From a8b35537f7c4adbf97318e4d29fa29d3bb38c014 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 21 Oct 2007 20:40:24 +0000 Subject: [PATCH] =?UTF-8?q?Fix:=20D=E9clenchement=20des=20triggers=20incor?= =?UTF-8?q?rects=20sur=20modif=20mot=20de=20passe=20adh=E9rent=20ou=20user?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- htdocs/adherents/adherent.class.php | 204 +++++++++++++++------------- htdocs/fourn/fiche.php | 4 +- htdocs/user.class.php | 57 +++++--- htdocs/user/passwordforgotten.php | 8 +- 4 files changed, 153 insertions(+), 120 deletions(-) diff --git a/htdocs/adherents/adherent.class.php b/htdocs/adherents/adherent.class.php index b0173e927c3..4a129702ee3 100644 --- a/htdocs/adherents/adherent.class.php +++ b/htdocs/adherents/adherent.class.php @@ -466,7 +466,9 @@ class Adherent */ function update($user,$notrigger=0,$nosyncuser=0) { - global $conf,$langs; + global $conf, $langs; + + $nbrowsaffected=0; $error=0; dolibarr_syslog("Adherent::update notrigger=".$notrigger.", nosyncuser=".$nosyncuser); @@ -503,113 +505,124 @@ class Adherent $sql.= ",naiss=" .($this->naiss?"'".$this->db->idate($this->naiss)."'":"null"); if ($this->datefin) $sql.= ",datefin='".$this->db->idate($this->datefin)."'"; // Ne doit etre modifié que par effacement cotisation if ($this->datevalid) $sql.= ",datevalid='".$this->db->idate($this->datevalid)."'"; // Ne doit etre modifié que par validation adherent - $sql.= " WHERE rowid = ".$this->id; dolibarr_syslog("Adherent::update sql=".$sql); - $result = $this->db->query($sql); - if (! $result) + $resql = $this->db->query($sql); + if ($resql) { - $this->error=$this->db->error(); - dolibarr_syslog("Adherent::update ".$this->error,LOG_ERROR); - $this->db->rollback(); - return -1; - } + $nbrowsaffected+=$this->db->affected_rows($resql); - if (sizeof($this->array_options) > 0) - { - $sql_del = "DELETE FROM ".MAIN_DB_PREFIX."adherent_options WHERE adhid = ".$this->id; - dolibarr_syslog("Adherent::update sql=".$sql_del); - $this->db->query($sql_del); - - $sql = "INSERT INTO ".MAIN_DB_PREFIX."adherent_options (adhid"; - foreach($this->array_options as $key => $value) + if (sizeof($this->array_options) > 0) { - // recupere le nom de l'attribut - $attr=substr($key,8); - $sql.=",$attr"; - } - $sql .= ") VALUES (".$this->id; - foreach($this->array_options as $key => $value) - { - $sql.=",'".$this->array_options[$key]."'"; - } - $sql.=")"; + $sql_del = "DELETE FROM ".MAIN_DB_PREFIX."adherent_options WHERE adhid = ".$this->id; + dolibarr_syslog("Adherent::update sql=".$sql_del); + $this->db->query($sql_del); - dolibarr_syslog("Adherent::update sql=".$sql); - $result = $this->db->query($sql); - if (! $result) - { - $this->error=$this->db->error(); - dolibarr_syslog("Adherent::update ".$this->error,LOG_ERROR); - $this->db->rollback(); - return -2; - } - } - - if ($this->user_id && ! $nosyncuser) - { - // This member is linked with a user, so we also update users informations - // if this is an update. - $luser=new User($this->db); - $luser->id=$this->user_id; - $result=$luser->fetch(); - - if ($result >= 0) - { - $luser->prenom=$this->prenom; - $luser->nom=$this->nom; - $luser->login=$this->user_login; - $luser->pass=$this->pass; - $luser->societe_id=$this->societe; - - $luser->email=$this->email; - $luser->office_phone=$this->phone; - $luser->user_mobile=$this->phone_mobile; - - $luser->note=$this->commentaire; - - $luser->fk_member=$this->id; - - $result=$luser->update($user,0,1); - if ($result < 0) + $sql = "INSERT INTO ".MAIN_DB_PREFIX."adherent_options (adhid"; + foreach($this->array_options as $key => $value) { - $this->error=$luser->error; - dolibarr_syslog("Adherent::update ".