diff --git a/htdocs/cashdesk/class/Auth.class.php b/htdocs/cashdesk/class/Auth.class.php
index 53c3d0cae32df2bde3658d8401e8e692c863e3e7..fed4771d528bd3ee7ea4d4024a64794515cb7f4e 100644
--- a/htdocs/cashdesk/class/Auth.class.php
+++ b/htdocs/cashdesk/class/Auth.class.php
@@ -56,102 +56,82 @@ class Auth {
}
- /**
- * Authentification d'un demandeur
- * @return (int) 0 = Ok; -1 = login incorrect; -2 = login ok, mais compte desactive; -10 = aucune entree trouvee dans la base
- */
- function verif_utilisateurs () {
-
- global $conf;
-
- // Verification des informations dans la base
- $resql = $this->db->query ($this->sqlQuery);
- if ($resql)
- {
- $num = $this->db->num_rows ($resql);
-
- if ( $num ) {
-
- // fetchFirst
- $ret=array();
- $tab = $this->db->fetch_array($resql);
- foreach ( $tab as $cle => $valeur )
- {
- $ret[$cle] = $valeur;
- }
- $tab=$ret;
-
- if ( ($tab['pass_crypted'] == md5 ($this->passwd)) || (($tab['pass'] == $this->passwd) && ($tab['pass'] != ''))) {
-
- // On verifie que le compte soit bien actif
- if ( $tab['statut'] ) {
-
- $this->reponse(0);
-
- } else {
-
- $this->reponse(-2);
-
- }
-
- } else {
-
- $this->reponse(-1);
-
- }
-
- } else {
-
- $this->reponse(-10);
-
- }
- }
- else
- {
-
- }
-
- }
-
- function verif ($aLogin, $aPasswd) {
- global $conf;
-
- $this->login ($aLogin);
- $this->passwd ($aPasswd);
-
- $this->sqlQuery = "SELECT rowid, pass_crypted, statut";
- $this->sqlQuery.= " FROM ".MAIN_DB_PREFIX."user";
- $this->sqlQuery.= " WHERE login = '".$this->login."'";
- $this->sqlQuery.= " AND entity IN (0,".$conf->entity.")";
-
- $this->verif_utilisateurs();
-
- switch ($this->reponse) {
-
- default:
- $ret = '-1';
- break;
-
- case 0:
- $ret = '0';
- break;
-
- case -1:
- $ret = '-1';
- break;
-
- case -2:
- $ret = '-2';
- break;
-
- case -10:
- $ret = '-10';
- break;
-
- }
+ function verif ($aLogin, $aPasswd)
+ {
+ global $conf,$dolibarr_main_authentication,$langs;
+
+ $ret=-1;
+
+ $login='';
+
+ // Authentication mode
+ if (empty($dolibarr_main_authentication)) $dolibarr_main_authentication='http,dolibarr';
+ // Authentication mode: forceuser
+ if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) $dolibarr_auto_user='auto';
+
+ // Set authmode
+ $authmode=explode(',',$dolibarr_main_authentication);
+
+ // No authentication mode
+ if (! sizeof($authmode) && empty($conf->login_method_modules))
+ {
+ $langs->load('main');
+ dol_print_error('',$langs->trans("ErrorConfigParameterNotDefined",'dolibarr_main_authentication'));
+ exit;
+ }
+
+
+ $test=true;
+
+ // Validation of third party module login method
+ if (is_array($conf->login_method_modules) && !empty($conf->login_method_modules))
+ {
+ include_once(DOL_DOCUMENT_ROOT . "/lib/security.lib.php");
+ $login = getLoginMethod();
+ if ($login) $test=false;
+ }
+
+ // Validation tests user / password
+ // If ok, the variable will be initialized login
+ // If error, we will put error message in session under the name dol_loginmesg
+ $goontestloop=false;
+ if (isset($_SERVER["REMOTE_USER"]) && in_array('http',$authmode)) $goontestloop=true;
+ if (isset($aLogin) || GETPOST('openid_mode','alpha',1)) $goontestloop=true;
+
+ if ($test && $goontestloop)
+ {
+ foreach($authmode as $mode)
+ {
+ if ($test && $mode && ! $login)
+ {
+ $authfile=DOL_DOCUMENT_ROOT.'/includes/login/functions_'.$mode.'.php';
+ $result=include_once($authfile);
+ if ($result)
+ {
+ $this->login ($aLogin);
+ $this->passwd ($aPasswd);
+ $entitytotest=$conf->entity;
+
+ $function='check_user_password_'.$mode;
+ $login=$function($aLogin,$aPasswd,$entitytotest);
+ if ($login) // Login is successfull
+ {
+ $test=false;
