public function validation()
 {
     // check for empty fields
     $this->validate(new Validator\PresenceOf(['field' => 'email', 'message' => 'U heeft geen email ingevoerd']));
     $this->validate(new Validator\PresenceOf(['field' => 'username', 'message' => 'U heeft geen username ingevoerd']));
     $this->validate(new Validator\PresenceOf(['field' => 'password', 'message' => 'U heeft geen password ingevoerd']));
     $this->validate(new Validator\PresenceOf(['field' => 'voornaam', 'message' => 'U heeft geen voornaam ingevoerd']));
     $this->validate(new Validator\PresenceOf(['field' => 'achternaam', 'message' => 'U heeft geen achternaam ingevoerd']));
     // check if field contains a correct format email
     $this->validate(new Validator\Email(['field' => 'email', 'message' => 'geen correcte emailadres', 'allowEmpty' => true]));
     // check if email is unique in the DB
     $this->validate(new Validator\Uniqueness(['field' => 'email', 'message' => 'dit emailadres is al in gebruik', 'allowEmpty' => true]));
     // check if username is unique in the DB
     $this->validate(new Validator\Uniqueness(['field' => 'username', 'message' => 'deze username is al in gebruik', 'allowEmpty' => true]));
     // checks if phonenumber is of a numerical value
     $this->validate(new Validator\Numericality(['field' => 'telefoonnummer', 'message' => 'dit is geen geldige telefoonnummer', 'allowEmpty' => true]));
     // checks if phonenumber has a StringLength of min 10 and max 10 numbers
     $this->validate(new Validator\StringLength(['field' => 'telefoonnummer', 'max' => '10', 'min' => '10', 'messageMaximum' => 'telefoonnummer mag niet langer zijn dan 10 karakters', 'messageMinimum' => 'telefoonnummer mag niet korter zijn dan 10 karakters', 'allowEmpty' => true]));
     // checks if password has a StringLength of max 30 and min 4
     $this->validate(new Validator\StringLength(['field' => 'password', 'max' => '30', 'min' => '4', 'messageMaximum' => 'password mag niet langer zijn dan 30 karakters', 'messageMinimum' => 'password mag niet korter zijn dan 4 karakters', 'allowEmpty' => true]));
     if ($this->validationHasFailed()) {
         return false;
     }
     $security = new Security();
     // hashes given password to bcrypt hash. This hash has 61 characters
     $this->password = $security->hash($this->password);
 }
Exemple #2
0
 public function getToken($numberBytes = 32)
 {
     $key = '$PHALCON/CSRF$';
     $token = \Phalcon\DI::getDefault()->get('session')->{$key};
     if ($token) {
         return $token;
     }
     return parent::getToken($numberBytes);
 }
Exemple #3
0
 public function login()
 {
     $email = $this->request->getPost('email');
     $passwd = $this->request->getPost('passwd');
     $rem_me = $this->request->getPost('rem_me');
     $user = User::findFirst([['email' => $email]]);
     if ($user) {
         $security = new Security();
         if ($security->checkHash($passwd, $user->passwd)) {
             if (2 == $user->status) {
                 return '账号未激活,请前往激活';
             }
             $token = $user->gen_token();
             $expire = $rem_me ? time() + 3600 * 24 * 30 : 0;
             setcookie('token', $token, $expire, '/', DOMAIN, false, true);
             return $user->attrs();
         } else {
             return '账号或密码错误';
         }
     }
     return '账号或密码错误';
 }
Exemple #4
0
 public function getUserEntityByUserCredentials($username, $password, $grantType, ClientEntityInterface $clientEntity)
 {
     $builder = (new Builder())->columns(['User.id', 'User.username', 'User.password'])->addFrom(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\User::class, 'User')->where('User.username = :username:'******'username'))->limit(1);
     if ($this->getConfig()->limit_users_to_clients === true) {
         $builder->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\UserClient::class, 'UserClient.user_id = User.id', 'UserClient')->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\Client::class, 'Client.id = UserClient.client_id', 'Client')->andWhere('Client.id = :client_id:', ['client_id' => $clientEntity->getIdentifier()]);
     }
     if ($this->getConfig()->limit_users_to_grants === true) {
         $builder->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\UserGrant::class, 'UserGrant.user_id = User.id', 'UserGrant')->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\Grant::class, 'Grant.id = UserGrant.grant_id', 'Grant')->andWhere('Grant.id = :grantType:', compact('grantType'));
     }
     $query = $builder->getQuery();
     $result = $query->getSingleResult();
     if (!$result) {
         throw OAuthServerException::invalidCredentials();
     }
     $security = new Security();
     if ($security->checkHash($password, $result->password) !== true) {
         throw OAuthServerException::invalidCredentials();
     }
     $user = new UserEntity();
     $user->setIdentifier($result->id);
     return $user;
 }
    public function validation(){
        $this->validate(new Validator\Email([
            'field'=>'email',
            'message'=>'Your Email Is Invalid !'
