Example #1
0
 /**
  * Save the associated user model
  *
  * Also, this clears out all password resets associated with the given user,
  * if successful.
  * @return type
  */
 public function save()
 {
     if ($this->validate()) {
         $this->userModel->password = PasswordUtil::createHash($this->password);
         PasswordReset::model()->deleteAllByAttributes(array('userId' => $this->userModel->id));
         return $this->userModel->update(array('password'));
     }
     return false;
 }
Example #2
0
 public function testCreateHash()
 {
     for ($i = 0; $i < 20; $i++) {
         $seed = str_split('abcdefghijklmnopqrstuvwxyz' . 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' . '0123456789!@#$%^&*()');
         shuffle($seed);
         $password = '';
         foreach (array_rand($seed, 16) as $k) {
             $password .= $seed[$k];
         }
         $hash = PasswordUtil::createHash($password);
         $pieces = explode(':', $hash);
         $this->assertEquals(count($pieces), PasswordUtil::HASH_SECTIONS);
         $this->assertTrue(in_array($pieces[PasswordUtil::HASH_ALGORITHM_INDEX], hash_algos()));
         $this->assertTrue(PasswordUtil::validatePassword($password, $hash));
     }
     $a = PasswordUtil::createHash('test');
     $b = PasswordUtil::createHash('test');
     $this->assertNotEquals($a, $b);
 }
Example #3
0
 /**
  * Updates a particular model.
  * If update is successful, the browser will be redirected to the 'view' page.
  * @param integer $id the ID of the model to be updated
  */
 public function actionUpdate($id)
 {
     $model = $this->loadModel($id);
     $groups = array();
     foreach (Groups::model()->findAll() as $group) {
         $groups[$group->id] = CHtml::encode($group->name);
     }
     $selectedGroups = array();
     foreach (GroupToUser::model()->findAllByAttributes(array('userId' => $model->id)) as $link) {
         $selectedGroups[] = $link->groupId;
     }
     $roles = array();
     foreach (Roles::model()->findAll() as $role) {
         $roles[$role->id] = CHtml::encode($role->name);
     }
     $selectedRoles = array();
     foreach (RoleToUser::model()->findAllByAttributes(array('userId' => $model->id)) as $link) {
         $selectedRoles[] = $link->roleId;
     }
     // Uncomment the following line if AJAX validation is needed
     // $this->performAjaxValidation($model);
     if (!isset($model->userAlias)) {
         $model->userAlias = $model->username;
     }
     if (isset($_POST['User'])) {
         $old = $model->attributes;
         $temp = $model->password;
         $model->attributes = $_POST['User'];
         if ($model->password != "") {
             $model->password = PasswordUtil::createHash($model->password);
         } else {
             $model->password = $temp;
         }
         if (empty($model->userKey)) {
             $model->userKey = substr(str_shuffle(str_repeat('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789', 32)), 0, 32);
         }
         if ($model->save()) {
             $profile = $model->profile;
             if (!empty($profile)) {
                 $profile->emailAddress = $model->emailAddress;
                 $profile->fullName = $model->firstName . ' ' . $model->lastName;
                 $profile->save();
             }
             if ($old['username'] != $model->username) {
                 $fieldRecords = Fields::model()->findAllByAttributes(array('fieldName' => 'assignedTo'));
                 $modelList = array();
                 foreach ($fieldRecords as $record) {
                     $modelList[$record->modelName] = $record->linkType;
                 }
                 foreach ($modelList as $modelName => $type) {
                     if ($modelName == 'Quotes') {
                         $modelName = "Quote";
                     }
                     if ($modelName == 'Products') {
                         $modelName = 'Product';
                     }
                     if (empty($type)) {
                         $list = X2Model::model($modelName)->findAllByAttributes(array('assignedTo' => $old['username']));
                         foreach ($list as $item) {
                             $item->assignedTo = $model->username;
                             $item->save();
                         }
                     } else {
                         $list = X2Model::model($modelName)->findAllBySql("SELECT * FROM " . X2Model::model($modelName)->tableName() . " WHERE assignedTo LIKE '%" . $old['username'] . "%'");
                         foreach ($list as $item) {
                             $assignedTo = explode(", ", $item->assignedTo);
                             $key = array_search($old['username'], $assignedTo);
                             if ($key >= 0) {
                                 $assignedTo[$key] = $model->username;
                             }
                             $item->assignedTo = implode(", ", $assignedTo);
                             $item->save();
