41 global $db, $conf, $langs;
44 $entity = $entitytotest;
51 if (!empty($usertotest)) {
52 require_once DOL_DOCUMENT_ROOT.
'/core/lib/date.lib.php';
53 dol_syslog(
"functions_dolibarr::check_user_password_dolibarr usertotest=".$usertotest.
" passwordtotest=".preg_replace(
'/./',
'*', $passwordtotest).
" entitytotest=".$entitytotest);
60 $sql =
"SELECT COUNT(e.rowid) as nbevent";
61 $sql .=
" FROM ".MAIN_DB_PREFIX.
"events as e";
62 $sql .=
" WHERE e.type = 'USER_LOGIN_FAILED'";
63 $sql .=
" AND e.ip = '".$db->escape($userremoteip).
"'";
64 $sql .=
" AND e.dateevent > '".$db->idate($dateverificationauth).
"'";
65 $resql = $db->query(
$sql);
67 $obj = $db->fetch_object($resql);
69 $nbevents = $obj->nbevent;
73 if ($nbevents <=
getDolGlobalInt(
"MAIN_SECURITY_MAX_NUMBER_FAILED_AUTH", 100)) {
75 $table = MAIN_DB_PREFIX.
"user";
76 $usernamecol1 =
'login';
77 $usernamecol2 =
'email';
78 $entitycol =
'entity';
80 $sql =
"SELECT rowid, login, entity, pass, pass_crypted, datestartvalidity, dateendvalidity, flagdelsessionsbefore";
81 $sql .=
" FROM ".$table;
82 $sql .=
" WHERE (".$usernamecol1.
" = '".$db->escape($usertotest).
"'";
83 if (preg_match(
'/@/', $usertotest)) {
84 $sql .=
" OR ".$usernamecol2.
" = '".$db->escape($usertotest).
"'";
86 $sql .=
") AND ".$entitycol.
" IN (0,".($entity ? ((int) $entity) : 1).
")";
87 $sql .=
" AND statut = 1";
90 $sql .=
" ORDER BY entity DESC";
94 $resql = $db->query(
$sql);
96 $obj = $db->fetch_object($resql);
98 $passclear = $obj->pass;
99 $passcrypted = $obj->pass_crypted;
100 $passtyped = $passwordtotest;
111 if (!in_array($cryptType, array(
'auto'))) {
115 if ($cryptType ==
'auto') {
116 if ($passcrypted &&
dol_verifyHash($passtyped, $passcrypted,
'0')) {
118 dol_syslog(
"functions_dolibarr::check_user_password_dolibarr Authentication ok - hash ".$cryptType.
" of pass is ok");
124 if ((!$passcrypted || $passtyped)
125 && ($passclear && ($passtyped == $passclear))) {
127 dol_syslog(
"functions_dolibarr::check_user_password_dolibarr Authentication ok - found old pass in database", LOG_WARNING);
133 $login = $obj->login;
135 dol_syslog(
"functions_dolibarr::check_user_password_dolibarr Authentication KO bad password for '".$usertotest.
"', cryptType=".$cryptType, LOG_NOTICE);
139 $langs->loadLangs(array(
'main',
'errors'));
141 $_SESSION[
"dol_loginmesg"] = $langs->transnoentitiesnoconv(
"ErrorBadLoginPassword");
149 unset($conf->multicompany->enabled);
151 $ret = $mc->checkRight($obj->rowid, $entitytotest);
153 dol_syslog(
"functions_dolibarr::check_user_password_dolibarr Authentication KO entity '".$entitytotest.
"' not allowed for user '".$obj->rowid.
"'", LOG_NOTICE);
156 if ($mc->db->lasterror()) {
157 $_SESSION[
"dol_loginmesg"] = $mc->db->lasterror();
163 dol_syslog(
"functions_dolibarr::check_user_password_dolibarr Authentication KO user not found for '".$usertotest.
"'", LOG_NOTICE);
167 $langs->loadLangs(array(
'main',
'errors'));
169 $_SESSION[
"dol_loginmesg"] = $langs->transnoentitiesnoconv(
"ErrorBadLoginPassword");
172 dol_syslog(
"functions_dolibarr::check_user_password_dolibarr Authentication KO db error for '".$usertotest.
"' error=".$db->lasterror(), LOG_ERR);
174 $_SESSION[
"dol_loginmesg"] = $db->lasterror();
177 dol_syslog(
"functions_dolibarr::check_user_password_dolibarr Authentication KO Too many attempts", LOG_NOTICE);
180 $langs->loadLangs(array(
'main',
'errors'));
181 $_SESSION[
"dol_loginmesg"] = $langs->transnoentitiesnoconv(
"ErrorTooManyAttempts");
if(isModEnabled('invoice') && $user->hasRight('facture', 'lire')) if((isModEnabled('fournisseur') &&!getDolGlobalString('MAIN_USE_NEW_SUPPLIERMOD') && $user->hasRight("fournisseur", "facture", "lire"))||(isModEnabled('supplier_invoice') && $user->hasRight("supplier_invoice", "lire"))) if(isModEnabled('don') && $user->hasRight('don', 'lire')) if(isModEnabled('tax') && $user->hasRight('tax', 'charges', 'lire')) if(isModEnabled('invoice') &&isModEnabled('order') && $user->hasRight("commande", "lire") &&!getDolGlobalString('WORKFLOW_DISABLE_CREATE_INVOICE_FROM_ORDER')) $sql
Social contributions to pay.
dol_time_plus_duree($time, $duration_value, $duration_unit, $ruleforendofmonth=0)
Add a delay to a date.
dol_now($mode='auto')
Return date for now.
getDolGlobalInt($key, $default=0)
Return a Dolibarr global constant int value.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
getUserRemoteIP()
Return the IP of remote user.
isModEnabled($module)
Is Dolibarr module enabled.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotest=1)
Check validity of user/password/entity If test is ko, reason must be filled into $_SESSION["dol_login...
dol_verifyHash($chain, $hash, $type='0')
Compute a hash and compare it to the given one For backward compatibility reasons,...