de/dd0/passwordreset_8tpl_8php_source.html

 <?php

 /* Copyright (C) 2022 Laurent Destailleur <eldy@users.sourceforge.net>

  *

  * This program is free software; you can redistribute it and/or modify

  * it under the terms of the GNU General Public License as published by

  * the Free Software Foundation; either version 3 of the License, or

  * (at your option) any later version.

  *

  * This program is distributed in the hope that it will be useful,

  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  * GNU General Public License for more details.

  *

  * You should have received a copy of the GNU General Public License

  * along with this program. If not, see <https://www.gnu.org/licenses/>.

  */


 // To show this page, we need parameters: setnewpassword=1&username=...&passworduidhash=...


 if (!defined('NOBROWSERNOTIF')) {

   define('NOBROWSERNOTIF', 1);

 }


 // Protection to avoid direct call of template

 if (empty($conf) || !is_object($conf)) {

   print "Error, template page can't be called as URL";

   exit;

 }


 // DDOS protection

 $size = (int) $_SERVER['CONTENT_LENGTH'];

 if ($size > 10000) {

   $langs->loadLangs(array("errors", "install"));

   httponly_accessforbidden('<center>'.$langs->trans("ErrorRequestTooLarge").'<br><a href="'.DOL_URL_ROOT.'">'.$langs->trans("ClickHereToGoToApp").'</a></center>', 413, 1);

 }


 require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';


 header('Cache-Control: Public, must-revalidate');

 header("Content-type: text/html; charset=".$conf->file->character_set_client);


 if (GETPOST('dol_hide_topmenu')) {

   $conf->dol_hide_topmenu = 1;

 }

 if (GETPOST('dol_hide_leftmenu')) {

   $conf->dol_hide_leftmenu = 1;

 }

 if (GETPOST('dol_optimize_smallscreen')) {

   $conf->dol_optimize_smallscreen = 1;

 }

 if (GETPOST('dol_no_mouse_hover')) {

   $conf->dol_no_mouse_hover = 1;

 }

 if (GETPOST('dol_use_jmobile')) {

   $conf->dol_use_jmobile = 1;

 }


 // If we force to use jmobile, then we reenable javascript

 if (!empty($conf->dol_use_jmobile)) {

   $conf->use_javascript_ajax = 1;

 }


 $php_self = $_SERVER['PHP_SELF'];

 $php_self .= dol_escape_htmltag($_SERVER["QUERY_STRING"]) ? '?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]) : '';

 $php_self = str_replace('action=validatenewpassword', '', $php_self);


 $titleofpage = $langs->trans('ResetPassword');


 // Javascript code on logon page only to detect user tz, dst_observed, dst_first, dst_second

 $arrayofjs = array();


 $disablenofollow = 1;

 if (!preg_match('/'.constant('DOL_APPLICATION_TITLE').'/', $title)) {

   $disablenofollow = 0;

 }

 if (!empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) {

   $disablenofollow = 0;

 }


 top_htmlhead('', $titleofpage, 0, 0, $arrayofjs, array(), 1, $disablenofollow);


 $colorbackhmenu1 = '60,70,100'; // topmenu

 if (!isset($conf->global->THEME_ELDY_TOPMENU_BACK1)) {

   $conf->global->THEME_ELDY_TOPMENU_BACK1 = $colorbackhmenu1;

 }

 $colorbackhmenu1 = empty($user->conf->THEME_ELDY_ENABLE_PERSONALIZED) ? (empty($conf->global->THEME_ELDY_TOPMENU_BACK1) ? $colorbackhmenu1 : $conf->global->THEME_ELDY_TOPMENU_BACK1) : (empty($user->conf->THEME_ELDY_TOPMENU_BACK1) ? $colorbackhmenu1 : $user->conf->THEME_ELDY_TOPMENU_BACK1);

 $colorbackhmenu1 = join(',', colorStringToArray($colorbackhmenu1)); // Normalize value to 'x,y,z'


 $edituser = new User($db);


 // Validate parameters

 if ($setnewpassword && $username && $passworduidhash) {

   $result = $edituser->fetch('', $username);

   if ($result < 0) {

     $message = '<div class="error">'.dol_escape_htmltag($langs->trans("ErrorTechnicalError")).'</div>';

   } else {

     global $dolibarr_main_instance_unique_id;


     //print $edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id.' '.$passworduidhash;

     if ($edituser->pass_temp && dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id, $passworduidhash)) {

