From 992fe1286d5b17f83e2248e98f4df80eb430de18 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Sat, 18 Feb 2023 16:08:19 +0100 Subject: [PATCH 1/4] FIX request new password with "mc" and "twofactor" authentication --- htdocs/user/class/user.class.php | 3 +++ htdocs/user/passwordforgotten.php | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 9a495a04a91..9ee9bcae43e 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -2425,6 +2425,9 @@ class User extends CommonObject //print $password.'-'.$this->id.'-'.$dolibarr_main_instance_unique_id; $url = $urlwithroot.'/user/passwordforgotten.php?action=validatenewpassword'; $url .= '&username='.urlencode($this->login)."&passworduidhash=".urlencode(dol_hash($password.'-'.$this->id.'-'.$dolibarr_main_instance_unique_id)); + if (!empty($conf->multicompany->enabled)) { + $url .= '&entity='.(!empty($user->entity) ? $user->entity : 1); + } $msgishtml = 1; diff --git a/htdocs/user/passwordforgotten.php b/htdocs/user/passwordforgotten.php index dabac0727dc..c529dcc0e19 100644 --- a/htdocs/user/passwordforgotten.php +++ b/htdocs/user/passwordforgotten.php @@ -87,7 +87,7 @@ if (empty($reshook)) { // Validate new password if ($action == 'validatenewpassword' && $username && $passworduidhash) { $edituser = new User($db); - $result = $edituser->fetch('', $username); + $result = $edituser->fetch('', $username, '', 0, $conf->entity); if ($result < 0) { $message = '
'.dol_escape_htmltag($langs->trans("ErrorLoginDoesNotExists", $username)).'
'; } else { @@ -122,9 +122,9 @@ if (empty($reshook)) { $isanemail = preg_match('/@/', $username); $edituser = new User($db); - $result = $edituser->fetch('', $username, '', 1); + $result = $edituser->fetch('', $username, '', 1, $conf->entity); if ($result == 0 && $isanemail) { - $result = $edituser->fetch('', '', '', 1, -1, $username); + $result = $edituser->fetch('', '', '', 1, $conf->entity, $username); } if ($result <= 0 && $edituser->error == 'USERNOTFOUND') { From 5b81880b9721f4ddb26725887c3b98e5d12354e3 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Sat, 18 Feb 2023 16:24:56 +0100 Subject: [PATCH 2/4] FIX object $user is not defined --- htdocs/user/class/user.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 9ee9bcae43e..f5566cc30e7 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -2426,7 +2426,7 @@ class User extends CommonObject $url = $urlwithroot.'/user/passwordforgotten.php?action=validatenewpassword'; $url .= '&username='.urlencode($this->login)."&passworduidhash=".urlencode(dol_hash($password.'-'.$this->id.'-'.$dolibarr_main_instance_unique_id)); if (!empty($conf->multicompany->enabled)) { - $url .= '&entity='.(!empty($user->entity) ? $user->entity : 1); + $url .= '&entity='.(!empty($this->entity) ? $this->entity : 1); } $msgishtml = 1; From 50721f8df3eb8399930d4f7b7dd2c5e3e1012a39 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Sat, 18 Feb 2023 16:31:59 +0100 Subject: [PATCH 3/4] TODO object $user parameter is not use in send_password() ! --- htdocs/user/class/user.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index f5566cc30e7..752cbf15c34 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -2359,7 +2359,7 @@ class User extends CommonObject /** * Send new password by email * - * @param User $user Object user that send the email (not the user we send too) + * @param User $user Object user that send the email (not the user we send too) @todo object $user is not used ! * @param string $password New password * @param int $changelater 0=Send clear passwod into email, 1=Change password only after clicking on confirm email. @todo Add method 2 = Send link to reset password * @return int < 0 si erreur, > 0 si ok From 35d496de3876859952774cdb1a280b0ca22519ea Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 19 Feb 2023 02:41:53 +0100 Subject: [PATCH 4/4] Update user.class.php --- htdocs/user/class/user.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 752cbf15c34..3329e4fe71e 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -2359,7 +2359,7 @@ class User extends CommonObject /** * Send new password by email * - * @param User $user Object user that send the email (not the user we send too) @todo object $user is not used ! + * @param User $user Object user that send the email (not the user we send to) @todo object $user is not used ! * @param string $password New password * @param int $changelater 0=Send clear passwod into email, 1=Change password only after clicking on confirm email. @todo Add method 2 = Send link to reset password * @return int < 0 si erreur, > 0 si ok