From 0e7d0d00f1e27d492c79ba1d0c0babdf11eb083b Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Mon, 30 May 2011 13:45:51 +0000
Subject: [PATCH] Qual: Clean code of login methods Fix: Share same method for
 point of sale and rest of dolibarr

---
 htdocs/cashdesk/class/Auth.class.php         | 146 ++++++++-----------
 htdocs/cashdesk/css/style.css                |   5 +-
 htdocs/cashdesk/index.php                    |  11 +-
 htdocs/cashdesk/index_verif.php              |  10 +-
 htdocs/includes/login/functions_dolibarr.php |  29 ++--
 htdocs/langs/fr_FR/cashdesk.lang             |   2 +-
 htdocs/lib/security.lib.php                  |  10 +-
 htdocs/main.inc.php                          |   5 +-
 8 files changed, 102 insertions(+), 116 deletions(-)

diff --git a/htdocs/cashdesk/class/Auth.class.php b/htdocs/cashdesk/class/Auth.class.php
index 53c3d0cae32..fed4771d528 100644
--- a/htdocs/cashdesk/class/Auth.class.php
+++ b/htdocs/cashdesk/class/Auth.class.php
@@ -56,102 +56,82 @@ class Auth {
 
 	}
 
-	/**
-	 * Authentification d'un demandeur
-	 * @return (int) 0 = Ok; -1 = login incorrect; -2 = login ok, mais compte desactive; -10 = aucune entree trouvee dans la base
-	 */
-	function verif_utilisateurs () {
+	function verif ($aLogin, $aPasswd)
+	{
+		global $conf,$dolibarr_main_authentication,$langs;
 
-		global $conf;
+		$ret=-1;
 
-		// Verification des informations dans la base
-		$resql = $this->db->query ($this->sqlQuery);
-		if ($resql)
-		{
-			$num = $this->db->num_rows ($resql);
+		$login='';
 
-			if ( $num ) {
+        // Authentication mode
+        if (empty($dolibarr_main_authentication)) $dolibarr_main_authentication='http,dolibarr';
+        // Authentication mode: forceuser
+        if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) $dolibarr_auto_user='auto';
 
-				// fetchFirst
-				$ret=array();
-				$tab = $this->db->fetch_array($resql);
-				foreach ( $tab as $cle => $valeur )
-				{
-					$ret[$cle] = $valeur;
-				}
-				$tab=$ret;
+        // Set authmode
+        $authmode=explode(',',$dolibarr_main_authentication);
 
-				if ( ($tab['pass_crypted'] == md5 ($this->passwd)) || (($tab['pass'] == $this->passwd) && ($tab['pass'] != ''))) {
+        // No authentication mode
+        if (! sizeof($authmode) && empty($conf->login_method_modules))
+        {
+            $langs->load('main');
+            dol_print_error('',$langs->trans("ErrorConfigParameterNotDefined",'dolibarr_main_authentication'));
+            exit;
+        }
 
-					// On verifie que le compte soit bien actif
-					if ( $tab['statut'] ) {
 
-						$this->reponse(0);
+        $test=true;
 
-					} else {
+        // Validation of third party module login method
+        if (is_array($conf->login_method_modules) && !empty($conf->login_method_modules))
+        {
+            include_once(DOL_DOCUMENT_ROOT . "/lib/security.lib.php");
+            $login = getLoginMethod();
+            if ($login) $test=false;
+        }
 
-						$this->reponse(-2);
+        // Validation tests user / password
+        // If ok, the variable will be initialized login
+        // If error, we will put error message in session under the name dol_loginmesg
+        $goontestloop=false;
+        if (isset($_SERVER["REMOTE_USER"]) && in_array('http',$authmode)) $goontestloop=true;
+        if (isset($aLogin) || GETPOST('openid_mode','alpha',1)) $goontestloop=true;
 
-					}
+        if ($test && $goontestloop)
+        {
+            foreach($authmode as $mode)
+            {
+                if ($test && $mode && ! $login)
+                {
+                    $authfile=DOL_DOCUMENT_ROOT.'/includes/login/functions_'.$mode.'.php';
+                    $result=include_once($authfile);
+                    if ($result)
+                    {
+                        $this->login ($aLogin);
+                        $this->passwd ($aPasswd);
+                        $entitytotest=$conf->entity;
 
