dolibarr  9.0.0
security.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2004-2009 Laurent Destailleur <eldy@users.sourceforge.net>
3  * Copyright (C) 2005-2007 Regis Houssin <regis.houssin@inodbox.com>
4  * Copyright (C) 2013-2015 Juanjo Menent <jmenent@2byte.es>
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 3 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program. If not, see <http://www.gnu.org/licenses/>.
18  */
19 
26 require '../main.inc.php';
27 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
28 require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
29 
30 $action=GETPOST('action','aZ09');
31 
32 // Load translation files required by the page
33 $langs->loadLangs(array("users","admin","other"));
34 
35 if (!$user->admin) accessforbidden();
36 
37 // Allow/Disallow change to clear passwords once passwords are crypted
38 $allow_disable_encryption=true;
39 
40 /*
41  * Actions
42  */
43 if ($action == 'setgeneraterule')
44 {
45  if (! dolibarr_set_const($db, 'USER_PASSWORD_GENERATED',$_GET["value"],'chaine',0,'',$conf->entity))
46  {
47  dol_print_error($db);
48  }
49  else
50  {
51  header("Location: ".$_SERVER["PHP_SELF"]);
52  exit;
53  }
54 }
55 
56 if ($action == 'activate_encrypt')
57 {
58  $error=0;
59 
60  $db->begin();
61 
62  dolibarr_set_const($db, "DATABASE_PWD_ENCRYPTED", "1",'chaine',0,'',$conf->entity);
63 
64  $sql = "SELECT u.rowid, u.pass, u.pass_crypted";
65  $sql.= " FROM ".MAIN_DB_PREFIX."user as u";
66  $sql.= " WHERE u.pass IS NOT NULL AND LENGTH(u.pass) < 32"; // Not a MD5 value
67 
68  $resql=$db->query($sql);
69  if ($resql)
70  {
71  $numrows=$db->num_rows($resql);
72  $i=0;
73  while ($i < $numrows)
74  {
75  $obj=$db->fetch_object($resql);
76  if (dol_hash($obj->pass))
77  {
78  $sql = "UPDATE ".MAIN_DB_PREFIX."user";
79  $sql.= " SET pass_crypted = '".dol_hash($obj->pass)."', pass = NULL";
80  $sql.= " WHERE rowid=".$obj->rowid;
81  //print $sql;
82 
83  $resql2 = $db->query($sql);
84  if (! $resql2)
85  {
86  dol_print_error($db);
87  $error++;
88  break;
89  }
90 
91  $i++;
92  }
93  }
94  }
95  else dol_print_error($db);
96 
97  //print $error." ".$sql;
98  //exit;
99  if (! $error)
100  {
101  $db->commit();
102  header("Location: security.php");
103  exit;
104  }
105  else
106  {
107  $db->rollback();
108  dol_print_error($db,'');
109  }
110 }
111 else if ($action == 'disable_encrypt')
112 {
113  //On n'autorise pas l'annulation de l'encryption car les mots de passe ne peuvent pas etre decodes
114  //Do not allow "disable encryption" as passwords cannot be decrypted
115  if ($allow_disable_encryption)
116  {
117  dolibarr_del_const($db, "DATABASE_PWD_ENCRYPTED",$conf->entity);
118  }
119  header("Location: security.php");
120  exit;
121 }
122 
123 if ($action == 'activate_encryptdbpassconf')
124 {
125  $result = encodedecode_dbpassconf(1);
126  if ($result > 0)
127  {
128  sleep(3); // Don't know why but we need to wait file is completely saved before making the reload. Even with flush and clearstatcache, we need to wait.
129 
130  // database value not required
131  //dolibarr_set_const($db, "MAIN_DATABASE_PWD_CONFIG_ENCRYPTED", "1");
132  header("Location: security.php");
133  exit;
134  }
135  else
136  {
137  setEventMessages($langs->trans('InstrucToEncodePass',dol_encode($dolibarr_main_db_pass)), null, 'warnings');
138  }
139 }
140 else if ($action == 'disable_encryptdbpassconf')
141 {
142  $result = encodedecode_dbpassconf(0);
143  if ($result > 0)
144  {
145  sleep(3); // Don't know why but we need to wait file is completely saved before making the reload. Even with flush and clearstatcache, we need to wait.
