".$langs->trans("Login")."

* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * or see http://www.gnu.org/ */ /** * \file htdocs/lib/security.lib.php * \brief Set of function used for dolibarr security * \version $Id$ */ /** * \brief Show Dolibarr default login page * \param langs Lang object * \param conf Conf object * \param mysoc Company object * \remarks You must change HTML code in this page to change design of logon page. */ function dol_loginfunction($langs,$conf,$mysoc) { $langs->load("main"); $langs->load("other"); $conf->css = "theme/".$conf->theme."/".$conf->theme.".css"; // Si feuille de style en php existe if (file_exists(DOL_DOCUMENT_ROOT.'/'.$conf->css.".php")) $conf->css.=".php"; header('Cache-Control: Public, must-revalidate'); header("Content-type: text/html; charset=".$conf->file->character_set_client); if (! empty($_REQUEST["urlfrom"])) $_SESSION["urlfrom"]=$_REQUEST["urlfrom"]; else unset($_SESSION["urlfrom"]); // Ce DTD est KO car inhibe document.body.scrollTop //print ''; // Ce DTD est OK print ''."\n"; // En tete html print "\n"; print "\n"; print ''."\n"; // Evite indexation par robots print "".$langs->trans("Login")."\n"; print ''."\n"; print ''."\n"; print ''."\n"; print ''."\n"; // Body print ''."\n\n"; // Start Form print '

'."\n"; // Table 1 $title='Dolibarr '.DOL_VERSION; if (! empty($conf->global->MAIN_APPLICATION_TITLE)) $title=$conf->global->MAIN_APPLICATION_TITLE; print ''."\n";; print ''."\n"; print '

'.$title.'

'."\n"; print '
'."\n\n"; // Table 2 print ''."\n"; print ''; print ''; // Login field print ''; print ''; // Show logo (search in order: small company logo, large company logo, theme logo, common logo) $title=''; $width=0; $urllogo=DOL_URL_ROOT.'/theme/login_logo.png'; if (! empty($mysoc->logo_small) && is_readable($conf->societe->dir_output.'/logos/thumbs/'.$mysoc->logo_small)) { $urllogo=DOL_URL_ROOT.'/viewimage.php?modulepart=companylogo&file='.urlencode('thumbs/'.$mysoc->logo_small); } elseif (! empty($mysoc->logo_small) && is_readable($conf->societe->dir_output.'/logos/'.$mysoc->logo)) { $urllogo=DOL_URL_ROOT.'/viewimage.php?modulepart=companylogo&file='.urlencode($mysoc->logo); $width=96; } elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/dolibarr_logo.png')) { $urllogo=DOL_URL_ROOT.'/theme/dolibarr_logo.png'; } print ''; print ''."\n"; // Password field print ''; print ''; // Entity field if (! empty($conf->global->MAIN_MODULE_MULTICOMPANY)) { $html = new Form($db); //TODO: creer class $entity = array('1'=>'company1','2'=>'company2'); print ''; print ''; } print ''."\n"; // Security graphical code if (function_exists("imagecreatefrompng") && ! empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA)) { //print "Info session: ".session_name().session_id();print_r($_SESSION); print ''; print ''; print ''; } print ''; if (empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK) || empty($conf->global->MAIN_HELPCENTER_DISABLELINK)) { print ''; } print '

'.$langs->trans("Login").'

'.$langs->trans("Password").'

'; print '

'.$langs->trans("Entity").'

'; print $html->selectarray('entity',$entity,'',0,0,0,1,'tabindex="3"'); print '

'.$langs->trans("SecurityCode").'

'; print ''; print ''; print ''; print ''; print '

'.img_refresh().'

