From 8a09472def1ad1a5dd5ed1ea15275c95a7fa500a Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Thu, 28 Sep 2017 18:23:06 +0200 Subject: [PATCH 01/18] Fix: civility_id is not an integer ! --- htdocs/adherents/class/adherent.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 5eb757c0c5c..76f94d15d50 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -419,7 +419,7 @@ class Adherent extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET"; - $sql.= " civility = ".($this->civility_id>0?$this->db->escape($this->civility_id):"null"); + $sql.= " civility = ".($this->civility_id?$this->db->escape($this->civility_id):"null"); $sql.= ", firstname = ".($this->firstname?"'".$this->db->escape($this->firstname)."'":"null"); $sql.= ", lastname = ".($this->lastname?"'".$this->db->escape($this->lastname)."'":"null"); $sql.= ", login = ".($this->login?"'".$this->db->escape($this->login)."'":"null"); From f58fb6b6f6a8e91912ecca669ac85a106cadb87d Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Thu, 28 Sep 2017 18:29:11 +0200 Subject: [PATCH 02/18] Fix: syntax error --- htdocs/adherents/class/adherent.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 76f94d15d50..7c2cdb2f2aa 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -419,7 +419,7 @@ class Adherent extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET"; - $sql.= " civility = ".($this->civility_id?$this->db->escape($this->civility_id):"null"); + $sql.= " civility = ".($this->civility_id?"'".$this->db->escape($this->civility_id)."'":"null"); $sql.= ", firstname = ".($this->firstname?"'".$this->db->escape($this->firstname)."'":"null"); $sql.= ", lastname = ".($this->lastname?"'".$this->db->escape($this->lastname)."'":"null"); $sql.= ", login = ".($this->login?"'".$this->db->escape($this->login)."'":"null"); From 660c5dd03d437ff793713df6c1f87b67d0ad22e5 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Thu, 28 Sep 2017 18:49:33 +0200 Subject: [PATCH 03/18] Fix: avoid ldap error when firstname and lastname is empty --- htdocs/adherents/class/adherent.class.php | 11 +++++++---- htdocs/admin/ldap_members.php | 21 +++++++++++++++------ htdocs/langs/en_US/admin.lang | 2 ++ 3 files changed, 24 insertions(+), 10 deletions(-) diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 7c2cdb2f2aa..e70ef9893bc 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -1957,20 +1957,23 @@ class Adherent extends CommonObject $info["objectclass"]=explode(',',$conf->global->LDAP_MEMBER_OBJECT_CLASS); $this->fullname=$this->getFullName($langs); + // For avoid ldap error when firstname and lastname is empty + if ($this->morphy == 'mor' && empty($this->fullname)) $this->fullname = $this->societe; // Member if ($this->fullname && ! empty($conf->global->LDAP_MEMBER_FIELD_FULLNAME)) $info[$conf->global->LDAP_MEMBER_FIELD_FULLNAME] = $this->fullname; - if ($this->lastname && ! empty($conf->global->LDAP_MEMBER_FIELD_NAME)) $info[$conf->global->LDAP_MEMBER_FIELD_NAME] = $this->lastname; + if ($this->lastname && ! empty($conf->global->LDAP_MEMBER_FIELD_NAME)) $info[$conf->global->LDAP_MEMBER_FIELD_NAME] = $this->lastname; if ($this->firstname && ! empty($conf->global->LDAP_MEMBER_FIELD_FIRSTNAME)) $info[$conf->global->LDAP_MEMBER_FIELD_FIRSTNAME] = $this->firstname; if ($this->login && ! empty($conf->global->LDAP_MEMBER_FIELD_LOGIN)) $info[$conf->global->LDAP_MEMBER_FIELD_LOGIN] = $this->login; - if ($this->pass && ! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte + if ($this->pass && ! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte if ($this->pass && ! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // md5 for OpenLdap TODO add type of encryption if ($this->poste && ! empty($conf->global->LDAP_MEMBER_FIELD_TITLE)) $info[$conf->global->LDAP_MEMBER_FIELD_TITLE] = $this->poste; + if ($this->societe && ! empty($conf->global->LDAP_MEMBER_FIELD_COMPANY)) $info[$conf->global->LDAP_MEMBER_FIELD_COMPANY] = $this->societe; if ($this->address && ! empty($conf->global->LDAP_MEMBER_FIELD_ADDRESS)) $info[$conf->global->LDAP_MEMBER_FIELD_ADDRESS] = $this->address; if ($this->zip && ! empty($conf->global->LDAP_MEMBER_FIELD_ZIP)) $info[$conf->global->LDAP_MEMBER_FIELD_ZIP] = $this->zip; - if ($this->town && ! empty($conf->global->LDAP_MEMBER_FIELD_TOWN)) $info[$conf->global->LDAP_MEMBER_FIELD_TOWN] = $this->town; + if ($this->town && ! empty($conf->global->LDAP_MEMBER_FIELD_TOWN)) $info[$conf->global->LDAP_MEMBER_FIELD_TOWN] = $this->town; if ($this->country_code && ! empty($conf->global->LDAP_MEMBER_FIELD_COUNTRY)) $info[$conf->global->LDAP_MEMBER_FIELD_COUNTRY] = $this->country_code; - if ($this->email && ! empty($conf->global->LDAP_MEMBER_FIELD_MAIL)) $info[$conf->global->LDAP_MEMBER_FIELD_MAIL] = $this->email; + if ($this->email && ! empty($conf->global->LDAP_MEMBER_FIELD_MAIL)) $info[$conf->global->LDAP_MEMBER_FIELD_MAIL] = $this->email; if ($this->skype && ! empty($conf->global->LDAP_MEMBER_FIELD_SKYPE)) $info[$conf->global->LDAP_MEMBER_FIELD_SKYPE] = $this->skype; if ($this->phone && ! empty($conf->global->LDAP_MEMBER_FIELD_PHONE)) $info[$conf->global->LDAP_MEMBER_FIELD_PHONE] = $this->phone; if ($this->phone_perso && ! empty($conf->global->LDAP_MEMBER_FIELD_PHONE_PERSO)) $info[$conf->global->LDAP_MEMBER_FIELD_PHONE_PERSO] = $this->phone_perso; diff --git a/htdocs/admin/ldap_members.php b/htdocs/admin/ldap_members.php index cad37cc4ccc..da04c852b2f 100644 --- a/htdocs/admin/ldap_members.php +++ b/htdocs/admin/ldap_members.php @@ -1,10 +1,10 @@ - * Copyright (C) 2004 Sebastien Di Cintio - * Copyright (C) 2004 Benoit Mortier - * Copyright (C) 2005 Regis Houssin - * Copyright (C) 2006-2008 Laurent Destailleur - * Copyright (C) 2011-2013 Juanjo Menent +/* Copyright (C) 2004 Rodolphe Quiedeville + * Copyright (C) 2004 Sebastien Di Cintio + * Copyright (C) 2004 Benoit Mortier + * Copyright (C) 2005-2017 Regis Houssin + * Copyright (C) 2006-2008 Laurent Destailleur + * Copyright (C) 2011-2013 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -68,6 +68,7 @@ if ($action == 'setvalue' && $user->admin) if (! dolibarr_set_const($db, 'LDAP_MEMBER_FIELD_MOBILE',GETPOST("fieldmobile"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_MEMBER_FIELD_SKYPE',GETPOST("fieldskype"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_MEMBER_FIELD_FAX',GETPOST("fieldfax"),'chaine',0,'',$conf->entity)) $error++; + if (! dolibarr_set_const($db, 'LDAP_MEMBER_FIELD_COMPANY',GETPOST("fieldcompany"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_MEMBER_FIELD_ADDRESS',GETPOST("fieldaddress"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_MEMBER_FIELD_ZIP',GETPOST("fieldzip"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_MEMBER_FIELD_TOWN',GETPOST("fieldtown"),'chaine',0,'',$conf->entity)) $error++; @@ -282,6 +283,14 @@ print ''.$langs->trans("LDAPFieldFaxExample").''; print ' '; print ''; +// Company + +print ''.$langs->trans("LDAPFieldCompany").''; +print ''; +print ''.$langs->trans("LDAPFieldCompanyExample").''; +print ' '; +print ''; + // Address print ''.$langs->trans("LDAPFieldAddress").''; diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 3c10edc86ca..c17ecd88a0e 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -1349,6 +1349,8 @@ LDAPFieldMobile=Cellular phone LDAPFieldMobileExample=Example : mobile LDAPFieldFax=Fax number LDAPFieldFaxExample=Example : facsimiletelephonenumber +LDAPFieldCompany=Company name +LDAPFieldCompanyExample=Example : displayName LDAPFieldAddress=Street LDAPFieldAddressExample=Example : street LDAPFieldZip=Zip From 35b290a7dfff248ae1d4783362c491b69dbeda18 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Thu, 28 Sep 2017 19:04:33 +0200 Subject: [PATCH 04/18] Fix: Trad already exists --- htdocs/langs/en_US/admin.lang | 2 -- 1 file changed, 2 deletions(-) diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index c17ecd88a0e..3c10edc86ca 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -1349,8 +1349,6 @@ LDAPFieldMobile=Cellular phone LDAPFieldMobileExample=Example : mobile LDAPFieldFax=Fax number LDAPFieldFaxExample=Example : facsimiletelephonenumber -LDAPFieldCompany=Company name -LDAPFieldCompanyExample=Example : displayName LDAPFieldAddress=Street LDAPFieldAddressExample=Example : street LDAPFieldZip=Zip From 76c89aed9bc5cafceecf9bd67537f48752e0b2a5 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Thu, 28 Sep 2017 19:13:26 +0200 Subject: [PATCH 05/18] Fix: add lastname --- htdocs/adherents/class/adherent.class.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index e70ef9893bc..ceaf13335f3 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -1956,9 +1956,12 @@ class Adherent extends CommonObject // Object classes $info["objectclass"]=explode(',',$conf->global->LDAP_MEMBER_OBJECT_CLASS); - $this->fullname=$this->getFullName($langs); - // For avoid ldap error when firstname and lastname is empty - if ($this->morphy == 'mor' && empty($this->fullname)) $this->fullname = $this->societe; + $this->fullname=$this->getFullName($langs); + // For avoid ldap error when firstname and lastname are empty + if ($this->morphy == 'mor' && empty($this->fullname)) { + $this->fullname = $this->societe; + $this->lastname = $this->societe; + } // Member if ($this->fullname && ! empty($conf->global->LDAP_MEMBER_FIELD_FULLNAME)) $info[$conf->global->LDAP_MEMBER_FIELD_FULLNAME] = $this->fullname; From ffc4f5021af5855283b84a636e3c85c5841a0bbb Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Fri, 29 Sep 2017 16:03:05 +0200 Subject: [PATCH 06/18] Fix: wrong contante value --- htdocs/adherents/admin/adherent.