Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

New: Ajout fonction "Mot de passe oubli" sur la page de logon

Browse Source
This commit is contained in:
Laurent Destailleur
2007-06-02 01:53:54 +00:00
parent ec2edf9755
commit 7979b021b1
10 changed files with 432 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
htdocs/admin/security.php
View File

@@ -133,6 +133,22 @@ else if ($_GET["action"] == 'disable_pdfsecurity')
exit; exit;
} }
if ($_GET["action"] == 'activate_MAIN_SECURITY_DISABLEFORGETPASSLINK')
{
dolibarr_set_const($db, "MAIN_SECURITY_DISABLEFORGETPASSLINK", '1');
Header("Location: security.php");
exit;
}
else if ($_GET["action"] == 'disable_MAIN_SECURITY_DISABLEFORGETPASSLINK')
{
dolibarr_del_const($db, "MAIN_SECURITY_DISABLEFORGETPASSLINK");
Header("Location: security.php");
exit;
}
/* /*
* Affichage onglet * Affichage onglet
*/ */
@@ -246,11 +262,12 @@ print "<input type=\"hidden\" name=\"action\" value=\"encrypt\">";
print '<table class="noborder" width="100%">'; print '<table class="noborder" width="100%">';
print '<tr class="liste_titre">'; print '<tr class="liste_titre">';
print '<td colspan="3">'.$langs->trans("Encryption").'</td>'; print '<td colspan="3">'.$langs->trans("Parameters").'</td>';
print '<td align="center">'.$langs->trans("Activated").'</td>'; print '<td align="center">'.$langs->trans("Activated").'</td>';
print '<td align="center">'.$langs->trans("Action").'</td>'; print '<td align="center">'.$langs->trans("Action").'</td>';
print '</tr>'; print '</tr>';
// Disable clear password in database
$var=!$var; $var=!$var;
print "<tr ".$bc[$var].">"; print "<tr ".$bc[$var].">";
print '<td colspan="3">'.$langs->trans("DoNotStoreClearPassword").'</td>'; print '<td colspan="3">'.$langs->trans("DoNotStoreClearPassword").'</td>';
@@ -260,14 +277,12 @@ if($conf->global->DATABASE_PWD_ENCRYPTED == 1)
print img_tick(); print img_tick();
} }
print '</td>'; print '</td>';
if ($conf->global->DATABASE_PWD_ENCRYPTED == 0) if ($conf->global->DATABASE_PWD_ENCRYPTED == 0)
{ {
print '<td align="center" width="100">'; print '<td align="center" width="100">';
print '<a href="security.php?action=activate_encrypt">'.$langs->trans("Activate").'</a>'; print '<a href="security.php?action=activate_encrypt">'.$langs->trans("Activate").'</a>';
print "</td>"; print "</td>";
} }
if($conf->global->DATABASE_PWD_ENCRYPTED == 1) if($conf->global->DATABASE_PWD_ENCRYPTED == 1)
{ {
print '<td align="center" width="100">'; print '<td align="center" width="100">';
@@ -283,7 +298,32 @@ if($conf->global->DATABASE_PWD_ENCRYPTED == 1)
} }
print "</td>"; print "</td>";
} }
print "</td>";
print '</tr>';
// Disable link "Forget password" on logon
$var=!$var;
print "<tr ".$bc[$var].">";
print '<td colspan="3">'.$langs->trans("DisableForgetPasswordLinkOnLogonPage").'</td>';
print '<td align="center" width="60">';
if($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK == 1)
{
print img_tick();
}
print '</td>';
if ($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK == 0)
{
print '<td align="center" width="100">';
print '<a href="security.php?action=activate_MAIN_SECURITY_DISABLEFORGETPASSLINK">'.$langs->trans("Activate").'</a>';
print "</td>";
}
if($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK == 1)
{
print '<td align="center" width="100">';
print '<a href="security.php?action=disable_MAIN_SECURITY_DISABLEFORGETPASSLINK">'.$langs->trans("Disable").'</a>';
print "</td>";
}
print "</td>"; print "</td>";
print '</tr>'; print '</tr>';
@@ -321,7 +361,7 @@ $var=!$var;
print "<tr ".$bc[$var].">"; print "<tr ".$bc[$var].">";
print '<td colspan="3">'; print '<td colspan="3">';
$text = $langs->trans("ProtectAndEncryptPdfFiles"); $text = $langs->trans("ProtectAndEncryptPdfFiles");
$desc = $html->textwithwarning($text,$langs->transnoentities("ProtectAndEncryptPdfFilesDesc"),1); $desc = $html->textwithhelp($text,$langs->transnoentities("ProtectAndEncryptPdfFilesDesc"),1);
print $desc; print $desc;
print '</td>'; print '</td>';
print '<td align="center" width="60">'; print '<td align="center" width="60">';

