dolibarr  7.0.0-beta
functions_dolibarr.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2007-2015 Laurent Destailleur <eldy@users.sourceforge.net>
3  * Copyright (C) 2007-2015 Regis Houssin <regis.houssin@capnetworks.com>
4  * Copyright (C) 2010-2011 Juanjo Menent <jmenent@2byte.es>
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 3 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program. If not, see <http://www.gnu.org/licenses/>.
18  */
19 
36 function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest=1)
37 {
38  global $db,$conf,$langs;
39 
40  // Force master entity in transversal mode
41  $entity=$entitytotest;
42  if (! empty($conf->multicompany->enabled) && ! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) $entity=1;
43 
44  $login='';
45 
46  if (! empty($usertotest))
47  {
48  dol_syslog("functions_dolibarr::check_user_password_dolibarr usertotest=".$usertotest." passwordtotest=".preg_replace('/./','*',$passwordtotest)." entitytotest=".$entitytotest);
49 
50  // If test username/password asked, we define $test=false if ko and $login var to login if ok, set also $_SESSION["dol_loginmesg"] if ko
51  $table = MAIN_DB_PREFIX."user";
52  $usernamecol1 = 'login';
53  $usernamecol2 = 'email';
54  $entitycol = 'entity';
55 
56  $sql ='SELECT rowid, login, entity, pass, pass_crypted';
57  $sql.=' FROM '.$table;
58  $sql.=' WHERE ('.$usernamecol1." = '".$db->escape($usertotest)."'";
59  if (preg_match('/@/',$usertotest)) $sql.=' OR '.$usernamecol2." = '".$db->escape($usertotest)."'";
60  $sql.=') AND '.$entitycol." IN (0," . ($entity ? $entity : 1) . ")";
61  $sql.=' AND statut = 1';
62  // Required to first found the user into entity, then the superadmin.
63  // For the case (TODO and that we must avoid) a user has renamed its login with same value than a user in entity 0.
64  $sql.=' ORDER BY entity DESC';
65 
66  $resql=$db->query($sql);
67  if ($resql)
68  {
69  $obj=$db->fetch_object($resql);
70  if ($obj)
71  {
72  $passclear=$obj->pass;
73  $passcrypted=$obj->pass_crypted;
74  $passtyped=$passwordtotest;
75 
76  $passok=false;
77 
78  // Check crypted password
79  $cryptType='';
80  if (! empty($conf->global->DATABASE_PWD_ENCRYPTED)) $cryptType=$conf->global->DATABASE_PWD_ENCRYPTED;
81 
82  // By default, we used MD5
83  if (! in_array($cryptType,array('md5'))) $cryptType='md5';
84  // Check crypted password according to crypt algorithm
85  if ($cryptType == 'md5')
86  {
87  if (dol_hash($passtyped) == $passcrypted)
88  {
89  $passok=true;
90  dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - ".$cryptType." of pass is ok");
91  }
92  }
93 
94  // For compatibility with old versions
95  if (! $passok)
96  {
97  if ((! $passcrypted || $passtyped)
98  && ($passclear && ($passtyped == $passclear)))
99  {
100  $passok=true;
101  dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - found pass in database");
102  }
103  }
104 
105  // Password ok ?
106  if ($passok)
107  {
108  $login=$obj->login;
109  }
110  else
111  {
112  dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko bad password for '".$usertotest."'");
113  sleep(2); // Anti brut force protection
114  $langs->load('main');
115  $langs->load('errors');
116  $_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadLoginPassword");
117  }
118 
119  // We must check entity
120  if ($passok && ! empty($conf->multicompany->enabled)) // We must check entity
121  {
122  global $mc;
123 
124  if (! isset($mc)) $conf->multicompany->enabled = false; // Global not available, disable $conf->multicompany->enabled for safety
125  else
126  {
127  $ret = $mc->checkRight($obj->rowid, $entitytotest);
128  if ($ret < 0)
129  {
130  dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko entity '" . $entitytotest . "' not allowed for user '" . $obj->rowid . "'");
131  $login = ''; // force authentication failure
132  }
133  }
134  }
135  }
136  else
137  {
138  dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko user not found for '".$usertotest."'");
139  sleep(1);
140  $langs->load('main');
141  $langs->load('errors');
142  $_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadLoginPassword");
143  }
144  }
145  else
146  {
147  dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko db error for '".$usertotest."' error=".$db->lasterror());
148  sleep(1);
149  $_SESSION["dol_loginmesg"]=$db->lasterror();
150  }
151  }
152 
153  return $login;
154 }
155 
156 
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='')
Write log message into outputs.
check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotest=1)
Check validity of user/password/entity If test is ko, reason must be filled into $_SESSION["dol_login...
if(!empty($conf->facture->enabled)&&$user->rights->facture->lire) if(!empty($conf->fournisseur->enabled)&&$user->rights->fournisseur->facture->lire) if(!empty($conf->don->enabled)&&$user->rights->societe->lire) if(!empty($conf->tax->enabled)&&$user->rights->tax->charges->lire) if(!empty($conf->facture->enabled)&&!empty($conf->commande->enabled)&&$user->rights->commande->lire &&empty($conf->global->WORKFLOW_DISABLE_CREATE_INVOICE_FROM_ORDER)) if(!empty($conf->facture->enabled)&&$user->rights->facture->lire) if(!empty($conf->fournisseur->enabled)&&$user->rights->fournisseur->facture->lire) $resql
Social contributions to pay.
Definition: index.php:1013
dol_hash($chain, $type='0')
Returns a hash of a string.