lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cvsimport

Browse Source
This commit is contained in:
Laurent Destailleur 2011-09-24 14:19:24 +00:00
commit 40c7d13948
12 changed files with 123 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
dev/codesniffer/ruleset.xml
View File

@ -22,6 +22,9 @@
<rule ref="Generic.CodeAnalysis.UnnecessaryFinalModifier" /> <rule ref="Generic.CodeAnalysis.UnnecessaryFinalModifier" />
<rule ref="Generic.CodeAnalysis.UnusedFunctionParameter" /> <rule ref="Generic.CodeAnalysis.UnusedFunctionParameter" />
<rule ref="Generic.CodeAnalysis.UnusedFunctionParameter.Found">
<severity>0</severity>
</rule>
<rule ref="Generic.CodeAnalysis.UselessOverridingMethod" /> <rule ref="Generic.CodeAnalysis.UselessOverridingMethod" />

2
htdocs/includes/login/functions_empty.php
View File

@ -31,7 +31,7 @@
* @param int $entitytotest Number of instance (always 1 if module multicompany not enabled) * @param int $entitytotest Number of instance (always 1 if module multicompany not enabled)
* @return string Login if OK, '' if KO * @return string Login if OK, '' if KO
*/ */
function check_user_password_empty($usertotest,$passwordtotest) function check_user_password_empty($usertotest,$passwordtotest,$entitytotest)
{ {
dol_syslog("functions_empty::check_user_password_empty usertotest=".$usertotest); dol_syslog("functions_empty::check_user_password_empty usertotest=".$usertotest);

2
htdocs/includes/login/functions_forceuser.php
View File

@ -32,7 +32,7 @@
* @param int $entitytotest Number of instance (always 1 if module multicompany not enabled) * @param int $entitytotest Number of instance (always 1 if module multicompany not enabled)
* @return string Login if OK, '' if KO * @return string Login if OK, '' if KO
*/ */
function check_user_password_forceuser($usertotest,$passwordtotest) function check_user_password_forceuser($usertotest,$passwordtotest,$entitytotest)
{ {
// Variable dolibarr_auto_user must be defined in conf.php file // Variable dolibarr_auto_user must be defined in conf.php file
global $dolibarr_auto_user; global $dolibarr_auto_user;

2
htdocs/includes/login/functions_http.php
View File

@ -31,7 +31,7 @@
* @param int $entitytotest Number of instance (always 1 if module multicompany not enabled) * @param int $entitytotest Number of instance (always 1 if module multicompany not enabled)
* @return string Login if OK, '' if KO * @return string Login if OK, '' if KO
*/ */
function check_user_password_http($usertotest,$passwordtotest) function check_user_password_http($usertotest,$passwordtotest,$entitytotest)
{ {
dol_syslog("functions_http::check_user_password_http _SERVER[REMOTE_USER]=".$_SERVER["REMOTE_USER"]); dol_syslog("functions_http::check_user_password_http _SERVER[REMOTE_USER]=".$_SERVER["REMOTE_USER"]);

2
htdocs/includes/login/functions_ldap.php
View File

@ -32,7 +32,7 @@
* @param int $entitytotest Number of instance (always 1 if module multicompany not enabled) * @param int $entitytotest Number of instance (always 1 if module multicompany not enabled)
* @return string Login if OK, '' if KO * @return string Login if OK, '' if KO
*/ */
function check_user_password_ldap($usertotest,$passwordtotest) function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest)
{ {
global $_POST,$db,$conf,$langs; global $_POST,$db,$conf,$langs;
global $dolibarr_main_auth_ldap_host,$dolibarr_main_auth_ldap_port; global $dolibarr_main_auth_ldap_host,$dolibarr_main_auth_ldap_port;

2
htdocs/includes/login/functions_myopenid.php
View File

@ -32,7 +32,7 @@
* @param int $entitytotest Number of instance (always 1 if module multicompany not enabled) * @param int $entitytotest Number of instance (always 1 if module multicompany not enabled)
* @return string Login if OK, '' if KO * @return string Login if OK, '' if KO
*/ */
function check_user_password_myopenid($usertotest,$passwordtotest) function check_user_password_myopenid($usertotest,$passwordtotest,$entitytotest)
{ {
global $_POST,$db,$conf,$langs; global $_POST,$db,$conf,$langs;

