lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: Dclenchement des triggers incorrects sur modif mot de passe adhrent ou user

Browse Source
This commit is contained in:
Laurent Destailleur 2007-10-21 20:40:24 +00:00
parent ca208d36a0
commit a8b35537f7
4 changed files with 153 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

204
htdocs/adherents/adherent.class.php
View File

@ -466,7 +466,9 @@ class Adherent
*/
function update($user,$notrigger=0,$nosyncuser=0)
{
global $conf,$langs;
global $conf, $langs;
$nbrowsaffected=0;
$error=0;
dolibarr_syslog("Adherent::update notrigger=".$notrigger.", nosyncuser=".$nosyncuser);
@ -503,113 +505,124 @@ class Adherent
$sql.= ",naiss=" .($this->naiss?"'".$this->db->idate($this->naiss)."'":"null");
if ($this->datefin) $sql.= ",datefin='".$this->db->idate($this->datefin)."'"; // Ne doit etre modifié que par effacement cotisation
if ($this->datevalid) $sql.= ",datevalid='".$this->db->idate($this->datevalid)."'"; // Ne doit etre modifié que par validation adherent
$sql.= " WHERE rowid = ".$this->id;
dolibarr_syslog("Adherent::update sql=".$sql);
$result = $this->db->query($sql);
if (! $result)
$resql = $this->db->query($sql);
if ($resql)
{
$this->error=$this->db->error();
dolibarr_syslog("Adherent::update ".$this->error,LOG_ERROR);
$this->db->rollback();
return -1;
}
$nbrowsaffected+=$this->db->affected_rows($resql);
if (sizeof($this->array_options) > 0)
{
$sql_del = "DELETE FROM ".MAIN_DB_PREFIX."adherent_options WHERE adhid = ".$this->id;
dolibarr_syslog("Adherent::update sql=".$sql_del);
$this->db->query($sql_del);
$sql = "INSERT INTO ".MAIN_DB_PREFIX."adherent_options (adhid";
foreach($this->array_options as $key => $value)
if (sizeof($this->array_options) > 0)
{
// recupere le nom de l'attribut
$attr=substr($key,8);
$sql.=",$attr";
}
$sql .= ") VALUES (".$this->id;
foreach($this->array_options as $key => $value)
{
$sql.=",'".$this->array_options[$key]."'";
}
$sql.=")";
$sql_del = "DELETE FROM ".MAIN_DB_PREFIX."adherent_options WHERE adhid = ".$this->id;
dolibarr_syslog("Adherent::update sql=".$sql_del);
$this->db->query($sql_del);
dolibarr_syslog("Adherent::update sql=".$sql);
$result = $this->db->query($sql);
if (! $result)
{
$this->error=$this->db->error();
dolibarr_syslog("Adherent::update ".$this->error,LOG_ERROR);
$this->db->rollback();
return -2;
}
}
if ($this->user_id && ! $nosyncuser)
{
// This member is linked with a user, so we also update users informations
// if this is an update.
$luser=new User($this->db);
$luser->id=$this->user_id;
$result=$luser->fetch();
if ($result >= 0)
{
$luser->prenom=$this->prenom;
$luser->nom=$this->nom;
$luser->login=$this->user_login;
$luser->pass=$this->pass;
$luser->societe_id=$this->societe;
$luser->email=$this->email;
$luser->office_phone=$this->phone;
$luser->user_mobile=$this->phone_mobile;
$luser->note=$this->commentaire;
$luser->fk_member=$this->id;
$result=$luser->update($user,0,1);
if ($result < 0)
$sql = "INSERT INTO ".MAIN_DB_PREFIX."adherent_options (adhid";
foreach($this->array_options as $key => $value)
{
$this->error=$luser->error;
dolibarr_syslog("Adherent::update ".$this->error,LOG_ERROR);
$error++;
// recupere le nom de l'attribut
$attr=substr($key,8);
$sql.=",$attr";
}
$sql .= ") VALUES (".$this->id;
foreach($this->array_options as $key => $value)
{
$sql.=",'".$this->array_options[$key]."'";
}
$sql.=")";
dolibarr_syslog("Adherent::update sql=".$sql);
$resql = $this->db->query($sql);
if ($resql)
{
$nbrowsaffected+=1;
