/** * This function inserts the admin's user data */ private function updateAdmin() { $em = $this->container->get('doctrine.entitymanager'); $params = $this->decodeParameters($this->yamlManager->getParameters()); // create the password hash $password = \UserUtil::getHashedPassword($params['password'], \UserUtil::getPasswordHashMethodCode(UsersConstant::DEFAULT_HASH_METHOD)); // prepare the data $username = mb_strtolower($params['username']); $nowUTC = new \DateTime(null, new \DateTimeZone('UTC')); $nowUTCStr = $nowUTC->format(UsersConstant::DATETIME_FORMAT); /** @var \Zikula\Module\UsersModule\Entity\UserEntity $entity */ $entity = $em->find('ZikulaUsersModule:UserEntity', 2); $entity->setUname($username); $entity->setEmail($params['email']); $entity->setPass($password); $entity->setActivated(1); $entity->setUser_Regdate($nowUTCStr); $entity->setLastlogin($nowUTCStr); $em->persist($entity); $em->flush(); return true; }
/** * Authenticates authentication_info with the authenticating source, returning a simple boolean result. * * Note that, despite this function's name, there is no requirement that a password be part of the authentication_info. * Merely that enough information be provided in the authentication_info array to unequivocally authenticate the user. For * most authenticating authorities this will be the equivalent of a user name and password, but--again--there * is no restriction here. This is not, however, a "user exists in the system" function. It is expected that * the authenticating authority validate what ever is used as a password or the equivalent thereof. * * This function makes no attempt to match the given authentication_info with a Zikula user id (uid). It simply asks the * authenticating authority to authenticate the authentication_info provided. No "login" should take place as a result of * this authentication. * * This function may be called to initially authenticate a user during the registration process, or may be called * for a user already logged in to re-authenticate his password for a security-sensitive operation. This function * should merely authenticate the user, and not perform any additional login-related processes. * * This function differs from authenticateUser() in that no attempt is made to match the authentication_info with and map to a * Zikula user account. It does not return a Zikula user id (uid). * * Parameters passed in $args: * --------------------------- * array $args['authentication_info'] The information needed for this authenticationModule, including any user-entered * information. For the Users module, this contains the elements 'login_id' and 'pass'. * The 'login_id' element contains either the user name or the e-mail address of the * user logging in, depending on the authentication_method. The 'pass' contains the * password entered by the user. * array $args['authentication_method'] An array containing the authentication method, including the 'modname' (which should match this * module's module name), and the 'method' method name. For the Users module, 'modname' would * be 'Users' and 'method' would contain either 'email' or 'uname'. * * @param array $args All arguments passed to this function. * * @return boolean True if the authentication_info authenticates with the source; otherwise false on authentication failure. * * @throws Zikula_Exception_Fatal Thrown if invalid parameters are sent in $args. */ public function checkPassword(array $args) { // Note that this is a poor example function for external authenticationModules, because the authenticating // information for the Users module is stored in the users table, necessitating a lookup of the uid. // // For authentication modules other than the Users module, no attempt to look up the user account in the Users tables should be // made in the checkPassword function. if (!isset($args['authentication_info']) || !is_array($args['authentication_info']) || empty($args['authentication_info'])) { throw new Zikula_Exception_Fatal($this->__f('Invalid \'%1$s\' parameter received in a call to %2$s', array('authentication_info', __METHOD__))); } if (!isset($args['authentication_method']) || !is_array($args['authentication_method']) || empty($args['authentication_method'])) { throw new Zikula_Exception_Fatal($this->__f('Invalid \'%1$s\' parameter received in a call to %2$s', array('authentication_method', __METHOD__))); } $authenticationInfo = $args['authentication_info']; $authenticationMethod = $args['authentication_method']; $passwordAuthenticates = false; $getUidArgs = array( 'authentication_info' => $authenticationInfo, 'authentication_method' => $authenticationMethod, ); $uid = ModUtil::apiFunc($this->name, 'Authentication', 'getUidForAuthenticationInfo', $getUidArgs, 'Zikula_Api_AbstractAuthentication'); if ($uid) { if (!isset($authenticationInfo['pass']) || !is_string($authenticationInfo['pass']) || empty($authenticationInfo['pass'])) { // The user did not specify a password, or the one specified is invalid. throw new Zikula_Exception_Fatal($this->__('Error! A password must be provided.')); } // For a custom authenticationModule, we'd map the authenticationInfo to a uid above, and then execute the custom // authentication process here. On success the uid would be returned, otherwise false is returned. Note that // any "log in" into the Zikula site is not done here. This is simply verification that the authenticationInfo, // including the password, is valid as a unit. $userObj = UserUtil::getVars($uid, true); if (!