/** * To get the object of an existing user. * @param string $id The id of the user * @param string $pass The password of the user * @return \phpsec\User The object of the user that enables them to use other functions * @throws UserNotExistsException Will be thrown if no user is found with the given ID * @throws WrongPasswordException Will be thrown if the given password does not matches the old password stored in the DB */ public static function existingUserObject($id, $pass) { $obj = new User(); $result = SQL("SELECT `P_EMAIL`, `HASH`, `ALGO`, `DYNAMIC_SALT` FROM USER WHERE `USERID` = ?", array($id)); //If no record is returned for this user, then this user does not exist in the system. if (count($result) != 1) { throw new UserNotExistsException("ERROR: User Not found."); } //validate the given password with that stored in the DB. if (!BasicPasswordManagement::validatePassword($pass, $result[0]['HASH'], $result[0]['DYNAMIC_SALT'], $result[0]['ALGO'])) { throw new WrongPasswordException("ERROR: Wrong Password."); } //check if the user account is locked if (User::isLocked($id)) { throw new UserLocked("ERROR: The account is locked!"); } //check if the user account is inactive if (User::isInactive($id)) { throw new UserAccountInactive("ERROR: The account is inactive. Please activate your account."); } //If all goes right, then set the local variables and return the user object. $obj->userID = $id; $obj->primaryEmail = $result[0]['P_EMAIL']; $obj->dynamicSalt = $result[0]['DYNAMIC_SALT']; $obj->hashedPassword = $result[0]['HASH']; $obj->hashAlgorithm = $result[0]['ALGO']; //code to update last login time SQL("UPDATE `USER` SET `LAST_LOGIN` = ? WHERE `USERID` = ?", array(time(), $id)); return $obj; }
/** * Function to test accessibility if the account is inactive/active. */ public function testInactive() { User::newUserObject("phpsec", "owasp", "*****@*****.**"); //create a new user try { $testUser = User::existingUserObject("phpsec", "owasp"); //note that the account is not activated. Hence an exception will be thrown } catch (UserAccountInactive $e) { $this->assertTrue(TRUE); //since exception is thrown, the test succeded. User::activateAccount("phpsec"); //activate the account $testUser = User::existingUserObject("phpsec", "owasp"); //note that the account is now active. Hence the object will be created successfully. $this->assertTrue($testUser->getUserID() == "phpsec"); $this->assertTrue(!User::isInactive("phpsec")); $testUser->deleteUser(); } }