diff --git a/apps/maarch_entreprise/log.php b/apps/maarch_entreprise/log.php
index bb267d1484d70d617beac982d4eca0e80bcec941..a3c33e0451a31662cb48f54f548adc458cd4b589 100755
--- a/apps/maarch_entreprise/log.php
+++ b/apps/maarch_entreprise/log.php
@@ -177,14 +177,18 @@ if (!empty($_SESSION['error'])) {
}
} catch (Exception $conFailure) {
if (!empty($standardConnect) && $standardConnect == 'true') {
- $res = $sec->login($login, $password);
+ $res = $sec->login($login, $password, 'ldap', $standardConnect);
$_SESSION['user'] = $res['user'];
if (empty($res['error'])) {
\SrcCore\models\AuthenticationModel::setCookieAuth(['userId' => $login]);
\SrcCore\models\AuthenticationModel::resetFailedAuthentication(['userId' => $login]);
$user = \User\models\UserModel::getByUserId(['userId' => $login, 'select' => ['id']]);
- \User\models\UserModel::updatePassword(['id' => $user['id'], 'password' => $password]);
$core->load_menu($_SESSION['modules']);
+ header(
+ 'location: ' . $_SESSION['config']['businessappurl']
+ . $res['url']
+ );
+ exit();
} else {
$_SESSION['error'] = $res['error'];
}
@@ -211,6 +215,7 @@ if (!empty($_SESSION['error'])) {
//TODO: protect sql injection with PDO
require_once 'core/class/class_db_pdo.php';
+ \SrcCore\models\AuthenticationModel::resetFailedAuthentication(['userId' => $login]);
// Instantiate database.
$database = new Database();
$stmt = $database->query(
@@ -223,9 +228,6 @@ if (!empty($_SESSION['error'])) {
$_SESSION['error'] = '';
if (!empty($standardConnect) && $standardConnect == 'true') {
\User\models\UserModel::updatePassword(['id' => $result['id'], 'password' => $password]);
- \SrcCore\models\AuthenticationModel::resetFailedAuthentication(['userId' => $login]);
- } else {
- $standardConnect = 'false';
}
$res = $sec->login($login, $password, 'ldap', $standardConnect);
$_SESSION['user'] = $res['user'];
@@ -249,7 +251,7 @@ if (!empty($_SESSION['error'])) {
continue;
}
} else {
- $error = \SrcCore\controllers\AuthenticationController::handleFailedAuthentication(['userId' => $login]);
+ $error = _BAD_LOGIN_OR_PSW;
$_SESSION['error'] = $error;
header(
'location: ' . $_SESSION['config']['businessappurl']
@@ -258,6 +260,12 @@ if (!empty($_SESSION['error'])) {
continue;
}
}
+ $error = \SrcCore\controllers\AuthenticationController::handleFailedAuthentication(['userId' => $login]);
+ $_SESSION['error'] = $error;
+ header(
+ 'location: ' . $_SESSION['config']['businessappurl']
+ . 'index.php?display=true&page=login'
+ );
} else {
$_SESSION['error'] = '';
$res = $sec->login($login, $password);
diff --git a/core/class/class_security.php b/core/class/class_security.php
index b38cfd6a20e735cce6af73a46a93b6e171d405f8..4cc509d7b76e508a67a7f1c2873443cc44d1033d 100755
--- a/core/class/class_security.php
+++ b/core/class/class_security.php
@@ -85,7 +85,7 @@ class security extends Database
* @param $s_login string User login
* @param $pass string User password
*/
- public function login($s_login, $pass, $method = false, $standardConnect = false)
+ public function login($s_login, $pass, $method = false, $standardConnect = 'false')
{
$array = array();
$error = '';
@@ -255,7 +255,11 @@ class security extends Database
);
}
} else {
- $error = \SrcCore\controllers\AuthenticationController::handleFailedAuthentication(['userId' => $s_login]);
+ if ($standardConnect == 'false') {
+ $error = \SrcCore\controllers\AuthenticationController::handleFailedAuthentication(['userId' => $s_login]);
+ } else {
+ $error = _BAD_LOGIN_OR_PSW;
+ }
return [
'user' => $array,