From 992fe1286d5b17f83e2248e98f4df80eb430de18 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@inodbox.com>
Date: Sat, 18 Feb 2023 16:08:19 +0100
Subject: [PATCH] FIX request new password with "mc" and "twofactor"
 authentication

---
 htdocs/user/class/user.class.php  | 3 +++
 htdocs/user/passwordforgotten.php | 6 +++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index 9a495a04a91..9ee9bcae43e 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -2425,6 +2425,9 @@ class User extends CommonObject
 			//print $password.'-'.$this->id.'-'.$dolibarr_main_instance_unique_id;
 			$url = $urlwithroot.'/user/passwordforgotten.php?action=validatenewpassword';
 			$url .= '&username='.urlencode($this->login)."&passworduidhash=".urlencode(dol_hash($password.'-'.$this->id.'-'.$dolibarr_main_instance_unique_id));
+			if (!empty($conf->multicompany->enabled)) {
+				$url .= '&entity='.(!empty($user->entity) ? $user->entity : 1);
+			}
 
 			$msgishtml = 1;
 
diff --git a/htdocs/user/passwordforgotten.php b/htdocs/user/passwordforgotten.php
index dabac0727dc..c529dcc0e19 100644
--- a/htdocs/user/passwordforgotten.php
+++ b/htdocs/user/passwordforgotten.php
@@ -87,7 +87,7 @@ if (empty($reshook)) {
 	// Validate new password
 	if ($action == 'validatenewpassword' && $username && $passworduidhash) {
 		$edituser = new User($db);
-		$result = $edituser->fetch('', $username);
+		$result = $edituser->fetch('', $username, '', 0, $conf->entity);
 		if ($result < 0) {
 			$message = '<div class="error">'.dol_escape_htmltag($langs->trans("ErrorLoginDoesNotExists", $username)).'</div>';
 		} else {
@@ -122,9 +122,9 @@ if (empty($reshook)) {
 			$isanemail = preg_match('/@/', $username);
 
 			$edituser = new User($db);
-			$result = $edituser->fetch('', $username, '', 1);
+			$result = $edituser->fetch('', $username, '', 1, $conf->entity);
 			if ($result == 0 && $isanemail) {
-				$result = $edituser->fetch('', '', '', 1, -1, $username);
+				$result = $edituser->fetch('', '', '', 1, $conf->entity, $username);
 			}
 
 			if ($result <= 0 && $edituser->error == 'USERNOTFOUND') {