From a1bd60a614ef4d1f741c482edabbc6c4f3e4e3fc Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 14 Jun 2012 14:08:29 +0200
Subject: [PATCH] Fix: No call of any login method.

---
 htdocs/core/lib/security2.lib.php | 68 ++++++++-----------------------
 1 file changed, 18 insertions(+), 50 deletions(-)

diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php
index bd8ef60f3e1..38bef800d29 100644
--- a/htdocs/core/lib/security2.lib.php
+++ b/htdocs/core/lib/security2.lib.php
@@ -52,7 +52,7 @@ function dol_getwebuser($mode)
 function checkLoginPassEntity($usertotest,$passwordtotest,$entitytotest,$authmode)
 {
 	global $conf,$langs;
-    global $dolauthmode;    // To return authentication finally used
+    //global $dolauthmode;    // To return authentication finally used
 
 	// Check parameetrs
 	if ($entitytotest == '') $entitytotest=1;
@@ -60,52 +60,6 @@ function checkLoginPassEntity($usertotest,$passwordtotest,$entitytotest,$authmod
     dol_syslog("checkLoginPassEntity usertotest=".$usertotest." entitytotest=".$entitytotest." authmode=".join(',',$authmode));
 	$login = '';
 
-	// Validation of login/pass/entity with a third party login module method
-	$dirlogin=array_merge(array("/core/login"),(array) $conf->modules_parts['login']);
-	foreach($dirlogin as $reldir)
-   	{
-   	    $dir=dol_buildpath($reldir,0);
-
-   	    $newdir=dol_osencode($dir);
-
-   		// Check if directory exists
-   		if (! is_dir($newdir)) continue;
-
-   		$handle=opendir($newdir);
-   		if (is_resource($handle))
-   		{
-   			while (($file = readdir($handle))!==false)
-   			{
-   				if (is_readable($dir.'/'.$file) && preg_match('/^functions_([^_]+)\.php/',$file,$reg))
-   				{
-   					$authfile = $dir.'/'.$file;
-   					$mode = $reg[1];
-
-   					$result=include_once($authfile);
-   					if ($result)
-   					{
-   						// Call function to check user/password
-   						$function='check_user_password_'.$mode;
-   						$login=call_user_func($function,$usertotest,$passwordtotest,$entitytotest);
-   						if ($login)
-   						{
-           					$conf->authmode=$mode;	// This properties is defined only when logged to say what mode was successfully used
-   						}
-   					}
-   					else
-   					{
-   						dol_syslog("Authentification ko - failed to load file '".$authfile."'",LOG_ERR);
-   						sleep(1);    // To slow brut force cracking
-   						$langs->load('main');
-   						$langs->load('other');
-   						$_SESSION["dol_loginmesg"]=$langs->trans("ErrorFailedToLoadLoginFileForMode",$mode);
-   					}
-   				}
-   			}
-   		    closedir($handle);
-  		}
-	}
-
 	// Validation of login/pass/entity with standard modules
 	if (empty($login))
 	{
@@ -114,10 +68,24 @@ function checkLoginPassEntity($usertotest,$passwordtotest,$entitytotest,$authmod
     	{
     		if ($test && $mode && ! $login)
     		{
+    		    // Validation of login/pass/entity for mode $mode
     		    $mode=trim($mode);
-    			$authfile=DOL_DOCUMENT_ROOT.'/core/login/functions_'.$mode.'.php';
-    			$result=include_once($authfile);
-    			if ($result)
+        		$authfile='functions_'.$mode.'.php';
+        		$fullauthfile='';
+
+    		    $dirlogin=array_merge(array("/core/login"),(array) $conf->modules_parts['login']);
+    		    foreach($dirlogin as $reldir)
+    		    {
+    		        $dir=dol_buildpath($reldir,0);
+    		        $newdir=dol_osencode($dir);
+
+    		        // Check if file found (do not use dol_is_file to avoid loading files.lib.php)
+    		        if (is_file($newdir.'/'.$authfile)) $fullauthfile=$newdir.'/'.$authfile;
+    		    }
+
+    		    $result=false;
+    		    if ($fullauthfile) $result=include_once($fullauthfile);
+    			if ($fullauthfile && $result)
     			{
     				// Call function to check user/password
     				$function='check_user_password_'.$mode;