/** * Decrypts credentials previously stored in property of current instance. * * @return string password previously used on authentication */ private function getCredentials() { return crypt::create(function () { return blowfish::get($_COOKIE['_txf'] . $_SERVER['REMOTE_ADDR'] . $_COOKIE['_txf'] . $_SERVER['HTTP_HOST'], md5($_SERVER['HTTP_USER_AGENT'])) . blowfish::get($_SERVER['HTTP_HOST'] . $_COOKIE['_txf'] . $_SERVER['HTTP_USER_AGENT'] . $_COOKIE['_txf'], md5($_SERVER['REMOTE_ADDR'])); })->decrypt($this->credentials); }
public function changePassword($newToken) { exception::enterSensitive(); if (preg_match('/\\s/', $newToken) || strlen($newToken) < 8 || strlen($newToken) > 16) { throw new \InvalidArgumentException('invalid password'); } $db = $this->datasource(); $conf = $this->configuration; $sql = sprintf('UPDATE %s SET %s=? WHERE %s=?', $db->qualifyDatasetName($conf['set']), $db->quoteName(name_mapping::mapSingle('password', 'txf.sql_user')), $db->quoteName(name_mapping::mapSingle('id', 'txf.sql_user'))); if ($db->test($sql, blowfish::get($newToken), $this->getID())) { $this->saveCredentials($newToken); $this->record = null; } exception::leaveSensitive(); return true; }