mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2025-02-20 13:46:52 +01:00
Set default length of password to 12 car.
FIX #yogosha5855
This commit is contained in:
Laurent Destailleur
parent
1a3e9cae68
commit
0d8a354934
File diff suppressed because one or more lines are too long
|
|
@ -254,9 +254,13 @@ foreach ($arrayhandler as $key => $module) {
|
|||
|
||||
print '<td width="100" align="center">';
|
||||
if ($conf->global->USER_PASSWORD_GENERATED == $key) {
|
||||
print img_picto('', 'tick');
|
||||
//print img_picto('', 'tick');
|
||||
print img_picto($langs->trans("Enabled"), 'switch_on');
|
||||
} else {
|
||||
print '<a href="'.$_SERVER['PHP_SELF'].'?action=setgeneraterule&token='.newToken().'&value='.$key.'">'.$langs->trans("Activate").'</a>';
|
||||
print '<a href="'.$_SERVER['PHP_SELF'].'?action=setgeneraterule&token='.newToken().'&value='.$key.'">';
|
||||
//print $langs->trans("Activate");
|
||||
print img_picto($langs->trans("Disabled"), 'switch_off');
|
||||
print '</a>';
|
||||
}
|
||||
print "</td></tr>\n";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@ class modGeneratePassPerso extends ModeleGenPassword
|
|||
|
||||
if (empty($conf->global->USER_PASSWORD_PATTERN)) {
|
||||
// default value (10carac, 1maj, 1digit, 1spe, 3 repeat, no ambi at auto generation.
|
||||
dolibarr_set_const($db, "USER_PASSWORD_PATTERN", '10;1;1;1;3;1', 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "USER_PASSWORD_PATTERN", '12;1;1;1;3;1', 'chaine', 0, '', $conf->entity);
|
||||
}
|
||||
|
||||
$this->Maj = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ class modGeneratePassStandard extends ModeleGenPassword
|
|||
public function __construct($db, $conf, $langs, $user)
|
||||
{
|
||||
$this->id = "standard";
|
||||
$this->length = 10;
|
||||
$this->length = 12;
|
||||
|
||||
$this->db = $db;
|
||||
$this->conf = $conf;
|
||||
|
|
|
|||
|
|
@ -245,6 +245,7 @@ NewKeyIs=This is your new keys to login
|
|||
NewKeyWillBe=Your new key to login to software will be
|
||||
ClickHereToGoTo=Click here to go to %s
|
||||
YouMustClickToChange=You must however first click on the following link to validate this password change
|
||||
ConfirmPasswordChange=Confirm password change
|
||||
ForgetIfNothing=If you didn't request this change, just forget this email. Your credentials are kept safe.
|
||||
IfAmountHigherThan=If amount higher than <strong>%s</strong>
|
||||
SourcesRepository=Repository for sources
|
||||
|
|
|
|||
|
|
@ -1925,13 +1925,14 @@ class User extends CommonObject
|
|||
* Change password of a user
|
||||
*
|
||||
* @param User $user Object user of user requesting the change (not the user for who we change the password). May be unknown.
|
||||
* @param string $password New password in clear text (to generate if not provided)
|
||||
* @param int $changelater 1=Change password only after clicking on confirm email
|
||||
* @param string $password New password, in clear text or already encrypted (to generate if not provided)
|
||||
* @param int $changelater 0=Default, 1=Save password into pass_temp to change password only after clicking on confirm email
|
||||
* @param int $notrigger 1=Does not launch triggers
|
||||
* @param int $nosyncmember Do not synchronize linked member
|
||||
* @param int $passwordalreadycrypted 0=Value is cleartext password, 1=Value is crypted value.
|
||||
* @return string If OK return clear password, 0 if no change, < 0 if error
|
||||
*/
|
||||
public function setPassword($user, $password = '', $changelater = 0, $notrigger = 0, $nosyncmember = 0)
|
||||
public function setPassword($user, $password = '', $changelater = 0, $notrigger = 0, $nosyncmember = 0, $passwordalreadycrypted = 0)
|
||||
{
|
||||
global $conf, $langs;
|
||||
require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
|
||||
|
|
@ -1946,9 +1947,11 @@ class User extends CommonObject
|
|||
}
|
||||
|
||||
// Crypt password
|
||||
$password_crypted = dol_hash($password);
|
||||
if (empty($passwordalreadycrypted)) {
|
||||
$password_crypted = dol_hash($password);
|
||||
}
|
||||
|
||||
// Mise a jour
|
||||
// Update password
|
||||
if (!$changelater) {
|
||||
if (!is_object($this->oldcopy)) {
|
||||
$this->oldcopy = clone $this;
|
||||
|
|
@ -2018,8 +2021,8 @@ class User extends CommonObject
|
|||
return -1;
|
||||
}
|
||||
} else {
|
||||
// We store clear password in password temporary field.
|
||||
// After receiving confirmation link, we will crypt it and store it in pass_crypted
|
||||
// We store password in password temporary field.
