/** * crypt password * Defines whether to use bcrypt or salted MD5 * @param $val * @return string */ public function set_password($val) { $f3 = \Base::instance(); if (!$val) { $userDetails = new self(); $userDetails->load(array('username = ?', $f3->get('POST.username'))); $val = $userDetails->password; return $val; } else { $hash_engine = $f3->get('password_hash_engine'); switch ($hash_engine) { case 'bcrypt': $crypt = \Bcrypt::instance(); $val = $crypt->hash($val); break; case 'md5': // fall-through // fall-through default: $val = md5($val . $f3->get('password_md5_salt')); break; } return $val; } }
public function post($f3) { if ($this->authForm->isValid($f3->get('POST'))) { $users = $this->getDB('users'); $user = $users->findOne(array('email=?', $f3->get('POST.email'))); $crypt = \Bcrypt::instance(); if ($user->mailvalidation) { $f3->set('SESSION.errormsg', 'Account nicht aktiviert!'); $f3->reroute('/auth'); } elseif ($crypt->verify($f3->get('POST.password'), $user->password)) { $f3->set('SESSION.user', array('id' => $user->id, 'email' => $user->email, 'raidleader' => $user->raidleader, 'admin' => $user->admin)); if ($f3->get('GET.url')) { $f3->reroute($f3->get('GET.url')); } else { $f3->reroute('/'); } } else { $f3->set('SESSION.errormsg', 'EMail oder Passwort falsch'); $f3->reroute('/auth'); } } else { $f3->set('SESSION.failedFields', array_keys($this->authForm->getFailedFields())); $f3->set('SESSION.errormsg', implode("<br>", $this->authForm->getFailedFields())); $f3->reroute('/auth'); } }
/** * @see SqlMapper::__set($key, $value); */ function __set($key, $value) { if ($key == "password") { $value = Bcrypt::instance()->hash($value, $this->createSalt(), 14); } parent::__set($key, $value); }
function Set($f3) { if (!\Check::confirm('POST.password')) { $this->flash('Konfirmasi Password Tidak Cocok'); $f3->reroute($f3->get('URI')); } $post = $f3->get('POST'); $db_host = $post['DB_HOST']; $db_name = $post['DB_NAME']; $db_user = $post['DB_USER']; $db_pass = $post['DB_PASS']; $dsn = "mysql:host={$db_host};port=3306;dbname={$db_name}"; $db = new \DB\SQL($dsn, $db_user, $db_pass); try { $db->begin(); $db->exec(explode(';', $f3->read('installation/install.sql'))); $user = new \DB\SQL\Mapper($db, 'user'); $user->username = $post['username']; $user->password = \Bcrypt::instance()->hash($post['password']); $user->type = 1; $user->save(); $key = bin2hex(openssl_random_pseudo_bytes(32)); $data = "[globals]\nDEBUG=0\nAUTOLOAD=\"controller/;model/\"\nUI=\"view/\"\nAPP_KEY=\"{$key}\"\nDB_SET=\"{$dsn}\"\nDB_USER=\"{$db_user}\"\nDB_PASS=\"{$db_pass}\""; $f3->write('config/config.ini', $data); $f3->write('config/route.ini', $f3->read('installation/route.ini')); $db->commit(); $this->flash('Success... Silahkan Hapus Folder Installation', 'success'); } catch (Exception $e) { $db->rollback(); $this->flash($e->getMessage()); $f3->reroute('/'); } $f3->reroute('/'); }
/** * Login Procedure * @param $f3 * @param $params */ public function login($f3, $params) { if ($f3->exists('POST.username') && $f3->exists('POST.password')) { sleep(3); // login should take a while to kick-ass brute force attacks $user = new \Model\User(); $user->load(array('username = ?', $f3->get('POST.username'))); if (!$user->dry()) { // check hash engine $hash_engine = $f3->get('password_hash_engine'); $valid = false; if ($hash_engine == 'bcrypt') { $valid = \Bcrypt::instance()->verify($f3->get('POST.password'), $user->password); } elseif ($hash_engine == 'md5') { $valid = md5($f3->get('POST.password') . $f3->get('password_md5_salt')) == $user->password; } if ($valid) { @$f3->clear('SESSION'); //recreate session id $f3->set('SESSION.user_id', $user->_id); if ($f3->get('CONFIG.ssl_backend')) { $f3->reroute('https://' . $f3->get('HOST') . $f3->get('BASE') . '/'); } else { $f3->reroute('/cnc'); } } } \Flash::instance()->addMessage('Wrong Username/Password', 'danger'); } $this->response->setTemplate('templates/login.html'); }
static function _beforeSave($self) { $pass = $self->get('password'); $crypt = \Bcrypt::instance(); if ($crypt->needs_rehash($pass)) { $self->set('password', $crypt->hash($pass)); } }
public function login() { $fw = Base::instance(); if (!$this->map->dry()) { return true; } else { $this->map->load([$this->prop['username'] . '=:u', ':u' => $fw['POST.' . $this->prop['username']]], ['limit' => 1]); if ($this->map->dry() || !\Bcrypt::instance()->verify($fw['POST.' . $this->prop['password']], $this->map->get($this->prop['password']))) { $fw['error'] = 'Login gagal!'; return false; } } $this->isLogged = true; return $this->setSession($this->map->get($this->prop['id']), $this->map->cast()); }
