dolibarr 21.0.0-beta
passwordreset.tpl.php
1<?php
2/* Copyright (C) 2022 Laurent Destailleur <eldy@users.sourceforge.net>
3 * Copyright (C) 2024 Frédéric France <frederic.france@free.fr>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 3 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <https://www.gnu.org/licenses/>.
17 */
18
19// Page called to validate a password change
20// To show this page, we need parameters: setnewpassword=1&username=...&passworduidhash=...
21
22if (!defined('NOBROWSERNOTIF')) {
23 define('NOBROWSERNOTIF', 1);
24}
48// Protection to avoid direct call of template
49if (empty($conf) || !is_object($conf)) {
50 print "Error, template page can't be called as URL";
51 exit(1);
52}
53
54// DDOS protection
55$size = (int) $_SERVER['CONTENT_LENGTH'];
56if ($size > 10000) {
57 $langs->loadLangs(array("errors", "install"));
58 httponly_accessforbidden('<center>'.$langs->trans("ErrorRequestTooLarge").'<br><a href="'.DOL_URL_ROOT.'">'.$langs->trans("ClickHereToGoToApp").'</a></center>', 413, 1);
59}
60
61require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
62
63
64/*
65 * View
66 */
67
68header('Cache-Control: Public, must-revalidate');
69
70if (GETPOST('dol_hide_topmenu')) {
71 $conf->dol_hide_topmenu = 1;
72}
73if (GETPOST('dol_hide_leftmenu')) {
74 $conf->dol_hide_leftmenu = 1;
75}
76if (GETPOST('dol_optimize_smallscreen')) {
77 $conf->dol_optimize_smallscreen = 1;
78}
79if (GETPOST('dol_no_mouse_hover')) {
80 $conf->dol_no_mouse_hover = 1;
81}
82if (GETPOST('dol_use_jmobile')) {
83 $conf->dol_use_jmobile = 1;
84}
85
86// If we force to use jmobile, then we reenable javascript
87if (!empty($conf->dol_use_jmobile)) {
88 $conf->use_javascript_ajax = 1;
89}
90
91$php_self = $_SERVER['PHP_SELF'];
92$php_self .= dol_escape_htmltag($_SERVER["QUERY_STRING"]) ? '?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]) : '';
93$php_self = str_replace('action=validatenewpassword', '', $php_self);
94
95$titleofpage = $langs->trans('ResetPassword');
96
97// Javascript code on logon page only to detect user tz, dst_observed, dst_first, dst_second
98$arrayofjs = array();
99
100$disablenofollow = 1;
101if (!preg_match('/'.constant('DOL_APPLICATION_TITLE').'/', $title)) {
102 $disablenofollow = 0;
103}
104if (getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {
105 $disablenofollow = 0;
106}
107
108top_htmlhead('', $titleofpage, 0, 0, $arrayofjs, array(), 1, $disablenofollow);
109
110
111$colorbackhmenu1 = '60,70,100'; // topmenu
112if (!isset($conf->global->THEME_ELDY_TOPMENU_BACK1)) {
113 $conf->global->THEME_ELDY_TOPMENU_BACK1 = $colorbackhmenu1;
114}
115$colorbackhmenu1 = getDolUserString('THEME_ELDY_ENABLE_PERSONALIZED') ? getDolUserString('THEME_ELDY_TOPMENU_BACK1', $colorbackhmenu1) : getDolGlobalString('THEME_ELDY_TOPMENU_BACK1', $colorbackhmenu1);
116$colorbackhmenu1 = implode(',', colorStringToArray($colorbackhmenu1)); // Normalize value to 'x,y,z'
117
118
119$edituser = new User($db);
120
121
122// Validate parameters
123if ($setnewpassword && $username && $passworduidhash) {
124 $result = $edituser->fetch(0, $username);
125 if ($result < 0) {
126 $message = '<div class="error">'.dol_escape_htmltag($langs->trans("ErrorTechnicalError")).'</div>';
127 } else {
128 global $conf;
129
130 //print $edituser->pass_temp.'-'.$edituser->id.'-'.$conf->file->instance_unique_id.' '.$passworduidhash;
131 if ($edituser->pass_temp && dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$conf->file->instance_unique_id, $passworduidhash)) {
132 // Clear session
133 unset($_SESSION['dol_login']);
134
135 // Parameters to reset the user are validated
136 } else {
137 $langs->load("errors");
