41 global $db,
$conf, $langs;
44 $entity = $entitytotest;
45 if (isModEnabled(
'multicompany') &&
getDolGlobalString(
'MULTICOMPANY_TRANSVERSE_MODE')) {
51 if (!empty($usertotest)) {
52 require_once DOL_DOCUMENT_ROOT.
'/core/lib/date.lib.php';
53 dol_syslog(
"functions_dolibarr::check_user_password_dolibarr usertotest=".$usertotest.
" passwordtotest=".preg_replace(
'/./',
'*', $passwordtotest).
" entitytotest=".$entitytotest);
60 $sql =
"SELECT COUNT(e.rowid) as nbevent";
61 $sql .=
" FROM ".MAIN_DB_PREFIX.
"events as e";
62 $sql .=
" WHERE e.type = 'USER_LOGIN_FAILED'";
63 $sql .=
" AND e.ip = '".$db->escape($userremoteip).
"'";
64 $sql .=
" AND e.dateevent > '".$db->idate($dateverificationauth).
"'";
65 $resql = $db->query($sql);
67 $obj = $db->fetch_object($resql);
69 $nbevents = $obj->nbevent;
73 if ($nbevents <=
getDolGlobalInt(
"MAIN_SECURITY_MAX_NUMBER_FAILED_AUTH", 100)) {
75 $table = MAIN_DB_PREFIX.
"user";
76 $usernamecol1 =
'login';
77 $usernamecol2 =
'email';
78 $entitycol =
'entity';
80 $sql =
"SELECT rowid, login, entity, pass, pass_crypted, datestartvalidity, dateendvalidity, flagdelsessionsbefore";
81 $sql .=
" FROM ".$table;
82 $sql .=
" WHERE (".$usernamecol1.
" = '".$db->escape($usertotest).
"'";
83 if (preg_match(
'/@/', $usertotest)) {
84 $sql .=
" OR ".$usernamecol2.
" = '".$db->escape($usertotest).
"'";
86 $sql .=
") AND ".$entitycol.
" IN (0,".($entity ? ((int) $entity) : 1).
")";
87 $sql .=
" AND statut = 1";
90 $sql .=
" ORDER BY entity DESC";
94 $resql = $db->query($sql);
96 $obj = $db->fetch_object($resql);
98 $passclear = $obj->pass;
99 $passcrypted = $obj->pass_crypted;
100 $passtyped = $passwordtotest;
111 if (!in_array($cryptType, array(
'auto'))) {
115 if ($cryptType ==
'auto') {
116 if ($passcrypted &&
dol_verifyHash($passtyped, $passcrypted,
'0')) {
118 dol_syslog(
"functions_dolibarr::check_user_password_dolibarr Authentication ok - hash ".$cryptType.
" of pass is ok");
124 if ((!$passcrypted || $passtyped)
125 && ($passclear && ($passtyped == $passclear))) {
127 dol_syslog(
"functions_dolibarr::check_user_password_dolibarr Authentication ok - found old pass in database", LOG_WARNING);
133 $login = $obj->login;
135 dol_syslog(
"functions_dolibarr::check_user_password_dolibarr Authentication KO bad password for '".$usertotest.
"', cryptType=".$cryptType, LOG_NOTICE);
139 $langs->loadLangs(array(
'main',
'errors'));
141 $_SESSION[
"dol_loginmesg"] = $langs->transnoentitiesnoconv(
"ErrorBadLoginPassword");
145 if ($passok && isModEnabled(
'multicompany')) {
149 unset(
$conf->multicompany->enabled);
151 $ret = $mc->checkRight($obj->rowid, $entitytotest);
153 dol_syslog(
"functions_dolibarr::check_user_password_dolibarr Authentication KO entity '".$entitytotest.
"' not allowed for user '".$obj->rowid.
"'", LOG_NOTICE);
156 if ($mc->db->lasterror()) {
157 $_SESSION[
"dol_loginmesg"] = $mc->db->lasterror();
163 dol_syslog(
"functions_dolibarr::check_user_password_dolibarr Authentication KO user not found for '".$usertotest.
"'", LOG_NOTICE);
167 $langs->loadLangs(array(
'main',
'errors'));
169 $_SESSION[
"dol_loginmesg"] = $langs->transnoentitiesnoconv(
"ErrorBadLoginPassword");
172 dol_syslog(
"functions_dolibarr::check_user_password_dolibarr Authentication KO db error for '".$usertotest.
"' error=".$db->lasterror(), LOG_ERR);
174 $_SESSION[
"dol_loginmesg"] = $db->lasterror();
177 dol_syslog(
"functions_dolibarr::check_user_password_dolibarr Authentication KO Too many attempts", LOG_NOTICE);
180 $langs->loadLangs(array(
'main',
'errors'));
181 $_SESSION[
"dol_loginmesg"] = $langs->transnoentitiesnoconv(
"ErrorTooManyAttempts");
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotest=1)
Check validity of user/password/entity If test is ko, reason must be filled into $_SESSION["dol_login...
dol_verifyHash($chain, $hash, $type='0')
Compute a hash and compare it to the given one For backward compatibility reasons,...