Qual: Clean code of login methods
Fix: Share same method for point of sale and rest of dolibarr
This commit is contained in:
Laurent Destailleur
parent
9bed8bb31b
commit
0e7d0d00f1
@ -56,102 +56,82 @@ class Auth {
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Authentification d'un demandeur
|
||||
* @return (int) 0 = Ok; -1 = login incorrect; -2 = login ok, mais compte desactive; -10 = aucune entree trouvee dans la base
|
||||
*/
|
||||
function verif_utilisateurs () {
|
||||
function verif ($aLogin, $aPasswd)
|
||||
{
|
||||
global $conf,$dolibarr_main_authentication,$langs;
|
||||
|
||||
global $conf;
|
||||
$ret=-1;
|
||||
|
||||
// Verification des informations dans la base
|
||||
$resql = $this->db->query ($this->sqlQuery);
|
||||
if ($resql)
|
||||
{
|
||||
$num = $this->db->num_rows ($resql);
|
||||
$login='';
|
||||
|
||||
if ( $num ) {
|
||||
// Authentication mode
|
||||
if (empty($dolibarr_main_authentication)) $dolibarr_main_authentication='http,dolibarr';
|
||||
// Authentication mode: forceuser
|
||||
if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) $dolibarr_auto_user='auto';
|
||||
|
||||
// fetchFirst
|
||||
$ret=array();
|
||||
$tab = $this->db->fetch_array($resql);
|
||||
foreach ( $tab as $cle => $valeur )
|
||||
{
|
||||
$ret[$cle] = $valeur;
|
||||
}
|
||||
$tab=$ret;
|
||||
// Set authmode
|
||||
$authmode=explode(',',$dolibarr_main_authentication);
|
||||
|
||||
if ( ($tab['pass_crypted'] == md5 ($this->passwd)) || (($tab['pass'] == $this->passwd) && ($tab['pass'] != ''))) {
|
||||
// No authentication mode
|
||||
if (! sizeof($authmode) && empty($conf->login_method_modules))
|
||||
{
|
||||
$langs->load('main');
|
||||
dol_print_error('',$langs->trans("ErrorConfigParameterNotDefined",'dolibarr_main_authentication'));
|
||||
exit;
|
||||
}
|
||||
|
||||
// On verifie que le compte soit bien actif
|
||||
if ( $tab['statut'] ) {
|
||||
|
||||
$this->reponse(0);
|
||||
$test=true;
|
||||
|
||||
} else {
|
||||
// Validation of third party module login method
|
||||
if (is_array($conf->login_method_modules) && !empty($conf->login_method_modules))
|
||||
{
|
||||
include_once(DOL_DOCUMENT_ROOT . "/lib/security.lib.php");
|
||||
$login = getLoginMethod();
|
||||
if ($login) $test=false;
|
||||
}
|
||||
|
||||
$this->reponse(-2);
|
||||
// Validation tests user / password
|
||||
// If ok, the variable will be initialized login
|
||||
// If error, we will put error message in session under the name dol_loginmesg
|
||||
$goontestloop=false;
|
||||
if (isset($_SERVER["REMOTE_USER"]) && in_array('http',$authmode)) $goontestloop=true;
|
||||
if (isset($aLogin) || GETPOST('openid_mode','alpha',1)) $goontestloop=true;
|
||||
|
||||
}
|
||||
if ($test && $goontestloop)
|
||||
{
|
||||
foreach($authmode as $mode)
|
||||
{
|
||||
if ($test && $mode && ! $login)
|
||||
{
|
||||
$authfile=DOL_DOCUMENT_ROOT.'/includes/login/functions_'.$mode.'.php';
|
||||
$result=include_once($authfile);
|
||||
if ($result)
|
||||
{
|
||||
$this->login ($aLogin);
|
||||
$this->passwd ($aPasswd);
|
||||
$entitytotest=$conf->entity;
|
||||
|
||||
} else {
|
||||
|
||||
$this->reponse(-1);
|
||||
|
||||
}
|
||||
|
||||
} else {
|
||||
|
||||
$this->reponse(-10);
|
||||
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
function verif ($aLogin, $aPasswd) {
|
||||
global $conf;
|
||||
|
||||
$this->login ($aLogin);
|
||||
$this->passwd ($aPasswd);
|
||||
|
||||
$this->sqlQuery = "SELECT rowid, pass_crypted, statut";
|
||||
$this->sqlQuery.= " FROM ".MAIN_DB_PREFIX."user";
|
||||
$this->sqlQuery.= " WHERE login = '".$this->login."'";
|
||||
$this->sqlQuery.= " AND entity IN (0,".$conf->entity.")";
|
||||
|
||||
$this->verif_utilisateurs();
|
||||
|
||||
switch ($this->reponse) {
|
||||
|
||||
default:
|
||||
$ret = '-1';
|
||||
break;
|
||||
|
||||
case 0:
|
||||
$ret = '0';
|
||||
break;
|
||||
|
||||
