/**
* _setPassword
*
* Setter for the password column.
* This method will hash the password with the DefaultPasswordHasher class.
*
* @param string $password The clean password.
* @return string
*/
protected function _setPassword($password)
{
$hasher = new DefaultPasswordHasher();
return $hasher->hash($password);
}
/**
* Login action
*
* @return void|\Cake\Network\Response
*/
public function login()
{
$failedCount = $this->Cookie->read('fail.auth');
if ($this->request->is('post')) {
Event::dispatch('Controller.Users.beforeLogin', $this);
if ($user = $this->Auth->identify()) {
$this->Auth->setUser($user);
Event::dispatch('Controller.Users.successLogin', $this);
return $this->redirect($this->Auth->redirectUrl());
}
if ($this->request->data('username') && $this->request->data('password')) {
$user = $this->Users->findByUsername($this->request->data('username'))->first();
$hasher = new DefaultPasswordHasher();
if (isset($user->id) && $hasher->check($this->request->data('password'), $user->password) && $user->status == UN_PUBLISH_STATUS) {
$hasRedirect = true;
$this->Flash->warning(__d('community', '«{0}», please activate your account', sprintf('<strong>%s</strong>', $user->name)));
}
}
Event::dispatch('Controller.Users.failLogin', $this);
if (isset($hasRedirect)) {
return $this->redirect($this->Auth->config('loginAction'));
}
$this->Flash->error(__d('community', 'Username or password is incorrect'));
}
$this->set('failedCount', $failedCount);
$this->set('page_title', __d('community', 'Sign in'));
}
protected function _setPassword($value)
{
$hasher = new DefaultPasswordHasher();
return $hasher->hash($value);
// outra forma de realizar
// return (new DefaultPasswordHasher)->hash($value);
}
/**
* Tests that a password not produced by DefaultPasswordHasher needs
* to be rehashed
*
* @return void
*/
public function testNeedsRehash()
{
$hasher = new DefaultPasswordHasher();
$this->assertTrue($hasher->needsRehash(md5('foo')));
$password = $hasher->hash('foo');
$this->assertFalse($hasher->needsRehash($password));
}
/**
* Tests that the password only needs to be re-built according to the first hasher
*
* @return void
*/
public function testNeedsRehash()
{
$hasher = new FallbackPasswordHasher(['hashers' => ['Default', 'Weak']]);
$weak = new WeakPasswordHasher();
$otherHash = $weak->hash('foo');
$this->assertTrue($hasher->needsRehash($otherHash));
$simple = new DefaultPasswordHasher();
$hash = $simple->hash('foo');
$this->assertFalse($hasher->needsRehash($hash));
}
protected function _setPassword($value)
{
if (!empty($value)) {
$hasher = new DefaultPasswordHasher();
return $hasher->hash($value);
} else {
$id_user = $this->_properties['id'];
$user = TableRegistry::get('Users')->recoverPassword($id_user);
return $user;
}
}
public function edit($id = null)
{
$user = $this->Users->get($id);
$this->set('title_for_layout', 'User : '******'Could not find that user.');
} else {
$this->set(compact('user'));
}
if ($this->request->is(['post', 'put'])) {
//Password hash
$password_hash = new DefaultPasswordHasher();
$this->request->data['password'] = $password_hash->hash($this->request->data['password']);
//Save
$this->Users->patchEntity($user, $this->request->data);
if ($this->Users->save($user)) {
$this->Flash->set('The user has been updated.', ['element' => 'alert-box', 'params' => ['class' => 'success']]);
return $this->redirect(['action' => 'users']);
}
$this->Flash->set('Unable to update the user.', ['element' => 'alert-box', 'params' => ['class' => 'danger']]);
}
}
/**
* Set up the admin and member password for the database.
*
* @param string $dir The application's root directory.
* @param \Composer\IO\IOInterface $io IO interface to write to console.
* @param string $newKey The new security.salt.
