alxarafe / alixar

dolibarr/htdocs/core/lib/security2.lib.php

Indentation +361 added lines, -361 removed lines

@@ -51,70 +51,70 @@ 
  */
 function checkLoginPassEntity($usertotest,$passwordtotest,$entitytotest,$authmode)
 {
-	global $conf,$langs;
+    global $conf,$langs;
     //global $dolauthmode;    // To return authentication finally used
 
-	// Check parameters
-	if ($entitytotest == '') $entitytotest=1;
+    // Check parameters
+    if ($entitytotest == '') $entitytotest=1;
 
     dol_syslog("checkLoginPassEntity usertotest=".$usertotest." entitytotest=".$entitytotest." authmode=".join(',',$authmode));
-	$login = '';
-
-	// Validation of login/pass/entity with standard modules
-	if (empty($login))
-	{
-	    $test=true;
-    	foreach($authmode as $mode)
-    	{
-    		if ($test && $mode && ! $login)
-    		{
-    		    // Validation of login/pass/entity for mode $mode
-    		    $mode=trim($mode);
-        		$authfile='functions_'.$mode.'.php';
-        		$fullauthfile='';
-
-    		    $dirlogin=array_merge(array("/core/login"),(array) $conf->modules_parts['login']);
-    		    foreach($dirlogin as $reldir)
-    		    {
-    		        $dir=dol_buildpath($reldir,0);
-    		        $newdir=dol_osencode($dir);
-
-    		        // Check if file found (do not use dol_is_file to avoid loading files.lib.php)
-    		        $tmpnewauthfile = $newdir.(preg_match('/\/$/',$newdir)?'':'/').$authfile;
-    		        if (is_file($tmpnewauthfile)) $fullauthfile=$tmpnewauthfile;
-    		    }
-
-    		    $result=false;
-    		    if ($fullauthfile) $result=include_once $fullauthfile;
-    			if ($fullauthfile && $result)
-    			{
-    				// Call function to check user/password
-    				$function='check_user_password_'.$mode;
-    				$login=call_user_func($function, $usertotest, $passwordtotest, $entitytotest);
-    				if ($login)	// Login is successfull
-    				{
-    					$test=false;            // To stop once at first login success
-    					$conf->authmode=$mode;	// This properties is defined only when logged to say what mode was successfully used
-    					$dol_tz=GETPOST('tz');
-    					$dol_dst=GETPOST('dst');
-    					$dol_screenwidth=GETPOST('screenwidth');
-    					$dol_screenheight=GETPOST('screenheight');
-    				}
-    			}
-    			else
-    			{
-    				dol_syslog("Authentification ko - failed to load file '".$authfile."'", LOG_ERR);
-    				sleep(1);
-    				// Load translation files required by the page
+    $login = '';
+
+    // Validation of login/pass/entity with standard modules
+    if (empty($login))
+    {
+        $test=true;
+        foreach($authmode as $mode)
+        {
+            if ($test && $mode && ! $login)
+            {
+                // Validation of login/pass/entity for mode $mode
+                $mode=trim($mode);
+                $authfile='functions_'.$mode.'.php';
+                $fullauthfile='';
+
+                $dirlogin=array_merge(array("/core/login"),(array) $conf->modules_parts['login']);
+                foreach($dirlogin as $reldir)
+                {
+                    $dir=dol_buildpath($reldir,0);
+                    $newdir=dol_osencode($dir);
+
+                    // Check if file found (do not use dol_is_file to avoid loading files.lib.php)
+                    $tmpnewauthfile = $newdir.(preg_match('/\/$/',$newdir)?'':'/').$authfile;
+                    if (is_file($tmpnewauthfile)) $fullauthfile=$tmpnewauthfile;
+                }
+
+                $result=false;
+                if ($fullauthfile) $result=include_once $fullauthfile;
+                if ($fullauthfile && $result)
+                {
+                    // Call function to check user/password
+                    $function='check_user_password_'.$mode;
+                    $login=call_user_func($function, $usertotest, $passwordtotest, $entitytotest);
+                    if ($login)	// Login is successfull
+                    {
+                        $test=false;            // To stop once at first login success
+                        $conf->authmode=$mode;	// This properties is defined only when logged to say what mode was successfully used
+                        $dol_tz=GETPOST('tz');
+                        $dol_dst=GETPOST('dst');
+                        $dol_screenwidth=GETPOST('screenwidth');
+                        $dol_screenheight=GETPOST('screenheight');
+                    }
+                }
+                else
+                {
+                    dol_syslog("Authentification ko - failed to load file '".$authfile."'", LOG_ERR);
+                    sleep(1);
+                    // Load translation files required by the page
                     $langs->loadLangs(array('other', 'main', 'errors'));
 