138 $message = '<div class="error">'.$langs->trans("ErrorFailedToValidatePasswordReset").'</div>';
139 }
140 }
141} else {
142 $langs->load("errors");
143 $message = '<div class="error">'.$langs->trans("ErrorFailedToValidatePasswordReset").'</div>';
144}
145
146
147?>
148<!-- BEGIN PHP TEMPLATE PASSWORDRESET.TPL.PHP -->
149
150<body class="body bodylogin"<?php print !getDolGlobalString('MAIN_LOGIN_BACKGROUND') ? '' : ' style="background-size: cover; background-position: center center; background-attachment: fixed; background-repeat: no-repeat; background-image: url(\''.DOL_URL_ROOT.'/viewimage.php?cache=1&noalt=1&modulepart=mycompany&file='.urlencode('logos/' . getDolGlobalString('MAIN_LOGIN_BACKGROUND')).'\')"'; ?>>
151
152<?php if (empty($conf->dol_use_jmobile)) { ?>
153<script>
154$(document).ready(function () {
155 // Set focus on correct field
156 <?php if ($focus_element) {
157 ?>$('#<?php echo $focus_element; ?>').focus(); <?php
158 } ?> // Warning to use this only on visible element
159});
160</script>
161<?php } ?>
162
163
164<div class="login_center center"<?php
165if (!getDolGlobalString('ADD_UNSPLASH_LOGIN_BACKGROUND')) {
166 $backstyle = 'background: linear-gradient('.($conf->browser->layout == 'phone' ? '0deg' : '4deg').', rgb(240,240,240) 52%, rgb('.$colorbackhmenu1.') 52.1%);';
167 // old style: $backstyle = 'background-image: linear-gradient(rgb('.$colorbackhmenu1.',0.3), rgb(240,240,240));';
168 $backstyle = getDolGlobalString('MAIN_LOGIN_BACKGROUND_STYLE', $backstyle);
169 print !getDolGlobalString('MAIN_LOGIN_BACKGROUND') ? ' style="background-size: cover; background-position: center center; background-attachment: fixed; background-repeat: no-repeat; '.$backstyle.'"' : '';
170}
171?>>
172<div class="login_vertical_align">
173
174<form id="login" name="login" method="POST" action="<?php echo $php_self; ?>">
175<input type="hidden" name="token" value="<?php echo newToken(); ?>">
176<input type="hidden" name="action" value="buildnewpassword">
177
178
179<!-- Title with version -->
180<div class="login_table_title center" title="<?php echo dol_escape_htmltag($title); ?>">
181<?php
182if (!empty($disablenofollow)) {
183 echo '<a class="login_table_title" href="https://www.dolibarr.org" target="_blank" rel="noopener noreferrer external">';
184}
185echo dol_escape_htmltag($title);
186if (!empty($disablenofollow)) {
187 echo '</a>';
188}
189?>
190</div>
191
192
193
194<div class="login_table">
195
196<div id="login_line1">
197
198<div id="login_left">
199<img alt="" title="" src="<?php echo $urllogo; ?>" id="img_logo" />
200</div>
201
202<br>
203
204<div id="login_right">
205
206<div class="tagtable centpercent" title="Login pass" >
207
208<!-- New pass 1 -->
209<div class="trinputlogin">
210<div class="tagtd nowraponall center valignmiddle tdinputlogin">
211<!-- <span class="span-icon-user">-->
212<span class="fa fa-user"></span>
213<input type="text" maxlength="255" placeholder="<?php echo $langs->trans("NewPassword"); ?>" <?php echo $disabled; ?> id="newpass1" name="newpass1" class="flat input-icon-user minwidth150" value="<?php echo dol_escape_htmltag($newpass1); ?>" tabindex="1" autofocus />
214</div>
215</div>
216<div class="trinputlogin">
217<div class="tagtd nowraponall center valignmiddle tdinputlogin">
218<!-- <span class="span-icon-user">-->
219<span class="fa fa-user"></span>
220<input type="text" maxlength="255" placeholder="<?php echo $langs->trans("PasswordRetype"); ?>" <?php echo $disabled; ?> id="newpass2" name="newpass2" class="flat input-icon-user minwidth150" value="<?php echo dol_escape_htmltag($newpass2); ?>" tabindex="1" />
221</div>
222</div>
223
224
225<?php
226if (!empty($captcha)) {
227 // Add a variable param to force not using cache (jmobile)