|
||||
// After receiving confirmation link, we will erase and store it in pass_crypted
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."user";
|
||||
$sql .= " SET pass_temp = '".$this->db->escape($password)."'";
|
||||
$sql .= " WHERE rowid = ".$this->id;
|
||||
|
|
@ -2035,7 +2038,6 @@ class User extends CommonObject
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
// phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
|
||||
/**
|
||||
* Send new password by email
|
||||
|
|
@ -2099,16 +2101,22 @@ class User extends CommonObject
|
|||
|
||||
dol_syslog(get_class($this)."::send_password changelater is off, url=".$url);
|
||||
} else {
|
||||
$url = $urlwithroot.'/user/passwordforgotten.php?action=validatenewpassword&username='.urlencode($this->login)."&passwordhash=".dol_hash($password);
|
||||
global $dolibarr_main_instance_unique_id;
|
||||
|
||||
$mesg .= $outputlangs->transnoentitiesnoconv("RequestToResetPasswordReceived")."\n";
|
||||
$mesg .= $outputlangs->transnoentitiesnoconv("NewKeyWillBe")." :\n\n";
|
||||
$mesg .= $outputlangs->transnoentitiesnoconv("Login")." = ".$this->login."\n";
|
||||
$mesg .= $outputlangs->transnoentitiesnoconv("Password")." = ".$password."\n\n";
|
||||
$mesg .= "\n";
|
||||
$mesg .= $outputlangs->transnoentitiesnoconv("YouMustClickToChange")." :\n";
|
||||
$mesg .= $url."\n\n";
|
||||
$mesg .= $outputlangs->transnoentitiesnoconv("ForgetIfNothing")."\n\n";
|
||||
//print $password.'-'.$this->id.'-'.$dolibarr_main_instance_unique_id;
|
||||
$url = $urlwithroot.'/user/passwordforgotten.php?action=validatenewpassword';
|
||||
$url .= '&username='.urlencode($this->login)."&passworduidhash=".urlencode(dol_hash($password.'-'.$this->id.'-'.$dolibarr_main_instance_unique_id));
|
||||
|
||||
$msgishtml = 1;
|
||||
|
||||
$mesg .= $outputlangs->transnoentitiesnoconv("RequestToResetPasswordReceived")."<br>\n";
|
||||
$mesg .= $outputlangs->transnoentitiesnoconv("NewKeyWillBe")." :<br>\n<br>\n";
|
||||
$mesg .= '<strong>'.$outputlangs->transnoentitiesnoconv("Login")."</strong> = ".$this->login."<br>\n";
|
||||
$mesg .= '<strong>'.$outputlangs->transnoentitiesnoconv("Password")."</strong> = ".$password."<br>\n<br>\n";
|
||||
$mesg .= "<br>\n";
|
||||
$mesg .= $outputlangs->transnoentitiesnoconv("YouMustClickToChange")." :<br>\n";
|
||||
$mesg .= '<a href="'.$url.'" rel="noopener">'.$outputlangs->transnoentitiesnoconv("ConfirmPasswordChange").'</a>'."<br>\n<br>\n";
|
||||
$mesg .= $outputlangs->transnoentitiesnoconv("ForgetIfNothing")."<br>\n<br>\n";
|
||||
|
||||
dol_syslog(get_class($this)."::send_password changelater is on, url=".$url);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ if (!$mode) {
|
|||
}
|
||||
|
||||
$username = GETPOST('username', 'alphanohtml');
|
||||
$passwordhash = GETPOST('passwordhash', 'alpha');
|
||||
$passworduidhash = GETPOST('passworduidhash', 'alpha');
|
||||
$conf->entity = (GETPOST('entity', 'int') ? GETPOST('entity', 'int') : 1);
|
||||
|
||||
// Instantiate hooks of thirdparty module only if not already define
|
||||
|
|
@ -85,19 +85,23 @@ if ($reshook < 0) {
|
|||
|
||||
if (empty($reshook)) {
|
||||
// Validate new password
|
||||
if ($action == 'validatenewpassword' && $username && $passwordhash) {
|
||||
if ($action == 'validatenewpassword' && $username && $passworduidhash) {
|
||||
$edituser = new User($db);
|
||||
$result = $edituser->fetch('', $_GET["username"]);
|
||||
if ($result < 0) {
|
||||
$message = '<div class="error">'.dol_escape_htmltag($langs->trans("ErrorLoginDoesNotExists", $username)).'</div>';
|
||||
} else {
|
||||
if (dol_verifyHash($edituser->pass_temp, $passwordhash)) {
|
||||
global $dolibarr_main_instance_unique_id;
|
||||
|
||||
//print $edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id.' '.$passworduidhash;
|
||||
if (dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id, $passworduidhash)) {
|
||||
// Clear session
|
||||
unset($_SESSION['dol_login']);
|
||||
$_SESSION['dol_loginmesg'] = $langs->trans('NewPasswordValidated'); // Save message for the session page
|
||||
|
||||
$newpassword = $edituser->setPassword($user, $edituser->pass_temp, 0);
|
||||
dol_syslog("passwordforgotten.php new password for user->id=".$edituser->id." validated in database");
|
||||
|
||||
header("Location: ".DOL_URL_ROOT.'/');
|
||||
exit;
|
||||
} else {
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user