3
htdocs/langs/en_US/admin.lang
View File

@@ -448,7 +448,8 @@ UserGroupSetup=Users and groups module setup
GeneratePassword=Suggest a generated password GeneratePassword=Suggest a generated password
RuleForGeneratedPasswords=Rule to generate suggested passwords RuleForGeneratedPasswords=Rule to generate suggested passwords
DoNotSuggest=Do not suggest any password DoNotSuggest=Do not suggest any password
EncryptedPasswordInDatabase=To allow the encryption of the passwords in the database EncryptedPasswordInDatabase=To allow the encryption of the passwords in the database
DisableForgetPasswordLinkOnLogonPage=Do not show the link "Forget password" on login page
##### Company setup ##### ##### Company setup #####
CompanySetup=Companies module setup CompanySetup=Companies module setup
CompanyCodeChecker=Module for third parties code checking (customer or supplier) CompanyCodeChecker=Module for third parties code checking (customer or supplier)

6
htdocs/langs/en_US/other.lang
View File

@@ -11,6 +11,9 @@ ErrorFailedToFindEntity=Failed to read entity '%s'
ErrorBadLoginPassword=Bad value for login or password ErrorBadLoginPassword=Bad value for login or password
ErrorLoginDisabled=Your account has been disabled ErrorLoginDisabled=Your account has been disabled
ErrorFailedToRunExternalCommand=Failed to run external command. Check it is available and runnable by your PHP server. If PHP <b>Safe Mode</b> is enabled, check that command is inside a directory defined by parameter <b>safe_mode_exec_dir</b>. ErrorFailedToRunExternalCommand=Failed to run external command. Check it is available and runnable by your PHP server. If PHP <b>Safe Mode</b> is enabled, check that command is inside a directory defined by parameter <b>safe_mode_exec_dir</b>.
ErrorFailedToChangePassword=Failed to change password
ErrorLoginDoesNotExists=User with login <b>%s</b> could not be found.
ErrorLoginHasNoEmail=This user has no email address. Process aborted.
Calendar=Calendar Calendar=Calendar
AddTrip=Add trip AddTrip=Add trip
Tools=Tools Tools=Tools
@@ -70,6 +73,9 @@ VolumeUnitm3=m<SUP>3</SUP>
VolumeUnitcm3=cm<SUP>3</SUP> VolumeUnitcm3=cm<SUP>3</SUP>
VolumeUnitmm3=mm<SUP>3</SUP> VolumeUnitmm3=mm<SUP>3</SUP>
BugTracker=Bug tracker BugTracker=Bug tracker
SendNewPasswordDesc=This form allows you to request a new passord. It will be send to your email address. Check your email reader software.
BackToLoginPage=Back to login page
AuthenticationDoesNotAllowSendNewPassword=Authentication mode is <b>%s</b>. In this mode, Dolibarr can't know nor change your password. Contact your system administrator if you want to change your password.
##### Webcal ##### ##### Webcal #####
LoginWebcal=Login for Webcalendar LoginWebcal=Login for Webcalendar
AddCalendarEntry=Add entry in calendar AddCalendarEntry=Add entry in calendar

1
htdocs/langs/fr_FR/admin.lang
View File

@@ -456,6 +456,7 @@ GeneratePassword=Proposer un mot de passe g
RuleForGeneratedPasswords=R<>gle pour la g<>n<EFBFBD>ration des mots de passe propos<6F>s RuleForGeneratedPasswords=R<>gle pour la g<>n<EFBFBD>ration des mots de passe propos<6F>s
DoNotSuggest=Ne pas proposer DoNotSuggest=Ne pas proposer
EncryptedPasswordInDatabase=Permettre l'encryption des mots de passe dans la base de donn<6E>es EncryptedPasswordInDatabase=Permettre l'encryption des mots de passe dans la base de donn<6E>es
DisableForgetPasswordLinkOnLogonPage=Ne pas afficher le lien "Mot de passe oubli<6C>" sur la page de connexion
##### Company setup ##### ##### Company setup #####
CompanySetup=Configuration du module Soci<63>t<EFBFBD>s CompanySetup=Configuration du module Soci<63>t<EFBFBD>s
CompanyCodeChecker=Module de contr<74>le des codes tiers (clients/fournisseurs) CompanyCodeChecker=Module de contr<74>le des codes tiers (clients/fournisseurs)

