From 4537856ed6623f09db2126108ba913bd6619ea54 Mon Sep 17 00:00:00 2001
From: Damien <damien.burel@maarch.org>
Date: Fri, 22 Jun 2018 15:46:43 +0200
Subject: [PATCH] [REFACTORING] Del Ra_code
---
apps/maarch_entreprise/lang/en.php | 46 ------
apps/maarch_entreprise/lang/fr.php | 45 ------
apps/maarch_entreprise/log.php | 32 ----
apps/maarch_entreprise/login.php | 11 --
.../smartphone/check_id_user.php | 3 +-
.../smartphone/js/maarch_functions.js | 19 ---
apps/maarch_entreprise/smartphone/log.php | 32 ----
apps/maarch_entreprise/smartphone/login.php | 34 -----
.../smartphone/sign_file_rep.php | 4 -
.../smartphone/valid_sign.php | 62 --------
apps/maarch_entreprise/standard_connect.php | 138 +-----------------
.../xml/IVS/validation_rules.xml | 1 -
core/class/class_security.php | 121 +--------------
sql/develop.sql | 2 +
sql/structure.sql | 2 -
15 files changed, 9 insertions(+), 543 deletions(-)
delete mode 100755 apps/maarch_entreprise/smartphone/valid_sign.php
diff --git a/apps/maarch_entreprise/lang/en.php b/apps/maarch_entreprise/lang/en.php
index dfc99b43e34..36f5905f56c 100755
--- a/apps/maarch_entreprise/lang/en.php
+++ b/apps/maarch_entreprise/lang/en.php
@@ -3914,52 +3914,6 @@ if (!defined('_PUT_DOC_ON_VALIDATION')) {
if (!defined('_REALLY_PUT_DOC_ON_VALIDATION')) {
define('_REALLY_PUT_DOC_ON_VALIDATION', 'Confirm the sending for validation');
}
-
-/*******************************************************************************
- * RA_CODE
-*******************************************************************************/
-if (!defined('_ASK_RA_CODE_1')) {
- define('_ASK_RA_CODE_1', 'A mail will be sent to the address: ');
-}
-if (!defined('_ASK_RA_CODE_2')) {
- define('_ASK_RA_CODE_2', 'Once the code be known, please try again your connection attempt.');
-}
-if (!defined('_CONFIRM_ASK_RA_CODE_1')) {
- define('_CONFIRM_ASK_RA_CODE_1', 'Good morning, ');
-}
-if (!defined('_CONFIRM_ASK_RA_CODE_2')) {
- define('_CONFIRM_ASK_RA_CODE_2', 'Your distant connection code for Maarch application is : ');
-}
-if (!defined('_CONFIRM_ASK_RA_CODE_3')) {
- define('_CONFIRM_ASK_RA_CODE_3', 'This code remain valid until ');
-}
-if (!defined('_CONFIRM_ASK_RA_CODE_4')) {
- define('_CONFIRM_ASK_RA_CODE_4', 'To log on, ');
-}
-if (!defined('_CONFIRM_ASK_RA_CODE_5')) {
- define('_CONFIRM_ASK_RA_CODE_5', 'click here');
-}
-if (!defined('_CONFIRM_ASK_RA_CODE_6')) {
- define('_CONFIRM_ASK_RA_CODE_6', 'Your Maarch connection code');
-}
-if (!defined('_CONFIRM_ASK_RA_CODE_7')) {
- define('_CONFIRM_ASK_RA_CODE_7', 'A mail has been sent to your email address');
-}
-if (!defined('_CONFIRM_ASK_RA_CODE_8')) {
- define('_CONFIRM_ASK_RA_CODE_8', 'Reconnection attempt');
-}
-if (!defined('_TRYING_TO_CONNECT_FROM_NOT_ALLOWED_IP')) {
- define('_TRYING_TO_CONNECT_FROM_NOT_ALLOWED_IP', 'you attempt to connect from a no identified place.');
-}
-if (!defined('_PLEASE_ENTER_YOUR_RA_CODE')) {
- define('_PLEASE_ENTER_YOUR_RA_CODE', 'Please enter the further access code.');
-}
-if (!defined('_ASK_AN_RA_CODE')) {
- define('_ASK_AN_RA_CODE', 'Ask an access code');
-}
-if (!defined('_RA_CODE_1')) {
- define('_RA_CODE_1', 'Further code');
-}
if (!defined('_CAN_T_CONNECT_WITH_THIS_IP')) {
define('_CAN_T_CONNECT_WITH_THIS_IP', 'You cannot connect from a no identified place.');
}
diff --git a/apps/maarch_entreprise/lang/fr.php b/apps/maarch_entreprise/lang/fr.php
index 6d15f7a1372..0b356e5a0e5 100755
--- a/apps/maarch_entreprise/lang/fr.php
+++ b/apps/maarch_entreprise/lang/fr.php
@@ -3968,51 +3968,6 @@ if (!defined('_REALLY_PUT_DOC_ON_VALIDATION')) {
define('_REALLY_PUT_DOC_ON_VALIDATION', "Confirmer l\'envoi en validation");
}
-/*******************************************************************************
