From d1ed609684b69d695741392d95376c2e4e954f84 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 1 May 2011 10:48:43 +0000 Subject: [PATCH] Qual: Removed TODO. Now all password generation use the password generator module. --- htdocs/adherents/fiche.php | 12 +- htdocs/admin/events.php | 6 +- htdocs/compta/bank/class/account.class.php | 15 +- .../actions_contactcard_common.class.php | 11 +- htdocs/contact/class/contact.class.php | 40 +++- htdocs/contact/fiche.php | 11 +- .../includes/modules/security/generate/README | 38 ++++ .../generate/modGeneratePassNone.class.php | 24 +-- .../modGeneratePassStandard.class.php | 22 +-- .../security/generate/modules_genpassword.php | 2 +- htdocs/lib/security.lib.php | 176 ++++++++++-------- htdocs/societe/class/societe.class.php | 21 ++- htdocs/user/class/user.class.php | 125 ++----------- htdocs/user/fiche.php | 13 +- 14 files changed, 249 insertions(+), 267 deletions(-) create mode 100755 htdocs/includes/modules/security/generate/README diff --git a/htdocs/adherents/fiche.php b/htdocs/adherents/fiche.php index e770c94c863..d5c12192b03 100644 --- a/htdocs/adherents/fiche.php +++ b/htdocs/adherents/fiche.php @@ -671,16 +671,8 @@ if ($action == 'create') // Password if (empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED)) { - $generated_password=''; - if ($conf->global->USER_PASSWORD_GENERATED) - { - $nomclass="modGeneratePass".ucfirst($conf->global->USER_PASSWORD_GENERATED); - $nomfichier=$nomclass.".class.php"; - //print DOL_DOCUMENT_ROOT."/includes/modules/security/generate/".$nomclass; - require_once(DOL_DOCUMENT_ROOT."/includes/modules/security/generate/".$nomfichier); - $genhandler=new $nomclass($db,$conf,$langs,$user); - $generated_password=$genhandler->getNewGeneratedPassword(); - } + include_once(DOL_DOCUMENT_ROOT.'/lib/security.lib.php'); + $generated_password=getRandomPassword(''); print ''.$langs->trans("Password").''; print ''; print ''; diff --git a/htdocs/admin/events.php b/htdocs/admin/events.php index 28947147204..85accd21fd7 100644 --- a/htdocs/admin/events.php +++ b/htdocs/admin/events.php @@ -1,5 +1,5 @@ +/* Copyright (C) 2008-2011 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -31,11 +31,11 @@ require_once(DOL_DOCUMENT_ROOT."/lib/agenda.lib.php"); if (!$user->admin) accessforbidden(); - +$langs->load("users"); $langs->load("admin"); $langs->load("other"); -$action=$_POST["action"]; +$action=GETPOST("action"); // List of all events supported by triggers diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index 521a8f13ade..85715000374 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -531,13 +531,20 @@ class Account extends CommonObject /** * Load a bank account into memory from database - * @param id Id du compte a recuperer - * @param ref Ref du compte a recuperer + * @param id Id of bank account to get + * @param ref Ref of bank account to get + * @param ref_ext External ref of bank account to get */ - function fetch($id,$ref='') + function fetch($id,$ref='',$ref_ext='') { global $conf; + if (empty($id) && empty($ref) && empty($ref_ext)) + { + $this->error="ErrorBadParameters"; + return -1; + } + $sql = "SELECT ba.rowid, ba.ref, ba.label, ba.bank, ba.number, ba.courant, ba.clos, ba.rappro, ba.url,"; $sql.= " ba.code_banque, ba.code_guichet, ba.cle_rib, ba.bic, ba.iban_prefix as iban,"; $sql.= " ba.domiciliation, ba.proprio, ba.adresse_proprio, ba.fk_departement, ba.fk_pays,"; @@ -1091,7 +1098,7 @@ class AccountLine extends CommonObject if ($this->rappro) { - // Protection pour eviter tout suppression d'une ligne consolid�e + // Protection to avoid any delete of consolidated lines $this->error="DeleteNotPossibleLineIsConsolidated"; return -1; } diff --git a/htdocs/contact/canvas/actions_contactcard_common.class.php b/htdocs/contact/canvas/actions_contactcard_common.class.php index 3629dfe71f9..d651eba1bd5 100644 --- a/htdocs/contact/canvas/actions_contactcard_common.class.php +++ b/htdocs/contact/canvas/actions_contactcard_common.class.php @@ -334,15 +334,8 @@ class ActionsContactCardCommon $generated_password=''; if (! $ldap_sid) { - if ($conf->global->USER_PASSWORD_GENERATED) - { - $nomclass="modGeneratePass".ucfirst($conf->global->USER_PASSWORD_GENERATED); - $nomfichier=$nomclass.".class.php"; - //print DOL_DOCUMENT_ROOT."