/**
* Change password of a user
*
* @param User $user Object user of user making change
* @param string $password New password in clear text (to generate if not provided)
* @param int $changelater 1=Change password only after clicking on confirm email
* @param int $notrigger 1=Does not launch triggers
* @param int $nosyncmember Do not synchronize linked member
* @return string If OK return clear password, 0 if no change, < 0 if error
*/
function setPassword($user, $password = '', $changelater = 0, $notrigger = 0, $nosyncmember = 0)
{
global $conf, $langs;
require_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php';
$error = 0;
dol_syslog(get_class($this) . "::setPassword user="******" password="******" changelater=" . $changelater . " notrigger=" . $notrigger . " nosyncmember=" . $nosyncmember, LOG_DEBUG);
// If new password not provided, we generate one
if (!$password) {
$password = getRandomPassword(false);
}
// Crypte avec md5
$password_crypted = dol_hash($password);
// Mise a jour
if (!$changelater) {
if (!is_object($this->oldcopy)) {
$this->oldcopy = clone $this;
}
$this->db->begin();
$sql = "UPDATE " . MAIN_DB_PREFIX . "user";
$sql .= " SET pass_crypted = '" . $this->db->escape($password_crypted) . "',";
$sql .= " pass_temp = null";
if (!empty($conf->global->DATABASE_PWD_ENCRYPTED)) {
$sql .= ", pass = null";
} else {
$sql .= ", pass = '******'";
}
$sql .= " WHERE rowid = " . $this->id;
dol_syslog(get_class($this) . "::setPassword", LOG_DEBUG);
$result = $this->db->query($sql);
if ($result) {
if ($this->db->affected_rows($result)) {
$this->pass = $password;
$this->pass_indatabase = $password;
$this->pass_indatabase_crypted = $password_crypted;
if ($this->fk_member && !$nosyncmember) {
require_once DOL_DOCUMENT_ROOT . '/adherents/class/adherent.class.php';
// This user is linked with a member, so we also update members informations
// if this is an update.
$adh = new Adherent($this->db);
$result = $adh->fetch($this->fk_member);
if ($result >= 0) {
$result = $adh->setPassword($user, $this->pass, 0, 1);
// Cryptage non gere dans module adherent
if ($result < 0) {
$this->error = $adh->error;
dol_syslog(get_class($this) . "::setPassword " . $this->error, LOG_ERR);
$error++;
}
} else {
$this->error = $adh->error;
$error++;
}
}
dol_syslog(get_class($this) . "::setPassword notrigger=" . $notrigger . " error=" . $error, LOG_DEBUG);
if (!$error && !$notrigger) {
// Call trigger
$result = $this->call_trigger('USER_NEW_PASSWORD', $user);
if ($result < 0) {
$error++;
$this->db->rollback();
return -1;
}
// End call triggers
}
$this->db->commit();
return $this->pass;
} else {
$this->db->rollback();
return 0;
}
} else {
$this->db->rollback();
dol_print_error($this->db);
return -1;
}
} else {
// We store clear password in password temporary field.
// After receiving confirmation link, we will crypt it and store it in pass_crypted
$sql = "UPDATE " . MAIN_DB_PREFIX . "user";
$sql .= " SET pass_temp = '" . $this->db->escape($password) . "'";
$sql .= " WHERE rowid = " . $this->id;
dol_syslog(get_class($this) . "::setPassword", LOG_DEBUG);
// No log
$result = $this->db->query($sql);
if ($result) {
return $password;
} else {
dol_print_error($this->db);
return -3;
}
}
}
/**
* Change password of a user
* @param user Object user of user making change
* @param password New password in clear text (to generate if not provided)
* @param changelater 1=Change password only after clicking on confirm email
* @param notrigger 1=Does not launch triggers
* @param nosyncmember Do not synchronize linked member
* @return string If OK return clear password, 0 if no change, < 0 if error
*/
function setPassword($user, $password='', $changelater=0, $notrigger=0, $nosyncmember=0)
{
global $conf, $langs;
$error=0;
dol_syslog("User::setPassword user="******" password="******" changelater=".$changelater." notrigger=".$notrigger." nosyncmember=".$nosyncmember, LOG_DEBUG);
// If new password not provided, we generate one
if (! $password)
{
include_once(DOL_DOCUMENT_ROOT.'/lib/security.lib.php');
$password=getRandomPassword('');
}
// Crypte avec md5
$password_crypted = md5($password);
// Mise a jour
if (! $changelater)
{
$sql = "UPDATE ".MAIN_DB_PREFIX."user";
$sql.= " SET pass_crypted = '".$this->db->escape($password_crypted)."',";
$sql.= " pass_temp = null";
if (! empty($conf->global->DATABASE_PWD_ENCRYPTED))
{
$sql.= ", pass = null";
}
else
{
$sql.= ", pass = '******'";
}
$sql.= " WHERE rowid = ".$this->id;
dol_syslog("User::setPassword sql=hidden", LOG_DEBUG);
//dol_syslog("User::Password sql=".$sql);
$result = $this->db->query($sql);
if ($result)
{
if ($this->db->affected_rows($result))
{
$this->pass=$password;
$this->pass_indatabase=$password;
$this->pass_indatabase_crypted=$password_crypted;
if ($this->fk_member && ! $nosyncmember)
{
require_once(DOL_DOCUMENT_ROOT."/adherents/class/adherent.class.php");
// This user is linked with a member, so we also update members informations
// if this is an update.
$adh=new Adherent($this->db);
$result=$adh->fetch($this->fk_member);
if ($result >= 0)
{
$result=$adh->setPassword($user,$this->pass,0,1); // Cryptage non gere dans module adherent
if ($result < 0)
{
$this->error=$adh->error;
dol_syslog("User::setPassword ".$this->error,LOG_ERR);
$error++;
}
}
else
{
$this->error=$adh->error;
$error++;
}
}
dol_syslog("User::setPassword notrigger=".$notrigger." error=".$error,LOG_DEBUG);
if (! $error && ! $notrigger)
{
// Appel des triggers
include_once(DOL_DOCUMENT_ROOT . "/core/class/interfaces.class.php");
$interface=new Interfaces($this->db);
$result=$interface->run_triggers('USER_NEW_PASSWORD',$this,$user,$langs,$conf);
if ($result < 0) $this->errors=$interface->errors;
// Fin appel triggers
}
return $this->pass;
}
else
{
return 0;
}
}
else
{
dol_print_error($this->db);
return -1;
}
}
else
{
// We store clear password in password temporary field.
// After receiving confirmation link, we will crypt it and store it in pass_crypted
$sql = "UPDATE ".MAIN_DB_PREFIX."user";
$sql.= " SET pass_temp = '".$this->db->escape($password)."'";
$sql.= " WHERE rowid = ".$this->id;
dol_syslog("User::setPassword sql=hidden", LOG_DEBUG); // No log
$result = $this->db->query($sql);
if ($result)
{
return $password;
}
else
{
dol_print_error($this->db);
return -3;
}
}
}