146 
147  // database value not required
148  //dolibarr_del_const($db, "MAIN_DATABASE_PWD_CONFIG_ENCRYPTED",$conf->entity);
149  header("Location: security.php");
150  exit;
151  }
152  else
153  {
154  setEventMessages($langs->trans('InstrucToClearPass',$dolibarr_main_db_pass), null, 'warnings');
155  }
156 }
157 
158 if ($action == 'activate_MAIN_SECURITY_DISABLEFORGETPASSLINK')
159 {
160  dolibarr_set_const($db, "MAIN_SECURITY_DISABLEFORGETPASSLINK", '1','chaine',0,'',$conf->entity);
161  header("Location: security.php");
162  exit;
163 }
164 else if ($action == 'disable_MAIN_SECURITY_DISABLEFORGETPASSLINK')
165 {
166  dolibarr_del_const($db, "MAIN_SECURITY_DISABLEFORGETPASSLINK",$conf->entity);
167  header("Location: security.php");
168  exit;
169 }
170 
171 if ($action == 'maj_pattern')
172 {
173  dolibarr_set_const($db, "USER_PASSWORD_PATTERN", GETPOST("pattern"),'chaine',0,'',$conf->entity);
174  header("Location: security.php");
175  exit;
176 }
177 
178 
179 
180 /*
181  * View
182  */
183 $form = new Form($db);
184 
185 $wikihelp='EN:Setup_Security|FR:Paramétrage_Sécurité|ES:Configuración_Seguridad';
186 llxHeader('',$langs->trans("Passwords"),$wikihelp);
187 
188 print load_fiche_titre($langs->trans("SecuritySetup"),'','title_setup');
189 
190 print $langs->trans("GeneratedPasswordDesc")."<br>\n";
191 print "<br>\n";
192 
193 
194 $head=security_prepare_head();
195 
196 dol_fiche_head($head, 'passwords', $langs->trans("Security"), -1);
197 
198 
199 // Choix du gestionnaire du generateur de mot de passe
200 print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
201 print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
202 print '<input type="hidden" name="action" value="update">';
203 print '<input type="hidden" name="constname" value="USER_PASSWORD_GENERATED">';
204 print '<input type="hidden" name="consttype" value="yesno">';
205 
206 // Charge tableau des modules generation
207 $dir = "../core/modules/security/generate";
208 clearstatcache();
209 $handle=opendir($dir);
210 $i=1;
211 if (is_resource($handle))
212 {
213  while (($file = readdir($handle))!==false)
214  {
215  if (preg_match('/(modGeneratePass[a-z]+)\.class\.php/i',$file,$reg))
216  {
217  // Charging the numbering class
218  $classname = $reg[1];
219  require_once $dir.'/'.$file;
220 
221  $obj = new $classname($db,$conf,$langs,$user);
222  $arrayhandler[$obj->id]=$obj;
223  $i++;
224  }
225  }
226  closedir($handle);
227 }
228 asort($arrayhandler);
229 
230 print '<table class="noborder" width="100%">';
231 print '<tr class="liste_titre">';
232 print '<td colspan="2">'.$langs->trans("RuleForGeneratedPasswords").'</td>';
233 print '<td>'.$langs->trans("Example").'</td>';
234 print '<td align="center">'.$langs->trans("Activated").'</td>';
235 print '</tr>';
236 
237 foreach ($arrayhandler as $key => $module)
238 {
239  // Show modules according to features level
240  if ($module->version == 'development' && $conf->global->MAIN_FEATURES_LEVEL < 2) continue;
241  if ($module->version == 'experimental' && $conf->global->MAIN_FEATURES_LEVEL < 1) continue;
242 
243  if ($module->isEnabled())
244  {
245  print '<tr class="oddeven"><td width="100">';
246  print ucfirst($key);
247  print "</td><td>\n";
248  print $module->getDescription().'<br>';
249  print $langs->trans("MinLength").': '.$module->length;
250  print '</td>';
251 
252  // Show example of numbering module
253  print '<td class="nowrap">';
254  $tmp=$module->getExample();
255  if (preg_match('/^Error/',$tmp)) { $langs->load("errors"); print '<div class="error">'.$langs->trans($tmp).'</div>'; }
256  elseif ($tmp=='NotConfigured') print $langs->trans($tmp);
257  else print $tmp;
258  print '</td>'."\n";
259 
260  print '<td width="100" align="center">';
261  if ($conf->global->USER_PASSWORD_GENERATED == $key)
262  {
263  print img_picto('','tick');
264  }
265  else
266  {
267  print '<a href="'.$_SERVER['PHP_SELF'].'?action=setgeneraterule&amp;value='.$key.'">'.$langs->trans("Activate").'</a>';
268  }
269  print "</td></tr>\n";
270  }
271 }
272 print '</table>';
273 print '</form>';
274 
275 //if($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK == 1)
276 // Patter for Password Perso
277 if ($conf->global->USER_PASSWORD_GENERATED == "Perso"){