*
* @return void
*/
public static function setAccountPassword($dir, $io, $newKey = null)
{
if ($newKey == null) {
$io->write('The new Security.salt value is empty in config/app.php, can\'t set up the password.');
return;
}
$database = $dir . '/config/Schema/xeta.sql';
$content = file_get_contents($database);
$adminPass = '******';
$memberPass = '******';
$hasher = new DefaultPasswordHasher();
$replacement = [$hasher->hash($adminPass), $hasher->hash($memberPass)];
$search = ['__ADMINPASSWORD__', '__MEMBERPASSWORD__'];
$content = str_replace($search, $replacement, $content, $count);
if ($count != 2) {
$io->write('Error, there was no password to replace.');
return;
}
$result = file_put_contents($database, $content);
if ($result) {
$io->write('Set up Admin & Member passwords successfully !');
return;
}
$io->write('Unable to set up Admin & Member passwords.');
}
public function beforeSave(\Cake\Event\Event $event, \Cake\ORM\Entity $entity, \ArrayObject $options)
{
$hasher = new DefaultPasswordHasher();
$entity->password = $hasher->hash($entity->password);
return true;
}
/**
* Update info method
*
* @param string|null $id User id.
* @return void Redirects on successful edit, renders view otherwise.
* @throws \Cake\Network\Exception\NotFoundException When record not found.
*/
public function update_info($id = null)
{
if (empty($id)) {
$id = $this->getUserId();
}
$user = $this->Users->get($id, ['contain' => []]);
if ($this->request->is(['patch', 'post', 'put'])) {
$update_data = $this->request->data;
$new_password = $update_data['new_password'];
$confirm_password = $update_data['confirm_password'];
$dph = new DefaultPasswordHasher();
if (!$dph->check($update_data['current_password'], $user['password'])) {
$this->Flash->error('Mật khẩu của bạn không chính xác. <br> Vui lòng thực hiện lại!');
} else {
//Kiểm tra password mới
if (empty($new_password)) {
if (!empty($confirm_password)) {
$this->Flash->error('Bạn chưa nhập password mới.');
}
} else {
if (empty($confirm_password)) {
$this->Flash->error('Bạn chưa xác nhận password mới.');
} else {
if (strcmp($new_password, $confirm_password) !== 0) {
$this->Flash->error('Chuỗi xác nhận không trùng với password mới. <br> Vui lòng kiểm tra lại.');
} else {
$update_data['password'] = $dph->hash($update_data['new_password']);
$update_data['updated_at'] = Time::now();
$user = $this->Users->patchEntity($user, $update_data);
if ($this->Users->save($user)) {
$this->Flash->success('Thông tin của bạn đã được cập nhật!');
return $this->redirect(['action' => 'index']);
} else {
$this->Flash->error('Cập nhật thông tin không thành công. Bạn vui lòng thử lại sau!');
}
}
}
}
}
}
$roles = $this->Users->Roles->find('list', ['limit' => 200]);
$this->set(compact('user', 'roles'));
$this->set('_serialize', ['user']);
}
/**
* Emails a user their username.
* If they provide a valid password and email address
*
*/
public function forgotUsername()
{
if ($this->request->is('post')) {
$data = $this->request->data;
$userEmail = $this->Users->UserEmails->findByEmail($data['email'])->first();
$user = $this->Users->get($userEmail['user_id']);
$ok = DefaultPasswordHasher::check($data['password'], $user['password']);
if ($ok) {
// Email the user thier username
$to = $data['email'];
$message = 'Here is your username, as requested:' . PHP_EOL . PHP_EOL . 'Username: '******'username'] . PHP_EOL . PHP_EOL . ' -Vooderbot';
$email = new Email('default');
$email->transport('mailjet')->from(['*****@*****.**' => 'Vooders.com'])->to($to)->subject('Heres your username')->send($message);
$this->redirect(['action' => 'login']);
} else {
$this->Flash->error(__('The details you have entered are incorrect'));
$this->redirect(['action' => 'login']);