6
htdocs/langs/fr_FR/other.lang
View File

@@ -11,6 +11,9 @@ ErrorFailedToFindEntity=Echec de lecture de l'entit
ErrorBadLoginPassword=Identifiants login ou mot de passe incorrects ErrorBadLoginPassword=Identifiants login ou mot de passe incorrects
ErrorLoginDisabled=Votre compte est d<>sactiv<69> ErrorLoginDisabled=Votre compte est d<>sactiv<69>
ErrorFailedToRunExternalCommand=Echec de l'ex<65>cution de la commande externe. V<>rifiez qu'elle est disponible et ex<65>cutable par votre serveur PHP. Si le <b>Safe Mode</b> PHP est actif, v<>rifiez que la commande se trouve dans un r<>pertoire d<>finie dans le param<61>tre <b>safe_mode_exec_dir</b>. ErrorFailedToRunExternalCommand=Echec de l'ex<65>cution de la commande externe. V<>rifiez qu'elle est disponible et ex<65>cutable par votre serveur PHP. Si le <b>Safe Mode</b> PHP est actif, v<>rifiez que la commande se trouve dans un r<>pertoire d<>finie dans le param<61>tre <b>safe_mode_exec_dir</b>.
ErrorFailedToChangePassword=Echec de modification du mot de passe
ErrorLoginDoesNotExists=Le compte utilisateur de login <b>%s</b> n'a pu <20>tre trouv<75>.
ErrorLoginHasNoEmail=Cet utilisateur n'a pas d'email. Impossible de continuer.
Calendar=Calendrier Calendar=Calendrier
AddTrip=Cr<43>er d<>placement AddTrip=Cr<43>er d<>placement
Tools=Outils Tools=Outils
@@ -70,6 +73,9 @@ VolumeUnitm3=m<SUP>3</SUP>
VolumeUnitcm3=cm<SUP>3</SUP> VolumeUnitcm3=cm<SUP>3</SUP>
VolumeUnitmm3=mm<SUP>3</SUP> VolumeUnitmm3=mm<SUP>3</SUP>
BugTracker=Bug tracker BugTracker=Bug tracker
SendNewPasswordDesc=Ce formulaire permet d'envoyer un nouveau mot de passe. Il sera envoy<6F> <20> l'adresse email de votre user. Surveillez votre messagerie.
BackToLoginPage=Retour page de connexion
AuthenticationDoesNotAllowSendNewPassword=Le mode d'authentification de Dolibarr est configur<75> <20> "<b>%s</b>". Dans ce mode, Dolibarr n'a pas la possibilit<69> de connaitre ni modifier votre mot de passe. Contacter votre administrateur pour connaitre les modalit<69>s de changement.
##### Webcal ##### ##### Webcal #####
LoginWebcal=Login Webcalendar LoginWebcal=Login Webcalendar
AddCalendarEntry=Ajouter entr<74>e dans le calendrier AddCalendarEntry=Ajouter entr<74>e dans le calendrier