15
htdocs/includes/modules/security/generate/modGeneratePassNone.class.php
View File

@ -43,10 +43,10 @@ class modGeneratePassNone extends ModeleGenPassword
/** /**
* Constructor * Constructor
* *
* @param DoliDB $DB Database handler * @param DoliDB $db Database handler
* @param conf Handler de conf * @param Conf $conf Handler de conf
* @param lang Handler de langue * @param Translate $langs Handler de langue
* @param user Handler du user connecte * @param User $user Handler du user connecte
*/ */
function modGeneratePassNone($db, $conf, $langs, $user) function modGeneratePassNone($db, $conf, $langs, $user)
{ {
@ -61,6 +61,7 @@ class modGeneratePassNone extends ModeleGenPassword
/** /**
* Return description of module * Return description of module
*
* @return string Description of text * @return string Description of text
*/ */
function getDescription() function getDescription()
@ -71,6 +72,7 @@ class modGeneratePassNone extends ModeleGenPassword
/** /**
* Return an example of password generated by this module * Return an example of password generated by this module
*
* @return string Example of password * @return string Example of password
*/ */
function getExample() function getExample()
@ -80,6 +82,7 @@ class modGeneratePassNone extends ModeleGenPassword
/** /**
* Build new password * Build new password
*
* @return string Return a new generated password * @return string Return a new generated password
*/ */
function getNewGeneratedPassword() function getNewGeneratedPassword()
@ -89,7 +92,9 @@ class modGeneratePassNone extends ModeleGenPassword
/** /**
* Validate a password * Validate a password
* @return int 0 if KO, >0 if OK *
* @param string $password Password to check
* @return int 0 if KO, >0 if OK
*/ */
function validatePassword($password) function validatePassword($password)
{ {

15
htdocs/includes/modules/security/generate/modGeneratePassStandard.class.php
View File

@ -43,10 +43,10 @@ class modGeneratePassStandard extends ModeleGenPassword
/** /**
* Constructor * Constructor
* *
* @param DoliDB $DB Database handler * @param DoliDB $db Database handler
* @param conf Handler de conf * @param Conf $conf Handler de conf
* @param lang Handler de langue * @param Translate $langs Handler de langue
* @param user Handler du user connecte * @param User $user Handler du user connecte
*/ */
function modGeneratePassStandard($db, $conf, $langs, $user) function modGeneratePassStandard($db, $conf, $langs, $user)
{ {
@ -61,6 +61,7 @@ class modGeneratePassStandard extends ModeleGenPassword
/** /**
* Return description of module * Return description of module
*
* @return string Description of module * @return string Description of module
*/ */
function getDescription() function getDescription()
@ -71,6 +72,7 @@ class modGeneratePassStandard extends ModeleGenPassword
/** /**
* Return an example of password generated by this module * Return an example of password generated by this module
*
* @return string Example of password * @return string Example of password
*/ */
function getExample() function getExample()
@ -80,6 +82,7 @@ class modGeneratePassStandard extends ModeleGenPassword
/** /**
* Build new password * Build new password
*
* @return string Return a new generated password * @return string Return a new generated password
*/ */
function getNewGeneratedPassword() function getNewGeneratedPassword()
@ -115,7 +118,9 @@ class modGeneratePassStandard extends ModeleGenPassword
/** /**
* Validate a password * Validate a password
* @return int 0 if KO, >0 if OK *
* @param string $password Password to check
* @return int 0 if KO, >0 if OK
*/ */
function validatePassword($password) function validatePassword($password)
{ {