                         }
                     }
                 }
                 $profile = Profile::model()->findByAttributes(array('username' => $old['username']));
                 if (isset($profile)) {
                     $profile->username = $model->username;
                     $profile->save();
                 }
             }
             foreach (RoleToUser::model()->findAllByAttributes(array('userId' => $model->id)) as $link) {
                 $link->delete();
             }
             foreach (GroupToUser::model()->findAllByAttributes(array('userId' => $model->id)) as $link) {
                 $link->delete();
             }
             if (isset($_POST['roles'])) {
                 $roles = $_POST['roles'];
                 foreach ($roles as $role) {
                     $link = new RoleToUser();
                     $link->roleId = $role;
                     $link->type = "user";
                     $link->userId = $model->id;
                     $link->save();
                 }
             }
             if (isset($_POST['groups'])) {
                 $groups = $_POST['groups'];
                 foreach ($groups as $group) {
                     $link = new GroupToUser();
                     $link->groupId = $group;
                     $link->userId = $model->id;
                     $link->username = $model->username;
                     $link->save();
                 }
             }
             $this->redirect(array('view', 'id' => $model->id));
         }
     }
     $this->render('update', array('model' => $model, 'groups' => $groups, 'roles' => $roles, 'selectedGroups' => $selectedGroups, 'selectedRoles' => $selectedRoles));
 }
Example #4
0
 /**
  * Changes the password for the user given by its record ID number.
  * @param integer $id ID of the user to be updated.
  */
 public function actionChangePassword($id)
 {
     if ($id === Yii::app()->user->getId()) {
         $user = User::model()->findByPk($id);
         if (isset($_POST['oldPassword'], $_POST['newPassword'], $_POST['newPassword2'])) {
             $oldPass = $_POST['oldPassword'];
             $newPass = $_POST['newPassword'];
             $newPass2 = $_POST['newPassword2'];
             if (PasswordUtil::validatePassword($oldPass, $user->password)) {
                 if ($newPass === $newPass2) {
                     $user->password = PasswordUtil::createHash($newPass);
                     // Ensure an alias is set so that validation succeeds
                     if (empty($user->userAlias)) {
                         $user->userAlias = $user->username;
                     }
                     $user->save();
                     $this->redirect($this->createUrl('/profile/view', array('id' => $id)));
                 }
             } else {
                 Yii::app()->clientScript->registerScript('alertPassWrong', "alert('Old password is incorrect.');");
             }
         }
         $this->render('changePassword', array('model' => $user));
     }
 }
Example #5
0
 public function authenticate($google = false)
 {
     $user = $this->getUserModel();
     $isRealUser = $user instanceof User;
     if ($isRealUser) {
         $this->username = $user->username;
         if ((int) $user->status === User::STATUS_INACTIVE) {
             $this->errorCode = self::ERROR_DISABLED;
             return false;
         }
     }
     if (!$isRealUser) {
         // username not found
         $this->errorCode = self::ERROR_USERNAME_INVALID;
     } elseif ($google) {
         // Completely bypasses password-based authentication
         $this->errorCode = self::ERROR_NONE;
         $this->_id = $user->id;
         return true;
     } else {
         if ($user->status == 0) {
             // User has been disabled
             $this->errorCode = self::ERROR_DISABLED;
             return false;
         }
         $reEncrypt = false;
         $isValid = false;
         if (PasswordUtil::validatePassword($this->password, $user->password)) {
             $isValid = true;
         } else {
             if (PasswordUtil::slowEquals(md5($this->password), $user->password)) {
                 //Oldest format
                 $isValid = true;
                 $reEncrypt = true;
             } else {
                 if (PasswordUtil::slowEquals(crypt($this->password, '$5$rounds=32678$' . $user->password), '$5$rounds=32678$' . $user->password)) {
                     //Old format
                     $isValid = true;
                     $reEncrypt = true;
                 }
             }
         }
         if ($isValid) {
             $this->errorCode = self::ERROR_NONE;
             $this->_id = $user->id;
             if ($reEncrypt) {
                 $user->password = PasswordUtil::createHash($this->password);
                 $user->update(array('password'));
             }
         } else {
             $this->errorCode = self::ERROR_PASSWORD_INVALID;
         }
     }
     return $this->errorCode === self::ERROR_NONE;
 }