278 
279 
280  $tabConf = explode(";",$conf->global->USER_PASSWORD_PATTERN);
281  /*$this->length2 = $tabConf[0];
282  $this->NbMaj = $tabConf[1];
283  $this->NbNum = $tabConf[2];
284  $this->NbSpe = $tabConf[3];
285  $this->NbRepeat = $tabConf[4];
286  $this->WithoutAmbi = $tabConf[5];
287  */
288  print '<br>';
289  print '<table class="noborder" width="100%">';
290  print '<tr class="liste_titre">';
291  print '<td colspan="3"> '.$langs->trans("PasswordPatternDesc").'</td>';
292  print '</tr>';
293 
294 
295  print '<tr class="oddeven">';
296  print '<td>' . $langs->trans("MinLength")."</td>";
297  print '<td colspan="2"><input type="number" value="'.$tabConf[0].'" id="minlenght" min="1"></td>';
298  print '</tr>';
299 
300 
301  print '<tr class="oddeven">';
302  print '<td>' . $langs->trans("NbMajMin")."</td>";
303  print '<td colspan="2"><input type="number" value="'.$tabConf[1].'" id="NbMajMin" min="0"></td>';
304  print '</tr>';
305 
306 
307  print '<tr class="oddeven">';
308  print '<td>' . $langs->trans("NbNumMin")."</td>";
309  print '<td colspan="2"><input type="number" value="'.$tabConf[2].'" id="NbNumMin" min="0"></td>';
310  print '</tr>';
311 
312 
313  print '<tr class="oddeven">';
314  print '<td>' . $langs->trans("NbSpeMin")."</td>";
315  print '<td colspan="2"><input type="number" value="'.$tabConf[3].'" id="NbSpeMin" min="0"></td>';
316  print '</tr>';
317 
318 
319  print '<tr class="oddeven">';
320  print '<td>' . $langs->trans("NbIteConsecutive")."</td>";
321  print '<td colspan="2"><input type="number" value="'.$tabConf[4].'" id="NbIteConsecutive" min="0"></td>';
322  print '</tr>';
323 
324 
325  print '<tr class="oddeven">';
326  print '<td>' . $langs->trans("NoAmbiCaracAutoGeneration")."</td>";
327  print '<td colspan="2"><input type="checkbox" id="NoAmbiCaracAutoGeneration" '.($tabConf[5] ? "checked" : "").' min="0"> <span id="textcheckbox">'.($tabConf[5] ? $langs->trans("Activated") : $langs->trans("Disabled")).'</span></td>';
328  print '</tr>';
329 
330  print '</table>';
331 
332  print '<br>';
333  print '<table align="right">';
334  print '<tr><td>';
335  print '<a class="button" id="linkChangePattern">'.$langs->trans("Save").'</a>';
336  print '</td></tr>';
337  print '</table>';
338  print '<br><br>';
339 
340  print '<script type="text/javascript">';
341  print ' function getStringArg(){';
342  print ' var pattern = "";';
343  print ' pattern += $("#minlenght").val() + ";";';
344  print ' pattern += $("#NbMajMin").val() + ";";';
345  print ' pattern += $("#NbNumMin").val() + ";";';
346  print ' pattern += $("#NbSpeMin").val() + ";";';
347  print ' pattern += $("#NbIteConsecutive").val() + ";";';
348  print ' pattern += $("#NoAmbiCaracAutoGeneration")[0].checked ? "1" : "0";';
349  print ' return pattern;';
350  print ' }';
351 
352  print ' function valuePossible(){';
353  print ' var length = parseInt($("#minlenght").val());';
354  print ' var length_mini = parseInt($("#NbMajMin").val()) + parseInt($("#NbNumMin").val()) + parseInt($("#NbSpeMin").val());';
355  print ' return length >= length_mini;';
356  print ' }';
357 
358  print ' function generatelink(){';
359  print ' return "security.php?action=maj_pattern&pattern="+getStringArg();';
360  print ' }';
361 
362  print ' function valuePatternChange(){';
363  print ' var lang_save = "'.$langs->trans("Save").'";';
364  print ' var lang_error = "'.$langs->trans("Error").'";';
365  print ' var lang_Disabled = "'.$langs->trans("Disabled").'";';
366  print ' var lang_Activated = "'.$langs->trans("Activated").'";';
367  print ' $("#textcheckbox").html($("#NoAmbiCaracAutoGeneration")[0].checked ? unescape(lang_Activated) : unescape(lang_Disabled));';
368  print ' if(valuePossible()){';
369  print ' $("#linkChangePattern").attr("href",generatelink()).text(lang_save);';
370  print ' }';
371  print ' else{';
372  print ' $("#linkChangePattern").attr("href", null).text(lang_error);';
373  print ' }';
374  print ' }';
375 
376  print ' $("#minlenght").change(function(){valuePatternChange();});';
377  print ' $("#NbMajMin").change(function(){valuePatternChange();});';
378  print ' $("#NbNumMin").change(function(){valuePatternChange();});';
379  print ' $("#NbSpeMin").change(function(){valuePatternChange();});';
