lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #23954 from hregis/fix_multicompany_compatibility2

Browse Source 
FIX request new password with "mc" and "twofactor" authentication
This commit is contained in:
Laurent Destailleur 2023-02-19 02:44:25 +01:00 committed by GitHub
commit 9a390935e2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
htdocs/user/class/user.class.php
View File

@ -2359,7 +2359,7 @@ class User extends CommonObject
/**
* Send new password by email
*
* @param User $user Object user that send the email (not the user we send too)
* @param User $user Object user that send the email (not the user we send to) @todo object $user is not used !
* @param string $password New password
* @param int $changelater 0=Send clear passwod into email, 1=Change password only after clicking on confirm email. @todo Add method 2 = Send link to reset password
* @return int < 0 si erreur, > 0 si ok
@ -2425,6 +2425,9 @@ class User extends CommonObject
//print $password.'-'.$this->id.'-'.$dolibarr_main_instance_unique_id;
$url = $urlwithroot.'/user/passwordforgotten.php?action=validatenewpassword';
$url .= '&username='.urlencode($this->login)."&passworduidhash=".urlencode(dol_hash($password.'-'.$this->id.'-'.$dolibarr_main_instance_unique_id));
if (!empty($conf->multicompany->enabled)) {
$url .= '&entity='.(!empty($this->entity) ? $this->entity : 1);
}
$msgishtml = 1;

6
htdocs/user/passwordforgotten.php
View File

@ -87,7 +87,7 @@ if (empty($reshook)) {
// Validate new password
if ($action == 'validatenewpassword' && $username && $passworduidhash) {
$edituser = new User($db);
$result = $edituser->fetch('', $username);
$result = $edituser->fetch('', $username, '', 0, $conf->entity);
if ($result < 0) {
$message = '<div class="error">'.dol_escape_htmltag($langs->trans("ErrorLoginDoesNotExists", $username)).'</div>';
} else {
@ -122,9 +122,9 @@ if (empty($reshook)) {
$isanemail = preg_match('/@/', $username);
$edituser = new User($db);
$result = $edituser->fetch('', $username, '', 1);
$result = $edituser->fetch('', $username, '', 1, $conf->entity);
if ($result == 0 && $isanemail) {
$result = $edituser->fetch('', '', '', 1, -1, $username);
$result = $edituser->fetch('', '', '', 1, $conf->entity, $username);
}
if ($result <= 0 && $edituser->error == 'USERNOTFOUND') {