        ]));
        $this->validate(new Validator\Uniqueness([
            'field'=>'email',
            'message'=>'Your Email Is In Use !'
        ]));
        $this->validate(new Validator\StringLength([
            'field'=>'password',
            'max'=>'30',
            'min'=>'4',
            'messageMaximum'=>'Your Password Must be Under 30 Characters',
            'messageMinimum'=>'Your Password Must be At Least 4 Characters'
        ]));

        if($this->validationHasFailed()){
            return false;
        }

        $security=new Security();
        $this->password=$security->hash($this->password);
    }
Exemple #6
0
 public function login(array $credential)
 {
     if (empty($credential['login']) || empty($credential['password'])) {
         throw new Exception(__($this->options['hints']['invalid_user_credential']));
     }
     if (!($user = $this->findUser($credential))) {
         throw new Exception(__($this->options['hints']['invalid_user_credential']));
     }
     if (!$this->hasher->checkHash($credential['password'], $user->getData($this->options['user_fields']['password_field']))) {
         throw new Exception(__($this->options['hints']['invalid_password']));
     }
     if (!empty($credential['remember']) && method_exists($user, 'setRememberToken')) {
         $rememberToken = Text::token() . $user->getId();
         $user->setRememberToken($rememberToken);
         Cookies::set($cookieName = $this->options['remember_login']['cookie_key'], $rememberToken, time() + $this->options['remember_login']['ttl'], null, null, null, true);
         Cookies::get($cookieName)->useEncryption(false);
     }
     $this->setUserAsLoggedIn($user);
     return $user;
 }
Exemple #7
0
$di->set('db', function () use($di) {
    return new Mysql(['host' => $di->get('config')->database->mysql->host, 'username' => $di->get('config')->database->mysql->username, 'password' => $di->get('config')->database->mysql->password, 'dbname' => $di->get('config')->database->mysql->dbname, 'options' => [\PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES ' . $di->get('config')->database->mysql->charset]]);
}, true);
$di->set('cookies', function () {
    $cookies = new Cookies();
    $cookies->useEncryption(false);
    return $cookies;
}, true);
$di->set('crypt', function () use($di) {
    $crypt = new Crypt();
    $crypt->setKey($di->get('config')->application->cryptSalt);
    //Use your own key!
    return $crypt;
});
$di->set('security', function () {
    $security = new Security();
    //Set the password hashing factor to 12 rounds
    $security->setWorkFactor(12);
    return $security;
}, true);
//Set the models cache service
$di->set('modelsCache', function () {
    // Cache data for one day by default
    $frontCache = new Data(['lifetime' => 86400]);
    // Memcached connection settings
    $cache = new Memcache($frontCache, ['host' => 'localhost', 'port' => 11211]);
    return $cache;
});
//Set mail swift
$di->set('mail', function () {
    return new Mail();
Exemple #8
0
 /**
  *
  * @param type $options
  */
 protected function initSecurity($options = [])
 {
     $this->_di->setShared('security', function () {
         $security = new Security();
         $security->setWorkFactor(12);
         return $security;
     });
 }
Exemple #9
0
 public function computeHmac($data, $key, $algo, $raw = false)
 {
     return parent::computeHmac($data, $key, $algo, $raw);
 }
Exemple #10
0
 /**
  * @return string
  */
 private function createSalt()
 {
     $security = new PhalconSecurity();
     $security->setRandomBytes(64);
     return $security->getSaltBytes();
 }
 /**
  * Initializes the Security component
  *
  * @param array $options
  */
 public function initSecurity($options = [])
 {
     $this->di->setShared('security', function () {
         $security = new PhSecurity();
         $security->setWorkFactor(10);
         return $security;
     });
 }
Exemple #12
0
 /**
  * Init Services
  *
  * @param mixed $config
  * @param \Phalcon\DiInterface $di
  */
 public function _initServices($di, $config)
 {
     /**
      * The URL component is used to generate all kind of urls in the application
      */
     $di->set('url', function () use($config) {
         $url = new UrlResolver();
         $url->setBaseUri($config->website->baseUri);
         return $url;
     }, true);
     /**
      * Start the session the first time some component request the session service
      */
     $di->set('session', function () use($config) {
         $session = new ZSession(['uniqueId' => $config->auth->salt]);
         $session->start();
         return $session;
     }, true);
     /**
      * Set view cache
      */
     $di->set('viewCache', function () use($config) {
         //Cache data for one day by default
         $frontCache = new FrontendOutput(['lifetime' => $config->viewCache->lifetime]);
         //File backend settings
         $cache = new CacheFile($frontCache, ['cacheDir' => ROOT_PATH . $config->viewCache->dir]);
         return $cache;
     });
     if ($config->modelMetadataCache->status) {
         /**
          * Set models metadata
          */
         $di->set('modelsMetadata', function () use($config) {
             if ($config->modelMetadataCache->type == 'apc') {
