/** * Check if a password exists for a user * * @param string $password * @param string $since * @return boolean */ public function exists($password = null, $since = null) { $db = \App::get('db'); if (empty($db)) { return false; } $query = "SELECT `passhash` FROM `#__users_password_history` WHERE user_id = " . $db->quote($this->user_id); if (!empty($since)) { $query .= " AND invalidated >= " . $db->quote($since); } $db->setQuery($query); $results = $db->loadObjectList(); if ($results && count($results) > 0) { foreach ($results as $result) { $compare = \Hubzero\User\Password::comparePasswords($result->passhash, $password); if ($compare) { return true; } } } return false; }
/** * Authenticate Subscription Requests * * @return void */ private function authenticateSubscriptionRequest() { $realm = '[' . Config::get('sitename') . '] Group Calendar: ' . $this->group->get('description'); if (empty($_SERVER['PHP_AUTH_USER'])) { header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Basic realm="' . $realm . '"'); echo Lang::txt('You are not authorized to view this calendar.'); exit; } //get the username and password $httpBasicUsername = $_SERVER['PHP_AUTH_USER']; $httpBasicPassword = $_SERVER['PHP_AUTH_PW']; //make sure we have a username and password if (!isset($httpBasicUsername) || !isset($httpBasicPassword) || $httpBasicUsername == '' || $httpBasicPassword == '') { header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Basic realm="' . $realm . '"'); die(Lang::txt('You must enter a valid username and password.')); } //get the user based on username $sql = "SELECT u.id, u.username, up.passhash\n\t\t FROM #__users AS u, #__users_password AS up\n\t\t WHERE u.id=up.user_id\n\t\t AND u.username="******"' . $realm . '"'); die(Lang::txt('You must enter a valid username and password.')); } //make sure password matches stored password if (!\Hubzero\User\Password::comparePasswords($user->passhash, $httpBasicPassword)) { App::get('log')->logger('auth')->info($httpBasicUsername . ' ' . $_SERVER['REMOTE_ADDR'] . ' invalid group calendar subscription auth for ' . $this->group->get('cn')); apache_note('auth', 'invalid'); header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Basic realm="' . $realm . '"'); die(Lang::txt('You must enter a valid username and password.')); } return $user; }