dolibarr 20.0.2
passwordreset.tpl.php
1<?php
2/* Copyright (C) 2022 Laurent Destailleur <eldy@users.sourceforge.net>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 3 of the License, or
7 * (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <https://www.gnu.org/licenses/>.
16 */
17
18// Page called to validate a password change
19// To show this page, we need parameters: setnewpassword=1&username=...&passworduidhash=...
20
21if (!defined('NOBROWSERNOTIF')) {
22 define('NOBROWSERNOTIF', 1);
23}
24
25// Protection to avoid direct call of template
26if (empty($conf) || !is_object($conf)) {
27 print "Error, template page can't be called as URL";
28 exit(1);
29}
30
31// DDOS protection
32$size = (int) $_SERVER['CONTENT_LENGTH'];
33if ($size > 10000) {
34 $langs->loadLangs(array("errors", "install"));
35 httponly_accessforbidden('<center>'.$langs->trans("ErrorRequestTooLarge").'<br><a href="'.DOL_URL_ROOT.'">'.$langs->trans("ClickHereToGoToApp").'</a></center>', 413, 1);
36}
37
38require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
39
40header('Cache-Control: Public, must-revalidate');
41
42if (GETPOST('dol_hide_topmenu')) {
43 $conf->dol_hide_topmenu = 1;
44}
45if (GETPOST('dol_hide_leftmenu')) {
46 $conf->dol_hide_leftmenu = 1;
47}
48if (GETPOST('dol_optimize_smallscreen')) {
49 $conf->dol_optimize_smallscreen = 1;
50}
51if (GETPOST('dol_no_mouse_hover')) {
52 $conf->dol_no_mouse_hover = 1;
53}
54if (GETPOST('dol_use_jmobile')) {
55 $conf->dol_use_jmobile = 1;
56}
57
58// If we force to use jmobile, then we reenable javascript
59if (!empty($conf->dol_use_jmobile)) {
60 $conf->use_javascript_ajax = 1;
61}
62
63$php_self = $_SERVER['PHP_SELF'];
64$php_self .= dol_escape_htmltag($_SERVER["QUERY_STRING"]) ? '?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]) : '';
65$php_self = str_replace('action=validatenewpassword', '', $php_self);
66
67$titleofpage = $langs->trans('ResetPassword');
68
69// Javascript code on logon page only to detect user tz, dst_observed, dst_first, dst_second
70$arrayofjs = array();
71
72$disablenofollow = 1;
73if (!preg_match('/'.constant('DOL_APPLICATION_TITLE').'/', $title)) {
74 $disablenofollow = 0;
75}
76if (getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {
77 $disablenofollow = 0;
78}
79
80top_htmlhead('', $titleofpage, 0, 0, $arrayofjs, array(), 1, $disablenofollow);
81
82
83$colorbackhmenu1 = '60,70,100'; // topmenu
84if (!isset($conf->global->THEME_ELDY_TOPMENU_BACK1)) {
85 $conf->global->THEME_ELDY_TOPMENU_BACK1 = $colorbackhmenu1;
86}
87$colorbackhmenu1 = getDolUserString('THEME_ELDY_ENABLE_PERSONALIZED') ? getDolUserString('THEME_ELDY_TOPMENU_BACK1', $colorbackhmenu1) : getDolGlobalString('THEME_ELDY_TOPMENU_BACK1', $colorbackhmenu1);
88$colorbackhmenu1 = implode(',', colorStringToArray($colorbackhmenu1)); // Normalize value to 'x,y,z'
89
90
91$edituser = new User($db);
92
93
94// Validate parameters
95if ($setnewpassword && $username && $passworduidhash) {
96 $result = $edituser->fetch('', $username);
97 if ($result < 0) {
98 $message = '<div class="error">'.dol_escape_htmltag($langs->trans("ErrorTechnicalError")).'</div>';
99 } else {
100 global $conf;
101
102 //print $edituser->pass_temp.'-'.$edituser->id.'-'.$conf->file->instance_unique_id.' '.$passworduidhash;
103 if ($edituser->pass_temp && dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$conf->file->instance_unique_id, $passworduidhash)) {
104 // Clear session
105 unset($_SESSION['dol_login']);
106
107 // Parameters to reset the user are validated
108 } else {
109 $langs->load("errors");
110 $message = '<div class="error">'.$langs->trans("ErrorFailedToValidatePasswordReset").'</div>';
111 }
112 }
113} else {
114 $langs->load("errors");
115 $message = '<div class="error">'.$langs->trans("ErrorFailedToValidatePasswordReset").'</div>';
116}
117
118
119?>
120<!-- BEGIN PHP TEMPLATE PASSWORDRESET.TPL.PHP -->
121
122<body class="body bodylogin"<?php print !getDolGlobalString('MAIN_LOGIN_BACKGROUND') ? '' : ' style="background-size: cover; background-position: center center; background-attachment: fixed; background-repeat: no-repeat; background-image: url(\''.DOL_URL_ROOT.'/viewimage.php?cache=1&noalt=1&modulepart=mycompany&file='.urlencode('logos/' . getDolGlobalString('MAIN_LOGIN_BACKGROUND')).'\')"'; ?>>
123
124<?php if (empty($conf->dol_use_jmobile)) { ?>
125<script>
126$(document).ready(function () {
127 // Set focus on correct field
128 <?php if ($focus_element) {
129 ?>$('#<?php echo $focus_element; ?>').focus(); <?php
130 } ?> // Warning to use this only on visible element
131});
132</script>
133<?php } ?>
134
135
136<div class="login_center center"<?php
137if (!getDolGlobalString('ADD_UNSPLASH_LOGIN_BACKGROUND')) {
138 $backstyle = 'background: linear-gradient('.($conf->browser->layout == 'phone' ? '0deg' : '4deg').', rgb(240,240,240) 52%, rgb('.$colorbackhmenu1.') 52.1%);';
139 // old style: $backstyle = 'background-image: linear-gradient(rgb('.$colorbackhmenu1.',0.3), rgb(240,240,240));';
140 $backstyle = getDolGlobalString('MAIN_LOGIN_BACKGROUND_STYLE', $backstyle);
141 print !getDolGlobalString('MAIN_LOGIN_BACKGROUND') ? ' style="background-size: cover; background-position: center center; background-attachment: fixed; background-repeat: no-repeat; '.$backstyle.'"' : '';
142}
143?>>
144<div class="login_vertical_align">
145
146<form id="login" name="login" method="POST" action="<?php echo $php_self; ?>">
147<input type="hidden" name="token" value="<?php echo newToken(); ?>">
148<input type="hidden" name="action" value="buildnewpassword">
149
150
151<!-- Title with version -->
152<div class="login_table_title center" title="<?php echo dol_escape_htmltag($title); ?>">
153<?php
154if (!empty($disablenofollow)) {
155 echo '<a class="login_table_title" href="https://www.dolibarr.org" target="_blank" rel="noopener noreferrer external">';
156}
157echo dol_escape_htmltag($title);
158if (!empty($disablenofollow)) {
159 echo '</a>';
160}
161?>
162</div>
163
164
165
166<div class="login_table">
167
168<div id="login_line1">
169
170<div id="login_left">
171<img alt="" title="" src="<?php echo $urllogo; ?>" id="img_logo" />
172</div>
173
174<br>
175
176<div id="login_right">
177
178<div class="tagtable centpercent" title="Login pass" >
179
180<!-- New pass 1 -->
181<div class="trinputlogin">
182<div class="tagtd nowraponall center valignmiddle tdinputlogin">
183<!-- <span class="span-icon-user">-->
184<span class="fa fa-user"></span>
185<input type="text" maxlength="255" placeholder="<?php echo $langs->trans("NewPassword"); ?>" <?php echo $disabled; ?> id="newpass1" name="newpass1" class="flat input-icon-user minwidth150" value="<?php echo dol_escape_htmltag($newpass1); ?>" tabindex="1" autofocus />
186</div>
187</div>
188<div class="trinputlogin">
189<div class="tagtd nowraponall center valignmiddle tdinputlogin">
190<!-- <span class="span-icon-user">-->
191<span class="fa fa-user"></span>
192<input type="text" maxlength="255" placeholder="<?php echo $langs->trans("PasswordRetype"); ?>" <?php echo $disabled; ?> id="newpass2" name="newpass2" class="flat input-icon-user minwidth150" value="<?php echo dol_escape_htmltag($newpass2); ?>" tabindex="1" />
193</div>
194</div>
195
196
197<?php
198$captcha = 0;
199if (!empty($captcha)) {
200 // Add a variable param to force not using cache (jmobile)
201 $php_self = preg_replace('/[&\?]time=(\d+)/', '', $php_self); // Remove param time
202 if (preg_match('/\?/', $php_self)) {
