functions_dolibarr.php

Go to the documentation of this file.

<?php
/* Copyright (C) 2007-2015 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2007-2015 Regis Houssin        <regis.houssin@inodbox.com>
 * Copyright (C) 2010-2011 Juanjo Menent    <jmenent@2byte.es>
 * Copyright (C) 2022      Harry Winner Kamdem  <harry@sense.africa>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <https://www.gnu.org/licenses/>.
 */
 
function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotest = 1)
{
  global $db, $conf, $langs;
 
  // Force master entity in transversal mode
  $entity = $entitytotest;
  if (isModEnabled('multicompany') && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) {
    $entity = 1;
  }
 
  $login = '';
 
  if (!empty($usertotest)) {
    require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
    dol_syslog("functions_dolibarr::check_user_password_dolibarr usertotest=".$usertotest." passwordtotest=".preg_replace('/./', '*', $passwordtotest)." entitytotest=".$entitytotest);
 
    // If test username/password asked, we define $test=false if ko and $login var to login if ok, set also $_SESSION["dol_loginmesg"] if ko
    $table = MAIN_DB_PREFIX."user";
    $usernamecol1 = 'login';
    $usernamecol2 = 'email';
    $entitycol = 'entity';
 
    $sql = "SELECT rowid, login, entity, pass, pass_crypted, datestartvalidity, dateendvalidity, flagdelsessionsbefore";
    $sql .= " FROM ".$table;
    $sql .= " WHERE (".$usernamecol1." = '".$db->escape($usertotest)."'";
    if (preg_match('/@/', $usertotest)) {
      $sql .= " OR ".$usernamecol2." = '".$db->escape($usertotest)."'";
    }
    $sql .= ") AND ".$entitycol." IN (0,".($entity ? ((int) $entity) : 1).")";
    $sql .= " AND statut = 1";
    // Order is required to firstly found the user into entity, then the superadmin.
    // For the case (TODO: we must avoid that) a user has renamed its login with same value than a user in entity 0.
    $sql .= " ORDER BY entity DESC";
 
    // Note: Test on validity is done later natively with isNotIntoValidityDateRange() by core after calling checkLoginPassEntity() that call this method
 
    $resql = $db->query($sql);
    if ($resql) {
      $obj = $db->fetch_object($resql);
      if ($obj) {
        $passclear = $obj->pass;
        $passcrypted = $obj->pass_crypted;
        $passtyped = $passwordtotest;
 
        $passok = false;
 
        // Check crypted password
        $cryptType = '';
        if (!empty($conf->global->DATABASE_PWD_ENCRYPTED)) {
          $cryptType = $conf->global->DATABASE_PWD_ENCRYPTED;
        }
 
        // By default, we use default setup for encryption rule
        if (!in_array($cryptType, array('auto'))) {
          $cryptType = 'auto';
        }
        // Check crypted password according to crypt algorithm
        if ($cryptType == 'auto') {
          if ($passcrypted && dol_verifyHash($passtyped, $passcrypted, '0')) {
            $passok = true;
            dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - hash ".$cryptType." of pass is ok");
          }
        }
 
        // For compatibility with very old versions
        if (!$passok) {
          if ((!$passcrypted || $passtyped)
            && ($passclear && ($passtyped == $passclear))) {
            $passok = true;
            dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - found old pass in database", LOG_WARNING);
          }
        }
 
        // Password ok ?
        if ($passok) {
          $login = $obj->login;
        } else {
          dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentication KO bad password for '".$usertotest."', cryptType=".$cryptType, LOG_NOTICE);
          sleep(1); // Anti brut force protection. Must be same delay when login is not valid
 
          // Load translation files required by the page
          $langs->loadLangs(array('main', 'errors'));
 
          $_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorBadLoginPassword");
        }
 
        // We must check entity
        if ($passok && isModEnabled('multicompany')) {  // We must check entity
          global $mc;
 
          if (!isset($mc)) {
            !isModEnabled('multicompany'); // Global not available, disable $conf->multicompany->enabled for safety
          } else {
            $ret = $mc->checkRight($obj->rowid, $entitytotest);
            if ($ret < 0) {
              dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentication KO entity '".$entitytotest."' not allowed for user '".$obj->rowid."'", LOG_NOTICE);
 
              $login = ''; // force authentication failure
              if ($mc->db->lasterror()) {
                $_SESSION["dol_loginmesg"] = $mc->db->lasterror();
              }
            }
          }
        }
      } else {
        dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentication KO user not found for '".$usertotest."'", LOG_NOTICE);
        sleep(1); // Anti brut force protection. Must be same delay when password is not valid
 
        // Load translation files required by the page
        $langs->loadLangs(array('main', 'errors'));
 
        $_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorBadLoginPassword");
      }
    } else {
      dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentication KO db error for '".$usertotest."' error=".$db->lasterror(), LOG_ERR);
      sleep(1);
      $_SESSION["dol_loginmesg"] = $db->lasterror();
    }
  }
 
  return $login;
}