NEW Cat set the encryption algorithm for extrafields of type password
This commit is contained in:
Laurent Destailleur
parent
cc618e886f
commit
863cab362f
@ -4629,10 +4629,10 @@ abstract class CommonObject
|
||||
foreach($new_array_options as $key => $value)
|
||||
{
|
||||
$attributeKey = substr($key,8); // Remove 'options_' prefix
|
||||
$attributeType = $extrafields->attribute_type[$attributeKey];
|
||||
$attributeLabel = $extrafields->attribute_label[$attributeKey];
|
||||
$attributeParam = $extrafields->attribute_param[$attributeKey];
|
||||
$attributeRequired = $extrafields->attribute_required[$attributeKey];
|
||||
$attributeType = $extrafields->attributes[$this->table_element]['type'][$attributeKey];
|
||||
$attributeLabel = $extrafields->attributes[$this->table_element]['label'][$attributeKey];
|
||||
$attributeParam = $extrafields->attributes[$this->table_element]['param'][$attributeKey];
|
||||
$attributeRequired = $extrafields->attributes[$this->table_element]['required'][$attributeKey];
|
||||
|
||||
if ($attributeRequired)
|
||||
{
|
||||
@ -4665,7 +4665,26 @@ abstract class CommonObject
|
||||
$this->array_options[$key] = null;
|
||||
}
|
||||
break;*/
|
||||
case 'price':
|
||||
case 'password':
|
||||
$algo='';
|
||||
if (is_array($extrafields->attributes[$this->table_element]['param'][$attributeKey]['options']))
|
||||
{
|
||||
// If there is an encryption choice, we use it to crypt data before insert
|
||||
$algo=reset(array_keys($extrafields->attributes[$this->table_element]['param'][$attributeKey]['options']));
|
||||
if ($algo != '')
|
||||
{
|
||||
$new_array_options[$key] = dol_hash($this->array_options[$key], $algo);
|
||||
/*var_dump($algo);
|
||||
var_dump($this->array_options[$key]);
|
||||
var_dump($new_array_options[$key]);*/
|
||||
}
|
||||
}
|
||||
else // Common usage
|
||||
{
|
||||
$new_array_options[$key] = $this->array_options[$key];
|
||||
}
|
||||
break;
|
||||
case 'price':
|
||||
$new_array_options[$key] = price2num($this->array_options[$key]);
|
||||
break;
|
||||
case 'date':
|
||||
@ -4723,7 +4742,7 @@ abstract class CommonObject
|
||||
{
|
||||
$attributeKey = substr($key,8); // Remove 'options_' prefix
|
||||
// Add field of attribut
|
||||
if ($extrafields->attribute_type[$attributeKey] != 'separate') // Only for other type of separate
|
||||
if ($extrafields->attributes[$this->table_element]['type'][$attributeKey] != 'separate') // Only for other type than separator
|
||||
$sql.=",".$attributeKey;
|
||||
}
|
||||
$sql .= ") VALUES (".$this->id;
|
||||
@ -4731,8 +4750,8 @@ abstract class CommonObject
|
||||
foreach($new_array_options as $key => $value)
|
||||
{
|
||||
$attributeKey = substr($key,8); // Remove 'options_' prefix
|
||||
// Add field o fattribut
|
||||
if($extrafields->attribute_type[$attributeKey] != 'separate') // Only for other type of separate)
|
||||
// Add field of attribute
|
||||
if ($extrafields->attributes[$this->table_element]['type'][$attributeKey] != 'separate') // Only for other type than separator)
|
||||
{
|
||||
if ($new_array_options[$key] != '')
|
||||
{
|
||||
@ -4781,7 +4800,7 @@ abstract class CommonObject
|
||||
* Update an exta field value for the current object.
|
||||
* Data to describe values to update are stored into $this->array_options=array('options_codeforfield1'=>'valueforfield1', 'options_codeforfield2'=>'valueforfield2', ...)
