".$langs->trans("Login")."

* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * or see http://www.gnu.org/ */ /** * \file htdocs/lib/security.lib.php * \brief Set of function used for dolibarr security * \version $Id$ */ /** * \brief Show Dolibarr default login page * \param langs Lang object * \param conf Conf object * \param mysoc Company object * \remarks You must change HTML code in this page to change design of logon page. */ function dol_loginfunction($langs,$conf,$mysoc) { $langs->load("main"); $langs->load("other"); $conf->css = "theme/".$conf->theme."/".$conf->theme.".css"; // Si feuille de style en php existe if (file_exists(DOL_DOCUMENT_ROOT.'/'.$conf->css.".php")) $conf->css.=".php"; header('Cache-Control: Public, must-revalidate'); if (! empty($_REQUEST["urlfrom"])) $_SESSION["urlfrom"]=$_REQUEST["urlfrom"]; else unset($_SESSION["urlfrom"]); // Ce DTD est KO car inhibe document.body.scrollTop //print ''; // Ce DTD est OK print ''."\n"; // En tete html print "\n"; print "\n"; print ''."\n"; // Evite indexation par robots print "".$langs->trans("Login")."\n"; print ''."\n"; print ''."\n"; print ''."\n"; print ''."\n"; // Body print ''; // Start Form print '

'; // Table 1 print ''; $title='Dolibarr '.DOL_VERSION; if (! empty($conf->global->MAIN_APPLICATION_TITLE)) $title=$conf->global->MAIN_APPLICATION_TITLE; print ''; print '

'.$title.'

'; print '
'; // Table 2 print ''; print ''; print ''; // Login field print ''; print ''; $title=$langs->trans("SessionName").': '.session_name(); if ($conf->main_authentication) $title.=", ".$langs->trans("AuthenticationMode").': '.$conf->main_authentication; // Show logo (search in order: small company logo, large company logo, theme logo, common logo) $width=0; $urllogo=DOL_URL_ROOT.'/theme/login_logo.png'; if (! empty($mysoc->logo_small) && is_readable($conf->societe->dir_logos.'/thumbs/'.$mysoc->logo_small)) { $urllogo=DOL_URL_ROOT.'/viewimage.php?modulepart=companylogo&file='.urlencode('thumbs/'.$mysoc->logo_small); } elseif (! empty($mysoc->logo_small) && is_readable($conf->societe->dir_logos.'/'.$mysoc->logo)) { $urllogo=DOL_URL_ROOT.'/viewimage.php?modulepart=companylogo&file='.urlencode($mysoc->logo); $width=96; } elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/img/login_logo.png')) { $urllogo=DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/login_logo.png'; } print ''; print ''."\n"; // Password field print ''; print ''; print ''."\n"; // Security graphical code $disabled=! $conf->global->MAIN_SECURITY_ENABLECAPTCHA; if (function_exists("imagecreatefrompng") && ! $disabled) { //print "Info session: ".session_name().session_id();print_r($_SESSION); print ''; print ''; print ''; } print ''; if (! $conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK) { print ''; } print '

'.$langs->trans("Login").'

'.$langs->trans("Password").'

'; print '

'.$langs->trans("SecurityCode").'

'; print ''; print ''; print ''; print ''; print '

'.img_refresh().'

'; print '

'; print ''; print '

('.$langs->trans("PasswordForgotten").')

'; // Hidden fields print ''; print '

'; // Message if ($_SESSION["dol_loginmesg"]) { print '

'; print $_SESSION["dol_loginmesg"]; $_SESSION["dol_loginmesg"]=""; print '

'; } if ($conf->global->MAIN_HOME) { print '

'; print nl2br($conf->global->MAIN_HOME); print '

'; } print "\n"; print ''; // Fin entete html print "\n\n"; } /** * \brief Fonction pour initialiser un salt pour la fonction crypt * \param $type 2=>renvoi un salt pour cryptage DES * 12=>renvoi un salt pour cryptage MD5 * non defini=>renvoi un salt pour cryptage par defaut * \return string Chaine salt */ function makesalt($type=CRYPT_SALT_LENGTH) { dolibarr_syslog("security.lib.php::makesalt type=".$type); switch($type) { case 12: // 8 + 4 $saltlen=8; $saltprefix='$1$'; $saltsuffix='$'; break; case 8: // 8 + 4 (Pour compatibilite, ne devrait pas etre utilis�) $saltlen=8; $saltprefix='$1$'; $saltsuffix='$'; break; case 2: // 2 default: // by default, fall back on Standard DES (should work everywhere) $saltlen=2; $saltprefix=''; $saltsuffix=''; break; } $salt=''; while(strlen($salt) < $saltlen) $salt.=chr(rand(64,126)); $result=$saltprefix.$salt.$saltsuffix; dolibarr_syslog("security.lib.php::makesalt return=".$result); return $result; } /** * \brief Encode\decode database password in config file * \param level Encode level : 0 no enconding, 1 encoding * \return int <0 if KO, >0 if OK */ function encodedecode_dbpassconf($level=0) { dolibarr_syslog("security.lib::encodedecode_dbpassconf level=".$level, LOG_DEBUG); $config = ''; if ($fp = fopen(DOL_DOCUMENT_ROOT.'/conf/conf.php','r')) { while(!feof($fp)) { $buffer = fgets($fp,4096); if (strstr($buffer,"\$dolibarr_main_db_encrypted_pass") && $level == 0) { $passwd = strstr($buffer,"$dolibarr_main_db_encrypted_pass="); $passwd = substr(substr($passwd,2),0,-3); $passwd = dol_decode($passwd); $config .= "\$dolibarr_main_db_pass=\"$passwd\";\n"; } else if (strstr($buffer,"\$dolibarr_main_db_pass") && $level == 1) { $passwd = strstr($buffer,"$dolibarr_main_db_pass="); $passwd = substr(substr($passwd,2),0,-3); $passwd = dol_encode($passwd); $config .= "\$dolibarr_main_db_encrypted_pass=\"$passwd\";\n"; } else { $config .= $buffer; } } fclose($fp); $file=DOL_DOCUMENT_ROOT.'/conf/conf.php'; if ($fp = @fopen($file,'w')) { fputs($fp, $config, strlen($config)); fclose($fp); // It's config file, so we set permission for creator only // @chmod($file, octdec('0600')); return 1; } else { dolibarr_syslog("security.lib::encodedecode_dbpassconf Failed to open conf.php file for writing", LOG_WARNING); return -1; } } else { dolibarr_syslog("security.lib::encodedecode_dbpassconf Failed to read conf.php", LOG_ERR); return -2; } } /** * \brief Encode une chaine de caract�re * \param chaine chaine de caract�res a encoder * \return string_coded chaine de caract�res encod�e */ function dol_encode($chain) { for($i=0;$i