ilUserPasswordManager PHP Code Examples

Example #1

0

Show file

File: class.ilUserPasswordManager.php Project: arlendotcn/ilias

 /**
  * Single method to reduce footprint (included files, created instances)
  * @return self
  */
 public static function getInstance()
 {
     if (self::$instance instanceof self) {
         return self::$instance;
     }
     /**
      * @var $ilClientIniFile ilIniFile
      */
     global $ilClientIniFile;
     require_once 'Services/User/classes/class.ilUserPasswordEncoderFactory.php';
     $password_manager = new ilUserPasswordManager(array('encoder_factory' => new ilUserPasswordEncoderFactory(array('default_password_encoder' => 'md5', 'ignore_security_flaw' => true)), 'password_encoder' => $ilClientIniFile->readVariable('auth', 'password_encoder') ? $ilClientIniFile->readVariable('auth', 'password_encoder') : 'md5'));
     self::$instance = $password_manager;
     return self::$instance;
 }

Example #2

0

Show file

File: class.ilSetup.php Project: bheyser/qplskl

 /**
  * process client login
  * @param	array
  * @return	boolean
  */
 function loginAsClient($a_auth_data)
 {
     global $ilDB;
     if (empty($a_auth_data["client_id"])) {
         $this->error = "no_client_id";
         return false;
     }
     if (empty($a_auth_data["username"])) {
         $this->error = "no_username";
         return false;
     }
     if (empty($a_auth_data["password"])) {
         $this->error = "no_password";
         return false;
     }
     if (!$this->newClient($a_auth_data["client_id"])) {
         $this->error = "unknown_client_id";
         unset($this->client);
         return false;
     }
     if (!$this->client->db_exists) {
         $this->error = "no_db_connect_consult_admin";
         unset($this->client);
         return false;
     }
     $s1 = $this->client->db->query("SELECT value from settings WHERE keyword = " . $this->client->db->quote('system_role_id', 'text'));
     $r1 = $this->client->db->fetchAssoc($s1);
     $system_role_id = $r1["value"];
     $q = "SELECT usr_data.usr_id, usr_data.passwd, usr_data.passwd_enc_type, usr_data.passwd_salt " . "FROM usr_data " . "LEFT JOIN rbac_ua ON rbac_ua.usr_id=usr_data.usr_id " . "WHERE rbac_ua.rol_id = " . $this->client->db->quote((int) $system_role_id, 'integer') . " " . "AND usr_data.login="******"username"], 'text');
     $r = $this->client->db->query($q);
     if (!$this->client->db->numRows($r)) {
         $this->error = 'login_invalid';
         return false;
     }
     $data = $this->client->db->fetchAssoc($r);
     global $ilClientIniFile;
     $ilClientIniFile = $this->client->ini;
     require_once 'Services/User/classes/class.ilUserPasswordManager.php';
     $crypt_type = ilUserPasswordManager::getInstance()->getEncoderName();
     if (ilUserPasswordManager::getInstance()->isEncodingTypeSupported($crypt_type)) {
         require_once 'setup/classes/class.ilObjSetupUser.php';
         $user = new ilObjSetupUser();
         $user->setPasswd($data['passwd'], IL_PASSWD_CRYPTED);
         $user->setPasswordEncodingType($data['passwd_enc_type']);
         $user->setPasswordSalt($data['passwd_salt']);
         $password_valid = ilUserPasswordManager::getInstance()->verifyPassword($user, $a_auth_data['password']);
     } else {
         $password_valid = $data['passwd'] == md5($a_auth_data['password']);
     }
     if ($password_valid) {
         // all checks passed -> user valid
         $_SESSION['auth'] = true;
         $_SESSION['auth_path'] = ILIAS_HTTP_PATH;
         $_SESSION['access_mode'] = 'client';
         $_SESSION['ClientId'] = $this->client->getId();
         return true;
     } else {
         $this->error = 'login_invalid';
         return false;
     }
 }