- * RA_CODE
-*******************************************************************************/
-if (!defined('_ASK_RA_CODE_1')) {
- define('_ASK_RA_CODE_1', "Un courriel va être envoyé à l'adresse : ");
-}
-if (!defined('_ASK_RA_CODE_2')) {
- define('_ASK_RA_CODE_2', 'Une fois le code connu, merci de renouveler votre tentative de connexion.');
-}
-if (!defined('_CONFIRM_ASK_RA_CODE_1')) {
- define('_CONFIRM_ASK_RA_CODE_1', 'Bonjour, ');
-}
-if (!defined('_CONFIRM_ASK_RA_CODE_2')) {
- define('_CONFIRM_ASK_RA_CODE_2', "votre code de connexion distant a l'application Maarch est : ");
-}
-if (!defined('_CONFIRM_ASK_RA_CODE_3')) {
- define('_CONFIRM_ASK_RA_CODE_3', "Ce code reste reste valide jusqu'au ");
-}
-if (!defined('_CONFIRM_ASK_RA_CODE_4')) {
- define('_CONFIRM_ASK_RA_CODE_4', 'Pour vous connecter, ');
-}
-if (!defined('_CONFIRM_ASK_RA_CODE_5')) {
- define('_CONFIRM_ASK_RA_CODE_5', 'cliquez ici');
-}
-if (!defined('_CONFIRM_ASK_RA_CODE_6')) {
- define('_CONFIRM_ASK_RA_CODE_6', 'Votre code de connexion Maarch');
-}
-if (!defined('_CONFIRM_ASK_RA_CODE_7')) {
- define('_CONFIRM_ASK_RA_CODE_7', 'Un courriel a été envoyé à votre adresse mail');
-}
-if (!defined('_CONFIRM_ASK_RA_CODE_8')) {
- define('_CONFIRM_ASK_RA_CODE_8', 'Tentative de reconnexion');
-}
-if (!defined('_TRYING_TO_CONNECT_FROM_NOT_ALLOWED_IP')) {
- define('_TRYING_TO_CONNECT_FROM_NOT_ALLOWED_IP', 'Vous tentez de vous connecter depuis un emplacement non répertorié.');
-}
-if (!defined('_PLEASE_ENTER_YOUR_RA_CODE')) {
- define('_PLEASE_ENTER_YOUR_RA_CODE', "Veuillez entrer le code d'acces complémentaire.");
-}
-if (!defined('_ASK_AN_RA_CODE')) {
- define('_ASK_AN_RA_CODE', "Demander un code d'accès");
-}
-if (!defined('_RA_CODE_1')) {
- define('_RA_CODE_1', 'Code complémentaire');
-}
if (!defined('_CAN_T_CONNECT_WITH_THIS_IP')) {
define('_CAN_T_CONNECT_WITH_THIS_IP', 'Vous ne pouvez pas vous connecter depuis un emplacement non répertorié.');
}
diff --git a/apps/maarch_entreprise/log.php b/apps/maarch_entreprise/log.php
index 3c96cc0dc2e..3895b133603 100755
--- a/apps/maarch_entreprise/log.php
+++ b/apps/maarch_entreprise/log.php
@@ -73,11 +73,6 @@ if (isset($_REQUEST['pass'])) {
} else {
$password = '';
}
-if (isset($_REQUEST['ra_code'])) {
- $ra_code = $func->wash($_REQUEST['ra_code'], 'no', _RA_CODE, 'yes');
-} else {
- $ra_code = '';
-}
require_once 'core/class/class_security.php';
require_once 'core/class/class_request.php';
require_once 'apps/'.$_SESSION['config']['app_id']
@@ -234,33 +229,6 @@ if (!empty($_SESSION['error'])) {
);
exit;
}
- } elseif (isset($_REQUEST['ra_code'])) {
- if (empty($login) || empty($password) || empty($ra_code)) {
- $_SESSION['error'] = _IP_NOT_ALLOWED;
- header(
- 'location: '.$_SESSION['config']['businessappurl']
- .'index.php?display=true&page=login'
- );
- exit;
- } else {
- $_SESSION['error'] = '';
- $res = $sec->login($login, $password, false, $ra_code);
- //$core->show_array($res);
- $_SESSION['user'] = $res['user'];
- if ($res['error'] == '') {
- // $businessAppTools->load_app_var_session($_SESSION['user']);
- //$core->load_var_session($_SESSION['modules'], $_SESSION['user']);
- $core->load_menu($_SESSION['modules']);
- // exit;
- }
- if (empty($_SESSION['error'])) {
- $_SESSION['error'] = $res['error'];
- }
- header(
- 'location: '.$_SESSION['config']['businessappurl'].$res['url']
- );
- exit();
- }
} else {
if (empty($login) || empty($password)) {
$_SESSION['error'] = _BAD_LOGIN_OR_PSW.'...';
diff --git a/apps/maarch_entreprise/login.php b/apps/maarch_entreprise/login.php
index 7faa4a01b7f..2d000d6f24a 100755
--- a/apps/maarch_entreprise/login.php
+++ b/apps/maarch_entreprise/login.php