}
else
{
$this->error=$this->db->error();
dolibarr_syslog("Adherent::update ".$this->error,LOG_ERROR);
$this->db->rollback();
return -2;
}
}
if ($nbrowsaffected)
{
if ($this->user_id && ! $nosyncuser)
{
// This member is linked with a user, so we also update users informations
// if this is an update.
$luser=new User($this->db);
$luser->id=$this->user_id;
$result=$luser->fetch();
if ($result >= 0)
{
$luser->prenom=$this->prenom;
$luser->nom=$this->nom;
$luser->login=$this->user_login;
$luser->pass=$this->pass;
$luser->societe_id=$this->societe;
$luser->email=$this->email;
$luser->office_phone=$this->phone;
$luser->user_mobile=$this->phone_mobile;
$luser->note=$this->commentaire;
$luser->fk_member=$this->id;
$result=$luser->update($user,0,1);
if ($result < 0)
{
$this->error=$luser->error;
dolibarr_syslog("Adherent::update ".$this->error,LOG_ERROR);
$error++;
}
}
else
{
$this->error=$luser->error;
$error++;
}
}
$this->fullname=trim($this->nom.' '.$this->prenom);
if (! $error && ! $notrigger)
{
$this->use_webcal=($conf->global->PHPWEBCALENDAR_MEMBERSTATUS=='always'?1:0);
// Appel des triggers
include_once(DOL_DOCUMENT_ROOT . "/interfaces.class.php");
$interface=new Interfaces($this->db);
$result=$interface->run_triggers('MEMBER_MODIFY',$this,$user,$langs,$conf);
if ($result < 0) { $error++; $this->errors=$interface->errors; }
// Fin appel triggers
}
}
if (! $error)
{
$this->db->commit();
}
else
{
$this->error=$luser->error;
$error++;
$this->db->rollback();
}
}
$this->fullname=trim($this->nom.' '.$this->prenom);
if (! $error && ! $notrigger)
{
$this->use_webcal=($conf->global->PHPWEBCALENDAR_MEMBERSTATUS=='always'?1:0);
// Appel des triggers
include_once(DOL_DOCUMENT_ROOT . "/interfaces.class.php");
$interface=new Interfaces($this->db);
$result=$interface->run_triggers('MEMBER_MODIFY',$this,$user,$langs,$conf);
if ($result < 0) $this->errors=$interface->errors;
// Fin appel triggers
}
if (! $error)
{
$this->db->commit();
return $nbrowsaffected;
}
else
{
$this->db->rollback();
}
return 1;
$this->error=$this->db->lasterror();
dolibarr_syslog("Adherent::update ".$this->error,LOG_ERROR);
return -1;
}
}
@ -694,7 +707,7 @@ class Adherent
* \param user Object user de l'utilisateur qui fait la modification
* \param password Nouveau mot de passe (à générer si non communiqué)
* \param isencrypted 0 ou 1 si il faut crypter le mot de passe en base (0 par défaut)
* \return string mot de passe, < 0 si erreur
* \return string If OK return clear password, 0 if no change, < 0 if error
*/
function password($user, $password='', $isencrypted=0)
{
@ -726,10 +739,11 @@ class Adherent
$sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET pass = '".addslashes($password_indatabase)."'";
$sql.= " WHERE rowid = ".$this->id;
$result = $this->db->query($sql);
dolibarr_syslog("Adherent::Password sql=hidden");
$result = $this->db->query($sql);
if ($result)
{
if ($this->db->affected_rows())
if ($this->db->affected_rows($result))
{
$this->pass=$password;
$this->pass_indatabase=$password_indatabase;
@ -737,14 +751,14 @@ class Adherent
// Appel des triggers
include_once(DOL_DOCUMENT_ROOT . "/interfaces.class.php");
$interface=new Interfaces($this->db);
$result=$interface->run_triggers('MEMBER_NEW_PASSWORD',$this,$user,$lang,$conf);
$result=$interface->run_triggers('MEMBER_NEW_PASSWORD',$this,$user,$langs,$conf);
if ($result < 0) $this->errors=$interface->errors;
// Fin appel triggers
return $this->pass;
}
else {
return -2;
return 0;
}
}
else

