diff --git a/htdocs/admin/security_captcha.php b/htdocs/admin/security_captcha.php index f30e8267ffb8a..e710915f8fc2a 100644 --- a/htdocs/admin/security_captcha.php +++ b/htdocs/admin/security_captcha.php @@ -46,7 +46,7 @@ } $action = GETPOST('action', 'aZ09'); - +$handler = GETPOST('handler', 'aZ09'); /* @@ -70,34 +70,13 @@ } else { dol_print_error($db); } -} elseif ($action == 'updateform') { - $res1 = 1; - $res2 = 1; - $res3 = 1; - $res4 = 1; - $res5 = 1; - if (GETPOSTISSET('MAIN_APPLICATION_TITLE')) { - $res1 = dolibarr_set_const($db, "MAIN_APPLICATION_TITLE", GETPOST("MAIN_APPLICATION_TITLE", 'alphanohtml'), 'chaine', 0, '', $conf->entity); - } - if (GETPOSTISSET('MAIN_SESSION_TIMEOUT')) { - $res2 = dolibarr_set_const($db, "MAIN_SESSION_TIMEOUT", GETPOST("MAIN_SESSION_TIMEOUT", 'alphanohtml'), 'chaine', 0, '', $conf->entity); - } - if (GETPOSTISSET('MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT')) { - $res3 = dolibarr_set_const($db, "MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT", GETPOST("MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT", 'alphanohtml'), 'int', 0, '', $conf->entity); - } - if (GETPOSTISSET('MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS')) { - $res4 = dolibarr_set_const($db, "MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", GETPOST("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 'alphanohtml'), 'int', 0, '', $conf->entity); - } - if (GETPOSTISSET('MAIN_SECURITY_MAX_ATTACHMENT_ON_FORMS')) { - $res5 = dolibarr_set_const($db, "MAIN_SECURITY_MAX_ATTACHMENT_ON_FORMS", GETPOST("MAIN_SECURITY_MAX_ATTACHMENT_ON_FORMS", 'alphanohtml'), 'int', 0, '', $conf->entity); - } - if ($res1 && $res2 && $res3 && $res4 && $res5) { - setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs'); +} elseif ($action == 'setcaptchahandler') { + if (!dolibarr_set_const($db, 'MAIN_SECURITY_ENABLECAPTCHA_HANDLER', GETPOST("value", "aZ09"), 'chaine', 0, '', $conf->entity)) { + dol_print_error($db); } } - /* * View */ @@ -112,28 +91,37 @@ print ''.$langs->trans("CaptchaDesc")."
\n"; print "
\n"; +$dirModCaptcha = array_merge(array('/core/modules/security/captcha'), is_array($conf->modules_parts['captcha']) ? $conf->modules_parts['captcha'] : array()); +foreach ($conf->modules_parts['captcha'] as $mo) { + //Add more models + $dirModCaptcha[] = $mo.'core/modules/security/captcha'; +} // Load array with all captcha generation modules -$dir = DOL_DOCUMENT_ROOT."/core/modules/security/captcha"; -clearstatcache(); -$handle = opendir($dir); -$i = 1; $arrayhandler = array(); -if (is_resource($handle)) { - while (($file = readdir($handle)) !== false) { - $reg = array(); - if (preg_match('/(modCaptcha[a-z]+)\.class\.php$/i', $file, $reg)) { - // Charging the numbering class - $classname = $reg[1]; - require_once $dir.'/'.$file; - - $obj = new $classname($db, $conf, $langs, $user); - '@phan-var-force ModeleCaptcha $obj'; - $arrayhandler[$obj->id] = $obj; - $i++; + +foreach ($dirModCaptcha as $dirroot) { + $dir = dol_buildpath($dirroot, 0); + + $handle = @opendir($dir); + + $i = 1; + if (is_resource($handle)) { + while (($file = readdir($handle)) !== false) { + $reg = array(); + if (preg_match('/(modCaptcha[a-z]+)\.class\.php$/i', $file, $reg)) { + // Charging the numbering class + $classname = $reg[1]; + require_once $dir.'/'.$file; + + $obj = new $classname($db, $conf, $langs, $user); + '@phan-var-force ModeleCaptcha $obj'; + $arrayhandler[$obj->id] = $obj; + $i++; + } } + closedir($handle); } - closedir($handle); } asort($arrayhandler); @@ -215,13 +203,11 @@ if (function_exists("imagecreatefrompng")) { if ($key != $selectedcaptcha) { - print ''; + print ''; + print img_picto($langs->trans("Disabled"), 'switch_off'); + print ''; } else { - print ''; + print img_picto($langs->trans("Enabled"), 'switch_on'); } } else { $desc = $form->textwithpicto('', $langs->transnoentities("EnableGDLibraryDesc"), 1, 'warning'); diff --git a/htdocs/admin/ticket_public.php b/htdocs/admin/ticket_public.php index d5df6d50bd7b9..52a61d81c5760 100644 --- a/htdocs/admin/ticket_public.php +++ b/htdocs/admin/ticket_public.php @@ -506,11 +506,16 @@ print '

