PHP User::updatePasswordHash Examples

Example #1

File: UserTest.php Project: egrivel/vacationblog

 /**
  * Extra test: password migration.
  * Manually insert an old-style password hash in the database, then
  * make sure that the password field in the database gets updated when
  * the migration function is invoked.
  * @depends testLegacyPassword
  */
 public function testPasswordMigration()
 {
     global $testUserId1;
     $password = '******';
     $oldPasswordHash = '$0$6cc7c5a5a21978e5587a59186cadb5e3';
     $object = new User($testUserId1);
     $object->save();
     // Update the database and check for match
     $query = "UPDATE blogUser " . "SET password='******' " . "WHERE userId='{$testUserId1}'";
     mysql_query($query);
     $object->load($testUserId1);
     $rows = $this->countTestRows();
     $this->assertTrue($object->checkPassword($password));
     $object->updatePasswordHash($password);
     // make sure a new row has been inserted
     $this->assertEquals($rows + 1, $this->countTestRows());
     // Check that the password has been re-encoded in the
     // in the database
     $updated = $object->getUpdated();
     $query = "SELECT password " . "FROM blogUser " . "WHERE userId='{$testUserId1}' " . "AND updated='{$updated}'";
     // print "$query\n";
     $result = mysql_query($query);
     if ($result) {
         $this->assertTrue(mysql_num_rows($result) === 1);
         $line = mysql_fetch_array($result);
         $newPasswordHash = db_sql_decode($line[0]);
         $this->assertNotEquals($oldPasswordHash, $newPasswordHash);
     } else {
         $this->assertFalse(true, "Got error in mySQL query '{$query}'");
     }
     // After the password has been re-encoded, make sure it still matches
     $this->assertTrue($object->checkPassword($password));
     // Make sure repeated calls to updatePasswordHash succeed
     $object->updatePasswordHash($password);
 }

Example #2

File: login.php Project: egrivel/vacationblog

    if (isset($data['password'])) {
        $password = $data['password'];
    }
    if ($userId === '' || $password === '') {
        $response = errorResponse(RESPONSE_BAD_REQUEST);
    } else {
        $user = new User($userId);
        if ($user->getCreated() === null) {
            $response = errorResponse(RESPONSE_NOT_FOUND);
        } else {
            if ($user->checkPassword($password)) {
                // password matches, need to allow for hash update (if hash
                // algorithm changed, the new hash can only be stored in the
                // database when we have the actual password, and only at login
                // time do we have the actual password)
                $user->updatePasswordHash($password);
                $authId = Auth::generateAuthId();
                $auth = new Auth($authId);
                $auth->setUserId($userId);
                $auth->save();
                $response = successResponse();
                $response['authId'] = $authId;
            } else {
                $response = errorResponse(RESPONSE_UNAUTHORIZED);
            }
        }
    }
} else {
    $response = errorResponse(RESPONSE_METHOD_NOT_ALLOWED, $_SERVER['REQUEST_METHOD']);
}
echo json_encode($response);