case -1:
|
||||
$ret = '-1';
|
||||
break;
|
||||
|
||||
case -2:
|
||||
$ret = '-2';
|
||||
break;
|
||||
|
||||
case -10:
|
||||
$ret = '-10';
|
||||
break;
|
||||
|
||||
}
|
||||
$function='check_user_password_'.$mode;
|
||||
$login=$function($aLogin,$aPasswd,$entitytotest);
|
||||
if ($login) // Login is successfull
|
||||
{
|
||||
$test=false;
|
||||
$dol_authmode=$mode; // This properties is defined only when logged to say what mode was successfully used
|
||||
$ret=0;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
dol_syslog("Authentification ko - failed to load file '".$authfile."'",LOG_ERR);
|
||||
sleep(1);
|
||||
$ret=-1;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $ret;
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -23,7 +23,7 @@ body {
|
||||
margin: 0;
|
||||
padding: 0;
|
||||
text-align: center;
|
||||
font: 0.7em Arial, Helvetica, sans-serif;
|
||||
font: 0.7em verdana, arial, helvetica;
|
||||
}
|
||||
|
||||
p {
|
||||
@ -274,9 +274,10 @@ p.titre {
|
||||
position: absolute;
|
||||
}
|
||||
|
||||
/* --------------------- Listes d<>roulantes ------------------- */
|
||||
/* --------------------- Combo lists ------------------- */
|
||||
.select_design {
|
||||
width: 370px;
|
||||
font-size: 12px verdana,arial,helvetica
|
||||
overflow: auto;
|
||||
}
|
||||
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
<?php
|
||||
/* Copyright (C) 2007-2008 Jeremie Ollivier <jeremie.o@laposte.net>
|
||||
* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
|
||||
/* Copyright (C) 2007-2008 Jeremie Ollivier <jeremie.o@laposte.net>
|
||||
* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
|
||||
* Copyright (C) 2011 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -67,7 +68,7 @@ top_htmlhead('','',0,0,'',$arrayofcss);
|
||||
<div class="principal_login">
|
||||
<?php if (! empty($_GET["err"])) print $_GET["err"]."<br><br>\n"; ?>
|
||||
<fieldset class="cadre_facturation"><legend class="titre1"><?php echo $langs->trans("Identification"); ?></legend>
|
||||
<form id="frmLogin" method="post" action="index_verif.php">
|
||||
<form id="frmLogin" method="POST" action="index_verif.php">
|
||||
<input type="hidden" name="token" value="<?php echo $_SESSION['newtoken']; ?>" />
|
||||
|
||||
<table>
|
||||
@ -87,7 +88,7 @@ print '<td>';
|
||||
$disabled=0;
|
||||
$langs->load("companies");
|
||||
if (! empty($conf->global->CASHDESK_ID_THIRDPARTY)) $disabled=1; // If a particular third party is defined, we disable choice
|
||||
$form->select_societes($conf->global->CASHDESK_ID_THIRDPARTY,'socid','s.client=1',!$disabled,$disabled,1);
|
||||
$form->select_societes(GETPOST('socid')?GETPOST('socid'):$conf->global->CASHDESK_ID_THIRDPARTY,'socid','s.client=1',!$disabled,$disabled,1);
|
||||
//print '<input name="warehouse_id" class="texte_login" type="warehouse_id" value="" />';
|
||||
print '</td>';
|
||||
print "</tr>\n";
|
||||
@ -100,7 +101,7 @@ if ($conf->stock->enabled)
|
||||
print '<td>';
|
||||
$disabled=0;
|
||||
if (! empty($conf->global->CASHDESK_ID_WAREHOUSE)) $disabled=1; // If a particular stock is defined, we disable choice
|
||||
$formproduct->selectWarehouses($conf->global->CASHDESK_ID_WAREHOUSE,'warehouseid','',!$disabled,$disabled);
|
||||
$formproduct->selectWarehouses(GETPOST('warehouseid')?GETPOST('warehouseid'):$conf->global->CASHDESK_ID_WAREHOUSE,'warehouseid','',!$disabled,$disabled);
|
||||
//print '<input name="warehouse_id" class="texte_login" type="warehouse_id" value="" />';
|
||||
print '</td>';
|
||||
print "</tr>\n";
|
||||
|
||||
@ -38,14 +38,14 @@ $warehouseid = (GETPOST("warehouseid")!='')?GETPOST("warehouseid"):$conf->global
|
||||
if (empty($username))
|
||||
{
|
||||
$retour=$langs->trans("ErrorFieldRequired",$langs->transnoentities("Login"));
|
||||
header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username);
|
||||
