/** * Creates a new user with the given username, display name and password. * @param string $username The username. * @param string $displayName The display name. * @param string $password The password (plaintext). * @return User The newly created user. Needs to be saved to a * {@link UserRepository}. */ public static function createNewUser($username, $displayName, $password) { $user = new User(); $user->setUsername($username); $user->setDisplayName($displayName); $user->setPassword($password); $user->rank = Authentication::RANK_USER; $now = new DateTime(); $user->setLastLogin($now); $user->joined = $now; return $user; }
public function getPageContent(Website $website, Request $request) { $show_form = true; $textToDisplay = ""; if ($request->hasRequestValue("password")) { // Sent $old_password = $request->getRequestString("old_password"); if ($this->editing_someone_else || $this->user->verifyPassword($old_password)) { // Old password entered correctly $password = $request->getRequestString("password"); $password2 = $request->getRequestString("password2"); if (Validate::password($password, $password2)) { // Valid password $this->user->setPassword($password); $userRepo = $website->getAuth()->getUserRepository(); $userRepo->save($this->user); // Saved $textToDisplay .= '<p>' . $website->t("users.password") . ' ' . $website->t("editor.is_changed") . '</p>'; // Update login cookie (only when changing your own password) if (!$this->editing_someone_else) { $website->getAuth()->setLoginCookie(); } // Don't show form $show_form = false; } else { // Invalid new password $website->addError($website->t("users.password") . ' ' . Validate::getLastError($website)); $textToDisplay .= '<p><em>' . $website->tReplacedKey("errors.your_input_has_not_been_changed", "users.password", true) . '</em></p>'; } } else { // Invalid old password $website->addError($website->t("users.old_password") . ' ' . $website->t("errors.not_correct")); $textToDisplay .= '<p><em>' . $website->tReplacedKey("errors.your_input_has_not_been_changed", "users.password", true) . '</em></p>'; } } // Show form if ($show_form) { // Text above form $textToDisplay .= "<p>" . $website->tReplaced("users.password.edit.explained", Validate::$MIN_PASSWORD_LENGHT) . "</p>\n"; if ($this->editing_someone_else) { $textToDisplay .= "<p><em>" . $website->tReplaced("users.edit_other", $this->user->getDisplayName()) . "</em></p>\n"; } // Form itself $old_password_text = ""; if (!$this->editing_someone_else) { // Add field to verify old password when editing yourself $old_password_text = <<<EOT <label for="old_password">{$website->t('users.old_password')}:</label><span class="required">*</span><br /> <input type="password" id="old_password" name="old_password" value=""/><br /> EOT; } $textToDisplay .= <<<EOT <p>{$website->t("main.fields_required")}</p> <form action="{$website->getUrlMain()}" method="post"> <p> {$old_password_text} <label for="password">{$website->t('users.password')}:</label><span class="required">*</span><br /> <input type="password" id="password" name="password" value=""/><br /> <label for="password2">{$website->t('users.password.repeat')}:</label><span class="required">*</span><br /> <input type="password" id="password2" name="password2" value=""/><br /> </p> <p> <input type="hidden" name="p" value="edit_password" /> <input type="hidden" name="id" value="{$this->user->getId()}" /> <input type="submit" value="{$website->t('users.password.edit')} " class="button" /> </p> </form> EOT; } // Links $textToDisplay .= $this->get_account_links_html($website); return $textToDisplay; }
/** * Call this when logging in an user. If password is correct, the last * login date is updated. If the password storage method was outdated, the * password is rehashed. * * @param User $user The user. * @param string $password_unhashed The password entered by the user. */ protected function loginCheck(User $user, $password_unhashed) { if ($this->userRepo == null) { // Unable to log in when userRepo is not present return false; } $password_hashed = $user->getPasswordHashed(); $loggedIn = false; if (strLen($password_hashed) == 32 && $password_hashed[0] != '$') { // Still md5(sha1($pass)), update if (md5(sha1($password_unhashed)) == $password_hashed) { // Gets saved later on, when updating the last login $user->setPassword($password_unhashed); $loggedIn = true; } } // Try to use modern password verification if (!$loggedIn) { $loggedIn = crypt($password_unhashed, $password_hashed) === $password_hashed; } if ($loggedIn) { $status = $user->getStatus(); // Check whether the account is deleted if ($status == Authentication::STATUS_DELETED) { // Act like the account doesn't exist return false; } // Check whether the account is banned if ($status == Authentication::STATUS_BANNED) { $text = $this->website->getText(); $text->addError($text->tReplaced("users.status.banned.your_account", $user->getStatusText())); return false; } // Check password strength if ($user->isWeakPassword($password_unhashed)) { $text = $this->website->getText(); $text->addError($text->t("users.your_password_is_insecure"), Link::of($text->getUrlPage("edit_password"), $text->t("users.password.edit"))); } // Update last login date (and possibly password hash, see above) if successfull $user->setLastLogin(new DateTime()); $this->userRepo->save($user); } return $loggedIn; }