diff --git a/htdocs/install/fileconf.php b/htdocs/install/fileconf.php
index 369d2b93605..42ea5e423af 100644
--- a/htdocs/install/fileconf.php
+++ b/htdocs/install/fileconf.php
@@ -559,7 +559,7 @@ if (!empty($force_install_noedit)) {
 				   class="needroot text-security"
 				   value="<?php
 					// If $force_install_databaserootpass is on, we don't want to set password here, we just show '***'. Real value will be extracted from the forced install file at step1.
-                    $autofill = ((!empty($force_install_databaserootpass)) ? str_pad('', strlen($force_install_databaserootpass), '*') : (isset($db_pass_root) ? $db_pass_root : ''));
+					$autofill = ((!empty($force_install_databaserootpass)) ? str_pad('', strlen($force_install_databaserootpass), '*') : (isset($db_pass_root) ? $db_pass_root : ''));
 					if (!empty($dolibarr_main_prod)) {
 						$autofill = '';
 					}
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index d1423009c44..a30f02f7fba 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -460,15 +460,15 @@ if (!defined('NOTOKENRENEWAL')) {
 if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN)) || defined('CSRFCHECK_WITH_TOKEN')) {
 	// Array of action code where CSRFCHECK with token will be forced (so token must be provided on url request)
 	$arrayofactiontoforcetokencheck = array(
-	    'activate', 'add', 'addrights', 'addtimespent',
-	    'confirm_create_user', 'confirm_create_thirdparty', 'confirm_purge', 'confirm_reject_check', 'confirm_deletedir', 'confirm_deletefile',
-	    'delete', 'deletefilter', 'deleteoperation', 'deleteprof', 'deletepayment', 'delrights',
-	    'disable',
-	    'doprev', 'donext', 'dvprev', 'dvnext',
-	    'enable',
-	    'install',
-	    'setpricelevel',
-	    'update'
+        'activate', 'add', 'addrights', 'addtimespent',
+        'confirm_create_user', 'confirm_create_thirdparty', 'confirm_purge', 'confirm_reject_check', 'confirm_deletedir', 'confirm_deletefile',
+        'delete', 'deletefilter', 'deleteoperation', 'deleteprof', 'deletepayment', 'delrights',
+        'disable',
+        'doprev', 'donext', 'dvprev', 'dvnext',
+        'enable',
+        'install',
+        'setpricelevel',
+        'update'
 	);
 	$sensitiveget = false;
 	if (in_array(GETPOST('action', 'aZ09'), $arrayofactiontoforcetokencheck)) {
diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index b1bc23463fb..816d3dc3e27 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -1281,9 +1281,9 @@ class User extends CommonObject
 			$this->error = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Login"));
 			return -1;
 		} elseif (preg_match('/[,@<>"\']/', $this->login)) {
-            $langs->load("errors");
-            $this->error = $langs->trans("ErrorBadCharIntoLoginName");
-            return -1;
+			$langs->load("errors");
+			$this->error = $langs->trans("ErrorBadCharIntoLoginName");
+			return -1;
 		}
 
 		$this->datec = dol_now();
@@ -1674,9 +1674,9 @@ class User extends CommonObject
 			$this->error = $langs->trans("ErrorFieldRequired", 'Login');
 			return -1;
 		} elseif (preg_match('/[,@<>"\']/', $this->login)) {
-            $langs->load("errors");
-            $this->error = $langs->trans("ErrorBadCharIntoLoginName");
-            return -1;
+			$langs->load("errors");
+			$this->error = $langs->trans("ErrorBadCharIntoLoginName");
+			return -1;
 		}
 
 		$this->db->begin();