-    				$_SESSION["dol_loginmesg"]=$langs->trans("ErrorFailedToLoadLoginFileForMode", $mode);
-    			}
-    		}
-    	}
-	}
+                    $_SESSION["dol_loginmesg"]=$langs->trans("ErrorFailedToLoadLoginFileForMode", $mode);
+                }
+            }
+        }
+    }
 
-	return $login;
+    return $login;
 }
 
 
@@ -130,29 +130,29 @@ 
      * @return      void
      */
     function dol_loginfunction($langs,$conf,$mysoc)
-	{
-		global $dolibarr_main_demo,$db;
-		global $smartphone,$hookmanager;
+    {
+        global $dolibarr_main_demo,$db;
+        global $smartphone,$hookmanager;
 
-		$langs->loadLangs(array("main","other","help","admin"));
+        $langs->loadLangs(array("main","other","help","admin"));
 
-		// Instantiate hooks of thirdparty module only if not already define
+        // Instantiate hooks of thirdparty module only if not already define
         $hookmanager->initHooks(array('mainloginpage'));
 
         $main_authentication = $conf->file->main_authentication;
 
         $session_name=session_name();	// Get current session name
 
-		$dol_url_root = DOL_URL_ROOT;
+        $dol_url_root = DOL_URL_ROOT;
 
-		// Title
-		$appli=constant('DOL_APPLICATION_TITLE');
-		$title=$appli.' '.constant('DOL_VERSION');
-		if (! empty($conf->global->MAIN_APPLICATION_TITLE)) $title=$conf->global->MAIN_APPLICATION_TITLE;
-		$titletruedolibarrversion=constant('DOL_VERSION');	// $title used by login template after the @ to inform of true Dolibarr version
+        // Title
+        $appli=constant('DOL_APPLICATION_TITLE');
+        $title=$appli.' '.constant('DOL_VERSION');
+        if (! empty($conf->global->MAIN_APPLICATION_TITLE)) $title=$conf->global->MAIN_APPLICATION_TITLE;
+        $titletruedolibarrversion=constant('DOL_VERSION');	// $title used by login template after the @ to inform of true Dolibarr version
 
-		// Note: $conf->css looks like '/theme/eldy/style.css.php'
-		/*
+        // Note: $conf->css looks like '/theme/eldy/style.css.php'
+        /*
 		$conf->css = "/theme/".(GETPOST('theme','alpha')?GETPOST('theme','alpha'):$conf->theme)."/style.css.php";
 		$themepath=dol_buildpath($conf->css,1);
 		if (! empty($conf->modules_parts['theme']))		// Using this feature slow down application
@@ -169,138 +169,138 @@ 
 		$conf_css = $themepath."?lang=".$langs->defaultlang;
 		*/
 
-		// Select templates dir
-		if (! empty($conf->modules_parts['tpl']))	// Using this feature slow down application
-		{
-			$dirtpls=array_merge($conf->modules_parts['tpl'],array('/core/tpl/'));
-			foreach($dirtpls as $reldir)
-			{
-				$tmp=dol_buildpath($reldir.'login.tpl.php');
-				if (file_exists($tmp)) { $template_dir=preg_replace('/login\.tpl\.php$/','',$tmp); break; }
-			}
-		}
-		else
-		{
-			$template_dir = DOL_DOCUMENT_ROOT."/core/tpl/";
-		}
+        // Select templates dir
+        if (! empty($conf->modules_parts['tpl']))	// Using this feature slow down application
+        {
+            $dirtpls=array_merge($conf->modules_parts['tpl'],array('/core/tpl/'));
+            foreach($dirtpls as $reldir)
+            {
+                $tmp=dol_buildpath($reldir.'login.tpl.php');
+                if (file_exists($tmp)) { $template_dir=preg_replace('/login\.tpl\.php$/','',$tmp); break; }
+            }
+        }
+        else
+        {
+            $template_dir = DOL_DOCUMENT_ROOT."/core/tpl/";
+        }
 