88
htdocs/includes/modules/security/generate/modules_genpassword.php
View File

@ -1,5 +1,5 @@
<?php <?php
/* Copyright (C) 2007-2009 Laurent Destailleur <eldy@users.sourceforge.net> /* Copyright (C) 2007-2011 Laurent Destailleur <eldy@users.sourceforge.net>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -30,54 +30,62 @@ require_once(DOL_DOCUMENT_ROOT.'/lib/functions.lib.php');
*/ */
abstract class ModeleGenPassword abstract class ModeleGenPassword
{ {
var $error=''; var $error='';
/** \brief Return if a module can be used or not /**
* \return boolean true if module can be used * Return if a module can be used or not
*/ *
function isEnabled() * @return boolean true if module can be used
{ */
return true; function isEnabled()
} {
return true;
}
/** \brief Renvoi la description par defaut du modele /**
* \return string Texte descripif * Return description of module
*/ *
function info() * @return string Description of text
{ */
global $langs; function getDescription()
$langs->load("bills"); {
return $langs->trans("NoDescription"); global $langs;
} return $langs->trans("NoDescription");
}
/** \brief Renvoi un exemple de generation /**
* \return string Example * Return an example of password generated by this module
*/ *
function getExample() * @return string Example of password
{ */
global $langs; function getExample()
$langs->load("bills"); {
return $langs->trans("NoExample"); global $langs;
} $langs->load("bills");
return $langs->trans("NoExample");
}
/** /**
* \brief Build new password * Build new password
* \return string Return a new generated password *
* @return string Return a new generated password
*/ */
function getNewGeneratedPassword() function getNewGeneratedPassword()
{ {
global $langs; global $langs;
return $langs->trans("NotAvailable"); return $langs->trans("NotAvailable");
} }
/** /**
* \brief Validate a password * Validate a password
* \return int 0 if KO, >0 if OK *
* @param string $password Password to check
* @return int 0 if KO, >0 if OK
*/ */
function validatePassword($password) function validatePassword($password)
{ {
return 1; return 1;
} }
} }

21
htdocs/lib/security.lib.php
View File

@ -18,8 +18,11 @@
*/ */
/** /**
* \file htdocs/lib/security.lib.php * \file htdocs/lib/security.lib.php
* \brief Set of function used for dolibarr security * \ingroup core
* \brief Set of function used for dolibarr security.
* Warning, this file must not depends on other library files, except function.lib.php
* because it is used at low code level.
*/ */
@ -28,8 +31,8 @@
* *
* @param string $usertotest Login value to test * @param string $usertotest Login value to test
* @param string $passwordtotest Password value to test * @param string $passwordtotest Password value to test
* @param string $entitytotest Instance to test * @param string $entitytotest Instance of data we must check
* @param array $authmode Array list of selected authentication mode ('http', 'dolibarr', 'xxx'...) * @param array $authmode Array list of selected authentication mode array('http', 'dolibarr', 'xxx'...)
* @return string Login or '' * @return string Login or ''
*/ */
function checkLoginPassEntity($usertotest,$passwordtotest,$entitytotest,$authmode) function checkLoginPassEntity($usertotest,$passwordtotest,$entitytotest,$authmode)
@ -44,14 +47,14 @@ function checkLoginPassEntity($usertotest,$passwordtotest,$entitytotest,$authmod
$login = ''; $login = '';
// Validation of login/pass/entity with a third party login module method // Validation of login/pass/entity with a third party login module method
if (is_array($conf->login_method_modules) && !empty($conf->login_method_modules)) if (! empty($conf->login_method_modules) && is_array($conf->login_method_modules))
{ {
foreach($conf->login_method_modules as $dir) foreach($conf->login_method_modules as $dir)
{ {
$newdir=dol_osencode($dir); $newdir=dol_osencode($dir);
// Check if directory exists // Check if directory exists
if (!is_dir($newdir)) continue; if (! is_dir($newdir)) continue;
$handle=opendir($newdir); $handle=opendir($newdir);
if (is_resource($handle)) if (is_resource($handle))
@ -324,7 +327,7 @@ function dol_loginfunction($langs,$conf,$mysoc)
} }
/** /**
* Fonction pour initialiser un salt pour la fonction crypt * Fonction pour initialiser un salt pour la fonction crypt.
* *
* @param int $type 2=>renvoi un salt pour cryptage DES * @param int $type 2=>renvoi un salt pour cryptage DES
* 12=>renvoi un salt pour cryptage MD5 * 12=>renvoi un salt pour cryptage MD5
@ -338,7 +341,7 @@ function makesalt($type=CRYPT_SALT_LENGTH)
{ {
case 12: // 8 + 4 case 12: // 8 + 4
$saltlen=8; $saltprefix='$1$'; $saltsuffix='$'; break; $saltlen=8; $saltprefix='$1$'; $saltsuffix='$'; break;
case 8: // 8 + 4 (Pour compatibilite, ne devrait pas etre utilise) case 8: // 8 (Pour compatibilite, ne devrait pas etre utilise)
$saltlen=8; $saltprefix='$1$'; $saltsuffix='$'; break; $saltlen=8; $saltprefix='$1$'; $saltsuffix='$'; break;
case 2: // 2 case 2: // 2
default: // by default, fall back on Standard DES (should work everywhere) default: // by default, fall back on Standard DES (should work everywhere)
@ -497,7 +500,7 @@ function dol_decode($chain)
/** /**
* Return a generated password using default module * Return a generated password using default module
* *
* @param boolean $generic Create generic password * @param boolean $generic true=Create generic password (a MD5 string), false=Use the configured password generation module
* @return string New value for password * @return string New value for password
*/ */
function getRandomPassword($generic=false) function getRandomPassword($generic=false)

