| public CheckPassword ( String $password, String $stored_hash ) : boolean | ||
| $password | String | |
| $stored_hash | String | |
| return | boolean | |
/**
* Check the given plain value against a hash.
*
* @param string $value
* @param string $hashedValue
* @param array $options
* @return bool
*/
public function check($value, $hashedValue, array $options = [])
{
if (strlen($hashedValue) === 0) {
return false;
}
return $this->hasher->CheckPassword($value, $hashedValue);
}
public function testPortableHashes()
{
$hasher = new PasswordHash(8, true);
$correct = 'test12345';
$wrong = 'test12346';
$this->assertTrue($hasher->CheckPassword($correct, self::PORTABLE_HASH));
$this->assertFalse($hasher->CheckPassword($wrong, self::PORTABLE_HASH));
}
/**
* Checks the plaintext password against the encrypted Password.
*
* Maintains compatibility between old version and the new cookie authentication
* protocol using PHPass library. The $hash parameter is the encrypted password
* and the function compares the plain text password when encrypted similarly
* against the already encrypted password to see if they match.
*
* @uses PasswordHash::CheckPassword
*
* @param string $password Plaintext user's password
* @param string $hash Hash of the user's password to check against.
*
* @return bool False, if the $password does not match the hashed password
*/
public function check($password, $hash)
{
// If the hash is still md5...
if (strlen($hash) <= 32) {
return $hash == md5($password);
}
// If the stored hash is longer than an MD5, presume the
// new style phpass portable hash.
return $this->wp_hasher->CheckPassword($password, $hash);
}
/**
* Check a user login request for username/password combinations.
*
* @param string $userName
* @param string $password
*
* @return boolean
*/
protected function loginCheckPassword($userName, $password)
{
if (!($userEntity = $this->getUserEntity($userName))) {
return false;
}
$hasher = new PasswordHash($this->app['access_control.hash.strength'], true);
if (!$hasher->CheckPassword($password, $userEntity->getPassword())) {
$this->loginFailed($userEntity);
return false;
}
return $this->loginFinish($userEntity);
}
/**
* @param Post $post
* @param Request $request
* @param string $cookieHash
*
* @return bool
*/
public function isPasswordRequired(Post $post, Request $request, $cookieHash)
{
if (!$post->getPassword()) {
return false;
}
$cookies = $request->cookies;
if (!$cookies->has('wp-postpass_' . $cookieHash)) {
return true;
}
$hash = stripslashes($cookies->get('wp-postpass_' . $cookieHash));
if (0 !== strpos($hash, '$P$B')) {
return true;
}
$wpHasher = new PasswordHash(8, true);
return !$wpHasher->CheckPassword($post->getPassword(), $hash);
}
public function testSetRandomPassword()
{
$app = $this->getApp();
$this->addDefaultUser($app);
$entityName = 'Bolt\\Storage\\Entity\\Users';
$repo = $app['storage']->getRepository($entityName);
$logger = $this->getMock('\\Monolog\\Logger', ['info'], ['testlogger']);
$logger->expects($this->atLeastOnce())->method('info')->with($this->equalTo("Password for user 'admin' was reset via Nut."));
$app['logger.system'] = $logger;
$password = new Password($app);
$newPass = $password->setRandomPassword('admin');
$userEntity = $repo->getUser('admin');
$hasher = new PasswordHash($app['access_control.hash.strength'], true);
$compare = $hasher->CheckPassword($newPass, $userEntity->getPassword());
$this->assertTrue($compare);
$this->assertEmpty($userEntity->getShadowpassword());
$this->assertEmpty($userEntity->getShadowtoken());
$this->assertNull($userEntity->getShadowvalidity());
}
/**
* Attempt to login a user with the given password and username.
*
* @param string $username
* @param string $password
*
* @return boolean
*/
protected function loginUsername($username, $password)
{
$userslug = $this->app['slugify']->slugify($username);
// for once we don't use getUser(), because we need the password.
$query = sprintf('SELECT * FROM %s WHERE username=?', $this->usertable);
$query = $this->app['db']->getDatabasePlatform()->modifyLimitQuery($query, 1);
$user = $this->db->executeQuery($query, array($userslug), array(\PDO::PARAM_STR))->fetch();
if (empty($user)) {
$this->session->getFlashBag()->add('error', Trans::__('Username or password not correct. Please check your input.'));
return false;
}
$hasher = new PasswordHash($this->hashStrength, true);
if ($hasher->CheckPassword($password, $user['password'])) {
if (!$user['enabled']) {
$this->session->getFlashBag()->add('error', Trans::__('Your account is disabled. Sorry about that.'));
return false;
}
$this->updateUserLogin($user);
$this->setAuthToken();
return true;
} else {
$this->loginFailed($user);
return false;
}
}
/**
* Validate a user against the given credentials.
*
* @param \Illuminate\Auth\UserInterface $user
* @param array $credentials
* @return bool
*/
public function validateCredentials(UserInterface $user, array $credentials)
{
$plain = $credentials['password'];
return $this->hasher->CheckPassword($plain, $user->getAuthPassword());
}
/**
* Check if users can be logged on.
*
* @return boolean
*/
private function checkLogin($data)
{
if (empty($data['password'])) {
return false;
}
$hasher = new PasswordHash(12, true);
// dump($this->config);
// If we only use the password, the 'users' array is just one element.
if ($this->config['password_only']) {
$visitors = array('visitor' => $this->config['password']);
$data['username'] = '******';
} else {
$visitors = $this->config['visitors'];
}
foreach ($visitors as $visitor => $password) {
if ($data['username'] === $visitor) {
// echo "user match!";
if ($this->config['encryption'] == 'md5' && md5($data['password']) === $password) {
return $visitor;
} elseif ($this->config['encryption'] == 'password_hash' && $hasher->CheckPassword($data['password'], $password)) {
return $visitor;
} elseif ($this->config['encryption'] == 'plaintext' && $data['password'] === $password) {
return $visitor;
}
}
}
// If we get here, no dice.
return false;
}
function it_returns_false_if_the_hashed_password_is_empty(PasswordHash $hasher)
{
$hasher->CheckPassword()->shouldNotBeCalled();
$this->check('password', '')->shouldReturn(false);
}
/**
* Checks that a submitted password matches the users password
*
* @param \CMF\Auth\User $user
* @param string $submitted_password
*
* @return bool
*/
public static function has_password(User $user, $submitted_password)
{
$user_password = @stream_get_contents($user->get('encrypted_password'));
if (empty($user_password) || $user_password === false || empty($submitted_password)) {
return false;
}
$hasher = new PasswordHash(8, false);
return $hasher->CheckPassword($submitted_password, $user_password);
}
unset($_SESSION['username']);
echo '<p>Goodbye!</p>';
header("Location: index.php");
} else {
//select hashed password for given username
$selectQuery = "SELECT pass FROM admins WHERE username = :username";
$selectStatement = $db->prepare($selectQuery);
$selectStatement->bindValue(':username', $username, PDO::PARAM_INT);
$selectStatement->execute();
$select = $selectStatement->fetch();
//if a user/pass is found
if (!empty($select)) {
//this is an instance of phpass.
$hasher = new PasswordHash($hash_cost_log2, $hash_portable);
//if passwords match(phpass does the heavy lifting)
if ($hasher->CheckPassword($pass, $select['pass'])) {
//store username
$_SESSION['username'] = $username;
//go back to index
header("Location: index.php");
} else {
echo '<p>Incorrect password</p>';
}
} else {
echo '<p>User not found.</p>';
}
unset($hasher);
}
?>
</div> <!-- END CONTENT -->
</div> <!-- END container -->