-		// Set cookie for timeout management
-		$prefix=dol_getprefix('');
-		$sessiontimeout='DOLSESSTIMEOUT_'.$prefix;
-		if (! empty($conf->global->MAIN_SESSION_TIMEOUT)) setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", null, false, true);
+        // Set cookie for timeout management
+        $prefix=dol_getprefix('');
+        $sessiontimeout='DOLSESSTIMEOUT_'.$prefix;
+        if (! empty($conf->global->MAIN_SESSION_TIMEOUT)) setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", null, false, true);
 
-		if (GETPOST('urlfrom','alpha')) $_SESSION["urlfrom"]=GETPOST('urlfrom','alpha');
-		else unset($_SESSION["urlfrom"]);
+        if (GETPOST('urlfrom','alpha')) $_SESSION["urlfrom"]=GETPOST('urlfrom','alpha');
+        else unset($_SESSION["urlfrom"]);
 
-		if (! GETPOST("username",'alpha')) $focus_element='username';
-		else $focus_element='password';
+        if (! GETPOST("username",'alpha')) $focus_element='username';
+        else $focus_element='password';
 
-		$demologin='';
-		$demopassword='';
-		if (! empty($dolibarr_main_demo))
-		{
-			$tab=explode(',',$dolibarr_main_demo);
-			$demologin=$tab[0];
-			$demopassword=$tab[1];
-		}
+        $demologin='';
+        $demopassword='';
+        if (! empty($dolibarr_main_demo))
+        {
+            $tab=explode(',',$dolibarr_main_demo);
+            $demologin=$tab[0];
+            $demopassword=$tab[1];
+        }
 
-		// Execute hook getLoginPageOptions (for table)
-		$parameters=array('entity' => GETPOST('entity','int'));
-		$reshook = $hookmanager->executeHooks('getLoginPageOptions',$parameters);    // Note that $action and $object may have been modified by some hooks.
-		if (is_array($hookmanager->resArray) && ! empty($hookmanager->resArray)) {
-			$morelogincontent = $hookmanager->resArray; // (deprecated) For compatibility
-		} else {
-			$morelogincontent = $hookmanager->resPrint;
-		}
+        // Execute hook getLoginPageOptions (for table)
+        $parameters=array('entity' => GETPOST('entity','int'));
+        $reshook = $hookmanager->executeHooks('getLoginPageOptions',$parameters);    // Note that $action and $object may have been modified by some hooks.
+        if (is_array($hookmanager->resArray) && ! empty($hookmanager->resArray)) {
+            $morelogincontent = $hookmanager->resArray; // (deprecated) For compatibility
+        } else {
+            $morelogincontent = $hookmanager->resPrint;
+        }
 
-		// Execute hook getLoginPageExtraOptions (eg for js)
-		$parameters=array('entity' => GETPOST('entity','int'));
-		$reshook = $hookmanager->executeHooks('getLoginPageExtraOptions',$parameters);    // Note that $action and $object may have been modified by some hooks.
-		$moreloginextracontent = $hookmanager->resPrint;
+        // Execute hook getLoginPageExtraOptions (eg for js)
+        $parameters=array('entity' => GETPOST('entity','int'));
+        $reshook = $hookmanager->executeHooks('getLoginPageExtraOptions',$parameters);    // Note that $action and $object may have been modified by some hooks.
+        $moreloginextracontent = $hookmanager->resPrint;
 
-		// Login
-		$login = (! empty($hookmanager->resArray['username']) ? $hookmanager->resArray['username'] : (GETPOST("username","alpha") ? GETPOST("username","alpha") : $demologin));
-		$password = $demopassword;
+        // Login
+        $login = (! empty($hookmanager->resArray['username']) ? $hookmanager->resArray['username'] : (GETPOST("username","alpha") ? GETPOST("username","alpha") : $demologin));
+        $password = $demopassword;
 
