/** * @see \wcf\form\IForm::validate() */ public function validate() { parent::validate(); if (empty($this->masterPassword)) { throw new UserInputException('masterPassword'); } // check password if (!PasswordUtil::secureCompare(MASTER_PASSWORD, PasswordUtil::getDoubleSaltedHash($this->masterPassword, MASTER_PASSWORD))) { throw new UserInputException('masterPassword', 'notValid'); } }
/** * @see \wcf\data\DatabaseObjectEditor::update() */ public function update(array $parameters = array()) { // update salt and create new password hash if (isset($parameters['password']) && $parameters['password'] !== '') { $parameters['password'] = PasswordUtil::getDoubleSaltedHash($parameters['password']); $parameters['accessToken'] = StringUtil::getRandomID(); // update accessToken $this->accessToken = $parameters['accessToken']; } else { unset($parameters['password'], $parameters['accessToken']); } parent::update($parameters); }
/** * @see \wcf\form\IForm::save() */ public function save() { // write master password file $file = new File(WCF_DIR . 'acp/masterPassword.inc.php'); $file->write("<?php\n/** MASTER PASSWORD STORAGE\nDO NOT EDIT THIS FILE */\ndefine('MASTER_PASSWORD', '" . PasswordUtil::getDoubleSaltedHash($this->masterPassword) . "');\n?>"); $file->close(); FileUtil::makeWritable(WCF_DIR . 'acp/masterPassword.inc.php'); parent::save(); }
/** * Returns true if the given password is the correct password for this user. * * @param string $password * @return boolean password correct */ public function checkPassword($password) { $isValid = false; $rebuild = false; // check if password is a valid bcrypt hash if (PasswordUtil::isBlowfish($this->password)) { if (PasswordUtil::isDifferentBlowfish($this->password)) { $rebuild = true; } // password is correct if (PasswordUtil::secureCompare($this->password, PasswordUtil::getDoubleSaltedHash($password, $this->password))) { $isValid = true; } } else { // different encryption type if (PasswordUtil::checkPassword($this->username, $password, $this->password)) { $isValid = true; $rebuild = true; } } // create new password hash, either different encryption or different blowfish cost factor if ($rebuild) { $userEditor = new UserEditor($this); $userEditor->update(array( 'password' => $password )); } return $isValid; }