$this->error,LOG_ERROR); - $error++; + // recupere le nom de l'attribut + $attr=substr($key,8); + $sql.=",$attr"; } + $sql .= ") VALUES (".$this->id; + foreach($this->array_options as $key => $value) + { + $sql.=",'".$this->array_options[$key]."'"; + } + $sql.=")"; + + dolibarr_syslog("Adherent::update sql=".$sql); + $resql = $this->db->query($sql); + if ($resql) + { + $nbrowsaffected+=1; + } + else + { + $this->error=$this->db->error(); + dolibarr_syslog("Adherent::update ".$this->error,LOG_ERROR); + $this->db->rollback(); + return -2; + } + } + + if ($nbrowsaffected) + { + if ($this->user_id && ! $nosyncuser) + { + // This member is linked with a user, so we also update users informations + // if this is an update. + $luser=new User($this->db); + $luser->id=$this->user_id; + $result=$luser->fetch(); + + if ($result >= 0) + { + $luser->prenom=$this->prenom; + $luser->nom=$this->nom; + $luser->login=$this->user_login; + $luser->pass=$this->pass; + $luser->societe_id=$this->societe; + + $luser->email=$this->email; + $luser->office_phone=$this->phone; + $luser->user_mobile=$this->phone_mobile; + + $luser->note=$this->commentaire; + + $luser->fk_member=$this->id; + + $result=$luser->update($user,0,1); + if ($result < 0) + { + $this->error=$luser->error; + dolibarr_syslog("Adherent::update ".$this->error,LOG_ERROR); + $error++; + } + } + else + { + $this->error=$luser->error; + $error++; + } + } + + $this->fullname=trim($this->nom.' '.$this->prenom); + + if (! $error && ! $notrigger) + { + $this->use_webcal=($conf->global->PHPWEBCALENDAR_MEMBERSTATUS=='always'?1:0); + + // Appel des triggers + include_once(DOL_DOCUMENT_ROOT . "/interfaces.class.php"); + $interface=new Interfaces($this->db); + $result=$interface->run_triggers('MEMBER_MODIFY',$this,$user,$langs,$conf); + if ($result < 0) { $error++; $this->errors=$interface->errors; } + // Fin appel triggers + } + } + + if (! $error) + { + $this->db->commit(); } else { - $this->error=$luser->error; - $error++; + $this->db->rollback(); } - } - - $this->fullname=trim($this->nom.' '.$this->prenom); - - if (! $error && ! $notrigger) - { - $this->use_webcal=($conf->global->PHPWEBCALENDAR_MEMBERSTATUS=='always'?1:0); - - // Appel des triggers - include_once(DOL_DOCUMENT_ROOT . "/interfaces.class.php"); - $interface=new Interfaces($this->db); - $result=$interface->run_triggers('MEMBER_MODIFY',$this,$user,$langs,$conf); - if ($result < 0) $this->errors=$interface->errors; - // Fin appel triggers - } - - if (! $error) - { - $this->db->commit(); + + return $nbrowsaffected; } else { $this->db->rollback(); - } - return 1; + $this->error=$this->db->lasterror(); + dolibarr_syslog("Adherent::update ".$this->error,LOG_ERROR); + return -1; + } } @@ -694,7 +707,7 @@ class Adherent * \param user Object user de l'utilisateur qui fait la modification * \param password Nouveau mot de passe (à générer si non communiqué) * \param isencrypted 0 ou 1 si il faut crypter le mot de passe en base (0 par défaut) - * \return string mot de passe, < 0 si erreur + * \return string If OK return clear password, 0 if no change, < 0 if error */ function password($user, $password='', $isencrypted=0) { @@ -726,10 +739,11 @@ class Adherent $sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET pass = '".addslashes($password_indatabase)."'"; $sql.= " WHERE rowid = ".