header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username.'&socid='.$thirdpartyid.'&warehouseid='.$warehouseid);
|
||||
exit;
|
||||
}
|
||||
// Check third party id
|
||||
if (! ($thirdpartyid > 0))
|
||||
{
|
||||
$retour=$langs->trans("ErrorFieldRequired",$langs->transnoentities("CashDeskThirdPartyForSell"));
|
||||
header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username);
|
||||
header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username.'&socid='.$thirdpartyid.'&warehouseid='.$warehouseid);
|
||||
exit;
|
||||
}
|
||||
|
||||
@ -53,7 +53,7 @@ if (! ($thirdpartyid > 0))
|
||||
if ($conf->stock->enabled && $conf->global->STOCK_CALCULATE_ON_BILL && ! ($warehouseid > 0))
|
||||
{
|
||||
$retour=$langs->trans("CashDeskSetupStock");
|
||||
header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username);
|
||||
header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username.'&socid='.$thirdpartyid.'&warehouseid='.$warehouseid);
|
||||
exit;
|
||||
}
|
||||
|
||||
@ -61,7 +61,7 @@ if (! empty($_POST['txtUsername']) && $conf->banque->enabled && (empty($conf_fka
|
||||
{
|
||||
$langs->load("errors");
|
||||
$retour=$langs->trans("ErrorModuleSetupNotComplete");
|
||||
header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username);
|
||||
header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username.'&socid='.$thirdpartyid.'&warehouseid='.$warehouseid);
|
||||
exit;
|
||||
}
|
||||
|
||||
@ -112,7 +112,7 @@ else
|
||||
$langs->load("errors");
|
||||
$langs->load("other");
|
||||
$retour=$langs->trans("ErrorBadLoginPassword");
|
||||
header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username);
|
||||
header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username.'&socid='.$thirdpartyid.'&warehouseid='.$warehouseid);
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
@ -26,20 +26,21 @@
|
||||
|
||||
|
||||
/**
|
||||
* \brief Check user and password
|
||||
* \param usertotest Login
|
||||
* \param passwordtotest Password
|
||||
* \return string Login if ok, '' if ko.
|
||||
* Check user and password
|
||||
* @param usertotest Login
|
||||
* @param passwordtotest Password
|
||||
* @param entitytotest Entity
|
||||
* @return string Login if ok, '' if ko.
|
||||
*/
|
||||
function check_user_password_dolibarr($usertotest,$passwordtotest)
|
||||
function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest=1)
|
||||
{
|
||||
global $_POST,$db,$conf,$langs;
|
||||
global $db,$conf,$langs;
|
||||
|
||||
dol_syslog("functions_dolibarr::check_user_password_dolibarr usertotest=".$usertotest);
|
||||
|
||||
$login='';
|
||||
|
||||
if (! empty($_POST["username"]))
|
||||
if (! empty($usertotest))
|
||||
{
|
||||
// If test username/password asked, we define $test=false and $login var if ok, set $_SESSION["dol_loginmesg"] if ko
|
||||
$table = MAIN_DB_PREFIX."user";
|
||||
@ -48,8 +49,8 @@ function check_user_password_dolibarr($usertotest,$passwordtotest)
|
||||
|
||||
$sql ='SELECT pass, pass_crypted';
|
||||
$sql.=' FROM '.$table;
|
||||
$sql.=' WHERE '.$usernamecol." = '".$db->escape($_POST["username"])."'";
|
||||
$sql.=' AND '.$entitycol." IN (0," . ($_POST["entity"] ? $_POST["entity"] : 1) . ")";
|
||||
$sql.=' WHERE '.$usernamecol." = '".$db->escape($usertotest)."'";
|
||||
$sql.=' AND '.$entitycol." IN (0," . ($entitytotest ? $entitytotest : 1) . ")";
|
||||
|
||||
dol_syslog("functions_dolibarr::check_user_password_dolibarr sql=".$sql);
|
||||
$resql=$db->query($sql);
|
||||
@ -60,7 +61,7 @@ function check_user_password_dolibarr($usertotest,$passwordtotest)
|
||||
{
|
||||
$passclear=$obj->pass;
|
||||
$passcrypted=$obj->pass_crypted;
|
||||
$passtyped=$_POST["password"];
|
||||
$passtyped=$passwordtotest;
|
||||
|
||||
$passok=false;
|
||||
|
||||
@ -93,11 +94,11 @@ function check_user_password_dolibarr($usertotest,$passwordtotest)
|
||||
// Password ok ?
