From 67ab70f37dd8c30349348a3d3d345a87ff26f611 Mon Sep 17 00:00:00 2001
From: Harry Winner KF <kamdemharry@gmail.com>
Date: Wed, 12 Jan 2022 15:05:11 -0500
Subject: [PATCH] FIX Solving non-blocking bug in user login

When using the function check_user_password_dolibarr to authenticate a user, a call is made to the function dol_verifyHash which requires a pre-calculated hash. This hash is not available with programmatically-created never-used accounts. Hence, in suce cases we have the following warning:
Notice: Trying to access array offset on value of type null in .../htdocs/core/lib/security.lib.php on line 156

This fix solves that bug by avoiding that unnecessary call
---
 htdocs/core/login/functions_dolibarr.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/htdocs/core/login/functions_dolibarr.php b/htdocs/core/login/functions_dolibarr.php
index f102cd2f358..292ce1b44f5 100644
--- a/htdocs/core/login/functions_dolibarr.php
+++ b/htdocs/core/login/functions_dolibarr.php
@@ -2,6 +2,7 @@
 /* Copyright (C) 2007-2015 Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2007-2015 Regis Houssin        <regis.houssin@inodbox.com>
  * Copyright (C) 2010-2011 Juanjo Menent		<jmenent@2byte.es>
+ * Copyright (C) 2022      Harry Winner Kamdem  <harry@sense.africa>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -104,7 +105,7 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes
 				}
 				// Check crypted password according to crypt algorithm
 				if ($cryptType == 'auto') {
-					if (dol_verifyHash($passtyped, $passcrypted, '0')) {
+					if ($passcrypted && dol_verifyHash($passtyped, $passcrypted, '0')) {
 						$passok = true;
 						dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - hash ".$cryptType." of pass is ok");
 					}