From 70bec953075d5f2873bd5a14f4c10f0cb8ec4d1b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 16 Jan 2023 10:44:39 +0100 Subject: [PATCH 1/9] Fix regression test --- htdocs/core/class/hookmanager.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/hookmanager.class.php b/htdocs/core/class/hookmanager.class.php index 7a6af7b88ec..bcd5a506946 100644 --- a/htdocs/core/class/hookmanager.class.php +++ b/htdocs/core/class/hookmanager.class.php @@ -164,7 +164,7 @@ class HookManager // Define type of hook ('output' or 'addreplace'). $hooktype = 'addreplace'; // TODO Remove hooks with type 'output' (exemple createFrom). All hooks must be converted into 'addreplace' hooks. - if (!in_array($method, array( + if (in_array($method, array( 'createFrom', 'dashboardMembers', 'dashboardEmailings', From acc30da1fe2c25e221d01b6f5e5876aacf30a7e9 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 16 Jan 2023 10:57:31 +0100 Subject: [PATCH 2/9] Fix do not change password if same --- .../triggers/interface_50_modAgenda_ActionsAuto.class.php | 2 +- htdocs/langs/en_US/users.lang | 3 ++- htdocs/user/card.php | 2 +- htdocs/user/class/user.class.php | 4 ++-- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/htdocs/core/triggers/interface_50_modAgenda_ActionsAuto.class.php b/htdocs/core/triggers/interface_50_modAgenda_ActionsAuto.class.php index be78b6ecc18..ae53b01e19b 100644 --- a/htdocs/core/triggers/interface_50_modAgenda_ActionsAuto.class.php +++ b/htdocs/core/triggers/interface_50_modAgenda_ActionsAuto.class.php @@ -931,7 +931,7 @@ class InterfaceActionsAuto extends DolibarrTriggers $object->sendtoid = 0; } else { // TODO Merge all previous cases into this generic one - // $action = BILL_DELETE, TICKET_CREATE, TICKET_MODIFY, TICKET_DELETE, CONTACT_SENTBYMAIL, RECRUITMENTCANDIDATURE_MODIFY, ... + // $action = PASSWORD, BILL_DELETE, TICKET_CREATE, TICKET_MODIFY, TICKET_DELETE, CONTACT_SENTBYMAIL, RECRUITMENTCANDIDATURE_MODIFY, ... // Can also be a value defined by an external module like SENTBYSMS, COMPANY_SENTBYSMS, MEMBER_SENTBYSMS, ... // Note: We are here only if $conf->global->MAIN_AGENDA_ACTIONAUTO_action is on (tested at begining of this function). // Note that these key can be set in agenda setup, only if defined into llx_c_action_trigger diff --git a/htdocs/langs/en_US/users.lang b/htdocs/langs/en_US/users.lang index 2f691153292..05c9ebb339d 100644 --- a/htdocs/langs/en_US/users.lang +++ b/htdocs/langs/en_US/users.lang @@ -66,7 +66,8 @@ LinkedToDolibarrUser=Link to user LinkedToDolibarrThirdParty=Link to third party CreateDolibarrLogin=Create a user CreateDolibarrThirdParty=Create a third party -LoginAccountDisableInDolibarr=Account disabled in Dolibarr. +LoginAccountDisableInDolibarr=Account disabled in Dolibarr +PASSWORDInDolibarr=Password modified in Dolibarr UsePersonalValue=Use personal value ExportDataset_user_1=Users and their properties DomainUser=Domain user %s diff --git a/htdocs/user/card.php b/htdocs/user/card.php index ea47ba10beb..b7254def46a 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -521,7 +521,7 @@ if (empty($reshook)) { } if (!$error) { - $ret = $object->update($user); + $ret = $object->update($user); // This may include call to setPassword if password has changed if ($ret < 0) { $error++; if ($db->errno() == 'DB_ERROR_RECORD_ALREADY_EXISTS') { diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 7e342e64337..d7b93d323e1 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -2031,9 +2031,9 @@ class User extends CommonObject // Update password if (!empty($this->pass)) { - if ($this->pass != $this->pass_indatabase && $this->pass != $this->pass_indatabase_crypted) { + if ($this->pass != $this->pass_indatabase && !dol_verifyHash($this->pass, $this->pass_indatabase_crypted)) { // If a new value for password is set and different than the one crypted into database - $result = $this->setPassword($user, $this->pass, 0, $notrigger, $nosyncmemberpass); + $result = $this->setPassword($user, $this->pass, 0, $notrigger, $nosyncmemberpass, 0, 1); if ($result < 0) { return -5; } From f2f4cdbe6ab8381efa86db1c7dd5eda37e79e554 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 16 Jan 2023 11:48:34 +0100 Subject: [PATCH 3/9] NEW Invalidate all