4
htdocs/fourn/fiche.php
View File

@ -444,7 +444,7 @@ if ( $societe->fetch($socid) )
{
$contact = new Contact($db);
$contact->fetch($obj->fk_contact);
print '<td><a href="'.DOL_URL_ROOT.'/contact/fiche.php?id='.$obj->fk_contact.'">'.img_object($langs->trans("ShowContact"),"contact").' '.$contact->fullname.'</a></td>';
print '<td><a href="'.DOL_URL_ROOT.'/contact/fiche.php?id='.$obj->fk_contact.'">'.img_object($langs->trans("ShowContact"),"contact").' '.$contact->getFullName($langs).'</a></td>';
} else {
print '<td>&nbsp;</td>';
}
@ -550,7 +550,7 @@ if ( $societe->fetch($socid) )
{
$contact = new Contact($db);
$contact->fetch($obj->fk_contact);
print '<td><a href="'.DOL_URL_ROOT.'/contact/fiche.php?id='.$contact->id.'">'.img_object($langs->trans("ShowContact"),"contact").' '.$contact->fullname.'</a></td>';
print '<td><a href="'.DOL_URL_ROOT.'/contact/fiche.php?id='.$contact->id.'">'.img_object($langs->trans("ShowContact"),"contact").' '.$contact->getFullName($langs).'</a></td>';
}
else
{

