dolibarr  x.y.z
passwordreset.tpl.php
1 <?php
2 /* Copyright (C) 2022 Laurent Destailleur <eldy@users.sourceforge.net>
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 3 of the License, or
7  * (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program. If not, see <https://www.gnu.org/licenses/>.
16  */
17 
18 // To show this page, we need parameters: setnewpassword=1&username=...&passworduidhash=...
19 
20 if (!defined('NOBROWSERNOTIF')) {
21  define('NOBROWSERNOTIF', 1);
22 }
23 
24 // Protection to avoid direct call of template
25 if (empty($conf) || !is_object($conf)) {
26  print "Error, template page can't be called as URL";
27  exit;
28 }
29 
30 // DDOS protection
31 $size = (int) $_SERVER['CONTENT_LENGTH'];
32 if ($size > 10000) {
33  $langs->loadLangs(array("errors", "install"));
34  httponly_accessforbidden('<center>'.$langs->trans("ErrorRequestTooLarge").'<br><a href="'.DOL_URL_ROOT.'">'.$langs->trans("ClickHereToGoToApp").'</a></center>', 413, 1);
35 }
36 
37 require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
38 
39 header('Cache-Control: Public, must-revalidate');
40 header("Content-type: text/html; charset=".$conf->file->character_set_client);
41 
42 if (GETPOST('dol_hide_topmenu')) {
43  $conf->dol_hide_topmenu = 1;
44 }
45 if (GETPOST('dol_hide_leftmenu')) {
46  $conf->dol_hide_leftmenu = 1;
47 }
48 if (GETPOST('dol_optimize_smallscreen')) {
49  $conf->dol_optimize_smallscreen = 1;
50 }
51 if (GETPOST('dol_no_mouse_hover')) {
52  $conf->dol_no_mouse_hover = 1;
53 }
54 if (GETPOST('dol_use_jmobile')) {
55  $conf->dol_use_jmobile = 1;
56 }
57 
58 // If we force to use jmobile, then we reenable javascript
59 if (!empty($conf->dol_use_jmobile)) {
60  $conf->use_javascript_ajax = 1;
61 }
62 
63 $php_self = $_SERVER['PHP_SELF'];
64 $php_self .= dol_escape_htmltag($_SERVER["QUERY_STRING"]) ? '?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]) : '';
65 $php_self = str_replace('action=validatenewpassword', '', $php_self);
66 
67 $titleofpage = $langs->trans('ResetPassword');
68 
69 // Javascript code on logon page only to detect user tz, dst_observed, dst_first, dst_second
70 $arrayofjs = array();
71 
72 $disablenofollow = 1;
73 if (!preg_match('/'.constant('DOL_APPLICATION_TITLE').'/', $title)) {
74  $disablenofollow = 0;
75 }
76 if (!empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) {
77  $disablenofollow = 0;
78 }
79 
80 top_htmlhead('', $titleofpage, 0, 0, $arrayofjs, array(), 1, $disablenofollow);
81 
82 
83 $colorbackhmenu1 = '60,70,100'; // topmenu
84 if (!isset($conf->global->THEME_ELDY_TOPMENU_BACK1)) {
85  $conf->global->THEME_ELDY_TOPMENU_BACK1 = $colorbackhmenu1;
86 }
87 $colorbackhmenu1 = empty($user->conf->THEME_ELDY_ENABLE_PERSONALIZED) ? (empty($conf->global->THEME_ELDY_TOPMENU_BACK1) ? $colorbackhmenu1 : $conf->global->THEME_ELDY_TOPMENU_BACK1) : (empty($user->conf->THEME_ELDY_TOPMENU_BACK1) ? $colorbackhmenu1 : $user->conf->THEME_ELDY_TOPMENU_BACK1);
88 $colorbackhmenu1 = join(',', colorStringToArray($colorbackhmenu1)); // Normalize value to 'x,y,z'
89 
90 
91 $edituser = new User($db);
92 
93 
94 // Validate parameters
95 if ($setnewpassword && $username && $passworduidhash) {
96  $result = $edituser->fetch('', $username);
97  if ($result < 0) {
98  $message = '<div class="error">'.dol_escape_htmltag($langs->trans("ErrorTechnicalError")).'</div>';
99  } else {
100  global $dolibarr_main_instance_unique_id;
101 
102  //print $edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id.' '.$passworduidhash;
103  if ($edituser->pass_temp && dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id, $passworduidhash)) {
104  // Clear session
105  unset($_SESSION['dol_login']);
106 
107  // Parameters to reset the user are validated
108  } else {
