d6/d2e/passwordforgotten_8php_source.html

<?php

/* Copyright (C) 2007-2011  Laurent Destailleur   <eldy@users.sourceforge.net>

 * Copyright (C) 2008-2012  Regis Houssin     <regis.houssin@inodbox.com>

 * Copyright (C) 2008-2011  Juanjo Menent     <jmenent@2byte.es>

 * Copyright (C) 2014       Teddy Andreotti       <125155@supinfo.com>

 * Copyright (C) 2024   MDW           <mdeweerd@users.noreply.github.com>

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

 * the Free Software Foundation; either version 3 of the License, or

 * (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with this program. If not, see <https://www.gnu.org/licenses/>.

 */


define("NOLOGIN", 1); // This means this output page does not require to be logged.


// Load Dolibarr environment

require '../main.inc.php';

require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';

require_once DOL_DOCUMENT_ROOT.'/core/lib/usergroups.lib.php';

require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';

if (isModEnabled('ldap')) {

  require_once DOL_DOCUMENT_ROOT.'/core/class/ldap.class.php';

}


// Load translation files required by page

$langs->loadLangs(array('errors', 'users', 'companies', 'ldap', 'other'));


// Security check

if (getDolGlobalString('MAIN_SECURITY_DISABLEFORGETPASSLINK')) {

  header("Location: ".DOL_URL_ROOT.'/');

  exit;

}


$action = GETPOST('action', 'aZ09');

$mode = $dolibarr_main_authentication;

if (!$mode) {

  $mode = 'http';

}


$username = GETPOST('username', 'alphanohtml');

$passworduidhash = GETPOST('passworduidhash', 'alpha');

$setnewpassword = GETPOST('setnewpassword', 'aZ09');


$conf->entity = (GETPOSTINT('entity') ? GETPOSTINT('entity') : 1);


// Instantiate hooks of thirdparty module only if not already define

$hookmanager->initHooks(array('passwordforgottenpage'));


if (GETPOST('dol_hide_leftmenu', 'alpha') || !empty($_SESSION['dol_hide_leftmenu'])) {

  $conf->dol_hide_leftmenu = 1;

}

if (GETPOST('dol_hide_topmenu', 'alpha') || !empty($_SESSION['dol_hide_topmenu'])) {

  $conf->dol_hide_topmenu = 1;

}

if (GETPOST('dol_optimize_smallscreen', 'alpha') || !empty($_SESSION['dol_optimize_smallscreen'])) {

  $conf->dol_optimize_smallscreen = 1;

}

if (GETPOST('dol_no_mouse_hover', 'alpha') || !empty($_SESSION['dol_no_mouse_hover'])) {

  $conf->dol_no_mouse_hover = 1;

}

if (GETPOST('dol_use_jmobile', 'alpha') || !empty($_SESSION['dol_use_jmobile'])) {

  $conf->dol_use_jmobile = 1;

}


/*

 * Actions

 */


$parameters = array('username' => $username);

$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks

if ($reshook < 0) {

  $message = $hookmanager->error;

} else {

  $message = '';

}


if (empty($reshook)) {

  // Validate new password

  if ($action == 'validatenewpassword' && $username && $passworduidhash) {  // Test on permission not required here. Security is managed by $passworduihash

    $edituser = new User($db);

    $result = $edituser->fetch(0, $username, '', 0, $conf->entity);

    if ($result < 0) {

      $message = '<div class="error">'.dol_escape_htmltag($langs->trans("ErrorTechnicalError")).'</div>';

    } else {

      global $conf;


      //print $edituser->pass_temp.'-'.$edituser->id.'-'.$conf->file->instance_unique_id.' '.$passworduidhash;

      if ($edituser->pass_temp && dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$conf->file->instance_unique_id, $passworduidhash)) {

        // Clear session

        unset($_SESSION['dol_login']);

