} if (!defined('NOREQUIREHTML')) { define('NOREQUIREHTML', '1'); } if (!defined('NOREQUIREAJAX')) { define('NOREQUIREAJAX', '1'); } if (!defined('NOREQUIRESOC')) { define('NOREQUIRESOC', '1'); } if (!defined('NOREQUIRETRAN')) { define('NOREQUIRETRAN', '1'); } require '../../main.inc.php'; /* * View */ // Ajout directives pour resoudre bug IE //header('Cache-Control: Public, must-revalidate'); //header('Pragma: public'); //top_htmlhead("", "", 1); // Replaced with top_httphead. An ajax page does not need html header. top_httphead(); //print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n"; // Registering the location of boxes if (isset($_GET['action']) && !empty($_GET['action'])) { if ($_GET['action'] == 'getrandompassword' && $user->admin) { require_once DOL_DOCUMENT_ROOT . "/core/lib/security2.lib.php"; $generic = $_GET['generic']; echo getRandomPassword($generic); } }
print '<tr><td valign="top"><span class="fieldrequired">' . $langs->trans("Login") . '</span></td>'; print '<td>'; if ($ldap_login) { print '<input type="hidden" name="login" value="' . $ldap_login . '">'; print $ldap_login; } elseif ($ldap_loginsmb) { print '<input type="hidden" name="login" value="' . $ldap_loginsmb . '">'; print $ldap_loginsmb; } else { print '<input size="20" maxsize="24" type="text" name="login" value="' . $_POST["login"] . '">'; } print '</td></tr>'; $generated_password = ''; if (!$ldap_sid) { include_once DOL_DOCUMENT_ROOT . '/lib/security.lib.php'; $generated_password = getRandomPassword(''); } $password = $generated_password; // Mot de passe print '<tr><td valign="top">' . $langs->trans("Password") . '</td>'; print '<td>'; if ($ldap_sid) { print 'Mot de passe du domaine'; } else { if ($ldap_pass) { print '<input type="hidden" name="password" value="' . $ldap_pass . '">'; print preg_replace('/./i', '*', $ldap_pass); } else { // We do not use a field password but a field text to show new password to use. print '<input size="30" maxsize="32" type="text" name="password" value="' . $password . '">'; }
/** * Change password of a user * @param user Object user de l'utilisateur qui fait la modification * @param password Nouveau mot de passe (a generer si non communique) * @param isencrypted 0 ou 1 si il faut crypter le mot de passe en base (0 par defaut) * @param notrigger 1=Ne declenche pas les triggers * @param nosyncuser Do not synchronize linked user * @return string If OK return clear password, 0 if no change, < 0 if error */ function setPassword($user, $password = '', $isencrypted = 0, $notrigger = 0, $nosyncuser = 0) { global $conf, $langs; $error = 0; dol_syslog(get_class($this) . "::setPassword user="******" password="******" isencrypted=" . $isencrypted); // If new password not provided, we generate one if (!$password) { include_once DOL_DOCUMENT_ROOT . '/lib/security.lib.php'; $password = getRandomPassword(''); } // Cryptage mot de passe if ($isencrypted) { // Crypte avec systeme encodage par defaut du PHP //$sqlpass = crypt($password, makesalt()); $password_indatabase = md5($password); } else { $password_indatabase = $password; } // Mise a jour $sql = "UPDATE " . MAIN_DB_PREFIX . "adherent SET pass = '******'"; $sql .= " WHERE rowid = " . $this->id; //dol_syslog("Adherent::Password sql=hidden"); dol_syslog(get_class($this) . "::setPassword sql=" . $sql); $result = $this->db->query($sql); if ($result) { $nbaffectedrows = $this->db->affected_rows($result); if ($nbaffectedrows) { $this->pass = $password; $this->pass_indatabase = $password_indatabase; if ($this->user_id && !$nosyncuser) { require_once DOL_DOCUMENT_ROOT . "/user/class/user.class.php"; // This member is linked with a user, so we also update users informations // if this is an update. $luser = new User($this->db); $result = $luser->fetch($this->user_id); if ($result >= 0) { $result = $luser->setPassword($user, $this->pass, 0, 0, 1); if ($result < 0) { $this->error = $luser->error; dol_syslog(get_class($this) . "::setPassword " . $this->error, LOG_ERR); $error++; } } else { $this->error = $luser->error; $error++; } } if (!