$this->id; - $result = $this->db->query($sql); + dolibarr_syslog("Adherent::Password sql=hidden"); + $result = $this->db->query($sql); if ($result) { - if ($this->db->affected_rows()) + if ($this->db->affected_rows($result)) { $this->pass=$password; $this->pass_indatabase=$password_indatabase; @@ -737,14 +751,14 @@ class Adherent // Appel des triggers include_once(DOL_DOCUMENT_ROOT . "/interfaces.class.php"); $interface=new Interfaces($this->db); - $result=$interface->run_triggers('MEMBER_NEW_PASSWORD',$this,$user,$lang,$conf); + $result=$interface->run_triggers('MEMBER_NEW_PASSWORD',$this,$user,$langs,$conf); if ($result < 0) $this->errors=$interface->errors; // Fin appel triggers return $this->pass; } else { - return -2; + return 0; } } else diff --git a/htdocs/fourn/fiche.php b/htdocs/fourn/fiche.php index 0346a0a18a8..4de6ce39e8d 100644 --- a/htdocs/fourn/fiche.php +++ b/htdocs/fourn/fiche.php @@ -444,7 +444,7 @@ if ( $societe->fetch($socid) ) { $contact = new Contact($db); $contact->fetch($obj->fk_contact); - print ''.img_object($langs->trans("ShowContact"),"contact").' '.$contact->fullname.''; + print ''.img_object($langs->trans("ShowContact"),"contact").' '.$contact->getFullName($langs).''; } else { print ' '; } @@ -550,7 +550,7 @@ if ( $societe->fetch($socid) ) { $contact = new Contact($db); $contact->fetch($obj->fk_contact); - print ''.img_object($langs->trans("ShowContact"),"contact").' '.$contact->fullname.''; + print ''.img_object($langs->trans("ShowContact"),"contact").' '.$contact->getFullName($langs).''; } else { diff --git a/htdocs/user.class.php b/htdocs/user.class.php index e5585bec130..8371b266e42 100644 --- a/htdocs/user.class.php +++ b/htdocs/user.class.php @@ -910,7 +910,7 @@ class User } /** - * \brief Mise à jour en base d'un utilisateur + * \brief Mise à jour en base d'un utilisateur (sauf info mot de passe) * \param user User qui fait la mise a jour * \param notrigger 1 ne declenche pas les triggers, 0 sinon * \param nosyncmember Do not synchronize linked member @@ -918,8 +918,10 @@ class User */ function update($user,$notrigger=0,$nosyncmember=0) { - global $conf,$langs,$user; - $error=0; + global $conf, $langs; + + $nbrowsaffected=0; + $error=0; dolibarr_syslog("User::update notrigger=".$notrigger.", nosyncmember=".$nosyncmember); @@ -964,7 +966,7 @@ class User $resql = $this->db->query($sql); if ($resql) { - $nbrowsaffected=$this->db->affected_rows($resql); + $nbrowsaffected+=$this->db->affected_rows($resql); // Mise a jour mot de passe if ($this->pass) @@ -979,11 +981,11 @@ class User } if ($nbrowsaffected) - { - if ($this->fk_member && ! $nosyncmember) - { - // This user is linked with a member, so we also update members informations - // if this is an update. + { + if ($this->fk_member && ! $nosyncmember) + { + // This user is linked with a member, so we also update members informations + // if this is an update. $adh=new Adherent($this->db); $result=$adh->fetch($this->fk_member); @@ -1005,7 +1007,21 @@ class User $adh->user_login=$this->login; $result=$adh->update($user,0,1); - if ($result < 0) + if ($result) + { + // Mise a jour mot de passe + if ($this->pass) + { + if ($this->pass != $this->pass_indatabase && $this->pass != $this->pass_indatabase_crypted) + { + // Si mot de passe saisi et différent de celui en base + $adh->password($user,$this->pass,0); // Cryptage non géré dans module adhérent + + if (! $nbrowsaffected) $nbrowsaffected++; + } + } + } + else { $this->error=$adh->error; $error++; @@ -1024,7 +1040,7 @@ class User include_once(DOL_DOCUMENT_ROOT . "/interfaces.class.php"); $interface=new Interfaces($this->db); $result=$interface->run_triggers('USER_MODIFY',$this,$user,$lang,$conf); - if ($result < 0) $error++; + if ($result < 0) { $error++; $this->errors=$interface->errors; } // Fin appel triggers } } @@ -1045,6 +1061,7 @@ class User $this->db->rollback(); $this->error=$this->db->lasterror(); + dolibarr_syslog("User::update ".