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/adherents/admin/adherent.php b/htdocs/adherents/admin/adherent.php index 93b90c01c92..d96f2cd0888 100644 --- a/htdocs/adherents/admin/adherent.php +++ b/htdocs/adherents/admin/adherent.php @@ -162,7 +162,7 @@ print "\n"; // Login/Pass required for members print ''.$langs->trans("AdherentLoginRequired").''; -print $form->selectyesno('ADHERENT_LOGIN_NOT_REQUIRED',(! empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED)?0:1),1); +print $form->selectyesno('ADHERENT_LOGIN_NOT_REQUIRED',(! empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED)?$conf->global->ADHERENT_LOGIN_NOT_REQUIRED:0),1); print "\n"; // Mail required for members From 7134884a08e724948bc080423f785b37b94634a7 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Fri, 29 Sep 2017 16:57:25 +0200 Subject: [PATCH 07/18] Revert "Fix: wrong contante value" This reverts commit ffc4f5021af5855283b84a636e3c85c5841a0bbb. --- htdocs/adherents/admin/adherent.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/adherents/admin/adherent.php b/htdocs/adherents/admin/adherent.php index d96f2cd0888..93b90c01c92 100644 --- a/htdocs/adherents/admin/adherent.php +++ b/htdocs/adherents/admin/adherent.php @@ -162,7 +162,7 @@ print "\n"; // Login/Pass required for members print ''.$langs->trans("AdherentLoginRequired").''; -print $form->selectyesno('ADHERENT_LOGIN_NOT_REQUIRED',(! empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED)?$conf->global->ADHERENT_LOGIN_NOT_REQUIRED:0),1); +print $form->selectyesno('ADHERENT_LOGIN_NOT_REQUIRED',(! empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED)?0:1),1); print "\n"; // Mail required for members From 46cc23c568115152c02895036b037175b1c7c023 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Sun, 24 Sep 2017 19:18:41 +0200 Subject: [PATCH 08/18] Fix: $this->pass is empty if DATABASE_PWD_ENCRYPTED is used --- htdocs/adherents/class/adherent.class.php | 119 +++++++++++++++------- htdocs/core/lib/security.lib.php | 3 +- htdocs/user/class/user.class.php | 43 +++++--- 3 files changed, 112 insertions(+), 53 deletions(-) diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index ceaf13335f3..8d424386e31 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -1947,14 +1947,15 @@ class Adherent extends CommonObject * * @return array Tableau info des attributs */ - function _load_ldap_info() - { - global $conf,$langs; + function _load_ldap_info() + { + global $conf,$langs; - $info=array(); + $info=array(); + $keymodified=false; - // Object classes - $info["objectclass"]=explode(',',$conf->global->LDAP_MEMBER_OBJECT_CLASS); + // Object classes + $info["objectclass"]=explode(',',$conf->global->LDAP_MEMBER_OBJECT_CLASS); $this->fullname=$this->getFullName($langs); // For avoid ldap error when firstname and lastname are empty @@ -1963,39 +1964,83 @@ class Adherent extends CommonObject $this->lastname = $this->societe; } - // Member - if ($this->fullname && ! empty($conf->global->LDAP_MEMBER_FIELD_FULLNAME)) $info[$conf->global->LDAP_MEMBER_FIELD_FULLNAME] = $this->fullname; - if ($this->lastname && ! empty($conf->global->LDAP_MEMBER_FIELD_NAME)) $info[$conf->global->LDAP_MEMBER_FIELD_NAME] = $this->lastname; - if ($this->firstname && ! empty($conf->global->LDAP_MEMBER_FIELD_FIRSTNAME)) $info[$conf->global->LDAP_MEMBER_FIELD_FIRSTNAME] = $this->firstname; - if ($this->login && ! empty($conf->global->LDAP_MEMBER_FIELD_LOGIN)) $info[$conf->global->LDAP_MEMBER_FIELD_LOGIN] = $this->login; - if ($this->pass && ! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte - if ($this->pass && ! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // md5 for OpenLdap TODO add type of encryption - if ($this->poste && ! empty($conf->global->LDAP_MEMBER_FIELD_TITLE)) $info[$conf->global->LDAP_MEMBER_FIELD_TITLE] = $this->poste; - if ($this->societe && ! empty($conf->global->LDAP_MEMBER_FIELD_COMPANY)) $info[$conf->global->LDAP_MEMBER_FIELD_COMPANY] = $this->societe; - if ($this->address && ! empty($conf->global->LDAP_MEMBER_FIELD_ADDRESS)) $info[$conf->global->LDAP_MEMBER_FIELD_ADDRESS] = $this->address; - if ($this->zip && ! empty($conf->global->LDAP_MEMBER_FIELD_ZIP)) $info[$conf->global->LDAP_MEMBER_FIELD_ZIP] = $this->zip; - if ($this->town && ! empty($conf->global->LDAP_MEMBER_FIELD_TOWN)) $info[$conf->global->LDAP_MEMBER_FIELD_TOWN] = $this->town; - if ($this->country_code && ! empty($conf->global->LDAP_MEMBER_FIELD_COUNTRY)) $info[$conf->global->LDAP_MEMBER_FIELD_COUNTRY] = $this->country_code; - if ($this->email && ! empty($conf->global->LDAP_MEMBER_FIELD_MAIL)) $info[$conf->global->LDAP_MEMBER_FIELD_MAIL] = $this->email; - if ($this->skype && ! empty($conf->global->LDAP_MEMBER_FIELD_SKYPE)) $info[$conf->global->LDAP_MEMBER_FIELD_SKYPE] = $this->skype; - if ($this->phone && ! empty($conf->global->LDAP_MEMBER_FIELD_PHONE)) $info[$conf->global->LDAP_MEMBER_FIELD_PHONE] = $this->phone; - if ($this->phone_perso && ! empty($conf->global->LDAP_MEMBER_FIELD_PHONE_PERSO)) $info[$conf->global->LDAP_MEMBER_FIELD_PHONE_PERSO] = $this->phone_perso; - if ($this->phone_mobile && ! empty($conf->global->LDAP_MEMBER_FIELD_MOBILE)) $info[$conf->global->LDAP_MEMBER_FIELD_MOBILE] = $this->phone_mobile; - if ($this->fax && ! empty($conf->global->LDAP_MEMBER_FIELD_FAX)) $info[$conf->global->LDAP_MEMBER_FIELD_FAX] = $this->fax; - if ($this->note_private && ! empty($conf->global->LDAP_MEMBER_FIELD_DESCRIPTION)) $info[$conf->global->LDAP_MEMBER_FIELD_DESCRIPTION] = $this->note_private; - if ($this->note_public && ! empty($conf->global->LDAP_MEMBER_FIELD_NOTE_PUBLIC)) $info[$conf->global->LDAP_MEMBER_FIELD_NOTE_PUBLIC] = $this->note_public; - if ($this->birth && ! empty($conf->global->LDAP_MEMBER_FIELD_BIRTHDATE)) $info[$conf->global->LDAP_MEMBER_FIELD_BIRTHDATE] = dol_print_date($this->birth,'dayhourldap'); - if (isset($this->statut) && ! empty($conf->global->LDAP_FIELD_MEMBER_STATUS)) $info[$conf->global->LDAP_FIELD_MEMBER_STATUS] = $this->statut; - if ($this->datefin && ! empty($conf->global->LDAP_FIELD_MEMBER_END_LASTSUBSCRIPTION)) $info[$conf->global->LDAP_FIELD_MEMBER_END_LASTSUBSCRIPTION] = dol_print_date($this->datefin,'dayhourldap'); + // Possible LDAP KEY (constname => varname) + $ldapkey = array( + 'LDAP_MEMBER_FIELD_FULLNAME' => 'fullname', + 'LDAP_MEMBER_FIELD_NAME' => 'lastname', + 'LDAP_MEMBER_FIELD_LOGIN' => 'login', + 'LDAP_MEMBER_FIELD_LOGIN_SAMBA' => 'login', + 'LDAP_MEMBER_FIELD_MAIL' => 'email' + ); - // Subscriptions - if ($this->first_subscription_date && ! empty($conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_DATE)) $info[$conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_DATE] = dol_print_date($this->first_subscription_date,'dayhourldap'); - if (isset($this->first_subscription_amount) && ! empty($conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_AMOUNT)) $info[$conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_AMOUNT] = $this->first_subscription_amount; - if ($this->last_subscription_date && ! empty($conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_DATE)) $info[$conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_DATE] = dol_print_date($this->last_subscription_date,'dayhourldap'); - if (isset($this->last_subscription_amount) && ! empty($conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_AMOUNT)) $info[$conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_AMOUNT] = $this->last_subscription_amount; + // Member + foreach ($ldapkey as $constname => $varname) + { + if (! empty($this->$varname) && ! empty($conf->global->$constname)) + { + $info[$conf->global->$constname] = $this->$varname; - return $info; - } + // Check if it is the LDAP key and if its value has been changed + if (! empty($conf->global->LDAP_KEY_MEMBERS) && $conf->global->LDAP_KEY_MEMBERS == $conf->global->$constname) + { + if (! empty($this->oldcopy) && $this->$varname != $this->oldcopy->$varname) $keymodified=true; + } + } + } + + if ($this->firstname && ! empty($conf->global->LDAP_MEMBER_FIELD_FIRSTNAME)) $info[$conf->global->LDAP_MEMBER_FIELD_FIRSTNAME] = $this->firstname; + if ($this->poste && ! empty($conf->global->LDAP_MEMBER_FIELD_TITLE)) $info[$conf->global->LDAP_MEMBER_FIELD_TITLE] = $this->poste; + if ($this->societe && ! empty($conf->global->LDAP_MEMBER_FIELD_COMPANY)) $info[$conf->global->LDAP_MEMBER_FIELD_COMPANY] = $this->societe; + if ($this->address && ! empty($conf->global->LDAP_MEMBER_FIELD_ADDRESS)) $info[$conf->global->LDAP_MEMBER_FIELD_ADDRESS] = $this->address; + if ($this->zip && ! empty($conf->global->LDAP_MEMBER_FIELD_ZIP)) $info[$conf->global->LDAP_MEMBER_FIELD_ZIP] = $this->zip; + if ($this->town && ! empty($conf->global->LDAP_MEMBER_FIELD_TOWN)) $info[$conf->global->LDAP_MEMBER_FIELD_TOWN] = $this->town; + if ($this->country_code && ! empty($conf->global->LDAP_MEMBER_FIELD_COUNTRY)) $info[$conf->global->LDAP_MEMBER_FIELD_COUNTRY] = $this->country_code; + if ($this->skype && ! empty($conf->global->LDAP_MEMBER_FIELD_SKYPE)) $info[$conf->global->LDAP_MEMBER_FIELD_SKYPE] = $this->skype; + if ($this->phone && ! empty($conf->global->LDAP_MEMBER_FIELD_PHONE)) $info[$conf->global->LDAP_MEMBER_FIELD_PHONE] = $this->phone; + if ($this->phone_perso && ! empty($conf->global->LDAP_MEMBER_FIELD_PHONE_PERSO)) $info[$conf->global->LDAP_MEMBER_FIELD_PHONE_PERSO] = $this->phone_perso; + if ($this->phone_mobile && ! empty($conf->global->LDAP_MEMBER_FIELD_MOBILE)) $info[$conf->global->LDAP_MEMBER_FIELD_MOBILE] = $this->phone_mobile; + if ($this->fax && ! empty($conf->global->LDAP_MEMBER_FIELD_FAX)) $info[$conf->global->LDAP_MEMBER_FIELD_FAX] = $this->fax; + if ($this->note_private && ! empty($conf->global->LDAP_MEMBER_FIELD_DESCRIPTION)) $info[$conf->global->LDAP_MEMBER_FIELD_DESCRIPTION] = $this->note_private; + if ($this->note_public && ! empty($conf->global->LDAP_MEMBER_FIELD_NOTE_PUBLIC)) $info[$conf->global->LDAP_MEMBER_FIELD_NOTE_PUBLIC] = $this->note_public; + if ($this->birth && ! empty($conf->global->LDAP_MEMBER_FIELD_BIRTHDATE)) $info[$conf->global->LDAP_MEMBER_FIELD_BIRTHDATE] = dol_print_date($this->birth,'dayhourldap'); + if (isset($this->statut) && ! empty($conf->global->LDAP_FIELD_MEMBER_STATUS)) $info[$conf->global->LDAP_FIELD_MEMBER_STATUS] = $this->statut; + if ($this->datefin && ! empty($conf->global->LDAP_FIELD_MEMBER_END_LASTSUBSCRIPTION)) $info[$conf->global->LDAP_FIELD_MEMBER_END_LASTSUBSCRIPTION] = dol_print_date($this->datefin,'dayhourldap'); + + // When password is modified + if ($this->pass) + { + if (! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte + if (! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // md5 for OpenLdap TODO add type of encryption + } + // When LDAP key is modified and password no defined + else if ($keymodified) + { + if (! empty($conf->global->DATABASE_PWD_ENCRYPTED)) + { + // Just for the default MD5 ! + if (empty($conf->global->MAIN_SECURITY_HASH_ALGO)) + { + if ($this->pass_indatabase_crypted && ! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) { + $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase_crypted, 5); // md5 for OpenLdap TODO add type of encryption + } + } + } + // Use $this->pass_indatabase value if exists + else if (! empty($this->pass_indatabase)) + { + if (! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD] = $this->pass_indatabase; // $this->pass_indatabase = mot de passe non crypte + if (! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase, 4); // md5 for OpenLdap TODO add type of encryption + } + } + + // Subscriptions + if ($this->first_subscription_date && ! empty($conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_DATE)) $info[$conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_DATE] = dol_print_date($this->first_subscription_date,'dayhourldap'); + if (isset($this->first_subscription_amount) && ! empty($conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_AMOUNT)) $info[$conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_AMOUNT] = $this->first_subscription_amount; + if ($this->last_subscription_date && ! empty($conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_DATE)) $info[$conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_DATE] = dol_print_date($this->last_subscription_date,'dayhourldap'); + if (isset($this->last_subscription_amount) && ! empty($conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_AMOUNT)) $info[$conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_AMOUNT] = $this->last_subscription_amount; + + return $info; + } /** diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 581c324674a..6bdb702686d 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -87,7 +87,8 @@ function dol_hash($chain,$type=0) if ($type == 1) return sha1($chain); else if ($type == 2) return sha1(md5($chain)); else if ($type == 3) return md5($chain); - else if ($type == 4) return '{md5}'.base64_encode(mhash(MHASH_MD5,$chain)); // For OpenLdap with md5 + else if ($type == 4) return '{md5}'.base64_encode(mhash(MHASH_MD5,$chain)); // For OpenLdap with md5 (based on an unencrypted password in base) + else if ($type == 5) return '{md5}'.base64_encode(hex2bin($chain)); // For OpenLdap with md5 (based on a md5 encrypted password in base) else if (! empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'sha1') return sha1($chain); else if (! empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'sha1md5') return sha1(md5($chain)); diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 40124109961..2defbb7e08b 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -2272,14 +2272,12 @@ class User extends CommonObject $this->fullname=$this->getFullName($langs); // Champs - if ($this->fullname && ! empty($conf->global->LDAP_FIELD_FULLNAME)) $info[$conf->global->LDAP_FIELD_FULLNAME] = $this->fullname; - if ($this->lastname && ! empty($conf->global->LDAP_FIELD_NAME)) $info[$conf->global->LDAP_FIELD_NAME] = $this->lastname; + if ($this->fullname && ! empty($conf->global->LDAP_FIELD_FULLNAME)) $info[$conf->global->LDAP_FIELD_FULLNAME] = $this->fullname; + if ($this->lastname && ! empty($conf->global->LDAP_FIELD_NAME)) $info[$conf->global->LDAP_FIELD_NAME] = $this->lastname; if ($this->firstname && ! empty($conf->global->LDAP_FIELD_FIRSTNAME)) $info[$conf->global->LDAP_FIELD_FIRSTNAME] = $this->firstname; if ($this->login && ! empty($conf->global->LDAP_FIELD_LOGIN)) $info[$conf->global->LDAP_FIELD_LOGIN] = $this->login; - if ($this->login && ! empty($conf->global->LDAP_FIELD_LOGIN_SAMBA)) $info[$conf->global->LDAP_FIELD_LOGIN_SAMBA] = $this->login; - if ($this->pass && ! empty($conf->global->LDAP_FIELD_PASSWORD)) $info[$conf->global->LDAP_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte - if ($this->pass && ! empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // md5 for OpenLdap TODO add type of encryption - if ($this->ldap_sid && ! empty($conf->global->LDAP_FIELD_SID)) $info[$conf->global->LDAP_FIELD_SID] = $this->ldap_sid; + if ($this->login && ! empty($conf->global->LDAP_FIELD_LOGIN_SAMBA)) $info[$conf->global->LDAP_FIELD_LOGIN_SAMBA] = $this->login; + if ($this->ldap_sid && ! empty($conf->global->LDAP_FIELD_SID)) $info[$conf->global->LDAP_FIELD_SID] = $this->ldap_sid; if ($this->societe_id > 0) { $soc = new Societe($this->db); @@ -2290,15 +2288,30 @@ class User extends CommonObject if ($soc->client == 2) $info["businessCategory"] = "Prospects"; if ($soc->fournisseur == 1) $info["businessCategory"] = "Suppliers"; } - if ($this->address && ! empty($conf->global->LDAP_FIELD_ADDRESS)) $info[$conf->global->LDAP_FIELD_ADDRESS] = $this->address; - if ($this->zip && ! empty($conf->global->LDAP_FIELD_ZIP)) $info[$conf->global->LDAP_FIELD_ZIP] = $this->zip; - if ($this->town && ! empty($conf->global->LDAP_FIELD_TOWN)) $info[$conf->global->LDAP_FIELD_TOWN] = $this->town; - if ($this->office_phone && ! empty($conf->global->LDAP_FIELD_PHONE)) $info[$conf->global->LDAP_FIELD_PHONE] = $this->office_phone; - if ($this->user_mobile && ! empty($conf->global->LDAP_FIELD_MOBILE)) $info[$conf->global->LDAP_FIELD_MOBILE] = $this->user_mobile; - if ($this->office_fax && ! empty($conf->global->LDAP_FIELD_FAX)) $info[$conf->global->LDAP_FIELD_FAX] = $this->office_fax; - if ($this->note && ! empty($conf->global->LDAP_FIELD_DESCRIPTION)) $info[$conf->global->LDAP_FIELD_DESCRIPTION] = $this->note; - if ($this->email && ! empty($conf->global->LDAP_FIELD_MAIL)) $info[$conf->global->LDAP_FIELD_MAIL] = $this->email; - if ($this->skype && ! empty($conf->global->LDAP_FIELD_SKYPE)) $info[$conf->global->LDAP_FIELD_SKYPE] = $this->skype; + if ($this->address && ! empty($conf->global->LDAP_FIELD_ADDRESS)) $info[$conf->global->LDAP_FIELD_ADDRESS] = $this->address; + if ($this->zip && ! empty($conf->global->LDAP_FIELD_ZIP)) $info[$conf->global->LDAP_FIELD_ZIP] = $this->zip; + if ($this->town && ! empty($conf->global->LDAP_FIELD_TOWN)) $info[$conf->global->LDAP_FIELD_TOWN] = $this->town; + if ($this->office_phone && ! empty($conf->global->LDAP_FIELD_PHONE)) $info[$conf->global->LDAP_FIELD_PHONE] = $this->office_phone; + if ($this->user_mobile && ! empty($conf->global->LDAP_FIELD_MOBILE)) $info[$conf->global->LDAP_FIELD_MOBILE] = $this->user_mobile; + if ($this->office_fax && ! empty($conf->global->LDAP_FIELD_FAX)) $info[$conf->global->LDAP_FIELD_FAX] = $this->office_fax; + if ($this->note && ! empty($conf->global->LDAP_FIELD_DESCRIPTION)) $info[$conf->global->LDAP_FIELD_DESCRIPTION] = $this->note; + if ($this->email && ! empty($conf->global->LDAP_FIELD_MAIL)) $info[$conf->global->LDAP_FIELD_MAIL] = $this->email; + if ($this->skype && ! empty($conf->global->LDAP_FIELD_SKYPE)) $info[$conf->global->LDAP_FIELD_SKYPE] = $this->skype; + + // Password + if ($this->pass && ! empty($conf->global->LDAP_FIELD_PASSWORD)) $info[$conf->global->LDAP_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte + if (! empty($conf->global->DATABASE_PWD_ENCRYPTED)) + { + if ($this->pass_indatabase_crypted && ! empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) { + $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase_crypted, 5); // md5 for OpenLdap TODO add type of encryption + } + } + else + { + if ($this->pass && ! empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) { + $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // md5 for OpenLdap TODO add type of encryption + } + } if ($conf->global->LDAP_SERVER_TYPE == 'egroupware') { From cb9d627f025d17c866ec1d6a34ae604fdb999284 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Sat, 30 Sep 2017 11:51:22 +0200 Subject: [PATCH 09/18] Fix: Set LDAP password when LDAP key changed --- htdocs/adherents/class/adherent.class.php | 14 ++-- htdocs/adherents/ldap.php | 25 ++++--- htdocs/admin/ldap_users.php | 16 ++--- htdocs/user/class/user.class.php | 80 ++++++++++++++++------- htdocs/user/ldap.php | 41 ++++++------ 5 files changed, 101 insertions(+), 75 deletions(-) diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 8d424386e31..008641f7e67 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -1958,6 +1958,7 @@ class Adherent extends CommonObject $info["objectclass"]=explode(',',$conf->global->LDAP_MEMBER_OBJECT_CLASS); $this->fullname=$this->getFullName($langs); + // For avoid ldap error when firstname and lastname are empty if ($this->morphy == 'mor' && empty($this->fullname)) { $this->fullname = $this->societe; @@ -1983,11 +1984,10 @@ class Adherent extends CommonObject // Check if it is the LDAP key and if its value has been changed if (! empty($conf->global->LDAP_KEY_MEMBERS) && $conf->global->LDAP_KEY_MEMBERS == $conf->global->$constname) { - if (! empty($this->oldcopy) && $this->$varname != $this->oldcopy->$varname) $keymodified=true; + if (! empty($this->oldcopy) && $this->$varname != $this->oldcopy->$varname) $keymodified=true; // For check if LDAP key has been modified } } } - if ($this->firstname && ! empty($conf->global->LDAP_MEMBER_FIELD_FIRSTNAME)) $info[$conf->global->LDAP_MEMBER_FIELD_FIRSTNAME] = $this->firstname; if ($this->poste && ! empty($conf->global->LDAP_MEMBER_FIELD_TITLE)) $info[$conf->global->LDAP_MEMBER_FIELD_TITLE] = $this->poste; if ($this->societe && ! empty($conf->global->LDAP_MEMBER_FIELD_COMPANY)) $info[$conf->global->LDAP_MEMBER_FIELD_COMPANY] = $this->societe; @@ -2007,13 +2007,13 @@ class Adherent extends CommonObject if ($this->datefin && ! empty($conf->global->LDAP_FIELD_MEMBER_END_LASTSUBSCRIPTION)) $info[$conf->global->LDAP_FIELD_MEMBER_END_LASTSUBSCRIPTION] = dol_print_date($this->datefin,'dayhourldap'); // When password is modified - if ($this->pass) + if (! empty($this->pass)) { if (! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte - if (! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // md5 for OpenLdap TODO add type of encryption + if (! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // Create OpenLDAP MD5 password (TODO add type of encryption) } - // When LDAP key is modified and password no defined - else if ($keymodified) + // Set LDAP password if possible + else { if (! empty($conf->global->DATABASE_PWD_ENCRYPTED)) { @@ -2021,7 +2021,7 @@ class Adherent extends CommonObject if (empty($conf->global->MAIN_SECURITY_HASH_ALGO)) { if ($this->pass_indatabase_crypted && ! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) { - $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase_crypted, 5); // md5 for OpenLdap TODO add type of encryption + $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase_crypted, 5); // Create OpenLDAP MD5 password from Dolibarr MD5 password } } } diff --git a/htdocs/adherents/ldap.php b/htdocs/adherents/ldap.php index 65aea951d76..795a5b34b9f 100644 --- a/htdocs/adherents/ldap.php +++ b/htdocs/adherents/ldap.php @@ -59,26 +59,23 @@ if (! $result) if ($action == 'dolibarr2ldap') { - $db->begin(); - $ldap=new Ldap(); $result=$ldap->connect_bind(); - $info=$object->_load_ldap_info(); - $dn=$object->_load_ldap_dn($info); - $olddn=$dn; // We can say that old dn = dn as we force synchro - - $result=$ldap->update($dn,$info,$user,$olddn); - - if ($result >= 0) + if ($result > 0) { - setEventMessages($langs->trans("MemberSynchronized"), null, 'mesgs'); - $db->commit(); + $info=$object->_load_ldap_info(); + $dn=$object->_load_ldap_dn($info); + $olddn=$dn; // We can say that old dn = dn as we force synchro + + $result=$ldap->update($dn,$info,$user,$olddn); } - else - { + + if ($result >= 0) { + setEventMessages($langs->trans("MemberSynchronized"), null, 'mesgs'); + } + else { setEventMessages($ldap->errors, $ldap->error, 'errors'); - $db->rollback(); } } diff --git a/htdocs/admin/ldap_users.php b/htdocs/admin/ldap_users.php index a0866c1305a..2d2d045cd43 100644 --- a/htdocs/admin/ldap_users.php +++ b/htdocs/admin/ldap_users.php @@ -184,7 +184,7 @@ print ''; print ''.$langs->trans("LDAPFieldFirstName").''; print ''; print ''.$langs->trans("LDAPFieldFirstNameExample").''; -print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_FIRSTNAME)?' checked':'').">"; +print ' '; print ''; // Login unix @@ -208,7 +208,7 @@ print ''; print ''.$langs->trans("LDAPFieldPasswordNotCrypted").''; print ''; print ''.$langs->trans("LDAPFieldPasswordExample").''; -print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_PASSWORD)?' checked':'').">"; +print ' '; print ''; // Password crypted @@ -216,7 +216,7 @@ print ''; print ''.$langs->trans("LDAPFieldPasswordCrypted").''; print ''; print ''.$langs->trans("LDAPFieldPasswordExample").''; -print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_PASSWORD_CRYPTED)?' checked':'').">"; +print ' '; print ''; // Mail @@ -232,7 +232,7 @@ print ''; print ''.$langs->trans("LDAPFieldPhone").''; print ''; print ''.$langs->trans("LDAPFieldPhoneExample").''; -print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_PHONE)?' checked':'').">"; +print ' '; print ''; // Mobile @@ -240,7 +240,7 @@ print ''; print ''.$langs->trans("LDAPFieldMobile").''; print ''; print ''.$langs->trans("LDAPFieldMobileExample").''; -print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_MOBILE)?' checked':'').">"; +print ' '; print ''; // Skype @@ -256,7 +256,7 @@ print ''; print ''.$langs->trans("LDAPFieldFax").''; print ''; print ''.$langs->trans("LDAPFieldFaxExample").''; -print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_FAX)?' checked':'').">"; +print ' '; print ''; // Title @@ -264,7 +264,7 @@ print ''; print ''.$langs->trans("LDAPFieldTitle").''; print ''; print ''.$langs->trans("LDAPFieldTitleExample").''; -print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_TITLE)?' checked':'').">"; +print ' '; print ''; // Note @@ -272,7 +272,7 @@ print ''; print ''.$langs->trans("Note").''; print ''; print ''.$langs->trans("LDAPFieldDescriptionExample").''; -print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_DESCRIPTION)?' checked':'').">"; +print ' '; print ''; // Sid diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 2defbb7e08b..62ffc2700e2 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -2265,51 +2265,81 @@ class User extends CommonObject global $conf,$langs; $info=array(); + $keymodified=false; // Object classes $info["objectclass"]=explode(',',$conf->global->LDAP_USER_OBJECT_CLASS); $this->fullname=$this->getFullName($langs); + // Possible LDAP KEY (constname => varname) + $ldapkey = array( + 'LDAP_FIELD_FULLNAME' => 'fullname', + 'LDAP_FIELD_NAME' => 'lastname', + 'LDAP_FIELD_LOGIN' => 'login', + 'LDAP_FIELD_LOGIN_SAMBA' => 'login', + 'LDAP_FIELD_MAIL' => 'email', + 'LDAP_FIELD_SID' => 'ldap_sid', + 'LDAP_FIELD_SKYPE' => 'skype' + ); + // Champs - if ($this->fullname && ! empty($conf->global->LDAP_FIELD_FULLNAME)) $info[$conf->global->LDAP_FIELD_FULLNAME] = $this->fullname; - if ($this->lastname && ! empty($conf->global->LDAP_FIELD_NAME)) $info[$conf->global->LDAP_FIELD_NAME] = $this->lastname; + foreach ($ldapkey as $constname => $varname) + { + if (! empty($this->$varname) && ! empty($conf->global->$constname)) + { + $info[$conf->global->$constname] = $this->$varname; + + // Check if it is the LDAP key and if its value has been changed + if (! empty($conf->global->LDAP_KEY_USERS) && $conf->global->LDAP_KEY_USERS == $conf->global->$constname) + { + if (! empty($this->oldcopy) && $this->$varname != $this->oldcopy->$varname) $keymodified=true; // For check if LDAP key has been modified + } + } + } if ($this->firstname && ! empty($conf->global->LDAP_FIELD_FIRSTNAME)) $info[$conf->global->LDAP_FIELD_FIRSTNAME] = $this->firstname; - if ($this->login && ! empty($conf->global->LDAP_FIELD_LOGIN)) $info[$conf->global->LDAP_FIELD_LOGIN] = $this->login; - if ($this->login && ! empty($conf->global->LDAP_FIELD_LOGIN_SAMBA)) $info[$conf->global->LDAP_FIELD_LOGIN_SAMBA] = $this->login; - if ($this->ldap_sid && ! empty($conf->global->LDAP_FIELD_SID)) $info[$conf->global->LDAP_FIELD_SID] = $this->ldap_sid; - if ($this->societe_id > 0) + if ($this->address && ! empty($conf->global->LDAP_FIELD_ADDRESS)) $info[$conf->global->LDAP_FIELD_ADDRESS] = $this->address; + if ($this->zip && ! empty($conf->global->LDAP_FIELD_ZIP)) $info[$conf->global->LDAP_FIELD_ZIP] = $this->zip; + if ($this->town && ! empty($conf->global->LDAP_FIELD_TOWN)) $info[$conf->global->LDAP_FIELD_TOWN] = $this->town; + if ($this->office_phone && ! empty($conf->global->LDAP_FIELD_PHONE)) $info[$conf->global->LDAP_FIELD_PHONE] = $this->office_phone; + if ($this->user_mobile && ! empty($conf->global->LDAP_FIELD_MOBILE)) $info[$conf->global->LDAP_FIELD_MOBILE] = $this->user_mobile; + if ($this->office_fax && ! empty($conf->global->LDAP_FIELD_FAX)) $info[$conf->global->LDAP_FIELD_FAX] = $this->office_fax; + if ($this->note_public && ! empty($conf->global->LDAP_FIELD_DESCRIPTION)) $info[$conf->global->LDAP_FIELD_DESCRIPTION] = $this->note_public; + if ($this->socid > 0) { $soc = new Societe($this->db); - $soc->fetch($this->societe_id); + $soc->fetch($this->socid); - $info["o"] = $soc->lastname; + $info["o"] = $soc->name; if ($soc->client == 1) $info["businessCategory"] = "Customers"; if ($soc->client == 2) $info["businessCategory"] = "Prospects"; if ($soc->fournisseur == 1) $info["businessCategory"] = "Suppliers"; } - if ($this->address && ! empty($conf->global->LDAP_FIELD_ADDRESS)) $info[$conf->global->LDAP_FIELD_ADDRESS] = $this->address; - if ($this->zip && ! empty($conf->global->LDAP_FIELD_ZIP)) $info[$conf->global->LDAP_FIELD_ZIP] = $this->zip; - if ($this->town && ! empty($conf->global->LDAP_FIELD_TOWN)) $info[$conf->global->LDAP_FIELD_TOWN] = $this->town; - if ($this->office_phone && ! empty($conf->global->LDAP_FIELD_PHONE)) $info[$conf->global->LDAP_FIELD_PHONE] = $this->office_phone; - if ($this->user_mobile && ! empty($conf->global->LDAP_FIELD_MOBILE)) $info[$conf->global->LDAP_FIELD_MOBILE] = $this->user_mobile; - if ($this->office_fax && ! empty($conf->global->LDAP_FIELD_FAX)) $info[$conf->global->LDAP_FIELD_FAX] = $this->office_fax; - if ($this->note && ! empty($conf->global->LDAP_FIELD_DESCRIPTION)) $info[$conf->global->LDAP_FIELD_DESCRIPTION] = $this->note; - if ($this->email && ! empty($conf->global->LDAP_FIELD_MAIL)) $info[$conf->global->LDAP_FIELD_MAIL] = $this->email; - if ($this->skype && ! empty($conf->global->LDAP_FIELD_SKYPE)) $info[$conf->global->LDAP_FIELD_SKYPE] = $this->skype; - // Password - if ($this->pass && ! empty($conf->global->LDAP_FIELD_PASSWORD)) $info[$conf->global->LDAP_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte - if (! empty($conf->global->DATABASE_PWD_ENCRYPTED)) + // When password is modified + if (! empty($this->pass)) { - if ($this->pass_indatabase_crypted && ! empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) { - $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase_crypted, 5); // md5 for OpenLdap TODO add type of encryption - } + if (! empty($conf->global->LDAP_FIELD_PASSWORD)) $info[$conf->global->LDAP_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte + if (! empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // Create OpenLDAP MD5 password (TODO add type of encryption) } + // Set LDAP password if possible else { - if ($this->pass && ! empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) { - $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // md5 for OpenLdap TODO add type of encryption + if (! empty($conf->global->DATABASE_PWD_ENCRYPTED)) + { + // Just for the default MD5 ! + if (empty($conf->global->MAIN_SECURITY_HASH_ALGO)) + { + if ($this->pass_indatabase_crypted && ! empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) { + $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase_crypted, 5); // Create OpenLDAP MD5 password from Dolibarr MD5 password + } + } + } + // Use $this->pass_indatabase value if exists + else if (! empty($this->pass_indatabase)) + { + if (! empty($conf->global->LDAP_FIELD_PASSWORD)) $info[$conf->global->LDAP_FIELD_PASSWORD] = $this->pass_indatabase; // $this->pass_indatabase = mot de passe non crypte + if (! empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase, 4); // md5 for OpenLdap TODO add type of encryption } } diff --git a/htdocs/user/ldap.php b/htdocs/user/ldap.php index 001915a8004..4e365582bf6 100644 --- a/htdocs/user/ldap.php +++ b/htdocs/user/ldap.php @@ -57,30 +57,29 @@ $parameters=array('id'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); -if (empty($reshook)) { - if ($_GET["action"] == 'dolibarr2ldap') { - $db->begin(); +if (empty($reshook)) +{ + if ($_GET["action"] == 'dolibarr2ldap') + { + $ldap = new Ldap(); + $result = $ldap->connect_bind(); - $ldap = new Ldap(); - $result = $ldap->connect_bind(); + if ($result > 0) + { + $info = $object->_load_ldap_info(); + $dn = $object->_load_ldap_dn($info); + $olddn = $dn; // We can say that old dn = dn as we force synchro - $info = $object->_load_ldap_info(); - $dn = $object->_load_ldap_dn($info); - $olddn = $dn; // We can say that old dn = dn as we force synchro + $result = $ldap->update($dn, $info, $user, $olddn); + } - $result = $ldap->update($dn, $info, $user, $olddn); - - if ($result >= 0) - { - setEventMessages($langs->trans("UserSynchronized"), null, 'mesgs'); - $db->commit(); - } - else - { - setEventMessages($ldap->error, $ldap->errors, 'errors'); - $db->rollback(); - } - } + if ($result >= 0) { + setEventMessages($langs->trans("UserSynchronized"), null, 'mesgs'); + } + else { + setEventMessages($ldap->error, $ldap->errors, 'errors'); + } + } } /* From c1b6f59c1bf1370258acb82ab92d93c18ccf8796 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Mon, 2 Oct 2017 08:43:53 +0200 Subject: [PATCH 10/18] Fix: restore possible ldap keys --- htdocs/admin/ldap_users.php | 8 ++-- htdocs/core/class/ldap.class.php | 64 +++++++++++++++++--------------- htdocs/user/class/user.class.php | 8 ++-- 3 files changed, 42 insertions(+), 38 deletions(-) diff --git a/htdocs/admin/ldap_users.php b/htdocs/admin/ldap_users.php index 2d2d045cd43..a258ae7cc79 100644 --- a/htdocs/admin/ldap_users.php +++ b/htdocs/admin/ldap_users.php @@ -184,7 +184,7 @@ print ''; print ''.$langs->trans("LDAPFieldFirstName").''; print ''; print ''.$langs->trans("LDAPFieldFirstNameExample").''; -print ' '; +print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_FIRSTNAME)?' checked':'').">"; print ''; // Login unix @@ -232,7 +232,7 @@ print ''; print ''.$langs->trans("LDAPFieldPhone").''; print ''; print ''.$langs->trans("LDAPFieldPhoneExample").''; -print ' '; +print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_PHONE)?' checked':'').">"; print ''; // Mobile @@ -240,7 +240,7 @@ print ''; print ''.$langs->trans("LDAPFieldMobile").''; print ''; print ''.$langs->trans("LDAPFieldMobileExample").''; -print ' '; +print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_MOBILE)?' checked':'').">"; print ''; // Skype @@ -256,7 +256,7 @@ print ''; print ''.$langs->trans("LDAPFieldFax").''; print ''; print ''.$langs->trans("LDAPFieldFaxExample").''; -print ' '; +print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_FAX)?' checked':'').">"; print ''; // Title diff --git a/htdocs/core/class/ldap.class.php b/htdocs/core/class/ldap.class.php index 64e6f9fd5ef..00630321b26 100644 --- a/htdocs/core/class/ldap.class.php +++ b/htdocs/core/class/ldap.class.php @@ -1241,7 +1241,7 @@ class Ldap $this->firstname = $this->convToOutputCharset($result[0][$this->attr_firstname][0],$this->ldapcharset); $this->login = $this->convToOutputCharset($result[0][$this->attr_login][0],$this->ldapcharset); $this->phone = $this->convToOutputCharset($result[0][$this->attr_phone][0],$this->ldapcharset); - $this->skype = $this->convToOutputCharset($result[0][$this->attr_skype][0],$this->ldapcharset); + $this->skype = $this->convToOutputCharset($result[0][$this->attr_skype][0],$this->ldapcharset); $this->fax = $this->convToOutputCharset($result[0][$this->attr_fax][0],$this->ldapcharset); $this->mail = $this->convToOutputCharset($result[0][$this->attr_mail][0],$this->ldapcharset); $this->mobile = $this->convToOutputCharset($result[0][$this->attr_mobile][0],$this->ldapcharset); @@ -1298,27 +1298,29 @@ class Ldap function parseUACF($uacf) { //All flags array - $flags = array( "TRUSTED_TO_AUTH_FOR_DELEGATION" => 16777216, - "PASSWORD_EXPIRED" => 8388608, - "DONT_REQ_PREAUTH" => 4194304, - "USE_DES_KEY_ONLY" => 2097152, - "NOT_DELEGATED" => 1048576, - "TRUSTED_FOR_DELEGATION" => 524288, - "SMARTCARD_REQUIRED" => 262144, - "MNS_LOGON_ACCOUNT" => 131072, - "DONT_EXPIRE_PASSWORD" => 65536, - "SERVER_TRUST_ACCOUNT" => 8192, - "WORKSTATION_TRUST_ACCOUNT" => 4096, - "INTERDOMAIN_TRUST_ACCOUNT" => 2048, - "NORMAL_ACCOUNT" => 512, - "TEMP_DUPLICATE_ACCOUNT" => 256, - "ENCRYPTED_TEXT_PWD_ALLOWED" => 128, - "PASSWD_CANT_CHANGE" => 64, - "PASSWD_NOTREQD" => 32, - "LOCKOUT" => 16, - "HOMEDIR_REQUIRED" => 8, - "ACCOUNTDISABLE" => 2, - "SCRIPT" => 1); + $flags = array( + "TRUSTED_TO_AUTH_FOR_DELEGATION" => 16777216, + "PASSWORD_EXPIRED" => 8388608, + "DONT_REQ_PREAUTH" => 4194304, + "USE_DES_KEY_ONLY" => 2097152, + "NOT_DELEGATED" => 1048576, + "TRUSTED_FOR_DELEGATION" => 524288, + "SMARTCARD_REQUIRED" => 262144, + "MNS_LOGON_ACCOUNT" => 131072, + "DONT_EXPIRE_PASSWORD" => 65536, + "SERVER_TRUST_ACCOUNT" => 8192, + "WORKSTATION_TRUST_ACCOUNT" => 4096, + "INTERDOMAIN_TRUST_ACCOUNT" => 2048, + "NORMAL_ACCOUNT" => 512, + "TEMP_DUPLICATE_ACCOUNT" => 256, + "ENCRYPTED_TEXT_PWD_ALLOWED" => 128, + "PASSWD_CANT_CHANGE" => 64, + "PASSWD_NOTREQD" => 32, + "LOCKOUT" => 16, + "HOMEDIR_REQUIRED" => 8, + "ACCOUNTDISABLE" => 2, + "SCRIPT" => 1 + ); //Parse flags to text $retval = array(); @@ -1341,13 +1343,15 @@ class Ldap */ function parseSAT($samtype) { - $stypes = array( 805306368 => "NORMAL_ACCOUNT", - 805306369 => "WORKSTATION_TRUST", - 805306370 => "INTERDOMAIN_TRUST", - 268435456 => "SECURITY_GLOBAL_GROUP", - 268435457 => "DISTRIBUTION_GROUP", - 536870912 => "SECURITY_LOCAL_GROUP", - 536870913 => "DISTRIBUTION_LOCAL_GROUP"); + $stypes = array( + 805306368 => "NORMAL_ACCOUNT", + 805306369 => "WORKSTATION_TRUST", + 805306370 => "INTERDOMAIN_TRUST", + 268435456 => "SECURITY_GLOBAL_GROUP", + 268435457 => "DISTRIBUTION_GROUP", + 536870912 => "SECURITY_LOCAL_GROUP", + 536870913 => "DISTRIBUTION_LOCAL_GROUP" + ); $retval = ""; while (list($sat, $val) = each($stypes)) { @@ -1422,7 +1426,7 @@ class Ldap $search='('.