'; print '

'; print ''; print '

'; if (empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK)) { print '('; print $langs->trans("PasswordForgotten"); if (! empty($conf->global->MAIN_HELPCENTER_DISABLELINK)) print ')'; } if (empty($conf->global->MAIN_HELPCENTER_DISABLELINK)) { $langs->load("help"); print ''; if (! empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK)) print '('; else print ' - '; print $langs->trans("NeedHelpCenter"); } print ')'; print '

'."\n"; // Hidden fields print ''."\n"; print '

'."\n"; // Message if (! empty($_SESSION["dol_loginmesg"])) { print '

'; print $_SESSION["dol_loginmesg"]; $_SESSION["dol_loginmesg"]=""; print '

'."\n"; } if (! empty($conf->global->MAIN_HOME)) { print '

'; $i=0; while (eregi('__$([a-zA-Z]+)$__',$conf->global->MAIN_HOME,$reg) && $i < 100) { $conf->global->MAIN_HOME=eregi_replace('__$'.$reg[1].'$__',$langs->trans($reg[1]),$conf->global->MAIN_HOME); $i++; } print nl2br($conf->global->MAIN_HOME); print '

'."\n"; } print "\n"; print ''."\n"; print ''."\n"; print ''."\n"; // Fin entete html print "\n\n"; } /** * \brief Fonction pour initialiser un salt pour la fonction crypt * \param $type 2=>renvoi un salt pour cryptage DES * 12=>renvoi un salt pour cryptage MD5 * non defini=>renvoi un salt pour cryptage par defaut * \return string Chaine salt */ function makesalt($type=CRYPT_SALT_LENGTH) { dol_syslog("security.lib.php::makesalt type=".$type); switch($type) { case 12: // 8 + 4 $saltlen=8; $saltprefix='$1$'; $saltsuffix='$'; break; case 8: // 8 + 4 (Pour compatibilite, ne devrait pas etre utilise) $saltlen=8; $saltprefix='$1$'; $saltsuffix='$'; break; case 2: // 2 default: // by default, fall back on Standard DES (should work everywhere) $saltlen=2; $saltprefix=''; $saltsuffix=''; break; } $salt=''; while(strlen($salt) < $saltlen) $salt.=chr(rand(64,126)); $result=$saltprefix.$salt.$saltsuffix; dol_syslog("security.lib.php::makesalt return=".$result); return $result; } /** * \brief Encode\decode database password in config file * \param level Encode level : 0 no enconding, 1 encoding * \return int <0 if KO, >0 if OK */ function encodedecode_dbpassconf($level=0) { dol_syslog("security.lib::encodedecode_dbpassconf level=".$level, LOG_DEBUG); $config = ''; if ($fp = fopen(DOL_DOCUMENT_ROOT.'/conf/conf.php','r')) { while(!feof($fp)) { $buffer = fgets($fp,4096); if (strstr($buffer,"\$dolibarr_main_db_encrypted_pass") && $level == 0) { $passwd = strstr($buffer,"$dolibarr_main_db_encrypted_pass="); $passwd = substr(substr($passwd,2),0,-3); $passwd = dol_decode($passwd); $config .= "\$dolibarr_main_db_pass=\"$passwd\";\n"; } else if (strstr($buffer,"\$dolibarr_main_db_pass") && $level == 1) { $passwd = strstr($buffer,"$dolibarr_main_db_pass="); $passwd = substr(substr($passwd,2),0,-3); $passwd = dol_encode($passwd); $config .= "\$dolibarr_main_db_encrypted_pass=\"$passwd\";\n"; } else { $config .= $buffer; } } fclose($fp); $file=DOL_DOCUMENT_ROOT.'/conf/conf.php'; if ($fp = @fopen($file,'w')) { fputs($fp, $config, strlen($config)); fclose($fp); // It's config file, so we set permission for creator only // @chmod($file, octdec('0600')); return 1; } else { dol_syslog("security.lib::encodedecode_dbpassconf Failed to open conf.php file for writing", LOG_WARNING); return -1; } } else { dol_syslog("security.lib::encodedecode_dbpassconf Failed to read conf.php", LOG_ERR); return -2; } } /** * \brief Encode une chaine de caractere * \param chaine chaine de caracteres a encoder * \return string_coded chaine de caracteres encodee */ function dol_encode($chain) { for($i=0;$i