/includes/modules/security/generate/".$nomclass; - require_once(DOL_DOCUMENT_ROOT."/includes/modules/security/generate/".$nomfichier); - $genhandler=new $nomclass($this->db,$conf,$langs,$user); - $generated_password=$genhandler->getNewGeneratedPassword(); - } + include_once(DOL_DOCUMENT_ROOT.'/lib/security.lib.php'); + $generated_password=getRandomPassword(''); } $password=$generated_password; diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index 3a2db8aaf59..43560fd3fe3 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -490,7 +490,8 @@ class Contact extends CommonObject $this->fk_pays = $obj->fk_pays; $this->pays_code = $obj->fk_pays?$obj->pays_code:''; $this->pays = ($obj->fk_pays > 0)?$langs->transnoentities("Country".$obj->pays_code):$langs->transnoentities("SelectCountry"); - + $this->country = ($obj->fk_pays > 0)?$langs->transnoentities("Country".$obj->pays_code):$langs->transnoentities("SelectCountry"); + $this->socid = $obj->fk_soc; $this->socname = $obj->socname; $this->poste = $obj->poste; @@ -788,12 +789,12 @@ class Contact extends CommonObject } /** - * \brief Renvoie nom clicable (avec eventuellement le picto) - * \param withpicto Inclut le picto dans le lien - * \param option Sur quoi pointe le lien - * \param maxlen Longueur max libelle - * \return string Chaine avec URL - * \remarks Utilise $this->id, $this->name et $this->firstname + * Return name of contact with link (and eventually picto) + * Use $this->id, $this->name, $this->firstname, this->civilite_id + * @param withpicto Include picto with link + * @param option Where the link point to + * @param maxlen Max length of + * @return string String with URL */ function getNomUrl($withpicto=0,$option='',$maxlen=0) { @@ -816,6 +817,31 @@ class Contact extends CommonObject } + /** + * Return full address of contact + * @param withcountry 1=Add country into address string + * @param sep Separator to use to build string + * @return string Full address string + */ + function getFullAddress($withcountry=0,$sep="\n") + { + $ret=''; + if (in_array($this->country,array('us'))) + { + $ret.=($this->address?$this->address.$sep:''); + $ret.=trim($this->zip.' '.$this->town); + if ($withcountry) $ret.=($this->country?$sep.$this->country:''); + } + else + { + $ret.=($this->address?$this->address.$sep:''); + $ret.=trim($this->zip.' '.$this->town); + if ($withcountry) $ret.=($this->country?$sep.$this->country:''); + } + return trim($ret); + } + + /** * Return label of a civility contact * @return string Translated name of civility diff --git a/htdocs/contact/fiche.php b/htdocs/contact/fiche.php index e13f90e3967..980a1ad335b 100644 --- a/htdocs/contact/fiche.php +++ b/htdocs/contact/fiche.php @@ -759,15 +759,8 @@ else $generated_password=''; if (! $ldap_sid) // TODO ldap_sid ? { - if ($conf->global->USER_PASSWORD_GENERATED) - { - $nomclass="modGeneratePass".ucfirst($conf->global->USER_PASSWORD_GENERATED); - $nomfichier=$nomclass.".class.php"; - //print DOL_DOCUMENT_ROOT."/includes/modules/security/generate/".$nomclass; - require_once(DOL_DOCUMENT_ROOT."/includes/modules/security/generate/".$nomfichier); - $genhandler=new $nomclass($db,$conf,$langs,$user); - $generated_password=$genhandler->getNewGeneratedPassword(); - } + include_once(DOL_DOCUMENT_ROOT.'