65
htdocs/lib/functions.inc.php
View File

@@ -1121,9 +1121,9 @@ function dol_loginfunction($notused,$pearstatus)
// Ce DTD est KO car inhibe document.body.scrollTop // Ce DTD est KO car inhibe document.body.scrollTop
//print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">'; //print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">';
// Ce DTD est OK // Ce DTD est OK
print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">'; print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">'."\n";
print "\n"; // En tete html
print "<html>\n"; print "<html>\n";
print "<head>\n"; print "<head>\n";
print '<meta name="robots" content="noindex,nofollow">'."\n"; // Evite indexation par robots print '<meta name="robots" content="noindex,nofollow">'."\n"; // Evite indexation par robots
@@ -1131,8 +1131,6 @@ function dol_loginfunction($notused,$pearstatus)
print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/'.$conf->css.'">'."\n"; print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/'.$conf->css.'">'."\n";
print '<style type="text/css">'."\n"; print '<style type="text/css">'."\n";
print '<!--'."\n"; print '<!--'."\n";
print '#login {'; print '#login {';
@@ -1162,16 +1160,17 @@ function dol_loginfunction($notused,$pearstatus)
print '</script>'."\n"; print '</script>'."\n";
print '</head>'."\n"; print '</head>'."\n";
print '<body class="body" onload="donnefocus();">'; // Body
print '<body class="body" onload="donnefocus();">';
// Start Form
print '<form id="login" name="login" method="post" action="'; print '<form id="login" name="login" method="post" action="';
print $_SERVER['PHP_SELF']; print $_SERVER['PHP_SELF'];
print $_SERVER["QUERY_STRING"]?'?'.$_SERVER["QUERY_STRING"]:''; print $_SERVER["QUERY_STRING"]?'?'.$_SERVER["QUERY_STRING"]:'';
print '">'; print '">';
// Table 1
print '<table cellpadding="0" cellspacing="0" border="0" align="center" width="400">'; print '<table cellpadding="0" cellspacing="0" border="0" align="center" width="400">';
if (file_exists(DOL_DOCUMENT_ROOT.'/logo.png')) if (file_exists(DOL_DOCUMENT_ROOT.'/logo.png'))
{ {
print '<tr><td colspan="3" style="text-align:center;">'; print '<tr><td colspan="3" style="text-align:center;">';
@@ -1181,18 +1180,16 @@ function dol_loginfunction($notused,$pearstatus)
{ {
print '<tr class="vmenu"><td align="center">Dolibarr '.DOL_VERSION.'</td></tr>'; print '<tr class="vmenu"><td align="center">Dolibarr '.DOL_VERSION.'</td></tr>';
} }
print '</table>';
print '<br>';
print '</table> // Table 2
print '<table cellpadding="2" align="center" width="400">';
<br> print '<tr><td colspan="3">&nbsp;</td></tr>';
<table cellpadding="2" align="center" width="400"> print '<tr><td align="left"><br> &nbsp; <b>'.$langs->trans("Login").'</b> &nbsp;</td>';
print '<td><input name="username" class="flat" size="15" maxlength="25" value="" tabindex="1" /></td>';
<tr><td colspan="3">&nbsp;</td></tr>
<tr><td align="left"><br> &nbsp; <b>'.$langs->trans("Login").'</b> &nbsp;</td>
<td><input name="username" class="flat" size="15" maxlength="25" value="" tabindex="1" /></td>
';
// Affiche logo du theme si existe, sinon logo commun // Affiche logo du theme si existe, sinon logo commun
if (file_exists(DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/img/login_logo.png')) if (file_exists(DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/img/login_logo.png'))
@@ -1204,27 +1201,23 @@ function dol_loginfunction($notused,$pearstatus)
print '<td rowspan="2"><img src="'.DOL_URL_ROOT.'/theme/login_logo.png"></td>'; print '<td rowspan="2"><img src="'.DOL_URL_ROOT.'/theme/login_logo.png"></td>';
} }
print ' print '</tr>';
</tr>
<tr><td align="left" valign="top"> &nbsp; <b>'.$langs->trans("Password").'</b> &nbsp; </td> print '<tr><td align="left" valign="top"> &nbsp; <b>'.$langs->trans("Password").'</b> &nbsp; </td>';
<td valign="top" nowrap="nowrap"><input name="password" class="flat" type="password" size="15" maxlength="30" tabindex="2">'; print '<td valign="top" nowrap="nowrap"><input name="password" class="flat" type="password" size="15" maxlength="30" tabindex="2">';
print '</td></tr> print '</td></tr>';
<tr><td colspan="3" style="text-align:center;"><br> print '<tr><td colspan="3" style="text-align:center;"><br>';
<input type="submit" class="button" value="&nbsp; '.$langs->trans("Connection").' &nbsp;" tabindex="4" /> print '<input type="submit" class="button" value="&nbsp; '.$langs->trans("Connection").' &nbsp;" tabindex="4" />';
</td></tr> print '</td></tr>';
'; if (! $conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK)
if ($conf->global->MAIN_SECURITY_ALLOWFORGETPASSWORD) {
{ print '<tr><td colspan="3" align="center"><a style="color: #888888; font-size: 10px" href="'.DOL_URL_ROOT.'/user/passwordforgotten.php">('.$langs->trans("PasswordForgotten").')</a></td></tr>';
print '<tr><td colspan="3" align="center"><a style="color: #888888; font-size: 10px" href="'.DOL_URL_ROOT.'/user/passwordforgotten.php">('.$langs->trans("PasswordForgotten").')</a></td></tr>'; }
}
print ' print '</table>';
</table> print '<input type="hidden" name="loginfunction" value="loginfunction" />';
<input type="hidden" name="loginfunction" value="loginfunction" />
';
print '</form>'; print '</form>';
@@ -1242,13 +1235,15 @@ if ($conf->global->MAIN_SECURITY_ALLOWFORGETPASSWORD)
} }
print '</div></td></tr></table></center>'; print '</div></td></tr></table></center>';
} }
if (defined("MAIN_HOME") && strlen(trim(MAIN_HOME))) if ($conf->global->MAIN_HOME)
{ {
print '<table cellpadding="0" cellspacing="0" border="0" align="center" width="750"><tr><td>'; print '<table cellpadding="0" cellspacing="0" border="0" align="center" width="750"><tr><td>';
print nl2br(MAIN_HOME); print nl2br(MAIN_HOME);
print '</td></tr></table><br>'; print '</td></tr></table><br>';
} }
print "\n</body>\n</html>";
// Fin entete html
print "\n</body>\n</html>";
} }

