/** * Validates the access-token and performs the login. */ protected function checkAccessToken() { if (isset($_REQUEST['at'])) { list($userID, $token) = explode('-', StringUtil::trim($_REQUEST['at'])); if (WCF::getUser()->userID) { if ($userID == WCF::getUser()->userID && PasswordUtil::secureCompare(WCF::getUser()->accessToken, $token)) { // everything is fine, but we are already logged in return; } else { // token is invalid throw new IllegalLinkException(); } } else { $user = new User($userID); if (PasswordUtil::secureCompare($user->accessToken, $token)) { // token is valid -> change user SessionHandler::getInstance()->changeUser($user, true); } else { // token is invalid throw new IllegalLinkException(); } } } }
/** * @see \wcf\form\IForm::validate() */ public function validate() { parent::validate(); if (empty($this->masterPassword)) { throw new UserInputException('masterPassword'); } // check password if (!PasswordUtil::secureCompare(MASTER_PASSWORD, PasswordUtil::getDoubleSaltedHash($this->masterPassword, MASTER_PASSWORD))) { throw new UserInputException('masterPassword', 'notValid'); } }
/** * Validates the given security token, returns false if * given token is invalid. * * @param string $token * @return boolean */ public function checkSecurityToken($token) { return PasswordUtil::secureCompare($this->getSecurityToken(), $token); }
/** * Returns true if the given password hash from a cookie is the correct password for this user. * * @param string $passwordHash * @return boolean password correct */ public function checkCookiePassword($passwordHash) { if (PasswordUtil::isBlowfish($this->password) && PasswordUtil::secureCompare($this->password, PasswordUtil::getSaltedHash($passwordHash, $this->password))) { return true; } return false; }