|
@@ -45,11 +45,11 @@ function check_user_password_openid($usertotest, $passwordtotest, $entitytotest)
|
|
|
// Get identity from user and redirect browser to OpenID Server
|
|
|
if (GETPOSTISSET('username')) {
|
|
|
$openid = new SimpleOpenID();
|
|
|
- $openid->SetIdentity($_POST['username']);
|
|
|
+ $openid->SetIdentity(GETPOST('username'));
|
|
|
$protocol = ($conf->file->main_force_https ? 'https://' : 'http://');
|
|
|
$openid->SetTrustRoot($protocol.$_SERVER["HTTP_HOST"]);
|
|
|
$openid->SetRequiredFields(array('email', 'fullname'));
|
|
|
- $_SESSION['dol_entity'] = $_POST["entity"];
|
|
|
+ $_SESSION['dol_entity'] = GETPOST("entity", 'int');
|
|
|
//$openid->SetOptionalFields(array('dob','gender','postcode','country','language','timezone'));
|
|
|
if ($openid->sendDiscoveryRequestToGetXRDS()) {
|
|
|
$openid->SetApprovedURL($protocol.$_SERVER["HTTP_HOST"].$_SERVER["SCRIPT_NAME"]); // Send Response from OpenID server to this script
|
|
@@ -62,15 +62,15 @@ function check_user_password_openid($usertotest, $passwordtotest, $entitytotest)
|
|
|
} elseif ($_GET['openid_mode'] == 'id_res') {
|
|
|
// Perform HTTP Request to OpenID server to validate key
|
|
|
$openid = new SimpleOpenID();
|
|
|
- $openid->SetIdentity($_GET['openid_identity']);
|
|
|
+ $openid->SetIdentity(GETPOST('openid_identity'));
|
|
|
$openid_validation_result = $openid->ValidateWithServer();
|
|
|
if ($openid_validation_result === true) {
|
|
|
// OK HERE KEY IS VALID
|
|
|
|
|
|
$sql = "SELECT login, entity, datestartvalidity, dateendvalidity";
|
|
|
$sql .= " FROM ".MAIN_DB_PREFIX."user";
|
|
|
- $sql .= " WHERE openid = '".$db->escape($_GET['openid_identity'])."'";
|
|
|
- $sql .= " AND entity IN (0,".($_SESSION["dol_entity"] ? $_SESSION["dol_entity"] : 1).")";
|
|
|
+ $sql .= " WHERE openid = '".$db->escape(GETPOST('openid_identity'))."'";
|
|
|
+ $sql .= " AND entity IN (0,".($_SESSION["dol_entity"] ? ((int) $_SESSION["dol_entity"]) : 1).")";
|
|
|
|
|
|
dol_syslog("functions_openid::check_user_password_openid", LOG_DEBUG);
|
|
|
$resql = $db->query($sql);
|
|
@@ -81,13 +81,13 @@ function check_user_password_openid($usertotest, $passwordtotest, $entitytotest)
|
|
|
if ($obj->datestartvalidity && $db->jdate($obj->datestartvalidity) > $now) {
|
|
|
// Load translation files required by the page
|
|
|
$langs->loadLangs(array('main', 'errors'));
|
|
|
- $_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
|
|
|
+ $_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorLoginDateValidity");
|
|
|
return '--bad-login-validity--';
|
|
|
}
|
|
|
if ($obj->dateendvalidity && $db->jdate($obj->dateendvalidity) < dol_get_first_hour($now)) {
|
|
|
// Load translation files required by the page
|
|
|
$langs->loadLangs(array('main', 'errors'));
|
|
|
- $_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
|
|
|
+ $_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorLoginDateValidity");
|
|
|
return '--bad-login-validity--';
|
|
|
}
|
|
|
|