/**
* Creates a new user with the given username, display name and password.
* @param string $username The username.
* @param string $displayName The display name.
* @param string $password The password (plaintext).
* @return User The newly created user. Needs to be saved to a
* {@link UserRepository}.
*/
public static function createNewUser($username, $displayName, $password)
{
$user = new User();
$user->setUsername($username);
$user->setDisplayName($displayName);
$user->setPassword($password);
$user->rank = Authentication::RANK_USER;
$now = new DateTime();
$user->setLastLogin($now);
$user->joined = $now;
return $user;
}
public function getPageContent(Website $website, Request $request)
{
$show_form = true;
$textToDisplay = "";
if ($request->hasRequestValue("password")) {
// Sent
$old_password = $request->getRequestString("old_password");
if ($this->editing_someone_else || $this->user->verifyPassword($old_password)) {
// Old password entered correctly
$password = $request->getRequestString("password");
$password2 = $request->getRequestString("password2");
if (Validate::password($password, $password2)) {
// Valid password
$this->user->setPassword($password);
$userRepo = $website->getAuth()->getUserRepository();
$userRepo->save($this->user);
// Saved
$textToDisplay .= '<p>' . $website->t("users.password") . ' ' . $website->t("editor.is_changed") . '</p>';
// Update login cookie (only when changing your own password)
if (!$this->editing_someone_else) {
$website->getAuth()->setLoginCookie();
}
// Don't show form
$show_form = false;
} else {
// Invalid new password
$website->addError($website->t("users.password") . ' ' . Validate::getLastError($website));
$textToDisplay .= '<p><em>' . $website->tReplacedKey("errors.your_input_has_not_been_changed", "users.password", true) . '</em></p>';
}
} else {
// Invalid old password
$website->addError($website->t("users.old_password") . ' ' . $website->t("errors.not_correct"));
$textToDisplay .= '<p><em>' . $website->tReplacedKey("errors.your_input_has_not_been_changed", "users.password", true) . '</em></p>';
}
}
// Show form
if ($show_form) {
// Text above form
$textToDisplay .= "<p>" . $website->tReplaced("users.password.edit.explained", Validate::$MIN_PASSWORD_LENGHT) . "</p>\n";
if ($this->editing_someone_else) {
$textToDisplay .= "<p><em>" . $website->tReplaced("users.edit_other", $this->user->getDisplayName()) . "</em></p>\n";
}
// Form itself
$old_password_text = "";
if (!$this->editing_someone_else) {
// Add field to verify old password when editing yourself
$old_password_text = <<<EOT
<label for="old_password">{$website->t('users.old_password')}:</label><span class="required">*</span><br />
<input type="password" id="old_password" name="old_password" value=""/><br />
EOT;
}
$textToDisplay .= <<<EOT
<p>{$website->t("main.fields_required")}</p>
<form action="{$website->getUrlMain()}" method="post">
<p>
{$old_password_text}
<label for="password">{$website->t('users.password')}:</label><span class="required">*</span><br />
<input type="password" id="password" name="password" value=""/><br />
<label for="password2">{$website->t('users.password.repeat')}:</label><span class="required">*</span><br />
<input type="password" id="password2" name="password2" value=""/><br />
</p>
<p>
<input type="hidden" name="p" value="edit_password" />
<input type="hidden" name="id" value="{$this->user->getId()}" />
<input type="submit" value="{$website->t('users.password.edit')} " class="button" />
</p>
</form>
EOT;
}
// Links
$textToDisplay .= $this->get_account_links_html($website);
return $textToDisplay;
}
/**
* Call this when logging in an user. If password is correct, the last
* login date is updated. If the password storage method was outdated, the
* password is rehashed.
*
* @param User $user The user.
* @param string $password_unhashed The password entered by the user.
*/
protected function loginCheck(User $user, $password_unhashed)
{
if ($this->userRepo == null) {
// Unable to log in when userRepo is not present
return false;
}
$password_hashed = $user->getPasswordHashed();
$loggedIn = false;
if (strLen($password_hashed) == 32 && $password_hashed[0] != '$') {
// Still md5(sha1($pass)), update
if (md5(sha1($password_unhashed)) == $password_hashed) {
// Gets saved later on, when updating the last login
$user->setPassword($password_unhashed);
$loggedIn = true;
}
}
// Try to use modern password verification
if (!$loggedIn) {
$loggedIn = crypt($password_unhashed, $password_hashed) === $password_hashed;
}
if ($loggedIn) {
$status = $user->getStatus();
// Check whether the account is deleted
if ($status == Authentication::STATUS_DELETED) {
// Act like the account doesn't exist
return false;
}
// Check whether the account is banned
if ($status == Authentication::STATUS_BANNED) {
$text = $this->website->getText();
$text->addError($text->tReplaced("users.status.banned.your_account", $user->getStatusText()));
return false;
}
// Check password strength
if ($user->isWeakPassword($password_unhashed)) {
$text = $this->website->getText();
$text->addError($text->t("users.your_password_is_insecure"), Link::of($text->getUrlPage("edit_password"), $text->t("users.password.edit")));
}
// Update last login date (and possibly password hash, see above) if successfull
$user->setLastLogin(new DateTime());
$this->userRepo->save($user);
}
return $loggedIn;
}