$error && !$notrigger) { // Appel des triggers include_once DOL_DOCUMENT_ROOT . "/core/class/interfaces.class.php"; $interface = new Interfaces($this->db); $result = $interface->run_triggers('MEMBER_NEW_PASSWORD', $this, $user, $langs, $conf); if ($result < 0) { $error++; $this->errors = $interface->errors; } // Fin appel triggers } return $this->pass; } else { return 0; } } else { dol_print_error($this->db); return -1; } }
// API key $generated_api_key = ''; require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php'; $generated_password=getRandomPassword(false); print '<tr><td>'.$langs->trans("ApiKey").'</td>'; print '<td>'; print '<input size="30" maxsize="32" type="text" id="api_key" name="api_key" value="'.$api_key.'" autocomplete="off">'; if (! empty($conf->use_javascript_ajax)) print ' '.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_api_key" class="linkobject"'); print '</td></tr>'; } else { require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php'; // PARTIAL WORKAROUND $generated_fake_api_key=getRandomPassword(false); print '<input type="hidden" name="api_key" value="'.$generated_fake_api_key.'">'; } // Administrator if (! empty($user->admin)) { print '<tr><td>'.$langs->trans("Administrator").'</td>'; print '<td>'; print $form->selectyesno('admin',GETPOST('admin'),1); if (! empty($conf->multicompany->enabled) && ! $user->entity && empty($conf->multicompany->transverse_mode)) { if (! empty($conf->use_javascript_ajax)) { print '<script type="text/javascript">
/** * Change password of a user * * @param User $user Object user de l'utilisateur qui fait la modification * @param string $password New password (to generate if empty) * @param int $isencrypted 0 ou 1 si il faut crypter le mot de passe en base (0 par defaut) * @param int $notrigger 1=Ne declenche pas les triggers * @param int $nosyncuser Do not synchronize linked user * @return string If OK return clear password, 0 if no change, < 0 if error */ function setPassword($user, $password = '', $isencrypted = 0, $notrigger = 0, $nosyncuser = 0) { global $conf, $langs; $error = 0; dol_syslog(get_class($this) . "::setPassword user="******" password="******" isencrypted=" . $isencrypted); // If new password not provided, we generate one if (!$password) { require_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php'; $password = getRandomPassword(false); } // Cryptage mot de passe if ($isencrypted) { // Encryption $password_indatabase = dol_hash($password); } else { $password_indatabase = $password; } $this->db->begin(); // Mise a jour $sql = "UPDATE " . MAIN_DB_PREFIX . "adherent SET pass = '******'"; $sql .= " WHERE rowid = " . $this->id; //dol_syslog("Adherent::Password sql=hidden"); dol_syslog(get_class($this) . "::setPassword", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $nbaffectedrows = $this->db->affected_rows($result); if ($nbaffectedrows) { $this->pass = $password; $this->pass_indatabase = $password_indatabase; if ($this->user_id && !$nosyncuser) { require_once DOL_DOCUMENT_ROOT . '/user/class/user.class.php'; // This member is linked with a user, so we also update users informations // if this is an update. $luser = new User($this->db); $result = $luser->fetch($this->user_id); if ($result >= 0) { $result = $luser->setPassword($user, $this->pass, 0, 0, 1); if ($result < 0) { $this->error = $luser->error; dol_syslog(get_class($this) . "::setPassword " . $this->error, LOG_ERR); $error++; } } else { $this->error = $luser->error; $error++; } } if (!$error && !$notrigger) { // Call trigger $result = $this->call_trigger('MEMBER_NEW_PASSWORD', $user); if ($result < 0) { $error++; $this->db->rollback(); return -1; } // End call triggers } $this->db->commit(); return $this->pass; } else { $this->db->rollback(); return 0; } } else { $this->db->rollback(); dol_print_error($this->db); return -1; } }
