diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php
index f69e842ec81..af940c91234 100644
--- a/htdocs/core/class/commonobject.class.php
+++ b/htdocs/core/class/commonobject.class.php
@@ -4629,10 +4629,10 @@ abstract class CommonObject
foreach($new_array_options as $key => $value)
{
$attributeKey = substr($key,8); // Remove 'options_' prefix
- $attributeType = $extrafields->attribute_type[$attributeKey];
- $attributeLabel = $extrafields->attribute_label[$attributeKey];
- $attributeParam = $extrafields->attribute_param[$attributeKey];
- $attributeRequired = $extrafields->attribute_required[$attributeKey];
+ $attributeType = $extrafields->attributes[$this->table_element]['type'][$attributeKey];
+ $attributeLabel = $extrafields->attributes[$this->table_element]['label'][$attributeKey];
+ $attributeParam = $extrafields->attributes[$this->table_element]['param'][$attributeKey];
+ $attributeRequired = $extrafields->attributes[$this->table_element]['required'][$attributeKey];
if ($attributeRequired)
{
@@ -4665,7 +4665,26 @@ abstract class CommonObject
$this->array_options[$key] = null;
}
break;*/
- case 'price':
+ case 'password':
+ $algo='';
+ if (is_array($extrafields->attributes[$this->table_element]['param'][$attributeKey]['options']))
+ {
+ // If there is an encryption choice, we use it to crypt data before insert
+ $algo=reset(array_keys($extrafields->attributes[$this->table_element]['param'][$attributeKey]['options']));
+ if ($algo != '')
+ {
+ $new_array_options[$key] = dol_hash($this->array_options[$key], $algo);
+ /*var_dump($algo);
+ var_dump($this->array_options[$key]);
+ var_dump($new_array_options[$key]);*/
+ }
+ }
+ else // Common usage
+ {
+ $new_array_options[$key] = $this->array_options[$key];
+ }
+ break;
+ case 'price':
$new_array_options[$key] = price2num($this->array_options[$key]);
break;
case 'date':
@@ -4723,7 +4742,7 @@ abstract class CommonObject
{
$attributeKey = substr($key,8); // Remove 'options_' prefix
// Add field of attribut
- if ($extrafields->attribute_type[$attributeKey] != 'separate') // Only for other type of separate
+ if ($extrafields->attributes[$this->table_element]['type'][$attributeKey] != 'separate') // Only for other type than separator
$sql.=",".$attributeKey;
}
$sql .= ") VALUES (".$this->id;
@@ -4731,8 +4750,8 @@ abstract class CommonObject
foreach($new_array_options as $key => $value)
{
$attributeKey = substr($key,8); // Remove 'options_' prefix
- // Add field o fattribut
- if($extrafields->attribute_type[$attributeKey] != 'separate') // Only for other type of separate)
+ // Add field of attribute
+ if ($extrafields->attributes[$this->table_element]['type'][$attributeKey] != 'separate') // Only for other type than separator)
{
if ($new_array_options[$key] != '')
{
@@ -4781,7 +4800,7 @@ abstract class CommonObject
* Update an exta field value for the current object.
* Data to describe values to update are stored into $this->array_options=array('options_codeforfield1'=>'valueforfield1', 'options_codeforfield2'=>'valueforfield2', ...)
