public function login($sUsername, $sPassword) { $oUser = UserQuery::create()->filterByUsername($sUsername)->findOne(); if ($oUser === null) { $oUser = UserQuery::create()->filterByEmail($sUsername)->find(); if (count($oUser) === 1) { $oUser = $oUser[0]; } else { return 0; } } if (!PasswordHash::comparePassword($sPassword, $oUser->getPassword())) { if (PasswordHash::comparePasswordFallback($sPassword, $oUser->getPassword())) { $oUser->setPassword($sPassword); UserPeer::ignoreRights(true); $oUser->save(); return $this->login($sUsername, $sPassword); } if ($oUser->getPassword() === '*') { return self::USER_NEEDS_PASSWORD_RESET; } return 0; } if ($oUser->getDigestHA1() === null && Settings::getSetting('security', 'generate_digest_secrets', false) === true) { $oUser->setPassword($sPassword); UserPeer::ignoreRights(true); $oUser->save(); } return $this->loginUser($oUser); }
public function testSimplePasswordCheckFallback() { $sPassword = <<<EOT myTestPassword EOT; $this->assertSame(true, PasswordHash::comparePasswordFallback($sPassword, md5($sPassword))); }