/** * Change password of a user * * @param User $user Object user of user making change * @param string $password New password in clear text (to generate if not provided) * @param int $changelater 1=Change password only after clicking on confirm email * @param int $notrigger 1=Does not launch triggers * @param int $nosyncmember Do not synchronize linked member * @return string If OK return clear password, 0 if no change, < 0 if error */ function setPassword($user, $password = '', $changelater = 0, $notrigger = 0, $nosyncmember = 0) { global $conf, $langs; require_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php'; $error = 0; dol_syslog(get_class($this) . "::setPassword user="******" password="******" changelater=" . $changelater . " notrigger=" . $notrigger . " nosyncmember=" . $nosyncmember, LOG_DEBUG); // If new password not provided, we generate one if (!$password) { $password = getRandomPassword(false); } // Crypte avec md5 $password_crypted = dol_hash($password); // Mise a jour if (!$changelater) { if (!is_object($this->oldcopy)) { $this->oldcopy = clone $this; } $this->db->begin(); $sql = "UPDATE " . MAIN_DB_PREFIX . "user"; $sql .= " SET pass_crypted = '" . $this->db->escape($password_crypted) . "',"; $sql .= " pass_temp = null"; if (!empty($conf->global->DATABASE_PWD_ENCRYPTED)) { $sql .= ", pass = null"; } else { $sql .= ", pass = '******'"; } $sql .= " WHERE rowid = " . $this->id; dol_syslog(get_class($this) . "::setPassword", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { if ($this->db->affected_rows($result)) { $this->pass = $password; $this->pass_indatabase = $password; $this->pass_indatabase_crypted = $password_crypted; if ($this->fk_member && !$nosyncmember) { require_once DOL_DOCUMENT_ROOT . '/adherents/class/adherent.class.php'; // This user is linked with a member, so we also update members informations // if this is an update. $adh = new Adherent($this->db); $result = $adh->fetch($this->fk_member); if ($result >= 0) { $result = $adh->setPassword($user, $this->pass, 0, 1); // Cryptage non gere dans module adherent if ($result < 0) { $this->error = $adh->error; dol_syslog(get_class($this) . "::setPassword " . $this->error, LOG_ERR); $error++; } } else { $this->error = $adh->error; $error++; } } dol_syslog(get_class($this) . "::setPassword notrigger=" . $notrigger . " error=" . $error, LOG_DEBUG); if (!$error && !$notrigger) { // Call trigger $result = $this->call_trigger('USER_NEW_PASSWORD', $user); if ($result < 0) { $error++; $this->db->rollback(); return -1; } // End call triggers } $this->db->commit(); return $this->pass; } else { $this->db->rollback(); return 0; } } else { $this->db->rollback(); dol_print_error($this->db); return -1; } } else { // We store clear password in password temporary field. // After receiving confirmation link, we will crypt it and store it in pass_crypted $sql = "UPDATE " . MAIN_DB_PREFIX . "user"; $sql .= " SET pass_temp = '" . $this->db->escape($password) . "'"; $sql .= " WHERE rowid = " . $this->id; dol_syslog(get_class($this) . "::setPassword", LOG_DEBUG); // No log $result = $this->db->query($sql); if ($result) { return $password; } else { dol_print_error($this->db); return -3; } } }
/** * Change password of a user * @param user Object user of user making change * @param password New password in clear text (to generate if not provided) * @param changelater 1=Change password only after clicking on confirm email * @param notrigger 1=Does not launch triggers * @param nosyncmember Do not synchronize linked member * @return string If OK return clear password, 0 if no change, < 0 if error */ function setPassword($user, $password='', $changelater=0, $notrigger=0, $nosyncmember=0) { global $conf, $langs; $error=0; dol_syslog("User::setPassword user="******" password="******" changelater=".$changelater." notrigger=".$notrigger." nosyncmember=".$nosyncmember, LOG_DEBUG); // If new password not provided, we generate one if (! $password) { include_once(DOL_DOCUMENT_ROOT.'/lib/security.lib.php'); $password=getRandomPassword(''); } // Crypte avec md5 $password_crypted = md5($password); // Mise a jour if (! $changelater) { $sql = "UPDATE ".MAIN_DB_PREFIX."user"; $sql.= " SET pass_crypted = '".$this->db->escape($password_crypted)."',"; $sql.= " pass_temp = null"; if (! empty($conf->global->DATABASE_PWD_ENCRYPTED)) { $sql.= ", pass = null"; } else { $sql.= ", pass = '******'"; } $sql.= " WHERE rowid = ".$this->id; dol_syslog("User::setPassword sql=hidden", LOG_DEBUG); //dol_syslog("User::Password sql=".$sql); $result = $this->db->query($sql); if ($result) { if ($this->db->affected_rows($result)) { $this->pass=$password; $this->pass_indatabase=$password; $this->pass_indatabase_crypted=$password_crypted; if ($this->fk_member && ! $nosyncmember) { require_once(DOL_DOCUMENT_ROOT."/adherents/class/adherent.class.php"); // This user is linked with a member, so we also update members informations // if this is an update. $adh=new Adherent($this->db); $result=$adh->fetch($this->fk_member); if ($result >= 0) { $result=$adh->setPassword($user,$this->pass,0,1); // Cryptage non gere dans module adherent if ($result < 0) { $this->error=$adh->error; dol_syslog("User::setPassword ".$this->error,LOG_ERR); $error++; } } else { $this->error=$adh->error; $error++; } } dol_syslog("User::setPassword notrigger=".$notrigger." error=".$error,LOG_DEBUG); if (! $error && ! $notrigger) { // Appel des triggers include_once(DOL_DOCUMENT_ROOT . "/core/class/interfaces.class.php"); $interface=new Interfaces($this->db); $result=$interface->run_triggers('USER_NEW_PASSWORD',$this,$user,$langs,$conf); if ($result < 0) $this->errors=$interface->errors; // Fin appel triggers } return $this->pass; } else { return 0; } } else { dol_print_error($this->db); return -1; } } else { // We store clear password in password temporary field. // After receiving confirmation link, we will crypt it and store it in pass_crypted $sql = "UPDATE ".MAIN_DB_PREFIX."user"; $sql.= " SET pass_temp = '".$this->db->escape($password)."'"; $sql.= " WHERE rowid = ".$this->id; dol_syslog("User::setPassword sql=hidden", LOG_DEBUG); // No log $result = $this->db->query($sql); if ($result) { return $password; } else { dol_print_error($this->db); return -3; } } }