$conf->global->$keygroup.'=*)'; $result = $this->search($this->groups,$search); - if($result) + if ($result) { $c = $result['count']; $gids = array(); diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 62ffc2700e2..28774edacf7 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -2276,8 +2276,12 @@ class User extends CommonObject $ldapkey = array( 'LDAP_FIELD_FULLNAME' => 'fullname', 'LDAP_FIELD_NAME' => 'lastname', + 'LDAP_FIELD_FIRSTNAME' => 'firstname', 'LDAP_FIELD_LOGIN' => 'login', 'LDAP_FIELD_LOGIN_SAMBA' => 'login', + 'LDAP_FIELD_PHONE' => 'office_phone', + 'LDAP_FIELD_MOBILE' => 'user_mobile', + 'LDAP_FIELD_FAX' => 'office_fax', 'LDAP_FIELD_MAIL' => 'email', 'LDAP_FIELD_SID' => 'ldap_sid', 'LDAP_FIELD_SKYPE' => 'skype' @@ -2297,13 +2301,9 @@ class User extends CommonObject } } } - if ($this->firstname && ! empty($conf->global->LDAP_FIELD_FIRSTNAME)) $info[$conf->global->LDAP_FIELD_FIRSTNAME] = $this->firstname; if ($this->address && ! empty($conf->global->LDAP_FIELD_ADDRESS)) $info[$conf->global->LDAP_FIELD_ADDRESS] = $this->address; if ($this->zip && ! empty($conf->global->LDAP_FIELD_ZIP)) $info[$conf->global->LDAP_FIELD_ZIP] = $this->zip; if ($this->town && ! empty($conf->global->LDAP_FIELD_TOWN)) $info[$conf->global->LDAP_FIELD_TOWN] = $this->town; - if ($this->office_phone && ! empty($conf->global->LDAP_FIELD_PHONE)) $info[$conf->global->LDAP_FIELD_PHONE] = $this->office_phone; - if ($this->user_mobile && ! empty($conf->global->LDAP_FIELD_MOBILE)) $info[$conf->global->LDAP_FIELD_MOBILE] = $this->user_mobile; - if ($this->office_fax && ! empty($conf->global->LDAP_FIELD_FAX)) $info[$conf->global->LDAP_FIELD_FAX] = $this->office_fax; if ($this->note_public && ! empty($conf->global->LDAP_FIELD_DESCRIPTION)) $info[$conf->global->LDAP_FIELD_DESCRIPTION] = $this->note_public; if ($this->socid > 0) { From 475c881e676612a554a587ca16dc5807257b45d4 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Mon, 2 Oct 2017 09:00:07 +0200 Subject: [PATCH 11/18] Fix: add missing ldap fields --- htdocs/admin/ldap_users.php | 45 ++++++++++++++++++++++++++++++++ htdocs/user/class/user.class.php | 2 +- 2 files changed, 46 insertions(+), 1 deletion(-) diff --git a/htdocs/admin/ldap_users.php b/htdocs/admin/ldap_users.php index a258ae7cc79..30ec8d8153c 100644 --- a/htdocs/admin/ldap_users.php +++ b/htdocs/admin/ldap_users.php @@ -65,6 +65,11 @@ if ($action == 'setvalue' && $user->admin) if (! dolibarr_set_const($db, 'LDAP_FIELD_MOBILE',GETPOST("fieldmobile"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_SKYPE',GETPOST("fieldskype"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_FAX',GETPOST("fieldfax"),'chaine',0,'',$conf->entity)) $error++; + if (! dolibarr_set_const($db, 'LDAP_FIELD_COMPANY',GETPOST("fieldcompany"),'chaine',0,'',$conf->entity)) $error++; + if (! dolibarr_set_const($db, 'LDAP_FIELD_ADDRESS',GETPOST("fieldaddress"),'chaine',0,'',$conf->entity)) $error++; + if (! dolibarr_set_const($db, 'LDAP_FIELD_ZIP',GETPOST("fieldzip"),'chaine',0,'',$conf->entity)) $error++; + if (! dolibarr_set_const($db, 'LDAP_FIELD_TOWN',GETPOST("fieldtown"),'chaine',0,'',$conf->entity)) $error++; + if (! dolibarr_set_const($db, 'LDAP_FIELD_COUNTRY',GETPOST("fieldcountry"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_DESCRIPTION',GETPOST("fielddescription"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_SID',GETPOST("fieldsid"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_TITLE',GETPOST("fieldtitle"),'chaine',0,'',$conf->entity)) $error++; @@ -259,6 +264,46 @@ print ''.$langs->trans("LDAPFieldFaxExample").''; print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_FAX)?' checked':'').">"; print ''; +// Company + +print ''.$langs->trans("LDAPFieldCompany").''; +print ''; +print ''.$langs->trans("LDAPFieldCompanyExample").''; +print ' '; +print ''; + +// Address + +print ''.$langs->trans("LDAPFieldAddress").''; +print ''; +print ''.$langs->trans("LDAPFieldAddressExample").''; +print ' '; +print ''; + +// ZIP + +print ''.$langs->trans("LDAPFieldZip").''; +print ''; +print ''.$langs->trans("LDAPFieldZipExample").''; +print ' '; +print ''; + +// TOWN + +print ''.$langs->trans("LDAPFieldTown").''; +print ''; +print ''.$langs->trans("LDAPFieldTownExample").''; +print ' '; +print ''; + +// COUNTRY + +print ''.$langs->trans("LDAPFieldCountry").''; +print ''; +print ' '; +print ' '; +print ''; + // Title print ''.$langs->trans("LDAPFieldTitle").''; diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 28774edacf7..7973fb00290 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -2310,7 +2310,7 @@ class User extends CommonObject $soc = new Societe($this->db); $soc->fetch($this->socid); - $info["o"] = $soc->name; + $info[$conf->global->LDAP_FIELD_COMPANY] = $soc->name; if ($soc->client == 1) $info["businessCategory"] = "Customers"; if ($soc->client == 2) $info["businessCategory"] = "Prospects"; if ($soc->fournisseur == 1) $info["businessCategory"] = "Suppliers"; From feea6246c2b31194584149c485637f8ec8a6d2fb Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 4 Oct 2017 09:13:41 +0200 Subject: [PATCH 12/18] NEW add possibility to hide LDAP tab for non admin --- htdocs/core/lib/contact.lib.php | 7 ++++--- htdocs/core/lib/member.lib.php | 13 ++++++++----- htdocs/core/lib/usergroups.lib.php | 22 ++++++++++++---------- htdocs/user/card.php | 9 ++++----- htdocs/user/group/card.php | 1 - htdocs/user/index.php | 3 --- 6 files changed, 28 insertions(+), 27 deletions(-) diff --git a/htdocs/core/lib/contact.lib.php b/htdocs/core/lib/contact.lib.php index f951439f0c5..f1d721b62e6 100644 --- a/htdocs/core/lib/contact.lib.php +++ b/htdocs/core/lib/contact.lib.php @@ -1,6 +1,6 @@ - * Copyright (C) 2010-2012 Regis Houssin + * Copyright (C) 2010-2017 Regis Houssin * Copyright (C) 2015 Frederic France * Copyright (C) 2015 Raphaël Doursenaud * @@ -42,7 +42,8 @@ function contact_prepare_head(Contact $object) $head[$tab][2] = 'card'; $tab++; - if (! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_CONTACT_ACTIVE)) + if ((! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_CONTACT_ACTIVE)) + && (empty($conf->global->MAIN_DISABLE_LDAP_TAB) || ! empty($user->admin))) { $langs->load("ldap"); @@ -94,7 +95,7 @@ function contact_prepare_head(Contact $object) } $head[$tab][2] = 'agenda'; $tab++; - + // Log /* $head[$tab][0] = DOL_URL_ROOT.'/contact/info.php?id='.$object->id; diff --git a/htdocs/core/lib/member.lib.php b/htdocs/core/lib/member.lib.php index 7e5e5e0c604..4da1ed91fae 100644 --- a/htdocs/core/lib/member.lib.php +++ b/htdocs/core/lib/member.lib.php @@ -1,7 +1,8 @@ - * Copyright (C) 2015-2016 Alexandre Spangaro - * Copyright (C) 2015 Raphaël Doursenaud +/* Copyright (C) 2006-2015 Laurent Destailleur + * Copyright (C) 2015-2016 Alexandre Spangaro + * Copyright (C) 2015 Raphaël Doursenaud + * Copyright (C) 2017 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -41,7 +42,8 @@ function member_prepare_head(Adherent $object) $head[$h][2] = 'general'; $h++; - if (! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_MEMBER_ACTIVE)) + if ((! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_MEMBER_ACTIVE)) + && (empty($conf->global->MAIN_DISABLE_LDAP_TAB) || ! empty($user->admin))) { $langs->load("ldap"); @@ -124,7 +126,8 @@ function member_type_prepare_head(AdherentType $object) $head[$h][2] = 'card'; $h++; - if (! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE)) + if ((! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE)) + && (empty($conf->global->MAIN_DISABLE_LDAP_TAB) || ! empty($user->admin))) { $langs->load("ldap"); diff --git a/htdocs/core/lib/usergroups.lib.php b/htdocs/core/lib/usergroups.lib.php index f39e6ecd628..04bfa5666e2 100644 --- a/htdocs/core/lib/usergroups.lib.php +++ b/htdocs/core/lib/usergroups.lib.php @@ -50,13 +50,14 @@ function user_prepare_head($object) $head[$h][2] = 'user'; $h++; - if (! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_SYNCHRO_ACTIVE)) + if ((! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_SYNCHRO_ACTIVE)) + && (empty($conf->global->MAIN_DISABLE_LDAP_TAB) || ! empty($user->admin))) { $langs->load("ldap"); - $head[$h][0] = DOL_URL_ROOT.'/user/ldap.php?id='.$object->id; - $head[$h][1] = $langs->trans("LDAPCard"); - $head[$h][2] = 'ldap'; - $h++; + $head[$h][0] = DOL_URL_ROOT.'/user/ldap.php?id='.