From 15138aa543e63d5083d9b2e4fbb250bca56bb891 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 4 Mar 2019 20:00:36 +0100 Subject: [PATCH 1/2] FIX error on setup of password if pass generators have a .old file. --- htdocs/admin/security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/security.php b/htdocs/admin/security.php index 26dcdc85b8d..291a2948987 100644 --- a/htdocs/admin/security.php +++ b/htdocs/admin/security.php @@ -212,7 +212,7 @@ if (is_resource($handle)) { while (($file = readdir($handle))!==false) { - if (preg_match('/(modGeneratePass[a-z]+)\.class\.php/i',$file,$reg)) + if (preg_match('/(modGeneratePass[a-z]+)\.class\.php$/i',$file,$reg)) { // Charging the numbering class $classname = $reg[1]; From 54b9681257171e9c15215290f71295bb09384344 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 4 Mar 2019 20:15:31 +0100 Subject: [PATCH 2/2] More log to help debug --- htdocs/core/login/functions_dolibarr.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/htdocs/core/login/functions_dolibarr.php b/htdocs/core/login/functions_dolibarr.php index 25d5f2dc30c..eede3bf2ee6 100644 --- a/htdocs/core/login/functions_dolibarr.php +++ b/htdocs/core/login/functions_dolibarr.php @@ -80,7 +80,7 @@ function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest= if (! empty($conf->global->DATABASE_PWD_ENCRYPTED)) $cryptType=$conf->global->DATABASE_PWD_ENCRYPTED; // By default, we used MD5 - if (! in_array($cryptType,array('md5'))) $cryptType='md5'; + if (! in_array($cryptType, array('md5'))) $cryptType='md5'; // Check crypted password according to crypt algorithm if ($cryptType == 'md5') { @@ -109,8 +109,9 @@ function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest= } else { - dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko bad password for '".$usertotest."'"); - sleep(2); // Anti brut force protection + dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko bad password for '".$usertotest."', cryptType=".$cryptType); + //dol_syslog("passclear=".$passclear." passtyped=".$passtyped." passcrypted=".$passcrypted); + sleep(2); // Anti brut force protection $langs->load('main'); $langs->load('errors'); $_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadLoginPassword");