/**
* Function to generate and validate a temporary password. To create a new temporary password, call this function without the second argument and the value returned will be the temporary password that will be sent to the user. To validate a temporary password, pass the temporary password to this function and will will return TRUE for valid passwords and FALSE for invalid/non-existent one's.
* @param string $userID The userID of the user
* @param string $tempPass The temporary password that needs to be checked if valid or not
* @return boolean | string Returns True if temporary password provided is valid. False otherwise. Can also return temporary password in case where the temporary password needs to be set
*/
public static function tempPassword($userID, $tempPass = "")
{
//If a temp password has not been provided, then create a temp password.
if ($tempPass == "") {
$tempPass = hash(BasicPasswordManagement::$hashAlgo, randstr(128));
$time = time();
//If record is not present in the DB
if (!AdvancedPasswordManagement::checkIfUserExists($userID)) {
SQL("INSERT INTO PASSWORD (`TEMP_PASS`, `USE_FLAG`, `TEMP_TIME`, USERID) VALUES (?, ?, ?, ?)", array($tempPass, 0, $time, $userID));
} else {
//If record is present in the DB
SQL("UPDATE PASSWORD SET `TEMP_PASS` = ?, `USE_FLAG` = ?, `TEMP_TIME` = ? WHERE USERID = ?", array($tempPass, 0, $time, $userID));
}
return $tempPass;
} else {
$result = SQL("SELECT `TEMP_PASS`, `USE_FLAG` FROM PASSWORD WHERE `USERID` = ?", array($userID));
if (count($result) == 1) {
//temporary password has not expired
if ($result[0]['USE_FLAG'] == 0 && !($a = AdvancedPasswordManagement::checkIfTempPassExpired($userID))) {
if ($result[0]['TEMP_PASS'] === $tempPass) {
SQL("UPDATE PASSWORD SET TEMP_PASS = ?, USE_FLAG = ?, TEMP_TIME = ? WHERE USERID = ?", array(randstr(10), 1, 0, $userID));
return TRUE;
}
} else {
SQL("UPDATE PASSWORD SET TEMP_PASS = ?, USE_FLAG = ?, TEMP_TIME = ? WHERE USERID = ?", array(randstr(10), 1, 0, $userID));
return FALSE;
}
}
//record not found
return FALSE;
}
}
/**
* Function to check if the temp Password functionality is working correctly.
*/
public function testTempPassword()
{
$currentTime = time("SYS");
AdvancedPasswordManagement::$tempPassExpiryTime = 900;
$temp_pass = AdvancedPasswordManagement::tempPassword($this->user->getUserID());
//this will create a new temp password.
//firstTest
time("SET", $currentTime + 500);
//set future time that has not passed.
$this->assertFalse(AdvancedPasswordManagement::tempPassword($this->user->getUserID(), "qwert"));
//This should return false since the password is wrong. Even though time has not expired.
//secondTest
time("SET", $currentTime + 500);
$this->assertTrue(AdvancedPasswordManagement::tempPassword($this->user->getUserID(), $temp_pass));
//This should return true since the password is correct and time has not expired.
//thirdTest
time("SET", $currentTime + 500);
$this->assertFalse(AdvancedPasswordManagement::tempPassword($this->user->getUserID(), $temp_pass));
//This should return false since the above temp_pass has already been used once, so its expired.
$temp_pass = AdvancedPasswordManagement::tempPassword($this->user->getUserID());
//this will create a new temp password.
//fourthTest
time("SET", time() + 1000);
$this->assertFalse(AdvancedPasswordManagement::tempPassword($this->user->getUserID(), $temp_pass));
//This should return false since the time has expired.
}
