}
if (!defined('NOREQUIREHTML')) {
define('NOREQUIREHTML', '1');
}
if (!defined('NOREQUIREAJAX')) {
define('NOREQUIREAJAX', '1');
}
if (!defined('NOREQUIRESOC')) {
define('NOREQUIRESOC', '1');
}
if (!defined('NOREQUIRETRAN')) {
define('NOREQUIRETRAN', '1');
}
require '../../main.inc.php';
/*
* View
*/
// Ajout directives pour resoudre bug IE
//header('Cache-Control: Public, must-revalidate');
//header('Pragma: public');
//top_htmlhead("", "", 1); // Replaced with top_httphead. An ajax page does not need html header.
top_httphead();
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
// Registering the location of boxes
if (isset($_GET['action']) && !empty($_GET['action'])) {
if ($_GET['action'] == 'getrandompassword' && $user->admin) {
require_once DOL_DOCUMENT_ROOT . "/core/lib/security2.lib.php";
$generic = $_GET['generic'];
echo getRandomPassword($generic);
}
}
print '<tr><td valign="top"><span class="fieldrequired">' . $langs->trans("Login") . '</span></td>';
print '<td>';
if ($ldap_login) {
print '<input type="hidden" name="login" value="' . $ldap_login . '">';
print $ldap_login;
} elseif ($ldap_loginsmb) {
print '<input type="hidden" name="login" value="' . $ldap_loginsmb . '">';
print $ldap_loginsmb;
} else {
print '<input size="20" maxsize="24" type="text" name="login" value="' . $_POST["login"] . '">';
}
print '</td></tr>';
$generated_password = '';
if (!$ldap_sid) {
include_once DOL_DOCUMENT_ROOT . '/lib/security.lib.php';
$generated_password = getRandomPassword('');
}
$password = $generated_password;
// Mot de passe
print '<tr><td valign="top">' . $langs->trans("Password") . '</td>';
print '<td>';
if ($ldap_sid) {
print 'Mot de passe du domaine';
} else {
if ($ldap_pass) {
print '<input type="hidden" name="password" value="' . $ldap_pass . '">';
print preg_replace('/./i', '*', $ldap_pass);
} else {
// We do not use a field password but a field text to show new password to use.
print '<input size="30" maxsize="32" type="text" name="password" value="' . $password . '">';
}
/**
* Change password of a user
* @param user Object user de l'utilisateur qui fait la modification
* @param password Nouveau mot de passe (a generer si non communique)
* @param isencrypted 0 ou 1 si il faut crypter le mot de passe en base (0 par defaut)
* @param notrigger 1=Ne declenche pas les triggers
* @param nosyncuser Do not synchronize linked user
* @return string If OK return clear password, 0 if no change, < 0 if error
*/
function setPassword($user, $password = '', $isencrypted = 0, $notrigger = 0, $nosyncuser = 0)
{
global $conf, $langs;
$error = 0;
dol_syslog(get_class($this) . "::setPassword user="******" password="******" isencrypted=" . $isencrypted);
// If new password not provided, we generate one
if (!$password) {
include_once DOL_DOCUMENT_ROOT . '/lib/security.lib.php';
$password = getRandomPassword('');
}
// Cryptage mot de passe
if ($isencrypted) {
// Crypte avec systeme encodage par defaut du PHP
//$sqlpass = crypt($password, makesalt());
$password_indatabase = md5($password);
} else {
$password_indatabase = $password;
}
// Mise a jour
$sql = "UPDATE " . MAIN_DB_PREFIX . "adherent SET pass = '******'";
$sql .= " WHERE rowid = " . $this->id;
//dol_syslog("Adherent::Password sql=hidden");
dol_syslog(get_class($this) . "::setPassword sql=" . $sql);
$result = $this->db->query($sql);
if ($result) {
$nbaffectedrows = $this->db->affected_rows($result);
if ($nbaffectedrows) {
$this->pass = $password;
$this->pass_indatabase = $password_indatabase;
if ($this->user_id && !$nosyncuser) {
require_once DOL_DOCUMENT_ROOT . "/user/class/user.class.php";
// This member is linked with a user, so we also update users informations
// if this is an update.