@@ -19,17 +19,6 @@ if (isset($_GET['target_page']) && trim($_GET['target_page']) != '') {
}
}
-if (isset($_SESSION['HTTP_REQUEST']['withRA_CODE']) && empty($_SESSION['HTTP_REQUEST']['withRA_CODE'])) {
- $_SESSION['error'] = _IP_NOT_ALLOWED;
- $_SESSION['withRA_CODE'] = 'ok';
- $_SESSION['HTTP_REQUEST'] = array();
- header(
- 'location: '.$_SESSION['config']['businessappurl']
- .'index.php?display=true&page=login'
- );
- exit;
-}
-
$serverPath = '';
if (strtoupper(substr(PHP_OS, 0, 3)) != 'WIN'
diff --git a/apps/maarch_entreprise/smartphone/check_id_user.php b/apps/maarch_entreprise/smartphone/check_id_user.php
index a9160d2c390..246efd94435 100755
--- a/apps/maarch_entreprise/smartphone/check_id_user.php
+++ b/apps/maarch_entreprise/smartphone/check_id_user.php
@@ -67,7 +67,6 @@ if (!$right) {
$db = new Database();
-$sec->generateRaCode($_SESSION['user']['UserId'], '', false);
$res_db = $db->query("SELECT * FROM " . $view . " WHERE res_id = ? ", array($s_id));
@@ -88,7 +87,7 @@ $ra_code = $_SESSION['recup_user']['ra_code'];
<input type="text" id="code_session" name="code_session" />
</div>
<div align="center">
- <input type="button" class="whiteButton" onclick="valid_sign(<?php echo functions::xecho($s_id);?>);" value="Valider la signature" />
+ <input type="button" class="whiteButton" value="Deprecated" />
</div>
</fieldset>
<a href="signature_recap.php?id=<?php echo $s_id;?>&res_id_attach=<?php functions::xecho($att_id);?>" id="link_recap" style="display:none;" />
diff --git a/apps/maarch_entreprise/smartphone/js/maarch_functions.js b/apps/maarch_entreprise/smartphone/js/maarch_functions.js
index 2bbe12f4231..2f18062a039 100755
--- a/apps/maarch_entreprise/smartphone/js/maarch_functions.js
+++ b/apps/maarch_entreprise/smartphone/js/maarch_functions.js
@@ -563,25 +563,6 @@ function loadDeviceInfos() {
});
}
-function valid_sign(res_id){
- var path_manage_script = 'valid_sign.php';
- new Ajax.Request(path_manage_script,
- {
- method:'post',
- parameters: { 'res_id' : res_id, 'code_session' : document.getElementById("code_session").value },
- onSuccess: function(answer){
- eval("response = "+answer.responseText);
- if (response.status == 1) {
- document.getElementById("link_recap").click();
- }
- else if (response.status == 0) {
- console.log('Erreur de validation');
- }
- }
- }
- );
-}
-
function save_sign(){
var path_manage_script = 'saveSign.php';
new Ajax.Request(path_manage_script,
diff --git a/apps/maarch_entreprise/smartphone/log.php b/apps/maarch_entreprise/smartphone/log.php
index 23a5caf4dbc..f8f848f769b 100755
--- a/apps/maarch_entreprise/smartphone/log.php
+++ b/apps/maarch_entreprise/smartphone/log.php
@@ -64,11 +64,6 @@ if (isset($_REQUEST['pass'])) {
} else {
$password = '';
}
-if (isset($_REQUEST['ra_code'])) {
- $ra_code = $func->wash($_REQUEST['ra_code'], 'no', _RA_CODE, 'yes');
-} else {
- $ra_code = '';
-}
require_once 'core/class/class_security.php';
require_once 'core/class/class_request.php';
require_once 'apps/'.$_SESSION['config']['app_id']
@@ -222,33 +217,6 @@ if (!empty($_SESSION['error'])) {
);
exit;
}
- } elseif (isset($_REQUEST['ra_code'])) {
- if (empty($login) || empty($password) || empty($ra_code)) {
- $_SESSION['error'] = _IP_NOT_ALLOWED;
- header(
- 'location: '.$_SESSION['config']['businessappurl']
- .'index.php?display=true&page=login'
- );
- exit;
- } else {
- $_SESSION['error'] = '';
- $res = $sec->login($login, $password, false, $ra_code);
- //$core->show_array($res);
- $_SESSION['user'] = $res['user'];
- if ($res['error'] == '') {
- // $businessAppTools->load_app_var_session($_SESSION['user']);
- //$core->load_var_session($_SESSION['modules'], $_SESSION['user']);
- $core->load_menu($_SESSION['modules']);
- // exit;
- }
- if (empty($_SESSION['error'])) {
