public function testPassword()
{
$password = \SecureFuncs\SecureFuncs::randomString(32);
$hash = \SecureFuncs\SecureFuncs::password_hash($password);
$this->assertInternalType('string', $hash);
$this->assertTrue(\SecureFuncs\SecureFuncs::password_verify($password, $hash));
}
/**
* Login a existing user
* @param $username
* @param $password
* @param $rememberme
* @return bool
*/
public function login($username, $password, $rememberme = "off")
{
$this->checkLoggedIn();
if (Core::$loggedIn !== false) {
$this->setMessage('error', ADVANCEDLOGINSCRIPT_USER_ALREADY_LOGGED_IN);
return false;
}
$username = strtolower($username);
$_SESSION['stored_login_fields']['username'] = $username;
if ($failedLogins = $this->checkFailedLogins() >= 3) {
$this->setMessage('error', ADVANCEDLOGINSCRIPT_USER_FAILED_ATTEMPTS);
return false;
}
if (!filter_var($username, FILTER_VALIDATE_EMAIL) === false) {
// the username that was entered is a valid email, check for a user in the database with this email
$get_user = $this->newBuilder()->select('*, u.id as id, ug.id as usergroup_id, ug.name as usergroup')->from('users', 'u')->innerJoin('u', 'usergroups', 'ug', 'u.user_group = ug.id')->where('LOWER(email) = :email')->setParameter('email', $username)->execute();
} else {
// the username that was entered is not a valid email, check for a user in the database with this username
$get_user = $this->newBuilder()->select('*, u.id as id, ug.id as usergroup_id, ug.name as usergroup')->from('users', 'u')->innerJoin('u', 'usergroups', 'ug', 'u.user_group = ug.id')->where('LOWER(username) = :username')->setParameter('username', $username)->execute();
}
$record = $get_user->fetch();
// fetch the results
if (!$record) {
// no results > no user was found
$this->addLoginAttempt(NULL, 'not_found');
// add a failed login attempt
$this->setMessage('error', ADVANCEDLOGINSCRIPT_INVALID_LOGIN);
return false;
} elseif ($record['banned'] === 1) {
// user is banned, run the logout function to make sure the session is reset
$this->setMessage('error', ADVANCEDLOGINSCRIPT_USER_BANNED);
$this->logout();
return false;
} elseif ($record['active'] == 0) {
// user is inactive, warn that the user needs to activate his/her account
$this->logout();
$this->setMessage('error', ADVANCEDLOGINSCRIPT_USER_INACTIVE);
return false;
}
$rehash = false;
if (md5($password) === $record['password']) {
// first check if the password matches with the md5 hash, we do this first because its fast
$rehash = true;
} elseif (\SecureFuncs\SecureFuncs::password_verify($password, $record['password'])) {
//next check for a bcrypt password match
$rehash = password_needs_rehash($record['password'], PASSWORD_DEFAULT);
} else {
// no user found or password invalid, invalid login
$this->addLoginAttempt($record['id'], 'invalid_password');
$this->setMessage('error', ADVANCEDLOGINSCRIPT_INVALID_LOGIN);
return false;
}
// update some data
$update_user = $this->newBuilder()->update('users')->set('last_login', 'now()')->where('id = :id')->setParameter(":id", $record['id']);
if ($rehash) {
// password needs to be rehashed
$update_data['password'] = \SecureFuncs\SecureFuncs::password_hash($password, PASSWORD_DEFAULT);
$update_user->set('password', ':password')->setParameter(":password", $update_data['password']);
}
$update_user->execute();
if ($rememberme == "on") {
// set new authentication cookie
$this->set_auth_cookie($record['id']);
}
// add a succesful login attempt to the database
$this->addLoginAttempt($record['id'], 1);
// unset password variable before adding the session variables
unset($record['password']);
unset($_SESSION['stored_login_fields']);
$_SESSION['currentuser'] = $record;
// refresh the session ID
session_regenerate_id();
// display a message to notify the user
$this->setMessage('success', ADVANCEDLOGINSCRIPT_USER_LOGGED_IN . $record['username']);
if (ADVANCEDLOGINSCRIPT_ENABLE_JWT) {
$this->refreshJWTtoken($record);
}
return true;
}