sessions of a user when password is modified. --- htdocs/core/login/functions_dolibarr.php | 12 ------------ htdocs/langs/en_US/errors.lang | 2 ++ htdocs/main.inc.php | 21 +++++++++++++++------ htdocs/user/card.php | 14 ++++++++++++++ htdocs/user/class/user.class.php | 3 +++ 5 files changed, 34 insertions(+), 18 deletions(-) diff --git a/htdocs/core/login/functions_dolibarr.php b/htdocs/core/login/functions_dolibarr.php index b732d2ef64b..5f4b722ea1c 100644 --- a/htdocs/core/login/functions_dolibarr.php +++ b/htdocs/core/login/functions_dolibarr.php @@ -91,18 +91,6 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes dol_syslog("functions_dolibarr::check_user_password_dolibarr bad date end validity", LOG_WARNING); return '--bad-login-validity--'; } - // If there is an invalidation date, check that the current session date is not before this date - if ($obj->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"])) { - dol_syslog("functions_dolibarr::check_user_password_dolibarr user has a date for session invalidation = ".$obj->flagdelsessionsbefore." and session date = ".$_SESSION["dol_logindate"]); - $datetmp = $db->jdate($obj->flagdelsessionsbefore, 'gmt'); - if ($datetmp > $now) { - // Load translation files required by the page - $langs->loadLangs(array('main', 'errors')); - $_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorSessionInvalidatedAfterPasswordChange"); - dol_syslog("functions_dolibarr::check_user_password_dolibarr session was invalidated", LOG_WARNING); - return '--bad-login-validity--'; - } - } $passclear = $obj->pass; $passcrypted = $obj->pass_crypted; diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang index b3eeae4606b..b779c901b54 100644 --- a/htdocs/langs/en_US/errors.lang +++ b/htdocs/langs/en_US/errors.lang @@ -303,6 +303,7 @@ ErrorValueForTooLow=Value for %s is too low ErrorValueCantBeNull=Value for %s can't be null ErrorDateOfMovementLowerThanDateOfFileTransmission=The date of the bank transaction can't be lower than the date of the file transmission ErrorTooMuchFileInForm=Too much files in form, the maximum number is %s file(s) +ErrorSessionInvalidatedAfterPasswordChange=The session was invalidated after a password change. Please relogin. # Warnings WarningParamUploadMaxFileSizeHigherThanPostMaxSize=Your PHP parameter upload_max_filesize (%s) is higher than PHP parameter post_max_size (%s). This is not a consistent setup. @@ -325,6 +326,7 @@ WarningPaymentDateLowerThanInvoiceDate=Payment date (%s) is earlier than invoice WarningTooManyDataPleaseUseMoreFilters=Too many data (more than %s lines). Please use more filters or set the constant %s to a higher limit. WarningSomeLinesWithNullHourlyRate=Some times were recorded by some users while their hourly rate was not defined. A value of 0 %s per hour was used but this may result in wrong valuation of time spent. WarningYourLoginWasModifiedPleaseLogin=Your login was modified. For security purpose you will have to login with your new login before next action. +WarningYourPasswordWasModifiedPleaseLogin=Your password was modified. For security purpose you will have to login now with your new password. WarningAnEntryAlreadyExistForTransKey=An entry already exists for the translation key for this language WarningNumberOfRecipientIsRestrictedInMassAction=Warning, number of different recipient is limited to %s when using the mass actions on lists WarningDateOfLineMustBeInExpenseReportRange=Warning, the date of line is not in the range of the expense report diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 7d764d4a105..b53688de6e7 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -943,26 +943,35 @@ if (!defined('NOLOGIN')) { dol_syslog("- This is an already logged session. _SESSION['dol_login']=".$login." _SESSION['dol_entity']=".$entity, LOG_DEBUG); $resultFetchUser = $user->fetch('', $login, '', 1, ($entity > 0 ? $entity : -1)); - if ($resultFetchUser <= 0) { - // Account has been removed after login - dol_syslog("Can't load user even if session logged. _SESSION['dol_login']=".$login, LOG_WARNING); + if ($resultFetchUser <= 0 || ($user->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION["dol_logindate"])) { + if ($resultFetchUser <= 0) { + // Account has been removed after login + dol_syslog("Can't load user even if session logged. _SESSION['dol_login']=".