/** * Test that false is returned when the hashes are different lengths */ public function testHashEqualsDifferentLength() { $hash = sha1(mt_rand()); $this->assertFalse(Gatekeeper::hash_equals($hash, md5(mt_rand()))); }
/** * Check the given code against he value in the database * * @param string $resetCode Reset code to verify * @return boolean Pass/fail of verification */ public function checkResetPasswordCode($resetCode) { // Verify we have a user if ($this->id === null) { return false; } if ($this->resetCode === null) { throw new Exception\PasswordResetInvalid('No reset code defined for user ' . $this->username); } // Verify the timeout $timeout = new \DateTime($this->resetCodeTimeout); if ($timeout <= new \DateTime()) { $this->clearPasswordResetCode(); throw new Exception\PasswordResetTimeout('Reset code has timeed out!'); } // We made it this far, compare the hashes $result = Gatekeeper::hash_equals($this->resetCode, $resetCode); if ($result === true) { $this->clearPasswordResetCode(); } return $result; }