- $_SESSION['error'] = $res['error'];
- }
- header(
- 'location: '.$_SESSION['config']['businessappurl'].$res['url']
- );
- exit();
- }
} else {
if (empty($login) || empty($password)) {
$_SESSION['error'] = _BAD_LOGIN_OR_PSW.'...';
diff --git a/apps/maarch_entreprise/smartphone/login.php b/apps/maarch_entreprise/smartphone/login.php
index e3526d374cc..265f61b0e07 100755
--- a/apps/maarch_entreprise/smartphone/login.php
+++ b/apps/maarch_entreprise/smartphone/login.php
@@ -28,9 +28,6 @@ $core->load_lang();
;?>" target="_self">
<fieldset>
<table>
- <?php
- if ($_REQUEST['withRA_CODE'] != 'true'){
- ?>
<tr>
<td style="width:50%;text-align:left;">
<label><b><?php echo _ID; ?></b></label>
@@ -51,37 +48,6 @@ $core->load_lang();
</td>
</tr>
<?php
- }
- if ($_REQUEST['withRA_CODE'] == 'true'){
- ?>
- <tr style="display:none">
- <td style="width:50%;text-align:left;">
- <label><b><?php echo _ID; ?></b></label>
- </td>
- <td style="width:50%;">
- <input style="text-align:left;" type="text" name="login" value="<?php echo $_SESSION['recup_user']['login']; ?>" style="width:100%;"/>
- </td>
- </tr>
-
- <tr style="display:none">
- <td style="width:50%;text-align:left;">
- <label><b><?php echo _PASSWORD; ?></b></label>
- </td>
- <td style="width:50%;">
- <input type="password" name="pass" value="<?php echo $_SESSION['recup_user']['password']; ?>" style="width:100%;" />
- </td>
- </tr>
-
- <tr>
- <td style="width:50%;text-align:left;">
- <label><b><?php echo _RA_CODE_1; ?></b></label>
- </td>
- <td style="width:50%;">
- <input type="password" name="ra_code" value="" style="width:100%;" />
- </td>
- </tr>
- <?php
- }
unset($_SESSION['recup_user']);
?>
</table>
diff --git a/apps/maarch_entreprise/smartphone/sign_file_rep.php b/apps/maarch_entreprise/smartphone/sign_file_rep.php
index 070122cddf8..3abc897d4a4 100755
--- a/apps/maarch_entreprise/smartphone/sign_file_rep.php
+++ b/apps/maarch_entreprise/smartphone/sign_file_rep.php
@@ -65,10 +65,6 @@ $_SESSION['doc_id'] = $res_id_master;
$db = new Database();
$stmt = $db->query("SELECT * from res_view_attachments WHERE res_id = ? AND status <> 'SIGN' AND attachment_type IN ('response_project','outgoing_mail','sva') ORDER BY relation desc", array($res_id_attach));
-if ($_SESSION['modules_loaded']['visa']['confirm_sign_by_email'] == 'true') {
- $codeSession = $_SESSION['user']['code_session'];
-}
-
while($line = $stmt->fetchObject()){
$objectId = $line->res_id;
diff --git a/apps/maarch_entreprise/smartphone/valid_sign.php b/apps/maarch_entreprise/smartphone/valid_sign.php
deleted file mode 100755
index e9c3b9ec7c2..00000000000
--- a/apps/maarch_entreprise/smartphone/valid_sign.php
+++ /dev/null
@@ -1,62 +0,0 @@
-<?php
-if (file_exists('../../../core/init.php')) {
- include_once '../../../core/init.php';
-}
-if (!isset($_SESSION['config']['corepath'])) {
- header('location: ../../../');
-}
-require_once('core/class/class_functions.php');
-require_once('core/class/class_core_tools.php');
-require_once('core/class/class_db_pdo.php');
-require_once('core/core_tables.php');
-require_once('apps/maarch_entreprise/apps_tables.php');
-require_once('core/class/class_security.php');
-require_once('core/class/class_history.php');
-
-require_once 'core/class/docservers_controler.php';
-require_once 'core/docservers_tools.php';
-require_once 'core/class/class_resource.php';
-
-require_once('apps/' . $_SESSION['config']['app_id'] . '/class/class_types.php');
-if ($_SESSION['collection_id_choice'] == 'res_coll') {
- $catPhp = 'definition_mail_categories_invoices.php';
-} else {
- $catPhp = 'definition_mail_categories.php';
-}
-if (file_exists(
- $_SESSION['config']['corepath'] . 'custom'. DIRECTORY_SEPARATOR
