dolibarr 20.0.2
passwordforgotten.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2007-2011 Laurent Destailleur <eldy@users.sourceforge.net>
3 * Copyright (C) 2008-2012 Regis Houssin <regis.houssin@inodbox.com>
4 * Copyright (C) 2008-2011 Juanjo Menent <jmenent@2byte.es>
5 * Copyright (C) 2014 Teddy Andreotti <125155@supinfo.com>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <https://www.gnu.org/licenses/>.
19 */
20
26define("NOLOGIN", 1); // This means this output page does not require to be logged.
27
28// Load Dolibarr environment
29require '../main.inc.php';
30require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
31require_once DOL_DOCUMENT_ROOT.'/core/lib/usergroups.lib.php';
32require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
33if (isModEnabled('ldap')) {
34 require_once DOL_DOCUMENT_ROOT.'/core/class/ldap.class.php';
35}
36
37// Load translation files required by page
38$langs->loadLangs(array('errors', 'users', 'companies', 'ldap', 'other'));
39
40// Security check
41if (getDolGlobalString('MAIN_SECURITY_DISABLEFORGETPASSLINK')) {
42 header("Location: ".DOL_URL_ROOT.'/');
43 exit;
44}
45
46$action = GETPOST('action', 'aZ09');
47$mode = $dolibarr_main_authentication;
48if (!$mode) {
49 $mode = 'http';
50}
51
52$username = GETPOST('username', 'alphanohtml');
53$passworduidhash = GETPOST('passworduidhash', 'alpha');
54$setnewpassword = GETPOST('setnewpassword', 'aZ09');
55
56$conf->entity = (GETPOSTINT('entity') ? GETPOSTINT('entity') : 1);
57
58// Instantiate hooks of thirdparty module only if not already define
59$hookmanager->initHooks(array('passwordforgottenpage'));
60
61
62if (GETPOST('dol_hide_leftmenu', 'alpha') || !empty($_SESSION['dol_hide_leftmenu'])) {
63 $conf->dol_hide_leftmenu = 1;
64}
65if (GETPOST('dol_hide_topmenu', 'alpha') || !empty($_SESSION['dol_hide_topmenu'])) {
66 $conf->dol_hide_topmenu = 1;
67}
68if (GETPOST('dol_optimize_smallscreen', 'alpha') || !empty($_SESSION['dol_optimize_smallscreen'])) {
69 $conf->dol_optimize_smallscreen = 1;
70}
71if (GETPOST('dol_no_mouse_hover', 'alpha') || !empty($_SESSION['dol_no_mouse_hover'])) {
72 $conf->dol_no_mouse_hover = 1;
73}
74if (GETPOST('dol_use_jmobile', 'alpha') || !empty($_SESSION['dol_use_jmobile'])) {
75 $conf->dol_use_jmobile = 1;
76}
77
78
83$parameters = array('username' => $username);
84$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
85if ($reshook < 0) {
86 $message = $hookmanager->error;
87} else {
88 $message = '';
89}
90
91if (empty($reshook)) {
92 // Validate new password
93 if ($action == 'validatenewpassword' && $username && $passworduidhash) {
94 $edituser = new User($db);
95 $result = $edituser->fetch('', $username, '', 0, $conf->entity);
96 if ($result < 0) {
97 $message = '<div class="error">'.dol_escape_htmltag($langs->trans("ErrorTechnicalError")).'</div>';
98 } else {
99 global $conf;
100
101 //print $edituser->pass_temp.'-'.$edituser->id.'-'.$conf->file->instance_unique_id.' '.$passworduidhash;
102 if ($edituser->pass_temp && dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$conf->file->instance_unique_id, $passworduidhash)) {
103 // Clear session
104 unset($_SESSION['dol_login']);
