dolibarr 21.0.0-beta
passwordforgotten.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2007-2011 Laurent Destailleur <eldy@users.sourceforge.net>
3 * Copyright (C) 2008-2012 Regis Houssin <regis.houssin@inodbox.com>
4 * Copyright (C) 2008-2011 Juanjo Menent <jmenent@2byte.es>
5 * Copyright (C) 2014 Teddy Andreotti <125155@supinfo.com>
6 * Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
7 * Copyright (C) 2024 Frédéric France <frederic.france@free.fr>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program. If not, see <https://www.gnu.org/licenses/>.
21 */
22
28define("NOLOGIN", 1); // This means this output page does not require to be logged.
29
30// Load Dolibarr environment
31require '../main.inc.php';
32require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
33require_once DOL_DOCUMENT_ROOT.'/core/lib/usergroups.lib.php';
34require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
35if (isModEnabled('ldap')) {
36 require_once DOL_DOCUMENT_ROOT.'/core/class/ldap.class.php';
37}
38
47// Load translation files required by page
48$langs->loadLangs(array('errors', 'users', 'companies', 'ldap', 'other'));
49
50// Security check
51if (getDolGlobalString('MAIN_SECURITY_DISABLEFORGETPASSLINK')) {
52 header("Location: ".DOL_URL_ROOT.'/');
53 exit;
54}
55
56$action = GETPOST('action', 'aZ09');
57$mode = $dolibarr_main_authentication;
58if (!$mode) {
59 $mode = 'http';
60}
61
62$username = GETPOST('username', 'alphanohtml');
63$passworduidhash = GETPOST('passworduidhash', 'alpha');
64$setnewpassword = GETPOST('setnewpassword', 'aZ09');
65
66$conf->entity = (GETPOSTINT('entity') ? GETPOSTINT('entity') : 1);
67
68// Instantiate hooks of thirdparty module only if not already define
69$hookmanager->initHooks(array('passwordforgottenpage'));
70
71
72if (GETPOST('dol_hide_leftmenu', 'alpha') || !empty($_SESSION['dol_hide_leftmenu'])) {
73 $conf->dol_hide_leftmenu = 1;
74}
75if (GETPOST('dol_hide_topmenu', 'alpha') || !empty($_SESSION['dol_hide_topmenu'])) {
76 $conf->dol_hide_topmenu = 1;
77}
78if (GETPOST('dol_optimize_smallscreen', 'alpha') || !empty($_SESSION['dol_optimize_smallscreen'])) {
79 $conf->dol_optimize_smallscreen = 1;
80}
81if (GETPOST('dol_no_mouse_hover', 'alpha') || !empty($_SESSION['dol_no_mouse_hover'])) {
82 $conf->dol_no_mouse_hover = 1;
83}
84if (GETPOST('dol_use_jmobile', 'alpha') || !empty($_SESSION['dol_use_jmobile'])) {
85 $conf->dol_use_jmobile = 1;
86}
87
88
89/*
90 * Actions
91 */
92
93$parameters = array('username' => $username);
94$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
95if ($reshook < 0) {
96 $message = $hookmanager->error;
97} else {
98 $message = '';
99}
100
101if (empty($reshook)) {
102 // Validate new password
103 if ($action == 'validatenewpassword' && $username && $passworduidhash) { // Test on permission not required here. Security is managed by $passworduihash
104 $edituser = new User($db);
105 $result = $edituser->fetch(0, $username, '', 0, $conf->entity);
106 if ($result < 0) {
107 $message = '<div class="error">'.dol_escape_htmltag($langs->trans("ErrorTechnicalError")).'</div>';
108 } else {
109 global $conf;
110
111 //print $edituser->pass_temp.'-'.$edituser->id.'-'.$conf->file->instance_unique_id.' '.$passworduidhash;
112 if ($edituser->pass_temp && dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$conf->file->instance_unique_id, $passworduidhash)) {
113 // Clear session
114 unset($_SESSION['dol_login']);
115 $_SESSION['dol_loginmesg'] = '<!-- warning -->'.$langs->transnoentitiesnoconv('NewPasswordValidated'); // Save message for the session page
116
117 $newpassword = $edituser->setPassword($user, $edituser->pass_temp, 0);
118 dol_syslog("passwordforgotten.php new password for user->id=".$edituser->id." validated in database");
119
120 header("Location: ".DOL_URL_ROOT.'/?username='.urlencode($edituser->login));
121 exit;
122 } else {
123 $langs->load("errors");
124 $message = '<div class="error">'.$langs->trans("ErrorFailedToValidatePasswordReset").'</div>';
125 }
126 }
127 }
128
129 // Action to set a temporary password and send email for reset
130 if ($action == 'buildnewpassword' && $username) { // Test on permission not required here. This action is done anonymously.