$login, LOG_WARNING); + } else { + // Session is no more valid + dol_syslog("The user has a date for session invalidation = ".$user->flagdelsessionsbefore." and a session date = ".$_SESSION["dol_logindate"].". We must invalidate its sessions."); + } session_destroy(); session_set_cookie_params(0, '/', null, (empty($dolibarr_main_force_https) ? false : true), true); // Add tag secure and httponly on session cookie session_name($sessionname); session_start(); if ($resultFetchUser == 0) { - // Load translation files required by page $langs->loadLangs(array('main', 'errors')); $_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorCantLoadUserFromDolibarrDatabase", $login); $user->trigger_mesg = 'ErrorCantLoadUserFromDolibarrDatabase - login='.$login; - } - if ($resultFetchUser < 0) { + } elseif ($resultFetchUser < 0) { $_SESSION["dol_loginmesg"] = $user->error; $user->trigger_mesg = $user->error; + } else { + $langs->loadLangs(array('main', 'errors')); + + $_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorSessionInvalidatedAfterPasswordChange"); + + $user->trigger_mesg = 'ErrorUserSessionWasInvalidated - login='.$login; } // Call trigger diff --git a/htdocs/user/card.php b/htdocs/user/card.php index b7254def46a..602bc25eb3a 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -521,6 +521,13 @@ if (empty($reshook)) { } if (!$error) { + $passwordismodified = 0; + if (!empty($object->pass)) { + if ($object->pass != $object->pass_indatabase && !dol_verifyHash($object->pass, $object->pass_indatabase_crypted)) { + $passwordismodified = 1; + } + } + $ret = $object->update($user); // This may include call to setPassword if password has changed if ($ret < 0) { $error++; @@ -615,6 +622,13 @@ if (empty($reshook)) { $langs->load("errors"); setEventMessages($langs->transnoentitiesnoconv("WarningYourLoginWasModifiedPleaseLogin"), null, 'warnings'); } + if ($passwordismodified && $object->login == $user->login) { // Current user has changed its password + $error++; + $langs->load("errors"); + setEventMessages($langs->transnoentitiesnoconv("WarningYourPasswordWasModifiedPleaseLogin"), null, 'warnings'); + header("Location: ".DOL_URL_ROOT.'/user/card.php?id='.$object->id); + exit; + } } else { $db->rollback(); } diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index d7b93d323e1..22556d3e1c2 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -276,6 +276,7 @@ class User extends CommonObject public $datelastlogin; public $datepreviouslogin; + public $flagdelsessionsbefore; public $iplastlogin; public $ippreviouslogin; public $datestartvalidity; @@ -441,6 +442,7 @@ class User extends CommonObject $sql .= " u.tms as datem,"; $sql .= " u.datelastlogin as datel,"; $sql .= " u.datepreviouslogin as datep,"; + $sql .= " u.flagdelsessionsbefore,"; $sql .= " u.iplastlogin,"; $sql .= " u.ippreviouslogin,"; $sql .= " u.datelastpassvalidation,"; @@ -575,6 +577,7 @@ class User extends CommonObject $this->datem = $this->db->jdate($obj->datem); $this->datelastlogin = $this->db->jdate($obj->datel); $this->datepreviouslogin = $this->db->jdate($obj->datep); + $this->flagdelsessionsbefore = $this->db->jdate($obj->flagdelsessionsbefore, 'gmt'); $this->iplastlogin = $obj->iplastlogin; $this->ippreviouslogin = $obj->ippreviouslogin; $this->datestartvalidity = $this->db->jdate($obj->datestartvalidity); From 6af49ff2165712d4789d2265c2b6927d803f46fd Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 16 Jan 2023 12:33:54 +0100 Subject: [PATCH 4/9] Fix warning php8 --- htdocs/main.