$luser = new User($this->db);
$result = $luser->fetch($this->user_id);
if ($result >= 0) {
$result = $luser->setPassword($user, $this->pass, 0, 0, 1);
if ($result < 0) {
$this->error = $luser->error;
dol_syslog(get_class($this) . "::setPassword " . $this->error, LOG_ERR);
$error++;
}
} else {
$this->error = $luser->error;
$error++;
}
}
if (!$error && !$notrigger) {
// Appel des triggers
include_once DOL_DOCUMENT_ROOT . "/core/class/interfaces.class.php";
$interface = new Interfaces($this->db);
$result = $interface->run_triggers('MEMBER_NEW_PASSWORD', $this, $user, $langs, $conf);
if ($result < 0) {
$error++;
$this->errors = $interface->errors;
}
// Fin appel triggers
}
return $this->pass;
} else {
return 0;
}
} else {
dol_print_error($this->db);
return -1;
}
}
// API key
$generated_api_key = '';
require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
$generated_password=getRandomPassword(false);
print '<tr><td>'.$langs->trans("ApiKey").'</td>';
print '<td>';
print '<input size="30" maxsize="32" type="text" id="api_key" name="api_key" value="'.$api_key.'" autocomplete="off">';
if (! empty($conf->use_javascript_ajax))
print ' '.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_api_key" class="linkobject"');
print '</td></tr>';
}
else
{
require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
// PARTIAL WORKAROUND
$generated_fake_api_key=getRandomPassword(false);
print '<input type="hidden" name="api_key" value="'.$generated_fake_api_key.'">';
}
// Administrator
if (! empty($user->admin))
{
print '<tr><td>'.$langs->trans("Administrator").'</td>';
print '<td>';
print $form->selectyesno('admin',GETPOST('admin'),1);
if (! empty($conf->multicompany->enabled) && ! $user->entity && empty($conf->multicompany->transverse_mode))
{
if (! empty($conf->use_javascript_ajax))
{
print '<script type="text/javascript">
/**
* Change password of a user
*
* @param User $user Object user de l'utilisateur qui fait la modification
* @param string $password New password (to generate if empty)
* @param int $isencrypted 0 ou 1 si il faut crypter le mot de passe en base (0 par defaut)
* @param int $notrigger 1=Ne declenche pas les triggers
* @param int $nosyncuser Do not synchronize linked user
* @return string If OK return clear password, 0 if no change, < 0 if error
*/
function setPassword($user, $password = '', $isencrypted = 0, $notrigger = 0, $nosyncuser = 0)
{
global $conf, $langs;
$error = 0;
dol_syslog(get_class($this) . "::setPassword user="******" password="******" isencrypted=" . $isencrypted);
// If new password not provided, we generate one
if (!$password) {
require_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php';
$password = getRandomPassword(false);
}
// Cryptage mot de passe
if ($isencrypted) {
// Encryption
$password_indatabase = dol_hash($password);
} else {
$password_indatabase = $password;
}
$this->db->begin();
// Mise a jour
$sql = "UPDATE " . MAIN_DB_PREFIX . "adherent SET pass = '******'";
$sql .= " WHERE rowid = " . $this->id;
//dol_syslog("Adherent::Password sql=hidden");
dol_syslog(get_class($this) . "::setPassword", LOG_DEBUG);
$result = $this->db->query($sql);
if ($result) {
$nbaffectedrows = $this->db->affected_rows($result);
if ($nbaffectedrows) {
$this->pass = $password;
$this->pass_indatabase = $password_indatabase;
if ($this->user_id && !$nosyncuser) {
require_once DOL_DOCUMENT_ROOT . '/user/class/user.class.php';
// This member is linked with a user, so we also update users informations
// if this is an update.