168
htdocs/user.class.php
View File

@@ -121,7 +121,7 @@ class User
// Recupere utilisateur // Recupere utilisateur
$sql = "SELECT u.rowid, u.name, u.firstname, u.email, u.office_phone, u.office_fax, u.user_mobile,"; $sql = "SELECT u.rowid, u.name, u.firstname, u.email, u.office_phone, u.office_fax, u.user_mobile,";
$sql.= " u.admin, u.login, u.webcal_login, u.note,"; $sql.= " u.admin, u.login, u.webcal_login, u.note,";
$sql.= " u.pass, u.pass_crypted,"; $sql.= " u.pass, u.pass_crypted, u.pass_temp,";
$sql.= " u.fk_societe, u.fk_socpeople, u.ldap_sid,"; $sql.= " u.fk_societe, u.fk_socpeople, u.ldap_sid,";
$sql.= " u.statut, u.lang,"; $sql.= " u.statut, u.lang,";
$sql.= " ".$this->db->pdate("u.datec")." as datec,"; $sql.= " ".$this->db->pdate("u.datec")." as datec,";
@@ -160,6 +160,7 @@ class User
$this->pass_indatabase = $obj->pass; $this->pass_indatabase = $obj->pass;
$this->pass_indatabase_crypted = $obj->pass_crypted; $this->pass_indatabase_crypted = $obj->pass_crypted;
$this->pass = $obj->pass; $this->pass = $obj->pass;
$this->pass_temp = $obj->pass_temp;
$this->office_phone = $obj->office_phone; $this->office_phone = $obj->office_phone;
$this->office_fax = $obj->office_fax; $this->office_fax = $obj->office_fax;
$this->user_mobile = $obj->user_mobile; $this->user_mobile = $obj->user_mobile;
@@ -988,17 +989,18 @@ class User
/** /**
* \brief Change le mot de passe d'un utilisateur * \brief Change le mot de passe d'un utilisateur
* \param user Object user de l'utilisateur qui fait la modification * \param user Object user de l'utilisateur qui fait la modification
* \param password Nouveau mot de passe (<28> g<>n<EFBFBD>rer si non communiqu<71>) * \param password Nouveau mot de passe (<28> g<>n<EFBFBD>rer si non communiqu<71>)
* \param noclearpassword 0 ou 1 s'il ne faut pas stocker le mot de passe en clair * \param noclearpassword 0 ou 1 s'il ne faut pas stocker le mot de passe en clair
* \return string mot de passe, < 0 si erreur * \param changelater 1=Change password only after clicking on confirm email
*/ * \return string Mot de passe non crypt<70>, < 0 si erreur
function password($user, $password='', $noclearpassword=0) */
function password($user, $password='', $noclearpassword=0, $changelater=0)
{ {
global $langs; global $langs;
dolibarr_syslog("User::Password user=".$user->id." password=".eregi_replace('.','*',$password)." isencrypted=".$isencrypted); dolibarr_syslog("User::Password user=".$user->id." password=".eregi_replace('.','*',$password)." isencrypted=".$isencrypted." changelater=".$changelater);
// Si nouveau mot de passe non communiqu<71>, on g<>n<EFBFBD>re par module // Si nouveau mot de passe non communiqu<71>, on g<>n<EFBFBD>re par module
if (! $password) if (! $password)
@@ -1008,56 +1010,82 @@ class User
//$password=creer_pass_aleatoire_2(''); //$password=creer_pass_aleatoire_2('');
} }
// Crypte avec systeme encodage par defaut du PHP // Crypte avec md5
//$sqlpass = crypt($password, makesalt());
$password_crypted = md5($password); $password_crypted = md5($password);
// Mise a jour // Mise a jour
$sql = "UPDATE ".MAIN_DB_PREFIX."user"; if (! $changelater)
$sql.= " SET pass_crypted = '".$password_crypted."'";
if (! $noclearpassword)
{ {
$sql.= ", pass = '".$password."'"; $sql = "UPDATE ".MAIN_DB_PREFIX."user";
$sql.= " SET pass_crypted = '".addslashes($password_crypted)."',";
$sql.= " pass_temp = null";
if ($noclearpassword)
{
$sql.= ", pass = null";
}
else
{
$sql.= ", pass = '".addslashes($password)."'";
}
$sql.= " WHERE rowid = ".$this->id;
$result = $this->db->query($sql);
if ($result)
{
if ($this->db->affected_rows())
{
$this->pass=$password;
$this->pass_indatabase=$password;
$this->pass_indatabase_crypted=$password_crypted;
// Appel des triggers
include_once(DOL_DOCUMENT_ROOT . "/interfaces.class.php");
$interface=new Interfaces($this->db);
$result=$interface->run_triggers('USER_NEW_PASSWORD',$this,$user,$lang,$conf);
