From 4d0ce326c4217f808ee184e89ed2df9dd512a8ef Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Fri, 11 Dec 2020 13:31:50 +0100 Subject: [PATCH] NEW add doAction hook in passwordforgotten page --- htdocs/user/passwordforgotten.php | 170 ++++++++++++++++-------------- 1 file changed, 89 insertions(+), 81 deletions(-) diff --git a/htdocs/user/passwordforgotten.php b/htdocs/user/passwordforgotten.php index b29bb0e6d70..15df6371891 100644 --- a/htdocs/user/passwordforgotten.php +++ b/htdocs/user/passwordforgotten.php @@ -64,91 +64,99 @@ if (GETPOST('dol_use_jmobile', 'alpha') || !empty($_SESSION['dol_use_jmobile'])) * Actions */ -// Validate new password -if ($action == 'validatenewpassword' && $username && $passwordhash) -{ - $edituser = new User($db); - $result = $edituser->fetch('', $_GET["username"]); - if ($result < 0) - { - $message = '
'.dol_escape_htmltag($langs->trans("ErrorLoginDoesNotExists", $username)).'
'; - } else { - if (dol_verifyHash($edituser->pass_temp, $passwordhash)) - { - // Clear session - unset($_SESSION['dol_login']); - $_SESSION['dol_loginmesg'] = $langs->trans('NewPasswordValidated'); // Save message for the session page - - $newpassword = $edituser->setPassword($user, $edituser->pass_temp, 0); - dol_syslog("passwordforgotten.php new password for user->id=".$edituser->id." validated in database"); - header("Location: ".DOL_URL_ROOT.'/'); - exit; - } else { - $langs->load("errors"); - $message = '
'.$langs->trans("ErrorFailedToValidatePasswordReset").'
'; - } - } +$parameters = array('username' => $username); +$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks +if ($reshook < 0) { + $message = $hookmanager->error; } -// Action modif mot de passe -if ($action == 'buildnewpassword' && $username) -{ - $sessionkey = 'dol_antispam_value'; - $ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) == strtolower($_POST['code']))); - // Verify code - if (!$ok) - { - $message = '
'.$langs->trans("ErrorBadValueForCode").'
'; - } else { - $isanemail = preg_match('/@/', $username); +if (empty($reshook)) { + // Validate new password + if ($action == 'validatenewpassword' && $username && $passwordhash) + { + $edituser = new User($db); + $result = $edituser->fetch('', $_GET["username"]); + if ($result < 0) + { + $message = '
'.dol_escape_htmltag($langs->trans("ErrorLoginDoesNotExists", $username)).'
'; + } else { + if (dol_verifyHash($edituser->pass_temp, $passwordhash)) + { + // Clear session + unset($_SESSION['dol_login']); + $_SESSION['dol_loginmesg'] = $langs->trans('NewPasswordValidated'); // Save message for the session page - $edituser = new User($db); - $result = $edituser->fetch('', $username, '', 1); - if ($result == 0 && $isanemail) - { - $result = $edituser->fetch('', '', '', 1, -1, $username); - } + $newpassword = $edituser->setPassword($user, $edituser->pass_temp, 0); + dol_syslog("passwordforgotten.php new password for user->id=".$edituser->id." validated in database"); + header("Location: ".DOL_URL_ROOT.'/'); + exit; + } else { + $langs->load("errors"); + $message = '
'.$langs->trans("ErrorFailedToValidatePasswordReset").'
'; + } + } + } + // Action modif mot de passe + if ($action == 'buildnewpassword' && $username) + { + $sessionkey = 'dol_antispam_value'; + $ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) == strtolower($_POST['code']))); - if ($result <= 0 && $edituser->error == 'USERNOTFOUND') - { - $message = '
'; - if (!$isanemail) { - $message .= $langs->trans("IfLoginExistPasswordRequestSent"); - } else { - $message .= $langs->trans("IfEmailExistPasswordRequestSent"); - } - $message .= '
'; - $username = ''; - } else { - if (!$edituser->email) - { - $message = '
'.$langs->trans("ErrorLoginHasNoEmail").'
'; - } else { - $newpassword = $edituser->setPassword($user, '', 1); - if ($newpassword < 0) - { - // Failed - $message = '
'.$langs->trans("ErrorFailedToChangePassword").'
'; - } else { - // Success - if ($edituser->send_password($user, $newpassword, 1) > 0) - { - $message = '
'; - if (!$isanemail) { - $message .= $langs->trans("IfLoginExistPasswordRequestSent"); - } else { - $message .= $langs->trans("IfEmailExistPasswordRequestSent"); - } - //$message .= $langs->trans("PasswordChangeRequestSent", $edituser->login, dolObfuscateEmail($edituser->email)); - $message .= '
'; - $username = ''; - } else { - $message .= '
'.$edituser->error.'
'; - } - } - } - } - } + // Verify code + if (!$ok) + { + $message = '
'.$langs->trans("ErrorBadValueForCode").'
'; + } else { + $isanemail = preg_match('/@/', $username); + + $edituser = new User($db); + $result = $edituser->fetch('', $username, '', 1); + if ($result == 0 && $isanemail) + { + $result = $edituser->fetch('', '', '', 1, -1, $username); + } + + if ($result <= 0 && $edituser->error == 'USERNOTFOUND') + { + $message = '
'; + if (!$isanemail) { + $message .= $langs->trans("IfLoginExistPasswordRequestSent"); + } else { + $message .= $langs->trans("IfEmailExistPasswordRequestSent"); + } + $message .= '
'; + $username = ''; + } else { + if (!$edituser->email) + { + $message = '
'.$langs->trans("ErrorLoginHasNoEmail").'
'; + } else { + $newpassword = $edituser->setPassword($user, '', 1); + if ($newpassword < 0) + { + // Failed + $message = '
'.$langs->trans("ErrorFailedToChangePassword").'
'; + } else { + // Success + if ($edituser->send_password($user, $newpassword, 1) > 0) + { + $message = '
'; + if (!$isanemail) { + $message .= $langs->trans("IfLoginExistPasswordRequestSent"); + } else { + $message .= $langs->trans("IfEmailExistPasswordRequestSent"); + } + //$message .= $langs->trans("PasswordChangeRequestSent", $edituser->login, dolObfuscateEmail($edituser->email)); + $message .= '
'; + $username = ''; + } else { + $message .= '
'.$edituser->error.'
'; + } + } + } + } + } + } }