From 293e0ac83126f2ad1a9164520ba809b88ab851c1 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Sat, 7 Jul 2012 12:15:43 +0200 Subject: [PATCH] Change-Id: I5f8bcf59cf2fc0d902edb4d61f8c20a2880765a2 --- htdocs/core/lib/security2.lib.php | 4 ++-- htdocs/core/login/functions_dolibarr.php | 15 +++++++++++++-- htdocs/user/class/user.class.php | 2 +- 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php index 5a7c461dc1e..74ac5d496e8 100644 --- a/htdocs/core/lib/security2.lib.php +++ b/htdocs/core/lib/security2.lib.php @@ -54,7 +54,7 @@ function checkLoginPassEntity($usertotest,$passwordtotest,$entitytotest,$authmod global $conf,$langs; global $dolauthmode; // To return authentication finally used - // Check parameetrs + // Check parameters if ($entitytotest == '') $entitytotest=1; dol_syslog("checkLoginPassEntity usertotest=".$usertotest." entitytotest=".$entitytotest." authmode=".join(',',$authmode)); @@ -480,4 +480,4 @@ function getRandomPassword($generic=false) return $generated_password; } -?> \ No newline at end of file +?> diff --git a/htdocs/core/login/functions_dolibarr.php b/htdocs/core/login/functions_dolibarr.php index 700caf54c07..35042f6f179 100644 --- a/htdocs/core/login/functions_dolibarr.php +++ b/htdocs/core/login/functions_dolibarr.php @@ -36,9 +36,14 @@ function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest=1) { global $db,$conf,$langs; + global $mc; dol_syslog("functions_dolibarr::check_user_password_dolibarr usertotest=".$usertotest); + // Force master entity in transversal mode + $entity=$entitytotest; + if (! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode)) $entity=1; + $login=''; if (! empty($usertotest)) @@ -48,10 +53,10 @@ function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest= $usernamecol = 'login'; $entitycol = 'entity'; - $sql ='SELECT pass, pass_crypted'; + $sql ='SELECT rowid, entity, pass, pass_crypted'; $sql.=' FROM '.$table; $sql.=' WHERE '.$usernamecol." = '".$db->escape($usertotest)."'"; - $sql.=' AND '.$entitycol." IN (0," . ($entitytotest ? $entitytotest : 1) . ")"; + $sql.=' AND '.$entitycol." IN (0," . ($entity ? $entity : 1) . ")"; dol_syslog("functions_dolibarr::check_user_password_dolibarr sql=".$sql); $resql=$db->query($sql); @@ -92,6 +97,12 @@ function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest= } } + if ($passok && ! empty($obj->entity) && (! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode))) + { + $ret=$mc->checkRight($obj->rowid, $entitytotest); + if ($ret < 0) $passok=false; + } + // Password ok ? if ($passok) { diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 45854bf284a..cbc3f59702c 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -149,7 +149,7 @@ class User extends CommonObject $sql.= " u.ref_int, u.ref_ext"; $sql.= " FROM ".MAIN_DB_PREFIX."user as u"; - if(! empty($conf->multicompany->enabled) && $conf->entity == 1) + if (! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode)) { $sql.= " WHERE u.entity IS NOT NULL"; }