dolibarr  20.0.0-alpha
passwordforgotten.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2007-2011 Laurent Destailleur <eldy@users.sourceforge.net>
3  * Copyright (C) 2008-2012 Regis Houssin <regis.houssin@inodbox.com>
4  * Copyright (C) 2008-2011 Juanjo Menent <jmenent@2byte.es>
5  * Copyright (C) 2014 Teddy Andreotti <125155@supinfo.com>
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 3 of the License, or
10  * (at your option) any later version.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program. If not, see <https://www.gnu.org/licenses/>.
19  */
20 
26 define("NOLOGIN", 1); // This means this output page does not require to be logged.
27 
28 // Load Dolibarr environment
29 require '../main.inc.php';
30 require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
31 require_once DOL_DOCUMENT_ROOT.'/core/lib/usergroups.lib.php';
32 require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
33 if (isModEnabled('ldap')) {
34  require_once DOL_DOCUMENT_ROOT.'/core/class/ldap.class.php';
35 }
36 
37 // Load translation files required by page
38 $langs->loadLangs(array('errors', 'users', 'companies', 'ldap', 'other'));
39 
40 // Security check
41 if (getDolGlobalString('MAIN_SECURITY_DISABLEFORGETPASSLINK')) {
42  header("Location: ".DOL_URL_ROOT.'/');
43  exit;
44 }
45 
46 $action = GETPOST('action', 'aZ09');
47 $mode = $dolibarr_main_authentication;
48 if (!$mode) {
49  $mode = 'http';
50 }
51 
52 $username = GETPOST('username', 'alphanohtml');
53 $passworduidhash = GETPOST('passworduidhash', 'alpha');
54 $setnewpassword = GETPOST('setnewpassword', 'aZ09');
55 
56 $conf->entity = (GETPOSTINT('entity') ? GETPOSTINT('entity') : 1);
57 
58 // Instantiate hooks of thirdparty module only if not already define
59 $hookmanager->initHooks(array('passwordforgottenpage'));
60 
61 
62 if (GETPOST('dol_hide_leftmenu', 'alpha') || !empty($_SESSION['dol_hide_leftmenu'])) {
63  $conf->dol_hide_leftmenu = 1;
64 }
65 if (GETPOST('dol_hide_topmenu', 'alpha') || !empty($_SESSION['dol_hide_topmenu'])) {
66  $conf->dol_hide_topmenu = 1;
67 }
68 if (GETPOST('dol_optimize_smallscreen', 'alpha') || !empty($_SESSION['dol_optimize_smallscreen'])) {
69  $conf->dol_optimize_smallscreen = 1;
70 }
71 if (GETPOST('dol_no_mouse_hover', 'alpha') || !empty($_SESSION['dol_no_mouse_hover'])) {
72  $conf->dol_no_mouse_hover = 1;
73 }
74 if (GETPOST('dol_use_jmobile', 'alpha') || !empty($_SESSION['dol_use_jmobile'])) {
75  $conf->dol_use_jmobile = 1;
76 }
77 
78 
83 $parameters = array('username' => $username);
84 $reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
85 if ($reshook < 0) {
86  $message = $hookmanager->error;
87 } else {
88  $message = '';
89 }
90 
91 if (empty($reshook)) {
92  // Validate new password
93  if ($action == 'validatenewpassword' && $username && $passworduidhash) {
94  $edituser = new User($db);
95  $result = $edituser->fetch('', $username, '', 0, $conf->entity);
96  if ($result < 0) {
97  $message = '<div class="error">'.dol_escape_htmltag($langs->trans("ErrorTechnicalError")).'</div>';
98  } else {
99  global $conf;
100 
101  //print $edituser->pass_temp.'-'.$edituser->id.'-'.$conf->file->instance_unique_id.' '.$passworduidhash;
102  if ($edituser->pass_temp && dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$conf->file->instance_unique_id, $passworduidhash)) {
103  // Clear session