$object->id; + $head[$h][1] = $langs->trans("LDAPCard"); + $head[$h][2] = 'ldap'; + $h++; } $head[$h][0] = DOL_URL_ROOT.'/user/param_ihm.php?id='.$object->id; @@ -210,13 +211,14 @@ function group_prepare_head($object) $head[$h][2] = 'group'; $h++; - if (! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_SYNCHRO_ACTIVE)) + if ((! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_SYNCHRO_ACTIVE)) + && (empty($conf->global->MAIN_DISABLE_LDAP_TAB) || ! empty($user->admin))) { $langs->load("ldap"); - $head[$h][0] = DOL_URL_ROOT.'/user/group/ldap.php?id='.$object->id; - $head[$h][1] = $langs->trans("LDAPCard"); - $head[$h][2] = 'ldap'; - $h++; + $head[$h][0] = DOL_URL_ROOT.'/user/group/ldap.php?id='.$object->id; + $head[$h][1] = $langs->trans("LDAPCard"); + $head[$h][2] = 'ldap'; + $h++; } if ($canreadperms) diff --git a/htdocs/user/card.php b/htdocs/user/card.php index 40fa4db7a37..958ea2184ad 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -45,17 +45,16 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; if (! empty($conf->ldap->enabled)) require_once DOL_DOCUMENT_ROOT.'/core/class/ldap.class.php'; if (! empty($conf->adherent->enabled)) require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; -if (! empty($conf->multicompany->enabled)) dol_include_once('/multicompany/class/actions_multicompany.class.php'); if (! empty($conf->categorie->enabled)) require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; if (!empty($conf->global->MAIN_USE_EXPENSE_IK)) require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport_ik.class.php'; $id = GETPOST('id','int'); $action = GETPOST('action','alpha'); $mode = GETPOST('mode','alpha'); -$confirm = GETPOST('confirm','alpha'); +$confirm = GETPOST('confirm','alpha'); $subaction = GETPOST('subaction','alpha'); $group = GETPOST("group","int",3); -$cancel = GETPOST('cancel','alpha'); +$cancel = GETPOST('cancel','alpha'); // Users/Groups management only in master entity if transverse mode if (($action == 'create' || $action == 'adduserldap') && ! empty($conf->multicompany->enabled) && $conf->entity > 1 && $conf->global->MULTICOMPANY_TRANSVERSE_MODE) @@ -289,10 +288,10 @@ if (empty($reshook)) { $object->fetch($id); if ($action == 'addgroup') { - $object->SetInGroup($group, (! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE) ? GETPOST('entity', 'int') : $editgroup->entity)); + $result = $object->SetInGroup($group, (! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE) ? GETPOST('entity', 'int') : $editgroup->entity)); } if ($action == 'removegroup') { - $object->RemoveFromGroup($group, (! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE) ? GETPOST('entity', 'int') : $editgroup->entity)); + $result = $object->RemoveFromGroup($group, (! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE) ? GETPOST('entity', 'int') : $editgroup->entity)); } if ($result > 0) { diff --git a/htdocs/user/group/card.php b/htdocs/user/group/card.php index 678bd9f0ec2..a54c29ca8d7 100644 --- a/htdocs/user/group/card.php +++ b/htdocs/user/group/card.php @@ -29,7 +29,6 @@ require_once DOL_DOCUMENT_ROOT.'/user/class/usergroup.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/usergroups.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; -if(! empty($conf->multicompany->enabled)) dol_include_once('/multicompany/class/actions_multicompany.class.php'); // Defini si peux lire/modifier utilisateurs et permisssions $canreadperms=($user->admin || $user->rights->user->user->lire); diff --git a/htdocs/user/index.php b/htdocs/user/index.php index 47b8bb4879e..91fe86517c6 100644 --- a/htdocs/user/index.php +++ b/htdocs/user/index.php @@ -26,9 +26,6 @@ */ require '../main.inc.php'; -if (! empty($conf->multicompany->enabled)) - dol_include_once('/multicompany/class/actions_multicompany.class.php', 'ActionsMulticompany'); - if (! $user->rights->user->user->lire && ! $user->admin) accessforbidden(); From 59bf61f9b31e4fe4ae6257a6693cae3e0f5554ce Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 4 Oct 2017 09:22:18 +0200 Subject: [PATCH 13/18] NEW add possibility to disabled the LDAP trigger --- .../core/triggers/interface_50_modLdap_Ldapsynchro.class.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php b/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php index a906ec821ed..3443c1a61b4 100644 --- a/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php +++ b/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php @@ -51,7 +51,8 @@ class InterfaceLdapsynchro extends DolibarrTriggers */ public function runTrigger($action, $object, User $user, Translate $langs, Conf $conf) { - if (empty($conf->ldap->enabled)) return 0; // Module not active, we do nothing + if (empty($conf->ldap->enabled)) return 0; // Module not active, we do nothing + if (defined('DISABLE_LDAP_SYNCHRO')) return 0; // If constant defined, we do nothing if (! function_exists('ldap_connect')) { From 723bc4d4361e7217f00bc3358bf6beb61b9d9ba0 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 4 Oct 2017 11:22:41 +0200 Subject: [PATCH 14/18] NEW add ldap_rename for avoid password if ldap key changed --- htdocs/adherents/class/adherent.class.php | 2 +- htdocs/core/class/ldap.class.php | 86 ++++++++++++++++--- ...interface_50_modLdap_Ldapsynchro.class.php | 8 +- htdocs/user/class/user.class.php | 6 +- 4 files changed, 83 insertions(+), 19 deletions(-) diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index ab771df9429..d90b34d884b 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -2023,7 +2023,7 @@ class Adherent extends CommonObject if (! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // Create OpenLDAP MD5 password (TODO add type of encryption) } // Set LDAP password if possible - else + else if ($conf->global->LDAP_SERVER_PROTOCOLVERSION !== '3') // If ldap key is modified and LDAPv3 we use ldap_rename function for avoid lose encrypt password { if (! empty($conf->global->DATABASE_PWD_ENCRYPTED)) { diff --git a/htdocs/core/class/ldap.class.php b/htdocs/core/class/ldap.class.php index 00630321b26..396bcb5941a 100644 --- a/htdocs/core/class/ldap.class.php +++ b/htdocs/core/class/ldap.class.php @@ -402,10 +402,10 @@ class Ldap * Add a LDAP entry * Ldap object connect and bind must have been done * - * @param string $dn DN entry key - * @param array $info Attributes array + * @param string $dn DN entry key + * @param array $info Attributes array * @param User $user Objet user that create - * @return int <0 if KO, >0 if OK + * @return int <0 if KO, >0 if OK */ function add($dn, $info, $user) { @@ -458,7 +458,7 @@ class Ldap * * @param string $dn DN entry key * @param array $info Attributes array - * @param string $user Objet user that modify + * @param User $user Objet user that modify * @return int <0 if KO, >0 if OK */ function modify($dn, $info, $user) @@ -504,17 +504,69 @@ class Ldap } } + /** + * Rename a LDAP entry + * Ldap object connect and bind must have been done + * + * @param string $dn Old DN entry key (uid=qqq,ou=xxx,dc=aaa,dc=bbb) (before update) + * @param string $newrdn New RDN entry key (uid=qqq) + * @param string $newparent New parent (ou=xxx,dc=aaa,dc=bbb) + * @param bool $deleteoldrdn If TRUE the old RDN value(s) is removed, else the old RDN value(s) is retained as non-distinguished values of the entry. + * @param User $user Objet user that modify + * @return int <0 if KO, >0 if OK + */ + function rename($dn, $newrdn, $newparent, $deleteoldrdn = true, $user) + { + global $conf; + + dol_syslog(get_class($this)."::modify dn=".$dn." newrdn=".$newrdn." newparent=".$newparent." deleteoldrdn=".($deleteoldrdn?1:0)); + + // Check parameters + if (! $this->connection) + { + $this->error="NotConnected"; + return -2; + } + if (! $this->bind) + { + $this->error="NotConnected"; + return -3; + } + + // Encode to LDAP page code + $dn=$this->convFromOutputCharset($dn,$this->ldapcharset); + $newrdn=$this->convFromOutputCharset($newrdn,$this->ldapcharset); + $newparent=$this->convFromOutputCharset($newparent,$this->ldapcharset); + + //print_r($info); + $result=@ldap_rename($this->connection, $dn, $newrdn, $newparent, $deleteoldrdn); + + if ($result) + { + dol_syslog(get_class($this)."::rename successfull", LOG_DEBUG); + return 1; + } + else + { + $this->error=@ldap_error($this->connection); + dol_syslog(get_class($this)."::rename failed: ".