$userObj) { // Must be a registration. Acting as an authenticationModule, we should not care at this point about the user's // account status. We will deal with the account status in a moment. $userObj = UserUtil::getVars($uid, true, '', true); if (!$userObj) { // Neither an account nor a pending registration request. This should really not happen since we have a uid. throw new Zikula_Exception_Fatal($this->__f('A user id was located, but the user account record could not be retrieved in a call to %1$s.', array(__METHOD__))); } } // Check for an empty password, or the special marker indicating that the account record does not // authenticate with a uname/password (or email/password, depending on the 'loginviaoption' setting) from // the Users module. An empty password can be created when an administrator creates a user registration // record pending e-mail verification and does not set a password for the user (the user will set it // upon verifying his email address). The special marker indicating that the account does not authenticate // with the Users module is used when a user registers a new account with the system using an authentication // method other than uname/pass or email/pass. In both cases, authentication automatically fails. if (!empty($userObj['pass']) && ($userObj['pass'] != Users_Constant::PWD_NO_USERS_AUTHENTICATION)) { // The following check for non-salted passwords and the old 'hash_method' field is to allow the admin to log in // during an upgrade from 1.2. // *** IMPORTANT *** // This needs to be kept for any version that allows an upgrade from Zikula 1.2.X. $methodSaltDelimPosition = strpos($userObj['pass'], Users_Constant::SALT_DELIM); $saltPassDelimPosition = ($methodSaltDelimPosition === false) ? false : strpos($userObj['pass'], Users_Constant::SALT_DELIM, ($methodSaltDelimPosition + 1)); if ($saltPassDelimPosition === false) { // Old style unsalted password with hash_method in separate field // If this release version of Zikula Users Module allows upgrade from 1.2.X, then this part must be // kept. If this release version of Zikula Users Module DOES NOT support upgrade from 1.2.X then this // is the part that can go away. if (!isset($userObj['hash_method'])) { // Something is horribly wrong. The password on the user account record does not look like the // new style of hashing, and yet the old-style hash method field is nowhere to be found. throw new Zikula_Exception_Fatal($this->__('Invalid account password state.')); } $currentPasswordHashed = $userObj['hash_method'] . '$$' . $userObj['pass']; } else { // New style salted password including hash method code. // If this release version of Zikula Users module does not allow upgrade from 1.2.X, then this // is the part to keep. $currentPasswordHashed = $userObj['pass']; } // *** IMPORTANT *** // End of old-style versus new-style hashing handling. When the possiblity to upgrade from 1.2.X is // removed from the released version of Zikula Users Module, then delete this section, and replace // $currentPasswordHashed with $userObj['pass'] in the call to passwordsMatch below. if (UserUtil::passwordsMatch($authenticationInfo['pass'], $currentPasswordHashed)) { // Password in $authenticationInfo['pass'] is good at this point. // *** IMPORTANT *** // Again, this section is for converting old-style hashing to new-style hashing. Same as noted // above applies to this section. // See if we need to convert the password hashing to the new configuration. if (version_compare($this->modinfo['version'], '2.0.0') >= 0) { // Check stored hash matches the current system type, if not convert it--but only if the module version is sufficient. // Note: this is purely specific to the Users module authentication. A custom module might do something similar if it // changed the way it stored some piece of data between versions, but in general this would be uncommon. list($currentPasswordHashCode, $currentPasswordSaltStr, $currentPasswordHashStr) = explode(Users_Constant::SALT_DELIM, $currentPasswordHashed); $systemHashMethodCode = UserUtil::getPasswordHashMethodCode($this->getVar('hash_method', 'sha256')); if (($systemHashMethodCode != $currentPasswordHashCode) || empty($currentPasswordSaltStr)) { if (!UserUtil::setPassword($authenticationInfo['pass'], $uid)) { LogUtil::log($this->__('Internal Error! Unable to update the user\'s password with the new hashing method and/or salt.'), 'CORE'); } } } // *** IMPORTANT *** // End of old-style to new-style hasing conversion. // The password is good, so the password is authenticated. $passwordAuthenticates = true; } } } if (!$passwordAuthenticates && !$this->request->getSession()->hasMessages(Zikula_Session::MESSAGE_ERROR)) { if ($authenticationMethod['method'] == 'email') { $this->registerError($this->__('Sorry! The e-mail address or password you entered was incorrect.')); } else { $this->registerError($this->__('Sorry! The user name or password you entered was incorrect.')); } } return $passwordAuthenticates; }