104  unset($_SESSION['dol_login']);
105  $_SESSION['dol_loginmesg'] = '<!-- warning -->'.$langs->transnoentitiesnoconv('NewPasswordValidated'); // Save message for the session page
106 
107  $newpassword = $edituser->setPassword($user, $edituser->pass_temp, 0);
108  dol_syslog("passwordforgotten.php new password for user->id=".$edituser->id." validated in database");
109 
110  header("Location: ".DOL_URL_ROOT.'/');
111  exit;
112  } else {
113  $langs->load("errors");
114  $message = '<div class="error">'.$langs->trans("ErrorFailedToValidatePasswordReset").'</div>';
115  }
116  }
117  }
118 
119  // Action to set a temporary password and send email for reset
120  if ($action == 'buildnewpassword' && $username) {
121  $sessionkey = 'dol_antispam_value';
122  $ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) == strtolower(GETPOST('code'))));
123 
124  // Verify code
125  if (!$ok) {
126  $message = '<div class="error">'.$langs->trans("ErrorBadValueForCode").'</div>';
127  } else {
128  $isanemail = preg_match('/@/', $username);
129 
130  $edituser = new User($db);
131  $result = $edituser->fetch('', $username, '', 1, $conf->entity);
132  if ($result == 0 && $isanemail) {
133  $result = $edituser->fetch('', '', '', 1, $conf->entity, $username);
134  }
135 
136  // Set the message to show (must be the same if login/email exists or not
137  // to avoid to guess them.
138  $messagewarning = '<div class="warning paddingtopbottom'.(!getDolGlobalString('MAIN_LOGIN_BACKGROUND') ? '' : ' backgroundsemitransparent boxshadow').'">';
139  if (!$isanemail) {
140  $messagewarning .= $langs->trans("IfLoginExistPasswordRequestSent");
141  } else {
142  $messagewarning .= $langs->trans("IfEmailExistPasswordRequestSent");
143  }
144  $messagewarning .= '</div>';
145 
146  if ($result <= 0 && $edituser->error == 'USERNOTFOUND') {
147  usleep(20000); // add delay to simulate setPassword() and send_password() actions delay (0.02s)
148  $message .= $messagewarning;
149  $username = '';
150  } else {
151  if (empty($edituser->email)) {
152  usleep(20000); // add delay to simulate setPassword() and send_password() actions delay (0.02s)
153  $message .= $messagewarning;
154  } else {
155  $newpassword = $edituser->setPassword($user, '', 1);
156  if (is_int($newpassword) && $newpassword < 0) {
157  // Technical failure
158  $message = '<div class="error">'.$langs->trans("ErrorFailedToChangePassword").'</div>';
159  } else {
160  // Success
161  if ($edituser->send_password($user, $newpassword, 1) > 0) {
162  $message .= $messagewarning;
163  $username = '';
164  } else {
165  // Technical failure
166  $message .= '<div class="error">'.$edituser->error.'</div>';
167  }
168  }
169  }
170  }
171  }
172  }
173 }
174 
175 
180 $dol_url_root = DOL_URL_ROOT;
181 
182 // Title
183 $title = 'Dolibarr '.DOL_VERSION;
184 if (getDolGlobalString('MAIN_APPLICATION_TITLE')) {
185  $title = getDolGlobalString('MAIN_APPLICATION_TITLE');
186 }
187 
188 // Select templates
189 if (file_exists(DOL_DOCUMENT_ROOT."/theme/".$conf->theme."/tpl/passwordforgotten.tpl.php")) {
190  $template_dir = DOL_DOCUMENT_ROOT."/theme/".$conf->theme."/tpl/";
191 } else {
192  $template_dir = DOL_DOCUMENT_ROOT."/core/tpl/";
193 }
194 
195 if (!$username) {
196  $focus_element = 'username';
197 } else {
198  $focus_element = 'password';
199 }
200 
201 // Send password button enabled ?