if ($result < 0) $this->errors=$interface->errors;
// Fin appel triggers
return $this->pass;
}
else {
return -2;
}
}
else
{
dolibarr_print_error($this->db);
return -1;
}
}
else
{
// We store clear password in password temporary field.
// After receiving confirmation link, we will crypt it and store it in pass_crypted
$sql = "UPDATE ".MAIN_DB_PREFIX."user";
$sql.= " SET pass_temp = '".addslashes($password)."'";
$sql.= " WHERE rowid = ".$this->id;
$result = $this->db->query($sql);
if ($result)
{
return $password;
}
else
{
dolibarr_print_error($this->db);
return -3;
}
} }
$sql.= " WHERE rowid = ".$this->id;
$result = $this->db->query($sql);
if ($result)
{
if ($this->db->affected_rows())
{
$this->pass=$password;
$this->pass_indatabase=$password;
$this->pass_indatabase_crypted=$password_crypted;
// Appel des triggers
include_once(DOL_DOCUMENT_ROOT . "/interfaces.class.php");
$interface=new Interfaces($this->db);
$result=$interface->run_triggers('USER_NEW_PASSWORD',$this,$user,$lang,$conf);
if ($result < 0) $this->errors=$interface->errors;
// Fin appel triggers
return $this->pass;
}
else {
return -2;
}
}
else
{
dolibarr_print_error($this->db);
return -1;
}
} }
/** /**
* \brief Envoie mot de passe par mail * \brief Envoie mot de passe par mail
* \param user Object user de l'utilisateur qui fait l'envoi * \param user Object user de l'utilisateur qui fait l'envoi
* \param password Nouveau mot de passe * \param password Nouveau mot de passe
* \return int < 0 si erreur, > 0 si ok * \param changelater 1=Change password only after clicking on confirm email
*/ * \return int < 0 si erreur, > 0 si ok
function send_password($user, $password='') */
function send_password($user, $password='', $changelater=0)
{ {
global $langs; global $langs;
@@ -1066,16 +1094,33 @@ class User
$subject = $langs->trans("SubjectNewPassword"); $subject = $langs->trans("SubjectNewPassword");
$msgishtml=0; $msgishtml=0;
$mesg .= "Bonjour,\n\n"; // Define $msg
$mesg .= "Votre mot de passe pour acc<63>der <20> Dolibarr a <20>t<EFBFBD> chang<6E> :\n\n"; $mesg = '';
$mesg .= $langs->trans("Login")." : $this->login\n"; if (! $changelater)
$mesg .= $langs->trans("Password")." : $password\n\n"; {
$mesg.= "A request to change your Dolibarr password has been received.\n";
$mesg .= "Adresse : http://".$_SERVER["HTTP_HOST"].DOL_URL_ROOT; $mesg.= "This is your new keys to login:\n\n";
$mesg .= "\n\n"; $mesg.= $langs->trans("Login")." : $this->login\n";
$mesg .= "--\n"; $mesg.= $langs->trans("Password")." : $password\n\n";
$mesg.= $user->fullname; $mesg.= "\n";
$url = "http://".$_SERVER["HTTP_HOST"].DOL_URL_ROOT;
$mesg.= '<a href="'.$url.'">Go to Dolibarr</a>'."\n\n";
$mesg.= "--\n";
$mesg.= $user->fullname; // Username that make then sending
}
else
{
$mesg.= "A request to change your Dolibarr password has been received.\n";
$mesg.= "Your new key to login will be:\n\n";
$mesg.= $langs->trans("Login")." : $this->login\n";
$mesg.= $langs->trans("Password")." : $password\n\n";
$mesg.= "\n";
$mesg.= "You must click on the folowing link to validate its change.\n";
$url = "http://".$_SERVER["HTTP_HOST"].DOL_URL_ROOT.'/user/passwordforgotten.php?action=validatenewpassword&username='.$this->login."&passwordmd5=".md5($password);
$mesg.= '<a href="'.$url.'">Validate my new password</a>'."\n\n";
$mesg.= "If you didn't ask anything, just forget this email\n\n";
dolibarr_syslog("User::send_password url=".$url);
}
$mailfile = new CMailFile($subject,$this->email,$conf->email_from,$mesg, $mailfile = new CMailFile($subject,$this->email,$conf->email_from,$mesg,
array(),array(),array(), array(),array(),array(),
'', '', 0, $msgishtml); '', '', 0, $msgishtml);
@@ -1087,6 +1132,7 @@ class User
else else
{ {
$this->error=$langs->trans("ErrorFailedToSendPassword"); $this->error=$langs->trans("ErrorFailedToSendPassword");
//print nl2br($mesg);
return -1; return -1;
} }
} }