109  $langs->load("errors");
110  $message = '<div class="error">'.$langs->trans("ErrorFailedToValidatePasswordReset").'</div>';
111  }
112  }
113 } else {
114  $langs->load("errors");
115  $message = '<div class="error">'.$langs->trans("ErrorFailedToValidatePasswordReset").'</div>';
116 }
117 
118 
119 ?>
120 <!-- BEGIN PHP TEMPLATE PASSWORDFORGOTTEN.TPL.PHP -->
121 
122 <body class="body bodylogin"<?php print empty($conf->global->MAIN_LOGIN_BACKGROUND) ? '' : ' style="background-size: cover; background-position: center center; background-attachment: fixed; background-repeat: no-repeat; background-image: url(\''.DOL_URL_ROOT.'/viewimage.php?cache=1&noalt=1&modulepart=mycompany&file='.urlencode('logos/'.$conf->global->MAIN_LOGIN_BACKGROUND).'\')"'; ?>>
123 
124 <?php if (empty($conf->dol_use_jmobile)) { ?>
125 <script>
126 $(document).ready(function () {
127  // Set focus on correct field
128  <?php if ($focus_element) {
129  ?>$('#<?php echo $focus_element; ?>').focus(); <?php
130  } ?> // Warning to use this only on visible element
131 });
132 </script>
133 <?php } ?>
134 
135 
136 <div class="login_center center"<?php print empty($conf->global->MAIN_LOGIN_BACKGROUND) ? ' style="background-size: cover; background-position: center center; background-attachment: fixed; background-repeat: no-repeat; background-image: linear-gradient(rgb('.$colorbackhmenu1.',0.3), rgb(240,240,240));"' : '' ?>>
137 <div class="login_vertical_align">
138 
139 <form id="login" name="login" method="POST" action="<?php echo $php_self; ?>">
140 <input type="hidden" name="token" value="<?php echo newToken(); ?>">
141 <input type="hidden" name="action" value="buildnewpassword">
142 
143 
144 <!-- Title with version -->
145 <div class="login_table_title center" title="<?php echo dol_escape_htmltag($title); ?>">
146 <?php
147 if (!empty($disablenofollow)) {
148  echo '<a class="login_table_title" href="https://www.dolibarr.org" target="_blank" rel="noopener noreferrer external">';
149 }
150 echo dol_escape_htmltag($title);
151 if (!empty($disablenofollow)) {
152  echo '</a>';
153 }
154 ?>
155 </div>
156 
157 
158 
159 <div class="login_table">
160 
161 <div id="login_line1">
162 
163 <div id="login_left">
164 <img alt="" title="" src="<?php echo $urllogo; ?>" id="img_logo" />
165 </div>
166 
167 <br>
168 
169 <div id="login_right">
170 
171 <div class="tagtable centpercent" title="Login pass" >
172 
173 <!-- New pass 1 -->
174 <div class="trinputlogin">
175 <div class="tagtd nowraponall center valignmiddle tdinputlogin">
176 <!-- <span class="span-icon-user">-->
177 <span class="fa fa-user"></span>
178 <input type="text" maxlength="255" placeholder="<?php echo $langs->trans("NewPassword"); ?>" <?php echo $disabled; ?> id="newpass1" name="newpass1" class="flat input-icon-user minwidth150" value="<?php echo dol_escape_htmltag($newpass1); ?>" tabindex="1" autofocus />
179 </div>
180 </div>
181 <div class="trinputlogin">
182 <div class="tagtd nowraponall center valignmiddle tdinputlogin">
183 <!-- <span class="span-icon-user">-->
184 <span class="fa fa-user"></span>
185 <input type="text" maxlength="255" placeholder="<?php echo $langs->trans("PasswordRetype"); ?>" <?php echo $disabled; ?> id="newpass2" name="newpass2" class="flat input-icon-user minwidth150" value="<?php echo dol_escape_htmltag($newpass2); ?>" tabindex="1" />
186 </div>
187 </div>
188 
189 
190 <?php
191 $captcha = 0;
192 if (!empty($captcha)) {
193  // Add a variable param to force not using cache (jmobile)
194  $php_self = preg_replace('/[&\?]time=(\d+)/', '', $php_self); // Remove param time
195  if (preg_match('/\?/', $php_self)) {
196  $php_self .= '&time='.dol_print_date(dol_now(), 'dayhourlog');
197  } else {
198  $php_self .= '?time='.dol_print_date(dol_now(), 'dayhourlog');