                 return new MetaDataApc(['lifetime' => $config->modelMetadataCache->lifetime, 'prefix' => $config->modelMetadataCache->prefix]);
             } else {
                 return new MetadataFiles(['metaDataDir' => ROOT_PATH . '/cache/metadata/', 'lifetime' => $config->modelMetadataCache->lifetime]);
             }
         });
     }
     /**
      * Crypt service
      */
     $di->set('crypt', function () use($config) {
         $crypt = ZCrypt::getInstance();
         $crypt->setKey($config->crypt->key);
         return $crypt;
     });
     /**
      * Set security
      */
     $di->set('security', function () {
         $security = new Security();
         $security->setWorkFactor(8);
         return $security;
     });
     /**
      * Set up database connection
      */
     $di->set('db', function () use($config) {
         $adapter = 'Phalcon\\Db\\Adapter\\Pdo\\' . $config->database->adapter;
         /**
          * @var \Phalcon\Db\Adapter\Pdo\Postgresql $db
          */
         if ($config->database->adapter == 'Mysql') {
             $db = new $adapter($config->database->toArray());
         } else {
             $db = new $adapter(array('host' => $config->database->host, 'username' => $config->database->username, 'password' => $config->database->password, 'dbname' => $config->database->dbname));
         }
         if ($config->database->log) {
             $eventsManager = new EventsManager();
             if (!file_exists(ROOT_PATH . '/cache/logs/db.log')) {
                 file_put_contents(ROOT_PATH . '/cache/logs/db.log', '');
             }
             $logger = new FileLogger(ROOT_PATH . '/cache/logs/db.log');
             //Listen all the database events
             $eventsManager->attach('db', function ($event, $db) use($logger) {
                 /**
                  * @var \Phalcon\Events\Event $event
                  */
                 if ($event->getType() == 'beforeQuery') {
                     /**
                      * @var \Phalcon\Db\Adapter\Pdo\Postgresql $db
                      */
                     $logger->log($db->getSQLStatement(), Logger::INFO);
                 }
             });
             //Assign the eventsManager to the db adapter instance
             $db->setEventsManager($eventsManager);
         }
         return $db;
     });
     /**
      * Set a models manager
      */
     $di->set('modelsManager', new ModelsManager());
     /**
      * Set up model cache for Phalcon model
      */
     $di->set('modelsCache', function () {
         return ZCache::getInstance('_ZCMS_MODEL');
     });
     /**
      * Set up asset add css, js
      */
     $di->set('assets', new ZAssets());
     /**
      * Loading routes from the routes.php file
      */
     $di->set('router', function () {
         return require APP_DIR . '/config/router.php';
     });
     $di->set('acl', ZAcl::getInstance());
     /**
      * Set up the flash service (custom with bootstrap)
      */
     $di->set('flashSession', function () {
         $flashSession = new FlashSession(['warning' => 'alert alert-warning', 'notice' => 'alert alert-info', 'success' => 'alert alert-success', 'error' => 'alert alert-danger']);
         return $flashSession;
     });
     /**
      * Set up cache
      */
     $di->set('cache', ZCache::getInstance('_ZCMS_GLOBAL'));
 }
Exemple #13
0
 /**
  * Init security.
  *
  * @param DI     $di     Dependency Injection.
  *
  * @return void
  */
 protected function _initSecurity($di)
 {
     $di->set('security', function () {
         $security = new PhSecurity();
         $security->setWorkFactor(10);
         return $security;
     });
 }
Exemple #14
0
 /**
  * Verify that password entered will match the hashed password
  *
  * @param string $rawPassword the user's raw password
  * @param string $dbHash the hashed password that was saved
  * @return bool
  */
 public static function verifyPassword($rawPassword, $dbHash)
 {
     //todo test this with many randomly generated passwords for vulnerabilities.
     $security = new Security();
     return $security->checkHash($rawPassword, $dbHash);
 }
Exemple #15
0
 public function setPassword($newPassword)
 {
     $security = new Security();
     $this->pass = $security->hash($newPassword);
 }
Exemple #16
0
/**
 * Database connection is created based in the parameters defined in the configuration file
 */
$di->set('db', function () use($config) {
    return new DbAdapter($config->database->toArray());
});
/**
 * If the configuration specify the use of metadata adapter use it or use memory otherwise
 */
$di->set('modelsMetadata', function () {
    return new MetaDataAdapter();
});
/**
 *  Start Flash
 */
$di->set('flash', function () {
    return new FlashSession(array('error' => 'alert alert-danger', 'success' => 'alert alert-success', 'notice' => 'alert alert-info'));
});
$di->set('security', function () {
    $security = new Security();
    $security->setWorkFactor(6);
    return $security;
}, true);
/**
 * Start the session the first time some component request the session service
 */
$di->setShared('session', function () {
    $session = new SessionAdapter();
    $session->start();
    return $session;
});