} if (!empty($id) && $action != 'edit' && $action != 'create') { $objsoc = new Societe($db); /* * Fiche en mode visualisation */ dol_htmloutput_errors($error, $errors); dol_fiche_head($head, 'card', $title, 0, 'contact'); if ($action == 'create_user') { // Full firstname and lastname separated with a dot : firstname.lastname include_once DOL_DOCUMENT_ROOT . '/core/lib/functions2.lib.php'; $login = dol_buildlogin($object->lastname, $object->firstname); $generated_password = ''; if (!$ldap_sid) { require_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php'; $generated_password = getRandomPassword(false); } $password = $generated_password; // Create a form array $formquestion = array(array('label' => $langs->trans("LoginToCreate"), 'type' => 'text', 'name' => 'login', 'value' => $login), array('label' => $langs->trans("Password"), 'type' => 'text', 'name' => 'password', 'value' => $password)); $text = $langs->trans("ConfirmCreateContact") . '<br>'; if (!empty($conf->societe->enabled)) { if ($object->socid > 0) { $text .= $langs->trans("UserWillBeExternalUser"); } else { $text .= $langs->trans("UserWillBeInternalUser"); } } print $form->formconfirm($_SERVER["PHP_SELF"] . "?id=" . $object->id, $langs->trans("CreateDolibarrLogin"), $text, "confirm_create_user", $formquestion, 'yes'); } print '<table class="border" width="100%">';
/** * Change password of a user * * @param User $user Object user of user making change * @param string $password New password in clear text (to generate if not provided) * @param int $changelater 1=Change password only after clicking on confirm email * @param int $notrigger 1=Does not launch triggers * @param int $nosyncmember Do not synchronize linked member * @return string If OK return clear password, 0 if no change, < 0 if error */ function setPassword($user, $password = '', $changelater = 0, $notrigger = 0, $nosyncmember = 0) { global $conf, $langs; require_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php'; $error = 0; dol_syslog(get_class($this) . "::setPassword user="******" password="******" changelater=" . $changelater . " notrigger=" . $notrigger . " nosyncmember=" . $nosyncmember, LOG_DEBUG); // If new password not provided, we generate one if (!$password) { $password = getRandomPassword(false); } // Crypte avec md5 $password_crypted = dol_hash($password); // Mise a jour if (!$changelater) { if (!is_object($this->oldcopy)) { $this->oldcopy = clone $this; } $this->db->begin(); $sql = "UPDATE " . MAIN_DB_PREFIX . "user"; $sql .= " SET pass_crypted = '" . $this->db->escape($password_crypted) . "',"; $sql .= " pass_temp = null"; if (!empty($conf->global->DATABASE_PWD_ENCRYPTED)) { $sql .= ", pass = null"; } else { $sql .= ", pass = '******'"; } $sql .= " WHERE rowid = " . $this->id; dol_syslog(get_class($this) . "::setPassword", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { if ($this->db->affected_rows($result)) { $this->pass = $password; $this->pass_indatabase = $password; $this->pass_indatabase_crypted = $password_crypted; if ($this->fk_member && !$nosyncmember) { require_once DOL_DOCUMENT_ROOT . '/adherents/class/adherent.class.php'; // This user is linked with a member, so we also update members informations // if this is an update. $adh = new Adherent($this->db); $result = $adh->fetch($this->fk_member); if ($result >= 0) { $result = $adh->setPassword($user, $this->pass, 0, 1); // Cryptage non gere dans module adherent if ($result < 0) { $this->error = $adh->error; dol_syslog(get_class($this) . "::setPassword " . $this->error, LOG_ERR); $error++; } } else { $this->error = $adh->error; $error++; } } dol_syslog(get_class($this) . "::setPassword notrigger=" . $notrigger . " error=" . $error, LOG_DEBUG); if (!