/** * A generalized method for performing a password change * @access public * @param data array - A 1 deminisonal array focused in the user data * @return array */ public function changePassword($data) { $this->create(); //Create a salt value for the user $salt = Sec::makeSalt(); //Load salt into the data array $data['salt'] = $salt; $data['temp_password'] = $data['password']; //Hash the password and its verifcation then load it into the data array $data['password'] = Sec::hashPassword($data['password'], $salt); $data['verify_password'] = Sec::hashPassword($data['verify_password'], $salt); //set expiration date for the password $data['password_expires'] = date("Y-m-d H:i:s", strtotime("+".Configure::read('Password.expiration')." Days")); //Clear out any password reset request tokens along with a successfull password reset $data['password_reset_token'] = null; $data['password_reset_token_expiry'] = null; //Try to save the new user record if($this->save($data)){ $_SESSION['Auth']['User']['password_expires'] = $data['password_expires']; return array('password' => $data['password'], 'salt' => $data['salt']); }else{ return array(); } }
/** * The public action for loging into the system * @access public * @todo TestCase */ public function login() { $error = true; if(!empty($this->data)){ $user = $this->User->find('first', array( 'conditions'=>array('or' => array( 'User.id' => $this->data['User']['username'], 'User.username' => $this->data['User']['username'], 'User.email' => $this->data['User']['username'] )), 'contain' => array( 'UserSetting' => array() ) )); if(empty($user)){ $this->log("User not found {$this->data['User']['username']}", 'weekly_user_login'); $error = true; }else{ if(Configure::read('Login.attempts') > 0){ if($user['User']['last_login_attempt'] != null){ if(($user['User']['last_login_attempt'] + (Configure::read('Login.lockout')*60)) > strtotime('now')){ if($user['User']['login_attempts'] == Configure::read('Login.attempts')){ $this->set('lockout', 1); $this->request->data['User']['password'] = null; } }else{ $person['Person']['login_attempts'] = 0; $person['Person']['last_login_attempt'] = null; $person['Person']['id'] = $user['User']['id']; $this->Person->save($person); } } } $hash = Sec::hashPassword($this->data['User']['password'], $user['User']['salt']); if($hash == $user['User']['password']){ if($this->Auth->login($user['User'])){ $this->Session->setFlash(__('You have been authenticated'), 'success'); $this->Session->write('Auth.User', $user['User']); $this->Session->write('Auth.User.Settings', $user['UserSetting']); $this->Access->permissions($user['User']); $person['Person']['login_attempts'] = 0; $person['Person']['last_login_attempt'] = null; $person['Person']['id'] = $user['User']['id']; $this->Person->save($person); $this->redirect($this->Auth->redirect()); $error = false; }else{ $error = true; } }else{ if(Configure::read('Login.attempts') > 0){ if($user['User']['login_attempts'] < Configure::read('Login.attempts')){ $person['Person']['last_login_attempt'] = strtotime('now'); $person['Person']['login_attempts'] = ($user['User']['login_attempts']+1); $person['Person']['id'] = $user['User']['id']; $this->Person->save($person); } } $this->log("Password mismatch {$this->data['User']['username']}", 'weekly_user_login'); $error = true; } } if($error) { $this->Session->setFlash(__('You could not be authenticated'), 'error'); } } $this->set('title_for_layout', __('Login to Your Account')); }
public function testPasswordHash() { $hash = Sec::hashPassword('password', $this->salt); $expected = '5e4f1e66ae7bdeb976ceed8ea597ff676ef0f0c04b513e0d11760e01090a9ff4e532867d135354af38d24ea963e33f4c6dce75f93db493f380baed52e7a9cf6d'; $this->assertEquals($hash, $expected); }