       // Clear session

       unset($_SESSION['dol_login']);


       // Parameters to reset the user are validated

     } else {

       $langs->load("errors");

       $message = '<div class="error">'.$langs->trans("ErrorFailedToValidatePasswordReset").'</div>';

     }

   }

 } else {

   $langs->load("errors");

   $message = '<div class="error">'.$langs->trans("ErrorFailedToValidatePasswordReset").'</div>';

 }


 ?>

 <!-- BEGIN PHP TEMPLATE PASSWORDRESET.TPL.PHP -->


 <body class="body bodylogin"<?php print empty($conf->global->MAIN_LOGIN_BACKGROUND) ? '' : ' style="background-size: cover; background-position: center center; background-attachment: fixed; background-repeat: no-repeat; background-image: url(\''.DOL_URL_ROOT.'/viewimage.php?cache=1&noalt=1&modulepart=mycompany&file='.urlencode('logos/'.$conf->global->MAIN_LOGIN_BACKGROUND).'\')"'; ?>>


 <?php if (empty($conf->dol_use_jmobile)) { ?>

 <script>

 $(document).ready(function () {

   // Set focus on correct field

   <?php if ($focus_element) {

     ?>$('#<?php echo $focus_element; ?>').focus(); <?php

   } ?>    // Warning to use this only on visible element

 });

 </script>

 <?php } ?>


 <div class="login_center center"<?php

 if (empty($conf->global->ADD_UNSPLASH_LOGIN_BACKGROUND)) {

   $backstyle = 'background: linear-gradient('.($conf->browser->layout == 'phone' ? '0deg' : '4deg').', rgb(240,240,240) 52%, rgb('.$colorbackhmenu1.') 52.1%);';

   // old style:  $backstyle = 'background-image: linear-gradient(rgb('.$colorbackhmenu1.',0.3), rgb(240,240,240));';

   $backstyle = getDolGlobalString('MAIN_LOGIN_BACKGROUND_STYLE', $backstyle);

   print empty($conf->global->MAIN_LOGIN_BACKGROUND) ? ' style="background-size: cover; background-position: center center; background-attachment: fixed; background-repeat: no-repeat; '.$backstyle.'"' : '';

 }

 ?>>

 <div class="login_vertical_align">


 <form id="login" name="login" method="POST" action="<?php echo $php_self; ?>">

 <input type="hidden" name="token" value="<?php echo newToken(); ?>">

 <input type="hidden" name="action" value="buildnewpassword">


 <!-- Title with version -->

 <div class="login_table_title center" title="<?php echo dol_escape_htmltag($title); ?>">

 <?php

 if (!empty($disablenofollow)) {

   echo '<a class="login_table_title" href="https://www.dolibarr.org" target="_blank" rel="noopener noreferrer external">';

 }

 echo dol_escape_htmltag($title);

 if (!empty($disablenofollow)) {

   echo '</a>';

 }

 ?>

 </div>


 <div class="login_table">


 <div id="login_line1">


 <div id="login_left">

 <img alt="" title="" src="<?php echo $urllogo; ?>" id="img_logo" />

 </div>


 <br>


 <div id="login_right">


 <div class="tagtable centpercent" title="Login pass" >


 <!-- New pass 1 -->

 <div class="trinputlogin">

 <div class="tagtd nowraponall center valignmiddle tdinputlogin">

 <!-- <span class="span-icon-user">-->

 <span class="fa fa-user"></span>

 <input type="text" maxlength="255" placeholder="<?php echo $langs->trans("NewPassword"); ?>" <?php echo $disabled; ?> id="newpass1" name="newpass1" class="flat input-icon-user minwidth150" value="<?php echo dol_escape_htmltag($newpass1); ?>" tabindex="1" autofocus />

 </div>

 </div>

 <div class="trinputlogin">

 <div class="tagtd nowraponall center valignmiddle tdinputlogin">

 <!-- <span class="span-icon-user">-->

 <span class="fa fa-user"></span>

 <input type="text" maxlength="255" placeholder="<?php echo $langs->trans("PasswordRetype"); ?>" <?php echo $disabled; ?> id="newpass2" name="newpass2" class="flat input-icon-user minwidth150" value="<?php echo dol_escape_htmltag($newpass2); ?>" tabindex="1" />

 </div>

 </div>


 <?php

 $captcha = 0;

 if (!empty($captcha)) {

   // Add a variable param to force not using cache (jmobile)

