lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Change-Id: I5f8bcf59cf2fc0d902edb4d61f8c20a2880765a2

Browse Source
This commit is contained in:
Regis Houssin 2012-07-07 12:15:43 +02:00
parent ba45953223
commit 7e2469618e
3 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/lib/security2.lib.php
View File

@ -54,7 +54,7 @@ function checkLoginPassEntity($usertotest,$passwordtotest,$entitytotest,$authmod
global $conf,$langs;
//global $dolauthmode; // To return authentication finally used
// Check parameetrs
// Check parameters
if ($entitytotest == '') $entitytotest=1;
dol_syslog("checkLoginPassEntity usertotest=".$usertotest." entitytotest=".$entitytotest." authmode=".join(',',$authmode));

15
htdocs/core/login/functions_dolibarr.php
View File

@ -36,9 +36,14 @@
function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest=1)
{
global $db,$conf,$langs;
global $mc;
dol_syslog("functions_dolibarr::check_user_password_dolibarr usertotest=".$usertotest);
// Force master entity in transversal mode
$entity=$entitytotest;
if (! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode)) $entity=1;
$login='';
if (! empty($usertotest))
@ -48,10 +53,10 @@ function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest=
$usernamecol = 'login';
$entitycol = 'entity';
$sql ='SELECT pass, pass_crypted';
$sql ='SELECT rowid, entity, pass, pass_crypted';
$sql.=' FROM '.$table;
$sql.=' WHERE '.$usernamecol." = '".$db->escape($usertotest)."'";
$sql.=' AND '.$entitycol." IN (0," . ($entitytotest ? $entitytotest : 1) . ")";
$sql.=' AND '.$entitycol." IN (0," . ($entity ? $entity : 1) . ")";
dol_syslog("functions_dolibarr::check_user_password_dolibarr sql=".$sql);
$resql=$db->query($sql);
@ -92,6 +97,12 @@ function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest=
}
}
if ($passok && ! empty($obj->entity) && (! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode)))
{
$ret=$mc->checkRight($obj->rowid, $entitytotest);
if ($ret < 0) $passok=false;
}
// Password ok ?
if ($passok)
{

2
htdocs/user/class/user.class.php
View File

@ -150,7 +150,7 @@ class User extends CommonObject
$sql.= " u.ref_int, u.ref_ext";
$sql.= " FROM ".MAIN_DB_PREFIX."user as u";
if(! empty($conf->multicompany->enabled) && $conf->entity == 1)
if (! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode))
{
$sql.= " WHERE u.entity IS NOT NULL";
}