/lib/security.lib.php'); + $generated_password=getRandomPassword(''); } $password=$generated_password; diff --git a/htdocs/includes/modules/security/generate/README b/htdocs/includes/modules/security/generate/README new file mode 100755 index 00000000000..15aa41188ba --- /dev/null +++ b/htdocs/includes/modules/security/generate/README @@ -0,0 +1,38 @@ +README (english) +------------------------------------ +Adding your own password generator module +------------------------------------ + + +If you want to add your own password generator module. This is steps to follow +to add you own password generator: + + +***** STEP 1 ***** + +Copy file +htdocs/includes/modules/security/modGeneratePassNone.class.php +into +htdocs/includes/modules/mailings/modMyGenerator.class.php + +You can choose value of your choice instead of "myGenerator" in name +of new file. + + +***** STEP 2 ***** + +Edit this file modMyGenerator.class.php and change following text: + +"class modGeneratePassNone" into "class modMyGenerator" +"function modGeneratePassNone" into "function modMyGenerator" + +Then add code inside the "getDecription" function. +Then add code inside the "getExample" function. +Then add code inside the "getNewGeneratedPassword" function. +Then add code inside the "validatePassword" function. + + +***** STEP 3 ***** + +Once this file has been edited, you can go to the Dolibarr security setup, +choose tab "passwords", you will see a new line generator in the "Rules to generate passwords" area. diff --git a/htdocs/includes/modules/security/generate/modGeneratePassNone.class.php b/htdocs/includes/modules/security/generate/modGeneratePassNone.class.php index 98976f1a584..e3a1d8acbcf 100644 --- a/htdocs/includes/modules/security/generate/modGeneratePassNone.class.php +++ b/htdocs/includes/modules/security/generate/modGeneratePassNone.class.php @@ -1,5 +1,5 @@ +/* Copyright (C) 2006-2011 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -43,11 +43,11 @@ class modGeneratePassNone extends ModeleGenPassword /** - * \brief Constructeur - * \param db Handler d'acc�s base + * \brief Constructor + * \param db Database handler * \param conf Handler de conf * \param lang Handler de langue - * \param user Handler du user connect� + * \param user Handler du user connecte */ function modGeneratePassNone($db, $conf, $langs, $user) { @@ -61,8 +61,8 @@ class modGeneratePassNone extends ModeleGenPassword } /** - * \brief Renvoi la description du module - * \return string Texte descripif + * Return description of module + * @return string Description of text */ function getDescription() { @@ -71,8 +71,8 @@ class modGeneratePassNone extends ModeleGenPassword } /** - * \brief Renvoie exemple de mot de passe g�n�r� par cette r�gle - * \return string Exemple + * Return an example of password generated by this module + * @return string Example of password */ function getExample() { @@ -80,8 +80,8 @@ class modGeneratePassNone extends ModeleGenPassword } /** - * \brief Build new password - * \return string Return a new generated password + * Build new password + * @return string Return a new generated password */ function getNewGeneratedPassword() { @@ -89,8 +89,8 @@ class modGeneratePassNone extends ModeleGenPassword } /** - * \brief Validate a password - * \return int 0 if KO, >0 if OK + * Validate a password + * @return int 0 if KO, >0 if OK */ function validatePassword($password) { diff --git a/htdocs/includes/modules/security/generate/modGeneratePassStandard.class.php b/htdocs/includes/modules/security/generate/modGeneratePassStandard.class.php index 73e245e7556..6437181d229 100644 --- a/htdocs/includes/modules/security/generate/modGeneratePassStandard.class.php +++ b/htdocs/includes/modules/security/generate/modGeneratePassStandard.class.php @@ -1,5 +1,5 @@ +/* Copyright (C) 2006-2011 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -43,8 +43,8 @@ class modGeneratePassStandard extends ModeleGenPassword /** - * \brief Constructeur - * \param db Handler d'acces base + * \brief Constructor + * \param db Database handler * \param conf Handler de conf * \param lang Handler de langue * \param user Handler du user connecte @@ -61,8 +61,8 @@ class modGeneratePassStandard extends ModeleGenPassword } /** - * \brief Renvoi la description du module - * \return string Texte descripif + * Return description of module + * @return string Description of module */ function getDescription() { @@ -71,8 +71,8 @@ class modGeneratePassStandard extends ModeleGenPassword } /** - * \brief Renvoie exemple de mot de passe genere par cette regle - * \return string Exemple + * Return an example of password generated by this module + * @return string Example of password */ function getExample() { @@ -80,8 +80,8 @@ class modGeneratePassStandard extends ModeleGenPassword } /** - * \brief Build new password - * \return string Return a new generated password + * Build new password + * @return string Return a new generated password */ function getNewGeneratedPassword() { @@ -115,8 +115,8 @@ class modGeneratePassStandard extends ModeleGenPassword } /** - * \brief Validate a password - * \return int 0 if KO, >0 if OK + * Validate a password + * @return int 0 if KO, >0 if OK */ function validatePassword($password) { diff --git a/htdocs/includes/modules/security/generate/modules_genpassword.php b/htdocs/includes/modules/security/generate/modules_genpassword.php index 4df7e64fa30..a326d8c40c0 100644 --- a/htdocs/includes/modules/security/generate/modules_genpassword.php +++ b/htdocs/includes/modules/security/generate/modules_genpassword.php @@ -20,7 +20,7 @@ /** * \file htdocs/includes/modules/security/generate/modules_genpassword.php * \ingroup core - * \brief Fichier contenant la classe m�re de generation des mots de passe + * \brief File with parent class for password generating classes * \version $Id$ */ require_once(DOL_DOCUMENT_ROOT.'/lib/functions.lib.php'); diff --git a/htdocs/lib/security.lib.php b/htdocs/lib/security.lib.php index 9379b41ca0b..c403c7958d0 100644 --- a/htdocs/lib/security.lib.php +++ b/htdocs/lib/security.lib.php @@ -41,39 +41,39 @@ function getLoginMethod() if (!is_dir($dir)) continue; $handle=opendir($dir); - if (is_resource($handle)) - { - while (($file = readdir($handle))!==false) - { - if (is_readable($dir.'/'.$file) && preg_match('/^functions_([^_]+)\.php/',$file,$reg)) - { - $authfile = $dir.'/'.$file; - $mode = $reg[1]; + if (is_resource($handle)) + { + while (($file = readdir($handle))!==false) + { + if (is_readable($dir.'/'.$file) && preg_match('/^functions_([^_]+)\.php/',$file,$reg)) + { + $authfile = $dir.'/'.$file; + $mode = $reg[1]; - $result=include_once($authfile); - if ($result) - { - // Call function to check user/password - $usertotest=$_POST["username"]; - $passwordtotest=$_POST["password"]; - $function='check_user_password_'.$mode; - $login=$function($usertotest,$passwordtotest); - if ($login) - { - $conf->authmode=$mode; // This properties is defined only when logged - } - } - else - { - dol_syslog("Authentification ko - failed to load file '".$authfile."'",LOG_ERR); - sleep(1); - $langs->load('main'); - $langs->load('other'); - $_SESSION["dol_loginmesg"]=$langs->trans("ErrorFailedToLoadLoginFileForMode",$mode); - } - } - } - } + $result=include_once($authfile); + if ($result) + { + // Call function to check user/password + $usertotest=$_POST["username"]; + $passwordtotest=$_POST["password"]; + $function='check_user_password_'.$mode; + $login=$function($usertotest,$passwordtotest); + if ($login) + { + $conf->authmode=$mode; // This properties is defined only when logged + } + } + else + { + dol_syslog("Authentification ko - failed to load file '".$authfile."'",LOG_ERR); + sleep(1); + $langs->load('main'); + $langs->load('other'); + $_SESSION["dol_loginmesg"]=$langs->trans("ErrorFailedToLoadLoginFileForMode",$mode); + } + } + } + } closedir($handle); } return $login; @@ -96,7 +96,7 @@ function dol_loginfunction($langs,$conf,$mysoc) $langs->load("main"); $langs->load("other"); $langs->load("help"); - $langs->load("admin"); + $langs->load("admin"); $main_authentication=$conf->file->main_authentication; $session_name=session_name(); @@ -111,7 +111,7 @@ function dol_loginfunction($langs,$conf,$mysoc) if (! empty($conf->global->MAIN_APPLICATION_TITLE)) $title=$conf->global->MAIN_APPLICATION_TITLE; // Select templates - if (preg_match('/^smartphone/',$conf->smart_menu) && isset($conf->browser->phone)) + if (preg_match('/^smartphone/',$conf->smart_menu) && isset($conf->browser->phone)) { $template_dir = DOL_DOCUMENT_ROOT.'