228 $php_self = preg_replace('/[&\?]time=(\d+)/', '', $php_self); // Remove param time
229 if (preg_match('/\?/', $php_self)) {
230 $php_self .= '&time='.dol_print_date(dol_now(), 'dayhourlog');
231 } else {
232 $php_self .= '?time='.dol_print_date(dol_now(), 'dayhourlog');
233 }
234
235 $classfile = DOL_DOCUMENT_ROOT."/core/modules/security/captcha/modCaptcha".ucfirst($captcha).'.class.php';
236 include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
237 $captchaobj = null;
238 if (dol_is_file($classfile)) {
239 // Charging the numbering class
240 $classname = "modCaptcha".ucfirst($captcha);
241 require_once $classfile;
242
243 $captchaobj = new $classname($db, $conf, $langs, $user);
244 }
245
246 if (is_object($captchaobj) && method_exists($captchaobj, 'getCaptchaCodeForForm')) {
247 // TODO: get this code using a method of captcha
248 } else {
249 ?>
250 <!-- Captcha -->
251 <div class="trinputlogin">
252 <div class="tagtd tdinputlogin nowrap none valignmiddle">
253
254 <span class="fa fa-unlock"></span>
255 <span class="nofa inline-block">
256 <input id="securitycode" placeholder="<?php echo $langs->trans("SecurityCode"); ?>" class="flat input-icon-security width125" type="text" maxlength="5" name="code" tabindex="3" autocomplete="off" />
257 </span>
258 <span class="nowrap inline-block">
259 <img class="inline-block valignmiddle" src="<?php echo DOL_URL_ROOT ?>/core/antispamimage.php" border="0" width="80" height="32" id="img_securitycode" />
260 <a class="inline-block valignmiddle" href="<?php echo $php_self; ?>" tabindex="4"><?php echo img_picto($langs->trans("Refresh"), 'refresh', 'id="captcha_refresh_img"'); ?></a>
261 </span>
262
263 </div>
264 </div>
265 <?php
266 }
267}
268
269if (!empty($morelogincontent)) {
270 if (is_array($morelogincontent)) {
271 foreach ($morelogincontent as $format => $option) {
272 if ($format == 'table') {
273 echo '<!-- Option by hook -->';
274 echo $option;
275 }
276 }
277 } else {
278 echo '<!-- Option by hook -->';
279 echo $morelogincontent;
280 }
281}
282?>
283
284</div>
285
286</div> <!-- end div login_right -->
287
288</div> <!-- end div login_line1 -->
289
290
291<div id="login_line2" style="clear: both">
292
293<!-- Button "Regenerate and Send password" -->
294<br><input type="submit" <?php echo $disabled; ?> class="button small" name="button_password" value="<?php echo $langs->trans('Save'); ?>" tabindex="4" />
295
296<br>
297<div class="center" style="margin-top: 15px;">
298 <?php
299 $moreparam = '';
300 if (!empty($conf->dol_hide_topmenu)) {
301 $moreparam .= (strpos($moreparam, '?') === false ? '?' : '&').'dol_hide_topmenu='.$conf->dol_hide_topmenu;
302 }
303 if (!empty($conf->dol_hide_leftmenu)) {
304 $moreparam .= (strpos($moreparam, '?') === false ? '?' : '&').'dol_hide_leftmenu='.$conf->dol_hide_leftmenu;
305 }
306 if (!empty($conf->dol_no_mouse_hover)) {
307 $moreparam .= (strpos($moreparam, '?') === false ? '?' : '&').'dol_no_mouse_hover='.$conf->dol_no_mouse_hover;
308 }
309 if (!empty($conf->dol_use_jmobile)) {
310 $moreparam .= (strpos($moreparam, '?') === false ? '?' : '&').'dol_use_jmobile='.$conf->dol_use_jmobile;
311 }
312
313 print '<a class="alogin" href="'.$dol_url_root.'/index.php'.$moreparam.'">'.$langs->trans('BackToLoginPage').'</a>';
314 ?>
315</div>
316
317</div>
318
319</div>
320
321</form>
322
323
324<?php
325if ($mode == 'dolibarr' || !$disabled) {
326 if (empty($message)) {
327 print '<div class="center login_main_home divpasswordmessagedesc paddingtopbottom'.(!getDolGlobalString('MAIN_LOGIN_BACKGROUND') ? '' : ' backgroundsemitransparent boxshadow').'" style="max-width: 70%">';
328 print '<span class="passwordmessagedesc opacitymedium">';