+ $dol_authmode=$mode; // This properties is defined only when logged to say what mode was successfully used
+ $ret=0;
+ }
+ }
+ else
+ {
+ dol_syslog("Authentification ko - failed to load file '".$authfile."'",LOG_ERR);
+ sleep(1);
+ $ret=-1;
+ }
+ }
+ }
+ }
return $ret;
-
}
}
diff --git a/htdocs/cashdesk/css/style.css b/htdocs/cashdesk/css/style.css
index 821e6caa9fa80650fb0db0df84013a414dc4f914..ea193978fe62b2238b45756f2729116d7ccdaf65 100644
--- a/htdocs/cashdesk/css/style.css
+++ b/htdocs/cashdesk/css/style.css
@@ -23,7 +23,7 @@ body {
margin: 0;
padding: 0;
text-align: center;
- font: 0.7em Arial, Helvetica, sans-serif;
+ font: 0.7em verdana, arial, helvetica;
}
p {
@@ -274,9 +274,10 @@ p.titre {
position: absolute;
}
-/* --------------------- Listes d�roulantes ------------------- */
+/* --------------------- Combo lists ------------------- */
.select_design {
width: 370px;
+ font-size: 12px verdana,arial,helvetica
overflow: auto;
}
diff --git a/htdocs/cashdesk/index.php b/htdocs/cashdesk/index.php
index d41b63ba3a4bc505282a02bafd1204ebe427b899..cd5eb312ed5aea1fee401d4c140436f1a5ccb6bd 100644
--- a/htdocs/cashdesk/index.php
+++ b/htdocs/cashdesk/index.php
@@ -1,6 +1,7 @@
<?php
-/* Copyright (C) 2007-2008 Jeremie Ollivier <jeremie.o@laposte.net>
- * Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
+/* Copyright (C) 2007-2008 Jeremie Ollivier <jeremie.o@laposte.net>
+ * Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
+ * Copyright (C) 2011 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -67,7 +68,7 @@ top_htmlhead('','',0,0,'',$arrayofcss);
<div class="principal_login">
<?php if (! empty($_GET["err"])) print $_GET["err"]."<br><br>\n"; ?>
<fieldset class="cadre_facturation"><legend class="titre1"><?php echo $langs->trans("Identification"); ?></legend>
-<form id="frmLogin" method="post" action="index_verif.php">
+<form id="frmLogin" method="POST" action="index_verif.php">
<input type="hidden" name="token" value="<?php echo $_SESSION['newtoken']; ?>" />
<table>
@@ -87,7 +88,7 @@ print '<td>';
$disabled=0;
$langs->load("companies");
if (! empty($conf->global->CASHDESK_ID_THIRDPARTY)) $disabled=1; // If a particular third party is defined, we disable choice
-$form->select_societes($conf->global->CASHDESK_ID_THIRDPARTY,'socid','s.client=1',!$disabled,$disabled,1);
+$form->select_societes(GETPOST('socid')?GETPOST('socid'):$conf->global->CASHDESK_ID_THIRDPARTY,'socid','s.client=1',!$disabled,$disabled,1);
//print '<input name="warehouse_id" class="texte_login" type="warehouse_id" value="" />';
print '</td>';
print "</tr>\n";
@@ -100,7 +101,7 @@ if ($conf->stock->enabled)
print '<td>';
$disabled=0;
if (! empty($conf->global->CASHDESK_ID_WAREHOUSE)) $disabled=1; // If a particular stock is defined, we disable choice
- $formproduct->selectWarehouses($conf->global->CASHDESK_ID_WAREHOUSE,'warehouseid','',!$disabled,$disabled);
+ $formproduct->selectWarehouses(GETPOST('warehouseid')?GETPOST('warehouseid'):$conf->global->CASHDESK_ID_WAREHOUSE,'warehouseid','',!$disabled,$disabled);
//print '<input name="warehouse_id" class="texte_login" type="warehouse_id" value="" />';
print '</td>';
print "</tr>\n";
diff --git a/htdocs/cashdesk/index_verif.php b/htdocs/cashdesk/index_verif.php
index 16bc2672b28d1a381561dee7e06791e1f73ab8ce..a69f770d42fbed778e1db52f8dbed6b006d4c67d 100644
--- a/htdocs/cashdesk/index_verif.php
+++ b/htdocs/cashdesk/index_verif.php
@@ -38,14 +38,14 @@ $warehouseid = (GETPOST("warehouseid")!='')?GETPOST("warehouseid"):$conf->global
if (empty($username))
{
$retour=$langs->trans("ErrorFieldRequired",$langs->transnoentities("Login"));
- header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username);
