Dolibarr Authentification

* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /** * \file htdocs/user/passwordforgotten.php * \brief Page demande nouveau mot de passe * \version $Id$ */ // This is to make Dolibarr working with Plesk set_include_path($_SERVER['DOCUMENT_ROOT'].'/htdocs'); // Init session. Name of session is specific to Dolibarr instance. $sessionname='DOLSESSID_'.md5($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"]); $sessiontimeout='DOLSESSTIMEOUT_'.md5($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"]); if (! empty($_COOKIE[$sessiontimeout])) ini_set('session.gc_maxlifetime',$_COOKIE[$sessiontimeout]); session_name($sessionname); session_start(); require("../master.inc.php"); require_once(DOL_DOCUMENT_ROOT."/contact.class.php"); require_once(DOL_DOCUMENT_ROOT."/lib/ldap.class.php"); require_once(DOL_DOCUMENT_ROOT."/lib/usergroups.lib.php"); $langcode=(empty($_GET["lang"])?'auto':$_GET["lang"]); $langs->setDefaultLang($langcode); $user->getrights('user'); $langs->load("main"); $langs->load("other"); $langs->load("users"); $langs->load("companies"); $langs->load("ldap"); $action=isset($_GET["action"])?$_GET["action"]:$_POST["action"]; $mode=$dolibarr_main_authentication; if (! $mode) $mode='http'; if ($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK) accessforbidden(); /** * Actions */ // Action modif mot de passe if ($_GET["action"] == 'validatenewpassword' && $_GET["username"] && $_GET["passwordmd5"]) { $edituser = new User($db); $result=$edituser->fetch($_GET["username"]); if ($result < 0) { $message = '

'.$langs->trans("ErrorLoginDoesNotExists",$_GET["username"]).'

'; } else { if (md5($edituser->pass_temp) == $_GET["passwordmd5"]) { $newpassword=$edituser->setPassword($user,$edituser->pass_temp,0); dol_syslog("passwordforgotten.php new password for user->id=".$edituser->id." validated in database"); //session_start(); //$_SESSION["loginmesg"]=$langs->trans("PasswordChanged"); header("Location: ".DOL_URL_ROOT.'/'); exit; } else { $message = '

'.$langs->trans("ErrorFailedToValidatePassword").'

'; } } } // Action modif mot de passe if ($_POST["action"] == 'buildnewpassword' && $_POST["username"]) { require_once DOL_DOCUMENT_ROOT.'/includes/artichow/Artichow.cfg.php'; require_once ARTICHOW."/AntiSpam.class.php"; // We create anti-spam object $object = new AntiSpam(); // Verify code if (! $object->check('dol_antispam_value',$_POST['code'],true)) { $message = '

'.$langs->trans("ErrorBadValueForCode").'

'; } else { $edituser = new User($db); $result=$edituser->fetch($_POST["username"],'',1); if ($result <= 0 && $edituser->error == 'USERNOTFOUND') { $message = '

'.$langs->trans("ErrorLoginDoesNotExists",$_POST["username"]).'

'; $_POST["username"]=''; } else { if (! $edituser->email) { $message = '

'.$langs->trans("ErrorLoginHasNoEmail").'

'; } else { $newpassword=$edituser->setPassword($user,'',1); if ($newpassword < 0) { // Failed $message = '

'.$langs->trans("ErrorFailedToChangePassword").'

'; } else { // Success if ($edituser->send_password($user,$newpassword,1) > 0) { $message = '

'.$langs->trans("PasswordChangeRequestSent",$edituser->login,$edituser->email).'

'; //$message.=$newpassword; $_POST["username"]=''; } else { //$message = '

'.$langs->trans("PasswordChangedTo",$newpassword).'

'; $message.= '

'.$edituser->error.'

'; } } } } } } /* * Affichage page */ $conf->css = "theme/".$conf->theme."/".$conf->theme.".css"; // Si feuille de style en php existe if (file_exists(DOL_DOCUMENT_ROOT.'/'.$conf->css.".php")) $conf->css.=".php"; header('Cache-Control: Public, must-revalidate'); print ''."\n"; // En tete html print "\n"; print "\n"; print ''."\n"; print ''."\n"; // Evite indexation par robots print "Dolibarr Authentification\n"; print ''."\n"; print ''."\n"; print ''."\n"; print ''."\n"; // Body print ''."\n"; // Form print '

'."\n"; print ''; print ''."\n"; // Table 1 $title='Dolibarr '.DOL_VERSION; if (! empty($conf->global->MAIN_APPLICATION_TITLE)) $title=$conf->global->MAIN_APPLICATION_TITLE; print ''."\n"; if (file_exists(DOL_DOCUMENT_ROOT.'/logo.png')) { print ''."\n"; } else { print ''."\n"; } print ''."\n"; print '
'."\n"; // Send password button enabled ? $disabled='disabled'; if ($mode == 'dolibarr' || $mode == 'dolibarr_mdb2') $disabled=''; if ($conf->global->MAIN_SECURITY_ENABLE_SENDPASSWORD) $disabled=''; // To force button enabled // Table 2 print ''."\n"; print ''."\n"; print ''; print ''; print ''; $title=''; // Show logo (search in order: small company logo, large company logo, theme logo, common logo) $width=0; $urllogo=DOL_URL_ROOT.'/theme/login_logo.png'; if (isset($mysoc->logo_small) && is_readable($conf->mycompany->dir_output.'/logos/thumbs/'.$mysoc->logo_small)) { $urllogo=DOL_URL_ROOT.'/viewimage.php?modulepart=companylogo&file='.urlencode('/thumbs/'.$mysoc->logo_small); } elseif (isset($mysoc->logo) && is_readable($conf->mycompany->dir_output.'/logos/'.$mysoc->logo)) { $urllogo=DOL_URL_ROOT.'/viewimage.php?modulepart=companylogo&file='.urlencode($mysoc->logo); $width=96; } elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/img/login_logo.png')) { $urllogo=DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/login_logo.png'; } print ''; print ''."\n"; if (function_exists("imagecreatefrompng") && ! $disabled) { if (! empty($conf->browser->phone)) print ''; // More space with phones //print "Info session: ".session_name().session_id();print_r($_SESSION); print ''; print ''; print ''; } print ''."\n"; print ''."\n"; print "

'.$langs->trans("Login").'

'; if (empty($conf->browser->phone)) { print ' '.$title.'

'; } print '

'.$langs->trans("SecurityCode").'

'; print ''; // Force width to a small value print ''; $width=128;$height=36; if (! empty($conf->browser->phone)) $width=64; $height=24; print ''; print ''; print '

'.img_refresh().'

'; print '

'; print ''; print '

"."\n"; print "

"."\n"; print ''."\n"; print '

'; if (($mode == 'dolibarr' || $mode == 'dolibarr_mdb2') || (! $disabled)) { print ''.$langs->trans("SendNewPasswordDesc").''."\n"; } else { print '

'.$langs->trans("AuthenticationDoesNotAllowSendNewPassword",$mode).'

'."\n"; } print '

'; if ($message) { print '

'; print $message.'

'; } print '
'."\n"; print ''.$langs->trans("BackToLoginPage").''; print ''."\n"; print "
"; print "
"; // Fin entete html print "\n\n"; ?>