$luser = new User($this->db);
$result = $luser->fetch($this->user_id);
if ($result >= 0) {
$result = $luser->setPassword($user, $this->pass, 0, 0, 1);
if ($result < 0) {
$this->error = $luser->error;
dol_syslog(get_class($this) . "::setPassword " . $this->error, LOG_ERR);
$error++;
}
} else {
$this->error = $luser->error;
$error++;
}
}
if (!$error && !$notrigger) {
// Call trigger
$result = $this->call_trigger('MEMBER_NEW_PASSWORD', $user);
if ($result < 0) {
$error++;
$this->db->rollback();
return -1;
}
// End call triggers
}
$this->db->commit();
return $this->pass;
} else {
$this->db->rollback();
return 0;
}
} else {
$this->db->rollback();
dol_print_error($this->db);
return -1;
}
}
}
if (!empty($id) && $action != 'edit' && $action != 'create') {
$objsoc = new Societe($db);
/*
* Fiche en mode visualisation
*/
dol_htmloutput_errors($error, $errors);
dol_fiche_head($head, 'card', $title, 0, 'contact');
if ($action == 'create_user') {
// Full firstname and lastname separated with a dot : firstname.lastname
include_once DOL_DOCUMENT_ROOT . '/core/lib/functions2.lib.php';
$login = dol_buildlogin($object->lastname, $object->firstname);
$generated_password = '';
if (!$ldap_sid) {
require_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php';
$generated_password = getRandomPassword(false);
}
$password = $generated_password;
// Create a form array
$formquestion = array(array('label' => $langs->trans("LoginToCreate"), 'type' => 'text', 'name' => 'login', 'value' => $login), array('label' => $langs->trans("Password"), 'type' => 'text', 'name' => 'password', 'value' => $password));
$text = $langs->trans("ConfirmCreateContact") . '<br>';
if (!empty($conf->societe->enabled)) {
if ($object->socid > 0) {
$text .= $langs->trans("UserWillBeExternalUser");
} else {
$text .= $langs->trans("UserWillBeInternalUser");
}
}
print $form->formconfirm($_SERVER["PHP_SELF"] . "?id=" . $object->id, $langs->trans("CreateDolibarrLogin"), $text, "confirm_create_user", $formquestion, 'yes');
}
print '<table class="border" width="100%">';
/**
* Change password of a user
*
* @param User $user Object user of user making change
* @param string $password New password in clear text (to generate if not provided)
* @param int $changelater 1=Change password only after clicking on confirm email
* @param int $notrigger 1=Does not launch triggers
* @param int $nosyncmember Do not synchronize linked member
* @return string If OK return clear password, 0 if no change, < 0 if error
*/
function setPassword($user, $password = '', $changelater = 0, $notrigger = 0, $nosyncmember = 0)
{
global $conf, $langs;
require_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php';
$error = 0;
dol_syslog(get_class($this) . "::setPassword user="******" password="******" changelater=" . $changelater . " notrigger=" . $notrigger . " nosyncmember=" . $nosyncmember, LOG_DEBUG);
// If new password not provided, we generate one
if (!$password) {
$password = getRandomPassword(false);
}
// Crypte avec md5
$password_crypted = dol_hash($password);
// Mise a jour
if (!$changelater) {
if (!is_object($this->oldcopy)) {
$this->oldcopy = clone $this;
}
$this->db->begin();
$sql = "UPDATE " . MAIN_DB_PREFIX . "user";
$sql .= " SET pass_crypted = '" . $this->db->escape($password_crypted) . "',";
$sql .= " pass_temp = null";
if (!empty($conf->global->DATABASE_PWD_ENCRYPTED)) {
$sql .= ", pass = null";
} else {
$sql .= ", pass = '******'";
}
$sql .= " WHERE rowid = " . $this->id;
dol_syslog(get_class($this) . "::setPassword", LOG_DEBUG);
$result = $this->db->query($sql);
if ($result) {
if ($this->db->affected_rows($result)) {
$this->pass = $password;
$this->pass_indatabase = $password;
$this->pass_indatabase_crypted = $password_crypted;
if ($this->fk_member && !$nosyncmember) {
require_once DOL_DOCUMENT_ROOT . '/adherents/class/adherent.class.php';
// This user is linked with a member, so we also update members informations
// if this is an update.
$adh = new Adherent($this->db);
$result = $adh->fetch($this->fk_member);
if ($result >= 0) {
$result = $adh->setPassword($user, $this->pass, 0, 1);
// Cryptage non gere dans module adherent
if ($result < 0) {
$this->error = $adh->error;
dol_syslog(get_class($this) . "::setPassword " . $this->error, LOG_ERR);
$error++;
}
} else {
$this->error = $adh->error;
$error++;
}
}
dol_syslog(get_class($this) . "::setPassword notrigger=" . $notrigger . " error=" . $error, LOG_DEBUG);
if (!$error && !$notrigger) {
// Call trigger
$result = $this->call_trigger('USER_NEW_PASSWORD', $user);
if ($result < 0) {
$error++;
$this->db->rollback();
return -1;
}
// End call triggers
}
$this->db->commit();
return $this->pass;
} else {
$this->db->rollback();
return 0;
}
} else {
$this->db->rollback();
dol_print_error($this->db);
return -1;
}
} else {
// We store clear password in password temporary field.
