/**
* @param string $username
* @param string $password
*
* @return bool
*/
public static function checkLogin($username, $password)
{
$p = Db::query('SELECT username, password FROM zz_users WHERE username = :username', array(':username' => $username), 0);
if (!empty($p[0])) {
$pw = $p[0]['password'];
if (Password::checkPassword($password, $pw)) {
return true;
}
return false;
}
return false;
}
if (isset($viewtheme)) {
UserConfig::set("viewtheme", $viewtheme);
$app->redirect($_SERVER["REQUEST_URI"]);
}
$theme = Util::getPost("theme");
if (isset($theme)) {
UserConfig::set("theme", $theme);
}
$orgpw = Util::getPost("orgpw");
$password = Util::getPost("password");
$password2 = Util::getPost("password2");
// Password
if (isset($orgpw) && isset($password) && isset($password2)) {
if ($password != $password2) {
$error = "Passwords don't match, try again";
} elseif (Password::checkPassword($orgpw) == true) {
Password::updatePassword($password);
$error = "Password updated";
} else {
$error = "Original password is wrong, please try again";
}
}
$timeago = Util::getPost("timeago");
if (isset($timeago)) {
UserConfig::set("timeago", $timeago);
}
$deleteentityid = Util::getPost("deleteentityid");
$deleteentitytype = Util::getPost("deleteentitytype");
// Tracker
if (isset($deleteentityid) && isset($deleteentitytype)) {
$q = UserConfig::get("tracker_" . $deleteentitytype);
/**
* @brief Compare plain text password to the password saved in DB
* @param string $hashed_password The hash that was saved in DB
* @param string $password_text The password to check
* @param int $member_srl Set this to member_srl when comparing a member's password (optional)
* @return bool
*/
function isValidPassword($hashed_password, $password_text, $member_srl = null)
{
// False if no password in entered
if (!$password_text) {
return false;
}
// Check the password
$oPassword = new Password();
$current_algorithm = $oPassword->checkAlgorithm($hashed_password);
$match = $oPassword->checkPassword($password_text, $hashed_password, $current_algorithm);
if (!$match) {
return false;
}
// Update the encryption method if necessary
$config = $this->getMemberConfig();
if ($member_srl > 0 && $config->password_hashing_auto_upgrade != 'N') {
$need_upgrade = false;
if (!$need_upgrade) {
$required_algorithm = $oPassword->getCurrentlySelectedAlgorithm();
if ($required_algorithm !== $current_algorithm) {
$need_upgrade = true;
}
}
if (!$need_upgrade) {
$required_work_factor = $oPassword->getWorkFactor();
$current_work_factor = $oPassword->checkWorkFactor($hashed_password);
if ($current_work_factor !== false && $required_work_factor > $current_work_factor) {
$need_upgrade = true;
}
}
if ($need_upgrade === true) {
$args = new stdClass();
$args->member_srl = $member_srl;
$args->hashed_password = $this->hashPassword($password_text, $required_algorithm);
$oMemberController = getController('member');
$oMemberController->updateMemberPassword($args);
}
}
return true;
}