57
htdocs/user.class.php
View File

@ -910,7 +910,7 @@ class User
}
/**
* \brief Mise à jour en base d'un utilisateur
* \brief Mise à jour en base d'un utilisateur (sauf info mot de passe)
* \param user User qui fait la mise a jour
* \param notrigger 1 ne declenche pas les triggers, 0 sinon
* \param nosyncmember Do not synchronize linked member
@ -918,8 +918,10 @@ class User
*/
function update($user,$notrigger=0,$nosyncmember=0)
{
global $conf,$langs,$user;
$error=0;
global $conf, $langs;
$nbrowsaffected=0;
$error=0;
dolibarr_syslog("User::update notrigger=".$notrigger.", nosyncmember=".$nosyncmember);
@ -964,7 +966,7 @@ class User
$resql = $this->db->query($sql);
if ($resql)
{
$nbrowsaffected=$this->db->affected_rows($resql);
$nbrowsaffected+=$this->db->affected_rows($resql);
// Mise a jour mot de passe
if ($this->pass)
@ -979,11 +981,11 @@ class User
}
if ($nbrowsaffected)
{
if ($this->fk_member && ! $nosyncmember)
{
// This user is linked with a member, so we also update members informations
// if this is an update.
{
if ($this->fk_member && ! $nosyncmember)
{
// This user is linked with a member, so we also update members informations
// if this is an update.
$adh=new Adherent($this->db);
$result=$adh->fetch($this->fk_member);
@ -1005,7 +1007,21 @@ class User
$adh->user_login=$this->login;
$result=$adh->update($user,0,1);
if ($result < 0)
if ($result)
{
// Mise a jour mot de passe
if ($this->pass)
{
if ($this->pass != $this->pass_indatabase && $this->pass != $this->pass_indatabase_crypted)
{
// Si mot de passe saisi et différent de celui en base
$adh->password($user,$this->pass,0); // Cryptage non géré dans module adhérent
if (! $nbrowsaffected) $nbrowsaffected++;
}
}
}
else
{
$this->error=$adh->error;
$error++;
@ -1024,7 +1040,7 @@ class User
include_once(DOL_DOCUMENT_ROOT . "/interfaces.class.php");
$interface=new Interfaces($this->db);
$result=$interface->run_triggers('USER_MODIFY',$this,$user,$lang,$conf);
if ($result < 0) $error++;
if ($result < 0) { $error++; $this->errors=$interface->errors; }
// Fin appel triggers
}
}
@ -1045,6 +1061,7 @@ class User
$this->db->rollback();
$this->error=$this->db->lasterror();
dolibarr_syslog("User::update ".$this->error,LOG_ERROR);
return -1;
}
@ -1117,13 +1134,13 @@ class User
* \param noclearpassword 0 ou 1 s'il ne faut pas stocker le mot de passe en clair
* \param changelater 1=Change password only after clicking on confirm email
* \param notrigger 1=Ne declenche pas les triggers
* \return string Mot de passe non crypté, < 0 si erreur
* \return string If OK return clear password, 0 if no change, < 0 if error
*/
function password($user, $password='', $noclearpassword=0, $changelater=0, $notrigger=0)
{
global $langs;
global $langs, $conf;
dolibarr_syslog("User::Password user=".$user->id." password=".eregi_replace('.','*',$password)." isencrypted=".$isencrypted." changelater=".$changelater);
dolibarr_syslog("User::Password user=".$user->id." password=".eregi_replace('.','*',$password)." noclearpassword=".$noclearpassword." changelater=".$changelater." notrigger=".$notrigger);
// Si nouveau mot de passe non communiqué, on génère par module
if (! $password)
@ -1152,11 +1169,12 @@ class User
}
$sql.= " WHERE rowid = ".$this->id;
// dolibarr_syslog("User::update sql=".$sql); Pas de trace
//dolibarr_syslog("User::Password sql=hidden");
dolibarr_syslog("User::Password sql=".$sql);
$result = $this->db->query($sql);
if ($result)
{
if ($this->db->affected_rows())
if ($this->db->affected_rows($result))
{
$this->pass=$password;
$this->pass_indatabase=$password;
@ -1167,15 +1185,16 @@ class User
// Appel des triggers
include_once(DOL_DOCUMENT_ROOT . "/interfaces.class.php");
$interface=new Interfaces($this->db);
$result=$interface->run_triggers('USER_NEW_PASSWORD',$this,$user,$lang,$conf);
$result=$interface->run_triggers('USER_NEW_PASSWORD',$this,$user,$langs,$conf);
if ($result < 0) $this->errors=$interface->errors;
// Fin appel triggers
}
return $this->pass;
}
else {
return -2;
else
{
return 0;
}
}
else

8
htdocs/user/passwordforgotten.php
View File

@ -16,12 +16,11 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/user/fiche.php
\brief Onglet user et permissions de la fiche utilisateur
\file htdocs/user/passwordforgotten.php
\brief Page demande nouveau mot de passe
\version $Revision$
*/
@ -46,6 +45,7 @@ if (! $mode) $mode='http';
if ($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK)
accessforbidden();
/**
* Actions
*/
@ -64,7 +64,7 @@ if ($_GET["action"] == 'validatenewpassword' && $_GET["username"] && $_GET["pass
if (md5($edituser->pass_temp) == $_GET["passwordmd5"])
{
$newpassword=$edituser->password($user,$edituser->pass_temp,$conf->password_encrypted,0);
dolibarr_syslog("passwordforgotten.php new password saved in database");
dolibarr_syslog("passwordforgotten.php new password for user->id=".$edituser->id." validated in database");
//session_start();
//$_SESSION["loginmesg"]=$langs->trans("PasswordChanged");
header("Location: ".DOL_URL_ROOT.'/');