// After receiving confirmation link, we will crypt it and store it in pass_crypted
$sql = "UPDATE " . MAIN_DB_PREFIX . "user";
$sql .= " SET pass_temp = '" . $this->db->escape($password) . "'";
$sql .= " WHERE rowid = " . $this->id;
dol_syslog(get_class($this) . "::setPassword", LOG_DEBUG);
// No log
$result = $this->db->query($sql);
if ($result) {
return $password;
} else {
dol_print_error($this->db);
return -3;
}
}
}
/**
* Set content of ->tpl array, to use into template
*
* @param string $action Type of action
* @param int $id Id
* @return string HTML output
*/
function assign_values(&$action, $id)
{
global $conf, $langs, $user, $canvas;
global $form, $formcompany, $objsoc;
if ($action == 'add' || $action == 'update') {
$this->assign_post();
}
foreach ($this->object as $key => $value) {
$this->tpl[$key] = $value;
}
$this->tpl['error'] = $this->error;
$this->tpl['errors'] = $this->errors;
if ($action == 'create' || $action == 'edit') {
if ($conf->use_javascript_ajax) {
$this->tpl['ajax_selectcountry'] = "\n" . '<script type="text/javascript" language="javascript">
jQuery(document).ready(function () {
jQuery("#selectcountry_id").change(function() {
document.formsoc.action.value="' . $action . '";
document.formsoc.canvas.value="' . $canvas . '";
document.formsoc.submit();
});
})
</script>' . "\n";
}
if (is_object($objsoc) && $objsoc->id > 0) {
$this->tpl['company'] = $objsoc->getNomUrl(1);
$this->tpl['company_id'] = $objsoc->id;
} else {
$this->tpl['company'] = $form->select_company($this->object->socid, 'socid', '', 1);
}
// Civility
$this->tpl['select_civility'] = $formcompany->select_civility($this->object->civility_id);
// Predefined with third party
if (isset($objsoc->typent_code) && $objsoc->typent_code == 'TE_PRIVATE' || !empty($conf->global->CONTACT_USE_COMPANY_ADDRESS)) {
if (dol_strlen(trim($this->object->address)) == 0) {
$this->tpl['address'] = $objsoc->address;
}
if (dol_strlen(trim($this->object->zip)) == 0) {
$this->object->zip = $objsoc->zip;
}
if (dol_strlen(trim($this->object->town)) == 0) {
$this->object->town = $objsoc->town;
}
if (dol_strlen(trim($this->object->phone_pro)) == 0) {
$this->object->phone_pro = $objsoc->phone;
}
if (dol_strlen(trim($this->object->fax)) == 0) {
$this->object->fax = $objsoc->fax;
}
if (dol_strlen(trim($this->object->email)) == 0) {
$this->object->email = $objsoc->email;
}
}
// Zip
$this->tpl['select_zip'] = $formcompany->select_ziptown($this->object->zip, 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6);
// Town
$this->tpl['select_town'] = $formcompany->select_ziptown($this->object->town, 'town', array('zipcode', 'selectcountry_id', 'state_id'));
if (dol_strlen(trim($this->object->country_id)) == 0) {
$this->object->country_id = $objsoc->country_id;
}
// Country
$this->tpl['select_country'] = $form->select_country($this->object->country_id, 'country_id');
$countrynotdefined = $langs->trans("ErrorSetACountryFirst") . ' (' . $langs->trans("SeeAbove") . ')';
if ($user->admin) {
$this->tpl['info_admin'] = info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"), 1);
}
// State
if ($this->object->country_id) {
$this->tpl['select_state'] = $formcompany->select_state($this->object->fk_departement, $this->object->country_code);
} else {
$this->tpl['select_state'] = $countrynotdefined;
}
// Public or private
$selectarray = array('0' => $langs->trans("ContactPublic"), '1' => $langs->trans("ContactPrivate"));
$this->tpl['select_visibility'] = $form->selectarray('priv', $selectarray, $this->object->priv, 0);
}
if ($action == 'view' || $action == 'edit' || $action == 'delete') {
// Emailing
if (!empty($conf->mailing->enabled)) {
$langs->load("mails");
$this->tpl['nb_emailing'] = $this->object->getNbOfEMailings();
}
// Linked element
$this->tpl['contact_element'] = array();
$i = 0;
$this->object->load_ref_elements();
if (!empty($conf->commande->enabled)) {