   $php_self = preg_replace('/[&\?]time=(\d+)/', '', $php_self); // Remove param time

   if (preg_match('/\?/', $php_self)) {

     $php_self .= '&time='.dol_print_date(dol_now(), 'dayhourlog');

   } else {

     $php_self .= '?time='.dol_print_date(dol_now(), 'dayhourlog');

   }

   // TODO: provide accessible captcha variants

   ?>

   <!-- Captcha -->

   <div class="trinputlogin">

   <div class="tagtd tdinputlogin nowrap none valignmiddle">


   <span class="fa fa-unlock"></span>

   <span class="nofa inline-block">

   <input id="securitycode" placeholder="<?php echo $langs->trans("SecurityCode"); ?>" class="flat input-icon-security width125" type="text" maxlength="5" name="code" tabindex="3" autocomplete="off" />

   </span>

   <span class="nowrap inline-block">

   <img class="inline-block valignmiddle" src="<?php echo DOL_URL_ROOT ?>/core/antispamimage.php" border="0" width="80" height="32" id="img_securitycode" />

   <a class="inline-block valignmiddle" href="<?php echo $php_self; ?>" tabindex="4"><?php echo $captcha_refresh; ?></a>

   </span>


   </div></div>

   <?php

 }


 if (!empty($morelogincontent)) {

   if (is_array($morelogincontent)) {

     foreach ($morelogincontent as $format => $option) {

       if ($format == 'table') {

         echo '<!-- Option by hook -->';

         echo $option;

       }

     }

   } else {

     echo '<!-- Option by hook -->';

     echo $morelogincontent;

   }

 }

 ?>


 </div>


 </div> <!-- end div login_right -->


 </div> <!-- end div login_line1 -->


 <div id="login_line2" style="clear: both">


 <!-- Button "Regenerate and Send password" -->

 <br><input type="submit" <?php echo $disabled; ?> class="button small" name="button_password" value="<?php echo $langs->trans('Save'); ?>" tabindex="4" />


 <br>

 <div class="center" style="margin-top: 15px;">

   <?php

   $moreparam = '';

   if (!empty($conf->dol_hide_topmenu)) {

     $moreparam .= (strpos($moreparam, '?') === false ? '?' : '&').'dol_hide_topmenu='.$conf->dol_hide_topmenu;

   }

   if (!empty($conf->dol_hide_leftmenu)) {

     $moreparam .= (strpos($moreparam, '?') === false ? '?' : '&').'dol_hide_leftmenu='.$conf->dol_hide_leftmenu;

   }

   if (!empty($conf->dol_no_mouse_hover)) {

     $moreparam .= (strpos($moreparam, '?') === false ? '?' : '&').'dol_no_mouse_hover='.$conf->dol_no_mouse_hover;

   }

   if (!empty($conf->dol_use_jmobile)) {

     $moreparam .= (strpos($moreparam, '?') === false ? '?' : '&').'dol_use_jmobile='.$conf->dol_use_jmobile;

   }


   print '<a class="alogin" href="'.$dol_url_root.'/index.php'.$moreparam.'">'.$langs->trans('BackToLoginPage').'</a>';

   ?>

 </div>


 </div>


 </div>


 </form>


 <?php

 if ($mode == 'dolibarr' || !$disabled) {

   if (empty($message)) {

     print '<div class="center login_main_home divpasswordmessagedesc paddingtopbottom'.(empty($conf->global->MAIN_LOGIN_BACKGROUND) ? '' : ' backgroundsemitransparent boxshadow').'" style="max-width: 70%">';

     print '<span class="passwordmessagedesc opacitymedium">';

     print $langs->trans('EnterNewPasswordHere');

     print '</span>';

     print '</div>';

   }

 } else {

   print '<div class="center login_main_home divpasswordmessagedesc paddingtopbottom'.(empty($conf->global->MAIN_LOGIN_BACKGROUND) ? '' : ' backgroundsemitransparent boxshadow').'" style="max-width: 70%">';

   print '<div class="warning center">';

   print $langs->trans('AuthenticationDoesNotAllowSendNewPassword', $mode);

   print '</div>';

   print '</div>';

 }

 ?>


 <br>


 <?php if (!empty($message)) { ?>

   <div class="center login_main_message">

   <?php dol_htmloutput_mesg($message, '', '', 1); ?>

   </div>

 <?php } ?>


 <!-- Common footer is not used for passwordforgotten page, this is same than footer but inside passwordforgotten tpl -->