/** * crypt password * @param $val * @return string */ public function set_password($val) { $f3 = \Base::instance(); $hash_engine = $f3->get('password_hash_engine'); switch ($hash_engine) { case 'bcrypt': $crypt = \Bcrypt::instance(); $val = $crypt->hash($val); break; case 'md5': // fall-through // fall-through default: $val = md5($val . $f3->get('password_md5_salt')); break; } return $val; }
static function pass($pass, $hash) { return (bool) Bcrypt::instance()->verify($pass, $hash); }
/** * verify a user by his password * @param $password * @return bool */ public function verify($password) { $valid = false; if (!$this->dry()) { $valid = (bool) \Bcrypt::instance()->verify($password, $this->password); } return $valid; }
public function post($f3) { if ($f3->get('PARAMS.userid') && !$this->editOrViewAllowed($f3->get('PARAMS.userid'))) { $f3->set('SESSION.errormsg', 'Nicht erlaubt!'); $f3->reroute('/user/edit/' . $f3->get('SESSION.user.id')); } switch ($f3->get('PARAMS.action')) { case 'create': $newUser = $this->getDB('users'); $crypt = \Bcrypt::instance(); if ($this->userRegistrationForm->isValid($f3->get('POST'))) { $userDB = $this->getDB('users'); if ($userDB->findone(array('email=?', $f3->get('POST.email')))) { $f3->set('SESSION.errormsg', 'EMail ungültig oder bereits registriert!'); $f3->reroute('/user/create'); } if ($f3->get('POST.password') !== $f3->get('POST.password2')) { $f3->set('SESSION.failedFields', array('password', 'password2')); $f3->set('SESSION.errormsg', 'Passwörter stimmen nicht überein'); $f3->reroute('/user/create'); } $newUser->copyfrom('POST'); $newUser->password = $crypt->hash($f3->get('POST.password', $f3->get('crypt.SALT'))); $newUser->mailvalidation = $this->generateMailValidationKey(); $newUser->save(); // Send Mail $f3->set('newuser', $newUser); $this->mail->setSubject("RaidPlaner Registration")->sendMessage("registration", array($newUser->email)); $f3->set('SESSION.successmsg', 'Benutzer erstellt! Prüfe deine EMails um die EMail-Adresse zu bestätigen.'); //$f3->reroute('/auth'); } else { $f3->set('SESSION.failedFields', array_keys($this->userRegistrationForm->getFailedFields())); $f3->set('SESSION.errormsg', implode("<br>", $this->userRegistrationForm->getFailedFields())); $f3->reroute('/user/create'); } break; case 'edit': $userDB = $this->getDB('users'); $user = $userDB->findone(array('id=', $f3->get('PARAMS.userid'))); $crypt = \Bcrypt::instance(); if ($this->userEditForm->isValid($f3->get('POST'))) { if ($f3->get('POST.password') !== $f3->get('POST.password2')) { $f3->set('SESSION.failedFields', array('password', 'password2')); $f3->set('SESSION.errormsg', 'Passwörter stimmen nicht überein'); $f3->reroute('/user/edit/' . $f3->get('PARAMS.userid')); } $user->password = $crypt->hash($f3->get('POST.password', $f3->get('crypt.SALT'))); $user->save(); $f3->set('SESSION.successmsg', 'Daten geändert!'); $f3->reroute('/user/edit/' . $f3->get('PARAMS.userid')); } else { $f3->set('SESSION.failedFields', array_keys($this->userEditForm->getFailedFields())); $f3->set('SESSION.errormsg', implode("<br>", $this->userEditForm->getFailedFields())); $f3->reroute('/user/edit/' . $f3->get('PARAMS.userid')); } break; case 'delete': $charactersDB = $this->getDB('characters'); $charactersDB->erase(array('userid=?', $f3->get('PARAMS.userid'))); $usersDB = $this->getDB('users'); $usersDB->erase(array('id=?', $f3->get('PARAMS.userid'))); $f3->reroute('/user/list'); break; } }
public function setEncryptPassword($f3) { $crypt = \Bcrypt::instance(); $pwd = "music123"; echo $crypt->hash($pwd); }
echo json_encode(["status" => "ERR", "description" => "Invalid username or password."]); } } else { // Send error: wrong username or password echo json_encode(["status" => "ERR", "description" => "Invalid username or password."]); } }); $f3->route('GET /api/unauthorized', function () { header('Content-type: application-json'); echo json_encode(["status" => "ERR", "description" => "You don't have access to this service."]); }); // DEVELOPMENT ONLY // REGISTER USER $f3->route('GET /api/@user/@password', function ($f3) { header('Content-type: application/json'); $db = new DB\SQL($f3->get('main_db'), $f3->get('main_username'), $f3->get('main_password')); $crypt = Bcrypt::instance(); $success = $db->exec("INSERT INTO users (username, password) VALUES (:username, :password)", [':username' => $f3->get('PARAMS.user'), ':password' => $crypt->hash($f3->get('PARAMS.password'))]); if ($success) { echo json_encode(["status" => "OK"]); } else { echo json_encode(["status" => "ERR", "description" => "Invalid username or password."]); } }); // Route: POST /api/sms // Args: // - recipient_phone_number: string // - message_content: string $f3->route('POST /api/sms', 'API->sendSMS'); // Run the app $f3->run();
/** * This method should not be called directly. Models that need to hash or * verify hashes should use the aliased methods hash() and verify(). * * @return object */ private function crypt() { return \Bcrypt::instance(); }