Example #3

0

Show file

File: ilObjUserPasswordTest.php Project: arlendotcn/ilias

 /**
  *
  */
 public function testPasswordManagerNeverMigratesPasswordOnFailedVerificationWithVariantEncoders()
 {
     $user_mock = $this->getMockBuilder('ilObjUser')->disableOriginalConstructor()->getMock();
     $encoder = $this->getMockBuilder('ilBasePasswordEncoder')->disableOriginalConstructor()->getMock();
     $factory_mock = $this->getMockBuilder('ilUserPasswordEncoderFactory')->disableOriginalConstructor()->getMock();
     $user_mock->expects($this->once())->method('getPasswordSalt')->will($this->returnValue('asuperrandomsalt'));
     $user_mock->expects($this->once())->method('getPasswordEncodingType')->will($this->returnValue('second_mockencoder'));
     $user_mock->expects($this->once())->method('getPasswd')->will($this->returnValue(self::ENCODED_PASSWORD));
     $user_mock->expects($this->never())->method('resetPassword');
     $encoder->expects($this->once())->method('getName')->will($this->returnValue('second_mockencoder'));
     $encoder->expects($this->once())->method('isPasswordValid')->with($this->equalTo(self::ENCODED_PASSWORD), $this->equalTo(self::PASSWORD), $this->isType('string'))->will($this->returnValue(false));
     $factory_mock->expects($this->once())->method('getEncoderByName')->will($this->returnValue($encoder));
     $password_manager = new ilUserPasswordManager(array('password_encoder' => 'mockencoder', 'encoder_factory' => $factory_mock));
     $this->assertFalse($password_manager->verifyPassword($user_mock, self::PASSWORD));
 }

Example #4

0

Show file

File: class.ilPersonalSettingsGUI.php Project: JKN-INC/SHELBY-ILIAS

 /**
  * Save password form
  *
  */
 public function savePassword()
 {
     global $tpl, $lng, $ilCtrl, $ilUser, $ilSetting;
     // normally we should not end up here
     if (!$this->allowPasswordChange()) {
         $ilCtrl->redirect($this, "showPersonalData");
         return;
     }
     $this->initPasswordForm();
     if ($this->form->checkInput()) {
         $cp = $this->form->getItemByPostVar("current_password");
         $np = $this->form->getItemByPostVar("new_password");
         $error = false;
         // The old password needs to be checked for verification
         // unless the user uses Shibboleth authentication with additional
         // local authentication for WebDAV.
         #if ($ilUser->getAuthMode(true) != AUTH_SHIBBOLETH || ! $ilSetting->get("shib_auth_allow_local"))
         if ($ilUser->getAuthMode(true) == AUTH_LOCAL) {
             require_once 'Services/User/classes/class.ilUserPasswordManager.php';
             if (!ilUserPasswordManager::getInstance()->verifyPassword($ilUser, ilUtil::stripSlashes($_POST['current_password']))) {
                 $error = true;
                 $cp->setAlert($this->lng->txt('passwd_wrong'));
             }
         }
         // select password from auto generated passwords
         if ($this->ilias->getSetting("passwd_auto_generate") == 1 && !ilUtil::isPassword($_POST["new_password"])) {
             $error = true;
             $np->setAlert($this->lng->txt("passwd_not_selected"));
         }
         if ($this->ilias->getSetting("passwd_auto_generate") != 1 && !ilUtil::isPassword($_POST["new_password"], $custom_error)) {
             $error = true;
             if ($custom_error != '') {
                 $np->setAlert($custom_error);
             } else {
                 $np->setAlert($this->lng->txt("passwd_invalid"));
             }
         }
         $error_lng_var = '';
         if ($this->ilias->getSetting("passwd_auto_generate") != 1 && !ilUtil::isPasswordValidForUserContext($_POST["new_password"], $ilUser, $error_lng_var)) {
             ilUtil::sendFailure($this->lng->txt('form_input_not_valid'));
             $np->setAlert($this->lng->txt($error_lng_var));
             $error = true;
         }
         if ($this->ilias->getSetting("passwd_auto_generate") != 1 && ($ilUser->isPasswordExpired() || $ilUser->isPasswordChangeDemanded()) && $_POST["current_password"] == $_POST["new_password"]) {
             $error = true;
             $np->setAlert($this->lng->txt("new_pass_equals_old_pass"));
         }
         if (!$error) {
             $ilUser->resetPassword($_POST["new_password"], $_POST["new_password"]);
             if ($_POST["current_password"] != $_POST["new_password"]) {
                 $ilUser->setLastPasswordChangeToNow();
             }
             if (ilSession::get('orig_request_target')) {
                 ilUtil::sendSuccess($this->lng->txt('saved_successfully'), true);
                 $target = ilSession::get('orig_request_target');
                 ilSession::set('orig_request_target', '');
                 ilUtil::redirect($target);
             } else {
                 ilUtil::sendSuccess($this->lng->txt('saved_successfully'));
                 $this->showPassword(true, true);
                 return;
             }
         }
     }
     $this->form->setValuesByPost();
     $this->showPassword(true);
 }

