PHP OSC\OM Hash::verify Exemples

Exemple #1

Fichier : cm_login_form.php Projet : haraldpdl/oscommerce2

 function execute()
 {
     global $login_customer_id, $messageStack, $oscTemplate;
     $OSCOM_Db = Registry::get('Db');
     $error = false;
     if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
         $email_address = HTML::sanitize($_POST['email_address']);
         $password = HTML::sanitize($_POST['password']);
         // Check if email exists
         $Qcustomer = $OSCOM_Db->get('customers', ['customers_id', 'customers_password'], ['customers_email_address' => $email_address], null, 1);
         if ($Qcustomer->fetch() === false) {
             $error = true;
         } else {
             // Check that password is good
             if (!Hash::verify($password, $Qcustomer->value('customers_password'))) {
                 $error = true;
             } else {
                 // set $login_customer_id globally and perform post login code in catalog/login.php
                 $login_customer_id = $Qcustomer->valueInt('customers_id');
                 // migrate old hashed password to new php password_hash
                 if (Hash::needsRehash($Qcustomer->value('customers_password'))) {
                     $OSCOM_Db->save('customers', ['customers_password' => Hash::encrypt($password)], ['customers_id' => $login_customer_id]);
                 }
             }
         }
     }
     if ($error == true) {
         $messageStack->add('login', OSCOM::getDef('module_content_login_text_login_error'));
     }
     ob_start();
     include 'includes/modules/content/' . $this->group . '/templates/login_form.php';
     $template = ob_get_clean();
     $oscTemplate->addContent($template, $this->group);
 }

Exemple #2

Fichier : account_password.php Projet : haraldpdl/oscommerce2

    $password_current = HTML::sanitize($_POST['password_current']);
    $password_new = HTML::sanitize($_POST['password_new']);
    $password_confirmation = HTML::sanitize($_POST['password_confirmation']);
    $error = false;
    if (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
        $error = true;
        $messageStack->add('account_password', OSCOM::getDef('entry_password_new_error', ['min_length' => ENTRY_PASSWORD_MIN_LENGTH]));
    } elseif ($password_new != $password_confirmation) {
        $error = true;
        $messageStack->add('account_password', OSCOM::getDef('entry_password_new_error_not_matching'));
    }
    if ($error == false) {
        $Qcheck = $OSCOM_Db->prepare('select customers_password from :table_customers where customers_id = :customers_id');
        $Qcheck->bindInt(':customers_id', $_SESSION['customer_id']);
        $Qcheck->execute();
        if (Hash::verify($password_current, $Qcheck->value('customers_password'))) {
            $OSCOM_Db->save('customers', ['customers_password' => Hash::encrypt($password_new)], ['customers_id' => (int) $_SESSION['customer_id']]);
            $OSCOM_Db->save('customers_info', ['customers_info_date_account_last_modified' => 'now()'], ['customers_info_id' => (int) $_SESSION['customer_id']]);
            $messageStack->add_session('account', OSCOM::getDef('success_password_updated'), 'success');
            OSCOM::redirect('account.php');
        } else {
            $error = true;
            $messageStack->add('account_password', OSCOM::getDef('error_current_password_not_matching'));
        }
    }
}
$breadcrumb->add(OSCOM::getDef('navbar_title_1'), OSCOM::link('account.php'));
$breadcrumb->add(OSCOM::getDef('navbar_title_2'), OSCOM::link('account_password.php'));
require $oscTemplate->getFile('template_top.php');
?>

Exemple #3

Fichier : login.php Projet : haraldpdl/oscommerce2

}
if (tep_not_null($action)) {
    switch ($action) {
        case 'process':
            if (isset($_SESSION['redirect_origin']) && isset($_SESSION['redirect_origin']['auth_user']) && !isset($_POST['username'])) {
                $username = HTML::sanitize($_SESSION['redirect_origin']['auth_user']);
                $password = HTML::sanitize($_SESSION['redirect_origin']['auth_pw']);
            } else {
                $username = HTML::sanitize($_POST['username']);
                $password = HTML::sanitize($_POST['password']);
            }
            $actionRecorder = new actionRecorderAdmin('ar_admin_login', null, $username);
            if ($actionRecorder->canPerform()) {
                $Qadmin = $OSCOM_Db->get('administrators', ['id', 'user_name', 'user_password'], ['user_name' => $username]);
                if ($Qadmin->fetch() !== false) {
                    if (Hash::verify($password, $Qadmin->value('user_password'))) {
                        // migrate old hashed password to new php password_hash
                        if (Hash::needsRehash($Qadmin->value('user_password'))) {
                            $OSCOM_Db->save('administrators', ['user_password' => Hash::encrypt($password)], ['id' => $Qadmin->valueInt('id')]);
                        }
                        $_SESSION['admin'] = ['id' => $Qadmin->valueInt('id'), 'username' => $Qadmin->value('user_name')];
                        $actionRecorder->_user_id = $_SESSION['admin']['id'];
                        $actionRecorder->record();
                        if (isset($_SESSION['redirect_origin'])) {
                            $page = $_SESSION['redirect_origin']['page'];
                            $get_string = http_build_query($_SESSION['redirect_origin']['get']);
                            unset($_SESSION['redirect_origin']);
                            OSCOM::redirect($page, $get_string);
                        } else {
                            OSCOM::redirect(FILENAME_DEFAULT);
                        }