}
}
}
/**
* Test changementMotPasse method
*
* @return void
*/
public function testChangementMotPasse()
{
// case call from the link from the email
if ($this->debug) {
debug('USERS CONTROLLER - testChangementMotPasse: case call from the link from the email');
}
$this->get('/users/changementMotPasse/2400fd3226c673532e8e68d35c8c31115a83f6c3');
$this->assertResponseOk();
$this->assertNoRedirect();
// case authenticated user
if ($this->debug) {
debug('USERS CONTROLLER - testChangementMotPasse: case authenticated user');
}
$this->session(['Auth.User.id' => 2, 'Auth.User.email' => '*****@*****.**']);
$data = ['new_pass' => 'juVni4tr3', 'new_pass_confirm' => 'juVni4tr3', 'password' => 'HuaB78lo'];
$this->post('/users/changementMotPasse', $data);
$query = $this->Users->find()->where(['email' => '*****@*****.**'])->select('password')->first();
$hasher = new DefaultPasswordHasher();
$this->assertResponseCode(302);
$this->assertEquals(true, $hasher->check($data['new_pass'], $query['password']));
$this->assertRedirect();
// case non authenticated user
if ($this->debug) {
debug('USERS CONTROLLER - testChangementMotPasse: case non authenticated user');
}
$this->session(['Auth.User.id' => 2, 'Auth.User.email' => '*****@*****.**']);
$data = ['password' => '2400fd3226c673532e8e68d35c8c31115a83f6c3', 'new_pass' => 'juVni4tr3', 'new_pass_confirm' => 'juVni4tr3', 'password' => 'HuaB78lo'];
$this->post('/users/changementMotPasse', $data);
$query = $this->Users->find()->where(['email' => '*****@*****.**'])->select('password')->first();
$hasher = new DefaultPasswordHasher();
$this->assertResponseCode(302);
$this->assertEquals(true, $hasher->check($data['new_pass'], $query['password']));
$this->assertRedirect();
}
protected function _setPassword($value)
{
$hasher = new DefaultPasswordHasher();
// cake hashes with bcrycpt
return $hasher->hash($value);
}
public function index()
{
//Security
$base_dir = str_replace("webroot", "", getcwd());
$filename = $base_dir . 'src/Template/Themes/cakeblog/install.lock';
if (file_exists($filename)) {
$this->Flash->set('CakeBlog already installed.', ['element' => 'alert-box', 'params' => ['class' => 'success']]);
return $this->redirect(['controller' => 'Pages', 'action' => 'home']);
}
//Load theme
$this->viewBuilder()->templatePath('Themes/' . CAKEBLOG_THEME);
$this->render('install.index');
if ($this->request->is(['post', 'put'])) {
$connection = ConnectionManager::get('default');
$sql_articles = "CREATE TABLE IF NOT EXISTS articles(\n\t\t\t\t\t\t\t\tid INT( 11 ) UNSIGNED NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t\t\t\tpost_type_id INT( 11 ) NOT NULL,\n\t\t\t\t\t\t\t\tuser_id INT( 11 ) NOT NULL,\n\t\t\t\t\t\t\t\tcategory_id INT( 11 ) NOT NULL,\n\t\t\t\t\t\t\t\ttitle TEXT NOT NULL,\n\t\t\t\t\t\t\t\tslug TEXT NOT NULL,\n\t\t\t\t\t\t\t\tbody TEXT NOT NULL,\n\t\t\t\t\t\t\t\tfeatured TEXT NOT NULL,\n\t\t\t\t\t\t\t\tslider INT( 11 ) NOT NULL,\n\t\t\t\t\t\t\t\tstatus INT( 11 ) NOT NULL,\n\t\t\t\t\t\t\t\tmetadescription TEXT NULL,\n\t\t\t\t\t\t\t\tmetakeywords TEXTa NULL,\n\t\t\t\t\t\t\t\tcreated_at TIMESTAMP NOT NULL,\n\t\t\t\t\t\t\t\tupdated_at TIMESTAMP NOT NULL,\n\t\t\t\t\t\t\t\tPRIMARY KEY (id)\n\t\t\t\t\t\t\t\t)";
$connection->query($sql_articles);
$sql_categories = "CREATE TABLE IF NOT EXISTS categories(\n\t\t\t\t\t\t\t\tid INT( 11 ) UNSIGNED NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t\t\t\tpost_type_id INT( 11 ) NOT NULL,\n\t\t\t\t\t\t\t\ttitle TEXT NOT NULL,\n\t\t\t\t\t\t\t\tslug TEXT NOT NULL,\n\t\t\t\t\t\t\t\tbody TEXT NOT NULL,\n\t\t\t\t\t\t\t\tmetadescription TEXT NULL,\n\t\t\t\t\t\t\t\tmetakeywords TEXT NULL,\n\t\t\t\t\t\t\t\tPRIMARY KEY (id)\n\t\t\t\t\t\t\t\t)";
$connection->query($sql_categories);
