/**
* @covers Xoops\Form\Password::render
*/
public function testRender()
{
$value = $this->object->render();
$this->assertTrue(is_string($value));
$this->assertTrue(false !== strpos($value, '<input'));
$this->assertTrue(false !== strpos($value, 'type="password"'));
}
public function login()
{
$pass = new Password($this->password);
$db = new DB();
$db->where(['email' => $this->email, 'username' => $this->username], 'AND', "OR");
$db->where(['password' => $this->password], 'AND');
$data = $db->getRow($this->table);
//_print_r($data);
if (count($data) > 0 && $pass->verifyPassword()) {
if ($n = $pass->needRehash()) {
$newHash = $pass->reHashPassword();
$db->where(['email' => $this->email, 'username' => $this->username], 'AND', "OR");
$db->where(['password' => $this->password], 'AND');
$res = $db->update($this->table, ['hash' => $newHash]);
}
/************ SET SESSION VARIABLES HERE **************/
//session_start();
$_SESSION['logged'] = TRUE;
$_SESSION['userid'] = $data->id;
$_SESSION['username'] = $data->username ? $data->username : "";
/****************** END SESSION SETTINGS **************/
return $data;
} else {
return FALSE;
}
}
/**
* @param ValueObject $other
*
* @return bool
*/
public function sameValueAs(Password $other)
{
if (!$other instanceof self) {
return false;
}
return $this->toString() === $other->toString();
}
public function testCompile()
{
$field = new Password("test", "Test");
$expected = "<label for=\"test\">Test</label><input type=\"password\" name=\"test\" value=\"\" />";
$value = $field->compile();
$this->assertEquals($expected, $value);
}
function token()
{
global $instDir, $objMessages, $entryMessage;
// Get the userid
include_once $instDir . "lib/password.php";
$password = new Password();
$token = $_GET['t'];
$userid = $password->getUserId($token);
if (sizeof($userid) > 0) {
// Clear the request
$password->removeToken($token);
// Send a mail that the request was canceled.
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
$subject = LangCancelRequestNewPasswordSubject;
$message = LangCancelRequestNewPassword1 . $ip;
$message .= LangCancelRequestNewPassword2;
$objMessages->sendEmail($subject, $message, $userid);
// Go to the DeepskyLog page and show 'Your password change request was canceled'
$entryMessage = LangCancelRequestNewPasswordSubject . ".";
}
}
function login() {
try {
$A = new Auth();
} catch(Exception $e) {
die($e->getMessage());
}
if($_POST['password']) {
$P = new Password();
if(!$P->isValid($_POST['password'])) {
$pass_incorrect = true;
} else {
$set_cookie = true;
$cookieval = set_auth_cookie();
try {
$A->create($cookieval);
} catch(Exception $e) {
die($e->getMessage());
}
}
} else {
if(isset($_COOKIE['auth']) && $A->isValid($_COOKIE['auth']))
$already_set = true;
}
?>
<!DOCTYPE html>
<html>
<head><title>set scraps password</title></head>
<body>
<?php if($pass_incorrect): ?>
<p>The password entered does not match the current password.</p>
<?php elseif($set_cookie): ?>
<p>Y'all should be logged in now.</p>
<?php elseif($already_set): ?>
<p>Y'all is already logged in.</p>
<?php else: ?>
<form method="post">
<input name="password" type="password" placeholder="Password?" \>
<input type="submit" value="Login" />
</form>
</body>
</html>
<?php endif;
}
public function setPasswordField($data, $value)
{
$pwd = new Password();
if ($value == $data->get(self::PASSWORD)) {
return $value;
}
return $pwd->hash($value);
}
public static function init($name, $value, $attrs = null)
{
$p = new Password($name, $value);
if ($attrs) {
$p->add_attrs($attrs);
}
return $p;
}
public function login($username, $password)
{
$pass = new Password();
$hashed = $this->get_user_hash($username);
$stmt = $pass->password_verify($password, $hashed);
if ($stmt == 1) {
$_SESSION['loggedin'] = true;
return $stmt;
}
}
/**
* Get a CSRF Token value as stored in the session, or create one if it doesn't yet exist
*
* @param int|string|null $id Optional unique ID for this token
* @return string
*
*/
public function getTokenValue($id = '')
{
$tokenName = $this->getTokenName($id);
$tokenValue = $this->session->get($this, $tokenName);
if (empty($tokenValue)) {
// $tokenValue = md5($this->page->path() . mt_rand() . microtime()) . md5($this->page->name . $this->config->userAuthSalt . mt_rand());
$pass = new Password();
$tokenValue = $pass->randomBase64String(32);
$this->session->set($this, $tokenName, $tokenValue);
}
return $tokenValue;
}