'; - print load_fiche_titre($langs->trans("Emails")); + //print load_fiche_titre($langs->trans("Emails")); print '
'; print ''; + print ''; + print ''; + print ''; + // Activate email creation to user print ''; - $captcha = ''; - if ($public && getDolGlobalString('MAIN_SECURITY_ENABLECAPTCHA_TICKET')) { - print ''; - } - // Categories if (isModEnabled('category') && !$public) { include_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; @@ -819,6 +785,34 @@ function(response) { } } + // Show line with Captcha + $captcha = ''; + if ($public && getDolGlobalString('MAIN_SECURITY_ENABLECAPTCHA_TICKET')) { + print ''; + } + print '
'.$langs->trans("Emails").''; + print '
'; print $form->textwithpicto($langs->trans("TicketsDisableCustomerEmail"), $langs->trans("TicketsDisableEmailHelp"), 1, 'help'); diff --git a/htdocs/core/class/conf.class.php b/htdocs/core/class/conf.class.php index c020fdc3b2ac8..cb5a97f8c7bd5 100644 --- a/htdocs/core/class/conf.class.php +++ b/htdocs/core/class/conf.class.php @@ -556,6 +556,8 @@ public function setValues($db) $newvalue = '/'.$modulename.'/core/'.$partname.'/'; } elseif (in_array($partname, array('models', 'theme', 'websitetemplates'))) { $newvalue = '/'.$modulename.'/'; + } elseif (in_array($partname, array('captcha'))) { + $newvalue = '/'.$modulename.'/core/modules/security/'.$partname.'/'; } elseif ($value == 1) { $newvalue = '/'.$modulename.'/core/modules/'.$partname.'/'; // ex: partname = societe } else { // $partname can be any other value like 'sms', ... diff --git a/htdocs/core/class/html.formticket.class.php b/htdocs/core/class/html.formticket.class.php index 5f07cc83a50ad..de9d367f75ba8 100644 --- a/htdocs/core/class/html.formticket.class.php +++ b/htdocs/core/class/html.formticket.class.php @@ -569,40 +569,6 @@ function groupticketchange() { $doleditor->Create(); print '
'; - - require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php'; - $captcha = getDolGlobalString('MAIN_SECURITY_ENABLECAPTCHA_HANDLER', 'standard'); - - $classfile = DOL_DOCUMENT_ROOT."/core/modules/security/captcha/modCaptcha".ucfirst($captcha).'.class.php'; - include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; - $captchaobj = null; - if (dol_is_file($classfile)) { - // Charging the numbering class - $classname = "modCaptcha".ucfirst($captcha); - require_once $classfile; - - $captchaobj = new $classname($this->db, $conf, $langs, $user); - } - - if (is_object($captchaobj) && method_exists($captchaobj, 'getCaptchaCodeForForm')) { - // TODO: get this code using a method of captcha - } else { - print ''; - print ''; - print ''; - print ''; - print ''; - print ''; - print ''.img_picto($langs->trans("Refresh"), 'refresh', 'id="captcha_refresh_img"').''; - print ''; - } - - print '

'; + + require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php'; + $captcha = getDolGlobalString('MAIN_SECURITY_ENABLECAPTCHA_HANDLER', 'standard'); + + $classfile = DOL_DOCUMENT_ROOT."/core/modules/security/captcha/modCaptcha".ucfirst($captcha).'.class.php'; + include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; + $captchaobj = null; + if (dol_is_file($classfile)) { + // Charging the numbering class + $classname = "modCaptcha".ucfirst($captcha); + require_once $classfile; + + $captchaobj = new $classname($this->db, $conf, $langs, $user); + } + + if (is_object($captchaobj) && method_exists($captchaobj, 'getCaptchaCodeForForm')) { + print $captchaobj->getCaptchaCodeForForm(); + } else { + print 'Error, the captcha handler '.get_class($captchaobj).' does not have any method getCaptchaCodeForForm()'; + } + + print '