380  print ' $("#NbIteConsecutive").change(function(){valuePatternChange();});';
381  print ' $("#NoAmbiCaracAutoGeneration").change(function(){valuePatternChange();});';
382 
383  print '</script>';
384 }
385 
386 
387 // Cryptage mot de passe
388 print '<br>';
389 print "<form method=\"post\" action=\"" . $_SERVER["PHP_SELF"] . "\">";
390 print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
391 print "<input type=\"hidden\" name=\"action\" value=\"encrypt\">";
392 
393 print '<table class="noborder" width="100%">';
394 print '<tr class="liste_titre">';
395 print '<td colspan="3">'.$langs->trans("Parameters").'</td>';
396 print '<td align="center">'.$langs->trans("Activated").'</td>';
397 print '<td align="center">'.$langs->trans("Action").'</td>';
398 print '</tr>';
399 
400 // Disable clear password in database
401 
402 print '<tr class="oddeven">';
403 print '<td colspan="3">'.$langs->trans("DoNotStoreClearPassword").'</td>';
404 print '<td align="center" width="60">';
405 if (! empty($conf->global->DATABASE_PWD_ENCRYPTED))
406 {
407  print img_picto($langs->trans("Active"),'tick');
408 }
409 print '</td>';
410 if (! $conf->global->DATABASE_PWD_ENCRYPTED)
411 {
412  print '<td align="center" width="100">';
413  print '<a href="security.php?action=activate_encrypt">'.$langs->trans("Activate").'</a>';
414  print "</td>";
415 }
416 if (! empty($conf->global->DATABASE_PWD_ENCRYPTED))
417 {
418  print '<td align="center" width="100">';
419  if ($allow_disable_encryption)
420  {
421  //On n'autorise pas l'annulation de l'encryption car les mots de passe ne peuvent pas etre decodes
422  //Do not allow "disable encryption" as passwords cannot be decrypted
423  print '<a href="security.php?action=disable_encrypt">'.$langs->trans("Disable").'</a>';
424  }
425  else
426  {
427  print '-';
428  }
429  print "</td>";
430 }
431 print "</td>";
432 print '</tr>';
433 
434 // Cryptage du mot de base de la base dans conf.php
435 
436 print '<tr class="oddeven">';
437 print '<td colspan="3">'.$langs->trans("MainDbPasswordFileConfEncrypted").'</td>';
438 print '<td align="center" width="60">';
439 if (preg_match('/crypted:/i',$dolibarr_main_db_pass) || ! empty($dolibarr_main_db_encrypted_pass))
440 {
441  print img_picto($langs->trans("Active"),'tick');
442 }
443 
444 print '</td>';
445 
446 print '<td align="center" width="100">';
447 if (empty($dolibarr_main_db_pass) && empty($dolibarr_main_db_encrypted_pass))
448 {
449  $langs->load("errors");
450  print img_warning($langs->trans("WarningPassIsEmpty"));
451 }
452 else
453 {
454  if (empty($dolibarr_main_db_encrypted_pass))
455  {
456  print '<a href="security.php?action=activate_encryptdbpassconf">'.$langs->trans("Activate").'</a>';
457  }
458  if (! empty($dolibarr_main_db_encrypted_pass))
459  {
460  print '<a href="security.php?action=disable_encryptdbpassconf">'.$langs->trans("Disable").'</a>';
461  }
462 }
463 print "</td>";
464 
465 print "</td>";
466 print '</tr>';
467 
468 
469 // Disable link "Forget password" on logon
470 
471 print '<tr class="oddeven">';
472 print '<td colspan="3">'.$langs->trans("DisableForgetPasswordLinkOnLogonPage").'</td>';
473 print '<td align="center" width="60">';
474 if(! empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK))
475 {
476  print img_picto($langs->trans("Active"),'tick');
477 }
478 print '</td>';
479 if (empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK))
480 {
481  print '<td align="center" width="100">';
482  print '<a href="security.php?action=activate_MAIN_SECURITY_DISABLEFORGETPASSLINK">'.$langs->trans("Activate").'</a>';
483  print "</td>";
484 }
485 if (!empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK))
486 {
487  print '<td align="center" width="100">';
488  print '<a href="security.php?action=disable_MAIN_SECURITY_DISABLEFORGETPASSLINK">'.$langs->trans("Disable").'</a>';
489  print "</td>";
490 }
491 print "</td>";
492 print '</tr>';
493 
494 
495 print '</table>';
496 print '</form>';
497 
498 
499 //print '<tr><td colspan="2" align="center"><input type="submit" class="button" value="'.$langs->trans("Save").'"></td></tr>';
500 
501 print '</div>';
502 
503 // End of page
504 llxFooter();
505 $db->close();
img_warning($titlealt='default', $moreatt='')
Show warning logo.
