From e5fd19ffc005b1a935017028eb801e8283b96dbd Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 4 Nov 2013 10:45:43 +0100 Subject: [PATCH 1/5] Add option to salt hash passwords --- htdocs/core/lib/security.lib.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 58bd4371b4c..e21d9c749a1 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -77,9 +77,11 @@ function dol_decode($chain) */ function dol_hash($chain,$type=0) { + global $conf; + if ($type == 1) return sha1($chain); else if ($type == 2) return sha1(md5($chain)); - else return md5($chain); + else return md5((empty($conf->global->MAIN_SECURITY_SALT)?'':$conf->global->MAIN_SECURITY_SALT).$chain); } From 32983b79eebaff8250db543ba5e665609f58b4d4 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 4 Nov 2013 10:47:24 +0100 Subject: [PATCH 2/5] Sec: Add option to salt password --- htdocs/core/lib/security.lib.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index e21d9c749a1..150a3bd3feb 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -79,9 +79,12 @@ function dol_hash($chain,$type=0) { global $conf; + // Salt value + if (! empty($conf->global->MAIN_SECURITY_SALT)) $chain=$conf->global->MAIN_SECURITY_SALT.$chain; + if ($type == 1) return sha1($chain); else if ($type == 2) return sha1(md5($chain)); - else return md5((empty($conf->global->MAIN_SECURITY_SALT)?'':$conf->global->MAIN_SECURITY_SALT).$chain); + else return md5($chain); } From fd168c1214b92cf079a596e543c92c09846fc7dc Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 4 Nov 2013 15:04:04 +0100 Subject: [PATCH 3/5] Doc comments --- htdocs/core/tpl/login.tpl.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/htdocs/core/tpl/login.tpl.php b/htdocs/core/tpl/login.tpl.php index ebc6fea7626..b62ad5890be 100644 --- a/htdocs/core/tpl/login.tpl.php +++ b/htdocs/core/tpl/login.tpl.php @@ -25,8 +25,9 @@ if (GETPOST('dol_optimize_smallscreen')) $conf->dol_optimize_smallscreen=1; if (GETPOST('dol_no_mouse_hover')) $conf->dol_no_mouse_hover=1; if (GETPOST('dol_use_jmobile')) $conf->dol_use_jmobile=1; -$arrayofjs=array('/core/js/dst.js'); // Javascript code on logon page only to detect user tz, dst_observed, dst_first, dst_second -print top_htmlhead('',$langs->trans('Login').' '.$title,0,0,$arrayofjs); +$arrayofjs=array('/core/js/dst.js'); // Javascript code on logon page only to detect user tz, dst_observed, dst_first, dst_second +$titleofloginpage=$langs->trans('Login').' '.$title; // title is defined by dol_loginfunction in security2.lib.php +print top_htmlhead('',$titleofloginpage,0,0,$arrayofjs); ?> From 5e246107a7904aa0701170fa04bb46ff7d5129e4 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 4 Nov 2013 16:31:12 +0100 Subject: [PATCH 4/5] Doxygen --- htdocs/compta/facture/class/facture.class.php | 58 +++++++++---------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index ed7d06919ec..461b3606cd6 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -1,37 +1,37 @@ - * Copyright (C) 2004-2012 Laurent Destailleur -* Copyright (C) 2004 Sebastien Di Cintio -* Copyright (C) 2004 Benoit Mortier -* Copyright (C) 2005 Marc Barilley / Ocebo -* Copyright (C) 2005-2013 Regis Houssin -* Copyright (C) 2006 Andre Cianfarani -* Copyright (C) 2007 Franky Van Liedekerke -* Copyright (C) 2010-2013 Juanjo Menent -* Copyright (C) 2012 Christophe Battarel -* Copyright (C) 2012 Marcos García -* Copyright (C) 2013 Cedric Gross -* Copyright (C) 2013 Florian Henry -* -* This program is free software; you can redistribute it and/or modify -* it under the terms of the GNU General Public License as published by -* the Free Software Foundation; either version 3 of the License, or -* (at your option) any later version. -* -* This program is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU General Public License for more details. -* -* You should have received a copy of the GNU General Public License -* along with this program. If not, see . -*/ + * Copyright (C) 2004-2013 Laurent Destailleur + * Copyright (C) 2004 Sebastien Di Cintio + * Copyright (C) 2004 Benoit Mortier + * Copyright (C) 2005 Marc Barilley / Ocebo + * Copyright (C) 2005-2013 Regis Houssin + * Copyright (C) 2006 Andre Cianfarani + * Copyright (C) 2007 Franky Van Liedekerke + * Copyright (C) 2010-2013 Juanjo Menent + * Copyright (C) 2012 Christophe Battarel + * Copyright (C) 2012 Marcos García + * Copyright (C) 2013 Cedric Gross + * Copyright (C) 2013 Florian Henry + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ /** * \file htdocs/compta/facture/class/facture.class.php -* \ingroup facture -* \brief File of class to manage invoices -*/ + * \ingroup facture + * \brief File of class to manage invoices + */ include_once DOL_DOCUMENT_ROOT.'/core/class/commoninvoice.class.php'; require_once DOL_DOCUMENT_ROOT .'/product/class/product.class.php'; From c815bd96fbae14c064199252c017c85711544ed6 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 4 Nov 2013 16:50:41 +0100 Subject: [PATCH 5/5] Doxygen --- htdocs/core/class/commonobject.class.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 86f4904be68..b3e5f8f47d8 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -2048,6 +2048,7 @@ abstract class CommonObject /** * Function to get extra fields of a member into $this->array_options + * This method is in most cases called by method fetch of objects but you can call it separately. * * @param int $rowid Id of line * @param array $optionsArray Array resulting of call of extrafields->fetch_name_optionals_label()