NEW Introduce a config parameter $dolibarr_main_instance_unique_id

htdocs/admin/system/dolibarr.php

@@ -286,7 +286,8 @@ $configfileparameters=array(
 		'dolibarr_main_document_root'=> $langs->trans("DocumentRootServer"),
 		'?dolibarr_main_document_root_alt' => $langs->trans("DocumentRootServer").' (alt)',
 		'dolibarr_main_data_root' => $langs->trans("DataRootServer"),
-		'separator1' => '',
+        'dolibarr_main_instance_unique_id' => $langs->trans("InstanceUniqueID"),
+        'separator1' => '',
 		'dolibarr_main_db_host' => $langs->trans("DatabaseServer"),
 		'dolibarr_main_db_port' => $langs->trans("DatabasePort"),
 		'dolibarr_main_db_name' => $langs->trans("DatabaseName"),
@@ -391,7 +392,20 @@ foreach($configfileparameters as $key => $value)
 					++$i;
 				}
 			}
-			else print ${$newkey};
+			elseif ($newkey == 'dolibarr_main_instance_unique_id')
+			{
+			    //print $conf->file->instance_unique_id;
+			    global $dolibarr_main_cookie_cryptkey;
+			    $valuetoshow = ${$newkey} ? ${$newkey} : $dolibarr_main_cookie_cryptkey;
+			    print $valuetoshow;
+			    if (empty($valuetoshow)) {
+			        print img_warning("EditConfigFileToAddEntry", 'dolibarr_main_instance_unique_id');
+			    }
+			}
+			else
+			{
+			    print ${$newkey};
+			}
 			if ($newkey == 'dolibarr_main_url_root' && ${$newkey} != DOL_MAIN_URL_ROOT) print ' (currently overwritten by autodetected value: '.DOL_MAIN_URL_ROOT.')';
 			print "</td>";
 		}

htdocs/core/lib/functions.lib.php

@@ -574,34 +574,41 @@ if (! function_exists('dol_getprefix'))
 {
     /**
      *  Return a prefix to use for this Dolibarr instance, for session/cookie names or email id.
-     *  The prefix for session is unique in a web context only and is unique for instance and avoid conflict
-     *  between multi-instances, even when having two instances with same root dir or two instances in same virtual servers.
-     *  The prefix for email is unique if MAIL_PREFIX_FOR_EMAIL_ID is set to a value, otherwise value may be same than other instance.
+     *  The prefix is unique for instance and avoid conflict between multi-instances, even when having two instances with same root dir
+     *  or two instances in same virtual servers.
      *
      *  @param  string  $mode                   '' (prefix for session name) or 'email' (prefix for email id)
      *  @return	string                          A calculated prefix
      */
     function dol_getprefix($mode = '')
     {
-		global $conf;
+        global $conf;
 
 		// If prefix is for email
 		if ($mode == 'email')
 		{
-			if (! empty($conf->global->MAIL_PREFIX_FOR_EMAIL_ID))	// If MAIL_PREFIX_FOR_EMAIL_ID is set (a value initialized with a random value is recommended)
+		    if (! empty($conf->global->MAIL_PREFIX_FOR_EMAIL_ID))	// If MAIL_PREFIX_FOR_EMAIL_ID is set (a value initialized with a random value is recommended)
 			{
 				if ($conf->global->MAIL_PREFIX_FOR_EMAIL_ID != 'SERVER_NAME') return $conf->global->MAIL_PREFIX_FOR_EMAIL_ID;
 				elseif (isset($_SERVER["SERVER_NAME"])) return $_SERVER["SERVER_NAME"];
 			}
+
+			// The recommended value (may be not defined for old versions)
+			if (! empty($conf->file->instance_unique_id)) return $conf->file->instance_unique_id;
+
+			// For backward compatibility
 			return dol_hash(DOL_DOCUMENT_ROOT.DOL_URL_ROOT, '3');
 		}
 
+		// The recommended value (may be not defined for old versions)
+		if (! empty($conf->file->instance_unique_id)) return $conf->file->instance_unique_id;
+
+		// For backward compatibility
 		if (isset($_SERVER["SERVER_NAME"]) && isset($_SERVER["DOCUMENT_ROOT"]))
 		{
 			return dol_hash($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"].DOL_DOCUMENT_ROOT.DOL_URL_ROOT, '3');
-			// Use this for a "readable" key
-			//return dol_sanitizeFileName($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"].DOL_DOCUMENT_ROOT.DOL_URL_ROOT);
 		}
+
 		return dol_hash(DOL_DOCUMENT_ROOT.DOL_URL_ROOT, '3');
 	}
 }