-				} else {
-
-					$this->reponse(-1);
-
-				}
-
-			} else {
-
-				$this->reponse(-10);
-
-			}
-		}
-		else
-		{
-
-		}
-
-	}
-
-	function verif ($aLogin, $aPasswd) {
-		global $conf;
-
-		$this->login ($aLogin);
-		$this->passwd ($aPasswd);
-
-		$this->sqlQuery = "SELECT rowid, pass_crypted, statut";
-		$this->sqlQuery.= " FROM ".MAIN_DB_PREFIX."user";
-		$this->sqlQuery.= " WHERE login = '".$this->login."'";
-		$this->sqlQuery.= " AND entity IN (0,".$conf->entity.")";
-
-		$this->verif_utilisateurs();
-
-		switch ($this->reponse) {
-
-			default:
-				$ret = '-1';
-				break;
-
-			case 0:
-				$ret = '0';
-				break;
-
-			case -1:
-				$ret = '-1';
-				break;
-
-			case -2:
-				$ret = '-2';
-				break;
-
-			case -10:
-				$ret = '-10';
-				break;
-
-		}
+                        $function='check_user_password_'.$mode;
+                        $login=$function($aLogin,$aPasswd,$entitytotest);
+                        if ($login) // Login is successfull
+                        {
+                            $test=false;
+                            $dol_authmode=$mode;    // This properties is defined only when logged to say what mode was successfully used
+                            $ret=0;
+                        }
+                    }
+                    else
+                    {
+                        dol_syslog("Authentification ko - failed to load file '".$authfile."'",LOG_ERR);
+                        sleep(1);
+                        $ret=-1;
+                    }
+                }
+            }
+        }
 
 		return $ret;
-
 	}
 
 }
diff --git a/htdocs/cashdesk/css/style.css b/htdocs/cashdesk/css/style.css
index 821e6caa9fa..ea193978fe6 100644
--- a/htdocs/cashdesk/css/style.css
+++ b/htdocs/cashdesk/css/style.css
@@ -23,7 +23,7 @@ body {
 	margin: 0;
 	padding: 0;
 	text-align: center;
-	font: 0.7em Arial, Helvetica, sans-serif;
+	font: 0.7em verdana, arial, helvetica;
 }
 
 p {
@@ -274,9 +274,10 @@ p.titre {
 	position: absolute;
 }
 
-/* --------------------- Listes d�roulantes ------------------- */
+/* --------------------- Combo lists ------------------- */
 .select_design {
 	width: 370px;
+	font-size: 12px verdana,arial,helvetica
 	overflow: auto;
 }
 
diff --git a/htdocs/cashdesk/index.php b/htdocs/cashdesk/index.php
index d41b63ba3a4..cd5eb312ed5 100644
--- a/htdocs/cashdesk/index.php
+++ b/htdocs/cashdesk/index.php
@@ -1,6 +1,7 @@
 <?php
-/* Copyright (C) 2007-2008 Jeremie Ollivier <jeremie.o@laposte.net>
- * Copyright (C) 2011	   Juanjo Menent   	<jmenent@2byte.es>
+/* Copyright (C) 2007-2008 Jeremie Ollivier    <jeremie.o@laposte.net>
+ * Copyright (C) 2011	   Juanjo Menent   	   <jmenent@2byte.es>
+ * Copyright (C) 2011      Laurent Destailleur <eldy@users.sourceforge.net>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -67,7 +68,7 @@ top_htmlhead('','',0,0,'',$arrayofcss);
 <div class="principal_login">
 <?php if (! empty($_GET["err"])) print $_GET["err"]."<br><br>\n"; ?>
 <fieldset class="cadre_facturation"><legend class="titre1"><?php echo $langs->trans("Identification"); ?></legend>
-<form id="frmLogin" method="post" action="index_verif.php">
+<form id="frmLogin" method="POST" action="index_verif.php">
 	<input type="hidden" name="token" value="<?php echo $_SESSION['newtoken']; ?>" />
 