$sql_navigation = "CREATE TABLE IF NOT EXISTS navigation(\n\t\t\t\t\t\t\t\tid INT( 11 ) UNSIGNED NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t\t\t\tparent_id INT( 11 ) NULL,\n\t\t\t\t\t\t\t\ttitle TEXT NOT NULL,\n\t\t\t\t\t\t\t\turl TEXT NOT NULL,\n\t\t\t\t\t\t\t\ttarget TEXT NOT NULL,\n\t\t\t\t\t\t\t\tposition INT( 11 ) NOT NULL,\n\t\t\t\t\t\t\t\tPRIMARY KEY (id)\n\t\t\t\t\t\t\t\t)";
$connection->query($sql_navigation);
$sql_pages = "CREATE TABLE IF NOT EXISTS pages(\n\t\t\t\t\t\t\t\tid INT( 11 ) UNSIGNED NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t\t\t\ttitle TEXT NOT NULL,\n\t\t\t\t\t\t\t\tslug TEXT NOT NULL,\n\t\t\t\t\t\t\t\tbody TEXT NOT NULL,\n\t\t\t\t\t\t\t\tmetadescription TEXT NULL,\n\t\t\t\t\t\t\t\tmetakeywords TEXT NULL,\n\t\t\t\t\t\t\t\tPRIMARY KEY (id)\n\t\t\t\t\t\t\t\t)";
$connection->query($sql_pages);
$sql_post_type = "CREATE TABLE IF NOT EXISTS post_type(\n\t\t\t\t\t\t\t\tid INT( 11 ) UNSIGNED NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t\t\t\ttitle TEXT NOT NULL,\n\t\t\t\t\t\t\t\tslug TEXT NOT NULL,\n\t\t\t\t\t\t\t\tbody TEXT NOT NULL,\n\t\t\t\t\t\t\t\tmetadescription TEXT NULL,\n\t\t\t\t\t\t\t\tmetakeywords TEXT NULL,\n\t\t\t\t\t\t\t\tPRIMARY KEY (id)\n\t\t\t\t\t\t\t\t)";
$connection->query($sql_post_type);
$sql_users = "CREATE TABLE IF NOT EXISTS users(\n\t\t\t\t\t\t\t\tid INT( 11 ) UNSIGNED NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t\t\t\tfull_name VARCHAR( 255 ) NOT NULL,\n\t\t\t\t\t\t\t\tusername VARCHAR( 255 ) NOT NULL,\n\t\t\t\t\t\t\t\tpassword VARCHAR( 255 ) NOT NULL,\n\t\t\t\t\t\t\t\trole VARCHAR( 255 ) NOT NULL,\n\t\t\t\t\t\t\t\tbody TEXT NOT NULL,\n\t\t\t\t\t\t\t\tprofile_image TEXT NOT NULL,\n\t\t\t\t\t\t\t\tPRIMARY KEY (id)\n\t\t\t\t\t\t\t\t)";
$connection->query($sql_users);
$full_name = $this->request->data['full_name'];
$username = $this->request->data['username'];
$password_hash = new DefaultPasswordHasher();
$password = $password_hash->hash($this->request->data['password']);
$role = 'admin';
$body = $this->request->data['body'];
$sql_insert_user = "******" . $full_name . "', '" . $username . "', '" . $password . "', '" . $role . "', {$body}, '');";
$connection->query($sql_insert_user);
$search_sidebar = '<h2>Search</h2>
<form action="<?php echo BASE_URL; ?>/search" method="get">
<input name="category" type="hidden" value="1" />
<div class="row">
<div class="col-sm-8">
<input class="form-control" name="keyword" type="text" placeholder="Search..." />
</div>
<div class="col-sm-4">
<input class="btn btn-primary" name="Search" type="submit" />
</div>
</div>
</form>';
$sql_insert_sidebar = "INSERT INTO sidebar (id, title, body, position) VALUES (NULL, 'Search', '" . $search_sidebar . "', 0);";
$connection->query($sql_insert_sidebar);
$categories_sidebar = '<div class="list-group">
<?php
$base_url = BASE_URL;
foreach ($cat_array as $sidebar_category) {
//if($sidebar_category[\'post_type\'] == 2) {
echo \'<a class="list-group-item" href="\'.$base_url.\'/category/\'.$sidebar_category[\'id\'].\'/\'.$sidebar_category[\'slug\'].\'">\'.$sidebar_category[\'title\'].\' <span class="badge">\'.$sidebar_category[\'count\'].\'</span></a>\';
}
//}
?>
</div>';
$sql_insert_sidebar = "INSERT INTO sidebar (id, title, body, position) VALUES (NULL, 'Categories', '" . $categories_sidebar . "', 1);";
$connection->query($sql_insert_sidebar);
$about_page_body = '<p>CakeBlog is an open source blogging software. Written by <a href="http://georgewhitcher.com">George Whitcher</a> in PHP with the CakePHP framework.</p>
<p>This project was started for my personal blogging and has been rewritten in Codeigniter, Laravel and now CakePHP. CakePHP is my favorite framework and more can be learned about CakePHP by visiting their <a title="CakePHP" href="http://cakephp.org" target="_blank">website</a>. </p>
