lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: Dclenchement des triggers incorrects sur modif mot de passe adhrent ou user

Browse Source
This commit is contained in:
Laurent Destailleur 2007-10-21 23:04:06 +00:00
parent 38a0dea67e
commit 977f0a3fc1
5 changed files with 190 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

97
htdocs/adherents/adherent.class.php
View File

@ -352,9 +352,11 @@ class Adherent
/**
\brief Fonction qui crée l'adhérent
\return int <0 si ko, >0 si ok
\param user Objet user qui demande la creation
\param notrigger 1 ne declenche pas les triggers, 0 sinon
\return int <0 si ko, >0 si ok
*/
function create()
function create($user='',$notrigger=0)
{
global $conf,$langs,$user;
@ -385,7 +387,7 @@ class Adherent
{
$this->id=$id;
// Mise a jour
// Update minor fields
$result=$this->update($user,1,1);
if ($result < 0)
{
@ -395,12 +397,16 @@ class Adherent
$this->use_webcal=($conf->global->PHPWEBCALENDAR_MEMBERSTATUS=='always'?1:0);
// Appel des triggers
include_once(DOL_DOCUMENT_ROOT . "/interfaces.class.php");
$interface=new Interfaces($this->db);
$result=$interface->run_triggers('MEMBER_CREATE',$this,$user,$langs,$conf);
if ($result < 0) $this->errors=$interface->errors;
// Fin appel triggers
if (! $notrigger)
{
// Appel des triggers
include_once(DOL_DOCUMENT_ROOT . "/interfaces.class.php");
$interface=new Interfaces($this->db);
$result=$interface->run_triggers('MEMBER_CREATE',$this,$user,$langs,$conf);
if ($result < 0) $this->errors=$interface->errors;
// Fin appel triggers
}
if (sizeof($this->errors))
{
$this->db->rollback();
@ -458,7 +464,7 @@ class Adherent
}
/**
\brief Fonction qui met à jour l'adhérent
\brief Fonction qui met à jour l'adhérent (sauf mot de passe)
\param user Utilisateur qui réalise la mise a jour
\param notrigger 1=désactive le trigger UPDATE (quand appelé par creation)
\param nosyncuser Do not synchronize linked user
@ -486,7 +492,6 @@ class Adherent
$sql.= " prenom = ".($this->prenom?"'".addslashes($this->prenom)."'":"null");
$sql.= ",nom=" .($this->nom?"'".addslashes($this->nom)."'":"null");
$sql.= ",login=" .($this->login?"'".addslashes($this->login)."'":"null");
$sql.= ",pass=" .($this->pass?"'".addslashes($this->pass)."'":"null");
$sql.= ",societe=" .($this->societe?"'".addslashes($this->societe)."'":"null");
$sql.= ",adresse=" .($this->adresse?"'".addslashes($this->adresse)."'":"null");
$sql.= ",cp=" .($this->cp?"'".addslashes($this->cp)."'":"null");
@ -548,6 +553,18 @@ class Adherent
}
}
// Mise a jour mot de passe
if ($this->pass)
{
if ($this->pass != $this->pass_indatabase && $this->pass != $this->pass_indatabase_crypted)
{
// Si mot de passe saisi et différent de celui en base
$result=$this->password($user,$this->pass,0,$notrigger);
if (! $nbrowsaffected) $nbrowsaffected++;
}
}
if ($nbrowsaffected)
{
if ($this->user_id && ! $nosyncuser)
@ -707,11 +724,15 @@ class Adherent
* \param user Object user de l'utilisateur qui fait la modification
* \param password Nouveau mot de passe (à générer si non communiqué)
* \param isencrypted 0 ou 1 si il faut crypter le mot de passe en base (0 par défaut)
* \param notrigger 1=Ne declenche pas les triggers
* \param nosyncuser Do not synchronize linked user
* \return string If OK return clear password, 0 if no change, < 0 if error
*/
function password($user, $password='', $isencrypted=0)
function password($user, $password='', $isencrypted=0, $notrigger=0, $nosyncuser=0)
{
global $langs;
global $conf, $langs;
$error=0;
dolibarr_syslog("Adherent::Password user=".$user->id." password=".eregi_replace('.','*',$password)." isencrypted=".$isencrypted);
@ -739,25 +760,57 @@ class Adherent
$sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET pass = '".addslashes($password_indatabase)."'";
$sql.= " WHERE rowid = ".$this->id;
dolibarr_syslog("Adherent::Password sql=hidden");
//dolibarr_syslog("Adherent::Password sql=hidden");
dolibarr_syslog("Adherent::Password sql=".$sql);
$result = $this->db->query($sql);
if ($result)
{
if ($this->db->affected_rows($result))
$nbaffectedrows=$this->db->affected_rows();
if ($nbaffectedrows)
{
$this->pass=$password;
$this->pass_indatabase=$password_indatabase;
// Appel des triggers
include_once(DOL_DOCUMENT_ROOT . "/interfaces.class.php");
$interface=new Interfaces($this->db);
$result=$interface->run_triggers('MEMBER_NEW_PASSWORD',$this,$user,$langs,$conf);
if ($result < 0) $this->errors=$interface->errors;
// Fin appel triggers
if ($this->user_id && ! $nosyncuser)
{
// This member is linked with a user, so we also update users informations
// if this is an update.
$luser=new User($this->db);
$luser->id=$this->user_id;
$result=$luser->fetch();
if ($result >= 0)
{
$result=$luser->password($user,$this->pass,$conf->password_encrypted,0,0,1);
if ($result < 0)
{
$this->error=$luser->error;
dolibarr_syslog("Adherent::password ".$this->error,LOG_ERROR);
$error++;
}
}
else
{
$this->error=$luser->error;
$error++;
}
}
if (! $error && ! $notrigger)
{
// Appel des triggers
include_once(DOL_DOCUMENT_ROOT . "/interfaces.class.php");
$interface=new Interfaces($this->db);
$result=$interface->run_triggers('MEMBER_NEW_PASSWORD',$this,$user,$langs,$conf);
if ($result < 0) { $error++; $this->errors=$interface->errors; }
// Fin appel triggers
}
return $this->pass;
}
else {
else
{
return 0;
}
}