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index b53688de6e7..2904f576bf7 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -984,7 +984,7 @@ if (!defined('NOLOGIN')) { // Hooks on failed login $action = ''; $hookmanager->initHooks(array('login')); - $parameters = array('dol_authmode'=>$dol_authmode, 'dol_loginmesg'=>$_SESSION["dol_loginmesg"]); + $parameters = array('dol_authmode' => (isset($dol_authmode) ? $dol_authmode : ''), 'dol_loginmesg' => $_SESSION["dol_loginmesg"]); $reshook = $hookmanager->executeHooks('afterLoginFailed', $parameters, $user, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { $error++; From 902351cbaa2d15b4f050509e506ec8e2288f3738 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 16 Jan 2023 15:45:17 +0100 Subject: [PATCH 5/9] Fix phpunit --- test/phpunit/UserTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/phpunit/UserTest.php b/test/phpunit/UserTest.php index f318ae4cbac..9963007af15 100644 --- a/test/phpunit/UserTest.php +++ b/test/phpunit/UserTest.php @@ -204,7 +204,7 @@ class UserTest extends PHPUnit\Framework\TestCase $newlocalobject=new User($this->savdb); $newlocalobject->initAsSpecimen(); $this->changeProperties($newlocalobject); - $this->assertEquals($this->objCompare($localobject, $newlocalobject, true, array('id','socid','societe_id','specimen','note','ref','pass','pass_indatabase','pass_indatabase_crypted','pass_temp','datec','datem','datelastlogin','datepreviouslogin','iplastlogin','ippreviouslogin','trackid')), array()); // Actual, Expected + $this->assertEquals($this->objCompare($localobject, $newlocalobject, true, array('id','socid','societe_id','specimen','note','ref','pass','pass_indatabase','pass_indatabase_crypted','pass_temp','datec','datem','datelastlogin','datepreviouslogin','flagdelsessionsbefore','iplastlogin','ippreviouslogin','trackid')), array()); // Actual, Expected return $localobject; } From 4cf4da973cac0cda9ca70558f8020c683fcf32f5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 16 Jan 2023 20:38:03 +0100 Subject: [PATCH 6/9] Add a method for test/dev purpose --- htdocs/core/login/functions_http.php | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/htdocs/core/login/functions_http.php b/htdocs/core/login/functions_http.php index a23047c8f1c..73f5824c3cd 100644 --- a/htdocs/core/login/functions_http.php +++ b/htdocs/core/login/functions_http.php @@ -63,3 +63,25 @@ function check_user_password_http($usertotest, $passwordtotest, $entitytotest) return $login; } + + +/** + * Decode the value found into the Authorization HTTP header. + * Ex: "Authorization: Basic bG9naW46cGFzcw==", $value is "Basic bG9naW46cGFzcw==" and after base64decode is "login:pass" + * Note: the $_SERVER["REMOTE_USER"] contains only the login used in the HTTP Basic form + * Method not used yet, but we keep it for some dev/test purposes. + * + * @param string $value Ex: $_SERVER["REMOTE_USER"] + * @return Object object.login & object.password + */ +function decodeHttpBasicAuth($value) +{ + $encoded_basic_auth = substr($value, 6); // Remove the "Basic " string + $decoded_basic_auth = base64_decode($encoded_basic_auth); + $credentials_basic_auth = explode(':', $decoded_basic_auth); + + return (object) [ + 'username'=> $credentials_basic_auth[0], + 'password' => $credentials_basic_auth[1] + ]; +} From 7668233d0ce6b0cee0984c266e432d48b3f28603 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 17 Jan 2023 10:22:23 +0100 Subject: [PATCH 7/9] NEW Tooltip to explain how to add a photo on product --- htdocs/core/class/commonobject.class.php | 36 +++++++++++++----------- htdocs/core/lib/functions.lib.php | 4 +-- htdocs/langs/en_US/main.lang | 3 +- 3 files changed, 24 insertions(+), 19 deletions(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 93a3e1b5536..d6be7c463a1 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -8583,21 +8583,21 @@ abstract class CommonObject /** * Show photos of an object (nbmax maximum), into several columns * - * @param string $modulepart 'product', 'ticket', ... - * @param string $sdir Directory to scan (full absolute path) - * @param int $size 0=original size, 1='small' use thumbnail if possible - * @param int $nbmax Nombre maximum de photos (0=pas de max) - * @param int $nbbyrow Number of image per line or -1 to use div separator or 0 to use no separator. Used only if size=1 or 'small'. - * @param int $showfilename 1=Show filename - * @param int $showaction 1=Show icon with action links (resize, delete) - * @param int $maxHeight Max height of original image when size='small' (so we can use original even if small requested). If 0, always use 'small' thumb image. - * @param int $maxWidth Max width of original image when size='small' - * @param int $nolink Do not add a href link to view enlarged imaged into a new tab - * @param int $notitle Do not add title tag on image - * @param