$error && !$notrigger) { // Call trigger $result = $this->call_trigger('USER_NEW_PASSWORD', $user); if ($result < 0) { $error++; $this->db->rollback(); return -1; } // End call triggers } $this->db->commit(); return $this->pass; } else { $this->db->rollback(); return 0; } } else { $this->db->rollback(); dol_print_error($this->db); return -1; } } else { // We store clear password in password temporary field. // After receiving confirmation link, we will crypt it and store it in pass_crypted $sql = "UPDATE " . MAIN_DB_PREFIX . "user"; $sql .= " SET pass_temp = '" . $this->db->escape($password) . "'"; $sql .= " WHERE rowid = " . $this->id; dol_syslog(get_class($this) . "::setPassword", LOG_DEBUG); // No log $result = $this->db->query($sql); if ($result) { return $password; } else { dol_print_error($this->db); return -3; } } }
/** * Set content of ->tpl array, to use into template * * @param string $action Type of action * @param int $id Id * @return string HTML output */ function assign_values(&$action, $id) { global $conf, $langs, $user, $canvas; global $form, $formcompany, $objsoc; if ($action == 'add' || $action == 'update') { $this->assign_post(); } foreach ($this->object as $key => $value) { $this->tpl[$key] = $value; } $this->tpl['error'] = $this->error; $this->tpl['errors'] = $this->errors; if ($action == 'create' || $action == 'edit') { if ($conf->use_javascript_ajax) { $this->tpl['ajax_selectcountry'] = "\n" . '<script type="text/javascript" language="javascript"> jQuery(document).ready(function () { jQuery("#selectcountry_id").change(function() { document.formsoc.action.value="' . $action . '"; document.formsoc.canvas.value="' . $canvas . '"; document.formsoc.submit(); }); }) </script>' . "\n"; } if (is_object($objsoc) && $objsoc->id > 0) { $this->tpl['company'] = $objsoc->getNomUrl(1); $this->tpl['company_id'] = $objsoc->id; } else { $this->tpl['company'] = $form->select_company($this->object->socid, 'socid', '', 1); } // Civility $this->tpl['select_civility'] = $formcompany->select_civility($this->object->civility_id); // Predefined with third party if (isset($objsoc->typent_code) && $objsoc->typent_code == 'TE_PRIVATE' || !empty($conf->global->CONTACT_USE_COMPANY_ADDRESS)) { if (dol_strlen(trim($this->object->address)) == 0) { $this->tpl['address'] = $objsoc->address; } if (dol_strlen(trim($this->object->zip)) == 0) { $this->object->zip = $objsoc->zip; } if (dol_strlen(trim($this->object->town)) == 0) { $this->object->town = $objsoc->town; } if (dol_strlen(trim($this->object->phone_pro)) == 0) { $this->object->phone_pro = $objsoc->phone; } if (dol_strlen(trim($this->object->fax)) == 0) { $this->object->fax = $objsoc->fax; } if (dol_strlen(trim($this->object->email)) == 0) { $this->object->email = $objsoc->email; } } // Zip $this->tpl['select_zip'] = $formcompany->select_ziptown($this->object->zip, 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6); // Town $this->tpl['select_town'] = $formcompany->select_ziptown($this->object->town, 'town', array('zipcode', 'selectcountry_id', 'state_id')); if (dol_strlen(trim($this->object->country_id)) == 0) { $this->object->country_id = $objsoc->country_id; } // Country $this->tpl['select_country'] = $form->select_country($this->object->country_id, 'country_id'); $countrynotdefined = $langs->trans("ErrorSetACountryFirst") . ' (' . $langs->trans("SeeAbove") . ')'; if ($user->admin) { $this->tpl['info_admin'] = info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"), 1); } // State if ($this->object->country_id) { $this->tpl['select_state'] = $formcompany->select_state($this->object->fk_departement, $this->object->country_code); } else { $this->tpl['select_state'] = $countrynotdefined; } // Public or private $selectarray = array('0' => $langs->trans("ContactPublic"), '1' => $langs->trans("ContactPrivate")); $this->tpl['select_visibility'] = $form->selectarray('priv', $selectarray, $this->object->priv, 