/** * Check the given code against he value in the database * * @param string $resetCode Reset code to verify * @return boolean Pass/fail of verification */ public function checkResetPasswordCode($resetCode) { // Verify we have a user if ($this->id === null) { return false; } if ($this->resetCode === null) { throw new Exception\PasswordResetInvalid('No reset code defined for user ' . $this->username); } // Verify the timeout $timeout = new \DateTime($this->resetCodeTimeout); if ($timeout <= new \DateTime()) { $this->clearPasswordResetCode(); throw new Exception\PasswordResetTimeout('Reset code has timeed out!'); } // We made it this far, compare the hashes $result = Gatekeeper::hash_equals($this->resetCode, $resetCode); if ($result === true) { $this->clearPasswordResetCode(); } return $result; }
/** * Test that false is returned when the hashes are different lengths */ public function testHashEqualsDifferentLength() { $hash = sha1(mt_rand()); $this->assertFalse(Gatekeeper::hash_equals($hash, md5(mt_rand()))); }
/** * Check to see if a user has a permission * * @param integer $permId Permission ID or name * @return boolean Found/not found in user permission set */ public function hasPermission($permId) { $find = ['user_id' => $this->id]; if (!is_numeric($permId)) { $p = Gatekeeper::findPermissionByName($permId); $permId = $p->id; } $find['permission_id'] = $permId; $perm = new UserPermissionModel($this->getDb()); $perm = $this->getDb()->find($perm, $find); return $perm->id !== null && $perm->id === $permId ? true : false; }