/theme/phones/smartphone/tpl/'; } @@ -131,7 +131,7 @@ function dol_loginfunction($langs,$conf,$mysoc) $conf_css = DOL_URL_ROOT.$conf->css; // Set cookie for timeout management - $prefix=dol_getprefix(); + $prefix=dol_getprefix(); $sessiontimeout='DOLSESSTIMEOUT_'.$prefix; if (! empty($conf->global->MAIN_SESSION_TIMEOUT)) setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", '', 0); @@ -276,13 +276,13 @@ function makesalt($type=CRYPT_SALT_LENGTH) dol_syslog("security.lib.php::makesalt type=".$type); switch($type) { - case 12: // 8 + 4 - $saltlen=8; $saltprefix='$1$'; $saltsuffix='$'; break; - case 8: // 8 + 4 (Pour compatibilite, ne devrait pas etre utilise) - $saltlen=8; $saltprefix='$1$'; $saltsuffix='$'; break; - case 2: // 2 - default: // by default, fall back on Standard DES (should work everywhere) - $saltlen=2; $saltprefix=''; $saltsuffix=''; break; + case 12: // 8 + 4 + $saltlen=8; $saltprefix='$1$'; $saltsuffix='$'; break; + case 8: // 8 + 4 (Pour compatibilite, ne devrait pas etre utilise) + $saltlen=8; $saltprefix='$1$'; $saltsuffix='$'; break; + case 2: // 2 + default: // by default, fall back on Standard DES (should work everywhere) + $saltlen=2; $saltprefix=''; $saltsuffix=''; break; } $salt=''; while(dol_strlen($salt) < $saltlen) $salt.=chr(mt_rand(64,126)); @@ -495,45 +495,67 @@ function dol_efc_config() if (count($available) > 0) { - // Content of configuration - $strAv = "\n"; - $strAv.= " * Copyright (C) 2009 Regis Houssin \n"; - $strAv.= " *\n"; - $strAv.= " * All rights reserved.\n"; - $strAv.= " * This file is licensed under GNU GPL version 2 or above.\n"; - $strAv.= " * Please visit http://www.gnu.org to now more about it.\n"; - $strAv.= " */\n\n"; - $strAv.= "/**\n"; - $strAv.= " * Name: EasyFileCrypt Extending Crypt Class\n"; - $strAv.= " * Version: 1.0\n"; - $strAv.= " * Created: ".date("r")."\n"; - $strAv.= " * Ciphers Installed on this system: ".count($ciphers)."\n"; - $strAv.= " */\n\n"; - $strAv.= " \$xfss = Array ( "; + // Content of configuration + $strAv = "\n"; + $strAv.= " * Copyright (C) 2009 Regis Houssin \n"; + $strAv.= " *\n"; + $strAv.= " * All rights reserved.\n"; + $strAv.= " * This file is licensed under GNU GPL version 2 or above.\n"; + $strAv.= " * Please visit http://www.gnu.org to now more about it.\n"; + $strAv.= " */\n\n"; + $strAv.= "/**\n"; + $strAv.= " * Name: EasyFileCrypt Extending Crypt Class\n"; + $strAv.= " * Version: 1.0\n"; + $strAv.= " * Created: ".date("r")."\n"; + $strAv.= " * Ciphers Installed on this system: ".count($ciphers)."\n"; + $strAv.= " */\n\n"; + $strAv.= " \$xfss = Array ( "; - foreach ($ciphers as $avCipher) { + foreach ($ciphers as $avCipher) { - $v = ""; - if (count($available["$avCipher"]) > 0) { - foreach ($available["$avCipher"] as $avMode) - $v .= " '".$avMode."', "; + $v = ""; + if (count($available["$avCipher"]) > 0) { + foreach ($available["$avCipher"] as $avMode) + $v .= " '".$avMode."', "; - $i = dol_strlen($v) - 2; - if ($v[$i] == ",") - $v = substr($v, 2, $i - 3); - } - if (!empty($v)) $v = " '".$v."' "; - $strAv .= "'".$avCipher."' => Array (".$v."),\n "; - } - $strAv = rtrim($strAv); - if ($strAv[dol_strlen($strAv) - 1] == ",") - $strAv = substr($strAv, 0, dol_strlen($strAv) - 1); - $strAv .= " );\n\n"; - $strAv .= "?>"; + $i = dol_strlen($v) - 2; + if ($v[$i] == ",") + $v = substr($v, 2, $i - 3); + } + if (!empty($v)) $v = " '".$v."' "; + $strAv .= "'".$avCipher."' => Array (".$v."),\n "; + } + $strAv = rtrim($strAv); + if ($strAv[dol_strlen($strAv) - 1] == ",") + $strAv = substr($strAv, 0, dol_strlen($strAv) - 1); + $strAv .