0); } if ($action == 'view' || $action == 'edit' || $action == 'delete') { // Emailing if (!empty($conf->mailing->enabled)) { $langs->load("mails"); $this->tpl['nb_emailing'] = $this->object->getNbOfEMailings(); } // Linked element $this->tpl['contact_element'] = array(); $i = 0; $this->object->load_ref_elements(); if (!empty($conf->commande->enabled)) { $this->tpl['contact_element'][$i]['linked_element_label'] = $langs->trans("ContactForOrders"); $this->tpl['contact_element'][$i]['linked_element_value'] = $this->object->ref_commande ? $this->object->ref_commande : $langs->trans("NoContactForAnyOrder"); $i++; } if (!empty($conf->propal->enabled)) { $this->tpl['contact_element'][$i]['linked_element_label'] = $langs->trans("ContactForProposals"); $this->tpl['contact_element'][$i]['linked_element_value'] = $this->object->ref_propal ? $this->object->ref_propal : $langs->trans("NoContactForAnyProposal"); $i++; } if (!empty($conf->contrat->enabled)) { $this->tpl['contact_element'][$i]['linked_element_label'] = $langs->trans("ContactForContracts"); $this->tpl['contact_element'][$i]['linked_element_value'] = $this->object->ref_contrat ? $this->object->ref_contrat : $langs->trans("NoContactForAnyContract"); $i++; } if (!empty($conf->facture->enabled)) { $this->tpl['contact_element'][$i]['linked_element_label'] = $langs->trans("ContactForInvoices"); $this->tpl['contact_element'][$i]['linked_element_value'] = $this->object->ref_facturation ? $this->object->ref_facturation : $langs->trans("NoContactForAnyInvoice"); $i++; } // Dolibarr user if ($this->object->user_id) { $dolibarr_user = new User($this->db); $result = $dolibarr_user->fetch($this->object->user_id); $this->tpl['dolibarr_user'] = $dolibarr_user->getLoginUrl(1); } else { $this->tpl['dolibarr_user'] = $langs->trans("NoDolibarrAccess"); } } if ($action == 'view' || $action == 'delete') { $this->tpl['showrefnav'] = $form->showrefnav($this->object, 'id'); if ($this->object->socid > 0) { $objsoc = new Societe($this->db); $objsoc->fetch($this->object->socid); $this->tpl['company'] = $objsoc->getNomUrl(1); } else { $this->tpl['company'] = $langs->trans("ContactNotLinkedToCompany"); } $this->tpl['civility'] = $this->object->getCivilityLabel(); $this->tpl['address'] = dol_nl2br($this->object->address); $this->tpl['zip'] = $this->object->zip ? $this->object->zip . ' ' : ''; $img = picto_from_langcode($this->object->country_code); $this->tpl['country'] = ($img ? $img . ' ' : '') . $this->object->country; $this->tpl['phone_pro'] = dol_print_phone($this->object->phone_pro, $this->object->country_code, 0, $this->object->id, 'AC_TEL'); $this->tpl['phone_perso'] = dol_print_phone($this->object->phone_perso, $this->object->country_code, 0, $this->object->id, 'AC_TEL'); $this->tpl['phone_mobile'] = dol_print_phone($this->object->phone_mobile, $this->object->country_code, 0, $this->object->id, 'AC_TEL'); $this->tpl['fax'] = dol_print_phone($this->object->fax, $this->object->country_code, 0, $this->object->id, 'AC_FAX'); $this->tpl['email'] = dol_print_email($this->object->email, 0, $this->object->id, 'AC_EMAIL'); $this->tpl['visibility'] = $this->object->LibPubPriv($this->object->priv); $this->tpl['note'] = nl2br($this->object->note); } if ($action == 'create_user') { // Full firstname and lastname separated with a dot : firstname.lastname include_once DOL_DOCUMENT_ROOT . '/core/lib/functions2.lib.php'; require_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php'; $login = dol_buildlogin($this->object->lastname, $this->object->firstname); $generated_password = getRandomPassword(false); $password = $generated_password; // Create a form array $formquestion = array(array('label' => $langs->trans("LoginToCreate"), 'type' => 'text', 'name' => 'login', 'value' => $login), array('label' => $langs->trans("Password"), 'type' => 'text', 'name' => 'password', 'value' => $password)); $this->tpl['action_create_user'] = $form->formconfirm($_SERVER["PHP_SELF"] . "?id=" . $this->object->id, $langs->trans("CreateDolibarrLogin"), $langs->trans("ConfirmCreateContact"), "confirm_create_user", $formquestion, 'no'); } }
