator'.$htmlname.');';
$script.='new Form.Element.DelayedObserver($("'.$keysearch.$htmlname.'"), 1,
function(){
var elementHTML = $(\''.$id.'\');
var url = \''.DOL_URL_ROOT.$url.'\';
o_options = new Object();
o_options = {method: \'get\',parameters: "'.$keysearch.'="+$F("'.$keysearch.$htmlname.'")+"'.$option.'"};
var myAjax = new Ajax.Updater(elementHTML,url,o_options);
});';
$script.='</script>';
return $script;
}
/**
\brief R<>cup<75>re la valeur d'un champ, effectue un traitement Ajax et affiche le r<>sultat
\param htmlname nom et id du champ
\param url chemin du fichier de r<>ponse : /chemin/fichier.php
\param indicator nom de l'image gif sans l'extension
\return script script complet
*/
function ajax_autocompleter($selected='',$htmlname,$url,$indicator='working')
{
if ($indicator) $script.= ajax_indicator($htmlname,$indicator);
$script.= '<input type="hidden" name="'.$htmlname.'_id" id="'.$htmlname.'_id" value="'.$selected.'" />';
$script.= '</div>';
$script.= '<div id="result'.$htmlname.'" class="autocomplete"></div>';
$script.= '<script type="text/javascript">';
$script.= 'new Ajax.Autocompleter(\''.$htmlname.'\',\'result'.$htmlname.'\',\''.DOL_URL_ROOT.$url.'\',{
method: \'post\',
paramName: \''.$htmlname.'\',
indicator: \'indicator'.$htmlname.'\',
afterUpdateElement: ac_return
});';
$script.= '</script>';
return $script;
}
/** /**
* \brief Fonction simple identique a microtime de PHP 5 mais compatible PHP 4 * \brief Fonction simple identique a microtime de PHP 5 mais compatible PHP 4
* \return float Time en millisecondes avec decimal pour microsecondes * \return float Time en millisecondes avec decimal pour microsecondes

8
htdocs/user/passwordforgotten.php
View File

@@ -29,6 +29,12 @@ require_once(DOL_DOCUMENT_ROOT."/contact.class.php");
require_once(DOL_DOCUMENT_ROOT."/lib/ldap.class.php"); require_once(DOL_DOCUMENT_ROOT."/lib/ldap.class.php");
require_once(DOL_DOCUMENT_ROOT."/lib/usergroups.lib.php"); require_once(DOL_DOCUMENT_ROOT."/lib/usergroups.lib.php");
// Init session
$sessionname="DOLSESSID_".$dolibarr_main_db_name;
session_name($sessionname);
session_start();
dolibarr_syslog("Session name=".$sessionname." Session id()=".session_id().", _SESSION['dol_login']=".$_SESSION["dol_login"]);
$user->getrights('user'); $user->getrights('user');
$langs->load("main"); $langs->load("main");
@@ -218,6 +224,8 @@ print '<td align="left" valign="top"><br> &nbsp; <b>'.$langs->trans("Login").'</
print '<td><input id="username" type="text" '.$disabled.' name="username" class="flat" size="15" maxlength="25" value="'.(isset($_POST["username"])?$_POST["username"]:'').'" tabindex="1" /></td>'; print '<td><input id="username" type="text" '.$disabled.' name="username" class="flat" size="15" maxlength="25" value="'.(isset($_POST["username"])?$_POST["username"]:'').'" tabindex="1" /></td>';
$title=''; $title='';
$title.=$langs->trans("SessionName").': '.session_name();
if ($conf->main_authentication) $title.=", ".$langs->trans("AuthenticationMode").': '.$conf->main_authentication;
// Show logo (search in order: small company logo, large company logo, theme logo, common logo) // Show logo (search in order: small company logo, large company logo, theme logo, common logo)
$width=0; $width=0;