/** * Function to test if DOB is stored correctly. */ public function testSetDOB() { $dob = time() - 10000; $this->xobj->setDOB($dob); $result = SQL("SELECT `DOB` FROM XUSER WHERE USERID = ?", array($this->obj->getUserID())); $this->assertTrue($result[0]['DOB'] == $dob); }
/** * Constructor of this class. * @param \phpsec\User $userObj The object of class \phpsec\User */ public function __construct($userObj) { $this->userID = $userObj->getUserID(); if (!XUser::isXUserExists($this->userID)) { //If user's records are not present in the DB, then insert them SQL("INSERT INTO XUSER (`USERID`) VALUES (?)", array($this->userID)); } }
/** * Function to test if brute force is detected when failed attempts are done in intervals. e.g. a bot guesses password after every 2 seconds in attempt to fool the system that this is a legit attempt */ public function testBruteForceForSlowPasswordGuessing() { try { //repeatedly provide wrong password. for ($i = 0; $i < 7; $i++) { sleep(2); //Sleep for some time so that the mechanism can be fooled. $this->obj = new AdvancedPasswordManagement($this->user->getUserID(), "resting", true); //wrong password provided. } } catch (BruteForceAttackDetectedException $e) { $this->assertTrue(TRUE); //True since BruteForceAttackDetectedException was thrown } }
/** * Function for user to Log-out. * @param \phpsec\User $userObj The user object of the user that needs to log out */ public static function logOut($userObj) { if ($userObj->checkRememberMe() === $userObj->getUserID()) { User::deleteAuthenticationToken(); //delete the authentication token from the server and the user's browser } if (file_exists(__DIR__ . "/../session/session.php")) { require_once __DIR__ . "/../session/session.php"; //If session library is present, then delete session from the server as well as user's browser $tempSession = new Session(); $tempSession->existingSession(); $tempSession->destroySession(); } }