        $_SESSION['dol_loginmesg'] = '<!-- warning -->'.$langs->transnoentitiesnoconv('NewPasswordValidated'); // Save message for the session page


        $newpassword = $edituser->setPassword($user, $edituser->pass_temp, 0);

        dol_syslog("passwordforgotten.php new password for user->id=".$edituser->id." validated in database");


        header("Location: ".DOL_URL_ROOT.'/?username='.urlencode($edituser->login));

        exit;

      } else {

        $langs->load("errors");

        $message = '<div class="error">'.$langs->trans("ErrorFailedToValidatePasswordReset").'</div>';

      }

    }

  }


  // Action to set a temporary password and send email for reset

  if ($action == 'buildnewpassword' && $username) { // Test on permission not required here. This action is done anonymously.

    $sessionkey = 'dol_antispam_value';

    $ok = (array_key_exists($sessionkey, $_SESSION) && (strtolower($_SESSION[$sessionkey]) == strtolower(GETPOST('code'))));


    // Verify code

    if (!$ok) {

      $message = '<div class="error">'.$langs->trans("ErrorBadValueForCode").'</div>';

    } else {

      $isanemail = preg_match('/@/', $username);


      $edituser = new User($db);

      $result = $edituser->fetch(0, $username, '', 1, $conf->entity);

      if ($result == 0 && $isanemail) {

        $result = $edituser->fetch(0, '', '', 1, $conf->entity, $username);

      }


      // Set the message to show (must be the same if login/email exists or not

      // to avoid to guess them.

      $messagewarning = '<div class="warning paddingtopbottom'.(!getDolGlobalString('MAIN_LOGIN_BACKGROUND') ? '' : ' backgroundsemitransparent boxshadow').'">';

      if (!$isanemail) {

        $messagewarning .= $langs->trans("IfLoginExistPasswordRequestSent");

      } else {

        $messagewarning .= $langs->trans("IfEmailExistPasswordRequestSent");

      }

      $messagewarning .= '</div>';


      if ($result <= 0 && $edituser->error == 'USERNOTFOUND') {

        usleep(20000);  // add delay to simulate setPassword() and send_password() actions delay (0.02s)

        $message .= $messagewarning;

        $username = '';

      } else {

        if (empty($edituser->email)) {

          usleep(20000);  // add delay to simulate setPassword() and send_password() actions delay (0.02s)

          $message .= $messagewarning;

        } else {

          $newpassword = $edituser->setPassword($user, '', 1);

          if (is_int($newpassword) && $newpassword < 0) {

            // Technical failure

            $message = '<div class="error">'.$langs->trans("ErrorFailedToChangePassword").'</div>';

          } else {

            // Success to set temporary password, send email

            if ($edituser->send_password($user, $newpassword, 1) > 0) {

              $message .= $messagewarning;

              $username = '';

            } else {

              // Technical failure

              $message .= '<div class="error">'.$edituser->error.'</div>';

            }

          }

        }

      }

    }

  }

}


/*

 * View

 */


$dol_url_root = DOL_URL_ROOT;


// Title

$title = 'Dolibarr '.DOL_VERSION;

if (getDolGlobalString('MAIN_APPLICATION_TITLE')) {

  $title = getDolGlobalString('MAIN_APPLICATION_TITLE');

}


// Select templates dir

$template_dir = '';

if (!empty($conf->modules_parts['tpl'])) {  // Using this feature slow down application

  $dirtpls = array_merge($conf->modules_parts['tpl'], array('/core/tpl/'));

  foreach ($dirtpls as $reldir) {

    $tmp = dol_buildpath($reldir.'passwordforgotten.tpl.php');

    if (file_exists($tmp)) {

      $template_dir = preg_replace('/passwordforgotten\.tpl\.php$/', '', $tmp);

      break;

    }

  }

} elseif (file_exists(DOL_DOCUMENT_ROOT."/theme/".$conf->theme."/tpl/passwordforgotten.tpl.php")) {

  $template_dir = DOL_DOCUMENT_ROOT."/theme/".$conf->theme."/tpl/";

} else {

  $template_dir = DOL_DOCUMENT_ROOT."/core/tpl/";

}


if (!$username) {

  $focus_element = 'username';

} else {

  $focus_element = 'password';

}


// Send password button enabled ?

