public function updateUserPassword(User $inUser, $newPassword, $oldPassword) { if (!PermissionEngine::getInstance()->currentUserCanDo('userCanUpdatePassword')) { return false; } if (strlen($newPassword) < $this->getMinimumPasswordLength()) { return false; } $userID = $inUser->getUserID(); if (!is_numeric($userID)) { return false; } $db = Database::getInstance(); if (!$db->isConnected()) { return false; } $userID = $db->escapeString($userID); $results = $db->getData('password', 'user', "userID = {$userID}"); if ($results === false) { return false; } if ($results === null) { return false; } if (count($results) > 1) { return false; } $storedPassword = $results[0]['password']; if (!Hasher::verifyHash($oldPassword, $storedPassword)) { return false; } $newHashed = Hasher::generateHash($newPassword); $newHashed = $db->escapeString($newHashed); $results = $db->updateTable('user', "password = '******'", "userID = {$userID}"); if (!$results) { return false; } return true; }
public function logIn($userName, $password) { if (!is_string($userName)) { return false; } if (!is_string($password)) { return false; } if ($this->isLoggedIn) { return true; } if (LockoutEngine::getInstance()->isLockedOut($_SERVER['REMOTE_ADDR'])) { return false; } //repeated twice just in case a plugin logs the user in if ($this->isLoggedIn) { return true; } $database = Database::getInstance(); $database->connect(); if (!$database->isConnected()) { return false; } $userName = $database->escapeString(trim($userName)); $column = 'userID, roleID, userName, givenIdentifier, password, firstName, lastName, email, profilePictureLocation, birthday'; $table = 'user'; $where = '((email = \'' . $userName . '\') OR (userName = \'' . $userName . '\') OR (givenIdentifier = \'' . $userName . '\'))'; if ($database->isConnected()) { $results = $database->getData($column, $table, $where); } else { $results = null; } //If there weren't any accounts found or too many accounts found if ($results === null) { return false; } if (count($results) > 1) { return false; } $dbPassword = $results[0]['password']; if (!Hasher::verifyHash($password, $dbPassword)) { return false; } self::setUserSession(new CurrentUser($results[0]['userID'], $results[0]['roleID'], $results[0]['givenIdentifier'], $results[0]['userName'], $results[0]['firstName'], $results[0]['lastName'], $results[0]['email'], new Link($results[0]['profilePictureLocation'], true), new DateTime($results[0]['birthday']), true)); $this->isLoggedIn = true; $userID = $database->escapeString($this->getUserID()); $database->updateTable('user', 'lastAccess = CURRENT_TIMESTAMP', "userID={$userID}"); return true; }