public function testVerifyPassword()
{
$user = new User();
$user->setPassword('qwerty');
$this->assertTrue($user->verifyPassword('qwerty'));
$this->assertFalse($user->verifyPassword('wrong'));
}
public function login(array $params = null)
{
if ($this->app->getCurrentUser()->isLoggedIn()) {
$this->app->redirectToHome();
}
$this->loadView('login');
if (!empty($params)) {
// Data was received, so this is a login attempt. -- cwells
if (empty($params['Nickname']) || empty($params['Password'])) {
$this->view->setStatus('You must provide a username and a password.', 400);
} else {
$db = $this->app->getDatabase();
$user = $db->select('User', $params['Nickname']);
if (is_null($user)) {
// Perform the password verification even when the user is not found in order to make timing attacks more difficult. -- cwells
$user = new User();
$user->verifyPassword($params['Password']);
$this->view->setStatus('Login failure. Please try again.', 401);
$this->logger->warn('Failed to retrieve User with primary key = ' . $params['Nickname'] . '.');
} else {
if ($user->verifyPassword($params['Password']) === false) {
$this->view->setStatus('Login failure. Please try again.', 401);
$this->logger->warn('Invalid password provided for account: ' . $params['Nickname']);
} else {
$user->LastLogin = date(\CWA\DB\DATETIME_PHP_TO_DB);
$userProperties = $user->toArray();
$db->update('User', $userProperties);
$this->app->setCurrentUser($user);
if (!empty($_GET['returnURL']) && strncmp('/', $_GET['returnURL'], 1) === 0) {
$this->app->redirect($_GET['returnURL']);
} else {
$this->app->redirectToHome();
}
}
}
}
}
}
public static function run()
{
$user = null;
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$user = new User($_POST);
$users = UsersDB::getUsersBy('userName', $user->getUsername());
if (empty($users)) {
$user->setError('userName', 'USER_NAME_DOES_NOT_EXIST');
} elseif (!$user->verifyPassword($users[0]->getPasswordHash())) {
$user->setError('userName', 'USER_PASSWORD_INCORRECT');
} else {
$user = $users[0];
}
}
$_SESSION['user'] = $user;
if (is_null($user) || $user->getErrorCount() != 0) {
if (!is_null($user)) {
echo '<br>';
echo '<br>';
echo $users[0];
echo '<br>';
echo $users[0]->getPasswordHash();
echo '<br>';
echo strlen($users[0]->getPasswordHash());
echo '<br>';
echo $user->verifyPassword($users[0]->getPasswordHash()) ? 'true' : 'false';
echo '<br>';
print_r($user->getTheErrors());
}
LoginView::show();
} else {
$_SESSION['authenticatedUser'] = $user;
HomeView::show();
header('Location: /' . $_SESSION['base']);
}
}
<?php
switch ($_POST['action']) {
case 'verifyLogin':
if (!isset($_POST['values']['storeLogin'])) {
$_POST['values']['storeLogin'] = 0;
}
$user = new User();
$return = $user->verifyPassword($_POST['values']['mail'], $_POST['values']['password'], $_POST['values']['storeLogin']);
if ($return === true) {
echo json_encode(array('status' => 'correct', 'user' => $_SESSION['user']));
} else {
echo json_encode(array('status' => $return));
}
break;
case 'register':
$user = user::registerUser($_POST['values']);
if ($user->errmsg == '') {
if (mailer::sendRegistrationMail($user) == 1) {
echo json_encode(array('status' => 'correct', 'msg' => 'Registrierung abgeschlossen. Bitte überprüfe dein Mailpostfach um dein Account zu bestätigen.'));
} else {
echo json_encode(array('status' => 'Beim Versand der Registrierungsmail ist ein Problem aufgetreten.'));
}
} else {
echo json_encode(array('status' => $user->errmsg));
}
break;
}
//end switch
