Todo: le champ type "password" modifie la valeur du mot de passe (test en mode crypte) !!
This commit is contained in:
Regis Houssin
parent
70fa7c02d4
commit
d72d40c4b5
@ -43,10 +43,12 @@ function check_user_password_dolibarr($usertotest,$passwordtotest)
|
||||
// If test username/password asked, we define $test=false and $login var if ok, set $_SESSION["dol_loginmesg"] if ko
|
||||
$table = MAIN_DB_PREFIX."user";
|
||||
$usernamecol = 'login';
|
||||
$entitycol = 'entity';
|
||||
|
||||
$sql ='SELECT pass, pass_crypted';
|
||||
$sql.=' from '.$table;
|
||||
$sql.=' where '.$usernamecol." = '".addslashes($_POST["username"])."'";
|
||||
$sql.=' FROM '.$table;
|
||||
$sql.=' WHERE '.$usernamecol." = '".addslashes($_POST["username"])."'";
|
||||
$sql.=' AND '.$entitycol." IN (0,".$_POST["entity"].")";
|
||||
|
||||
dol_syslog("functions_dolibarr::check_user_password_dolibarr sql=".$sql);
|
||||
$resql=$db->query($sql);
|
||||
|
||||
@ -153,18 +153,19 @@ class User extends CommonObject
|
||||
$sql.= " ".$this->db->pdate("u.datelastlogin")." as datel,";
|
||||
$sql.= " ".$this->db->pdate("u.datepreviouslogin")." as datep";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."user as u";
|
||||
$sql.= " WHERE u.entity IN (0,".$conf->entity.")";
|
||||
if ($sid)
|
||||
{
|
||||
// permet une recherche du user par son SID ActiveDirectory ou Samba
|
||||
$sql .= " WHERE (u.ldap_sid = '".$sid."' || u.login = '".addslashes($login)."') LIMIT 1";
|
||||
$sql.= " AND (u.ldap_sid = '".$sid."' || u.login = '".addslashes($login)."') LIMIT 1";
|
||||
}
|
||||
else if ($login)
|
||||
{
|
||||
$sql .= " WHERE u.login = '".addslashes($login)."'";
|
||||
$sql.= " AND u.login = '".addslashes($login)."'";
|
||||
}
|
||||
else
|
||||
{
|
||||
$sql .= " WHERE u.rowid = ".$this->id;
|
||||
$sql.= " AND u.rowid = ".$this->id;
|
||||
}
|
||||
|
||||
dol_syslog("User::Fetch sql=".$sql, LOG_DEBUG);
|
||||
@ -1013,14 +1014,13 @@ class User extends CommonObject
|
||||
{
|
||||
$nbrowsaffected+=$this->db->affected_rows($resql);
|
||||
|
||||
// Mise a jour mot de passe
|
||||
// Mise a jour mot de passe
|
||||
if ($this->pass)
|
||||
{
|
||||
if ($this->pass != $this->pass_indatabase && $this->pass != $this->pass_indatabase_crypted)
|
||||
{
|
||||
// Si mot de passe saisi et different de celui en base
|
||||
$result=$this->setPassword($user,$this->pass,0,$notrigger);
|
||||
|
||||
if (! $nbrowsaffected) $nbrowsaffected++;
|
||||
}
|
||||
}
|
||||
|
||||
@ -236,7 +236,7 @@ if ($_POST["action"] == 'update' && ! $_POST["cancel"] && $caneditfield)
|
||||
$edituser->nom = $_POST["nom"];
|
||||
$edituser->prenom = $_POST["prenom"];
|
||||
$edituser->login = $_POST["login"];
|
||||
$edituser->pass = $_POST["pass"];
|
||||
$edituser->pass = $_POST["password"];
|
||||
$edituser->admin = $_POST["admin"];
|
||||
$edituser->office_phone = $_POST["office_phone"];
|
||||
$edituser->office_fax = $_POST["office_fax"];
|
||||
@ -260,22 +260,23 @@ if ($_POST["action"] == 'update' && ! $_POST["cancel"] && $caneditfield)
|
||||
$message.='<div class="error">'.$edituser->error.'</div>';
|
||||
}
|
||||
}
|
||||
// Todo: doublon avec la fonction update qui fait deja appel a setPassword
|
||||
/*
|
||||
if ($ret >= 0 && isset($_POST["password"]) && $_POST["password"] !='')
|
||||
{
|
||||
$ret=$edituser->setPassword($user,$_POST["password"],1);
|
||||
$ret=$edituser->setPassword($user,$_POST["password"]);
|
||||
if ($ret < 0)
|
||||
{
|
||||
$message.='<div class="error">'.$edituser->error.'</div>';
|
||||
}
|
||||
}
|
||||
|
||||
*/
|
||||
if (isset($_FILES['photo']['tmp_name']) && trim($_FILES['photo']['tmp_name']))
|
||||
{
|
||||
// If photo is provided
|
||||
if (! is_dir($conf->user->dir_output))
|
||||
{
|
||||
create_exdir($conf->user->dir_output);
|
||||
print 'photo ok='.$conf->user->dir_output.'<br>';;
|
||||
}
|
||||
if (is_dir($conf->user->dir_output))
|
||||
{
|
||||
@ -1273,7 +1274,8 @@ else
|
||||
}
|
||||
else if ($caneditpassword)
|
||||
{
|
||||
$text='<input size="12" maxlength="32" type="password" class="flat" name="pass" value="'.$fuser->pass.'">';
|
||||
// Todo: le champ type "password" modifie la valeur du mot de passe (test en mode crypte) !!
|
||||
$text='<input size="12" maxlength="32" type="text" class="flat" name="password" value="'.$fuser->pass.'">';
|
||||
if ($dolibarr_main_authentication && $dolibarr_main_authentication == 'http')
|
||||
{
|
||||
$text=$html->textwithwarning($text,$langs->trans("DolibarrInHttpAuthenticationSoPasswordUseless",$dolibarr_main_authentication));
|
||||
|
||||
Loading…
Reference in New Issue
Block a user