15
htdocs/adherents/fiche.php
View File

@ -18,7 +18,6 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
@ -165,15 +164,6 @@ if ($user->rights->adherent->creer && $_REQUEST["action"] == 'update' && ! $_POS
$result=$adh->update($user,0);
if ($result >= 0 && ! sizeof($adh->errors))
{
if (isset($_POST["password"]) && $_POST["password"] !='')
{
$ret=$edituser->password($user,$password,$conf->password_encrypted,0);
if ($ret < 0)
{
$message.='<div class="error">'.$edituser->error.'</div>';
}
}
if (isset($_FILES['photo']['tmp_name']) && trim($_FILES['photo']['tmp_name']))
{
// If photo is provided
@ -322,11 +312,6 @@ if ($user->rights->adherent->creer && $_POST["action"] == 'add')
$result=$adh->create($user);
if ($result > 0)
{
if (isset($_POST['password']) && trim($_POST['password']))
{
$adh->password($user,trim($_POST['password']),0);
}
if ($cotisation > 0)
{
$crowid=$adh->cotisation($datecotisation, $cotisation);

146
htdocs/conf/conf.class.php
View File

@ -70,77 +70,76 @@ class Conf
var $oscommerce2;
/**
* \brief Positionne toutes les variables de configuration
* \param $db Handler d'accès base
* \return int < 0 si erreur, >= 0 si succès
*/
function setValues($db)
{
dolibarr_syslog("functions.inc.php::setValues");
// Par defaut, à oui
$this->global->PRODUIT_CONFIRM_DELETE_LINE=1;
/*
* Definition de toutes les Constantes globales d'environnement
* - En constante php (\todo a virer)
* - En $this->global->key=value
*/
$sql = "SELECT name, value FROM ".MAIN_DB_PREFIX."const";
$result = $db->query($sql);
if ($result)
{
$numr = $db->num_rows($result);
$i = 0;
while ($i < $numr)
{
$objp = $db->fetch_object($result);
$key=$objp->name;
$value=$objp->value; // Pas de stripslashes (ne s'applique pas sur lecture en base mais après POST quand get_magic_quotes_gpc()==1)
if ($key)
{
define ("$key", $value);
$this->global->$key=$value;
}
$i++;
}
}
$db->free($result);
// On reprend parametres du fichier de config conf.php
// \TODO Mettre tous les param du fichier conf dans une propriété de la classe
$this->password_encrypted=$this->global->DATABASE_PWD_ENCRYPTED;
/*
* Nettoyage variables des gestionnaires de menu
* conf->menu_top et conf->menu_left sont définis dans main.inc.php (selon user)
*/
if (! $this->global->MAIN_MENU_BARRETOP) $this->global->MAIN_MENU_BARRETOP="default.php";
if (! $this->global->MAIN_MENUFRONT_BARRETOP) $this->global->MAIN_MENUFRONT_BARRETOP="default.php";
if (! $this->global->MAIN_MENU_BARRELEFT) $this->global->MAIN_MENU_BARRELEFT="default.php";
if (! $this->global->MAIN_MENUFRONT_BARRELEFT) $this->global->MAIN_MENUFRONT_BARRELEFT="default.php";
// Variable globales LDAP
if (! $this->global->LDAP_KEY_USERS) $this->global->LDAP_KEY_USERS=$this->global->LDAP_FIELD_FULLNAME;
if (! $this->global->LDAP_KEY_GROUPS) $this->global->LDAP_KEY_GROUPS=$this->global->LDAP_FIELD_FULLNAME;
if (! $this->global->LDAP_KEY_CONTACTS) $this->global->LDAP_KEY_CONTACTS=$this->global->LDAP_FIELD_FULLNAME;
if (! $this->global->LDAP_KEY_MEMBERS) $this->global->LDAP_KEY_MEMBERS=$this->global->LDAP_FIELD_FULLNAME;
/*