$this->tpl['contact_element'][$i]['linked_element_label'] = $langs->trans("ContactForOrders");
$this->tpl['contact_element'][$i]['linked_element_value'] = $this->object->ref_commande ? $this->object->ref_commande : $langs->trans("NoContactForAnyOrder");
$i++;
}
if (!empty($conf->propal->enabled)) {
$this->tpl['contact_element'][$i]['linked_element_label'] = $langs->trans("ContactForProposals");
$this->tpl['contact_element'][$i]['linked_element_value'] = $this->object->ref_propal ? $this->object->ref_propal : $langs->trans("NoContactForAnyProposal");
$i++;
}
if (!empty($conf->contrat->enabled)) {
$this->tpl['contact_element'][$i]['linked_element_label'] = $langs->trans("ContactForContracts");
$this->tpl['contact_element'][$i]['linked_element_value'] = $this->object->ref_contrat ? $this->object->ref_contrat : $langs->trans("NoContactForAnyContract");
$i++;
}
if (!empty($conf->facture->enabled)) {
$this->tpl['contact_element'][$i]['linked_element_label'] = $langs->trans("ContactForInvoices");
$this->tpl['contact_element'][$i]['linked_element_value'] = $this->object->ref_facturation ? $this->object->ref_facturation : $langs->trans("NoContactForAnyInvoice");
$i++;
}
// Dolibarr user
if ($this->object->user_id) {
$dolibarr_user = new User($this->db);
$result = $dolibarr_user->fetch($this->object->user_id);
$this->tpl['dolibarr_user'] = $dolibarr_user->getLoginUrl(1);
} else {
$this->tpl['dolibarr_user'] = $langs->trans("NoDolibarrAccess");
}
}
if ($action == 'view' || $action == 'delete') {
$this->tpl['showrefnav'] = $form->showrefnav($this->object, 'id');
if ($this->object->socid > 0) {
$objsoc = new Societe($this->db);
$objsoc->fetch($this->object->socid);
$this->tpl['company'] = $objsoc->getNomUrl(1);
} else {
$this->tpl['company'] = $langs->trans("ContactNotLinkedToCompany");
}
$this->tpl['civility'] = $this->object->getCivilityLabel();
$this->tpl['address'] = dol_nl2br($this->object->address);
$this->tpl['zip'] = $this->object->zip ? $this->object->zip . ' ' : '';
$img = picto_from_langcode($this->object->country_code);
$this->tpl['country'] = ($img ? $img . ' ' : '') . $this->object->country;
$this->tpl['phone_pro'] = dol_print_phone($this->object->phone_pro, $this->object->country_code, 0, $this->object->id, 'AC_TEL');
$this->tpl['phone_perso'] = dol_print_phone($this->object->phone_perso, $this->object->country_code, 0, $this->object->id, 'AC_TEL');
$this->tpl['phone_mobile'] = dol_print_phone($this->object->phone_mobile, $this->object->country_code, 0, $this->object->id, 'AC_TEL');
$this->tpl['fax'] = dol_print_phone($this->object->fax, $this->object->country_code, 0, $this->object->id, 'AC_FAX');
$this->tpl['email'] = dol_print_email($this->object->email, 0, $this->object->id, 'AC_EMAIL');
$this->tpl['visibility'] = $this->object->LibPubPriv($this->object->priv);
$this->tpl['note'] = nl2br($this->object->note);
}
if ($action == 'create_user') {
// Full firstname and lastname separated with a dot : firstname.lastname
include_once DOL_DOCUMENT_ROOT . '/core/lib/functions2.lib.php';
require_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php';
$login = dol_buildlogin($this->object->lastname, $this->object->firstname);
$generated_password = getRandomPassword(false);
$password = $generated_password;
// Create a form array
$formquestion = array(array('label' => $langs->trans("LoginToCreate"), 'type' => 'text', 'name' => 'login', 'value' => $login), array('label' => $langs->trans("Password"), 'type' => 'text', 'name' => 'password', 'value' => $password));
$this->tpl['action_create_user'] = $form->formconfirm($_SERVER["PHP_SELF"] . "?id=" . $this->object->id, $langs->trans("CreateDolibarrLogin"), $langs->trans("ConfirmCreateContact"), "confirm_create_user", $formquestion, 'no');
}
}
/**
* testGetRandomPassword
*
* @return number
*/
public function testGetRandomPassword()
{
global $conf;
$genpass1 = getRandomPassword(true);
