public function testVerifyPassword() { $user = new User(); $user->setPassword('qwerty'); $this->assertTrue($user->verifyPassword('qwerty')); $this->assertFalse($user->verifyPassword('wrong')); }
public function login(array $params = null) { if ($this->app->getCurrentUser()->isLoggedIn()) { $this->app->redirectToHome(); } $this->loadView('login'); if (!empty($params)) { // Data was received, so this is a login attempt. -- cwells if (empty($params['Nickname']) || empty($params['Password'])) { $this->view->setStatus('You must provide a username and a password.', 400); } else { $db = $this->app->getDatabase(); $user = $db->select('User', $params['Nickname']); if (is_null($user)) { // Perform the password verification even when the user is not found in order to make timing attacks more difficult. -- cwells $user = new User(); $user->verifyPassword($params['Password']); $this->view->setStatus('Login failure. Please try again.', 401); $this->logger->warn('Failed to retrieve User with primary key = ' . $params['Nickname'] . '.'); } else { if ($user->verifyPassword($params['Password']) === false) { $this->view->setStatus('Login failure. Please try again.', 401); $this->logger->warn('Invalid password provided for account: ' . $params['Nickname']); } else { $user->LastLogin = date(\CWA\DB\DATETIME_PHP_TO_DB); $userProperties = $user->toArray(); $db->update('User', $userProperties); $this->app->setCurrentUser($user); if (!empty($_GET['returnURL']) && strncmp('/', $_GET['returnURL'], 1) === 0) { $this->app->redirect($_GET['returnURL']); } else { $this->app->redirectToHome(); } } } } } }
public static function run() { $user = null; if ($_SERVER["REQUEST_METHOD"] == "POST") { $user = new User($_POST); $users = UsersDB::getUsersBy('userName', $user->getUsername()); if (empty($users)) { $user->setError('userName', 'USER_NAME_DOES_NOT_EXIST'); } elseif (!$user->verifyPassword($users[0]->getPasswordHash())) { $user->setError('userName', 'USER_PASSWORD_INCORRECT'); } else { $user = $users[0]; } } $_SESSION['user'] = $user; if (is_null($user) || $user->getErrorCount() != 0) { if (!is_null($user)) { echo '<br>'; echo '<br>'; echo $users[0]; echo '<br>'; echo $users[0]->getPasswordHash(); echo '<br>'; echo strlen($users[0]->getPasswordHash()); echo '<br>'; echo $user->verifyPassword($users[0]->getPasswordHash()) ? 'true' : 'false'; echo '<br>'; print_r($user->getTheErrors()); } LoginView::show(); } else { $_SESSION['authenticatedUser'] = $user; HomeView::show(); header('Location: /' . $_SESSION['base']); } }
<?php switch ($_POST['action']) { case 'verifyLogin': if (!isset($_POST['values']['storeLogin'])) { $_POST['values']['storeLogin'] = 0; } $user = new User(); $return = $user->verifyPassword($_POST['values']['mail'], $_POST['values']['password'], $_POST['values']['storeLogin']); if ($return === true) { echo json_encode(array('status' => 'correct', 'user' => $_SESSION['user'])); } else { echo json_encode(array('status' => $return)); } break; case 'register': $user = user::registerUser($_POST['values']); if ($user->errmsg == '') { if (mailer::sendRegistrationMail($user) == 1) { echo json_encode(array('status' => 'correct', 'msg' => 'Registrierung abgeschlossen. Bitte überprüfe dein Mailpostfach um dein Account zu bestätigen.')); } else { echo json_encode(array('status' => 'Beim Versand der Registrierungsmail ist ein Problem aufgetreten.')); } } else { echo json_encode(array('status' => $user->errmsg)); } break; } //end switch