|
||||
*
|
||||
* @param string $key Key of the extrafield
|
||||
* @param string $key Key of the extrafield (without starting 'options_')
|
||||
* @param string $trigger If defined, call also the trigger (for example COMPANY_MODIFY)
|
||||
* @param User $userused Object user
|
||||
* @return int -1=error, O=did nothing, 1=OK
|
||||
@ -4806,9 +4825,12 @@ abstract class CommonObject
|
||||
$target_extrafields=$extrafields->fetch_name_optionals_label($this->table_element);
|
||||
|
||||
$value=$this->array_options["options_".$key];
|
||||
$attributeType = $extrafields->attribute_type[$key];
|
||||
$attributeLabel = $extrafields->attribute_label[$key];
|
||||
$attributeParam = $extrafields->attribute_param[$key];
|
||||
|
||||
$attributeType = $extrafields->attributes[$this->table_element]['type'][$key];
|
||||
$attributeLabel = $extrafields->attributes[$this->table_element]['label'][$key];
|
||||
$attributeParam = $extrafields->attributes[$this->table_element]['param'][$key];
|
||||
$attributeRequired = $extrafields->attributes[$this->table_element]['required'][$key];
|
||||
|
||||
switch ($attributeType)
|
||||
{
|
||||
case 'int':
|
||||
@ -4838,7 +4860,7 @@ abstract class CommonObject
|
||||
$this->array_options["options_".$key]=$this->db->idate($this->array_options["options_".$key]);
|
||||
break;
|
||||
case 'link':
|
||||
$param_list=array_keys($attributeParam ['options']);
|
||||
$param_list=array_keys($attributeParam['options']);
|
||||
// 0 : ObjectName
|
||||
// 1 : classPath
|
||||
$InfoFieldList = explode(":", $param_list[0]);
|
||||
|
||||
@ -70,11 +70,11 @@ function dol_decode($chain)
|
||||
|
||||
/**
|
||||
* Returns a hash of a string.
|
||||
* If constant MAIN_SECURITY_HASH_ALGO is defined, we use this function as hashing function.
|
||||
* If constant MAIN_SECURITY_SALT is defined, we use it as a salt.
|
||||
* If constant MAIN_SECURITY_HASH_ALGO is defined, we use this function as hashing function (recommanded value is 'password_hash')
|
||||
* If constant MAIN_SECURITY_SALT is defined, we use it as a salt (used only if hashing algorightm is something else than 'password_hash').
|
||||
*
|
||||
* @param string $chain String to hash
|
||||
* @param string $type Type of hash ('0':auto, '1':sha1, '2':sha1+md5, '3':md5, '4':md5 for OpenLdap, '5':sha256). Use '3' here, if hash is not needed for security purpose, for security need, prefer '0'.
|
||||
* @param string $type Type of hash ('0':auto will use MAIN_SECURITY_HASH_ALGO then md5, '1':sha1, '2':sha1+md5, '3':md5, '4':md5 for OpenLdap, '5':sha256). Use '3' here, if hash is not needed for security purpose, for security need, prefer '0'.
|
||||
* @return string Hash of string
|
||||
* @getRandomPassword
|
||||
*/
|
||||
@ -83,8 +83,10 @@ function dol_hash($chain, $type='0')
|
||||
global $conf;
|
||||
|
||||
// No need to add salt for password_hash
|
||||
if ($type == '0' && ! empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'password_hash' && function_exists('password_hash'))
|
||||
return password_hash($chain, PASSWORD_DEFAULT);
|
||||
if (($type == '0' || $type == 'auto') && ! empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'password_hash' && function_exists('password_hash'))
|
||||
{
|
||||
return password_hash($chain, PASSWORD_DEFAULT);
|
||||
}
|
||||
|
||||
// Salt value
|
||||
if (! empty($conf->global->MAIN_SECURITY_SALT)) $chain=$conf->global->MAIN_SECURITY_SALT.$chain;
|
||||
|
||||
@ -166,7 +166,7 @@ $langs->load("modulebuilder");
|
||||
<span id="helpsellist"><?php print $form->textwithpicto('', $langs->trans("ExtrafieldParamHelpsellist"),1,0,'', 0, 2, 'helpvalue2')?></span>
|
||||
<span id="helpchkbxlst"><?php print $form->textwithpicto('', $langs->trans("ExtrafieldParamHelpchkbxlst"),1,0,'', 0, 2, 'helpvalue3')?></span>
|
||||
<span id="helplink"><?php print $form->textwithpicto('', $langs->trans("ExtrafieldParamHelplink"),1,0,'', 0, 2, 'helpvalue4')?></span>
|
||||
<span id="helppassword"><?php print $form->textwithpicto('', $langs->trans("ExtrafieldParamPassword"),1,0,'', 0, 2, 'helpvalue5')?></span>
|
||||
<span id="helppassword"><?php print $form->textwithpicto('', $langs->trans("ExtrafieldParamHelpPassword"),1,0,'', 0, 2, 'helpvalue5')?></span>