int $usesharelink Use the public shared link of image (if not available, the 'nophoto' image will be shown instead) - * @return string Html code to show photo. Number of photos shown is saved in this->nbphoto + * @param string $modulepart 'product', 'ticket', ... + * @param string $sdir Directory to scan (full absolute path) + * @param int $size 0=original size, 1='small' use thumbnail if possible + * @param int $nbmax Nombre maximum de photos (0=pas de max) + * @param int $nbbyrow Number of image per line or -1 to use div separator or 0 to use no separator. Used only if size=1 or 'small'. + * @param int $showfilename 1=Show filename + * @param int $showaction 1=Show icon with action links (resize, delete) + * @param int $maxHeight Max height of original image when size='small' (so we can use original even if small requested). If 0, always use 'small' thumb image. + * @param int $maxWidth Max width of original image when size='small' + * @param int $nolink Do not add a href link to view enlarged imaged into a new tab + * @param int|string $overwritetitle Do not add title tag on image + * @param int $usesharelink Use the public shared link of image (if not available, the 'nophoto' image will be shown instead) + * @return string Html code to show photo. Number of photos shown is saved in this->nbphoto */ - public function show_photos($modulepart, $sdir, $size = 0, $nbmax = 0, $nbbyrow = 5, $showfilename = 0, $showaction = 0, $maxHeight = 120, $maxWidth = 160, $nolink = 0, $notitle = 0, $usesharelink = 0) + public function show_photos($modulepart, $sdir, $size = 0, $nbmax = 0, $nbbyrow = 5, $showfilename = 0, $showaction = 0, $maxHeight = 120, $maxWidth = 160, $nolink = 0, $overwritetitle = 0, $usesharelink = 0) { // phpcs:enable global $conf, $user, $langs; @@ -8700,8 +8700,12 @@ abstract class CommonObject // Si fichier vignette disponible et image source trop grande, on utilise la vignette, sinon on utilise photo origine $alt = $langs->transnoentitiesnoconv('File').': '.$relativefile; $alt .= ' - '.$langs->transnoentitiesnoconv('Size').': '.$imgarray['width'].'x'.$imgarray['height']; - if ($notitle) { - $alt = ''; + if ($overwritetitle) { + if (is_numeric($overwritetitle)) { + $alt = ''; + } else { + $alt = $overwritetitle; + } } $addphotorefcss = 1; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 3e3a87c7bd0..a25d083c251 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -2122,14 +2122,14 @@ function dol_banner_tab($object, $paramid, $morehtml = '', $shownav = 1, $fieldi $maxvisiblephotos = 1; } if ($showimage) { - $morehtmlleft .= '
'.$object->show_photos('product', $conf->product->multidir_output[$entity], 'small', $maxvisiblephotos, 0, 0, 0, $width, 0).'
'; + $morehtmlleft .= '
'.$object->show_photos('product', $conf->product->multidir_output[$entity], 'small', $maxvisiblephotos, 0, 0, 0, 0, $width, 0, '').'
'; } else { if (!empty($conf->global->PRODUCT_NODISPLAYIFNOPHOTO)) { $nophoto = ''; $morehtmlleft .= '
'; } else { // Show no photo link $nophoto = '/public/theme/common/nophoto.png'; - $morehtmlleft .= '
No photo
'; + $morehtmlleft .= '
transnoentitiesnoconv("Documents"))).'" alt="No photo"'.($width ? ' style="width: '.$width.'px"' : '').' src="'.DOL_URL_ROOT.$nophoto.'">
'; } } } elseif ($object->element == 'ticket') { diff --git a/htdocs/langs/en_US/main.lang b/htdocs/langs/en_US/main.lang index e7c7e010266..f65a05ce455 100644 --- a/htdocs/langs/en_US/main.lang +++ b/htdocs/langs/en_US/main.lang @@ -1219,4 +1219,5 @@ NoSpecificContactAddress=No specific contact or address NoSpecificContactAddressBis=This tab is dedicated to force specific contacts or addresses for the current object. Use it only if you want to define one or several specific contacts or addresses for the object when the information on the thirdparty is not enough or not accurate. HideOnVCard=Hide %s AddToContacts=Add address to my contacts -LastAccess=Last access \ No newline at end of file +LastAccess=Last access +UploadAnImageToSeeAPhotoHere=Upload an image from the tab %s to see a photo here \ No newline at end of file From 756a971dadf049ded467dc4e5fca14747331e32c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 17 Jan 2023 11:23:19 +0100 Subject: [PATCH 