dolibarr 18.0.7
passwordforgotten.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2007-2011 Laurent Destailleur <eldy@users.sourceforge.net>
3 * Copyright (C) 2008-2012 Regis Houssin <regis.houssin@inodbox.com>
4 * Copyright (C) 2008-2011 Juanjo Menent <jmenent@2byte.es>
5 * Copyright (C) 2014 Teddy Andreotti <125155@supinfo.com>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <https://www.gnu.org/licenses/>.
19 */
20
26define("NOLOGIN", 1); // This means this output page does not require to be logged.
27
28// Load Dolibarr environment
29require '../main.inc.php';
30require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
31require_once DOL_DOCUMENT_ROOT.'/core/lib/usergroups.lib.php';
32require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
33if (isModEnabled('ldap')) {
34 require_once DOL_DOCUMENT_ROOT.'/core/class/ldap.class.php';
35}
36
37// Load translation files required by page
38$langs->loadLangs(array('errors', 'users', 'companies', 'ldap', 'other'));
39
40// Security check
41if (!empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK)) {
42 header("Location: ".DOL_URL_ROOT.'/');
43 exit;
44}
45
46$action = GETPOST('action', 'aZ09');
47$mode = $dolibarr_main_authentication;
48if (!$mode) {
49 $mode = 'http';
50}
51
52$username = GETPOST('username', 'alphanohtml');
53$passworduidhash = GETPOST('passworduidhash', 'alpha');
54$setnewpassword = GETPOST('setnewpassword', 'aZ09');
55
56$conf->entity = (GETPOST('entity', 'int') ? GETPOST('entity', 'int') : 1);
57
58// Instantiate hooks of thirdparty module only if not already define
59$hookmanager->initHooks(array('passwordforgottenpage'));
60
61
62if (GETPOST('dol_hide_leftmenu', 'alpha') || !empty($_SESSION['dol_hide_leftmenu'])) {
63 $conf->dol_hide_leftmenu = 1;
64}
65if (GETPOST('dol_hide_topmenu', 'alpha') || !empty($_SESSION['dol_hide_topmenu'])) {
66 $conf->dol_hide_topmenu = 1;
67}
68if (GETPOST('dol_optimize_smallscreen', 'alpha') || !empty($_SESSION['dol_optimize_smallscreen'])) {
69 $conf->dol_optimize_smallscreen = 1;
70}
71if (GETPOST('dol_no_mouse_hover', 'alpha') || !empty($_SESSION['dol_no_mouse_hover'])) {
72 $conf->dol_no_mouse_hover = 1;
73}
74if (GETPOST('dol_use_jmobile', 'alpha') || !empty($_SESSION['dol_use_jmobile'])) {
75 $conf->dol_use_jmobile = 1;
76}
77
78
83$parameters = array('username' => $username);
84$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
85if ($reshook < 0) {
86 $message = $hookmanager->error;
87} else $message = '';
88
89if (empty($reshook)) {
90 // Validate new password
91 if ($action == 'validatenewpassword' && $username && $passworduidhash) {
92 $edituser = new User($db);
93 $result = $edituser->fetch('', $username, '', 0, $conf->entity);
94 if ($result < 0) {
95 $message = '<div class="error">'.dol_escape_htmltag($langs->trans("ErrorTechnicalError")).'</div>';
96 } else {
97 global $conf;
98
99 //print $edituser->pass_temp.'-'.$edituser->id.'-'.$conf->file->instance_unique_id.' '.$passworduidhash;
100 if ($edituser->pass_temp && dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$conf->file->instance_unique_id, $passworduidhash)) {
101 // Clear session
102 unset($_SESSION['dol_login']);
103 $_SESSION['dol_loginmesg'] = '<!-- warning -->'.$langs->transnoentitiesnoconv('NewPasswordValidated'); // Save message for the session page
104
105 $newpassword = $edituser->setPassword($user, $edituser->pass_temp, 0);
