public function resetPasswordAction() { if (!isset($_POST['email'])) { return new ErrorView('resetPassword', 'Keine E-Mail'); } $userTable = $this->getUserTable(); $row = $userTable->getUserByEmail($_POST['email']); if ($row == false) { return new ErrorView('resetPassword', 'Keine Benutzer mit dieser E-Mail'); } $code = CryptHelper::getConfirmationCode(); $this->getUserTable()->updateCodeByEmail($code, $_POST['email']); $this->getMailer()->send($_POST['email'], 'Reset Password', 'Confirmation Code: ' . $code); return new View('PasswordResetRequested'); }
/** * Generate a random password. * * This is a fork of Joomla JUserHelper::genRandomPassword() * * @param integer $length Length of the password to generate * * @return string Random Password * * @see https://github.com/joomla/joomla-cms/blob/staging/libraries/joomla/user/helper.php#L642 * @since 2.0.9 */ public static function genRandomPassword($length = 8) { $salt = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $base = strlen($salt); $password = ''; /* * Start with a cryptographic strength random string, then convert it to * a string with the numeric base of the salt. * Shift the base conversion on each character so the character * distribution is even, and randomize the start shift so it's not * predictable. */ $random = CryptHelper::genRandomBytes($length + 1); $shift = ord($random[0]); for ($i = 1; $i <= $length; ++$i) { $password .= $salt[($shift + ord($random[$i])) % $base]; $shift += ord($random[$i]); } return $password; }
/** * Verify the password. * * @param string $password The password plain text. * @param string $hash The hashed password. * * @return boolean Verify success or not. * * @see https://github.com/ircmaxell/password_compat/blob/92951ae05e988803fdc1cd49f7e4cd29ca7b75e9/lib/password.php#L230-L247 */ public function verify($password, $hash) { if (!function_exists('crypt')) { trigger_error("Crypt must be loaded for password_verify to function", E_USER_WARNING); return false; } // Calculate the user-provided hash, using the salt stored with the known hash $ret = crypt($password, $hash); if (!is_string($ret) || CryptHelper::getLength($ret) != CryptHelper::getLength($hash) || CryptHelper::getLength($ret) <= 13) { return false; } $status = 0; $len = CryptHelper::getLength($ret); for ($i = 0; $i < $len; ++$i) { $status |= ord($ret[$i]) ^ ord($hash[$i]); } return $status === 0; }