-		// Show logo (search in order: small company logo, large company logo, theme logo, common logo)
-		$width=0;
-		$urllogo = DOL_BASE_URI . '/theme/login_logo.png';
+        // Show logo (search in order: small company logo, large company logo, theme logo, common logo)
+        $width=0;
+        $urllogo = DOL_BASE_URI . '/theme/login_logo.png';
 
         if (! empty($mysoc->logo_small) && is_readable($conf->mycompany->dir_output.'/logos/thumbs/'.$mysoc->logo_small))
-		{
-			$urllogo=DOL_URL_ROOT.'/viewimage.php?cache=1&modulepart=mycompany&file='.urlencode('logos/thumbs/'.$mysoc->logo_small);
-		}
-		elseif (! empty($mysoc->logo) && is_readable($conf->mycompany->dir_output.'/logos/'.$mysoc->logo))
-		{
-			$urllogo=DOL_URL_ROOT.'/viewimage.php?cache=1&modulepart=mycompany&file='.urlencode('logos/'.$mysoc->logo);
-			$width=128;
-		}
-		elseif (is_readable(DOL_BASE_URI . '/theme/' . $conf->theme . '/img/dolibarr_logo.png')) {
-			$urllogo = DOL_BASE_URI . '/theme/' . $conf->theme . '/img/dolibarr_logo.png';
+        {
+            $urllogo=DOL_URL_ROOT.'/viewimage.php?cache=1&modulepart=mycompany&file='.urlencode('logos/thumbs/'.$mysoc->logo_small);
         }
-		elseif (is_readable(DOL_BASE_URI . '/theme/dolibarr_logo.png')) {
-			$urllogo = DOL_BASE_URI . '/theme/dolibarr_logo.png';
+        elseif (! empty($mysoc->logo) && is_readable($conf->mycompany->dir_output.'/logos/'.$mysoc->logo))
+        {
+            $urllogo=DOL_URL_ROOT.'/viewimage.php?cache=1&modulepart=mycompany&file='.urlencode('logos/'.$mysoc->logo);
+            $width=128;
+        }
+        elseif (is_readable(DOL_BASE_URI . '/theme/' . $conf->theme . '/img/dolibarr_logo.png')) {
+            $urllogo = DOL_BASE_URI . '/theme/' . $conf->theme . '/img/dolibarr_logo.png';
+        }
+        elseif (is_readable(DOL_BASE_URI . '/theme/dolibarr_logo.png')) {
+            $urllogo = DOL_BASE_URI . '/theme/dolibarr_logo.png';
         }
 
-		// Security graphical code
-		$captcha=0;
-		$captcha_refresh='';
-		if (function_exists("imagecreatefrompng") && ! empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA))
-		{
-			$captcha=1;
-			$captcha_refresh=img_picto($langs->trans("Refresh"),'refresh','id="captcha_refresh_img"');
-		}
-
-		// Extra link
-		$forgetpasslink=0;
-		$helpcenterlink=0;
-		if (empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK) || empty($conf->global->MAIN_HELPCENTER_DISABLELINK))
-		{
-			if (empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK))
-			{
-				$forgetpasslink=1;
-			}
+        // Security graphical code
+        $captcha=0;
+        $captcha_refresh='';
+        if (function_exists("imagecreatefrompng") && ! empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA))
+        {
+            $captcha=1;
+            $captcha_refresh=img_picto($langs->trans("Refresh"),'refresh','id="captcha_refresh_img"');
+        }
 
-			if (empty($conf->global->MAIN_HELPCENTER_DISABLELINK))
-			{
-				$helpcenterlink=1;
-			}
-		}
+        // Extra link
+        $forgetpasslink=0;
+        $helpcenterlink=0;
+        if (empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK) || empty($conf->global->MAIN_HELPCENTER_DISABLELINK))
+        {
+            if (empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK))
+            {
+                $forgetpasslink=1;
+            }
+
+            if (empty($conf->global->MAIN_HELPCENTER_DISABLELINK))
+            {
+                $helpcenterlink=1;
+            }
+        }
 
-		// Home message
-		$main_home='';
-		if (! empty($conf->global->MAIN_HOME))
-		{
-		    $substitutionarray=getCommonSubstitutionArray($langs);
-		    complete_substitutions_array($substitutionarray, $langs);
-		    $texttoshow = make_substitutions($conf->global->MAIN_HOME, $substitutionarray, $langs);
+        // Home message
+        $main_home='';
+        if (! empty($conf->global->MAIN_HOME))
+        {
+            $substitutionarray=getCommonSubstitutionArray($langs);
+            complete_substitutions_array($substitutionarray, $langs);
+            $texttoshow = make_substitutions($conf->global->MAIN_HOME, $substitutionarray, $langs);
 
-			$main_home=dol_htmlcleanlastbr($texttoshow);
-		}
+            $main_home=dol_htmlcleanlastbr($texttoshow);
+        }
 