- . $_SESSION['custom_override_id'] . DIRECTORY_SEPARATOR . 'apps'
- . DIRECTORY_SEPARATOR . $_SESSION['config']['app_id'] . DIRECTORY_SEPARATOR
- . $catPhp
-)
-) {
- $path = $_SESSION['config']['corepath'] . 'custom'. DIRECTORY_SEPARATOR
- . $_SESSION['custom_override_id'] . DIRECTORY_SEPARATOR . 'apps'
- . DIRECTORY_SEPARATOR . $_SESSION['config']['app_id']
- . DIRECTORY_SEPARATOR . $catPhp;
-} else {
- $path = 'apps' . DIRECTORY_SEPARATOR . $_SESSION['config']['app_id']
- . DIRECTORY_SEPARATOR . $catPhp;
-}
-include_once $path;
-$core->load_lang();
-$users = new history();
-$sec = new security();
-
-$res_id_master = $_POST['res_id'];
-$code_session = $sec->getPasswordHash($_POST['code_session']);
-
-$db = new Database();
-$stmt = $db->query("SELECT ra_code, ra_expiration_date FROM users WHERE user_id = ?", array($_SESSION['user']['UserId']));
-$res = $stmt->fetchObject();
-$ra_code = $res->ra_code;
-$ra_expiration_date = $res->ra_expiration_date;
-
-if ($ra_code == $code_session){
- $db->query("UPDATE res_attachments SET status = 'TRA' WHERE res_id_master = ? AND status = 'TMP' AND attachment_type = 'signed_response'", array($res_id_master));
- $_SESSION['user']['code_session'] = $_POST['code_session'];
- echo "{status:1}";
-}
-else echo "{status:0, ra_code:'$ra_code', ra_expiration_date:'$ra_expiration_date', res_id_master:'$res_id_master', code_session:'$code_session'}";
-exit;
-?>
diff --git a/apps/maarch_entreprise/standard_connect.php b/apps/maarch_entreprise/standard_connect.php
index 9503a529766..f12ee19106d 100755
--- a/apps/maarch_entreprise/standard_connect.php
+++ b/apps/maarch_entreprise/standard_connect.php
@@ -10,94 +10,7 @@ function getHeaders()
return $headers;
}
-if (isset($_REQUEST['askRACode']) && $_REQUEST['askRACode'] == 'true') {
- echo '<div>';
- echo '<p>';
- echo ' <br /><br /><br /><br /><br /><br />';
- echo _ASK_RA_CODE_1 . functions::xssafe($_SESSION['user']['Mail']) . '<br />';
- echo '<br />';
- echo _ASK_RA_CODE_2 . '<br />';
- echo '<br />';
-
- echo '<input onclick="window.location.href=\''
- . $_SESSION['config']['businessappurl']
- .'index.php?display=true&confirmAskRACode=true&page=login'
- . '\'" type="button" class="button" name="submit" value="'._SEND.'" />';
- echo ' ';
-
- echo '<input onclick="window.location.href=\''
- . $_SESSION['config']['businessappurl'].'index.php?display=true&page=login'
- . '\'" type="button" class="button" name="submit" value="'._CANCEL.'" />';
-
- echo '</p>';
- echo '</div>';
-} elseif (isset($_REQUEST['confirmAskRACode']) && $_REQUEST['confirmAskRACode'] == 'true') {
- //generation du remote_access_code aléatoirement
- $authorized_characters = '123456789';
- $cpt_motDePasse = 1;
- $cptMax_motDePasse = 4;
- $max_rand = strlen($authorized_characters);
- $raCodeGenerated = '';
- while (strlen($raCodeGenerated) < $cptMax_motDePasse) {
- $raCodeGenerated .= rand(1, $max_rand);
- $cpt_motDePasse++;
- }
- //calcul de la date d'expiration
-
- $pathToIPFilter = '';
- if(file_exists($_SESSION['config']['corepath'].'custom'.DIRECTORY_SEPARATOR
- .$_SESSION['custom_override_id'].DIRECTORY_SEPARATOR.'apps'
- .DIRECTORY_SEPARATOR.$_SESSION['config']['app_id']
- .DIRECTORY_SEPARATOR.'xml'.DIRECTORY_SEPARATOR.'ip_filter.xml')){
- $pathToIPFilter = $_SESSION['config']['corepath']
- .'custom'.DIRECTORY_SEPARATOR.$_SESSION['custom_override_id']
- .DIRECTORY_SEPARATOR.'apps'.DIRECTORY_SEPARATOR
- .$_SESSION['config']['app_id'].DIRECTORY_SEPARATOR.'xml'.DIRECTORY_SEPARATOR.'ip_filter.xml';
- }
- else {
- $pathToIPFilter = 'apps'.DIRECTORY_SEPARATOR.$_SESSION['config']['app_id']
- .DIRECTORY_SEPARATOR.'xml'.DIRECTORY_SEPARATOR.'ip_filter.xml';
- }
- $ipArray = array();