105 $_SESSION['dol_loginmesg'] = '<!-- warning -->'.$langs->transnoentitiesnoconv('NewPasswordValidated'); // Save message for the session page
106
107 $newpassword = $edituser->setPassword($user, $edituser->pass_temp, 0);
108 dol_syslog("passwordforgotten.php new password for user->id=".$edituser->id." validated in database");
109
110 header("Location: ".DOL_URL_ROOT.'/');
111 exit;
112 } else {
113 $langs->load("errors");
114 $message = '<div class="error">'.$langs->trans("ErrorFailedToValidatePasswordReset").'</div>';
115 }
116 }
117 }
118
119 // Action to set a temporary password and send email for reset
120 if ($action == 'buildnewpassword' && $username) {
121 $sessionkey = 'dol_antispam_value';
122 $ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) == strtolower(GETPOST('code'))));
123
124 // Verify code
125 if (!$ok) {
126 $message = '<div class="error">'.$langs->trans("ErrorBadValueForCode").'</div>';
127 } else {
128 $isanemail = preg_match('/@/', $username);
129
130 $edituser = new User($db);
131 $result = $edituser->fetch('', $username, '', 1, $conf->entity);
132 if ($result == 0 && $isanemail) {
133 $result = $edituser->fetch('', '', '', 1, $conf->entity, $username);
134 }
135
136 // Set the message to show (must be the same if login/email exists or not
137 // to avoid to guess them.
138 $messagewarning = '<div class="warning paddingtopbottom'.(!getDolGlobalString('MAIN_LOGIN_BACKGROUND') ? '' : ' backgroundsemitransparent boxshadow').'">';
139 if (!$isanemail) {
140 $messagewarning .= $langs->trans("IfLoginExistPasswordRequestSent");
141 } else {
142 $messagewarning .= $langs->trans("IfEmailExistPasswordRequestSent");
143 }
144 $messagewarning .= '</div>';
145
146 if ($result <= 0 && $edituser->error == 'USERNOTFOUND') {
147 usleep(20000); // add delay to simulate setPassword() and send_password() actions delay (0.02s)
148 $message .= $messagewarning;
149 $username = '';
150 } else {
151 if (empty($edituser->email)) {
152 usleep(20000); // add delay to simulate setPassword() and send_password() actions delay (0.02s)
153 $message .= $messagewarning;
154 } else {
155 $newpassword = $edituser->setPassword($user, '', 1);
156 if (is_int($newpassword) && $newpassword < 0) {
157 // Technical failure
158 $message = '<div class="error">'.$langs->trans("ErrorFailedToChangePassword").'</div>';
159 } else {
160 // Success
161 if ($edituser->send_password($user, $newpassword, 1) > 0) {
162 $message .= $messagewarning;
163 $username = '';
164 } else {
165 // Technical failure
166 $message .= '<div class="error">'.$edituser->error.'</div>';
167 }
168 }
169 }
170 }
171 }
172 }
173}
174
175
180$dol_url_root = DOL_URL_ROOT;
181
182// Title
183$title = 'Dolibarr '.DOL_VERSION;
184if (getDolGlobalString('MAIN_APPLICATION_TITLE')) {
185 $title = getDolGlobalString('MAIN_APPLICATION_TITLE');
186}
187
188// Select templates
189if (file_exists(DOL_DOCUMENT_ROOT."/theme/".$conf->theme."/tpl/passwordforgotten.tpl.php")) {
190 $template_dir = DOL_DOCUMENT_ROOT."/theme/".$conf->theme."/tpl/";
191} else {
192 $template_dir = DOL_DOCUMENT_ROOT."/core/tpl/";
193}
194
195if (!$username) {
196 $focus_element = 'username';
197} else {
198 $focus_element = 'password';
199}
200
201// Send password button enabled ?
