dolibarr  13.0.2
functions_dolibarr.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2007-2015 Laurent Destailleur <eldy@users.sourceforge.net>
3  * Copyright (C) 2007-2015 Regis Houssin <regis.houssin@inodbox.com>
4  * Copyright (C) 2010-2011 Juanjo Menent <jmenent@2byte.es>
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 3 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program. If not, see <https://www.gnu.org/licenses/>.
18  */
19 
36 function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotest = 1)
37 {
38  global $db, $conf, $langs;
39 
40  // Force master entity in transversal mode
41  $entity = $entitytotest;
42  if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) $entity = 1;
43 
44  $login = '';
45 
46  if (!empty($usertotest))
47  {
48  require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
49  dol_syslog("functions_dolibarr::check_user_password_dolibarr usertotest=".$usertotest." passwordtotest=".preg_replace('/./', '*', $passwordtotest)." entitytotest=".$entitytotest);
50 
51  // If test username/password asked, we define $test=false if ko and $login var to login if ok, set also $_SESSION["dol_loginmesg"] if ko
52  $table = MAIN_DB_PREFIX."user";
53  $usernamecol1 = 'login';
54  $usernamecol2 = 'email';
55  $entitycol = 'entity';
56 
57  $sql = 'SELECT rowid, login, entity, pass, pass_crypted, datestartvalidity, dateendvalidity';
58  $sql .= ' FROM '.$table;
59  $sql .= ' WHERE ('.$usernamecol1." = '".$db->escape($usertotest)."'";
60  if (preg_match('/@/', $usertotest)) $sql .= ' OR '.$usernamecol2." = '".$db->escape($usertotest)."'";
61  $sql .= ') AND '.$entitycol." IN (0,".($entity ? $entity : 1).")";
62  $sql .= ' AND statut = 1';
63  // Note: Test on validity is done later
64  // Required to firstly found the user into entity, then the superadmin.
65  // For the case (TODO we must avoid that) a user has renamed its login with same value than a user in entity 0.
66  $sql .= ' ORDER BY entity DESC';
67 
68  $resql = $db->query($sql);
69  if ($resql)
70  {
71  $obj = $db->fetch_object($resql);
72  if ($obj)
73  {
74  $now = dol_now();
75  if ($obj->datestartvalidity && $db->jdate($obj->datestartvalidity) > $now) {
76  // Load translation files required by the page
77  $langs->loadLangs(array('main', 'errors'));
78  $_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
79  return '--bad-login-validity--';
80  }
81  if ($obj->dateendvalidity && $db->jdate($obj->dateendvalidity) < dol_get_first_hour($now)) {
82  // Load translation files required by the page
83  $langs->loadLangs(array('main', 'errors'));
84  $_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
85  return '--bad-login-validity--';
86  }
87 
88  $passclear = $obj->pass;
89  $passcrypted = $obj->pass_crypted;
90  $passtyped = $passwordtotest;
91 
92  $passok = false;
93 
94  // Check crypted password
95  $cryptType = '';
96  if (!empty($conf->global->DATABASE_PWD_ENCRYPTED)) $cryptType = $conf->global->DATABASE_PWD_ENCRYPTED;
97 
98  // By default, we use default setup for encryption rule
99  if (!in_array($cryptType, array('auto'))) $cryptType = 'auto';
100  // Check crypted password according to crypt algorithm
101  if ($cryptType == 'auto')
102  {
103  if (dol_verifyHash($passtyped, $passcrypted, '0'))
104  {
105  $passok = true;
106  dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - ".$cryptType." of pass is ok");
107  }
108  }
109 
110  // For compatibility with very old versions
111  if (!$passok)
112  {
113  if ((!$passcrypted || $passtyped)
114  && ($passclear && ($passtyped == $passclear)))
115  {
116  $passok = true;
117  dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - found pass in database");
118  }
119  }
120 
121  // Password ok ?
122  if ($passok)
123  {
124  $login = $obj->login;
125  } else {
126  sleep(2); // Anti brut force protection
127  dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentication KO bad password for '".$usertotest."', cryptType=".$cryptType, LOG_NOTICE);
128 
129  // Load translation files required by the page
130  $langs->loadLangs(array('main', 'errors'));
131 
132  $_SESSION["dol_loginmesg"] = $langs->trans("ErrorBadLoginPassword");
133  }
134 
135  // We must check entity
136  if ($passok && !empty($conf->multicompany->enabled)) // We must check entity
137  {
138  global $mc;
139 
140  if (!isset($mc)) $conf->multicompany->enabled = false; // Global not available, disable $conf->multicompany->enabled for safety
141  else {
142  $ret = $mc->checkRight($obj->rowid, $entitytotest);
143  if ($ret < 0)
144  {
145  dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentication KO entity '".$entitytotest."' not allowed for user '".$obj->rowid."'", LOG_NOTICE);
146  $login = ''; // force authentication failure
147  }
148  }
149  }
150  } else {
151  dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentication KO user not found for '".$usertotest."'", LOG_NOTICE);
152  sleep(1);
153 
154  // Load translation files required by the page
155  $langs->loadLangs(array('main', 'errors'));
156 
157  $_SESSION["dol_loginmesg"] = $langs->trans("ErrorBadLoginPassword");
158  }
159  } else {
160  dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentication KO db error for '".$usertotest."' error=".$db->lasterror(), LOG_ERR);
161  sleep(1);
162  $_SESSION["dol_loginmesg"] = $db->lasterror();
163  }
164  }
165 
166  return $login;
167 }
dol_now
dol_now($mode= 'auto')
Return date for now.
Definition: functions.lib.php:2288
dol_verifyHash
dol_verifyHash($chain, $hash, $type= '0')
Compute a hash and compare it to the given one For backward compatibility reasons, if the hash is not in the password_hash format, we will try to match against md5 and sha1md5 If constant MAIN_SECURITY_HASH_ALGO is defined, we use this function as hashing function.
Definition: security.lib.php:149
dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename= '', $restricttologhandler= '', $logcontext=null)
Write log message into outputs.
Definition: functions.lib.php:1208
dol_get_first_hour
dol_get_first_hour($date, $gm= 'tzserver')
Return GMT time for first hour of a given GMT date (it removes hours, min and second part) ...
Definition: date.lib.php:538
check_user_password_dolibarr
check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotest=1)
Check validity of user/password/entity If test is ko, reason must be filled into $_SESSION[&quot;dol_login...
Definition: functions_dolibarr.php:36
$resql
if(!empty($conf->facture->enabled)&&$user->rights->facture->lire) if((!empty($conf->fournisseur->enabled)&&empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD)||!empty($conf->supplier_invoice->enabled))&&$user->rights->fournisseur->facture->lire) if(!empty($conf->don->enabled)&&$user->rights->don->lire) if(!empty($conf->tax->enabled)&&$user->rights->tax->charges->lire) if(!empty($conf->facture->enabled)&&!empty($conf->commande->enabled)&&$user->rights->commande->lire &&empty($conf->global->WORKFLOW_DISABLE_CREATE_INVOICE_FROM_ORDER)) if(!empty($conf->facture->enabled)&&$user->rights->facture->lire) if((!empty($conf->fournisseur->enabled)&&empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD)||!empty($conf->supplier_invoice->enabled))&&$user->rights->fournisseur->facture->lire) $resql
Social contributions to pay.
Definition: index.php:1232
Generated on Sat Aug 23 2025 13:17:21 for dolibarr by Doxygen 1.8.5