protected function _authenticateValidateResult($resultIdentity) { $hash = new Application_Plugin_Phpass(); $check = false; // auto-login if ($this->_credentialTreatment == 'autologin') { $check = true; } // again, try with md5 if (is_string($this->_credential) && md5($this->_credential) == $resultIdentity['password']) { $check = true; } // Check that hash value is correct if (is_string($this->_credential) && $hash->CheckPassword($this->_credential, $resultIdentity['password'])) { $check = true; } if (!$check) { $this->_authenticateResultInfo['code'] = Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID; $this->_authenticateResultInfo['messages'][] = 'Supplied credential is invalid.'; return $this->_authenticateCreateAuthResult(); } $this->_resultRow = $resultIdentity; $this->_authenticateResultInfo['code'] = Zend_Auth_Result::SUCCESS; $this->_authenticateResultInfo['messages'][] = 'Authentication successful.'; return $this->_authenticateCreateAuthResult(); }
/** * Change password */ public function changepasswordAction() { $request = $this->getRequest(); $Profiles = new Application_Model_Profiles(); if (Zend_Auth::getInstance()->hasIdentity()) { $profile = $Profiles->getProfileByField('id', Zend_Auth::getInstance()->getIdentity()->id); } // Redirect if bad or no user if (!isset($profile) || !$profile) { $this->redirect(''); } $this->buildMenu(); $changepassword_form = new Application_Form_ChangePassword(); $this->view->changepassword_form = $changepassword_form; // Form Submitted... if ($request->isPost() && $changepassword_form->isValid($_POST)) { Application_Plugin_Common::redirectOnDemoAccount(); // if regular pw update check for old pw $hash = new Application_Plugin_Phpass(); $old_password = $changepassword_form->getValue('passwordold'); // old password checks $check = false; // pass when old password is blank (user from facebook registration) if ($profile->password == '') { $check = true; } // try with md5 if (is_string($old_password) && md5($old_password) == $profile->password) { $check = true; } // Check that hash value is correct if (is_string($old_password) && $hash->CheckPassword($old_password, $profile->password)) { $check = true; } if (!$check) { $changepassword_form->getElement('passwordold')->setErrors(array(Zend_Registry::get('Zend_Translate')->translate('Enter your password'))); return; } // old password is ok, proceed... $newpassword = $changepassword_form->getValue('password2'); $hash = new Application_Plugin_Phpass(); $hashed_password = $hash->HashPassword($newpassword); $Profiles->updateField($profile->name, 'password', $hashed_password); Application_Plugin_Alerts::success($this->view->translate('Password updated')); // prepare phtml email template $mail_template_path = APPLICATION_PATH . '/views/emails/'; $view = new Zend_View(); $view->setScriptPath($mail_template_path); $body = $view->render('passwordnotice.phtml'); // send email as a security measure $ret = Application_Plugin_Common::sendEmail($profile->email, $this->view->translate('Password updated'), $body, true); } }