Example #1
0
 /**
  * Function to be run before every test*() functions.
  */
 public function setUp()
 {
     BasicPasswordManagement::$hashAlgo = "haval256,5";
     //choose salting algo.
     User::newUserObject("rash", 'testing', "rac130@pitt.edu");
     //create a user.
     User::activateAccount("rash");
     //activate the user account
     $this->user = User::existingUserObject("rash", "testing");
     //get the user object
     $this->obj = new AdvancedPasswordManagement($this->user->getUserID(), 'testing');
     //create object to AdvancedPasswordManagement class.
 }
Example #2
0
 /**
  * Function to be run before every test*() functions.
  */
 public function setUp()
 {
     BasicPasswordManagement::$hashAlgo = "haval256,5";
     //choose a hashing algo.
     User::newUserObject("rash", 'testing', "rac130@pitt.edu");
     //create a new user.
     User::activateAccount("rash");
     //activate the user account
     $this->obj = User::existingUserObject("rash", "testing");
     //get the user object
     $this->xobj = new XUser($this->obj);
     //get the XUser object
 }
Example #3
0
 /**
  * Constructor for the AdvancedPasswordManagement Class.
  * @param String $userID        //The ID of the user.
  * @param String $pass      //The password of the user.
  * @param boolean $bruteLock    //True enables brute force detection. False disables this functionality
  * @throws BruteForceAttackDetectedException    Will be thrown if brute-force attack is detected
  * @throws WrongPasswordException   Will be thrown if the given password does not matches the old password stored in the DB
  */
 public function __construct($userID, $pass, $bruteLock = false)
 {
     try {
         $this->userID = $userID;
         User::existingUserObject($userID, $pass);
         //try to get the object of the user
     } catch (\phpsec\WrongPasswordException $e) {
         if ($bruteLock == true) {
             if ($this->isBruteForce($userID)) {
                 //If brute-force detected, throw the exception
                 throw new BruteForceAttackDetectedException($e->getMessage() . "\nWARNING: Brute Force Attack Detected. We Recommend you use captcha.");
             }
         } else {
             //If brute-force is disabled, then just throw the exception
             throw $e;
         }
     }
     if (!AdvancedPasswordManagement::checkIfUserExists($userID)) {
         //If this user's record is NOT present in the PASSWORD table, then insert the new record for this user
         SQL("INSERT INTO PASSWORD (`TEMP_PASS`, `USE_FLAG`, `TEMP_TIME`, `USERID`) VALUES (?, ?, ?, ?)", array(randstr(10), 1, 0, $userID));
     }
 }
Example #4
0
 /**
  * Function to be run before every test*() functions.
  */
 public function setUp()
 {
     time("RESET");
     //Create users.
     User::newUserObject("abcd", "resting", "rac130@pitt.edu");
     User::activateAccount("abcd");
     $this->user[0] = User::existingUserObject("abcd", "resting");
     //Create users.
     User::newUserObject("efgh", "resting", "rac130@pitt.edu");
     User::activateAccount("efgh");
     $this->user[1] = User::existingUserObject("efgh", "resting");
     //create new sessions associated with each user.
     $this->session[0] = new Session();
     $this->session[1] = new Session();
     $this->session[2] = new Session();
     $this->session[0]->newSession($this->user[0]->getUserID());
     //session for user 0.
     $this->session[1]->newSession($this->user[0]->getUserID());
     //session for user 0.
     $this->session[2]->newSession($this->user[1]->getUserID());
     //session for user 1.
 }
Example #5
0
 /**
  * Function for user to log-in.
  * @param string $userID    The user ID that wants to log in
  * @param string $password  Password to login
  * @return \phpsec\User     Returns the user object
  * @throws UserNotExistsException   Will be thrown if no user is found with the given ID
  * @throws WrongPasswordException   Will be thrown if the given password does not matches the old password stored in the DB
  */
 public static function logIn($userID, $password)
 {
     return User::existingUserObject($userID, $password);
     //If any user credential is wrong, exception will be thrown.
 }
Example #6
0
 /**
  * Function to test accessibility if the account is inactive/active.
  */
 public function testInactive()
 {
     User::newUserObject("phpsec", "owasp", "rac130@pitt.edu");
     //create a new user
     try {
         $testUser = User::existingUserObject("phpsec", "owasp");
         //note that the account is not activated. Hence an exception will be thrown
     } catch (UserAccountInactive $e) {
         $this->assertTrue(TRUE);
         //since exception is thrown, the test succeded.
         User::activateAccount("phpsec");
         //activate the account
         $testUser = User::existingUserObject("phpsec", "owasp");
         //note that the account is now active. Hence the object will be created successfully.
         $this->assertTrue($testUser->getUserID() == "phpsec");
         $this->assertTrue(!User::isInactive("phpsec"));
         $testUser->deleteUser();
     }
 }