/** * Check authentication array and set error, errorcode, errorlabel * * @param array $authentication Array with authentication informations ('login'=>,'password'=>,'entity'=>,'dolibarrkey'=>) * @param int &$error Number of errors * @param string &$errorcode Error string code * @param string &$errorlabel Error string label * @return User Return user object identified by login/pass/entity into authentication array */ function check_authentication($authentication, &$error, &$errorcode, &$errorlabel) { global $db, $conf, $langs; global $dolibarr_main_authentication, $dolibarr_auto_user; $fuser = new User($db); if (!$error && $authentication['dolibarrkey'] != $conf->global->WEBSERVICES_KEY) { $error++; $errorcode = 'BAD_VALUE_FOR_SECURITY_KEY'; $errorlabel = 'Value provided into dolibarrkey entry field does not match security key defined in Webservice module setup'; } if (!$error && !empty($authentication['entity']) && !is_numeric($authentication['entity'])) { $error++; $errorcode = 'BAD_PARAMETERS'; $errorlabel = "Parameter entity must be empty (or filled with numeric id of instance if multicompany module is used)."; } if (!$error) { $result = $fuser->fetch('', $authentication['login'], '', 0); if ($result < 0) { $error++; $errorcode = 'ERROR_FETCH_USER'; $errorlabel = 'A technical error occurs during fetch of user'; } else { if ($result == 0) { $error++; $errorcode = 'BAD_CREDENTIALS'; $errorlabel = 'Bad value for login or password'; } } if (!$error && $fuser->statut == 0) { $error++; $errorcode = 'ERROR_USER_DISABLED'; $errorlabel = 'This user has been locked or disabled'; } // Validation of login if (!$error) { $fuser->getrights(); // Load permission of user // Authentication mode if (empty($dolibarr_main_authentication)) { $dolibarr_main_authentication = 'http,dolibarr'; } // Authentication mode: forceuser if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) { $dolibarr_auto_user = '******'; } // Set authmode $authmode = explode(',', $dolibarr_main_authentication); include_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php'; $login = checkLoginPassEntity($authentication['login'], $authentication['password'], $authentication['entity'], $authmode); if (empty($login)) { $error++; $errorcode = 'BAD_CREDENTIALS'; $errorlabel = 'Bad value for login or password'; } } } return $fuser; }
$goontestloop = true; } if ($dolibarr_main_authentication == 'forceuser' && !empty($dolibarr_auto_user)) { $goontestloop = true; } if (GETPOST("username", "alpha", 2) || !empty($_COOKIE['login_dolibarr']) || GETPOST('openid_mode', 'alpha', 1)) { $goontestloop = true; } if (!is_object($langs)) { include_once DOL_DOCUMENT_ROOT . '/core/class/translate.class.php'; $langs = new Translate("", $conf); $langcode = GETPOST('lang') ? GETPOST('lang', 'alpha', 1) : (empty($conf->global->MAIN_LANG_DEFAULT) ? 'auto' : $conf->global->MAIN_LANG_DEFAULT); $langs->setDefaultLang($langcode); } if ($test && $goontestloop) { $login = checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode); if ($login) { $dol_authmode = $conf->authmode; // This properties is defined only when logged, to say what mode was successfully used $dol_tz = $_POST["tz"]; $dol_tz_string = $_POST["tz_string"]; $dol_tz_string = preg_replace('/\\s*\\(.+\\)$/', '', $dol_tz_string); $dol_tz_string = preg_replace('/,/', '/', $dol_tz_string); $dol_tz_string = preg_replace('/\\s/', '_', $dol_tz_string); $dol_dst = 0; if (isset($_POST["dst_first"]) && isset($_POST["dst_second"])) { include_once DOL_DOCUMENT_ROOT . '/core/lib/date.lib.php'; $datenow = dol_now(); $datefirst = dol_stringtotime($_POST["dst_first"]); $datesecond = dol_stringtotime($_POST["dst_second"]); if ($datenow >= $datefirst && $datenow < $datesecond) {
