/** * Function to be run before every test*() functions. */ public function setUp() { BasicPasswordManagement::$hashAlgo = "haval256,5"; //choose salting algo. User::newUserObject("rash", 'testing', "*****@*****.**"); //create a user. User::activateAccount("rash"); //activate the user account $this->user = User::existingUserObject("rash", "testing"); //get the user object $this->obj = new AdvancedPasswordManagement($this->user->getUserID(), 'testing'); //create object to AdvancedPasswordManagement class. }
/** * Function to be run before every test*() functions. */ public function setUp() { BasicPasswordManagement::$hashAlgo = "haval256,5"; //choose a hashing algo. User::newUserObject("rash", 'testing', "*****@*****.**"); //create a new user. User::activateAccount("rash"); //activate the user account $this->obj = User::existingUserObject("rash", "testing"); //get the user object $this->xobj = new XUser($this->obj); //get the XUser object }
/** * Function to be run before every test*() functions. */ public function setUp() { time("RESET"); //Create users. User::newUserObject("abcd", "resting", "*****@*****.**"); User::activateAccount("abcd"); $this->user[0] = User::existingUserObject("abcd", "resting"); //Create users. User::newUserObject("efgh", "resting", "*****@*****.**"); User::activateAccount("efgh"); $this->user[1] = User::existingUserObject("efgh", "resting"); //create new sessions associated with each user. $this->session[0] = new Session(); $this->session[1] = new Session(); $this->session[2] = new Session(); $this->session[0]->newSession($this->user[0]->getUserID()); //session for user 0. $this->session[1]->newSession($this->user[0]->getUserID()); //session for user 0. $this->session[2]->newSession($this->user[1]->getUserID()); //session for user 1. }
/** * Function to test accessibility if the account is inactive/active. */ public function testInactive() { User::newUserObject("phpsec", "owasp", "*****@*****.**"); //create a new user try { $testUser = User::existingUserObject("phpsec", "owasp"); //note that the account is not activated. Hence an exception will be thrown } catch (UserAccountInactive $e) { $this->assertTrue(TRUE); //since exception is thrown, the test succeded. User::activateAccount("phpsec"); //activate the account $testUser = User::existingUserObject("phpsec", "owasp"); //note that the account is now active. Hence the object will be created successfully. $this->assertTrue($testUser->getUserID() == "phpsec"); $this->assertTrue(!User::isInactive("phpsec")); $testUser->deleteUser(); } }
/** * Function to test the function logOutFromALLDevices */ public function testLogOutFromAllDevices() { UserManagement::createUser("owasp1", "owasp", "*****@*****.**"); //create a user. User::activateAccount("owasp1"); $obj1 = UserManagement::logIn("owasp1", "owasp"); $obj2 = UserManagement::logIn("owasp1", "owasp"); //log in the same user from different device. $obj3 = UserManagement::logIn("owasp1", "owasp"); //log in the same user from different device. //set session variables to imitate real cookies. $randomValue = randstr(32); SQL("INSERT INTO `SESSION` (`SESSION_ID`, `DATE_CREATED`, `LAST_ACTIVITY`, `USERID`) VALUES (?, ?, ?, ?)", array($randomValue, time(), time(), $obj3->getUserID())); SQL("INSERT INTO `SESSION` (`SESSION_ID`, `DATE_CREATED`, `LAST_ACTIVITY`, `USERID`) VALUES (?, ?, ?, ?)", array(randstr(32), time(), time(), $obj3->getUserID())); SQL("INSERT INTO `SESSION` (`SESSION_ID`, `DATE_CREATED`, `LAST_ACTIVITY`, `USERID`) VALUES (?, ?, ?, ?)", array(randstr(32), time(), time(), $obj3->getUserID())); $_COOKIE['sessionid'] = $randomValue; UserManagement::logOutFromAllDevices($obj1->getUserID()); //This will delete all the sessions from the DB $result = SQL("SELECT * FROM SESSION"); $Test = count($result) == 0; UserManagement::deleteUser("owasp1"); //delete the newly created users. $this->assertTrue($Test); }
<?php /** * Activate new account */ // Initialisation require_once 'includes/init.php'; // Activate the account for the user with the token if (isset($_GET['token'])) { User::activateAccount($_GET['token']); } // Set the title, show the page header, then the rest of the HTML $page_title = 'Activate account'; include 'includes/header.php'; ?> <h1>Account activated</h1> <p>Thank you for activating your account! You can now <a href="login.php">login</a>.</p> <?php include 'includes/footer.php';