Example #5

0

Show file

File: class.ilAuthContainerSOAP.php Project: arlendotcn/ilias

 /**
  * Called after login and successful call of fetch data
  * @return 
  * @param object $a_username
  * @param object $a_auth
  */
 public function loginObserver($a_username, $a_auth)
 {
     global $ilias, $rbacadmin, $lng, $ilSetting;
     $GLOBALS['ilLog']->write(__METHOD__ . ': SOAP login observer called');
     // TODO: handle passed credentials via GET
     /*
     if (empty($_GET["ext_uid"]) || empty($_GET["soap_pw"]))
     {
     	$this->status = AUTH_WRONG_LOGIN;
     	return;
     }
     */
     // Not required anymore
     /*
     $validation_data = $this->validateSoapUser($_GET["ext_uid"], $_GET["soap_pw"]);
     
     if (!$validation_data["valid"])
     {
     	$this->status = AUTH_WRONG_LOGIN;
     	return;
     }
     */
     $local_user = $this->response["local_user"];
     if ($local_user != "") {
         // to do: handle update of user
         $a_auth->setAuth($local_user);
         return true;
     }
     if (!$ilSetting->get("soap_auth_create_users")) {
         $a_auth->status = AUTH_SOAP_NO_ILIAS_USER;
         $a_auth->logout();
         return false;
     }
     //echo "1";
     // try to map external user via e-mail to ILIAS user
     if ($this->response["email"] != "") {
         //echo "2";
         //var_dump ($_POST);
         $email_user = ilObjUser::_getLocalAccountsForEmail($this->response["email"]);
         // check, if password has been provided in user mapping screen
         // (see ilStartUpGUI::showUserMappingSelection)
         // FIXME
         if ($_POST["LoginMappedUser"] != "") {
             if (count($email_user) > 0) {
                 $user = ilObjectFactory::getInstanceByObjId($_POST["usr_id"]);
                 require_once 'Services/User/classes/class.ilUserPasswordManager.php';
                 if (ilUserPasswordManager::getInstance()->verifyPassword($user, ilUtil::stripSlashes($_POST["password"]))) {
                     // password is correct -> map user
                     //$this->setAuth($local_user); (use login not id)
                     ilObjUser::_writeExternalAccount($_POST["usr_id"], $_GET["ext_uid"]);
                     ilObjUser::_writeAuthMode($_POST["usr_id"], "soap");
                     $_GET["cmd"] = $_POST["cmd"] = $_GET["auth_stat"] = "";
                     $local_user = ilObjUser::_lookupLogin($_POST["usr_id"]);
                     $a_auth->status = '';
                     $a_auth->setAuth($local_user);
                     return true;
                 } else {
                     //echo "6"; exit;
                     $a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
                     $a_auth->setSubStatus(AUTH_WRONG_LOGIN);
                     $a_auth->logout();
                     return false;
                 }
             }
         }
         if (count($email_user) > 0 && $_POST["CreateUser"] == "") {
             $_GET["email"] = $this->response["email"];
             $a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
             $a_auth->logout();
             return false;
         }
     }
     $userObj = new ilObjUser();
     $local_user = ilAuthUtils::_generateLogin($a_username);
     $newUser["firstname"] = $this->response["firstname"];
     $newUser["lastname"] = $this->response["lastname"];
     $newUser["email"] = $this->response["email"];
     $newUser["login"] = $local_user;
     // to do: set valid password and send mail
     $newUser["passwd"] = "";
     $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
     // generate password, if local authentication is allowed
     // and account mail is activated
     $pw = "";
     if ($ilSetting->get("soap_auth_allow_local") && $ilSetting->get("soap_auth_account_mail")) {
         $pw = ilUtil::generatePasswords(1);
         $pw = $pw[0];
         $newUser["passwd"] = $pw;
         $newUser["passwd_type"] = IL_PASSWD_PLAIN;
     }
     //$newUser["gender"] = "m";
     $newUser["auth_mode"] = "soap";
     $newUser["ext_account"] = $a_username;
     $newUser["profile_incomplete"] = 1;
     // system data
     $userObj->assignData($newUser);
     $userObj->setTitle($userObj->getFullname());
     $userObj->setDescription($userObj->getEmail());
     // set user language to system language
     $userObj->setLanguage($lng->lang_default);
     // Time limit
     $userObj->setTimeLimitOwner(7);
     $userObj->setTimeLimitUnlimited(1);
     $userObj->setTimeLimitFrom(time());
     $userObj->setTimeLimitUntil(time());
     // Create user in DB
     $userObj->setOwner(0);
     $userObj->create();
     $userObj->setActive(1);
     $userObj->updateOwner();
     //insert user data in table user_data
     $userObj->saveAsNew(false);
     // setup user preferences
     $userObj->writePrefs();
     // to do: test this
     $rbacadmin->assignUser($ilSetting->get('soap_auth_user_default_role'), $userObj->getId(), true);
     // send account mail
     if ($ilSetting->get("soap_auth_account_mail")) {
         include_once './Services/User/classes/class.ilObjUserFolder.php';
         $amail = ilObjUserFolder::_lookupNewAccountMail($ilSetting->get("language"));
         if (trim($amail["body"]) != "" && trim($amail["subject"]) != "") {
             include_once "Services/Mail/classes/class.ilAccountMail.php";
             $acc_mail = new ilAccountMail();
             if ($pw != "") {
                 $acc_mail->setUserPassword($pw);
             }
             $acc_mail->setUser($userObj);
             $acc_mail->send();
         }
     }
     unset($userObj);
     $a_auth->setAuth($local_user);
     return true;
 }