/** * Login * * Log user with username and password * * @param string $login Username * @param string $password User password * @param int $entity User entity * @return array Response status and user token * * @throws RestException */ public function login($login, $password, $entity = 0) { // Authentication mode if (empty($dolibarr_main_authentication)) { $dolibarr_main_authentication = 'http,dolibarr'; } // Authentication mode: forceuser if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) { $dolibarr_auto_user = '******'; } // Set authmode $authmode = explode(',', $dolibarr_main_authentication); include_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php'; $login = checkLoginPassEntity($login, $password, $entity, $authmode); if (empty($login)) { throw new RestException(403, 'Access denied'); } // Generate token for user $token = dol_hash($login . uniqid() . $conf->global->MAIN_API_KEY, 1); // We store API token into database $sql = "UPDATE " . MAIN_DB_PREFIX . "user"; $sql .= " SET api_key = '" . $this->db->escape($token) . "'"; $sql .= " WHERE login = '******'"; dol_syslog(get_class($this) . "::login", LOG_DEBUG); // No log $result = $this->db->query($sql); if (!$result) { throw new RestException(500, 'Error when updating user :'******'success' => array('code' => 200, 'token' => $token, 'message' => 'Welcome ' . $login)); }
/** * testCheckLoginPassEntity * * @return void */ public function testCheckLoginPassEntity() { $login = checkLoginPassEntity('loginbidon', 'passwordbidon', 1, array('dolibarr')); print __METHOD__ . " login="******"\n"; $this->assertEquals($login, ''); $login = checkLoginPassEntity('admin', 'passwordbidon', 1, array('dolibarr')); print __METHOD__ . " login="******"\n"; $this->assertEquals($login, ''); $login = checkLoginPassEntity('admin', 'admin', 1, array('dolibarr')); // Should works because admin/admin exists print __METHOD__ . " login="******"\n"; $this->assertEquals($login, 'admin'); $login = checkLoginPassEntity('admin', 'admin', 1, array('http', 'dolibarr')); // Should work because of second authetntication method print __METHOD__ . " login="******"\n"; $this->assertEquals($login, 'admin'); $login = checkLoginPassEntity('admin', 'admin', 1, array('forceuser')); print __METHOD__ . " login="******"\n"; $this->assertEquals($login, ''); // Expected '' because should failed because login 'auto' does not exists }
/** * Validate login/pass * * @param string $aLogin Login * @param string $aPasswd Password * @return int 0 or 1 */ function verif($aLogin, $aPasswd) { global $conf, $langs; global $dolibarr_main_authentication, $dolibarr_auto_user; $ret = -1; $login = ''; $test = true; // Authentication mode if (empty($dolibarr_main_authentication)) { $dolibarr_main_authentication = 'http,dolibarr'; } // Authentication mode: forceuser if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) { $dolibarr_auto_user = '******'; } // Set authmode $authmode = explode(',', $dolibarr_main_authentication); // No authentication mode if (!count($authmode)) { $langs->load('main'); dol_print_error('', $langs->trans("ErrorConfigParameterNotDefined", 'dolibarr_main_authentication')); exit; } $usertotest = $aLogin; $passwordtotest = $aPasswd; $entitytotest = $conf->entity; // Validation tests user / password // If ok, the variable will be initialized login // If error, we will put error message in session under the name dol_loginmesg $goontestloop = false; if (isset($_SERVER["REMOTE_USER"]) && in_array('http', $authmode)) { $goontestloop = true; } if (isset($aLogin) || GETPOST('openid_mode', 'alpha', 1)) { $goontestloop = true; } if ($test && $goontestloop) { include_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php'; $login = checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode); if ($login) { $this->login($aLogin); $this->passwd($aPasswd); $ret = 0; } else { $ret = -1; } } return $ret; }