Merge pull request #15731 from hregis/fix_add_passwordforgotten_hook

NEW add doAction hook in passwordforgotten page
2020-12-12 19:51:38 +01:00 · 2020-12-12 19:51:38 +01:00 · 681dc88188
commit 681dc88188
parent 3521a736fc 4d0ce326c4
1 changed files with 89 additions and 81 deletions
--- a/htdocs/user/passwordforgotten.php
+++ b/htdocs/user/passwordforgotten.php
@ -64,91 +64,99 @@ if (GETPOST('dol_use_jmobile', 'alpha') || !empty($_SESSION['dol_use_jmobile']))
 * Actions
 */

-// Validate new password
-if ($action == 'validatenewpassword' && $username && $passwordhash)
-{
-	$edituser = new User($db);
-	$result = $edituser->fetch('', $_GET["username"]);
-	if ($result < 0)
-	{
-		$message = '<div class="error">'.dol_escape_htmltag($langs->trans("ErrorLoginDoesNotExists", $username)).'</div>';
-	} else {
-		if (dol_verifyHash($edituser->pass_temp, $passwordhash))
-		{
-			// Clear session
-			unset($_SESSION['dol_login']);
-			$_SESSION['dol_loginmesg'] = $langs->trans('NewPasswordValidated'); // Save message for the session page
-
-			$newpassword = $edituser->setPassword($user, $edituser->pass_temp, 0);
-			dol_syslog("passwordforgotten.php new password for user->id=".$edituser->id." validated in database");
-			header("Location: ".DOL_URL_ROOT.'/');
-			exit;
-		} else {
-			$langs->load("errors");
-			$message = '<div class="error">'.$langs->trans("ErrorFailedToValidatePasswordReset").'</div>';
-		}
-	}
+$parameters = array('username' => $username);
+$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
+if ($reshook < 0) {
+    $message = $hookmanager->error;
 }
-// Action modif mot de passe
-if ($action == 'buildnewpassword' && $username)
-{
-	$sessionkey = 'dol_antispam_value';
-	$ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) == strtolower($_POST['code'])));

-	// Verify code
-	if (!$ok)
-	{
-		$message = '<div class="error">'.$langs->trans("ErrorBadValueForCode").'</div>';
-	} else {
-		$isanemail = preg_match('/@/', $username);
+if (empty($reshook)) {
+    // Validate new password
+    if ($action == 'validatenewpassword' && $username && $passwordhash)
+    {
+        $edituser = new User($db);
+        $result = $edituser->fetch('', $_GET["username"]);
+        if ($result < 0)
+        {
+            $message = '<div class="error">'.dol_escape_htmltag($langs->trans("ErrorLoginDoesNotExists", $username)).'</div>';
+        } else {
+            if (dol_verifyHash($edituser->pass_temp, $passwordhash))
+            {
+                // Clear session
+                unset($_SESSION['dol_login']);
+                $_SESSION['dol_loginmesg'] = $langs->trans('NewPasswordValidated'); // Save message for the session page

-		$edituser = new User($db);
-		$result = $edituser->fetch('', $username, '', 1);
-		if ($result == 0 && $isanemail)
-		{
-			$result = $edituser->fetch('', '', '', 1, -1, $username);
-		}
+                $newpassword = $edituser->setPassword($user, $edituser->pass_temp, 0);
+                dol_syslog("passwordforgotten.php new password for user->id=".$edituser->id." validated in database");
+                header("Location: ".DOL_URL_ROOT.'/');
+                exit;
+            } else {
+                $langs->load("errors");
+                $message = '<div class="error">'.$langs->trans("ErrorFailedToValidatePasswordReset").'</div>';
+            }
+        }
+    }
+    // Action modif mot de passe
+    if ($action == 'buildnewpassword' && $username)
+    {
+        $sessionkey = 'dol_antispam_value';
+        $ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) == strtolower($_POST['code'])));