+ header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username.'&socid='.$thirdpartyid.'&warehouseid='.$warehouseid);
exit;
}
// Check third party id
if (! ($thirdpartyid > 0))
{
$retour=$langs->trans("ErrorFieldRequired",$langs->transnoentities("CashDeskThirdPartyForSell"));
- header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username);
+ header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username.'&socid='.$thirdpartyid.'&warehouseid='.$warehouseid);
exit;
}
@@ -53,7 +53,7 @@ if (! ($thirdpartyid > 0))
if ($conf->stock->enabled && $conf->global->STOCK_CALCULATE_ON_BILL && ! ($warehouseid > 0))
{
$retour=$langs->trans("CashDeskSetupStock");
- header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username);
+ header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username.'&socid='.$thirdpartyid.'&warehouseid='.$warehouseid);
exit;
}
@@ -61,7 +61,7 @@ if (! empty($_POST['txtUsername']) && $conf->banque->enabled && (empty($conf_fka
{
$langs->load("errors");
$retour=$langs->trans("ErrorModuleSetupNotComplete");
- header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username);
+ header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username.'&socid='.$thirdpartyid.'&warehouseid='.$warehouseid);
exit;
}
@@ -112,7 +112,7 @@ else
$langs->load("errors");
$langs->load("other");
$retour=$langs->trans("ErrorBadLoginPassword");
- header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username);
+ header ('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username.'&socid='.$thirdpartyid.'&warehouseid='.$warehouseid);
exit;
}
diff --git a/htdocs/includes/login/functions_dolibarr.php b/htdocs/includes/login/functions_dolibarr.php
index 6ef452e32e84be19c937983fe0cbfbcf647c337d..f15204c6afb79ce65dbd1e6d71034261ba0f8eef 100644
--- a/htdocs/includes/login/functions_dolibarr.php
+++ b/htdocs/includes/login/functions_dolibarr.php
@@ -26,20 +26,21 @@
/**
- * \brief Check user and password
- * \param usertotest Login
- * \param passwordtotest Password
- * \return string Login if ok, '' if ko.
+ * Check user and password
+ * @param usertotest Login
+ * @param passwordtotest Password
+ * @param entitytotest Entity
+ * @return string Login if ok, '' if ko.
*/
-function check_user_password_dolibarr($usertotest,$passwordtotest)
+function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest=1)
{
- global $_POST,$db,$conf,$langs;
+ global $db,$conf,$langs;
dol_syslog("functions_dolibarr::check_user_password_dolibarr usertotest=".$usertotest);
$login='';
- if (! empty($_POST["username"]))
+ if (! empty($usertotest))
{
// If test username/password asked, we define $test=false and $login var if ok, set $_SESSION["dol_loginmesg"] if ko
$table = MAIN_DB_PREFIX."user";
@@ -48,8 +49,8 @@ function check_user_password_dolibarr($usertotest,$passwordtotest)
$sql ='SELECT pass, pass_crypted';
$sql.=' FROM '.$table;
- $sql.=' WHERE '.$usernamecol." = '".$db->escape($_POST["username"])."'";
- $sql.=' AND '.$entitycol." IN (0," . ($_POST["entity"] ? $_POST["entity"] : 1) . ")";
+ $sql.=' WHERE '.$usernamecol." = '".$db->escape($usertotest)."'";
+ $sql.=' AND '.$entitycol." IN (0," . ($entitytotest ? $entitytotest : 1) . ")";
dol_syslog("functions_dolibarr::check_user_password_dolibarr sql=".$sql);
$resql=$db->query($sql);
@@ -60,7 +61,7 @@ function check_user_password_dolibarr($usertotest,$passwordtotest)
{
$passclear=$obj->pass;
$passcrypted=$obj->pass_crypted;
- $passtyped=$_POST["password"];
+ $passtyped=$passwordtotest;
$passok=false;
@@ -93,11 +94,11 @@ function check_user_password_dolibarr($usertotest,$passwordtotest)
// Password ok ?