131 $sessionkey = 'dol_antispam_value';
132 $ok = (array_key_exists($sessionkey, $_SESSION) && (strtolower($_SESSION[$sessionkey]) == strtolower(GETPOST('code'))));
133
134 // Verify code
135 if (!$ok) {
136 dol_syslog('Bad value for code, password reset refused', LOG_NOTICE);
137
138 $message = '<div class="error">'.$langs->trans("ErrorBadValueForCode").'</div>';
139 } else {
140 $isanemail = preg_match('/@/', $username);
141
142 $edituser = new User($db);
143 $result = $edituser->fetch(0, $username, '', 1, $conf->entity);
144 if ($result == 0 && $isanemail) {
145 $result = $edituser->fetch(0, '', '', 1, $conf->entity, $username);
146 }
147
148 // Set the message to show (must be the same if login/email exists or not to avoid to guess them.
149 $messagewarning = '<div class="warning paddingtopbottom'.(!getDolGlobalString('MAIN_LOGIN_BACKGROUND') ? '' : ' backgroundsemitransparent boxshadow').'">';
150 if (!$isanemail) {
151 $messagewarning .= $langs->trans("IfLoginExistPasswordRequestSent");
152 } else {
153 $messagewarning .= $langs->trans("IfEmailExistPasswordRequestSent");
154 }
155 $messagewarning .= '</div>';
156
157 if ($result <= 0 && $edituser->error == 'USERNOTFOUND') {
158 usleep(20000); // add delay to simulate setPassword() and send_password() actions delay (0.02s)
159 $message .= $messagewarning;
160 $username = '';
161 } else {
162 if (empty($edituser->email)) {
163 usleep(20000); // add delay to simulate setPassword() and send_password() actions delay (0.02s)
164 $message .= $messagewarning;
165 } else {
166 $newpassword = $edituser->setPassword($user, '', 1);
167 if (is_int($newpassword) && $newpassword < 0) {
168 // Technical failure
169 $message = '<div class="error">'.$langs->trans("ErrorFailedToChangePassword").'</div>';
170 } else {
171 // Success to set temporary password, send email
172 if ($edituser->send_password($user, $newpassword, 1) > 0) {
173 $message .= $messagewarning;
174 $username = '';
175 } else {
176 // Technical failure
177 $message .= '<div class="error">'.$edituser->error.'</div>';
178 }
179 }
180 }
181 }
182 }
183 }
184}
185
186
187/*
188 * View
189 */
190
191$dol_url_root = DOL_URL_ROOT;
192
193// Title
194$title = 'Dolibarr '.DOL_VERSION;
195if (getDolGlobalString('MAIN_APPLICATION_TITLE')) {
196 $title = getDolGlobalString('MAIN_APPLICATION_TITLE');
197}
198
199// Select templates dir
200$template_dir = '';
201if (!empty($conf->modules_parts['tpl'])) { // Using this feature slow down application
202 $dirtpls = array_merge($conf->modules_parts['tpl'], array('/core/tpl/'));
203 foreach ($dirtpls as $reldir) {
204 $tmp = dol_buildpath($reldir.'passwordforgotten.tpl.php');
205 if (file_exists($tmp)) {
206 $template_dir = preg_replace('/passwordforgotten\.tpl\.php$/', '', $tmp);
207 break;
208 }
209 }
210} elseif (file_exists(DOL_DOCUMENT_ROOT."/theme/".$conf->theme."/tpl/passwordforgotten.tpl.php")) {
211 $template_dir = DOL_DOCUMENT_ROOT."/theme/".$conf->theme."/tpl/";
212} else {
213 $template_dir = DOL_DOCUMENT_ROOT."/core/tpl/";
214}
215
216if (!$username) {
217 $focus_element = 'username';
218} else {
219 $focus_element = 'password';
220}
221
222// Show logo (search in order: small company logo, large company logo, theme logo, common logo)
223$width = 0;
224$rowspan = 2;
225$urllogo = DOL_URL_ROOT.'/theme/common/login_logo.png';
226if (!empty($mysoc->logo_small) && is_readable($conf->mycompany->dir_output.'/logos/thumbs/'.$mysoc->logo_small)) {
