function test_password() { $user = new User(); $rand = md5(rand()); $user->username = '******' . $rand; $user->fullname = 'This is the name'; $user->email = "{$rand}@email.com"; $user->save(); $user->set_password('abc.com'); $this->assertTrue($user->check_password('abc.com')); $this->assertFalse($user->check_password('abc.codffdm')); //to check with the DB $user_g = User::by_email($user->email); $this->assertTrue($user_g->check_password('abc.com')); $this->assertFalse($user_g->check_password('abc.codffdm')); }
function page_user($path) { if (count($path) > 0) { switch ($path[0]) { case 'login': if (isset($_POST['login']) && isset($_POST['password'])) { $user = new User($_POST['login']); if ($user->check_password($_POST['password'])) { $_SESSION['User'] = $user; $this->flash_success("Login successful"); $this->go_back(); } else { $this->flash_error("Invalid credentials"); $this->smarty->assign('login', $_POST['login']); } } $this->content = './tpl/user/login.tpl'; break; case 'logout': session_destroy(); session_start(); $this->flash_success("Logout successful"); $this->go_to('/'); break; case 'settings': break; default: $this->page_404($path); } } else { $this->page_404($path); } }
function verify_password() { if ($this->method === 'post') { $u = new User(); $u->get_by_id($this->auth_user_id); if ($u->exists()) { if ($u->check_password($_POST['password'])) { exit; } else { $this->error('403', 'Password does not match'); return; } } else { $this->error('404', 'User not found.'); return; } } else { $this->error('400', 'Bad request'); return; } }
/** * @see AuthInterface::login() * @param string $username * @param string $password * @return bool */ public function login($username, $password) { if ($username and $password) { $system_log = new SystemLog(null); if (User::exist_username($username)) { $user_id = User::get_user_id_by_username($username); $user = new User($user_id); if ($user->check_password($password)) { if ($user->get_boolean_user_entry("user_inactive") == false) { $session = new Session(null); $session_id = $session->create($user_id); $this->session_id = $session_id; if ($user->get_boolean_user_entry("must_change_password") == true) { $session->write_value("must_change_password", true, true); } if ($user->get_boolean_user_entry("user_locked") == true) { $session->write_value("user_locked", true, false); } // Login Successful $system_log->create($user_id, 1, 1, "Login Successful", "Login", "auth.php", null, null); return true; } else { // Inactive Login $system_log->create($user_id, 1, 1, "Inactive User", "Login", "auth.php", null, null); return false; } } else { // Wring Password $system_log->create($user_id, 1, 0, "Wrong Password", "Login", "auth.php", null, null); return false; } } else { // User Not Found $system_log->create(null, 1, 0, "User \"" . $username . "\" Not Found", "Login", "auth.php", null, null); return false; } } else { return false; } }
<?php include 'db/db.php'; $password = $_REQUEST['pass']; session_start(); include 'classes/User.php'; $us = new User(); $check = $us->check_password($password); if ($check == 0) { echo '<span style="color:red;">Incorrect Current Password.</span>'; } else { echo ''; }
--> <?php //include include '../../controllers/account/User.php'; // Class User $Pseudo_login = NULL; /**< Username */ $Password_login = NULL; /**< Password of username (tempo.) */ $acces_granted = NULL; /**< Acces granted or denied */ $User = new User(); /**< The User object */ if (verifyUsernameLogin() && verifyPasswordLogin()) { $User->set_email_or_pseudo($_POST['Pseudo_login']); if ($User->check_password($_POST['Password'])) { //return to index.php session_unset(); $_SESSION = array(); /**< PHP session */ $_SESSION['username'] = $User->get_username(); $_SESSION['access'] = true; echo '<script>window.location = "../stations/show_measure.php";</script>'; } else { $acces_granted = "Informations are not valids"; } } /** * @see verifyUsernameLogin() User field can't be empty * @return boolean FALSE == empty, TRUE == Filled */
function index() { // GC old sessions if ($this->method !== 'delete') { $gc = new Application(); $gc->where('role', 'god')->where('created_on <', strtotime('-14 days'))->get(); $gc->delete_all(); } if ($this->method == 'get') { $auth = $this->authenticate(); if ($auth) { $user_id = $auth[0]; $u = new User(); $u->get_by_id($user_id); if ($u->exists()) { $this->set_response_data(array('token' => $auth[1], 'user' => $u->to_array())); } else { $this->error('404', 'User not found.'); return; } } else { $this->error('404', 'Session not found.'); return; } } else { switch ($this->method) { case 'post': $u = new User(); if ($this->input->post('email') && $this->input->post('password')) { $u->where('email', $this->input->post('email'))->limit(1)->get(); if ($u->exists() && $u->check_password($this->input->post('password'))) { $u->create_session($this->session, $this->input->post('remember') === 'on'); } else { $this->error('404', 'User not found.'); return; } } else { $this->error('403', 'Required parameters "email" and/or "password" are not present.'); return; } $this->redirect("/sessions"); break; case 'delete': $auth = $this->authenticate(); if (!$auth) { $this->error('401', 'Not authorized to perform this action.'); return; } $a = new Application(); $a->where('token', $auth[1])->get(); $a->delete(); $user_id = $auth[0]; $u = new User(); $u->get_by_id($user_id); $u->remember_me = null; $u->save(); $this->load->helper('cookie'); delete_cookie('remember_me'); $this->session->sess_destroy(); exit; break; } } }
unset($update_login); if ($success === false) { $_SESSION['success'] = "Ошибка при обновлении"; return false; } else { $_SESSION['success'] = "Логин успешно обновлен"; header("Location: /reg/user/" . $_SESSION['user']['login']); exit; } } elseif (isset($_POST['sub']) && $_POST['captcha'] !== $_SESSION['captcha']) { $_SESSION['user_error_captcha'] = "Не верный код капчи"; } //смена пароля if (isset($_POST['sub_pass']) && $_POST['captcha_pass'] == $_SESSION['captcha']) { $update_pass = new User(); $passwords = $update_pass->check_password($_POST['password_old']); $passwords_new = $update_pass->check_password($_POST['new_pass']); if ($passwords_new === false) { $_SESSION['user_error_new_pass'] = "******"; return false; } if ($_POST['password_old'] !== $_POST['password1_old']) { $_SESSION['user_error_old_pass'] = "******"; return false; } $row = array(); $row['pass'] = $passwords_new; $row['login'] = $_SESSION['user']['login']; $success = $update_pass->update_pass($row); unset($update_pass); if ($success === false) {