llxFooter()
Empty footer.
Definition: wrapper.php:56
load_fiche_titre($titre, $morehtmlright='', $picto='title_generic.png', $pictoisfullpath=0, $id='', $morecssontable='', $morehtmlcenter='')
Load a title with picto.
GETPOST($paramname, $check='none', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
print
Draft customers invoices.
Definition: index.php:91
setEventMessages($mesg, $mesgs, $style='mesgs')
Set event messages in dol_events session object.
if(! empty($conf->facture->enabled) && $user->rights->facture->lire) if(! empty($conf->fournisseur->enabled) && $user->rights->fournisseur->facture->lire) if(! empty($conf->don->enabled) && $user->rights->societe->lire) if(! empty($conf->tax->enabled) && $user->rights->tax->charges->lire) if(! empty($conf->facture->enabled) &&! empty($conf->commande->enabled) && $user->rights->commande->lire &&empty($conf->global->WORKFLOW_DISABLE_CREATE_INVOICE_FROM_ORDER)) if(! empty($conf->facture->enabled) && $user->rights->facture->lire) if(! empty($conf->fournisseur->enabled) && $user->rights->fournisseur->facture->lire) $resql
Social contributions to pay.
Definition: index.php:1053
dolibarr_set_const($db, $name, $value, $type='chaine', $visible=0, $note='', $entity=1)
Insert a parameter (key,value) into database (delete old key then insert it again).
Definition: admin.lib.php:510
dol_print_error($db='', $error='', $errors=null)
Affiche message erreur system avec toutes les informations pour faciliter le diagnostic et la remonte...
if(! GETPOST('transkey', 'alphanohtml') &&! GETPOST('transphrase', 'alphanohtml')) else
View.
Definition: notice.php:43
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0)
Show a message to say access is forbidden and stop program Calling this function terminate execution ...
Class to manage generation of HTML components Only common components must be here.
dolibarr_del_const($db, $name, $entity=1)
Effacement d&#39;une constante dans la base de donnees.
Definition: admin.lib.php:435
dol_encode($chain, $key='1')
Encode a string with base 64 algorithm + specific delta change.
llxHeader()
Empty header.
Definition: wrapper.php:44
security_prepare_head()
Prepare array with list of tabs.
Definition: admin.lib.php:606
encodedecode_dbpassconf($level=0)
Encode or decode database password in config file.
dol_hash($chain, $type='0')
Returns a hash of a string.
img_picto($titlealt, $picto, $moreatt='', $pictoisfullpath=false, $srconly=0, $notitle=0, $alt='', $morecss='')
Show picto whatever it&#39;s its name (generic function)
dol_fiche_head($links=array(), $active='0', $title='', $notab=0, $picto='', $pictoisfullpath=0, $morehtmlright='', $morecss='')
Show tab header of a card.
if(GETPOST('button_removefilter_x', 'alpha')||GETPOST('button_removefilter.x', 'alpha')||GETPOST('button_removefilter', 'alpha')) if(GETPOST('button_search_x', 'alpha')||GETPOST('button_search.x', 'alpha')||GETPOST('button_search', 'alpha')) if($action=="save" &&empty($cancel)) $wikihelp
View.
Definition: agenda.php:120