|
||||
if ($passok)
|
||||
{
|
||||
$login=$_POST["username"];
|
||||
$login=$usertotest;
|
||||
}
|
||||
else
|
||||
{
|
||||
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko bad password pour '".$_POST["username"]."'");
|
||||
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko bad password pour '".$usertotest."'");
|
||||
sleep(1);
|
||||
$langs->load('main');
|
||||
$langs->load('other');
|
||||
@ -106,7 +107,7 @@ function check_user_password_dolibarr($usertotest,$passwordtotest)
|
||||
}
|
||||
else
|
||||
{
|
||||
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko user not found for '".$_POST["username"]."'");
|
||||
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko user not found for '".$usertotest."'");
|
||||
sleep(1);
|
||||
$langs->load('main');
|
||||
$langs->load('other');
|
||||
@ -115,7 +116,7 @@ function check_user_password_dolibarr($usertotest,$passwordtotest)
|
||||
}
|
||||
else
|
||||
{
|
||||
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko db error for '".$_POST["username"]."' error=".$db->lasterror());
|
||||
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko db error for '".$usertotest."' error=".$db->lasterror());
|
||||
sleep(1);
|
||||
$_SESSION["dol_loginmesg"]=$db->lasterror();
|
||||
}
|
||||
|
||||
@ -30,4 +30,4 @@ Difference=Difference
|
||||
TotalTicket=Total ticket
|
||||
Change=Trop perçu
|
||||
CalTip=Cliquez pour afficher le calendrier
|
||||
CashDeskSetupStock=Le conf. diminue le stock lors la création de factures, mais vous ne spécifiez pas entrepôt .<br>Vous devez modifier la conf. du module de stock, ou vous choisissez un entrepôt
|
||||
CashDeskSetupStock=La configuration du module stock demande une réduction du stock sur facturation, mais vous n'avez pas spécifiez d'entrepôt. Vous devez modifier la configuration du module stock ou choisir un entrepôt.
|
||||
@ -26,8 +26,9 @@
|
||||
|
||||
|
||||
/**
|
||||
* Return list of login methods provided by external third party modules.
|
||||
* @return array
|
||||
* Return a login if login/pass was successfull using an external login method
|
||||
* @return string Login or ''
|
||||
* TODO Provide usertotest, passwordtotest and entitytotest by parameters
|
||||
*/
|
||||
function getLoginMethod()
|
||||
{
|
||||
@ -56,8 +57,9 @@ function getLoginMethod()
|
||||
// Call function to check user/password
|
||||
$usertotest=$_POST["username"];
|
||||
$passwordtotest=$_POST["password"];
|
||||
$entitytotest=$_POST["entity"];
|
||||
$function='check_user_password_'.$mode;
|
||||
$login=$function($usertotest,$passwordtotest);
|
||||
$login=$function($usertotest,$passwordtotest,$entitytotest);
|
||||
if ($login)
|
||||
{
|
||||
$conf->authmode=$mode; // This properties is defined only when logged
|
||||
@ -543,7 +545,7 @@ function dol_efc_config()
|
||||
function getRandomPassword()
|
||||
{
|
||||
global $db,$conf,$langs,$user;
|
||||
|
||||
|
||||
$generated_password='';
|
||||
if ($conf->global->USER_PASSWORD_GENERATED)
|
||||
{
|
||||
|
||||
@ -400,7 +400,7 @@ if (! defined('NOLOGIN'))
|
||||
}
|
||||
}
|
||||
|
||||
// Validation of third party module login method
|
||||
// Validation of login with a third party login module method
|
||||
if (is_array($conf->login_method_modules) && !empty($conf->login_method_modules))
|
||||
{
|
||||
include_once(DOL_DOCUMENT_ROOT . "/lib/security.lib.php");
|
||||
@ -428,8 +428,9 @@ if (! defined('NOLOGIN'))
|
||||
// Call function to check user/password
|
||||
$usertotest=$_POST["username"];
|
||||
$passwordtotest=$_POST["password"];
|
||||
$entitytotest=$_POST["entity"];
|
||||
$function='check_user_password_'.$mode;
|
||||
$login=$function($usertotest,$passwordtotest);
|
||||
$login=$function($usertotest,$passwordtotest,$entitytotest);
|
||||
if ($login) // Login is successfull
|
||||
{
|
||||
$test=false;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user