- $ipArray = functions::object2array(simplexml_load_file($pathToIPFilter));
-
- $nextWeek = mktime(0, 0, 0, date("m"), date("d")+$ipArray['duration'], date("Y"));
- $expiration_date = date("Y-m-d", $nextWeek);
-
- $db = new Database();
- $db->query("UPDATE users set ra_code = ? WHERE user_id = ?", array(md5($raCodeGenerated), $_SESSION['user']['UserId']), false);
- $db->query("UPDATE users set ra_expiration_date = ? WHERE user_id = ?", array($expiration_date, $_SESSION['user']['UserId']), false);
-
- $mailDest = $db->query("SELECT mail FROM users WHERE user_id = ?", array($_SESSION['user']['UserId']), false);
-
- $mailToSend = '<html>';
- $mailToSend .= '<body>';
- $mailToSend .= '<p>';
- $mailToSend .= _CONFIRM_ASK_RA_CODE_1 . '<br />';
- $mailToSend .= _CONFIRM_ASK_RA_CODE_2 . $raCodeGenerated . ' <br />';
- $mailToSend .= _CONFIRM_ASK_RA_CODE_3 . $expiration_date . '<br />';
- $mailToSend .= _CONFIRM_ASK_RA_CODE_4 . '<a href="';
- $mailToSend .= $_SESSION['config']['coreurl'].'index.php?withRA_CODE';
- $mailToSend .= '">' . _CONFIRM_ASK_RA_CODE_5 . '</a>';
- $mailToSend .= '</p>';
- $mailToSend .= '</body>';
- $mailToSend .= '</html>';
-
- if (!mail(
- $_SESSION['user']['Mail'], _CONFIRM_ASK_RA_CODE_6, $mailToSend,
- "From: info@maarch.org\nReply-To: info@maarch.org \nContent-Type: text/html; charset=\"iso-8859-1\"\n")
- ) {
- echo 'mail not send';
- }
-
- $_SESSION['error'] = '_IP_NOT_ALLOWED';
- echo '<br /><br /><br /><br /><br /><br />';
- echo _CONFIRM_ASK_RA_CODE_7 . '<br /><br />';
- echo '<a href="';
- echo $_SESSION['config']['businessappurl'].'index.php?display=true&page=login';
- echo '">' . _CONFIRM_ASK_RA_CODE_8 . '</a>';
-} else {
- $userId = '';
+$userId = '';
echo '<form id="formlogin" method="post" action="'
. $_SESSION['config']['businessappurl']
. 'index.php?display=true&page=log';
@@ -110,43 +23,6 @@ echo '<form id="formlogin" method="post" action="'
echo '<div>';
echo '<input type="hidden" name="display" id="display" value="true" />';
echo '<input type="hidden" name="page" id="page" value="log" />';
- if ($_SESSION['error'] == '_IP_NOT_ALLOWED') {
- $_SESSION['error'] = '';
- $ipNotAllowed = true;
- $ra_code = true;
- $userId = functions::xssafe($_SESSION['user']['UserId']);
- echo '<div>';
- echo '<br /><br /><br /><br /><br /><br />';
- echo _TRYING_TO_CONNECT_FROM_NOT_ALLOWED_IP;
- echo '<br />';
- echo _PLEASE_ENTER_YOUR_RA_CODE;
- echo '</div>';
- }
- elseif ($_SESSION['error'] == '_IP_NOT_ALLOWED_NO_RA_CODE') {
- $_SESSION['error'] = '';
- $ipNotAllowed = true;
- $ra_code = false;
- $userId = $_SESSION['user']['UserId'];
- echo '<div>';
- echo _CAN_T_CONNECT_WITH_THIS_IP;
- //echo 'Vous ne pouvez pas vous connecter depuis un emplacement non répertorié.<br />';
- echo '</div>';
- }
- if ($ipNotAllowed && $ra_code) {
- if (!isset($_SESSION['withRA_CODE'])) {
- echo '<br /><p class="buttons">';
- echo '<input onclick="window.location.href=\''
- . $_SESSION['config']['businessappurl']
- .'index.php?display=true&askRACode=true&page=login'
- . '\'" type="button" class="button" name="submit" value="';
- echo _ASK_AN_RA_CODE;
- echo '" />';
- echo ' ';
- echo '</p>';
- } else {
- $_SESSION['withRA_CODE'] = '';
- }
- }
echo '<p>';
echo '<br/><label for="login">'._ID.'</label>';
echo '<input name="login" id="login" value="'.functions::xssafe($userId)
@@ -156,12 +32,6 @@ echo '<form id="formlogin" method="post" action="'
echo '<label for="pass">'._PASSWORD.'</label>';
echo '<input name="pass" id="pass" value="" type="password" />';
echo '</p>';
- if ($ipNotAllowed && $ra_code) {
- echo '<p>';
- echo '<label for="ra_code">' . _RA_CODE_1 . '</label>';
- echo '<input name="ra_code" id="pass" value="" type="password" />';
- echo '</p><br />';
- }
echo '<p>';
