/**
* Validates the access-token and performs the login.
*/
protected function checkAccessToken() {
if (isset($_REQUEST['at'])) {
list($userID, $token) = explode('-', StringUtil::trim($_REQUEST['at']));
if (WCF::getUser()->userID) {
if ($userID == WCF::getUser()->userID && PasswordUtil::secureCompare(WCF::getUser()->accessToken, $token)) {
// everything is fine, but we are already logged in
return;
}
else {
// token is invalid
throw new IllegalLinkException();
}
}
else {
$user = new User($userID);
if (PasswordUtil::secureCompare($user->accessToken, $token)) {
// token is valid -> change user
SessionHandler::getInstance()->changeUser($user, true);
}
else {
// token is invalid
throw new IllegalLinkException();
}
}
}
}
/**
* @see \wcf\form\IForm::validate()
*/
public function validate()
{
parent::validate();
if (empty($this->masterPassword)) {
throw new UserInputException('masterPassword');
}
// check password
if (!PasswordUtil::secureCompare(MASTER_PASSWORD, PasswordUtil::getDoubleSaltedHash($this->masterPassword, MASTER_PASSWORD))) {
throw new UserInputException('masterPassword', 'notValid');
}
}
/**
* Validates the given security token, returns false if
* given token is invalid.
*
* @param string $token
* @return boolean
*/
public function checkSecurityToken($token)
{
return PasswordUtil::secureCompare($this->getSecurityToken(), $token);
}
/**
* Returns true if the given password hash from a cookie is the correct password for this user.
*
* @param string $passwordHash
* @return boolean password correct
*/
public function checkCookiePassword($passwordHash) {
if (PasswordUtil::isBlowfish($this->password) && PasswordUtil::secureCompare($this->password, PasswordUtil::getSaltedHash($passwordHash, $this->password))) {
return true;
}
return false;
}
