/**
* Check the given code against he value in the database
*
* @param string $resetCode Reset code to verify
* @return boolean Pass/fail of verification
*/
public function checkResetPasswordCode($resetCode)
{
// Verify we have a user
if ($this->id === null) {
return false;
}
if ($this->resetCode === null) {
throw new Exception\PasswordResetInvalid('No reset code defined for user ' . $this->username);
}
// Verify the timeout
$timeout = new \DateTime($this->resetCodeTimeout);
if ($timeout <= new \DateTime()) {
$this->clearPasswordResetCode();
throw new Exception\PasswordResetTimeout('Reset code has timeed out!');
}
// We made it this far, compare the hashes
$result = Gatekeeper::hash_equals($this->resetCode, $resetCode);
if ($result === true) {
$this->clearPasswordResetCode();
}
return $result;
}
/**
* Test that false is returned when the hashes are different lengths
*/
public function testHashEqualsDifferentLength()
{
$hash = sha1(mt_rand());
$this->assertFalse(Gatekeeper::hash_equals($hash, md5(mt_rand())));
}
/**
* Check to see if a user has a permission
*
* @param integer $permId Permission ID or name
* @return boolean Found/not found in user permission set
*/
public function hasPermission($permId)
{
$find = ['user_id' => $this->id];
if (!is_numeric($permId)) {
$p = Gatekeeper::findPermissionByName($permId);
$permId = $p->id;
}
$find['permission_id'] = $permId;
$perm = new UserPermissionModel($this->getDb());
$perm = $this->getDb()->find($perm, $find);
return $perm->id !== null && $perm->id === $permId ? true : false;
}