227 $urllogo = DOL_URL_ROOT.'/viewimage.php?cache=1&amp;modulepart=mycompany&amp;file='.urlencode('logos/thumbs/'.$mysoc->logo_small);
228} elseif (!empty($mysoc->logo_small) && is_readable($conf->mycompany->dir_output.'/logos/'.$mysoc->logo)) {
229 $urllogo = DOL_URL_ROOT.'/viewimage.php?cache=1&amp;modulepart=mycompany&amp;file='.urlencode('logos/'.$mysoc->logo);
230 $width = 128;
231} elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/img/dolibarr_logo.svg')) {
232 $urllogo = DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/dolibarr_logo.svg';
233} elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/dolibarr_logo.svg')) {
234 $urllogo = DOL_URL_ROOT.'/theme/dolibarr_logo.svg';
235}
236
237// Send password button enabled ?
238$disabled = 'disabled';
239if (preg_match('/dolibarr/i', $mode)) {
240 $disabled = '';
241}
242if (getDolGlobalString('MAIN_SECURITY_ENABLE_SENDPASSWORD')) {
243 $disabled = ''; // To force button enabled
244}
245
246// Security graphical code
247$captcha = '';
248if (!$disabled) {
249 $captcha = getDolGlobalString('MAIN_SECURITY_ENABLECAPTCHA_HANDLER', 'standard');
250}
251
252// Execute hook getPasswordForgottenPageOptions (for table)
253$parameters = array('entity' => GETPOSTINT('entity'));
254$hookmanager->executeHooks('getPasswordForgottenPageOptions', $parameters); // Note that $action and $object may have been modified by some hooks
255if (is_array($hookmanager->resArray) && !empty($hookmanager->resArray)) {
256 $morelogincontent = $hookmanager->resArray; // (deprecated) For compatibility
257} else {
258 $morelogincontent = $hookmanager->resPrint;
259}
260
261// Execute hook getPasswordForgottenPageExtraOptions (eg for js)
262$parameters = array('entity' => GETPOSTINT('entity'));
263$reshook = $hookmanager->executeHooks('getPasswordForgottenPageExtraOptions', $parameters); // Note that $action and $object may have been modified by some hooks.
264$moreloginextracontent = $hookmanager->resPrint;
265
266if (empty($setnewpassword)) {
267 include $template_dir.'passwordforgotten.tpl.php'; // To use native PHP
268} else {
269 include $template_dir.'passwordreset.tpl.php'; // To use native PHP
270}
$object
if( $user->socid > 0) if(! $user->hasRight('accounting', 'chartofaccount')) $object
Definition card.php:66
User
Class to manage Dolibarr users.
Definition user.class.php:50
GETPOSTINT
GETPOSTINT($paramname, $method=0)
Return the value of a $_GET or $_POST supervariable, converted into integer.
Definition functions.lib.php:1120
GETPOST
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
Definition functions.lib.php:792
dol_buildpath
dol_buildpath($path, $type=0, $returnemptyifnotfound=0)
Return path of url or filesystem.
Definition functions.lib.php:1423
getDolGlobalString
getDolGlobalString($key, $default='')
Return a Dolibarr global constant string value.
Definition functions.lib.php:217
dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition functions.lib.php:2253
$conf
global $conf
The following vars must be defined: $type2label $form $conf, $lang, The following vars may also be de...
Definition member.php:79
dol_verifyHash
dol_verifyHash($chain, $hash, $type='0')
Compute a hash and compare it to the given one For backward compatibility reasons,...
Definition security.lib.php:293
Generated on Sun Dec 1 2024 01:00:34 for dolibarr by Doxygen 1.11.0