public static function isValid(&$properties_dictionary, $limit_to_keys, &$error)
{
// Check each property is valid
//
if (!parent::isValid($properties_dictionary, $limit_to_keys, $error)) {
return false;
}
if (ValidationC::should_test_property('rawEmail', $properties_dictionary, true, $limit_to_keys) && !Email::propertyIsValid('rawEmail', $properties_dictionary[USER_KEY_EMAIL], $error)) {
// Email was not valid
//
return false;
}
if (ValidationC::should_test_property('rawPassword', $properties_dictionary, true, $limit_to_keys) && !Password::propertyIsValid('rawPassword', $properties_dictionary[USER_KEY_PASSWORD], $error)) {
// Password was not valid
//
return false;
}
if (isset($properties_dictionary[USER_KEY_NOTIFICATION_DEVICE_IDENTIFIERS])) {
if (ValidationC::should_test_property(USER_KEY_NOTIFICATION_DEVICE_IDENTIFIERS, $properties_dictionary, true, $limit_to_keys) && !User::propertyIsValid(USER_KEY_NOTIFICATION_DEVICE_IDENTIFIERS, $properties_dictionary[USER_KEY_NOTIFICATION_DEVICE_IDENTIFIERS], $error)) {
// Password was not valid
//
return false;
}
}
return true;
}
/**
* Handle a POST request to reset a user's password.
*
* @return Response
*/
public function postReset()
{
$post = Input::all();
$rules = array('email' => 'required|email', 'password' => 'required', 'password_confirmation' => 'required');
$validator = Validator::make($post, $rules);
if ($validator->fails()) {
return Redirect::to('recordar/form/' . $post['token'])->withErrors($validator)->withInput();
} else {
$credentials = Input::only('email', 'password', 'password_confirmation', 'token');
$response = Password::reset($credentials, function ($user, $password) {
$user->password = Hash::make($password);
$user->password_changed = true;
$user->save();
});
switch ($response) {
case Password::INVALID_PASSWORD:
case Password::INVALID_TOKEN:
case Password::INVALID_USER:
return Redirect::back()->with('error', Lang::get($response));
case Password::PASSWORD_RESET:
Session::flash('success', 'Su contraseña ha sido cambiada exitósamente.');
return Redirect::to('login');
}
}
}
public function testResetPasswordSuccess()
{
// check reset password success
Password::shouldReceive('reset')->once()->andReturn('passwords.reset');
$checkResetPassword = $this->call('POST', '/passwords/reset', ['token' => 'token', 'email' => '*****@*****.**', 'password' => '12345678', 'password_confirmation' => '12345678']);
$this->assertEquals(200, $checkResetPassword->getStatusCode());
}
public function login()
{
/**
* function that allows the user to login
* @param password $pass password of the user
* @param $filter to validate that the password is correct
* @param $auth to authorize the entrance to de system
*
* @return void
*/
if ($_POST) {
$pass = new Password();
$filter = new Validations();
$auth = new Authorization();
$username = $filter->sanitizeText($_POST['username']);
$password = $filter->sanitizeText($_POST['password']);
$options = array('conditions' => "username = '******'");
$usuario = $this->db->find('usuarios', 'first', $options);
if ($pass->isValid($password, $usuario['password'])) {
$auth->login($usuario);
$this->redirect(array('controller' => 'tareas'));
} else {
echo "Usuario no valido";
}
}
$this->_view->renderizar('login');
}
protected function resetPassword($credentials)
{
return Password::reset($credentials, function ($user, $pass) {
$user->password = Hash::make($pass);
$user->save();
});
}
public function login()
{
$res = new stdClass();
$res->success = FALSE;
$data = new stdClass();
parse_str(file_get_contents("php://input"), $data);
$data = (object) $data;
$this->load->model('sp_model');
$where = 'userName="******"';
$arr = $this->sp_model->where('jwt_user', $where, 'id', 'asc');
if (count($arr) == 1) {
if (Password::validate_password($data->password, $arr[0]->password)) {
$res->success = true;
$token = array();
$token['id'] = $arr[0]->id;
$res->access_token = JWT::encode($token, $this->config->item('jwt_key'));
$res->id = $arr[0]->id;
} else {
$res->error = 'Invalid user name or password.';
http_response_code(401);
}
} else {
$res->error = 'Invalid user name or password.';
http_response_code(401);
}
$this->load->view('json', array('output' => $res));
}
/**
* Setup the instance (singleton)
*
* @return Password
*/
public static function getInstance()
{
if (!self::$_instance instanceof self) {
self::$_instance = new self();
}
return self::$_instance;
}
/**
* Send an email to reset your password.
