/** * Login action * * @return void|\Cake\Network\Response */ public function login() { $failedCount = $this->Cookie->read('fail.auth'); if ($this->request->is('post')) { Event::dispatch('Controller.Users.beforeLogin', $this); if ($user = $this->Auth->identify()) { $this->Auth->setUser($user); Event::dispatch('Controller.Users.successLogin', $this); return $this->redirect($this->Auth->redirectUrl()); } if ($this->request->data('username') && $this->request->data('password')) { $user = $this->Users->findByUsername($this->request->data('username'))->first(); $hasher = new DefaultPasswordHasher(); if (isset($user->id) && $hasher->check($this->request->data('password'), $user->password) && $user->status == UN_PUBLISH_STATUS) { $hasRedirect = true; $this->Flash->warning(__d('community', '«{0}», please activate your account', sprintf('<strong>%s</strong>', $user->name))); } } Event::dispatch('Controller.Users.failLogin', $this); if (isset($hasRedirect)) { return $this->redirect($this->Auth->config('loginAction')); } $this->Flash->error(__d('community', 'Username or password is incorrect')); } $this->set('failedCount', $failedCount); $this->set('page_title', __d('community', 'Sign in')); }
/** * Check if passwords matches * * @param string $password Password * @return boolean */ public function checkPassword($password) { $hasher = new DefaultPasswordHasher(); return $hasher->check($password, $this->password); }
public function password() { $id = $this->request->session()->read('Auth.User.id'); if ($this->request->is(['patch', 'post', 'put'])) { $user = $this->Users->get($id); $hasher = new DefaultPasswordHasher(); if ($this->request->data['password'] != $this->request->data['repeatPassword']) { $this->Flash->error('Senha repetida não confere.'); } else { if (!preg_match('/[A-Za-z0-9]{6,8}/', $this->request->data['password'])) { $this->Flash->error('Nova senha inválida. A senha deve ser composta de números e/ou letras, e ter de 6 a 8 caracteres.'); } else { if (!$hasher->check($this->request->data['oldPassword'], $user['password'])) { // debug($hasher->check($this->request->data['oldPassword'],$user['password'])); $this->Flash->error('Senha antiga não confere.'); } else { $user = $this->Users->patchEntity($user, $this->request->data); if ($this->Users->save($user)) { $this->Flash->success(__('Nova senha definida com sucesso.')); return $this->redirect(['action' => 'view']); } else { $this->Flash->error(__('A senha não pôde ser salva. Por favor, tente novamente.')); } } } } } }
/** * Update info method * * @param string|null $id User id. * @return void Redirects on successful edit, renders view otherwise. * @throws \Cake\Network\Exception\NotFoundException When record not found. */ public function update_info($id = null) { if (empty($id)) { $id = $this->getUserId(); } $user = $this->Users->get($id, ['contain' => []]); if ($this->request->is(['patch', 'post', 'put'])) { $update_data = $this->request->data; $new_password = $update_data['new_password']; $confirm_password = $update_data['confirm_password']; $dph = new DefaultPasswordHasher(); if (!$dph->check($update_data['current_password'], $user['password'])) { $this->Flash->error('Mật khẩu của bạn không chính xác. <br> Vui lòng thực hiện lại!'); } else { //Kiểm tra password mới if (empty($new_password)) { if (!empty($confirm_password)) { $this->Flash->error('Bạn chưa nhập password mới.'); } } else { if (empty($confirm_password)) { $this->Flash->error('Bạn chưa xác nhận password mới.'); } else { if (strcmp($new_password, $confirm_password) !== 0) { $this->Flash->error('Chuỗi xác nhận không trùng với password mới. <br> Vui lòng kiểm tra lại.'); } else { $update_data['password'] = $dph->hash($update_data['new_password']); $update_data['updated_at'] = Time::now(); $user = $this->Users->patchEntity($user, $update_data); if ($this->Users->save($user)) { $this->Flash->success('Thông tin của bạn đã được cập nhật!'); return $this->redirect(['action' => 'index']); } else { $this->Flash->error('Cập nhật thông tin không thành công. Bạn vui lòng thử lại sau!'); } } } } } } $roles = $this->Users->Roles->find('list', ['limit' => 200]); $this->set(compact('user', 'roles')); $this->set('_serialize', ['user']); }
