Security: Remove, from memory, database password just after creating database...

Security: Remove, from memory, database password just after creating database connexion (the only place we need it).

Security: Remove, from memory, database password just after creating database...
04e84bd0 · Laurent Destailleur · 6e5eb9cc · 04e84bd0 · 04e84bd0 · 04e84bd0
Commit 04e84bd0 authored 16 years ago by Laurent Destailleur
--- a/htdocs/admin/system/index.php
+++ b/htdocs/admin/system/index.php
@@ -89,10 +89,10 @@ print "<tr $bc[0]><td width=\"280\">".$langs->trans("Version")."</td><td>" . $db
 print "<tr $bc[1]><td>".$langs->trans("DatabaseServer")."</td><td>" . $conf->db->host . "</td></tr>\n";
 print "<tr $bc[0]><td>".$langs->trans("DatabaseName")."</td><td>" . $conf->db->name . "</td></tr>\n";
 print "<tr $bc[1]><td>".$langs->trans("DriverType")."</td><td>" . $conf->db->type . "</td></tr>\n";
-print "<tr $bc[0]><td>".$langs->trans("User")."</td><td>" . $conf->db->user . "&nbsp;</td></tr>\n";
+print "<tr $bc[0]><td>".$langs->trans("User")."</td><td>" . $conf->db->user . "</td></tr>\n";
-print "<tr $bc[1]><td>".$langs->trans("Password")."</td><td>" . ereg_replace(".","*",$conf->db->pass) . "&nbsp;</td></tr>\n";
+print "<tr $bc[1]><td>".$langs->trans("Password")."</td><td>" . $langs->trans("NotAvailable") . "</td></tr>\n";
-print "<tr $bc[0]><td>".$langs->trans("DBStoringCharset")."</td><td>" . $db->getDefaultCharacterSetDatabase() . "&nbsp;</td></tr>\n";
+print "<tr $bc[0]><td>".$langs->trans("DBStoringCharset")."</td><td>" . $db->getDefaultCharacterSetDatabase() . "</td></tr>\n";
-print "<tr $bc[1]><td>".$langs->trans("DBSortingCharset")."</td><td>" . $db->getDefaultCollationDatabase() . "&nbsp;</td></tr>\n";
+print "<tr $bc[1]><td>".$langs->trans("DBSortingCharset")."</td><td>" . $db->getDefaultCollationDatabase() . "</td></tr>\n";
 print '</table>';
 print '<br>';

--- a/htdocs/fourn/product/liste.php
+++ b/htdocs/fourn/product/liste.php
 <?php
 /* Copyright (C) 2001-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2006 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2004-2008 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2005-2007 Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
@@ -16,16 +16,13 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
- * $Source$
 */
 /**
 		\file       htdocs/fourn/product/liste.php
 		\ingroup    produit
 		\brief      Page liste des produits ou services
-		\version    $Revision$
+		\version    $Id$
 */
 require("./pre.inc.php");
@@ -75,6 +72,12 @@ if (isset($_REQUEST['catid']))
 $title=$langs->trans("ProductsAndServices");
+if ($fourn_id)
+{
+	$supplier = new Fournisseur($db);
+	$supplier->fetch($fourn_id);
+}
 $sql = "SELECT p.rowid, p.label, p.ref, p.fk_product_type";
 $sql .= ", pf.fk_soc, pf.ref_fourn";
 $sql .= ", min(ppf.price) as price";
@@ -143,9 +146,12 @@ if ($resql)
 		exit;
 	}
-	$texte = $langs->trans("List");
+	if (! empty($supplier->id)) $texte = $langs->trans("ListOfSupplierProductForSupplier",$supplier->nom);
+	else $texte = $langs->trans("List"); 
 	llxHeader("","",$texte);
 	$param="&envente=$envente&sref=$sref&snom=$snom&fourn_id=$fourn_id".(isset($type)?"&amp;type=$type":"");
 	print_barre_liste($texte, $page, "liste.php", $param, $sortfield, $sortorder,'',$num);

--- a/htdocs/install/etape1.php
+++ b/htdocs/install/etape1.php
@@ -285,7 +285,7 @@ if ($_POST["action"] == "set")
 		{
 			dolibarr_install_syslog("etape1: Creation de l'utilisateur: ".$dolibarr_main_db_user);
-			//print $conf->db->host." , ".$conf->db->name." , ".$conf->db->user." , ".$conf->db->pass." , ".$conf->db->port;
+			//print $conf->db->host." , ".$conf->db->name." , ".$conf->db->user." , ".$conf->db->port;
 			$databasefortest=$conf->db->name;
 			if ($conf->db->type == 'mysql' || $conf->db->type == 'mysqli')
 			{
@@ -502,7 +502,7 @@ if ($_POST["action"] == "set")
 				print "</td></tr>";
 				// Affiche aide diagnostique
-				print '<tr><td colspan="2"><br>Le serveur "<b>'.$conf->db->host.'</b>", nom de base "<b>'.$conf->db->name.'</b>", login "<b>'.$conf->db->user.'</b>", ou mot de passe <b>"'.$conf->db->pass.'</b>" de la base de donne est peut-tre incorrect ou la version du client PHP trop ancienne par rapport  la version de la base de donne.<br>';
+				print '<tr><td colspan="2"><br>Le serveur "<b>'.$conf->db->host.'</b>", nom de base "<b>'.$conf->db->name.'</b>", login "<b>'.$conf->db->user.'</b>", ou mot de passe de la base de donne est peut-tre incorrect ou la version du client PHP trop ancienne par rapport  la version de la base de donne.<br>';
 				print 'Si le login n\'existe pas encore, vous devez cocher l\'option "Crer l\'utilisateur".<br>';
 				print $langs->trans("ErrorGoBackAndCorrectParameters").'<br><br>';
 				print '</td></tr>';

