/** * A generalized method for performing a password change * @access public * @param data array - A 1 deminisonal array focused in the user data * @return array */ public function changePassword($data) { $this->create(); //Create a salt value for the user $salt = Sec::makeSalt(); //Load salt into the data array $data['salt'] = $salt; $data['temp_password'] = $data['password']; //Hash the password and its verifcation then load it into the data array $data['password'] = Sec::hashPassword($data['password'], $salt); $data['verify_password'] = Sec::hashPassword($data['verify_password'], $salt); //set expiration date for the password $data['password_expires'] = date("Y-m-d H:i:s", strtotime("+".Configure::read('Password.expiration')." Days")); //Clear out any password reset request tokens along with a successfull password reset $data['password_reset_token'] = null; $data['password_reset_token_expiry'] = null; //Try to save the new user record if($this->save($data)){ $_SESSION['Auth']['User']['password_expires'] = $data['password_expires']; return array('password' => $data['password'], 'salt' => $data['salt']); }else{ return array(); } }
/** * The result of makeSalt() MUST NOT ever yeild the same results twice * * @return void * @access public */ public function testMakeSaltAmbiguity() { $hash1 = Sec::makeSalt(); $hash2 = Sec::makeSalt(); $this->assertNotEqual($hash1, $hash2); }