--- /tmp/dsg/dolibarr/htdocs/core/modules/security/generate/github_19.0.3_modGeneratePassNone.class.php +++ /tmp/dsg/dolibarr/htdocs/core/modules/security/generate/client_modGeneratePassNone.class.php @@ -29 +29,2 @@ - * Class to generate a password according to rule 'no password' + * \class modGeneratePassNone + * \brief Class to generate a password according to rule 'no password' @@ -38,7 +38,0 @@ - public $picto = 'fa-keyboard'; - - /** - * Minimum length (text visible by end user) - * - * @var string - */ @@ -48,5 +42,8 @@ - * Minimum length in number of characters - * - * @var integer - */ - public $length2; + * @var DoliDB Database handler. + */ + public $db; + + public $conf; + public $lang; + public $user; + @@ -66 +62,0 @@ - $this->length2 = 0; @@ -77 +73 @@ - * @return string Description of text + * @return string Description of text @@ -88 +84 @@ - * @return string Example of password + * @return string Example of password @@ -98 +94 @@ - * @return string Return a new generated password + * @return string Return a new generated password @@ -106,2 +102 @@ - * Validate a password. - * This function is called by User->setPassword() and internally to validate that the password matches the constraints. + * Validate a password @@ -109,2 +104,2 @@ - * @param string $password Password to check - * @return int 0 if KO, >0 if OK + * @param string $password Password to check + * @return int 0 if KO, >0 if OK --- /tmp/dsg/dolibarr/htdocs/core/modules/security/generate/github_19.0.3_modGeneratePassPerso.class.php +++ /tmp/dsg/dolibarr/htdocs/core/modules/security/generate/client_modGeneratePassPerso.class.php @@ -31 +31,2 @@ - * Class to generate a password according to personal rules + * \class modGeneratePassPerso + * \brief Class to generate a password according to personal rules @@ -40,7 +40,0 @@ - public $picto = 'fa-shield-alt'; - - /** - * Minimum length (text visible by end user) - * - * @var string - */ @@ -48,8 +42 @@ - - /** - * Minimum length in number of characters - * - * @var integer - */ - public $length2; - + public $length2; // didn't overright display @@ -60,7 +47,10 @@ - - /** - * Flag to 1 if we must clean ambiguous charaters for the autogeneration of password (List of ambiguous char is in $this->Ambi) - * - * @var integer - */ - public $WithoutAmbi = 0; + public $WithoutAmbi; + + /** + * @var DoliDB Database handler. + */ + public $db; + + public $conf; + public $lang; + public $user; @@ -93,3 +83,3 @@ - if (!getDolGlobalString('USER_PASSWORD_PATTERN')) { - // default value at auto generation (12 chars, 1 uppercase, 1 digit, 0 special char, 3 repeat max, exclude ambiguous characters). - dolibarr_set_const($db, "USER_PASSWORD_PATTERN", '12;1;1;0;3;1', 'chaine', 0, '', $conf->entity); + if (empty($conf->global->USER_PASSWORD_PATTERN)) { + // default value (8carac, 1maj, 1digit, 1spe, 3 repeat, no ambi at auto generation. + dolibarr_set_const($db, "USER_PASSWORD_PATTERN", '8;1;1;1;3;1', 'chaine', 0, '', $conf->entity); @@ -104 +94 @@ - $tabConf = explode(";", getDolGlobalString('USER_PASSWORD_PATTERN')); + $tabConf = explode(";", $conf->global->USER_PASSWORD_PATTERN); @@ -111,10 +101,3 @@ - } - - /** - * Init the property ->All and clean ->Maj, ->Min, ->Nb and ->Spe with list of valid chars - * - * @return void - */ - private function initAll() - { - if ($this->WithoutAmbi) { + + if ($this->WithoutAmbi) + { @@ -129,6 +112,10 @@ - } - - /** - * Return description of module - * - * @return string Description of text + + //$this->All = str_shuffle($this->Maj. $this->Min. $this->Nb. $this->Spe); + //$this->All = $this->Maj. $this->Min. $this->Nb. $this->Spe; + //$this->All = $this->Spe; + } + + /** + * Return description of module + * + * @return string Description of text @@ -143,3 +130,3 @@ - * Return an example of password generated by this module - * - * @return string Example of password + * Return an example of password generated by this module + * + * @return string Example of password @@ -159,2 +145,0 @@ - $this->initAll(); - @@ -163 +148 @@ - // Y + // Y @@ -168 +153 @@ - // X + // X @@ -173 +158 @@ - // @ + // @ @@ -178 +163 @@ - // y + // y @@ -188,6 +173,5 @@ - return $this->getNewGeneratedPassword(); // warning, may