= " );\n\n"; + $strAv .= "?>"; - return $strAv; - } + return $strAv; + } +} + +/** + * Return a generated password using default module + * @return string New value for password + */ +function getRandomPassword() +{ + global $db,$conf,$langs,$user; + + $generated_password=''; + if ($conf->global->USER_PASSWORD_GENERATED) + { + $nomclass="modGeneratePass".ucfirst($conf->global->USER_PASSWORD_GENERATED); + $nomfichier=$nomclass.".class.php"; + //print DOL_DOCUMENT_ROOT."/includes/modules/security/generate/".$nomclass; + require_once(DOL_DOCUMENT_ROOT."/includes/modules/security/generate/".$nomfichier); + $genhandler=new $nomclass($db,$conf,$langs,$user); + $generated_password=$genhandler->getNewGeneratedPassword(); + unset($genhandler); + } + return $generated_password; } ?> \ No newline at end of file diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 19fc03ac9d3..6b55924f537 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -1397,17 +1397,26 @@ class Societe extends CommonObject /** - * Return full address of a third party (TODO in format of its country) - * @param withcountry Add country - * @param nobr Do not use br + * Return full address of third party + * @param withcountry 1=Add country into address string + * @param sep Separator to use to build string * @return string Full address string */ function getFullAddress($withcountry=0,$sep="\n") { $ret=''; - $ret.=($this->address?$this->address.$sep:''); - $ret.=trim($this->zip.' '.$this->town); - if ($withcountry) $ret.=($this->pays?$sep.$this->pays:''); + if (in_array($this->country,array('us'))) + { + $ret.=($this->address?$this->address.$sep:''); + $ret.=trim($this->zip.' '.$this->town); + if ($withcountry) $ret.=($this->country?$sep.$this->country:''); + } + else + { + $ret.=($this->address?$this->address.$sep:''); + $ret.=trim($this->zip.' '.$this->town); + if ($withcountry) $ret.=($this->country?$sep.$this->country:''); + } return trim($ret); } diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index b1ecb65da09..db03d310e50 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -1196,12 +1196,11 @@ class User extends CommonObject dol_syslog("User::setPassword user=".$user->id." password=".preg_replace('/./i','*',$password)." changelater=".$changelater." notrigger=".$notrigger." nosyncmember=".$nosyncmember, LOG_DEBUG); - // Si nouveau mot de passe non communique, on genere par module + // If new password not provided, we generate one if (! $password) { - // TODO Mettre appel au module de generation de mot de passe - $password=creer_pass_aleatoire_1(''); - //$password=creer_pass_aleatoire_2(''); + include_once(DOL_DOCUMENT_ROOT.'/lib/security.lib.php'); + $password=getRandomPassword(''); } // Crypte avec md5 @@ -1646,12 +1645,12 @@ class User extends CommonObject /** - * \brief Retourne chaine DN complete dans l'annuaire LDAP pour l'objet - * \param info Info string loaded by _load_ldap_info - * \param mode 0=Return full DN (uid=qqq,ou=xxx,dc=aaa,dc=bbb) + * Retourne chaine DN complete dans l'annuaire LDAP pour l'objet + * @param info Info string loaded by _load_ldap_info + * @param mode 0=Return full DN (uid=qqq,ou=xxx,dc=aaa,dc=bbb) * 1= * 2=Return key only (uid=qqq) - * \return string DN + * @return string DN */ function _load_ldap_dn($info,$mode=0) { @@ -1664,14 +1663,8 @@ class User extends CommonObject } /** - * \brief Initialise tableau info (tableau des attributs LDAP) - * \return array Tableau info des attributs - */ - - - /** - * \brief Initialize the info array (array of LDAP values) that will be used to call LDAP functions - * \return array Tableau info des attributs + * Initialize the info array (array of LDAP values) that will be used to call LDAP functions + * @return array Tableau info des attributs */ function _load_ldap_info() { @@ -1741,7 +1734,7 @@ class User extends CommonObject /** - * \brief Initialise le user avec valeurs fictives aleatoire + * Initialize user with default values */ function initAsSpecimen() { @@ -1774,44 +1767,8 @@ class User extends CommonObject } /** - * \brief Charge la liste ->entrepots[] des entrepots pour l'utilisateur - * \return int 0 si ok, <> 0 si erreur - */ - /* deprecated - function load_entrepots() - { - $err=0; - $this->entrepots = array(); - $sql = "SELECT e.rowid,ue.consult,ue.send,e.label"; - $sql.