 <table>
@@ -87,7 +88,7 @@ print '<td>';
 $disabled=0;
 $langs->load("companies");
 if (! empty($conf->global->CASHDESK_ID_THIRDPARTY)) $disabled=1; // If a particular third party is defined, we disable choice
-$form->select_societes($conf->global->CASHDESK_ID_THIRDPARTY,'socid','s.client=1',!$disabled,$disabled,1);
+$form->select_societes(GETPOST('socid')?GETPOST('socid'):$conf->global->CASHDESK_ID_THIRDPARTY,'socid','s.client=1',!$disabled,$disabled,1);
 //print '<input name="warehouse_id" class="texte_login" type="warehouse_id" value="" />';
 print '</td>';
 print "</tr>\n";
@@ -100,7 +101,7 @@ if ($conf->stock->enabled)
 	print '<td>';
 	$disabled=0;
 	if (! empty($conf->global->CASHDESK_ID_WAREHOUSE)) $disabled=1;	// If a particular stock is defined, we disable choice
-	$formproduct->selectWarehouses($conf->global->CASHDESK_ID_WAREHOUSE,'warehouseid','',!$disabled,$disabled);
+	$formproduct->selectWarehouses(GETPOST('warehouseid')?GETPOST('warehouseid'):$conf->global->CASHDESK_ID_WAREHOUSE,'warehouseid','',!$disabled,$disabled);
 	//print '<input name="warehouse_id" class="texte_login" type="warehouse_id" value="" />';
 	print '</td>';
 	print "</tr>\n";
diff --git a/htdocs/cashdesk/index_verif.php b/htdocs/cashdesk/index_verif.php
index 16bc2672b28..a69f770d42f 100644
--- a/htdocs/cashdesk/index_verif.php
+++ b/htdocs/cashdesk/index_verif.php
@@ -38,14 +38,14 @@ $warehouseid = (GETPOST("warehouseid")!='')?GETPOST("warehouseid"):$conf->global
 if (empty($username))
 {
 	$retour=$langs->trans("ErrorFieldRequired",$langs->transnoentities("Login"));
-	header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username);
+	header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username.'&socid='.$thirdpartyid.'&warehouseid='.$warehouseid);
 	exit;
 }
 // Check third party id
 if (! ($thirdpartyid > 0))
 {
     $retour=$langs->trans("ErrorFieldRequired",$langs->transnoentities("CashDeskThirdPartyForSell"));
-    header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username);
+    header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username.'&socid='.$thirdpartyid.'&warehouseid='.$warehouseid);
     exit;
 }
 
@@ -53,7 +53,7 @@ if (! ($thirdpartyid > 0))
 if ($conf->stock->enabled && $conf->global->STOCK_CALCULATE_ON_BILL &&  ! ($warehouseid > 0))
 {
 	$retour=$langs->trans("CashDeskSetupStock");
-	header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username);
+	header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username.'&socid='.$thirdpartyid.'&warehouseid='.$warehouseid);
 	exit;
 }
 
@@ -61,7 +61,7 @@ if (! empty($_POST['txtUsername']) && $conf->banque->enabled && (empty($conf_fka
 {
 	$langs->load("errors");
 	$retour=$langs->trans("ErrorModuleSetupNotComplete");
-    header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username);
+    header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username.'&socid='.$thirdpartyid.'&warehouseid='.$warehouseid);
     exit;
 }
 
@@ -112,7 +112,7 @@ else
 	$langs->load("errors");
     $langs->load("other");
 	$retour=$langs->trans("ErrorBadLoginPassword");
-	header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username);
+	header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username.'&socid='.$thirdpartyid.'&warehouseid='.$warehouseid);
 	exit;
 }
 
diff --git a/htdocs/includes/login/functions_dolibarr.php b/htdocs/includes/login/functions_dolibarr.php
index 6ef452e32e8..f15204c6afb 100644
--- a/htdocs/includes/login/functions_dolibarr.php
+++ b/htdocs/includes/login/functions_dolibarr.php
@@ -26,20 +26,21 @@
 
 
 /**
- *      \brief		Check user and password
- *      \param		usertotest		Login
- *      \param		passwordtotest	Password
- *      \return		string			Login if ok, '' if ko.
+ *      Check user and password
+ *      @param		usertotest		Login
+ *      @param		passwordtotest	Password
+ *      @param      entitytotest    Entity
+ *      @return		string			Login if ok, '' if ko.
  */
-function check_user_password_dolibarr($usertotest,$passwordtotest)
+function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest=1)
 {
-	global $_POST,$db,$conf,$langs;
+	global $db,$conf,$langs;
 
 	dol_syslog("functions_dolibarr::check_user_password_dolibarr usertotest=".$usertotest);
 
 	$login='';
 
-	if (! empty($_POST["username"]))
+	if (! empty($usertotest))
 	{
 		// If test username/password asked, we define $test=false and $login var if ok, set $_SESSION["dol_loginmesg"] if ko
 		$table = MAIN_DB_PREFIX."user";
@@ -48,8 +49,8 @@ function check_user_password_dolibarr($usertotest,$passwordtotest)
 
 		$sql ='SELECT pass, pass_crypted';
 		$sql.=' FROM '.$table;
-		$sql.=' WHERE '.$usernamecol." = '".$db->escape($_POST["username"])."'";
-		$sql.=' AND '.$entitycol." IN (0," . ($_POST["entity"] ? $_POST["entity"] : 1) . ")";
+		$sql.=' WHERE '.$usernamecol." = '".$db->escape($usertotest)."'";
+		$sql.=' AND '.$entitycol." IN (0," . ($entitytotest ? $entitytotest : 1) . ")";
 
 		dol_syslog("functions_dolibarr::check_user_password_dolibarr sql=".$sql);
 		$resql=$db->query($sql);
@@ -60,7 +61,7 @@ function check_user_password_dolibarr($usertotest,$passwordtotest)
 			{
 				$passclear=$obj->pass;
 				$passcrypted=$obj->pass_crypted;
-				$passtyped=$_POST["password"];
+				$passtyped=$passwordtotest;
 