* Charge l'objet de traduction et positionne langage courant global
*/
if (! $this->global->MAIN_LANG_DEFAULT) $this->global->MAIN_LANG_DEFAULT="fr_FR";
/*
* Autres parametres globaux de configurations
*/
$this->users->dir_output=DOL_DATA_ROOT."/users";
/**
* \brief Positionne toutes les variables de configuration
* \param $db Handler d'accès base
* \return int < 0 si erreur, >= 0 si succès
*/
function setValues($db)
{
dolibarr_syslog("functions.inc.php::setValues");
// Par defaut, à oui
$this->global->PRODUIT_CONFIRM_DELETE_LINE=1;
/*
* Definition de toutes les Constantes globales d'environnement
* - En constante php (\todo a virer)
* - En $this->global->key=value
*/
$sql = "SELECT name, value FROM ".MAIN_DB_PREFIX."const";
$result = $db->query($sql);
if ($result)
{
$numr = $db->num_rows($result);
$i = 0;
while ($i < $numr)
{
$objp = $db->fetch_object($result);
$key=$objp->name;
$value=$objp->value; // Pas de stripslashes (ne s'applique pas sur lecture en base mais après POST quand get_magic_quotes_gpc()==1)
if ($key)
{
define ("$key", $value);
$this->global->$key=$value;
}
$i++;
}
}
$db->free($result);
// On reprend parametres du fichier de config conf.php
// \TODO Mettre tous les param de conf DB dans une propriété de la classe
/*
* Nettoyage variables des gestionnaires de menu
* conf->menu_top et conf->menu_left sont définis dans main.inc.php (selon user)
*/
if (! $this->global->MAIN_MENU_BARRETOP) $this->global->MAIN_MENU_BARRETOP="default.php";
if (! $this->global->MAIN_MENUFRONT_BARRETOP) $this->global->MAIN_MENUFRONT_BARRETOP="default.php";
if (! $this->global->MAIN_MENU_BARRELEFT) $this->global->MAIN_MENU_BARRELEFT="default.php";
if (! $this->global->MAIN_MENUFRONT_BARRELEFT) $this->global->MAIN_MENUFRONT_BARRELEFT="default.php";
// Variable globales LDAP
if (! $this->global->LDAP_KEY_USERS) $this->global->LDAP_KEY_USERS=$this->global->LDAP_FIELD_FULLNAME;
if (! $this->global->LDAP_KEY_GROUPS) $this->global->LDAP_KEY_GROUPS=$this->global->LDAP_FIELD_FULLNAME;
if (! $this->global->LDAP_KEY_CONTACTS) $this->global->LDAP_KEY_CONTACTS=$this->global->LDAP_FIELD_FULLNAME;
if (! $this->global->LDAP_KEY_MEMBERS) $this->global->LDAP_KEY_MEMBERS=$this->global->LDAP_FIELD_FULLNAME;
/*
* Charge l'objet de traduction et positionne langage courant global
*/
if (! $this->global->MAIN_LANG_DEFAULT) $this->global->MAIN_LANG_DEFAULT="fr_FR";
/*
* Autres parametres globaux de configurations
*/
$this->users->dir_output=DOL_DATA_ROOT."/users";
/*
* Autorisation globale d'uploader (necessaire pour desactiver dans la demo)
* conf->upload peut etre écrasée dans main.inc.php (selon user)
@ -343,11 +342,14 @@ class Conf
* Modification de quelques variable de conf en fonction des Constantes
*/
// Cryped password in database
$this->password_encrypted=($this->global->DATABASE_PWD_ENCRYPTED ? 1 : 0);
// Debug Mode
$this->use_debug_mode=0;
if ($this->global->MAIN_ENABLE_DEBUG_MODE) $this->use_debug_mode=$this->global->MAIN_ENABLE_DEBUG_MODE;
// outils systemes
// System tools
if (! $this->global->SYSTEMTOOLS_MYSQLDUMP) $this->global->SYSTEMTOOLS_MYSQLDUMP="mysqldump";
// societe