-		// Google AD
-		$main_google_ad_client = ((! empty($conf->global->MAIN_GOOGLE_AD_CLIENT) && ! empty($conf->global->MAIN_GOOGLE_AD_SLOT))?1:0);
+        // Google AD
+        $main_google_ad_client = ((! empty($conf->global->MAIN_GOOGLE_AD_CLIENT) && ! empty($conf->global->MAIN_GOOGLE_AD_SLOT))?1:0);
 
-		// Set jquery theme
-		$dol_loginmesg = (! empty($_SESSION["dol_loginmesg"])?$_SESSION["dol_loginmesg"]:'');
-		$favicon=dol_buildpath('/theme/'.$conf->theme.'/img/favicon.ico',1);
-		if (! empty($conf->global->MAIN_FAVICON_URL)) $favicon=$conf->global->MAIN_FAVICON_URL;
-		$jquerytheme = 'base';
-		if (! empty($conf->global->MAIN_USE_JQUERY_THEME)) $jquerytheme = $conf->global->MAIN_USE_JQUERY_THEME;
+        // Set jquery theme
+        $dol_loginmesg = (! empty($_SESSION["dol_loginmesg"])?$_SESSION["dol_loginmesg"]:'');
+        $favicon=dol_buildpath('/theme/'.$conf->theme.'/img/favicon.ico',1);
+        if (! empty($conf->global->MAIN_FAVICON_URL)) $favicon=$conf->global->MAIN_FAVICON_URL;
+        $jquerytheme = 'base';
+        if (! empty($conf->global->MAIN_USE_JQUERY_THEME)) $jquerytheme = $conf->global->MAIN_USE_JQUERY_THEME;
 
-		// Set dol_hide_topmenu, dol_hide_leftmenu, dol_optimize_smallscreen, dol_no_mouse_hover
-		$dol_hide_topmenu=GETPOST('dol_hide_topmenu','int');
-		$dol_hide_leftmenu=GETPOST('dol_hide_leftmenu','int');
-		$dol_optimize_smallscreen=GETPOST('dol_optimize_smallscreen','int');
-		$dol_no_mouse_hover=GETPOST('dol_no_mouse_hover','int');
-		$dol_use_jmobile=GETPOST('dol_use_jmobile','int');
+        // Set dol_hide_topmenu, dol_hide_leftmenu, dol_optimize_smallscreen, dol_no_mouse_hover
+        $dol_hide_topmenu=GETPOST('dol_hide_topmenu','int');
+        $dol_hide_leftmenu=GETPOST('dol_hide_leftmenu','int');
+        $dol_optimize_smallscreen=GETPOST('dol_optimize_smallscreen','int');
+        $dol_no_mouse_hover=GETPOST('dol_no_mouse_hover','int');
+        $dol_use_jmobile=GETPOST('dol_use_jmobile','int');
 
-		// Include login page template
-		include $template_dir.'login.tpl.php';
+        // Include login page template
+        include $template_dir.'login.tpl.php';
 
 
-		$_SESSION["dol_loginmesg"] = '';
-	}
+        $_SESSION["dol_loginmesg"] = '';
+    }
 }
 
 /**
@@ -313,23 +313,23 @@ 
  */
 function makesalt($type=CRYPT_SALT_LENGTH)
 {
-	dol_syslog("makesalt type=".$type);
-	switch($type)
-	{
-		case 12:	// 8 + 4
-			$saltlen=8; $saltprefix='$1$'; $saltsuffix='$'; break;
-		case 8:		// 8 (Pour compatibilite, ne devrait pas etre utilise)
-			$saltlen=8; $saltprefix='$1$'; $saltsuffix='$'; break;
-		case 2:		// 2
-		default: 	// by default, fall back on Standard DES (should work everywhere)
-			$saltlen=2; $saltprefix=''; $saltsuffix=''; break;
-	}
-	$salt='';
-	while(dol_strlen($salt) < $saltlen) $salt.=chr(mt_rand(64,126));
-
-	$result=$saltprefix.$salt.$saltsuffix;
-	dol_syslog("makesalt return=".$result);
-	return $result;
+    dol_syslog("makesalt type=".$type);
+    switch($type)
+    {
+        case 12:	// 8 + 4
+            $saltlen=8; $saltprefix='$1$'; $saltsuffix='$'; break;
+        case 8:		// 8 (Pour compatibilite, ne devrait pas etre utilise)
+            $saltlen=8; $saltprefix='$1$'; $saltsuffix='$'; break;
+        case 2:		// 2
+        default: 	// by default, fall back on Standard DES (should work everywhere)
+            $saltlen=2; $saltprefix=''; $saltsuffix=''; break;
+    }
+    $salt='';
+    while(dol_strlen($salt) < $saltlen) $salt.=chr(mt_rand(64,126));
+
+    $result=$saltprefix.$salt.$saltsuffix;
+    dol_syslog("makesalt return=".$result);
+    return $result;
 }
 