 				$passok=false;
 
@@ -93,11 +94,11 @@ function check_user_password_dolibarr($usertotest,$passwordtotest)
 				// Password ok ?
 				if ($passok)
 				{
-					$login=$_POST["username"];
+					$login=$usertotest;
 				}
 				else
 				{
-					dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko bad password pour '".$_POST["username"]."'");
+					dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko bad password pour '".$usertotest."'");
 					sleep(1);
 					$langs->load('main');
 					$langs->load('other');
@@ -106,7 +107,7 @@ function check_user_password_dolibarr($usertotest,$passwordtotest)
 			}
 			else
 			{
-				dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko user not found for '".$_POST["username"]."'");
+				dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko user not found for '".$usertotest."'");
 				sleep(1);
 				$langs->load('main');
 				$langs->load('other');
@@ -115,7 +116,7 @@ function check_user_password_dolibarr($usertotest,$passwordtotest)
 		}
 		else
 		{
-			dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko db error for '".$_POST["username"]."' error=".$db->lasterror());
+			dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko db error for '".$usertotest."' error=".$db->lasterror());
 			sleep(1);
 			$_SESSION["dol_loginmesg"]=$db->lasterror();
 		}
diff --git a/htdocs/langs/fr_FR/cashdesk.lang b/htdocs/langs/fr_FR/cashdesk.lang
index 96167e01f51..e3bd984fb3c 100755
--- a/htdocs/langs/fr_FR/cashdesk.lang
+++ b/htdocs/langs/fr_FR/cashdesk.lang
@@ -30,4 +30,4 @@ Difference=Difference
 TotalTicket=Total ticket
 Change=Trop perçu
 CalTip=Cliquez pour afficher le calendrier
-CashDeskSetupStock=Le conf. diminue le stock lors la création de factures, mais vous ne spécifiez pas entrepôt .<br>Vous devez modifier la conf. du module de stock, ou vous choisissez un entrepôt 
\ No newline at end of file
+CashDeskSetupStock=La configuration du module stock demande une réduction du stock sur facturation, mais vous n'avez pas spécifiez d'entrepôt. Vous devez modifier la configuration du module stock ou choisir un entrepôt.
\ No newline at end of file
diff --git a/htdocs/lib/security.lib.php b/htdocs/lib/security.lib.php
index c066c1c779e..f15a87e9711 100644
--- a/htdocs/lib/security.lib.php
+++ b/htdocs/lib/security.lib.php
@@ -26,8 +26,9 @@
 
 
 /**
- *   Return list of login methods provided by external third party modules.
- *   @return	array
+ *   Return a login if login/pass was successfull using an external login method
+ *   @return	string		Login or ''
+ * 	 TODO Provide usertotest, passwordtotest and entitytotest by parameters
  */
 function getLoginMethod()
 {
@@ -56,8 +57,9 @@ function getLoginMethod()
 						// Call function to check user/password
 						$usertotest=$_POST["username"];
 						$passwordtotest=$_POST["password"];
+						$entitytotest=$_POST["entity"];
 						$function='check_user_password_'.$mode;
-						$login=$function($usertotest,$passwordtotest);
+						$login=$function($usertotest,$passwordtotest,$entitytotest);
 						if ($login)
 						{
 							$conf->authmode=$mode;	// This properties is defined only when logged
@@ -543,7 +545,7 @@ function dol_efc_config()
 function getRandomPassword()
 {
 	global $db,$conf,$langs,$user;
-	
+
 	$generated_password='';
 	if ($conf->global->USER_PASSWORD_GENERATED)
 	{
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 55ae5fef891..86ba359b028 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -400,7 +400,7 @@ if (! defined('NOLOGIN'))
 			}
 		}
 
-		// Validation of third party module login method
+		// Validation of login with a third party login module method
 		if (is_array($conf->login_method_modules) && !empty($conf->login_method_modules))
 		{
 			include_once(DOL_DOCUMENT_ROOT . "/lib/security.lib.php");
@@ -428,8 +428,9 @@ if (! defined('NOLOGIN'))
 						// Call function to check user/password
 						$usertotest=$_POST["username"];
 						$passwordtotest=$_POST["password"];
+						$entitytotest=$_POST["entity"];
 						$function='check_user_password_'.$mode;
-						$login=$function($usertotest,$passwordtotest);
+						$login=$function($usertotest,$passwordtotest,$entitytotest);
 						if ($login)	// Login is successfull
 						{
 							$test=false;