202$disabled = 'disabled';
203if (preg_match('/dolibarr/i', $mode)) {
204 $disabled = '';
205}
206if (getDolGlobalString('MAIN_SECURITY_ENABLE_SENDPASSWORD')) {
207 $disabled = ''; // To force button enabled
208}
209
210// Show logo (search in order: small company logo, large company logo, theme logo, common logo)
211$width = 0;
212$rowspan = 2;
213$urllogo = DOL_URL_ROOT.'/theme/common/login_logo.png';
214if (!empty($mysoc->logo_small) && is_readable($conf->mycompany->dir_output.'/logos/thumbs/'.$mysoc->logo_small)) {
215 $urllogo = DOL_URL_ROOT.'/viewimage.php?cache=1&amp;modulepart=mycompany&amp;file='.urlencode('logos/thumbs/'.$mysoc->logo_small);
216} elseif (!empty($mysoc->logo_small) && is_readable($conf->mycompany->dir_output.'/logos/'.$mysoc->logo)) {
217 $urllogo = DOL_URL_ROOT.'/viewimage.php?cache=1&amp;modulepart=mycompany&amp;file='.urlencode('logos/'.$mysoc->logo);
218 $width = 128;
219} elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/img/dolibarr_logo.svg')) {
220 $urllogo = DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/dolibarr_logo.svg';
221} elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/dolibarr_logo.svg')) {
222 $urllogo = DOL_URL_ROOT.'/theme/dolibarr_logo.svg';
223}
224
225// Security graphical code
226if (function_exists("imagecreatefrompng") && !$disabled) {
227 $captcha = 1;
228 $captcha_refresh = img_picto($langs->trans("Refresh"), 'refresh', 'id="captcha_refresh_img"');
229}
230
231// Execute hook getPasswordForgottenPageOptions (for table)
232$parameters = array('entity' => GETPOSTINT('entity'));
233$hookmanager->executeHooks('getPasswordForgottenPageOptions', $parameters); // Note that $action and $object may have been modified by some hooks
234if (is_array($hookmanager->resArray) && !empty($hookmanager->resArray)) {
235 $morelogincontent = $hookmanager->resArray; // (deprecated) For compatibility
236} else {
237 $morelogincontent = $hookmanager->resPrint;
238}
239
240// Execute hook getPasswordForgottenPageExtraOptions (eg for js)
241$parameters = array('entity' => GETPOSTINT('entity'));
242$reshook = $hookmanager->executeHooks('getPasswordForgottenPageExtraOptions', $parameters); // Note that $action and $object may have been modified by some hooks.
243$moreloginextracontent = $hookmanager->resPrint;
244
245if (empty($setnewpassword)) {
246 include $template_dir.'passwordforgotten.tpl.php'; // To use native PHP
247} else {
248 include $template_dir.'passwordreset.tpl.php'; // To use native PHP
249}
if( $user->socid > 0) if(! $user->hasRight('accounting', 'chartofaccount')) $object
Definition card.php:58
Class to manage Dolibarr users.
img_picto($titlealt, $picto, $moreatt='', $pictoisfullpath=0, $srconly=0, $notitle=0, $alt='', $morecss='', $marginleftonlyshort=2)
Show picto whatever it's its name (generic function)
GETPOSTINT($paramname, $method=0)
Return the value of a $_GET or $_POST supervariable, converted into integer.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
if(empty($reshook)) $dol_url_root
View.
if(GETPOST('dol_hide_leftmenu', 'alpha')||!empty($_SESSION['dol_hide_leftmenu'])) if(GETPOST( 'dol_hide_topmenu', 'alpha')||!empty( $_SESSION[ 'dol_hide_topmenu'])) if(GETPOST('dol_optimize_smallscreen', 'alpha')||!empty($_SESSION['dol_optimize_smallscreen'])) if(GETPOST( 'dol_no_mouse_hover', 'alpha')||!empty( $_SESSION[ 'dol_no_mouse_hover'])) if(GETPOST('dol_use_jmobile', 'alpha')||!empty($_SESSION['dol_use_jmobile'])) $parameters
Actions.
dol_verifyHash($chain, $hash, $type='0')
Compute a hash and compare it to the given one For backward compatibility reasons,...