234
htdocs/user/passwordforgotten.php Normal file
View File

@@ -0,0 +1,234 @@
<?php
/* Copyright (C) 2007 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/user/fiche.php
\brief Onglet user et permissions de la fiche utilisateur
\version $Revision$
*/
require("../master.inc.php");
require_once(DOL_DOCUMENT_ROOT."/contact.class.php");
require_once(DOL_DOCUMENT_ROOT."/lib/ldap.class.php");
require_once(DOL_DOCUMENT_ROOT."/lib/usergroups.lib.php");
$user->getrights('user');
$langs->load("main");
$langs->load("other");
$langs->load("users");
$langs->load("companies");
$langs->load("ldap");
$action=isset($_GET["action"])?$_GET["action"]:$_POST["action"];
$mode=$dolibarr_main_authentication;
if (! $mode) $mode='http';
/**
* Actions
*/
// Action modif mot de passe
if ($_GET["action"] == 'validatenewpassword' && $_GET["username"] && $_GET["passwordmd5"])
{
$edituser = new User($db);
$result=$edituser->fetch($_GET["username"]);
if ($result < 0)
{
$message = '<div class="error">'.$langs->trans("ErrorLoginDoesNotExists",$_GET["username"]).'</div>';
}
else
{
if (md5($edituser->pass_temp) == $_GET["passwordmd5"])
{
$newpassword=$edituser->password($user,$edituser->pass_temp,$conf->password_encrypted,0);
dolibarr_syslog("passwordforgotten.php new password saved in database");
//session_start();
//$_SESSION["loginmesg"]=$langs->trans("PasswordChanged");
header("Location: ".DOL_URL_ROOT.'/');
exit;
}
else
{
$message = '<div class="error">'.$langs->trans("ErrorFailedToValidatePassword").'</div>';
}
}
}
// Action modif mot de passe
if ($_POST["action"] == 'buildnewpassword' && $_POST["username"])
{
$edituser = new User($db);
$result=$edituser->fetch($_POST["username"]);
if ($result < 0)
{
$message = '<div class="error">'.$langs->trans("ErrorLoginDoesNotExists",$_POST["username"]).'</div>';
}
else
{
if (! $edituser->email)
{
$message = '<div class="error">'.$langs->trans("ErrorLoginHasNoEmail").'</div>';
}
else
{
$newpassword=$edituser->password($user,'',$conf->password_encrypted,1);
if ($newpassword < 0)
{
// Echec
$message = '<div class="error">'.$langs->trans("ErrorFailedToChangePassword").'</div>';
}
else
{
// Succes
if ($edituser->send_password($user,$newpassword,1) > 0)
{
$message = '<div class="ok">'.$langs->trans("PasswordChangedAndSentTo",$edituser->email).'</div>';
//$message.=$newpassword;
}
else
{
//$message = '<div class="ok">'.$langs->trans("PasswordChangedTo",$newpassword).'</div>';
$message.= '<div class="error">'.$edituser->error.'</div>';
}
}
}
}
}
/*
* Affichage page
*/
$conf->css = "theme/".$conf->theme."/".$conf->theme.".css";
// Si feuille de style en php existe
if (file_exists(DOL_DOCUMENT_ROOT.'/'.$conf->css.".php")) $conf->css.=".php";
print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">'."\n";
// En tete html
print "<html>\n";
print "<head>\n";
print '<meta name="robots" content="noindex,nofollow">'."\n"; // Evite indexation par robots
print "<title>Dolibarr Authentification</title>\n";
print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/'.$conf->css.'">'."\n";
print '<style type="text/css">'."\n";
print '<!--'."\n";
print '#login {';
print ' margin-top: 70px;';
print ' margin-bottom: 30px;';
print ' text-align: center;';
print ' font: 12px arial,helvetica;';
print '}'."\n";
print '#login table {';
print ' border: 1px solid #C0C0C0;';
if (file_exists(DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/img/login_background.png'))
{
print 'background: #F0F0F0 url('.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/login_background.png) repeat-x;';
}
else
{
print 'background: #F0F0F0 url('.DOL_URL_ROOT.'/theme/login_background.png) repeat-x;';
}
print 'font-size: 12px;';
print '}'."\n";
print '-->'."\n";
print '</style>'."\n";
print '<script language="javascript" type="text/javascript">'."\n";
print "function donnefocus() {\n";
print "document.getElementsByTagName('INPUT')[0].focus();";
print "}\n";
print '</script>'."\n";
print '</head>'."\n";
// Body
print '<body class="body" onload="donnefocus();">';
// Form
print '<form id="login" action="'.$_SERVER["PHP_SELF"].'" method="post" name="login">';
print '<input type="hidden" name="action" value="buildnewpassword">';
// Table 1
print '<table cellpadding="0" cellspacing="0" border="0" align="center" width="400">';
if (file_exists(DOL_DOCUMENT_ROOT.'/logo.png'))
{
print '<tr><td colspan="3" style="text-align:center;">';
print '<img src="/logo.png"></td></tr>';
}
else
{
print '<tr class="vmenu"><td align="center">Dolibarr '.DOL_VERSION.'</td></tr>';
}
print '</table>';
print '<br>';
// Table 2
print '<table cellpadding="2" align="center" width="400">';
print '<tr><td colspan="3">&nbsp;</td></tr>';
print '<tr><td align="left"> &nbsp; <b>'.$langs->trans("Login").'</b> &nbsp;</td>';
$disabled='disabled';
if ($mode == 'dolibarr') $disabled='';
print '<td><input '.$disabled.' name="username" class="flat" size="15" maxlength="25" value="" tabindex="1" /></td>';
// Affiche logo du theme si existe, sinon logo commun
if (file_exists(DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/img/login_logo.png'))
{
print '<td><img src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/login_logo.png"></td>';
}
else
{
print '<td><img src="'.DOL_URL_ROOT.'/theme/login_logo.png"></td>';
}
print '</tr>';
print "<tr>".'<td align="center" colspan="3"><input class="button" value="'.$langs->trans("SendNewPassword").'" type="submit"></td></tr>';
print "</table>\n";
print "</form>";
print '<center>';
if ($mode == 'dolibarr')
{
print $langs->trans("SendNewPasswordDesc").'<br>';
}
else
{
print '<div class="warning">'.$langs->trans("AuthenticationDoesNotAllowSendNewPassword",$mode).'</div>';
}
print '<br>';
if ($message) { print $message.'<br>'; }
print '<a href="'.DOL_URL_ROOT.'/">'.$langs->trans("BackToLoginPage").'</a>';
print '</center>';
print "<br>";
print "<br>";
// Fin entete html
print "\n</body>\n</html>";
?>