/** * testGetRandomPassword * * @return number */ public function testGetRandomPassword() { global $conf; $genpass1 = getRandomPassword(true); // Should be a string return by dol_hash (if no option set, will be md5) print __METHOD__ . " genpass1=" . $genpass1 . "\n"; $this->assertEquals(strlen($genpass1), 32); $conf->global->USER_PASSWORD_GENERATED = 'None'; $genpass2 = getRandomPassword(false); // Should be an empty string print __METHOD__ . " genpass2=" . $genpass2 . "\n"; $this->assertEquals($genpass2, ''); $conf->global->USER_PASSWORD_GENERATED = 'Standard'; $genpass3 = getRandomPassword(false); print __METHOD__ . " genpass3=" . $genpass3 . "\n"; $this->assertEquals(strlen($genpass3), 8); return 0; }
} else { $mysql_error = 'mysql driver is not installed.'; $task = 'error'; } $norender = false; $break = false; switch ($task) { case 'add': header('Cache-Control: private'); $token = token(); // Check db user settings $sql = "SELECT COUNT(*) FROM mysql.user WHERE User LIKE '{$me}'"; $query = mysql_query($sql); $result = mysql_fetch_row($query); if (!$result[0]) { $random_passwd = getRandomPassword(); // create user if (ZDatabase::addmysqluser($me, $random_passwd)) { setmsg(t("Added."), 'notice'); } else { setmsg(t('Database Error. ') . mysql_error(), 'error'); } } if (!isadmin()) { setmsg(t(''), 'warning'); } if (checktoken()) { $username = $_REQUEST['name']; $password = $_REQUEST['password']; $break = false; if (in_array($username, ZDatabase::getDbUsers())) {
if ($checkread == 'on') { $res = dolibarr_set_const($db, "MAILING_EMAIL_UNSUBSCRIBE", 1, 'chaine', 0, '', $conf->entity); if (!$res > 0) { $error++; } } else { if ($checkread == 'off') { $res = dolibarr_set_const($db, "MAILING_EMAIL_UNSUBSCRIBE", 0, 'chaine', 0, '', $conf->entity); if (!$res > 0) { $error++; } } } //Create temporary encryption key if nedded if ($conf->global->MAILING_EMAIL_UNSUBSCRIBE == 1 && empty($checkread_key)) { $checkread_key = getRandomPassword(true); } $res = dolibarr_set_const($db, "MAILING_EMAIL_UNSUBSCRIBE_KEY", $checkread_key, 'chaine', 0, '', $conf->entity); if (!$res > 0) { $error++; } if (!$error) { $db->commit(); $mesg = "<font class=\"ok\">" . $langs->trans("SetupSaved") . "</font>"; } else { $db->rollback(); $mesg = "<font class=\"error\">" . $langs->trans("Error") . "</font>"; } } /* * View
/** * Change password of a user * @param user Object user of user making change * @param password New password in clear text (to generate if not provided) * @param changelater 1=Change password only after clicking on confirm email * @param notrigger 1=Does not launch triggers * @param nosyncmember Do not synchronize linked member * @return string If OK return clear password, 0 if no change, < 0 if error */ function setPassword($user, $password='', $changelater=0, $notrigger=0, $nosyncmember=0) { global $conf, $langs; $error=0; dol_syslog("User::setPassword user="******" password="******" changelater=".$changelater." notrigger=".$notrigger." nosyncmember=".$nosyncmember, LOG_DEBUG); // If new password not provided, we generate one if (! $password) { include_once(DOL_DOCUMENT_ROOT.'/lib/security.lib.php'); $password=getRandomPassword(''); } // Crypte avec md5 $password_crypted = md5($password); // Mise a jour if (! $changelater) { $sql = "UPDATE ".MAIN_DB_PREFIX."user"; $sql.= " SET pass_crypted = '".$this->db->escape($password_crypted)."',"; $sql.= " pass_temp = null"; if (! empty($conf->global->DATABASE_PWD_ENCRYPTED)) { $sql.= ", pass = null"; } else { $sql.= ", pass = '******'"; } $sql.= " WHERE rowid = ".