--- a/htdocs/langs/en_US/suppliers.lang
+++ b/htdocs/langs/en_US/suppliers.lang
@@ -31,3 +31,4 @@ AddCustomerOrder=Create customer order
 AddCustomerInvoice=Create customer invoice
 AddSupplierOrder=Create supplier order
 AddSupplierInvoice=Create supplier invoice
+ListOfSupplierProductForSupplier=List of products and prices for supplier <b>%s</b>
\ No newline at end of file
--- a/htdocs/langs/fr_FR/suppliers.lang
+++ b/htdocs/langs/fr_FR/suppliers.lang
@@ -31,3 +31,4 @@ AddCustomerOrder=Cr
 AddCustomerInvoice=Créer facture/avoir client
 AddSupplierOrder=Créer commande fournisseur
 AddSupplierInvoice=Créer facture fournisseur
+ListOfSupplierProductForSupplier=Liste des produits et prix du fournisseurs <b>%s</b>
\ No newline at end of file
--- a/htdocs/master.inc.php
+++ b/htdocs/master.inc.php
@@ -181,6 +181,9 @@ if (! defined('NOREQUIREDB'))
 		exit;   
 	}
 }
+// Now database connexion is known we can forget password
+$dolibarr_main_db_pass='';
+$conf->db->pass='';
 /*
 * Creation objet $user

--- a/htdocs/public/bplc/bplc.php
+++ b/htdocs/public/bplc/bplc.php
@@ -14,36 +14,19 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
 */
-/*
+/**
- * Gestion du retour du syst�me de Cyberpaiement
+ * 	\brief		Gestion du retour du systeme de Cyberpaiement
- * Cette page est appell�e par le serveur de la BPLC lors de l'utilisation
+ * 				Cette page est appellee par le serveur de la BPLC lors de l'utilisation
- * su syst�me RSTS
+ * 				au systeme RSTS
- *
+ * 	\version	$Id$
 */
-require("../../conf/conf.class.php");
+require("../../main.inc.php");
-require("./retourbplc.class.php");
+require_once(DOL_DOCUMENT_ROOT."/public/bplc/retourbplc.class.php");
-require("../../don.class.php");
+require_once(DOL_DOCUMENT_ROOT."/don.class.php");
-$conf = new Conf();
-$conf->db->type = $dolibarr_main_db_type;
-$conf->db->port = $dolibarr_main_db_port;
-$conf->db->host = $dolibarr_main_db_host;
-$conf->db->name = $dolibarr_main_db_name;
-$conf->db->user = $dolibarr_main_db_user;
-$conf->db->pass = $dolibarr_main_db_pass;
-// Si type non d�fini (pour compatibilit� avec ancienne install), on
-// travail avec mysql
-if (! $conf->db->type) { $conf->db->type = 'mysql'; }
-require_once(DOL_DOCUMENT_ROOT ."/lib/".$dolibarr_main_db_type.".lib.php");
-$db = new DoliDb($conf->db->type,$conf->db->host,$conf->db->user,$conf->db->pass,$conf->db->name,$conf->db->port);
 $retbplc = new Retourbplc($db);

--- a/scripts/adherents/sync_member_dolibarr2ldap.php
+++ b/scripts/adherents/sync_member_dolibarr2ldap.php
 <?PHP
 /* Copyright (C) 2005      Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2006 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2006-2008 Laurent Destailleur  <eldy@users.sourceforge.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -15,8 +15,6 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
 */
 /**
@@ -65,7 +63,6 @@ print "type=".$conf->db->type."\n";
 print "host=".$conf->db->host."\n";
 print "port=".$conf->db->port."\n";
 print "login=".$conf->db->user."\n";
-print "pass=".eregi_replace('.','*',$conf->db->pass)."\n";
 print "database=".$conf->db->name."\n";
 print "\n";
 print "----- To LDAP database:\n";

--- a/scripts/adherents/sync_member_ldap2dolibarr.php
+++ b/scripts/adherents/sync_member_ldap2dolibarr.php
@@ -76,7 +76,6 @@ print "type=".$conf->db->type."\n";
 print "host=".$conf->db->host."\n";
 print "port=".$conf->db->port."\n";
 print "login=".$conf->db->user."\n";
-print "pass=".eregi_replace('.','*',$conf->db->pass)."\n";
 print "database=".$conf->db->name."\n";
 print "\n";
 print "Press a key to confirm...\n";