203 $php_self .= '&time='.dol_print_date(dol_now(), 'dayhourlog');
204 } else {
205 $php_self .= '?time='.dol_print_date(dol_now(), 'dayhourlog');
206 }
207 // TODO: provide accessible captcha variants?>
208 <!-- Captcha -->
209 <div class="trinputlogin">
210 <div class="tagtd tdinputlogin nowrap none valignmiddle">
211
212 <span class="fa fa-unlock"></span>
213 <span class="nofa inline-block">
214 <input id="securitycode" placeholder="<?php echo $langs->trans("SecurityCode"); ?>" class="flat input-icon-security width125" type="text" maxlength="5" name="code" tabindex="3" autocomplete="off" />
215 </span>
216 <span class="nowrap inline-block">
217 <img class="inline-block valignmiddle" src="<?php echo DOL_URL_ROOT ?>/core/antispamimage.php" border="0" width="80" height="32" id="img_securitycode" />
218 <a class="inline-block valignmiddle" href="<?php echo $php_self; ?>" tabindex="4"><?php echo $captcha_refresh; ?></a>
219 </span>
220
221 </div></div>
222 <?php
223}
224
225if (!empty($morelogincontent)) {
226 if (is_array($morelogincontent)) {
227 foreach ($morelogincontent as $format => $option) {
228 if ($format == 'table') {
229 echo '<!-- Option by hook -->';
230 echo $option;
231 }
232 }
233 } else {
234 echo '<!-- Option by hook -->';
235 echo $morelogincontent;
236 }
237}
238?>
239
240</div>
241
242</div> <!-- end div login_right -->
243
244</div> <!-- end div login_line1 -->
245
246
247<div id="login_line2" style="clear: both">
248
249<!-- Button "Regenerate and Send password" -->
250<br><input type="submit" <?php echo $disabled; ?> class="button small" name="button_password" value="<?php echo $langs->trans('Save'); ?>" tabindex="4" />
251
252<br>
253<div class="center" style="margin-top: 15px;">
254 <?php
255 $moreparam = '';
256 if (!empty($conf->dol_hide_topmenu)) {
257 $moreparam .= (strpos($moreparam, '?') === false ? '?' : '&').'dol_hide_topmenu='.$conf->dol_hide_topmenu;
258 }
259 if (!empty($conf->dol_hide_leftmenu)) {
260 $moreparam .= (strpos($moreparam, '?') === false ? '?' : '&').'dol_hide_leftmenu='.$conf->dol_hide_leftmenu;
261 }
262 if (!empty($conf->dol_no_mouse_hover)) {
263 $moreparam .= (strpos($moreparam, '?') === false ? '?' : '&').'dol_no_mouse_hover='.$conf->dol_no_mouse_hover;
264 }
265 if (!empty($conf->dol_use_jmobile)) {
266 $moreparam .= (strpos($moreparam, '?') === false ? '?' : '&').'dol_use_jmobile='.$conf->dol_use_jmobile;
267 }
268
269 print '<a class="alogin" href="'.$dol_url_root.'/index.php'.$moreparam.'">'.$langs->trans('BackToLoginPage').'</a>';
270 ?>
271</div>
272
273</div>
274
275</div>
276
277</form>
278
279
280<?php
281if ($mode == 'dolibarr' || !$disabled) {
282 if (empty($message)) {
283 print '<div class="center login_main_home divpasswordmessagedesc paddingtopbottom'.(!getDolGlobalString('MAIN_LOGIN_BACKGROUND') ? '' : ' backgroundsemitransparent boxshadow').'" style="max-width: 70%">';
284 print '<span class="passwordmessagedesc opacitymedium">';
285 print $langs->trans('EnterNewPasswordHere');
286 print '</span>';
287 print '</div>';
288 }
289} else {
290 print '<div class="center login_main_home divpasswordmessagedesc paddingtopbottom'.(!getDolGlobalString('MAIN_LOGIN_BACKGROUND') ? '' : ' backgroundsemitransparent boxshadow').'" style="max-width: 70%">';
291 print '<div class="warning center">';
292 print $langs->trans('AuthenticationDoesNotAllowSendNewPassword', $mode);
293 print '</div>';
294 print '</div>';
295}
296?>
297
298
299<br>
300
301<?php if (!empty($message)) { ?>
302 <div class="center login_main_message">
303 <?php dol_htmloutput_mesg($message, '', '', 1); ?>
304 </div>
305<?php } ?>
306
307
308<!-- Common footer is not used for passwordforgotten page, this is same than footer but inside passwordforgotten tpl -->
309
310<?php