Example #6

0

Show file

File: class.ilObjUser.php Project: arlendotcn/ilias

    /**
     * Resets the user password
     * @param    string $raw        Password as plaintext
     * @param    string $raw_retype Retyped password as plaintext
     * @return    boolean    true on success otherwise false
     * @access    public
     */
    public function resetPassword($raw, $raw_retype)
    {
        /**
         * @var $ilDB ilDB
         */
        global $ilDB;
        if (func_num_args() != 2) {
            return false;
        }
        if (!isset($raw) || !isset($raw_retype)) {
            return false;
        }
        if ($raw != $raw_retype) {
            return false;
        }
        require_once 'Services/User/classes/class.ilUserPasswordManager.php';
        ilUserPasswordManager::getInstance()->encodePassword($this, $raw);
        $ilDB->manipulateF('UPDATE usr_data
			SET passwd = %s, passwd_enc_type = %s, passwd_salt = %s
			WHERE usr_id = %s', array('text', 'text', 'text', 'integer'), array($this->getPasswd(), $this->getPasswordEncodingType(), $this->getPasswordSalt(), $this->getId()));
        return true;
    }

Example #7

0

Show file

File: class.ilPDNewsBlockGUI.php Project: arlendotcn/ilias

 /**
  * change user password
  */
 function changeFeedSettings()
 {
     global $ilCtrl, $lng, $ilUser;
     $form = $this->initPrivateSettingsForm();
     if ($form->checkInput()) {
         // Deactivate private Feed - just delete the password
         if (!$form->getInput("enable_private_feed")) {
             $ilUser->_setFeedPass($ilUser->getId(), "");
             ilUtil::sendSuccess($lng->txt("priv_feed_disabled"), true);
             // $ilCtrl->returnToParent($this);
             $ilCtrl->redirect($this, "showFeedUrl");
         } else {
             $passwd = $form->getInput("desired_password");
             require_once 'Services/User/classes/class.ilUserPasswordManager.php';
             if (ilUserPasswordManager::getInstance()->verifyPassword($ilUser, $passwd)) {
                 $form->getItemByPostVar("desired_password")->setAlert($lng->txt("passwd_equals_ilpasswd"));
                 ilUtil::sendFailure($lng->txt("form_input_not_valid"));
             } else {
                 $ilUser->_setFeedPass($ilUser->getId(), $passwd);
                 ilUtil::sendSuccess($lng->txt("saved_successfully"), true);
                 // $ilCtrl->returnToParent($this);
                 $ilCtrl->redirect($this, "showFeedUrl");
             }
         }
     }
     $form->setValuesByPost();
     return $this->editSettings($form);
 }