 /**
@@ -340,102 +340,102 @@ 
  */
 function encodedecode_dbpassconf($level=0)
 {
-	dol_syslog("encodedecode_dbpassconf level=".$level, LOG_DEBUG);
-	$config = '';
-	$passwd='';
-	$passwd_crypted='';
-
-	if ($fp = fopen(DOL_DOCUMENT_ROOT.'/conf/conf.php','r'))
-	{
-		while(!feof($fp))
-		{
-			$buffer = fgets($fp,4096);
-
-			$lineofpass=0;
-
-			if (preg_match('/^[^#]*dolibarr_main_db_encrypted_pass[\s]*=[\s]*(.*)/i',$buffer,$reg))	// Old way to save crypted value
-			{
-				$val = trim($reg[1]);	// This also remove CR/LF
-				$val=preg_replace('/^["\']/','',$val);
-				$val=preg_replace('/["\'][\s;]*$/','',$val);
-				if (! empty($val))
-				{
-					$passwd_crypted = $val;
-					$val = dol_decode($val);
-					$passwd = $val;
-					$lineofpass=1;
-				}
-			}
-			elseif (preg_match('/^[^#]*dolibarr_main_db_pass[\s]*=[\s]*(.*)/i',$buffer,$reg))
-			{
-				$val = trim($reg[1]);	// This also remove CR/LF
-				$val=preg_replace('/^["\']/','',$val);
-				$val=preg_replace('/["\'][\s;]*$/','',$val);
-				if (preg_match('/crypted:/i',$buffer))
-				{
-					$val = preg_replace('/crypted:/i','',$val);
-					$passwd_crypted = $val;
-					$val = dol_decode($val);
-					$passwd = $val;
-				}
-				else
-				{
-					$passwd = $val;
-					$val = dol_encode($val);
-					$passwd_crypted = $val;
-				}
-				$lineofpass=1;
-			}
-
-			// Output line
-			if ($lineofpass)
-			{
-				// Add value at end of file
-				if ($level == 0)
-				{
-					$config .= '$dolibarr_main_db_pass=\''.$passwd.'\';'."\n";
-				}
-				if ($level == 1)
-				{
-					$config .= '$dolibarr_main_db_pass=\'crypted:'.$passwd_crypted.'\';'."\n";
-				}
-
-				//print 'passwd = '.$passwd.' - passwd_crypted = '.$passwd_crypted;
-				//exit;
-			}
-			else
-			{
-				$config .= $buffer;
-			}
-		}
-		fclose($fp);
-
-		// Write new conf file
-		$file=DOL_DOCUMENT_ROOT.'/conf/conf.php';
-		if ($fp = @fopen($file,'w'))
-		{
-			fputs($fp, $config);
-			fflush($fp);
-			fclose($fp);
-			clearstatcache();
-
-			// It's config file, so we set read permission for creator only.
-			// Should set permission to web user and groups for users used by batch
-			//@chmod($file, octdec('0600'));
-
-			return 1;
-		}
-		else
-		{
-			dol_syslog("encodedecode_dbpassconf Failed to open conf.php file for writing", LOG_WARNING);
-			return -1;
-		}
-	}
-	else
-	{
-		dol_syslog("encodedecode_dbpassconf Failed to read conf.php", LOG_ERR);
-		return -2;
-	}
+    dol_syslog("encodedecode_dbpassconf level=".$level, LOG_DEBUG);
+    $config = '';
+    $passwd='';
+    $passwd_crypted='';
+
+    if ($fp = fopen(DOL_DOCUMENT_ROOT.'/conf/conf.php','r'))
+    {
+        while(!feof($fp))
+        {
+            $buffer = fgets($fp,4096);
+
+            $lineofpass=0;
+
+            if (preg_match('/^[^#]*dolibarr_main_db_encrypted_pass[\s]*=[\s]*(.*)/i',$buffer,$reg))	// Old way to save crypted value