$disabled = 'disabled';

if (preg_match('/dolibarr/i', $mode)) {

  $disabled = '';

}

if (getDolGlobalString('MAIN_SECURITY_ENABLE_SENDPASSWORD')) {

  $disabled = ''; // To force button enabled

}


// Show logo (search in order: small company logo, large company logo, theme logo, common logo)

$width = 0;

$rowspan = 2;

$urllogo = DOL_URL_ROOT.'/theme/common/login_logo.png';

if (!empty($mysoc->logo_small) && is_readable($conf->mycompany->dir_output.'/logos/thumbs/'.$mysoc->logo_small)) {

  $urllogo = DOL_URL_ROOT.'/viewimage.php?cache=1&amp;modulepart=mycompany&amp;file='.urlencode('logos/thumbs/'.$mysoc->logo_small);

} elseif (!empty($mysoc->logo_small) && is_readable($conf->mycompany->dir_output.'/logos/'.$mysoc->logo)) {

  $urllogo = DOL_URL_ROOT.'/viewimage.php?cache=1&amp;modulepart=mycompany&amp;file='.urlencode('logos/'.$mysoc->logo);

  $width = 128;

} elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/img/dolibarr_logo.svg')) {

  $urllogo = DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/dolibarr_logo.svg';

} elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/dolibarr_logo.svg')) {

  $urllogo = DOL_URL_ROOT.'/theme/dolibarr_logo.svg';

}


// Security graphical code

$captcha = '';

if (!$disabled) {

  $captcha = getDolGlobalString('MAIN_SECURITY_ENABLECAPTCHA_HANDLER', 'standard');

}


// Execute hook getPasswordForgottenPageOptions (for table)

$parameters = array('entity' => GETPOSTINT('entity'));

$hookmanager->executeHooks('getPasswordForgottenPageOptions', $parameters); // Note that $action and $object may have been modified by some hooks

if (is_array($hookmanager->resArray) && !empty($hookmanager->resArray)) {

  $morelogincontent = $hookmanager->resArray; // (deprecated) For compatibility

} else {

  $morelogincontent = $hookmanager->resPrint;

}


// Execute hook getPasswordForgottenPageExtraOptions (eg for js)

$parameters = array('entity' => GETPOSTINT('entity'));

$reshook = $hookmanager->executeHooks('getPasswordForgottenPageExtraOptions', $parameters); // Note that $action and $object may have been modified by some hooks.

$moreloginextracontent = $hookmanager->resPrint;


if (empty($setnewpassword)) {

  include $template_dir.'passwordforgotten.tpl.php'; // To use native PHP

} else {

  include $template_dir.'passwordreset.tpl.php'; // To use native PHP

}

$object
if( $user->socid > 0) if(! $user->hasRight('accounting', 'chartofaccount')) $object
Definition card.php:58

User
Class to manage Dolibarr users.
Definition user.class.php:50

GETPOSTINT
GETPOSTINT($paramname, $method=0)
Return the value of a $_GET or $_POST supervariable, converted into integer.
Definition functions.lib.php:1120

GETPOST
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
Definition functions.lib.php:792

dol_buildpath
dol_buildpath($path, $type=0, $returnemptyifnotfound=0)
Return path of url or filesystem.
Definition functions.lib.php:1421

getDolGlobalString
getDolGlobalString($key, $default='')
Return a Dolibarr global constant string value.
Definition functions.lib.php:217

dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition functions.lib.php:2251

dol_verifyHash
dol_verifyHash($chain, $hash, $type='0')
Compute a hash and compare it to the given one For backward compatibility reasons,...
Definition security.lib.php:293