/** * Check user+password [required auth function] * * Checks if the given user exists and the given * plaintext password is correct * * @author Andreas Gohr <*****@*****.**> * @return bool */ function checkPass($user, $pass) { $userinfo = $this->getUserData($user); if ($userinfo === false) { return false; } return auth_verifyPassword($pass, $this->users[$user]['pass']); }
/** * pmd5 checking should throw an exception when a hash with a too high * iteration count is passed */ function test_verifyPassword_pmd5Exception() { $except = false; try { auth_verifyPassword('foopmd5', '$H$abcdefgh1ZbJodHxmeXVAhEzTG7IAp.'); } catch (Exception $e) { $except = true; } $this->assertTrue($except); }
function login($user, $pass) { $sql = "SELECT pass, id\n FROM lylina_users\n WHERE login = '******'"; $result = runSQL($sql); if (count($result) != 1 || !auth_verifyPassword($pass, $result[0]['pass'])) { return 0; } setAuthToken($result[0]['id']); return $result[0]['id']; }
/** * Checks if the given user exists and the given plaintext password * is correct. Furtheron it might be checked wether the user is * member of the right group * * Depending on which SQL string is defined in the config, password * checking is done here (getpass) or by the database (passcheck) * * @param $user user who would like access * @param $pass user's clear text password to check * @return bool * * @author Andreas Gohr <*****@*****.**> * @author Matthias Grimm <*****@*****.**> */ function checkPass($user, $pass) { $rc = false; if ($this->_openDB()) { $sql = str_replace('%{user}', $this->_escape($user), $this->cnf['checkPass']); $sql = str_replace('%{pass}', $this->_escape($pass), $sql); $sql = str_replace('%{dgroup}', $this->_escape($this->defaultgroup), $sql); $result = $this->_queryDB($sql); if ($result !== false && count($result) == 1) { if ($this->cnf['forwardClearPass'] == 1) { $rc = true; } else { $rc = auth_verifyPassword($pass, $result[0]['pass']); } } $this->_closeDB(); } return $rc; }
function test_verifyPassword_fixedpmd5() { $this->assertTrue(auth_verifyPassword('test12345', '$P$9IQRaTwmfeRo7ud9Fh4E2PdI0S3r.L0')); $this->assertTrue(auth_verifyPassword('test12345', '$H$9IQRaTwmfeRo7ud9Fh4E2PdI0S3r.L0')); }
function test_verifyPassword_nohash() { $this->assertTrue(auth_verifyPassword('foo', '$1$$n1rTiFE0nRifwV/43bVon/')); }
/** * Finds user by username and password * */ public function findUserByUsernameAndPassword($username, $password) { $username = preg_replace('/[^\\w\\d\\.-_]/', '', $username); $password = preg_replace('/[^\\w\\d\\.-_]/', '', $password); $userdata = $this->getUserData($username); if ($userdata) { if (auth_verifyPassword($password, $userdata['pass'])) { $userdata['username'] = $username; msg('You have logged in with username and password'); return $userdata; } } return false; }