*/
public function postRemind()
{
$credentials = array('email' => Input::get('email'));
return Password::remind($credentials, function ($message, $user) {
$message->subject('Reset your password');
});
}
/**
* salt
* Creates pseudo-random salt using "more random" functions
* @param int $length How many characters the salt should contain.
* @return string Salt string.
*/
public static function salt($length = 22)
{
$buffer = '';
$bufferValid = false;
if (function_exists('mcrypt_create_iv')) {
$buffer = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
$bufferValid = $buffer ? true : false;
}
if (!$bufferValid && function_exists('openssl_random_pseudo_bytes')) {
$buffer = openssl_random_pseudo_bytes($length);
$bufferValid = $buffer ? true : false;
}
if (!$bufferValid && file_exists('/dev/urandom')) {
$f = @fopen('/dev/urandom', 'r');
if ($f) {
$read = strlen($buffer);
while ($read < $length) {
$buffer .= fread($f, $length - $read);
$read = strlen($buffer);
}
fclose($f);
$bufferValid = $read >= $length ? true : false;
}
}
if (!$bufferValid || strlen($buffer) < $length) {
$bufferLength = strlen($buffer);
$buffer .= Password::simpleSalt($length - $bufferLength);
}
$salt = str_replace('+', '.', base64_encode($buffer));
return substr($salt, 0, $length);
}
public function resetAction()
{
$token = "?token=" . Input::get("token");
$errors = new MessageBag();
if ($old = Input::old("errors")) {
$errors = $old;
}
$data = ["token" => $token, "errors" => $errors];
if (Input::server("REQUEST_METHOD") == "POST") {
$validator = Validator::make(Input::all(), ["email" => "required|email", "password" => "required|min:6", "password_confirmation" => "required|same:password", "token" => "required|exists:token,token"]);
if ($validator->passes()) {
$credentials = ["email" => Input::get("email")];
Password::reset($credentials, function ($user, $password) {
$user->password = Hash::make($password);
$user->save();
Auth::login($user);
return Redirect::route("user/profile");
});
}
$data["email"] = Input::get("email");
$data["errors"] = $validator->errors();
return Redirect::to(URL::route("user/reset") . $token)->withInput($data);
}
return View::make("user/reset", $data);
}
public function getUser($email, $formPassword)
{
$query = $this->pdo->prepare("SELECT * FROM user WHERE email = '{$email}'");
$query->execute();
$result = $query->fetch();
if (!empty($result)) {
$password = new Password();
if ($password->password_verify($formPassword, $result['password']) == 1) {
return $result;
} else {
echo "<h1> Pogresan password. </h1>";
}
} else {
echo "<h1> Pogresan email. </h1>";
}
}
public function register($email, $password)
{
$this->db->set('email', $email);
$this->db->set('password', Password::create_hash($password));
$this->db->insert('users');
return $this->db->insert_id();
}
public function login()
{
if (!empty($_POST['username']) && !empty($_POST['password'])) {
$username = filter_var($_POST['username'], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
$data["admin"] = $this->_model->check_admin("username", $username);
if (!sizeof($data["admin"])) {
Message::set("There is no username with this value '" . $_POST['username'] . "'", "error");
URL::REDIRECT("portfolio");
} else {
foreach ($data["admin"] as $key => $value) {
$password = $_POST['password'];
$hash_password = $value['password'];
$username = $value['username'];
if ($value['state'] == 1) {
if (Password::validate($password, $hash_password)) {
Session::set("admin", $username);
Message::set("Herzlich Wilkommen " . Session::get('admin') . "!", "success");
URL::REDIRECT("portfolio");
} else {
Message::set("Password not matched", "error");
URL::REDIRECT("portfolio");
}
} else {
Message::set("Your account hasn't been activated yet. Please activate your account by confirming our email.", "info");
URL::REDIRECT("portfolio");
}
}
}
} else {
Message::set("Please fill the login form", "error");
URL::REDIRECT("portfolio");
}
}
/**
* Store a newly created resource in storage.