8/9] NEW Bank name no more mandatory on creation. Can be generated if empty. --- htdocs/societe/paymentmodes.php | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/htdocs/societe/paymentmodes.php b/htdocs/societe/paymentmodes.php index 0166a3a5635..bf4e1135f96 100644 --- a/htdocs/societe/paymentmodes.php +++ b/htdocs/societe/paymentmodes.php @@ -257,13 +257,8 @@ if (empty($reshook)) { if ($action == 'add') { $error = 0; - if (!GETPOST('label', 'alpha') || !GETPOST('bank', 'alpha')) { - if (!GETPOST('label', 'alpha')) { - setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Label")), null, 'errors'); - } - if (!GETPOST('bank', 'alpha')) { - setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("BankName")), null, 'errors'); - } + if (!GETPOST('label', 'alpha')) { + setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Label")), null, 'errors'); $action = 'create'; $error++; } @@ -274,6 +269,8 @@ if (empty($reshook)) { $companybankaccount->socid = $object->id; + $companybankaccount->fetch_thirdparty(); + $companybankaccount->bank = GETPOST('bank', 'alpha'); $companybankaccount->label = GETPOST('label', 'alpha'); $companybankaccount->courant = GETPOST('courant', 'alpha'); @@ -293,6 +290,12 @@ if (empty($reshook)) { $companybankaccount->datec = dol_now(); $companybankaccount->status = 1; + $companybankaccount->bank = trim($companybankaccount->bank); + if (empty($companybankaccount->bank) && !empty($companybankaccount->thirdparty)) { + $companybankaccount->bank = $langs->trans("Bank").' '.$companybankaccount->thirdparty->name; + } + $companybankaccount->bic = str_replace(' ', '', $companybankaccount->bic); + $db->begin(); // This test can be done only once properties were set @@ -1980,7 +1983,7 @@ if ($socid && $action == 'create' && $permissiontoaddupdatepaymentinformation) { print ''.$langs->trans("Label").''; print ''; - print ''.$langs->trans("Bank").''; + print ''.$langs->trans("Bank").''; print ''; // Show fields of bank account From 8ced6d52e745f0ee6ae95f093e24298f2d01df55 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 17 Jan 2023 11:47:16 +0100 Subject: [PATCH 9/9] FIX Component js to generate password --- htdocs/core/ajax/security.php | 9 +++++---- htdocs/core/lib/security2.lib.php | 7 ++++--- htdocs/user/card.php | 14 ++++++++------ 3 files changed, 17 insertions(+), 13 deletions(-) diff --git a/htdocs/core/ajax/security.php b/htdocs/core/ajax/security.php index e5dc91c05d1..b01c952662e 100644 --- a/htdocs/core/ajax/security.php +++ b/htdocs/core/ajax/security.php @@ -36,9 +36,10 @@ if (!defined('NOREQUIREAJAX')) { if (!defined('NOREQUIRESOC')) { define('NOREQUIRESOC', '1'); } -if (!defined('NOREQUIRETRAN')) { +// We need langs because the getRandomPassword may use user language to define some rules of pass generation +/*if (!defined('NOREQUIRETRAN')) { define('NOREQUIRETRAN', '1'); -} +}*/ // Load Dolibarr environment require '../../main.inc.php'; @@ -55,9 +56,9 @@ top_httphead(); //print ''."\n"; -// Registering the location of boxes +// Return a new generated password if ($action) { - if ($action == 'getrandompassword' && ($user->admin || $user->rights->api->apikey->generate)) { + if ($action == 'getrandompassword') { require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php'; $generic = GETPOST('generic') ? true : false; echo getRandomPassword($generic); diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php index 5e4d58103d8..f450d390dff 100644 --- a/htdocs/core/lib/security2.lib.php +++ b/htdocs/core/lib/security2.lib.php @@ -560,10 +560,11 @@ function getRandomPassword($generic = false, $replaceambiguouschars = null, $len * * @param string $htmlname HTML name of element to insert key into * @param string $htmlnameofbutton HTML name of button + * @param int $generic 1=Return a generic pass, 0=Return a pass following setup rules * @return string HTML javascript code to set a password * @see getRandomPassword() */ -function dolJSToSetRandomPassword($htmlname, $htmlnameofbutton = 'generate_token') +function dolJSToSetRandomPassword($htmlname, $htmlnameofbutton = 'generate_token', $generic = 1) { global $conf; @@ -571,10 +572,10 @@ function dolJSToSetRandomPassword($htmlname, $htmlnameofbutton = 'generate_token print "\n".'