*
- * @param string $key Key of the extrafield
+ * @param string $key Key of the extrafield (without starting 'options_')
* @param string $trigger If defined, call also the trigger (for example COMPANY_MODIFY)
* @param User $userused Object user
* @return int -1=error, O=did nothing, 1=OK
@@ -4806,9 +4825,12 @@ abstract class CommonObject
$target_extrafields=$extrafields->fetch_name_optionals_label($this->table_element);
$value=$this->array_options["options_".$key];
- $attributeType = $extrafields->attribute_type[$key];
- $attributeLabel = $extrafields->attribute_label[$key];
- $attributeParam = $extrafields->attribute_param[$key];
+
+ $attributeType = $extrafields->attributes[$this->table_element]['type'][$key];
+ $attributeLabel = $extrafields->attributes[$this->table_element]['label'][$key];
+ $attributeParam = $extrafields->attributes[$this->table_element]['param'][$key];
+ $attributeRequired = $extrafields->attributes[$this->table_element]['required'][$key];
+
switch ($attributeType)
{
case 'int':
@@ -4838,7 +4860,7 @@ abstract class CommonObject
$this->array_options["options_".$key]=$this->db->idate($this->array_options["options_".$key]);
break;
case 'link':
- $param_list=array_keys($attributeParam ['options']);
+ $param_list=array_keys($attributeParam['options']);
// 0 : ObjectName
// 1 : classPath
$InfoFieldList = explode(":", $param_list[0]);
diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index dda89a7425d..a367579e1cd 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -70,11 +70,11 @@ function dol_decode($chain)
/**
* Returns a hash of a string.
- * If constant MAIN_SECURITY_HASH_ALGO is defined, we use this function as hashing function.
- * If constant MAIN_SECURITY_SALT is defined, we use it as a salt.
+ * If constant MAIN_SECURITY_HASH_ALGO is defined, we use this function as hashing function (recommanded value is 'password_hash')
+ * If constant MAIN_SECURITY_SALT is defined, we use it as a salt (used only if hashing algorightm is something else than 'password_hash').
*
* @param string $chain String to hash
- * @param string $type Type of hash ('0':auto, '1':sha1, '2':sha1+md5, '3':md5, '4':md5 for OpenLdap, '5':sha256). Use '3' here, if hash is not needed for security purpose, for security need, prefer '0'.
+ * @param string $type Type of hash ('0':auto will use MAIN_SECURITY_HASH_ALGO then md5, '1':sha1, '2':sha1+md5, '3':md5, '4':md5 for OpenLdap, '5':sha256). Use '3' here, if hash is not needed for security purpose, for security need, prefer '0'.
* @return string Hash of string
* @getRandomPassword
*/
@@ -83,8 +83,10 @@ function dol_hash($chain, $type='0')
global $conf;
// No need to add salt for password_hash
- if ($type == '0' && ! empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'password_hash' && function_exists('password_hash'))
- return password_hash($chain, PASSWORD_DEFAULT);
+ if (($type == '0' || $type == 'auto') && ! empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'password_hash' && function_exists('password_hash'))
+ {
+ return password_hash($chain, PASSWORD_DEFAULT);
+ }
// Salt value
if (! empty($conf->global->MAIN_SECURITY_SALT)) $chain=$conf->global->MAIN_SECURITY_SALT.$chain;
diff --git a/htdocs/core/tpl/admin_extrafields_add.tpl.php b/htdocs/core/tpl/admin_extrafields_add.tpl.php
index 3693883775a..a48e8a5f31a 100644
--- a/htdocs/core/tpl/admin_extrafields_add.tpl.php
+++ b/htdocs/core/tpl/admin_extrafields_add.tpl.php
@@ -166,7 +166,7 @@ $langs->load("modulebuilder");
textwithpicto('', $langs->trans("ExtrafieldParamHelpsellist"),1,0,'', 0, 2, 'helpvalue2')?>
textwithpicto('', $langs->trans("ExtrafieldParamHelpchkbxlst"),1,0,'', 0, 2, 'helpvalue3')?>
textwithpicto('', $langs->trans("ExtrafieldParamHelplink"),1,0,'', 0, 2, 'helpvalue4')?>
- textwithpicto('', $langs->trans("ExtrafieldParamPassword"),1,0,'', 0, 2, 'helpvalue5')?>
+ textwithpicto('', $langs->trans("ExtrafieldParamHelpPassword"),1,0,'', 0, 2, 'helpvalue5')?>