1
mysql/migration/2.1.0-2.2.0.sql
View File

@@ -546,6 +546,7 @@ ALTER TABLE `llx_socpeople` CHANGE `fk_user_create` `fk_user_creat` INT(11) NULL
-- V4 ALTER TABLE llx_socpeople ADD INDEX idx_fk_user_creat (fk_user_creat); -- V4 ALTER TABLE llx_socpeople ADD INDEX idx_fk_user_creat (fk_user_creat);
-- V4 ALTER TABLE llx_socpeople ADD CONSTRAINT fk_socpeople_user_creat_user_rowid FOREIGN KEY (fk_user_creat) REFERENCES llx_user (rowid); -- V4 ALTER TABLE llx_socpeople ADD CONSTRAINT fk_socpeople_user_creat_user_rowid FOREIGN KEY (fk_user_creat) REFERENCES llx_user (rowid);
ALTER TABLE llx_user add pass_temp VARCHAR(32) NULL after pass_crypted;
drop table if exists llx_soc_events; drop table if exists llx_soc_events;
drop table if exists llx_todocomm; drop table if exists llx_todocomm;

1
mysql/tables/llx_user.sql
View File

@@ -30,6 +30,7 @@ create table llx_user
login varchar(24) NOT NULL, login varchar(24) NOT NULL,
pass varchar(32), pass varchar(32),
pass_crypted varchar(128), pass_crypted varchar(128),
pass_temp varchar(32), -- temporary password when asked for forget password
name varchar(50), name varchar(50),
firstname varchar(50), firstname varchar(50),
office_phone varchar(20), office_phone varchar(20),