$this->id; dol_syslog("User::setPassword sql=hidden", LOG_DEBUG); //dol_syslog("User::Password sql=".$sql); $result = $this->db->query($sql); if ($result) { if ($this->db->affected_rows($result)) { $this->pass=$password; $this->pass_indatabase=$password; $this->pass_indatabase_crypted=$password_crypted; if ($this->fk_member && ! $nosyncmember) { require_once(DOL_DOCUMENT_ROOT."/adherents/class/adherent.class.php"); // This user is linked with a member, so we also update members informations // if this is an update. $adh=new Adherent($this->db); $result=$adh->fetch($this->fk_member); if ($result >= 0) { $result=$adh->setPassword($user,$this->pass,0,1); // Cryptage non gere dans module adherent if ($result < 0) { $this->error=$adh->error; dol_syslog("User::setPassword ".$this->error,LOG_ERR); $error++; } } else { $this->error=$adh->error; $error++; } } dol_syslog("User::setPassword notrigger=".$notrigger." error=".$error,LOG_DEBUG); if (! $error && ! $notrigger) { // Appel des triggers include_once(DOL_DOCUMENT_ROOT . "/core/class/interfaces.class.php"); $interface=new Interfaces($this->db); $result=$interface->run_triggers('USER_NEW_PASSWORD',$this,$user,$langs,$conf); if ($result < 0) $this->errors=$interface->errors; // Fin appel triggers } return $this->pass; } else { return 0; } } else { dol_print_error($this->db); return -1; } } else { // We store clear password in password temporary field. // After receiving confirmation link, we will crypt it and store it in pass_crypted $sql = "UPDATE ".MAIN_DB_PREFIX."user"; $sql.= " SET pass_temp = '".$this->db->escape($password)."'"; $sql.= " WHERE rowid = ".$this->id; dol_syslog("User::setPassword sql=hidden", LOG_DEBUG); // No log $result = $this->db->query($sql); if ($result) { return $password; } else { dol_print_error($this->db); return -3; } } }
/** * Change password of a user * * @param User $user Object user de l'utilisateur qui fait la modification * @param string $password New password (to generate if empty) * @param int $isencrypted 0 ou 1 si il faut crypter le mot de passe en base (0 par defaut) * @param int $notrigger 1=Ne declenche pas les triggers * @param int $nosyncuser Do not synchronize linked user * @return string If OK return clear password, 0 if no change, < 0 if error */ function setPassword($user, $password = '', $isencrypted = 0, $notrigger = 0, $nosyncuser = 0) { global $conf, $langs; $error = 0; dol_syslog(get_class($this) . "::setPassword user="******" password="******" isencrypted=" . $isencrypted); // If new password not provided, we generate one if (!$password) { require_once DOL_DOCUMENT_ROOT . "/core/lib/security2.lib.php"; $password = getRandomPassword(''); } // Cryptage mot de passe if ($isencrypted) { // Encryption $password_indatabase = dol_hash($password); } else { $password_indatabase = $password; } $this->pass = $password; $this->pass_indatabase = $password_indatabase; if (!$error && !$notrigger) { // Appel des triggers include_once DOL_DOCUMENT_ROOT . "/core/class/interfaces.class.php"; $interface = new Interfaces($this->db); $result = $interface->run_triggers('MEMBER_NEW_PASSWORD', $this, $user, $langs, $conf); if ($result < 0) { $error++; $this->errors = $interface->errors; } // Fin appel triggers } return $this->pass; }
$f = $files[0]; } if (checkToken()) { $new_content = $_REQUEST['content']; if (file_put_contents('tpl/conf/' . $f, $new_content)) { setmsg(t('Saved!'), 'notice', 'self'); } } $content = file_get_contents('tpl/conf/' . $f); break; case 'svn': $users = array(); break; case 'random': // random password $pass = getRandomPassword(); $id = $_REQUEST['id']; break; case 'tasks': if (!isadmin()) { break; } if (checktoken()) { if ($pdo->insert('task', $_REQUEST)) { setmsg(t('Saved!'), 'notice', 'self'); } } $sql = "SELECT * FROM task WHERE state=0"; $tasks = $pdo->fetchAll($sql); break; case 'login':