<p>If you are having issues with CakeBlog please submit them to the "issues" section on it's repository.</p>';
$about_page_metadescription = 'Welcome to CakeBlog! An open source blog software. Written by George Whitcher in PHP with the CakePHP framework.';
$about_page_metakeywords = 'cakeblog, cakephp, blog, open source';
$sql_insert_about_page = "INSERT INTO pages (id, title, slug, body, metadescription, metakeywords) VALUES (NULL, 'About', 'about', '" . $about_page_body . "', '" . $about_page_metadescription . "', '" . $about_page_metakeywords . "');";
$connection->query($sql_insert_about_page);
$article_body = '<p>Welcome to CakeBlog! An open source blog software. Written by <a title="George Whitcher - Web Developer" href="http://georgewhitcher.com" target="_blank">George Whitcher</a> in PHP with the CakePHP framework.</p>';
$article_featured = BASE_URL . '/uploads/articles/featured/cover-1200x400.jpg';
$article_metadescription = 'Welcome to CakeBlog! An open source blog software. Written by George Whitcher in PHP with the CakePHP framework.';
$article_metakeywords = 'cakeblog, cakephp, blog, open source';
$article_date = date('Y-m-d H:i:s');
$sql_insert_article = "INSERT INTO articles (id, post_type_id, user_id, category_id, title, slug, body, featured, slider, status, metadescription, metakeywords, created_at, updated_at) VALUES (NULL, 0, 1, 1, 'Welcome to CakeBlog', 'welcome-to-cakeblog', '" . $article_body . "', '" . $article_featured . "', 1, 1 '" . $article_metadescription . "', '" . $article_metakeywords . "', '" . $article_date . "', '" . $article_date . "');";
$connection->query($sql_insert_article);
$category_metadescription = 'Welcome to CakeBlog! An open source blog software. Written by George Whitcher in PHP with the CakePHP framework.';
$category_metakeywords = 'cakeblog, cakephp, blog, open source';
$sql_insert_category = "INSERT INTO categories (id, title, slug, body, metadescription, metakeywords) VALUES (NULL, 'Uncategorized', 'uncategorized', '" . $category_metadescription . "', '" . $category_metakeywords . "');";
$connection->query($sql_insert_category);
//lock
fopen($filename, "w");
$this->Flash->set('CakeBlog has been installed. Please delete "/src/InstallController.php" for your security.', ['element' => 'alert-box', 'params' => ['class' => 'success']]);
return $this->redirect(['controller' => 'Pages', 'action' => 'display', 'home']);
}
}
/**
* method init
*
* @return void
*/
public function init()
{
$hasher = new DefaultPasswordHasher();
$this->records = [['nom' => 'User', 'prenom' => 'First', 'fullname_slug' => 'first_user', 'email' => EMAIL_TO_TEST, 'password' => $hasher->hash('juVni4tr3'), 'role' => 'admin', 'actif' => true, 'created' => '2007-03-18 10:39:23', 'updated' => '2007-03-18 10:41:31'], ['nom' => 'User', 'prenom' => 'Second', 'fullname_slug' => 'second_user', 'email' => '*****@*****.**', 'password' => $hasher->hash('HuaB78lo'), 'actif' => true, 'change_pass_code' => '2400fd3226c673532e8e68d35c8c31115a83f6c3', 'change_pass_date' => '2014-02-04 09:30:21', 'created' => '2007-03-18 10:41:23', 'updated' => '2007-03-18 10:43:31'], ['nom' => 'User', 'prenom' => 'Third', 'fullname_slug' => 'third_user', 'email' => '*****@*****.**', 'password' => $hasher->hash('Mak66uruck'), 'actif' => true, 'created' => '2007-03-18 10:43:23', 'updated' => '2007-03-18 10:45:31']];
parent::init();
}
public function _setPassword($value)
{
$hasher = new DefaultPasswordHasher();
return $hasher->hash($value);
}
/**
* Setup or update password if isset pass and pass confirm in request data.