$this->error,LOG_ERROR); return -1; } @@ -1117,13 +1134,13 @@ class User * \param noclearpassword 0 ou 1 s'il ne faut pas stocker le mot de passe en clair * \param changelater 1=Change password only after clicking on confirm email * \param notrigger 1=Ne declenche pas les triggers - * \return string Mot de passe non crypté, < 0 si erreur + * \return string If OK return clear password, 0 if no change, < 0 if error */ function password($user, $password='', $noclearpassword=0, $changelater=0, $notrigger=0) { - global $langs; + global $langs, $conf; - dolibarr_syslog("User::Password user=".$user->id." password=".eregi_replace('.','*',$password)." isencrypted=".$isencrypted." changelater=".$changelater); + dolibarr_syslog("User::Password user=".$user->id." password=".eregi_replace('.','*',$password)." noclearpassword=".$noclearpassword." changelater=".$changelater." notrigger=".$notrigger); // Si nouveau mot de passe non communiqué, on génère par module if (! $password) @@ -1152,11 +1169,12 @@ class User } $sql.= " WHERE rowid = ".$this->id; - // dolibarr_syslog("User::update sql=".$sql); Pas de trace + //dolibarr_syslog("User::Password sql=hidden"); + dolibarr_syslog("User::Password sql=".$sql); $result = $this->db->query($sql); if ($result) { - if ($this->db->affected_rows()) + if ($this->db->affected_rows($result)) { $this->pass=$password; $this->pass_indatabase=$password; @@ -1167,15 +1185,16 @@ class User // Appel des triggers include_once(DOL_DOCUMENT_ROOT . "/interfaces.class.php"); $interface=new Interfaces($this->db); - $result=$interface->run_triggers('USER_NEW_PASSWORD',$this,$user,$lang,$conf); + $result=$interface->run_triggers('USER_NEW_PASSWORD',$this,$user,$langs,$conf); if ($result < 0) $this->errors=$interface->errors; // Fin appel triggers } return $this->pass; } - else { - return -2; + else + { + return 0; } } else diff --git a/htdocs/user/passwordforgotten.php b/htdocs/user/passwordforgotten.php index fbf8776782f..3659d058e26 100644 --- a/htdocs/user/passwordforgotten.php +++ b/htdocs/user/passwordforgotten.php @@ -16,12 +16,11 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * * $Id$ - * $Source$ */ /** - \file htdocs/user/fiche.php - \brief Onglet user et permissions de la fiche utilisateur + \file htdocs/user/passwordforgotten.php + \brief Page demande nouveau mot de passe \version $Revision$ */ @@ -46,6 +45,7 @@ if (! $mode) $mode='http'; if ($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK) accessforbidden(); + /** * Actions */ @@ -64,7 +64,7 @@ if ($_GET["action"] == 'validatenewpassword' && $_GET["username"] && $_GET["pass if (md5($edituser->pass_temp) == $_GET["passwordmd5"]) { $newpassword=$edituser->password($user,$edituser->pass_temp,$conf->password_encrypted,0); - dolibarr_syslog("passwordforgotten.php new password saved in database"); + dolibarr_syslog("passwordforgotten.php new password for user->id=".$edituser->id." validated in database"); //session_start(); //$_SESSION["loginmesg"]=$langs->trans("PasswordChanged"); header("Location: ".DOL_URL_ROOT.'/');