199  }
200  // TODO: provide accessible captcha variants
201  ?>
202  <!-- Captcha -->
203  <div class="trinputlogin">
204  <div class="tagtd tdinputlogin nowrap none valignmiddle">
205 
206  <span class="fa fa-unlock"></span>
207  <span class="nofa inline-block">
208  <input id="securitycode" placeholder="<?php echo $langs->trans("SecurityCode"); ?>" class="flat input-icon-security width125" type="text" maxlength="5" name="code" tabindex="3" autocomplete="off" />
209  </span>
210  <span class="nowrap inline-block">
211  <img class="inline-block valignmiddle" src="<?php echo DOL_URL_ROOT ?>/core/antispamimage.php" border="0" width="80" height="32" id="img_securitycode" />
212  <a class="inline-block valignmiddle" href="<?php echo $php_self; ?>" tabindex="4"><?php echo $captcha_refresh; ?></a>
213  </span>
214 
215  </div></div>
216  <?php
217 }
218 
219 if (!empty($morelogincontent)) {
220  if (is_array($morelogincontent)) {
221  foreach ($morelogincontent as $format => $option) {
222  if ($format == 'table') {
223  echo '<!-- Option by hook -->';
224  echo $option;
225  }
226  }
227  } else {
228  echo '<!-- Option by hook -->';
229  echo $morelogincontent;
230  }
231 }
232 ?>
233 
234 </div>
235 
236 </div> <!-- end div login_right -->
237 
238 </div> <!-- end div login_line1 -->
239 
240 
241 <div id="login_line2" style="clear: both">
242 
243 <!-- Button "Regenerate and Send password" -->
244 <br><input type="submit" <?php echo $disabled; ?> class="button small" name="button_password" value="<?php echo $langs->trans('Save'); ?>" tabindex="4" />
245 
246 <br>
247 <div class="center" style="margin-top: 15px;">
248  <?php
249  $moreparam = '';
250  if (!empty($conf->dol_hide_topmenu)) {
251  $moreparam .= (strpos($moreparam, '?') === false ? '?' : '&').'dol_hide_topmenu='.$conf->dol_hide_topmenu;
252  }
253  if (!empty($conf->dol_hide_leftmenu)) {
254  $moreparam .= (strpos($moreparam, '?') === false ? '?' : '&').'dol_hide_leftmenu='.$conf->dol_hide_leftmenu;
255  }
256  if (!empty($conf->dol_no_mouse_hover)) {
257  $moreparam .= (strpos($moreparam, '?') === false ? '?' : '&').'dol_no_mouse_hover='.$conf->dol_no_mouse_hover;
258  }
259  if (!empty($conf->dol_use_jmobile)) {
260  $moreparam .= (strpos($moreparam, '?') === false ? '?' : '&').'dol_use_jmobile='.$conf->dol_use_jmobile;
261  }
262 
263  print '<a class="alogin" href="'.$dol_url_root.'/index.php'.$moreparam.'">'.$langs->trans('BackToLoginPage').'</a>';
264  ?>
265 </div>
266 
267 </div>
268 
269 </div>
270 
271 </form>
272 
273 
274 <div class="center login_main_home divpasswordmessagedesc paddingtopbottom<?php echo empty($conf->global->MAIN_LOGIN_BACKGROUND) ? '' : ' backgroundsemitransparent boxshadow'; ?>" style="max-width: 70%">
275 <?php
276 if ($mode == 'dolibarr' || !$disabled) {
277  if (empty($message)) {
278  print '<span class="passwordmessagedesc opacitymedium">';
279  print $langs->trans('EnterNewPasswordHere');
280  print '</span>';
281  }
282 } else {
283  print '<div class="warning center">';
284  print $langs->trans('AuthenticationDoesNotAllowSendNewPassword', $mode);
285  print '</div>';
286 }
287 ?>
288 </div>
289 
290 
291 <br>
292 
293 <?php if (!empty($message)) { ?>
294  <div class="center login_main_message">
295  <?php dol_htmloutput_mesg($message, '', '', 1); ?>
296  </div>
297 <?php } ?>
298 
299 
300 <!-- Common footer is not used for passwordforgotten page, this is same than footer but inside passwordforgotten tpl -->
301 
302 <?php
303 if (!empty($conf->global->MAIN_HTML_FOOTER)) {
304  print $conf->global->MAIN_HTML_FOOTER;
305 }
306 
307 if (!empty($morelogincontent) && is_array($morelogincontent)) {
308  foreach ($morelogincontent as $format => $option) {
309  if ($format == 'js') {
310  echo "\n".'<!-- Javascript by hook -->';
