/** * Attempt authentication after user submission. * @param int $uid The User account's ID. * @param string $password The User account's (actual) hashed password string. * @param string $salt The User account's salt string. * @param string $passwordAttempt The User's attempted, unhashed password string. * @return boolean */ public static function login($uid, $password, $salt, $passwordAttempt) { self::prependSessionKey(); //$hashedPasswordAttempt = self::hashPassword($passwordAttempt, $salt); if (self::needsReHashPassword($password, $salt, $passwordAttempt)) { $password = self::hashPassword($passwordAttempt); $zendDb = Bootstrap::get('zendDb'); $usersTable = new TableGateway('directus_users', $zendDb); $usersTable->update(['password' => $password, 'access_token' => sha1($uid . StringUtils::random())], ['id' => $uid]); } if (password_verify($passwordAttempt, $password)) { self::completeLogin($uid); return true; } return false; }
/** * Change the password of a user given their e-mail address * * The function will change the password of a user given their e-mail * address. If there are multiple users with the same e-mail address, and * this should never be the case, all of their passwords would be changed. * * The function will generate a new salt for every password change. * * @param string $email The e-mail of the user whose password is being * changed. * @param string $password The new password. * * @return void * * @throws PasswordChangeException Thrown when password change has failed. * */ public function changePassword($email, $password) { $salt = StringUtils::random(); $hash = Provider::hashPassword($password, $salt); $user = $this->usersTableGateway->select(['email' => $email])->current(); if (!$user) { throw new \InvalidArgumentException(__t('User not found')); } try { $update = ['password' => $hash, 'salt' => $salt, 'access_token' => sha1($user->id . StringUtils::random())]; $changed = $this->usersTableGateway->update($update, ['email' => $email]); if ($changed == 0) { throw new PasswordChangeException(__t('Could not change password for ') . $email . ': ' . __t('e-mail not found.')); } } catch (\PDOException $ex) { throw new PasswordChangeException(__t('Failed to change password') . ': ' . str($ex)); } }
/** * @expectedException InvalidArgumentException */ public function testRandomHasException() { StringUtils::random(0); }
private function updatePassword() { $data = []; $options = $this->options; foreach ($options as $key => $value) { switch ($key) { case 'uid': case 'u': $data['id'] = $value; unset($options[$key]); break; case 'upass': case 'p': $data['password'] = $value; unset($options[$key]); break; } } if (!isset($data['password']) || !isset($data['id'])) { echo PHP_EOL . __t('Missing User ID or Password') . PHP_EOL; exit; } $zendDb = Bootstrap::get('zendDb'); $userTableGateway = new TableGateway('directus_users', $zendDb); $result = $userTableGateway->update(['password' => \Directus\Auth\Provider::hashPassword($data['password']), 'access_token' => sha1($data['id'] . \Directus\Util\StringUtils::random())], ['id' => $data['id']]); $message = 'Error trying to update the password.'; if ($result) { $message = 'Password updated successfully'; } echo PHP_EOL . __t($message) . PHP_EOL; }