generate infinite loop if conditions are not possible - } - - /** - * Validate a password. - * This function is called by User->setPassword() and internally to validate that the password matches the constraints. + return $this->getNewGeneratedPassword(); + } + + /** + * Validate a password @@ -196 +180 @@ - * @return int 0 if KO, >0 if OK + * @return bool false if KO, true if OK @@ -200,9 +183,0 @@ - global $langs; - - $this->initAll(); // For the case this method is called alone - - $password_a = preg_split('//u', $password, null, PREG_SPLIT_NO_EMPTY); - $maj = preg_split('//u', $this->Maj, null, PREG_SPLIT_NO_EMPTY); - $num = preg_split('//u', $this->Nb, null, PREG_SPLIT_NO_EMPTY); - $spe = preg_split('//u', $this->Spe, null, PREG_SPLIT_NO_EMPTY); - /* @@ -213,7 +187,0 @@ - */ - - if (dol_strlen($password) < $this->length2) { - $langs->load("other"); - $this->error = $langs->trans("YourPasswordMustHaveAtLeastXChars", $this->length2); - return 0; - } @@ -222,3 +190 @@ - $langs->load("other"); - $this->error = $langs->trans('PasswordNeedAtLeastXUpperCaseChars', $this->NbMaj); - return 0; + return false; @@ -228,3 +194 @@ - $langs->load("other"); - $this->error = $langs->trans('PasswordNeedAtLeastXDigitChars', $this->NbNum); - return 0; + return false; @@ -234,16 +198,12 @@ - $langs->load("other"); - $this->error = $langs->trans('PasswordNeedAtLeastXSpecialChars', $this->NbSpe); - return 0; - } - - if (!$this->consecutiveIterationSameCharacter($password)) { - $langs->load("other"); - $this->error = $langs->trans('PasswordNeedNoXConsecutiveChars', $this->NbRepeat); - return 0; - } - - return 1; - } - - /** - * Check the consecutive iterations of the same character. + return false; + } + + if (!$this->consecutiveInterationSameCharacter($password)) { + return false; + } + + return true; + } + + /** + * Check the consecutive iterations of the same character. Return false if the number doesn't match the maximum consecutive value allowed. @@ -252,12 +212,4 @@ - * @return bool False if the number doesn't match the maximum consecutive value allowed. - */ - public function consecutiveIterationSameCharacter($password) - { - $this->initAll(); - - if (empty($this->NbRepeat)) { - return true; - } - - $char = preg_split('//u', $password, null, PREG_SPLIT_NO_EMPTY); - + * @return bool + */ + private function consecutiveInterationSameCharacter($password) + { @@ -264,0 +217,3 @@ + + if (empty($this->NbRepeat)) return 1; + @@ -265,0 +221,2 @@ + $char = str_split($password); + @@ -269,2 +226,2 @@ - $count = 1; - //print "Char $c - count = $count\n"; + $count = 0; + @@ -274,3 +231 @@ - $count++; - //print "Char $c - count = $count\n"; - + $count++; --- /tmp/dsg/dolibarr/htdocs/core/modules/security/generate/github_19.0.3_modGeneratePassStandard.class.php +++ /tmp/dsg/dolibarr/htdocs/core/modules/security/generate/client_modGeneratePassStandard.class.php @@ -29 +29,2 @@ - * Class to generate a password according to a dolibarr standard rule (12 random chars) + * \class modGeneratePassStandard + * \brief Class to generate a password according to a dolibarr standard rule (8 random chars) @@ -38,7 +38,0 @@ - public $picto = 'fa-shield-alt'; - - /** - * Minimum length (text visible by end user) - * - * @var string - */ @@ -48,5 +42,8 @@ - * Minimum length in number of characters - * - * @var integer - */ - public $length2; + * @var DoliDB Database handler. + */ + public $db; + + public $conf; + public $lang; + public $user; + @@ -65,2 +62 @@ - $this->length = 12; - $this->length2 = 12; + $this->length = 8; @@ -77 +73 @@ - * @return string Description of module + * @return string Description of module @@ -82 +78 @@ - return $langs->trans("PasswordGenerationStandard", $this->length); + return $langs->trans("PasswordGenerationStandard"); @@ -88 +84 @@ - * @return string Example of password + * @return string Example of password @@ -98 +94 @@ - * @return string Return a new generated password + * @return string Return a new generated password @@ -106 +102 @@ - $possible = "0123456789qwertyuiopasdfghjklzxcvbnmASDFGHJKLZXCVBNMQWERTYUIOP"; + $possible = "0123456789bcdfghjkmnpqrstvwxyz"; @@ -112 +108,2 @@ - while ($i < $this->length) { + while ($i < $this->length) + { @@ -114,5 +111 @@ - if (function_exists('random_int')) { // Cryptographic random - $char = substr($possible, random_int(0, dol_strlen($possible) - 1), 1); - } else { - $char = substr($possible, mt_rand(0, dol_strlen($possible) - 1), 1); - } + $char = substr($possible, mt_rand(0, dol_strlen($possible) - 1), 1); @@ -120 +113,3 @@ - if (substr_count($password, $char) <= 6) { // we don't want this character if it's already 5 times in the password + // we don't want this character if it's already in the password + if (!strstr($password, $char)) + { @@ -130,19 +125,11 @@ - /** - * Validate a password - * This function is called by User->setPassword() and internally to validate that the password matches the constraints. - * - * @param string $password Password to check - * @return int 0 if KO, >0 if OK - */ - public function validatePassword($password) - { - global $langs; - - if (dol_strlen($password) < $this->length2) { - $langs->load("other"); - $this->error = $langs->trans("YourPasswordMustHaveAtLeastXChars", $this->length2); - return 0; - } - - return 1; - } + /** + * Validate a password + * + * @param string $password Password to check + * @return int 0 if KO, >0 if OK + */ + public function validatePassword($password) + { + if (dol_strlen($password) < $this->length) return 0; + return 1; + } --- /tmp/dsg/dolibarr/htdocs/core/modules/security/generate/github_19.0.3_modules_genpassword.php +++ /tmp/dsg/dolibarr/htdocs/core/modules/security/generate/client_modules_genpassword.php @@ -28 +28,2 @@ - * Parent class for password rules/management modules + * \class ModeleGenPassword + * \brief Parent class for password rules/management modules @@ -32,10 +33 @@ - public $picto = 'generic'; - - /** - * Flag to 1 if we must clean ambiguous charaters for the autogeneration of password (List of ambiguous char is in $this->Ambi) - * - * @var integer - */ - public $WithoutAmbi = 0; - - /** + /** @@ -46,4 +38,9 @@ - /** - * @var DoliDB Database handler. - */ - public $db; + /** + * Return if a module can be used or not + * + * @return boolean true if module can be used + */ + public function isEnabled() + { + return true; + } @@ -51,4 +48,10 @@ - /** - * @var Conf dolibarr conf - */ - public $conf; + /** + * Return description of module + * + * @return string Description of text + */ + public function getDescription() + { + global $langs; + return $langs->trans("NoDescription"); + } @@ -56,42 +59,11 @@ - /** - * @var Translate Translate Object - */ - public $langs; - - /** - * @var User user - */ - public $user; - - /** - * Return if a module can be used or not - * - * @return boolean true if module can be used - */ - public function isEnabled() - { - return true; - } - - /** - * Return description of module - * - * @return string Description of text - */ - public function getDescription() - { - global $langs; - return $langs->trans("NoDescription"); - } - - /** - * Return an example of password generated by this module - * - * @return string Example of password - */ - public function getExample() - { - global $langs; - $langs->load("bills"); - return $langs->trans("NoExample"); - } + /** + * Return an example of password generated by this module + * + * @return string Example of password + */ + public function getExample() + { + global $langs; + $langs->load("bills"); + return $langs->trans("NoExample"); + } @@ -102 +74 @@ - * @return string Return a new generated password + * @return string Return a new generated password @@ -104,5 +76,5 @@ - public function getNewGeneratedPassword() - { - global $langs; - return $langs->trans("NotAvailable"); - } + public function getNewGeneratedPassword() + { + global $langs; + return $langs->trans("NotAvailable"); + } @@ -111,2 +83 @@ - * Validate a password. - * This function is called by User->setPassword() and internally to validate that the password matches the constraints. + * Validate a password @@ -114,2 +85,2 @@ - * @param string $password Password to check - * @return int 0 if KO, >0 if OK + * @param string $password Password to check + * @return int 0 if KO, >0 if OK @@ -117,4 +88,4 @@ - public function validatePassword($password) - { - return 1; - } + public function validatePassword($password) + { + return 1; + }