/** * Test changementMotPasse method * * @return void */ public function testChangementMotPasse() { // case call from the link from the email if ($this->debug) { debug('USERS CONTROLLER - testChangementMotPasse: case call from the link from the email'); } $this->get('/users/changementMotPasse/2400fd3226c673532e8e68d35c8c31115a83f6c3'); $this->assertResponseOk(); $this->assertNoRedirect(); // case authenticated user if ($this->debug) { debug('USERS CONTROLLER - testChangementMotPasse: case authenticated user'); } $this->session(['Auth.User.id' => 2, 'Auth.User.email' => '*****@*****.**']); $data = ['new_pass' => 'juVni4tr3', 'new_pass_confirm' => 'juVni4tr3', 'password' => 'HuaB78lo']; $this->post('/users/changementMotPasse', $data); $query = $this->Users->find()->where(['email' => '*****@*****.**'])->select('password')->first(); $hasher = new DefaultPasswordHasher(); $this->assertResponseCode(302); $this->assertEquals(true, $hasher->check($data['new_pass'], $query['password'])); $this->assertRedirect(); // case non authenticated user if ($this->debug) { debug('USERS CONTROLLER - testChangementMotPasse: case non authenticated user'); } $this->session(['Auth.User.id' => 2, 'Auth.User.email' => '*****@*****.**']); $data = ['password' => '2400fd3226c673532e8e68d35c8c31115a83f6c3', 'new_pass' => 'juVni4tr3', 'new_pass_confirm' => 'juVni4tr3', 'password' => 'HuaB78lo']; $this->post('/users/changementMotPasse', $data); $query = $this->Users->find()->where(['email' => '*****@*****.**'])->select('password')->first(); $hasher = new DefaultPasswordHasher(); $this->assertResponseCode(302); $this->assertEquals(true, $hasher->check($data['new_pass'], $query['password'])); $this->assertRedirect(); }
/** * Emails a user their username. * If they provide a valid password and email address * */ public function forgotUsername() { if ($this->request->is('post')) { $data = $this->request->data; $userEmail = $this->Users->UserEmails->findByEmail($data['email'])->first(); $user = $this->Users->get($userEmail['user_id']); $ok = DefaultPasswordHasher::check($data['password'], $user['password']); if ($ok) { // Email the user thier username $to = $data['email']; $message = 'Here is your username, as requested:' . PHP_EOL . PHP_EOL . 'Username: '******'username'] . PHP_EOL . PHP_EOL . ' -Vooderbot'; $email = new Email('default'); $email->transport('mailjet')->from(['*****@*****.**' => 'Vooders.com'])->to($to)->subject('Heres your username')->send($message); $this->redirect(['action' => 'login']); } else { $this->Flash->error(__('The details you have entered are incorrect')); $this->redirect(['action' => 'login']); } } }
/** * Given the $data operates validations for new password, redirects if it doesn't pass the validation * * @param array $data * @return bool */ private function validateNewPass($data) { // Check that pass and confirm pass are equals if ($data['new_pass'] !== $data['new_pass_confirm']) { $this->Flash->error("Les deux nouveaux mots de passe ne correspondent pas."); return false; } // Check la complexité du nouveau pass if (!$this->Users->passwordComplexe($data['new_pass'])) { $this->Flash->error("Le nouveau mot de passe ne respecte pas les règles de complexité. (une majuscule minimum, un chiffre minimum, 8 caractères minimum)"); return false; } // If it doesn't come from a forget pass, check that old pass is correct if ($data['old_pass']) { $userEntity = $this->Users->find('all')->where(['id' => $this->Auth->user('id')])->select(['password'])->first(); $hasher = new DefaultPasswordHasher(); $bcrypt_pass_check = $hasher->check($data['old_pass'], $userEntity["password"]); if (empty($userEntity) || !$bcrypt_pass_check) { $this->Flash->error("Le mot de passe actuel n'est pas le bon."); return false; } } return true; }
public function testEditPOST() { // 1. Login, POST a suitable record to the url, redirect, and return the record just // posted, as read from the db. $fixtureRecord = $this->usersFixture->newUserRecord; $fromDbRecord = $this->genericEditPutProlog(FixtureConstants::userAndyAdminId, '/users/edit', $fixtureRecord, '/users', $this->users); // 2. Now validate that record. $this->assertEquals($fromDbRecord['username'], $fixtureRecord['username']); // 3. The password is hashed and needs to be checked using the hashed-password checking mechanism. $dph = new DefaultPasswordHasher(); $this->assertTrue($dph->check($fixtureRecord['password'], $fromDbRecord['password'])); }
public function checkPassword($password, $currentPass) { $hasher = new DefaultPasswordHasher(); return $hasher->check($password, $currentPass); }
public static function passwordMatch($pw, $hashedPw) { $hasher = new DefaultPasswordHasher(); return $hasher->check($pw, $hashedPw); }