*
* @param \Illuminate\Http\Request $request
*
* @return \Illuminate\Http\Response
*/
public function store(Request $request)
{
$user = $this->updateOrCreate($request);
\Password::sendResetLink(['email' => $user->email], function (Message $message) {
$message->subject('Velkommen til ub-baser');
});
return redirect()->action('Admin\\UserController@index')->with('status', 'En epost er sendt til brukeren med instruksjoner for å sette passord.');
}
public function insert()
{
include PATH_INCLUDES . 'Password.class.php';
$hashedPassword = Password::password_encrypt($this->password);
$var = $this->Db->prepare("INSERT INTO " . self::$table_name . "(username, email, password, first_name, last_name) \n\t\t\tVALUES(:username, :email, :password, :first_name, :last_name)");
$aBinding = array(':username' => $this->username, ':email' => $this->email, ':password' => $hashedPassword, ':first_name' => $this->first_name, ':last_name' => $this->last_name);
$var->execute($aBinding);
}
function token()
{
global $instDir, $objMessages, $entryMessage;
// Get the userid
include_once $instDir . "lib/password.php";
$password = new Password();
$token = $_GET['t'];
if ($password->tokenExists($token)) {
// Only go on when the token is not too old. If the token is too old, remove the token.
if ($password->isValid($token)) {
// Go to the correct
echo "<div id=\"main\">";
// TODO: Add form to change the password.
// TODO: Add scripts to change the password.
print "TEST: " . $userid;
echo "</div>";
} else {
// TODO: Change
print "<br/>TOKEN IS NOT VALID ANYMORE!";
}
} else {
// TODO: Change message
$entryMessage = "TOKEN DOES NOT EXIST!";
$_GET['indexAction'] = 'main';
// TODO: Return the index page
return;
}
if (sizeof($userid) > 0) {
// Clear the request
$password->removeToken($token);
// Send a mail that the request was canceled.
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
$subject = LangCancelRequestNewPasswordSubject;
$message = LangCancelRequestNewPassword1 . $ip;
$message .= LangCancelRequestNewPassword2;
$objMessages->sendEmail($subject, $message, $userid);
// Go to the DeepskyLog page and show 'Your password change request was canceled'
$entryMessage = LangCancelRequestNewPasswordSubject . ".";
}
}
/**
* Model_Default_User::match_password()
* check if given password matches encrypted password
*
* @param String $password
* @return Boolean
*/
public function verify($string)
{
if ($this->loaded() == FALSE) {
throw HTTP_Exception::factory(500, 'Trying to verify password of unloaded user');
}
$password = Password::factory($string);
return $password->match($this->password);
}
public static function create_hash($password)
{
$PBKDF2_HASH_ALGORITHM = "sha256";
$PBKDF2_ITERATIONS = 537;
$PBKDF2_HASH_BYTE_SIZE = 24;
$salt = 'RaA6EnY4vSk66fr74IjNB/kR+/3IpwiF';
return base64_encode(Password::pbkdf2($PBKDF2_HASH_ALGORITHM, $password, $salt, $PBKDF2_ITERATIONS, $PBKDF2_HASH_BYTE_SIZE, true));
}
public function update()
{
$credentials = Input::only(['email', 'token', 'password', 'password_confirmation']);
\Password::reset($credentials, function ($user, $password) {
$user->password = Hash::make($password);
$user->save();
});
return View::make('users.login')->with('success', 'Your password has been reset successfully.');
}
public function login()
{
if ($_POST) {
$pass = new Password();
$filter = new Validations();
$auth = new Authorization();
$username = $filter->sanitizeText($_POST["username"]);
$password = $filter->sanitizeText($_POST["password"]);
$options['conditions'] = " username = '******'";
$user = $this->User->find("users", "first", $options);
if ($pass->isValid($password, $user['password'])) {
$auth->login($user);
$this->redirect(array("controller" => "users", "action" => "index"));
} else {
echo "Usuario Invalido";
}
}
}