+            {
+                $val = trim($reg[1]);	// This also remove CR/LF
+                $val=preg_replace('/^["\']/','',$val);
+                $val=preg_replace('/["\'][\s;]*$/','',$val);
+                if (! empty($val))
+                {
+                    $passwd_crypted = $val;
+                    $val = dol_decode($val);
+                    $passwd = $val;
+                    $lineofpass=1;
+                }
+            }
+            elseif (preg_match('/^[^#]*dolibarr_main_db_pass[\s]*=[\s]*(.*)/i',$buffer,$reg))
+            {
+                $val = trim($reg[1]);	// This also remove CR/LF
+                $val=preg_replace('/^["\']/','',$val);
+                $val=preg_replace('/["\'][\s;]*$/','',$val);
+                if (preg_match('/crypted:/i',$buffer))
+                {
+                    $val = preg_replace('/crypted:/i','',$val);
+                    $passwd_crypted = $val;
+                    $val = dol_decode($val);
+                    $passwd = $val;
+                }
+                else
+                {
+                    $passwd = $val;
+                    $val = dol_encode($val);
+                    $passwd_crypted = $val;
+                }
+                $lineofpass=1;
+            }
+
+            // Output line
+            if ($lineofpass)
+            {
+                // Add value at end of file
+                if ($level == 0)
+                {
+                    $config .= '$dolibarr_main_db_pass=\''.$passwd.'\';'."\n";
+                }
+                if ($level == 1)
+                {
+                    $config .= '$dolibarr_main_db_pass=\'crypted:'.$passwd_crypted.'\';'."\n";
+                }
+
+                //print 'passwd = '.$passwd.' - passwd_crypted = '.$passwd_crypted;
+                //exit;
+            }
+            else
+            {
+                $config .= $buffer;
+            }
+        }
+        fclose($fp);
+
+        // Write new conf file
+        $file=DOL_DOCUMENT_ROOT.'/conf/conf.php';
+        if ($fp = @fopen($file,'w'))
+        {
+            fputs($fp, $config);
+            fflush($fp);
+            fclose($fp);
+            clearstatcache();
+
+            // It's config file, so we set read permission for creator only.
+            // Should set permission to web user and groups for users used by batch
+            //@chmod($file, octdec('0600'));
+
+            return 1;
+        }
+        else
+        {
+            dol_syslog("encodedecode_dbpassconf Failed to open conf.php file for writing", LOG_WARNING);
+            return -1;
+        }
+    }
+    else
+    {
+        dol_syslog("encodedecode_dbpassconf Failed to read conf.php", LOG_ERR);
+        return -2;
+    }
 }
 