'; if ($withdolfichehead) { diff --git a/htdocs/core/modules/security/captcha/modCaptchaStandard.class.php b/htdocs/core/modules/security/captcha/modCaptchaStandard.class.php index 7e5030be5ea25..cb736ff96d8ba 100644 --- a/htdocs/core/modules/security/captcha/modCaptchaStandard.class.php +++ b/htdocs/core/modules/security/captcha/modCaptchaStandard.class.php @@ -23,8 +23,8 @@ * \brief File to manage captcha generation according to dolibarr native code */ - require_once DOL_DOCUMENT_ROOT.'/core/modules/security/captcha/modules_captcha.php'; - require_once DOL_DOCUMENT_ROOT.'/core/modules/security/generate/modGeneratePassStandard.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/modules/security/captcha/modules_captcha.php'; +require_once DOL_DOCUMENT_ROOT.'/core/modules/security/generate/modGeneratePassStandard.class.php'; /** @@ -49,7 +49,7 @@ class modCaptchaStandard extends ModeleCaptcha */ public function __construct($db, $conf, $langs, $user) { - $this->id = "standard"; + $this->id = strtolower(preg_replace('/^modCaptcha/i', '', get_class())); $this->db = $db; $this->conf = $conf; @@ -95,6 +95,39 @@ public function getExample() return ''; } + /** + * Return the HTML content to output on a form that need the captcha + * + * @param string $php_self An URL for the a href link + * @return int 0 if KO, >0 if OK + */ + public function getCaptchaCodeForForm($php_self = '') + { + global $langs; + + // TODO Replace the a link with a post of form. + + $out .= ' +
+
+ + + + + + + + '.img_picto($langs->trans("Refresh"), 'refresh', 'id="captcha_refresh_img"').' + + +
+
+ '."\n"; + + return $out; + } + + /** * Validate a captcha diff --git a/htdocs/core/tpl/login.tpl.php b/htdocs/core/tpl/login.tpl.php index 631ea789dab83..6b9cefd699647 100644 --- a/htdocs/core/tpl/login.tpl.php +++ b/htdocs/core/tpl/login.tpl.php @@ -81,7 +81,6 @@ @phan-var-force int<0,1> $forgetpasslink '; - header('Cache-Control: Public, must-revalidate'); if (GETPOST('dol_hide_topmenu')) { @@ -105,6 +104,13 @@ $conf->use_javascript_ajax = 1; } +// $captcha is defined + + +/* + * View + */ + $php_self = empty($php_self) ? dol_escape_htmltag($_SERVER['PHP_SELF']) : $php_self; if (!empty($_SERVER["QUERY_STRING"]) && dol_escape_htmltag($_SERVER["QUERY_STRING"])) { $php_self .= '?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]); @@ -313,25 +319,9 @@ } if (is_object($captchaobj) && method_exists($captchaobj, 'getCaptchaCodeForForm')) { - // TODO: get this code using a method of captcha + print $captchaobj->getCaptchaCodeForForm($php_self); } else { - ?> - -
-
- - - - " class="flat input-icon-security width125" type="text" maxlength="5" name="code" tabindex="3" autocomplete="off" /> - - - - trans("Refresh"), 'refresh', 'id="captcha_refresh_img"'); ?> - - -
-
- use_javascript_ajax = 1; } +// $captcha is defined + + +/* + * View + */ + $php_self = $_SERVER['PHP_SELF']; $php_self .= dol_escape_htmltag($_SERVER["QUERY_STRING"]) ? '?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]) : ''; $php_self = str_replace('action=validatenewpassword', '', $php_self); @@ -179,25 +186,9 @@ } if (is_object($captchaobj) && method_exists($captchaobj, 'getCaptchaCodeForForm')) { - // TODO: get this code using a method of captcha + print $captchaobj->getCaptchaCodeForForm($php_self); } else { - ?> - -
-
- - - - " class="flat input-icon-security width125" type="text" maxlength="5" name="code" tabindex="3" autocomplete="off" /> - - - - trans("Refresh"), 'refresh', 'id="captcha_refresh_img"'); ?> - - -
-
- 0, // Set this to 1 if the module provides a website template into doctemplates/websites/website_template-mytemplate - 'websitetemplates' => 0 + 'websitetemplates' => 0, + // Set this to 1 if the module provides a captcha driver + 'captcha' => 0 ); // Data directories to create when module is enabled. diff --git a/htdocs/user/passwordforgotten.php b/htdocs/user/passwordforgotten.php index ae2b656ad037e..96887dd63bcb1 100644 --- a/htdocs/user/passwordforgotten.php +++ b/htdocs/user/passwordforgotten.php @@ -218,15 +218,6 @@ $focus_element = 'password'; } -// Send password button enabled ? -$disabled = 'disabled'; -if (preg_match('/dolibarr/i', $mode)) { - $disabled = ''; -} -if (getDolGlobalString('MAIN_SECURITY_ENABLE_SENDPASSWORD')) { - $disabled = ''; // To force button enabled -} - // Show logo (search in order: small company logo, large company logo, theme logo, common logo) $width = 0; $rowspan = 2; @@ -242,6 +233,15 @@ $urllogo = DOL_URL_ROOT.'/theme/dolibarr_logo.svg'; } +// Send password button enabled ? +$disabled = 'disabled'; +if (preg_match('/dolibarr/i', $mode)) { + $disabled = ''; +} +if (getDolGlobalString('MAIN_SECURITY_ENABLE_SENDPASSWORD')) { + $disabled = ''; // To force button enabled +} + // Security graphical code $captcha = ''; if (!$disabled) {