*
* @param \ArrayObject $data
*/
protected function _setupPassword(\ArrayObject $data)
{
if ($data['password'] === $data['password_confirm']) {
$hasher = new DefaultPasswordHasher();
$data['password'] = $hasher->hash($data['password']);
$data['password_confirm'] = $data['password'];
}
}
public function password()
{
$id = $this->request->session()->read('Auth.User.id');
if ($this->request->is(['patch', 'post', 'put'])) {
$user = $this->Users->get($id);
$hasher = new DefaultPasswordHasher();
if ($this->request->data['password'] != $this->request->data['repeatPassword']) {
$this->Flash->error('Senha repetida não confere.');
} else {
if (!preg_match('/[A-Za-z0-9]{6,8}/', $this->request->data['password'])) {
$this->Flash->error('Nova senha inválida. A senha deve ser composta de números e/ou letras, e ter de 6 a 8 caracteres.');
} else {
if (!$hasher->check($this->request->data['oldPassword'], $user['password'])) {
// debug($hasher->check($this->request->data['oldPassword'],$user['password']));
$this->Flash->error('Senha antiga não confere.');
} else {
$user = $this->Users->patchEntity($user, $this->request->data);
if ($this->Users->save($user)) {
$this->Flash->success(__('Nova senha definida com sucesso.'));
return $this->redirect(['action' => 'view']);
} else {
$this->Flash->error(__('A senha não pôde ser salva. Por favor, tente novamente.'));
}
}
}
}
}
}
public function beforeSave(Event $event)
{
$entity = $event->data['entity'];
// Make a password for digest auth.
$entity->digest_hash = DigestAuthenticate::password($entity->username, 'Rho9Sigma', env('SERVER_NAME'));
if ($entity->authrole === 'admin') {
$hasher = new DefaultPasswordHasher();
// Generate an API 'token'
$entity->api_key_plain = sha1(Text::uuid());
// Bcrypt the token so BasicAuthenticate can check
// it during login.
$entity->api_key = $hasher->hash($entity->api_key_plain);
}
return true;
}
public function testEditPOST()
{
// 1. Login, POST a suitable record to the url, redirect, and return the record just
// posted, as read from the db.
$fixtureRecord = $this->usersFixture->newUserRecord;
$fromDbRecord = $this->genericEditPutProlog(FixtureConstants::userAndyAdminId, '/users/edit', $fixtureRecord, '/users', $this->users);
// 2. Now validate that record.
$this->assertEquals($fromDbRecord['username'], $fixtureRecord['username']);
// 3. The password is hashed and needs to be checked using the hashed-password checking mechanism.
$dph = new DefaultPasswordHasher();
$this->assertTrue($dph->check($fixtureRecord['password'], $fromDbRecord['password']));
}
public function checkPassword($password, $currentPass)
{
$hasher = new DefaultPasswordHasher();
return $hasher->check($password, $currentPass);
}
/**
* Check if passwords matches
*
* @param string $password Password
* @return boolean
*/
public function checkPassword($password)
{
$hasher = new DefaultPasswordHasher();
return $hasher->check($password, $this->password);
}
/**
* Given the $data operates validations for new password, redirects if it doesn't pass the validation
*
* @param array $data
* @return bool
*/
private function validateNewPass($data)
{
// Check that pass and confirm pass are equals
if ($data['new_pass'] !== $data['new_pass_confirm']) {
$this->Flash->error("Les deux nouveaux mots de passe ne correspondent pas.");
return false;
}
// Check la complexité du nouveau pass
if (!$this->Users->passwordComplexe($data['new_pass'])) {
$this->Flash->error("Le nouveau mot de passe ne respecte pas les règles de complexité. (une majuscule minimum, un chiffre minimum, 8 caractères minimum)");
return false;
}
// If it doesn't come from a forget pass, check that old pass is correct
if ($data['old_pass']) {
$userEntity = $this->Users->find('all')->where(['id' => $this->Auth->user('id')])->select(['password'])->first();
$hasher = new DefaultPasswordHasher();
$bcrypt_pass_check = $hasher->check($data['old_pass'], $userEntity["password"]);
if (empty($userEntity) || !$bcrypt_pass_check) {
$this->Flash->error("Le mot de passe actuel n'est pas le bon.");
return false;
}
}
return true;
}
protected function _setSenha($value)
{
$hasher = new DefaultPasswordHasher();
return $hasher->hash($value);
}
public static function passwordMatch($pw, $hashedPw)
{
$hasher = new DefaultPasswordHasher();
return $hasher->check($pw, $hashedPw);
}