202 $disabled = 'disabled';
203 if (preg_match('/dolibarr/i', $mode)) {
204  $disabled = '';
205 }
206 if (getDolGlobalString('MAIN_SECURITY_ENABLE_SENDPASSWORD')) {
207  $disabled = ''; // To force button enabled
208 }
209 
210 // Show logo (search in order: small company logo, large company logo, theme logo, common logo)
211 $width = 0;
212 $rowspan = 2;
213 $urllogo = DOL_URL_ROOT.'/theme/common/login_logo.png';
214 if (!empty($mysoc->logo_small) && is_readable($conf->mycompany->dir_output.'/logos/thumbs/'.$mysoc->logo_small)) {
215  $urllogo = DOL_URL_ROOT.'/viewimage.php?cache=1&amp;modulepart=mycompany&amp;file='.urlencode('logos/thumbs/'.$mysoc->logo_small);
216 } elseif (!empty($mysoc->logo_small) && is_readable($conf->mycompany->dir_output.'/logos/'.$mysoc->logo)) {
217  $urllogo = DOL_URL_ROOT.'/viewimage.php?cache=1&amp;modulepart=mycompany&amp;file='.urlencode('logos/'.$mysoc->logo);
218  $width = 128;
219 } elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/img/dolibarr_logo.svg')) {
220  $urllogo = DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/dolibarr_logo.svg';
221 } elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/dolibarr_logo.svg')) {
222  $urllogo = DOL_URL_ROOT.'/theme/dolibarr_logo.svg';
223 }
224 
225 // Security graphical code
226 if (function_exists("imagecreatefrompng") && !$disabled) {
227  $captcha = 1;
228  $captcha_refresh = img_picto($langs->trans("Refresh"), 'refresh', 'id="captcha_refresh_img"');
229 }
230 
231 // Execute hook getPasswordForgottenPageOptions (for table)
232 $parameters = array('entity' => GETPOSTINT('entity'));
233 $hookmanager->executeHooks('getPasswordForgottenPageOptions', $parameters); // Note that $action and $object may have been modified by some hooks
234 if (is_array($hookmanager->resArray) && !empty($hookmanager->resArray)) {
235  $morelogincontent = $hookmanager->resArray; // (deprecated) For compatibility
236 } else {
237  $morelogincontent = $hookmanager->resPrint;
238 }
239 
240 // Execute hook getPasswordForgottenPageExtraOptions (eg for js)
241 $parameters = array('entity' => GETPOSTINT('entity'));
242 $reshook = $hookmanager->executeHooks('getPasswordForgottenPageExtraOptions', $parameters); // Note that $action and $object may have been modified by some hooks.
243 $moreloginextracontent = $hookmanager->resPrint;
244 
245 if (empty($setnewpassword)) {
246  include $template_dir.'passwordforgotten.tpl.php'; // To use native PHP
247 } else {
248  include $template_dir.'passwordreset.tpl.php'; // To use native PHP
249 }
if($user->socid > 0) if(! $user->hasRight('accounting', 'chartofaccount')) $object
Definition: card.php:58
Class to manage Dolibarr users.
Definition: user.class.php:50
img_picto($titlealt, $picto, $moreatt='', $pictoisfullpath=0, $srconly=0, $notitle=0, $alt='', $morecss='', $marginleftonlyshort=2)
Show picto whatever it's its name (generic function)
GETPOSTINT($paramname, $method=0)
Return the value of a $_GET or $_POST supervariable, converted into integer.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
isModEnabled($module)
Is Dolibarr module enabled.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
if(empty($reshook)) $dol_url_root
View.
if(GETPOST('dol_hide_leftmenu', 'alpha')||!empty($_SESSION['dol_hide_leftmenu'])) if(GETPOST('dol_hide_topmenu', 'alpha')||!empty($_SESSION['dol_hide_topmenu'])) if(GETPOST('dol_optimize_smallscreen', 'alpha')||!empty($_SESSION['dol_optimize_smallscreen'])) if(GETPOST('dol_no_mouse_hover', 'alpha')||!empty($_SESSION['dol_no_mouse_hover'])) if(GETPOST('dol_use_jmobile', 'alpha')||!empty($_SESSION['dol_use_jmobile'])) $parameters
Actions.
dol_verifyHash($chain, $hash, $type='0')
Compute a hash and compare it to the given one For backward compatibility reasons,...