Example #8

0

Show file

File: class.ilPurchaseBMFGUI.php Project: arlendotcn/ilias

 function getCreditCard()
 {
     if ($_POST["card_holder"] == "" || $_POST["card_number"]["block_1"] == "" || $_POST["card_number"]["block_2"] == "" || $_POST["card_number"]["block_3"] == "" || $_POST["card_number"]["block_4"] == "" || $_POST["validity"]["month"] == "" || $_POST["validity"]["year"] == "" || $_POST["validity"]["year"] . "-" . $_POST["validity"]["month"] < date("Y-m")) {
         $this->error = $this->lng->txt('pay_bmf_credit_card_not_valid');
         ilUtil::sendInfo($this->error);
         $this->showCreditCard();
         return;
     }
     if ($_POST["terms_conditions"] != 1) {
         $this->error = $this->lng->txt('pay_bmf_check_terms_conditions');
         ilUtil::sendInfo($this->error);
         $this->showCreditCard();
         return;
     }
     require_once 'Services/User/classes/class.ilUserPasswordManager.php';
     $verified_passwd = ilUserPasswordManager::getInstance()->verifyPassword($this->user_obj, ilUtil::stripSlashes($_POST["password"]));
     if ($_POST["password"] == "" || $verified_passwd == false) {
         $this->error = $this->lng->txt('pay_bmf_password_not_valid');
         ilUtil::sendInfo($this->error);
         $this->showCreditCard();
         return;
     }
     $_SESSION["bmf"]["credit_card"]["gueltigkeit"]["monat"] = $_POST["validity"]["month"];
     $_SESSION["bmf"]["credit_card"]["gueltigkeit"]["jahr"] = $_POST["validity"]["year"];
     $_SESSION["bmf"]["credit_card"]["karteninhaber"] = $_POST["card_holder"];
     $_SESSION["bmf"]["credit_card"]["kreditkartenNr"]["block_1"] = $_POST["card_number"]["block_1"];
     $_SESSION["bmf"]["credit_card"]["kreditkartenNr"]["block_2"] = $_POST["card_number"]["block_2"];
     $_SESSION["bmf"]["credit_card"]["kreditkartenNr"]["block_3"] = $_POST["card_number"]["block_3"];
     $_SESSION["bmf"]["credit_card"]["kreditkartenNr"]["block_4"] = $_POST["card_number"]["block_4"];
     $_SESSION["bmf"]["credit_card"]["kartenpruefnummer"] = $_POST["check_number"];
     /**/
     # zum testen
     $this->error = "";
     $this->sendCreditCard();
 }

Example #9

0

Show file

File: class.ilAuthContainerMDB2.php Project: arlendotcn/ilias

 /**
  * @param    string $raw
  * @param    string $encoded
  * @param           string    string    $cryptType
  * @return    bool
  */
 public function verifyPassword($raw, $encoded, $crypt_type = 'md5')
 {
     $this->log(__METHOD__ . ' called.', AUTH_LOG_DEBUG);
     if (in_array($crypt_type, array('none', ''))) {
         return parent::verifyPassword($raw, $encoded, $crypt_type);
     }
     require_once 'Services/User/classes/class.ilUserPasswordManager.php';
     $crypt_type = ilUserPasswordManager::getInstance()->getEncoderName();
     if (ilUserPasswordManager::getInstance()->isEncodingTypeSupported($crypt_type)) {
         /**
          * @var $user ilObjUser
          */
         $user = ilObjectFactory::getInstanceByObjId(ilObjUser::_loginExists($this->_auth_obj->username));
         $user->setPasswd($encoded, IL_PASSWD_CRYPTED);
         return ilUserPasswordManager::getInstance()->verifyPassword($user, $raw);
     }
     // Fall through: Let pear verify the password
     return parent::verifyPassword($raw, $encoded, $crypt_type);
 }

PHP ilUserPasswordManager Examples