106 dol_syslog("passwordforgotten.php new password for user->id=".$edituser->id." validated in database");
107
108 header("Location: ".DOL_URL_ROOT.'/');
109 exit;
110 } else {
111 $langs->load("errors");
112 $message = '<div class="error">'.$langs->trans("ErrorFailedToValidatePasswordReset").'</div>';
113 }
114 }
115 }
116
117 // Action to set a temporary password and send email for reset
118 if ($action == 'buildnewpassword' && $username) {
119 $sessionkey = 'dol_antispam_value';
120 $ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) == strtolower(GETPOST('code'))));
121
122 // Verify code
123 if (!$ok) {
124 $message = '<div class="error">'.$langs->trans("ErrorBadValueForCode").'</div>';
125 } else {
126 $isanemail = preg_match('/@/', $username);
127
128 $edituser = new User($db);
129 $result = $edituser->fetch('', $username, '', 1, $conf->entity);
130 if ($result == 0 && $isanemail) {
131 $result = $edituser->fetch('', '', '', 1, $conf->entity, $username);
132 }
133
134 // If the user does not have the right to change his own password
135 if ($result > 0) {
136 $edituser->getrights('user');
137 if (!$edituser->hasRight('user', 'self', 'password')) {
138 $result = 0;
139 $edituser->error = 'USERNOTALLOWEDTOCHANGEPASS';
140 }
141 }
142
143 // Set the message to show (must be the same if login/email exists or not
144 // to avoid to guess them.
145 $messagewarning = '<div class="warning paddingtopbottom'.(empty($conf->global->MAIN_LOGIN_BACKGROUND) ? '' : ' backgroundsemitransparent boxshadow').'">';
146 if (!$isanemail) {
147 $messagewarning .= $langs->trans("IfLoginExistPasswordRequestSent");
148 } else {
149 $messagewarning .= $langs->trans("IfEmailExistPasswordRequestSent");
150 }
151 $messagewarning .= '</div>';
152
153 if ($result <= 0 && ($edituser->error == 'USERNOTFOUND' || $edituser->error == 'USERNOTALLOWEDTOCHANGEPASS')) {
154 usleep(20000); // add delay to simulate setPassword() and send_password() actions delay (0.02s)
155 $message .= $messagewarning;
156 $username = '';
157 } else {
158 if (empty($edituser->email)) {
159 usleep(20000); // add delay to simulate setPassword() and send_password() actions delay (0.02s)
160 $message .= $messagewarning;
161 } else {
162 $newpassword = $edituser->setPassword($user, '', 1);
163 if (is_int($newpassword) && $newpassword < 0) {
164 // Technical failure
165 $message = '<div class="error">'.$langs->trans("ErrorFailedToChangePassword").'</div>';
166 } else {
167 // Success
168 if ($edituser->send_password($user, $newpassword, 1) > 0) {
169 $message .= $messagewarning;
170 $username = '';
171 } else {
172 // Technical failure
173 $message .= '<div class="error">'.$edituser->error.'</div>';
174 }
175 }
176 }
177 }
178 }
179 }
180}
181
182
187$dol_url_root = DOL_URL_ROOT;
188
189// Title
190$title = 'Dolibarr '.DOL_VERSION;
191if (!empty($conf->global->MAIN_APPLICATION_TITLE)) {
192 $title = $conf->global->MAIN_APPLICATION_TITLE;
193}
194
195// Select templates
196if (file_exists(DOL_DOCUMENT_ROOT."/theme/".$conf->theme."/tpl/passwordforgotten.tpl.php")) {
197 $template_dir = DOL_DOCUMENT_ROOT."/theme/".$conf->theme."/tpl/";
198} else {
199 $template_dir = DOL_DOCUMENT_ROOT."/core/tpl/";
200}
201
202if (!$username) {
203 $focus_element = 'username';
204} else {
205 $focus_element = 'password';
206}
207
208// Send password button enabled ?