// Should be a string return by dol_hash (if no option set, will be md5)
print __METHOD__ . " genpass1=" . $genpass1 . "\n";
$this->assertEquals(strlen($genpass1), 32);
$conf->global->USER_PASSWORD_GENERATED = 'None';
$genpass2 = getRandomPassword(false);
// Should be an empty string
print __METHOD__ . " genpass2=" . $genpass2 . "\n";
$this->assertEquals($genpass2, '');
$conf->global->USER_PASSWORD_GENERATED = 'Standard';
$genpass3 = getRandomPassword(false);
print __METHOD__ . " genpass3=" . $genpass3 . "\n";
$this->assertEquals(strlen($genpass3), 8);
return 0;
}
} else {
$mysql_error = 'mysql driver is not installed.';
$task = 'error';
}
$norender = false;
$break = false;
switch ($task) {
case 'add':
header('Cache-Control: private');
$token = token();
// Check db user settings
$sql = "SELECT COUNT(*) FROM mysql.user WHERE User LIKE '{$me}'";
$query = mysql_query($sql);
$result = mysql_fetch_row($query);
if (!$result[0]) {
$random_passwd = getRandomPassword();
// create user
if (ZDatabase::addmysqluser($me, $random_passwd)) {
setmsg(t("Added."), 'notice');
} else {
setmsg(t('Database Error. ') . mysql_error(), 'error');
}
}
if (!isadmin()) {
setmsg(t(''), 'warning');
}
if (checktoken()) {
$username = $_REQUEST['name'];
$password = $_REQUEST['password'];
$break = false;
if (in_array($username, ZDatabase::getDbUsers())) {
if ($checkread == 'on') {
$res = dolibarr_set_const($db, "MAILING_EMAIL_UNSUBSCRIBE", 1, 'chaine', 0, '', $conf->entity);
if (!$res > 0) {
$error++;
}
} else {
if ($checkread == 'off') {
$res = dolibarr_set_const($db, "MAILING_EMAIL_UNSUBSCRIBE", 0, 'chaine', 0, '', $conf->entity);
if (!$res > 0) {
$error++;
}
}
}
//Create temporary encryption key if nedded
if ($conf->global->MAILING_EMAIL_UNSUBSCRIBE == 1 && empty($checkread_key)) {
$checkread_key = getRandomPassword(true);
}
$res = dolibarr_set_const($db, "MAILING_EMAIL_UNSUBSCRIBE_KEY", $checkread_key, 'chaine', 0, '', $conf->entity);
if (!$res > 0) {
$error++;
}
if (!$error) {
$db->commit();
$mesg = "<font class=\"ok\">" . $langs->trans("SetupSaved") . "</font>";
} else {
$db->rollback();
$mesg = "<font class=\"error\">" . $langs->trans("Error") . "</font>";
}
}
/*
* View
/**
* Change password of a user
* @param user Object user of user making change
* @param password New password in clear text (to generate if not provided)
* @param changelater 1=Change password only after clicking on confirm email
* @param notrigger 1=Does not launch triggers
* @param nosyncmember Do not synchronize linked member
* @return string If OK return clear password, 0 if no change, < 0 if error
*/
function setPassword($user, $password='', $changelater=0, $notrigger=0, $nosyncmember=0)
{
global $conf, $langs;
$error=0;
dol_syslog("User::setPassword user="******" password="******" changelater=".$changelater." notrigger=".$notrigger." nosyncmember=".$nosyncmember, LOG_DEBUG);
// If new password not provided, we generate one
if (! $password)
{
include_once(DOL_DOCUMENT_ROOT.'/lib/security.lib.php');
$password=getRandomPassword('');
}
// Crypte avec md5
$password_crypted = md5($password);
// Mise a jour
if (! $changelater)
{
$sql = "UPDATE ".MAIN_DB_PREFIX."user";
$sql.= " SET pass_crypted = '".$this->db->escape($password_crypted)."',";
$sql.= " pass_temp = null";
if (! empty($conf->global->DATABASE_PWD_ENCRYPTED))
{
$sql.= ", pass = null";
}
else
{
$sql.= ", pass = '******'";
}
$sql.= " WHERE rowid = ".$this->id;
dol_syslog("User::setPassword sql=hidden", LOG_DEBUG);
//dol_syslog("User::Password sql=".$sql);
$result = $this->db->query($sql);
if ($result)
{
if ($this->db->affected_rows($result))
{
$this->pass=$password;
$this->pass_indatabase=$password;
$this->pass_indatabase_crypted=$password_crypted;
if ($this->fk_member && ! $nosyncmember)
{
require_once(DOL_DOCUMENT_ROOT."/adherents/class/adherent.class.php");
// This user is linked with a member, so we also update members informations
// if this is an update.