|
||||
</td></tr>
|
||||
</table>
|
||||
</td>
|
||||
|
||||
@ -225,7 +225,7 @@ else
|
||||
<span id="helpsellist"><?php print $form->textwithpicto('', $langs->trans("ExtrafieldParamHelpsellist"),1,0,'', 0, 2, 'helpvalue2')?></span>
|
||||
<span id="helpchkbxlst"><?php print $form->textwithpicto('', $langs->trans("ExtrafieldParamHelpchkbxlst"),1,0,'', 0, 2, 'helpvalue3')?></span>
|
||||
<span id="helplink"><?php print $form->textwithpicto('', $langs->trans("ExtrafieldParamHelplink"),1,0,'', 0, 2, 'helpvalue4')?></span>
|
||||
<span id="helppassword"><?php print $form->textwithpicto('', $langs->trans("ExtrafieldParamPassword"),1,0,'', 0, 2, 'helpvalue5')?></span>
|
||||
<span id="helppassword"><?php print $form->textwithpicto('', $langs->trans("ExtrafieldParamHelpPassword"),1,0,'', 0, 2, 'helpvalue5')?></span>
|
||||
</td></tr>
|
||||
</table>
|
||||
</td>
|
||||
|
||||
@ -411,6 +411,7 @@ ExtrafieldCheckBoxFromList=Checkboxes from table
|
||||
ExtrafieldLink=Link to an object
|
||||
ComputedFormula=Computed field
|
||||
ComputedFormulaDesc=You can enter here a formula using other properties of object or any PHP coding to get a dynamic computed value. You can use any PHP compatible formulas including the "?" condition operator, and following global object: <strong>$db, $conf, $langs, $mysoc, $user, $object</strong>.<br><strong>WARNING</strong>: Only some properties of $object may be available. If you need a properties not loaded, just fetch yourself the object into your formula like in the second example.<br>Using a computed field means you can't enter yourself any value from interface. Also, if there is a syntax error, the formula may return nothing.<br><br>Example of formula:<br>$object->id < 10 ? round($object->id / 2, 2) : ($object->id + 2 * $user->id) * (int) substr($mysoc->zip, 1, 2)<br><br>Example to reload object<br>(($reloadedobj = new Societe($db)) && ($reloadedobj->fetch($obj->id ? $obj->id : ($obj->rowid ? $obj->rowid : $object->id)) > 0)) ? $reloadedobj->array_options['options_extrafieldkey'] * $reloadedobj->capital / 5 : '-1'<br><br>Other example of formula to force load of object and its parent object:<br>(($reloadedobj = new Task($db)) && ($reloadedobj->fetch($object->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetch($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref : 'Parent project not found'
|
||||
ExtrafieldParamHelpPassword=Keep this field empty means value will be stored without encryption (field must be only hidden with star on screen).<br>Set here value 'auto' to use the default encryption rule to save password into database (then value read will be the hash only, no way to retreive original value)
|
||||
ExtrafieldParamHelpselect=List of values must be lines with format key,value (where key can't be '0')<br><br> for example : <br>1,value1<br>2,value2<br>code3,value3<br>...<br><br>In order to have the list depending on another complementary attribute list :<br>1,value1|options_<i>parent_list_code</i>:parent_key<br>2,value2|options_<i>parent_list_code</i>:parent_key <br><br>In order to have the list depending on another list :<br>1,value1|<i>parent_list_code</i>:parent_key<br>2,value2|<i>parent_list_code</i>:parent_key
|
||||
ExtrafieldParamHelpcheckbox=List of values must be lines with format key,value (where key can't be '0')<br><br> for example : <br>1,value1<br>2,value2<br>3,value3<br>...
|
||||
ExtrafieldParamHelpradio=List of values must be lines with format key,value (where key can't be '0')<br><br> for example : <br>1,value1<br>2,value2<br>3,value3<br>...
|
||||
|
||||
@ -329,7 +329,7 @@ if (empty($reshook))
|
||||
|
||||
// Fill array 'array_options' with data from update form
|
||||
$extralabels = $extrafields->fetch_name_optionals_label($object->table_element);
|
||||
$ret = $extrafields->setOptionalsFromPost($extralabels, $object, GETPOST('attribute'));
|
||||
$ret = $extrafields->setOptionalsFromPost($extralabels, $object, GETPOST('attribute','none'));
|
||||
if ($ret < 0) $error++;
|
||||
|
||||
if (! $error)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user