 <?php

 if (!empty($conf->global->MAIN_HTML_FOOTER)) {

   print $conf->global->MAIN_HTML_FOOTER;

 }


 if (!empty($morelogincontent) && is_array($morelogincontent)) {

   foreach ($morelogincontent as $format => $option) {

     if ($format == 'js') {

       echo "\n".'<!-- Javascript by hook -->';

       echo $option."\n";

     }

   }

 } elseif (!empty($moreloginextracontent)) {

   echo '<!-- Javascript by hook -->';

   echo $moreloginextracontent;

 }


 // Google Analytics

 // TODO Add a hook here

 if (!empty($conf->google->enabled) && !empty($conf->global->MAIN_GOOGLE_AN_ID)) {

   $tmptagarray = explode(',', $conf->global->MAIN_GOOGLE_AN_ID);

   foreach ($tmptagarray as $tmptag) {

     print "\n";

     print "<!-- JS CODE TO ENABLE for google analtics tag -->\n";

     print "

           <!-- Global site tag (gtag.js) - Google Analytics -->

           <script async src=\"https://www.googletagmanager.com/gtag/js?id=".trim($tmptag)."\"></script>

           <script>

           window.dataLayer = window.dataLayer || [];

           function gtag(){dataLayer.push(arguments);}

           gtag('js', new Date());


           gtag('config', '".trim($tmptag)."');

           </script>";

     print "\n";

   }

 }


 // TODO Replace this with a hook

 // Google Adsense (need Google module)

 if (!empty($conf->google->enabled) && !empty($conf->global->MAIN_GOOGLE_AD_CLIENT) && !empty($conf->global->MAIN_GOOGLE_AD_SLOT)) {

   if (empty($conf->dol_use_jmobile)) {

     ?>

   <div class="center"><br>

     <script><!--

       google_ad_client = "<?php echo $conf->global->MAIN_GOOGLE_AD_CLIENT ?>";

       google_ad_slot = "<?php echo $conf->global->MAIN_GOOGLE_AD_SLOT ?>";

       google_ad_width = <?php echo $conf->global->MAIN_GOOGLE_AD_WIDTH ?>;

       google_ad_height = <?php echo $conf->global->MAIN_GOOGLE_AD_HEIGHT ?>;

       //-->

     </script>

     <script src="//pagead2.googlesyndication.com/pagead/show_ads.js"></script>

   </div>

     <?php

   }

 }

 ?>


 </div>

 </div>  <!-- end of center -->


 </body>

 </html>

 <!-- END PHP TEMPLATE -->

User
Class to manage Dolibarr users.
Definition: user.class.php:47

colorStringToArray
colorStringToArray($stringcolor, $colorifnotfound=array(88, 88, 88))
Convert a string RGB value ('FFFFFF', '255,255,255') into an array RGB array(255,255,...
Definition: functions2.lib.php:2412

dol_escape_htmltag
dol_escape_htmltag($stringtoescape, $keepb=0, $keepn=0, $noescapetags='', $escapeonlyhtmltags=0)
Returns text escaped for inclusion in HTML alt or title tags, or into values of HTML input fields.
Definition: functions.lib.php:1493

dol_now
dol_now($mode='auto')
Return date for now.
Definition: functions.lib.php:2951

newToken
newToken()
Return the value of token currently saved into session with name 'newtoken'.
Definition: functions.lib.php:11295

GETPOST
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
Definition: functions.lib.php:520

dol_htmloutput_mesg
dol_htmloutput_mesg($mesgstring='', $mesgarray=array(), $style='ok', $keepembedded=0)
Print formated messages to output (Used to show messages on html output).
Definition: functions.lib.php:8628

top_htmlhead
top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs='', $arrayofcss='', $disableforlogin=0, $disablenofollow=0, $disablenoindex=0)
Ouput html header of a page.
Definition: main.inc.php:1571

type
if(preg_match('/crypted:/i', $dolibarr_main_db_pass)||!empty($dolibarr_main_db_encrypted_pass)) $conf db type
Definition: repair.php:119

name
$conf db name
Only used if Module[ID]Name translation string is not found.
Definition: repair.php:122

dol_verifyHash
dol_verifyHash($chain, $hash, $type='0')
Compute a hash and compare it to the given one For backward compatibility reasons,...
Definition: security.lib.php:263

httponly_accessforbidden
httponly_accessforbidden($message=1, $http_response_code=403, $stringalreadysanitized=0)
Show a message to say access is forbidden and stop program.
Definition: security.lib.php:1098