311if (getDolGlobalString('MAIN_HTML_FOOTER')) {
312 print $conf->global->MAIN_HTML_FOOTER;
313}
314
315if (!empty($morelogincontent) && is_array($morelogincontent)) {
316 foreach ($morelogincontent as $format => $option) {
317 if ($format == 'js') {
318 echo "\n".'<!-- Javascript by hook -->';
319 echo $option."\n";
320 }
321 }
322} elseif (!empty($moreloginextracontent)) {
323 echo '<!-- Javascript by hook -->';
324 echo $moreloginextracontent;
325}
326
327// Google Analytics
328// TODO Remove this, and add content into hook getPasswordForgottenPageExtraOptions() instead
329if (isModEnabled('google') && getDolGlobalString('MAIN_GOOGLE_AN_ID')) {
330 $tmptagarray = explode(',', getDolGlobalString('MAIN_GOOGLE_AN_ID'));
331 foreach ($tmptagarray as $tmptag) {
332 print "\n";
333 print "<!-- JS CODE TO ENABLE for google analtics tag -->\n";
334 print "
335 <!-- Global site tag (gtag.js) - Google Analytics -->
336 <script async src=\"https://www.googletagmanager.com/gtag/js?id=".trim($tmptag)."\"></script>
337 <script>
338 window.dataLayer = window.dataLayer || [];
339 function gtag(){dataLayer.push(arguments);}
340 gtag('js', new Date());
341
342 gtag('config', '".trim($tmptag)."');
343 </script>";
344 print "\n";
345 }
346}
347
348// TODO Replace this with a hook
349// Google Adsense (need Google module)
350if (isModEnabled('google') && getDolGlobalString('MAIN_GOOGLE_AD_CLIENT') && getDolGlobalString('MAIN_GOOGLE_AD_SLOT')) {
351 if (empty($conf->dol_use_jmobile)) {
352 ?>
353 <div class="center"><br>
354 <script><!--
355 google_ad_client = "<?php echo $conf->global->MAIN_GOOGLE_AD_CLIENT ?>";
356 google_ad_slot = "<?php echo $conf->global->MAIN_GOOGLE_AD_SLOT ?>";
357 google_ad_width = <?php echo $conf->global->MAIN_GOOGLE_AD_WIDTH ?>;
358 google_ad_height = <?php echo $conf->global->MAIN_GOOGLE_AD_HEIGHT ?>;
359 //-->
360 </script>
361 <script src="//pagead2.googlesyndication.com/pagead/show_ads.js"></script>
362 </div>
363 <?php
364 }
365}
366?>
367
368
369</div>
370</div> <!-- end of center -->
371
372
373</body>
374</html>
375<!-- END PHP TEMPLATE -->
print $object position
Definition edit.php:195
Class to manage Dolibarr users.
colorStringToArray($stringcolor, $colorifnotfound=array(88, 88, 88))
Convert a string RGB value ('FFFFFF', '255,255,255') into an array RGB array(255,255,...
getDolUserString($key, $default='', $tmpuser=null)
Return Dolibarr user constant string value.
dol_now($mode='auto')
Return date for now.
newToken()
Return the value of token currently saved into session with name 'newtoken'.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
dol_htmloutput_mesg($mesgstring='', $mesgarray=array(), $style='ok', $keepembedded=0)
Print formatted messages to output (Used to show messages on html output).
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
dol_escape_htmltag($stringtoescape, $keepb=0, $keepn=0, $noescapetags='', $escapeonlyhtmltags=0, $cleanalsojavascript=0)
Returns text escaped for inclusion in HTML alt or title or value tags, or into values of HTML input f...
top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs=array(), $arrayofcss=array(), $disableforlogin=0, $disablenofollow=0, $disablenoindex=0)
Output html header of a page.
if(preg_match('/crypted:/i', $dolibarr_main_db_pass)||!empty($dolibarr_main_db_encrypted_pass)) $conf db type
Definition repair.php:137
$conf db name
Only used if Module[ID]Name translation string is not found.
Definition repair.php:140
httponly_accessforbidden($message='1', $http_response_code=403, $stringalreadysanitized=0)
Show a message to say access is forbidden and stop program.
dol_verifyHash($chain, $hash, $type='0')
Compute a hash and compare it to the given one For backward compatibility reasons,...