if ($passok)
{
- $login=$_POST["username"];
+ $login=$usertotest;
}
else
{
- dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko bad password pour '".$_POST["username"]."'");
+ dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko bad password pour '".$usertotest."'");
sleep(1);
$langs->load('main');
$langs->load('other');
@@ -106,7 +107,7 @@ function check_user_password_dolibarr($usertotest,$passwordtotest)
}
else
{
- dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko user not found for '".$_POST["username"]."'");
+ dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko user not found for '".$usertotest."'");
sleep(1);
$langs->load('main');
$langs->load('other');
@@ -115,7 +116,7 @@ function check_user_password_dolibarr($usertotest,$passwordtotest)
}
else
{
- dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko db error for '".$_POST["username"]."' error=".$db->lasterror());
+ dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko db error for '".$usertotest."' error=".$db->lasterror());
sleep(1);
$_SESSION["dol_loginmesg"]=$db->lasterror();
}
diff --git a/htdocs/langs/fr_FR/cashdesk.lang b/htdocs/langs/fr_FR/cashdesk.lang
index 96167e01f5178bbbd8f54db9fa420379fc3362ed..e3bd984fb3c4e07a564bd8d7d18cd0c4516f62aa 100755
--- a/htdocs/langs/fr_FR/cashdesk.lang
+++ b/htdocs/langs/fr_FR/cashdesk.lang
@@ -30,4 +30,4 @@ Difference=Difference
TotalTicket=Total ticket
Change=Trop perçu
CalTip=Cliquez pour afficher le calendrier
-CashDeskSetupStock=Le conf. diminue le stock lors la création de factures, mais vous ne spécifiez pas entrepôt .<br>Vous devez modifier la conf. du module de stock, ou vous choisissez un entrepôt
\ No newline at end of file
+CashDeskSetupStock=La configuration du module stock demande une réduction du stock sur facturation, mais vous n'avez pas spécifiez d'entrepôt. Vous devez modifier la configuration du module stock ou choisir un entrepôt.
\ No newline at end of file
diff --git a/htdocs/lib/security.lib.php b/htdocs/lib/security.lib.php
index c066c1c779e91a7ae6be7b5256399764ce00d274..f15a87e971190be919873ee4fea5952c4059e638 100644
--- a/htdocs/lib/security.lib.php
+++ b/htdocs/lib/security.lib.php
@@ -26,8 +26,9 @@
/**
- * Return list of login methods provided by external third party modules.
- * @return array
+ * Return a login if login/pass was successfull using an external login method
+ * @return string Login or ''
+ * TODO Provide usertotest, passwordtotest and entitytotest by parameters
*/
function getLoginMethod()
{
@@ -56,8 +57,9 @@ function getLoginMethod()
// Call function to check user/password
$usertotest=$_POST["username"];
$passwordtotest=$_POST["password"];
+ $entitytotest=$_POST["entity"];
$function='check_user_password_'.$mode;
- $login=$function($usertotest,$passwordtotest);
+ $login=$function($usertotest,$passwordtotest,$entitytotest);
if ($login)
{
$conf->authmode=$mode; // This properties is defined only when logged
@@ -543,7 +545,7 @@ function dol_efc_config()
function getRandomPassword()
{
global $db,$conf,$langs,$user;
-
+
$generated_password='';
if ($conf->global->USER_PASSWORD_GENERATED)
{
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 55ae5fef8914d28f16fd7c853a8da2c1f297046e..86ba359b02804dfbd7785f1aabad524c2058db04 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -400,7 +400,7 @@ if (! defined('NOLOGIN'))
}
}
- // Validation of third party module login method
+ // Validation of login with a third party login module method
if (is_array($conf->login_method_modules) && !empty($conf->login_method_modules))
{
include_once(DOL_DOCUMENT_ROOT . "/lib/security.lib.php");
@@ -428,8 +428,9 @@ if (! defined('NOLOGIN'))
// Call function to check user/password
$usertotest=$_POST["username"];
$passwordtotest=$_POST["password"];
+ $entitytotest=$_POST["entity"];
$function='check_user_password_'.$mode;
- $login=$function($usertotest,$passwordtotest);
+ $login=$function($usertotest,$passwordtotest,$entitytotest);
if ($login) // Login is successfull
{
$test=false;