10
htdocs/lib/ws.lib.php
View File

@ -18,6 +18,7 @@
/** /**
* \file htdocs/lib/ws.lib.php * \file htdocs/lib/ws.lib.php
* \ingroup webservices
* \brief Set of function for manipulating web services * \brief Set of function for manipulating web services
*/ */
@ -25,10 +26,11 @@
/** /**
* Check authentication array and set error, errorcode, errorlabel * Check authentication array and set error, errorcode, errorlabel
* *
* @param authentication Array * @param array $authentication Array with authentication informations ('login'=>,'password'=>,'entity'=>,'dolibarrkey'=>)
* @param error * @param int &$error Number of errors
* @param errorcode * @param string &$errorcode Error string code
* @param errorlabel * @param string &$errorlabel Error string label
* @return User Return user object identified by login/pass/entity into authentication array
*/ */
function check_authentication($authentication,&$error,&$errorcode,&$errorlabel) function check_authentication($authentication,&$error,&$errorcode,&$errorlabel)
{ {

42
test/phpunit/SecurityTest.php
View File

@ -178,23 +178,39 @@ class SecurityTest extends PHPUnit_Framework_TestCase
/** /**
*/ */
/* public function testAnalyseSqlAndScript() public function testEncodeDecode()
{ {
global $conf,$user,$langs,$db; $stringtotest="This is a string to test encode/decode";
$conf=$this->savconf;
$user=$this->savuser;
$langs=$this->savlangs;
$db=$this->savdb;
$_GET["param1"]="azert"; $encodedstring=dol_encode($stringtotest);
$_POST["param2"]="a/b#e(pr)qq-rr\cc"; $decodedstring=dol_decode($encodedstring);
print __METHOD__." encodedstring=".$encodedstring." ".base64_encode($stringtotest)."\n";
$result=analyse_sql_and_script($_GET); $this->assertEquals($stringtotest,$decodedstring);
print __METHOD__." result=".$result."\n";
$this->assertFalse($result); // False because mail send disabled return $result;
}
/**
*/
public function testGetRandomPassword()
{
global $conf;
$genpass1=getRandomPassword(true); // Should be a MD5 string return by dol_hash
print __METHOD__." genpass1=".$genpass1."\n";
$this->assertEquals(strlen($genpass1),32);
$conf->global->USER_PASSWORD_GENERATED='None';
$genpass2=getRandomPassword(false); // Should be an empty string
print __METHOD__." genpass2=".$genpass2."\n";
$this->assertEquals($genpass2,'');
$conf->global->USER_PASSWORD_GENERATED='Standard';
$genpass3=getRandomPassword(false);
print __METHOD__." genpass3=".$genpass3."\n";
$this->assertEquals(strlen($genpass3),8);
return $result; return $result;
} }
*/
} }
?> ?>