329 print $langs->trans('EnterNewPasswordHere');
330 print '</span>';
331 print '</div>';
332 }
333} else {
334 print '<div class="center login_main_home divpasswordmessagedesc paddingtopbottom'.(!getDolGlobalString('MAIN_LOGIN_BACKGROUND') ? '' : ' backgroundsemitransparent boxshadow').'" style="max-width: 70%">';
335 print '<div class="warning center">';
336 print $langs->trans('AuthenticationDoesNotAllowSendNewPassword', $mode);
337 print '</div>';
338 print '</div>';
339}
340?>
341
342
343<br>
344
345<?php if (!empty($message)) { ?>
346 <div class="center login_main_message">
347 <?php dol_htmloutput_mesg($message, [], '', 1); ?>
348 </div>
349<?php } ?>
350
351
352<!-- Common footer is not used for passwordforgotten page, this is same than footer but inside passwordforgotten tpl -->
353
354<?php
355if (getDolGlobalString('MAIN_HTML_FOOTER')) {
356 print $conf->global->MAIN_HTML_FOOTER;
357}
358
359if (!empty($morelogincontent) && is_array($morelogincontent)) {
360 foreach ($morelogincontent as $format => $option) {
361 if ($format == 'js') {
362 echo "\n".'<!-- Javascript by hook -->';
363 echo $option."\n";
364 }
365 }
366} elseif (!empty($moreloginextracontent)) {
367 echo '<!-- Javascript by hook -->';
368 echo $moreloginextracontent;
369}
370
371// Can add extra content
372$parameters = array();
373$dummyobject = new stdClass();
374$result = $hookmanager->executeHooks('getPasswordResetExtraContent', $parameters, $dummyobject, $action);
375print $hookmanager->resPrint;
376
377?>
378
379
380</div>
381</div> <!-- end of center -->
382
383
384</body>
385</html>
386<!-- END PHP TEMPLATE -->
print $object position
Definition edit.php:204
Class to manage Dolibarr users.
dol_is_file($pathoffile)
Return if path is a file.
colorStringToArray($stringcolor, $colorifnotfound=array(88, 88, 88))
Convert a string RGB value ('FFFFFF', '255,255,255') into an array RGB array(255,255,...
img_picto($titlealt, $picto, $moreatt='', $pictoisfullpath=0, $srconly=0, $notitle=0, $alt='', $morecss='', $marginleftonlyshort=2)
Show picto whatever it's its name (generic function)
getDolUserString($key, $default='', $tmpuser=null)
Return Dolibarr user constant string value.
dol_now($mode='auto')
Return date for now.
newToken()
Return the value of token currently saved into session with name 'newtoken'.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
dol_htmloutput_mesg($mesgstring='', $mesgarray=array(), $style='ok', $keepembedded=0)
Print formatted messages to output (Used to show messages on html output).
getDolGlobalString($key, $default='')
Return a Dolibarr global constant string value.
dol_escape_htmltag($stringtoescape, $keepb=0, $keepn=0, $noescapetags='', $escapeonlyhtmltags=0, $cleanalsojavascript=0)
Returns text escaped for inclusion in HTML alt or title or value tags, or into values of HTML input f...
top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs=array(), $arrayofcss=array(), $disableforlogin=0, $disablenofollow=0, $disablenoindex=0)
Output html header of a page.
global $conf
The following vars must be defined: $type2label $form $conf, $lang, The following vars may also be de...
Definition member.php:79
if(preg_match('/crypted:/i', $dolibarr_main_db_pass)||!empty($dolibarr_main_db_encrypted_pass)) $conf db type
Definition repair.php:149
$conf db name
Only used if Module[ID]Name translation string is not found.
Definition repair.php:152
httponly_accessforbidden($message='1', $http_response_code=403, $stringalreadysanitized=0)
Show a message to say access is forbidden and stop program.
dol_verifyHash($chain, $hash, $type='0')
Compute a hash and compare it to the given one For backward compatibility reasons,...