Exemple #1
0
 /**
  * Call this when logging in an user. If password is correct, the last
  * login date is updated. If the password storage method was outdated, the
  * password is rehashed.
  *
  * @param User $user The user.
  * @param string $password_unhashed The password entered by the user.
  */
 protected function loginCheck(User $user, $password_unhashed)
 {
     if ($this->userRepo == null) {
         // Unable to log in when userRepo is not present
         return false;
     }
     $password_hashed = $user->getPasswordHashed();
     $loggedIn = false;
     if (strLen($password_hashed) == 32 && $password_hashed[0] != '$') {
         // Still md5(sha1($pass)), update
         if (md5(sha1($password_unhashed)) == $password_hashed) {
             // Gets saved later on, when updating the last login
             $user->setPassword($password_unhashed);
             $loggedIn = true;
         }
     }
     // Try to use modern password verification
     if (!$loggedIn) {
         $loggedIn = crypt($password_unhashed, $password_hashed) === $password_hashed;
     }
     if ($loggedIn) {
         $status = $user->getStatus();
         // Check whether the account is deleted
         if ($status == Authentication::STATUS_DELETED) {
             // Act like the account doesn't exist
             return false;
         }
         // Check whether the account is banned
         if ($status == Authentication::STATUS_BANNED) {
             $text = $this->website->getText();
             $text->addError($text->tReplaced("users.status.banned.your_account", $user->getStatusText()));
             return false;
         }
         // Check password strength
         if ($user->isWeakPassword($password_unhashed)) {
             $text = $this->website->getText();
             $text->addError($text->t("users.your_password_is_insecure"), Link::of($text->getUrlPage("edit_password"), $text->t("users.password.edit")));
         }
         // Update last login date (and possibly password hash, see above) if successfull
         $user->setLastLogin(new DateTime());
         $this->userRepo->save($user);
     }
     return $loggedIn;
 }