$adh=new Adherent($this->db);
$result=$adh->fetch($this->fk_member);
if ($result >= 0)
{
$result=$adh->setPassword($user,$this->pass,0,1); // Cryptage non gere dans module adherent
if ($result < 0)
{
$this->error=$adh->error;
dol_syslog("User::setPassword ".$this->error,LOG_ERR);
$error++;
}
}
else
{
$this->error=$adh->error;
$error++;
}
}
dol_syslog("User::setPassword notrigger=".$notrigger." error=".$error,LOG_DEBUG);
if (! $error && ! $notrigger)
{
// Appel des triggers
include_once(DOL_DOCUMENT_ROOT . "/core/class/interfaces.class.php");
$interface=new Interfaces($this->db);
$result=$interface->run_triggers('USER_NEW_PASSWORD',$this,$user,$langs,$conf);
if ($result < 0) $this->errors=$interface->errors;
// Fin appel triggers
}
return $this->pass;
}
else
{
return 0;
}
}
else
{
dol_print_error($this->db);
return -1;
}
}
else
{
// We store clear password in password temporary field.
// After receiving confirmation link, we will crypt it and store it in pass_crypted
$sql = "UPDATE ".MAIN_DB_PREFIX."user";
$sql.= " SET pass_temp = '".$this->db->escape($password)."'";
$sql.= " WHERE rowid = ".$this->id;
dol_syslog("User::setPassword sql=hidden", LOG_DEBUG); // No log
$result = $this->db->query($sql);
if ($result)
{
return $password;
}
else
{
dol_print_error($this->db);
return -3;
}
}
}
/**
* Change password of a user
*
* @param User $user Object user de l'utilisateur qui fait la modification
* @param string $password New password (to generate if empty)
* @param int $isencrypted 0 ou 1 si il faut crypter le mot de passe en base (0 par defaut)
* @param int $notrigger 1=Ne declenche pas les triggers
* @param int $nosyncuser Do not synchronize linked user
* @return string If OK return clear password, 0 if no change, < 0 if error
*/
function setPassword($user, $password = '', $isencrypted = 0, $notrigger = 0, $nosyncuser = 0)
{
global $conf, $langs;
$error = 0;
dol_syslog(get_class($this) . "::setPassword user="******" password="******" isencrypted=" . $isencrypted);
// If new password not provided, we generate one
if (!$password) {
require_once DOL_DOCUMENT_ROOT . "/core/lib/security2.lib.php";
$password = getRandomPassword('');
}
// Cryptage mot de passe
if ($isencrypted) {
// Encryption
$password_indatabase = dol_hash($password);
} else {
$password_indatabase = $password;
}
$this->pass = $password;
$this->pass_indatabase = $password_indatabase;
if (!$error && !$notrigger) {
// Appel des triggers
include_once DOL_DOCUMENT_ROOT . "/core/class/interfaces.class.php";
$interface = new Interfaces($this->db);
$result = $interface->run_triggers('MEMBER_NEW_PASSWORD', $this, $user, $langs, $conf);
if ($result < 0) {
$error++;
$this->errors = $interface->errors;
}
// Fin appel triggers
}
return $this->pass;
}
$f = $files[0];
}
if (checkToken()) {
$new_content = $_REQUEST['content'];
if (file_put_contents('tpl/conf/' . $f, $new_content)) {
setmsg(t('Saved!'), 'notice', 'self');
}
}
$content = file_get_contents('tpl/conf/' . $f);
break;
case 'svn':
$users = array();
break;
case 'random':
// random password
$pass = getRandomPassword();
$id = $_REQUEST['id'];
break;
case 'tasks':
if (!isadmin()) {
break;
}
if (checktoken()) {
if ($pdo->insert('task', $_REQUEST)) {
setmsg(t('Saved!'), 'notice', 'self');
}
}
$sql = "SELECT * FROM task WHERE state=0";
$tasks = $pdo->fetchAll($sql);
break;
case 'login':
