40 global $db, $conf, $langs;
43 $entity = $entitytotest;
44 if (
isModEnabled(
'multicompany') && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) {
50 if (!empty($usertotest)) {
51 require_once DOL_DOCUMENT_ROOT.
'/core/lib/date.lib.php';
52 dol_syslog(
"functions_dolibarr::check_user_password_dolibarr usertotest=".$usertotest.
" passwordtotest=".preg_replace(
'/./',
'*', $passwordtotest).
" entitytotest=".$entitytotest);
55 $table = MAIN_DB_PREFIX.
"user";
56 $usernamecol1 =
'login';
57 $usernamecol2 =
'email';
58 $entitycol =
'entity';
60 $sql =
"SELECT rowid, login, entity, pass, pass_crypted, datestartvalidity, dateendvalidity, flagdelsessionsbefore";
61 $sql .=
" FROM ".$table;
62 $sql .=
" WHERE (".$usernamecol1.
" = '".$db->escape($usertotest).
"'";
63 if (preg_match(
'/@/', $usertotest)) {
64 $sql .=
" OR ".$usernamecol2.
" = '".$db->escape($usertotest).
"'";
66 $sql .=
") AND ".$entitycol.
" IN (0,".($entity ? ((int) $entity) : 1).
")";
67 $sql .=
" AND statut = 1";
71 $sql .=
" ORDER BY entity DESC";
73 $resql = $db->query(
$sql);
75 $obj = $db->fetch_object($resql);
77 $passclear = $obj->pass;
78 $passcrypted = $obj->pass_crypted;
79 $passtyped = $passwordtotest;
85 if (!empty($conf->global->DATABASE_PWD_ENCRYPTED)) {
86 $cryptType = $conf->global->DATABASE_PWD_ENCRYPTED;
90 if (!in_array($cryptType, array(
'auto'))) {
94 if ($cryptType ==
'auto') {
95 if ($passcrypted &&
dol_verifyHash($passtyped, $passcrypted,
'0')) {
97 dol_syslog(
"functions_dolibarr::check_user_password_dolibarr Authentification ok - hash ".$cryptType.
" of pass is ok");
103 if ((!$passcrypted || $passtyped)
104 && ($passclear && ($passtyped == $passclear))) {
106 dol_syslog(
"functions_dolibarr::check_user_password_dolibarr Authentification ok - found old pass in database", LOG_WARNING);
112 $login = $obj->login;
114 dol_syslog(
"functions_dolibarr::check_user_password_dolibarr Authentication KO bad password for '".$usertotest.
"', cryptType=".$cryptType, LOG_NOTICE);
118 $langs->loadLangs(array(
'main',
'errors'));
120 $_SESSION[
"dol_loginmesg"] = $langs->transnoentitiesnoconv(
"ErrorBadLoginPassword");
130 $ret = $mc->checkRight($obj->rowid, $entitytotest);
132 dol_syslog(
"functions_dolibarr::check_user_password_dolibarr Authentication KO entity '".$entitytotest.
"' not allowed for user '".$obj->rowid.
"'", LOG_NOTICE);
135 if ($mc->db->lasterror()) {
136 $_SESSION[
"dol_loginmesg"] = $mc->db->lasterror();
142 dol_syslog(
"functions_dolibarr::check_user_password_dolibarr Authentication KO user not found for '".$usertotest.
"'", LOG_NOTICE);
146 $langs->loadLangs(array(
'main',
'errors'));
148 $_SESSION[
"dol_loginmesg"] = $langs->transnoentitiesnoconv(
"ErrorBadLoginPassword");
151 dol_syslog(
"functions_dolibarr::check_user_password_dolibarr Authentication KO db error for '".$usertotest.
"' error=".$db->lasterror(), LOG_ERR);
153 $_SESSION[
"dol_loginmesg"] = $db->lasterror();