echo '<label> </label>';
echo '<input type="submit" class="button" name="submit" value="'._CONNECT.'" />';
@@ -175,9 +45,3 @@ echo '<form id="formlogin" method="post" action="'
echo '</div>';
echo '</div>';
echo '</form>';
- /*require_once('core/class/class_core_tools.php');
- $core = new core_tools();
- echo '<br /><br /><br /><br /><br /><br /><br /><br /><br /><p id="footer">';
- $core->load_footer();
- echo '</p>';*/
-}
diff --git a/apps/maarch_entreprise/xml/IVS/validation_rules.xml b/apps/maarch_entreprise/xml/IVS/validation_rules.xml
index 996162c3c83..d722a230700 100755
--- a/apps/maarch_entreprise/xml/IVS/validation_rules.xml
+++ b/apps/maarch_entreprise/xml/IVS/validation_rules.xml
@@ -329,7 +329,6 @@
<validationRule name="login" mode="error">
<parameter name="login" type="login" />
<parameter name="pass" type="string" />
- <parameter name="ra_code" type="integer" />
<parameter name="display" type="identifier" />
<parameter name="page" type="identifier" />
<parameter name="submit" type="string" />
diff --git a/core/class/class_security.php b/core/class/class_security.php
index 20ee4a5a9b3..3e428a233d8 100755
--- a/core/class/class_security.php
+++ b/core/class/class_security.php
@@ -112,25 +112,11 @@ class security extends Database
$comp = " and STATUS <> 'DEL'";
$params = [];
} else {
- if ($ra_code != false) {
- $comp = ' and '
- .'ra_code = :ra_code and ra_expiration_date >= :ra_expiration_date '
- .'and status <> :status '
- .'and (loginmode = :loginmode1 or loginmode = :loginmode2)';
- $params = array(
- 'ra_code' => $this->getPasswordHash($ra_code),
- 'ra_expiration_date' => date('Y-m-d 00:00:00'),
- 'status' => 'DEL',
- 'loginmode1' => 'standard',
- 'loginmode2' => 'sso',
- );
- } else {
- $comp = " and STATUS <> 'DEL' "
- .'and loginmode in (:loginmode1)';
- $params = ['loginmode1' => ['standard', 'sso', 'cas']];
- if ($method == 'restMode') {
- array_push($params['loginmode1'], 'restMode');
- }
+ $comp = " and STATUS <> 'DEL' "
+ .'and loginmode in (:loginmode1)';
+ $params = ['loginmode1' => ['standard', 'sso', 'cas']];
+ if ($method == 'restMode') {
+ array_push($params['loginmode1'], 'restMode');
}
}
} else {
@@ -171,7 +157,6 @@ class security extends Database
array_push($_SESSION['user']['pathToSignature'], $path);
}
- $_SESSION['user']['code_session'] = $ra_code;
}
$array = array(
'change_pass' => $user->__get('change_password'),
@@ -288,102 +273,6 @@ class security extends Database
}
}
- public function generateRaCode($login, $password = '', $redirect = true)
- {
- require_once 'apps/maarch_entreprise/class/class_users.php';
- $users = new class_users();
- $userInfo = $users->get_user($_SESSION['user']['UserId']);
-
- $authorized_characters = '0123456789';
- $cpt_motDePasse = 1;
- $cptMax_motDePasse = 4;
- $max_rand = strlen($authorized_characters);
- $raCodeGenerated = '';
- while (strlen($raCodeGenerated) < $cptMax_motDePasse) {
- $raCodeGenerated .= rand(1, $max_rand);
- ++$cpt_motDePasse;
- }
- $expireTSamp = mktime(date('H'), date('i') + 15, date('s'), date('m'), date('d'), date('Y'));
- $expiration_date = date('d-m-Y H:i:s', $expireTSamp);
-
- $db = new Database();
- $db->query('UPDATE users set ra_code = ? WHERE user_id = ?', array($this->getPasswordHash($raCodeGenerated), $_SESSION['user']['UserId']), false);
- $db->query('UPDATE users set ra_expiration_date = ? WHERE user_id = ?', array($expiration_date, $_SESSION['user']['UserId']), false);
-
- /* GENERATION DU MAIL */
- $mailToSend = '<html>';
- $mailToSend .= '<body>';
- $mailToSend .= '<p>';
- $mailToSend .= _CONFIRM_ASK_RA_CODE_1.'<br />';
- $mailToSend .= _CONFIRM_ASK_RA_CODE_2.$raCodeGenerated.' <br />';
- $mailToSend .= _CONFIRM_ASK_RA_CODE_3.$expiration_date.'<br />';
