Example #1
0
 /**
  * To get the object of an existing user.
  * @param string $id        The id of the user
  * @param string $pass      The password of the user
  * @return \phpsec\User     The object of the user that enables them to use other functions
  * @throws UserNotExistsException   Will be thrown if no user is found with the given ID
  * @throws WrongPasswordException   Will be thrown if the given password does not matches the old password stored in the DB
  */
 public static function existingUserObject($id, $pass)
 {
     $obj = new User();
     $result = SQL("SELECT `P_EMAIL`, `HASH`, `ALGO`, `DYNAMIC_SALT` FROM USER WHERE `USERID` = ?", array($id));
     //If no record is returned for this user, then this user does not exist in the system.
     if (count($result) != 1) {
         throw new UserNotExistsException("ERROR: User Not found.");
     }
     //validate the given password with that stored in the DB.
     if (!BasicPasswordManagement::validatePassword($pass, $result[0]['HASH'], $result[0]['DYNAMIC_SALT'], $result[0]['ALGO'])) {
         throw new WrongPasswordException("ERROR: Wrong Password.");
     }
     //check if the user account is locked
     if (User::isLocked($id)) {
         throw new UserLocked("ERROR: The account is locked!");
     }
     //check if the user account is inactive
     if (User::isInactive($id)) {
         throw new UserAccountInactive("ERROR: The account is inactive. Please activate your account.");
     }
     //If all goes right, then set the local variables and return the user object.
     $obj->userID = $id;
     $obj->primaryEmail = $result[0]['P_EMAIL'];
     $obj->dynamicSalt = $result[0]['DYNAMIC_SALT'];
     $obj->hashedPassword = $result[0]['HASH'];
     $obj->hashAlgorithm = $result[0]['ALGO'];
     //code to update last login time
     SQL("UPDATE `USER` SET `LAST_LOGIN` = ? WHERE `USERID` = ?", array(time(), $id));
     return $obj;
 }
Example #2
0
 /**
  * Function to test accessibility if the account is inactive/active.
  */
 public function testInactive()
 {
     User::newUserObject("phpsec", "owasp", "*****@*****.**");
     //create a new user
     try {
         $testUser = User::existingUserObject("phpsec", "owasp");
         //note that the account is not activated. Hence an exception will be thrown
     } catch (UserAccountInactive $e) {
         $this->assertTrue(TRUE);
         //since exception is thrown, the test succeded.
         User::activateAccount("phpsec");
         //activate the account
         $testUser = User::existingUserObject("phpsec", "owasp");
         //note that the account is now active. Hence the object will be created successfully.
         $this->assertTrue($testUser->getUserID() == "phpsec");
         $this->assertTrue(!User::isInactive("phpsec"));
         $testUser->deleteUser();
     }
 }