/**
* Decrypts credentials previously stored in property of current instance.
*
* @return string password previously used on authentication
*/
private function getCredentials()
{
return crypt::create(function () {
return blowfish::get($_COOKIE['_txf'] . $_SERVER['REMOTE_ADDR'] . $_COOKIE['_txf'] . $_SERVER['HTTP_HOST'], md5($_SERVER['HTTP_USER_AGENT'])) . blowfish::get($_SERVER['HTTP_HOST'] . $_COOKIE['_txf'] . $_SERVER['HTTP_USER_AGENT'] . $_COOKIE['_txf'], md5($_SERVER['REMOTE_ADDR']));
})->decrypt($this->credentials);
}
public function changePassword($newToken)
{
exception::enterSensitive();
if (preg_match('/\\s/', $newToken) || strlen($newToken) < 8 || strlen($newToken) > 16) {
throw new \InvalidArgumentException('invalid password');
}
$db = $this->datasource();
$conf = $this->configuration;
$sql = sprintf('UPDATE %s SET %s=? WHERE %s=?', $db->qualifyDatasetName($conf['set']), $db->quoteName(name_mapping::mapSingle('password', 'txf.sql_user')), $db->quoteName(name_mapping::mapSingle('id', 'txf.sql_user')));
if ($db->test($sql, blowfish::get($newToken), $this->getID())) {
$this->saveCredentials($newToken);
$this->record = null;
}
exception::leaveSensitive();
return true;
}