- $mailToSend .= '</p>';
- $mailToSend .= '</body>';
- $mailToSend .= '</html>';
-
- if (file_exists($_SESSION['config']['corepath'].'custom'.DIRECTORY_SEPARATOR
- .$_SESSION['custom_override_id'].DIRECTORY_SEPARATOR.'apps'
- .DIRECTORY_SEPARATOR.$_SESSION['config']['app_id']
- .DIRECTORY_SEPARATOR.'xml'.DIRECTORY_SEPARATOR.'config_sendmail_security.xml')) {
- $path_to_config = $_SESSION['config']['corepath']
- .'custom'.DIRECTORY_SEPARATOR.$_SESSION['custom_override_id']
- .DIRECTORY_SEPARATOR.'apps'.DIRECTORY_SEPARATOR
- .$_SESSION['config']['app_id'].DIRECTORY_SEPARATOR.'xml'.DIRECTORY_SEPARATOR.'config_sendmail_security.xml';
- } else {
- $path_to_config = 'apps'.DIRECTORY_SEPARATOR.$_SESSION['config']['app_id']
- .DIRECTORY_SEPARATOR.'xml'.DIRECTORY_SEPARATOR.'config_sendmail_security.xml';
- }
-
- $xmlconfig = simplexml_load_file($path_to_config);
- $mailerParams = $xmlconfig->MAILER;
-
- require_once (string) $mailerParams->path_to_mailer;
- $mailer = new PHPMailerOAuth();
- $mailer->SMTPDebug = 0;
-
- $mailer->Debugoutput = 'html';
- $mailer->Host = (string) $mailerParams->smtp_host;
- $mailer->Port = (string) $mailerParams->smtp_port;
- $mailer->SMTPSecure = (string) $mailerParams->smtp_secure;
- $mailer->SMTPAuth = filter_var($mailerParams->smtp_auth, FILTER_VALIDATE_BOOLEAN);
-
- $mailer->Username = (string) $mailerParams->smtp_user;
- $mailer->Password = (string) $mailerParams->smtp_password;
- $mailer->Helo = (string) $mailerParams->domains;
-
- if ((string) $mailerParams->type == 'smtp') {
- $mailer->isSMTP();
- }
- $mailer->setFrom((string) $mailerParams->mailfrom, (string) $mailerParams->mailfromname);
- $mailer->addReplyTo((string) $mailerParams->mailfrom, (string) $mailerParams->mailfromname);
- $mailer->addAddress($userInfo['mail']);
- $mailer->Subject = (string) $mailerParams->subject;
- $mailer->CharSet = (string) $mailerParams->charset;
- $mailer->msgHTML($mailToSend);
- if (!$mailer->send()) {
- $_SESSION['error'] .= ' mail not send to '.$userInfo['mail'].': '.$mailer->ErrorInfo;
-
- if ($redirect) {
- if ($_SESSION['isSmartphone']) {
- header('location: smartphone/index.php?page=login');
- } else {
- header('location: index.php?page=login&display=true');
- }
- }
- } else {
- $_SESSION['error'] .= ' '._CONFIRM_ASK_RA_CODE_7;
- $_SESSION['recup_user']['login'] = $login;
- $_SESSION['recup_user']['password'] = $password;
- if ($redirect) {
- if ($_SESSION['isSmartphone']) {
- header('location: smartphone/index.php?page=login&withRA_CODE=true');
- } else {
- header('location: index.php?page=login&withRA_CODE=true&display=true');
- }
- }
- }
- }
-
/**
* Reopens a session with the user's cookie.
*
diff --git a/sql/develop.sql b/sql/develop.sql
index 9b0d80241ac..30efeea52c4 100644
--- a/sql/develop.sql
+++ b/sql/develop.sql
@@ -83,3 +83,5 @@ ALTER TABLE security DROP COLUMN IF EXISTS rights_bitmask;
ALTER TABLE security DROP COLUMN IF EXISTS mr_start_date;
ALTER TABLE security DROP COLUMN IF EXISTS mr_stop_date;
ALTER TABLE security DROP COLUMN IF EXISTS where_target;
+ALTER TABLE users DROP COLUMN IF EXISTS ra_code;
+ALTER TABLE users DROP COLUMN IF EXISTS ra_expiration_date;
diff --git a/sql/structure.sql b/sql/structure.sql
index 9b08b9e72a7..d63b019fd21 100755
--- a/sql/structure.sql
+++ b/sql/structure.sql
@@ -233,8 +233,6 @@ CREATE TABLE users
cookie_key character varying(255) DEFAULT NULL::character varying,
cookie_date timestamp without time zone,
thumbprint text DEFAULT NULL::character varying,
- ra_code character varying(255) DEFAULT NULL::character varying,
- ra_expiration_date timestamp without time zone,
CONSTRAINT users_pkey PRIMARY KEY (user_id),
CONSTRAINT users_id_key UNIQUE (id)
)
--
GitLab