htdocs/core/login/functions_googleoauth.php

@@ -0,0 +1,75 @@
+<?php
+/* Copyright (C) 2007-2013 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2007-2009 Regis Houssin        <regis.houssin@inodbox.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ *      \file       htdocs/core/login/functions_googleoauth.php
+ *      \ingroup    core
+ *      \brief      Authentication functions for Google OAuth mode using "Server flow"
+ *                  Another method could be to use the "Implicit flow" using Google-Signin library.
+ */
+
+
+
+
+
+//include_once DOL_DOCUMENT_ROOT.'/core/class/openid.class.php';
+
+
+/**
+ * Check validity of user/password/entity
+ * If test is ko, reason must be filled into $_SESSION["dol_loginmesg"]
+ *
+ * @param	string	$usertotest		Login
+ * @param	string	$passwordtotest	Password
+ * @param   int		$entitytotest   Number of instance (always 1 if module multicompany not enabled)
+ * @return	string					Login if OK, '' if KO
+ */
+function check_user_password_googleoauth($usertotest, $passwordtotest, $entitytotest)
+{
+    global $_POST,$db,$conf,$langs;
+
+    dol_syslog("functions_googleoauth::check_user_password_googleoauth usertotest=".$usertotest);
+
+    $login='';
+
+    // Get identity from user and redirect browser to Google OAuth Server
+    if (isset($_POST['username']))
+    {
+        /*$openid = new SimpleOpenID();
+        $openid->SetIdentity($_POST['username']);
+        $protocol = ($conf->file->main_force_https ? 'https://' : 'http://');
+        $openid->SetTrustRoot($protocol . $_SERVER["HTTP_HOST"]);
+        $openid->SetRequiredFields(array('email','fullname'));
+        $_SESSION['dol_entity'] = $_POST["entity"];
+        //$openid->SetOptionalFields(array('dob','gender','postcode','country','language','timezone'));
+        if ($openid->sendDiscoveryRequestToGetXRDS())
+        {
+            $openid->SetApprovedURL($protocol . $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"]);      // Send Response from OpenID server to this script
+            $openid->Redirect();     // This will redirect user to OpenID Server
+        }
+        else
+        {
+            $error = $openid->GetError();
+            return false;
+        }
+        return false;*/
+    }
+
+
+    return $login;
+}

htdocs/install/step1.php

@@ -956,7 +956,7 @@ function write_conf_file($conffile)
         fputs($fp, '$dolibarr_nocsrfcheck=\'0\';');
         fputs($fp, "\n");
 
-		fputs($fp, '$dolibarr_main_cookie_cryptkey=\''.$key.'\';');
+		fputs($fp, '$dolibarr_main_instance_unique_id=\''.$key.'\';');
 		fputs($fp, "\n");
 
 		fputs($fp, '$dolibarr_mailing_limit_sendbyweb=\'0\';');

htdocs/langs/en_US/admin.lang

@@ -1875,3 +1875,4 @@ WarningValueHigherSlowsDramaticalyOutput=Warning, higher values slows dramatical
 DebugBarModuleActivated=Module debugbar is activated and slows dramaticaly the interface
 EXPORTS_SHARE_MODELS=Export models are share with everybody
 ExportSetup=Setup of module Export
+InstanceUniqueID=Unique ID of the instance

htdocs/main.inc.php

@@ -398,7 +398,7 @@ if ((! defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && ! empty($conf->
 }
 
 // Disable modules (this must be after session_start and after conf has been loaded)
-if (GETPOST('disablemodules', 'alpha'))  $_SESSION["disablemodules"]=GETPOST('disablemodules', 'alpha');
+if (GETPOSTISSET('disablemodules'))  $_SESSION["disablemodules"]=GETPOST('disablemodules', 'alpha');
 if (! empty($_SESSION["disablemodules"]))
 {
 	$disabled_modules=explode(',', $_SESSION["disablemodules"]);
@@ -426,7 +426,7 @@ if(is_array($modulepart) && count($modulepart)>0)
 		if(in_array($module, $modulepart))
 		{
 			$conf->modulepart = $module;
-                        break;
+            break;
 		}
 	}
 }
@@ -437,7 +437,7 @@ if(is_array($modulepart) && count($modulepart)>0)
 $login='';
 if (! defined('NOLOGIN'))
 {
-	// $authmode lists the different means of identification to be tested in order of preference.
+	// $authmode lists the different method of identification to be tested in order of preference.
 	// Example: 'http', 'dolibarr', 'ldap', 'http,forceuser', '...'
 
 	if (defined('MAIN_AUTHENTICATION_MODE'))

htdocs/master.inc.php

@@ -65,7 +65,7 @@ $conf->file->mailing_limit_sendbycli	= $dolibarr_mailing_limit_sendbycli;
 $conf->file->main_authentication		= empty($dolibarr_main_authentication)?'':$dolibarr_main_authentication;	// Identification mode
 $conf->file->main_force_https			= empty($dolibarr_main_force_https)?'':$dolibarr_main_force_https;			// Force https
 $conf->file->strict_mode 				= empty($dolibarr_strict_mode)?'':$dolibarr_strict_mode;					// Force php strict mode (for debug)
-$conf->file->cookie_cryptkey			= empty($dolibarr_main_cookie_cryptkey)?'':$dolibarr_main_cookie_cryptkey;	// Cookie cryptkey
+$conf->file->instance_unique_id     	= empty($dolibarr_main_instance_unique_id)?(empty($dolibarr_main_cookie_cryptkey)?'':$dolibarr_main_cookie_cryptkey):$dolibarr_main_instance_unique_id;	// Unique id of instance
 $conf->file->dol_document_root			= array('main' => (string) DOL_DOCUMENT_ROOT);								// Define array of document root directories ('/home/htdocs')
 $conf->file->dol_url_root				= array('main' => (string) DOL_URL_ROOT);									// Define array of url root path ('' or '/dolibarr')
 if (! empty($dolibarr_main_document_root_alt))

htdocs/user/logout.php

@@ -70,14 +70,6 @@ if (GETPOST('dol_no_mouse_hover'))       $url.=(preg_match('/\?/', $url)?'&':'?'
 if (GETPOST('dol_use_jmobile'))          $url.=(preg_match('/\?/', $url)?'&':'?').'dol_use_jmobile=1';
 
 // Destroy session
-/*$prefix=dol_getprefix('');
-$sessionname='DOLSESSID_'.$prefix;
-$sessiontimeout='DOLSESSTIMEOUT_'.$prefix;
-if (! empty($_COOKIE[$sessiontimeout])) ini_set('session.gc_maxlifetime',$_COOKIE[$sessiontimeout]);
-session_name($sessionname);
-session_destroy();
-dol_syslog("End of session ".$sessionname);
-*/
 dol_syslog("End of session ".session_id());
 if (session_status() === PHP_SESSION_ACTIVE)
 {