diff --git a/htdocs/core/tpl/admin_extrafields_edit.tpl.php b/htdocs/core/tpl/admin_extrafields_edit.tpl.php
index 3a5922c216f..a919b545a36 100644
--- a/htdocs/core/tpl/admin_extrafields_edit.tpl.php
+++ b/htdocs/core/tpl/admin_extrafields_edit.tpl.php
@@ -225,7 +225,7 @@ else
textwithpicto('', $langs->trans("ExtrafieldParamHelpsellist"),1,0,'', 0, 2, 'helpvalue2')?>
textwithpicto('', $langs->trans("ExtrafieldParamHelpchkbxlst"),1,0,'', 0, 2, 'helpvalue3')?>
textwithpicto('', $langs->trans("ExtrafieldParamHelplink"),1,0,'', 0, 2, 'helpvalue4')?>
- textwithpicto('', $langs->trans("ExtrafieldParamPassword"),1,0,'', 0, 2, 'helpvalue5')?>
+ textwithpicto('', $langs->trans("ExtrafieldParamHelpPassword"),1,0,'', 0, 2, 'helpvalue5')?>
diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang
index 02c44ebee88..d6bf4d01fe9 100644
--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@@ -411,6 +411,7 @@ ExtrafieldCheckBoxFromList=Checkboxes from table
ExtrafieldLink=Link to an object
ComputedFormula=Computed field
ComputedFormulaDesc=You can enter here a formula using other properties of object or any PHP coding to get a dynamic computed value. You can use any PHP compatible formulas including the "?" condition operator, and following global object: $db, $conf, $langs, $mysoc, $user, $object.
WARNING: Only some properties of $object may be available. If you need a properties not loaded, just fetch yourself the object into your formula like in the second example.
Using a computed field means you can't enter yourself any value from interface. Also, if there is a syntax error, the formula may return nothing.
Example of formula:
$object->id < 10 ? round($object->id / 2, 2) : ($object->id + 2 * $user->id) * (int) substr($mysoc->zip, 1, 2)
Example to reload object
(($reloadedobj = new Societe($db)) && ($reloadedobj->fetch($obj->id ? $obj->id : ($obj->rowid ? $obj->rowid : $object->id)) > 0)) ? $reloadedobj->array_options['options_extrafieldkey'] * $reloadedobj->capital / 5 : '-1'
Other example of formula to force load of object and its parent object:
(($reloadedobj = new Task($db)) && ($reloadedobj->fetch($object->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetch($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref : 'Parent project not found'
+ExtrafieldParamHelpPassword=Keep this field empty means value will be stored without encryption (field must be only hidden with star on screen).
Set here value 'auto' to use the default encryption rule to save password into database (then value read will be the hash only, no way to retreive original value)
ExtrafieldParamHelpselect=List of values must be lines with format key,value (where key can't be '0')
for example :
1,value1
2,value2
code3,value3
...
In order to have the list depending on another complementary attribute list :
1,value1|options_parent_list_code:parent_key
2,value2|options_parent_list_code:parent_key
In order to have the list depending on another list :
1,value1|parent_list_code:parent_key
2,value2|parent_list_code:parent_key
ExtrafieldParamHelpcheckbox=List of values must be lines with format key,value (where key can't be '0')
for example :
1,value1
2,value2
3,value3
...
ExtrafieldParamHelpradio=List of values must be lines with format key,value (where key can't be '0')
for example :
1,value1
2,value2
3,value3
...
diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php
index c0775145828..ed8e6c74c6e 100644
--- a/htdocs/societe/card.php
+++ b/htdocs/societe/card.php
@@ -329,7 +329,7 @@ if (empty($reshook))
// Fill array 'array_options' with data from update form
$extralabels = $extrafields->fetch_name_optionals_label($object->table_element);
- $ret = $extrafields->setOptionalsFromPost($extralabels, $object, GETPOST('attribute'));
+ $ret = $extrafields->setOptionalsFromPost($extralabels, $object, GETPOST('attribute','none'));
if ($ret < 0) $error++;
if (! $error)