private static function validateUpdateRequest($r)
{
$user = UsersDAO::FindByEmail($r['email']);
$reset_token = $r['reset_token'];
$password = $r['password'];
$password_confirmation = $r['password_confirmation'];
if (is_null($user) || is_null($reset_token) || is_null($password) || is_null($password_confirmation)) {
throw new InvalidParameterException('invalidParameters');
}
if ($user->reset_digest !== hash('sha1', $reset_token)) {
throw new InvalidParameterException('invalidResetToken');
}
if ($password !== $password_confirmation) {
throw new InvalidParameterException('passwordMismatch');
}
SecurityTools::testStrongPassword($password);
$seconds = time() - strtotime($user->reset_sent_at);
if ($seconds > PASSWORD_RESET_TIMEOUT) {
throw new InvalidParameterException('passwordResetResetExpired');
}
}
/**
* Update basic user profile info when logged with fb/gool
*
* @param Request $r
* @return array
* @throws InvalidDatabaseOperationException
* @throws InvalidParameterException
*/
public static function apiUpdateBasicInfo(Request $r)
{
self::authenticateRequest($r);
//Buscar que el nuevo username no este ocupado si es que selecciono uno nuevo
if ($r['username'] != $r['current_user']->getUsername()) {
$testu = UsersDAO::FindByUsername($r['username']);
if (!is_null($testu)) {
throw new InvalidParameterException('parameterUsernameInUse', 'username');
}
Validators::isValidUsername($r['username'], 'username');
$r['current_user']->setUsername($r['username']);
}
SecurityTools::testStrongPassword($r['password']);
$hashedPassword = SecurityTools::hashString($r['password']);
$r['current_user']->setPassword($hashedPassword);
UsersDAO::save($r['current_user']);
return array('status' => 'ok');
}
<?php
require_once 'SecurityTools.php';
require_once 'Controller.php';
$password = Controller::randomString(8);
echo "{$password}\n";
echo SecurityTools::hashString($password) . "\n";