209$disabled = 'disabled';
210if (preg_match('/dolibarr/i', $mode)) {
211 $disabled = '';
212}
213if (!empty($conf->global->MAIN_SECURITY_ENABLE_SENDPASSWORD)) {
214 $disabled = ''; // To force button enabled
215}
216
217// Show logo (search in order: small company logo, large company logo, theme logo, common logo)
218$width = 0;
219$rowspan = 2;
220$urllogo = DOL_URL_ROOT.'/theme/common/login_logo.png';
221if (!empty($mysoc->logo_small) && is_readable($conf->mycompany->dir_output.'/logos/thumbs/'.$mysoc->logo_small)) {
222 $urllogo = DOL_URL_ROOT.'/viewimage.php?cache=1&amp;modulepart=mycompany&amp;file='.urlencode('logos/thumbs/'.$mysoc->logo_small);
223} elseif (!empty($mysoc->logo_small) && is_readable($conf->mycompany->dir_output.'/logos/'.$mysoc->logo)) {
224 $urllogo = DOL_URL_ROOT.'/viewimage.php?cache=1&amp;modulepart=mycompany&amp;file='.urlencode('logos/'.$mysoc->logo);
225 $width = 128;
226} elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/img/dolibarr_logo.svg')) {
227 $urllogo = DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/dolibarr_logo.svg';
228} elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/dolibarr_logo.svg')) {
229 $urllogo = DOL_URL_ROOT.'/theme/dolibarr_logo.svg';
230}
231
232// Security graphical code
233if (function_exists("imagecreatefrompng") && !$disabled) {
234 $captcha = 1;
235 $captcha_refresh = img_picto($langs->trans("Refresh"), 'refresh', 'id="captcha_refresh_img"');
236}
237
238// Execute hook getPasswordForgottenPageOptions (for table)
239$parameters = array('entity' => GETPOST('entity', 'int'));
240$hookmanager->executeHooks('getPasswordForgottenPageOptions', $parameters); // Note that $action and $object may have been modified by some hooks
241if (is_array($hookmanager->resArray) && !empty($hookmanager->resArray)) {
242 $morelogincontent = $hookmanager->resArray; // (deprecated) For compatibility
243} else {
244 $morelogincontent = $hookmanager->resPrint;
245}
246
247// Execute hook getPasswordForgottenPageExtraOptions (eg for js)
248$parameters = array('entity' => GETPOST('entity', 'int'));
249$reshook = $hookmanager->executeHooks('getPasswordForgottenPageExtraOptions', $parameters); // Note that $action and $object may have been modified by some hooks.
250$moreloginextracontent = $hookmanager->resPrint;
251
252if (empty($setnewpassword)) {
253 include $template_dir.'passwordforgotten.tpl.php'; // To use native PHP
254} else {
255 include $template_dir.'passwordreset.tpl.php'; // To use native PHP
256}
Class to manage Dolibarr users.
img_picto($titlealt, $picto, $moreatt='', $pictoisfullpath=false, $srconly=0, $notitle=0, $alt='', $morecss='', $marginleftonlyshort=2)
Show picto whatever it's its name (generic function)
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
if(empty($reshook)) $dol_url_root
View.
if(GETPOST('dol_hide_leftmenu', 'alpha')||!empty($_SESSION['dol_hide_leftmenu'])) if(GETPOST( 'dol_hide_topmenu', 'alpha')||!empty( $_SESSION[ 'dol_hide_topmenu'])) if(GETPOST('dol_optimize_smallscreen', 'alpha')||!empty($_SESSION['dol_optimize_smallscreen'])) if(GETPOST( 'dol_no_mouse_hover', 'alpha')||!empty( $_SESSION[ 'dol_no_mouse_hover'])) if(GETPOST('dol_use_jmobile', 'alpha')||!empty($_SESSION['dol_use_jmobile'])) $parameters
Actions.
dol_verifyHash($chain, $hash, $type='0')
Compute a hash and compare it to the given one For backward compatibility reasons,...