311  echo $option."\n";
312  }
313  }
314 } elseif (!empty($moreloginextracontent)) {
315  echo '<!-- Javascript by hook -->';
316  echo $moreloginextracontent;
317 }
318 
319 // Google Analytics
320 // TODO Add a hook here
321 if (!empty($conf->google->enabled) && !empty($conf->global->MAIN_GOOGLE_AN_ID)) {
322  $tmptagarray = explode(',', $conf->global->MAIN_GOOGLE_AN_ID);
323  foreach ($tmptagarray as $tmptag) {
324  print "\n";
325  print "<!-- JS CODE TO ENABLE for google analtics tag -->\n";
326  print "
327  <!-- Global site tag (gtag.js) - Google Analytics -->
328  <script async src=\"https://www.googletagmanager.com/gtag/js?id=".trim($tmptag)."\"></script>
329  <script>
330  window.dataLayer = window.dataLayer || [];
331  function gtag(){dataLayer.push(arguments);}
332  gtag('js', new Date());
333 
334  gtag('config', '".trim($tmptag)."');
335  </script>";
336  print "\n";
337  }
338 }
339 
340 // TODO Replace this with a hook
341 // Google Adsense (need Google module)
342 if (!empty($conf->google->enabled) && !empty($conf->global->MAIN_GOOGLE_AD_CLIENT) && !empty($conf->global->MAIN_GOOGLE_AD_SLOT)) {
343  if (empty($conf->dol_use_jmobile)) {
344  ?>
345  <div class="center"><br>
346  <script><!--
347  google_ad_client = "<?php echo $conf->global->MAIN_GOOGLE_AD_CLIENT ?>";
348  google_ad_slot = "<?php echo $conf->global->MAIN_GOOGLE_AD_SLOT ?>";
349  google_ad_width = <?php echo $conf->global->MAIN_GOOGLE_AD_WIDTH ?>;
350  google_ad_height = <?php echo $conf->global->MAIN_GOOGLE_AD_HEIGHT ?>;
351  //-->
352  </script>
353  <script src="//pagead2.googlesyndication.com/pagead/show_ads.js"></script>
354  </div>
355  <?php
356  }
357 }
358 ?>
359 
360 
361 </div>
362 </div> <!-- end of center -->
363 
364 
365 </body>
366 </html>
367 <!-- END PHP TEMPLATE -->
User
Class to manage Dolibarr users.
Definition: user.class.php:45
colorStringToArray
colorStringToArray($stringcolor, $colorifnotfound=array(88, 88, 88))
Convert a string RGB value ('FFFFFF', '255,255,255') into an array RGB array(255,255,...
Definition: functions2.lib.php:2412
dol_escape_htmltag
dol_escape_htmltag($stringtoescape, $keepb=0, $keepn=0, $noescapetags='', $escapeonlyhtmltags=0)
Returns text escaped for inclusion in HTML alt or title tags, or into values of HTML input fields.
Definition: functions.lib.php:1476
dol_now
dol_now($mode='auto')
Return date for now.
Definition: functions.lib.php:2916
newToken
newToken()
Return the value of token currently saved into session with name 'newtoken'.
Definition: functions.lib.php:11192
GETPOST
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
Definition: functions.lib.php:517
dol_htmloutput_mesg
dol_htmloutput_mesg($mesgstring='', $mesgarray=array(), $style='ok', $keepembedded=0)
Print formated messages to output (Used to show messages on html output).
Definition: functions.lib.php:8580
top_htmlhead
top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs='', $arrayofcss='', $disableforlogin=0, $disablenofollow=0, $disablenoindex=0)
Ouput html header of a page.
Definition: main.inc.php:1530
type
if(preg_match('/crypted:/i', $dolibarr_main_db_pass)||!empty($dolibarr_main_db_encrypted_pass)) $conf db type
Definition: repair.php:119
name
$conf db name
Only used if Module[ID]Name translation string is not found.
Definition: repair.php:122
dol_verifyHash
dol_verifyHash($chain, $hash, $type='0')
Compute a hash and compare it to the given one For backward compatibility reasons,...
Definition: security.lib.php:254
httponly_accessforbidden
httponly_accessforbidden($message=1, $http_response_code=403, $stringalreadysanitized=0)
Show a message to say access is forbidden and stop program.
Definition: security.lib.php:1057
Generated on Wed Jan 4 2023 18:05:25 for dolibarr by Doxygen 1.9.1