$this->error, LOG_ERR); + return -1; + } + } + /** * Modify a LDAP entry (to use if dn != olddn) * Ldap object connect and bind must have been done * - * @param string $dn DN entry key - * @param array $info Attributes array - * @param User $user Objet user that update - * @param string $olddn Old DN entry key (before update) - * @return int <0 if KO, >0 if OK + * @param string $dn DN entry key + * @param array $info Attributes array + * @param User $user Objet user that update + * @param string $olddn Old DN entry key (before update) + * @param string $newrdn New RDN entry key (uid=qqq) (for ldap_rename) + * @param string $newparent New parent (ou=xxx,dc=aaa,dc=bbb) (for ldap_rename) + * @return int <0 if KO, >0 if OK */ - function update($dn,$info,$user,$olddn) + function update($dn, $info, $user, $olddn, $newrdn=false, $newparent=false) { global $conf; @@ -534,9 +586,17 @@ class Ldap if (! $olddn || $olddn != $dn) { - // If change we make is rename the key of LDAP record, we create new one and if ok, we delete old one. - $result = $this->add($dn, $info, $user); - if ($result > 0 && $olddn && $olddn != $dn) $result = $this->delete($olddn); // If add fails, we do not try to delete old one + if (! empty($olddn) && ! empty($newrdn) && ! empty($newparent) && $conf->global->LDAP_SERVER_PROTOCOLVERSION === '3') + { + // This function currently only works with LDAPv3 + $result = $this->rename($olddn, $newrdn, $newparent, true, $user); + } + else + { + // If change we make is rename the key of LDAP record, we create new one and if ok, we delete old one. + $result = $this->add($dn, $info, $user); + if ($result > 0 && $olddn && $olddn != $dn) $result = $this->delete($olddn); // If add fails, we do not try to delete old one + } } else { diff --git a/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php b/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php index 3443c1a61b4..1e9c2c2ec31 100644 --- a/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php +++ b/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php @@ -112,8 +112,10 @@ class InterfaceLdapsynchro extends DolibarrTriggers $info=$object->_load_ldap_info(); $dn=$object->_load_ldap_dn($info); + $newrdn=$object->_load_ldap_dn($info,2); + $newparent=$object->_load_ldap_dn($info,1); - $result=$ldap->update($dn,$info,$user,$olddn); + $result=$ldap->update($dn,$info,$user,$olddn,$newrdn,$newparent); } if ($result < 0) $this->error="ErrorLDAP ".$ldap->error; @@ -545,8 +547,10 @@ class InterfaceLdapsynchro extends DolibarrTriggers $info=$object->_load_ldap_info(); $dn=$object->_load_ldap_dn($info); + $newrdn=$object->_load_ldap_dn($info,2); + $newparent=$object->_load_ldap_dn($info,1); - $result=$ldap->update($dn,$info,$user,$olddn); + $result=$ldap->update($dn,$info,$user,$olddn,$newrdn,$newparent); // For member type if (! empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE) && (string) $conf->global->LDAP_MEMBER_TYPE_ACTIVE == '1') diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 785a82f5444..86bf790eb0a 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -2262,8 +2262,8 @@ class User extends CommonObject * * @param array $info Info array loaded by _load_ldap_info * @param int $mode 0=Return full DN (uid=qqq,ou=xxx,dc=aaa,dc=bbb) - * 1= - * 2=Return key only (uid=qqq) + * 1=Return parent (ou=xxx,dc=aaa,dc=bbb) + * 2=Return key only (RDN) (uid=qqq) * @return string DN */ function _load_ldap_dn($info,$mode=0) @@ -2344,7 +2344,7 @@ class User extends CommonObject if (! empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // Create OpenLDAP MD5 password (TODO add type of encryption) } // Set LDAP password if possible - else + else if ($conf->global->LDAP_SERVER_PROTOCOLVERSION !== '3') // If ldap key is modified and LDAPv3 we use ldap_rename function for avoid lose encrypt password { if (! empty($conf->global->DATABASE_PWD_ENCRYPTED)) { From a124f47dcd8816695fe570b169ff86df9c6844ab Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 4 Oct 2017 12:07:17 +0200 Subject: [PATCH 15/18] Fix: PHPCS --- htdocs/categories/class/categorie.class.php | 2 +- htdocs/core/class/comment.class.php | 18 +++++++++++------- htdocs/core/class/ldap.class.php | 6 +++--- 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index 6027f76ec58..6242691d1f1 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -882,7 +882,7 @@ class Categorie extends CommonObject /** * List categories of an element id * - * @param int $item Id of element + * @param int $id Id of element * @param string $type Type of category ('member', 'customer', 'supplier', 'product', 'contact') * @param string $sortfield Sort field * @param string $sortorder Sort order diff --git a/htdocs/core/class/comment.class.php b/htdocs/core/class/comment.class.php index 0ec77405721..bc87b282d56 100644 --- a/htdocs/core/class/comment.class.php +++ b/htdocs/core/class/comment.class.php @@ -1,4 +1,6 @@ -db = $db; } - + /** * Create into database @@ -280,12 +282,14 @@ class Comment extends CommonObject return 1; } } - - + + /** * Load comments linked with current task * - * @return array Comment array + * @param alpha $element_type Type of Element + * @param int $fk_element Id of Element + * @return array Comment array */ public static function fetchAllFor($element_type, $fk_element) { @@ -299,7 +303,7 @@ class Comment extends CommonObject $sql.= " AND c.element_type = '".$element_type."'"; $sql.= " AND c.entity = ".$conf->entity; $sql.= " ORDER BY c.tms DESC"; - + dol_syslog("Comment::fetchAllFor", LOG_DEBUG); $resql=$db->query($sql); if ($resql) diff --git a/htdocs/core/class/ldap.class.php b/htdocs/core/class/ldap.class.php index 396bcb5941a..930a9f10997 100644 --- a/htdocs/core/class/ldap.class.php +++ b/htdocs/core/class/ldap.class.php @@ -511,11 +511,11 @@ class Ldap * @param string $dn Old DN entry key (uid=qqq,ou=xxx,dc=aaa,dc=bbb) (before update) * @param string $newrdn New RDN entry key (uid=qqq) * @param string $newparent New parent (ou=xxx,dc=aaa,dc=bbb) - * @param bool $deleteoldrdn If TRUE the old RDN value(s) is removed, else the old RDN value(s) is retained as non-distinguished values of the entry. * @param User $user Objet user that modify + * @param bool $deleteoldrdn If TRUE the old RDN value(s) is removed, else the old RDN value(s) is retained as non-distinguished values of the entry. * @return int <0 if KO, >0 if OK */ - function rename($dn, $newrdn, $newparent, $deleteoldrdn = true, $user) + function rename($dn, $newrdn, $newparent, $user, $deleteoldrdn = true) { global $conf; @@ -589,7 +589,7 @@ class Ldap if (! empty($olddn) && ! empty($newrdn) && ! empty($newparent) && $conf->global->LDAP_SERVER_PROTOCOLVERSION === '3') { // This function currently only works with LDAPv3 - $result = $this->rename($olddn, $newrdn, $newparent, true, $user); + $result = $this->rename($olddn, $newrdn, $newparent, $user, true); } else { From fd2188a8c719ebf3a5d41dc6d290d0b38b9f76b5 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 4 Oct 2017 12:25:08 +0200 Subject: [PATCH 16/18] Fix: remove back quote --- htdocs/install/mysql/migration/6.0.0-7.0.0.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/install/mysql/migration/6.0.0-7.0.0.sql b/htdocs/install/mysql/migration/6.0.0-7.0.0.sql index fb9e5f8749f..d45b449e94b 100644 --- a/htdocs/install/mysql/migration/6.0.0-7.0.0.sql +++ b/htdocs/install/mysql/migration/6.0.0-7.0.0.sql @@ -302,7 +302,7 @@ insert into llx_c_action_trigger (code,label,description,elementtype,rang) value insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('PROPOSAL_SUPPLIER_CLOSE_SIGNED','Price request closed signed','Executed when a customer proposal is closed signed','proposal_supplier',10); insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('PROPOSAL_SUPPLIER_CLOSE_REFUSED','Price request closed refused','Executed when a customer proposal is closed refused','proposal_supplier',10); -DROP TABLE `llx_projet_task_comment`; +-- DROP TABLE llx_projet_task_comment; CREATE TABLE IF NOT EXISTS llx_comment ( rowid integer AUTO_INCREMENT PRIMARY KEY, datec datetime DEFAULT NULL, From a259057dd3e626c76a1b49d19a4ef172e9697eb5 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 4 Oct 2017 12:42:41 +0200 Subject: [PATCH 17/18] Fix: Found non escaped string --- htdocs/core/class/comment.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/class/comment.class.php b/htdocs/core/class/comment.class.php index bc87b282d56..559b1fa92e3 100644 --- a/htdocs/core/class/comment.class.php +++ b/htdocs/core/class/comment.class.php @@ -192,7 +192,7 @@ class Comment extends CommonObject $sql.= " description=".(isset($this->description)?"'".$this->db->escape($this->description)."'":"null").","; $sql.= " datec=".($this->datec!=''?"'".$this->db->idate($this->datec)."'":'null').","; $sql.= " fk_element=".(isset($this->fk_element)?$this->fk_element:"null").","; - $sql.= " element_type='".$this->element_type."',"; + $sql.= " element_type='".$this->db->escape($this->element_type)."',"; $sql.= " fk_user_author=".(isset($this->fk_user_author)?$this->fk_user_author:"null").","; $sql.= " entity=".(!empty($this->entity)?$this->entity:'1').","; $sql.= " import_key=".(!empty($this->import_key)?"'".$this->db->escape($this->import_key)."'":"null"); @@ -300,7 +300,7 @@ class Comment extends CommonObject $sql.= " c.rowid"; $sql.= " FROM ".MAIN_DB_PREFIX."comment as c"; $sql.= " WHERE c.fk_element = ".$fk_element; - $sql.= " AND c.element_type = '".$element_type."'"; + $sql.= " AND c.element_type = '".$this->db->escape($element_type)."'"; $sql.= " AND c.entity = ".$conf->entity; $sql.= " ORDER BY c.tms DESC"; From 537fc63da5ec9cb9510676791ed15cd16a6596d3 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 4 Oct 2017 13:18:48 +0200 Subject: [PATCH 18/18] Fix: add by error --- htdocs/core/class/comment.class.php | 1 - 1 file changed, 1 deletion(-) diff --git a/htdocs/core/class/comment.class.php b/htdocs/core/class/comment.class.php index 559b1fa92e3..12477c2f729 100644 --- a/htdocs/core/class/comment.class.php +++ b/htdocs/core/class/comment.class.php @@ -1,5 +1,4 @@