-		if ($result <= 0 && $edituser->error == 'USERNOTFOUND')
-		{
-			$message = '<div class="warning paddingtopbottom'.(empty($conf->global->MAIN_LOGIN_BACKGROUND) ? '' : ' backgroundsemitransparent').'">';
-			if (!$isanemail) {
-				$message .= $langs->trans("IfLoginExistPasswordRequestSent");
-			} else {
-				$message .= $langs->trans("IfEmailExistPasswordRequestSent");
-			}
-			$message .= '</div>';
-			$username = '';
-		} else {
-			if (!$edituser->email)
-			{
-				$message = '<div class="error">'.$langs->trans("ErrorLoginHasNoEmail").'</div>';
-			} else {
-				$newpassword = $edituser->setPassword($user, '', 1);
-				if ($newpassword < 0)
-				{
-					// Failed
-					$message = '<div class="error">'.$langs->trans("ErrorFailedToChangePassword").'</div>';
-				} else {
-					// Success
-					if ($edituser->send_password($user, $newpassword, 1) > 0)
-					{
-						$message = '<div class="warning paddingtopbottom'.(empty($conf->global->MAIN_LOGIN_BACKGROUND) ? '' : ' backgroundsemitransparent').'">';
-						if (!$isanemail) {
-							$message .= $langs->trans("IfLoginExistPasswordRequestSent");
-						} else {
-							$message .= $langs->trans("IfEmailExistPasswordRequestSent");
-						}
-						//$message .= $langs->trans("PasswordChangeRequestSent", $edituser->login, dolObfuscateEmail($edituser->email));
-						$message .= '</div>';
-						$username = '';
-					} else {
-						$message .= '<div class="error">'.$edituser->error.'</div>';
-					}
-				}
-			}
-		}
-	}
+        // Verify code
+        if (!$ok)
+        {
+            $message = '<div class="error">'.$langs->trans("ErrorBadValueForCode").'</div>';
+        } else {
+            $isanemail = preg_match('/@/', $username);
+
+            $edituser = new User($db);
+            $result = $edituser->fetch('', $username, '', 1);
+            if ($result == 0 && $isanemail)
+            {
+                $result = $edituser->fetch('', '', '', 1, -1, $username);
+            }
+
+            if ($result <= 0 && $edituser->error == 'USERNOTFOUND')
+            {
+                $message = '<div class="warning paddingtopbottom'.(empty($conf->global->MAIN_LOGIN_BACKGROUND) ? '' : ' backgroundsemitransparent').'">';
+                if (!$isanemail) {
+                    $message .= $langs->trans("IfLoginExistPasswordRequestSent");
+                } else {
+                    $message .= $langs->trans("IfEmailExistPasswordRequestSent");
+                }
+                $message .= '</div>';
+                $username = '';
+            } else {
+                if (!$edituser->email)
+                {
+                    $message = '<div class="error">'.$langs->trans("ErrorLoginHasNoEmail").'</div>';
+                } else {
+                    $newpassword = $edituser->setPassword($user, '', 1);
+                    if ($newpassword < 0)
+                    {
+                        // Failed
+                        $message = '<div class="error">'.$langs->trans("ErrorFailedToChangePassword").'</div>';
+                    } else {
+                        // Success
+                        if ($edituser->send_password($user, $newpassword, 1) > 0)
+                        {
+                            $message = '<div class="warning paddingtopbottom'.(empty($conf->global->MAIN_LOGIN_BACKGROUND) ? '' : ' backgroundsemitransparent').'">';
+                            if (!$isanemail) {
+                                $message .= $langs->trans("IfLoginExistPasswordRequestSent");
+                            } else {
+                                $message .= $langs->trans("IfEmailExistPasswordRequestSent");
+                            }
+                            //$message .= $langs->trans("PasswordChangeRequestSent", $edituser->login, dolObfuscateEmail($edituser->email));
+                            $message .= '</div>';
+                            $username = '';
+                        } else {
+                            $message .= '<div class="error">'.$edituser->error.'</div>';
+                        }
+                    }
+                }
+            }
+        }
+    }
 }