66
htdocs/user.class.php
View File

@ -705,9 +705,9 @@ class User
}
// Update minor fields
if ($this->update($user,1,1) < 0)
$result = $this->update($user,1,1);
if ($result < 0)
{
$this->error=$this->db->error();
$this->db->rollback();
return -4;
}
@ -721,7 +721,7 @@ class User
$entrepot->statut = 1;
$entrepot->create($user);
}
if (! $notrigger)
{
// Appel des triggers
@ -823,7 +823,7 @@ class User
*/
function create_from_member($member)
{
global $user,$langs;
global $conf, $user,$langs;
// Positionne paramètres
$this->nom = $member->nom;
@ -841,7 +841,7 @@ class User
$result=$this->create();
if ($result > 0)
{
$result=$this->password($user,$this->pass,0,0,1);
$result=$this->password($user,$this->pass,$conf->password_encrypted);
$sql = "UPDATE ".MAIN_DB_PREFIX."user";
$sql.= " SET fk_member=".$member->id;
@ -974,7 +974,7 @@ class User
if ($this->pass != $this->pass_indatabase && $this->pass != $this->pass_indatabase_crypted)
{
// Si mot de passe saisi et différent de celui en base
$this->password($user,$this->pass,$conf->password_encrypted);
$result=$this->password($user,$this->pass,$conf->password_encrypted,0,$notrigger);
if (! $nbrowsaffected) $nbrowsaffected++;
}
@ -1007,23 +1007,10 @@ class User
$adh->user_login=$this->login;
$result=$adh->update($user,0,1);
if ($result)
if ($result < 0)
{
// Mise a jour mot de passe
if ($this->pass)
{
if ($this->pass != $this->pass_indatabase && $this->pass != $this->pass_indatabase_crypted)
{
// Si mot de passe saisi et différent de celui en base
$adh->password($user,$this->pass,0); // Cryptage non géré dans module adhérent
if (! $nbrowsaffected) $nbrowsaffected++;
}
}
}
else
{
$this->error=$adh->error;
$this->error=$luser->error;
dolibarr_syslog("User::update ".$this->error,LOG_ERROR);
$error++;
}
}
@ -1134,12 +1121,15 @@ class User
* \param noclearpassword 0 ou 1 s'il ne faut pas stocker le mot de passe en clair
* \param changelater 1=Change password only after clicking on confirm email
* \param notrigger 1=Ne declenche pas les triggers
* \param nosyncmember Do not synchronize linked member
* \return string If OK return clear password, 0 if no change, < 0 if error
*/
function password($user, $password='', $noclearpassword=0, $changelater=0, $notrigger=0)
function password($user, $password='', $noclearpassword=0, $changelater=0, $notrigger=0, $nosyncmember=0)
{
global $langs, $conf;
global $conf, $langs;
$error=0;
dolibarr_syslog("User::Password user=".$user->id." password=".eregi_replace('.','*',$password)." noclearpassword=".$noclearpassword." changelater=".$changelater." notrigger=".$notrigger);
// Si nouveau mot de passe non communiqué, on génère par module
@ -1180,7 +1170,31 @@ class User
$this->pass_indatabase=$password;
$this->pass_indatabase_crypted=$password_crypted;
if (! $notrigger)
if ($this->fk_member && ! $nosyncmember)
{
// This user is linked with a member, so we also update members informations
// if this is an update.
$adh=new Adherent($this->db);
$result=$adh->fetch($this->fk_member);
if ($result >= 0)
{
$result=$adh->password($user,$this->pass,0,0,1); // Cryptage non géré dans module adhérent
if ($result < 0)
{
$this->error=$adh->error;
dolibarr_syslog("User::password ".$this->error,LOG_ERROR);
$error++;
}
}
else
{
$this->error=$adh->error;
$error++;
}
}
if (! $error && ! $notrigger)
{
// Appel des triggers
include_once(DOL_DOCUMENT_ROOT . "/interfaces.class.php");

3
htdocs/user/fiche.php
View File

@ -1,7 +1,7 @@
<?php
/* Copyright (C) 2002-2006 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2002-2003 Jean-Louis Bergamo <jlb@j1b.org>
* Copyright (C) 2004-2006 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004-2007 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004 Eric Seigne <eric.seigne@ryxeo.com>
* Copyright (C) 2005-2007 Regis Houssin <regis.houssin@cap-networks.com>
* Copyright (C) 2005 Lionel COUSTEIX <etm_ltd@tiscali.co.uk>
@ -21,7 +21,6 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**