 /**
@@ -448,72 +448,72 @@ 
  */
 function getRandomPassword($generic=false, $replaceambiguouschars=null)
 {
-	global $db,$conf,$langs,$user;
-
-	$generated_password='';
-	if ($generic)
-	{
-		$length = 32;
-		$lowercase = "qwertyuiopasdfghjklzxcvbnm";
-		$uppercase = "ASDFGHJKLZXCVBNMQWERTYUIOP";
-		$numbers = "1234567890";
-		$randomCode = "";
-		$nbofchar = round($length/3);
-		$nbofcharlast = ($length - 2*$nbofchar);
-		//var_dump($nbofchar.'-'.$nbofcharlast);
-		if (function_exists('random_int'))	// Cryptographic random
-		{
-			$max = strlen($lowercase) - 1;
-			for ($x = 0; $x < $nbofchar; $x++) {
-				$randomCode .= $lowercase{random_int(0, $max)};
-			}
-			$max = strlen($uppercase) - 1;
-			for ($x = 0; $x < $nbofchar; $x++) {
-				$randomCode .= $uppercase{random_int(0, $max)};
-			}
-			$max = strlen($numbers) - 1;
-			for ($x = 0; $x < $nbofcharlast; $x++) {
-				$randomCode .= $numbers{random_int(0, $max)};
-			}
-
-			$generated_password=str_shuffle($randomCode);
-		}
-		else	// Old platform, non cryptographic random
-		{
-			$max = strlen($lowercase) - 1;
-			for ($x = 0; $x < $nbofchar; $x++) {
-				$randomCode .= $lowercase{mt_rand(0, $max)};
-			}
-			$max = strlen($uppercase) - 1;
-			for ($x = 0; $x < $nbofchar; $x++) {
-				$randomCode .= $uppercase{mt_rand(0, $max)};
-			}
-			$max = strlen($numbers) - 1;
-			for ($x = 0; $x < $nbofcharlast; $x++) {
-				$randomCode .= $numbers{mt_rand(0, $max)};
-			}
-
-			$generated_password=str_shuffle($randomCode);
-		}
-	}
-	else if (! empty($conf->global->USER_PASSWORD_GENERATED))
-	{
-		$nomclass="modGeneratePass".ucfirst($conf->global->USER_PASSWORD_GENERATED);
-		$nomfichier=$nomclass.".class.php";
-		//print DOL_DOCUMENT_ROOT."/core/modules/security/generate/".$nomclass;
-		require_once DOL_DOCUMENT_ROOT."/core/modules/security/generate/".$nomfichier;
-		$genhandler=new $nomclass($db,$conf,$langs,$user);
-		$generated_password=$genhandler->getNewGeneratedPassword();
-		unset($genhandler);
-	}
-
-	// Do we have to discard some alphabetic characters ?
-	if (is_array($replaceambiguouschars) && count($replaceambiguouschars) > 0)
-	{
-		$numbers = "ABCDEF";
-		$max = strlen($numbers) - 1;
-		$generated_password=str_replace($replaceambiguouschars, $numbers{random_int(0, $max)}, $generated_password);
-	}
-
-	return $generated_password;
+    global $db,$conf,$langs,$user;
+
+    $generated_password='';
+    if ($generic)
+    {
+        $length = 32;
+        $lowercase = "qwertyuiopasdfghjklzxcvbnm";
+        $uppercase = "ASDFGHJKLZXCVBNMQWERTYUIOP";
+        $numbers = "1234567890";
+        $randomCode = "";
+        $nbofchar = round($length/3);
+        $nbofcharlast = ($length - 2*$nbofchar);
+        //var_dump($nbofchar.'-'.$nbofcharlast);
+        if (function_exists('random_int'))	// Cryptographic random
+        {
+            $max = strlen($lowercase) - 1;
+            for ($x = 0; $x < $nbofchar; $x++) {
+                $randomCode .= $lowercase{random_int(0, $max)};
+            }
+            $max = strlen($uppercase) - 1;
+            for ($x = 0; $x < $nbofchar; $x++) {
+                $randomCode .= $uppercase{random_int(0, $max)};
+            }
+            $max = strlen($numbers) - 1;
+            for ($x = 0; $x < $nbofcharlast; $x++) {
+                $randomCode .= $numbers{random_int(0, $max)};
+            }
+
+            $generated_password=str_shuffle($randomCode);
+        }
+        else	// Old platform, non cryptographic random
+        {
+            $max = strlen($lowercase) - 1;
+            for ($x = 0; $x < $nbofchar; $x++) {
+                $randomCode .= $lowercase{mt_rand(0, $max)};
+            }
+            $max = strlen($uppercase) - 1;
+            for ($x = 0; $x < $nbofchar; $x++) {
+                $randomCode .= $uppercase{mt_rand(0, $max)};
+            }
+            $max = strlen($numbers) - 1;
+            for ($x = 0; $x < $nbofcharlast; $x++) {
+                $randomCode .= $numbers{mt_rand(0, $max)};
+            }
+
+            $generated_password=str_shuffle($randomCode);
+        }
+    }
+    else if (! empty($conf->global->USER_PASSWORD_GENERATED))
+    {
+        $nomclass="modGeneratePass".ucfirst($conf->global->USER_PASSWORD_GENERATED);
+        $nomfichier=$nomclass.".class.php";
+        //print DOL_DOCUMENT_ROOT."/core/modules/security/generate/".$nomclass;
+        require_once DOL_DOCUMENT_ROOT."/core/modules/security/generate/".$nomfichier;
+        $genhandler=new $nomclass($db,$conf,$langs,$user);
+        $generated_password=$genhandler->getNewGeneratedPassword();
+        unset($genhandler);
+    }
+
+    // Do we have to discard some alphabetic characters ?
+    if (is_array($replaceambiguouschars) && count($replaceambiguouschars) > 0)
+    {
+        $numbers = "ABCDEF";
+        $max = strlen($numbers) - 1;
+        $generated_password=str_replace($replaceambiguouschars, $numbers{random_int(0, $max)}, $generated_password);
+    }
+
+    return $generated_password;
 }