= " FROM ".MAIN_DB_PREFIX."user_entrepot as ue,".MAIN_DB_PREFIX."entrepot as e"; - $sql.= " WHERE fk_user = '".$this->id."'"; - $sql .= " AND e.statut = 1"; - $sql .= " AND e.rowid = ue.fk_entrepot"; - - if ( $this->db->query($sql) ) - { - $i=0; - while ($obj = $this->db->fetch_object($result) ) - { - $this->entrepots[$i]['id'] = $obj->consult; - $this->entrepots[$i]['consult'] = $obj->consult; - $this->entrepots[$i]['send'] = $obj->send; - $this->entrepots[$i]['label'] = $obj->label; - $i++; - } - } - else - { - $err++; - dol_print_error($this->db); - } - return $err; - } -*/ - - /* - * \brief Charge les informations d'ordre info dans l'objet user - * \param id id du user a charger + * Load info of user object + * @param id id of user to load */ function info($id) { @@ -1846,8 +1803,8 @@ class User extends CommonObject /** - * \brief Return number of mass Emailing received by this contacts with its email - * \return int Number of EMailings + * Return number of mass Emailing received by this contacts with its email + * @return int Number of EMailings */ function getNbOfEMailings() { @@ -1872,9 +1829,9 @@ class User extends CommonObject } /** - * \brief Return number of existing users - * \param limitToActive limit to active users - * \return int Number of users + * Return number of existing users + * @param limitToActive limit to active users + * @return int Number of users */ function getNbOfUsers($limitToActive=0) { @@ -1903,52 +1860,4 @@ class User extends CommonObject } - -/** - * \brief Fonction pour creer un mot de passe aleatoire en minuscule - * \param sel Donnee aleatoire - * \return string Mot de passe - */ -function creer_pass_aleatoire_1($sel = "") -{ - $longueur = 8; - - return strtolower(substr(md5(uniqid(mt_rand())),0,$longueur)); -} - - -/** - * \brief Fonction pour creer un mot de passe aleatoire melangeant majuscule, - * minuscule, chiffre et alpha et caracteres speciaux - * \remarks La fonction a ete prise sur http://www.uzine.net/spip - * \param sel Donnee aleatoire - * \return string Mot de passe - */ -function creer_pass_aleatoire_2($sel = "") -{ - $longueur=8; - - $seed = (double) (microtime() + 1) * time(); - srand($seed); - - for ($i = 0; $i < $longueur; $i++) - { - if (!$s) - { - if (!$s) $s = mt_rand(); - $s = substr(md5(uniqid($s).$sel), 0, 16); - } - $r = unpack("Cr", pack("H2", $s.$s)); - $x = $r['r'] & 63; - if ($x < 10) $x = chr($x + 48); - else if ($x < 36) $x = chr($x + 55); - else if ($x < 62) $x = chr($x + 61); - else if ($x == 63) $x = '/'; - else $x = '.'; - $pass .= $x; - $s = substr($s, 2); - } - return $pass; -} - ?> diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php index 215e7a2c6de..51143b850a7 100644 --- a/htdocs/user/fiche.php +++ b/htdocs/user/fiche.php @@ -618,17 +618,10 @@ if (($action == 'create') || ($action == 'adduserldap')) print ''; $generated_password=''; - if (!$ldap_sid) + if (! $ldap_sid) { - if ($conf->global->USER_PASSWORD_GENERATED) - { - $nomclass="modGeneratePass".ucfirst($conf->global->USER_PASSWORD_GENERATED); - $nomfichier=$nomclass.".class.php"; - //print DOL_DOCUMENT_ROOT."/includes/modules/security/generate/".$nomclass; - require_once(DOL_DOCUMENT_ROOT."/includes/modules/security/generate/".$nomfichier); - $genhandler=new $nomclass($db,$conf,$langs,$user); - $generated_password=$genhandler->getNewGeneratedPassword(); - } + include_once(DOL_DOCUMENT_ROOT.'/lib/security.lib.php'); + $generated_password=getRandomPassword(''); } $password=$generated_password;