lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch '16.0' of git@github.com:Dolibarr/dolibarr.git into 16.0

Browse Source
This commit is contained in:
Laurent Destailleur 2023-02-21 12:17:41 +01:00
commit dd6e2821bc
3 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/lib/security.lib.php
View File

@ -682,7 +682,7 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl
// Array to define rules of checks to do
$check = array('adherent', 'banque', 'bom', 'don', 'mrp', 'user', 'usergroup', 'payment', 'payment_supplier', 'product', 'produit', 'service', 'produit|service', 'categorie', 'resource', 'expensereport', 'holiday', 'salaries', 'website', 'recruitment'); // Test on entity only (Objects with no link to company)
$checksoc = array('societe'); // Test for societe object
$checkother = array('contact', 'agenda'); // Test on entity + link to third party on field $dbt_keyfield. Allowed if link is empty (Ex: contacts...).
$checkother = array('contact', 'agenda', 'contrat'); // Test on entity + link to third party on field $dbt_keyfield. Allowed if link is empty (Ex: contacts...).
$checkproject = array('projet', 'project'); // Test for project object
$checktask = array('projet_task'); // Test for task object
$checkhierarchy = array('expensereport', 'holiday');

5
htdocs/user/class/user.class.php
View File

@ -2359,7 +2359,7 @@ class User extends CommonObject
/**
* Send new password by email
*
* @param User $user Object user that send the email (not the user we send too)
* @param User $user Object user that send the email (not the user we send to) @todo object $user is not used !
* @param string $password New password
* @param int $changelater 0=Send clear passwod into email, 1=Change password only after clicking on confirm email. @todo Add method 2 = Send link to reset password
* @return int < 0 si erreur, > 0 si ok
@ -2425,6 +2425,9 @@ class User extends CommonObject
//print $password.'-'.$this->id.'-'.$dolibarr_main_instance_unique_id;
$url = $urlwithroot.'/user/passwordforgotten.php?action=validatenewpassword';
$url .= '&username='.urlencode($this->login)."&passworduidhash=".urlencode(dol_hash($password.'-'.$this->id.'-'.$dolibarr_main_instance_unique_id));
if (!empty($conf->multicompany->enabled)) {
$url .= '&entity='.(!empty($this->entity) ? $this->entity : 1);
}
$msgishtml = 1;

6
htdocs/user/passwordforgotten.php
View File

@ -87,7 +87,7 @@ if (empty($reshook)) {
// Validate new password
if ($action == 'validatenewpassword' && $username && $passworduidhash) {
$edituser = new User($db);
$result = $edituser->fetch('', $username);
$result = $edituser->fetch('', $username, '', 0, $conf->entity);
if ($result < 0) {
$message = '<div class="error">'.dol_escape_htmltag($langs->trans("ErrorLoginDoesNotExists", $username)).'</div>';
} else {
@ -122,9 +122,9 @@ if (empty($reshook)) {
$isanemail = preg_match('/@/', $username);
$edituser = new User($db);
$result = $edituser->fetch('', $username, '', 1);
$result = $edituser->fetch('', $username, '', 1, $conf->entity);
if ($result == 0 && $isanemail) {
$result = $edituser->fetch('', '', '', 1, -1, $username);
$result = $edituser->fetch('', '', '', 1, $conf->entity, $username);
}
if ($result <= 0 && $edituser->error == 'USERNOTFOUND') {